Update

16 december, 2008

Som sagt, helt okej :thumbsup:

Finns ju faktiskt många som inte vet hur en cookie egentligen fungerar, nu vet du/vi det mera ordentligt.

16 december, 2008

Har hållt på flera timmar idag med Aroon p Microsoft support, fortfarande går det inte att uppdatera Windows, men vi ska fortsätta. Hitta det här igen på Malwarwe som jag trodde jag fått bort:

Malwarebytes' Anti-Malware 1.31

Databasversion: 1506

Windows 6.0.6001 Service Pack 1

2008-12-16 19:35:34

mbam-log-2008-12-16 (19-35-34).txt

Skanningstyp: Fullständig skanning (C:\|D:\|)

Antal skannade objekt: 95925

Förfluten tid: 43 minute(s), 21 second(s)

Infekterade minnesprocesser: 0

Infekterade minnesmoduler: 0

Infekterade registernycklar: 0

Infekterade registervärden: 0

Infekterade registerdataposter: 6

Infekterade mappar: 0

Infekterade filer: 0

Infekterade minnesprocesser:

(Inga illasinnade poster hittades)

Infekterade minnesmoduler:

(Inga illasinnade poster hittades)

Infekterade registernycklar:

(Inga illasinnade poster hittades)

Infekterade registervärden:

(Inga illasinnade poster hittades)

Infekterade registerdataposter:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.135 85.255.112.131 -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{b0d43b3f-9712-486c-b086-8accb691cea6}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.135 85.255.112.131 -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.135 85.255.112.131 -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{b0d43b3f-9712-486c-b086-8accb691cea6}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.135 85.255.112.131 -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.135 85.255.112.131 -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{b0d43b3f-9712-486c-b086-8accb691cea6}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.135 85.255.112.131 -> Quarantined and deleted successfully.

Infekterade mappar:

(Inga illasinnade poster hittades)

Infekterade filer:

(Inga illasinnade poster hittades)

16 december, 2008

kopparn

prova att ta ner definitioner för defender via den här länken, kör bara filen rakt av och kör därefter en fullständig sökning med defender

http://go.microsoft.com/fwlink/?LinkID=85914&clcid=0x409

16 december, 2008

Jag körde Malaware en gång till, nu är det 4 kvar,

har inte kört defender än, ska pröva länken nu.

Malwarebytes' Anti-Malware 1.31

Databasversion: 1506

Windows 6.0.6001 Service Pack 1

2008-12-16 20:40:10

mbam-log-2008-12-16 (20-40-10).txt

Skanningstyp: Fullständig skanning (C:\|D:\|)

Antal skannade objekt: 96003

Förfluten tid: 55 minute(s), 16 second(s)

Infekterade minnesprocesser: 0

Infekterade minnesmoduler: 0

Infekterade registernycklar: 0

Infekterade registervärden: 0

Infekterade registerdataposter: 4

Infekterade mappar: 0

Infekterade filer: 0

Infekterade minnesprocesser:

(Inga illasinnade poster hittades)

Infekterade minnesmoduler:

(Inga illasinnade poster hittades)

Infekterade registernycklar:

(Inga illasinnade poster hittades)

Infekterade registervärden:

(Inga illasinnade poster hittades)

Infekterade registerdataposter:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.135 85.255.112.131 -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{b0d43b3f-9712-486c-b086-8accb691cea6}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.135 85.255.112.131 -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.135 85.255.112.131 -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{b0d43b3f-9712-486c-b086-8accb691cea6}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.135 85.255.112.131 -> Quarantined and deleted successfully.

Infekterade mappar:

(Inga illasinnade poster hittades)

Infekterade filer:

(Inga illasinnade poster hittades)

16 december, 2008

Fick detta svar när jag tryckte på länken:

Error 404.4 - Not Found

Det finns ingen hanterare kopplad till resursen som du letar efter. Detaljerad felinformationModul IIS Web Core

Meddelande MapRequestHandler

Hanterare Ej fastställd än

Felkod 0x80070002

Begärd URL http://download.microsoft.com:80/download/DefinitionUpdates/mpas-fe.exe

Fysisk sökväg C:\inetpub\wwwroot\download\DefinitionUpdates\mpas-fe.exe

Inloggningsmetod Anonym

Användarinloggning Anonym

Mest troliga orsaker:

Filnamnstillägget för begärd URL har inte en hanterare konfigurerad för att behandla begäranden på webbservern.

Vad du kan pröva:

Om filnamnstillägget inte har någon hanterare, lägger du till en hanterarmappning för det.

Kontrollera att hanteraren är korrekt installerad och konfigurerad.

Skapa en spårningsregel som spårar misslyckade begäranden för denna HTTP-statuskod. Mer information (på engelska) om hur du skapar spårningsregler för misslyckade begäranden finns i .

Länkar och mer informationFelet beror på att webbservern inte känner igen filnamnstillägget för den begärda resursen. På webbservern finns ingen modulhanterare för tillägget. Om det nekade filnamnstillägget behövs på webbservern, lägger du till en lämplig hanterare.

Visa mer information »

16 december, 2008

hmm..fortfarande blockeringar..vet du om det blir samma fel på de övriga datorerna ?

Testa samma länk på de andra om den fungerar att köra direkt, så fungerar den även att spara på exempelvis usb minne, då kan du flytta den till värddatorn och köra filen där inne.

det kan även finnas en chans att spybot kan lösa problemet, dock inget som jag kan verifiera

den kan hämtas från följande länk

http://www.spybot.com/sv/mirrors/index.html

http://www.spybot.com/sv/tutorial/index.html ( instruktioner till programmet )

Det som ställer till det för oss är att infektionen blockerar alla försök för mig att ansluta till Er dator, vilket naturligtvis försvårar rensning också. Elak liten rackare det där

16 december, 2008

Tack, ska pröva det imorrn, eller senare ikväll, just nu kör jag Kasperskys som jag fick tag i på USB-minne o installera på värddatorn, då det ju inte gick att göra online, vi får se vad den säger, det lär ta tid, just nu endast 2% genomgånget

16 december, 2008

gott den borde lösa det mesta, men var beredd på att den kan ta minst två timmar. Har sett att den har kunnat köra i 48 timmar, men då har diskarna i fråga varit enorma ( 1000gb ) när den har gått klart, så klicka på neutralize all. Vi höres imorgon kopparn

17 december, 2008

Kört igenom Kasperskys. Den hitta bara Smittfraud exe. Desktop, so jag tog bort. Här är en Hijack logga nån [log]Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 17:34:38, on 2008-12-03

Platform: Windows Vista SP1 (WinNT 6.00.1905)

MSIE: Internet Explorer v7.00 (7.00.6001.18000)

Boot mode: Normal

Running processes:

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Windows Defender\MSASCui.exe

C:\Windows\RtHDVCpl.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Program Files\Launch Manager\LManager.exe

C:\Windows\System32\igfxtray.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\Alwil Software\Avast4\ashDisp.exe

C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe

C:\Program Files\Kitco\Kcast\Kcast.exe

C:\Program Files\Personal\bin\Personal.exe

C:\Windows\system32\igfxext.exe

C:\Windows\system32\igfxsrvc.exe

C:\Acer\Empowering Technology\ENET\ENMTRAY.EXE

C:\Acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE

C:\Users\pappa\AppData\Local\Temp\RtkBtMnt.exe

C:\Windows\system32\wuauclt.exe

C:\Program Files\Internet Explorer\ieuser.exe

C:\Windows\system32\conime.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Windows\system32\Macromed\Flash\FlashUtil10a.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

C:\Windows\system32\SearchFilterHost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://user.tninet.se/~rmd498m/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://sv.intl.acer.yahoo.com'>http://sv.intl.acer.yahoo.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896'>http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://sv.intl.acer.yahoo.com

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.rd.yahoo.com/customize/ycomp/defaults/su/*http://uk.yahoo.com

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

O1 - Hosts: ::1 localhost

O2 - BHO: Länkhjälp till Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll

O3 - Toolbar: &TerraTec Home Cinema - {AD6E6555-FB2C-47D4-8339-3E2965509877} - C:\PROGRA~1\TerraTec\TERRAT~1\THCDES~1.DLL

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll

O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"

O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe

O4 - HKLM\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe

O4 - HKLM\..\Run: [igfxTray] C:\Windows\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O4 - HKCU\..\Run: [KITCO] C:\Program Files\Kitco\Kcast\Kcast

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKAL TJÄNST')

O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKAL TJÄNST')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NÄTVERKSTJÄNST')

O4 - HKUS\S-1-5-18\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe (User 'Default user')

O4 - Global Startup: Empowering Technology Launcher.lnk = ?

O4 - Global Startup: Personal.lnk = C:\Program Files\Personal\bin\Personal.exe

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll

O9 - Extra button: Ladbrokes Poker - {C2A80015-C447-4dc4-82DD-AED83D6ED57E} - C:\Microgaming\Poker\ladbrokesMPP\MPPoker.exe

O9 - Extra button: Unibet Poker - {C53BFCFC-7A54-4627-AEBA-2CD4871FCA97} - C:\Microgaming\Poker\UnibetpokerMPP\MPPoker.exe

O9 - Extra button: NordicBet Poker - {E6073F93-9541-4be4-9800-109D378EB99B} - C:\Microgaming\Poker\nordicbetMPP\MPPoker.exe

O13 - Gopher Prefix:

O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab

O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} (Windows Live OneCare safety scanner control) - http://cdn.scan.onecare.live.com/resource/download/scanner/sv-se/wlscctrl2.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/VistaMSNPUpldsv-se.cab

O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab

O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://mppv2flash3.valueactive.com/Unibet/FlashAX.cab

O20 - AppInit_DLLs: eNetHook.dll

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe

O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe

O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe

O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe

O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe

O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

End of file - 7916 bytes[/log]

som ser nåt konstgt?

Rättat till LOG-taggar

När du har klistrat in en logg så var vänlig och markera loggen och tryck sedan på LOG-knappen som finns på samma rad som :thumbsdown: :thumbsup: i inläggsfönstret.

Cecilia - Moderator för Virus, skadliga program & botemedel

[inlägget ändrat 2008-12-17 09:06:13 av Cecilia]

17 december, 2008

kopparn, jag ser att 017 entrien är borta ( de ukrainska dnserna )

testa update

17 december, 2008

Gick inte med update, tyvärr

17 december, 2008

Nån som kan titta på denna Hijack i grabbens dator?

[log]Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 12:33:17, on 2008-12-17

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16735)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Program\Delade filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program\Grisoft\AVG7\avgamsvr.exe

C:\Program\Grisoft\AVG7\avgupsvc.exe

C:\Program\Grisoft\AVG7\avgemc.exe

C:\WINDOWS\system32\CTsvcCDA.EXE

C:\Program\Java\jre6\bin\jqs.exe

C:\Program\Canon\MultiPASS4\MPSERVIC.EXE

C:\Program\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

C:\WINDOWS\system32\svchost.exe

C:\Program\Delade filer\Ulead Systems\DVD\ULCDRSvr.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Program\Canon\CAL\CALMAIN.exe

C:\WINDOWS\system32\LVCOMSX.EXE

C:\Program\Grisoft\AVG7\avgcc.exe

C:\Program\Canon\MultiPASS4\MPDBMgr.exe

C:\Program\Java\jre6\bin\jusched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program\Windows Live\Messenger\msnmsgr.exe

C:\Program\Messenger\msmsgs.exe

C:\Program\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program\Grisoft\AVG7\avgw.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program\Windows Live\Messenger\usnsvc.exe

C:\Program\Internet Explorer\IEXPLORE.EXE

C:\Program\Delade filer\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\Program\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://se.msn.com/'>http://se.msn.com/

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.se/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896'>http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://se.msn.com/

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar

R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - (no file)

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program\Delade filer\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll

O2 - BHO: (no name) - {506D10CD-1276-4630-A245-D2EC9EFC1AC3} - (no file)

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program\Java\jre6\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live inloggningshjälpen - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program\Delade filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program\google\googletoolbar2.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll

O2 - BHO: (no name) - {BDB4EC43-86CB-4B9E-96BD-CC1B80D43DE3} - (no file)

O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program\Windows Live Toolbar\msntb.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program\Windows Live Toolbar\msntb.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program\google\googletoolbar2.dll

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [skyTel] SkyTel.EXE

O4 - HKLM\..\Run: [MPTBox] C:\Program\Canon\MultiPASS4\MPTBox.exe

O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE

O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program\Google\Google Desktop Search\GoogleDesktop.exe" /startup

O4 - HKLM\..\Run: [AVG7_CC] C:\Program\Grisoft\AVG7\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program\Java\jre6\bin\jusched.exe"

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Program\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Program\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [swg] C:\Program\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJÄNST')

O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\Program\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOKAL TJÄNST')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe

O8 - Extra context menu item: &Windows Live Search - res://C:\Program\Windows Live Toolbar\msntb.dll/search.htm

O9 - Extra button: Blogga detta - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Blogga detta i Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe

O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe

O9 - Extra button: Unibet Poker - {C53BFCFC-7A54-4627-AEBA-2CD4871FCA97} - C:\Program\UnibetpokerMPP\MPPoker.exe

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: NordicBet Poker - {E6073F93-9541-4be4-9800-109D378EB99B} - C:\Program\nordicbetMPP\MPPoker.exe

O9 - Extra button: @c:\Program\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\Program\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: @c:\Program\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\Program\Messenger\msmsgs.exe

O16 - DPF: {001EE746-A1F9-460E-80AD-269E088D6A01} (Infotl Control) - http://site.ebrary.com.ezproxy.ssb.stockholm.se/lib/stockholmstads/support/plugins/ebraryRdr.cab

O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab

O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.srtest.com/srl_bin/sysreqlab3.cab

O16 - DPF: {45A0A292-ECC6-4D8F-9EA9-A4BD411D24C1} (king.com) - http://www.king.com/ctl/kingcomie.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.mail.live.com/mail/w1/resources/MSNPUpld.cab

O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/OnlineScanner.cab

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab

O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase9563.cab

O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.sun.com/s/ESD5/JSCDL/jre/6u11-b90/jinstall-6u11-windows-i586-jc.cab?e=1228933883599&h=f9534a9d7c0c9d8cb81fc96fac3c4613/&filename=jinstall-6u11-windows-i586-jc.cab

O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/win/ActiveXPlugin.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab

O20 - AppInit_DLLs: C:\Program\Google\GOOGLE~2\GOEC62~1.DLL

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program\Delade filer\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program\Delade filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\Program\Grisoft\AVG7\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\Program\Grisoft\AVG7\avgupsvc.exe

O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\Program\Grisoft\AVG7\avgemc.exe

O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program\Canon\CAL\CALMAIN.exe

O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE

O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - C:\Program\Google\Google Desktop Search\GoogleDesktop.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program\Delade filer\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program\Java\jre6\bin\jqs.exe

O23 - Service: MpService - Canon Inc. - C:\Program\Canon\MultiPASS4\MPSERVIC.EXE

O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program\Delade filer\Ulead Systems\DVD\ULCDRSvr.exe

--

End of file - 10882 bytes[/log]

17 december, 2008

Nån som kan titta på denna Hijack i grabbens dator?

kopparn, den här tråden är redan väldigt lång så det vore bra om du började på en ny tråd i stället.

18 december, 2008

Hej har kört spybot som hittar DNS Changer i hkeyLocal-Machine/system den ändrar i DNS servern, och som jag skrivit tidigare så kan jag inte göra uppdateringar i windows. Viust ändrar i DNS-servern o körs som en gömd exe-fil o har att göra med winlogon.

Problemet är att spybot inte kan ta bort viruset har försökt säkert 10 ggr Hur får jag bort det?

Fråga 2) Hur ändrar jag tangentkommando så det inte kommer t.ex siffran4 när jag ska skriva u?

18 december, 2008

kopparn, för att få bort den funktionen ( din 2dra fråga ) tryck in fn+num lock på tangentbordet

på din första fråga.

Det går att komma runt problemet, dock så får vi ta o köra en remote igen. samma tid som vanligt ?

18 december, 2008

14:00, ok

FN+Num-lock går inte

[log]

--- Search result list ---

Hint of the Day: Click the bar at the right of this to see more information! ()

Zlob.DNSChanger: [sBI $041D1396] TCP/IP Settings #1 (Undefined) (Registerändring, fixed)

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\DhcpNameServer=208.67.220.220,208.67.222.222

Zlob.DNSChanger: [sBI $041D1396] TCP/IP Settings #2 (Undefined) (Registerändring, fixed)

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{B0D43B3F-9712-486C-B086-8ACCB691CEA6}\DhcpNameServer=208.67.220.220,208.67.222.222

--- Spybot - Search & Destroy version: 1.6.0 (build: 20080707) ---

2008-07-07 blindman.exe (1.0.0.8)

2008-07-07 SDFiles.exe (1.6.0.4)

2008-07-07 SDMain.exe (1.0.0.6)

2008-07-07 SDShred.exe (1.0.2.3)

2008-07-07 SDUpdate.exe (1.6.0.8)

2008-07-07 SDWinSec.exe (1.0.0.12)

2008-07-07 SpybotSD.exe (1.6.0.30)

2008-09-16 TeaTimer.exe (1.6.3.25)

2008-12-17 unins000.exe (51.49.0.0)

2008-07-07 Update.exe (1.6.0.7)

2008-10-22 advcheck.dll (1.6.2.13)

2007-04-02 aports.dll (2.1.0.0)

2008-06-14 DelZip179.dll (1.79.11.1)

2008-09-15 SDHelper.dll (1.6.2.14)

2008-06-19 sqlite3.dll

2008-10-22 Tools.dll (2.1.6.8)

2008-11-04 Includes\Adware.sbi (*)

2008-12-09 Includes\AdwareC.sbi (*)

2008-06-03 Includes\Cookies.sbi (*)

2008-09-02 Includes\Dialer.sbi (*)

2008-09-09 Includes\DialerC.sbi (*)

2008-07-23 Includes\HeavyDuty.sbi (*)

2008-11-18 Includes\Hijackers.sbi (*)

2008-12-16 Includes\HijackersC.sbi (*)

2008-12-09 Includes\Keyloggers.sbi (*)

2008-12-16 Includes\KeyloggersC.sbi (*)

2004-11-29 Includes\LSP.sbi (*)

2008-11-18 Includes\Malware.sbi (*)

2008-12-16 Includes\MalwareC.sbi (*)

2008-12-16 Includes\PUPS.sbi (*)

2008-12-16 Includes\PUPSC.sbi (*)

2007-11-07 Includes\Revision.sbi (*)

2008-06-18 Includes\Security.sbi (*)

2008-12-16 Includes\SecurityC.sbi (*)

2008-06-03 Includes\Spybots.sbi (*)

2008-06-03 Includes\SpybotsC.sbi (*)

2008-12-10 Includes\Spyware.sbi (*)

2008-12-10 Includes\SpywareC.sbi (*)

2008-06-03 Includes\Tracks.uti

2008-11-04 Includes\Trojans.sbi (*)

2008-12-16 Includes\TrojansC.sbi (*)

2008-03-04 Plugins\Chai.dll

2008-03-05 Plugins\Fennel.dll

2008-02-26 Plugins\Mate.dll

2007-12-24 Plugins\TCPIPAddress.dll

--- System information ---

Windows Vista (Build: 6001) Service Pack 1 (6.0.6001)

/ MSXML4SP2: Security update for MSXML4 SP2 (KB936181)

/ MSXML4SP2: Security update for MSXML4 SP2 (KB941833)

--- Startup entries list ---

Located: HK_CU:Run, swg

where: .DEFAULT...

command: C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

file: C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

size: 171448

MD5: 0FA44EA8B03ABA3E1D240B5A333D8E6A

Located: HK_CU:Run, SpybotSD TeaTimer

where: S-1-5-21-943041516-4001286664-2263957336-1003...

command: C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

file: C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

size: 1833296

MD5: 63B3FF83B87AFCEBA89CED54695DA0F6

Located: HK_CU:Run, SUPERAntiSpyware

where: S-1-5-21-943041516-4001286664-2263957336-1003...

command: C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

file: C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

size: 1809648

MD5: 1ADDEFCE2C605C13A23B5CC8DD72997B

Located: HK_CU:Run, swg

where: S-1-5-18...

command: C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

file: C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

size: 171448

MD5: 0FA44EA8B03ABA3E1D240B5A333D8E6A

Located: Startup (common), AutoUpdate Monitor.lnk

where: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup...

command: C:\Program Files\Sophos\AutoUpdate\ALMon.exe

file: C:\Program Files\Sophos\AutoUpdate\ALMon.exe

size: 245760

MD5: 4CF38637FADECCCC00013C0711DB3BBA

Located: Startup (disabled), Empowering Technology Launcher (DISABLED)

command: C:\Acer\EMPOWE~1\EAPLAU~1.EXE 9999

file: C:\Acer\EMPOWE~1\EAPLAU~1.EXE

size: 528384

MD5: C849D57292E58A9E1C55559930FD1082

Located: Startup (disabled), Personal (DISABLED)

command: C:\PROGRA~1\Personal\bin\Personal.exe

file: C:\PROGRA~1\Personal\bin\Personal.exe

size: 722464

MD5: 44BD2EE02CB3964F16A66DDA580EDDF5

Located: WinLogon, !SASWinLogon

command: C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

file: C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

size: 352256

MD5: EDC730A6F345C01D9A12F09621665C5A

Located: WinLogon, igfxcui

command: igfxdev.dll

file: igfxdev.dll

size: 0

MD5: D41D8CD98F00B204E9800998ECF8427E

Warning: if the file is actually larger than 0 bytes,

the checksum could not be properly calculated!

--- Browser helper object list ---

{39EA7695-B3F2-4C44-A4BC-297ADA8FD235} (Sophos Web Content Scanner)

location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects BHO name:

CLSID name: Sophos Web Content Scanner

Path: C:\Program Files\Sophos\Sophos Anti-Virus Long name: SophosBHO.dll

Short name: SOPHOS~2.DLL

Date (created): 2008-11-03 15:41:58

Date (last access): 2008-12-17 13:21:22

Date (last write): 2008-11-03 15:41:58

Filesize: 240696

Attributes: archive

MD5: CFC3AB2B75A8AF36960597D7F0E00569

CRC32: E36B88F1

Version: 2.4.2.3941

{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} (WormRadar.com IESiteBlocker.NavFilter)

location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects BHO name: WormRadar.com IESiteBlocker.NavFilter

CLSID name: AVG Safe Search

Path: C:\Program Files\AVG\AVG8 Long name: avgssie.dll

{53707962-6F74-2D53-2644-206D7942484F} (Spybot-S&D IE Protection)

location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects BHO name:

CLSID name: Spybot-S&D IE Protection

description: Spybot-S&D IE Browser plugin

classification: Legitimate

known filename: SDhelper.dll

info link: http://spybot.eon.net.au/

info source: Patrick M. Kolla

Path: C:\PROGRA~1\SPYBOT~1 Long name: SDHelper.dll

Short name:

Date (created): 2008-12-17 13:37:44

Date (last access): 2008-12-17 14:41:06

Date (last write): 2008-09-15 14:25:44

Filesize: 1562960

Attributes: readonly hidden sysfile archive

MD5: 35F73F1936BDE91F1B6995510A61E7A8

CRC32: BE6A5D15

Version: 1.6.2.14

{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)

location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects BHO name:

CLSID name: SSVHelper Class

Path: C:\Program Files\Java\jre6\bin Long name: ssv.dll

Short name:

Date (created): 2008-12-05 19:02:32

Date (last access): 2008-12-05 19:02:32

Date (last write): 2008-12-05 19:02:32

Filesize: 320920

Attributes: archive

MD5: 35E6FB6E6003BD54A5D69C9C1C762192

CRC32: 9699660C

Version: 6.0.110.3

{AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)

location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects BHO name:

CLSID name: Google Toolbar Helper

description: Google toolbar

classification: Open for discussion

known filename: googletoolbar.dll<br>googletoolbar*.dll<br>(* = number)<br>googletoolbar_en_*.**-big.dll<br>Googletoolbar_en_*.*.**-deleon.dll

info link: http://toolbar.google.com/

info source: TonyKlein

Path: c:\program files\google Long name: GoogleToolbar2.dll

Short name: GOOGLE~2.DLL

Date (created): 2008-08-07 16:35:02

Date (last access): 2008-08-07 16:35:02

Date (last write): 2008-08-07 16:35:02

Filesize: 2411584

Attributes: readonly archive

MD5: AE1B0BC2619730A777E06932DFC5105C

CRC32: C277D7F5

Version: 4.0.1601.4978

{DBC80044-A445-435b-BC74-9C25C1C588A9} (Java Plug-In 2 SSV Helper)

location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects BHO name:

CLSID name: Java Plug-In 2 SSV Helper

Path: C:\Program Files\Java\jre6\bin Long name: jp2ssv.dll

Short name:

Date (created): 2008-12-05 19:02:30

Date (last access): 2008-12-05 19:02:30

Date (last write): 2008-12-05 19:02:30

Filesize: 34816

Attributes: archive

MD5: 5D57FD3DF32DC69CEC3D1D54B4C43162

CRC32: D7C13FB2

Version: 6.0.110.3

--- ActiveX list ---

{166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control)

DPF name:

CLSID name: Shockwave ActiveX Control

Installer: C:\Windows\Downloaded Program Files\swdir.inf

Codebase: http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

description: Macromedia ShockWave Flash Player 7

classification: Legitimate

known filename: SWDIR.DLL

info link:

info source: Patrick M. Kolla

Path: C:\Windows\system32\Adobe\Director Long name: swdir.dll

Short name:

Date (created): 2008-10-08 08:26:16

Date (last access): 2008-10-08 08:26:16

Date (last write): 2008-08-06 15:30:48

Filesize: 202168

Attributes: archive

MD5: B8153BAD2E56C50B147867FA9DAEB095

CRC32: D52113FA

Version: 11.0.0.465

{3860DD98-0549-4D50-AA72-5D17D200EE10} (Windows Live OneCare safety scanner control)

DPF name:

CLSID name: Windows Live OneCare safety scanner control

Installer: C:\Windows\Downloaded Program Files\wlscCtrl2.inf

Codebase: http://cdn.scan.onecare.live.com/resource/download/scanner/sv-se/wlscctrl2.cab

Path: %ProgramFiles%\Windows Live Safety Center Long name: wlscCtrl2.dll

{56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control)

DPF name:

CLSID name: OnlineScanner Control

Installer: C:\Windows\Downloaded Program Files\OnlineScanner.inf

Codebase: http://www.eset.eu/OnlineScanner.cab

Path: C:\Windows\system32 Long name: OnlineScanner.ocx

Short name: ONLINE~1.OCX

Date (created): 2007-08-06 13:18:16

Date (last access): 2007-08-06 13:18:16

Date (last write): 2007-08-06 13:18:16

Filesize: 2707456

Attributes: archive

MD5: 41B8A44F69C6C5C2F9DAFEA1ED184D20

CRC32: E1F281AC

Version: 1.0.0.337

{8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0)

DPF name: Java Runtime Environment 1.6.0

CLSID name: Java Plug-in 1.6.0_11

Installer:

Codebase: http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab'>http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab'>http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab

description: Sun Java

classification: Legitimate

known filename: %PROGRAM FILES%\JabaSoft\JRE\*\Bin\npjava131.dll

info link:

info source: Patrick M. Kolla

Path: C:\Program Files\Java\jre6\bin Long name: jp2iexp.dll

Short name:

Date (created): 2008-12-05 19:02:28

Date (last access): 2008-12-05 19:02:28

Date (last write): 2008-12-05 19:02:30

Filesize: 94208

Attributes: archive

MD5: 3DA696FCE470365F830726A5DB33733F

CRC32: F0FC81C2

Version: 6.0.110.3

{8FFBE65D-2C9C-4669-84BD-5829DC0B603C} ()

DPF name:

CLSID name:

Installer: C:\Windows\Downloaded Program Files\erma.inf

Codebase: http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab

description:

classification: Open for discussion

known filename:

info link:

info source: Safer Networking Ltd.

{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0)

DPF name: Java Runtime Environment 1.6.0

CLSID name: Java Plug-in 1.6.0_11

Installer:

Codebase: http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab

Path: C:\Program Files\Java\jre6\bin Long name: jp2iexp.dll

Short name:

Date (created): 2008-12-05 19:02:28

Date (last access): 2008-12-05 19:02:28

Date (last write): 2008-12-05 19:02:30

Filesize: 94208

Attributes: archive

MD5: 3DA696FCE470365F830726A5DB33733F

CRC32: F0FC81C2

Version: 6.0.110.3

{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0)

DPF name: Java Runtime Environment 1.6.0

CLSID name: Java Plug-in 1.6.0_11

Installer:

Codebase: http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab

description:

classification: Legitimate

known filename: npjpi150_06.dll

info link:

info source: Safer Networking Ltd.

Path: C:\Program Files\Java\jre6\bin Long name: npjpi160_11.dll

Short name: NPJPI1~1.DLL

Date (created): 2008-12-05 19:02:32

Date (last access): 2008-12-05 19:02:32

Date (last write): 2008-12-05 19:02:32

Filesize: 132504

Attributes: archive

MD5: D400116F6776ACB6EDB6B1F5EEB9F92D

CRC32: CECB5751

Version: 6.0.110.3

--- Process list ---

PID: 2080 (1108) C:\Windows\system32\taskeng.exe

size: 169472

MD5: 5F109032CE46B7184ED9E50F9FE8489E

PID: 3528 (1092) C:\Windows\system32\Dwm.exe

size: 81920

MD5: 59903071D7ACE6A02093C47E9E38AF97

PID: 2104 (3864) C:\Windows\Explorer.EXE

size: 2927104

MD5: FFA764631CB70A30065C12EF8E174F9F

PID: 3152 (1108) C:\Windows\system32\wuauclt.exe

size: 53448

MD5: D316E28958873859B88D72CF47AD1EA5

PID: 3344 (2104) C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

size: 1809648

MD5: 1ADDEFCE2C605C13A23B5CC8DD72997B

PID: 2348 (2104) C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

size: 1833296

MD5: 63B3FF83B87AFCEBA89CED54695DA0F6

PID: 3340 (2104) C:\Program Files\Sophos\AutoUpdate\ALMon.exe

size: 245760

MD5: 4CF38637FADECCCC00013C0711DB3BBA

PID: 3820 (2104) C:\Program Files\Windows Media Player\wmpnscfg.exe

size: 202240

MD5: 35937EAD711207544E219C2A19A78A7D

PID: 440 (2104) C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe

size: 4891472

MD5: 3B1B5D09D3C9C4CD39D4DB06ED7A0855

PID: 3312 ( 440) C:\Windows\hh.exe

size: 14848

MD5: 7C06CED2F7B9272A126D53A2A9F52AC0

PID: 296 ( 440) C:\Windows\regedit.exe

size: 134656

MD5: 467A3B03E924B7B7EDD16D34740574B0

PID: 0 ( 0) [system Process]

PID: 4 ( 0) System

PID: 448 ( 4) smss.exe

size: 64000

PID: 524 ( 512) csrss.exe

size: 6144

PID: 568 ( 512) wininit.exe

size: 96768

PID: 576 ( 560) csrss.exe

size: 6144

PID: 616 ( 560) winlogon.exe

size: 314880

PID: 648 ( 568) services.exe

size: 279040

PID: 668 ( 568) lsass.exe

size: 9728

PID: 676 ( 568) lsm.exe

size: 229888

PID: 840 ( 648) svchost.exe

size: 21504

PID: 904 ( 648) svchost.exe

size: 21504

PID: 936 ( 648) svchost.exe

size: 21504

PID: 1060 ( 648) svchost.exe

size: 21504

PID: 1092 ( 648) svchost.exe

size: 21504

PID: 1108 ( 648) svchost.exe

size: 21504

PID: 1184 (1060) audiodg.exe

size: 88064

PID: 1212 ( 648) SLsvc.exe

size: 2623488

PID: 1252 ( 648) svchost.exe

size: 21504

PID: 1356 ( 648) SavService.exe

PID: 1624 ( 648) svchost.exe

size: 21504

PID: 1804 ( 648) aawservice.exe

PID: 1912 ( 648) spoolsv.exe

size: 125952

PID: 1940 ( 648) svchost.exe

size: 21504

PID: 504 ( 648) svchost.exe

size: 21504

PID: 424 ( 648) eLockServ.exe

PID: 1312 ( 648) eNet Service.exe

PID: 1836 ( 648) LSSrvc.exe

PID: 224 ( 648) MobilityService.exe

PID: 492 ( 648) svchost.exe

size: 21504

PID: 2072 ( 648) SAVAdminService.exe

PID: 2132 ( 648) ALsvc.exe

PID: 2172 ( 648) svchost.exe

size: 21504

PID: 2208 ( 648) svchost.exe

size: 21504

PID: 2236 ( 648) svchost.exe

size: 21504

PID: 2316 ( 648) SearchIndexer.exe

size: 439808

PID: 2356 ( 648) XAudio.exe

PID: 2412 ( 648) eRecoveryService.exe

PID: 2476 ( 648) capuserv.exe

PID: 2536 ( 648) ePowerSvc.exe

PID: 2724 ( 840) WmiPrvSE.exe

PID: 2816 ( 840) unsecapp.exe

PID: 3436 (1108) taskeng.exe

size: 169472

PID: 832 ( 648) wmpnetwk.exe

--- Browser start & search pages list ---

Spybot - Search & Destroy browser pages report, 2008-12-17 20:39:47

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Local Page

C:\Windows\system32\blank.htm

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Page

http://go.microsoft.com/fwlink/?LinkId=54896

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page

http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome

HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Local Page

%SystemRoot%\system32\blank.htm

HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Start Page

http://www.msn.com/

HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\SearchAssistant

http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\CustomizeSearch

http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm

--- Winsock Layered Service Provider list ---

Protocol 0: MSAFD Tcpip [TCP/IP]

GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}