Behöver hjälp med att få bort virus/Skadligt program

21 januari, 2009

Nej tyvärr finns ingen sådan. Bara att det är Trojan.win32.Agent

och att det står Systemangrepp(ett eller flera) 1329kb

22 januari, 2009

Här kommer loggarna:

[log]Logfile of The Avenger Version 2.0, © by Swandog46

http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.

Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.

Hidden driver "UACd.sys" found!

ImagePath: \systemroot\system32\drivers\UAComxjecpx.sys

Start Type: 1 (System)

Rootkit scan completed.

Completed script processing.

*******************

Finished! Terminate.

[/log]

[log]

SDFix: Version 1.240

Run by demo on 2009-01-22 at 01:20

Microsoft Windows XP [Version 5.1.2600]

Running From: C:\Documents and Settings\demo\Skrivbord\SDFix

Checking Services :

Restoring Default Security Values

Restoring Default Hosts File

Rebooting

Checking Files :

Trojan Files Found:

C:\DOCUME~1\demo\LOKALA~1\Temp\TMP1E.tmp - Deleted

C:\DOCUME~1\demo\LOKALA~1\Temp\TMP20.tmp - Deleted

C:\DOCUME~1\demo\LOKALA~1\Temp\TMP24.tmp - Deleted

Removing Temp Files

ADS Check :

Final Check :

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-01-22 01:52:19

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

disk error: C:\WINDOWS\system32\config\system, 0

scanning hidden registry entries ...

disk error: C:\WINDOWS\system32\config\software, 0

disk error: C:\Documents and Settings\demo\ntuser.dat, 0

scanning hidden files ...

disk error: C:\WINDOWS

please note that you need administrator rights to perform deep scan

Remaining Services :

Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

"C:\\Program\\LimeWire\\LimeWire.exe"="C:\\Program\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"

"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"C:\\Program\\Pando Networks\\Pando\\pando.exe"="C:\\Program\\Pando Networks\\Pando\\pando.exe:*:Enabled:Pando Application"

"C:\\Program\\Microsoft Office\\Office12\\OUTLOOK.EXE"="C:\\Program\\Microsoft Office\\Office12\\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"

"C:\\Program\\Microsoft Office\\Office12\\GROOVE.EXE"="C:\\Program\\Microsoft Office\\Office12\\GROOVE.EXE:*:Enabled:Microsoft Office Groove"

"C:\\Program\\Microsoft Office\\Office12\\ONENOTE.EXE"="C:\\Program\\Microsoft Office\\Office12\\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"

"C:\\Program\\Sony Ericsson\\Sony Ericsson Media Manager\\MediaManager.exe"="C:\\Program\\Sony Ericsson\\Sony Ericsson Media Manager\\MediaManager.exe:*:Enabled:Sony Ericsson Media Manager 1.2"

"C:\\Program\\MSN Messenger\\msnmsgr.exe"="C:\\Program\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"

"C:\\Program\\MSN Messenger\\livecall.exe"="C:\\Program\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

"C:\\Program\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"="C:\\Program\\HP\\Digital Imaging\\bin\\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"

"C:\\Program\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"="C:\\Program\\HP\\Digital Imaging\\bin\\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"

"C:\\Program\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"="C:\\Program\\HP\\Digital Imaging\\bin\\hpqnrs08.exe:*:Enabled:hpqnrs08.exe"

"C:\\Program\\Bonjour\\mDNSResponder.exe"="C:\\Program\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"

"C:\\Program\\INCREDIMAIL\\bin\\IMApp.exe"="C:\\Program\\INCREDIMAIL\\bin\\IMApp.exe:*:Enabled:IncrediMail"

"C:\\Program\\INCREDIMAIL\\bin\\IncMail.exe"="C:\\Program\\INCREDIMAIL\\bin\\IncMail.exe:*:Enabled:IncrediMail"

"C:\\Program\\INCREDIMAIL\\bin\\ImpCnt.exe"="C:\\Program\\INCREDIMAIL\\bin\\ImpCnt.exe:*:Enabled:IncrediMail"

"C:\\WINDOWS\\explorer.exe"="C:\\WINDOWS\\explorer.exe:*:Enabled:Explorer"

"C:\\Program\\Skype\\Phone\\Skype.exe"="C:\\Program\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"

"C:\\WINDOWS\\system32\\winlogon.exe"="C:\\WINDOWS\\system32\\winlogon.exe:*:Enabled:winlogon"

"C:\\Program\\Telia\\Supportassistent\\bin\\sprtsvc.exe"="C:\\Program\\Telia\\Supportassistent\\bin\\sprtsvc.exe:*:Enabled:sprtsvc"

"C:\\WINDOWS\\system32\\lsass.exe"="C:\\WINDOWS\\system32\\lsass.exe:*:Enabled:lsass"

"C:\\Program\\Telia\\Telias Sakerhetstjanster\\Common\\FSMB32.EXE"="C:\\Program\\Telia\\Telias Sakerhetstjanster\\Common\\FSMB32.EXE:*:Enabled:FSMB32"

"C:\\Program\\Java\\jre6\\bin\\jqs.exe"="C:\\Program\\Java\\jre6\\bin\\jqs.exe:*:Enabled:jqs"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"C:\\Program\\MSN Messenger\\msnmsgr.exe"="C:\\Program\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"

"C:\\Program\\MSN Messenger\\livecall.exe"="C:\\Program\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

Remaining Files :

File Backups: - C:\DOCUME~1\demo\SKRIVB~1\SDFix\backups\backups.zip

Files with Hidden Attributes :

Thu 14 Sep 2006 88 ..SH. --- "C:\WINDOWS\system32\9A53DD19E0.sys"

--- 63,145 A.SH. --- "C:\WINDOWS\system32\bawisayo.dll"

Wed 21 Jan 2009 100,548 A.SH. --- "C:\WINDOWS\system32\bigojuko.dll"

--- 2,048 A.SH. --- "C:\WINDOWS\system32\bonafanu.dll"

--- 63,145 A.SH. --- "C:\WINDOWS\system32\hozifofe.dll"

Wed 21 Jan 2009 2,723 ..SH. --- "C:\WINDOWS\system32\jorajuyi.dll"

Sun 18 Jan 2009 3,610 A.SH. --- "C:\WINDOWS\system32\KGyGaAvL.sys"

Wed 21 Jan 2009 100,584 A.SH. --- "C:\WINDOWS\system32\lobiwaja.dll"

Wed 21 Jan 2009 2,723 ..SH. --- "C:\WINDOWS\system32\mizedodi.dll"

Wed 21 Jan 2009 100,086 A.SH. --- "C:\WINDOWS\system32\nazehogi.dll"

--- 63,571 A.SH. --- "C:\WINDOWS\system32\nukizani.dll.tmp"

Tue 20 Jan 2009 133,758 A.SH. --- "C:\WINDOWS\system32\nxdjef.dll"

Wed 21 Jan 2009 63,145 A.SH. --- "C:\WINDOWS\system32\pakiguwu.dll"

--- 63,145 A.SH. --- "C:\WINDOWS\system32\poroyoju.dll"

Tue 20 Jan 2009 133,758 A.SH. --- "C:\WINDOWS\system32\tukuhegu.dll"

Tue 20 Jan 2009 100,598 A.SH. --- "C:\WINDOWS\system32\vajoneyo.dll"

Wed 21 Jan 2009 86,261 A.SH. --- "C:\WINDOWS\system32\vodawoja.dll"

--- 63,571 A.SH. --- "C:\WINDOWS\system32\vuranune.dll.tmp"

--- 63,571 A.SH. --- "C:\WINDOWS\system32\wigudozi.dll.tmp"

Tue 20 Jan 2009 87,286 A.SH. --- "C:\WINDOWS\system32\yayosiyi.dll"

Wed 21 Jan 2009 87,227 A.SH. --- "C:\WINDOWS\system32\zafufovi.dll"

Wed 21 Jan 2009 101,028 A.SH. --- "C:\WINDOWS\system32\zilisehu.dll"

Sat 13 Dec 2008 8 ..SHR --- "C:\Documents and Settings\All Users\Application Data\8F17593C1D.sys"

Mon 15 Dec 2008 2,516 A.SH. --- "C:\Documents and Settings\All Users\Application Data\KGyGaAvL.sys"

Thu 24 Aug 2006 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"

Fri 23 May 2008 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"

Finished!

[/log]

[log]OTViewIt logfile created on: 2009-01-22 09:42:34 - Run 2

OTViewIt by OldTimer - Version 1.0.21.0 Folder = C:\Documents and Settings\demo\Skrivbord

Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 7.0.5730.13)

Locale: 0000041D | Country: Sverige | Language: SVE | Date Format: yyyy-MM-dd

959,48 Mb Total Physical Memory | 381,47 Mb Available Physical Memory | 39,76% Memory free

1,51 Gb Paging File | 0,94 Gb Available in Paging File | 62,49% Paging File free

Paging file location(s): C:\pagefile.sys 672 1344;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program

Drive C: | 233,75 Gb Total Space | 139,67 Gb Free Space | 59,75% Space Free | Partition Type: NTFS

D: Drive not present or media not loaded

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Computer Name: ÅSA

Current User Name: demo

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: Current user

Whitelist: On

File Age = 30 Days

========== Processes ==========

[2006-11-03 19:19:58 | 00,013,592 | ---- | M] (Microsoft Corporation) -- C:\Program\Windows Defender\MsMpEng.exe

[2008-11-07 14:28:16 | 00,132,424 | ---- | M] (Apple Inc.) -- C:\Program\Delade filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

[2008-08-29 10:18:44 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program\Bonjour\mDNSResponder.exe

[2008-09-23 14:35:14 | 00,215,648 | ---- | M] (F-Secure Corporation) -- C:\Program\Telia\Telias Sakerhetstjanster\Anti-Virus\fsgk32st.exe

[2008-09-23 14:37:18 | 00,117,400 | ---- | M] (F-Secure Corporation) -- C:\Program\Telia\Telias Sakerhetstjanster\Common\FSMA32.EXE

[2009-01-16 18:52:59 | 00,440,448 | ---- | M] (F-Secure Corp.) -- C:\Program\Telia\Telias Sakerhetstjanster\Anti-Virus\fsgk32.exe

[2008-09-23 14:37:20 | 00,232,088 | ---- | M] (F-Secure Corporation) -- C:\Program\Telia\Telias Sakerhetstjanster\Common\FSMB32.EXE

[2009-01-20 19:31:48 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program\Java\jre6\bin\jqs.exe

[2003-06-19 22:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program\Delade filer\Microsoft Shared\VS7Debug\MDM.EXE

[2006-03-03 21:03:10 | 00,069,632 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe

[2006-12-12 13:10:10 | 00,174,656 | ---- | M] () -- C:\WINDOWS\system32\PSIService.exe

[2008-09-23 14:37:18 | 00,125,592 | ---- | M] (F-Secure Corporation) -- C:\Program\Telia\Telias Sakerhetstjanster\Common\FCH32.EXE

[2007-07-24 11:15:14 | 00,185,632 | ---- | M] (Protexis Inc.) -- c:\Program\Delade filer\Protexis\License Service\PsiService_2.exe

[2008-10-16 10:07:50 | 00,202,016 | ---- | M] (SupportSoft, Inc.) -- C:\Program\Telia\Supportassistent\bin\sprtsvc.exe

[2008-09-23 14:37:18 | 00,404,064 | ---- | M] (F-Secure Corporation) -- C:\Program\Telia\Telias Sakerhetstjanster\Common\FAMEH32.EXE

[2008-09-23 14:35:14 | 00,043,680 | ---- | M] (F-Secure Corporation) -- C:\Program\Telia\Telias Sakerhetstjanster\Anti-Virus\fsqh.exe

[2006-11-15 09:49:34 | 00,912,384 | ---- | M] (Microsoft Corporation) -- C:\Program\Windows Media Player\wmpnetwk.exe

[2008-09-23 14:34:32 | 00,490,080 | ---- | M] (F-Secure Corporation) -- C:\Program\Telia\Telias Sakerhetstjanster\FSAUA\program\fsaua.exe

[2009-01-16 18:53:00 | 00,519,816 | ---- | M] (F-Secure Corp.) -- C:\Program\Telia\Telias Sakerhetstjanster\Anti-Virus\fssm32.exe

[2008-09-23 14:37:54 | 00,055,904 | ---- | M] (F-Secure Corporation) -- C:\Program\Telia\Telias Sakerhetstjanster\ORSP Client\fsorsp.exe

[2008-09-23 14:35:40 | 00,510,560 | ---- | M] (F-Secure Corporation) -- C:\Program\Telia\Telias Sakerhetstjanster\FWES\program\fsdfwd.exe

[2008-10-07 11:34:00 | 00,174,688 | ---- | M] (F-Secure Corporation) -- C:\Program\Telia\Telias Sakerhetstjanster\FSAUA\program\fsus.exe

[2008-09-23 14:35:12 | 00,344,160 | ---- | M] (F-Secure Corporation) -- C:\Program\Telia\Telias Sakerhetstjanster\Anti-Virus\fsav32.exe

[2005-03-07 20:33:28 | 00,053,248 | ---- | M] (S3 Graphics, Inc.) -- C:\WINDOWS\system32\VTTimer.exe

[2008-09-23 14:37:18 | 00,182,936 | ---- | M] (F-Secure Corporation) -- C:\Program\Telia\Telias Sakerhetstjanster\Common\FSM32.EXE

[2005-07-15 22:48:33 | 00,479,232 | ---- | M] (Google Inc.) -- C:\Program\Google\Gmail Notifier\gnotify.exe

[2006-11-03 19:20:12 | 00,866,584 | ---- | M] (Microsoft Corporation) -- C:\Program\Windows Defender\MSASCui.exe

[2008-04-14 20:35:20 | 00,033,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rundll32.exe

[2008-09-23 14:36:54 | 00,604,768 | ---- | M] (F-Secure Corporation) -- C:\Program\Telia\Telias Sakerhetstjanster\FSGUI\fsguidll.exe

[2005-07-29 16:56:54 | 00,598,016 | ---- | M] (Ralink Technology, Corp.) -- C:\Program\RALINK\Common\RaUI.exe

[2008-10-15 08:06:26 | 00,633,632 | ---- | M] (Microsoft Corporation) -- C:\Program\Internet Explorer\iexplore.exe

[2007-05-10 09:35:50 | 00,102,400 | ---- | M] () -- C:\WINDOWS\system32\OBroker.exe

[2009-01-21 12:17:28 | 00,422,912 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\demo\Skrivbord\OTViewIt.exe

========== (O23) Win32 Services ==========

[2008-11-07 14:28:16 | 00,132,424 | ---- | M] (Apple Inc.) -- C:\Program\Delade filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Running])

[2007-10-24 00:47:22 | 00,033,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])

[2008-08-29 10:18:44 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Running])

[2007-10-24 00:47:40 | 00,070,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])

[2008-09-23 14:35:14 | 00,215,648 | ---- | M] (F-Secure Corporation) -- C:\Program\Telia\Telias Sakerhetstjanster\Anti-Virus\fsgk32st.exe -- (F-Secure Gatekeeper Handler Starter [Auto | Running])

[2009-01-12 14:16:02 | 00,654,848 | ---- | M] (Macrovision Europe Ltd.) -- C:\Program\Delade filer\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service [On_Demand | Stopped])

[2008-09-23 14:34:32 | 00,490,080 | ---- | M] (F-Secure Corporation) -- C:\Program\Telia\Telias Sakerhetstjanster\FSAUA\program\fsaua.exe -- (FSAUA [On_Demand | Running])

[2008-09-23 14:35:40 | 00,510,560 | ---- | M] (F-Secure Corporation) -- C:\Program\Telia\Telias Sakerhetstjanster\FWES\program\fsdfwd.exe -- (FSDFWD [On_Demand | Running])

[2008-09-23 14:37:18 | 00,117,400 | ---- | M] (F-Secure Corporation) -- C:\Program\Telia\Telias Sakerhetstjanster\Common\FSMA32.EXE -- (FSMA [Auto | Running])

[2008-09-23 14:37:54 | 00,055,904 | ---- | M] (F-Secure Corporation) -- C:\Program\Telia\Telias Sakerhetstjanster\ORSP Client\fsorsp.exe -- (FSORSPClient [On_Demand | Running])

File not found -- -- (gusvc [Disabled | Stopped])

[2005-05-20 10:37:12 | 00,081,920 | ---- | M] (Hewlett-Packard Company) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE -- (HP Port Resolver [On_Demand | Stopped])

[2004-10-16 05:31:06 | 00,073,728 | ---- | M] (Hewlett-Packard Company) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE -- (HP Status Server [On_Demand | Stopped])

[2009-01-20 19:31:48 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])

[2003-06-19 22:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program\Delade filer\Microsoft Shared\VS7Debug\MDM.EXE -- (MDM [Auto | Running])

[2007-08-24 05:59:20 | 00,068,464 | ---- | M] (Microsoft Corporation) -- C:\Program\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service [On_Demand | Stopped])

[2007-08-24 02:19:12 | 00,443,776 | ---- | M] (Microsoft Corporation) -- C:\Program\Delade filer\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv [On_Demand | Stopped])

[2006-10-26 13:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- C:\Program\Delade filer\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])

[2006-03-03 21:03:10 | 00,069,632 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12 [unknown | Running])

[2006-12-12 13:10:10 | 00,174,656 | ---- | M] () -- C:\WINDOWS\system32\PSIService.exe -- (ProtexisLicensing [Auto | Running])

[2007-07-24 11:15:14 | 00,185,632 | ---- | M] (Protexis Inc.) -- c:\Program\Delade filer\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2 [Auto | Running])

[2004-08-04 13:00:00 | 00,031,232 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\sc.exe -- (SC [On_Demand | Stopped])

[2008-10-16 10:07:50 | 00,202,016 | ---- | M] (SupportSoft, Inc.) -- C:\Program\Telia\Supportassistent\bin\sprtsvc.exe -- (sprtsvc_telia [Auto | Running])

[2008-10-16 10:07:04 | 00,382,320 | ---- | M] (SupportSoft, Inc.) -- C:\Program\Delade filer\SupportSoft\bin\ssrc.exe -- (SupportSoft RemoteAssist [Auto | Stopped])

[2007-01-19 12:54:14 | 00,097,136 | ---- | M] (Microsoft Corporation) -- C:\Program\MSN Messenger\usnsvc.exe -- (usnjsvc [On_Demand | Stopped])

[2006-11-03 19:19:58 | 00,013,592 | ---- | M] (Microsoft Corporation) -- C:\Program\Windows Defender\MsMpEng.exe -- (WinDefend [Auto | Running])

[2006-11-15 09:49:34 | 00,912,384 | ---- | M] (Microsoft Corporation) -- C:\Program\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc [Auto | Running])

========== Driver Services ==========

[2006-12-28 12:18:37 | 00,020,747 | ---- | M] (Meetinghouse Data Communications) -- C:\WINDOWS\system32\drivers\AegisP.sys -- (AegisP [Auto | Running])

[2005-08-19 10:31:52 | 03,644,800 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM [On_Demand | Running])

[2008-09-23 14:35:18 | 00,039,776 | ---- | M] () -- C:\Program\Telia\Telias Sakerhetstjanster\Anti-Virus\win2k\fsfilter.sys -- (F-Secure Filter [Disabled | Stopped])

[2009-01-16 18:53:15 | 00,084,096 | ---- | M] () -- C:\Program\Telia\Telias Sakerhetstjanster\Anti-Virus\minifilter\fsgk.sys -- (F-Secure Gatekeeper [On_Demand | Running])

[2008-09-23 14:37:06 | 00,066,720 | ---- | M] (F-Secure Corporation) -- C:\Program\Telia\Telias Sakerhetstjanster\HIPS\drivers\fshs.sys -- (F-Secure HIPS [system | Running])

[2008-09-23 14:35:18 | 00,025,184 | ---- | M] () -- C:\Program\Telia\Telias Sakerhetstjanster\Anti-Virus\win2k\fsrec.sys -- (F-Secure Recognizer [Disabled | Stopped])

[2005-03-18 09:39:04 | 00,042,496 | ---- | M] (VIA Technologies, Inc. ) -- C:\WINDOWS\system32\drivers\fetnd5bv.sys -- (FETND5BV [On_Demand | Stopped])

[2001-08-17 21:13:08 | 00,027,165 | ---- | M] (VIA Technologies, Inc. ) -- C:\WINDOWS\system32\drivers\fetnd5.sys -- (FETNDIS [On_Demand | Stopped])

[2008-10-31 10:29:35 | 00,030,856 | ---- | M] () -- C:\WINDOWS\system32\drivers\fsbts.sys -- (fsbts [boot | Running])

[2008-09-23 14:35:38 | 00,079,904 | ---- | M] (F-Secure Corporation) -- C:\WINDOWS\system32\drivers\fsdfw.sys -- (FSFW [boot | Running])

[2008-04-13 23:06:42 | 00,046,464 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\gagp30kx.sys -- (gagp30kx [boot | Running])

[2006-04-13 01:04:39 | 00,049,664 | ---- | M] (HP) -- C:\WINDOWS\system32\drivers\HPZid412.sys -- (HPZid412 [On_Demand | Stopped])

[2006-04-13 01:04:39 | 00,016,496 | ---- | M] (HP) -- C:\WINDOWS\system32\drivers\HPZipr12.sys -- (HPZipr12 [On_Demand | Stopped])

[2006-04-13 01:04:39 | 00,021,568 | ---- | M] (HP) -- C:\WINDOWS\system32\drivers\HPZius12.sys -- (HPZius12 [On_Demand | Stopped])

[2005-08-15 10:08:26 | 00,005,888 | ---- | M] (Ahead Software AG) -- C:\WINDOWS\system32\drivers\imagedrv.sys -- (imagedrv [boot | Running])

[2005-08-15 10:08:26 | 00,127,488 | ---- | M] (Ahead Software AG) -- C:\WINDOWS\system32\drivers\imagesrv.sys -- (imagesrv [boot | Running])

[2008-04-14 20:11:36 | 00,014,720 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\kbdhid.sys -- (kbdhid [system | Stopped])

[2008-02-18 16:29:16 | 00,096,256 | ---- | M] (MagicISO, Inc.) -- C:\WINDOWS\system32\drivers\mcdbus.sys -- (mcdbus [On_Demand | Running])

[2007-06-10 23:58:48 | 00,047,360 | ---- | M] (VSO Software) -- C:\WINDOWS\system32\drivers\pcouffin.sys -- (Pcouffin [On_Demand | Running])

[2004-08-04 13:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink [On_Demand | Running])

[2007-03-08 00:51:00 | 00,043,528 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\pxhelp20.sys -- (PxHelp20 [boot | Running])

[2005-07-29 11:44:08 | 00,340,992 | ---- | M] (Ralink Technology Inc.) -- C:\WINDOWS\system32\drivers\rt61.sys -- (RT61 [On_Demand | Running])

[2008-05-27 10:41:46 | 00,090,536 | ---- | M] (MCCI Corporation) -- C:\WINDOWS\system32\drivers\s0017bus.sys -- (s0017bus [On_Demand | Stopped])

[2008-05-27 10:41:46 | 00,015,016 | ---- | M] (MCCI Corporation) -- C:\WINDOWS\system32\drivers\s0017mdfl.sys -- (s0017mdfl [On_Demand | Stopped])

[2008-05-27 10:41:46 | 00,122,152 | ---- | M] (MCCI Corporation) -- C:\WINDOWS\system32\drivers\s0017mdm.sys -- (s0017mdm [On_Demand | Stopped])

[2008-05-27 10:41:44 | 00,115,496 | ---- | M] (MCCI Corporation) -- C:\WINDOWS\system32\drivers\s0017mgmt.sys -- (s0017mgmt [On_Demand | Stopped])

[2008-05-27 10:41:44 | 00,025,768 | ---- | M] (MCCI Corporation) -- C:\WINDOWS\system32\drivers\s0017nd5.sys -- (s0017nd5 [On_Demand | Stopped])

[2008-05-27 10:41:46 | 00,111,912 | ---- | M] (MCCI Corporation) -- C:\WINDOWS\system32\drivers\s0017obex.sys -- (s0017obex [On_Demand | Stopped])

[2008-05-27 10:41:46 | 00,117,672 | ---- | M] (MCCI Corporation) -- C:\WINDOWS\system32\drivers\s0017unic.sys -- (s0017unic [On_Demand | Stopped])

[2006-05-01 12:16:22 | 00,061,600 | ---- | M] (MCCI) -- C:\WINDOWS\system32\drivers\SE2Ebus.sys -- (SE2Ebus [On_Demand | Stopped])

[2006-05-01 12:17:12 | 00,009,360 | ---- | M] (MCCI) -- C:\WINDOWS\system32\drivers\SE2Emdfl.sys -- (SE2Emdfl [On_Demand | Stopped])

[2006-05-01 12:17:16 | 00,097,184 | ---- | M] (MCCI) -- C:\WINDOWS\system32\drivers\SE2Emdm.sys -- (SE2Emdm [On_Demand | Stopped])

[2006-05-01 12:18:04 | 00,088,688 | ---- | M] (MCCI) -- C:\WINDOWS\system32\drivers\SE2Emgmt.sys -- (SE2Emgmt [On_Demand | Stopped])

[2006-05-01 12:15:50 | 00,018,704 | ---- | M] (MCCI) -- C:\WINDOWS\system32\drivers\se2End5.sys -- (se2End5 [On_Demand | Stopped])

[2006-05-01 12:18:54 | 00,086,560 | ---- | M] (MCCI) -- C:\WINDOWS\system32\drivers\SE2Eobex.sys -- (SE2Eobex [On_Demand | Stopped])

[2006-05-01 12:15:44 | 00,090,800 | ---- | M] (MCCI) -- C:\WINDOWS\system32\drivers\se2Eunic.sys -- (se2Eunic [On_Demand | Stopped])

[2007-11-13 11:25:56 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv [On_Demand | Stopped])

[2008-07-06 09:11:37 | 00,717,296 | ---- | M] () -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd [boot | Running])

[2006-03-13 15:49:54 | 00,060,800 | ---- | M] (MCCI) -- C:\WINDOWS\system32\drivers\w300bus.sys -- (w300bus [On_Demand | Stopped])

[2006-03-13 15:50:00 | 00,009,264 | ---- | M] (MCCI) -- C:\WINDOWS\system32\drivers\w300mdfl.sys -- (w300mdfl [On_Demand | Stopped])

[2006-03-13 15:50:02 | 00,096,352 | ---- | M] (MCCI) -- C:\WINDOWS\system32\drivers\w300mdm.sys -- (w300mdm [On_Demand | Stopped])

[2006-03-13 15:50:06 | 00,087,824 | ---- | M] (MCCI) -- C:\WINDOWS\system32\drivers\w300mgmt.sys -- (w300mgmt [On_Demand | Stopped])

[2006-03-13 15:50:08 | 00,085,696 | ---- | M] (MCCI) -- C:\WINDOWS\system32\drivers\w300obex.sys -- (w300obex [On_Demand | Stopped])

[2004-08-04 13:00:00 | 00,012,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ws2ifsl.sys -- (WS2IFSL [Disabled | Stopped])

========== (R ) Internet Explorer ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]

"Default_Page_URL"=http://se.msn.com/

"Default_Search_URL"=http://go.microsoft.com/fwlink/?LinkId=54896

"Default_Secondary_Page_URL"=

"Extensions Off Page"=about:NoAdd-ons

"Local Page"=%SystemRoot%\system32\blank.htm

"Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896

"Secondary Start Pages"=

"Security Risk Page"=about:SecurityRisk

"Start Page"=http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search]

"CustomizeSearch"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm

"SearchAssistant"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]

"Local Page"=C:\WINDOWS\system32\blank.htm

"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

"SearchDefaultBranded"=

"Start Page"=http://www.superstart.se/

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Search]

"Default_Search_URL"=http://www.google.com/ie

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchURL]

""=http://www.google.com/search?q=%s

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]

"ProxyEnable" = 0

"ProxyOverride" = *.local

========== (O1) Hosts File ==========

HOSTS File = (686 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts

First 25 entries...

127.0.0.1 localhost

========== (O2) BHO's ==========

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\]

{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (HKLM) -- C:\Program\Delade filer\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

{39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} (HKLM) -- C:\Program\BitComet\tools\BitCometBHO_1.2.8.7.dll (BitComet)

{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

{72853161-30C5-4D22-B7F9-0BBC1D38A37E} (HKLM) -- C:\Program\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)

{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (HKLM) -- C:\Program\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)

{7DB2C2A7-F750-4794-9151-504E130C2F0D} (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

{7E853D72-626A-48EC-A868-BA8D5E23E045} (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

{80413143-4d48-4f15-968e-b57e726c95ed} (HKLM) -- C:\WINDOWS\system32\lpyvfe.dll ()

{9030D464-4C02-4ABF-8ECC-5164760863C6} (HKLM) -- C:\Program\Delade filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)

{9758ed3c-650c-4acb-8a29-56c6f97c5420} (HKLM) -- C:\WINDOWS\system32\poroyoju.dll ()

{AA58ED58-01DD-4d91-8333-CF10577473F7} (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

{DBC80044-A445-435b-BC74-9C25C1C588A9} (HKLM) -- C:\Program\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)

{E7E6F031-17CE-4C07-BC86-EABFE594F69C} (HKLM) -- C:\Program\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)

========== (O3) Toolbars ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]

"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser]

"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

"{855F3B16-6D32-4FE6-8A56-BBB695989046}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

"{BC4FFE41-DE9F-46FA-B455-AAD49B9F9938}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

========== (O4) Run Keys ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"=C:\Program\Google\Gmail Notifier\gnotify.exe (Google Inc.)

"64c3d9f7"=rundll32.exe "C:\WINDOWS\system32\kiyituhe.dll",b ()

"CPM67f0ea6b"=Rundll32.exe "c:\windows\system32\kiratero.dll",a ()

"F-Secure Manager"="C:\Program\Telia\Telias Sakerhetstjanster\Common\FSM32.EXE" /splash (F-Secure Corporation)

"F-Secure TNB"="C:\Program\Telia\Telias Sakerhetstjanster\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW (F-Secure Corporation)

"pewugayefi"=Rundll32.exe "C:\WINDOWS\system32\bawisayo.dll",s ()

"Windows Defender"="C:\Program\Windows Defender\MSASCui.exe" -hide (Microsoft Corporation)

"VTTimer"=VTTimer.exe (S3 Graphics, Inc.)

========== (O4) Startup Folders ==========

[2005-07-29 16:56:54 | 00,598,016 | ---- | M] (Ralink Technology, Corp.) -- C:\Documents and Settings\All Users\Start-meny\Program\Autostart\Ralink Wireless Utility.lnk = C:\Program\RALINK\Common\RaUI.exe

========== (O6 & O7) Current Version Policies ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]

"NoDriveAutoRun"=67108863

"NoDriveTypeAutoRun"=255

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]

"dontdisplaylastusername"=0

"legalnoticecaption"=

"legalnoticetext"=

"shutdownwithoutlogon"=1

"undockwithoutlogon"=1

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]

"NoDriveTypeAutoRun"=36

"NoDriveAutoRun"=FF FF FF FF [binary data]

========== (O8) IE Context Menu Extensions ==========

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\]

&D&ownload &with BitComet: C:\Program\BitComet\BitComet.exe [2006-06-23 18:00:33 | 03,394,048 | ---- | M] (www.BitComet.com)

&D&ownload all video with BitComet: C:\Program\BitComet\BitComet.exe [2006-06-23 18:00:33 | 03,394,048 | ---- | M] (www.BitComet.com)

&D&ownload all with BitComet: C:\Program\BitComet\BitComet.exe [2006-06-23 18:00:33 | 03,394,048 | ---- | M] (www.BitComet.com)

E&xport to Microsoft Excel: C:\Program\Microsoft Office\Office12\EXCEL.EXE [2008-10-18 18:30:22 | 17,931,616 | ---- | M] (Microsoft Corporation)

E&xportera till Microsoft Excel: C:\Program\MICROS~2\OFFICE11\EXCEL.EXE File not found

========== (O9) IE Extensions ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\]

{08B0E5C0-4FCB-11CF-AAA5-00401C608501}: Menu: Sun Java-konsol -- %ProgramFiles%\Java\jre6\bin\npjpi160_11.dll [2009-01-20 19:31:48 | 00,132,504 | ---- | M] (Sun Microsystems, Inc.)

{2670000A-7350-4f3c-8081-5663EE0C6C49}: Button: Send to OneNote -- %ProgramFiles%\Microsoft Office\Office12\ONBttnIE.dll [2007-12-13 02:20:58 | 00,606,288 | ---- | M] (Microsoft Corporation)

{2670000A-7350-4f3c-8081-5663EE0C6C49}: Menu: S&end to OneNote -- %ProgramFiles%\Microsoft Office\Office12\ONBttnIE.dll [2007-12-13 02:20:58 | 00,606,288 | ---- | M] (Microsoft Corporation)

{D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A}: Button: BitComet -- %ProgramFiles%\BitComet\tools\BitCometBHO_1.2.8.7.dll [2008-08-11 09:12:14 | 00,656,696 | ---- | M] (BitComet)

{e2e2dd38-d088-4134-82b7-f2ba38496583}: Menu: @xpsp3res.dll,-20001 -- %SystemRoot%\network diagnostic\xpnetdiag.exe [2008-04-13 23:23:34 | 00,558,080 | ---- | M] (Microsoft Corporation)

{FB5F1910-F110-11d2-BB9E-00C04F795683}: Button: Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2008-04-14 20:35:14 | 01,695,232 | ---- | M] (Microsoft Corporation)

{FB5F1910-F110-11d2-BB9E-00C04F795683}: Menu: Windows Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2008-04-14 20:35:14 | 01,695,232 | ---- | M] (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\]

CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %ProgramFiles%\Java\jre6\bin\npjpi160_11.dll [sun Java-konsol] -> [2009-01-20 19:31:48 | 00,132,504 | ---- | M] (Sun Microsystems, Inc.)

CmdMapping\\{300DB664-75B5-47c0-8B45-A44ACCF73C00} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found

CmdMapping\\{77BF5300-1474-4EC7-9980-D32B190E9B07} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found

CmdMapping\\{85d1f590-48f4-11d9-9669-0800200c9a66} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found

CmdMapping\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found

CmdMapping\\{e2e2dd38-d088-4134-82b7-f2ba38496583} [HKLM] -> %SystemRoot%\network diagnostic\xpnetdiag.exe [@xpsp3res.dll,-20001] -> [2008-04-13 23:23:34 | 00,558,080 | ---- | M] (Microsoft Corporation)

CmdMapping\\{E59EB121-F339-4851-A3BA-FE49C35617C2} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found

CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008-04-14 20:35:14 | 01,695,232 | ---- | M] (Microsoft Corporation)

========== (O12) Internet Explorer Plugins ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\]

PluginsPage: "" = http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s

PluginsPageFriendlyName: "" = Microsoft ActiveX Gallery

========== (O13) Default Prefixes ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix]

""=http://

========== (O15) Trusted Sites ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]

33 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]

36 domain(s) and sub-domain(s) not assigned to a zone.

========== (O16) DPF ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\]

{0000000A-0000-0010-8000-00AA00389B71}: http://download.microsoft.com/download/d/4/4/d446e8a9-3a86-4b59-bb19-f5bd11b40367/wmavax.CAB -- Reg Error: Key does not exist or could not be opened.

{02BCC737-B171-4746-94C9-0D8A0B2C0089}: http://office.microsoft.com/templates/ieawsdc.cab -- Microsoft Office Template and Media Control

{02BF25D5-8C17-4B23-BC80-D3488ABDDC6B}: http://a1540.g.akamai.net/7/1540/52/20061205/qtinstall.info.apple.com/qtactivex/qtplugin.cab -- QuickTime Object

{149E45D8-163E-4189-86FC-45022AB2B6C9}: file:///C:/Program/Mahjong%20Escape%20-%20Ancient%20Japan/Images/stg_drm.ocx -- SpinTop DRM Control

{166B1BCA-3F9C-11CF-8075-444553540000}: http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab -- Reg Error: Key does not exist or could not be opened.

{17492023-C23A-453E-A040-C7C580BBF700}: http://download.microsoft.com/download/3/9/8/398422c0-8d3e-40e1-a617-af65a72a0465/LegitCheckControl.cab -- Windows Genuine Advantage Validation Tool

{193C772A-87BE-4B19-A7BB-445B226FE9A1}: http://downloads.ewido.net/ewidoOnlineScan.cab -- ewidoOnlineScan Control

{33564D57-0000-0010-8000-00AA00389B71}: http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB -- Reg Error: Key does not exist or could not be opened.

{4F1E5B1A-2A80-42CA-8532-2D05CB959537}: http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab -- MSN Photo Upload Tool

{5CD4310E-88FB-43C1-BE24-5F3FA9C5C9D1}: http://www.tvlution.com/KooPlayer.ocx -- KooPlayer Control

{5CE72DD0-4695-4D18-A4D3-3367ACD37578}: http://support.f-secure.com/enu/home/onlineservices/fshc/fscax.cab -- F-Secure Health Check 1.0

{5D86DDB5-BDF9-441B-9E9E-D4730F4EE499}: http://download.bitdefender.com/resources/scan8/oscan8.cab -- BDSCANONLINE Control

{6414512B-B978-451D-A0D8-FCFDF33E833C}: http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1229892791343 -- WUWebControl Class

{6E32070A-766D-4EE6-879C-DC1FA91D2FC3}: http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1229892772593 -- MUWebControl Class

{6E5E167B-1566-4316-B27F-0DDAB3484CF7}: http://www.gordinegenbok.se/photos/upload/ImageUploader4.cab -- Image Uploader Control

{8AD9C840-044E-11D1-B3E9-00805F499D93}: http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab'>http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab'>http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab -- Java Plug-in 1.6.0_11

{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}: http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab -- Reg Error: Key does not exist or could not be opened.

{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab -- Java Plug-in 1.6.0_11

{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab -- Java Plug-in 1.6.0_11

{CC450D71-CC90-424C-8638-1F2DBAC87A54}: -- ArmHelper Control

{D27CDB6E-AE6D-11CF-96B8-444553540000}: http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab -- Shockwave Flash Object

{D821DC4A-0814-435E-9820-661C543A4679}: http://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx -- CRLDownloadWrapper Class

{DE22A7AB-A739-4C58-AD52-21F9CD6306B7}: http://download.microsoft.com/download/7/E/6/7E6A8567-DFE4-4624-87C3-163549BE2704/clearadj.cab -- CTAdjust Class

{F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6}: http://chat.msn.com/controls/msnchat45.cab -- MSN Chat Control 4.5

========== (O17) DNS Name Servers ==========

{01F61E3A-02B5-4888-A695-A62082B3C9E7} (Servers: | Description: Ralink Turbo Wireless LAN Card)

{02146876-DE64-4D9E-9677-5E6642BB959A} (Servers: | Description: VIA Rhine II Fast Ethernet Adapter)

{07F7F18E-CEDB-4EC1-B8AA-57AF14721DE4} (Servers: | Description: )

{AC3C8547-D8E9-425F-9BD3-B5665985E778} (Servers: | Description: Sony Ericsson Device 046 USB Ethernet Emulation (NDIS 5))

{D96B03E5-B687-4816-AD6D-D4713A31EDAB} (Servers: | Description: Sony Ericsson Device 0017 USB Ethernet Emulation (NDIS 5))

========== (O20) AppInit_DLLs ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"AppInit_Dlls"=C:\WINDOWS\system32\hozifofe.dll lpyvfe.dll c:\windows\system32\kiratero.dll

>[1601-01-01 01:12:31 | 00,063,145 | -HS- | M] () -- C:\WINDOWS\system32\hozifofe.dll

>[2009-01-22 09:36:56 | 00,134,376 | -HS- | M] () -- C:\WINDOWS\system32\lpyvfe.dll

>[2009-01-22 09:36:55 | 00,101,184 | -HS- | M] () -- c:\WINDOWS\system32\kiratero.dll

========== (O20) Winlogon Notify Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\]

jkkHyXQK: "DllName" = jkkHyXQK.dll -- File not found

========== (O21) SSODL Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]

"CDBurn"={fbeb8a05-beee-4442-804e-409d6c4515e9} (HKLM) -- CLSID or file not found.

"SSODL"={EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} (HKLM) -- c:\WINDOWS\system32\kiratero.dll ()

========== (O22) Shared Task Scheduler ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]

"{EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4}" (HKLM) = STS -- c:\WINDOWS\system32\kiratero.dll ()

========== Shell Execute Hooks ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]

"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}" (HKLM) -- C:\Program\Windows Defender\MpShHook.dll (Microsoft Corporation)

"{56F9679E-7826-4C84-81F3-532071A8BCC5}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}" (HKLM) -- C:\Program\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)

========== LSA *Authentication Packages* ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]

"Authentication Packages"=msv1_0,C:\WINDOWS\system32\byXNfFyX,

>File not found --

========== Safeboot Options ==========

"AlternateShell"=cmd.exe

========== CDRom AutoRun Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]

"AutoRun" = 1

========== Autorun Files on Drives ==========

AUTOEXEC.BAT []

[2005-01-01 01:54:15 | 00,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT -- [ NTFS ]

========== Files/Folders - Created Within 30 Days ==========

[4 C:\WINDOWS\*.tmp files]

File not found -- C:\Documents and Settings\demo\Skrivbord\FW_ VB_ Städning...

[2009-01-22 09:39:17 | 01,401,122 | -HS- | C] () -- C:\WINDOWS\System32\ehutiyik.ini

[2009-01-22 09:36:57 | 00,134,376 | -HS- | C] () -- C:\WINDOWS\System32\lpyvfe.dll

[2009-01-21 18:06:18 | 00,000,000 | ---D | C] -- C:\Documents and Settings\demo\Skrivbord\Ny mapp

[2009-01-21 17:21:08 | 00,334,720 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\Documents and Settings\demo\Skrivbord\RootkitRevealer.exe

[2009-01-21 17:21:08 | 00,102,160 | ---- | C] () -- C:\Documents and Settings\demo\Skrivbord\RootkitRevealer.chm

[2009-01-21 17:15:59 | 01,401,679 | -HS- | C] () -- C:\WINDOWS\System32\ajowadov.ini

[2009-01-21 14:52:38 | 00,811,008 | ---- | C] () -- C:\Documents and Settings\demo\Skrivbord\gmer.exe

[2009-01-21 14:14:37 | 00,000,000 | ---D | C] -- C:\Avenger

[2009-01-21 14:08:52 | 00,731,136 | ---- | C] () -- C:\Documents and Settings\demo\Skrivbord\avenger.exe

[2009-01-21 13:58:18 | 01,401,347 | -HS- | C] () -- C:\WINDOWS\System32\uferogis.ini

[2009-01-21 13:57:06 | 00,002,723 | -HS- | C] () -- C:\WINDOWS\System32\jorajuyi.dll

[2009-01-21 13:13:25 | 01,401,338 | -HS- | C] () -- C:\WINDOWS\System32\ekogogat.ini

[2009-01-21 12:39:53 | 01,401,338 | -HS- | C] () -- C:\WINDOWS\System32\ibimason.ini

[2009-01-21 12:21:16 | 00,002,723 | -HS- | C] () -- C:\WINDOWS\System32\mizedodi.dll

[2009-01-21 12:17:20 | 00,422,912 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\demo\Skrivbord\OTViewIt.exe

[2009-01-21 08:02:09 | 03,048,327 | ---- | C] () -- C:\Documents and Settings\demo\Skrivbord\ComboFix.exe

@Alternate Data Stream - 0 bytes -> C:\Documents and Settings\demo\Skrivbord\ComboFix.exe:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}

[2009-01-21 00:43:47 | 00,015,504 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2009-01-21 00:43:47 | 00,000,695 | ---- | C] () -- C:\Documents and Settings\All Users\Skrivbord\Malwarebytes' Anti-Malware.lnk

[2009-01-21 00:43:43 | 00,038,496 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys

[2009-01-21 00:29:41 | 00,000,423 | ---- | C] () -- C:\Documents and Settings\demo\Skrivbord\Genväg till Program.lnk

[2009-01-21 00:08:08 | 01,399,263 | -HS- | C] () -- C:\WINDOWS\System32\ivofufaz.ini

[2009-01-20 23:32:52 | 00,578,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\user32.dll

[2009-01-20 22:38:10 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERUNT

[2009-01-20 22:25:41 | 00,000,000 | ---D | C] -- C:\Documents and Settings\demo\Skrivbord\SDFix

[2009-01-20 22:09:52 | 01,529,241 | ---- | C] () -- C:\Documents and Settings\demo\Skrivbord\SDFix.exe

[2009-01-20 19:25:05 | 00,000,000 | ---D | C] -- C:\Program\Malwarebytes' Anti-Malware

[2009-01-20 19:23:28 | 02,737,808 | ---- | C] (Malwarebytes Corporation ) -- C:\Program\mbam-setup(2).exe

[2009-01-20 19:17:38 | 02,737,808 | ---- | C] (Malwarebytes Corporation ) -- C:\Program\mbam-setup.exe

[2009-01-20 17:45:07 | 00,001,709 | ---- | C] () -- C:\Documents and Settings\demo\Skrivbord\HijackThis.lnk

[2009-01-20 17:44:05 | 00,812,344 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\demo\Skrivbord\HJTInstall(2).exe

[2009-01-20 17:34:53 | 00,812,344 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\demo\Skrivbord\HJTInstall.exe

[2009-01-20 16:02:46 | 00,000,000 | ---D | C] -- C:\WINDOWS\Minidump

[2009-01-20 12:06:22 | 01,374,353 | -HS- | C] () -- C:\WINDOWS\System32\iyisoyay.ini

[2009-01-20 12:06:20 | 00,133,758 | -HS- | C] (SoftComplete Development) -- C:\WINDOWS\System32\nxdjef.dll

[2009-01-20 11:17:47 | 01,423,596 | -HS- | C] () -- C:\WINDOWS\System32\pjawwjuq.ini

[2009-01-20 11:17:31 | 01,423,596 | -HS- | C] () -- C:\WINDOWS\System32\fsajnqxj.ini

[2009-01-20 11:16:39 | 01,126,294 | -HS- | C] () -- C:\WINDOWS\System32\XyFfNXyb.ini2

[2009-01-20 11:16:39 | 01,126,007 | -HS- | C] () -- C:\WINDOWS\System32\XyFfNXyb.ini

[2009-01-20 11:01:50 | 00,000,000 | ---D | C] -- C:\Documents and Settings\demo\Application Data\cogad

[2009-01-20 11:00:59 | 00,000,314 | ---- | C] () -- C:\WINDOWS\tasks\uhfwqauh.job

[2009-01-20 11:00:57 | 00,047,104 | ---- | C] () -- C:\WINDOWS\System32\wvUoMcaa.dll

[2009-01-20 10:54:46 | 00,000,000 | ---D | C] -- C:\Program\INCREDIMAIL

[2009-01-17 19:34:09 | 00,000,043 | ---- | C] () -- C:\WINDOWS\System32\screenSaver.tra

[2009-01-17 19:34:09 | 00,000,026 | ---- | C] () -- C:\WINDOWS\System32\sound.tra

[2009-01-17 19:34:09 | 00,000,026 | ---- | C] () -- C:\WINDOWS\System32\nFrame.tra

[2009-01-17 19:34:09 | 00,000,026 | ---- | C] () -- C:\WINDOWS\System32\JkmFile.tra

[2009-01-17 19:34:09 | 00,000,026 | ---- | C] () -- C:\WINDOWS\System32\files.tra

[2009-01-17 17:44:23 | 00,000,000 | ---D | C] -- C:\Program\3D Sea Aquarium

[2009-01-13 14:41:29 | 00,000,000 | ---D | C] -- C:\Program\QuickTime

[2009-01-13 14:38:12 | 00,000,272 | ---- | C] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job

[2009-01-13 14:38:02 | 00,000,000 | ---D | C] -- C:\Program\Apple Software Update

[2009-01-12 14:25:31 | 00,000,000 | ---D | C] -- C:\Program\Bonjour

[2009-01-12 14:16:02 | 00,000,000 | ---D | C] -- C:\Program\Delade filer\Macrovision Shared

[2009-01-12 07:51:32 | 00,792,197 | ---- | C] () -- C:\Program\MozBackup-1.4.8-EN.exe

[2009-01-11 13:17:23 | 00,000,000 | ---D | C] -- C:\Documents and Settings\demo\Mina dokument\Media Now

[2009-01-03 15:43:19 | 00,000,478 | ---- | C] () -- C:\Documents and Settings\demo\Skrivbord\Genväg till Mina Filmer.lnk

[2008-12-29 18:15:11 | 00,000,318 | -H-- | C] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job

[2008-12-28 15:53:08 | 00,000,000 | ---D | C] -- C:\SWEDEK

[2008-12-27 13:24:32 | 00,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat

[2008-12-27 13:24:28 | 00,000,000 | ---D | C] -- C:\Documents and Settings\demo\Application Data\skypePM

[2008-12-27 13:23:07 | 00,000,000 | ---D | C] -- C:\Program\Skype

[2008-12-27 13:23:05 | 00,000,000 | ---D | C] -- C:\Program\Delade filer\Skype

[2008-12-27 13:21:24 | 22,260,008 | ---- | C] (Skype Technologies S.A.) -- C:\Program\SkypeSetup.exe

========== Files - Modified Within 30 Days ==========

[4 C:\WINDOWS\System32\*.tmp files]

[4 C:\WINDOWS\*.tmp files]

File not found -- C:\Documents and Settings\demo\Skrivbord\FW_ VB_ Städning...

[2009-01-22 09:44:12 | 00,006,456 | -H-- | M] () -- C:\WINDOWS\System32\tumupopo

[2009-01-22 09:39:42 | 00,000,318 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job

[2009-01-22 09:39:21 | 01,401,122 | -HS- | M] () -- C:\WINDOWS\System32\ehutiyik.ini

[2009-01-22 09:38:47 | 00,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2009-01-22 09:36:56 | 00,134,376 | -HS- | M] (SoftComplete Development) -- C:\WINDOWS\System32\dowileyi.dll

[2009-01-22 09:36:56 | 00,134,376 | -HS- | M] () -- C:\WINDOWS\System32\lpyvfe.dll

[2009-01-22 09:36:55 | 00,101,184 | -HS- | M] () -- C:\WINDOWS\System32\kiratero.dll

[2009-01-22 09:36:55 | 00,086,132 | -HS- | M] () -- C:\WINDOWS\System32\kiyituhe.dll

[2009-01-22 09:36:23 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT

[2009-01-22 09:36:19 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2009-01-22 01:38:36 | 00,000,570 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled scanning task.job

[2009-01-22 01:23:39 | 00,000,686 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\HOSTS

[2009-01-22 00:00:00 | 00,000,314 | ---- | M] () -- C:\WINDOWS\tasks\uhfwqauh.job

[2009-01-21 22:35:03 | 00,000,898 | ---- | M] () -- C:\WINDOWS\win.ini

[2009-01-21 22:35:03 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini

[2009-01-21 22:35:03 | 00,000,211 | -HS- | M] () -- C:\boot.ini

[2009-01-21 17:16:10 | 01,401,679 | -HS- | M] () -- C:\WINDOWS\System32\ajowadov.ini

[2009-01-21 17:15:58 | 00,100,584 | -HS- | M] (SoftComplete Development) -- C:\WINDOWS\System32\lobiwaja.dll

[2009-01-21 17:15:58 | 00,086,261 | -HS- | M] (SoftComplete Development) -- C:\WINDOWS\System32\vodawoja.dll

[2009-01-21 14:27:28 | 01,401,347 | -HS- | M] () -- C:\WINDOWS\System32\uferogis.ini

[2009-01-21 14:23:52 | 00,063,145 | -HS- | M] (SoftComplete Development) -- C:\WINDOWS\System32\pakiguwu.dll

[2009-01-21 13:58:16 | 00,100,548 | -HS- | M] (SoftComplete Development) -- C:\WINDOWS\System32\bigojuko.dll

[2009-01-21 13:57:06 | 00,002,723 | -HS- | M] () -- C:\WINDOWS\System32\jorajuyi.dll

[2009-01-21 13:13:28 | 01,401,338 | -HS- | M] () -- C:\WINDOWS\System32\ekogogat.ini

[2009-01-21 13:13:22 | 00,100,051 | ---- | M] (SoftComplete Development) -- C:\WINDOWS\System32\wolopase.dll

[2009-01-21 12:40:20 | 01,401,338 | -HS- | M] () -- C:\WINDOWS\System32\ibimason.ini

[2009-01-21 12:39:51 | 00,101,028 | -HS- | M] (SoftComplete Development) -- C:\WINDOWS\System32\zilisehu.dll

[2009-01-21 12:21:16 | 00,002,723 | -HS- | M] () -- C:\WINDOWS\System32\mizedodi.dll

[2009-01-21 12:17:28 | 00,422,912 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\demo\Skrivbord\OTViewIt.exe

[2009-01-21 08:41:15 | 00,000,202 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini

[2009-01-21 08:02:20 | 03,048,327 | ---- | M] () -- C:\Documents and Settings\demo\Skrivbord\ComboFix.exe

@Alternate Data Stream - 0 bytes -> C:\Documents and Settings\demo\Skrivbord\ComboFix.exe:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}

[2009-01-21 07:50:01 | 00,000,272 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job

[2009-01-21 01:44:11 | 01,399,263 | -HS- | M] () -- C:\WINDOWS\System32\ivofufaz.ini

[2009-01-21 00:43:47 | 00,000,695 | ---- | M] () -- C:\Documents and Settings\All Users\Skrivbord\Malwarebytes' Anti-Malware.lnk

[2009-01-21 00:29:41 | 00,000,423 | ---- | M] () -- C:\Documents and Settings\demo\Skrivbord\Genväg till Program.lnk

[2009-01-21 00:20:27 | 00,000,631 | ---- | M] () -- C:\Documents and Settings\demo\Mina dokument\Mina delade mappar.lnk

[2009-01-21 00:06:29 | 00,100,086 | -HS- | M] (SoftComplete Development) -- C:\WINDOWS\System32\nazehogi.dll

[2009-01-21 00:06:28 | 00,087,227 | -HS- | M] (SoftComplete Development) -- C:\WINDOWS\System32\zafufovi.dll

[2009-01-20 23:32:52 | 00,578,560 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\user32.dll

[2009-01-20 22:09:56 | 01,529,241 | ---- | M] () -- C:\Documents and Settings\demo\Skrivbord\SDFix.exe

[2009-01-20 17:45:07 | 00,001,709 | ---- | M] () -- C:\Documents and Settings\demo\Skrivbord\HijackThis.lnk

[2009-01-20 17:44:08 | 00,812,344 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\demo\Skrivbord\HJTInstall(2).exe

[2009-01-20 17:41:21 | 00,133,144 | ---- | M] () -- C:\Documents and Settings\demo\Lokala inställningar\Application Data\GDIPFONTCACHEV1.DAT

[2009-01-20 17:40:49 | 01,737,072 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2009-01-20 17:34:54 | 00,812,344 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\demo\Skrivbord\HJTInstall.exe

[2009-01-20 17:31:30 | 01,374,353 | -HS- | M] () -- C:\WINDOWS\System32\iyisoyay.ini

[2009-01-20 12:15:09 | 00,000,043 | ---- | M] () -- C:\WINDOWS\System32\screenSaver.tra

[2009-01-20 12:15:09 | 00,000,026 | ---- | M] () -- C:\WINDOWS\System32\sound.tra

[2009-01-20 12:15:09 | 00,000,026 | ---- | M] () -- C:\WINDOWS\System32\nFrame.tra

[2009-01-20 12:15:09 | 00,000,026 | ---- | M] () -- C:\WINDOWS\System32\JkmFile.tra

[2009-01-20 12:15:09 | 00,000,026 | ---- | M] () -- C:\WINDOWS\System32\files.tra

[2009-01-20 12:06:19 | 00,100,598 | -HS- | M] (SoftComplete Development) -- C:\WINDOWS\System32\vajoneyo.dll

[2009-01-20 12:06:18 | 00,133,758 | -HS- | M] (SoftComplete Development) -- C:\WINDOWS\System32\tukuhegu.dll

[2009-01-20 12:06:18 | 00,133,758 | -HS- | M] (SoftComplete Development) -- C:\WINDOWS\System32\nxdjef.dll

[2009-01-20 12:06:18 | 00,087,286 | -HS- | M] (SoftComplete Development) -- C:\WINDOWS\System32\yayosiyi.dll

[2009-01-20 11:25:09 | 01,126,007 | -HS- | M] () -- C:\WINDOWS\System32\XyFfNXyb.ini

[2009-01-20 11:24:14 | 01,126,294 | -HS- | M] () -- C:\WINDOWS\System32\XyFfNXyb.ini2

[2009-01-20 11:17:52 | 01,423,596 | -HS- | M] () -- C:\WINDOWS\System32\pjawwjuq.ini

[2009-01-20 11:17:38 | 01,423,596 | -HS- | M] () -- C:\WINDOWS\System32\fsajnqxj.ini

[2009-01-20 11:00:57 | 00,047,104 | ---- | M] () -- C:\WINDOWS\System32\wvUoMcaa.dll

[2009-01-18 21:37:34 | 00,003,610 | -HS- | M] () -- C:\WINDOWS\System32\KGyGaAvL.sys

[2009-01-14 16:11:32 | 00,038,496 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys

[2009-01-14 16:11:28 | 00,015,504 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2009-01-07 22:47:04 | 00,296,448 | ---- | M] () -- C:\WINDOWS\Xenofex.ini

[2009-01-03 15:43:19 | 00,000,478 | ---- | M] () -- C:\Documents and Settings\demo\Skrivbord\Genväg till Mina Filmer.lnk

[2008-12-27 13:24:32 | 00,000,056 | -H-- | M] () -- C:\WINDOWS\System32\ezsidmv.dat

< End of report >

[/log]

22 januari, 2009

Har du gjort återställningskonsolen? För det kan vara bra att ha om något går fel.

Kopiera in följande i Anteckningar:

Files to delete:
C:\WINDOWS\system32\bawisayo.dll
C:\WINDOWS\system32\bigojuko.dll
C:\WINDOWS\system32\bonafanu.dll
C:\WINDOWS\system32\hozifofe.dll
C:\WINDOWS\system32\jorajuyi.dll
C:\WINDOWS\system32\lobiwaja.dll
C:\WINDOWS\system32\mizedodi.dll
C:\WINDOWS\system32\nazehogi.dll
C:\WINDOWS\system32\nukizani.dll.tmp
C:\WINDOWS\system32\nxdjef.dll
C:\WINDOWS\system32\pakiguwu.dll
C:\WINDOWS\system32\poroyoju.dll
C:\WINDOWS\system32\tukuhegu.dll
C:\WINDOWS\system32\vajoneyo.dll
C:\WINDOWS\system32\vodawoja.dll
C:\WINDOWS\system32\vuranune.dll.tmp
C:\WINDOWS\system32\wigudozi.dll.tmp
C:\WINDOWS\system32\yayosiyi.dll
C:\WINDOWS\system32\zafufovi.dll
C:\WINDOWS\system32\zilisehu.dll
c:\windows\system32\kiratero.dll
C:\WINDOWS\system32\hozifofe.dll
C:\WINDOWS\system32\lpyvfe.dll
C:\WINDOWS\System32\ehutiyik.ini
C:\WINDOWS\System32\ajowadov.ini
C:\WINDOWS\System32\uferogis.ini
C:\WINDOWS\System32\ekogogat.ini
C:\WINDOWS\System32\ibimason.ini
C:\WINDOWS\System32\ivofufaz.ini
C:\WINDOWS\System32\iyisoyay.ini
C:\WINDOWS\System32\pjawwjuq.ini
C:\WINDOWS\System32\fsajnqxj.ini
C:\WINDOWS\System32\XyFfNXyb.ini2
C:\WINDOWS\System32\XyFfNXyb.ini
C:\WINDOWS\tasks\uhfwqauh.job
C:\WINDOWS\System32\wvUoMcaa.dll
C:\WINDOWS\System32\tumupopo
C:\WINDOWS\System32\ehutiyik.ini
C:\WINDOWS\System32\dowileyi.dll
C:\WINDOWS\System32\kiyituhe.dll
C:\WINDOWS\System32\wolopase.dll

Folders to delete:
C:\Documents and Settings\demo\Application Data\cogad

Kontrollera att mappnamnet på sista raden står på endast en rad och inte har delats upp på två rader.

Starta Avenger.

I den stora rutan så klistrar du in texten som finns i Anteckningar.

Bocka i rutan Scan for rootkits om den inte redan är ibockad.

Bocka även för Automatically disable any rootkits found.

Tryck på Execute för att starta det.

Datorn startar nu om (kanske två gånger).

Efter en stund så kommer loggen (C:\avenger.txt) upp, klistra in den här.

22 januari, 2009

Var ser jag den bokstaven på skivan?

Ser bara ett artikelnummer och så fins detta på skivans papperomslag:

CDX10-59458

22 januari, 2009

Var ser jag den bokstaven på skivan?
Ser bara ett artikelnummer och så fins detta på skivans papperomslag:

CDX10-59458

Förlåt, jag menar att du ska byta ut x: mot D:, E: eller vad nu din CD-enhet kallas i Den här datorn.

22 januari, 2009

Det går inte: Det går inte hitta filen f:\winnt32.exe/cmdcons. Kontrollera stavning (har gjort) Det går att söka en fil genom start och välja sök

JO, hade missat ett mellanslag men då kom det upp istället att programvaran i datorn är nyare än den på skivan.

tror jag blir tokig snart, hur kan det vara möjligt?

Vi har ju orginalskivan

[inlägget ändrat 2009-01-22 13:29:56 av muggeby]

22 januari, 2009

f:\i386\winnt32.exe /cmdcons

det ska vara i386 också och så ska det vara mellanrum mellan exe och /cmdcons

Kan du hitta mappen i386 och winnt32.exe om du med Utforskaren/Den här datorn tittar på f:?

22 januari, 2009

Du datorn har ett eget liv;)

När jag skulle klicka ner meddelandet ang olika versioner så stasrtade återställningskonsollen så nu har jag gjort en sådan.

22 januari, 2009

Kolla att den syns när du startar om datorn också. Det ska vara en ny sida tidigt i uppstarten som syns i någon sekund, där du genom att snabbt trycka på pil ned kan välja ett annat uppstartsalternativ, dvs återställningskonsolen.

Funkar det så kör du Avenger som jag skrev förut.

22 januari, 2009

Den finns och kommer upp. Jag valde dock Windows xp för jag skulle inte göra det inne i återställningskonsollen vad jag förstod?

22 januari, 2009

Nä, du skulle inte in i återställningskonsolen utan bara kolla att den finns där.

22 januari, 2009

Då gjorde jag rätt. Återkommer med loggen

22 januari, 2009

Här är loggen, fick upp meddelande att något inte gick att läsa. tyvärr försvann det så jag hann inte skriva av. Ska jag köra om igen?

[log]Logfile of The Avenger Version 2.0, © by Swandog46

http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.

Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.

Hidden driver "UACd.sys" found!

ImagePath: \systemroot\system32\drivers\UAComxjecpx.sys

Driver disabled successfully.

Rootkit scan completed.

Error: file "C:\WINDOWS\system32\bawisayo.dll" not found!

Deletion of file "C:\WINDOWS\system32\bawisayo.dll" failed!

Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)

--> the object does not exist

File "C:\WINDOWS\system32\bigojuko.dll" deleted successfully.

File "C:\WINDOWS\system32\bonafanu.dll" deleted successfully.

Error: file "C:\WINDOWS\system32\hozifofe.dll" not found!

Deletion of file "C:\WINDOWS\system32\hozifofe.dll" failed!

Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)

--> the object does not exist

File "C:\WINDOWS\system32\jorajuyi.dll" deleted successfully.

File "C:\WINDOWS\system32\lobiwaja.dll" deleted successfully.

File "C:\WINDOWS\system32\mizedodi.dll" deleted successfully.

File "C:\WINDOWS\system32\nazehogi.dll" deleted successfully.

File "C:\WINDOWS\system32\nukizani.dll.tmp" deleted successfully.

File "C:\WINDOWS\system32\nxdjef.dll" deleted successfully.

File "C:\WINDOWS\system32\pakiguwu.dll" deleted successfully.

Error: file "C:\WINDOWS\system32\poroyoju.dll" not found!

Deletion of file "C:\WINDOWS\system32\poroyoju.dll" failed!

Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)

--> the object does not exist

File "C:\WINDOWS\system32\tukuhegu.dll" deleted successfully.

File "C:\WINDOWS\system32\vajoneyo.dll" deleted successfully.

File "C:\WINDOWS\system32\vodawoja.dll" deleted successfully.

File "C:\WINDOWS\system32\vuranune.dll.tmp" deleted successfully.

File "C:\WINDOWS\system32\wigudozi.dll.tmp" deleted successfully.

File "C:\WINDOWS\system32\yayosiyi.dll" deleted successfully.

File "C:\WINDOWS\system32\zafufovi.dll" deleted successfully.

File "C:\WINDOWS\system32\zilisehu.dll" deleted successfully.

File "c:\windows\system32\kiratero.dll" deleted successfully.

Error: file "C:\WINDOWS\system32\hozifofe.dll" not found!

Deletion of file "C:\WINDOWS\system32\hozifofe.dll" failed!

Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)

--> the object does not exist

File "C:\WINDOWS\system32\lpyvfe.dll" deleted successfully.

File "C:\WINDOWS\System32\ehutiyik.ini" deleted successfully.

File "C:\WINDOWS\System32\ajowadov.ini" deleted successfully.

File "C:\WINDOWS\System32\uferogis.ini" deleted successfully.

File "C:\WINDOWS\System32\ekogogat.ini" deleted successfully.

File "C:\WINDOWS\System32\ibimason.ini" deleted successfully.

File "C:\WINDOWS\System32\ivofufaz.ini" deleted successfully.

File "C:\WINDOWS\System32\iyisoyay.ini" deleted successfully.

File "C:\WINDOWS\System32\pjawwjuq.ini" deleted successfully.

File "C:\WINDOWS\System32\fsajnqxj.ini" deleted successfully.

File "C:\WINDOWS\System32\XyFfNXyb.ini2" deleted successfully.

File "C:\WINDOWS\System32\XyFfNXyb.ini" deleted successfully.

File "C:\WINDOWS\tasks\uhfwqauh.job" deleted successfully.

File "C:\WINDOWS\System32\wvUoMcaa.dll" deleted successfully.

File "C:\WINDOWS\System32\tumupopo" deleted successfully.

Error: file "C:\WINDOWS\System32\ehutiyik.ini" not found!

Deletion of file "C:\WINDOWS\System32\ehutiyik.ini" failed!

Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)

--> the object does not exist

File "C:\WINDOWS\System32\dowileyi.dll" deleted successfully.

File "C:\WINDOWS\System32\kiyituhe.dll" deleted successfully.

File "C:\WINDOWS\System32\wolopase.dll" deleted successfully.

Folder "C:\Documents and Settings\demo\Application Data\cogad" deleted successfully.

Completed script processing.

*******************

Finished! Terminate.

[/log]

22 januari, 2009

Det ser ut som att Avenger kunde göra mycket i alla fall.

Fungerar t ex MBAM nu?

Nya loggar från SDFix, Avenger (utan något script) och OTViewIt blir bra.

22 januari, 2009

Du nu blockerade Telia säker surf ett virus som heter

Trojan-Spy.Win32.Agent.swm

Som hittsdes i fil: c:\windows\system32

Du skriver att jag ska köra dom igen utan script, menar du att jag inte ska klistra in det senaste jag gjorde i Avenger?

Utan köra som jag gjort förut?

22 januari, 2009

Du nu blockerade Telia säker surf ett virus som heter
Trojan-Spy.Win32.Agent.swm

Jättebra, då är rootkitet som höll på och dolde en massa i datorn borta. Då bör annat kunna fungera. Avinstallera MBAM och ta bort ComboFix från Skrivbordet. Ladda ner MBAM på nytt (de gamla filerna kan vara skadade) och kör och klistra in dess logg.

Skanna igenom datorn med Telia säker surf, spara om möjligt en logg och klistra in.

Du kan vänta med SDFix, Avenger och OTViewIt.

22 januari, 2009

Hade kört igång SDFix men det bara stod och stampade......i evigheter. Lyckedes stänga av till slut.

Nu skulle jag ladda ner en ny MBAM men när jag klickade på din länk så blockerade Telia åter igen ett virus. Denna gång:

Trojan-Clicker.HTML.IFrame.abp

I filen: c:\documents and setting\demp\lokala inställningar\temporary int....\c5v8j2wm

Ska jag fortsätta ta ner ny MBAM´?

22 januari, 2009

Gick inte rensa viruset, så telia bytte namn och ....PLOPP så kom nästa nu:

TrackingCookie.Research-int

22 januari, 2009

Cookies kommer in i datorn när du surfar och är aldrig skadliga, en cookie från research-int kommer in när du besöker någon IDG-sida.

Börja med att skanna igenom datorn med F-secure, det verkar vara det bästa alternativet just nu. Det dröjer innan jag är tillbaks vid datorn så när F-secure är klar så försök med MBAM igen.

22 januari, 2009

Har varit borta några timmar.

Körde MBAM udertiden och detta hittades.

Tänkte köra F-secure under nattens gång. En helscanning tar sådan tid.

[log]Malwarebytes' Anti-Malware 1.33

Databasversion: 1678

Windows 5.1.2600 Service Pack 3

2009-01-22 21:47:34

mbam-log-2009-01-22 (21-47-23).txt

Skanningstyp: Fullständig skanning (C:\|)

Antal skannade objekt: 222992

Förfluten tid: 1 hour(s), 54 minute(s), 11 second(s)

Infekterade minnesprocesser: 0

Infekterade minnesmoduler: 3

Infekterade registernycklar: 15

Infekterade registervärden: 4

Infekterade registerdataposter: 4

Infekterade mappar: 0

Infekterade filer: 17

Infekterade minnesprocesser:

(Inga illasinnade poster hittades)

Infekterade minnesmoduler:

C:\WINDOWS\system32\zewadora.dll (Trojan.Vundo.H) -> No action taken.

C:\WINDOWS\system32\powamahe.dll (Trojan.Vundo.H) -> No action taken.

C:\WINDOWS\system32\daluwimo.dll (Trojan.Vundo.H) -> No action taken.

Infekterade registernycklar:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3bb9d06d-7dc8-46df-b24b-bab3975458ac} (Trojan.Vundo.H) -> No action taken.

HKEY_CLASSES_ROOT\CLSID\{3bb9d06d-7dc8-46df-b24b-bab3975458ac} (Trojan.Vundo.H) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9758ed3c-650c-4acb-8a29-56c6f97c5420} (Trojan.Vundo.H) -> No action taken.

HKEY_CLASSES_ROOT\CLSID\{9758ed3c-650c-4acb-8a29-56c6f97c5420} (Trojan.Vundo.H) -> No action taken.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3bb9d06d-7dc8-46df-b24b-bab3975458ac} (Trojan.Vundo.H) -> No action taken.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9758ed3c-650c-4acb-8a29-56c6f97c5420} (Trojan.Vundo.H) -> No action taken.

HKEY_CLASSES_ROOT\CLSID\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo) -> No action taken.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{a072ec12-a40b-41dd-9a1a-cdb848b70f3c} (Rogue.Installer) -> No action taken.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> No action taken.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\instkey (Trojan.Vundo) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> No action taken.

Infekterade registervärden:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\64c3d9f7 (Trojan.Vundo.H) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\pewugayefi (Trojan.Vundo.H) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} (Trojan.BHO) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\ssodl (Trojan.BHO) -> No action taken.

Infekterade registerdataposter:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SecurityProviders (Broken.SecurityProviders) -> Bad: (msapsspc.dll schannel.dll digest.dll msnsspc.dll) Good: (msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: c:\windows\system32\zewadora.dll -> No action taken.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\zewadora.dll -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: system32\zewadora.dll -> No action taken.

Infekterade mappar:

(Inga illasinnade poster hittades)

Infekterade filer:

C:\WINDOWS\system32\powamahe.dll (Trojan.Vundo.H) -> No action taken.

C:\WINDOWS\system32\ehamawop.ini (Trojan.Vundo.H) -> No action taken.

C:\WINDOWS\system32\daluwimo.dll (Trojan.Vundo.H) -> No action taken.

C:\WINDOWS\system32\zewadora.dll (Trojan.Vundo.H) -> No action taken.

C:\Program\Adobe\PhotoShop CS3 Extended Keygen + Activation.exe (Trojan.Horst) -> No action taken.

C:\Program\Installation av photochop Temp mapp\KEYGEN\PhotoShop CS3 Extended Keygen + Activation.exe (Trojan.Horst) -> No action taken.

C:\Program\BitComet\Downloads\Adobe Photoshop CS3 Swe\Keygen_PhotoshopCS3.exe (Trojan.Horst) -> No action taken.

C:\System Volume Information\_restore{80BFE074-A66F-4F90-B812-E127B328A96D}\RP0\A0000027.dll (Trojan.Vundo) -> No action taken.

C:\System Volume Information\_restore{80BFE074-A66F-4F90-B812-E127B328A96D}\RP0\A0000030.dll (Trojan.Vundo) -> No action taken.

C:\WINDOWS\system32\fegufula.dll (Trojan.Vundo.H) -> No action taken.

C:\WINDOWS\system32\UACdxlkaijb.dll (Trojan.TDSS) -> No action taken.

C:\WINDOWS\system32\UACrpruxoth.dll (Trojan.TDSS) -> No action taken.

C:\WINDOWS\system32\UACttkpdpas.dll (Trojan.TDSS) -> No action taken.

C:\WINDOWS\system32\UACxnmsnbpk.dll (Trojan.TDSS) -> No action taken.

C:\WINDOWS\system32\drivers\UAComxjecpx.sys (Trojan.TDSS) -> No action taken.

C:\WINDOWS\system32\mcrh.tmp (Malware.Trace) -> No action taken.

C:\WINDOWS\system32\bedanifa.dll (Trojan.Vundo) -> No action taken.

[/log]

22 januari, 2009

Jättebra att MBAM hittade mycket nu. Är loggen från innan omstarten av datorn eftersom det står No Action överallt i loggen? Annars så kör MBAM igen, men det räcker med en snabbskanning (tar ca 10-20 minuter) och låt MBAM fixa det den hittade.

C:\Program\Adobe\PhotoShop CS3 Extended Keygen + Activation.exe (Trojan.Horst) -> No action taken.

Håller man på med sådant så är risken stor att man får in skadliga program i datorn.

22 januari, 2009

Den var nog tagen innan, ja det stämmer.

Om du menar PS att jag laddat ner så har jag haft det länge. Alltså inget nytt.

Jag kör MBAM snabb nu så får vi se igen vad som det hittar

22 januari, 2009

[log]Malwarebytes' Anti-Malware 1.33

Databasversion: 1678

Windows 5.1.2600 Service Pack 3

2009-01-23 00:05:39

mbam-log-2009-01-23 (00-05-39).txt

Skanningstyp: Snabb skanning

Antal skannade objekt: 56447

Förfluten tid: 24 minute(s), 55 second(s)

Infekterade minnesprocesser: 0

Infekterade minnesmoduler: 0

Infekterade registernycklar: 0

Infekterade registervärden: 0

Infekterade registerdataposter: 0

Infekterade mappar: 0

Infekterade filer: 0

Infekterade minnesprocesser:

(Inga illasinnade poster hittades)

Infekterade minnesmoduler:

(Inga illasinnade poster hittades)

Infekterade registernycklar:

(Inga illasinnade poster hittades)

Infekterade registervärden:

(Inga illasinnade poster hittades)

Infekterade registerdataposter:

(Inga illasinnade poster hittades)

Infekterade mappar:

(Inga illasinnade poster hittades)

Infekterade filer:

(Inga illasinnade poster hittades)

[/log]

22 januari, 2009

Så bra :thumbsup:

Då får vi se vad F-secure hittar under natten.

23 januari, 2009

Såhär ser nattens scanning ut.

[log]Genomsökningsrapport

den 23 januari 2009 02:19:19 - 08:11:19

Datornamn: ÅSA

Genomsökningstyp: Utför fullständig datorkontroll

Mål: C:\ + system + rootkits

Resultat

Inga skadliga program hittades

Statistik

Genomsökta:

* Filer: 698481

* Ej genomsökta: 136

Resultat:

* Virus: 0

* Spionprogram: 0

* Misstänkta objekt: 0

* Riskware: 0

Åtgärder:

* Rensad från virus: 0

* Bytt namn: 0

* Borttagen: 0

* Placerad i karantän: 0

* Misslyckades: 0

Startsektorer:

* Genomsökta: 2

* Angripna: 0

* Misstänkta objekt: 0

* Rensad från virus: 0

Ej genomsökta filer:

* Filen (klicka här för mer information) kan inte öppnas. C:\PAGEFILE.SYS

* Filen (klicka här för mer information) kan inte öppnas. C:\WINDOWS\TEMP\AVP655.TMP

* Filen (klicka här för mer information) kan inte öppnas. C:\WINDOWS\TEMP\AVP656.TMP

* Filen (klicka här för mer information) kan inte öppnas. C:\WINDOWS\TEMP\AVP657.TMP

* Filen (klicka här för mer information) kan inte öppnas. C:\WINDOWS\TEMP\AVP658.TMP

* Filen (klicka här för mer information) kan inte öppnas. C:\WINDOWS\TEMP\AVP659.TMP

* Filen (klicka här för mer information) kan inte öppnas. C:\WINDOWS\TEMP\AVP65A.TMP

* Filen (klicka här för mer information) kan inte öppnas. C:\WINDOWS\TEMP\PERFLIB_PERFDATA_680.DAT

* Filen (klicka här för mer information) kan inte öppnas. C:\WINDOWS\SYSTEM32\DRIVERS\SPTD.SYS

* Filen (klicka här för mer information) kan inte öppnas. C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT

* Filen (klicka här för mer information) kan inte öppnas. C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT.LOG

* Filen (klicka här för mer information) kan inte öppnas. C:\WINDOWS\SYSTEM32\CONFIG\SAM

* Filen (klicka här för mer information) kan inte öppnas. C:\WINDOWS\SYSTEM32\CONFIG\SAM.LOG

* Filen (klicka här för mer information) kan inte öppnas. C:\WINDOWS\SYSTEM32\CONFIG\SECURITY

* Filen (klicka här för mer information) kan inte öppnas. C:\WINDOWS\SYSTEM32\CONFIG\SECURITY.LOG

* Filen (klicka här för mer information) kan inte öppnas. C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE

* Filen (klicka här för mer information) kan inte öppnas. C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE.LOG

* Filen (klicka här för mer information) kan inte öppnas. C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM

* Filen (klicka här för mer information) kan inte öppnas. C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM.LOG

* Filen (klicka här för mer information) kan inte öppnas. C:\WINDOWS\SYSTEM32\CATROOT2\EDB.LOG

* Filen (klicka här för mer information) kan inte öppnas. C:\WINDOWS\SYSTEM32\CATROOT2\TMP.EDB

* Filen (klicka här för mer information) kan inte öppnas. C:\PROGRAM\TELIA\TELIAS SAKERHETSTJANSTER\COMMON\POLICY.IPF

* En fil i arkivet C:\PROGRAM\MAHJONG_ESCAPE_ANCIENT_CHINA_V1.0.0.3_SWEDISH_CRACKED-TNT\TNTMEA7.R00 går inte att öppna.

* En fil i arkivet C:\PROGRAM\MAHJONG_ESCAPE_ANCIENT_CHINA_V1.0.0.3_SWEDISH_CRACKED-TNT\TNTMEA7.RAR går inte att öppna.

* En fil i arkivet TNTMEA7.RAR går inte att öppna.

* En fil i arkivet TNTMEA7.R00 går inte att öppna.

* Filen C:\Program\JetAudio\jetUpdate.dat\_TUProj.dat är krypterad.

* Filen C:\Program\JetAudio\jetUpdate.dat\_TUProjDT.dat är krypterad.

* Filen C:\Program\JetAudio\jetUpdate.dat\IRZip.lmd är krypterad.

* Det går inte att läsa från filen C:\Program\Delade filer\Adobe\Installers\Adobe Photoshop CS3 10.log.gz\Adobe Photoshop CS3 10.log. [F-Secure Hydra]

* Filen (klicka här för mer information) kan inte öppnas. C:\Program\Delade filer\Adobe\Installers\Adobe Photoshop CS3 10.log.gz\Adobe Photoshop CS3 10.log [F-Secure AVP]

* Genomsökningen av C:\Program\Corel\CorelDRAW Graphics Suite X4\Setup\CGS14\Setup.msi\stream 13\draw_vba.chm avbröts. [F-Secure AVP]

* Genomsökningen av C:\Program\Corel\CorelDRAW Graphics Suite X4\Setup\CGS14\Setup.msi\stream 13 avbröts. [F-Secure AVP]

* Genomsökningen av C:\Program\Corel\CorelDRAW Graphics Suite X4\Setup\CGS14\Setup.msi avbröts. [F-Secure AVP]

* Genomsökningen av C:\Program\BitComet\Downloads\Adobe Photoshop CS3 Swe\ADBEPHSPCS3_S.exe avbröts. [F-Secure AVP]

* Filen (klicka här för mer information) kan inte öppnas. C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\NTUSER.DAT

* Filen (klicka här för mer information) kan inte öppnas. C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\NTUSER.DAT.LOG

* Filen (klicka här för mer information) kan inte öppnas. C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\LOKALA INSTÄLLNINGAR\TEMP\MPCMDRUN-70-421CFC91-A93E-42AB-A35C-F06F127FCC44.LOCK

* Filen (klicka här för mer information) kan inte öppnas. C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\LOKALA INSTÄLLNINGAR\APPLICATION DATA\MICROSOFT\WINDOWS\USRCLASS.DAT

* Filen (klicka här för mer information) kan inte öppnas. C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\LOKALA INSTÄLLNINGAR\APPLICATION DATA\MICROSOFT\WINDOWS\USRCLASS.DAT.LOG

* Filen (klicka här för mer information) kan inte öppnas. C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\NTUSER.DAT

* Filen (klicka här för mer information) kan inte öppnas. C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\NTUSER.DAT.LOG

* Filen (klicka här för mer information) kan inte öppnas. C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\LOKALA INSTÄLLNINGAR\APPLICATION DATA\MICROSOFT\WINDOWS\USRCLASS.DAT

* Filen (klicka här för mer information) kan inte öppnas. C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\LOKALA INSTÄLLNINGAR\APPLICATION DATA\MICROSOFT\WINDOWS\USRCLASS.DAT.LOG

* Filen (klicka här för mer information) kan inte öppnas. C:\DOCUMENTS AND SETTINGS\DEMO\NTUSER.DAT

* Filen (klicka här för mer information) kan inte öppnas. C:\DOCUMENTS AND SETTINGS\DEMO\NTUSER.DAT.LOG

* Filen (klicka här för mer information) kan inte öppnas. C:\DOCUMENTS AND SETTINGS\DEMO\SKRIVBORD\FW_ VB_ STÄDNING...

* Filen C:\Documents and Settings\demo\Mina dokument\PSP\Alla Psp Tubs i psp\Barbara Jensen\Barbara Jensen Package F Tubes.zip\Package F Tubes/Jensen_All Wet.psd är krypterad.

* Filen C:\Documents and Settings\demo\Mina dokument\PSP\Alla Psp Tubs i psp\Barbara Jensen\Barbara Jensen Package F Tubes.zip\Package F Tubes/Jensen_Alley.psd är krypterad.

* Filen C:\Documents and Settings\demo\Mina dokument\PSP\Alla Psp Tubs i psp\Barbara Jensen\Barbara Jensen Package F Tubes.zip\Package F Tubes/Jensen_Azia.psd är krypterad.

* Filen C:\Documents and Settings\demo\Mina dokument\PSP\Alla Psp Tubs i psp\Barbara Jensen\Barbara Jensen Package F Tubes.zip\Package F Tubes/Jensen_Blonde.psd är krypterad.

* Filen C:\Documents and Settings\demo\Mina dokument\PSP\Alla Psp Tubs i psp\Barbara Jensen\Barbara Jensen Package F Tubes.zip\Package F Tubes/Jensen_Brittany.psd är krypterad.

* Filen C:\Documents and Settings\demo\Mina dokument\PSP\Alla Psp Tubs i psp\Barbara Jensen\Barbara Jensen Package F Tubes.zip\Package F Tubes/Jensen_Devils Own.psd är krypterad.

* Filen C:\Documents and Settings\demo\Mina dokument\PSP\Alla Psp Tubs i psp\Barbara Jensen\Barbara Jensen Package F Tubes.zip\Package F Tubes/Jensen_FishnetFantasy.psd är krypterad.

* Filen C:\Documents and Settings\demo\Mina dokument\PSP\Alla Psp Tubs i psp\Barbara Jensen\Barbara Jensen Package F Tubes.zip\Package F Tubes/Jensen_GoldenGirl.psd är krypterad.

* Filen C:\Documents and Settings\demo\Mina dokument\PSP\Alla Psp Tubs i psp\Barbara Jensen\Barbara Jensen Package F Tubes.zip\Package F Tubes/Jensen_Jolene.psd är krypterad.

* Filen C:\Documents and Settings\demo\Mina dokument\PSP\Alla Psp Tubs i psp\Barbara Jensen\Barbara Jensen Package F Tubes.zip\Package F Tubes/Jensen_Leg Up.psd är krypterad.

* Filen C:\Documents and Settings\demo\Mina dokument\PSP\Alla Psp Tubs i psp\Barbara Jensen\Barbara Jensen Package F Tubes.zip\Package F Tubes/Jensen_Red Pumps.psd är krypterad.

* Filen C:\Documents and Settings\demo\Mina dokument\PSP\Alla Psp Tubs i psp\Barbara Jensen\Barbara Jensen Package F Tubes.zip\Package F Tubes/Jensen_RedRave.psd är krypterad.

* Filen C:\Documents and Settings\demo\Mina dokument\PSP\Alla Psp Tubs i psp\Barbara Jensen\Barbara Jensen Package F Tubes.zip\Package F Tubes/Jensen_Sateen.psd är krypterad.

* Filen C:\Documents and Settings\demo\Mina dokument\PSP\Alla Psp Tubs i psp\Barbara Jensen\Barbara Jensen Package F Tubes.zip\Package F Tubes/Jensen_Seductress.psd är krypterad.

* Filen C:\Documents and Settings\demo\Mina dokument\PSP\Alla Psp Tubs i psp\Barbara Jensen\Barbara Jensen Package F Tubes.zip\Package F Tubes/Jensen_Sheer.psd är krypterad.

* Filen C:\Documents and Settings\demo\Mina dokument\PSP\Alla Psp Tubs i psp\Barbara Jensen\Barbara Jensen Package F Tubes.zip\Package F Tubes/Jensen_Wild Rose.psd är krypterad.

* Filen C:\Documents and Settings\demo\Mina dokument\PSP\Alla Psp Tubs i psp\Barbara Jensen\Jensen Package A Tubes.zip\Jensen Package A Tubes/Barbara Jensen_Anklets_Package 21.psd är krypterad.

* Filen C:\Documents and Settings\demo\Mina dokument\PSP\Alla Psp Tubs i psp\Barbara Jensen\Jensen Package A Tubes.zip\Jensen Package A Tubes/Barbara Jensen_Bow Tied.psd är krypterad.

* Filen C:\Documents and Settings\demo\Mina dokument\PSP\Alla Psp Tubs i psp\Barbara Jensen\Jensen Package A Tubes.zip\Jensen Package A Tubes/Barbara Jensen_Eva.psd är krypterad.

* Filen C:\Documents and Settings\demo\Mina dokument\PSP\Alla Psp Tubs i psp\Barbara Jensen\Jensen Package A Tubes.zip\Jensen Package A Tubes/Barbara Jensen_Gloss.psd är krypterad.

* Filen C:\Documents and Settings\demo\Mina dokument\PSP\Alla Psp Tubs i psp\Barbara Jensen\Jensen Package A Tubes.zip\Jensen Package A Tubes/Barbara Jensen_In A Pinch.psd är krypterad.

* Filen C:\Documents and Settings\demo\Mina dokument\PSP\Alla Psp Tubs i psp\Barbara Jensen\Jensen Package A Tubes.zip\Jensen Package A Tubes/Barbara Jensen_Lime Juice.psd är krypterad.

* Filen C:\Documents and Settings\demo\Mina dokument\PSP\Alla Psp Tubs i psp\Barbara Jensen\Jensen Package A Tubes.zip\Jensen Package A Tubes/Barbara Jensen_Maid In Heaven.psd är krypterad.

* Filen C:\Documents and Settings\demo\Mina dokument\PSP\Alla Psp Tubs i psp\Barbara Jensen\Jensen Package A Tubes.zip\Jensen Package A Tubes/Barbara Jensen_Metallic.psd är krypterad.

* Filen C:\Documents and Settings\demo\Mina dokument\PSP\Alla Psp Tubs i psp\Barbara Jensen\Jensen Package A Tubes.zip\Jensen Package A Tubes/Barbara Jensen_My Teddy.psd är krypterad.

* Filen C:\Documents and Settings\demo\Mina dokument\PSP\Alla Psp Tubs i psp\Barbara Jensen\Jensen Package A Tubes.zip\Jensen Package A Tubes/Barbara Jensen_Net Worthy.psd är krypterad.

* Filen C:\Documents and Settings\demo\Mina dokument\PSP\Alla Psp Tubs i psp\Barbara Jensen\Jensen Package A Tubes.zip\Jensen Package A Tubes/Barbara Jensen_Pink Polish.psd är krypterad.

* Filen C:\Documents and Settings\demo\Mina dokument\PSP\Alla Psp Tubs i psp\Barbara Jensen\Jensen Package A Tubes.zip\Jensen Package A Tubes/Barbara Jensen_Red Velvet.psd är krypterad.

* Filen C:\Documents and Settings\demo\Mina dokument\PSP\Alla Psp Tubs i psp\Barbara Jensen\Jensen Package A Tubes.zip\Jensen Package A Tubes/Barbara Jensen_Squat.psd är krypterad.

* Filen C:\Documents and Settings\demo\Mina dokument\PSP\Alla Psp Tubs i psp\Barbara Jensen\Jensen Package A Tubes.zip\Jensen Package A Tubes/Barbara Jensen_Tall Goddess.psd är krypterad.

* Filen C:\Documents and Settings\demo\Mina dokument\PSP\Alla Psp Tubs i psp\Barbara Jensen\Jensen Package A Tubes.zip\Jensen Package A Tubes/Barbara Jensen_Woman Thorned.psd är krypterad.

* Genomsökningen av C:\Documents and Settings\demo\Mina dokument\Program att spara\Datakokboken 07-08.iso avbröts. [F-Secure AVP]

* En fil i arkivet C:\Documents and Settings\demo\Mina dokument\Program att spara\tina\tina.rar\Photoshop\data2.cab går inte att öppna.

* Genomsökningen av C:\Documents and Settings\demo\Mina dokument\Program att spara\tina\tina.rar avbröts. [F-Secure AVP]

* En fil i arkivet C:\Documents and Settings\demo\Mina dokument\Program att spara\PSP11\PaintShopPro1100_EN_DE_FR_ES_IT_NL_CORELTBYB_ESD.rar\PaintShopPro1100_EN_DE_FR_ES_IT_NL_CORELTBYB_ESD.exe går inte att öppna.

* Genomsökningen av C:\Documents and Settings\demo\Mina dokument\Program att spara\MS.OFFICE.LANGUAGE.PACK.2007.SWEDISH\O12MLPSV.iso avbröts. [F-Secure AVP]

* En fil i arkivet C:\DOCUMENTS AND SETTINGS\DEMO\MINA DOKUMENT\PROGRAM ATT SPARA\MAHJONG_ESCAPE_ANCIENT_CHINA_V1.0.0.3_SWEDISH_CRACKED-TNT\TNTMEA7.R00 går inte att öppna.

* En fil i arkivet C:\DOCUMENTS AND SETTINGS\DEMO\MINA DOKUMENT\PROGRAM ATT SPARA\MAHJONG_ESCAPE_ANCIENT_CHINA_V1.0.0.3_SWEDISH_CRACKED-TNT\TNTMEA7.RAR går inte att öppna.

* En fil i arkivet TNTMEA7.RAR går inte att öppna.

* En fil i arkivet TNTMEA7.R00 går inte att öppna.

* Filen C:\Documents and Settings\demo\Mina dokument\Program att spara\L-Design-Studio-v3.5www.filmfix.se\Logo Design Studio v3.5\ldsupdate.dat\_TUProj.dat är krypterad.

* Filen C:\Documents and Settings\demo\Mina dokument\Program att spara\L-Design-Studio-v3.5www.filmfix.se\Logo Design Studio v3.5\ldsupdate.dat\_TUProjDT.dat är krypterad.

* Filen C:\Documents and Settings\demo\Mina dokument\Program att spara\L-Design-Studio-v3.5www.filmfix.se\Logo Design Studio v3.5\ldsupdate.dat\IRIMG1.JPG är krypterad.

* Filen C:\Documents and Settings\demo\Mina dokument\Program att spara\L-Design-Studio-v3.5www.filmfix.se\Logo Design Studio v3.5\ldsupdate.dat\IRIMG2.JPG är krypterad.

* Filen C:\Documents and Settings\demo\Mina dokument\Program att spara\L-Design-Studio-v3.5www.filmfix.se\Logo Design Studio v3.5\ldsupdate.dat\IRIMG3.JPG är krypterad.

* En fil i arkivet C:\Documents and Settings\demo\Mina dokument\Program att spara\CorelDRAW Gfx Suite X 4 v14.0 Good KeyGen + Serial + Activation Code\CorelDRAW Gfx Suite X 4 v14.0 Good KeyGen + Serial + Activation Code.rar\CorelDRAWGraphicsSuiteX4Installer_EN.exe går inte att öppna.

* En fil i arkivet C:\DOCUMENTS AND SETTINGS\DEMO\MINA DOKUMENT\MINA BILDER\PHOTOSHOP\COLDRAW.ZIP går inte att öppna.

* En fil i arkivet C:\DOCUMENTS AND SETTINGS\DEMO\MINA DOKUMENT\MINA BILDER\PHOTOSHOP\TILT.ZIP går inte att öppna.

* En fil i arkivet C:\DOCUMENTS AND SETTINGS\DEMO\MINA DOKUMENT\MINA BILDER\PHOTOSHOP\TONE.ZIP går inte att öppna.

* Filen (klicka här för mer information) kan inte öppnas. C:\DOCUMENTS AND SETTINGS\DEMO\LOKALA INSTÄLLNINGAR\APPLICATION DATA\MICROSOFT\WINDOWS DEFENDER\FILETRACKER\{CAA8CD51-89F4-486E-9277-5BC78515754A}

* Filen (klicka här för mer information) kan inte öppnas. C:\DOCUMENTS AND SETTINGS\DEMO\LOKALA INSTÄLLNINGAR\APPLICATION DATA\MICROSOFT\WINDOWS\USRCLASS.DAT

* Filen (klicka här för mer information) kan inte öppnas. C:\DOCUMENTS AND SETTINGS\DEMO\LOKALA INSTÄLLNINGAR\APPLICATION DATA\MICROSOFT\WINDOWS\USRCLASS.DAT.LOG

* En fil i arkivet C:\Documents and Settings\demo\Lokala inställningar\Application Data\Microsoft\Messenger\ladyofthefly@hotmail.com\Sharing Folders\ingrid_jensen788@hotmail.com\CorelDRAW Gfx Suite X 4 v14.0 Good KeyGen + Serial + Activation Code.rar\CorelDRAWGraphicsSuiteX4Installer_EN.exe går inte att öppna.

* Genomsökningen av C:\Documents and Settings\demo\Lokala inställningar\Application Data\Microsoft\Messenger\ladyofthefly@hotmail.com\Sharing Folders\ingrid_jensen788@hotmail.com\CorelDRAW Gfx Suite X 4 v14.0 Good KeyGen + Serial + Activation Code.rar avbröts. [F-Secure AVP]

* En fil i arkivet C:\DOCUMENTS AND SETTINGS\DEMO\LOKALA INSTÄLLNINGAR\APPLICATION DATA\IM\IDENTITIES\{76ACEB71-4D70-48F9-BD00-D5D992EBFB45}\MESSAGE STORE\DELETED ITEMS.IMM går inte att öppna.

* Genomsökningen av C:\Documents and Settings\demo\Lokala inställningar\Application Data\IM\Identities\{76ACEB71-4D70-48F9-BD00-D5D992EBFB45}\Message Store\Deleted Items.imm avbröts. [F-Secure AVP]

* En fil i arkivet C:\DOCUMENTS AND SETTINGS\DEMO\LOKALA INSTÄLLNINGAR\APPLICATION DATA\IM\IDENTITIES\{76ACEB71-4D70-48F9-BD00-D5D992EBFB45}\MESSAGE STORE\INBOX.IMM går inte att öppna.

* Genomsökningen av C:\Documents and Settings\demo\Lokala inställningar\Application Data\IM\Identities\{76ACEB71-4D70-48F9-BD00-D5D992EBFB45}\Message Store\Inbox.imm avbröts. [F-Secure AVP]

* Filen C:\Documents and Settings\demo\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 12-26-2008 - 18-30-12.SBU\{36614E12-C5DB-4D7E-B908-B6CDE4222F19} är krypterad.

* Filen C:\Documents and Settings\demo\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 12-26-2008 - 18-30-12.SBU\{4F3E8362-774B-419D-ABEE-B4D1EDC517EF} är krypterad.

* Filen C:\Documents and Settings\demo\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 12-26-2008 - 18-30-12.SBU\{638725EA-B25F-4728-B124-6BA6789C6364} är krypterad.

* Filen C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MeMediaAdVantage.zip\AdVUninst.exe är krypterad.

* Filen C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MeMediaAdVantage.zip\sbRecovery.ini är krypterad.

* Filen C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MeMediaAdVantage1.zip\AdVantage.exe är krypterad.

* Filen C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MeMediaAdVantage1.zip\sbRecovery.ini är krypterad.

* Filen C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MeMediaAdVantage2.zip\AdVantage.htm är krypterad.

* Filen C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MeMediaAdVantage2.zip\sbRecovery.ini är krypterad.

* Filen C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MeMediaAdVantage3.zip\sbRecovery.ini är krypterad.

* Filen C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MeMediaAdVantage4.zip\sbRecovery.reg är krypterad.

* Filen C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MeMediaAdVantage4.zip\sbRecovery.ini är krypterad.

* Filen C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MicrosoftWindowsSecurityCenterAntiVirusOverride.zip\sbRecovery.reg är krypterad.

* Filen C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MicrosoftWindowsSecurityCenterAntiVirusOverride.zip\sbRecovery.ini är krypterad.

* Filen C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch.zip\sbRecovery.reg är krypterad.

* Filen C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch.zip\sbRecovery.ini är krypterad.

* Filen C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch1.zip\sbRecovery.reg är krypterad.

* Filen C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch1.zip\sbRecovery.ini är krypterad.

* Filen C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWebSearch.zip\sbRecovery.reg är krypterad.

* Filen C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWebSearch.zip\sbRecovery.ini är krypterad.

* Filen C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWebSearch1.zip\sbRecovery.reg är krypterad.

* Filen C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWebSearch1.zip\sbRecovery.ini är krypterad.

* Genomsökningen av C:\Documents and Settings\All Users\Application Data\Corel\Downloads\540228105_210029\1151547598334\PSP_EN_DE_FR_ES_IT_NL_Patch.exe\PSP_EN_DE_FR_ES_IT_NL_Patch\PSP_11_EN_DE_FR_ES_IT_NL.msp avbröts. [F-Secure AVP]

Alternativ

Definitionsversion:

* Virus: 2009-01-23_02

* Spionprogram: 2009-01-23_02

Genomsökningsmotorer:

* F-Secure AVP: 7.00.171, 2009-01-23

* F-Secure Hydra: 2.08.8110, 2009-01-23

* F-Secure BlackLight: 2.04.1093

Genomsökningsalternativ:

* Genomsök alla filer

* Genomsök arkiv

Åtgärder:

* Virus: Fråga efter genomsökning

* Spionprogram: Placera i karantän och ta bort

* Visa misstänkta objekt efter en fullständig kontroll av datorn

Felinformation

Felet "Det går inte att öppna filen" inträffade:

Felmeddelandet "Det går inte att öppna filen" betyder att sökmotorn inte kunde öppna en fil och att den filen inte genomsöktes. Vanligtvis kan du ignorera det här felmeddelandet eftersom det finns många skäl till att det visas som inte innebär att det finns ett säkerhetshot, till exempel:

* Filen var en systemfil. Systemfiler är utformade så att de skyddas av operativsystemet. I det här fallet kan meddelandet ignoreras.

* Du har inte behörighet att läsa filen. Genomsök filen genom att logga in med ett användarkonto med tillräcklig behörighet (till exempel datorns administratörskonto) och göra om genomsökningen.

* Filen användes av ett program när genomsökningen gjordes. Genomsök filen genom att stänga alla program och göra om genomsökningen.

[/log]

Behöver hjälp med att få bort virus/Skadligt program

Rekommendera Poster

muggeby

Länk till kommentar

Dela på andra webbplatser

muggeby

Länk till kommentar

Dela på andra webbplatser

Cecilia

Länk till kommentar

Dela på andra webbplatser

muggeby

Länk till kommentar

Dela på andra webbplatser

Cecilia

Länk till kommentar

Dela på andra webbplatser

muggeby

Länk till kommentar

Dela på andra webbplatser

Cecilia

Länk till kommentar

Dela på andra webbplatser

muggeby

Länk till kommentar

Dela på andra webbplatser

Cecilia

Länk till kommentar

Dela på andra webbplatser

muggeby

Länk till kommentar

Dela på andra webbplatser

Cecilia

Länk till kommentar

Dela på andra webbplatser

muggeby

Länk till kommentar

Dela på andra webbplatser

muggeby

Länk till kommentar

Dela på andra webbplatser

Cecilia

Länk till kommentar

Dela på andra webbplatser

muggeby

Länk till kommentar

Dela på andra webbplatser

Cecilia

Länk till kommentar

Dela på andra webbplatser

muggeby

Länk till kommentar

Dela på andra webbplatser

muggeby

Länk till kommentar

Dela på andra webbplatser

Cecilia

Länk till kommentar

Dela på andra webbplatser

muggeby

Länk till kommentar

Dela på andra webbplatser

Cecilia

Länk till kommentar

Dela på andra webbplatser

muggeby

Länk till kommentar

Dela på andra webbplatser

muggeby

Länk till kommentar

Dela på andra webbplatser

Cecilia

Länk till kommentar

Dela på andra webbplatser

muggeby

Länk till kommentar

Dela på andra webbplatser

Arkiverat

Vem är online 0 Medlemmar, 0 anonym, 38 gäster (Visa hela listan)

Populära medlemmar