Just nu i M3-nätverket
Jump to content

610180.net


Hultas

Recommended Posts

Även jag har problem med detta gissel och hoppas någon kan ge tips för att bli av med otyget! Har själv utan framgång försökt rensa med ledning av de inlägg jag läst i detta och andra forum. Bifogar en logg från HiJackThis.

 

[log]Logfile of HijackThis v1.97.7

Scan saved at 18:07:27, on 2004-10-06

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\System32\CTSvcCDA.EXE

C:\Program\Delade filer\Microsoft Shared\VS7Debug\mdm.exe

C:\NORMAN\Nvc\BIN\NPFSVICE.EXE

C:\Norman\NVC\BIN\Zanda.exe

C:\WINDOWS\System32\SCardSvr.exe

C:\WINDOWS\system32\Smartscaps.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\wbem\wmiprvse.exe

C:\NORMAN\Nvc\BIN\NJEEVES.EXE

C:\NORMAN\Nvc\BIN\nvcoas.exe

C:\NORMAN\Nvc\BIN\nipsvc.exe

C:\NORMAN\Nvc\BIN\NVCSCHED.EXE

C:\WINDOWS\Explorer.exe

C:\ATI-CPanel\atiptaxx.exe

C:\Program\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe

C:\Program\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE

C:\WINDOWS\System32\CTHELPER.EXE

C:\NORMAN\Nvc\BIN\ZLH.EXE

C:\WINDOWS\System32\ezSP_Px.exe

C:\Program\Delade filer\Real\Update_OB\evntsvc.exe

C:\Program\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe

C:\Program\QuickTime\qttask.exe

C:\NORMAN\Nvc\BIN\cclaw.exe

C:\Program\HEWLET~1\HPSHAR~1\hpgs2wnf.exe

C:\NORMAN\Nvc\BIN\npfmsg2.exe

C:\WINDOWS\System32\ctfmon.exe

C:\Program\Creative\MediaSource\RemoteControl\RcMan.exe

C:\Program\Webroot\Spy Sweeper\SpySweeper.exe

C:\Program\Messenger\msmsgs.exe

C:\Program\Adobe\Acrobat 5.0\Distillr\AcroTray.exe

C:\Program\SmartTrust\SmartTrust Personal\Csp\SmartCertmover.exe

C:\Program\InterVideo\Common\Bin\WinCinemaMgr.exe

C:\WINDOWS\system32\wfxsnt40.exe

C:\Program\Symantec\WinFax\wfxctl32.exe

C:\Program\Symantec\WinFax\WFXMOD32.EXE

C:\Program\totalcmd\TOTALCMD.EXE

c:\HiJack\HijackThis.exe

C:\WINDOWS\System32\netsh.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://hot-searches.com/search.php?v=6&aff=4416814

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://hot-searches.com/index.php?v=6&aff=4416814

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.se

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar

R3 - Default URLSearchHook is missing

F0 - system.ini: Shell=Explorer.exe C:\WINDOWS\system32\fservice.exe

F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\system32\fservice.exe

O2 - BHO: myBar BHO - {0494D0D1-F8E0-41ad-92A3-14154ECE70AC} - C:\Program\MyWay\myBar\1.bin\MYBAR.DLL

O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: (no name) - {22B9A67D-E689-44B6-B775-0E8FE84B4F9B} - C:\WINDOWS\System32\hrimygm.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program\SPYBOT~1\SDHelper.dll

O2 - BHO: (no name) - {7FDBB431-E844-4912-892F-7E9A58F43751} - C:\WINDOWS\System32\phtjr.dll

O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program\google\googletoolbar2.dll

O2 - BHO: (no name) - {} - (no file)

O3 - Toolbar: &SearchBar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - C:\Program\MyWay\myBar\1.bin\MYBAR.DLL

O3 - Toolbar: MSN Verktygslåda - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program\MSN Toolbar\01.01.1629.0\sv\msntb.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program\google\googletoolbar2.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe

O4 - HKLM\..\Run: [ATIPTA] C:\ATI-CPanel\atiptaxx.exe

O4 - HKLM\..\Run: [CTSysVol] "C:\Program\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe"

O4 - HKLM\..\Run: [CTDVDDet] C:\Program\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE

O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE

O4 - HKLM\..\Run: [AsioReg] REGSVR32.EXE /S CTASIO.DLL

O4 - HKLM\..\Run: [sBDrvDet] "C:\Program\Creative\SB Drive Det\SBDrvDet.exe" /r

O4 - HKLM\..\Run: [updReg] C:\WINDOWS\UpdReg.EXE

O4 - HKLM\..\Run: [Norman ZANDA] C:\NORMAN\Nvc\BIN\ZLH.EXE /LOAD /SPLASH

O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe

O4 - HKLM\..\Run: [TkBellExe] C:\Program\Delade filer\Real\Update_OB\evntsvc.exe -osboot

O4 - HKLM\..\Run: [share-to-Web Namespace Daemon] "C:\Program\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [PSDrvCheck] "c:\program\pinnacle\liquid edition demo\program\PSDrvCheck.exe" -CheckReg

O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe -CheckReg

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe

O4 - HKCU\..\Run: [RemoteCenter] C:\Program\Creative\MediaSource\RemoteControl\RcMan.exe

O4 - HKCU\..\Run: [spySweeper] "C:\Program\Webroot\Spy Sweeper\SpySweeper.exe" /0

O4 - HKCU\..\Run: [MSMSGS] "C:\Program\Messenger\msmsgs.exe" /background

O4 - Startup: WinFax Application Port Starter.lnk = C:\WINDOWS\system32\wfxsnt40.exe

O4 - Startup: WinFax PRO Controller.lnk = C:\Program\Symantec\WinFax\wfxctl32.exe

O4 - Global Startup: Acrobat Assistant.lnk = C:\Program\Adobe\Acrobat 5.0\Distillr\AcroTray.exe

O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program\Delade filer\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Certificate Mover.lnk = ?

O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program\InterVideo\Common\Bin\WinCinemaMgr.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program\Microsoft Office\Office10\OSA.EXE

O8 - Extra context menu item: &Google Search - res://C:\Program\Google\GoogleToolbar1.dll/cmsearch.html

O8 - Extra context menu item: Backward &Links - res://C:\Program\Google\GoogleToolbar1.dll/cmbacklinks.html

O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program\Google\GoogleToolbar1.dll/cmcache.html

O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~2\Office10\EXCEL.EXE/3000

O8 - Extra context menu item: Si&milar Pages - res://C:\Program\Google\GoogleToolbar1.dll/cmsimilar.html

O9 - Extra button: Messenger (HKLM)

O9 - Extra 'Tools' menuitem: Messenger (HKLM)

O12 - Plugin for .spop: C:\Program\Internet Explorer\Plugins\NPDocBox.dll

O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/20030530/qtinstall.info.apple.com/bonnie/us/win/QuickTimeInstaller.exe

O16 - DPF: {6F74F92E-8DD8-4DDE-8FB8-CBB882A68048} (Microsoft Office XP Professional Step by Step Interactive) - file://C:\Program\Microsoft interaktiv träning\O10C\mitm0026.cab

O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37884.3066435185

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{2B8781EC-5B2C-44BB-9D68-EE70365BFE17}: NameServer = 195.67.199.18,195.67.199.19

[/log]

/Hultas

 

Link to comment
Share on other sites

Till att börja med måste du ha en nyare HijackThis. Ladda ner version 1.98.2 härifrån:

 

http://www.majorgeeks.com/download3155.html

 

Vad säger Norman om virus, för du har väl kört en full genomgång av din dator?

 

Filen fservice.exe tyder på trojanen Backdoor.Prorat:

http://www.sarc.com/avcenter/venc/data/backdoor.prorat.html

 

I den här tråden i ett annat forum så löser de det problemet:

http://www.wilderssecurity.com/showthread.php?t=42049

 

Bland annat genom att använda följande program:

http://www.trojanhunter.com/ (gratis trial)

http://www.mwti.net/antivirus/free_utilities.asp (gratis)

 

Om inget av ovanstående hjälper, men pröva dem först, så hittar jag följande olämpliga rader att ta bort i HijackThis:

 

[log]R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://hot-searches.com/search.php?v=6&aff=4416814

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://hot-searches.com/index.php?v=6&aff=4416814

F0 - system.ini: Shell=Explorer.exe C:\WINDOWS\system32\fservice.exe

F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\system32\fservice.exe

O2 - BHO: myBar BHO - {0494D0D1-F8E0-41ad-92A3-14154ECE70AC} - C:\Program\MyWay\myBar\1.bin\MYBAR.DLL

O2 - BHO: (no name) - {22B9A67D-E689-44B6-B775-0E8FE84B4F9B} - C:\WINDOWS\System32\hrimygm.dll

O2 - BHO: (no name) - {7FDBB431-E844-4912-892F-7E9A58F43751} - C:\WINDOWS\System32\phtjr.dll

O2 - BHO: (no name) - {} - (no file)

O3 - Toolbar: &SearchBar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - C:\Program\MyWay\myBar\1.bin\MYBAR.DLL

 

Stäng alla program utom HijackThis, inklusive webbläsare.

Klicka på Fix checked i HijackThis.

 

Starta om datorn i felsäkert läge genom att under uppstarten trycka på F8 upprepade gånger tills menyn syns där du väljer felsäkert läge.

 

Ställ in så att dolda (hidden) filer och mappar samt system filer och mappar syns enligt den här instruktionen:

http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2002092715262339

 

Sök och ta bort följande filer om de finns:

phtjr.dll

hrimygm.dll

c:\windows\system\sservice.exe

c:\windows\system\winkey.dll

c:\windows\system\ktd32.atm

c:\windows\system32\fservice.exe

 

Ta bort denna mapp:

c:\program\MyWay

 

Ta bort dem även från papperskorgen om de har hamnat där.

 

Start - Kör - msconfig - Ok

Fliken system.ini

Ta bort raden som ser ut som:

Shell=Explorer.exe C:\WINDOWS\system\fservice.exe

Fliken win.ini

Ta bort raden som ser ut som:

C:\WINDOWS\system\fservice.exe

Verkställ och OK

 

Starta om i normal läge.[/log]

Kör Norman och Spysweeper och se om de hittar något mer.

Skanna igen med HijackThis och skicka hit en logg så får vi se hur det har gått.

Link to comment
Share on other sites

Tack för svar!

Norman har aldrig rapporterat några konstigheter alls och när jag nu scannar disken så verkar den inte heller hitta något, men när man tror att det snart ska vara klart, så kraschar Windows och det blir blå skärm och minnesdumpning. Detsamma händer när jag låter AdAware göra "full system scan" istället för "smart scan". Trojanhunter och TDS-3 verkar inte funka. Det händer överhuvudtaget inget när man startar dem.

Jag körde HijackThis och gick in i felsäkert läge och försökte radera filer enligt dina anvisningar, men sservice.exe, winkey.dll, ktd32.atm och fservice.exe återuppstår så snart man har raderat dem.

EScan Antivirus Toolkit är det program som klarast rapporterar om de här trojanerna, men det försöker inte ta bort något om man inte köper programmet. Om jag vissste att det verkligen klarade av att rensa bort skräpet så skulle jag inte tveka att köpa det, men jag blir väldigt tveksam, när jag ser att inget av alla de andra programmen jag provat har klarat av att överhuvudtaget upptäcka den här Backdoor prorat.

(AdAware, Spysweeper, Spybot Search and Destroy t ex).

Så här ser eScans rapport ut:

[log]

File C:\WINDOWS\System32\wininv.dll infected by "Backdoor.Prorat.16" Virus. Action Taken: No Action Taken.

 

File C:\WINDOWS\System32\winkey.dll infected by "Backdoor.Prorat.13" Virus. Action Taken: No Action Taken.

 

File C:\WINDOWS\services.exe infected by "Backdoor.Prorat.16" Virus. Action Taken: No Action Taken.

 

File C:\WINDOWS\System32\bs5-eeoivk.exe infected by "not-a-virus:AdvWare.BookedSpace.c" Virus. Action Taken: No Action Taken.

 

File C:\WINDOWS\System32\dinkey.dll infected by "Backdoor.Prorat.13" Virus. Action Taken: No Action Taken.

 

File C:\WINDOWS\System32\fservice.exe infected by "Backdoor.Prorat.16" Virus. Action Taken: No Action Taken.

 

File C:\WINDOWS\System32\optimizer.exe infected by "TrojanDownloader.Win32.IstBar.er" Virus. Action Taken: No Action Taken.

[/log]

 

Här är en ny logg från HiJackThis:

[log]

Logfile of HijackThis v1.98.2

Scan saved at 22:17:37, on 2004-10-09

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\System32\CTSvcCDA.EXE

C:\Program\Delade filer\Microsoft Shared\VS7Debug\mdm.exe

C:\NORMAN\Nvc\BIN\NPFSVICE.EXE

C:\Norman\NVC\BIN\Zanda.exe

C:\WINDOWS\system32\Smartscaps.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.exe

C:\ATI-CPanel\atiptaxx.exe

C:\Program\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe

C:\Program\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE

C:\WINDOWS\System32\CTHELPER.EXE

C:\NORMAN\Nvc\BIN\nvcoas.exe

C:\NORMAN\Nvc\BIN\ZLH.EXE

C:\WINDOWS\System32\ezSP_Px.exe

C:\NORMAN\Nvc\BIN\nipsvc.exe

C:\Program\Delade filer\Real\Update_OB\evntsvc.exe

C:\NORMAN\Nvc\BIN\NVCSCHED.EXE

C:\Program\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe

C:\NORMAN\Nvc\BIN\NJEEVES.EXE

C:\NORMAN\Nvc\BIN\npfmsg2.exe

C:\Program\HEWLET~1\HPSHAR~1\hpgs2wnf.exe

C:\Program\MSN Apps\Updater\01.02.3000.1001\sv\msnappau.exe

C:\Program\QuickTime\qttask.exe

C:\WINDOWS\System32\ctfmon.exe

C:\Program\Creative\MediaSource\RemoteControl\RcMan.exe

C:\Program\Messenger\msmsgs.exe

C:\Program\Adobe\Acrobat 5.0\Distillr\AcroTray.exe

C:\Program\SmartTrust\SmartTrust Personal\Csp\SmartCertmover.exe

C:\Program\InterVideo\Common\Bin\WinCinemaMgr.exe

C:\WINDOWS\system32\wfxsnt40.exe

C:\Program\Symantec\WinFax\wfxctl32.exe

C:\NORMAN\Nvc\BIN\cclaw.exe

C:\Program\Symantec\WinFax\WFXMOD32.EXE

C:\WINDOWS\system32\winlogon.exe

C:\Program\Creative\MediaSource\RemoteControl\OSDMenu.EXE

C:\Program\Creative\MediaSource\RemoteControl\OSDEAX.exe

C:\HiJack\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.se

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar

R3 - Default URLSearchHook is missing

F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\system32\fservice.exe

O1 - Hosts: 64.91.255.87 www.dcsresearch.com

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: adlog Class - {22B9A67D-E689-44B6-B775-0E8FE84B4F9B} - C:\WINDOWS\System32\hrimygm.dll (file missing)

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program\SPYBOT~1\SDHelper.dll

O2 - BHO: SDWin32 Class - {7FDBB431-E844-4912-892F-7E9A58F43751} - C:\WINDOWS\System32\phtjr.dll (file missing)

O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program\MSN Apps\ST\01.02.3000.1002\en-xu\stmain.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program\google\googletoolbar2.dll

O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program\MSN Apps\MSN Toolbar\01.02.3000.1001\sv\msntb.dll

O2 - BHO: (no name) - {} - (no file)

O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program\MSN Apps\MSN Toolbar\01.02.3000.1001\sv\msntb.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program\google\googletoolbar2.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe

O4 - HKLM\..\Run: [ATIPTA] C:\ATI-CPanel\atiptaxx.exe

O4 - HKLM\..\Run: [CTSysVol] "C:\Program\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe"

O4 - HKLM\..\Run: [CTDVDDet] C:\Program\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE

O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE

O4 - HKLM\..\Run: [AsioReg] REGSVR32.EXE /S CTASIO.DLL

O4 - HKLM\..\Run: [sBDrvDet] "C:\Program\Creative\SB Drive Det\SBDrvDet.exe" /r

O4 - HKLM\..\Run: [updReg] C:\WINDOWS\UpdReg.EXE

O4 - HKLM\..\Run: [Norman ZANDA] C:\NORMAN\Nvc\BIN\ZLH.EXE /LOAD /SPLASH

O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe

O4 - HKLM\..\Run: [TkBellExe] C:\Program\Delade filer\Real\Update_OB\evntsvc.exe -osboot

O4 - HKLM\..\Run: [share-to-Web Namespace Daemon] "C:\Program\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe"

O4 - HKLM\..\Run: [PSDrvCheck] "c:\program\pinnacle\liquid edition demo\program\PSDrvCheck.exe" -CheckReg

O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe -CheckReg

O4 - HKLM\..\Run: [msnappau] "C:\Program\MSN Apps\Updater\01.02.3000.1001\sv\msnappau.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [THGuard] "C:\Program\TrojanHunter 4.0\THGuard.exe"

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe

O4 - HKCU\..\Run: [RemoteCenter] C:\Program\Creative\MediaSource\RemoteControl\RcMan.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Program\Messenger\msmsgs.exe" /background

O4 - Startup: WinFax Application Port Starter.lnk = C:\WINDOWS\system32\wfxsnt40.exe

O4 - Startup: WinFax PRO Controller.lnk = C:\Program\Symantec\WinFax\wfxctl32.exe

O4 - Global Startup: Acrobat Assistant.lnk = C:\Program\Adobe\Acrobat 5.0\Distillr\AcroTray.exe

O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program\Delade filer\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Certificate Mover.lnk = ?

O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program\InterVideo\Common\Bin\WinCinemaMgr.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program\Microsoft Office\Office10\OSA.EXE

O8 - Extra context menu item: &Google Search - res://C:\Program\Google\GoogleToolbar1.dll/cmsearch.html

O8 - Extra context menu item: Backward &Links - res://C:\Program\Google\GoogleToolbar1.dll/cmbacklinks.html

O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program\Google\GoogleToolbar1.dll/cmcache.html

O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~2\Office10\EXCEL.EXE/3000

O8 - Extra context menu item: Si&milar Pages - res://C:\Program\Google\GoogleToolbar1.dll/cmsimilar.html

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\MSMSGS.EXE

O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\MSMSGS.EXE

O12 - Plugin for .spop: C:\Program\Internet Explorer\Plugins\NPDocBox.dll

O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/20030530/qtinstall.info.apple.com/bonnie/us/win/QuickTimeInstaller.exe

O16 - DPF: {6F74F92E-8DD8-4DDE-8FB8-CBB882A68048} (Microsoft Office XP Professional Step by Step Interactive) - file://C:\Program\Microsoft interaktiv träning\O10C\mitm0026.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{2B8781EC-5B2C-44BB-9D68-EE70365BFE17}: NameServer = 195.67.199.18,195.67.199.19

 

[/log]

 

Jag läste nånstans at de här trojanerna sätter antivirusprogrammen ur spel. Det verkar också som om de även sätter systemåterställningen ur spel.

Vad tror ni, går det att komma tillrätta med det här utan att behöva formatera om hårddisken installera om XP och alla program på nytt?

 

 

 

Link to comment
Share on other sites

Hej Hultas :)

 

Vilken version av Ad-Aware använder du?

Är det Ad-Aware SE Personal 1.05 ?

 

Uppdatera till den senaste referensfilen innan du scannar:

Kan du testa med att starta datorn i felsäkert läge och där göra en scanning med Ad-Awaren i Full System Scan, ta bort det som hittas.

Då den scannat klart, starta om datorn till normalläge och gör nu en scanning igen med Ad-Awaren i Full system Scan och lägg in den loggen här, så får vi se hur det ser ut.

 

Så här ställer du in Ad-Awaren i Full System Scan:

http://www.lavasoftsupport.com/index.php?showtopic=42066

 

Inaktivera "Search for negligible risk entries", eftersom dessa objekt (MRU's) inte ses som ett hot.

 

MVH/Malou

 

 

 

****Ha en fortsatt underbar dag****

 

Team Lavasoft

Lavasupporten

 

 

[inlägget ändrat 2004-10-10 00:47:14 av malou jansson]

Link to comment
Share on other sites

Ja, jag använder Ad-Aware SE Personal 1.05.

 

Jag har nu scannat (full system scan) i felsäkert läge och tagit bort det som hittdes. När jag sedan gör samma scanning i vanligt läge så ballar XP ur och visar blå skärm och minnesdumpning. Någon loggfil från denna scanning sparas tydligen inte, så man kan inte se var den bröts.

 

Bifogar istället en loggfil från felsäkert läge.

 

[log]

Ad-Aware SE Build 1.05

Logfile Created on:den 10 oktober 2004 19:55:49

Created with Ad-Aware SE Personal, free for private use.

Using definitions file:SE1R11 07.10.2004

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

 

References detected during the scan:

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Windows(TAC index:3):1 total references

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

 

Definition File:

=========================

Definitions File Loaded:

Reference Number : SE1R11 07.10.2004

Internal build : 16

File location : C:\Program\Lavasoft\Ad-Aware SE Personal\defs.ref

File size : 353470 Bytes

Total size : 1162664 Bytes

Signature data size : 1138651 Bytes

Reference data size : 23501 Bytes

Signatures total : 31468

Fingerprints total : 206

Fingerprints size : 9362 Bytes

Target categories : 15

Target families : 579

 

 

Memory + processor status:

==========================

Number of processors : 2

Processor architecture : Intel Pentium IV

Memory available:76 %

Total physical memory:1047532 kb

Available physical memory:795116 kb

Total page file size:2524084 kb

Available on page file:2433552 kb

Total virtual memory:2097024 kb

Available virtual memory:2051484 kb

OS:Microsoft Windows XP Home Edition Service Pack 1 (Build 2600)

 

Ad-Aware SE Settings

===========================

Set : Safe mode (always request confirmation)

Set : Scan active processes

Set : Scan registry

Set : Deep-scan registry

Set : Scan my IE Favorites for banned URLs

Set : Scan my Hosts file

 

Extended Ad-Aware SE Settings

===========================

Set : Unload recognized processes & modules during scan

Set : Scan registry for all users instead of current user only

Set : Always try to unload modules before deletion

Set : During removal, unload Explorer and IE if necessary

Set : Let Windows remove files in use at next reboot

Set : Delete quarantined objects after restoring

Set : Include basic Ad-Aware settings in log file

Set : Include additional Ad-Aware settings in log file

Set : Include reference summary in log file

Set : Include alternate data stream details in log file

Set : Play sound at scan completion if scan locates critical objects

 

 

2004-10-10 19:55:49 - Scan started. (Smart mode)

 

Listing running processes

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

 

#:1 [smss.exe]

FilePath : \SystemRoot\System32 ProcessID : 164

ThreadCreationTime : 2004-10-10 17:19:08

BasePriority : Normal

 

 

#:2 [csrss.exe]

FilePath : \??\C:\WINDOWS\system32 ProcessID : 212

ThreadCreationTime : 2004-10-10 17:19:20

BasePriority : Normal

 

 

#:3 [winlogon.exe]

FilePath : \??\C:\WINDOWS\system32 ProcessID : 236

ThreadCreationTime : 2004-10-10 17:19:22

BasePriority : High

 

 

#:4 [services.exe]

FilePath : C:\WINDOWS\system32 ProcessID : 280

ThreadCreationTime : 2004-10-10 17:19:26

BasePriority : Normal

FileVersion : 5.1.2600.0 (xpclient.010817-1148)

ProductVersion : 5.1.2600.0

ProductName : Operativsystemet Microsoft® Windows®

CompanyName : Microsoft Corporation

FileDescription : Tjänst- och styrenhetsprogram

InternalName : services.exe

LegalCopyright : © Microsoft Corporation. Med ensamrätt.

OriginalFilename : services.exe

 

#:5 [lsass.exe]

FilePath : C:\WINDOWS\system32 ProcessID : 292

ThreadCreationTime : 2004-10-10 17:19:26

BasePriority : Normal

FileVersion : 5.1.2600.1106 (xpsp1.020828-1920)

ProductVersion : 5.1.2600.1106

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : LSA Shell (Export Version)

InternalName : lsass.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : lsass.exe

 

#:6 [svchost.exe]

FilePath : C:\WINDOWS\system32 ProcessID : 460

ThreadCreationTime : 2004-10-10 17:19:29

BasePriority : Normal

FileVersion : 5.1.2600.0 (xpclient.010817-1148)

ProductVersion : 5.1.2600.0

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Generic Host Process for Win32 Services

InternalName : svchost.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : svchost.exe

 

#:7 [svchost.exe]

FilePath : C:\WINDOWS\system32 ProcessID : 484

ThreadCreationTime : 2004-10-10 17:19:30

BasePriority : Normal

FileVersion : 5.1.2600.0 (xpclient.010817-1148)

ProductVersion : 5.1.2600.0

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Generic Host Process for Win32 Services

InternalName : svchost.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : svchost.exe

 

#:8 [explorer.exe]

FilePath : C:\WINDOWS ProcessID : 1452

ThreadCreationTime : 2004-10-10 17:52:18

BasePriority : Normal

FileVersion : 6.00.2800.1106 (xpsp1.020828-1920)

ProductVersion : 6.00.2800.1106

ProductName : Operativsystemet Microsoft® Windows®

CompanyName : Microsoft Corporation

FileDescription : Utforskaren

InternalName : explorer

LegalCopyright : © Microsoft Corporation. Med ensamrätt.

OriginalFilename : EXPLORER.EXE

 

#:9 [services.exe]

FilePath : C:\WINDOWS ProcessID : 1544

ThreadCreationTime : 2004-10-10 17:52:26

BasePriority : Normal

 

 

#:10 [ad-aware.exe]

FilePath : C:\Program\Lavasoft\Ad-Aware SE Personal ProcessID : 1616

ThreadCreationTime : 2004-10-10 17:52:32

BasePriority : Normal

FileVersion : 6.2.0.206

ProductVersion : VI.Second Edition

ProductName : Lavasoft Ad-Aware SE

CompanyName : Lavasoft Sweden

FileDescription : Ad-Aware SE Core application

InternalName : Ad-Aware.exe

LegalCopyright : Copyright © Lavasoft Sweden

OriginalFilename : Ad-Aware.exe

Comments : All Rights Reserved

 

Memory scan result:

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

New critical objects: 0

Objects found so far: 0

 

 

Started registry scan

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

 

Windows Object Recognized!

Type : RegData

Data : explorer.exe c:\windows\system32\fservice.exe

Category : Vulnerability

Comment : Shell Possibly Compromised

Rootkey : HKEY_LOCAL_MACHINE

Object : software\microsoft\windows nt\currentversion\winlogon

Value : Shell

Data : explorer.exe c:\windows\system32\fservice.exe

 

Registry Scan result:

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

New critical objects: 1

Objects found so far: 1

 

 

Started deep registry scan

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

 

Deep registry scan result:

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

New critical objects: 0

Objects found so far: 1

 

 

Started Tracking Cookie scan

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

 

 

Tracking cookie scan result:

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

New critical objects: 0

Objects found so far: 1

 

 

 

Deep scanning and examining files...

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

 

Disk Scan Result for C:\WINDOWS

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

New critical objects: 0

Objects found so far: 1

 

Disk Scan Result for C:\WINDOWS\System32

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

New critical objects: 0

Objects found so far: 1

 

Disk Scan Result for C:\DOCUME~1\BOHULT~1\LOKALA~1\Temp»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

New critical objects: 0

Objects found so far: 1

 

 

Scanning Hosts file......

Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts".

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

 

Hosts file scan result:

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

2 entries scanned.

New critical objects:0

Objects found so far: 1

 

 

 

 

Performing conditional scans...

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

 

Conditional scan result:

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

New critical objects: 0

Objects found so far: 1

 

19:57:25 Scan Complete

 

Summary Of This Scan

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Total scanning time:00:01:36.203

Objects scanned:58295

Objects identified:1

Objects ignored:0

New critical objects:1

[/log]

 

 

 

 

 

Link to comment
Share on other sites

Hej Hultas :)

 

Ser att du har scannat i smart mode

2004-10-10 19:55:49 - Scan started. (Smart mode):

 

Konfigurera enligt följande:

 

General-knappen

Safety:

Aktivera alla tre (Grön färg).

 

Advanced-knappen

Logfile Detail Level:

Aktivera även här alla tre (Grön färg).

 

 

Tweak-knappen

Aktivera (Grön färg) följande:

Log Files

Include basic Ad-Aware settings in logfile.

Include additional Ad-Aware settings in logfile.

Aktivera inte denna: Include Module list in logfile

 

Klicka på "Proceed"

 

3) Klicka på "Scan Now" till vänster i navigaitonen

 

4) Inaktivera "Search for negligible risk entries", eftersom dessa objekt (MRU's) inte ses som ett hot.

 

********************************************

 

Då provar vi med nedanstående.

Innan du börjar scanna gör det här först:

 

Det är viktigt att du "rensar/tömmer" följande mappar (Men ta inte bort själva mappen/mapparna) .

Logga ut från Internet (För Bredband/Cabel Användare, det rekommenderas att dra ur nätverkskabeln) och Stäng alla öppna fönster/program.

1. C:\Windows\Temp

2. C:\Documents and Settings\<Ditt Användarnamn>\Local Settings\Temporary Internet Files\ <=Det här tömmer Cachen, Temporära Internetfiler och Cookies.

3. C:\Documents and Settings\<Ditt Användarnamn>\Local Settings\Temp

4. C:\Documents and Settings\<Övrigas användares Användarnamn>\Local Settings\Temporary Internet Files

5. C:\Documents and Settings\<Övriga användares Användarnamn>\Local Settings\Temp

6. Töm "Papperskorgen" "Starta om datorn"

 

 

Ställ in Ad-Aware enligt ovanstående och gör om scanningen i felsäkert läge.

Ser redan nu att det finns åtminstånde en otrevlighet i systemet.

Men för att kunna se mer måste programmet ställas in på Full System Scan och sedan scanna i felsäkert läge (eftersom det inte går i normalläge just nu):

Då du scannar se till så att inga andra program är öppna (stäng ner dessa), var inte inloggad på Internet (logga ut).

Då den scannat klart. Starta om datorn.

Kopiera hit loggen.

 

Gör även en ny HJT-log och lägg in, så skall vi nog snart få ordning på det här (hoppas jag)

 

MVH/Malou

 

****Ha en fortsatt underbar dag****

 

Team Lavasoft

Lavasupporten

 

 

[inlägget ändrat 2004-10-10 22:53:32 av malou jansson]

[inlägget ändrat 2004-10-10 22:54:51 av malou jansson]

[inlägget ändrat 2004-10-10 22:56:05 av malou jansson]

Link to comment
Share on other sites

Hej!

Det var ju klantigt av mig att skicka fel logfil.

Hoppas det går bättre idag...

 

Har försökt följa anvisningarna och här är AdAwares logfil från Safe mode.

 

[log]

Ad-Aware SE Build 1.05

Logfile Created on:den 11 oktober 2004 20:36:10

Created with Ad-Aware SE Personal, free for private use.

Using definitions file:SE1R11 07.10.2004

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

 

References detected during the scan:

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Windows(TAC index:3):1 total references

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

 

Definition File:

=========================

Definitions File Loaded:

Reference Number : SE1R11 07.10.2004

Internal build : 16

File location : C:\Program\Lavasoft\Ad-Aware SE Personal\defs.ref

File size : 353470 Bytes

Total size : 1162664 Bytes

Signature data size : 1138651 Bytes

Reference data size : 23501 Bytes

Signatures total : 31468

Fingerprints total : 206

Fingerprints size : 9362 Bytes

Target categories : 15

Target families : 579

 

 

Memory + processor status:

==========================

Number of processors : 2

Processor architecture : Intel Pentium IV

Memory available:82 %

Total physical memory:1047532 kb

Available physical memory:854884 kb

Total page file size:2524084 kb

Available on page file:2451908 kb

Total virtual memory:2097024 kb

Available virtual memory:2051488 kb

OS:Microsoft Windows XP Home Edition Service Pack 1 (Build 2600)

 

Ad-Aware SE Settings

===========================

Set : Safe mode (always request confirmation)

Set : Scan active processes

Set : Scan registry

Set : Deep-scan registry

Set : Scan my IE Favorites for banned URLs

Set : Scan my Hosts file

 

Extended Ad-Aware SE Settings

===========================

Set : Unload recognized processes & modules during scan

Set : Scan registry for all users instead of current user only

Set : Always try to unload modules before deletion

Set : During removal, unload Explorer and IE if necessary

Set : Let Windows remove files in use at next reboot

Set : Delete quarantined objects after restoring

Set : Include basic Ad-Aware settings in log file

Set : Include additional Ad-Aware settings in log file

Set : Include reference summary in log file

Set : Include alternate data stream details in log file

Set : Play sound at scan completion if scan locates critical objects

 

 

2004-10-11 20:36:10 - Scan started. (Full System Scan)

 

Listing running processes

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

 

#:1 [smss.exe]

FilePath : \SystemRoot\System32 ProcessID : 164

ThreadCreationTime : 2004-10-11 18:32:24

BasePriority : Normal

 

 

#:2 [csrss.exe]

FilePath : \??\C:\WINDOWS\system32 ProcessID : 212

ThreadCreationTime : 2004-10-11 18:32:37

BasePriority : Normal

 

 

#:3 [winlogon.exe]

FilePath : \??\C:\WINDOWS\system32 ProcessID : 236

ThreadCreationTime : 2004-10-11 18:32:39

BasePriority : High

 

 

#:4 [services.exe]

FilePath : C:\WINDOWS\system32 ProcessID : 280

ThreadCreationTime : 2004-10-11 18:32:43

BasePriority : Normal

FileVersion : 5.1.2600.0 (xpclient.010817-1148)

ProductVersion : 5.1.2600.0

ProductName : Operativsystemet Microsoft® Windows®

CompanyName : Microsoft Corporation

FileDescription : Tjänst- och styrenhetsprogram

InternalName : services.exe

LegalCopyright : © Microsoft Corporation. Med ensamrätt.

OriginalFilename : services.exe

 

#:5 [lsass.exe]

FilePath : C:\WINDOWS\system32 ProcessID : 292

ThreadCreationTime : 2004-10-11 18:32:43

BasePriority : Normal

FileVersion : 5.1.2600.1106 (xpsp1.020828-1920)

ProductVersion : 5.1.2600.1106

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : LSA Shell (Export Version)

InternalName : lsass.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : lsass.exe

 

#:6 [svchost.exe]

FilePath : C:\WINDOWS\system32 ProcessID : 460

ThreadCreationTime : 2004-10-11 18:32:46

BasePriority : Normal

FileVersion : 5.1.2600.0 (xpclient.010817-1148)

ProductVersion : 5.1.2600.0

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Generic Host Process for Win32 Services

InternalName : svchost.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : svchost.exe

 

#:7 [svchost.exe]

FilePath : C:\WINDOWS\system32 ProcessID : 484

ThreadCreationTime : 2004-10-11 18:32:46

BasePriority : Normal

FileVersion : 5.1.2600.0 (xpclient.010817-1148)

ProductVersion : 5.1.2600.0

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Generic Host Process for Win32 Services

InternalName : svchost.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : svchost.exe

 

#:8 [explorer.exe]

FilePath : C:\WINDOWS ProcessID : 700

ThreadCreationTime : 2004-10-11 18:33:04

BasePriority : Normal

FileVersion : 6.00.2800.1106 (xpsp1.020828-1920)

ProductVersion : 6.00.2800.1106

ProductName : Operativsystemet Microsoft® Windows®

CompanyName : Microsoft Corporation

FileDescription : Utforskaren

InternalName : explorer

LegalCopyright : © Microsoft Corporation. Med ensamrätt.

OriginalFilename : EXPLORER.EXE

 

#:9 [services.exe]

FilePath : C:\WINDOWS ProcessID : 772

ThreadCreationTime : 2004-10-11 18:33:16

BasePriority : Normal

 

 

#:10 [ad-aware.exe]

FilePath : C:\Program\Lavasoft\Ad-Aware SE Personal ProcessID : 884

ThreadCreationTime : 2004-10-11 18:33:28

BasePriority : Normal

FileVersion : 6.2.0.206

ProductVersion : VI.Second Edition

ProductName : Lavasoft Ad-Aware SE

CompanyName : Lavasoft Sweden

FileDescription : Ad-Aware SE Core application

InternalName : Ad-Aware.exe

LegalCopyright : Copyright © Lavasoft Sweden

OriginalFilename : Ad-Aware.exe

Comments : All Rights Reserved

 

Memory scan result:

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

New critical objects: 0

Objects found so far: 0

 

 

Started registry scan

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

 

Windows Object Recognized!

Type : RegData

Data : explorer.exe c:\windows\system32\fservice.exe

Category : Vulnerability

Comment : Shell Possibly Compromised

Rootkey : HKEY_LOCAL_MACHINE

Object : software\microsoft\windows nt\currentversion\winlogon

Value : Shell

Data : explorer.exe c:\windows\system32\fservice.exe

 

Registry Scan result:

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

New critical objects: 1

Objects found so far: 1

 

 

Started deep registry scan

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

 

Deep registry scan result:

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

New critical objects: 0

Objects found so far: 1

 

 

Started Tracking Cookie scan

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

 

 

Tracking cookie scan result:

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

New critical objects: 0

Objects found so far: 1

 

 

 

Deep scanning and examining files (C:)

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

 

Disk Scan Result for C:»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

New critical objects: 0

Objects found so far: 1

 

 

Scanning Hosts file......

Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts".

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

 

Hosts file scan result:

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

2 entries scanned.

New critical objects:0

Objects found so far: 1

 

 

 

 

Performing conditional scans...

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

 

Conditional scan result:

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

New critical objects: 0

Objects found so far: 1

 

20:55:32 Scan Complete

 

Summary Of This Scan

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Total scanning time:00:19:22.703

Objects scanned:166417

Objects identified:1

Objects ignored:0

New critical objects:1

[/log]

 

Här är logfiler från HiJackThis, först i Safe mode:

 

[log]

Logfile of HijackThis v1.98.2

Scan saved at 21:16:37, on 2004-10-11

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\Explorer.exe

C:\Program\totalcmd\TOTALCMD.EXE

C:\Program\totalcmd\TOTALCMD.EXE

c:\HiJack\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.se'>http://www.google.se

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar

R3 - Default URLSearchHook is missing

F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\system32\fservice.exe

O1 - Hosts: 64.91.255.87 www.dcsresearch.com

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program\SPYBOT~1\SDHelper.dll

O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program\MSN Apps\ST\01.02.3000.1002\en-xu\stmain.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program\google\googletoolbar2.dll

O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program\MSN Apps\MSN Toolbar\01.02.3000.1001\sv\msntb.dll

O2 - BHO: SDWin32 Class - {C798639E-15DE-4D11-99E6-D3CEBB0C4353} - C:\WINDOWS\System32\jtxzn.dll

O2 - BHO: (no name) - {} - (no file)

O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program\MSN Apps\MSN Toolbar\01.02.3000.1001\sv\msntb.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program\google\googletoolbar2.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe

O4 - HKLM\..\Run: [ATIPTA] C:\ATI-CPanel\atiptaxx.exe

O4 - HKLM\..\Run: [CTSysVol] "C:\Program\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe"

O4 - HKLM\..\Run: [CTDVDDet] C:\Program\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE

O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE

O4 - HKLM\..\Run: [AsioReg] REGSVR32.EXE /S CTASIO.DLL

O4 - HKLM\..\Run: [sBDrvDet] "C:\Program\Creative\SB Drive Det\SBDrvDet.exe" /r

O4 - HKLM\..\Run: [updReg] C:\WINDOWS\UpdReg.EXE

O4 - HKLM\..\Run: [Norman ZANDA] C:\NORMAN\Nvc\BIN\ZLH.EXE /LOAD /SPLASH

O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe

O4 - HKLM\..\Run: [TkBellExe] C:\Program\Delade filer\Real\Update_OB\evntsvc.exe -osboot

O4 - HKLM\..\Run: [share-to-Web Namespace Daemon] "C:\Program\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe"

O4 - HKLM\..\Run: [PSDrvCheck] "c:\program\pinnacle\liquid edition demo\program\PSDrvCheck.exe" -CheckReg

O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe -CheckReg

O4 - HKLM\..\Run: [hrileal] C:\WINDOWS\System32\hrileal.exe

O4 - HKLM\..\Run: [msnappau] "C:\Program\MSN Apps\Updater\01.02.3000.1001\sv\msnappau.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [THGuard] "C:\Program\TrojanHunter 4.0\THGuard.exe"

O4 - HKLM\..\Run: [jtxznc] C:\WINDOWS\System32\jtxznc.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe

O4 - HKCU\..\Run: [RemoteCenter] C:\Program\Creative\MediaSource\RemoteControl\RcMan.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Program\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [spySweeper] "C:\Program\Webroot\Spy Sweeper\SpySweeper.exe" /0

O4 - Startup: WinFax Application Port Starter.lnk = C:\WINDOWS\system32\wfxsnt40.exe

O4 - Startup: WinFax PRO Controller.lnk = C:\Program\Symantec\WinFax\wfxctl32.exe

O4 - Global Startup: Acrobat Assistant.lnk = C:\Program\Adobe\Acrobat 5.0\Distillr\AcroTray.exe

O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program\Delade filer\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Certificate Mover.lnk = ?

O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program\InterVideo\Common\Bin\WinCinemaMgr.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program\Microsoft Office\Office10\OSA.EXE

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\MSMSGS.EXE

O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\MSMSGS.EXE

O12 - Plugin for .spop: C:\Program\Internet Explorer\Plugins\NPDocBox.dll

O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/20030530/qtinstall.info.apple.com/bonnie/us/win/QuickTimeInstaller.exe'>http://a1540.g.akamai.net/7/1540/52/20030530/qtinstall.info.apple.com/bonnie/us/win/QuickTimeInstaller.exe

O16 - DPF: {6F74F92E-8DD8-4DDE-8FB8-CBB882A68048} (Microsoft Office XP Professional Step by Step Interactive) - file://C:\Program\Microsoft interaktiv träning\O10C\mitm0026.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{2B8781EC-5B2C-44BB-9D68-EE70365BFE17}: NameServer = 195.67.199.18,195.67.199.19

 

[/log]

 

och sedan i Normalt mode, eftersom jag inte är säker på hur du ville ha det.

 

[log]

Logfile of HijackThis v1.98.2

Scan saved at 21:23:21, on 2004-10-11

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\System32\CTSvcCDA.EXE

C:\Program\Delade filer\Microsoft Shared\VS7Debug\mdm.exe

C:\NORMAN\Nvc\BIN\NPFSVICE.EXE

C:\Norman\NVC\BIN\Zanda.exe

C:\WINDOWS\System32\SCardSvr.exe

C:\WINDOWS\system32\Smartscaps.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\wbem\wmiprvse.exe

C:\NORMAN\Nvc\BIN\NJEEVES.EXE

C:\NORMAN\Nvc\BIN\NVCSCHED.EXE

C:\NORMAN\Nvc\BIN\nipsvc.exe

C:\NORMAN\Nvc\BIN\nvcoas.exe

C:\WINDOWS\System32\wuauclt.exe

C:\WINDOWS\Explorer.exe

C:\ATI-CPanel\atiptaxx.exe

C:\Program\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe

C:\Program\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE

C:\WINDOWS\System32\CTHELPER.EXE

C:\NORMAN\Nvc\BIN\ZLH.EXE

C:\WINDOWS\System32\ezSP_Px.exe

C:\Program\Delade filer\Real\Update_OB\evntsvc.exe

C:\Program\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe

C:\NORMAN\Nvc\BIN\cclaw.exe

C:\Program\MSN Apps\Updater\01.02.3000.1001\sv\msnappau.exe

C:\Program\HEWLET~1\HPSHAR~1\hpgs2wnf.exe

C:\NORMAN\Nvc\BIN\npfmsg2.exe

C:\WINDOWS\System32\ctfmon.exe

C:\Program\Creative\MediaSource\RemoteControl\RcMan.exe

C:\Program\Adobe\Acrobat 5.0\Distillr\AcroTray.exe

C:\WINDOWS\system32\wfxsnt40.exe

C:\Program\totalcmd\TOTALCMD.EXE

c:\HiJack\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.se

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar

R3 - Default URLSearchHook is missing

F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\system32\fservice.exe

O1 - Hosts: 64.91.255.87 www.dcsresearch.com

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program\SPYBOT~1\SDHelper.dll

O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program\MSN Apps\ST\01.02.3000.1002\en-xu\stmain.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program\google\googletoolbar2.dll

O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program\MSN Apps\MSN Toolbar\01.02.3000.1001\sv\msntb.dll

O2 - BHO: SDWin32 Class - {C798639E-15DE-4D11-99E6-D3CEBB0C4353} - C:\WINDOWS\System32\jtxzn.dll

O2 - BHO: (no name) - {} - (no file)

O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program\MSN Apps\MSN Toolbar\01.02.3000.1001\sv\msntb.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program\google\googletoolbar2.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe

O4 - HKLM\..\Run: [ATIPTA] C:\ATI-CPanel\atiptaxx.exe

O4 - HKLM\..\Run: [CTSysVol] "C:\Program\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe"

O4 - HKLM\..\Run: [CTDVDDet] C:\Program\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE

O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE

O4 - HKLM\..\Run: [AsioReg] REGSVR32.EXE /S CTASIO.DLL

O4 - HKLM\..\Run: [sBDrvDet] "C:\Program\Creative\SB Drive Det\SBDrvDet.exe" /r

O4 - HKLM\..\Run: [updReg] C:\WINDOWS\UpdReg.EXE

O4 - HKLM\..\Run: [Norman ZANDA] C:\NORMAN\Nvc\BIN\ZLH.EXE /LOAD /SPLASH

O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe

O4 - HKLM\..\Run: [TkBellExe] C:\Program\Delade filer\Real\Update_OB\evntsvc.exe -osboot

O4 - HKLM\..\Run: [share-to-Web Namespace Daemon] "C:\Program\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe"

O4 - HKLM\..\Run: [PSDrvCheck] "c:\program\pinnacle\liquid edition demo\program\PSDrvCheck.exe" -CheckReg

O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe -CheckReg

O4 - HKLM\..\Run: [msnappau] "C:\Program\MSN Apps\Updater\01.02.3000.1001\sv\msnappau.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [THGuard] "C:\Program\TrojanHunter 4.0\THGuard.exe"

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe

O4 - HKCU\..\Run: [RemoteCenter] C:\Program\Creative\MediaSource\RemoteControl\RcMan.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Program\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [spySweeper] "C:\Program\Webroot\Spy Sweeper\SpySweeper.exe" /0

O4 - Startup: WinFax Application Port Starter.lnk = C:\WINDOWS\system32\wfxsnt40.exe

O4 - Startup: WinFax PRO Controller.lnk = C:\Program\Symantec\WinFax\wfxctl32.exe

O4 - Global Startup: Acrobat Assistant.lnk = C:\Program\Adobe\Acrobat 5.0\Distillr\AcroTray.exe

O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program\Delade filer\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Certificate Mover.lnk = ?

O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program\InterVideo\Common\Bin\WinCinemaMgr.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program\Microsoft Office\Office10\OSA.EXE

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\MSMSGS.EXE

O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\MSMSGS.EXE

O12 - Plugin for .spop: C:\Program\Internet Explorer\Plugins\NPDocBox.dll

O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/20030530/qtinstall.info.apple.com/bonnie/us/win/QuickTimeInstaller.exe

O16 - DPF: {6F74F92E-8DD8-4DDE-8FB8-CBB882A68048} (Microsoft Office XP Professional Step by Step Interactive) - file://C:\Program\Microsoft interaktiv träning\O10C\mitm0026.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{2B8781EC-5B2C-44BB-9D68-EE70365BFE17}: NameServer = 195.67.199.18,195.67.199.19

 

[/log]

 

 

 

 

Link to comment
Share on other sites

Hej Hultas :)

 

Det var ju klantigt av mig att skicka fel logfil.

Hoppas det går bättre idag...

Inte lätt att hålla reda på allt *ler*

 

och sedan i Normalt mode, eftersom jag inte är säker på hur du ville ha det.

HJT-log vill jag alltid ha i Normalläge. Så jag utgår från den. Men jag måste ju säga att det är något skumt som pågår då jag tittar på de båda HJT-loggorna. Så jag har tagit med en del filer från den du scannat i felsäker läge, som du skall delita. De visar sig inte i den HJT-loggen du scannat i normalläge????????

 

Stäng ner Internet (logga ut):

Öpna HJT. Klicka på Scan-knappen. Bocka för nedanstående detaljer. Klicka på Fix Checked-knappen.

 

 

[log]R3 - Default URLSearchHook is missing

F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\system32\fservice.exe

 

O1 - Hosts: 64.91.255.87 www.dcsresearch.com

 

O2 - BHO: SDWin32 Class - {C798639E-15DE-4D11-99E6-D3CEBB0C4353} - C:\WINDOWS\System32\jtxzn.dll

O2 - BHO: (no name) - {} - (no file)

 

O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/20030530/qtinstall.info.apple

.com/bonnie/us/win/QuickTimeInstaller.exe

 

Då du bockat och fixat ovanstående i HJT:

Starta nu om datorn i felsäkert läge (tryck F8 upprepade gånger):

 

För att hitta de filer du nu skall leta upp, måste du klicka (windowstangent+E) och i verktygsfältet klicka på "Verktyg>mappalternativ" och under "Visa" klicka på "Visa dolda filer och mappar" samt avbocka "dölj filnamstillägg för kända filtyper" och "Dölj skyddade operativsystemfiler"

 

C:\WINDOWS\system32\fservice.exe

(fservice.exe)<-Delita:

 

C:\WINDOWS\System32\hrileal.exe

(hrileal.exe)<-Delita:

 

C:\WINDOWS\System32\jtxzn.dll

(jtxzn.dll)<-Delita:

 

Töm papperskorgen. Starta om datorn. [/log]

 

Vidare tömmer du tempmapparna:

C:\Windows\temp <-Töm tempmappen på innehåll: OBS: Ta ej bort tempmappen:

 

Töm även den här tempmappen:

C:\Documents and settings\Ditt Användarnamn\Lokala Inställningar\Temp <-Töm tempmappen på innehåll: OBS: Ta ej bort tempmappen:

Dessutom är den gömd, så att för att hitta den klicka på (Windowstangent+E) och i verktygsfältet klicka "Verktyg>Mappalternativ" och under "Visa" bocka för "Visa dolda filer och mappar"

 

Töm papperskorgen. Starta om datorn.

Kan hända att du får göra om proceduren några gånger beroende på hur mycket som finns i den:

 

Töm även de temporära Internetfilerna, Offlineinnehållet och Cookies.

 

OBS:

Inte i Felsäkert läge den här gången:

Gör en ny scanning med ett uppdaterat Ad-Aware i Full System Scan, ta inte bort det som hittas. Lägg in loggen här.

Gör en ny HJT-log (HiJack This) och lägg in även den

 

MVH/Malou

****Ha en fortsatt underbar dag****

 

Team Lavasoft

Lavasupporten

 

 

[inlägget ändrat 2004-10-11 23:08:53 av malou jansson]

Link to comment
Share on other sites

Hej igen, vilken följetong!

 

Vill kommentera några saker innan jag redovisar logfilerna.

 

Men jag måste ju säga att det är något skumt som pågår då jag tittar på de båda HJT-loggorna. Så jag har tagit med en del filer från den du scannat i felsäker läge, som du skall delita. De visar sig inte i den HJT-loggen du scannat i normalläge????????

 

Kan det vara så att jag oavsiktligt satte myror i huvudet på dig genom att jag fick för mig att jag skulle stänga av några automatstartade program som jag inte tyckte behövde vara igång. Som t ex WinFax, QuickTime, SmartTrust, SpySweeper och Windows Messenger. Dom syns ju inte i aktivitetsfältet i felsäkert läge, så jag trodde inte dom var igång där.

 

Men nu lovar jag att försöka göra som du säger i fortsättningen! ;-)

 

Ang de filer jag skulle radera, så undrar jag över "fservice.exe" som återskapas så fort man raderat den. Ska det vara så? "Sservice.exe" fick jag order om att radera vid ett tidigare tillfälle, men inte nu?

"Hrileal.exe" har en syster som heter "hrileal.dat" och "jtxzn.dll" har 6 st bröder som heter "jtxzna.xxx"- "jtxznf.xxx", behöver inte även dessa raderas?

 

Vad är Offlineinnehållet? Cookies har jag sett på mer än ett ställe, inte bara under "lokala inställningar". Ska man radera alla man hittar?

 

 

AdAware-loggen:

 

[log]Ad-Aware SE Build 1.05

Logfile Created on:den 12 oktober 2004 21:13:34

Created with Ad-Aware SE Personal, free for private use.

Using definitions file:SE1R11 07.10.2004

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

 

References detected during the scan:

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

AdLogix(TAC index:6):1 total references

Windows(TAC index:3):1 total references

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

 

Definition File:

=========================

Definitions File Loaded:

Reference Number : SE1R11 07.10.2004

Internal build : 16

File location : C:\Program\Lavasoft\Ad-Aware SE Personal\defs.ref

File size : 353470 Bytes

Total size : 1162664 Bytes

Signature data size : 1138651 Bytes

Reference data size : 23501 Bytes

Signatures total : 31468

Fingerprints total : 206

Fingerprints size : 9362 Bytes

Target categories : 15

Target families : 579

 

 

Memory + processor status:

==========================

Number of processors : 2

Processor architecture : Intel Pentium IV

Memory available:65 %

Total physical memory:1047532 kb

Available physical memory:676732 kb

Total page file size:2524084 kb

Available on page file:2232164 kb

Total virtual memory:2097024 kb

Available virtual memory:2046168 kb

OS:Microsoft Windows XP Home Edition Service Pack 1 (Build 2600)

 

Ad-Aware SE Settings

===========================

Set : Safe mode (always request confirmation)

Set : Scan active processes

Set : Scan registry

Set : Deep-scan registry

Set : Scan my IE Favorites for banned URLs

Set : Scan my Hosts file

 

Extended Ad-Aware SE Settings

===========================

Set : Unload recognized processes & modules during scan

Set : Scan registry for all users instead of current user only

Set : Always try to unload modules before deletion

Set : During removal, unload Explorer and IE if necessary

Set : Let Windows remove files in use at next reboot

Set : Delete quarantined objects after restoring

Set : Include basic Ad-Aware settings in log file

Set : Include additional Ad-Aware settings in log file

Set : Include reference summary in log file

Set : Include alternate data stream details in log file

Set : Play sound at scan completion if scan locates critical objects

 

 

2004-10-12 21:13:34 - Scan started. (Full System Scan)

 

Listing running processes

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

 

#:1 [smss.exe]

FilePath : \SystemRoot\System32 ProcessID : 724

ThreadCreationTime : 2004-10-12 19:11:04

BasePriority : Normal

 

 

#:2 [csrss.exe]

FilePath : \??\C:\WINDOWS\system32 ProcessID : 772

ThreadCreationTime : 2004-10-12 19:11:05

BasePriority : Normal

 

 

#:3 [winlogon.exe]

FilePath : \??\C:\WINDOWS\system32 ProcessID : 796

ThreadCreationTime : 2004-10-12 19:11:06

BasePriority : High

 

 

#:4 [services.exe]

FilePath : C:\WINDOWS\system32 ProcessID : 840

ThreadCreationTime : 2004-10-12 19:11:07

BasePriority : Normal

FileVersion : 5.1.2600.0 (xpclient.010817-1148)

ProductVersion : 5.1.2600.0

ProductName : Operativsystemet Microsoft® Windows®

CompanyName : Microsoft Corporation

FileDescription : Tjänst- och styrenhetsprogram

InternalName : services.exe

LegalCopyright : © Microsoft Corporation. Med ensamrätt.

OriginalFilename : services.exe

 

#:5 [lsass.exe]

FilePath : C:\WINDOWS\system32 ProcessID : 852

ThreadCreationTime : 2004-10-12 19:11:07

BasePriority : Normal

FileVersion : 5.1.2600.1106 (xpsp1.020828-1920)

ProductVersion : 5.1.2600.1106

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : LSA Shell (Export Version)

InternalName : lsass.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : lsass.exe

 

#:6 [svchost.exe]

FilePath : C:\WINDOWS\system32 ProcessID : 1080

ThreadCreationTime : 2004-10-12 19:11:08

BasePriority : Normal

FileVersion : 5.1.2600.0 (xpclient.010817-1148)

ProductVersion : 5.1.2600.0

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Generic Host Process for Win32 Services

InternalName : svchost.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : svchost.exe

 

#:7 [svchost.exe]

FilePath : C:\WINDOWS\System32 ProcessID : 1128

ThreadCreationTime : 2004-10-12 19:11:08

BasePriority : Normal

FileVersion : 5.1.2600.0 (xpclient.010817-1148)

ProductVersion : 5.1.2600.0

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Generic Host Process for Win32 Services

InternalName : svchost.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : svchost.exe

 

#:8 [svchost.exe]

FilePath : C:\WINDOWS\System32 ProcessID : 1260

ThreadCreationTime : 2004-10-12 19:11:09

BasePriority : Normal

FileVersion : 5.1.2600.0 (xpclient.010817-1148)

ProductVersion : 5.1.2600.0

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Generic Host Process for Win32 Services

InternalName : svchost.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : svchost.exe

 

#:9 [svchost.exe]

FilePath : C:\WINDOWS\System32 ProcessID : 1280

ThreadCreationTime : 2004-10-12 19:11:09

BasePriority : Normal

FileVersion : 5.1.2600.0 (xpclient.010817-1148)

ProductVersion : 5.1.2600.0

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Generic Host Process for Win32 Services

InternalName : svchost.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : svchost.exe

 

#:10 [spoolsv.exe]

FilePath : C:\WINDOWS\system32 ProcessID : 1412

ThreadCreationTime : 2004-10-12 19:11:09

BasePriority : Normal

FileVersion : 5.1.2600.0 (XPClient.010817-1148)

ProductVersion : 5.1.2600.0

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Spooler SubSystem App

InternalName : spoolsv.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : spoolsv.exe

 

#:11 [ctsvccda.exe]

FilePath : C:\WINDOWS\System32 ProcessID : 1520

ThreadCreationTime : 2004-10-12 19:11:10

BasePriority : Normal

FileVersion : 1.0.1.0

ProductVersion : 1.0.0.0

ProductName : Creative Service for CDROM Access

CompanyName : Creative Technology Ltd

FileDescription : Creative Service for CDROM Access

InternalName : CTsvcCDAEXE

LegalCopyright : Copyright © Creative Technology Ltd., 1999. All rights reserved.

OriginalFilename : CTsvcCDA.EXE

 

#:12 [mdm.exe]

FilePath : C:\Program\Delade filer\Microsoft Shared\VS7Debug ProcessID : 1572

ThreadCreationTime : 2004-10-12 19:11:10

BasePriority : Normal

FileVersion : 7.00.9064.9150

ProductVersion : 7.00.9064.9150

ProductName : Microsoft Development Environment

CompanyName : Microsoft Corporation

FileDescription : Machine Debug Manager

InternalName : mdm.exe

LegalCopyright : Copyright © Microsoft Corp. 1997-2000

OriginalFilename : mdm.exe

 

#:13 [npfsvice.exe]

FilePath : C:\NORMAN\Nvc\BIN ProcessID : 1604

ThreadCreationTime : 2004-10-12 19:11:11

BasePriority : Normal

 

 

#:14 [zanda.exe]

FilePath : C:\Norman\NVC\BIN ProcessID : 1648

ThreadCreationTime : 2004-10-12 19:11:11

BasePriority : Normal

 

 

#:15 [scardsvr.exe]

FilePath : C:\WINDOWS\System32 ProcessID : 1676

ThreadCreationTime : 2004-10-12 19:11:11

BasePriority : Normal

FileVersion : 5.1.2600.0 (xpclient.010817-1148)

ProductVersion : 5.1.2600.0

ProductName : Operativsystemet Microsoft® Windows®

CompanyName : Microsoft Corporation

FileDescription : Resurshanteringsserver för smartkort

InternalName : SCardSvr.exe

LegalCopyright : © Microsoft Corporation. Med ensamrätt.

OriginalFilename : SCardSvr.exe

 

#:16 [smartscaps.exe]

FilePath : C:\WINDOWS\system32 ProcessID : 1740

ThreadCreationTime : 2004-10-12 19:11:11

BasePriority : Normal

 

 

#:17 [svchost.exe]

FilePath : C:\WINDOWS\System32 ProcessID : 1824

ThreadCreationTime : 2004-10-12 19:11:11

BasePriority : Normal

FileVersion : 5.1.2600.0 (xpclient.010817-1148)

ProductVersion : 5.1.2600.0

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Generic Host Process for Win32 Services

InternalName : svchost.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : svchost.exe

 

#:18 [wmiprvse.exe]

FilePath : C:\WINDOWS\System32\wbem ProcessID : 340

ThreadCreationTime : 2004-10-12 19:11:16

BasePriority : Normal

FileVersion : 5.1.2600.1106 (xpsp1.020828-1920)

ProductVersion : 5.1.2600.1106

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : WMI

InternalName : Wmiprvse.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : Wmiprvse.exe

 

#:19 [njeeves.exe]

FilePath : C:\NORMAN\Nvc\BIN ProcessID : 420

ThreadCreationTime : 2004-10-12 19:11:17

BasePriority : Normal

 

 

#:20 [nvcoas.exe]

FilePath : C:\NORMAN\Nvc\BIN ProcessID : 436

ThreadCreationTime : 2004-10-12 19:11:17

BasePriority : Normal

FileVersion : 5, 3, 0, 1

ProductVersion : NVC forTerminal server beta

ProductName : NVC on-access scanner

CompanyName : Norman ASA

FileDescription : NVC on-access virus scanner

InternalName : NVCNT

LegalCopyright : Copyright © 2000-2001

OriginalFilename : NVCOAS.EXE

 

#:21 [nvcsched.exe]

FilePath : C:\NORMAN\Nvc\BIN ProcessID : 452

ThreadCreationTime : 2004-10-12 19:11:17

BasePriority : Normal

FileVersion : 1.03

ProductVersion : 1.03

ProductName : Norman Virus Control

CompanyName : Norman Data Defense Systems

FileDescription : NVC Scheduler

InternalName : NVCSched.exe

LegalCopyright : © Norman Data Defense Systems. 1997-2000

OriginalFilename : NVCSched.exe

 

#:22 [nipsvc.exe]

FilePath : C:\NORMAN\Nvc\BIN ProcessID : 492

ThreadCreationTime : 2004-10-12 19:11:17

BasePriority : Normal

 

 

#:23 [explorer.exe]

FilePath : C:\WINDOWS ProcessID : 2004

ThreadCreationTime : 2004-10-12 19:11:26

BasePriority : Normal

FileVersion : 6.00.2800.1106 (xpsp1.020828-1920)

ProductVersion : 6.00.2800.1106

ProductName : Operativsystemet Microsoft® Windows®

CompanyName : Microsoft Corporation

FileDescription : Utforskaren

InternalName : explorer

LegalCopyright : © Microsoft Corporation. Med ensamrätt.

OriginalFilename : EXPLORER.EXE

 

#:24 [services.exe]

FilePath : C:\WINDOWS ProcessID : 2044

ThreadCreationTime : 2004-10-12 19:11:27

BasePriority : Normal

 

 

#:25 [wuauclt.exe]

FilePath : C:\WINDOWS\System32 ProcessID : 1900

ThreadCreationTime : 2004-10-12 19:11:28

BasePriority : Normal

FileVersion : 5.4.3790.2182 built by: srv03_rtm(ntvbl04)

ProductVersion : 5.4.3790.2182

ProductName : Operativsystemet Microsoft® Windows®

CompanyName : Microsoft Corporation

FileDescription : Automatiska uppdateringar

InternalName : wuauclt.exe

LegalCopyright : © Microsoft Corporation. Med ensamrätt.

OriginalFilename : wuauclt.exe

 

#:26 [atiptaxx.exe]

FilePath : C:\ATI-CPanel ProcessID : 904

ThreadCreationTime : 2004-10-12 19:11:28

BasePriority : Normal

FileVersion : 6.14.10.5061

ProductVersion : 6.14.10.5061

ProductName : ATI Desktop Component

CompanyName : ATI Technologies, Inc.

FileDescription : ATI Desktop Control Panel

InternalName : Atiptaxx.exe

LegalCopyright : Copyright © 1998-2002 ATI Technologies Inc.

OriginalFilename : Atiptaxx.exe

 

#:27 [ctsysvol.exe]

FilePath : C:\Program\Creative\SBAudigy2\Surround Mixer ProcessID : 1108

ThreadCreationTime : 2004-10-12 19:11:28

BasePriority : Normal

FileVersion : 1.1.3.0

ProductVersion : 1.0.0.0

ProductName : Creative Volume Control

CompanyName : Creative Technology Ltd

FileDescription : CTSysVol.exe

LegalCopyright : Copyright © Creative Technology Ltd., 2002. All rights reserved.

OriginalFilename : CTSysVol.exe

 

#:28 [ctdvddet.exe]

FilePath : C:\Program\Creative\SBAudigy2\DVDAudio ProcessID : 1104

ThreadCreationTime : 2004-10-12 19:11:28

BasePriority : Normal

FileVersion : 1.0.2.0

ProductVersion : 1.0.2.0

ProductName : CTDVDDET

CompanyName : Creative Technology Ltd

FileDescription : CTDVDDET

InternalName : CTDVDDET

LegalCopyright : Copyright © Creative Technology Ltd., 2002. All rights reserved.

OriginalFilename : CTDVDDET.EXE

 

#:29 [cthelper.exe]

FilePath : C:\WINDOWS\System32 ProcessID : 1224

ThreadCreationTime : 2004-10-12 19:11:29

BasePriority : Normal

FileVersion : 1, 0, 0, 16

ProductVersion : 1, 0, 0, 16

ProductName : CtHelper Application

CompanyName : Creative Technology Ltd

FileDescription : CtHelper MFC Application

InternalName : CtHelper

LegalCopyright : Copyright © 2002-03

OriginalFilename : CtHelper.EXE

 

#:30 [zlh.exe]

FilePath : C:\NORMAN\Nvc\BIN ProcessID : 2096

ThreadCreationTime : 2004-10-12 19:11:29

BasePriority : Normal

 

 

#:31 [ezsp_px.exe]

FilePath : C:\WINDOWS\System32 ProcessID : 2168

ThreadCreationTime : 2004-10-12 19:11:29

BasePriority : Normal

 

 

#:32 [evntsvc.exe]

FilePath : C:\Program\Delade filer\Real\Update_OB ProcessID : 2220

ThreadCreationTime : 2004-10-12 19:11:29

BasePriority : Normal

FileVersion : 0.1.0.880

ProductVersion : 0.1.0.880

ProductName : RealOne Player (32-bit)

CompanyName : RealNetworks, Inc.

FileDescription : RealNetworks Scheduler

InternalName : schedapp

LegalCopyright : Copyright © RealNetworks, Inc. 1995-2002

LegalTrademarks : RealAudio is a trademark of RealNetworks, Inc.

OriginalFilename : evntsvc.EXE

 

#:33 [hpgs2wnd.exe]

FilePath : C:\Program\Hewlett-Packard\HP Share-to-Web ProcessID : 2248

ThreadCreationTime : 2004-10-12 19:11:29

BasePriority : Normal

FileVersion : 2,4,0,26

ProductVersion : 2,4,0,26

ProductName : Hewlett-Packard hpgs2wnd

CompanyName : Hewlett-Packard

FileDescription : hpgs2wnd

InternalName : hpgs2wnd

LegalCopyright : Copyright © 2001

OriginalFilename : hpgs2wnd.exe

 

#:34 [cclaw.exe]

FilePath : C:\NORMAN\Nvc\BIN ProcessID : 2300

ThreadCreationTime : 2004-10-12 19:11:29

BasePriority : Normal

 

 

#:35 [hpgs2wnf.exe]

FilePath : C:\Program\HEWLET~1\HPSHAR~1 ProcessID : 2360

ThreadCreationTime : 2004-10-12 19:11:30

BasePriority : Normal

FileVersion : 2,4,0,26

ProductVersion : 2,4,0,26

ProductName : hpgs2wnf Module

FileDescription : hpgs2wnf Module

InternalName : hpgs2wnf

LegalCopyright : Copyright 2001

OriginalFilename : hpgs2wnf.EXE

 

#:36 [msnappau.exe]

FilePath : C:\Program\MSN Apps\Updater\01.02.3000.1001\sv ProcessID : 2400

ThreadCreationTime : 2004-10-12 19:11:30

BasePriority : Normal

 

 

#:37 [qttask.exe]

FilePath : C:\Program\QuickTime ProcessID : 2444

ThreadCreationTime : 2004-10-12 19:11:30

BasePriority : Normal

FileVersion : 6.5.1

ProductVersion : QuickTime 6.5.1

ProductName : QuickTime

CompanyName : Apple Computer, Inc.

InternalName : QuickTime Task

LegalCopyright : © Apple Computer, Inc. 2001-2004

OriginalFilename : QTTask.exe

 

#:38 [npfmsg2.exe]

FilePath : C:\NORMAN\Nvc\BIN ProcessID : 2532

ThreadCreationTime : 2004-10-12 19:11:30

BasePriority : Normal

FileVersion : 1, 2, 0, 0

ProductVersion : 1, 2, 0, 0

ProductName : NPFMessenger Application

FileDescription : NPFMessenger MFC Application

InternalName : NPFMessenger

LegalCopyright : Copyright © 2000

OriginalFilename : NPFMessenger.EXE

 

#:39 [ctfmon.exe]

FilePath : C:\WINDOWS\System32 ProcessID : 2540

ThreadCreationTime : 2004-10-12 19:11:30

BasePriority : Normal

FileVersion : 5.1.2600.1106 (xpsp1.020828-1920)

ProductVersion : 5.1.2600.1106

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : CTF Loader

InternalName : CTFMON

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : CTFMON.EXE

 

#:40 [rcman.exe]

FilePath : C:\Program\Creative\MediaSource\RemoteControl ProcessID : 2572

ThreadCreationTime : 2004-10-12 19:11:30

BasePriority : Normal

FileVersion : 1.0.9.0

ProductVersion : 1.00

ProductName : Creative Media Source

CompanyName : Creative Technology Ltd.

FileDescription : Remote Control Manager

InternalName : RcMan

LegalCopyright : Copyright © Creative Technology Ltd.,2002. All rights reserved.

OriginalFilename : RcMan.EXE

 

#:41 [msmsgs.exe]

FilePath : C:\Program\Messenger ProcessID : 2596

ThreadCreationTime : 2004-10-12 19:11:30

BasePriority : Normal

FileVersion : 4.7.2009

ProductVersion : Version 4.7

ProductName : Messenger

CompanyName : Microsoft Corporation

FileDescription : Messenger

InternalName : msmsgs

LegalCopyright : Copyright © Microsoft Corporation 1997-2003

LegalTrademarks : Microsoft® is a registered trademark of Microsoft Corporation in the U.S. and/or other countries.

OriginalFilename : msmsgs.exe

 

#:42 [rndal.exe]

FilePath : C:\Program\Delade filer\Real\Update_OB ProcessID : 2604

ThreadCreationTime : 2004-10-12 19:11:30

BasePriority : Idle

FileVersion : 0.1.0.880

ProductVersion : 0.1.0.880

ProductName : RealOne Player (32-bit)

CompanyName : RealNetworks, Inc.

FileDescription : RealNetworks Dynamic App Launcher

InternalName : wrapperapp

LegalCopyright : Copyright © RealNetworks, Inc. 1995-2002

LegalTrademarks : RealAudio is a trademark of RealNetworks, Inc.

OriginalFilename : rndal.EXE

 

#:43 [spysweeper.exe]

FilePath : C:\Program\Webroot\Spy Sweeper ProcessID : 2612

ThreadCreationTime : 2004-10-12 19:11:31

BasePriority : Normal

FileVersion : 3.2.0.146

ProductVersion : 3.2

ProductName : Spy Sweeper

CompanyName : Webroot Software, Inc.

FileDescription : Spy Sweeper

LegalCopyright : Copyright © 2001-2004 Webroot Software, Inc.

LegalTrademarks : Spy Sweeper is a trademark of Webroot Software, Inc.

 

#:44 [acrotray.exe]

FilePath : C:\Program\Adobe\Acrobat 5.0\Distillr ProcessID : 2644

ThreadCreationTime : 2004-10-12 19:11:31

BasePriority : Normal

FileVersion : 5, 0, 0, 0

ProductVersion : 5, 0, 0, 0

ProductName : AcroTray - Adobe Acrobat Distiller helper application.

CompanyName : Adobe Systems Inc.

FileDescription : AcroTray

InternalName : AcroTray

LegalCopyright : Copyright © 2001

OriginalFilename : AcroTray.exe

 

#:45 [smartcertmover.exe]

FilePath : C:\Program\SmartTrust\SmartTrust Personal\Csp ProcessID : 2668

ThreadCreationTime : 2004-10-12 19:11:31

BasePriority : Normal

 

 

#:46 [wincinemamgr.exe]

FilePath : C:\Program\InterVideo\Common\Bin ProcessID : 2684

ThreadCreationTime : 2004-10-12 19:11:31

BasePriority : Normal

FileVersion : 1.0

ProductVersion : 1, 0, 0, 1

ProductName : WinCinema Manager for InterVideo WinCinema products

FileDescription : WinCinema Manager

InternalName : WinCinema Manager

LegalCopyright : Copyright © 2000 InterVideo Inc.

OriginalFilename : WinCinemaMgr.EXE

 

#:47 [wfxsnt40.exe]

FilePath : C:\WINDOWS\system32 ProcessID : 2724

ThreadCreationTime : 2004-10-12 19:11:31

BasePriority : Normal

FileVersion : 7.00 (Build 019)

ProductVersion : 7.00 (Build 019)

ProductName : Microsoft ® Windows NT WinFax Printer Driver

CompanyName : Microsoft Corporation

FileDescription : Delrina Fax Port Launcher

InternalName : WFXSNT40.DLL

LegalCopyright : Copyright © Symantec Corp. 1990-1997

OriginalFilename : WFXSNT40.DLL

 

#:48 [wfxctl32.exe]

FilePath : C:\Program\Symantec\WinFax ProcessID : 2736

ThreadCreationTime : 2004-10-12 19:11:31

BasePriority : Normal

 

 

#:49 [wfxmod32.exe]

FilePath : C:\Program\Symantec\WinFax ProcessID : 3500

ThreadCreationTime : 2004-10-12 19:11:42

BasePriority : High

 

 

#:50 [ad-aware.exe]

FilePath : C:\Program\Lavasoft\Ad-Aware SE Personal ProcessID : 2076

ThreadCreationTime : 2004-10-12 19:12:02

BasePriority : Normal

FileVersion : 6.2.0.206

ProductVersion : VI.Second Edition

ProductName : Lavasoft Ad-Aware SE

CompanyName : Lavasoft Sweden

FileDescription : Ad-Aware SE Core application

InternalName : Ad-Aware.exe

LegalCopyright : Copyright © Lavasoft Sweden

OriginalFilename : Ad-Aware.exe

Comments : All Rights Reserved

 

#:51 [niu.exe]

FilePath : C:\NORMAN\Nvc\Bin ProcessID : 2508

ThreadCreationTime : 2004-10-12 19:13:30

BasePriority : Normal

 

 

Memory scan result:

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

New critical objects: 0

Objects found so far: 0

 

 

Started registry scan

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

 

AdLogix Object Recognized!

Type : Regkey

Data :

Category : Malware

Comment :

Rootkey : HKEY_CLASSES_ROOT

Object : typelib\{4d84a744-c3dd-4bff-b119-ac08f54714d7}

 

Windows Object Recognized!

Type : RegData

Data : explorer.exe c:\windows\system32\fservice.exe

Category : Vulnerability

Comment : Shell Possibly Compromised

Rootkey : HKEY_LOCAL_MACHINE

Object : software\microsoft\windows nt\currentversion\winlogon

Value : Shell

Data : explorer.exe c:\windows\system32\fservice.exe

 

Registry Scan result:

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

New critical objects: 2

Objects found so far: 2

 

 

Started deep registry scan

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

 

Deep registry scan result:

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

New critical objects: 0

Objects found so far: 2

 

 

Started Tracking Cookie scan

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

 

 

Tracking cookie scan result:

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

New critical objects: 0

Objects found so far: 2

 

 

 

Deep scanning and examining files (C:)

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

 

Disk Scan Result for C:»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

New critical objects: 0

Objects found so far: 2

 

 

Scanning Hosts file......

Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts".

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

 

Hosts file scan result:

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

1 entries scanned.

New critical objects:0

Objects found so far: 2

 

 

 

 

Performing conditional scans...

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

 

Conditional scan result:

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

New critical objects: 0

Objects found so far: 2

 

21:28:16 Scan Complete

 

Summary Of This Scan

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Total scanning time:00:14:42.360

Objects scanned:178990

Objects identified:2

Objects ignored:0

New critical objects:2

[/log]

 

 

HiJackThis:

 

[log]Logfile of HijackThis v1.98.2

Scan saved at 21:31:51, on 2004-10-12

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\System32\CTSvcCDA.EXE

C:\Program\Delade filer\Microsoft Shared\VS7Debug\mdm.exe

C:\NORMAN\Nvc\BIN\NPFSVICE.EXE

C:\Norman\NVC\BIN\Zanda.exe

C:\WINDOWS\System32\SCardSvr.exe

C:\WINDOWS\system32\Smartscaps.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\wbem\wmiprvse.exe

C:\NORMAN\Nvc\BIN\NJEEVES.EXE

C:\NORMAN\Nvc\BIN\nvcoas.exe

C:\NORMAN\Nvc\BIN\NVCSCHED.EXE

C:\NORMAN\Nvc\BIN\nipsvc.exe

C:\WINDOWS\Explorer.exe

C:\ATI-CPanel\atiptaxx.exe

C:\Program\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe

C:\Program\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE

C:\WINDOWS\System32\CTHELPER.EXE

C:\NORMAN\Nvc\BIN\ZLH.EXE

C:\WINDOWS\System32\ezSP_Px.exe

C:\Program\Delade filer\Real\Update_OB\evntsvc.exe

C:\Program\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe

C:\NORMAN\Nvc\BIN\cclaw.exe

C:\Program\HEWLET~1\HPSHAR~1\hpgs2wnf.exe

C:\Program\MSN Apps\Updater\01.02.3000.1001\sv\msnappau.exe

C:\Program\QuickTime\qttask.exe

C:\NORMAN\Nvc\BIN\npfmsg2.exe

C:\WINDOWS\System32\ctfmon.exe

C:\Program\Creative\MediaSource\RemoteControl\RcMan.exe

C:\Program\Messenger\msmsgs.exe

C:\Program\Webroot\Spy Sweeper\SpySweeper.exe

C:\Program\Adobe\Acrobat 5.0\Distillr\AcroTray.exe

C:\Program\SmartTrust\SmartTrust Personal\Csp\SmartCertmover.exe

C:\Program\InterVideo\Common\Bin\WinCinemaMgr.exe

C:\WINDOWS\system32\wfxsnt40.exe

C:\Program\Symantec\WinFax\wfxctl32.exe

C:\Program\Symantec\WinFax\WFXMOD32.EXE

C:\HiJack\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.se

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar

F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\system32\fservice.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program\SPYBOT~1\SDHelper.dll

O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program\MSN Apps\ST\01.02.3000.1002\en-xu\stmain.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program\google\googletoolbar2.dll

O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program\MSN Apps\MSN Toolbar\01.02.3000.1001\sv\msntb.dll

O2 - BHO: SDWin32 Class - {C798639E-15DE-4D11-99E6-D3CEBB0C4353} - C:\WINDOWS\System32\jtxzn.dll (file missing)

O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program\MSN Apps\MSN Toolbar\01.02.3000.1001\sv\msntb.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program\google\googletoolbar2.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe

O4 - HKLM\..\Run: [ATIPTA] C:\ATI-CPanel\atiptaxx.exe

O4 - HKLM\..\Run: [CTSysVol] "C:\Program\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe"

O4 - HKLM\..\Run: [CTDVDDet] C:\Program\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE

O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE

O4 - HKLM\..\Run: [AsioReg] REGSVR32.EXE /S CTASIO.DLL

O4 - HKLM\..\Run: [sBDrvDet] "C:\Program\Creative\SB Drive Det\SBDrvDet.exe" /r

O4 - HKLM\..\Run: [updReg] C:\WINDOWS\UpdReg.EXE

O4 - HKLM\..\Run: [Norman ZANDA] C:\NORMAN\Nvc\BIN\ZLH.EXE /LOAD /SPLASH

O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe

O4 - HKLM\..\Run: [TkBellExe] C:\Program\Delade filer\Real\Update_OB\evntsvc.exe -osboot

O4 - HKLM\..\Run: [share-to-Web Namespace Daemon] "C:\Program\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe"

O4 - HKLM\..\Run: [PSDrvCheck] "c:\program\pinnacle\liquid edition demo\program\PSDrvCheck.exe" -CheckReg

O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe -CheckReg

O4 - HKLM\..\Run: [msnappau] "C:\Program\MSN Apps\Updater\01.02.3000.1001\sv\msnappau.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [THGuard] "C:\Program\TrojanHunter 4.0\THGuard.exe"

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe

O4 - HKCU\..\Run: [RemoteCenter] C:\Program\Creative\MediaSource\RemoteControl\RcMan.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Program\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [spySweeper] "C:\Program\Webroot\Spy Sweeper\SpySweeper.exe" /0

O4 - Startup: WinFax Application Port Starter.lnk = C:\WINDOWS\system32\wfxsnt40.exe

O4 - Startup: WinFax PRO Controller.lnk = C:\Program\Symantec\WinFax\wfxctl32.exe

O4 - Global Startup: Acrobat Assistant.lnk = C:\Program\Adobe\Acrobat 5.0\Distillr\AcroTray.exe

O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program\Delade filer\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Certificate Mover.lnk = ?

O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program\InterVideo\Common\Bin\WinCinemaMgr.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program\Microsoft Office\Office10\OSA.EXE

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\MSMSGS.EXE

O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\MSMSGS.EXE

O12 - Plugin for .spop: C:\Program\Internet Explorer\Plugins\NPDocBox.dll

O16 - DPF: {6F74F92E-8DD8-4DDE-8FB8-CBB882A68048} (Microsoft Office XP Professional Step by Step Interactive) - file://C:\Program\Microsoft interaktiv träning\O10C\mitm0026.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{2B8781EC-5B2C-44BB-9D68-EE70365BFE17}: NameServer = 195.67.199.18,195.67.199.19

[/log]

 

 

Hälsningar

 

 

 

 

 

Link to comment
Share on other sites

Hej

 

Kan det vara så att jag oavsiktligt satte myror i huvudet på dig genom att jag fick för mig att jag skulle stänga av några automatstartade program som jag inte tyckte behövde vara igång. Som t ex WinFax, QuickTime, SmartTrust, SpySweeper och Windows Messenger. Dom syns ju inte i aktivitetsfältet i felsäkert läge, så jag trodde inte dom var igång där.

Jo, nog har det här satt myror i huvudet på mig. Det är otroligt viktigt att följa de rekommendationer som ges, allt för att underlätta arbetet för oss allihop.

 

 

C:\WINDOWS\system32\fservice.exe

(fservice.exe)<-Delita:

C:\WINDOWS\System32\hrileal.exe

(hrileal.exe)<-Delita:

C:\WINDOWS\System32\jtxzn.dll

(jtxzn.dll)<-Delita:

De här var de enda filerna jag såg och bad dig delita. De övriga du uppger är/var inte synlig.

 

Vad är Offlineinnehållet? Cookies har jag sett på mer än ett ställe, inte bara under "lokala inställningar". Ska man radera alla man hittar?

Då vi ber om att allt skall tömmas, så ser vi helst att så sker. :)

Offlineinnehållet, där samlas det filer (bla Cookies) av olika slag som har med Internet att göra.

 

 

Och nu undrar jag i vilket läge du har scannat i då det gäller de här två loggorna?

 

MVH/Malou

****Ha en fortsatt underbar dag****

 

Team Lavasoft

Lavasupporten

 

 

Link to comment
Share on other sites

Hej Malou!

 

Då vi ber om att allt skall tömmas, så ser vi helst att så sker.

Offlineinnehållet, där samlas det filer (bla Cookies) av olika slag som har med Internet att göra.

 

Jo, jag försöker verkligen följa anvisningarna, men jag vet inte vad du menar med "Offlineinnehållet". Jag vet dock att jag sett Cookies på något annat ställe än under "Lokala inställningar". Ska jag söka på hela disken och radera alla Cookies jag hittar?

 

Scanningen har skett i normalläge den här gången, med nätverkskabeln utdragen. (Nu gick det i alla fall att slutföra AdAwares "full system scan" i normalläge utan att XP kraschade!)

 

Mvh

/Hultas

 

Link to comment
Share on other sites

Hej Hultas :)

 

Jo, jag försöker verkligen följa anvisningarna, men jag vet inte vad du menar med "Offlineinnehållet".

Låter bra :thumbsup:

 

Offlineinnehållet:

För att rensa här kan du göra så här:

Gå in på "Verktyg" -> Internet-Alternativ -> fliken "Allmänt" -> kategori "Tillfälliga Internet-filer" -> välj "Ta bort filer" -> Ny ruta dyker upp "Ta bort filer" här ser du en vit ruta där det står "Ta bort allt offlineinnehåll" bocka i den rutan -> klicka på Ok-knappen sedan Ok-Knappen igen. Så nu har du rensat Offlineinnehållet.

 

Du kan även göra samma procedur via Interneticonen (om du har någon) via skrivbordet.

Högerklicka på iconen -> välj Egenskaper och du hamnar nu på samma ställe som ovanstående beskrivning.

 

Hoppas att jag har gett dig ett svar på din fråga ang Offlineinnehållet *ler*

 

Scanningen har skett i normalläge den här gången, med nätverkskabeln utdragen. (Nu gick det i alla fall att slutföra AdAwares "full system scan" i normalläge utan att XP kraschade!)

Det här låter alldeles perfekt tycker jag. Äntligen *ler*

 

Återkommer lite senare idag ang dina loggor och vad vi skall göra.

 

MVH/Malou

****Ha en fortsatt underbar dag****

 

Team Lavasoft

Lavasupporten

 

 

Link to comment
Share on other sites

Hej Hultas :)

 

Då börjar vi med din Ad-Aware först för att sedan hoppa över till HJT-loggen lite senare.

 

Du kommer att känna igen någon procedur som du tidigare gjort här i tråden, men nu går vi vidare med lite fler steg.

Viktigt att nedanstående följ:

 

För att rensa din dator. Öppna/Starta Ad-Aware SE och klicka på Check for updates now.

Vidare, följ nedanstående steg:

 

Gör online-scanningar:

TrendMicro:

http://housecall.trendmicro.com/

Panda-Onlinescanning:

http://www.pandasoftware.com/activescan/com/activescan_principal.htm

 

 

A. Det är viktigt att du "rensar/tömmer" följande mappar (Men ta inte bort själva mappen/mapparna) .

Logga ut från Internet (För Bredband/Cabel Användare, det rekommenderas att dra ur nätverkskabeln) och Stäng alla öppna fönster/program.

1. C:\Windows\Temp

2. C:\Documents and Settings\<Ditt Användarnamn>\Local Settings\Temporary Internet Files\ <=Det här tömmer Cachen, Temporära Internetfiler och Cookies.

3. C:\Documents and Settings\<Ditt Användarnamn>\Local Settings\Temp

Om ni är fler användare på datorn. Gör även steg 4 och 5:

4. C:\Documents and Settings\<Övrigas användares Användarnamn>\Local Settings\Temporary Internet Files

5. C:\Documents and Settings\<Övriga användares Användarnamn>\Local Settings\Temp

6. Töm "Papperskorgen"

 

B. Starta om datorn. Starta "Öppna/Starta inga program" eller "Starta inte Internet".

1. Öppna/Starta Ad-Aware SE scanna i Full System Scan.

2. När scanningen är klar, välj "Next".

3. Klicka på "Scan Summary" fliken i resultatfönstret.

4. Klicka på + tecknet i boxen "target family" och välj det du vill ta bort/delita.

5. Klicka på Next. Klicka OK.

 

C. Starta om datorn. "Öppna/Starta inga program"

1. Öppna/Starta Ad-Aware SE scanna i Full System Scan.

2. När Scanningen är klar, välj "Next".

3. Klicka på "Scan Summary" fliken i resultatfönstret.

4. Kontrollera alla hittade objekt "Critical Objects" fliken och välj det du vill ta bort/delita.

5. Klicka på Next. Klicka på OK.

6. Starta om datorn och gör en ny scanning med Ad-Awaren i Full System Scan.

Lägg in Ad-Awareloggen här:

 

Lycka till

 

MVH/Malou

****Ha en fortsatt underbar dag****

 

Team Lavasoft

Lavasupporten

 

 

[inlägget ändrat 2004-10-13 17:10:08 av malou jansson]

[inlägget ändrat 2004-10-13 17:11:23 av malou jansson]

[inlägget ändrat 2004-10-13 17:12:25 av malou jansson]

[inlägget ändrat 2004-10-13 17:14:13 av malou jansson]

Link to comment
Share on other sites

Hej Hultas :)

Åker bort några dar och hör av mig igen när jag kommer hem.

Ok.

Passa på att vila upp dig och ha det bra, för sen blir det jobba av :)

 

 

MVH/Malou

 

****Ha en fortsatt underbar dag****

 

Team Lavasoft

Lavasupporten

 

 

Link to comment
Share on other sites

Hej!

Är nu hemma igen och har scannat enligt anvisningarna efter bästa förmåga.

 

Trendmicro meddelade att följande filer innehöll virus och att de skulle vara "disinfected":

sservice.exe

fservice.exe

winkey.dll

wininv.dll

De finns ändå kvar vid nästa scanning och "åtgärdas" på nytt utan resultat.

 

Vid scanning med Pandasoftware/activescan händer ungefär samma sak, men ikväll uppfattade den dessutom över trehundra jpg-filer som smittade och renamade dem. Jag bifogar även loggen från igår kväll, eftersom den från i kväll är häftigt stor.

 

Activescan 2004-10-18:

[log]Incident Status Location

 

Virus:Bck/Vicer.A Disinfected Operating system

Virus:Bck/Prorat.D Disinfected C:\WINDOWS\services.exe

Virus:Bck/Prorat.D Disinfected C:\WINDOWS\system\sservice.exe

Virus:Bck/Prorat.D Disinfected C:\WINDOWS\system32\fservice.exe

Virus:Bck/Vicer.A Renamed C:\WINDOWS\system32\wininv.dll

Virus:Bck/Prorat.A Renamed C:\WINDOWS\system32\winkey.dll

[/log]

 

Activescan 2004-10-19:

 

[log]Incident Status Location

 

Virus:Bck/Vicer.A Disinfected Operating system

Virus:Exploit/MS04-028.gen Renamed C:\Documents and Settings\All Users\Dokument\Bilder\2004\20040306 Flen dragspelsgala\IMG_0008.JPG

Virus:Exploit/MS04-028.gen Renamed C:\Documents and Settings\All Users\Dokument\Bilder\2004\20040402 Köpenhamn\20040402 Köpenhamn 01.jpg

Virus:Exploit/MS04-028.gen Renamed C:\Documents and Settings\All Users\Dokument\Bilder\2004\20040402 Köpenhamn\20040402 Köpenhamn 02.jpg

Virus:Exploit/MS04-028.gen Renamed C:\Documents and Settings\All Users\Dokument\Bilder\2004\20040402 Köpenhamn\20040402 Köpenhamn 04.jpg

Virus:Exploit/MS04-028.gen Renamed C:\Documents and Settings\All Users\Dokument\Bilder\2004\20040402 Köpenhamn\20040402 Köpenhamn 05.jpg

Virus:Exploit/MS04-028.gen Renamed C:\Documents and Settings\All Users\Dokument\Bilder\2004\20040402 Köpenhamn\20040402 Köpenhamn 06.jpg

Virus:Exploit/MS04-028.gen Renamed C:\Documents and Settings\All Users\Dokument\Bilder\2004\20040402 Köpenhamn\20040402 Köpenhamn 07.jpg

Virus:Exploit/MS04-028.gen Renamed C:\Documents and Settings\All Users\Dokument\Bilder\2004\20040402 Köpenhamn\20040402 Köpenhamn 13.jpg

Virus:Exploit/MS04-028.gen Renamed C:\Documents and Settings\All Users\Dokument\Bilder\2004\20040402 Köpenhamn\20040402 Köpenhamn 14.jpg

Virus:Exploit/MS04-028.gen Renamed C:\Documents and Settings\All Users\Dokument\Bilder\2004\20040402 Köpenhamn\20040402 Köpenhamn 15.jpg

Virus:Exploit/MS04-028.gen Renamed C:\Documents and Settings\All Users\Dokument\Bilder\2004\20040402 Köpenhamn\20040402 Köpenhamn 20.jpg

Virus:Exploit/MS04-028.gen Renamed C:\Documents and Settings\All Users\Dokument\Bilder\2004\20040402 Köpenhamn\20040402 Köpenhamn 21.jpg

Virus:Exploit/MS04-028.gen Renamed C:\Documents and Settings\All Users\Dokument\Bilder\2004\20040402 Köpenhamn\20040402 Köpenhamn 22.jpg

Virus:Exploit/MS04-028.gen Renamed C:\Documents and Settings\All Users\Dokument\Bilder\2004\20040402 Köpenhamn\20040402 Köpenhamn 23.jpg

Virus:Exploit/MS04-028.gen Renamed C:\Documents and Settings\All Users\Dokument\Bilder\2004\20040402 Köpenhamn\20040402 Köpenhamn 24.jpg

Virus:Exploit/MS04-028.gen Renamed C:\Documents and Settings\All Users\Dokument\Bilder\2004\20040402 Köpenhamn\20040402 Köpenhamn 31.jpg

Virus:Exploit/MS04-028.gen Renamed C:\Documents and Settings\All Users\Dokument\Bilder\2004\20040402 Köpenhamn\20040402 Köpenhamn 32.jpg

Virus:Exploit/MS04-028.gen Renamed C:\Documents and Settings\All Users\Dokument\Bilder\2004\20040402 Köpenhamn\20040402 Köpenhamn 33.jpg

Virus:Exploit/MS04-028.gen Renamed C:\Documents and Settings\All Users\Dokument\Bilder\2004\20040402 Köpenhamn\20040402 Köpenhamn 34.jpg

Virus:Exploit/MS04-028.gen Renamed C:\Documents and Settings\All Users\Dokument\Bilder\2004\20040402 Köpenhamn\20040402 Köpenhamn 35.jpg

Virus:Exploit/MS04-028.gen Renamed C:\Documents and Settings\All Users\Dokument\Bilder\2004\20040402 Köpenhamn\20040402 Köpenhamn 36.jpg

Virus:Exploit/MS04-028.gen Renamed C:\Documents and Settings\All Users\Dokument\Bilder\2004\20040402 Köpenhamn\20040402 Köpenhamn 37.jpg

Virus:Exploit/MS04-028.gen Renamed C:\Documents and Settings\All Users\Dokument\Bilder\2004\20040402 Köpenhamn\20040402 Köpenhamn 38.jpg

Virus:Exploit/MS04-028.gen Renamed C:\Documents and Settings\All Users\Dokument\Bilder\2004\20040403 Köpenhamn\CIMG0067.JPG

Virus:Exploit/MS04-028.gen Renamed C:\Documents and Settings\All Users\Dokument\Bilder\2004\20040403 Köpenhamn\CIMG0068.JPG

Virus:Exploit/MS04-028.gen Renamed C:\Documents and Settings\All Users\Dokument\Bilder\2004\20040403 Köpenhamn\CIMG0069.JPG

Virus:Exploit/MS04-028.gen Renamed C:\Documents and Settings\All Users\Dokument\Bilder\2004\20040403 Köpenhamn\CIMG0070.JPG

Virus:Exploit/MS04-028.gen Renamed C:\Documents and Settings\All Users\Dokument\Bilder\2004\20040403 Köpenhamn\CIMG0071.JPG

Virus:Exploit/MS04-028.gen Renamed C:\Documents and Settings\All Users\Dokument\Bilder\2004\20040403 Köpenhamn\CIMG0072.JPG

Virus:Exploit/MS04-028.gen Renamed C:\Documents and Settings\All Users\Dokument\Bilder\2004\20040403 Köpenhamn\CIMG0073.JPG

Virus:Exploit/MS04-028.gen Renamed C:\Documents and Settings\All Users\Dokument\Bilder\2004\20040403 Köpenhamn\CIMG0075.JPG

Virus:Exploit/MS04-028.gen Renamed C:\Documents and Settings\All Users\Dokument\Bilder\2004\20040403 Köpenhamn\CIMG0076.JPG

Virus:Exploit/MS04-028.gen Renamed C:\Documents and Settings\All Users\Dokument\Bilder\2004\20040403 Köpenhamn\CIMG0077.JPG

Virus:Exploit/MS04-028.gen Renamed C:\Documents and Settings\All Users\Dokument\Bilder\2004\20040403 Köpenhamn\CIMG0078.JPG

Virus:Exploit/MS04-028.gen Renamed C:\Documents and Settings\All Users\Dokument\Bilder\2004\20040403 Köpenhamn\CIMG0079.JPG

Virus:Exploit/MS04-028.gen Renamed C:\Documents and Settings\All Users\Dokument\Bilder\2004\20040403 Köpenhamn\CIMG0080.JPG

Virus:Exploit/MS04-028.gen Renamed C:\Documents and Settings\All Users\Dokument\Bilder\2004\20040403 Köpenhamn\CIMG0081.JPG

Virus:Exploit/MS04-028.gen Renamed C:\Documents and Settings\All Users\Dokument\Bilder\2004\20040403 Köpenhamn\CIMG0082.JPG

Virus:Exploit/MS04-028.gen Renamed C:\Documents and Settings\All Users\Dokument\Bilder\2004\20040403 Köpenhamn\CIMG0083.JPG

Virus:Exploit/MS04-028.gen Renamed C:\Documents and Settings\All Users\Dokument\Bilder\2004\20040403 Köpenhamn\CIMG0084.JPG

Virus:Exploit/MS04-028.gen Renamed C:\Documents and Settings\All Users\Dokument\Bilder\2004\20040403 Köpenhamn\CIMG0086.JPG

Virus:Exploit/MS04-028.gen Renamed C:\Documents and Settings\All Users\Dokument\Bilder\2004\20040403 Köpenhamn\CIMG0087.JPG

Virus:Exploit/MS04-028.gen Renamed C:\Documents and Settings\All Users\Dokument\Bilder\2004\20040403 Köpenhamn\CIMG0088.JPG

Virus:Exploit/MS04-028.gen Renamed C:\Documents and Settings\All Users\Dokument\Bilder\2004\20040404 Köpenhamn\CIMG0093.JPG

Virus:Exploit/MS04-028.gen Renamed C:\Documents and Settings\All Users\Dokument\Bilder\2004\20040404 Köpenhamn\CIMG0094.JPG

Virus:Exploit/MS04-028.gen Renamed C:\Documents and Settings\All Users\Dokument\Bilder\2004\20040404 Köpenhamn\CIMG0095.JPG

Virus:Exploit/MS04-028.gen Renamed C:\Documents and Settings\All Users\Dokument\Bilder\2004\20040404 Köpenhamn\CIMG0096.JPG

Virus:Exploit/MS04-028.gen Renamed C:\Documents and Settings\All Users\Dokument\Bilder\2004\20040404 Köpenhamn\CIMG0119.JPG

Virus:Exploit/MS04-028.gen Renamed C:\Documents and Settings\All Users\Dokument\Bilder\2004\20040404 Köpenhamn\CIMG0120.JPG

Virus:Exploit/MS04-028.gen Renamed C:\Documents and Settings\All Users\Dokument\Bilder\2004\20040404 Köpenhamn\CIMG0121.JPG

Virus:Exploit/MS04-028.gen Renamed C:\Documents and Settings\All Users\Dokument\Bilder\2004\20040404 Köpenhamn\CIMG0122.JPG

Virus:Exploit/MS04-028.gen Renamed C:\Documents and Settings\All Users\Dokument\Bilder\2004\20040404 Köpenhamn\CIMG0123.JPG

Virus:Exploit/MS04-028.gen Renamed C:\Documents and Settings\All Users\Dokument\Bilder\2004\20040404 Köpenhamn\CIMG0124.JPG

Virus:Exploit/MS04-028.gen Renamed C:\Documents and Settings\All Users\Dokument\Bilder\2004\20040405 Nisse och Gunnar 13 år\ Nils och Gunnar 13 år 01.JPG

Virus:Exploit/MS04-028.gen Renamed C:\Documents and Settings\All Users\Dokument\Bilder\2004\20040405 Nisse och Gunnar 13 år\ Nils och Gunnar 13 år 02.JPG

Virus:Exploit/MS04-028.gen Renamed C:\Documents and Settings\All Users\Dokument\Bilder\2004\20040405 Nisse och Gunnar 13 år\ Nils och Gunnar 13 år 08.JPG

Virus:Exploit/MS04-028.gen Renamed C:\Documents and Settings\All Users\Dokument\Bilder\2004\20040405 Nisse och Gunnar 13 år\ Nils och Gunnar 13 år 10.JPG

Virus:Exploit/MS04-028.gen Renamed C:\Documents and Settings\All Users\Dokument\Bilder\2004\20040405 Nisse och Gunnar 13 år\ Nils och Gunnar 13 år 11.JPG

Virus:Exploit/MS04-028.gen Renamed C:\Documents and Settings\All Users\Dokument\Bilder\2004\20040405 Nisse och Gunnar 13 år\ Nils och Gunnar 13 år 12.JPG

Virus:Exploit/MS04-028.gen Renamed C:\Documents and Settings\All Users\Dokument\Bilder\2004\20040405 Nisse och Gunnar 13 år\ Nils och Gunnar 13 år 13.JPG

Virus:Exploit/MS04-028.gen Renamed C:\Documents and Settings\All Users\Dokument\Bilder\2004\20040405 Nisse och Gunnar 13 år\ Nils och Gunnar 13 år 14.JPG

Virus:Exploit/MS04-028.gen Renamed C:\Documents and Settings\All Users\Dokument\Bilder\2004\20040408\20040408 Åkersberga 001.jpg

Virus:Exploit/MS04-028.gen Renamed C:\Documents and Settings\All Users\Dokument\Bilder\2004\20040408\20040408 Åkersberga 002.jpg

Virus:Exploit/MS04-028.gen Renamed C:\Documents and Settings\All Users\Dokument\Bilder\2004\20040408\20040408 Åkersberga 022.jpg

Virus:Exploit/MS04-028.gen Renamed C:\Documents and Settings\All Users\Dokument\Bilder\2004\20040408\20040408 Åkersberga 023.jpg

Virus:Exploit/MS04-028.gen Renamed C:\Documents and Settings\All Users\Dokument\Bilder\2004\20040408\20040408 Åkersberga 024.jpg

Virus:Exploit/MS04-028.gen Renamed C:\Documents and Settings\All Users\Dokument\Bilder\2004\20040408\20040408 Åkersberga 025.jpg

Virus:Exploit/MS04-028.gen Renamed C:\Documents and Settings\All Users\Dokument\Bilder\2004\20040408\20040408 Åkersberga 028.jpg

Virus:Exploit/MS04-028.gen Renamed C:\Documents and Settings\All Users\Dokument\Bilder\2004\20040408\20040408 Åkersberga 029.jpg

Virus:Exploit/MS04-028.gen Renamed C:\Documents and Settings\All Users\Dokument\Bilder\2004\20040410 Påskafton\Påskafton 2004 001.jpg

Virus:Exploit/MS04-028.gen Renamed C:\Documents and Settings\All Users\Dokument\Bilder\2004\20040410 Påskafton\Påskafton 2004 002.jpg

Virus:Exploit/MS04-028.gen Renamed C:\Documents and Settings\All Users\Dokument\Bilder\2004\20040410 Påskafton\Påskafton 2004 003.jpg

Virus:Exploit/MS04-028.gen Renamed C:\Documents and Settings\All Users\Dokument\Bilder\2004\20040410 Påskafton\Påskafton 2004 004.jpg

Virus:Exploit/MS04-028.gen Renamed C:\Documents and Settings\All Users\Dokument\Bilder\2004\20040410 Påskafton\Påskafton 2004 005.jpg

Virus:Exploit/MS04-028.gen Renamed C:\Documents and Settings\All Users\Dokument\Bilder\2004\20040410 Påskafton\Påskafton 2004 006.jpg

Virus:Exploit/MS04-028.gen Renamed C:\Documents and Settings\All Users\Dokument\Bilder\2004\20040410 Påskafton\Påskafton 2004 007.jpg

Virus:Exploit/MS04-028.gen Renamed C:\Documents and Settings\All Users\Dokument\Bilder\2004\20040410 Påskafton\Påskafton 2004 008.jpg

Virus:Exploit/MS04-028.gen Renamed C:\Documents and Settings\All Users\Dokument\Bilder\2004\20040410 Påskafton\Påskafton 2004 009.jpg

Virus:Exploit/MS04-028.gen Renamed C:\Documents and Settings\All Users\Dokument\Bilder\2004\20040410 Påskafton\Påskafton 2004 010.jpg

Virus:Exploit/MS04-028.gen Renamed C:\Documents and Settings\All Users\Dokument\Bilder\2004\20040410 Påskafton\Påskafton 2004 011.jpg

Virus:Exploit/MS04-028.gen Renamed C:\Documents and Settings\All Users\Dokument\Bilder\2004\20040410 Påskafton\Påskafton 2004 014.jpg

Virus:Exploit/MS04-028.gen Renamed C:\Documents and Settings\All Users\Dokument\Bilder\2004\20040410 Påskafton\Påskafton 2004 015.jpg

Virus:Exploit/MS04-028.gen Renamed C:\Documents and Settings\All Users\Dokument\Bilder\2004\20040410 Påskafton\Påskafton 2004 016.jpg

Virus:Exploit/MS04-028.gen Renamed C:\Documents and Settings\All Users\Dokument\Bilder\2004\20040410 Påskafton\Påskafton 2004 024.jpg

Virus:Exploit/MS04-028.gen Renamed C:\Documents and Settings\All Users\Dokument\Bilder\2004\20040410 Påskafton\Påskafton 2004 025.jpg

Virus:Exploit/MS04-028.gen Renamed C:\Documents and Settings\All Users\Dokument\Bilder\2004\20040410 Påskafton\Påskafton 2004 026.jpg

Virus:Exploit/MS04-028.gen Renamed C:\Documents and Settings\All Users\Dokument\Bilder\2004\20040410 Påskafton\Påskafton 2004 027.jpg

Virus:Exploit/MS04-028.gen Renamed C:\Documents and Settings\All Users\Dokument\Bilder\2004\20040410 Påskafton\Påskafton 2004 028.jpg

Virus:Exploit/MS04-028.gen Renamed C:\Documents and Settings\All Users\Dokument\Bilder\2004\20040410 Påskafton\Påskafton 2004 029.jpg

Virus:Exploit/MS04-028.gen Renamed C:\Documents and Settings\All Users\Dokument\Bilder\2004\20040410 Påskafton\Påskafton 2004 030.jpg

Virus:Exploit/MS04-028.gen Renamed C:\Documents and Settings\All Users\Dokument\Bilder\2004\20040411\20040411 Kopparmora 006.jpg

Virus:Exploit/MS04-028.gen Renamed C:\Documents and Settings\All Users\Dokument\Bilder\2004\20040411\20040411 Kopparmora 010.jpg

Virus:Exploit/MS04-028.gen Renamed C:\Documents and Settings\All Users\Dokument\Bilder\2004\20040411\20040411 Kopparmora 011.jpg

Virus:Exploit/MS04-028.gen Renamed C:\Documents and Settings\All Users\Dokument\Bilder\2004\20040411\20040411 Kopparmora 012.jpg

Virus:Exploit/MS04-028.gen Renamed C:\Documents and Settings\All Users\Dokument\Bilder\2004\20040411\20040411 Kopparmora 013.jpg

Virus:Exploit/MS04-028.gen Renamed C:\Documents and Settings\All Users\Dokument\Bilder\2004\20040411\20040411 Kopparmora 015.jpg

Virus:Exploit/MS04-028.gen Renamed C:\Documents and Settings\All Users\Dokument\Bilder\2004\20040411\20040411 Kopparmora 016.jpg

Virus:Exploit/MS04-028.gen Renamed C:\Documents and Settings\All Users\Dokument\Bilder\2004\20040411\20040411 Kopparmora 017.jpg

Virus:Exploit/MS04-028.gen Renamed C:\Documents and Settings\All Users\Dokument\Bilder\2004\20040427\20040427 008.jpg

Virus:Exploit/MS04-028.gen Renamed C:\Documents and Settings\All Users\Dokument\Bilder\2004\20040428\20040428 006.jpg

Virus:Exploit/MS04-028.gen Renamed C:\Documents and Settings\All Users\Dokument\Bilder\2004\20040428\20040428 007.jpg

Virus:Exploit/MS04-028.gen Renamed C:\Documents and Settings\All Users\Dokument\Bilder\2004\20040428\20040428 016.jpg

Virus:Exploit/MS04-028.gen Renamed C:\Documents and Settings\All Users\Dokument\Bilder\2004\20040428\20040428 017.jpg

Virus:Exploit/MS04-028.gen Renamed C:\Documents and Settings\All Users\Dokument\Bilder\2004\20040428\20040428 020.jpg

Virus:Exploit/MS04-028.gen Renamed C:\Documents and Settings\All Users\Dokument\Bilder\2004\20040428\20040428 026.jpg

Virus:Exploit/MS04-028.gen Renamed C:\Documents and Settings\All Users\Dokument\Bilder\2004\20040429\20040429 032.jpg

Virus:Exploit/MS04-028.gen Renamed C:\Documents and Settings\All Users\Dokument\Bilder\2004\20040429\20040429 035.jpg

Virus:Exploit/MS04-028.gen Renamed C:\Documents and Settings\All Users\Dokument\Bilder\2004\20040430\20040430 005.jpg

Virus:Exploit/MS04-028.gen Renamed C:\Documents and Settings\All Users\Dokument\Bilder\2004\20040501\20040501 002.jpg

Virus:Exploit/MS04-028.gen Renamed C:\Documents and Settings\All Users\Dokument\Bilder\2004\20040501\20040501 003.jpg

Virus:Exploit/MS04-028.gen Renamed C:\Documents and Settings\All Users\Dokument\Bilder\2004\20040501\20040501 020.jpg

Virus:Exploit/MS04-028.gen Renamed C:\Documents and Settings\All Users\Dokument\Bilder\2004\20040501\20040501 021.jpg

Virus:Exploit/MS04-028.gen Renamed C:\Documents and Settings\All Users\Dokument\Bilder\2004\20040501\20040501 024.jpg

Virus:Exploit/MS04-028.gen Renamed C:\Documents and Settings\All Users\Dokument\Bilder\2004\20040501\20040501 034.jpg

Virus:Exploit/MS04-028.gen Renamed C:\Documents and Settings\All Users\Dokument\Bilder\2004\20040502\20040502 019.JPG

Virus:Exploit/MS04-028.gen Renamed C:\Documents and Settings\All Users\Dokument\Bilder\2004\20040508\20040508 009.jpg

Virus:Exploit/MS04-028.gen Renamed C:\Documents and Settings\All Users\Dokument\Bilder\2004\20040508\20040508 013.jpg

Virus:Exploit/MS04-028.gen Renamed C:\Documents and Settings\All Users\Dokument\Bilder\2004\20040508\20040508 017.jpg

Virus:Exploit/MS04-028.gen Renamed C:\Documents and Settings\All Users\Dokument\Bilder\2004\20040508\20040508 019.jpg

Virus:Exploit/MS04-028.gen Renamed C:\Documents and Settings\All Users\Dokument\Bilder\2004\20040509\20040508 008.jpg

Virus:Exploit/MS04-028.gen Renamed C:\Documents and Settings\All Users\Dokument\Bilder\2004\20040509\20040508 009.jpg

Virus:Exploit/MS04-028.gen Renamed C:\Documents and Settings\All Users\Dokument\Bilder\2004\20040509\20040508 013.jpg

Virus:Exploit/MS04-028.gen Renamed C:\Documents and Settings\All Users\Dokument\Bilder\2004\20040515 Yasuragi\20040515 Hasseludden 009.jpg

Virus:Exploit/MS04-028.gen Renamed C:\Documents and Settings\All Users\Dokument\Bilder\2004\20040520\PICT0760.JPG

Virus:Exploit/MS04-028.gen Renamed C:\Documents and Settings\All Users\Dokument\Bilder\2004\20040520\PICT0766.JPG

Virus:Exploit/MS04-028.gen Renamed C:\Documents and Settings\All Users\Dokument\Bilder\2004\20040520\PICT0768.JPG

Virus:Exploit/MS04-028.gen Renamed C:\Documents and Settings\All Users\Dokument\Bilder\2004\20040521\PICT0801.JPG

Virus:Exploit/MS04-028.gen Renamed C:\Documents and Settings\All Users\Dokument\Bilder\2004\20040521\PICT0869.JPG

Virus:Exploit/MS04-028.gen Renamed C:\Documents and Settings\All Users\Dokument\Bilder\2004\20040521\PICT0878.JPG

Virus:Exploit/MS04-028.gen Renamed C:\Documents and Settings\All Users\Dokument\Bilder\2004\20040522\PICT0893.JPG

Virus:Exploit/MS04-028.gen Renamed C:\Documents and Settings\All Users\Dokument\Bilder\2004\20040522\PICT0894.JPG

Virus:Exploit/MS04-028.gen Renamed C:\Documents and Settings\All Users\Dokument\Bilder\2004\20040522\PICT0895.JPG

Virus:Exploit/MS04-028.gen Renamed C:\Documents and Settings\All Users\Dokument\Bilder\2004\20040522\PICT0896.JPG

Virus:Exploit/MS04-028.gen Renamed C:\Documents and Settings\All Users\Dokument\Bilder\2004\20040522\PICT0897.JPG

Virus:Exploit/MS04-028.gen Renamed C:\Documents and Settings\All Users\Dokument\Bilder\2004\20040522\PICT0898.JPG

Virus:Exploit/MS04-028.gen Renamed C:\Documents and Settings\All Users\Dokument\Bilder\2004\20040522\PICT0915.JPG

Virus:Exploit/MS04-028.gen Renamed C:\Documents and Settings\All Users\Dokument\Bilder\2004\20040522\PICT0919.JPG

Virus:Exploit/MS04-028.gen Renamed C:\Documents and Settings\All Users\Dokument\Bilder\2004\20040522\PICT0920.JPG

Virus:Exploit/MS04-028.gen Renamed C:\Documents and Settings\All Users\Dokument\Bilder\2004\20040522\PICT0921.JPG

Virus:Exploit/MS04-028.gen Renamed C:\Documents and Settings\All Users\Dokument\Bilder\2004\20040522\PICT0922.JPG

Virus:Exploit/MS04-028.gen Renamed C:\Documents and Settings\All Users\Dokument\Bilder\2004\20040524 Notknixarna\20040524 015.jpg

Virus:Exploit/MS04-028.gen Renamed C:\Documents and Settings\All Users\Dokument\Bilder\2004\20040527 Hemvårdsassträff\PICT1012.JPG

Virus:Exploit/MS04-028.gen Renamed C:\Documents and Settings\All Users\Dokument\Bilder\2004\20040527 Hemvårdsassträff\PICT1014.JPG

Virus:Exploit/MS04-028.gen Renamed C:\Documents and Settings\All Users\Dokument\Bilder\2004\20040529\PICT1031.JPG

Virus:Exploit/MS04-028.gen Renamed C:\Documents and Settings\All Users\Dokument\Bilder\2004\20040530\PICT1048.JPG

Virus:Exploit/MS04-028.gen Renamed C:\Documents and Settings\All Users\Dokument\Bilder\2004\20040530\PICT1055.JPG

Virus:Exploit/MS04-028.gen Renamed C:\Documents and Settings\All Users\Dokument\Bilder\2004\20040531\PICT1092.JPG

Virus:Exploit/MS04-028.gen Renamed C:\Documents and Settings\All Users\Dokument\Bilder\2004\20040605 Maraton\PICT1299.JPG

Virus:Exploit/MS04-028.gen Renamed C:\Documents and Settings\All Users\Dokument\Bilder\2004\20040605 Maraton\PICT1301.JPG

Virus:Exploit/MS04-028.gen Renamed C:\Documents and Settings\All Users\Dokument\Bilder\2004\20040605 Maraton\PICT1303.JPG

Virus:Exploit/MS04-028.gen Renamed C:\Documents and Settings\All Users\Dokument\Bilder\2004\20040605 Maraton\PICT1304.JPG

Virus:Exploit/MS04-028.gen Renamed C:\Documents and Settings\All Users\Dokument\Bilder\2004\20040605 Maraton\PICT1307.JPG

Virus:Exploit/MS04-028.gen Renamed C:\Documents and Settings\All Users\Dokument\Bilder\2004\20040605 Maraton\PICT1309.JPG

Virus:Exploit/MS04-028.gen Renamed C:\Documents and Settings\All Users\Dokument\Bilder\2004\20040605 Maraton\PICT1319.JPG

Virus:Exploit/MS04-028.gen Renamed C:\Documents and Settings\All Users\Dokument\Bilder\2004\20040605 Maraton\PICT1323.JPG

Virus:Exploit/MS04-028.gen Renamed C:\Documents and Settings\All Users\Dokument\Bilder\2004\20040606 Emilia\PICT1391.JPG

Virus:Exploit/MS04-028.gen Renamed C:\Documents and Settings\All Users\Dokument\Bilder\2004\20040606 Emilia\PICT1392.JPG

Virus:Exploit/MS04-028.gen Renamed C:\Documents and Settings\All Users\Dokument\Bilder\2004\20040606 Emilia\PICT1396.JPG

Virus:Exploit/MS04-028.gen Renamed C:\Documents and Settings\All Users\Dokument\Bilder\2004\20040606 Emilia\PICT1428.JPG

Virus:Exploit/MS04-028.gen Renamed C:\Documents and Settings\All Users\Dokument\Bilder\2004\20040608\PICT1448.JPG

Virus:Exploit/MS04-028.gen Renamed C:\Documents and Settings\All Users\Dokument\Bilder\2004\20040608\PICT1449.JPG

Virus:Exploit/MS04-028.gen Renamed C:\Documents and Settings\All Users\Dokument\Bilder\2004\20040608\PICT1452.JPG

Virus:Exploit/MS04-028.gen Renamed C:\Documents and Settings\All Users\Dokument\Bilder\2004\20040609\PICT1475.JPG

Virus:Exploit/MS04-028.gen Renamed C:\Documents and Settings\All Users\Dokument\Bilder\2004\20040609\PICT1476.JPG

Virus:Exploit/MS04-028.gen Renamed C:\Documents and Settings\All Users\Dokument\Bilder\2004\20040613 Jarlaberg\PICT1536.JPG

Virus:Exploit/MS04-028.gen Renamed C:\Documents and Settings\All Users\Dokument\Bilder\2004\20040613 Jarlaberg\PICT1537.JPG

Virus:Exploit/MS04-028.gen Renamed C:\Documents and Settings\All Users\Dokument\Bilder\2004\20040613 Jarlaberg\PICT1544.JPG

Virus:Exploit/MS04-028.gen Renamed C:\Documents and Settings\All Users\Dokument\Bilder\2004\20040706\PICT2110.JPG

Virus:Exploit/MS04-028.gen Renamed C:\Documents and Settings\All Users\Dokument\Bilder\2004\20040706\PICT2115.JPG

Virus:Exploit/MS04-028.gen Renamed C:\Documents and Settings\All Users\Dokument\Bilder\2004\20040706\PICT2116.JPG

Virus:Exploit/MS04-028.gen Renamed C:\Documents and Settings\All Users\Dokument\Bilder\2004\20040706\PICT2120.JPG

Virus:Exploit/MS04-028.gen Renamed C:\Documents and Settings\All Users\Dokument\Bilder\2004\20040706\PICT2125.JPG

Virus:Exploit/MS04-028.gen Renamed C:\Documents and Settings\All Users\Dokument\Bilder\2004\20040706\PICT2128.JPG

Virus:Exploit/MS04-028.gen Renamed C:\Documents and Settings\All Users\Dokument\Bilder\2004\20040706\PICT2130.JPG

Virus:Exploit/MS04-028.gen Renamed C:\Documents and Settings\All Users\Dokument\Bilder\2004\20040706\PICT2135.JPG

Virus:Exploit/MS04-028.gen Renamed C:\Documents and Settings\All Users\Dokument\Bilder\2004\20040706\PICT2140.JPG

Virus:Exploit/MS04-028.gen Renamed C:\Documents and Settings\All Users\Dokument\Bilder\2004\20040707\PICT2172.JPG

Virus:Exploit/MS04-028.gen Renamed C:\Documents and Settings\All Users\Dokument\Bilder\2004\20040711\PICT2222.JPG

Virus:Exploit/MS04-028.gen Renamed C:\Documents and Settings\All Users\Dokument\Bilder\2004\20040714\PICT2258.JPG

Virus:Exploit/MS04-028.gen Renamed C:\Documents and Settings\All Users\Dokument\Bilder\2004\20040801 Odensåker\PICT2360.JPG

Virus:Exploit/MS04-028.gen Renamed C:\Documents and Settings\All Users\Dokument\Bilder\2004\20040804 Danmark\PICT2411.JPG

Virus:Exploit/MS04-028.gen Renamed C:\Documents and Settings\All Users\Dokument\Bilder\2004\20040804 Danmark\PICT2414.JPG

Virus:Exploit/MS04-028.gen Renamed C:\Documents and Settings\All Users\Dokument\Bilder\2004\20040810 Nämdöfjärden Ove o Solveig\PICT2436.JPG

Virus:Exploit/MS04-028.gen Renamed C:\Documents and Settings\All Users\Dokument\Bilder\2004\20040814\PICT2450.JPG

Virus:Exploit/MS04-028.gen Renamed C:\Documents and Settings\All Users\Dokument\Bilder\2004\20040904\PICT2496.JPG

Virus:Exploit/MS04-028.gen Renamed C:\Documents and Settings\All Users\Dokument\Bilder\2004\20040904\PICT2497.JPG

Virus:Exploit/MS04-028.gen Renamed C:\Documents and Settings\All Users\Dokument\Bilder\2004\20040904\PICT2510.JPG

Virus:Exploit/MS04-028.gen Renamed C:\Documents and Settings\All Users\Dokument\Bilder\2004\20040908 Vi-kryssning\PICT2537.JPG

Virus:Exploit/MS04-028.gen Renamed C:\Documents and Settings\All Users\Dokument\Bilder\2004\20040908 Vi-kryssning\PICT2539.JPG

Virus:Exploit/MS04-028.gen Renamed C:\Documents and Settings\All Users\Dokument\Bilder\2004\20040908 Vi-kryssning\PICT2540.JPG

Virus:Exploit/MS04-028.gen Renamed C:\Documents and Settings\All Users\Dokument\Bilder\2004\20040908 Vi-kryssning\PICT2545.JPG

Virus:Exploit/MS04-028.gen Renamed C:\Documents and Settings\All Users\Dokument\Bilder\2004\20040908 Vi-kryssning\PICT2546.JPG

Virus:Exploit/MS04-028.gen Renamed C:\Documents and Settings\All Users\Dokument\Bilder\2004\20040908 Vi-kryssning\PICT2547.JPG

Virus:Exploit/MS04-028.gen Renamed C:\Documents and Settings\All Users\Dokument\Bilder\2004\20040925\PICT2574.JPG

Virus:Exploit/MS04-028.gen Renamed C:\Documents and Settings\All Users\Dokument\Bilder\2004\20040925\PICT2580.JPG

Virus:Exploit/MS04-028.gen Renamed C:\Documents and Settings\All Users\Dokument\Bilder\2004\20040925\PICT2582.JPG

Virus:Exploit/MS04-028.gen Renamed C:\Documents and Settings\All Users\Dokument\Bilder\2004\20040925\PICT2589.JPG

Virus:Exploit/MS04-028.gen Renamed C:\Documents and Settings\All Users\Dokument\Bilder\2004\20040925\PICT2599.JPG

Virus:Exploit/MS04-028.gen Renamed C:\Documents and Settings\All Users\Dokument\Bilder\2004\20040925\PICT2600.JPG

Virus:Exploit/MS04-028.gen Renamed C:\Documents and Settings\All Users\Dokument\Bilder\2004\20040925\PICT2644.JPG

Virus:Exploit/MS04-028.gen Renamed C:\Documents and Settings\All Users\Dokument\Bilder\2004\20040925\PICT2648.JPG

Virus:Exploit/MS04-028.gen Renamed C:\Documents and Settings\All Users\Dokument\Bilder\2004\20040930\20041002 001.jpg

Virus:Exploit/MS04-028.gen Renamed C:\Documents and Settings\All Users\Dokument\Bilder\2004\20041002\20041002 025.jpg

Virus:Exploit/MS04-028.gen Renamed C:\Documents and Settings\All Users\Dokument\Bilder\2004\20041003\PICT2814.JPG

Virus:Exploit/MS04-028.gen Renamed C:\Documents and Settings\All Users\Dokument\Bilder\2004\Tårtor\Påskafton 2004 025.jpg

Virus:Exploit/MS04-028.gen Renamed C:\Documents and Settings\All Users\Dokument\Bilder\2004\Tårtor\Påskafton 2004 026.jpg

Virus:Exploit/MS04-028.gen Renamed C:\Documents and Settings\All Users\Dokument\Bilder\2004\Tårtor\Påskafton 2004 027.jpg

Virus:Exploit/MS04-028.gen Renamed C:\Documents and Settings\All Users\Dokument\Bilder\2004\Usa\20040615\PICT1563.JPG

Virus:Exploit/MS04-028.gen Renamed C:\Documents and Settings\All Users\Dokument\Bilder\2004\Usa\20040615\PICT1568.JPG

Virus:Exploit/MS04-028.gen Renamed C:\Documents and Settings\All Users\Dokument\Bilder\2004\Usa\20040615\PICT1569.JPG

Virus:Exploit/MS04-028.gen Renamed C:\Documents and Settings\All Users\Dokument\Bilder\2004\Usa\20040615\PICT1570.JPG

Virus:Exploit/MS04-028.gen Renamed C:\Documents and Settings\All Users\Dokument\Bilder\2004\Usa\20040615\PICT1571.JPG

Virus:Exploit/MS04-028.gen Renamed C:\Documents and Settings\All Users\Dokument\Bilder\2004\Usa\20040616\PICT1604.JPG

Virus:Exploit/MS04-028.gen Renamed C:\Documents and Settings\All Users\Dokument\Bilder\2004\Usa\20040617\PICT1619.JPG

Virus:Exploit/MS04-028.gen Renamed C:\Documents and Settings\All Users\Dokument\Bilder\2004\Usa\20040617\PICT1621.JPG

Virus:Exploit/MS04-028.gen Renamed C:\Documents and Settings\All Users\Dokument\Bilder\2004\Usa\20040617\PICT1624.JPG

Virus:Exploit/MS04-028.gen Renamed C:\Documents and Settings\All Users\Dokument\Bilder\2004\Usa\20040617\PICT1625.JPG

Virus:Exploit/MS04-028.gen Renamed C:\Documents and Settings\All Users\Dokument\Bilder\2004\Usa\20040617\PICT1626.JPG

Virus:Exploit/MS04-028.gen Renamed C:\Documents and Settings\All Users\Dokument\Bilder\2004\Usa\20040618\PICT1635.JPG

Virus:Exploit/MS04-028.gen Renamed C:\Documents and Settings\All Users\Dokument\Bilder\2004\Usa\20040620\PICT1696.JPG

Virus:Exploit/MS04-028.gen Renamed C:\Documents and Settings\All Users\Dokument\Bilder\2004\Usa\20040620\PICT1699.JPG

Virus:Exploit/MS04-028.gen Renamed C:\Documents and Settings\All Users\Dokument\Bilder\2004\Usa\20040621\PICT1738.JPG

Virus:Exploit/MS04-028.gen Renamed C:\Documents and Settings\All Users\Dokument\Bilder\2004\Usa\20040621\PICT1741.JPG

Virus:Exploit/MS04-028.gen Renamed C:\Documents and Settings\All Users\Dokument\Bilder\2004\Usa\20040621\PICT1742.JPG

Virus:Exploit/MS04-028.gen Renamed C:\Documents and Settings\All Users\Dokument\Bilder\2004\Usa\20040621\PICT1757.JPG

Virus:Exploit/MS04-028.gen Renamed C:\Documents and Settings\All Users\Dokument\Bilder\2004\Usa\20040622\PICT1764.JPG

Virus:Exploit/MS04-028.gen Renamed C:\Documents and Settings\All Users\Dokument\Bilder\2004\Usa\20040622\PICT1771.JPG

Virus:Exploit/MS04-028.gen Renamed C:\Documents and Settings\All Users\Dokument\Bilder\2004\Usa\20040622\PICT1775.JPG

Virus:Exploit/MS04-028.gen Renamed C:\Documents and Settings\All Users\Dokument\Bilder\2004\Usa\20040622\PICT1776.JPG

Virus:Exploit/MS04-028.gen Renamed C:\Documents and Settings\All Users\Dokument\Bilder\2004\Usa\20040622\PICT1781.JPG

Virus:Exploit/MS04-028.gen Renamed C:\Documents and Settings\All Users\Dokument\Bilder\2004\Usa\20040622\PICT1802.JPG

Virus:Exploit/MS04-028.gen Renamed C:\Documents and Settings\All Users\Dokument\Bilder\2004\Usa\20040622\PICT1807.JPG

Virus:Exploit/MS04-028.gen Renamed C:\Documents and Settings\All Users\Dokument\Bilder\2004\Usa\20040622\PICT1808.JPG

Virus:Exploit/MS04-028.gen Renamed C:\Documents and Settings\All Users\Dokument\Bilder\2004\Usa\20040623\PICT1824.JPG

Virus:Exploit/MS04-028.gen Renamed C:\Documents and Settings\All Users\Dokument\Bilder\2004\Usa\20040623\PICT1843.JPG

Virus:Exploit/MS04-028.gen Renamed C:\Documents and Settings\All Users\Dokument\Bilder\2004\Usa\20040624\PICT1854.JPG

Virus:Exploit/MS04-028.gen Renamed C:\Documents and Settings\All Users\Dokument\Bilder\2004\Usa\20040624\PICT1859.JPG

Virus:Exploit/MS04-028.gen Renamed C:\Documents and Settings\All Users\Dokument\Bilder\2004\Usa\20040624\PICT1869.JPG

Virus:Exploit/MS04-028.gen Renamed C:\Documents and Settings\All Users\Dokument\Bilder\2004\Usa\20040624\PICT1870.JPG

Virus:Exploit/MS04-028.gen Renamed C:\Documents and Settings\All Users\Dokument\Bilder\2004\Usa\20040625\PICT1886.JPG

Virus:Exploit/MS04-028.gen Renamed C:\Documents and Settings\All Users\Dokument\Bilder\2004\Usa\20040625\PICT1890.JPG

Virus:Exploit/MS04-028.gen Renamed C:\Documents and Settings\All Users\Dokument\Bilder\2004\Usa\20040625\PICT1895.JPG

Virus:Exploit/MS04-028.gen Renamed C:\Documents and Settings\All Users\Dokument\Bilder\2004\Usa\20040625\PICT1896.JPG

Virus:Exploit/MS04-028.gen Renamed C:\Documents and Settings\All Users\Dokument\Bilder\2004\Usa\20040626\PICT1917.JPG

Virus:Exploit/MS04-028.gen Renamed C:\Documents and Settings\All Users\Dokument\Bilder\2004\Usa\20040626\PICT1922.JPG

Virus:Exploit/MS04-028.gen Renamed C:\Documents and Settings\All Users\Dokument\Bilder\2004\Usa\20040626\PICT1926.JPG

Virus:Exploit/MS04-028.gen Renamed C:\Documents and Settings\All Users\Dokument\Bilder\2004\Usa\20040627\PICT1974.JPG

Virus:Exploit/MS04-028.gen Renamed C:\Documents and Settings\All Users\Dokument\Bilder\2004\Usa\20040628\PICT1999.JPG

Virus:Exploit/MS04-028.gen Renamed C:\Documents and Settings\All Users\Dokument\Bilder\2004\Usa\20040628\PICT2002.JPG

Virus:Exploit/MS04-028.gen Renamed C:\Documents and Settings\All Users\Dokument\Bilder\2004\Usa\20040629\PICT2004.JPG

Virus:Exploit/MS04-028.gen Renamed C:\Documents and Settings\All Users\Dokument\Bilder\2004\Usa\20040629\PICT2007.JPG

Virus:Exploit/MS04-028.gen Renamed C:\Documents and Settings\All Users\Dokument\Bilder\2004\Usa\20040629\PICT2012.JPG

Virus:Exploit/MS04-028.gen Renamed C:\Documents and Settings\All Users\Dokument\Bilder\2004\Usa\20040629\PICT2013.JPG

Virus:Exploit/MS04-028.gen Renamed C:\Documents and Settings\All Users\Dokument\Bilder\2004\Usa\20040629\PICT2014.JPG

Virus:Exploit/MS04-028.gen Renamed C:\Documents and Settings\All Users\Dokument\Bilder\2004\Usa\20040701\PICT2056.JPG

Virus:Exploit/MS04-028.gen Renamed C:\Documents and Settings\All Users\Dokument\Bilder\2004\Usa\20040701\PICT2057.JPG

Virus:Exploit/MS04-028.gen Renamed C:\Documents and Settings\All Users\Dokument\Bilder\2004\Usa\20040702\PICT2062.JPG

Virus:Exploit/MS04-028.gen Renamed C:\Documents and Settings\All Users\Dokument\Bilder\2004\Usa\20040702\PICT2070.JPG

Virus:Exploit/MS04-028.gen Renamed C:\Documents and Settings\All Users\Dokument\Bilder\2004\Usa\20040702\PICT2072.JPG

Virus:Exploit/MS04-028.gen Renamed C:\Documents and Settings\All Users\Dokument\Bilder\2004\Usa\20040702\PICT2073.JPG

Virus:Exploit/MS04-028.gen Renamed C:\Documents and Settings\All Users\Dokument\Bilder\2004\Usa\20040702\PICT2074.JPG

Virus:Exploit/MS04-028.gen Renamed C:\Documents and Settings\All Users\Dokument\Bilder\2004\Usa\20040702\PICT2075.JPG

Virus:Exploit/MS04-028.gen Renamed C:\Documents and Settings\All Users\Dokument\Bilder\2004\Usa\20040702\PICT2076.JPG

Virus:Exploit/MS04-028.gen Renamed C:\Documents and Settings\All Users\Dokument\Bilder\2004\Usa\20040702\PICT2077.JPG

Virus:Exploit/MS04-028.gen Renamed C:\Documents and Settings\All Users\Dokument\Bilder\2004\Usa\20040702\PICT2079.JPG

Virus:Exploit/MS04-028.gen Renamed C:\Documents and Settings\All Users\Dokument\Bilder\2004\Usa\20040702\PICT2081.JPG

Virus:Exploit/MS04-028.gen Renamed C:\Documents and Settings\All Users\Dokument\Bilder\2004\Usa\20040702\PICT2082.JPG

Virus:Exploit/MS04-028.gen Renamed C:\Documents and Settings\All Users\Dokument\Bilder\2004\Usa\20040702\PICT2083.JPG

Virus:Exploit/MS04-028.gen Renamed C:\Documents and Settings\All Users\Dokument\Bilder\2004\Usa\20040702\PICT2084.JPG

Virus:Exploit/MS04-028.gen Renamed C:\Documents and Settings\All Users\Dokument\Bilder\2004\Usa\20040702\PICT2086.JPG

Virus:Exploit/MS04-028.gen Renamed C:\Documents and Settings\All Users\Dokument\Bilder\2004\Usa\20040702\PICT2088.JPG

Virus:Exploit/MS04-028.gen Renamed C:\Documents and Settings\All Users\Dokument\Bilder\2004\Usa\20040702\PICT2089.JPG

Virus:Exploit/MS04-028.gen Renamed C:\Documents and Settings\All Users\Dokument\Bilder\2004\Usa\20040702\PICT2090.JPG

Virus:Exploit/MS04-028.gen Renamed C:\Documents and Settings\All Users\Dokument\Bilder\2004\Usa\20040702\PICT2091.JPG

Virus:Exploit/MS04-028.gen Renamed C:\Documents and Settings\All Users\Dokument\Bilder\2004\Usa\20040702\PICT2092.JPG

Virus:Exploit/MS04-028.gen Renamed C:\Documents and Settings\All Users\Dokument\Bilder\2004\Usa\20040702\PICT2093.JPG

Virus:Exploit/MS04-028.gen Renamed C:\Documents and Settings\All Users\Dokument\Bilder\2004\Usa\20040702\PICT2094.JPG

Virus:Exploit/MS04-028.gen Renamed C:\Documents and Settings\All Users\Dokument\Bilder\2004\Usa\tillfällig\PICT1563.JPG

Virus:Exploit/MS04-028.gen Renamed C:\Documents and Settings\All Users\Dokument\Bilder\2004\Usa\tillfällig\PICT1570.JPG

Virus:Exploit/MS04-028.gen Renamed C:\Documents and Settings\All Users\Dokument\Bilder\2004\Usa\tillfällig\PICT1571.JPG

Virus:Exploit/MS04-028.gen Renamed C:\Documents and Settings\All Users\Dokument\Bilder\2004\Usa\tillfällig\PICT1604.JPG

Virus:Exploit/MS04-028.gen Renamed C:\Documents and Settings\All Users\Dokument\Bilder\2004\Usa\tillfällig\PICT1619.JPG

Virus:Exploit/MS04-028.gen Renamed C:\Documents and Settings\All Users\Dokument\Bilder\2004\Usa\tillfällig\PICT1621.JPG

Virus:Exploit/MS04-028.gen Renamed C:\Documents and Settings\All Users\Dokument\Bilder\2004\Usa\tillfällig\PICT1624.JPG

Virus:Exploit/MS04-028.gen Renamed C:\Documents and Settings\All Users\Dokument\Bilder\2004\Usa\tillfällig\PICT1626.JPG

Virus:Exploit/MS04-028.gen Renamed C:\Documents and Settings\All Users\Dokument\Bilder\2004\Usa\tillfällig\PICT1635.JPG

Virus:Exploit/MS04-028.gen Renamed C:\Documents and Settings\All Users\Dokument\Bilder\2004\Usa\tillfällig\PICT1696.JPG

Virus:Exploit/MS04-028.gen Renamed C:\Documents and Settings\All Users\Dokument\Bilder\2004\Usa\tillfällig\PICT1738.JPG

Virus:Exploit/MS04-028.gen Renamed C:\Documents and Settings\All Users\Dokument\Bilder\2004\Usa\tillfällig\PICT1741.JPG

Virus:Exploit/MS04-028.gen Renamed C:\Documents and Settings\All Users\Dokument\Bilder\2004\Usa\tillfällig\PICT1757.JPG

Virus:Exploit/MS04-028.gen Renamed C:\Documents and Settings\All Users\Dokument\Bilder\2004\Usa\tillfällig\PICT1764.JPG

Virus:Exploit/MS04-028.gen Renamed C:\Documents and Settings\All Users\Dokument\Bilder\2004\Usa\tillfällig\PICT1771.JPG

Virus:Exploit/MS04-028.gen Renamed C:\Documents and Settings\All Users\Dokument\Bilder\2004\Usa\tillfällig\PICT1775.JPG

Virus:Exploit/MS04-028.gen Renamed C:\Documents and Settings\All Users\Dokument\Bilder\2004\Usa\tillfällig\PICT1776.JPG

Virus:Exploit/MS04-028.gen Renamed C:\Documents and Settings\All Users\Dokument\Bilder\2004\Usa\tillfällig\PICT1781.JPG

Virus:Exploit/MS04-028.gen Renamed C:\Documents and Settings\All Users\Dokument\Bilder\2004\Usa\tillfällig\PICT1802.JPG

Virus:Exploit/MS04-028.gen Renamed C:\Documents and Settings\All Users\Dokument\Bilder\2004\Usa\tillfällig\PICT1807.JPG

Virus:Exploit/MS04-028.gen Renamed C:\Documents and Settings\All Users\Dokument\Bilder\2004\Usa\tillfällig\PICT1808.JPG

Virus:Exploit/MS04-028.gen Renamed C:\Documents and Settings\All Users\Dokument\Bilder\2004\Usa\tillfällig\PICT1824.JPG

Virus:Exploit/MS04-028.gen Renamed C:\Documents and Settings\All Users\Dokument\Bilder\2004\Usa\tillfällig\PICT1843.JPG

Virus:Exploit/MS04-028.gen Renamed C:\Documents and Settings\All Users\Dokument\Bilder\2004\Usa\tillfällig\PICT1854.JPG

Virus:Exploit/MS04-028.gen Renamed C:\Documents and Settings\All Users\Dokument\Bilder\2004\Usa\tillfällig\PICT1869.JPG

Virus:Exploit/MS04-028.gen Renamed C:\Documents and Settings\All Users\Dokument\Bilder\2004\Usa\tillfällig\PICT1870.JPG

Virus:Exploit/MS04-028.gen Renamed C:\Documents and Settings\All Users\Dokument\Bilder\2004\Usa\tillfällig\PICT1886.JPG

Virus:Exploit/MS04-028.gen Renamed C:\Documents and Settings\All Users\Dokument\Bilder\2004\Usa\tillfällig\PICT1890.JPG

Virus:Exploit/MS04-028.gen Renamed C:\Documents and Settings\All Users\Dokument\Bilder\2004\Usa\tillfällig\PICT1896.JPG

Virus:Exploit/MS04-028.gen Renamed C:\Documents and Settings\All Users\Dokument\Bilder\2004\Usa\tillfällig\PICT1917.JPG

Virus:Exploit/MS04-028.gen Renamed C:\Documents and Settings\All Users\Dokument\Bilder\2004\Usa\tillfällig\PICT1926.JPG

Virus:Exploit/MS04-028.gen Renamed C:\Documents and Settings\All Users\Dokument\Bilder\2004\Usa\tillfällig\PICT1974.JPG

Virus:Exploit/MS04-028.gen Renamed C:\Documents and Settings\All Users\Dokument\Bilder\2004\Usa\tillfällig\PICT1999.JPG

Virus:Exploit/MS04-028.gen Renamed C:\Documents and Settings\All Users\Dokument\Bilder\2004\Usa\tillfällig\PICT2002.JPG

Virus:Exploit/MS04-028.gen Renamed C:\Documents and Settings\All Users\Dokument\Bilder\2004\Usa\tillfällig\PICT2004.JPG

Virus:Exploit/MS04-028.gen Renamed C:\Documents and Settings\All Users\Dokument\Bilder\2004\Usa\tillfällig\PICT2007.JPG

Virus:Exploit/MS04-028.gen Renamed C:\Documents and Settings\All Users\Dokument\Bilder\2004\Usa\tillfällig\PICT2012.JPG

Virus:Exploit/MS04-028.gen Renamed C:\Documents and Settings\All Users\Dokument\Bilder\2004\Usa\tillfällig\PICT2013.JPG

Virus:Exploit/MS04-028.gen Renamed C:\Documents and Settings\All Users\Dokument\Bilder\2004\Usa\tillfällig\PICT2014.JPG

Virus:Exploit/MS04-028.gen Renamed C:\Documents and Settings\All Users\Dokument\Bilder\2004\Usa\tillfällig\PICT2056.JPG

Virus:Exploit/MS04-028.gen Renamed C:\Documents and Settings\All Users\Dokument\Bilder\2004\Usa\tillfällig\PICT2057.JPG

Virus:Exploit/MS04-028.gen Renamed C:\Documents and Settings\All Users\Dokument\Bilder\2004\Usa\tillfällig\PICT2062.JPG

Virus:Exploit/MS04-028.gen Renamed C:\Documents and Settings\All Users\Dokument\Bilder\2004\Usa\tillfällig\PICT2070.JPG

Virus:Exploit/MS04-028.gen Renamed C:\Documents and Settings\All Users\Dokument\Bilder\2004\Usa\tillfällig\PICT2072.JPG

Virus:Exploit/MS04-028.gen Renamed C:\Documents and Settings\All Users\Dokument\Bilder\2004\Usa\tillfällig\PICT2073.JPG

Virus:Exploit/MS04-028.gen Renamed C:\Documents and Settings\All Users\Dokument\Bilder\2004\Usa\tillfällig\PICT2074.JPG

Virus:Exploit/MS04-028.gen Renamed C:\Documents and Settings\All Users\Dokument\Bilder\2004\Usa\tillfällig\PICT2075.JPG

Virus:Exploit/MS04-028.gen Renamed C:\Documents and Settings\All Users\Dokument\Bilder\2004\Usa\tillfällig\PICT2076.JPG

Virus:Exploit/MS04-028.gen Renamed C:\Documents and Settings\All Users\Dokument\Bilder\2004\Usa\tillfällig\PICT2077.JPG

Virus:Exploit/MS04-028.gen Renamed C:\Documents and Settings\All Users\Dokument\Bilder\2004\Usa\tillfällig\PICT2079.JPG

Virus:Exploit/MS04-028.gen Renamed C:\Documents and Settings\All Users\Dokument\Bilder\2004\Usa\tillfällig\PICT2081.JPG

Virus:Exploit/MS04-028.gen Renamed C:\Documents and Settings\All Users\Dokument\Bilder\2004\Usa\tillfällig\PICT2082.JPG

Virus:Exploit/MS04-028.gen Renamed C:\Documents and Settings\All Users\Dokument\Bilder\2004\Usa\tillfällig\PICT2083.JPG

Virus:Exploit/MS04-028.gen Renamed C:\Documents and Settings\All Users\Dokument\Bilder\2004\Usa\tillfällig\PICT2084.JPG

Virus:Exploit/MS04-028.gen Renamed C:\Documents and Settings\All Users\Dokument\Bilder\2004\Usa\tillfällig\PICT2086.JPG

Virus:Exploit/MS04-028.gen Renamed C:\Documents and Settings\All Users\Dokument\Bilder\2004\Usa\tillfällig\PICT2088.JPG

Virus:Exploit/MS04-028.gen Renamed C:\Documents and Settings\All Users\Dokument\Bilder\2004\Usa\tillfällig\PICT2089.JPG

Virus:Exploit/MS04-028.gen Renamed C:\Documents and Settings\All Users\Dokument\Bilder\2004\Usa\tillfällig\PICT2090.JPG

Virus:Exploit/MS04-028.gen Renamed C:\Documents and Settings\All Users\Dokument\Bilder\2004\Usa\tillfällig\PICT2091.JPG

Virus:Exploit/MS04-028.gen Renamed C:\Documents and Settings\All Users\Dokument\Bilder\2004\Usa\tillfällig\PICT2092.JPG

Virus:Exploit/MS04-028.gen Renamed C:\Documents and Settings\All Users\Dokument\Bilder\2004\Usa\tillfällig\PICT2093.JPG

Virus:Exploit/MS04-028.gen Renamed C:\Documents and Settings\All Users\Dokument\Bilder\2004\Usa\tillfällig\PICT2094.JPG

Virus:Exploit/MS04-028.gen Renamed C:\Documents and Settings\All Users\Dokument\Bilder\Tillfällig för att göra papperskopior\PICT1635.JPG

Virus:Exploit/MS04-028.gen Renamed C:\Documents and Settings\All Users\Dokument\Bilder\Tillfällig för att göra papperskopior\PICT1699.JPG

Virus:Exploit/MS04-028.gen Renamed C:\Documents and Settings\All Users\Dokument\Bilder\Tillfällig för att göra papperskopior\PICT1738.JPG

Virus:Exploit/MS04-028.gen Renamed C:\Documents and Settings\All Users\Dokument\Bilder\Tillfällig för att göra papperskopior\PICT1742.JPG

Virus:Exploit/MS04-028.gen Renamed C:\Documents and Settings\All Users\Dokument\Bilder\Tillfällig för att göra papperskopior\PICT1757.JPG

Virus:Exploit/MS04-028.gen Renamed C:\Documents and Settings\All Users\Dokument\Bilder\Tillfällig för att göra papperskopior\PICT1764.JPG

Virus:Exploit/MS04-028.gen Renamed C:\Documents and Settings\All Users\Dokument\Bilder\Tillfällig för att göra papperskopior\PICT1771.JPG

Virus:Exploit/MS04-028.gen Renamed C:\Documents and Settings\All Users\Dokument\Bilder\Tillfällig för att göra papperskopior\PICT1896.JPG

Virus:Exploit/MS04-028.gen Renamed C:\Documents and Settings\All Users\Dokument\Bilder\Tillfällig för att göra papperskopior\PICT1974.JPG

Virus:Exploit/MS04-028.gen Renamed C:\Documents and Settings\All Users\Dokument\Bilder\Tillfällig för att göra papperskopior\PICT2014.JPG

Virus:Exploit/MS04-028.gen Renamed C:\Documents and Settings\All Users\Dokument\Bilder\Tillfällig för att göra papperskopior\PICT2062.JPG

Virus:Exploit/MS04-028.gen Renamed C:\Documents and Settings\All Users\Dokument\Bilder\Vilans skola\2004\20040512 Treor Gamla stan\20040512 Gamla stan med treorna 010.jpg

Virus:Exploit/MS04-028.gen Renamed C:\Documents and Settings\All Users\Dokument\Bilder\Vilans skola\2004\20040512 Treor Gamla stan\20040512 Gamla stan med treorna 021.jpg

Virus:Exploit/MS04-028.gen Renamed C:\Documents and Settings\All Users\Dokument\Bilder\Vilans skola\2004\20040512 Treor Gamla stan\20040512 Gamla stan med treorna 042.jpg

Virus:Exploit/MS04-028.gen Renamed C:\Documents and Settings\All Users\Dokument\Bilder\Vilans skola\2004\Friluftsdag 29 september Björknäs lågstadiet\PICT2707.JPG

Virus:Exploit/MS04-028.gen Renamed C:\Documents and Settings\All Users\Dokument\Bilder\Vilans skola\2004\Friluftsdag 29 september Björknäs lågstadiet\PICT2715.JPG

Virus:Exploit/MS04-028.gen Renamed C:\Documents and Settings\All Users\Dokument\Bilder\Vilans skola\Learning by sharing\Nacka\200406011140.JPG

Virus:Exploit/MS04-028.gen Renamed C:\Documents and Settings\All Users\Dokument\Bilder\Vilans skola\Learning by sharing\Nacka\200406021161.JPG

Virus:Exploit/MS04-028.gen Renamed C:\Documents and Settings\All Users\Dokument\Bilder\Vilans skola\Learning by sharing\Nacka\200406021166.JPG

Virus:Exploit/MS04-028.gen Renamed C:\Documents and Settings\All Users\Dokument\Bilder\Vilans skola\Learning by sharing\Nacka\200406021172.JPG

Virus:Exploit/MS04-028.gen Renamed C:\Documents and Settings\All Users\Dokument\Bilder\Vilans skola\Learning by sharing\Nacka\200406021178.JPG

Virus:Exploit/MS04-028.gen Renamed C:\Documents and Settings\All Users\Dokument\Bilder\Vilans skola\Learning by sharing\Nacka\20040605200404051275.JPG

Virus:Exploit/MS04-028.gen Renamed C:\Documents and Settings\All Users\Dokument\Bilder\Vilans skola\Learning by sharing\Nacka\20040605200404051276.JPG

Virus:Exploit/MS04-028.gen Renamed C:\Documents and Settings\All Users\Dokument\Bilder\Vilans skola\Learning by sharing\Nacka\20040605200404051277.JPG

Virus:Exploit/MS04-028.gen Renamed C:\Documents and Settings\All Users\Dokument\Bilder\Vilans skola\Learning by sharing\Nacka\20040605200404051278.JPG

Virus:Exploit/MS04-028.gen Renamed C:\Documents and Settings\All Users\Dokument\Bilder\Vilans skola\Learning by sharing\Polen\2003-05-28\20030528 038.jpg

Virus:Exploit/MS04-028.gen Renamed C:\Documents and Settings\All Users\Dokument\Bilder\Vilans skola\Learning by sharing\Polen\2003-05-30\20030530 Polen 050.jpg

Virus:Bck/Prorat.D Disinfected C:\WINDOWS\services.exe

Virus:Bck/Prorat.D Disinfected C:\WINDOWS\system\sservice.exe

Virus:Bck/Prorat.D Disinfected C:\WINDOWS\system32\fservice.exe

Virus:Bck/Vicer.A Renamed C:\WINDOWS\system32\wininv.dll

Virus:Bck/Prorat.A Renamed C:\WINDOWS\system32\winkey.dll [/log]

 

Scannade sedan tre gånger med AdAware (samma "critical object" hittades alla tre gångerna, tots att jag raderade det varje gång),

jag bifogar den sista loggen:

[log]

Ad-Aware SE Build 1.05

Logfile Created on:den 19 oktober 2004 22:30:34

Created with Ad-Aware SE Personal, free for private use.

Using definitions file:SE1R13 16.10.2004

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

 

References detected during the scan:

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Windows(TAC index:3):1 total references

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

 

Definition File:

=========================

Definitions File Loaded:

Reference Number : SE1R13 16.10.2004

Internal build : 18

File location : C:\Program\Lavasoft\Ad-Aware SE Personal\defs.ref

File size : 363648 Bytes

Total size : 1150665 Bytes

Signature data size : 1124607 Bytes

Reference data size : 25546 Bytes

Signatures total : 31779

Fingerprints total : 291

Fingerprints size : 12292 Bytes

Target categories : 15

Target families : 589

 

 

Memory + processor status:

==========================

Number of processors : 2

Processor architecture : Intel Pentium IV

Memory available:66 %

Total physical memory:1047532 kb

Available physical memory:689484 kb

Total page file size:2524080 kb

Available on page file:2252700 kb

Total virtual memory:2097024 kb

Available virtual memory:2048040 kb

OS:Microsoft Windows XP Home Edition Service Pack 1 (Build 2600)

 

Ad-Aware SE Settings

===========================

Set : Safe mode (always request confirmation)

Set : Scan active processes

Set : Scan registry

Set : Deep-scan registry

Set : Scan my IE Favorites for banned URLs

Set : Scan my Hosts file

 

Extended Ad-Aware SE Settings

===========================

Set : Unload recognized processes & modules during scan

Set : Scan registry for all users instead of current user only

Set : Always try to unload modules before deletion

Set : During removal, unload Explorer and IE if necessary

Set : Let Windows remove files in use at next reboot

Set : Delete quarantined objects after restoring

Set : Include basic Ad-Aware settings in log file

Set : Include additional Ad-Aware settings in log file

Set : Include reference summary in log file

Set : Include alternate data stream details in log file

Set : Play sound at scan completion if scan locates critical objects

 

 

2004-10-19 22:30:34 - Scan started. (Full System Scan)

 

Listing running processes

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

 

#:1 [smss.exe]

FilePath : \SystemRoot\System32 ProcessID : 724

ThreadCreationTime : 2004-10-19 20:29:32

BasePriority : Normal

 

 

#:2 [csrss.exe]

FilePath : \??\C:\WINDOWS\system32 ProcessID : 772

ThreadCreationTime : 2004-10-19 20:29:33

BasePriority : Normal

 

 

#:3 [winlogon.exe]

FilePath : \??\C:\WINDOWS\system32 ProcessID : 796

ThreadCreationTime : 2004-10-19 20:29:34

BasePriority : High

 

 

#:4 [services.exe]

FilePath : C:\WINDOWS\system32 ProcessID : 840

ThreadCreationTime : 2004-10-19 20:29:34

BasePriority : Normal

FileVersion : 5.1.2600.0 (xpclient.010817-1148)

ProductVersion : 5.1.2600.0

ProductName : Operativsystemet Microsoft® Windows®

CompanyName : Microsoft Corporation

FileDescription : Tjänst- och styrenhetsprogram

InternalName : services.exe

LegalCopyright : © Microsoft Corporation. Med ensamrätt.

OriginalFilename : services.exe

 

#:5 [lsass.exe]

FilePath : C:\WINDOWS\system32 ProcessID : 852

ThreadCreationTime : 2004-10-19 20:29:34

BasePriority : Normal

FileVersion : 5.1.2600.1106 (xpsp1.020828-1920)

ProductVersion : 5.1.2600.1106

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : LSA Shell (Export Version)

InternalName : lsass.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : lsass.exe

 

#:6 [svchost.exe]

FilePath : C:\WINDOWS\system32 ProcessID : 1080

ThreadCreationTime : 2004-10-19 20:29:36

BasePriority : Normal

FileVersion : 5.1.2600.0 (xpclient.010817-1148)

ProductVersion : 5.1.2600.0

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Generic Host Process for Win32 Services

InternalName : svchost.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : svchost.exe

 

#:7 [svchost.exe]

FilePath : C:\WINDOWS\System32 ProcessID : 1128

ThreadCreationTime : 2004-10-19 20:29:36

BasePriority : Normal

FileVersion : 5.1.2600.0 (xpclient.010817-1148)

ProductVersion : 5.1.2600.0

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Generic Host Process for Win32 Services

InternalName : svchost.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : svchost.exe

 

#:8 [svchost.exe]

FilePath : C:\WINDOWS\System32 ProcessID : 1260

ThreadCreationTime : 2004-10-19 20:29:36

BasePriority : Normal

FileVersion : 5.1.2600.0 (xpclient.010817-1148)

ProductVersion : 5.1.2600.0

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Generic Host Process for Win32 Services

InternalName : svchost.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : svchost.exe

 

#:9 [svchost.exe]

FilePath : C:\WINDOWS\System32 ProcessID : 1284

ThreadCreationTime : 2004-10-19 20:29:36

BasePriority : Normal

FileVersion : 5.1.2600.0 (xpclient.010817-1148)

ProductVersion : 5.1.2600.0

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Generic Host Process for Win32 Services

InternalName : svchost.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : svchost.exe

 

#:10 [spoolsv.exe]

FilePath : C:\WINDOWS\system32 ProcessID : 1412

ThreadCreationTime : 2004-10-19 20:29:37

BasePriority : Normal

FileVersion : 5.1.2600.0 (XPClient.010817-1148)

ProductVersion : 5.1.2600.0

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Spooler SubSystem App

InternalName : spoolsv.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : spoolsv.exe

 

#:11 [ctsvccda.exe]

FilePath : C:\WINDOWS\System32 ProcessID : 1524

ThreadCreationTime : 2004-10-19 20:29:37

BasePriority : Normal

FileVersion : 1.0.1.0

ProductVersion : 1.0.0.0

ProductName : Creative Service for CDROM Access

CompanyName : Creative Technology Ltd

FileDescription : Creative Service for CDROM Access

InternalName : CTsvcCDAEXE

LegalCopyright : Copyright © Creative Technology Ltd., 1999. All rights reserved.

OriginalFilename : CTsvcCDA.EXE

 

#:12 [mdm.exe]

FilePath : C:\Program\Delade filer\Microsoft Shared\VS7Debug ProcessID : 1580

ThreadCreationTime : 2004-10-19 20:29:38

BasePriority : Normal

FileVersion : 7.00.9064.9150

ProductVersion : 7.00.9064.9150

ProductName : Microsoft Development Environment

CompanyName : Microsoft Corporation

FileDescription : Machine Debug Manager

InternalName : mdm.exe

LegalCopyright : Copyright © Microsoft Corp. 1997-2000

OriginalFilename : mdm.exe

 

#:13 [npfsvice.exe]

FilePath : C:\NORMAN\Nvc\BIN ProcessID : 1632

ThreadCreationTime : 2004-10-19 20:29:38

BasePriority : Normal

 

 

#:14 [zanda.exe]

FilePath : C:\Norman\NVC\BIN ProcessID : 1656

ThreadCreationTime : 2004-10-19 20:29:38

BasePriority : Normal

 

 

#:15 [scardsvr.exe]

FilePath : C:\WINDOWS\System32 ProcessID : 1756

ThreadCreationTime : 2004-10-19 20:29:39

BasePriority : Normal

FileVersion : 5.1.2600.0 (xpclient.010817-1148)

ProductVersion : 5.1.2600.0

ProductName : Operativsystemet Microsoft® Windows®

CompanyName : Microsoft Corporation

FileDescription : Resurshanteringsserver för smartkort

InternalName : SCardSvr.exe

LegalCopyright : © Microsoft Corporation. Med ensamrätt.

OriginalFilename : SCardSvr.exe

 

#:16 [smartscaps.exe]

FilePath : C:\WINDOWS\system32 ProcessID : 1796

ThreadCreationTime : 2004-10-19 20:29:39

BasePriority : Normal

 

 

#:17 [svchost.exe]

FilePath : C:\WINDOWS\System32 ProcessID : 2044

ThreadCreationTime : 2004-10-19 20:29:40

BasePriority : Normal

FileVersion : 5.1.2600.0 (xpclient.010817-1148)

ProductVersion : 5.1.2600.0

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Generic Host Process for Win32 Services

InternalName : svchost.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : svchost.exe

 

#:18 [explorer.exe]

FilePath : C:\WINDOWS ProcessID : 412

ThreadCreationTime : 2004-10-19 20:29:40

BasePriority : Normal

FileVersion : 6.00.2800.1106 (xpsp1.020828-1920)

ProductVersion : 6.00.2800.1106

ProductName : Operativsystemet Microsoft® Windows®

CompanyName : Microsoft Corporation

FileDescription : Utforskaren

InternalName : explorer

LegalCopyright : © Microsoft Corporation. Med ensamrätt.

OriginalFilename : EXPLORER.EXE

 

#:19 [services.exe]

FilePath : C:\WINDOWS ProcessID : 536

ThreadCreationTime : 2004-10-19 20:29:42

BasePriority : Normal

 

 

#:20 [atiptaxx.exe]

FilePath : C:\ATI-CPanel ProcessID : 636

ThreadCreationTime : 2004-10-19 20:29:43

BasePriority : Normal

FileVersion : 6.14.10.5061

ProductVersion : 6.14.10.5061

ProductName : ATI Desktop Component

CompanyName : ATI Technologies, Inc.

FileDescription : ATI Desktop Control Panel

InternalName : Atiptaxx.exe

LegalCopyright : Copyright © 1998-2002 ATI Technologies Inc.

OriginalFilename : Atiptaxx.exe

 

#:21 [ctsysvol.exe]

FilePath : C:\Program\Creative\SBAudigy2\Surround Mixer ProcessID : 708

ThreadCreationTime : 2004-10-19 20:29:43

BasePriority : Normal

FileVersion : 1.1.3.0

ProductVersion : 1.0.0.0

ProductName : Creative Volume Control

CompanyName : Creative Technology Ltd

FileDescription : CTSysVol.exe

LegalCopyright : Copyright © Creative Technology Ltd., 2002. All rights reserved.

OriginalFilename : CTSysVol.exe

 

#:22 [ctdvddet.exe]

FilePath : C:\Program\Creative\SBAudigy2\DVDAudio ProcessID : 716

ThreadCreationTime : 2004-10-19 20:29:43

BasePriority : Normal

FileVersion : 1.0.2.0

ProductVersion : 1.0.2.0

ProductName : CTDVDDET

CompanyName : Creative Technology Ltd

FileDescription : CTDVDDET

InternalName : CTDVDDET

LegalCopyright : Copyright © Creative Technology Ltd., 2002. All rights reserved.

OriginalFilename : CTDVDDET.EXE

 

#:23 [cthelper.exe]

FilePath : C:\WINDOWS\System32 ProcessID : 740

ThreadCreationTime : 2004-10-19 20:29:43

BasePriority : Normal

FileVersion : 1, 0, 0, 16

ProductVersion : 1, 0, 0, 16

ProductName : CtHelper Application

CompanyName : Creative Technology Ltd

FileDescription : CtHelper MFC Application

InternalName : CtHelper

LegalCopyright : Copyright © 2002-03

OriginalFilename : CtHelper.EXE

 

#:24 [ezsp_px.exe]

FilePath : C:\WINDOWS\System32 ProcessID : 776

ThreadCreationTime : 2004-10-19 20:29:43

BasePriority : Normal

 

 

#:25 [evntsvc.exe]

FilePath : C:\Program\Delade filer\Real\Update_OB ProcessID : 956

ThreadCreationTime : 2004-10-19 20:29:43

BasePriority : Normal

FileVersion : 0.1.0.880

ProductVersion : 0.1.0.880

ProductName : RealOne Player (32-bit)

CompanyName : RealNetworks, Inc.

FileDescription : RealNetworks Scheduler

InternalName : schedapp

LegalCopyright : Copyright © RealNetworks, Inc. 1995-2002

LegalTrademarks : RealAudio is a trademark of RealNetworks, Inc.

OriginalFilename : evntsvc.EXE

 

#:26 [hpgs2wnd.exe]

FilePath : C:\Program\Hewlett-Packard\HP Share-to-Web ProcessID : 1092

ThreadCreationTime : 2004-10-19 20:29:44

BasePriority : Normal

FileVersion : 2,4,0,26

ProductVersion : 2,4,0,26

ProductName : Hewlett-Packard hpgs2wnd

CompanyName : Hewlett-Packard

FileDescription : hpgs2wnd

InternalName : hpgs2wnd

LegalCopyright : Copyright © 2001

OriginalFilename : hpgs2wnd.exe

 

#:27 [msnappau.exe]

FilePath : C:\Program\MSN Apps\Updater\01.02.3000.1001\sv ProcessID : 1188

ThreadCreationTime : 2004-10-19 20:29:44

BasePriority : Normal

 

 

#:28 [qttask.exe]

FilePath : C:\Program\QuickTime ProcessID : 1196

ThreadCreationTime : 2004-10-19 20:29:44

BasePriority : Normal

FileVersion : 6.5.1

ProductVersion : QuickTime 6.5.1

ProductName : QuickTime

CompanyName : Apple Computer, Inc.

InternalName : QuickTime Task

LegalCopyright : © Apple Computer, Inc. 2001-2004

OriginalFilename : QTTask.exe

 

#:29 [hpgs2wnf.exe]

FilePath : C:\Program\HEWLET~1\HPSHAR~1 ProcessID : 1216

ThreadCreationTime : 2004-10-19 20:29:44

BasePriority : Normal

FileVersion : 2,4,0,26

ProductVersion : 2,4,0,26

ProductName : hpgs2wnf Module

FileDescription : hpgs2wnf Module

InternalName : hpgs2wnf

LegalCopyright : Copyright 2001

OriginalFilename : hpgs2wnf.EXE

 

#:30 [zlh.exe]

FilePath : C:\Norman\NVC\BIN ProcessID : 1032

ThreadCreationTime : 2004-10-19 20:29:44

BasePriority : Normal

 

 

#:31 [ctfmon.exe]

FilePath : C:\WINDOWS\System32 ProcessID : 1268

ThreadCreationTime : 2004-10-19 20:29:44

BasePriority : Normal

FileVersion : 5.1.2600.1106 (xpsp1.020828-1920)

ProductVersion : 5.1.2600.1106

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : CTF Loader

InternalName : CTFMON

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : CTFMON.EXE

 

#:32 [rcman.exe]

FilePath : C:\Program\Creative\MediaSource\RemoteControl ProcessID : 1372

ThreadCreationTime : 2004-10-19 20:29:44

BasePriority : Normal

FileVersion : 1.0.9.0

ProductVersion : 1.00

ProductName : Creative Media Source

CompanyName : Creative Technology Ltd.

FileDescription : Remote Control Manager

InternalName : RcMan

LegalCopyright : Copyright © Creative Technology Ltd.,2002. All rights reserved.

OriginalFilename : RcMan.EXE

 

#:33 [msmsgs.exe]

FilePath : C:\Program\Messenger ProcessID : 1440

ThreadCreationTime : 2004-10-19 20:29:44

BasePriority : Normal

FileVersion : 4.7.2009

ProductVersion : Version 4.7

ProductName : Messenger

CompanyName : Microsoft Corporation

FileDescription : Messenger

InternalName : msmsgs

LegalCopyright : Copyright © Microsoft Corporation 1997-2003

LegalTrademarks : Microsoft® is a registered trademark of Microsoft Corporation in the U.S. and/or other countries.

OriginalFilename : msmsgs.exe

 

#:34 [spysweeper.exe]

FilePath : C:\Program\Webroot\Spy Sweeper ProcessID : 1488

ThreadCreationTime : 2004-10-19 20:29:44

BasePriority : Normal

FileVersion : 3.2.0.146

ProductVersion : 3.2

ProductName : Spy Sweeper

CompanyName : Webroot Software, Inc.

FileDescription : Spy Sweeper

LegalCopyright : Copyright © 2001-2004 Webroot Software, Inc.

LegalTrademarks : Spy Sweeper is a trademark of Webroot Software, Inc.

 

#:35 [acrotray.exe]

FilePath : C:\Program\Adobe\Acrobat 5.0\Distillr ProcessID : 1040

ThreadCreationTime : 2004-10-19 20:29:44

BasePriority : Normal

FileVersion : 5, 0, 0, 0

ProductVersion : 5, 0, 0, 0

ProductName : AcroTray - Adobe Acrobat Distiller helper application.

CompanyName : Adobe Systems Inc.

FileDescription : AcroTray

InternalName : AcroTray

LegalCopyright : Copyright © 2001

OriginalFilename : AcroTray.exe

 

#:36 [npfmsg2.exe]

FilePath : C:\NORMAN\Nvc\BIN ProcessID : 1936

ThreadCreationTime : 2004-10-19 20:29:45

BasePriority : Normal

FileVersion : 1, 2, 0, 0

ProductVersion : 1, 2, 0, 0

ProductName : NPFMessenger Application

FileDescription : NPFMessenger MFC Application

InternalName : NPFMessenger

LegalCopyright : Copyright © 2000

OriginalFilename : NPFMessenger.EXE

 

#:37 [smartcertmover.exe]

FilePath : C:\Program\SmartTrust\SmartTrust Personal\Csp ProcessID : 1600

ThreadCreationTime : 2004-10-19 20:29:45

BasePriority : Normal

 

 

#:38 [wincinemamgr.exe]

FilePath : C:\Program\InterVideo\Common\Bin ProcessID : 2000

ThreadCreationTime : 2004-10-19 20:29:45

BasePriority : Normal

FileVersion : 1.0

ProductVersion : 1, 0, 0, 1

ProductName : WinCinema Manager for InterVideo WinCinema products

FileDescription : WinCinema Manager

InternalName : WinCinema Manager

LegalCopyright : Copyright © 2000 InterVideo Inc.

OriginalFilename : WinCinemaMgr.EXE

 

#:39 [wfxsnt40.exe]

FilePath : C:\WINDOWS\system32 ProcessID : 352

ThreadCreationTime : 2004-10-19 20:29:45

BasePriority : Normal

FileVersion : 7.00 (Build 019)

ProductVersion : 7.00 (Build 019)

ProductName : Microsoft ® Windows NT WinFax Printer Driver

CompanyName : Microsoft Corporation

FileDescription : Delrina Fax Port Launcher

InternalName : WFXSNT40.DLL

LegalCopyright : Copyright © Symantec Corp. 1990-1997

OriginalFilename : WFXSNT40.DLL

 

#:40 [wfxctl32.exe]

FilePath : C:\Program\Symantec\WinFax ProcessID : 444

ThreadCreationTime : 2004-10-19 20:29:46

BasePriority : Normal

 

 

#:41 [njeeves.exe]

FilePath : C:\NORMAN\Nvc\BIN ProcessID : 592

ThreadCreationTime : 2004-10-19 20:29:48

BasePriority : Normal

 

 

#:42 [nipsvc.exe]

FilePath : C:\NORMAN\Nvc\BIN ProcessID : 588

ThreadCreationTime : 2004-10-19 20:29:48

BasePriority : Normal

 

 

#:43 [nvcsched.exe]

FilePath : C:\NORMAN\Nvc\BIN ProcessID : 768

ThreadCreationTime : 2004-10-19 20:29:48

BasePriority : Normal

FileVersion : 1.03

ProductVersion : 1.03

ProductName : Norman Virus Control

CompanyName : Norman Data Defense Systems

FileDescription : NVC Scheduler

InternalName : NVCSched.exe

LegalCopyright : © Norman Data Defense Systems. 1997-2000

OriginalFilename : NVCSched.exe

 

#:44 [nvcoas.exe]

FilePath : C:\NORMAN\Nvc\BIN ProcessID : 1696

ThreadCreationTime : 2004-10-19 20:29:49

BasePriority : Normal

FileVersion : 5, 3, 0, 1

ProductVersion : NVC forTerminal server beta

ProductName : NVC on-access scanner

CompanyName : Norman ASA

FileDescription : NVC on-access virus scanner

InternalName : NVCNT

LegalCopyright : Copyright © 2000-2001

OriginalFilename : NVCOAS.EXE

 

#:45 [wmiprvse.exe]

FilePath : C:\WINDOWS\System32\wbem ProcessID : 1996

ThreadCreationTime : 2004-10-19 20:29:49

BasePriority : Normal

FileVersion : 5.1.2600.1106 (xpsp1.020828-1920)

ProductVersion : 5.1.2600.1106

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : WMI

InternalName : Wmiprvse.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : Wmiprvse.exe

 

#:46 [cclaw.exe]

FilePath : C:\NORMAN\Nvc\BIN ProcessID : 2584

ThreadCreationTime : 2004-10-19 20:29:56

BasePriority : Normal

 

 

#:47 [wfxmod32.exe]

FilePath : C:\Program\Symantec\WinFax ProcessID : 2608

ThreadCreationTime : 2004-10-19 20:29:56

BasePriority : High

 

 

#:48 [ad-aware.exe]

FilePath : C:\Program\Lavasoft\Ad-Aware SE Personal ProcessID : 2976

ThreadCreationTime : 2004-10-19 20:30:11

BasePriority : Normal

FileVersion : 6.2.0.206

ProductVersion : VI.Second Edition

ProductName : Lavasoft Ad-Aware SE

CompanyName : Lavasoft Sweden

FileDescription : Ad-Aware SE Core application

InternalName : Ad-Aware.exe

LegalCopyright : Copyright © Lavasoft Sweden

OriginalFilename : Ad-Aware.exe

Comments : All Rights Reserved

 

#:49 [wuauclt.exe]

FilePath : C:\WINDOWS\System32 ProcessID : 3068

ThreadCreationTime : 2004-10-19 20:30:25

BasePriority : Normal

FileVersion : 5.4.3790.2182 built by: srv03_rtm(ntvbl04)

ProductVersion : 5.4.3790.2182

ProductName : Operativsystemet Microsoft® Windows®

CompanyName : Microsoft Corporation

FileDescription : Automatiska uppdateringar

InternalName : wuauclt.exe

LegalCopyright : © Microsoft Corporation. Med ensamrätt.

OriginalFilename : wuauclt.exe

 

Memory scan result:

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

New critical objects: 0

Objects found so far: 0

 

 

Started registry scan

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

 

Windows Object Recognized!

Type : RegData

Data : explorer.exe c:\windows\system32\fservice.exe

Category : Vulnerability

Comment : Shell Possibly Compromised

Rootkey : HKEY_LOCAL_MACHINE

Object : software\microsoft\windows nt\currentversion\winlogon

Value : Shell

Data : explorer.exe c:\windows\system32\fservice.exe

 

Registry Scan result:

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

New critical objects: 1

Objects found so far: 1

 

 

Started deep registry scan

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

 

Deep registry scan result:

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

New critical objects: 0

Objects found so far: 1

 

 

Started Tracking Cookie scan

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

 

 

Tracking cookie scan result:

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

New critical objects: 0

Objects found so far: 1

 

 

 

Deep scanning and examining files (C:)

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

 

Disk Scan Result for C:»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

New critical objects: 0

Objects found so far: 1

 

 

Scanning Hosts file......

Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts".

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

 

Hosts file scan result:

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

2 entries scanned.

New critical objects:0

Objects found so far: 1

 

 

 

 

Performing conditional scans...

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

 

Conditional scan result:

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

New critical objects: 0

Objects found so far: 1

 

22:44:51 Scan Complete

 

Summary Of This Scan

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Total scanning time:00:14:17.406

Objects scanned:178489

Objects identified:1

Objects ignored:0

New critical objects:1

[/log]

 

Därefter gjorde jag en scanning med HiJackThis även om du inte skrev att du ville ha en sådan logg:

[log]

Logfile of HijackThis v1.98.2

Scan saved at 22:56:18, on 2004-10-19

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\System32\CTSvcCDA.EXE

C:\Program\Delade filer\Microsoft Shared\VS7Debug\mdm.exe

C:\NORMAN\Nvc\BIN\NPFSVICE.EXE

C:\Norman\NVC\BIN\Zanda.exe

C:\WINDOWS\System32\SCardSvr.exe

C:\WINDOWS\system32\Smartscaps.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.exe

C:\ATI-CPanel\atiptaxx.exe

C:\Program\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe

C:\Program\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE

C:\WINDOWS\System32\CTHELPER.EXE

C:\WINDOWS\System32\ezSP_Px.exe

C:\Program\Delade filer\Real\Update_OB\evntsvc.exe

C:\Program\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe

C:\Program\HEWLET~1\HPSHAR~1\hpgs2wnf.exe

C:\Program\MSN Apps\Updater\01.02.3000.1001\sv\msnappau.exe

C:\Program\QuickTime\qttask.exe

C:\Norman\NVC\BIN\ZLH.EXE

C:\WINDOWS\System32\ctfmon.exe

C:\Program\Creative\MediaSource\RemoteControl\RcMan.exe

C:\Program\Messenger\msmsgs.exe

C:\Program\Webroot\Spy Sweeper\SpySweeper.exe

C:\Program\Adobe\Acrobat 5.0\Distillr\AcroTray.exe

C:\Program\SmartTrust\SmartTrust Personal\Csp\SmartCertmover.exe

C:\Program\InterVideo\Common\Bin\WinCinemaMgr.exe

C:\WINDOWS\system32\wfxsnt40.exe

C:\Program\Symantec\WinFax\wfxctl32.exe

C:\NORMAN\Nvc\BIN\NVCSCHED.EXE

C:\NORMAN\Nvc\BIN\nvcoas.exe

C:\NORMAN\Nvc\BIN\nipsvc.exe

C:\NORMAN\Nvc\BIN\NJEEVES.EXE

C:\Program\Symantec\WinFax\WFXMOD32.EXE

C:\WINDOWS\System32\wuauclt.exe

C:\WINDOWS\System32\wuauclt.exe

C:\Program\totalcmd\TOTALCMD.EXE

c:\HiJack\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.se/

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar

F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\system32\fservice.exe

O1 - Hosts: 64.91.255.87 www.dcsresearch.com

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program\SPYBOT~1\SDHelper.dll

O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program\MSN Apps\ST\01.02.3000.1002\en-xu\stmain.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program\google\googletoolbar2.dll

O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program\MSN Apps\MSN Toolbar\01.02.3000.1001\sv\msntb.dll

O2 - BHO: SDWin32 Class - {C798639E-15DE-4D11-99E6-D3CEBB0C4353} - C:\WINDOWS\System32\jtxzn.dll (file missing)

O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program\MSN Apps\MSN Toolbar\01.02.3000.1001\sv\msntb.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program\google\googletoolbar2.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe

O4 - HKLM\..\Run: [ATIPTA] C:\ATI-CPanel\atiptaxx.exe

O4 - HKLM\..\Run: [CTSysVol] "C:\Program\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe"

O4 - HKLM\..\Run: [CTDVDDet] C:\Program\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE

O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE

O4 - HKLM\..\Run: [AsioReg] REGSVR32.EXE /S CTASIO.DLL

O4 - HKLM\..\Run: [sBDrvDet] "C:\Program\Creative\SB Drive Det\SBDrvDet.exe" /r

O4 - HKLM\..\Run: [updReg] C:\WINDOWS\UpdReg.EXE

O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe

O4 - HKLM\..\Run: [TkBellExe] C:\Program\Delade filer\Real\Update_OB\evntsvc.exe -osboot

O4 - HKLM\..\Run: [share-to-Web Namespace Daemon] "C:\Program\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe"

O4 - HKLM\..\Run: [PSDrvCheck] "c:\program\pinnacle\liquid edition demo\program\PSDrvCheck.exe" -CheckReg

O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe -CheckReg

O4 - HKLM\..\Run: [msnappau] "C:\Program\MSN Apps\Updater\01.02.3000.1001\sv\msnappau.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [THGuard] "C:\Program\TrojanHunter 4.0\THGuard.exe"

O4 - HKLM\..\Run: [Norman ZANDA] C:\Norman\NVC\BIN\ZLH.EXE /LOAD /SPLASH

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe

O4 - HKCU\..\Run: [RemoteCenter] C:\Program\Creative\MediaSource\RemoteControl\RcMan.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Program\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [spySweeper] "C:\Program\Webroot\Spy Sweeper\SpySweeper.exe" /0

O4 - Startup: WinFax Application Port Starter.lnk = C:\WINDOWS\system32\wfxsnt40.exe

O4 - Startup: WinFax PRO Controller.lnk = C:\Program\Symantec\WinFax\wfxctl32.exe

O4 - Global Startup: Acrobat Assistant.lnk = C:\Program\Adobe\Acrobat 5.0\Distillr\AcroTray.exe

O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program\Delade filer\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Certificate Mover.lnk = ?

O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program\InterVideo\Common\Bin\WinCinemaMgr.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program\Microsoft Office\Office10\OSA.EXE

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\MSMSGS.EXE

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\MSMSGS.EXE

O12 - Plugin for .spop: C:\Program\Internet Explorer\Plugins\NPDocBox.dll

O16 - DPF: {6F74F92E-8DD8-4DDE-8FB8-CBB882A68048} (Microsoft Office XP Professional Step by Step Interactive) - file://C:\Program\Microsoft interaktiv träning\O10C\mitm0026.cab

O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{2B8781EC-5B2C-44BB-9D68-EE70365BFE17}: NameServer = 195.67.199.18,195.67.199.19[/log]

 

Lycka till med analyserna!

Mvh

Hultas

 

 

 

 

Link to comment
Share on other sites

Hej Hultas :)

 

Välkommen tillbaka.

 

Lycka till med analyserna!

Tack så mycket :)

Det var inte lite!!??

 

Håller på och går igenom dina loggor. Och för att se hur vi bäst skall gå tillväga här.

Återkommer under kvällen till dig.

 

Håll ut så länge

:thumbsup:

 

MVH/Malou

****Ha en fortsatt underbar dag****

 

Team Lavasoft

Lavasupporten

 

 

Link to comment
Share on other sites

Hej Hultas :)

 

Öppna aktivetetshanteraren (Ctrl+Alt+Del), leta upp fservice.exe, sservice.exe , om de hittas, avsluta dem.

 

 

Stäng ner Internet (logga ut):

Öppna HJT. Klicka på Scan-knappen. Bocka för nedanstående detaljer. Klicka på Fix Checked-knappen. Starta om datorn i felsäkert läge (tryck F8 upprepade gånger):

 

[log]F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\system32\fservice.exe

O1 - Hosts: 64.91.255.87 www.dcsresearch.com

O2 - BHO: SDWin32 Class - {C798639E-15DE-4D11-99E6-D3CEBB0C4353} - C:\WINDOWS\System32\jtxzn.dll (file missing)[/log]

Då du gjort ovanstående och startat om datorn i felsäkert läge.

 

För att hitta de filer du nu skall leta upp, måste du klicka (windowstangent+E) och i verktygsfältet klicka på "Verktyg>mappalternativ" och under "Visa" klicka på "Visa dolda filer och mappar" samt avbocka "dölj filnamstillägg för kända filtyper" och "Dölj skyddade operativsystemfiler"

 

[log]Sök/leta reda på:

Delita alla rödmarkerade filer:

Var observant på var filerna ligger så du inte delitar fel filer:

C:\WINDOWS\services.exe <-Delita:

C:\WINDOWS\system\sservice.exe -Delita:

C:\WINDOWS\system32\fservice.exe <-Delita:

C:\WINDOWS\system32\wininv.dll <-Delita:

C:\WINDOWS\system32\winkey.dll <-Delita:

Töm papperskorgen. Starta om datorn:[/log]

 

Gör nu en scanning med Ad-Awaren i Full System Scan och lägg in loggen här.

Gör även en ny HJT-log och lägg in,

 

MVH/Malou

****Ha en fortsatt underbar dag****

 

Team Lavasoft

Lavasupporten

 

 

Link to comment
Share on other sites

Hej!

Hittar varken fservice.exe eller sservice.exe i aktivitetshanteraren. Däremot finns services.exe. Kan jag avsluta den istället utan risk?

 

Mvh

Hultas

 

Link to comment
Share on other sites

Hej Hultas :)

Däremot finns services.exe. Kan jag avsluta den istället utan risk?

Nej, det tycker jag inte att du skall göra. Risken är att det blir fel services.exe. Det är det som är en del utav problemet här.

Därför tog jag inte med att du skulle avsluta den i aktivitetshanteraren.

 

Hittar varken fservice.exe eller sservice.exe i aktivitetshanteraren

Ok.

 

Gå vidare med de övriga instruktionerna. Men var observant på att du delitar rätt services.exe.

Den du skall delita ligger här

C:\WINDOWS\services.exe <-Delita:

C:\WINDOWS\system32\services.exe <-Rör inte den här:

 

Delita de övriga rödmarkerade filerna som jag uppgett också.

 

Gör sedan nya scanningar med Ad-Aware och HJT, lägg in loggorna här.

 

MVH/Malou

 

 

****Ha en fortsatt underbar dag****

 

Team Lavasoft

Lavasupporten

 

 

Link to comment
Share on other sites

Hej!

Det går inte att radera de filer du angett!

services.exe, winkey.dll och wininv.dll = åtkomst nekad

fservice.exe och sservice.exe återuppstår direkt efter radering.

 

Jag undrar om det skulle funka om jag byter ut hårddisken och startar systemet från en annan disk och kör den här som "slave"?

Då borde det väl gå att att radera de här envisa filerna!

 

mvh

Hultas

 

Link to comment
Share on other sites

Hej Hultas :)

 

Det går inte att radera de filer du angett!

services.exe, winkey.dll och wininv.dll = åtkomst nekad

fservice.exe och sservice.exe återuppstår direkt efter radering.

Ok.

Det var inte bra det här.

Men jag misstänkte nästan det här :(

 

Jag undrar om det skulle funka om jag byter ut hårddisken och startar systemet från en annan disk och kör den här som "slave"?

Då borde det väl gå att att radera de här envisa filerna!

Nej, det hjälper inte (tyvärr).

 

 

Skall undersöka om jag kan använda några utav mina verktyg som jag har tillgång till och se om de eventuellt/förhoppningsvis kan fungera på det här.

 

Återkommer så fort som möjligt.

Håll ut så länge

:)

 

MVH/Malou

****Ha en fortsatt underbar dag****

 

Team Lavasoft

Lavasupporten

 

 

Link to comment
Share on other sites

Men Malou, om man inte har bootat från hårddisken så borde väl inte processerna vara igång och därmed borde filerna gå att ta bort? Eller hur menar du?

 

 

Link to comment
Share on other sites

Hej Cecilia :)

om man inte har bootat från hårddisken så borde väl inte processerna vara igång och därmed borde filerna gå att ta bort?

Så långt kan jag hålla med att processerna inte är igång om man gör så här.

Men de här processerna ligger i det nuvarande "äldre" systemet och det systemet kommer man troligen inte åt om man lägger in ett till system på en ny hårddisk. Det är det som är problemet.

 

Hoppas du förstår min förklaring och hur jag tänker i mitt resonemang :)

 

MVH/Malou

****Ha en fortsatt underbar dag****

 

Team Lavasoft

Lavasupporten

 

 

Link to comment
Share on other sites

Hej Malou :)

Nu förstår jag bätre hur du tänkte, men jag är inte säker på att man inte skulle kunna komma åt dessa filer om man bootar från en annan hårddisk. Men det kanske är så.

 

 

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.



×
×
  • Create New...