Långsammare och långsammare

**RB211** · #1 4 april 2008, 10:57

Efter hämta några saker min dator blir långsammare och långsammare med irriterande spyware / malware lägga poppar upp att jag skränande bli av. Please help killar ..

**Hybr! D** · #2 4 april 2008, 11:02

Börja här: http://www.computer-juice.com/forums...-posting-7476/

**RB211** · #3 4 april 2008, 14:51

ok detta är första logg. Jag tar det jag bara fortsätta?

SUPERAntiSpyware Scan Log
http://www.superantispyware.com
Skapad 04.04.2008 vid 10:06
Application Version: 4.0.1154
Core Rules Database Version: 3431
Trace Rules Database Version: 1423
Scan type: Complete Scan
Total Scan Time: 01:41:45
Memory ex skannade: 703
Memory hot upptäcks: 1
Registreringsenheten ex skannade: 5826
Registreringsenheten hot upptäcktes: 43
Arkiv ex skannade: 289779
Arkiv hot upptäcks: 158
Adware.Vundo Variant / Resident
C: \ WINDOWS \ system32 \ MLJJJ.DLL
C: \ WINDOWS \ system32 \ MLJJJ.DLL
Trojan.WinFixer
HKLM \ Software \ Classes \ CLSID \ (09888678-51D6-42FC-9437-CBBFDA0B86EA)
HKCR \ CLSID \ (09888678-51D6-42FC-9437-CBBFDA0B86EA)
HKCR \ CLSID \ (09888678-51D6-42FC-9437-CBBFDA0B86EA) \ InprocServer32
HKCR \ CLSID \ (09888678-51D6-42FC-9437-CBBFDA0B86EA) \ InprocServer32 # ThreadingModel
HKLM \ Software \ Classes \ CLSID \ (6800D574-80D6-4F0F-B6C9-E590AF2F999B)
HKCR \ CLSID \ (6800D574-80D6-4F0F-B6C9-E590AF2F999B)
HKCR \ CLSID \ (6800D574-80D6-4F0F-B6C9-E590AF2F999B) \ InprocServer32
HKCR \ CLSID \ (6800D574-80D6-4F0F-B6C9-E590AF2F999B) \ InprocServer32 # ThreadingModel
C: \ WINDOWS \ system32 \ JKKLL.DLL
HKLM \ Software \ Microsoft \ Windows \ CurrentVersion \ Exp lorer \ Browser Helper Objects \ (09888678-51D6-42FC-9437-CBBFDA0B86EA)
Adware.Vundo Variant
HKLM \ Software \ Classes \ CLSID \ (3FECA576-7AD2-4E11-A6AD-6B59D4FB5DB9)
HKCR \ CLSID \ (3FECA576-7AD2-4E11-A6AD-6B59D4FB5DB9)
HKCR \ CLSID \ (3FECA576-7AD2-4E11-A6AD-6B59D4FB5DB9) \ InprocServer32
HKCR \ CLSID \ (3FECA576-7AD2-4E11-A6AD-6B59D4FB5DB9) \ InprocServer32 # ThreadingModel
C: \ WINDOWS \ system32 \ TUVSQPQ.DLL
HKLM \ Software \ Classes \ CLSID \ (D85530E8-D39D-49D0-9F36-300D594556D2)
HKCR \ CLSID \ (D85530E8-D39D-49D0-9F36-300D594556D2)
HKCR \ CLSID \ (D85530E8-D39D-49D0-9F36-300D594556D2) \ InprocServer32
HKCR \ CLSID \ (D85530E8-D39D-49D0-9F36-300D594556D2) \ InprocServer32 # ThreadingModel
C: \ WINDOWS \ system32 \ YAYWUVW.DLL
HKLM \ Software \ Microsoft \ Windows \ CurrentVersion \ Exp lorer \ Browser Helper Objects \ (3FECA576-7AD2-4E11-A6AD-6B59D4FB5DB9)
HKLM \ Software \ Microsoft \ Windows \ CurrentVersion \ Exp lorer \ ShellExecuteHooks # (D85530E8-D39D-49D0-9F36-300D594556D2)
HKLM \ Software \ Microsoft \ Windows \ CurrentVersion \ Exp lorer \ ShellExecuteHooks # (3FECA576-7AD2-4E11-A6AD-6B59D4FB5DB9)
HKCR \ CLSID \ (3FECA576-7AD2-4E11-A6AD-6B59D4FB5DB9)
HKCR \ CLSID \ (D85530E8-D39D-49D0-9F36-300D594556D2)
Unclassified.Unknown Ursprung
HKLM \ Software \ Classes \ CLSID \ (F4F10C1D-87C7-404A-B4B3-000000000000)
HKCR \ CLSID \ (F4F10C1D-87C7-404A-B4B3-000000000000)
HKCR \ CLSID \ (F4F10C1D-87C7-404A-B4B3-000000000000)
HKCR \ CLSID \ (F4F10C1D-87C7-404A-B4B3-000000000000) \ InprocServer32
HKCR \ CLSID \ (F4F10C1D-87C7-404A-B4B3-000000000000) \ InprocServer32 # ThreadingModel
HKCR \ CLSID \ (F4F10C1D-87C7-404A-B4B3-000000000000) \ ProgID
HKCR \ CLSID \ (F4F10C1D-87C7-404A-B4B3-000000000000) \ Programplanerat
HKCR \ CLSID \ (F4F10C1D-87C7-404A-B4B3-000000000000) \ TypeLib
HKCR \ CLSID \ (F4F10C1D-87C7-404A-B4B3-000000000000) \ VersionIndependentProgID
C: \ progra ~ 1 \ DAP \ SBSEARCH.DLL
HKU \ S-1-5-21-73586283-1326574676-839522115-1004 \ Software \ Microsoft \ Internet Explorer \ URLSearchHooks # (F4F10C1D-87C7-404A-B4B3-000000000000)
HKCR \ SearchHook.SrchHook.1
HKCR \ SearchHook.SrchHook
HKCR \ TypeLib \ (95EFB171-F3DF-4BEC-9EF7-829A800203E6)
HKCR \ TypeLib \ (95EFB171-F3DF-4BEC-9EF7-829A800203E6) \ 1.0
HKCR \ TypeLib \ (95EFB171-F3DF-4BEC-9EF7-829A800203E6) \ 1.0 \ 0
HKCR \ TypeLib \ (95EFB171-F3DF-4BEC-9EF7-829A800203E6) \ 1.0 \ 0 \ win32
HKCR \ TypeLib \ (95EFB171-F3DF-4BEC-9EF7-829A800203E6) \ 1.0 \ FLAGS
HKCR \ TypeLib \ (95EFB171-F3DF-4BEC-9EF7-829A800203E6) \ 1.0 \ HELPDIR
Adware.Tracking Cookie
C: \ Documents and Settings \ Danny \ Cookies \ danny @ tjänstgör-sys [1]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny @ tribalfusion [1]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny @ DoubleClick [1]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny@bs.serving-sys [1]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny@bs.serving-sys [2]. Txt
C: \ Documents and Settings \ Roz \ Cookies \ roz@ad.yieldmanager [2]. Txt
C: \ Documents and Settings \ Roz \ Cookies \ roz@ad.zanox [1]. Txt
C: \ Documents and Settings \ Roz \ Cookies \ Roz @ adnetserver [1]. Txt
C: \ Documents and Settings \ Roz \ Cookies \ roz@ads.alpharooms [2]. Txt
C: \ Documents and Settings \ Roz \ Cookies \ roz@ads1.alpharooms [2]. Txt
C: \ Documents and Settings \ Roz \ Cookies \ roz@ads2.alpharooms [1]. Txt
C: \ Documents and Settings \ Roz \ Cookies \ roz@ads3.alpharooms [1]. Txt
C: \ Documents and Settings \ Roz \ Cookies \ roz@ads4.alpharooms [1]. Txt
C: \ Documents and Settings \ Roz \ Cookies \ Roz @ adultfriendfinder [2]. Txt
C: \ Documents and Settings \ Roz \ Cookies \ Roz @ gostats [2]. Txt
C: \ Documents and Settings \ Roz \ Cookies \ Roz @ hornymatches [2]. Txt
C: \ Documents and Settings \ Roz \ Cookies \ Roz @ indexstats [1]. Txt
C: \ Documents and Settings \ Roz \ Cookies \ Roz @ indexstats [3]. Txt
C: \ Documents and Settings \ Roz \ Cookies \ Roz @ linksynergy [1]. Txt
C: \ Documents and Settings \ Roz \ Cookies \ roz@media2.mediafileshost [2]. Txt
C: \ Documents and Settings \ Roz \ Cookies \ Roz @ statcounter [1]. Txt
C: \ Documents and Settings \ Roz \ Cookies \ roz@statse.webtrendslive [2]. Txt
C: \ Documents and Settings \ Roz \ Cookies \ roz@tracking.summitmedia.co [1]. Txt
C: \ Documents and Settings \ Roz \ Cookies \ roz@webstats.wthosting.co [2]. Txt
C: \ Documents and Settings \ Roz \ Cookies \ roz@www.admedia365 [2]. Txt
C: \ Documents and Settings \ Roz \ Cookies \ roz@www.admedia365 [3]. Txt
C: \ Documents and Settings \ Roz \ Cookies \ roz@www.hxtrack [2]. Txt
H: \ Documents and Settings \ Rozzie \ Cookies \ rozzie @ indexstats [2]. Txt
H: \ Documents and Settings \ Rozzie \ Cookies \ rozzie@pc-finder.co [2]. Txt
H: \ Documents and Settings \ Rozzie \ Cookies \ rozzie@www.pc-finder.co [2]. Txt
H: \ Nyare Docs & Satser \ Rozzie \ Cookies \ rozzie @ indexstats [2]. Txt
H: \ Nyare Docs & Satser \ Rozzie \ Cookies \ rozzie@pc-finder.co [2]. Txt
H: \ Nyare Docs & Satser \ Rozzie \ Cookies \ rozzie@www.pc-finder.co [2]. Txt
H: \ Rozzie \ Cookies \ rozzie @ indexstats [2]. Txt
H: \ Rozzie \ Cookies \ rozzie@pc-finder.co [2]. Txt
H: \ Rozzie \ Cookies \ rozzie@www.pc-finder.co [2]. Txt
Trojan.Unknown Ursprung
C: \ WINDOWS \ system32 \ nGpxx01
HKLM \ Software \ xpre
HKLM \ Software \ xpre # execount
Adware.VXGame-Trace
HKU \ S-1-5-21-73586283-1326574676-839522115-1005 \ Software \ kernelexe
Adware.Vundo Variant / Rel
C: \ WINDOWS \ system32 \ ACCDD.INI
C: \ WINDOWS \ system32 \ ACCDD.INI2
C: \ WINDOWS \ system32 \ ILKKJ.INI
C: \ WINDOWS \ system32 \ ILKKJ.INI2
C: \ WINDOWS \ system32 \ JJJLM.INI
C: \ WINDOWS \ system32 \ JJJLM.INI2
C: \ WINDOWS \ system32 \ LLKKJ.INI
C: \ WINDOWS \ system32 \ LLKKJ.INI2
C: \ WINDOWS \ system32 \ LNNMP.INI2
C: \ WINDOWS \ system32 \ MCRH.TMP
C: \ WINDOWS \ system32 \ RRQSS.INI
C: \ WINDOWS \ system32 \ VVVWA.INI2
Adware.Vundo-Variant
C: \ WINDOWS \ system32 \ DDCCA.DLL
C: \ WINDOWS \ system32 \ SSQRR.DLL
Trace.Known Threat Källor
C: \ Documents and Settings \ Roz \ Lokala inställningar \ Temporary Internet Files \ Content.IE5 \ W9AJSLIB \ index [1]. Htm
C: \ Documents and Settings \ Roz \ Lokala inställningar \ Temporary Internet Files \ Content.IE5 \ WTAN0PYF \ botten [2]. Gif
C: \ Documents and Settings \ Roz \ Lokala inställningar \ Temporary Internet Files \ Content.IE5 \ WTAN0PYF \ i53b_t1 [1]. Gif
C: \ Documents and Settings \ Roz \ Lokala inställningar \ Temporary Internet Files \ Content.IE5 \ 4P6RS5MF \ CAXOO75T.htm
C: \ Documents and Settings \ Roz \ Lokala inställningar \ Temporary Internet Files \ Content.IE5 \ WTAN0PYF \ xrest [1]. Gif
C: \ Documents and Settings \ Roz \ Lokala inställningar \ Temporary Internet Files \ Content.IE5 \ W9AJSLIB \ ajax [1]. Htm
C: \ Documents and Settings \ Roz \ Lokala inställningar \ Temporary Internet Files \ Content.IE5 \ CTY381ER \ verx [1]. Gif
C: \ Documents and Settings \ Roz \ Lokala inställningar \ Temporary Internet Files \ Content.IE5 \ WTAN0PYF \ i701_brd-top-1 [1]. Gif
C: \ Documents and Settings \ Roz \ Lokala inställningar \ Temporary Internet Files \ Content.IE5 \ WTAN0PYF \ chefer [1]. Htm
C: \ Documents and Settings \ Roz \ Lokala inställningar \ Temporary Internet Files \ Content.IE5 \ WTAN0PYF \ errorhandler [2]. Htm
C: \ Documents and Settings \ Roz \ Lokala inställningar \ Temporary Internet Files \ Content.IE5 \ CTY381ER \ i701_line2 [1]. Jpg
C: \ Documents and Settings \ Roz \ Lokala inställningar \ Temporary Internet Files \ Content.IE5 \ W9AJSLIB \ i701_boton1 [1]. Gif
C: \ Documents and Settings \ Roz \ Lokala inställningar \ Temporary Internet Files \ Content.IE5 \ WTAN0PYF \ errorhandler [1]. Htm
C: \ Documents and Settings \ Roz \ Lokala inställningar \ Temporary Internet Files \ Content.IE5 \ WTAN0PYF \ niz [1]. Gif
C: \ Documents and Settings \ Roz \ Lokala inställningar \ Temporary Internet Files \ Content.IE5 \ 4P6RS5MF \ errorhandler [1]. Htm
C: \ Documents and Settings \ Roz \ Lokala inställningar \ Temporary Internet Files \ Content.IE5 \ CTY381ER \ i53b_btn-funktioner [1]. Gif
C: \ Documents and Settings \ Roz \ Lokala inställningar \ Temporary Internet Files \ Content.IE5 \ W9AJSLIB \ i701_cor-vänster-1 [1]. Gif
C: \ Documents and Settings \ Roz \ Lokala inställningar \ Temporary Internet Files \ Content.IE5 \ CTY381ER \ i53b_icon3 [1]. Gif
C: \ Documents and Settings \ Roz \ Lokala inställningar \ Temporary Internet Files \ Content.IE5 \ 4P6RS5MF \ crypt [1]. Htm
C: \ Documents and Settings \ Roz \ Lokala inställningar \ Temporary Internet Files \ Content.IE5 \ 4P6RS5MF \ fönstret [1]. Js
C: \ Documents and Settings \ Roz \ Lokala inställningar \ Temporary Internet Files \ Content.IE5 \ W9AJSLIB \ clean [1]. Htm
C: \ Documents and Settings \ Roz \ Lokala inställningar \ Temporary Internet Files \ Content.IE5 \ W9AJSLIB \ i53b_bg1 [1]. Gif
C: \ Documents and Settings \ Roz \ Lokala inställningar \ Temporary Internet Files \ Content.IE5 \ W9AJSLIB \ statistik [1]. Gif
C: \ Documents and Settings \ Roz \ Lokala inställningar \ Temporary Internet Files \ Content.IE5 \ W9AJSLIB \ början [1]. Gif
C: \ Documents and Settings \ Roz \ Lokala inställningar \ Temporary Internet Files \ Content.IE5 \ SDWBGNOV \ main_02 [1]. Gif
C: \ Documents and Settings \ Roz \ Lokala inställningar \ Temporary Internet Files \ Content.IE5 \ W9AJSLIB \ CASL6F4X.htm
C: \ Documents and Settings \ Roz \ Lokala inställningar \ Temporary Internet Files \ Content.IE5 \ W9AJSLIB \ i53b_line2 [1]. Gif
C: \ Documents and Settings \ Roz \ Lokala inställningar \ Temporary Internet Files \ Content.IE5 \ 4P6RS5MF \ i701_cor högra-1 [1]. Gif
C: \ Documents and Settings \ Roz \ Lokala inställningar \ Temporary Internet Files \ Content.IE5 \ AHGZAXI5 \ rekommendera [1]. Gif
C: \ Documents and Settings \ Roz \ Lokala inställningar \ Temporary Internet Files \ Content.IE5 \ W9AJSLIB \ i53b_icon5 [1]. Gif
C: \ Documents and Settings \ Roz \ Lokala inställningar \ Temporary Internet Files \ Content.IE5 \ W9AJSLIB \ styles [5]. Css
C: \ Documents and Settings \ Roz \ Lokala inställningar \ Temporary Internet Files \ Content.IE5 \ ZLGK0BFB \ off_2 [1]. Gif
C: \ Documents and Settings \ Roz \ Lokala inställningar \ Temporary Internet Files \ Content.IE5 \ 4P6RS5MF \ i701_bg2 [1]. Gif
C: \ Documents and Settings \ Roz \ Lokala inställningar \ Temporary Internet Files \ Content.IE5 \ W9AJSLIB \ framsteg [1]. Gif
C: \ Documents and Settings \ Roz \ Lokala inställningar \ Temporary Internet Files \ Content.IE5 \ CTY381ER \ i53b_btn-översikt [1]. Gif
C: \ Documents and Settings \ Roz \ Lokala inställningar \ Temporary Internet Files \ Content.IE5 \ CTY381ER \ index [5]. Htm
C: \ Documents and Settings \ Roz \ Lokala inställningar \ Temporary Internet Files \ Content.IE5 \ CTY381ER \ statistik [1]. Gif
C: \ Documents and Settings \ Roz \ Lokala inställningar \ Temporary Internet Files \ Content.IE5 \ W9AJSLIB \ i701_bg3 [1]. Jpg
C: \ Documents and Settings \ Roz \ Lokala inställningar \ Temporary Internet Files \ Content.IE5 \ 8NKJEV4R \ bottom_r_2 [1]. Gif
C: \ Documents and Settings \ Roz \ Lokala inställningar \ Temporary Internet Files \ Content.IE5 \ 4P6RS5MF \ brådskande [1]. Gif
C: \ Documents and Settings \ Roz \ Lokala inställningar \ Temporary Internet Files \ Content.IE5 \ W9AJSLIB \ errorhandler [1]. Htm
C: \ Documents and Settings \ Roz \ Lokala inställningar \ Temporary Internet Files \ Content.IE5 \ 4P6RS5MF \ AC_RunActiveContent [1]. Htm
C: \ Documents and Settings \ Roz \ Lokala inställningar \ Temporary Internet Files \ Content.IE5 \ 4P6RS5MF \ midle [1]. Gif
C: \ Documents and Settings \ Roz \ Lokala inställningar \ Temporary Internet Files \ Content.IE5 \ QX8BMXM5 \ styles [2]. Css
C: \ Documents and Settings \ Roz \ Lokala inställningar \ Temporary Internet Files \ Content.IE5 \ 4P6RS5MF \ i53b_boton4 [1]. Gif
C: \ Documents and Settings \ Roz \ Lokala inställningar \ Temporary Internet Files \ Content.IE5 \ WTAN0PYF \ i53b_btn köp [1]. Gif
C: \ Documents and Settings \ Roz \ Lokala inställningar \ Temporary Internet Files \ Content.IE5 \ W9AJSLIB \ spacer [4]. Gif
C: \ Documents and Settings \ Roz \ Lokala inställningar \ Temporary Internet Files \ Content.IE5 \ 4P6RS5MF \ ajax [1]. Htm
C: \ Documents and Settings \ Roz \ Lokala inställningar \ Temporary Internet Files \ Content.IE5 \ G92ZKB2T \ varumärke [1]. Gif
C: \ Documents and Settings \ Roz \ Lokala inställningar \ Temporary Internet Files \ Content.IE5 \ CX8VSB4B \ bottom_r [1]. Gif
C: \ Documents and Settings \ Roz \ Lokala inställningar \ Temporary Internet Files \ Content.IE5 \ CTY381ER \ crypt [1]. Htm
C: \ Documents and Settings \ Roz \ Lokala inställningar \ Temporary Internet Files \ Content.IE5 \ LO76ZR17 \ errsnd [1]. Swf
C: \ Documents and Settings \ Roz \ Lokala inställningar \ Temporary Internet Files \ Content.IE5 \ CX8VSB4B \ bottom_l [1]. Gif
C: \ Documents and Settings \ Roz \ Lokala inställningar \ Temporary Internet Files \ Content.IE5 \ CTY381ER \ i53b_brd-top-1 [1]. Gif
C: \ Documents and Settings \ Roz \ Lokala inställningar \ Temporary Internet Files \ Content.IE5 \ CTY381ER \ crypt [2]. Htm
C: \ Documents and Settings \ Roz \ Lokala inställningar \ Temporary Internet Files \ Content.IE5 \ AHGZAXI5 \ secpan [1]. Gif
C: \ Documents and Settings \ Roz \ Lokala inställningar \ Temporary Internet Files \ Content.IE5 \ W9AJSLIB \ i53b_btn hemmet [1]. Gif
C: \ Documents and Settings \ Roz \ Lokala inställningar \ Temporary Internet Files \ Content.IE5 \ CTY381ER \ CAUJABA1.htm
C: \ Documents and Settings \ Roz \ Lokala inställningar \ Temporary Internet Files \ Content.IE5 \ WTAN0PYF \ AC_ActiveX [1]. Htm
C: \ Documents and Settings \ Roz \ Lokala inställningar \ Temporary Internet Files \ Content.IE5 \ 4P6RS5MF \ i53b_line3 [1]. Gif
C: \ Documents and Settings \ Roz \ Lokala inställningar \ Temporary Internet Files \ Content.IE5 \ 4P6RS5MF \ CHEC [1]. Gif
C: \ Documents and Settings \ Roz \ Lokala inställningar \ Temporary Internet Files \ Content.IE5 \ WTAN0PYF \ i53b_icon1 [1]. Gif
C: \ Documents and Settings \ Roz \ Lokala inställningar \ Temporary Internet Files \ Content.IE5 \ WTAN0PYF \ ajax [1]. Htm
C: \ Documents and Settings \ Roz \ Lokala inställningar \ Temporary Internet Files \ Content.IE5 \ 4P6RS5MF \ i53b_btn-download [1]. Gif
C: \ Documents and Settings \ Roz \ Lokala inställningar \ Temporary Internet Files \ Content.IE5 \ ZLGK0BFB \ x [2]. Gif
C: \ Documents and Settings \ Roz \ Lokala inställningar \ Temporary Internet Files \ Content.IE5 \ CTY381ER \ CA3MKJZH.htm
C: \ Documents and Settings \ Roz \ Lokala inställningar \ Temporary Internet Files \ Content.IE5 \ WTAN0PYF \ i701_BG [1]. Jpg
C: \ Documents and Settings \ Roz \ Lokala inställningar \ Temporary Internet Files \ Content.IE5 \ W9AJSLIB \ i701_line1 [1]. Jpg
C: \ Documents and Settings \ Roz \ Lokala inställningar \ Temporary Internet Files \ Content.IE5 \ W9AJSLIB \ i701_brd-bot-1 [1]. Gif
C: \ Documents and Settings \ Roz \ Lokala inställningar \ Temporary Internet Files \ Content.IE5 \ WTAN0PYF \ i701_pc [1]. Jpg
C: \ Documents and Settings \ Roz \ Lokala inställningar \ Temporary Internet Files \ Content.IE5 \ 4P6RS5MF \ i53b_boton2 [1]. Gif
C: \ Documents and Settings \ Roz \ Lokala inställningar \ Temporary Internet Files \ Content.IE5 \ W9AJSLIB \ i53b_brd-bot-1 [1]. Gif
C: \ Documents and Settings \ Roz \ Lokala inställningar \ Temporary Internet Files \ Content.IE5 \ WTAN0PYF \ i701_bg4 [1]. Jpg
C: \ Documents and Settings \ Roz \ Lokala inställningar \ Temporary Internet Files \ Content.IE5 \ 4P6RS5MF \ chefer [1]. Htm
C: \ Documents and Settings \ Roz \ Lokala inställningar \ Temporary Internet Files \ Content.IE5 \ 4P6RS5MF \ i53b_btn-uppdateringar [1]. Gif
C: \ Documents and Settings \ Roz \ Lokala inställningar \ Temporary Internet Files \ Content.IE5 \ W9AJSLIB \ chefer [1]. Htm
C: \ Documents and Settings \ Roz \ Lokala inställningar \ Temporary Internet Files \ Content.IE5 \ UR2NQ1UR \ larm [1]. Gif
C: \ Documents and Settings \ Roz \ Lokala inställningar \ Temporary Internet Files \ Content.IE5 \ WTAN0PYF \ flash [1]. Js
C: \ Documents and Settings \ Roz \ Lokala inställningar \ Temporary Internet Files \ Content.IE5 \ 4P6RS5MF \ i701_spacer [1]. Gif
C: \ Documents and Settings \ Roz \ Lokala inställningar \ Temporary Internet Files \ Content.IE5 \ AL6HK9M7 \ main_06 [1]. Gif
C: \ Documents and Settings \ Roz \ Lokala inställningar \ Temporary Internet Files \ Content.IE5 \ W9AJSLIB \ head_r_back [1]. Gif
C: \ Documents and Settings \ Roz \ Lokala inställningar \ Temporary Internet Files \ Content.IE5 \ LO76ZR17 \ sköld [1]. Gif
C: \ Documents and Settings \ Roz \ Lokala inställningar \ Temporary Internet Files \ Content.IE5 \ WTAN0PYF \ i701_line3 [1]. Gif
C: \ Documents and Settings \ Roz \ Lokala inställningar \ Temporary Internet Files \ Content.IE5 \ CTY381ER \ i701_boton2 [1]. Gif
C: \ Documents and Settings \ Roz \ Lokala inställningar \ Temporary Internet Files \ Content.IE5 \ CTY381ER \ flash_detect [1]. Htm
C: \ Documents and Settings \ Roz \ Lokala inställningar \ Temporary Internet Files \ Content.IE5 \ M1Q5EV4X \ spela [1]. Js
C: \ Documents and Settings \ Roz \ Lokala inställningar \ Temporary Internet Files \ Content.IE5 \ UR2NQ1UR \ main_10 [1]. Gif
C: \ Documents and Settings \ Roz \ Lokala inställningar \ Temporary Internet Files \ Content.IE5 \ M1Q5EV4X \ main_05 [1]. Gif
C: \ Documents and Settings \ Roz \ Lokala inställningar \ Temporary Internet Files \ Content.IE5 \ QX8BMXM5 \ cross [1]. Gif
C: \ Documents and Settings \ Roz \ Lokala inställningar \ Temporary Internet Files \ Content.IE5 \ G92ZKB2T \ main_07 [1]. Gif
C: \ Documents and Settings \ Roz \ Lokala inställningar \ Temporary Internet Files \ Content.IE5 \ EJ23EDUF \ closebutton [1]. Gif
C: \ Documents and Settings \ Roz \ Lokala inställningar \ Temporary Internet Files \ Content.IE5 \ 8NKJEV4R \ main_03 [1]. Gif
C: \ Documents and Settings \ Roz \ Lokala inställningar \ Temporary Internet Files \ Content.IE5 \ CTY381ER \ ban_2 [1]. Swf
C: \ Documents and Settings \ Roz \ Lokala inställningar \ Temporary Internet Files \ Content.IE5 \ CTY381ER \ logo2 [1]. Gif
C: \ Documents and Settings \ Roz \ Lokala inställningar \ Temporary Internet Files \ Content.IE5 \ WTAN0PYF \ data [1]. Htm
C: \ Documents and Settings \ Roz \ Lokala inställningar \ Temporary Internet Files \ Content.IE5 \ LO76ZR17 \ off_back [1]. Gif
C: \ Documents and Settings \ Roz \ Lokala inställningar \ Temporary Internet Files \ Content.IE5 \ AL6HK9M7 \ download [1]. Gif
C: \ Documents and Settings \ Roz \ Lokala inställningar \ Temporary Internet Files \ Content.IE5 \ M1Q5EV4X \ main_04 [1]. Gif
C: \ Documents and Settings \ Roz \ Lokala inställningar \ Temporary Internet Files \ Content.IE5 \ W9AJSLIB \ popup [1]. Gif
C: \ Documents and Settings \ Roz \ Lokala inställningar \ Temporary Internet Files \ Content.IE5 \ CTY381ER \ left_3 [1]. Gif
C: \ Documents and Settings \ Roz \ Lokala inställningar \ Temporary Internet Files \ Content.IE5 \ QX8BMXM5 \ bottom_l_2 [1]. Gif
C: \ Documents and Settings \ Roz \ Lokala inställningar \ Temporary Internet Files \ Content.IE5 \ Z81HJ8WK \ right_2 [1]. Gif

**evilfantasy** · #4 4 april 2008, 19:20

Ja du fortsätta med resten av stegen. Varje steg letar efter och fixar olika hot.

**RB211** · #5 5 april 2008, 00:13

OK Heres de andra log ..

Malwarebytes' Anti-Malware 1.10
Database version: 592
Scan type: Full Scan (A: \ | C: \ | D: \ | E: \ | H: \ | I: \ | J: \ |)
Objekt skannade: 336027
Tid som förflutit: 1 timme (s), 8 minute (s), 1 sekund (s)
Memory Processes Infekterade: 5
Minnesmoduler Infekterade: 0
Registernycklar Infekterade: 10
Registervärdena Infekterade: 7
Registry Data Items Infekterade: 0
Mappar Infekterade: 0
Filer Infekterade: 11
Memory Processes Infekterade:
C: \ WINDOWS \ system32 \ drivers \ Ctfmon.exe (Trojan.Agent) -> lossas processen framgångsrikt.
C: \ WINDOWS \ system32 \ drivers \ Ctfmon.exe (Trojan.Agent) -> lossas processen framgångsrikt.
C: \ Documents and Settings \ Danny \ Lokala inställningar \ Application Data \ spool.exe (Trojan.Agent) -> lossas processen framgångsrikt.
C: \ Documents and Settings \ Danny \ Lokala inställningar \ Application Data \ spool.exe (Trojan.Agent) -> lossas processen framgångsrikt.
C: \ Documents and Settings \ Danny \ Lokala inställningar \ Application Data \ spool.exe (Trojan.Agent) -> lossas processen framgångsrikt.
Minnesmoduler Infekterade:
(Inga illasinnade poster upptäcks)
Registernycklar Infekterade:
HKEY_LOCAL_MACHINE \ SYSTEM \ ControlSet001 \ Services \ s chedule (Trojan.Agent) -> karantän och raderades.
HKEY_LOCAL_MACHINE \ SYSTEM \ ControlSet002 \ Services \ s chedule (Trojan.Agent) -> karantän och raderades.
HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ tjänster es \ schema (Trojan.Agent) -> karantän och raderades.
HKEY_CURRENT_USER \ Software \ Microsoft \ affri (Malware.Trace) -> karantän och raderades.
HKEY_CURRENT_USER \ Software \ Microsoft \ affltid (Malware.Trace) -> karantän och raderades.
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ affltid (Malware.Trace) -> karantän och raderades.
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ affri (Malware.Trace) -> karantän och raderades.
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ MS Juan (Malware.Trace) -> karantän och raderades.
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ FCOVM (Trojan.Vundo) -> karantän och raderades.
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ RemoveRP (Trojan.Vundo) -> karantän och raderades.
Registervärdena Infekterade:
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Run \ BMafb2445c (Trojan.Agent) -> karantän och raderades.
HKEY_CURRENT_USER \ SOFTWARE \ Microsoft \ Windows \ Curre ntVersion \ Run \ ntuser (Trojan.Agent) -> karantän och raderades.
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Run \ ntuser (Trojan.Agent) -> karantän och raderades.
HKEY_USERS \. DEFAULT \ SOFTWARE \ Microsoft \ Windows \ Cur rentVersion \ Run \ ntuser (Trojan.Agent) -> karantän och raderades.
HKEY_USERS \. DEFAULT \ SOFTWARE \ Microsoft \ Windows \ Cur rentVersion \ Run \ autoload (Trojan.Agent) -> karantän och raderades.
HKEY_CURRENT_USER \ SOFTWARE \ Microsoft \ Windows \ Curre ntVersion \ Run \ autoload (Trojan.Agent) -> karantän och raderades.
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Run \ autoload (Trojan.Agent) -> karantän och raderades.
Registry Data Items Infekterade:
(Inga illasinnade poster upptäcks)
Mappar Infekterade:
(Inga illasinnade poster upptäcks)
Filer Infekterade:
C: \ Documents and Settings \ LocalService \ Lokala inställningar \ Temporary Internet Files \ Content.IE5 \ GHIJKLMN \ rundor [1]. Jpg (Trojan.Madcode) -> karantän och raderades.
C: \ System Volume Information \ _restore (B4EDD13F-A6F1-41A1-814E-E5C94DDA45B5) \ RP8 \ A0002994.exe (Trojan.Downloader) -> karantän och raderades.
C: \ WINDOWS \ system32 \ iupdate.exe (Trojan.Madcode) -> karantän och raderades.
C: \ WINDOWS \ system32 \ kchkioor.dll (Trojan.Agent) -> Delete för omstart.
C: \ WINDOWS \ system32 \ drivers \ Ctfmon.exe (Trojan.Agent) -> karantän och raderades.
C: \ WINDOWS \ system32 \ pac.txt (Malware.Trace) -> karantän och raderades.
C: \ WINDOWS \ system32 \ drivers \ spools.exe (Trojan.Agent) -> karantän och raderades.
C: \ Documents and Settings \ Danny \ cftmon.exe (Trojan.Agent) -> karantän och raderades.
C: \ Documents and Settings \ Roz \ Lokala inställningar \ Application Data \ spool.exe (Trojan.Agent) -> karantän och raderades.
C: \ Documents and Settings \ LocalService \ Lokala inställningar \ Application Data \ spool.exe (Trojan.Agent) -> karantän och raderades.
C: \ Documents and Settings \ Danny \ Lokala inställningar \ Application Data \ spool.exe (Trojan.Agent) -> karantän och raderades.

**RB211** · #6 5 april 2008, 00:51

Åh OK I didnt inser jag tvungen att skicka dem alla tillsammans. Ledsen killar ... Här är de:

SUPERAntiSpyware Scan Log
http://www.superantispyware.com
Skapad 04.04.2008 vid 10:06
Application Version: 4.0.1154
Core Rules Database Version: 3431
Trace Rules Database Version: 1423
Scan type: Complete Scan
Total Scan Time: 01:41:45
Memory ex skannade: 703
Memory hot upptäcks: 1
Registreringsenheten ex skannade: 5826
Registreringsenheten hot upptäcktes: 43
Arkiv ex skannade: 289779
Arkiv hot upptäcks: 158
Adware.Vundo Variant / Resident
C: \ WINDOWS \ system32 \ MLJJJ.DLL
C: \ WINDOWS \ system32 \ MLJJJ.DLL
Trojan.WinFixer
HKLM \ Software \ Classes \ CLSID \ (09888678-51D6-42FC-9437-CBBFDA0B86EA)
HKCR \ CLSID \ (09888678-51D6-42FC-9437-CBBFDA0B86EA)
HKCR \ CLSID \ (09888678-51D6-42FC-9437-CBBFDA0B86EA) \ InprocServer32
HKCR \ CLSID \ (09888678-51D6-42FC-9437-CBBFDA0B86EA) \ InprocServer32 # ThreadingModel
HKLM \ Software \ Classes \ CLSID \ (6800D574-80D6-4F0F-B6C9-E590AF2F999B)
HKCR \ CLSID \ (6800D574-80D6-4F0F-B6C9-E590AF2F999B)
HKCR \ CLSID \ (6800D574-80D6-4F0F-B6C9-E590AF2F999B) \ InprocServer32
HKCR \ CLSID \ (6800D574-80D6-4F0F-B6C9-E590AF2F999B) \ InprocServer32 # ThreadingModel
C: \ WINDOWS \ system32 \ JKKLL.DLL
HKLM \ Software \ Microsoft \ Windows \ CurrentVersion \ Exp lorer \ Browser Helper Objects \ (09888678-51D6-42FC-9437-CBBFDA0B86EA)
Adware.Vundo Variant
HKLM \ Software \ Classes \ CLSID \ (3FECA576-7AD2-4E11-A6AD-6B59D4FB5DB9)
HKCR \ CLSID \ (3FECA576-7AD2-4E11-A6AD-6B59D4FB5DB9)
HKCR \ CLSID \ (3FECA576-7AD2-4E11-A6AD-6B59D4FB5DB9) \ InprocServer32
HKCR \ CLSID \ (3FECA576-7AD2-4E11-A6AD-6B59D4FB5DB9) \ InprocServer32 # ThreadingModel
C: \ WINDOWS \ system32 \ TUVSQPQ.DLL
HKLM \ Software \ Classes \ CLSID \ (D85530E8-D39D-49D0-9F36-300D594556D2)
HKCR \ CLSID \ (D85530E8-D39D-49D0-9F36-300D594556D2)
HKCR \ CLSID \ (D85530E8-D39D-49D0-9F36-300D594556D2) \ InprocServer32
HKCR \ CLSID \ (D85530E8-D39D-49D0-9F36-300D594556D2) \ InprocServer32 # ThreadingModel
C: \ WINDOWS \ system32 \ YAYWUVW.DLL
HKLM \ Software \ Microsoft \ Windows \ CurrentVersion \ Exp lorer \ Browser Helper Objects \ (3FECA576-7AD2-4E11-A6AD-6B59D4FB5DB9)
HKLM \ Software \ Microsoft \ Windows \ CurrentVersion \ Exp lorer \ ShellExecuteHooks # (D85530E8-D39D-49D0-9F36-300D594556D2)
HKLM \ Software \ Microsoft \ Windows \ CurrentVersion \ Exp lorer \ ShellExecuteHooks # (3FECA576-7AD2-4E11-A6AD-6B59D4FB5DB9)
HKCR \ CLSID \ (3FECA576-7AD2-4E11-A6AD-6B59D4FB5DB9)
HKCR \ CLSID \ (D85530E8-D39D-49D0-9F36-300D594556D2)
Unclassified.Unknown Ursprung
HKLM \ Software \ Classes \ CLSID \ (F4F10C1D-87C7-404A-B4B3-000000000000)
HKCR \ CLSID \ (F4F10C1D-87C7-404A-B4B3-000000000000)
HKCR \ CLSID \ (F4F10C1D-87C7-404A-B4B3-000000000000)
HKCR \ CLSID \ (F4F10C1D-87C7-404A-B4B3-000000000000) \ InprocServer32
HKCR \ CLSID \ (F4F10C1D-87C7-404A-B4B3-000000000000) \ InprocServer32 # ThreadingModel
HKCR \ CLSID \ (F4F10C1D-87C7-404A-B4B3-000000000000) \ ProgID
HKCR \ CLSID \ (F4F10C1D-87C7-404A-B4B3-000000000000) \ Programplanerat
HKCR \ CLSID \ (F4F10C1D-87C7-404A-B4B3-000000000000) \ TypeLib
HKCR \ CLSID \ (F4F10C1D-87C7-404A-B4B3-000000000000) \ VersionIndependentProgID
C: \ progra ~ 1 \ DAP \ SBSEARCH.DLL
HKU \ S-1-5-21-73586283-1326574676-839522115-1004 \ Software \ Microsoft \ Internet Explorer \ URLSearchHooks # (F4F10C1D-87C7-404A-B4B3-000000000000)
HKCR \ SearchHook.SrchHook.1
HKCR \ SearchHook.SrchHook
HKCR \ TypeLib \ (95EFB171-F3DF-4BEC-9EF7-829A800203E6)
HKCR \ TypeLib \ (95EFB171-F3DF-4BEC-9EF7-829A800203E6) \ 1.0
HKCR \ TypeLib \ (95EFB171-F3DF-4BEC-9EF7-829A800203E6) \ 1.0 \ 0
HKCR \ TypeLib \ (95EFB171-F3DF-4BEC-9EF7-829A800203E6) \ 1.0 \ 0 \ win32
HKCR \ TypeLib \ (95EFB171-F3DF-4BEC-9EF7-829A800203E6) \ 1.0 \ FLAGS
HKCR \ TypeLib \ (95EFB171-F3DF-4BEC-9EF7-829A800203E6) \ 1.0 \ HELPDIR
Adware.Tracking Cookie
C: \ Documents and Settings \ Danny \ Cookies \ danny @ tjänstgör-sys [1]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny @ tribalfusion [1]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny @ DoubleClick [1]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny@bs.serving-sys [1]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny@bs.serving-sys [2]. Txt
C: \ Documents and Settings \ Roz \ Cookies \ roz@ad.yieldmanager [2]. Txt
C: \ Documents and Settings \ Roz \ Cookies \ roz@ad.zanox [1]. Txt
C: \ Documents and Settings \ Roz \ Cookies \ Roz @ adnetserver [1]. Txt
C: \ Documents and Settings \ Roz \ Cookies \ roz@ads.alpharooms [2]. Txt
C: \ Documents and Settings \ Roz \ Cookies \ roz@ads1.alpharooms [2]. Txt
C: \ Documents and Settings \ Roz \ Cookies \ roz@ads2.alpharooms [1]. Txt
C: \ Documents and Settings \ Roz \ Cookies \ roz@ads3.alpharooms [1]. Txt
C: \ Documents and Settings \ Roz \ Cookies \ roz@ads4.alpharooms [1]. Txt
C: \ Documents and Settings \ Roz \ Cookies \ Roz @ adultfriendfinder [2]. Txt
C: \ Documents and Settings \ Roz \ Cookies \ Roz @ gostats [2]. Txt
C: \ Documents and Settings \ Roz \ Cookies \ Roz @ hornymatches [2]. Txt
C: \ Documents and Settings \ Roz \ Cookies \ Roz @ indexstats [1]. Txt
C: \ Documents and Settings \ Roz \ Cookies \ Roz @ indexstats [3]. Txt
C: \ Documents and Settings \ Roz \ Cookies \ Roz @ linksynergy [1]. Txt
C: \ Documents and Settings \ Roz \ Cookies \ roz@media2.mediafileshost [2]. Txt
C: \ Documents and Settings \ Roz \ Cookies \ Roz @ statcounter [1]. Txt
C: \ Documents and Settings \ Roz \ Cookies \ roz@statse.webtrendslive [2]. Txt
C: \ Documents and Settings \ Roz \ Cookies \ roz@tracking.summitmedia.co [1]. Txt
C: \ Documents and Settings \ Roz \ Cookies \ roz@webstats.wthosting.co [2]. Txt
C: \ Documents and Settings \ Roz \ Cookies \ roz@www.admedia365 [2]. Txt
C: \ Documents and Settings \ Roz \ Cookies \ roz@www.admedia365 [3]. Txt
C: \ Documents and Settings \ Roz \ Cookies \ roz@www.hxtrack [2]. Txt
H: \ Documents and Settings \ Rozzie \ Cookies \ rozzie @ indexstats [2]. Txt
H: \ Documents and Settings \ Rozzie \ Cookies \ rozzie@pc-finder.co [2]. Txt
H: \ Documents and Settings \ Rozzie \ Cookies \ rozzie@www.pc-finder.co [2]. Txt
H: \ Nyare Docs & Satser \ Rozzie \ Cookies \ rozzie @ indexstats [2]. Txt
H: \ Nyare Docs & Satser \ Rozzie \ Cookies \ rozzie@pc-finder.co [2]. Txt
H: \ Nyare Docs & Satser \ Rozzie \ Cookies \ rozzie@www.pc-finder.co [2]. Txt
H: \ Rozzie \ Cookies \ rozzie @ indexstats [2]. Txt
H: \ Rozzie \ Cookies \ rozzie@pc-finder.co [2]. Txt
H: \ Rozzie \ Cookies \ rozzie@www.pc-finder.co [2]. Txt
Trojan.Unknown Ursprung
C: \ WINDOWS \ system32 \ nGpxx01
HKLM \ Software \ xpre
HKLM \ Software \ xpre # execount
Adware.VXGame-Trace
HKU \ S-1-5-21-73586283-1326574676-839522115-1005 \ Software \ kernelexe
Adware.Vundo Variant / Rel
C: \ WINDOWS \ system32 \ ACCDD.INI
C: \ WINDOWS \ system32 \ ACCDD.INI2
C: \ WINDOWS \ system32 \ ILKKJ.INI
C: \ WINDOWS \ system32 \ ILKKJ.INI2
C: \ WINDOWS \ system32 \ JJJLM.INI
C: \ WINDOWS \ system32 \ JJJLM.INI2
C: \ WINDOWS \ system32 \ LLKKJ.INI
C: \ WINDOWS \ system32 \ LLKKJ.INI2
C: \ WINDOWS \ system32 \ LNNMP.INI2
C: \ WINDOWS \ system32 \ MCRH.TMP
C: \ WINDOWS \ system32 \ RRQSS.INI
C: \ WINDOWS \ system32 \ VVVWA.INI2
Adware.Vundo-Variant
C: \ WINDOWS \ system32 \ DDCCA.DLL
C: \ WINDOWS \ system32 \ SSQRR.DLL
Trace.Known Threat Källor
C: \ Documents and Settings \ Roz \ Lokala inställningar \ Temporary Internet Files \ Content.IE5 \ W9AJSLIB \ index [1]. Htm
C: \ Documents and Settings \ Roz \ Lokala inställningar \ Temporary Internet Files \ Content.IE5 \ WTAN0PYF \ botten [2]. Gif
C: \ Documents and Settings \ Roz \ Lokala inställningar \ Temporary Internet Files \ Content.IE5 \ WTAN0PYF \ i53b_t1 [1]. Gif
C: \ Documents and Settings \ Roz \ Lokala inställningar \ Temporary Internet Files \ Content.IE5 \ 4P6RS5MF \ CAXOO75T.htm
C: \ Documents and Settings \ Roz \ Lokala inställningar \ Temporary Internet Files \ Content.IE5 \ WTAN0PYF \ xrest [1]. Gif
C: \ Documents and Settings \ Roz \ Lokala inställningar \ Temporary Internet Files \ Content.IE5 \ W9AJSLIB \ ajax [1]. Htm
C: \ Documents and Settings \ Roz \ Lokala inställningar \ Temporary Internet Files \ Content.IE5 \ CTY381ER \ verx [1]. Gif
C: \ Documents and Settings \ Roz \ Lokala inställningar \ Temporary Internet Files \ Content.IE5 \ WTAN0PYF \ i701_brd-top-1 [1]. Gif
C: \ Documents and Settings \ Roz \ Lokala inställningar \ Temporary Internet Files \ Content.IE5 \ WTAN0PYF \ chefer [1]. Htm
C: \ Documents and Settings \ Roz \ Lokala inställningar \ Temporary Internet Files \ Content.IE5 \ WTAN0PYF \ errorhandler [2]. Htm
C: \ Documents and Settings \ Roz \ Lokala inställningar \ Temporary Internet Files \ Content.IE5 \ CTY381ER \ i701_line2 [1]. Jpg
C: \ Documents and Settings \ Roz \ Lokala inställningar \ Temporary Internet Files \ Content.IE5 \ W9AJSLIB \ i701_boton1 [1]. Gif
C: \ Documents and Settings \ Roz \ Lokala inställningar \ Temporary Internet Files \ Content.IE5 \ WTAN0PYF \ errorhandler [1]. Htm
C: \ Documents and Settings \ Roz \ Lokala inställningar \ Temporary Internet Files \ Content.IE5 \ WTAN0PYF \ niz [1]. Gif
C: \ Documents and Settings \ Roz \ Lokala inställningar \ Temporary Internet Files \ Content.IE5 \ 4P6RS5MF \ errorhandler [1]. Htm
C: \ Documents and Settings \ Roz \ Lokala inställningar \ Temporary Internet Files \ Content.IE5 \ CTY381ER \ i53b_btn-funktioner [1]. Gif
C: \ Documents and Settings \ Roz \ Lokala inställningar \ Temporary Internet Files \ Content.IE5 \ W9AJSLIB \ i701_cor-vänster-1 [1]. Gif
C: \ Documents and Settings \ Roz \ Lokala inställningar \ Temporary Internet Files \ Content.IE5 \ CTY381ER \ i53b_icon3 [1]. Gif
C: \ Documents and Settings \ Roz \ Lokala inställningar \ Temporary Internet Files \ Content.IE5 \ 4P6RS5MF \ crypt [1]. Htm
C: \ Documents and Settings \ Roz \ Lokala inställningar \ Temporary Internet Files \ Content.IE5 \ 4P6RS5MF \ fönstret [1]. Js
C: \ Documents and Settings \ Roz \ Lokala inställningar \ Temporary Internet Files \ Content.IE5 \ W9AJSLIB \ clean [1]. Htm
C: \ Documents and Settings \ Roz \ Lokala inställningar \ Temporary Internet Files \ Content.IE5 \ W9AJSLIB \ i53b_bg1 [1]. Gif
C: \ Documents and Settings \ Roz \ Lokala inställningar \ Temporary Internet Files \ Content.IE5 \ W9AJSLIB \ statistik [1]. Gif
C: \ Documents and Settings \ Roz \ Lokala inställningar \ Temporary Internet Files \ Content.IE5 \ W9AJSLIB \ början [1]. Gif
C: \ Documents and Settings \ Roz \ Lokala inställningar \ Temporary Internet Files \ Content.IE5 \ SDWBGNOV \ main_02 [1]. Gif
C: \ Documents and Settings \ Roz \ Lokala inställningar \ Temporary Internet Files \ Content.IE5 \ W9AJSLIB \ CASL6F4X.htm
C: \ Documents and Settings \ Roz \ Lokala inställningar \ Temporary Internet Files \ Content.IE5 \ W9AJSLIB \ i53b_line2 [1]. Gif
C: \ Documents and Settings \ Roz \ Lokala inställningar \ Temporary Internet Files \ Content.IE5 \ 4P6RS5MF \ i701_cor högra-1 [1]. Gif
C: \ Documents and Settings \ Roz \ Lokala inställningar \ Temporary Internet Files \ Content.IE5 \ AHGZAXI5 \ rekommendera [1]. Gif
C: \ Documents and Settings \ Roz \ Lokala inställningar \ Temporary Internet Files \ Content.IE5 \ W9AJSLIB \ i53b_icon5 [1]. Gif
C: \ Documents and Settings \ Roz \ Lokala inställningar \ Temporary Internet Files \ Content.IE5 \ W9AJSLIB \ styles [5]. Css
C: \ Documents and Settings \ Roz \ Lokala inställningar \ Temporary Internet Files \ Content.IE5 \ ZLGK0BFB \ off_2 [1]. Gif
C: \ Documents and Settings \ Roz \ Lokala inställningar \ Temporary Internet Files \ Content.IE5 \ 4P6RS5MF \ i701_bg2 [1]. Gif
C: \ Documents and Settings \ Roz \ Lokala inställningar \ Temporary Internet Files \ Content.IE5 \ W9AJSLIB \ framsteg [1]. Gif
C: \ Documents and Settings \ Roz \ Lokala inställningar \ Temporary Internet Files \ Content.IE5 \ CTY381ER \ i53b_btn-översikt [1]. Gif
C: \ Documents and Settings \ Roz \ Lokala inställningar \ Temporary Internet Files \ Content.IE5 \ CTY381ER \ index [5]. Htm
C: \ Documents and Settings \ Roz \ Lokala inställningar \ Temporary Internet Files \ Content.IE5 \ CTY381ER \ statistik [1]. Gif
C: \ Documents and Settings \ Roz \ Lokala inställningar \ Temporary Internet Files \ Content.IE5 \ W9AJSLIB \ i701_bg3 [1]. Jpg
C: \ Documents and Settings \ Roz \ Lokala inställningar \ Temporary Internet Files \ Content.IE5 \ 8NKJEV4R \ bottom_r_2 [1]. Gif
C: \ Documents and Settings \ Roz \ Lokala inställningar \ Temporary Internet Files \ Content.IE5 \ 4P6RS5MF \ brådskande [1]. Gif
C: \ Documents and Settings \ Roz \ Lokala inställningar \ Temporary Internet Files \ Content.IE5 \ W9AJSLIB \ errorhandler [1]. Htm
C: \ Documents and Settings \ Roz \ Lokala inställningar \ Temporary Internet Files \ Content.IE5 \ 4P6RS5MF \ AC_RunActiveContent [1]. Htm
C: \ Documents and Settings \ Roz \ Lokala inställningar \ Temporary Internet Files \ Content.IE5 \ 4P6RS5MF \ midle [1]. Gif
C: \ Documents and Settings \ Roz \ Lokala inställningar \ Temporary Internet Files \ Content.IE5 \ QX8BMXM5 \ styles [2]. Css
C: \ Documents and Settings \ Roz \ Lokala inställningar \ Temporary Internet Files \ Content.IE5 \ 4P6RS5MF \ i53b_boton4 [1]. Gif
C: \ Documents and Settings \ Roz \ Lokala inställningar \ Temporary Internet Files \ Content.IE5 \ WTAN0PYF \ i53b_btn köp [1]. Gif
C: \ Documents and Settings \ Roz \ Lokala inställningar \ Temporary Internet Files \ Content.IE5 \ W9AJSLIB \ spacer [4]. Gif
C: \ Documents and Settings \ Roz \ Lokala inställningar \ Temporary Internet Files \ Content.IE5 \ 4P6RS5MF \ ajax [1]. Htm
C: \ Documents and Settings \ Roz \ Lokala inställningar \ Temporary Internet Files \ Content.IE5 \ G92ZKB2T \ varumärke [1]. Gif
C: \ Documents and Settings \ Roz \ Lokala inställningar \ Temporary Internet Files \ Content.IE5 \ CX8VSB4B \ bottom_r [1]. Gif
C: \ Documents and Settings \ Roz \ Lokala inställningar \ Temporary Internet Files \ Content.IE5 \ CTY381ER \ crypt [1]. Htm
C: \ Documents and Settings \ Roz \ Lokala inställningar \ Temporary Internet Files \ Content.IE5 \ LO76ZR17 \ errsnd [1]. Swf
C: \ Documents and Settings \ Roz \ Lokala inställningar \ Temporary Internet Files \ Content.IE5 \ CX8VSB4B \ bottom_l [1]. Gif
C: \ Documents and Settings \ Roz \ Lokala inställningar \ Temporary Internet Files \ Content.IE5 \ CTY381ER \ i53b_brd-top-1 [1]. Gif
C: \ Documents and Settings \ Roz \ Lokala inställningar \ Temporary Internet Files \ Content.IE5 \ CTY381ER \ crypt [2]. Htm
C: \ Documents and Settings \ Roz \ Lokala inställningar \ Temporary Internet Files \ Content.IE5 \ AHGZAXI5 \ secpan [1]. Gif
C: \ Documents and Settings \ Roz \ Lokala inställningar \ Temporary Internet Files \ Content.IE5 \ W9AJSLIB \ i53b_btn hemmet [1]. Gif
C: \ Documents and Settings \ Roz \ Lokala inställningar \ Temporary Internet Files \ Content.IE5 \ CTY381ER \ CAUJABA1.htm
C: \ Documents and Settings \ Roz \ Lokala inställningar \ Temporary Internet Files \ Content.IE5 \ WTAN0PYF \ AC_ActiveX [1]. Htm
C: \ Documents and Settings \ Roz \ Lokala inställningar \ Temporary Internet Files \ Content.IE5 \ 4P6RS5MF \ i53b_line3 [1]. Gif
C: \ Documents and Settings \ Roz \ Lokala inställningar \ Temporary Internet Files \ Content.IE5 \ 4P6RS5MF \ CHEC [1]. Gif
C: \ Documents and Settings \ Roz \ Lokala inställningar \ Temporary Internet Files \ Content.IE5 \ WTAN0PYF \ i53b_icon1 [1]. Gif
C: \ Documents and Settings \ Roz \ Lokala inställningar \ Temporary Internet Files \ Content.IE5 \ WTAN0PYF \ ajax [1]. Htm
C: \ Documents and Settings \ Roz \ Lokala inställningar \ Temporary Internet Files \ Content.IE5 \ 4P6RS5MF \ i53b_btn-download [1]. Gif
C: \ Documents and Settings \ Roz \ Lokala inställningar \ Temporary Internet Files \ Content.IE5 \ ZLGK0BFB \ x [2]. Gif
C: \ Documents and Settings \ Roz \ Lokala inställningar \ Temporary Internet Files \ Content.IE5 \ CTY381ER \ CA3MKJZH.htm
C: \ Documents and Settings \ Roz \ Lokala inställningar \ Temporary Internet Files \ Content.IE5 \ WTAN0PYF \ i701_BG [1]. Jpg
C: \ Documents and Settings \ Roz \ Lokala inställningar \ Temporary Internet Files \ Content.IE5 \ W9AJSLIB \ i701_line1 [1]. Jpg
C: \ Documents and Settings \ Roz \ Lokala inställningar \ Temporary Internet Files \ Content.IE5 \ W9AJSLIB \ i701_brd-bot-1 [1]. Gif
C: \ Documents and Settings \ Roz \ Lokala inställningar \ Temporary Internet Files \ Content.IE5 \ WTAN0PYF \ i701_pc [1]. Jpg
C: \ Documents and Settings \ Roz \ Lokala inställningar \ Temporary Internet Files \ Content.IE5 \ 4P6RS5MF \ i53b_boton2 [1]. Gif
C: \ Documents and Settings \ Roz \ Lokala inställningar \ Temporary Internet Files \ Content.IE5 \ W9AJSLIB \ i53b_brd-bot-1 [1]. Gif
C: \ Documents and Settings \ Roz \ Lokala inställningar \ Temporary Internet Files \ Content.IE5 \ WTAN0PYF \ i701_bg4 [1]. Jpg
C: \ Documents and Settings \ Roz \ Lokala inställningar \ Temporary Internet Files \ Content.IE5 \ 4P6RS5MF \ chefer [1]. Htm
C: \ Documents and Settings \ Roz \ Lokala inställningar \ Temporary Internet Files \ Content.IE5 \ 4P6RS5MF \ i53b_btn-uppdateringar [1]. Gif
C: \ Documents and Settings \ Roz \ Lokala inställningar \ Temporary Internet Files \ Content.IE5 \ W9AJSLIB \ chefer [1]. Htm
C: \ Documents and Settings \ Roz \ Lokala inställningar \ Temporary Internet Files \ Content.IE5 \ UR2NQ1UR \ larm [1]. Gif
C: \ Documents and Settings \ Roz \ Lokala inställningar \ Temporary Internet Files \ Content.IE5 \ WTAN0PYF \ flash [1]. Js
C: \ Documents and Settings \ Roz \ Lokala inställningar \ Temporary Internet Files \ Content.IE5 \ 4P6RS5MF \ i701_spacer [1]. Gif
C: \ Documents and Settings \ Roz \ Lokala inställningar \ Temporary Internet Files \ Content.IE5 \ AL6HK9M7 \ main_06 [1]. Gif
C: \ Documents and Settings \ Roz \ Lokala inställningar \ Temporary Internet Files \ Content.IE5 \ W9AJSLIB \ head_r_back [1]. Gif
C: \ Documents and Settings \ Roz \ Lokala inställningar \ Temporary Internet Files \ Content.IE5 \ LO76ZR17 \ sköld [1]. Gif
C: \ Documents and Settings \ Roz \ Lokala inställningar \ Temporary Internet Files \ Content.IE5 \ WTAN0PYF \ i701_line3 [1]. Gif
C: \ Documents and Settings \ Roz \ Lokala inställningar \ Temporary Internet Files \ Content.IE5 \ CTY381ER \ i701_boton2 [1]. Gif
C: \ Documents and Settings \ Roz \ Lokala inställningar \ Temporary Internet Files \ Content.IE5 \ CTY381ER \ flash_detect [1]. Htm
C: \ Documents and Settings \ Roz \ Lokala inställningar \ Temporary Internet Files \ Content.IE5 \ M1Q5EV4X \ spela [1]. Js
C: \ Documents and Settings \ Roz \ Lokala inställningar \ Temporary Internet Files \ Content.IE5 \ UR2NQ1UR \ main_10 [1]. Gif
C: \ Documents and Settings \ Roz \ Lokala inställningar \ Temporary Internet Files \ Content.IE5 \ M1Q5EV4X \ main_05 [1]. Gif
C: \ Documents and Settings \ Roz \ Lokala inställningar \ Temporary Internet Files \ Content.IE5 \ QX8BMXM5 \ cross [1]. Gif
C: \ Documents and Settings \ Roz \ Lokala inställningar \ Temporary Internet Files \ Content.IE5 \ G92ZKB2T \ main_07 [1]. Gif
C: \ Documents and Settings \ Roz \ Lokala inställningar \ Temporary Internet Files \ Content.IE5 \ EJ23EDUF \ closebutton [1]. Gif
C: \ Documents and Settings \ Roz \ Lokala inställningar \ Temporary Internet Files \ Content.IE5 \ 8NKJEV4R \ main_03 [1]. Gif
C: \ Documents and Settings \ Roz \ Lokala inställningar \ Temporary Internet Files \ Content.IE5 \ CTY381ER \ ban_2 [1]. Swf
C: \ Documents and Settings \ Roz \ Lokala inställningar \ Temporary Internet Files \ Content.IE5 \ CTY381ER \ logo2 [1]. Gif
C: \ Documents and Settings \ Roz \ Lokala inställningar \ Temporary Internet Files \ Content.IE5 \ WTAN0PYF \ data [1]. Htm
C: \ Documents and Settings \ Roz \ Lokala inställningar \ Temporary Internet Files \ Content.IE5 \ LO76ZR17 \ off_back [1]. Gif
C: \ Documents and Settings \ Roz \ Lokala inställningar \ Temporary Internet Files \ Content.IE5 \ AL6HK9M7 \ download [1]. Gif
C: \ Documents and Settings \ Roz \ Lokala inställningar \ Temporary Internet Files \ Content.IE5 \ M1Q5EV4X \ main_04 [1]. Gif
C: \ Documents and Settings \ Roz \ Lokala inställningar \ Temporary Internet Files \ Content.IE5 \ W9AJSLIB \ popup [1]. Gif
C: \ Documents and Settings \ Roz \ Lokala inställningar \ Temporary Internet Files \ Content.IE5 \ CTY381ER \ left_3 [1]. Gif
C: \ Documents and Settings \ Roz \ Lokala inställningar \ Temporary Internet Files \ Content.IE5 \ QX8BMXM5 \ bottom_l_2 [1]. Gif
C: \ Documents and Settings \ Roz \ Lokala inställningar \ Temporary Internet Files \ Content.IE5 \ Z81HJ8WK \ right_2 [1]. Gif

Malwarebytes' Anti-Malware 1.10
Database version: 592
Scan type: Full Scan (A: \ | C: \ | D: \ | E: \ | H: \ | I: \ | J: \ |)
Objekt skannade: 336027
Tid som förflutit: 1 timme (s), 8 minute (s), 1 sekund (s)
Memory Processes Infekterade: 5
Minnesmoduler Infekterade: 0
Registernycklar Infekterade: 10
Registervärdena Infekterade: 7
Registry Data Items Infekterade: 0
Mappar Infekterade: 0
Filer Infekterade: 11
Memory Processes Infekterade:
C: \ WINDOWS \ system32 \ drivers \ Ctfmon.exe (Trojan.Agent) -> lossas processen framgångsrikt.
C: \ WINDOWS \ system32 \ drivers \ Ctfmon.exe (Trojan.Agent) -> lossas processen framgångsrikt.
C: \ Documents and Settings \ Danny \ Lokala inställningar \ Application Data \ spool.exe (Trojan.Agent) -> lossas processen framgångsrikt.
C: \ Documents and Settings \ Danny \ Lokala inställningar \ Application Data \ spool.exe (Trojan.Agent) -> lossas processen framgångsrikt.
C: \ Documents and Settings \ Danny \ Lokala inställningar \ Application Data \ spool.exe (Trojan.Agent) -> lossas processen framgångsrikt.
Minnesmoduler Infekterade:
(Inga illasinnade poster upptäcks)
Registernycklar Infekterade:
HKEY_LOCAL_MACHINE \ SYSTEM \ ControlSet001 \ Services \ s chedule (Trojan.Agent) -> karantän och raderades.
HKEY_LOCAL_MACHINE \ SYSTEM \ ControlSet002 \ Services \ s chedule (Trojan.Agent) -> karantän och raderades.
HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ tjänster es \ schema (Trojan.Agent) -> karantän och raderades.
HKEY_CURRENT_USER \ Software \ Microsoft \ affri (Malware.Trace) -> karantän och raderades.
HKEY_CURRENT_USER \ Software \ Microsoft \ affltid (Malware.Trace) -> karantän och raderades.
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ affltid (Malware.Trace) -> karantän och raderades.
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ affri (Malware.Trace) -> karantän och raderades.
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ MS Juan (Malware.Trace) -> karantän och raderades.
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ FCOVM (Trojan.Vundo) -> karantän och raderades.
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ RemoveRP (Trojan.Vundo) -> karantän och raderades.
Registervärdena Infekterade:
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Run \ BMafb2445c (Trojan.Agent) -> karantän och raderades.
HKEY_CURRENT_USER \ SOFTWARE \ Microsoft \ Windows \ Curre ntVersion \ Run \ ntuser (Trojan.Agent) -> karantän och raderades.
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Run \ ntuser (Trojan.Agent) -> karantän och raderades.
HKEY_USERS \. DEFAULT \ SOFTWARE \ Microsoft \ Windows \ Cur rentVersion \ Run \ ntuser (Trojan.Agent) -> karantän och raderades.
HKEY_USERS \. DEFAULT \ SOFTWARE \ Microsoft \ Windows \ Cur rentVersion \ Run \ autoload (Trojan.Agent) -> karantän och raderades.
HKEY_CURRENT_USER \ SOFTWARE \ Microsoft \ Windows \ Curre ntVersion \ Run \ autoload (Trojan.Agent) -> karantän och raderades.
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Run \ autoload (Trojan.Agent) -> karantän och raderades.
Registry Data Items Infekterade:
(Inga illasinnade poster upptäcks)
Mappar Infekterade:
(Inga illasinnade poster upptäcks)
Filer Infekterade:
C: \ Documents and Settings \ LocalService \ Lokala inställningar \ Temporary Internet Files \ Content.IE5 \ GHIJKLMN \ rundor [1]. Jpg (Trojan.Madcode) -> karantän och raderades.
C: \ System Volume Information \ _restore (B4EDD13F-A6F1-41A1-814E-E5C94DDA45B5) \ RP8 \ A0002994.exe (Trojan.Downloader) -> karantän och raderades.
C: \ WINDOWS \ system32 \ iupdate.exe (Trojan.Madcode) -> karantän och raderades.
C: \ WINDOWS \ system32 \ kchkioor.dll (Trojan.Agent) -> Delete för omstart.
C: \ WINDOWS \ system32 \ drivers \ Ctfmon.exe (Trojan.Agent) -> karantän och raderades.
C: \ WINDOWS \ system32 \ pac.txt (Malware.Trace) -> karantän och raderades.
C: \ WINDOWS \ system32 \ drivers \ spools.exe (Trojan.Agent) -> karantän och raderades.
C: \ Documents and Settings \ Danny \ cftmon.exe (Trojan.Agent) -> karantän och raderades.
C: \ Documents and Settings \ Roz \ Lokala inställningar \ Application Data \ spool.exe (Trojan.Agent) -> karantän och raderades.
C: \ Documents and Settings \ LocalService \ Lokala inställningar \ Application Data \ spool.exe (Trojan.Agent) -> karantän och raderades.
C: \ Documents and Settings \ Danny \ Lokala inställningar \ Application Data \ spool.exe (Trojan.Agent) -> karantän och raderades.

Loggfil av Trend Micro HijackThis v2.0.2
Scan sparades vid 08:45:34 den 05/04/2008
Plattform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Kör processer:
C: \ WINDOWS \ System32 \ Smss.exe
C: \ WINDOWS \ system32 \ Winlogon.exe
C: \ WINDOWS \ system32 \ services.exe
C: \ WINDOWS \ system32 \ Lsass.exe
C: \ WINDOWS \ system32 \ Ati2evxx.exe
C: \ WINDOWS \ system32 \ Svchost.exe
C: \ WINDOWS \ System32 \ Svchost.exe
C: \ WINDOWS \ system32 \ Ati2evxx.exe
C: \ WINDOWS \ system32 \ Spoolsv.exe
C: \ WINDOWS \ Explorer.EXE
C: \ Program Files \ AMD \ RAIDXpert \ brygga \ extra \ win32 \ Wrapper.exe
C: \ Program Files \ Common Files \ Apple \ Mobile Device Support \ bin \ AppleMobileDeviceService.exe
C: \ Program Files \ Grisoft \ AVG Anti-Spyware 7.5 \ guard.exe
C: \ Program Files \ AMD \ RAIDXpert \ _jvm \ bin \ java.exe
C: \ progra ~ 1 \ Grisoft \ AVG7 \ avgamsvr.exe
C: \ WINDOWS \ system32 \ rundll32.exe
C: \ Program Files \ btbb_wcm \ McciTrayApp.exe
C: \ progra ~ 1 \ Yahoo! \ Browser \ ybrwicon.exe
C: \ Program Files \ HP \ HP Software Update \ HPWuSchd2.exe
C: \ progra ~ 1 \ Grisoft \ AVG7 \ avgupsvc.exe
C: \ Program Files \ Logitech \ MediaLife \ MediaLifeService.exe
C: \ progra ~ 1 \ Grisoft \ AVG7 \ avgemc.exe
C: \ WINDOWS \ Samsung \ LaserSMMgr \ ssmmgr.exe
C: \ progra ~ 1 \ Yahoo! \ YOP \ yop.exe
C: \ progra ~ 1 \ Yahoo! \ Browser \ ycommon.exe
C: \ Program \ SPAMfighter \ SFAgent.exe
C: \ Program Files \ BT Broadband Desktop Help \ bin \ BTHelpNotifier.exe
C: \ Program Files \ Bonjour \ mDNSResponder.exe
C: \ Program Files \ Google \ Common \ Google Updater \ GoogleUpdaterService.exe
C: \ Program \ SPAMfighter \ sfus.exe
C: \ Program Files \ ATI Technologies \ ATI.ACE \ Core-Static \ MOM.EXE
C: \ WINDOWS \ system32 \ Svchost.exe
C: \ WINDOWS \ system32 \ spool \ drivers \ w32x86 \ 3 \ hpztsb0 4.exe
C: \ WINDOWS \ System32 \ wltrysvc.exe
C: \ progra ~ 1 \ Grisoft \ AVG7 \ avgcc.exe
C: \ progra ~ 1 \ MI948F ~ 1 \ GAMECO ~ 1 \ Common \ SWTrayV4.exe
C: \ WINDOWS \ System32 \ bcmwltry.exe
C: \ Program Files \ iTunes \ iTunesHelper.exe
C: \ Program \ Microsoft IntelliType Pro \ itype.exe
C: \ Program \ Microsoft IntelliPoint \ ipoint.exe
C: \ Program Files \ Grisoft \ AVG Anti-Spyware 7.5 \ avgas.exe
C: \ Program \ Microsoft IntelliType Pro \ dpupdchk.exe
C: \ Program \ Java \ jre1.6.0_05 \ bin \ jusched.exe
C: \ WINDOWS \ system32 \ Ctfmon.exe
C: \ Program \ Google \ GoogleToolbarNotifier \ GoogleToolbarNo tifier.exe
C: \ Program Files \ DNA \ btdna.exe
C: \ Program Files \ Messenger \ msmsgs.exe
C: \ progra ~ 1 \ Yahoo! \ YOP \ SSDK02.exe
C: \ Program Files \ SUPERAntiSpyware \ SUPERAntiSpyware.exe
C: \ WINDOWS \ system32 \ msiexec.exe
C: \ Program Files \ iPod \ bin \ iPodService.exe
C: \ Program Files \ HP \ Digital Imaging \ bin \ hpqtra08.exe
C: \ Program Files \ NETGEAR WG311v2 Adapter \ wlancfg5.exe
C: \ Program Files \ BT Broadband Desktop Help \ bin \ mpbtn.exe
C: \ WINDOWS \ System32 \ Svchost.exe
C: \ Program \ Java \ jre1.6.0_05 \ bin \ javaw.exe
C: \ WINDOWS \ system32 \ wuauclt.exe
C: \ WINDOWS \ system32 \ wuauclt.exe
C: \ Program Files \ ATI Technologies \ ATI.ACE \ Core-Static \ ccc.exe
C: \ Program Files \ Internet Explorer \ iexplore.exe
C: \ Program Files \ Trend Micro \ HijackThis \ HijackThis.exe
R0 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://news.bbc.co.uk/sport1/hi/football/default.stm
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Search Bar = http://uk.red.clientapps.yahoo.com/c...o/bt_side.html
R1 - HKCU \ Software \ Microsoft \ Windows \ CurrentVersion \ Int ernet Settings, ProxyOverride = 127.0.0.1; *. lokala
R3 - URLSearchHook: Yahoo! Toolbar - (EF99BD32-C1FB-11D2-892F-0090271D4F88) - C: \ Program \ Yahoo! \ Companion \ installs \ cpn0 \ yt.dll
O2 - BHO: (inget namn) - (3CAB59B4-55A3-4737-9FD5-B93C6430BF75) - C: \ WINDOWS \ system32 \ sjmxcfmu.dll
O2 - BHO: SSVHelper Class - (761497BB-D6F0-462C-B6EB-D4DAF1D92D43) - C: \ Program \ Java \ jre1.6.0_05 \ bin \ ssv.dll
O3 - Toolbar: Yahoo! Toolbar - (EF99BD32-C1FB-11D2-892F-0090271D4F88) - C: \ Program \ Yahoo! \ Companion \ installs \ cpn0 \ yt.dll
O3 - Toolbar: & Google - (2318C2B1-4965-11D4-9B18-009027A5CD4F) - c: \ program \ google \ googletoolbar1.dll
O3 - Toolbar: Ask Toolbar - (F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA) - C: \ Program Files \ AskSBar \ bar \ 1.bin \ ASKSBAR.DLL
O4 - HKLM \ .. \ Run: [C6501Sound] rundll32 c6501.cpl, CMICtrlWnd
O4 - HKLM \ .. \ Run: [btbb_wcm_McciTrayApp] C: \ Program Files \ btbb_wcm \ McciTrayApp.exe
O4 - HKLM \ .. \ Run: [YBrowser] C: \ progra ~ 1 \ Yahoo! \ Browser \ ybrwicon.exe
O4 - HKLM \ .. \ Run: [HPHUPD08] C: \ Program Files \ HP \ Digital Imaging \ (33D6CC28-9F75-4d1b-A11D-98895B3A3729) \ hphupd08.exe
O4 - HKLM \ .. \ Run: [HP Software Update] C: \ Program Files \ HP \ HP Software Update \ HPWuSchd2.exe
O4 - HKLM \ .. \ Run: [MediaLifeService] "C: \ Program Files \ Logitech \ MediaLife \ MediaLifeService.exe"
O4 - HKLM \ .. \ Run: [Samsung LBP SM] "C: \ WINDOWS \ Samsung \ LaserSMMgr \ ssmmgr.exe" / autorun
O4 - HKLM \ .. \ Run: [YOP] C: \ progra ~ 1 \ Yahoo! \ YOP \ yop.exe / autostart
O4 - HKLM \ .. \ Run: [SPAMfighter Agent] "C: \ Program \ SPAMfighter \ SFAgent.exe" uppdatera fördröjning 60
O4 - HKLM \ .. \ Run: [btbb_McciTrayApp] C: \ Program Files \ BT Broadband Desktop Help \ bin \ BTHelpNotifier.exe
O4 - HKLM \ .. \ Run: [StartCCC] "C: \ Program Files \ ATI Technologies \ ATI.ACE \ Core-Static \ CLIStart.exe"
O4 - HKLM \ .. \ Run: [amd_dc_opt] C: \ Program Files \ AMD \ Dual-Core Optimizer \ amd_dc_opt.exe
O4 - HKLM \ .. \ Run: [HPDJ Taskbar Utility] C: \ WINDOWS \ system32 \ spool \ drivers \ w32x86 \ 3 \ hpztsb0 4.exe
O4 - HKLM \ .. \ Run: [AVG7_CC] C: \ progra ~ 1 \ Grisoft \ AVG7 \ avgcc.exe / STARTUP
O4 - HKLM \ .. \ Run: [SideWinderTrayV4] C: \ progra ~ 1 \ MI948F ~ 1 \ GAMECO ~ 1 \ Common \ SWTrayV4.exe
O4 - HKLM \ .. \ Run: [QuickTime Task] "C: \ Program \ QuickTime \ qttask.exe"-atboottime
O4 - HKLM \ .. \ Run: [iTunesHelper] "C: \ Program Files \ iTunes \ iTunesHelper.exe"
O4 - HKLM \ .. \ Run: [itype] "C: \ Program \ Microsoft IntelliType Pro \ itype.exe"
O4 - HKLM \ .. \ Run: [IntelliPoint] "C: \ Program \ Microsoft IntelliPoint \ ipoint.exe"
O4 - HKLM \ .. \ Run: [! AVG Anti-Spyware] "C: \ Program Files \ Grisoft \ AVG Anti-Spyware 7.5 \ avgas.exe" / minimeras
O4 - HKLM \ .. \ Run: [SunJavaUpdateSched] "C: \ Program \ Java \ jre1.6.0_05 \ bin \ jusched.exe"
O4 - HKCU \ .. \ Run: [Ctfmon.exe] C: \ WINDOWS \ system32 \ Ctfmon.exe
O4 - HKCU \ .. \ Run: [SWG] C: \ Program \ Google \ GoogleToolbarNotifier \ GoogleToolbarNo tifier.exe
O4 - HKCU \ .. \ Run: [BitTorrent DNA] "C: \ Program Files \ DNA \ btdna.exe"
O4 - HKCU \ .. \ Run: [MSMSGS] "C: \ Program Files \ Messenger \ msmsgs.exe" / bakgrund
O4 - HKCU \ .. \ Run: [SUPERAntiSpyware] C: \ Program Files \ SUPERAntiSpyware \ SUPERAntiSpyware.exe
O4 - HKUS \ S-1-5-19 \ .. \ Run: [Ctfmon.exe] C: \ WINDOWS \ system32 \ Ctfmon.exe (User 'LOCAL SERVICE')
O4 - HKUS \ S-1-5-19 \ .. \ Run: [AVG7_Run] C: \ progra ~ 1 \ Grisoft \ AVG7 \ avgw.exe / RunOnce (User 'LOCAL SERVICE')
O4 - HKUS \ S-1-5-20 \ .. \ Run: [Ctfmon.exe] C: \ WINDOWS \ system32 \ Ctfmon.exe (User 'NETWORK SERVICE')
O4 - HKUS \ S-1-5-18 \ .. \ Run: [Ctfmon.exe] C: \ WINDOWS \ system32 \ Ctfmon.exe (User "SYSTEM")
O4 - HKUS \. DEFAULT \ .. \ Run: [Ctfmon.exe] C: \ WINDOWS \ system32 \ Ctfmon.exe (User 'Default user')
O4 - Startup: MP3 Rocket (Minimerad). Lnk = C: \ Program \ MP3 Rocket \ MP3Rocket.exe
O4 - Global Startup: BT Broadband Desktop Help.lnk = C: \ Program Files \ BT Broadband Desktop Help \ bin \ matcli.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C: \ Program Files \ HP \ Digital Imaging \ bin \ hpqtra08.exe
O4 - Global Startup: NETGEAR WG311v2 Smart Configuration.lnk = C: \ Program Files \ NETGEAR WG311v2 Adapter \ wlancfg5.exe
O8 - Extra sammanhang menyobjektet: & Clean Traces - C: \ Program \ DAP \ Privacy Package \ dapcleanerie.htm
O8 - Extra sammanhang menyobjektet: & Ladda ner med & DAP - C: \ Program \ DAP \ dapextie.htm
O8 - Extra sammanhang menyobjektet: Download & all with DAP - C: \ Program \ DAP \ dapextie2.htm
Ø9 - Extra button: (inget namn) - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Program \ Java \ jre1.6.0_05 \ bin \ ssv.dll
Ø9 - Extra 'Tools' MENUITEM: Sun Java Console - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Program \ Java \ jre1.6.0_05 \ bin \ ssv.dll
Ø9 - Extra button: BT Yahoo! Services - (5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897) - C: \ progra ~ 1 \ Yahoo! \ Common \ yiesrvc.dll
Ø9 - Extra button: Messenger - (FB5F1910-F110-11d2-BB9E-00C04F795683) - C: \ Program Files \ Messenger \ msmsgs.exe
Ø9 - Extra 'Tools' MENUITEM: Windows Messenger - (FB5F1910-F110-11d2-BB9E-00C04F795683) - C: \ Program Files \ Messenger \ msmsgs.exe
O16 - DPF: (17492023-C23A-453E-A040-C7C580BBF700) (Windows Genuine Advantage Validation Tool) -- http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: (30528230-99f7-4bb4-88d8-fa1d4f56a2ab) (Installation Support) - C: \ Program \ Yahoo! \ Common \ Yinsthelper20073151.dll
O16 - DPF: (6F15128C-E66A-490C-B848-5000B5ABEEAC) (HP Download Manager) -- https: / / h20436.www2.hp.com/ediags/de...e/HPDEXAXO.cab
O16 - DPF: (BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B) (Zylom Games Player) -- http://game07.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: (D27CDB6E-AE6D-11CF-96B8-444553540000) (Shockwave Flash Object) -- http://fpdownload2.macromedia.com/ge...nt/swflash.cab
O20 - Winlogon Notify:! SASWinLogon - C: \ Program Files \ SUPERAntiSpyware \ SASWINLO.dll
O20 - Winlogon Notify: tuvsqpq - tuvsqpq.dll (fil saknas)
O20 - Winlogon Notify: yaywuvw - yaywuvw.dll (fil saknas)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C: \ Program Files \ Lavasoft \ Ad-Aware 2007 \ aawservice.exe
O23 - Service: AMD RAIDXpert (AMDRAIDXpert) - Unknown ägaren - C: \ Program Files \ AMD \ RAIDXpert \ brygga \ extra \ win32 \ Wrapper.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C: \ Program Files \ Common Files \ Apple \ Mobile Device Support \ bin \ AppleMobileDeviceService.exe
O23 - Service: Ati snabbtangent Poller - ATI Technologies Inc. - C: \ WINDOWS \ system32 \ Ati2evxx.exe
O23 - Service: ATI Smart - Unknown ägaren - C: \ WINDOWS \ system32 \ ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - Grisoft sro - C: \ Program \ Grisoft \ AVG Anti-Spyware 7.5 \ guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - Grisoft, sro - C: \ progra ~ 1 \ Grisoft \ AVG7 \ avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - Grisoft, sro - C: \ progra ~ 1 \ Grisoft \ AVG7 \ avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - Grisoft, sro - C: \ progra ~ 1 \ Grisoft \ AVG7 \ avgemc.exe
O23 - Service: Bonjour Service - Apple Inc. - C: \ Program Files \ Bonjour \ mDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Google - C: \ Program Files \ Google \ Common \ Google Updater \ GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C: \ Program Files \ Common Files \ InstallShield \ Driver \ 11 \ Intel 32 \ IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C: \ Program Files \ iPod \ bin \ iPodService.exe
O23 - Service: PML Driver HPZ12 - okänd ägare - C: \ WINDOWS \ system32 \ HPZipm12.exe (fil saknas)
O23 - Service: SPAMfighter Update Service - SPAMfighter ApS - C: \ Program \ SPAMfighter \ sfus.exe
O23 - Service: WLTRYSVC - okänd ägare - C: \ WINDOWS \ System32 \ wltrysvc.exe
O23 - Service: YPCService - Yahoo! Inc. - C: \ WINDOWS \ system32 \ YPCSER ~ 1.EXE
--
End of file - 10856 bytes

Ett stort tack

**evilfantasy** · #7 5 april 2008, 01:27

Ser ut som det fanns en hel del bort, finns det fortfarande vissa diskutabla poster i HijackThis log så vi måste köra några olika verktyg.

Hämta Vundofix.exe på skrivbordet.

Dubbelklicka VundoFix.exe för att köra den.
När VundoFix öppnas, klicka på Sök efter Vundo knappen.
När det är gjort skanning, klicka på Ta bort Vundo knappen.
Du kommer att få ett snabbt frågar om du vill ta bort filerna, klicka på JA
När du klickar på Ja, skrivbordet går tom så det börjar ta bort Vundo.
När färdig, men den kommer snabbt att det kommer att shutdown datorn, klicka på OK.
Förvandla din dator igen.
Vänligen skicka innehållet i C: \vundofix.txt och en ny HijackThis log.

Obs! Det är möjligt att VundoFix stött på en fil som inte kunde ta bort. I detta fall VundoFix kommer att köras på omstart helt enkelt följa ovanstående instruktioner från "Klicka på Scan för Vundo knappen" när VundoFix visas vid omstart.

Låt Vundo finish, ibland kan det ta flera passerar

----------

Hämta SDFix.exe och spara den på skrivbordet.

Dubbelklicka SDFix.exe och det kommer att extrahera filerna till% SystemDrive%
(Enhet som innehåller Windows-katalogen, normalt C: \ SDFix)

Var vänlig och starta om datorn i Felsäkert läge genom att göra följande:

Starta om datorn
Efter att ha hört din dator piper en gång vid starten, men innan Windows visas trycker du på F8 hela tiden;
I stället för Windows lastning som vanligt, den avancerade menyn ska visas;
Välj det första alternativet, att köra Windows i felsäkert läge, tryck Ange.
Välj ditt vanliga konto.
Öppna utvinns SDFix mappen och dubbelklicka RunThis.bat för att starta skriptet.
Typ Y att påbörja sanering process.
Det kommer att ta bort eventuella Trojan Tjänster och registerposter som hittas sedan uppmana dig att trycka på valfri tangent för att starta om.
Tryck på valfri knapp och det kommer att starta om datorn.
När datorn startar om Fixtool kommer att köra igen och slutföra borttagningsprocessen sedan visa FärdigaTryck på valfri knapp för att avsluta script och ladda ditt skrivbord ikoner.
När Skrivbordsikoner ladda SDFix rapport öppnas på skärmen och även spara i SDFix mapp som Report.txt
(Report.txt kommer också att kopieras till Urklipp).
Slutligen lägger du till innehållet i Report.txt i nästa inlägg.

----------

Kör nu en ny HijackThis scan och efter mycket log tillsammans med andra.

Dessutom vill jag veta hur det är nu.

**RB211** · #8 5 april 2008, 02:23

OK Nästa två.

VundoFix V7.0.3
Scan startade vid 10:07:05 05/04/2008
Notering filer hittas vid sökning ....
C: \ WINDOWS \ system32 \ anthkpru.dll
Börjar avlägsnande ...
Att försöka ta bort C: \ WINDOWS \ system32 \ anthkpru.dll
C: \ WINDOWS \ system32 \ anthkpru.dll har raderats!
Utföra Reparationer registret.
Gjord!

Loggfil av Trend Micro HijackThis v2.0.2
Scan sparades vid 10:18:53 den 05/04/2008
Plattform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Kör processer:
C: \ WINDOWS \ System32 \ Smss.exe
C: \ WINDOWS \ system32 \ Winlogon.exe
C: \ WINDOWS \ system32 \ services.exe
C: \ WINDOWS \ system32 \ Lsass.exe
C: \ WINDOWS \ system32 \ Ati2evxx.exe
C: \ WINDOWS \ system32 \ Svchost.exe
C: \ WINDOWS \ System32 \ Svchost.exe
C: \ WINDOWS \ system32 \ Ati2evxx.exe
C: \ WINDOWS \ system32 \ Spoolsv.exe
C: \ WINDOWS \ Explorer.EXE
C: \ Program Files \ AMD \ RAIDXpert \ brygga \ extra \ win32 \ Wrapper.exe
C: \ Program Files \ Common Files \ Apple \ Mobile Device Support \ bin \ AppleMobileDeviceService.exe
C: \ Program Files \ Grisoft \ AVG Anti-Spyware 7.5 \ guard.exe
C: \ Program Files \ AMD \ RAIDXpert \ _jvm \ bin \ java.exe
C: \ progra ~ 1 \ Grisoft \ AVG7 \ avgamsvr.exe
C: \ WINDOWS \ system32 \ rundll32.exe
C: \ Program Files \ btbb_wcm \ McciTrayApp.exe
C: \ progra ~ 1 \ Yahoo! \ Browser \ ybrwicon.exe
C: \ progra ~ 1 \ Grisoft \ AVG7 \ avgupsvc.exe
C: \ Program Files \ HP \ HP Software Update \ HPWuSchd2.exe
C: \ progra ~ 1 \ Grisoft \ AVG7 \ avgemc.exe
C: \ Program Files \ Logitech \ MediaLife \ MediaLifeService.exe
C: \ progra ~ 1 \ Yahoo! \ Browser \ ycommon.exe
C: \ WINDOWS \ Samsung \ LaserSMMgr \ ssmmgr.exe
C: \ Program Files \ Bonjour \ mDNSResponder.exe
C: \ progra ~ 1 \ Yahoo! \ YOP \ yop.exe
C: \ Program Files \ Google \ Common \ Google Updater \ GoogleUpdaterService.exe
C: \ Program \ SPAMfighter \ SFAgent.exe
C: \ Program \ SPAMfighter \ sfus.exe
C: \ WINDOWS \ system32 \ Svchost.exe
C: \ WINDOWS \ System32 \ wltrysvc.exe
C: \ WINDOWS \ System32 \ bcmwltry.exe
C: \ Program Files \ BT Broadband Desktop Help \ bin \ BTHelpNotifier.exe
C: \ Program Files \ ATI Technologies \ ATI.ACE \ Core-Static \ MOM.EXE
C: \ WINDOWS \ system32 \ spool \ drivers \ w32x86 \ 3 \ hpztsb0 4.exe
C: \ progra ~ 1 \ Grisoft \ AVG7 \ avgcc.exe
C: \ progra ~ 1 \ MI948F ~ 1 \ GAMECO ~ 1 \ Common \ SWTrayV4.exe
C: \ Program \ Microsoft IntelliType Pro \ itype.exe
C: \ Program \ Microsoft IntelliPoint \ ipoint.exe
C: \ Program \ Microsoft IntelliPoint \ dpupdchk.exe
C: \ Program Files \ Grisoft \ AVG Anti-Spyware 7.5 \ avgas.exe
C: \ Program \ Java \ jre1.6.0_05 \ bin \ jusched.exe
C: \ progra ~ 1 \ Yahoo! \ YOP \ SSDK02.exe
C: \ Program Files \ iTunes \ iTunesHelper.exe
C: \ WINDOWS \ system32 \ Ctfmon.exe
C: \ Program \ Google \ GoogleToolbarNotifier \ GoogleToolbarNo tifier.exe
C: \ Program Files \ DNA \ btdna.exe
C: \ WINDOWS \ system32 \ msiexec.exe
C: \ Program Files \ iPod \ bin \ iPodService.exe
C: \ Program Files \ Messenger \ msmsgs.exe
C: \ Program Files \ SUPERAntiSpyware \ SUPERAntiSpyware.exe
C: \ Program Files \ ATI Technologies \ ATI.ACE \ Core-Static \ ccc.exe
C: \ Program Files \ HP \ Digital Imaging \ bin \ hpqtra08.exe
C: \ WINDOWS \ System32 \ Svchost.exe
C: \ Program Files \ BT Broadband Desktop Help \ bin \ mpbtn.exe
C: \ Program Files \ NETGEAR WG311v2 Adapter \ wlancfg5.exe
C: \ Program \ Java \ jre1.6.0_05 \ bin \ javaw.exe
C: \ WINDOWS \ system32 \ wuauclt.exe
C: \ Program Files \ Internet Explorer \ iexplore.exe
C: \ WINDOWS \ system32 \ wuauclt.exe
C: \ Program Files \ Trend Micro \ HijackThis \ HijackThis.exe
R0 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://news.bbc.co.uk/sport1/hi/football/default.stm
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Search Bar = http://uk.red.clientapps.yahoo.com/c...o/bt_side.html
R1 - HKCU \ Software \ Microsoft \ Windows \ CurrentVersion \ Int ernet Settings, ProxyOverride = 127.0.0.1; *. lokala
R3 - URLSearchHook: Yahoo! Toolbar - (EF99BD32-C1FB-11D2-892F-0090271D4F88) - C: \ Program \ Yahoo! \ Companion \ installs \ cpn0 \ yt.dll
O2 - BHO: (inget namn) - (3CAB59B4-55A3-4737-9FD5-B93C6430BF75) - C: \ WINDOWS \ system32 \ sjmxcfmu.dll
O2 - BHO: SSVHelper Class - (761497BB-D6F0-462C-B6EB-D4DAF1D92D43) - C: \ Program \ Java \ jre1.6.0_05 \ bin \ ssv.dll
O3 - Toolbar: Yahoo! Toolbar - (EF99BD32-C1FB-11D2-892F-0090271D4F88) - C: \ Program \ Yahoo! \ Companion \ installs \ cpn0 \ yt.dll
O3 - Toolbar: & Google - (2318C2B1-4965-11D4-9B18-009027A5CD4F) - c: \ program \ google \ googletoolbar1.dll
O3 - Toolbar: Ask Toolbar - (F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA) - C: \ Program Files \ AskSBar \ bar \ 1.bin \ ASKSBAR.DLL
O4 - HKLM \ .. \ Run: [C6501Sound] rundll32 c6501.cpl, CMICtrlWnd
O4 - HKLM \ .. \ Run: [btbb_wcm_McciTrayApp] C: \ Program Files \ btbb_wcm \ McciTrayApp.exe
O4 - HKLM \ .. \ Run: [YBrowser] C: \ progra ~ 1 \ Yahoo! \ Browser \ ybrwicon.exe
O4 - HKLM \ .. \ Run: [HPHUPD08] C: \ Program Files \ HP \ Digital Imaging \ (33D6CC28-9F75-4d1b-A11D-98895B3A3729) \ hphupd08.exe
O4 - HKLM \ .. \ Run: [HP Software Update] C: \ Program Files \ HP \ HP Software Update \ HPWuSchd2.exe
O4 - HKLM \ .. \ Run: [MediaLifeService] "C: \ Program Files \ Logitech \ MediaLife \ MediaLifeService.exe"
O4 - HKLM \ .. \ Run: [Samsung LBP SM] "C: \ WINDOWS \ Samsung \ LaserSMMgr \ ssmmgr.exe" / autorun
O4 - HKLM \ .. \ Run: [YOP] C: \ progra ~ 1 \ Yahoo! \ YOP \ yop.exe / autostart
O4 - HKLM \ .. \ Run: [SPAMfighter Agent] "C: \ Program \ SPAMfighter \ SFAgent.exe" uppdatera fördröjning 60
O4 - HKLM \ .. \ Run: [btbb_McciTrayApp] C: \ Program Files \ BT Broadband Desktop Help \ bin \ BTHelpNotifier.exe
O4 - HKLM \ .. \ Run: [StartCCC] "C: \ Program Files \ ATI Technologies \ ATI.ACE \ Core-Static \ CLIStart.exe"
O4 - HKLM \ .. \ Run: [amd_dc_opt] C: \ Program Files \ AMD \ Dual-Core Optimizer \ amd_dc_opt.exe
O4 - HKLM \ .. \ Run: [HPDJ Taskbar Utility] C: \ WINDOWS \ system32 \ spool \ drivers \ w32x86 \ 3 \ hpztsb0 4.exe
O4 - HKLM \ .. \ Run: [AVG7_CC] C: \ progra ~ 1 \ Grisoft \ AVG7 \ avgcc.exe / STARTUP
O4 - HKLM \ .. \ Run: [SideWinderTrayV4] C: \ progra ~ 1 \ MI948F ~ 1 \ GAMECO ~ 1 \ Common \ SWTrayV4.exe
O4 - HKLM \ .. \ Run: [itype] "C: \ Program \ Microsoft IntelliType Pro \ itype.exe"
O4 - HKLM \ .. \ Run: [IntelliPoint] "C: \ Program \ Microsoft IntelliPoint \ ipoint.exe"
O4 - HKLM \ .. \ Run: [! AVG Anti-Spyware] "C: \ Program Files \ Grisoft \ AVG Anti-Spyware 7.5 \ avgas.exe" / minimeras
O4 - HKLM \ .. \ Run: [SunJavaUpdateSched] "C: \ Program \ Java \ jre1.6.0_05 \ bin \ jusched.exe"
O4 - HKLM \ .. \ Run: [QuickTime Task] "C: \ Program \ QuickTime \ QTTask.exe"-atboottime
O4 - HKLM \ .. \ Run: [iTunesHelper] "C: \ Program Files \ iTunes \ iTunesHelper.exe"
O4 - HKCU \ .. \ Run: [Ctfmon.exe] C: \ WINDOWS \ system32 \ Ctfmon.exe
O4 - HKCU \ .. \ Run: [SWG] C: \ Program \ Google \ GoogleToolbarNotifier \ GoogleToolbarNo tifier.exe
O4 - HKCU \ .. \ Run: [BitTorrent DNA] "C: \ Program Files \ DNA \ btdna.exe"
O4 - HKCU \ .. \ Run: [MSMSGS] "C: \ Program Files \ Messenger \ msmsgs.exe" / bakgrund
O4 - HKCU \ .. \ Run: [SUPERAntiSpyware] C: \ Program Files \ SUPERAntiSpyware \ SUPERAntiSpyware.exe
O4 - HKUS \ S-1-5-19 \ .. \ Run: [Ctfmon.exe] C: \ WINDOWS \ system32 \ Ctfmon.exe (User 'LOCAL SERVICE')
O4 - HKUS \ S-1-5-19 \ .. \ Run: [AVG7_Run] C: \ progra ~ 1 \ Grisoft \ AVG7 \ avgw.exe / RunOnce (User 'LOCAL SERVICE')
O4 - HKUS \ S-1-5-20 \ .. \ Run: [Ctfmon.exe] C: \ WINDOWS \ system32 \ Ctfmon.exe (User 'NETWORK SERVICE')
O4 - HKUS \ S-1-5-18 \ .. \ Run: [Ctfmon.exe] C: \ WINDOWS \ system32 \ Ctfmon.exe (User "SYSTEM")
O4 - HKUS \. DEFAULT \ .. \ Run: [Ctfmon.exe] C: \ WINDOWS \ system32 \ Ctfmon.exe (User 'Default user')
O4 - Startup: MP3 Rocket (Minimerad). Lnk = C: \ Program \ MP3 Rocket \ MP3Rocket.exe
O4 - Global Startup: BT Broadband Desktop Help.lnk = C: \ Program Files \ BT Broadband Desktop Help \ bin \ matcli.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C: \ Program Files \ HP \ Digital Imaging \ bin \ hpqtra08.exe
O4 - Global Startup: NETGEAR WG311v2 Smart Configuration.lnk = C: \ Program Files \ NETGEAR WG311v2 Adapter \ wlancfg5.exe
O8 - Extra sammanhang menyobjektet: & Clean Traces - C: \ Program \ DAP \ Privacy Package \ dapcleanerie.htm
O8 - Extra sammanhang menyobjektet: & Ladda ner med & DAP - C: \ Program \ DAP \ dapextie.htm
O8 - Extra sammanhang menyobjektet: Download & all with DAP - C: \ Program \ DAP \ dapextie2.htm
Ø9 - Extra button: (inget namn) - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Program \ Java \ jre1.6.0_05 \ bin \ ssv.dll
Ø9 - Extra 'Tools' MENUITEM: Sun Java Console - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Program \ Java \ jre1.6.0_05 \ bin \ ssv.dll
Ø9 - Extra button: BT Yahoo! Services - (5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897) - C: \ progra ~ 1 \ Yahoo! \ Common \ yiesrvc.dll
Ø9 - Extra button: Messenger - (FB5F1910-F110-11d2-BB9E-00C04F795683) - C: \ Program Files \ Messenger \ msmsgs.exe
Ø9 - Extra 'Tools' MENUITEM: Windows Messenger - (FB5F1910-F110-11d2-BB9E-00C04F795683) - C: \ Program Files \ Messenger \ msmsgs.exe
O16 - DPF: (17492023-C23A-453E-A040-C7C580BBF700) (Windows Genuine Advantage Validation Tool) -- http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: (30528230-99f7-4bb4-88d8-fa1d4f56a2ab) (Installation Support) - C: \ Program \ Yahoo! \ Common \ Yinsthelper20073151.dll
O16 - DPF: (6F15128C-E66A-490C-B848-5000B5ABEEAC) (HP Download Manager) -- https: / / h20436.www2.hp.com/ediags/de...e/HPDEXAXO.cab
O16 - DPF: (BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B) (Zylom Games Player) -- http://game07.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: (D27CDB6E-AE6D-11CF-96B8-444553540000) (Shockwave Flash Object) -- http://fpdownload2.macromedia.com/ge...nt/swflash.cab
O20 - Winlogon Notify:! SASWinLogon - C: \ Program Files \ SUPERAntiSpyware \ SASWINLO.dll
O20 - Winlogon Notify: tuvsqpq - tuvsqpq.dll (fil saknas)
O20 - Winlogon Notify: yaywuvw - yaywuvw.dll (fil saknas)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C: \ Program Files \ Lavasoft \ Ad-Aware 2007 \ aawservice.exe
O23 - Service: AMD RAIDXpert (AMDRAIDXpert) - Unknown ägaren - C: \ Program Files \ AMD \ RAIDXpert \ brygga \ extra \ win32 \ Wrapper.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C: \ Program Files \ Common Files \ Apple \ Mobile Device Support \ bin \ AppleMobileDeviceService.exe
O23 - Service: Ati snabbtangent Poller - ATI Technologies Inc. - C: \ WINDOWS \ system32 \ Ati2evxx.exe
O23 - Service: ATI Smart - Unknown ägaren - C: \ WINDOWS \ system32 \ ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - Grisoft sro - C: \ Program \ Grisoft \ AVG Anti-Spyware 7.5 \ guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - Grisoft, sro - C: \ progra ~ 1 \ Grisoft \ AVG7 \ avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - Grisoft, sro - C: \ progra ~ 1 \ Grisoft \ AVG7 \ avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - Grisoft, sro - C: \ progra ~ 1 \ Grisoft \ AVG7 \ avgemc.exe
O23 - Service: Bonjour Service - Apple Inc. - C: \ Program Files \ Bonjour \ mDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Google - C: \ Program Files \ Google \ Common \ Google Updater \ GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C: \ Program Files \ Common Files \ InstallShield \ Driver \ 11 \ Intel 32 \ IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C: \ Program Files \ iPod \ bin \ iPodService.exe
O23 - Service: PML Driver HPZ12 - okänd ägare - C: \ WINDOWS \ system32 \ HPZipm12.exe (fil saknas)
O23 - Service: SPAMfighter Update Service - SPAMfighter ApS - C: \ Program \ SPAMfighter \ sfus.exe
O23 - Service: WLTRYSVC - okänd ägare - C: \ WINDOWS \ System32 \ wltrysvc.exe
O23 - Service: YPCService - Yahoo! Inc. - C: \ WINDOWS \ system32 \ YPCSER ~ 1.EXE
--
End of file - 10853 bytes

**evilfantasy** · #9 5 april 2008, 02:36

SDFix log?

**RB211** · #10 5 april 2008, 02:51

OK SDFix och senaste prickskytt:

Skål

SDFix: Version 1.166
Kör med Danny på 05/04/2008 vid 10:38
Microsoft Windows XP [Version 5.1.2600]
Running From: C: \ sdfix \ SDFix
Kontrollera Tjänster :

Återställa Windows registervärdena
Restoring Windows Default Hosts File
Omstart

Kontrollera Filer :
Trojan Files Found:
C: \ WINDOWS \ Temp \ 1852.tmp.lst - Utgår
C: \ WINDOWS \ Temp \ 2723.tmp.lst - Utgår
C: \ WINDOWS \ Temp \ 2F76.tmp.lst - Utgår
C: \ WINDOWS \ Temp \ 541A.tmp.lst - Utgår
C: \ WINDOWS \ Temp \ 580D.tmp.lst - Utgår
C: \ WINDOWS \ Temp \ 6E54.tmp.lst - Utgår
C: \ WINDOWS \ fetchuserid.exe - Utgår

Mappen C: \ Program Files \ drmupgds - Borttaget

Ta bort Temp Files
ADS Check :

Final Check :
CatchMe 0.3.1344.2 W2K/XP/Vista - rootkit / stealth malware detector av Gmer, http://www.gmer.net
Rootkit scan 2008-04-05 10:44:19
Windows 5.1.2600 Service Pack 2 NTFS
scanning dolda processer ...
scanning dolda tjänster & Systemregistret ...
scanning dolda registerposterna ...
scanning dolda filer ...
scan completed successfully
dolda processer: 0
dolda tjänster: 0
dolda filer: 0

Återstående Tjänster :

Authorized Application Key Export:
[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ tjänster es \ SharedAccess \ Parameters \ firewallpolicy \ standard profile \ authorizedapplications \ lista]
"C: \ \ Program Files \ \ BitTorrent \ \ bittorrent.exe" = "C: \ \ Program Files \ \ BitTorrent \ \ bittorrent.exe: *: Enabled: BitTor hyra"
"C: \ \ Program Files \ \ DNA \ \ btdna.exe" = "C: \ \ Program Files \ \ DNA \ \ btdna.exe: *: Enabled: DNA"
"C: \ \ Program \ \ ICQ \ \ Icq.exe" = "C: \ \ Program \ \ ICQ \ \ Icq.exe: *: Enabled: ICQ"
"C: \ \ Program \ \ Yahoo! \ \ Messenger \ \ YahooMessenger.exe" = "C: \ \ Program \ \ Yahoo! \ \ Messenger \ \ YahooMessenger.exe: *: Ena bled: Yahoo! Messenger"
"C: \ \ Program Files \ \ LimeWire \ \ LimeWire.exe" = "C: \ \ Program Files \ \ LimeWire \ \ LimeWire.exe: *: Enabled: LimeWire"
"D: \ \ Program \ \ Microsoft Games \ \ Flight Simulator 9 \ \ fs9.exe" = "D: \ \ Program \ \ Microsoft Games \ \ Flight Simulator 9 \ \ fs9.exe: *: Enabled: Microsoft Flight Simulator "
"C: \ \ WINDOWS \ \ system32 \ \ dpnsvr.exe" = "C: \ \ WINDOWS \ \ system32 \ \ dpnsvr.exe: *: Enabled: Microsoft DirectPlay8 Server"
"C: \ \ Program Files \ \ Kontiki \ \ KService.exe" = "C: \ \ Program Files \ \ Kontiki \ \ KService.exe: *: Enabled: Delivery Manager Service"
"C: \ \ Program Files \ \ Ubisoft \ \ Gearbox Software \ \ BrothersInArmsEiB \ \ System \ \ EiB.exe" = "C: \ \ Program Files \ \ Ubisoft \ \ Gearbox Software \ \ BrothersInArmsEiB \ \ System \ \ EIB . exe: *: Ena bled: Brothers in Arms Earned i blod "
"C: \ \ Valve \ \ Condition Zero \ \ czero.exe" = "C: \ \ Valve \ \ Condition Zero \ \ czero.exe: *: Enabled: Condition Zero Launcher"
"C: \ \ Program \ \ Java \ \ jre1.6.0_04 \ \ bin \ \ javaw.exe" = "C: \ \ Pro gram Files \ \ Java \ \ jre1.6.0_04 \ \ bin \ \ javaw. exe: *: Enabled: Java (TM) Platform SE binary "
"C: \ \ Program Files \ \ DAP \ \ DAP.exe" = "C: \ \ Program Files \ \ DAP \ \ DAP.exe: *: Enabled: Download Accelerator Plus (DAP)
"% windir% \ \ system32 \ \ sessmgr.exe" = "% windir% \ \ syste m32 \ \ sessmgr.exe: *: Enabled: @ Xpsp2res.dll, -22019"
"C: \ \ Program Files \ \ SpeedBit Video Accelerator \ \ VideoAccelerator.exe" = "C: \ \ Program Files \ \ SpeedBit Video Accelerator \ \ VideoAccelerator.exe: *: Enabled: VideoA ccelerator"
"C: \ \ Program Files \ \ SpeedBit Video Accelerator \ \ VideoAcceleratorEngine.exe" = "C: \ \ Prog ram Files \ \ SpeedBit Video Accelerator \ \ VideoAcceleratorEngine.exe: *: Enabled: VideoAcceleratorService"
"C: \ \ Program \ \ Java \ \ jre1.6.0_05 \ \ bin \ \ javaw.exe" = "C: \ \ Pro gram Files \ \ Java \ \ jre1.6.0_05 \ \ bin \ \ javaw. exe: *: Enabled: Java (TM) Platform SE binary "
"C: \ \ Program Files \ \ iTunes \ \ iTunes.exe" = "C: \ \ Program Files \ \ iTunes \ \ iTunes.exe: *: Enabled: iTunes"
[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ tjänster es \ SharedAccess \ Parameters \ firewallpolicy \ domainpr ofile \ authorizedapplications \ lista]
"% windir% \ \ system32 \ \ sessmgr.exe" = "% windir% \ \ syste m32 \ \ sessmgr.exe: *: Enabled: @ Xpsp2res.dll, -22019"
Kvarvarande Filer :

Arkiv säkerhetskopiering - C: \ sdfix \ SDFix \ backups \ backups.zip
Filer med dolda attribut :
Tirsdag den 5 februari 2008 4348 A.SH. --- "C: \ Documents and Settings \ All Users \ DRM \ DRMv1.bak"
Måndag 28 januari 2008 0 A.SH. --- "C: \ Documents and Settings \ All Users \ DRM \ Cache \ Indiv01.tmp"
Färdiga!

och

Loggfil av Trend Micro HijackThis v2.0.2
Scan sparades vid 10:48:43 den 05/04/2008
Plattform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Kör processer:
C: \ WINDOWS \ System32 \ Smss.exe
C: \ WINDOWS \ system32 \ csrss.exe
C: \ WINDOWS \ system32 \ Winlogon.exe
C: \ WINDOWS \ system32 \ services.exe
C: \ WINDOWS \ system32 \ Lsass.exe
C: \ WINDOWS \ system32 \ Ati2evxx.exe
C: \ WINDOWS \ system32 \ Svchost.exe
C: \ WINDOWS \ system32 \ Svchost.exe
C: \ WINDOWS \ System32 \ Svchost.exe
C: \ WINDOWS \ system32 \ Svchost.exe
C: \ WINDOWS \ system32 \ Ati2evxx.exe
C: \ WINDOWS \ system32 \ Svchost.exe
C: \ WINDOWS \ system32 \ Spoolsv.exe
C: \ Program Files \ AMD \ RAIDXpert \ brygga \ extra \ win32 \ Wrapper.exe
C: \ Program Files \ Common Files \ Apple \ Mobile Device Support \ bin \ AppleMobileDeviceService.exe
C: \ Program Files \ Grisoft \ AVG Anti-Spyware 7.5 \ guard.exe
C: \ progra ~ 1 \ Grisoft \ AVG7 \ avgamsvr.exe
C: \ Program Files \ AMD \ RAIDXpert \ _jvm \ bin \ java.exe
C: \ progra ~ 1 \ Grisoft \ AVG7 \ avgupsvc.exe
C: \ progra ~ 1 \ Grisoft \ AVG7 \ avgemc.exe
C: \ Program Files \ Bonjour \ mDNSResponder.exe
C: \ Program Files \ Google \ Common \ Google Updater \ GoogleUpdaterService.exe
C: \ Program \ SPAMfighter \ sfus.exe
C: \ WINDOWS \ system32 \ Svchost.exe
C: \ WINDOWS \ System32 \ wltrysvc.exe
C: \ WINDOWS \ System32 \ bcmwltry.exe
C: \ WINDOWS \ Explorer.EXE
C: \ WINDOWS \ System32 \ alg.exe
C: \ WINDOWS \ system32 \ wuauclt.exe
C: \ WINDOWS \ system32 \ rundll32.exe
C: \ Program Files \ btbb_wcm \ McciTrayApp.exe
C: \ WINDOWS \ system32 \ wuauclt.exe
C: \ WINDOWS \ System32 \ Svchost.exe
C: \ progra ~ 1 \ Yahoo! \ Browser \ ybrwicon.exe
C: \ progra ~ 1 \ Yahoo! \ Browser \ ycommon.exe
C: \ Program Files \ HP \ HP Software Update \ HPWuSchd2.exe
C: \ Program Files \ Logitech \ MediaLife \ MediaLifeService.exe
C: \ WINDOWS \ Samsung \ LaserSMMgr \ ssmmgr.exe
C: \ progra ~ 1 \ Yahoo! \ YOP \ yop.exe
C: \ Program \ SPAMfighter \ SFAgent.exe
C: \ Program Files \ BT Broadband Desktop Help \ bin \ BTHelpNotifier.exe
C: \ Program Files \ ATI Technologies \ ATI.ACE \ Core-Static \ MOM.EXE
C: \ WINDOWS \ system32 \ msiexec.exe
C: \ WINDOWS \ system32 \ spool \ drivers \ w32x86 \ 3 \ hpztsb0 4.exe
C: \ progra ~ 1 \ Grisoft \ AVG7 \ avgcc.exe
C: \ progra ~ 1 \ MI948F ~ 1 \ GAMECO ~ 1 \ Common \ SWTrayV4.exe
C: \ Program \ Microsoft IntelliType Pro \ itype.exe
C: \ Program \ Microsoft IntelliPoint \ ipoint.exe
C: \ Program \ Microsoft IntelliType Pro \ dpupdchk.exe
C: \ progra ~ 1 \ Yahoo! \ YOP \ SSDK02.exe
C: \ Program Files \ Grisoft \ AVG Anti-Spyware 7.5 \ avgas.exe
C: \ Program \ Java \ jre1.6.0_05 \ bin \ jusched.exe
C: \ WINDOWS \ system32 \ wbem \ wmiprvse.exe
C: \ Program Files \ iTunes \ iTunesHelper.exe
C: \ WINDOWS \ system32 \ Ctfmon.exe
C: \ Program \ Google \ GoogleToolbarNotifier \ GoogleToolbarNo tifier.exe
C: \ Program Files \ iPod \ bin \ iPodService.exe
C: \ Program Files \ DNA \ btdna.exe
C: \ Program Files \ Messenger \ msmsgs.exe
C: \ Program Files \ SUPERAntiSpyware \ SUPERAntiSpyware.exe
C: \ Program Files \ BT Broadband Desktop Help \ bin \ mpbtn.exe
C: \ Program Files \ HP \ Digital Imaging \ bin \ hpqtra08.exe
C: \ Program Files \ NETGEAR WG311v2 Adapter \ wlancfg5.exe
C: \ Program \ Java \ jre1.6.0_05 \ bin \ javaw.exe
C: \ Program Files \ ATI Technologies \ ATI.ACE \ Core-Static \ ccc.exe
C: \ Program Files \ Trend Micro \ HijackThis \ HijackThis.exe
C: \ WINDOWS \ system32 \ wbem \ wmiprvse.exe
R0 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://news.bbc.co.uk/sport1/hi/football/default.stm
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Search Bar = http://uk.red.clientapps.yahoo.com/c...o/bt_side.html
R1 - HKCU \ Software \ Microsoft \ Windows \ CurrentVersion \ Int ernet Settings, ProxyOverride = 127.0.0.1; *. lokala
R3 - URLSearchHook: Yahoo! Toolbar - (EF99BD32-C1FB-11D2-892F-0090271D4F88) - C: \ Program \ Yahoo! \ Companion \ installs \ cpn0 \ yt.dll
O2 - BHO: (inget namn) - (3CAB59B4-55A3-4737-9FD5-B93C6430BF75) - C: \ WINDOWS \ system32 \ sjmxcfmu.dll
O2 - BHO: SSVHelper Class - (761497BB-D6F0-462C-B6EB-D4DAF1D92D43) - C: \ Program \ Java \ jre1.6.0_05 \ bin \ ssv.dll
O3 - Toolbar: Yahoo! Toolbar - (EF99BD32-C1FB-11D2-892F-0090271D4F88) - C: \ Program \ Yahoo! \ Companion \ installs \ cpn0 \ yt.dll
O3 - Toolbar: & Google - (2318C2B1-4965-11D4-9B18-009027A5CD4F) - c: \ program \ google \ googletoolbar1.dll
O3 - Toolbar: Ask Toolbar - (F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA) - C: \ Program Files \ AskSBar \ bar \ 1.bin \ ASKSBAR.DLL
O4 - HKLM \ .. \ Run: [C6501Sound] rundll32 c6501.cpl, CMICtrlWnd
O4 - HKLM \ .. \ Run: [btbb_wcm_McciTrayApp] C: \ Program Files \ btbb_wcm \ McciTrayApp.exe
O4 - HKLM \ .. \ Run: [YBrowser] C: \ progra ~ 1 \ Yahoo! \ Browser \ ybrwicon.exe
O4 - HKLM \ .. \ Run: [HPHUPD08] C: \ Program Files \ HP \ Digital Imaging \ (33D6CC28-9F75-4d1b-A11D-98895B3A3729) \ hphupd08.exe
O4 - HKLM \ .. \ Run: [HP Software Update] C: \ Program Files \ HP \ HP Software Update \ HPWuSchd2.exe
O4 - HKLM \ .. \ Run: [MediaLifeService] "C: \ Program Files \ Logitech \ MediaLife \ MediaLifeService.exe"
O4 - HKLM \ .. \ Run: [Samsung LBP SM] "C: \ WINDOWS \ Samsung \ LaserSMMgr \ ssmmgr.exe" / autorun
O4 - HKLM \ .. \ Run: [YOP] C: \ progra ~ 1 \ Yahoo! \ YOP \ yop.exe / autostart
O4 - HKLM \ .. \ Run: [SPAMfighter Agent] "C: \ Program \ SPAMfighter \ SFAgent.exe" uppdatera fördröjning 60
O4 - HKLM \ .. \ Run: [btbb_McciTrayApp] C: \ Program Files \ BT Broadband Desktop Help \ bin \ BTHelpNotifier.exe
O4 - HKLM \ .. \ Run: [StartCCC] "C: \ Program Files \ ATI Technologies \ ATI.ACE \ Core-Static \ CLIStart.exe"
O4 - HKLM \ .. \ Run: [amd_dc_opt] C: \ Program Files \ AMD \ Dual-Core Optimizer \ amd_dc_opt.exe
O4 - HKLM \ .. \ Run: [HPDJ Taskbar Utility] C: \ WINDOWS \ system32 \ spool \ drivers \ w32x86 \ 3 \ hpztsb0 4.exe
O4 - HKLM \ .. \ Run: [AVG7_CC] C: \ progra ~ 1 \ Grisoft \ AVG7 \ avgcc.exe / STARTUP
O4 - HKLM \ .. \ Run: [SideWinderTrayV4] C: \ progra ~ 1 \ MI948F ~ 1 \ GAMECO ~ 1 \ Common \ SWTrayV4.exe
O4 - HKLM \ .. \ Run: [itype] "C: \ Program \ Microsoft IntelliType Pro \ itype.exe"
O4 - HKLM \ .. \ Run: [IntelliPoint] "C: \ Program \ Microsoft IntelliPoint \ ipoint.exe"
O4 - HKLM \ .. \ Run: [! AVG Anti-Spyware] "C: \ Program Files \ Grisoft \ AVG Anti-Spyware 7.5 \ avgas.exe" / minimeras
O4 - HKLM \ .. \ Run: [SunJavaUpdateSched] "C: \ Program \ Java \ jre1.6.0_05 \ bin \ jusched.exe"
O4 - HKLM \ .. \ Run: [QuickTime Task] "C: \ Program \ QuickTime \ QTTask.exe"-atboottime
O4 - HKLM \ .. \ Run: [iTunesHelper] "C: \ Program Files \ iTunes \ iTunesHelper.exe"
O4 - HKCU \ .. \ Run: [Ctfmon.exe] C: \ WINDOWS \ system32 \ Ctfmon.exe
O4 - HKCU \ .. \ Run: [SWG] C: \ Program \ Google \ GoogleToolbarNotifier \ GoogleToolbarNo tifier.exe
O4 - HKCU \ .. \ Run: [BitTorrent DNA] "C: \ Program Files \ DNA \ btdna.exe"
O4 - HKCU \ .. \ Run: [MSMSGS] "C: \ Program Files \ Messenger \ msmsgs.exe" / bakgrund
O4 - HKCU \ .. \ Run: [SUPERAntiSpyware] C: \ Program Files \ SUPERAntiSpyware \ SUPERAntiSpyware.exe
O4 - HKUS \ S-1-5-19 \ .. \ Run: [Ctfmon.exe] C: \ WINDOWS \ system32 \ Ctfmon.exe (User 'LOCAL SERVICE')
O4 - HKUS \ S-1-5-19 \ .. \ Run: [AVG7_Run] C: \ progra ~ 1 \ Grisoft \ AVG7 \ avgw.exe / RunOnce (User 'LOCAL SERVICE')
O4 - HKUS \ S-1-5-20 \ .. \ Run: [Ctfmon.exe] C: \ WINDOWS \ system32 \ Ctfmon.exe (User 'NETWORK SERVICE')
O4 - HKUS \ S-1-5-18 \ .. \ Run: [Ctfmon.exe] C: \ WINDOWS \ system32 \ Ctfmon.exe (User "SYSTEM")
O4 - HKUS \. DEFAULT \ .. \ Run: [Ctfmon.exe] C: \ WINDOWS \ system32 \ Ctfmon.exe (User 'Default user')
O4 - Startup: MP3 Rocket (Minimerad). Lnk = C: \ Program \ MP3 Rocket \ MP3Rocket.exe
O4 - Global Startup: BT Broadband Desktop Help.lnk = C: \ Program Files \ BT Broadband Desktop Help \ bin \ matcli.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C: \ Program Files \ HP \ Digital Imaging \ bin \ hpqtra08.exe
O4 - Global Startup: NETGEAR WG311v2 Smart Configuration.lnk = C: \ Program Files \ NETGEAR WG311v2 Adapter \ wlancfg5.exe
O8 - Extra sammanhang menyobjektet: & Clean Traces - C: \ Program \ DAP \ Privacy Package \ dapcleanerie.htm
O8 - Extra sammanhang menyobjektet: & Ladda ner med & DAP - C: \ Program \ DAP \ dapextie.htm
O8 - Extra sammanhang menyobjektet: Download & all with DAP - C: \ Program \ DAP \ dapextie2.htm
Ø9 - Extra button: (inget namn) - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Program \ Java \ jre1.6.0_05 \ bin \ ssv.dll
Ø9 - Extra 'Tools' MENUITEM: Sun Java Console - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Program \ Java \ jre1.6.0_05 \ bin \ ssv.dll
Ø9 - Extra button: BT Yahoo! Services - (5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897) - C: \ progra ~ 1 \ Yahoo! \ Common \ yiesrvc.dll
Ø9 - Extra button: Messenger - (FB5F1910-F110-11d2-BB9E-00C04F795683) - C: \ Program Files \ Messenger \ msmsgs.exe
Ø9 - Extra 'Tools' MENUITEM: Windows Messenger - (FB5F1910-F110-11d2-BB9E-00C04F795683) - C: \ Program Files \ Messenger \ msmsgs.exe
O16 - DPF: (17492023-C23A-453E-A040-C7C580BBF700) (Windows Genuine Advantage Validation Tool) -- http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: (30528230-99f7-4bb4-88d8-fa1d4f56a2ab) (Installation Support) - C: \ Program \ Yahoo! \ Common \ Yinsthelper20073151.dll
O16 - DPF: (6F15128C-E66A-490C-B848-5000B5ABEEAC) (HP Download Manager) -- https: / / h20436.www2.hp.com/ediags/de...e/HPDEXAXO.cab
O16 - DPF: (BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B) (Zylom Games Player) -- http://game07.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: (D27CDB6E-AE6D-11CF-96B8-444553540000) (Shockwave Flash Object) -- http://fpdownload2.macromedia.com/ge...nt/swflash.cab
O20 - Winlogon Notify:! SASWinLogon - C: \ Program Files \ SUPERAntiSpyware \ SASWINLO.dll
O20 - Winlogon Notify: tuvsqpq - tuvsqpq.dll (fil saknas)
O20 - Winlogon Notify: yaywuvw - yaywuvw.dll (fil saknas)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C: \ Program Files \ Lavasoft \ Ad-Aware 2007 \ aawservice.exe
O23 - Service: AMD RAIDXpert (AMDRAIDXpert) - Unknown ägaren - C: \ Program Files \ AMD \ RAIDXpert \ brygga \ extra \ win32 \ Wrapper.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C: \ Program Files \ Common Files \ Apple \ Mobile Device Support \ bin \ AppleMobileDeviceService.exe
O23 - Service: Ati snabbtangent Poller - ATI Technologies Inc. - C: \ WINDOWS \ system32 \ Ati2evxx.exe
O23 - Service: ATI Smart - Unknown ägaren - C: \ WINDOWS \ system32 \ ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - Grisoft sro - C: \ Program \ Grisoft \ AVG Anti-Spyware 7.5 \ guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - Grisoft, sro - C: \ progra ~ 1 \ Grisoft \ AVG7 \ avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - Grisoft, sro - C: \ progra ~ 1 \ Grisoft \ AVG7 \ avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - Grisoft, sro - C: \ progra ~ 1 \ Grisoft \ AVG7 \ avgemc.exe
O23 - Service: Bonjour Service - Apple Inc. - C: \ Program Files \ Bonjour \ mDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Google - C: \ Program Files \ Google \ Common \ Google Updater \ GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C: \ Program Files \ Common Files \ InstallShield \ Driver \ 11 \ Intel 32 \ IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C: \ Program Files \ iPod \ bin \ iPodService.exe
O23 - Service: PML Driver HPZ12 - okänd ägare - C: \ WINDOWS \ system32 \ HPZipm12.exe (fil saknas)
O23 - Service: SPAMfighter Update Service - SPAMfighter ApS - C: \ Program \ SPAMfighter \ sfus.exe
O23 - Service: WLTRYSVC - okänd ägare - C: \ WINDOWS \ System32 \ wltrysvc.exe
O23 - Service: YPCService - Yahoo! Inc. - C: \ WINDOWS \ system32 \ YPCSER ~ 1.EXE
--
End of file - 11044 bytes