Virus

[Magnus-Emtunga]

Realtidsgenomsökningen från F-secure hittade ett virus, den inte tog bort, kanske den kom från Carls mail till mig, för jag har inte varit aktiv på okända sidor,

 

Virusets namn

P2P-Worm-Win32 Baeterloh.bb

 

[log]Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 00:06:32, on 2009-02-10

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16762)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\brsvc01a.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\brss01a.exe

C:\Program\Delade filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program\Bonjour\mDNSResponder.exe

C:\Program\F-Secure Internet Security\Anti-Virus\fsgk32st.exe

C:\Program\F-Secure Internet Security\Common\FSMA32.EXE

C:\Program\F-Secure Internet Security\Anti-Virus\FSGK32.EXE

C:\Program\Java\jre6\bin\jqs.exe

C:\Program\F-Secure Internet Security\Common\FSMB32.EXE

C:\Program\Delade filer\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\PnkBstrA.exe

C:\WINDOWS\system32\PnkBstrB.exe

C:\Program\Telia\Supportassistent\bin\sprtsvc.exe

C:\WINDOWS\system32\svchost.exe

C:\Program\F-Secure Internet Security\Common\FCH32.EXE

C:\Program\F-Secure Internet Security\Anti-Virus\fssm32.exe

C:\Program\F-Secure Internet Security\Anti-Virus\fsqh.exe

C:\Program\F-Secure Internet Security\Common\FAMEH32.EXE

C:\Program\F-Secure Internet Security\FSAUA\program\fsaua.exe

C:\Program\F-Secure Internet Security\FSPC\fspc.exe

C:\Program\F-Secure Internet Security\FWES\Program\fsdfwd.exe

C:\Program\F-Secure Internet Security\FSAUA\program\fsus.exe

C:\Program\F-Secure Internet Security\Anti-Virus\fsav32.exe

C:\WINDOWS\Explorer.EXE

C:\Program\F-Secure Internet Security\Common\FSM32.EXE

C:\Program\Java\jre6\bin\jusched.exe

C:\Program\Telia\Supportassistent\bin\sprtcmd.exe

C:\Program\iTunes\iTunesHelper.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\Program\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Program\VIA\RAID\raid_tool.exe

C:\Program\F-Secure Internet Security\FSGUI\fsguidll.exe

C:\Program\Logitech\GamePanel Software\LCD Manager\LCDMon.exe

C:\Program\Logitech\GamePanel Software\G-series Software\LGDCore.exe

C:\Program\Logitech\GamePanel Software\LCD Manager\Applets\LCDClock.exe

C:\Program\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

C:\Program\Logitech\GamePanel Software\LCD Manager\Applets\LCDCountdown.exe

C:\Program\Windows Live\Messenger\MsnMsgr.Exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program\Logitech\GamePanel Software\LCD Manager\Applets\LCDMedia.exe

C:\Program\DNA\btdna.exe

C:\Program\Logitech\GamePanel Software\LCD Manager\Applets\LCDPop3.exe

C:\Program\Logitech\SetPoint\SetPoint.exe

C:\Program\iPod\bin\iPodService.exe

C:\Program\Delade filer\Logitech\KHAL\KHALMNPR.EXE

C:\Program\ATI Technologies\ATI.ACE\Core-Static\ccc.exe

C:\Program\Windows Live\Messenger\usnsvc.exe

C:\WINDOWS\System32\svchost.exe

C:\Program\F-Secure Internet Security\FSGUI\scanwizard.exe

C:\Program\Trend Micro\HijackThis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157'>http://go.microsoft.com/fwlink/?LinkId=69157'>http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896'>http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar

O2 - BHO: Länkhjälp till Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Delade filer\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program\Delade filer\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program\Java\jre6\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live inloggningshjälpen - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program\Delade filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program\google\googletoolbar2.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program\google\googletoolbar2.dll

O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program\F-Secure Internet Security\Common\FSM32.EXE" /splash

O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program\F-Secure Internet Security\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [Telia] "C:\Program\Telia\Supportassistent\bin\sprtcmd.exe" /P Telia

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [startCCC] "C:\Program\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

O4 - HKLM\..\Run: [RaidTool] C:\Program\VIA\RAID\raid_tool.exe

O4 - HKLM\..\Run: [Launch LCDMon] "C:\Program\Logitech\GamePanel Software\LCD Manager\LCDMon.exe"

O4 - HKLM\..\Run: [Launch LGDCore] "C:\Program\Logitech\GamePanel Software\G-series Software\LGDCore.exe" /SHOWHIDE

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKCU\..\Run: [LDM] C:\Program\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [bitTorrent DNA] "C:\Program\DNA\btdna.exe"

O4 - HKCU\..\Run: [Disk Cleaner] "C:\Program\Disk Cleaner\DiskCleaner.Exe" /boot

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJÄNST')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe

O4 - Global Startup: Logitech SetPoint.lnk = C:\Program\Logitech\SetPoint\SetPoint.exe

O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Föräldra-... - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program\F-Secure Internet Security\FSPC\fspcmsie.dll

O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program\F-Secure Internet Security\FSPC\fspcmsie.dll

O9 - Extra 'Tools' menuitem: Föräldra-... - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program\F-Secure Internet Security\FSPC\fspcmsie.dll

O9 - Extra button: Referensinformation - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.7.109.cab

O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6662.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1203245843546

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O18 - Protocol: bw+0 - {1EE92591-D63A-4A3F-BE79-CACA1F09AAE5} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw+0s - {1EE92591-D63A-4A3F-BE79-CACA1F09AAE5} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw-0 - {1EE92591-D63A-4A3F-BE79-CACA1F09AAE5} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw-0s - {1EE92591-D63A-4A3F-BE79-CACA1F09AAE5} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw00 - {1EE92591-D63A-4A3F-BE79-CACA1F09AAE5} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw00s - {1EE92591-D63A-4A3F-BE79-CACA1F09AAE5} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw10 - {1EE92591-D63A-4A3F-BE79-CACA1F09AAE5} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw10s - {1EE92591-D63A-4A3F-BE79-CACA1F09AAE5} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw20 - {1EE92591-D63A-4A3F-BE79-CACA1F09AAE5} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw20s - {1EE92591-D63A-4A3F-BE79-CACA1F09AAE5} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw30 - {1EE92591-D63A-4A3F-BE79-CACA1F09AAE5} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw30s - {1EE92591-D63A-4A3F-BE79-CACA1F09AAE5} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw40 - {1EE92591-D63A-4A3F-BE79-CACA1F09AAE5} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw40s - {1EE92591-D63A-4A3F-BE79-CACA1F09AAE5} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw50 - {1EE92591-D63A-4A3F-BE79-CACA1F09AAE5} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw50s - {1EE92591-D63A-4A3F-BE79-CACA1F09AAE5} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw60 - {1EE92591-D63A-4A3F-BE79-CACA1F09AAE5} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw60s - {1EE92591-D63A-4A3F-BE79-CACA1F09AAE5} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw70 - {1EE92591-D63A-4A3F-BE79-CACA1F09AAE5} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw70s - {1EE92591-D63A-4A3F-BE79-CACA1F09AAE5} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw80 - {1EE92591-D63A-4A3F-BE79-CACA1F09AAE5} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw80s - {1EE92591-D63A-4A3F-BE79-CACA1F09AAE5} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw90 - {1EE92591-D63A-4A3F-BE79-CACA1F09AAE5} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw90s - {1EE92591-D63A-4A3F-BE79-CACA1F09AAE5} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwa0 - {1EE92591-D63A-4A3F-BE79-CACA1F09AAE5} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwa0s - {1EE92591-D63A-4A3F-BE79-CACA1F09AAE5} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwb0 - {1EE92591-D63A-4A3F-BE79-CACA1F09AAE5} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwb0s - {1EE92591-D63A-4A3F-BE79-CACA1F09AAE5} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwc0 - {1EE92591-D63A-4A3F-BE79-CACA1F09AAE5} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwc0s - {1EE92591-D63A-4A3F-BE79-CACA1F09AAE5} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwd0 - {1EE92591-D63A-4A3F-BE79-CACA1F09AAE5} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwd0s - {1EE92591-D63A-4A3F-BE79-CACA1F09AAE5} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwe0 - {1EE92591-D63A-4A3F-BE79-CACA1F09AAE5} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwe0s - {1EE92591-D63A-4A3F-BE79-CACA1F09AAE5} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwf0 - {1EE92591-D63A-4A3F-BE79-CACA1F09AAE5} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwf0s - {1EE92591-D63A-4A3F-BE79-CACA1F09AAE5} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll

O18 - Protocol: bwg0 - {1EE92591-D63A-4A3F-BE79-CACA1F09AAE5} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwg0s - {1EE92591-D63A-4A3F-BE79-CACA1F09AAE5} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwh0 - {1EE92591-D63A-4A3F-BE79-CACA1F09AAE5} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwh0s - {1EE92591-D63A-4A3F-BE79-CACA1F09AAE5} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwi0 - {1EE92591-D63A-4A3F-BE79-CACA1F09AAE5} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwi0s - {1EE92591-D63A-4A3F-BE79-CACA1F09AAE5} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwj0 - {1EE92591-D63A-4A3F-BE79-CACA1F09AAE5} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwj0s - {1EE92591-D63A-4A3F-BE79-CACA1F09AAE5} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwk0 - {1EE92591-D63A-4A3F-BE79-CACA1F09AAE5} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwk0s - {1EE92591-D63A-4A3F-BE79-CACA1F09AAE5} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwl0 - {1EE92591-D63A-4A3F-BE79-CACA1F09AAE5} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwl0s - {1EE92591-D63A-4A3F-BE79-CACA1F09AAE5} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwm0 - {1EE92591-D63A-4A3F-BE79-CACA1F09AAE5} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwm0s - {1EE92591-D63A-4A3F-BE79-CACA1F09AAE5} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwn0 - {1EE92591-D63A-4A3F-BE79-CACA1F09AAE5} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwn0s - {1EE92591-D63A-4A3F-BE79-CACA1F09AAE5} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwo0 - {1EE92591-D63A-4A3F-BE79-CACA1F09AAE5} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwo0s - {1EE92591-D63A-4A3F-BE79-CACA1F09AAE5} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwp0 - {1EE92591-D63A-4A3F-BE79-CACA1F09AAE5} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwp0s - {1EE92591-D63A-4A3F-BE79-CACA1F09AAE5} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwq0 - {1EE92591-D63A-4A3F-BE79-CACA1F09AAE5} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwq0s - {1EE92591-D63A-4A3F-BE79-CACA1F09AAE5} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwr0 - {1EE92591-D63A-4A3F-BE79-CACA1F09AAE5} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwr0s - {1EE92591-D63A-4A3F-BE79-CACA1F09AAE5} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bws0 - {1EE92591-D63A-4A3F-BE79-CACA1F09AAE5} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bws0s - {1EE92591-D63A-4A3F-BE79-CACA1F09AAE5} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwt0 - {1EE92591-D63A-4A3F-BE79-CACA1F09AAE5} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwt0s - {1EE92591-D63A-4A3F-BE79-CACA1F09AAE5} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwu0 - {1EE92591-D63A-4A3F-BE79-CACA1F09AAE5} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwu0s - {1EE92591-D63A-4A3F-BE79-CACA1F09AAE5} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwv0 - {1EE92591-D63A-4A3F-BE79-CACA1F09AAE5} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwv0s - {1EE92591-D63A-4A3F-BE79-CACA1F09AAE5} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bww0 - {1EE92591-D63A-4A3F-BE79-CACA1F09AAE5} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bww0s - {1EE92591-D63A-4A3F-BE79-CACA1F09AAE5} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwx0 - {1EE92591-D63A-4A3F-BE79-CACA1F09AAE5} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwx0s - {1EE92591-D63A-4A3F-BE79-CACA1F09AAE5} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwy0 - {1EE92591-D63A-4A3F-BE79-CACA1F09AAE5} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwy0s - {1EE92591-D63A-4A3F-BE79-CACA1F09AAE5} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwz0 - {1EE92591-D63A-4A3F-BE79-CACA1F09AAE5} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwz0s - {1EE92591-D63A-4A3F-BE79-CACA1F09AAE5} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: offline-8876480 - {1EE92591-D63A-4A3F-BE79-CACA1F09AAE5} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program\Delade filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: Bonjour-tjänst (Bonjour Service) - Apple Inc. - C:\Program\Bonjour\mDNSResponder.exe

O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe

O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program\F-Secure Internet Security\Anti-Virus\fsgk32st.exe

O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program\F-Secure Internet Security\FSAUA\program\fsaua.exe

O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program\F-Secure Internet Security\FWES\Program\fsdfwd.exe

O23 - Service: FSMA - F-Secure Corporation - C:\Program\F-Secure Internet Security\Common\FSMA32.EXE

O23 - Service: F-Secure ORSP Client (FSORSPClient) - F-Secure Corporation - C:\Program\F-Secure Internet Security\ORSP Client\fsorsp.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program\iPod\bin\iPodService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program\Java\jre6\bin\jqs.exe

O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe

O23 - Service: SupportSoft Sprocket Service (telia) (sprtsvc_telia) - SupportSoft, Inc. - C:\Program\Telia\Supportassistent\bin\sprtsvc.exe

O23 - Service: SupportSoft RemoteAssist - SupportSoft, Inc. - C:\Program\Delade filer\SupportSoft\bin\ssrc.exe

 

--

End of file - 22137 bytes

[/log]

 

Tacksam för hjälp

 

[Cecilia]

Worm = mask, låter som det skulle kunna vara ett mejl. Går det inte att få fram var F-secure hittade masken?

 

[Magnus-Emtunga]

Resultat

Inga skadliga program hittades P2P-Worm.Win32.Bacteraloh.bb (virus)

C:\Program\InstallShield Installation Information\{4389B230-EED4-4377-BD52-509E9DE8579C}\Setup.exe Åtgärd: MISSLYCKADES

 

 

[Cecilia]

Hmm, en installationsfil alltså, men det behöver inte vara något som du har laddat ner nu utan det kan ju vara länge sedan men att det är först nu som F-secure har blivit uppdaterad att detektera filen.

P2P står det, då är det nog något som sprids i fildelningsnätverk.

 

[Magnus-Emtunga]

Vad är fildelningsnätverk?. och har du några förslag på program att köra ett nytt försök att ta bort det?

 

[Cecilia]

Fildelningsnätverk, det är sådant som torrentprogram, DC++ etc använder sig av. Du har automatisk uppstart av BitTorrent ser jag.

 

C:\Program\InstallShield Installation Information\{4389B230-EED4-4377-BD52-509E9DE8579C}\Setup.exe

Filen är inte skadlig så länge den ligger där utan att startas. Däremot när man kör den så kommer den att kunna skada datorn.

Går det inte att ta bort filen med Utforskaren eller Den här datorn?

 

[Magnus-Emtunga]

C:\Program\InstallShield Installation Information\{4389B230-EED4-4377-BD52-509E9DE8579C}\Setup.exe

 

Öppnade mappen och F-secure svarade geanst med att vilja ta bort viruset, kör just nu...om inte kan jag deleta hela mappen genom att försöka plocka bort den till papperskorgen eller så?.. ingen risk att jag ställer till något genom att ta bort alltihop i mappen menar jag

 

[Magnus-Emtunga]

Nä, åter igen gick det inte att ta bort viruset, men valde att pricka i placera i karantän, det verkade gå bra....vad tror du om detta.

 

Resultat: 1 skadligt program hittades

P2P-Worm.Win32.Bacteraloh.bb (virus)

C:\Program\InstallShield Installation Information\{4389B230-EED4-4377-BD52-509E9DE8579C}\Setup.exe Åtgärd: placerats i karantän

 

Håller det viruset i väck, eller kan det fortsätta ställa till problem? och tycker du jag skall låta det ligga där eller ta bort det från karantän.

 

Tack för hjälpen att hitta var viruset låg, C:\Program\InstallShield Installation Information\{4389B230-EED4-4377-BD52-509E9DE8579C}\Setup.exe

 

Nu är det lokaliserat och i karantän, skall jag ta bort Bittorrent och ladda ner vid behov, använder det inte så ofta om det nu kan ställa till problem menar jag.

 

Tack skall du ha för hjälpen!

 

 

[inlägget ändrat 2009-02-10 01:47:48 av Magnus-Emtunga]

[Cecilia]

Man ska alltid välja att sätta filer som antivirusprogram etc hittar i karantän, för det händer då och då att programmen falsklarmar. Filer som ligger i karantän kan inte köras så de är oskadliggjorda.

 

Det är alltid riskfyllt att ladda ner filer.

 

Här kan du läsa mina vanliga råd för en säkrare dator, men det är så klart viktigt att man använder sitt förnuft också.

http://ceblstockholm.googlepages.com/home

 

 

[Magnus-Emtunga]

Genom via ditt tips till carl att köra Malwarebytes' Anti-Malware, plockade den fram två liknande virus till som jag lade i karantän, på F-secure.

 

[Cecilia]

Jag förstår inte riktigt, du söker igenom datorn med MBAM med de skadliga filerna hamnar i F-secures karatän. Har jag missuppfattat något?