Just nu i M3-nätverket
Jump to content

Kan inte rensa virus


corneliu99

Recommended Posts

Hej, Jag tycks har fått in ett virus i datorn, 'adklicker' som Symantec inte kan rensa. Dessutom får jag var och varannan minut ett pop up fönster med reklam för virusprogram, pokerspel m m. Hur tusan ska bli av med skärpet? Har kört Adware också men utan framgång. Är enda möjligheten att formattera och instalera allt på nytt? Till råga på allt påstår Microsoft att min XP är en illegal kopia!

 

Link to comment
Share on other sites

adaware kan du kasta ut!

 

spara denna fil på skrivbordet.

http://www.thespykiller.co.uk/files/HJTsetup.exe

dubbelklicka på filen >installera >när HJT öppnas klicka på "do a system scan and save logfile" >posta den loggen

 

hämta denna fil >spara den på skrivbordet.

http://siri.urz.free.fr/Fix/SmitfraudFix.exe

dubbelklicka på exe filen >välj tillåt om brandväggen frågar >klicka på valfri tangent >skriv 1 >enter.

posta loggen som visas automatiskt

 

 

[inlägget ändrat 2007-04-30 11:06:44 av 927]

Link to comment
Share on other sites

Hel Och Ren

 

Hej

 

adaware kan du kasta ut!

 

*LER*

 

En som jag även kör med Ad-Awere och Spy-Bot är AVG anti spy-Ware som JAG tycker är Bra!

 

Sen så finns det en uppsjö av sådana program på exvis: http://www.download.com/Security-Spyware/2001-2023_4-0.html?tag=dir

 

Men jag håller dock inte med 927 i hans tycke OM Ad-Aware då denna hittar vissa som dock inte andra hittar!

 

Men det är som jag tycker!

 

Teori är när man vet allt och ingenting fungerar.

Teori och praktik förenas när ingenting fungerar och ingen vet varför

AMD939 2,25Ghz,2x512Mb i Dual 800Mhz,s-ata 400+160Gb+80Gb Extern,Nvidia PCI-E 7600GT

 

Link to comment
Share on other sites

"Sen så finns det en uppsjö av sådana program på exvis:"

Fast det gäller ju att veta vad som är vettigt att ha. AVG Anti-Spyware och SUPERAntiSpyware verkar väl vara de gratis antispionprogram som har haft bäst effekt sista året.

 

 

Link to comment
Share on other sites

corneliu99

Loggen:

Logfile of HijackThis v1.99.1

Scan saved at 22:07:29, on 2007-05-01

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program\Delade filer\Acronis\Schedule2\schedul2.exe

C:\Program\SYMANT~1\SYMANT~1\DefWatch.exe

C:\Program\Executive Software\Diskeeper\DkService.exe

C:\Program\Delade filer\Microsoft Shared\VS7Debug\mdm.exe

C:\Program\SYMANT~1\SYMANT~1\Rtvscan.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\Program\NVIDIA Corporation\NvMixer\NVMixerTray.exe

C:\Program\ATI Technologies\ATI Control Panel\atiptaxx.exe

C:\Program\Microsoft IntelliPoint\point32.exe

C:\Program\SYMANT~1\SYMANT~1\vptray.exe

C:\WINDOWS\system32\iid.exe

C:\Program\Macrogaming\SweetIM\SweetIM.exe

C:\Program\Java\jre1.5.0_11\bin\jusched.exe

C:\Program\ScanSoft\OmniPageSE\opware32.exe

C:\Program\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe

C:\Program\Acronis\TrueImageHome\TrueImageMonitor.exe

C:\Program\Acronis\TrueImageHome\TimounterMonitor.exe

C:\Program\Delade filer\Acronis\Schedule2\schedhlp.exe

C:\Program\CyberLink\PowerDVD\PDVDServ.exe

C:\Program\QuickTime\qttask.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program\Messenger\msmsgs.exe

C:\DOCUME~1\stinger\MINADO~1\DOBE~1\ntvdm.exe

C:\Program\??crosoft.NET\d?dplay.exe

C:\Program\Ipwindows\ipwins.exe

C:\WINDOWS\system32\WgaTray.exe

C:\Program\D-Link\D-Link AirPlus G+ Wireless Adapter Utility\DWLGTI.EXE

C:\WINDOWS\System32\svchost.exe

C:\Program\MSN Messenger\msnmsgr.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Program\MSN Messenger\usnsvc.exe

C:\Program\ICQLite\ICQLite.exe

C:\Program\Internet Explorer\iexplore.exe

C:\Program\Delade filer\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\Program\Hijackthis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.copi.se/

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar

R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program\Macrogaming\SweetIMBarForIE\toolbar.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)

O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program\Macrogaming\SweetIMBarForIE\toolbar.dll

O3 - Toolbar: (no name) - {C1B4DEC2-2623-438e-9CA2-C9043AB28508} - (no file)

O4 - HKLM\..\Run: [NVMixerTray] "C:\Program\NVIDIA Corporation\NvMixer\NVMixerTray.exe"

O4 - HKLM\..\Run: [NVIDIA nTune] "C:\Program\NVIDIA Corporation\nTune\\nTune.exe" clear

O4 - HKLM\..\Run: [PCLEPCI] C:\Program\PINNAC~1\PPE\PPE.EXE

O4 - HKLM\..\Run: [ATIPTA] C:\Program\ATI Technologies\ATI Control Panel\atiptaxx.exe

O4 - HKLM\..\Run: [intelliPoint] "C:\Program\Microsoft IntelliPoint\point32.exe"

O4 - HKLM\..\Run: [vptray] C:\Program\SYMANT~1\SYMANT~1\vptray.exe

O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon

O4 - HKLM\..\Run: [Net iD] C:\WINDOWS\system32\iid.exe

O4 - HKLM\..\Run: [sweetIM] C:\Program\Macrogaming\SweetIM\SweetIM.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program\Java\jre1.5.0_11\bin\jusched.exe"

O4 - HKLM\..\Run: [Omnipage] C:\Program\ScanSoft\OmniPageSE\opware32.exe

O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program\Executive Software\Diskeeper\DkIcon.exe"

O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"

O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program\Acronis\TrueImageHome\TrueImageMonitor.exe

O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program\Acronis\TrueImageHome\TimounterMonitor.exe

O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program\Delade filer\Acronis\Schedule2\schedhlp.exe"

O4 - HKLM\..\Run: [RemoteControl] C:\Program\CyberLink\PowerDVD\PDVDServ.exe

O4 - HKLM\..\Run: [Windows] rundll32.exe

O4 - HKLM\..\Run: [PrintDrive] rundll32.exe "C:\WINDOWS\system32\txndohqq.dll",setvm

O4 - HKLM\..\Run: [infoData] rundll32.exe "C:\WINDOWS\system32\xjgmkaet.dll",realset

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\RunServices: [Windows] rundll32.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Program\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [sweetIM] C:\Program\Macrogaming\SweetIM\SweetIM.exe

O4 - HKCU\..\Run: [updateMgr] "C:\Program\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1

O4 - HKCU\..\Run: [saao] "C:\DOCUME~1\stinger\MINADO~1\DOBE~1\ntvdm.exe" -vt yazb

O4 - HKCU\..\Run: [Okkfs] C:\Program\??crosoft.NET\d?dplay.exe

O4 - HKCU\..\Run: [ipWins] C:\Program\Ipwindows\ipwins.exe

O4 - HKCU\..\RunOnce: [iCQ Lite] C:\Program\ICQLite\ICQLite.exe -trayboot

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: D-Link AirPlus G+ Wireless Adapter Utility.lnk = C:\Program\D-Link\D-Link AirPlus G+ Wireless Adapter Utility\DWLGTI.EXE

O4 - Global Startup: Microsoft Office.lnk = C:\Program\Microsoft Office\Office10\OSA.EXE

O8 - Extra context menu item: &Google Search - res://C:\Program\Google\GoogleToolbar1.dll/cmsearch.html

O8 - Extra context menu item: Backward &Links - res://C:\Program\Google\GoogleToolbar1.dll/cmbacklinks.html

O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program\Google\GoogleToolbar1.dll/cmcache.html

O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~2\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Si&milar Pages - res://C:\Program\Google\GoogleToolbar1.dll/cmsimilar.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_11\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_11\bin\ssv.dll

O9 - Extra button: Referensinformation - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program\ICQLite\ICQLite.exe

O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program\ICQLite\ICQLite.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O15 - Trusted Zone: *.sf-anytime.com

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {5BF56AD2-E297-416E-BC49-000004010011} - https://cve.trust.telia.com/TeliaElegUpgrade/iidsetup.cab

O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - http://support.f-secure.com/ols/fscax.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{3C48B3B1-E502-470C-83C4-73A7EC329671}: NameServer = 192.168.100.1

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program\MSNMES~1\MSGRAP~1.DLL

O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program\Delade filer\Acronis\Schedule2\schedul2.exe

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program\Delade filer\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: Client IP-IPX - Unknown owner - C:\WINDOWS\system32\svchosts.exe" -e mc-110-12-0000627 (file missing)

O23 - Service: DefWatch - Symantec Corporation - C:\Program\SYMANT~1\SYMANT~1\DefWatch.exe

O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program\Executive Software\Diskeeper\DkService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program\Delade filer\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPodService - Apple Computer, Inc. - C:\Program\iPod\bin\iPodService.exe

O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program\SYMANT~1\SYMANT~1\Rtvscan.exe

 

 

 

 

Link to comment
Share on other sites

corneliu99

SmitFraudFix v2.171

 

Scan done at 22:10:25,75, 2007-05-01

Run from C:\Documents and Settings\stinger\Skrivbord\SmitfraudFix

OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT

The filesystem type is NTFS

Fix run in normal mode

 

»»»»»»»»»»»»»»»»»»»»»»»» Process

 

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program\Delade filer\Acronis\Schedule2\schedul2.exe

C:\Program\SYMANT~1\SYMANT~1\DefWatch.exe

C:\Program\Executive Software\Diskeeper\DkService.exe

C:\Program\Delade filer\Microsoft Shared\VS7Debug\mdm.exe

C:\Program\SYMANT~1\SYMANT~1\Rtvscan.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\Program\NVIDIA Corporation\NvMixer\NVMixerTray.exe

C:\Program\ATI Technologies\ATI Control Panel\atiptaxx.exe

C:\Program\Microsoft IntelliPoint\point32.exe

C:\Program\SYMANT~1\SYMANT~1\vptray.exe

C:\WINDOWS\system32\iid.exe

C:\Program\Macrogaming\SweetIM\SweetIM.exe

C:\Program\Java\jre1.5.0_11\bin\jusched.exe

C:\Program\ScanSoft\OmniPageSE\opware32.exe

C:\Program\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe

C:\Program\Acronis\TrueImageHome\TrueImageMonitor.exe

C:\Program\Acronis\TrueImageHome\TimounterMonitor.exe

C:\Program\Delade filer\Acronis\Schedule2\schedhlp.exe

C:\Program\CyberLink\PowerDVD\PDVDServ.exe

C:\Program\QuickTime\qttask.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program\Messenger\msmsgs.exe

C:\DOCUME~1\stinger\MINADO~1\DOBE~1\ntvdm.exe

 

»»»»»»»»»»»»»»»»»»»»»»»» hosts

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\stinger

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\stinger\Application Data

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Start Menu

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\stinger\FAVORI~1

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Desktop

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\Program

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys

 

HKLM\SOFTWARE\WinHound.com FOUND !

 

»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]

"Source"="C:\\WINDOWS\\warnhp.html"

"SubscribedURL"=""

"FriendlyName"="Warning homepage"

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler

!!!Attention, following keys are not inevitably infected!!!

 

SrchSTS.exe by S!Ri

Search SharedTaskScheduler's .dll

 

 

»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs

!!!Attention, following keys are not inevitably infected!!!

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"AppInit_DLLs"=""

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System

!!!Attention, following keys are not inevitably infected!!!

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]

"System"=""

 

 

»»»»»»»»»»»»»»»»»»»»»»»» pe386-msguard-lzx32-huy32

 

 

 

»»»»»»»»»»»»»»»»»»»»»»»» DNS

 

Description: Marvell Yukon Gigabit Ethernet 10/100/1000Base-T Adapter, Copper RJ-45 - Miniport för paketschemaläggning

DNS Server Search Order: 195.67.199.15

DNS Server Search Order: 195.67.199.16

 

HKLM\SYSTEM\CCS\Services\Tcpip\..\{362824E3-2BF8-4546-849A-7964AEF5C3C1}: DhcpNameServer=195.67.199.15 195.67.199.16

HKLM\SYSTEM\CCS\Services\Tcpip\..\{3C48B3B1-E502-470C-83C4-73A7EC329671}: NameServer=192.168.100.1

HKLM\SYSTEM\CS1\Services\Tcpip\..\{3C48B3B1-E502-470C-83C4-73A7EC329671}: DhcpNameServer=192.168.100.1

HKLM\SYSTEM\CS2\Services\Tcpip\..\{362824E3-2BF8-4546-849A-7964AEF5C3C1}: DhcpNameServer=195.67.199.15 195.67.199.16

HKLM\SYSTEM\CS2\Services\Tcpip\..\{3C48B3B1-E502-470C-83C4-73A7EC329671}: NameServer=192.168.100.1

HKLM\SYSTEM\CS3\Services\Tcpip\..\{362824E3-2BF8-4546-849A-7964AEF5C3C1}: DhcpNameServer=195.67.199.15 195.67.199.16

HKLM\SYSTEM\CS3\Services\Tcpip\..\{3C48B3B1-E502-470C-83C4-73A7EC329671}: NameServer=192.168.100.1

HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=195.67.199.15 195.67.199.16

HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.100.1

HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=195.67.199.15 195.67.199.16

HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=195.67.199.15 195.67.199.16

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection

 

 

»»»»»»»»»»»»»»»»»»»»»»»» End

 

 

 

 

Link to comment
Share on other sites

 

det fanns en del ja. vi kör två scanners, installera >uppdatera superantispyware.

scan computer >välj complete scan >klicka på next >starta om.

öppna superantispyware >preferences >statistics/logs >markera senaste loggen >view >kopiera in det i loggen här.

http://www.superantispyware.com/downloads/SUPERAntiSpyware.exe

 

sen kör du SDFix.

http://downloads.andymanchesta.com/RemovalTools/SDFix.exe

spara filen på skrivbordet >klicka på SDFix.exe >sdfixen packas upp här: C:\SDFix.

 

starta om i felsäkert läge (F8) >gå hit: C:\SDFix >klicka på runthis.bat >välj y.

 

när scanningen är klar så tryck på valfri tangent för att starta om.

när det står finished så tryck på valfri tangent. en logg kommer automatiskt att visas, kopiera in loggen här.

 

gör även en scan med HJT efter att du kört SDFix så det blir alltså tre loggar som jag vill se

 

Link to comment
Share on other sites

corneliu99

SUPERAntiSpyware Scan Log

http://www.superantispyware.com

 

Generated 05/02/2007 at 09:26 AM

 

Application Version : 3.7.1018

 

Core Rules Database Version : 3229

Trace Rules Database Version: 1240

 

Scan type : Complete Scan

Total Scan Time : 00:28:57

 

Memory items scanned : 537

Memory threats detected : 8

Registry items scanned : 6119

Registry threats detected : 119

File items scanned : 41016

File threats detected : 291

 

Trojan.WinFixer

C:\WINDOWS\SYSTEM32\MLLMM.DLL

C:\WINDOWS\SYSTEM32\MLLMM.DLL

HKLM\Software\Classes\CLSID\{57B46A64-7EFC-493C-9B80-21D3BD9CBF34}

HKCR\CLSID\{57B46A64-7EFC-493C-9B80-21D3BD9CBF34}

HKCR\CLSID\{57B46A64-7EFC-493C-9B80-21D3BD9CBF34}\InprocServer32

HKCR\CLSID\{57B46A64-7EFC-493C-9B80-21D3BD9CBF34}\InprocServer32#ThreadingModel

HKLM\Software\Classes\CLSID\{700F9980-EB30-4278-8A4D-6EBB95671009}

HKCR\CLSID\{700F9980-EB30-4278-8A4D-6EBB95671009}

HKCR\CLSID\{700F9980-EB30-4278-8A4D-6EBB95671009}\InprocServer32

HKCR\CLSID\{700F9980-EB30-4278-8A4D-6EBB95671009}\InprocServer32#ThreadingModel

HKLM\Software\Classes\CLSID\{79F8174A-BB26-4745-B5A2-E1070508B05D}

HKCR\CLSID\{79F8174A-BB26-4745-B5A2-E1070508B05D}

HKCR\CLSID\{79F8174A-BB26-4745-B5A2-E1070508B05D}\InprocServer32

HKCR\CLSID\{79F8174A-BB26-4745-B5A2-E1070508B05D}\InprocServer32#ThreadingModel

HKLM\Software\Classes\CLSID\{86D93E01-9844-47C7-AAE2-343E67870613}

HKCR\CLSID\{86D93E01-9844-47C7-AAE2-343E67870613}

HKCR\CLSID\{86D93E01-9844-47C7-AAE2-343E67870613}\InprocServer32

HKCR\CLSID\{86D93E01-9844-47C7-AAE2-343E67870613}\InprocServer32#ThreadingModel

HKLM\Software\Classes\CLSID\{A8C7FFEB-D25C-4454-950B-FB942B858BC9}

HKCR\CLSID\{A8C7FFEB-D25C-4454-950B-FB942B858BC9}

HKCR\CLSID\{A8C7FFEB-D25C-4454-950B-FB942B858BC9}\InprocServer32

HKCR\CLSID\{A8C7FFEB-D25C-4454-950B-FB942B858BC9}\InprocServer32#ThreadingModel

HKLM\Software\Classes\CLSID\{AD7E93E0-5323-422C-B54B-F862A4A99382}

HKCR\CLSID\{AD7E93E0-5323-422C-B54B-F862A4A99382}

HKCR\CLSID\{AD7E93E0-5323-422C-B54B-F862A4A99382}\InprocServer32

HKCR\CLSID\{AD7E93E0-5323-422C-B54B-F862A4A99382}\InprocServer32#ThreadingModel

HKLM\Software\Classes\CLSID\{C2D2D756-938A-49CC-A246-A1F0113A03F5}

HKCR\CLSID\{C2D2D756-938A-49CC-A246-A1F0113A03F5}

HKCR\CLSID\{C2D2D756-938A-49CC-A246-A1F0113A03F5}\InprocServer32

HKCR\CLSID\{C2D2D756-938A-49CC-A246-A1F0113A03F5}\InprocServer32#ThreadingModel

HKLM\Software\Classes\CLSID\{EFF92ED1-C75B-45CC-A92A-00D00115CE25}

HKCR\CLSID\{EFF92ED1-C75B-45CC-A92A-00D00115CE25}

HKCR\CLSID\{EFF92ED1-C75B-45CC-A92A-00D00115CE25}\InprocServer32

HKCR\CLSID\{EFF92ED1-C75B-45CC-A92A-00D00115CE25}\InprocServer32#ThreadingModel

HKLM\Software\Classes\CLSID\{FA518B46-CCBB-42C4-B045-49AD089FE8EA}

HKCR\CLSID\{FA518B46-CCBB-42C4-B045-49AD089FE8EA}

HKCR\CLSID\{FA518B46-CCBB-42C4-B045-49AD089FE8EA}\InprocServer32

HKCR\CLSID\{FA518B46-CCBB-42C4-B045-49AD089FE8EA}\InprocServer32#ThreadingModel

HKLM\Software\Classes\CLSID\{FC508C67-E5BF-4DBF-9B7B-79413FCAAD43}

HKCR\CLSID\{FC508C67-E5BF-4DBF-9B7B-79413FCAAD43}

HKCR\CLSID\{FC508C67-E5BF-4DBF-9B7B-79413FCAAD43}\InprocServer32

HKCR\CLSID\{FC508C67-E5BF-4DBF-9B7B-79413FCAAD43}\InprocServer32#ThreadingModel

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A8C7FFEB-D25C-4454-950B-FB942B858BC9}

Software\Microsoft\Windows NT\CurrentVersion\WinLogon\Notify\mllmm

 

Trojan.Downloader-Gen/HardFall

C:\WINDOWS\SYSTEM32\XXYWWVS.DLL

C:\WINDOWS\SYSTEM32\XXYWWVS.DLL

 

Adware.ClickSpring-Variant

C:\DOCUME~1\STINGER\MINADO~1\DOBE~1\NTVDM.EXE

C:\DOCUME~1\STINGER\MINADO~1\DOBE~1\NTVDM.EXE

C:\WINDOWS\Prefetch\NTVDM.EXE-2F54EA30.pf

 

Adware.ClickSpring/Resident

C:\Program\CROSOF~1.NET\DDPLAY~1.EXE

C:\Program\CROSOF~1.NET\DDPLAY~1.EXE

 

Adware.IPWins

C:\PROGRAM\IPWINDOWS\IPWINS.EXE

C:\PROGRAM\IPWINDOWS\IPWINS.EXE

[ipWins] C:\PROGRAM\IPWINDOWS\IPWINS.EXE

HKU\S-1-5-21-602162358-920026266-839522115-1003\Software\IpWins

C:\Program\ipwindows\ipwins.dll

C:\Program\ipwindows\UnInstall.exe

C:\Program\ipwindows

C:\RECYCLER\S-1-5-21-602162358-920026266-839522115-1003\DC8\IPWINS.EXE

C:\WINDOWS\Prefetch\IPWINS.EXE-38CEB50D.pf

 

Trojan.Downloader-CREW

C:\WINDOWS\SYSTEM32\NTULXKHM.DLL

C:\WINDOWS\SYSTEM32\NTULXKHM.DLL

HKLM\Software\Classes\CLSID\{40E0D9C3-956B-4B5F-B05C-F00EC265A6F6}

HKCR\CLSID\{40E0D9C3-956B-4B5F-B05C-F00EC265A6F6}

HKCR\CLSID\{40E0D9C3-956B-4B5F-B05C-F00EC265A6F6}\InprocServer32

HKCR\CLSID\{40E0D9C3-956B-4B5F-B05C-F00EC265A6F6}\InprocServer32#ThreadingModel

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{40E0D9C3-956B-4B5F-B05C-F00EC265A6F6}

 

Unclassified.Unknown Origin

C:\WINDOWS\SYSTEM32\VOBCFVP.DLL

C:\WINDOWS\SYSTEM32\VOBCFVP.DLL

HKLM\Software\Classes\CLSID\{66E5A715-3480-6D26-F63B-6AE348E2F9E1}

HKCR\CLSID\{66E5A715-3480-6D26-F63B-6AE348E2F9E1}

HKCR\CLSID\{66E5A715-3480-6D26-F63B-6AE348E2F9E1}\InprocServer32

HKCR\CLSID\{66E5A715-3480-6D26-F63B-6AE348E2F9E1}\InprocServer32#ThreadingModel

HKCR\CLSID\{66E5A715-3480-6D26-F63B-6AE348E2F9E1}\Programmable

HKCR\CLSID\{66E5A715-3480-6D26-F63B-6AE348E2F9E1}\TypeLib

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{66E5A715-3480-6D26-F63B-6AE348E2F9E1}

HKLM\Software\Microsoft\Internet Explorer\Toolbar#{C1B4DEC2-2623-438e-9CA2-C9043AB28508}

C:\DC++\SOFTWARE - BLANDAT\_BRäNNARPROGRAM\NERO 6.6.0.6 SUITE YAHAA.ORG ,INKL RECODE\NERO 6.6.0.6 INC RECODE\KEYGEN.EXE

 

Trojan.Downloader-Gen/LIB

C:\WINDOWS\SYSTEM32\SEGPETXO.DLL

C:\WINDOWS\SYSTEM32\SEGPETXO.DLL

 

Worm.Sober Variant

[saao] C:\DOCUME~1\STINGER\MINADO~1\DOBE~1\NTVDM.EXE

C:\DOCUMENTS AND SETTINGS\STINGER\MINA DOKUMENT\DOBE~1\NTVDM.EXE

 

Adware.Vundo Variant

HKLM\Software\Classes\CLSID\{1557B435-8242-4686-9AA3-9265BF7525A4}

HKCR\CLSID\{1557B435-8242-4686-9AA3-9265BF7525A4}

HKCR\CLSID\{1557B435-8242-4686-9AA3-9265BF7525A4}\InprocServer32

HKCR\CLSID\{1557B435-8242-4686-9AA3-9265BF7525A4}\InprocServer32#ThreadingModel

C:\WINDOWS\SYSTEM32\IRMCLWIN.DLL

HKLM\Software\Classes\CLSID\{67C55A8D-E808-4caa-9EA7-F77102DE0BB6}

HKCR\CLSID\{67C55A8D-E808-4CAA-9EA7-F77102DE0BB6}

HKCR\CLSID\{67C55A8D-E808-4CAA-9EA7-F77102DE0BB6}\InprocServer32

HKCR\CLSID\{67C55A8D-E808-4CAA-9EA7-F77102DE0BB6}\InprocServer32#ThreadingModel

C:\WINDOWS\SYSTEM32\YJVHPIMD.DLL

HKLM\Software\Classes\CLSID\{80440127-2315-4464-88B9-7ACB72F43ADB}

HKCR\CLSID\{80440127-2315-4464-88B9-7ACB72F43ADB}

HKCR\CLSID\{80440127-2315-4464-88B9-7ACB72F43ADB}\InprocServer32

HKCR\CLSID\{80440127-2315-4464-88B9-7ACB72F43ADB}\InprocServer32#ThreadingModel

HKLM\Software\Classes\CLSID\{D651AFF4-9590-424d-BD1E-8E33E090DFB3}

HKCR\CLSID\{D651AFF4-9590-424D-BD1E-8E33E090DFB3}

HKCR\CLSID\{D651AFF4-9590-424D-BD1E-8E33E090DFB3}\InprocServer32

HKCR\CLSID\{D651AFF4-9590-424D-BD1E-8E33E090DFB3}\InprocServer32#ThreadingModel

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{80440127-2315-4464-88B9-7ACB72F43ADB}

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D651AFF4-9590-424d-BD1E-8E33E090DFB3}

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks#{80440127-2315-4464-88B9-7ACB72F43ADB}

Software\Microsoft\Windows NT\CurrentVersion\WinLogon\Notify\xxywwvs

HKCR\CLSID\{1557B435-8242-4686-9AA3-9265BF7525A4}

HKCR\CLSID\{67C55A8D-E808-4CAA-9EA7-F77102DE0BB6}

HKCR\CLSID\{80440127-2315-4464-88B9-7ACB72F43ADB}

HKCR\CLSID\{D651AFF4-9590-424D-BD1E-8E33E090DFB3}

 

Adware.Tracking Cookie

C:\Documents and Settings\stinger\Cookies\stinger@ocxxx[2].txt

C:\Documents and Settings\stinger\Cookies\stinger@list[2].txt

C:\Documents and Settings\stinger\Cookies\stinger@aua[1].txt

C:\Documents and Settings\stinger\Cookies\stinger@posten[1].txt

C:\Documents and Settings\stinger\Cookies\stinger@belnk[1].txt

C:\Documents and Settings\stinger\Cookies\stinger@cgi-bin[1].txt

C:\Documents and Settings\stinger\Cookies\stinger@adtech[2].txt

C:\Documents and Settings\stinger\Cookies\stinger@ebookers[1].txt

C:\Documents and Settings\stinger\Cookies\stinger@www.amaena[2].txt

C:\Documents and Settings\stinger\Cookies\stinger@cgi-bin[4].txt

C:\Documents and Settings\stinger\Cookies\stinger@m1.webstats4u[1].txt

C:\Documents and Settings\stinger\Cookies\stinger@ads.porn-a-licious[2].txt

C:\Documents and Settings\stinger\Cookies\stinger@image.masterstats[2].txt

C:\Documents and Settings\stinger\Cookies\stinger@www.nationmultimedia[1].txt

C:\Documents and Settings\stinger\Cookies\stinger@valueclick[1].txt

C:\Documents and Settings\stinger\Cookies\stinger@kanal5[2].txt

C:\Documents and Settings\stinger\Cookies\stinger@clicktorrent[2].txt

C:\Documents and Settings\stinger\Cookies\stinger@ad.yieldmanager[1].txt

C:\Documents and Settings\stinger\Cookies\stinger@doubleclick[1].txt

C:\Documents and Settings\stinger\Cookies\stinger@sydkraft[1].txt

C:\Documents and Settings\stinger\Cookies\stinger@dist.belnk[2].txt

C:\Documents and Settings\stinger\Cookies\stinger@burstnet[1].txt

C:\Documents and Settings\stinger\Cookies\stinger@www.assworldsex[2].txt

C:\Documents and Settings\stinger\Cookies\stinger@windowsmedia[1].txt

C:\Documents and Settings\stinger\Cookies\stinger@stats.sbab[1].txt

C:\Documents and Settings\stinger\Cookies\stinger@tracker.affistats[1].txt

C:\Documents and Settings\stinger\Cookies\stinger@swe[1].txt

C:\Documents and Settings\stinger\Cookies\stinger@ad[2].txt

C:\Documents and Settings\stinger\Cookies\stinger@geo.precisionclick[1].txt

C:\Documents and Settings\stinger\Cookies\stinger@smileycentral[2].txt

C:\Documents and Settings\stinger\Cookies\stinger@track.emmy-style[1].txt

C:\Documents and Settings\stinger\Cookies\stinger@82763522[1].txt

C:\Documents and Settings\stinger\Cookies\stinger@partygaming.122.2o7[1].txt

C:\Documents and Settings\stinger\Cookies\stinger@adopt.hbmediapro[2].txt

C:\Documents and Settings\stinger\Cookies\stinger@xiti[1].txt

C:\Documents and Settings\stinger\Cookies\stinger@mediaplex[1].txt

C:\Documents and Settings\stinger\Cookies\stinger@cz3.clickzs[2].txt

C:\Documents and Settings\stinger\Cookies\stinger@ad.adocean[2].txt

C:\Documents and Settings\stinger\Cookies\stinger@tracking.sms[1].txt

C:\Documents and Settings\stinger\Cookies\stinger@asian[1].txt

C:\Documents and Settings\stinger\Cookies\stinger@usenext[1].txt

C:\Documents and Settings\stinger\Cookies\stinger@atdmt[2].txt

C:\Documents and Settings\stinger\Cookies\stinger@yadro[2].txt

C:\Documents and Settings\stinger\Cookies\stinger@mb[1].txt

C:\Documents and Settings\stinger\Cookies\stinger@www.asianesex[1].txt

C:\Documents and Settings\stinger\Cookies\stinger@ad-server.gulasidorna[2].txt

C:\Documents and Settings\stinger\Cookies\stinger@nationmultimedia[2].txt

C:\Documents and Settings\stinger\Cookies\stinger@default[1].txt

C:\Documents and Settings\stinger\Cookies\stinger@advertising[2].txt

C:\Documents and Settings\stinger\Cookies\stinger@kanal5[1].txt

C:\Documents and Settings\stinger\Cookies\stinger@ads.realcastmedia[1].txt

C:\Documents and Settings\stinger\Cookies\stinger@se[1].txt

C:\Documents and Settings\stinger\Cookies\stinger@tradedoubler[1].txt

C:\Documents and Settings\stinger\Cookies\stinger@adultfriendfinder[2].txt

C:\Documents and Settings\stinger\Cookies\stinger@superstats[2].txt

C:\Documents and Settings\stinger\Cookies\stinger@popularscreensavers[1].txt

C:\Documents and Settings\stinger\Cookies\stinger@atwola[2].txt

C:\Documents and Settings\stinger\Cookies\stinger@aa[2].txt

C:\Documents and Settings\stinger\Cookies\stinger@1071225766[2].txt

C:\Documents and Settings\stinger\Cookies\stinger@ads.realtechnetwork[2].txt

C:\Documents and Settings\stinger\Cookies\stinger@focalex[2].txt

C:\Documents and Settings\stinger\Cookies\stinger@bluestreak[2].txt

C:\Documents and Settings\stinger\Cookies\stinger@ehg-hollywoodmedia.hitbox[1].txt

C:\Documents and Settings\stinger\Cookies\stinger@ad1.clickhype[2].txt

C:\Documents and Settings\stinger\Cookies\stinger@europcar[1].txt

C:\Documents and Settings\stinger\Cookies\stinger@clickthai[2].txt

C:\Documents and Settings\stinger\Cookies\stinger@1068917223[1].txt

C:\Documents and Settings\stinger\Cookies\stinger@resaweb[1].txt

C:\Documents and Settings\stinger\Cookies\stinger@ads.technologyguide[1].txt

C:\Documents and Settings\stinger\Cookies\stinger@cgi-bin[5].txt

C:\Documents and Settings\stinger\Cookies\stinger@as1.falkag[2].txt

C:\Documents and Settings\stinger\Cookies\stinger@ads.tripod.spray[1].txt

C:\Documents and Settings\stinger\Cookies\stinger@www.paradisex[1].txt

C:\Documents and Settings\stinger\Cookies\stinger@partypoker[1].txt

C:\Documents and Settings\stinger\Cookies\stinger@ads.boats[2].txt

C:\Documents and Settings\stinger\Cookies\stinger@ads.monster[2].txt

C:\Documents and Settings\stinger\Cookies\stinger@c2.gostats[2].txt

C:\Documents and Settings\stinger\Cookies\stinger@rambler[2].txt

C:\Documents and Settings\stinger\Cookies\stinger@worldsexguide[2].txt

C:\Documents and Settings\stinger\Cookies\stinger@torget[1].txt

C:\Documents and Settings\stinger\Cookies\stinger@cgi-bin[2].txt

C:\Documents and Settings\stinger\Cookies\stinger@adinterax[1].txt

C:\Documents and Settings\stinger\Cookies\stinger@ipoint.targetpoint[2].txt

C:\Documents and Settings\stinger\Cookies\stinger@1069781216[1].txt

C:\Documents and Settings\stinger\Cookies\stinger@smiley.smileycentral[1].txt

C:\Documents and Settings\stinger\Cookies\stinger@ads.co[1].txt

C:\Documents and Settings\stinger\Cookies\stinger@internetadsales[1].txt

C:\Documents and Settings\stinger\Cookies\stinger@www.internetadsales[1].txt

C:\Documents and Settings\stinger\Cookies\stinger@85343133[1].txt

C:\Documents and Settings\stinger\Cookies\stinger@stats1.reliablestats[2].txt

C:\Documents and Settings\stinger\Cookies\stinger@adsrevenue[1].txt

C:\Documents and Settings\stinger\Cookies\stinger@www2.swebusexpress[1].txt

C:\Documents and Settings\stinger\Cookies\stinger@ad.zanox[2].txt

C:\Documents and Settings\stinger\Cookies\stinger@6837.luftgropmedia[1].txt

C:\Documents and Settings\stinger\Cookies\stinger@ads.planetactive[2].txt

C:\Documents and Settings\stinger\Cookies\stinger@cgi-bin[8].txt

C:\Documents and Settings\stinger\Cookies\stinger@interclick[2].txt

C:\Documents and Settings\stinger\Cookies\stinger@toplist[1].txt

C:\Documents and Settings\stinger\Cookies\stinger@serving-sys[2].txt

C:\Documents and Settings\stinger\Cookies\stinger@no[1].txt

C:\Documents and Settings\stinger\Cookies\stinger@ads.isupport[2].txt

C:\Documents and Settings\stinger\Cookies\stinger@43425925[1].txt

C:\Documents and Settings\stinger\Cookies\stinger@azjmp[1].txt

C:\Documents and Settings\stinger\Cookies\stinger@hitbox[2].txt

C:\Documents and Settings\stinger\Cookies\stinger@statcounter[2].txt

C:\Documents and Settings\stinger\Cookies\stinger@yourmedia[1].txt

C:\Documents and Settings\stinger\Cookies\stinger@ad.outerinfo[1].txt

C:\Documents and Settings\stinger\Cookies\stinger@mycounter.tinycounter[1].txt

C:\Documents and Settings\stinger\Cookies\stinger@www.pstats[1].txt

C:\Documents and Settings\stinger\Cookies\stinger@www.getcounters[1].txt

C:\Documents and Settings\stinger\Cookies\stinger@mb[2].txt

C:\Documents and Settings\stinger\Cookies\stinger@1068871941[2].txt

C:\Documents and Settings\stinger\Cookies\stinger@ac-banners[1].txt

C:\Documents and Settings\stinger\Cookies\stinger@campaign.indieclick[1].txt

C:\Documents and Settings\stinger\Cookies\stinger@kanoodle[1].txt

C:\Documents and Settings\stinger\Cookies\stinger@indextools[2].txt

C:\Documents and Settings\stinger\Cookies\stinger@stats.gondolen[1].txt

C:\Documents and Settings\stinger\Cookies\stinger@partner2profit[2].txt

C:\Documents and Settings\stinger\Cookies\stinger@serving.rpowermedia[1].txt

C:\Documents and Settings\stinger\Cookies\stinger@ads1.partnerlogic[1].txt

C:\Documents and Settings\stinger\Cookies\stinger@torget[2].txt

C:\Documents and Settings\stinger\Cookies\stinger@megastats[1].txt

C:\Documents and Settings\stinger\Cookies\stinger@cgi-bin[6].txt

C:\Documents and Settings\stinger\Cookies\stinger@tracking.notabenestats[1].txt

C:\Documents and Settings\stinger\Cookies\stinger@www.gameelite[2].txt

C:\Documents and Settings\stinger\Cookies\stinger@keywordelite[1].txt

C:\Documents and Settings\stinger\Cookies\stinger@mb[5].txt

C:\Documents and Settings\stinger\Cookies\stinger@new-pcp[1].txt

C:\Documents and Settings\stinger\Cookies\stinger@cpvfeed[3].txt

C:\Documents and Settings\stinger\Cookies\stinger@ads.digitalmedianet[1].txt

C:\Documents and Settings\stinger\Cookies\stinger@stats.eriks[1].txt

C:\Documents and Settings\stinger\Cookies\stinger@adult.dvdempire[2].txt

C:\Documents and Settings\stinger\Cookies\stinger@www.belstat[2].txt

C:\Documents and Settings\stinger\Cookies\stinger@winantivirus[2].txt

C:\Documents and Settings\stinger\Cookies\stinger@komtrack[2].txt

C:\Documents and Settings\stinger\Cookies\stinger@www.ac-banners[1].txt

C:\Documents and Settings\stinger\Cookies\stinger@webstat.yamaha[2].txt

C:\Documents and Settings\stinger\Cookies\stinger@counter.justindy[2].txt

C:\Documents and Settings\stinger\Cookies\stinger@netmediagroup[2].txt

C:\Documents and Settings\stinger\Cookies\stinger@se.winantivirus[1].txt

C:\Documents and Settings\stinger\Cookies\stinger@login.tracking101[1].txt

C:\Documents and Settings\stinger\Cookies\stinger@www.winantiviruspro[2].txt

C:\Documents and Settings\stinger\Cookies\stinger@86992609[1].txt

C:\Documents and Settings\stinger\Cookies\stinger@www.analsexporr[1].txt

C:\Documents and Settings\stinger\Cookies\stinger@mb[4].txt

C:\Documents and Settings\stinger\Cookies\stinger@33075875[2].txt

C:\Documents and Settings\stinger\Cookies\stinger@drivecleaner[3].txt

C:\Documents and Settings\stinger\Cookies\stinger@stats.drivecleaner[2].txt

C:\Documents and Settings\stinger\Cookies\stinger@gameelite.se.intellitxt[1].txt

C:\Documents and Settings\stinger\Cookies\stinger@84815040[1].txt

C:\Documents and Settings\stinger\Cookies\stinger@www.adbrite[2].txt

C:\Documents and Settings\stinger\Cookies\stinger@fastclick[2].txt

C:\Documents and Settings\stinger\Cookies\stinger@www.clickxchange[2].txt

C:\Documents and Settings\stinger\Cookies\stinger@gameelite[1].txt

C:\Documents and Settings\stinger\Cookies\stinger@www.burstnet[1].txt

C:\Documents and Settings\stinger\Cookies\stinger@se.drivecleaner[1].txt

C:\Documents and Settings\stinger\Cookies\stinger@postclicktracking[1].txt

C:\Documents and Settings\stinger\Cookies\stinger@e2.emediate[2].txt

C:\Documents and Settings\stinger\Cookies\stinger@bs.serving-sys[2].txt

C:\Documents and Settings\stinger\Cookies\stinger@247realmedia[1].txt

C:\Documents and Settings\stinger\Cookies\stinger@ad.yieldmanager[2].txt

C:\Documents and Settings\stinger\Cookies\stinger@cpvfeed[2].txt

C:\Documents and Settings\stinger\Cookies\stinger@yieldmanager[2].txt

 

Adware.ClickSpring/Yazzle

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yazzle1122Oin

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yazzle1122Oin#DisplayName

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yazzle1122Oin#UninstallString

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yazzle1122Oin#HelpLink

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yazzle1122Oin#Publisher

C:\PROGRAM\DELADE FILER\YAZZLE1122OINUNINSTALLER.EXE

C:\WINDOWS\PREFETCH\YAZZLE1122OINADMIN.EXE-06E7DA0E.PF

C:\WINDOWS\PREFETCH\YAZZLEBUNDLE-1122.EXE-3094B456.PF

 

Adware.ClickSpring/Outer Info Network

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Outerinfo

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Outerinfo#DisplayVersion

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Outerinfo#UninstallString

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Outerinfo#DisplayName

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Outerinfo#NoModify

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Outerinfo#NoRepair

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Outerinfo#DisplayIcon

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Outerinfo#HelpLink

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Outerinfo#Publisher

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Outerinfo#InstallLocation

C:\Program\Outerinfo\OiUninstaller.exe

C:\Program\Outerinfo\outerinfo.ico

C:\Program\Outerinfo\Terms.rtf

C:\Program\Outerinfo

C:\Documents and Settings\stinger\Start-meny\Program\Outerinfo\Terms.lnk

C:\Documents and Settings\stinger\Start-meny\Program\Outerinfo\Uninstall.lnk

C:\Documents and Settings\stinger\Start-meny\Program\Outerinfo

 

Trojan.Svchosts

HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CLIENT_IP-IPX

HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CLIENT_IP-IPX#NextInstance

HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CLIENT_IP-IPX\0000

HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CLIENT_IP-IPX\0000#Service

HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CLIENT_IP-IPX\0000#Legacy

HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CLIENT_IP-IPX\0000#ConfigFlags

HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CLIENT_IP-IPX\0000#Class

HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CLIENT_IP-IPX\0000#ClassGUID

HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CLIENT_IP-IPX\0000#DeviceDesc

HKLM\SYSTEM\CurrentControlSet\Services\Client IP-IPX

HKLM\SYSTEM\CurrentControlSet\Services\Client IP-IPX#Type

HKLM\SYSTEM\CurrentControlSet\Services\Client IP-IPX#Start

HKLM\SYSTEM\CurrentControlSet\Services\Client IP-IPX#ErrorControl

HKLM\SYSTEM\CurrentControlSet\Services\Client IP-IPX#ImagePath

HKLM\SYSTEM\CurrentControlSet\Services\Client IP-IPX#DisplayName

HKLM\SYSTEM\CurrentControlSet\Services\Client IP-IPX#ObjectName

HKLM\SYSTEM\CurrentControlSet\Services\Client IP-IPX\Security

HKLM\SYSTEM\CurrentControlSet\Services\Client IP-IPX\Security#Security

HKLM\SYSTEM\CurrentControlSet\Services\Client IP-IPX\Enum

HKLM\SYSTEM\CurrentControlSet\Services\Client IP-IPX\Enum#0

HKLM\SYSTEM\CurrentControlSet\Services\Client IP-IPX\Enum#Count

HKLM\SYSTEM\CurrentControlSet\Services\Client IP-IPX\Enum#NextInstance

 

Trojan.WinAntiSpyware/WinAntiVirus 2006

C:\DOCUMENTS AND SETTINGS\STINGER\APPLICATION DATA\WINANTIVIRUSPRO2007FREEINSTALL[1].EXE

C:\DOCUMENTS AND SETTINGS\STINGER\LOKALA INSTäLLNINGAR\TEMPORARY INTERNET FILES\CONTENT.IE5\SZ17Q231\WINANTIVIRUSPRO2007FREEINSTALL[1].EXE

C:\WINDOWS\Prefetch\WINANTIVIRUSPRO2007FREEINSTAL-32E0B154.pf

 

Unclassified.Unknown Origin/System

C:\DOCUMENTS AND SETTINGS\STINGER\LOKALA INSTäLLNINGAR\TEMP\B116.EXE

 

Trojan.Downloader-Gen/Installer

C:\DOCUMENTS AND SETTINGS\STINGER\LOKALA INSTäLLNINGAR\TEMP\B122.EXE

 

Trojan.ErrorSafe

C:\DOCUMENTS AND SETTINGS\STINGER\LOKALA INSTäLLNINGAR\TEMPORARY INTERNET FILES\CONTENT.IE5\DSLS1Z6Y\ERRORSAFEFREEINSTALL_SE[1].EXE

 

Browser Hijacker.Favorites

C:\DOCUMENTS AND SETTINGS\STINGER\SKRIVBORD\CLICK TO FIND AND FIX ERRORS.URL

 

Adware.Toolbar888

C:\PROGRAM\DELADE FILER\{307E77DC-0A34-1053-0531-05041304002E}\BAR888.DLL

 

Trojan.Unknown Origin

C:\WINDOWS\SYSTEM32\WNSINTSU32.EXE

 

Trace.Known Threat Sources

C:\Documents and Settings\stinger\Lokala inställningar\Temporary Internet Files\Content.IE5\F6KJ7XS9\close[1].gif

C:\Documents and Settings\stinger\Lokala inställningar\Temporary Internet Files\Content.IE5\DSLS1Z6Y\1x1[1].gif

C:\Documents and Settings\stinger\Lokala inställningar\Temporary Internet Files\Content.IE5\FI4NVXC1\CACPA7SD.htm

C:\Documents and Settings\stinger\Lokala inställningar\Temporary Internet Files\Content.IE5\DSB3Z9W0\functions.js[1].htm

C:\Documents and Settings\stinger\Lokala inställningar\Temporary Internet Files\Content.IE5\ZZTDD9LY\styles[2].css

C:\Documents and Settings\stinger\Lokala inställningar\Temporary Internet Files\Content.IE5\2LT2RM18\top_pic_new[1].gif

C:\Documents and Settings\stinger\Lokala inställningar\Temporary Internet Files\Content.IE5\DRRZ91WE\ico5[1].gif

C:\Documents and Settings\stinger\Lokala inställningar\Temporary Internet Files\Content.IE5\2LT2RM18\functions.js[2].htm

C:\Documents and Settings\stinger\Lokala inställningar\Temporary Internet Files\Content.IE5\FI4NVXC1\CA8SGY9Z.htm

C:\Documents and Settings\stinger\Lokala inställningar\Temporary Internet Files\Content.IE5\FI4NVXC1\ico3[1].gif

C:\Documents and Settings\stinger\Lokala inställningar\Temporary Internet Files\Content.IE5\6P1EJQL8\ico4[1].gif

C:\Documents and Settings\stinger\Lokala inställningar\Temporary Internet Files\Content.IE5\ZZTDD9LY\index[1].htm

C:\Documents and Settings\stinger\Lokala inställningar\Temporary Internet Files\Content.IE5\O123GHIJ\styles[2].css

C:\Documents and Settings\stinger\Lokala inställningar\Temporary Internet Files\Content.IE5\FI4NVXC1\download2[1].htm

C:\Documents and Settings\stinger\Lokala inställningar\Temporary Internet Files\Content.IE5\SZ17Q231\top1[1].gif

C:\Documents and Settings\stinger\Lokala inställningar\Temporary Internet Files\Content.IE5\2LT2RM18\bar[1].gif

C:\Documents and Settings\stinger\Lokala inställningar\Temporary Internet Files\Content.IE5\ZZTDD9LY\logo[4].gif

C:\Documents and Settings\stinger\Lokala inställningar\Temporary Internet Files\Content.IE5\9NVBLL02\ico2[1].gif

C:\Documents and Settings\stinger\Lokala inställningar\Temporary Internet Files\Content.IE5\F6KJ7XS9\index[8].htm

C:\Documents and Settings\stinger\Lokala inställningar\Temporary Internet Files\Content.IE5\2LT2RM18\arrow[2].gif

C:\Documents and Settings\stinger\Lokala inställningar\Temporary Internet Files\Content.IE5\O1QRSHU7\errorsafe_banner[1].swf

C:\Documents and Settings\stinger\Lokala inställningar\Temporary Internet Files\Content.IE5\9NVBLL02\background[1].gif

C:\Documents and Settings\stinger\Lokala inställningar\Temporary Internet Files\Content.IE5\O1QRSHU7\spacer[3].gif

C:\Documents and Settings\stinger\Lokala inställningar\Temporary Internet Files\Content.IE5\F6KJ7XS9\index[5].htm

C:\Documents and Settings\stinger\Lokala inställningar\Temporary Internet Files\Content.IE5\7JLEEU7N\index[2].htm

C:\Documents and Settings\stinger\Lokala inställningar\Temporary Internet Files\Content.IE5\6P1EJQL8\top_pic2[1].gif

C:\Documents and Settings\stinger\Lokala inställningar\Temporary Internet Files\Content.IE5\6P1EJQL8\tracking[1].js

C:\Documents and Settings\stinger\Lokala inställningar\Temporary Internet Files\Content.IE5\9NVBLL02\download2[1].htm

C:\Documents and Settings\stinger\Lokala inställningar\Temporary Internet Files\Content.IE5\FI4NVXC1\checksoft[1].js

C:\Documents and Settings\stinger\Lokala inställningar\Temporary Internet Files\Content.IE5\FI4NVXC1\campaigns7[1].encrypted

C:\Documents and Settings\stinger\Lokala inställningar\Temporary Internet Files\Content.IE5\8NTBYYF9\client_settings_3[1].bin

C:\Documents and Settings\stinger\Lokala inställningar\Temporary Internet Files\Content.IE5\KXYBCDQ3\button2[1].gif

C:\Documents and Settings\stinger\Lokala inställningar\Temporary Internet Files\Content.IE5\KXYBCDQ3\top1[1].gif

C:\Documents and Settings\stinger\Lokala inställningar\Temporary Internet Files\Content.IE5\SZ17Q231\index[4].htm

C:\Documents and Settings\stinger\Lokala inställningar\Temporary Internet Files\Content.IE5\9NVBLL02\ico2[2].gif

C:\Documents and Settings\stinger\Lokala inställningar\Temporary Internet Files\Content.IE5\SZ17Q231\waw_demolish[1].gif

C:\Documents and Settings\stinger\Lokala inställningar\Temporary Internet Files\Content.IE5\DSB3Z9W0\top1_menu[1].gif

C:\Documents and Settings\stinger\Lokala inställningar\Temporary Internet Files\Content.IE5\DSLS1Z6Y\logo[1].gif

C:\Documents and Settings\stinger\Lokala inställningar\Temporary Internet Files\Content.IE5\ZZTDD9LY\box1[1].png

C:\Documents and Settings\stinger\Lokala inställningar\Temporary Internet Files\Content.IE5\DRRZ91WE\122[1].net

C:\Documents and Settings\stinger\Lokala inställningar\Temporary Internet Files\Content.IE5\DSLS1Z6Y\download2[2].htm

C:\Documents and Settings\stinger\Lokala inställningar\Temporary Internet Files\Content.IE5\F6KJ7XS9\ico1[1].gif

C:\Documents and Settings\stinger\Lokala inställningar\Temporary Internet Files\Content.IE5\2LT2RM18\wtd[1].htm

C:\Documents and Settings\stinger\Lokala inställningar\Temporary Internet Files\Content.IE5\O1QRSHU7\h_text[1].gif

C:\Documents and Settings\stinger\Lokala inställningar\Temporary Internet Files\Content.IE5\DRRZ91WE\antiviru[1].gif

C:\Documents and Settings\stinger\Lokala inställningar\Temporary Internet Files\Content.IE5\DRRZ91WE\pic3[1].gif

C:\Documents and Settings\stinger\Lokala inställningar\Temporary Internet Files\Content.IE5\8NTBYYF9\link_bg[1].gif

C:\Documents and Settings\stinger\Lokala inställningar\Temporary Internet Files\Content.IE5\DSLS1Z6Y\box3[1].png

C:\Documents and Settings\stinger\Lokala inställningar\Temporary Internet Files\Content.IE5\O123GHIJ\2006[1].htm

C:\Documents and Settings\stinger\Lokala inställningar\Temporary Internet Files\Content.IE5\FI4NVXC1\pic2[1].gif

C:\Documents and Settings\stinger\Lokala inställningar\Temporary Internet Files\Content.IE5\KXYBCDQ3\fearight[1].jpg

C:\Documents and Settings\stinger\Lokala inställningar\Temporary Internet Files\Content.IE5\F6KJ7XS9\box4[1].png

C:\Documents and Settings\stinger\Lokala inställningar\Temporary Internet Files\Content.IE5\O123GHIJ\spacer[1].gif

C:\Documents and Settings\stinger\Lokala inställningar\Temporary Internet Files\Content.IE5\2LT2RM18\shadow_bg1[1].gif

C:\Documents and Settings\stinger\Lokala inställningar\Temporary Internet Files\Content.IE5\8NTBYYF9\pic1[1].gif

C:\Documents and Settings\stinger\Lokala inställningar\Temporary Internet Files\Content.IE5\DSB3Z9W0\box2[1].png

C:\Documents and Settings\stinger\Lokala inställningar\Temporary Internet Files\Content.IE5\DRRZ91WE\topbox_bg[1].gif

C:\Documents and Settings\stinger\Lokala inställningar\Temporary Internet Files\Content.IE5\ZZTDD9LY\bt_download4[1].gif

C:\Documents and Settings\stinger\Lokala inställningar\Temporary Internet Files\Content.IE5\6P1EJQL8\list[1].gif

C:\Documents and Settings\stinger\Lokala inställningar\Temporary Internet Files\Content.IE5\DSB3Z9W0\boxh_bg[1].gif

C:\Documents and Settings\stinger\Lokala inställningar\Temporary Internet Files\Content.IE5\KXYBCDQ3\winxp[1].gif

C:\Documents and Settings\stinger\Lokala inställningar\Temporary Internet Files\Content.IE5\O1QRSHU7\info_bg[1].gif

C:\Documents and Settings\stinger\Lokala inställningar\Temporary Internet Files\Content.IE5\F6KJ7XS9\shadow_bg[1].gif

C:\Documents and Settings\stinger\Lokala inställningar\Temporary Internet Files\Content.IE5\9NVBLL02\4in1[1].gif

C:\Documents and Settings\stinger\Lokala inställningar\Temporary Internet Files\Content.IE5\6P1EJQL8\menu_bg[1].gif

C:\Documents and Settings\stinger\Lokala inställningar\Temporary Internet Files\Content.IE5\6P1EJQL8\not[1].gif

C:\Documents and Settings\stinger\Lokala inställningar\Temporary Internet Files\Content.IE5\DSLS1Z6Y\small1[1].gif

C:\Documents and Settings\stinger\Lokala inställningar\Temporary Internet Files\Content.IE5\SZ17Q231\bottom_bg[1].gif

C:\Documents and Settings\stinger\Lokala inställningar\Temporary Internet Files\Content.IE5\ZZTDD9LY\CADSCZ9X.htm

C:\Documents and Settings\stinger\Lokala inställningar\Temporary Internet Files\Content.IE5\DSB3Z9W0\body_bg[1].gif

C:\Documents and Settings\stinger\Lokala inställningar\Temporary Internet Files\Content.IE5\KXYBCDQ3\bt_download2[1].gif

C:\Documents and Settings\stinger\Lokala inställningar\Temporary Internet Files\Content.IE5\FI4NVXC1\header_bg[1].gif

C:\Documents and Settings\stinger\Lokala inställningar\Temporary Internet Files\Content.IE5\6P1EJQL8\mac[1].gif

C:\Documents and Settings\stinger\Lokala inställningar\Temporary Internet Files\Content.IE5\8NTBYYF9\int_bg[1].gif

C:\Documents and Settings\stinger\Lokala inställningar\Temporary Internet Files\Content.IE5\G5U7K9AB\pic4[1].gif

C:\Documents and Settings\stinger\Lokala inställningar\Temporary Internet Files\Content.IE5\2LT2RM18\dot[1].gif

C:\Documents and Settings\stinger\Lokala inställningar\Temporary Internet Files\Content.IE5\7JLEEU7N\corner[1].gif

C:\Documents and Settings\stinger\Lokala inställningar\Temporary Internet Files\Content.IE5\6P1EJQL8\main_box[1].gif

C:\Documents and Settings\stinger\Lokala inställningar\Temporary Internet Files\Content.IE5\F6KJ7XS9\small2[1].gif

C:\Documents and Settings\stinger\Lokala inställningar\Temporary Internet Files\Content.IE5\FI4NVXC1\yes[1].gif

C:\Documents and Settings\stinger\Lokala inställningar\Temporary Internet Files\Content.IE5\G5U7K9AB\four_plus_one[1].gif

C:\Documents and Settings\stinger\Lokala inställningar\Temporary Internet Files\Content.IE5\FI4NVXC1\CA9OC755.htm

C:\Documents and Settings\stinger\Lokala inställningar\Temporary Internet Files\Content.IE5\7JLEEU7N\CAC9YHTI.htm

C:\Documents and Settings\stinger\Lokala inställningar\Temporary Internet Files\Content.IE5\6P1EJQL8\CATKYH13.htm

C:\Documents and Settings\stinger\Lokala inställningar\Temporary Internet Files\Content.IE5\SZ17Q231\CAMFUREX.htm

C:\Documents and Settings\stinger\Lokala inställningar\Temporary Internet Files\Content.IE5\2LT2RM18\index[4].htm

C:\Documents and Settings\stinger\Lokala inställningar\Temporary Internet Files\Content.IE5\O1QRSHU7\arrow[1].gif

C:\Documents and Settings\stinger\Lokala inställningar\Temporary Internet Files\Content.IE5\9NVBLL02\CASHID1E.htm

C:\Documents and Settings\stinger\Lokala inställningar\Temporary Internet Files\Content.IE5\O123GHIJ\bt_download31[1].gif

C:\Documents and Settings\stinger\Lokala inställningar\Temporary Internet Files\Content.IE5\2LT2RM18\small3[1].gif

C:\Documents and Settings\stinger\Lokala inställningar\Temporary Internet Files\Content.IE5\G5U7K9AB\bg_ban[1].jpg

 

 

 

Link to comment
Share on other sites

corneliu99

 

Logg SDFIX

 

Authorized Application Key Export:

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"C:\\Program\\Messenger\\msmsgs.exe"="C:\\Program\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"

"C:\\Program\\ICQLite\\ICQLite.exe"="C:\\Program\\ICQLite\\ICQLite.exe:*:Enabled:ICQ Lite"

"C:\\Program\\iTunes\\iTunes.exe"="C:\\Program\\iTunes\\iTunes.exe:*:Enabled:iTunes"

"C:\\Program\\uTorrent\\utorrent.exe"="C:\\Program\\uTorrent\\utorrent.exe:*:Enabled:µTorrent"

"C:\\Program\\MSN Messenger\\msnmsgr.exe"="C:\\Program\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"

"C:\\Program\\MSN Messenger\\livecall.exe"="C:\\Program\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

 

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"C:\\Program\\MSN Messenger\\msnmsgr.exe"="C:\\Program\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"

"C:\\Program\\MSN Messenger\\livecall.exe"="C:\\Program\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

 

 

Remaining Files:

---------------

 

Backups Folder: - C:\SDFix\backups\backups.zip

 

Checking For Files with Hidden Attributes:

 

C:\Program\Canon\Canon Setup Utility 2.0\uinstrsc.dll

C:\Program\Canon\Canon Setup Utility 2.0\Maint.exe

C:\WINDOWS\system32\KGyGaAvL.sys

C:\bilder\Ny†r 2004\SIVC.tmp

C:\Documents and Settings\stinger\Application Data\Microsoft\Word\~WRL2201.tmp

C:\WINDOWS\system32\mmllm.tmp

C:\WINDOWS\system32\OLD9B.tmp

 

Finished

 

 

Link to comment
Share on other sites

corneliu99

Logfile of HijackThis v1.99.1

Scan saved at 10:15:57, on 2007-05-02

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program\Delade filer\Acronis\Schedule2\schedul2.exe

C:\Program\SYMANT~1\SYMANT~1\DefWatch.exe

C:\Program\Executive Software\Diskeeper\DkService.exe

C:\Program\Delade filer\Microsoft Shared\VS7Debug\mdm.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\Program\SYMANT~1\SYMANT~1\Rtvscan.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\WgaTray.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\system32\notepad.exe

C:\Program\NVIDIA Corporation\NvMixer\NVMixerTray.exe

C:\Program\ATI Technologies\ATI Control Panel\atiptaxx.exe

C:\Program\Microsoft IntelliPoint\point32.exe

C:\Program\SYMANT~1\SYMANT~1\vptray.exe

C:\WINDOWS\system32\iid.exe

C:\WINDOWS\System32\svchost.exe

C:\Program\Macrogaming\SweetIM\SweetIM.exe

C:\Program\Java\jre1.5.0_11\bin\jusched.exe

C:\Program\ScanSoft\OmniPageSE\opware32.exe

C:\Program\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe

C:\Program\Acronis\TrueImageHome\TrueImageMonitor.exe

C:\Program\Acronis\TrueImageHome\TimounterMonitor.exe

C:\Program\Delade filer\Acronis\Schedule2\schedhlp.exe

C:\Program\CyberLink\PowerDVD\PDVDServ.exe

C:\Program\QuickTime\qttask.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program\Messenger\msmsgs.exe

C:\Program\SUPERAntiSpyware\SUPERAntiSpyware.exe

C:\Program\Adobe\Acrobat 7.0\Reader\reader_sl.exe

C:\Program\D-Link\D-Link AirPlus G+ Wireless Adapter Utility\DWLGTI.EXE

C:\Program\Microsoft Office\OFFICE11\WINWORD.EXE

C:\Program\Internet Explorer\iexplore.exe

C:\Program\Delade filer\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\Program\Hijackthis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.copi.se/

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar

R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program\Macrogaming\SweetIMBarForIE\toolbar.dll

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\Program\Macrogaming\SweetIMBarForIE\toolbar.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program\Java\jre1.5.0_11\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: (no name) - {80440127-2315-4464-88B9-7ACB72F43ADB} - (no file)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program\Delade filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: (no name) - {A8C7FFEB-D25C-4454-950B-FB942B858BC9} - (no file)

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)

O2 - BHO: (no name) - {D651AFF4-9590-424d-BD1E-8E33E090DFB3} - (no file)

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)

O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program\Macrogaming\SweetIMBarForIE\toolbar.dll

O4 - HKLM\..\Run: [NVMixerTray] "C:\Program\NVIDIA Corporation\NvMixer\NVMixerTray.exe"

O4 - HKLM\..\Run: [NVIDIA nTune] "C:\Program\NVIDIA Corporation\nTune\\nTune.exe" clear

O4 - HKLM\..\Run: [PCLEPCI] C:\Program\PINNAC~1\PPE\PPE.EXE

O4 - HKLM\..\Run: [ATIPTA] C:\Program\ATI Technologies\ATI Control Panel\atiptaxx.exe

O4 - HKLM\..\Run: [intelliPoint] "C:\Program\Microsoft IntelliPoint\point32.exe"

O4 - HKLM\..\Run: [vptray] C:\Program\SYMANT~1\SYMANT~1\vptray.exe

O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon

O4 - HKLM\..\Run: [Net iD] C:\WINDOWS\system32\iid.exe

O4 - HKLM\..\Run: [sweetIM] C:\Program\Macrogaming\SweetIM\SweetIM.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program\Java\jre1.5.0_11\bin\jusched.exe"

O4 - HKLM\..\Run: [Omnipage] C:\Program\ScanSoft\OmniPageSE\opware32.exe

O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program\Executive Software\Diskeeper\DkIcon.exe"

O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"

O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program\Acronis\TrueImageHome\TrueImageMonitor.exe

O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program\Acronis\TrueImageHome\TimounterMonitor.exe

O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program\Delade filer\Acronis\Schedule2\schedhlp.exe"

O4 - HKLM\..\Run: [RemoteControl] C:\Program\CyberLink\PowerDVD\PDVDServ.exe

O4 - HKLM\..\Run: [PrintDrive] rundll32.exe "C:\WINDOWS\system32\txndohqq.dll",setvm

O4 - HKLM\..\Run: [infoData] rundll32.exe "C:\WINDOWS\system32\xjgmkaet.dll",realset

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe" -atboottime

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Program\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [sweetIM] C:\Program\Macrogaming\SweetIM\SweetIM.exe

O4 - HKCU\..\Run: [updateMgr] "C:\Program\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1

O4 - HKCU\..\Run: [Okkfs] C:\Program\??crosoft.NET\d?dplay.exe

O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program\SUPERAntiSpyware\SUPERAntiSpyware.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: D-Link AirPlus G+ Wireless Adapter Utility.lnk = C:\Program\D-Link\D-Link AirPlus G+ Wireless Adapter Utility\DWLGTI.EXE

O4 - Global Startup: Microsoft Office.lnk = C:\Program\Microsoft Office\Office10\OSA.EXE

O8 - Extra context menu item: &Google Search - res://C:\Program\Google\GoogleToolbar1.dll/cmsearch.html

O8 - Extra context menu item: Backward &Links - res://C:\Program\Google\GoogleToolbar1.dll/cmbacklinks.html

O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program\Google\GoogleToolbar1.dll/cmcache.html

O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~2\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Si&milar Pages - res://C:\Program\Google\GoogleToolbar1.dll/cmsimilar.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_11\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_11\bin\ssv.dll

O9 - Extra button: Referensinformation - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program\ICQLite\ICQLite.exe

O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program\ICQLite\ICQLite.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O15 - Trusted Zone: *.sf-anytime.com

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {5BF56AD2-E297-416E-BC49-000004010011} - https://cve.trust.telia.com/TeliaElegUpgrade/iidsetup.cab

O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - http://support.f-secure.com/ols/fscax.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{3C48B3B1-E502-470C-83C4-73A7EC329671}: NameServer = 192.168.100.1

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program\MSNMES~1\MSGRAP~1.DLL

O20 - Winlogon Notify: !SASWinLogon - C:\Program\SUPERAntiSpyware\SASWINLO.dll

O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program\Delade filer\Acronis\Schedule2\schedul2.exe

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program\Delade filer\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: DefWatch - Symantec Corporation - C:\Program\SYMANT~1\SYMANT~1\DefWatch.exe

O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program\Executive Software\Diskeeper\DkService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program\Delade filer\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPodService - Apple Computer, Inc. - C:\Program\iPod\bin\iPodService.exe

O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program\SYMANT~1\SYMANT~1\Rtvscan.exe

 

 

 

 

Link to comment
Share on other sites

det är lite kvar, gör en ny scan med hjt och bocka för dessa

 

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: (no name) - {80440127-2315-4464-88B9-7ACB72F43ADB} - (no file)

 

O2 - BHO: (no name) - {A8C7FFEB-D25C-4454-950B-FB942B858BC9} - (no file)

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)

O2 - BHO: (no name) - {D651AFF4-9590-424d-BD1E-8E33E090DFB3} - (no file)

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)

 

O4 - HKLM\..\Run: [PrintDrive] rundll32.exe "C:\WINDOWS\system32\txndohqq.dll",setvm

O4 - HKLM\..\Run: [infoData] rundll32.exe "C:\WINDOWS\system32\xjgmkaet.dll",realset

 

O4 - HKCU\..\Run: [Okkfs] C:\Program\??crosoft.NET\d?dplay.exe

 

klicka på knappen fix checked.

starta om i felsäkert läge och ta bort

C:\WINDOWS\system32\mmllm.tmp

C:\WINDOWS\system32\OLD9B.tmp

C:\WINDOWS\system32\txndohqq.dll

C:\WINDOWS\system32\xjgmkaet.dll

C:\Program\??crosoft.NET

 

jag är inte helt säker på om det här är en ok fil eller inte så kolla egenskaper på filen, välj fliken version så kanske du hittar någon vettig info

C:\WINDOWS\system32\OLD9B.tmp

 

posta en ny HJT logg

 

[inlägget ändrat 2007-05-02 11:19:09 av 927]

Link to comment
Share on other sites

corneliu99

OK, men filerna finns inte. bifogar loggen.

Tack för att du gjorde dig så mycket besvär. Hoppas att det funkar nu.

//corneliu

 

 

Logfile of HijackThis v1.99.1

Scan saved at 13:01:07, on 2007-05-02

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program\Delade filer\Acronis\Schedule2\schedul2.exe

C:\Program\SYMANT~1\SYMANT~1\DefWatch.exe

C:\Program\Executive Software\Diskeeper\DkService.exe

C:\Program\Delade filer\Microsoft Shared\VS7Debug\mdm.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\Program\SYMANT~1\SYMANT~1\Rtvscan.exe

C:\Program\NVIDIA Corporation\NvMixer\NVMixerTray.exe

C:\Program\ATI Technologies\ATI Control Panel\atiptaxx.exe

C:\Program\Microsoft IntelliPoint\point32.exe

C:\Program\SYMANT~1\SYMANT~1\vptray.exe

C:\WINDOWS\system32\iid.exe

C:\Program\Macrogaming\SweetIM\SweetIM.exe

C:\Program\Java\jre1.5.0_11\bin\jusched.exe

C:\Program\ScanSoft\OmniPageSE\opware32.exe

C:\Program\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe

C:\Program\Acronis\TrueImageHome\TrueImageMonitor.exe

C:\Program\Acronis\TrueImageHome\TimounterMonitor.exe

C:\Program\Delade filer\Acronis\Schedule2\schedhlp.exe

C:\Program\CyberLink\PowerDVD\PDVDServ.exe

C:\Program\QuickTime\qttask.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program\Messenger\msmsgs.exe

C:\Program\SUPERAntiSpyware\SUPERAntiSpyware.exe

C:\Program\Adobe\Acrobat 7.0\Reader\reader_sl.exe

C:\Program\D-Link\D-Link AirPlus G+ Wireless Adapter Utility\DWLGTI.EXE

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\WgaTray.exe

C:\WINDOWS\System32\svchost.exe

C:\Program\Hijackthis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.copi.se/

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar

R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program\Macrogaming\SweetIMBarForIE\toolbar.dll

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\Program\Macrogaming\SweetIMBarForIE\toolbar.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program\Java\jre1.5.0_11\bin\ssv.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program\Delade filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program\Macrogaming\SweetIMBarForIE\toolbar.dll

O4 - HKLM\..\Run: [NVMixerTray] "C:\Program\NVIDIA Corporation\NvMixer\NVMixerTray.exe"

O4 - HKLM\..\Run: [NVIDIA nTune] "C:\Program\NVIDIA Corporation\nTune\\nTune.exe" clear

O4 - HKLM\..\Run: [PCLEPCI] C:\Program\PINNAC~1\PPE\PPE.EXE

O4 - HKLM\..\Run: [ATIPTA] C:\Program\ATI Technologies\ATI Control Panel\atiptaxx.exe

O4 - HKLM\..\Run: [intelliPoint] "C:\Program\Microsoft IntelliPoint\point32.exe"

O4 - HKLM\..\Run: [vptray] C:\Program\SYMANT~1\SYMANT~1\vptray.exe

O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon

O4 - HKLM\..\Run: [Net iD] C:\WINDOWS\system32\iid.exe

O4 - HKLM\..\Run: [sweetIM] C:\Program\Macrogaming\SweetIM\SweetIM.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program\Java\jre1.5.0_11\bin\jusched.exe"

O4 - HKLM\..\Run: [Omnipage] C:\Program\ScanSoft\OmniPageSE\opware32.exe

O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program\Executive Software\Diskeeper\DkIcon.exe"

O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"

O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program\Acronis\TrueImageHome\TrueImageMonitor.exe

O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program\Acronis\TrueImageHome\TimounterMonitor.exe

O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program\Delade filer\Acronis\Schedule2\schedhlp.exe"

O4 - HKLM\..\Run: [RemoteControl] C:\Program\CyberLink\PowerDVD\PDVDServ.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe" -atboottime

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Program\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [sweetIM] C:\Program\Macrogaming\SweetIM\SweetIM.exe

O4 - HKCU\..\Run: [updateMgr] "C:\Program\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1

O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program\SUPERAntiSpyware\SUPERAntiSpyware.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: D-Link AirPlus G+ Wireless Adapter Utility.lnk = C:\Program\D-Link\D-Link AirPlus G+ Wireless Adapter Utility\DWLGTI.EXE

O4 - Global Startup: Microsoft Office.lnk = C:\Program\Microsoft Office\Office10\OSA.EXE

O8 - Extra context menu item: &Google Search - res://C:\Program\Google\GoogleToolbar1.dll/cmsearch.html

O8 - Extra context menu item: Backward &Links - res://C:\Program\Google\GoogleToolbar1.dll/cmbacklinks.html

O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program\Google\GoogleToolbar1.dll/cmcache.html

O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~2\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Si&milar Pages - res://C:\Program\Google\GoogleToolbar1.dll/cmsimilar.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_11\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_11\bin\ssv.dll

O9 - Extra button: Referensinformation - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program\ICQLite\ICQLite.exe

O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program\ICQLite\ICQLite.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O15 - Trusted Zone: *.sf-anytime.com

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {5BF56AD2-E297-416E-BC49-000004010011} - https://cve.trust.telia.com/TeliaElegUpgrade/iidsetup.cab

O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - http://support.f-secure.com/ols/fscax.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{3C48B3B1-E502-470C-83C4-73A7EC329671}: NameServer = 192.168.100.1

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program\MSNMES~1\MSGRAP~1.DLL

O20 - Winlogon Notify: !SASWinLogon - C:\Program\SUPERAntiSpyware\SASWINLO.dll

O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program\Delade filer\Acronis\Schedule2\schedul2.exe

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program\Delade filer\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: DefWatch - Symantec Corporation - C:\Program\SYMANT~1\SYMANT~1\DefWatch.exe

O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program\Executive Software\Diskeeper\DkService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program\Delade filer\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPodService - Apple Computer, Inc. - C:\Program\iPod\bin\iPodService.exe

O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program\SYMANT~1\SYMANT~1\Rtvscan.exe

 

 

 

 

Link to comment
Share on other sites

fanns ingen av filerna jag skrev?

det är ju isf märkligt

 

kör smitfraudfix, den här gången väljer du #2

 

uppdatera javan och avinstallera den nuvarande.

sen har du många program startar med windows, du kan ju kolla upp det

 

[inlägget ändrat 2007-05-02 13:39:00 av 927]

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.



×
×
  • Create New...