Felmeddelande gällande tftp.nfo


Recommended Posts

Hej!

Varje gång jag startar min dator får jag upp följande felmeddelande: "Det gick inte att läsa in tftp.nfo. Det går inte att hitta modulen."

Efter att ha googlat förstår jag att detta är bra, virusprogrammet har tydligen gjort sitt jobb. Men varför vill datorn fortfarande försöka läsa in filen?

Jag har kört CCleaner och skapat en TM HJT-log (med virusprogrammet tillfälligt inaktiverat).

Vad beträffar loggen (som jag dessvärre inte förstår så mycket av) ser jag fyra poster "Files\Canon\... O8 - ... ".

Jag hade tidigare en Canonskrivare och tror mig ha avinstallerat alla kringprogram, därför undrar jag också om dessa poster ska vara kvar?

Tack på förhand!

MaPe

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 09:26:20, on 2009-10-12

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16876)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\eHome\ehRecvr.exe

C:\WINDOWS\eHome\ehSched.exe

C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe

C:\Program Files\Asus\EZVCR\EZSERVICE.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\ASUS\EZVCR\Agent.exe

C:\Program Files\ASUS\EZVCR\ASUS_IRAppl.exe

C:\WINDOWS\Explorer.exe

C:\WINDOWS\ATK0100\HControl.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\WINDOWS\ehome\ehtray.exe

C:\WINDOWS\sm56hlpr.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Program Files\ASUS\ASUS Live Update\ALU.exe

C:\Program Files\Wireless Console 2\wcourier.exe

C:\Program Files\ASUS\ATK Media\DMEDIA.EXE

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe

C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe

C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe

C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe

C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe

C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\daquupu.exe

C:\Program Files\Skype\Phone\Skype.exe

C:\Program Files\Messenger\msmsgs.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtBty.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe

C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\ATK0100\ATKOSD.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe

C:\WINDOWS\system32\dllhost.exe

C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe

C:\WINDOWS\eHome\ehmsas.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe

C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe

C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Program Files\Trend Micro\HijackThis\mape.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.asus.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

F2 - REG:system.ini: Shell=Explorer.exe rundll32.exe tftp.nfo beforegllav

O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

O4 - HKLM\..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe

O4 - HKLM\..\Run: [sMSERIAL] C:\WINDOWS\sm56hlpr.exe

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [ASUS Live Update] C:\Program Files\ASUS\ASUS Live Update\ALU.exe

O4 - HKLM\..\Run: [Wireless Console 2] C:\Program Files\Wireless Console 2\wcourier.exe

O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMEDIA.EXE

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [ABLKSR] C:\WINDOWS\ABLKSR\ABLKSR.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [Power_Gear] C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe 1

O4 - HKLM\..\Run: [intelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"

O4 - HKLM\..\Run: [intelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless

O4 - HKLM\..\Run: [EOUApp] "C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe"

O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [toucoofu] C:\WINDOWS\system32\daquupu.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1

O4 - HKCU\..\Run: [perfdm32] rundll32.exe "C:\Documents and Settings\Magnus Pettersson\Local Settings\Application Data\perfdm32\perfdm32.dll", DllInit

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\Run: [toucoofu] C:\Documents and Settings\LocalService\Application Data\Microsoft\daquupu.exe (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Startup: ikowin32.exe

O4 - Startup: Registration Heroes of Might & Magic 5.LNK = C:\Program Files\Ubisoft\Heroes of Might and Magic V\registration\RegistrationReminder.exe

O4 - Global Startup: Bluetooth Manager.lnk = ?

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html

O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html

O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html

O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html

O9 - Extra button: Referensinformation - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: HP Smart markering - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O14 - IERESET.INF: START_PAGE_URL=http://www.asus.com

O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1182372911921

O16 - DPF: {9478041E-CAEC-44A5-8271-B56799715926} (ColorApplication Control) - http://clients.theshining.se/colorapp/ColorAppOnline.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O23 - Service: ASUSKeyboardService (eaauehiuh) - Unknown owner - C:\WINDOWS\system32\soogis.exe (file missing)

O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe

O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe

O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

O23 - Service: EZSERVICE - Unknown owner - C:\Program Files\Asus\EZVCR\EZSERVICE.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

--

End of file - 10022 bytes

Link to comment
Share on other sites

Det finns ett antal rader i loggen som inte verkar bra.

Ladda ner Malwarebytes Anti-Malware (MBAM) från:

http://www.download.com/Malwarebytes-Anti-Malware/3000-8022_4-10804572.html

Dubbelklicka på mbam-setup för att installera programmet.

Se till i slutet av installationen att det är bockar för:

Uppdatera Malwarebytes' Anti-Malware

Starta Malwarebytes' Anti-Malware

Tryck på Slutför

Om det finns någon uppdatering så kommer den att laddas ner och installeras.

När programmet startar så välj "Utför snabb skanning" och tryck på Skanna.

Skanningen tar ett tag.

När den är klar så tryck på OK och sedan "Visa resultat".

Bocka för allt och tryck sedan Ta bort markerade.

När borttagningen är klar så öppnar Anteckningar med en logg.

Eventuellt så kommer det upp en begäran om att starta om datorn (Restart). I så fall gör det.

Om det blir ett felmeddelande Error loading... efter omstarten så starta om datorn än en gång.

Om programmet inte kommer igång efter omstarten så starta det.

Om loggen inte kommer upp själv i Anteckningar så hittar du loggen på fliken Loggar i MBAM.

Kopiera loggen och klistra in den i ditt svar.

Link to comment
Share on other sites

Hej Cecilia

Har en undring när du säger att det är några saker som inte stämmer.. kan du delge oss hur man läser dessa loggar eftersom du kan tydligen vet hur man gör.

Kanske finns det någon guide på nätet där man kan läsa om detta?

Link to comment
Share on other sites

Hej Cecilia

Har en undring när du säger att det är några saker som inte stämmer.. kan du delge oss hur man läser dessa loggar eftersom du kan tydligen vet hur man gör.

Kanske finns det någon guide på nätet där man kan läsa om detta?

Hej!

Man söker information om allt man inte känner igen i loggen. För det så använder man t ex http://www.systemlookup.com/ och Google.

När man har sett och sökt information om 100 loggar eller så så börjar man se mönster, vad som är normalt och inte etc. När jag började kolla på loggar för ca 5 år sedan så kunde det ta mig 1-2 timmar att kolla igenom en HijackThis-logg, men nu så går det ju mycket fortare.

Link to comment
Share on other sites

Det finns ett antal rader i loggen som inte verkar bra.

Hej Cecilia!

Nu har jag följt dina instruktioner, se MBAM-log nedan. Felmeddelandet kom inte upp efter omstart.

Hälsningar

MaPe

Malwarebytes' Anti-Malware 1.41

Databasversion: 2945

Windows 5.1.2600 Service Pack 3

2009-10-12 12:55:19

mbam-log-2009-10-12 (12-55-19).txt

Skanningstyp: Snabb skanning

Antal skannade objekt: 103722

Förfluten tid: 5 minute(s), 0 second(s)

Infekterade minnesprocesser: 0

Infekterade minnesmoduler: 0

Infekterade registernycklar: 6

Infekterade registervärden: 2

Infekterade registerdataposter: 1

Infekterade mappar: 2

Infekterade filer: 2

Infekterade minnesprocesser:

(Inga illasinnade poster hittades)

Infekterade minnesmoduler:

(Inga illasinnade poster hittades)

Infekterade registernycklar:

HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> Quarantined and deleted successfully.

HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> Quarantined and deleted successfully.

HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{494e6cec-7483-a4ee-0938-895519a84bc7} (Backdoor.Bot) -> Quarantined and deleted successfully.

HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> Quarantined and deleted successfully.

HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> Quarantined and deleted successfully.

HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{494e6cec-7483-a4ee-0938-895519a84bc7} (Backdoor.Bot) -> Quarantined and deleted successfully.

Infekterade registervärden:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RList (Malware.Trace) -> Quarantined and deleted successfully.

HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\MyID (Malware.Trace) -> Quarantined and deleted successfully.

Infekterade registerdataposter:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Hijack.Shell) -> Bad: (Explorer.exe rundll32.exe tftp.nfo beforegllav) Good: (Explorer.exe) -> Quarantined and deleted successfully.

Infekterade mappar:

C:\Documents and Settings\All Users\Application Data\16262344 (Rogue.Multiple) -> Quarantined and deleted successfully.

C:\Documents and Settings\All Users\Application Data\16949064 (Rogue.Multiple) -> Quarantined and deleted successfully.

Infekterade filer:

C:\Documents and Settings\Magnus Pettersson\Start Menu\Programs\Startup\ikowin32.exe (Trojan.Cutwail) -> Quarantined and deleted successfully.

C:\Documents and Settings\Magnus Pettersson\Application Data\wiaserva.log (Malware.Trace) -> Quarantined and deleted successfully.

Link to comment
Share on other sites

Så här ser den loggen ut:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 14:46:17, on 2009-10-12

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16876)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\eHome\ehRecvr.exe

C:\WINDOWS\eHome\ehSched.exe

C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Asus\EZVCR\EZSERVICE.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Documents and Settings\LocalService\Application Data\Microsoft\kakoopus.exe

C:\Program Files\ASUS\EZVCR\Agent.exe

C:\Program Files\ASUS\EZVCR\ASUS_IRAppl.exe

C:\WINDOWS\ATK0100\HControl.exe

C:\WINDOWS\ehome\ehtray.exe

C:\WINDOWS\sm56hlpr.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Program Files\ASUS\ASUS Live Update\ALU.exe

C:\Program Files\Wireless Console 2\wcourier.exe

C:\Program Files\ASUS\ATK Media\DMEDIA.EXE

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe

C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe

C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe

C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe

C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe

C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\daquupu.exe

C:\Program Files\Skype\Phone\Skype.exe

C:\Program Files\Messenger\msmsgs.exe

C:\WINDOWS\system32\rundll32.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe

C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtBty.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe

C:\WINDOWS\ATK0100\ATKOSD.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe

C:\WINDOWS\system32\dllhost.exe

C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe

C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe

C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe

C:\WINDOWS\eHome\ehmsas.exe

C:\Program Files\Trend Micro\HijackThis\mape.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.asus.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

O4 - HKLM\..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe

O4 - HKLM\..\Run: [sMSERIAL] C:\WINDOWS\sm56hlpr.exe

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [ASUS Live Update] C:\Program Files\ASUS\ASUS Live Update\ALU.exe

O4 - HKLM\..\Run: [Wireless Console 2] C:\Program Files\Wireless Console 2\wcourier.exe

O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMEDIA.EXE

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [ABLKSR] C:\WINDOWS\ABLKSR\ABLKSR.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [Power_Gear] C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe 1

O4 - HKLM\..\Run: [intelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"

O4 - HKLM\..\Run: [intelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless

O4 - HKLM\..\Run: [EOUApp] "C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe"

O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [toucoofu] C:\WINDOWS\system32\daquupu.exe

O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1

O4 - HKCU\..\Run: [perfdm32] rundll32.exe "C:\Documents and Settings\Magnus Pettersson\Local Settings\Application Data\perfdm32\perfdm32.dll", DllInit

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\Run: [toucoofu] C:\Documents and Settings\LocalService\Application Data\Microsoft\daquupu.exe (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Startup: Registration Heroes of Might & Magic 5.LNK = C:\Program Files\Ubisoft\Heroes of Might and Magic V\registration\RegistrationReminder.exe

O4 - Global Startup: Bluetooth Manager.lnk = ?

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html

O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html

O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html

O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html

O9 - Extra button: Referensinformation - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: HP Smart markering - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O14 - IERESET.INF: START_PAGE_URL=http://www.asus.com

O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1182372911921

O16 - DPF: {9478041E-CAEC-44A5-8271-B56799715926} (ColorApplication Control) - http://clients.theshining.se/colorapp/ColorAppOnline.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O23 - Service: ASUSKeyboardService (eaauehiuh) - Unknown owner - C:\WINDOWS\system32\soogis.exe (file missing)

O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe

O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe

O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

O23 - Service: EZSERVICE - Unknown owner - C:\Program Files\Asus\EZVCR\EZSERVICE.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

--

End of file - 10028 bytes

Vad säger du om de poster jag nämnde i mitt första inlägg?

Hälsningar

MaPe

Link to comment
Share on other sites

Surfa till http://www.virustotal.com (fungerar bäst med Internet Explorer) klistra in ett av följande filnamn i rutan, tryck på Skicka Fil och vänta tills resultatet är klart (Närvarande status blir genomförd). Klistra in resultatet från de olika antivirusprogrammen (inte Övrig information) här. Upprepa med nästa filnamn.

C:\Documents and Settings\LocalService\Application Data\Microsoft\daquupu.exe

C:\WINDOWS\system32\daquupu.exe

C:\Documents and Settings\LocalService\Application Data\Microsoft\kakoopus.exe

Ladda ner ComboFix till Skrivbordet:

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Stäng av alla program du ser inklusive antivirusprogram och antispionprogram men lämna brandväggen på.

Hur? Se http://www.bleepingcomputer.com/forums/topic114351.html

Kör ComboFix och följ anvisningarna som visas.

Om det kommer upp en fråga om du vill installera återställningskonsolen så svara ja.

VIKTIGT! Klicka inte på ComboFix-fönstret med musen när den körs annars kan den hänga upp sig.

När den är färdig så ska en logg komma upp, klistra in den i ditt svar. Kontrollera att antivirusprogram mm är igång innan du ansluter till internet.

Om du får problem med att komma ut på internet:

Kontrollpanelen - Nätverksanslutningar

högerklicka på din internetanslutning och välj Reparera och/eller starta om datorn.

Varning! ComboFix förhindrar automatisk körning av CD, disketter och USB-enheter för att göra det lättare att rensa datorn och skydda datorn mot infektioner i framtiden. Det kan bli problem t ex om datorn har internet via ett USB-modem eller USB-nätverkskort. Säg då till i stället för att köra ComboFix.

Link to comment
Share on other sites

Varning! ComboFix förhindrar automatisk körning av CD, disketter och USB-enheter för att göra det lättare att rensa datorn och skydda datorn mot infektioner i framtiden. Det kan bli problem t ex om datorn har internet via ett USB-modem eller USB-nätverkskort. Säg då till i stället för att köra ComboFix.

Jag har endast mobilt bredband till min laptop, mao USB-modem. Hur ska jag då gå tillväga?

Link to comment
Share on other sites

C:\Documents and Settings\LocalService\Application Data\Microsoft\daquupu.exe

C:\WINDOWS\system32\daquupu.exe

C:\Documents and Settings\LocalService\Application Data\Microsoft\kakoopus.exe

Alla tre filerna hade blivit analyserade vid tidigare tillfällen. Det var enbart 3 antivirusprogram som gav utslag och varje program gav samma utslag för de tre olika filerna:

DrWeb v5.0.0.12182; Senast uppdaterat 2009.09.23; Resultat: Trojan.MulDrop.34866

Microsoft v1.5005; Senast uppdaterat 2009.09.22; Resultat: Backdoor:Win32/Oderoor.gen!H

Panda v10.0.2.2; Senast uppdaterat 2009.09.22; Resultat: Suspicious file

Vad beträffar ominstallation av modemet, ska det väl inte vara någon omöjlighet.

Link to comment
Share on other sites

Kan du ladda upp en av de tre filerna (gärna i en zip-fil) på http://www.skickafilen.se/ Du kommer då att få en länk tillbaka. Den länken skickar du i ett PM (meddelande) här i forumet till mig (klicka på kuvert-ikonen till vänster om det här inlägget). Då kan jag ladda ner filen och undersöka den närmare samt skicka den vidare till antivirusföretagen så att de kan uppdatera sina program.

Vi ser om det går bra utan ComboFix. Ladda ner OTL till Skrivbordet.

http://oldtimer.geekstogo.com/OTL.exe

Stäng alla program.

Kör OTL (i Vista högerklicka och Kör som administratör).

Under Output högt upp så välj Minimal Output.

Bocka för LOP Check och Purity Check.

Tryck på Run Scan och låt programmet köra ostört.

När det är klart så skapas två loggfiler på Skrivbordet, OTL.txt och Extras.txt. I ditt svar klistrar du in OTL.txt medan du låter Extras.txt ligga kvar på Skrivbordet.

Link to comment
Share on other sites

Länken du frågade efter har jag skickat till dig och här kommer loggfilen från OTL.txt:

OTL logfile created on: 2009-10-14 10:08:20 - Run 1

OTL by OldTimer - Version 3.0.20.0 Folder = C:\Documents and Settings\Magnus Pettersson\Desktop\OTL

Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 7.0.5730.11)

Locale: 0000041D | Country: Sverige | Language: SVE | Date Format: yyyy-MM-dd

1023,20 Mb Total Physical Memory | 523,79 Mb Available Physical Memory | 51,19% Memory free

2,40 Gb Paging File | 1,97 Gb Available in Paging File | 81,96% Paging File free

Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 64,73 Gb Total Space | 21,03 Gb Free Space | 32,49% Space Free | Partition Type: FAT32

Drive D: | 43,11 Gb Total Space | 43,08 Gb Free Space | 99,91% Space Free | Partition Type: FAT32

Drive E: | 2,43 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF

F: Drive not present or media not loaded

Drive G: | 8,44 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Computer Name: MAGNUS

Current User Name: Magnus Pettersson

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: Current user

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Magnus Pettersson\Desktop\OTL\OTL.exe (OldTimer Tools)

PRC - C:\Program Files\ASUS\ASUS Live Update\ALU.exe ()

PRC - C:\Program Files\ASUS\ATK Media\DMEDIA.EXE (ASUSTeK Computer INC.)

PRC - C:\Program Files\ASUS\EZVCR\Agent.exe (ASUS)

PRC - C:\Program Files\ASUS\EZVCR\ASUS_IRAppl.exe (NXP Semiconductors Germany GmbH)

PRC - C:\Program Files\Asus\EZVCR\EZSERVICE.exe ()

PRC - C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe (ASUSTeK Computer Inc.)

PRC - C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)

PRC - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe (ESET)

PRC - C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe (Hewlett-Packard Co.)

PRC - C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe (Hewlett-Packard)

PRC - C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe (Hewlett-Packard Co.)

PRC - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)

PRC - C:\Program Files\HP\HP Software Update\HPWuSchd2.exe (Hewlett-Packard)

PRC - C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe (Intel Corporation)

PRC - C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe (Intel Corporation)

PRC - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe (Intel Corporation)

PRC - C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe (Intel Corporation)

PRC - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe (Intel Corporation)

PRC - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe (Intel Corporation )

PRC - C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe (Intel Corporation)

PRC - C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)

PRC - C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)

PRC - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)

PRC - C:\Program Files\Skype\Phone\Skype.exe ()

PRC - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)

PRC - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe (TOSHIBA CORPORATION.)

PRC - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtBty.exe (TOSHIBA CORPORATION.)

PRC - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe (TOSHIBA CORPORATION.)

PRC - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe (TOSHIBA CORPORATION.)

PRC - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe (TOSHIBA CORPORATION.)

PRC - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe (TOSHIBA CORPORATION.)

PRC - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe (TOSHIBA CORPORATION.)

PRC - C:\Program Files\Wireless Console 2\wcourier.exe ()

PRC - C:\WINDOWS\ATK0100\ATKOSD.exe ()

PRC - C:\WINDOWS\ATK0100\HControl.exe ()

PRC - C:\WINDOWS\eHome\ehmsas.exe (Microsoft Corporation)

PRC - C:\WINDOWS\eHome\ehRecvr.exe (Microsoft Corporation)

PRC - C:\WINDOWS\eHome\ehSched.exe (Microsoft Corporation)

PRC - C:\WINDOWS\ehome\ehtray.exe (Microsoft Corporation)

PRC - C:\WINDOWS\ehome\mcrdsvc.exe (Microsoft Corporation)

PRC - C:\WINDOWS\Explorer.EXE (Microsoft Corporation)

PRC - C:\WINDOWS\RTHDCPL.EXE (Realtek Semiconductor Corp.)

PRC - C:\WINDOWS\sm56hlpr.exe (Motorola Inc.)

PRC - C:\WINDOWS\System32\daquupu.exe ()

PRC - C:\WINDOWS\System32\nvsvc32.exe (NVIDIA Corporation)

PRC - C:\WINDOWS\System32\wscntfy.exe (Microsoft Corporation)

========== Win32 Services (SafeList) ==========

SRV - (aspnet_state [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe (Microsoft Corporation)

SRV - (eaauehiuh [Auto | Stopped]) -- File not found

SRV - (ehRecvr [Auto | Running]) -- C:\WINDOWS\eHome\ehRecvr.exe (Microsoft Corporation)

SRV - (ehSched [Auto | Running]) -- C:\WINDOWS\eHome\ehSched.exe (Microsoft Corporation)

SRV - (EhttpSrv [On_Demand | Stopped]) -- C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe (ESET)

SRV - (ekrn [Auto | Running]) -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe (ESET)

SRV - (EvtEng [Auto | Running]) -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe (Intel Corporation)

SRV - (EZSERVICE [Auto | Running]) -- C:\Program Files\Asus\EZVCR\EZSERVICE.exe ()

SRV - (helpsvc [Auto | Running]) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)

SRV - (hpqcxs08 [On_Demand | Running]) -- C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll (Hewlett-Packard Co.)

SRV - (hpqddsvc [Auto | Running]) -- C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll (Hewlett-Packard Co.)

SRV - (IDriverT [On_Demand | Stopped]) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe (Macrovision Corporation)

SRV - (JavaQuickStarterService [Auto | Running]) -- C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)

SRV - (kzbouqeyyn [Auto | Stopped]) -- C:\WINDOWS\System32\kakoopus.exe ()

SRV - (McrdSvc [Auto | Running]) -- C:\WINDOWS\ehome\mcrdsvc.exe (Microsoft Corporation)

SRV - (MHN [On_Demand | Stopped]) -- C:\WINDOWS\System32\mhn.dll (Microsoft Corporation)

SRV - (Net Driver HPZ12 [Auto | Running]) -- C:\WINDOWS\System32\HPZinw12.dll (Hewlett-Packard)

SRV - (NVSvc [Auto | Running]) -- C:\WINDOWS\System32\nvsvc32.exe (NVIDIA Corporation)

SRV - (ose [On_Demand | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)

SRV - (Pml Driver HPZ12 [Auto | Running]) -- C:\WINDOWS\System32\HPZipm12.dll (Hewlett-Packard)

SRV - (RegSrvc [Auto | Running]) -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe (Intel Corporation)

SRV - (S24EventMonitor [Auto | Running]) -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe (Intel Corporation )

SRV - (WMPNetworkSvc [On_Demand | Stopped]) -- C:\Program Files\Windows Media Player\WMPNetwk.exe (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV - (AegisP [Auto | Running]) -- C:\WINDOWS\System32\DRIVERS\AegisP.sys (Meetinghouse Data Communications)

DRV - (eamon [Auto | Running]) -- C:\WINDOWS\System32\DRIVERS\eamon.sys (ESET)

DRV - (easdrv [system | Running]) -- C:\WINDOWS\System32\DRIVERS\easdrv.sys (ESET)

DRV - (epfwtdir [system | Running]) -- C:\WINDOWS\System32\DRIVERS\epfwtdir.sys ()

DRV - (HDAudBus [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\HDAudBus.sys (Windows ® Server 2003 DDK provider)

DRV - (HPZid412 [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\HPZid412.sys (HP)

DRV - (HPZipr12 [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\HPZipr12.sys (HP)

DRV - (HPZius12 [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\HPZius12.sys (HP)

DRV - (hwdatacard [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\ewusbmdm.sys (Huawei Technologies Co., Ltd.)

DRV - (IntcAzAudAddService [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)

DRV - (MODEMCSA [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\MODEMCSA.sys (Microsoft Corporation)

DRV - (MPE [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\MPE.sys (Microsoft Corporation)

DRV - (MTsensor [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\ATKACPI.sys ()

DRV - (NPF [On_Demand | Stopped]) -- C:\WINDOWS\System32\drivers\NPF.sys (CACE Technologies)

DRV - (nv [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\nv4_mini.sys (NVIDIA Corporation)

DRV - (Ptilink [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys (Parallel Technologies, Inc.)

DRV - (PxHelp20 [boot | Running]) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys (Sonic Solutions)

DRV - (rimmptsk [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\rimmptsk.sys (REDC)

DRV - (rimsptsk [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\rimsptsk.sys (REDC)

DRV - (RTL8023xp [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\Rtenicxp.sys (Realtek Semiconductor Corporation )

DRV - (s24trans [Auto | Running]) -- C:\WINDOWS\System32\DRIVERS\s24trans.sys (Intel Corporation)

DRV - (Secdrv [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)

DRV - (smserial [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\smserial.sys (Motorola Inc.)

DRV - (SynMini [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\SynMini.sys (Syntek America Inc.)

DRV - (SynScan [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\SynScan.sys (Syntek America Inc.)

DRV - (SynTP [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\SynTP.sys (Synaptics, Inc.)

DRV - (toshidpt [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\Toshidpt.sys (TOSHIBA Corporation.)

DRV - (tosporte [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\tosporte.sys (TOSHIBA Corporation)

DRV - (Tosrfbd [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\tosrfbd.sys (TOSHIBA CORPORATION)

DRV - (Tosrfbnp [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\tosrfbnp.sys (TOSHIBA Corporation)

DRV - (Tosrfcom [system | Running]) -- C:\WINDOWS\System32\Drivers\tosrfcom.sys (TOSHIBA Corporation)

DRV - (Tosrfhid [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\Tosrfhid.sys (TOSHIBA Corporation.)

DRV - (tosrfnds [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\tosrfnds.sys (TOSHIBA Corporation.)

DRV - (TosRfSnd [On_Demand | Stopped]) -- C:\WINDOWS\System32\drivers\TosRfSnd.sys (TOSHIBA Corporation)

DRV - (Tosrfusb [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\tosrfusb.sys (TOSHIBA CORPORATION)

DRV - (u3kmini [On_Demand | Stopped]) -- C:\WINDOWS\System32\Drivers\u3kmini.sys (ASUSTeK)

DRV - (w39n51 [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\w39n51.sys (Intel® Corporation)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.asus.com/

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Google"

FF - prefs.js..browser.search.defaulturl: "http://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q="

FF - prefs.js..browser.search.selectedEngine: "Google"

FF - prefs.js..browser.search.update: false

FF - HKLM\software\mozilla\Firefox\extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009-04-08 21:01:28 | 00,000,000 | ---D | M]

[2007-07-31 23:29:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Magnus Pettersson\Application Data\mozilla\Firefox\Profiles\470uf1fu.default\extensions

[2007-07-31 23:36:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Magnus Pettersson\Application Data\mozilla\Firefox\Profiles\470uf1fu.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}

[2007-07-31 23:36:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Magnus Pettersson\Application Data\mozilla\Firefox\Profiles\470uf1fu.default\extensions\sv@dictionaries.addons.mozilla.org

O1 HOSTS File: (734 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)

O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)

O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)

O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.

O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.

O4 - HKLM..\Run: [ABLKSR] C:\WINDOWS\ABLKSR\ABLKSR.exe (ASYSTeK Computer INC.)

O4 - HKLM..\Run: [ASUS Live Update] C:\Program Files\ASUS\ASUS Live Update\ALU.exe ()

O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMEDIA.EXE (ASUSTeK Computer INC.)

O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)

O4 - HKLM..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe (Microsoft Corporation)

O4 - HKLM..\Run: [EOUApp] C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe (Intel Corporation)

O4 - HKLM..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe ()

O4 - HKLM..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe (Hewlett-Packard)

O4 - HKLM..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe (Hewlett-Packard)

O4 - HKLM..\Run: [intelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe (Intel Corporation)

O4 - HKLM..\Run: [intelZeroConfig] C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe (Intel Corporation)

O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)

O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\System32\NeroCheck.exe (Ahead Software Gmbh)

O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)

O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()

O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)

O4 - HKLM..\Run: [Power_Gear] C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe (ASUSTeK Computer Inc.)

O4 - HKLM..\Run: [RTHDCPL] C:\WINDOWS\RTHDCPL.EXE (Realtek Semiconductor Corp.)

O4 - HKLM..\Run: [sMSERIAL] C:\WINDOWS\sm56hlpr.exe (Motorola Inc.)

O4 - HKLM..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)

O4 - HKLM..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)

O4 - HKLM..\Run: [toucoofu] C:\WINDOWS\System32\daquupu.exe ()

O4 - HKLM..\Run: [Wireless Console 2] C:\Program Files\Wireless Console 2\wcourier.exe ()

O4 - HKCU..\Run: [MSMSGS] C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)

O4 - HKCU..\Run: [perfdm32] File not found

O4 - HKCU..\Run: [skype] C:\Program Files\Skype\Phone\Skype.exe ()

O4 - HKCU..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe (Adobe Systems Incorporated)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth Manager.lnk = C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng1.exe ()

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)

O4 - Startup: C:\Documents and Settings\Magnus Pettersson\Start Menu\Programs\Startup\Registration Heroes of Might & Magic 5.LNK = C:\Program Files\Ubisoft\Heroes of Might and Magic V\registration\RegistrationReminder.exe ()

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O8 - Extra context menu item: E&xportera till Microsoft Excel - C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)

O8 - Extra context menu item: Easy-WebPrint Add To Print List - C:\Program Files\Canon\Easy-WebPrint\Resource.dll File not found

O8 - Extra context menu item: Easy-WebPrint High Speed Print - C:\Program Files\Canon\Easy-WebPrint\Resource.dll File not found

O8 - Extra context menu item: Easy-WebPrint Preview - C:\Program Files\Canon\Easy-WebPrint\Resource.dll File not found

O8 - Extra context menu item: Easy-WebPrint Print - C:\Program Files\Canon\Easy-WebPrint\Resource.dll File not found

O9 - Extra Button: Referensinformation - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)

O9 - Extra Button: HP Smart markering - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)

O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)

O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)

O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/5/b/0/5b0d4654-aa20-495c-b89f-c1c34c691085/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)

O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} http://www.eset.eu/buxus/docs/OnlineScanner.cab (OnlineScanner Control)

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1182372911921 (WUWebControl Class)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)

O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)

O16 - DPF: {9478041E-CAEC-44A5-8271-B56799715926} http://clients.theshining.se/colorapp/ColorAppOnline.cab (ColorApplication Control)

O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)

O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\ipp - No CLSID value found

O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp - No CLSID value found

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)

O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)

O24 - Desktop Components:0 (My Current Home Page) - About:Home

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2006-12-26 22:25:00 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ FAT32 ]

O32 - AutoRun File - [2006-04-11 16:15:11 | 00,323,584 | R--- | M] (Nival Interactive) - E:\Autorun.exe -- [ UDF ]

O32 - AutoRun File - [2006-04-11 16:15:11 | 00,323,584 | R--- | M] (Nival Interactive) - E:\AutoRun.exe -- [ UDF ]

O32 - AutoRun File - [2006-04-05 17:38:16 | 00,050,534 | R--- | M] () - E:\AutoRun.ico -- [ UDF ]

O32 - AutoRun File - [2003-03-14 13:03:15 | 00,000,047 | R--- | M] () - E:\autorun.inf -- [ UDF ]

O32 - AutoRun File - [2007-07-14 16:28:32 | 00,106,496 | R--- | M] (Huawei Technologies Co., Ltd.) - G:\AutoRun.exe -- [ CDFS ]

O32 - AutoRun File - [2007-08-17 17:37:06 | 00,000,046 | R--- | M] () - G:\AUTORUN.INF -- [ CDFS ]

O33 - MountPoints2\{0369b9e0-85a9-11dc-a93d-0018f37187dd}\Shell - "" = AutoRun

O33 - MountPoints2\{0369b9e0-85a9-11dc-a93d-0018f37187dd}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found

O33 - MountPoints2\{288262f2-8817-11dc-a94b-0018f37187dd}\Shell - "" = AutoRun

O33 - MountPoints2\{288262f2-8817-11dc-a94b-0018f37187dd}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found

O33 - MountPoints2\{560da63c-79fc-11dd-acb6-0018f37187dd}\Shell - "" = AutoRun

O33 - MountPoints2\{560da63c-79fc-11dd-acb6-0018f37187dd}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found

O33 - MountPoints2\{569e22b2-66f0-11dd-ac6d-0018f37187dd}\Shell - "" = AutoRun

O33 - MountPoints2\{569e22b2-66f0-11dd-ac6d-0018f37187dd}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found

O33 - MountPoints2\{569e22b4-66f0-11dd-ac6d-0018f37187dd}\Shell - "" = AutoRun

O33 - MountPoints2\{569e22b4-66f0-11dd-ac6d-0018f37187dd}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found

O33 - MountPoints2\{7f6d57ba-c10b-11dd-adae-0018f37187dd}\Shell\AutoRun\command - "" = C:\WINDOWS\System32\url.DLL -- [2009-06-29 18:12:18 | 00,105,984 | ---- | M] (Microsoft Corporation)

O33 - MountPoints2\{7f6d57ba-c10b-11dd-adae-0018f37187dd}\Shell\verb0\command - "" = F:\EClient.exe -- File not found

O33 - MountPoints2\{7f6d57ba-c10b-11dd-adae-0018f37187dd}\Shell\verb1\command - "" = F:\Gupdate.exe -- File not found

O33 - MountPoints2\{7f6d57ba-c10b-11dd-adae-0018f37187dd}\Shell\verb2\command - "" = F:\Gupdate.exe -- File not found

O33 - MountPoints2\{84ec29f8-c000-11dc-aa17-0018f37187dd}\Shell - "" = AutoRun

O33 - MountPoints2\{84ec29f8-c000-11dc-aa17-0018f37187dd}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found

O33 - MountPoints2\{84ec29f9-c000-11dc-aa17-0018f37187dd}\Shell - "" = AutoRun

O33 - MountPoints2\{84ec29f9-c000-11dc-aa17-0018f37187dd}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found

O33 - MountPoints2\{916b22aa-6ecb-11dc-a8f3-0018f37187dd}\Shell - "" = AutoRun

O33 - MountPoints2\{916b22aa-6ecb-11dc-a8f3-0018f37187dd}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found

O33 - MountPoints2\{916b22ab-6ecb-11dc-a8f3-0018f37187dd}\Shell - "" = AutoRun

O33 - MountPoints2\{916b22ab-6ecb-11dc-a8f3-0018f37187dd}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found

O33 - MountPoints2\{a66a4624-254a-11dc-a812-0018de78ef7a}\Shell - "" = AutoRun

O33 - MountPoints2\{a66a4624-254a-11dc-a812-0018de78ef7a}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found

O33 - MountPoints2\{a66a4625-254a-11dc-a812-0018de78ef7a}\Shell - "" = AutoRun

O33 - MountPoints2\{a66a4625-254a-11dc-a812-0018de78ef7a}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found

O33 - MountPoints2\{aaaefd92-8bd9-11dc-a95a-0018f37187dd}\Shell - "" = AutoRun

O33 - MountPoints2\{aaaefd92-8bd9-11dc-a95a-0018f37187dd}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found

O33 - MountPoints2\{aaaefd93-8bd9-11dc-a95a-0018f37187dd}\Shell - "" = AutoRun

O33 - MountPoints2\{aaaefd93-8bd9-11dc-a95a-0018f37187dd}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found

O33 - MountPoints2\{ae7706ce-8c72-11dc-a95e-0018f37187dd}\Shell - "" = AutoRun

O33 - MountPoints2\{ae7706ce-8c72-11dc-a95e-0018f37187dd}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found

O33 - MountPoints2\{b2f5be3a-85aa-11dc-a93e-0018f37187dd}\Shell - "" = AutoRun

O33 - MountPoints2\{b2f5be3a-85aa-11dc-a93e-0018f37187dd}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found

O33 - MountPoints2\{b58a0cb0-15a6-11dc-a7e9-0018de78ef7a}\Shell - "" = AutoRun

O33 - MountPoints2\{b58a0cb0-15a6-11dc-a7e9-0018de78ef7a}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found

O33 - MountPoints2\{b58a0cb1-15a6-11dc-a7e9-0018de78ef7a}\Shell - "" = AutoRun

O33 - MountPoints2\{b58a0cb1-15a6-11dc-a7e9-0018de78ef7a}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found

O33 - MountPoints2\{bd84c2f8-1f4b-11dc-a7fc-0018de78ef7a}\Shell - "" = AutoRun

O33 - MountPoints2\{bd84c2f8-1f4b-11dc-a7fc-0018de78ef7a}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found

O33 - MountPoints2\{bd84c2f9-1f4b-11dc-a7fc-0018de78ef7a}\Shell - "" = AutoRun

O33 - MountPoints2\{bd84c2f9-1f4b-11dc-a7fc-0018de78ef7a}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found

O33 - MountPoints2\{de0a9c8e-8c3b-11dc-a95d-0018f37187dd}\Shell - "" = AutoRun

O33 - MountPoints2\{de0a9c8e-8c3b-11dc-a95d-0018f37187dd}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found

O33 - MountPoints2\{de0a9c8f-8c3b-11dc-a95d-0018f37187dd}\Shell - "" = AutoRun

O33 - MountPoints2\{de0a9c8f-8c3b-11dc-a95d-0018f37187dd}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found

O33 - MountPoints2\{df7fe310-fac3-11dd-ae5f-0018f37187dd}\Shell - "" = AutoRun

O33 - MountPoints2\{df7fe310-fac3-11dd-ae5f-0018f37187dd}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found

O33 - MountPoints2\F\Shell - "" = AutoRun

O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found

O33 - MountPoints2\G\Shell - "" = AutoRun

O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\AutoRun.exe -- [2007-07-14 16:28:32 | 00,106,496 | R--- | M] (Huawei Technologies Co., Ltd.)

O34 - HKLM BootExecute: (autocheck) - File not found

O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)

O34 - HKLM BootExecute: (*) - File not found

O35 - comfile [open] -- "%1" %* File not found

O35 - exefile [open] -- "%1" %* File not found

========== Files/Folders - Created Within 30 Days ==========

[2009-10-14 09:54:18 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Magnus Pettersson\Desktop\OTL

[2009-10-13 10:42:56 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Magnus Pettersson\Desktop\Combofix

[2009-10-13 07:41:33 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Magnus Pettersson\Desktop\qw

[2009-10-13 07:40:34 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Magnus Pettersson\Desktop\Ny info bilpool

[2009-10-11 23:14:57 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Magnus Pettersson\Desktop\ccbackup

[2009-10-11 19:42:12 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Magnus Pettersson\Desktop\Trendnew

[2009-10-11 19:33:57 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Magnus Pettersson\Desktop\ccnew

========== Files - Modified Within 30 Days ==========

[2009-10-14 09:45:34 | 00,256,675 | ---- | M] () -- C:\Documents and Settings\Magnus Pettersson\Desktop\daquupu.zip

[2009-10-14 09:38:18 | 00,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2009-10-14 09:36:10 | 00,050,868 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml

[2009-10-14 09:36:04 | 00,039,942 | ---- | M] () -- C:\WINDOWS\ezvcr.ini

[2009-10-14 09:36:02 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT

[2009-10-14 09:36:00 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2009-10-14 09:35:54 | 10,729,75872 | -HS- | M] () -- C:\hiberfil.sys

[2009-10-13 23:34:12 | 00,004,495 | ---- | M] () -- C:\Documents and Settings\Magnus Pettersson\Desktop\alltomxp.se och alltomvista.se.url

[2009-10-13 13:19:18 | 00,033,792 | ---- | M] () -- C:\Documents and Settings\Magnus Pettersson\Desktop\Ny(tt) Microsoft Excel-kalkylblad.xls

[2009-10-13 13:19:00 | 00,025,600 | ---- | M] () -- C:\Documents and Settings\Magnus Pettersson\Desktop\v.doc

[2009-10-13 12:43:08 | 00,000,257 | ---- | M] () -- C:\Documents and Settings\Magnus Pettersson\Desktop\Microsoft ISA Server 2006.url

[2009-10-11 23:07:26 | 00,001,452 | ---- | M] () -- C:\Documents and Settings\Magnus Pettersson\Desktop\CCleaner.lnk

[2009-10-11 20:32:20 | 00,000,728 | ---- | M] () -- C:\Documents and Settings\Magnus Pettersson\Desktop\Boka bilpoolsbil.url

[2009-10-10 08:08:46 | 00,000,332 | ---- | M] () -- C:\WINDOWS\tasks\WebReg HP Deskjet F4200 series.job

[2009-10-09 13:07:20 | 00,027,136 | ---- | M] () -- C:\Documents and Settings\Magnus Pettersson\Desktop\Instruktion redigering hemvården.doc

[2009-10-09 09:14:08 | 00,001,092 | ---- | M] () -- C:\Documents and Settings\Magnus Pettersson\Start Menu\Programs\Startup\Registration Heroes of Might & Magic 5.LNK

[2009-10-07 18:04:16 | 00,000,345 | ---- | M] () -- C:\Documents and Settings\Magnus Pettersson\Desktop\Lunds bilpool.url

[2009-09-30 10:04:08 | 01,578,786 | -H-- | M] () -- C:\Documents and Settings\Magnus Pettersson\Local Settings\Application Data\IconCache.db

[2009-09-25 14:19:02 | 00,000,257 | ---- | M] () -- C:\Documents and Settings\Magnus Pettersson\Desktop\Microsoft ISA Server 2006 (2).url

[2009-09-23 02:17:12 | 00,325,632 | ---- | M] () -- C:\WINDOWS\System32\kakoopus.exe

[2009-09-23 02:17:12 | 00,325,632 | ---- | M] () -- C:\WINDOWS\System32\daquupu.exe

[2009-09-22 23:39:56 | 00,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini

========== Files - No Company Name ==========

[2009-10-14 09:45:32 | 00,256,675 | ---- | C] () -- C:\Documents and Settings\Magnus Pettersson\Desktop\daquupu.zip

[2009-10-13 23:30:22 | 00,325,632 | ---- | C] () -- C:\WINDOWS\System32\kakoopus.exe

[2009-10-13 13:15:45 | 00,025,600 | ---- | C] () -- C:\Documents and Settings\Magnus Pettersson\Desktop\v.doc

[2009-10-13 12:57:28 | 00,033,792 | ---- | C] () -- C:\Documents and Settings\Magnus Pettersson\Desktop\Ny(tt) Microsoft Excel-kalkylblad.xls

[2009-10-13 09:31:38 | 00,004,495 | ---- | C] () -- C:\Documents and Settings\Magnus Pettersson\Desktop\alltomxp.se och alltomvista.se.url

[2009-10-10 08:08:43 | 00,000,332 | ---- | C] () -- C:\WINDOWS\tasks\WebReg HP Deskjet F4200 series.job

[2009-10-09 13:07:19 | 00,027,136 | ---- | C] () -- C:\Documents and Settings\Magnus Pettersson\Desktop\Instruktion redigering hemvården.doc

[2009-10-02 13:21:26 | 00,001,092 | ---- | C] () -- C:\Documents and Settings\Magnus Pettersson\Start Menu\Programs\Startup\Registration Heroes of Might & Magic 5.LNK

[2009-09-25 14:19:01 | 00,000,257 | ---- | C] () -- C:\Documents and Settings\Magnus Pettersson\Desktop\Microsoft ISA Server 2006 (2).url

[2009-09-23 02:17:10 | 00,325,632 | ---- | C] () -- C:\WINDOWS\System32\daquupu.exe

[2009-03-13 03:02:53 | 00,000,206 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI

[2009-02-09 00:23:23 | 00,001,630 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log

[2008-10-24 20:53:28 | 00,034,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\epfwtdir.sys

[2008-09-29 09:40:31 | 00,086,016 | ---- | C] () -- C:\WINDOWS\System32\custmon32.dll

[2008-08-23 12:18:54 | 00,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll

[2008-08-23 12:18:53 | 00,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll

[2008-08-23 12:18:50 | 00,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll

[2008-02-11 09:39:26 | 00,253,952 | ---- | C] () -- C:\WINDOWS\System32\OnlineScannerDLLA.dll

[2008-02-11 09:39:18 | 00,237,568 | ---- | C] () -- C:\WINDOWS\System32\OnlineScannerDLLW.dll

[2008-02-08 13:53:46 | 00,110,592 | ---- | C] () -- C:\WINDOWS\System32\OnlineScannerLang.dll

[2007-12-18 20:09:40 | 00,039,942 | ---- | C] () -- C:\WINDOWS\ezvcr.ini

[2007-10-12 23:20:06 | 00,151,417 | ---- | C] () -- C:\WINDOWS\System32\xlive.dll.cat

[2007-07-27 14:49:02 | 00,225,355 | ---- | C] () -- C:\WINDOWS\System32\lnod32apiW.dll

[2007-07-27 14:49:02 | 00,196,683 | ---- | C] () -- C:\WINDOWS\System32\lnod32apiA.dll

[2007-07-25 05:54:32 | 00,008,962 | ---- | C] () -- C:\WINDOWS\gcspro.ini

[2007-07-18 00:28:06 | 00,000,000 | ---- | C] () -- C:\WINDOWS\tosOBEX.INI

[2007-05-21 04:26:09 | 00,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini

[2007-03-21 12:47:25 | 00,020,192 | ---- | C] () -- C:\Documents and Settings\Magnus Pettersson\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

[2007-03-14 22:43:57 | 00,108,032 | ---- | C] () -- C:\Documents and Settings\Magnus Pettersson\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2007-02-11 16:34:59 | 00,000,140 | ---- | C] () -- C:\Documents and Settings\Magnus Pettersson\Local Settings\Application Data\fusioncache.dat

[2007-02-05 12:21:45 | 00,000,374 | ---- | C] () -- C:\WINDOWS\ODBC.INI

[2007-01-09 05:05:54 | 00,006,656 | ---- | C] () -- C:\WINDOWS\System32\CNMVS58.DLL

[2007-01-09 01:51:30 | 00,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI

[2006-12-26 23:00:24 | 00,135,168 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll

[2006-12-26 22:29:15 | 00,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini

[2006-12-26 22:17:03 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\desktop.ini

[2006-12-26 17:39:49 | 01,578,786 | -H-- | C] () -- C:\Documents and Settings\Magnus Pettersson\Local Settings\Application Data\IconCache.db

[2006-12-26 17:39:49 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\Magnus Pettersson\Application Data\desktop.ini

[2006-12-26 16:27:07 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini

[2006-09-18 16:09:09 | 00,007,424 | ---- | C] () -- C:\WINDOWS\System32\drivers\MMIOPORT.SYS

[2006-09-18 16:09:09 | 00,002,538 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI

[2006-09-18 16:07:32 | 00,000,669 | ---- | C] () -- C:\WINDOWS\win.ini

[2006-09-18 16:07:30 | 00,000,231 | ---- | C] () -- C:\WINDOWS\system.ini

[2006-05-17 22:28:14 | 00,016,031 | ---- | C] () -- C:\WINDOWS\System32\SETUP.INI

[2006-04-23 01:00:10 | 00,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll

[2006-03-16 22:15:59 | 01,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll

[2006-03-16 22:15:59 | 01,466,368 | ---- | C] () -- C:\WINDOWS\System32\nview.dll

[2006-03-16 22:15:59 | 01,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll

[2006-03-16 22:15:59 | 00,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll

[2006-03-16 22:15:59 | 00,098,304 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll

[2006-01-02 19:16:31 | 00,000,010 | ---- | C] () -- C:\WINDOWS\System32\ABLKSR.ini

[2005-12-05 19:25:22 | 00,139,264 | ---- | C] () -- C:\WINDOWS\System32\lnod32umc.dll

[2005-12-05 12:37:10 | 00,106,496 | ---- | C] () -- C:\WINDOWS\System32\lnod32upd.dll

[2005-09-02 14:44:08 | 00,110,592 | ---- | C] () -- C:\WINDOWS\System32\TosBtAcc.dll

[2005-08-05 14:01:54 | 00,235,008 | ---- | C] () -- C:\WINDOWS\System32\PsisDecd.dll

[2005-07-22 21:30:20 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\TosCommAPI.dll

[2005-02-17 08:07:47 | 00,005,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\ATKACPI.sys

[2004-07-20 17:04:02 | 00,094,208 | ---- | C] () -- C:\WINDOWS\System32\TosBtHcrpAPI.dll

[2004-01-15 14:43:28 | 00,114,688 | ---- | C] () -- C:\WINDOWS\System32\TBTMonUI.dll

[2003-04-08 11:35:24 | 00,005,414 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== LOP Check ==========

[2006-12-26 22:17:04 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\All Users\Application Data

[2007-04-27 17:09:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CyberLink

[2009-02-08 00:03:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ESET

[2007-07-25 15:24:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\espionServerData

[2007-06-08 14:25:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\fssg

[2007-08-19 23:35:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GlobalSCAPE

[2006-12-26 23:18:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Intel

[2006-12-26 22:31:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SBSI

[2008-09-29 09:58:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP

[2006-12-26 22:17:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Magnus Pettersson\Application Data

[2008-06-17 18:49:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Magnus Pettersson\Application Data\ColorAppOnline

[2007-04-27 17:09:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Magnus Pettersson\Application Data\CyberLink

[2007-06-08 14:36:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Magnus Pettersson\Application Data\F-Secure

[2008-12-09 09:15:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Magnus Pettersson\Application Data\ICAClient

[2006-12-26 23:19:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Magnus Pettersson\Application Data\Intel

[2007-04-21 14:56:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Magnus Pettersson\Application Data\Mina Ringarnas herre - Häxkungens tid-filer

[2008-09-14 14:43:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Magnus Pettersson\Application Data\Mina Slaget om Midgård-filer

[2006-12-26 18:10:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Magnus Pettersson\Application Data\Mina Slaget om Midgård II-filer

[2009-09-01 02:08:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Magnus Pettersson\Application Data\MSA

[2007-07-24 21:29:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Magnus Pettersson\Application Data\Opera

[2007-12-29 20:56:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Magnus Pettersson\Application Data\Petroglyph

[2007-04-21 09:20:04 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Magnus Pettersson\Application Data\SecuROM

[2007-08-26 22:57:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Magnus Pettersson\Application Data\U3

[2006-03-16 02:00:00 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\desktop.ini

[2009-10-14 09:36:02 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT

[2009-10-10 08:08:46 | 00,000,332 | ---- | M] () -- C:\WINDOWS\Tasks\WebReg HP Deskjet F4200 series.job

========== Purity Check ==========

< End of report >

Link to comment
Share on other sites

Tack för filen! :)

Det är nu betydligt fler antivirusprogram som upptäcker den, 18 av 41 enligt virustotal, men tyvärr inte Nod32.

http://www.virustotal.com/sv/analisis/067c5f1ea827ea156d571c6b8c75444488ab49ca4d6836f5977924a4967dd3e3-1255510460

Kontrollpanelen - Administrationsverktyg - Tjänster

Leta upp eaauehiuh i listan, dubbelklicka och välj Startmetod Inaktiverad. Upprepa med kzbouqeyyn.

Starta om datorn.

Starta OTL (i Vista högerklicka och Kör som administratör).

Kopiera alla dessa markerade rader och klistra in i rutan Custom Scans/Fixes i OTL:

:OTL
O4 - HKCU..\Run: [perfdm32] File not found
O4 - HKLM..\Run: [toucoofu] C:\WINDOWS\System32\daquupu.exe ()

:Files
C:\WINDOWS\System32\kakoopus.exe
C:\Documents and Settings\LocalService\Application Data\Microsoft\daquupu.exe
C:\WINDOWS\system32\daquupu.exe
C:\Documents and Settings\LocalService\Application Data\Microsoft\kakoopus.exe
C:\Documents and Settings\LocalService\Application Data\Microsoft\madouzo.exe

:Commands
[EmptyTemp]
[Reboot]

Tryck på "Run Fix".

Avsluta OTL.

Om du blir tillfrågad om att starta om datorn så gör det.

Det kommer upp en logg som visar resultat, klistra in den i ditt svar.

Klistra också in en ny OTL-logg.

Edited by Cecilia
Link to comment
Share on other sites

Kontrollpanelen - Administrationsverktyg - Tjänster

Leta upp eaauehiuh i listan, dubbelklicka och välj Startmetod Inaktiverad. Upprepa med kzbouqeyyn.

Tyvärr, via den här sökvägen hittar jag ingen av tjänsterna, varken under fliken Standard eller Extended och jag har visning av dolda mappar/filer/systemfiler.

Link to comment
Share on other sites

Då utökar jag lite vad du ska göra med OTL.

:OTL
SRV - (eaauehiuh [Auto | Stopped]) -- File not found
SRV - (kzbouqeyyn [Auto | Stopped]) -- C:\WINDOWS\System32\kakoopus.exe ()
O4 - HKCU..\Run: [perfdm32] File not found
O4 - HKLM..\Run: [toucoofu] C:\WINDOWS\System32\daquupu.exe ()

:Files
C:\WINDOWS\System32\kakoopus.exe
C:\Documents and Settings\LocalService\Application Data\Microsoft\daquupu.exe
C:\WINDOWS\system32\daquupu.exe
C:\Documents and Settings\LocalService\Application Data\Microsoft\kakoopus.exe
C:\Documents and Settings\LocalService\Application Data\Microsoft\madouzo.exe

:Commands
[EmptyTemp]
[Reboot]

Link to comment
Share on other sites

Resultatlogg:

All processes killed

========== OTL ==========

Service\Driver eaauehiuh stopped successfully.

Service\Driver eaauehiuh deleted successfully.

File File not found not found.

Service\Driver kzbouqeyyn stopped successfully.

Service\Driver kzbouqeyyn deleted successfully.

C:\WINDOWS\System32\kakoopus.exe moved successfully.

Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\perfdm32 deleted successfully.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\toucoofu deleted successfully.

C:\WINDOWS\System32\daquupu.exe moved successfully.

========== FILES ==========

File\Folder C:\WINDOWS\System32\kakoopus.exe not found.

C:\Documents and Settings\LocalService\Application Data\Microsoft\daquupu.exe moved successfully.

File\Folder C:\WINDOWS\system32\daquupu.exe not found.

C:\Documents and Settings\LocalService\Application Data\Microsoft\kakoopus.exe moved successfully.

C:\Documents and Settings\LocalService\Application Data\Microsoft\madouzo.exe moved successfully.

========== COMMANDS ==========

[EMPTYTEMP]

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 32768 bytes

User: All Users

User: NetworkService

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

User: LocalService

->Temp folder emptied: 65984 bytes

File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.

->Temporary Internet Files folder emptied: 2607723 bytes

User: Administrator

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 32768 bytes

User: Magnus Pettersson

->Temp folder emptied: 2421264 bytes

File delete failed. C:\Documents and Settings\Magnus Pettersson\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.

->Temporary Internet Files folder emptied: 11709107 bytes

->Java cache emptied: 0 bytes

->FireFox cache emptied: 3189048 bytes

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 19569 bytes

%systemroot%\System32 .tmp files removed: 2775569 bytes

File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_3e4.dat scheduled to be deleted on reboot.

Windows Temp folder emptied: 1041696 bytes

RecycleBin emptied: 5051193 bytes

Total Files Cleaned = 27,64 mb

OTL by OldTimer - Version 3.0.20.0 log created on 10142009_170942

Files\Folders moved on Reboot...

File\Folder C:\WINDOWS\temp\Perflib_Perfdata_3e4.dat not found!

Registry entries deleted on Reboot...

Ny OTL-logg:

OTL logfile created on: 2009-10-14 17:18:42 - Run 2

OTL by OldTimer - Version 3.0.20.0 Folder = C:\Documents and Settings\Magnus Pettersson\Desktop\Problem skadlig kod\OTL

Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 7.0.5730.11)

Locale: 0000041D | Country: Sverige | Language: SVE | Date Format: yyyy-MM-dd

1023,20 Mb Total Physical Memory | 592,05 Mb Available Physical Memory | 57,86% Memory free

2,40 Gb Paging File | 2,03 Gb Available in Paging File | 84,43% Paging File free

Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 64,73 Gb Total Space | 21,03 Gb Free Space | 32,49% Space Free | Partition Type: FAT32

Drive D: | 43,11 Gb Total Space | 43,07 Gb Free Space | 99,91% Space Free | Partition Type: FAT32

Drive E: | 2,43 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF

F: Drive not present or media not loaded

Drive G: | 8,44 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Computer Name: MAGNUS

Current User Name: Magnus Pettersson

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: Current user

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Magnus Pettersson\Desktop\Problem skadlig kod\OTL\OTL.exe (OldTimer Tools)

PRC - C:\Program Files\ASUS\ASUS Live Update\ALU.exe ()

PRC - C:\Program Files\ASUS\ATK Media\DMEDIA.EXE (ASUSTeK Computer INC.)

PRC - C:\Program Files\ASUS\EZVCR\Agent.exe (ASUS)

PRC - C:\Program Files\ASUS\EZVCR\ASUS_IRAppl.exe (NXP Semiconductors Germany GmbH)

PRC - C:\Program Files\Asus\EZVCR\EZSERVICE.exe ()

PRC - C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe (ASUSTeK Computer Inc.)

PRC - C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)

PRC - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe (ESET)

PRC - C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe (Hewlett-Packard Co.)

PRC - C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe (Hewlett-Packard)

PRC - C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe (Hewlett-Packard Co.)

PRC - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)

PRC - C:\Program Files\HP\HP Software Update\HPWuSchd2.exe (Hewlett-Packard)

PRC - C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe (Intel Corporation)

PRC - C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe (Intel Corporation)

PRC - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe (Intel Corporation)

PRC - C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe (Intel Corporation)

PRC - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe (Intel Corporation)

PRC - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe (Intel Corporation )

PRC - C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe (Intel Corporation)

PRC - C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)

PRC - C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)

PRC - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)

PRC - C:\Program Files\Skype\Phone\Skype.exe ()

PRC - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)

PRC - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe (TOSHIBA CORPORATION.)

PRC - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtBty.exe (TOSHIBA CORPORATION.)

PRC - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe (TOSHIBA CORPORATION.)

PRC - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe (TOSHIBA CORPORATION.)

PRC - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe (TOSHIBA CORPORATION.)

PRC - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe (TOSHIBA CORPORATION.)

PRC - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe (TOSHIBA CORPORATION.)

PRC - C:\Program Files\Wireless Console 2\wcourier.exe ()

PRC - C:\WINDOWS\ATK0100\ATKOSD.exe ()

PRC - C:\WINDOWS\ATK0100\HControl.exe ()

PRC - C:\WINDOWS\eHome\ehmsas.exe (Microsoft Corporation)

PRC - C:\WINDOWS\eHome\ehRecvr.exe (Microsoft Corporation)

PRC - C:\WINDOWS\eHome\ehSched.exe (Microsoft Corporation)

PRC - C:\WINDOWS\ehome\ehtray.exe (Microsoft Corporation)

PRC - C:\WINDOWS\ehome\mcrdsvc.exe (Microsoft Corporation)

PRC - C:\WINDOWS\Explorer.EXE (Microsoft Corporation)

PRC - C:\WINDOWS\RTHDCPL.EXE (Realtek Semiconductor Corp.)

PRC - C:\WINDOWS\sm56hlpr.exe (Motorola Inc.)

PRC - C:\WINDOWS\System32\nvsvc32.exe (NVIDIA Corporation)

PRC - C:\WINDOWS\System32\wscntfy.exe (Microsoft Corporation)

========== Win32 Services (SafeList) ==========

SRV - (aspnet_state [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe (Microsoft Corporation)

SRV - (ehRecvr [Auto | Running]) -- C:\WINDOWS\eHome\ehRecvr.exe (Microsoft Corporation)

SRV - (ehSched [Auto | Running]) -- C:\WINDOWS\eHome\ehSched.exe (Microsoft Corporation)

SRV - (EhttpSrv [On_Demand | Stopped]) -- C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe (ESET)

SRV - (ekrn [Auto | Running]) -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe (ESET)

SRV - (EvtEng [Auto | Running]) -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe (Intel Corporation)

SRV - (EZSERVICE [Auto | Running]) -- C:\Program Files\Asus\EZVCR\EZSERVICE.exe ()

SRV - (helpsvc [Auto | Running]) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)

SRV - (hpqcxs08 [On_Demand | Running]) -- C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll (Hewlett-Packard Co.)

SRV - (hpqddsvc [Auto | Running]) -- C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll (Hewlett-Packard Co.)

SRV - (IDriverT [On_Demand | Stopped]) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe (Macrovision Corporation)

SRV - (JavaQuickStarterService [Auto | Running]) -- C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)

SRV - (McrdSvc [Auto | Running]) -- C:\WINDOWS\ehome\mcrdsvc.exe (Microsoft Corporation)

SRV - (MHN [On_Demand | Stopped]) -- C:\WINDOWS\System32\mhn.dll (Microsoft Corporation)

SRV - (Net Driver HPZ12 [Auto | Running]) -- C:\WINDOWS\System32\HPZinw12.dll (Hewlett-Packard)

SRV - (NVSvc [Auto | Running]) -- C:\WINDOWS\System32\nvsvc32.exe (NVIDIA Corporation)

SRV - (ose [On_Demand | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)

SRV - (Pml Driver HPZ12 [Auto | Running]) -- C:\WINDOWS\System32\HPZipm12.dll (Hewlett-Packard)

SRV - (RegSrvc [Auto | Running]) -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe (Intel Corporation)

SRV - (S24EventMonitor [Auto | Running]) -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe (Intel Corporation )

SRV - (WMPNetworkSvc [On_Demand | Stopped]) -- C:\Program Files\Windows Media Player\WMPNetwk.exe (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV - (AegisP [Auto | Running]) -- C:\WINDOWS\System32\DRIVERS\AegisP.sys (Meetinghouse Data Communications)

DRV - (eamon [Auto | Running]) -- C:\WINDOWS\System32\DRIVERS\eamon.sys (ESET)

DRV - (easdrv [system | Running]) -- C:\WINDOWS\System32\DRIVERS\easdrv.sys (ESET)

DRV - (epfwtdir [system | Running]) -- C:\WINDOWS\System32\DRIVERS\epfwtdir.sys ()

DRV - (HDAudBus [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\HDAudBus.sys (Windows ® Server 2003 DDK provider)

DRV - (HPZid412 [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\HPZid412.sys (HP)

DRV - (HPZipr12 [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\HPZipr12.sys (HP)

DRV - (HPZius12 [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\HPZius12.sys (HP)

DRV - (hwdatacard [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\ewusbmdm.sys (Huawei Technologies Co., Ltd.)

DRV - (IntcAzAudAddService [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)

DRV - (MODEMCSA [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\MODEMCSA.sys (Microsoft Corporation)

DRV - (MPE [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\MPE.sys (Microsoft Corporation)

DRV - (MTsensor [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\ATKACPI.sys ()

DRV - (NPF [On_Demand | Stopped]) -- C:\WINDOWS\System32\drivers\NPF.sys (CACE Technologies)

DRV - (nv [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\nv4_mini.sys (NVIDIA Corporation)

DRV - (Ptilink [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys (Parallel Technologies, Inc.)

DRV - (PxHelp20 [boot | Running]) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys (Sonic Solutions)

DRV - (rimmptsk [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\rimmptsk.sys (REDC)

DRV - (rimsptsk [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\rimsptsk.sys (REDC)

DRV - (RTL8023xp [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\Rtenicxp.sys (Realtek Semiconductor Corporation )

DRV - (s24trans [Auto | Running]) -- C:\WINDOWS\System32\DRIVERS\s24trans.sys (Intel Corporation)

DRV - (Secdrv [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)

DRV - (smserial [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\smserial.sys (Motorola Inc.)

DRV - (SynMini [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\SynMini.sys (Syntek America Inc.)

DRV - (SynScan [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\SynScan.sys (Syntek America Inc.)

DRV - (SynTP [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\SynTP.sys (Synaptics, Inc.)

DRV - (toshidpt [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\Toshidpt.sys (TOSHIBA Corporation.)

DRV - (tosporte [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\tosporte.sys (TOSHIBA Corporation)

DRV - (Tosrfbd [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\tosrfbd.sys (TOSHIBA CORPORATION)

DRV - (Tosrfbnp [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\tosrfbnp.sys (TOSHIBA Corporation)

DRV - (Tosrfcom [system | Running]) -- C:\WINDOWS\System32\Drivers\tosrfcom.sys (TOSHIBA Corporation)

DRV - (Tosrfhid [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\Tosrfhid.sys (TOSHIBA Corporation.)

DRV - (tosrfnds [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\tosrfnds.sys (TOSHIBA Corporation.)

DRV - (TosRfSnd [On_Demand | Stopped]) -- C:\WINDOWS\System32\drivers\TosRfSnd.sys (TOSHIBA Corporation)

DRV - (Tosrfusb [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\tosrfusb.sys (TOSHIBA CORPORATION)

DRV - (u3kmini [On_Demand | Stopped]) -- C:\WINDOWS\System32\Drivers\u3kmini.sys (ASUSTeK)

DRV - (w39n51 [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\w39n51.sys (Intel® Corporation)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.asus.com/

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Google"

FF - prefs.js..browser.search.defaulturl: "http://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q="

FF - prefs.js..browser.search.selectedEngine: "Google"

FF - prefs.js..browser.search.update: false

FF - HKLM\software\mozilla\Firefox\extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009-04-08 21:01:28 | 00,000,000 | ---D | M]

[2007-07-31 23:29:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Magnus Pettersson\Application Data\mozilla\Firefox\Profiles\470uf1fu.default\extensions

[2007-07-31 23:36:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Magnus Pettersson\Application Data\mozilla\Firefox\Profiles\470uf1fu.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}

[2007-07-31 23:36:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Magnus Pettersson\Application Data\mozilla\Firefox\Profiles\470uf1fu.default\extensions\sv@dictionaries.addons.mozilla.org

O1 HOSTS File: (734 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)

O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)

O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)

O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.

O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.

O4 - HKLM..\Run: [ABLKSR] C:\WINDOWS\ABLKSR\ABLKSR.exe (ASYSTeK Computer INC.)

O4 - HKLM..\Run: [ASUS Live Update] C:\Program Files\ASUS\ASUS Live Update\ALU.exe ()

O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMEDIA.EXE (ASUSTeK Computer INC.)

O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)

O4 - HKLM..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe (Microsoft Corporation)

O4 - HKLM..\Run: [EOUApp] C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe (Intel Corporation)

O4 - HKLM..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe ()

O4 - HKLM..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe (Hewlett-Packard)

O4 - HKLM..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe (Hewlett-Packard)

O4 - HKLM..\Run: [intelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe (Intel Corporation)

O4 - HKLM..\Run: [intelZeroConfig] C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe (Intel Corporation)

O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)

O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\System32\NeroCheck.exe (Ahead Software Gmbh)

O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)

O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()

O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)

O4 - HKLM..\Run: [Power_Gear] C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe (ASUSTeK Computer Inc.)

O4 - HKLM..\Run: [RTHDCPL] C:\WINDOWS\RTHDCPL.EXE (Realtek Semiconductor Corp.)

O4 - HKLM..\Run: [sMSERIAL] C:\WINDOWS\sm56hlpr.exe (Motorola Inc.)

O4 - HKLM..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)

O4 - HKLM..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)

O4 - HKLM..\Run: [Wireless Console 2] C:\Program Files\Wireless Console 2\wcourier.exe ()

O4 - HKCU..\Run: [MSMSGS] C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)

O4 - HKCU..\Run: [skype] C:\Program Files\Skype\Phone\Skype.exe ()

O4 - HKCU..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe (Adobe Systems Incorporated)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth Manager.lnk = C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng1.exe ()

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)

O4 - Startup: C:\Documents and Settings\Magnus Pettersson\Start Menu\Programs\Startup\Registration Heroes of Might & Magic 5.LNK = C:\Program Files\Ubisoft\Heroes of Might and Magic V\registration\RegistrationReminder.exe ()

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O8 - Extra context menu item: E&xportera till Microsoft Excel - C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)

O8 - Extra context menu item: Easy-WebPrint Add To Print List - C:\Program Files\Canon\Easy-WebPrint\Resource.dll File not found

O8 - Extra context menu item: Easy-WebPrint High Speed Print - C:\Program Files\Canon\Easy-WebPrint\Resource.dll File not found

O8 - Extra context menu item: Easy-WebPrint Preview - C:\Program Files\Canon\Easy-WebPrint\Resource.dll File not found

O8 - Extra context menu item: Easy-WebPrint Print - C:\Program Files\Canon\Easy-WebPrint\Resource.dll File not found

O9 - Extra Button: Referensinformation - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)

O9 - Extra Button: HP Smart markering - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)

O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)

O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)

O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/5/b/0/5b0d4654-aa20-495c-b89f-c1c34c691085/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)

O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} http://www.eset.eu/buxus/docs/OnlineScanner.cab (OnlineScanner Control)

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1182372911921 (WUWebControl Class)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)

O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)

O16 - DPF: {9478041E-CAEC-44A5-8271-B56799715926} http://clients.theshining.se/colorapp/ColorAppOnline.cab (ColorApplication Control)

O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)

O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\ipp - No CLSID value found

O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp - No CLSID value found

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)

O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)

O24 - Desktop Components:0 (My Current Home Page) - About:Home

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2006-12-26 22:25:00 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ FAT32 ]

O32 - AutoRun File - [2006-04-11 16:15:11 | 00,323,584 | R--- | M] (Nival Interactive) - E:\Autorun.exe -- [ UDF ]

O32 - AutoRun File - [2006-04-11 16:15:11 | 00,323,584 | R--- | M] (Nival Interactive) - E:\AutoRun.exe -- [ UDF ]

O32 - AutoRun File - [2006-04-05 17:38:16 | 00,050,534 | R--- | M] () - E:\AutoRun.ico -- [ UDF ]

O32 - AutoRun File - [2003-03-14 13:03:15 | 00,000,047 | R--- | M] () - E:\autorun.inf -- [ UDF ]

O32 - AutoRun File - [2007-07-14 16:28:32 | 00,106,496 | R--- | M] (Huawei Technologies Co., Ltd.) - G:\AutoRun.exe -- [ CDFS ]

O32 - AutoRun File - [2007-08-17 17:37:06 | 00,000,046 | R--- | M] () - G:\AUTORUN.INF -- [ CDFS ]

O33 - MountPoints2\{0369b9e0-85a9-11dc-a93d-0018f37187dd}\Shell - "" = AutoRun

O33 - MountPoints2\{0369b9e0-85a9-11dc-a93d-0018f37187dd}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found

O33 - MountPoints2\{288262f2-8817-11dc-a94b-0018f37187dd}\Shell - "" = AutoRun

O33 - MountPoints2\{288262f2-8817-11dc-a94b-0018f37187dd}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found

O33 - MountPoints2\{560da63c-79fc-11dd-acb6-0018f37187dd}\Shell - "" = AutoRun

O33 - MountPoints2\{560da63c-79fc-11dd-acb6-0018f37187dd}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found

O33 - MountPoints2\{569e22b2-66f0-11dd-ac6d-0018f37187dd}\Shell - "" = AutoRun

O33 - MountPoints2\{569e22b2-66f0-11dd-ac6d-0018f37187dd}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found

O33 - MountPoints2\{569e22b4-66f0-11dd-ac6d-0018f37187dd}\Shell - "" = AutoRun

O33 - MountPoints2\{569e22b4-66f0-11dd-ac6d-0018f37187dd}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found

O33 - MountPoints2\{7f6d57ba-c10b-11dd-adae-0018f37187dd}\Shell\AutoRun\command - "" = C:\WINDOWS\System32\url.DLL -- [2009-06-29 18:12:18 | 00,105,984 | ---- | M] (Microsoft Corporation)

O33 - MountPoints2\{7f6d57ba-c10b-11dd-adae-0018f37187dd}\Shell\verb0\command - "" = F:\EClient.exe -- File not found

O33 - MountPoints2\{7f6d57ba-c10b-11dd-adae-0018f37187dd}\Shell\verb1\command - "" = F:\Gupdate.exe -- File not found

O33 - MountPoints2\{7f6d57ba-c10b-11dd-adae-0018f37187dd}\Shell\verb2\command - "" = F:\Gupdate.exe -- File not found

O33 - MountPoints2\{84ec29f8-c000-11dc-aa17-0018f37187dd}\Shell - "" = AutoRun

O33 - MountPoints2\{84ec29f8-c000-11dc-aa17-0018f37187dd}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found

O33 - MountPoints2\{84ec29f9-c000-11dc-aa17-0018f37187dd}\Shell - "" = AutoRun

O33 - MountPoints2\{84ec29f9-c000-11dc-aa17-0018f37187dd}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found

O33 - MountPoints2\{916b22aa-6ecb-11dc-a8f3-0018f37187dd}\Shell - "" = AutoRun

O33 - MountPoints2\{916b22aa-6ecb-11dc-a8f3-0018f37187dd}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found

O33 - MountPoints2\{916b22ab-6ecb-11dc-a8f3-0018f37187dd}\Shell - "" = AutoRun

O33 - MountPoints2\{916b22ab-6ecb-11dc-a8f3-0018f37187dd}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found

O33 - MountPoints2\{a66a4624-254a-11dc-a812-0018de78ef7a}\Shell - "" = AutoRun

O33 - MountPoints2\{a66a4624-254a-11dc-a812-0018de78ef7a}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found

O33 - MountPoints2\{a66a4625-254a-11dc-a812-0018de78ef7a}\Shell - "" = AutoRun

O33 - MountPoints2\{a66a4625-254a-11dc-a812-0018de78ef7a}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found

O33 - MountPoints2\{aaaefd92-8bd9-11dc-a95a-0018f37187dd}\Shell - "" = AutoRun

O33 - MountPoints2\{aaaefd92-8bd9-11dc-a95a-0018f37187dd}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found

O33 - MountPoints2\{aaaefd93-8bd9-11dc-a95a-0018f37187dd}\Shell - "" = AutoRun

O33 - MountPoints2\{aaaefd93-8bd9-11dc-a95a-0018f37187dd}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found

O33 - MountPoints2\{ae7706ce-8c72-11dc-a95e-0018f37187dd}\Shell - "" = AutoRun

O33 - MountPoints2\{ae7706ce-8c72-11dc-a95e-0018f37187dd}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found

O33 - MountPoints2\{b2f5be3a-85aa-11dc-a93e-0018f37187dd}\Shell - "" = AutoRun

O33 - MountPoints2\{b2f5be3a-85aa-11dc-a93e-0018f37187dd}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found

O33 - MountPoints2\{b58a0cb0-15a6-11dc-a7e9-0018de78ef7a}\Shell - "" = AutoRun

O33 - MountPoints2\{b58a0cb0-15a6-11dc-a7e9-0018de78ef7a}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found

O33 - MountPoints2\{b58a0cb1-15a6-11dc-a7e9-0018de78ef7a}\Shell - "" = AutoRun

O33 - MountPoints2\{b58a0cb1-15a6-11dc-a7e9-0018de78ef7a}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found

O33 - MountPoints2\{bd84c2f8-1f4b-11dc-a7fc-0018de78ef7a}\Shell - "" = AutoRun

O33 - MountPoints2\{bd84c2f8-1f4b-11dc-a7fc-0018de78ef7a}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found

O33 - MountPoints2\{bd84c2f9-1f4b-11dc-a7fc-0018de78ef7a}\Shell - "" = AutoRun

O33 - MountPoints2\{bd84c2f9-1f4b-11dc-a7fc-0018de78ef7a}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found

O33 - MountPoints2\{de0a9c8e-8c3b-11dc-a95d-0018f37187dd}\Shell - "" = AutoRun

O33 - MountPoints2\{de0a9c8e-8c3b-11dc-a95d-0018f37187dd}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found

O33 - MountPoints2\{de0a9c8f-8c3b-11dc-a95d-0018f37187dd}\Shell - "" = AutoRun

O33 - MountPoints2\{de0a9c8f-8c3b-11dc-a95d-0018f37187dd}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found

O33 - MountPoints2\{df7fe310-fac3-11dd-ae5f-0018f37187dd}\Shell - "" = AutoRun

O33 - MountPoints2\{df7fe310-fac3-11dd-ae5f-0018f37187dd}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found

O33 - MountPoints2\F\Shell - "" = AutoRun

O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found

O33 - MountPoints2\G\Shell - "" = AutoRun

O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\AutoRun.exe -- [2007-07-14 16:28:32 | 00,106,496 | R--- | M] (Huawei Technologies Co., Ltd.)

O34 - HKLM BootExecute: (autocheck) - File not found

O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)

O34 - HKLM BootExecute: (*) - File not found

O35 - comfile [open] -- "%1" %* File not found

O35 - exefile [open] -- "%1" %* File not found

========== Files/Folders - Created Within 30 Days ==========

[2009-10-14 17:09:42 | 00,000,000 | ---D | C] -- C:\_OTL

[2009-10-14 14:37:03 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Magnus Pettersson\Desktop\WebbTek1

[2009-10-14 14:20:55 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Magnus Pettersson\Desktop\Problem skadlig kod

[2009-10-13 07:41:33 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Magnus Pettersson\Desktop\qw

[2009-10-13 07:40:34 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Magnus Pettersson\Desktop\Ny info bilpool

========== Files - Modified Within 30 Days ==========

[2009-10-14 17:13:44 | 00,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2009-10-14 17:11:42 | 00,050,868 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml

[2009-10-14 17:11:38 | 00,039,942 | ---- | M] () -- C:\WINDOWS\ezvcr.ini

[2009-10-14 17:11:36 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT

[2009-10-14 17:11:34 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2009-10-14 17:11:30 | 10,729,75872 | -HS- | M] () -- C:\hiberfil.sys

[2009-10-14 17:02:04 | 00,004,848 | ---- | M] () -- C:\Documents and Settings\Magnus Pettersson\Desktop\alltomxp.se och alltomvista.se.url

[2009-10-14 14:39:46 | 00,000,257 | ---- | M] () -- C:\Documents and Settings\Magnus Pettersson\Desktop\Microsoft ISA Server 2006.url

[2009-10-11 23:07:26 | 00,001,452 | ---- | M] () -- C:\Documents and Settings\Magnus Pettersson\Desktop\CCleaner.lnk

[2009-10-11 20:32:20 | 00,000,728 | ---- | M] () -- C:\Documents and Settings\Magnus Pettersson\Desktop\Boka bilpoolsbil.url

[2009-10-10 08:08:46 | 00,000,332 | ---- | M] () -- C:\WINDOWS\tasks\WebReg HP Deskjet F4200 series.job

[2009-10-09 13:07:20 | 00,027,136 | ---- | M] () -- C:\Documents and Settings\Magnus Pettersson\Desktop\Instruktion redigering hemvården.doc

[2009-10-09 09:14:08 | 00,001,092 | ---- | M] () -- C:\Documents and Settings\Magnus Pettersson\Start Menu\Programs\Startup\Registration Heroes of Might & Magic 5.LNK

[2009-10-07 18:04:16 | 00,000,345 | ---- | M] () -- C:\Documents and Settings\Magnus Pettersson\Desktop\Lunds bilpool.url

[2009-09-30 10:04:08 | 01,578,786 | -H-- | M] () -- C:\Documents and Settings\Magnus Pettersson\Local Settings\Application Data\IconCache.db

[2009-09-22 23:39:56 | 00,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini

========== Files - No Company Name ==========

[2009-10-13 09:31:38 | 00,004,848 | ---- | C] () -- C:\Documents and Settings\Magnus Pettersson\Desktop\alltomxp.se och alltomvista.se.url

[2009-10-10 08:08:43 | 00,000,332 | ---- | C] () -- C:\WINDOWS\tasks\WebReg HP Deskjet F4200 series.job

[2009-10-09 13:07:19 | 00,027,136 | ---- | C] () -- C:\Documents and Settings\Magnus Pettersson\Desktop\Instruktion redigering hemvården.doc

[2009-10-02 13:21:26 | 00,001,092 | ---- | C] () -- C:\Documents and Settings\Magnus Pettersson\Start Menu\Programs\Startup\Registration Heroes of Might & Magic 5.LNK

[2009-03-13 03:02:53 | 00,000,206 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI

[2009-02-09 00:23:23 | 00,001,630 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log

[2008-10-24 20:53:28 | 00,034,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\epfwtdir.sys

[2008-09-29 09:40:31 | 00,086,016 | ---- | C] () -- C:\WINDOWS\System32\custmon32.dll

[2008-08-23 12:18:54 | 00,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll

[2008-08-23 12:18:53 | 00,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll

[2008-08-23 12:18:50 | 00,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll

[2008-02-11 09:39:26 | 00,253,952 | ---- | C] () -- C:\WINDOWS\System32\OnlineScannerDLLA.dll

[2008-02-11 09:39:18 | 00,237,568 | ---- | C] () -- C:\WINDOWS\System32\OnlineScannerDLLW.dll

[2008-02-08 13:53:46 | 00,110,592 | ---- | C] () -- C:\WINDOWS\System32\OnlineScannerLang.dll

[2007-12-18 20:09:40 | 00,039,942 | ---- | C] () -- C:\WINDOWS\ezvcr.ini

[2007-10-12 23:20:06 | 00,151,417 | ---- | C] () -- C:\WINDOWS\System32\xlive.dll.cat

[2007-07-27 14:49:02 | 00,225,355 | ---- | C] () -- C:\WINDOWS\System32\lnod32apiW.dll

[2007-07-27 14:49:02 | 00,196,683 | ---- | C] () -- C:\WINDOWS\System32\lnod32apiA.dll

[2007-07-25 05:54:32 | 00,008,962 | ---- | C] () -- C:\WINDOWS\gcspro.ini

[2007-07-18 00:28:06 | 00,000,000 | ---- | C] () -- C:\WINDOWS\tosOBEX.INI

[2007-05-21 04:26:09 | 00,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini

[2007-03-21 12:47:25 | 00,020,192 | ---- | C] () -- C:\Documents and Settings\Magnus Pettersson\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

[2007-03-14 22:43:57 | 00,108,032 | ---- | C] () -- C:\Documents and Settings\Magnus Pettersson\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2007-02-11 16:34:59 | 00,000,140 | ---- | C] () -- C:\Documents and Settings\Magnus Pettersson\Local Settings\Application Data\fusioncache.dat

[2007-02-05 12:21:45 | 00,000,374 | ---- | C] () -- C:\WINDOWS\ODBC.INI

[2007-01-09 05:05:54 | 00,006,656 | ---- | C] () -- C:\WINDOWS\System32\CNMVS58.DLL

[2007-01-09 01:51:30 | 00,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI

[2006-12-26 23:00:24 | 00,135,168 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll

[2006-12-26 22:29:15 | 00,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini

[2006-12-26 22:17:03 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\desktop.ini

[2006-12-26 17:39:49 | 01,578,786 | -H-- | C] () -- C:\Documents and Settings\Magnus Pettersson\Local Settings\Application Data\IconCache.db

[2006-12-26 17:39:49 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\Magnus Pettersson\Application Data\desktop.ini

[2006-12-26 16:27:07 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini

[2006-09-18 16:09:09 | 00,007,424 | ---- | C] () -- C:\WINDOWS\System32\drivers\MMIOPORT.SYS

[2006-09-18 16:09:09 | 00,002,538 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI

[2006-09-18 16:07:32 | 00,000,669 | ---- | C] () -- C:\WINDOWS\win.ini

[2006-09-18 16:07:30 | 00,000,231 | ---- | C] () -- C:\WINDOWS\system.ini

[2006-05-17 22:28:14 | 00,016,031 | ---- | C] () -- C:\WINDOWS\System32\SETUP.INI

[2006-04-23 01:00:10 | 00,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll

[2006-03-16 22:15:59 | 01,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll

[2006-03-16 22:15:59 | 01,466,368 | ---- | C] () -- C:\WINDOWS\System32\nview.dll

[2006-03-16 22:15:59 | 01,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll

[2006-03-16 22:15:59 | 00,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll

[2006-03-16 22:15:59 | 00,098,304 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll

[2006-01-02 19:16:31 | 00,000,010 | ---- | C] () -- C:\WINDOWS\System32\ABLKSR.ini

[2005-12-05 19:25:22 | 00,139,264 | ---- | C] () -- C:\WINDOWS\System32\lnod32umc.dll

[2005-12-05 12:37:10 | 00,106,496 | ---- | C] () -- C:\WINDOWS\System32\lnod32upd.dll

[2005-09-02 14:44:08 | 00,110,592 | ---- | C] () -- C:\WINDOWS\System32\TosBtAcc.dll

[2005-08-05 14:01:54 | 00,235,008 | ---- | C] () -- C:\WINDOWS\System32\PsisDecd.dll

[2005-07-22 21:30:20 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\TosCommAPI.dll

[2005-02-17 08:07:47 | 00,005,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\ATKACPI.sys

[2004-07-20 17:04:02 | 00,094,208 | ---- | C] () -- C:\WINDOWS\System32\TosBtHcrpAPI.dll

[2004-01-15 14:43:28 | 00,114,688 | ---- | C] () -- C:\WINDOWS\System32\TBTMonUI.dll

[2003-04-08 11:35:24 | 00,005,414 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== LOP Check ==========

[2006-12-26 22:17:04 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\All Users\Application Data

[2007-04-27 17:09:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CyberLink

[2009-02-08 00:03:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ESET

[2007-07-25 15:24:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\espionServerData

[2007-06-08 14:25:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\fssg

[2007-08-19 23:35:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GlobalSCAPE

[2006-12-26 23:18:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Intel

[2006-12-26 22:31:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SBSI

[2008-09-29 09:58:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP

[2006-12-26 22:17:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Magnus Pettersson\Application Data

[2008-06-17 18:49:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Magnus Pettersson\Application Data\ColorAppOnline

[2007-04-27 17:09:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Magnus Pettersson\Application Data\CyberLink

[2007-06-08 14:36:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Magnus Pettersson\Application Data\F-Secure

[2008-12-09 09:15:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Magnus Pettersson\Application Data\ICAClient

[2006-12-26 23:19:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Magnus Pettersson\Application Data\Intel

[2007-04-21 14:56:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Magnus Pettersson\Application Data\Mina Ringarnas herre - Häxkungens tid-filer

[2008-09-14 14:43:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Magnus Pettersson\Application Data\Mina Slaget om Midgård-filer

[2006-12-26 18:10:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Magnus Pettersson\Application Data\Mina Slaget om Midgård II-filer

[2009-09-01 02:08:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Magnus Pettersson\Application Data\MSA

[2007-07-24 21:29:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Magnus Pettersson\Application Data\Opera

[2007-12-29 20:56:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Magnus Pettersson\Application Data\Petroglyph

[2007-04-21 09:20:04 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Magnus Pettersson\Application Data\SecuROM

[2007-08-26 22:57:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Magnus Pettersson\Application Data\U3

[2006-03-16 02:00:00 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\desktop.ini

[2009-10-14 17:11:36 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT

[2009-10-10 08:08:46 | 00,000,332 | ---- | M] () -- C:\WINDOWS\Tasks\WebReg HP Deskjet F4200 series.job

========== Purity Check ==========

< End of report >

Link to comment
Share on other sites

Jo tack, datorn mår för tillfället riktigt bra - inga konstigheter än så länge ... :)

Den senaste HijackThis-loggen:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 18:20:05, on 2009-10-14

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16876)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\eHome\ehRecvr.exe

C:\WINDOWS\eHome\ehSched.exe

C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe

C:\Program Files\Asus\EZVCR\EZSERVICE.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Program Files\ASUS\EZVCR\Agent.exe

C:\Program Files\ASUS\EZVCR\ASUS_IRAppl.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\ATK0100\HControl.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\WINDOWS\ehome\ehtray.exe

C:\WINDOWS\sm56hlpr.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Program Files\ASUS\ASUS Live Update\ALU.exe

C:\Program Files\Wireless Console 2\wcourier.exe

C:\Program Files\ASUS\ATK Media\DMEDIA.EXE

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe

C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe

C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe

C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe

C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe

C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Skype\Phone\Skype.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtBty.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe

C:\WINDOWS\ATK0100\ATKOSD.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe

C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe

C:\WINDOWS\system32\dllhost.exe

C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe

C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe

C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe

C:\WINDOWS\eHome\ehmsas.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Program Files\Trend Micro\HijackThis\mape.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.asus.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

O4 - HKLM\..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe

O4 - HKLM\..\Run: [sMSERIAL] C:\WINDOWS\sm56hlpr.exe

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [ASUS Live Update] C:\Program Files\ASUS\ASUS Live Update\ALU.exe

O4 - HKLM\..\Run: [Wireless Console 2] C:\Program Files\Wireless Console 2\wcourier.exe

O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMEDIA.EXE

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [ABLKSR] C:\WINDOWS\ABLKSR\ABLKSR.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [Power_Gear] C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe 1

O4 - HKLM\..\Run: [intelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"

O4 - HKLM\..\Run: [intelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless

O4 - HKLM\..\Run: [EOUApp] "C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe"

O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\Run: [toucoofu] C:\Documents and Settings\LocalService\Application Data\Microsoft\daquupu.exe (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Startup: Registration Heroes of Might & Magic 5.LNK = C:\Program Files\Ubisoft\Heroes of Might and Magic V\registration\RegistrationReminder.exe

O4 - Global Startup: Bluetooth Manager.lnk = ?

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html

O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html

O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html

O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html

O9 - Extra button: Referensinformation - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: HP Smart markering - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O14 - IERESET.INF: START_PAGE_URL=http://www.asus.com

O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1182372911921

O16 - DPF: {9478041E-CAEC-44A5-8271-B56799715926} (ColorApplication Control) - http://clients.theshining.se/colorapp/ColorAppOnline.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe

O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe

O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

O23 - Service: EZSERVICE - Unknown owner - C:\Program Files\Asus\EZVCR\EZSERVICE.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

--

End of file - 9975 bytes

Link to comment
Share on other sites

Det var väl så att du inte hade kvar någon Canon-skrivare och därför inte ville ha kvar menyvalet för Easy-WebPrint i Internet Explorer. Har du kollat om det programmet finns i Lägg till eller ta bort program?

Nu återstår en sista städomgång.

1. Ta bort samtliga systemåterställningspunkter eftersom dessa kan vara infekterade. Du gör det genom att stänga av systemåterställningsfunktionen, starta om datorn och så slå på funktionen igen. Skapa sedan en ny punkt.

Systemåterställningsfunktionen slår man av och på här:

Högerklick på Den här datorn - Egenskaper - Systemåterställning

2. Starta OTL

Tryck på knappen CleanUp och programmet avinstalleras efter en omstart av datorn.

3. Byt alla lösenord som du använder i datorn och på internet eftersom dessa kan ha kommit i orätta händer.

http://mnin.blogspot.com/2009/02/why-i-enjoyed-tiggersyzor.html beskriver ett skadligt program som spionerar genom att ta skärmbilder, logga tangentbordsnedtryckningar och läsa lösenord som är lagrade i webbläsare, epostprogram etc.

4. Förbättra skyddet i datorn, se mina Råd för en säkrare dator. http://ceblstockholm.googlepages.com/home

PS. Online-skanningar är bra, men man ska inte göra det hos tillverkaren av det antivirusprogram man har installerat utan hos någon annan eftersom olika antivirusprogram upptäcker olika saker.

Link to comment
Share on other sites

Det var väl så att du inte hade kvar någon Canon-skrivare och därför inte ville ha kvar menyvalet för Easy-WebPrint i Internet Explorer. Har du kollat om det programmet finns i Lägg till eller ta bort program?

Ja, skrivaren är borta och mjukvaran avinstallerades mha avinstallationshjälpen som fanns i Canonkatalogen under Startmenyn. Det finns inget menyval kvar för Easy-WebPrint i Internet Explorer heller.

Dock, har du rätt i att Easy-WebPrint finns kvar i Lägg till eller ta bort program - men det gick inte att utföra någon borttagning där. Anledningen till detta var: "Unable to locate installation log file ´C:\Program Files\Canon\Easy-WebPrint\Uninst.isu". Letar jag i Program Files finns ingen Canon-katalog kvar.

Hur gör man i ett sådant här läge? Skulle passa bra innan "slutstädningen" :)

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
 Share