Kan inte rensa virus

30 april, 2007

Hej, Jag tycks har fått in ett virus i datorn, 'adklicker' som Symantec inte kan rensa. Dessutom får jag var och varannan minut ett pop up fönster med reklam för virusprogram, pokerspel m m. Hur tusan ska bli av med skärpet? Har kört Adware också men utan framgång. Är enda möjligheten att formattera och instalera allt på nytt? Till råga på allt påstår Microsoft att min XP är en illegal kopia!

30 april, 2007

adaware kan du kasta ut!

spara denna fil på skrivbordet.

http://www.thespykiller.co.uk/files/HJTsetup.exe

dubbelklicka på filen >installera >när HJT öppnas klicka på "do a system scan and save logfile" >posta den loggen

hämta denna fil >spara den på skrivbordet.

http://siri.urz.free.fr/Fix/SmitfraudFix.exe

dubbelklicka på exe filen >välj tillåt om brandväggen frågar >klicka på valfri tangent >skriv 1 >enter.

posta loggen som visas automatiskt

[inlägget ändrat 2007-04-30 11:06:44 av 927]

30 april, 2007

Hej

adaware kan du kasta ut!

*LER*

En som jag även kör med Ad-Awere och Spy-Bot är AVG anti spy-Ware som JAG tycker är Bra!

Sen så finns det en uppsjö av sådana program på exvis: http://www.download.com/Security-Spyware/2001-2023_4-0.html?tag=dir

Men jag håller dock inte med 927 i hans tycke OM Ad-Aware då denna hittar vissa som dock inte andra hittar!

Men det är som jag tycker!

Teori är när man vet allt och ingenting fungerar.

Teori och praktik förenas när ingenting fungerar och ingen vet varför

AMD939 2,25Ghz,2x512Mb i Dual 800Mhz,s-ata 400+160Gb+80Gb Extern,Nvidia PCI-E 7600GT

30 april, 2007

"Sen så finns det en uppsjö av sådana program på exvis:"

Fast det gäller ju att veta vad som är vettigt att ha. AVG Anti-Spyware och SUPERAntiSpyware verkar väl vara de gratis antispionprogram som har haft bäst effekt sista året.

1 Maj, 2007

Loggen:

Logfile of HijackThis v1.99.1

Scan saved at 22:07:29, on 2007-05-01

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program\Delade filer\Acronis\Schedule2\schedul2.exe

C:\Program\SYMANT~1\SYMANT~1\DefWatch.exe

C:\Program\Executive Software\Diskeeper\DkService.exe

C:\Program\Delade filer\Microsoft Shared\VS7Debug\mdm.exe

C:\Program\SYMANT~1\SYMANT~1\Rtvscan.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\Program\NVIDIA Corporation\NvMixer\NVMixerTray.exe

C:\Program\ATI Technologies\ATI Control Panel\atiptaxx.exe

C:\Program\Microsoft IntelliPoint\point32.exe

C:\Program\SYMANT~1\SYMANT~1\vptray.exe

C:\WINDOWS\system32\iid.exe

C:\Program\Macrogaming\SweetIM\SweetIM.exe

C:\Program\Java\jre1.5.0_11\bin\jusched.exe

C:\Program\ScanSoft\OmniPageSE\opware32.exe

C:\Program\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe

C:\Program\Acronis\TrueImageHome\TrueImageMonitor.exe

C:\Program\Acronis\TrueImageHome\TimounterMonitor.exe

C:\Program\Delade filer\Acronis\Schedule2\schedhlp.exe

C:\Program\CyberLink\PowerDVD\PDVDServ.exe

C:\Program\QuickTime\qttask.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program\Messenger\msmsgs.exe

C:\DOCUME~1\stinger\MINADO~1\DOBE~1\ntvdm.exe

C:\Program\??crosoft.NET\d?dplay.exe

C:\Program\Ipwindows\ipwins.exe

C:\WINDOWS\system32\WgaTray.exe

C:\Program\D-Link\D-Link AirPlus G+ Wireless Adapter Utility\DWLGTI.EXE

C:\WINDOWS\System32\svchost.exe

C:\Program\MSN Messenger\msnmsgr.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Program\MSN Messenger\usnsvc.exe

C:\Program\ICQLite\ICQLite.exe

C:\Program\Internet Explorer\iexplore.exe

C:\Program\Delade filer\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\Program\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.copi.se/

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar

R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program\Macrogaming\SweetIMBarForIE\toolbar.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)

O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program\Macrogaming\SweetIMBarForIE\toolbar.dll

O3 - Toolbar: (no name) - {C1B4DEC2-2623-438e-9CA2-C9043AB28508} - (no file)

O4 - HKLM\..\Run: [NVMixerTray] "C:\Program\NVIDIA Corporation\NvMixer\NVMixerTray.exe"

O4 - HKLM\..\Run: [NVIDIA nTune] "C:\Program\NVIDIA Corporation\nTune\\nTune.exe" clear

O4 - HKLM\..\Run: [PCLEPCI] C:\Program\PINNAC~1\PPE\PPE.EXE

O4 - HKLM\..\Run: [ATIPTA] C:\Program\ATI Technologies\ATI Control Panel\atiptaxx.exe

O4 - HKLM\..\Run: [intelliPoint] "C:\Program\Microsoft IntelliPoint\point32.exe"

O4 - HKLM\..\Run: [vptray] C:\Program\SYMANT~1\SYMANT~1\vptray.exe

O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon

O4 - HKLM\..\Run: [Net iD] C:\WINDOWS\system32\iid.exe

O4 - HKLM\..\Run: [sweetIM] C:\Program\Macrogaming\SweetIM\SweetIM.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program\Java\jre1.5.0_11\bin\jusched.exe"

O4 - HKLM\..\Run: [Omnipage] C:\Program\ScanSoft\OmniPageSE\opware32.exe

O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program\Executive Software\Diskeeper\DkIcon.exe"

O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"

O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program\Acronis\TrueImageHome\TrueImageMonitor.exe

O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program\Acronis\TrueImageHome\TimounterMonitor.exe

O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program\Delade filer\Acronis\Schedule2\schedhlp.exe"

O4 - HKLM\..\Run: [RemoteControl] C:\Program\CyberLink\PowerDVD\PDVDServ.exe

O4 - HKLM\..\Run: [Windows] rundll32.exe

O4 - HKLM\..\Run: [PrintDrive] rundll32.exe "C:\WINDOWS\system32\txndohqq.dll",setvm

O4 - HKLM\..\Run: [infoData] rundll32.exe "C:\WINDOWS\system32\xjgmkaet.dll",realset

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\RunServices: [Windows] rundll32.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Program\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [sweetIM] C:\Program\Macrogaming\SweetIM\SweetIM.exe

O4 - HKCU\..\Run: [updateMgr] "C:\Program\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1

O4 - HKCU\..\Run: [saao] "C:\DOCUME~1\stinger\MINADO~1\DOBE~1\ntvdm.exe" -vt yazb

O4 - HKCU\..\Run: [Okkfs] C:\Program\??crosoft.NET\d?dplay.exe

O4 - HKCU\..\Run: [ipWins] C:\Program\Ipwindows\ipwins.exe

O4 - HKCU\..\RunOnce: [iCQ Lite] C:\Program\ICQLite\ICQLite.exe -trayboot

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: D-Link AirPlus G+ Wireless Adapter Utility.lnk = C:\Program\D-Link\D-Link AirPlus G+ Wireless Adapter Utility\DWLGTI.EXE

O4 - Global Startup: Microsoft Office.lnk = C:\Program\Microsoft Office\Office10\OSA.EXE

O8 - Extra context menu item: &Google Search - res://C:\Program\Google\GoogleToolbar1.dll/cmsearch.html

O8 - Extra context menu item: Backward &Links - res://C:\Program\Google\GoogleToolbar1.dll/cmbacklinks.html

O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program\Google\GoogleToolbar1.dll/cmcache.html

O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~2\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Si&milar Pages - res://C:\Program\Google\GoogleToolbar1.dll/cmsimilar.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_11\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_11\bin\ssv.dll

O9 - Extra button: Referensinformation - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program\ICQLite\ICQLite.exe

O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program\ICQLite\ICQLite.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O15 - Trusted Zone: *.sf-anytime.com

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {5BF56AD2-E297-416E-BC49-000004010011} - https://cve.trust.telia.com/TeliaElegUpgrade/iidsetup.cab

O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - http://support.f-secure.com/ols/fscax.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{3C48B3B1-E502-470C-83C4-73A7EC329671}: NameServer = 192.168.100.1

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program\MSNMES~1\MSGRAP~1.DLL

O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program\Delade filer\Acronis\Schedule2\schedul2.exe

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program\Delade filer\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: Client IP-IPX - Unknown owner - C:\WINDOWS\system32\svchosts.exe" -e mc-110-12-0000627 (file missing)

O23 - Service: DefWatch - Symantec Corporation - C:\Program\SYMANT~1\SYMANT~1\DefWatch.exe

O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program\Executive Software\Diskeeper\DkService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program\Delade filer\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPodService - Apple Computer, Inc. - C:\Program\iPod\bin\iPodService.exe

O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program\SYMANT~1\SYMANT~1\Rtvscan.exe

1 Maj, 2007

SmitFraudFix v2.171

Scan done at 22:10:25,75, 2007-05-01

Run from C:\Documents and Settings\stinger\Skrivbord\SmitfraudFix

OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT

The filesystem type is NTFS

Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program\Delade filer\Acronis\Schedule2\schedul2.exe

C:\Program\SYMANT~1\SYMANT~1\DefWatch.exe

C:\Program\Executive Software\Diskeeper\DkService.exe

C:\Program\Delade filer\Microsoft Shared\VS7Debug\mdm.exe

C:\Program\SYMANT~1\SYMANT~1\Rtvscan.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\Program\NVIDIA Corporation\NvMixer\NVMixerTray.exe

C:\Program\ATI Technologies\ATI Control Panel\atiptaxx.exe

C:\Program\Microsoft IntelliPoint\point32.exe

C:\Program\SYMANT~1\SYMANT~1\vptray.exe

C:\WINDOWS\system32\iid.exe

C:\Program\Macrogaming\SweetIM\SweetIM.exe

C:\Program\Java\jre1.5.0_11\bin\jusched.exe

C:\Program\ScanSoft\OmniPageSE\opware32.exe

C:\Program\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe

C:\Program\Acronis\TrueImageHome\TrueImageMonitor.exe

C:\Program\Acronis\TrueImageHome\TimounterMonitor.exe

C:\Program\Delade filer\Acronis\Schedule2\schedhlp.exe

C:\Program\CyberLink\PowerDVD\PDVDServ.exe

C:\Program\QuickTime\qttask.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program\Messenger\msmsgs.exe

C:\DOCUME~1\stinger\MINADO~1\DOBE~1\ntvdm.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts

»»»»»»»»»»»»»»»»»»»»»»»» C:

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\stinger

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\stinger\Application Data

»»»»»»»»»»»»»»»»»»»»»»»» Start Menu

»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\stinger\FAVORI~1

»»»»»»»»»»»»»»»»»»»»»»»» Desktop

»»»»»»»»»»»»»»»»»»»»»»»» C:\Program

»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys

HKLM\SOFTWARE\WinHound.com FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]

"Source"="C:\\WINDOWS\\warnhp.html"

"SubscribedURL"=""

"FriendlyName"="Warning homepage"

»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler

!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri

Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs

!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"AppInit_DLLs"=""

»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System

!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]

"System"=""

»»»»»»»»»»»»»»»»»»»»»»»» pe386-msguard-lzx32-huy32

»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: Marvell Yukon Gigabit Ethernet 10/100/1000Base-T Adapter, Copper RJ-45 - Miniport för paketschemaläggning

DNS Server Search Order: 195.67.199.15

DNS Server Search Order: 195.67.199.16

HKLM\SYSTEM\CCS\Services\Tcpip\..\{362824E3-2BF8-4546-849A-7964AEF5C3C1}: DhcpNameServer=195.67.199.15 195.67.199.16

HKLM\SYSTEM\CCS\Services\Tcpip\..\{3C48B3B1-E502-470C-83C4-73A7EC329671}: NameServer=192.168.100.1

HKLM\SYSTEM\CS1\Services\Tcpip\..\{3C48B3B1-E502-470C-83C4-73A7EC329671}: DhcpNameServer=192.168.100.1

HKLM\SYSTEM\CS2\Services\Tcpip\..\{362824E3-2BF8-4546-849A-7964AEF5C3C1}: DhcpNameServer=195.67.199.15 195.67.199.16

HKLM\SYSTEM\CS2\Services\Tcpip\..\{3C48B3B1-E502-470C-83C4-73A7EC329671}: NameServer=192.168.100.1

HKLM\SYSTEM\CS3\Services\Tcpip\..\{362824E3-2BF8-4546-849A-7964AEF5C3C1}: DhcpNameServer=195.67.199.15 195.67.199.16

HKLM\SYSTEM\CS3\Services\Tcpip\..\{3C48B3B1-E502-470C-83C4-73A7EC329671}: NameServer=192.168.100.1

HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=195.67.199.15 195.67.199.16

HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.100.1

HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=195.67.199.15 195.67.199.16

HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=195.67.199.15 195.67.199.16

»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection

»»»»»»»»»»»»»»»»»»»»»»»» End

1 Maj, 2007

det fanns en del ja. vi kör två scanners, installera >uppdatera superantispyware.

scan computer >välj complete scan >klicka på next >starta om.

öppna superantispyware >preferences >statistics/logs >markera senaste loggen >view >kopiera in det i loggen här.

http://www.superantispyware.com/downloads/SUPERAntiSpyware.exe

sen kör du SDFix.

http://downloads.andymanchesta.com/RemovalTools/SDFix.exe

spara filen på skrivbordet >klicka på SDFix.exe >sdfixen packas upp här: C:\SDFix.

starta om i felsäkert läge (F8) >gå hit: C:\SDFix >klicka på runthis.bat >välj y.

när scanningen är klar så tryck på valfri tangent för att starta om.

när det står finished så tryck på valfri tangent. en logg kommer automatiskt att visas, kopiera in loggen här.

gör även en scan med HJT efter att du kört SDFix så det blir alltså tre loggar som jag vill se

2 Maj, 2007

SUPERAntiSpyware Scan Log

http://www.superantispyware.com

Generated 05/02/2007 at 09:26 AM

Application Version : 3.7.1018

Core Rules Database Version : 3229

Trace Rules Database Version: 1240

Scan type : Complete Scan

Total Scan Time : 00:28:57

Memory items scanned : 537

Memory threats detected : 8

Registry items scanned : 6119

Registry threats detected : 119

File items scanned : 41016

File threats detected : 291

Trojan.WinFixer

C:\WINDOWS\SYSTEM32\MLLMM.DLL

HKLM\Software\Classes\CLSID\{57B46A64-7EFC-493C-9B80-21D3BD9CBF34}

HKCR\CLSID\{57B46A64-7EFC-493C-9B80-21D3BD9CBF34}

HKCR\CLSID\{57B46A64-7EFC-493C-9B80-21D3BD9CBF34}\InprocServer32

HKCR\CLSID\{57B46A64-7EFC-493C-9B80-21D3BD9CBF34}\InprocServer32#ThreadingModel

HKLM\Software\Classes\CLSID\{700F9980-EB30-4278-8A4D-6EBB95671009}

HKCR\CLSID\{700F9980-EB30-4278-8A4D-6EBB95671009}

HKCR\CLSID\{700F9980-EB30-4278-8A4D-6EBB95671009}\InprocServer32

HKCR\CLSID\{700F9980-EB30-4278-8A4D-6EBB95671009}\InprocServer32#ThreadingModel

HKLM\Software\Classes\CLSID\{79F8174A-BB26-4745-B5A2-E1070508B05D}

HKCR\CLSID\{79F8174A-BB26-4745-B5A2-E1070508B05D}

HKCR\CLSID\{79F8174A-BB26-4745-B5A2-E1070508B05D}\InprocServer32

HKCR\CLSID\{79F8174A-BB26-4745-B5A2-E1070508B05D}\InprocServer32#ThreadingModel

HKLM\Software\Classes\CLSID\{86D93E01-9844-47C7-AAE2-343E67870613}

HKCR\CLSID\{86D93E01-9844-47C7-AAE2-343E67870613}

HKCR\CLSID\{86D93E01-9844-47C7-AAE2-343E67870613}\InprocServer32

HKCR\CLSID\{86D93E01-9844-47C7-AAE2-343E67870613}\InprocServer32#ThreadingModel

HKLM\Software\Classes\CLSID\{A8C7FFEB-D25C-4454-950B-FB942B858BC9}

HKCR\CLSID\{A8C7FFEB-D25C-4454-950B-FB942B858BC9}

HKCR\CLSID\{A8C7FFEB-D25C-4454-950B-FB942B858BC9}\InprocServer32

HKCR\CLSID\{A8C7FFEB-D25C-4454-950B-FB942B858BC9}\InprocServer32#ThreadingModel

HKLM\Software\Classes\CLSID\{AD7E93E0-5323-422C-B54B-F862A4A99382}

HKCR\CLSID\{AD7E93E0-5323-422C-B54B-F862A4A99382}

HKCR\CLSID\{AD7E93E0-5323-422C-B54B-F862A4A99382}\InprocServer32

HKCR\CLSID\{AD7E93E0-5323-422C-B54B-F862A4A99382}\InprocServer32#ThreadingModel

HKLM\Software\Classes\CLSID\{C2D2D756-938A-49CC-A246-A1F0113A03F5}

HKCR\CLSID\{C2D2D756-938A-49CC-A246-A1F0113A03F5}

HKCR\CLSID\{C2D2D756-938A-49CC-A246-A1F0113A03F5}\InprocServer32

HKCR\CLSID\{C2D2D756-938A-49CC-A246-A1F0113A03F5}\InprocServer32#ThreadingModel

HKLM\Software\Classes\CLSID\{EFF92ED1-C75B-45CC-A92A-00D00115CE25}

HKCR\CLSID\{EFF92ED1-C75B-45CC-A92A-00D00115CE25}

HKCR\CLSID\{EFF92ED1-C75B-45CC-A92A-00D00115CE25}\InprocServer32

HKCR\CLSID\{EFF92ED1-C75B-45CC-A92A-00D00115CE25}\InprocServer32#ThreadingModel

HKLM\Software\Classes\CLSID\{FA518B46-CCBB-42C4-B045-49AD089FE8EA}

HKCR\CLSID\{FA518B46-CCBB-42C4-B045-49AD089FE8EA}

HKCR\CLSID\{FA518B46-CCBB-42C4-B045-49AD089FE8EA}\InprocServer32

HKCR\CLSID\{FA518B46-CCBB-42C4-B045-49AD089FE8EA}\InprocServer32#ThreadingModel

HKLM\Software\Classes\CLSID\{FC508C67-E5BF-4DBF-9B7B-79413FCAAD43}

HKCR\CLSID\{FC508C67-E5BF-4DBF-9B7B-79413FCAAD43}

HKCR\CLSID\{FC508C67-E5BF-4DBF-9B7B-79413FCAAD43}\InprocServer32

HKCR\CLSID\{FC508C67-E5BF-4DBF-9B7B-79413FCAAD43}\InprocServer32#ThreadingModel

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A8C7FFEB-D25C-4454-950B-FB942B858BC9}

Software\Microsoft\Windows NT\CurrentVersion\WinLogon\Notify\mllmm

Trojan.Downloader-Gen/HardFall

C:\WINDOWS\SYSTEM32\XXYWWVS.DLL

Adware.ClickSpring-Variant

C:\DOCUME~1\STINGER\MINADO~1\DOBE~1\NTVDM.EXE

C:\WINDOWS\Prefetch\NTVDM.EXE-2F54EA30.pf

Adware.ClickSpring/Resident

C:\Program\CROSOF~1.NET\DDPLAY~1.EXE

Adware.IPWins

C:\PROGRAM\IPWINDOWS\IPWINS.EXE

[ipWins] C:\PROGRAM\IPWINDOWS\IPWINS.EXE

HKU\S-1-5-21-602162358-920026266-839522115-1003\Software\IpWins

C:\Program\ipwindows\ipwins.dll

C:\Program\ipwindows\UnInstall.exe

C:\Program\ipwindows

C:\RECYCLER\S-1-5-21-602162358-920026266-839522115-1003\DC8\IPWINS.EXE

C:\WINDOWS\Prefetch\IPWINS.EXE-38CEB50D.pf

Trojan.Downloader-CREW

C:\WINDOWS\SYSTEM32\NTULXKHM.DLL

HKLM\Software\Classes\CLSID\{40E0D9C3-956B-4B5F-B05C-F00EC265A6F6}

HKCR\CLSID\{40E0D9C3-956B-4B5F-B05C-F00EC265A6F6}

HKCR\CLSID\{40E0D9C3-956B-4B5F-B05C-F00EC265A6F6}\InprocServer32

HKCR\CLSID\{40E0D9C3-956B-4B5F-B05C-F00EC265A6F6}\InprocServer32#ThreadingModel

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{40E0D9C3-956B-4B5F-B05C-F00EC265A6F6}

Unclassified.Unknown Origin

C:\WINDOWS\SYSTEM32\VOBCFVP.DLL

HKLM\Software\Classes\CLSID\{66E5A715-3480-6D26-F63B-6AE348E2F9E1}

HKCR\CLSID\{66E5A715-3480-6D26-F63B-6AE348E2F9E1}

HKCR\CLSID\{66E5A715-3480-6D26-F63B-6AE348E2F9E1}\InprocServer32

HKCR\CLSID\{66E5A715-3480-6D26-F63B-6AE348E2F9E1}\InprocServer32#ThreadingModel

HKCR\CLSID\{66E5A715-3480-6D26-F63B-6AE348E2F9E1}\Programmable

HKCR\CLSID\{66E5A715-3480-6D26-F63B-6AE348E2F9E1}\TypeLib

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{66E5A715-3480-6D26-F63B-6AE348E2F9E1}

HKLM\Software\Microsoft\Internet Explorer\Toolbar#{C1B4DEC2-2623-438e-9CA2-C9043AB28508}

C:\DC++\SOFTWARE - BLANDAT\_BRäNNARPROGRAM\NERO 6.6.0.6 SUITE YAHAA.ORG ,INKL RECODE\NERO 6.6.0.6 INC RECODE\KEYGEN.EXE

Trojan.Downloader-Gen/LIB

C:\WINDOWS\SYSTEM32\SEGPETXO.DLL

Worm.Sober Variant

[saao] C:\DOCUME~1\STINGER\MINADO~1\DOBE~1\NTVDM.EXE

C:\DOCUMENTS AND SETTINGS\STINGER\MINA DOKUMENT\DOBE~1\NTVDM.EXE

Adware.Vundo Variant

HKLM\Software\Classes\CLSID\{1557B435-8242-4686-9AA3-9265BF7525A4}

HKCR\CLSID\{1557B435-8242-4686-9AA3-9265BF7525A4}

HKCR\CLSID\{1557B435-8242-4686-9AA3-9265BF7525A4}\InprocServer32

HKCR\CLSID\{1557B435-8242-4686-9AA3-9265BF7525A4}\InprocServer32#ThreadingModel

C:\WINDOWS\SYSTEM32\IRMCLWIN.DLL

HKLM\Software\Classes\CLSID\{67C55A8D-E808-4caa-9EA7-F77102DE0BB6}

HKCR\CLSID\{67C55A8D-E808-4CAA-9EA7-F77102DE0BB6}

HKCR\CLSID\{67C55A8D-E808-4CAA-9EA7-F77102DE0BB6}\InprocServer32

HKCR\CLSID\{67C55A8D-E808-4CAA-9EA7-F77102DE0BB6}\InprocServer32#ThreadingModel

C:\WINDOWS\SYSTEM32\YJVHPIMD.DLL

HKLM\Software\Classes\CLSID\{80440127-2315-4464-88B9-7ACB72F43ADB}

HKCR\CLSID\{80440127-2315-4464-88B9-7ACB72F43ADB}

HKCR\CLSID\{80440127-2315-4464-88B9-7ACB72F43ADB}\InprocServer32

HKCR\CLSID\{80440127-2315-4464-88B9-7ACB72F43ADB}\InprocServer32#ThreadingModel

HKLM\Software\Classes\CLSID\{D651AFF4-9590-424d-BD1E-8E33E090DFB3}

HKCR\CLSID\{D651AFF4-9590-424D-BD1E-8E33E090DFB3}

HKCR\CLSID\{D651AFF4-9590-424D-BD1E-8E33E090DFB3}\InprocServer32

HKCR\CLSID\{D651AFF4-9590-424D-BD1E-8E33E090DFB3}\InprocServer32#ThreadingModel

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{80440127-2315-4464-88B9-7ACB72F43ADB}

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D651AFF4-9590-424d-BD1E-8E33E090DFB3}

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks#{80440127-2315-4464-88B9-7ACB72F43ADB}

Software\Microsoft\Windows NT\CurrentVersion\WinLogon\Notify\xxywwvs

HKCR\CLSID\{1557B435-8242-4686-9AA3-9265BF7525A4}

HKCR\CLSID\{67C55A8D-E808-4CAA-9EA7-F77102DE0BB6}

HKCR\CLSID\{80440127-2315-4464-88B9-7ACB72F43ADB}

HKCR\CLSID\{D651AFF4-9590-424D-BD1E-8E33E090DFB3}

Adware.Tracking Cookie

C:\Documents and Settings\stinger\Cookies\stinger@ocxxx[2].txt

C:\Documents and Settings\stinger\Cookies\stinger@list[2].txt

C:\Documents and Settings\stinger\Cookies\stinger@aua[1].txt

C:\Documents and Settings\stinger\Cookies\stinger@posten[1].txt

C:\Documents and Settings\stinger\Cookies\stinger@belnk[1].txt

C:\Documents and Settings\stinger\Cookies\stinger@cgi-bin[1].txt

C:\Documents and Settings\stinger\Cookies\stinger@adtech[2].txt

C:\Documents and Settings\stinger\Cookies\stinger@ebookers[1].txt

C:\Documents and Settings\stinger\Cookies\stinger@www.amaena[2].txt

C:\Documents and Settings\stinger\Cookies\stinger@cgi-bin[4].txt

C:\Documents and Settings\stinger\Cookies\stinger@m1.webstats4u[1].txt

C:\Documents and Settings\stinger\Cookies\stinger@ads.porn-a-licious[2].txt

C:\Documents and Settings\stinger\Cookies\stinger@image.masterstats[2].txt

C:\Documents and Settings\stinger\Cookies\stinger@www.nationmultimedia[1].txt

C:\Documents and Settings\stinger\Cookies\stinger@valueclick[1].txt

C:\Documents and Settings\stinger\Cookies\stinger@kanal5[2].txt

C:\Documents and Settings\stinger\Cookies\stinger@clicktorrent[2].txt

C:\Documents and Settings\stinger\Cookies\stinger@ad.yieldmanager[1].txt

C:\Documents and Settings\stinger\Cookies\stinger@doubleclick[1].txt

C:\Documents and Settings\stinger\Cookies\stinger@sydkraft[1].txt

C:\Documents and Settings\stinger\Cookies\stinger@dist.belnk[2].txt

C:\Documents and Settings\stinger\Cookies\stinger@burstnet[1].txt

C:\Documents and Settings\stinger\Cookies\stinger@www.assworldsex[2].txt

C:\Documents and Settings\stinger\Cookies\stinger@windowsmedia[1].txt

C:\Documents and Settings\stinger\Cookies\stinger@stats.sbab[1].txt

C:\Documents and Settings\stinger\Cookies\stinger@tracker.affistats[1].txt

C:\Documents and Settings\stinger\Cookies\stinger@swe[1].txt

C:\Documents and Settings\stinger\Cookies\stinger@ad[2].txt

C:\Documents and Settings\stinger\Cookies\stinger@geo.precisionclick[1].txt

C:\Documents and Settings\stinger\Cookies\stinger@smileycentral[2].txt

C:\Documents and Settings\stinger\Cookies\stinger@track.emmy-style[1].txt

C:\Documents and Settings\stinger\Cookies\stinger@82763522[1].txt

C:\Documents and Settings\stinger\Cookies\stinger@partygaming.122.2o7[1].txt

C:\Documents and Settings\stinger\Cookies\stinger@adopt.hbmediapro[2].txt

C:\Documents and Settings\stinger\Cookies\stinger@xiti[1].txt

C:\Documents and Settings\stinger\Cookies\stinger@mediaplex[1].txt

C:\Documents and Settings\stinger\Cookies\stinger@cz3.clickzs[2].txt

C:\Documents and Settings\stinger\Cookies\stinger@ad.adocean[2].txt

C:\Documents and Settings\stinger\Cookies\stinger@tracking.sms[1].txt

C:\Documents and Settings\stinger\Cookies\stinger@asian[1].txt

C:\Documents and Settings\stinger\Cookies\stinger@usenext[1].txt

C:\Documents and Settings\stinger\Cookies\stinger@atdmt[2].txt

C:\Documents and Settings\stinger\Cookies\stinger@yadro[2].txt

C:\Documents and Settings\stinger\Cookies\stinger@mb[1].txt

C:\Documents and Settings\stinger\Cookies\stinger@www.asianesex[1].txt

C:\Documents and Settings\stinger\Cookies\stinger@ad-server.gulasidorna[2].txt

C:\Documents and Settings\stinger\Cookies\stinger@nationmultimedia[2].txt

C:\Documents and Settings\stinger\Cookies\stinger@default[1].txt

C:\Documents and Settings\stinger\Cookies\stinger@advertising[2].txt

C:\Documents and Settings\stinger\Cookies\stinger@kanal5[1].txt

C:\Documents and Settings\stinger\Cookies\stinger@ads.realcastmedia[1].txt

C:\Documents and Settings\stinger\Cookies\stinger@se[1].txt

C:\Documents and Settings\stinger\Cookies\stinger@tradedoubler[1].txt

C:\Documents and Settings\stinger\Cookies\stinger@adultfriendfinder[2].txt

C:\Documents and Settings\stinger\Cookies\stinger@superstats[2].txt

C:\Documents and Settings\stinger\Cookies\stinger@popularscreensavers[1].txt

C:\Documents and Settings\stinger\Cookies\stinger@atwola[2].txt

C:\Documents and Settings\stinger\Cookies\stinger@aa[2].txt

C:\Documents and Settings\stinger\Cookies\stinger@1071225766[2].txt

C:\Documents and Settings\stinger\Cookies\stinger@ads.realtechnetwork[2].txt

C:\Documents and Settings\stinger\Cookies\stinger@focalex[2].txt

C:\Documents and Settings\stinger\Cookies\stinger@bluestreak[2].txt

C:\Documents and Settings\stinger\Cookies\stinger@ehg-hollywoodmedia.hitbox[1].txt

C:\Documents and Settings\stinger\Cookies\stinger@ad1.clickhype[2].txt

C:\Documents and Settings\stinger\Cookies\stinger@europcar[1].txt

C:\Documents and Settings\stinger\Cookies\stinger@clickthai[2].txt

C:\Documents and Settings\stinger\Cookies\stinger@1068917223[1].txt

C:\Documents and Settings\stinger\Cookies\stinger@resaweb[1].txt

C:\Documents and Settings\stinger\Cookies\stinger@ads.technologyguide[1].txt

C:\Documents and Settings\stinger\Cookies\stinger@cgi-bin[5].txt

C:\Documents and Settings\stinger\Cookies\stinger@as1.falkag[2].txt

C:\Documents and Settings\stinger\Cookies\stinger@ads.tripod.spray[1].txt

C:\Documents and Settings\stinger\Cookies\stinger@www.paradisex[1].txt

C:\Documents and Settings\stinger\Cookies\stinger@partypoker[1].txt

C:\Documents and Settings\stinger\Cookies\stinger@ads.boats[2].txt

C:\Documents and Settings\stinger\Cookies\stinger@ads.monster[2].txt

C:\Documents and Settings\stinger\Cookies\stinger@c2.gostats[2].txt

C:\Documents and Settings\stinger\Cookies\stinger@rambler[2].txt

C:\Documents and Settings\stinger\Cookies\stinger@worldsexguide[2].txt

C:\Documents and Settings\stinger\Cookies\stinger@torget[1].txt

C:\Documents and Settings\stinger\Cookies\stinger@cgi-bin[2].txt

C:\Documents and Settings\stinger\Cookies\stinger@adinterax[1].txt

C:\Documents and Settings\stinger\Cookies\stinger@ipoint.targetpoint[2].txt

C:\Documents and Settings\stinger\Cookies\stinger@1069781216[1].txt

C:\Documents and Settings\stinger\Cookies\stinger@smiley.smileycentral[1].txt

C:\Documents and Settings\stinger\Cookies\stinger@ads.co[1].txt

C:\Documents and Settings\stinger\Cookies\stinger@internetadsales[1].txt

C:\Documents and Settings\stinger\Cookies\stinger@www.internetadsales[1].txt

C:\Documents and Settings\stinger\Cookies\stinger@85343133[1].txt

C:\Documents and Settings\stinger\Cookies\stinger@stats1.reliablestats[2].txt

C:\Documents and Settings\stinger\Cookies\stinger@adsrevenue[1].txt

C:\Documents and Settings\stinger\Cookies\stinger@www2.swebusexpress[1].txt

C:\Documents and Settings\stinger\Cookies\stinger@ad.zanox[2].txt

C:\Documents and Settings\stinger\Cookies\stinger@6837.luftgropmedia[1].txt

C:\Documents and Settings\stinger\Cookies\stinger@ads.planetactive[2].txt

C:\Documents and Settings\stinger\Cookies\stinger@cgi-bin[8].txt

C:\Documents and Settings\stinger\Cookies\stinger@interclick[2].txt

C:\Documents and Settings\stinger\Cookies\stinger@toplist[1].txt

C:\Documents and Settings\stinger\Cookies\stinger@serving-sys[2].txt

C:\Documents and Settings\stinger\Cookies\stinger@no[1].txt

C:\Documents and Settings\stinger\Cookies\stinger@ads.isupport[2].txt

C:\Documents and Settings\stinger\Cookies\stinger@43425925[1].txt

C:\Documents and Settings\stinger\Cookies\stinger@azjmp[1].txt

C:\Documents and Settings\stinger\Cookies\stinger@hitbox[2].txt

C:\Documents and Settings\stinger\Cookies\stinger@statcounter[2].txt

C:\Documents and Settings\stinger\Cookies\stinger@yourmedia[1].txt

C:\Documents and Settings\stinger\Cookies\stinger@ad.outerinfo[1].txt

C:\Documents and Settings\stinger\Cookies\stinger@mycounter.tinycounter[1].txt

C:\Documents and Settings\stinger\Cookies\stinger@www.pstats[1].txt

C:\Documents and Settings\stinger\Cookies\stinger@www.getcounters[1].txt

C:\Documents and Settings\stinger\Cookies\stinger@mb[2].txt

C:\Documents and Settings\stinger\Cookies\stinger@1068871941[2].txt

C:\Documents and Settings\stinger\Cookies\stinger@ac-banners[1].txt

C:\Documents and Settings\stinger\Cookies\stinger@campaign.indieclick[1].txt

C:\Documents and Settings\stinger\Cookies\stinger@kanoodle[1].txt

C:\Documents and Settings\stinger\Cookies\stinger@indextools[2].txt

C:\Documents and Settings\stinger\Cookies\stinger@stats.gondolen[1].txt

C:\Documents and Settings\stinger\Cookies\stinger@partner2profit[2].txt

C:\Documents and Settings\stinger\Cookies\stinger@serving.rpowermedia[1].txt

C:\Documents and Settings\stinger\Cookies\stinger@ads1.partnerlogic[1].txt

C:\Documents and Settings\stinger\Cookies\stinger@torget[2].txt

C:\Documents and Settings\stinger\Cookies\stinger@megastats[1].txt

C:\Documents and Settings\stinger\Cookies\stinger@cgi-bin[6].txt

C:\Documents and Settings\stinger\Cookies\stinger@tracking.notabenestats[1].txt

C:\Documents and Settings\stinger\Cookies\stinger@www.gameelite[2].txt

C:\Documents and Settings\stinger\Cookies\stinger@keywordelite[1].txt

C:\Documents and Settings\stinger\Cookies\stinger@mb[5].txt

C:\Documents and Settings\stinger\Cookies\stinger@new-pcp[1].txt

C:\Documents and Settings\stinger\Cookies\stinger@cpvfeed[3].txt

C:\Documents and Settings\stinger\Cookies\stinger@ads.digitalmedianet[1].txt

C:\Documents and Settings\stinger\Cookies\stinger@stats.eriks[1].txt

C:\Documents and Settings\stinger\Cookies\stinger@adult.dvdempire[2].txt

C:\Documents and Settings\stinger\Cookies\stinger@www.belstat[2].txt

C:\Documents and Settings\stinger\Cookies\stinger@winantivirus[2].txt

C:\Documents and Settings\stinger\Cookies\stinger@komtrack[2].txt

C:\Documents and Settings\stinger\Cookies\stinger@www.ac-banners[1].txt

C:\Documents and Settings\stinger\Cookies\stinger@webstat.yamaha[2].txt

C:\Documents and Settings\stinger\Cookies\stinger@counter.justindy[2].txt

C:\Documents and Settings\stinger\Cookies\stinger@netmediagroup[2].txt

C:\Documents and Settings\stinger\Cookies\stinger@se.winantivirus[1].txt

C:\Documents and Settings\stinger\Cookies\stinger@login.tracking101[1].txt

C:\Documents and Settings\stinger\Cookies\stinger@www.winantiviruspro[2].txt

C:\Documents and Settings\stinger\Cookies\stinger@86992609[1].txt

C:\Documents and Settings\stinger\Cookies\stinger@www.analsexporr[1].txt

C:\Documents and Settings\stinger\Cookies\stinger@mb[4].txt

C:\Documents and Settings\stinger\Cookies\stinger@33075875[2].txt

C:\Documents and Settings\stinger\Cookies\stinger@drivecleaner[3].txt

C:\Documents and Settings\stinger\Cookies\stinger@stats.drivecleaner[2].txt

C:\Documents and Settings\stinger\Cookies\stinger@gameelite.se.intellitxt[1].txt

C:\Documents and Settings\stinger\Cookies\stinger@84815040[1].txt

C:\Documents and Settings\stinger\Cookies\stinger@www.adbrite[2].txt

C:\Documents and Settings\stinger\Cookies\stinger@fastclick[2].txt

C:\Documents and Settings\stinger\Cookies\stinger@www.clickxchange[2].txt

C:\Documents and Settings\stinger\Cookies\stinger@gameelite[1].txt

C:\Documents and Settings\stinger\Cookies\stinger@www.burstnet[1].txt

C:\Documents and Settings\stinger\Cookies\stinger@se.drivecleaner[1].txt

C:\Documents and Settings\stinger\Cookies\stinger@postclicktracking[1].txt

C:\Documents and Settings\stinger\Cookies\stinger@e2.emediate[2].txt

C:\Documents and Settings\stinger\Cookies\stinger@bs.serving-sys[2].txt

C:\Documents and Settings\stinger\Cookies\stinger@247realmedia[1].txt

C:\Documents and Settings\stinger\Cookies\stinger@ad.yieldmanager[2].txt

C:\Documents and Settings\stinger\Cookies\stinger@cpvfeed[2].txt

C:\Documents and Settings\stinger\Cookies\stinger@yieldmanager[2].txt

Adware.ClickSpring/Yazzle

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yazzle1122Oin

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yazzle1122Oin#DisplayName

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yazzle1122Oin#UninstallString

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yazzle1122Oin#HelpLink

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yazzle1122Oin#Publisher

C:\PROGRAM\DELADE FILER\YAZZLE1122OINUNINSTALLER.EXE

C:\WINDOWS\PREFETCH\YAZZLE1122OINADMIN.EXE-06E7DA0E.PF

C:\WINDOWS\PREFETCH\YAZZLEBUNDLE-1122.EXE-3094B456.PF

Adware.ClickSpring/Outer Info Network

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Outerinfo

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Outerinfo#DisplayVersion

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Outerinfo#UninstallString

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Outerinfo#DisplayName

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Outerinfo#NoModify

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Outerinfo#NoRepair

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Outerinfo#DisplayIcon

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Outerinfo#HelpLink

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Outerinfo#Publisher

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Outerinfo#InstallLocation

C:\Program\Outerinfo\OiUninstaller.exe

C:\Program\Outerinfo\outerinfo.ico

C:\Program\Outerinfo\Terms.rtf

C:\Program\Outerinfo

C:\Documents and Settings\stinger\Start-meny\Program\Outerinfo\Terms.lnk

C:\Documents and Settings\stinger\Start-meny\Program\Outerinfo\Uninstall.lnk

C:\Documents and Settings\stinger\Start-meny\Program\Outerinfo

Trojan.Svchosts

HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CLIENT_IP-IPX

HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CLIENT_IP-IPX#NextInstance

HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CLIENT_IP-IPX\0000

HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CLIENT_IP-IPX\0000#Service

HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CLIENT_IP-IPX\0000#Legacy

HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CLIENT_IP-IPX\0000#ConfigFlags

HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CLIENT_IP-IPX\0000#Class

HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CLIENT_IP-IPX\0000#ClassGUID

HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CLIENT_IP-IPX\0000#DeviceDesc

HKLM\SYSTEM\CurrentControlSet\Services\Client IP-IPX

HKLM\SYSTEM\CurrentControlSet\Services\Client IP-IPX#Type

HKLM\SYSTEM\CurrentControlSet\Services\Client IP-IPX#Start

HKLM\SYSTEM\CurrentControlSet\Services\Client IP-IPX#ErrorControl

HKLM\SYSTEM\CurrentControlSet\Services\Client IP-IPX#ImagePath

HKLM\SYSTEM\CurrentControlSet\Services\Client IP-IPX#DisplayName

HKLM\SYSTEM\CurrentControlSet\Services\Client IP-IPX#ObjectName

HKLM\SYSTEM\CurrentControlSet\Services\Client IP-IPX\Security

HKLM\SYSTEM\CurrentControlSet\Services\Client IP-IPX\Security#Security

HKLM\SYSTEM\CurrentControlSet\Services\Client IP-IPX\Enum

HKLM\SYSTEM\CurrentControlSet\Services\Client IP-IPX\Enum#0

HKLM\SYSTEM\CurrentControlSet\Services\Client IP-IPX\Enum#Count

HKLM\SYSTEM\CurrentControlSet\Services\Client IP-IPX\Enum#NextInstance

Trojan.WinAntiSpyware/WinAntiVirus 2006

C:\DOCUMENTS AND SETTINGS\STINGER\APPLICATION DATA\WINANTIVIRUSPRO2007FREEINSTALL[1].EXE

C:\DOCUMENTS AND SETTINGS\STINGER\LOKALA INSTäLLNINGAR\TEMPORARY INTERNET FILES\CONTENT.IE5\SZ17Q231\WINANTIVIRUSPRO2007FREEINSTALL[1].EXE

C:\WINDOWS\Prefetch\WINANTIVIRUSPRO2007FREEINSTAL-32E0B154.pf

Unclassified.Unknown Origin/System

C:\DOCUMENTS AND SETTINGS\STINGER\LOKALA INSTäLLNINGAR\TEMP\B116.EXE

Trojan.Downloader-Gen/Installer

C:\DOCUMENTS AND SETTINGS\STINGER\LOKALA INSTäLLNINGAR\TEMP\B122.EXE

Trojan.ErrorSafe

C:\DOCUMENTS AND SETTINGS\STINGER\LOKALA INSTäLLNINGAR\TEMPORARY INTERNET FILES\CONTENT.IE5\DSLS1Z6Y\ERRORSAFEFREEINSTALL_SE[1].EXE

Browser Hijacker.Favorites

C:\DOCUMENTS AND SETTINGS\STINGER\SKRIVBORD\CLICK TO FIND AND FIX ERRORS.URL

Adware.Toolbar888

C:\PROGRAM\DELADE FILER\{307E77DC-0A34-1053-0531-05041304002E}\BAR888.DLL

Trojan.Unknown Origin

C:\WINDOWS\SYSTEM32\WNSINTSU32.EXE

Trace.Known Threat Sources

C:\Documents and Settings\stinger\Lokala inställningar\Temporary Internet Files\Content.IE5\F6KJ7XS9\close[1].gif

C:\Documents and Settings\stinger\Lokala inställningar\Temporary Internet Files\Content.IE5\DSLS1Z6Y\1x1[1].gif

C:\Documents and Settings\stinger\Lokala inställningar\Temporary Internet Files\Content.IE5\FI4NVXC1\CACPA7SD.htm

C:\Documents and Settings\stinger\Lokala inställningar\Temporary Internet Files\Content.IE5\DSB3Z9W0\functions.js[1].htm

C:\Documents and Settings\stinger\Lokala inställningar\Temporary Internet Files\Content.IE5\ZZTDD9LY\styles[2].css

C:\Documents and Settings\stinger\Lokala inställningar\Temporary Internet Files\Content.IE5\2LT2RM18\top_pic_new[1].gif

C:\Documents and Settings\stinger\Lokala inställningar\Temporary Internet Files\Content.IE5\DRRZ91WE\ico5[1].gif

C:\Documents and Settings\stinger\Lokala inställningar\Temporary Internet Files\Content.IE5\2LT2RM18\functions.js[2].htm

C:\Documents and Settings\stinger\Lokala inställningar\Temporary Internet Files\Content.IE5\FI4NVXC1\CA8SGY9Z.htm

C:\Documents and Settings\stinger\Lokala inställningar\Temporary Internet Files\Content.IE5\FI4NVXC1\ico3[1].gif

C:\Documents and Settings\stinger\Lokala inställningar\Temporary Internet Files\Content.IE5\6P1EJQL8\ico4[1].gif

C:\Documents and Settings\stinger\Lokala inställningar\Temporary Internet Files\Content.IE5\ZZTDD9LY\index[1].htm

C:\Documents and Settings\stinger\Lokala inställningar\Temporary Internet Files\Content.IE5\O123GHIJ\styles[2].css

C:\Documents and Settings\stinger\Lokala inställningar\Temporary Internet Files\Content.IE5\FI4NVXC1\download2[1].htm

C:\Documents and Settings\stinger\Lokala inställningar\Temporary Internet Files\Content.IE5\SZ17Q231\top1[1].gif

C:\Documents and Settings\stinger\Lokala inställningar\Temporary Internet Files\Content.IE5\2LT2RM18\bar[1].gif

C:\Documents and Settings\stinger\Lokala inställningar\Temporary Internet Files\Content.IE5\ZZTDD9LY\logo[4].gif

C:\Documents and Settings\stinger\Lokala inställningar\Temporary Internet Files\Content.IE5\9NVBLL02\ico2[1].gif

C:\Documents and Settings\stinger\Lokala inställningar\Temporary Internet Files\Content.IE5\F6KJ7XS9\index[8].htm

C:\Documents and Settings\stinger\Lokala inställningar\Temporary Internet Files\Content.IE5\2LT2RM18\arrow[2].gif

C:\Documents and Settings\stinger\Lokala inställningar\Temporary Internet Files\Content.IE5\O1QRSHU7\errorsafe_banner[1].swf

C:\Documents and Settings\stinger\Lokala inställningar\Temporary Internet Files\Content.IE5\9NVBLL02\background[1].gif

C:\Documents and Settings\stinger\Lokala inställningar\Temporary Internet Files\Content.IE5\O1QRSHU7\spacer[3].gif

C:\Documents and Settings\stinger\Lokala inställningar\Temporary Internet Files\Content.IE5\F6KJ7XS9\index[5].htm

C:\Documents and Settings\stinger\Lokala inställningar\Temporary Internet Files\Content.IE5\7JLEEU7N\index[2].htm

C:\Documents and Settings\stinger\Lokala inställningar\Temporary Internet Files\Content.IE5\6P1EJQL8\top_pic2[1].gif

C:\Documents and Settings\stinger\Lokala inställningar\Temporary Internet Files\Content.IE5\6P1EJQL8\tracking[1].js

C:\Documents and Settings\stinger\Lokala inställningar\Temporary Internet Files\Content.IE5\9NVBLL02\download2[1].htm

C:\Documents and Settings\stinger\Lokala inställningar\Temporary Internet Files\Content.IE5\FI4NVXC1\checksoft[1].js

C:\Documents and Settings\stinger\Lokala inställningar\Temporary Internet Files\Content.IE5\FI4NVXC1\campaigns7[1].encrypted

C:\Documents and Settings\stinger\Lokala inställningar\Temporary Internet Files\Content.IE5\8NTBYYF9\client_settings_3[1].bin

C:\Documents and Settings\stinger\Lokala inställningar\Temporary Internet Files\Content.IE5\KXYBCDQ3\button2[1].gif

C:\Documents and Settings\stinger\Lokala inställningar\Temporary Internet Files\Content.IE5\KXYBCDQ3\top1[1].gif

C:\Documents and Settings\stinger\Lokala inställningar\Temporary Internet Files\Content.IE5\SZ17Q231\index[4].htm

C:\Documents and Settings\stinger\Lokala inställningar\Temporary Internet Files\Content.IE5\9NVBLL02\ico2[2].gif

C:\Documents and Settings\stinger\Lokala inställningar\Temporary Internet Files\Content.IE5\SZ17Q231\waw_demolish[1].gif

C:\Documents and Settings\stinger\Lokala inställningar\Temporary Internet Files\Content.IE5\DSB3Z9W0\top1_menu[1].gif

C:\Documents and Settings\stinger\Lokala inställningar\Temporary Internet Files\Content.IE5\DSLS1Z6Y\logo[1].gif

C:\Documents and Settings\stinger\Lokala inställningar\Temporary Internet Files\Content.IE5\ZZTDD9LY\box1[1].png

C:\Documents and Settings\stinger\Lokala inställningar\Temporary Internet Files\Content.IE5\DRRZ91WE\122[1].net

C:\Documents and Settings\stinger\Lokala inställningar\Temporary Internet Files\Content.IE5\DSLS1Z6Y\download2[2].htm

C:\Documents and Settings\stinger\Lokala inställningar\Temporary Internet Files\Content.IE5\F6KJ7XS9\ico1[1].gif

C:\Documents and Settings\stinger\Lokala inställningar\Temporary Internet Files\Content.IE5\2LT2RM18\wtd[1].htm

C:\Documents and Settings\stinger\Lokala inställningar\Temporary Internet Files\Content.IE5\O1QRSHU7\h_text[1].gif

C:\Documents and Settings\stinger\Lokala inställningar\Temporary Internet Files\Content.IE5\DRRZ91WE\antiviru[1].gif

C:\Documents and Settings\stinger\Lokala inställningar\Temporary Internet Files\Content.IE5\DRRZ91WE\pic3[1].gif

C:\Documents and Settings\stinger\Lokala inställningar\Temporary Internet Files\Content.IE5\8NTBYYF9\link_bg[1].gif

C:\Documents and Settings\stinger\Lokala inställningar\Temporary Internet Files\Content.IE5\DSLS1Z6Y\box3[1].png

C:\Documents and Settings\stinger\Lokala inställningar\Temporary Internet Files\Content.IE5\O123GHIJ\2006[1].htm

C:\Documents and Settings\stinger\Lokala inställningar\Temporary Internet Files\Content.IE5\FI4NVXC1\pic2[1].gif

C:\Documents and Settings\stinger\Lokala inställningar\Temporary Internet Files\Content.IE5\KXYBCDQ3\fearight[1].jpg

C:\Documents and Settings\stinger\Lokala inställningar\Temporary Internet Files\Content.IE5\F6KJ7XS9\box4[1].png

C:\Documents and Settings\stinger\Lokala inställningar\Temporary Internet Files\Content.IE5\O123GHIJ\spacer[1].gif

C:\Documents and Settings\stinger\Lokala inställningar\Temporary Internet Files\Content.IE5\2LT2RM18\shadow_bg1[1].gif

C:\Documents and Settings\stinger\Lokala inställningar\Temporary Internet Files\Content.IE5\8NTBYYF9\pic1[1].gif

C:\Documents and Settings\stinger\Lokala inställningar\Temporary Internet Files\Content.IE5\DSB3Z9W0\box2[1].png

C:\Documents and Settings\stinger\Lokala inställningar\Temporary Internet Files\Content.IE5\DRRZ91WE\topbox_bg[1].gif

C:\Documents and Settings\stinger\Lokala inställningar\Temporary Internet Files\Content.IE5\ZZTDD9LY\bt_download4[1].gif

C:\Documents and Settings\stinger\Lokala inställningar\Temporary Internet Files\Content.IE5\6P1EJQL8\list[1].gif

C:\Documents and Settings\stinger\Lokala inställningar\Temporary Internet Files\Content.IE5\DSB3Z9W0\boxh_bg[1].gif

C:\Documents and Settings\stinger\Lokala inställningar\Temporary Internet Files\Content.IE5\KXYBCDQ3\winxp[1].gif

C:\Documents and Settings\stinger\Lokala inställningar\Temporary Internet Files\Content.IE5\O1QRSHU7\info_bg[1].gif

C:\Documents and Settings\stinger\Lokala inställningar\Temporary Internet Files\Content.IE5\F6KJ7XS9\shadow_bg[1].gif

C:\Documents and Settings\stinger\Lokala inställningar\Temporary Internet Files\Content.IE5\9NVBLL02\4in1[1].gif

C:\Documents and Settings\stinger\Lokala inställningar\Temporary Internet Files\Content.IE5\6P1EJQL8\menu_bg[1].gif

C:\Documents and Settings\stinger\Lokala inställningar\Temporary Internet Files\Content.IE5\6P1EJQL8\not[1].gif

C:\Documents and Settings\stinger\Lokala inställningar\Temporary Internet Files\Content.IE5\DSLS1Z6Y\small1[1].gif

C:\Documents and Settings\stinger\Lokala inställningar\Temporary Internet Files\Content.IE5\SZ17Q231\bottom_bg[1].gif

C:\Documents and Settings\stinger\Lokala inställningar\Temporary Internet Files\Content.IE5\ZZTDD9LY\CADSCZ9X.htm

C:\Documents and Settings\stinger\Lokala inställningar\Temporary Internet Files\Content.IE5\DSB3Z9W0\body_bg[1].gif

C:\Documents and Settings\stinger\Lokala inställningar\Temporary Internet Files\Content.IE5\KXYBCDQ3\bt_download2[1].gif

C:\Documents and Settings\stinger\Lokala inställningar\Temporary Internet Files\Content.IE5\FI4NVXC1\header_bg[1].gif

C:\Documents and Settings\stinger\Lokala inställningar\Temporary Internet Files\Content.IE5\6P1EJQL8\mac[1].gif

C:\Documents and Settings\stinger\Lokala inställningar\Temporary Internet Files\Content.IE5\8NTBYYF9\int_bg[1].gif

C:\Documents and Settings\stinger\Lokala inställningar\Temporary Internet Files\Content.IE5\G5U7K9AB\pic4[1].gif

C:\Documents and Settings\stinger\Lokala inställningar\Temporary Internet Files\Content.IE5\2LT2RM18\dot[1].gif

C:\Documents and Settings\stinger\Lokala inställningar\Temporary Internet Files\Content.IE5\7JLEEU7N\corner[1].gif

C:\Documents and Settings\stinger\Lokala inställningar\Temporary Internet Files\Content.IE5\6P1EJQL8\main_box[1].gif

C:\Documents and Settings\stinger\Lokala inställningar\Temporary Internet Files\Content.IE5\F6KJ7XS9\small2[1].gif

C:\Documents and Settings\stinger\Lokala inställningar\Temporary Internet Files\Content.IE5\FI4NVXC1\yes[1].gif

C:\Documents and Settings\stinger\Lokala inställningar\Temporary Internet Files\Content.IE5\G5U7K9AB\four_plus_one[1].gif

C:\Documents and Settings\stinger\Lokala inställningar\Temporary Internet Files\Content.IE5\FI4NVXC1\CA9OC755.htm

C:\Documents and Settings\stinger\Lokala inställningar\Temporary Internet Files\Content.IE5\7JLEEU7N\CAC9YHTI.htm

C:\Documents and Settings\stinger\Lokala inställningar\Temporary Internet Files\Content.IE5\6P1EJQL8\CATKYH13.htm

C:\Documents and Settings\stinger\Lokala inställningar\Temporary Internet Files\Content.IE5\SZ17Q231\CAMFUREX.htm

C:\Documents and Settings\stinger\Lokala inställningar\Temporary Internet Files\Content.IE5\2LT2RM18\index[4].htm

C:\Documents and Settings\stinger\Lokala inställningar\Temporary Internet Files\Content.IE5\O1QRSHU7\arrow[1].gif

C:\Documents and Settings\stinger\Lokala inställningar\Temporary Internet Files\Content.IE5\9NVBLL02\CASHID1E.htm

C:\Documents and Settings\stinger\Lokala inställningar\Temporary Internet Files\Content.IE5\O123GHIJ\bt_download31[1].gif

C:\Documents and Settings\stinger\Lokala inställningar\Temporary Internet Files\Content.IE5\2LT2RM18\small3[1].gif

C:\Documents and Settings\stinger\Lokala inställningar\Temporary Internet Files\Content.IE5\G5U7K9AB\bg_ban[1].jpg

2 Maj, 2007

Logg SDFIX

Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"C:\\Program\\Messenger\\msmsgs.exe"="C:\\Program\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"

"C:\\Program\\ICQLite\\ICQLite.exe"="C:\\Program\\ICQLite\\ICQLite.exe:*:Enabled:ICQ Lite"

"C:\\Program\\iTunes\\iTunes.exe"="C:\\Program\\iTunes\\iTunes.exe:*:Enabled:iTunes"

"C:\\Program\\uTorrent\\utorrent.exe"="C:\\Program\\uTorrent\\utorrent.exe:*:Enabled:µTorrent"

"C:\\Program\\MSN Messenger\\msnmsgr.exe"="C:\\Program\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"

"C:\\Program\\MSN Messenger\\livecall.exe"="C:\\Program\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"C:\\Program\\MSN Messenger\\msnmsgr.exe"="C:\\Program\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"

"C:\\Program\\MSN Messenger\\livecall.exe"="C:\\Program\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

Remaining Files:

---------------

Backups Folder: - C:\SDFix\backups\backups.zip

Checking For Files with Hidden Attributes:

C:\Program\Canon\Canon Setup Utility 2.0\uinstrsc.dll

C:\Program\Canon\Canon Setup Utility 2.0\Maint.exe

C:\WINDOWS\system32\KGyGaAvL.sys

C:\bilder\Ny†r 2004\SIVC.tmp

C:\Documents and Settings\stinger\Application Data\Microsoft\Word\~WRL2201.tmp

C:\WINDOWS\system32\mmllm.tmp

C:\WINDOWS\system32\OLD9B.tmp

Finished

2 Maj, 2007

Logfile of HijackThis v1.99.1

Scan saved at 10:15:57, on 2007-05-02

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program\Delade filer\Acronis\Schedule2\schedul2.exe

C:\Program\SYMANT~1\SYMANT~1\DefWatch.exe

C:\Program\Executive Software\Diskeeper\DkService.exe

C:\Program\Delade filer\Microsoft Shared\VS7Debug\mdm.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\Program\SYMANT~1\SYMANT~1\Rtvscan.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\WgaTray.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\system32\notepad.exe

C:\Program\NVIDIA Corporation\NvMixer\NVMixerTray.exe

C:\Program\ATI Technologies\ATI Control Panel\atiptaxx.exe

C:\Program\Microsoft IntelliPoint\point32.exe

C:\Program\SYMANT~1\SYMANT~1\vptray.exe

C:\WINDOWS\system32\iid.exe

C:\WINDOWS\System32\svchost.exe

C:\Program\Macrogaming\SweetIM\SweetIM.exe

C:\Program\Java\jre1.5.0_11\bin\jusched.exe

C:\Program\ScanSoft\OmniPageSE\opware32.exe

C:\Program\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe

C:\Program\Acronis\TrueImageHome\TrueImageMonitor.exe

C:\Program\Acronis\TrueImageHome\TimounterMonitor.exe

C:\Program\Delade filer\Acronis\Schedule2\schedhlp.exe

C:\Program\CyberLink\PowerDVD\PDVDServ.exe

C:\Program\QuickTime\qttask.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program\Messenger\msmsgs.exe

C:\Program\SUPERAntiSpyware\SUPERAntiSpyware.exe

C:\Program\Adobe\Acrobat 7.0\Reader\reader_sl.exe

C:\Program\D-Link\D-Link AirPlus G+ Wireless Adapter Utility\DWLGTI.EXE

C:\Program\Microsoft Office\OFFICE11\WINWORD.EXE

C:\Program\Internet Explorer\iexplore.exe

C:\Program\Delade filer\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\Program\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.copi.se/

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar

R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program\Macrogaming\SweetIMBarForIE\toolbar.dll

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\Program\Macrogaming\SweetIMBarForIE\toolbar.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program\Java\jre1.5.0_11\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: (no name) - {80440127-2315-4464-88B9-7ACB72F43ADB} - (no file)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program\Delade filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: (no name) - {A8C7FFEB-D25C-4454-950B-FB942B858BC9} - (no file)

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)

O2 - BHO: (no name) - {D651AFF4-9590-424d-BD1E-8E33E090DFB3} - (no file)