Just nu i M3-nätverket
Jump to content

Virus + problem med HiJackThis


Graylingman

Recommended Posts

Min dotter har fått virus i sin dator och jag försöker hjälpa henne med att få bort sk-ten. Körde en virusskanning med F-secure som hon hade i datorn, troligen via Telias Säker Surf.

 

Programmet hittade 29 virus och åtgärdade med Automatisk rensning, se bifogad logg!

 

[log]Genomsökningsrapport

den 13 december 2008 20:10:42 - 20:43:04

 

Datornamn: ADMIN-4693A5BE6

Genomsökningstyp: Genomsök hårddiskar

Mål: C:Resultat: 29 skadligt program hittades

Trojan.Win32.Inject.kyv (virus)

 

* C:\WINDOWS\Temp\1219051475exe Åtgärd: bytt namn

* C:\WINDOWS\Temp\1391231732exe Åtgärd: bytt namn

* C:\WINDOWS\Temp\166852821exe Åtgärd: bytt namn

* C:\WINDOWS\Temp\17620723exe Åtgärd: bytt namn

* C:\WINDOWS\Temp\1788135283exe Åtgärd: bytt namn

* C:\WINDOWS\Temp\1790651326exe Åtgärd: bytt namn

* C:\WINDOWS\Temp\1817082261exe Åtgärd: bytt namn

* C:\WINDOWS\Temp\2063296083exe Åtgärd: bytt namn

* C:\WINDOWS\Temp\24971320exe Åtgärd: bytt namn

* C:\WINDOWS\Temp\259986925exe Åtgärd: bytt namn

* C:\WINDOWS\Temp\306464142exe Åtgärd: bytt namn

* C:\WINDOWS\Temp\355998368exe Åtgärd: bytt namn

* C:\WINDOWS\Temp\388460401exe Åtgärd: bytt namn

* C:\WINDOWS\Temp\395017669exe Åtgärd: bytt namn

* C:\WINDOWS\Temp\403997043exe Åtgärd: bytt namn

* C:\WINDOWS\Temp\429666389exe Åtgärd: bytt namn

* C:\WINDOWS\Temp\457832598exe Åtgärd: bytt namn

* C:\WINDOWS\Temp\504838185exe Åtgärd: bytt namn

* C:\WINDOWS\Temp\576907500exe Åtgärd: bytt namn

* C:\WINDOWS\Temp\679358939exe Åtgärd: bytt namn

* C:\WINDOWS\Temp\794394487exe Åtgärd: bytt namn

* C:\WINDOWS\Temp\822374900exe Åtgärd: bytt namn

* C:\WINDOWS\Temp\852505760exe Åtgärd: bytt namn

* C:\WINDOWS\Temp\90591521exe Åtgärd: bytt namn

* C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\ZIFAJJ88\mss32[1].exe Åtgärd: bytt namn

* C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\ZIFAJJ88\mss32[2].exe Åtgärd: bytt namn

* C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\ZIFAJJ88\mss32[3].exe Åtgärd: bytt namn

* C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\ZIFAJJ88\mss32[4].exe Åtgärd: bytt namn

* C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\LNJHV8JQ\mss32[1].exe Åtgärd: bytt namn

 

Statistik

Genomsökta:

 

* Filer: 70761

* Ej genomsökta: 22

 

Resultat:

 

* Virus: 29

* Spionprogram: 0

* Misstänkta objekt: 0

* Riskware: 0

 

Åtgärder:

 

* Rensad från virus: 0

* Bytt namn: 29

* Borttagen: 0

* Plac. i karantän: 0

* Misslyckades: 0

 

Startsektorer:

 

* Genomsökta: 6

* Angripna: 0

* Misstänkta objekt: 0

* Rensad från virus: 0

 

Ej genomsökta filer:

 

* Filen (klicka här för mer information) kan inte öppnas. C:\PAGEFILE.SYS

* Filen (klicka här för mer information) kan inte öppnas. C:\WINDOWS\SYSTEM32\MSAV.EXE

* Filen (klicka här för mer information) kan inte öppnas. C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT

* Filen (klicka här för mer information) kan inte öppnas. C:\WINDOWS\SYSTEM32\CONFIG\SAM

* Filen (klicka här för mer information) kan inte öppnas. C:\WINDOWS\SYSTEM32\CONFIG\SECURITY

* Filen (klicka här för mer information) kan inte öppnas. C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE

* Filen (klicka här för mer information) kan inte öppnas. C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM

* En fil i arkivet C:\MSOCache\All Users\9000041d-6000-11D3-8CFE-0150048383C9\ZF612707.CAB\REFSPCL.TTF går inte att öppna.

* En fil i arkivet C:\MSOCache\All Users\9000041d-6000-11D3-8CFE-0150048383C9\ZF612707.CAB\REFSAN.TTF går inte att öppna.

* En fil i arkivet C:\MSOCache\All Users\9000041d-6000-11D3-8CFE-0150048383C9\ZF612707.CAB\MISTRAL.TTF går inte att öppna.

* En fil i arkivet C:\MSOCache\All Users\9000041d-6000-11D3-8CFE-0150048383C9\ZF612707.CAB\PAPYRUS.TTF går inte att öppna.

* En fil i arkivet C:\MSOCache\All Users\9000041d-6000-11D3-8CFE-0150048383C9\ZF612707.CAB\FREESCPT.TTF går inte att öppna.

* En fil i arkivet C:\MSOCache\All Users\9000041d-6000-11D3-8CFE-0150048383C9\ZF612707.CAB\ARIALNB.TTF går inte att öppna.

* En fil i arkivet C:\MSOCache\All Users\9000041d-6000-11D3-8CFE-0150048383C9\ZF612707.CAB\ARIALNBI.TTF går inte att öppna.

* En fil i arkivet C:\MSOCache\All Users\9000041d-6000-11D3-8CFE-0150048383C9\ZF612707.CAB\ARIALNI.TTF går inte att öppna.

* En fil i arkivet C:\MSOCache\All Users\9000041d-6000-11D3-8CFE-0150048383C9\ZF612707.CAB\ARIALN.TTF går inte att öppna.

* Filen C:\Documents and Settings\Boddeliboddan\My Documents\BitTorrent Downloads\MIKA - RELAX, TAKE IT EASY\MIKA - RELAX, TAKE IT EASY.rar\MIKA - RELAX, TAKE IT EASY (2007).rar\MIKA - RELAX, TAKE IT EASY.MP3 är krypterad.

* Filen (klicka här för mer information) kan inte öppnas. C:\Documents and Settings\Boddeliboddan\Local Settings\Temporary Internet Files\Content.IE5\7PTU73HG\1765307691[1].jpg\1765307691[1] [F-Secure AVP]

* Det går inte att läsa från filen C:\Documents and Settings\Boddeliboddan\Local Settings\Temporary Internet Files\Content.IE5\7PTU73HG\1765307691[1].jpg\1765307691[1]. [F-Secure Orion]

* En fil i arkivet DmaBin går inte att öppna.

* En fil i arkivet GaaBin går inte att öppna.

* En fil i arkivet LgcBin går inte att öppna.

 

Alternativ

Definitionsversion:

 

* Virus: 2008-12-11_07

* Spionprogram: 2008-12-11_04

 

Genomsökningsmotorer:

 

* F-Secure AVP: 7.00.171, 2008-12-11

* F-Secure Libra: 2.04.05, 2008-12-08

* F-Secure Orion: 1.02.41, 2008-12-11

* F-Secure Draco: 1.01.00, 2008-12-04

 

Genomsökningsalternativ:

 

* Genomsök angivna filer: COM EXE SYS OV? BIN SCR DLL SHS HTM HTML HTT VBS JS INF VXD DO? XL? RTF CPL WIZ HTA PP? PWZ P?T MSO PIF . ACM ASP AX CNV CSC DRV INI MDB MPD MPP MPT OBD OBT OCX PCI TLB TSP WBK WBT WPC WSH VWP WML BOO HLP TD0 TT6 MSG ASD JSE VBE WSC CHM EML PRC SHB LNK WSF {* PDF ZL? XML ANI AVB BAT CEO CMD JPG LSP MAP MHT MIF PHP POT SWF WMF NWS TAR TGZ ZIP JAR ARJ LZH TAR TGZ GZ CAB RAR BZ2 HQX

* Genomsök arkiv

 

Åtgärder:

 

* Virus: Fråga efter genomsökning

* Spionprogram: Fråga efter genomsökning

 

Felinformation

Felet "Det går inte att öppna filen" inträffade:

Felmeddelandet "Det går inte att öppna filen" betyder att sökmotorn inte kunde öppna en fil och att den filen inte genomsöktes. Vanligtvis kan du ignorera det här felmeddelandet eftersom det finns många skäl till att det visas som inte innebär att det finns ett säkerhetshot, till exempel:

 

* Filen var en systemfil. Systemfiler är utformade så att de skyddas av operativsystemet. I det här fallet kan meddelandet ignoreras.

* Du har inte behörighet att läsa filen. Genomsök filen genom att logga in med ett användarkonto med tillräcklig behörighet (till exempel datorns administratörskonto) och göra om genomsökningen.

* Filen användes av ett program när genomsökningen gjordes. Genomsök filen genom att stänga alla program och göra om genomsökningen.

 

Copyright © 1998-2007 Produktsupport | Skicka ett virusexempel till F-Secure

F-Secure tar inget ansvar för material som har skapats eller publicerats av tredje part som F-Secures sidor på World Wide Web innehåller länkar till. Om du inte tydligt har angett något annat godkänner du genom att skicka material till någon av våra servrar, till exempel via e-post eller via F-Secures CGI-e-post, att allt material du gör tillgängligt får publiceras på F-Secures webbsidor eller i tryckta publikationer från F-Secure. Du når F-Secures offentliga webbplats genom att klicka på någon av de understrukna länkarna. När du gör detta loggas ditt besök i vår privata åtkomststatistik med ditt domännamn. Den här informationen lämnas inte till någon tredje part. Du samtycker till att inte vidta åtgärder mot oss med hänvisning till material som du skickar in. Om du inte tydligt har angett något annat godkänner du genom att skicka in material att F-Secure är fria att använda innehållet i materialet för produkter och publikationer från F-Secure utan ansvarsskyldighet.

 

[/log]

 

Tog därefter hem HiJackThis, lade installationsfilen på skrivbordet och försökte installera. Jag får upp rutan men frågan "Do you want to run this file? Jag svarar Run och.....Ingenting händer!

 

Ja, hon är administratör på datorn.

 

Kort fråga: Vad gör jag lämpligen nu?

 

 

 

Link to comment
Share on other sites

Nåt mera knas är det tydligen.

 

Medan jag väntar på svar i den här tråden stod hennes dator påslagen men inte ansluten till internet. När jag gick förbi skärman såg jag att den spontant försökt att ansluta till en sajt som heter www.backlinksfactory.com

 

Drar mig också till minnes att tidigare i kväll medan jag körde virusskanningen försökte datorn ansluta även till en sajt som hette dealforfun eller nåt liknande.

 

 

Link to comment
Share on other sites

Japp, det funkade! (Hur kan det komma sig?)

 

Här är loggen!

 

[log]

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 21:44:01, on 2008-12-13

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\bgsvcgen.exe

C:\Program Files\Telia\Telias sakerhetstjanster\Anti-Virus\fsgk32st.exe

C:\Program Files\Telia\Telias sakerhetstjanster\Common\FSMA32.EXE

C:\Program Files\Telia\Telias sakerhetstjanster\Anti-Virus\FSGK32.EXE

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe

C:\Program Files\Telia\Telias sakerhetstjanster\Common\FSMB32.EXE

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\System32\snmp.exe

C:\Program Files\Telia\Supportassistent\bin\sprtsvc.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Telia\Telias sakerhetstjanster\Common\FCH32.EXE

C:\Program Files\Telia\Telias sakerhetstjanster\Common\FAMEH32.EXE

C:\Program Files\Telia\Telias sakerhetstjanster\Anti-Virus\fsqh.exe

C:\Program Files\Telia\Telias sakerhetstjanster\FSAUA\program\fsaua.exe

C:\Program Files\Telia\Telias sakerhetstjanster\Anti-Virus\fssm32.exe

C:\Program Files\Telia\Telias sakerhetstjanster\FWES\Program\fsdfwd.exe

C:\Program Files\Telia\Telias sakerhetstjanster\FSAUA\program\fsus.exe

C:\Program Files\Telia\Telias sakerhetstjanster\Anti-Virus\fsav32.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Program Files\Telia\Supportassistent\bin\sprtcmd.exe

C:\Program Files\Telia\Telias sakerhetstjanster\Common\FSM32.EXE

C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe

C:\Program Files\Picasa2\PicasaMediaDetector.exe

C:\Program Files\Nokia\Nokia PC Suite 6\PCSync2.exe

C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe

C:\Program Files\Telia\Telias sakerhetstjanster\FSGUI\fsguidll.exe

C:\Program Files\Personal\bin\Personal.exe

C:\Program Files\FinePixViewer\QuickDCF2.exe

C:\Program Files\WinZip\WZQKPICK.EXE

C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe

C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe

C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live inloggningshjälpen - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll

O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN

O4 - HKLM\..\Run: [Telia] "C:\Program Files\Telia\Supportassistent\bin\sprtcmd.exe" /P Telia

O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Telia\Telias sakerhetstjanster\Common\FSM32.EXE" /splash

O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Telia\Telias sakerhetstjanster\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"

O4 - HKLM\..\Run: [AutoUpdate_1] C:\WINDOWS\winlogon.exe

O4 - HKLM\..\Run: [AutoUpdate_2] C:\WINDOWS\service.exe

O4 - HKLM\..\Run: [AutoUpdate_3] C:\WINDOWS\iwedantar.exe

O4 - HKLM\..\Run: [AutoUpdate_4] C:\WINDOWS\svchost.exe

O4 - HKLM\..\Run: [MSAV] C:\WINDOWS\system32\msav.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe

O4 - HKCU\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSync2.exe" /NoDialog

O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray

O4 - HKCU\..\Run: [user16] C:\WINDOWS\system32\winhlp.exe

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: BankID Security Application.lnk = C:\Program Files\Personal\bin\Personal.exe

O4 - Global Startup: Exif Launcher 2.lnk = ?

O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE

O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm

O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Öppna på ny flik i bakgrunden - res://C:\Program Files\Windows Live Toolbar\Components\sv-se\msntabres.dll.mui/229?326047834e1547328bb65e715f8e8886

O8 - Extra context menu item: Öppna på ny flik i förgrunden - res://C:\Program Files\Windows Live Toolbar\Components\sv-se\msntabres.dll.mui/230?326047834e1547328bb65e715f8e8886

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra button: Blogga detta - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Blogga detta i Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Referensinformation - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/resources/MSNPUpld.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1137490676250

O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\system32\bgsvcgen.exe

O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\Telia\Telias sakerhetstjanster\Anti-Virus\fsgk32st.exe

O23 - Service: FCI - Unknown owner - C:\WINDOWS\system32\svchost.exe:ext.exe (file missing)

O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\Telia\Telias sakerhetstjanster\FSAUA\program\fsaua.exe

O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Telia\Telias sakerhetstjanster\FWES\Program\fsdfwd.exe

O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\Telia\Telias sakerhetstjanster\Common\FSMA32.EXE

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

O23 - Service: SupportSoft Sprocket Service (telia) (sprtsvc_telia) - SupportSoft, Inc. - C:\Program Files\Telia\Supportassistent\bin\sprtsvc.exe

O23 - Service: SupportSoft RemoteAssist - SupportSoft, Inc. - C:\Program Files\Common Files\SupportSoft\bin\ssrc.exe

 

--

End of file - 9576 bytes

[/log]

 

Link to comment
Share on other sites

 

[log]Ladda ner Malwarebytes Anti-Malware (MBAM) från en av dessa länkar:

http://www.download.com/Malwarebytes-Anti-Malware/3000-8022_4-108

04572.html

http://projects.securitywonks.net/projects/details.php?file=158

Dubbelklicka på mbam-setup för att installera programmet.

 

Se till i slutet av installationen att det är bockar för:

Uppdatera Malwarebytes' Anti-Malware

Starta Malwarebytes' Anti-Malware

Tryck på Slutför

Om det finns någon uppdatering så kommer den att laddas ner och installeras.

 

När programmet startar så välj "Utför snabb skanning" och tryck på Skanna.

Skanningen tar ett tag.

När den är klar så tryck på OK och sedan "Visa resultat".

Bocka för allt och tryck sedan Ta bort markerade.

När borttagningen är klar så öppnar Anteckningar med en logg.

 

Eventuellt så kommer det upp en begäran om att starta om datorn (Restart). I så fall gör det.

Om det blir ett felmeddelande Error loading... efter omstarten så starta om datorn än en gång.

Om programmet inte kommer igång efter omstarten så starta det.

 

Om loggen inte kommer upp själv i Anteckningar så hittar du loggen på fliken Loggar i MBAM.

Kopiera loggen och klistra in den i ditt svar tillsammans med en ny HijackThis-logg.

 

tittar till imorn[/log]

 

Link to comment
Share on other sites

Lade installationsfilen på skrivbordet och försökte köra. Inget hände. Bytte namn på filen till rens.exe och nu lyckades jag installera programmet. Däremot går det inte att köra själva programmet. Inget händer! Inte i Felsäkert läge heller...

 

Link to comment
Share on other sites

 

[log]Kopiera i Kör fältet devmgmt.msc och klicka Ok

Sen Visa > Visa dolda enheter > Icke-Plug and Play....

ser du där TDSSserv så klicka på den och välj inaktivera.

Starta om datorn efter det och kör Malwarebytes[/log]

 

Link to comment
Share on other sites

Körde Malwarebytes. Under körningen "vaknade" även F-secure och larmade om Backdoor.Win32.TDSS.asz

Jag valde rensa och fick svaret:

 

Det gick inte att rensa objektet från virus. Objektet bytte namn.

 

Därefter larmade F-secure för några till med samma resultat.

 

Här är i alla fall loggen från Malwarebytes:

 

[log]Malwarebytes' Anti-Malware 1.31

Databasversion: 1497

Windows 5.1.2600 Service Pack 3

 

2008-12-13 22:50:47

mbam-log-2008-12-13 (22-50-47).txt

 

Skanningstyp: Snabb skanning

Antal skannade objekt: 52896

Förfluten tid: 6 minute(s), 30 second(s)

 

Infekterade minnesprocesser: 0

Infekterade minnesmoduler: 0

Infekterade registernycklar: 3

Infekterade registervärden: 2

Infekterade registerdataposter: 0

Infekterade mappar: 0

Infekterade filer: 45

 

Infekterade minnesprocesser:

(Inga illasinnade poster hittades)

 

Infekterade minnesmoduler:

(Inga illasinnade poster hittades)

 

Infekterade registernycklar:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\tdssdata (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\tdss (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\fci (Rootkit.Agent) -> Quarantined and deleted successfully.

 

Infekterade registervärden:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\user16 (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\autoupdate_1 (Trojan.Agent) -> Quarantined and deleted successfully.

 

Infekterade registerdataposter:

(Inga illasinnade poster hittades)

 

Infekterade mappar:

(Inga illasinnade poster hittades)

 

Infekterade filer:

C:\WINDOWS\system32\opnmKARH.0ll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\TDSShrsr.dll (Trojan.TDSS) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\TDSSoiqn.dll (Trojan.TDSS) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\TDSSrtqp.dll (Trojan.TDSS) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\TDSSxfum.dll (Trojan.TDSS) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\winhlp.0xe (Trojan.Dropper) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\drivers\TDSSmqlt.sys (Trojan.TDSS) -> Quarantined and deleted successfully.

C:\kidssr.0xe (Trojan.Dropper) -> Quarantined and deleted successfully.

C:\WINDOWS\Temp\115455146exe.0 (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\Temp\1159430735exe.0 (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\Temp\1219051475exe.0 (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\Temp\24971320exe.0 (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\Temp\259986925exe.0 (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\Temp\306464142exe.0 (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\Temp\355998368exe.0 (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\Temp\388460401exe.0 (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\Temp\395017669exe.0 (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\Temp\403997043exe.0 (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\Temp\822374900exe.0 (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\Temp\852505760exe.0 (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\Temp\429666389exe.0 (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\Temp\457832598exe.0 (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\Temp\504838185exe.0 (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\Temp\1391231732exe.0 (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\Temp\166852821exe.0 (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\Temp\17620723exe.0 (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\Temp\1788135283exe.0 (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\Temp\1790651326exe.0 (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\Temp\1817082261exe.0 (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\Temp\576907500exe.0 (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\Temp\679358939exe.0 (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\Temp\794394487exe.0 (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\Temp\90591521exe.0 (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\Temp\2063296083exe.0 (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\LNJHV8JQ\mss32[1].0xe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\ZIFAJJ88\mss32[1].0xe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\ZIFAJJ88\mss32[2].0xe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\ZIFAJJ88\mss32[3].0xe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\ZIFAJJ88\mss32[4].0xe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\Boddeliboddan\Local Settings\Temporary Internet Files\Content.IE5\LIVOHP4S\aasuper3[1].0tm (Trojan.Dropper) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\TDSSlxwp.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\winlogon.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\Boddeliboddan\Local Settings\Temp\TDSS1836.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\Documents and Settings\Boddeliboddan\Local Settings\Temp\TDSS1846.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\TDSSkkbi.log (Trojan.TDSS) -> Quarantined and deleted successfully.

[/log]

 

Och här är loggen från HiJackThis:

 

[log]

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 22:55:25, on 2008-12-13

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\bgsvcgen.exe

C:\Program Files\Telia\Telias sakerhetstjanster\Anti-Virus\fsgk32st.exe

C:\Program Files\Telia\Telias sakerhetstjanster\Common\FSMA32.EXE

C:\Program Files\Telia\Telias sakerhetstjanster\Anti-Virus\FSGK32.EXE

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Program Files\Telia\Telias sakerhetstjanster\Common\FSMB32.EXE

C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\System32\snmp.exe

C:\Program Files\Telia\Supportassistent\bin\sprtsvc.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Telia\Telias sakerhetstjanster\Common\FCH32.EXE

C:\Program Files\Telia\Telias sakerhetstjanster\Common\FAMEH32.EXE

C:\Program Files\Telia\Telias sakerhetstjanster\Anti-Virus\fsqh.exe

C:\Program Files\Telia\Telias sakerhetstjanster\FSAUA\program\fsaua.exe

C:\Program Files\Telia\Telias sakerhetstjanster\Anti-Virus\fssm32.exe

C:\Program Files\Telia\Telias sakerhetstjanster\FWES\Program\fsdfwd.exe

C:\Program Files\Telia\Telias sakerhetstjanster\FSAUA\program\fsus.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Telia\Telias sakerhetstjanster\Anti-Virus\fsav32.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Program Files\Telia\Supportassistent\bin\sprtcmd.exe

C:\Program Files\Telia\Telias sakerhetstjanster\Common\FSM32.EXE

C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe

C:\Program Files\Picasa2\PicasaMediaDetector.exe

C:\Program Files\Nokia\Nokia PC Suite 6\PCSync2.exe

C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe

C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

C:\Program Files\Telia\Telias sakerhetstjanster\FSGUI\fsguidll.exe

C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

C:\Program Files\Personal\bin\Personal.exe

C:\Program Files\FinePixViewer\QuickDCF2.exe

C:\Program Files\WinZip\WZQKPICK.EXE

C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe

C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe

C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live inloggningshjälpen - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll

O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN

O4 - HKLM\..\Run: [Telia] "C:\Program Files\Telia\Supportassistent\bin\sprtcmd.exe" /P Telia

O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Telia\Telias sakerhetstjanster\Common\FSM32.EXE" /splash

O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Telia\Telias sakerhetstjanster\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"

O4 - HKLM\..\Run: [AutoUpdate_2] C:\WINDOWS\service.exe

O4 - HKLM\..\Run: [AutoUpdate_3] C:\WINDOWS\iwedantar.exe

O4 - HKLM\..\Run: [AutoUpdate_4] C:\WINDOWS\svchost.exe

O4 - HKLM\..\Run: [MSAV] C:\WINDOWS\system32\msav.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe

O4 - HKCU\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSync2.exe" /NoDialog

O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: BankID Security Application.lnk = C:\Program Files\Personal\bin\Personal.exe

O4 - Global Startup: Exif Launcher 2.lnk = ?

O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE

O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm

O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Öppna på ny flik i bakgrunden - res://C:\Program Files\Windows Live Toolbar\Components\sv-se\msntabres.dll.mui/229?326047834e1547328bb65e715f8e8886

O8 - Extra context menu item: Öppna på ny flik i förgrunden - res://C:\Program Files\Windows Live Toolbar\Components\sv-se\msntabres.dll.mui/230?326047834e1547328bb65e715f8e8886

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra button: Blogga detta - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Blogga detta i Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Referensinformation - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/resources/MSNPUpld.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1137490676250

O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\system32\bgsvcgen.exe

O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\Telia\Telias sakerhetstjanster\Anti-Virus\fsgk32st.exe

O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\Telia\Telias sakerhetstjanster\FSAUA\program\fsaua.exe

O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Telia\Telias sakerhetstjanster\FWES\Program\fsdfwd.exe

O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\Telia\Telias sakerhetstjanster\Common\FSMA32.EXE

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

O23 - Service: SupportSoft Sprocket Service (telia) (sprtsvc_telia) - SupportSoft, Inc. - C:\Program Files\Telia\Supportassistent\bin\sprtsvc.exe

O23 - Service: SupportSoft RemoteAssist - SupportSoft, Inc. - C:\Program Files\Common Files\SupportSoft\bin\ssrc.exe

 

--

End of file - 9410 bytes

[/log]

 

Link to comment
Share on other sites

 

[log]Scanna med Hijack bocka i följande rader stäng Web-läsaren och klicka Fix checked

 

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O4 - HKLM\..\Run: [AutoUpdate_2] C:\WINDOWS\service.exe

O4 - HKLM\..\Run: [AutoUpdate_3] C:\WINDOWS\iwedantar.exe

O4 - HKLM\..\Run: [AutoUpdate_4] C:\WINDOWS\svchost.exe

O4 - HKLM\..\Run: [MSAV] C:\WINDOWS\system32\msav.exe

 

sen ta bort om hittas

 

C:\WINDOWS\system32\msav.exe[/log]

 

 

Link to comment
Share on other sites

Bockade för och fixade. Hittade C:\WINDOWS\system32\msav.exe men lyckades inte ta bort den eftersom den används av något program.

 

Är du fortfarande vaken? :)

 

Link to comment
Share on other sites

Är du fortfarande vaken? :)
Jag kan inte svara på om Zipp är vaken men han har i alla fall lämnat datorn för idag.

 

Link to comment
Share on other sites

Tog bort filen.

 

Det blev 2 loggar när jag körde rsit.

 

Här är den ena:

 

.[log]

info.txt logfile of random's system information tool 1.04 2008-12-14 13:27:23

 

======Uninstall list======

 

-->"C:\Program Files\Telia\Telias sakerhetstjanster\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Anti-Spyware Scanner"

-->"C:\Program Files\Telia\Telias sakerhetstjanster\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Anti-Spyware"

-->"C:\Program Files\Telia\Telias sakerhetstjanster\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Anti-Virus Client Security Installer"

-->"C:\Program Files\Telia\Telias sakerhetstjanster\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Anti-Virus"

-->"C:\Program Files\Telia\Telias sakerhetstjanster\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Automatic Update Agent"

-->"C:\Program Files\Telia\Telias sakerhetstjanster\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure DAAS"

-->"C:\Program Files\Telia\Telias sakerhetstjanster\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Diagnostics"

-->"C:\Program Files\Telia\Telias sakerhetstjanster\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure E-mail Scanning"

-->"C:\Program Files\Telia\Telias sakerhetstjanster\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure FWES"

-->"C:\Program Files\Telia\Telias sakerhetstjanster\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure GateKeeper Interface"

-->"C:\Program Files\Telia\Telias sakerhetstjanster\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Gemini"

-->"C:\Program Files\Telia\Telias sakerhetstjanster\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure GUI"

-->"C:\Program Files\Telia\Telias sakerhetstjanster\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Help"

-->"C:\Program Files\Telia\Telias sakerhetstjanster\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure HIPS"

-->"C:\Program Files\Telia\Telias sakerhetstjanster\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Internet Shield"

-->"C:\Program Files\Telia\Telias sakerhetstjanster\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Localization API"

-->"C:\Program Files\Telia\Telias sakerhetstjanster\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Management Agent"

-->"C:\Program Files\Telia\Telias sakerhetstjanster\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Pegasus Engine"

-->"C:\Program Files\Telia\Telias sakerhetstjanster\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Protocol Scanner"

-->"C:\Program Files\Telia\Telias sakerhetstjanster\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure TNB"

-->"C:\Program Files\Telia\Telias sakerhetstjanster\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Uninstall"

-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf

Ad-Aware 2007-->MsiExec.exe /X{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}

Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe

Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe

Adobe Photoshop 7.0-->C:\WINDOWS\ISUN041D.EXE -f"C:\Program Files\Adobe\Photoshop 7.0\Uninst.isu" -c"C:\Program Files\Adobe\Photoshop 7.0\Uninst.dll"

Adobe Reader 7.1.0-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A71000000002}

Adobe Shockwave Player-->C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log

BankID Security Application 4.10-->"C:\Program Files\Personal\bin\persinst.exe" -u

Feedidentifiering (Windows Live Toolbar)-->MsiExec.exe /X{39F73F7F-53C8-474C-B4D7-63DF3A063CF5}

FinePix Studio-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E3B3AB03-8ABC-46CF-8CA9-DB5581E1F368}\SETUP.EXE" -l0x9

FinePixViewer Resource-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B44529FF-501E-47CD-A06D-223C161BE058}\SETUP.EXE" -l0x9

FinePixViewer Ver.5.3-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{24ED4D80-8294-11D5-96CD-0040266301AD}\SETUP.EXE" -l0x9

FUJIFILM USB Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5490882C-6961-11D5-BAE5-00E0188E010B}\SETUP.EXE"

High Definition Audio Driver Package - KB888111-->"C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"

HighMAT Extension to Microsoft Windows XP CD Writing Wizard-->MsiExec.exe /X{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}

HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall

Hotfix for Windows Media Format SDK (KB902344)-->"C:\WINDOWS\$NtUninstallKB902344$\spuninst\spuninst.exe"

Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"

ImageMixer VCD2 LE for FinePix-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B093990A-AAF2-44AC-9216-14BB7A2189B6}\SETUP.EXE" -l0x9

Java 6 Update 2-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}

Java 6 Update 3-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}

Java 6 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}

Java 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}

Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"

Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"

Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}

Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}

Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28}

Microsoft Base Smart Card Cryptographic Service Provider Package-->"C:\WINDOWS\$NtUninstallbasecsp$\spuninst\spuninst.exe"

Microsoft Kernel-Mode Driver Framework Feature Pack 1.5-->"C:\WINDOWS\$NtUninstallWdf01005$\spuninst\spuninst.exe"

Microsoft Office Standard Edition 2003-->MsiExec.exe /I{9112041D-6000-11D3-8CFE-0150048383C9}

Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}

Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}

Mozilla Firefox (3.0.4)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe

MSVC80_x86-->MsiExec.exe /I{212748BB-0DA5-46DE-82A1-403736DC9F27}

MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}

MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}

MSXML 6.0 Parser (KB933579)-->MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}

neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}

Nokia Connectivity Cable Driver-->MsiExec.exe /X{4F1DCA42-2030-437C-A94E-736692A499C1}

Nokia Flashing Cable Driver-->MsiExec.exe /X{A4E0CA0F-1903-440A-9B98-FEA6CB049999}

Nokia PC Suite-->C:\Documents and Settings\All Users\Application Data\Installations\{0FC76B71-2534-4354-B255-3468578E3F47}\Nokia_PC_Suite_rel_6_86_9_0_swe_web.exe

Nokia PC Suite-->MsiExec.exe /I{0FC76B71-2534-4354-B255-3468578E3F47}

Nokia Software Updater-->MsiExec.exe /X{5D19E730-D3C6-47F4-AE4B-DCB26EC2D905}

Nordea NCR1 Installationspaket-->C:\Program Files\InstallShield Installation Information\{6411915E-FF96-4B7F-91FE-A3C864B3E317}\setup.exe -runfromtemp -l0x001d -removeonly

NVIDIA Drivers-->C:\WINDOWS\system32\NVUNINST.EXE UninstallGUI

OneCare Advisor (Windows Live Toolbar)-->MsiExec.exe /X{19B622A5-0956-4080-843C-53A2E378BE5E}

OpenOffice.org Installer 1.0-->MsiExec.exe /X{8DE292EC-FA26-4526-BFEB-3EE820E97005}

PC Connectivity Solution-->MsiExec.exe /I{AC599724-5755-48C1-ABE7-ABB857652930}

Picasa 2-->"C:\Program Files\Picasa2\Uninstall.exe"

Popup-blockeraren (Windows Live Toolbar)-->MsiExec.exe /X{14D9D3BE-531E-47BC-8746-92D391D3EA4A}

Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -l0x9 -removeonly

Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"

Security Update for Windows Media Player 10 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP10$\spuninst\spuninst.exe"

Security Update for Windows XP (KB923789)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf

Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"

Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"

Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"

Security Update for Windows XP (KB950759)-->"C:\WINDOWS\$NtUninstallKB950759$\spuninst\spuninst.exe"

Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"

Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"

Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"

Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"

Security Update for Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"

Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"

Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"

Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"

Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"

Security Update for Windows XP (KB953838)-->"C:\WINDOWS\$NtUninstallKB953838$\spuninst\spuninst.exe"

Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"

Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"

Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"

Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"

Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"

Security Update for Windows XP (KB956390)-->"C:\WINDOWS\$NtUninstallKB956390$\spuninst\spuninst.exe"

Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"

Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"

Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"

Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"

Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"

Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"

Security Update for Windows XP (KB958215)-->"C:\WINDOWS\$NtUninstallKB958215$\spuninst\spuninst.exe"

Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"

Smarta menyer (Windows Live Toolbar)-->MsiExec.exe /X{2770CB13-5093-4C94-A318-F103857E18B1}

Svenska Spels Poker-->C:\Casino\SVENSK~1\UNWISE.EXE C:\Casino\SVENSK~1\INSTALL.LOG

Telia Supportassistent-->"C:\Program Files\Telia\Supportassistent\unins000.exe"

Telia Säker Surf-->"C:\Program Files\Telia\Telias sakerhetstjanster\FSGUI\PostInstall.exe" /tUnInstall

The Sims 2 Kul för familjen - Prylpaket-->C:\Program Files\EA GAMES\The Sims 2 Kul för familjen - Prylpaket\EAUninstall.exe

The Sims 2 Studentliv-->C:\Program Files\EA GAMES\The Sims 2 Studentliv\EAUninstall.exe

The Sims 2-->C:\Program Files\EA GAMES\The Sims 2\EAUninstall.exe

The Sims™ 2 Djurliv-->C:\Program Files\EA GAMES\The Sims 2 Djurliv\EAUninstall.exe

The Sims™ 2 Glitter & Glamour Prylpaket-->C:\Program Files\EA GAMES\The Sims 2 Glitter & Glamour Prylpaket\EAUninstall.exe

The Sims™ 2 Jorden runt-->C:\Program Files\EA GAMES\The Sims 2 Jorden runt\EAUninstall.exe

The Sims™ 2 Året runt-->C:\Program Files\EA GAMES\The Sims 2 Året runt\EAUninstall.exe

Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"

Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"

Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"

Webbsökning med flikar (Windows Live Toolbar)-->MsiExec.exe /X{8785120E-5BBF-46DA-A225-15BA9D2B4D24}

Verktygsfältet Outlook (Windows Live Toolbar)-->MsiExec.exe /X{C757334D-4884-4C1D-AB60-7E038C019BBC}

Verktygsfältet Outlook (Windows Live Toolbar)-->MsiExec.exe /X{EDE8FB19-9809-445E-991A-AE51EFA7E653}

Windows Driver Package - Nokia Modem (03/05/2008 3.7)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\nokia_blue_635B28EFCFA9395123BB1C251595CB16129E2560\nokia_bluetooth.inf

Windows Driver Package - Nokia Modem (03/13/2008 6.86.0.1)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\nokbtmdm_28F2EAC406838DA65AFF6C6886FE9FE96AEF5186\nokbtmdm.inf

Windows Driver Package - Nokia pccsmcfd (10/12/2007 6.85.4.0)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\pccsmcfd_4A1E30386F4D0DEC8F5DF262CFBD8845EEBAB175\pccsmcfd.inf

Windows Genuine Advantage v1.3.0254.0-->MsiExec.exe /I{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}

Windows Imaging Component-->"C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"

Windows Live inloggningsassistenten-->MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}

Windows Live installer-->MsiExec.exe /X{E17F76BE-50E9-4E7C-ADF6-6D8F44A9C6F3}

Windows Live Mail-->MsiExec.exe /I{7664A2EF-34F5-42D2-8FD8-4FEF0047A929}

Windows Live Messenger-->MsiExec.exe /X{20503DFE-E5B2-491E-B2C5-8BCB5BF5B9E9}

Windows Live Photo Gallery-->MsiExec.exe /X{BAA6BD76-9B5A-4ED3-98BE-0127E8F14541}

Windows Live Toolbar Extension (Windows Live Toolbar)-->MsiExec.exe /X{64E09E82-610D-4FB9-8722-1D2D1CD65A6B}

Windows Live Toolbar-->"C:\Program Files\Windows Live Toolbar\UnInstall.exe" {45EA1531-5226-4FC4-9341-8D0C8CEC502F}

Windows Live Toolbar-->MsiExec.exe /X{45EA1531-5226-4FC4-9341-8D0C8CEC502F}

Windows Live Writer-->MsiExec.exe /X{8A16A4FC-B43F-46A6-8DB5-C42B145EBFBD}

Windows Media Connect-->"C:\WINDOWS\$NtUninstallWMCSetup$\spuninst\spuninst.exe"

Windows Media Format Runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll

Windows Media Format SDK Hotfix - KB891122-->"C:\WINDOWS\$NtUninstallKB891122$\spuninst\spuninst.exe"

Windows Media Player 10-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall

Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"

WinZip 11.2-->MsiExec.exe /X{CD95F661-A5C4-44F5-A6AA-ECDD91C240B6}

 

=====HijackThis Backups=====

 

O4 - HKLM\..\Run: [AutoUpdate_2] C:\WINDOWS\service.exe

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O4 - HKLM\..\Run: [AutoUpdate_3] C:\WINDOWS\iwedantar.exe

O4 - HKLM\..\Run: [MSAV] C:\WINDOWS\system32\msav.exe

 

======Security center information======

 

AV: Telia Säker Surf 7.00

FW: Telia Säker Surf 7.00

 

======Environment variables======

 

"ComSpec"=%SystemRoot%\system32\cmd.exe

"Path"=C:\Program Files\PC Connectivity Solution\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem

"windir"=%SystemRoot%

"FP_NO_HOST_CHECK"=NO

"OS"=Windows_NT

"PROCESSOR_ARCHITECTURE"=x86

"PROCESSOR_LEVEL"=15

"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 95 Stepping 2, AuthenticAMD

"PROCESSOR_REVISION"=5f02

"NUMBER_OF_PROCESSORS"=1

"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH

"TEMP"=%SystemRoot%\TEMP

"TMP"=%SystemRoot%\TEMP

 

-----------------EOF-----------------

[/log]

 

och här är den andra:

 

[log]

Logfile of random's system information tool 1.04 (written by random/random)

Run by Boddeliboddan at 2008-12-14 13:27:19

Microsoft Windows XP Home Edition Service Pack 3

System drive C: has 437 GB (93%) free of 472 GB

Total RAM: 895 MB (43% free)

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 13:27:21, on 2008-12-14

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\bgsvcgen.exe

C:\Program Files\Telia\Telias sakerhetstjanster\Anti-Virus\fsgk32st.exe

C:\Program Files\Telia\Telias sakerhetstjanster\Common\FSMA32.EXE

C:\Program Files\Telia\Telias sakerhetstjanster\Anti-Virus\FSGK32.EXE

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe

C:\Program Files\Telia\Telias sakerhetstjanster\Common\FSMB32.EXE

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\System32\snmp.exe

C:\Program Files\Telia\Supportassistent\bin\sprtsvc.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Telia\Telias sakerhetstjanster\Common\FCH32.EXE

C:\Program Files\Telia\Telias sakerhetstjanster\Common\FAMEH32.EXE

C:\Program Files\Telia\Telias sakerhetstjanster\Anti-Virus\fsqh.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Telia\Telias sakerhetstjanster\FSAUA\program\fsaua.exe

C:\Program Files\Telia\Telias sakerhetstjanster\Anti-Virus\fssm32.exe

C:\Program Files\Telia\Telias sakerhetstjanster\FWES\Program\fsdfwd.exe

C:\Program Files\Telia\Telias sakerhetstjanster\FSAUA\program\fsus.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Program Files\Telia\Supportassistent\bin\sprtcmd.exe

C:\Program Files\Telia\Telias sakerhetstjanster\Common\FSM32.EXE

C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe

C:\Program Files\Picasa2\PicasaMediaDetector.exe

C:\Program Files\Nokia\Nokia PC Suite 6\PCSync2.exe

C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe

C:\Program Files\Telia\Telias sakerhetstjanster\FSGUI\fsguidll.exe

C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

C:\Program Files\Personal\bin\Personal.exe

C:\Program Files\Telia\Telias sakerhetstjanster\Anti-Virus\fsav32.exe

C:\Program Files\FinePixViewer\QuickDCF2.exe

C:\Program Files\WinZip\WZQKPICK.EXE

C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe

C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe

C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe

C:\Documents and Settings\Boddeliboddan\Desktop\RSIT.exe

C:\Program Files\Trend Micro\HijackThis\Boddeliboddan.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O2 - BHO: Windows Live inloggningshjälpen - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll

O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN

O4 - HKLM\..\Run: [Telia] "C:\Program Files\Telia\Supportassistent\bin\sprtcmd.exe" /P Telia

O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Telia\Telias sakerhetstjanster\Common\FSM32.EXE" /splash

O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Telia\Telias sakerhetstjanster\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"

O4 - HKLM\..\Run: [AutoUpdate_4] C:\WINDOWS\svchost.exe

O4 - HKLM\..\Run: [MSAV] C:\WINDOWS\system32\msav.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe

O4 - HKCU\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSync2.exe" /NoDialog

O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: BankID Security Application.lnk = C:\Program Files\Personal\bin\Personal.exe

O4 - Global Startup: Exif Launcher 2.lnk = ?

O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE

O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm

O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Öppna på ny flik i bakgrunden - res://C:\Program Files\Windows Live Toolbar\Components\sv-se\msntabres.dll.mui/229?326047834e1547328bb65e715f8e8886

O8 - Extra context menu item: Öppna på ny flik i förgrunden - res://C:\Program Files\Windows Live Toolbar\Components\sv-se\msntabres.dll.mui/230?326047834e1547328bb65e715f8e8886

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra button: Blogga detta - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Blogga detta i Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Referensinformation - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/resources/MSNPUpld.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1137490676250

O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\system32\bgsvcgen.exe

O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\Telia\Telias sakerhetstjanster\Anti-Virus\fsgk32st.exe

O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\Telia\Telias sakerhetstjanster\FSAUA\program\fsaua.exe

O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Telia\Telias sakerhetstjanster\FWES\Program\fsdfwd.exe

O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\Telia\Telias sakerhetstjanster\Common\FSMA32.EXE

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

O23 - Service: SupportSoft Sprocket Service (telia) (sprtsvc_telia) - SupportSoft, Inc. - C:\Program Files\Telia\Supportassistent\bin\sprtsvc.exe

O23 - Service: SupportSoft RemoteAssist - SupportSoft, Inc. - C:\Program Files\Common Files\SupportSoft\bin\ssrc.exe

 

--

End of file - 9281 bytes

 

======Scheduled tasks folder======

 

C:\WINDOWS\tasks\Kontrollera uppdateringar för Windows Live Toolbar.job

 

======Registry dump======

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]

Adobe PDF Reader Link Helper - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2006-12-18 59032]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]

SSVHelper Class - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]

Windows Live inloggningshjälpen - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2007-09-20 328752]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}]

Windows Live Toolbar Helper - C:\Program Files\Windows Live Toolbar\msntb.dll [2007-10-19 546320]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - Windows Live Toolbar - C:\Program Files\Windows Live Toolbar\msntb.dll [2007-10-19 546320]

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2006-08-11 7630848]

"nwiz"=nwiz.exe /install []

"High Definition Audio Property Page Shortcut"=C:\WINDOWS\system32\HDAShCut.exe [2005-01-07 61952]

"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2006-08-11 86016]

"REGSHAVE"=C:\Program Files\REGSHAVE\REGSHAVE.EXE [2002-02-04 53248]

"Telia"=C:\Program Files\Telia\Supportassistent\bin\sprtcmd.exe [2008-10-16 201976]

"F-Secure Manager"=C:\Program Files\Telia\Telias sakerhetstjanster\Common\FSM32.EXE [2007-04-26 183208]

"F-Secure TNB"=C:\Program Files\Telia\Telias sakerhetstjanster\FSGUI\TNBUtil.exe [2007-04-26 740208]

"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]

"AutoUpdate_4"=C:\WINDOWS\svchost.exe []

"MSAV"=C:\WINDOWS\system32\msav.exe []

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

"MsnMsgr"=C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe [2007-10-18 5724184]

"Picasa Media Detector"=C:\Program Files\Picasa2\PicasaMediaDetector.exe [2007-09-28 443968]

"Nokia.PCSync"=C:\Program Files\Nokia\Nokia PC Suite 6\PCSync2.exe [2008-03-26 1232896]

"PC Suite Tray"=C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe [2008-03-28 1079296]

 

C:\Documents and Settings\All Users\Start Menu\Programs\Startup

Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

BankID Security Application.lnk - C:\Program Files\Personal\bin\Personal.exe

Exif Launcher 2.lnk - C:\Program Files\FinePixViewer\QuickDCF2.exe

WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SupportSoft RemoteAssist]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"dontdisplaylastusername"=0

"legalnoticecaption"=

"legalnoticetext"=

"shutdownwithoutlogon"=1

"undockwithoutlogon"=1

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoDriveTypeAutoRun"=157

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"C:\Program Files\BitTorrent_DNA\dna.exe"="C:\Program Files\BitTorrent_DNA\dna.exe:*:Enabled:BitTorrent DNA"

"C:\Program Files\BitTorrent\bittorrent.exe"="C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent"

"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"

"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

 

======List of files/folders created in the last 1 months======

 

2008-12-14 13:27:19 ----D---- C:\rsit

2008-12-13 22:43:00 ----D---- C:\Documents and Settings\Boddeliboddan\Application Data\Malwarebytes

2008-12-13 22:25:51 ----A---- C:\WINDOWS\ntbtlog.txt

2008-12-13 22:21:02 ----D---- C:\Program Files\Malwarebytes' Anti-Malware

2008-12-13 22:21:02 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes

2008-12-13 21:43:54 ----D---- C:\Program Files\Trend Micro

2008-12-10 23:38:09 ----HDC---- C:\WINDOWS\$NtUninstallKB955839$

2008-12-10 23:37:29 ----HDC---- C:\WINDOWS\$NtUninstallKB958215$

2008-12-10 23:37:11 ----HDC---- C:\WINDOWS\$NtUninstallKB952069_WM9$

2008-12-10 23:36:46 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$

2008-12-10 23:36:40 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$

2008-12-09 12:53:46 ----D---- C:\Program Files\Personal

2008-12-02 07:16:27 ----D---- C:\Documents and Settings\Boddeliboddan\Application Data\Nero

2008-12-02 00:10:59 ----D---- C:\Documents and Settings\All Users\Application Data\Nero

2008-12-02 00:10:58 ----D---- C:\Program Files\Common Files\Nero

2008-12-02 00:10:44 ----A---- C:\WINDOWS\system32\d3dx9_30.dll

2008-12-02 00:02:08 ----A---- C:\WINDOWS\iwedantar.exe

2008-12-02 00:00:46 ----AH---- C:\MsInstaller.exe

 

======List of files/folders modified in the last 1 months======

 

2008-12-14 13:27:11 ----D---- C:\WINDOWS\Prefetch

2008-12-14 13:26:42 ----D---- C:\WINDOWS\Temp

2008-12-14 13:26:13 ----D---- C:\WINDOWS\system32\CatRoot2

2008-12-14 13:24:00 ----D---- C:\WINDOWS\system32

2008-12-14 13:21:42 ----A---- C:\WINDOWS\SchedLgU.Txt

2008-12-13 22:52:16 ----D---- C:\WINDOWS\system32\drivers

2008-12-13 22:50:47 ----D---- C:\WINDOWS

2008-12-13 22:48:11 ----D---- C:\Program Files\Mozilla Firefox

2008-12-13 22:21:02 ----D---- C:\Program Files

2008-12-13 20:47:38 ----HD---- C:\WINDOWS\inf

2008-12-11 16:52:14 ----D---- C:\Program Files\FinePixViewer

2008-12-11 14:00:02 ----D---- C:\WINDOWS\system32\wbem

2008-12-11 14:00:02 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI

2008-12-10 23:38:05 ----SHD---- C:\Config.Msi

2008-12-10 23:38:01 ----SHD---- C:\WINDOWS\Installer

2008-12-10 23:37:58 ----A---- C:\WINDOWS\win.ini

2008-12-10 23:37:34 ----A---- C:\WINDOWS\imsins.BAK

2008-12-10 23:37:33 ----RSHDC---- C:\WINDOWS\system32\dllcache

2008-12-10 23:37:28 ----D---- C:\WINDOWS\$hf_mig$

2008-12-09 23:24:38 ----A---- C:\WINDOWS\system32\MRT.exe

2008-12-02 07:15:54 ----A---- C:\WINDOWS\system32\svchost.exe

2008-12-02 00:10:58 ----D---- C:\Program Files\Common Files

2008-12-02 00:10:46 ----D---- C:\WINDOWS\system32\DirectX

2008-12-01 22:34:22 ----D---- C:\Documents and Settings\Boddeliboddan\Application Data\BitTorrent

2008-11-19 10:50:53 ----D---- C:\WINDOWS\Help

 

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

 

R1 F-Secure HIPS;F-Secure HIPS; \??\C:\Program Files\Telia\Telias sakerhetstjanster\HIPS\fshs.sys []

R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]

R3 F-Secure Gatekeeper;F-Secure Gatekeeper; \??\C:\Program Files\Telia\Telias sakerhetstjanster\Anti-Virus\minifilter\fsgk.sys []

R3 HdAudAddService;Microsoft UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\HdAudio.sys [2005-01-07 145920]

R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]

R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]

R3 MTsensor;ATK0110 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ASACPI.sys [2004-08-13 5810]

R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2006-08-11 3958496]

R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2006-06-29 57856]

R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2006-06-29 20480]

R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]

R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]

R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]

R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]

R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]

S3 E100B;Intel® PRO Adapter Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2001-08-17 117760]

S3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]

S3 nmwcd;Nokia USB Phone Parent; C:\WINDOWS\system32\drivers\ccdcmb.sys [2007-11-29 16896]

S3 nmwcdc;Nokia USB Generic; C:\WINDOWS\system32\drivers\ccdcmbo.sys [2007-11-29 19328]

S3 nmwcdnsu;Nokia USB Flashing Phone Parent; C:\WINDOWS\system32\drivers\nmwcdnsu.sys [2008-02-01 138112]

S3 nmwcdnsuc;Nokia USB Flashing Generic; C:\WINDOWS\system32\drivers\nmwcdnsuc.sys [2008-02-01 8320]

S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2007-09-17 21632]

S3 TdsNordecr;Nordea NCR1 SmartCard Reader; C:\WINDOWS\system32\DRIVERS\nordecr.sys [2007-10-30 23040]

S3 upperdev;upperdev; C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys [2007-11-29 8064]

S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]

S3 usbser;Nokia USB Serial Port; C:\WINDOWS\system32\DRIVERS\usbser.sys [2008-04-13 26112]

S3 UsbserFilt;UsbserFilt; C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys [2007-11-29 8064]

S3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]

S4 F-Secure Filter;F-Secure File System Filter; \??\C:\Program Files\Telia\Telias sakerhetstjanster\Anti-Virus\Win2K\FSfilter.sys []

S4 F-Secure Recognizer;F-Secure File System Recognizer; \??\C:\Program Files\Telia\Telias sakerhetstjanster\Anti-Virus\Win2K\FSrec.sys []

S4 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-04 12032]

 

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

 

R2 aawservice;Ad-Aware 2007 Service; C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe [2007-09-13 566616]

R2 bgsvcgen;B's Recorder GOLD Library General Service; C:\WINDOWS\system32\bgsvcgen.exe [2005-04-30 86016]

R2 F-Secure Gatekeeper Handler Starter;FSGKHS; C:\Program Files\Telia\Telias sakerhetstjanster\Anti-Virus\fsgk32st.exe [2007-04-26 48072]

R2 FSMA;F-Secure Management Agent; C:\Program Files\Telia\Telias sakerhetstjanster\Common\FSMA32.EXE [2007-04-26 113576]

R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]

R2 Nero BackItUp Scheduler 4.0;Nero BackItUp Scheduler 4.0; C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe [2008-09-24 935208]

R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2006-08-11 155715]

R2 SNMP;SNMP Service; C:\WINDOWS\System32\snmp.exe [2008-04-14 33280]

R2 sprtsvc_telia;SupportSoft Sprocket Service (telia); C:\Program Files\Telia\Supportassistent\bin\sprtsvc.exe [2008-10-16 202016]

R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-01-28 38912]

R3 FSAUA;F-Secure Automatic Update Agent; C:\Program Files\Telia\Telias sakerhetstjanster\FSAUA\program\fsaua.exe [2007-04-26 457584]

R3 FSDFWD;F-Secure Anti-Virus Firewall Daemon; C:\Program Files\Telia\Telias sakerhetstjanster\FWES\Program\fsdfwd.exe [2007-04-26 453488]

R3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2008-04-07 430592]

S2 SupportSoft RemoteAssist;SupportSoft RemoteAssist; C:\Program Files\Common Files\SupportSoft\bin\ssrc.exe [2008-10-16 382320]

S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]

S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]

S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-01-04 136120]

S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]

S3 SNMPTRAP;SNMP Trap Service; C:\WINDOWS\System32\snmptrap.exe [2008-04-14 8704]

S3 usnjsvc;Messenger Sharing Folders USN Journal Reader Service; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]

S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]

S3 WMConnectCDS;Windows Media Connect Service; C:\Program Files\Windows Media Connect 2\wmccds.exe [2005-10-06 855552]

 

-----------------EOF-----------------

[/log]

 

Stort tack för att du hjälper mig!

 

Link to comment
Share on other sites

 

[log]Scanna med Hijack bocka i följande rader stäng Web-läsaren och klicka Fix checked

 

O4 - HKLM\..\Run: [AutoUpdate_4] C:\WINDOWS\svchost.exe

O4 - HKLM\..\Run: [MSAV] C:\WINDOWS\system32\msav.exe

 

sen ta bort

 

C:\WINDOWS\iwedantar.exe

 

Scanna denna fil i länken och ta bort den om den är infekterad

 

C:\MsInstaller.exe

 

http://www.virustotal.com/[/log]

 

Link to comment
Share on other sites

Flera larm.

 

Här är listan.

 

[log]

Antivirus Version Senaste Uppdatering Resultat

AhnLab-V3 2008.12.12.2 2008.12.14 -

AntiVir 7.9.0.45 2008.12.12 TR/Crypt.XPACK.Gen

Authentium 5.1.0.4 2008.12.13 -

Avast 4.8.1281.0 2008.12.13 Win32:VB-KPE

AVG 8.0.0.199 2008.12.13 VB.FNI

BitDefender 7.2 2008.12.14 Trojan.Generic.1221772

CAT-QuickHeal 10.00 2008.12.13 -

ClamAV 0.94.1 2008.12.14 -

Comodo 749 2008.12.13 -

DrWeb 4.44.0.09170 2008.12.14 -

eSafe 7.0.17.0 2008.12.14 Suspicious File

eTrust-Vet 31.6.6258 2008.12.12 -

Ewido 4.0 2008.12.14 -

F-Prot 4.4.4.56 2008.12.12 -

F-Secure 8.0.14332.0 2008.12.14 -

Fortinet 3.117.0.0 2008.12.14 -

GData 19 2008.12.14 Trojan.Generic.1221772

Ikarus T3.1.1.45.0 2008.12.14 Virus.Win32.VB

K7AntiVirus 7.10.553 2008.12.13 -

Kaspersky 7.0.0.125 2008.12.14 -

McAfee 5463 2008.12.13 Generic.dx

McAfee+Artemis 5463 2008.12.13 Generic.dx

Microsoft 1.4205 2008.12.14 Trojan:Win32/Piptea.A

NOD32 3689 2008.12.14 Win32/VB.NTN

Norman 5.80.02 2008.12.12 -

Panda 9.0.0.4 2008.12.14 Generic Trojan

PCTools 4.4.2.0 2008.12.14 -

Prevx1 V2 2008.12.14 -

Rising 21.07.62.00 2008.12.14 -

SecureWeb-Gateway 6.7.6 2008.12.12 Trojan.Crypt.XPACK.Gen

Sophos 4.36.0 2008.12.14 Sus/Behav-273

Sunbelt 3.2.1801.2 2008.12.11 -

Symantec 10 2008.12.14 -

TheHacker 6.3.1.4.187 2008.12.13 -

TrendMicro 8.700.0.1004 2008.12.12 -

VBA32 3.12.8.10 2008.12.13 Win32.VB.NTN

ViRobot 2008.12.12.1514 2008.12.12 -

VirusBuster 4.5.11.0 2008.12.13 -

 

[/log]

 

Hur får jag bort filen?

 

Link to comment
Share on other sites

 

[log]Öppna Hijack

Open the Misc Tools section

Delete a file on reboot

 

sen kopiera filen

 

C:\MsInstaller.exe

 

och klistra in i filnamnfältet....öppna och svara ja och starta om datorn[/log]

 

Link to comment
Share on other sites

Det låter ju trevligt!

 

Finns det nån mera skanning jag kan göra för att försäkra mig att så är fallet?

 

Den där TDSSserv som jag tidigare inaktiverade? Vad är det? Roten till det onda, eller ska den aktiveras igen?

 

 

 

Link to comment
Share on other sites

 

[log]

Roten till det onda, eller ska den aktiveras igen?

 

Jep och välj avinstallera om den syns där

 

Finns det nån mera skanning jag kan göra för att försäkra mig att så är fallet?

 

Kör .ex Kapersky online scan[/log]

 

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.



×
×
  • Create New...