Jump to content

Något att bita i


Recommended Posts

*********************************************

2009-01-08:

Tråden är nu låst.

Tycker du att den är felaktigt låst, var god kontakta

Malou

*********************************************

Hej.

Vet inte vad jag har för **** i datorn eller hur jag får bort det. Norton Internet Security 2006 kraschar efter halva scanningen. Hoppas ngn kan hjälpa mej.

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 14:41:22, on 2008-11-09

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16735)

Boot mode: Normal

Running processes:

C:WINDOWSsystem32csrss.exe

C:WINDOWSsystem32winlogon.exe

C:WINDOWSsystem32services.exe

C:WINDOWSsystem32lsass.exe

C:WINDOWSsystem32svchost.exe

C:WINDOWSsystem32svchost.exe

C:WINDOWSsystem32svchost.exe

C:WINDOWSSystem32svchost.exe

C:WINDOWSsystem32svchost.exe

C:ProgramDelade filerSymantec SharedccSetMgr.exe

C:ProgramDelade filerSymantec SharedccEvtMgr.exe

C:ProgramDelade filerSymantec SharedccProxy.exe

C:ProgramDelade filerSymantec SharedPIF{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}PIFSvc.exe

C:ProgramDelade filerSymantec SharedSNDSrvc.exe

C:ProgramDelade filerSymantec SharedSPBBCSPBBCSvc.exe

C:ProgramDelade filerSymantec SharedCCPD-LCsymlcsvc.exe

C:WINDOWSsystem32LEXBCES.EXE

C:WINDOWSsystem32LEXPPS.EXE

C:WINDOWSsystem32spoolsv.exe

C:ProgramSymantecLiveUpdateALUSchedulerSvc.exe

C:WINDOWSSystem32svchost.exe

C:ProgramDellOpenManageClientIap.exe

C:ProgramMicrosoft SQL ServerMSSQL$SPCSBinnsqlservr.exe

C:ProgramNorton Internet SecurityNorton AntiVirusnavapsvc.exe

C:ProgramFightersconfigservice.exe

C:WINDOWSsystem32svchost.exe

C:ProgramFighterslicenseservice.exe

C:ProgramFightersupdateservice.exe

C:ProgramFightersScannerService.exe

C:WINDOWSsystem32wbemwmiprvse.exe

C:ProgramWindows Media PlayerWMPNetwk.exe

C:WINDOWSsystem32wbemwmiprvse.exe

C:WINDOWSSystem32alg.exe

C:WINDOWSExplorer.EXE

C:WINDOWSSystem32regsvr32.exe

C:ProgramMacrogamingSweetIMSweetIM.exe

C:ProgramJavajre1.6.0_05binjusched.exe

C:ProgramFightersspywarefighterSpywarefighterUser.exe

C:ProgramQuickTimeqttask.exe

C:ProgramInternet ExplorerIEXPLORE.EXE

C:ProgramWindows LiveMessengermsnmsgr.exe

C:WINDOWSsystem32LXSUPMON.EXE

C:WINDOWSservice.exe

C:WINDOWSsystem32igfxpers.exe

C:WINDOWSsystem32hkcmd.exe

C:ProgramCyberLinkPowerDVDDVDLauncher.exe

C:ProgramDelade filerSymantec SharedccApp.exe

C:WINDOWSsystem32ctfmon.exe

C:ProgramWindows Media PlayerWMPNSCFG.exe

C:ProgramGoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe

C:GarmingStart.exe

c:programfightersspywarefighterSPYWAREfighterTray.exe

C:ProgramDelade filerMicrosoft SharedWindows LiveWLLoginProxy.exe

C:ProgramDelade filerSymantec SharedSecurity ConsoleNSCSRVCE.EXE

C:ProgramInternet Exploreriexplore.exe

C:ProgramInternet Exploreriexplore.exe

C:WINDOWSsystem32NOTEPAD.EXE

C:ProgramTrend MicroHijackThisCatha.exe

C:ProgramMessengermsmsgs.exe

R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Search Bar = http://dellsearchedit.myway.com/samisc/del...ebar.jhtml?p=EB

R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = https://upplandsbro.skola24.se/

R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www1.euro.dell.com/content/default....;l=sv&s=gen

R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Länkar

R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - C:ProgramMyWaySASrchAsDedeSrcAs.dll (file missing)

R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:ProgramMacrogamingSweetIMBarForIEtoolbar.dll

O2 - BHO: (no name) - {0005B3DD-A43D-432D-915B-1933D975E360} - C:WINDOWSsystem32jhrxxbid.dll

O2 - BHO: (no name) - {000B187F-D25F-4BEF-8E7F-220666FB7830} - C:WINDOWSsystem32qalrjiqr.dll

O2 - BHO: (no name) - {000B67BA-A43D-432D-915B-1933D975E360} - C:WINDOWSsystem32jhrxxbid.dll

O2 - BHO: (no name) - {001630FE-D25F-4BEF-8E7F-220666FB7830} - C:WINDOWSsystem32qalrjiqr.dll

O2 - BHO: (no name) - {0016CF75-A43D-432D-915B-1933D975E360} - C:WINDOWSsystem32jhrxxbid.dll

O2 - BHO: (no name) - {002C61FD-D25F-4BEF-8E7F-220666FB7830} - C:WINDOWSsystem32qalrjiqr.dll

O2 - BHO: (no name) - {002D9EEA-A43D-432D-915B-1933D975E360} - C:WINDOWSsystem32jhrxxbid.dll

O2 - BHO: (no name) - {0058C3FB-D25F-4BEF-8E7F-220666FB7830} - C:WINDOWSsystem32qalrjiqr.dll

O2 - BHO: (no name) - {005B3DD4-A43D-432D-915B-1933D975E360} - C:WINDOWSsystem32jhrxxbid.dll

O2 - BHO: (no name) - {00b187f6-d25f-4bef-8e7f-220666fb7830} - C:WINDOWSsystem32qalrjiqr.dll

O2 - BHO: (no name) - {00b67ba9-a43d-432d-915b-1933d975e360} - C:WINDOWSsystem32jhrxxbid.dll

O2 - BHO: (no name) - {01630fed-d25f-4bef-8e7f-220666fb7830} - C:WINDOWSsystem32qalrjiqr.dll

O2 - BHO: (no name) - {016cf752-a43d-432d-915b-1933d975e360} - C:WINDOWSsystem32jhrxxbid.dll

O2 - BHO: (no name) - {02c61fdb-d25f-4bef-8e7f-220666fb7830} - C:WINDOWSsystem32qalrjiqr.dll

O2 - BHO: (no name) - {02d9eea5-a43d-432d-915b-1933d975e360} - C:WINDOWSsystem32jhrxxbid.dll

O2 - BHO: (no name) - {058c3fb7-d25f-4bef-8e7f-220666fb7830} - C:WINDOWSsystem32qalrjiqr.dll

O2 - BHO: (no name) - {05b3dd4b-a43d-432d-915b-1933d975e360} - C:WINDOWSsystem32jhrxxbid.dll

O2 - BHO: (no name) - {0b187f6f-d25f-4bef-8e7f-220666fb7830} - C:WINDOWSsystem32qalrjiqr.dll

O2 - BHO: (no name) - {0b67ba96-a43d-432d-915b-1933d975e360} - C:WINDOWSsystem32jhrxxbid.dll

O2 - BHO: mxlivemedia browser enhancer - {15f1de2b-e547-f1d4-f82d-d5bfd4ee2e0e} - C:WINDOWSsystem32tuyrgsacxlt.dll

O2 - BHO: (no name) - {1630fede-d25f-4bef-8e7f-220666fb7830} - C:WINDOWSsystem32qalrjiqr.dll

O2 - BHO: (no name) - {4D25F921-B9FE-4682-BF72-8AB8210D6D75} - C:ProgramMyWaySASrchAsDedeSrcAs.dll (file missing)

O2 - BHO: (no name) - {75ABCF92-9764-4DFA-A83F-5142C3905052} - C:WINDOWSsystem32ssqPjIxy.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:ProgramJavajre1.6.0_05binssv.dll

O2 - BHO: (no name) - {79117664-7a50-429c-b3af-6cdf9e1886ce} - C:WINDOWSsystem32qoMeEULB.dll (file missing)

O2 - BHO: Windows Live inloggningshjälpen - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:ProgramDelade filerMicrosoft SharedWindows LiveWindowsLiveLogin.dll

O2 - BHO: {329c2ac8-6dfe-7d19-9c64-9ad4821d18c9} - {9c81d128-4da9-46c9-91d7-efd68ca2c923} - C:WINDOWSsystem32bjxykt.dll

O2 - BHO: Norton Internet Security 2006 - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:ProgramDelade filerSymantec SharedAdBlockingNISShExt.dll

O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:ProgramNorton Internet SecurityNorton AntiVirusNavShExt.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:programgooglegoogletoolbar1.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:ProgramGoogleGoogleToolbarNotifier3.1.807.1746swg.dll

O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:ProgramWindows Live Toolbarmsntb.dll

O2 - BHO: (no name) - {DEB85B3B-8AFC-4567-BC39-46DA44C17C61} - C:WINDOWSsystem32bYomLefg.dll

O3 - Toolbar: Norton Internet Security 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:ProgramDelade filerSymantec SharedAdBlockingNISShExt.dll

O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:ProgramNorton Internet SecurityNorton AntiVirusNavShExt.dll

O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:ProgramMacrogamingSweetIMBarForIEtoolbar.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:programgooglegoogletoolbar1.dll

O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:ProgramWinamp Toolbarwinamptb.dll

O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:ProgramWindows Live Toolbarmsntb.dll

O4 - HKLM..Run: [symantec PIF AlertEng] "C:ProgramDelade filerSymantec SharedPIF{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}PIFSvc.exe" /a /m "C:ProgramDelade filerSymantec SharedPIF{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}AlertEng.dll"

O4 - HKLM..Run: [C:WINDOWSsystem32kdihl.exe] C:WINDOWSsystem32kdihl.exe

O4 - HKLM..Run: [lsmnvboumq] C:WINDOWSSystem32regsvr32.exe /s "C:WINDOWSsystem32tuyrgsacxlt.dll"

O4 - HKLM..Run: [Windows Updater] updater.com

O4 - HKLM..Run: [WinampAgent] C:ProgramWinampwianmpa.exe

O4 - HKLM..Run: [sweetIM] C:ProgramMacrogamingSweetIMSweetIM.exe

O4 - HKLM..Run: [sunJavaUpdateSched] "C:ProgramJavajre1.6.0_05binjusched.exe"

O4 - HKLM..Run: [spywarefighterguard] C:ProgramFightersspywarefighterSpywarefighterUser.exe

O4 - HKLM..Run: [QuickTime Task] "C:ProgramQuickTimeqttask.exe" -atboottime

O4 - HKLM..Run: [Messenger Service] service.exe

O4 - HKLM..Run: [LXSUPMON] C:WINDOWSsystem32LXSUPMON.EXE RUN

O4 - HKLM..Run: [lphc7d9j0egfn] C:WINDOWSsystem32lphc7d9j0egfn.exe

O4 - HKLM..Run: [KernelFaultCheck] %systemroot%system32dumprep 0 -k

O4 - HKLM..Run: [igfxtray] C:WINDOWSsystem32igfxtray.exe

O4 - HKLM..Run: [igfxpers] C:WINDOWSsystem32igfxpers.exe

O4 - HKLM..Run: [igfxhkcmd] C:WINDOWSsystem32hkcmd.exe

O4 - HKLM..Run: [DVDLauncher] "C:ProgramCyberLinkPowerDVDDVDLauncher.exe"

O4 - HKLM..Run: [ccApp] "C:ProgramDelade filerSymantec SharedccApp.exe"

O4 - HKLM..Run: [Adobe Reader Speed Launcher] "C:ProgramAdobeReader 8.0ReaderReader_sl.exe"

O4 - HKCU..Run: [ctfmon.exe] C:WINDOWSsystem32ctfmon.exe

O4 - HKCU..Run: [WMPNSCFG] C:ProgramWindows Media PlayerWMPNSCFG.exe

O4 - HKCU..Run: [swg] C:ProgramGoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe

O4 - HKCU..Run: [MsnMsgr] "C:ProgramWindows LiveMessengermsnmsgr.exe" /background

O4 - HKCU..Run: [gStart] C:GarmingStart.exe

O4 - HKCU..Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:ProgramDelade filerAheadLibNMBgMonitor.exe"

O4 - HKUSS-1-5-19..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User 'LOKAL TJÄNST')

O4 - HKUSS-1-5-20..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUSS-1-5-18..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User 'SYSTEM')

O4 - HKUS.DEFAULT..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User 'Default user')

O7 - HKLMSoftwareMicrosoftWindowsCurrentVersionPoliciesSystem, DisableRegedit=1

O8 - Extra context menu item: &Winamp Toolbar Search - C:Documents and SettingsAll UsersApplication DataWinamp ToolbarieToolbarresourcesen-USlocalsearch.html

O8 - Extra context menu item: &Windows Live Search - res://C:ProgramWindows Live Toolbarmsntb.dll/search.htm

O8 - Extra context menu item: Add to AMV Converter... - C:ProgramMP3 Player Utilities 4.15AMVConvertergrab.html

O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:ProgramMICROS~2OFFICE11EXCEL.EXE/3000

O8 - Extra context menu item: MediaManager tool grab multimedia file - C:ProgramMP3 Player Utilities 4.15MediaManagergrab.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:ProgramJavajre1.6.0_05binssv.dll

O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:ProgramJavajre1.6.0_05binssv.dll

O9 - Extra button: Blogga detta - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:ProgramWindows LiveWriterWriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Blogga detta i Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:ProgramWindows LiveWriterWriterBrowserExtension.dll

O9 - Extra button: Referensinformation - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:ProgramMICROS~2OFFICE11REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:WINDOWSNetwork Diagnosticxpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:WINDOWSNetwork Diagnosticxpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:ProgramMessengermsmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:ProgramMessengermsmsgs.exe

O16 - DPF: {45A0A292-ECC6-4D8F-9EA9-A4BD411D24C1} (king.com) - http://www.king.com/ctl/kingcomie.cab

O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game12.zylom.com/activex/zylomgamesplayer.cab

O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab

O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab

O17 - HKLMSystemCCSServicesTcpip..{7EF5BB9B-24D6-4AA6-A938-6D497EBDCA75}: NameServer = 85.255.112.74;85.255.112.191

O17 - HKLMSystemCCSServicesTcpip..{F5198715-F56E-4D20-A279-1A0FA879F9D2}: NameServer = 85.255.112.74;85.255.112.191

O20 - AppInit_DLLs: bjxykt.dll

O20 - Winlogon Notify: qomeeulb - qoMeEULB.dll (file missing)

O20 - Winlogon Notify: ssqPjIxy - C:WINDOWSSYSTEM32ssqPjIxy.dll

O20 - Winlogon Notify: wvukjbcb - wvUkJbcB.dll (file missing)

O23 - Service: Automatisk LiveUpdate-schemaläggare - Symantec Corporation - C:ProgramSymantecLiveUpdateALUSchedulerSvc.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:ProgramDelade filerSymantec SharedccEvtMgr.exe

O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:ProgramNorton Internet SecurityccPwdSvc.exe

O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:ProgramDelade filerSymantec SharedccProxy.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:ProgramDelade filerSymantec SharedccSetMgr.exe

O23 - Service: COM Host (comHost) - Symantec Corporation - C:ProgramNorton Internet SecuritycomHost.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:ProgramGoogleCommonGoogle UpdaterGoogleUpdaterService.exe

O23 - Service: Iap - Dell Inc - C:ProgramDellOpenManageClientIap.exe

O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:WINDOWSsystem32LEXBCES.EXE

O23 - Service: LiveUpdate - Symantec Corporation - C:ProgramSymantecLIVEUP~1LUCOMS~1.EXE

O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:ProgramDelade filerSymantec SharedPIF{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}PIFSvc.exe

O23 - Service: Norton AntiVirus Auto Protect-tjänst (navapsvc) - Symantec Corporation - C:ProgramNorton Internet SecurityNorton AntiVirusnavapsvc.exe

O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:ProgramIntelNCSSyncNetSvc.exe

O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:ProgramDelade filerSymantec SharedSecurity ConsoleNSCSRVCE.EXE

O23 - Service: PTK License-FIGHTERS-4665699 (ptk license-fighters-4665699) - SPAMfighter - C:ProgramFighterslicenseservice.exe

O23 - Service: PTK Live Update-FIGHTERS-4665699 (ptk live update-fighters-4665699) - SPAMfighter - C:ProgramFightersupdateservice.exe

O23 - Service: PTK Scanner-FIGHTERS-4665699 (ptk scanner-fighters-4665699) - SPAMfighter - C:ProgramFightersScannerService.exe

O23 - Service: PTK SharedAccess-FIGHTERS-4665699 (ptk sharedaccess-fighters-4665699) - SPAMfighter - C:ProgramFightersconfigservice.exe

O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:ProgramNorton Internet SecurityNorton AntiVirusSAVScan.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:ProgramDelade filerSymantec SharedSNDSrvc.exe

O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:ProgramDelade filerSymantec SharedSPBBCSPBBCSvc.exe

O23 - Service: Symantec Core LC - Unknown owner - C:ProgramDelade filerSymantec SharedCCPD-LCsymlcsvc.exe

O23 - Service: Symantec RemoteAssist - Symantec, Inc. - C:ProgramDelade filerSymantec SharedSupport Controlsssrc.exe

O24 - Desktop Component 0: (no name) - http://www.microsoft.com/windows/plus/imag...ish_150x106.jpg

--

End of file - 16491 bytes

Link to comment
Share on other sites

Hej StefanT!

Vad jag kan tyda av din TM HJT-logga så har du råkat ut för en riktigt rejäl Vundoinfektion.

Skriv ut nedanstående eller kopiera det till ett textdokument och spara det till skrivbordet:

Läs/Följ instruktionerna noga:

Hämta hem Malwarebytes Anti-Malware:

http://www.besttechie.net/tools/mbam-setup.exe

1: Spara installationsfilen till skrivbordet

2: För att påbörja installationen dubbelklicka på mbam-setup.exe

3: Bocka för nedanstående

Uppdatera Malwarebytes' Anti-Malware

Starta Malwarebytes' Anti-Malware

4: Klicka på Slutför

Om där finns uppdateringar kommer dessa att installeras.

Då ovanstående är gjort gå vidare med nedanstående procedur:

1: När programmet startar så välj Utför snabb scanning

2: Klicka på knappen Scanna

3: Scanningen kommer nu att ta en stund

3: När programmet scannat klart klicka Ok och sedan Visa resultat

4: Bocka för allt och klicka på Remove Selected

5: Då borttagningen är klar kommer en textfil i Anteckningar att öppnas upp med en logg. Kopiera/klistra in den loggan hit till din tråd.

6: Gör en ny TM HJT-logga kopiera in den hit så får vi se hur den ser ut.

MVH/Malou

Link to comment
Share on other sites

Hej StefanT!

Varsegod och härligt att höra att du är glad igen  ;) ;)

Men kopiera gärna in loggarna hit som jag bad om så vi kan kontrollera så att systemet är rent.

MVH/Malou

Link to comment
Share on other sites

Ska göra det när jag kommer hem från jobbet

//Stefan

Ok låter bra. Så tar jag en titt på dem imorgon  ;)

Anledningen till att jag vill se loggarna är för att som du förhoppningsvis förstår försäkra mig om att allt är rent och fint. Och att Malwarebytes Anti-Malware hittat samt åtgärdat det mesta. För det fanns en hel del otyg i din TM HJT-logga och det är inte säkert att Malwarebytes Anti-Malware klarar av att hitta/åtgärda resterande. Vi kan behöva ta till ytterligare skarpa verktyg för att åtgärda resterande. Detta är då för att hjälpa dig i all välmening så att du verkligen får ett rent och fint system igen  ;) ;)

MVH/Malou

Link to comment
Share on other sites

Hej igen

Ingen är tacksammare än jag att det blir  fullständigt virusfritt. Provade både med Spywarefighter och Norton innan, men jag borde loggat in på den här sidan direkt istället. Ha en bra dag..

M.v.h

Stefan

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 11:51:45, on 2008-11-10

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16735)

Boot mode: Normal

Running processes:

C:WINDOWSSystem32smss.exe

C:WINDOWSsystem32winlogon.exe

C:WINDOWSsystem32services.exe

C:WINDOWSsystem32lsass.exe

C:WINDOWSsystem32svchost.exe

C:WINDOWSSystem32svchost.exe

C:ProgramDelade filerSymantec SharedccSetMgr.exe

C:ProgramDelade filerSymantec SharedccEvtMgr.exe

C:ProgramDelade filerSymantec SharedccProxy.exe

C:ProgramDelade filerSymantec SharedPIF{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}PIFSvc.exe

C:ProgramDelade filerSymantec SharedSNDSrvc.exe

C:ProgramDelade filerSymantec SharedSPBBCSPBBCSvc.exe

C:ProgramDelade filerSymantec SharedCCPD-LCsymlcsvc.exe

C:WINDOWSExplorer.EXE

C:WINDOWSsystem32LEXBCES.EXE

C:WINDOWSsystem32LEXPPS.EXE

C:WINDOWSsystem32spoolsv.exe

C:ProgramSymantecLiveUpdateALUSchedulerSvc.exe

C:WINDOWSSystem32svchost.exe

C:ProgramDellOpenManageClientIap.exe

C:ProgramMicrosoft SQL ServerMSSQL$SPCSBinnsqlservr.exe

C:ProgramNorton Internet SecurityNorton AntiVirusnavapsvc.exe

C:ProgramFightersconfigservice.exe

C:WINDOWSsystem32svchost.exe

C:ProgramFighterslicenseservice.exe

C:ProgramFightersupdateservice.exe

C:ProgramFightersScannerService.exe

C:ProgramMacrogamingSweetIMSweetIM.exe

C:ProgramJavajre1.6.0_05binjusched.exe

C:ProgramFightersspywarefighterSpywarefighterUser.exe

C:ProgramQuickTimeqttask.exe

C:WINDOWSsystem32LXSUPMON.EXE

C:WINDOWSsystem32igfxpers.exe

C:WINDOWSsystem32hkcmd.exe

C:ProgramCyberLinkPowerDVDDVDLauncher.exe

C:ProgramDelade filerSymantec SharedccApp.exe

C:WINDOWSsystem32ctfmon.exe

C:ProgramWindows Media PlayerWMPNSCFG.exe

C:ProgramGoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe

C:ProgramWindows LiveMessengermsnmsgr.exe

C:GarmingStart.exe

C:ProgramDelade filerSymantec SharedSecurity ConsoleNSCSRVCE.EXE

C:WINDOWSsystem32wuauclt.exe

C:ProgramSymantecLIVEUP~1LUCOMS~1.EXE

C:ProgramSymantecLiveUpdateAUpdate.exe

C:ProgramSymantecLiveUpdateLuCallbackProxy.exe

C:ProgramSymantecLiveUpdateLuCallbackProxy.exe

C:ProgramTrend MicroHijackThisCatha.exe

C:ProgramSymantecLiveUpdateLuCallbackProxy.exe

C:ProgramSymantecLiveUpdateLuCallbackProxy.exe

C:ProgramSymantecLiveUpdateLuCallbackProxy.exe

C:ProgramSymantecLiveUpdateLuCallbackProxy.exe

C:ProgramSymantecLiveUpdateLuCallbackProxy.exe

C:ProgramMessengermsmsgs.exe

R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Search Bar = http://dellsearchedit.myway.com/samisc/del...ebar.jhtml?p=EB

R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = https://upplandsbro.skola24.se/

R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www1.euro.dell.com/content/default....;l=sv&s=gen

R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Länkar

R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:ProgramMacrogamingSweetIMBarForIEtoolbar.dll

O2 - BHO: mxlivemedia browser enhancer - {15f1de2b-e547-f1d4-f82d-d5bfd4ee2e0e} - C:WINDOWSsystem32tuyrgsacxlt.dll (file missing)

O2 - BHO: (no name) - {4D25F921-B9FE-4682-BF72-8AB8210D6D75} - C:ProgramMyWaySASrchAsDedeSrcAs.dll (file missing)

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:ProgramJavajre1.6.0_05binssv.dll

O2 - BHO: Windows Live inloggningshjälpen - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:ProgramDelade filerMicrosoft SharedWindows LiveWindowsLiveLogin.dll

O2 - BHO: Norton Internet Security 2006 - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:ProgramDelade filerSymantec SharedAdBlockingNISShExt.dll

O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:ProgramNorton Internet SecurityNorton AntiVirusNavShExt.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:programgooglegoogletoolbar1.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:ProgramGoogleGoogleToolbarNotifier3.1.807.1746swg.dll

O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:ProgramWindows Live Toolbarmsntb.dll

O3 - Toolbar: Norton Internet Security 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:ProgramDelade filerSymantec SharedAdBlockingNISShExt.dll

O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:ProgramNorton Internet SecurityNorton AntiVirusNavShExt.dll

O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:ProgramMacrogamingSweetIMBarForIEtoolbar.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:programgooglegoogletoolbar1.dll

O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:ProgramWinamp Toolbarwinamptb.dll

O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:ProgramWindows Live Toolbarmsntb.dll

O4 - HKLM..Run: [symantec PIF AlertEng] "C:ProgramDelade filerSymantec SharedPIF{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}PIFSvc.exe" /a /m "C:ProgramDelade filerSymantec SharedPIF{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}AlertEng.dll"

O4 - HKLM..Run: [C:WINDOWSsystem32kdihl.exe] C:WINDOWSsystem32kdihl.exe

O4 - HKLM..Run: [Windows Updater] updater.com

O4 - HKLM..Run: [WinampAgent] C:ProgramWinampwianmpa.exe

O4 - HKLM..Run: [sweetIM] C:ProgramMacrogamingSweetIMSweetIM.exe

O4 - HKLM..Run: [sunJavaUpdateSched] "C:ProgramJavajre1.6.0_05binjusched.exe"

O4 - HKLM..Run: [spywarefighterguard] C:ProgramFightersspywarefighterSpywarefighterUser.exe

O4 - HKLM..Run: [QuickTime Task] "C:ProgramQuickTimeqttask.exe" -atboottime

O4 - HKLM..Run: [LXSUPMON] C:WINDOWSsystem32LXSUPMON.EXE RUN

O4 - HKLM..Run: [KernelFaultCheck] %systemroot%system32dumprep 0 -k

O4 - HKLM..Run: [igfxtray] C:WINDOWSsystem32igfxtray.exe

O4 - HKLM..Run: [igfxpers] C:WINDOWSsystem32igfxpers.exe

O4 - HKLM..Run: [igfxhkcmd] C:WINDOWSsystem32hkcmd.exe

O4 - HKLM..Run: [DVDLauncher] "C:ProgramCyberLinkPowerDVDDVDLauncher.exe"

O4 - HKLM..Run: [ccApp] "C:ProgramDelade filerSymantec SharedccApp.exe"

O4 - HKLM..Run: [Adobe Reader Speed Launcher] "C:ProgramAdobeReader 8.0ReaderReader_sl.exe"

O4 - HKCU..Run: [ctfmon.exe] C:WINDOWSsystem32ctfmon.exe

O4 - HKCU..Run: [WMPNSCFG] C:ProgramWindows Media PlayerWMPNSCFG.exe

O4 - HKCU..Run: [swg] C:ProgramGoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe

O4 - HKCU..Run: [MsnMsgr] "C:ProgramWindows LiveMessengermsnmsgr.exe" /background

O4 - HKCU..Run: [gStart] C:GarmingStart.exe

O4 - HKCU..Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:ProgramDelade filerAheadLibNMBgMonitor.exe"

O4 - HKUSS-1-5-19..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User 'LOKAL TJÄNST')

O4 - HKUSS-1-5-20..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUSS-1-5-18..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User 'SYSTEM')

O4 - HKUS.DEFAULT..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User 'Default user')

O7 - HKLMSoftwareMicrosoftWindowsCurrentVersionPoliciesSystem, DisableRegedit=1

O8 - Extra context menu item: &Winamp Toolbar Search - C:Documents and SettingsAll UsersApplication DataWinamp ToolbarieToolbarresourcesen-USlocalsearch.html

O8 - Extra context menu item: &Windows Live Search - res://C:ProgramWindows Live Toolbarmsntb.dll/search.htm

O8 - Extra context menu item: Add to AMV Converter... - C:ProgramMP3 Player Utilities 4.15AMVConvertergrab.html

O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:ProgramMICROS~2OFFICE11EXCEL.EXE/3000

O8 - Extra context menu item: MediaManager tool grab multimedia file - C:ProgramMP3 Player Utilities 4.15MediaManagergrab.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:ProgramJavajre1.6.0_05binssv.dll

O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:ProgramJavajre1.6.0_05binssv.dll

O9 - Extra button: Blogga detta - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:ProgramWindows LiveWriterWriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Blogga detta i Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:ProgramWindows LiveWriterWriterBrowserExtension.dll

O9 - Extra button: Referensinformation - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:ProgramMICROS~2OFFICE11REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:WINDOWSNetwork Diagnosticxpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:WINDOWSNetwork Diagnosticxpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:ProgramMessengermsmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:ProgramMessengermsmsgs.exe

O16 - DPF: {45A0A292-ECC6-4D8F-9EA9-A4BD411D24C1} (king.com) - http://www.king.com/ctl/kingcomie.cab

O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game12.zylom.com/activex/zylomgamesplayer.cab

O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab

O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab

O20 - AppInit_DLLs: bjxykt.dll

O20 - Winlogon Notify: wvukjbcb - wvUkJbcB.dll (file missing)

O23 - Service: Automatisk LiveUpdate-schemaläggare - Symantec Corporation - C:ProgramSymantecLiveUpdateALUSchedulerSvc.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:ProgramDelade filerSymantec SharedccEvtMgr.exe

O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:ProgramNorton Internet SecurityccPwdSvc.exe

O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:ProgramDelade filerSymantec SharedccProxy.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:ProgramDelade filerSymantec SharedccSetMgr.exe

O23 - Service: COM Host (comHost) - Symantec Corporation - C:ProgramNorton Internet SecuritycomHost.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:ProgramGoogleCommonGoogle UpdaterGoogleUpdaterService.exe

O23 - Service: Iap - Dell Inc - C:ProgramDellOpenManageClientIap.exe

O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:WINDOWSsystem32LEXBCES.EXE

O23 - Service: LiveUpdate - Symantec Corporation - C:ProgramSymantecLIVEUP~1LUCOMS~1.EXE

O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:ProgramDelade filerSymantec SharedPIF{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}PIFSvc.exe

O23 - Service: Norton AntiVirus Auto Protect-tjänst (navapsvc) - Symantec Corporation - C:ProgramNorton Internet SecurityNorton AntiVirusnavapsvc.exe

O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:ProgramIntelNCSSyncNetSvc.exe

O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:ProgramDelade filerSymantec SharedSecurity ConsoleNSCSRVCE.EXE

O23 - Service: PTK License-FIGHTERS-4665699 (ptk license-fighters-4665699) - SPAMfighter - C:ProgramFighterslicenseservice.exe

O23 - Service: PTK Live Update-FIGHTERS-4665699 (ptk live update-fighters-4665699) - SPAMfighter - C:ProgramFightersupdateservice.exe

O23 - Service: PTK Scanner-FIGHTERS-4665699 (ptk scanner-fighters-4665699) - SPAMfighter - C:ProgramFightersScannerService.exe

O23 - Service: PTK SharedAccess-FIGHTERS-4665699 (ptk sharedaccess-fighters-4665699) - SPAMfighter - C:ProgramFightersconfigservice.exe

O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:ProgramNorton Internet SecurityNorton AntiVirusSAVScan.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:ProgramDelade filerSymantec SharedSNDSrvc.exe

O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:ProgramDelade filerSymantec SharedSPBBCSPBBCSvc.exe

O23 - Service: Symantec Core LC - Unknown owner - C:ProgramDelade filerSymantec SharedCCPD-LCsymlcsvc.exe

O23 - Service: Symantec RemoteAssist - Symantec, Inc. - C:ProgramDelade filerSymantec SharedSupport Controlsssrc.exe

O24 - Desktop Component 0: (no name) - http://www.microsoft.com/windows/plus/imag...ish_150x106.jpg

--

End of file - 13280 bytes

Link to comment
Share on other sites

Hej StefanT!

Som jag misstänkte så finns där kvar otyg i systemet.

Jag saknar även loggan från Malwarebytes Anti-Malware som jag bad om. Kopiera in den hit så jag får ta en titt även på den.

MVH/Malou

Link to comment
Share on other sites

Hej

Här kommer den loggen. Tur att det finns folk som kan analysera  :) Fick dela den på två.....

//Stefan

Malwarebytes' Anti-Malware 1.30

Databasversion: 1375

Windows 5.1.2600 Service Pack 3

2008-11-09 18:34:58

mbam-log-2008-11-09 (18-34-58).txt

Skanningstyp: Fullständig skanning (C:|)

Antal skannade objekt: 203406

Förfluten tid: 2 hour(s), 40 minute(s), 36 second(s)

Infekterade minnesprocesser: 1

Infekterade minnesmoduler: 4

Infekterade registernycklar: 96

Infekterade registervärden: 10

Infekterade registerdataposter: 17

Infekterade mappar: 10

Infekterade filer: 163

Infekterade minnesprocesser:

C:WINDOWSservice.exe (Backdoor.Bot) -> Unloaded process successfully.

Infekterade minnesmoduler:

C:WINDOWSsystem32bYomLefg.dll (Trojan.Vundo.H) -> Delete on reboot.

C:WINDOWSsystem32bjxykt.dll (Trojan.Vundo) -> Delete on reboot.

C:WINDOWSsystem32ssqPjIxy.dll (Trojan.Vundo) -> Delete on reboot.

C:WINDOWSsystem32jhrxxbid.dll (Trojan.Vundo) -> Delete on reboot.

Infekterade registernycklar:

HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{79117664-7a50-429c-b3af-6cdf9e1886ce} (Trojan.Vundo.H) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogonNotifyqomeeulb (Trojan.Vundo.H) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOTCLSID{79117664-7a50-429c-b3af-6cdf9e1886ce} (Trojan.Vundo.H) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{9c81d128-4da9-46c9-91d7-efd68ca2c923} (Trojan.Vundo.H) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOTCLSID{9c81d128-4da9-46c9-91d7-efd68ca2c923} (Trojan.Vundo.H) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{deb85b3b-8afc-4567-bc39-46da44c17c61} (Trojan.Vundo.H) -> Delete on reboot.

HKEY_CLASSES_ROOTCLSID{deb85b3b-8afc-4567-bc39-46da44c17c61} (Trojan.Vundo.H) -> Delete on reboot.

HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{0005b3dd-a43d-432d-915b-1933d975e360} (Trojan.BHO.H) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOTCLSID{0005b3dd-a43d-432d-915b-1933d975e360} (Trojan.BHO.H) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{000b187f-d25f-4bef-8e7f-220666fb7830} (Trojan.BHO.H) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOTCLSID{000b187f-d25f-4bef-8e7f-220666fb7830} (Trojan.BHO.H) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{000b67ba-a43d-432d-915b-1933d975e360} (Trojan.BHO.H) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOTCLSID{000b67ba-a43d-432d-915b-1933d975e360} (Trojan.BHO.H) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{001630fe-d25f-4bef-8e7f-220666fb7830} (Trojan.BHO.H) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOTCLSID{001630fe-d25f-4bef-8e7f-220666fb7830} (Trojan.BHO.H) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{0016cf75-a43d-432d-915b-1933d975e360} (Trojan.BHO.H) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOTCLSID{0016cf75-a43d-432d-915b-1933d975e360} (Trojan.BHO.H) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{002c61fd-d25f-4bef-8e7f-220666fb7830} (Trojan.BHO.H) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOTCLSID{002c61fd-d25f-4bef-8e7f-220666fb7830} (Trojan.BHO.H) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{002d9eea-a43d-432d-915b-1933d975e360} (Trojan.BHO.H) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOTCLSID{002d9eea-a43d-432d-915b-1933d975e360} (Trojan.BHO.H) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{0058c3fb-d25f-4bef-8e7f-220666fb7830} (Trojan.BHO.H) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOTCLSID{0058c3fb-d25f-4bef-8e7f-220666fb7830} (Trojan.BHO.H) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{005b3dd4-a43d-432d-915b-1933d975e360} (Trojan.BHO.H) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOTCLSID{005b3dd4-a43d-432d-915b-1933d975e360} (Trojan.BHO.H) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{00b187f6-d25f-4bef-8e7f-220666fb7830} (Trojan.BHO.H) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOTCLSID{00b187f6-d25f-4bef-8e7f-220666fb7830} (Trojan.BHO.H) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{00b67ba9-a43d-432d-915b-1933d975e360} (Trojan.BHO.H) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOTCLSID{00b67ba9-a43d-432d-915b-1933d975e360} (Trojan.BHO.H) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{01630fed-d25f-4bef-8e7f-220666fb7830} (Trojan.BHO.H) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOTCLSID{01630fed-d25f-4bef-8e7f-220666fb7830} (Trojan.BHO.H) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{016cf752-a43d-432d-915b-1933d975e360} (Trojan.BHO.H) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOTCLSID{016cf752-a43d-432d-915b-1933d975e360} (Trojan.BHO.H) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{02c61fdb-d25f-4bef-8e7f-220666fb7830} (Trojan.BHO.H) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOTCLSID{02c61fdb-d25f-4bef-8e7f-220666fb7830} (Trojan.BHO.H) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{02d9eea5-a43d-432d-915b-1933d975e360} (Trojan.BHO.H) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOTCLSID{02d9eea5-a43d-432d-915b-1933d975e360} (Trojan.BHO.H) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{058c3fb7-d25f-4bef-8e7f-220666fb7830} (Trojan.BHO.H) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOTCLSID{058c3fb7-d25f-4bef-8e7f-220666fb7830} (Trojan.BHO.H) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{05b3dd4b-a43d-432d-915b-1933d975e360} (Trojan.BHO.H) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOTCLSID{05b3dd4b-a43d-432d-915b-1933d975e360} (Trojan.BHO.H) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{0b187f6f-d25f-4bef-8e7f-220666fb7830} (Trojan.BHO.H) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOTCLSID{0b187f6f-d25f-4bef-8e7f-220666fb7830} (Trojan.BHO.H) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{0b67ba96-a43d-432d-915b-1933d975e360} (Trojan.BHO.H) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOTCLSID{0b67ba96-a43d-432d-915b-1933d975e360} (Trojan.BHO.H) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{1630fede-d25f-4bef-8e7f-220666fb7830} (Trojan.BHO.H) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOTCLSID{1630fede-d25f-4bef-8e7f-220666fb7830} (Trojan.BHO.H) -> Quarantined and deleted successfully.

HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionExtStats{9c81d128-4da9-46c9-91d7-efd68ca2c923} (Trojan.Vundo) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOTCLSID{75abcf92-9764-4dfa-a83f-5142c3905052} (Trojan.Vundo) -> Delete on reboot.

HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionExtStats{75abcf92-9764-4dfa-a83f-5142c3905052} (Trojan.Vundo) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{75abcf92-9764-4dfa-a83f-5142c3905052} (Trojan.Vundo) -> Delete on reboot.

HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogonNotifyssqpjixy (Trojan.Vundo) -> Delete on reboot.

HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionExtStats{deb85b3b-8afc-4567-bc39-46da44c17c61} (Trojan.Vundo) -> Quarantined and deleted successfully.

HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionExtStats{0005b3dd-a43d-432d-915b-1933d975e360} (Trojan.Vundo) -> Quarantined and deleted successfully.

HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionExtStats{000b67ba-a43d-432d-915b-1933d975e360} (Trojan.Vundo) -> Quarantined and deleted successfully.

HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionExtStats{0016cf75-a43d-432d-915b-1933d975e360} (Trojan.Vundo) -> Quarantined and deleted successfully.

HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionExtStats{002d9eea-a43d-432d-915b-1933d975e360} (Trojan.Vundo) -> Quarantined and deleted successfully.

HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionExtStats{005b3dd4-a43d-432d-915b-1933d975e360} (Trojan.Vundo) -> Quarantined and deleted successfully.

HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionExtStats{00b67ba9-a43d-432d-915b-1933d975e360} (Trojan.Vundo) -> Quarantined and deleted successfully.

HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionExtStats{016cf752-a43d-432d-915b-1933d975e360} (Trojan.Vundo) -> Quarantined and deleted successfully.

HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionExtStats{02d9eea5-a43d-432d-915b-1933d975e360} (Trojan.Vundo) -> Quarantined and deleted successfully.

HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionExtStats{05b3dd4b-a43d-432d-915b-1933d975e360} (Trojan.Vundo) -> Quarantined and deleted successfully.

HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionExtStats{0b67ba96-a43d-432d-915b-1933d975e360} (Trojan.Vundo) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOTInterface{99ccfb8c-6380-4a14-8fdd-ef3e7e95335d} (Adware.Zango) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOTCLSID{460ac4db-b0de-4626-a0f0-175dd84dcb9b} (Adware.Hotbar) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOTCLSID{4d25f926-b9fe-4682-bf72-8ab8210d6d75} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionExtStats{4b18dd50-c996-44fc-ac52-0fecff82ed58} (Spyware.Hotbar) -> Quarantined and deleted successfully.

HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionExtStats{79117664-7a50-429c-b3af-6cdf9e1886ce} (Trojan.Vundo) -> Quarantined and deleted successfully.

HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionExtStats{90b5a95a-afd5-4d11-b9bd-a69d53d22226} (Adware.Hotbar) -> Quarantined and deleted successfully.

HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionExtStats{b64f4a7c-97c9-11da-8bde-f66bad1e3f3a} (Rogue.WinAntivirus) -> Quarantined and deleted successfully.

HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionExtStats{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CURRENT_USERSOFTWAREMicrosoftInstallerProducts568267acfc5644dab06f058006ddbae3 (Adware.Zango) -> Quarantined and deleted successfully.

HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionExtStats{000b187f-d25f-4bef-8e7f-220666fb7830} (Trojan.Vundo) -> Quarantined and deleted successfully.

HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionExtStats{001630fe-d25f-4bef-8e7f-220666fb7830} (Trojan.Vundo) -> Quarantined and deleted successfully.

HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionExtStats{002c61fd-d25f-4bef-8e7f-220666fb7830} (Trojan.Vundo) -> Quarantined and deleted successfully.

HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionExtStats{0058c3fb-d25f-4bef-8e7f-220666fb7830} (Trojan.Vundo) -> Quarantined and deleted successfully.

HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionExtStats{00b187f6-d25f-4bef-8e7f-220666fb7830} (Trojan.Vundo) -> Quarantined and deleted successfully.

HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionExtStats{01630fed-d25f-4bef-8e7f-220666fb7830} (Trojan.Vundo) -> Quarantined and deleted successfully.

HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionExtStats{02c61fdb-d25f-4bef-8e7f-220666fb7830} (Trojan.Vundo) -> Quarantined and deleted successfully.

HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionExtStats{058c3fb7-d25f-4bef-8e7f-220666fb7830} (Trojan.Vundo) -> Quarantined and deleted successfully.

HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionExtStats{0b187f6f-d25f-4bef-8e7f-220666fb7830} (Trojan.Vundo) -> Quarantined and deleted successfully.

HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionExtStats{1630fede-d25f-4bef-8e7f-220666fb7830} (Trojan.Vundo) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOTTypeLib{b0f1f251-79bd-4ac5-bdb6-383379e50cb3} (Adware.Hotbar) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOTCLSID{68354ad6-ac7e-4fe3-a19b-8f8e70ab4252} (Adware.Hotbar) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExtPreApproved{68354ad6-ac7e-4fe3-a19b-8f8e70ab4252} (Adware.Hotbar) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOTCLSID{d10c4db6-cb02-40f4-88ee-c0b64c02adfc} (Adware.Hotbar) -> Quarantined and deleted successfully.

HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionExtStats{d10c4db6-cb02-40f4-88ee-c0b64c02adfc} (Adware.Hotbar) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExtPreApproved{d10c4db6-cb02-40f4-88ee-c0b64c02adfc} (Adware.Hotbar) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOTsexvid (Trojan.DNSChanger) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINESOFTWAREMicrosoftSoftware Notifier (Rogue.Multiple) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINESOFTWAREMicrosoftMS Juan (Malware.Trace) -> Delete on reboot.

HKEY_LOCAL_MACHINESOFTWAREMicrosoftcontim (Trojan.Vundo) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINESOFTWAREMicrosoftMS Track System (Trojan.Vundo) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINESOFTWAREMicrosoftrdfa (Trojan.Vundo) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINESOFTWAREMicrosoftFCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINESOFTWAREMicrosoftRemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.

Infekterade registervärden:

HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRunmessenger service (Backdoor.Bot.H) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerShellExecuteHooks{75abcf92-9764-4dfa-a83f-5142c3905052} (Trojan.Vundo) -> Delete on reboot.

HKEY_CURRENT_USERSOFTWAREMicrosoftInternet ExplorerURLSearchHooks{4d25f926-b9fe-4682-bf72-8ab8210d6d75} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerShellExecuteHooks{79117664-7a50-429c-b3af-6cdf9e1886ce} (Trojan.Vundo) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRunlsmnvboumq (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRunlphc7d9j0egfn (Trojan.FakeAlert) -> Quarantined and deleted successfully.

HKEY_CURRENT_USERControl PanelDesktopwallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.

HKEY_CURRENT_USERControl PanelDesktoporiginalwallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.

HKEY_CURRENT_USERControl PanelDesktopconvertedwallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.

HKEY_CURRENT_USERControl PanelDesktopscrnsave.exe (Hijack.Wallpaper) -> Quarantined and deleted successfully.

Infekterade registerdataposter:

HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlLSANotification Packages (Trojan.Vundo.H) -> Data: c:windowssystem32byomlefg -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogonSystem (Rootkit.DNSChanger.H) -> Data: kdihl.exe -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlLSAAuthentication Packages (Trojan.Vundo) -> Data: c:windowssystem32byomlefg  -> Delete on reboot.

HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionPoliciesSystemNoDispBackgroundPage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionPoliciesSystemNoDispScrSavPage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesTcpipParametersDhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.83 192.168.0.1 -> Delete on reboot.

HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesTcpipParametersInterfaces{7ef5bb9b-24d6-4aa6-a938-6d497ebdca75}DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.83 192.168.0.1 -> Delete on reboot.

HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesTcpipParametersInterfaces{7ef5bb9b-24d6-4aa6-a938-6d497ebdca75}NameServer (Trojan.DNSChanger) -> Data: 85.255.112.74;85.255.112.191 -> Delete on reboot.

HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesTcpipParametersInterfaces{f5198715-f56e-4d20-a279-1a0fa879f9d2}NameServer (Trojan.DNSChanger) -> Data: 85.255.112.74;85.255.112.191 -> Delete on reboot.

HKEY_LOCAL_MACHINESYSTEMControlSet001ServicesTcpipParametersDhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.83 192.168.0.1 -> Delete on reboot.

HKEY_LOCAL_MACHINESYSTEMControlSet001ServicesTcpipParametersInterfaces{7ef5bb9b-24d6-4aa6-a938-6d497ebdca75}DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.83 192.168.0.1 -> Delete on reboot.

HKEY_LOCAL_MACHINESYSTEMControlSet001ServicesTcpipParametersInterfaces{7ef5bb9b-24d6-4aa6-a938-6d497ebdca75}NameServer (Trojan.DNSChanger) -> Data: 85.255.112.74;85.255.112.191 -> Delete on reboot.

HKEY_LOCAL_MACHINESYSTEMControlSet001ServicesTcpipParametersInterfaces{f5198715-f56e-4d20-a279-1a0fa879f9d2}NameServer (Trojan.DNSChanger) -> Data: 85.255.112.74;85.255.112.191 -> Delete on reboot.

HKEY_LOCAL_MACHINESYSTEMControlSet002ServicesTcpipParametersDhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.83 192.168.0.1 -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINESYSTEMControlSet002ServicesTcpipParametersInterfaces{7ef5bb9b-24d6-4aa6-a938-6d497ebdca75}DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.83 192.168.0.1 -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINESYSTEMControlSet002ServicesTcpipParametersInterfaces{7ef5bb9b-24d6-4aa6-a938-6d497ebdca75}NameServer (Trojan.DNSChanger) -> Data: 85.255.112.74;85.255.112.191 -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINESYSTEMControlSet002ServicesTcpipParametersInterfaces{f5198715-f56e-4d20-a279-1a0fa879f9d2}NameServer (Trojan.DNSChanger) -> Data: 85.255.112.74;85.255.112.191 -> Quarantined and deleted successfully.

Infekterade mappar:

C:ProgramHotbar (Adware.Hotbar) -> Delete on reboot.

C:ProgramHotbarbin (Adware.Hotbar) -> Delete on reboot.

C:ProgramHotbarbin10.0.356.0 (Adware.Hotbar) -> Delete on reboot.

C:ProgramHotbarbin10.0.356.0firefox (Adware.Hotbar) -> Delete on reboot.

C:ProgramHotbarbin10.0.356.0firefoxextensions (Adware.Hotbar) -> Delete on reboot.

C:ProgramHotbarbin10.0.356.0firefoxextensionscomponents (Adware.Hotbar) -> Quarantined and deleted successfully.

C:ProgramHotbarbin10.0.356.0firefoxextensionsplugins (Adware.Hotbar) -> Quarantined and deleted successfully.

C:ProgramMyWaySA (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:ProgramMyWaySASrchAsDe (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:Documents and SettingsAll UsersApplication Data2ACA5CC3-0F83-453D-A079-1076FE1A8B65 (Adware.Seekmo) -> Quarantined and deleted successfully.

Link to comment
Share on other sites

Här kommer #2.

/Stefan

Infekterade mappar:

C:ProgramHotbar (Adware.Hotbar) -> Delete on reboot.

C:ProgramHotbarbin (Adware.Hotbar) -> Delete on reboot.

C:ProgramHotbarbin10.0.356.0 (Adware.Hotbar) -> Delete on reboot.

C:ProgramHotbarbin10.0.356.0firefox (Adware.Hotbar) -> Delete on reboot.

C:ProgramHotbarbin10.0.356.0firefoxextensions (Adware.Hotbar) -> Delete on reboot.

C:ProgramHotbarbin10.0.356.0firefoxextensionscomponents (Adware.Hotbar) -> Quarantined and deleted successfully.

C:ProgramHotbarbin10.0.356.0firefoxextensionsplugins (Adware.Hotbar) -> Quarantined and deleted successfully.

C:ProgramMyWaySA (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:ProgramMyWaySASrchAsDe (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:Documents and SettingsAll UsersApplication Data2ACA5CC3-0F83-453D-A079-1076FE1A8B65 (Adware.Seekmo) -> Quarantined and deleted successfully.

Infekterade filer:

C:WINDOWSsystem32qoMeEULB.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.

C:WINDOWSsystem32bjxykt.dll (Trojan.Vundo.H) -> Delete on reboot.

C:WINDOWSsystem32bYomLefg.dll (Trojan.Vundo.H) -> Delete on reboot.

C:WINDOWSsystem32gfeLmoYb.ini (Trojan.Vundo.H) -> Delete on reboot.

C:WINDOWSsystem32gfeLmoYb.ini2 (Trojan.Vundo.H) -> Delete on reboot.

C:WINDOWSsystem32awtrQKbC.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.

C:WINDOWSsystem32CbKQrtwa.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.

C:WINDOWSsystem32CbKQrtwa.ini2 (Trojan.Vundo.H) -> Quarantined and deleted successfully.

C:WINDOWSsystem32cbXOFyww.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.

C:WINDOWSsystem32wwyFOXbc.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.

C:WINDOWSsystem32wwyFOXbc.ini2 (Trojan.Vundo.H) -> Quarantined and deleted successfully.

C:WINDOWSsystem32fqrfubek.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.

C:WINDOWSsystem32kebufrqf.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.

C:WINDOWSsystem32mwjstxpx.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.

C:WINDOWSsystem32xpxtsjwm.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.

C:WINDOWSsystem32nnnmlJYO.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.

C:WINDOWSsystem32OYJlmnnn.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.

C:WINDOWSsystem32OYJlmnnn.ini2 (Trojan.Vundo.H) -> Quarantined and deleted successfully.

C:WINDOWSsystem32occsyovx.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.

C:WINDOWSsystem32xvoyscco.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.

C:WINDOWSsystem32vhrmrbca.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.

C:WINDOWSsystem32acbrmrhv.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.

C:WINDOWSsystem32vtUnmLDt.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.

C:WINDOWSsystem32tDLmnUtv.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.

C:WINDOWSsystem32tDLmnUtv.ini2 (Trojan.Vundo.H) -> Quarantined and deleted successfully.

C:WINDOWSsystem32vtUollLE.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.

C:WINDOWSsystem32ELlloUtv.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.

C:WINDOWSsystem32ELlloUtv.ini2 (Trojan.Vundo.H) -> Quarantined and deleted successfully.

C:WINDOWSsystem32yayASLcY.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.

C:WINDOWSsystem32YcLSAyay.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.

C:WINDOWSsystem32YcLSAyay.ini2 (Trojan.Vundo.H) -> Quarantined and deleted successfully.

C:WINDOWSsystem32kdihl.exe (Rootkit.DNSChanger.H) -> Delete on reboot.

C:WINDOWSsystem32jhrxxbid.dll (Trojan.BHO.H) -> Delete on reboot.

C:WINDOWSsystem32qalrjiqr.dll (Trojan.BHO.H) -> Quarantined and deleted successfully.

C:WINDOWSservice.exe (Backdoor.Bot.H) -> Quarantined and deleted successfully.

C:WINDOWSsystem32ssqPjIxy.dll (Trojan.Vundo) -> Delete on reboot.

C:Documents and SettingsAmanda!!Lokala inställningarTemporary Internet FilesContent.IE57UFI2X7Sis167464[1].exe (Trojan.Vundo) -> Quarantined and deleted successfully.

C:Documents and SettingsAmanda!!Lokala inställningarTemporary Internet FilesContent.IE5FPDUU6OHcntr[1] (Trojan.Vundo) -> Quarantined and deleted successfully.

C:Documents and SettingsAmanda!!Lokala inställningarTemporary Internet FilesContent.IE5FPDUU6OHupd105320[1] (Trojan.Vundo.H) -> Quarantined and deleted successfully.

C:Documents and SettingsAmanda!!Lokala inställningarTemporary Internet FilesContent.IE5GPNKFIY5cntr[1] (Trojan.Vundo) -> Quarantined and deleted successfully.

C:Documents and SettingsAmanda!!Lokala inställningarTemporary Internet FilesContent.IE5HCWMVQL0nd82m0[1] (Trojan.Vundo) -> Quarantined and deleted successfully.

C:Documents and SettingsCatharina AndreeLokala inställningarTemporary Internet FilesContent.IE506W0DT7Jnd82m0[1] (Trojan.Vundo) -> Quarantined and deleted successfully.

C:Documents and SettingsCatharina AndreeLokala inställningarTemporary Internet FilesContent.IE56QZ03DZLnd82m0[1] (Trojan.Vundo) -> Quarantined and deleted successfully.

C:Documents and SettingsCatharina AndreeLokala inställningarTemporary Internet FilesContent.IE5JESHQ3PC23nq[1].dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:Documents and SettingsCatharina AndreeLokala inställningarTemporary Internet FilesContent.IE5JESHQ3PCupd105320[1] (Trojan.Vundo) -> Quarantined and deleted successfully.

C:Documents and SettingsCatharina AndreeLokala inställningarTemporary Internet FilesContent.IE5PJ8492RY23nq[1].dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:Documents and SettingsCatharina AndreeLokala inställningarTemporary Internet FilesContent.IE5QLZSRRF3upd105320[1] (Trojan.Vundo) -> Quarantined and deleted successfully.

C:Documents and SettingsCatharina AndreeLokala inställningarTemporary Internet FilesContent.IE5SUBC3Z30cntr[1] (Trojan.Vundo) -> Quarantined and deleted successfully.

C:Documents and SettingsCatharina AndreeLokala inställningarTemporary Internet FilesContent.IE5VZMF23KFis167464[1].exe (Trojan.Vundo) -> Quarantined and deleted successfully.

C:Documents and SettingsCatharina AndreeLokala inställningarTemporary Internet FilesContent.IE5X1NX9967cntr[1] (Trojan.Vundo) -> Quarantined and deleted successfully.

C:ProgramHotbarbin10.0.356.0dBenderC.dll (Adware.Hotbar) -> Quarantined and deleted successfully.

C:System Volume Information_restore{619781AC-CF96-4B2F-8E58-2353903809FC}(2)RP16A0010178.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:System Volume Information_restore{619781AC-CF96-4B2F-8E58-2353903809FC}(2)RP16A0010179.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:System Volume Information_restore{619781AC-CF96-4B2F-8E58-2353903809FC}(2)RP16A0010177.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:System Volume Information_restore{619781AC-CF96-4B2F-8E58-2353903809FC}(2)RP19A0014342.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:System Volume Information_restore{619781AC-CF96-4B2F-8E58-2353903809FC}(2)RP19A0014344.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:System Volume Information_restore{619781AC-CF96-4B2F-8E58-2353903809FC}(2)RP19A0014345.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:WINDOWSsystem32ahcwsckw.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:WINDOWSsystem32btqfyknu.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:WINDOWSsystem32byXNgebA.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:WINDOWSsystem32byXOfeDw.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:WINDOWSsystem32exuooywd.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:WINDOWSsystem32khfDsqPh.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:WINDOWSsystem32khfETlLf.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:WINDOWSsystem32kkwlbdod.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:WINDOWSsystem32lqedtogj.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:WINDOWSsystem32muqgytsb.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:WINDOWSsystem32nnnkKCSj.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:WINDOWSsystem32nnnnOedE.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:WINDOWSsystem32nnnoOiFx.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:WINDOWSsystem32rgtwulwc.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:WINDOWSsystem32uuajcumh.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:WINDOWSsystem32uwjpgiky.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:WINDOWSsystem32cnwiaecn.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:WINDOWSsystem32cocixh.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:WINDOWSsystem32geBqQJDV.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:WINDOWSsystem32geBrOEWo.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:WINDOWSsystem32geBtSKAT.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:WINDOWSsystem32geBuSMgE.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:WINDOWSsystem32lefbkioj.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:WINDOWSsystem32ndizin.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:WINDOWSsystem32opnnklMD.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:WINDOWSsystem32opnolmKa.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:WINDOWSsystem32opnomkhG.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:WINDOWSsystem32orqdserg.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:WINDOWSsystem32sbijjabr.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:WINDOWSsystem32ssqRIAqN.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:WINDOWSsystem32ssqRLFYo.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:WINDOWSsystem32tipoxyny.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:WINDOWSsystem32tucevsqs.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:WINDOWSsystem32mrwlplkq.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:WINDOWSsystem32gxtusv.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:WINDOWSsystem32hgGvuTJc.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:WINDOWSsystem32hgGvuULE.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:WINDOWSsystem32vtUkkkIY.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:WINDOWSsystem32qfmebh.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:WINDOWSsystem32qoMEVnoP.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:WINDOWSsystem32qoMffdEw.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:WINDOWSsystem32jkkKcYQj.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:WINDOWSsystem32avpommbl.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:WINDOWSsystem32awtrOhIc.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:WINDOWSsystem32awtturPg.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:WINDOWSsystem32mbhdtuup.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:WINDOWSsystem32mbmkyybl.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:WINDOWSsystem32wstyqwsw.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:WINDOWSsystem32wvcsxpll.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:WINDOWSsystem32xxyaabyx.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:WINDOWSsystem32yayvVOgH.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:WINDOWSsystem32ylmbtodl.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:WINDOWSsystem32ytjaxtbg.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:WINDOWSsystem32mlJArssr.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:WINDOWSsystem32mlJCRhhI.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:WINDOWSsystem32mltduhpq.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:WINDOWSsystem32jyfdogsm.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:WINDOWSsystem32ljJDUnmM.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:WINDOWSsystem32ljJDWMca.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:WINDOWSsystem32rkkwsgqf.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:WINDOWSsystem32rskxza.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:WINDOWSsystem32dcclggip.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:WINDOWSsystem32ddcAqNeb.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:WINDOWSsystem32fccddbAQ.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:WINDOWSsystem32flcrcb.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:WINDOWSsystem32eewiqrdt.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:WINDOWSsystem32efcBustQ.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:ProgramHotbarbin10.0.356.0arrow.ico (Adware.Hotbar) -> Quarantined and deleted successfully.

C:ProgramHotbarbin10.0.356.0copyright.txt (Adware.Hotbar) -> Quarantined and deleted successfully.

C:ProgramHotbarbin10.0.356.0HostOL.dll (Adware.Hotbar) -> Quarantined and deleted successfully.

C:ProgramHotbarbin10.0.356.0HotbarSAAX.dll (Adware.Hotbar) -> Quarantined and deleted successfully.

C:ProgramHotbarbin10.0.356.0link.ico (Adware.Hotbar) -> Quarantined and deleted successfully.

C:ProgramHotbarbin10.0.356.0Wallpaper.dll (Adware.Hotbar) -> Quarantined and deleted successfully.

C:ProgramHotbarbin10.0.356.0WeSkin.dll (Adware.Hotbar) -> Quarantined and deleted successfully.

C:ProgramHotbarbin10.0.356.0firefoxextensionsinstall.rdf (Adware.Hotbar) -> Quarantined and deleted successfully.

C:ProgramHotbarbin10.0.356.0firefoxextensionscomponentsnpclntax.xpt (Adware.Hotbar) -> Quarantined and deleted successfully.

C:WINDOWSsystem32mcrh.tmp (Malware.Trace) -> Quarantined and deleted successfully.

C:WINDOWSsystem32tuyrgsacxlt.dll (Trojan.Agent) -> Delete on reboot.

C:Documents and SettingsAmanda!!SkrivbordAntiSpywareExpert.lnk (Rogue.Antispyware) -> Quarantined and deleted successfully.

C:Documents and SettingsAmanda!!Application DataMicrosoftInternet ExplorerQuick LaunchAntiSpywareExpert.lnk (Rogue.Antispyware) -> Quarantined and deleted successfully.

C:Documents and SettingsCatharina AndreeLokala inställningarTemp.tt1.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.

C:Documents and SettingsCatharina AndreeLokala inställningarTemp.tt3.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.

C:Documents and SettingsAmanda!!Lokala inställningarTemp.tt1.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.

C:Documents and SettingsAmanda!!Lokala inställningarTemp.tt2.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.

C:Documents and SettingsAmanda!!Lokala inställningarTemp.tt3.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.

C:Documents and SettingsAmanda!!Lokala inställningarTemp.tt4.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.

C:Documents and SettingsAmanda!!Lokala inställningarTemp.tt6.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.

C:Documents and SettingsAmanda!!Lokala inställningarTemp.tt7.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.

C:Documents and SettingsAmanda!!Lokala inställningarTemp.tt8.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.

C:Documents and SettingsAmanda!!Lokala inställningarTemp.ttA.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.

C:Documents and SettingsAmanda!!Lokala inställningarTemp.ttB.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.

C:Documents and SettingsAmanda!!Lokala inställningarTemp.ttC.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.

C:Documents and SettingsAmanda!!Lokala inställningarTemp.ttE.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.

C:Documents and SettingsAmanda!!Lokala inställningarTemp.ttF.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.

C:Documents and SettingsAmanda!!Lokala inställningarTemp.tt1.tmp.vbs (Trojan.FakeAlert) -> Delete on reboot.

C:Documents and SettingsAmanda!!Lokala inställningarTemp.tt2.tmp.vbs (Trojan.FakeAlert) -> Delete on reboot.

C:Documents and SettingsAmanda!!Lokala inställningarTemp.tt4.tmp.vbs (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:WINDOWSTemptempo-7D.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:WINDOWSTemptempo-7D3.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:WINDOWSTemptempo-B7B.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:WINDOWSTemptempo-DAF.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:Documents and SettingsmatildaSkrivbordFree PC Wallpapers.lnk (Rogue.Link) -> Quarantined and deleted successfully.

C:Documents and SettingsamandaSkrivbordFree PC Wallpapers.lnk (Rogue.Link) -> Quarantined and deleted successfully.

C:Documents and SettingsmatildaSkrivbordRepair Your Registry.lnk (Rogue.Link) -> Quarantined and deleted successfully.

C:Documents and SettingsAmanda!!SkrivbordRepair Your Registry.lnk (Rogue.Link) -> Quarantined and deleted successfully.

C:Documents and SettingsamandaSkrivbordRepair Your Registry.lnk (Rogue.Link) -> Quarantined and deleted successfully.

Link to comment
Share on other sites

Hej StefanT!

Tack  ;)

Ja tyvärr så finns det inte så många svenska Spywarehunters som analyserar etc... Vi är bara några fåtal inom detta område.

Det står Delete on reboot bakom en hel del detaljer. Gör så här:

1: Starta om datorn

2: Uppdatera programmet (mycket viktigt)

3: Gör en ny scanning och låt den ta bort det som hittas

4: Kopiera in loggan du får upp

5: Gör en ny TM HJT-logga och kopiera in även den så går vi vidare utifrån dessa

MVH/Malou

Link to comment
Share on other sites

Hej

Har kört CCleaner emellan oxå. Det ser bättre och bättre ut i mitt tycke i alla fall.  --!!

//Stefan

Malwarebytes' Anti-Malware 1.30

Databasversion: 1375

Windows 5.1.2600 Service Pack 3

2008-11-10 17:29:54

mbam-log-2008-11-10 (17-29-54).txt

Skanningstyp: Fullständig skanning (C:|)

Antal skannade objekt: 183113

Förfluten tid: 1 hour(s), 28 minute(s), 41 second(s)

Infekterade minnesprocesser: 0

Infekterade minnesmoduler: 0

Infekterade registernycklar: 0

Infekterade registervärden: 0

Infekterade registerdataposter: 6

Infekterade mappar: 0

Infekterade filer: 0

Infekterade minnesprocesser:

(Inga illasinnade poster hittades)

Infekterade minnesmoduler:

(Inga illasinnade poster hittades)

Infekterade registernycklar:

(Inga illasinnade poster hittades)

Infekterade registervärden:

(Inga illasinnade poster hittades)

Infekterade registerdataposter:

HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesTcpipParametersDhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.83 192.168.0.1 -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesTcpipParametersInterfaces{7ef5bb9b-24d6-4aa6-a938-6d497ebdca75}DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.83 192.168.0.1 -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINESYSTEMControlSet001ServicesTcpipParametersDhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.83 192.168.0.1 -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINESYSTEMControlSet001ServicesTcpipParametersInterfaces{7ef5bb9b-24d6-4aa6-a938-6d497ebdca75}DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.83 192.168.0.1 -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINESYSTEMControlSet002ServicesTcpipParametersDhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.83 192.168.0.1 -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINESYSTEMControlSet002ServicesTcpipParametersInterfaces{7ef5bb9b-24d6-4aa6-a938-6d497ebdca75}DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.83 192.168.0.1 -> Quarantined and deleted successfully.

Infekterade mappar:

(Inga illasinnade poster hittades)

Infekterade filer:

(Inga illasinnade poster hittades)

Link to comment
Share on other sites

Här kommer nästa:

M.v.h

Stefan

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 18:08:05, on 2008-11-10

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16735)

Boot mode: Normal

Running processes:

C:WINDOWSSystem32smss.exe

C:WINDOWSsystem32winlogon.exe

C:WINDOWSsystem32services.exe

C:WINDOWSsystem32lsass.exe

C:WINDOWSsystem32svchost.exe

C:WINDOWSSystem32svchost.exe

C:ProgramDelade filerSymantec SharedccSetMgr.exe

C:ProgramDelade filerSymantec SharedccEvtMgr.exe

C:ProgramDelade filerSymantec SharedccProxy.exe

C:ProgramDelade filerSymantec SharedPIF{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}PIFSvc.exe

C:ProgramDelade filerSymantec SharedSNDSrvc.exe

C:ProgramDelade filerSymantec SharedSPBBCSPBBCSvc.exe

C:ProgramDelade filerSymantec SharedCCPD-LCsymlcsvc.exe

C:WINDOWSsystem32LEXBCES.EXE

C:WINDOWSsystem32LEXPPS.EXE

C:WINDOWSsystem32spoolsv.exe

C:ProgramSymantecLiveUpdateALUSchedulerSvc.exe

C:WINDOWSSystem32svchost.exe

C:ProgramDellOpenManageClientIap.exe

C:ProgramMicrosoft SQL ServerMSSQL$SPCSBinnsqlservr.exe

C:ProgramNorton Internet SecurityNorton AntiVirusnavapsvc.exe

C:WINDOWSsystem32svchost.exe

C:WINDOWSExplorer.EXE

C:ProgramMacrogamingSweetIMSweetIM.exe

C:ProgramJavajre1.6.0_05binjusched.exe

C:ProgramQuickTimeqttask.exe

C:WINDOWSsystem32LXSUPMON.EXE

C:WINDOWSsystem32igfxpers.exe

C:WINDOWSsystem32hkcmd.exe

C:ProgramCyberLinkPowerDVDDVDLauncher.exe

C:ProgramDelade filerSymantec SharedccApp.exe

C:WINDOWSsystem32ctfmon.exe

C:ProgramWindows Media PlayerWMPNSCFG.exe

C:ProgramGoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe

C:ProgramWindows LiveMessengermsnmsgr.exe

C:GarmingStart.exe

C:ProgramDelade filerSymantec SharedSecurity ConsoleNSCSRVCE.EXE

C:ProgramInternet Exploreriexplore.exe

C:ProgramDelade filerMicrosoft SharedWindows LiveWLLoginProxy.exe

C:ProgramMessengermsmsgs.exe

C:ProgramTrend MicroHijackThisCatha.exe

R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Search Bar = http://dellsearchedit.myway.com/samisc/del...ebar.jhtml?p=EB

R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = https://upplandsbro.skola24.se/

R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www1.euro.dell.com/content/default....;l=sv&s=gen

R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Länkar

R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:ProgramMacrogamingSweetIMBarForIEtoolbar.dll

O2 - BHO: mxlivemedia browser enhancer - {15f1de2b-e547-f1d4-f82d-d5bfd4ee2e0e} - C:WINDOWSsystem32tuyrgsacxlt.dll (file missing)

O2 - BHO: (no name) - {4D25F921-B9FE-4682-BF72-8AB8210D6D75} - C:ProgramMyWaySASrchAsDedeSrcAs.dll (file missing)

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:ProgramJavajre1.6.0_05binssv.dll

O2 - BHO: Windows Live inloggningshjälpen - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:ProgramDelade filerMicrosoft SharedWindows LiveWindowsLiveLogin.dll

O2 - BHO: Norton Internet Security 2006 - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:ProgramDelade filerSymantec SharedAdBlockingNISShExt.dll

O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:ProgramNorton Internet SecurityNorton AntiVirusNavShExt.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:programgooglegoogletoolbar1.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:ProgramGoogleGoogleToolbarNotifier3.1.807.1746swg.dll

O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:ProgramWindows Live Toolbarmsntb.dll

O3 - Toolbar: Norton Internet Security 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:ProgramDelade filerSymantec SharedAdBlockingNISShExt.dll

O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:ProgramNorton Internet SecurityNorton AntiVirusNavShExt.dll

O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:ProgramMacrogamingSweetIMBarForIEtoolbar.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:programgooglegoogletoolbar1.dll

O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:ProgramWinamp Toolbarwinamptb.dll

O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:ProgramWindows Live Toolbarmsntb.dll

O4 - HKLM..Run: [symantec PIF AlertEng] "C:ProgramDelade filerSymantec SharedPIF{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}PIFSvc.exe" /a /m "C:ProgramDelade filerSymantec SharedPIF{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}AlertEng.dll"

O4 - HKLM..Run: [C:WINDOWSsystem32kdihl.exe] C:WINDOWSsystem32kdihl.exe

O4 - HKLM..Run: [Windows Updater] updater.com

O4 - HKLM..Run: [WinampAgent] C:ProgramWinampwianmpa.exe

O4 - HKLM..Run: [sweetIM] C:ProgramMacrogamingSweetIMSweetIM.exe

O4 - HKLM..Run: [sunJavaUpdateSched] "C:ProgramJavajre1.6.0_05binjusched.exe"

O4 - HKLM..Run: [QuickTime Task] "C:ProgramQuickTimeqttask.exe" -atboottime

O4 - HKLM..Run: [LXSUPMON] C:WINDOWSsystem32LXSUPMON.EXE RUN

O4 - HKLM..Run: [KernelFaultCheck] %systemroot%system32dumprep 0 -k

O4 - HKLM..Run: [igfxtray] C:WINDOWSsystem32igfxtray.exe

O4 - HKLM..Run: [igfxpers] C:WINDOWSsystem32igfxpers.exe

O4 - HKLM..Run: [igfxhkcmd] C:WINDOWSsystem32hkcmd.exe

O4 - HKLM..Run: [DVDLauncher] "C:ProgramCyberLinkPowerDVDDVDLauncher.exe"

O4 - HKLM..Run: [ccApp] "C:ProgramDelade filerSymantec SharedccApp.exe"

O4 - HKLM..Run: [Adobe Reader Speed Launcher] "C:ProgramAdobeReader 8.0ReaderReader_sl.exe"

O4 - HKCU..Run: [ctfmon.exe] C:WINDOWSsystem32ctfmon.exe

O4 - HKCU..Run: [WMPNSCFG] C:ProgramWindows Media PlayerWMPNSCFG.exe

O4 - HKCU..Run: [swg] C:ProgramGoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe

O4 - HKCU..Run: [MsnMsgr] "C:ProgramWindows LiveMessengermsnmsgr.exe" /background

O4 - HKCU..Run: [gStart] C:GarmingStart.exe

O4 - HKCU..Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:ProgramDelade filerAheadLibNMBgMonitor.exe"

O4 - HKUSS-1-5-19..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User 'LOKAL TJÄNST')

O4 - HKUSS-1-5-20..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUSS-1-5-18..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User 'SYSTEM')

O4 - HKUS.DEFAULT..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User 'Default user')

O7 - HKLMSoftwareMicrosoftWindowsCurrentVersionPoliciesSystem, DisableRegedit=1

O8 - Extra context menu item: &Winamp Toolbar Search - C:Documents and SettingsAll UsersApplication DataWinamp ToolbarieToolbarresourcesen-USlocalsearch.html

O8 - Extra context menu item: &Windows Live Search - res://C:ProgramWindows Live Toolbarmsntb.dll/search.htm

O8 - Extra context menu item: Add to AMV Converter... - C:ProgramMP3 Player Utilities 4.15AMVConvertergrab.html

O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:ProgramMICROS~2OFFICE11EXCEL.EXE/3000

O8 - Extra context menu item: MediaManager tool grab multimedia file - C:ProgramMP3 Player Utilities 4.15MediaManagergrab.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:ProgramJavajre1.6.0_05binssv.dll

O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:ProgramJavajre1.6.0_05binssv.dll

O9 - Extra button: Blogga detta - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:ProgramWindows LiveWriterWriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Blogga detta i Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:ProgramWindows LiveWriterWriterBrowserExtension.dll

O9 - Extra button: Referensinformation - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:ProgramMICROS~2OFFICE11REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:WINDOWSNetwork Diagnosticxpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:WINDOWSNetwork Diagnosticxpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:ProgramMessengermsmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:ProgramMessengermsmsgs.exe

O16 - DPF: {45A0A292-ECC6-4D8F-9EA9-A4BD411D24C1} (king.com) - http://www.king.com/ctl/kingcomie.cab

O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game12.zylom.com/activex/zylomgamesplayer.cab

O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab

O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab

O20 - AppInit_DLLs: bjxykt.dll

O20 - Winlogon Notify: wvukjbcb - wvUkJbcB.dll (file missing)

O23 - Service: Automatisk LiveUpdate-schemaläggare - Symantec Corporation - C:ProgramSymantecLiveUpdateALUSchedulerSvc.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:ProgramDelade filerSymantec SharedccEvtMgr.exe

O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:ProgramNorton Internet SecurityccPwdSvc.exe

O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:ProgramDelade filerSymantec SharedccProxy.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:ProgramDelade filerSymantec SharedccSetMgr.exe

O23 - Service: COM Host (comHost) - Symantec Corporation - C:ProgramNorton Internet SecuritycomHost.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:ProgramGoogleCommonGoogle UpdaterGoogleUpdaterService.exe

O23 - Service: Iap - Dell Inc - C:ProgramDellOpenManageClientIap.exe

O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:WINDOWSsystem32LEXBCES.EXE

O23 - Service: LiveUpdate - Symantec Corporation - C:ProgramSymantecLIVEUP~1LUCOMS~1.EXE

O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:ProgramDelade filerSymantec SharedPIF{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}PIFSvc.exe

O23 - Service: Norton AntiVirus Auto Protect-tjänst (navapsvc) - Symantec Corporation - C:ProgramNorton Internet SecurityNorton AntiVirusnavapsvc.exe

O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:ProgramIntelNCSSyncNetSvc.exe

O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:ProgramDelade filerSymantec SharedSecurity ConsoleNSCSRVCE.EXE

O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:ProgramNorton Internet SecurityNorton AntiVirusSAVScan.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:ProgramDelade filerSymantec SharedSNDSrvc.exe

O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:ProgramDelade filerSymantec SharedSPBBCSPBBCSvc.exe

O23 - Service: Symantec Core LC - Unknown owner - C:ProgramDelade filerSymantec SharedCCPD-LCsymlcsvc.exe

O23 - Service: Symantec RemoteAssist - Symantec, Inc. - C:ProgramDelade filerSymantec SharedSupport Controlsssrc.exe

O24 - Desktop Component 0: (no name) - http://www.microsoft.com/windows/plus/imag...ish_150x106.jpg

--

End of file - 12055 bytes

Link to comment
Share on other sites

Hej StefanT!

Ser mycket bättre ut  ;) Men det återstår en del procedurer att göra då där fortfarande finns otyg i systemet och som då Malwarebytes' Anti-Malware inte rår på.

Hämta hem ComboFix från nedanstående länk:

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

1: Spara ComboFix till skrivbordet:

OBS:

Dra ur Internetanslutningen => stäng av/avaktivera antivirusprogram/antispionprogram.

Gå nu vidare med nedanstående:.

1: Dubbelklicka på ComboFix för att starta den

2: Följ anvisningarna som visas på skärmen.

3: När den är färdig så skall en text-logg komma upp, kopiera och klistra in den här

Kan även hittas här => (C:ComboFix.txt)

4: Gör en ny TM HJT-logg, kopiera även in den.

VIKTIGT! Klicka INTE på Combofix-fönstret med musen när den körs annars kan den hänga upp sig.

OBS:

Kontrollera att antivirusprogram/antispionprogram mm är återaktiverade innan du ansluter till Internet.

OBSERVERA:

Verktyget/Programmet kan ge problem med uppkopplingen (tex trådlös).

Om problem uppstår prova då nedanstående.

Gå till => Kontrollpanelen => Nätverksanslutningar => högerklicka på din Internetanslutning => välj Reparera

ELLER

Starta om datorn.

VARNING!:

ComboFix förhindrar automatisk körning av CD, disketter och USB-enheter för att göra det lättare att rensa datorn. Det kan bli problem t ex om du har internet via ett USB-modem eller USB-nätverkskort. Säg då till i stället för att köra ComboFix.

MVH/Malou

Link to comment
Share on other sites

Hej igen StefanT!

Är nedanstående program något som du själv har installerat?

C:ProgramMacrogaming

C:ProgramMyWaySA

SweetIM

Är det du själv som har lagt den här som skrivbordsbakgrund och vill att den startar upp samtidigt med att datorn startar?

O24 - Desktop Component 0: (no name) - http://www.microsoft.com/windows/plus/imag...ish_150x106.jpg

MVH/Malou

Link to comment
Share on other sites

Hej Malou

Det är mest barnen som använder datorn. Så om det är avsiktligt eller inte som MyWaySA och Macrogaming är installerat vet jag inte, men det är inget som vi kommer sakna om man ska ta bort dessa. Detsamma är det med bakgrundsbilden. Tyckte att Combofix verkade ta bort en del filer i  MyWaySA när det kördes i alla fall. Bifogar senaste loggfilerna.

Ha en bra dag

//Stefan

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 10:16:39, on 2008-11-11

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16735)

Boot mode: Normal

Running processes:

C:WINDOWSSystem32smss.exe

C:WINDOWSsystem32winlogon.exe

C:WINDOWSsystem32services.exe

C:WINDOWSsystem32lsass.exe

C:WINDOWSsystem32svchost.exe

C:WINDOWSSystem32svchost.exe

C:ProgramDelade filerSymantec SharedccSetMgr.exe

C:ProgramDelade filerSymantec SharedccEvtMgr.exe

C:ProgramDelade filerSymantec SharedccProxy.exe

C:ProgramDelade filerSymantec SharedPIF{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}PIFSvc.exe

C:ProgramDelade filerSymantec SharedSNDSrvc.exe

C:ProgramDelade filerSymantec SharedSPBBCSPBBCSvc.exe

C:ProgramDelade filerSymantec SharedCCPD-LCsymlcsvc.exe

C:WINDOWSsystem32LEXBCES.EXE

C:WINDOWSsystem32LEXPPS.EXE

C:WINDOWSsystem32spoolsv.exe

C:ProgramSymantecLiveUpdateALUSchedulerSvc.exe

C:WINDOWSSystem32svchost.exe

C:ProgramDellOpenManageClientIap.exe

C:ProgramMicrosoft SQL ServerMSSQL$SPCSBinnsqlservr.exe

C:ProgramNorton Internet SecurityNorton AntiVirusnavapsvc.exe

C:WINDOWSsystem32svchost.exe

C:WINDOWSExplorer.EXE

C:ProgramMacrogamingSweetIMSweetIM.exe

C:ProgramJavajre1.6.0_05binjusched.exe

C:ProgramQuickTimeqttask.exe

C:WINDOWSsystem32LXSUPMON.EXE

C:WINDOWSsystem32igfxpers.exe

C:WINDOWSsystem32hkcmd.exe

C:ProgramCyberLinkPowerDVDDVDLauncher.exe

C:ProgramDelade filerSymantec SharedccApp.exe

C:WINDOWSsystem32ctfmon.exe

C:ProgramWindows Media PlayerWMPNSCFG.exe

C:ProgramGoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe

C:GarmingStart.exe

C:ProgramWindows LiveMessengermsnmsgr.exe

C:ProgramDelade filerSymantec SharedSecurity ConsoleNSCSRVCE.EXE

C:ProgramInternet ExplorerIEXPLORE.EXE

C:ProgramDelade filerMicrosoft SharedWindows LiveWLLoginProxy.exe

C:ProgramMessengermsmsgs.exe

C:ProgramTrend MicroHijackThisCatha.exe

R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = https://upplandsbro.skola24.se/

R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www1.euro.dell.com/content/default....;l=sv&s=gen

R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Länkar

R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:ProgramMacrogamingSweetIMBarForIEtoolbar.dll

O2 - BHO: (no name) - {4D25F921-B9FE-4682-BF72-8AB8210D6D75} - C:ProgramMyWaySASrchAsDedeSrcAs.dll (file missing)

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:ProgramJavajre1.6.0_05binssv.dll

O2 - BHO: Windows Live inloggningshjälpen - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:ProgramDelade filerMicrosoft SharedWindows LiveWindowsLiveLogin.dll

O2 - BHO: Norton Internet Security 2006 - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:ProgramDelade filerSymantec SharedAdBlockingNISShExt.dll

O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:ProgramNorton Internet SecurityNorton AntiVirusNavShExt.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:programgooglegoogletoolbar1.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:ProgramGoogleGoogleToolbarNotifier3.1.807.1746swg.dll

O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:ProgramWindows Live Toolbarmsntb.dll

O3 - Toolbar: Norton Internet Security 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:ProgramDelade filerSymantec SharedAdBlockingNISShExt.dll

O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:ProgramNorton Internet SecurityNorton AntiVirusNavShExt.dll

O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:ProgramMacrogamingSweetIMBarForIEtoolbar.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:programgooglegoogletoolbar1.dll

O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:ProgramWinamp Toolbarwinamptb.dll

O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:ProgramWindows Live Toolbarmsntb.dll

O4 - HKLM..Run: [symantec PIF AlertEng] "C:ProgramDelade filerSymantec SharedPIF{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}PIFSvc.exe" /a /m "C:ProgramDelade filerSymantec SharedPIF{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}AlertEng.dll"

O4 - HKLM..Run: [sweetIM] C:ProgramMacrogamingSweetIMSweetIM.exe

O4 - HKLM..Run: [sunJavaUpdateSched] "C:ProgramJavajre1.6.0_05binjusched.exe"

O4 - HKLM..Run: [QuickTime Task] "C:ProgramQuickTimeqttask.exe" -atboottime

O4 - HKLM..Run: [LXSUPMON] C:WINDOWSsystem32LXSUPMON.EXE RUN

O4 - HKLM..Run: [igfxtray] C:WINDOWSsystem32igfxtray.exe

O4 - HKLM..Run: [igfxpers] C:WINDOWSsystem32igfxpers.exe

O4 - HKLM..Run: [igfxhkcmd] C:WINDOWSsystem32hkcmd.exe

O4 - HKLM..Run: [DVDLauncher] "C:ProgramCyberLinkPowerDVDDVDLauncher.exe"

O4 - HKLM..Run: [ccApp] "C:ProgramDelade filerSymantec SharedccApp.exe"

O4 - HKLM..Run: [Adobe Reader Speed Launcher] "C:ProgramAdobeReader 8.0ReaderReader_sl.exe"

O4 - HKCU..Run: [ctfmon.exe] C:WINDOWSsystem32ctfmon.exe

O4 - HKCU..Run: [WMPNSCFG] C:ProgramWindows Media PlayerWMPNSCFG.exe

O4 - HKCU..Run: [swg] C:ProgramGoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe

O4 - HKCU..Run: [MsnMsgr] "C:ProgramWindows LiveMessengermsnmsgr.exe" /background

O4 - HKCU..Run: [gStart] C:GarmingStart.exe

O4 - HKUSS-1-5-19..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User 'LOKAL TJÄNST')

O4 - HKUSS-1-5-20..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUSS-1-5-18..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User 'SYSTEM')

O4 - HKUS.DEFAULT..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User 'Default user')

O8 - Extra context menu item: &Winamp Toolbar Search - C:Documents and SettingsAll UsersApplication DataWinamp ToolbarieToolbarresourcesen-USlocalsearch.html

O8 - Extra context menu item: &Windows Live Search - res://C:ProgramWindows Live Toolbarmsntb.dll/search.htm

O8 - Extra context menu item: Add to AMV Converter... - C:ProgramMP3 Player Utilities 4.15AMVConvertergrab.html

O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:ProgramMICROS~2OFFICE11EXCEL.EXE/3000

O8 - Extra context menu item: MediaManager tool grab multimedia file - C:ProgramMP3 Player Utilities 4.15MediaManagergrab.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:ProgramJavajre1.6.0_05binssv.dll

O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:ProgramJavajre1.6.0_05binssv.dll

O9 - Extra button: Blogga detta - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:ProgramWindows LiveWriterWriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Blogga detta i Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:ProgramWindows LiveWriterWriterBrowserExtension.dll

O9 - Extra button: Referensinformation - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:ProgramMICROS~2OFFICE11REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:ProgramMessengermsmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:ProgramMessengermsmsgs.exe

O16 - DPF: {45A0A292-ECC6-4D8F-9EA9-A4BD411D24C1} (king.com) - http://www.king.com/ctl/kingcomie.cab

O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game12.zylom.com/activex/zylomgamesplayer.cab

O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab

O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab

O20 - AppInit_DLLs: bjxykt.dll

O23 - Service: Automatisk LiveUpdate-schemaläggare - Symantec Corporation - C:ProgramSymantecLiveUpdateALUSchedulerSvc.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:ProgramDelade filerSymantec SharedccEvtMgr.exe

O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:ProgramNorton Internet SecurityccPwdSvc.exe

O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:ProgramDelade filerSymantec SharedccProxy.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:ProgramDelade filerSymantec SharedccSetMgr.exe

O23 - Service: COM Host (comHost) - Symantec Corporation - C:ProgramNorton Internet SecuritycomHost.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:ProgramGoogleCommonGoogle UpdaterGoogleUpdaterService.exe

O23 - Service: Iap - Dell Inc - C:ProgramDellOpenManageClientIap.exe

O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:WINDOWSsystem32LEXBCES.EXE

O23 - Service: LiveUpdate - Symantec Corporation - C:ProgramSymantecLIVEUP~1LUCOMS~1.EXE

O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:ProgramDelade filerSymantec SharedPIF{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}PIFSvc.exe

O23 - Service: Norton AntiVirus Auto Protect-tjänst (navapsvc) - Symantec Corporation - C:ProgramNorton Internet SecurityNorton AntiVirusnavapsvc.exe

O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:ProgramIntelNCSSyncNetSvc.exe

O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:ProgramDelade filerSymantec SharedSecurity ConsoleNSCSRVCE.EXE

O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:ProgramNorton Internet SecurityNorton AntiVirusSAVScan.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:ProgramDelade filerSymantec SharedSNDSrvc.exe

O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:ProgramDelade filerSymantec SharedSPBBCSPBBCSvc.exe

O23 - Service: Symantec Core LC - Unknown owner - C:ProgramDelade filerSymantec SharedCCPD-LCsymlcsvc.exe

O23 - Service: Symantec RemoteAssist - Symantec, Inc. - C:ProgramDelade filerSymantec SharedSupport Controlsssrc.exe

O24 - Desktop Component 0: (no name) - http://www.microsoft.com/windows/plus/imag...ish_150x106.jpg

--

End of file - 11000 bytes

Link to comment
Share on other sites

ComboFix 08-11-09.04 - Catharina Andree 2008-11-10 19:18:42.1 - NTFSx86

Microsoft Windows XP Home Edition  5.1.2600.3.1252.1.1053.18.214 [GMT 1:00]

Running from: c:documents and settingsCatharina AndreeSkrivbordComboFix.exe

* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:documents and settingsAll UsersApplication DataHotbarSA

c:documents and settingsAll UsersApplication DataHotbarSAHotbarSA.dat

c:documents and settingsAll UsersApplication DataHotbarSAHotbarSA_kyf.dat

c:documents and settingsAll UsersApplication DataHotbarSAHotbarSAAbout.mht

c:documents and settingsAll UsersApplication DataHotbarSAHotbarSAau.dat

c:documents and settingsAll UsersApplication DataHotbarSAHotbarSAEULA.mht

c:documents and settingsAll UsersStart-menyProgramHotbar

c:documents and settingsAll UsersStart-menyProgramHotbarAbout Hotbar.lnk

c:documents and settingsAll UsersStart-menyProgramHotbarHotbar Customer Support Center.lnk

c:documents and settingsAll UsersStart-menyProgramHotbarReset Cursor.lnk

c:documents and settingsAll UsersStart-menyProgramHotbarUninstall Hotbar.lnk

c:documents and settingsCatharina AndreeApplication DataHbTools

c:documents and settingsCatharina AndreeApplication DataHbTools(2)

c:documents and settingsCatharina AndreeApplication DataHbTools(2)HbTools.log

c:documents and settingsCatharina AndreeApplication DataHbTools(2)v3(2).0HbTools(2)dynamic(2)279882.sdf

c:documents and settingsCatharina AndreeApplication DataHbTools(2)v3(2).0HbTools(2)dynamic(2)TooltipXML29115

c:documents and settingsCatharina AndreeApplication DataHbTools(2)v3(2).0HbTools(2)dynamic(2)TooltipXML39280

c:documents and settingsCatharina AndreeApplication DataHbTools(2)v3(2).0HbTools(2)dynamic(2)TooltipXML44228

c:documents and settingsCatharina AndreeApplication DataHbTools(2)v3(2).0HbTools(2)dynamic(2)TooltipXML618304

c:documents and settingsCatharina AndreeApplication DataHbTools(2)v3(2).0HbTools(2)dynamic(2)TooltipXML706496

c:documents and settingsCatharina AndreeApplication DataHbTools(2)v3(2).0HbTools(2)dynamic(2)TooltipXML706539

c:documents and settingsCatharina AndreeApplication DataHbToolsHbTools.log

c:documents and settingsCatharina AndreeApplication DataHbToolsv3.0hbtoolsdynamic1.sdf

c:documents and settingsCatharina AndreeApplication DataHbToolsv3.0hbtoolsstatic1ads.cdf

c:documents and settingsCatharina AndreeApplication DataHbToolsv3.0hbtoolsstatic1btntrans.idx

c:documents and settingsCatharina AndreeApplication DataHbToolsv3.0hbtoolsstatic1btntrans1.dat

c:documents and settingsCatharina AndreeApplication DataHbToolsv3.0hbtoolsstatic1business_promo.htm

c:documents and settingsCatharina AndreeApplication DataHbToolsv3.0hbtoolsstatic1buttondir.txt

c:documents and settingsCatharina AndreeApplication DataHbToolsv3.0hbtoolsstatic1components.cdf

c:documents and settingsCatharina AndreeApplication DataHbToolsv3.0hbtoolsstatic1cursors.res

c:documents and settingsCatharina AndreeApplication DataHbToolsv3.0hbtoolsstatic1d_icons_buttons_1000.res

c:documents and settingsCatharina AndreeApplication DataHbToolsv3.0hbtoolsstatic1d_icons_buttons_2000.res

c:documents and settingsCatharina AndreeApplication DataHbToolsv3.0hbtoolsstatic1d_icons_buttons_3000.res

c:documents and settingsCatharina AndreeApplication DataHbToolsv3.0hbtoolsstatic1d_icons_buttons_bar.res

c:documents and settingsCatharina AndreeApplication DataHbToolsv3.0hbtoolsstatic1d_icons_buttons_bbar1.res

c:documents and settingsCatharina AndreeApplication DataHbToolsv3.0hbtoolsstatic1d_icons_buttons_logos.res

c:documents and settingsCatharina AndreeApplication DataHbToolsv3.0hbtoolsstatic1d_icons_buttons_other.res

c:documents and settingsCatharina AndreeApplication DataHbToolsv3.0hbtoolsstatic1d_icons_weather.res

c:documents and settingsCatharina AndreeApplication DataHbToolsv3.0hbtoolsstatic1default.cdf

c:documents and settingsCatharina AndreeApplication DataHbToolsv3.0hbtoolsstatic1Default_511745-514279.mnu

c:documents and settingsCatharina AndreeApplication DataHbToolsv3.0hbtoolsstatic1Default_bidz.mnu

c:documents and settingsCatharina AndreeApplication DataHbToolsv3.0hbtoolsstatic1Default_bidz1.mnu

c:documents and settingsCatharina AndreeApplication DataHbToolsv3.0hbtoolsstatic1Default_bidz10.mnu

c:documents and settingsCatharina AndreeApplication DataHbToolsv3.0hbtoolsstatic1Default_bidz11.mnu

c:documents and settingsCatharina AndreeApplication DataHbToolsv3.0hbtoolsstatic1Default_bidz12.mnu

c:documents and settingsCatharina AndreeApplication DataHbToolsv3.0hbtoolsstatic1Default_bidz13.mnu

c:documents and settingsCatharina AndreeApplication DataHbToolsv3.0hbtoolsstatic1Default_bidz14.mnu

c:documents and settingsCatharina AndreeApplication DataHbToolsv3.0hbtoolsstatic1Default_bidz15.mnu

c:documents and settingsCatharina AndreeApplication DataHbToolsv3.0hbtoolsstatic1Default_bidz16.mnu

c:documents and settingsCatharina AndreeApplication DataHbToolsv3.0hbtoolsstatic1Default_bidz17.mnu

c:documents and settingsCatharina AndreeApplication DataHbToolsv3.0hbtoolsstatic1Default_bidz18.mnu

c:documents and settingsCatharina AndreeApplication DataHbToolsv3.0hbtoolsstatic1Default_bidz19.mnu

c:documents and settingsCatharina AndreeApplication DataHbToolsv3.0hbtoolsstatic1Default_bidz2.mnu

c:documents and settingsCatharina AndreeApplication DataHbToolsv3.0hbtoolsstatic1Default_bidz20.mnu

c:documents and settingsCatharina AndreeApplication DataHbToolsv3.0hbtoolsstatic1Default_bidz3.mnu

c:documents and settingsCatharina AndreeApplication DataHbToolsv3.0hbtoolsstatic1Default_bidz4.mnu

c:documents and settingsCatharina AndreeApplication DataHbToolsv3.0hbtoolsstatic1Default_bidz5.mnu

c:documents and settingsCatharina AndreeApplication DataHbToolsv3.0hbtoolsstatic1Default_bidz6.mnu

c:documents and settingsCatharina AndreeApplication DataHbToolsv3.0hbtoolsstatic1Default_bidz7.mnu

c:documents and settingsCatharina AndreeApplication DataHbToolsv3.0hbtoolsstatic1Default_bidz8.mnu

c:documents and settingsCatharina AndreeApplication DataHbToolsv3.0hbtoolsstatic1Default_bidz9.mnu

c:documents and settingsCatharina AndreeApplication DataHbToolsv3.0hbtoolsstatic1Default_categorize.mnu

c:documents and settingsCatharina AndreeApplication DataHbToolsv3.0hbtoolsstatic1Default_comparison.mnu

c:documents and settingsCatharina AndreeApplication DataHbToolsv3.0hbtoolsstatic1Default_em_PROFL_CA_flow_b_IEB.mnu

c:documents and settingsCatharina AndreeApplication DataHbToolsv3.0hbtoolsstatic1Default_explorer-Mails.mnu

c:documents and settingsCatharina AndreeApplication DataHbToolsv3.0hbtoolsstatic1Default_explorer-people.mnu

c:documents and settingsCatharina AndreeApplication DataHbToolsv3.0hbtoolsstatic1Default_favorites.mnu

c:documents and settingsCatharina AndreeApplication DataHbToolsv3.0hbtoolsstatic1Default_Games.mnu

c:documents and settingsCatharina AndreeApplication DataHbToolsv3.0hbtoolsstatic1Default_Hide.mnu

c:documents and settingsCatharina AndreeApplication DataHbToolsv3.0hbtoolsstatic1Default_hotbarcom.mnu

c:documents and settingsCatharina AndreeApplication DataHbToolsv3.0hbtoolsstatic1Default_Hotmail.mnu

c:documents and settingsCatharina AndreeApplication DataHbToolsv3.0hbtoolsstatic1Default_hsskin.mnu

c:documents and settingsCatharina AndreeApplication DataHbToolsv3.0hbtoolsstatic1Default_jemster.mnu

c:documents and settingsCatharina AndreeApplication DataHbToolsv3.0hbtoolsstatic1Default_jemsterie.mnu

c:documents and settingsCatharina AndreeApplication DataHbToolsv3.0hbtoolsstatic1Default_jemsteruk.mnu

c:documents and settingsCatharina AndreeApplication DataHbToolsv3.0hbtoolsstatic1Default_jobsearch.mnu

c:documents and settingsCatharina AndreeApplication DataHbToolsv3.0hbtoolsstatic1Default_Mails.mnu

c:documents and settingsCatharina AndreeApplication DataHbToolsv3.0hbtoolsstatic1Default_new.mnu

c:documents and settingsCatharina AndreeApplication DataHbToolsv3.0hbtoolsstatic1Default_premium.mnu

c:documents and settingsCatharina AndreeApplication DataHbToolsv3.0hbtoolsstatic1Default_reun.mnu

c:documents and settingsCatharina AndreeApplication DataHbToolsv3.0hbtoolsstatic1Default_ringtones.mnu

c:documents and settingsCatharina AndreeApplication DataHbToolsv3.0hbtoolsstatic1Default_SearchBoxTrapper.mnu

c:documents and settingsCatharina AndreeApplication DataHbToolsv3.0hbtoolsstatic1Default_searchfor.mnu

c:documents and settingsCatharina AndreeApplication DataHbToolsv3.0hbtoolsstatic1Default_searchgo.mnu

c:documents and settingsCatharina AndreeApplication DataHbToolsv3.0hbtoolsstatic1Default_weather.mnu

c:documents and settingsCatharina AndreeApplication DataHbToolsv3.0hbtoolsstatic1Default_yellowpages.mnu

c:documents and settingsCatharina AndreeApplication DataHbToolsv3.0hbtoolsstatic1email-def-511724-548964.mnu

c:documents and settingsCatharina AndreeApplication DataHbToolsv3.0hbtoolsstatic1email-def-511724-9595.mnu

c:documents and settingsCatharina AndreeApplication DataHbToolsv3.0hbtoolsstatic1email-t1-bg.res

c:documents and settingsCatharina AndreeApplication DataHbToolsv3.0hbtoolsstatic1gamesmenu.cdf

c:documents and settingsCatharina AndreeApplication DataHbToolsv3.0hbtoolsstatic1gamesMenu.mnu

c:documents and settingsCatharina AndreeApplication DataHbToolsv3.0hbtoolsstatic1hb_ie_menu.res

c:documents and settingsCatharina AndreeApplication DataHbToolsv3.0hbtoolsstatic1hotbar-premium-hotbar-premium.mnu

c:documents and settingsCatharina AndreeApplication DataHbToolsv3.0hbtoolsstatic1hotbar-premium.cdf

c:documents and settingsCatharina AndreeApplication DataHbToolsv3.0hbtoolsstatic1hotbar_promo.htm

c:documents and settingsCatharina AndreeApplication DataHbToolsv3.0hbtoolsstatic1icons2.res

c:documents and settingsCatharina AndreeApplication DataHbToolsv3.0hbtoolsstatic1ie_games_icon.res

c:documents and settingsCatharina AndreeApplication DataHbToolsv3.0hbtoolsstatic1ie_video.res

c:documents and settingsCatharina AndreeApplication DataHbToolsv3.0hbtoolsstatic1keywords.idx

c:documents and settingsCatharina AndreeApplication DataHbToolsv3.0hbtoolsstatic1keywords1.dat

c:documents and settingsCatharina AndreeApplication DataHbToolsv3.0hbtoolsstatic1layout.cdf

c:documents and settingsCatharina AndreeApplication DataHbToolsv3.0hbtoolsstatic1linkpathlegal.txt

c:documents and settingsCatharina AndreeApplication DataHbToolsv3.0hbtoolsstatic1more.res

c:documents and settingsCatharina AndreeApplication DataHbToolsv3.0hbtoolsstatic1new_games.mnu

c:documents and settingsCatharina AndreeApplication DataHbToolsv3.0hbtoolsstatic1progress.res

c:documents and settingsCatharina AndreeApplication DataHbToolsv3.0hbtoolsstatic1s_icons_buttons.res

c:documents and settingsCatharina AndreeApplication DataHbToolsv3.0hbtoolsstatic1sales_buttons.res

c:documents and settingsCatharina AndreeApplication DataHbToolsv3.0hbtoolsstatic1t2_bg.res

c:documents and settingsCatharina AndreeApplication DataHbToolsv3.0hbtoolsstatic1theweb.mnu

c:documents and settingsCatharina AndreeApplication DataHbToolsv3.0hbtoolsstatic1top7.cdf

c:documents and settingsCatharina AndreeApplication DataHbToolsv3.0hbtoolsstatic1Top7_theweb.mnu

c:documents and settingsCatharina AndreeApplication DataHbToolsv3.0hbtoolsstatic1tsd_bg.res

c:documents and settingsCatharina AndreeApplication DataHbToolsv3.0hbtoolsstatic1weathericon.res

c:documents and settingsCatharina AndreeApplication DataHbToolsv3.0hbtoolsstaticDownLoadads.xip

c:documents and settingsCatharina AndreeApplication DataHbToolsv3.0hbtoolsstaticDownLoadBtnTrans.xip

c:documents and settingsCatharina AndreeApplication DataHbToolsv3.0hbtoolsstaticDownLoadBtnTrans1.xip

c:documents and settingsCatharina AndreeApplication DataHbToolsv3.0hbtoolsstaticDownLoadbusiness_promo.xip

c:documents and settingsCatharina AndreeApplication DataHbToolsv3.0hbtoolsstaticDownLoadbuttondir.xip

c:documents and settingsCatharina AndreeApplication DataHbToolsv3.0hbtoolsstaticDownLoadcursors.xip

c:documents and settingsCatharina AndreeApplication DataHbToolsv3.0hbtoolsstaticDownLoadd_icons_buttons_1000.xip

c:documents and settingsCatharina AndreeApplication DataHbToolsv3.0hbtoolsstaticDownLoadd_icons_buttons_2000.xip

c:documents and settingsCatharina AndreeApplication DataHbToolsv3.0hbtoolsstaticDownLoadd_icons_buttons_3000.xip

c:documents and settingsCatharina AndreeApplication DataHbToolsv3.0hbtoolsstaticDownLoadd_icons_buttons_bar.xip

c:documents and settingsCatharina AndreeApplication DataHbToolsv3.0hbtoolsstaticDownLoadd_icons_buttons_bbar1.xip

c:documents and settingsCatharina AndreeApplication DataHbToolsv3.0hbtoolsstaticDownLoadd_icons_buttons_logos.xip

c:documents and settingsCatharina AndreeApplication DataHbToolsv3.0hbtoolsstaticDownLoadd_icons_buttons_other.xip

c:documents and settingsCatharina AndreeApplication DataHbToolsv3.0hbtoolsstaticDownLoadd_icons_weather.xip

c:documents and settingsCatharina AndreeApplication DataHbToolsv3.0hbtoolsstaticDownLoaddefault.xip

c:documents and settingsCatharina AndreeApplication DataHbToolsv3.0hbtoolsstaticDownLoademail-t1-bg.xip

c:documents and settingsCatharina AndreeApplication DataHbToolsv3.0hbtoolsstaticDownLoadgamesmenu.xip

c:documents and settingsCatharina AndreeApplication DataHbToolsv3.0hbtoolsstaticDownLoadhb_ie_menu.xip

c:documents and settingsCatharina AndreeApplication DataHbToolsv3.0hbtoolsstaticDownLoadhotbar-premium.xip

c:documents and settingsCatharina AndreeApplication DataHbToolsv3.0hbtoolsstaticDownLoadhotbar_promo.xip

c:documents and settingsCatharina AndreeApplication DataHbToolsv3.0hbtoolsstaticDownLoadicons2.xip

c:documents and settingsCatharina AndreeApplication DataHbToolsv3.0hbtoolsstaticDownLoadie_games_icon.xip

c:documents and settingsCatharina AndreeApplication DataHbToolsv3.0hbtoolsstaticDownLoadie_video.xip

c:documents and settingsCatharina AndreeApplication DataHbToolsv3.0hbtoolsstaticDownLoadkeywords.xip

c:documents and settingsCatharina AndreeApplication DataHbToolsv3.0hbtoolsstaticDownLoadkeywords1.xip

c:documents and settingsCatharina AndreeApplication DataHbToolsv3.0hbtoolsstaticDownLoadlayout.xip

c:documents and settingsCatharina AndreeApplication DataHbToolsv3.0hbtoolsstaticDownLoadlinkpathlegal.xip

c:documents and settingsCatharina AndreeApplication DataHbToolsv3.0hbtoolsstaticDownLoadmore.xip

c:documents and settingsCatharina AndreeApplication DataHbToolsv3.0hbtoolsstaticDownLoadprogress.xip

c:documents and settingsCatharina AndreeApplication DataHbToolsv3.0hbtoolsstaticDownLoads_icons_buttons.xip

c:documents and settingsCatharina AndreeApplication DataHbToolsv3.0hbtoolsstaticDownLoadsales_buttons.xip

c:documents and settingsCatharina AndreeApplication DataHbToolsv3.0hbtoolsstaticDownLoadsamplegroups2.txt

c:documents and settingsCatharina AndreeApplication DataHbToolsv3.0hbtoolsstaticDownLoadsamplegroups2.xip

c:documents and settingsCatharina AndreeApplication DataHbToolsv3.0hbtoolsstaticDownLoadt2_bg.xip

c:documents and settingsCatharina AndreeApplication DataHbToolsv3.0hbtoolsstaticDownLoadtop7.xip

c:documents and settingsCatharina AndreeApplication DataHbToolsv3.0hbtoolsstaticDownLoadtsd_bg.xip

c:documents and settingsCatharina AndreeApplication DataHbToolsv3.0hbtoolsstaticDownLoadweathericon.xip

c:documents and settingsCatharina AndreeApplication DataHotbar

c:documents and settingsCatharina AndreeApplication DataHotbarHbTools.log

c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1030104_emte10_prv.gif

c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1030104_emte11_prv.gif

c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1030104_emte12_prv.gif

c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1030104_emte13_prv.gif

c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1030104_emte14_prv.gif

c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1030104_emte19_prv.gif

c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1030104_emte20_prv.gif

c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1030104_emte21_prv.gif

c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1030104_emte9_prv.gif

c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1030203lib_prv.gif

c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1033102angel_1_prv.gif

c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1033102bigluf_1_prv.gif

c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1033102bigsmile_1_prv.gif

c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1033102birthday_1_prv.gif

c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1033102cheers_1_prv.gif

c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1033102flo_1_prv.gif

c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1033102good_1_prv.gif

c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1033102jump_1_prv.gif

c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1033102king_1_prv.gif

c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1033102lough_1_prv.gif

c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1033102luf_1_prv.gif

c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1033102smile_1_prv.gif

c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1033102smiled_1_prv.gif

c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1033102sor_1_prv.gif

c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1033102thanx_1_prv.gif

c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1033102uhu_1_prv.gif

c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1040103ahh_prv.gif

c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1040103wow_prv.gif

c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1040104_emi2_prv.gif

c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1042102_1134_112_prv.gif

c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1050103big_prv.gif

c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1050103gig_prv.gif

c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1050103hm_prv.gif

c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1050103nomail_emoti_prv.gif

c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1050103norm_prv.gif

c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1060104_ema15_prv.gif

c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1060104_ema16_prv.gif

c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1060104_ema17_prv.gif

c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1060104_ema18_prv.gif

c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1060104_ema19_prv.gif

c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1060104_ema20_prv.gif

c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1060104_ema21_prv.gif

c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1060104_ema24_prv.gif

c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1060104_ema25_prv.gif

c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1060104_ema26_prv.gif

c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1060104_ema30_prv.gif

c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1060104_ema33_prv.gif

c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1060104_ema34_prv.gif

c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1062802hippi_prv.gif

c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1062802jumpie_prv.gif

c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1080402argh_prv.gif

c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1080402oops_prv.gif

c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1080402ouch_prv.gif

c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1082502no_prv.gif

c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1082502yes_prv.gif

c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1110103_boring1_prv.gif

c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1110103_confused_prv.gif

c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1110103_crying_ugly_prv.gif

c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1110103_fantastic_prv.gif

c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1110103_feel_better_prv.gif

c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1110103_gimme_break_prv.gif

c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1110103_heehee_prv.gif

c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1110103_hlopaet_prv.gif

c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1110103_ign_prv.gif

c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1110103_lol_prv.gif

c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1110103_no_comment_prv.gif

c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1110103_peace_prv.gif

c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1110103_smashing_prv.gif

c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1110103_talk2thehand_prv.gif

c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1block_sm.gif

c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1block_sm2.gif

c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1block_smli.gif

c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1block_smli2.gif

c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1blocked.gif

c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1blocked2.gif

c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1btn_add-but.gif

c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1btn_back-but.gif

c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1btn_left_cut_enabled_1.gif

c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1btn_left_enabled_1.gif

c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1btn_left_pressed_1.gif

c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1btn_middle_enabled_1.gif

c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1btn_middle_pressed_1.gif

c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1btn_right_cut_enabled_1.gif

c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1btn_right_enabled_1.gif

c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1btn_right_pressed_1.gif

c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1business_promo.htm

Link to comment
Share on other sites

c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1buttondir.txt

c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1components.cdf

c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1css_cattree.css

c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1css_flashpreview.css

c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1css2_main.css

c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1css2_pagingmodule.css

c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1css2_topbuttons.css

c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1delete.gif

c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1edit_clear_sound.gif

c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1edit_fs.htm

c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1edit_select.gif

c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1email-def-511724-543450.mnu

c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1email-def-511724-548964.mnu

c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1email-def-511724-589306.mnu

c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1email-def-511724-591943.mnu

c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1email-def-511724-592579.mnu

c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1email-def-511724-598579.mnu

c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1email-def-511724-603763.mnu

c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1email-def-511724-9595.mnu

c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1email-def-511724-9696.mnu

c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1email-def-511745-514279.mnu

c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1email-def-email-backgrounds.mnu

c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1email-def-email-bcards.mnu

c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1email-def-email-ecards.mnu

c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1email-def-email-emoticons.mnu

c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1email-def-email-estationery.mnu

c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1email-def-email-funny.mnu

c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1email-def-email-help.mnu

c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1email-def-email-images.mnu

c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1email-def-email-info.mnu

c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1email-def-email-more.mnu

c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1email-def-email-my.mnu

c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1email-def-email-new.mnu

c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1email-def-email-new2.mnu

c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1email-def-email-options.mnu

c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1email-def-email-people.mnu

c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1email-def-email-photo.mnu

c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1email-def-email-tell.mnu

c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1email-def-email-temp.mnu

c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1email-def-email-text.mnu

c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1email-def-email-voice.mnu

c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1email-def.cdf

c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1email-premium-email-premium.mnu

c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1email-t1-bg.res

c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1email-temp-bg.res

c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1estatationery.gif

c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1flashpatch.js

c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1flashpreview.htm

c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1fs3.htm

c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1hotbar_promo.htm

c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1icon_checked_1.gif

c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1icon_close_1.gif

c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1icon_close_pressed_1.gif

c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1icon_edit_preview.gif

c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1icon_edit_send.gif

c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1icon_flash_preview.gif

c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1icon_recently_used.gif

c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1icon_remove_1.gif

c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1icon_remove_pressed_1.gif

c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1icon_sand-clock2.gif

c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1icon_tell_1.gif

c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1icon_tell_pressed_1.gif

c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1icon_tree_null.gif

c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1icon_unchecked_1.gif

c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1icon_unchecked_pressed_1.gif

c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1img_barlayout.gif

c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1img_barlayout2.gif

c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1img_barlayout4.gif

c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1img_corner_left.gif

c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1img_local_logo.gif

c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1js2_basetemplate.js

c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1js2_hbgroups.js

c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1js2_hbobject3.js

c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1js2_hbobjectset3.js

c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1js2_hotbarwrapper.js

c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1js2_iteratorsandreaders3nf.js

c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1js2_pagingmoduleobj3.js

c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1js2_texts3.js

c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1js2_xmltree3nf.js

c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1layout.cdf

c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1linkpathlegal.txt

c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1more.res

c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1n.gif

c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1nav_b_2.gif

c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1nav_bb_2.gif

c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1nav_f_2.gif

c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1nav_ff_2.gif

c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1pro_hb_fo_word.gif

c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1progress.res

c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1sales_buttons.res

c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1searchbtn.gif

c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1submit.gif

c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1tab_bg.gif

c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1tab_bga.gif

c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1tab_bgia.gif

c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1tab_l.gif

c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1tab_la.gif

c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1tab_lia.gif

c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1tab_r.gif

c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1tab_ra.gif

c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1tab_ria.gif

c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1tree_dots.gif

c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1tree_minus.gif

c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1tree_plus.gif

c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1treedata_animations.xml

c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1treedata_backgrounds.xml

c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1treedata_ecards.xml

c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1treedata_emoticons.xml

c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1treedata_notifiers.xml

c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1treedata_text.xml

c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstaticDownLoadbusiness_promo.xip

c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstaticDownLoadbuttondir.xip

c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstaticDownLoadcode.xip

c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstaticDownLoademail-def.xip

c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstaticDownLoademail-t1-bg.xip

c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstaticDownLoademail-temp-bg.xip

c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstaticDownLoadhotbar_promo.xip

c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstaticDownLoadimages.xip

c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstaticDownLoadlayout.xip

c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstaticDownLoadlinkpathlegal.xip

c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstaticDownLoadlocalcontent.xip

c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstaticDownLoadmore.xip

c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstaticDownLoadpro_hb_fo_word.xip

c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstaticDownLoadprogress.xip

c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstaticDownLoadsales_buttons.xip

c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstaticDownLoadtreexml.xip

c:documents and settingsCatharina AndreeApplication DataHotbarv3.0Hotbardynamic3423589.sdf

c:documents and settingsCatharina AndreeApplication DataHotbarv3.0Hotbardynamicdomains.txt

c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HotbardynamicTooltipXML20570

c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HotbardynamicTooltipXML26664

c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HotbardynamicTooltipXML44228

c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HotbardynamicTooltipXML66836

c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HotbardynamicTooltipXML82292

c:documents and settingsCatharina AndreeApplication DataHotbarv3.0Hotbardynamicustat35d1.dat

c:documents and settingsCatharina AndreeApplication DataHotbarv3.0Hotbarstatic1ads.cdf

c:documents and settingsCatharina AndreeApplication DataHotbarv3.0Hotbarstatic1btntrans.idx

c:documents and settingsCatharina AndreeApplication DataHotbarv3.0Hotbarstatic1btntrans1.dat

c:documents and settingsCatharina AndreeApplication DataHotbarv3.0Hotbarstatic1business_promo.htm

c:documents and settingsCatharina AndreeApplication DataHotbarv3.0Hotbarstatic1buttondir.txt

c:documents and settingsCatharina AndreeApplication DataHotbarv3.0Hotbarstatic1components.cdf

c:documents and settingsCatharina AndreeApplication DataHotbarv3.0Hotbarstatic1cursors.res

c:documents and settingsCatharina AndreeApplication DataHotbarv3.0Hotbarstatic1d_icons_buttons_1000.res

c:documents and settingsCatharina AndreeApplication DataHotbarv3.0Hotbarstatic1d_icons_buttons_2000.res

c:documents and settingsCatharina AndreeApplication DataHotbarv3.0Hotbarstatic1d_icons_buttons_3000.res

c:documents and settingsCatharina AndreeApplication DataHotbarv3.0Hotbarstatic1d_icons_buttons_bar.res

c:documents and settingsCatharina AndreeApplication DataHotbarv3.0Hotbarstatic1d_icons_buttons_bbar1.res

c:documents and settingsCatharina AndreeApplication DataHotbarv3.0Hotbarstatic1d_icons_buttons_logos.res

c:documents and settingsCatharina AndreeApplication DataHotbarv3.0Hotbarstatic1d_icons_buttons_other.res

c:documents and settingsCatharina AndreeApplication DataHotbarv3.0Hotbarstatic1d_icons_weather.res

c:documents and settingsCatharina AndreeApplication DataHotbarv3.0Hotbarstatic1default.cdf

c:documents and settingsCatharina AndreeApplication DataHotbarv3.0Hotbarstatic1Default_511745-514279.mnu

c:documents and settingsCatharina AndreeApplication DataHotbarv3.0Hotbarstatic1Default_bidz.mnu

c:documents and settingsCatharina AndreeApplication DataHotbarv3.0Hotbarstatic1Default_bidz1.mnu

c:documents and settingsCatharina AndreeApplication DataHotbarv3.0Hotbarstatic1Default_bidz10.mnu

c:documents and settingsCatharina AndreeApplication DataHotbarv3.0Hotbarstatic1Default_bidz11.mnu

c:documents and settingsCatharina AndreeApplication DataHotbarv3.0Hotbarstatic1Default_bidz12.mnu

c:documents and settingsCatharina AndreeApplication DataHotbarv3.0Hotbarstatic1Default_bidz13.mnu

c:documents and settingsCatharina AndreeApplication DataHotbarv3.0Hotbarstatic1Default_bidz14.mnu

c:documents and settingsCatharina AndreeApplication DataHotbarv3.0Hotbarstatic1Default_bidz15.mnu

c:documents and settingsCatharina AndreeApplication DataHotbarv3.0Hotbarstatic1Default_bidz16.mnu

c:documents and settingsCatharina AndreeApplication DataHotbarv3.0Hotbarstatic1Default_bidz17.mnu

c:documents and settingsCatharina AndreeApplication DataHotbarv3.0Hotbarstatic1Default_bidz18.mnu

c:documents and settingsCatharina AndreeApplication DataHotbarv3.0Hotbarstatic1Default_bidz19.mnu

c:documents and settingsCatharina AndreeApplication DataHotbarv3.0Hotbarstatic1Default_bidz2.mnu

c:documents and settingsCatharina AndreeApplication DataHotbarv3.0Hotbarstatic1Default_bidz20.mnu

c:documents and settingsCatharina AndreeApplication DataHotbarv3.0Hotbarstatic1Default_bidz3.mnu

c:documents and settingsCatharina AndreeApplication DataHotbarv3.0Hotbarstatic1Default_bidz4.mnu

c:documents and settingsCatharina AndreeApplication DataHotbarv3.0Hotbarstatic1Default_bidz5.mnu

c:documents and settingsCatharina AndreeApplication DataHotbarv3.0Hotbarstatic1Default_bidz6.mnu

c:documents and settingsCatharina AndreeApplication DataHotbarv3.0Hotbarstatic1Default_bidz7.mnu

c:documents and settingsCatharina AndreeApplication DataHotbarv3.0Hotbarstatic1Default_bidz8.mnu

c:documents and settingsCatharina AndreeApplication DataHotbarv3.0Hotbarstatic1Default_bidz9.mnu

c:documents and settingsCatharina AndreeApplication DataHotbarv3.0Hotbarstatic1Default_categorize.mnu

c:documents and settingsCatharina AndreeApplication DataHotbarv3.0Hotbarstatic1Default_comparison.mnu

c:documents and settingsCatharina AndreeApplication DataHotbarv3.0Hotbarstatic1Default_em_PROFL_CA_flow_b_IEB.mnu

c:documents and settingsCatharina AndreeApplication DataHotbarv3.0Hotbarstatic1Default_explorer-Mails.mnu

c:documents and settingsCatharina AndreeApplication DataHotbarv3.0Hotbarstatic1Default_explorer-people.mnu

c:documents and settingsCatharina AndreeApplication DataHotbarv3.0Hotbarstatic1Default_favorites.mnu

c:documents and settingsCatharina AndreeApplication DataHotbarv3.0Hotbarstatic1Default_Games.mnu

c:documents and settingsCatharina AndreeApplication DataHotbarv3.0Hotbarstatic1Default_Hide.mnu

c:documents and settingsCatharina AndreeApplication DataHotbarv3.0Hotbarstatic1Default_hotbarcom.mnu

c:documents and settingsCatharina AndreeApplication DataHotbarv3.0Hotbarstatic1Default_Hotmail.mnu

c:documents and settingsCatharina AndreeApplication DataHotbarv3.0Hotbarstatic1Default_hsskin.mnu

c:documents and settingsCatharina AndreeApplication DataHotbarv3.0Hotbarstatic1Default_jemster.mnu

c:documents and settingsCatharina AndreeApplication DataHotbarv3.0Hotbarstatic1Default_jemsterie.mnu

c:documents and settingsCatharina AndreeApplication DataHotbarv3.0Hotbarstatic1Default_jemsteruk.mnu

c:documents and settingsCatharina AndreeApplication DataHotbarv3.0Hotbarstatic1Default_jobsearch.mnu

c:documents and settingsCatharina AndreeApplication DataHotbarv3.0Hotbarstatic1Default_Mails.mnu

c:documents and settingsCatharina AndreeApplication DataHotbarv3.0Hotbarstatic1Default_new.mnu

c:documents and settingsCatharina AndreeApplication DataHotbarv3.0Hotbarstatic1Default_premium.mnu

c:documents and settingsCatharina AndreeApplication DataHotbarv3.0Hotbarstatic1Default_reun.mnu

c:documents and settingsCatharina AndreeApplication DataHotbarv3.0Hotbarstatic1Default_ringtones.mnu

c:documents and settingsCatharina AndreeApplication DataHotbarv3.0Hotbarstatic1Default_SearchBoxTrapper.mnu

c:documents and settingsCatharina AndreeApplication DataHotbarv3.0Hotbarstatic1Default_searchfor.mnu

c:documents and settingsCatharina AndreeApplication DataHotbarv3.0Hotbarstatic1Default_searchgo.mnu

c:documents and settingsCatharina AndreeApplication DataHotbarv3.0Hotbarstatic1Default_weather.mnu

c:documents and settingsCatharina AndreeApplication DataHotbarv3.0Hotbarstatic1Default_yellowpages.mnu

c:documents and settingsCatharina AndreeApplication DataHotbarv3.0Hotbarstatic1email-def-511724-548964.mnu

c:documents and settingsCatharina AndreeApplication DataHotbarv3.0Hotbarstatic1email-def-511724-9595.mnu

c:documents and settingsCatharina AndreeApplication DataHotbarv3.0Hotbarstatic1email-t1-bg.res

c:documents and settingsCatharina AndreeApplication DataHotbarv3.0Hotbarstatic1gamesmenu.cdf

c:documents and settingsCatharina AndreeApplication DataHotbarv3.0Hotbarstatic1gamesMenu.mnu

c:documents and settingsCatharina AndreeApplication DataHotbarv3.0Hotbarstatic1hb_ie_menu.res

c:documents and settingsCatharina AndreeApplication DataHotbarv3.0Hotbarstatic1hotbar-premium-hotbar-premium.mnu

c:documents and settingsCatharina AndreeApplication DataHotbarv3.0Hotbarstatic1hotbar-premium.cdf

c:documents and settingsCatharina AndreeApplication DataHotbarv3.0Hotbarstatic1hotbar_promo.htm

c:documents and settingsCatharina AndreeApplication DataHotbarv3.0Hotbarstatic1icons2.res

c:documents and settingsCatharina AndreeApplication DataHotbarv3.0Hotbarstatic1ie_games_icon.res

c:documents and settingsCatharina AndreeApplication DataHotbarv3.0Hotbarstatic1ie_video.res

c:documents and settingsCatharina AndreeApplication DataHotbarv3.0Hotbarstatic1keywords.idx

c:documents and settingsCatharina AndreeApplication DataHotbarv3.0Hotbarstatic1keywords1.dat

c:documents and settingsCatharina AndreeApplication DataHotbarv3.0Hotbarstatic1layout.cdf

c:documents and settingsCatharina AndreeApplication DataHotbarv3.0Hotbarstatic1linkpathlegal.txt

Link to comment
Share on other sites

c:documents and settingsCatharina AndreeApplication DataHotbarv3.0Hotbarstatic1more.res

c:documents and settingsCatharina AndreeApplication DataHotbarv3.0Hotbarstatic1new_games.mnu

c:documents and settingsCatharina AndreeApplication DataHotbarv3.0Hotbarstatic1progress.res

c:documents and settingsCatharina AndreeApplication DataHotbarv3.0Hotbarstatic1s_icons_buttons.res

c:documents and settingsCatharina AndreeApplication DataHotbarv3.0Hotbarstatic1sales_buttons.res

c:documents and settingsCatharina AndreeApplication DataHotbarv3.0Hotbarstatic1t2_bg.res

c:documents and settingsCatharina AndreeApplication DataHotbarv3.0Hotbarstatic1theweb.mnu

c:documents and settingsCatharina AndreeApplication DataHotbarv3.0Hotbarstatic1top7.cdf

c:documents and settingsCatharina AndreeApplication DataHotbarv3.0Hotbarstatic1Top7_theweb.mnu

c:documents and settingsCatharina AndreeApplication DataHotbarv3.0Hotbarstatic1tsd_bg.res

c:documents and settingsCatharina AndreeApplication DataHotbarv3.0Hotbarstatic1weathericon.res

c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HotbarstaticDownLoadads.xip

c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HotbarstaticDownLoadBtnTrans.xip

c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HotbarstaticDownLoadBtnTrans1.xip

c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HotbarstaticDownLoadbusiness_promo.xip

c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HotbarstaticDownLoadbuttondir.xip

c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HotbarstaticDownLoadcursors.xip

c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HotbarstaticDownLoadd_icons_buttons_1000.xip

c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HotbarstaticDownLoadd_icons_buttons_2000.xip

c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HotbarstaticDownLoadd_icons_buttons_3000.xip

c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HotbarstaticDownLoadd_icons_buttons_bar.xip

c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HotbarstaticDownLoadd_icons_buttons_bbar1.xip

c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HotbarstaticDownLoadd_icons_buttons_logos.xip

c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HotbarstaticDownLoadd_icons_buttons_other.xip

c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HotbarstaticDownLoadd_icons_weather.xip

c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HotbarstaticDownLoaddefault.xip

c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HotbarstaticDownLoademail-t1-bg.xip

c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HotbarstaticDownLoadgamesmenu.xip

c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HotbarstaticDownLoadhb_ie_menu.xip

c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HotbarstaticDownLoadhotbar-premium.xip

c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HotbarstaticDownLoadhotbar_promo.xip

c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HotbarstaticDownLoadicons2.xip

c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HotbarstaticDownLoadie_games_icon.xip

c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HotbarstaticDownLoadie_video.xip

c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HotbarstaticDownLoadkeywords.xip

c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HotbarstaticDownLoadkeywords1.xip

c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HotbarstaticDownLoadlayout.xip

c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HotbarstaticDownLoadlinkpathlegal.xip

c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HotbarstaticDownLoadmore.xip

c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HotbarstaticDownLoadprogress.xip

c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HotbarstaticDownLoads_icons_buttons.xip

c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HotbarstaticDownLoadsales_buttons.xip

c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HotbarstaticDownLoadsamplegroups2.txt

c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HotbarstaticDownLoadsamplegroups2.xip

c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HotbarstaticDownLoadt2_bg.xip

c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HotbarstaticDownLoadtop7.xip

c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HotbarstaticDownLoadtsd_bg.xip

c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HotbarstaticDownLoadweathericon.xip

c:windowsadmintxt.txt

c:windowssystem32adqaiwsk.ini

c:windowssystem32AGQtttwa.ini

c:windowssystem32AGQtttwa.ini2

c:windowssystem32amacourm.ini

c:windowssystem32asfvmwav.dll

c:windowssystem32boypgkdx.ini

c:windowssystem32bqpwcght.ini

c:windowssystem32cxhutwme.ini

c:windowssystem32DcLooUtv.ini

c:windowssystem32DcLooUtv.ini2

c:windowssystem32dcrhnjxb.ini

c:windowssystem32fNmSYcfe.ini

c:windowssystem32fNmSYcfe.ini2

c:windowssystem32fplotele.ini

c:windowssystem32fusukl.dll

c:windowssystem32gbcrokbl.ini

c:windowssystem32havgnxgs.ini

c:windowssystem32icgplrml.ini

c:windowssystem32ipfgwadu.ini

c:windowssystem32jhuhswef.dll

c:windowssystem32jjlcpctf.ini

c:windowssystem32miurueqr.ini

c:windowssystem32mjmkra.dll

c:windowssystem32mlbpekns.ini

c:windowssystem32nbsgkhps.ini

c:windowssystem32neaijxto.ini

c:windowssystem32ocmjro.dll

c:windowssystem32oddowp.dll

c:windowssystem32oeuvqjwq.ini

c:windowssystem32phiekinj.ini

c:windowssystem32rwwiluhl.ini

c:windowssystem32stmdfjch.ini

c:windowssystem32tyqyfsmm.ini

c:windowssystem32udqmtogp.ini

c:windowssystem32wpfimnuo.ini

c:windowssystem32wvvwa.bak2

c:windowssystem32wvvwa.tmp

c:windowssystem32WxbLRqru.ini

c:windowssystem32WxbLRqru.ini2

c:windowssystem32xdfuyofj.ini

c:windowssystem32xwmdullu.dll

c:windowssystem32yndpprqb.ini

.

(((((((((((((((((((((((((  Files Created from 2008-10-10 to 2008-11-10  )))))))))))))))))))))))))))))))

.

2008-11-10 12:28 . 2008-11-10 12:28 <KAT> d-------- c:programCCleaner

2008-11-09 15:44 . 2008-11-09 15:44 <KAT> d-------- c:programMalwarebytes' Anti-Malware

2008-11-09 15:44 . 2008-11-09 15:44 <KAT> d-------- c:documents and settingsCatharina AndreeApplication DataMalwarebytes

2008-11-09 15:44 . 2008-11-09 15:44 <KAT> d-------- c:documents and settingsAll UsersApplication DataMalwarebytes

2008-11-09 15:44 . 2008-10-22 16:10 38,496 --a------ c:windowssystem32driversmbamswissarmy.sys

2008-11-09 15:44 . 2008-10-22 16:10 15,504 --a------ c:windowssystem32driversmbam.sys

2008-11-09 14:36 . 2008-11-09 14:36 <KAT> d-------- c:programTrend Micro

2008-11-09 12:12 . 2008-04-14 18:04 116,224 --a------ c:windowssystem32dllcachexrxwiadr.dll

2008-11-09 12:12 . 2001-08-18 06:37 99,865 --a------ c:windowssystem32dllcachexlog.exe

2008-11-09 12:12 . 2001-09-06 20:33 27,648 --a------ c:windowssystem32dllcachexrxftplt.exe

2008-11-09 12:12 . 2001-09-06 20:33 23,040 --a------ c:windowssystem32dllcachexrxwbtmp.dll

2008-11-09 12:12 . 2004-08-03 22:29 19,455 --a------ c:windowssystem32dllcachewvchntxx.sys

2008-11-09 12:12 . 2008-04-14 18:04 18,944 --a------ c:windowssystem32dllcachexrxscnui.dll

2008-11-09 12:12 . 2001-08-17 20:11 16,970 --a------ c:windowssystem32dllcachexem336n5.sys

2008-11-09 12:12 . 2004-08-03 22:29 12,063 --a------ c:windowssystem32dllcachewsiintxx.sys

2008-11-09 12:12 . 2008-04-14 18:04 8,192 --a------ c:windowssystem32dllcachewshirda.dll

2008-11-09 12:12 . 2001-09-06 20:33 4,608 --a------ c:windowssystem32dllcachexrxflnch.exe

2008-11-09 12:11 . 2001-08-17 21:28 771,581 --a------ c:windowssystem32dllcachewinacisa.sys

2008-11-09 12:11 . 2001-08-17 21:28 701,386 --a------ c:windowssystem32dllcachewdhaalba.sys

2008-11-09 12:11 . 2004-08-03 22:31 154,624 --a------ c:windowssystem32dllcachewlluc48.sys

2008-11-09 12:11 . 2001-09-06 20:33 87,040 --a------ c:windowssystem32dllcachewiafbdrv.dll

2008-11-09 12:11 . 2001-09-06 20:33 54,272 --a------ c:windowssystem32dllcachewiamsmud.dll

2008-11-09 12:11 . 2004-08-04 12:00 41,600 --a------ c:windowssystem32dllcacheweitekp9.dll

2008-11-09 12:11 . 2001-08-17 20:10 35,871 --a------ c:windowssystem32dllcachewbfirdma.sys

2008-11-09 12:11 . 2001-09-06 19:56 34,890 --a------ c:windowssystem32dllcachewlandrv2.sys

2008-11-09 12:11 . 2008-04-14 17:36 31,872 --a------ c:windowssystem32dllcachewceusbsh.sys

2008-11-09 12:11 . 2004-08-04 12:00 31,232 --a------ c:windowssystem32dllcacheweitekp9.sys

2008-11-09 12:11 . 2004-08-03 22:29 23,615 --a------ c:windowssystem32dllcachewch7xxnt.sys

2008-11-09 12:11 . 2008-04-13 20:36 8,832 --a------ c:windowssystem32dllcachewmiacpi.sys

2008-11-09 12:09 . 2001-08-17 21:28 794,654 --a------ c:windowssystem32dllcacheusr1801.sys

2008-11-09 12:08 . 2001-09-06 20:33 216,064 --a------ c:windowssystem32dllcacheum34scan.dll

2008-11-09 12:08 . 2001-09-06 20:33 211,968 --a------ c:windowssystem32dllcacheum54scan.dll

2008-11-09 12:08 . 2001-08-17 20:51 166,784 --a------ c:windowssystem32dllcachetridxpm.sys

2008-11-09 12:08 . 2001-09-06 20:33 69,632 --a------ c:windowssystem32dllcacheumaxu12.dll

2008-11-09 12:08 . 2001-09-06 20:33 50,688 --a------ c:windowssystem32dllcacheumaxscan.dll

2008-11-09 12:08 . 2001-09-06 20:33 50,176 --a------ c:windowssystem32dllcacheumaxp60.dll

2008-11-09 12:08 . 2001-09-06 20:33 47,616 --a------ c:windowssystem32dllcacheumaxcam.dll

2008-11-09 12:08 . 2001-09-06 20:33 28,160 --a------ c:windowssystem32dllcacheumaxu40.dll

2008-11-09 12:08 . 2001-09-06 20:33 26,624 --a------ c:windowssystem32dllcacheumaxu22.dll

2008-11-09 12:08 . 2001-08-17 21:58 22,912 --a------ c:windowssystem32dllcacheumaxpcls.sys

2008-11-09 12:08 . 2004-08-04 12:00 14,336 --a------ c:windowssystem32dllcachetsprof.exe

2008-11-09 12:08 . 2001-08-17 21:48 11,520 --a------ c:windowssystem32dllcachetwotrack.sys

2008-11-09 12:06 . 2001-09-06 20:33 172,768 --a------ c:windowssystem32dllcachet2r4disp.dll

2008-11-09 12:05 . 2001-09-06 19:47 285,760 --a------ c:windowssystem32dllcachestlnata.sys

2008-11-09 12:04 . 2001-09-06 20:33 147,200 --a------ c:windowssystem32dllcachesmidispb.dll

2008-11-09 12:03 . 2001-09-06 20:33 386,560 --a------ c:windowssystem32dllcachesgiul50.dll

2008-11-09 12:02 . 2001-09-06 20:32 495,616 --a------ c:windowssystem32dllcachesblfx.dll

2008-11-09 12:01 . 2001-09-06 20:33 210,496 --a------ c:windowssystem32dllcaches3mvirge.dll

2008-11-09 12:00 . 2001-09-06 20:09 899,274 --a------ c:windowssystem32dllcacher2mdkxga.sys

2008-11-09 11:59 . 2008-04-14 18:04 363,520 --a------ c:windowssystem32dllcachepsisdecd.dll

2008-11-09 11:58 . 2008-04-13 20:46 61,696 --a------ c:windowssystem32dllcacheohci1394.sys

2008-11-09 11:58 . 2001-08-17 20:20 54,528 --a------ c:windowssystem32dllcacheopl3sax.sys

2008-11-09 11:58 . 2001-09-06 20:06 54,314 --a------ c:windowssystem32dllcacheotcsercb.sys

2008-11-09 11:58 . 2001-09-06 20:06 43,817 --a------ c:windowssystem32dllcacheotceth5.sys

2008-11-09 11:58 . 2001-08-17 22:05 31,872 --a------ c:windowssystem32dllcacheovce.sys

2008-11-09 11:58 . 2001-08-17 20:12 30,495 --a------ c:windowssystem32dllcachepc100nds.sys

2008-11-09 11:58 . 2001-08-17 20:11 30,282 --a------ c:windowssystem32dllcachepcntn5hl.sys

2008-11-09 11:58 . 2001-08-17 20:11 29,769 --a------ c:windowssystem32dllcachepcntn5m.sys

2008-11-09 11:58 . 2004-08-03 22:31 29,502 --a------ c:windowssystem32dllcachepca200e.sys

2008-11-09 11:58 . 2001-08-17 20:12 27,209 --a------ c:windowssystem32dllcacheotc06x5.sys

2008-11-09 11:58 . 2001-08-17 20:12 26,153 --a------ c:windowssystem32dllcachepcmlm56.sys

2008-11-09 11:58 . 2001-08-17 22:05 25,216 --a------ c:windowssystem32dllcacheovsound2.sys

2008-11-09 11:58 . 2001-08-17 22:05 25,088 --a------ c:windowssystem32dllcacheovca.sys

2008-11-09 11:56 . 2001-09-06 19:59 129,536 --a------ c:windowssystem32dllcachen100325.sys

2008-11-09 11:55 . 2001-09-06 19:54 320,384 --a------ c:windowssystem32dllcachemgaum.sys

2008-11-09 11:54 . 2001-08-17 21:28 802,683 --a------ c:windowssystem32dllcacheltsm.sys

2008-11-09 11:53 . 2008-04-14 18:04 253,952 --a------ c:windowssystem32dllcachekdsusd.dll

2008-11-09 11:52 . 2001-09-06 20:33 372,824 --a------ c:windowssystem32dllcacheiconf32.dll

2008-11-09 11:51 . 2008-04-14 18:04 702,845 --a------ c:windowssystem32dllcachei81xdnt5.dll

2008-11-09 11:50 . 2001-09-06 20:33 324,608 --a------ c:windowssystem32dllcachehpojwia.dll

2008-11-09 11:49 . 2001-09-06 20:32 1,733,120 --a------ c:windowssystem32dllcacheg400d.dll

2008-11-09 11:48 . 2004-08-03 22:32 137,088 --a------ c:windowssystem32dllcacheessm2e.sys

2008-11-09 11:47 . 2001-09-06 20:03 634,134 --a------ c:windowssystem32dllcacheel656ct5.sys

2008-11-09 11:46 . 2004-08-04 12:00 514,587 --a------ c:windowssystem32dllcacheedb500.dll

2008-11-09 11:46 . 2001-08-17 20:20 334,208 --a------ c:windowssystem32dllcacheds1wdm.sys

2008-11-09 11:46 . 2001-08-17 20:10 69,692 --a------ c:windowssystem32dllcacheel575nd5.sys

2008-11-09 11:46 . 2001-08-17 20:11 69,194 --a------ c:windowssystem32dllcacheel656cd5.sys

2008-11-09 11:46 . 2001-08-17 20:10 55,999 --a------ c:windowssystem32dllcacheel556nd5.sys

2008-11-09 11:46 . 2001-09-06 20:03 51,231 --a------ c:windowssystem32dllcachee1000nt5.sys

2008-11-09 11:46 . 2001-09-06 20:03 44,103 --a------ c:windowssystem32dllcacheel515.sys

2008-11-09 11:46 . 2001-08-17 20:10 26,141 --a------ c:windowssystem32dllcacheel589nd5.sys

2008-11-09 11:46 . 2001-08-17 20:10 24,653 --a------ c:windowssystem32dllcacheel574nd4.sys

2008-11-09 11:46 . 2008-04-14 18:05 20,992 --a------ c:windowssystem32dllcachedshowext.ax

2008-11-09 11:46 . 2001-08-17 20:12 19,594 --a------ c:windowssystem32dllcachee100isa4.sys

2008-11-09 11:44 . 2001-09-06 20:33 421,405 --a------ c:windowssystem32dllcachedgconfig.dll

2008-11-09 11:43 . 2008-04-14 18:04 250,880 --a------ c:windowssystem32dllcachectmasetp.dll

2008-11-09 11:42 . 2001-09-06 19:54 980,034 --a------ c:windowssystem32dllcachecicap.sys

2008-11-09 11:41 . 2001-09-06 19:53 714,826 --a------ c:windowssystem32dllcachecbmdmkxx.sys

2008-11-09 11:40 . 2001-08-17 21:28 871,388 --a------ c:windowssystem32dllcachebcmdm.sys

2008-11-09 11:39 . 2001-08-17 21:28 762,780 --a------ c:windowssystem32dllcache3cwmcru.sys

2008-11-09 11:38 . 2001-09-06 20:33 66,048 --a------ c:windowssystem32dllcaches3legacy.dll

2008-11-09 11:20 . 2008-11-09 11:21 <KAT> d-------- c:documents and settingsmatildaAmanda

2008-11-08 21:29 . 2004-09-16 09:49 <KAT> dr------- c:documents and settingsAdministratör.CATHAStart-meny

2008-11-08 21:29 . 2004-09-16 09:49 <KAT> dr------- c:documents and settingsAdministratör.CATHAStart-meny

2008-11-08 21:29 . 2006-04-12 14:07 <KAT> d-------- c:documents and settingsAdministratör.CATHASkrivbord

2008-11-08 21:29 . 2006-04-12 14:07 <KAT> d-------- c:documents and settingsAdministratör.CATHASkrivbord

2008-11-08 21:29 . 2004-09-16 09:49 <KAT> d--h----- c:documents and settingsAdministratör.CATHASkrivare

2008-11-08 21:29 . 2004-09-16 09:49 <KAT> d--h----- c:documents and settingsAdministratör.CATHASkrivare

2008-11-08 21:29 . 2004-09-16 09:49 <KAT> d--h----- c:documents and settingsAdministratör.CATHANätverket

2008-11-08 21:29 . 2004-09-16 09:49 <KAT> d--h----- c:documents and settingsAdministratör.CATHANätverket

2008-11-08 21:29 . 2004-09-16 10:00 <KAT> dr------- c:documents and settingsAdministratör.CATHAMina dokument

2008-11-08 21:29 . 2004-09-16 10:00 <KAT> dr------- c:documents and settingsAdministratör.CATHAMina dokument

2008-11-08 21:29 . 2004-09-16 09:49 <KAT> d--h----- c:documents and settingsAdministratör.CATHAMallar

2008-11-08 21:29 . 2004-09-16 09:49 <KAT> d--h----- c:documents and settingsAdministratör.CATHAMallar

2008-11-08 21:29 . 2008-11-10 19:26 <KAT> d--h----- c:documents and settingsAdministratör.CATHALokala inställningar

2008-11-08 21:29 . 2008-11-10 19:26 <KAT> d--h----- c:documents and settingsAdministratör.CATHALokala inställningar

2008-11-08 21:29 . 2004-09-16 10:00 <KAT> dr------- c:documents and settingsAdministratör.CATHAFavoriter

2008-11-08 21:29 . 2004-09-16 10:00 <KAT> dr------- c:documents and settingsAdministratör.CATHAFavoriter

2008-11-08 21:29 . 2008-11-08 21:29 <KAT> d-------- c:documents and settingsAdministratör.CATHA

2008-11-06 09:53 . 2008-11-06 09:53 <KAT> dr-hs---- C:XXXresycled

2008-11-06 09:40 . 2008-11-06 10:33 2,444 --a------ C:XXXautorun.PNF

2008-11-06 09:21 . 2008-11-06 09:24 103 -rahs---- C:XXautorun.XXinf

2008-11-05 20:39 . 2008-11-05 20:39 2,444 --a------ C:XXautorun.XXPNF

2008-11-04 13:54 . 2008-11-04 13:55 97,943 --a------ c:windowswebcodec.exe

2008-11-03 23:17 . 2008-11-03 23:19 97,943 --a------ c:windowswebconfig32.exe

2008-11-03 13:39 . 2008-11-03 13:39 113,152 --a------ c:windowssystem32nwwjjgms.dll

2008-11-03 02:14 . 2008-11-06 09:51 <KAT> dr-hs---- C:XXresycled

2008-11-01 14:05 . 2008-11-10 12:58 <KAT> d-------- c:programFighters

2008-11-01 14:05 . 2008-11-01 14:05 <KAT> d-------- c:documents and settingsAll UsersApplication DataFighters

2008-10-27 22:55 . 2008-11-01 17:02 77,937 --a------ c:windowssystem32weenaeelycpjeprre.exe

2008-10-18 13:22 . 2008-10-18 13:22 <KAT> d-------- c:windowssystem32sv

2008-10-18 13:22 . 2008-10-18 13:22 <KAT> d-------- c:windowssystem32bits

2008-10-18 13:22 . 2008-10-18 13:22 <KAT> d-------- c:windowsl2schemas

2008-10-18 13:19 . 2008-10-18 13:23 <KAT> d-------- c:windowsServicePackFiles

2008-10-18 13:09 . 2008-10-18 13:09 <KAT> d-------- c:windowsEHome

.

((((((((((((((((((((((((((((((((((((((((  Find3M Report  ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-11-10 11:55 --------- d-----w c:programDelade filerSymantec Shared

2008-11-06 11:37 --------- d-----w c:documents and settingsAll UsersApplication DataSymantec

2008-11-06 09:41 --------- d-----w c:programNorton Internet Security

2008-11-04 17:08 --------- d-----w c:programNorton Security Scan

2008-11-03 18:43 --------- d-----w c:programLimeWire

2008-11-03 18:43 --------- d-----w c:programIncomplete

2008-10-07 21:25 --------- d-----w c:documents and settingsCatharina AndreeApplication DataLimeWire

2008-10-03 17:26 6,066,176 ------w c:windowssystem32dllcacheieframe.dll

2008-10-02 17:21 --------- d-----w c:programVision Park

2008-09-30 16:05 --------- d---a-w c:documents and settingsAll UsersApplication DataTEMP

2008-09-30 15:51 --------- d-----w c:programGamenext

2008-09-30 15:51 --------- d-----w c:documents and settingsAll UsersApplication DataPlayFirst

2008-09-15 15:27 1,846,400 ----a-w c:windowssystem32win32k.sys

2008-09-15 15:27 1,846,400 ----a-w c:windowssystem32dllcachewin32k.sys

2008-09-10 10:38 --------- d-----w c:documents and settingsAll UsersApplication DataSandlot Games

2008-09-08 10:41 333,824 ----a-w c:windowssystem32dllcachesrv.sys

2008-08-27 09:27 3,593,216 ----a-w c:windowssystem32dllcachemshtml.dll

2008-08-26 08:27 826,368 ----a-w c:windowssystem32wininet.dll

2008-08-26 08:27 826,368 ----a-w c:windowssystem32dllcachewininet.dll

2008-08-26 08:27 671,232 ----a-w c:windowssystem32dllcachemstime.dll

2008-08-26 08:27 477,696 ----a-w c:windowssystem32dllcachemshtmled.dll

2008-08-26 08:27 44,544 ----a-w c:windowssystem32dllcachepngfilt.dll

2008-08-26 08:27 233,472 ----a-w c:windowssystem32dllcachewebcheck.dll

2008-08-26 08:27 193,024 ----a-w c:windowssystem32dllcachemsrating.dll

2008-08-26 08:27 105,984 ----a-w c:windowssystem32dllcacheurl.dll

2008-08-26 08:27 102,912 ----a-w c:windowssystem32dllcacheoccache.dll

2008-08-26 08:27 1,159,680 ----a-w c:windowssystem32dllcacheurlmon.dll

2008-08-25 08:43 70,656 ----a-w c:windowssystem32dllcacheie4uinit.exe

2008-08-25 08:38 13,824 ------w c:windowssystem32dllcacheieudinit.exe

2008-08-23 05:56 635,848 ----a-w c:windowssystem32dllcacheiexplore.exe

2008-08-23 05:54 161,792 ----a-w c:windowssystem32dllcacheieakui.dll

2008-08-14 13:27 2,189,952 ----a-w c:windowssystem32ntoskrnl.exe

2008-08-14 13:27 2,189,952 ----a-w c:windowssystem32dllcachentoskrnl.exe

2008-08-14 13:27 2,066,816 ----a-w c:windowssystem32ntkrnlpa.exe

2008-08-14 13:27 2,066,816 ----a-w c:windowssystem32dllcachentkrnlpa.exe

2008-08-14 10:04 138,496 ----a-w c:windowssystem32dllcacheafd.sys

.

(((((((((((((((((((((((((((((((((((((  Reg Loading Points  ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]

"ctfmon.exe"="c:windowssystem32ctfmon.exe" [2008-04-14 15360]

"WMPNSCFG"="c:programWindows Media PlayerWMPNSCFG.exe" [2006-11-15 204288]

"swg"="c:programGoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe" [2007-10-12 68856]

"MsnMsgr"="c:programWindows LiveMessengermsnmsgr.exe" [2007-10-18 5724184]

"gStart"="c:garmingStart.exe" [2007-08-23 1891416]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]

"Symantec PIF AlertEng"="c:programDelade filerSymantec SharedPIF{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}PIFSvc.exe" [2008-01-29 583048]

"SweetIM"="c:programMacrogamingSweetIMSweetIM.exe" [2008-01-02 103712]

"SunJavaUpdateSched"="c:programJavajre1.6.0_05binjusched.exe" [2008-02-22 144784]

"QuickTime Task"="c:programQuickTimeqttask.exe" [2007-05-18 98304]

"LXSUPMON"="c:windowssystem32LXSUPMON.EXE" [2002-01-28 885760]

"igfxtray"="c:windowssystem32igfxtray.exe" [2005-09-20 94208]

"igfxpers"="c:windowssystem32igfxpers.exe" [2005-09-20 114688]

"igfxhkcmd"="c:windowssystem32hkcmd.exe" [2005-09-20 77824]

"DVDLauncher"="c:programCyberLinkPowerDVDDVDLauncher.exe" [2004-04-26 53248]

"ccApp"="c:programDelade filerSymantec SharedccApp.exe" [2007-03-01 52840]

"Adobe Reader Speed Launcher"="c:programAdobeReader 8.0ReaderReader_sl.exe" [2008-01-11 39792]

[HKEY_USERS.DEFAULTSoftwareMicrosoftWindowsCurrentVersionRun]

"CTFMON.EXE"="c:windowssystem32CTFMON.EXE" [2008-04-14 15360]

[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversionwindows]

"AppInit_DLLs"=bjxykt.dll

HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregC:

HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregC:WINDOWS

HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregc:windowssystem32

[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity center]

"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity centerMonitoringSymantecAntiVirus]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity centerMonitoringSymantecFirewall]

"DisableMonitoring"=dword:00000001

[HKLM~servicessharedaccessparametersfirewallpolicystandardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM~servicessharedaccessparametersfirewallpolicystandardprofileAuthorizedApplicationsList]

"%windir%system32sessmgr.exe"=

"c:ProgramMicrosoft GamesZoo Tycoon 2 Trial Versionzt2demoretail.exe"=

"c:ProgramMicrosoft GamesZoo Tycoon 2 Endangered Species Trial Versionzt.exe"=

"c:ProgramMessengermsmsgs.exe"=

"c:ProgramuTorrentuTorrent.exe"=

"c:ProgramLimeWireLimeWire.exe"=

"%windir%Network Diagnosticxpnetdiag.exe"=

"c:ProgramWindows LiveMessengermsnmsgr.exe"=

"c:ProgramWindows LiveMessengerlivecall.exe"=

R2 Automatisk LiveUpdate-schemaläggare;Automatisk LiveUpdate-schemaläggare;c:programSymantecLiveUpdateALUSchedulerSvc.exe [2006-02-28 100032]

R2 MSSQL$SPCS;MSSQL$SPCS;c:programMicrosoft SQL ServerMSSQL$SPCSBinnsqlservr.exe [2002-12-17 7520337]

S1 bf29d896;bf29d896;c:windowssystem32driversbf29d896.sys [ ]

S3 SQLAgent$SPCS;SQLAgent$SPCS;c:programMicrosoft SQL ServerMSSQL$SPCSBinnsqlagent.EXE [2002-12-17 311872]

S3 V0260VID;Live! Cam Vista IM;c:windowssystem32DRIVERSV0260Vid.sys [2006-04-01 162176]

*Newly Created Service* - COMHOST

*Newly Created Service* - PROCEXP90

.

Contents of the 'Scheduled Tasks' folder

2008-11-04 c:windowsTasksAppleSoftwareUpdate.job

- c:programApple Software UpdateSoftwareUpdate.exe [2007-06-03 12:42]

2008-11-10 c:windowsTasksKontrollera uppdateringar för Windows Live Toolbar.job

- c:programWindows Live ToolbarMSNTBUP.EXE [2007-10-19 11:20]

2008-10-24 c:windowsTasksNorton AntiVirus - Sök igenom datorn - Catharina Andree.job

- c:programNORTON~1NORTON~1Navw32.exe [2007-05-28 11:00]

.

- - - - ORPHANS REMOVED - - - -

BHO-{15f1de2b-e547-f1d4-f82d-d5bfd4ee2e0e} - c:windowssystem32tuyrgsacxlt.dll

HKCU-Run-BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - c:programDelade filerAheadLibNMBgMonitor.exe

HKLM-Run-c:windowssystem32kdihl.exe - c:windowssystem32kdihl.exe

HKLM-Run-WinampAgent - c:programWinampwianmpa.exe

Notify-wvukjbcb - wvUkJbcB.dll

MSConfigStartUp-kdihl - c:windowssystem32kdihl.exe

.

------- Supplementary Scan -------

.

R0 -: HKCU-Main,Start Page = https://upplandsbro.skola24.se/

R0 -: HKCU-Main,SearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

R0 -: HKLM-Main,Start Page = hxxp://www1.euro.dell.com/content/default.aspx?c=se&l=sv&s=gen

R1 -: HKCU-Internet Connection Wizard,ShellNext = iexplore

R1 -: HKCU-SearchURL,(Default) = hxxp://www.google.com/search?q=%s

O8 -: &Winamp Toolbar Search - c:documents and settingsAll UsersApplication DataWinamp ToolbarieToolbarresourcesen-USlocalsearch.html

O8 -: &Windows Live Search - c:programWindows Live Toolbarmsntb.dll/search.htm

O8 -: Add to AMV Converter... - c:programMP3 Player Utilities 4.15AMVConvertergrab.html

O8 -: E&xportera till Microsoft Excel - c:programMICROS~2OFFICE11EXCEL.EXE/3000

O8 -: MediaManager tool grab multimedia file - c:programMP3 Player Utilities 4.15MediaManagergrab.html

O16 -: {45A0A292-ECC6-4D8F-9EA9-A4BD411D24C1} - hxxp://www.king.com/ctl/kingcomie.cab

c:windowsDownloaded Program FilesKingComIE.inf

c:windowsKingComIE.dll

O16 -: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://game12.zylom.com/activex/zylomgamesplayer.cab

c:windowsDownloaded Program FilesZylomGamesPlayer.inf

c:windowsDownloaded Program Fileszylomgamesplayer.dll

.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-11-10 19:27:00

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

Completion time: 2008-11-10 19:30:59

ComboFix-quarantined-files.txt  2008-11-10 18:30:52

Pre-Run: 118 855 516 160 byte ledigt

Post-Run: 119,356,342,272 byte ledigt

824 --- E O F --- 2008-10-19 07:21:51

Link to comment
Share on other sites

Hej StefanT!

Så om det är avsiktligt eller inte som MyWaySA och Macrogaming är installerat vet jag inte, men det är inget som vi kommer sakna om man ska ta bort dessa. Detsamma är det med bakgrundsbilden. Tyckte att Combofix verkade ta bort en del filer i  MyWaySA när det kördes i alla fall.

Ok då åtgärdar vi detta lite senare i procedurerna  ;)

Det var inte lite som ComboFix hittade samt åtgärdade. Mycket bra.

Skall strax ta mig an ComboFixloggan och gå igenom den mer grundligare för att se om där finns mer som behöver åtgärdas. Detta kommer att ta en stund så håll ut så länge.

Under tiden gör nedanstående två procedurer:

Ser att du har en äldre version av Javan installerad (en säkerhetsrisk). Den nyare heter Java Runtime Environment (JRE) 6 Update 10.

=> Java Runtime Environment (JRE) 6 Update 10

Skriv ut nedanstående eller kopiera det till ett textdokument och spara det till skrivbordet.

Läs/Följ instruktionerna mycket noga:

Hämta hem SDFix:

=> SDFix

1: Spara SDFix.exe till skrivbordet

2: Klicka på SDFix.exe

3: SDFixen packas upp här => C:SDFix.

4: Starta om datorn till felsäkert läge (tryck F8-Tangenten upprepade gånger under uppstarten och välj felsäkert läge):

5: Navigera dig fram till => C:SDFix  => Klicka på runthis.bat  => Välj Y.

6: När scanningen är klar så tryck på valfri tangent för att starta om datorn.

7: När det står finished så tryck på valfri tangent. En logg kommer automatiskt att visas, kopiera in loggan hit till din tråd.

Gör även en ny TM HJT-logga, kopiera in den hit.

MVH/Malou

Link to comment
Share on other sites

Hej

Här kommer eftermiddagens resultat. Tog bort Macrogaming och MyWaySA via installera/avinstallera program.

M.v.h

Stefan

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 17:43:21, on 2008-11-11

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16735)

Boot mode: Normal

Running processes:

C:WINDOWSSystem32smss.exe

C:WINDOWSsystem32winlogon.exe

C:WINDOWSsystem32services.exe

C:WINDOWSsystem32lsass.exe

C:WINDOWSsystem32svchost.exe

C:WINDOWSSystem32svchost.exe

C:ProgramDelade filerSymantec SharedccSetMgr.exe

C:ProgramDelade filerSymantec SharedccEvtMgr.exe

C:ProgramDelade filerSymantec SharedccProxy.exe

C:ProgramDelade filerSymantec SharedPIF{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}PIFSvc.exe

C:ProgramDelade filerSymantec SharedSNDSrvc.exe

C:ProgramDelade filerSymantec SharedSPBBCSPBBCSvc.exe

C:ProgramDelade filerSymantec SharedCCPD-LCsymlcsvc.exe

C:WINDOWSsystem32LEXBCES.EXE

C:WINDOWSsystem32LEXPPS.EXE

C:WINDOWSsystem32spoolsv.exe

C:ProgramSymantecLiveUpdateALUSchedulerSvc.exe

C:WINDOWSSystem32svchost.exe

C:ProgramDellOpenManageClientIap.exe

C:ProgramJavajre6binjqs.exe

C:ProgramMicrosoft SQL ServerMSSQL$SPCSBinnsqlservr.exe

C:ProgramNorton Internet SecurityNorton AntiVirusnavapsvc.exe

C:WINDOWSsystem32svchost.exe

C:WINDOWSExplorer.EXE

C:ProgramQuickTimeqttask.exe

C:WINDOWSsystem32LXSUPMON.EXE

C:WINDOWSsystem32igfxpers.exe

C:WINDOWSsystem32hkcmd.exe

C:ProgramCyberLinkPowerDVDDVDLauncher.exe

C:ProgramDelade filerSymantec SharedccApp.exe

C:ProgramJavajre6binjusched.exe

C:WINDOWSsystem32ctfmon.exe

C:ProgramWindows Media PlayerWMPNSCFG.exe

C:ProgramGoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe

C:ProgramWindows LiveMessengermsnmsgr.exe

C:GarmingStart.exe

C:ProgramDelade filerSymantec SharedSecurity ConsoleNSCSRVCE.EXE

C:ProgramSymantecLIVEUP~1LUCOMS~1.EXE

C:ProgramSymantecLiveUpdateAUpdate.exe

C:ProgramSymantecLiveUpdateLuCallbackProxy.exe

C:ProgramSymantecLiveUpdateLuCallbackProxy.exe

C:ProgramMessengermsmsgs.exe

C:ProgramSymantecLiveUpdateLuCallbackProxy.exe

C:ProgramSymantecLiveUpdateLuCallbackProxy.exe

C:ProgramSymantecLiveUpdateLuCallbackProxy.exe

C:ProgramSymantecLiveUpdateLuCallbackProxy.exe

C:ProgramSymantecLiveUpdateLuCallbackProxy.exe

C:ProgramSymantecLiveUpdateLuCallbackProxy.exe

C:ProgramTrend MicroHijackThisCatha.exe

R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = https://upplandsbro.skola24.se/

R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www1.euro.dell.com/content/default....;l=sv&s=gen

R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Länkar

R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:ProgramMacrogamingSweetIMBarForIEtoolbar.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:ProgramJavajre6binssv.dll

O2 - BHO: Windows Live inloggningshjälpen - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:ProgramDelade filerMicrosoft SharedWindows LiveWindowsLiveLogin.dll

O2 - BHO: Norton Internet Security 2006 - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:ProgramDelade filerSymantec SharedAdBlockingNISShExt.dll

O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:ProgramNorton Internet SecurityNorton AntiVirusNavShExt.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:programgooglegoogletoolbar1.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:ProgramGoogleGoogleToolbarNotifier3.1.807.1746swg.dll

O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:ProgramWindows Live Toolbarmsntb.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:ProgramJavajre6binjp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:ProgramJavajre6libdeployjqsiejqs_plugin.dll

O3 - Toolbar: Norton Internet Security 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:ProgramDelade filerSymantec SharedAdBlockingNISShExt.dll

O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:ProgramNorton Internet SecurityNorton AntiVirusNavShExt.dll

O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:ProgramMacrogamingSweetIMBarForIEtoolbar.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:programgooglegoogletoolbar1.dll

O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:ProgramWinamp Toolbarwinamptb.dll

O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:ProgramWindows Live Toolbarmsntb.dll

O4 - HKLM..Run: [symantec PIF AlertEng] "C:ProgramDelade filerSymantec SharedPIF{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}PIFSvc.exe" /a /m "C:ProgramDelade filerSymantec SharedPIF{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}AlertEng.dll"

O4 - HKLM..Run: [QuickTime Task] "C:ProgramQuickTimeqttask.exe" -atboottime

O4 - HKLM..Run: [LXSUPMON] C:WINDOWSsystem32LXSUPMON.EXE RUN

O4 - HKLM..Run: [igfxtray] C:WINDOWSsystem32igfxtray.exe

O4 - HKLM..Run: [igfxpers] C:WINDOWSsystem32igfxpers.exe

O4 - HKLM..Run: [igfxhkcmd] C:WINDOWSsystem32hkcmd.exe

O4 - HKLM..Run: [DVDLauncher] "C:ProgramCyberLinkPowerDVDDVDLauncher.exe"

O4 - HKLM..Run: [ccApp] "C:ProgramDelade filerSymantec SharedccApp.exe"

O4 - HKLM..Run: [Adobe Reader Speed Launcher] "C:ProgramAdobeReader 8.0ReaderReader_sl.exe"

O4 - HKLM..Run: [sunJavaUpdateSched] "C:ProgramJavajre6binjusched.exe"

O4 - HKCU..Run: [ctfmon.exe] C:WINDOWSsystem32ctfmon.exe

O4 - HKCU..Run: [WMPNSCFG] C:ProgramWindows Media PlayerWMPNSCFG.exe

O4 - HKCU..Run: [swg] C:ProgramGoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe

O4 - HKCU..Run: [MsnMsgr] "C:ProgramWindows LiveMessengermsnmsgr.exe" /background

O4 - HKCU..Run: [gStart] C:GarmingStart.exe

O4 - HKUSS-1-5-19..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User 'LOKAL TJÄNST')

O4 - HKUSS-1-5-20..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUSS-1-5-18..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User 'SYSTEM')

O4 - HKUS.DEFAULT..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User 'Default user')

O8 - Extra context menu item: &Winamp Toolbar Search - C:Documents and SettingsAll UsersApplication DataWinamp ToolbarieToolbarresourcesen-USlocalsearch.html

O8 - Extra context menu item: &Windows Live Search - res://C:ProgramWindows Live Toolbarmsntb.dll/search.htm

O8 - Extra context menu item: Add to AMV Converter... - C:ProgramMP3 Player Utilities 4.15AMVConvertergrab.html

O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:ProgramMICROS~2OFFICE11EXCEL.EXE/3000

O8 - Extra context menu item: MediaManager tool grab multimedia file - C:ProgramMP3 Player Utilities 4.15MediaManagergrab.html

O9 - Extra button: Blogga detta - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:ProgramWindows LiveWriterWriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Blogga detta i Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:ProgramWindows LiveWriterWriterBrowserExtension.dll

O9 - Extra button: Referensinformation - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:ProgramMICROS~2OFFICE11REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:ProgramMessengermsmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:ProgramMessengermsmsgs.exe

O16 - DPF: {45A0A292-ECC6-4D8F-9EA9-A4BD411D24C1} (king.com) - http://www.king.com/ctl/kingcomie.cab

O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game12.zylom.com/activex/zylomgamesplayer.cab

O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab

O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab

O20 - AppInit_DLLs: bjxykt.dll

O23 - Service: Automatisk LiveUpdate-schemaläggare - Symantec Corporation - C:ProgramSymantecLiveUpdateALUSchedulerSvc.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:ProgramDelade filerSymantec SharedccEvtMgr.exe

O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:ProgramNorton Internet SecurityccPwdSvc.exe

O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:ProgramDelade filerSymantec SharedccProxy.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:ProgramDelade filerSymantec SharedccSetMgr.exe

O23 - Service: COM Host (comHost) - Symantec Corporation - C:ProgramNorton Internet SecuritycomHost.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:ProgramGoogleCommonGoogle UpdaterGoogleUpdaterService.exe

O23 - Service: Iap - Dell Inc - C:ProgramDellOpenManageClientIap.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:ProgramJavajre6binjqs.exe

O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:WINDOWSsystem32LEXBCES.EXE

O23 - Service: LiveUpdate - Symantec Corporation - C:ProgramSymantecLIVEUP~1LUCOMS~1.EXE

O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:ProgramDelade filerSymantec SharedPIF{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}PIFSvc.exe

O23 - Service: Norton AntiVirus Auto Protect-tjänst (navapsvc) - Symantec Corporation - C:ProgramNorton Internet SecurityNorton AntiVirusnavapsvc.exe

O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:ProgramIntelNCSSyncNetSvc.exe

O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:ProgramDelade filerSymantec SharedSecurity ConsoleNSCSRVCE.EXE

O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:ProgramNorton Internet SecurityNorton AntiVirusSAVScan.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:ProgramDelade filerSymantec SharedSNDSrvc.exe

O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:ProgramDelade filerSymantec SharedSPBBCSPBBCSvc.exe

O23 - Service: Symantec Core LC - Unknown owner - C:ProgramDelade filerSymantec SharedCCPD-LCsymlcsvc.exe

O23 - Service: Symantec RemoteAssist - Symantec, Inc. - C:ProgramDelade filerSymantec SharedSupport Controlsssrc.exe

O24 - Desktop Component 0: (no name) - http://www.microsoft.com/windows/plus/imag...ish_150x106.jpg

--

End of file - 11308 bytes

SDFix: Version 1.240

Run by Administratr on 2008-11-11 at 17:18

Microsoft Windows XP [Version 5.1.2600]

Running From: C:SDFix

Checking Services :

Restoring Default Security Values

Restoring Default Hosts File

Rebooting

Checking Files :

Trojan Files Found:

C:WINDOWSsystem32weenaeelycpjeprre.exe - Deleted

Removing Temp Files

ADS Check :

                                Final Check :

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-11-11 17:28:24

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully

hidden processes: 0

hidden services: 0

hidden files: 0

Remaining Services :

Authorized Application Key Export:

[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicystandardprofileauthorizedapplicationslist]

"%windir%system32sessmgr.exe"="%windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"C:ProgramMicrosoft GamesZoo Tycoon 2 Trial Versionzt2demoretail.exe"="C:ProgramMicrosoft GamesZoo Tycoon 2 Trial Versionzt2demoretail.exe:*:Enabled:Zoo Tycoon 2 Demo Executable"

"C:ProgramMicrosoft GamesZoo Tycoon 2 Endangered Species Trial Versionzt.exe"="C:ProgramMicrosoft GamesZoo Tycoon 2 Endangered Species Trial Versionzt.exe:*:Enabled:Zoo Tycoon 2 Endangered Species Trial Version Executable"

"C:ProgramMessengermsmsgs.exe"="C:ProgramMessengermsmsgs.exe:*:Enabled:Windows Messenger"

"C:ProgramuTorrentuTorrent.exe"="C:ProgramuTorrentuTorrent.exe:*:Enabled:æTorrent"

"C:ProgramLimeWireLimeWire.exe"="C:ProgramLimeWireLimeWire.exe:*:Enabled:LimeWire"

"%windir%Network Diagnosticxpnetdiag.exe"="%windir%Network Diagnosticxpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"C:ProgramWindows LiveMessengermsnmsgr.exe"="C:ProgramWindows LiveMessengermsnmsgr.exe:*:Enabled:Windows Live Messenger"

"C:ProgramWindows LiveMessengerlivecall.exe"="C:ProgramWindows LiveMessengerlivecall.exe:*:Enabled:Windows Live Messenger (Phone)"

[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicydomainprofileauthorizedapplicationslist]

"%windir%system32sessmgr.exe"="%windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"%windir%Network Diagnosticxpnetdiag.exe"="%windir%Network Diagnosticxpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"C:ProgramWindows LiveMessengermsnmsgr.exe"="C:ProgramWindows LiveMessengermsnmsgr.exe:*:Enabled:Windows Live Messenger"

"C:ProgramWindows LiveMessengerlivecall.exe"="C:ProgramWindows LiveMessengerlivecall.exe:*:Enabled:Windows Live Messenger (Phone)"

Remaining Files :

File Backups: - C:SDFixbackupsbackups.zip

Files with Hidden Attributes :

Tue 28 Oct 2008        33,792 ..SHR --- "C:XXresycledboot.com"

Tue 28 Oct 2008        33,792 ..SHR --- "C:XXXresycledboot.com"

Sun 28 Oct 2007        4,348 ..SH. --- "C:Documents and SettingsAll UsersDRMDRMv1.bak"

Tue  8 May 2007            0 A.SH. --- "C:Documents and SettingsAll UsersDRMCacheIndiv01.tmp"

Fri 15 Dec 2006      395,960 A..H. --- "C:Documents and SettingsamandaApplication DataZylom GamesUninstallPlugin.exe"

Wed 24 Mar 2004      286,720 A..H. --- "C:Documents and SettingsamandaApplication DataInstallShield Installation Information{0E38CA14-8D20-45CF-8850-8F6213465D00}CTCABEX.DLL"

Wed 24 Mar 2004      286,720 A..H. --- "C:Documents and SettingsamandaApplication DataInstallShield Installation Information{88B1984E-36F0-47B8-B8DC-728966807A9C}CTCABEX.DLL"

Wed 24 Mar 2004      286,720 A..H. --- "C:Documents and SettingsamandaApplication DataInstallShield Installation Information{AC85CD9E-BC46-4874-90E6-ADB558DE7D9E}CTCABEX.DLL"

Sun  8 Apr 2007        16,720 A..H. --- "C:Documents and SettingsamandaApplication DataMicrosoftIdentityCRLppcrlconfig.dll"

Thu 16 Sep 2004        10,371 A..H. --- "C:Documents and SettingsamandaApplication DataMicrosoftInternet Explorerbrndlog.bak"

Sun  8 Apr 2007        9,084 A..H. --- "C:Documents and SettingsamandaApplication DataMicrosoftOfficefbc20.tmp"

Thu 14 Dec 2006        72,849 A..H. --- "C:Documents and SettingsamandaApplication DataSunJavaDeploymentcachejavapiv1.0jarflash.jar-21633a94-7b981737.zip"

Fri 15 Dec 2006        72,849 A..H. --- "C:Documents and SettingsamandaApplication DataSunJavaDeploymentcachejavapiv1.0jarflash.jar-3647ed55-24130ae8.zip"

Fri 15 Dec 2006        72,849 A..H. --- "C:Documents and SettingsamandaApplication DataSunJavaDeploymentcachejavapiv1.0jarflash.jar-2bb8af6d-48732dcd.zip"

Fri 15 Dec 2006      332,415 A..H. --- "C:Documents and SettingsamandaApplication DataSunJavaDeploymentcachejavapiv1.0jartextexpress.2.0.2.jar-6dc418d1-50f3ea45.zip"

Sat 13 Jan 2007      332,415 A..H. --- "C:Documents and SettingsamandaApplication DataSunJavaDeploymentcachejavapiv1.0jartextexpress.2.0.2.jar-2f16008e-18d26241.zip"

Sat 29 Apr 2006        55,060 A..H. --- "C:Documents and SettingsamandaApplication DataSunJavaDeploymentcachejavapiv1.0jartrapped.jar-27990b01-12b9740c.zip"

Finished!

Link to comment
Share on other sites

Hej igen StefanT!

Vill höra med dig om du eventuellt har Externa hårddiskar, USB-minnen och/eller liknande?

SDFix hittade och åtgärdade en elaking. Mycket bra.

OBS: Då du har gjort nedanstående procedur så kan du få upp felmeddelande ang saknad DDL-fil. Detta är inget att bry sig om. Det är Vundoinfektionen som försöker att få stanna kvar. Detta kommer att upphöra då vi är klara med allt.

Skriv ut nedanstående eller kopiera det till ett textdokument och spara det till skrivbordet:

Läs/Följ Instruktionerna mycket noga

Öppna TM HJT => klicka på Do a system scan only-knappen => Bocka för nedanstående detaljer => Stäng ner Webbläsaren => klicka på Fix Checked-knappen:

R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:ProgramMacrogamingSweetIMBarForIEtoolbar.dll

O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:ProgramMacrogamingSweetIMBarForIEtoolbar.dll

O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game12.zylom.com/activex/zylomgamesplayer.cab

O20 - AppInit_DLLs: bjxykt.dll

O24 - Desktop Component 0: (no name) - http://www.microsoft.com/windows/plus/imag...ish_150x106.jpg

Då du gjort ovanstående:

Starta om datorn till felsäkert läge (tryck F8-Tangenten upprepade gånger under uppstarten och välj felsäkert läge):

För att hitta det du nu skall leta upp gör nedanstående:

Ställ in Utforskaren så du kan se alla filer:

1: Högerklicka på Start-knappen

2: Välj Utforska

3: I verktygsfältet klicka på => Verktyg => Mappalternativ

4: Välj fliken => Visning sätt en bock i => Visa dolda filer och mappar

5: Avbocka Dölj filnamnstillägg för kända filtyper

6: Avbocka Dölj skyddade operativsystemfiler

Sök/Leta reda på:

Navigera dig fram enligt nedanstående sökväg och deleta mappen samt filen

C:ProgramMacrogaming<=Deleta hela mappen Macrogaming

Den här nedanstående filen ser jag tyvärr inte var den ligger.

Troligen så finns den i => C:WindowsSystem32

Men gör en sökning över hela datorn och om den hittas så deleta filen

bjxykt.dll<=Deleta filen om den hittas

Vidare:

Fortfarande felsäkert läge:

Gå till Start => Kör => Skriv sen i Kör fältet cleanmgr => Klicka  Ok-knappen

Bocka i de här nedanstående och putsa bort dom

Temporary Files

Temporary Internet Files

Recycle Bin

Nu:

Starta om datorn till normalläge igen:

Om du har problem med din bakgrundsbild:

Du borde nu kunna ställa in det som du vill ha det i Bildskärmsegenskaperna.

1: Ta fram Kontrollpanelen

2: Bildskärm

3: Skrivbord

4: Anpassa skrivbordet

5: Webb

6: Avbocka Security Info / privacy protection eller liknande om det finns.

Gör en ny scanning med ett uppdaterat Malwarebytes' Anti-Malware.

1: Kopiera in loggan du får fram från Malwarebytes'

2: Gör en ny TM HJT-logga kopiera in den hit så får vi se hur det ser ut.

3: Berätta/Tala om hur datorn mår och om där kvarstår problem.

MVH/Malou

Link to comment
Share on other sites

Hej.

Så här ser dagens resultat ut . Har en extern hårddisk som jag använder på den här datorn ytterst sällan. Ska köra en check på den oxå i alla fall.

//Stefan

Malwarebytes' Anti-Malware 1.30

Databasversion: 1387

Windows 5.1.2600 Service Pack 3

2008-11-12 12:47:50

mbam-log-2008-11-12 (12-47-50).txt

Skanningstyp: Fullständig skanning (C:|)

Antal skannade objekt: 183769

Förfluten tid: 1 hour(s), 43 minute(s), 42 second(s)

Infekterade minnesprocesser: 0

Infekterade minnesmoduler: 0

Infekterade registernycklar: 0

Infekterade registervärden: 0

Infekterade registerdataposter: 6

Infekterade mappar: 0

Infekterade filer: 0

Infekterade minnesprocesser:

(Inga illasinnade poster hittades)

Infekterade minnesmoduler:

(Inga illasinnade poster hittades)

Infekterade registernycklar:

(Inga illasinnade poster hittades)

Infekterade registervärden:

(Inga illasinnade poster hittades)

Infekterade registerdataposter:

HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesTcpipParametersDhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.83 192.168.0.1 -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesTcpipParametersInterfaces{7ef5bb9b-24d6-4aa6-a938-6d497ebdca75}DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.83 192.168.0.1 -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINESYSTEMControlSet001ServicesTcpipParametersDhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.83 192.168.0.1 -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINESYSTEMControlSet001ServicesTcpipParametersInterfaces{7ef5bb9b-24d6-4aa6-a938-6d497ebdca75}DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.83 192.168.0.1 -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINESYSTEMControlSet002ServicesTcpipParametersDhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.83 192.168.0.1 -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINESYSTEMControlSet002ServicesTcpipParametersInterfaces{7ef5bb9b-24d6-4aa6-a938-6d497ebdca75}DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.83 192.168.0.1 -> Quarantined and deleted successfully.

Infekterade mappar:

(Inga illasinnade poster hittades)

Infekterade filer:

(Inga illasinnade poster hittades)

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 12:52:23, on 2008-11-12

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16735)

Boot mode: Normal

Running processes:

C:WINDOWSSystem32smss.exe

C:WINDOWSsystem32winlogon.exe

C:WINDOWSsystem32services.exe

C:WINDOWSsystem32lsass.exe

C:WINDOWSsystem32svchost.exe

C:WINDOWSSystem32svchost.exe

C:ProgramDelade filerSymantec SharedccSetMgr.exe

C:ProgramDelade filerSymantec SharedccEvtMgr.exe

C:ProgramDelade filerSymantec SharedccProxy.exe

C:ProgramDelade filerSymantec SharedPIF{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}PIFSvc.exe

C:ProgramDelade filerSymantec SharedSNDSrvc.exe

C:ProgramDelade filerSymantec SharedSPBBCSPBBCSvc.exe

C:ProgramDelade filerSymantec SharedCCPD-LCsymlcsvc.exe

C:WINDOWSExplorer.EXE

C:WINDOWSsystem32LEXBCES.EXE

C:WINDOWSsystem32LEXPPS.EXE

C:WINDOWSsystem32spoolsv.exe

C:ProgramQuickTimeqttask.exe

C:WINDOWSsystem32LXSUPMON.EXE

C:WINDOWSsystem32igfxpers.exe

C:WINDOWSsystem32hkcmd.exe

C:ProgramCyberLinkPowerDVDDVDLauncher.exe

C:ProgramDelade filerSymantec SharedccApp.exe

C:ProgramJavajre6binjusched.exe

C:WINDOWSsystem32ctfmon.exe

C:ProgramGoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe

C:ProgramWindows LiveMessengermsnmsgr.exe

C:ProgramSymantecLiveUpdateALUSchedulerSvc.exe

C:GarmingStart.exe

C:ProgramWindows Media PlayerWMPNSCFG.exe

C:WINDOWSSystem32svchost.exe

C:ProgramDellOpenManageClientIap.exe

C:ProgramJavajre6binjqs.exe

C:ProgramMicrosoft SQL ServerMSSQL$SPCSBinnsqlservr.exe

C:ProgramNorton Internet SecurityNorton AntiVirusnavapsvc.exe

C:WINDOWSsystem32svchost.exe

C:ProgramTrend MicroHijackThisCatha.exe

C:ProgramMessengermsmsgs.exe

C:WINDOWSsystem32wuauclt.exe

C:ProgramDelade filerSymantec SharedSecurity ConsoleNSCSRVCE.EXE

R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = https://upplandsbro.skola24.se/

R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www1.euro.dell.com/content/default....;l=sv&s=gen

R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Länkar

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:ProgramJavajre6binssv.dll

O2 - BHO: Windows Live inloggningshjälpen - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:ProgramDelade filerMicrosoft SharedWindows LiveWindowsLiveLogin.dll

O2 - BHO: Norton Internet Security 2006 - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:ProgramDelade filerSymantec SharedAdBlockingNISShExt.dll

O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:ProgramNorton Internet SecurityNorton AntiVirusNavShExt.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:programgooglegoogletoolbar1.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:ProgramGoogleGoogleToolbarNotifier3.1.807.1746swg.dll

O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:ProgramWindows Live Toolbarmsntb.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:ProgramJavajre6binjp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:ProgramJavajre6libdeployjqsiejqs_plugin.dll

O3 - Toolbar: Norton Internet Security 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:ProgramDelade filerSymantec SharedAdBlockingNISShExt.dll

O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:ProgramNorton Internet SecurityNorton AntiVirusNavShExt.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:programgooglegoogletoolbar1.dll

O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:ProgramWinamp Toolbarwinamptb.dll

O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:ProgramWindows Live Toolbarmsntb.dll

O4 - HKLM..Run: [symantec PIF AlertEng] "C:ProgramDelade filerSymantec SharedPIF{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}PIFSvc.exe" /a /m "C:ProgramDelade filerSymantec SharedPIF{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}AlertEng.dll"

O4 - HKLM..Run: [QuickTime Task] "C:ProgramQuickTimeqttask.exe" -atboottime

O4 - HKLM..Run: [LXSUPMON] C:WINDOWSsystem32LXSUPMON.EXE RUN

O4 - HKLM..Run: [igfxtray] C:WINDOWSsystem32igfxtray.exe

O4 - HKLM..Run: [igfxpers] C:WINDOWSsystem32igfxpers.exe

O4 - HKLM..Run: [igfxhkcmd] C:WINDOWSsystem32hkcmd.exe

O4 - HKLM..Run: [DVDLauncher] "C:ProgramCyberLinkPowerDVDDVDLauncher.exe"

O4 - HKLM..Run: [ccApp] "C:ProgramDelade filerSymantec SharedccApp.exe"

O4 - HKLM..Run: [Adobe Reader Speed Launcher] "C:ProgramAdobeReader 8.0ReaderReader_sl.exe"

O4 - HKLM..Run: [sunJavaUpdateSched] "C:ProgramJavajre6binjusched.exe"

O4 - HKCU..Run: [ctfmon.exe] C:WINDOWSsystem32ctfmon.exe

O4 - HKCU..Run: [swg] C:ProgramGoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe

O4 - HKCU..Run: [MsnMsgr] "C:ProgramWindows LiveMessengermsnmsgr.exe" /background

O4 - HKCU..Run: [gStart] C:GarmingStart.exe

O4 - HKCU..Run: [WMPNSCFG] C:ProgramWindows Media PlayerWMPNSCFG.exe

O4 - HKUSS-1-5-19..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User 'LOKAL TJÄNST')

O4 - HKUSS-1-5-20..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUSS-1-5-18..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User 'SYSTEM')

O4 - HKUS.DEFAULT..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User 'Default user')

O8 - Extra context menu item: &Winamp Toolbar Search - C:Documents and SettingsAll UsersApplication DataWinamp ToolbarieToolbarresourcesen-USlocalsearch.html

O8 - Extra context menu item: &Windows Live Search - res://C:ProgramWindows Live Toolbarmsntb.dll/search.htm

O8 - Extra context menu item: Add to AMV Converter... - C:ProgramMP3 Player Utilities 4.15AMVConvertergrab.html

O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:ProgramMICROS~2OFFICE11EXCEL.EXE/3000

O8 - Extra context menu item: MediaManager tool grab multimedia file - C:ProgramMP3 Player Utilities 4.15MediaManagergrab.html

O9 - Extra button: Blogga detta - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:ProgramWindows LiveWriterWriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Blogga detta i Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:ProgramWindows LiveWriterWriterBrowserExtension.dll

O9 - Extra button: Referensinformation - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:ProgramMICROS~2OFFICE11REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:ProgramMessengermsmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:ProgramMessengermsmsgs.exe

O16 - DPF: {45A0A292-ECC6-4D8F-9EA9-A4BD411D24C1} (king.com) - http://www.king.com/ctl/kingcomie.cab

O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab

O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab

O23 - Service: Automatisk LiveUpdate-schemaläggare - Symantec Corporation - C:ProgramSymantecLiveUpdateALUSchedulerSvc.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:ProgramDelade filerSymantec SharedccEvtMgr.exe

O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:ProgramNorton Internet SecurityccPwdSvc.exe

O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:ProgramDelade filerSymantec SharedccProxy.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:ProgramDelade filerSymantec SharedccSetMgr.exe

O23 - Service: COM Host (comHost) - Symantec Corporation - C:ProgramNorton Internet SecuritycomHost.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:ProgramGoogleCommonGoogle UpdaterGoogleUpdaterService.exe

O23 - Service: Iap - Dell Inc - C:ProgramDellOpenManageClientIap.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:ProgramJavajre6binjqs.exe

O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:WINDOWSsystem32LEXBCES.EXE

O23 - Service: LiveUpdate - Symantec Corporation - C:ProgramSymantecLIVEUP~1LUCOMS~1.EXE

O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:ProgramDelade filerSymantec SharedPIF{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}PIFSvc.exe

O23 - Service: Norton AntiVirus Auto Protect-tjänst (navapsvc) - Symantec Corporation - C:ProgramNorton Internet SecurityNorton AntiVirusnavapsvc.exe

O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:ProgramIntelNCSSyncNetSvc.exe

O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:ProgramDelade filerSymantec SharedSecurity ConsoleNSCSRVCE.EXE

O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:ProgramNorton Internet SecurityNorton AntiVirusSAVScan.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:ProgramDelade filerSymantec SharedSNDSrvc.exe

O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:ProgramDelade filerSymantec SharedSPBBCSPBBCSvc.exe

O23 - Service: Symantec Core LC - Unknown owner - C:ProgramDelade filerSymantec SharedCCPD-LCsymlcsvc.exe

O23 - Service: Symantec RemoteAssist - Symantec, Inc. - C:ProgramDelade filerSymantec SharedSupport Controlsssrc.exe

--

End of file - 10278 bytes

Link to comment
Share on other sites

Hej StefanT!

Har en extern hårddisk som jag använder på den här datorn ytterst sällan. Ska köra en check på den oxå i alla fall.

Ok anledningen till att jag frågade om detta är att jag hittade detaljer som tyder på att du har något som har med externa hårddiskar, USB-minnen och liknande att göra

C:XXresycledboot.com

C:XXXresycledboot.com

Om där finns en infektion på den typen av enheter så finns det finns ett program som man kan ta till för att ta bort infektionen om där finns någon. Om där finns så kan förhoppningsvis nedanstående vara dig till hjälp.

Ladda ner Flash Disinfector by sUBs till Skrivbordet:

http://www.techsupportforum.com/sectools/s...h_Disinfector.e

xe

Dubbelklicka på den nedladdade filen för att starta programmet.

Följ de anvisningar som kommer upp.

När det står att du ska sätta in flash-diskar så stoppar du in de USB-minnen etc som kan tänkas vara infekterade.

När allt är klart så avsluta programmet och starta om datorn.

**********************************************************************************

Över till din dator  ;)

Malwarebytes' Anti-Malware har hittat och åtgärdat otyg. Din TM HJT-logga ser numera ren och fin ut igen. Mycket bra och du har dessutom gjort ett mycket bra jobb  ;)

Hur mår datorn nu?

Kvarstår där några problem?

MVH/Malou

Link to comment
Share on other sites

Hej igen

Har kört Malware och den hittar 6 infekterade registerdataposter hela tiden. Ngt att bry sej om ? Annars fungerar datorn väldigt bra nu, det är som att trimma bilen, den blir bara bättre och bättre... ;)

Tack för hjälpen//Stefan

Malwarebytes' Anti-Malware 1.30

Databasversion: 1387

Windows 5.1.2600 Service Pack 3

2008-11-12 18:52:34

mbam-log-2008-11-12 (18-52-34).txt

Skanningstyp: Fullständig skanning (C:|)

Antal skannade objekt: 179789

Förfluten tid: 2 hour(s), 12 minute(s), 34 second(s)

Infekterade minnesprocesser: 0

Infekterade minnesmoduler: 0

Infekterade registernycklar: 0

Infekterade registervärden: 0

Infekterade registerdataposter: 6

Infekterade mappar: 0

Infekterade filer: 0

Infekterade minnesprocesser:

(Inga illasinnade poster hittades)

Infekterade minnesmoduler:

(Inga illasinnade poster hittades)

Infekterade registernycklar:

(Inga illasinnade poster hittades)

Infekterade registervärden:

(Inga illasinnade poster hittades)

Infekterade registerdataposter:

HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesTcpipParametersDhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.83 192.168.0.1 -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesTcpipParametersInterfaces{7ef5bb9b-24d6-4aa6-a938-6d497ebdca75}DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.83 192.168.0.1 -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINESYSTEMControlSet001ServicesTcpipParametersDhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.83 192.168.0.1 -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINESYSTEMControlSet001ServicesTcpipParametersInterfaces{7ef5bb9b-24d6-4aa6-a938-6d497ebdca75}DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.83 192.168.0.1 -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINESYSTEMControlSet002ServicesTcpipParametersDhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.83 192.168.0.1 -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINESYSTEMControlSet002ServicesTcpipParametersInterfaces{7ef5bb9b-24d6-4aa6-a938-6d497ebdca75}DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.83 192.168.0.1 -> Quarantined and deleted successfully.

Infekterade mappar:

(Inga illasinnade poster hittades)

Infekterade filer:

(Inga illasinnade poster hittades)

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
 Share

×
×
  • Create New...