Packed.Win32.Tdss.a (virus)

[Magnus-Emtunga]

Efter sökt igenom datorn med F-secure, hittades detta virus, nått att bry sig om eller försöka ta bort på annan sätt, iså fall behöver jag hjälp.

Resultat: 1 skadligt program hittades

Packed.Win32.Tdss.a (virus)

 

C:\resycled\boot.com Åtgärd: MISSLYCKADES

 

 

 

 

[log]Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 18:07, on 2009-01-26

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16762)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\brsvc01a.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\brss01a.exe

C:\Program\Delade filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program\Bonjour\mDNSResponder.exe

C:\Program\F-Secure Internet Security\Anti-Virus\fsgk32st.exe

C:\Program\F-Secure Internet Security\Common\FSMA32.EXE

C:\Program\F-Secure Internet Security\Anti-Virus\FSGK32.EXE

C:\Program\Java\jre6\bin\jqs.exe

C:\Program\F-Secure Internet Security\Common\FSMB32.EXE

C:\Program\Delade filer\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\PnkBstrA.exe

C:\WINDOWS\system32\PnkBstrB.exe

C:\Program\Telia\Supportassistent\bin\sprtsvc.exe

C:\WINDOWS\system32\svchost.exe

C:\Program\F-Secure Internet Security\Common\FCH32.EXE

C:\Program\F-Secure Internet Security\Anti-Virus\fsqh.exe

C:\Program\F-Secure Internet Security\Common\FAMEH32.EXE

C:\Program\F-Secure Internet Security\FSAUA\program\fsaua.exe

C:\Program\F-Secure Internet Security\FSPC\fspc.exe

C:\Program\F-Secure Internet Security\FWES\Program\fsdfwd.exe

C:\Program\F-Secure Internet Security\Anti-Virus\fssm32.exe

C:\Program\F-Secure Internet Security\FSAUA\program\fsus.exe

C:\Program\F-Secure Internet Security\Anti-Virus\fsav32.exe

C:\WINDOWS\Explorer.EXE

C:\Program\F-Secure Internet Security\Common\FSM32.EXE

C:\Program\Java\jre6\bin\jusched.exe

C:\Program\Telia\Supportassistent\bin\sprtcmd.exe

C:\Program\iTunes\iTunesHelper.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\Program\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Program\VIA\RAID\raid_tool.exe

C:\Program\Logitech\GamePanel Software\LCD Manager\LCDMon.exe

C:\Program\Logitech\GamePanel Software\G-series Software\LGDCore.exe

C:\Program\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

C:\Program\Logitech\GamePanel Software\LCD Manager\Applets\LCDClock.exe

C:\Program\Logitech\GamePanel Software\LCD Manager\Applets\LCDCountdown.exe

C:\Program\Windows Live\Messenger\MsnMsgr.Exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program\F-Secure Internet Security\FSGUI\fsguidll.exe

C:\Program\Logitech\GamePanel Software\LCD Manager\Applets\LCDMedia.exe

C:\Program\DNA\btdna.exe

C:\Program\Logitech\GamePanel Software\LCD Manager\Applets\LCDPop3.exe

C:\Program\iPod\bin\iPodService.exe

C:\Program\Logitech\SetPoint\SetPoint.exe

C:\Program\ATI Technologies\ATI.ACE\Core-Static\ccc.exe

C:\Program\Delade filer\Logitech\KHAL\KHALMNPR.EXE

C:\Program\Windows Live\Messenger\usnsvc.exe

C:\WINDOWS\System32\svchost.exe

C:\Program\Internet Explorer\IEXPLORE.EXE

C:\Program\Delade filer\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\Program\Internet Explorer\iexplore.exe

C:\Program\F-Secure Internet Security\FSGUI\scanwizard.exe

C:\Program\Trend Micro\HijackThis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157'>http://go.microsoft.com/fwlink/?LinkId=69157'>http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896'>http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar

R3 - URLSearchHook: Softonic Deutsch Toolbar - {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - C:\Program\Softonic_Deutsch\tbSoft.dll

O2 - BHO: Länkhjälp till Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Delade filer\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program\Delade filer\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program\AskBarDis\bar\bin\askBar.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program\Java\jre6\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Softonic Deutsch Toolbar - {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - C:\Program\Softonic_Deutsch\tbSoft.dll

O2 - BHO: Windows Live inloggningshjälpen - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program\Delade filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program\google\googletoolbar2.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program\google\googletoolbar2.dll

O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program\AskBarDis\bar\bin\askBar.dll

O3 - Toolbar: Softonic Deutsch Toolbar - {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - C:\Program\Softonic_Deutsch\tbSoft.dll

O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program\F-Secure Internet Security\Common\FSM32.EXE" /splash

O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program\F-Secure Internet Security\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [Telia] "C:\Program\Telia\Supportassistent\bin\sprtcmd.exe" /P Telia

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [startCCC] "C:\Program\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

O4 - HKLM\..\Run: [RaidTool] C:\Program\VIA\RAID\raid_tool.exe

O4 - HKLM\..\Run: [Launch LCDMon] "C:\Program\Logitech\GamePanel Software\LCD Manager\LCDMon.exe"

O4 - HKLM\..\Run: [Launch LGDCore] "C:\Program\Logitech\GamePanel Software\G-series Software\LGDCore.exe" /SHOWHIDE

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKCU\..\Run: [LDM] C:\Program\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [bitTorrent DNA] "C:\Program\DNA\btdna.exe"

O4 - HKCU\..\Run: [Registry Helper] "C:\Program\Registry Helper\RegistryHelper.Exe" /boot

O4 - HKCU\..\Run: [Disk Cleaner] "C:\Program\Disk Cleaner\DiskCleaner.Exe" /boot

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJÄNST')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe

O4 - Global Startup: Logitech SetPoint.lnk = C:\Program\Logitech\SetPoint\SetPoint.exe

O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Föräldra-... - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program\F-Secure Internet Security\FSPC\fspcmsie.dll

O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program\F-Secure Internet Security\FSPC\fspcmsie.dll

O9 - Extra 'Tools' menuitem: Föräldra-... - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program\F-Secure Internet Security\FSPC\fspcmsie.dll

O9 - Extra button: Referensinformation - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.7.109.cab

O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6662.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1203245843546

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O18 - Protocol: bw+0 - {1EE92591-D63A-4A3F-BE79-CACA1F09AAE5} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw+0s - {1EE92591-D63A-4A3F-BE79-CACA1F09AAE5} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw-0 - {1EE92591-D63A-4A3F-BE79-CACA1F09AAE5} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw-0s - {1EE92591-D63A-4A3F-BE79-CACA1F09AAE5} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw00 - {1EE92591-D63A-4A3F-BE79-CACA1F09AAE5} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw00s - {1EE92591-D63A-4A3F-BE79-CACA1F09AAE5} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw10 - {1EE92591-D63A-4A3F-BE79-CACA1F09AAE5} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw10s - {1EE92591-D63A-4A3F-BE79-CACA1F09AAE5} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw20 - {1EE92591-D63A-4A3F-BE79-CACA1F09AAE5} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw20s - {1EE92591-D63A-4A3F-BE79-CACA1F09AAE5} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw30 - {1EE92591-D63A-4A3F-BE79-CACA1F09AAE5} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw30s - {1EE92591-D63A-4A3F-BE79-CACA1F09AAE5} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw40 - {1EE92591-D63A-4A3F-BE79-CACA1F09AAE5} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw40s - {1EE92591-D63A-4A3F-BE79-CACA1F09AAE5} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw50 - {1EE92591-D63A-4A3F-BE79-CACA1F09AAE5} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw50s - {1EE92591-D63A-4A3F-BE79-CACA1F09AAE5} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw60 - {1EE92591-D63A-4A3F-BE79-CACA1F09AAE5} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw60s - {1EE92591-D63A-4A3F-BE79-CACA1F09AAE5} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw70 - {1EE92591-D63A-4A3F-BE79-CACA1F09AAE5} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw70s - {1EE92591-D63A-4A3F-BE79-CACA1F09AAE5} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw80 - {1EE92591-D63A-4A3F-BE79-CACA1F09AAE5} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw80s - {1EE92591-D63A-4A3F-BE79-CACA1F09AAE5} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw90 - {1EE92591-D63A-4A3F-BE79-CACA1F09AAE5} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw90s - {1EE92591-D63A-4A3F-BE79-CACA1F09AAE5} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwa0 - {1EE92591-D63A-4A3F-BE79-CACA1F09AAE5} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwa0s - {1EE92591-D63A-4A3F-BE79-CACA1F09AAE5} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwb0 - {1EE92591-D63A-4A3F-BE79-CACA1F09AAE5} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwb0s - {1EE92591-D63A-4A3F-BE79-CACA1F09AAE5} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwc0 - {1EE92591-D63A-4A3F-BE79-CACA1F09AAE5} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwc0s - {1EE92591-D63A-4A3F-BE79-CACA1F09AAE5} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwd0 - {1EE92591-D63A-4A3F-BE79-CACA1F09AAE5} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwd0s - {1EE92591-D63A-4A3F-BE79-CACA1F09AAE5} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwe0 - {1EE92591-D63A-4A3F-BE79-CACA1F09AAE5} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwe0s - {1EE92591-D63A-4A3F-BE79-CACA1F09AAE5} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwf0 - {1EE92591-D63A-4A3F-BE79-CACA1F09AAE5} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwf0s - {1EE92591-D63A-4A3F-BE79-CACA1F09AAE5} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll

O18 - Protocol: bwg0 - {1EE92591-D63A-4A3F-BE79-CACA1F09AAE5} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwg0s - {1EE92591-D63A-4A3F-BE79-CACA1F09AAE5} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwh0 - {1EE92591-D63A-4A3F-BE79-CACA1F09AAE5} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwh0s - {1EE92591-D63A-4A3F-BE79-CACA1F09AAE5} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwi0 - {1EE92591-D63A-4A3F-BE79-CACA1F09AAE5} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwi0s - {1EE92591-D63A-4A3F-BE79-CACA1F09AAE5} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwj0 - {1EE92591-D63A-4A3F-BE79-CACA1F09AAE5} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwj0s - {1EE92591-D63A-4A3F-BE79-CACA1F09AAE5} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwk0 - {1EE92591-D63A-4A3F-BE79-CACA1F09AAE5} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwk0s - {1EE92591-D63A-4A3F-BE79-CACA1F09AAE5} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwl0 - {1EE92591-D63A-4A3F-BE79-CACA1F09AAE5} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwl0s - {1EE92591-D63A-4A3F-BE79-CACA1F09AAE5} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwm0 - {1EE92591-D63A-4A3F-BE79-CACA1F09AAE5} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwm0s - {1EE92591-D63A-4A3F-BE79-CACA1F09AAE5} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwn0 - {1EE92591-D63A-4A3F-BE79-CACA1F09AAE5} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwn0s - {1EE92591-D63A-4A3F-BE79-CACA1F09AAE5} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwo0 - {1EE92591-D63A-4A3F-BE79-CACA1F09AAE5} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwo0s - {1EE92591-D63A-4A3F-BE79-CACA1F09AAE5} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwp0 - {1EE92591-D63A-4A3F-BE79-CACA1F09AAE5} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwp0s - {1EE92591-D63A-4A3F-BE79-CACA1F09AAE5} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwq0 - {1EE92591-D63A-4A3F-BE79-CACA1F09AAE5} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwq0s - {1EE92591-D63A-4A3F-BE79-CACA1F09AAE5} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwr0 - {1EE92591-D63A-4A3F-BE79-CACA1F09AAE5} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwr0s - {1EE92591-D63A-4A3F-BE79-CACA1F09AAE5} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bws0 - {1EE92591-D63A-4A3F-BE79-CACA1F09AAE5} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bws0s - {1EE92591-D63A-4A3F-BE79-CACA1F09AAE5} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwt0 - {1EE92591-D63A-4A3F-BE79-CACA1F09AAE5} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwt0s - {1EE92591-D63A-4A3F-BE79-CACA1F09AAE5} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwu0 - {1EE92591-D63A-4A3F-BE79-CACA1F09AAE5} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwu0s - {1EE92591-D63A-4A3F-BE79-CACA1F09AAE5} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwv0 - {1EE92591-D63A-4A3F-BE79-CACA1F09AAE5} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwv0s - {1EE92591-D63A-4A3F-BE79-CACA1F09AAE5} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bww0 - {1EE92591-D63A-4A3F-BE79-CACA1F09AAE5} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bww0s - {1EE92591-D63A-4A3F-BE79-CACA1F09AAE5} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwx0 - {1EE92591-D63A-4A3F-BE79-CACA1F09AAE5} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwx0s - {1EE92591-D63A-4A3F-BE79-CACA1F09AAE5} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwy0 - {1EE92591-D63A-4A3F-BE79-CACA1F09AAE5} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwy0s - {1EE92591-D63A-4A3F-BE79-CACA1F09AAE5} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwz0 - {1EE92591-D63A-4A3F-BE79-CACA1F09AAE5} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwz0s - {1EE92591-D63A-4A3F-BE79-CACA1F09AAE5} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: offline-8876480 - {1EE92591-D63A-4A3F-BE79-CACA1F09AAE5} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program\Delade filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: Bonjour-tjänst (Bonjour Service) - Apple Inc. - C:\Program\Bonjour\mDNSResponder.exe

O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe

O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program\F-Secure Internet Security\Anti-Virus\fsgk32st.exe

O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program\F-Secure Internet Security\FSAUA\program\fsaua.exe

O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program\F-Secure Internet Security\FWES\Program\fsdfwd.exe

O23 - Service: FSMA - F-Secure Corporation - C:\Program\F-Secure Internet Security\Common\FSMA32.EXE

O23 - Service: F-Secure ORSP Client (FSORSPClient) - F-Secure Corporation - C:\Program\F-Secure Internet Security\ORSP Client\fsorsp.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program\iPod\bin\iPodService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program\Java\jre6\bin\jqs.exe

O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe

O23 - Service: SupportSoft Sprocket Service (telia) (sprtsvc_telia) - SupportSoft, Inc. - C:\Program\Telia\Supportassistent\bin\sprtsvc.exe

O23 - Service: SupportSoft RemoteAssist - SupportSoft, Inc. - C:\Program\Delade filer\SupportSoft\bin\ssrc.exe

 

--

End of file - 22966 bytes[/log]

 

Tack på förhand

Magnus

 

[Cecilia]

O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program\AskBarDis\bar\bin\askBar.dll

O2 - BHO: Softonic Deutsch Toolbar - {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - C:\Program\Softonic_Deutsch\tbSoft.dll

Kan du hitta igen dem i Kontrollpanelen - Lägg till eller ta bort program så att du kan avinstallera dem?

 

C:\resycled\boot.com

Det är en infektion som även sprids via USB-minnen, externa hårddiskar, iPods och annat man kan ansluta till datorn och se i Den här datorn. Har något sådant varit ansluten till datorn sedan den blev infekterad?

 

Ladda ner ComboFix till Skrivbordet:

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

 

[log]Stäng av alla program du ser inklusive antivirusprogram och antispionprogram men lämna brandväggen på.

Hur? Se http://www.bleepingcomputer.com/forums/topic114351.html

Kör ComboFix och följ anvisningarna som visas.

Om det kommer upp en fråga om du vill installera återställningskonsolen så svara ja.

 

VIKTIGT! Klicka inte på ComboFix-fönstret med musen när den körs annars kan den hänga upp sig.

 

När den är färdig så ska en logg komma upp, bifoga den till ditt svar. Kontrollera att antivirusprogram mm är igång innan du ansluter till internet.

 

I ditt svar bifogar du ComboFix-loggen på detta sätt:

Tryck på LOG-knappen i Besvara-fönstret

Klistra in loggen

Tryck igen på LOG-knappen

 

Om du får problem med att komma ut på internet:

Kontrollpanelen - Nätverksanslutningar

högerklicka på din internetanslutning och välj Reparera och/eller starta om datorn.[/log]

 

Varning! ComboFix förhindrar automatisk körning av CD, disketter och USB-enheter för att göra det lättare att rensa datorn och skydda datorn mot infektioner i framtiden. Det kan bli problem t ex om datorn har internet via ett USB-modem eller USB-nätverkskort. Säg då till i stället för att köra ComboFix.

 

[Magnus-Emtunga]

Oj. la mig på soffan å slummrade till en stund jag är lite blind och missade din combofi, skall jag köra den?, hittade nämligen ngt som bara kallades Askbar och Softronic på lägg till ta bort, men när jag tog bort softtrobic så startades och deras sida på internet vilket jag stängde direkt men är inte kvar på Lägg å TB.

 

Körde då F-Secure igen för att se hur läget stod till.

[log]Genomsökningsrapport

2009-01-26 18:36 - 19:29

Datornamn: MAGNUS

Genomsökningstyp: Utför fullständig datorkontroll

Mål: C:\ + system + rootkits

 

 

--------------------------------------------------------------------------------

 

Resultat: 1 skadligt program hittades

Packed.Win32.Tdss.a (virus)

C:\resycled\boot.com Åtgärd: MISSLYCKADES

 

 

 

 

--------------------------------------------------------------------------------

 

Statistik

Genomsökta:

Filer: 62021

Ej genomsökta: 21

Resultat:

Virus: 1

Spionprogram: 0

Misstänkta objekt: 0

Riskware: 0

Åtgärder:

Rensad från virus: 0

Bytt namn: 0

Borttagen: 0

Placerad i karantän: 0

Misslyckades: 1

Startsektorer:

Genomsökta: 2

Angripna: 0

Misstänkta objekt: 0

Rensad från virus: 0

Ej genomsökta filer:

Filen (klicka här för mer information) kan inte öppnas. C:\PAGEFILE.SYS

Filen (klicka här för mer information) kan inte öppnas. C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT

Filen (klicka här för mer information) kan inte öppnas. C:\WINDOWS\SYSTEM32\CONFIG\SAM

Filen (klicka här för mer information) kan inte öppnas. C:\WINDOWS\SYSTEM32\CONFIG\SECURITY

Filen (klicka här för mer information) kan inte öppnas. C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE

Filen (klicka här för mer information) kan inte öppnas. C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM

En fil i arkivet C:\Documents and Settings\Magnus\Skrivbord\WLinstaller.exe\CoreServiceFile går inte att öppna.

En fil i arkivet C:\Documents and Settings\Magnus\Skrivbord\WLinstaller.exe\DashboardExeFile går inte att öppna.

En fil i arkivet C:\Documents and Settings\Magnus\Skrivbord\WLinstaller.exe\DashboardLocDllFile går inte att öppna.

En fil i arkivet C:\Documents and Settings\Magnus\Skrivbord\WLinstaller.exe\DashboardResDllFile går inte att öppna.

En fil i arkivet C:\Documents and Settings\Magnus\Skrivbord\WLinstaller.exe\dw20.adm_1053_1053.D0DF3458_A845_11D3_8D0A_0050046416B9 går inte att öppna.

En fil i arkivet C:\Documents and Settings\Magnus\Skrivbord\WLinstaller.exe\dw20.exe_0001.D0DF3458_A845_11D3_8D0A_0050046416B9 går inte att öppna.

En fil i arkivet C:\Documents and Settings\Magnus\Skrivbord\WLinstaller.exe\dwdcw20.dll.D0DF3458_A845_11D3_8D0A_0050046416B9 går inte att öppna.

En fil i arkivet C:\Documents and Settings\Magnus\Skrivbord\WLinstaller.exe\dwintl20.dll_0001_1053_1053.D0DF3458_A845_11D3_8D0A_0050046416B9 går inte att öppna.

En fil i arkivet C:\Documents and Settings\Magnus\Skrivbord\WLinstaller.exe\dwtrig20.exe.D0DF3458_A845_11D3_8D0A_0050046416B9 går inte att öppna.

En fil i arkivet C:\Documents and Settings\Magnus\Skrivbord\WLinstaller.exe\HiContrastThemeFile går inte att öppna.

En fil i arkivet C:\Documents and Settings\Magnus\Skrivbord\WLinstaller.exe\SqmApiDllFile går inte att öppna.

En fil i arkivet C:\Documents and Settings\Magnus\Skrivbord\WLinstaller.exe\UXCoreDllFile går inte att öppna.

En fil i arkivet C:\Documents and Settings\Magnus\Skrivbord\WLinstaller.exe\VCRT80MF går inte att öppna.

En fil i arkivet C:\Documents and Settings\Magnus\Skrivbord\WLinstaller.exe\VCRT80R går inte att öppna.

Genomsökningen av C:\Documents and Settings\Magnus\Mina dokument\Downloads\Milf.Busters.XXX.DVDRip.XviD-Pr0nStarS\CD2\ps-milfbb.rar avbröts. [F-Secure AVP]

 

 

--------------------------------------------------------------------------------

 

Alternativ

Definitionsversion:

Virus: 2009-01-26_07

Spionprogram: 2009-01-26_04

Genomsökningsmotorer:

F-Secure AVP: 7.00.171, 2009-01-26

F-Secure Hydra: 2.08.8110, 2009-01-26

F-Secure BlackLight: 2.04.1093

Genomsökningsalternativ:

Genomsök angivna filer: COM EXE SYS OV? BIN SCR DLL SHS HTM HTML HTT VBS JS INF VXD DO? XL? RTF CPL WIZ HTA PP? PWZ P?T MSO PIF . ACM ASP AX CNV CSC DRV INI MDB MPD MPP MPT OBD OBT OCX PCI TLB TSP WBK WBT WPC WSH VWP WML BOO HLP TD0 TT6 MSG ASD JSE VBE WSC CHM EML PRC SHB LNK WSF {* PDF ZL? XML ANI AVB BAT CEO CMD JOB JPG LSP MAP MHT MIF PHP POT SWF WMF NWS TAR TGZ ZIP JAR ARJ LZH TAR TGZ GZ CAB RAR BZ2 HQX

Genomsök arkiv

Åtgärder:

Virus: Fråga efter genomsökning

Spionprogram: Fråga efter genomsökning

 

--------------------------------------------------------------------------------

 

Felinformation

Felet "Det går inte att öppna filen" inträffade:

Felmeddelandet "Det går inte att öppna filen" betyder att sökmotorn inte kunde öppna en fil och att den filen inte genomsöktes. Vanligtvis kan du ignorera det här felmeddelandet eftersom det finns många skäl till att det visas som inte innebär att det finns ett säkerhetshot, till exempel:

Filen var en systemfil. Systemfiler är utformade så att de skyddas av operativsystemet. I det här fallet kan meddelandet ignoreras.

Du har inte behörighet att läsa filen. Genomsök filen genom att logga in med ett användarkonto med tillräcklig behörighet (till exempel datorns administratörskonto) och göra om genomsökningen.

Filen användes av ett program när genomsökningen gjordes. Genomsök filen genom att stänga alla program och göra om genomsökningen.

[/log]

 

[log]Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 20:21, on 2009-01-26

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16762)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\brsvc01a.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\brss01a.exe

C:\Program\Delade filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program\Bonjour\mDNSResponder.exe

C:\Program\F-Secure Internet Security\Anti-Virus\fsgk32st.exe

C:\Program\F-Secure Internet Security\Common\FSMA32.EXE

C:\Program\F-Secure Internet Security\Anti-Virus\FSGK32.EXE

C:\Program\Java\jre6\bin\jqs.exe

C:\Program\F-Secure Internet Security\Common\FSMB32.EXE

C:\Program\Delade filer\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\PnkBstrA.exe

C:\WINDOWS\system32\PnkBstrB.exe

C:\Program\Telia\Supportassistent\bin\sprtsvc.exe

C:\WINDOWS\system32\svchost.exe

C:\Program\F-Secure Internet Security\Common\FCH32.EXE

C:\Program\F-Secure Internet Security\Anti-Virus\fsqh.exe

C:\Program\F-Secure Internet Security\Common\FAMEH32.EXE

C:\Program\F-Secure Internet Security\FSAUA\program\fsaua.exe

C:\Program\F-Secure Internet Security\FSPC\fspc.exe

C:\Program\F-Secure Internet Security\FWES\Program\fsdfwd.exe

C:\Program\F-Secure Internet Security\Anti-Virus\fssm32.exe

C:\Program\F-Secure Internet Security\FSAUA\program\fsus.exe

C:\Program\F-Secure Internet Security\Anti-Virus\fsav32.exe

C:\WINDOWS\Explorer.EXE

C:\Program\F-Secure Internet Security\Common\FSM32.EXE

C:\Program\Java\jre6\bin\jusched.exe

C:\Program\Telia\Supportassistent\bin\sprtcmd.exe

C:\Program\iTunes\iTunesHelper.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\Program\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Program\VIA\RAID\raid_tool.exe

C:\Program\Logitech\GamePanel Software\LCD Manager\LCDMon.exe

C:\Program\Logitech\GamePanel Software\G-series Software\LGDCore.exe

C:\Program\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

C:\Program\Logitech\GamePanel Software\LCD Manager\Applets\LCDClock.exe

C:\Program\Logitech\GamePanel Software\LCD Manager\Applets\LCDCountdown.exe

C:\Program\Windows Live\Messenger\MsnMsgr.Exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program\F-Secure Internet Security\FSGUI\fsguidll.exe

C:\Program\Logitech\GamePanel Software\LCD Manager\Applets\LCDMedia.exe

C:\Program\DNA\btdna.exe

C:\Program\Logitech\GamePanel Software\LCD Manager\Applets\LCDPop3.exe

C:\Program\iPod\bin\iPodService.exe

C:\Program\Logitech\SetPoint\SetPoint.exe

C:\Program\ATI Technologies\ATI.ACE\Core-Static\ccc.exe

C:\Program\Delade filer\Logitech\KHAL\KHALMNPR.EXE

C:\Program\Windows Live\Messenger\usnsvc.exe

C:\WINDOWS\System32\svchost.exe

C:\Program\F-Secure Internet Security\FSGUI\fsavgui.exe

C:\Program\Delade filer\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\Program\Internet Explorer\iexplore.exe

C:\Program\F-Secure Internet Security\FSGUI\scanwizard.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program\Trend Micro\HijackThis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157'>http://go.microsoft.com/fwlink/?LinkId=69157'>http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896'>http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar

O2 - BHO: Länkhjälp till Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Delade filer\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program\Delade filer\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program\Java\jre6\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live inloggningshjälpen - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program\Delade filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program\google\googletoolbar2.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program\google\googletoolbar2.dll

O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program\F-Secure Internet Security\Common\FSM32.EXE" /splash

O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program\F-Secure Internet Security\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [Telia] "C:\Program\Telia\Supportassistent\bin\sprtcmd.exe" /P Telia

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [startCCC] "C:\Program\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

O4 - HKLM\..\Run: [RaidTool] C:\Program\VIA\RAID\raid_tool.exe

O4 - HKLM\..\Run: [Launch LCDMon] "C:\Program\Logitech\GamePanel Software\LCD Manager\LCDMon.exe"

O4 - HKLM\..\Run: [Launch LGDCore] "C:\Program\Logitech\GamePanel Software\G-series Software\LGDCore.exe" /SHOWHIDE

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKCU\..\Run: [LDM] C:\Program\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [bitTorrent DNA] "C:\Program\DNA\btdna.exe"

O4 - HKCU\..\Run: [Registry Helper] "C:\Program\Registry Helper\RegistryHelper.Exe" /boot

O4 - HKCU\..\Run: [Disk Cleaner] "C:\Program\Disk Cleaner\DiskCleaner.Exe" /boot

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJÄNST')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe

O4 - Global Startup: Logitech SetPoint.lnk = C:\Program\Logitech\SetPoint\SetPoint.exe

O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Föräldra-... - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program\F-Secure Internet Security\FSPC\fspcmsie.dll

O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program\F-Secure Internet Security\FSPC\fspcmsie.dll

O9 - Extra 'Tools' menuitem: Föräldra-... - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program\F-Secure Internet Security\FSPC\fspcmsie.dll

O9 - Extra button: Referensinformation - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.7.109.cab

O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6662.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1203245843546

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O18 - Protocol: bw+0 - {1EE92591-D63A-4A3F-BE79-CACA1F09AAE5} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw+0s - {1EE92591-D63A-4A3F-BE79-CACA1F09AAE5} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw-0 - {1EE92591-D63A-4A3F-BE79-CACA1F09AAE5} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw-0s - {1EE92591-D63A-4A3F-BE79-CACA1F09AAE5} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw00 - {1EE92591-D63A-4A3F-BE79-CACA1F09AAE5} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw00s - {1EE92591-D63A-4A3F-BE79-CACA1F09AAE5} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw10 - {1EE92591-D63A-4A3F-BE79-CACA1F09AAE5} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw10s - {1EE92591-D63A-4A3F-BE79-CACA1F09AAE5} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw20 - {1EE92591-D63A-4A3F-BE79-CACA1F09AAE5} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw20s - {1EE92591-D63A-4A3F-BE79-CACA1F09AAE5} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw30 - {1EE92591-D63A-4A3F-BE79-CACA1F09AAE5} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw30s - {1EE92591-D63A-4A3F-BE79-CACA1F09AAE5} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw40 - {1EE92591-D63A-4A3F-BE79-CACA1F09AAE5} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw40s - {1EE92591-D63A-4A3F-BE79-CACA1F09AAE5} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw50 - {1EE92591-D63A-4A3F-BE79-CACA1F09AAE5} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw50s - {1EE92591-D63A-4A3F-BE79-CACA1F09AAE5} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw60 - {1EE92591-D63A-4A3F-BE79-CACA1F09AAE5} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw60s - {1EE92591-D63A-4A3F-BE79-CACA1F09AAE5} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw70 - {1EE92591-D63A-4A3F-BE79-CACA1F09AAE5} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw70s - {1EE92591-D63A-4A3F-BE79-CACA1F09AAE5} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw80 - {1EE92591-D63A-4A3F-BE79-CACA1F09AAE5} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw80s - {1EE92591-D63A-4A3F-BE79-CACA1F09AAE5} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw90 - {1EE92591-D63A-4A3F-BE79-CACA1F09AAE5} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw90s - {1EE92591-D63A-4A3F-BE79-CACA1F09AAE5} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwa0 - {1EE92591-D63A-4A3F-BE79-CACA1F09AAE5} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwa0s - {1EE92591-D63A-4A3F-BE79-CACA1F09AAE5} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwb0 - {1EE92591-D63A-4A3F-BE79-CACA1F09AAE5} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwb0s - {1EE92591-D63A-4A3F-BE79-CACA1F09AAE5} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwc0 - {1EE92591-D63A-4A3F-BE79-CACA1F09AAE5} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwc0s - {1EE92591-D63A-4A3F-BE79-CACA1F09AAE5} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwd0 - {1EE92591-D63A-4A3F-BE79-CACA1F09AAE5} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwd0s - {1EE92591-D63A-4A3F-BE79-CACA1F09AAE5} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwe0 - {1EE92591-D63A-4A3F-BE79-CACA1F09AAE5} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwe0s - {1EE92591-D63A-4A3F-BE79-CACA1F09AAE5} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwf0 - {1EE92591-D63A-4A3F-BE79-CACA1F09AAE5} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwf0s - {1EE92591-D63A-4A3F-BE79-CACA1F09AAE5} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll

O18 - Protocol: bwg0 - {1EE92591-D63A-4A3F-BE79-CACA1F09AAE5} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwg0s - {1EE92591-D63A-4A3F-BE79-CACA1F09AAE5} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwh0 - {1EE92591-D63A-4A3F-BE79-CACA1F09AAE5} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwh0s - {1EE92591-D63A-4A3F-BE79-CACA1F09AAE5} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwi0 - {1EE92591-D63A-4A3F-BE79-CACA1F09AAE5} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwi0s - {1EE92591-D63A-4A3F-BE79-CACA1F09AAE5} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwj0 - {1EE92591-D63A-4A3F-BE79-CACA1F09AAE5} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwj0s - {1EE92591-D63A-4A3F-BE79-CACA1F09AAE5} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwk0 - {1EE92591-D63A-4A3F-BE79-CACA1F09AAE5} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwk0s - {1EE92591-D63A-4A3F-BE79-CACA1F09AAE5} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwl0 - {1EE92591-D63A-4A3F-BE79-CACA1F09AAE5} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwl0s - {1EE92591-D63A-4A3F-BE79-CACA1F09AAE5} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwm0 - {1EE92591-D63A-4A3F-BE79-CACA1F09AAE5} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwm0s - {1EE92591-D63A-4A3F-BE79-CACA1F09AAE5} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwn0 - {1EE92591-D63A-4A3F-BE79-CACA1F09AAE5} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwn0s - {1EE92591-D63A-4A3F-BE79-CACA1F09AAE5} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwo0 - {1EE92591-D63A-4A3F-BE79-CACA1F09AAE5} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwo0s - {1EE92591-D63A-4A3F-BE79-CACA1F09AAE5} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwp0 - {1EE92591-D63A-4A3F-BE79-CACA1F09AAE5} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwp0s - {1EE92591-D63A-4A3F-BE79-CACA1F09AAE5} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwq0 - {1EE92591-D63A-4A3F-BE79-CACA1F09AAE5} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwq0s - {1EE92591-D63A-4A3F-BE79-CACA1F09AAE5} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwr0 - {1EE92591-D63A-4A3F-BE79-CACA1F09AAE5} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwr0s - {1EE92591-D63A-4A3F-BE79-CACA1F09AAE5} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bws0 - {1EE92591-D63A-4A3F-BE79-CACA1F09AAE5} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bws0s - {1EE92591-D63A-4A3F-BE79-CACA1F09AAE5} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwt0 - {1EE92591-D63A-4A3F-BE79-CACA1F09AAE5} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwt0s - {1EE92591-D63A-4A3F-BE79-CACA1F09AAE5} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwu0 - {1EE92591-D63A-4A3F-BE79-CACA1F09AAE5} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwu0s - {1EE92591-D63A-4A3F-BE79-CACA1F09AAE5} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwv0 - {1EE92591-D63A-4A3F-BE79-CACA1F09AAE5} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwv0s - {1EE92591-D63A-4A3F-BE79-CACA1F09AAE5} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bww0 - {1EE92591-D63A-4A3F-BE79-CACA1F09AAE5} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bww0s - {1EE92591-D63A-4A3F-BE79-CACA1F09AAE5} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwx0 - {1EE92591-D63A-4A3F-BE79-CACA1F09AAE5} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwx0s - {1EE92591-D63A-4A3F-BE79-CACA1F09AAE5} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwy0 - {1EE92591-D63A-4A3F-BE79-CACA1F09AAE5} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwy0s - {1EE92591-D63A-4A3F-BE79-CACA1F09AAE5} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwz0 - {1EE92591-D63A-4A3F-BE79-CACA1F09AAE5} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwz0s - {1EE92591-D63A-4A3F-BE79-CACA1F09AAE5} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: offline-8876480 - {1EE92591-D63A-4A3F-BE79-CACA1F09AAE5} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program\Delade filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: Bonjour-tjänst (Bonjour Service) - Apple Inc. - C:\Program\Bonjour\mDNSResponder.exe

O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe

O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program\F-Secure Internet Security\Anti-Virus\fsgk32st.exe

O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program\F-Secure Internet Security\FSAUA\program\fsaua.exe

O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program\F-Secure Internet Security\FWES\Program\fsdfwd.exe

O23 - Service: FSMA - F-Secure Corporation - C:\Program\F-Secure Internet Security\Common\FSMA32.EXE

O23 - Service: F-Secure ORSP Client (FSORSPClient) - F-Secure Corporation - C:\Program\F-Secure Internet Security\ORSP Client\fsorsp.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program\iPod\bin\iPodService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program\Java\jre6\bin\jqs.exe

O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe

O23 - Service: SupportSoft Sprocket Service (telia) (sprtsvc_telia) - SupportSoft, Inc. - C:\Program\Telia\Supportassistent\bin\sprtsvc.exe

O23 - Service: SupportSoft RemoteAssist - SupportSoft, Inc. - C:\Program\Delade filer\SupportSoft\bin\ssrc.exe

 

--

End of file - 22430 bytes

[/log]

 

Jag tycker version 08 F-secure fungerade ganska dåligt, version 09 tycker jag har tagit bort mer men å andra sidan är jag mer försiktig nu.

 

Det enda jag anslutit på det viset du beskriver är mobilen och fört över bilder för några veckor sedan, men jag har för mig detta startade bär jag kom in på fel sida när jag skulle ladda ner en uppdateringen detta hände första gången och då lade sig Askbar överst på internet som sökmotor å startsida, men det lyckades jag ta bort gen egenskaper på internet och skriva in den gamla adressen å det där fältet ovanför på något annat sätt, kört F-secure och allt funkade, denna gång var det plötslgt där, för typ 2 dagar sedan tå skatteverkets sida krävde adobe reader 5.x vilket jag inte lyckas hitta på deras hemsida eeler någon annstans och laddade ner senarste version reader 9 tror jag den hette, men jag kunde ändå inte öppna skatteverkets länk, men sedan viruset varit borta enl F-secure har jag inte laddat ner ngt via USB.

 

[Magnus-Emtunga]

Jag skulle rätta till stavfel och så ovan, men det gick inte utan det kom en ruta att jag skulle rapportera, men jag kan inte vad min webläsare är för ngt så det gjorde jag inte, så det får va som det är.

 

[Magnus-Emtunga]

Hej

Följde dina anvissningar och startade combifix, men den bara stod och stampade i 15-20 minuter och då försökte jag stänga av den vilket inte gick, det stod bara en _ sådan i vänsterhörnet och blinkade, skall jag vänta längre, fick stänga av datorn då programmet inte gick att stänga, men den sade oxå att viss info kan gå förlorad om du vill avsluta nu, skall jag köra igen och iså fall vad lånd tid bör det ta?

 

MVH

Magnus

 

[Cecilia]

Vi väntar med ComboFix eftersom det inte verkar ha fungerat bra. Ladda ner Avenger på Skrivbordet och packa upp filen där:

http://swandog46.geekstogo.com/avenger2/download.php

 

Starta Avenger.

Bocka i rutan Scan for rootkits om den inte redan är ibockad.

Tryck på Execute för att starta det.

Datorn startar nu om (kanske två gånger).

Efter en liten stund så kommer loggen (C:\avenger.txt) upp, klistra in den här.

 

 

[Magnus-Emtunga]

Körde combifix i 50 minuter, inget hände utan att det tog mig en bra stund att få igång internet.

 

Inget på hela forumet som kan ha ett litet tips:thumbsup:

Jo cecilia nu ser jag, testar detta,tack.Om inte, får vi köra på med virus så länge det går.

 

MVH

Magnus

 

[inlägget ändrat 2009-01-26 23:16:53 av Magnus-Emtunga]

[Cecilia]

Jag hoppas att du såg inlägget jag gjorde alldeles innan du skrev ditt.

 

[Magnus-Emtunga]

Jo i efterhand

[log]Logfile of The Avenger Version 2.0, © by Swandog46

http://swandog46.geekstogo.com

 

Platform: Windows XP

 

*******************

 

Script file opened successfully.

Script file read successfully.

 

Backups directory opened successfully at C:\Avenger

 

*******************

 

Beginning to process script file:

 

Rootkit scan active.

No rootkits found!

 

 

Completed script processing.

 

*******************

 

Finished! Terminate.

[/log]

 

[Cecilia]

O4 - HKCU\..\Run: [Registry Helper] "C:\Program\Registry Helper\RegistryHelper.Exe" /boot

Om det är den Registry Helper som webbsidan http://www.reghelper.com/ handlar om så är det ett olämpligt program enligt

http://www.mywot.com/sv/scorecard/reghelper.com och bör förstås avinstalleras.

 

Ladda ner Malwarebytes Anti-Malware (MBAM) från en av dessa länkar:

http://www.download.com/Malwarebytes-Anti-Malware/3000-8022_4-10804572.html

http://projects.securitywonks.net/projects/details.php?file=158

Dubbelklicka på mbam-setup för att installera programmet.

 

[log]Se till i slutet av installationen att det är bockar för:

Uppdatera Malwarebytes' Anti-Malware

Starta Malwarebytes' Anti-Malware

Tryck på Slutför

Om det finns någon uppdatering så kommer den att laddas ner och installeras.

 

När programmet startar så välj "Utför snabb skanning" och tryck på Skanna.

Skanningen tar ett tag.

När den är klar så tryck på OK och sedan "Visa resultat".

Bocka för allt och tryck sedan Ta bort markerade.

När borttagningen är klar så öppnar Anteckningar med en logg.

 

Eventuellt så kommer det upp en begäran om att starta om datorn (Restart). I så fall gör det.

Om det blir ett felmeddelande Error loading... efter omstarten så starta om datorn än en gång.

Om programmet inte kommer igång efter omstarten så starta det.

 

Om loggen inte kommer upp själv i Anteckningar så hittar du loggen på fliken Loggar i MBAM.

Kopiera loggen och klistra in den i ditt svar tillsammans med en ny HijackThis-logg. [/log]

 

[Magnus-Emtunga]

[log]Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 23:56, on 2009-01-26

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16762)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\brsvc01a.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\brss01a.exe

C:\Program\Delade filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program\Bonjour\mDNSResponder.exe

C:\Program\F-Secure Internet Security\Anti-Virus\fsgk32st.exe

C:\Program\F-Secure Internet Security\Common\FSMA32.EXE

C:\Program\F-Secure Internet Security\Anti-Virus\FSGK32.EXE

C:\Program\Java\jre6\bin\jqs.exe

C:\Program\F-Secure Internet Security\Common\FSMB32.EXE

C:\Program\Delade filer\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\PnkBstrA.exe

C:\WINDOWS\system32\PnkBstrB.exe

C:\Program\Telia\Supportassistent\bin\sprtsvc.exe

C:\WINDOWS\system32\svchost.exe

C:\Program\F-Secure Internet Security\Common\FCH32.EXE

C:\Program\F-Secure Internet Security\Anti-Virus\fssm32.exe

C:\Program\F-Secure Internet Security\Common\FAMEH32.EXE

C:\Program\F-Secure Internet Security\Anti-Virus\fsqh.exe

C:\Program\F-Secure Internet Security\FSAUA\program\fsaua.exe

C:\Program\F-Secure Internet Security\FSPC\fspc.exe

C:\Program\F-Secure Internet Security\FWES\Program\fsdfwd.exe

C:\Program\F-Secure Internet Security\FSAUA\program\fsus.exe

C:\WINDOWS\Explorer.EXE

C:\Program\F-Secure Internet Security\Anti-Virus\fsav32.exe

C:\Program\F-Secure Internet Security\Common\FSM32.EXE

C:\Program\Java\jre6\bin\jusched.exe

C:\Program\Telia\Supportassistent\bin\sprtcmd.exe

C:\Program\F-Secure Internet Security\FSGUI\fsguidll.exe

C:\Program\iTunes\iTunesHelper.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\Program\VIA\RAID\raid_tool.exe

C:\Program\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Program\Logitech\GamePanel Software\LCD Manager\LCDMon.exe

C:\Program\Logitech\GamePanel Software\LCD Manager\Applets\LCDClock.exe

C:\Program\Logitech\GamePanel Software\G-series Software\LGDCore.exe

C:\Program\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

C:\Program\Logitech\GamePanel Software\LCD Manager\Applets\LCDCountdown.exe

C:\Program\Logitech\GamePanel Software\LCD Manager\Applets\LCDMedia.exe

C:\Program\Windows Live\Messenger\MsnMsgr.Exe

C:\Program\Logitech\GamePanel Software\LCD Manager\Applets\LCDPop3.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program\DNA\btdna.exe

C:\Program\iPod\bin\iPodService.exe

C:\Program\Logitech\SetPoint\SetPoint.exe

C:\Program\Delade filer\Logitech\KHAL\KHALMNPR.EXE

C:\Program\ATI Technologies\ATI.ACE\Core-Static\ccc.exe

C:\Program\Windows Live\Messenger\usnsvc.exe

C:\Program\F-Secure Internet Security\FSGUI\scanwizard.exe

C:\WINDOWS\System32\svchost.exe

C:\Program\Malwarebytes' Anti-Malware\mbam.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\Program\Trend Micro\HijackThis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157'>http://go.microsoft.com/fwlink/?LinkId=69157'>http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896'>http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar

O2 - BHO: Länkhjälp till Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Delade filer\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program\Delade filer\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program\Java\jre6\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live inloggningshjälpen - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program\Delade filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program\google\googletoolbar2.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program\google\googletoolbar2.dll

O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program\F-Secure Internet Security\Common\FSM32.EXE" /splash

O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program\F-Secure Internet Security\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [Telia] "C:\Program\Telia\Supportassistent\bin\sprtcmd.exe" /P Telia

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [startCCC] "C:\Program\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

O4 - HKLM\..\Run: [RaidTool] C:\Program\VIA\RAID\raid_tool.exe

O4 - HKLM\..\Run: [Launch LCDMon] "C:\Program\Logitech\GamePanel Software\LCD Manager\LCDMon.exe"

O4 - HKLM\..\Run: [Launch LGDCore] "C:\Program\Logitech\GamePanel Software\G-series Software\LGDCore.exe" /SHOWHIDE

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent

O4 - HKCU\..\Run: [LDM] C:\Program\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [bitTorrent DNA] "C:\Program\DNA\btdna.exe"

O4 - HKCU\..\Run: [Disk Cleaner] "C:\Program\Disk Cleaner\DiskCleaner.Exe" /boot

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJÄNST')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe

O4 - Global Startup: Logitech SetPoint.lnk = C:\Program\Logitech\SetPoint\SetPoint.exe

O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Föräldra-... - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program\F-Secure Internet Security\FSPC\fspcmsie.dll

O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program\F-Secure Internet Security\FSPC\fspcmsie.dll

O9 - Extra 'Tools' menuitem: Föräldra-... - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program\F-Secure Internet Security\FSPC\fspcmsie.dll

O9 - Extra button: Referensinformation - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.7.109.cab

O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6662.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1203245843546

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O18 - Protocol: bw+0 - {1EE92591-D63A-4A3F-BE79-CACA1F09AAE5} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw+0s - {1EE92591-D63A-4A3F-BE79-CACA1F09AAE5} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw-0 - {1EE92591-D63A-4A3F-BE79-CACA1F09AAE5} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw-0s - {1EE92591-D63A-4A3F-BE79-CACA1F09AAE5} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw00 - {1EE92591-D63A-4A3F-BE79-CACA1F09AAE5} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw00s - {1EE92591-D63A-4A3F-BE79-CACA1F09AAE5} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw10 - {1EE92591-D63A-4A3F-BE79-CACA1F09AAE5} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw10s - {1EE92591-D63A-4A3F-BE79-CACA1F09AAE5} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw20 - {1EE92591-D63A-4A3F-BE79-CACA1F09AAE5} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw20s - {1EE92591-D63A-4A3F-BE79-CACA1F09AAE5} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw30 - {1EE92591-D63A-4A3F-BE79-CACA1F09AAE5} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw30s - {1EE92591-D63A-4A3F-BE79-CACA1F09AAE5} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw40 - {1EE92591-D63A-4A3F-BE79-CACA1F09AAE5} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw40s - {1EE92591-D63A-4A3F-BE79-CACA1F09AAE5} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw50 - {1EE92591-D63A-4A3F-BE79-CACA1F09AAE5} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw50s - {1EE92591-D63A-4A3F-BE79-CACA1F09AAE5} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw60 - {1EE92591-D63A-4A3F-BE79-CACA1F09AAE5} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw60s - {1EE92591-D63A-4A3F-BE79-CACA1F09AAE5} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw70 - {1EE92591-D63A-4A3F-BE79-CACA1F09AAE5} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw70s - {1EE92591-D63A-4A3F-BE79-CACA1F09AAE5} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw80 - {1EE92591-D63A-4A3F-BE79-CACA1F09AAE5} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw80s - {1EE92591-D63A-4A3F-BE79-CACA1F09AAE5} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw90 - {1EE92591-D63A-4A3F-BE79-CACA1F09AAE5} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw90s - {1EE92591-D63A-4A3F-BE79-CACA1F09AAE5} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwa0 - {1EE92591-D63A-4A3F-BE79-CACA1F09AAE5} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwa0s - {1EE92591-D63A-4A3F-BE79-CACA1F09AAE5} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwb0 - {1EE92591-D63A-4A3F-BE79-CACA1F09AAE5} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwb0s - {1EE92591-D63A-4A3F-BE79-CACA1F09AAE5} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwc0 - {1EE92591-D63A-4A3F-BE79-CACA1F09AAE5} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwc0s - {1EE92591-D63A-4A3F-BE79-CACA1F09AAE5} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwd0 - {1EE92591-D63A-4A3F-BE79-CACA1F09AAE5} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwd0s - {1EE92591-D63A-4A3F-BE79-CACA1F09AAE5} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwe0 - {1EE92591-D63A-4A3F-BE79-CACA1F09AAE5} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwe0s - {1EE92591-D63A-4A3F-BE79-CACA1F09AAE5} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwf0 - {1EE92591-D63A-4A3F-BE79-CACA1F09AAE5} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwf0s - {1EE92591-D63A-4A3F-BE79-CACA1F09AAE5} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll

O18 - Protocol: bwg0 - {1EE92591-D63A-4A3F-BE79-CACA1F09AAE5} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwg0s - {1EE92591-D63A-4A3F-BE79-CACA1F09AAE5} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwh0 - {1EE92591-D63A-4A3F-BE79-CACA1F09AAE5} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwh0s - {1EE92591-D63A-4A3F-BE79-CACA1F09AAE5} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwi0 - {1EE92591-D63A-4A3F-BE79-CACA1F09AAE5} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwi0s - {1EE92591-D63A-4A3F-BE79-CACA1F09AAE5} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwj0 - {1EE92591-D63A-4A3F-BE79-CACA1F09AAE5} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwj0s - {1EE92591-D63A-4A3F-BE79-CACA1F09AAE5} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwk0 - {1EE92591-D63A-4A3F-BE79-CACA1F09AAE5} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwk0s - {1EE92591-D63A-4A3F-BE79-CACA1F09AAE5} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwl0 - {1EE92591-D63A-4A3F-BE79-CACA1F09AAE5} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwl0s - {1EE92591-D63A-4A3F-BE79-CACA1F09AAE5} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwm0 - {1EE92591-D63A-4A3F-BE79-CACA1F09AAE5} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwm0s - {1EE92591-D63A-4A3F-BE79-CACA1F09AAE5} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwn0 - {1EE92591-D63A-4A3F-BE79-CACA1F09AAE5} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwn0s - {1EE92591-D63A-4A3F-BE79-CACA1F09AAE5} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwo0 - {1EE92591-D63A-4A3F-BE79-CACA1F09AAE5} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwo0s - {1EE92591-D63A-4A3F-BE79-CACA1F09AAE5} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwp0 - {1EE92591-D63A-4A3F-BE79-CACA1F09AAE5} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwp0s - {1EE92591-D63A-4A3F-BE79-CACA1F09AAE5} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwq0 - {1EE92591-D63A-4A3F-BE79-CACA1F09AAE5} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwq0s - {1EE92591-D63A-4A3F-BE79-CACA1F09AAE5} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwr0 - {1EE92591-D63A-4A3F-BE79-CACA1F09AAE5} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwr0s - {1EE92591-D63A-4A3F-BE79-CACA1F09AAE5} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bws0 - {1EE92591-D63A-4A3F-BE79-CACA1F09AAE5} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bws0s - {1EE92591-D63A-4A3F-BE79-CACA1F09AAE5} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwt0 - {1EE92591-D63A-4A3F-BE79-CACA1F09AAE5} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwt0s - {1EE92591-D63A-4A3F-BE79-CACA1F09AAE5} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwu0 - {1EE92591-D63A-4A3F-BE79-CACA1F09AAE5} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwu0s - {1EE92591-D63A-4A3F-BE79-CACA1F09AAE5} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwv0 - {1EE92591-D63A-4A3F-BE79-CACA1F09AAE5} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwv0s - {1EE92591-D63A-4A3F-BE79-CACA1F09AAE5} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bww0 - {1EE92591-D63A-4A3F-BE79-CACA1F09AAE5} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bww0s - {1EE92591-D63A-4A3F-BE79-CACA1F09AAE5} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwx0 - {1EE92591-D63A-4A3F-BE79-CACA1F09AAE5} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwx0s - {1EE92591-D63A-4A3F-BE79-CACA1F09AAE5} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwy0 - {1EE92591-D63A-4A3F-BE79-CACA1F09AAE5} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwy0s - {1EE92591-D63A-4A3F-BE79-CACA1F09AAE5} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwz0 - {1EE92591-D63A-4A3F-BE79-CACA1F09AAE5} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwz0s - {1EE92591-D63A-4A3F-BE79-CACA1F09AAE5} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: offline-8876480 - {1EE92591-D63A-4A3F-BE79-CACA1F09AAE5} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program\Delade filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: Bonjour-tjänst (Bonjour Service) - Apple Inc. - C:\Program\Bonjour\mDNSResponder.exe

O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe

O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program\F-Secure Internet Security\Anti-Virus\fsgk32st.exe

O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program\F-Secure Internet Security\FSAUA\program\fsaua.exe

O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program\F-Secure Internet Security\FWES\Program\fsdfwd.exe

O23 - Service: FSMA - F-Secure Corporation - C:\Program\F-Secure Internet Security\Common\FSMA32.EXE

O23 - Service: F-Secure ORSP Client (FSORSPClient) - F-Secure Corporation - C:\Program\F-Secure Internet Security\ORSP Client\fsorsp.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program\iPod\bin\iPodService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program\Java\jre6\bin\jqs.exe

O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe

O23 - Service: SupportSoft Sprocket Service (telia) (sprtsvc_telia) - SupportSoft, Inc. - C:\Program\Telia\Supportassistent\bin\sprtsvc.exe

O23 - Service: SupportSoft RemoteAssist - SupportSoft, Inc. - C:\Program\Delade filer\SupportSoft\bin\ssrc.exe

 

--

End of file - 22334 bytes

[/log]

 

[log]Malwarebytes' Anti-Malware 1.33

Databasversion: 1697

Windows 5.1.2600 Service Pack 3

 

2009-01-26 23:54:23

mbam-log-2009-01-26 (23-54-23).txt

 

Skanningstyp: Snabb skanning

Antal skannade objekt: 51595

Förfluten tid: 3 minute(s), 26 second(s)

 

Infekterade minnesprocesser: 0

Infekterade minnesmoduler: 0

Infekterade registernycklar: 4

Infekterade registervärden: 1

Infekterade registerdataposter: 0

Infekterade mappar: 2

Infekterade filer: 3

 

Infekterade minnesprocesser:

(Inga illasinnade poster hittades)

 

Infekterade minnesmoduler:

(Inga illasinnade poster hittades)

 

Infekterade registernycklar:

HKEY_LOCAL_MACHINE\SOFTWARE\Registry Helper (Rogue.RegistryHelper) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\videosoft (Trojan.DNSChanger) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\videosoft (Trojan.DNSChanger) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\videosoft (Trojan.DNSChanger) -> Quarantined and deleted successfully.

 

Infekterade registervärden:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Registry Helper (Rogue.RegistryHelper) -> Quarantined and deleted successfully.

 

Infekterade registerdataposter:

(Inga illasinnade poster hittades)

 

Infekterade mappar:

C:\resycled (Trojan.DNSChanger) -> Quarantined and deleted successfully.

C:\Program\videosoft (Trojan.DNSChanger) -> Quarantined and deleted successfully.

 

Infekterade filer:

C:\autorun.inf (Trojan.DNSChanger) -> Quarantined and deleted successfully.

C:\resycled\boot.com (Trojan.DNSChanger) -> Quarantined and deleted successfully.

C:\Program\videosoft\Uninstall.exe (Trojan.DNSChanger) -> Quarantined and deleted successfully.[/log]

 

[Magnus-Emtunga]

[log]Genomsökningsrapport

2009-01-26 23:59 - 23:59

Datornamn: MAGNUS

Genomsökningstyp: Genomsök målet

Mål: C:\resycled\boot.com

 

 

--------------------------------------------------------------------------------

 

Resultat

Inga skadliga program hittades

 

 

 

 

--------------------------------------------------------------------------------

 

Statistik

Genomsökta:

Filer: 0

Ej genomsökta: 1

Resultat:

Virus: 0

Spionprogram: 0

Misstänkta objekt: 0

Riskware: 0

Åtgärder:

Rensad från virus: 0

Bytt namn: 0

Borttagen: 0

Placerad i karantän: 0

Misslyckades: 0

Startsektorer:

Genomsökta: 0

Angripna: 0

Misstänkta objekt: 0

Rensad från virus: 0

Ej genomsökta filer:

Filen (klicka här för mer information) kan inte öppnas. C:\RESYCLED\BOOT.COM

 

 

--------------------------------------------------------------------------------

 

Alternativ

Definitionsversion:

Virus: 2009-01-26_07

Spionprogram: 2009-01-26_04

Genomsökningsmotorer:

F-Secure AVP: 7.00.171, 2009-01-26

F-Secure Hydra: 2.08.8110, 2009-01-26

Genomsökningsalternativ:

Genomsök angivna filer: COM EXE SYS OV? BIN SCR DLL SHS HTM HTML HTT VBS JS INF VXD DO? XL? RTF CPL WIZ HTA PP? PWZ P?T MSO PIF . ACM ASP AX CNV CSC DRV INI MDB MPD MPP MPT OBD OBT OCX PCI TLB TSP WBK WBT WPC WSH VWP WML BOO HLP TD0 TT6 MSG ASD JSE VBE WSC CHM EML PRC SHB LNK WSF {* PDF ZL? XML ANI AVB BAT CEO CMD JOB JPG LSP MAP MHT MIF PHP POT SWF WMF NWS TAR TGZ ZIP JAR ARJ LZH TAR TGZ GZ CAB RAR BZ2 HQX

Genomsök arkiv

Åtgärder:

Virus: Rensa angripna filer från virus

Spionprogram: Fråga efter genomsökning

 

--------------------------------------------------------------------------------

 

Felinformation

Felet "Det går inte att öppna filen" inträffade:

Felmeddelandet "Det går inte att öppna filen" betyder att sökmotorn inte kunde öppna en fil och att den filen inte genomsöktes. Vanligtvis kan du ignorera det här felmeddelandet eftersom det finns många skäl till att det visas som inte innebär att det finns ett säkerhetshot, till exempel:

Filen var en systemfil. Systemfiler är utformade så att de skyddas av operativsystemet. I det här fallet kan meddelandet ignoreras.

Du har inte behörighet att läsa filen. Genomsök filen genom att logga in med ett användarkonto med tillräcklig behörighet (till exempel datorns administratörskonto) och göra om genomsökningen.

Filen användes av ett program när genomsökningen gjordes. Genomsök filen genom att stänga alla program och göra om genomsökningen.

 

--------------------------------------------------------------------------------

 

Copyright © 1998-2008 Produktsupport | Skicka ett virusexempel till F-Secure

[/log]

 

[Magnus-Emtunga]

Kan detta ha med saken att göra?, jagskrev i en annan tråd

//eforum.idg.se/viewmsg.asp?EntriesId=1118269

 

Du är överallt du, jag ser att du redan svarat.

[inlägget ändrat 2009-01-27 00:06:25 av Magnus-Emtunga]

[Cecilia]

C: är hårddiskpartitionen med Windows. Har du andra hårddiskpartitioner?

 

Ladda ner programmet SmitfraudFix (by S!Ri) till Skrivbordet:

http://siri.urz.free.fr/Fix/SmitfraudFix.exe

XP: Dubbelklicka på den nedladdade filen Smitfraudfix.exe.

Vista: Högerklicka på den nedladdade filen Smitfraudfix.exe och välj Kör som administratör.

Först kommer en uppmaning att trycka på någon tangent så gör det.

Välj sedan alternativ 1 - Search genom att trycka på 1 och Enter.

Programmet kommer att skanna igenom datorn.

När den är klart visas resultatet och programmet har skapat loggfilen C:\rapport.txt.

 

Klistra in innehållet i loggfilen i ditt svar här.

 

Gör inget annat med SmitfraudFix.

 

[Magnus-Emtunga]

[log]SmitFraudFix v2.391

 

Scan done at 0:26:02.51, 2009-01-27

Run from C:\Documents and Settings\Magnus\Skrivbord\SmitfraudFix

OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT

The filesystem type is NTFS

Fix run in normal mode

 

»»»»»»»»»»»»»»»»»»»»»»»» Process

 

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\brsvc01a.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\brss01a.exe

C:\Program\Delade filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program\Bonjour\mDNSResponder.exe

C:\Program\F-Secure Internet Security\Anti-Virus\fsgk32st.exe

C:\Program\F-Secure Internet Security\Common\FSMA32.EXE

C:\Program\F-Secure Internet Security\Anti-Virus\FSGK32.EXE

C:\Program\Java\jre6\bin\jqs.exe

C:\Program\F-Secure Internet Security\Common\FSMB32.EXE

C:\Program\Delade filer\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\PnkBstrA.exe

C:\WINDOWS\system32\PnkBstrB.exe

C:\Program\Telia\Supportassistent\bin\sprtsvc.exe

C:\WINDOWS\system32\svchost.exe

C:\Program\F-Secure Internet Security\Common\FCH32.EXE

C:\Program\F-Secure Internet Security\Anti-Virus\fssm32.exe

C:\Program\F-Secure Internet Security\Common\FAMEH32.EXE

C:\Program\F-Secure Internet Security\Anti-Virus\fsqh.exe

C:\Program\F-Secure Internet Security\FSAUA\program\fsaua.exe

C:\Program\F-Secure Internet Security\FSPC\fspc.exe

C:\Program\F-Secure Internet Security\FWES\Program\fsdfwd.exe

C:\Program\F-Secure Internet Security\FSAUA\program\fsus.exe

C:\WINDOWS\Explorer.EXE

C:\Program\F-Secure Internet Security\Anti-Virus\fsav32.exe

C:\Program\F-Secure Internet Security\Common\FSM32.EXE

C:\Program\Java\jre6\bin\jusched.exe

C:\Program\Telia\Supportassistent\bin\sprtcmd.exe

C:\Program\F-Secure Internet Security\FSGUI\fsguidll.exe

C:\Program\iTunes\iTunesHelper.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\Program\VIA\RAID\raid_tool.exe

C:\Program\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Program\Logitech\GamePanel Software\LCD Manager\LCDMon.exe

C:\Program\Logitech\GamePanel Software\LCD Manager\Applets\LCDClock.exe

C:\Program\Logitech\GamePanel Software\G-series Software\LGDCore.exe

C:\Program\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

C:\Program\Logitech\GamePanel Software\LCD Manager\Applets\LCDCountdown.exe

C:\Program\Logitech\GamePanel Software\LCD Manager\Applets\LCDMedia.exe

C:\Program\Windows Live\Messenger\MsnMsgr.Exe

C:\Program\Logitech\GamePanel Software\LCD Manager\Applets\LCDPop3.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program\DNA\btdna.exe

C:\Program\iPod\bin\iPodService.exe

C:\Program\Logitech\SetPoint\SetPoint.exe

C:\Program\Delade filer\Logitech\KHAL\KHALMNPR.EXE

C:\Program\ATI Technologies\ATI.ACE\Core-Static\ccc.exe

C:\Program\Windows Live\Messenger\usnsvc.exe

C:\WINDOWS\System32\svchost.exe

C:\Program\F-Secure Internet Security\FSGUI\scanwizard.exe

C:\WINDOWS\system32\cmd.exe

 

»»»»»»»»»»»»»»»»»»»»»»»» hosts

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Magnus

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Magnus\LOKALA~1\Temp

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Magnus\Application Data

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Start Menu

 

C:\DOCUME~1\Magnus\START-~1\Program\videosoft FOUND !

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Magnus\FAVORI~1

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Desktop

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\Program

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]

"Source"="About:Home"

"SubscribedURL"="About:Home"

"FriendlyName"="Min aktuella startsida"

 

 

»»»»»»»»»»»»»»»»»»»»»»»» o4Patch

!!!Attention, following keys are not inevitably infected!!!

 

o4Patch

Credits: Malware Analysis & Diagnostic

Code: S!Ri

 

 

 

»»»»»»»»»»»»»»»»»»»»»»»» IEDFix

!!!Attention, following keys are not inevitably infected!!!

 

IEDFix

Credits: Malware Analysis & Diagnostic

Code: S!Ri

 

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Agent.OMZ.Fix

!!!Attention, following keys are not inevitably infected!!!

 

 

 

»»»»»»»»»»»»»»»»»»»»»»»» VACFix

!!!Attention, following keys are not inevitably infected!!!

 

VACFix

Credits: Malware Analysis & Diagnostic

Code: S!Ri

 

 

»»»»»»»»»»»»»»»»»»»»»»»» 404Fix

!!!Attention, following keys are not inevitably infected!!!

 

404Fix

Credits: Malware Analysis & Diagnostic

Code: S!Ri

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler

!!!Attention, following keys are not inevitably infected!!!

 

SrchSTS.exe by S!Ri

Search SharedTaskScheduler's .dll

 

 

»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs

!!!Attention, following keys are not inevitably infected!!!

 

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Winlogon

!!!Attention, following keys are not inevitably infected!!!

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]

"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"

"System"=""

 

 

»»»»»»»»»»»»»»»»»»»»»»»» RK

 

 

 

»»»»»»»»»»»»»»»»»»»»»»»» DNS

 

Description: Marvell Yukon 88E8053 PCI-E Gigabit Ethernet Controller - Miniport för paketschemaläggning

DNS Server Search Order: 192.168.0.1

 

HKLM\SYSTEM\CCS\Services\Tcpip\..\{EFFA354D-8E68-4E89-BB0C-F9F5E6633315}: DhcpNameServer=192.168.0.1

HKLM\SYSTEM\CS1\Services\Tcpip\..\{EFFA354D-8E68-4E89-BB0C-F9F5E6633315}: DhcpNameServer=192.168.0.1

HKLM\SYSTEM\CS3\Services\Tcpip\..\{EFFA354D-8E68-4E89-BB0C-F9F5E6633315}: DhcpNameServer=192.168.0.1

HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.0.1

HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.0.1

HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=192.168.0.1

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection

 

 

»»»»»»»»»»»»»»»»»»»»»»»» End

 

[/log]

 

[Magnus-Emtunga]

[log]Genomsökningsrapport

2009-01-27 00:29 - 00:29

Datornamn: MAGNUS

Genomsökningstyp: Genomsök målet

Mål: C:\DOCUMENTS AND SETTINGS\MAGNUS\SKRIVBORD\SMITFRAUDFIX\AGENT.OMZ.FIX.EXE

 

 

--------------------------------------------------------------------------------

 

Resultat: 1 skadligt program hittades

W32/Zlob.gen123 (virus)

C:\DOCUMENTS AND SETTINGS\MAGNUS\SKRIVBORD\SMITFRAUDFIX\AGENT.OMZ.FIX.EXE Åtgärd: placerats i karantän

 

 

 

 

--------------------------------------------------------------------------------

 

Statistik

Genomsökta:

Filer: 1

Ej genomsökta: 0

Resultat:

Virus: 1

Spionprogram: 0

Misstänkta objekt: 0

Riskware: 0

Åtgärder:

Rensad från virus: 0

Bytt namn: 0

Borttagen: 0

Placerad i karantän: 1

Misslyckades: 0

Startsektorer:

Genomsökta: 0

Angripna: 0

Misstänkta objekt: 0

Rensad från virus: 0

 

 

--------------------------------------------------------------------------------

 

Alternativ

Definitionsversion:

Virus: 2009-01-26_07

Spionprogram: 2009-01-26_04

Genomsökningsmotorer:

F-Secure AVP: 7.00.171, 2009-01-26

F-Secure Hydra: 2.08.8110, 2009-01-26

Genomsökningsalternativ:

Genomsök angivna filer: COM EXE SYS OV? BIN SCR DLL SHS HTM HTML HTT VBS JS INF VXD DO? XL? RTF CPL WIZ HTA PP? PWZ P?T MSO PIF . ACM ASP AX CNV CSC DRV INI MDB MPD MPP MPT OBD OBT OCX PCI TLB TSP WBK WBT WPC WSH VWP WML BOO HLP TD0 TT6 MSG ASD JSE VBE WSC CHM EML PRC SHB LNK WSF {* PDF ZL? XML ANI AVB BAT CEO CMD JOB JPG LSP MAP MHT MIF PHP POT SWF WMF NWS TAR TGZ ZIP JAR ARJ LZH TAR TGZ GZ CAB RAR BZ2 HQX

Genomsök arkiv

Åtgärder:

Virus: Placera i karantän och ta bort

Spionprogram: Fråga efter genomsökning

[/log]

 

[Magnus-Emtunga]

Packed.Win32.Tdss.a

 

detta ligger nu i karantän utan .a , men verkar ha bytt namn igen i karantänen, jag kan tyvärr inte kopiera från denna plats.

 

Heter nu bara Win.32...

 

Och när jag försöker klistra in informationen har IDG sidan stängt ner sig flera ggr, men nu lyckades jag genom att ta det fort med bara ett inlägg i taget.

 

F-secure påpekar att jag bör ta bort det från karantänen+ och nu har det lagt sig ett nytt Win32/Zlob.gen123 som inte fanns nyss, och det utan .a heter nu Win32.Tdss och när jag stände inforutan för smitfraudmix kom det upp, vill du spara den ändrade informationen.

 

Mysko värre

 

[inlägget ändrat 2009-01-27 00:48:54 av Magnus-Emtunga]

[inlägget ändrat 2009-01-27 00:50:28 av Magnus-Emtunga]

[inlägget ändrat 2009-01-27 00:56:57 av Magnus-Emtunga]

[Magnus-Emtunga]

Körde en ny highjack efter tagit bort objekten från F-secure

[log]Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 00:59:17, on 2009-01-27

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16762)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\brsvc01a.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\brss01a.exe

C:\Program\Delade filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program\Bonjour\mDNSResponder.exe

C:\Program\F-Secure Internet Security\Anti-Virus\fsgk32st.exe

C:\Program\F-Secure Internet Security\Common\FSMA32.EXE

C:\Program\F-Secure Internet Security\Anti-Virus\FSGK32.EXE

C:\Program\Java\jre6\bin\jqs.exe

C:\Program\F-Secure Internet Security\Common\FSMB32.EXE

C:\Program\Delade filer\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\PnkBstrA.exe

C:\WINDOWS\system32\PnkBstrB.exe

C:\Program\Telia\Supportassistent\bin\sprtsvc.exe

C:\WINDOWS\system32\svchost.exe

C:\Program\F-Secure Internet Security\Common\FCH32.EXE

C:\Program\F-Secure Internet Security\Anti-Virus\fssm32.exe

C:\Program\F-Secure Internet Security\Common\FAMEH32.EXE

C:\Program\F-Secure Internet Security\Anti-Virus\fsqh.exe

C:\Program\F-Secure Internet Security\FSAUA\program\fsaua.exe

C:\Program\F-Secure Internet Security\FSPC\fspc.exe

C:\Program\F-Secure Internet Security\FWES\Program\fsdfwd.exe

C:\Program\F-Secure Internet Security\FSAUA\program\fsus.exe

C:\WINDOWS\Explorer.EXE

C:\Program\F-Secure Internet Security\Anti-Virus\fsav32.exe

C:\Program\F-Secure Internet Security\Common\FSM32.EXE

C:\Program\Java\jre6\bin\jusched.exe

C:\Program\Telia\Supportassistent\bin\sprtcmd.exe

C:\Program\F-Secure Internet Security\FSGUI\fsguidll.exe

C:\Program\iTunes\iTunesHelper.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\Program\VIA\RAID\raid_tool.exe

C:\Program\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Program\Logitech\GamePanel Software\LCD Manager\LCDMon.exe

C:\Program\Logitech\GamePanel Software\LCD Manager\Applets\LCDClock.exe

C:\Program\Logitech\GamePanel Software\G-series Software\LGDCore.exe

C:\Program\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

C:\Program\Logitech\GamePanel Software\LCD Manager\Applets\LCDCountdown.exe

C:\Program\Logitech\GamePanel Software\LCD Manager\Applets\LCDMedia.exe

C:\Program\Windows Live\Messenger\MsnMsgr.Exe

C:\Program\Logitech\GamePanel Software\LCD Manager\Applets\LCDPop3.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program\DNA\btdna.exe

C:\Program\iPod\bin\iPodService.exe

C:\Program\Logitech\SetPoint\SetPoint.exe

C:\Program\Delade filer\Logitech\KHAL\KHALMNPR.EXE

C:\Program\ATI Technologies\ATI.ACE\Core-Static\ccc.exe

C:\Program\Windows Live\Messenger\usnsvc.exe

C:\WINDOWS\System32\svchost.exe

C:\Program\Internet Explorer\iexplore.exe

C:\Program\Delade filer\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\Program\F-Secure Internet Security\FSGUI\scanwizard.exe

C:\Program\Internet Explorer\iexplore.exe

C:\Program\Trend Micro\HijackThis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157'>http://go.microsoft.com/fwlink/?LinkId=69157'>http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896'>http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar

O2 - BHO: Länkhjälp till Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Delade filer\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program\Delade filer\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program\Java\jre6\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live inloggningshjälpen - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program\Delade filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program\google\googletoolbar2.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program\google\googletoolbar2.dll

O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program\F-Secure Internet Security\Common\FSM32.EXE" /splash

O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program\F-Secure Internet Security\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [Telia] "C:\Program\Telia\Supportassistent\bin\sprtcmd.exe" /P Telia

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [startCCC] "C:\Program\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

O4 - HKLM\..\Run: [RaidTool] C:\Program\VIA\RAID\raid_tool.exe

O4 - HKLM\..\Run: [Launch LCDMon] "C:\Program\Logitech\GamePanel Software\LCD Manager\LCDMon.exe"

O4 - HKLM\..\Run: [Launch LGDCore] "C:\Program\Logitech\GamePanel Software\G-series Software\LGDCore.exe" /SHOWHIDE

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent

O4 - HKCU\..\Run: [LDM] C:\Program\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [bitTorrent DNA] "C:\Program\DNA\btdna.exe"

O4 - HKCU\..\Run: [Disk Cleaner] "C:\Program\Disk Cleaner\DiskCleaner.Exe" /boot

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJÄNST')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe

O4 - Global Startup: Logitech SetPoint.lnk = C:\Program\Logitech\SetPoint\SetPoint.exe

O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Föräldra-... - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program\F-Secure Internet Security\FSPC\fspcmsie.dll

O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program\F-Secure Internet Security\FSPC\fspcmsie.dll

O9 - Extra 'Tools' menuitem: Föräldra-... - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program\F-Secure Internet Security\FSPC\fspcmsie.dll

O9 - Extra button: Referensinformation - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.7.109.cab

O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6662.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1203245843546

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O18 - Protocol: bw+0 - {1EE92591-D63A-4A3F-BE79-CACA1F09AAE5} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw+0s - {1EE92591-D63A-4A3F-BE79-CACA1F09AAE5} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw-0 - {1EE92591-D63A-4A3F-BE79-CACA1F09AAE5} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw-0s - {1EE92591-D63A-4A3F-BE79-CACA1F09AAE5} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw00 - {1EE92591-D63A-4A3F-BE79-CACA1F09AAE5} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw00s - {1EE92591-D63A-4A3F-BE79-CACA1F09AAE5} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw10 - {1EE92591-D63A-4A3F-BE79-CACA1F09AAE5} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw10s - {1EE92591-D63A-4A3F-BE79-CACA1F09AAE5} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw20 - {1EE92591-D63A-4A3F-BE79-CACA1F09AAE5} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw20s - {1EE92591-D63A-4A3F-BE79-CACA1F09AAE5} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw30 - {1EE92591-D63A-4A3F-BE79-CACA1F09AAE5} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw30s - {1EE92591-D63A-4A3F-BE79-CACA1F09AAE5} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw40 - {1EE92591-D63A-4A3F-BE79-CACA1F09AAE5} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw40s - {1EE92591-D63A-4A3F-BE79-CACA1F09AAE5} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw50 - {1EE92591-D63A-4A3F-BE79-CACA1F09AAE5} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw50s - {1EE92591-D63A-4A3F-BE79-CACA1F09AAE5} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw60 - {1EE92591-D63A-4A3F-BE79-CACA1F09AAE5} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw60s - {1EE92591-D63A-4A3F-BE79-CACA1F09AAE5} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw70 - {1EE92591-D63A-4A3F-BE79-CACA1F09AAE5} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw70s - {1EE92591-D63A-4A3F-BE79-CACA1F09AAE5} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw80 - {1EE92591-D63A-4A3F-BE79-CACA1F09AAE5} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw80s - {1EE92591-D63A-4A3F-BE79-CACA1F09AAE5} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw90 - {1EE92591-D63A-4A3F-BE79-CACA1F09AAE5} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw90s - {1EE92591-D63A-4A3F-BE79-CACA1F09AAE5} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwa0 - {1EE92591-D63A-4A3F-BE79-CACA1F09AAE5} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwa0s - {1EE92591-D63A-4A3F-BE79-CACA1F09AAE5} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwb0 - {1EE92591-D63A-4A3F-BE79-CACA1F09AAE5} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwb0s - {1EE92591-D63A-4A3F-BE79-CACA1F09AAE5} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwc0 - {1EE92591-D63A-4A3F-BE79-CACA1F09AAE5} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwc0s - {1EE92591-D63A-4A3F-BE79-CACA1F09AAE5} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwd0 - {1EE92591-D63A-4A3F-BE79-CACA1F09AAE5} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwd0s - {1EE92591-D63A-4A3F-BE79-CACA1F09AAE5} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwe0 - {1EE92591-D63A-4A3F-BE79-CACA1F09AAE5} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwe0s - {1EE92591-D63A-4A3F-BE79-CACA1F09AAE5} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwf0 - {1EE92591-D63A-4A3F-BE79-CACA1F09AAE5} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwf0s - {1EE92591-D63A-4A3F-BE79-CACA1F09AAE5} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll

O18 - Protocol: bwg0 - {1EE92591-D63A-4A3F-BE79-CACA1F09AAE5} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwg0s - {1EE92591-D63A-4A3F-BE79-CACA1F09AAE5} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwh0 - {1EE92591-D63A-4A3F-BE79-CACA1F09AAE5} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwh0s - {1EE92591-D63A-4A3F-BE79-CACA1F09AAE5} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwi0 - {1EE92591-D63A-4A3F-BE79-CACA1F09AAE5} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwi0s - {1EE92591-D63A-4A3F-BE79-CACA1F09AAE5} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwj0 - {1EE92591-D63A-4A3F-BE79-CACA1F09AAE5} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwj0s - {1EE92591-D63A-4A3F-BE79-CACA1F09AAE5} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwk0 - {1EE92591-D63A-4A3F-BE79-CACA1F09AAE5} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwk0s - {1EE92591-D63A-4A3F-BE79-CACA1F09AAE5} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwl0 - {1EE92591-D63A-4A3F-BE79-CACA1F09AAE5} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwl0s - {1EE92591-D63A-4A3F-BE79-CACA1F09AAE5} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwm0 - {1EE92591-D63A-4A3F-BE79-CACA1F09AAE5} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwm0s - {1EE92591-D63A-4A3F-BE79-CACA1F09AAE5} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwn0 - {1EE92591-D63A-4A3F-BE79-CACA1F09AAE5} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwn0s - {1EE92591-D63A-4A3F-BE79-CACA1F09AAE5} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwo0 - {1EE92591-D63A-4A3F-BE79-CACA1F09AAE5} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwo0s - {1EE92591-D63A-4A3F-BE79-CACA1F09AAE5} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwp0 - {1EE92591-D63A-4A3F-BE79-CACA1F09AAE5} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwp0s - {1EE92591-D63A-4A3F-BE79-CACA1F09AAE5} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwq0 - {1EE92591-D63A-4A3F-BE79-CACA1F09AAE5} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwq0s - {1EE92591-D63A-4A3F-BE79-CACA1F09AAE5} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwr0 - {1EE92591-D63A-4A3F-BE79-CACA1F09AAE5} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwr0s - {1EE92591-D63A-4A3F-BE79-CACA1F09AAE5} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bws0 - {1EE92591-D63A-4A3F-BE79-CACA1F09AAE5} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bws0s - {1EE92591-D63A-4A3F-BE79-CACA1F09AAE5} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwt0 - {1EE92591-D63A-4A3F-BE79-CACA1F09AAE5} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwt0s - {1EE92591-D63A-4A3F-BE79-CACA1F09AAE5} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwu0 - {1EE92591-D63A-4A3F-BE79-CACA1F09AAE5} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwu0s - {1EE92591-D63A-4A3F-BE79-CACA1F09AAE5} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwv0 - {1EE92591-D63A-4A3F-BE79-CACA1F09AAE5} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwv0s - {1EE92591-D63A-4A3F-BE79-CACA1F09AAE5} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bww0 - {1EE92591-D63A-4A3F-BE79-CACA1F09AAE5} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bww0s - {1EE92591-D63A-4A3F-BE79-CACA1F09AAE5} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwx0 - {1EE92591-D63A-4A3F-BE79-CACA1F09AAE5} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwx0s - {1EE92591-D63A-4A3F-BE79-CACA1F09AAE5} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwy0 - {1EE92591-D63A-4A3F-BE79-CACA1F09AAE5} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwy0s - {1EE92591-D63A-4A3F-BE79-CACA1F09AAE5} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwz0 - {1EE92591-D63A-4A3F-BE79-CACA1F09AAE5} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwz0s - {1EE92591-D63A-4A3F-BE79-CACA1F09AAE5} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: offline-8876480 - {1EE92591-D63A-4A3F-BE79-CACA1F09AAE5} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program\Delade filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: Bonjour-tjänst (Bonjour Service) - Apple Inc. - C:\Program\Bonjour\mDNSResponder.exe

O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe

O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program\F-Secure Internet Security\Anti-Virus\fsgk32st.exe

O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program\F-Secure Internet Security\FSAUA\program\fsaua.exe

O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program\F-Secure Internet Security\FWES\Program\fsdfwd.exe

O23 - Service: FSMA - F-Secure Corporation - C:\Program\F-Secure Internet Security\Common\FSMA32.EXE

O23 - Service: F-Secure ORSP Client (FSORSPClient) - F-Secure Corporation - C:\Program\F-Secure Internet Security\ORSP Client\fsorsp.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program\iPod\bin\iPodService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program\Java\jre6\bin\jqs.exe

O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe

O23 - Service: SupportSoft Sprocket Service (telia) (sprtsvc_telia) - SupportSoft, Inc. - C:\Program\Telia\Supportassistent\bin\sprtsvc.exe

O23 - Service: SupportSoft RemoteAssist - SupportSoft, Inc. - C:\Program\Delade filer\SupportSoft\bin\ssrc.exe

 

--

End of file - 22414 bytes

[/log]

 

[Cecilia]

Ta bort videosoft från Startmenyn - Program

 

Det är inget ovanligt att antivirusprogram falsklarmar om olika fix-program.

 

Det görs en backup på IDG vid 1-tiden så det kan vara orsaken till att du hade problem med webbsidan.

 

Filer som ligger i karantän är oskadliggjorda och det är bra om de får ligga där några dagar så man är säker på att det inte är falsklarm.

 

En HijackThis-logg påverkas inte av att du tar bort filer från F-secures karantän.

 

DHCP-servern i datorn är korrekt i alla fall.

 

C: är hårddiskpartitionen med Windows. Har du andra hårddiskpartitioner?

 

Det enda jag anslutit på det viset du beskriver är mobilen och fört över bilder för några veckor sedan

Bedömer du att det finns en risk att mobilen är smittad och kan behöva rensas?

 

[Magnus-Emtunga]

Nej mobilen bör inte varit smittad, jag har alltid skickat sms och ringt samma personer, men jag har ringt några samtal till ukraina det sista, men jag vet inte hur en mobil kan smittas?, däremot kryssade jag i fel vid beställning av F-secure och betalade även för att kunna använda det i mobilen, får se om jag kan installera det och testköra.

 

Nu har jag tagit bort videosoft.

 

Du frågade:

C: är hårddiskpartitionen med Windows. Har du andra hårddiskpartitioner?

 

Jag vet inte ens vad det är för något, kan jag kolla på något sätt?, däremot har jag en dator till jag nästan aldrig använder som är kopplad mot denna och har Vista som oper.

 

MVH

Magnus

 

[inlägget ändrat 2009-01-27 01:25:27 av Magnus-Emtunga]

[Cecilia]

men jag vet inte hur en mobil kan smittas?

Det skadliga program som skapade autorun.inf och mappen resycled gör samma sak med USB-minnen, externa hårddiskar och annat som ansluts till datorn och får en enhetsbokstav (E:, F: etc) och därmed kan nås från Den här datorn. Det innebär att när man nästa gång ansluter prylen till en Windows-dator (med autorun aktiverat vilket är standard) så kommer Windows att starta autorun.inf på den anslutna prylen och autorun.inf i sin tur kommer att köra ett program som ligger i mappen resycled på den anslutna prylen och då kan datorn bli infekterad.

 

C: är en hårddiskpartition. Har du andra bokstäver i datorn, D:, E: etc som används till en hårddisk?

 

däremot har jag en dator till jag nästan aldrig använder som är kopplad mot denna och har Vista som oper.

Kör MBAM på den också för säkerhets skull.

 

[Magnus-Emtunga]

Kollade under den här datorn och hårddiskar där ligger bara lokal disc ( c: )

 

Skall jag köra en ny sökning med F-secure nu kanske då vi ändrat en del?

 

MVH

Magnus

 

[Cecilia]

Jag kan inte se behov av ytterligare sökningar med F-secure.

 

Fungerar datorn som den ska nu?

 

[Magnus-Emtunga]

Fungerar datorn som den ska nu?

Det har den gjort hela tiden med detta virus, inget segt inget lagg vid spel osv, jag har bara inte fått bort viruset och tänkte därför söka hjälp vilket jag verkligen har fått, der var dörför jag tänkte på det med F-secure, men även oxå för att jag starade om min dator och fick samma meddelande nu:En av filerna i registret fick återställas med hjälp av en logg eller en annan alternativ version, Återställning slutfördes.

 

Är vi säkra på att viruset är borta kan man utesluta att viruset är boven i filfelet och kanske forska vidare på annat vis, men datorn fungerar ju bra så jag vet inte om det behövs?

 

[Magnus-Emtunga]

Nu är det läggdags ,jag kör igång F-secure innan så får jag se till morgonen hur det ser ut, och vilka frågor som skall ställas, men tack för idag.