Just nu i M3-nätverket
Jump to content

Ovanligt många Popup-fönster


Isak E

Recommended Posts

Jag har börjat få ovanligt många popup-fönster på sista tiden. Och ibland när jag googlar på något och klickar på länken så kommer jag till en helt annorlunda sida eller bara tillbaka till Googles hemsida.. Mkt konstigt, några förslag på åtgärd? Det kan kanske vara ett virus?

Tacksam för svar.

 

Link to comment
Share on other sites

Ja, det låter som en infekterad dator. Vi kan se om HijackThis visar något till att börja med. Ladda ner från en av länkarna:

http://www.trendsecure.com/portal/en-US/_download/HJTInstall.exe

http://www.download.com/Trend-Micro-HijackThis/3000-8022_4-10227353.html

Installera, starta och välj "Do a system scan and save a logfile", kopiera loggen som kommer upp (inget annat).

 

I ditt svar bifogar du HijackThis-loggen på detta sätt:

Tryck på LOG-knappen i Besvara-fönstret

Klistra in loggen

Tryck igen på LOG-knappen

 

Link to comment
Share on other sites

Här kommer loggen:

 

[log]Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 11:53:01, on 2009-01-02

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16762)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program\Delade filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program\Bonjour\mDNSResponder.exe

C:\Program\Telia\Telias sakerhetstjanster\Anti-Virus\fsgk32st.exe

C:\Program\Telia\Telias sakerhetstjanster\Common\FSMA32.EXE

C:\Program\Telia\Telias sakerhetstjanster\Anti-Virus\FSGK32.EXE

C:\Program\Java\jre6\bin\jqs.exe

C:\Program\Telia\Telias sakerhetstjanster\Common\FSMB32.EXE

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\WINDOWS\Explorer.EXE

C:\Program\Telia\Telias sakerhetstjanster\Common\FCH32.EXE

C:\WINDOWS\system32\svchost.exe

C:\Program\Telia\Telias sakerhetstjanster\Common\FAMEH32.EXE

C:\Program\Telia\Telias sakerhetstjanster\Anti-Virus\fsqh.exe

C:\Program\Telia\Telias sakerhetstjanster\FSAUA\program\fsaua.exe

C:\Program\Telia\Telias sakerhetstjanster\Anti-Virus\fssm32.exe

C:\Program\Telia\Telias sakerhetstjanster\FWES\Program\fsdfwd.exe

C:\Program\Delade filer\Sonic\Update Manager\sgtray.exe

C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe

C:\Program\Hewlett-Packard\HP Software Update\HPWuSchd2.exe

C:\Program\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe

C:\Program\Telia\Telias sakerhetstjanster\Common\FSM32.EXE

C:\WINDOWS\CTHELPER.EXE

C:\WINDOWS\system32\iid.exe

C:\Program\Telia\Telias sakerhetstjanster\FSGUI\fsguidll.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Program\iTunes\iTunesHelper.exe

C:\Program\Java\jre6\bin\jusched.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program\OLYMPUS\OLYMPUS Master\Monitor.exe

C:\Program\DAEMON Tools\daemon.exe

C:\Program\Messenger\msmsgs.exe

C:\Program\Telia\Telias sakerhetstjanster\Anti-Virus\fsav32.exe

C:\Program\Personal\bin\Personal.exe

C:\Program\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe

C:\WINDOWS\System32\svchost.exe

C:\Program\Hewlett-Packard\Digital Imaging\bin\hpqimzone.exe

C:\Program\iPod\bin\iPodService.exe

C:\Program\Telia\Telias sakerhetstjanster\FSAUA\program\fsus.exe

C:\Program\Delade filer\Teleca Shared\Generic.exe

C:\Program\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe

C:\Program\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe

C:\Program\Internet Explorer\IEXPLORE.EXE

C:\Program\Delade filer\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\Program\Trend Micro\HijackThis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.se/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896'>http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar

R3 - URLSearchHook: (no name) - {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL

O2 - BHO: Ask Search Assistant BHO - {0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program\Java\jre6\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live inloggningshjälpen - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program\Delade filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program\Google\Google Toolbar\GoogleToolbar.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll

O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O2 - BHO: Ask Toolbar BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program\AskSBar\bar\1.bin\ASKSBAR.DLL

O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program\AskSBar\bar\1.bin\ASKSBAR.DLL

O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program\Google\Google Toolbar\GoogleToolbar.dll

O4 - HKLM\..\Run: [updateManager] "C:\Program\Delade filer\Sonic\Update Manager\sgtray.exe" /r

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe

O4 - HKLM\..\Run: [HP Software Update] C:\Program\Hewlett-Packard\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe

O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program\Telia\Telias sakerhetstjanster\Common\FSM32.EXE" /splash

O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program\Telia\Telias sakerhetstjanster\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW

O4 - HKLM\..\Run: [ATIPTA] C:\Program\ATI Technologies\ATI Control Panel\atiptaxx.exe

O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE

O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE

O4 - HKLM\..\Run: [Net iD] C:\WINDOWS\system32\iid.exe

O4 - HKLM\..\Run: [OM_Monitor] C:\Program\OLYMPUS\OLYMPUS Master\FirstStart.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program\Delade filer\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [sony Ericsson PC Suite] "C:\Program\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [swg] C:\Program\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [GoldMinerSetup.exe] C:\DOWNLO~1\GOLDMI~1.EXE /r

O4 - HKCU\..\Run: [OM_Monitor] C:\Program\OLYMPUS\OLYMPUS Master\Monitor.exe

O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program\DAEMON Tools\daemon.exe" -lang 1033

O4 - HKCU\..\Run: [MSMSGS] "C:\Program\Messenger\msmsgs.exe" /background

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJÄNST')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Startup: Thoosje Vista Sidebar.lnk = C:\Program\Thoosje Vista Sidebar.exe

O4 - Global Startup: BankID säkerhetsprogram.lnk = C:\Program\Personal\bin\Personal.exe

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: HP Photosmart Premier Snabbstart.lnk = C:\Program\Hewlett-Packard\Digital Imaging\bin\hpqthb08.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program\Microsoft Office\Office\OSA9.EXE

O8 - Extra context menu item: &Windows Live Search - res://C:\Program\Windows Live Toolbar\msntb.dll/search.htm

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.srtest.com/srl_bin/sysreqlab_srl.cab

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} (EARTPatchX Class) - http://files.ea.com/downloads/rtpatch/v2/EARTPX.cab

O16 - DPF: {5BF56AD2-E297-416E-BC49-000004040507} - https://cve.trust.telia.com/TeliaEleg/iidsetup.cab

O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab

O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab

O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab57213.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program\DELADE~1\Skype\SKYPE4~1.DLL

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program\Delade filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: Bonjour-tjänst (Bonjour Service) - Apple Inc. - C:\Program\Bonjour\mDNSResponder.exe

O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program\Telia\Telias sakerhetstjanster\Anti-Virus\fsgk32st.exe

O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program\Telia\Telias sakerhetstjanster\FSAUA\program\fsaua.exe

O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program\Telia\Telias sakerhetstjanster\FWES\Program\fsdfwd.exe

O23 - Service: FSMA - F-Secure Corporation - C:\Program\Telia\Telias sakerhetstjanster\Common\FSMA32.EXE

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE

O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program\Delade filer\InstallShield\Driver\1150\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program\iPod\bin\iPodService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program\Java\jre6\bin\jqs.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

 

--

End of file - 12545 bytes

[/log]

 

Link to comment
Share on other sites

Avinstallera Ask Search/Toolbar.

 

Är det här något du känner till?

O4 - HKCU\..\Run: [GoldMinerSetup.exe] C:\DOWNLO~1\GOLDMI~1.EXE /r

 

Ladda ner programmet SmitfraudFix (by S!Ri) till Skrivbordet:

http://siri.urz.free.fr/Fix/SmitfraudFix.exe

XP: Dubbelklicka på den nedladdade filen Smitfraudfix.exe.

Vista: Högerklicka på den nedladdade filen Smitfraudfix.exe och välj Kör som administratör.

Först kommer en uppmaning att trycka på någon tangent så gör det.

Välj sedan alternativ 1 - Search genom att trycka på 1 och Enter.

Programmet kommer att skanna igenom datorn.

När den är klart visas resultatet och programmet har skapat loggfilen C:\rapport.txt.

 

Klistra in innehållet i loggfilen i ditt svar här.

 

Gör inget annat med SmitfraudFix.

 

Link to comment
Share on other sites

Här kommer loggen:

 

[log]SmitFraudFix v2.388

 

Scan done at 12:31:20,15, 2009-01-02

Run from C:\Documents and Settings\Familj\Skrivbord\SmitfraudFix

OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT

The filesystem type is

Fix run in normal mode

 

»»»»»»»»»»»»»»»»»»»»»»»» Process

 

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program\Delade filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program\Bonjour\mDNSResponder.exe

C:\Program\Telia\Telias sakerhetstjanster\Anti-Virus\fsgk32st.exe

C:\Program\Telia\Telias sakerhetstjanster\Common\FSMA32.EXE

C:\Program\Telia\Telias sakerhetstjanster\Anti-Virus\FSGK32.EXE

C:\Program\Java\jre6\bin\jqs.exe

C:\Program\Telia\Telias sakerhetstjanster\Common\FSMB32.EXE

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\WINDOWS\Explorer.EXE

C:\Program\Telia\Telias sakerhetstjanster\Common\FCH32.EXE

C:\WINDOWS\system32\svchost.exe

C:\Program\Telia\Telias sakerhetstjanster\Common\FAMEH32.EXE

C:\Program\Telia\Telias sakerhetstjanster\Anti-Virus\fsqh.exe

C:\Program\Telia\Telias sakerhetstjanster\FSAUA\program\fsaua.exe

C:\Program\Telia\Telias sakerhetstjanster\Anti-Virus\fssm32.exe

C:\Program\Telia\Telias sakerhetstjanster\FWES\Program\fsdfwd.exe

C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe

C:\Program\Hewlett-Packard\HP Software Update\HPWuSchd2.exe

C:\Program\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe

C:\Program\Telia\Telias sakerhetstjanster\Common\FSM32.EXE

C:\WINDOWS\CTHELPER.EXE

C:\WINDOWS\system32\iid.exe

C:\Program\Telia\Telias sakerhetstjanster\FSGUI\fsguidll.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Program\iTunes\iTunesHelper.exe

C:\Program\Java\jre6\bin\jusched.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program\OLYMPUS\OLYMPUS Master\Monitor.exe

C:\Program\DAEMON Tools\daemon.exe

C:\Program\Messenger\msmsgs.exe

C:\Program\Telia\Telias sakerhetstjanster\Anti-Virus\fsav32.exe

C:\Program\Personal\bin\Personal.exe

C:\Program\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe

C:\WINDOWS\System32\svchost.exe

C:\Program\Hewlett-Packard\Digital Imaging\bin\hpqimzone.exe

C:\Program\iPod\bin\iPodService.exe

C:\Program\Telia\Telias sakerhetstjanster\FSAUA\program\fsus.exe

C:\Program\Delade filer\Teleca Shared\Generic.exe

C:\Program\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe

C:\Program\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe

C:\Program\Internet Explorer\IEXPLORE.EXE

C:\Program\Delade filer\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Documents and Settings\Familj\Skrivbord\SmitfraudFix\Policies.exe

C:\WINDOWS\system32\cmd.exe

 

»»»»»»»»»»»»»»»»»»»»»»»» hosts

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:

C:\autorun.inf FOUND !

C:\resycled\ FOUND !

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Familj

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Familj\LOKALA~1\Temp

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Familj\Application Data

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Start Menu

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Familj\FAVORI~1

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Desktop

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\Program

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]

"Source"="About:Home"

"SubscribedURL"="About:Home"

"FriendlyName"="Min aktuella startsida"

 

 

»»»»»»»»»»»»»»»»»»»»»»»» o4Patch

!!!Attention, following keys are not inevitably infected!!!

 

o4Patch

Credits: Malware Analysis & Diagnostic

Code: S!Ri

 

 

 

»»»»»»»»»»»»»»»»»»»»»»»» IEDFix

!!!Attention, following keys are not inevitably infected!!!

 

IEDFix

Credits: Malware Analysis & Diagnostic

Code: S!Ri

 

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Agent.OMZ.Fix

!!!Attention, following keys are not inevitably infected!!!

 

 

 

»»»»»»»»»»»»»»»»»»»»»»»» VACFix

!!!Attention, following keys are not inevitably infected!!!

 

VACFix

Credits: Malware Analysis & Diagnostic

Code: S!Ri

 

 

»»»»»»»»»»»»»»»»»»»»»»»» 404Fix

!!!Attention, following keys are not inevitably infected!!!

 

404Fix

Credits: Malware Analysis & Diagnostic

Code: S!Ri

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler

!!!Attention, following keys are not inevitably infected!!!

 

SrchSTS.exe by S!Ri

Search SharedTaskScheduler's .dll

 

 

»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs

!!!Attention, following keys are not inevitably infected!!!

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Winlogon

!!!Attention, following keys are not inevitably infected!!!

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]

"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"

"System"=""

 

 

»»»»»»»»»»»»»»»»»»»»»»»» RK

 

 

 

»»»»»»»»»»»»»»»»»»»»»»»» DNS

 

Description: Realtek RTL8139 Family PCI Fast Ethernet NIC - Miniport för paketschemaläggning

DNS Server Search Order: 195.67.199.39

DNS Server Search Order: 192.168.0.1

 

HKLM\SYSTEM\CCS\Services\Tcpip\..\{04906054-B0CA-4706-9AA6-EE007ADCD7B8}: DhcpNameServer=195.67.199.39 192.168.0.1

HKLM\SYSTEM\CS1\Services\Tcpip\..\{04906054-B0CA-4706-9AA6-EE007ADCD7B8}: DhcpNameServer=195.67.199.39 192.168.0.1

HKLM\SYSTEM\CS2\Services\Tcpip\..\{04906054-B0CA-4706-9AA6-EE007ADCD7B8}: DhcpNameServer=195.67.199.39 192.168.0.1

HKLM\SYSTEM\CS3\Services\Tcpip\..\{04906054-B0CA-4706-9AA6-EE007ADCD7B8}: DhcpNameServer=195.67.199.39 192.168.0.1

HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=195.67.199.39 192.168.0.1

HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=195.67.199.39 192.168.0.1

HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=195.67.199.39 192.168.0.1

HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=195.67.199.39 192.168.0.1

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection

 

 

»»»»»»»»»»»»»»»»»»»»»»»» End

 

[/log]

 

När jag gjorde scanningen kom det upp en ruta där det stod "Virus Upptäckt"

 

Skydd mot virus- & spionprogram har upptäckt W32/Zlob.gen123 (virus) på din dator.

 

Karantän (rekommenderas)

Ta bort den angripna filen

Gör ingenting

 

När man kollar under information säger den att den kommer ifrån:

c:\documents and settings\familj\skrivbord\smitfraudfix\

 

sökväg: agent.omz.fix.exe

 

Jag har uppe rutan tills du säger vad jag ska göra

 

[inlägget ändrat 2009-01-02 12:35:15 av Isak E]

[inlägget ändrat 2009-01-02 12:43:13 av Isak E]

Link to comment
Share on other sites

När man kollar under information säger den att den kommer ifrån:

c:\documents and settings\familj\skrivbord\smitfraudfix\

Låter som en falsklarm, det är ganska vanligt att antivirusprogram reagerar på fix-programmen. Välj du Gör ingenting.

 

Ladda ner Malwarebytes Anti-Malware (MBAM) från en av dessa länkar:

http://www.download.com/Malwarebytes-Anti-Malware/3000-8022_4-10804572.html

http://projects.securitywonks.net/projects/details.php?file=158

Dubbelklicka på mbam-setup för att installera programmet.

 

[log]Se till i slutet av installationen att det är bockar för:

Uppdatera Malwarebytes' Anti-Malware

Starta Malwarebytes' Anti-Malware

Tryck på Slutför

Om det finns någon uppdatering så kommer den att laddas ner och installeras.

 

När programmet startar så välj "Utför snabb skanning" och tryck på Skanna.

Skanningen tar ett tag.

När den är klar så tryck på OK och sedan "Visa resultat".

Bocka för allt och tryck sedan Ta bort markerade.

När borttagningen är klar så öppnar Anteckningar med en logg.

 

Eventuellt så kommer det upp en begäran om att starta om datorn (Restart). I så fall gör det.

Om det blir ett felmeddelande Error loading... efter omstarten så starta om datorn än en gång.

Om programmet inte kommer igång efter omstarten så starta det.

 

Om loggen inte kommer upp själv i Anteckningar så hittar du loggen på fliken Loggar i MBAM.

Kopiera loggen och klistra in den i ditt svar tillsammans med en ny SmitfraudFix-logg.[/log]

 

[inlägget ändrat 2009-01-02 12:52:54 av Cecilia]

Link to comment
Share on other sites

Jag behövde inte starta om datorn ;)

 

Här kommer MBAM-loggen:

 

[log]Malwarebytes' Anti-Malware 1.31

Databasversion: 1456

Windows 5.1.2600 Service Pack 3

 

2009-01-02 13:04:30

mbam-log-2009-01-02 (13-04-30).txt

 

Skanningstyp: Snabb skanning

Antal skannade objekt: 64637

Förfluten tid: 5 minute(s), 33 second(s)

 

Infekterade minnesprocesser: 0

Infekterade minnesmoduler: 0

Infekterade registernycklar: 3

Infekterade registervärden: 1

Infekterade registerdataposter: 0

Infekterade mappar: 1

Infekterade filer: 4

 

Infekterade minnesprocesser:

(Inga illasinnade poster hittades)

 

Infekterade minnesmoduler:

(Inga illasinnade poster hittades)

 

Infekterade registernycklar:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{af2e62b6-f9e1-4d4f-a10a-9dc8e6dcbcc0} (Adware.VideoEgg) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{b64f4a7c-97c9-11da-8bde-f66bad1e3f3a} (Rogue.WinAntivirus) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Trymedia Systems (Adware.Trymedia) -> Quarantined and deleted successfully.

 

Infekterade registervärden:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\asksbar uninstall (Adware.AskSBAR) -> Quarantined and deleted successfully.

 

Infekterade registerdataposter:

(Inga illasinnade poster hittades)

 

Infekterade mappar:

C:\resycled (Trojan.DNSChanger) -> Quarantined and deleted successfully.

 

Infekterade filer:

C:\Program\Uninstall Ask Toolbar.dll (Adware.AskSBAR) -> Quarantined and deleted successfully.

C:\Program\Mozilla Firefox\plugins\NPAskSBr.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\resycled\boot.com (Trojan.DNSChanger) -> Quarantined and deleted successfully.

C:\WINDOWS\TEMP\tempo-77F.tmp (Trojan.DNSChanger) -> Quarantined and deleted successfully.

[/log]

 

Och här kommer Smitfraudfix-loggen:

 

[log]SmitFraudFix v2.388

 

Scan done at 13:07:57,87, 2009-01-02

Run from C:\Documents and Settings\Familj\Skrivbord\SmitfraudFix

OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT

The filesystem type is

Fix run in normal mode

 

»»»»»»»»»»»»»»»»»»»»»»»» Process

 

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program\Delade filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program\Bonjour\mDNSResponder.exe

C:\Program\Telia\Telias sakerhetstjanster\Anti-Virus\fsgk32st.exe

C:\Program\Telia\Telias sakerhetstjanster\Common\FSMA32.EXE

C:\Program\Telia\Telias sakerhetstjanster\Anti-Virus\FSGK32.EXE

C:\Program\Java\jre6\bin\jqs.exe

C:\Program\Telia\Telias sakerhetstjanster\Common\FSMB32.EXE

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\WINDOWS\Explorer.EXE

C:\Program\Telia\Telias sakerhetstjanster\Common\FCH32.EXE

C:\WINDOWS\system32\svchost.exe

C:\Program\Telia\Telias sakerhetstjanster\Common\FAMEH32.EXE

C:\Program\Telia\Telias sakerhetstjanster\Anti-Virus\fsqh.exe

C:\Program\Telia\Telias sakerhetstjanster\FSAUA\program\fsaua.exe

C:\Program\Telia\Telias sakerhetstjanster\Anti-Virus\fssm32.exe

C:\Program\Telia\Telias sakerhetstjanster\FWES\Program\fsdfwd.exe

C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe

C:\Program\Hewlett-Packard\HP Software Update\HPWuSchd2.exe

C:\Program\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe

C:\Program\Telia\Telias sakerhetstjanster\Common\FSM32.EXE

C:\WINDOWS\CTHELPER.EXE

C:\WINDOWS\system32\iid.exe

C:\Program\Telia\Telias sakerhetstjanster\FSGUI\fsguidll.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Program\iTunes\iTunesHelper.exe

C:\Program\Java\jre6\bin\jusched.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program\OLYMPUS\OLYMPUS Master\Monitor.exe

C:\Program\DAEMON Tools\daemon.exe

C:\Program\Messenger\msmsgs.exe

C:\Program\Telia\Telias sakerhetstjanster\Anti-Virus\fsav32.exe

C:\Program\Personal\bin\Personal.exe

C:\Program\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe

C:\WINDOWS\System32\svchost.exe

C:\Program\Hewlett-Packard\Digital Imaging\bin\hpqimzone.exe

C:\Program\iPod\bin\iPodService.exe

C:\Program\Telia\Telias sakerhetstjanster\FSAUA\program\fsus.exe

C:\Program\Delade filer\Teleca Shared\Generic.exe

C:\Program\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe

C:\Program\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe

C:\Program\Internet Explorer\IEXPLORE.EXE

C:\Program\Delade filer\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\Documents and Settings\Familj\Skrivbord\SmitfraudFix\Policies.exe

C:\WINDOWS\system32\cmd.exe

 

»»»»»»»»»»»»»»»»»»»»»»»» hosts

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:

C:\autorun.inf FOUND !

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Familj

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Familj\LOKALA~1\Temp

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Familj\Application Data

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Start Menu

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Familj\FAVORI~1

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Desktop

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\Program

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]

"Source"="About:Home"

"SubscribedURL"="About:Home"

"FriendlyName"="Min aktuella startsida"

 

 

»»»»»»»»»»»»»»»»»»»»»»»» o4Patch

!!!Attention, following keys are not inevitably infected!!!

 

o4Patch

Credits: Malware Analysis & Diagnostic

Code: S!Ri

 

 

 

»»»»»»»»»»»»»»»»»»»»»»»» IEDFix

!!!Attention, following keys are not inevitably infected!!!

 

IEDFix

Credits: Malware Analysis & Diagnostic

Code: S!Ri

 

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Agent.OMZ.Fix

!!!Attention, following keys are not inevitably infected!!!

 

 

 

»»»»»»»»»»»»»»»»»»»»»»»» VACFix

!!!Attention, following keys are not inevitably infected!!!

 

VACFix

Credits: Malware Analysis & Diagnostic

Code: S!Ri

 

 

»»»»»»»»»»»»»»»»»»»»»»»» 404Fix

!!!Attention, following keys are not inevitably infected!!!

 

404Fix

Credits: Malware Analysis & Diagnostic

Code: S!Ri

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler

!!!Attention, following keys are not inevitably infected!!!

 

SrchSTS.exe by S!Ri

Search SharedTaskScheduler's .dll

 

 

»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs

!!!Attention, following keys are not inevitably infected!!!

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Winlogon

!!!Attention, following keys are not inevitably infected!!!

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]

"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"

"System"=""

 

 

»»»»»»»»»»»»»»»»»»»»»»»» RK

 

 

 

»»»»»»»»»»»»»»»»»»»»»»»» DNS

 

Description: Realtek RTL8139 Family PCI Fast Ethernet NIC - Miniport för paketschemaläggning

DNS Server Search Order: 195.67.199.39

DNS Server Search Order: 192.168.0.1

 

HKLM\SYSTEM\CCS\Services\Tcpip\..\{04906054-B0CA-4706-9AA6-EE007ADCD7B8}: DhcpNameServer=195.67.199.39 192.168.0.1

HKLM\SYSTEM\CS1\Services\Tcpip\..\{04906054-B0CA-4706-9AA6-EE007ADCD7B8}: DhcpNameServer=195.67.199.39 192.168.0.1

HKLM\SYSTEM\CS2\Services\Tcpip\..\{04906054-B0CA-4706-9AA6-EE007ADCD7B8}: DhcpNameServer=195.67.199.39 192.168.0.1

HKLM\SYSTEM\CS3\Services\Tcpip\..\{04906054-B0CA-4706-9AA6-EE007ADCD7B8}: DhcpNameServer=195.67.199.39 192.168.0.1

HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=195.67.199.39 192.168.0.1

HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=195.67.199.39 192.168.0.1

HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=195.67.199.39 192.168.0.1

HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=195.67.199.39 192.168.0.1

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection

 

 

»»»»»»»»»»»»»»»»»»»»»»»» End

 

[/log]

 

Link to comment
Share on other sites

Det kan vara en infektion som sprids via USB-minnen, externa hårddiskar, iPods och annat liknande. Har du använt något sådant?

 

Kan du ta bort filen C:\autorun.inf?

 

Link to comment
Share on other sites

Är det okej för dig med engelska? I så fall kan sidan

http://miekiemoes.blogspot.com/2008/11/please-disable-autorun-asap.html

vara intressant att ögna igenom och om du tycker att det låter bra att stoppa den möjligheten för skadliga program att spridas så följ den länk som är för din variant av XP.

 

Ladda ner Flash Disinfector by sUBs till Skrivbordet:

http://www.techsupportforum.com/sectools/sUBs/Flash_Disinfector.exe

Dubbelklicka på den nedladdade filen för att starta programmet.

Följ de anvisningar som kommer upp.

När det står att du ska sätta in flash-diskar så stoppar du in de USB-minnen etc som kan tänkas vara infekterade.

När allt är klart så avsluta programmet och starta om datorn.

 

Om du har flera hårddiskpartitioner (C:, D: etc) på den/de hårddiskar som finns i datorn så kolla om du har någon autorun.inf-fil på dem.

 

Har de iPods etc som kan tänkas vara smittade anslutits till någon annan dator?

 

Link to comment
Share on other sites

Ojoj, tur att man ska köpa en ny dator snart men man vill ju inte att liknande saker ska hända med den.. Det skulle isåfall vara syrrans externa hårdisk som är infekterad, för den har varit ansluten med min dator flera gånger, men hennes dator fungerar prima och hårdisken är i princip alltid ansluten till den. Och mina iPods har bara varit anslutna med denna datorn.

 

Link to comment
Share on other sites

Din syrra får alltså inget konstigt beteende i Google?

 

Men kör Flash Disinfector med dina iPods i alla fall.

 

Link to comment
Share on other sites

Så, nu har jag gjort som du sade. Men jag tror det fortfarande är kvar, några fler förslag? Ibland fryser internet och då hela windows också, så jag får hårdstänga den. Det verkar som varje popup-fönster det kommer, så "bildas" det ett nytt spionprogram, det står när jag kör virusscanning att det kommer ifrån mina cockies, så jag rensar mycket oftare nu.

 

Link to comment
Share on other sites

Cookies är totalt ofarliga för datorn och kan inte orsaka några problem för datorn. Hittar du något annat än cookies när du virusskannar?

 

Om hela Windows/datorn fryser så tror jag mer på något annat problem. Men vi kan kolla om det har tillkommit några fler skumma filer senaste månaden. Ladda ner OTViewIt till Skrivbordet:

http://oldtimer.geekstogo.com/OTViewIt.exe

 

Stäng alla program.

Kör OTViewIt (i Vista högerklicka och Kör som administratör).

Bocka för Scan all Users.

Välj 30 dagar för File Age om det inte redan är valt.

Tryck på Run Scan och låt programmet köra ostört.

 

När det är klart så skapas två loggfiler på Skrivbordet, OTViewIt.txt och Extras.txt, klistra in båda två i ditt svar.

 

Link to comment
Share on other sites

Här kommer loggarna:

 

[log]OTViewIt logfile created on: 2009-01-02 19:12:21 - Run

OTViewIt by OldTimer - Version 1.0.20.1 Folder = C:\Documents and Settings\Familj\Skrivbord

Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 7.0.5730.11)

Locale: 0000041D | Country: Sverige | Language: SVE | Date Format: yyyy-MM-dd

 

1023,36 Mb Total Physical Memory | 585,57 Mb Available Physical Memory | 57,22% Memory free

2,40 Gb Paging File | 1,97 Gb Available in Paging File | 81,77% Paging File free

Paging file location(s): C:\pagefile.sys 1536 3072;

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program

Drive C: | 232,88 Gb Total Space | 118,17 Gb Free Space | 50,74% Space Free | Partition Type: NTFS

D: Drive not present or media not loaded

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

 

Computer Name: MAGNUS-0219C09C

Current User Name: Familj

Logged in as Administrator.

 

Current Boot Mode: Normal

Scan Mode: All users

Whitelist: On

File Age = 30 Days

 

========== Processes ==========

 

[2008-11-07 14:28:16 | 00,132,424 | ---- | M] (Apple Inc.) -- C:\Program\Delade filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

[2008-08-29 09:18:44 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program\Bonjour\mDNSResponder.exe

[2007-11-01 12:42:04 | 00,047,800 | ---- | M] (F-Secure Corporation) -- C:\Program\Telia\Telias sakerhetstjanster\Anti-Virus\fsgk32st.exe

[2007-11-01 12:42:56 | 00,113,304 | ---- | M] (F-Secure Corporation) -- C:\Program\Telia\Telias sakerhetstjanster\Common\FSMA32.EXE

[2008-10-21 13:03:44 | 00,432,224 | ---- | M] (F-Secure Corp.) -- C:\Program\Telia\Telias sakerhetstjanster\Anti-Virus\fsgk32.exe

[2008-11-10 05:43:40 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program\Java\jre6\bin\jqs.exe

[2007-11-01 12:42:58 | 00,232,088 | ---- | M] (F-Secure Corporation) -- C:\Program\Telia\Telias sakerhetstjanster\Common\FSMB32.EXE

[2008-05-16 13:01:00 | 00,159,812 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe

[2008-10-23 19:30:26 | 00,066,872 | ---- | M] () -- C:\WINDOWS\system32\PnkBstrA.exe

[2007-11-01 12:42:56 | 00,125,592 | ---- | M] (F-Secure Corporation) -- C:\Program\Telia\Telias sakerhetstjanster\Common\FCH32.EXE

[2007-11-01 12:42:56 | 00,391,776 | ---- | M] (F-Secure Corporation) -- C:\Program\Telia\Telias sakerhetstjanster\Common\FAMEH32.EXE

[2007-11-01 12:42:06 | 00,043,680 | ---- | M] (F-Secure Corporation) -- C:\Program\Telia\Telias sakerhetstjanster\Anti-Virus\fsqh.exe

[2007-11-01 12:41:52 | 00,461,408 | ---- | M] (F-Secure Corporation) -- C:\Program\Telia\Telias sakerhetstjanster\FSAUA\program\fsaua.exe

[2008-10-21 13:03:45 | 00,514,656 | ---- | M] (F-Secure Corp.) -- C:\Program\Telia\Telias sakerhetstjanster\Anti-Virus\fssm32.exe

[2007-11-01 12:42:16 | 00,453,216 | ---- | M] (F-Secure Corporation) -- C:\Program\Telia\Telias sakerhetstjanster\FWES\program\fsdfwd.exe

[2003-03-26 08:19:12 | 00,172,032 | ---- | M] (HP) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe

[2007-05-08 16:24:20 | 00,054,840 | ---- | M] (Hewlett-Packard) -- C:\Program\Hewlett-Packard\HP Software Update\hpwuSchd2.exe

[2002-12-02 20:56:10 | 00,040,960 | ---- | M] (Hewlett-Packard) -- C:\Program\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe

[2007-11-01 12:42:56 | 00,182,936 | ---- | M] (F-Secure Corporation) -- C:\Program\Telia\Telias sakerhetstjanster\Common\FSM32.EXE

[2006-08-11 14:56:02 | 00,017,920 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\CTHELPER.EXE

[2007-03-15 09:11:58 | 00,067,112 | ---- | M] (NetMaker Consulting Group AB) -- C:\WINDOWS\system32\iid.exe

[2008-04-14 17:05:18 | 00,033,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rundll32.exe

[2007-11-01 12:42:48 | 00,465,504 | ---- | M] (F-Secure Corporation) -- C:\Program\Telia\Telias sakerhetstjanster\FSGUI\fsguidll.exe

[2008-11-20 13:20:54 | 00,290,088 | ---- | M] (Apple Inc.) -- C:\Program\iTunes\iTunesHelper.exe

[2008-04-14 17:05:18 | 00,033,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rundll32.exe

[2008-11-10 05:43:42 | 00,136,600 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program\Java\jre6\bin\jusched.exe

[2007-03-28 01:07:42 | 00,593,920 | R--- | M] () -- C:\Program\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe

[2007-07-29 12:42:39 | 00,068,856 | ---- | M] (Google Inc.) -- C:\Program\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[2005-11-29 18:19:00 | 00,057,344 | ---- | M] (OLYMPUS IMAGING CORP.) -- C:\Program\OLYMPUS\OLYMPUS Master\Monitor.exe

[2007-04-03 23:29:15 | 00,165,784 | ---- | M] (DT Soft Ltd.) -- C:\Program\DAEMON Tools\daemon.exe

[2008-04-14 17:05:13 | 01,695,232 | ---- | M] (Microsoft Corporation) -- C:\Program\Messenger\msmsgs.exe

[2007-11-01 12:42:04 | 00,319,584 | ---- | M] (F-Secure Corporation) -- C:\Program\Telia\Telias sakerhetstjanster\Anti-Virus\fsav32.exe

[2008-10-29 20:40:34 | 00,927,248 | ---- | M] (Technology Nexus AB) -- C:\Program\Personal\bin\Personal.exe

[2006-02-19 03:21:22 | 00,288,472 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe

[2008-11-20 13:20:44 | 00,536,872 | ---- | M] (Apple Inc.) -- C:\Program\iPod\bin\iPodService.exe

[2006-02-10 06:56:12 | 00,479,232 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program\Hewlett-Packard\Digital Imaging\bin\hpqimzone.exe

[2007-11-08 11:31:00 | 00,174,688 | ---- | M] (F-Secure Corporation) -- C:\Program\Telia\Telias sakerhetstjanster\FSAUA\program\fsus.exe

[2006-02-19 04:24:52 | 00,239,320 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program\Hewlett-Packard\Digital Imaging\bin\hpqste08.exe

[2007-02-09 17:03:38 | 00,983,040 | R--- | M] (Teleca AB) -- C:\Program\Delade filer\Teleca Shared\Generic.exe

[2007-02-28 10:55:18 | 00,880,640 | R--- | M] (Sony Ericsson Mobile Communications AB) -- C:\Program\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe

[2009-01-02 19:11:23 | 00,423,424 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Familj\Skrivbord\OTViewIt.exe

 

========== (O23) Win32 Services ==========

 

[2008-11-07 14:28:16 | 00,132,424 | ---- | M] (Apple Inc.) -- C:\Program\Delade filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Running])

[2007-10-24 01:47:22 | 00,033,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])

[2004-11-03 21:38:10 | 00,413,696 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe -- (Ati HotKey Poller [Auto | Stopped])

[2004-11-03 21:10:00 | 00,516,096 | ---- | M] () -- C:\WINDOWS\system32\ati2sgag.exe -- (ATI Smart [Auto | Stopped])

[2008-08-29 09:18:44 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Running])

[2007-10-24 01:47:40 | 00,070,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])

[2007-11-01 12:42:04 | 00,047,800 | ---- | M] (F-Secure Corporation) -- C:\Program\Telia\Telias sakerhetstjanster\Anti-Virus\fsgk32st.exe -- (F-Secure Gatekeeper Handler Starter [Auto | Running])

[2007-11-01 12:41:52 | 00,461,408 | ---- | M] (F-Secure Corporation) -- C:\Program\Telia\Telias sakerhetstjanster\FSAUA\program\fsaua.exe -- (FSAUA [On_Demand | Running])

[2007-11-01 12:42:16 | 00,453,216 | ---- | M] (F-Secure Corporation) -- C:\Program\Telia\Telias sakerhetstjanster\FWES\program\fsdfwd.exe -- (FSDFWD [On_Demand | Running])

[2007-11-01 12:42:56 | 00,113,304 | ---- | M] (F-Secure Corporation) -- C:\Program\Telia\Telias sakerhetstjanster\Common\FSMA32.EXE -- (FSMA [Auto | Running])

[2008-11-26 20:52:38 | 00,137,200 | ---- | M] (Google) -- C:\Program\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [On_Demand | Stopped])

[2005-05-20 09:37:12 | 00,081,920 | ---- | M] (Hewlett-Packard Company) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE -- (HP Port Resolver [On_Demand | Stopped])

[2004-10-16 04:31:06 | 00,073,728 | ---- | M] (Hewlett-Packard Company) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE -- (HP Status Server [On_Demand | Stopped])

[2005-11-14 01:06:04 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program\Delade filer\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])

[2008-11-20 13:20:44 | 00,536,872 | ---- | M] (Apple Inc.) -- C:\Program\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Running])

[2008-11-10 05:43:40 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])

[2008-05-16 13:01:00 | 00,159,812 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe -- (NVSvc [Auto | Running])

[2007-08-09 08:27:52 | 00,073,728 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12 [Auto | Stopped])

[2008-10-23 19:30:26 | 00,066,872 | ---- | M] () -- C:\WINDOWS\system32\PnkBstrA.exe -- (PnkBstrA [Auto | Running])

[2007-10-18 11:31:54 | 00,098,328 | ---- | M] (Microsoft Corporation) -- C:\Program\Windows Live\Messenger\usnsvc.exe -- (usnjsvc [On_Demand | Stopped])

[2007-10-25 15:27:54 | 00,266,240 | ---- | M] (Microsoft Corporation) -- C:\Program\Windows Live\installer\WLSetupSvc.exe -- (WLSetupSvc [On_Demand | Stopped])

[2006-11-15 10:49:34 | 00,912,384 | ---- | M] (Microsoft Corporation) -- C:\Program\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])

 

========== Driver Services ==========

 

[2006-11-25 11:56:30 | 00,082,380 | ---- | M] (Oak Technology Inc.) -- C:\WINDOWS\System32\drivers\AFS2K.SYS -- (AFS2K [system | Running])

[2004-11-03 21:40:04 | 00,821,248 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag [On_Demand | Stopped])

[2004-03-08 11:55:50 | 00,013,567 | ---- | M] (B.H.A Corporation) -- C:\WINDOWS\System32\drivers\CDRBSDRV.SYS -- (cdrbsdrv [system | Running])

[2006-08-11 14:45:14 | 00,502,272 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\drivers\ctac32k.sys -- (ctac32k [On_Demand | Running])

[2006-08-11 14:45:38 | 00,499,584 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\drivers\ctaud2k.sys -- (ctaud2k [On_Demand | Running])

[2005-11-10 17:06:04 | 00,340,704 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\drivers\ctdvda2k.sys -- (ctdvda2k [On_Demand | Stopped])

[2006-08-11 14:45:40 | 00,007,168 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\drivers\ctprxy2k.sys -- (ctprxy2k [On_Demand | Running])

[2006-08-11 14:45:18 | 00,143,872 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k [On_Demand | Running])

[2006-08-11 14:45:18 | 00,078,336 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\drivers\emupia2k.sys -- (emupia [On_Demand | Running])

[2007-11-01 12:42:06 | 00,039,776 | ---- | M] () -- C:\Program\Telia\Telias sakerhetstjanster\Anti-Virus\win2k\fsfilter.sys -- (F-Secure Filter [Disabled | Stopped])

[2007-11-01 12:42:06 | 00,059,488 | ---- | M] () -- C:\Program\Telia\Telias sakerhetstjanster\Anti-Virus\minifilter\fsgk.sys -- (F-Secure Gatekeeper [On_Demand | Running])

[2008-02-14 15:20:32 | 00,041,184 | ---- | M] () -- C:\Program\Telia\Telias sakerhetstjanster\HIPS\fshs.sys -- (F-Secure HIPS [system | Running])

[2007-11-01 12:42:06 | 00,025,184 | ---- | M] () -- C:\Program\Telia\Telias sakerhetstjanster\Anti-Virus\win2k\fsrec.sys -- (F-Secure Recognizer [Disabled | Stopped])

[2008-03-17 12:15:22 | 00,051,072 | ---- | M] (F-Secure Corporation) -- C:\WINDOWS\system32\drivers\fsdfw.sys -- (FSFW [boot | Running])

[2006-09-19 15:44:04 | 00,015,664 | ---- | M] (GEAR Software Inc.) -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Running])

[2006-08-11 14:45:26 | 00,766,976 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\drivers\ha10kx2k.sys -- (ha10kx2k [On_Demand | Running])

[2006-08-11 14:45:26 | 00,154,112 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\drivers\haP16v2k.sys -- (hap16v2k [On_Demand | Stopped])

[2006-08-11 14:45:28 | 00,180,224 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\drivers\haP17v2k.sys -- (hap17v2k [On_Demand | Stopped])

[2006-04-13 02:04:39 | 00,049,664 | R--- | M] (HP) -- C:\WINDOWS\system32\drivers\HPZid412.sys -- (HPZid412 [On_Demand | Stopped])

[2006-04-13 02:04:39 | 00,016,496 | R--- | M] (HP) -- C:\WINDOWS\system32\drivers\HPZipr12.sys -- (HPZipr12 [On_Demand | Stopped])

[2006-04-13 02:04:39 | 00,021,568 | ---- | M] (HP) -- C:\WINDOWS\system32\drivers\HPZius12.sys -- (HPZius12 [On_Demand | Stopped])

[2004-08-03 23:41:48 | 00,220,032 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\drivers\HSFBS2S2.sys -- (HSFHWBS2 [On_Demand | Running])

[2004-08-03 23:41:56 | 01,041,536 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\drivers\HSFDPSP2.sys -- (HSF_DP [On_Demand | Running])

[2006-09-03 14:05:09 | 00,015,872 | ---- | M] () -- C:\Documents and Settings\Familj\Lokala inställningar\temp\jgameenp.sys -- (jgameenp [On_Demand | Stopped])

[2004-08-03 23:41:56 | 00,011,868 | ---- | M] (Conexant) -- C:\WINDOWS\system32\drivers\mdmxsdk.sys -- (mdmxsdk [Auto | Running])

[2008-05-16 13:01:00 | 06,557,408 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv [On_Demand | Running])

[2006-08-11 14:45:24 | 00,116,224 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv [On_Demand | Running])

[2006-03-02 13:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink [On_Demand | Running])

[2008-06-11 01:07:16 | 00,043,528 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\pxhelp20.sys -- (PxHelp20 [boot | Running])

[2004-08-03 23:31:34 | 00,020,992 | ---- | M] (Realtek Semiconductor Corporation) -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139 [On_Demand | Running])

[2006-09-05 20:07:00 | 00,061,536 | R--- | M] (MCCI) -- C:\WINDOWS\system32\drivers\se59bus.sys -- (se59bus [On_Demand | Stopped])

[2006-09-05 20:07:48 | 00,009,360 | R--- | M] (MCCI) -- C:\WINDOWS\system32\drivers\se59mdfl.sys -- (se59mdfl [On_Demand | Stopped])

[2006-09-05 20:07:52 | 00,097,088 | R--- | M] (MCCI) -- C:\WINDOWS\system32\drivers\se59mdm.sys -- (se59mdm [On_Demand | Stopped])

[2006-09-05 20:08:40 | 00,088,624 | R--- | M] (MCCI) -- C:\WINDOWS\system32\drivers\se59mgmt.sys -- (se59mgmt [On_Demand | Stopped])

[2006-09-05 20:06:28 | 00,018,704 | R--- | M] (MCCI) -- C:\WINDOWS\system32\drivers\se59nd5.sys -- (se59nd5 [On_Demand | Stopped])

[2006-09-05 20:09:26 | 00,086,432 | R--- | M] (MCCI) -- C:\WINDOWS\system32\drivers\se59obex.sys -- (se59obex [On_Demand | Stopped])

[2006-09-05 20:06:22 | 00,090,800 | R--- | M] (MCCI) -- C:\WINDOWS\system32\drivers\se59unic.sys -- (se59unic [On_Demand | Stopped])

[2007-11-13 11:25:56 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv [Auto | Running])

[2005-08-10 13:44:04 | 00,050,688 | ---- | M] (Protection Technology) -- C:\WINDOWS\system32\drivers\sfdrv01.sys -- (sfdrv01 [boot | Running])

[2005-05-16 14:20:39 | 00,006,656 | ---- | M] (Protection Technology) -- C:\WINDOWS\system32\drivers\sfhlp02.sys -- (sfhlp02 [boot | Running])

[2004-12-03 11:20:41 | 00,020,544 | ---- | M] (Protection Technology) -- C:\WINDOWS\system32\drivers\sfsync02.sys -- (sfsync02 [boot | Running])

[2005-11-03 15:40:07 | 00,063,488 | ---- | M] (Protection Technology) -- C:\WINDOWS\system32\drivers\sfvfs02.sys -- (sfvfs02 [boot | Running])

[2008-01-13 15:41:41 | 00,682,232 | ---- | M] () -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd [boot | Running])

[2008-10-01 12:01:28 | 00,032,000 | ---- | M] (Apple, Inc.) -- C:\WINDOWS\system32\drivers\usbaapl.sys -- (USBAAPL [On_Demand | Stopped])

[2004-08-03 23:41:50 | 00,685,056 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\drivers\HSFCXTS2.sys -- (winachsf [On_Demand | Running])

[2006-03-02 13:00:00 | 00,012,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ws2ifsl.sys -- (WS2IFSL [Disabled | Stopped])

 

========== (R ) Internet Explorer ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]

"Default_Page_URL"=http://go.microsoft.com/fwlink/?LinkId=69157

"Default_Search_URL"=http://go.microsoft.com/fwlink/?LinkId=54896

"Default_Secondary_Page_URL"=

"Extensions Off Page"=about:NoAdd-ons

"Local Page"=%SystemRoot%\system32\blank.htm

"Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896

"Security Risk Page"=about:SecurityRisk

"Start Page"=http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search]

"CustomizeSearch"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm

"Default_Search_URL"=http://www.google.com/ie

"SearchAssistant"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]

"Local Page"=C:\WINDOWS\system32\blank.htm

"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

"SearchMigratedDefaultName"=Google

"SearchMigratedDefaultURL"=http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

"Start Page"=http://www.google.se/

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Search]

"AutoSearch"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/saautosearch.aspx

"CustomizeSearch"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm

"SearchAssistant"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchURL]

""=http://home.microsoft.com/access/autosearch.asp?p=%s

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]

"ProxyEnable" = 0

"ProxyOverride" = *.local

 

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main]

"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

"Start Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings]

"ProxyEnable" = 0

 

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main]

"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

"Start Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome

 

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings]

"ProxyEnable" = 0

 

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main]

 

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main]

 

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings]

"ProxyEnable" = 0

 

[HKEY_USERS\S-1-5-21-343818398-1788223648-725345543-1005\SOFTWARE\Microsoft\Internet Explorer\Main]

"Local Page"=C:\WINDOWS\system32\blank.htm

"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

"SearchMigratedDefaultName"=Google

"SearchMigratedDefaultURL"=http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

"Start Page"=http://www.google.se/

 

[HKEY_USERS\S-1-5-21-343818398-1788223648-725345543-1005\SOFTWARE\Microsoft\Internet Explorer\Search]

"AutoSearch"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/saautosearch.aspx

"CustomizeSearch"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm

"SearchAssistant"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

 

[HKEY_USERS\S-1-5-21-343818398-1788223648-725345543-1005\Software\Microsoft\Internet Explorer\SearchURL]

""=http://home.microsoft.com/access/autosearch.asp?p=%s

 

[HKEY_USERS\S-1-5-21-343818398-1788223648-725345543-1005\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

 

[HKEY_USERS\S-1-5-21-343818398-1788223648-725345543-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings]

"ProxyEnable" = 0

"ProxyOverride" = *.local

 

========== (O1) Hosts File ==========

 

HOSTS File = (1339 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts

First 25 entries...

127.0.0.1 localhost

127.0.0.1 cod1master.activision.com

127.0.0.1 cod2master.activision.com

127.0.0.1 cod4master.activision.com

127.0.0.1 cod5master.activision.com

127.0.0.1 codwwmaster.activision.com

127.0.0.1 codwawmaster.activision.com

127.0.0.1 crysis.master.gamespy.com

127.0.0.1 master1.evenbalance.com

127.0.0.1 master2.evenbalance.com

127.0.0.1 master3.evenbalance.com

127.0.0.1 master4.evenbalance.com

127.0.0.1 master5.evenbalance.com

127.0.0.1 master6.evenbalance.com

127.0.0.1 master7.evenbalance.com

127.0.0.1 master8.evenbalance.com

127.0.0.1 master9.evenbalance.com

127.0.0.1 crysis1.evenbalance.com

127.0.0.1 crysis2.evenbalance.com

 

========== (O2) BHO's ==========

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\]

{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (HKLM) -- C:\Program\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

{22BF413B-C6D2-4d91-82A9-A0F997BA588C} (HKLM) -- C:\Program\Skype\toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)

{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (HKLM) -- C:\Program\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)

{7E853D72-626A-48EC-A868-BA8D5E23E045} (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

{9030D464-4C02-4ABF-8ECC-5164760863C6} (HKLM) -- C:\Program\Delade filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)

{AA58ED58-01DD-4d91-8333-CF10577473F7} (HKLM) -- C:\Program\Google\Google Toolbar\GoogleToolbar.dll ()

{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (HKLM) -- C:\Program\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll (Google Inc.)

{C84D72FE-E17D-4195-BB24-76C02E2E7C4E} (HKLM) -- C:\Program\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll (Google Inc.)

{DBC80044-A445-435b-BC74-9C25C1C588A9} (HKLM) -- C:\Program\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)

{E7E6F031-17CE-4C07-BC86-EABFE594F69C} (HKLM) -- C:\Program\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)

 

========== (O3) Toolbars ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]

"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" (HKLM) -- C:\Program\Google\Google Toolbar\GoogleToolbar.dll ()

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]

"{21FA44EF-376D-4D53-9B0F-8A89D3229068}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]

"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" (HKLM) -- C:\Program\Google\Google Toolbar\GoogleToolbar.dll ()

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]

"{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

 

[HKEY_USERS\S-1-5-21-343818398-1788223648-725345543-1005\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]

"{21FA44EF-376D-4D53-9B0F-8A89D3229068}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

 

[HKEY_USERS\S-1-5-21-343818398-1788223648-725345543-1005\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]

"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" (HKLM) -- C:\Program\Google\Google Toolbar\GoogleToolbar.dll ()

 

[HKEY_USERS\S-1-5-21-343818398-1788223648-725345543-1005\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]

"{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

 

========== (O4) Run Keys ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"AppleSyncNotifier"=C:\Program\Delade filer\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)

"ATIPTA"=C:\Program\ATI Technologies\ATI Control Panel\atiptaxx.exe (ATI Technologies, Inc.)

"CTHelper"=CTHELPER.EXE (Creative Technology Ltd)

"CTxfiHlp"=CTXFIHLP.EXE (Creative Technology Ltd)

"DeviceDiscovery"=C:\Program\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe (Hewlett-Packard)

"F-Secure Manager"="C:\Program\Telia\Telias sakerhetstjanster\Common\FSM32.EXE" /splash (F-Secure Corporation)

"F-Secure TNB"="C:\Program\Telia\Telias sakerhetstjanster\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW (F-Secure Corporation)

"HP Software Update"=C:\Program\Hewlett-Packard\HP Software Update\HPWuSchd2.exe (Hewlett-Packard)

"HPDJ Taskbar Utility"=C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe (HP)

"iTunesHelper"="C:\Program\iTunes\iTunesHelper.exe" (Apple Inc.)

"Net iD"=C:\WINDOWS\system32\iid.exe (NetMaker Consulting Group AB)

"NvCplDaemon"=RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup (NVIDIA Corporation)

"nwiz"=nwiz.exe /install ()

"NvMediaCenter"=RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit (NVIDIA Corporation)

"OM_Monitor"=C:\Program\OLYMPUS\OLYMPUS Master\FirstStart.exe (OLYMPUS IMAGING CORP.)

"QuickTime Task"="C:\Program\QuickTime\QTTask.exe" -atboottime (Apple Inc.)

"Sony Ericsson PC Suite"="C:\Program\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions ()

"SunJavaUpdateSched"="C:\Program\Java\jre6\bin\jusched.exe" (Sun Microsystems, Inc.)

"UpdateManager"="C:\Program\Delade filer\Sonic\Update Manager\sgtray.exe" /r (Sonic Solutions)

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"DAEMON Tools"="C:\Program\DAEMON Tools\daemon.exe" -lang 1033 (DT Soft Ltd.)

"MSMSGS"="C:\Program\Messenger\msmsgs.exe" /background (Microsoft Corporation)

"OM_Monitor"=C:\Program\OLYMPUS\OLYMPUS Master\Monitor.exe (OLYMPUS IMAGING CORP.)

"swg"=C:\Program\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)

 

[HKEY_USERS\S-1-5-21-343818398-1788223648-725345543-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"DAEMON Tools"="C:\Program\DAEMON Tools\daemon.exe" -lang 1033 (DT Soft Ltd.)

"MSMSGS"="C:\Program\Messenger\msmsgs.exe" /background (Microsoft Corporation)

"OM_Monitor"=C:\Program\OLYMPUS\OLYMPUS Master\Monitor.exe (OLYMPUS IMAGING CORP.)

"swg"=C:\Program\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)

 

========== (O4) Startup Folders ==========

 

[2008-10-29 20:40:34 | 00,927,248 | ---- | M] (Technology Nexus AB) -- C:\Documents and Settings\All Users\Start-meny\Program\Autostart\BankID säkerhetsprogram.lnk = C:\Program\Personal\bin\Personal.exe

[2006-02-19 03:21:22 | 00,288,472 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Documents and Settings\All Users\Start-meny\Program\Autostart\HP Digital Imaging Monitor.lnk = C:\Program\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe

[2006-02-10 06:56:20 | 00,073,728 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Documents and Settings\All Users\Start-meny\Program\Autostart\HP Photosmart Premier Snabbstart.lnk = C:\Program\Hewlett-Packard\Digital Imaging\bin\hpqthb08.exe

[1999-02-17 20:05:56 | 00,065,588 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\All Users\Start-meny\Program\Autostart\Microsoft Office.lnk = C:\Program\Microsoft Office\Office\OSA9.EXE

[2007-10-22 01:26:52 | 00,524,288 | ---- | M] () -- C:\Documents and Settings\Familj\Start-meny\Program\Autostart\Thoosje Vista Sidebar.lnk = C:\Program\Thoosje Vista Sidebar.exe

 

========== (O6 & O7) Current Version Policies ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]

"NoDriveAutoRun"=67108863

"NoDriveTypeAutoRun"=255

"NoDrives"=0

"NoCDBurning"=0

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]

"dontdisplaylastusername"=0

"legalnoticecaption"=

"legalnoticetext"=

"shutdownwithoutlogon"=1

"undockwithoutlogon"=1

"HideLegacyLogonScripts"=0

"HideLogoffScripts"=0

"RunLogonScriptSync"=1

"RunStartupScriptSync"=0

"HideStartupScripts"=0

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]

"NoDriveTypeAutoRun"=36

"NoDriveAutoRun"=FF FF FF FF [binary data]

 

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]

"NoDriveTypeAutoRun"=145

 

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]

"NoDriveTypeAutoRun"=145

 

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]

"NoDriveTypeAutoRun"=145

 

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]

"NoDriveTypeAutoRun"=145

 

[HKEY_USERS\S-1-5-21-343818398-1788223648-725345543-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]

"NoDriveTypeAutoRun"=36

"NoDriveAutoRun"=FF FF FF FF [binary data]

 

========== (O8) IE Context Menu Extensions ==========

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\]

&Windows Live Search: C:\Program\Windows Live Toolbar\msntb.dll File not found

 

[HKEY_USERS\S-1-5-21-343818398-1788223648-725345543-1005\Software\Microsoft\Internet Explorer\MenuExt\]

&Windows Live Search: C:\Program\Windows Live Toolbar\msntb.dll File not found

 

========== (O9) IE Extensions ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\]

{77BF5300-1474-4EC7-9980-D32B190E9B07}: Button: Skype -- %ProgramFiles%\Skype\toolbars\Internet Explorer\SkypeIEPlugin.dll [2008-09-23 13:17:08 | 01,088,296 | ---- | M] (Skype Technologies S.A.)

{e2e2dd38-d088-4134-82b7-f2ba38496583}: Menu: @xpsp3res.dll,-20001 -- %SystemRoot%\network diagnostic\xpnetdiag.exe [2008-04-13 19:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)

{FB5F1910-F110-11d2-BB9E-00C04F795683}: Button: Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2008-04-14 17:05:13 | 01,695,232 | ---- | M] (Microsoft Corporation)

{FB5F1910-F110-11d2-BB9E-00C04F795683}: Menu: Windows Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2008-04-14 17:05:13 | 01,695,232 | ---- | M] (Microsoft Corporation)

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\]

CmdMapping\\{300DB664-75B5-47c0-8B45-A44ACCF73C00} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found

CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008-04-14 17:05:13 | 01,695,232 | ---- | M] (Microsoft Corporation)

 

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Extensions\]

CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008-04-14 17:05:13 | 01,695,232 | ---- | M] (Microsoft Corporation)

 

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Extensions\]

CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008-04-14 17:05:13 | 01,695,232 | ---- | M] (Microsoft Corporation)

 

[HKEY_USERS\S-1-5-21-343818398-1788223648-725345543-1005\SOFTWARE\Microsoft\Internet Explorer\Extensions\]

CmdMapping\\{300DB664-75B5-47c0-8B45-A44ACCF73C00} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found

CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008-04-14 17:05:13 | 01,695,232 | ---- | M] (Microsoft Corporation)

 

========== (O12) Internet Explorer Plugins ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\]

PluginsPage: "" = http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s

PluginsPageFriendlyName: "" = Microsoft ActiveX Gallery

 

========== (O13) Default Prefixes ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix]

""=http://

 

========== (O15) Trusted Sites ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]

1 domain(s) and sub-domain(s) not assigned to a zone.

 

========== (O16) DPF ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\]

{166B1BCA-3F9C-11CF-8075-444553540000}: http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab -- Shockwave ActiveX Control

{17492023-C23A-453E-A040-C7C580BBF700}: http://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab -- Windows Genuine Advantage Validation Tool

{1E54D648-B804-468d-BC78-4AFFED8E262E}: http://www.srtest.com/srl_bin/sysreqlab_srl.cab -- System Requirements Lab Class

{20A60F0D-9AFA-4515-A0FD-83BD84642501}: http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab -- Checkers Class

{54B52E52-8000-4413-BD67-FC7FE24B59F2}: http://files.ea.com/downloads/rtpatch/v2/EARTPX.cab -- EARTPatchX Class

{5BF56AD2-E297-416E-BC49-000004040507}: https://cve.trust.telia.com/TeliaEleg/iidsetup.cab -- Reg Error: Key does not exist or could not be opened.

{5C051655-FCD5-4969-9182-770EA5AA5565}: http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab -- Solitaire Showdown Class

{8AD9C840-044E-11D1-B3E9-00805F499D93}: http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab'>http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab'>http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab -- Java Plug-in 1.6.0_11

{AB86CE53-AC9F-449F-9399-D8ABCA09EC09}: https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx -- Get_ActiveX Control

{B8BE5E93-A60C-4D26-A2DC-220313175592}: http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab -- MSN Games - Installer

{BD393C14-72AD-4790-A095-76522973D6B8}: http://messenger.zone.msn.com/binary/Bankshot.cab57213.cab -- CBreakshotControl Class

{C3F79A2B-B9B4-4A66-B012-3EE46475B072}: http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab -- MessengerStatsClient Class

{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA}: http://java.sun.com/update/1.5.0/jinstall-1_5_0_08-windows-i586.cab -- Reg Error: Key does not exist or could not be opened.

{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}: http://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab -- Reg Error: Key does not exist or could not be opened.

{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}: http://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab -- Reg Error: Key does not exist or could not be opened.

{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab -- Reg Error: Key does not exist or could not be opened.

{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab -- Reg Error: Key does not exist or could not be opened.

{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab -- Reg Error: Key does not exist or could not be opened.

{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab -- Reg Error: Key does not exist or could not be opened.

{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab -- Reg Error: Key does not exist or could not be opened.

{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab -- Java Plug-in 1.6.0_11

{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab -- Java Plug-in 1.6.0_11

{F5A7706B-B9C0-4C89-A715-7A0C6B05DD48}: http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab -- Minesweeper Flags Class

 

========== (O17) DNS Name Servers ==========

 

{04906054-B0CA-4706-9AA6-EE007ADCD7B8} (Servers: | Description: Realtek RTL8139 Family PCI Fast Ethernet NIC)

{25A2D059-EE19-4578-926E-5328420FB777} (Servers: | Description: Sony Ericsson Device 089 USB Ethernet Emulation (NDIS 5))

{8910D7CE-0AED-4647-8FE4-A2C312BA4529} (Servers: | Description: 1394 Net Adapter)

 

========== (O20) Winlogon Notify Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\]

AtiExtEvent: "DllName" = Ati2evxx.dll -- C:\WINDOWS\system32\ati2evxx.dll (ATI Technologies Inc.)

 

========== Safeboot Options ==========

 

"AlternateShell"=cmd.exe

 

========== CDRom AutoRun Settings ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]

"AutoRun" = 1

 

========== Autorun Files on Drives ==========

 

AUTOEXEC.BAT []

[2006-11-21 16:13:17 | 00,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT -- [ NTFS ]

 

autorun.inf [[autorun] | ;auhomdicewjfkpbsxrtfkdjngshmraxldrhbvmgloifavvaolkiyxdkxisgynsmpakmthukhjksdnblnkkqyzmsxtayc | shellexecute="resycled\boot.com c:" | ;owifjwrrw | shell\Open\command="resycled\boot.com c:" | ;cxtnghtgbxgbunzlctaec | shell=Open | ;wxhcilruoqcoyetpkdkr | ]

[2008-12-30 18:09:46 | 00,000,255 | RHS- | M] () -- C:\autorun.inf -- [ NTFS ]

 

========== Files/Folders - Created Within 30 Days ==========

 

[6 C:\WINDOWS\*.tmp files]

[2009-01-02 19:11:23 | 00,423,424 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Familj\Skrivbord\OTViewIt.exe

[2009-01-02 18:04:53 | 00,132,597 | ---- | C] () -- C:\Documents and Settings\Familj\Skrivbord\Flash_Disinfector.exe

[2009-01-02 13:53:02 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Familj\Mina dokument\Incomplete

[2009-01-02 13:53:02 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Familj\Mina dokument\FrostWire

[2009-01-02 13:11:43 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Familj\Skrivbord\Virusprogram

[2009-01-02 12:57:09 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Familj\Application Data\Malwarebytes

[2009-01-02 12:57:06 | 00,015,504 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2009-01-02 12:57:03 | 00,038,496 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys

[2009-01-02 12:57:02 | 00,000,000 | ---D | C] -- C:\Program\Malwarebytes' Anti-Malware

[2009-01-02 12:57:02 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes

[2009-01-02 12:31:26 | 00,003,928 | ---- | C] () -- C:\WINDOWS\System32\tmp.reg

[2009-01-02 12:30:56 | 00,289,144 | ---- | C] (S!Ri) -- C:\WINDOWS\System32\VCCLSID.exe

[2009-01-02 12:30:56 | 00,288,417 | ---- | C] (S!Ri) -- C:\WINDOWS\System32\SrchSTS.exe

[2009-01-02 12:30:56 | 00,135,168 | ---- | C] (SteelWerX) -- C:\WINDOWS\System32\swreg.exe

[2009-01-02 12:30:56 | 00,087,552 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\VACFix.exe

[2009-01-02 12:30:56 | 00,082,944 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\IEDFix.exe

[2009-01-02 12:30:56 | 00,082,944 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\IEDFix.C.exe

[2009-01-02 12:30:56 | 00,082,432 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\404Fix.exe

[2009-01-02 12:30:56 | 00,080,384 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\o4Patch.exe

[2009-01-02 12:30:56 | 00,079,360 | ---- | C] (SteelWerX) -- C:\WINDOWS\System32\swxcacls.exe

[2009-01-02 12:30:56 | 00,078,336 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\Agent.OMZ.Fix.exe

[2009-01-02 12:30:56 | 00,053,248 | ---- | C] (http://www.beyondlogic.org) -- C:\WINDOWS\System32\Process.exe

[2009-01-02 12:30:56 | 00,051,200 | ---- | C] () -- C:\WINDOWS\System32\dumphive.exe

[2009-01-02 12:30:56 | 00,040,960 | ---- | C] () -- C:\WINDOWS\System32\swsc.exe

[2009-01-02 12:30:56 | 00,025,600 | ---- | C] () -- C:\WINDOWS\System32\WS2Fix.exe

[2008-12-30 23:32:26 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Familj\Mina dokument\Xilisoft Corporation

[2008-12-30 23:32:23 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Familj\Application Data\Xilisoft Corporation

[2008-12-30 23:30:53 | 00,000,000 | ---D | C] -- C:\Program\Xilisoft

[2008-12-30 18:09:45 | 00,000,255 | RHS- | C] () -- C:\autorun.inf

[2008-12-24 23:35:07 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Familj\Lokala inställningar\Application Data\Sony Ericsson

[2008-12-24 23:34:42 | 00,018,704 | R--- | C] (MCCI) -- C:\WINDOWS\System32\drivers\se59nd5.sys

[2008-12-24 23:34:27 | 00,090,800 | R--- | C] (MCCI) -- C:\WINDOWS\System32\drivers\se59unic.sys

[2008-12-24 23:34:27 | 00,004,128 | R--- | C] (MCCI) -- C:\WINDOWS\System32\drivers\se59cr.sys

[2008-12-24 23:34:25 | 00,088,624 | R--- | C] (MCCI) -- C:\WINDOWS\System32\drivers\se59mgmt.sys

[2008-12-24 23:34:21 | 00,086,432 | R--- | C] (MCCI) -- C:\WINDOWS\System32\drivers\se59obex.sys

[2008-12-24 23:34:10 | 00,097,088 | R--- | C] (MCCI) -- C:\WINDOWS\System32\drivers\se59mdm.sys

[2008-12-24 23:34:10 | 00,009,360 | R--- | C] (MCCI) -- C:\WINDOWS\System32\drivers\se59mdfl.sys

[2008-12-24 23:34:10 | 00,006,240 | R--- | C] (MCCI) -- C:\WINDOWS\System32\drivers\se59cmnt.sys

[2008-12-24 23:34:10 | 00,006,240 | R--- | C] (MCCI) -- C:\WINDOWS\System32\drivers\se59cm.sys

[2008-12-24 23:34:01 | 00,061,536 | R--- | C] (MCCI) -- C:\WINDOWS\System32\drivers\se59bus.sys

[2008-12-24 23:34:01 | 00,005,872 | R--- | C] (MCCI) -- C:\WINDOWS\System32\drivers\se59whnt.sys

[2008-12-24 23:34:01 | 00,005,872 | R--- | C] (MCCI) -- C:\WINDOWS\System32\drivers\se59wh.sys

[2008-12-24 23:29:03 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Familj\Application Data\Teleca

[2008-12-24 23:24:19 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Familj\Application Data\Sony Ericsson

[2008-12-24 23:17:17 | 00,002,044 | ---- | C] () -- C:\Documents and Settings\All Users\Skrivbord\Sony Ericsson PC Suite.lnk

[2008-12-24 23:15:37 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sony Ericsson

[2008-12-24 23:06:54 | 00,000,000 | ---D | C] -- C:\Program\Delade filer\Sony Ericsson Shared

[2008-12-24 23:06:29 | 00,000,000 | ---D | C] -- C:\Program\Delade filer\Teleca Shared

[2008-12-24 23:06:24 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Teleca

[2008-12-24 23:05:49 | 00,000,000 | ---D | C] -- C:\WINDOWS\Downloaded Installations

[2008-12-24 21:49:56 | 00,001,631 | ---- | C] () -- C:\Documents and Settings\All Users\Skrivbord\Disc2Phone.lnk

[2008-12-24 21:49:50 | 00,000,000 | ---D | C] -- C:\Program\Disc2Phone

[2008-12-22 22:13:02 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Familj\Skrivbord\Isak II

[2008-12-15 16:43:40 | 10,731,39712 | -HS- | C] () -- C:\hiberfil.sys

[2008-12-09 22:09:51 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Familj\Mina dokument\Jumpstyle

 

========== Files - Modified Within 30 Days ==========

 

[2 C:\WINDOWS\System32\*.tmp files]

[6 C:\WINDOWS\*.tmp files]

[2009-01-02 19:11:23 | 00,423,424 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Familj\Skrivbord\OTViewIt.exe

[2009-01-02 18:12:47 | 00,002,422 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2009-01-02 18:12:32 | 00,181,031 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml

[2009-01-02 18:12:15 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT

[2009-01-02 18:12:13 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2009-01-02 18:12:11 | 10,731,39712 | -HS- | M] () -- C:\hiberfil.sys

[2009-01-02 18:11:25 | 00,030,264 | ---- | M] () -- C:\WINDOWS\System32\BMXStateBkp-{00000002-00000000-0000000A-00001102-00000004-005B1102}.rfx

[2009-01-02 18:11:25 | 00,030,264 | ---- | M] () -- C:\WINDOWS\System32\BMXState-{00000002-00000000-0000000A-00001102-00000004-005B1102}.rfx

[2009-01-02 18:11:25 | 00,027,816 | ---- | M] () -- C:\WINDOWS\System32\BMXCtrlState-{00000002-00000000-0000000A-00001102-00000004-005B1102}.rfx

[2009-01-02 18:11:25 | 00,027,816 | ---- | M] () -- C:\WINDOWS\System32\BMXBkpCtrlState-{00000002-00000000-0000000A-00001102-00000004-005B1102}.rfx

[2009-01-02 18:11:25 | 00,011,564 | ---- | M] () -- C:\WINDOWS\System32\DVCState-{00000002-00000000-0000000A-00001102-00000004-005B1102}.rfx

[2009-01-02 18:11:25 | 00,001,080 | ---- | M] () -- C:\WINDOWS\System32\settingsbkup.sfm

[2009-01-02 18:11:25 | 00,001,080 | ---- | M] () -- C:\WINDOWS\System32\settings.sfm

[2009-01-02 18:04:53 | 00,132,597 | ---- | M] () -- C:\Documents and Settings\Familj\Skrivbord\Flash_Disinfector.exe

[2009-01-02 13:08:02 | 00,003,928 | ---- | M] () -- C:\WINDOWS\System32\tmp.reg

[2009-01-02 11:47:19 | 00,000,570 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled scanning task.job

[2009-01-01 21:53:29 | 00,000,410 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{AFF56496-4255-45CE-8F4F-D9E31F0E14A7}.job

[2008-12-31 00:25:52 | 00,000,599 | ---- | M] () -- C:\Documents and Settings\Familj\Mina dokument\Mina delade mappar.lnk

[2008-12-31 00:22:53 | 00,002,111 | ---- | M] () -- C:\Documents and Settings\All Users\Skrivbord\iTunes.lnk

[2008-12-30 18:09:46 | 00,000,255 | RHS- | M] () -- C:\autorun.inf

[2008-12-30 18:01:17 | 00,000,272 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job

[2008-12-29 17:35:31 | 00,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat

[2008-12-24 23:17:18 | 00,002,044 | ---- | M] () -- C:\Documents and Settings\All Users\Skrivbord\Sony Ericsson PC Suite.lnk

[2008-12-24 23:06:18 | 00,415,638 | ---- | M] () -- C:\WINDOWS\System32\perfh01D.dat

[2008-12-24 23:06:18 | 00,413,018 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2008-12-24 23:06:18 | 00,078,294 | ---- | M] () -- C:\WINDOWS\System32\perfc01D.dat

[2008-12-24 23:06:18 | 00,066,512 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[2008-12-24 23:06:15 | 00,987,026 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI

[2008-12-24 21:49:56 | 00,001,631 | ---- | M] () -- C:\Documents and Settings\All Users\Skrivbord\Disc2Phone.lnk

[2008-12-23 22:17:05 | 00,137,688 | ---- | M] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys

[2008-12-23 22:16:56 | 00,202,040 | ---- | M] () -- C:\WINDOWS\System32\PnkBstrB.exe

[2008-12-22 22:26:56 | 02,111,766 | -H-- | M] () -- C:\Documents and Settings\Familj\Lokala inställningar\Application Data\IconCache.db

[2008-12-21 20:04:13 | 00,052,736 | ---- | M] () -- C:\Documents and Settings\Familj\Lokala inställningar\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2008-12-21 19:40:26 | 00,000,022 | ---- | M] () -- C:\ur.dat

[2008-12-13 07:39:18 | 03,593,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mshtml.dll

[2008-12-13 07:39:18 | 03,593,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll

[2008-12-12 00:57:43 | 00,078,336 | ---- | M] (S!Ri.URZ) -- C:\WINDOWS\System32\Agent.OMZ.Fix.exe

[2008-12-10 21:58:39 | 00,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK

[2008-12-10 00:24:37 | 17,593,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe

[2008-12-03 19:52:38 | 00,038,496 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys

[2008-12-03 19:52:34 | 00,015,504 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

< End of report >

[/log]

 

[log]OTViewIt Extras logfile created on: 2009-01-02 19:12:21 - Run

OTViewIt by OldTimer - Version 1.0.20.1 Folder = C:\Documents and Settings\Familj\Skrivbord

Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 7.0.5730.11)

Locale: 0000041D | Country: Sverige | Language: SVE | Date Format: yyyy-MM-dd

 

1023,36 Mb Total Physical Memory | 585,57 Mb Available Physical Memory | 57,22% Memory free

2,40 Gb Paging File | 1,97 Gb Available in Paging File | 81,77% Paging File free

Paging file location(s): C:\pagefile.sys 1536 3072;

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program

Drive C: | 232,88 Gb Total Space | 118,17 Gb Free Space | 50,74% Space Free | Partition Type: NTFS

D: Drive not present or media not loaded

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

 

Computer Name: MAGNUS-0219C09C

Current User Name: Familj

Logged in as Administrator.

 

Current Boot Mode: Normal

Scan Mode: All users

Whitelist: On

File Age = 30 Days

 

========== File Associations ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

 

========== Security Center Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"FirstRunDisabled"=1

"AntiVirusDisableNotify"=0

"FirewallDisableNotify"=0

"UpdatesDisableNotify"=0

"AntiVirusOverride"=0

"FirewallOverride"=0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile

"EnableFirewall"=1

"DoNotAllowExceptions"=0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts]

 

========== Authorized Applications List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[2008-04-14 17:05:18 | 00,141,312 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019

[2008-04-13 19:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000

[2007-10-18 11:35:08 | 05,724,184 | ---- | M] (Microsoft Corporation) -- C:\Program\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger

[2007-10-02 17:18:24 | 00,304,488 | ---- | M] (Microsoft Corporation) -- C:\Program\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

[2008-04-14 17:05:18 | 00,141,312 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019

[2008-02-08 22:32:57 | 00,147,456 | ---- | M] (Lime Wire, LLC) -- C:\Program\LimeWire\LimeWire.exe:*:Enabled:LimeWire

[2008-04-13 19:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000

[2006-02-19 03:21:22 | 00,288,472 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe

[2006-02-19 04:24:52 | 00,239,320 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program\Hewlett-Packard\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe

[2006-04-20 23:13:30 | 00,231,000 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program\Hewlett-Packard\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe

[2006-04-20 20:28:12 | 00,040,960 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program\Hewlett-Packard\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe

[2006-04-20 22:43:46 | 00,087,640 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program\Hewlett-Packard\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe

[2006-02-16 23:19:34 | 00,192,512 | ---- | M] () -- C:\Program\Hewlett-Packard\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe

[2006-02-16 21:49:52 | 01,085,440 | R--- | M] (Hewlett-Packard) -- C:\Program\Hewlett-Packard\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe

[2006-04-20 23:06:26 | 00,181,848 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program\Hewlett-Packard\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe

[2006-02-15 09:37:26 | 00,147,511 | R--- | M] (Hewlett-Packard) -- C:\Program\Hewlett-Packard\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe

[2006-04-20 23:13:00 | 00,456,280 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program\Hewlett-Packard\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe

[2006-02-09 15:43:36 | 00,110,592 | R--- | M] (Hewlett-Packard) -- C:\Program\Hewlett-Packard\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe

[2006-02-09 15:41:28 | 00,573,440 | ---- | M] ( ) -- C:\Program\Hewlett-Packard\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe

[2006-04-20 22:42:18 | 00,063,064 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program\Hewlett-Packard\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe

[2006-02-19 04:29:46 | 00,139,264 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program\Hewlett-Packard\Digital Imaging\bin\hpqnrs08.exe:*:Enabled:hpqnrs08.exe

[2008-12-14 21:00:48 | 00,270,128 | ---- | M] (BitTorrent, Inc.) -- C:\Program\uTorrent\uTorrent.exe:*:Enabled:µTorrent

[2008-08-29 09:18:44 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour

[2007-03-07 02:38:12 | 00,114,688 | ---- | M] (FrostWire Group) -- C:\Program\FrostWire\FrostWire.exe:*:Enabled:FrostWire

[2001-08-23 09:24:42 | 00,876,544 | ---- | M] () -- C:\Program\Quake III Arena\quake3.exe:*:Enabled:quake3

[2008-10-23 19:30:26 | 00,066,872 | ---- | M] () -- C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA

[2008-12-23 22:16:56 | 00,202,040 | ---- | M] () -- C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB

[2008-06-20 14:43:00 | 03,330,048 | ---- | M] () -- C:\Program\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:*:Enabled:Call of Duty® 4 - Modern Warfare

[2007-10-18 11:35:08 | 05,724,184 | ---- | M] (Microsoft Corporation) -- C:\Program\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger

[2007-10-02 17:18:24 | 00,304,488 | ---- | M] (Microsoft Corporation) -- C:\Program\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)

[2008-11-20 13:20:48 | 14,294,824 | ---- | M] (Apple Inc.) -- C:\Program\iTunes\iTunes.exe:*:Enabled:iTunes

[2008-09-23 13:17:06 | 21,755,688 | R--- | M] (Skype Technologies S.A.) -- C:\Program\Skype\Phone\Skype.exe:*:Enabled:Skype

 

========== (O10) Winsock2 Catalogs ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\]

NameSpace_Catalog5\Catalog_Entries\000000000004 [mdnsNSP] -- C:\Program\Bonjour\mdnsNSP.dll (Apple Inc.)

Protocol_Catalog9\Catalog_Entries\000000000001 -- C:\Program\Telia\Telias sakerhetstjanster\FSPS\program\fslsp.dll (F-Secure Corporation)

Protocol_Catalog9\Catalog_Entries\000000000002 -- C:\Program\Telia\Telias sakerhetstjanster\FSPS\program\fslsp.dll (F-Secure Corporation)

Protocol_Catalog9\Catalog_Entries\000000000003 -- C:\Program\Telia\Telias sakerhetstjanster\FSPS\program\fslsp.dll (F-Secure Corporation)

Protocol_Catalog9\Catalog_Entries\000000000004 -- C:\Program\Telia\Telias sakerhetstjanster\FSPS\program\fslsp.dll (F-Secure Corporation)

Protocol_Catalog9\Catalog_Entries\000000000005 -- C:\Program\Telia\Telias sakerhetstjanster\FSPS\program\fslsp.dll (F-Secure Corporation)

Protocol_Catalog9\Catalog_Entries\000000000006 -- C:\Program\Telia\Telias sakerhetstjanster\FSPS\program\fslsp.dll (F-Secure Corporation)

Protocol_Catalog9\Catalog_Entries\000000000007 -- C:\Program\Telia\Telias sakerhetstjanster\FSPS\program\fslsp.dll (F-Secure Corporation)

Protocol_Catalog9\Catalog_Entries\000000000008 -- C:\Program\Telia\Telias sakerhetstjanster\FSPS\program\fslsp.dll (F-Secure Corporation)

Protocol_Catalog9\Catalog_Entries\000000000009 -- C:\Program\Telia\Telias sakerhetstjanster\FSPS\program\fslsp.dll (F-Secure Corporation)

Protocol_Catalog9\Catalog_Entries\000000000010 -- C:\Program\Telia\Telias sakerhetstjanster\FSPS\program\fslsp.dll (F-Secure Corporation)

Protocol_Catalog9\Catalog_Entries\000000000011 -- C:\Program\Telia\Telias sakerhetstjanster\FSPS\program\fslsp.dll (F-Secure Corporation)

Protocol_Catalog9\Catalog_Entries\000000000012 -- C:\Program\Telia\Telias sakerhetstjanster\FSPS\program\fslsp.dll (F-Secure Corporation)

Protocol_Catalog9\Catalog_Entries\000000000013 -- C:\Program\Telia\Telias sakerhetstjanster\FSPS\program\fslsp.dll (F-Secure Corporation)

Protocol_Catalog9\Catalog_Entries\000000000014 -- C:\Program\Telia\Telias sakerhetstjanster\FSPS\program\fslsp.dll (F-Secure Corporation)

Protocol_Catalog9\Catalog_Entries\000000000015 -- C:\Program\Telia\Telias sakerhetstjanster\FSPS\program\fslsp.dll (F-Secure Corporation)

Protocol_Catalog9\Catalog_Entries\000000000016 -- C:\Program\Telia\Telias sakerhetstjanster\FSPS\program\fslsp.dll (F-Secure Corporation)

Protocol_Catalog9\Catalog_Entries\000000000017 -- C:\Program\Telia\Telias sakerhetstjanster\FSPS\program\fslsp.dll (F-Secure Corporation)

Protocol_Catalog9\Catalog_Entries\000000000018 -- C:\Program\Telia\Telias sakerhetstjanster\FSPS\program\fslsp.dll (F-Secure Corporation)

Protocol_Catalog9\Catalog_Entries\000000000019 -- C:\Program\Telia\Telias sakerhetstjanster\FSPS\program\fslsp.dll (F-Secure Corporation)

Protocol_Catalog9\Catalog_Entries\000000000020 -- C:\Program\Telia\Telias sakerhetstjanster\FSPS\program\fslsp.dll (F-Secure Corporation)

Protocol_Catalog9\Catalog_Entries\000000000021 -- C:\Program\Telia\Telias sakerhetstjanster\FSPS\program\fslsp.dll (F-Secure Corporation)

 

========== (O18) Protocol Handlers ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]

ipp: [HKLM - No CLSID value]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers

[2008-04-14 17:04:42 | 00,532,480 | ---- | M] (Microsoft Corporation) C:\Program\Delade filer\System\Ole DB\msdaipp.dll ipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - Microsoft OLE DB Moniker Binder for Internet Publishing]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]

[2007-10-18 11:31:54 | 00,066,072 | ---- | M] (Microsoft Corporation) C:\Program\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (livecall:{828030A1-22C1-4009-854F-8E305202313F} (HKLM) [Reg Error: Value does not exist or could not be read.])

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]

msdaipp: [HKLM - No CLSID value]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers

[2008-04-14 17:04:42 | 00,532,480 | ---- | M] (Microsoft Corporation) C:\Program\Delade filer\System\Ole DB\msdaipp.dll msdaipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - Microsoft OLE DB Moniker Binder for Internet Publishing]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers

[2008-04-14 17:04:42 | 00,532,480 | ---- | M] (Microsoft Corporation) C:\Program\Delade filer\System\Ole DB\msdaipp.dll msdaipp\oledb:{E1D2BF40-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAIPP.BINDER]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]

[2007-10-18 11:31:54 | 00,066,072 | ---- | M] (Microsoft Corporation) C:\Program\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (msnim:{828030A1-22C1-4009-854F-8E305202313F} (HKLM) [Reg Error: Value does not exist or could not be read.])

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]

[2008-09-23 13:17:06 | 01,942,864 | R--- | M] (Skype Technologies) C:\Program\Delade filer\Skype\Skype4COM.dll (skype4com:{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} (HKLM) [iEProtocolHandler Class])

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]

[2007-10-23 12:14:52 | 00,858,136 | ---- | M] (Microsoft Corporation) C:\Program\Windows Live\Mail\mailcomm.dll (wlmailhtml:{03C514A3-1EFB-4856-9F99-10D7BE1653C0} (HKLM) [Windows Live Mail HTML Asynchronous Pluggable Protocol Handler])

 

========== HKEY_LOCAL_MACHINE Uninstall List ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{0002041D-78E1-11D2-B60F-006097C998E7}"=Microsoft Office 2000 Standard

"{050C1C8E-4A4D-4C2F-B9AE-67E60EE91B7F}"=Call of Duty® 4 - Modern Warfare 1.3 Patch

"{09DA4F91-2A09-4232-AB8C-6BC740096DE3}"=Sonic Update Manager

"{0A65A3BD-54B5-4d0d-B084-7688507813F5}"=SlideShow

"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}"=ATI Control Panel

"{14D9D3BE-531E-47BC-8746-92D391D3EA4A}"=Popup-blockeraren (Windows Live Toolbar)

"{15C0AF59-4877-49B6-B8C6-A61CE54515F5}"=cp_OnlineProjectsConfig

"{18455581-E099-4BA8-BC6B-F34B2F06600C}"=Google Toolbar for Internet Explorer

"{19B622A5-0956-4080-843C-53A2E378BE5E}"=OneCare Advisor (Windows Live Toolbar)

"{1A9DEF19-760C-4e01-958F-D9B8E6C61B90}"=c5100_Help

"{1EC73FB6-97FD-48EE-8100-CA969A56E727}"=TopSpin

"{1F51A0CA-2BDD-474E-BB90-C7FA8EA78F52}"=ImageMixer VCD/DVD2 for OLYMPUS

"{20503DFE-E5B2-491E-B2C5-8BCB5BF5B9E9}"=Windows Live Messenger

"{2318C2B1-4965-11d4-9B18-009027A5CD4F}"=Google Toolbar for Internet Explorer

"{2376813B-2E5A-4641-B7B3-A0D5ADB55229}"=HPPhotoSmartExpress

"{2604C0F9-BFD3-4BA0-9EB5-22537C648F03}"=MobileMe Control Panel

"{26A24AE4-039D-4CA4-87B4-2F83216010FF}"=Java 6 Update 11

"{2F58D60D-2BFD-4467-9B4D-64E7355C329D}"=Sonic_PrimoSDK

"{318AB667-3230-41B5-A617-CB3BF748D371}"=iTunes

"{3248F0A8-6813-11D6-A77B-00B0D0150080}"=J2SE Runtime Environment 5.0 Update 8

"{3248F0A8-6813-11D6-A77B-00B0D0150100}"=J2SE Runtime Environment 5.0 Update 10

"{3248F0A8-6813-11D6-A77B-00B0D0150110}"=J2SE Runtime Environment 5.0 Update 11

"{3248F0A8-6813-11D6-A77B-00B0D0160010}"=Java SE Runtime Environment 6 Update 1

"{3248F0A8-6813-11D6-A77B-00B0D0160020}"=Java 6 Update 2

"{3248F0A8-6813-11D6-A77B-00B0D0160030}"=Java 6 Update 3

"{3248F0A8-6813-11D6-A77B-00B0D0160050}"=Java 6 Update 5

"{3248F0A8-6813-11D6-A77B-00B0D0160070}"=Java 6 Update 7

"{3250D2E9-692D-4C7A-A54D-1C48CD833903}_is1"=GTR

"{33BF0960-DBA3-4187-B6CC-C969FCFA2D25}"=SkinsHP1

"{350C941d-3D7C-4EE8-BAA9-00BCB3D54227}"=WebFldrs XP

"{363790D2-DA98-41DD-9C9F-69FA36B169DE}"=PanoStandAlone

"{36FDBE6E-6684-462B-AE98-9A39A1B200CC}"=HP Product Assistant

"{39F73F7F-53C8-474C-B4D7-63DF3A063CF5}"=Feedidentifiering (Windows Live Toolbar)

"{3BD633E0-4BF8-4499-9149-88F0767D449C}"=Call of Duty® 4 - Modern Warfare 1.4 Patch

"{41E776A5-9B12-416D-9A12-B4F7B044EBED}"=CP_Package_Basic1

"{43DCF766-6838-4F9A-8C91-D92DA586DFA8}"=Microsoft Windows Journal Viewer

"{45B8A76B-57EC-4242-B019-066400CD8428}"=BufferChm

"{4EA684E9-5C81-4033-A696-3019EC57AC3A}"=HPProductAssistant

"{53EE9E42-CECB-4C92-BF76-9CA65DAF8F1C}"=FullDPAppQFolder

"{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}"=Skype™ 3.8

"{5D7767FA-7FE8-4627-9F09-AEF7A25F1E07}"=Call of Duty® 4 - Modern Warfare 1.1 Patch

"{64E09E82-610D-4FB9-8722-1D2D1CD65A6B}"=Windows Live Toolbar Extension (Windows Live Toolbar)

"{66910000-8B30-4973-A159-6371345AFFA5}"=WebReg

"{6696D9A4-28A8-4F5A-8E9A-2E8974C8C39C}"=RandMap

"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}"=eSupportQFolder

"{68763C27-235D-4165-A961-FDEA228CE504}"=AiOSoftwareNPI

"{6909F917-5499-482e-9AA1-FAD06A99F231}"=Toolbox

"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}"=Apple Software Update

"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}"=CustomerResearchQFolder

"{716E0306-8318-4364-8B8F-0CC4E9376BAC}"=MSXML 4.0 SP2 Parser and SDK

"{736C803C-DD3B-4015-BC51-AFB9E67B9076}"=Readme

"{7664A2EF-34F5-42D2-8FD8-4FEF0047A929}"=Windows Live Mail

"{7C03270C-4FAB-4F5C-B10D-52FEDA190790}"=DocumentViewerQFolder

"{7E20EFE6-E604-48C6-8B39-BA4742F2CDB4}"=Zune Desktop Theme

"{7E7B7865-6C80-4373-8BC1-C2EB9431F9DE}"=ProductContextNPI

"{8331C3EA-0C91-43AA-A4D4-27221C631139}"=Status

"{8503C901-85D7-4262-88D2-8D8B2A7B08B8}"=Call of Duty® 4 - Modern Warfare 1.5 Patch

"{87E2B986-07E8-477a-93DC-AF0B6758B192}"=DocProcQFolder

"{8984E374-6C93-427C-A3B9-AD92472FDCA0}"=Windows Live inloggningsassistenten

"{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}"=Call of Duty® 4 - Modern Warfare 1.6 Patch

"{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}"=Bonjour

"{8A4CE7FD-9657-4B06-9943-E1819F3D5D67}"=DocProc

"{8CE4E6E9-9D55-43FB-9DDB-688C976BFC05}"=Unload

"{909F8EBC-EC7F-48FF-0085-475D818F0F31}"=Need for Speed Underground 2

"{931C37FC-594D-43A9-B10F-A2F2B1F03498}"=Call of Duty® 4 - Modern Warfare 1.7 Patch

"{95120000-00B9-0409-0000-0000000FF1CE}"=Microsoft Application Error Reporting

"{9541FED0-327F-4DF0-8B96-EF57EF622F19}"=Sonic RecordNow!

"{992A2DB1-4ABC-4738-BD71-045C5FFE00D1}"=Microsoft .NET Framework 1.1 Swedish Language Pack

"{996512CF-F35B-48DE-9291-557FA5316967}"=ScannerCopy

"{9A00D1BA-D03A-44E5-AF28-86A1F377DF61}"=The Sims Makin' Magic

"{A29800BA-0BF1-4E63-9F31-DF05A87F4104}"=InstantShareDevices

"{A48B9CD8-C2BA-4EC9-0081-7260D238C7CF}"=Need for Speed™ Most Wanted

"{A49F249F-0C91-497F-86DF-B2585E8E76B7}"=Microsoft Visual C++ 2005 Redistributable

"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}"=DeviceManagementQFolder

"{AC76BA86-7AD7-1033-7646-A00000000001}"=Adobe Reader 6.0.1

"{AF131494-F5D8-45C5-938C-D5F020CF1B0D}"=Tom Clancy's Rainbow Six 3: Raven Shield

"{B2157760-AA3C-4E2E-BFE6-D20BC52495D9}"=cp_PosterPrintConfig

"{B376402D-58EA-45EA-BD50-DD924EB67A70}"=Skapa HP arkiv-CD

"{B3B9BC18-2A09-4728-9B46-12E85FF3F628}"=C5100

"{B508B3F1-A24A-32C0-B310-85786919EF28}"=Microsoft .NET Framework 2.0 Service Pack 1

"{B6286A44-7505-471A-A72B-04EC2DB2F442}"=CueTour

"{B69CFE29-FD03-4E0A-87A7-6ED97F98E5B3}"=CP_Panorama1Config

"{BA820A24-704B-428D-9904-71A10DAC1372}"=OLYMPUS Master

"{BAA6BD76-9B5A-4ED3-98BE-0127E8F14541}"=Windows Live Photo Gallery

"{BB05D173-9681-4812-A7FA-BD4042A3DA00}"=Alky for Applications (Windows XP)

"{BBB139EF-4D72-4AD1-82C1-F81C906B986E}"=Thrillville Off The Rails Demo

"{BDBE2F3E-42DB-4d4a-8CB1-19BA765DBC6C}"=HP Photosmart, Officejet and Deskjet 7.0.A

"{C1C6767D-B395-43CB-BF99-051B58B86DA6}"=PhotoGallery

"{C7F54CF8-D6FB-4E0A-93A3-E68AE0D6C476}"=SolutionCenter

"{C8753E28-2680-49BF-BD48-DD38FD086EFE}"=AiO_Scan_CDA

"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}"=Microsoft .NET Framework 1.1

"{CC7F0FAA-9768-4CE2-B133-72C66492EC06}"=LS-USBMX1/2/3 Steering...

"{D417C96A-FCC7-4590-A1BB-FAF73F5BC98E}"=GTA San Andreas

"{DBC20735-34E6-4E97-A9E5-2066B66B243D}"=TrayApp

"{E0828692-FD9D-459F-9312-C645C3CA6650}"=HP Photo and Imaging 2.0 - Deskjet Series

"{E17F76BE-50E9-4E7C-ADF6-6D8F44A9C6F3}"=Windows Live installer

"{E1B80DEE-A795-4258-8445-074C06AE3AB8}"=MarketResearch

"{E48469CC-635E-4FD5-A122-1497C286D217}"=Call of Duty® 4 - Modern Warfare

"{E5141379-B2D9-4BBC-BB2A-5805541571DD}"=Call of Duty® 4 - Modern Warfare 1.2 Patch

"{EBD5E7A9-DBB8-4E24-AE3A-CF9390AF1CCB}"=Choice Guard

"{EC4455AB-F155-4CC1-A4C5-88F3777F9886}"=Apple Mobile Device Support

"{ED2C557E-9C18-41FF-B58E-A05EEF0B3B5F}"=CP_CalendarTemplates1

"{EDE8FB19-9809-445E-991A-AE51EFA7E653}"=Verktygsfältet Outlook (Windows Live Toolbar)

"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}"=Microsoft SQL Server 2005 Compact Edition [ENU]

"{F157460F-720E-482f-8625-AD7843891E5F}"=InstantShareDevicesMFC

"{F3760724-B29D-465B-BC53-E5D72095BCC4}"=Scan

"{F6076EF9-08E1-442F-B6A2-BFB61B295A14}"=Fax_CDA

"{F79AAB3A-B8B4-4AC7-94AB-1C4C076C6A89}"=The Simpsons Hit & Run

"{F958CA02-BB40-4007-894B-258729456EE4}"=QuickTime

"{FB15E224-67C3-491F-9F5C-F257BC418412}"=Destinations

"{FBB980B0-63F8-4B48-8D65-90F1D9F81D9F}"=NewCopy_CDA

"{FE57DE70-95DE-4B64-9266-84DA811053DB}"=HP Update

"{FE6397C1-CECA-4EC3-B064-42AED7676898}"=Sony Ericsson PC Suite

"{FE7E1DD7-EBCE-4696-ADE2-22BDBF2372DA}"=DocumentViewer

"{FEDA56C4-82F3-46DD-8B50-FC592BBE1C0D}"=hp deskjet 5100

"{FFAB5ABB-8AAB-42E2-847F-1743E51E01E9}"=Disc2Phone

"18 Wheels of Steel: Haulin'"=18 Wheels of Steel: Haulin'

"AC3Filter"=AC3Filter (remove only)

"Adobe Flash Player ActiveX"=Adobe Flash Player ActiveX

"Adobe Shockwave Player"=Adobe Shockwave Player

"All ATI Software"=ATI - Hjälp för avinstallation av program

"ATI Display Driver"=ATI Display Driver

"AudioConSole"=Creative Audio Console

"AviSynth"=AviSynth 2.5

"bcMPEG2dec"=bitcontrol® MPEG-2 Video Decoder v2.1

"Big Scale Racing"=Big Scale Racing

"Bonniers Trafikskola 4.0"=Bonniers Trafikskola 4.0

"Chefrens Pyramid"=Chefrens Pyramid

"DVD Decrypter"=DVD Decrypter (Remove Only)

"FrostWire"=FrostWire 4.17.0

"F-Secure Product 277"=Telia Säker Surf

"HijackThis"=HijackThis 2.0.2

"HP Document Viewer"=HP Document Viewer 7.0

"HP Imaging Device Functions"=HP Imaging Device Functions 7.0

"HP Photo & Imaging"=HP Photosmart Premier Software 6.5

"hp print screen utility"=hp print screen utility

"HP Solution Center & Imaging Support Tools"=HP Solution Center 7.0

"HPExtendedCapabilities"=HP Customer Participation Program 7.0

"HPOCR"=OCR Software by I.R.I.S 7.0

"HTMLExecutableIERuntimeSetup44"=HTML Executable IERuntime

"IDNMitigationAPIs"=Microsoft Internationalized Domain Names Mitigation APIs

"ie7"=Windows Internet Explorer 7

"InstallShield_{050C1C8E-4A4D-4C2F-B9AE-67E60EE91B7F}"=Call of Duty® 4 - Modern Warfare 1.3 Patch

"InstallShield_{1EC73FB6-97FD-48EE-8100-CA969A56E727}"=TopSpin

"InstallShield_{3BD633E0-4BF8-4499-9149-88F0767D449C}"=Call of Duty® 4 - Modern Warfare 1.4 Patch

"InstallShield_{5D7767FA-7FE8-4627-9F09-AEF7A25F1E07}"=Call of Duty® 4 - Modern Warfare 1.1 Patch

"InstallShield_{8503C901-85D7-4262-88D2-8D8B2A7B08B8}"=Call of Duty® 4 - Modern Warfare 1.5 Multiplayer Patch

"InstallShield_{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}"=Call of Duty® 4 - Modern Warfare 1.6 Patch

"InstallShield_{931C37FC-594D-43A9-B10F-A2F2B1F03498}"=Call of Duty® 4 - Modern Warfare 1.7 Patch

"InstallShield_{BA820A24-704B-428D-9904-71A10DAC1372}"=OLYMPUS Master

"InstallShield_{E48469CC-635E-4FD5-A122-1497C286D217}"=Call of Duty® 4 - Modern Warfare

"InstallShield_{E5141379-B2D9-4BBC-BB2A-5805541571DD}"=Call of Duty® 4 - Modern Warfare 1.2 Patch

"LodeRunner_OnLine"=Lode Runner Online

"Malwarebytes' Anti-Malware_is1"=Malwarebytes' Anti-Malware

"Messenger Plus! Live"=Messenger Plus! Live

"Microsoft .NET Framework 1.1 (1033)"=Microsoft .NET Framework 1.1

"MSCompPackV1"=Microsoft Compression Client Pack 1.0 for Windows XP

"MsgPlus! Plugin"=Messenger Plus! 3

"Net iD"=Net iD 4.4

"NLSDownlevelMapping"=Microsoft National Language Support Downlevel APIs

"NVIDIA Drivers"=NVIDIA Drivers

"Personal"=BankID säkerhetsprogram 4.10

"Postal 2 Share The Pain"=Postal 2 Share The Pain

"Quake III Arena"=Quake III Arena

"Quake III Team Arena"=Quake III Team Arena

"Shockwave"=Shockwave

"ShockwaveFlash"=Adobe Flash Player 9 ActiveX

"Snake 2_is1"=Snake 2.8.2

"Sony Ericsson Themes Creator"=Sony Ericsson Themes Creator 3.27

"SystemRequirementsLab"=System Requirements Lab

"Torino 2006_0001"=Torino 2006

"WIC"=Windows Imaging Component

"Videora iPod Converter"=Videora iPod Converter 4.02

"Windows Media Format Runtime"=Windows Media Format 11 runtime

"Windows Media Player"=Windows Media Player 11

"Windows XP Service Pack"=Windows XP Service Pack 3

"WinRAR archiver"=WinRAR archiver

"VLC media player"=VideoLAN VLC media player 0.8.6i

"WMFDist11"=Windows Media Format 11 runtime

"wmp11"=Windows Media Player 11

"World of Warcraft"=World of Warcraft

"WSC2005_1.0"=World Snooker Championship 2005

"Wudf01000"=Microsoft User-Mode Driver Framework Feature Pack 1.0

"Xilisoft 3GP Video Converter"=Xilisoft 3GP Video Converter

"Xvid_is1"=Xvid 1.1.2 final uninstall

 

========== HKEY_CURRENT_USER Uninstall List ==========

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"uTorrent"=µTorrent

 

========== HKEY_USERS Uninstall List ==========

 

[HKEY_USERS\S-1-5-21-343818398-1788223648-725345543-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"uTorrent"=µTorrent

 

========== Last 10 Event Log Errors ==========

 

[ Application Events ]

Error - 2008-12-30 13:45:52 | Computer Name = MAGNUS-0219C09C | Source = F-Secure Anti-Virus | ID = 103

Description = 3 2008-12-30 18:45:51+02:00 magnus-0219c09c MAGNUS-0219C09C\Familj

F-Secure Anti-Virus Malicious code found in file C:\DOCUMENTS AND SETTINGS\ALL

USERS\DOKUMENT\MIN MUSIK\EXEMPELMUSIK\SAVE2PC.PRO.3.5.0.0.INCL.PATCH-DIMA555\SAVE2PC.PRO.3.5.0.0-PATCH.EXE.

Infection: W32/Packed_NSPack.B

 

Error - 2008-12-30 13:55:56 | Computer Name = MAGNUS-0219C09C | Source = Application Error | ID = 1000

Description = Felaktigt program iexplore.exe, version 7.0.6000.16762, felaktig modul

unknown, version 0.0.0.0, felaktig adress 0x00000000.

 

Error - 2008-12-30 18:12:09 | Computer Name = MAGNUS-0219C09C | Source = F-Secure Anti-Virus | ID = 103

Description = 1 2008-12-30 23:12:09+02:00 magnus-0219c09c MAGNUS-0219C09C\Familj

F-Secure Anti-Virus Manual scanning was finished - workstation was found infected!

 

 

Error - 2009-01-01 19:06:21 | Computer Name = MAGNUS-0219C09C | Source = F-Secure Anti-Virus | ID = 103

Description = 1 2009-01-02 00:06:21+02:00 magnus-0219c09c MAGNUS-0219C09C\Familj

F-Secure Anti-Virus Manual scanning was finished - workstation was found infected!

 

 

Error - 2009-01-02 07:32:11 | Computer Name = MAGNUS-0219C09C | Source = F-Secure Anti-Virus | ID = 103

Description = 1 2009-01-02 12:32:10+02:00 magnus-0219c09c MAGNUS-0219C09C\Familj

F-Secure Anti-Virus Malicious code found in file C:\DOCUMENTS AND SETTINGS\FAMILJ\SKRIVBORD\SMITFRAUDFIX\AGENT.OMZ.FIX.EXE.

Infection: W32/Zlob.gen123

 

Error - 2009-01-02 08:08:37 | Computer Name = MAGNUS-0219C09C | Source = F-Secure Anti-Virus | ID = 103

Description = 2 2009-01-02 13:08:37+02:00 magnus-0219c09c MAGNUS-0219C09C\Familj

F-Secure Anti-Virus Malicious code found in file C:\DOCUMENTS AND SETTINGS\FAMILJ\SKRIVBORD\SMITFRAUDFIX\AGENT.OMZ.FIX.EXE.

Infection: W32/Zlob.gen123

 

Error - 2009-01-02 08:14:26 | Computer Name = MAGNUS-0219C09C | Source = Application Error | ID = 1000

Description = Felaktigt program _is706.exe, version 12.0.0.49974, felaktig modul

_is706.exe, version 12.0.0.49974, felaktig adress 0x0001e48b.

 

Error - 2009-01-02 08:14:33 | Computer Name = MAGNUS-0219C09C | Source = Application Error | ID = 1000

Description = Felaktigt program set707.tmp, version 7.1.100.1248, felaktig modul

, version 0.0.0.0, felaktig adress 0x00000000.

 

Error - 2009-01-02 10:00:45 | Computer Name = MAGNUS-0219C09C | Source = Application Error | ID = 1000

Description = Felaktigt program iexplore.exe, version 7.0.6000.16762, felaktig modul

unknown, version 0.0.0.0, felaktig adress 0x00000000.

 

Error - 2009-01-02 10:01:01 | Computer Name = MAGNUS-0219C09C | Source = F-Secure Anti-Virus | ID = 103

Description = 3 2009-01-02 15:01:01+02:00 magnus-0219c09c MAGNUS-0219C09C\Familj

F-Secure Anti-Virus Manual scanning was finished - workstation was found infected!

 

 

 

< End of report >

[/log]

 

Link to comment
Share on other sites

Vet du om du har ett Nvidia- eller ett ATI-grafikkort? Det ser ut att finnas filer för båda typerna av grafikkort. Eller det är kanske ett ATI-grafikkort men moderkort med Nvidia-chipset, svårt att se.

 

Surfa till http://www.virustotal.com (fungerar bäst med Internet Explorer) klistra in följande filnamn i rutan, tryck på Skicka Fil och vänta tills resultatet är klart (Närvarande status blir genomförd). Klistra in resultatet från de olika antivirusprogrammen (inte Övrig information) här.

C:\Documents and Settings\Familj\Lokala inställningar\temp\jgameenp.sys

 

Kan du hitta en fil som heter _is706.exe i datorn? Eller set707.tmp?

 

Vad är det för skadliga filer som F-secure hittade vid skanningen i morse?

 

Starta Anteckningar (Start - Program - Tillbehör) och öppna filen C:\autorun.inf inifrån Anteckningar. Kopiera innehållet och klistra in i ditt svar.

 

Kontrollpanelen - Schemalagda aktiviteter

Ta reda på vilket program som startas av Scheduled scanning task.

[log]

Avinstallera dessa gamla versioner med säkerhetshål:

"{3248F0A8-6813-11D6-A77B-00B0D0150080}"=J2SE Runtime Environment 5.0 Update 8

"{3248F0A8-6813-11D6-A77B-00B0D0150100}"=J2SE Runtime Environment 5.0 Update 10

"{3248F0A8-6813-11D6-A77B-00B0D0150110}"=J2SE Runtime Environment 5.0 Update 11

"{3248F0A8-6813-11D6-A77B-00B0D0160010}"=Java™ SE Runtime Environment 6 Update 1

"{3248F0A8-6813-11D6-A77B-00B0D0160020}"=Java™ 6 Update 2

"{3248F0A8-6813-11D6-A77B-00B0D0160030}"=Java™ 6 Update 3

"{3248F0A8-6813-11D6-A77B-00B0D0160050}"=Java™ 6 Update 5

"{3248F0A8-6813-11D6-A77B-00B0D0160070}"=Java™ 6 Update 7[/log]

 

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.



×
×
  • Create New...