[lolli_pop]

Jeg har en trojaner på min pc i System32 filer. Jeg har AVG, men bare spekuleret på, hvor at slippe af med det fra AVG som når jeg klikker slette, jeg tror det bare sletter fra Vault indtil næste scanning, når den er fundet igen.

[thingie2]

Synes lige du bliver nødt til at gøre mere end blot forsøg på at slette med AVG, så prøv at tage et kig på denne tråd.

[lolli_pop]

Ok, tak. Jeg vil køre kapre Denne morgen:)

[evilfantasy]

Kør alle de scanninger og efter logfilerne. HijackThis normalt ikke er nok.

[lolli_pop]

Jeg har kørt SUPERAntiSpyware og fik log. Jeg er også løb AVG en gang mere, og det kom op med seks steder, som den trojanske har smittet.

Dette er den SUPERAntiSpyware log:

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 10/26/2008 at 08:30

Application Version: 4.21.1004

Core Rules Database Version: 3609
Trace Rules Database Version: 1595

Scan type: Complete Scan
Total Scan Time: 00:59:08

Memory poster scannet: 430
Memory trusler opdaget: 0
Topdomæneadministratoren poster scannet: 4950
Topdomæneadministratoren trusler opdaget: 0
File poster skannet: 73876
File trusler opdaget: 77

Trojan.Unknown Oprindelse
C: \ WINDOWS \ mslagent \ 2_mslagent.dll
C: \ WINDOWS \ mslagent \ mslagent.exe
C: \ WINDOWS \ mslagent \ uninstall.exe
C: \ WINDOWS \ mslagent
C: \ WINDOWS \ system32 \ SMP \ msrc.exe
C: \ WINDOWS \ system32 \ SMP

Adware.INetDelivery
C: \ Programmer \ inet Delivery \ inetdl.exe
C: \ Programmer \ inet Delivery \ intdel.exe
C: \ Programmer \ inet Delivery
C: \ Programmer \ AKL \ akl.dll
C: \ Programmer \ AKL \ akl.exe
C: \ Programmer \ AKL \ uninstall.exe
C: \ Programmer \ AKL \ unsetup.exe
C: \ Programmer \ AKL

Trojan.Fake-Drop/Gen
C: \ WINDOWS \ SYSTEM32 \ VBSYS2.DLL
C: \ WINDOWS \ SYSTEM32 \ AWTOOLB.DLL
C: \ WINDOWS \ SYSTEM32 \ SYSREQ.EXE
C: \ WINDOWS \ SYSTEM32 \ WINWGPX.EXE
C: \ WINDOWS \ SYSTEM32 \ BDN.COM
C: \ WINDOWS \ SYSTEM32 \ MSSECU.EXE
C: \ WINDOWS \ SYSTEM32 \ VCATCHPI.DLL
C: \ WINDOWS \ SYSTEM32 \ AKTTZN.EXE
C: \ WINDOWS \ SYSTEM32 \ WINSYSTEM.EXE
C: \ WINDOWS \ SYSTEM32 \ NEWSD32.EXE
C: \ WINDOWS \ SYSTEM32 \ EMESX.DLL
C: \ WINDOWS \ SYSTEM32 \ RUNDL1.EXE
C: \ WINDOWS \ SYSTEM32 \ ANTICIPATOR.DLL
C: \ WINDOWS \ SYSTEM32 \ THUN.DLL
C: \ WINDOWS \ SYSTEM32 \ THUN32.DLL
C: \ WINDOWS \ SYSTEM32 \ MSVCHOST.EXE
C: \ WINDOWS \ SYSTEM32 \ REGC64.DLL
C: \ WINDOWS \ SYSTEM32 \ REGM64.DLL
C: \ WINDOWS \ SYSTEM32 \ SSVCHOST.COM
C: \ WINDOWS \ SYSTEM32 \ SSVCHOST.EXE
C: \ WINDOWS \ SYSTEM32 \ TEMP # 01.EXE
C: \ WINDOWS \ SYSTEM32 \ MSGP.EXE
C: \ WINDOWS \ SYSTEM32 \ MTR2.EXE
C: \ WINDOWS \ SYSTEM32 \ H @ TKEYSH @ @ K. DLL
C: \ WINDOWS \ SYSTEM32 \ NETODE.EXE
C: \ WINDOWS \ SYSTEM32 \ MEDUP012.DLL
C: \ WINDOWS \ SYSTEM32 \ MEDUP020.DLL
C: \ WINDOWS \ SYSTEM32 \ SSURF022.DLL
C: \ WINDOWS \ SYSTEM32 \ MSNBHO.DLL
C: \ WINDOWS \ SYSTEM32 \ BSVA-EGIHSG52.EXE
C: \ WINDOWS \ SYSTEM32 \ PS1.EXE
C: \ WINDOWS \ SYSTEM32 \ HXIWLGPM.DAT
C: \ WINDOWS \ SYSTEM32 \ HXIWLGPM.EXE
C: \ WINDOWS \ SYSTEM32 \ TAACK.DAT
C: \ WINDOWS \ SYSTEM32 \ TAACK.EXE
C: \ WINDOWS \ SYSTEM32 \ MWIN32.EXE
C: \ WINDOWS \ SYSTEM32 \ VBIEWER.OCX
C: \ WINDOWS \ SYSTEM32 \ HOPROXY.DLL
C: \ WINDOWS \ SYSTEM32 \ WINLOGONPC.EXE
C: \ WINDOWS \ BDN.COM
C: \ WINDOWS \ MSSECU.EXE
C: \ WINDOWS \ WINSYSTEM.EXE
C: \ WINDOWS \ ITUNESMUSIC.EXE
C: \ WINDOWS \ A. BAT
C: \ WINDOWS \ BASE64.TMP
C: \ WINDOWS \ FVPROTECT.EXE
C: \ WINDOWS \ USERCONFIG9X.DLL
C: \ WINDOWS \ ZIP1.TMP
C: \ WINDOWS \ ZIP2.TMP
C: \ WINDOWS \ ZIP3.TMP
C: \ WINDOWS \ ZIPPED.TMP

Dpcproxy
C: \ WINDOWS \ SYSTEM32 \ DPCPROXY.EXE

Unclassified.Unknown Oprindelse / System
C: \ WINDOWS \ SYSTEM32 \ PSOF1.EXE

Adware.Pacer D
C: \ WINDOWS \ SYSTEM32 \ PSOFT1.EXE

Trojan.Dluca-I
C: \ WINDOWS \ SYSTEM32 \ SNCNTR.EXE

Adware.Vundo-Variant / J
C: \ WINDOWS \ QRBGLTOS.DLL

Trojan.Net-MSV/VPS-Variant
C: \ WINDOWS \ GRFXBANOMOK.DLL

Adware.180solutions/Seekmo/Zango
C: \ Documents and Settings \ GUEST \ Desktop \ SETUP.EXE

Adware.Tracking Cookie
C: \ Documents and Settings \ Gæst \ Cookies \ gæst @ DoubleClick [2]. Txt
C: \ Documents and Settings \ Gæst \ Cookies \ gæst @ servering-sys [2]. Txt
C: \ Documents and Settings \ Gæst \ Cookies \ gæst @ atdmt [2]. Txt
C: \ Documents and Settings \ Gæst \ Cookies \ gæst @ TradeDoubler [2]. Txt
C: \ Documents and Settings \ Gæst \ Cookies \ guest@bs.serving-sys [2]. Txt

[lolli_pop]

MalwareByres Log:

Malwarebytes' Anti-Malware 1.30
Database version: 1324
Windows 5.1.2600 Service Pack 2

26/10/2008 23:09:02
mbam-log-2008-10-26 (23-09-02). txt

Scan type: Quick Scan
Objekter skannet: 52045
Tidsforbrug: 4 minut (s), 36 sekund (s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registreringsdatabasenøgler Inficerede: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 1
Files Infected: 1

Memory Processes Infected:
(Nr. ondsindede elementer opdaget)

Memory Modules Infected:
(Nr. ondsindede elementer opdaget)

Registreringsdatabasenøgler Inficerede:
(Nr. ondsindede elementer opdaget)

Registry Values Infected:
(Nr. ondsindede elementer opdaget)

Registry Data Items Infected:
(Nr. ondsindede elementer opdaget)

Folders Infected:
C: \ Documents and Settings \ Gæst \ Local Settings \ Temp \ ac8zt2 (Trojan.FakeAlert) ->

Karantæne og slettet.

Files Infected:
C: \ WINDOWS \ egsf.exe (Trojan.FakeAlert) -> karantæne og slettet.

[evilfantasy]

Brug for HijackThis log nu

[lolli_pop]

Citat:

Oprindeligt Indsendt af jamesjon

NOD32 er det bedste for trojaner.

Care at udvide?

[evilfantasy]

Vær venlig at fortsætte med udstationering logfilerne, hvis du har brug for hjælp.

[lolli_pop]

Logfile af Trend Micro HijackThis v2.0.2
Scan gemt kl 23:01:07 den 27/10/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Kørende processer:
C: \ WINDOWS \ System32 \ smss.exe
C: \ WINDOWS \ system32 \ Winlogon.exe
C: \ WINDOWS \ system32 \ Services.exe
C: \ WINDOWS \ system32 \ Lsass.exe
C: \ WINDOWS \ system32 \ Svchost.exe
C: \ WINDOWS \ System32 \ Svchost.exe
C: \ WINDOWS \ system32 \ Spoolsv.exe
C: \ Programmer \ Common Files \ Apple \ Mobile Device Support \ bin \ AppleMobileDeviceService.exe
C: \ PROGRA ~ 1 \ AVG \ AVG8 \ avgwdsvc.exe
C: \ Programmer \ WIDCOMM \ Bluetooth Software \ bin \ btwdins.exe
C: \ Programmer \ Java \ jre6 \ bin \ jqs.exe
C: \ WINDOWS \ system32 \ Svchost.exe
C: \ WINDOWS \ Explorer.EXE
C: \ PROGRA ~ 1 \ AVG \ AVG8 \ avgrsx.exe
C: \ Programmer \ Cyberlink \ PowerDVD \ PDVDServ.exe
C: \ WINDOWS \ SOUNDMAN.EXE
C: \ Acer \ Stærke Technology \ eRecovery \ Monitor.exe
C: \ Programmer \ Java \ jre6 \ bin \ jusched.exe
C: \ Programmer \ BroadJump \ Client Foundation \ CFD.exe
C: \ Programmer \ Virgin Bredbånd \ rådgiver \ Broadbandadvisor.exe
C: \ Programmer \ TextBridge Pro Millennium \ Bin \ InstantAccess.exe
C: \ Programmer \ Common Files \ Real \ Update_OB \ realsched.exe
C: \ Programmer \ iTunes \ iTunesHelper.exe
C: \ PROGRA ~ 1 \ AVG \ AVG8 \ avgtray.exe
C: \ WINDOWS \ sm56hlpr.exe
C: \ Programmer \ Google \ GoogleToolbarNotifier \ GoogleToolbarNo tifier.exe
C: \ WINDOWS \ system32 \ Ctfmon.exe
C: \ WINDOWS \ system32 \ sistray.exe
C: \ Programmer \ WIDCOMM \ Bluetooth Software \ BTTray.exe
C: \ Programmer \ Ulead Systems \ Ulead Photo Express 3.0 SE \ CalCheck.exe
C: \ Programmer \ iPod \ bin \ iPodService.exe
C: \ Programmer \ Trust \ Easy Webscan 19200 \ ScanPanel \ ScnPanel.exe
C: \ Programmer \ FinePixViewerS \ QuickDCF2.exe
C: \ PROGRA ~ 1 \ WIDCOMM \ BLUETO ~ 1 \ BTSTAC ~ 1.EXE
C: \ WINDOWS \ system32 \ wuauclt.exe
C: \ Programmer \ HijackThis \ Analyse.exe.exe

R0 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://www.google.co.uk/
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Default_Page_URL = http://global.acer.com
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Search Bar = http://us.rd.yahoo.com/customize/ie/...ch/search.html
R0 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU \ Software \ Microsoft \ Windows \ CurrentVersion \ Int ernet Settings, ProxyOverride = *. lokale
O2 - BHO: AcroIEHlprObj Class - (06849E9F-C8D7-4D59-B87D-784B7D6BE0B3) - C: \ Programmer \ Adobe \ Acrobat 7.0 \ ActiveX \ AcroIEHelper.dll
O2 - BHO: StumbleUpon Launcher - (145B29F4-A56B-4b90-BBAC-45784EBEBBB7) - C: \ Programmer \ StumbleUpon \ StumbleUponIEBar.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - (3CA2F312-6F6E-4B53-A66E-4E65E497C8C0) - C: \ Programmer \ AVG \ AVG8 \ avgssie.dll
O2 - BHO: Java (tm) Plug-In SSV Helper - (761497BB-D6F0-462C-B6EB-D4DAF1D92D43) - C: \ Programmer \ Java \ jre6 \ bin \ ssv.dll
O2 - BHO: Windows Live Sign-in Helper - (9030D464-4C02-4ABF-8ECC-5164760863C6) - C: \ Programmer \ Common Files \ Microsoft Shared \ Windows Live \ WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - (A057A204-BACC-4D26-9990-79A187E2698E) - C: \ PROGRA ~ 1 \ AVG \ AVG8 \ AVGTOO ~ 1.DLL
O2 - BHO: Google Toolbar Helper - (AA58ED58-01DD-4d91-8333-CF10577473F7) - c: \ program files \ google \ googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - (AF69DE43-7D58-4638-B6FA-CE66B5AD205D) - C: \ Programmer \ Google \ GoogleToolbarNotifier \ 3.1.807.1746 \ sw g.dll
O2 - BHO: Java (tm) Plug-In 2 SSV Helper - (DBC80044-A445-435b-BC74-9C25C1C588A9) - C: \ Programmer \ Java \ jre6 \ bin \ jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - (E7E6F031-17CE-4C07-BC86-EABFE594F69C) - C: \ Programmer \ Java \ jre6 \ lib \ indsætte \ jqs \ dvs \ jqs_plugin.dll
O2 - BHO: EpsonToolBandKicker Class - (E99421FB-68DD-40F0-B4AC-B7027CAE2F1A) - C: \ Programmer \ Epson \ Epson Web-To-Page \ Epson Web-To-Page.dll
O3 - Toolbar: & Google - (2318C2B1-4965-11D4-9B18-009027A5CD4F) - c: \ program files \ google \ googletoolbar1.dll
O3 - Toolbar: Epson Web-To-Page - (EE5D279F-081B-4404-994D-C6B60AAEBA6D) - C: \ Programmer \ Epson \ Epson Web-To-Page \ Epson Web-To-Page.dll
O3 - Toolbar: StumbleUpon Toolbar - (5093EB4C-3E93-40AB-9266-B607BA87BDC8) - C: \ Programmer \ StumbleUpon \ StumbleUponIEBar.dll
O3 - Toolbar: AVG Security Toolbar - (A057A204-BACC-4D26-9990-79A187E2698E) - C: \ PROGRA ~ 1 \ AVG \ AVG8 \ AVGTOO ~ 1.DLL
O4 - HKLM \ .. \ Run: [LaunchApp] Alaunch
O4 - HKLM \ .. \ Run: [ntiMUI] C: \ Programmer \ NewTech Infosystems \ NTI CD & DVD-Maker 7 \ ntiMUI.exe
O4 - HKLM \ .. \ Run: [RemoteControl] "C: \ Programmer \ Cyberlink \ PowerDVD \ PDVDServ.exe"
O4 - HKLM \ .. \ Run: [IMJPMIG8.1] "C: \ WINDOWS \ IME \ imjp8_1 \ IMJPMIG.EXE" / forkæle / RemAdvDef / Migration32
O4 - HKLM \ .. \ Run: [MSPY2002] C: \ WINDOWS \ system32 \ IME \ PINTLGNT \ ImScInst.exe / SYNC
O4 - HKLM \ .. \ Run: [PHIME2002ASync] C: \ WINDOWS \ system32 \ IME \ TINTLGNT \ TINTSETP.EXE / SYNC
O4 - HKLM \ .. \ Run: [PHIME2002A] C: \ WINDOWS \ system32 \ IME \ TINTLGNT \ TINTSETP.EXE / IMEName
O4 - HKLM \ .. \ Run: [SiSPower] rundll32.exe SiSPower.dll, ModeAgent
O4 - HKLM \ .. \ Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM \ .. \ Run: [eRecoveryService] C: \ Acer \ Stærke Technology \ eRecovery \ Monitor.exe
O4 - HKLM \ .. \ Run: [SunJavaUpdateSched] "C: \ Programmer \ Java \ jre6 \ bin \ jusched.exe"
O4 - HKLM \ .. \ Run: [BJCFD] C: \ Programmer \ BroadJump \ Client Foundation \ CFD.exe
O4 - HKLM \ .. \ Run: [Broadbandadvisor.exe] "C: \ Programmer \ Virgin Bredbånd \ rådgiver \ Broadbandadvisor.exe" / AutoRun
O4 - HKLM \ .. \ Run: [InstantAccess] C: \ Programmer \ TextBridge Pro Millennium \ Bin \ InstantAccess.exe / h
O4 - HKLM \ .. \ Run: [TkBellExe] "C: \ Programmer \ Common Files \ Real \ Update_OB \ realsched.exe"-osboot
O4 - HKLM \ .. \ Run: [QuickTime Task] "C: \ Programmer \ QuickTime \ qttask.exe"-atboottime
O4 - HKLM \ .. \ Run: [iTunesHelper] "C: \ Programmer \ iTunes \ iTunesHelper.exe"
O4 - HKLM \ .. \ Run: [AVG8_TRAY] C: \ PROGRA ~ 1 \ AVG \ AVG8 \ avgtray.exe
O4 - HKLM \ .. \ Run: [SMSERIAL] sm56hlpr.exe
O4 - HKCU \ .. \ Run: [MsnMsgr] "C: \ Programmer \ MSN Messenger \ MsnMsgr.Exe" / baggrund
O4 - HKCU \ .. \ Run: [SWG] C: \ Programmer \ Google \ GoogleToolbarNotifier \ GoogleToolbarNo tifier.exe
O4 - HKCU \ .. \ Run: [Ctfmon.exe] C: \ WINDOWS \ system32 \ Ctfmon.exe
O4 - HKUS \ S-1-5-18 \ .. \ Run: [Ctfmon.exe] C: \ WINDOWS \ system32 \ Ctfmon.exe (User 'SYSTEM')
O4 - HKUS \. DEFAULT \ .. \ Run: [Ctfmon.exe] C: \ WINDOWS \ system32 \ Ctfmon.exe (User 'Default user')
O4 - Startup: Comet Screensaver.lnk = C: \ Programmer \ Comet Screensaver \ Comet Screensaver.exe
O4 - Startup: IMVU.lnk = C: \ Programmer \ IMVU \ IMVUClient.exe
O4 - Startup: Tilbehør
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C: \ Programmer \ Adobe \ Acrobat 7.0 \ Reader \ reader_sl.exe
O4 - Global Startup: Utility Tray.lnk = C: \ WINDOWS \ system32 \ sistray.exe
O4 - Global Startup: Bluetooth.lnk =?
O4 - Global Startup: Ulead Photo Express 3.0 SE Calendar Checker.lnk = C: \ Programmer \ Ulead Systems \ Ulead Photo Express 3.0 SE \ CalCheck.exe
O4 - Global Startup: ScanPanel.lnk = C: \ Programmer \ Trust \ Easy Webscan 19200 \ ScanPanel \ ScnPanel.exe
O4 - Global Startup: Exif Launcher S.lnk =?
O4 - Global Startup: Adobe Gamma Loader.lnk = C: \ Programmer \ Common Files \ Adobe \ Calibration \ Adobe Gamma Loader.exe
O8 - Extra sammenhæng menupunkt: Add to Windows & Live Favorites -- http://favorites.live.com/quickadd.aspx
O8 - Extra sammenhæng menupunktet: E & ksporter til Microsoft Excel - res: / / C: \ PROGRA ~ 1 \ mikroer ~ 2 \ Office11 \ EXCEL.EXE/3000
O8 - Extra sammenhæng menupunkt: Send To & Bluetooth - C: \ Programmer \ Belkin \ Bluetooth Software \ btsendto_ie_ctx.htm
O8 - Extra sammenhæng menupunkt: Send til & Bluetooth-enhed ... - C: \ Programmer \ WIDCOMM \ Bluetooth Software \ btsendto_ie_ctx.htm
O8 - Extra sammenhæng menupunkt: StumbleUpon Photoblog It! - Res: / / StumbleUponIEBar.dll / blogimage
O9 - Ekstra knap: StumbleUpon - (75C9223A-409A-4795-A3CA-08DE6B075B4B) - C: \ Programmer \ StumbleUpon \ StumbleUponIEBar.dll
O9 - Ekstra knap: Research - (92780B25-18CC-41C8-B9BE-3C9C571A8263) - C: \ PROGRA ~ 1 \ mikroer ~ 2 \ Office11 \ REFIEBAR.DLL
O9 - Ekstra knap: @ btrez.dll, -4015 - (CCA281CA-C863-46ef-9331-5C8D4460577F) - C: \ Programmer \ WIDCOMM \ Bluetooth Software \ btsendto_ie.htm
O9 - Extra 'Tools' MENUITEM: @ btrez.dll, -12650 - (CCA281CA-C863-46ef-9331-5C8D4460577F) - C: \ Programmer \ WIDCOMM \ Bluetooth Software \ btsendto_ie.htm
O9 - Extra knappen: (no name) - (e2e2dd38-d088-4134-82b7-f2ba38496583) - C: \ WINDOWS \ Network Diagnostic \ xpnetdiag.exe
O9 - Extra 'Tools' MENUITEM: @ xpsp3res.dll, -20001 - (e2e2dd38-d088-4134-82b7-f2ba38496583) - C: \ WINDOWS \ Network Diagnostic \ xpnetdiag.exe
O9 - Ekstra knap: Messenger - (FB5F1910-F110-11D2-BB9E-00C04F795683) - C: \ Programmer \ Messenger \ msmsgs.exe
O9 - Extra 'Tools' MENUITEM: Windows Messenger - (FB5F1910-F110-11D2-BB9E-00C04F795683) - C: \ Programmer \ Messenger \ msmsgs.exe
O16 - DPF: (20A60F0D-9AFA-4515-A0FD-83BD84642501) (Dam klasse) -- http://messenger.zone.msn.com/binary...r.cab56986.cab
O16 - DPF: (30528230-99f7-4bb4-88d8-fa1d4f56a2ab) (YInstStarter Class) - C: \ Programmer \ Yahoo! \ Common \ yinsthelper.dll
O16 - DPF: (48DD0448-9209-4F81-9F6D-D83562940134) (MySpace Uploader Control) -- http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: (4F1E5B1A-2A80-42CA-8532-2D05CB959537) (MSN Photo Upload Tool) -- http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: (5C051655-FCD5-4969-9182-770EA5AA5565) (Solitaire Showdown Class) -- http://messenger.zone.msn.com/binary...n.cab56986.cab
O16 - DPF: (5D6F45B3-9043-443D-A792-115447494D24) (UnoCtrl klasse) -- http://messenger.zone.msn.com/EN-GB/.../GAME_UNO1.cab
O16 - DPF: (6414512B-B978-451D-A0D8-FCFDF33E833C) (WUWebControl Class) -- http://update.microsoft.com/windowsu...?1177956484625
O16 - DPF: (C3F79A2B-B9B4-4A66-B012-3EE46475B072) (MessengerStatsClient Class) -- http://messenger.zone.msn.com/binary...t.cab56907.cab
O16 - DPF: (F5A7706B-B9C0-4C89-A715-7A0C6B05DD48) (Minesweeper Flags Class) -- http://messenger.zone.msn.com/binary...r.cab56986.cab
O18 - Protocol: linkscanner - (F274614C-63F8-47D5-A4D1-FBDDE494F8D1) - C: \ Programmer \ AVG \ AVG8 \ avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O20 - Winlogon Notify:! SASWinLogon - C: \ Programmer \ SUPERAntiSpyware \ SASWINLO.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C: \ Programmer \ Common Files \ Apple \ Mobile Device Support \ bin \ AppleMobileDeviceService.exe
O23 - Service: AVG8 vagthund (avg8wd) - AVG Technologies CZ, sro - C: \ PROGRA ~ 1 \ AVG \ AVG8 \ avgwdsvc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C: \ Programmer \ WIDCOMM \ Bluetooth Software \ bin \ btwdins.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd - C: \ Programmer \ Common Files \ Macrovision Shared \ FLEXnet Publisher \ FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C: \ Programmer \ Google \ Common \ Google Updater \ GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C: \ Programmer \ iPod \ bin \ iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C: \ Programmer \ Java \ jre6 \ bin \ jqs.exe

--
End of file - 11086 bytes


Jeg tror, at den trojanske (s) har kom fra min søster henter spil for hendes telefon, Jeg er ikke sikker, men de er inficerende genoprettelsesprocessen nu.