MSN-Virus

[--GK--]

[log]Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 16:46:17, on 2007-12-11

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program\Lavasoft\Ad-Aware 2007\aawservice.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program\Delade filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Program\Analog Devices\Core\smax4pnp.exe

C:\Program\Analog Devices\SoundMAX\Smax4.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Program\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe

C:\Program\QuickTime\QTTask.exe

C:\Program\Delade filer\Real\Update_OB\realsched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program\MSN Messenger\MsnMsgr.Exe

D:\Program\Microsoft ActiveSync\wcescomm.exe

C:\Program\SUPERAntiSpyware\SUPERAntiSpyware.exe

D:\Program\MICROS~1\rapimgr.exe

C:\Program\Mozilla Firefox\firefox.exe

C:\WINDOWS\explorer.exe

C:\Program\Trend Micro\HijackThis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.se/

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.se/0SESVSE/SAOS01?FORM=TOOLBR

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Delade filer\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program\Java\jre1.6.0_01\bin\ssv.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program\Delade filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program\Windows Live Toolbar\msntb.dll

O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program\Windows Live Toolbar\msntb.dll

O4 - HKLM\..\Run: [JMB36X Configure] C:\WINDOWS\system32\JMRaidTool.exe boot

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [soundMAXPnP] C:\Program\Analog Devices\Core\smax4pnp.exe

O4 - HKLM\..\Run: [soundMAX] "C:\Program\Analog Devices\SoundMAX\Smax4.exe" /tray

O4 - HKLM\..\Run: [cctray] "D:\Program\CA\CA Internet Security Suite\cctray\cctray.exe"

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [iTunesHelper] "D:\Program\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [TkBellExe] "C:\Program\Delade filer\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [unlockerAssistant] "C:\Program\Unlocker\UnlockerAssistant.exe"

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [steam] "d:\valve\steam\steam.exe" -silent

O4 - HKCU\..\Run: [H/PC Connection Agent] "D:\Program\Microsoft ActiveSync\wcescomm.exe"

O4 - HKCU\..\Run: [DAEMON Tools] "D:\Program\DAEMON Tools\daemon.exe" -lang 1033

O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program\SUPERAntiSpyware\SUPERAntiSpyware.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJÄNST')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Startup: Adobe Gamma.lnk = C:\Program\Delade filer\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Startup: Registration .LNK = D:\Valve\Steam\SteamApps\NiForInteVeta\Dark Messiah of Might and Magic\RegistrationReminder.exe

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program\Delade filer\Adobe\Calibration\Adobe Gamma Loader.exe

O8 - Extra context menu item: &Windows Live Search - res://C:\Program\Windows Live Toolbar\msntb.dll/search.htm

O8 - Extra context menu item: E&xportera till Microsoft Excel - res://D:\Program\MICROS~2\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Öppna på ny flik i bakgrunden - res://C:\Program\Windows Live Toolbar\Components\sv-se\msntabres.dll.mui/229?39a911e3a526465faff1d5047ede6ec5

O8 - Extra context menu item: Öppna på ny flik i förgrunden - res://C:\Program\Windows Live Toolbar\Components\sv-se\msntabres.dll.mui/230?39a911e3a526465faff1d5047ede6ec5

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - D:\Program\MICROS~1\INetRepl.dll

O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - D:\Program\MICROS~1\INetRepl.dll

O9 - Extra 'Tools' menuitem: Skapa mobilfavorit ... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - D:\Program\MICROS~1\INetRepl.dll

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe

O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe

O9 - Extra button: Referensinformation - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\Program\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab

O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab

O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase4009.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O20 - Winlogon Notify: !SASWinLogon - C:\Program\SUPERAntiSpyware\SASWINLO.dll

O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program\Lavasoft\Ad-Aware 2007\aawservice.exe

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program\Delade filer\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program\Delade filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: CaCCProvSP - CA, Inc. - D:\Program\CA\CA Internet Security Suite\ccprovsp.exe

O23 - Service: iPod Service - Unknown owner - C:\Program\iPod\bin\iPodService.exe (file missing)

O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - Unknown owner - C:\Program\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe (file missing)

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: PPCtlPriv - Unknown owner - D:\Program\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe (file missing)

 

--

End of file - 8397 bytes[/log]

 

Så, nu får ni undersöka

 

[Zipp.]

 

Släng den Combofix du har och ladda ner den igen + kör och skicka loggen som kommer ut.

 

[--GK--]

[log]ComboFix 07-12-09.1 - Gustav Karlsson 2007-12-11 17:28:50.3 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1053.18.1407 [GMT 1:00]

Running from: C:\Documents and Settings\Gustav Karlsson\Skrivbord\ComboFix.exe

.

 

((((((((((((((((((((((((( Files Created from 2007-11-11 to 2007-12-11 )))))))))))))))))))))))))))))))

.

 

2007-12-11 16:36 . 2007-12-11 16:36 <KAT> d-------- C:\Program\Trend Micro

2007-12-11 16:28 . 2007-12-11 16:28 <KAT> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com

2007-12-10 22:09 . 2007-12-10 22:09 <KAT> d-------- C:\Program\Lavasoft

2007-12-10 22:09 . 2007-12-10 22:09 <KAT> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft

2007-12-10 19:57 . 2005-09-23 08:29 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll

2007-12-10 19:36 . 2007-12-10 19:36 152,708 --a------ C:\WINDOWS\sirtottempale.exe.zip

2007-12-10 19:36 . 2007-12-10 19:36 152,706 --a------ C:\WINDOWS\smarterchild.exe.zip

2007-12-10 19:36 . 2007-12-10 19:35 152,698 --a------ C:\WINDOWS\fordedge.exe.zip

2007-12-10 19:35 . 2007-12-10 19:36 152,708 --a------ C:\WINDOWS\pic0382.zip

2007-12-10 19:35 . 2007-12-10 19:35 152,700 --a------ C:\WINDOWS\lellie_93.exe.zip

2007-12-10 19:35 . 2007-12-10 19:35 152,700 --a------ C:\WINDOWS\hampusgvg.exe.zip

2007-12-10 19:12 . 2007-12-11 16:28 <KAT> d-------- C:\Program\SUPERAntiSpyware

2007-12-10 19:12 . 2007-12-10 19:12 <KAT> d-------- C:\Documents and Settings\Gustav Karlsson\Application Data\SUPERAntiSpyware.com

2007-12-09 21:47 . 2007-12-09 21:47 <KAT> d-------- C:\WINDOWS\system32\config\systemprofile\Lokala instõllningar

2007-12-09 21:47 . 2007-12-09 21:47 <KAT> d-------- C:\Documents and Settings\NetworkService\Lokala instõllningar

2007-12-09 21:47 . 2007-12-09 21:47 <KAT> d-------- C:\Documents and Settings\LocalService\Lokala instõllningar

2007-12-09 21:47 . 2007-12-09 21:47 <KAT> d-------- C:\Documents and Settings\Gustav Karlsson\Lokala instõllningar

2007-12-09 21:47 . 2007-12-09 21:47 <KAT> d-------- C:\Documents and Settings\Default User\Lokala instõllningar

2007-12-09 19:40 . 2007-12-09 19:40 0 --a------ C:\23990098.$$$

2007-12-09 18:05 . 2007-12-09 18:05 <KAT> d-------- C:\Kaspersky

2007-12-08 18:08 . 2007-12-08 18:08 <KAT> d-------- C:\Documents and Settings\Gustav Karlsson\Application Data\AltrixSoft

2007-12-07 21:55 . 2007-12-07 21:58 <KAT> d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help

2007-12-07 17:51 . 2006-01-01 01:04 10,027 --a------ C:\WINDOWS\system32\mspriv32.dll

2007-12-03 18:48 . 1997-08-26 12:06 315,904 --a------ C:\WINDOWS\IsUninst.exe

2007-12-01 17:18 . 2007-12-01 17:18 <KAT> d-------- C:\Program\GetTubeVideo

2007-11-26 17:06 . 2007-12-01 17:21 <KAT> d-------- C:\Program\YouTube Downloader

2007-11-26 16:41 . 2007-11-26 16:41 3 ---h----- C:\WINDOWS\system32\YT11

2007-11-26 16:40 . 1999-08-27 19:53 184,320 --a------ C:\WINDOWS\system32\ARFrmExt.ocx

2007-11-26 16:40 . 2001-06-26 21:35 131,072 --a------ C:\WINDOWS\system32\ARButton.ocx

2007-11-26 16:40 . 2000-07-15 06:00 118,784 --a------ C:\WINDOWS\system32\MSSTDFMT.DLL

2007-11-26 16:40 . 2001-02-24 00:12 102,400 --a------ C:\WINDOWS\system32\MRActLabel.ocx

2007-11-26 16:40 . 2007-02-15 01:29 81,920 --a------ C:\WINDOWS\system32\GkSui20.EXE

2007-11-26 16:40 . 2001-06-26 21:10 69,632 --a------ C:\WINDOWS\system32\ARFlatButton.ocx

2007-11-24 13:59 . 2007-11-24 14:27 <KAT> d-------- C:\Program\WMR11

2007-11-23 18:39 . 2007-11-23 18:39 107,888 --a------ C:\WINDOWS\system32\CmdLineExt.dll

2007-11-21 19:52 . 2007-11-21 19:52 <KAT> d-------- C:\WINDOWS\MetaCreations

2007-11-21 19:46 . 1997-04-08 20:08 299,520 --a------ C:\WINDOWS\uninst.exe

2007-11-13 10:27 . 2007-11-13 10:46 <KAT> d-------- C:\Program\Resco

2007-11-13 10:27 . 2005-08-24 16:18 70,656 --a------ C:\WINDOWS\RSetupCE.exe

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2007-12-11 16:28 --------- d-----w C:\Documents and Settings\Gustav Karlsson\Application Data\uTorrent

2007-12-11 15:28 --------- d-----w C:\Program\Delade filer\InstallShield

2007-12-11 14:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab

2007-12-10 21:13 9,344 ----a-w C:\WINDOWS\system32\drivers\NSDriver.sys

2007-12-10 21:13 8,320 ----a-w C:\WINDOWS\system32\drivers\AWRTRD.sys

2007-12-10 19:08 --------- d--h--w C:\Program\InstallShield Installation Information

2007-12-10 18:12 --------- d-----w C:\Program\Delade filer\Wise Installation Wizard

2007-12-09 11:47 --------- d-----w C:\Documents and Settings\Gustav Karlsson\Application Data\dvdcss

2007-12-07 15:29 118,784 ----a-w C:\WINDOWS\Web\Wallpaper\talkin_message.exe

2007-12-07 15:29 118,784 ----a-w C:\WINDOWS\Web\Wallpaper\summerofficeboard.exe

2007-12-07 15:28 --------- d-----w C:\Program\EasyDVDConverter

2007-12-02 14:50 --------- d-----w C:\Program\Windows Live Safety Center

2007-11-30 16:41 --------- d-----w C:\Program\Windows Live Toolbar

2007-11-07 18:43 --------- d-----w C:\Program\Connective Tools

2007-11-06 16:39 --------- d-----w C:\Program\Dealio

2007-10-23 13:11 --------- d-----w C:\Program\Handbrake

2007-10-23 12:03 --------- d-----w C:\Program\Boilsoft MOV Converter

2007-10-22 18:50 --------- d-----w C:\Documents and Settings\Gustav Karlsson\Application Data\OTVREG

2007-10-21 12:45 --------- d-----w C:\Documents and Settings\Gustav Karlsson\Application Data\TVU Networks

2007-10-16 15:21 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files

2007-10-16 15:10 --------- d-----w C:\Documents and Settings\All Users\Application Data\fssg

2007-10-16 14:40 81,984 ----a-w C:\WINDOWS\system32\bdod.bin

2007-07-24 15:34 47,360 ----a-w C:\Documents and Settings\Gustav Karlsson\Application Data\pcouffin.sys

2007-04-07 13:18 1 ----a-w C:\Documents and Settings\Gustav Karlsson\SI.bin

2006-06-23 06:48 32,768 ----a-r C:\WINDOWS\inf\UpdateUSB.exe

2006-05-03 09:06 163,328 --sh--r C:\WINDOWS\system32\flvDX.dll

2007-07-24 08:09 10,856 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys

2007-02-21 10:47 31,232 --sh--r C:\WINDOWS\system32\msfDX.dll

.

 

((((((((((((((((((((((((((((( snapshot@2007-12-09_21.43.04.43 )))))))))))))))))))))))))))))))))))))))))

.

+ 2007-12-10 18:12:58 29,696 ----a-r C:\WINDOWS\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF11.exe

+ 2007-12-10 18:12:58 18,944 ----a-r C:\WINDOWS\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF13.exe

+ 2007-12-10 18:12:58 65,024 ----a-r C:\WINDOWS\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF15.exe

+ 2007-12-10 21:09:26 1,038,336 ----a-r C:\WINDOWS\Installer\{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}\Icon0E6AB9FC.exe

+ 2007-12-10 21:09:26 178,688 ----a-r C:\WINDOWS\Installer\{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}\Icon0E6AB9FC1.exe

- 2007-12-07 22:26:41 16,384 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat

+ 2007-12-10 15:38:14 16,384 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat

- 2007-12-07 22:26:41 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Lokala inställningar\Temporary Internet Files\Content.IE5\index.dat

+ 2007-12-10 15:38:14 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Lokala inställningar\Temporary Internet Files\Content.IE5\index.dat

- 2007-12-07 22:26:41 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Lokala inställningar\Tidigare\History.IE5\index.dat

+ 2007-12-10 15:38:14 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Lokala inställningar\Tidigare\History.IE5\index.dat

+ 2007-06-04 14:14:56 6,272 ----a-w C:\WINDOWS\system32\drivers\AWRTPD.sys

+ 2007-04-13 14:19:52 7,680 ----a-w C:\WINDOWS\system32\lsdelete.exe

- 2007-12-01 19:19:50 66,988 ----a-w C:\WINDOWS\system32\perfc009.dat

+ 2007-12-11 16:01:41 66,988 ----a-w C:\WINDOWS\system32\perfc009.dat

- 2007-12-01 19:19:50 78,720 ----a-w C:\WINDOWS\system32\perfc01D.dat

+ 2007-12-11 16:01:41 78,720 ----a-w C:\WINDOWS\system32\perfc01D.dat

- 2007-12-01 19:19:50 412,992 ----a-w C:\WINDOWS\system32\perfh009.dat

+ 2007-12-11 16:01:41 412,992 ----a-w C:\WINDOWS\system32\perfh009.dat

- 2007-12-01 19:19:50 416,044 ----a-w C:\WINDOWS\system32\perfh01D.dat

+ 2007-12-11 16:01:41 416,044 ----a-w C:\WINDOWS\system32\perfh01D.dat

+ 2007-12-11 15:28:36 8,514,556 ----a-w C:\WINDOWS\system32\Restore\rstrlog.dat

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2006-03-02 13:00]

"MsnMsgr"="C:\Program\MSN Messenger\MsnMsgr.exe" [2007-01-19 11:55]

"Steam"="d:\valve\steam\steam.exe" [2007-11-30 13:31]

"H/PC Connection Agent"="D:\Program\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 14:41]

"DAEMON Tools"="D:\Program\DAEMON Tools\daemon.exe" [2006-11-12 11:48]

"SUPERAntiSpyware"="C:\Program\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 14:06]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"JMB36X Configure"="C:\WINDOWS\system32\JMRaidTool.exe" [2006-06-02 09:45]

"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 09:50]

"NvCplDaemon"="RUNDLL32.exe" [2006-03-02 13:00 C:\WINDOWS\system32\rundll32.exe]

"nwiz"="nwiz.exe" [2007-04-20 05:05 C:\WINDOWS\system32\nwiz.exe]

"SoundMAXPnP"="C:\Program\Analog Devices\Core\smax4pnp.exe" [2006-05-01 11:07]

"SoundMAX"="C:\Program\Analog Devices\SoundMAX\Smax4.exe" [2006-04-10 08:19]

"cctray"="D:\Program\CA\CA Internet Security Suite\cctray\cctray.exe" [2007-03-13 13:58]

"NvMediaCenter"="RUNDLL32.exe" [2006-03-02 13:00 C:\WINDOWS\system32\rundll32.exe]

"Adobe Photo Downloader"="C:\Program\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 10:09]

"Adobe Reader Speed Launcher"="C:\Program\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51]

"iTunesHelper"="D:\Program\iTunes\iTunesHelper.exe" [2007-06-28 08:14]

"QuickTime Task"="C:\Program\QuickTime\QTTask.exe" [2007-06-29 05:24]

"TkBellExe"="C:\Program\Delade filer\Real\Update_OB\realsched.exe" [2007-08-15 11:07]

"UnlockerAssistant"="C:\Program\Unlocker\UnlockerAssistant.exe" []

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2006-03-02 13:00]

 

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

C:\Program\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program\SUPERAntiSpyware\SASWINLO.dll

 

R0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a);C:\WINDOWS\system32\drivers\sfdrv01a.sys

S3 PPCtlPriv;PPCtlPriv;"D:\Program\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe"

S3 Razerlow;Razer Copperhead Driver;C:\WINDOWS\system32\Drivers\Razerlow.sys

S3 uisp;Freescale USB JW32 driver;C:\WINDOWS\system32\Drivers\usbicp.sys

 

 

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{878E8032-B97A-5919-3505-9BEFF0793AB0}]

C:\WINDOWS:msnmsgrrr.exe

.

Contents of the 'Scheduled Tasks' folder

"2007-09-19 10:12:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"

- C:\Program\Apple Software Update\SoftwareUpdate.exe

"2007-12-11 15:47:00 C:\WINDOWS\Tasks\Kontrollera uppdateringar för Windows Live Toolbar.job"

- C:\Program\Windows Live Toolbar\MSNTBUP.EXE

.

**************************************************************************

 

catchme 0.3.1331 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2007-12-11 17:29:16

Windows 5.1.2600 Service Pack 2 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

.

Completion time: 2007-12-11 17:29:32

C:\ComboFix2.txt ... 2007-12-11 16:35

C:\ComboFix3.txt ... 2007-12-09 21:47

.

--- E O F ---[/log]

 

Nöjd? x)

 

[Zipp.]

 

[log]Kopiera alla rader nedan

 

 

File::

C:\WINDOWS\sirtottempale.exe.zip

C:\WINDOWS\smarterchild.exe.zip

C:\WINDOWS\fordedge.exe.zip

C:\WINDOWS\pic0382.zip

C:\WINDOWS\lellie_93.exe.zip

C:\WINDOWS\hampusgvg.exe.zip

C:\WINDOWS\msnmsgrrr.exe

 

 

och klistra in i notepad.

Spara den på Skrivbordet med namn CFScript

 

Sen dra CFScript med musen i Combofix och kör den.

Skicka loggen som kommer ut och en ny Hijack log.[/log]

 

[--GK--]

ComFix:

[log]ComboFix 07-12-09.1 - Gustav Karlsson 2007-12-11 19:13:46.4 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1053.18.1553 [GMT 1:00]

Running from: C:\Documents and Settings\Gustav Karlsson\Skrivbord\ComboFix.exe

Command switches used :: C:\Documents and Settings\Gustav Karlsson\Skrivbord\CFScript.txt

* Created a new restore point

 

FILE

C:\WINDOWS\fordedge.exe.zip

C:\WINDOWS\hampusgvg.exe.zip

C:\WINDOWS\lellie_93.exe.zip

C:\WINDOWS\msnmsgrrr.exe

C:\WINDOWS\pic0382.zip

C:\WINDOWS\sirtottempale.exe.zip

C:\WINDOWS\smarterchild.exe.zip

.

 

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\WINDOWS\fordedge.exe.zip

C:\WINDOWS\hampusgvg.exe.zip

C:\WINDOWS\lellie_93.exe.zip

C:\WINDOWS\pic0382.zip

C:\WINDOWS\sirtottempale.exe.zip

C:\WINDOWS\smarterchild.exe.zip

 

.

((((((((((((((((((((((((( Files Created from 2007-11-11 to 2007-12-11 )))))))))))))))))))))))))))))))

.

 

2007-12-11 16:36 . 2007-12-11 16:36 <KAT> d-------- C:\Program\Trend Micro

2007-12-11 16:28 . 2007-12-11 16:28 <KAT> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com

2007-12-10 22:09 . 2007-12-10 22:09 <KAT> d-------- C:\Program\Lavasoft

2007-12-10 22:09 . 2007-12-10 22:09 <KAT> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft

2007-12-10 19:57 . 2005-09-23 08:29 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll

2007-12-10 19:12 . 2007-12-11 16:28 <KAT> d-------- C:\Program\SUPERAntiSpyware

2007-12-10 19:12 . 2007-12-10 19:12 <KAT> d-------- C:\Documents and Settings\Gustav Karlsson\Application Data\SUPERAntiSpyware.com

2007-12-09 21:47 . 2007-12-09 21:47 <KAT> d-------- C:\WINDOWS\system32\config\systemprofile\Lokala instõllningar

2007-12-09 21:47 . 2007-12-09 21:47 <KAT> d-------- C:\Documents and Settings\NetworkService\Lokala instõllningar

2007-12-09 21:47 . 2007-12-09 21:47 <KAT> d-------- C:\Documents and Settings\LocalService\Lokala instõllningar

2007-12-09 21:47 . 2007-12-09 21:47 <KAT> d-------- C:\Documents and Settings\Gustav Karlsson\Lokala instõllningar

2007-12-09 21:47 . 2007-12-09 21:47 <KAT> d-------- C:\Documents and Settings\Default User\Lokala instõllningar

2007-12-09 19:40 . 2007-12-09 19:40 0 --a------ C:\23990098.$$$

2007-12-09 18:05 . 2007-12-09 18:05 <KAT> d-------- C:\Kaspersky

2007-12-09 12:43 . 2007-12-09 14:21 <KAT> d-------- C:\Program\No1 DVD Ripper

2007-12-09 00:19 . 2007-12-09 00:19 <KAT> d-------- C:\Program\123 AVI to GIF Converter

2007-12-08 18:08 . 2007-12-08 18:08 <KAT> d-------- C:\Documents and Settings\Gustav Karlsson\Application Data\AltrixSoft

2007-12-07 21:55 . 2007-12-07 21:58 <KAT> d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help

2007-12-07 17:51 . 2006-01-01 01:04 10,027 --a------ C:\WINDOWS\system32\mspriv32.dll

2007-12-03 18:48 . 1997-08-26 12:06 315,904 --a------ C:\WINDOWS\IsUninst.exe

2007-12-01 17:18 . 2007-12-01 17:18 <KAT> d-------- C:\Program\GetTubeVideo

2007-11-26 17:06 . 2007-12-01 17:21 <KAT> d-------- C:\Program\YouTube Downloader

2007-11-26 16:41 . 2007-11-26 16:41 3 ---h----- C:\WINDOWS\system32\YT11

2007-11-26 16:40 . 1999-08-27 19:53 184,320 --a------ C:\WINDOWS\system32\ARFrmExt.ocx

2007-11-26 16:40 . 2001-06-26 21:35 131,072 --a------ C:\WINDOWS\system32\ARButton.ocx

2007-11-26 16:40 . 2000-07-15 06:00 118,784 --a------ C:\WINDOWS\system32\MSSTDFMT.DLL

2007-11-26 16:40 . 2001-02-24 00:12 102,400 --a------ C:\WINDOWS\system32\MRActLabel.ocx

2007-11-26 16:40 . 2007-02-15 01:29 81,920 --a------ C:\WINDOWS\system32\GkSui20.EXE

2007-11-26 16:40 . 2001-06-26 21:10 69,632 --a------ C:\WINDOWS\system32\ARFlatButton.ocx

2007-11-24 13:59 . 2007-11-24 14:27 <KAT> d-------- C:\Program\WMR11

2007-11-23 18:39 . 2007-11-23 19:17 <KAT> d-------- C:\Documents and Settings\Gustav Karlsson\Application Data\Bioshock

2007-11-23 18:39 . 2007-11-23 18:39 107,888 --a------ C:\WINDOWS\system32\CmdLineExt.dll

2007-11-21 19:52 . 2007-11-21 19:52 <KAT> d-------- C:\WINDOWS\MetaCreations

2007-11-21 19:46 . 1997-04-08 20:08 299,520 --a------ C:\WINDOWS\uninst.exe

2007-11-18 11:37 . 2007-11-18 12:11 <KAT> d-------- C:\Program\123 Screensaver Maker 3.0

2007-11-16 15:06 . 2007-11-16 15:06 <KAT> d-------- C:\kav

2007-11-13 10:27 . 2007-11-13 10:46 <KAT> d-------- C:\Program\Resco

2007-11-13 10:27 . 2005-08-24 16:18 70,656 --a------ C:\WINDOWS\RSetupCE.exe

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2007-12-11 17:49 --------- d-----w C:\Documents and Settings\Gustav Karlsson\Application Data\uTorrent

2007-12-11 16:48 --------- d--h--w C:\Program\InstallShield Installation Information

2007-12-11 15:28 --------- d-----w C:\Program\Delade filer\InstallShield

2007-12-11 14:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab

2007-12-10 21:13 9,344 ----a-w C:\WINDOWS\system32\drivers\NSDriver.sys

2007-12-10 21:13 8,320 ----a-w C:\WINDOWS\system32\drivers\AWRTRD.sys

2007-12-10 18:12 --------- d-----w C:\Program\Delade filer\Wise Installation Wizard

2007-12-09 11:47 --------- d-----w C:\Documents and Settings\Gustav Karlsson\Application Data\dvdcss

2007-12-07 15:28 --------- d-----w C:\Program\EasyDVDConverter

2007-12-02 14:50 --------- d-----w C:\Program\Windows Live Safety Center

2007-11-30 16:41 --------- d-----w C:\Program\Windows Live Toolbar

2007-11-07 18:43 --------- d-----w C:\Program\Connective Tools

2007-11-06 16:39 --------- d-----w C:\Program\Dealio

2007-10-23 13:11 --------- d-----w C:\Program\Handbrake

2007-10-23 12:03 --------- d-----w C:\Program\Boilsoft MOV Converter

2007-10-22 18:50 --------- d-----w C:\Documents and Settings\Gustav Karlsson\Application Data\OTVREG

2007-10-21 12:45 --------- d-----w C:\Documents and Settings\Gustav Karlsson\Application Data\TVU Networks

2007-10-16 15:21 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files

2007-10-16 15:10 --------- d-----w C:\Documents and Settings\All Users\Application Data\fssg

2007-10-16 14:40 81,984 ----a-w C:\WINDOWS\system32\bdod.bin

2007-07-24 15:34 47,360 ----a-w C:\Documents and Settings\Gustav Karlsson\Application Data\pcouffin.sys

2007-04-07 13:18 1 ----a-w C:\Documents and Settings\Gustav Karlsson\SI.bin

2006-06-23 06:48 32,768 ----a-r C:\WINDOWS\inf\UpdateUSB.exe

2006-05-03 09:06 163,328 --sh--r C:\WINDOWS\system32\flvDX.dll

2007-07-24 08:09 10,856 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys

2007-02-21 10:47 31,232 --sh--r C:\WINDOWS\system32\msfDX.dll

.

 

((((((((((((((((((((((((((((( snapshot@2007-12-09_21.43.04.43 )))))))))))))))))))))))))))))))))))))))))

.

+ 2007-12-10 18:12:58 29,696 ----a-r C:\WINDOWS\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF11.exe

+ 2007-12-10 18:12:58 18,944 ----a-r C:\WINDOWS\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF13.exe

+ 2007-12-10 18:12:58 65,024 ----a-r C:\WINDOWS\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF15.exe

+ 2007-12-10 21:09:26 1,038,336 ----a-r C:\WINDOWS\Installer\{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}\Icon0E6AB9FC.exe

+ 2007-12-10 21:09:26 178,688 ----a-r C:\WINDOWS\Installer\{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}\Icon0E6AB9FC1.exe

- 2007-12-07 22:26:41 16,384 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat

+ 2007-12-10 15:38:14 16,384 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat

- 2007-12-07 22:26:41 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Lokala inställningar\Temporary Internet Files\Content.IE5\index.dat

+ 2007-12-10 15:38:14 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Lokala inställningar\Temporary Internet Files\Content.IE5\index.dat

- 2007-12-07 22:26:41 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Lokala inställningar\Tidigare\History.IE5\index.dat

+ 2007-12-10 15:38:14 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Lokala inställningar\Tidigare\History.IE5\index.dat

+ 2007-06-04 14:14:56 6,272 ----a-w C:\WINDOWS\system32\drivers\AWRTPD.sys

+ 2007-04-13 14:19:52 7,680 ----a-w C:\WINDOWS\system32\lsdelete.exe

- 2007-12-01 19:19:50 66,988 ----a-w C:\WINDOWS\system32\perfc009.dat

+ 2007-12-11 16:01:41 66,988 ----a-w C:\WINDOWS\system32\perfc009.dat

- 2007-12-01 19:19:50 78,720 ----a-w C:\WINDOWS\system32\perfc01D.dat

+ 2007-12-11 16:01:41 78,720 ----a-w C:\WINDOWS\system32\perfc01D.dat

- 2007-12-01 19:19:50 412,992 ----a-w C:\WINDOWS\system32\perfh009.dat

+ 2007-12-11 16:01:41 412,992 ----a-w C:\WINDOWS\system32\perfh009.dat

- 2007-12-01 19:19:50 416,044 ----a-w C:\WINDOWS\system32\perfh01D.dat

+ 2007-12-11 16:01:41 416,044 ----a-w C:\WINDOWS\system32\perfh01D.dat

+ 2007-12-11 15:28:36 8,514,556 ----a-w C:\WINDOWS\system32\Restore\rstrlog.dat

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2006-03-02 13:00]

"MsnMsgr"="C:\Program\MSN Messenger\MsnMsgr.exe" [2007-01-19 11:55]

"Steam"="d:\valve\steam\steam.exe" [2007-11-30 13:31]

"H/PC Connection Agent"="D:\Program\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 14:41]

"DAEMON Tools"="D:\Program\DAEMON Tools\daemon.exe" [2006-11-12 11:48]

"SUPERAntiSpyware"="C:\Program\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 14:06]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"JMB36X Configure"="C:\WINDOWS\system32\JMRaidTool.exe" [2006-06-02 09:45]

"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 09:50]

"NvCplDaemon"="RUNDLL32.exe" [2006-03-02 13:00 C:\WINDOWS\system32\rundll32.exe]

"nwiz"="nwiz.exe" [2007-04-20 05:05 C:\WINDOWS\system32\nwiz.exe]

"SoundMAXPnP"="C:\Program\Analog Devices\Core\smax4pnp.exe" [2006-05-01 11:07]

"SoundMAX"="C:\Program\Analog Devices\SoundMAX\Smax4.exe" [2006-04-10 08:19]

"cctray"="D:\Program\CA\CA Internet Security Suite\cctray\cctray.exe" [2007-03-13 13:58]

"NvMediaCenter"="RUNDLL32.exe" [2006-03-02 13:00 C:\WINDOWS\system32\rundll32.exe]

"Adobe Photo Downloader"="C:\Program\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 10:09]

"Adobe Reader Speed Launcher"="C:\Program\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51]

"QuickTime Task"="C:\Program\QuickTime\QTTask.exe" [2007-06-29 05:24]

"TkBellExe"="C:\Program\Delade filer\Real\Update_OB\realsched.exe" [2007-08-15 11:07]

"MSConfig"="C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2006-03-02 13:00]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2006-03-02 13:00]

 

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

C:\Program\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program\SUPERAntiSpyware\SASWINLO.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

2007-06-28 08:14 270648 --a------ D:\Program\iTunes\iTunesHelper.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnlockerAssistant]

C:\Program\Unlocker\UnlockerAssistant.exe

 

R0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a);C:\WINDOWS\system32\drivers\sfdrv01a.sys

S3 PPCtlPriv;PPCtlPriv;"D:\Program\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe"

S3 Razerlow;Razer Copperhead Driver;C:\WINDOWS\system32\Drivers\Razerlow.sys

S3 uisp;Freescale USB JW32 driver;C:\WINDOWS\system32\Drivers\usbicp.sys

 

 

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{878E8032-B97A-5919-3505-9BEFF0793AB0}]

C:\WINDOWS:msnmsgrrr.exe

.

Contents of the 'Scheduled Tasks' folder

"2007-09-19 10:12:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"

- C:\Program\Apple Software Update\SoftwareUpdate.exe

"2007-12-11 17:47:00 C:\WINDOWS\Tasks\Kontrollera uppdateringar för Windows Live Toolbar.job"

- C:\Program\Windows Live Toolbar\MSNTBUP.EXE

.

**************************************************************************

 

catchme 0.3.1331 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2007-12-11 19:14:36

Windows 5.1.2600 Service Pack 2 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

.

Completion time: 2007-12-11 19:14:52

C:\ComboFix2.txt ... 2007-12-11 17:29

C:\ComboFix3.txt ... 2007-12-11 16:35

.

--- E O F ---[/log]

 

HijackThis:

[log]Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 19:16:04, on 2007-12-11

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program\Lavasoft\Ad-Aware 2007\aawservice.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program\Delade filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Program\Analog Devices\Core\smax4pnp.exe

C:\Program\Analog Devices\SoundMAX\Smax4.exe

D:\Program\CA\CA Internet Security Suite\cctray\cctray.exe

C:\Program\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe

C:\Program\QuickTime\QTTask.exe

C:\Program\Delade filer\Real\Update_OB\realsched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program\MSN Messenger\MsnMsgr.Exe

D:\Program\Microsoft ActiveSync\wcescomm.exe

C:\Program\SUPERAntiSpyware\SUPERAntiSpyware.exe

D:\Program\MICROS~1\rapimgr.exe

D:\Program\CA\CA Internet Security Suite\ccprovsp.exe

C:\WINDOWS\System32\svchost.exe

D:\Valve\Steam\Steam.exe

C:\Program\Mozilla Firefox\firefox.exe

C:\WINDOWS\explorer.exe

C:\WINDOWS\system32\notepad.exe

C:\Program\Trend Micro\HijackThis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.se/

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.se/0SESVSE/SAOS01?FORM=TOOLBR

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Delade filer\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program\Java\jre1.6.0_01\bin\ssv.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program\Delade filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program\Windows Live Toolbar\msntb.dll

O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program\Windows Live Toolbar\msntb.dll

O4 - HKLM\..\Run: [JMB36X Configure] C:\WINDOWS\system32\JMRaidTool.exe boot

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [soundMAXPnP] C:\Program\Analog Devices\Core\smax4pnp.exe

O4 - HKLM\..\Run: [soundMAX] "C:\Program\Analog Devices\SoundMAX\Smax4.exe" /tray

O4 - HKLM\..\Run: [cctray] "D:\Program\CA\CA Internet Security Suite\cctray\cctray.exe"

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [TkBellExe] "C:\Program\Delade filer\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [steam] "d:\valve\steam\steam.exe" -silent

O4 - HKCU\..\Run: [H/PC Connection Agent] "D:\Program\Microsoft ActiveSync\wcescomm.exe"

O4 - HKCU\..\Run: [DAEMON Tools] "D:\Program\DAEMON Tools\daemon.exe" -lang 1033

O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program\SUPERAntiSpyware\SUPERAntiSpyware.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJÄNST')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Startup: Adobe Gamma.lnk = C:\Program\Delade filer\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Startup: Registration .LNK = D:\Valve\Steam\SteamApps\gustav515\Dark Messiah of Might and Magic\RegistrationReminder.exe

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program\Delade filer\Adobe\Calibration\Adobe Gamma Loader.exe

O8 - Extra context menu item: &Windows Live Search - res://C:\Program\Windows Live Toolbar\msntb.dll/search.htm

O8 - Extra context menu item: E&xportera till Microsoft Excel - res://D:\Program\MICROS~2\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Öppna på ny flik i bakgrunden - res://C:\Program\Windows Live Toolbar\Components\sv-se\msntabres.dll.mui/229?39a911e3a526465faff1d5047ede6ec5

O8 - Extra context menu item: Öppna på ny flik i förgrunden - res://C:\Program\Windows Live Toolbar\Components\sv-se\msntabres.dll.mui/230?39a911e3a526465faff1d5047ede6ec5

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - D:\Program\MICROS~1\INetRepl.dll

O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - D:\Program\MICROS~1\INetRepl.dll

O9 - Extra 'Tools' menuitem: Skapa mobilfavorit ... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - D:\Program\MICROS~1\INetRepl.dll

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe

O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe

O9 - Extra button: Referensinformation - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\Program\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab

O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab

O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase4009.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O20 - Winlogon Notify: !SASWinLogon - C:\Program\SUPERAntiSpyware\SASWINLO.dll

O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program\Lavasoft\Ad-Aware 2007\aawservice.exe

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program\Delade filer\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program\Delade filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: CaCCProvSP - CA, Inc. - D:\Program\CA\CA Internet Security Suite\ccprovsp.exe

O23 - Service: iPod Service - Unknown owner - C:\Program\iPod\bin\iPodService.exe (file missing)

O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - Unknown owner - C:\Program\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe (file missing)

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: PPCtlPriv - Unknown owner - D:\Program\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe (file missing)

 

--

End of file - 8361 bytes[/log]

 

[Zipp.]

 

Nu är loggen ok.

 

[--GK--]

Och det betyder?.. Att det är borta?.. Man kan logga in sägert nu?..

 

[Zipp.]

 

Enligt loggar ska det vara rent bara att logga in .

 

[--GK--]

Tack för hjälpen! Nu tror jag minsann att det funkar. Har haft msn igång ca 1½ timme nu utan nå fel, ser jag mycket positivt på. Åter igen, Tack!

 

[inlägget ändrat 2007-12-11 22:46:47 av Golzmo]

[--GK--]

Tack för hjälpen! Nu tror jag minsann att det funkar. Har haft msn igång ca 1½ timme nu utan nå fel, ser jag mycket positivt på. Åter igen, Tack!

 

[Yazan]

Ber om ursäkt för bumpen. Men nu har man fått samma problem.

 

Har (förhoppningsvis) båda loggarna som behövs.

 

 

 

[log].. OK ... C:\DOCUME~1\yazan\LOKALA~1\Temp\*.dmp

.. OK ... C:\WINDOWS\nsreg.dat

.. OK ... C:\WINDOWS\system32\acsnfjgskort.exe

.. OK ... C:\WINDOWS\system32\gcg.exe

.. OK ... C:\WINDOWS\system32\klnx.exe

.. OK ... C:\WINDOWS\system32\mffsos.exe

.. OK ... C:\WINDOWS\system32\szwilaevdrt.exe

.. OK ... C:\WINDOWS\system32\xjam.exe

 

 

 

************************ Registry Cleaning

 

 

 

************************ Suspect Files

 

/!\ The detected files must be reviewed by a forum Helper before changes can be made

 

[C:\winrar.exe] 8C1F7D4079ED6ECF216F39EB56705958

 

==> Please upload the file C:\DOCUME~1\yazan\SKRIVB~1\Upload_Me.zip to http://upload.changelog.fr'>http://upload.changelog.fr

 

 

 

The File and Registry deletions have been saved in 2008-01-04_18452507.zip

 

==> Please upload the file 2008-01-04_18452507.zip to http://upload.changelog.fr

 

 

------------------------------------------------------------------------

Author : !aur3n7 Contact: http://changelog.fr

------------------------------------------------------------------------

 

--------------------------------------------- END --------------------------------------------- [/log]

 

 

 

 

 

[log]Logfile of Trend Micro HijackThis v2.0.0 (BETA)

Scan saved at 18:55:01, on 2008-01-04

Platform: Windows XP SP2 (WinNT 5.01.2600)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\CTHELPER.EXE

C:\Program\iTunes\iTunesHelper.exe

C:\WINDOWS\system32\rundll32.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program\Messenger\msmsgs.exe

C:\Program\DAEMON Tools Lite\daemon.exe

C:\Program\AdVantage\AdVantage.exe

C:\Program\Delade filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Program\iPod\bin\iPodService.exe

C:\WINDOWS\system32\wuauclt.exe

C:\PROGRAM\MOZILL~1\FIREFOX.EXE

C:\Program\MSN Messenger\msnmsgr.exe

C:\Program\MSN Messenger\usnsvc.exe

C:\WINDOWS\system32\notepad.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program\Internet Explorer\iexplore.exe

C:\Program\Delade filer\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\Program\Windows Live Toolbar\msn_sl.exe

C:\Documents and Settings\yazan\Skrivbord\HiJackThis_v2.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.se/0SESVSE/SAOS01?FORM=TOOLBR'>http://g.msn.se/0SESVSE/SAOS01?FORM=TOOLBR'>http://g.msn.se/0SESVSE/SAOS01?FORM=TOOLBR

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.se/0SESVSE/SAOS01?FORM=TOOLBR

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.se/0SESVSE/SAOS01?FORM=TOOLBR

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program\Delade filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program\Windows Live Toolbar\msntb.dll

O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program\Windows Live Toolbar\msntb.dll

O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [acsnfjgskort] C:\WINDOWS\system32\acsnfjgskort.exe

O4 - HKLM\..\Run: [klnx] C:\WINDOWS\system32\klnx.exe

O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent

O4 - HKLM\..\Run: [xjam] C:\WINDOWS\system32\xjam.exe

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program\DAEMON Tools Lite\daemon.exe"

O4 - HKCU\..\Run: [AdVantage] "C:\Program\AdVantage\AdVantage.exe"

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJÄNST')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\RunOnce: [setDefaultMidi] MIDIDEF.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - HKUS\.DEFAULT\..\RunOnce: [setDefaultMidi] MIDIDEF.EXE (User 'Default user')

O8 - Extra context menu item: &Windows Live Search - res://C:\Program\Windows Live Toolbar\msntb.dll/search.htm

O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~2\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Öppna på ny flik i bakgrunden - res://C:\Program\Windows Live Toolbar\Components\sv-se\msntabres.dll.mui/229?23ed71a4597e4245a5ebbbd584fe2f17

O8 - Extra context menu item: Öppna på ny flik i förgrunden - res://C:\Program\Windows Live Toolbar\Components\sv-se\msntabres.dll.mui/230?23ed71a4597e4245a5ebbbd584fe2f17

O9 - Extra button: Referensinformation - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program\Delade filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program\iPod\bin\iPodService.exe

 

--

End of file - 4887 bytes

[/log]

 

Oerhört tacksam för all hjälp som man kan få.

 

[Cecilia]

Yazan, denna tråd är redan alldeles för rörig så var snäll och starta upp din egen tråd genom att trycka på Skriv inlägg i vänsterkolumnen.

 

Nyare HijackThis: http://www.trendsecure.com/portal/en-US/_download/HJTInstall.exe

 

 

[birjgren]

SUPERantispywire scan log

 

[log]

SUPERAntiSpyware Scan Log

http://www.superantispyware.com

 

Generated 01/07/2008 at 10:15 PM

 

Application Version : 3.9.1008

 

Core Rules Database Version : 3375

Trace Rules Database Version: 1369

 

Scan type : Complete Scan

Total Scan Time : 01:13:41

 

Memory items scanned : 171

Memory threats detected : 0

Registry items scanned : 5017

Registry threats detected : 266

File items scanned : 37944

File threats detected : 188

 

Trojan.Downloader-Gen/Win

[MS32DLL] C:\WINDOWS\MS32DLL.DLL.VBS

C:\WINDOWS\MS32DLL.DLL.VBS

 

Trojan.WinAntiSpyware/WinAntiVirus 2006

HKLM\Software\Classes\CLSID\{2178F3FB-2560-458f-BDEE-631E2FE0DFE4}

HKCR\CLSID\{2178F3FB-2560-458F-BDEE-631E2FE0DFE4}

HKCR\CLSID\{2178F3FB-2560-458F-BDEE-631E2FE0DFE4}

HKCR\CLSID\{2178F3FB-2560-458F-BDEE-631E2FE0DFE4}#AppID

HKCR\CLSID\{2178F3FB-2560-458F-BDEE-631E2FE0DFE4}\InprocServer32

HKCR\CLSID\{2178F3FB-2560-458F-BDEE-631E2FE0DFE4}\InprocServer32#ThreadingModel

HKCR\CLSID\{2178F3FB-2560-458F-BDEE-631E2FE0DFE4}\ProgID

HKCR\CLSID\{2178F3FB-2560-458F-BDEE-631E2FE0DFE4}\Programmable

HKCR\CLSID\{2178F3FB-2560-458F-BDEE-631E2FE0DFE4}\TypeLib

HKCR\CLSID\{2178F3FB-2560-458F-BDEE-631E2FE0DFE4}\VersionIndependentProgID

C:\PROGRAM\WINANTIVIRUS PRO 2007\WINPGI.DLL

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2178F3FB-2560-458F-BDEE-631E2FE0DFE4}

 

Trojan.WinSoftware/WinFixer

HKLM\Software\Classes\CLSID\{B5141620-C2B2-4d95-9F0F-134D99C87AB0}

HKCR\CLSID\{B5141620-C2B2-4D95-9F0F-134D99C87AB0}

HKCR\CLSID\{B5141620-C2B2-4D95-9F0F-134D99C87AB0}

HKCR\CLSID\{B5141620-C2B2-4D95-9F0F-134D99C87AB0}#AppID

HKCR\CLSID\{B5141620-C2B2-4D95-9F0F-134D99C87AB0}\InprocServer32

HKCR\CLSID\{B5141620-C2B2-4D95-9F0F-134D99C87AB0}\InprocServer32#ThreadingModel

HKCR\CLSID\{B5141620-C2B2-4D95-9F0F-134D99C87AB0}\ProgID

HKCR\CLSID\{B5141620-C2B2-4D95-9F0F-134D99C87AB0}\Programmable

HKCR\CLSID\{B5141620-C2B2-4D95-9F0F-134D99C87AB0}\TypeLib

HKCR\CLSID\{B5141620-C2B2-4D95-9F0F-134D99C87AB0}\VersionIndependentProgID

C:\PROGRAM\WINANTIVIRUS PRO 2007\IEFWBHO.DLL

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B5141620-C2B2-4D95-9F0F-134D99C87AB0}

 

Trojan.IP6FW/Rootkit

HKLM\System\ControlSet001\Services\Ip6Fw

C:\WINDOWS\SYSTEM32\DRIVERS\IP6FW.SYS

HKLM\System\ControlSet003\Services\Ip6Fw

HKLM\System\CurrentControlSet\Services\Ip6Fw

 

Rootkit.SMTPDrv-Variant

HKLM\System\ControlSet001\Services\smtpdrv

C:\WINDOWS\SYSTEM32\DRIVERS\SMTPDRV.SYS

HKLM\System\ControlSet003\Services\smtpdrv

HKLM\System\CurrentControlSet\Services\smtpdrv

 

Adware.Tracking Cookie

C:\Documents and Settings\annie berggren\Cookies\annie berggren@CAPWPZQL.txt

C:\Documents and Settings\annie berggren\Cookies\annie_berggren@eas.apm.emediate[2].txt

C:\Documents and Settings\annie berggren\Cookies\annie_berggren@overture[1].txt

C:\Documents and Settings\annie berggren\Cookies\annie_berggren@tradedoubler[2].txt

C:\Documents and Settings\annie berggren\Cookies\annie_berggren@tribalfusion[1].txt

C:\Documents and Settings\annie berggren\Cookies\annie_berggren@stats1.reliablestats[1].txt

C:\Documents and Settings\annie berggren\Cookies\annie_berggren@rocku.adbureau[2].txt

C:\Documents and Settings\annie berggren\Cookies\annie_berggren@stat.onestat[2].txt

C:\Documents and Settings\annie berggren\Cookies\annie_berggren@ads.pubmatic[1].txt

C:\Documents and Settings\annie berggren\Cookies\annie_berggren@casalemedia[10].txt

C:\Documents and Settings\annie berggren\Cookies\annie_berggren@imrworldwide[2].txt

C:\Documents and Settings\annie berggren\Cookies\annie_berggren@drivecleaner[2].txt

C:\Documents and Settings\annie berggren\Cookies\annie_berggren@serving-sys[2].txt

C:\Documents and Settings\annie berggren\Cookies\annie_berggren@stats.drivecleaner[2].txt

C:\Documents and Settings\annie berggren\Cookies\annie_berggren@fastclick[1].txt

C:\Documents and Settings\annie berggren\Cookies\annie_berggren@2o7[2].txt

C:\Documents and Settings\annie berggren\Cookies\annie_berggren@.winantivirus[3].txt

C:\Documents and Settings\annie berggren\Cookies\annie_berggren@windowsmedia[1].txt

C:\Documents and Settings\annie berggren\Cookies\annie_berggren@se.drivecleaner[1].txt

C:\Documents and Settings\annie berggren\Cookies\annie_berggren@videoegg.adbureau[2].txt

C:\Documents and Settings\annie berggren\Cookies\annie berggren@CAF7021V.txt

C:\Documents and Settings\annie berggren\Cookies\annie_berggren@ad.yieldmanager[2].txt

C:\Documents and Settings\annie berggren\Cookies\annie_berggren@winantivirus[1].txt

C:\Documents and Settings\annie berggren\Cookies\annie_berggren@socialmedia[1].txt

C:\Documents and Settings\annie berggren\Cookies\annie_berggren@ads.pointroll[1].txt

C:\Documents and Settings\annie berggren\Cookies\annie_berggren@adtech[2].txt

C:\Documents and Settings\annie berggren\Cookies\annie_berggren@ad.zanox[1].txt

C:\Documents and Settings\annie berggren\Cookies\annie_berggren@track.adform[1].txt

C:\Documents and Settings\annie berggren\Cookies\annie_berggren@doubleclick[1].txt

C:\Documents and Settings\annie berggren\Cookies\annie_berggren@atdmt[2].txt

C:\Documents and Settings\annie berggren\Cookies\annie_berggren@bs.serving-sys[2].txt

C:\Documents and Settings\annie berggren\Cookies\annie_berggren@mediaplex[1].txt

C:\Documents and Settings\annie berggren\Cookies\annie_berggren@trafficmp[1].txt

C:\Documents and Settings\annie berggren\Cookies\annie_berggren@.winantivirus[1].txt

C:\Documents and Settings\annie berggren\Cookies\annie_berggren@.winantivirus[2].txt

C:\Documents and Settings\annie berggren\Cookies\annie_berggren@advertising[10].txt

C:\Documents and Settings\annie berggren\Cookies\annie_berggren@advertising[11].txt

C:\Documents and Settings\annie berggren\Cookies\annie_berggren@advertising[1].txt

C:\Documents and Settings\annie berggren\Cookies\annie_berggren@advertising[2].txt

C:\Documents and Settings\annie berggren\Cookies\annie_berggren@advertising[3].txt

C:\Documents and Settings\annie berggren\Cookies\annie_berggren@advertising[4].txt

C:\Documents and Settings\annie berggren\Cookies\annie_berggren@advertising[5].txt

C:\Documents and Settings\annie berggren\Cookies\annie_berggren@advertising[6].txt

C:\Documents and Settings\annie berggren\Cookies\annie_berggren@advertising[7].txt

C:\Documents and Settings\annie berggren\Cookies\annie_berggren@advertising[8].txt

C:\Documents and Settings\annie berggren\Cookies\annie_berggren@advertising[9].txt

C:\Documents and Settings\annie berggren\Cookies\annie_berggren@casalemedia[1].txt

C:\Documents and Settings\annie berggren\Cookies\annie_berggren@casalemedia[2].txt

C:\Documents and Settings\annie berggren\Cookies\annie_berggren@casalemedia[3].txt

C:\Documents and Settings\annie berggren\Cookies\annie_berggren@casalemedia[4].txt

C:\Documents and Settings\annie berggren\Cookies\annie_berggren@casalemedia[5].txt

C:\Documents and Settings\annie berggren\Cookies\annie_berggren@casalemedia[6].txt

C:\Documents and Settings\annie berggren\Cookies\annie_berggren@casalemedia[7].txt

C:\Documents and Settings\annie berggren\Cookies\annie_berggren@casalemedia[8].txt

C:\Documents and Settings\annie berggren\Cookies\annie_berggren@casalemedia[9].txt

C:\Documents and Settings\annie berggren\Cookies\annie_berggren@zedo[10].txt

C:\Documents and Settings\annie berggren\Cookies\annie_berggren@zedo[11].txt

C:\Documents and Settings\annie berggren\Cookies\annie_berggren@zedo[1].txt

C:\Documents and Settings\annie berggren\Cookies\annie_berggren@zedo[2].txt

C:\Documents and Settings\annie berggren\Cookies\annie_berggren@zedo[3].txt

C:\Documents and Settings\annie berggren\Cookies\annie_berggren@zedo[4].txt

C:\Documents and Settings\annie berggren\Cookies\annie_berggren@zedo[5].txt

C:\Documents and Settings\annie berggren\Cookies\annie_berggren@zedo[6].txt

C:\Documents and Settings\annie berggren\Cookies\annie_berggren@zedo[7].txt

C:\Documents and Settings\annie berggren\Cookies\annie_berggren@zedo[8].txt

C:\Documents and Settings\annie berggren\Cookies\annie_berggren@zedo[9].txt

C:\Documents and Settings\Gäst\Cookies\gäst@2o7[2].txt

C:\Documents and Settings\Gäst\Cookies\gäst@atdmt[2].txt

C:\Documents and Settings\Gäst\Cookies\gäst@doubleclick[1].txt

C:\Documents and Settings\Gäst\Cookies\gäst@drivecleaner[1].txt

C:\Documents and Settings\Gäst\Cookies\gäst@imrworldwide[2].txt

C:\Documents and Settings\Gäst\Cookies\gäst@msnaccountservices.112.2o7[1].txt

C:\Documents and Settings\Gäst\Cookies\gäst@msnportal.112.2o7[1].txt

C:\Documents and Settings\Gäst\Cookies\gäst@stats1.reliablestats[2].txt

C:\Documents and Settings\Gäst\Cookies\gäst@winantivirus[1].txt

 

Trojan.WinAntiSpyware/WinAntiVirus 2006/2007

HKCR\AntiVirusCOM.AVOfficeProtect

HKCR\AntiVirusCOM.AVOfficeProtect\CLSID

HKCR\AntiVirusCOM.AVOfficeProtect.1

HKCR\AntiVirusCOM.AVOfficeProtect.1\CLSID

HKCR\AVExplorer.ShellExtension

HKCR\AVExplorer.ShellExtension\CLSID

HKCR\AVExplorer.ShellExtension\CurVer

HKCR\AVExplorer.ShellExtension.2

HKCR\AVExplorer.ShellExtension.2\CLSID

HKCR\WinPGIntegrator.IEIntegrator

HKCR\WinPGIntegrator.IEIntegrator\CLSID

HKCR\WinPGIntegrator.IEIntegrator\CurVer

HKCR\WinPGIntegrator.IEIntegrator.1

HKCR\WinPGIntegrator.IEIntegrator.1\CLSID

HKCR\CLSID\{1AC5C88A-DEA7-462b-A232-04AF5CA42E7E}

HKCR\CLSID\{1AC5C88A-DEA7-462b-A232-04AF5CA42E7E}#AppID

HKCR\CLSID\{1AC5C88A-DEA7-462b-A232-04AF5CA42E7E}\InprocServer32

HKCR\CLSID\{1AC5C88A-DEA7-462b-A232-04AF5CA42E7E}\InprocServer32#ThreadingModel

HKCR\CLSID\{1AC5C88A-DEA7-462b-A232-04AF5CA42E7E}\ProgID

HKCR\CLSID\{1AC5C88A-DEA7-462b-A232-04AF5CA42E7E}\Programmable

HKCR\CLSID\{1AC5C88A-DEA7-462b-A232-04AF5CA42E7E}\TypeLib

HKCR\CLSID\{1AC5C88A-DEA7-462b-A232-04AF5CA42E7E}\VersionIndependentProgID

HKCR\CLSID\{723D54C7-7483-4EB8-8EED-CE5B2AEA534D}

HKCR\CLSID\{723D54C7-7483-4EB8-8EED-CE5B2AEA534D}\Implemented Categories

HKCR\CLSID\{723D54C7-7483-4EB8-8EED-CE5B2AEA534D}\Implemented Categories\{56FFCC30-D398-11D0-B2AE-00A0C908FA49}

HKCR\CLSID\{723D54C7-7483-4EB8-8EED-CE5B2AEA534D}\InprocServer32

HKCR\CLSID\{723D54C7-7483-4EB8-8EED-CE5B2AEA534D}\InprocServer32#ThreadingModel

HKCR\CLSID\{723D54C7-7483-4EB8-8EED-CE5B2AEA534D}\ProgID

HKCR\CLSID\{723D54C7-7483-4EB8-8EED-CE5B2AEA534D}\Programmable

HKCR\CLSID\{723D54C7-7483-4EB8-8EED-CE5B2AEA534D}\TypeLib

HKCR\CLSID\{723D54C7-7483-4EB8-8EED-CE5B2AEA534D}\VersionIndependentProgID

HKCR\TypeLib\{367A86A5-D048-4785-86BE-4E2706AAFDD9}

HKCR\TypeLib\{367A86A5-D048-4785-86BE-4E2706AAFDD9}\1.0

HKCR\TypeLib\{367A86A5-D048-4785-86BE-4E2706AAFDD9}\1.0\0

HKCR\TypeLib\{367A86A5-D048-4785-86BE-4E2706AAFDD9}\1.0\0\win32

HKCR\TypeLib\{367A86A5-D048-4785-86BE-4E2706AAFDD9}\1.0\FLAGS

HKCR\TypeLib\{367A86A5-D048-4785-86BE-4E2706AAFDD9}\1.0\HELPDIR

HKCR\TypeLib\{732B6533-7F78-4C47-9C01-2979BA0829B9}

HKCR\TypeLib\{732B6533-7F78-4C47-9C01-2979BA0829B9}\1.0

HKCR\TypeLib\{732B6533-7F78-4C47-9C01-2979BA0829B9}\1.0\0

HKCR\TypeLib\{732B6533-7F78-4C47-9C01-2979BA0829B9}\1.0\0\win32

HKCR\TypeLib\{732B6533-7F78-4C47-9C01-2979BA0829B9}\1.0\FLAGS

HKCR\TypeLib\{732B6533-7F78-4C47-9C01-2979BA0829B9}\1.0\HELPDIR

HKCR\Interface\{0B9A27EB-125F-4F3E-A35C-2769C47A1442}

HKCR\Interface\{0B9A27EB-125F-4F3E-A35C-2769C47A1442}\ProxyStubClsid

HKCR\Interface\{0B9A27EB-125F-4F3E-A35C-2769C47A1442}\ProxyStubClsid32

HKCR\Interface\{0B9A27EB-125F-4F3E-A35C-2769C47A1442}\TypeLib

HKCR\Interface\{0B9A27EB-125F-4F3E-A35C-2769C47A1442}\TypeLib#Version

HKCR\AppId\WinPGI.DLL

HKCR\AppId\WinPGI.DLL#AppID

HKCR\AppId\{367A86A5-D048-4785-86BE-4E2706AAFDD9}

HKLM\SYSTEM\CurrentControlSet\Services\FOPN

HKLM\SYSTEM\CurrentControlSet\Services\FOPN#Type

HKLM\SYSTEM\CurrentControlSet\Services\FOPN#Start

HKLM\SYSTEM\CurrentControlSet\Services\FOPN#ErrorControl

HKLM\SYSTEM\CurrentControlSet\Services\FOPN#Tag

HKLM\SYSTEM\CurrentControlSet\Services\FOPN#ImagePath

HKLM\SYSTEM\CurrentControlSet\Services\FOPN#DisplayName

HKLM\SYSTEM\CurrentControlSet\Services\FOPN#Group

HKLM\SYSTEM\CurrentControlSet\Services\FOPN#Overflow

HKLM\SYSTEM\CurrentControlSet\Services\FOPN\blocked

HKLM\SYSTEM\CurrentControlSet\Services\FOPN\blocked#\DEVICE\HARDDISKVOLUME1\UGA6PL

HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log

HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\DOCUMENTS AND SETTINGS\ANNIE BERGGREN\LOKALA INSTÄLLNINGAR\TIDIGARE\HISTORY.IE5\MSHIST012007111420071115

HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\WINDOWS

HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\WINDOWS\SOFTWAREDISTRIBUTION\DATASTORE\LOGS

HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\WINDOWS\SOFTWAREDISTRIBUTION\DATASTORE

HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\AVG7\LOG

HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\GRISOFT\AVG7DATA

HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\AVG7

HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\CONFIG

HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\WINDOWS\INF

HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\WINDOWS\$NTUNINSTALLKB943460$\SPUNINST

HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32

HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\DLLCACHE

HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\CATROOT2

HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\WINDOWS\$NTUNINSTALLKB943460$

HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\WINDOWS\DEBUG\USERMODE

HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\27A0DAA72978D1B4FF53DFCAE6B5569A

HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\WINDOWS\DEBUG

HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\WINDOWS\TEMP

HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\DOCUMENTS AND SETTINGS\GÄST

HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\DOCUMENTS AND SETTINGS\GÄST\LOKALA INSTÄLLNINGAR\APPLICATION DATA\MICROSOFT\WINDOWS

HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\DOCUMENTS AND SETTINGS\ADMINISTRATÖR

HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\DOCUMENTS AND SETTINGS\ADMINISTRATÖR\LOKALA INSTÄLLNINGAR\APPLICATION DATA\MICROSOFT\WINDOWS

HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\DOCUMENTS AND SETTINGS\ANNIE BERGGREN

HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\DOCUMENTS AND SETTINGS\ANNIE BERGGREN\LOKALA INSTÄLLNINGAR\APPLICATION DATA\MICROSOFT\WINDOWS

HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\WBEM\LOGS

HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\DOCUMENTS AND SETTINGS\ANNIE BERGGREN\COOKIES

HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\DOCUMENTS AND SETTINGS\ANNIE BERGGREN\LOKALA INSTÄLLNINGAR\TEMPORARY INTERNET FILES\CONTENT.IE5

HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\DOCUMENTS AND SETTINGS\ANNIE BERGGREN\LOKALA INSTÄLLNINGAR\TIDIGARE\HISTORY.IE5

HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\DOCUMENTS AND SETTINGS\ANNIE BERGGREN\APPLICATION DATA\SONY ERICSSON\TELECA\TELECALIB\LOGGING\APPLICATION LOGS

HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\SONY CORPORATION\SIMPLEBURNER

HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\DOCUMENTS AND SETTINGS\ANNIE BERGGREN\APPLICATION DATA\AVG7

HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\DOCUME~1\ANNIEB~1\LOKALA~1\TEMP

HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\DOCUMENTS AND SETTINGS\ANNIE BERGGREN\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\5NT8J6R6.DEFAULT

HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\DOCUMENTS AND SETTINGS\ANNIE BERGGREN\LOKALA INSTÄLLNINGAR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\5NT8J6R6.DEFAULT\CACHE

HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\DOCUMENTS AND SETTINGS\ANNIE BERGGREN\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\5NT8J6R6.DEFAULT\BOOKMARKBACKUPS

HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\DOCUMENTS AND SETTINGS\ANNIE BERGGREN\LOKALA INSTÄLLNINGAR\APPLICATION DATA\MICROSOFT\MESSENGER\KNECKEBROD@HOTMAIL.COM\SHARINGMETADATA\LOGS

HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\DOCUMENTS AND SETTINGS\ANNIE BERGGREN\LOKALA INSTÄLLNINGAR\TIDIGARE\HISTORY.IE5\MSHIST012007111320071114

HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\DOCUMENTS AND SETTINGS\ANNIE BERGGREN\LOKALA INSTÄLLNINGAR\APPLICATION DATA\MICROSOFT\MESSENGER\KNECKEBROD@HOTMAIL.COM\SHARINGMETADATA\WORKING\DATABASE_8EB_6C77_4501_D2FC

HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\DOCUMENTS AND SETTINGS\ANNIE BERGGREN\LOKALA INSTÄLLNINGAR\APPLICATION DATA\MICROSOFT\WINDOWS LIVE CONTACTS\KNECKEBROD@HOTMAIL.COM\REAL

HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\DOCUMENTS AND SETTINGS\ANNIE BERGGREN\LOKALA INSTÄLLNINGAR\APPLICATION DATA\MICROSOFT\WINDOWS LIVE CONTACTS\KNECKEBROD@HOTMAIL.COM\SHADOW

HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\DOCUMENTS AND SETTINGS\ANNIE BERGGREN\LOKALA INSTÄLLNINGAR\TEMPORARY INTERNET FILES\CONTENT.IE5\MHNMWLVL

HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\DOCUMENTS AND SETTINGS\ANNIE BERGGREN\LOKALA INSTÄLLNINGAR\TEMPORARY INTERNET FILES\CONTENT.IE5\4M44UPZZ

HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\DOCUMENTS AND SETTINGS\ANNIE BERGGREN\LOKALA INSTÄLLNINGAR\TEMPORARY INTERNET FILES\CONTENT.IE5\2CMP1CGO

HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\DOCUMENTS AND SETTINGS\ANNIE BERGGREN\LOKALA INSTÄLLNINGAR\TEMPORARY INTERNET FILES\CONTENT.IE5\QYBS5C0L

HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\DOCUMENTS AND SETTINGS\ANNIE BERGGREN\LOKALA INSTÄLLNINGAR\TEMPORARY INTERNET FILES\CONTENT.IE5\P2UNTT7T

HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\DOCUMENTS AND SETTINGS\ANNIE BERGGREN\LOKALA INSTÄLLNINGAR\TEMPORARY INTERNET FILES\CONTENT.IE5\I2BX2XBQ

HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\DOCUMENTS AND SETTINGS\ANNIE BERGGREN\LOKALA INSTÄLLNINGAR\TEMPORARY INTERNET FILES\CONTENT.IE5\1HMX9HBE

HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\DOCUMENTS AND SETTINGS\ANNIE BERGGREN\LOKALA INSTÄLLNINGAR\TEMPORARY INTERNET FILES\CONTENT.IE5\1DPOVQF8

HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\DOCUMENTS AND SETTINGS\ANNIE BERGGREN\LOKALA INSTÄLLNINGAR\TEMPORARY INTERNET FILES\CONTENT.IE5\UELWJTJP

HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\DOCUMENTS AND SETTINGS\ANNIE BERGGREN\SENDTO\MINA TELEFONER

HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\DOCUMENTS AND SETTINGS\ANNIE BERGGREN\APPLICATION DATA\SONY ERICSSON\TELECA\TELECALIB\LOGGING

HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\DOCUMENTS AND SETTINGS\ANNIE BERGGREN\MINA DOKUMENT

HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\DOCUMENTS AND SETTINGS\ANNIE BERGGREN\CONTACTS\KNECKEBROD@HOTMAIL.COM

HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\WINDOWS\PCHEALTH\HELPCTR\DATACOLL

HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\DOCUMENTS AND SETTINGS\ANNIE BERGGREN\APPLICATION DATA\DRIVECLEANER 2006 FREE\LOGS

HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\PROGRAM\DRIVECLEANER 2006 FREE

HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\DOCUMENTS AND SETTINGS\ANNIE BERGGREN\LOKALA INSTÄLLNINGAR\APPLICATION DATA\MICROSOFT\MESSENGER

HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\WINDOWS NT\MSFAX\ACTIVITYLOG

HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\GRISOFT\AVG7DATA\UPD7BIN

HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\GRISOFT\AVG7DATA\AVG7UPD\BACKUP

HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\GRISOFT\AVG7DATA\AVG7UPD\$HISTORY

HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\GRISOFT\AVG7DATA\AVG7UPD

HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\PROGRAM\GRISOFT\AVG FREE

HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\PROGRAM\MSN MESSENGER

HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\PROGRAM\ATI TECHNOLOGIES\ATI CONTROL PANEL

HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\RECYCLER\S-1-5-21-227441199-2382832869-3656192322-1006

HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\DOCUMENTS AND SETTINGS\ANNIE BERGGREN\LOKALA INSTÄLLNINGAR\APPLICATION DATA\MICROSOFT\MEDIA PLAYER

HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\DOCUMENTS AND SETTINGS\ANNIE BERGGREN\SKRIVBORD

HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\DOCUMENTS AND SETTINGS\ANNIE BERGGREN\LOKALA INSTÄLLNINGAR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\5NT8J6R6.DEFAULT

HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\DOCUMENTS AND SETTINGS\ANNIE BERGGREN\RECENT

HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\DOCUMENTS AND SETTINGS\ANNIE BERGGREN\LOKALA INSTÄLLNINGAR\TEMPORARY INTERNET FILES\CONTENT.IE5\5OEKWWE3

HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\DOCUMENTS AND SETTINGS\ANNIE BERGGREN\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\XG5NQ83L\WWW.YOUTUBE.COM

HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\DOCUME~1\ANNIEB~1\LOKALA~1\TEMP\WER8FCE.DIR00

HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\DOCUMENTS AND SETTINGS\ANNIE BERGGREN\LOKALA INSTÄLLNINGAR\TIDIGARE\HISTORY.IE5\MSHIST012007111120071112

HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\DOCUMENTS AND SETTINGS\ANNIE BERGGREN\APPLICATION DATA\AZUREUS\TMP

HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\DOCUME~1\ANNIEB~1\LOKALA~1\TEMP\HSPERFDATA_ANNIE BERGGREN

HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\DOCUMENTS AND SETTINGS\ANNIE BERGGREN\APPLICATION DATA\AZUREUS

HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\DOCUMENTS AND SETTINGS\ANNIE BERGGREN\APPLICATION DATA\AZUREUS\ACTIVE

HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\DOCUMENTS AND SETTINGS\ANNIE BERGGREN\APPLICATION DATA\AZUREUS\DHT

HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\DOCUMENTS AND SETTINGS\ANNIE BERGGREN\APPLICATION DATA\AZUREUS\NET

HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\DOCUMENTS AND SETTINGS\ANNIE BERGGREN\APPLICATION DATA\AZUREUS\LOGS

HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\DOCUMENTS AND SETTINGS\ANNIE BERGGREN\LOKALA INSTÄLLNINGAR\TIDIGARE\HISTORY.IE5\MSHIST012007111220071113

HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\DOCUME~1\ANNIEB~1\LOKALA~1\TEMP\MESSENGERCACHE

HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\DOCUMENTS AND SETTINGS\ANNIE BERGGREN\LOKALA INSTÄLLNINGAR\TEMPORARY INTERNET FILES\CONTENT.IE5\URJKOMDX

HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\DOCUMENTS AND SETTINGS\ANNIE BERGGREN\LOKALA INSTÄLLNINGAR\TEMPORARY INTERNET FILES\CONTENT.IE5\K50STHZF

HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\DOCUMENTS AND SETTINGS\ANNIE BERGGREN\LOKALA INSTÄLLNINGAR\TIDIGARE\HISTORY.IE5\MSHIST012007110520071112

HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\DOCUMENTS AND SETTINGS\ANNIE BERGGREN\MINA DOKUMENT\AZUREUS DOWNLOADS\MIA.OCH.KLARA.PDTV.SWEDISH.PAL.DVDR-ODDJOB

HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\DOCUMENTS AND SETTINGS\ANNIE BERGGREN\APPLICATION DATA\MOZILLA\FIREFOX

HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\LOGFILES\WUDF

HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\DOCUMENTS AND SETTINGS\ANNIE BERGGREN\LOKALA INSTÄLLNINGAR\TEMPORARY INTERNET FILES\CONTENT.IE5\DQ902FZR

HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\DOCUMENTS AND SETTINGS\ANNIE BERGGREN\LOKALA INSTÄLLNINGAR\APPLICATION DATA\MICROSOFT\WINDOWS MEDIA\11.0

HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\DOCUMENTS AND SETTINGS\ANNIE BERGGREN\APPLICATION DATA\VLC\CACHE

HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\DOCUMENTS AND SETTINGS\ANNIE BERGGREN\APPLICATION DATA\VLC

HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\DOCUMENTS AND SETTINGS\ANNIE BERGGREN\APPLICATION DATA\MICROSOFT\PROOF

HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\DOCUMENTS AND SETTINGS\ANNIE BERGGREN\APPLICATION DATA\MICROSOFT\OFFICE\RECENT

HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\DOCUMENTS AND SETTINGS\ANNIE BERGGREN\APPLICATION DATA\MICROSOFT\OFFICE

HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\DOCUMENTS AND SETTINGS\ANNIE BERGGREN\APPLICATION DATA\AZUREUS\TORRENTS

HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\DOCUME~1\ANNIEB~1\LOKALA~1\TEMP\PLUGTMP-1

HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\DOCUMENTS AND SETTINGS\ANNIE BERGGREN\APPLICATION DATA\MICROSOFT\MALLAR

HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\WINDOWS\MINIDUMP

HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\DOCUMENTS AND SETTINGS\ANNIE BERGGREN\LOKALA INSTÄLLNINGAR\TIDIGARE\HISTORY.IE5\MSHIST012007102920071105

HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\DOCUMENTS AND SETTINGS\ANNIE BERGGREN\LOKALA INSTÄLLNINGAR\TIDIGARE\HISTORY.IE5\MSHIST012007110620071107

HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\WINDOWS\PREFETCH

HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\SYSTEM VOLUME INFORMATION\_RESTORE{4644D390-A83E-4B17-A1CF-7A5CF1796E22}

HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\WINDOWS\TASKS

HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\DOCUMENTS AND SETTINGS\ANNIE BERGGREN\MINA DOKUMENT\AZUREUS DOWNLOADS\AEROSMITH\AEROSMITH-ARMAGGEDDON

HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\DOCUMENTS AND SETTINGS\ANNIE BERGGREN\MINA DOKUMENT\AZUREUS DOWNLOADS\TIMBALAND FEAT ONE REPUBLIC - APOLOGIZE [MP3@160 ~ 224]

HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\$VAULT$.AVG

HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\DOCUMENTS AND SETTINGS\ANNIE BERGGREN\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\MACROMEDIA.COM\SUPPORT\FLASHPLAYER\SYS

HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\SYSTEM VOLUME INFORMATION\_RESTORE{4644D390-A83E-4B17-A1CF-7A5CF1796E22}\RP242

HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\DOCUMENTS AND SETTINGS\ANNIE BERGGREN\APPLICATION DATA\ADOBE\PHOTOSHOP ALBUM\3.0

HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\DOCUMENTS AND SETTINGS\ANNIE BERGGREN\LOKALA INSTÄLLNINGAR\APPLICATION DATA\MICROSOFT\CREDENTIALS\S-1-5-21-227441199-2382832869-3656192322-1006

HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\DOCUMENTS AND SETTINGS\ANNIE BERGGREN\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\XG5NQ83L\YOUTUBE.COM

HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\WINDOWS\SOFTWAREDISTRIBUTION\WUREDIR\7971F918-A847-4430-9279-4A52D1EFE18D

HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\WINDOWS\SOFTWAREDISTRIBUTION\AUTHCABS

HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\WINDOWS\SOFTWAREDISTRIBUTION\WUREDIR\9482F4B4-E343-43B6-B170-9A65BC822C77

HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\DOCUMENTS AND SETTINGS\ANNIE BERGGREN\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\XG5NQ83L\VIDEO.GOOGLE.COM\GOOGLEPLAYER.SWF

HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\DOCUMENTS AND SETTINGS\ANNIE BERGGREN\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\MACROMEDIA.COM\SUPPORT\FLASHPLAYER\SYS\#VIDEO.GOOGLE.COM

HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\DOCUMENTS AND SETTINGS\ANNIE BERGGREN\MINA DOKUMENT\AZUREUS DOWNLOADS\MICHAEL BUBLE - MICHAEL BUBLE

HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\DOCUMENTS AND SETTINGS\LOCALSERVICE\APPLICATION DATA\MICROSOFT\UPNP DEVICE HOST\UPNPHOST

HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\SYSTEM VOLUME INFORMATION\_RESTORE{4644D390-A83E-4B17-A1CF-7A5CF1796E22}\RP241

HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\SYSTEM VOLUME INFORMATION\_RESTORE{4644D390-A83E-4B17-A1CF-7A5CF1796E22}\RP242\SNAPSHOT\REPOSITORY\FS

HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\SYSTEM VOLUME INFORMATION\_RESTORE{4644D390-A83E-4B17-A1CF-7A5CF1796E22}\RP242\SNAPSHOT\REPOSITORY

HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\SYSTEM VOLUME INFORMATION\_RESTORE{4644D390-A83E-4B17-A1CF-7A5CF1796E22}\RP242\SNAPSHOT

HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\DOCUME~1\ANNIEB~1\LOKALA~1\TEMP\NI.UWA7PL_0001_N96M0806

HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\PROGRAM\WINANTIVIRUS PRO 2007

HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\GRISOFT\AVG7DATA\AVG7UPD\INSTALL.1

HKLM\SYSTEM\CurrentControlSet\Services\FOPN\Security

HKLM\SYSTEM\CurrentControlSet\Services\FOPN\Security#Security

HKLM\SYSTEM\CurrentControlSet\Services\FOPN\Enum

HKLM\SYSTEM\CurrentControlSet\Services\FOPN\Enum#0

HKLM\SYSTEM\CurrentControlSet\Services\FOPN\Enum#Count

HKLM\SYSTEM\CurrentControlSet\Services\FOPN\Enum#NextInstance

HKCR\IEFWBHO.IEFW

HKCR\IEFWBHO.IEFW\CLSID

HKCR\IEFWBHO.IEFW\CurVer

HKCR\IEFWBHO.IEFW.2

HKCR\IEFWBHO.IEFW.2\CLSID

HKCR\TypeLib\{2BC32EF8-BB73-4099-BB2E-0F2951B3E276}

HKCR\TypeLib\{2BC32EF8-BB73-4099-BB2E-0F2951B3E276}\1.0

HKCR\TypeLib\{2BC32EF8-BB73-4099-BB2E-0F2951B3E276}\1.0\0

HKCR\TypeLib\{2BC32EF8-BB73-4099-BB2E-0F2951B3E276}\1.0\0\win32

HKCR\TypeLib\{2BC32EF8-BB73-4099-BB2E-0F2951B3E276}\1.0\FLAGS

HKCR\TypeLib\{2BC32EF8-BB73-4099-BB2E-0F2951B3E276}\1.0\HELPDIR

HKU\S-1-5-21-227441199-2382832869-3656192322-1006\Software\WinAntiVirus Pro 2007

HKLM\Software\WinAntiVirus Pro 2007

HKLM\Software\WinAntiVirus Pro 2007#EulUWA7PL_0001_N96M0806

HKLM\Software\WinAntiVirus Pro 2007#ProductCode

HKLM\Software\WinAntiVirus Pro 2007#InstallPath

HKLM\Software\WinAntiVirus Pro 2007#Abbr

HKLM\Software\WinAntiVirus Pro 2007#InstallDate

HKCR\UWAP7.PCheck.1

HKCR\UWAP7.PCheck.1\CLSID

HKCR\UWAP7.PCheck.1\CurVer

HKCR\CLSID\{2A5C2E6D-864B-4f2c-9542-8B272741D78B}

HKCR\CLSID\{2A5C2E6D-864B-4f2c-9542-8B272741D78B}\Implemented Categories

HKCR\CLSID\{2A5C2E6D-864B-4f2c-9542-8B272741D78B}\Implemented Categories\{7DD95801-9882-11CF-9FA9-00AA006C42C4}

HKCR\CLSID\{2A5C2E6D-864B-4f2c-9542-8B272741D78B}\Implemented Categories\{7DD95802-9882-11CF-9FA9-00AA006C42C4}

HKCR\CLSID\{2A5C2E6D-864B-4f2c-9542-8B272741D78B}\InprocServer32

HKCR\CLSID\{2A5C2E6D-864B-4f2c-9542-8B272741D78B}\InprocServer32#ThreadingModel

HKCR\CLSID\{2A5C2E6D-864B-4f2c-9542-8B272741D78B}\ProgID

HKCR\CLSID\{2A5C2E6D-864B-4f2c-9542-8B272741D78B}\Programmable

HKCR\CLSID\{2A5C2E6D-864B-4f2c-9542-8B272741D78B}\VersionIndependentProgID

HKCR\TypeLib\{6F520BE0-9B54-4558-816F-224E67997DF3}

HKCR\TypeLib\{6F520BE0-9B54-4558-816F-224E67997DF3}\1.0

HKCR\TypeLib\{6F520BE0-9B54-4558-816F-224E67997DF3}\1.0\0

HKCR\TypeLib\{6F520BE0-9B54-4558-816F-224E67997DF3}\1.0\0\win32

HKCR\TypeLib\{6F520BE0-9B54-4558-816F-224E67997DF3}\1.0\FLAGS

HKCR\TypeLib\{6F520BE0-9B54-4558-816F-224E67997DF3}\1.0\HELPDIR

HKCR\Interface\{459F4226-1AAB-43B6-9DC1-B6313EF83749}

HKCR\Interface\{459F4226-1AAB-43B6-9DC1-B6313EF83749}\ProxyStubClsid

HKCR\Interface\{459F4226-1AAB-43B6-9DC1-B6313EF83749}\ProxyStubClsid32

HKCR\Interface\{459F4226-1AAB-43B6-9DC1-B6313EF83749}\TypeLib

HKCR\Interface\{459F4226-1AAB-43B6-9DC1-B6313EF83749}\TypeLib#Version

C:\WINDOWS\system32\av.cpl

C:\WINDOWS\system32\stera.exe

C:\Program\WinAntiVirus Pro 2007\Activate.dat

C:\Program\WinAntiVirus Pro 2007\asmngr.dll

C:\Program\WinAntiVirus Pro 2007\ASupdater.dat

C:\Program\WinAntiVirus Pro 2007\atl71.dll

C:\Program\WinAntiVirus Pro 2007\AVupd.exe

C:\Program\WinAntiVirus Pro 2007\AWBase\database\enemies.dat

C:\Program\WinAntiVirus Pro 2007\AWBase\database

C:\Program\WinAntiVirus Pro 2007\AWBase\vbpv.dat

C:\Program\WinAntiVirus Pro 2007\AWBase

C:\Program\WinAntiVirus Pro 2007\BkSites.dat

C:\Program\WinAntiVirus Pro 2007\bnlink.dat

C:\Program\WinAntiVirus Pro 2007\bpupdater.dat

C:\Program\WinAntiVirus Pro 2007\CompWiz.exe

C:\Program\WinAntiVirus Pro 2007\CompWiz.xml

C:\Program\WinAntiVirus Pro 2007\fat.exe

C:\Program\WinAntiVirus Pro 2007\fopn.exe

C:\Program\WinAntiVirus Pro 2007\fopn.sys

C:\Program\WinAntiVirus Pro 2007\fopnl.dll

C:\Program\WinAntiVirus Pro 2007\forum.dat

C:\Program\WinAntiVirus Pro 2007\IH.exe

C:\Program\WinAntiVirus Pro 2007\integrity.dat

C:\Program\WinAntiVirus Pro 2007\kb.url

C:\Program\WinAntiVirus Pro 2007\lapv.dat

C:\Program\WinAntiVirus Pro 2007\License.rtf

C:\Program\WinAntiVirus Pro 2007\mfc71.dll

C:\Program\WinAntiVirus Pro 2007\msvcp71.dll

C:\Program\WinAntiVirus Pro 2007\msvcr71.dll

C:\Program\WinAntiVirus Pro 2007\msxml3.dll

C:\Program\WinAntiVirus Pro 2007\msxml3a.dll

C:\Program\WinAntiVirus Pro 2007\msxml3r.dll

C:\Program\WinAntiVirus Pro 2007\Online.url

C:\Program\WinAntiVirus Pro 2007\PGBase\vbpv.dat

C:\Program\WinAntiVirus Pro 2007\PGBase

C:\Program\WinAntiVirus Pro 2007\PGE.dat

C:\Program\WinAntiVirus Pro 2007\PGupdater.dat

C:\Program\WinAntiVirus Pro 2007\plugins\BORLNDMM.DLL

C:\Program\WinAntiVirus Pro 2007\plugins\SCANADWR.DLL

C:\Program\WinAntiVirus Pro 2007\plugins\SCANBCDR.DLL

C:\Program\WinAntiVirus Pro 2007\plugins\SCANDLDR.DLL

C:\Program\WinAntiVirus Pro 2007\plugins\SCANDOS1.DLL

C:\Program\WinAntiVirus Pro 2007\plugins\SCANEMUL.DLL

C:\Program\WinAntiVirus Pro 2007\plugins\SCANFUNC.DLL

C:\Program\WinAntiVirus Pro 2007\plugins\SCANKRNL.DLL

C:\Program\WinAntiVirus Pro 2007\plugins\SCANMCR1.DLL

C:\Program\WinAntiVirus Pro 2007\plugins\SCANOTHR.DLL

C:\Program\WinAntiVirus Pro 2007\plugins\SCANSCR.DLL

C:\Program\WinAntiVirus Pro 2007\plugins\SCANTOOL.DLL

C:\Program\WinAntiVirus Pro 2007\plugins\SCANTROJ.DLL

C:\Program\WinAntiVirus Pro 2007\plugins\SCANWIN1.DLL

C:\Program\WinAntiVirus Pro 2007\plugins\UNACPU.DLL

C:\Program\WinAntiVirus Pro 2007\plugins\UNADBX.DLL

C:\Program\WinAntiVirus Pro 2007\plugins\unamscan.dll

C:\Program\WinAntiVirus Pro 2007\plugins\UNMIME.DLL

C:\Program\WinAntiVirus Pro 2007\plugins\UNPACK.DLL

C:\Program\WinAntiVirus Pro 2007\plugins\UNPACKS.DLL

C:\Program\WinAntiVirus Pro 2007\plugins\UNPACKS2.DLL

C:\Program\WinAntiVirus Pro 2007\plugins\UNPEPACK.DLL

C:\Program\WinAntiVirus Pro 2007\plugins\UpDate\UA27601.DLL

C:\Program\WinAntiVirus Pro 2007\plugins\UpDate\UA27602.DLL

C:\Program\WinAntiVirus Pro 2007\plugins\UpDate\UA27603.DLL

C:\Program\WinAntiVirus Pro 2007\plugins\UpDate\UA27604.DLL

C:\Program\WinAntiVirus Pro 2007\plugins\UpDate\UADAILY.DLL

C:\Program\WinAntiVirus Pro 2007\plugins\UpDate

C:\Program\WinAntiVirus Pro 2007\plugins\vbpv.dat

C:\Program\WinAntiVirus Pro 2007\plugins

C:\Program\WinAntiVirus Pro 2007\pv.dat

C:\Program\WinAntiVirus Pro 2007\pv.exe

C:\Program\WinAntiVirus Pro 2007\rbho.dat

C:\Program\WinAntiVirus Pro 2007\reform.exe

C:\Program\WinAntiVirus Pro 2007\res\cross.gif

C:\Program\WinAntiVirus Pro 2007\res\wa7p.gif

C:\Program\WinAntiVirus Pro 2007\res

C:\Program\WinAntiVirus Pro 2007\Restart.exe

C:\Program\WinAntiVirus Pro 2007\rpt.dll

C:\Program\WinAntiVirus Pro 2007\scnkrnl.dll

C:\Program\WinAntiVirus Pro 2007\Settings.ini

C:\Program\WinAntiVirus Pro 2007\SpOrder.dll

C:\Program\WinAntiVirus Pro 2007\sqlite3.dll

C:\Program\WinAntiVirus Pro 2007\sr.log

C:\Program\WinAntiVirus Pro 2007\st.dat

C:\Program\WinAntiVirus Pro 2007\Support.url

C:\Program\WinAntiVirus Pro 2007\UBUpdater.dat

C:\Program\WinAntiVirus Pro 2007\unins000.dat

C:\Program\WinAntiVirus Pro 2007\unins000.exe

C:\Program\WinAntiVirus Pro 2007\uninstall.ico

C:\Program\WinAntiVirus Pro 2007\up.dat

C:\Program\WinAntiVirus Pro 2007\updater.dat

C:\Program\WinAntiVirus Pro 2007\WAV6COM.dll

C:\Program\WinAntiVirus Pro 2007\WinAV.xml

C:\Program\WinAntiVirus Pro 2007\worldmap.swf

C:\Program\WinAntiVirus Pro 2007

C:\Documents and Settings\All Users\Start-meny\Program\WinAntiVirus Pro 2007\Avinstallera WinAntiVirus Pro 2007.lnk

C:\Documents and Settings\All Users\Start-meny\Program\WinAntiVirus Pro 2007\WinAntiVirus Pro 2007 Manual.lnk

C:\Documents and Settings\All Users\Start-meny\Program\WinAntiVirus Pro 2007\WinAntiVirus Pro 2007.lnk

C:\Documents and Settings\All Users\Start-meny\Program\WinAntiVirus Pro 2007

C:\Program\Delade filer\WinAntiVirus Pro 2007\atl71.dll

C:\Program\Delade filer\WinAntiVirus Pro 2007\err.log

C:\Program\Delade filer\WinAntiVirus Pro 2007\mav_startupmon.exe

C:\Program\Delade filer\WinAntiVirus Pro 2007\mfc71.dll

C:\Program\Delade filer\WinAntiVirus Pro 2007\msvcp71.dll

C:\Program\Delade filer\WinAntiVirus Pro 2007\msvcr71.dll

C:\Program\Delade filer\WinAntiVirus Pro 2007\SpOrder.dll

C:\Program\Delade filer\WinAntiVirus Pro 2007\uwa7pcw.exe

C:\Program\Delade filer\WinAntiVirus Pro 2007\wa7pinst.exe

C:\Program\Delade filer\WinAntiVirus Pro 2007\WAPChk.dll

C:\Program\Delade filer\WinAntiVirus Pro 2007

[/log]

 

hijackthis log

[log]Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 22:36:23, on 2008-01-07

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16574)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program\Sony\MD Simple Burner\NetMDSB.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\wscntfy.exe

C:\Program\ATI Technologies\ATI Control Panel\atiptaxx.exe

C:\Program\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe

C:\WINDOWS\system32\msnclient.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program\SUPERAntiSpyware\SUPERAntiSpyware.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\notepad.exe

C:\Program\Mozilla Firefox\firefox.exe

C:\Program\Trend Micro\HijackThis\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.se/0SESVSE/SAOS01?FORM=TOOLBR'>http://g.msn.se/0SESVSE/SAOS01?FORM=TOOLBR'>http://g.msn.se/0SESVSE/SAOS01?FORM=TOOLBR

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.se/0SESVSE/SAOS01?FORM=TOOLBR

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://se.msn.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896'>http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.se/0SESVSE/SAOS01?FORM=TOOLBR

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.hp.com/

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Hacked by Godzilla

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program\Yahoo!\Companion\Installs\cpn\yt.dll

R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program\Macrogaming\SweetIMBarForIE\toolbar.dll

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\Program\MACROG~1\SWEETI~1\toolbar.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program\Delade filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program\google\googletoolbar3.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll

O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program\Windows Live Toolbar\msntb.dll

O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program\Windows Live Toolbar\msntb.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program\Yahoo!\Companion\Installs\cpn\yt.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program\google\googletoolbar3.dll

O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program\Macrogaming\SweetIMBarForIE\toolbar.dll

O4 - HKLM\..\Run: [ATIPTA] "C:\Program\ATI Technologies\ATI Control Panel\atiptaxx.exe"

O4 - HKLM\..\Run: [setRefresh] C:\Program\Compaq\SetRefresh\SetRefresh.exe

O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"

O4 - HKLM\..\Run: [Windows Live Client] msnclient.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MsnMsgr] ~"C:\Program\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [swg] C:\Program\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program\SUPERAntiSpyware\SUPERAntiSpyware.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ''LOKAL TJÄNST'')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ''NETWORK SERVICE'')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ''SYSTEM'')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ''Default user'')

O8 - Extra context menu item: &Windows Live Search - res://C:\Program\Windows Live Toolbar\msntb.dll/search.htm

O8 - Extra context menu item: Öppna på ny flik i bakgrunden - res://C:\Program\Windows Live Toolbar\Components\sv-se\msntabres.dll.mui/229?9a7bdeca7dc34520856a4d9118c67eb5

O8 - Extra context menu item: Öppna på ny flik i förgrunden - res://C:\Program\Windows Live Toolbar\Components\sv-se\msntabres.dll.mui/230?9a7bdeca7dc34520856a4d9118c67eb5

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_03\bin\npjpi150_03.dll

O9 - Extra ''Tools'' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_03\bin\npjpi150_03.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra ''Tools'' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O9 - Extra ''Tools'' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O20 - Winlogon Notify: !SASWinLogon - C:\Program\SUPERAntiSpyware\SASWINLO.dll

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program\Delade filer\InstallShield\Driver\1150\Intel 32\IDriverT.exe

O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program\Delade filer\Sony Shared\AVLib\MSCSPTISRV.exe

O23 - Service: MD Simple Burner Service (NetMDSB) - Sony Corporation - C:\Program\Sony\MD Simple Burner\NetMDSB.exe

O23 - Service: PACSPTISVR - Sony Corporation - C:\Program\Delade filer\Sony Shared\AVLib\PACSPTISVR.exe

O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program\Delade filer\Sony Shared\AVLib\SPTISRV.exe

O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program\Delade filer\Sony Shared\AVLib\SSScsiSV.exe

 

--

End of file - 7349 bytes[/log]

 

 

tack för hjälpen!

 

Lagt till LOG-taggar

När du har klistrat in en logg så var vänlig och markera loggen och tryck sedan på LOG-knappen som finns på samma rad som i inläggsfönstret.

Cecilia - Moderator för Virus – Antivirus

 

[inlägget ändrat 2008-01-07 23:08:52 av Cecilia]

[Cecilia]

birjgren:

Jag skriver samma sak till dig som står i inlägget ovanför ditt.

MSN-masken som går runt nu är helt annorlunda än den som förekom för ett år sedan så starta upp en ny tråd genom att trycka på Skriv inlägg till vänster i stället för att göra denna tråd ännu mera rörig.

 

[TheEal]

om man kör FireFox och har Noscript och AdAwaere aktiva

Finns det då möjlighet att man blir smittad om man skulle råka ut för länkar som är adresserade till Internet och öppnas av FF?

Min MSN har nämligen öppnat en sådan länk automatisk och det är min syster som är smittad, jag vet alltså ännu inte om jag har nått virus...

 

[Cecilia]

TheEal: Har du läst inlägget ovanför ditt?

"Jag vet inte" är svaret på din fråga.

 

[Pattalutt]

Jag har också fått msn viruset (W32.IRCBot.Gen). Jag har försökt att få bort det i en vecka nu, har testat MsnFixer(där står det bara virus finns kvar och jag ska starta om datorn sedan upprepas detta) mitt antivirus skydd( Symantec AntiVirus) som raderar viruset men nästa gång man slåt på datorn så finns viruset kvar. Har dessutom laddat ner Ad-Aware som är ett skannnigs program och de hittade många vrisu fast flest cookie trackers fast även ett annat virus som den inte kunde får bort.

 

Har slut på idér och har testat allt ni har sagt. Hjälp tack:)

 

 

[log]

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 11:28:48, on 2008-11-17

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16735)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Symantec AntiVirus\DefWatch.exe

C:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\Program Files\Symantec AntiVirus\Rtvscan.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\RTHDCPL.EXE

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\PROGRA~1\SYMANT~1\VPTray.exe

C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe

C:\Program Files\Search Settings\SearchSettings.exe

C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe

C:\WINDOWS\system32\ctfmon.exe

C:\program files\steam\steam.exe

C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

C:\Program Files\Logitech\SetPoint\SetPoint.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE

C:\Program Files\Windows Live\Messenger\usnsvc.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157'>http://go.microsoft.com/fwlink/?LinkId=69157'>http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896'>http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://update.microsoft.com/microsoftupdate

R3 - URLSearchHook: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb126\SearchSettings.dll

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O2 - BHO: Windows Live inloggningshjälpen - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll

O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll

O2 - BHO: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb126\SearchSettings.dll

O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"

O4 - HKLM\..\Run: [searchSettings] C:\Program Files\Search Settings\SearchSettings.exe

O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE

O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE

O4 - HKLM\..\Run: [XboxStat] "C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\RunServices: [Windows Service] service.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [steam] "c:\program files\steam\steam.exe" -silent

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')

O4 - Startup: Registration Assassin's Creed.LNK = C:\Program Files\Ubisoft\Assassin's Creed\Register\RegistrationReminder.exe

O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe

O4 - Global Startup: Microsoft Office.MSNFix

O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1

O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm

O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: NordicBet Poker - {E6073F93-9541-4be4-9800-109D378EB99B} - C:\Microgaming\Poker\nordicbetMPP\MPPoker.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1201854847000

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

O16 - DPF: {E6ACF817-0A85-4EBE-9F0A-096C6488CFEA} (NTR ActiveX 1.1.8) - http://eu.ntrsupport.com/inquiero/mod/setup/ntractivex118_28.cab

O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

 

--

End of file - 10686 bytes

[/log]

 

[Cecilia]

Egentligen bäst att starta en egen tråd för MSN-virus idag har inte mycket gemensamt med MSN-virus för ett eller två år sedan, men men...

 

Om du hittar något med SearchSettings, Dealio i Kontrollpanelen - Lägg till eller ta bort program så ta bort det.

 

Ladda ner Malwarebytes Anti-Malware (MBAM) från en av dessa länkar:

http://www.download.com/Malwarebytes-Anti-Malware/3000-8022_4-10804572.html

http://projects.securitywonks.net/projects/details.php?file=158

Dubbelklicka på mbam-setup för att installera programmet.

 

[log]Se till i slutet av installationen att det är bockar för:

Uppdatera Malwarebytes' Anti-Malware

Starta Malwarebytes' Anti-Malware

Tryck på Slutför

Om det finns någon uppdatering så kommer den att laddas ner och installeras.

 

När programmet startar så välj "Utför snabb skanning" och tryck på Skanna.

Skanningen tar ett tag.

När den är klar så tryck på OK och sedan "Visa resultat".

Bocka för allt och tryck sedan Ta bort markerade.

När borttagningen är klar så öppnar Anteckningar med en logg.

 

Eventuellt så kommer det upp en begäran om att starta om datorn (Restart). I så fall gör det.

Om det blir ett felmeddelande Error loading... efter omstarten så starta om datorn än en gång.

Om programmet inte kommer igång efter omstarten så starta det.

 

Om loggen inte kommer upp själv i Anteckningar så hittar du loggen på fliken Loggar i MBAM.

Kopiera loggen och klistra in den i ditt svar tillsammans med en ny HijackThis-logg.[/log]

 

[Pattalutt]

Den hittar ingenting. Hittade en "SearchSettings 1.1" i listan och tog bort programmet.

 

HiJackThis:

[log]

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 14:05:47, on 2008-11-17

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16735)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\RTHDCPL.EXE

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\PROGRA~1\SYMANT~1\VPTray.exe

C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe

C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\program files\steam\steam.exe

C:\Program Files\Symantec AntiVirus\DefWatch.exe

C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

C:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\Program Files\Logitech\SetPoint\SetPoint.exe

C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE

C:\Program Files\Symantec AntiVirus\Rtvscan.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Windows Live\Messenger\usnsvc.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157'>http://go.microsoft.com/fwlink/?LinkId=69157'>http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896'>http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://update.microsoft.com/microsoftupdate

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O2 - BHO: Windows Live inloggningshjälpen - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll

O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll

O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"

O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE

O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE

O4 - HKLM\..\Run: [XboxStat] "C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\RunServices: [Windows Service] service.exe

O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [steam] "c:\program files\steam\steam.exe" -silent

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')

O4 - Startup: Registration Assassin's Creed.LNK = C:\Program Files\Ubisoft\Assassin's Creed\Register\RegistrationReminder.exe

O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe

O4 - Global Startup: Microsoft Office.MSNFix

O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1

O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm

O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: NordicBet Poker - {E6073F93-9541-4be4-9800-109D378EB99B} - C:\Microgaming\Poker\nordicbetMPP\MPPoker.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1201854847000

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

O16 - DPF: {E6ACF817-0A85-4EBE-9F0A-096C6488CFEA} (NTR ActiveX 1.1.8) - http://eu.ntrsupport.com/inquiero/mod/setup/ntractivex118_28.cab

O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

 

--

End of file - 10448 bytes

[/log]

 

Malwarebytes:

[log]

Malwarebytes' Anti-Malware 1.30

Databasversion: 1403

Windows 5.1.2600 Service Pack 3

 

2008-11-17 14:04:15

mbam-log-2008-11-17 (14-04-15).txt

 

Skanningstyp: Snabb skanning

Antal skannade objekt: 55564

Förfluten tid: 7 minute(s), 26 second(s)

 

Infekterade minnesprocesser: 0

Infekterade minnesmoduler: 0

Infekterade registernycklar: 0

Infekterade registervärden: 0

Infekterade registerdataposter: 0

Infekterade mappar: 0

Infekterade filer: 0

 

Infekterade minnesprocesser:

(Inga illasinnade poster hittades)

 

Infekterade minnesmoduler:

(Inga illasinnade poster hittades)

 

Infekterade registernycklar:

(Inga illasinnade poster hittades)

 

Infekterade registervärden:

(Inga illasinnade poster hittades)

 

Infekterade registerdataposter:

(Inga illasinnade poster hittades)

 

Infekterade mappar:

(Inga illasinnade poster hittades)

 

Infekterade filer:

(Inga illasinnade poster hittades)

[/log]

 

[Cecilia]

Surfa till http://www.virustotal.com klistra in ett av följande filnamn i rutan, tryck på Skicka Fil och vänta tills resultatet är klart (Närvarande status blir genomförd). Klistra in resultatet från de olika antivirusprogrammen (inte Övrig information) här. Upprepa med nästa filnamn.

C:\WINDOWS\system32\service.exe

C:\WINDOWS\service.exe

 

har testat MsnFixer

Menar du MSNFix?

http://sosvirus.changelog.fr/MSNFix.zip

Klistra in loggen (C:\Windows\msnfix.txt) från det programmet så jag får se hur den ser ut.

 

Jag har också fått msn viruset (W32.IRCBot.Gen).

Enligt Symantec eller vilket program? I vilken fil och mapp finns den skadligheten?

IRCBot brukar inte spridas via MSN. Varför tror du att du fick in den via MSN?

 

[Pattalutt]

Konstigt:S. Hittar inte C:\WINDOWS\system32\service.exe

C:\WINDOWS\service.exe längre.......

Men jag är ganska säker att viruset låg där iallfall för mitt vanliga virus skydd visade att viruset låg i "C:\WINDOWS\service.exe".

 

Sedan hittar jag ingen log till MSNFix, finns bara

backup(mapp)

incl(mapp)

MD5.txt

MSNFIX.bat (scannern)

selectnet.txt

temp.txt

 

Och jag är ganska säker på att jag har MSN viruset, för jag fick den av min broder på msn han skickade:

"haha http://videos6.funpic.org/?watch=xxxxx@hotmail.com"

så jag öppnade för vi brukar skicka videos till varandra och då kom de fram att för att få kolla på filmen var jag tvungen att "köra" ett visst program och jag klickade ok. Sen frös datorn till i 20 sec och massa msn ruter kom upp och stängdes. Sedan fick jag massa svar sedan som undrade vad det var och så och datorn hittade viruset o försökte radera.

 

Jag har sett att andra skickar ut medelanden oftare än min dator min har "bara" sickat ut 3 gånger under en vecka.

 

 

[Cecilia]

Men jag är ganska säker att viruset låg där iallfall för mitt vanliga virus skydd visade att viruset låg i "C:\WINDOWS\service.exe".

Antivirusprogrammet tog kanske bort den filen då. Vi kollar lite djupare. Ladda ner ComboFix till Skrivbordet:

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

 

Du bör installera Windows Återställningskonsol eftersom det gör det möjligt att starta datorn i ett särskild återställningsläge vilket kan vara bra om något händer med datorn under de kommande rensningarna.

 

[log]Alternativ 1: Du har en CD med Windows XP

Stoppa in CDn

Start - Kör

Skriv in

x:\i386\winnt32.exe /cmdcons

där du byter ut x mot den bokstav som CDn har.

Tryck på OK

Svara Ja på frågan om du vill installera återställningskonsolen.

Programmet kommer att kontakta Microsoft för att få de senaste filerna.

Tryck på OK när det är klart.

 

För att inte Återställningskonsolen ska fråga efter ett lösenord så gör på följande sätt:

Start - Kör

regedit

Leta upp HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\Setup\RecoveryConsole i vänsterkolumnen.

Ändra värdet på SecurityLevel till 1

Stäng regedit

Starta om datorn.[/log]

 

[log]Alternativ 2: Du har inte en CD med Windows XP

Surfa till http://support.microsoft.com/kb/310994

se till att språket på sidan matchar språket i Windows (språk väljs i högerkolumnen) om du inte har XP Media Center Edition för då ska du ha engelska.

 

Skrolla ner till rubriken Hämta programfilen för installationsdisketterna

Välj rätt nedladdning utifrån vilken Service Pack du har installerat till XP. Om du har SP3 så välj SP2.

Om du har XP Media Center Edition så välj XP Professional.

Spara den nedladdade filen på Skrivbordet.

 

När nedladdningen är klar så drar du den nedladdade filen med musen över Skrivbordet och släpper den på ComboFix-ikonen.

ComboFix kommer då att installera Återställningskonsolen.

När det är klart så kommer ComboFix att fråga om du vill fortsätta med att skanna, där väljer du No/Nej.[/log]

 

[log]Dra ur internetanslutningen och stäng av alla program du ser inklusive antivirusprogram, antispionprogram och brandvägg, alternativt starta om datorn i felsäkert läge.

Kör ComboFix och följ anvisningarna som visas.

 

VIKTIGT! Klicka inte på ComboFix-fönstret med musen när den körs annars kan den hänga upp sig.

 

När den är färdig så ska en logg komma upp, bifoga den till ditt svar. Kontrollera att antivirusprogram och brandvägg är igång innan du ansluter till internet.

 

Om du får problem med att komma ut på internet:

Kontrollpanelen - Nätverksanslutningar

högerklicka på din internetanslutning och välj Reparera och/eller starta om datorn.[/log]

 

Varning! ComboFix förhindrar automatisk körning av CD, disketter och USB-enheter för att göra det lättare att rensa datorn och skydda datorn mot infektioner i framtiden. Det kan bli problem t ex om datorn har internet via ett USB-modem eller USB-nätverkskort. Säg då till i stället för att köra ComboFix.

 

[Pattalutt]

Nu är jag lite förvirrad....

1.Jag ska alltså ladda ner combofix.

2.Ladda ner saken från länken från http://support.microsoft.com/kb/310994.

3.Sedan stänga av allt antivirus skyddet, brandvägg, internet?

Jag har trådlöst hur gör då?

Har ingen anning hur jag stäner av brandväggen och antivirus skyddet.

Hur sätter jag på datorn i det där läget?

Vad är "USB-modem eller USB-nätverkskort" ?

 

[Cecilia]

1. Ja

2. Ja om du inte har en XP-skiva

3. Stäng av routern, inaktivera anslutningen, dra ur nätverkskortet eller vad du nu har för möjlighet i just din miljö.

Ofta så kan man högerklicka på ikoner för brandvägg och antivirusprogram vid klockan och välja att inaktivera, men det är möjligt att du behöver starta Symantec och välja något också.

Windows-brandväggen kan du väl stänga av via kontrollpanelen - Windows-brandväggen (eller något liknande, jag har Vista).

Du behöver inte sätta på datorn med sådana inställningar.

 

Vad är "USB-modem eller USB-nätverkskort"

Modem resp. nätverkskort som är anslutet till en USB-kontakt på datorn.

 

[Pattalutt]

Sorry om jag är seg, men jag har haft lite dåilg erfarenhet med att hålla på med datorn själv:P. Räcker inte det att stänga av antslutnignen till det trådlåsa bredbandet? På mitt antivrus skydd är det enda jag kan hitta är Enable Auto protection