StefanT Posted November 9, 2008 Posted November 9, 2008 ********************************************* 2009-01-08: Tråden är nu låst. Tycker du att den är felaktigt låst, var god kontakta Malou ********************************************* Hej. Vet inte vad jag har för **** i datorn eller hur jag får bort det. Norton Internet Security 2006 kraschar efter halva scanningen. Hoppas ngn kan hjälpa mej. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 14:41:22, on 2008-11-09 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16735) Boot mode: Normal Running processes: C:WINDOWSsystem32csrss.exe C:WINDOWSsystem32winlogon.exe C:WINDOWSsystem32services.exe C:WINDOWSsystem32lsass.exe C:WINDOWSsystem32svchost.exe C:WINDOWSsystem32svchost.exe C:WINDOWSsystem32svchost.exe C:WINDOWSSystem32svchost.exe C:WINDOWSsystem32svchost.exe C:ProgramDelade filerSymantec SharedccSetMgr.exe C:ProgramDelade filerSymantec SharedccEvtMgr.exe C:ProgramDelade filerSymantec SharedccProxy.exe C:ProgramDelade filerSymantec SharedPIF{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}PIFSvc.exe C:ProgramDelade filerSymantec SharedSNDSrvc.exe C:ProgramDelade filerSymantec SharedSPBBCSPBBCSvc.exe C:ProgramDelade filerSymantec SharedCCPD-LCsymlcsvc.exe C:WINDOWSsystem32LEXBCES.EXE C:WINDOWSsystem32LEXPPS.EXE C:WINDOWSsystem32spoolsv.exe C:ProgramSymantecLiveUpdateALUSchedulerSvc.exe C:WINDOWSSystem32svchost.exe C:ProgramDellOpenManageClientIap.exe C:ProgramMicrosoft SQL ServerMSSQL$SPCSBinnsqlservr.exe C:ProgramNorton Internet SecurityNorton AntiVirusnavapsvc.exe C:ProgramFightersconfigservice.exe C:WINDOWSsystem32svchost.exe C:ProgramFighterslicenseservice.exe C:ProgramFightersupdateservice.exe C:ProgramFightersScannerService.exe C:WINDOWSsystem32wbemwmiprvse.exe C:ProgramWindows Media PlayerWMPNetwk.exe C:WINDOWSsystem32wbemwmiprvse.exe C:WINDOWSSystem32alg.exe C:WINDOWSExplorer.EXE C:WINDOWSSystem32regsvr32.exe C:ProgramMacrogamingSweetIMSweetIM.exe C:ProgramJavajre1.6.0_05binjusched.exe C:ProgramFightersspywarefighterSpywarefighterUser.exe C:ProgramQuickTimeqttask.exe C:ProgramInternet ExplorerIEXPLORE.EXE C:ProgramWindows LiveMessengermsnmsgr.exe C:WINDOWSsystem32LXSUPMON.EXE C:WINDOWSservice.exe C:WINDOWSsystem32igfxpers.exe C:WINDOWSsystem32hkcmd.exe C:ProgramCyberLinkPowerDVDDVDLauncher.exe C:ProgramDelade filerSymantec SharedccApp.exe C:WINDOWSsystem32ctfmon.exe C:ProgramWindows Media PlayerWMPNSCFG.exe C:ProgramGoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe C:GarmingStart.exe c:programfightersspywarefighterSPYWAREfighterTray.exe C:ProgramDelade filerMicrosoft SharedWindows LiveWLLoginProxy.exe C:ProgramDelade filerSymantec SharedSecurity ConsoleNSCSRVCE.EXE C:ProgramInternet Exploreriexplore.exe C:ProgramInternet Exploreriexplore.exe C:WINDOWSsystem32NOTEPAD.EXE C:ProgramTrend MicroHijackThisCatha.exe C:ProgramMessengermsmsgs.exe R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Search Bar = http://dellsearchedit.myway.com/samisc/del...ebar.jhtml?p=EB R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = https://upplandsbro.skola24.se/ R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www1.euro.dell.com/content/default....;l=sv&s=gen R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Länkar R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - C:ProgramMyWaySASrchAsDedeSrcAs.dll (file missing) R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:ProgramMacrogamingSweetIMBarForIEtoolbar.dll O2 - BHO: (no name) - {0005B3DD-A43D-432D-915B-1933D975E360} - C:WINDOWSsystem32jhrxxbid.dll O2 - BHO: (no name) - {000B187F-D25F-4BEF-8E7F-220666FB7830} - C:WINDOWSsystem32qalrjiqr.dll O2 - BHO: (no name) - {000B67BA-A43D-432D-915B-1933D975E360} - C:WINDOWSsystem32jhrxxbid.dll O2 - BHO: (no name) - {001630FE-D25F-4BEF-8E7F-220666FB7830} - C:WINDOWSsystem32qalrjiqr.dll O2 - BHO: (no name) - {0016CF75-A43D-432D-915B-1933D975E360} - C:WINDOWSsystem32jhrxxbid.dll O2 - BHO: (no name) - {002C61FD-D25F-4BEF-8E7F-220666FB7830} - C:WINDOWSsystem32qalrjiqr.dll O2 - BHO: (no name) - {002D9EEA-A43D-432D-915B-1933D975E360} - C:WINDOWSsystem32jhrxxbid.dll O2 - BHO: (no name) - {0058C3FB-D25F-4BEF-8E7F-220666FB7830} - C:WINDOWSsystem32qalrjiqr.dll O2 - BHO: (no name) - {005B3DD4-A43D-432D-915B-1933D975E360} - C:WINDOWSsystem32jhrxxbid.dll O2 - BHO: (no name) - {00b187f6-d25f-4bef-8e7f-220666fb7830} - C:WINDOWSsystem32qalrjiqr.dll O2 - BHO: (no name) - {00b67ba9-a43d-432d-915b-1933d975e360} - C:WINDOWSsystem32jhrxxbid.dll O2 - BHO: (no name) - {01630fed-d25f-4bef-8e7f-220666fb7830} - C:WINDOWSsystem32qalrjiqr.dll O2 - BHO: (no name) - {016cf752-a43d-432d-915b-1933d975e360} - C:WINDOWSsystem32jhrxxbid.dll O2 - BHO: (no name) - {02c61fdb-d25f-4bef-8e7f-220666fb7830} - C:WINDOWSsystem32qalrjiqr.dll O2 - BHO: (no name) - {02d9eea5-a43d-432d-915b-1933d975e360} - C:WINDOWSsystem32jhrxxbid.dll O2 - BHO: (no name) - {058c3fb7-d25f-4bef-8e7f-220666fb7830} - C:WINDOWSsystem32qalrjiqr.dll O2 - BHO: (no name) - {05b3dd4b-a43d-432d-915b-1933d975e360} - C:WINDOWSsystem32jhrxxbid.dll O2 - BHO: (no name) - {0b187f6f-d25f-4bef-8e7f-220666fb7830} - C:WINDOWSsystem32qalrjiqr.dll O2 - BHO: (no name) - {0b67ba96-a43d-432d-915b-1933d975e360} - C:WINDOWSsystem32jhrxxbid.dll O2 - BHO: mxlivemedia browser enhancer - {15f1de2b-e547-f1d4-f82d-d5bfd4ee2e0e} - C:WINDOWSsystem32tuyrgsacxlt.dll O2 - BHO: (no name) - {1630fede-d25f-4bef-8e7f-220666fb7830} - C:WINDOWSsystem32qalrjiqr.dll O2 - BHO: (no name) - {4D25F921-B9FE-4682-BF72-8AB8210D6D75} - C:ProgramMyWaySASrchAsDedeSrcAs.dll (file missing) O2 - BHO: (no name) - {75ABCF92-9764-4DFA-A83F-5142C3905052} - C:WINDOWSsystem32ssqPjIxy.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:ProgramJavajre1.6.0_05binssv.dll O2 - BHO: (no name) - {79117664-7a50-429c-b3af-6cdf9e1886ce} - C:WINDOWSsystem32qoMeEULB.dll (file missing) O2 - BHO: Windows Live inloggningshjälpen - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:ProgramDelade filerMicrosoft SharedWindows LiveWindowsLiveLogin.dll O2 - BHO: {329c2ac8-6dfe-7d19-9c64-9ad4821d18c9} - {9c81d128-4da9-46c9-91d7-efd68ca2c923} - C:WINDOWSsystem32bjxykt.dll O2 - BHO: Norton Internet Security 2006 - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:ProgramDelade filerSymantec SharedAdBlockingNISShExt.dll O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:ProgramNorton Internet SecurityNorton AntiVirusNavShExt.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:programgooglegoogletoolbar1.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:ProgramGoogleGoogleToolbarNotifier3.1.807.1746swg.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:ProgramWindows Live Toolbarmsntb.dll O2 - BHO: (no name) - {DEB85B3B-8AFC-4567-BC39-46DA44C17C61} - C:WINDOWSsystem32bYomLefg.dll O3 - Toolbar: Norton Internet Security 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:ProgramDelade filerSymantec SharedAdBlockingNISShExt.dll O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:ProgramNorton Internet SecurityNorton AntiVirusNavShExt.dll O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:ProgramMacrogamingSweetIMBarForIEtoolbar.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:programgooglegoogletoolbar1.dll O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:ProgramWinamp Toolbarwinamptb.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:ProgramWindows Live Toolbarmsntb.dll O4 - HKLM..Run: [symantec PIF AlertEng] "C:ProgramDelade filerSymantec SharedPIF{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}PIFSvc.exe" /a /m "C:ProgramDelade filerSymantec SharedPIF{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}AlertEng.dll" O4 - HKLM..Run: [C:WINDOWSsystem32kdihl.exe] C:WINDOWSsystem32kdihl.exe O4 - HKLM..Run: [lsmnvboumq] C:WINDOWSSystem32regsvr32.exe /s "C:WINDOWSsystem32tuyrgsacxlt.dll" O4 - HKLM..Run: [Windows Updater] updater.com O4 - HKLM..Run: [WinampAgent] C:ProgramWinampwianmpa.exe O4 - HKLM..Run: [sweetIM] C:ProgramMacrogamingSweetIMSweetIM.exe O4 - HKLM..Run: [sunJavaUpdateSched] "C:ProgramJavajre1.6.0_05binjusched.exe" O4 - HKLM..Run: [spywarefighterguard] C:ProgramFightersspywarefighterSpywarefighterUser.exe O4 - HKLM..Run: [QuickTime Task] "C:ProgramQuickTimeqttask.exe" -atboottime O4 - HKLM..Run: [Messenger Service] service.exe O4 - HKLM..Run: [LXSUPMON] C:WINDOWSsystem32LXSUPMON.EXE RUN O4 - HKLM..Run: [lphc7d9j0egfn] C:WINDOWSsystem32lphc7d9j0egfn.exe O4 - HKLM..Run: [KernelFaultCheck] %systemroot%system32dumprep 0 -k O4 - HKLM..Run: [igfxtray] C:WINDOWSsystem32igfxtray.exe O4 - HKLM..Run: [igfxpers] C:WINDOWSsystem32igfxpers.exe O4 - HKLM..Run: [igfxhkcmd] C:WINDOWSsystem32hkcmd.exe O4 - HKLM..Run: [DVDLauncher] "C:ProgramCyberLinkPowerDVDDVDLauncher.exe" O4 - HKLM..Run: [ccApp] "C:ProgramDelade filerSymantec SharedccApp.exe" O4 - HKLM..Run: [Adobe Reader Speed Launcher] "C:ProgramAdobeReader 8.0ReaderReader_sl.exe" O4 - HKCU..Run: [ctfmon.exe] C:WINDOWSsystem32ctfmon.exe O4 - HKCU..Run: [WMPNSCFG] C:ProgramWindows Media PlayerWMPNSCFG.exe O4 - HKCU..Run: [swg] C:ProgramGoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe O4 - HKCU..Run: [MsnMsgr] "C:ProgramWindows LiveMessengermsnmsgr.exe" /background O4 - HKCU..Run: [gStart] C:GarmingStart.exe O4 - HKCU..Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:ProgramDelade filerAheadLibNMBgMonitor.exe" O4 - HKUSS-1-5-19..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User 'LOKAL TJÄNST') O4 - HKUSS-1-5-20..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUSS-1-5-18..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User 'SYSTEM') O4 - HKUS.DEFAULT..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User 'Default user') O7 - HKLMSoftwareMicrosoftWindowsCurrentVersionPoliciesSystem, DisableRegedit=1 O8 - Extra context menu item: &Winamp Toolbar Search - C:Documents and SettingsAll UsersApplication DataWinamp ToolbarieToolbarresourcesen-USlocalsearch.html O8 - Extra context menu item: &Windows Live Search - res://C:ProgramWindows Live Toolbarmsntb.dll/search.htm O8 - Extra context menu item: Add to AMV Converter... - C:ProgramMP3 Player Utilities 4.15AMVConvertergrab.html O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:ProgramMICROS~2OFFICE11EXCEL.EXE/3000 O8 - Extra context menu item: MediaManager tool grab multimedia file - C:ProgramMP3 Player Utilities 4.15MediaManagergrab.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:ProgramJavajre1.6.0_05binssv.dll O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:ProgramJavajre1.6.0_05binssv.dll O9 - Extra button: Blogga detta - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:ProgramWindows LiveWriterWriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Blogga detta i Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:ProgramWindows LiveWriterWriterBrowserExtension.dll O9 - Extra button: Referensinformation - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:ProgramMICROS~2OFFICE11REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:WINDOWSNetwork Diagnosticxpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:WINDOWSNetwork Diagnosticxpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:ProgramMessengermsmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:ProgramMessengermsmsgs.exe O16 - DPF: {45A0A292-ECC6-4D8F-9EA9-A4BD411D24C1} (king.com) - http://www.king.com/ctl/kingcomie.cab O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game12.zylom.com/activex/zylomgamesplayer.cab O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab O17 - HKLMSystemCCSServicesTcpip..{7EF5BB9B-24D6-4AA6-A938-6D497EBDCA75}: NameServer = 85.255.112.74;85.255.112.191 O17 - HKLMSystemCCSServicesTcpip..{F5198715-F56E-4D20-A279-1A0FA879F9D2}: NameServer = 85.255.112.74;85.255.112.191 O20 - AppInit_DLLs: bjxykt.dll O20 - Winlogon Notify: qomeeulb - qoMeEULB.dll (file missing) O20 - Winlogon Notify: ssqPjIxy - C:WINDOWSSYSTEM32ssqPjIxy.dll O20 - Winlogon Notify: wvukjbcb - wvUkJbcB.dll (file missing) O23 - Service: Automatisk LiveUpdate-schemaläggare - Symantec Corporation - C:ProgramSymantecLiveUpdateALUSchedulerSvc.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:ProgramDelade filerSymantec SharedccEvtMgr.exe O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:ProgramNorton Internet SecurityccPwdSvc.exe O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:ProgramDelade filerSymantec SharedccProxy.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:ProgramDelade filerSymantec SharedccSetMgr.exe O23 - Service: COM Host (comHost) - Symantec Corporation - C:ProgramNorton Internet SecuritycomHost.exe O23 - Service: Google Updater Service (gusvc) - Google - C:ProgramGoogleCommonGoogle UpdaterGoogleUpdaterService.exe O23 - Service: Iap - Dell Inc - C:ProgramDellOpenManageClientIap.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:WINDOWSsystem32LEXBCES.EXE O23 - Service: LiveUpdate - Symantec Corporation - C:ProgramSymantecLIVEUP~1LUCOMS~1.EXE O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:ProgramDelade filerSymantec SharedPIF{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}PIFSvc.exe O23 - Service: Norton AntiVirus Auto Protect-tjänst (navapsvc) - Symantec Corporation - C:ProgramNorton Internet SecurityNorton AntiVirusnavapsvc.exe O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:ProgramIntelNCSSyncNetSvc.exe O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:ProgramDelade filerSymantec SharedSecurity ConsoleNSCSRVCE.EXE O23 - Service: PTK License-FIGHTERS-4665699 (ptk license-fighters-4665699) - SPAMfighter - C:ProgramFighterslicenseservice.exe O23 - Service: PTK Live Update-FIGHTERS-4665699 (ptk live update-fighters-4665699) - SPAMfighter - C:ProgramFightersupdateservice.exe O23 - Service: PTK Scanner-FIGHTERS-4665699 (ptk scanner-fighters-4665699) - SPAMfighter - C:ProgramFightersScannerService.exe O23 - Service: PTK SharedAccess-FIGHTERS-4665699 (ptk sharedaccess-fighters-4665699) - SPAMfighter - C:ProgramFightersconfigservice.exe O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:ProgramNorton Internet SecurityNorton AntiVirusSAVScan.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:ProgramDelade filerSymantec SharedSNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:ProgramDelade filerSymantec SharedSPBBCSPBBCSvc.exe O23 - Service: Symantec Core LC - Unknown owner - C:ProgramDelade filerSymantec SharedCCPD-LCsymlcsvc.exe O23 - Service: Symantec RemoteAssist - Symantec, Inc. - C:ProgramDelade filerSymantec SharedSupport Controlsssrc.exe O24 - Desktop Component 0: (no name) - http://www.microsoft.com/windows/plus/imag...ish_150x106.jpg -- End of file - 16491 bytes
Guest Malou Posted November 9, 2008 Posted November 9, 2008 Hej StefanT! Vad jag kan tyda av din TM HJT-logga så har du råkat ut för en riktigt rejäl Vundoinfektion. Skriv ut nedanstående eller kopiera det till ett textdokument och spara det till skrivbordet: Läs/Följ instruktionerna noga: Hämta hem Malwarebytes Anti-Malware: http://www.besttechie.net/tools/mbam-setup.exe 1: Spara installationsfilen till skrivbordet 2: För att påbörja installationen dubbelklicka på mbam-setup.exe 3: Bocka för nedanstående Uppdatera Malwarebytes' Anti-Malware Starta Malwarebytes' Anti-Malware 4: Klicka på Slutför Om där finns uppdateringar kommer dessa att installeras. Då ovanstående är gjort gå vidare med nedanstående procedur: 1: När programmet startar så välj Utför snabb scanning 2: Klicka på knappen Scanna 3: Scanningen kommer nu att ta en stund 3: När programmet scannat klart klicka Ok och sedan Visa resultat 4: Bocka för allt och klicka på Remove Selected 5: Då borttagningen är klar kommer en textfil i Anteckningar att öppnas upp med en logg. Kopiera/klistra in den loggan hit till din tråd. 6: Gör en ny TM HJT-logga kopiera in den hit så får vi se hur den ser ut. MVH/Malou
StefanT Posted November 9, 2008 Author Posted November 9, 2008 Tack för hjälpen. Malwarebytes Anti-Malware hittade 303 infekterade filer. Nu är jag en glad datorägare igen --!! //Stefan
Guest Malou Posted November 9, 2008 Posted November 9, 2008 Hej StefanT! Varsegod och härligt att höra att du är glad igen ;) Men kopiera gärna in loggarna hit som jag bad om så vi kan kontrollera så att systemet är rent. MVH/Malou
StefanT Posted November 9, 2008 Author Posted November 9, 2008 Ska göra det när jag kommer hem från jobbet //Stefan
Guest Malou Posted November 9, 2008 Posted November 9, 2008 Ska göra det när jag kommer hem från jobbet//Stefan Ok låter bra. Så tar jag en titt på dem imorgon Anledningen till att jag vill se loggarna är för att som du förhoppningsvis förstår försäkra mig om att allt är rent och fint. Och att Malwarebytes Anti-Malware hittat samt åtgärdat det mesta. För det fanns en hel del otyg i din TM HJT-logga och det är inte säkert att Malwarebytes Anti-Malware klarar av att hitta/åtgärda resterande. Vi kan behöva ta till ytterligare skarpa verktyg för att åtgärda resterande. Detta är då för att hjälpa dig i all välmening så att du verkligen får ett rent och fint system igen ;) MVH/Malou
StefanT Posted November 10, 2008 Author Posted November 10, 2008 Hej igen Ingen är tacksammare än jag att det blir fullständigt virusfritt. Provade både med Spywarefighter och Norton innan, men jag borde loggat in på den här sidan direkt istället. Ha en bra dag.. M.v.h Stefan Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 11:51:45, on 2008-11-10 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16735) Boot mode: Normal Running processes: C:WINDOWSSystem32smss.exe C:WINDOWSsystem32winlogon.exe C:WINDOWSsystem32services.exe C:WINDOWSsystem32lsass.exe C:WINDOWSsystem32svchost.exe C:WINDOWSSystem32svchost.exe C:ProgramDelade filerSymantec SharedccSetMgr.exe C:ProgramDelade filerSymantec SharedccEvtMgr.exe C:ProgramDelade filerSymantec SharedccProxy.exe C:ProgramDelade filerSymantec SharedPIF{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}PIFSvc.exe C:ProgramDelade filerSymantec SharedSNDSrvc.exe C:ProgramDelade filerSymantec SharedSPBBCSPBBCSvc.exe C:ProgramDelade filerSymantec SharedCCPD-LCsymlcsvc.exe C:WINDOWSExplorer.EXE C:WINDOWSsystem32LEXBCES.EXE C:WINDOWSsystem32LEXPPS.EXE C:WINDOWSsystem32spoolsv.exe C:ProgramSymantecLiveUpdateALUSchedulerSvc.exe C:WINDOWSSystem32svchost.exe C:ProgramDellOpenManageClientIap.exe C:ProgramMicrosoft SQL ServerMSSQL$SPCSBinnsqlservr.exe C:ProgramNorton Internet SecurityNorton AntiVirusnavapsvc.exe C:ProgramFightersconfigservice.exe C:WINDOWSsystem32svchost.exe C:ProgramFighterslicenseservice.exe C:ProgramFightersupdateservice.exe C:ProgramFightersScannerService.exe C:ProgramMacrogamingSweetIMSweetIM.exe C:ProgramJavajre1.6.0_05binjusched.exe C:ProgramFightersspywarefighterSpywarefighterUser.exe C:ProgramQuickTimeqttask.exe C:WINDOWSsystem32LXSUPMON.EXE C:WINDOWSsystem32igfxpers.exe C:WINDOWSsystem32hkcmd.exe C:ProgramCyberLinkPowerDVDDVDLauncher.exe C:ProgramDelade filerSymantec SharedccApp.exe C:WINDOWSsystem32ctfmon.exe C:ProgramWindows Media PlayerWMPNSCFG.exe C:ProgramGoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe C:ProgramWindows LiveMessengermsnmsgr.exe C:GarmingStart.exe C:ProgramDelade filerSymantec SharedSecurity ConsoleNSCSRVCE.EXE C:WINDOWSsystem32wuauclt.exe C:ProgramSymantecLIVEUP~1LUCOMS~1.EXE C:ProgramSymantecLiveUpdateAUpdate.exe C:ProgramSymantecLiveUpdateLuCallbackProxy.exe C:ProgramSymantecLiveUpdateLuCallbackProxy.exe C:ProgramTrend MicroHijackThisCatha.exe C:ProgramSymantecLiveUpdateLuCallbackProxy.exe C:ProgramSymantecLiveUpdateLuCallbackProxy.exe C:ProgramSymantecLiveUpdateLuCallbackProxy.exe C:ProgramSymantecLiveUpdateLuCallbackProxy.exe C:ProgramSymantecLiveUpdateLuCallbackProxy.exe C:ProgramMessengermsmsgs.exe R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Search Bar = http://dellsearchedit.myway.com/samisc/del...ebar.jhtml?p=EB R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = https://upplandsbro.skola24.se/ R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www1.euro.dell.com/content/default....;l=sv&s=gen R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Länkar R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:ProgramMacrogamingSweetIMBarForIEtoolbar.dll O2 - BHO: mxlivemedia browser enhancer - {15f1de2b-e547-f1d4-f82d-d5bfd4ee2e0e} - C:WINDOWSsystem32tuyrgsacxlt.dll (file missing) O2 - BHO: (no name) - {4D25F921-B9FE-4682-BF72-8AB8210D6D75} - C:ProgramMyWaySASrchAsDedeSrcAs.dll (file missing) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:ProgramJavajre1.6.0_05binssv.dll O2 - BHO: Windows Live inloggningshjälpen - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:ProgramDelade filerMicrosoft SharedWindows LiveWindowsLiveLogin.dll O2 - BHO: Norton Internet Security 2006 - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:ProgramDelade filerSymantec SharedAdBlockingNISShExt.dll O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:ProgramNorton Internet SecurityNorton AntiVirusNavShExt.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:programgooglegoogletoolbar1.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:ProgramGoogleGoogleToolbarNotifier3.1.807.1746swg.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:ProgramWindows Live Toolbarmsntb.dll O3 - Toolbar: Norton Internet Security 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:ProgramDelade filerSymantec SharedAdBlockingNISShExt.dll O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:ProgramNorton Internet SecurityNorton AntiVirusNavShExt.dll O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:ProgramMacrogamingSweetIMBarForIEtoolbar.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:programgooglegoogletoolbar1.dll O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:ProgramWinamp Toolbarwinamptb.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:ProgramWindows Live Toolbarmsntb.dll O4 - HKLM..Run: [symantec PIF AlertEng] "C:ProgramDelade filerSymantec SharedPIF{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}PIFSvc.exe" /a /m "C:ProgramDelade filerSymantec SharedPIF{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}AlertEng.dll" O4 - HKLM..Run: [C:WINDOWSsystem32kdihl.exe] C:WINDOWSsystem32kdihl.exe O4 - HKLM..Run: [Windows Updater] updater.com O4 - HKLM..Run: [WinampAgent] C:ProgramWinampwianmpa.exe O4 - HKLM..Run: [sweetIM] C:ProgramMacrogamingSweetIMSweetIM.exe O4 - HKLM..Run: [sunJavaUpdateSched] "C:ProgramJavajre1.6.0_05binjusched.exe" O4 - HKLM..Run: [spywarefighterguard] C:ProgramFightersspywarefighterSpywarefighterUser.exe O4 - HKLM..Run: [QuickTime Task] "C:ProgramQuickTimeqttask.exe" -atboottime O4 - HKLM..Run: [LXSUPMON] C:WINDOWSsystem32LXSUPMON.EXE RUN O4 - HKLM..Run: [KernelFaultCheck] %systemroot%system32dumprep 0 -k O4 - HKLM..Run: [igfxtray] C:WINDOWSsystem32igfxtray.exe O4 - HKLM..Run: [igfxpers] C:WINDOWSsystem32igfxpers.exe O4 - HKLM..Run: [igfxhkcmd] C:WINDOWSsystem32hkcmd.exe O4 - HKLM..Run: [DVDLauncher] "C:ProgramCyberLinkPowerDVDDVDLauncher.exe" O4 - HKLM..Run: [ccApp] "C:ProgramDelade filerSymantec SharedccApp.exe" O4 - HKLM..Run: [Adobe Reader Speed Launcher] "C:ProgramAdobeReader 8.0ReaderReader_sl.exe" O4 - HKCU..Run: [ctfmon.exe] C:WINDOWSsystem32ctfmon.exe O4 - HKCU..Run: [WMPNSCFG] C:ProgramWindows Media PlayerWMPNSCFG.exe O4 - HKCU..Run: [swg] C:ProgramGoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe O4 - HKCU..Run: [MsnMsgr] "C:ProgramWindows LiveMessengermsnmsgr.exe" /background O4 - HKCU..Run: [gStart] C:GarmingStart.exe O4 - HKCU..Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:ProgramDelade filerAheadLibNMBgMonitor.exe" O4 - HKUSS-1-5-19..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User 'LOKAL TJÄNST') O4 - HKUSS-1-5-20..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUSS-1-5-18..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User 'SYSTEM') O4 - HKUS.DEFAULT..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User 'Default user') O7 - HKLMSoftwareMicrosoftWindowsCurrentVersionPoliciesSystem, DisableRegedit=1 O8 - Extra context menu item: &Winamp Toolbar Search - C:Documents and SettingsAll UsersApplication DataWinamp ToolbarieToolbarresourcesen-USlocalsearch.html O8 - Extra context menu item: &Windows Live Search - res://C:ProgramWindows Live Toolbarmsntb.dll/search.htm O8 - Extra context menu item: Add to AMV Converter... - C:ProgramMP3 Player Utilities 4.15AMVConvertergrab.html O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:ProgramMICROS~2OFFICE11EXCEL.EXE/3000 O8 - Extra context menu item: MediaManager tool grab multimedia file - C:ProgramMP3 Player Utilities 4.15MediaManagergrab.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:ProgramJavajre1.6.0_05binssv.dll O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:ProgramJavajre1.6.0_05binssv.dll O9 - Extra button: Blogga detta - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:ProgramWindows LiveWriterWriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Blogga detta i Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:ProgramWindows LiveWriterWriterBrowserExtension.dll O9 - Extra button: Referensinformation - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:ProgramMICROS~2OFFICE11REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:WINDOWSNetwork Diagnosticxpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:WINDOWSNetwork Diagnosticxpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:ProgramMessengermsmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:ProgramMessengermsmsgs.exe O16 - DPF: {45A0A292-ECC6-4D8F-9EA9-A4BD411D24C1} (king.com) - http://www.king.com/ctl/kingcomie.cab O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game12.zylom.com/activex/zylomgamesplayer.cab O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab O20 - AppInit_DLLs: bjxykt.dll O20 - Winlogon Notify: wvukjbcb - wvUkJbcB.dll (file missing) O23 - Service: Automatisk LiveUpdate-schemaläggare - Symantec Corporation - C:ProgramSymantecLiveUpdateALUSchedulerSvc.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:ProgramDelade filerSymantec SharedccEvtMgr.exe O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:ProgramNorton Internet SecurityccPwdSvc.exe O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:ProgramDelade filerSymantec SharedccProxy.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:ProgramDelade filerSymantec SharedccSetMgr.exe O23 - Service: COM Host (comHost) - Symantec Corporation - C:ProgramNorton Internet SecuritycomHost.exe O23 - Service: Google Updater Service (gusvc) - Google - C:ProgramGoogleCommonGoogle UpdaterGoogleUpdaterService.exe O23 - Service: Iap - Dell Inc - C:ProgramDellOpenManageClientIap.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:WINDOWSsystem32LEXBCES.EXE O23 - Service: LiveUpdate - Symantec Corporation - C:ProgramSymantecLIVEUP~1LUCOMS~1.EXE O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:ProgramDelade filerSymantec SharedPIF{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}PIFSvc.exe O23 - Service: Norton AntiVirus Auto Protect-tjänst (navapsvc) - Symantec Corporation - C:ProgramNorton Internet SecurityNorton AntiVirusnavapsvc.exe O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:ProgramIntelNCSSyncNetSvc.exe O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:ProgramDelade filerSymantec SharedSecurity ConsoleNSCSRVCE.EXE O23 - Service: PTK License-FIGHTERS-4665699 (ptk license-fighters-4665699) - SPAMfighter - C:ProgramFighterslicenseservice.exe O23 - Service: PTK Live Update-FIGHTERS-4665699 (ptk live update-fighters-4665699) - SPAMfighter - C:ProgramFightersupdateservice.exe O23 - Service: PTK Scanner-FIGHTERS-4665699 (ptk scanner-fighters-4665699) - SPAMfighter - C:ProgramFightersScannerService.exe O23 - Service: PTK SharedAccess-FIGHTERS-4665699 (ptk sharedaccess-fighters-4665699) - SPAMfighter - C:ProgramFightersconfigservice.exe O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:ProgramNorton Internet SecurityNorton AntiVirusSAVScan.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:ProgramDelade filerSymantec SharedSNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:ProgramDelade filerSymantec SharedSPBBCSPBBCSvc.exe O23 - Service: Symantec Core LC - Unknown owner - C:ProgramDelade filerSymantec SharedCCPD-LCsymlcsvc.exe O23 - Service: Symantec RemoteAssist - Symantec, Inc. - C:ProgramDelade filerSymantec SharedSupport Controlsssrc.exe O24 - Desktop Component 0: (no name) - http://www.microsoft.com/windows/plus/imag...ish_150x106.jpg -- End of file - 13280 bytes
Guest Malou Posted November 10, 2008 Posted November 10, 2008 Hej StefanT! Som jag misstänkte så finns där kvar otyg i systemet. Jag saknar även loggan från Malwarebytes Anti-Malware som jag bad om. Kopiera in den hit så jag får ta en titt även på den. MVH/Malou
StefanT Posted November 10, 2008 Author Posted November 10, 2008 Hej Här kommer den loggen. Tur att det finns folk som kan analysera Fick dela den på två..... //Stefan Malwarebytes' Anti-Malware 1.30 Databasversion: 1375 Windows 5.1.2600 Service Pack 3 2008-11-09 18:34:58 mbam-log-2008-11-09 (18-34-58).txt Skanningstyp: Fullständig skanning (C:|) Antal skannade objekt: 203406 Förfluten tid: 2 hour(s), 40 minute(s), 36 second(s) Infekterade minnesprocesser: 1 Infekterade minnesmoduler: 4 Infekterade registernycklar: 96 Infekterade registervärden: 10 Infekterade registerdataposter: 17 Infekterade mappar: 10 Infekterade filer: 163 Infekterade minnesprocesser: C:WINDOWSservice.exe (Backdoor.Bot) -> Unloaded process successfully. Infekterade minnesmoduler: C:WINDOWSsystem32bYomLefg.dll (Trojan.Vundo.H) -> Delete on reboot. C:WINDOWSsystem32bjxykt.dll (Trojan.Vundo) -> Delete on reboot. C:WINDOWSsystem32ssqPjIxy.dll (Trojan.Vundo) -> Delete on reboot. C:WINDOWSsystem32jhrxxbid.dll (Trojan.Vundo) -> Delete on reboot. Infekterade registernycklar: HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{79117664-7a50-429c-b3af-6cdf9e1886ce} (Trojan.Vundo.H) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogonNotifyqomeeulb (Trojan.Vundo.H) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOTCLSID{79117664-7a50-429c-b3af-6cdf9e1886ce} (Trojan.Vundo.H) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{9c81d128-4da9-46c9-91d7-efd68ca2c923} (Trojan.Vundo.H) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOTCLSID{9c81d128-4da9-46c9-91d7-efd68ca2c923} (Trojan.Vundo.H) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{deb85b3b-8afc-4567-bc39-46da44c17c61} (Trojan.Vundo.H) -> Delete on reboot. HKEY_CLASSES_ROOTCLSID{deb85b3b-8afc-4567-bc39-46da44c17c61} (Trojan.Vundo.H) -> Delete on reboot. HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{0005b3dd-a43d-432d-915b-1933d975e360} (Trojan.BHO.H) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOTCLSID{0005b3dd-a43d-432d-915b-1933d975e360} (Trojan.BHO.H) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{000b187f-d25f-4bef-8e7f-220666fb7830} (Trojan.BHO.H) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOTCLSID{000b187f-d25f-4bef-8e7f-220666fb7830} (Trojan.BHO.H) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{000b67ba-a43d-432d-915b-1933d975e360} (Trojan.BHO.H) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOTCLSID{000b67ba-a43d-432d-915b-1933d975e360} (Trojan.BHO.H) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{001630fe-d25f-4bef-8e7f-220666fb7830} (Trojan.BHO.H) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOTCLSID{001630fe-d25f-4bef-8e7f-220666fb7830} (Trojan.BHO.H) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{0016cf75-a43d-432d-915b-1933d975e360} (Trojan.BHO.H) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOTCLSID{0016cf75-a43d-432d-915b-1933d975e360} (Trojan.BHO.H) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{002c61fd-d25f-4bef-8e7f-220666fb7830} (Trojan.BHO.H) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOTCLSID{002c61fd-d25f-4bef-8e7f-220666fb7830} (Trojan.BHO.H) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{002d9eea-a43d-432d-915b-1933d975e360} (Trojan.BHO.H) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOTCLSID{002d9eea-a43d-432d-915b-1933d975e360} (Trojan.BHO.H) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{0058c3fb-d25f-4bef-8e7f-220666fb7830} (Trojan.BHO.H) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOTCLSID{0058c3fb-d25f-4bef-8e7f-220666fb7830} (Trojan.BHO.H) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{005b3dd4-a43d-432d-915b-1933d975e360} (Trojan.BHO.H) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOTCLSID{005b3dd4-a43d-432d-915b-1933d975e360} (Trojan.BHO.H) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{00b187f6-d25f-4bef-8e7f-220666fb7830} (Trojan.BHO.H) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOTCLSID{00b187f6-d25f-4bef-8e7f-220666fb7830} (Trojan.BHO.H) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{00b67ba9-a43d-432d-915b-1933d975e360} (Trojan.BHO.H) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOTCLSID{00b67ba9-a43d-432d-915b-1933d975e360} (Trojan.BHO.H) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{01630fed-d25f-4bef-8e7f-220666fb7830} (Trojan.BHO.H) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOTCLSID{01630fed-d25f-4bef-8e7f-220666fb7830} (Trojan.BHO.H) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{016cf752-a43d-432d-915b-1933d975e360} (Trojan.BHO.H) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOTCLSID{016cf752-a43d-432d-915b-1933d975e360} (Trojan.BHO.H) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{02c61fdb-d25f-4bef-8e7f-220666fb7830} (Trojan.BHO.H) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOTCLSID{02c61fdb-d25f-4bef-8e7f-220666fb7830} (Trojan.BHO.H) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{02d9eea5-a43d-432d-915b-1933d975e360} (Trojan.BHO.H) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOTCLSID{02d9eea5-a43d-432d-915b-1933d975e360} (Trojan.BHO.H) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{058c3fb7-d25f-4bef-8e7f-220666fb7830} (Trojan.BHO.H) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOTCLSID{058c3fb7-d25f-4bef-8e7f-220666fb7830} (Trojan.BHO.H) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{05b3dd4b-a43d-432d-915b-1933d975e360} (Trojan.BHO.H) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOTCLSID{05b3dd4b-a43d-432d-915b-1933d975e360} (Trojan.BHO.H) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{0b187f6f-d25f-4bef-8e7f-220666fb7830} (Trojan.BHO.H) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOTCLSID{0b187f6f-d25f-4bef-8e7f-220666fb7830} (Trojan.BHO.H) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{0b67ba96-a43d-432d-915b-1933d975e360} (Trojan.BHO.H) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOTCLSID{0b67ba96-a43d-432d-915b-1933d975e360} (Trojan.BHO.H) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{1630fede-d25f-4bef-8e7f-220666fb7830} (Trojan.BHO.H) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOTCLSID{1630fede-d25f-4bef-8e7f-220666fb7830} (Trojan.BHO.H) -> Quarantined and deleted successfully. HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionExtStats{9c81d128-4da9-46c9-91d7-efd68ca2c923} (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOTCLSID{75abcf92-9764-4dfa-a83f-5142c3905052} (Trojan.Vundo) -> Delete on reboot. HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionExtStats{75abcf92-9764-4dfa-a83f-5142c3905052} (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{75abcf92-9764-4dfa-a83f-5142c3905052} (Trojan.Vundo) -> Delete on reboot. HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogonNotifyssqpjixy (Trojan.Vundo) -> Delete on reboot. HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionExtStats{deb85b3b-8afc-4567-bc39-46da44c17c61} (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionExtStats{0005b3dd-a43d-432d-915b-1933d975e360} (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionExtStats{000b67ba-a43d-432d-915b-1933d975e360} (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionExtStats{0016cf75-a43d-432d-915b-1933d975e360} (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionExtStats{002d9eea-a43d-432d-915b-1933d975e360} (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionExtStats{005b3dd4-a43d-432d-915b-1933d975e360} (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionExtStats{00b67ba9-a43d-432d-915b-1933d975e360} (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionExtStats{016cf752-a43d-432d-915b-1933d975e360} (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionExtStats{02d9eea5-a43d-432d-915b-1933d975e360} (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionExtStats{05b3dd4b-a43d-432d-915b-1933d975e360} (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionExtStats{0b67ba96-a43d-432d-915b-1933d975e360} (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOTInterface{99ccfb8c-6380-4a14-8fdd-ef3e7e95335d} (Adware.Zango) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOTCLSID{460ac4db-b0de-4626-a0f0-175dd84dcb9b} (Adware.Hotbar) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOTCLSID{4d25f926-b9fe-4682-bf72-8ab8210d6d75} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionExtStats{4b18dd50-c996-44fc-ac52-0fecff82ed58} (Spyware.Hotbar) -> Quarantined and deleted successfully. HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionExtStats{79117664-7a50-429c-b3af-6cdf9e1886ce} (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionExtStats{90b5a95a-afd5-4d11-b9bd-a69d53d22226} (Adware.Hotbar) -> Quarantined and deleted successfully. HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionExtStats{b64f4a7c-97c9-11da-8bde-f66bad1e3f3a} (Rogue.WinAntivirus) -> Quarantined and deleted successfully. HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionExtStats{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USERSOFTWAREMicrosoftInstallerProducts568267acfc5644dab06f058006ddbae3 (Adware.Zango) -> Quarantined and deleted successfully. HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionExtStats{000b187f-d25f-4bef-8e7f-220666fb7830} (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionExtStats{001630fe-d25f-4bef-8e7f-220666fb7830} (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionExtStats{002c61fd-d25f-4bef-8e7f-220666fb7830} (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionExtStats{0058c3fb-d25f-4bef-8e7f-220666fb7830} (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionExtStats{00b187f6-d25f-4bef-8e7f-220666fb7830} (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionExtStats{01630fed-d25f-4bef-8e7f-220666fb7830} (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionExtStats{02c61fdb-d25f-4bef-8e7f-220666fb7830} (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionExtStats{058c3fb7-d25f-4bef-8e7f-220666fb7830} (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionExtStats{0b187f6f-d25f-4bef-8e7f-220666fb7830} (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionExtStats{1630fede-d25f-4bef-8e7f-220666fb7830} (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOTTypeLib{b0f1f251-79bd-4ac5-bdb6-383379e50cb3} (Adware.Hotbar) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOTCLSID{68354ad6-ac7e-4fe3-a19b-8f8e70ab4252} (Adware.Hotbar) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExtPreApproved{68354ad6-ac7e-4fe3-a19b-8f8e70ab4252} (Adware.Hotbar) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOTCLSID{d10c4db6-cb02-40f4-88ee-c0b64c02adfc} (Adware.Hotbar) -> Quarantined and deleted successfully. HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionExtStats{d10c4db6-cb02-40f4-88ee-c0b64c02adfc} (Adware.Hotbar) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExtPreApproved{d10c4db6-cb02-40f4-88ee-c0b64c02adfc} (Adware.Hotbar) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOTsexvid (Trojan.DNSChanger) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINESOFTWAREMicrosoftSoftware Notifier (Rogue.Multiple) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINESOFTWAREMicrosoftMS Juan (Malware.Trace) -> Delete on reboot. HKEY_LOCAL_MACHINESOFTWAREMicrosoftcontim (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINESOFTWAREMicrosoftMS Track System (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINESOFTWAREMicrosoftrdfa (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINESOFTWAREMicrosoftFCOVM (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINESOFTWAREMicrosoftRemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully. Infekterade registervärden: HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRunmessenger service (Backdoor.Bot.H) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerShellExecuteHooks{75abcf92-9764-4dfa-a83f-5142c3905052} (Trojan.Vundo) -> Delete on reboot. HKEY_CURRENT_USERSOFTWAREMicrosoftInternet ExplorerURLSearchHooks{4d25f926-b9fe-4682-bf72-8ab8210d6d75} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerShellExecuteHooks{79117664-7a50-429c-b3af-6cdf9e1886ce} (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRunlsmnvboumq (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRunlphc7d9j0egfn (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CURRENT_USERControl PanelDesktopwallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully. HKEY_CURRENT_USERControl PanelDesktoporiginalwallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully. HKEY_CURRENT_USERControl PanelDesktopconvertedwallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully. HKEY_CURRENT_USERControl PanelDesktopscrnsave.exe (Hijack.Wallpaper) -> Quarantined and deleted successfully. Infekterade registerdataposter: HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlLSANotification Packages (Trojan.Vundo.H) -> Data: c:windowssystem32byomlefg -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogonSystem (Rootkit.DNSChanger.H) -> Data: kdihl.exe -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlLSAAuthentication Packages (Trojan.Vundo) -> Data: c:windowssystem32byomlefg -> Delete on reboot. HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionPoliciesSystemNoDispBackgroundPage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionPoliciesSystemNoDispScrSavPage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesTcpipParametersDhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.83 192.168.0.1 -> Delete on reboot. HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesTcpipParametersInterfaces{7ef5bb9b-24d6-4aa6-a938-6d497ebdca75}DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.83 192.168.0.1 -> Delete on reboot. HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesTcpipParametersInterfaces{7ef5bb9b-24d6-4aa6-a938-6d497ebdca75}NameServer (Trojan.DNSChanger) -> Data: 85.255.112.74;85.255.112.191 -> Delete on reboot. HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesTcpipParametersInterfaces{f5198715-f56e-4d20-a279-1a0fa879f9d2}NameServer (Trojan.DNSChanger) -> Data: 85.255.112.74;85.255.112.191 -> Delete on reboot. HKEY_LOCAL_MACHINESYSTEMControlSet001ServicesTcpipParametersDhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.83 192.168.0.1 -> Delete on reboot. HKEY_LOCAL_MACHINESYSTEMControlSet001ServicesTcpipParametersInterfaces{7ef5bb9b-24d6-4aa6-a938-6d497ebdca75}DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.83 192.168.0.1 -> Delete on reboot. HKEY_LOCAL_MACHINESYSTEMControlSet001ServicesTcpipParametersInterfaces{7ef5bb9b-24d6-4aa6-a938-6d497ebdca75}NameServer (Trojan.DNSChanger) -> Data: 85.255.112.74;85.255.112.191 -> Delete on reboot. HKEY_LOCAL_MACHINESYSTEMControlSet001ServicesTcpipParametersInterfaces{f5198715-f56e-4d20-a279-1a0fa879f9d2}NameServer (Trojan.DNSChanger) -> Data: 85.255.112.74;85.255.112.191 -> Delete on reboot. HKEY_LOCAL_MACHINESYSTEMControlSet002ServicesTcpipParametersDhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.83 192.168.0.1 -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINESYSTEMControlSet002ServicesTcpipParametersInterfaces{7ef5bb9b-24d6-4aa6-a938-6d497ebdca75}DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.83 192.168.0.1 -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINESYSTEMControlSet002ServicesTcpipParametersInterfaces{7ef5bb9b-24d6-4aa6-a938-6d497ebdca75}NameServer (Trojan.DNSChanger) -> Data: 85.255.112.74;85.255.112.191 -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINESYSTEMControlSet002ServicesTcpipParametersInterfaces{f5198715-f56e-4d20-a279-1a0fa879f9d2}NameServer (Trojan.DNSChanger) -> Data: 85.255.112.74;85.255.112.191 -> Quarantined and deleted successfully. Infekterade mappar: C:ProgramHotbar (Adware.Hotbar) -> Delete on reboot. C:ProgramHotbarbin (Adware.Hotbar) -> Delete on reboot. C:ProgramHotbarbin10.0.356.0 (Adware.Hotbar) -> Delete on reboot. C:ProgramHotbarbin10.0.356.0firefox (Adware.Hotbar) -> Delete on reboot. C:ProgramHotbarbin10.0.356.0firefoxextensions (Adware.Hotbar) -> Delete on reboot. C:ProgramHotbarbin10.0.356.0firefoxextensionscomponents (Adware.Hotbar) -> Quarantined and deleted successfully. C:ProgramHotbarbin10.0.356.0firefoxextensionsplugins (Adware.Hotbar) -> Quarantined and deleted successfully. C:ProgramMyWaySA (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:ProgramMyWaySASrchAsDe (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:Documents and SettingsAll UsersApplication Data2ACA5CC3-0F83-453D-A079-1076FE1A8B65 (Adware.Seekmo) -> Quarantined and deleted successfully.
StefanT Posted November 10, 2008 Author Posted November 10, 2008 Här kommer #2. /Stefan Infekterade mappar: C:ProgramHotbar (Adware.Hotbar) -> Delete on reboot. C:ProgramHotbarbin (Adware.Hotbar) -> Delete on reboot. C:ProgramHotbarbin10.0.356.0 (Adware.Hotbar) -> Delete on reboot. C:ProgramHotbarbin10.0.356.0firefox (Adware.Hotbar) -> Delete on reboot. C:ProgramHotbarbin10.0.356.0firefoxextensions (Adware.Hotbar) -> Delete on reboot. C:ProgramHotbarbin10.0.356.0firefoxextensionscomponents (Adware.Hotbar) -> Quarantined and deleted successfully. C:ProgramHotbarbin10.0.356.0firefoxextensionsplugins (Adware.Hotbar) -> Quarantined and deleted successfully. C:ProgramMyWaySA (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:ProgramMyWaySASrchAsDe (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:Documents and SettingsAll UsersApplication Data2ACA5CC3-0F83-453D-A079-1076FE1A8B65 (Adware.Seekmo) -> Quarantined and deleted successfully. Infekterade filer: C:WINDOWSsystem32qoMeEULB.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:WINDOWSsystem32bjxykt.dll (Trojan.Vundo.H) -> Delete on reboot. C:WINDOWSsystem32bYomLefg.dll (Trojan.Vundo.H) -> Delete on reboot. C:WINDOWSsystem32gfeLmoYb.ini (Trojan.Vundo.H) -> Delete on reboot. C:WINDOWSsystem32gfeLmoYb.ini2 (Trojan.Vundo.H) -> Delete on reboot. C:WINDOWSsystem32awtrQKbC.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:WINDOWSsystem32CbKQrtwa.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:WINDOWSsystem32CbKQrtwa.ini2 (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:WINDOWSsystem32cbXOFyww.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:WINDOWSsystem32wwyFOXbc.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:WINDOWSsystem32wwyFOXbc.ini2 (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:WINDOWSsystem32fqrfubek.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:WINDOWSsystem32kebufrqf.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:WINDOWSsystem32mwjstxpx.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:WINDOWSsystem32xpxtsjwm.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:WINDOWSsystem32nnnmlJYO.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:WINDOWSsystem32OYJlmnnn.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:WINDOWSsystem32OYJlmnnn.ini2 (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:WINDOWSsystem32occsyovx.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:WINDOWSsystem32xvoyscco.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:WINDOWSsystem32vhrmrbca.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:WINDOWSsystem32acbrmrhv.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:WINDOWSsystem32vtUnmLDt.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:WINDOWSsystem32tDLmnUtv.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:WINDOWSsystem32tDLmnUtv.ini2 (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:WINDOWSsystem32vtUollLE.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:WINDOWSsystem32ELlloUtv.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:WINDOWSsystem32ELlloUtv.ini2 (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:WINDOWSsystem32yayASLcY.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:WINDOWSsystem32YcLSAyay.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:WINDOWSsystem32YcLSAyay.ini2 (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:WINDOWSsystem32kdihl.exe (Rootkit.DNSChanger.H) -> Delete on reboot. C:WINDOWSsystem32jhrxxbid.dll (Trojan.BHO.H) -> Delete on reboot. C:WINDOWSsystem32qalrjiqr.dll (Trojan.BHO.H) -> Quarantined and deleted successfully. C:WINDOWSservice.exe (Backdoor.Bot.H) -> Quarantined and deleted successfully. C:WINDOWSsystem32ssqPjIxy.dll (Trojan.Vundo) -> Delete on reboot. C:Documents and SettingsAmanda!!Lokala inställningarTemporary Internet FilesContent.IE57UFI2X7Sis167464[1].exe (Trojan.Vundo) -> Quarantined and deleted successfully. C:Documents and SettingsAmanda!!Lokala inställningarTemporary Internet FilesContent.IE5FPDUU6OHcntr[1] (Trojan.Vundo) -> Quarantined and deleted successfully. C:Documents and SettingsAmanda!!Lokala inställningarTemporary Internet FilesContent.IE5FPDUU6OHupd105320[1] (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:Documents and SettingsAmanda!!Lokala inställningarTemporary Internet FilesContent.IE5GPNKFIY5cntr[1] (Trojan.Vundo) -> Quarantined and deleted successfully. C:Documents and SettingsAmanda!!Lokala inställningarTemporary Internet FilesContent.IE5HCWMVQL0nd82m0[1] (Trojan.Vundo) -> Quarantined and deleted successfully. C:Documents and SettingsCatharina AndreeLokala inställningarTemporary Internet FilesContent.IE506W0DT7Jnd82m0[1] (Trojan.Vundo) -> Quarantined and deleted successfully. C:Documents and SettingsCatharina AndreeLokala inställningarTemporary Internet FilesContent.IE56QZ03DZLnd82m0[1] (Trojan.Vundo) -> Quarantined and deleted successfully. C:Documents and SettingsCatharina AndreeLokala inställningarTemporary Internet FilesContent.IE5JESHQ3PC23nq[1].dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:Documents and SettingsCatharina AndreeLokala inställningarTemporary Internet FilesContent.IE5JESHQ3PCupd105320[1] (Trojan.Vundo) -> Quarantined and deleted successfully. C:Documents and SettingsCatharina AndreeLokala inställningarTemporary Internet FilesContent.IE5PJ8492RY23nq[1].dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:Documents and SettingsCatharina AndreeLokala inställningarTemporary Internet FilesContent.IE5QLZSRRF3upd105320[1] (Trojan.Vundo) -> Quarantined and deleted successfully. C:Documents and SettingsCatharina AndreeLokala inställningarTemporary Internet FilesContent.IE5SUBC3Z30cntr[1] (Trojan.Vundo) -> Quarantined and deleted successfully. C:Documents and SettingsCatharina AndreeLokala inställningarTemporary Internet FilesContent.IE5VZMF23KFis167464[1].exe (Trojan.Vundo) -> Quarantined and deleted successfully. C:Documents and SettingsCatharina AndreeLokala inställningarTemporary Internet FilesContent.IE5X1NX9967cntr[1] (Trojan.Vundo) -> Quarantined and deleted successfully. C:ProgramHotbarbin10.0.356.0dBenderC.dll (Adware.Hotbar) -> Quarantined and deleted successfully. C:System Volume Information_restore{619781AC-CF96-4B2F-8E58-2353903809FC}(2)RP16A0010178.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:System Volume Information_restore{619781AC-CF96-4B2F-8E58-2353903809FC}(2)RP16A0010179.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:System Volume Information_restore{619781AC-CF96-4B2F-8E58-2353903809FC}(2)RP16A0010177.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:System Volume Information_restore{619781AC-CF96-4B2F-8E58-2353903809FC}(2)RP19A0014342.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:System Volume Information_restore{619781AC-CF96-4B2F-8E58-2353903809FC}(2)RP19A0014344.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:System Volume Information_restore{619781AC-CF96-4B2F-8E58-2353903809FC}(2)RP19A0014345.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:WINDOWSsystem32ahcwsckw.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:WINDOWSsystem32btqfyknu.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:WINDOWSsystem32byXNgebA.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:WINDOWSsystem32byXOfeDw.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:WINDOWSsystem32exuooywd.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:WINDOWSsystem32khfDsqPh.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:WINDOWSsystem32khfETlLf.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:WINDOWSsystem32kkwlbdod.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:WINDOWSsystem32lqedtogj.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:WINDOWSsystem32muqgytsb.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:WINDOWSsystem32nnnkKCSj.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:WINDOWSsystem32nnnnOedE.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:WINDOWSsystem32nnnoOiFx.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:WINDOWSsystem32rgtwulwc.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:WINDOWSsystem32uuajcumh.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:WINDOWSsystem32uwjpgiky.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:WINDOWSsystem32cnwiaecn.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:WINDOWSsystem32cocixh.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:WINDOWSsystem32geBqQJDV.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:WINDOWSsystem32geBrOEWo.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:WINDOWSsystem32geBtSKAT.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:WINDOWSsystem32geBuSMgE.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:WINDOWSsystem32lefbkioj.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:WINDOWSsystem32ndizin.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:WINDOWSsystem32opnnklMD.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:WINDOWSsystem32opnolmKa.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:WINDOWSsystem32opnomkhG.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:WINDOWSsystem32orqdserg.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:WINDOWSsystem32sbijjabr.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:WINDOWSsystem32ssqRIAqN.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:WINDOWSsystem32ssqRLFYo.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:WINDOWSsystem32tipoxyny.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:WINDOWSsystem32tucevsqs.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:WINDOWSsystem32mrwlplkq.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:WINDOWSsystem32gxtusv.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:WINDOWSsystem32hgGvuTJc.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:WINDOWSsystem32hgGvuULE.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:WINDOWSsystem32vtUkkkIY.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:WINDOWSsystem32qfmebh.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:WINDOWSsystem32qoMEVnoP.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:WINDOWSsystem32qoMffdEw.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:WINDOWSsystem32jkkKcYQj.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:WINDOWSsystem32avpommbl.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:WINDOWSsystem32awtrOhIc.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:WINDOWSsystem32awtturPg.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:WINDOWSsystem32mbhdtuup.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:WINDOWSsystem32mbmkyybl.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:WINDOWSsystem32wstyqwsw.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:WINDOWSsystem32wvcsxpll.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:WINDOWSsystem32xxyaabyx.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:WINDOWSsystem32yayvVOgH.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:WINDOWSsystem32ylmbtodl.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:WINDOWSsystem32ytjaxtbg.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:WINDOWSsystem32mlJArssr.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:WINDOWSsystem32mlJCRhhI.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:WINDOWSsystem32mltduhpq.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:WINDOWSsystem32jyfdogsm.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:WINDOWSsystem32ljJDUnmM.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:WINDOWSsystem32ljJDWMca.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:WINDOWSsystem32rkkwsgqf.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:WINDOWSsystem32rskxza.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:WINDOWSsystem32dcclggip.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:WINDOWSsystem32ddcAqNeb.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:WINDOWSsystem32fccddbAQ.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:WINDOWSsystem32flcrcb.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:WINDOWSsystem32eewiqrdt.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:WINDOWSsystem32efcBustQ.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:ProgramHotbarbin10.0.356.0arrow.ico (Adware.Hotbar) -> Quarantined and deleted successfully. C:ProgramHotbarbin10.0.356.0copyright.txt (Adware.Hotbar) -> Quarantined and deleted successfully. C:ProgramHotbarbin10.0.356.0HostOL.dll (Adware.Hotbar) -> Quarantined and deleted successfully. C:ProgramHotbarbin10.0.356.0HotbarSAAX.dll (Adware.Hotbar) -> Quarantined and deleted successfully. C:ProgramHotbarbin10.0.356.0link.ico (Adware.Hotbar) -> Quarantined and deleted successfully. C:ProgramHotbarbin10.0.356.0Wallpaper.dll (Adware.Hotbar) -> Quarantined and deleted successfully. C:ProgramHotbarbin10.0.356.0WeSkin.dll (Adware.Hotbar) -> Quarantined and deleted successfully. C:ProgramHotbarbin10.0.356.0firefoxextensionsinstall.rdf (Adware.Hotbar) -> Quarantined and deleted successfully. C:ProgramHotbarbin10.0.356.0firefoxextensionscomponentsnpclntax.xpt (Adware.Hotbar) -> Quarantined and deleted successfully. C:WINDOWSsystem32mcrh.tmp (Malware.Trace) -> Quarantined and deleted successfully. C:WINDOWSsystem32tuyrgsacxlt.dll (Trojan.Agent) -> Delete on reboot. C:Documents and SettingsAmanda!!SkrivbordAntiSpywareExpert.lnk (Rogue.Antispyware) -> Quarantined and deleted successfully. C:Documents and SettingsAmanda!!Application DataMicrosoftInternet ExplorerQuick LaunchAntiSpywareExpert.lnk (Rogue.Antispyware) -> Quarantined and deleted successfully. C:Documents and SettingsCatharina AndreeLokala inställningarTemp.tt1.tmp (Trojan.Downloader) -> Quarantined and deleted successfully. C:Documents and SettingsCatharina AndreeLokala inställningarTemp.tt3.tmp (Trojan.Downloader) -> Quarantined and deleted successfully. C:Documents and SettingsAmanda!!Lokala inställningarTemp.tt1.tmp (Trojan.Downloader) -> Quarantined and deleted successfully. C:Documents and SettingsAmanda!!Lokala inställningarTemp.tt2.tmp (Trojan.Downloader) -> Quarantined and deleted successfully. C:Documents and SettingsAmanda!!Lokala inställningarTemp.tt3.tmp (Trojan.Downloader) -> Quarantined and deleted successfully. C:Documents and SettingsAmanda!!Lokala inställningarTemp.tt4.tmp (Trojan.Downloader) -> Quarantined and deleted successfully. C:Documents and SettingsAmanda!!Lokala inställningarTemp.tt6.tmp (Trojan.Downloader) -> Quarantined and deleted successfully. C:Documents and SettingsAmanda!!Lokala inställningarTemp.tt7.tmp (Trojan.Downloader) -> Quarantined and deleted successfully. C:Documents and SettingsAmanda!!Lokala inställningarTemp.tt8.tmp (Trojan.Downloader) -> Quarantined and deleted successfully. C:Documents and SettingsAmanda!!Lokala inställningarTemp.ttA.tmp (Trojan.Downloader) -> Quarantined and deleted successfully. C:Documents and SettingsAmanda!!Lokala inställningarTemp.ttB.tmp (Trojan.Downloader) -> Quarantined and deleted successfully. C:Documents and SettingsAmanda!!Lokala inställningarTemp.ttC.tmp (Trojan.Downloader) -> Quarantined and deleted successfully. C:Documents and SettingsAmanda!!Lokala inställningarTemp.ttE.tmp (Trojan.Downloader) -> Quarantined and deleted successfully. C:Documents and SettingsAmanda!!Lokala inställningarTemp.ttF.tmp (Trojan.Downloader) -> Quarantined and deleted successfully. C:Documents and SettingsAmanda!!Lokala inställningarTemp.tt1.tmp.vbs (Trojan.FakeAlert) -> Delete on reboot. C:Documents and SettingsAmanda!!Lokala inställningarTemp.tt2.tmp.vbs (Trojan.FakeAlert) -> Delete on reboot. C:Documents and SettingsAmanda!!Lokala inställningarTemp.tt4.tmp.vbs (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:WINDOWSTemptempo-7D.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:WINDOWSTemptempo-7D3.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:WINDOWSTemptempo-B7B.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:WINDOWSTemptempo-DAF.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:Documents and SettingsmatildaSkrivbordFree PC Wallpapers.lnk (Rogue.Link) -> Quarantined and deleted successfully. C:Documents and SettingsamandaSkrivbordFree PC Wallpapers.lnk (Rogue.Link) -> Quarantined and deleted successfully. C:Documents and SettingsmatildaSkrivbordRepair Your Registry.lnk (Rogue.Link) -> Quarantined and deleted successfully. C:Documents and SettingsAmanda!!SkrivbordRepair Your Registry.lnk (Rogue.Link) -> Quarantined and deleted successfully. C:Documents and SettingsamandaSkrivbordRepair Your Registry.lnk (Rogue.Link) -> Quarantined and deleted successfully.
Guest Malou Posted November 10, 2008 Posted November 10, 2008 Hej StefanT! Tack Ja tyvärr så finns det inte så många svenska Spywarehunters som analyserar etc... Vi är bara några fåtal inom detta område. Det står Delete on reboot bakom en hel del detaljer. Gör så här: 1: Starta om datorn 2: Uppdatera programmet (mycket viktigt) 3: Gör en ny scanning och låt den ta bort det som hittas 4: Kopiera in loggan du får upp 5: Gör en ny TM HJT-logga och kopiera in även den så går vi vidare utifrån dessa MVH/Malou
StefanT Posted November 10, 2008 Author Posted November 10, 2008 Hej Har kört CCleaner emellan oxå. Det ser bättre och bättre ut i mitt tycke i alla fall. --!! //Stefan Malwarebytes' Anti-Malware 1.30 Databasversion: 1375 Windows 5.1.2600 Service Pack 3 2008-11-10 17:29:54 mbam-log-2008-11-10 (17-29-54).txt Skanningstyp: Fullständig skanning (C:|) Antal skannade objekt: 183113 Förfluten tid: 1 hour(s), 28 minute(s), 41 second(s) Infekterade minnesprocesser: 0 Infekterade minnesmoduler: 0 Infekterade registernycklar: 0 Infekterade registervärden: 0 Infekterade registerdataposter: 6 Infekterade mappar: 0 Infekterade filer: 0 Infekterade minnesprocesser: (Inga illasinnade poster hittades) Infekterade minnesmoduler: (Inga illasinnade poster hittades) Infekterade registernycklar: (Inga illasinnade poster hittades) Infekterade registervärden: (Inga illasinnade poster hittades) Infekterade registerdataposter: HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesTcpipParametersDhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.83 192.168.0.1 -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesTcpipParametersInterfaces{7ef5bb9b-24d6-4aa6-a938-6d497ebdca75}DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.83 192.168.0.1 -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINESYSTEMControlSet001ServicesTcpipParametersDhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.83 192.168.0.1 -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINESYSTEMControlSet001ServicesTcpipParametersInterfaces{7ef5bb9b-24d6-4aa6-a938-6d497ebdca75}DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.83 192.168.0.1 -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINESYSTEMControlSet002ServicesTcpipParametersDhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.83 192.168.0.1 -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINESYSTEMControlSet002ServicesTcpipParametersInterfaces{7ef5bb9b-24d6-4aa6-a938-6d497ebdca75}DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.83 192.168.0.1 -> Quarantined and deleted successfully. Infekterade mappar: (Inga illasinnade poster hittades) Infekterade filer: (Inga illasinnade poster hittades)
StefanT Posted November 10, 2008 Author Posted November 10, 2008 Här kommer nästa: M.v.h Stefan Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 18:08:05, on 2008-11-10 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16735) Boot mode: Normal Running processes: C:WINDOWSSystem32smss.exe C:WINDOWSsystem32winlogon.exe C:WINDOWSsystem32services.exe C:WINDOWSsystem32lsass.exe C:WINDOWSsystem32svchost.exe C:WINDOWSSystem32svchost.exe C:ProgramDelade filerSymantec SharedccSetMgr.exe C:ProgramDelade filerSymantec SharedccEvtMgr.exe C:ProgramDelade filerSymantec SharedccProxy.exe C:ProgramDelade filerSymantec SharedPIF{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}PIFSvc.exe C:ProgramDelade filerSymantec SharedSNDSrvc.exe C:ProgramDelade filerSymantec SharedSPBBCSPBBCSvc.exe C:ProgramDelade filerSymantec SharedCCPD-LCsymlcsvc.exe C:WINDOWSsystem32LEXBCES.EXE C:WINDOWSsystem32LEXPPS.EXE C:WINDOWSsystem32spoolsv.exe C:ProgramSymantecLiveUpdateALUSchedulerSvc.exe C:WINDOWSSystem32svchost.exe C:ProgramDellOpenManageClientIap.exe C:ProgramMicrosoft SQL ServerMSSQL$SPCSBinnsqlservr.exe C:ProgramNorton Internet SecurityNorton AntiVirusnavapsvc.exe C:WINDOWSsystem32svchost.exe C:WINDOWSExplorer.EXE C:ProgramMacrogamingSweetIMSweetIM.exe C:ProgramJavajre1.6.0_05binjusched.exe C:ProgramQuickTimeqttask.exe C:WINDOWSsystem32LXSUPMON.EXE C:WINDOWSsystem32igfxpers.exe C:WINDOWSsystem32hkcmd.exe C:ProgramCyberLinkPowerDVDDVDLauncher.exe C:ProgramDelade filerSymantec SharedccApp.exe C:WINDOWSsystem32ctfmon.exe C:ProgramWindows Media PlayerWMPNSCFG.exe C:ProgramGoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe C:ProgramWindows LiveMessengermsnmsgr.exe C:GarmingStart.exe C:ProgramDelade filerSymantec SharedSecurity ConsoleNSCSRVCE.EXE C:ProgramInternet Exploreriexplore.exe C:ProgramDelade filerMicrosoft SharedWindows LiveWLLoginProxy.exe C:ProgramMessengermsmsgs.exe C:ProgramTrend MicroHijackThisCatha.exe R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Search Bar = http://dellsearchedit.myway.com/samisc/del...ebar.jhtml?p=EB R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = https://upplandsbro.skola24.se/ R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www1.euro.dell.com/content/default....;l=sv&s=gen R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Länkar R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:ProgramMacrogamingSweetIMBarForIEtoolbar.dll O2 - BHO: mxlivemedia browser enhancer - {15f1de2b-e547-f1d4-f82d-d5bfd4ee2e0e} - C:WINDOWSsystem32tuyrgsacxlt.dll (file missing) O2 - BHO: (no name) - {4D25F921-B9FE-4682-BF72-8AB8210D6D75} - C:ProgramMyWaySASrchAsDedeSrcAs.dll (file missing) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:ProgramJavajre1.6.0_05binssv.dll O2 - BHO: Windows Live inloggningshjälpen - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:ProgramDelade filerMicrosoft SharedWindows LiveWindowsLiveLogin.dll O2 - BHO: Norton Internet Security 2006 - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:ProgramDelade filerSymantec SharedAdBlockingNISShExt.dll O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:ProgramNorton Internet SecurityNorton AntiVirusNavShExt.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:programgooglegoogletoolbar1.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:ProgramGoogleGoogleToolbarNotifier3.1.807.1746swg.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:ProgramWindows Live Toolbarmsntb.dll O3 - Toolbar: Norton Internet Security 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:ProgramDelade filerSymantec SharedAdBlockingNISShExt.dll O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:ProgramNorton Internet SecurityNorton AntiVirusNavShExt.dll O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:ProgramMacrogamingSweetIMBarForIEtoolbar.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:programgooglegoogletoolbar1.dll O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:ProgramWinamp Toolbarwinamptb.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:ProgramWindows Live Toolbarmsntb.dll O4 - HKLM..Run: [symantec PIF AlertEng] "C:ProgramDelade filerSymantec SharedPIF{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}PIFSvc.exe" /a /m "C:ProgramDelade filerSymantec SharedPIF{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}AlertEng.dll" O4 - HKLM..Run: [C:WINDOWSsystem32kdihl.exe] C:WINDOWSsystem32kdihl.exe O4 - HKLM..Run: [Windows Updater] updater.com O4 - HKLM..Run: [WinampAgent] C:ProgramWinampwianmpa.exe O4 - HKLM..Run: [sweetIM] C:ProgramMacrogamingSweetIMSweetIM.exe O4 - HKLM..Run: [sunJavaUpdateSched] "C:ProgramJavajre1.6.0_05binjusched.exe" O4 - HKLM..Run: [QuickTime Task] "C:ProgramQuickTimeqttask.exe" -atboottime O4 - HKLM..Run: [LXSUPMON] C:WINDOWSsystem32LXSUPMON.EXE RUN O4 - HKLM..Run: [KernelFaultCheck] %systemroot%system32dumprep 0 -k O4 - HKLM..Run: [igfxtray] C:WINDOWSsystem32igfxtray.exe O4 - HKLM..Run: [igfxpers] C:WINDOWSsystem32igfxpers.exe O4 - HKLM..Run: [igfxhkcmd] C:WINDOWSsystem32hkcmd.exe O4 - HKLM..Run: [DVDLauncher] "C:ProgramCyberLinkPowerDVDDVDLauncher.exe" O4 - HKLM..Run: [ccApp] "C:ProgramDelade filerSymantec SharedccApp.exe" O4 - HKLM..Run: [Adobe Reader Speed Launcher] "C:ProgramAdobeReader 8.0ReaderReader_sl.exe" O4 - HKCU..Run: [ctfmon.exe] C:WINDOWSsystem32ctfmon.exe O4 - HKCU..Run: [WMPNSCFG] C:ProgramWindows Media PlayerWMPNSCFG.exe O4 - HKCU..Run: [swg] C:ProgramGoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe O4 - HKCU..Run: [MsnMsgr] "C:ProgramWindows LiveMessengermsnmsgr.exe" /background O4 - HKCU..Run: [gStart] C:GarmingStart.exe O4 - HKCU..Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:ProgramDelade filerAheadLibNMBgMonitor.exe" O4 - HKUSS-1-5-19..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User 'LOKAL TJÄNST') O4 - HKUSS-1-5-20..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUSS-1-5-18..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User 'SYSTEM') O4 - HKUS.DEFAULT..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User 'Default user') O7 - HKLMSoftwareMicrosoftWindowsCurrentVersionPoliciesSystem, DisableRegedit=1 O8 - Extra context menu item: &Winamp Toolbar Search - C:Documents and SettingsAll UsersApplication DataWinamp ToolbarieToolbarresourcesen-USlocalsearch.html O8 - Extra context menu item: &Windows Live Search - res://C:ProgramWindows Live Toolbarmsntb.dll/search.htm O8 - Extra context menu item: Add to AMV Converter... - C:ProgramMP3 Player Utilities 4.15AMVConvertergrab.html O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:ProgramMICROS~2OFFICE11EXCEL.EXE/3000 O8 - Extra context menu item: MediaManager tool grab multimedia file - C:ProgramMP3 Player Utilities 4.15MediaManagergrab.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:ProgramJavajre1.6.0_05binssv.dll O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:ProgramJavajre1.6.0_05binssv.dll O9 - Extra button: Blogga detta - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:ProgramWindows LiveWriterWriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Blogga detta i Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:ProgramWindows LiveWriterWriterBrowserExtension.dll O9 - Extra button: Referensinformation - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:ProgramMICROS~2OFFICE11REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:WINDOWSNetwork Diagnosticxpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:WINDOWSNetwork Diagnosticxpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:ProgramMessengermsmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:ProgramMessengermsmsgs.exe O16 - DPF: {45A0A292-ECC6-4D8F-9EA9-A4BD411D24C1} (king.com) - http://www.king.com/ctl/kingcomie.cab O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game12.zylom.com/activex/zylomgamesplayer.cab O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab O20 - AppInit_DLLs: bjxykt.dll O20 - Winlogon Notify: wvukjbcb - wvUkJbcB.dll (file missing) O23 - Service: Automatisk LiveUpdate-schemaläggare - Symantec Corporation - C:ProgramSymantecLiveUpdateALUSchedulerSvc.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:ProgramDelade filerSymantec SharedccEvtMgr.exe O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:ProgramNorton Internet SecurityccPwdSvc.exe O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:ProgramDelade filerSymantec SharedccProxy.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:ProgramDelade filerSymantec SharedccSetMgr.exe O23 - Service: COM Host (comHost) - Symantec Corporation - C:ProgramNorton Internet SecuritycomHost.exe O23 - Service: Google Updater Service (gusvc) - Google - C:ProgramGoogleCommonGoogle UpdaterGoogleUpdaterService.exe O23 - Service: Iap - Dell Inc - C:ProgramDellOpenManageClientIap.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:WINDOWSsystem32LEXBCES.EXE O23 - Service: LiveUpdate - Symantec Corporation - C:ProgramSymantecLIVEUP~1LUCOMS~1.EXE O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:ProgramDelade filerSymantec SharedPIF{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}PIFSvc.exe O23 - Service: Norton AntiVirus Auto Protect-tjänst (navapsvc) - Symantec Corporation - C:ProgramNorton Internet SecurityNorton AntiVirusnavapsvc.exe O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:ProgramIntelNCSSyncNetSvc.exe O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:ProgramDelade filerSymantec SharedSecurity ConsoleNSCSRVCE.EXE O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:ProgramNorton Internet SecurityNorton AntiVirusSAVScan.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:ProgramDelade filerSymantec SharedSNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:ProgramDelade filerSymantec SharedSPBBCSPBBCSvc.exe O23 - Service: Symantec Core LC - Unknown owner - C:ProgramDelade filerSymantec SharedCCPD-LCsymlcsvc.exe O23 - Service: Symantec RemoteAssist - Symantec, Inc. - C:ProgramDelade filerSymantec SharedSupport Controlsssrc.exe O24 - Desktop Component 0: (no name) - http://www.microsoft.com/windows/plus/imag...ish_150x106.jpg -- End of file - 12055 bytes
Guest Malou Posted November 10, 2008 Posted November 10, 2008 Hej StefanT! Ser mycket bättre ut Men det återstår en del procedurer att göra då där fortfarande finns otyg i systemet och som då Malwarebytes' Anti-Malware inte rår på. Hämta hem ComboFix från nedanstående länk: http://download.bleepingcomputer.com/sUBs/ComboFix.exe 1: Spara ComboFix till skrivbordet: OBS: Dra ur Internetanslutningen => stäng av/avaktivera antivirusprogram/antispionprogram. Gå nu vidare med nedanstående:. 1: Dubbelklicka på ComboFix för att starta den 2: Följ anvisningarna som visas på skärmen. 3: När den är färdig så skall en text-logg komma upp, kopiera och klistra in den här Kan även hittas här => (C:ComboFix.txt) 4: Gör en ny TM HJT-logg, kopiera även in den. VIKTIGT! Klicka INTE på Combofix-fönstret med musen när den körs annars kan den hänga upp sig. OBS: Kontrollera att antivirusprogram/antispionprogram mm är återaktiverade innan du ansluter till Internet. OBSERVERA: Verktyget/Programmet kan ge problem med uppkopplingen (tex trådlös). Om problem uppstår prova då nedanstående. Gå till => Kontrollpanelen => Nätverksanslutningar => högerklicka på din Internetanslutning => välj Reparera ELLER Starta om datorn. VARNING!: ComboFix förhindrar automatisk körning av CD, disketter och USB-enheter för att göra det lättare att rensa datorn. Det kan bli problem t ex om du har internet via ett USB-modem eller USB-nätverkskort. Säg då till i stället för att köra ComboFix. MVH/Malou
Guest Malou Posted November 10, 2008 Posted November 10, 2008 Hej igen StefanT! Är nedanstående program något som du själv har installerat? C:ProgramMacrogaming C:ProgramMyWaySA SweetIM Är det du själv som har lagt den här som skrivbordsbakgrund och vill att den startar upp samtidigt med att datorn startar? O24 - Desktop Component 0: (no name) - http://www.microsoft.com/windows/plus/imag...ish_150x106.jpg MVH/Malou
StefanT Posted November 11, 2008 Author Posted November 11, 2008 Hej Malou Det är mest barnen som använder datorn. Så om det är avsiktligt eller inte som MyWaySA och Macrogaming är installerat vet jag inte, men det är inget som vi kommer sakna om man ska ta bort dessa. Detsamma är det med bakgrundsbilden. Tyckte att Combofix verkade ta bort en del filer i MyWaySA när det kördes i alla fall. Bifogar senaste loggfilerna. Ha en bra dag //Stefan Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 10:16:39, on 2008-11-11 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16735) Boot mode: Normal Running processes: C:WINDOWSSystem32smss.exe C:WINDOWSsystem32winlogon.exe C:WINDOWSsystem32services.exe C:WINDOWSsystem32lsass.exe C:WINDOWSsystem32svchost.exe C:WINDOWSSystem32svchost.exe C:ProgramDelade filerSymantec SharedccSetMgr.exe C:ProgramDelade filerSymantec SharedccEvtMgr.exe C:ProgramDelade filerSymantec SharedccProxy.exe C:ProgramDelade filerSymantec SharedPIF{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}PIFSvc.exe C:ProgramDelade filerSymantec SharedSNDSrvc.exe C:ProgramDelade filerSymantec SharedSPBBCSPBBCSvc.exe C:ProgramDelade filerSymantec SharedCCPD-LCsymlcsvc.exe C:WINDOWSsystem32LEXBCES.EXE C:WINDOWSsystem32LEXPPS.EXE C:WINDOWSsystem32spoolsv.exe C:ProgramSymantecLiveUpdateALUSchedulerSvc.exe C:WINDOWSSystem32svchost.exe C:ProgramDellOpenManageClientIap.exe C:ProgramMicrosoft SQL ServerMSSQL$SPCSBinnsqlservr.exe C:ProgramNorton Internet SecurityNorton AntiVirusnavapsvc.exe C:WINDOWSsystem32svchost.exe C:WINDOWSExplorer.EXE C:ProgramMacrogamingSweetIMSweetIM.exe C:ProgramJavajre1.6.0_05binjusched.exe C:ProgramQuickTimeqttask.exe C:WINDOWSsystem32LXSUPMON.EXE C:WINDOWSsystem32igfxpers.exe C:WINDOWSsystem32hkcmd.exe C:ProgramCyberLinkPowerDVDDVDLauncher.exe C:ProgramDelade filerSymantec SharedccApp.exe C:WINDOWSsystem32ctfmon.exe C:ProgramWindows Media PlayerWMPNSCFG.exe C:ProgramGoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe C:GarmingStart.exe C:ProgramWindows LiveMessengermsnmsgr.exe C:ProgramDelade filerSymantec SharedSecurity ConsoleNSCSRVCE.EXE C:ProgramInternet ExplorerIEXPLORE.EXE C:ProgramDelade filerMicrosoft SharedWindows LiveWLLoginProxy.exe C:ProgramMessengermsmsgs.exe C:ProgramTrend MicroHijackThisCatha.exe R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = https://upplandsbro.skola24.se/ R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www1.euro.dell.com/content/default....;l=sv&s=gen R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Länkar R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:ProgramMacrogamingSweetIMBarForIEtoolbar.dll O2 - BHO: (no name) - {4D25F921-B9FE-4682-BF72-8AB8210D6D75} - C:ProgramMyWaySASrchAsDedeSrcAs.dll (file missing) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:ProgramJavajre1.6.0_05binssv.dll O2 - BHO: Windows Live inloggningshjälpen - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:ProgramDelade filerMicrosoft SharedWindows LiveWindowsLiveLogin.dll O2 - BHO: Norton Internet Security 2006 - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:ProgramDelade filerSymantec SharedAdBlockingNISShExt.dll O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:ProgramNorton Internet SecurityNorton AntiVirusNavShExt.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:programgooglegoogletoolbar1.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:ProgramGoogleGoogleToolbarNotifier3.1.807.1746swg.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:ProgramWindows Live Toolbarmsntb.dll O3 - Toolbar: Norton Internet Security 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:ProgramDelade filerSymantec SharedAdBlockingNISShExt.dll O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:ProgramNorton Internet SecurityNorton AntiVirusNavShExt.dll O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:ProgramMacrogamingSweetIMBarForIEtoolbar.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:programgooglegoogletoolbar1.dll O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:ProgramWinamp Toolbarwinamptb.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:ProgramWindows Live Toolbarmsntb.dll O4 - HKLM..Run: [symantec PIF AlertEng] "C:ProgramDelade filerSymantec SharedPIF{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}PIFSvc.exe" /a /m "C:ProgramDelade filerSymantec SharedPIF{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}AlertEng.dll" O4 - HKLM..Run: [sweetIM] C:ProgramMacrogamingSweetIMSweetIM.exe O4 - HKLM..Run: [sunJavaUpdateSched] "C:ProgramJavajre1.6.0_05binjusched.exe" O4 - HKLM..Run: [QuickTime Task] "C:ProgramQuickTimeqttask.exe" -atboottime O4 - HKLM..Run: [LXSUPMON] C:WINDOWSsystem32LXSUPMON.EXE RUN O4 - HKLM..Run: [igfxtray] C:WINDOWSsystem32igfxtray.exe O4 - HKLM..Run: [igfxpers] C:WINDOWSsystem32igfxpers.exe O4 - HKLM..Run: [igfxhkcmd] C:WINDOWSsystem32hkcmd.exe O4 - HKLM..Run: [DVDLauncher] "C:ProgramCyberLinkPowerDVDDVDLauncher.exe" O4 - HKLM..Run: [ccApp] "C:ProgramDelade filerSymantec SharedccApp.exe" O4 - HKLM..Run: [Adobe Reader Speed Launcher] "C:ProgramAdobeReader 8.0ReaderReader_sl.exe" O4 - HKCU..Run: [ctfmon.exe] C:WINDOWSsystem32ctfmon.exe O4 - HKCU..Run: [WMPNSCFG] C:ProgramWindows Media PlayerWMPNSCFG.exe O4 - HKCU..Run: [swg] C:ProgramGoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe O4 - HKCU..Run: [MsnMsgr] "C:ProgramWindows LiveMessengermsnmsgr.exe" /background O4 - HKCU..Run: [gStart] C:GarmingStart.exe O4 - HKUSS-1-5-19..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User 'LOKAL TJÄNST') O4 - HKUSS-1-5-20..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUSS-1-5-18..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User 'SYSTEM') O4 - HKUS.DEFAULT..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User 'Default user') O8 - Extra context menu item: &Winamp Toolbar Search - C:Documents and SettingsAll UsersApplication DataWinamp ToolbarieToolbarresourcesen-USlocalsearch.html O8 - Extra context menu item: &Windows Live Search - res://C:ProgramWindows Live Toolbarmsntb.dll/search.htm O8 - Extra context menu item: Add to AMV Converter... - C:ProgramMP3 Player Utilities 4.15AMVConvertergrab.html O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:ProgramMICROS~2OFFICE11EXCEL.EXE/3000 O8 - Extra context menu item: MediaManager tool grab multimedia file - C:ProgramMP3 Player Utilities 4.15MediaManagergrab.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:ProgramJavajre1.6.0_05binssv.dll O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:ProgramJavajre1.6.0_05binssv.dll O9 - Extra button: Blogga detta - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:ProgramWindows LiveWriterWriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Blogga detta i Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:ProgramWindows LiveWriterWriterBrowserExtension.dll O9 - Extra button: Referensinformation - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:ProgramMICROS~2OFFICE11REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:ProgramMessengermsmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:ProgramMessengermsmsgs.exe O16 - DPF: {45A0A292-ECC6-4D8F-9EA9-A4BD411D24C1} (king.com) - http://www.king.com/ctl/kingcomie.cab O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game12.zylom.com/activex/zylomgamesplayer.cab O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab O20 - AppInit_DLLs: bjxykt.dll O23 - Service: Automatisk LiveUpdate-schemaläggare - Symantec Corporation - C:ProgramSymantecLiveUpdateALUSchedulerSvc.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:ProgramDelade filerSymantec SharedccEvtMgr.exe O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:ProgramNorton Internet SecurityccPwdSvc.exe O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:ProgramDelade filerSymantec SharedccProxy.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:ProgramDelade filerSymantec SharedccSetMgr.exe O23 - Service: COM Host (comHost) - Symantec Corporation - C:ProgramNorton Internet SecuritycomHost.exe O23 - Service: Google Updater Service (gusvc) - Google - C:ProgramGoogleCommonGoogle UpdaterGoogleUpdaterService.exe O23 - Service: Iap - Dell Inc - C:ProgramDellOpenManageClientIap.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:WINDOWSsystem32LEXBCES.EXE O23 - Service: LiveUpdate - Symantec Corporation - C:ProgramSymantecLIVEUP~1LUCOMS~1.EXE O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:ProgramDelade filerSymantec SharedPIF{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}PIFSvc.exe O23 - Service: Norton AntiVirus Auto Protect-tjänst (navapsvc) - Symantec Corporation - C:ProgramNorton Internet SecurityNorton AntiVirusnavapsvc.exe O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:ProgramIntelNCSSyncNetSvc.exe O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:ProgramDelade filerSymantec SharedSecurity ConsoleNSCSRVCE.EXE O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:ProgramNorton Internet SecurityNorton AntiVirusSAVScan.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:ProgramDelade filerSymantec SharedSNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:ProgramDelade filerSymantec SharedSPBBCSPBBCSvc.exe O23 - Service: Symantec Core LC - Unknown owner - C:ProgramDelade filerSymantec SharedCCPD-LCsymlcsvc.exe O23 - Service: Symantec RemoteAssist - Symantec, Inc. - C:ProgramDelade filerSymantec SharedSupport Controlsssrc.exe O24 - Desktop Component 0: (no name) - http://www.microsoft.com/windows/plus/imag...ish_150x106.jpg -- End of file - 11000 bytes
StefanT Posted November 11, 2008 Author Posted November 11, 2008 ComboFix 08-11-09.04 - Catharina Andree 2008-11-10 19:18:42.1 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1053.18.214 [GMT 1:00] Running from: c:documents and settingsCatharina AndreeSkrivbordComboFix.exe * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:documents and settingsAll UsersApplication DataHotbarSA c:documents and settingsAll UsersApplication DataHotbarSAHotbarSA.dat c:documents and settingsAll UsersApplication DataHotbarSAHotbarSA_kyf.dat c:documents and settingsAll UsersApplication DataHotbarSAHotbarSAAbout.mht c:documents and settingsAll UsersApplication DataHotbarSAHotbarSAau.dat c:documents and settingsAll UsersApplication DataHotbarSAHotbarSAEULA.mht c:documents and settingsAll UsersStart-menyProgramHotbar c:documents and settingsAll UsersStart-menyProgramHotbarAbout Hotbar.lnk c:documents and settingsAll UsersStart-menyProgramHotbarHotbar Customer Support Center.lnk c:documents and settingsAll UsersStart-menyProgramHotbarReset Cursor.lnk c:documents and settingsAll UsersStart-menyProgramHotbarUninstall Hotbar.lnk c:documents and settingsCatharina AndreeApplication DataHbTools c:documents and settingsCatharina AndreeApplication DataHbTools(2) c:documents and settingsCatharina AndreeApplication DataHbTools(2)HbTools.log c:documents and settingsCatharina AndreeApplication DataHbTools(2)v3(2).0HbTools(2)dynamic(2)279882.sdf c:documents and settingsCatharina AndreeApplication DataHbTools(2)v3(2).0HbTools(2)dynamic(2)TooltipXML29115 c:documents and settingsCatharina AndreeApplication DataHbTools(2)v3(2).0HbTools(2)dynamic(2)TooltipXML39280 c:documents and settingsCatharina AndreeApplication DataHbTools(2)v3(2).0HbTools(2)dynamic(2)TooltipXML44228 c:documents and settingsCatharina AndreeApplication DataHbTools(2)v3(2).0HbTools(2)dynamic(2)TooltipXML618304 c:documents and settingsCatharina AndreeApplication DataHbTools(2)v3(2).0HbTools(2)dynamic(2)TooltipXML706496 c:documents and settingsCatharina AndreeApplication DataHbTools(2)v3(2).0HbTools(2)dynamic(2)TooltipXML706539 c:documents and settingsCatharina AndreeApplication DataHbToolsHbTools.log c:documents and settingsCatharina AndreeApplication DataHbToolsv3.0hbtoolsdynamic1.sdf c:documents and settingsCatharina AndreeApplication DataHbToolsv3.0hbtoolsstatic1ads.cdf c:documents and settingsCatharina AndreeApplication DataHbToolsv3.0hbtoolsstatic1btntrans.idx c:documents and settingsCatharina AndreeApplication DataHbToolsv3.0hbtoolsstatic1btntrans1.dat c:documents and settingsCatharina AndreeApplication DataHbToolsv3.0hbtoolsstatic1business_promo.htm c:documents and settingsCatharina AndreeApplication DataHbToolsv3.0hbtoolsstatic1buttondir.txt c:documents and settingsCatharina AndreeApplication DataHbToolsv3.0hbtoolsstatic1components.cdf c:documents and settingsCatharina AndreeApplication DataHbToolsv3.0hbtoolsstatic1cursors.res c:documents and settingsCatharina AndreeApplication DataHbToolsv3.0hbtoolsstatic1d_icons_buttons_1000.res c:documents and settingsCatharina AndreeApplication DataHbToolsv3.0hbtoolsstatic1d_icons_buttons_2000.res c:documents and settingsCatharina AndreeApplication DataHbToolsv3.0hbtoolsstatic1d_icons_buttons_3000.res c:documents and settingsCatharina AndreeApplication DataHbToolsv3.0hbtoolsstatic1d_icons_buttons_bar.res c:documents and settingsCatharina AndreeApplication DataHbToolsv3.0hbtoolsstatic1d_icons_buttons_bbar1.res c:documents and settingsCatharina AndreeApplication DataHbToolsv3.0hbtoolsstatic1d_icons_buttons_logos.res c:documents and settingsCatharina AndreeApplication DataHbToolsv3.0hbtoolsstatic1d_icons_buttons_other.res c:documents and settingsCatharina AndreeApplication DataHbToolsv3.0hbtoolsstatic1d_icons_weather.res c:documents and settingsCatharina AndreeApplication DataHbToolsv3.0hbtoolsstatic1default.cdf c:documents and settingsCatharina AndreeApplication DataHbToolsv3.0hbtoolsstatic1Default_511745-514279.mnu c:documents and settingsCatharina AndreeApplication DataHbToolsv3.0hbtoolsstatic1Default_bidz.mnu c:documents and settingsCatharina AndreeApplication DataHbToolsv3.0hbtoolsstatic1Default_bidz1.mnu c:documents and settingsCatharina AndreeApplication DataHbToolsv3.0hbtoolsstatic1Default_bidz10.mnu c:documents and settingsCatharina AndreeApplication DataHbToolsv3.0hbtoolsstatic1Default_bidz11.mnu c:documents and settingsCatharina AndreeApplication DataHbToolsv3.0hbtoolsstatic1Default_bidz12.mnu c:documents and settingsCatharina AndreeApplication DataHbToolsv3.0hbtoolsstatic1Default_bidz13.mnu c:documents and settingsCatharina AndreeApplication DataHbToolsv3.0hbtoolsstatic1Default_bidz14.mnu c:documents and settingsCatharina AndreeApplication DataHbToolsv3.0hbtoolsstatic1Default_bidz15.mnu c:documents and settingsCatharina AndreeApplication DataHbToolsv3.0hbtoolsstatic1Default_bidz16.mnu c:documents and settingsCatharina AndreeApplication DataHbToolsv3.0hbtoolsstatic1Default_bidz17.mnu c:documents and settingsCatharina AndreeApplication DataHbToolsv3.0hbtoolsstatic1Default_bidz18.mnu c:documents and settingsCatharina AndreeApplication DataHbToolsv3.0hbtoolsstatic1Default_bidz19.mnu c:documents and settingsCatharina AndreeApplication DataHbToolsv3.0hbtoolsstatic1Default_bidz2.mnu c:documents and settingsCatharina AndreeApplication DataHbToolsv3.0hbtoolsstatic1Default_bidz20.mnu c:documents and settingsCatharina AndreeApplication DataHbToolsv3.0hbtoolsstatic1Default_bidz3.mnu c:documents and settingsCatharina AndreeApplication DataHbToolsv3.0hbtoolsstatic1Default_bidz4.mnu c:documents and settingsCatharina AndreeApplication DataHbToolsv3.0hbtoolsstatic1Default_bidz5.mnu c:documents and settingsCatharina AndreeApplication DataHbToolsv3.0hbtoolsstatic1Default_bidz6.mnu c:documents and settingsCatharina AndreeApplication DataHbToolsv3.0hbtoolsstatic1Default_bidz7.mnu c:documents and settingsCatharina AndreeApplication DataHbToolsv3.0hbtoolsstatic1Default_bidz8.mnu c:documents and settingsCatharina AndreeApplication DataHbToolsv3.0hbtoolsstatic1Default_bidz9.mnu c:documents and settingsCatharina AndreeApplication DataHbToolsv3.0hbtoolsstatic1Default_categorize.mnu c:documents and settingsCatharina AndreeApplication DataHbToolsv3.0hbtoolsstatic1Default_comparison.mnu c:documents and settingsCatharina AndreeApplication DataHbToolsv3.0hbtoolsstatic1Default_em_PROFL_CA_flow_b_IEB.mnu c:documents and settingsCatharina AndreeApplication DataHbToolsv3.0hbtoolsstatic1Default_explorer-Mails.mnu c:documents and settingsCatharina AndreeApplication DataHbToolsv3.0hbtoolsstatic1Default_explorer-people.mnu c:documents and settingsCatharina AndreeApplication DataHbToolsv3.0hbtoolsstatic1Default_favorites.mnu c:documents and settingsCatharina AndreeApplication DataHbToolsv3.0hbtoolsstatic1Default_Games.mnu c:documents and settingsCatharina AndreeApplication DataHbToolsv3.0hbtoolsstatic1Default_Hide.mnu c:documents and settingsCatharina AndreeApplication DataHbToolsv3.0hbtoolsstatic1Default_hotbarcom.mnu c:documents and settingsCatharina AndreeApplication DataHbToolsv3.0hbtoolsstatic1Default_Hotmail.mnu c:documents and settingsCatharina AndreeApplication DataHbToolsv3.0hbtoolsstatic1Default_hsskin.mnu c:documents and settingsCatharina AndreeApplication DataHbToolsv3.0hbtoolsstatic1Default_jemster.mnu c:documents and settingsCatharina AndreeApplication DataHbToolsv3.0hbtoolsstatic1Default_jemsterie.mnu c:documents and settingsCatharina AndreeApplication DataHbToolsv3.0hbtoolsstatic1Default_jemsteruk.mnu c:documents and settingsCatharina AndreeApplication DataHbToolsv3.0hbtoolsstatic1Default_jobsearch.mnu c:documents and settingsCatharina AndreeApplication DataHbToolsv3.0hbtoolsstatic1Default_Mails.mnu c:documents and settingsCatharina AndreeApplication DataHbToolsv3.0hbtoolsstatic1Default_new.mnu c:documents and settingsCatharina AndreeApplication DataHbToolsv3.0hbtoolsstatic1Default_premium.mnu c:documents and settingsCatharina AndreeApplication DataHbToolsv3.0hbtoolsstatic1Default_reun.mnu c:documents and settingsCatharina AndreeApplication DataHbToolsv3.0hbtoolsstatic1Default_ringtones.mnu c:documents and settingsCatharina AndreeApplication DataHbToolsv3.0hbtoolsstatic1Default_SearchBoxTrapper.mnu c:documents and settingsCatharina AndreeApplication DataHbToolsv3.0hbtoolsstatic1Default_searchfor.mnu c:documents and settingsCatharina AndreeApplication DataHbToolsv3.0hbtoolsstatic1Default_searchgo.mnu c:documents and settingsCatharina AndreeApplication DataHbToolsv3.0hbtoolsstatic1Default_weather.mnu c:documents and settingsCatharina AndreeApplication DataHbToolsv3.0hbtoolsstatic1Default_yellowpages.mnu c:documents and settingsCatharina AndreeApplication DataHbToolsv3.0hbtoolsstatic1email-def-511724-548964.mnu c:documents and settingsCatharina AndreeApplication DataHbToolsv3.0hbtoolsstatic1email-def-511724-9595.mnu c:documents and settingsCatharina AndreeApplication DataHbToolsv3.0hbtoolsstatic1email-t1-bg.res c:documents and settingsCatharina AndreeApplication DataHbToolsv3.0hbtoolsstatic1gamesmenu.cdf c:documents and settingsCatharina AndreeApplication DataHbToolsv3.0hbtoolsstatic1gamesMenu.mnu c:documents and settingsCatharina AndreeApplication DataHbToolsv3.0hbtoolsstatic1hb_ie_menu.res c:documents and settingsCatharina AndreeApplication DataHbToolsv3.0hbtoolsstatic1hotbar-premium-hotbar-premium.mnu c:documents and settingsCatharina AndreeApplication DataHbToolsv3.0hbtoolsstatic1hotbar-premium.cdf c:documents and settingsCatharina AndreeApplication DataHbToolsv3.0hbtoolsstatic1hotbar_promo.htm c:documents and settingsCatharina AndreeApplication DataHbToolsv3.0hbtoolsstatic1icons2.res c:documents and settingsCatharina AndreeApplication DataHbToolsv3.0hbtoolsstatic1ie_games_icon.res c:documents and settingsCatharina AndreeApplication DataHbToolsv3.0hbtoolsstatic1ie_video.res c:documents and settingsCatharina AndreeApplication DataHbToolsv3.0hbtoolsstatic1keywords.idx c:documents and settingsCatharina AndreeApplication DataHbToolsv3.0hbtoolsstatic1keywords1.dat c:documents and settingsCatharina AndreeApplication DataHbToolsv3.0hbtoolsstatic1layout.cdf c:documents and settingsCatharina AndreeApplication DataHbToolsv3.0hbtoolsstatic1linkpathlegal.txt c:documents and settingsCatharina AndreeApplication DataHbToolsv3.0hbtoolsstatic1more.res c:documents and settingsCatharina AndreeApplication DataHbToolsv3.0hbtoolsstatic1new_games.mnu c:documents and settingsCatharina AndreeApplication DataHbToolsv3.0hbtoolsstatic1progress.res c:documents and settingsCatharina AndreeApplication DataHbToolsv3.0hbtoolsstatic1s_icons_buttons.res c:documents and settingsCatharina AndreeApplication DataHbToolsv3.0hbtoolsstatic1sales_buttons.res c:documents and settingsCatharina AndreeApplication DataHbToolsv3.0hbtoolsstatic1t2_bg.res c:documents and settingsCatharina AndreeApplication DataHbToolsv3.0hbtoolsstatic1theweb.mnu c:documents and settingsCatharina AndreeApplication DataHbToolsv3.0hbtoolsstatic1top7.cdf c:documents and settingsCatharina AndreeApplication DataHbToolsv3.0hbtoolsstatic1Top7_theweb.mnu c:documents and settingsCatharina AndreeApplication DataHbToolsv3.0hbtoolsstatic1tsd_bg.res c:documents and settingsCatharina AndreeApplication DataHbToolsv3.0hbtoolsstatic1weathericon.res c:documents and settingsCatharina AndreeApplication DataHbToolsv3.0hbtoolsstaticDownLoadads.xip c:documents and settingsCatharina AndreeApplication DataHbToolsv3.0hbtoolsstaticDownLoadBtnTrans.xip c:documents and settingsCatharina AndreeApplication DataHbToolsv3.0hbtoolsstaticDownLoadBtnTrans1.xip c:documents and settingsCatharina AndreeApplication DataHbToolsv3.0hbtoolsstaticDownLoadbusiness_promo.xip c:documents and settingsCatharina AndreeApplication DataHbToolsv3.0hbtoolsstaticDownLoadbuttondir.xip c:documents and settingsCatharina AndreeApplication DataHbToolsv3.0hbtoolsstaticDownLoadcursors.xip c:documents and settingsCatharina AndreeApplication DataHbToolsv3.0hbtoolsstaticDownLoadd_icons_buttons_1000.xip c:documents and settingsCatharina AndreeApplication DataHbToolsv3.0hbtoolsstaticDownLoadd_icons_buttons_2000.xip c:documents and settingsCatharina AndreeApplication DataHbToolsv3.0hbtoolsstaticDownLoadd_icons_buttons_3000.xip c:documents and settingsCatharina AndreeApplication DataHbToolsv3.0hbtoolsstaticDownLoadd_icons_buttons_bar.xip c:documents and settingsCatharina AndreeApplication DataHbToolsv3.0hbtoolsstaticDownLoadd_icons_buttons_bbar1.xip c:documents and settingsCatharina AndreeApplication DataHbToolsv3.0hbtoolsstaticDownLoadd_icons_buttons_logos.xip c:documents and settingsCatharina AndreeApplication DataHbToolsv3.0hbtoolsstaticDownLoadd_icons_buttons_other.xip c:documents and settingsCatharina AndreeApplication DataHbToolsv3.0hbtoolsstaticDownLoadd_icons_weather.xip c:documents and settingsCatharina AndreeApplication DataHbToolsv3.0hbtoolsstaticDownLoaddefault.xip c:documents and settingsCatharina AndreeApplication DataHbToolsv3.0hbtoolsstaticDownLoademail-t1-bg.xip c:documents and settingsCatharina AndreeApplication DataHbToolsv3.0hbtoolsstaticDownLoadgamesmenu.xip c:documents and settingsCatharina AndreeApplication DataHbToolsv3.0hbtoolsstaticDownLoadhb_ie_menu.xip c:documents and settingsCatharina AndreeApplication DataHbToolsv3.0hbtoolsstaticDownLoadhotbar-premium.xip c:documents and settingsCatharina AndreeApplication DataHbToolsv3.0hbtoolsstaticDownLoadhotbar_promo.xip c:documents and settingsCatharina AndreeApplication DataHbToolsv3.0hbtoolsstaticDownLoadicons2.xip c:documents and settingsCatharina AndreeApplication DataHbToolsv3.0hbtoolsstaticDownLoadie_games_icon.xip c:documents and settingsCatharina AndreeApplication DataHbToolsv3.0hbtoolsstaticDownLoadie_video.xip c:documents and settingsCatharina AndreeApplication DataHbToolsv3.0hbtoolsstaticDownLoadkeywords.xip c:documents and settingsCatharina AndreeApplication DataHbToolsv3.0hbtoolsstaticDownLoadkeywords1.xip c:documents and settingsCatharina AndreeApplication DataHbToolsv3.0hbtoolsstaticDownLoadlayout.xip c:documents and settingsCatharina AndreeApplication DataHbToolsv3.0hbtoolsstaticDownLoadlinkpathlegal.xip c:documents and settingsCatharina AndreeApplication DataHbToolsv3.0hbtoolsstaticDownLoadmore.xip c:documents and settingsCatharina AndreeApplication DataHbToolsv3.0hbtoolsstaticDownLoadprogress.xip c:documents and settingsCatharina AndreeApplication DataHbToolsv3.0hbtoolsstaticDownLoads_icons_buttons.xip c:documents and settingsCatharina AndreeApplication DataHbToolsv3.0hbtoolsstaticDownLoadsales_buttons.xip c:documents and settingsCatharina AndreeApplication DataHbToolsv3.0hbtoolsstaticDownLoadsamplegroups2.txt c:documents and settingsCatharina AndreeApplication DataHbToolsv3.0hbtoolsstaticDownLoadsamplegroups2.xip c:documents and settingsCatharina AndreeApplication DataHbToolsv3.0hbtoolsstaticDownLoadt2_bg.xip c:documents and settingsCatharina AndreeApplication DataHbToolsv3.0hbtoolsstaticDownLoadtop7.xip c:documents and settingsCatharina AndreeApplication DataHbToolsv3.0hbtoolsstaticDownLoadtsd_bg.xip c:documents and settingsCatharina AndreeApplication DataHbToolsv3.0hbtoolsstaticDownLoadweathericon.xip c:documents and settingsCatharina AndreeApplication DataHotbar c:documents and settingsCatharina AndreeApplication DataHotbarHbTools.log c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1030104_emte10_prv.gif c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1030104_emte11_prv.gif c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1030104_emte12_prv.gif c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1030104_emte13_prv.gif c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1030104_emte14_prv.gif c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1030104_emte19_prv.gif c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1030104_emte20_prv.gif c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1030104_emte21_prv.gif c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1030104_emte9_prv.gif c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1030203lib_prv.gif c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1033102angel_1_prv.gif c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1033102bigluf_1_prv.gif c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1033102bigsmile_1_prv.gif c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1033102birthday_1_prv.gif c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1033102cheers_1_prv.gif c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1033102flo_1_prv.gif c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1033102good_1_prv.gif c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1033102jump_1_prv.gif c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1033102king_1_prv.gif c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1033102lough_1_prv.gif c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1033102luf_1_prv.gif c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1033102smile_1_prv.gif c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1033102smiled_1_prv.gif c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1033102sor_1_prv.gif c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1033102thanx_1_prv.gif c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1033102uhu_1_prv.gif c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1040103ahh_prv.gif c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1040103wow_prv.gif c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1040104_emi2_prv.gif c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1042102_1134_112_prv.gif c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1050103big_prv.gif c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1050103gig_prv.gif c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1050103hm_prv.gif c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1050103nomail_emoti_prv.gif c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1050103norm_prv.gif c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1060104_ema15_prv.gif c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1060104_ema16_prv.gif c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1060104_ema17_prv.gif c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1060104_ema18_prv.gif c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1060104_ema19_prv.gif c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1060104_ema20_prv.gif c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1060104_ema21_prv.gif c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1060104_ema24_prv.gif c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1060104_ema25_prv.gif c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1060104_ema26_prv.gif c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1060104_ema30_prv.gif c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1060104_ema33_prv.gif c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1060104_ema34_prv.gif c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1062802hippi_prv.gif c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1062802jumpie_prv.gif c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1080402argh_prv.gif c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1080402oops_prv.gif c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1080402ouch_prv.gif c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1082502no_prv.gif c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1082502yes_prv.gif c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1110103_boring1_prv.gif c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1110103_confused_prv.gif c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1110103_crying_ugly_prv.gif c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1110103_fantastic_prv.gif c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1110103_feel_better_prv.gif c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1110103_gimme_break_prv.gif c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1110103_heehee_prv.gif c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1110103_hlopaet_prv.gif c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1110103_ign_prv.gif c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1110103_lol_prv.gif c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1110103_no_comment_prv.gif c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1110103_peace_prv.gif c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1110103_smashing_prv.gif c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1110103_talk2thehand_prv.gif c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1block_sm.gif c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1block_sm2.gif c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1block_smli.gif c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1block_smli2.gif c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1blocked.gif c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1blocked2.gif c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1btn_add-but.gif c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1btn_back-but.gif c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1btn_left_cut_enabled_1.gif c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1btn_left_enabled_1.gif c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1btn_left_pressed_1.gif c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1btn_middle_enabled_1.gif c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1btn_middle_pressed_1.gif c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1btn_right_cut_enabled_1.gif c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1btn_right_enabled_1.gif c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1btn_right_pressed_1.gif c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1business_promo.htm
StefanT Posted November 11, 2008 Author Posted November 11, 2008 c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1buttondir.txt c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1components.cdf c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1css_cattree.css c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1css_flashpreview.css c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1css2_main.css c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1css2_pagingmodule.css c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1css2_topbuttons.css c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1delete.gif c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1edit_clear_sound.gif c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1edit_fs.htm c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1edit_select.gif c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1email-def-511724-543450.mnu c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1email-def-511724-548964.mnu c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1email-def-511724-589306.mnu c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1email-def-511724-591943.mnu c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1email-def-511724-592579.mnu c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1email-def-511724-598579.mnu c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1email-def-511724-603763.mnu c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1email-def-511724-9595.mnu c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1email-def-511724-9696.mnu c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1email-def-511745-514279.mnu c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1email-def-email-backgrounds.mnu c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1email-def-email-bcards.mnu c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1email-def-email-ecards.mnu c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1email-def-email-emoticons.mnu c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1email-def-email-estationery.mnu c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1email-def-email-funny.mnu c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1email-def-email-help.mnu c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1email-def-email-images.mnu c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1email-def-email-info.mnu c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1email-def-email-more.mnu c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1email-def-email-my.mnu c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1email-def-email-new.mnu c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1email-def-email-new2.mnu c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1email-def-email-options.mnu c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1email-def-email-people.mnu c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1email-def-email-photo.mnu c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1email-def-email-tell.mnu c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1email-def-email-temp.mnu c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1email-def-email-text.mnu c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1email-def-email-voice.mnu c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1email-def.cdf c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1email-premium-email-premium.mnu c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1email-t1-bg.res c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1email-temp-bg.res c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1estatationery.gif c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1flashpatch.js c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1flashpreview.htm c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1fs3.htm c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1hotbar_promo.htm c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1icon_checked_1.gif c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1icon_close_1.gif c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1icon_close_pressed_1.gif c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1icon_edit_preview.gif c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1icon_edit_send.gif c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1icon_flash_preview.gif c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1icon_recently_used.gif c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1icon_remove_1.gif c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1icon_remove_pressed_1.gif c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1icon_sand-clock2.gif c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1icon_tell_1.gif c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1icon_tell_pressed_1.gif c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1icon_tree_null.gif c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1icon_unchecked_1.gif c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1icon_unchecked_pressed_1.gif c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1img_barlayout.gif c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1img_barlayout2.gif c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1img_barlayout4.gif c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1img_corner_left.gif c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1img_local_logo.gif c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1js2_basetemplate.js c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1js2_hbgroups.js c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1js2_hbobject3.js c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1js2_hbobjectset3.js c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1js2_hotbarwrapper.js c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1js2_iteratorsandreaders3nf.js c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1js2_pagingmoduleobj3.js c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1js2_texts3.js c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1js2_xmltree3nf.js c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1layout.cdf c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1linkpathlegal.txt c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1more.res c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1n.gif c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1nav_b_2.gif c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1nav_bb_2.gif c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1nav_f_2.gif c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1nav_ff_2.gif c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1pro_hb_fo_word.gif c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1progress.res c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1sales_buttons.res c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1searchbtn.gif c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1submit.gif c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1tab_bg.gif c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1tab_bga.gif c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1tab_bgia.gif c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1tab_l.gif c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1tab_la.gif c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1tab_lia.gif c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1tab_r.gif c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1tab_ra.gif c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1tab_ria.gif c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1tree_dots.gif c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1tree_minus.gif c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1tree_plus.gif c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1treedata_animations.xml c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1treedata_backgrounds.xml c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1treedata_ecards.xml c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1treedata_emoticons.xml c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1treedata_notifiers.xml c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstatic1treedata_text.xml c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstaticDownLoadbusiness_promo.xip c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstaticDownLoadbuttondir.xip c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstaticDownLoadcode.xip c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstaticDownLoademail-def.xip c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstaticDownLoademail-t1-bg.xip c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstaticDownLoademail-temp-bg.xip c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstaticDownLoadhotbar_promo.xip c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstaticDownLoadimages.xip c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstaticDownLoadlayout.xip c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstaticDownLoadlinkpathlegal.xip c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstaticDownLoadlocalcontent.xip c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstaticDownLoadmore.xip c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstaticDownLoadpro_hb_fo_word.xip c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstaticDownLoadprogress.xip c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstaticDownLoadsales_buttons.xip c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HostOLstaticDownLoadtreexml.xip c:documents and settingsCatharina AndreeApplication DataHotbarv3.0Hotbardynamic3423589.sdf c:documents and settingsCatharina AndreeApplication DataHotbarv3.0Hotbardynamicdomains.txt c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HotbardynamicTooltipXML20570 c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HotbardynamicTooltipXML26664 c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HotbardynamicTooltipXML44228 c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HotbardynamicTooltipXML66836 c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HotbardynamicTooltipXML82292 c:documents and settingsCatharina AndreeApplication DataHotbarv3.0Hotbardynamicustat35d1.dat c:documents and settingsCatharina AndreeApplication DataHotbarv3.0Hotbarstatic1ads.cdf c:documents and settingsCatharina AndreeApplication DataHotbarv3.0Hotbarstatic1btntrans.idx c:documents and settingsCatharina AndreeApplication DataHotbarv3.0Hotbarstatic1btntrans1.dat c:documents and settingsCatharina AndreeApplication DataHotbarv3.0Hotbarstatic1business_promo.htm c:documents and settingsCatharina AndreeApplication DataHotbarv3.0Hotbarstatic1buttondir.txt c:documents and settingsCatharina AndreeApplication DataHotbarv3.0Hotbarstatic1components.cdf c:documents and settingsCatharina AndreeApplication DataHotbarv3.0Hotbarstatic1cursors.res c:documents and settingsCatharina AndreeApplication DataHotbarv3.0Hotbarstatic1d_icons_buttons_1000.res c:documents and settingsCatharina AndreeApplication DataHotbarv3.0Hotbarstatic1d_icons_buttons_2000.res c:documents and settingsCatharina AndreeApplication DataHotbarv3.0Hotbarstatic1d_icons_buttons_3000.res c:documents and settingsCatharina AndreeApplication DataHotbarv3.0Hotbarstatic1d_icons_buttons_bar.res c:documents and settingsCatharina AndreeApplication DataHotbarv3.0Hotbarstatic1d_icons_buttons_bbar1.res c:documents and settingsCatharina AndreeApplication DataHotbarv3.0Hotbarstatic1d_icons_buttons_logos.res c:documents and settingsCatharina AndreeApplication DataHotbarv3.0Hotbarstatic1d_icons_buttons_other.res c:documents and settingsCatharina AndreeApplication DataHotbarv3.0Hotbarstatic1d_icons_weather.res c:documents and settingsCatharina AndreeApplication DataHotbarv3.0Hotbarstatic1default.cdf c:documents and settingsCatharina AndreeApplication DataHotbarv3.0Hotbarstatic1Default_511745-514279.mnu c:documents and settingsCatharina AndreeApplication DataHotbarv3.0Hotbarstatic1Default_bidz.mnu c:documents and settingsCatharina AndreeApplication DataHotbarv3.0Hotbarstatic1Default_bidz1.mnu c:documents and settingsCatharina AndreeApplication DataHotbarv3.0Hotbarstatic1Default_bidz10.mnu c:documents and settingsCatharina AndreeApplication DataHotbarv3.0Hotbarstatic1Default_bidz11.mnu c:documents and settingsCatharina AndreeApplication DataHotbarv3.0Hotbarstatic1Default_bidz12.mnu c:documents and settingsCatharina AndreeApplication DataHotbarv3.0Hotbarstatic1Default_bidz13.mnu c:documents and settingsCatharina AndreeApplication DataHotbarv3.0Hotbarstatic1Default_bidz14.mnu c:documents and settingsCatharina AndreeApplication DataHotbarv3.0Hotbarstatic1Default_bidz15.mnu c:documents and settingsCatharina AndreeApplication DataHotbarv3.0Hotbarstatic1Default_bidz16.mnu c:documents and settingsCatharina AndreeApplication DataHotbarv3.0Hotbarstatic1Default_bidz17.mnu c:documents and settingsCatharina AndreeApplication DataHotbarv3.0Hotbarstatic1Default_bidz18.mnu c:documents and settingsCatharina AndreeApplication DataHotbarv3.0Hotbarstatic1Default_bidz19.mnu c:documents and settingsCatharina AndreeApplication DataHotbarv3.0Hotbarstatic1Default_bidz2.mnu c:documents and settingsCatharina AndreeApplication DataHotbarv3.0Hotbarstatic1Default_bidz20.mnu c:documents and settingsCatharina AndreeApplication DataHotbarv3.0Hotbarstatic1Default_bidz3.mnu c:documents and settingsCatharina AndreeApplication DataHotbarv3.0Hotbarstatic1Default_bidz4.mnu c:documents and settingsCatharina AndreeApplication DataHotbarv3.0Hotbarstatic1Default_bidz5.mnu c:documents and settingsCatharina AndreeApplication DataHotbarv3.0Hotbarstatic1Default_bidz6.mnu c:documents and settingsCatharina AndreeApplication DataHotbarv3.0Hotbarstatic1Default_bidz7.mnu c:documents and settingsCatharina AndreeApplication DataHotbarv3.0Hotbarstatic1Default_bidz8.mnu c:documents and settingsCatharina AndreeApplication DataHotbarv3.0Hotbarstatic1Default_bidz9.mnu c:documents and settingsCatharina AndreeApplication DataHotbarv3.0Hotbarstatic1Default_categorize.mnu c:documents and settingsCatharina AndreeApplication DataHotbarv3.0Hotbarstatic1Default_comparison.mnu c:documents and settingsCatharina AndreeApplication DataHotbarv3.0Hotbarstatic1Default_em_PROFL_CA_flow_b_IEB.mnu c:documents and settingsCatharina AndreeApplication DataHotbarv3.0Hotbarstatic1Default_explorer-Mails.mnu c:documents and settingsCatharina AndreeApplication DataHotbarv3.0Hotbarstatic1Default_explorer-people.mnu c:documents and settingsCatharina AndreeApplication DataHotbarv3.0Hotbarstatic1Default_favorites.mnu c:documents and settingsCatharina AndreeApplication DataHotbarv3.0Hotbarstatic1Default_Games.mnu c:documents and settingsCatharina AndreeApplication DataHotbarv3.0Hotbarstatic1Default_Hide.mnu c:documents and settingsCatharina AndreeApplication DataHotbarv3.0Hotbarstatic1Default_hotbarcom.mnu c:documents and settingsCatharina AndreeApplication DataHotbarv3.0Hotbarstatic1Default_Hotmail.mnu c:documents and settingsCatharina AndreeApplication DataHotbarv3.0Hotbarstatic1Default_hsskin.mnu c:documents and settingsCatharina AndreeApplication DataHotbarv3.0Hotbarstatic1Default_jemster.mnu c:documents and settingsCatharina AndreeApplication DataHotbarv3.0Hotbarstatic1Default_jemsterie.mnu c:documents and settingsCatharina AndreeApplication DataHotbarv3.0Hotbarstatic1Default_jemsteruk.mnu c:documents and settingsCatharina AndreeApplication DataHotbarv3.0Hotbarstatic1Default_jobsearch.mnu c:documents and settingsCatharina AndreeApplication DataHotbarv3.0Hotbarstatic1Default_Mails.mnu c:documents and settingsCatharina AndreeApplication DataHotbarv3.0Hotbarstatic1Default_new.mnu c:documents and settingsCatharina AndreeApplication DataHotbarv3.0Hotbarstatic1Default_premium.mnu c:documents and settingsCatharina AndreeApplication DataHotbarv3.0Hotbarstatic1Default_reun.mnu c:documents and settingsCatharina AndreeApplication DataHotbarv3.0Hotbarstatic1Default_ringtones.mnu c:documents and settingsCatharina AndreeApplication DataHotbarv3.0Hotbarstatic1Default_SearchBoxTrapper.mnu c:documents and settingsCatharina AndreeApplication DataHotbarv3.0Hotbarstatic1Default_searchfor.mnu c:documents and settingsCatharina AndreeApplication DataHotbarv3.0Hotbarstatic1Default_searchgo.mnu c:documents and settingsCatharina AndreeApplication DataHotbarv3.0Hotbarstatic1Default_weather.mnu c:documents and settingsCatharina AndreeApplication DataHotbarv3.0Hotbarstatic1Default_yellowpages.mnu c:documents and settingsCatharina AndreeApplication DataHotbarv3.0Hotbarstatic1email-def-511724-548964.mnu c:documents and settingsCatharina AndreeApplication DataHotbarv3.0Hotbarstatic1email-def-511724-9595.mnu c:documents and settingsCatharina AndreeApplication DataHotbarv3.0Hotbarstatic1email-t1-bg.res c:documents and settingsCatharina AndreeApplication DataHotbarv3.0Hotbarstatic1gamesmenu.cdf c:documents and settingsCatharina AndreeApplication DataHotbarv3.0Hotbarstatic1gamesMenu.mnu c:documents and settingsCatharina AndreeApplication DataHotbarv3.0Hotbarstatic1hb_ie_menu.res c:documents and settingsCatharina AndreeApplication DataHotbarv3.0Hotbarstatic1hotbar-premium-hotbar-premium.mnu c:documents and settingsCatharina AndreeApplication DataHotbarv3.0Hotbarstatic1hotbar-premium.cdf c:documents and settingsCatharina AndreeApplication DataHotbarv3.0Hotbarstatic1hotbar_promo.htm c:documents and settingsCatharina AndreeApplication DataHotbarv3.0Hotbarstatic1icons2.res c:documents and settingsCatharina AndreeApplication DataHotbarv3.0Hotbarstatic1ie_games_icon.res c:documents and settingsCatharina AndreeApplication DataHotbarv3.0Hotbarstatic1ie_video.res c:documents and settingsCatharina AndreeApplication DataHotbarv3.0Hotbarstatic1keywords.idx c:documents and settingsCatharina AndreeApplication DataHotbarv3.0Hotbarstatic1keywords1.dat c:documents and settingsCatharina AndreeApplication DataHotbarv3.0Hotbarstatic1layout.cdf c:documents and settingsCatharina AndreeApplication DataHotbarv3.0Hotbarstatic1linkpathlegal.txt
StefanT Posted November 11, 2008 Author Posted November 11, 2008 c:documents and settingsCatharina AndreeApplication DataHotbarv3.0Hotbarstatic1more.res c:documents and settingsCatharina AndreeApplication DataHotbarv3.0Hotbarstatic1new_games.mnu c:documents and settingsCatharina AndreeApplication DataHotbarv3.0Hotbarstatic1progress.res c:documents and settingsCatharina AndreeApplication DataHotbarv3.0Hotbarstatic1s_icons_buttons.res c:documents and settingsCatharina AndreeApplication DataHotbarv3.0Hotbarstatic1sales_buttons.res c:documents and settingsCatharina AndreeApplication DataHotbarv3.0Hotbarstatic1t2_bg.res c:documents and settingsCatharina AndreeApplication DataHotbarv3.0Hotbarstatic1theweb.mnu c:documents and settingsCatharina AndreeApplication DataHotbarv3.0Hotbarstatic1top7.cdf c:documents and settingsCatharina AndreeApplication DataHotbarv3.0Hotbarstatic1Top7_theweb.mnu c:documents and settingsCatharina AndreeApplication DataHotbarv3.0Hotbarstatic1tsd_bg.res c:documents and settingsCatharina AndreeApplication DataHotbarv3.0Hotbarstatic1weathericon.res c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HotbarstaticDownLoadads.xip c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HotbarstaticDownLoadBtnTrans.xip c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HotbarstaticDownLoadBtnTrans1.xip c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HotbarstaticDownLoadbusiness_promo.xip c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HotbarstaticDownLoadbuttondir.xip c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HotbarstaticDownLoadcursors.xip c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HotbarstaticDownLoadd_icons_buttons_1000.xip c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HotbarstaticDownLoadd_icons_buttons_2000.xip c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HotbarstaticDownLoadd_icons_buttons_3000.xip c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HotbarstaticDownLoadd_icons_buttons_bar.xip c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HotbarstaticDownLoadd_icons_buttons_bbar1.xip c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HotbarstaticDownLoadd_icons_buttons_logos.xip c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HotbarstaticDownLoadd_icons_buttons_other.xip c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HotbarstaticDownLoadd_icons_weather.xip c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HotbarstaticDownLoaddefault.xip c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HotbarstaticDownLoademail-t1-bg.xip c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HotbarstaticDownLoadgamesmenu.xip c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HotbarstaticDownLoadhb_ie_menu.xip c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HotbarstaticDownLoadhotbar-premium.xip c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HotbarstaticDownLoadhotbar_promo.xip c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HotbarstaticDownLoadicons2.xip c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HotbarstaticDownLoadie_games_icon.xip c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HotbarstaticDownLoadie_video.xip c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HotbarstaticDownLoadkeywords.xip c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HotbarstaticDownLoadkeywords1.xip c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HotbarstaticDownLoadlayout.xip c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HotbarstaticDownLoadlinkpathlegal.xip c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HotbarstaticDownLoadmore.xip c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HotbarstaticDownLoadprogress.xip c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HotbarstaticDownLoads_icons_buttons.xip c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HotbarstaticDownLoadsales_buttons.xip c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HotbarstaticDownLoadsamplegroups2.txt c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HotbarstaticDownLoadsamplegroups2.xip c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HotbarstaticDownLoadt2_bg.xip c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HotbarstaticDownLoadtop7.xip c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HotbarstaticDownLoadtsd_bg.xip c:documents and settingsCatharina AndreeApplication DataHotbarv3.0HotbarstaticDownLoadweathericon.xip c:windowsadmintxt.txt c:windowssystem32adqaiwsk.ini c:windowssystem32AGQtttwa.ini c:windowssystem32AGQtttwa.ini2 c:windowssystem32amacourm.ini c:windowssystem32asfvmwav.dll c:windowssystem32boypgkdx.ini c:windowssystem32bqpwcght.ini c:windowssystem32cxhutwme.ini c:windowssystem32DcLooUtv.ini c:windowssystem32DcLooUtv.ini2 c:windowssystem32dcrhnjxb.ini c:windowssystem32fNmSYcfe.ini c:windowssystem32fNmSYcfe.ini2 c:windowssystem32fplotele.ini c:windowssystem32fusukl.dll c:windowssystem32gbcrokbl.ini c:windowssystem32havgnxgs.ini c:windowssystem32icgplrml.ini c:windowssystem32ipfgwadu.ini c:windowssystem32jhuhswef.dll c:windowssystem32jjlcpctf.ini c:windowssystem32miurueqr.ini c:windowssystem32mjmkra.dll c:windowssystem32mlbpekns.ini c:windowssystem32nbsgkhps.ini c:windowssystem32neaijxto.ini c:windowssystem32ocmjro.dll c:windowssystem32oddowp.dll c:windowssystem32oeuvqjwq.ini c:windowssystem32phiekinj.ini c:windowssystem32rwwiluhl.ini c:windowssystem32stmdfjch.ini c:windowssystem32tyqyfsmm.ini c:windowssystem32udqmtogp.ini c:windowssystem32wpfimnuo.ini c:windowssystem32wvvwa.bak2 c:windowssystem32wvvwa.tmp c:windowssystem32WxbLRqru.ini c:windowssystem32WxbLRqru.ini2 c:windowssystem32xdfuyofj.ini c:windowssystem32xwmdullu.dll c:windowssystem32yndpprqb.ini . ((((((((((((((((((((((((( Files Created from 2008-10-10 to 2008-11-10 ))))))))))))))))))))))))))))))) . 2008-11-10 12:28 . 2008-11-10 12:28 <KAT> d-------- c:programCCleaner 2008-11-09 15:44 . 2008-11-09 15:44 <KAT> d-------- c:programMalwarebytes' Anti-Malware 2008-11-09 15:44 . 2008-11-09 15:44 <KAT> d-------- c:documents and settingsCatharina AndreeApplication DataMalwarebytes 2008-11-09 15:44 . 2008-11-09 15:44 <KAT> d-------- c:documents and settingsAll UsersApplication DataMalwarebytes 2008-11-09 15:44 . 2008-10-22 16:10 38,496 --a------ c:windowssystem32driversmbamswissarmy.sys 2008-11-09 15:44 . 2008-10-22 16:10 15,504 --a------ c:windowssystem32driversmbam.sys 2008-11-09 14:36 . 2008-11-09 14:36 <KAT> d-------- c:programTrend Micro 2008-11-09 12:12 . 2008-04-14 18:04 116,224 --a------ c:windowssystem32dllcachexrxwiadr.dll 2008-11-09 12:12 . 2001-08-18 06:37 99,865 --a------ c:windowssystem32dllcachexlog.exe 2008-11-09 12:12 . 2001-09-06 20:33 27,648 --a------ c:windowssystem32dllcachexrxftplt.exe 2008-11-09 12:12 . 2001-09-06 20:33 23,040 --a------ c:windowssystem32dllcachexrxwbtmp.dll 2008-11-09 12:12 . 2004-08-03 22:29 19,455 --a------ c:windowssystem32dllcachewvchntxx.sys 2008-11-09 12:12 . 2008-04-14 18:04 18,944 --a------ c:windowssystem32dllcachexrxscnui.dll 2008-11-09 12:12 . 2001-08-17 20:11 16,970 --a------ c:windowssystem32dllcachexem336n5.sys 2008-11-09 12:12 . 2004-08-03 22:29 12,063 --a------ c:windowssystem32dllcachewsiintxx.sys 2008-11-09 12:12 . 2008-04-14 18:04 8,192 --a------ c:windowssystem32dllcachewshirda.dll 2008-11-09 12:12 . 2001-09-06 20:33 4,608 --a------ c:windowssystem32dllcachexrxflnch.exe 2008-11-09 12:11 . 2001-08-17 21:28 771,581 --a------ c:windowssystem32dllcachewinacisa.sys 2008-11-09 12:11 . 2001-08-17 21:28 701,386 --a------ c:windowssystem32dllcachewdhaalba.sys 2008-11-09 12:11 . 2004-08-03 22:31 154,624 --a------ c:windowssystem32dllcachewlluc48.sys 2008-11-09 12:11 . 2001-09-06 20:33 87,040 --a------ c:windowssystem32dllcachewiafbdrv.dll 2008-11-09 12:11 . 2001-09-06 20:33 54,272 --a------ c:windowssystem32dllcachewiamsmud.dll 2008-11-09 12:11 . 2004-08-04 12:00 41,600 --a------ c:windowssystem32dllcacheweitekp9.dll 2008-11-09 12:11 . 2001-08-17 20:10 35,871 --a------ c:windowssystem32dllcachewbfirdma.sys 2008-11-09 12:11 . 2001-09-06 19:56 34,890 --a------ c:windowssystem32dllcachewlandrv2.sys 2008-11-09 12:11 . 2008-04-14 17:36 31,872 --a------ c:windowssystem32dllcachewceusbsh.sys 2008-11-09 12:11 . 2004-08-04 12:00 31,232 --a------ c:windowssystem32dllcacheweitekp9.sys 2008-11-09 12:11 . 2004-08-03 22:29 23,615 --a------ c:windowssystem32dllcachewch7xxnt.sys 2008-11-09 12:11 . 2008-04-13 20:36 8,832 --a------ c:windowssystem32dllcachewmiacpi.sys 2008-11-09 12:09 . 2001-08-17 21:28 794,654 --a------ c:windowssystem32dllcacheusr1801.sys 2008-11-09 12:08 . 2001-09-06 20:33 216,064 --a------ c:windowssystem32dllcacheum34scan.dll 2008-11-09 12:08 . 2001-09-06 20:33 211,968 --a------ c:windowssystem32dllcacheum54scan.dll 2008-11-09 12:08 . 2001-08-17 20:51 166,784 --a------ c:windowssystem32dllcachetridxpm.sys 2008-11-09 12:08 . 2001-09-06 20:33 69,632 --a------ c:windowssystem32dllcacheumaxu12.dll 2008-11-09 12:08 . 2001-09-06 20:33 50,688 --a------ c:windowssystem32dllcacheumaxscan.dll 2008-11-09 12:08 . 2001-09-06 20:33 50,176 --a------ c:windowssystem32dllcacheumaxp60.dll 2008-11-09 12:08 . 2001-09-06 20:33 47,616 --a------ c:windowssystem32dllcacheumaxcam.dll 2008-11-09 12:08 . 2001-09-06 20:33 28,160 --a------ c:windowssystem32dllcacheumaxu40.dll 2008-11-09 12:08 . 2001-09-06 20:33 26,624 --a------ c:windowssystem32dllcacheumaxu22.dll 2008-11-09 12:08 . 2001-08-17 21:58 22,912 --a------ c:windowssystem32dllcacheumaxpcls.sys 2008-11-09 12:08 . 2004-08-04 12:00 14,336 --a------ c:windowssystem32dllcachetsprof.exe 2008-11-09 12:08 . 2001-08-17 21:48 11,520 --a------ c:windowssystem32dllcachetwotrack.sys 2008-11-09 12:06 . 2001-09-06 20:33 172,768 --a------ c:windowssystem32dllcachet2r4disp.dll 2008-11-09 12:05 . 2001-09-06 19:47 285,760 --a------ c:windowssystem32dllcachestlnata.sys 2008-11-09 12:04 . 2001-09-06 20:33 147,200 --a------ c:windowssystem32dllcachesmidispb.dll 2008-11-09 12:03 . 2001-09-06 20:33 386,560 --a------ c:windowssystem32dllcachesgiul50.dll 2008-11-09 12:02 . 2001-09-06 20:32 495,616 --a------ c:windowssystem32dllcachesblfx.dll 2008-11-09 12:01 . 2001-09-06 20:33 210,496 --a------ c:windowssystem32dllcaches3mvirge.dll 2008-11-09 12:00 . 2001-09-06 20:09 899,274 --a------ c:windowssystem32dllcacher2mdkxga.sys 2008-11-09 11:59 . 2008-04-14 18:04 363,520 --a------ c:windowssystem32dllcachepsisdecd.dll 2008-11-09 11:58 . 2008-04-13 20:46 61,696 --a------ c:windowssystem32dllcacheohci1394.sys 2008-11-09 11:58 . 2001-08-17 20:20 54,528 --a------ c:windowssystem32dllcacheopl3sax.sys 2008-11-09 11:58 . 2001-09-06 20:06 54,314 --a------ c:windowssystem32dllcacheotcsercb.sys 2008-11-09 11:58 . 2001-09-06 20:06 43,817 --a------ c:windowssystem32dllcacheotceth5.sys 2008-11-09 11:58 . 2001-08-17 22:05 31,872 --a------ c:windowssystem32dllcacheovce.sys 2008-11-09 11:58 . 2001-08-17 20:12 30,495 --a------ c:windowssystem32dllcachepc100nds.sys 2008-11-09 11:58 . 2001-08-17 20:11 30,282 --a------ c:windowssystem32dllcachepcntn5hl.sys 2008-11-09 11:58 . 2001-08-17 20:11 29,769 --a------ c:windowssystem32dllcachepcntn5m.sys 2008-11-09 11:58 . 2004-08-03 22:31 29,502 --a------ c:windowssystem32dllcachepca200e.sys 2008-11-09 11:58 . 2001-08-17 20:12 27,209 --a------ c:windowssystem32dllcacheotc06x5.sys 2008-11-09 11:58 . 2001-08-17 20:12 26,153 --a------ c:windowssystem32dllcachepcmlm56.sys 2008-11-09 11:58 . 2001-08-17 22:05 25,216 --a------ c:windowssystem32dllcacheovsound2.sys 2008-11-09 11:58 . 2001-08-17 22:05 25,088 --a------ c:windowssystem32dllcacheovca.sys 2008-11-09 11:56 . 2001-09-06 19:59 129,536 --a------ c:windowssystem32dllcachen100325.sys 2008-11-09 11:55 . 2001-09-06 19:54 320,384 --a------ c:windowssystem32dllcachemgaum.sys 2008-11-09 11:54 . 2001-08-17 21:28 802,683 --a------ c:windowssystem32dllcacheltsm.sys 2008-11-09 11:53 . 2008-04-14 18:04 253,952 --a------ c:windowssystem32dllcachekdsusd.dll 2008-11-09 11:52 . 2001-09-06 20:33 372,824 --a------ c:windowssystem32dllcacheiconf32.dll 2008-11-09 11:51 . 2008-04-14 18:04 702,845 --a------ c:windowssystem32dllcachei81xdnt5.dll 2008-11-09 11:50 . 2001-09-06 20:33 324,608 --a------ c:windowssystem32dllcachehpojwia.dll 2008-11-09 11:49 . 2001-09-06 20:32 1,733,120 --a------ c:windowssystem32dllcacheg400d.dll 2008-11-09 11:48 . 2004-08-03 22:32 137,088 --a------ c:windowssystem32dllcacheessm2e.sys 2008-11-09 11:47 . 2001-09-06 20:03 634,134 --a------ c:windowssystem32dllcacheel656ct5.sys 2008-11-09 11:46 . 2004-08-04 12:00 514,587 --a------ c:windowssystem32dllcacheedb500.dll 2008-11-09 11:46 . 2001-08-17 20:20 334,208 --a------ c:windowssystem32dllcacheds1wdm.sys 2008-11-09 11:46 . 2001-08-17 20:10 69,692 --a------ c:windowssystem32dllcacheel575nd5.sys 2008-11-09 11:46 . 2001-08-17 20:11 69,194 --a------ c:windowssystem32dllcacheel656cd5.sys 2008-11-09 11:46 . 2001-08-17 20:10 55,999 --a------ c:windowssystem32dllcacheel556nd5.sys 2008-11-09 11:46 . 2001-09-06 20:03 51,231 --a------ c:windowssystem32dllcachee1000nt5.sys 2008-11-09 11:46 . 2001-09-06 20:03 44,103 --a------ c:windowssystem32dllcacheel515.sys 2008-11-09 11:46 . 2001-08-17 20:10 26,141 --a------ c:windowssystem32dllcacheel589nd5.sys 2008-11-09 11:46 . 2001-08-17 20:10 24,653 --a------ c:windowssystem32dllcacheel574nd4.sys 2008-11-09 11:46 . 2008-04-14 18:05 20,992 --a------ c:windowssystem32dllcachedshowext.ax 2008-11-09 11:46 . 2001-08-17 20:12 19,594 --a------ c:windowssystem32dllcachee100isa4.sys 2008-11-09 11:44 . 2001-09-06 20:33 421,405 --a------ c:windowssystem32dllcachedgconfig.dll 2008-11-09 11:43 . 2008-04-14 18:04 250,880 --a------ c:windowssystem32dllcachectmasetp.dll 2008-11-09 11:42 . 2001-09-06 19:54 980,034 --a------ c:windowssystem32dllcachecicap.sys 2008-11-09 11:41 . 2001-09-06 19:53 714,826 --a------ c:windowssystem32dllcachecbmdmkxx.sys 2008-11-09 11:40 . 2001-08-17 21:28 871,388 --a------ c:windowssystem32dllcachebcmdm.sys 2008-11-09 11:39 . 2001-08-17 21:28 762,780 --a------ c:windowssystem32dllcache3cwmcru.sys 2008-11-09 11:38 . 2001-09-06 20:33 66,048 --a------ c:windowssystem32dllcaches3legacy.dll 2008-11-09 11:20 . 2008-11-09 11:21 <KAT> d-------- c:documents and settingsmatildaAmanda 2008-11-08 21:29 . 2004-09-16 09:49 <KAT> dr------- c:documents and settingsAdministratör.CATHAStart-meny 2008-11-08 21:29 . 2004-09-16 09:49 <KAT> dr------- c:documents and settingsAdministratör.CATHAStart-meny 2008-11-08 21:29 . 2006-04-12 14:07 <KAT> d-------- c:documents and settingsAdministratör.CATHASkrivbord 2008-11-08 21:29 . 2006-04-12 14:07 <KAT> d-------- c:documents and settingsAdministratör.CATHASkrivbord 2008-11-08 21:29 . 2004-09-16 09:49 <KAT> d--h----- c:documents and settingsAdministratör.CATHASkrivare 2008-11-08 21:29 . 2004-09-16 09:49 <KAT> d--h----- c:documents and settingsAdministratör.CATHASkrivare 2008-11-08 21:29 . 2004-09-16 09:49 <KAT> d--h----- c:documents and settingsAdministratör.CATHANätverket 2008-11-08 21:29 . 2004-09-16 09:49 <KAT> d--h----- c:documents and settingsAdministratör.CATHANätverket 2008-11-08 21:29 . 2004-09-16 10:00 <KAT> dr------- c:documents and settingsAdministratör.CATHAMina dokument 2008-11-08 21:29 . 2004-09-16 10:00 <KAT> dr------- c:documents and settingsAdministratör.CATHAMina dokument 2008-11-08 21:29 . 2004-09-16 09:49 <KAT> d--h----- c:documents and settingsAdministratör.CATHAMallar 2008-11-08 21:29 . 2004-09-16 09:49 <KAT> d--h----- c:documents and settingsAdministratör.CATHAMallar 2008-11-08 21:29 . 2008-11-10 19:26 <KAT> d--h----- c:documents and settingsAdministratör.CATHALokala inställningar 2008-11-08 21:29 . 2008-11-10 19:26 <KAT> d--h----- c:documents and settingsAdministratör.CATHALokala inställningar 2008-11-08 21:29 . 2004-09-16 10:00 <KAT> dr------- c:documents and settingsAdministratör.CATHAFavoriter 2008-11-08 21:29 . 2004-09-16 10:00 <KAT> dr------- c:documents and settingsAdministratör.CATHAFavoriter 2008-11-08 21:29 . 2008-11-08 21:29 <KAT> d-------- c:documents and settingsAdministratör.CATHA 2008-11-06 09:53 . 2008-11-06 09:53 <KAT> dr-hs---- C:XXXresycled 2008-11-06 09:40 . 2008-11-06 10:33 2,444 --a------ C:XXXautorun.PNF 2008-11-06 09:21 . 2008-11-06 09:24 103 -rahs---- C:XXautorun.XXinf 2008-11-05 20:39 . 2008-11-05 20:39 2,444 --a------ C:XXautorun.XXPNF 2008-11-04 13:54 . 2008-11-04 13:55 97,943 --a------ c:windowswebcodec.exe 2008-11-03 23:17 . 2008-11-03 23:19 97,943 --a------ c:windowswebconfig32.exe 2008-11-03 13:39 . 2008-11-03 13:39 113,152 --a------ c:windowssystem32nwwjjgms.dll 2008-11-03 02:14 . 2008-11-06 09:51 <KAT> dr-hs---- C:XXresycled 2008-11-01 14:05 . 2008-11-10 12:58 <KAT> d-------- c:programFighters 2008-11-01 14:05 . 2008-11-01 14:05 <KAT> d-------- c:documents and settingsAll UsersApplication DataFighters 2008-10-27 22:55 . 2008-11-01 17:02 77,937 --a------ c:windowssystem32weenaeelycpjeprre.exe 2008-10-18 13:22 . 2008-10-18 13:22 <KAT> d-------- c:windowssystem32sv 2008-10-18 13:22 . 2008-10-18 13:22 <KAT> d-------- c:windowssystem32bits 2008-10-18 13:22 . 2008-10-18 13:22 <KAT> d-------- c:windowsl2schemas 2008-10-18 13:19 . 2008-10-18 13:23 <KAT> d-------- c:windowsServicePackFiles 2008-10-18 13:09 . 2008-10-18 13:09 <KAT> d-------- c:windowsEHome . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-11-10 11:55 --------- d-----w c:programDelade filerSymantec Shared 2008-11-06 11:37 --------- d-----w c:documents and settingsAll UsersApplication DataSymantec 2008-11-06 09:41 --------- d-----w c:programNorton Internet Security 2008-11-04 17:08 --------- d-----w c:programNorton Security Scan 2008-11-03 18:43 --------- d-----w c:programLimeWire 2008-11-03 18:43 --------- d-----w c:programIncomplete 2008-10-07 21:25 --------- d-----w c:documents and settingsCatharina AndreeApplication DataLimeWire 2008-10-03 17:26 6,066,176 ------w c:windowssystem32dllcacheieframe.dll 2008-10-02 17:21 --------- d-----w c:programVision Park 2008-09-30 16:05 --------- d---a-w c:documents and settingsAll UsersApplication DataTEMP 2008-09-30 15:51 --------- d-----w c:programGamenext 2008-09-30 15:51 --------- d-----w c:documents and settingsAll UsersApplication DataPlayFirst 2008-09-15 15:27 1,846,400 ----a-w c:windowssystem32win32k.sys 2008-09-15 15:27 1,846,400 ----a-w c:windowssystem32dllcachewin32k.sys 2008-09-10 10:38 --------- d-----w c:documents and settingsAll UsersApplication DataSandlot Games 2008-09-08 10:41 333,824 ----a-w c:windowssystem32dllcachesrv.sys 2008-08-27 09:27 3,593,216 ----a-w c:windowssystem32dllcachemshtml.dll 2008-08-26 08:27 826,368 ----a-w c:windowssystem32wininet.dll 2008-08-26 08:27 826,368 ----a-w c:windowssystem32dllcachewininet.dll 2008-08-26 08:27 671,232 ----a-w c:windowssystem32dllcachemstime.dll 2008-08-26 08:27 477,696 ----a-w c:windowssystem32dllcachemshtmled.dll 2008-08-26 08:27 44,544 ----a-w c:windowssystem32dllcachepngfilt.dll 2008-08-26 08:27 233,472 ----a-w c:windowssystem32dllcachewebcheck.dll 2008-08-26 08:27 193,024 ----a-w c:windowssystem32dllcachemsrating.dll 2008-08-26 08:27 105,984 ----a-w c:windowssystem32dllcacheurl.dll 2008-08-26 08:27 102,912 ----a-w c:windowssystem32dllcacheoccache.dll 2008-08-26 08:27 1,159,680 ----a-w c:windowssystem32dllcacheurlmon.dll 2008-08-25 08:43 70,656 ----a-w c:windowssystem32dllcacheie4uinit.exe 2008-08-25 08:38 13,824 ------w c:windowssystem32dllcacheieudinit.exe 2008-08-23 05:56 635,848 ----a-w c:windowssystem32dllcacheiexplore.exe 2008-08-23 05:54 161,792 ----a-w c:windowssystem32dllcacheieakui.dll 2008-08-14 13:27 2,189,952 ----a-w c:windowssystem32ntoskrnl.exe 2008-08-14 13:27 2,189,952 ----a-w c:windowssystem32dllcachentoskrnl.exe 2008-08-14 13:27 2,066,816 ----a-w c:windowssystem32ntkrnlpa.exe 2008-08-14 13:27 2,066,816 ----a-w c:windowssystem32dllcachentkrnlpa.exe 2008-08-14 10:04 138,496 ----a-w c:windowssystem32dllcacheafd.sys . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun] "ctfmon.exe"="c:windowssystem32ctfmon.exe" [2008-04-14 15360] "WMPNSCFG"="c:programWindows Media PlayerWMPNSCFG.exe" [2006-11-15 204288] "swg"="c:programGoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe" [2007-10-12 68856] "MsnMsgr"="c:programWindows LiveMessengermsnmsgr.exe" [2007-10-18 5724184] "gStart"="c:garmingStart.exe" [2007-08-23 1891416] [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun] "Symantec PIF AlertEng"="c:programDelade filerSymantec SharedPIF{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}PIFSvc.exe" [2008-01-29 583048] "SweetIM"="c:programMacrogamingSweetIMSweetIM.exe" [2008-01-02 103712] "SunJavaUpdateSched"="c:programJavajre1.6.0_05binjusched.exe" [2008-02-22 144784] "QuickTime Task"="c:programQuickTimeqttask.exe" [2007-05-18 98304] "LXSUPMON"="c:windowssystem32LXSUPMON.EXE" [2002-01-28 885760] "igfxtray"="c:windowssystem32igfxtray.exe" [2005-09-20 94208] "igfxpers"="c:windowssystem32igfxpers.exe" [2005-09-20 114688] "igfxhkcmd"="c:windowssystem32hkcmd.exe" [2005-09-20 77824] "DVDLauncher"="c:programCyberLinkPowerDVDDVDLauncher.exe" [2004-04-26 53248] "ccApp"="c:programDelade filerSymantec SharedccApp.exe" [2007-03-01 52840] "Adobe Reader Speed Launcher"="c:programAdobeReader 8.0ReaderReader_sl.exe" [2008-01-11 39792] [HKEY_USERS.DEFAULTSoftwareMicrosoftWindowsCurrentVersionRun] "CTFMON.EXE"="c:windowssystem32CTFMON.EXE" [2008-04-14 15360] [HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversionwindows] "AppInit_DLLs"=bjxykt.dll HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregC: HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregC:WINDOWS HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregc:windowssystem32 [HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity center] "AntiVirusDisableNotify"=dword:00000001 [HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity centerMonitoringSymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity centerMonitoringSymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM~servicessharedaccessparametersfirewallpolicystandardprofile] "EnableFirewall"= 0 (0x0) [HKLM~servicessharedaccessparametersfirewallpolicystandardprofileAuthorizedApplicationsList] "%windir%system32sessmgr.exe"= "c:ProgramMicrosoft GamesZoo Tycoon 2 Trial Versionzt2demoretail.exe"= "c:ProgramMicrosoft GamesZoo Tycoon 2 Endangered Species Trial Versionzt.exe"= "c:ProgramMessengermsmsgs.exe"= "c:ProgramuTorrentuTorrent.exe"= "c:ProgramLimeWireLimeWire.exe"= "%windir%Network Diagnosticxpnetdiag.exe"= "c:ProgramWindows LiveMessengermsnmsgr.exe"= "c:ProgramWindows LiveMessengerlivecall.exe"= R2 Automatisk LiveUpdate-schemaläggare;Automatisk LiveUpdate-schemaläggare;c:programSymantecLiveUpdateALUSchedulerSvc.exe [2006-02-28 100032] R2 MSSQL$SPCS;MSSQL$SPCS;c:programMicrosoft SQL ServerMSSQL$SPCSBinnsqlservr.exe [2002-12-17 7520337] S1 bf29d896;bf29d896;c:windowssystem32driversbf29d896.sys [ ] S3 SQLAgent$SPCS;SQLAgent$SPCS;c:programMicrosoft SQL ServerMSSQL$SPCSBinnsqlagent.EXE [2002-12-17 311872] S3 V0260VID;Live! Cam Vista IM;c:windowssystem32DRIVERSV0260Vid.sys [2006-04-01 162176] *Newly Created Service* - COMHOST *Newly Created Service* - PROCEXP90 . Contents of the 'Scheduled Tasks' folder 2008-11-04 c:windowsTasksAppleSoftwareUpdate.job - c:programApple Software UpdateSoftwareUpdate.exe [2007-06-03 12:42] 2008-11-10 c:windowsTasksKontrollera uppdateringar för Windows Live Toolbar.job - c:programWindows Live ToolbarMSNTBUP.EXE [2007-10-19 11:20] 2008-10-24 c:windowsTasksNorton AntiVirus - Sök igenom datorn - Catharina Andree.job - c:programNORTON~1NORTON~1Navw32.exe [2007-05-28 11:00] . - - - - ORPHANS REMOVED - - - - BHO-{15f1de2b-e547-f1d4-f82d-d5bfd4ee2e0e} - c:windowssystem32tuyrgsacxlt.dll HKCU-Run-BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - c:programDelade filerAheadLibNMBgMonitor.exe HKLM-Run-c:windowssystem32kdihl.exe - c:windowssystem32kdihl.exe HKLM-Run-WinampAgent - c:programWinampwianmpa.exe Notify-wvukjbcb - wvUkJbcB.dll MSConfigStartUp-kdihl - c:windowssystem32kdihl.exe . ------- Supplementary Scan ------- . R0 -: HKCU-Main,Start Page = https://upplandsbro.skola24.se/ R0 -: HKCU-Main,SearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 R0 -: HKLM-Main,Start Page = hxxp://www1.euro.dell.com/content/default.aspx?c=se&l=sv&s=gen R1 -: HKCU-Internet Connection Wizard,ShellNext = iexplore R1 -: HKCU-SearchURL,(Default) = hxxp://www.google.com/search?q=%s O8 -: &Winamp Toolbar Search - c:documents and settingsAll UsersApplication DataWinamp ToolbarieToolbarresourcesen-USlocalsearch.html O8 -: &Windows Live Search - c:programWindows Live Toolbarmsntb.dll/search.htm O8 -: Add to AMV Converter... - c:programMP3 Player Utilities 4.15AMVConvertergrab.html O8 -: E&xportera till Microsoft Excel - c:programMICROS~2OFFICE11EXCEL.EXE/3000 O8 -: MediaManager tool grab multimedia file - c:programMP3 Player Utilities 4.15MediaManagergrab.html O16 -: {45A0A292-ECC6-4D8F-9EA9-A4BD411D24C1} - hxxp://www.king.com/ctl/kingcomie.cab c:windowsDownloaded Program FilesKingComIE.inf c:windowsKingComIE.dll O16 -: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://game12.zylom.com/activex/zylomgamesplayer.cab c:windowsDownloaded Program FilesZylomGamesPlayer.inf c:windowsDownloaded Program Fileszylomgamesplayer.dll . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-11-10 19:27:00 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2008-11-10 19:30:59 ComboFix-quarantined-files.txt 2008-11-10 18:30:52 Pre-Run: 118 855 516 160 byte ledigt Post-Run: 119,356,342,272 byte ledigt 824 --- E O F --- 2008-10-19 07:21:51
Guest Malou Posted November 11, 2008 Posted November 11, 2008 Hej StefanT! Så om det är avsiktligt eller inte som MyWaySA och Macrogaming är installerat vet jag inte, men det är inget som vi kommer sakna om man ska ta bort dessa. Detsamma är det med bakgrundsbilden. Tyckte att Combofix verkade ta bort en del filer i MyWaySA när det kördes i alla fall. Ok då åtgärdar vi detta lite senare i procedurerna Det var inte lite som ComboFix hittade samt åtgärdade. Mycket bra. Skall strax ta mig an ComboFixloggan och gå igenom den mer grundligare för att se om där finns mer som behöver åtgärdas. Detta kommer att ta en stund så håll ut så länge. Under tiden gör nedanstående två procedurer: Ser att du har en äldre version av Javan installerad (en säkerhetsrisk). Den nyare heter Java Runtime Environment (JRE) 6 Update 10. => Java Runtime Environment (JRE) 6 Update 10 Skriv ut nedanstående eller kopiera det till ett textdokument och spara det till skrivbordet. Läs/Följ instruktionerna mycket noga: Hämta hem SDFix: => SDFix 1: Spara SDFix.exe till skrivbordet 2: Klicka på SDFix.exe 3: SDFixen packas upp här => C:SDFix. 4: Starta om datorn till felsäkert läge (tryck F8-Tangenten upprepade gånger under uppstarten och välj felsäkert läge): 5: Navigera dig fram till => C:SDFix => Klicka på runthis.bat => Välj Y. 6: När scanningen är klar så tryck på valfri tangent för att starta om datorn. 7: När det står finished så tryck på valfri tangent. En logg kommer automatiskt att visas, kopiera in loggan hit till din tråd. Gör även en ny TM HJT-logga, kopiera in den hit. MVH/Malou
StefanT Posted November 11, 2008 Author Posted November 11, 2008 Hej Här kommer eftermiddagens resultat. Tog bort Macrogaming och MyWaySA via installera/avinstallera program. M.v.h Stefan Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 17:43:21, on 2008-11-11 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16735) Boot mode: Normal Running processes: C:WINDOWSSystem32smss.exe C:WINDOWSsystem32winlogon.exe C:WINDOWSsystem32services.exe C:WINDOWSsystem32lsass.exe C:WINDOWSsystem32svchost.exe C:WINDOWSSystem32svchost.exe C:ProgramDelade filerSymantec SharedccSetMgr.exe C:ProgramDelade filerSymantec SharedccEvtMgr.exe C:ProgramDelade filerSymantec SharedccProxy.exe C:ProgramDelade filerSymantec SharedPIF{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}PIFSvc.exe C:ProgramDelade filerSymantec SharedSNDSrvc.exe C:ProgramDelade filerSymantec SharedSPBBCSPBBCSvc.exe C:ProgramDelade filerSymantec SharedCCPD-LCsymlcsvc.exe C:WINDOWSsystem32LEXBCES.EXE C:WINDOWSsystem32LEXPPS.EXE C:WINDOWSsystem32spoolsv.exe C:ProgramSymantecLiveUpdateALUSchedulerSvc.exe C:WINDOWSSystem32svchost.exe C:ProgramDellOpenManageClientIap.exe C:ProgramJavajre6binjqs.exe C:ProgramMicrosoft SQL ServerMSSQL$SPCSBinnsqlservr.exe C:ProgramNorton Internet SecurityNorton AntiVirusnavapsvc.exe C:WINDOWSsystem32svchost.exe C:WINDOWSExplorer.EXE C:ProgramQuickTimeqttask.exe C:WINDOWSsystem32LXSUPMON.EXE C:WINDOWSsystem32igfxpers.exe C:WINDOWSsystem32hkcmd.exe C:ProgramCyberLinkPowerDVDDVDLauncher.exe C:ProgramDelade filerSymantec SharedccApp.exe C:ProgramJavajre6binjusched.exe C:WINDOWSsystem32ctfmon.exe C:ProgramWindows Media PlayerWMPNSCFG.exe C:ProgramGoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe C:ProgramWindows LiveMessengermsnmsgr.exe C:GarmingStart.exe C:ProgramDelade filerSymantec SharedSecurity ConsoleNSCSRVCE.EXE C:ProgramSymantecLIVEUP~1LUCOMS~1.EXE C:ProgramSymantecLiveUpdateAUpdate.exe C:ProgramSymantecLiveUpdateLuCallbackProxy.exe C:ProgramSymantecLiveUpdateLuCallbackProxy.exe C:ProgramMessengermsmsgs.exe C:ProgramSymantecLiveUpdateLuCallbackProxy.exe C:ProgramSymantecLiveUpdateLuCallbackProxy.exe C:ProgramSymantecLiveUpdateLuCallbackProxy.exe C:ProgramSymantecLiveUpdateLuCallbackProxy.exe C:ProgramSymantecLiveUpdateLuCallbackProxy.exe C:ProgramSymantecLiveUpdateLuCallbackProxy.exe C:ProgramTrend MicroHijackThisCatha.exe R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = https://upplandsbro.skola24.se/ R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www1.euro.dell.com/content/default....;l=sv&s=gen R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Länkar R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:ProgramMacrogamingSweetIMBarForIEtoolbar.dll O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:ProgramJavajre6binssv.dll O2 - BHO: Windows Live inloggningshjälpen - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:ProgramDelade filerMicrosoft SharedWindows LiveWindowsLiveLogin.dll O2 - BHO: Norton Internet Security 2006 - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:ProgramDelade filerSymantec SharedAdBlockingNISShExt.dll O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:ProgramNorton Internet SecurityNorton AntiVirusNavShExt.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:programgooglegoogletoolbar1.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:ProgramGoogleGoogleToolbarNotifier3.1.807.1746swg.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:ProgramWindows Live Toolbarmsntb.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:ProgramJavajre6binjp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:ProgramJavajre6libdeployjqsiejqs_plugin.dll O3 - Toolbar: Norton Internet Security 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:ProgramDelade filerSymantec SharedAdBlockingNISShExt.dll O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:ProgramNorton Internet SecurityNorton AntiVirusNavShExt.dll O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:ProgramMacrogamingSweetIMBarForIEtoolbar.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:programgooglegoogletoolbar1.dll O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:ProgramWinamp Toolbarwinamptb.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:ProgramWindows Live Toolbarmsntb.dll O4 - HKLM..Run: [symantec PIF AlertEng] "C:ProgramDelade filerSymantec SharedPIF{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}PIFSvc.exe" /a /m "C:ProgramDelade filerSymantec SharedPIF{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}AlertEng.dll" O4 - HKLM..Run: [QuickTime Task] "C:ProgramQuickTimeqttask.exe" -atboottime O4 - HKLM..Run: [LXSUPMON] C:WINDOWSsystem32LXSUPMON.EXE RUN O4 - HKLM..Run: [igfxtray] C:WINDOWSsystem32igfxtray.exe O4 - HKLM..Run: [igfxpers] C:WINDOWSsystem32igfxpers.exe O4 - HKLM..Run: [igfxhkcmd] C:WINDOWSsystem32hkcmd.exe O4 - HKLM..Run: [DVDLauncher] "C:ProgramCyberLinkPowerDVDDVDLauncher.exe" O4 - HKLM..Run: [ccApp] "C:ProgramDelade filerSymantec SharedccApp.exe" O4 - HKLM..Run: [Adobe Reader Speed Launcher] "C:ProgramAdobeReader 8.0ReaderReader_sl.exe" O4 - HKLM..Run: [sunJavaUpdateSched] "C:ProgramJavajre6binjusched.exe" O4 - HKCU..Run: [ctfmon.exe] C:WINDOWSsystem32ctfmon.exe O4 - HKCU..Run: [WMPNSCFG] C:ProgramWindows Media PlayerWMPNSCFG.exe O4 - HKCU..Run: [swg] C:ProgramGoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe O4 - HKCU..Run: [MsnMsgr] "C:ProgramWindows LiveMessengermsnmsgr.exe" /background O4 - HKCU..Run: [gStart] C:GarmingStart.exe O4 - HKUSS-1-5-19..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User 'LOKAL TJÄNST') O4 - HKUSS-1-5-20..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUSS-1-5-18..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User 'SYSTEM') O4 - HKUS.DEFAULT..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User 'Default user') O8 - Extra context menu item: &Winamp Toolbar Search - C:Documents and SettingsAll UsersApplication DataWinamp ToolbarieToolbarresourcesen-USlocalsearch.html O8 - Extra context menu item: &Windows Live Search - res://C:ProgramWindows Live Toolbarmsntb.dll/search.htm O8 - Extra context menu item: Add to AMV Converter... - C:ProgramMP3 Player Utilities 4.15AMVConvertergrab.html O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:ProgramMICROS~2OFFICE11EXCEL.EXE/3000 O8 - Extra context menu item: MediaManager tool grab multimedia file - C:ProgramMP3 Player Utilities 4.15MediaManagergrab.html O9 - Extra button: Blogga detta - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:ProgramWindows LiveWriterWriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Blogga detta i Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:ProgramWindows LiveWriterWriterBrowserExtension.dll O9 - Extra button: Referensinformation - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:ProgramMICROS~2OFFICE11REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:ProgramMessengermsmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:ProgramMessengermsmsgs.exe O16 - DPF: {45A0A292-ECC6-4D8F-9EA9-A4BD411D24C1} (king.com) - http://www.king.com/ctl/kingcomie.cab O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game12.zylom.com/activex/zylomgamesplayer.cab O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab O20 - AppInit_DLLs: bjxykt.dll O23 - Service: Automatisk LiveUpdate-schemaläggare - Symantec Corporation - C:ProgramSymantecLiveUpdateALUSchedulerSvc.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:ProgramDelade filerSymantec SharedccEvtMgr.exe O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:ProgramNorton Internet SecurityccPwdSvc.exe O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:ProgramDelade filerSymantec SharedccProxy.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:ProgramDelade filerSymantec SharedccSetMgr.exe O23 - Service: COM Host (comHost) - Symantec Corporation - C:ProgramNorton Internet SecuritycomHost.exe O23 - Service: Google Updater Service (gusvc) - Google - C:ProgramGoogleCommonGoogle UpdaterGoogleUpdaterService.exe O23 - Service: Iap - Dell Inc - C:ProgramDellOpenManageClientIap.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:ProgramJavajre6binjqs.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:WINDOWSsystem32LEXBCES.EXE O23 - Service: LiveUpdate - Symantec Corporation - C:ProgramSymantecLIVEUP~1LUCOMS~1.EXE O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:ProgramDelade filerSymantec SharedPIF{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}PIFSvc.exe O23 - Service: Norton AntiVirus Auto Protect-tjänst (navapsvc) - Symantec Corporation - C:ProgramNorton Internet SecurityNorton AntiVirusnavapsvc.exe O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:ProgramIntelNCSSyncNetSvc.exe O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:ProgramDelade filerSymantec SharedSecurity ConsoleNSCSRVCE.EXE O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:ProgramNorton Internet SecurityNorton AntiVirusSAVScan.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:ProgramDelade filerSymantec SharedSNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:ProgramDelade filerSymantec SharedSPBBCSPBBCSvc.exe O23 - Service: Symantec Core LC - Unknown owner - C:ProgramDelade filerSymantec SharedCCPD-LCsymlcsvc.exe O23 - Service: Symantec RemoteAssist - Symantec, Inc. - C:ProgramDelade filerSymantec SharedSupport Controlsssrc.exe O24 - Desktop Component 0: (no name) - http://www.microsoft.com/windows/plus/imag...ish_150x106.jpg -- End of file - 11308 bytes SDFix: Version 1.240 Run by Administratr on 2008-11-11 at 17:18 Microsoft Windows XP [Version 5.1.2600] Running From: C:SDFix Checking Services : Restoring Default Security Values Restoring Default Hosts File Rebooting Checking Files : Trojan Files Found: C:WINDOWSsystem32weenaeelycpjeprre.exe - Deleted Removing Temp Files ADS Check : Final Check : catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-11-11 17:28:24 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden services & system hive ... scanning hidden registry entries ... scanning hidden files ... scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 0 Remaining Services : Authorized Application Key Export: [HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicystandardprofileauthorizedapplicationslist] "%windir%system32sessmgr.exe"="%windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:ProgramMicrosoft GamesZoo Tycoon 2 Trial Versionzt2demoretail.exe"="C:ProgramMicrosoft GamesZoo Tycoon 2 Trial Versionzt2demoretail.exe:*:Enabled:Zoo Tycoon 2 Demo Executable" "C:ProgramMicrosoft GamesZoo Tycoon 2 Endangered Species Trial Versionzt.exe"="C:ProgramMicrosoft GamesZoo Tycoon 2 Endangered Species Trial Versionzt.exe:*:Enabled:Zoo Tycoon 2 Endangered Species Trial Version Executable" "C:ProgramMessengermsmsgs.exe"="C:ProgramMessengermsmsgs.exe:*:Enabled:Windows Messenger" "C:ProgramuTorrentuTorrent.exe"="C:ProgramuTorrentuTorrent.exe:*:Enabled:æTorrent" "C:ProgramLimeWireLimeWire.exe"="C:ProgramLimeWireLimeWire.exe:*:Enabled:LimeWire" "%windir%Network Diagnosticxpnetdiag.exe"="%windir%Network Diagnosticxpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:ProgramWindows LiveMessengermsnmsgr.exe"="C:ProgramWindows LiveMessengermsnmsgr.exe:*:Enabled:Windows Live Messenger" "C:ProgramWindows LiveMessengerlivecall.exe"="C:ProgramWindows LiveMessengerlivecall.exe:*:Enabled:Windows Live Messenger (Phone)" [HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicydomainprofileauthorizedapplicationslist] "%windir%system32sessmgr.exe"="%windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "%windir%Network Diagnosticxpnetdiag.exe"="%windir%Network Diagnosticxpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:ProgramWindows LiveMessengermsnmsgr.exe"="C:ProgramWindows LiveMessengermsnmsgr.exe:*:Enabled:Windows Live Messenger" "C:ProgramWindows LiveMessengerlivecall.exe"="C:ProgramWindows LiveMessengerlivecall.exe:*:Enabled:Windows Live Messenger (Phone)" Remaining Files : File Backups: - C:SDFixbackupsbackups.zip Files with Hidden Attributes : Tue 28 Oct 2008 33,792 ..SHR --- "C:XXresycledboot.com" Tue 28 Oct 2008 33,792 ..SHR --- "C:XXXresycledboot.com" Sun 28 Oct 2007 4,348 ..SH. --- "C:Documents and SettingsAll UsersDRMDRMv1.bak" Tue 8 May 2007 0 A.SH. --- "C:Documents and SettingsAll UsersDRMCacheIndiv01.tmp" Fri 15 Dec 2006 395,960 A..H. --- "C:Documents and SettingsamandaApplication DataZylom GamesUninstallPlugin.exe" Wed 24 Mar 2004 286,720 A..H. --- "C:Documents and SettingsamandaApplication DataInstallShield Installation Information{0E38CA14-8D20-45CF-8850-8F6213465D00}CTCABEX.DLL" Wed 24 Mar 2004 286,720 A..H. --- "C:Documents and SettingsamandaApplication DataInstallShield Installation Information{88B1984E-36F0-47B8-B8DC-728966807A9C}CTCABEX.DLL" Wed 24 Mar 2004 286,720 A..H. --- "C:Documents and SettingsamandaApplication DataInstallShield Installation Information{AC85CD9E-BC46-4874-90E6-ADB558DE7D9E}CTCABEX.DLL" Sun 8 Apr 2007 16,720 A..H. --- "C:Documents and SettingsamandaApplication DataMicrosoftIdentityCRLppcrlconfig.dll" Thu 16 Sep 2004 10,371 A..H. --- "C:Documents and SettingsamandaApplication DataMicrosoftInternet Explorerbrndlog.bak" Sun 8 Apr 2007 9,084 A..H. --- "C:Documents and SettingsamandaApplication DataMicrosoftOfficefbc20.tmp" Thu 14 Dec 2006 72,849 A..H. --- "C:Documents and SettingsamandaApplication DataSunJavaDeploymentcachejavapiv1.0jarflash.jar-21633a94-7b981737.zip" Fri 15 Dec 2006 72,849 A..H. --- "C:Documents and SettingsamandaApplication DataSunJavaDeploymentcachejavapiv1.0jarflash.jar-3647ed55-24130ae8.zip" Fri 15 Dec 2006 72,849 A..H. --- "C:Documents and SettingsamandaApplication DataSunJavaDeploymentcachejavapiv1.0jarflash.jar-2bb8af6d-48732dcd.zip" Fri 15 Dec 2006 332,415 A..H. --- "C:Documents and SettingsamandaApplication DataSunJavaDeploymentcachejavapiv1.0jartextexpress.2.0.2.jar-6dc418d1-50f3ea45.zip" Sat 13 Jan 2007 332,415 A..H. --- "C:Documents and SettingsamandaApplication DataSunJavaDeploymentcachejavapiv1.0jartextexpress.2.0.2.jar-2f16008e-18d26241.zip" Sat 29 Apr 2006 55,060 A..H. --- "C:Documents and SettingsamandaApplication DataSunJavaDeploymentcachejavapiv1.0jartrapped.jar-27990b01-12b9740c.zip" Finished!
Guest Malou Posted November 11, 2008 Posted November 11, 2008 Hej igen StefanT! Vill höra med dig om du eventuellt har Externa hårddiskar, USB-minnen och/eller liknande? SDFix hittade och åtgärdade en elaking. Mycket bra. OBS: Då du har gjort nedanstående procedur så kan du få upp felmeddelande ang saknad DDL-fil. Detta är inget att bry sig om. Det är Vundoinfektionen som försöker att få stanna kvar. Detta kommer att upphöra då vi är klara med allt. Skriv ut nedanstående eller kopiera det till ett textdokument och spara det till skrivbordet: Läs/Följ Instruktionerna mycket noga Öppna TM HJT => klicka på Do a system scan only-knappen => Bocka för nedanstående detaljer => Stäng ner Webbläsaren => klicka på Fix Checked-knappen: R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:ProgramMacrogamingSweetIMBarForIEtoolbar.dll O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:ProgramMacrogamingSweetIMBarForIEtoolbar.dll O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game12.zylom.com/activex/zylomgamesplayer.cab O20 - AppInit_DLLs: bjxykt.dll O24 - Desktop Component 0: (no name) - http://www.microsoft.com/windows/plus/imag...ish_150x106.jpg Då du gjort ovanstående: Starta om datorn till felsäkert läge (tryck F8-Tangenten upprepade gånger under uppstarten och välj felsäkert läge): För att hitta det du nu skall leta upp gör nedanstående: Ställ in Utforskaren så du kan se alla filer: 1: Högerklicka på Start-knappen 2: Välj Utforska 3: I verktygsfältet klicka på => Verktyg => Mappalternativ 4: Välj fliken => Visning sätt en bock i => Visa dolda filer och mappar 5: Avbocka Dölj filnamnstillägg för kända filtyper 6: Avbocka Dölj skyddade operativsystemfiler Sök/Leta reda på: Navigera dig fram enligt nedanstående sökväg och deleta mappen samt filen C:ProgramMacrogaming<=Deleta hela mappen Macrogaming Den här nedanstående filen ser jag tyvärr inte var den ligger. Troligen så finns den i => C:WindowsSystem32 Men gör en sökning över hela datorn och om den hittas så deleta filen bjxykt.dll<=Deleta filen om den hittas Vidare: Fortfarande felsäkert läge: Gå till Start => Kör => Skriv sen i Kör fältet cleanmgr => Klicka Ok-knappen Bocka i de här nedanstående och putsa bort dom Temporary Files Temporary Internet Files Recycle Bin Nu: Starta om datorn till normalläge igen: Om du har problem med din bakgrundsbild: Du borde nu kunna ställa in det som du vill ha det i Bildskärmsegenskaperna. 1: Ta fram Kontrollpanelen 2: Bildskärm 3: Skrivbord 4: Anpassa skrivbordet 5: Webb 6: Avbocka Security Info / privacy protection eller liknande om det finns. Gör en ny scanning med ett uppdaterat Malwarebytes' Anti-Malware. 1: Kopiera in loggan du får fram från Malwarebytes' 2: Gör en ny TM HJT-logga kopiera in den hit så får vi se hur det ser ut. 3: Berätta/Tala om hur datorn mår och om där kvarstår problem. MVH/Malou
StefanT Posted November 12, 2008 Author Posted November 12, 2008 Hej. Så här ser dagens resultat ut . Har en extern hårddisk som jag använder på den här datorn ytterst sällan. Ska köra en check på den oxå i alla fall. //Stefan Malwarebytes' Anti-Malware 1.30 Databasversion: 1387 Windows 5.1.2600 Service Pack 3 2008-11-12 12:47:50 mbam-log-2008-11-12 (12-47-50).txt Skanningstyp: Fullständig skanning (C:|) Antal skannade objekt: 183769 Förfluten tid: 1 hour(s), 43 minute(s), 42 second(s) Infekterade minnesprocesser: 0 Infekterade minnesmoduler: 0 Infekterade registernycklar: 0 Infekterade registervärden: 0 Infekterade registerdataposter: 6 Infekterade mappar: 0 Infekterade filer: 0 Infekterade minnesprocesser: (Inga illasinnade poster hittades) Infekterade minnesmoduler: (Inga illasinnade poster hittades) Infekterade registernycklar: (Inga illasinnade poster hittades) Infekterade registervärden: (Inga illasinnade poster hittades) Infekterade registerdataposter: HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesTcpipParametersDhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.83 192.168.0.1 -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesTcpipParametersInterfaces{7ef5bb9b-24d6-4aa6-a938-6d497ebdca75}DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.83 192.168.0.1 -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINESYSTEMControlSet001ServicesTcpipParametersDhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.83 192.168.0.1 -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINESYSTEMControlSet001ServicesTcpipParametersInterfaces{7ef5bb9b-24d6-4aa6-a938-6d497ebdca75}DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.83 192.168.0.1 -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINESYSTEMControlSet002ServicesTcpipParametersDhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.83 192.168.0.1 -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINESYSTEMControlSet002ServicesTcpipParametersInterfaces{7ef5bb9b-24d6-4aa6-a938-6d497ebdca75}DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.83 192.168.0.1 -> Quarantined and deleted successfully. Infekterade mappar: (Inga illasinnade poster hittades) Infekterade filer: (Inga illasinnade poster hittades) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 12:52:23, on 2008-11-12 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16735) Boot mode: Normal Running processes: C:WINDOWSSystem32smss.exe C:WINDOWSsystem32winlogon.exe C:WINDOWSsystem32services.exe C:WINDOWSsystem32lsass.exe C:WINDOWSsystem32svchost.exe C:WINDOWSSystem32svchost.exe C:ProgramDelade filerSymantec SharedccSetMgr.exe C:ProgramDelade filerSymantec SharedccEvtMgr.exe C:ProgramDelade filerSymantec SharedccProxy.exe C:ProgramDelade filerSymantec SharedPIF{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}PIFSvc.exe C:ProgramDelade filerSymantec SharedSNDSrvc.exe C:ProgramDelade filerSymantec SharedSPBBCSPBBCSvc.exe C:ProgramDelade filerSymantec SharedCCPD-LCsymlcsvc.exe C:WINDOWSExplorer.EXE C:WINDOWSsystem32LEXBCES.EXE C:WINDOWSsystem32LEXPPS.EXE C:WINDOWSsystem32spoolsv.exe C:ProgramQuickTimeqttask.exe C:WINDOWSsystem32LXSUPMON.EXE C:WINDOWSsystem32igfxpers.exe C:WINDOWSsystem32hkcmd.exe C:ProgramCyberLinkPowerDVDDVDLauncher.exe C:ProgramDelade filerSymantec SharedccApp.exe C:ProgramJavajre6binjusched.exe C:WINDOWSsystem32ctfmon.exe C:ProgramGoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe C:ProgramWindows LiveMessengermsnmsgr.exe C:ProgramSymantecLiveUpdateALUSchedulerSvc.exe C:GarmingStart.exe C:ProgramWindows Media PlayerWMPNSCFG.exe C:WINDOWSSystem32svchost.exe C:ProgramDellOpenManageClientIap.exe C:ProgramJavajre6binjqs.exe C:ProgramMicrosoft SQL ServerMSSQL$SPCSBinnsqlservr.exe C:ProgramNorton Internet SecurityNorton AntiVirusnavapsvc.exe C:WINDOWSsystem32svchost.exe C:ProgramTrend MicroHijackThisCatha.exe C:ProgramMessengermsmsgs.exe C:WINDOWSsystem32wuauclt.exe C:ProgramDelade filerSymantec SharedSecurity ConsoleNSCSRVCE.EXE R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = https://upplandsbro.skola24.se/ R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www1.euro.dell.com/content/default....;l=sv&s=gen R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Länkar O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:ProgramJavajre6binssv.dll O2 - BHO: Windows Live inloggningshjälpen - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:ProgramDelade filerMicrosoft SharedWindows LiveWindowsLiveLogin.dll O2 - BHO: Norton Internet Security 2006 - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:ProgramDelade filerSymantec SharedAdBlockingNISShExt.dll O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:ProgramNorton Internet SecurityNorton AntiVirusNavShExt.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:programgooglegoogletoolbar1.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:ProgramGoogleGoogleToolbarNotifier3.1.807.1746swg.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:ProgramWindows Live Toolbarmsntb.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:ProgramJavajre6binjp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:ProgramJavajre6libdeployjqsiejqs_plugin.dll O3 - Toolbar: Norton Internet Security 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:ProgramDelade filerSymantec SharedAdBlockingNISShExt.dll O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:ProgramNorton Internet SecurityNorton AntiVirusNavShExt.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:programgooglegoogletoolbar1.dll O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:ProgramWinamp Toolbarwinamptb.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:ProgramWindows Live Toolbarmsntb.dll O4 - HKLM..Run: [symantec PIF AlertEng] "C:ProgramDelade filerSymantec SharedPIF{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}PIFSvc.exe" /a /m "C:ProgramDelade filerSymantec SharedPIF{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}AlertEng.dll" O4 - HKLM..Run: [QuickTime Task] "C:ProgramQuickTimeqttask.exe" -atboottime O4 - HKLM..Run: [LXSUPMON] C:WINDOWSsystem32LXSUPMON.EXE RUN O4 - HKLM..Run: [igfxtray] C:WINDOWSsystem32igfxtray.exe O4 - HKLM..Run: [igfxpers] C:WINDOWSsystem32igfxpers.exe O4 - HKLM..Run: [igfxhkcmd] C:WINDOWSsystem32hkcmd.exe O4 - HKLM..Run: [DVDLauncher] "C:ProgramCyberLinkPowerDVDDVDLauncher.exe" O4 - HKLM..Run: [ccApp] "C:ProgramDelade filerSymantec SharedccApp.exe" O4 - HKLM..Run: [Adobe Reader Speed Launcher] "C:ProgramAdobeReader 8.0ReaderReader_sl.exe" O4 - HKLM..Run: [sunJavaUpdateSched] "C:ProgramJavajre6binjusched.exe" O4 - HKCU..Run: [ctfmon.exe] C:WINDOWSsystem32ctfmon.exe O4 - HKCU..Run: [swg] C:ProgramGoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe O4 - HKCU..Run: [MsnMsgr] "C:ProgramWindows LiveMessengermsnmsgr.exe" /background O4 - HKCU..Run: [gStart] C:GarmingStart.exe O4 - HKCU..Run: [WMPNSCFG] C:ProgramWindows Media PlayerWMPNSCFG.exe O4 - HKUSS-1-5-19..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User 'LOKAL TJÄNST') O4 - HKUSS-1-5-20..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUSS-1-5-18..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User 'SYSTEM') O4 - HKUS.DEFAULT..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User 'Default user') O8 - Extra context menu item: &Winamp Toolbar Search - C:Documents and SettingsAll UsersApplication DataWinamp ToolbarieToolbarresourcesen-USlocalsearch.html O8 - Extra context menu item: &Windows Live Search - res://C:ProgramWindows Live Toolbarmsntb.dll/search.htm O8 - Extra context menu item: Add to AMV Converter... - C:ProgramMP3 Player Utilities 4.15AMVConvertergrab.html O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:ProgramMICROS~2OFFICE11EXCEL.EXE/3000 O8 - Extra context menu item: MediaManager tool grab multimedia file - C:ProgramMP3 Player Utilities 4.15MediaManagergrab.html O9 - Extra button: Blogga detta - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:ProgramWindows LiveWriterWriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Blogga detta i Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:ProgramWindows LiveWriterWriterBrowserExtension.dll O9 - Extra button: Referensinformation - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:ProgramMICROS~2OFFICE11REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:ProgramMessengermsmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:ProgramMessengermsmsgs.exe O16 - DPF: {45A0A292-ECC6-4D8F-9EA9-A4BD411D24C1} (king.com) - http://www.king.com/ctl/kingcomie.cab O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab O23 - Service: Automatisk LiveUpdate-schemaläggare - Symantec Corporation - C:ProgramSymantecLiveUpdateALUSchedulerSvc.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:ProgramDelade filerSymantec SharedccEvtMgr.exe O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:ProgramNorton Internet SecurityccPwdSvc.exe O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:ProgramDelade filerSymantec SharedccProxy.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:ProgramDelade filerSymantec SharedccSetMgr.exe O23 - Service: COM Host (comHost) - Symantec Corporation - C:ProgramNorton Internet SecuritycomHost.exe O23 - Service: Google Updater Service (gusvc) - Google - C:ProgramGoogleCommonGoogle UpdaterGoogleUpdaterService.exe O23 - Service: Iap - Dell Inc - C:ProgramDellOpenManageClientIap.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:ProgramJavajre6binjqs.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:WINDOWSsystem32LEXBCES.EXE O23 - Service: LiveUpdate - Symantec Corporation - C:ProgramSymantecLIVEUP~1LUCOMS~1.EXE O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:ProgramDelade filerSymantec SharedPIF{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}PIFSvc.exe O23 - Service: Norton AntiVirus Auto Protect-tjänst (navapsvc) - Symantec Corporation - C:ProgramNorton Internet SecurityNorton AntiVirusnavapsvc.exe O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:ProgramIntelNCSSyncNetSvc.exe O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:ProgramDelade filerSymantec SharedSecurity ConsoleNSCSRVCE.EXE O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:ProgramNorton Internet SecurityNorton AntiVirusSAVScan.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:ProgramDelade filerSymantec SharedSNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:ProgramDelade filerSymantec SharedSPBBCSPBBCSvc.exe O23 - Service: Symantec Core LC - Unknown owner - C:ProgramDelade filerSymantec SharedCCPD-LCsymlcsvc.exe O23 - Service: Symantec RemoteAssist - Symantec, Inc. - C:ProgramDelade filerSymantec SharedSupport Controlsssrc.exe -- End of file - 10278 bytes
Guest Malou Posted November 12, 2008 Posted November 12, 2008 Hej StefanT! Har en extern hårddisk som jag använder på den här datorn ytterst sällan. Ska köra en check på den oxå i alla fall. Ok anledningen till att jag frågade om detta är att jag hittade detaljer som tyder på att du har något som har med externa hårddiskar, USB-minnen och liknande att göra C:XXresycledboot.com C:XXXresycledboot.com Om där finns en infektion på den typen av enheter så finns det finns ett program som man kan ta till för att ta bort infektionen om där finns någon. Om där finns så kan förhoppningsvis nedanstående vara dig till hjälp. Ladda ner Flash Disinfector by sUBs till Skrivbordet: http://www.techsupportforum.com/sectools/s...h_Disinfector.e xe Dubbelklicka på den nedladdade filen för att starta programmet. Följ de anvisningar som kommer upp. När det står att du ska sätta in flash-diskar så stoppar du in de USB-minnen etc som kan tänkas vara infekterade. När allt är klart så avsluta programmet och starta om datorn. ********************************************************************************** Över till din dator Malwarebytes' Anti-Malware har hittat och åtgärdat otyg. Din TM HJT-logga ser numera ren och fin ut igen. Mycket bra och du har dessutom gjort ett mycket bra jobb Hur mår datorn nu? Kvarstår där några problem? MVH/Malou
StefanT Posted November 12, 2008 Author Posted November 12, 2008 Hej igen Har kört Malware och den hittar 6 infekterade registerdataposter hela tiden. Ngt att bry sej om ? Annars fungerar datorn väldigt bra nu, det är som att trimma bilen, den blir bara bättre och bättre... Tack för hjälpen//Stefan Malwarebytes' Anti-Malware 1.30 Databasversion: 1387 Windows 5.1.2600 Service Pack 3 2008-11-12 18:52:34 mbam-log-2008-11-12 (18-52-34).txt Skanningstyp: Fullständig skanning (C:|) Antal skannade objekt: 179789 Förfluten tid: 2 hour(s), 12 minute(s), 34 second(s) Infekterade minnesprocesser: 0 Infekterade minnesmoduler: 0 Infekterade registernycklar: 0 Infekterade registervärden: 0 Infekterade registerdataposter: 6 Infekterade mappar: 0 Infekterade filer: 0 Infekterade minnesprocesser: (Inga illasinnade poster hittades) Infekterade minnesmoduler: (Inga illasinnade poster hittades) Infekterade registernycklar: (Inga illasinnade poster hittades) Infekterade registervärden: (Inga illasinnade poster hittades) Infekterade registerdataposter: HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesTcpipParametersDhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.83 192.168.0.1 -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesTcpipParametersInterfaces{7ef5bb9b-24d6-4aa6-a938-6d497ebdca75}DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.83 192.168.0.1 -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINESYSTEMControlSet001ServicesTcpipParametersDhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.83 192.168.0.1 -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINESYSTEMControlSet001ServicesTcpipParametersInterfaces{7ef5bb9b-24d6-4aa6-a938-6d497ebdca75}DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.83 192.168.0.1 -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINESYSTEMControlSet002ServicesTcpipParametersDhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.83 192.168.0.1 -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINESYSTEMControlSet002ServicesTcpipParametersInterfaces{7ef5bb9b-24d6-4aa6-a938-6d497ebdca75}DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.83 192.168.0.1 -> Quarantined and deleted successfully. Infekterade mappar: (Inga illasinnade poster hittades) Infekterade filer: (Inga illasinnade poster hittades)
Recommended Posts