Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Trojan Removal

Started by Battis , Jan 08 2007 05:56 AM

  • This topic is locked This topic is locked

#1
Battis
Posted 08 January 2007 - 05:56 AM

Battis

    Member

  • Member
  • PipPip
  • 12 posts
Hello !
I have a Trojan called Trojan - PSW Win 32. Maha.A on my computer and i cant get rid off it.
Its there every time i reboot the combuter. My antivirus is f-secure 2007.
After a scan it renamed the viruse file but after a reboot its ther again.
I tried to get rid of thr viruse in safemod as well but its still there.
Can some one help me ?
  • 0

Advertisements

#2
Kenny94
Posted 08 January 2007 - 06:04 AM

Kenny94

    Member 1K

  • Member
  • PipPipPipPip
  • 1,595 posts
Hello Battis and Welcome to Geeks To Go!

* Click here to download HJTsetup.exe
  • Save HJTsetup.exe to your desktop.
  • Doubleclick on the HJTsetup.exe icon on your desktop.
  • By default it will install to C:\Program Files\Hijack This.
  • Continue to click Next in the setup dialogue boxes until you get to the Select Addition Tasks dialogue.
  • Put a check by Create a desktop icon then click Next again.
  • Continue to follow the rest of the prompts from there.
  • At the final dialogue box click Finish and it will launch Hijack This.
  • Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
  • Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT have Hijack This fix anything yet. Most of what it finds will be harmless or even required.

  • 0

#3
Battis
Posted 08 January 2007 - 06:14 AM

Battis

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
Here is my HJT log

Logfile of HijackThis v1.99.1
Scan saved at 13:12:49, on 2007-01-08
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\explorer.exe
C:\PROGRAM\MOZILL~1\FIREFOX.EXE
C:\Program\acer\Acer eConsole\MediaServerService.exe
C:\Program\Ashampoo\Ashampoo Magical Defrag 2\bin\aDefragService.exe
C:\Program\GLOCAL~2\backweb\1334833\Program\SERVIC~1.EXE
C:\Program\Ashampoo\Ashampoo Magical Defrag 2\bin\defragActivityMonitor.exe
C:\Program\Glocalnet Säkerhetspaket\Anti-Virus\fsgk32st.exe
C:\Program\Glocalnet Säkerhetspaket\backweb\1334833\Program\fspex.exe
C:\Program\Glocalnet Säkerhetspaket\Anti-Virus\FSGK32.EXE
C:\Program\Glocalnet Säkerhetspaket\backweb\1334833\program\fsbwsys.exe
C:\Program\Glocalnet Säkerhetspaket\Anti-Virus\fssm32.exe
C:\Program\Glocalnet Säkerhetspaket\Common\FSMA32.EXE
C:\Program\Glocalnet Säkerhetspaket\Common\FSMB32.EXE
C:\Program\Glocalnet Bredband\Bredbandsklienten\GlocalnetBredbandService.exe
C:\Program\Glocalnet Säkerhetspaket\Common\FCH32.EXE
C:\Program\Delade filer\LightScribe\LSSrvc.exe
C:\Program\Glocalnet Säkerhetspaket\Common\FAMEH32.EXE
C:\Program\Glocalnet Säkerhetspaket\Anti-Virus\fsqh.exe
C:\Program\Glocalnet Säkerhetspaket\Anti-Virus\fsrw.exe
C:\Program\Glocalnet Säkerhetspaket\FSPC\fspc.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program\SiteAdvisor\4979\SAService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program\Delade filer\Real\Update_OB\realsched.exe
C:\Program\SiteAdvisor\4979\SiteAdv.exe
C:\Program\Ashampoo\Ashampoo Magical Defrag 2\bin\defragTaskBar.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program\Glocalnet Säkerhetspaket\Common\FSM32.EXE
C:\Program\Glocalnet Säkerhetspaket\FSGUI\ispnews.exe
C:\Program\Glocalnet Säkerhetspaket\Anti-Virus\fsav32.exe
C:\Program\Glocalnet Säkerhetspaket\FWES\Program\fsdfwd.exe
C:\Program\GLOCAL~2\ANTI-S~1\fsaw.exe
C:\Program\Glocalnet Säkerhetspaket\FSGUI\fsguidll.exe
C:\Program\Mozilla Firefox\firefox.exe
C:\Program\Mozilla Thunderbird\thunderbird.exe
C:\Program\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.se/0SES...S01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.se/0SES...S01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.se/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://global.acer.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.se/0SES...S01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.glocalnet.se/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar
R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program\Macrogaming\SweetIMBarForIE\toolbar.dll
F2 - REG:system.ini: Shell=explorer.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program\SiteAdvisor\4979\SiteAdv.dll
O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\Program\MACROG~1\SWEETI~1\toolbar.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program\Delade filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program\Windows Live Toolbar\msntb.dll
O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program\Macrogaming\SweetIMBarForIE\toolbar.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program\SiteAdvisor\4979\SiteAdv.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [TkBellExe] "C:\Program\Delade filer\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program\SiteAdvisor\4979\SiteAdv.exe
O4 - HKLM\..\Run: [msconfig] C:\WINDOWS\update.exe
O4 - HKLM\..\Run: [DefragTaskBar] "C:\Program\Ashampoo\Ashampoo Magical Defrag 2\bin\defragTaskBar.exe"
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program\Glocalnet Säkerhetspaket\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program\Glocalnet Säkerhetspaket\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program\Glocalnet Säkerhetspaket\FSGUI\FSSW.EXE" /reboot
O4 - HKLM\..\Run: [News Service] "C:\Program\Glocalnet Säkerhetspaket\FSGUI\ispnews.exe"
O4 - Global Startup: Glocalnet Säkerhetspaket.lnk = ?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Blockera detta popup-fönster - C:\Program\Glocalnet Säkerhetspaket\Anti-Spyware\blockpopups.htm
O8 - Extra context menu item: &Search - http://kn.bar.need2f...earch.html?p=KN
O8 - Extra context menu item: &Windows Live Search - res://C:\Program\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Webbfilter - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program\Glocalnet Säkerhetspaket\FSPC\fspcmsie.dll
O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program\Glocalnet Säkerhetspaket\FSPC\fspcmsie.dll
O9 - Extra 'Tools' menuitem: Webbfilter - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program\Glocalnet Säkerhetspaket\FSPC\fspcmsie.dll
O9 - Extra button: IE-sköld - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program\Glocalnet Säkerhetspaket\Anti-Spyware\ieshield.dll
O9 - Extra 'Tools' menuitem: IE-sköld... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program\Glocalnet Säkerhetspaket\Anti-Spyware\ieshield.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O10 - Broken Internet access because of LSP provider 'winsflt.dll' missing
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zon...kr.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zon...nt.cab50997.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zon...er.cab31267.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - http://support.f-sec...m/ols/fscax.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1....loadManager.ocx
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zon...ro.cab47946.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zon...ss.cab50997.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zon...wn.cab31267.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Program\SiteAdvisor\4979\SiteAdv.dll
O18 - Filter: text/html - (no CLSID) - (no file)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Acer Media Server - Acer Inc. - C:\Program\acer\Acer eConsole\MediaServerService.exe
O23 - Service: AshampooDefragService - - C:\Program\Ashampoo\Ashampoo Magical Defrag 2\bin\aDefragService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Glocalnet Säkerhetspaket (BackWeb Plug-in - 1334833) - BackWeb Technologies Inc. - C:\Program\GLOCAL~2\backweb\1334833\Program\SERVIC~1.EXE
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program\Glocalnet Säkerhetspaket\Anti-Virus\fsgk32st.exe
O23 - Service: fsbwsys - F-Secure Corp. - C:\Program\Glocalnet Säkerhetspaket\backweb\1334833\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program\Glocalnet Säkerhetspaket\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure HTTP Server (fshttps) - F-Secure Corporation - C:\Program\Glocalnet Säkerhetspaket\FSPC\fshttps\fshttps.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program\Glocalnet Säkerhetspaket\Common\FSMA32.EXE
O23 - Service: Glocalnet Bredband (GlocalnetBredbandClientService) - Glocalnet AB - C:\Program\Glocalnet Bredband\Bredbandsklienten\GlocalnetBredbandService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program\Delade filer\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program\Delade filer\LightScribe\LSSrvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SiteAdvisor Service - McAfee, Inc. - C:\Program\SiteAdvisor\4979\SAService.exe
  • 0

#4
Kenny94
Posted 08 January 2007 - 08:20 AM

Kenny94

    Member 1K

  • Member
  • PipPipPipPip
  • 1,595 posts
Hello Battis

I'm looking through your log now, and will post back soon.
  • 0

#5
Kenny94
Posted 08 January 2007 - 11:18 AM

Kenny94

    Member 1K

  • Member
  • PipPipPipPip
  • 1,595 posts
Hello Battis

Please read "ALL" of the instructions before proceeding:

Please read this post completely, it may make it easier for you if you copy and paste this post to a new text document or print it for reference later.
Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below.(if present):

O4 - HKLM\..\Run: [msconfig] C:\WINDOWS\update.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Search - http://kn.bar.need2f...earch.html?p=KN
O18 - Filter: text/html - (no CLSID) - (no file)

Now close all windows other than HiJackThis, then click Fix Checked. Reboot into safe mode.

1. Please download AVG Anti-Malware
  • Install AVG anti-malware
  • Launch AVG anti-malware, there should be an icon on your desktop, double-click it.
  • The program will now open to the main screen.
  • When you run AVG for the first time, you may get a warning "Database could not be found!". Click OK. We will fix this in a moment.

    You will need to update AVG anti-malware to the latest definition files.
    • On the left hand side of the main screen click update.
    • Then click on Start Update.
  • The update will start and a progress bar will show the updates being installed.
    (the status bar at the bottom will display ("Update successful")
Disable the shield
  • Click on the Shield tab.
  • Select Change State
  • Then right click on AVG Anti-Spyware icon in the system tray and uncheck "Start with Windows".
  • Exit AVG anti-spyware, do not run the scan yet!
2. Please download Brute Force Uninstaller to your desktop.
  • Right click the BFU folder on your desktop, and choose Extract All
  • Click "Next"
  • In the box to choose where to extract the files to,
  • Click "Browse"
  • Click on the + sign next to "My Computer"
  • Click on "Local Disk (C:) or whatever your primary drive is
  • Click "Make New Folder"
  • Type in BFU
  • Click "Next", and Uncheck the "Show Extracted Files" box and then click "Finish".
3. RIGHT-CLICK HERE and choose "Save As" (in IE it's "Save Target As") in order to download Alcra PLUS Remover.
Save it in the same folder you made earlier (c:\BFU).

Do not do anything with these yet!

Reboot your computer into Safe Mode. You can do this by restarting your computer and continually tapping F8 until a menu appears. Highlight Safe Mode and hit enter.

4. Once in Safe Mode, Open AVG Anti-spyware:
  • Click on scanner
  • Click on Complete System Scan and the scan will begin.
  • You will be prompted to clean the first infection.
  • Select "Perform action on all infections", then proceed.
  • Once the scan has completed, there will be a button located on the bottom of the screen named Save report
  • Click Save report.
  • Save the report .txt file to your desktop or a location where you can find it easily.
Close AVG anti-malware.

5. Then, please go to Start > My Computer and navigate to the C:\BFU folder.
  • Start the Brute Force Uninstaller by doubleclicking BFU.exe
  • Behind the scriptline to execute field click the folder icon Posted Image and select alcanshorty.bfu
  • Press Execute and let the program do it's job. (You ought to see a progress bar if you did this correctly.)
  • Wait for the complete script execution box to pop up and press OK.
  • Press exit to terminate the BFU program.
Reboot into normal windows and post the contents of AVG anti-spyware text report that you saved and a new HiJackThis log.


In your next reply, please include these log(s):

* AVG anti-spyware
* HijackThis log (new)

Also, please let me know how things are running now and if you encountered any problems while you were following the instructions I posted.
  • 0

#6
Battis
Posted 08 January 2007 - 01:22 PM

Battis

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
Hello kenny 94 !

The instructions were great and no problem to follow.
The computer seamd to be faster and my browser wich is Firefox start directly with everything saved as i leaved it. ( hope you understand my bad english ).

Her is the new logfile AVG antispyware and HJT

Logfile of HijackThis v1.99.1
Scan saved at 20:13:39, on 2007-01-08
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\explorer.exe
C:\Program\acer\Acer eConsole\MediaServerService.exe
C:\Program\Ashampoo\Ashampoo Magical Defrag 2\bin\aDefragService.exe
C:\Program\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program\Ashampoo\Ashampoo Magical Defrag 2\bin\defragActivityMonitor.exe
C:\Program\GLOCAL~2\backweb\1334833\Program\SERVIC~1.EXE
C:\Program\Glocalnet Säkerhetspaket\Anti-Virus\fsgk32st.exe
C:\Program\Glocalnet Säkerhetspaket\backweb\1334833\Program\fspex.exe
C:\Program\Glocalnet Säkerhetspaket\Anti-Virus\FSGK32.EXE
C:\Program\Glocalnet Säkerhetspaket\backweb\1334833\program\fsbwsys.exe
C:\Program\Glocalnet Säkerhetspaket\Anti-Virus\fssm32.exe
C:\Program\Glocalnet Säkerhetspaket\Common\FSMA32.EXE
C:\Program\Glocalnet Säkerhetspaket\Common\FSMB32.EXE
C:\Program\Glocalnet Bredband\Bredbandsklienten\GlocalnetBredbandService.exe
C:\Program\Glocalnet Säkerhetspaket\Common\FCH32.EXE
C:\Program\Delade filer\Real\Update_OB\realsched.exe
C:\Program\SiteAdvisor\4979\SiteAdv.exe
C:\Program\Ashampoo\Ashampoo Magical Defrag 2\bin\defragTaskBar.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program\Glocalnet Säkerhetspaket\Common\FSM32.EXE
C:\Program\Delade filer\LightScribe\LSSrvc.exe
C:\Program\Glocalnet Säkerhetspaket\Common\FAMEH32.EXE
C:\Program\Glocalnet Säkerhetspaket\Anti-Virus\fsqh.exe
C:\Program\Glocalnet Säkerhetspaket\FSPC\fspc.exe
C:\Program\Glocalnet Säkerhetspaket\Anti-Virus\fsrw.exe
C:\Program\Glocalnet Säkerhetspaket\FSGUI\ispnews.exe
C:\Program\Java\jre1.5.0_10\bin\jusched.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\rsvp.exe
C:\Program\SiteAdvisor\4979\SAService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program\Glocalnet Säkerhetspaket\Anti-Virus\fsav32.exe
C:\Program\Glocalnet Säkerhetspaket\FWES\Program\fsdfwd.exe
C:\Program\GLOCAL~2\ANTI-S~1\fsaw.exe
C:\Program\Glocalnet Säkerhetspaket\FSGUI\fsguidll.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.se/0SES...S01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.se/0SES...S01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.se/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://global.acer.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.se/0SES...S01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.glocalnet.se/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar
R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program\Macrogaming\SweetIMBarForIE\toolbar.dll (file missing)
F2 - REG:system.ini: Shell=explorer.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program\SiteAdvisor\4979\SiteAdv.dll
O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\Program\MACROG~1\SWEETI~1\toolbar.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program\Delade filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program\Windows Live Toolbar\msntb.dll
O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program\Macrogaming\SweetIMBarForIE\toolbar.dll (file missing)
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program\SiteAdvisor\4979\SiteAdv.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [TkBellExe] "C:\Program\Delade filer\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program\SiteAdvisor\4979\SiteAdv.exe
O4 - HKLM\..\Run: [DefragTaskBar] "C:\Program\Ashampoo\Ashampoo Magical Defrag 2\bin\defragTaskBar.exe"
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program\Glocalnet Säkerhetspaket\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program\Glocalnet Säkerhetspaket\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program\Glocalnet Säkerhetspaket\FSGUI\FSSW.EXE" /reboot
O4 - HKLM\..\Run: [News Service] "C:\Program\Glocalnet Säkerhetspaket\FSGUI\ispnews.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: Glocalnet Säkerhetspaket.lnk = ?
O8 - Extra context menu item: &Blockera detta popup-fönster - C:\Program\Glocalnet Säkerhetspaket\Anti-Spyware\blockpopups.htm
O8 - Extra context menu item: &Windows Live Search - res://C:\Program\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_10\bin\npjpi150_10.dll
O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_10\bin\npjpi150_10.dll
O9 - Extra button: Webbfilter - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program\Glocalnet Säkerhetspaket\FSPC\fspcmsie.dll
O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program\Glocalnet Säkerhetspaket\FSPC\fspcmsie.dll
O9 - Extra 'Tools' menuitem: Webbfilter - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program\Glocalnet Säkerhetspaket\FSPC\fspcmsie.dll
O9 - Extra button: IE-sköld - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program\Glocalnet Säkerhetspaket\Anti-Spyware\ieshield.dll
O9 - Extra 'Tools' menuitem: IE-sköld... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program\Glocalnet Säkerhetspaket\Anti-Spyware\ieshield.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O10 - Broken Internet access because of LSP provider 'winsflt.dll' missing
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zon...kr.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zon...nt.cab50997.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zon...er.cab31267.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - http://support.f-sec...m/ols/fscax.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1....loadManager.ocx
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zon...ro.cab47946.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zon...ss.cab50997.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zon...wn.cab31267.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Program\SiteAdvisor\4979\SiteAdv.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Acer Media Server - Acer Inc. - C:\Program\acer\Acer eConsole\MediaServerService.exe
O23 - Service: AshampooDefragService - - C:\Program\Ashampoo\Ashampoo Magical Defrag 2\bin\aDefragService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Glocalnet Säkerhetspaket (BackWeb Plug-in - 1334833) - BackWeb Technologies Inc. - C:\Program\GLOCAL~2\backweb\1334833\Program\SERVIC~1.EXE
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program\Glocalnet Säkerhetspaket\Anti-Virus\fsgk32st.exe
O23 - Service: fsbwsys - F-Secure Corp. - C:\Program\Glocalnet Säkerhetspaket\backweb\1334833\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program\Glocalnet Säkerhetspaket\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure HTTP Server (fshttps) - F-Secure Corporation - C:\Program\Glocalnet Säkerhetspaket\FSPC\fshttps\fshttps.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program\Glocalnet Säkerhetspaket\Common\FSMA32.EXE
O23 - Service: Glocalnet Bredband (GlocalnetBredbandClientService) - Glocalnet AB - C:\Program\Glocalnet Bredband\Bredbandsklienten\GlocalnetBredbandService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program\Delade filer\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program\Delade filer\LightScribe\LSSrvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SiteAdvisor Service - McAfee, Inc. - C:\Program\SiteAdvisor\4979\SAService.exe


VG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 20:06:22 2007-01-08

+ Scan result:



C:\Program\Macrogaming\SweetIMBarForIE\toolbar.dll -> Adware.BHO : Cleaned.
C:\System Volume Information\_restore{6DB6EDB4-782C-4376-97A9-15C57AB2AC15}\RP3\A0004215.exe -> Adware.ScanRepairUtilities : Cleaned.
C:\WINDOWS\system32\MYSIA.0XE -> Backdoor.Bifrose.aam : Cleaned.
C:\WINDOWS\system32\include\operator.0ni -> Backdoor.Zapchast : Cleaned.
C:\WINDOWS\system32\include\conn.0ni -> Backdoor.Zapchast.NY : Cleaned.
C:\WINDOWS\system32\include\updater.0ni -> Backdoor.Zapchast.NY : Cleaned.
C:\Program\Glocalnet Bredband\Bredbandsklienten\R -> Heuristic.Win32.Dialer : Cleaned.
C:\Program\Glocalnet Bredband\Bredbandsklienten\S -> Heuristic.Win32.Dialer : Cleaned.
:mozilla.30:C:\Documents and Settings\Roger & Anne\Application Data\Mozilla\Firefox\Profiles\e3hql8ly.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.31:C:\Documents and Settings\Roger & Anne\Application Data\Mozilla\Firefox\Profiles\e3hql8ly.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.10:C:\Documents and Settings\Roger & Anne\Application Data\Mozilla\Firefox\Profiles\qc23n3uv.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.11:C:\Documents and Settings\Roger & Anne\Application Data\Mozilla\Firefox\Profiles\qc23n3uv.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.12:C:\Documents and Settings\Roger & Anne\Application Data\Mozilla\Firefox\Profiles\9gca7jok.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.12:C:\Documents and Settings\Roger & Anne\Application Data\Mozilla\Firefox\Profiles\ipt4ndg7.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.13:C:\Documents and Settings\Roger & Anne\Application Data\Mozilla\Firefox\Profiles\9gca7jok.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.13:C:\Documents and Settings\Roger & Anne\Application Data\Mozilla\Firefox\Profiles\ipt4ndg7.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.14:C:\Documents and Settings\Roger & Anne\Application Data\Mozilla\Firefox\Profiles\9gca7jok.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.14:C:\Documents and Settings\Roger & Anne\Application Data\Mozilla\Firefox\Profiles\ipt4ndg7.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.88:C:\Documents and Settings\Roger & Anne\Application Data\Mozilla\Firefox\Profiles\ui7g2cus.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.89:C:\Documents and Settings\Roger & Anne\Application Data\Mozilla\Firefox\Profiles\ui7g2cus.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.90:C:\Documents and Settings\Roger & Anne\Application Data\Mozilla\Firefox\Profiles\ui7g2cus.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.9:C:\Documents and Settings\Roger & Anne\Application Data\Mozilla\Firefox\Profiles\qc23n3uv.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
C:\Program\A1Click Ultra PC Cleaner\Undo20061113.zip/C:/Documents and Settings/Roger & Anne/Cookies/roger_&_anne@adbrite[2].txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.21:C:\Documents and Settings\Roger & Anne\Application Data\Mozilla\Firefox\Profiles\e3hql8ly.default\cookies.txt -> TrackingCookie.Adtech : Cleaned.
:mozilla.22:C:\Documents and Settings\Roger & Anne\Application Data\Mozilla\Firefox\Profiles\e3hql8ly.default\cookies.txt -> TrackingCookie.Adtech : Cleaned.
:mozilla.23:C:\Documents and Settings\Roger & Anne\Application Data\Mozilla\Firefox\Profiles\15v0fmu1.default\cookies.txt -> TrackingCookie.Adtech : Cleaned.
:mozilla.24:C:\Documents and Settings\Roger & Anne\Application Data\Mozilla\Firefox\Profiles\15v0fmu1.default\cookies.txt -> TrackingCookie.Adtech : Cleaned.
:mozilla.27:C:\Documents and Settings\Roger & Anne\Application Data\Mozilla\Firefox\Profiles\5davk6d8.default\cookies.txt -> TrackingCookie.Adtech : Cleaned.
:mozilla.30:C:\Documents and Settings\Roger & Anne\Application Data\Mozilla\Firefox\Profiles\5davk6d8.default\cookies.txt -> TrackingCookie.Adtech : Cleaned.
:mozilla.35:C:\Documents and Settings\Roger & Anne\Application Data\Mozilla\Firefox\Profiles\ui7g2cus.default\cookies.txt -> TrackingCookie.Adtech : Cleaned.
:mozilla.36:C:\Documents and Settings\Roger & Anne\Application Data\Mozilla\Firefox\Profiles\ui7g2cus.default\cookies.txt -> TrackingCookie.Adtech : Cleaned.
:mozilla.54:C:\Documents and Settings\Roger & Anne\Application Data\Mozilla\Firefox\Profiles\hzee4igc.default\cookies.txt -> TrackingCookie.Adtech : Cleaned.
:mozilla.56:C:\Documents and Settings\Roger & Anne\Application Data\Mozilla\Firefox\Profiles\hzee4igc.default\cookies.txt -> TrackingCookie.Adtech : Cleaned.
:mozilla.35:C:\Documents and Settings\Roger & Anne\Application Data\Mozilla\Firefox\Profiles\ipt4ndg7.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.36:C:\Documents and Settings\Roger & Anne\Application Data\Mozilla\Firefox\Profiles\ipt4ndg7.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.41:C:\Documents and Settings\Roger & Anne\Application Data\Mozilla\Firefox\Profiles\ipt4ndg7.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.48:C:\Documents and Settings\Roger & Anne\Application Data\Mozilla\Firefox\Profiles\9gca7jok.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.49:C:\Documents and Settings\Roger & Anne\Application Data\Mozilla\Firefox\Profiles\9gca7jok.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.49:C:\Documents and Settings\Roger & Anne\Application Data\Mozilla\Firefox\Profiles\hzee4igc.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.50:C:\Documents and Settings\Roger & Anne\Application Data\Mozilla\Firefox\Profiles\9gca7jok.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.50:C:\Documents and Settings\Roger & Anne\Application Data\Mozilla\Firefox\Profiles\hzee4igc.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.51:C:\Documents and Settings\Roger & Anne\Application Data\Mozilla\Firefox\Profiles\9gca7jok.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.51:C:\Documents and Settings\Roger & Anne\Application Data\Mozilla\Firefox\Profiles\hzee4igc.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.53:C:\Documents and Settings\Roger & Anne\Application Data\Mozilla\Firefox\Profiles\hzee4igc.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.65:C:\Documents and Settings\Roger & Anne\Application Data\Mozilla\Firefox\Profiles\5davk6d8.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.66:C:\Documents and Settings\Roger & Anne\Application Data\Mozilla\Firefox\Profiles\5davk6d8.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.67:C:\Documents and Settings\Roger & Anne\Application Data\Mozilla\Firefox\Profiles\5davk6d8.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.78:C:\Documents and Settings\Roger & Anne\Application Data\Mozilla\Firefox\Profiles\ui7g2cus.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.79:C:\Documents and Settings\Roger & Anne\Application Data\Mozilla\Firefox\Profiles\ui7g2cus.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.80:C:\Documents and Settings\Roger & Anne\Application Data\Mozilla\Firefox\Profiles\ui7g2cus.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.81:C:\Documents and Settings\Roger & Anne\Application Data\Mozilla\Firefox\Profiles\ui7g2cus.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.22:C:\Documents and Settings\Roger & Anne\Application Data\Mozilla\Firefox\Profiles\sa6zwsib.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.30:C:\Documents and Settings\Roger & Anne\Application Data\Mozilla\Firefox\Profiles\0t5ej6yl.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.67:C:\Documents and Settings\Roger & Anne\Application Data\Mozilla\Firefox\Profiles\hzee4igc.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.64:C:\Documents and Settings\Roger & Anne\Application Data\Mozilla\Firefox\Profiles\5davk6d8.default\cookies.txt -> TrackingCookie.Bluestreak : Cleaned.
:mozilla.19:C:\Documents and Settings\Roger & Anne\Application Data\Mozilla\Firefox\Profiles\k4ds54cs.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.20:C:\Documents and Settings\Roger & Anne\Application Data\Mozilla\Firefox\Profiles\k4ds54cs.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.21:C:\Documents and Settings\Roger & Anne\Application Data\Mozilla\Firefox\Profiles\k4ds54cs.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.29:C:\Documents and Settings\Roger & Anne\Application Data\Mozilla\Firefox\Profiles\pqm7ooa7.default\cookies.txt -> TrackingCookie.Clickbank : Cleaned.
:mozilla.15:C:\Documents and Settings\Roger & Anne\Application Data\Mozilla\Firefox\Profiles\0t5ej6yl.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.15:C:\Documents and Settings\Roger & Anne\Application Data\Mozilla\Firefox\Profiles\k4ds54cs.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.28:C:\Documents and Settings\Roger & Anne\Application Data\Mozilla\Firefox\Profiles\hzee4igc.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.34:C:\Documents and Settings\Roger & Anne\Application Data\Mozilla\Firefox\Profiles\5davk6d8.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.47:C:\Documents and Settings\Roger & Anne\Application Data\Mozilla\Firefox\Profiles\9gca7jok.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.67:C:\Documents and Settings\Roger & Anne\Application Data\Mozilla\Firefox\Profiles\ui7g2cus.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.100:C:\Documents and Settings\Roger & Anne\Application Data\Mozilla\Firefox\Profiles\5davk6d8.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.16:C:\Documents and Settings\Roger & Anne\Application Data\Mozilla\Firefox\Profiles\ipt4ndg7.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.17:C:\Documents and Settings\Roger & Anne\Application Data\Mozilla\Firefox\Profiles\ipt4ndg7.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.18:C:\Documents and Settings\Roger & Anne\Application Data\Mozilla\Firefox\Profiles\ipt4ndg7.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.18:C:\Documents and Settings\Roger & Anne\Application Data\Mozilla\Firefox\Profiles\qrfxi7yz.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.19:C:\Documents and Settings\Roger & Anne\Application Data\Mozilla\Firefox\Profiles\qrfxi7yz.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.20:C:\Documents and Settings\Roger & Anne\Application Data\Mozilla\Firefox\Profiles\qrfxi7yz.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.21:C:\Documents and Settings\Roger & Anne\Application Data\Mozilla\Firefox\Profiles\9gca7jok.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.21:C:\Documents and Settings\Roger & Anne\Application Data\Mozilla\Firefox\Profiles\qrfxi7yz.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.22:C:\Documents and Settings\Roger & Anne\Application Data\Mozilla\Firefox\Profiles\9gca7jok.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.23:C:\Documents and Settings\Roger & Anne\Application Data\Mozilla\Firefox\Profiles\9gca7jok.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.93:C:\Documents and Settings\Roger & Anne\Application Data\Mozilla\Firefox\Profiles\ui7g2cus.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.95:C:\Documents and Settings\Roger & Anne\Application Data\Mozilla\Firefox\Profiles\ui7g2cus.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.99:C:\Documents and Settings\Roger & Anne\Application Data\Mozilla\Firefox\Profiles\5davk6d8.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.11:C:\Documents and Settings\Roger & Anne\Application Data\Mozilla\Firefox\Profiles\l1bcl99q.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.16:C:\Documents and Settings\Roger & Anne\Application Data\Mozilla\Firefox\Profiles\hen0hynj.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.44:C:\Documents and Settings\Roger & Anne\Application Data\Mozilla\Firefox\Profiles\ipt4ndg7.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.67:C:\Documents and Settings\Roger & Anne\Application Data\Mozilla\Firefox\Profiles\9gca7jok.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.58:C:\Documents and Settings\Roger & Anne\Application Data\Mozilla\Firefox\Profiles\9gca7jok.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.60:C:\Documents and Settings\Roger & Anne\Application Data\Mozilla\Firefox\Profiles\9gca7jok.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.62:C:\Documents and Settings\Roger & Anne\Application Data\Mozilla\Firefox\Profiles\9gca7jok.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.17:C:\Documents and Settings\Roger & Anne\Application Data\Mozilla\Firefox\Profiles\qrfxi7yz.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.22:C:\Documents and Settings\Roger & Anne\Application Data\Mozilla\Firefox\Profiles\ipt4ndg7.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.24:C:\Documents and Settings\Roger & Anne\Application Data\Mozilla\Firefox\Profiles\9gca7jok.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.55:C:\Documents and Settings\Roger & Anne\Application Data\Mozilla\Firefox\Profiles\hzee4igc.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.11:C:\Documents and Settings\Roger & Anne\Application Data\Mozilla\Firefox\Profiles\0dbbrubt.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.12:C:\Documents and Settings\Roger & Anne\Application Data\Mozilla\Firefox\Profiles\0dbbrubt.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.13:C:\Documents and Settings\Roger & Anne\Application Data\Mozilla\Firefox\Profiles\0dbbrubt.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.14:C:\Documents and Settings\Roger & Anne\Application Data\Mozilla\Firefox\Profiles\0dbbrubt.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.30:C:\Documents and Settings\Roger & Anne\Application Data\Mozilla\Firefox\Profiles\pqm7ooa7.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.31:C:\Documents and Settings\Roger & Anne\Application Data\Mozilla\Firefox\Profiles\pqm7ooa7.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.7:C:\Documents and Settings\Roger & Anne\Application Data\Mozilla\Firefox\Profiles\l1bcl99q.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.8:C:\Documents and Settings\Roger & Anne\Application Data\Mozilla\Firefox\Profiles\l1bcl99q.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.105:C:\Documents and Settings\Roger & Anne\Application Data\Mozilla\Firefox\Profiles\ui7g2cus.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.29:C:\Documents and Settings\Roger & Anne\Application Data\Mozilla\Firefox\Profiles\hen0hynj.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.35:C:\Documents and Settings\Roger & Anne\Application Data\Mozilla\Firefox\Profiles\pqm7ooa7.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.7:C:\Documents and Settings\Roger & Anne\Application Data\Mozilla\Firefox\Profiles\e8nu28dc.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.27:C:\Documents and Settings\Roger & Anne\Application Data\Mozilla\Firefox\Profiles\0t5ej6yl.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.28:C:\Documents and Settings\Roger & Anne\Application Data\Mozilla\Firefox\Profiles\0t5ej6yl.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.7:C:\Documents and Settings\Roger & Anne\Application Data\Mozilla\Firefox\Profiles\0t5ej6yl.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.8:C:\Documents and Settings\Roger & Anne\Application Data\Mozilla\Firefox\Profiles\0t5ej6yl.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.9:C:\Documents and Settings\Roger & Anne\Application Data\Mozilla\Firefox\Profiles\0t5ej6yl.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.22:C:\Documents and Settings\Roger & Anne\Application Data\Mozilla\Firefox\Profiles\5davk6d8.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned.
:mozilla.24:C:\Documents and Settings\Roger & Anne\Application Data\Mozilla\Firefox\Profiles\5davk6d8.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned.
:mozilla.25:C:\Documents and Settings\Roger & Anne\Application Data\Mozilla\Firefox\Profiles\5davk6d8.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned.
:mozilla.33:C:\Documents and Settings\Roger & Anne\Application Data\Mozilla\Firefox\Profiles\hzee4igc.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned.
:mozilla.34:C:\Documents and Settings\Roger & Anne\Application Data\Mozilla\Firefox\Profiles\hzee4igc.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned.
:mozilla.37:C:\Documents and Settings\Roger & Anne\Application Data\Mozilla\Firefox\Profiles\ui7g2cus.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned.
:mozilla.38:C:\Documents and Settings\Roger & Anne\Application Data\Mozilla\Firefox\Profiles\ui7g2cus.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned.
:mozilla.39:C:\Documents and Settings\Roger & Anne\Application Data\Mozilla\Firefox\Profiles\ui7g2cus.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned.
:mozilla.43:C:\Documents and Settings\Roger & Anne\Application Data\Mozilla\Firefox\Profiles\9gca7jok.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned.
:mozilla.44:C:\Documents and Settings\Roger & Anne\Application Data\Mozilla\Firefox\Profiles\9gca7jok.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned.
:mozilla.10:C:\Documents and Settings\Roger & Anne\Application Data\Mozilla\Firefox\Profiles\0dbbrubt.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.9:C:\Documents and Settings\Roger & Anne\Application Data\Mozilla\Firefox\Profiles\0dbbrubt.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.19:C:\Documents and Settings\Roger & Anne\Application Data\Mozilla\Firefox\Profiles\ui7g2cus.default\cookies.txt -> TrackingCookie.Valueclick : Cleaned.
:mozilla.11:C:\Documents and Settings\Roger & Anne\Application Data\Mozilla\Firefox\Profiles\wzafx9d3.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned.
:mozilla.12:C:\Documents and Settings\Roger & Anne\Application Data\Mozilla\Firefox\Profiles\05eexs9g.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned.
:mozilla.15:C:\Documents and Settings\Roger & Anne\Application Data\Mozilla\Firefox\Profiles\q89p8rvc.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned.
:mozilla.20:C:\Documents and Settings\Roger & Anne\Application Data\Mozilla\Firefox\Profiles\yokjqs51.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned.
:mozilla.21:C:\Documents and Settings\Roger & Anne\Application Data\Mozilla\Firefox\Profiles\0dbbrubt.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned.
:mozilla.22:C:\Documents and Settings\Roger & Anne\Application Data\Mozilla\Firefox\Profiles\k4ds54cs.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned.
:mozilla.29:C:\Documents and Settings\Roger & Anne\Application Data\Mozilla\Firefox\Profiles\9gca7jok.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned.
:mozilla.32:C:\Documents and Settings\Roger & Anne\Application Data\Mozilla\Firefox\Profiles\l1bcl99q.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned.
:mozilla.36:C:\Documents and Settings\Roger & Anne\Application Data\Mozilla\Firefox\Profiles\0t5ej6yl.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned.
:mozilla.53:C:\Documents and Settings\Roger & Anne\Application Data\Mozilla\Firefox\Profiles\ipt4ndg7.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned.
:mozilla.6:C:\Documents and Settings\Roger & Anne\Application Data\Mozilla\Firefox\Profiles\9b1iyr44.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned.
:mozilla.6:C:\Documents and Settings\Roger & Anne\Application Data\Mozilla\Firefox\Profiles\9cqo0ih9.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned.
:mozilla.6:C:\Documents and Settings\Roger & Anne\Application Data\Mozilla\Firefox\Profiles\cvdyfai6.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned.
:mozilla.6:C:\Documents and Settings\Roger & Anne\Application Data\Mozilla\Firefox\Profiles\dba1erha.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned.
:mozilla.6:C:\Documents and Settings\Roger & Anne\Application Data\Mozilla\Firefox\Profiles\gbtuifn0.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned.
:mozilla.6:C:\Documents and Settings\Roger & Anne\Application Data\Mozilla\Firefox\Profiles\o1prxxee.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned.
:mozilla.6:C:\Documents and Settings\Roger & Anne\Application Data\Mozilla\Firefox\Profiles\vph6ty43.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned.
:mozilla.7:C:\Documents and Settings\Roger & Anne\Application Data\Mozilla\Firefox\Profiles\q1yu1u6d.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned.
:mozilla.7:C:\Documents and Settings\Roger & Anne\Application Data\Mozilla\Firefox\Profiles\rrmx0rk2.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned.
:mozilla.7:C:\Documents and Settings\Roger & Anne\Application Data\Mozilla\Firefox\Profiles\t1peboya.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned.
:mozilla.7:C:\Documents and Settings\Roger & Anne\Application Data\Mozilla\Firefox\Profiles\wilfa80f.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned.
:mozilla.8:C:\Documents and Settings\Roger & Anne\Application Data\Mozilla\Firefox\Profiles\5kmld04b.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned.
:mozilla.106:C:\Documents and Settings\Roger & Anne\Application Data\Mozilla\Firefox\Profiles\5davk6d8.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.109:C:\Documents and Settings\Roger & Anne\Application Data\Mozilla\Firefox\Profiles\5davk6d8.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.111:C:\Documents and Settings\Roger & Anne\Application Data\Mozilla\Firefox\Profiles\5davk6d8.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.112:C:\Documents and Settings\Roger & Anne\Application Data\Mozilla\Firefox\Profiles\5davk6d8.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\System Volume Information\_restore{6DB6EDB4-782C-4376-97A9-15C57AB2AC15}\RP2\A0001022.dll -> Trojan.Maha.a : Cleaned.
C:\System Volume Information\_restore{6DB6EDB4-782C-4376-97A9-15C57AB2AC15}\RP2\A0002022.dll -> Trojan.Maha.a : Cleaned.
C:\System Volume Information\_restore{6DB6EDB4-782C-4376-97A9-15C57AB2AC15}\RP2\A0003022.dll -> Trojan.Maha.a : Cleaned.
C:\System Volume Information\_restore{6DB6EDB4-782C-4376-97A9-15C57AB2AC15}\RP3\A0004099.dll -> Trojan.Maha.a : Cleaned.
C:\WINDOWS\SQLSERVER.0LL -> Trojan.Maha.a : Cleaned.


::Report end
  • 0

#7
Kenny94
Posted 08 January 2007 - 05:00 PM

Kenny94

    Member 1K

  • Member
  • PipPipPipPip
  • 1,595 posts
Hello Battis

Nice Job!

Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 onlyDouble-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.


Next please do an online scan with Kaspersky WebScanner

Click on Kaspersky Online Scanner

You will be promted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.

  • 0

#8
Battis
Posted 09 January 2007 - 12:26 AM

Battis

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
Hello kenny 94 !

Tanks for the help so far

I`ll be back with next reply thuseday afternoon( in Sweden ) after scanning with Kaspersky and AFT.
  • 0

#9
Kenny94
Posted 09 January 2007 - 05:50 AM

Kenny94

    Member 1K

  • Member
  • PipPipPipPip
  • 1,595 posts
Sounds good Battis :whistling:
  • 0

#10
Battis
Posted 09 January 2007 - 05:55 AM

Battis

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
Hello Kenny 94 !

Here is the report after Kaspersky Online scanner.


A KASPERSKY ONLINE SCANNER REPORT
Tuesday, January 09, 2007 12:46:38 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 9/01/2007
Kaspersky Anti-Virus database records: 256977
Scan Settings
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true
Scan Target My Computer
C:\
D:\
E:\
G:\
H:\
I:\
J:\
K:\
Scan Statistics
Total number of scanned objects 54008
Number of viruses found 2
Number of infected objects 2 / 0
Number of suspicious objects 0
Duration of the scan process 00:34:58

Infected Object Name Virus Name Last Action
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Lokala inställningar\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Lokala inställningar\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Lokala inställningar\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Lokala inställningar\Tidigare\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Lokala inställningar\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Lokala inställningar\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Roger & Anne\Application Data\SiteAdvisor\SiteAdv.csh Object is locked skipped
C:\Documents and Settings\Roger & Anne\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Roger & Anne\Lokala inställningar\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Roger & Anne\Lokala inställningar\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Roger & Anne\Lokala inställningar\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Roger & Anne\Lokala inställningar\Tidigare\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Roger & Anne\ntuser.dat Object is locked skipped
C:\Documents and Settings\Roger & Anne\ntuser.dat.LOG Object is locked skipped
C:\Program\acer\Acer eConsole\AcerDB.ldb Object is locked skipped
C:\Program\acer\Acer eConsole\AcerDB.mdb Object is locked skipped
C:\Program\Ashampoo\Ashampoo Magical Defrag 2\log\log_main.txt Object is locked skipped
C:\Program\Glocalnet Säkerhetspaket\Spam Control\log\fs_sa_log.txt Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{6DB6EDB4-782C-4376-97A9-15C57AB2AC15}\RP6\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\DEFAULT Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\SOFTWARE Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SYSTEM Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\drivers\sptd.sys Object is locked skipped
C:\WINDOWS\system32\drivers\sptd9437.sys Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\include\mirc.0ni Infected: Backdoor.IRC.Zapchast skipped
C:\WINDOWS\system32\include\SVCHOST.0XE Infected: not-a-virus:Client-IRC.Win32.mIRC.59 skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\Temp\JET7510.tmp Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
D:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
D:\System Volume Information\_restore{6DB6EDB4-782C-4376-97A9-15C57AB2AC15}\RP6\change.log Object is locked skipped
Scan process completed.
s you can see it found two virus.
  • 0

Advertisements

#11
Kenny94
Posted 14 January 2007 - 08:09 AM

Kenny94

    Member 1K

  • Member
  • PipPipPipPip
  • 1,595 posts
Hello Battis,

I'm sorry that it took so long to get back to you. Thanks for the log. I'm getting something verified so I'll be back with new instructions soon.
  • 0

#12
Kenny94
Posted 14 January 2007 - 11:40 AM

Kenny94

    Member 1K

  • Member
  • PipPipPipPip
  • 1,595 posts
Hello Battis

you can see it found two virus.

Zapchat is a backdoor trojan and as such, it "opens the door" for another party to gain control of your computer. I wouldn't take a chance and would change passwords and bank account numbers if this computer is used for this.

Please download the Killbox by Option^Explicit.

Note: In the event you already have Killbox, this is a new version that I need you to download.
  • Save it to your desktop.
  • Please double-click Killbox.exe to run it.
  • Select:
    • Delete on Reboot
    • then Click on the All Files button.
  • Please copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):

    C:\WINDOWS\system32\include



  • Return to Killbox, go to the File menu, and choose Paste from Clipboard.
  • Click the red-and-white Delete File button. Click Yes at the Delete on Reboot prompt. Click OK at any PendingFileRenameOperations prompt (and please let me know if you receive this message!).
If your computer does not restart automatically, please restart it manually.

If you receive a message such as: "Component 'MsComCtl.ocx' or one of its dependencies not correctly registered: a file is missing or invalid." when trying to run Killbox, click here to download and run missingfilesetup.exe. Then try Killbox again.

Please do another Kaspersky scan and post the results here please.
Also, please let me know how things are running now and if you encountered any problems while you were following the instructions I posted. And how's your computer running as well.

Edited by Kenny94, 14 January 2007 - 11:52 AM.

  • 0

#13
Battis
Posted 14 January 2007 - 03:35 PM

Battis

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
Hello Kenny94 !

Thanks for your help.

The instructions were easy to follow and like before it was no problem. In the end when i click on the yes button at the Delete on Reboot my computer restart after 10 seconds. My computer runs quite well but it seems like i still have virus on my computer.

Thanks again for your help. I cant fix this by my self.

Here is the new Kaspersky scan.

Sunday, January 14, 2007 10:05:46 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 14/01/2007
Kaspersky Anti-Virus database records: 258406
Scan Settings
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true
Scan Target My Computer
C:\
D:\
E:\
G:\
H:\
I:\
J:\
K:\
Scan Statistics
Total number of scanned objects 57038
Number of viruses found 1
Number of infected objects 3 / 0
Number of suspicious objects 0
Duration of the scan process 00:35:01

Infected Object Name Virus Name Last Action
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Lokala inställningar\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Lokala inställningar\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Lokala inställningar\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Lokala inställningar\Tidigare\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Lokala inställningar\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Lokala inställningar\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Roger & Anne\Application Data\SiteAdvisor\SiteAdv.csh Object is locked skipped
C:\Documents and Settings\Roger & Anne\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Roger & Anne\Lokala inställningar\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Roger & Anne\Lokala inställningar\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Roger & Anne\Lokala inställningar\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Roger & Anne\Lokala inställningar\Tidigare\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Roger & Anne\Lokala inställningar\Tidigare\History.IE5\MSHist012007011420070115\index.dat Object is locked skipped
C:\Documents and Settings\Roger & Anne\ntuser.dat Object is locked skipped
C:\Documents and Settings\Roger & Anne\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Roger & Anne\UserData\index.dat Object is locked skipped
C:\Program\acer\Acer eConsole\AcerDB.ldb Object is locked skipped
C:\Program\acer\Acer eConsole\AcerDB.mdb Object is locked skipped
C:\Program\Glocalnet Säkerhetspaket\Spam Control\log\fs_sa_log.txt Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{6DB6EDB4-782C-4376-97A9-15C57AB2AC15}\RP16\change.log Object is locked skipped
C:\System Volume Information\_restore{6DB6EDB4-782C-4376-97A9-15C57AB2AC15}\RP3\A0004220.exe/data0000.cab/win32.exe Infected: Backdoor.Win32.Rbot.gep skipped
C:\System Volume Information\_restore{6DB6EDB4-782C-4376-97A9-15C57AB2AC15}\RP3\A0004220.exe/data0000.cab Infected: Backdoor.Win32.Rbot.gep skipped
C:\System Volume Information\_restore{6DB6EDB4-782C-4376-97A9-15C57AB2AC15}\RP3\A0004220.exe DotFix NiceProtect: infected - 2 skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\DataStore\DataStore.edb Object is locked skipped
C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log Object is locked skipped
C:\WINDOWS\SoftwareDistribution\DataStore\Logs\tmp.edb Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{944E8FCD-BDD2-4049-A2DD-0EDADE86D2D6}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\DEFAULT Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\SOFTWARE Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SYSTEM Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\drivers\sptd.sys Object is locked skipped
C:\WINDOWS\system32\drivers\sptd9437.sys Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\Temp\JET6A81.tmp Object is locked skipped
C:\WINDOWS\Temp\Perflib_Perfdata_7dc.dat Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
D:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
Scan process completed.
  • 0

#14
Kenny94
Posted 14 January 2007 - 07:44 PM

Kenny94

    Member 1K

  • Member
  • PipPipPipPip
  • 1,595 posts
Hello Battis

My computer runs quite well but it seems like i still have virus on my computer.

There in your System restore, but we'll flush them out. Is F-Secure still showing a virus?

Please post back with a fresh HiJackThis log since it has been several days to be sure your HJT Log looks clean.
  • 0

#15
Battis
Posted 16 January 2007 - 01:17 AM

Battis

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
Hello Kenny94 !

No virus showing in f-secure after updating and scanning.

New HJT log

Logfile of HijackThis v1.99.1
Scan saved at 08:14:22, on 2007-01-16
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program\acer\Acer eConsole\MediaServerService.exe
C:\Program\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program\Glocalnet Säkerhetspaket\Anti-Virus\fsgk32st.exe
C:\Program\Glocalnet Säkerhetspaket\Anti-Virus\FSGK32.EXE
C:\Program\Glocalnet Säkerhetspaket\Anti-Virus\fssm32.exe
C:\Program\Glocalnet Säkerhetspaket\Common\FSMA32.EXE
C:\Program\Glocalnet Bredband\Bredbandsklienten\GlocalnetBredbandService.exe
C:\Program\Delade filer\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program\SiteAdvisor\4979\SAService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program\SiteAdvisor\4979\SiteAdv.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program\Java\jre1.5.0_10\bin\jusched.exe
C:\WINDOWS\System32\svchost.exe
C:\Program\Glocalnet Säkerhetspaket\Common\FSM32.EXE
C:\Program\Glocalnet Säkerhetspaket\Common\FSMB32.EXE
C:\Program\Glocalnet Säkerhetspaket\Common\FCH32.EXE
C:\Program\Glocalnet Säkerhetspaket\backweb\1334833\program\fsbwsys.exe
C:\Program\GLOCAL~2\backweb\1334833\Program\SERVIC~1.EXE
C:\Program\Glocalnet Säkerhetspaket\Common\FAMEH32.EXE
C:\Program\Glocalnet Säkerhetspaket\Anti-Virus\fsqh.exe
C:\Program\Glocalnet Säkerhetspaket\Anti-Virus\fsrw.exe
C:\Program\Glocalnet Säkerhetspaket\FSPC\fspc.exe
C:\Program\Glocalnet Säkerhetspaket\FWES\Program\fsdfwd.exe
C:\Program\Glocalnet Säkerhetspaket\backweb\1334833\Program\fspex.exe
C:\Program\Glocalnet Säkerhetspaket\Anti-Virus\fsav32.exe
C:\Program\GLOCAL~2\ANTI-S~1\fsaw.exe
C:\Program\Glocalnet Säkerhetspaket\FSGUI\fsguidll.exe
C:\PROGRAM\MOZILL~2\THUNDE~1.EXE
C:\PROGRAM\MOZILL~1\FIREFOX.EXE
C:\Program\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.se/0SES...S01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.blocket.se/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.se/0SES...S01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.glocalnet.se/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar
R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program\SiteAdvisor\4979\SiteAdv.dll
O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program\Delade filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program\Windows Live Toolbar\msntb.dll
O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - (no file)
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program\SiteAdvisor\4979\SiteAdv.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program\SiteAdvisor\4979\SiteAdv.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program\Diskeeper Corporation\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program\Glocalnet Säkerhetspaket\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program\Glocalnet Säkerhetspaket\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program\Glocalnet Säkerhetspaket\FSGUI\FSSW.EXE" /reboot
O4 - HKCU\..\Run: [FreeRAM XP] "\FreeRAM XP Pro.exe" -win
O4 - Global Startup: Glocalnet Säkerhetspaket.lnk = ?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: &Blockera detta popup-fönster - C:\Program\Glocalnet Säkerhetspaket\Anti-Spyware\blockpopups.htm
O8 - Extra context menu item: &Windows Live Search - res://C:\Program\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: Webbfilter - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program\Glocalnet Säkerhetspaket\FSPC\fspcmsie.dll
O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program\Glocalnet Säkerhetspaket\FSPC\fspcmsie.dll
O9 - Extra 'Tools' menuitem: Webbfilter - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program\Glocalnet Säkerhetspaket\FSPC\fspcmsie.dll
O9 - Extra button: IE-sköld - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program\Glocalnet Säkerhetspaket\Anti-Spyware\ieshield.dll
O9 - Extra 'Tools' menuitem: IE-sköld... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program\Glocalnet Säkerhetspaket\Anti-Spyware\ieshield.dll
O10 - Broken Internet access because of LSP provider 'winsflt.dll' missing
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zon...kr.cab31267.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zon...nt.cab50997.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zon...er.cab31267.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - http://support.f-sec...m/ols/fscax.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1....loadManager.ocx
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zon...ro.cab47946.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zon...ss.cab50997.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zon...wn.cab31267.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Program\SiteAdvisor\4979\SiteAdv.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Acer Media Server - Acer Inc. - C:\Program\acer\Acer eConsole\MediaServerService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Glocalnet Säkerhetspaket (BackWeb Plug-in - 1334833) - BackWeb Technologies Inc. - C:\Program\GLOCAL~2\backweb\1334833\Program\SERVIC~1.EXE
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program\Glocalnet Säkerhetspaket\Anti-Virus\fsgk32st.exe
O23 - Service: fsbwsys - F-Secure Corp. - C:\Program\Glocalnet Säkerhetspaket\backweb\1334833\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program\Glocalnet Säkerhetspaket\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure HTTP Server (fshttps) - F-Secure Corporation - C:\Program\Glocalnet Säkerhetspaket\FSPC\fshttps\fshttps.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program\Glocalnet Säkerhetspaket\Common\FSMA32.EXE
O23 - Service: Glocalnet Bredband (GlocalnetBredbandClientService) - Glocalnet AB - C:\Program\Glocalnet Bredband\Bredbandsklienten\GlocalnetBredbandService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program\Delade filer\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program\Delade filer\LightScribe\LSSrvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SiteAdvisor Service - McAfee, Inc. - C:\Program\SiteAdvisor\4979\SAService.exe
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP