StefanT
-
Innehållsantal
16 -
Gick med
-
Besökte senast
Inlägg postade av StefanT
-
-
Hej igen
Har kört Malware och den hittar 6 infekterade registerdataposter hela tiden. Ngt att bry sej om ? Annars fungerar datorn väldigt bra nu, det är som att trimma bilen, den blir bara bättre och bättre...
Tack för hjälpen//Stefan
Malwarebytes' Anti-Malware 1.30
Databasversion: 1387
Windows 5.1.2600 Service Pack 3
2008-11-12 18:52:34
mbam-log-2008-11-12 (18-52-34).txt
Skanningstyp: Fullständig skanning (C:|)
Antal skannade objekt: 179789
Förfluten tid: 2 hour(s), 12 minute(s), 34 second(s)
Infekterade minnesprocesser: 0
Infekterade minnesmoduler: 0
Infekterade registernycklar: 0
Infekterade registervärden: 0
Infekterade registerdataposter: 6
Infekterade mappar: 0
Infekterade filer: 0
Infekterade minnesprocesser:
(Inga illasinnade poster hittades)
Infekterade minnesmoduler:
(Inga illasinnade poster hittades)
Infekterade registernycklar:
(Inga illasinnade poster hittades)
Infekterade registervärden:
(Inga illasinnade poster hittades)
Infekterade registerdataposter:
HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesTcpipParametersDhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.83 192.168.0.1 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesTcpipParametersInterfaces{7ef5bb9b-24d6-4aa6-a938-6d497ebdca75}DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.83 192.168.0.1 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESYSTEMControlSet001ServicesTcpipParametersDhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.83 192.168.0.1 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESYSTEMControlSet001ServicesTcpipParametersInterfaces{7ef5bb9b-24d6-4aa6-a938-6d497ebdca75}DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.83 192.168.0.1 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESYSTEMControlSet002ServicesTcpipParametersDhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.83 192.168.0.1 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESYSTEMControlSet002ServicesTcpipParametersInterfaces{7ef5bb9b-24d6-4aa6-a938-6d497ebdca75}DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.83 192.168.0.1 -> Quarantined and deleted successfully.
Infekterade mappar:
(Inga illasinnade poster hittades)
Infekterade filer:
(Inga illasinnade poster hittades)
-
Hej.
Så här ser dagens resultat ut . Har en extern hårddisk som jag använder på den här datorn ytterst sällan. Ska köra en check på den oxå i alla fall.
//Stefan
Malwarebytes' Anti-Malware 1.30
Databasversion: 1387
Windows 5.1.2600 Service Pack 3
2008-11-12 12:47:50
mbam-log-2008-11-12 (12-47-50).txt
Skanningstyp: Fullständig skanning (C:|)
Antal skannade objekt: 183769
Förfluten tid: 1 hour(s), 43 minute(s), 42 second(s)
Infekterade minnesprocesser: 0
Infekterade minnesmoduler: 0
Infekterade registernycklar: 0
Infekterade registervärden: 0
Infekterade registerdataposter: 6
Infekterade mappar: 0
Infekterade filer: 0
Infekterade minnesprocesser:
(Inga illasinnade poster hittades)
Infekterade minnesmoduler:
(Inga illasinnade poster hittades)
Infekterade registernycklar:
(Inga illasinnade poster hittades)
Infekterade registervärden:
(Inga illasinnade poster hittades)
Infekterade registerdataposter:
HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesTcpipParametersDhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.83 192.168.0.1 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesTcpipParametersInterfaces{7ef5bb9b-24d6-4aa6-a938-6d497ebdca75}DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.83 192.168.0.1 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESYSTEMControlSet001ServicesTcpipParametersDhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.83 192.168.0.1 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESYSTEMControlSet001ServicesTcpipParametersInterfaces{7ef5bb9b-24d6-4aa6-a938-6d497ebdca75}DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.83 192.168.0.1 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESYSTEMControlSet002ServicesTcpipParametersDhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.83 192.168.0.1 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESYSTEMControlSet002ServicesTcpipParametersInterfaces{7ef5bb9b-24d6-4aa6-a938-6d497ebdca75}DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.83 192.168.0.1 -> Quarantined and deleted successfully.
Infekterade mappar:
(Inga illasinnade poster hittades)
Infekterade filer:
(Inga illasinnade poster hittades)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:52:23, on 2008-11-12
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal
Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:ProgramDelade filerSymantec SharedccSetMgr.exe
C:ProgramDelade filerSymantec SharedccEvtMgr.exe
C:ProgramDelade filerSymantec SharedccProxy.exe
C:ProgramDelade filerSymantec SharedPIF{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}PIFSvc.exe
C:ProgramDelade filerSymantec SharedSNDSrvc.exe
C:ProgramDelade filerSymantec SharedSPBBCSPBBCSvc.exe
C:ProgramDelade filerSymantec SharedCCPD-LCsymlcsvc.exe
C:WINDOWSExplorer.EXE
C:WINDOWSsystem32LEXBCES.EXE
C:WINDOWSsystem32LEXPPS.EXE
C:WINDOWSsystem32spoolsv.exe
C:ProgramQuickTimeqttask.exe
C:WINDOWSsystem32LXSUPMON.EXE
C:WINDOWSsystem32igfxpers.exe
C:WINDOWSsystem32hkcmd.exe
C:ProgramCyberLinkPowerDVDDVDLauncher.exe
C:ProgramDelade filerSymantec SharedccApp.exe
C:ProgramJavajre6binjusched.exe
C:WINDOWSsystem32ctfmon.exe
C:ProgramGoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe
C:ProgramWindows LiveMessengermsnmsgr.exe
C:ProgramSymantecLiveUpdateALUSchedulerSvc.exe
C:GarmingStart.exe
C:ProgramWindows Media PlayerWMPNSCFG.exe
C:WINDOWSSystem32svchost.exe
C:ProgramDellOpenManageClientIap.exe
C:ProgramJavajre6binjqs.exe
C:ProgramMicrosoft SQL ServerMSSQL$SPCSBinnsqlservr.exe
C:ProgramNorton Internet SecurityNorton AntiVirusnavapsvc.exe
C:WINDOWSsystem32svchost.exe
C:ProgramTrend MicroHijackThisCatha.exe
C:ProgramMessengermsmsgs.exe
C:WINDOWSsystem32wuauclt.exe
C:ProgramDelade filerSymantec SharedSecurity ConsoleNSCSRVCE.EXE
R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = https://upplandsbro.skola24.se/
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www1.euro.dell.com/content/default....;l=sv&s=gen
R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Länkar
O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:ProgramJavajre6binssv.dll
O2 - BHO: Windows Live inloggningshjälpen - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:ProgramDelade filerMicrosoft SharedWindows LiveWindowsLiveLogin.dll
O2 - BHO: Norton Internet Security 2006 - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:ProgramDelade filerSymantec SharedAdBlockingNISShExt.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:ProgramNorton Internet SecurityNorton AntiVirusNavShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:programgooglegoogletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:ProgramGoogleGoogleToolbarNotifier3.1.807.1746swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:ProgramWindows Live Toolbarmsntb.dll
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:ProgramJavajre6binjp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:ProgramJavajre6libdeployjqsiejqs_plugin.dll
O3 - Toolbar: Norton Internet Security 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:ProgramDelade filerSymantec SharedAdBlockingNISShExt.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:ProgramNorton Internet SecurityNorton AntiVirusNavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:programgooglegoogletoolbar1.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:ProgramWinamp Toolbarwinamptb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:ProgramWindows Live Toolbarmsntb.dll
O4 - HKLM..Run: [symantec PIF AlertEng] "C:ProgramDelade filerSymantec SharedPIF{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}PIFSvc.exe" /a /m "C:ProgramDelade filerSymantec SharedPIF{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}AlertEng.dll"
O4 - HKLM..Run: [QuickTime Task] "C:ProgramQuickTimeqttask.exe" -atboottime
O4 - HKLM..Run: [LXSUPMON] C:WINDOWSsystem32LXSUPMON.EXE RUN
O4 - HKLM..Run: [igfxtray] C:WINDOWSsystem32igfxtray.exe
O4 - HKLM..Run: [igfxpers] C:WINDOWSsystem32igfxpers.exe
O4 - HKLM..Run: [igfxhkcmd] C:WINDOWSsystem32hkcmd.exe
O4 - HKLM..Run: [DVDLauncher] "C:ProgramCyberLinkPowerDVDDVDLauncher.exe"
O4 - HKLM..Run: [ccApp] "C:ProgramDelade filerSymantec SharedccApp.exe"
O4 - HKLM..Run: [Adobe Reader Speed Launcher] "C:ProgramAdobeReader 8.0ReaderReader_sl.exe"
O4 - HKLM..Run: [sunJavaUpdateSched] "C:ProgramJavajre6binjusched.exe"
O4 - HKCU..Run: [ctfmon.exe] C:WINDOWSsystem32ctfmon.exe
O4 - HKCU..Run: [swg] C:ProgramGoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe
O4 - HKCU..Run: [MsnMsgr] "C:ProgramWindows LiveMessengermsnmsgr.exe" /background
O4 - HKCU..Run: [gStart] C:GarmingStart.exe
O4 - HKCU..Run: [WMPNSCFG] C:ProgramWindows Media PlayerWMPNSCFG.exe
O4 - HKUSS-1-5-19..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User 'LOKAL TJÄNST')
O4 - HKUSS-1-5-20..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUSS-1-5-18..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User 'SYSTEM')
O4 - HKUS.DEFAULT..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Winamp Toolbar Search - C:Documents and SettingsAll UsersApplication DataWinamp ToolbarieToolbarresourcesen-USlocalsearch.html
O8 - Extra context menu item: &Windows Live Search - res://C:ProgramWindows Live Toolbarmsntb.dll/search.htm
O8 - Extra context menu item: Add to AMV Converter... - C:ProgramMP3 Player Utilities 4.15AMVConvertergrab.html
O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:ProgramMICROS~2OFFICE11EXCEL.EXE/3000
O8 - Extra context menu item: MediaManager tool grab multimedia file - C:ProgramMP3 Player Utilities 4.15MediaManagergrab.html
O9 - Extra button: Blogga detta - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:ProgramWindows LiveWriterWriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blogga detta i Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:ProgramWindows LiveWriterWriterBrowserExtension.dll
O9 - Extra button: Referensinformation - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:ProgramMICROS~2OFFICE11REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:ProgramMessengermsmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:ProgramMessengermsmsgs.exe
O16 - DPF: {45A0A292-ECC6-4D8F-9EA9-A4BD411D24C1} (king.com) - http://www.king.com/ctl/kingcomie.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab
O23 - Service: Automatisk LiveUpdate-schemaläggare - Symantec Corporation - C:ProgramSymantecLiveUpdateALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:ProgramDelade filerSymantec SharedccEvtMgr.exe
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:ProgramNorton Internet SecurityccPwdSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:ProgramDelade filerSymantec SharedccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:ProgramDelade filerSymantec SharedccSetMgr.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:ProgramNorton Internet SecuritycomHost.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:ProgramGoogleCommonGoogle UpdaterGoogleUpdaterService.exe
O23 - Service: Iap - Dell Inc - C:ProgramDellOpenManageClientIap.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:ProgramJavajre6binjqs.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:WINDOWSsystem32LEXBCES.EXE
O23 - Service: LiveUpdate - Symantec Corporation - C:ProgramSymantecLIVEUP~1LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:ProgramDelade filerSymantec SharedPIF{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}PIFSvc.exe
O23 - Service: Norton AntiVirus Auto Protect-tjänst (navapsvc) - Symantec Corporation - C:ProgramNorton Internet SecurityNorton AntiVirusnavapsvc.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:ProgramIntelNCSSyncNetSvc.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:ProgramDelade filerSymantec SharedSecurity ConsoleNSCSRVCE.EXE
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:ProgramNorton Internet SecurityNorton AntiVirusSAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:ProgramDelade filerSymantec SharedSNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:ProgramDelade filerSymantec SharedSPBBCSPBBCSvc.exe
O23 - Service: Symantec Core LC - Unknown owner - C:ProgramDelade filerSymantec SharedCCPD-LCsymlcsvc.exe
O23 - Service: Symantec RemoteAssist - Symantec, Inc. - C:ProgramDelade filerSymantec SharedSupport Controlsssrc.exe
--
End of file - 10278 bytes
-
Hej
Här kommer eftermiddagens resultat. Tog bort Macrogaming och MyWaySA via installera/avinstallera program.
M.v.h
Stefan
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:43:21, on 2008-11-11
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal
Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:ProgramDelade filerSymantec SharedccSetMgr.exe
C:ProgramDelade filerSymantec SharedccEvtMgr.exe
C:ProgramDelade filerSymantec SharedccProxy.exe
C:ProgramDelade filerSymantec SharedPIF{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}PIFSvc.exe
C:ProgramDelade filerSymantec SharedSNDSrvc.exe
C:ProgramDelade filerSymantec SharedSPBBCSPBBCSvc.exe
C:ProgramDelade filerSymantec SharedCCPD-LCsymlcsvc.exe
C:WINDOWSsystem32LEXBCES.EXE
C:WINDOWSsystem32LEXPPS.EXE
C:WINDOWSsystem32spoolsv.exe
C:ProgramSymantecLiveUpdateALUSchedulerSvc.exe
C:WINDOWSSystem32svchost.exe
C:ProgramDellOpenManageClientIap.exe
C:ProgramJavajre6binjqs.exe
C:ProgramMicrosoft SQL ServerMSSQL$SPCSBinnsqlservr.exe
C:ProgramNorton Internet SecurityNorton AntiVirusnavapsvc.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSExplorer.EXE
C:ProgramQuickTimeqttask.exe
C:WINDOWSsystem32LXSUPMON.EXE
C:WINDOWSsystem32igfxpers.exe
C:WINDOWSsystem32hkcmd.exe
C:ProgramCyberLinkPowerDVDDVDLauncher.exe
C:ProgramDelade filerSymantec SharedccApp.exe
C:ProgramJavajre6binjusched.exe
C:WINDOWSsystem32ctfmon.exe
C:ProgramWindows Media PlayerWMPNSCFG.exe
C:ProgramGoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe
C:ProgramWindows LiveMessengermsnmsgr.exe
C:GarmingStart.exe
C:ProgramDelade filerSymantec SharedSecurity ConsoleNSCSRVCE.EXE
C:ProgramSymantecLIVEUP~1LUCOMS~1.EXE
C:ProgramSymantecLiveUpdateAUpdate.exe
C:ProgramSymantecLiveUpdateLuCallbackProxy.exe
C:ProgramSymantecLiveUpdateLuCallbackProxy.exe
C:ProgramMessengermsmsgs.exe
C:ProgramSymantecLiveUpdateLuCallbackProxy.exe
C:ProgramSymantecLiveUpdateLuCallbackProxy.exe
C:ProgramSymantecLiveUpdateLuCallbackProxy.exe
C:ProgramSymantecLiveUpdateLuCallbackProxy.exe
C:ProgramSymantecLiveUpdateLuCallbackProxy.exe
C:ProgramSymantecLiveUpdateLuCallbackProxy.exe
C:ProgramTrend MicroHijackThisCatha.exe
R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = https://upplandsbro.skola24.se/
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www1.euro.dell.com/content/default....;l=sv&s=gen
R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Länkar
R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:ProgramMacrogamingSweetIMBarForIEtoolbar.dll
O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:ProgramJavajre6binssv.dll
O2 - BHO: Windows Live inloggningshjälpen - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:ProgramDelade filerMicrosoft SharedWindows LiveWindowsLiveLogin.dll
O2 - BHO: Norton Internet Security 2006 - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:ProgramDelade filerSymantec SharedAdBlockingNISShExt.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:ProgramNorton Internet SecurityNorton AntiVirusNavShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:programgooglegoogletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:ProgramGoogleGoogleToolbarNotifier3.1.807.1746swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:ProgramWindows Live Toolbarmsntb.dll
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:ProgramJavajre6binjp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:ProgramJavajre6libdeployjqsiejqs_plugin.dll
O3 - Toolbar: Norton Internet Security 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:ProgramDelade filerSymantec SharedAdBlockingNISShExt.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:ProgramNorton Internet SecurityNorton AntiVirusNavShExt.dll
O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:ProgramMacrogamingSweetIMBarForIEtoolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:programgooglegoogletoolbar1.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:ProgramWinamp Toolbarwinamptb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:ProgramWindows Live Toolbarmsntb.dll
O4 - HKLM..Run: [symantec PIF AlertEng] "C:ProgramDelade filerSymantec SharedPIF{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}PIFSvc.exe" /a /m "C:ProgramDelade filerSymantec SharedPIF{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}AlertEng.dll"
O4 - HKLM..Run: [QuickTime Task] "C:ProgramQuickTimeqttask.exe" -atboottime
O4 - HKLM..Run: [LXSUPMON] C:WINDOWSsystem32LXSUPMON.EXE RUN
O4 - HKLM..Run: [igfxtray] C:WINDOWSsystem32igfxtray.exe
O4 - HKLM..Run: [igfxpers] C:WINDOWSsystem32igfxpers.exe
O4 - HKLM..Run: [igfxhkcmd] C:WINDOWSsystem32hkcmd.exe
O4 - HKLM..Run: [DVDLauncher] "C:ProgramCyberLinkPowerDVDDVDLauncher.exe"
O4 - HKLM..Run: [ccApp] "C:ProgramDelade filerSymantec SharedccApp.exe"
O4 - HKLM..Run: [Adobe Reader Speed Launcher] "C:ProgramAdobeReader 8.0ReaderReader_sl.exe"
O4 - HKLM..Run: [sunJavaUpdateSched] "C:ProgramJavajre6binjusched.exe"
O4 - HKCU..Run: [ctfmon.exe] C:WINDOWSsystem32ctfmon.exe
O4 - HKCU..Run: [WMPNSCFG] C:ProgramWindows Media PlayerWMPNSCFG.exe
O4 - HKCU..Run: [swg] C:ProgramGoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe
O4 - HKCU..Run: [MsnMsgr] "C:ProgramWindows LiveMessengermsnmsgr.exe" /background
O4 - HKCU..Run: [gStart] C:GarmingStart.exe
O4 - HKUSS-1-5-19..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User 'LOKAL TJÄNST')
O4 - HKUSS-1-5-20..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUSS-1-5-18..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User 'SYSTEM')
O4 - HKUS.DEFAULT..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Winamp Toolbar Search - C:Documents and SettingsAll UsersApplication DataWinamp ToolbarieToolbarresourcesen-USlocalsearch.html
O8 - Extra context menu item: &Windows Live Search - res://C:ProgramWindows Live Toolbarmsntb.dll/search.htm
O8 - Extra context menu item: Add to AMV Converter... - C:ProgramMP3 Player Utilities 4.15AMVConvertergrab.html
O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:ProgramMICROS~2OFFICE11EXCEL.EXE/3000
O8 - Extra context menu item: MediaManager tool grab multimedia file - C:ProgramMP3 Player Utilities 4.15MediaManagergrab.html
O9 - Extra button: Blogga detta - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:ProgramWindows LiveWriterWriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blogga detta i Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:ProgramWindows LiveWriterWriterBrowserExtension.dll
O9 - Extra button: Referensinformation - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:ProgramMICROS~2OFFICE11REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:ProgramMessengermsmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:ProgramMessengermsmsgs.exe
O16 - DPF: {45A0A292-ECC6-4D8F-9EA9-A4BD411D24C1} (king.com) - http://www.king.com/ctl/kingcomie.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game12.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab
O20 - AppInit_DLLs: bjxykt.dll
O23 - Service: Automatisk LiveUpdate-schemaläggare - Symantec Corporation - C:ProgramSymantecLiveUpdateALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:ProgramDelade filerSymantec SharedccEvtMgr.exe
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:ProgramNorton Internet SecurityccPwdSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:ProgramDelade filerSymantec SharedccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:ProgramDelade filerSymantec SharedccSetMgr.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:ProgramNorton Internet SecuritycomHost.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:ProgramGoogleCommonGoogle UpdaterGoogleUpdaterService.exe
O23 - Service: Iap - Dell Inc - C:ProgramDellOpenManageClientIap.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:ProgramJavajre6binjqs.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:WINDOWSsystem32LEXBCES.EXE
O23 - Service: LiveUpdate - Symantec Corporation - C:ProgramSymantecLIVEUP~1LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:ProgramDelade filerSymantec SharedPIF{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}PIFSvc.exe
O23 - Service: Norton AntiVirus Auto Protect-tjänst (navapsvc) - Symantec Corporation - C:ProgramNorton Internet SecurityNorton AntiVirusnavapsvc.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:ProgramIntelNCSSyncNetSvc.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:ProgramDelade filerSymantec SharedSecurity ConsoleNSCSRVCE.EXE
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:ProgramNorton Internet SecurityNorton AntiVirusSAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:ProgramDelade filerSymantec SharedSNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:ProgramDelade filerSymantec SharedSPBBCSPBBCSvc.exe
O23 - Service: Symantec Core LC - Unknown owner - C:ProgramDelade filerSymantec SharedCCPD-LCsymlcsvc.exe
O23 - Service: Symantec RemoteAssist - Symantec, Inc. - C:ProgramDelade filerSymantec SharedSupport Controlsssrc.exe
O24 - Desktop Component 0: (no name) - http://www.microsoft.com/windows/plus/imag...ish_150x106.jpg
--
End of file - 11308 bytes
SDFix: Version 1.240
Run by Administratr on 2008-11-11 at 17:18
Microsoft Windows XP [Version 5.1.2600]
Running From: C:SDFix
Checking Services :
Restoring Default Security Values
Restoring Default Hosts File
Rebooting
Checking Files :
Trojan Files Found:
C:WINDOWSsystem32weenaeelycpjeprre.exe - Deleted
Removing Temp Files
ADS Check :
Final Check :
catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-11 17:28:24
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden services & system hive ...
scanning hidden registry entries ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
Remaining Services :
Authorized Application Key Export:
[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicystandardprofileauthorizedapplicationslist]
"%windir%system32sessmgr.exe"="%windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:ProgramMicrosoft GamesZoo Tycoon 2 Trial Versionzt2demoretail.exe"="C:ProgramMicrosoft GamesZoo Tycoon 2 Trial Versionzt2demoretail.exe:*:Enabled:Zoo Tycoon 2 Demo Executable"
"C:ProgramMicrosoft GamesZoo Tycoon 2 Endangered Species Trial Versionzt.exe"="C:ProgramMicrosoft GamesZoo Tycoon 2 Endangered Species Trial Versionzt.exe:*:Enabled:Zoo Tycoon 2 Endangered Species Trial Version Executable"
"C:ProgramMessengermsmsgs.exe"="C:ProgramMessengermsmsgs.exe:*:Enabled:Windows Messenger"
"C:ProgramuTorrentuTorrent.exe"="C:ProgramuTorrentuTorrent.exe:*:Enabled:æTorrent"
"C:ProgramLimeWireLimeWire.exe"="C:ProgramLimeWireLimeWire.exe:*:Enabled:LimeWire"
"%windir%Network Diagnosticxpnetdiag.exe"="%windir%Network Diagnosticxpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:ProgramWindows LiveMessengermsnmsgr.exe"="C:ProgramWindows LiveMessengermsnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:ProgramWindows LiveMessengerlivecall.exe"="C:ProgramWindows LiveMessengerlivecall.exe:*:Enabled:Windows Live Messenger (Phone)"
[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicydomainprofileauthorizedapplicationslist]
"%windir%system32sessmgr.exe"="%windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%Network Diagnosticxpnetdiag.exe"="%windir%Network Diagnosticxpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:ProgramWindows LiveMessengermsnmsgr.exe"="C:ProgramWindows LiveMessengermsnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:ProgramWindows LiveMessengerlivecall.exe"="C:ProgramWindows LiveMessengerlivecall.exe:*:Enabled:Windows Live Messenger (Phone)"
Remaining Files :
File Backups: - C:SDFixbackupsbackups.zip
Files with Hidden Attributes :
Tue 28 Oct 2008 33,792 ..SHR --- "C:XXresycledboot.com"
Tue 28 Oct 2008 33,792 ..SHR --- "C:XXXresycledboot.com"
Sun 28 Oct 2007 4,348 ..SH. --- "C:Documents and SettingsAll UsersDRMDRMv1.bak"
Tue 8 May 2007 0 A.SH. --- "C:Documents and SettingsAll UsersDRMCacheIndiv01.tmp"
Fri 15 Dec 2006 395,960 A..H. --- "C:Documents and SettingsamandaApplication DataZylom GamesUninstallPlugin.exe"
Wed 24 Mar 2004 286,720 A..H. --- "C:Documents and SettingsamandaApplication DataInstallShield Installation Information{0E38CA14-8D20-45CF-8850-8F6213465D00}CTCABEX.DLL"
Wed 24 Mar 2004 286,720 A..H. --- "C:Documents and SettingsamandaApplication DataInstallShield Installation Information{88B1984E-36F0-47B8-B8DC-728966807A9C}CTCABEX.DLL"
Wed 24 Mar 2004 286,720 A..H. --- "C:Documents and SettingsamandaApplication DataInstallShield Installation Information{AC85CD9E-BC46-4874-90E6-ADB558DE7D9E}CTCABEX.DLL"
Sun 8 Apr 2007 16,720 A..H. --- "C:Documents and SettingsamandaApplication DataMicrosoftIdentityCRLppcrlconfig.dll"
Thu 16 Sep 2004 10,371 A..H. --- "C:Documents and SettingsamandaApplication DataMicrosoftInternet Explorerbrndlog.bak"
Sun 8 Apr 2007 9,084 A..H. --- "C:Documents and SettingsamandaApplication DataMicrosoftOfficefbc20.tmp"
Thu 14 Dec 2006 72,849 A..H. --- "C:Documents and SettingsamandaApplication DataSunJavaDeploymentcachejavapiv1.0jarflash.jar-21633a94-7b981737.zip"
Fri 15 Dec 2006 72,849 A..H. --- "C:Documents and SettingsamandaApplication DataSunJavaDeploymentcachejavapiv1.0jarflash.jar-3647ed55-24130ae8.zip"
Fri 15 Dec 2006 72,849 A..H. --- "C:Documents and SettingsamandaApplication DataSunJavaDeploymentcachejavapiv1.0jarflash.jar-2bb8af6d-48732dcd.zip"
Fri 15 Dec 2006 332,415 A..H. --- "C:Documents and SettingsamandaApplication DataSunJavaDeploymentcachejavapiv1.0jartextexpress.2.0.2.jar-6dc418d1-50f3ea45.zip"
Sat 13 Jan 2007 332,415 A..H. --- "C:Documents and SettingsamandaApplication DataSunJavaDeploymentcachejavapiv1.0jartextexpress.2.0.2.jar-2f16008e-18d26241.zip"
Sat 29 Apr 2006 55,060 A..H. --- "C:Documents and SettingsamandaApplication DataSunJavaDeploymentcachejavapiv1.0jartrapped.jar-27990b01-12b9740c.zip"
Finished!
-
c:documents and settingsCatharina AndreeApplication DataHotbarv3.0Hotbarstatic1more.res
c:documents and settingsCatharina AndreeApplication DataHotbarv3.0Hotbarstatic1new_games.mnu
c:documents and settingsCatharina AndreeApplication DataHotbarv3.0Hotbarstatic1progress.res
c:documents and settingsCatharina AndreeApplication DataHotbarv3.0Hotbarstatic1s_icons_buttons.res
c:documents and settingsCatharina AndreeApplication DataHotbarv3.0Hotbarstatic1sales_buttons.res
c:documents and settingsCatharina AndreeApplication DataHotbarv3.0Hotbarstatic1t2_bg.res
c:documents and settingsCatharina AndreeApplication DataHotbarv3.0Hotbarstatic1theweb.mnu
c:documents and settingsCatharina AndreeApplication DataHotbarv3.0Hotbarstatic1top7.cdf
c:documents and settingsCatharina AndreeApplication DataHotbarv3.0Hotbarstatic1Top7_theweb.mnu
c:documents and settingsCatharina AndreeApplication DataHotbarv3.0Hotbarstatic1tsd_bg.res
c:documents and settingsCatharina AndreeApplication DataHotbarv3.0Hotbarstatic1weathericon.res
c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HotbarstaticDownLoadads.xip
c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HotbarstaticDownLoadBtnTrans.xip
c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HotbarstaticDownLoadBtnTrans1.xip
c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HotbarstaticDownLoadbusiness_promo.xip
c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HotbarstaticDownLoadbuttondir.xip
c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HotbarstaticDownLoadcursors.xip
c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HotbarstaticDownLoadd_icons_buttons_1000.xip
c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HotbarstaticDownLoadd_icons_buttons_2000.xip
c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HotbarstaticDownLoadd_icons_buttons_3000.xip
c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HotbarstaticDownLoadd_icons_buttons_bar.xip
c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HotbarstaticDownLoadd_icons_buttons_bbar1.xip
c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HotbarstaticDownLoadd_icons_buttons_logos.xip
c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HotbarstaticDownLoadd_icons_buttons_other.xip
c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HotbarstaticDownLoadd_icons_weather.xip
c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HotbarstaticDownLoaddefault.xip
c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HotbarstaticDownLoademail-t1-bg.xip
c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HotbarstaticDownLoadgamesmenu.xip
c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HotbarstaticDownLoadhb_ie_menu.xip
c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HotbarstaticDownLoadhotbar-premium.xip
c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HotbarstaticDownLoadhotbar_promo.xip
c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HotbarstaticDownLoadicons2.xip
c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HotbarstaticDownLoadie_games_icon.xip
c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HotbarstaticDownLoadie_video.xip
c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HotbarstaticDownLoadkeywords.xip
c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HotbarstaticDownLoadkeywords1.xip
c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HotbarstaticDownLoadlayout.xip
c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HotbarstaticDownLoadlinkpathlegal.xip
c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HotbarstaticDownLoadmore.xip
c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HotbarstaticDownLoadprogress.xip
c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HotbarstaticDownLoads_icons_buttons.xip
c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HotbarstaticDownLoadsales_buttons.xip
c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HotbarstaticDownLoadsamplegroups2.txt
c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HotbarstaticDownLoadsamplegroups2.xip
c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HotbarstaticDownLoadt2_bg.xip
c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HotbarstaticDownLoadtop7.xip
c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HotbarstaticDownLoadtsd_bg.xip
c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HotbarstaticDownLoadweathericon.xip
c:windowsadmintxt.txt
c:windowssystem32adqaiwsk.ini
c:windowssystem32AGQtttwa.ini
c:windowssystem32AGQtttwa.ini2
c:windowssystem32amacourm.ini
c:windowssystem32asfvmwav.dll
c:windowssystem32boypgkdx.ini
c:windowssystem32bqpwcght.ini
c:windowssystem32cxhutwme.ini
c:windowssystem32DcLooUtv.ini
c:windowssystem32DcLooUtv.ini2
c:windowssystem32dcrhnjxb.ini
c:windowssystem32fNmSYcfe.ini
c:windowssystem32fNmSYcfe.ini2
c:windowssystem32fplotele.ini
c:windowssystem32fusukl.dll
c:windowssystem32gbcrokbl.ini
c:windowssystem32havgnxgs.ini
c:windowssystem32icgplrml.ini
c:windowssystem32ipfgwadu.ini
c:windowssystem32jhuhswef.dll
c:windowssystem32jjlcpctf.ini
c:windowssystem32miurueqr.ini
c:windowssystem32mjmkra.dll
c:windowssystem32mlbpekns.ini
c:windowssystem32nbsgkhps.ini
c:windowssystem32neaijxto.ini
c:windowssystem32ocmjro.dll
c:windowssystem32oddowp.dll
c:windowssystem32oeuvqjwq.ini
c:windowssystem32phiekinj.ini
c:windowssystem32rwwiluhl.ini
c:windowssystem32stmdfjch.ini
c:windowssystem32tyqyfsmm.ini
c:windowssystem32udqmtogp.ini
c:windowssystem32wpfimnuo.ini
c:windowssystem32wvvwa.bak2
c:windowssystem32wvvwa.tmp
c:windowssystem32WxbLRqru.ini
c:windowssystem32WxbLRqru.ini2
c:windowssystem32xdfuyofj.ini
c:windowssystem32xwmdullu.dll
c:windowssystem32yndpprqb.ini
.
((((((((((((((((((((((((( Files Created from 2008-10-10 to 2008-11-10 )))))))))))))))))))))))))))))))
.
2008-11-10 12:28 . 2008-11-10 12:28 <KAT> d-------- c:programCCleaner
2008-11-09 15:44 . 2008-11-09 15:44 <KAT> d-------- c:programMalwarebytes' Anti-Malware
2008-11-09 15:44 . 2008-11-09 15:44 <KAT> d-------- c:documents and settingsCatharina AndreeApplication DataMalwarebytes
2008-11-09 15:44 . 2008-11-09 15:44 <KAT> d-------- c:documents and settingsAll UsersApplication DataMalwarebytes
2008-11-09 15:44 . 2008-10-22 16:10 38,496 --a------ c:windowssystem32driversmbamswissarmy.sys
2008-11-09 15:44 . 2008-10-22 16:10 15,504 --a------ c:windowssystem32driversmbam.sys
2008-11-09 14:36 . 2008-11-09 14:36 <KAT> d-------- c:programTrend Micro
2008-11-09 12:12 . 2008-04-14 18:04 116,224 --a------ c:windowssystem32dllcachexrxwiadr.dll
2008-11-09 12:12 . 2001-08-18 06:37 99,865 --a------ c:windowssystem32dllcachexlog.exe
2008-11-09 12:12 . 2001-09-06 20:33 27,648 --a------ c:windowssystem32dllcachexrxftplt.exe
2008-11-09 12:12 . 2001-09-06 20:33 23,040 --a------ c:windowssystem32dllcachexrxwbtmp.dll
2008-11-09 12:12 . 2004-08-03 22:29 19,455 --a------ c:windowssystem32dllcachewvchntxx.sys
2008-11-09 12:12 . 2008-04-14 18:04 18,944 --a------ c:windowssystem32dllcachexrxscnui.dll
2008-11-09 12:12 . 2001-08-17 20:11 16,970 --a------ c:windowssystem32dllcachexem336n5.sys
2008-11-09 12:12 . 2004-08-03 22:29 12,063 --a------ c:windowssystem32dllcachewsiintxx.sys
2008-11-09 12:12 . 2008-04-14 18:04 8,192 --a------ c:windowssystem32dllcachewshirda.dll
2008-11-09 12:12 . 2001-09-06 20:33 4,608 --a------ c:windowssystem32dllcachexrxflnch.exe
2008-11-09 12:11 . 2001-08-17 21:28 771,581 --a------ c:windowssystem32dllcachewinacisa.sys
2008-11-09 12:11 . 2001-08-17 21:28 701,386 --a------ c:windowssystem32dllcachewdhaalba.sys
2008-11-09 12:11 . 2004-08-03 22:31 154,624 --a------ c:windowssystem32dllcachewlluc48.sys
2008-11-09 12:11 . 2001-09-06 20:33 87,040 --a------ c:windowssystem32dllcachewiafbdrv.dll
2008-11-09 12:11 . 2001-09-06 20:33 54,272 --a------ c:windowssystem32dllcachewiamsmud.dll
2008-11-09 12:11 . 2004-08-04 12:00 41,600 --a------ c:windowssystem32dllcacheweitekp9.dll
2008-11-09 12:11 . 2001-08-17 20:10 35,871 --a------ c:windowssystem32dllcachewbfirdma.sys
2008-11-09 12:11 . 2001-09-06 19:56 34,890 --a------ c:windowssystem32dllcachewlandrv2.sys
2008-11-09 12:11 . 2008-04-14 17:36 31,872 --a------ c:windowssystem32dllcachewceusbsh.sys
2008-11-09 12:11 . 2004-08-04 12:00 31,232 --a------ c:windowssystem32dllcacheweitekp9.sys
2008-11-09 12:11 . 2004-08-03 22:29 23,615 --a------ c:windowssystem32dllcachewch7xxnt.sys
2008-11-09 12:11 . 2008-04-13 20:36 8,832 --a------ c:windowssystem32dllcachewmiacpi.sys
2008-11-09 12:09 . 2001-08-17 21:28 794,654 --a------ c:windowssystem32dllcacheusr1801.sys
2008-11-09 12:08 . 2001-09-06 20:33 216,064 --a------ c:windowssystem32dllcacheum34scan.dll
2008-11-09 12:08 . 2001-09-06 20:33 211,968 --a------ c:windowssystem32dllcacheum54scan.dll
2008-11-09 12:08 . 2001-08-17 20:51 166,784 --a------ c:windowssystem32dllcachetridxpm.sys
2008-11-09 12:08 . 2001-09-06 20:33 69,632 --a------ c:windowssystem32dllcacheumaxu12.dll
2008-11-09 12:08 . 2001-09-06 20:33 50,688 --a------ c:windowssystem32dllcacheumaxscan.dll
2008-11-09 12:08 . 2001-09-06 20:33 50,176 --a------ c:windowssystem32dllcacheumaxp60.dll
2008-11-09 12:08 . 2001-09-06 20:33 47,616 --a------ c:windowssystem32dllcacheumaxcam.dll
2008-11-09 12:08 . 2001-09-06 20:33 28,160 --a------ c:windowssystem32dllcacheumaxu40.dll
2008-11-09 12:08 . 2001-09-06 20:33 26,624 --a------ c:windowssystem32dllcacheumaxu22.dll
2008-11-09 12:08 . 2001-08-17 21:58 22,912 --a------ c:windowssystem32dllcacheumaxpcls.sys
2008-11-09 12:08 . 2004-08-04 12:00 14,336 --a------ c:windowssystem32dllcachetsprof.exe
2008-11-09 12:08 . 2001-08-17 21:48 11,520 --a------ c:windowssystem32dllcachetwotrack.sys
2008-11-09 12:06 . 2001-09-06 20:33 172,768 --a------ c:windowssystem32dllcachet2r4disp.dll
2008-11-09 12:05 . 2001-09-06 19:47 285,760 --a------ c:windowssystem32dllcachestlnata.sys
2008-11-09 12:04 . 2001-09-06 20:33 147,200 --a------ c:windowssystem32dllcachesmidispb.dll
2008-11-09 12:03 . 2001-09-06 20:33 386,560 --a------ c:windowssystem32dllcachesgiul50.dll
2008-11-09 12:02 . 2001-09-06 20:32 495,616 --a------ c:windowssystem32dllcachesblfx.dll
2008-11-09 12:01 . 2001-09-06 20:33 210,496 --a------ c:windowssystem32dllcaches3mvirge.dll
2008-11-09 12:00 . 2001-09-06 20:09 899,274 --a------ c:windowssystem32dllcacher2mdkxga.sys
2008-11-09 11:59 . 2008-04-14 18:04 363,520 --a------ c:windowssystem32dllcachepsisdecd.dll
2008-11-09 11:58 . 2008-04-13 20:46 61,696 --a------ c:windowssystem32dllcacheohci1394.sys
2008-11-09 11:58 . 2001-08-17 20:20 54,528 --a------ c:windowssystem32dllcacheopl3sax.sys
2008-11-09 11:58 . 2001-09-06 20:06 54,314 --a------ c:windowssystem32dllcacheotcsercb.sys
2008-11-09 11:58 . 2001-09-06 20:06 43,817 --a------ c:windowssystem32dllcacheotceth5.sys
2008-11-09 11:58 . 2001-08-17 22:05 31,872 --a------ c:windowssystem32dllcacheovce.sys
2008-11-09 11:58 . 2001-08-17 20:12 30,495 --a------ c:windowssystem32dllcachepc100nds.sys
2008-11-09 11:58 . 2001-08-17 20:11 30,282 --a------ c:windowssystem32dllcachepcntn5hl.sys
2008-11-09 11:58 . 2001-08-17 20:11 29,769 --a------ c:windowssystem32dllcachepcntn5m.sys
2008-11-09 11:58 . 2004-08-03 22:31 29,502 --a------ c:windowssystem32dllcachepca200e.sys
2008-11-09 11:58 . 2001-08-17 20:12 27,209 --a------ c:windowssystem32dllcacheotc06x5.sys
2008-11-09 11:58 . 2001-08-17 20:12 26,153 --a------ c:windowssystem32dllcachepcmlm56.sys
2008-11-09 11:58 . 2001-08-17 22:05 25,216 --a------ c:windowssystem32dllcacheovsound2.sys
2008-11-09 11:58 . 2001-08-17 22:05 25,088 --a------ c:windowssystem32dllcacheovca.sys
2008-11-09 11:56 . 2001-09-06 19:59 129,536 --a------ c:windowssystem32dllcachen100325.sys
2008-11-09 11:55 . 2001-09-06 19:54 320,384 --a------ c:windowssystem32dllcachemgaum.sys
2008-11-09 11:54 . 2001-08-17 21:28 802,683 --a------ c:windowssystem32dllcacheltsm.sys
2008-11-09 11:53 . 2008-04-14 18:04 253,952 --a------ c:windowssystem32dllcachekdsusd.dll
2008-11-09 11:52 . 2001-09-06 20:33 372,824 --a------ c:windowssystem32dllcacheiconf32.dll
2008-11-09 11:51 . 2008-04-14 18:04 702,845 --a------ c:windowssystem32dllcachei81xdnt5.dll
2008-11-09 11:50 . 2001-09-06 20:33 324,608 --a------ c:windowssystem32dllcachehpojwia.dll
2008-11-09 11:49 . 2001-09-06 20:32 1,733,120 --a------ c:windowssystem32dllcacheg400d.dll
2008-11-09 11:48 . 2004-08-03 22:32 137,088 --a------ c:windowssystem32dllcacheessm2e.sys
2008-11-09 11:47 . 2001-09-06 20:03 634,134 --a------ c:windowssystem32dllcacheel656ct5.sys
2008-11-09 11:46 . 2004-08-04 12:00 514,587 --a------ c:windowssystem32dllcacheedb500.dll
2008-11-09 11:46 . 2001-08-17 20:20 334,208 --a------ c:windowssystem32dllcacheds1wdm.sys
2008-11-09 11:46 . 2001-08-17 20:10 69,692 --a------ c:windowssystem32dllcacheel575nd5.sys
2008-11-09 11:46 . 2001-08-17 20:11 69,194 --a------ c:windowssystem32dllcacheel656cd5.sys
2008-11-09 11:46 . 2001-08-17 20:10 55,999 --a------ c:windowssystem32dllcacheel556nd5.sys
2008-11-09 11:46 . 2001-09-06 20:03 51,231 --a------ c:windowssystem32dllcachee1000nt5.sys
2008-11-09 11:46 . 2001-09-06 20:03 44,103 --a------ c:windowssystem32dllcacheel515.sys
2008-11-09 11:46 . 2001-08-17 20:10 26,141 --a------ c:windowssystem32dllcacheel589nd5.sys
2008-11-09 11:46 . 2001-08-17 20:10 24,653 --a------ c:windowssystem32dllcacheel574nd4.sys
2008-11-09 11:46 . 2008-04-14 18:05 20,992 --a------ c:windowssystem32dllcachedshowext.ax
2008-11-09 11:46 . 2001-08-17 20:12 19,594 --a------ c:windowssystem32dllcachee100isa4.sys
2008-11-09 11:44 . 2001-09-06 20:33 421,405 --a------ c:windowssystem32dllcachedgconfig.dll
2008-11-09 11:43 . 2008-04-14 18:04 250,880 --a------ c:windowssystem32dllcachectmasetp.dll
2008-11-09 11:42 . 2001-09-06 19:54 980,034 --a------ c:windowssystem32dllcachecicap.sys
2008-11-09 11:41 . 2001-09-06 19:53 714,826 --a------ c:windowssystem32dllcachecbmdmkxx.sys
2008-11-09 11:40 . 2001-08-17 21:28 871,388 --a------ c:windowssystem32dllcachebcmdm.sys
2008-11-09 11:39 . 2001-08-17 21:28 762,780 --a------ c:windowssystem32dllcache3cwmcru.sys
2008-11-09 11:38 . 2001-09-06 20:33 66,048 --a------ c:windowssystem32dllcaches3legacy.dll
2008-11-09 11:20 . 2008-11-09 11:21 <KAT> d-------- c:documents and settingsmatildaAmanda
2008-11-08 21:29 . 2004-09-16 09:49 <KAT> dr------- c:documents and settingsAdministratör.CATHAStart-meny
2008-11-08 21:29 . 2004-09-16 09:49 <KAT> dr------- c:documents and settingsAdministratör.CATHAStart-meny
2008-11-08 21:29 . 2006-04-12 14:07 <KAT> d-------- c:documents and settingsAdministratör.CATHASkrivbord
2008-11-08 21:29 . 2006-04-12 14:07 <KAT> d-------- c:documents and settingsAdministratör.CATHASkrivbord
2008-11-08 21:29 . 2004-09-16 09:49 <KAT> d--h----- c:documents and settingsAdministratör.CATHASkrivare
2008-11-08 21:29 . 2004-09-16 09:49 <KAT> d--h----- c:documents and settingsAdministratör.CATHASkrivare
2008-11-08 21:29 . 2004-09-16 09:49 <KAT> d--h----- c:documents and settingsAdministratör.CATHANätverket
2008-11-08 21:29 . 2004-09-16 09:49 <KAT> d--h----- c:documents and settingsAdministratör.CATHANätverket
2008-11-08 21:29 . 2004-09-16 10:00 <KAT> dr------- c:documents and settingsAdministratör.CATHAMina dokument
2008-11-08 21:29 . 2004-09-16 10:00 <KAT> dr------- c:documents and settingsAdministratör.CATHAMina dokument
2008-11-08 21:29 . 2004-09-16 09:49 <KAT> d--h----- c:documents and settingsAdministratör.CATHAMallar
2008-11-08 21:29 . 2004-09-16 09:49 <KAT> d--h----- c:documents and settingsAdministratör.CATHAMallar
2008-11-08 21:29 . 2008-11-10 19:26 <KAT> d--h----- c:documents and settingsAdministratör.CATHALokala inställningar
2008-11-08 21:29 . 2008-11-10 19:26 <KAT> d--h----- c:documents and settingsAdministratör.CATHALokala inställningar
2008-11-08 21:29 . 2004-09-16 10:00 <KAT> dr------- c:documents and settingsAdministratör.CATHAFavoriter
2008-11-08 21:29 . 2004-09-16 10:00 <KAT> dr------- c:documents and settingsAdministratör.CATHAFavoriter
2008-11-08 21:29 . 2008-11-08 21:29 <KAT> d-------- c:documents and settingsAdministratör.CATHA
2008-11-06 09:53 . 2008-11-06 09:53 <KAT> dr-hs---- C:XXXresycled
2008-11-06 09:40 . 2008-11-06 10:33 2,444 --a------ C:XXXautorun.PNF
2008-11-06 09:21 . 2008-11-06 09:24 103 -rahs---- C:XXautorun.XXinf
2008-11-05 20:39 . 2008-11-05 20:39 2,444 --a------ C:XXautorun.XXPNF
2008-11-04 13:54 . 2008-11-04 13:55 97,943 --a------ c:windowswebcodec.exe
2008-11-03 23:17 . 2008-11-03 23:19 97,943 --a------ c:windowswebconfig32.exe
2008-11-03 13:39 . 2008-11-03 13:39 113,152 --a------ c:windowssystem32nwwjjgms.dll
2008-11-03 02:14 . 2008-11-06 09:51 <KAT> dr-hs---- C:XXresycled
2008-11-01 14:05 . 2008-11-10 12:58 <KAT> d-------- c:programFighters
2008-11-01 14:05 . 2008-11-01 14:05 <KAT> d-------- c:documents and settingsAll UsersApplication DataFighters
2008-10-27 22:55 . 2008-11-01 17:02 77,937 --a------ c:windowssystem32weenaeelycpjeprre.exe
2008-10-18 13:22 . 2008-10-18 13:22 <KAT> d-------- c:windowssystem32sv
2008-10-18 13:22 . 2008-10-18 13:22 <KAT> d-------- c:windowssystem32bits
2008-10-18 13:22 . 2008-10-18 13:22 <KAT> d-------- c:windowsl2schemas
2008-10-18 13:19 . 2008-10-18 13:23 <KAT> d-------- c:windowsServicePackFiles
2008-10-18 13:09 . 2008-10-18 13:09 <KAT> d-------- c:windowsEHome
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-10 11:55 --------- d-----w c:programDelade filerSymantec Shared
2008-11-06 11:37 --------- d-----w c:documents and settingsAll UsersApplication DataSymantec
2008-11-06 09:41 --------- d-----w c:programNorton Internet Security
2008-11-04 17:08 --------- d-----w c:programNorton Security Scan
2008-11-03 18:43 --------- d-----w c:programLimeWire
2008-11-03 18:43 --------- d-----w c:programIncomplete
2008-10-07 21:25 --------- d-----w c:documents and settingsCatharina AndreeApplication DataLimeWire
2008-10-03 17:26 6,066,176 ------w c:windowssystem32dllcacheieframe.dll
2008-10-02 17:21 --------- d-----w c:programVision Park
2008-09-30 16:05 --------- d---a-w c:documents and settingsAll UsersApplication DataTEMP
2008-09-30 15:51 --------- d-----w c:programGamenext
2008-09-30 15:51 --------- d-----w c:documents and settingsAll UsersApplication DataPlayFirst
2008-09-15 15:27 1,846,400 ----a-w c:windowssystem32win32k.sys
2008-09-15 15:27 1,846,400 ----a-w c:windowssystem32dllcachewin32k.sys
2008-09-10 10:38 --------- d-----w c:documents and settingsAll UsersApplication DataSandlot Games
2008-09-08 10:41 333,824 ----a-w c:windowssystem32dllcachesrv.sys
2008-08-27 09:27 3,593,216 ----a-w c:windowssystem32dllcachemshtml.dll
2008-08-26 08:27 826,368 ----a-w c:windowssystem32wininet.dll
2008-08-26 08:27 826,368 ----a-w c:windowssystem32dllcachewininet.dll
2008-08-26 08:27 671,232 ----a-w c:windowssystem32dllcachemstime.dll
2008-08-26 08:27 477,696 ----a-w c:windowssystem32dllcachemshtmled.dll
2008-08-26 08:27 44,544 ----a-w c:windowssystem32dllcachepngfilt.dll
2008-08-26 08:27 233,472 ----a-w c:windowssystem32dllcachewebcheck.dll
2008-08-26 08:27 193,024 ----a-w c:windowssystem32dllcachemsrating.dll
2008-08-26 08:27 105,984 ----a-w c:windowssystem32dllcacheurl.dll
2008-08-26 08:27 102,912 ----a-w c:windowssystem32dllcacheoccache.dll
2008-08-26 08:27 1,159,680 ----a-w c:windowssystem32dllcacheurlmon.dll
2008-08-25 08:43 70,656 ----a-w c:windowssystem32dllcacheie4uinit.exe
2008-08-25 08:38 13,824 ------w c:windowssystem32dllcacheieudinit.exe
2008-08-23 05:56 635,848 ----a-w c:windowssystem32dllcacheiexplore.exe
2008-08-23 05:54 161,792 ----a-w c:windowssystem32dllcacheieakui.dll
2008-08-14 13:27 2,189,952 ----a-w c:windowssystem32ntoskrnl.exe
2008-08-14 13:27 2,189,952 ----a-w c:windowssystem32dllcachentoskrnl.exe
2008-08-14 13:27 2,066,816 ----a-w c:windowssystem32ntkrnlpa.exe
2008-08-14 13:27 2,066,816 ----a-w c:windowssystem32dllcachentkrnlpa.exe
2008-08-14 10:04 138,496 ----a-w c:windowssystem32dllcacheafd.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]
"ctfmon.exe"="c:windowssystem32ctfmon.exe" [2008-04-14 15360]
"WMPNSCFG"="c:programWindows Media PlayerWMPNSCFG.exe" [2006-11-15 204288]
"swg"="c:programGoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe" [2007-10-12 68856]
"MsnMsgr"="c:programWindows LiveMessengermsnmsgr.exe" [2007-10-18 5724184]
"gStart"="c:garmingStart.exe" [2007-08-23 1891416]
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
"Symantec PIF AlertEng"="c:programDelade filerSymantec SharedPIF{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}PIFSvc.exe" [2008-01-29 583048]
"SweetIM"="c:programMacrogamingSweetIMSweetIM.exe" [2008-01-02 103712]
"SunJavaUpdateSched"="c:programJavajre1.6.0_05binjusched.exe" [2008-02-22 144784]
"QuickTime Task"="c:programQuickTimeqttask.exe" [2007-05-18 98304]
"LXSUPMON"="c:windowssystem32LXSUPMON.EXE" [2002-01-28 885760]
"igfxtray"="c:windowssystem32igfxtray.exe" [2005-09-20 94208]
"igfxpers"="c:windowssystem32igfxpers.exe" [2005-09-20 114688]
"igfxhkcmd"="c:windowssystem32hkcmd.exe" [2005-09-20 77824]
"DVDLauncher"="c:programCyberLinkPowerDVDDVDLauncher.exe" [2004-04-26 53248]
"ccApp"="c:programDelade filerSymantec SharedccApp.exe" [2007-03-01 52840]
"Adobe Reader Speed Launcher"="c:programAdobeReader 8.0ReaderReader_sl.exe" [2008-01-11 39792]
[HKEY_USERS.DEFAULTSoftwareMicrosoftWindowsCurrentVersionRun]
"CTFMON.EXE"="c:windowssystem32CTFMON.EXE" [2008-04-14 15360]
[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversionwindows]
"AppInit_DLLs"=bjxykt.dll
HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregC:
HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregC:WINDOWS
HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregc:windowssystem32
[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity center]
"AntiVirusDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity centerMonitoringSymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity centerMonitoringSymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM~servicessharedaccessparametersfirewallpolicystandardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM~servicessharedaccessparametersfirewallpolicystandardprofileAuthorizedApplicationsList]
"%windir%system32sessmgr.exe"=
"c:ProgramMicrosoft GamesZoo Tycoon 2 Trial Versionzt2demoretail.exe"=
"c:ProgramMicrosoft GamesZoo Tycoon 2 Endangered Species Trial Versionzt.exe"=
"c:ProgramMessengermsmsgs.exe"=
"c:ProgramuTorrentuTorrent.exe"=
"c:ProgramLimeWireLimeWire.exe"=
"%windir%Network Diagnosticxpnetdiag.exe"=
"c:ProgramWindows LiveMessengermsnmsgr.exe"=
"c:ProgramWindows LiveMessengerlivecall.exe"=
R2 Automatisk LiveUpdate-schemaläggare;Automatisk LiveUpdate-schemaläggare;c:programSymantecLiveUpdateALUSchedulerSvc.exe [2006-02-28 100032]
R2 MSSQL$SPCS;MSSQL$SPCS;c:programMicrosoft SQL ServerMSSQL$SPCSBinnsqlservr.exe [2002-12-17 7520337]
S1 bf29d896;bf29d896;c:windowssystem32driversbf29d896.sys [ ]
S3 SQLAgent$SPCS;SQLAgent$SPCS;c:programMicrosoft SQL ServerMSSQL$SPCSBinnsqlagent.EXE [2002-12-17 311872]
S3 V0260VID;Live! Cam Vista IM;c:windowssystem32DRIVERSV0260Vid.sys [2006-04-01 162176]
*Newly Created Service* - COMHOST
*Newly Created Service* - PROCEXP90
.
Contents of the 'Scheduled Tasks' folder
2008-11-04 c:windowsTasksAppleSoftwareUpdate.job
- c:programApple Software UpdateSoftwareUpdate.exe [2007-06-03 12:42]
2008-11-10 c:windowsTasksKontrollera uppdateringar för Windows Live Toolbar.job
- c:programWindows Live ToolbarMSNTBUP.EXE [2007-10-19 11:20]
2008-10-24 c:windowsTasksNorton AntiVirus - Sök igenom datorn - Catharina Andree.job
- c:programNORTON~1NORTON~1Navw32.exe [2007-05-28 11:00]
.
- - - - ORPHANS REMOVED - - - -
BHO-{15f1de2b-e547-f1d4-f82d-d5bfd4ee2e0e} - c:windowssystem32tuyrgsacxlt.dll
HKCU-Run-BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - c:programDelade filerAheadLibNMBgMonitor.exe
HKLM-Run-c:windowssystem32kdihl.exe - c:windowssystem32kdihl.exe
HKLM-Run-WinampAgent - c:programWinampwianmpa.exe
Notify-wvukjbcb - wvUkJbcB.dll
MSConfigStartUp-kdihl - c:windowssystem32kdihl.exe
.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = https://upplandsbro.skola24.se/
R0 -: HKCU-Main,SearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
R0 -: HKLM-Main,Start Page = hxxp://www1.euro.dell.com/content/default.aspx?c=se&l=sv&s=gen
R1 -: HKCU-Internet Connection Wizard,ShellNext = iexplore
R1 -: HKCU-SearchURL,(Default) = hxxp://www.google.com/search?q=%s
O8 -: &Winamp Toolbar Search - c:documents and settingsAll UsersApplication DataWinamp ToolbarieToolbarresourcesen-USlocalsearch.html
O8 -: &Windows Live Search - c:programWindows Live Toolbarmsntb.dll/search.htm
O8 -: Add to AMV Converter... - c:programMP3 Player Utilities 4.15AMVConvertergrab.html
O8 -: E&xportera till Microsoft Excel - c:programMICROS~2OFFICE11EXCEL.EXE/3000
O8 -: MediaManager tool grab multimedia file - c:programMP3 Player Utilities 4.15MediaManagergrab.html
O16 -: {45A0A292-ECC6-4D8F-9EA9-A4BD411D24C1} - hxxp://www.king.com/ctl/kingcomie.cab
c:windowsDownloaded Program FilesKingComIE.inf
c:windowsKingComIE.dll
O16 -: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://game12.zylom.com/activex/zylomgamesplayer.cab
c:windowsDownloaded Program FilesZylomGamesPlayer.inf
c:windowsDownloaded Program Fileszylomgamesplayer.dll
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-10 19:27:00
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-11-10 19:30:59
ComboFix-quarantined-files.txt 2008-11-10 18:30:52
Pre-Run: 118 855 516 160 byte ledigt
Post-Run: 119,356,342,272 byte ledigt
824 --- E O F --- 2008-10-19 07:21:51
-
c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1buttondir.txt
c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1components.cdf
c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1css_cattree.css
c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1css_flashpreview.css
c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1css2_main.css
c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1css2_pagingmodule.css
c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1css2_topbuttons.css
c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1delete.gif
c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1edit_clear_sound.gif
c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1edit_fs.htm
c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1edit_select.gif
c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1email-def-511724-543450.mnu
c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1email-def-511724-548964.mnu
c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1email-def-511724-589306.mnu
c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1email-def-511724-591943.mnu
c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1email-def-511724-592579.mnu
c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1email-def-511724-598579.mnu
c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1email-def-511724-603763.mnu
c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1email-def-511724-9595.mnu
c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1email-def-511724-9696.mnu
c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1email-def-511745-514279.mnu
c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1email-def-email-backgrounds.mnu
c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1email-def-email-bcards.mnu
c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1email-def-email-ecards.mnu
c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1email-def-email-emoticons.mnu
c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1email-def-email-estationery.mnu
c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1email-def-email-funny.mnu
c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1email-def-email-help.mnu
c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1email-def-email-images.mnu
c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1email-def-email-info.mnu
c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1email-def-email-more.mnu
c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1email-def-email-my.mnu
c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1email-def-email-new.mnu
c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1email-def-email-new2.mnu
c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1email-def-email-options.mnu
c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1email-def-email-people.mnu
c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1email-def-email-photo.mnu
c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1email-def-email-tell.mnu
c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1email-def-email-temp.mnu
c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1email-def-email-text.mnu
c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1email-def-email-voice.mnu
c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1email-def.cdf
c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1email-premium-email-premium.mnu
c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1email-t1-bg.res
c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1email-temp-bg.res
c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1estatationery.gif
c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1flashpatch.js
c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1flashpreview.htm
c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1fs3.htm
c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1hotbar_promo.htm
c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1icon_checked_1.gif
c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1icon_close_1.gif
c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1icon_close_pressed_1.gif
c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1icon_edit_preview.gif
c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1icon_edit_send.gif
c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1icon_flash_preview.gif
c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1icon_recently_used.gif
c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1icon_remove_1.gif
c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1icon_remove_pressed_1.gif
c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1icon_sand-clock2.gif
c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1icon_tell_1.gif
c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1icon_tell_pressed_1.gif
c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1icon_tree_null.gif
c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1icon_unchecked_1.gif
c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1icon_unchecked_pressed_1.gif
c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1img_barlayout.gif
c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1img_barlayout2.gif
c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1img_barlayout4.gif
c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1img_corner_left.gif
c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1img_local_logo.gif
c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1js2_basetemplate.js
c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1js2_hbgroups.js
c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1js2_hbobject3.js
c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1js2_hbobjectset3.js
c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1js2_hotbarwrapper.js
c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1js2_iteratorsandreaders3nf.js
c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1js2_pagingmoduleobj3.js
c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1js2_texts3.js
c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1js2_xmltree3nf.js
c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1layout.cdf
c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1linkpathlegal.txt
c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1more.res
c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1n.gif
c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1nav_b_2.gif
c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1nav_bb_2.gif
c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1nav_f_2.gif
c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1nav_ff_2.gif
c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1pro_hb_fo_word.gif
c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1progress.res
c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1sales_buttons.res
c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1searchbtn.gif
c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1submit.gif
c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1tab_bg.gif
c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1tab_bga.gif
c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1tab_bgia.gif
c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1tab_l.gif
c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1tab_la.gif
c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1tab_lia.gif
c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1tab_r.gif
c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1tab_ra.gif
c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1tab_ria.gif
c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1tree_dots.gif
c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1tree_minus.gif
c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1tree_plus.gif
c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1treedata_animations.xml
c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1treedata_backgrounds.xml
c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1treedata_ecards.xml
c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1treedata_emoticons.xml
c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1treedata_notifiers.xml
c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1treedata_text.xml
c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstaticDownLoadbusiness_promo.xip
c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstaticDownLoadbuttondir.xip
c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstaticDownLoadcode.xip
c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstaticDownLoademail-def.xip
c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstaticDownLoademail-t1-bg.xip
c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstaticDownLoademail-temp-bg.xip
c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstaticDownLoadhotbar_promo.xip
c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstaticDownLoadimages.xip
c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstaticDownLoadlayout.xip
c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstaticDownLoadlinkpathlegal.xip
c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstaticDownLoadlocalcontent.xip
c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstaticDownLoadmore.xip
c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstaticDownLoadpro_hb_fo_word.xip
c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstaticDownLoadprogress.xip
c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstaticDownLoadsales_buttons.xip
c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstaticDownLoadtreexml.xip
c:documents and settingsCatharina AndreeApplication DataHotbarv3.0Hotbardynamic3423589.sdf
c:documents and settingsCatharina AndreeApplication DataHotbarv3.0Hotbardynamicdomains.txt
c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HotbardynamicTooltipXML20570
c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HotbardynamicTooltipXML26664
c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HotbardynamicTooltipXML44228
c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HotbardynamicTooltipXML66836
c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HotbardynamicTooltipXML82292
c:documents and settingsCatharina AndreeApplication DataHotbarv3.0Hotbardynamicustat35d1.dat
c:documents and settingsCatharina AndreeApplication DataHotbarv3.0Hotbarstatic1ads.cdf
c:documents and settingsCatharina AndreeApplication DataHotbarv3.0Hotbarstatic1btntrans.idx
c:documents and settingsCatharina AndreeApplication DataHotbarv3.0Hotbarstatic1btntrans1.dat
c:documents and settingsCatharina AndreeApplication DataHotbarv3.0Hotbarstatic1business_promo.htm
c:documents and settingsCatharina AndreeApplication DataHotbarv3.0Hotbarstatic1buttondir.txt
c:documents and settingsCatharina AndreeApplication DataHotbarv3.0Hotbarstatic1components.cdf
c:documents and settingsCatharina AndreeApplication DataHotbarv3.0Hotbarstatic1cursors.res
c:documents and settingsCatharina AndreeApplication DataHotbarv3.0Hotbarstatic1d_icons_buttons_1000.res
c:documents and settingsCatharina AndreeApplication DataHotbarv3.0Hotbarstatic1d_icons_buttons_2000.res
c:documents and settingsCatharina AndreeApplication DataHotbarv3.0Hotbarstatic1d_icons_buttons_3000.res
c:documents and settingsCatharina AndreeApplication DataHotbarv3.0Hotbarstatic1d_icons_buttons_bar.res
c:documents and settingsCatharina AndreeApplication DataHotbarv3.0Hotbarstatic1d_icons_buttons_bbar1.res
c:documents and settingsCatharina AndreeApplication DataHotbarv3.0Hotbarstatic1d_icons_buttons_logos.res
c:documents and settingsCatharina AndreeApplication DataHotbarv3.0Hotbarstatic1d_icons_buttons_other.res
c:documents and settingsCatharina AndreeApplication DataHotbarv3.0Hotbarstatic1d_icons_weather.res
c:documents and settingsCatharina AndreeApplication DataHotbarv3.0Hotbarstatic1default.cdf
c:documents and settingsCatharina AndreeApplication DataHotbarv3.0Hotbarstatic1Default_511745-514279.mnu
c:documents and settingsCatharina AndreeApplication DataHotbarv3.0Hotbarstatic1Default_bidz.mnu
c:documents and settingsCatharina AndreeApplication DataHotbarv3.0Hotbarstatic1Default_bidz1.mnu
c:documents and settingsCatharina AndreeApplication DataHotbarv3.0Hotbarstatic1Default_bidz10.mnu
c:documents and settingsCatharina AndreeApplication DataHotbarv3.0Hotbarstatic1Default_bidz11.mnu
c:documents and settingsCatharina AndreeApplication DataHotbarv3.0Hotbarstatic1Default_bidz12.mnu
c:documents and settingsCatharina AndreeApplication DataHotbarv3.0Hotbarstatic1Default_bidz13.mnu
c:documents and settingsCatharina AndreeApplication DataHotbarv3.0Hotbarstatic1Default_bidz14.mnu
c:documents and settingsCatharina AndreeApplication DataHotbarv3.0Hotbarstatic1Default_bidz15.mnu
c:documents and settingsCatharina AndreeApplication DataHotbarv3.0Hotbarstatic1Default_bidz16.mnu
c:documents and settingsCatharina AndreeApplication DataHotbarv3.0Hotbarstatic1Default_bidz17.mnu
c:documents and settingsCatharina AndreeApplication DataHotbarv3.0Hotbarstatic1Default_bidz18.mnu
c:documents and settingsCatharina AndreeApplication DataHotbarv3.0Hotbarstatic1Default_bidz19.mnu
c:documents and settingsCatharina AndreeApplication DataHotbarv3.0Hotbarstatic1Default_bidz2.mnu
c:documents and settingsCatharina AndreeApplication DataHotbarv3.0Hotbarstatic1Default_bidz20.mnu
c:documents and settingsCatharina AndreeApplication DataHotbarv3.0Hotbarstatic1Default_bidz3.mnu
c:documents and settingsCatharina AndreeApplication DataHotbarv3.0Hotbarstatic1Default_bidz4.mnu
c:documents and settingsCatharina AndreeApplication DataHotbarv3.0Hotbarstatic1Default_bidz5.mnu
c:documents and settingsCatharina AndreeApplication DataHotbarv3.0Hotbarstatic1Default_bidz6.mnu
c:documents and settingsCatharina AndreeApplication DataHotbarv3.0Hotbarstatic1Default_bidz7.mnu
c:documents and settingsCatharina AndreeApplication DataHotbarv3.0Hotbarstatic1Default_bidz8.mnu
c:documents and settingsCatharina AndreeApplication DataHotbarv3.0Hotbarstatic1Default_bidz9.mnu
c:documents and settingsCatharina AndreeApplication DataHotbarv3.0Hotbarstatic1Default_categorize.mnu
c:documents and settingsCatharina AndreeApplication DataHotbarv3.0Hotbarstatic1Default_comparison.mnu
c:documents and settingsCatharina AndreeApplication DataHotbarv3.0Hotbarstatic1Default_em_PROFL_CA_flow_b_IEB.mnu
c:documents and settingsCatharina AndreeApplication DataHotbarv3.0Hotbarstatic1Default_explorer-Mails.mnu
c:documents and settingsCatharina AndreeApplication DataHotbarv3.0Hotbarstatic1Default_explorer-people.mnu
c:documents and settingsCatharina AndreeApplication DataHotbarv3.0Hotbarstatic1Default_favorites.mnu
c:documents and settingsCatharina AndreeApplication DataHotbarv3.0Hotbarstatic1Default_Games.mnu
c:documents and settingsCatharina AndreeApplication DataHotbarv3.0Hotbarstatic1Default_Hide.mnu
c:documents and settingsCatharina AndreeApplication DataHotbarv3.0Hotbarstatic1Default_hotbarcom.mnu
c:documents and settingsCatharina AndreeApplication DataHotbarv3.0Hotbarstatic1Default_Hotmail.mnu
c:documents and settingsCatharina AndreeApplication DataHotbarv3.0Hotbarstatic1Default_hsskin.mnu
c:documents and settingsCatharina AndreeApplication DataHotbarv3.0Hotbarstatic1Default_jemster.mnu
c:documents and settingsCatharina AndreeApplication DataHotbarv3.0Hotbarstatic1Default_jemsterie.mnu
c:documents and settingsCatharina AndreeApplication DataHotbarv3.0Hotbarstatic1Default_jemsteruk.mnu
c:documents and settingsCatharina AndreeApplication DataHotbarv3.0Hotbarstatic1Default_jobsearch.mnu
c:documents and settingsCatharina AndreeApplication DataHotbarv3.0Hotbarstatic1Default_Mails.mnu
c:documents and settingsCatharina AndreeApplication DataHotbarv3.0Hotbarstatic1Default_new.mnu
c:documents and settingsCatharina AndreeApplication DataHotbarv3.0Hotbarstatic1Default_premium.mnu
c:documents and settingsCatharina AndreeApplication DataHotbarv3.0Hotbarstatic1Default_reun.mnu
c:documents and settingsCatharina AndreeApplication DataHotbarv3.0Hotbarstatic1Default_ringtones.mnu
c:documents and settingsCatharina AndreeApplication DataHotbarv3.0Hotbarstatic1Default_SearchBoxTrapper.mnu
c:documents and settingsCatharina AndreeApplication DataHotbarv3.0Hotbarstatic1Default_searchfor.mnu
c:documents and settingsCatharina AndreeApplication DataHotbarv3.0Hotbarstatic1Default_searchgo.mnu
c:documents and settingsCatharina AndreeApplication DataHotbarv3.0Hotbarstatic1Default_weather.mnu
c:documents and settingsCatharina AndreeApplication DataHotbarv3.0Hotbarstatic1Default_yellowpages.mnu
c:documents and settingsCatharina AndreeApplication DataHotbarv3.0Hotbarstatic1email-def-511724-548964.mnu
c:documents and settingsCatharina AndreeApplication DataHotbarv3.0Hotbarstatic1email-def-511724-9595.mnu
c:documents and settingsCatharina AndreeApplication DataHotbarv3.0Hotbarstatic1email-t1-bg.res
c:documents and settingsCatharina AndreeApplication DataHotbarv3.0Hotbarstatic1gamesmenu.cdf
c:documents and settingsCatharina AndreeApplication DataHotbarv3.0Hotbarstatic1gamesMenu.mnu
c:documents and settingsCatharina AndreeApplication DataHotbarv3.0Hotbarstatic1hb_ie_menu.res
c:documents and settingsCatharina AndreeApplication DataHotbarv3.0Hotbarstatic1hotbar-premium-hotbar-premium.mnu
c:documents and settingsCatharina AndreeApplication DataHotbarv3.0Hotbarstatic1hotbar-premium.cdf
c:documents and settingsCatharina AndreeApplication DataHotbarv3.0Hotbarstatic1hotbar_promo.htm
c:documents and settingsCatharina AndreeApplication DataHotbarv3.0Hotbarstatic1icons2.res
c:documents and settingsCatharina AndreeApplication DataHotbarv3.0Hotbarstatic1ie_games_icon.res
c:documents and settingsCatharina AndreeApplication DataHotbarv3.0Hotbarstatic1ie_video.res
c:documents and settingsCatharina AndreeApplication DataHotbarv3.0Hotbarstatic1keywords.idx
c:documents and settingsCatharina AndreeApplication DataHotbarv3.0Hotbarstatic1keywords1.dat
c:documents and settingsCatharina AndreeApplication DataHotbarv3.0Hotbarstatic1layout.cdf
c:documents and settingsCatharina AndreeApplication DataHotbarv3.0Hotbarstatic1linkpathlegal.txt
-
ComboFix 08-11-09.04 - Catharina Andree 2008-11-10 19:18:42.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1053.18.214 [GMT 1:00]
Running from: c:documents and settingsCatharina AndreeSkrivbordComboFix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:documents and settingsAll UsersApplication DataHotbarSA
c:documents and settingsAll UsersApplication DataHotbarSAHotbarSA.dat
c:documents and settingsAll UsersApplication DataHotbarSAHotbarSA_kyf.dat
c:documents and settingsAll UsersApplication DataHotbarSAHotbarSAAbout.mht
c:documents and settingsAll UsersApplication DataHotbarSAHotbarSAau.dat
c:documents and settingsAll UsersApplication DataHotbarSAHotbarSAEULA.mht
c:documents and settingsAll UsersStart-menyProgramHotbar
c:documents and settingsAll UsersStart-menyProgramHotbarAbout Hotbar.lnk
c:documents and settingsAll UsersStart-menyProgramHotbarHotbar Customer Support Center.lnk
c:documents and settingsAll UsersStart-menyProgramHotbarReset Cursor.lnk
c:documents and settingsAll UsersStart-menyProgramHotbarUninstall Hotbar.lnk
c:documents and settingsCatharina AndreeApplication DataHbTools
c:documents and settingsCatharina AndreeApplication DataHbTools(2)
c:documents and settingsCatharina AndreeApplication DataHbTools(2)HbTools.log
c:documents and settingsCatharina AndreeApplication DataHbTools(2)v3(2).0HbTools(2)dynamic(2)279882.sdf
c:documents and settingsCatharina AndreeApplication DataHbTools(2)v3(2).0HbTools(2)dynamic(2)TooltipXML29115
c:documents and settingsCatharina AndreeApplication DataHbTools(2)v3(2).0HbTools(2)dynamic(2)TooltipXML39280
c:documents and settingsCatharina AndreeApplication DataHbTools(2)v3(2).0HbTools(2)dynamic(2)TooltipXML44228
c:documents and settingsCatharina AndreeApplication DataHbTools(2)v3(2).0HbTools(2)dynamic(2)TooltipXML618304
c:documents and settingsCatharina AndreeApplication DataHbTools(2)v3(2).0HbTools(2)dynamic(2)TooltipXML706496
c:documents and settingsCatharina AndreeApplication DataHbTools(2)v3(2).0HbTools(2)dynamic(2)TooltipXML706539
c:documents and settingsCatharina AndreeApplication DataHbToolsHbTools.log
c:documents and settingsCatharina AndreeApplication DataHbToolsv3.0hbtoolsdynamic1.sdf
c:documents and settingsCatharina AndreeApplication DataHbToolsv3.0hbtoolsstatic1ads.cdf
c:documents and settingsCatharina AndreeApplication DataHbToolsv3.0hbtoolsstatic1btntrans.idx
c:documents and settingsCatharina AndreeApplication DataHbToolsv3.0hbtoolsstatic1btntrans1.dat
c:documents and settingsCatharina AndreeApplication DataHbToolsv3.0hbtoolsstatic1business_promo.htm
c:documents and settingsCatharina AndreeApplication DataHbToolsv3.0hbtoolsstatic1buttondir.txt
c:documents and settingsCatharina AndreeApplication DataHbToolsv3.0hbtoolsstatic1components.cdf
c:documents and settingsCatharina AndreeApplication DataHbToolsv3.0hbtoolsstatic1cursors.res
c:documents and settingsCatharina AndreeApplication DataHbToolsv3.0hbtoolsstatic1d_icons_buttons_1000.res
c:documents and settingsCatharina AndreeApplication DataHbToolsv3.0hbtoolsstatic1d_icons_buttons_2000.res
c:documents and settingsCatharina AndreeApplication DataHbToolsv3.0hbtoolsstatic1d_icons_buttons_3000.res
c:documents and settingsCatharina AndreeApplication DataHbToolsv3.0hbtoolsstatic1d_icons_buttons_bar.res
c:documents and settingsCatharina AndreeApplication DataHbToolsv3.0hbtoolsstatic1d_icons_buttons_bbar1.res
c:documents and settingsCatharina AndreeApplication DataHbToolsv3.0hbtoolsstatic1d_icons_buttons_logos.res
c:documents and settingsCatharina AndreeApplication DataHbToolsv3.0hbtoolsstatic1d_icons_buttons_other.res
c:documents and settingsCatharina AndreeApplication DataHbToolsv3.0hbtoolsstatic1d_icons_weather.res
c:documents and settingsCatharina AndreeApplication DataHbToolsv3.0hbtoolsstatic1default.cdf
c:documents and settingsCatharina AndreeApplication DataHbToolsv3.0hbtoolsstatic1Default_511745-514279.mnu
c:documents and settingsCatharina AndreeApplication DataHbToolsv3.0hbtoolsstatic1Default_bidz.mnu
c:documents and settingsCatharina AndreeApplication DataHbToolsv3.0hbtoolsstatic1Default_bidz1.mnu
c:documents and settingsCatharina AndreeApplication DataHbToolsv3.0hbtoolsstatic1Default_bidz10.mnu
c:documents and settingsCatharina AndreeApplication DataHbToolsv3.0hbtoolsstatic1Default_bidz11.mnu
c:documents and settingsCatharina AndreeApplication DataHbToolsv3.0hbtoolsstatic1Default_bidz12.mnu
c:documents and settingsCatharina AndreeApplication DataHbToolsv3.0hbtoolsstatic1Default_bidz13.mnu
c:documents and settingsCatharina AndreeApplication DataHbToolsv3.0hbtoolsstatic1Default_bidz14.mnu
c:documents and settingsCatharina AndreeApplication DataHbToolsv3.0hbtoolsstatic1Default_bidz15.mnu
c:documents and settingsCatharina AndreeApplication DataHbToolsv3.0hbtoolsstatic1Default_bidz16.mnu
c:documents and settingsCatharina AndreeApplication DataHbToolsv3.0hbtoolsstatic1Default_bidz17.mnu
c:documents and settingsCatharina AndreeApplication DataHbToolsv3.0hbtoolsstatic1Default_bidz18.mnu
c:documents and settingsCatharina AndreeApplication DataHbToolsv3.0hbtoolsstatic1Default_bidz19.mnu
c:documents and settingsCatharina AndreeApplication DataHbToolsv3.0hbtoolsstatic1Default_bidz2.mnu
c:documents and settingsCatharina AndreeApplication DataHbToolsv3.0hbtoolsstatic1Default_bidz20.mnu
c:documents and settingsCatharina AndreeApplication DataHbToolsv3.0hbtoolsstatic1Default_bidz3.mnu
c:documents and settingsCatharina AndreeApplication DataHbToolsv3.0hbtoolsstatic1Default_bidz4.mnu
c:documents and settingsCatharina AndreeApplication DataHbToolsv3.0hbtoolsstatic1Default_bidz5.mnu
c:documents and settingsCatharina AndreeApplication DataHbToolsv3.0hbtoolsstatic1Default_bidz6.mnu
c:documents and settingsCatharina AndreeApplication DataHbToolsv3.0hbtoolsstatic1Default_bidz7.mnu
c:documents and settingsCatharina AndreeApplication DataHbToolsv3.0hbtoolsstatic1Default_bidz8.mnu
c:documents and settingsCatharina AndreeApplication DataHbToolsv3.0hbtoolsstatic1Default_bidz9.mnu
c:documents and settingsCatharina AndreeApplication DataHbToolsv3.0hbtoolsstatic1Default_categorize.mnu
c:documents and settingsCatharina AndreeApplication DataHbToolsv3.0hbtoolsstatic1Default_comparison.mnu
c:documents and settingsCatharina AndreeApplication DataHbToolsv3.0hbtoolsstatic1Default_em_PROFL_CA_flow_b_IEB.mnu
c:documents and settingsCatharina AndreeApplication DataHbToolsv3.0hbtoolsstatic1Default_explorer-Mails.mnu
c:documents and settingsCatharina AndreeApplication DataHbToolsv3.0hbtoolsstatic1Default_explorer-people.mnu
c:documents and settingsCatharina AndreeApplication DataHbToolsv3.0hbtoolsstatic1Default_favorites.mnu
c:documents and settingsCatharina AndreeApplication DataHbToolsv3.0hbtoolsstatic1Default_Games.mnu
c:documents and settingsCatharina AndreeApplication DataHbToolsv3.0hbtoolsstatic1Default_Hide.mnu
c:documents and settingsCatharina AndreeApplication DataHbToolsv3.0hbtoolsstatic1Default_hotbarcom.mnu
c:documents and settingsCatharina AndreeApplication DataHbToolsv3.0hbtoolsstatic1Default_Hotmail.mnu
c:documents and settingsCatharina AndreeApplication DataHbToolsv3.0hbtoolsstatic1Default_hsskin.mnu
c:documents and settingsCatharina AndreeApplication DataHbToolsv3.0hbtoolsstatic1Default_jemster.mnu
c:documents and settingsCatharina AndreeApplication DataHbToolsv3.0hbtoolsstatic1Default_jemsterie.mnu
c:documents and settingsCatharina AndreeApplication DataHbToolsv3.0hbtoolsstatic1Default_jemsteruk.mnu
c:documents and settingsCatharina AndreeApplication DataHbToolsv3.0hbtoolsstatic1Default_jobsearch.mnu
c:documents and settingsCatharina AndreeApplication DataHbToolsv3.0hbtoolsstatic1Default_Mails.mnu
c:documents and settingsCatharina AndreeApplication DataHbToolsv3.0hbtoolsstatic1Default_new.mnu
c:documents and settingsCatharina AndreeApplication DataHbToolsv3.0hbtoolsstatic1Default_premium.mnu
c:documents and settingsCatharina AndreeApplication DataHbToolsv3.0hbtoolsstatic1Default_reun.mnu
c:documents and settingsCatharina AndreeApplication DataHbToolsv3.0hbtoolsstatic1Default_ringtones.mnu
c:documents and settingsCatharina AndreeApplication DataHbToolsv3.0hbtoolsstatic1Default_SearchBoxTrapper.mnu
c:documents and settingsCatharina AndreeApplication DataHbToolsv3.0hbtoolsstatic1Default_searchfor.mnu
c:documents and settingsCatharina AndreeApplication DataHbToolsv3.0hbtoolsstatic1Default_searchgo.mnu
c:documents and settingsCatharina AndreeApplication DataHbToolsv3.0hbtoolsstatic1Default_weather.mnu
c:documents and settingsCatharina AndreeApplication DataHbToolsv3.0hbtoolsstatic1Default_yellowpages.mnu
c:documents and settingsCatharina AndreeApplication DataHbToolsv3.0hbtoolsstatic1email-def-511724-548964.mnu
c:documents and settingsCatharina AndreeApplication DataHbToolsv3.0hbtoolsstatic1email-def-511724-9595.mnu
c:documents and settingsCatharina AndreeApplication DataHbToolsv3.0hbtoolsstatic1email-t1-bg.res
c:documents and settingsCatharina AndreeApplication DataHbToolsv3.0hbtoolsstatic1gamesmenu.cdf
c:documents and settingsCatharina AndreeApplication DataHbToolsv3.0hbtoolsstatic1gamesMenu.mnu
c:documents and settingsCatharina AndreeApplication DataHbToolsv3.0hbtoolsstatic1hb_ie_menu.res
c:documents and settingsCatharina AndreeApplication DataHbToolsv3.0hbtoolsstatic1hotbar-premium-hotbar-premium.mnu
c:documents and settingsCatharina AndreeApplication DataHbToolsv3.0hbtoolsstatic1hotbar-premium.cdf
c:documents and settingsCatharina AndreeApplication DataHbToolsv3.0hbtoolsstatic1hotbar_promo.htm
c:documents and settingsCatharina AndreeApplication DataHbToolsv3.0hbtoolsstatic1icons2.res
c:documents and settingsCatharina AndreeApplication DataHbToolsv3.0hbtoolsstatic1ie_games_icon.res
c:documents and settingsCatharina AndreeApplication DataHbToolsv3.0hbtoolsstatic1ie_video.res
c:documents and settingsCatharina AndreeApplication DataHbToolsv3.0hbtoolsstatic1keywords.idx
c:documents and settingsCatharina AndreeApplication DataHbToolsv3.0hbtoolsstatic1keywords1.dat
c:documents and settingsCatharina AndreeApplication DataHbToolsv3.0hbtoolsstatic1layout.cdf
c:documents and settingsCatharina AndreeApplication DataHbToolsv3.0hbtoolsstatic1linkpathlegal.txt
c:documents and settingsCatharina AndreeApplication DataHbToolsv3.0hbtoolsstatic1more.res
c:documents and settingsCatharina AndreeApplication DataHbToolsv3.0hbtoolsstatic1new_games.mnu
c:documents and settingsCatharina AndreeApplication DataHbToolsv3.0hbtoolsstatic1progress.res
c:documents and settingsCatharina AndreeApplication DataHbToolsv3.0hbtoolsstatic1s_icons_buttons.res
c:documents and settingsCatharina AndreeApplication DataHbToolsv3.0hbtoolsstatic1sales_buttons.res
c:documents and settingsCatharina AndreeApplication DataHbToolsv3.0hbtoolsstatic1t2_bg.res
c:documents and settingsCatharina AndreeApplication DataHbToolsv3.0hbtoolsstatic1theweb.mnu
c:documents and settingsCatharina AndreeApplication DataHbToolsv3.0hbtoolsstatic1top7.cdf
c:documents and settingsCatharina AndreeApplication DataHbToolsv3.0hbtoolsstatic1Top7_theweb.mnu
c:documents and settingsCatharina AndreeApplication DataHbToolsv3.0hbtoolsstatic1tsd_bg.res
c:documents and settingsCatharina AndreeApplication DataHbToolsv3.0hbtoolsstatic1weathericon.res
c:documents and settingsCatharina AndreeApplication DataHbToolsv3.0hbtoolsstaticDownLoadads.xip
c:documents and settingsCatharina AndreeApplication DataHbToolsv3.0hbtoolsstaticDownLoadBtnTrans.xip
c:documents and settingsCatharina AndreeApplication DataHbToolsv3.0hbtoolsstaticDownLoadBtnTrans1.xip
c:documents and settingsCatharina AndreeApplication DataHbToolsv3.0hbtoolsstaticDownLoadbusiness_promo.xip
c:documents and settingsCatharina AndreeApplication DataHbToolsv3.0hbtoolsstaticDownLoadbuttondir.xip
c:documents and settingsCatharina AndreeApplication DataHbToolsv3.0hbtoolsstaticDownLoadcursors.xip
c:documents and settingsCatharina AndreeApplication DataHbToolsv3.0hbtoolsstaticDownLoadd_icons_buttons_1000.xip
c:documents and settingsCatharina AndreeApplication DataHbToolsv3.0hbtoolsstaticDownLoadd_icons_buttons_2000.xip
c:documents and settingsCatharina AndreeApplication DataHbToolsv3.0hbtoolsstaticDownLoadd_icons_buttons_3000.xip
c:documents and settingsCatharina AndreeApplication DataHbToolsv3.0hbtoolsstaticDownLoadd_icons_buttons_bar.xip
c:documents and settingsCatharina AndreeApplication DataHbToolsv3.0hbtoolsstaticDownLoadd_icons_buttons_bbar1.xip
c:documents and settingsCatharina AndreeApplication DataHbToolsv3.0hbtoolsstaticDownLoadd_icons_buttons_logos.xip
c:documents and settingsCatharina AndreeApplication DataHbToolsv3.0hbtoolsstaticDownLoadd_icons_buttons_other.xip
c:documents and settingsCatharina AndreeApplication DataHbToolsv3.0hbtoolsstaticDownLoadd_icons_weather.xip
c:documents and settingsCatharina AndreeApplication DataHbToolsv3.0hbtoolsstaticDownLoaddefault.xip
c:documents and settingsCatharina AndreeApplication DataHbToolsv3.0hbtoolsstaticDownLoademail-t1-bg.xip
c:documents and settingsCatharina AndreeApplication DataHbToolsv3.0hbtoolsstaticDownLoadgamesmenu.xip
c:documents and settingsCatharina AndreeApplication DataHbToolsv3.0hbtoolsstaticDownLoadhb_ie_menu.xip
c:documents and settingsCatharina AndreeApplication DataHbToolsv3.0hbtoolsstaticDownLoadhotbar-premium.xip
c:documents and settingsCatharina AndreeApplication DataHbToolsv3.0hbtoolsstaticDownLoadhotbar_promo.xip
c:documents and settingsCatharina AndreeApplication DataHbToolsv3.0hbtoolsstaticDownLoadicons2.xip
c:documents and settingsCatharina AndreeApplication DataHbToolsv3.0hbtoolsstaticDownLoadie_games_icon.xip
c:documents and settingsCatharina AndreeApplication DataHbToolsv3.0hbtoolsstaticDownLoadie_video.xip
c:documents and settingsCatharina AndreeApplication DataHbToolsv3.0hbtoolsstaticDownLoadkeywords.xip
c:documents and settingsCatharina AndreeApplication DataHbToolsv3.0hbtoolsstaticDownLoadkeywords1.xip
c:documents and settingsCatharina AndreeApplication DataHbToolsv3.0hbtoolsstaticDownLoadlayout.xip
c:documents and settingsCatharina AndreeApplication DataHbToolsv3.0hbtoolsstaticDownLoadlinkpathlegal.xip
c:documents and settingsCatharina AndreeApplication DataHbToolsv3.0hbtoolsstaticDownLoadmore.xip
c:documents and settingsCatharina AndreeApplication DataHbToolsv3.0hbtoolsstaticDownLoadprogress.xip
c:documents and settingsCatharina AndreeApplication DataHbToolsv3.0hbtoolsstaticDownLoads_icons_buttons.xip
c:documents and settingsCatharina AndreeApplication DataHbToolsv3.0hbtoolsstaticDownLoadsales_buttons.xip
c:documents and settingsCatharina AndreeApplication DataHbToolsv3.0hbtoolsstaticDownLoadsamplegroups2.txt
c:documents and settingsCatharina AndreeApplication DataHbToolsv3.0hbtoolsstaticDownLoadsamplegroups2.xip
c:documents and settingsCatharina AndreeApplication DataHbToolsv3.0hbtoolsstaticDownLoadt2_bg.xip
c:documents and settingsCatharina AndreeApplication DataHbToolsv3.0hbtoolsstaticDownLoadtop7.xip
c:documents and settingsCatharina AndreeApplication DataHbToolsv3.0hbtoolsstaticDownLoadtsd_bg.xip
c:documents and settingsCatharina AndreeApplication DataHbToolsv3.0hbtoolsstaticDownLoadweathericon.xip
c:documents and settingsCatharina AndreeApplication DataHotbar
c:documents and settingsCatharina AndreeApplication DataHotbarHbTools.log
c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1030104_emte10_prv.gif
c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1030104_emte11_prv.gif
c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1030104_emte12_prv.gif
c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1030104_emte13_prv.gif
c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1030104_emte14_prv.gif
c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1030104_emte19_prv.gif
c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1030104_emte20_prv.gif
c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1030104_emte21_prv.gif
c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1030104_emte9_prv.gif
c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1030203lib_prv.gif
c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1033102angel_1_prv.gif
c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1033102bigluf_1_prv.gif
c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1033102bigsmile_1_prv.gif
c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1033102birthday_1_prv.gif
c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1033102cheers_1_prv.gif
c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1033102flo_1_prv.gif
c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1033102good_1_prv.gif
c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1033102jump_1_prv.gif
c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1033102king_1_prv.gif
c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1033102lough_1_prv.gif
c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1033102luf_1_prv.gif
c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1033102smile_1_prv.gif
c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1033102smiled_1_prv.gif
c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1033102sor_1_prv.gif
c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1033102thanx_1_prv.gif
c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1033102uhu_1_prv.gif
c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1040103ahh_prv.gif
c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1040103wow_prv.gif
c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1040104_emi2_prv.gif
c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1042102_1134_112_prv.gif
c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1050103big_prv.gif
c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1050103gig_prv.gif
c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1050103hm_prv.gif
c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1050103nomail_emoti_prv.gif
c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1050103norm_prv.gif
c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1060104_ema15_prv.gif
c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1060104_ema16_prv.gif
c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1060104_ema17_prv.gif
c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1060104_ema18_prv.gif
c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1060104_ema19_prv.gif
c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1060104_ema20_prv.gif
c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1060104_ema21_prv.gif
c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1060104_ema24_prv.gif
c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1060104_ema25_prv.gif
c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1060104_ema26_prv.gif
c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1060104_ema30_prv.gif
c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1060104_ema33_prv.gif
c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1060104_ema34_prv.gif
c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1062802hippi_prv.gif
c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1062802jumpie_prv.gif
c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1080402argh_prv.gif
c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1080402oops_prv.gif
c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1080402ouch_prv.gif
c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1082502no_prv.gif
c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1082502yes_prv.gif
c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1110103_boring1_prv.gif
c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1110103_confused_prv.gif
c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1110103_crying_ugly_prv.gif
c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1110103_fantastic_prv.gif
c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1110103_feel_better_prv.gif
c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1110103_gimme_break_prv.gif
c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1110103_heehee_prv.gif
c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1110103_hlopaet_prv.gif
c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1110103_ign_prv.gif
c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1110103_lol_prv.gif
c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1110103_no_comment_prv.gif
c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1110103_peace_prv.gif
c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1110103_smashing_prv.gif
c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1110103_talk2thehand_prv.gif
c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1block_sm.gif
c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1block_sm2.gif
c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1block_smli.gif
c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1block_smli2.gif
c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1blocked.gif
c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1blocked2.gif
c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1btn_add-but.gif
c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1btn_back-but.gif
c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1btn_left_cut_enabled_1.gif
c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1btn_left_enabled_1.gif
c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1btn_left_pressed_1.gif
c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1btn_middle_enabled_1.gif
c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1btn_middle_pressed_1.gif
c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1btn_right_cut_enabled_1.gif
c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1btn_right_enabled_1.gif
c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1btn_right_pressed_1.gif
c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1business_promo.htm
-
Hej Malou
Det är mest barnen som använder datorn. Så om det är avsiktligt eller inte som MyWaySA och Macrogaming är installerat vet jag inte, men det är inget som vi kommer sakna om man ska ta bort dessa. Detsamma är det med bakgrundsbilden. Tyckte att Combofix verkade ta bort en del filer i MyWaySA när det kördes i alla fall. Bifogar senaste loggfilerna.
Ha en bra dag
//Stefan
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:16:39, on 2008-11-11
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal
Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:ProgramDelade filerSymantec SharedccSetMgr.exe
C:ProgramDelade filerSymantec SharedccEvtMgr.exe
C:ProgramDelade filerSymantec SharedccProxy.exe
C:ProgramDelade filerSymantec SharedPIF{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}PIFSvc.exe
C:ProgramDelade filerSymantec SharedSNDSrvc.exe
C:ProgramDelade filerSymantec SharedSPBBCSPBBCSvc.exe
C:ProgramDelade filerSymantec SharedCCPD-LCsymlcsvc.exe
C:WINDOWSsystem32LEXBCES.EXE
C:WINDOWSsystem32LEXPPS.EXE
C:WINDOWSsystem32spoolsv.exe
C:ProgramSymantecLiveUpdateALUSchedulerSvc.exe
C:WINDOWSSystem32svchost.exe
C:ProgramDellOpenManageClientIap.exe
C:ProgramMicrosoft SQL ServerMSSQL$SPCSBinnsqlservr.exe
C:ProgramNorton Internet SecurityNorton AntiVirusnavapsvc.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSExplorer.EXE
C:ProgramMacrogamingSweetIMSweetIM.exe
C:ProgramJavajre1.6.0_05binjusched.exe
C:ProgramQuickTimeqttask.exe
C:WINDOWSsystem32LXSUPMON.EXE
C:WINDOWSsystem32igfxpers.exe
C:WINDOWSsystem32hkcmd.exe
C:ProgramCyberLinkPowerDVDDVDLauncher.exe
C:ProgramDelade filerSymantec SharedccApp.exe
C:WINDOWSsystem32ctfmon.exe
C:ProgramWindows Media PlayerWMPNSCFG.exe
C:ProgramGoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe
C:GarmingStart.exe
C:ProgramWindows LiveMessengermsnmsgr.exe
C:ProgramDelade filerSymantec SharedSecurity ConsoleNSCSRVCE.EXE
C:ProgramInternet ExplorerIEXPLORE.EXE
C:ProgramDelade filerMicrosoft SharedWindows LiveWLLoginProxy.exe
C:ProgramMessengermsmsgs.exe
C:ProgramTrend MicroHijackThisCatha.exe
R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = https://upplandsbro.skola24.se/
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www1.euro.dell.com/content/default....;l=sv&s=gen
R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Länkar
R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:ProgramMacrogamingSweetIMBarForIEtoolbar.dll
O2 - BHO: (no name) - {4D25F921-B9FE-4682-BF72-8AB8210D6D75} - C:ProgramMyWaySASrchAsDedeSrcAs.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:ProgramJavajre1.6.0_05binssv.dll
O2 - BHO: Windows Live inloggningshjälpen - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:ProgramDelade filerMicrosoft SharedWindows LiveWindowsLiveLogin.dll
O2 - BHO: Norton Internet Security 2006 - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:ProgramDelade filerSymantec SharedAdBlockingNISShExt.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:ProgramNorton Internet SecurityNorton AntiVirusNavShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:programgooglegoogletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:ProgramGoogleGoogleToolbarNotifier3.1.807.1746swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:ProgramWindows Live Toolbarmsntb.dll
O3 - Toolbar: Norton Internet Security 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:ProgramDelade filerSymantec SharedAdBlockingNISShExt.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:ProgramNorton Internet SecurityNorton AntiVirusNavShExt.dll
O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:ProgramMacrogamingSweetIMBarForIEtoolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:programgooglegoogletoolbar1.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:ProgramWinamp Toolbarwinamptb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:ProgramWindows Live Toolbarmsntb.dll
O4 - HKLM..Run: [symantec PIF AlertEng] "C:ProgramDelade filerSymantec SharedPIF{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}PIFSvc.exe" /a /m "C:ProgramDelade filerSymantec SharedPIF{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}AlertEng.dll"
O4 - HKLM..Run: [sweetIM] C:ProgramMacrogamingSweetIMSweetIM.exe
O4 - HKLM..Run: [sunJavaUpdateSched] "C:ProgramJavajre1.6.0_05binjusched.exe"
O4 - HKLM..Run: [QuickTime Task] "C:ProgramQuickTimeqttask.exe" -atboottime
O4 - HKLM..Run: [LXSUPMON] C:WINDOWSsystem32LXSUPMON.EXE RUN
O4 - HKLM..Run: [igfxtray] C:WINDOWSsystem32igfxtray.exe
O4 - HKLM..Run: [igfxpers] C:WINDOWSsystem32igfxpers.exe
O4 - HKLM..Run: [igfxhkcmd] C:WINDOWSsystem32hkcmd.exe
O4 - HKLM..Run: [DVDLauncher] "C:ProgramCyberLinkPowerDVDDVDLauncher.exe"
O4 - HKLM..Run: [ccApp] "C:ProgramDelade filerSymantec SharedccApp.exe"
O4 - HKLM..Run: [Adobe Reader Speed Launcher] "C:ProgramAdobeReader 8.0ReaderReader_sl.exe"
O4 - HKCU..Run: [ctfmon.exe] C:WINDOWSsystem32ctfmon.exe
O4 - HKCU..Run: [WMPNSCFG] C:ProgramWindows Media PlayerWMPNSCFG.exe
O4 - HKCU..Run: [swg] C:ProgramGoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe
O4 - HKCU..Run: [MsnMsgr] "C:ProgramWindows LiveMessengermsnmsgr.exe" /background
O4 - HKCU..Run: [gStart] C:GarmingStart.exe
O4 - HKUSS-1-5-19..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User 'LOKAL TJÄNST')
O4 - HKUSS-1-5-20..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUSS-1-5-18..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User 'SYSTEM')
O4 - HKUS.DEFAULT..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Winamp Toolbar Search - C:Documents and SettingsAll UsersApplication DataWinamp ToolbarieToolbarresourcesen-USlocalsearch.html
O8 - Extra context menu item: &Windows Live Search - res://C:ProgramWindows Live Toolbarmsntb.dll/search.htm
O8 - Extra context menu item: Add to AMV Converter... - C:ProgramMP3 Player Utilities 4.15AMVConvertergrab.html
O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:ProgramMICROS~2OFFICE11EXCEL.EXE/3000
O8 - Extra context menu item: MediaManager tool grab multimedia file - C:ProgramMP3 Player Utilities 4.15MediaManagergrab.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:ProgramJavajre1.6.0_05binssv.dll
O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:ProgramJavajre1.6.0_05binssv.dll
O9 - Extra button: Blogga detta - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:ProgramWindows LiveWriterWriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blogga detta i Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:ProgramWindows LiveWriterWriterBrowserExtension.dll
O9 - Extra button: Referensinformation - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:ProgramMICROS~2OFFICE11REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:ProgramMessengermsmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:ProgramMessengermsmsgs.exe
O16 - DPF: {45A0A292-ECC6-4D8F-9EA9-A4BD411D24C1} (king.com) - http://www.king.com/ctl/kingcomie.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game12.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab
O20 - AppInit_DLLs: bjxykt.dll
O23 - Service: Automatisk LiveUpdate-schemaläggare - Symantec Corporation - C:ProgramSymantecLiveUpdateALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:ProgramDelade filerSymantec SharedccEvtMgr.exe
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:ProgramNorton Internet SecurityccPwdSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:ProgramDelade filerSymantec SharedccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:ProgramDelade filerSymantec SharedccSetMgr.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:ProgramNorton Internet SecuritycomHost.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:ProgramGoogleCommonGoogle UpdaterGoogleUpdaterService.exe
O23 - Service: Iap - Dell Inc - C:ProgramDellOpenManageClientIap.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:WINDOWSsystem32LEXBCES.EXE
O23 - Service: LiveUpdate - Symantec Corporation - C:ProgramSymantecLIVEUP~1LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:ProgramDelade filerSymantec SharedPIF{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}PIFSvc.exe
O23 - Service: Norton AntiVirus Auto Protect-tjänst (navapsvc) - Symantec Corporation - C:ProgramNorton Internet SecurityNorton AntiVirusnavapsvc.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:ProgramIntelNCSSyncNetSvc.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:ProgramDelade filerSymantec SharedSecurity ConsoleNSCSRVCE.EXE
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:ProgramNorton Internet SecurityNorton AntiVirusSAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:ProgramDelade filerSymantec SharedSNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:ProgramDelade filerSymantec SharedSPBBCSPBBCSvc.exe
O23 - Service: Symantec Core LC - Unknown owner - C:ProgramDelade filerSymantec SharedCCPD-LCsymlcsvc.exe
O23 - Service: Symantec RemoteAssist - Symantec, Inc. - C:ProgramDelade filerSymantec SharedSupport Controlsssrc.exe
O24 - Desktop Component 0: (no name) - http://www.microsoft.com/windows/plus/imag...ish_150x106.jpg
--
End of file - 11000 bytes
-
Här kommer nästa:
M.v.h
Stefan
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:08:05, on 2008-11-10
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal
Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:ProgramDelade filerSymantec SharedccSetMgr.exe
C:ProgramDelade filerSymantec SharedccEvtMgr.exe
C:ProgramDelade filerSymantec SharedccProxy.exe
C:ProgramDelade filerSymantec SharedPIF{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}PIFSvc.exe
C:ProgramDelade filerSymantec SharedSNDSrvc.exe
C:ProgramDelade filerSymantec SharedSPBBCSPBBCSvc.exe
C:ProgramDelade filerSymantec SharedCCPD-LCsymlcsvc.exe
C:WINDOWSsystem32LEXBCES.EXE
C:WINDOWSsystem32LEXPPS.EXE
C:WINDOWSsystem32spoolsv.exe
C:ProgramSymantecLiveUpdateALUSchedulerSvc.exe
C:WINDOWSSystem32svchost.exe
C:ProgramDellOpenManageClientIap.exe
C:ProgramMicrosoft SQL ServerMSSQL$SPCSBinnsqlservr.exe
C:ProgramNorton Internet SecurityNorton AntiVirusnavapsvc.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSExplorer.EXE
C:ProgramMacrogamingSweetIMSweetIM.exe
C:ProgramJavajre1.6.0_05binjusched.exe
C:ProgramQuickTimeqttask.exe
C:WINDOWSsystem32LXSUPMON.EXE
C:WINDOWSsystem32igfxpers.exe
C:WINDOWSsystem32hkcmd.exe
C:ProgramCyberLinkPowerDVDDVDLauncher.exe
C:ProgramDelade filerSymantec SharedccApp.exe
C:WINDOWSsystem32ctfmon.exe
C:ProgramWindows Media PlayerWMPNSCFG.exe
C:ProgramGoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe
C:ProgramWindows LiveMessengermsnmsgr.exe
C:GarmingStart.exe
C:ProgramDelade filerSymantec SharedSecurity ConsoleNSCSRVCE.EXE
C:ProgramInternet Exploreriexplore.exe
C:ProgramDelade filerMicrosoft SharedWindows LiveWLLoginProxy.exe
C:ProgramMessengermsmsgs.exe
C:ProgramTrend MicroHijackThisCatha.exe
R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Search Bar = http://dellsearchedit.myway.com/samisc/del...ebar.jhtml?p=EB
R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = https://upplandsbro.skola24.se/
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www1.euro.dell.com/content/default....;l=sv&s=gen
R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Länkar
R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:ProgramMacrogamingSweetIMBarForIEtoolbar.dll
O2 - BHO: mxlivemedia browser enhancer - {15f1de2b-e547-f1d4-f82d-d5bfd4ee2e0e} - C:WINDOWSsystem32tuyrgsacxlt.dll (file missing)
O2 - BHO: (no name) - {4D25F921-B9FE-4682-BF72-8AB8210D6D75} - C:ProgramMyWaySASrchAsDedeSrcAs.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:ProgramJavajre1.6.0_05binssv.dll
O2 - BHO: Windows Live inloggningshjälpen - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:ProgramDelade filerMicrosoft SharedWindows LiveWindowsLiveLogin.dll
O2 - BHO: Norton Internet Security 2006 - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:ProgramDelade filerSymantec SharedAdBlockingNISShExt.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:ProgramNorton Internet SecurityNorton AntiVirusNavShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:programgooglegoogletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:ProgramGoogleGoogleToolbarNotifier3.1.807.1746swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:ProgramWindows Live Toolbarmsntb.dll
O3 - Toolbar: Norton Internet Security 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:ProgramDelade filerSymantec SharedAdBlockingNISShExt.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:ProgramNorton Internet SecurityNorton AntiVirusNavShExt.dll
O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:ProgramMacrogamingSweetIMBarForIEtoolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:programgooglegoogletoolbar1.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:ProgramWinamp Toolbarwinamptb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:ProgramWindows Live Toolbarmsntb.dll
O4 - HKLM..Run: [symantec PIF AlertEng] "C:ProgramDelade filerSymantec SharedPIF{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}PIFSvc.exe" /a /m "C:ProgramDelade filerSymantec SharedPIF{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}AlertEng.dll"
O4 - HKLM..Run: [C:WINDOWSsystem32kdihl.exe] C:WINDOWSsystem32kdihl.exe
O4 - HKLM..Run: [Windows Updater] updater.com
O4 - HKLM..Run: [WinampAgent] C:ProgramWinampwianmpa.exe
O4 - HKLM..Run: [sweetIM] C:ProgramMacrogamingSweetIMSweetIM.exe
O4 - HKLM..Run: [sunJavaUpdateSched] "C:ProgramJavajre1.6.0_05binjusched.exe"
O4 - HKLM..Run: [QuickTime Task] "C:ProgramQuickTimeqttask.exe" -atboottime
O4 - HKLM..Run: [LXSUPMON] C:WINDOWSsystem32LXSUPMON.EXE RUN
O4 - HKLM..Run: [KernelFaultCheck] %systemroot%system32dumprep 0 -k
O4 - HKLM..Run: [igfxtray] C:WINDOWSsystem32igfxtray.exe
O4 - HKLM..Run: [igfxpers] C:WINDOWSsystem32igfxpers.exe
O4 - HKLM..Run: [igfxhkcmd] C:WINDOWSsystem32hkcmd.exe
O4 - HKLM..Run: [DVDLauncher] "C:ProgramCyberLinkPowerDVDDVDLauncher.exe"
O4 - HKLM..Run: [ccApp] "C:ProgramDelade filerSymantec SharedccApp.exe"
O4 - HKLM..Run: [Adobe Reader Speed Launcher] "C:ProgramAdobeReader 8.0ReaderReader_sl.exe"
O4 - HKCU..Run: [ctfmon.exe] C:WINDOWSsystem32ctfmon.exe
O4 - HKCU..Run: [WMPNSCFG] C:ProgramWindows Media PlayerWMPNSCFG.exe
O4 - HKCU..Run: [swg] C:ProgramGoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe
O4 - HKCU..Run: [MsnMsgr] "C:ProgramWindows LiveMessengermsnmsgr.exe" /background
O4 - HKCU..Run: [gStart] C:GarmingStart.exe
O4 - HKCU..Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:ProgramDelade filerAheadLibNMBgMonitor.exe"
O4 - HKUSS-1-5-19..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User 'LOKAL TJÄNST')
O4 - HKUSS-1-5-20..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUSS-1-5-18..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User 'SYSTEM')
O4 - HKUS.DEFAULT..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User 'Default user')
O7 - HKLMSoftwareMicrosoftWindowsCurrentVersionPoliciesSystem, DisableRegedit=1
O8 - Extra context menu item: &Winamp Toolbar Search - C:Documents and SettingsAll UsersApplication DataWinamp ToolbarieToolbarresourcesen-USlocalsearch.html
O8 - Extra context menu item: &Windows Live Search - res://C:ProgramWindows Live Toolbarmsntb.dll/search.htm
O8 - Extra context menu item: Add to AMV Converter... - C:ProgramMP3 Player Utilities 4.15AMVConvertergrab.html
O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:ProgramMICROS~2OFFICE11EXCEL.EXE/3000
O8 - Extra context menu item: MediaManager tool grab multimedia file - C:ProgramMP3 Player Utilities 4.15MediaManagergrab.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:ProgramJavajre1.6.0_05binssv.dll
O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:ProgramJavajre1.6.0_05binssv.dll
O9 - Extra button: Blogga detta - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:ProgramWindows LiveWriterWriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blogga detta i Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:ProgramWindows LiveWriterWriterBrowserExtension.dll
O9 - Extra button: Referensinformation - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:ProgramMICROS~2OFFICE11REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:WINDOWSNetwork Diagnosticxpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:WINDOWSNetwork Diagnosticxpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:ProgramMessengermsmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:ProgramMessengermsmsgs.exe
O16 - DPF: {45A0A292-ECC6-4D8F-9EA9-A4BD411D24C1} (king.com) - http://www.king.com/ctl/kingcomie.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game12.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab
O20 - AppInit_DLLs: bjxykt.dll
O20 - Winlogon Notify: wvukjbcb - wvUkJbcB.dll (file missing)
O23 - Service: Automatisk LiveUpdate-schemaläggare - Symantec Corporation - C:ProgramSymantecLiveUpdateALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:ProgramDelade filerSymantec SharedccEvtMgr.exe
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:ProgramNorton Internet SecurityccPwdSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:ProgramDelade filerSymantec SharedccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:ProgramDelade filerSymantec SharedccSetMgr.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:ProgramNorton Internet SecuritycomHost.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:ProgramGoogleCommonGoogle UpdaterGoogleUpdaterService.exe
O23 - Service: Iap - Dell Inc - C:ProgramDellOpenManageClientIap.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:WINDOWSsystem32LEXBCES.EXE
O23 - Service: LiveUpdate - Symantec Corporation - C:ProgramSymantecLIVEUP~1LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:ProgramDelade filerSymantec SharedPIF{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}PIFSvc.exe
O23 - Service: Norton AntiVirus Auto Protect-tjänst (navapsvc) - Symantec Corporation - C:ProgramNorton Internet SecurityNorton AntiVirusnavapsvc.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:ProgramIntelNCSSyncNetSvc.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:ProgramDelade filerSymantec SharedSecurity ConsoleNSCSRVCE.EXE
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:ProgramNorton Internet SecurityNorton AntiVirusSAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:ProgramDelade filerSymantec SharedSNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:ProgramDelade filerSymantec SharedSPBBCSPBBCSvc.exe
O23 - Service: Symantec Core LC - Unknown owner - C:ProgramDelade filerSymantec SharedCCPD-LCsymlcsvc.exe
O23 - Service: Symantec RemoteAssist - Symantec, Inc. - C:ProgramDelade filerSymantec SharedSupport Controlsssrc.exe
O24 - Desktop Component 0: (no name) - http://www.microsoft.com/windows/plus/imag...ish_150x106.jpg
--
End of file - 12055 bytes
-
Hej
Har kört CCleaner emellan oxå. Det ser bättre och bättre ut i mitt tycke i alla fall. --!!
//Stefan
Malwarebytes' Anti-Malware 1.30
Databasversion: 1375
Windows 5.1.2600 Service Pack 3
2008-11-10 17:29:54
mbam-log-2008-11-10 (17-29-54).txt
Skanningstyp: Fullständig skanning (C:|)
Antal skannade objekt: 183113
Förfluten tid: 1 hour(s), 28 minute(s), 41 second(s)
Infekterade minnesprocesser: 0
Infekterade minnesmoduler: 0
Infekterade registernycklar: 0
Infekterade registervärden: 0
Infekterade registerdataposter: 6
Infekterade mappar: 0
Infekterade filer: 0
Infekterade minnesprocesser:
(Inga illasinnade poster hittades)
Infekterade minnesmoduler:
(Inga illasinnade poster hittades)
Infekterade registernycklar:
(Inga illasinnade poster hittades)
Infekterade registervärden:
(Inga illasinnade poster hittades)
Infekterade registerdataposter:
HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesTcpipParametersDhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.83 192.168.0.1 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesTcpipParametersInterfaces{7ef5bb9b-24d6-4aa6-a938-6d497ebdca75}DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.83 192.168.0.1 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESYSTEMControlSet001ServicesTcpipParametersDhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.83 192.168.0.1 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESYSTEMControlSet001ServicesTcpipParametersInterfaces{7ef5bb9b-24d6-4aa6-a938-6d497ebdca75}DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.83 192.168.0.1 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESYSTEMControlSet002ServicesTcpipParametersDhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.83 192.168.0.1 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESYSTEMControlSet002ServicesTcpipParametersInterfaces{7ef5bb9b-24d6-4aa6-a938-6d497ebdca75}DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.83 192.168.0.1 -> Quarantined and deleted successfully.
Infekterade mappar:
(Inga illasinnade poster hittades)
Infekterade filer:
(Inga illasinnade poster hittades)
-
Här kommer #2.
/Stefan
Infekterade mappar:
C:ProgramHotbar (Adware.Hotbar) -> Delete on reboot.
C:ProgramHotbarbin (Adware.Hotbar) -> Delete on reboot.
C:ProgramHotbarbin10.0.356.0 (Adware.Hotbar) -> Delete on reboot.
C:ProgramHotbarbin10.0.356.0firefox (Adware.Hotbar) -> Delete on reboot.
C:ProgramHotbarbin10.0.356.0firefoxextensions (Adware.Hotbar) -> Delete on reboot.
C:ProgramHotbarbin10.0.356.0firefoxextensionscomponents (Adware.Hotbar) -> Quarantined and deleted successfully.
C:ProgramHotbarbin10.0.356.0firefoxextensionsplugins (Adware.Hotbar) -> Quarantined and deleted successfully.
C:ProgramMyWaySA (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:ProgramMyWaySASrchAsDe (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:Documents and SettingsAll UsersApplication Data2ACA5CC3-0F83-453D-A079-1076FE1A8B65 (Adware.Seekmo) -> Quarantined and deleted successfully.
Infekterade filer:
C:WINDOWSsystem32qoMeEULB.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:WINDOWSsystem32bjxykt.dll (Trojan.Vundo.H) -> Delete on reboot.
C:WINDOWSsystem32bYomLefg.dll (Trojan.Vundo.H) -> Delete on reboot.
C:WINDOWSsystem32gfeLmoYb.ini (Trojan.Vundo.H) -> Delete on reboot.
C:WINDOWSsystem32gfeLmoYb.ini2 (Trojan.Vundo.H) -> Delete on reboot.
C:WINDOWSsystem32awtrQKbC.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:WINDOWSsystem32CbKQrtwa.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:WINDOWSsystem32CbKQrtwa.ini2 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:WINDOWSsystem32cbXOFyww.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:WINDOWSsystem32wwyFOXbc.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:WINDOWSsystem32wwyFOXbc.ini2 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:WINDOWSsystem32fqrfubek.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:WINDOWSsystem32kebufrqf.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:WINDOWSsystem32mwjstxpx.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:WINDOWSsystem32xpxtsjwm.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:WINDOWSsystem32nnnmlJYO.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:WINDOWSsystem32OYJlmnnn.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:WINDOWSsystem32OYJlmnnn.ini2 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:WINDOWSsystem32occsyovx.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:WINDOWSsystem32xvoyscco.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:WINDOWSsystem32vhrmrbca.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:WINDOWSsystem32acbrmrhv.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:WINDOWSsystem32vtUnmLDt.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:WINDOWSsystem32tDLmnUtv.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:WINDOWSsystem32tDLmnUtv.ini2 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:WINDOWSsystem32vtUollLE.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:WINDOWSsystem32ELlloUtv.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:WINDOWSsystem32ELlloUtv.ini2 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:WINDOWSsystem32yayASLcY.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:WINDOWSsystem32YcLSAyay.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:WINDOWSsystem32YcLSAyay.ini2 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:WINDOWSsystem32kdihl.exe (Rootkit.DNSChanger.H) -> Delete on reboot.
C:WINDOWSsystem32jhrxxbid.dll (Trojan.BHO.H) -> Delete on reboot.
C:WINDOWSsystem32qalrjiqr.dll (Trojan.BHO.H) -> Quarantined and deleted successfully.
C:WINDOWSservice.exe (Backdoor.Bot.H) -> Quarantined and deleted successfully.
C:WINDOWSsystem32ssqPjIxy.dll (Trojan.Vundo) -> Delete on reboot.
C:Documents and SettingsAmanda!!Lokala inställningarTemporary Internet FilesContent.IE57UFI2X7Sis167464[1].exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:Documents and SettingsAmanda!!Lokala inställningarTemporary Internet FilesContent.IE5FPDUU6OHcntr[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:Documents and SettingsAmanda!!Lokala inställningarTemporary Internet FilesContent.IE5FPDUU6OHupd105320[1] (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:Documents and SettingsAmanda!!Lokala inställningarTemporary Internet FilesContent.IE5GPNKFIY5cntr[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:Documents and SettingsAmanda!!Lokala inställningarTemporary Internet FilesContent.IE5HCWMVQL0nd82m0[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:Documents and SettingsCatharina AndreeLokala inställningarTemporary Internet FilesContent.IE506W0DT7Jnd82m0[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:Documents and SettingsCatharina AndreeLokala inställningarTemporary Internet FilesContent.IE56QZ03DZLnd82m0[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:Documents and SettingsCatharina AndreeLokala inställningarTemporary Internet FilesContent.IE5JESHQ3PC23nq[1].dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:Documents and SettingsCatharina AndreeLokala inställningarTemporary Internet FilesContent.IE5JESHQ3PCupd105320[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:Documents and SettingsCatharina AndreeLokala inställningarTemporary Internet FilesContent.IE5PJ8492RY23nq[1].dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:Documents and SettingsCatharina AndreeLokala inställningarTemporary Internet FilesContent.IE5QLZSRRF3upd105320[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:Documents and SettingsCatharina AndreeLokala inställningarTemporary Internet FilesContent.IE5SUBC3Z30cntr[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:Documents and SettingsCatharina AndreeLokala inställningarTemporary Internet FilesContent.IE5VZMF23KFis167464[1].exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:Documents and SettingsCatharina AndreeLokala inställningarTemporary Internet FilesContent.IE5X1NX9967cntr[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:ProgramHotbarbin10.0.356.0dBenderC.dll (Adware.Hotbar) -> Quarantined and deleted successfully.
C:System Volume Information_restore{619781AC-CF96-4B2F-8E58-2353903809FC}(2)RP16A0010178.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:System Volume Information_restore{619781AC-CF96-4B2F-8E58-2353903809FC}(2)RP16A0010179.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:System Volume Information_restore{619781AC-CF96-4B2F-8E58-2353903809FC}(2)RP16A0010177.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:System Volume Information_restore{619781AC-CF96-4B2F-8E58-2353903809FC}(2)RP19A0014342.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:System Volume Information_restore{619781AC-CF96-4B2F-8E58-2353903809FC}(2)RP19A0014344.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:System Volume Information_restore{619781AC-CF96-4B2F-8E58-2353903809FC}(2)RP19A0014345.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:WINDOWSsystem32ahcwsckw.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:WINDOWSsystem32btqfyknu.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:WINDOWSsystem32byXNgebA.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:WINDOWSsystem32byXOfeDw.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:WINDOWSsystem32exuooywd.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:WINDOWSsystem32khfDsqPh.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:WINDOWSsystem32khfETlLf.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:WINDOWSsystem32kkwlbdod.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:WINDOWSsystem32lqedtogj.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:WINDOWSsystem32muqgytsb.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:WINDOWSsystem32nnnkKCSj.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:WINDOWSsystem32nnnnOedE.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:WINDOWSsystem32nnnoOiFx.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:WINDOWSsystem32rgtwulwc.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:WINDOWSsystem32uuajcumh.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:WINDOWSsystem32uwjpgiky.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:WINDOWSsystem32cnwiaecn.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:WINDOWSsystem32cocixh.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:WINDOWSsystem32geBqQJDV.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:WINDOWSsystem32geBrOEWo.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:WINDOWSsystem32geBtSKAT.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:WINDOWSsystem32geBuSMgE.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:WINDOWSsystem32lefbkioj.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:WINDOWSsystem32ndizin.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:WINDOWSsystem32opnnklMD.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:WINDOWSsystem32opnolmKa.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:WINDOWSsystem32opnomkhG.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:WINDOWSsystem32orqdserg.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:WINDOWSsystem32sbijjabr.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:WINDOWSsystem32ssqRIAqN.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:WINDOWSsystem32ssqRLFYo.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:WINDOWSsystem32tipoxyny.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:WINDOWSsystem32tucevsqs.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:WINDOWSsystem32mrwlplkq.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:WINDOWSsystem32gxtusv.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:WINDOWSsystem32hgGvuTJc.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:WINDOWSsystem32hgGvuULE.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:WINDOWSsystem32vtUkkkIY.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:WINDOWSsystem32qfmebh.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:WINDOWSsystem32qoMEVnoP.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:WINDOWSsystem32qoMffdEw.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:WINDOWSsystem32jkkKcYQj.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:WINDOWSsystem32avpommbl.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:WINDOWSsystem32awtrOhIc.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:WINDOWSsystem32awtturPg.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:WINDOWSsystem32mbhdtuup.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:WINDOWSsystem32mbmkyybl.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:WINDOWSsystem32wstyqwsw.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:WINDOWSsystem32wvcsxpll.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:WINDOWSsystem32xxyaabyx.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:WINDOWSsystem32yayvVOgH.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:WINDOWSsystem32ylmbtodl.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:WINDOWSsystem32ytjaxtbg.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:WINDOWSsystem32mlJArssr.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:WINDOWSsystem32mlJCRhhI.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:WINDOWSsystem32mltduhpq.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:WINDOWSsystem32jyfdogsm.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:WINDOWSsystem32ljJDUnmM.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:WINDOWSsystem32ljJDWMca.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:WINDOWSsystem32rkkwsgqf.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:WINDOWSsystem32rskxza.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:WINDOWSsystem32dcclggip.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:WINDOWSsystem32ddcAqNeb.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:WINDOWSsystem32fccddbAQ.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:WINDOWSsystem32flcrcb.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:WINDOWSsystem32eewiqrdt.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:WINDOWSsystem32efcBustQ.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:ProgramHotbarbin10.0.356.0arrow.ico (Adware.Hotbar) -> Quarantined and deleted successfully.
C:ProgramHotbarbin10.0.356.0copyright.txt (Adware.Hotbar) -> Quarantined and deleted successfully.
C:ProgramHotbarbin10.0.356.0HostOL.dll (Adware.Hotbar) -> Quarantined and deleted successfully.
C:ProgramHotbarbin10.0.356.0HotbarSAAX.dll (Adware.Hotbar) -> Quarantined and deleted successfully.
C:ProgramHotbarbin10.0.356.0link.ico (Adware.Hotbar) -> Quarantined and deleted successfully.
C:ProgramHotbarbin10.0.356.0Wallpaper.dll (Adware.Hotbar) -> Quarantined and deleted successfully.
C:ProgramHotbarbin10.0.356.0WeSkin.dll (Adware.Hotbar) -> Quarantined and deleted successfully.
C:ProgramHotbarbin10.0.356.0firefoxextensionsinstall.rdf (Adware.Hotbar) -> Quarantined and deleted successfully.
C:ProgramHotbarbin10.0.356.0firefoxextensionscomponentsnpclntax.xpt (Adware.Hotbar) -> Quarantined and deleted successfully.
C:WINDOWSsystem32mcrh.tmp (Malware.Trace) -> Quarantined and deleted successfully.
C:WINDOWSsystem32tuyrgsacxlt.dll (Trojan.Agent) -> Delete on reboot.
C:Documents and SettingsAmanda!!SkrivbordAntiSpywareExpert.lnk (Rogue.Antispyware) -> Quarantined and deleted successfully.
C:Documents and SettingsAmanda!!Application DataMicrosoftInternet ExplorerQuick LaunchAntiSpywareExpert.lnk (Rogue.Antispyware) -> Quarantined and deleted successfully.
C:Documents and SettingsCatharina AndreeLokala inställningarTemp.tt1.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:Documents and SettingsCatharina AndreeLokala inställningarTemp.tt3.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:Documents and SettingsAmanda!!Lokala inställningarTemp.tt1.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:Documents and SettingsAmanda!!Lokala inställningarTemp.tt2.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:Documents and SettingsAmanda!!Lokala inställningarTemp.tt3.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:Documents and SettingsAmanda!!Lokala inställningarTemp.tt4.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:Documents and SettingsAmanda!!Lokala inställningarTemp.tt6.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:Documents and SettingsAmanda!!Lokala inställningarTemp.tt7.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:Documents and SettingsAmanda!!Lokala inställningarTemp.tt8.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:Documents and SettingsAmanda!!Lokala inställningarTemp.ttA.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:Documents and SettingsAmanda!!Lokala inställningarTemp.ttB.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:Documents and SettingsAmanda!!Lokala inställningarTemp.ttC.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:Documents and SettingsAmanda!!Lokala inställningarTemp.ttE.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:Documents and SettingsAmanda!!Lokala inställningarTemp.ttF.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:Documents and SettingsAmanda!!Lokala inställningarTemp.tt1.tmp.vbs (Trojan.FakeAlert) -> Delete on reboot.
C:Documents and SettingsAmanda!!Lokala inställningarTemp.tt2.tmp.vbs (Trojan.FakeAlert) -> Delete on reboot.
C:Documents and SettingsAmanda!!Lokala inställningarTemp.tt4.tmp.vbs (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:WINDOWSTemptempo-7D.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:WINDOWSTemptempo-7D3.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:WINDOWSTemptempo-B7B.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:WINDOWSTemptempo-DAF.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:Documents and SettingsmatildaSkrivbordFree PC Wallpapers.lnk (Rogue.Link) -> Quarantined and deleted successfully.
C:Documents and SettingsamandaSkrivbordFree PC Wallpapers.lnk (Rogue.Link) -> Quarantined and deleted successfully.
C:Documents and SettingsmatildaSkrivbordRepair Your Registry.lnk (Rogue.Link) -> Quarantined and deleted successfully.
C:Documents and SettingsAmanda!!SkrivbordRepair Your Registry.lnk (Rogue.Link) -> Quarantined and deleted successfully.
C:Documents and SettingsamandaSkrivbordRepair Your Registry.lnk (Rogue.Link) -> Quarantined and deleted successfully.
-
Hej
Här kommer den loggen. Tur att det finns folk som kan analysera
Fick dela den på två.....//Stefan
Malwarebytes' Anti-Malware 1.30
Databasversion: 1375
Windows 5.1.2600 Service Pack 3
2008-11-09 18:34:58
mbam-log-2008-11-09 (18-34-58).txt
Skanningstyp: Fullständig skanning (C:|)
Antal skannade objekt: 203406
Förfluten tid: 2 hour(s), 40 minute(s), 36 second(s)
Infekterade minnesprocesser: 1
Infekterade minnesmoduler: 4
Infekterade registernycklar: 96
Infekterade registervärden: 10
Infekterade registerdataposter: 17
Infekterade mappar: 10
Infekterade filer: 163
Infekterade minnesprocesser:
C:WINDOWSservice.exe (Backdoor.Bot) -> Unloaded process successfully.
Infekterade minnesmoduler:
C:WINDOWSsystem32bYomLefg.dll (Trojan.Vundo.H) -> Delete on reboot.
C:WINDOWSsystem32bjxykt.dll (Trojan.Vundo) -> Delete on reboot.
C:WINDOWSsystem32ssqPjIxy.dll (Trojan.Vundo) -> Delete on reboot.
C:WINDOWSsystem32jhrxxbid.dll (Trojan.Vundo) -> Delete on reboot.
Infekterade registernycklar:
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{79117664-7a50-429c-b3af-6cdf9e1886ce} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogonNotifyqomeeulb (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOTCLSID{79117664-7a50-429c-b3af-6cdf9e1886ce} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{9c81d128-4da9-46c9-91d7-efd68ca2c923} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOTCLSID{9c81d128-4da9-46c9-91d7-efd68ca2c923} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{deb85b3b-8afc-4567-bc39-46da44c17c61} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CLASSES_ROOTCLSID{deb85b3b-8afc-4567-bc39-46da44c17c61} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{0005b3dd-a43d-432d-915b-1933d975e360} (Trojan.BHO.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOTCLSID{0005b3dd-a43d-432d-915b-1933d975e360} (Trojan.BHO.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{000b187f-d25f-4bef-8e7f-220666fb7830} (Trojan.BHO.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOTCLSID{000b187f-d25f-4bef-8e7f-220666fb7830} (Trojan.BHO.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{000b67ba-a43d-432d-915b-1933d975e360} (Trojan.BHO.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOTCLSID{000b67ba-a43d-432d-915b-1933d975e360} (Trojan.BHO.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{001630fe-d25f-4bef-8e7f-220666fb7830} (Trojan.BHO.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOTCLSID{001630fe-d25f-4bef-8e7f-220666fb7830} (Trojan.BHO.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{0016cf75-a43d-432d-915b-1933d975e360} (Trojan.BHO.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOTCLSID{0016cf75-a43d-432d-915b-1933d975e360} (Trojan.BHO.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{002c61fd-d25f-4bef-8e7f-220666fb7830} (Trojan.BHO.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOTCLSID{002c61fd-d25f-4bef-8e7f-220666fb7830} (Trojan.BHO.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{002d9eea-a43d-432d-915b-1933d975e360} (Trojan.BHO.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOTCLSID{002d9eea-a43d-432d-915b-1933d975e360} (Trojan.BHO.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{0058c3fb-d25f-4bef-8e7f-220666fb7830} (Trojan.BHO.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOTCLSID{0058c3fb-d25f-4bef-8e7f-220666fb7830} (Trojan.BHO.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{005b3dd4-a43d-432d-915b-1933d975e360} (Trojan.BHO.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOTCLSID{005b3dd4-a43d-432d-915b-1933d975e360} (Trojan.BHO.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{00b187f6-d25f-4bef-8e7f-220666fb7830} (Trojan.BHO.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOTCLSID{00b187f6-d25f-4bef-8e7f-220666fb7830} (Trojan.BHO.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{00b67ba9-a43d-432d-915b-1933d975e360} (Trojan.BHO.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOTCLSID{00b67ba9-a43d-432d-915b-1933d975e360} (Trojan.BHO.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{01630fed-d25f-4bef-8e7f-220666fb7830} (Trojan.BHO.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOTCLSID{01630fed-d25f-4bef-8e7f-220666fb7830} (Trojan.BHO.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{016cf752-a43d-432d-915b-1933d975e360} (Trojan.BHO.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOTCLSID{016cf752-a43d-432d-915b-1933d975e360} (Trojan.BHO.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{02c61fdb-d25f-4bef-8e7f-220666fb7830} (Trojan.BHO.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOTCLSID{02c61fdb-d25f-4bef-8e7f-220666fb7830} (Trojan.BHO.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{02d9eea5-a43d-432d-915b-1933d975e360} (Trojan.BHO.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOTCLSID{02d9eea5-a43d-432d-915b-1933d975e360} (Trojan.BHO.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{058c3fb7-d25f-4bef-8e7f-220666fb7830} (Trojan.BHO.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOTCLSID{058c3fb7-d25f-4bef-8e7f-220666fb7830} (Trojan.BHO.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{05b3dd4b-a43d-432d-915b-1933d975e360} (Trojan.BHO.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOTCLSID{05b3dd4b-a43d-432d-915b-1933d975e360} (Trojan.BHO.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{0b187f6f-d25f-4bef-8e7f-220666fb7830} (Trojan.BHO.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOTCLSID{0b187f6f-d25f-4bef-8e7f-220666fb7830} (Trojan.BHO.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{0b67ba96-a43d-432d-915b-1933d975e360} (Trojan.BHO.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOTCLSID{0b67ba96-a43d-432d-915b-1933d975e360} (Trojan.BHO.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{1630fede-d25f-4bef-8e7f-220666fb7830} (Trojan.BHO.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOTCLSID{1630fede-d25f-4bef-8e7f-220666fb7830} (Trojan.BHO.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionExtStats{9c81d128-4da9-46c9-91d7-efd68ca2c923} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOTCLSID{75abcf92-9764-4dfa-a83f-5142c3905052} (Trojan.Vundo) -> Delete on reboot.
HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionExtStats{75abcf92-9764-4dfa-a83f-5142c3905052} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{75abcf92-9764-4dfa-a83f-5142c3905052} (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogonNotifyssqpjixy (Trojan.Vundo) -> Delete on reboot.
HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionExtStats{deb85b3b-8afc-4567-bc39-46da44c17c61} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionExtStats{0005b3dd-a43d-432d-915b-1933d975e360} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionExtStats{000b67ba-a43d-432d-915b-1933d975e360} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionExtStats{0016cf75-a43d-432d-915b-1933d975e360} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionExtStats{002d9eea-a43d-432d-915b-1933d975e360} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionExtStats{005b3dd4-a43d-432d-915b-1933d975e360} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionExtStats{00b67ba9-a43d-432d-915b-1933d975e360} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionExtStats{016cf752-a43d-432d-915b-1933d975e360} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionExtStats{02d9eea5-a43d-432d-915b-1933d975e360} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionExtStats{05b3dd4b-a43d-432d-915b-1933d975e360} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionExtStats{0b67ba96-a43d-432d-915b-1933d975e360} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOTInterface{99ccfb8c-6380-4a14-8fdd-ef3e7e95335d} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOTCLSID{460ac4db-b0de-4626-a0f0-175dd84dcb9b} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOTCLSID{4d25f926-b9fe-4682-bf72-8ab8210d6d75} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionExtStats{4b18dd50-c996-44fc-ac52-0fecff82ed58} (Spyware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionExtStats{79117664-7a50-429c-b3af-6cdf9e1886ce} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionExtStats{90b5a95a-afd5-4d11-b9bd-a69d53d22226} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionExtStats{b64f4a7c-97c9-11da-8bde-f66bad1e3f3a} (Rogue.WinAntivirus) -> Quarantined and deleted successfully.
HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionExtStats{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USERSOFTWAREMicrosoftInstallerProducts568267acfc5644dab06f058006ddbae3 (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionExtStats{000b187f-d25f-4bef-8e7f-220666fb7830} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionExtStats{001630fe-d25f-4bef-8e7f-220666fb7830} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionExtStats{002c61fd-d25f-4bef-8e7f-220666fb7830} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionExtStats{0058c3fb-d25f-4bef-8e7f-220666fb7830} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionExtStats{00b187f6-d25f-4bef-8e7f-220666fb7830} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionExtStats{01630fed-d25f-4bef-8e7f-220666fb7830} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionExtStats{02c61fdb-d25f-4bef-8e7f-220666fb7830} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionExtStats{058c3fb7-d25f-4bef-8e7f-220666fb7830} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionExtStats{0b187f6f-d25f-4bef-8e7f-220666fb7830} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionExtStats{1630fede-d25f-4bef-8e7f-220666fb7830} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOTTypeLib{b0f1f251-79bd-4ac5-bdb6-383379e50cb3} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOTCLSID{68354ad6-ac7e-4fe3-a19b-8f8e70ab4252} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExtPreApproved{68354ad6-ac7e-4fe3-a19b-8f8e70ab4252} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOTCLSID{d10c4db6-cb02-40f4-88ee-c0b64c02adfc} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionExtStats{d10c4db6-cb02-40f4-88ee-c0b64c02adfc} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExtPreApproved{d10c4db6-cb02-40f4-88ee-c0b64c02adfc} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOTsexvid (Trojan.DNSChanger) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftSoftware Notifier (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftMS Juan (Malware.Trace) -> Delete on reboot.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftcontim (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftMS Track System (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftrdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftRemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
Infekterade registervärden:
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRunmessenger service (Backdoor.Bot.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerShellExecuteHooks{75abcf92-9764-4dfa-a83f-5142c3905052} (Trojan.Vundo) -> Delete on reboot.
HKEY_CURRENT_USERSOFTWAREMicrosoftInternet ExplorerURLSearchHooks{4d25f926-b9fe-4682-bf72-8ab8210d6d75} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerShellExecuteHooks{79117664-7a50-429c-b3af-6cdf9e1886ce} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRunlsmnvboumq (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRunlphc7d9j0egfn (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USERControl PanelDesktopwallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USERControl PanelDesktoporiginalwallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USERControl PanelDesktopconvertedwallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USERControl PanelDesktopscrnsave.exe (Hijack.Wallpaper) -> Quarantined and deleted successfully.
Infekterade registerdataposter:
HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlLSANotification Packages (Trojan.Vundo.H) -> Data: c:windowssystem32byomlefg -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogonSystem (Rootkit.DNSChanger.H) -> Data: kdihl.exe -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlLSAAuthentication Packages (Trojan.Vundo) -> Data: c:windowssystem32byomlefg -> Delete on reboot.
HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionPoliciesSystemNoDispBackgroundPage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionPoliciesSystemNoDispScrSavPage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesTcpipParametersDhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.83 192.168.0.1 -> Delete on reboot.
HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesTcpipParametersInterfaces{7ef5bb9b-24d6-4aa6-a938-6d497ebdca75}DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.83 192.168.0.1 -> Delete on reboot.
HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesTcpipParametersInterfaces{7ef5bb9b-24d6-4aa6-a938-6d497ebdca75}NameServer (Trojan.DNSChanger) -> Data: 85.255.112.74;85.255.112.191 -> Delete on reboot.
HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesTcpipParametersInterfaces{f5198715-f56e-4d20-a279-1a0fa879f9d2}NameServer (Trojan.DNSChanger) -> Data: 85.255.112.74;85.255.112.191 -> Delete on reboot.
HKEY_LOCAL_MACHINESYSTEMControlSet001ServicesTcpipParametersDhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.83 192.168.0.1 -> Delete on reboot.
HKEY_LOCAL_MACHINESYSTEMControlSet001ServicesTcpipParametersInterfaces{7ef5bb9b-24d6-4aa6-a938-6d497ebdca75}DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.83 192.168.0.1 -> Delete on reboot.
HKEY_LOCAL_MACHINESYSTEMControlSet001ServicesTcpipParametersInterfaces{7ef5bb9b-24d6-4aa6-a938-6d497ebdca75}NameServer (Trojan.DNSChanger) -> Data: 85.255.112.74;85.255.112.191 -> Delete on reboot.
HKEY_LOCAL_MACHINESYSTEMControlSet001ServicesTcpipParametersInterfaces{f5198715-f56e-4d20-a279-1a0fa879f9d2}NameServer (Trojan.DNSChanger) -> Data: 85.255.112.74;85.255.112.191 -> Delete on reboot.
HKEY_LOCAL_MACHINESYSTEMControlSet002ServicesTcpipParametersDhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.83 192.168.0.1 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESYSTEMControlSet002ServicesTcpipParametersInterfaces{7ef5bb9b-24d6-4aa6-a938-6d497ebdca75}DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.83 192.168.0.1 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESYSTEMControlSet002ServicesTcpipParametersInterfaces{7ef5bb9b-24d6-4aa6-a938-6d497ebdca75}NameServer (Trojan.DNSChanger) -> Data: 85.255.112.74;85.255.112.191 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESYSTEMControlSet002ServicesTcpipParametersInterfaces{f5198715-f56e-4d20-a279-1a0fa879f9d2}NameServer (Trojan.DNSChanger) -> Data: 85.255.112.74;85.255.112.191 -> Quarantined and deleted successfully.
Infekterade mappar:
C:ProgramHotbar (Adware.Hotbar) -> Delete on reboot.
C:ProgramHotbarbin (Adware.Hotbar) -> Delete on reboot.
C:ProgramHotbarbin10.0.356.0 (Adware.Hotbar) -> Delete on reboot.
C:ProgramHotbarbin10.0.356.0firefox (Adware.Hotbar) -> Delete on reboot.
C:ProgramHotbarbin10.0.356.0firefoxextensions (Adware.Hotbar) -> Delete on reboot.
C:ProgramHotbarbin10.0.356.0firefoxextensionscomponents (Adware.Hotbar) -> Quarantined and deleted successfully.
C:ProgramHotbarbin10.0.356.0firefoxextensionsplugins (Adware.Hotbar) -> Quarantined and deleted successfully.
C:ProgramMyWaySA (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:ProgramMyWaySASrchAsDe (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:Documents and SettingsAll UsersApplication Data2ACA5CC3-0F83-453D-A079-1076FE1A8B65 (Adware.Seekmo) -> Quarantined and deleted successfully.
-
Hej igen
Ingen är tacksammare än jag att det blir fullständigt virusfritt. Provade både med Spywarefighter och Norton innan, men jag borde loggat in på den här sidan direkt istället. Ha en bra dag..
M.v.h
Stefan
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:51:45, on 2008-11-10
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal
Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:ProgramDelade filerSymantec SharedccSetMgr.exe
C:ProgramDelade filerSymantec SharedccEvtMgr.exe
C:ProgramDelade filerSymantec SharedccProxy.exe
C:ProgramDelade filerSymantec SharedPIF{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}PIFSvc.exe
C:ProgramDelade filerSymantec SharedSNDSrvc.exe
C:ProgramDelade filerSymantec SharedSPBBCSPBBCSvc.exe
C:ProgramDelade filerSymantec SharedCCPD-LCsymlcsvc.exe
C:WINDOWSExplorer.EXE
C:WINDOWSsystem32LEXBCES.EXE
C:WINDOWSsystem32LEXPPS.EXE
C:WINDOWSsystem32spoolsv.exe
C:ProgramSymantecLiveUpdateALUSchedulerSvc.exe
C:WINDOWSSystem32svchost.exe
C:ProgramDellOpenManageClientIap.exe
C:ProgramMicrosoft SQL ServerMSSQL$SPCSBinnsqlservr.exe
C:ProgramNorton Internet SecurityNorton AntiVirusnavapsvc.exe
C:ProgramFightersconfigservice.exe
C:WINDOWSsystem32svchost.exe
C:ProgramFighterslicenseservice.exe
C:ProgramFightersupdateservice.exe
C:ProgramFightersScannerService.exe
C:ProgramMacrogamingSweetIMSweetIM.exe
C:ProgramJavajre1.6.0_05binjusched.exe
C:ProgramFightersspywarefighterSpywarefighterUser.exe
C:ProgramQuickTimeqttask.exe
C:WINDOWSsystem32LXSUPMON.EXE
C:WINDOWSsystem32igfxpers.exe
C:WINDOWSsystem32hkcmd.exe
C:ProgramCyberLinkPowerDVDDVDLauncher.exe
C:ProgramDelade filerSymantec SharedccApp.exe
C:WINDOWSsystem32ctfmon.exe
C:ProgramWindows Media PlayerWMPNSCFG.exe
C:ProgramGoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe
C:ProgramWindows LiveMessengermsnmsgr.exe
C:GarmingStart.exe
C:ProgramDelade filerSymantec SharedSecurity ConsoleNSCSRVCE.EXE
C:WINDOWSsystem32wuauclt.exe
C:ProgramSymantecLIVEUP~1LUCOMS~1.EXE
C:ProgramSymantecLiveUpdateAUpdate.exe
C:ProgramSymantecLiveUpdateLuCallbackProxy.exe
C:ProgramSymantecLiveUpdateLuCallbackProxy.exe
C:ProgramTrend MicroHijackThisCatha.exe
C:ProgramSymantecLiveUpdateLuCallbackProxy.exe
C:ProgramSymantecLiveUpdateLuCallbackProxy.exe
C:ProgramSymantecLiveUpdateLuCallbackProxy.exe
C:ProgramSymantecLiveUpdateLuCallbackProxy.exe
C:ProgramSymantecLiveUpdateLuCallbackProxy.exe
C:ProgramMessengermsmsgs.exe
R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Search Bar = http://dellsearchedit.myway.com/samisc/del...ebar.jhtml?p=EB
R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = https://upplandsbro.skola24.se/
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www1.euro.dell.com/content/default....;l=sv&s=gen
R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Länkar
R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:ProgramMacrogamingSweetIMBarForIEtoolbar.dll
O2 - BHO: mxlivemedia browser enhancer - {15f1de2b-e547-f1d4-f82d-d5bfd4ee2e0e} - C:WINDOWSsystem32tuyrgsacxlt.dll (file missing)
O2 - BHO: (no name) - {4D25F921-B9FE-4682-BF72-8AB8210D6D75} - C:ProgramMyWaySASrchAsDedeSrcAs.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:ProgramJavajre1.6.0_05binssv.dll
O2 - BHO: Windows Live inloggningshjälpen - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:ProgramDelade filerMicrosoft SharedWindows LiveWindowsLiveLogin.dll
O2 - BHO: Norton Internet Security 2006 - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:ProgramDelade filerSymantec SharedAdBlockingNISShExt.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:ProgramNorton Internet SecurityNorton AntiVirusNavShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:programgooglegoogletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:ProgramGoogleGoogleToolbarNotifier3.1.807.1746swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:ProgramWindows Live Toolbarmsntb.dll
O3 - Toolbar: Norton Internet Security 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:ProgramDelade filerSymantec SharedAdBlockingNISShExt.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:ProgramNorton Internet SecurityNorton AntiVirusNavShExt.dll
O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:ProgramMacrogamingSweetIMBarForIEtoolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:programgooglegoogletoolbar1.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:ProgramWinamp Toolbarwinamptb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:ProgramWindows Live Toolbarmsntb.dll
O4 - HKLM..Run: [symantec PIF AlertEng] "C:ProgramDelade filerSymantec SharedPIF{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}PIFSvc.exe" /a /m "C:ProgramDelade filerSymantec SharedPIF{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}AlertEng.dll"
O4 - HKLM..Run: [C:WINDOWSsystem32kdihl.exe] C:WINDOWSsystem32kdihl.exe
O4 - HKLM..Run: [Windows Updater] updater.com
O4 - HKLM..Run: [WinampAgent] C:ProgramWinampwianmpa.exe
O4 - HKLM..Run: [sweetIM] C:ProgramMacrogamingSweetIMSweetIM.exe
O4 - HKLM..Run: [sunJavaUpdateSched] "C:ProgramJavajre1.6.0_05binjusched.exe"
O4 - HKLM..Run: [spywarefighterguard] C:ProgramFightersspywarefighterSpywarefighterUser.exe
O4 - HKLM..Run: [QuickTime Task] "C:ProgramQuickTimeqttask.exe" -atboottime
O4 - HKLM..Run: [LXSUPMON] C:WINDOWSsystem32LXSUPMON.EXE RUN
O4 - HKLM..Run: [KernelFaultCheck] %systemroot%system32dumprep 0 -k
O4 - HKLM..Run: [igfxtray] C:WINDOWSsystem32igfxtray.exe
O4 - HKLM..Run: [igfxpers] C:WINDOWSsystem32igfxpers.exe
O4 - HKLM..Run: [igfxhkcmd] C:WINDOWSsystem32hkcmd.exe
O4 - HKLM..Run: [DVDLauncher] "C:ProgramCyberLinkPowerDVDDVDLauncher.exe"
O4 - HKLM..Run: [ccApp] "C:ProgramDelade filerSymantec SharedccApp.exe"
O4 - HKLM..Run: [Adobe Reader Speed Launcher] "C:ProgramAdobeReader 8.0ReaderReader_sl.exe"
O4 - HKCU..Run: [ctfmon.exe] C:WINDOWSsystem32ctfmon.exe
O4 - HKCU..Run: [WMPNSCFG] C:ProgramWindows Media PlayerWMPNSCFG.exe
O4 - HKCU..Run: [swg] C:ProgramGoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe
O4 - HKCU..Run: [MsnMsgr] "C:ProgramWindows LiveMessengermsnmsgr.exe" /background
O4 - HKCU..Run: [gStart] C:GarmingStart.exe
O4 - HKCU..Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:ProgramDelade filerAheadLibNMBgMonitor.exe"
O4 - HKUSS-1-5-19..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User 'LOKAL TJÄNST')
O4 - HKUSS-1-5-20..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUSS-1-5-18..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User 'SYSTEM')
O4 - HKUS.DEFAULT..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User 'Default user')
O7 - HKLMSoftwareMicrosoftWindowsCurrentVersionPoliciesSystem, DisableRegedit=1
O8 - Extra context menu item: &Winamp Toolbar Search - C:Documents and SettingsAll UsersApplication DataWinamp ToolbarieToolbarresourcesen-USlocalsearch.html
O8 - Extra context menu item: &Windows Live Search - res://C:ProgramWindows Live Toolbarmsntb.dll/search.htm
O8 - Extra context menu item: Add to AMV Converter... - C:ProgramMP3 Player Utilities 4.15AMVConvertergrab.html
O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:ProgramMICROS~2OFFICE11EXCEL.EXE/3000
O8 - Extra context menu item: MediaManager tool grab multimedia file - C:ProgramMP3 Player Utilities 4.15MediaManagergrab.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:ProgramJavajre1.6.0_05binssv.dll
O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:ProgramJavajre1.6.0_05binssv.dll
O9 - Extra button: Blogga detta - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:ProgramWindows LiveWriterWriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blogga detta i Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:ProgramWindows LiveWriterWriterBrowserExtension.dll
O9 - Extra button: Referensinformation - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:ProgramMICROS~2OFFICE11REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:WINDOWSNetwork Diagnosticxpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:WINDOWSNetwork Diagnosticxpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:ProgramMessengermsmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:ProgramMessengermsmsgs.exe
O16 - DPF: {45A0A292-ECC6-4D8F-9EA9-A4BD411D24C1} (king.com) - http://www.king.com/ctl/kingcomie.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game12.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab
O20 - AppInit_DLLs: bjxykt.dll
O20 - Winlogon Notify: wvukjbcb - wvUkJbcB.dll (file missing)
O23 - Service: Automatisk LiveUpdate-schemaläggare - Symantec Corporation - C:ProgramSymantecLiveUpdateALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:ProgramDelade filerSymantec SharedccEvtMgr.exe
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:ProgramNorton Internet SecurityccPwdSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:ProgramDelade filerSymantec SharedccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:ProgramDelade filerSymantec SharedccSetMgr.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:ProgramNorton Internet SecuritycomHost.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:ProgramGoogleCommonGoogle UpdaterGoogleUpdaterService.exe
O23 - Service: Iap - Dell Inc - C:ProgramDellOpenManageClientIap.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:WINDOWSsystem32LEXBCES.EXE
O23 - Service: LiveUpdate - Symantec Corporation - C:ProgramSymantecLIVEUP~1LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:ProgramDelade filerSymantec SharedPIF{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}PIFSvc.exe
O23 - Service: Norton AntiVirus Auto Protect-tjänst (navapsvc) - Symantec Corporation - C:ProgramNorton Internet SecurityNorton AntiVirusnavapsvc.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:ProgramIntelNCSSyncNetSvc.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:ProgramDelade filerSymantec SharedSecurity ConsoleNSCSRVCE.EXE
O23 - Service: PTK License-FIGHTERS-4665699 (ptk license-fighters-4665699) - SPAMfighter - C:ProgramFighterslicenseservice.exe
O23 - Service: PTK Live Update-FIGHTERS-4665699 (ptk live update-fighters-4665699) - SPAMfighter - C:ProgramFightersupdateservice.exe
O23 - Service: PTK Scanner-FIGHTERS-4665699 (ptk scanner-fighters-4665699) - SPAMfighter - C:ProgramFightersScannerService.exe
O23 - Service: PTK SharedAccess-FIGHTERS-4665699 (ptk sharedaccess-fighters-4665699) - SPAMfighter - C:ProgramFightersconfigservice.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:ProgramNorton Internet SecurityNorton AntiVirusSAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:ProgramDelade filerSymantec SharedSNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:ProgramDelade filerSymantec SharedSPBBCSPBBCSvc.exe
O23 - Service: Symantec Core LC - Unknown owner - C:ProgramDelade filerSymantec SharedCCPD-LCsymlcsvc.exe
O23 - Service: Symantec RemoteAssist - Symantec, Inc. - C:ProgramDelade filerSymantec SharedSupport Controlsssrc.exe
O24 - Desktop Component 0: (no name) - http://www.microsoft.com/windows/plus/imag...ish_150x106.jpg
--
End of file - 13280 bytes
-
Ska göra det när jag kommer hem från jobbet
//Stefan
-
Tack för hjälpen. Malwarebytes Anti-Malware hittade 303 infekterade filer. Nu är jag en glad datorägare igen --!!
//Stefan
-
*********************************************
2009-01-08:
Tråden är nu låst.
Tycker du att den är felaktigt låst, var god kontakta
*********************************************
Hej.
Vet inte vad jag har för **** i datorn eller hur jag får bort det. Norton Internet Security 2006 kraschar efter halva scanningen. Hoppas ngn kan hjälpa mej.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:41:22, on 2008-11-09
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal
Running processes:
C:WINDOWSsystem32csrss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32svchost.exe
C:ProgramDelade filerSymantec SharedccSetMgr.exe
C:ProgramDelade filerSymantec SharedccEvtMgr.exe
C:ProgramDelade filerSymantec SharedccProxy.exe
C:ProgramDelade filerSymantec SharedPIF{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}PIFSvc.exe
C:ProgramDelade filerSymantec SharedSNDSrvc.exe
C:ProgramDelade filerSymantec SharedSPBBCSPBBCSvc.exe
C:ProgramDelade filerSymantec SharedCCPD-LCsymlcsvc.exe
C:WINDOWSsystem32LEXBCES.EXE
C:WINDOWSsystem32LEXPPS.EXE
C:WINDOWSsystem32spoolsv.exe
C:ProgramSymantecLiveUpdateALUSchedulerSvc.exe
C:WINDOWSSystem32svchost.exe
C:ProgramDellOpenManageClientIap.exe
C:ProgramMicrosoft SQL ServerMSSQL$SPCSBinnsqlservr.exe
C:ProgramNorton Internet SecurityNorton AntiVirusnavapsvc.exe
C:ProgramFightersconfigservice.exe
C:WINDOWSsystem32svchost.exe
C:ProgramFighterslicenseservice.exe
C:ProgramFightersupdateservice.exe
C:ProgramFightersScannerService.exe
C:WINDOWSsystem32wbemwmiprvse.exe
C:ProgramWindows Media PlayerWMPNetwk.exe
C:WINDOWSsystem32wbemwmiprvse.exe
C:WINDOWSSystem32alg.exe
C:WINDOWSExplorer.EXE
C:WINDOWSSystem32regsvr32.exe
C:ProgramMacrogamingSweetIMSweetIM.exe
C:ProgramJavajre1.6.0_05binjusched.exe
C:ProgramFightersspywarefighterSpywarefighterUser.exe
C:ProgramQuickTimeqttask.exe
C:ProgramInternet ExplorerIEXPLORE.EXE
C:ProgramWindows LiveMessengermsnmsgr.exe
C:WINDOWSsystem32LXSUPMON.EXE
C:WINDOWSservice.exe
C:WINDOWSsystem32igfxpers.exe
C:WINDOWSsystem32hkcmd.exe
C:ProgramCyberLinkPowerDVDDVDLauncher.exe
C:ProgramDelade filerSymantec SharedccApp.exe
C:WINDOWSsystem32ctfmon.exe
C:ProgramWindows Media PlayerWMPNSCFG.exe
C:ProgramGoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe
C:GarmingStart.exe
c:programfightersspywarefighterSPYWAREfighterTray.exe
C:ProgramDelade filerMicrosoft SharedWindows LiveWLLoginProxy.exe
C:ProgramDelade filerSymantec SharedSecurity ConsoleNSCSRVCE.EXE
C:ProgramInternet Exploreriexplore.exe
C:ProgramInternet Exploreriexplore.exe
C:WINDOWSsystem32NOTEPAD.EXE
C:ProgramTrend MicroHijackThisCatha.exe
C:ProgramMessengermsmsgs.exe
R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Search Bar = http://dellsearchedit.myway.com/samisc/del...ebar.jhtml?p=EB
R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = https://upplandsbro.skola24.se/
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www1.euro.dell.com/content/default....;l=sv&s=gen
R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Länkar
R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - C:ProgramMyWaySASrchAsDedeSrcAs.dll (file missing)
R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:ProgramMacrogamingSweetIMBarForIEtoolbar.dll
O2 - BHO: (no name) - {0005B3DD-A43D-432D-915B-1933D975E360} - C:WINDOWSsystem32jhrxxbid.dll
O2 - BHO: (no name) - {000B187F-D25F-4BEF-8E7F-220666FB7830} - C:WINDOWSsystem32qalrjiqr.dll
O2 - BHO: (no name) - {000B67BA-A43D-432D-915B-1933D975E360} - C:WINDOWSsystem32jhrxxbid.dll
O2 - BHO: (no name) - {001630FE-D25F-4BEF-8E7F-220666FB7830} - C:WINDOWSsystem32qalrjiqr.dll
O2 - BHO: (no name) - {0016CF75-A43D-432D-915B-1933D975E360} - C:WINDOWSsystem32jhrxxbid.dll
O2 - BHO: (no name) - {002C61FD-D25F-4BEF-8E7F-220666FB7830} - C:WINDOWSsystem32qalrjiqr.dll
O2 - BHO: (no name) - {002D9EEA-A43D-432D-915B-1933D975E360} - C:WINDOWSsystem32jhrxxbid.dll
O2 - BHO: (no name) - {0058C3FB-D25F-4BEF-8E7F-220666FB7830} - C:WINDOWSsystem32qalrjiqr.dll
O2 - BHO: (no name) - {005B3DD4-A43D-432D-915B-1933D975E360} - C:WINDOWSsystem32jhrxxbid.dll
O2 - BHO: (no name) - {00b187f6-d25f-4bef-8e7f-220666fb7830} - C:WINDOWSsystem32qalrjiqr.dll
O2 - BHO: (no name) - {00b67ba9-a43d-432d-915b-1933d975e360} - C:WINDOWSsystem32jhrxxbid.dll
O2 - BHO: (no name) - {01630fed-d25f-4bef-8e7f-220666fb7830} - C:WINDOWSsystem32qalrjiqr.dll
O2 - BHO: (no name) - {016cf752-a43d-432d-915b-1933d975e360} - C:WINDOWSsystem32jhrxxbid.dll
O2 - BHO: (no name) - {02c61fdb-d25f-4bef-8e7f-220666fb7830} - C:WINDOWSsystem32qalrjiqr.dll
O2 - BHO: (no name) - {02d9eea5-a43d-432d-915b-1933d975e360} - C:WINDOWSsystem32jhrxxbid.dll
O2 - BHO: (no name) - {058c3fb7-d25f-4bef-8e7f-220666fb7830} - C:WINDOWSsystem32qalrjiqr.dll
O2 - BHO: (no name) - {05b3dd4b-a43d-432d-915b-1933d975e360} - C:WINDOWSsystem32jhrxxbid.dll
O2 - BHO: (no name) - {0b187f6f-d25f-4bef-8e7f-220666fb7830} - C:WINDOWSsystem32qalrjiqr.dll
O2 - BHO: (no name) - {0b67ba96-a43d-432d-915b-1933d975e360} - C:WINDOWSsystem32jhrxxbid.dll
O2 - BHO: mxlivemedia browser enhancer - {15f1de2b-e547-f1d4-f82d-d5bfd4ee2e0e} - C:WINDOWSsystem32tuyrgsacxlt.dll
O2 - BHO: (no name) - {1630fede-d25f-4bef-8e7f-220666fb7830} - C:WINDOWSsystem32qalrjiqr.dll
O2 - BHO: (no name) - {4D25F921-B9FE-4682-BF72-8AB8210D6D75} - C:ProgramMyWaySASrchAsDedeSrcAs.dll (file missing)
O2 - BHO: (no name) - {75ABCF92-9764-4DFA-A83F-5142C3905052} - C:WINDOWSsystem32ssqPjIxy.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:ProgramJavajre1.6.0_05binssv.dll
O2 - BHO: (no name) - {79117664-7a50-429c-b3af-6cdf9e1886ce} - C:WINDOWSsystem32qoMeEULB.dll (file missing)
O2 - BHO: Windows Live inloggningshjälpen - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:ProgramDelade filerMicrosoft SharedWindows LiveWindowsLiveLogin.dll
O2 - BHO: {329c2ac8-6dfe-7d19-9c64-9ad4821d18c9} - {9c81d128-4da9-46c9-91d7-efd68ca2c923} - C:WINDOWSsystem32bjxykt.dll
O2 - BHO: Norton Internet Security 2006 - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:ProgramDelade filerSymantec SharedAdBlockingNISShExt.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:ProgramNorton Internet SecurityNorton AntiVirusNavShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:programgooglegoogletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:ProgramGoogleGoogleToolbarNotifier3.1.807.1746swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:ProgramWindows Live Toolbarmsntb.dll
O2 - BHO: (no name) - {DEB85B3B-8AFC-4567-BC39-46DA44C17C61} - C:WINDOWSsystem32bYomLefg.dll
O3 - Toolbar: Norton Internet Security 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:ProgramDelade filerSymantec SharedAdBlockingNISShExt.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:ProgramNorton Internet SecurityNorton AntiVirusNavShExt.dll
O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:ProgramMacrogamingSweetIMBarForIEtoolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:programgooglegoogletoolbar1.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:ProgramWinamp Toolbarwinamptb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:ProgramWindows Live Toolbarmsntb.dll
O4 - HKLM..Run: [symantec PIF AlertEng] "C:ProgramDelade filerSymantec SharedPIF{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}PIFSvc.exe" /a /m "C:ProgramDelade filerSymantec SharedPIF{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}AlertEng.dll"
O4 - HKLM..Run: [C:WINDOWSsystem32kdihl.exe] C:WINDOWSsystem32kdihl.exe
O4 - HKLM..Run: [lsmnvboumq] C:WINDOWSSystem32regsvr32.exe /s "C:WINDOWSsystem32tuyrgsacxlt.dll"
O4 - HKLM..Run: [Windows Updater] updater.com
O4 - HKLM..Run: [WinampAgent] C:ProgramWinampwianmpa.exe
O4 - HKLM..Run: [sweetIM] C:ProgramMacrogamingSweetIMSweetIM.exe
O4 - HKLM..Run: [sunJavaUpdateSched] "C:ProgramJavajre1.6.0_05binjusched.exe"
O4 - HKLM..Run: [spywarefighterguard] C:ProgramFightersspywarefighterSpywarefighterUser.exe
O4 - HKLM..Run: [QuickTime Task] "C:ProgramQuickTimeqttask.exe" -atboottime
O4 - HKLM..Run: [Messenger Service] service.exe
O4 - HKLM..Run: [LXSUPMON] C:WINDOWSsystem32LXSUPMON.EXE RUN
O4 - HKLM..Run: [lphc7d9j0egfn] C:WINDOWSsystem32lphc7d9j0egfn.exe
O4 - HKLM..Run: [KernelFaultCheck] %systemroot%system32dumprep 0 -k
O4 - HKLM..Run: [igfxtray] C:WINDOWSsystem32igfxtray.exe
O4 - HKLM..Run: [igfxpers] C:WINDOWSsystem32igfxpers.exe
O4 - HKLM..Run: [igfxhkcmd] C:WINDOWSsystem32hkcmd.exe
O4 - HKLM..Run: [DVDLauncher] "C:ProgramCyberLinkPowerDVDDVDLauncher.exe"
O4 - HKLM..Run: [ccApp] "C:ProgramDelade filerSymantec SharedccApp.exe"
O4 - HKLM..Run: [Adobe Reader Speed Launcher] "C:ProgramAdobeReader 8.0ReaderReader_sl.exe"
O4 - HKCU..Run: [ctfmon.exe] C:WINDOWSsystem32ctfmon.exe
O4 - HKCU..Run: [WMPNSCFG] C:ProgramWindows Media PlayerWMPNSCFG.exe
O4 - HKCU..Run: [swg] C:ProgramGoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe
O4 - HKCU..Run: [MsnMsgr] "C:ProgramWindows LiveMessengermsnmsgr.exe" /background
O4 - HKCU..Run: [gStart] C:GarmingStart.exe
O4 - HKCU..Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:ProgramDelade filerAheadLibNMBgMonitor.exe"
O4 - HKUSS-1-5-19..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User 'LOKAL TJÄNST')
O4 - HKUSS-1-5-20..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUSS-1-5-18..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User 'SYSTEM')
O4 - HKUS.DEFAULT..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User 'Default user')
O7 - HKLMSoftwareMicrosoftWindowsCurrentVersionPoliciesSystem, DisableRegedit=1
O8 - Extra context menu item: &Winamp Toolbar Search - C:Documents and SettingsAll UsersApplication DataWinamp ToolbarieToolbarresourcesen-USlocalsearch.html
O8 - Extra context menu item: &Windows Live Search - res://C:ProgramWindows Live Toolbarmsntb.dll/search.htm
O8 - Extra context menu item: Add to AMV Converter... - C:ProgramMP3 Player Utilities 4.15AMVConvertergrab.html
O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:ProgramMICROS~2OFFICE11EXCEL.EXE/3000
O8 - Extra context menu item: MediaManager tool grab multimedia file - C:ProgramMP3 Player Utilities 4.15MediaManagergrab.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:ProgramJavajre1.6.0_05binssv.dll
O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:ProgramJavajre1.6.0_05binssv.dll
O9 - Extra button: Blogga detta - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:ProgramWindows LiveWriterWriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blogga detta i Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:ProgramWindows LiveWriterWriterBrowserExtension.dll
O9 - Extra button: Referensinformation - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:ProgramMICROS~2OFFICE11REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:WINDOWSNetwork Diagnosticxpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:WINDOWSNetwork Diagnosticxpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:ProgramMessengermsmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:ProgramMessengermsmsgs.exe
O16 - DPF: {45A0A292-ECC6-4D8F-9EA9-A4BD411D24C1} (king.com) - http://www.king.com/ctl/kingcomie.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game12.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab
O17 - HKLMSystemCCSServicesTcpip..{7EF5BB9B-24D6-4AA6-A938-6D497EBDCA75}: NameServer = 85.255.112.74;85.255.112.191
O17 - HKLMSystemCCSServicesTcpip..{F5198715-F56E-4D20-A279-1A0FA879F9D2}: NameServer = 85.255.112.74;85.255.112.191
O20 - AppInit_DLLs: bjxykt.dll
O20 - Winlogon Notify: qomeeulb - qoMeEULB.dll (file missing)
O20 - Winlogon Notify: ssqPjIxy - C:WINDOWSSYSTEM32ssqPjIxy.dll
O20 - Winlogon Notify: wvukjbcb - wvUkJbcB.dll (file missing)
O23 - Service: Automatisk LiveUpdate-schemaläggare - Symantec Corporation - C:ProgramSymantecLiveUpdateALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:ProgramDelade filerSymantec SharedccEvtMgr.exe
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:ProgramNorton Internet SecurityccPwdSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:ProgramDelade filerSymantec SharedccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:ProgramDelade filerSymantec SharedccSetMgr.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:ProgramNorton Internet SecuritycomHost.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:ProgramGoogleCommonGoogle UpdaterGoogleUpdaterService.exe
O23 - Service: Iap - Dell Inc - C:ProgramDellOpenManageClientIap.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:WINDOWSsystem32LEXBCES.EXE
O23 - Service: LiveUpdate - Symantec Corporation - C:ProgramSymantecLIVEUP~1LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:ProgramDelade filerSymantec SharedPIF{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}PIFSvc.exe
O23 - Service: Norton AntiVirus Auto Protect-tjänst (navapsvc) - Symantec Corporation - C:ProgramNorton Internet SecurityNorton AntiVirusnavapsvc.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:ProgramIntelNCSSyncNetSvc.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:ProgramDelade filerSymantec SharedSecurity ConsoleNSCSRVCE.EXE
O23 - Service: PTK License-FIGHTERS-4665699 (ptk license-fighters-4665699) - SPAMfighter - C:ProgramFighterslicenseservice.exe
O23 - Service: PTK Live Update-FIGHTERS-4665699 (ptk live update-fighters-4665699) - SPAMfighter - C:ProgramFightersupdateservice.exe
O23 - Service: PTK Scanner-FIGHTERS-4665699 (ptk scanner-fighters-4665699) - SPAMfighter - C:ProgramFightersScannerService.exe
O23 - Service: PTK SharedAccess-FIGHTERS-4665699 (ptk sharedaccess-fighters-4665699) - SPAMfighter - C:ProgramFightersconfigservice.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:ProgramNorton Internet SecurityNorton AntiVirusSAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:ProgramDelade filerSymantec SharedSNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:ProgramDelade filerSymantec SharedSPBBCSPBBCSvc.exe
O23 - Service: Symantec Core LC - Unknown owner - C:ProgramDelade filerSymantec SharedCCPD-LCsymlcsvc.exe
O23 - Service: Symantec RemoteAssist - Symantec, Inc. - C:ProgramDelade filerSymantec SharedSupport Controlsssrc.exe
O24 - Desktop Component 0: (no name) - http://www.microsoft.com/windows/plus/imag...ish_150x106.jpg
--
End of file - 16491 bytes
Fick dela den på två.....
Något att bita i
i Borttagning av virus och andra skadliga program
Postad
Här kommer resultatet..
//Stefan
SmitFraudFix v2.375
Scan done at 10:02:56,10, 2008-11-13
Run from C:Documents and SettingsCatharina AndreeSkrivbordSmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode
»»»»»»»»»»»»»»»»»»»»»»»» Process
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:ProgramDelade filerSymantec SharedccSetMgr.exe
C:ProgramDelade filerSymantec SharedccEvtMgr.exe
C:ProgramDelade filerSymantec SharedccProxy.exe
C:ProgramDelade filerSymantec SharedPIF{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}PIFSvc.exe
C:ProgramDelade filerSymantec SharedSNDSrvc.exe
C:ProgramDelade filerSymantec SharedSPBBCSPBBCSvc.exe
C:ProgramDelade filerSymantec SharedCCPD-LCsymlcsvc.exe
C:WINDOWSExplorer.EXE
C:WINDOWSsystem32LEXBCES.EXE
C:WINDOWSsystem32LEXPPS.EXE
C:WINDOWSsystem32spoolsv.exe
C:ProgramQuickTimeqttask.exe
C:WINDOWSsystem32LXSUPMON.EXE
C:WINDOWSsystem32igfxpers.exe
C:WINDOWSsystem32hkcmd.exe
C:ProgramCyberLinkPowerDVDDVDLauncher.exe
C:ProgramDelade filerSymantec SharedccApp.exe
C:ProgramJavajre6binjusched.exe
C:WINDOWSsystem32ctfmon.exe
C:ProgramGoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe
C:ProgramWindows LiveMessengermsnmsgr.exe
C:GarmingStart.exe
C:ProgramWindows Media PlayerWMPNSCFG.exe
C:ProgramSymantecLiveUpdateALUSchedulerSvc.exe
C:WINDOWSSystem32svchost.exe
C:ProgramDellOpenManageClientIap.exe
C:ProgramJavajre6binjqs.exe
C:ProgramMicrosoft SQL ServerMSSQL$SPCSBinnsqlservr.exe
C:ProgramNorton Internet SecurityNorton AntiVirusnavapsvc.exe
C:WINDOWSsystem32svchost.exe
C:ProgramDelade filerSymantec SharedSecurity ConsoleNSCSRVCE.EXE
C:WINDOWSsystem32wuauclt.exe
C:Programinternet exploreriexplore.exe
C:ProgramDelade filerMicrosoft SharedWindows LiveWLLoginProxy.exe
C:ProgramMessengermsmsgs.exe
C:WINDOWSsystem32cmd.exe
C:ProgramSymantecLiveUpdateAUpdate.exe
C:ProgramSymantecLIVEUP~1LUCOMS~1.EXE
C:ProgramSymantecLiveUpdateLuCallbackProxy.exe
C:ProgramSymantecLiveUpdateLuCallbackProxy.exe
C:ProgramSymantecLiveUpdateLuCallbackProxy.exe
C:ProgramSymantecLiveUpdateLuCallbackProxy.exe
C:ProgramSymantecLiveUpdateLuCallbackProxy.exe
C:ProgramSymantecLiveUpdateLuCallbackProxy.exe
C:ProgramSymantecLiveUpdateLuCallbackProxy.exe
C:ProgramSymantecLiveUpdateLuCallbackProxy.exe
»»»»»»»»»»»»»»»»»»»»»»»» hosts
»»»»»»»»»»»»»»»»»»»»»»»» C:
»»»»»»»»»»»»»»»»»»»»»»»» C:WINDOWS
»»»»»»»»»»»»»»»»»»»»»»»» C:WINDOWSsystem
»»»»»»»»»»»»»»»»»»»»»»»» C:WINDOWSWeb
»»»»»»»»»»»»»»»»»»»»»»»» C:WINDOWSsystem32
»»»»»»»»»»»»»»»»»»»»»»»» C:WINDOWSsystem32LogFiles
»»»»»»»»»»»»»»»»»»»»»»»» C:Documents and SettingsCatharina Andree
»»»»»»»»»»»»»»»»»»»»»»»» C:DOCUME~1CATHAR~1LOKALA~1Temp
»»»»»»»»»»»»»»»»»»»»»»»» C:Documents and SettingsCatharina AndreeApplication Data
»»»»»»»»»»»»»»»»»»»»»»»» Start Menu
»»»»»»»»»»»»»»»»»»»»»»»» C:DOCUME~1CATHAR~1FAVORI~1
»»»»»»»»»»»»»»»»»»»»»»»» Desktop
»»»»»»»»»»»»»»»»»»»»»»»» C:Program
C:ProgramGooglegoogletoolbar1.dll FOUND !
»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys
»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components
[HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerDesktopComponents1]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Min aktuella startsida"
»»»»»»»»»»»»»»»»»»»»»»»» o4Patch
!!!Attention, following keys are not inevitably infected!!!
o4Patch
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, following keys are not inevitably infected!!!
IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, following keys are not inevitably infected!!!
VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
!!!Attention, following keys are not inevitably infected!!!
404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogon]
"Userinit"="C:WINDOWSsystem32userinit.exe,"
"System"=""
»»»»»»»»»»»»»»»»»»»»»»»» RK
»»»»»»»»»»»»»»»»»»»»»»»» DNS
Your computer may be victim of a DNS Hijack: 85.255.x.x detected !
Description: 802.11g/b Wireless LAN Client Adapter - Miniport för paketschemaläggning
DNS Server Search Order: 85.255.112.83
DNS Server Search Order: 192.168.0.1
HKLMSYSTEMCCSServicesTcpip..{7EF5BB9B-24D6-4AA6-A938-6D497EBDCA75}: DhcpNameServer=85.255.112.83 192.168.0.1
HKLMSYSTEMCS1ServicesTcpip..{7EF5BB9B-24D6-4AA6-A938-6D497EBDCA75}: DhcpNameServer=85.255.112.83 192.168.0.1
HKLMSYSTEMCS2ServicesTcpip..{7EF5BB9B-24D6-4AA6-A938-6D497EBDCA75}: DhcpNameServer=85.255.112.83 192.168.0.1
HKLMSYSTEMCCSServicesTcpipParameters: DhcpNameServer=85.255.112.83 192.168.0.1
HKLMSYSTEMCS1ServicesTcpipParameters: DhcpNameServer=85.255.112.83 192.168.0.1
HKLMSYSTEMCS2ServicesTcpipParameters: DhcpNameServer=85.255.112.83 192.168.0.1
»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection
»»»»»»»»»»»»»»»»»»»»»»»» End