CiD, sjukt jobbiga popuper. Spyware.

1 september, 2008

Hej

Finns det någon vänlig själ som kan hjälpa mig?

Har problem med spyware, CiD popuper kommer med täta mellanrum.

Läste om nån som fixade det med ComboFix men jag har kört den och problemet kvarstår.

Bifogar HiJackThis rapporten och ComboFix rapporten

[log]Logfile of Trend Micro HijackThis v2.0.0 (BETA)

Scan saved at 13:44:58, on 2008-09-01

Platform: Windows XP SP2 (WinNT 5.01.2600)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program\DAEMON Tools\daemon.exe

C:\Program\QuickTime\qttask.exe

C:\Program\iTunes\iTunesHelper.exe

C:\Program\AVG\AVG8\avgtray.exe

C:\Program\Java\jre1.6.0_07\bin\jusched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

C:\Program\AVG\AVG8\avgwdsvc.exe

C:\WINDOWS\system32\svchost.exe

C:\Program\AVG\AVG8\avgrsx.exe

C:\Program\AVG\AVG8\avgemc.exe

C:\Program\iPod\bin\iPodService.exe

C:\WINDOWS\explorer.exe

C:\Documents and Settings\Fam. Rambäck\Skrivbord\HiJackThis_v2.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.se/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157'>http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896'>http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar

R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program\Macrogaming\SweetIMBarForIE\toolbar.dll

R3 - URLSearchHook: (no name) - {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program\AVG\AVG8\avgssie.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program\Java\jre1.6.0_07\bin\ssv.dll

O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\Program\AVG\AVG8\avgtoolbar.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program\google\googletoolbar1.dll

O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program\Macrogaming\SweetIMBarForIE\toolbar.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program\google\googletoolbar1.dll

O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program\AskSBar\bar\1.bin\ASKSBAR.DLL

O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\Program\AVG\AVG8\avgtoolbar.dll

O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program\DAEMON Tools\daemon.exe" -lang 1033

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Amok Eggs Four Web] C:\Documents and Settings\All Users\Application Data\part dead amok eggs\barb roam.exe

O4 - HKLM\..\Run: [AVG8_TRAY] C:\Program\AVG\AVG8\avgtray.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program\Java\jre1.6.0_07\bin\jusched.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [sweetIM] C:\Program\Macrogaming\SweetIM\SweetIM.exe

O4 - HKCU\..\Run: [TimeInter] C:\DOCUME~1\FAM~1.RAM\APPLIC~1\OPTION~1\HOLDUSERMFCD.exe

O4 - HKCU\..\Run: [swg] C:\Program\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

O4 - Global Startup: Uppdateringsagent.lnk = ?

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.6.0_07\bin\ssv.dll

O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab

O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/OnlineScanner.cab

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program\AVG\AVG8\avgpp.dll

O20 - AppInit_DLLs: avgrsstx.dll

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program\Delade filer\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\Program\AVG\AVG8\avgemc.exe

O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\Program\AVG\AVG8\avgwdsvc.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program\iPod\bin\iPodService.exe

--

End of file - 5119 bytes

[/log]

[log]ComboFix 08-08-31.01 - Fam. Rambäck 2008-09-01 13:39:41.2 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1053.18.128 [GMT 2:00]

Running from: C:\Documents and Settings\Fam. Rambäck\Skrivbord\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

((((((((((((((((((((((((( Files Created from 2008-08-01 to 2008-09-01 )))))))))))))))))))))))))))))))

.

2008-09-01 13:19 . 2008-09-01 13:19 <KAT> d-------- C:\WINDOWS\system32\config\systemprofile\Lokala instõllningar

2008-09-01 13:19 . 2008-09-01 13:19 <KAT> d-------- C:\Documents and Settings\Susanne och magnus\Lokala instõllningar

2008-09-01 13:19 . 2008-09-01 13:19 <KAT> d-------- C:\Documents and Settings\NetworkService\Lokala instõllningar

2008-09-01 13:19 . 2008-09-01 13:19 <KAT> d-------- C:\Documents and Settings\LocalService\Lokala instõllningar

2008-09-01 13:19 . 2008-09-01 13:19 <KAT> d-------- C:\Documents and Settings\Gõst

2008-09-01 13:19 . 2008-09-01 13:19 <KAT> d-------- C:\Documents and Settings\Fam. Rambõck

2008-09-01 13:19 . 2008-09-01 13:19 <KAT> d-------- C:\Documents and Settings\angelica\Lokala instõllningar

2008-09-01 13:19 . 2008-09-01 13:19 <KAT> d-------- C:\Documents and Settings\Administrat÷r

2008-09-01 13:14 . 2008-09-01 13:14 <KAT> d-------- C:\WINDOWS\system32\xircom

2008-09-01 13:14 . 2008-09-01 13:14 <KAT> d-------- C:\Program\microsoft frontpage

2008-09-01 12:48 . 2008-06-10 02:32 73,728 --a------ C:\WINDOWS\system32\javacpl.cpl

2008-09-01 12:45 . 2008-09-01 12:48 <KAT> d-------- C:\Program\Java

2008-09-01 12:45 . 2008-09-01 12:45 <KAT> d-------- C:\Program\Delade filer\Java

2008-09-01 12:29 . 2008-09-01 12:29 268 --ah----- C:\sqmdata15.sqm

2008-09-01 12:29 . 2008-09-01 12:29 244 --ah----- C:\sqmnoopt15.sqm

2008-09-01 11:03 . 2008-09-01 11:08 <KAT> d-------- C:\Documents and Settings\angelica\Application Data\AVGTOOLBAR

2008-09-01 09:46 . 2008-09-01 09:47 <KAT> d-------- C:\Program\EsetOnlineScanner

2008-09-01 09:36 . 2008-09-01 09:52 <KAT> d-------- C:\Documents and Settings\Susanne och magnus\Application Data\optionbind

2008-09-01 09:33 . 2008-09-01 09:33 <KAT> d--h----- C:\WINDOWS\system32\GroupPolicy

2008-09-01 09:32 . 2008-09-01 09:43 <KAT> d-------- C:\Documents and Settings\Susanne och magnus\Application Data\AVGTOOLBAR

2008-09-01 07:11 . 2008-09-01 07:24 <KAT> d-------- C:\Documents and Settings\Gäst\Application Data\AVGTOOLBAR

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-09-01 07:35 97,928 ----a-w C:\WINDOWS\system32\drivers\avgldx86.sys

2008-07-31 22:46 --------- d--h--w C:\Program\InstallShield Installation Information

2008-07-31 22:35 --------- d-----w C:\Program\7-Zip

2008-07-31 21:22 --------- d-----w C:\Program\keygen

2008-07-31 21:22 --------- d-----w C:\Documents and Settings\Fam. Rambäck\Application Data\AVGTOOLBAR

2008-07-31 21:12 --------- d-----w C:\Program\Circle Developement

2008-07-31 20:40 76,040 ----a-w C:\WINDOWS\system32\drivers\avgtdix.sys

2008-07-31 20:40 10,520 ----a-w C:\WINDOWS\system32\avgrsstx.dll

2008-07-31 20:39 --------- d-----w C:\Program\AVG

2008-07-31 20:39 --------- d-----w C:\Documents and Settings\All Users\Application Data\avg8

2008-07-31 20:28 --------- d-----w C:\Documents and Settings\Fam. Rambäck\Application Data\optionbind

2008-07-31 20:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\part dead amok eggs

2008-07-31 20:26 --------- d-----w C:\Program\optionbind

2008-07-31 20:18 91,648 ----a-w C:\WINDOWS\system32\iplfyjsv.dll

2008-07-08 13:47 --------- d-----w C:\Documents and Settings\Fam. Rambäck\Application Data\uTorrent

2007-12-06 21:41 6,076,704 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat

2007-12-06 21:41 120,096 --sha-w C:\WINDOWS\system32\drivers\fidbox2.dat

.

------- Sigcheck -------

2006-09-03 14:44 360576 bd8686216e34e22c4ed45a2320b2bea1 C:\WINDOWS\system32\drivers\tcpip.sys

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2}"= "C:\Program\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL" [2008-06-24 12:07 66912]

[HKEY_CLASSES_ROOT\clsid\{0579b4b6-0293-4d73-b02d-5ebb0ba0f0a2}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:34 15360]

"SweetIM"="C:\Program\Macrogaming\SweetIM\SweetIM.exe" [2008-01-02 21:15 103712]

"TimeInter"="C:\DOCUME~1\FAM~1.RAM\APPLIC~1\OPTION~1\HOLDUSERMFCD.exe" [2008-07-31 22:26 528384]

"swg"="C:\Program\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2008-06-23 23:50 171448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"DAEMON Tools"="C:\Program\DAEMON Tools\daemon.exe" [2005-12-10 16:57 133016]

"QuickTime Task"="C:\Program\QuickTime\qttask.exe" [2006-09-01 16:57 282624]

"Adobe Photo Downloader"="C:\Program\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-07 00:46 57344]

"iTunesHelper"="C:\Program\iTunes\iTunesHelper.exe" [2006-09-12 02:58 229952]

"Adobe Reader Speed Launcher"="C:\Program\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]

"Amok Eggs Four Web"="C:\Documents and Settings\All Users\Application Data\part dead amok eggs\barb roam.exe" [2008-09-01 13:32 3507712]

"AVG8_TRAY"="C:\Program\AVG\AVG8\avgtray.exe" [2008-09-01 09:35 1235736]

"SunJavaUpdateSched"="C:\Program\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"VIDC.X264"= x264vfw.dll

[HKLM\~\startupfolder\C:^Documents and Settings^Fam. Rambäck^Start-meny^Program^Autostart^desktop.ini]

path=C:\Documents and Settings\Fam. Rambäck\Start-meny\Program\Autostart\desktop.ini

backup=C:\WINDOWS\pss\desktop.iniStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]

--a------ 2005-06-07 00:46 57344 C:\Program\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

--a------ 2008-01-11 22:16 39792 C:\Program\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]

--a------ 2006-03-08 22:05 344064 C:\Program\ATI Technologies\ATI Control Panel\atiptaxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray]

--a------ 2005-05-19 15:47 57344 C:\Program\SlySoft\CloneCD\CloneCDTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HControl]

-ra------ 2006-02-23 06:40 106496 C:\WINDOWS\ATK0100\HControl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

--a------ 2006-09-12 02:58 229952 C:\Program\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

--a------ 2006-09-01 16:57 282624 C:\Program\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]

--a------ 2008-06-23 23:50 171448 C:\Program\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]

-r------- 2005-05-03 12:43 69632 C:\WINDOWS\Alcmtr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]

-r------- 2006-05-04 09:59 16206848 C:\WINDOWS\RTHDCPL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]

--a------ 2006-05-16 18:04 2879488 C:\WINDOWS\SkyTel.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSERIAL]

-ra------ 2006-01-20 06:34 544768 C:\WINDOWS\sm56hlpr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"ose"=3 (0x3)

"MDM"=2 (0x2)

"iPod Service"=3 (0x3)

"gusvc"=3 (0x3)

"Ati HotKey Poller"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\Program\\Messenger\\msmsgs.exe"=

"C:\\Program\\LimeWire\\LimeWire.exe"=

"C:\\Program\\uTorrent\\uTorrent.exe"=

"C:\\Program\\MSN Messenger\\msnmsgr.exe"=

"C:\\Program\\MSN Messenger\\livecall.exe"=

"C:\\Program\\iTunes\\iTunes.exe"=

"C:\\Program\\FrostWire\\FrostWire.exe"=

"C:\\Program\\AVG\\AVG8\\avgemc.exe"=

"C:\\Program\\AVG\\AVG8\\avgupd.exe"=

R1 AvgLdx86;AVG Free AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-09-01 09:35]

R2 avg8emc;AVG Free8 E-mail Scanner;C:\Program\AVG\AVG8\avgemc.exe [2008-09-01 09:35]

R2 avg8wd;AVG Free8 WatchDog;C:\Program\AVG\AVG8\avgwdsvc.exe [2008-09-01 09:35]

R2 AvgTdiX;AVG Free8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-07-31 22:40]

R2 mdvrmng;Mobile IP Route Manager;C:\WINDOWS\system32\drivers\mdvrmng.sys [2007-05-28 18:00]

R3 SynMini;USB2.0 1.3M WebCam;C:\WINDOWS\system32\Drivers\SynMini.sys [2006-07-03 04:33]

R3 SynScan;USB2.0 1.3M WebCam Still Image;C:\WINDOWS\system32\Drivers\SynScan.sys [2006-06-30 04:40]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]

\Shell\AutoRun\command - F:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{393123ea-fce8-11dc-a49f-0018f37cba5e}]

\Shell\AutoRun\command - F:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{52eacbf0-f343-11dc-a47b-0018f37cba5e}]

\Shell\AutoRun\command - F:\AutoRun.exe

*Newly Created Service* - CATCHME

.

Contents of the 'Scheduled Tasks' folder

.

------- Supplementary Scan -------

.

R0 -: HKCU-Main,Start Page = hxxp://www.google.se/

R0 -: HKCU-Main,SearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

R1 -: HKCU-SearchURL,(Default) = hxxp://www.google.com/search?q=%s

O16 -: {193C772A-87BE-4B19-A7BB-445B226FE9A1} - hxxp://downloads.ewido.net/ewidoOnlineScan.cab

C:\WINDOWS\Downloaded Program Files\ewidoOnlineScan.dll

.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-09-01 13:41:37

Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

Completion time: 2008-09-01 13:43:12

ComboFix-quarantined-files.txt 2008-09-01 11:43:07

ComboFix2.txt 2008-09-01 11:19:03

Pre-Run: 57,858,236,416 byte ledigt

Post-Run: 57,850,286,080 byte ledigt

166 --- E O F --- 2007-12-06 21:28:30

[/log]

Tack på förhand

1 september, 2008

Körde senaste HiJackThis

[log]Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 13:51:11, on 2008-09-01

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.5730.0013)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program\DAEMON Tools\daemon.exe

C:\Program\QuickTime\qttask.exe

C:\Program\iTunes\iTunesHelper.exe

C:\Program\AVG\AVG8\avgtray.exe

C:\Program\Java\jre1.6.0_07\bin\jusched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

C:\Program\AVG\AVG8\avgwdsvc.exe

C:\WINDOWS\system32\svchost.exe

C:\Program\AVG\AVG8\avgrsx.exe

C:\Program\AVG\AVG8\avgemc.exe

C:\Program\iPod\bin\iPodService.exe

C:\WINDOWS\explorer.exe

C:\Documents and Settings\Fam. Rambäck\Skrivbord\HiJackThis_v2.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\Program\Internet Explorer\IEXPLORE.EXE

C:\WINDOWS\system32\NOTEPAD.EXE

C:\Program\Trend Micro\HijackThis\HijackThis.exe