Just nu i M3-nätverket
Gå till innehåll

marni

Medlem
  • Antal inlägg

    16
  • Gick med

  • Senaste besök

    Aldrig
  1. Tack! Detta hittade Spybot. Ska allt detta bort? [log]MediaPlex: Tracking cookie (Internet Explorer: Marie Nilsson) (Cookie, nothing done) CommonName: Temporary directory (Directory, nothing done) C:\WINDOWS\Temp\Adware DoubleClick: Tracking cookie (Internet Explorer: Marie Nilsson) (Cookie, nothing done) DSO Exploit: Data source object exploit (Registry change, nothing done) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1004!=W=3 DSO Exploit: Data source object exploit (Registry change, nothing done) HKEY_USERS\S-1-5-21-1390067357-1532298954-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1004!=W=3 DSO Exploit: Data source object exploit (Registry change, nothing done) HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1004!=W=3 DSO Exploit: Data source object exploit (Registry change, nothing done) HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1004!=W=3 DSO Exploit: Data source object exploit (Registry change, nothing done) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1004!=W=3 FunWeb: Settings (Registry value, nothing done) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform\FunWebProducts MagicControl.Agent: Type library (Registry key, nothing done) HKEY_CLASSES_ROOT\TypeLib\{5630B768-1C09-4105-9E03-E35985E36B0B} MagicControl.Agent: Class ID (Registry key, nothing done) HKEY_CLASSES_ROOT\CLSID\{4A6FA2EB-F381-4503-87D0-BE4CC57DEB8E} MagicControl.Agent: Interface (Registry key, nothing done) HKEY_CLASSES_ROOT\Interface\{510C3373-4842-4944-8729-0AFF6725A132} MagicControl.Agent: Root class (Registry key, nothing done) HKEY_CLASSES_ROOT\mslagent.3 MagicControl.Agent: User settings (Registry key, nothing done) HKEY_USERS\S-1-5-21-1390067357-1532298954-839522115-1004\Software\LanConfig WebTrends live: Tracking cookie (Internet Explorer: Marie Nilsson) (Cookie, nothing done) WebTrends live: Tracking cookie (Internet Explorer: Marie Nilsson) (Cookie, nothing done) WebTrends live: Tracking cookie (Internet Explorer: Marie Nilsson) (Cookie, nothing done) WebTrends live: Tracking cookie (Internet Explorer: Marie Nilsson) (Cookie, nothing done) WebTrends live: Tracking cookie (Internet Explorer: Marie Nilsson) (Cookie, nothing done) WebTrends live: Tracking cookie (Internet Explorer: Marie Nilsson) (Cookie, nothing done) WebTrends live: Tracking cookie (Internet Explorer: Marie Nilsson) (Cookie, nothing done) --- Spybot - Search && Destroy version: 1.3 --- 2004-05-12 Includes\Cookies.sbi 2004-05-12 Includes\Dialer.sbi 2004-05-12 Includes\Hijackers.sbi 2004-05-12 Includes\Keyloggers.sbi 2004-05-12 Includes\LSP.sbi 2004-05-12 Includes\Malware.sbi 2004-05-12 Includes\Revision.sbi 2004-05-12 Includes\Security.sbi 2004-05-12 Includes\Spybots.sbi 2004-05-12 Includes\Tracks.uti 2004-05-12 Includes\Trojans.sbi[/log] Här kommer en ny Nortonlogg.[log]Varning om hot Sidan 1 2004-11-04 19:29:16,Virussökare,Adware.BargainBuddy,Gick ej att ta bort,Arkiv,N/A,N/A,200410290037,10.0.1.13,Marie Nilsson,FAMILJEN-IO1FN2,",Hotkategori: ReklamprogramvaraKälla: C:/WINDOWS/System32/javexulm.vxd,Beskrivning: Den komprimerade filen C:/WINDOWS/System32/javexulm.vxd i C:\WINDOWS\system32\netut80ex.vxd är ett hot av typen Reklamprogramvara." 2004-11-04 19:29:16,Virussökare,Adware.BargainBuddy,Gick ej att ta bort,Arkiv,N/A,N/A,200410290037,10.0.1.13,Marie Nilsson,FAMILJEN-IO1FN2,",Hotkategori: ReklamprogramvaraKälla: C:/WINDOWS/System32/exul.exe,Beskrivning: Den komprimerade filen C:/WINDOWS/System32/exul.exe i C:\WINDOWS\system32\netut80ex.vxd är ett hot av typen Reklamprogramvara." 2004-11-04 19:29:16,Virussökare,Adware.BargainBuddy,Gick ej att ta bort,Arkiv,N/A,N/A,200410290037,10.0.1.13,Marie Nilsson,FAMILJEN-IO1FN2,",Hotkategori: ReklamprogramvaraKälla: C:/WINDOWS/System32/exdl.exe,Beskrivning: Den komprimerade filen C:/WINDOWS/System32/exdl.exe i C:\WINDOWS\system32\netut80ex.vxd är ett hot av typen Reklamprogramvara." 2004-11-04 19:29:16,Virussökare,Adware.BargainBuddy,Gick ej att ta bort,Arkiv,N/A,N/A,200410290037,10.0.1.13,Marie Nilsson,FAMILJEN-IO1FN2,",Hotkategori: ReklamprogramvaraKälla: C:/WINDOWS/System32/mqexdlm.srg,Beskrivning: Den komprimerade filen C:/WINDOWS/System32/mqexdlm.srg i C:\WINDOWS\system32\netut80ex.vxd är ett hot av typen Reklamprogramvara." 2004-11-04 19:29:16,Virussökare,Adware.BargainBuddy,Gick ej att ta bort,Arkiv,N/A,N/A,200410290037,10.0.1.13,Marie Nilsson,FAMILJEN-IO1FN2,",Hotkategori: ReklamprogramvaraKälla: C:\WINDOWS\system32\mqexdlm.srg,Beskrivning: Filen C:\WINDOWS\system32\mqexdlm.srg är ett hot av typen Reklamprogramvara." 2004-11-04 19:29:16,Virussökare,Adware.BargainBuddy,Gick ej att ta bort,Arkiv,N/A,N/A,200410290037,10.0.1.13,Marie Nilsson,FAMILJEN-IO1FN2,",Hotkategori: ReklamprogramvaraKälla: C:/Program/BullsEye Network/bin/bargains.exe,Beskrivning: Den komprimerade filen C:/Program/BullsEye Network/bin/bargains.exe i C:\WINDOWS\system32\mac80ex.idf är ett hot av typen Reklamprogramvara." 2004-11-04 19:29:16,Virussökare,Adware.BargainBuddy,Gick ej att ta bort,Arkiv,N/A,N/A,200410290037,10.0.1.13,Marie Nilsson,FAMILJEN-IO1FN2,",Hotkategori: ReklamprogramvaraKälla: C:\WINDOWS\system32\javexulm.vxd,Beskrivning: Filen C:\WINDOWS\system32\javexulm.vxd är ett hot av typen Reklamprogramvara." 2004-11-04 19:29:16,Virussökare,Adware.BargainBuddy,Gick ej att ta bort,Arkiv,N/A,N/A,200410290037,10.0.1.13,Marie Nilsson,FAMILJEN-IO1FN2,",Hotkategori: ReklamprogramvaraKälla: C:\WINDOWS\system32\exul3.exe,Beskrivning: Filen C:\WINDOWS\system32\exul3.exe är ett hot av typen Reklamprogramvara." 2004-11-04 19:29:16,Virussökare,Adware.BargainBuddy,Gick ej att ta bort,Arkiv,N/A,N/A,200410290037,10.0.1.13,Marie Nilsson,FAMILJEN-IO1FN2,",Hotkategori: ReklamprogramvaraKälla: C:\WINDOWS\system32\exul1.exe,Beskrivning: Filen C:\WINDOWS\system32\exul1.exe är ett hot av typen Reklamprogramvara." 2004-11-04 19:29:16,Virussökare,Adware.BargainBuddy,Gick ej att ta bort,Arkiv,N/A,N/A,200410290037,10.0.1.13,Marie Nilsson,FAMILJEN-IO1FN2,",Hotkategori: ReklamprogramvaraKälla: C:\WINDOWS\system32\exdl3.exe,Beskrivning: Filen C:\WINDOWS\system32\exdl3.exe är ett hot av typen Reklamprogramvara." 2004-11-04 19:29:16,Virussökare,Adware.BargainBuddy,Gick ej att ta bort,Arkiv,N/A,N/A,200410290037,10.0.1.13,Marie Nilsson,FAMILJEN-IO1FN2,",Hotkategori: ReklamprogramvaraKälla: C:\WINDOWS\system32\exdl2.exe,Beskrivning: Filen C:\WINDOWS\system32\exdl2.exe är ett hot av typen Reklamprogramvara." 2004-11-04 19:29:16,Virussökare,Adware.BargainBuddy,Gick ej att ta bort,Arkiv,N/A,N/A,200410290037,10.0.1.13,Marie Nilsson,FAMILJEN-IO1FN2,",Hotkategori: ReklamprogramvaraKälla: C:\WINDOWS\system32\exdl1.exe,Beskrivning: Filen C:\WINDOWS\system32\exdl1.exe är ett hot av typen Reklamprogramvara." 2004-11-04 19:29:16,Virussökare,Adware.BargainBuddy,Gick ej att ta bort,Arkiv,N/A,N/A,200410290037,10.0.1.13,Marie Nilsson,FAMILJEN-IO1FN2,",Hotkategori: ReklamprogramvaraKälla: C:\WINDOWS\system32\exdl0.exe,Beskrivning: Filen C:\WINDOWS\system32\exdl0.exe är ett hot av typen Reklamprogramvara."[/log] Har försökt att gå in i system 32, men vissa går inte att öppna, andra varnar för att ändra i filerna.
  2. Finns mappen C:\Program\MyWebSearch kvar? - Jag hittade den i papperskorgen och tog bort den därifrån. Rensade mappen C:\Documents and Settings\Marie Nilsson\Lokala inställningar\Temp\. - Jag tog bort allt iden, även mappar. Skulle jag göra det? De ligger i papperskorgen nu. Bargain Buddy hittar jag inte i kontrollpanelen. Hittar inte heller dessa: C:\Program Files\ Bargain Buddy C:\Program\ Bargain Buddy C:\Program\BullsEye Network Kört Norton i felsäkert läge, ingen skillnad. Bifogar samtliga HijackThis -loggar [log] M Logfile of HijackThis v1.98.2 Scan saved at 21:37:04, on 2004-11-01 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program\Delade filer\Symantec Shared\ccSetMgr.exe C:\Program\Delade filer\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\CTsvcCDA.exe C:\Program\Delade filer\EPSON\EBAPI\SAgent2.exe C:\Program\Norton AntiVirus\navapsvc.exe C:\WINDOWS\System32\MsPMSPSv.exe C:\Program\Norton AntiVirus\SAVScan.exe C:\WINDOWS\Explorer.EXE C:\Program\Symantec\LiveUpdate\AUpdate.exe C:\Program\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe C:\Program\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE C:\WINDOWS\System32\CTHELPER.EXE C:\WINDOWS\system32\dla\tfswctrl.exe C:\Program\Delade filer\Sonic\Update Manager\sgtray.exe C:\Program\Delade filer\Symantec Shared\ccApp.exe C:\WINDOWS\BCMSMMSG.exe C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE C:\Program\Java\j2re1.4.2_03\bin\jusched.exe C:\Program\Delade filer\Real\Update_OB\realsched.exe C:\Program\QuickTime\qttask.exe C:\Program\Winamp3\winampa.exe C:\Program\Telia\Supportassistent\bin\tgcmd.exe C:\Program\ekort\ekort.exe C:\Program\Delade filer\Symantec Shared\Security Center\UsrPrmpt.exe C:\WINDOWS\System32\ctfmon.exe C:\WINDOWS\System32\wuauclt.exe C:\Program\Creative\MediaSource\Go\CTCMSGo.exe C:\Program\Messenger\msmsgs.exe C:\Documents and Settings\Marie Nilsson\Skrivbord\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.se/0SESVSE/SAOS02 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ycomp_wave/defaults/sp/*http://www.yahoo.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://login1.telia.com/ R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ycomp_wave/defaults/su/*http://www.yahoo.com R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = "C:\Program\Outlook Express\msimn.exe" R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: e-kort Browser Helper Object - {1C900459-DEEF-4aa9-B260-1EF0F0C70A8D} - C:\WINDOWS\System32\Bhoekort.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program\google\googletoolbar1.dll O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program\Norton AntiVirus\NavShExt.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program\Norton AntiVirus\NavShExt.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program\google\googletoolbar1.dll O4 - HKLM\..\Run: [CTSysVol] C:\Program\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe O4 - HKLM\..\Run: [CTDVDDet] C:\Program\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE O4 - HKLM\..\Run: [AsioReg] REGSVR32.EXE /S CTASIO.DLL O4 - HKLM\..\Run: [updReg] C:\WINDOWS\UpdReg.EXE O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [storageGuard] "C:\Program\Delade filer\Sonic\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [ccApp] "C:\Program\Delade filer\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [bCMSMMSG] BCMSMMSG.exe O4 - HKLM\..\Run: [ATIPTA] C:\Program\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [EPSON Stylus C44 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P23 "EPSON Stylus C44 Series" /O6 "USB001" /M "Stylus C44" O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program\Java\j2re1.4.2_03\bin\jusched.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program\Delade filer\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [WinampAgent] "C:\Program\Winamp3\winampa.exe" O4 - HKLM\..\Run: [TeliaTGCMD] "C:\Program\Telia\Supportassistent\bin\tgcmd.exe" /server /startmonitor /deaf O4 - HKLM\..\Run: [ekort] C:\Program\ekort\ekort.exe /dontopenmycards O4 - HKLM\..\Run: [sSC_UserPrompt] C:\Program\Delade filer\Symantec Shared\Security Center\UsrPrmpt.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [Creative MediaSource Go] C:\Program\Creative\MediaSource\Go\CTCMSGo.exe /SCB O8 - Extra context menu item: &Google Search - res://c:\program\google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: Backward Links - res://c:\program\google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program\google\GoogleToolbar1.dll/cmcache.html O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Similar Pages - res://c:\program\google\GoogleToolbar1.dll/cmsimilar.html O8 - Extra context menu item: Translate into English - res://c:\program\google\GoogleToolbar1.dll/cmtrans.html O9 - Extra button: e-kort - {4C730913-3961-439b-83D5-F4E445520422} - C:\Program\ekort\ekort.exe O9 - Extra button: Referensinformation - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\MSMSGS.EXE O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\MSMSGS.EXE O16 - DPF: {0990D180-4226-4530-9777-AB82315505B9} (Installer Class) - http://www.foreningssparbanken.se/betala/ekort/oinstall.cab'>http://www.foreningssparbanken.se/betala/ekort/oinstall.cab'>http://www.foreningssparbanken.se/betala/ekort/oinstall.cab'>http://www.foreningssparbanken.se/betala/ekort/oinstall.cab'>http://www.foreningssparbanken.se/betala/ekort/oinstall.cab O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab28578.cab'>http://messenger.zone.msn.com/binary/MineSweeper.cab28578.cab'>http://messenger.zone.msn.com/binary/MineSweeper.cab28578.cab'>http://messenger.zone.msn.com/binary/MineSweeper.cab28578.cab'>http://messenger.zone.msn.com/binary/MineSweeper.cab28578.cab O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab'>http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab'>http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab'>http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab'>http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/20040427/qtinstall.info.apple.com/saba/us/win/QuickTimeInstaller.exe'>http://a1540.g.akamai.net/7/1540/52/20040427/qtinstall.info.apple.com/saba/us/win/QuickTimeInstaller.exe'>http://a1540.g.akamai.net/7/1540/52/20040427/qtinstall.info.apple.com/saba/us/win/QuickTimeInstaller.exe'>http://a1540.g.akamai.net/7/1540/52/20040427/qtinstall.info.apple.com/saba/us/win/QuickTimeInstaller.exe'>http://a1540.g.akamai.net/7/1540/52/20040427/qtinstall.info.apple.com/saba/us/win/QuickTimeInstaller.exe O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab'>http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab'>http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab'>http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab'>http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab'>http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab'>http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab'>http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab'>http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab28578.cab'>http://messenger.zone.msn.com/binary/MessengerStatsClient.cab28578.cab'>http://messenger.zone.msn.com/binary/MessengerStatsClient.cab28578.cab'>http://messenger.zone.msn.com/binary/MessengerStatsClient.cab28578.cab'>http://messenger.zone.msn.com/binary/MessengerStatsClient.cab28578.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab'>http://www.pandasoftware.com/activescan/as5/asinst.cab'>http://www.pandasoftware.com/activescan/as5/asinst.cab'>http://www.pandasoftware.com/activescan/as5/asinst.cab'>http://www.pandasoftware.com/activescan/as5/asinst.cab O16 - DPF: {CA034DCC-A580-4333-B52F-15F98C42E04C} (Downloader Class) - http://www.stopzilla.com/_download/Auto_Installer/dwnldr.cab'>http://www.stopzilla.com/_download/Auto_Installer/dwnldr.cab'>http://www.stopzilla.com/_download/Auto_Installer/dwnldr.cab'>http://www.stopzilla.com/_download/Auto_Installer/dwnldr.cab Ad2 Logfile of HijackThis v1.98.2 Scan saved at 21:27:08, on 2004-11-01 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program\Delade filer\Symantec Shared\ccSetMgr.exe C:\Program\Delade filer\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\CTsvcCDA.exe C:\Program\Delade filer\EPSON\EBAPI\SAgent2.exe C:\Program\Norton AntiVirus\navapsvc.exe C:\WINDOWS\System32\MsPMSPSv.exe C:\Program\Norton AntiVirus\SAVScan.exe C:\WINDOWS\System32\wuauclt.exe C:\WINDOWS\Explorer.EXE C:\Program\Symantec\LiveUpdate\AUpdate.exe C:\Program\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe C:\Program\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE C:\WINDOWS\System32\CTHELPER.EXE C:\WINDOWS\system32\dla\tfswctrl.exe C:\Program\Delade filer\Sonic\Update Manager\sgtray.exe C:\Program\Delade filer\Symantec Shared\ccApp.exe C:\WINDOWS\BCMSMMSG.exe C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE C:\Program\Java\j2re1.4.2_03\bin\jusched.exe C:\Program\Delade filer\Real\Update_OB\realsched.exe C:\Program\QuickTime\qttask.exe C:\Program\Winamp3\winampa.exe C:\Program\Telia\Supportassistent\bin\tgcmd.exe C:\Program\ekort\ekort.exe C:\Program\Delade filer\Symantec Shared\Security Center\UsrPrmpt.exe C:\WINDOWS\System32\ctfmon.exe C:\Program\MSN Messenger\msnmsgr.exe C:\WINDOWS\System32\wuauclt.exe C:\Program\Messenger\msmsgs.exe C:\HjT\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: e-kort Browser Helper Object - {1C900459-DEEF-4aa9-B260-1EF0F0C70A8D} - C:\WINDOWS\System32\Bhoekort.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program\google\googletoolbar1.dll O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program\Norton AntiVirus\NavShExt.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program\Norton AntiVirus\NavShExt.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program\google\googletoolbar1.dll O4 - HKLM\..\Run: [CTSysVol] C:\Program\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe O4 - HKLM\..\Run: [CTDVDDet] C:\Program\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE O4 - HKLM\..\Run: [AsioReg] REGSVR32.EXE /S CTASIO.DLL O4 - HKLM\..\Run: [updReg] C:\WINDOWS\UpdReg.EXE O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [storageGuard] "C:\Program\Delade filer\Sonic\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [ccApp] "C:\Program\Delade filer\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [bCMSMMSG] BCMSMMSG.exe O4 - HKLM\..\Run: [ATIPTA] C:\Program\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [EPSON Stylus C44 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P23 "EPSON Stylus C44 Series" /O6 "USB001" /M "Stylus C44" O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program\Java\j2re1.4.2_03\bin\jusched.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program\Delade filer\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [WinampAgent] "C:\Program\Winamp3\winampa.exe" O4 - HKLM\..\Run: [TeliaTGCMD] "C:\Program\Telia\Supportassistent\bin\tgcmd.exe" /server /startmonitor /deaf O4 - HKLM\..\Run: [ekort] C:\Program\ekort\ekort.exe /dontopenmycards O4 - HKLM\..\Run: [sSC_UserPrompt] C:\Program\Delade filer\Symantec Shared\Security Center\UsrPrmpt.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program\MSN Messenger\msnmsgr.exe" /background O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: e-kort - {4C730913-3961-439b-83D5-F4E445520422} - C:\Program\ekort\ekort.exe O9 - Extra button: Referensinformation - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\MSMSGS.EXE O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\MSMSGS.EXE O16 - DPF: {0990D180-4226-4530-9777-AB82315505B9} (Installer Class) - http://www.foreningssparbanken.se/betala/ekort/oinstall.cab O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab28578.cab O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/20040427/qtinstall.info.apple.com/saba/us/win/QuickTimeInstaller.exe O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab28578.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab O16 - DPF: {CA034DCC-A580-4333-B52F-15F98C42E04C} (Downloader Class) - http://www.stopzilla.com/_download/Auto_Installer/dwnldr.cab As Logfile of HijackThis v1.98.2 Scan saved at 21:33:42, on 2004-11-01 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program\Delade filer\Symantec Shared\ccSetMgr.exe C:\Program\Delade filer\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\CTsvcCDA.exe C:\Program\Delade filer\EPSON\EBAPI\SAgent2.exe C:\Program\Norton AntiVirus\navapsvc.exe C:\WINDOWS\System32\MsPMSPSv.exe C:\Program\Norton AntiVirus\SAVScan.exe C:\WINDOWS\Explorer.EXE C:\Program\Symantec\LiveUpdate\AUpdate.exe C:\Program\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe C:\Program\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE C:\WINDOWS\System32\CTHELPER.EXE C:\WINDOWS\system32\dla\tfswctrl.exe C:\Program\Delade filer\Sonic\Update Manager\sgtray.exe C:\Program\Delade filer\Symantec Shared\ccApp.exe C:\WINDOWS\BCMSMMSG.exe C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE C:\Program\Java\j2re1.4.2_03\bin\jusched.exe C:\Program\Delade filer\Real\Update_OB\realsched.exe C:\Program\QuickTime\qttask.exe C:\Program\Winamp3\winampa.exe C:\Program\Telia\Supportassistent\bin\tgcmd.exe C:\Program\ekort\ekort.exe C:\Program\Delade filer\Symantec Shared\Security Center\UsrPrmpt.exe C:\WINDOWS\System32\ctfmon.exe C:\Program\MSN Messenger\msnmsgr.exe C:\WINDOWS\System32\wuauclt.exe C:\Program\Messenger\msmsgs.exe C:\HjT\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: e-kort Browser Helper Object - {1C900459-DEEF-4aa9-B260-1EF0F0C70A8D} - C:\WINDOWS\System32\Bhoekort.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program\google\googletoolbar1.dll O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program\Norton AntiVirus\NavShExt.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program\Norton AntiVirus\NavShExt.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program\google\googletoolbar1.dll O4 - HKLM\..\Run: [CTSysVol] C:\Program\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe O4 - HKLM\..\Run: [CTDVDDet] C:\Program\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE O4 - HKLM\..\Run: [AsioReg] REGSVR32.EXE /S CTASIO.DLL O4 - HKLM\..\Run: [updReg] C:\WINDOWS\UpdReg.EXE O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [storageGuard] "C:\Program\Delade filer\Sonic\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [ccApp] "C:\Program\Delade filer\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [bCMSMMSG] BCMSMMSG.exe O4 - HKLM\..\Run: [ATIPTA] C:\Program\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [EPSON Stylus C44 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P23 "EPSON Stylus C44 Series" /O6 "USB001" /M "Stylus C44" O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program\Java\j2re1.4.2_03\bin\jusched.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program\Delade filer\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [WinampAgent] "C:\Program\Winamp3\winampa.exe" O4 - HKLM\..\Run: [TeliaTGCMD] "C:\Program\Telia\Supportassistent\bin\tgcmd.exe" /server /startmonitor /deaf O4 - HKLM\..\Run: [ekort] C:\Program\ekort\ekort.exe /dontopenmycards O4 - HKLM\..\Run: [sSC_UserPrompt] C:\Program\Delade filer\Symantec Shared\Security Center\UsrPrmpt.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\Run: [sB Audigy 2 Startup Menu] /L:ENG O4 - HKCU\..\Run: [msnmsgr] "C:\Program\MSN Messenger\msnmsgr.exe" /background O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZCxdm127'>http://bar.mywebsearch.com/menusearch.html?p=ZCxdm127 O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: e-kort - {4C730913-3961-439b-83D5-F4E445520422} - C:\Program\ekort\ekort.exe O9 - Extra button: Referensinformation - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\MSMSGS.EXE O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\MSMSGS.EXE O16 - DPF: {0990D180-4226-4530-9777-AB82315505B9} (Installer Class) - http://www.foreningssparbanken.se/betala/ekort/oinstall.cab O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab28578.cab O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/20040427/qtinstall.info.apple.com/saba/us/win/QuickTimeInstaller.exe O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab28578.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab O16 - DPF: {CA034DCC-A580-4333-B52F-15F98C42E04C} (Downloader Class) - http://www.stopzilla.com/_download/Auto_Installer/dwnldr.cab L Logfile of HijackThis v1.98.2 Scan saved at 21:26:01, on 2004-11-01 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program\Delade filer\Symantec Shared\ccSetMgr.exe C:\Program\Delade filer\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\CTsvcCDA.exe C:\Program\Delade filer\EPSON\EBAPI\SAgent2.exe C:\Program\Norton AntiVirus\navapsvc.exe C:\WINDOWS\System32\MsPMSPSv.exe C:\Program\Norton AntiVirus\SAVScan.exe C:\WINDOWS\Explorer.EXE C:\Program\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe C:\Program\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE C:\WINDOWS\System32\CTHELPER.EXE C:\WINDOWS\system32\dla\tfswctrl.exe C:\Program\Delade filer\Sonic\Update Manager\sgtray.exe C:\Program\Delade filer\Symantec Shared\ccApp.exe C:\WINDOWS\BCMSMMSG.exe C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE C:\Program\Java\j2re1.4.2_03\bin\jusched.exe C:\Program\Delade filer\Real\Update_OB\realsched.exe C:\Program\QuickTime\qttask.exe C:\Program\Winamp3\winampa.exe C:\Program\Telia\Supportassistent\bin\tgcmd.exe C:\Program\ekort\ekort.exe C:\Program\Delade filer\Symantec Shared\Security Center\UsrPrmpt.exe C:\WINDOWS\System32\ctfmon.exe C:\Program\Messenger\msmsgs.exe C:\WINDOWS\System32\wuauclt.exe C:\HjT\HijackThis.exe C:\WINDOWS\System32\wuauclt.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: e-kort Browser Helper Object - {1C900459-DEEF-4aa9-B260-1EF0F0C70A8D} - C:\WINDOWS\System32\Bhoekort.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program\google\googletoolbar1.dll O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program\Norton AntiVirus\NavShExt.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program\Norton AntiVirus\NavShExt.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program\google\googletoolbar1.dll O4 - HKLM\..\Run: [CTSysVol] C:\Program\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe O4 - HKLM\..\Run: [CTDVDDet] C:\Program\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE O4 - HKLM\..\Run: [AsioReg] REGSVR32.EXE /S CTASIO.DLL O4 - HKLM\..\Run: [updReg] C:\WINDOWS\UpdReg.EXE O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [storageGuard] "C:\Program\Delade filer\Sonic\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [ccApp] "C:\Program\Delade filer\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [bCMSMMSG] BCMSMMSG.exe O4 - HKLM\..\Run: [ATIPTA] C:\Program\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [EPSON Stylus C44 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P23 "EPSON Stylus C44 Series" /O6 "USB001" /M "Stylus C44" O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program\Java\j2re1.4.2_03\bin\jusched.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program\Delade filer\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [WinampAgent] "C:\Program\Winamp3\winampa.exe" O4 - HKLM\..\Run: [TeliaTGCMD] "C:\Program\Telia\Supportassistent\bin\tgcmd.exe" /server /startmonitor /deaf O4 - HKLM\..\Run: [ekort] C:\Program\ekort\ekort.exe /dontopenmycards O4 - HKLM\..\Run: [sSC_UserPrompt] C:\Program\Delade filer\Symantec Shared\Security Center\UsrPrmpt.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program\Messenger\msmsgs.exe" /background O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: e-kort - {4C730913-3961-439b-83D5-F4E445520422} - C:\Program\ekort\ekort.exe O9 - Extra button: Referensinformation - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\MSMSGS.EXE O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\MSMSGS.EXE O16 - DPF: {0990D180-4226-4530-9777-AB82315505B9} (Installer Class) - http://www.foreningssparbanken.se/betala/ekort/oinstall.cab O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab28578.cab O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/20040427/qtinstall.info.apple.com/saba/us/win/QuickTimeInstaller.exe O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab28578.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab O16 - DPF: {CA034DCC-A580-4333-B52F-15F98C42E04C} (Downloader Class) - http://www.stopzilla.com/_download/Auto_Installer/dwnldr.cab N Logfile of HijackThis v1.98.2 Scan saved at 21:35:01, on 2004-11-01 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program\Delade filer\Symantec Shared\ccSetMgr.exe C:\Program\Delade filer\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\CTsvcCDA.exe C:\Program\Delade filer\EPSON\EBAPI\SAgent2.exe C:\Program\Norton AntiVirus\navapsvc.exe C:\WINDOWS\System32\MsPMSPSv.exe C:\Program\Norton AntiVirus\SAVScan.exe C:\Program\Symantec\LiveUpdate\AUpdate.exe C:\WINDOWS\Explorer.EXE C:\Program\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe C:\Program\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE C:\WINDOWS\System32\CTHELPER.EXE C:\WINDOWS\system32\dla\tfswctrl.exe C:\Program\Delade filer\Sonic\Update Manager\sgtray.exe C:\Program\Delade filer\Symantec Shared\ccApp.exe C:\WINDOWS\BCMSMMSG.exe C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE C:\Program\Java\j2re1.4.2_03\bin\jusched.exe C:\Program\Delade filer\Real\Update_OB\realsched.exe C:\Program\QuickTime\qttask.exe C:\Program\Winamp3\winampa.exe C:\Program\Telia\Supportassistent\bin\tgcmd.exe C:\Program\ekort\ekort.exe C:\Program\Delade filer\Symantec Shared\Security Center\UsrPrmpt.exe C:\WINDOWS\System32\ctfmon.exe C:\Program\Messenger\msmsgs.exe C:\WINDOWS\System32\wuauclt.exe C:\HjT\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: e-kort Browser Helper Object - {1C900459-DEEF-4aa9-B260-1EF0F0C70A8D} - C:\WINDOWS\System32\Bhoekort.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program\google\googletoolbar1.dll O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program\Norton AntiVirus\NavShExt.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program\Norton AntiVirus\NavShExt.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program\google\googletoolbar1.dll O4 - HKLM\..\Run: [CTSysVol] C:\Program\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe O4 - HKLM\..\Run: [CTDVDDet] C:\Program\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE O4 - HKLM\..\Run: [AsioReg] REGSVR32.EXE /S CTASIO.DLL O4 - HKLM\..\Run: [updReg] C:\WINDOWS\UpdReg.EXE O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [storageGuard] "C:\Program\Delade filer\Sonic\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [ccApp] "C:\Program\Delade filer\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [bCMSMMSG] BCMSMMSG.exe O4 - HKLM\..\Run: [ATIPTA] C:\Program\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [EPSON Stylus C44 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P23 "EPSON Stylus C44 Series" /O6 "USB001" /M "Stylus C44" O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program\Java\j2re1.4.2_03\bin\jusched.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program\Delade filer\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [WinampAgent] "C:\Program\Winamp3\winampa.exe" O4 - HKLM\..\Run: [TeliaTGCMD] "C:\Program\Telia\Supportassistent\bin\tgcmd.exe" /server /startmonitor /deaf O4 - HKLM\..\Run: [ekort] C:\Program\ekort\ekort.exe /dontopenmycards O4 - HKLM\..\Run: [sSC_UserPrompt] C:\Program\Delade filer\Symantec Shared\Security Center\UsrPrmpt.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program\MSN Messenger\MsnMsgr.Exe" /background O8 - Extra context menu item: &Google Search - res://c:\program\google\GoogleToolbar2.dll/cmsearch.html O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZCxdm127 O8 - Extra context menu item: Backward Links - res://c:\program\google\GoogleToolbar2.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program\google\GoogleToolbar2.dll/cmcache.html O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Similar Pages - res://c:\program\google\GoogleToolbar2.dll/cmsimilar.html O8 - Extra context menu item: Translate into English - res://c:\program\google\GoogleToolbar2.dll/cmtrans.html O9 - Extra button: e-kort - {4C730913-3961-439b-83D5-F4E445520422} - C:\Program\ekort\ekort.exe O9 - Extra button: Referensinformation - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\MSMSGS.EXE O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\MSMSGS.EXE O16 - DPF: {0990D180-4226-4530-9777-AB82315505B9} (Installer Class) - http://www.foreningssparbanken.se/betala/ekort/oinstall.cab O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab28578.cab O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/20040427/qtinstall.info.apple.com/saba/us/win/QuickTimeInstaller.exe O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab28578.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab O16 - DPF: {CA034DCC-A580-4333-B52F-15F98C42E04C} (Downloader Class) - [/log] En liten fråga till: När jag loggade in på ett av mina barns konton så öppnas ett fönster med namnet system 32, man ser alla mappar i denna. Det verkar inte bra. Kan man ändra det? Hon säger att det alltid gör så när hon loggar in. Annars får jag säga attt det verkar bli bättre hela tiden, nu är det lugnare när man ansluter till internet:) Ska jag gå in och ändra tillbaka i Den här datorn -Verktyg - Mappalternativ - Visning... osv?
  3. [log] Incident Status Location Virus:Exploit/MS04-028.gen Renamed C:\Documents and Settings\Leif Nilsson\Lokala inställningar\Temporary Internet Files\Content.IE5\3DZM8WYO\profilesm[23]_jpg.vir Virus:Exploit/MS04-028.gen Renamed C:\Documents and Settings\Leif Nilsson\Lokala inställningar\Temporary Internet Files\Content.IE5\H82P4UVG\profilesm[13]_jpg.vir Logfile of HijackThis v1.98.2 Scan saved at 22:25:34, on 2004-10-29 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program\Delade filer\Symantec Shared\ccSetMgr.exe C:\Program\Delade filer\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\CTsvcCDA.exe C:\Program\Delade filer\EPSON\EBAPI\SAgent2.exe C:\Program\Norton AntiVirus\navapsvc.exe C:\WINDOWS\System32\MsPMSPSv.exe C:\Program\Norton AntiVirus\SAVScan.exe C:\WINDOWS\Explorer.EXE C:\Program\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe C:\Program\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE C:\WINDOWS\System32\CTHELPER.EXE C:\WINDOWS\system32\dla\tfswctrl.exe C:\Program\Delade filer\Symantec Shared\ccApp.exe C:\WINDOWS\BCMSMMSG.exe C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE C:\Program\Java\j2re1.4.2_03\bin\jusched.exe C:\Program\Delade filer\Real\Update_OB\realsched.exe C:\Program\QuickTime\qttask.exe C:\Program\Winamp3\winampa.exe C:\Program\Telia\Supportassistent\bin\tgcmd.exe C:\Program\ekort\ekort.exe C:\WINDOWS\System32\ctfmon.exe C:\WINDOWS\System32\wuauclt.exe C:\Program\Internet Explorer\iexplore.exe C:\WINDOWS\System32\svchost.exe C:\HjT\HijackThis.exe C:\Program\Messenger\msmsgs.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.se/0SESVSE/SAOS02 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ycomp_wave/defaults/sp/*http://www.yahoo.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://login1.telia.com/ R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ycomp_wave/defaults/su/*http://www.yahoo.com R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = "C:\Program\Outlook Express\msimn.exe" R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: e-kort Browser Helper Object - {1C900459-DEEF-4aa9-B260-1EF0F0C70A8D} - C:\WINDOWS\System32\Bhoekort.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program\google\googletoolbar1.dll O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program\Norton AntiVirus\NavShExt.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program\Norton AntiVirus\NavShExt.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program\google\googletoolbar1.dll O4 - HKLM\..\Run: [CTSysVol] C:\Program\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe O4 - HKLM\..\Run: [CTDVDDet] C:\Program\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE O4 - HKLM\..\Run: [AsioReg] REGSVR32.EXE /S CTASIO.DLL O4 - HKLM\..\Run: [updReg] C:\WINDOWS\UpdReg.EXE O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [storageGuard] "C:\Program\Delade filer\Sonic\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [ccApp] "C:\Program\Delade filer\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [bCMSMMSG] BCMSMMSG.exe O4 - HKLM\..\Run: [ATIPTA] C:\Program\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [EPSON Stylus C44 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P23 "EPSON Stylus C44 Series" /O6 "USB001" /M "Stylus C44" O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program\Java\j2re1.4.2_03\bin\jusched.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program\Delade filer\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [WinampAgent] "C:\Program\Winamp3\winampa.exe" O4 - HKLM\..\Run: [TeliaTGCMD] "C:\Program\Telia\Supportassistent\bin\tgcmd.exe" /server /startmonitor /deaf O4 - HKLM\..\Run: [ekort] C:\Program\ekort\ekort.exe /dontopenmycards O4 - HKLM\..\Run: [sSC_UserPrompt] C:\Program\Delade filer\Symantec Shared\Security Center\UsrPrmpt.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program\MSN Messenger\msnmsgr.exe" /background O8 - Extra context menu item: &Google Search - res://c:\program\google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: Backward Links - res://c:\program\google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program\google\GoogleToolbar1.dll/cmcache.html O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Similar Pages - res://c:\program\google\GoogleToolbar1.dll/cmsimilar.html O8 - Extra context menu item: Translate into English - res://c:\program\google\GoogleToolbar1.dll/cmtrans.html O9 - Extra button: e-kort - {4C730913-3961-439b-83D5-F4E445520422} - C:\Program\ekort\ekort.exe O9 - Extra button: Referensinformation - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\MSMSGS.EXE O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\MSMSGS.EXE O16 - DPF: {0990D180-4226-4530-9777-AB82315505B9} (Installer Class) - http://www.foreningssparbanken.se/betala/ekort/oinstall.cab O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab28578.cab O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/20040427/qtinstall.info.apple.com/saba/us/win/QuickTimeInstaller.exe O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab28578.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab O16 - DPF: {CA034DCC-A580-4333-B52F-15F98C42E04C} (Downloader Class) - http://www.stopzilla.com/_download/Auto_Installer/dwnldr.cab Kategori: Varning om hot Datum,Funktion,Hot,Åtgärd vidtagen,Objekttyp,Mål,Misstänkt åtgärd,Virusdefinitionsversion,Produktversion,Användarnamn,Datornamn,Information 2004-10-29 21:34:24,Virussökare,Adware.BargainBuddy,Gick ej att ta bort,Arkiv,N/A,N/A,200410290007,10.0.1.13,Marie Nilsson,FAMILJEN-IO1FN2,",Hotkategori: ReklamprogramvaraKälla: C:/WINDOWS/System32/exdl.exe,Beskrivning: Den komprimerade filen C:/WINDOWS/System32/exdl.exe i C:\WINDOWS\system32\netut80ex.vxd är ett hot av typen Reklamprogramvara." 2004-10-29 21:34:24,Virussökare,Adware.InstantAccess,Gick ej att ta bort,Arkiv,N/A,N/A,200410290007,10.0.1.13,Marie Nilsson,FAMILJEN-IO1FN2,",Hotkategori: ReklamprogramvaraKälla: C:\HjT\backups\backup-20041029-203851-463.dll,Beskrivning: Filen C:\HjT\backups\backup-20041029-203851-463.dll är ett hot av typen Reklamprogramvara." 2004-10-29 21:34:24,Virussökare,Adware.BargainBuddy,Gick ej att ta bort,Arkiv,N/A,N/A,200410290007,10.0.1.13,Marie Nilsson,FAMILJEN-IO1FN2,",Hotkategori: ReklamprogramvaraKälla: C:/WINDOWS/System32/javexulm.vxd,Beskrivning: Den komprimerade filen C:/WINDOWS/System32/javexulm.vxd i C:\WINDOWS\system32\netut80ex.vxd är ett hot av typen Reklamprogramvara." 2004-10-29 21:34:24,Virussökare,Adware.BargainBuddy,Gick ej att ta bort,Arkiv,N/A,N/A,200410290007,10.0.1.13,Marie Nilsson,FAMILJEN-IO1FN2,",Hotkategori: ReklamprogramvaraKälla: C:/WINDOWS/System32/exul.exe,Beskrivning: Den komprimerade filen C:/WINDOWS/System32/exul.exe i C:\WINDOWS\system32\netut80ex.vxd är ett hot av typen Reklamprogramvara." 2004-10-29 21:34:24,Virussökare,Adware.BargainBuddy,Gick ej att ta bort,Arkiv,N/A,N/A,200410290007,10.0.1.13,Marie Nilsson,FAMILJEN-IO1FN2,",Hotkategori: ReklamprogramvaraKälla: C:/WINDOWS/System32/mqexdlm.srg,Beskrivning: Den komprimerade filen C:/WINDOWS/System32/mqexdlm.srg i C:\WINDOWS\system32\netut80ex.vxd är ett hot av typen Reklamprogramvara." 2004-10-29 21:34:24,Virussökare,Adware.BargainBuddy,Gick ej att ta bort,Arkiv,N/A,N/A,200410290007,10.0.1.13,Marie Nilsson,FAMILJEN-IO1FN2,",Hotkategori: ReklamprogramvaraKälla: C:\WINDOWS\system32\exul3.exe,Beskrivning: Filen C:\WINDOWS\system32\exul3.exe är ett hot av typen Reklamprogramvara." 2004-10-29 21:34:24,Virussökare,Adware.BargainBuddy,Gick ej att ta bort,Arkiv,N/A,N/A,200410290007,10.0.1.13,Marie Nilsson,FAMILJEN-IO1FN2,",Hotkategori: ReklamprogramvaraKälla: C:\WINDOWS\system32\mqexdlm.srg,Beskrivning: Filen C:\WINDOWS\system32\mqexdlm.srg är ett hot av typen Reklamprogramvara." 2004-10-29 21:34:24,Virussökare,Adware.BargainBuddy,Gick ej att ta bort,Arkiv,N/A,N/A,200410290007,10.0.1.13,Marie Nilsson,FAMILJEN-IO1FN2,",Hotkategori: ReklamprogramvaraKälla: C:/Program/BullsEye Network/bin/bargains.exe,Beskrivning: Den komprimerade filen C:/Program/BullsEye Network/bin/bargains.exe i C:\WINDOWS\system32\mac80ex.idf är ett hot av typen Reklamprogramvara." 2004-10-29 21:34:24,Virussökare,Adware.BargainBuddy,Gick ej att ta bort,Arkiv,N/A,N/A,200410290007,10.0.1.13,Marie Nilsson,FAMILJEN-IO1FN2,",Hotkategori: ReklamprogramvaraKälla: C:\WINDOWS\system32\exdl3.exe,Beskrivning: Filen C:\WINDOWS\system32\exdl3.exe är ett hot av typen Reklamprogramvara." 2004-10-29 21:34:24,Virussökare,Adware.BargainBuddy,Gick ej att ta bort,Arkiv,N/A,N/A,200410290007,10.0.1.13,Marie Nilsson,FAMILJEN-IO1FN2,",Hotkategori: ReklamprogramvaraKälla: C:\WINDOWS\system32\javexulm.vxd,Beskrivning: Filen C:\WINDOWS\system32\javexulm.vxd är ett hot av typen Reklamprogramvara." 2004-10-29 21:34:24,Virussökare,Adware.Slagent,Gick ej att ta bort,Arkiv,N/A,N/A,200410290007,10.0.1.13,Marie Nilsson,FAMILJEN-IO1FN2,",Hotkategori: ReklamprogramvaraKälla: C:\Documents and Settings\Marie Nilsson\Lokala inställningar\Temp\temp.fr82F7\8_1,0,0,2_mslagent.dll,Beskrivning: Filen C:\Documents and Settings\Marie Nilsson\Lokala inställningar\Temp\temp.fr82F7\8_1,0,0,2_mslagent.dll är ett hot av typen Reklamprogramvara." 2004-10-29 21:34:24,Virussökare,Adware.BargainBuddy,Gick ej att ta bort,Arkiv,N/A,N/A,200410290007,10.0.1.13,Marie Nilsson,FAMILJEN-IO1FN2,",Hotkategori: ReklamprogramvaraKälla: C:\WINDOWS\system32\exul1.exe,Beskrivning: Filen C:\WINDOWS\system32\exul1.exe är ett hot av typen Reklamprogramvara." 2004-10-29 21:34:24,Virussökare,Adware.BargainBuddy,Gick ej att ta bort,Arkiv,N/A,N/A,200410290007,10.0.1.13,Marie Nilsson,FAMILJEN-IO1FN2,",Hotkategori: ReklamprogramvaraKälla: C:\WINDOWS\system32\exdl0.exe,Beskrivning: Filen C:\WINDOWS\system32\exdl0.exe är ett hot av typen Reklamprogramvara." 2004-10-29 21:34:24,Virussökare,Adware.BargainBuddy,Gick ej att ta bort,Arkiv,N/A,N/A,200410290007,10.0.1.13,Marie Nilsson,FAMILJEN-IO1FN2,",Hotkategori: ReklamprogramvaraKälla: C:\WINDOWS\system32\exdl1.exe,Beskrivning: Filen C:\WINDOWS\system32\exdl1.exe är ett hot av typen Reklamprogramvara." 2004-10-29 21:34:24,Virussökare,Adware.BargainBuddy,Gick ej att ta bort,Arkiv,N/A,N/A,200410290007,10.0.1.13,Marie Nilsson,FAMILJEN-IO1FN2,",Hotkategori: ReklamprogramvaraKälla: C:\WINDOWS\system32\exdl2.exe,Beskrivning: Filen C:\WINDOWS\system32\exdl2.exe är ett hot av typen Reklamprogramvara." 2004-10-28 21:39:42,Virussökare,Adware.BargainBuddy,Gick ej att ta bort,Arkiv,N/A,N/A,200410270018,10.0.1.13,Marie Nilsson,FAMILJEN-IO1FN2,",Hotkategori: ReklamprogramvaraKälla: C:\WINDOWS\system32\exdl1.exe,Beskrivning: Filen C:\WINDOWS\system32\exdl1.exe är ett hot av typen Reklamprogramvara." 2004-10-28 21:39:42,Virussökare,Adware.Slagent,Gick ej att ta bort,Arkiv,N/A,N/A,200410270018,10.0.1.13,Marie Nilsson,FAMILJEN-IO1FN2,",Hotkategori: ReklamprogramvaraKälla: C:\Documents and Settings\Marie Nilsson\Lokala inställningar\Temp\temp.fr82F7\8_1,0,0,2_mslagent.dll,Beskrivning: Filen C:\Documents and Settings\Marie Nilsson\Lokala inställningar\Temp\temp.fr82F7\8_1,0,0,2_mslagent.dll är ett hot av typen Reklamprogramvara." 2004-10-28 21:39:42,Virussökare,Adware.BargainBuddy,Gick ej att ta bort,Arkiv,N/A,N/A,200410270018,10.0.1.13,Marie Nilsson,FAMILJEN-IO1FN2,",Hotkategori: ReklamprogramvaraKälla: C:/WINDOWS/System32/javexulm.vxd,Beskrivning: Den komprimerade filen C:/WINDOWS/System32/javexulm.vxd i C:\WINDOWS\system32\netut80ex.vxd är ett hot av typen Reklamprogramvara." 2004-10-28 21:39:42,Virussökare,Adware.BargainBuddy,Gick ej att ta bort,Arkiv,N/A,N/A,200410270018,10.0.1.13,Marie Nilsson,FAMILJEN-IO1FN2,",Hotkategori: ReklamprogramvaraKälla: C:/WINDOWS/System32/exul.exe,Beskrivning: Den komprimerade filen C:/WINDOWS/System32/exul.exe i C:\WINDOWS\system32\netut80ex.vxd är ett hot av typen Reklamprogramvara." 2004-10-28 21:39:42,Virussökare,Adware.BargainBuddy,Gick ej att ta bort,Arkiv,N/A,N/A,200410270018,10.0.1.13,Marie Nilsson,FAMILJEN-IO1FN2,",Hotkategori: ReklamprogramvaraKälla: C:/WINDOWS/System32/mqexdlm.srg,Beskrivning: Den komprimerade filen C:/WINDOWS/System32/mqexdlm.srg i C:\WINDOWS\system32\netut80ex.vxd är ett hot av typen Reklamprogramvara." 2004-10-28 21:39:42,Virussökare,Adware.BargainBuddy,Gick ej att ta bort,Arkiv,N/A,N/A,200410270018,10.0.1.13,Marie Nilsson,FAMILJEN-IO1FN2,",Hotkategori: ReklamprogramvaraKälla: C:/WINDOWS/System32/exdl.exe,Beskrivning: Den komprimerade filen C:/WINDOWS/System32/exdl.exe i C:\WINDOWS\system32\netut80ex.vxd är ett hot av typen Reklamprogramvara." 2004-10-28 21:39:42,Virussökare,Adware.BargainBuddy,Gick ej att ta bort,Arkiv,N/A,N/A,200410270018,10.0.1.13,Marie Nilsson,FAMILJEN-IO1FN2,",Hotkategori: ReklamprogramvaraKälla: C:\WINDOWS\system32\mqexdlm.srg,Beskrivning: Filen C:\WINDOWS\system32\mqexdlm.srg är ett hot av typen Reklamprogramvara." 2004-10-28 21:39:42,Virussökare,Adware.BargainBuddy,Gick ej att ta bort,Arkiv,N/A,N/A,200410270018,10.0.1.13,Marie Nilsson,FAMILJEN-IO1FN2,",Hotkategori: ReklamprogramvaraKälla: C:/Program/BullsEye Network/bin/bargains.exe,Beskrivning: Den komprimerade filen C:/Program/BullsEye Network/bin/bargains.exe i C:\WINDOWS\system32\mac80ex.idf är ett hot av typen Reklamprogramvara." 2004-10-28 21:39:42,Virussökare,Adware.InstantAccess,Gick ej att ta bort,Arkiv,N/A,N/A,200410270018,10.0.1.13,Marie Nilsson,FAMILJEN-IO1FN2,",Hotkategori: ReklamprogramvaraKälla: C:\WINDOWS\system32\LiveService_5.dll,Beskrivning: Filen C:\WINDOWS\system32\LiveService_5.dll är ett hot av typen Reklamprogramvara." 2004-10-28 21:39:42,Virussökare,Adware.BargainBuddy,Gick ej att ta bort,Arkiv,N/A,N/A,200410270018,10.0.1.13,Marie Nilsson,FAMILJEN-IO1FN2,",Hotkategori: ReklamprogramvaraKälla: C:\WINDOWS\system32\javexulm.vxd,Beskrivning: Filen C:\WINDOWS\system32\javexulm.vxd är ett hot av typen Reklamprogramvara." 2004-10-28 21:39:42,Virussökare,Adware.BargainBuddy,Gick ej att ta bort,Arkiv,N/A,N/A,200410270018,10.0.1.13,Marie Nilsson,FAMILJEN-IO1FN2,",Hotkategori: ReklamprogramvaraKälla: C:\WINDOWS\system32\exul3.exe,Beskrivning: Filen C:\WINDOWS\system32\exul3.exe är ett hot av typen Reklamprogramvara." 2004-10-28 21:39:42,Virussökare,Adware.BargainBuddy,Gick ej att ta bort,Arkiv,N/A,N/A,200410270018,10.0.1.13,Marie Nilsson,FAMILJEN-IO1FN2,",Hotkategori: ReklamprogramvaraKälla: C:\WINDOWS\system32\exul1.exe,Beskrivning: Filen C:\WINDOWS\system32\exul1.exe är ett hot av typen Reklamprogramvara." 2004-10-28 21:39:42,Virussökare,Adware.BargainBuddy,Gick ej att ta bort,Arkiv,N/A,N/A,200410270018,10.0.1.13,Marie Nilsson,FAMILJEN-IO1FN2,",Hotkategori: ReklamprogramvaraKälla: C:\WINDOWS\system32\exdl3.exe,Beskrivning: Filen C:\WINDOWS\system32\exdl3.exe är ett hot av typen Reklamprogramvara." 2004-10-28 21:39:42,Virussökare,Adware.BargainBuddy,Gick ej att ta bort,Arkiv,N/A,N/A,200410270018,10.0.1.13,Marie Nilsson,FAMILJEN-IO1FN2,",Hotkategori: ReklamprogramvaraKälla: C:\WINDOWS\system32\exdl2.exe,Beskrivning: Filen C:\WINDOWS\system32\exdl2.exe är ett hot av typen Reklamprogramvara." 2004-10-28 21:39:42,Virussökare,Adware.BargainBuddy,Gick ej att ta bort,Arkiv,N/A,N/A,200410270018,10.0.1.13,Marie Nilsson,FAMILJEN-IO1FN2,",Hotkategori: ReklamprogramvaraKälla: C:\WINDOWS\system32\exdl0.exe,Beskrivning: Filen C:\WINDOWS\system32\exdl0.exe är ett hot av typen Reklamprogramvara." 2004-10-28 20:37:59,Skriptblockering,Misstänkt skript,Blockerad,Script,N/A,Windows Script Host Shell Object : RegWrite,Okänd,Okänd,Marie Nilsson,FAMILJEN-IO1FN2,Källa: C:\Program\Telia\Supportassistent\Telia\Vbs\tsoe.vbs 2004-10-28 17:35:56,Skriptblockering,Misstänkt skript,Blockerad,Script,N/A,Windows Script Host Shell Object : RegWrite,Okänd,Okänd,Marie Nilsson,FAMILJEN-IO1FN2,Källa: C:\Program\Telia\Supportassistent\Telia\Vbs\tsoe.vbs 2004-10-28 15:07:25,Virussökare,Adware.BargainBuddy,Ingen åtgärd,Arkiv,N/A,N/A,200410270018,10.0.1.13,Marie Nilsson,FAMILJEN-IO1FN2,",Hotkategori: ReklamprogramvaraKälla: C:/WINDOWS/System32/javexulm.vxd,Beskrivning: Den komprimerade filen C:/WINDOWS/System32/javexulm.vxd i C:\WINDOWS\system32\netut80ex.vxd är ett hot av typen Reklamprogramvara." 2004-10-28 15:07:25,Virussökare,Adware.BargainBuddy,Ingen åtgärd,Arkiv,N/A,N/A,200410270018,10.0.1.13,Marie Nilsson,FAMILJEN-IO1FN2,",Hotkategori: ReklamprogramvaraKälla: C:/WINDOWS/System32/exul.exe,Beskrivning: Den komprimerade filen C:/WINDOWS/System32/exul.exe i C:\WINDOWS\system32\netut80ex.vxd är ett hot av typen Reklamprogramvara." 2004-10-28 15:07:25,Virussökare,Adware.BargainBuddy,Ingen åtgärd,Arkiv,N/A,N/A,200410270018,10.0.1.13,Marie Nilsson,FAMILJEN-IO1FN2,",Hotkategori: ReklamprogramvaraKälla: C:/WINDOWS/System32/mqexdlm.srg,Beskrivning: Den komprimerade filen C:/WINDOWS/System32/mqexdlm.srg i C:\WINDOWS\system32\netut80ex.vxd är ett hot av typen Reklamprogramvara." 2004-10-28 15:07:25,Virussökare,Adware.BargainBuddy,Ingen åtgärd,Arkiv,N/A,N/A,200410270018,10.0.1.13,Marie Nilsson,FAMILJEN-IO1FN2,",Hotkategori: ReklamprogramvaraKälla: C:/WINDOWS/System32/exdl.exe,Beskrivning: Den komprimerade filen C:/WINDOWS/System32/exdl.exe i C:\WINDOWS\system32\netut80ex.vxd är ett hot av typen Reklamprogramvara." 2004-10-28 15:07:25,Virussökare,Adware.BargainBuddy,Ingen åtgärd,Arkiv,N/A,N/A,200410270018,10.0.1.13,Marie Nilsson,FAMILJEN-IO1FN2,",Hotkategori: ReklamprogramvaraKälla: C:\WINDOWS\system32\mqexdlm.srg,Beskrivning: Filen C:\WINDOWS\system32\mqexdlm.srg är ett hot av typen Reklamprogramvara." 2004-10-28 15:07:25,Virussökare,Adware.BargainBuddy,Ingen åtgärd,Arkiv,N/A,N/A,200410270018,10.0.1.13,Marie Nilsson,FAMILJEN-IO1FN2,",Hotkategori: ReklamprogramvaraKälla: C:/Program/BullsEye Network/bin/bargains.exe,Beskrivning: Den komprimerade filen C:/Program/BullsEye Network/bin/bargains.exe i C:\WINDOWS\system32\mac80ex.idf är ett hot av typen Reklamprogramvara." 2004-10-28 15:07:25,Virussökare,Adware.InstantAccess,Ingen åtgärd,Arkiv,N/A,N/A,200410270018,10.0.1.13,Marie Nilsson,FAMILJEN-IO1FN2,",Hotkategori: ReklamprogramvaraKälla: C:\WINDOWS\system32\LiveService_5.dll,Beskrivning: Filen C:\WINDOWS\system32\LiveService_5.dll är ett hot av typen Reklamprogramvara." 2004-10-28 15:07:25,Virussökare,Adware.BargainBuddy,Ingen åtgärd,Arkiv,N/A,N/A,200410270018,10.0.1.13,Marie Nilsson,FAMILJEN-IO1FN2,",Hotkategori: ReklamprogramvaraKälla: C:\WINDOWS\system32\javexulm.vxd,Beskrivning: Filen C:\WINDOWS\system32\javexulm.vxd är ett hot av typen Reklamprogramvara." 2004-10-28 15:07:25,Virussökare,Adware.BargainBuddy,Ingen åtgärd,Arkiv,N/A,N/A,200410270018,10.0.1.13,Marie Nilsson,FAMILJEN-IO1FN2,",Hotkategori: ReklamprogramvaraKälla: C:\WINDOWS\system32\exul3.exe,Beskrivning: Filen C:\WINDOWS\system32\exul3.exe är ett hot av typen Reklamprogramvara." 2004-10-28 15:07:25,Virussökare,Adware.BargainBuddy,Ingen åtgärd,Arkiv,N/A,N/A,200410270018,10.0.1.13,Marie Nilsson,FAMILJEN-IO1FN2,",Hotkategori: ReklamprogramvaraKälla: C:\WINDOWS\system32\exul1.exe,Beskrivning: Filen C:\WINDOWS\system32\exul1.exe är ett hot av typen Reklamprogramvara." 2004-10-28 15:07:25,Virussökare,Adware.BargainBuddy,Ingen åtgärd,Arkiv,N/A,N/A,200410270018,10.0.1.13,Marie Nilsson,FAMILJEN-IO1FN2,",Hotkategori: ReklamprogramvaraKälla: C:\WINDOWS\system32\exdl3.exe,Beskrivning: Filen C:\WINDOWS\system32\exdl3.exe är ett hot av typen Reklamprogramvara." 2004-10-28 15:07:25,Virussökare,Adware.BargainBuddy,Ingen åtgärd,Arkiv,N/A,N/A,200410270018,10.0.1.13,Marie Nilsson,FAMILJEN-IO1FN2,",Hotkategori: ReklamprogramvaraKälla: C:\WINDOWS\system32\exdl2.exe,Beskrivning: Filen C:\WINDOWS\system32\exdl2.exe är ett hot av typen Reklamprogramvara." 2004-10-28 15:07:25,Virussökare,Adware.BargainBuddy,Ingen åtgärd,Arkiv,N/A,N/A,200410270018,10.0.1.13,Marie Nilsson,FAMILJEN-IO1FN2,",Hotkategori: ReklamprogramvaraKälla: C:\WINDOWS\system32\exdl1.exe,Beskrivning: Filen C:\WINDOWS\system32\exdl1.exe är ett hot av typen Reklamprogramvara." 2004-10-28 15:07:25,Virussökare,Adware.BargainBuddy,Ingen åtgärd,Arkiv,N/A,N/A,200410270018,10.0.1.13,Marie Nilsson,FAMILJEN-IO1FN2,",Hotkategori: ReklamprogramvaraKälla: C:\WINDOWS\system32\exdl0.exe,Beskrivning: Filen C:\WINDOWS\system32\exdl0.exe är ett hot av typen Reklamprogramvara." 2004-10-28 15:07:25,Virussökare,Adware.Slagent,Ingen åtgärd,Arkiv,N/A,N/A,200410270018,10.0.1.13,Marie Nilsson,FAMILJEN-IO1FN2,",Hotkategori: ReklamprogramvaraKälla: C:\Documents and Settings\Marie Nilsson\Lokala inställningar\Temp\temp.fr82F7\8_1,0,0,2_mslagent.dll,Beskrivning: Filen C:\Documents and Settings\Marie Nilsson\Lokala inställningar\Temp\temp.fr82F7\8_1,0,0,2_mslagent.dll är ett hot av typen Reklamprogramvara." [/log] Otroligt att du kan lägga så mycket kraft och tid att hjälpa mig med detta:) det verkar ju som om det blir mindre för var gång.[log]Problem när jag skulle ta bort mappar:Ta bort följande mappar: C:\WINDOWS\mslagent - fanns ej C:\Program\websx - fanns ej C:\Program\CashBack - gick att ta bort C:\Program\NaviSearch - gick att ta bort C:\Program\MyWebSearch - fick meddelande"går ej att läsa från källfilen eller källdisken" [/log]
  4. Tack för tipset, men jag förstår inte riktigt instruktionerna. Tyvärr./Marni
  5. 1. När jag dubbelklickar på HijackThis så kommer det upp ett nytt fönster som heter HijackThis - v1.98.2 (inte exe.) det händer inget när jag högerklickar på den. Virus hittade på one-linesökning: Exploit-MS04-028 Non cleanable c:\Documents and settings... TROJ WINTRIM.BY c:\WINDOWS\system32... /Marni [log]Logfile of HijackThis v1.98.2 Scan saved at 18:39:45, on 2004-10-28 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program\Delade filer\Symantec Shared\ccSetMgr.exe C:\Program\Delade filer\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\CTsvcCDA.exe C:\Program\Delade filer\EPSON\EBAPI\SAgent2.exe C:\Program\Norton AntiVirus\navapsvc.exe C:\WINDOWS\System32\MsPMSPSv.exe C:\Program\Norton AntiVirus\SAVScan.exe C:\WINDOWS\Explorer.EXE C:\Program\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe C:\Program\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE C:\WINDOWS\System32\CTHELPER.EXE C:\WINDOWS\system32\dla\tfswctrl.exe C:\Program\Delade filer\Symantec Shared\ccApp.exe C:\WINDOWS\BCMSMMSG.exe C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE C:\Program\Java\j2re1.4.2_03\bin\jusched.exe C:\Program\Delade filer\Real\Update_OB\realsched.exe C:\Program\QuickTime\qttask.exe C:\Program\Winamp3\winampa.exe C:\Program\Telia\Supportassistent\bin\tgcmd.exe C:\Program\ekort\ekort.exe C:\WINDOWS\System32\ctfmon.exe C:\Program\MSN Messenger\msnmsgr.exe C:\WINDOWS\System32\wuauclt.exe C:\Program\Outlook Express\msimn.exe C:\Program\Internet Explorer\iexplore.exe C:\Documents and Settings\Marie Nilsson\Skrivbord\HijackThis.exe C:\Program\Messenger\msmsgs.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.se/0SESVSE/SAOS02 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ycomp_wave/defaults/sp/*http://www.yahoo.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://login1.telia.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch'>http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ycomp_wave/defaults/su/*http://www.yahoo.com R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = "C:\Program\Outlook Express\msimn.exe" R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar O2 - BHO: (no name) - {008DB894-99ED-445D-8547-0E7C9808898D} - C:\WINDOWS\mslagent\4b_1,0,1,2_mslagent.dll (file missing) O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: e-kort Browser Helper Object - {1C900459-DEEF-4aa9-B260-1EF0F0C70A8D} - C:\WINDOWS\System32\Bhoekort.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program\google\googletoolbar1.dll O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program\Norton AntiVirus\NavShExt.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program\Norton AntiVirus\NavShExt.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program\google\googletoolbar1.dll O4 - HKLM\..\Run: [CTSysVol] C:\Program\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe O4 - HKLM\..\Run: [CTDVDDet] C:\Program\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE O4 - HKLM\..\Run: [AsioReg] REGSVR32.EXE /S CTASIO.DLL O4 - HKLM\..\Run: [updReg] C:\WINDOWS\UpdReg.EXE O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [storageGuard] "C:\Program\Delade filer\Sonic\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [ccApp] "C:\Program\Delade filer\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [bCMSMMSG] BCMSMMSG.exe O4 - HKLM\..\Run: [ATIPTA] C:\Program\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [EPSON Stylus C44 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P23 "EPSON Stylus C44 Series" /O6 "USB001" /M "Stylus C44" O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program\Java\j2re1.4.2_03\bin\jusched.exe O4 - HKLM\..\Run: [websx] C:\Program\websx\int339890.exe -auto O4 - HKLM\..\Run: [TkBellExe] "C:\Program\Delade filer\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [WinampAgent] "C:\Program\Winamp3\winampa.exe" O4 - HKLM\..\Run: [TeliaTGCMD] "C:\Program\Telia\Supportassistent\bin\tgcmd.exe" /server /startmonitor /deaf O4 - HKLM\..\Run: [ekort] C:\Program\ekort\ekort.exe /dontopenmycards O4 - HKLM\..\Run: [CashBack] C:\Program\CashBack\bin\cashback.exe O4 - HKLM\..\Run: [NaviSearch] C:\Program\NaviSearch\bin\nls.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\Run: [mslagent] C:\WINDOWS\mslagent\mslagent.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program\MSN Messenger\msnmsgr.exe" /background O4 - Global Startup: MyWebSearch Email Plugin.lnk = C:\Program\MyWebSearch\bar\1.bin\MWSOEMON.EXE O8 - Extra context menu item: &Google Search - res://c:\program\google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZCxdm127 O8 - Extra context menu item: Backward Links - res://c:\program\google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program\google\GoogleToolbar1.dll/cmcache.html O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Similar Pages - res://c:\program\google\GoogleToolbar1.dll/cmsimilar.html O8 - Extra context menu item: Translate into English - res://c:\program\google\GoogleToolbar1.dll/cmtrans.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file) O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file) O9 - Extra button: e-kort - {4C730913-3961-439b-83D5-F4E445520422} - C:\Program\ekort\ekort.exe O9 - Extra button: Referensinformation - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\MSMSGS.EXE O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\MSMSGS.EXE O16 - DPF: {0594AF7E-573B-40DF-8165-E47AB2EAEFE8} - http://akamai.downloadv3.com/binaries/P2EClient/EGAUTH_1021_EN_XP.cab O16 - DPF: {0990D180-4226-4530-9777-AB82315505B9} (Installer Class) - http://www.foreningssparbanken.se/betala/ekort/oinstall.cab O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/ei/CursorManiaInitialSetup1.0.0.8.cab O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab28578.cab O16 - DPF: {50AD557E-3426-41FD-AFDD-2AF39BB1C387} - http://akamai.downloadv3.com/binaries/LiveService/LiveService_5_EN_XP.cab O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/212f1e21087c45762917/netzip/RdxIE601.cab O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/20040427/qtinstall.info.apple.com/saba/us/win/QuickTimeInstaller.exe O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab28578.cab O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installengine.com/engine/isetup.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab O16 - DPF: {CA034DCC-A580-4333-B52F-15F98C42E04C} (Downloader Class) - http://www.stopzilla.com/_download/Auto_Installer/dwnldr.cab [/log] [log] Ad-Aware SE Build 1.05 Logfile Created on:den 28 oktober 2004 20:06:41 Created with Ad-Aware SE Personal, free for private use. Using definitions file:SE1R16 28.10.2004 »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» References detected during the scan: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» MRU List(TAC index:0):26 total references »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Ad-Aware SE Settings =========================== Set : Search for negligible risk entries Set : Safe mode (always request confirmation) Set : Scan active processes Set : Scan registry Set : Deep-scan registry Set : Scan my IE Favorites for banned URLs Set : Scan my Hosts file Extended Ad-Aware SE Settings =========================== Set : Unload recognized processes & modules during scan Set : Scan registry for all users instead of current user only Set : Always try to unload modules before deletion Set : During removal, unload Explorer and IE if necessary Set : Let Windows remove files in use at next reboot Set : Delete quarantined objects after restoring Set : Include basic Ad-Aware settings in log file Set : Include additional Ad-Aware settings in log file Set : Include reference summary in log file Set : Include alternate data stream details in log file Set : Play sound at scan completion if scan locates critical objects 2004-10-28 20:06:41 - Scan started. (Full System Scan) MRU List Object Recognized! Location: : S-1-5-21-1390067357-1532298954-839522115-1004\software\microsoft\windows\currentversion\applets\paint\recent file list Description : list of files recently opened using microsoft paint MRU List Object Recognized! Location: : S-1-5-21-1390067357-1532298954-839522115-1004\software\microsoft\windows\currentversion\explorer\runmru Description : mru list for items opened in start | run MRU List Object Recognized! Location: : S-1-5-21-1390067357-1532298954-839522115-1004\software\microsoft\search assistant\acmru Description : list of recent search terms used with the search assistant MRU List Object Recognized! Location: : S-1-5-21-1390067357-1532298954-839522115-1004\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru Description : list of recently saved files, stored according to file extension MRU List Object Recognized! Location: : S-1-5-21-1390067357-1532298954-839522115-1004\software\microsoft\windows\currentversion\explorer\comdlg32\lastvisitedmru Description : list of recent programs opened MRU List Object Recognized! Location: : S-1-5-21-1390067357-1532298954-839522115-1004\software\microsoft\windows\currentversion\explorer\recentdocs Description : list of recent documents opened MRU List Object Recognized! Location: : S-1-5-21-1390067357-1532298954-839522115-1004\software\microsoft\mediaplayer\player\recentfilelist Description : list of recently used files in microsoft windows media player MRU List Object Recognized! Location: : S-1-5-21-1390067357-1532298954-839522115-1004\software\realnetworks\realplayer\6.0\preferences Description : list of recent skins in realplayer MRU List Object Recognized! Location: : S-1-5-21-1390067357-1532298954-839522115-1004\software\microsoft\internet explorer Description : last download directory used in microsoft internet explorer MRU List Object Recognized! Location: : software\microsoft\directdraw\mostrecentapplication Description : most recent application to use microsoft directdraw MRU List Object Recognized! Location: : S-1-5-21-1390067357-1532298954-839522115-1004\software\microsoft\microsoft management console\recent file list Description : list of recent snap-ins used in the microsoft management console MRU List Object Recognized! Location: : S-1-5-21-1390067357-1532298954-839522115-1004\software\google\navclient\1.1\history Description : list of recently used search terms in the google toolbar MRU List Object Recognized! Location: : S-1-5-21-1390067357-1532298954-839522115-1004\software\microsoft\internet explorer\typedurls Description : list of recently entered addresses in microsoft internet explorer MRU List Object Recognized! Location: : S-1-5-21-1390067357-1532298954-839522115-1004\software\creative tech\creative wavestudio\settings Description : list of recently used directories in creative wavestudio MRU List Object Recognized! Location: : software\microsoft\direct3d\mostrecentapplication Description : most recent application to use microsoft direct3d MRU List Object Recognized! Location: : S-1-5-21-1390067357-1532298954-839522115-1004\software\realnetworks\realplayer\6.0\preferences Description : list of recent clips in realplayer MRU List Object Recognized! Location: : S-1-5-21-1390067357-1532298954-839522115-1004\software\microsoft\frontpage\explorer\frontpage explorer\recent web list Description : list of recently used webs in microsoft frontpage MRU List Object Recognized! Location: : S-1-5-21-1390067357-1532298954-839522115-1004\software\microsoft\mediaplayer\preferences Description : last playlist loaded in microsoft windows media player MRU List Object Recognized! Location: : S-1-5-21-1390067357-1532298954-839522115-1004\software\realnetworks\realplayer\6.0\preferences Description : last login time in realplayer MRU List Object Recognized! Location: : S-1-5-21-1390067357-1532298954-839522115-1004\software\microsoft\frontpage\explorer\frontpage explorer\recent file list Description : list of recently used files in microsoft frontpage MRU List Object Recognized! Location: : software\microsoft\direct3d\mostrecentapplication Description : most recent application to use microsoft direct X MRU List Object Recognized! Location: : .DEFAULT\software\microsoft\windows media\wmsdk\general Description : windows media sdk MRU List Object Recognized! Location: : S-1-5-18\software\microsoft\windows media\wmsdk\general Description : windows media sdk MRU List Object Recognized! Location: : S-1-5-21-1390067357-1532298954-839522115-1004\software\microsoft\windows media\wmsdk\general Description : windows media sdk MRU List Object Recognized! Location: : C:\Documents and Settings\Marie Nilsson\Application Data\microsoft\office\recent Description : list of recently opened documents using microsoft office MRU List Object Recognized! Location: : C:\Documents and Settings\Marie Nilsson\recent Description : list of recently opened documents Listing running processes »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» #:1 [smss.exe] FilePath : \SystemRoot\System32 ProcessID : 628 ThreadCreationTime : 2004-10-28 11:33:08 BasePriority : Normal #:2 [csrss.exe] FilePath : \??\C:\WINDOWS\system32 ProcessID : 680 ThreadCreationTime : 2004-10-28 11:33:10 BasePriority : Normal #:3 [winlogon.exe] FilePath : \??\C:\WINDOWS\system32 ProcessID : 704 ThreadCreationTime : 2004-10-28 11:33:11 BasePriority : High #:4 [services.exe] FilePath : C:\WINDOWS\system32 ProcessID : 748 ThreadCreationTime : 2004-10-28 11:33:11 BasePriority : Normal FileVersion : 5.1.2600.0 (xpclient.010817-1148) ProductVersion : 5.1.2600.0 ProductName : Operativsystemet Microsoft® Windows® CompanyName : Microsoft Corporation FileDescription : Tjänst- och styrenhetsprogram InternalName : services.exe LegalCopyright : © Microsoft Corporation. Med ensamrätt. OriginalFilename : services.exe #:5 [lsass.exe] FilePath : C:\WINDOWS\system32 ProcessID : 760 ThreadCreationTime : 2004-10-28 11:33:11 BasePriority : Normal FileVersion : 5.1.2600.1106 (xpsp1.020828-1920) ProductVersion : 5.1.2600.1106 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : LSA Shell (Export Version) InternalName : lsass.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : lsass.exe #:6 [ati2evxx.exe] FilePath : C:\WINDOWS\System32 ProcessID : 952 ThreadCreationTime : 2004-10-28 11:33:11 BasePriority : Normal #:7 [svchost.exe] FilePath : C:\WINDOWS\system32 ProcessID : 976 ThreadCreationTime : 2004-10-28 11:33:11 BasePriority : Normal FileVersion : 5.1.2600.0 (xpclient.010817-1148) ProductVersion : 5.1.2600.0 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:8 [svchost.exe] FilePath : C:\WINDOWS\System32 ProcessID : 1080 ThreadCreationTime : 2004-10-28 11:33:11 BasePriority : Normal FileVersion : 5.1.2600.0 (xpclient.010817-1148) ProductVersion : 5.1.2600.0 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:9 [svchost.exe] FilePath : C:\WINDOWS\System32 ProcessID : 1220 ThreadCreationTime : 2004-10-28 11:33:11 BasePriority : Normal FileVersion : 5.1.2600.0 (xpclient.010817-1148) ProductVersion : 5.1.2600.0 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:10 [svchost.exe] FilePath : C:\WINDOWS\System32 ProcessID : 1280 ThreadCreationTime : 2004-10-28 11:33:11 BasePriority : Normal FileVersion : 5.1.2600.0 (xpclient.010817-1148) ProductVersion : 5.1.2600.0 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:11 [ccsetmgr.exe] FilePath : C:\Program\Delade filer\Symantec Shared ProcessID : 1344 ThreadCreationTime : 2004-10-28 11:33:12 BasePriority : Normal FileVersion : 2.0.0.635 ProductVersion : 2.0.0.635 ProductName : Common Client CompanyName : Symantec Corporation FileDescription : Common Client Settings Manager Service InternalName : ccSetMgr LegalCopyright : Copyright © 2000-2003 Symantec Corporation. All rights reserved. OriginalFilename : ccSetMgr.exe #:12 [ccevtmgr.exe] FilePath : C:\Program\Delade filer\Symantec Shared ProcessID : 1432 ThreadCreationTime : 2004-10-28 11:33:12 BasePriority : Normal FileVersion : 2.0.0.635 ProductVersion : 2.0.0.635 ProductName : Common Client CompanyName : Symantec Corporation FileDescription : Common Client Event Manager Service InternalName : ccEvtMgr LegalCopyright : Copyright © 2000-2003 Symantec Corporation. All rights reserved. OriginalFilename : ccEvtMgr.exe #:13 [spoolsv.exe] FilePath : C:\WINDOWS\system32 ProcessID : 1628 ThreadCreationTime : 2004-10-28 11:33:12 BasePriority : Normal FileVersion : 5.1.2600.0 (XPClient.010817-1148) ProductVersion : 5.1.2600.0 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Spooler SubSystem App InternalName : spoolsv.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : spoolsv.exe #:14 [ctsvccda.exe] FilePath : C:\WINDOWS\System32 ProcessID : 1756 ThreadCreationTime : 2004-10-28 11:33:13 BasePriority : Normal FileVersion : 1.0.1.0 ProductVersion : 1.0.0.0 ProductName : Creative Service for CDROM Access CompanyName : Creative Technology Ltd FileDescription : Creative Service for CDROM Access InternalName : CTsvcCDAEXE LegalCopyright : Copyright © Creative Technology Ltd., 1999. All rights reserved. OriginalFilename : CTsvcCDA.EXE #:15 [sagent2.exe] FilePath : C:\Program\Delade filer\EPSON\EBAPI ProcessID : 1780 ThreadCreationTime : 2004-10-28 11:33:13 BasePriority : Normal FileVersion : 2, 3, 0, 0 ProductVersion : 1, 0, 0, 0 ProductName : EPSON Bidirectional Printer CompanyName : SEIKO EPSON CORPORATION FileDescription : EPSON Printer Status Agent InternalName : SAgent2 LegalCopyright : Copyright © SEIKO EPSON CORP. 2000-2001 OriginalFilename : SAgent2.exe #:16 [navapsvc.exe] FilePath : C:\Program\Norton AntiVirus ProcessID : 1844 ThreadCreationTime : 2004-10-28 11:33:13 BasePriority : Normal FileVersion : 10.00.2 ProductVersion : 10.00.2 ProductName : Norton AntiVirus CompanyName : Symantec Corporation FileDescription : Norton AntiVirus Auto-Protect Service InternalName : NAVAPSVC LegalCopyright : Norton AntiVirus 2004 for Windows 98/ME/2000/XP Copyright © 2003 Symantec Corporation. All rights reserved. OriginalFilename : NAVAPSVC.EXE #:17 [mspmspsv.exe] FilePath : C:\WINDOWS\System32 ProcessID : 2032 ThreadCreationTime : 2004-10-28 11:33:14 BasePriority : Normal FileVersion : 7.00.00.1954 ProductVersion : 7.00.00.1954 ProductName : Microsoft ® DRM CompanyName : Microsoft Corporation FileDescription : WMDM PMSP Service InternalName : MSPMSPSV.EXE LegalCopyright : Copyright © Microsoft Corp. 1981-2000 OriginalFilename : MSPMSPSV.EXE #:18 [savscan.exe] FilePath : C:\Program\Norton AntiVirus ProcessID : 408 ThreadCreationTime : 2004-10-28 11:33:15 BasePriority : Normal FileVersion : 9.2.1.14 ProductVersion : 9.2 ProductName : Symantec AntiVirus AutoProtect CompanyName : Symantec Corporation FileDescription : Symantec AntiVirus Scanner InternalName : SAVSCAN LegalCopyright : Copyright © 2003 Symantec Corporation OriginalFilename : SAVSCAN.EXE #:19 [explorer.exe] FilePath : C:\WINDOWS ProcessID : 1008 ThreadCreationTime : 2004-10-28 11:33:18 BasePriority : Normal FileVersion : 6.00.2800.1106 (xpsp1.020828-1920) ProductVersion : 6.00.2800.1106 ProductName : Operativsystemet Microsoft® Windows® CompanyName : Microsoft Corporation FileDescription : Utforskaren InternalName : explorer LegalCopyright : © Microsoft Corporation. Med ensamrätt. OriginalFilename : EXPLORER.EXE #:20 [ctsysvol.exe] FilePath : C:\Program\Creative\SBAudigy2\Surround Mixer ProcessID : 1236 ThreadCreationTime : 2004-10-28 11:33:19 BasePriority : Normal FileVersion : 1.1.3.0 ProductVersion : 1.0.0.0 ProductName : Creative Volume Control CompanyName : Creative Technology Ltd FileDescription : CTSysVol.exe LegalCopyright : Copyright © Creative Technology Ltd., 2002. All rights reserved. OriginalFilename : CTSysVol.exe #:21 [ctdvddet.exe] FilePath : C:\Program\Creative\SBAudigy2\DVDAudio ProcessID : 1232 ThreadCreationTime : 2004-10-28 11:33:19 BasePriority : Normal FileVersion : 1.0.2.0 ProductVersion : 1.0.2.0 ProductName : CTDVDDET CompanyName : Creative Technology Ltd FileDescription : CTDVDDET InternalName : CTDVDDET LegalCopyright : Copyright © Creative Technology Ltd., 2002. All rights reserved. OriginalFilename : CTDVDDET.EXE #:22 [cthelper.exe] FilePath : C:\WINDOWS\System32 ProcessID : 1328 ThreadCreationTime : 2004-10-28 11:33:19 BasePriority : Normal FileVersion : 1, 0, 0, 11 ProductVersion : 1, 0, 0, 11 ProductName : CtHelper Application CompanyName : Creative Technology Ltd FileDescription : CtHelper MFC Application InternalName : CtHelper LegalCopyright : Copyright © 2002 OriginalFilename : CtHelper.EXE #:23 [tfswctrl.exe] FilePath : C:\WINDOWS\system32\dla ProcessID : 1728 ThreadCreationTime : 2004-10-28 11:33:19 BasePriority : Normal FileVersion : 1.04.05b CompanyName : Sonic Solutions FileDescription : Drive Letter Access Component LegalCopyright : Copyright © 2003 Sonic Solutions #:24 [ccapp.exe] FilePath : C:\Program\Delade filer\Symantec Shared ProcessID : 1804 ThreadCreationTime : 2004-10-28 11:33:19 BasePriority : Normal FileVersion : 2.0.0.635 ProductVersion : 2.0.0.635 ProductName : Common Client CompanyName : Symantec Corporation FileDescription : Symantec Common Client User Session InternalName : ccApp LegalCopyright : Copyright © 2000-2003 Symantec Corporation. All rights reserved. OriginalFilename : ccApp.exe #:25 [bcmsmmsg.exe] FilePath : C:\WINDOWS ProcessID : 1824 ThreadCreationTime : 2004-10-28 11:33:19 BasePriority : Normal FileVersion : 3.5.24 02/24/2003 18:29:41 ProductVersion : 3.5.24 02/24/2003 18:29:41 ProductName : BCM Modem Messaging Applet CompanyName : Broadcom Corporation FileDescription : Modem Messaging Applet InternalName : smdmstat.exe LegalCopyright : Copyright © Broadcom Corporation 1998-2000 OriginalFilename : smdmstat.exe #:26 [e_s10ic2.exe] FilePath : C:\WINDOWS\System32\spool\DRIVERS\W32X86\3 ProcessID : 1984 ThreadCreationTime : 2004-10-28 11:33:19 BasePriority : Normal FileVersion : 3.06 ProductVersion : 3.06 ProductName : EPSON Status Monitor 3 CompanyName : SEIKO EPSON CORPORATION FileDescription : EPSON Status Monitor 3 InternalName : E_S10IC2 LegalCopyright : Copyright © SEIKO EPSON CORP. 2002 OriginalFilename : E_S10IC2.EXE #:27 [jusched.exe] FilePath : C:\Program\Java\j2re1.4.2_03\bin ProcessID : 1996 ThreadCreationTime : 2004-10-28 11:33:19 BasePriority : Normal #:28 [realsched.exe] FilePath : C:\Program\Delade filer\Real\Update_OB ProcessID : 2060 ThreadCreationTime : 2004-10-28 11:33:20 BasePriority : Normal FileVersion : 0.1.0.1622 ProductVersion : 0.1.0.1622 ProductName : RealOne Player (32-bit) CompanyName : RealNetworks, Inc. FileDescription : RealNetworks Scheduler InternalName : schedapp LegalCopyright : Copyright © RealNetworks, Inc. 1995-2002 LegalTrademarks : RealAudio is a trademark of RealNetworks, Inc. OriginalFilename : realsched.exe #:29 [qttask.exe] FilePath : C:\Program\QuickTime ProcessID : 2088 ThreadCreationTime : 2004-10-28 11:33:20 BasePriority : Normal FileVersion : 6.5.1 ProductVersion : QuickTime 6.5.1 ProductName : QuickTime CompanyName : Apple Computer, Inc. InternalName : QuickTime Task LegalCopyright : © Apple Computer, Inc. 2001-2004 OriginalFilename : QTTask.exe #:30 [winampa.exe] FilePath : C:\Program\Winamp3 ProcessID : 2112 ThreadCreationTime : 2004-10-28 11:33:20 BasePriority : Normal #:31 [tgcmd.exe] FilePath : C:\Program\Telia\Supportassistent\bin ProcessID : 2188 ThreadCreationTime : 2004-10-28 11:33:20 BasePriority : Normal FileVersion : 5,6,875,0 ProductVersion : 5,6,875,0 ProductName : Telia Supportassistent - Support.com Scheduler and Command Dispatcher CompanyName : TeliaSonera, AB - SupportSoft, Inc. FileDescription : Telia Supportassistent - Support.com Scheduler and Command Dispatcher InternalName : TGCMD LegalCopyright : Copyright 1997-2069 SupportSoft OriginalFilename : TGCMD.EXE Comments : Telia Supportassistent #:32 [ekort.exe] FilePath : C:\Program\ekort ProcessID : 2196 ThreadCreationTime : 2004-10-28 11:33:20 BasePriority : Normal FileVersion : 2, 4, 0, 1, 81 ProductVersion : 2, 4, 0, 1, 81 ProductName : Swedbank e-kort CompanyName : Orbiscom Ltd. All rights reserved. FileDescription : Swedbank e-kort InternalName : WEBOCARD LegalCopyright : Copyright © 1999-2002, Orbiscom Ltd. All rights reserved. OriginalFilename : WebOCard.EXE #:33 [ctfmon.exe] FilePath : C:\WINDOWS\System32 ProcessID : 2236 ThreadCreationTime : 2004-10-28 11:33:20 BasePriority : Normal FileVersion : 5.1.2600.1106 (xpsp1.020828-1920) ProductVersion : 5.1.2600.1106 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : CTF Loader InternalName : CTFMON LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : CTFMON.EXE #:34 [msnmsgr.exe] FilePath : C:\Program\MSN Messenger ProcessID : 2288 ThreadCreationTime : 2004-10-28 11:33:21 BasePriority : Normal FileVersion : 6.2.0137 ProductVersion : Version 6.2 ProductName : MSN Messenger CompanyName : Microsoft Corporation FileDescription : MSN Messenger InternalName : msnmsgr LegalCopyright : Copyright © Microsoft Corporation 1997-2004 LegalTrademarks : Microsoft® is a registered trademark of Microsoft Corporation in the U.S. and/or other countries. OriginalFilename : msnmsgr.exe #:35 [wuauclt.exe] FilePath : C:\WINDOWS\System32 ProcessID : 2012 ThreadCreationTime : 2004-10-28 11:34:13 BasePriority : Normal FileVersion : 5.4.3790.2182 built by: srv03_rtm(ntvbl04) ProductVersion : 5.4.3790.2182 ProductName : Operativsystemet Microsoft® Windows® CompanyName : Microsoft Corporation FileDescription : Automatiska uppdateringar InternalName : wuauclt.exe LegalCopyright : © Microsoft Corporation. Med ensamrätt. OriginalFilename : wuauclt.exe #:36 [msimn.exe] FilePath : C:\Program\Outlook Express ProcessID : 1060 ThreadCreationTime : 2004-10-28 15:05:41 BasePriority : Normal FileVersion : 6.00.2800.1123 ProductVersion : 6.00.2800.1123 ProductName : Operativsystemet Microsoft® Windows® CompanyName : Microsoft Corporation FileDescription : Outlook Express InternalName : MSIMN LegalCopyright : © Microsoft Corporation. Med ensamrätt. OriginalFilename : MSIMN.EXE #:37 [iexplore.exe] FilePath : C:\Program\Internet Explorer ProcessID : 3528 ThreadCreationTime : 2004-10-28 17:56:06 BasePriority : Normal FileVersion : 6.00.2800.1106 (xpsp1.020828-1920) ProductVersion : 6.00.2800.1106 ProductName : Operativsystemet Microsoft® Windows® CompanyName : Microsoft Corporation FileDescription : Internet Explorer InternalName : iexplore LegalCopyright : © Microsoft Corporation. Med ensamrätt. OriginalFilename : IEXPLORE.EXE #:38 [ad-aware.exe] FilePath : C:\Program\Lavasoft\AD-AWA~2 ProcessID : 3172 ThreadCreationTime : 2004-10-28 18:00:05 BasePriority : Normal FileVersion : 6.2.0.206 ProductVersion : VI.Second Edition ProductName : Lavasoft Ad-Aware SE CompanyName : Lavasoft Sweden FileDescription : Ad-Aware SE Core application InternalName : Ad-Aware.exe LegalCopyright : Copyright © Lavasoft Sweden OriginalFilename : Ad-Aware.exe Comments : All Rights Reserved #:39 [msmsgs.exe] FilePath : C:\Program\Messenger ProcessID : 3208 ThreadCreationTime : 2004-10-28 18:05:20 BasePriority : Normal FileVersion : 4.7.2009 ProductVersion : Version 4.7 ProductName : Messenger CompanyName : Microsoft Corporation FileDescription : Messenger InternalName : msmsgs LegalCopyright : Copyright © Microsoft Corporation 1997-2003 LegalTrademarks : Microsoft® is a registered trademark of Microsoft Corporation in the U.S. and/or other countries. OriginalFilename : msmsgs.exe Memory scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 26 Started registry scan »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Registry Scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 26 Started deep registry scan »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Deep registry scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 26 Started Tracking Cookie scan »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Tracking cookie scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 26 Disk Scan Result for C:»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 26 Scanning Hosts file...... Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts". »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Hosts file scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» 1 entries scanned. New critical objects:0 Objects found so far: 26 Performing conditional scans... »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Conditional scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 26 20:11:44 Scan Complete Summary Of This Scan »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Total scanning time:00:05:03.641 Objects scanned:146971 Objects identified:0 Objects ignored:0 New critical objects:0 [/log] /Marni [inlägget ändrat 2004-10-28 20:32:16 av marni]
  6. Nu har jag laddat ner, men jag förstår inte denna instruktionen: "ny mapp, C:\HjT " HijackThis ligger nu på skrivbordet, hur fortsätter jag?/Marni [inlägget ändrat 2004-10-28 15:45:11 av marni]
  7. :thumbsup:Verkar som allt är som det ska. Inga mer varningar om virushot!!!. Tack för hjälpen! Till alla som engagerat sig i min fråga. SKOJ] Vad har man Hijack This till hur använder man den?/Marni [inlägget ändrat 2004-10-28 14:25:54 av marni]
  8. [log] Lavasoft Ad-Aware Personal Build 1.03 Logfile created on:den 28 oktober 2004 13:33:38 Created with Ad-Aware SE Personal, free for private use. Using definitions file:SE1R15 26.10.2004 »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» References detected during the scan: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» MRU List(TAC index:0):26 total references »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Ad-Aware Settings =========================== Set : Search for negligible risk entries Set : Safe mode (always request confirmation) Set : Scan active processes Set : Scan registry Set : Deep-scan registry Set : Scan my IE Favorites for banned URLs Set : Scan my Hosts file Extended Ad-Aware Settings =========================== Set : Unload recognized processes & modules during scan Set : Scan registry for all users instead of current user only Set : Always try to unload modules before deletion Set : During removal, unload Explorer and IE if necessary Set : Let Windows remove files in use at next reboot Set : Delete quarantined objects after restoring Set : Include basic Ad-Aware settings in log file Set : Include additional Ad-Aware settings in log file Set : Include reference summary in log file Set : Backup current definitions file before updating Set : Play sound at scan completion if scan locates critical objects 2004-10-28 13:33:38 - Scan started. (Smart mode) Listing running processes »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» #:1 [smss.exe] FilePath : \SystemRoot\System32 ProcessID : 628 ThreadCreationTime : 2004-10-28 11:33:08 BasePriority : Normal #:2 [csrss.exe] FilePath : \??\C:\WINDOWS\system32 ProcessID : 680 ThreadCreationTime : 2004-10-28 11:33:10 BasePriority : Normal #:3 [winlogon.exe] FilePath : \??\C:\WINDOWS\system32 ProcessID : 704 ThreadCreationTime : 2004-10-28 11:33:11 BasePriority : High #:4 [services.exe] FilePath : C:\WINDOWS\system32 ProcessID : 748 ThreadCreationTime : 2004-10-28 11:33:11 BasePriority : Normal FileVersion : 5.1.2600.0 (xpclient.010817-1148) ProductVersion : 5.1.2600.0 ProductName : Operativsystemet Microsoft® Windows® CompanyName : Microsoft Corporation FileDescription : Tjänst- och styrenhetsprogram InternalName : services.exe LegalCopyright : © Microsoft Corporation. Med ensamrätt. OriginalFilename : services.exe #:5 [lsass.exe] FilePath : C:\WINDOWS\system32 ProcessID : 760 ThreadCreationTime : 2004-10-28 11:33:11 BasePriority : Normal FileVersion : 5.1.2600.1106 (xpsp1.020828-1920) ProductVersion : 5.1.2600.1106 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : LSA Shell (Export Version) InternalName : lsass.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : lsass.exe #:6 [ati2evxx.exe] FilePath : C:\WINDOWS\System32 ProcessID : 952 ThreadCreationTime : 2004-10-28 11:33:11 BasePriority : Normal #:7 [svchost.exe] FilePath : C:\WINDOWS\system32 ProcessID : 976 ThreadCreationTime : 2004-10-28 11:33:11 BasePriority : Normal FileVersion : 5.1.2600.0 (xpclient.010817-1148) ProductVersion : 5.1.2600.0 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:8 [svchost.exe] FilePath : C:\WINDOWS\System32 ProcessID : 1080 ThreadCreationTime : 2004-10-28 11:33:11 BasePriority : Normal FileVersion : 5.1.2600.0 (xpclient.010817-1148) ProductVersion : 5.1.2600.0 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:9 [svchost.exe] FilePath : C:\WINDOWS\System32 ProcessID : 1220 ThreadCreationTime : 2004-10-28 11:33:11 BasePriority : Normal FileVersion : 5.1.2600.0 (xpclient.010817-1148) ProductVersion : 5.1.2600.0 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:10 [svchost.exe] FilePath : C:\WINDOWS\System32 ProcessID : 1280 ThreadCreationTime : 2004-10-28 11:33:11 BasePriority : Normal FileVersion : 5.1.2600.0 (xpclient.010817-1148) ProductVersion : 5.1.2600.0 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:11 [ccsetmgr.exe] FilePath : C:\Program\Delade filer\Symantec Shared ProcessID : 1344 ThreadCreationTime : 2004-10-28 11:33:12 BasePriority : Normal FileVersion : 2.0.0.635 ProductVersion : 2.0.0.635 ProductName : Common Client CompanyName : Symantec Corporation FileDescription : Common Client Settings Manager Service InternalName : ccSetMgr LegalCopyright : Copyright © 2000-2003 Symantec Corporation. All rights reserved. OriginalFilename : ccSetMgr.exe #:12 [ccevtmgr.exe] FilePath : C:\Program\Delade filer\Symantec Shared ProcessID : 1432 ThreadCreationTime : 2004-10-28 11:33:12 BasePriority : Normal FileVersion : 2.0.0.635 ProductVersion : 2.0.0.635 ProductName : Common Client CompanyName : Symantec Corporation FileDescription : Common Client Event Manager Service InternalName : ccEvtMgr LegalCopyright : Copyright © 2000-2003 Symantec Corporation. All rights reserved. OriginalFilename : ccEvtMgr.exe #:13 [spoolsv.exe] FilePath : C:\WINDOWS\system32 ProcessID : 1628 ThreadCreationTime : 2004-10-28 11:33:12 BasePriority : Normal FileVersion : 5.1.2600.0 (XPClient.010817-1148) ProductVersion : 5.1.2600.0 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Spooler SubSystem App InternalName : spoolsv.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : spoolsv.exe #:14 [ctsvccda.exe] FilePath : C:\WINDOWS\System32 ProcessID : 1756 ThreadCreationTime : 2004-10-28 11:33:13 BasePriority : Normal FileVersion : 1.0.1.0 ProductVersion : 1.0.0.0 ProductName : Creative Service for CDROM Access CompanyName : Creative Technology Ltd FileDescription : Creative Service for CDROM Access InternalName : CTsvcCDAEXE LegalCopyright : Copyright © Creative Technology Ltd., 1999. All rights reserved. OriginalFilename : CTsvcCDA.EXE #:15 [sagent2.exe] FilePath : C:\Program\Delade filer\EPSON\EBAPI ProcessID : 1780 ThreadCreationTime : 2004-10-28 11:33:13 BasePriority : Normal FileVersion : 2, 3, 0, 0 ProductVersion : 1, 0, 0, 0 ProductName : EPSON Bidirectional Printer CompanyName : SEIKO EPSON CORPORATION FileDescription : EPSON Printer Status Agent InternalName : SAgent2 LegalCopyright : Copyright © SEIKO EPSON CORP. 2000-2001 OriginalFilename : SAgent2.exe #:16 [navapsvc.exe] FilePath : C:\Program\Norton AntiVirus ProcessID : 1844 ThreadCreationTime : 2004-10-28 11:33:13 BasePriority : Normal FileVersion : 10.00.2 ProductVersion : 10.00.2 ProductName : Norton AntiVirus CompanyName : Symantec Corporation FileDescription : Norton AntiVirus Auto-Protect Service InternalName : NAVAPSVC LegalCopyright : Norton AntiVirus 2004 for Windows 98/ME/2000/XP Copyright © 2003 Symantec Corporation. All rights reserved. OriginalFilename : NAVAPSVC.EXE #:17 [mspmspsv.exe] FilePath : C:\WINDOWS\System32 ProcessID : 2032 ThreadCreationTime : 2004-10-28 11:33:14 BasePriority : Normal FileVersion : 7.00.00.1954 ProductVersion : 7.00.00.1954 ProductName : Microsoft ® DRM CompanyName : Microsoft Corporation FileDescription : WMDM PMSP Service InternalName : MSPMSPSV.EXE LegalCopyright : Copyright © Microsoft Corp. 1981-2000 OriginalFilename : MSPMSPSV.EXE #:18 [wuauclt.exe] FilePath : C:\WINDOWS\System32 ProcessID : 296 ThreadCreationTime : 2004-10-28 11:33:14 BasePriority : Normal FileVersion : 5.4.3790.2182 built by: srv03_rtm(ntvbl04) ProductVersion : 5.4.3790.2182 ProductName : Operativsystemet Microsoft® Windows® CompanyName : Microsoft Corporation FileDescription : Automatiska uppdateringar InternalName : wuauclt.exe LegalCopyright : © Microsoft Corporation. Med ensamrätt. OriginalFilename : wuauclt.exe #:19 [savscan.exe] FilePath : C:\Program\Norton AntiVirus ProcessID : 408 ThreadCreationTime : 2004-10-28 11:33:15 BasePriority : Normal FileVersion : 9.2.1.14 ProductVersion : 9.2 ProductName : Symantec AntiVirus AutoProtect CompanyName : Symantec Corporation FileDescription : Symantec AntiVirus Scanner InternalName : SAVSCAN LegalCopyright : Copyright © 2003 Symantec Corporation OriginalFilename : SAVSCAN.EXE #:20 [userinit.exe] FilePath : C:\WINDOWS\system32 ProcessID : 896 ThreadCreationTime : 2004-10-28 11:33:17 BasePriority : Normal FileVersion : 5.1.2600.1106 (xpsp1.020828-1920) ProductVersion : 5.1.2600.1106 ProductName : Operativsystemet Microsoft® Windows® CompanyName : Microsoft Corporation FileDescription : Inloggningsprogrammet Userinit InternalName : userinit LegalCopyright : © Microsoft Corporation. Med ensamrätt. OriginalFilename : USERINIT.EXE #:21 [explorer.exe] FilePath : C:\WINDOWS ProcessID : 1008 ThreadCreationTime : 2004-10-28 11:33:18 BasePriority : Normal FileVersion : 6.00.2800.1106 (xpsp1.020828-1920) ProductVersion : 6.00.2800.1106 ProductName : Operativsystemet Microsoft® Windows® CompanyName : Microsoft Corporation FileDescription : Utforskaren InternalName : explorer LegalCopyright : © Microsoft Corporation. Med ensamrätt. OriginalFilename : EXPLORER.EXE #:22 [ctsysvol.exe] FilePath : C:\Program\Creative\SBAudigy2\Surround Mixer ProcessID : 1236 ThreadCreationTime : 2004-10-28 11:33:19 BasePriority : Normal FileVersion : 1.1.3.0 ProductVersion : 1.0.0.0 ProductName : Creative Volume Control CompanyName : Creative Technology Ltd FileDescription : CTSysVol.exe LegalCopyright : Copyright © Creative Technology Ltd., 2002. All rights reserved. OriginalFilename : CTSysVol.exe #:23 [ctdvddet.exe] FilePath : C:\Program\Creative\SBAudigy2\DVDAudio ProcessID : 1232 ThreadCreationTime : 2004-10-28 11:33:19 BasePriority : Normal FileVersion : 1.0.2.0 ProductVersion : 1.0.2.0 ProductName : CTDVDDET CompanyName : Creative Technology Ltd FileDescription : CTDVDDET InternalName : CTDVDDET LegalCopyright : Copyright © Creative Technology Ltd., 2002. All rights reserved. OriginalFilename : CTDVDDET.EXE #:24 [cthelper.exe] FilePath : C:\WINDOWS\System32 ProcessID : 1328 ThreadCreationTime : 2004-10-28 11:33:19 BasePriority : Normal FileVersion : 1, 0, 0, 11 ProductVersion : 1, 0, 0, 11 ProductName : CtHelper Application CompanyName : Creative Technology Ltd FileDescription : CtHelper MFC Application InternalName : CtHelper LegalCopyright : Copyright © 2002 OriginalFilename : CtHelper.EXE #:25 [tfswctrl.exe] FilePath : C:\WINDOWS\system32\dla ProcessID : 1728 ThreadCreationTime : 2004-10-28 11:33:19 BasePriority : Normal FileVersion : 1.04.05b CompanyName : Sonic Solutions FileDescription : Drive Letter Access Component LegalCopyright : Copyright © 2003 Sonic Solutions #:26 [sgtray.exe] FilePath : C:\Program\Delade filer\Sonic\Update Manager ProcessID : 1720 ThreadCreationTime : 2004-10-28 11:33:19 BasePriority : Normal FileVersion : 1.01.11a CompanyName : Sonic Solutions FileDescription : Sonic Update Manager LegalCopyright : Copyright © 2002 Sonic Solutions #:27 [ccapp.exe] FilePath : C:\Program\Delade filer\Symantec Shared ProcessID : 1804 ThreadCreationTime : 2004-10-28 11:33:19 BasePriority : Normal FileVersion : 2.0.0.635 ProductVersion : 2.0.0.635 ProductName : Common Client CompanyName : Symantec Corporation FileDescription : Symantec Common Client User Session InternalName : ccApp LegalCopyright : Copyright © 2000-2003 Symantec Corporation. All rights reserved. OriginalFilename : ccApp.exe #:28 [bcmsmmsg.exe] FilePath : C:\WINDOWS ProcessID : 1824 ThreadCreationTime : 2004-10-28 11:33:19 BasePriority : Normal FileVersion : 3.5.24 02/24/2003 18:29:41 ProductVersion : 3.5.24 02/24/2003 18:29:41 ProductName : BCM Modem Messaging Applet CompanyName : Broadcom Corporation FileDescription : Modem Messaging Applet InternalName : smdmstat.exe LegalCopyright : Copyright © Broadcom Corporation 1998-2000 OriginalFilename : smdmstat.exe #:29 [e_s10ic2.exe] FilePath : C:\WINDOWS\System32\spool\DRIVERS\W32X86\3 ProcessID : 1984 ThreadCreationTime : 2004-10-28 11:33:19 BasePriority : Normal FileVersion : 3.06 ProductVersion : 3.06 ProductName : EPSON Status Monitor 3 CompanyName : SEIKO EPSON CORPORATION FileDescription : EPSON Status Monitor 3 InternalName : E_S10IC2 LegalCopyright : Copyright © SEIKO EPSON CORP. 2002 OriginalFilename : E_S10IC2.EXE #:30 [jusched.exe] FilePath : C:\Program\Java\j2re1.4.2_03\bin ProcessID : 1996 ThreadCreationTime : 2004-10-28 11:33:19 BasePriority : Normal #:31 [realsched.exe] FilePath : C:\Program\Delade filer\Real\Update_OB ProcessID : 2060 ThreadCreationTime : 2004-10-28 11:33:20 BasePriority : Normal FileVersion : 0.1.0.1622 ProductVersion : 0.1.0.1622 ProductName : RealOne Player (32-bit) CompanyName : RealNetworks, Inc. FileDescription : RealNetworks Scheduler InternalName : schedapp LegalCopyright : Copyright © RealNetworks, Inc. 1995-2002 LegalTrademarks : RealAudio is a trademark of RealNetworks, Inc. OriginalFilename : realsched.exe #:32 [qttask.exe] FilePath : C:\Program\QuickTime ProcessID : 2088 ThreadCreationTime : 2004-10-28 11:33:20 BasePriority : Normal FileVersion : 6.5.1 ProductVersion : QuickTime 6.5.1 ProductName : QuickTime CompanyName : Apple Computer, Inc. InternalName : QuickTime Task LegalCopyright : © Apple Computer, Inc. 2001-2004 OriginalFilename : QTTask.exe #:33 [winampa.exe] FilePath : C:\Program\Winamp3 ProcessID : 2112 ThreadCreationTime : 2004-10-28 11:33:20 BasePriority : Normal #:34 [tgcmd.exe] FilePath : C:\Program\Telia\Supportassistent\bin ProcessID : 2188 ThreadCreationTime : 2004-10-28 11:33:20 BasePriority : Normal FileVersion : 5,6,875,0 ProductVersion : 5,6,875,0 ProductName : Telia Supportassistent - Support.com Scheduler and Command Dispatcher CompanyName : TeliaSonera, AB - SupportSoft, Inc. FileDescription : Telia Supportassistent - Support.com Scheduler and Command Dispatcher InternalName : TGCMD LegalCopyright : Copyright 1997-2069 SupportSoft OriginalFilename : TGCMD.EXE Comments : Telia Supportassistent #:35 [ekort.exe] FilePath : C:\Program\ekort ProcessID : 2196 ThreadCreationTime : 2004-10-28 11:33:20 BasePriority : Normal FileVersion : 2, 4, 0, 1, 81 ProductVersion : 2, 4, 0, 1, 81 ProductName : Swedbank e-kort CompanyName : Orbiscom Ltd. All rights reserved. FileDescription : Swedbank e-kort InternalName : WEBOCARD LegalCopyright : Copyright © 1999-2002, Orbiscom Ltd. All rights reserved. OriginalFilename : WebOCard.EXE #:36 [ctfmon.exe] FilePath : C:\WINDOWS\System32 ProcessID : 2236 ThreadCreationTime : 2004-10-28 11:33:20 BasePriority : Normal FileVersion : 5.1.2600.1106 (xpsp1.020828-1920) ProductVersion : 5.1.2600.1106 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : CTF Loader InternalName : CTFMON LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : CTFMON.EXE #:37 [msnmsgr.exe] FilePath : C:\Program\MSN Messenger ProcessID : 2288 ThreadCreationTime : 2004-10-28 11:33:21 BasePriority : Normal FileVersion : 6.2.0137 ProductVersion : Version 6.2 ProductName : MSN Messenger CompanyName : Microsoft Corporation FileDescription : MSN Messenger InternalName : msnmsgr LegalCopyright : Copyright © Microsoft Corporation 1997-2004 LegalTrademarks : Microsoft® is a registered trademark of Microsoft Corporation in the U.S. and/or other countries. OriginalFilename : msnmsgr.exe #:38 [msmsgs.exe] FilePath : C:\Program\Messenger ProcessID : 2716 ThreadCreationTime : 2004-10-28 11:33:23 BasePriority : Normal FileVersion : 4.7.2009 ProductVersion : Version 4.7 ProductName : Messenger CompanyName : Microsoft Corporation FileDescription : Messenger InternalName : msmsgs LegalCopyright : Copyright © Microsoft Corporation 1997-2003 LegalTrademarks : Microsoft® is a registered trademark of Microsoft Corporation in the U.S. and/or other countries. OriginalFilename : msmsgs.exe #:39 [ad-aware.exe] FilePath : C:\Program\Lavasoft\Ad-Aware SE Personal ProcessID : 2972 ThreadCreationTime : 2004-10-28 11:33:26 BasePriority : Normal FileVersion : 6.2.0.162 ProductVersion : VI.Second Edition ProductName : Lavasoft Ad-Aware SE CompanyName : Lavasoft Sweden FileDescription : Ad-Aware SE Core application InternalName : Ad-Aware.exe LegalCopyright : Copyright © Lavasoft Sweden OriginalFilename : Ad-Aware.exe Comments : All Rights Reserved Memory scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 0 Started registry scan »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Registry Scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 0 Started deep registry scan »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Deep registry scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 0 Started Tracking Cookie scan »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Tracking cookie scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 0 Deep scanning and examining files... »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Disk Scan Result for C:\WINDOWS »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 0 Disk Scan Result for C:\WINDOWS\System32 »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 0 Disk Scan Result for C:\DOCUME~1\MARIEN~1\LOKALA~1\Temp»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 0 Scanning Hosts file...... Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts". »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Hosts file scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» 1 entries scanned. New critical objects:0 Objects found so far: 0 MRU List Object Recognized! Location: : S-1-5-21-1390067357-1532298954-839522115-1004\software\microsoft\windows\currentversion\applets\paint\recent file list Description : list of files recently opened using microsoft paint MRU List Object Recognized! Location: : S-1-5-21-1390067357-1532298954-839522115-1004\software\microsoft\windows\currentversion\explorer\runmru Description : mru list for items opened in start | run MRU List Object Recognized! Location: : S-1-5-21-1390067357-1532298954-839522115-1004\software\microsoft\search assistant\acmru Description : list of recent search terms used with the search assistant MRU List Object Recognized! Location: : S-1-5-21-1390067357-1532298954-839522115-1004\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru Description : list of recently saved files, stored according to file extension MRU List Object Recognized! Location: : S-1-5-21-1390067357-1532298954-839522115-1004\software\microsoft\windows\currentversion\explorer\comdlg32\lastvisitedmru Description : list of recent programs opened MRU List Object Recognized! Location: : S-1-5-21-1390067357-1532298954-839522115-1004\software\microsoft\windows\currentversion\explorer\recentdocs Description : list of recent documents opened MRU List Object Recognized! Location: : S-1-5-21-1390067357-1532298954-839522115-1004\software\microsoft\mediaplayer\player\recentfilelist Description : list of recently used files in microsoft windows media player MRU List Object Recognized! Location: : S-1-5-21-1390067357-1532298954-839522115-1004\software\realnetworks\realplayer\6.0\preferences Description : list of recent skins in realplayer MRU List Object Recognized! Location: : S-1-5-21-1390067357-1532298954-839522115-1004\software\microsoft\internet explorer Description : last download directory used in microsoft internet explorer MRU List Object Recognized! Location: : software\microsoft\directdraw\mostrecentapplication Description : most recent application to use microsoft directdraw MRU List Object Recognized! Location: : S-1-5-21-1390067357-1532298954-839522115-1004\software\microsoft\microsoft management console\recent file list Description : list of recent snap-ins used in the microsoft management console MRU List Object Recognized! Location: : S-1-5-21-1390067357-1532298954-839522115-1004\software\google\navclient\1.1\history Description : list of recently used search terms in the google toolbar MRU List Object Recognized! Location: : S-1-5-21-1390067357-1532298954-839522115-1004\software\microsoft\internet explorer\typedurls Description : list of recently entered addresses in microsoft internet explorer MRU List Object Recognized! Location: : S-1-5-21-1390067357-1532298954-839522115-1004\software\creative tech\creative wavestudio\settings Description : list of recently used directories in creative wavestudio MRU List Object Recognized! Location: : software\microsoft\direct3d\mostrecentapplication Description : most recent application to use microsoft direct3d MRU List Object Recognized! Location: : S-1-5-21-1390067357-1532298954-839522115-1004\software\realnetworks\realplayer\6.0\preferences Description : list of recent clips in realplayer MRU List Object Recognized! Location: : S-1-5-21-1390067357-1532298954-839522115-1004\software\microsoft\frontpage\explorer\frontpage explorer\recent web list Description : list of recently used webs in microsoft frontpage MRU List Object Recognized! Location: : S-1-5-21-1390067357-1532298954-839522115-1004\software\microsoft\mediaplayer\preferences Description : last playlist loaded in microsoft windows media player MRU List Object Recognized! Location: : S-1-5-21-1390067357-1532298954-839522115-1004\software\realnetworks\realplayer\6.0\preferences Description : last login time in realplayer MRU List Object Recognized! Location: : S-1-5-21-1390067357-1532298954-839522115-1004\software\microsoft\frontpage\explorer\frontpage explorer\recent file list Description : list of recently used files in microsoft frontpage MRU List Object Recognized! Location: : software\microsoft\direct3d\mostrecentapplication Description : most recent application to use microsoft direct X MRU List Object Recognized! Location: : .DEFAULT\software\microsoft\windows media\wmsdk\general Description : windows media sdk MRU List Object Recognized! Location: : S-1-5-18\software\microsoft\windows media\wmsdk\general Description : windows media sdk MRU List Object Recognized! Location: : S-1-5-21-1390067357-1532298954-839522115-1004\software\microsoft\windows media\wmsdk\general Description : windows media sdk MRU List Object Recognized! Location: : C:\Documents and Settings\Marie Nilsson\Application Data\microsoft\office\recent Description : list of recently opened documents using microsoft office MRU List Object Recognized! Location: : C:\Documents and Settings\Marie Nilsson\recent Description : list of recently opened documents Performing conditional scans... »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Conditional scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 26 13:34:49 Scan Complete Summary Of This Scan »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Total scanning time:00:01:11.719 Objects scanned:57457 Objects identified:0 Objects ignored:0 New critical objects:0 [/log][log]Logfile of HijackThis v1.97.7 Scan saved at 13:50:43, on 2004-10-28 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program\Delade filer\Symantec Shared\ccSetMgr.exe C:\Program\Delade filer\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\CTsvcCDA.exe C:\Program\Delade filer\EPSON\EBAPI\SAgent2.exe C:\Program\Norton AntiVirus\navapsvc.exe C:\WINDOWS\System32\MsPMSPSv.exe C:\Program\Norton AntiVirus\SAVScan.exe C:\WINDOWS\Explorer.EXE C:\Program\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe C:\Program\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE C:\WINDOWS\System32\CTHELPER.EXE C:\WINDOWS\system32\dla\tfswctrl.exe C:\Program\Delade filer\Symantec Shared\ccApp.exe C:\WINDOWS\BCMSMMSG.exe C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE C:\Program\Java\j2re1.4.2_03\bin\jusched.exe C:\Program\Delade filer\Real\Update_OB\realsched.exe C:\Program\QuickTime\qttask.exe C:\Program\Winamp3\winampa.exe C:\Program\Telia\Supportassistent\bin\tgcmd.exe C:\Program\ekort\ekort.exe C:\WINDOWS\System32\ctfmon.exe C:\Program\MSN Messenger\msnmsgr.exe C:\WINDOWS\System32\wuauclt.exe C:\Program\Internet Explorer\iexplore.exe C:\Program\Outlook Express\msimn.exe C:\Documents and Settings\Marie Nilsson\Lokala inställningar\Temp\Temporär katalog 1 för hjt.zip\HijackThis.exe C:\Program\Messenger\msmsgs.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.se/0SESVSE/SAOS02 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ycomp_wave/defaults/sp/*http://www.yahoo.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://login1.telia.com/ R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch'>http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ycomp_wave/defaults/su/*http://www.yahoo.com R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar R1 - HKCU\Software\Microsoft\Internet Connection Wizard,Shellnext = "C:\Program\Outlook Express\msimn.exe" O2 - BHO: (no name) - {008DB894-99ED-445D-8547-0E7C9808898D} - C:\WINDOWS\mslagent\4b_1,0,1,2_mslagent.dll (file missing) O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: e-kort Browser Helper Object - {1C900459-DEEF-4aa9-B260-1EF0F0C70A8D} - C:\WINDOWS\System32\Bhoekort.dll O2 - BHO: (no name) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program\google\googletoolbar2.dll O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program\Norton AntiVirus\NavShExt.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program\Norton AntiVirus\NavShExt.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program\google\googletoolbar2.dll O4 - HKLM\..\Run: [CTSysVol] C:\Program\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe O4 - HKLM\..\Run: [CTDVDDet] C:\Program\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE O4 - HKLM\..\Run: [AsioReg] REGSVR32.EXE /S CTASIO.DLL O4 - HKLM\..\Run: [updReg] C:\WINDOWS\UpdReg.EXE O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [storageGuard] "C:\Program\Delade filer\Sonic\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [ccApp] "C:\Program\Delade filer\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [bCMSMMSG] BCMSMMSG.exe O4 - HKLM\..\Run: [ATIPTA] C:\Program\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [EPSON Stylus C44 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P23 "EPSON Stylus C44 Series" /O6 "USB001" /M "Stylus C44" O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program\Java\j2re1.4.2_03\bin\jusched.exe O4 - HKLM\..\Run: [websx] C:\Program\websx\int339890.exe -auto O4 - HKLM\..\Run: [TkBellExe] "C:\Program\Delade filer\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [WinampAgent] "C:\Program\Winamp3\winampa.exe" O4 - HKLM\..\Run: [TeliaTGCMD] "C:\Program\Telia\Supportassistent\bin\tgcmd.exe" /server /startmonitor /deaf O4 - HKLM\..\Run: [ekort] C:\Program\ekort\ekort.exe /dontopenmycards O4 - HKLM\..\Run: [CashBack] C:\Program\CashBack\bin\cashback.exe O4 - HKLM\..\Run: [NaviSearch] C:\Program\NaviSearch\bin\nls.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\Run: [mslagent] C:\WINDOWS\mslagent\mslagent.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program\MSN Messenger\msnmsgr.exe" /background O4 - Global Startup: MyWebSearch Email Plugin.lnk = C:\Program\MyWebSearch\bar\1.bin\MWSOEMON.EXE O8 - Extra context menu item: &Google Search - res://c:\program\google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZCxdm127 O8 - Extra context menu item: Backward &Links - res://c:\program\google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Cac&hed Snapshot of Page - res://c:\program\google\GoogleToolbar1.dll/cmcache.html O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Si&milar Pages - res://c:\program\google\GoogleToolbar1.dll/cmsimilar.html O8 - Extra context menu item: Translate into English - res://c:\program\google\GoogleToolbar1.dll/cmtrans.html O9 - Extra 'Tools' menuitem: Sun Java-konsol (HKLM) O9 - Extra button: e-kort (HKLM) O9 - Extra button: Referensinformation (HKLM) O9 - Extra button: Messenger (HKLM) O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM) O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab O16 - DPF: {0594AF7E-573B-40DF-8165-E47AB2EAEFE8} - http://akamai.downloadv3.com/binaries/P2EClient/EGAUTH_1021_EN_XP.cab O16 - DPF: {0990D180-4226-4530-9777-AB82315505B9} (Installer Class) - http://www.foreningssparbanken.se/betala/ekort/oinstall.cab O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/ei/CursorManiaInitialSetup1.0.0.8.cab O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab28578.cab O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - http://office.microsoft.com/officeupdate/content/opuc.cab O16 - DPF: {50AD557E-3426-41FD-AFDD-2AF39BB1C387} - http://akamai.downloadv3.com/binaries/LiveService/LiveService_5_EN_XP.cab O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/212f1e21087c45762917/netzip/RdxIE601.cab O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/20040427/qtinstall.info.apple.com/saba/us/win/QuickTimeInstaller.exe O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab28578.cab O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installengine.com/engine/isetup.cab O16 - DPF: {CA034DCC-A580-4333-B52F-15F98C42E04C} (Downloader Class) - http://www.stopzilla.com/_download/Auto_Installer/dwnldr.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Obje[/log] Har jag gjort rätt nu?/Marni
  9. Fick meddelande: some objects could not be removed. Try closing all open browser windows prior to the removal. If it does not help, reboot and run Ad-Aware again. c:\WINDOWS\mslagent\2_1,0,3,7_mslagent.dll c:\WINDOWS\mslagent\4a_1,0,2,9_mslagent.dll c:\WINDOWS\mslagent\8_1,0,0,2mslagent.dll Do you want ti let Ad-Aware remove them after the next reboot Ska jag svar OK eller cancel?/Marni
  10. Ursäkta mig, men jag kan ju nästan inget och jag frågade hur man skulle göra. Trodde att jag gjorde rätt! Hur tar jag bort detta?/Marni
  11. Ursäkta mig, men jag kan ju nästan inget och jag frågade hur man skulle göra. Trodde att jag gjorde rätt! Hur tar jag bort detta?/Marni
  12. [log]Lavasoft Ad-Aware Personal Build 1.03 Logfile created on:den 28 oktober 2004 10:59:04 Created with Ad-Aware SE Personal, free for private use. Using definitions file:SE1R15 26.10.2004 »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» References detected during the scan: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Alexa(TAC index:5):3 total references AltnetBDE(TAC index:4):25 total references BargainBuddy(TAC index:8):59 total references Claria(TAC index:7):5 total references Dialer(TAC index:5):5 total references DialPass(TAC index:5):4 total references eUniverse(TAC index:10):11 total references ExactSearchBar(TAC index:5):56 total references iWon(TAC index:5):66 total references MagicControl(TAC index:7):30 total references MRU List(TAC index:0):26 total references MyWay.Speedbar(TAC index:0):41 total references NavExcel(TAC index:5):12 total references Other(TAC index:5):4 total references Possible Browser Hijack attempt(TAC index:3):3 total references Tracking Cookie(TAC index:3):47 total references WhenU(TAC index:10):22 total references Win32.Adverts.TrojanDownloader(TAC index:6):1 total references »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Ad-Aware Settings =========================== Set : Search for negligible risk entries Set : Safe mode (always request confirmation) Set : Scan active processes Set : Scan registry Set : Deep-scan registry Set : Scan my IE Favorites for banned URLs Set : Scan my Hosts file Extended Ad-Aware Settings =========================== Set : Unload recognized processes & modules during scan Set : Scan registry for all users instead of current user only Set : Always try to unload modules before deletion Set : During removal, unload Explorer and IE if necessary Set : Let Windows remove files in use at next reboot Set : Delete quarantined objects after restoring Set : Include basic Ad-Aware settings in log file Set : Include additional Ad-Aware settings in log file Set : Include reference summary in log file Set : Backup current definitions file before updating Set : Play sound at scan completion if scan locates critical objects 2004-10-28 10:59:04 - Scan started. (Smart mode) Listing running processes »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» #:1 [smss.exe] FilePath : \SystemRoot\System32 ProcessID : 632 ThreadCreationTime : 2004-10-28 07:16:55 BasePriority : Normal #:2 [csrss.exe] FilePath : \??\C:\WINDOWS\system32 ProcessID : 680 ThreadCreationTime : 2004-10-28 07:16:55 BasePriority : Normal #:3 [winlogon.exe] FilePath : \??\C:\WINDOWS\system32 ProcessID : 704 ThreadCreationTime : 2004-10-28 07:16:56 BasePriority : High #:4 [services.exe] FilePath : C:\WINDOWS\system32 ProcessID : 748 ThreadCreationTime : 2004-10-28 07:16:56 BasePriority : Normal FileVersion : 5.1.2600.0 (xpclient.010817-1148) ProductVersion : 5.1.2600.0 ProductName : Operativsystemet Microsoft® Windows® CompanyName : Microsoft Corporation FileDescription : Tjänst- och styrenhetsprogram InternalName : services.exe LegalCopyright : © Microsoft Corporation. Med ensamrätt. OriginalFilename : services.exe #:5 [lsass.exe] FilePath : C:\WINDOWS\system32 ProcessID : 760 ThreadCreationTime : 2004-10-28 07:16:56 BasePriority : Normal FileVersion : 5.1.2600.1106 (xpsp1.020828-1920) ProductVersion : 5.1.2600.1106 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : LSA Shell (Export Version) InternalName : lsass.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : lsass.exe #:6 [ati2evxx.exe] FilePath : C:\WINDOWS\System32 ProcessID : 960 ThreadCreationTime : 2004-10-28 07:16:57 BasePriority : Normal #:7 [svchost.exe] FilePath : C:\WINDOWS\system32 ProcessID : 984 ThreadCreationTime : 2004-10-28 07:16:57 BasePriority : Normal FileVersion : 5.1.2600.0 (xpclient.010817-1148) ProductVersion : 5.1.2600.0 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:8 [svchost.exe] FilePath : C:\WINDOWS\System32 ProcessID : 1088 ThreadCreationTime : 2004-10-28 07:16:57 BasePriority : Normal FileVersion : 5.1.2600.0 (xpclient.010817-1148) ProductVersion : 5.1.2600.0 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:9 [svchost.exe] FilePath : C:\WINDOWS\System32 ProcessID : 1224 ThreadCreationTime : 2004-10-28 07:16:57 BasePriority : Normal FileVersion : 5.1.2600.0 (xpclient.010817-1148) ProductVersion : 5.1.2600.0 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:10 [svchost.exe] FilePath : C:\WINDOWS\System32 ProcessID : 1256 ThreadCreationTime : 2004-10-28 07:16:57 BasePriority : Normal FileVersion : 5.1.2600.0 (xpclient.010817-1148) ProductVersion : 5.1.2600.0 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:11 [ccsetmgr.exe] FilePath : C:\Program\Delade filer\Symantec Shared ProcessID : 1356 ThreadCreationTime : 2004-10-28 07:16:57 BasePriority : Normal FileVersion : 2.0.0.635 ProductVersion : 2.0.0.635 ProductName : Common Client CompanyName : Symantec Corporation FileDescription : Common Client Settings Manager Service InternalName : ccSetMgr LegalCopyright : Copyright © 2000-2003 Symantec Corporation. All rights reserved. OriginalFilename : ccSetMgr.exe #:12 [ccevtmgr.exe] FilePath : C:\Program\Delade filer\Symantec Shared ProcessID : 1396 ThreadCreationTime : 2004-10-28 07:16:58 BasePriority : Normal FileVersion : 2.0.0.635 ProductVersion : 2.0.0.635 ProductName : Common Client CompanyName : Symantec Corporation FileDescription : Common Client Event Manager Service InternalName : ccEvtMgr LegalCopyright : Copyright © 2000-2003 Symantec Corporation. All rights reserved. OriginalFilename : ccEvtMgr.exe #:13 [spoolsv.exe] FilePath : C:\WINDOWS\system32 ProcessID : 1652 ThreadCreationTime : 2004-10-28 07:16:58 BasePriority : Normal FileVersion : 5.1.2600.0 (XPClient.010817-1148) ProductVersion : 5.1.2600.0 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Spooler SubSystem App InternalName : spoolsv.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : spoolsv.exe #:14 [ctsvccda.exe] FilePath : C:\WINDOWS\System32 ProcessID : 1768 ThreadCreationTime : 2004-10-28 07:17:00 BasePriority : Normal FileVersion : 1.0.1.0 ProductVersion : 1.0.0.0 ProductName : Creative Service for CDROM Access CompanyName : Creative Technology Ltd FileDescription : Creative Service for CDROM Access InternalName : CTsvcCDAEXE LegalCopyright : Copyright © Creative Technology Ltd., 1999. All rights reserved. OriginalFilename : CTsvcCDA.EXE #:15 [sagent2.exe] FilePath : C:\Program\Delade filer\EPSON\EBAPI ProcessID : 1788 ThreadCreationTime : 2004-10-28 07:17:00 BasePriority : Normal FileVersion : 2, 3, 0, 0 ProductVersion : 1, 0, 0, 0 ProductName : EPSON Bidirectional Printer CompanyName : SEIKO EPSON CORPORATION FileDescription : EPSON Printer Status Agent InternalName : SAgent2 LegalCopyright : Copyright © SEIKO EPSON CORP. 2000-2001 OriginalFilename : SAgent2.exe #:16 [navapsvc.exe] FilePath : C:\Program\Norton AntiVirus ProcessID : 1844 ThreadCreationTime : 2004-10-28 07:17:00 BasePriority : Normal FileVersion : 10.00.2 ProductVersion : 10.00.2 ProductName : Norton AntiVirus CompanyName : Symantec Corporation FileDescription : Norton AntiVirus Auto-Protect Service InternalName : NAVAPSVC LegalCopyright : Norton AntiVirus 2004 for Windows 98/ME/2000/XP Copyright © 2003 Symantec Corporation. All rights reserved. OriginalFilename : NAVAPSVC.EXE #:17 [mspmspsv.exe] FilePath : C:\WINDOWS\System32 ProcessID : 2016 ThreadCreationTime : 2004-10-28 07:17:00 BasePriority : Normal FileVersion : 7.00.00.1954 ProductVersion : 7.00.00.1954 ProductName : Microsoft ® DRM CompanyName : Microsoft Corporation FileDescription : WMDM PMSP Service InternalName : MSPMSPSV.EXE LegalCopyright : Copyright © Microsoft Corp. 1981-2000 OriginalFilename : MSPMSPSV.EXE #:18 [savscan.exe] FilePath : C:\Program\Norton AntiVirus ProcessID : 356 ThreadCreationTime : 2004-10-28 07:17:01 BasePriority : Normal FileVersion : 9.2.1.14 ProductVersion : 9.2 ProductName : Symantec AntiVirus AutoProtect CompanyName : Symantec Corporation FileDescription : Symantec AntiVirus Scanner InternalName : SAVSCAN LegalCopyright : Copyright © 2003 Symantec Corporation OriginalFilename : SAVSCAN.EXE #:19 [explorer.exe] FilePath : C:\WINDOWS ProcessID : 1016 ThreadCreationTime : 2004-10-28 07:17:05 BasePriority : Normal FileVersion : 6.00.2800.1106 (xpsp1.020828-1920) ProductVersion : 6.00.2800.1106 ProductName : Operativsystemet Microsoft® Windows® CompanyName : Microsoft Corporation FileDescription : Utforskaren InternalName : explorer LegalCopyright : © Microsoft Corporation. Med ensamrätt. OriginalFilename : EXPLORER.EXE #:20 [ctsysvol.exe] FilePath : C:\Program\Creative\SBAudigy2\Surround Mixer ProcessID : 1240 ThreadCreationTime : 2004-10-28 07:17:06 BasePriority : Normal FileVersion : 1.1.3.0 ProductVersion : 1.0.0.0 ProductName : Creative Volume Control CompanyName : Creative Technology Ltd FileDescription : CTSysVol.exe LegalCopyright : Copyright © Creative Technology Ltd., 2002. All rights reserved. OriginalFilename : CTSysVol.exe #:21 [ctdvddet.exe] FilePath : C:\Program\Creative\SBAudigy2\DVDAudio ProcessID : 1276 ThreadCreationTime : 2004-10-28 07:17:06 BasePriority : Normal FileVersion : 1.0.2.0 ProductVersion : 1.0.2.0 ProductName : CTDVDDET CompanyName : Creative Technology Ltd FileDescription : CTDVDDET InternalName : CTDVDDET LegalCopyright : Copyright © Creative Technology Ltd., 2002. All rights reserved. OriginalFilename : CTDVDDET.EXE #:22 [cthelper.exe] FilePath : C:\WINDOWS\System32 ProcessID : 1288 ThreadCreationTime : 2004-10-28 07:17:06 BasePriority : Normal FileVersion : 1, 0, 0, 11 ProductVersion : 1, 0, 0, 11 ProductName : CtHelper Application CompanyName : Creative Technology Ltd FileDescription : CtHelper MFC Application InternalName : CtHelper LegalCopyright : Copyright © 2002 OriginalFilename : CtHelper.EXE #:23 [tfswctrl.exe] FilePath : C:\WINDOWS\system32\dla ProcessID : 1728 ThreadCreationTime : 2004-10-28 07:17:07 BasePriority : Normal FileVersion : 1.04.05b CompanyName : Sonic Solutions FileDescription : Drive Letter Access Component LegalCopyright : Copyright © 2003 Sonic Solutions #:24 [ccapp.exe] FilePath : C:\Program\Delade filer\Symantec Shared ProcessID : 1948 ThreadCreationTime : 2004-10-28 07:17:07 BasePriority : Normal FileVersion : 2.0.0.635 ProductVersion : 2.0.0.635 ProductName : Common Client CompanyName : Symantec Corporation FileDescription : Symantec Common Client User Session InternalName : ccApp LegalCopyright : Copyright © 2000-2003 Symantec Corporation. All rights reserved. OriginalFilename : ccApp.exe #:25 [bcmsmmsg.exe] FilePath : C:\WINDOWS ProcessID : 1672 ThreadCreationTime : 2004-10-28 07:17:07 BasePriority : Normal FileVersion : 3.5.24 02/24/2003 18:29:41 ProductVersion : 3.5.24 02/24/2003 18:29:41 ProductName : BCM Modem Messaging Applet CompanyName : Broadcom Corporation FileDescription : Modem Messaging Applet InternalName : smdmstat.exe LegalCopyright : Copyright © Broadcom Corporation 1998-2000 OriginalFilename : smdmstat.exe #:26 [e_s10ic2.exe] FilePath : C:\WINDOWS\System32\spool\DRIVERS\W32X86\3 ProcessID : 464 ThreadCreationTime : 2004-10-28 07:17:08 BasePriority : Normal FileVersion : 3.06 ProductVersion : 3.06 ProductName : EPSON Status Monitor 3 CompanyName : SEIKO EPSON CORPORATION FileDescription : EPSON Status Monitor 3 InternalName : E_S10IC2 LegalCopyright : Copyright © SEIKO EPSON CORP. 2002 OriginalFilename : E_S10IC2.EXE #:27 [jusched.exe] FilePath : C:\Program\Java\j2re1.4.2_03\bin ProcessID : 1492 ThreadCreationTime : 2004-10-28 07:17:08 BasePriority : Normal #:28 [realsched.exe] FilePath : C:\Program\Delade filer\Real\Update_OB ProcessID : 1164 ThreadCreationTime : 2004-10-28 07:17:08 BasePriority : Normal FileVersion : 0.1.0.1622 ProductVersion : 0.1.0.1622 ProductName : RealOne Player (32-bit) CompanyName : RealNetworks, Inc. FileDescription : RealNetworks Scheduler InternalName : schedapp LegalCopyright : Copyright © RealNetworks, Inc. 1995-2002 LegalTrademarks : RealAudio is a trademark of RealNetworks, Inc. OriginalFilename : realsched.exe #:29 [qttask.exe] FilePath : C:\Program\QuickTime ProcessID : 1928 ThreadCreationTime : 2004-10-28 07:17:08 BasePriority : Normal FileVersion : 6.5.1 ProductVersion : QuickTime 6.5.1 ProductName : QuickTime CompanyName : Apple Computer, Inc. InternalName : QuickTime Task LegalCopyright : © Apple Computer, Inc. 2001-2004 OriginalFilename : QTTask.exe #:30 [winampa.exe] FilePath : C:\Program\Winamp3 ProcessID : 1700 ThreadCreationTime : 2004-10-28 07:17:08 BasePriority : Normal #:31 [tgcmd.exe] FilePath : C:\Program\Telia\Supportassistent\bin ProcessID : 1196 ThreadCreationTime : 2004-10-28 07:17:08 BasePriority : Normal FileVersion : 5,6,875,0 ProductVersion : 5,6,875,0 ProductName : Telia Supportassistent - Support.com Scheduler and Command Dispatcher CompanyName : TeliaSonera, AB - SupportSoft, Inc. FileDescription : Telia Supportassistent - Support.com Scheduler and Command Dispatcher InternalName : TGCMD LegalCopyright : Copyright 1997-2069 SupportSoft OriginalFilename : TGCMD.EXE Comments : Telia Supportassistent #:32 [ekort.exe] FilePath : C:\Program\ekort ProcessID : 1784 ThreadCreationTime : 2004-10-28 07:17:09 BasePriority : Normal FileVersion : 2, 4, 0, 1, 81 ProductVersion : 2, 4, 0, 1, 81 ProductName : Swedbank e-kort CompanyName : Orbiscom Ltd. All rights reserved. FileDescription : Swedbank e-kort InternalName : WEBOCARD LegalCopyright : Copyright © 1999-2002, Orbiscom Ltd. All rights reserved. OriginalFilename : WebOCard.EXE #:33 [cashback.exe] FilePath : C:\Program\CashBack\bin ProcessID : 2092 ThreadCreationTime : 2004-10-28 07:17:09 BasePriority : Normal FileVersion : 1, 0, 0, 3 ProductVersion : 1, 0, 0, 3 ProductName : CashBack Module CompanyName : eXact Advertising FileDescription : CashBack Module InternalName : CashBack LegalCopyright : Copyright © 2003, 2004. eXact Advertising, LLC. All Rights Reserved. OriginalFilename : cashback.exe BargainBuddy Object Recognized! Type : Process Data : cashback.exe Category : Malware Comment : Object : C:\Program\CashBack\bin FileVersion : 1, 0, 0, 3 ProductVersion : 1, 0, 0, 3 ProductName : CashBack Module CompanyName : eXact Advertising FileDescription : CashBack Module InternalName : CashBack LegalCopyright : Copyright © 2003, 2004. eXact Advertising, LLC. All Rights Reserved. OriginalFilename : cashback.exe Warning! BargainBuddy Object found in memory(C:\Program\CashBack\bin\cashback.exe) "C:\Program\CashBack\bin\cashback.exe"Process terminated successfully #:34 [nls.exe] FilePath : C:\Program\NaviSearch\bin ProcessID : 2116 ThreadCreationTime : 2004-10-28 07:17:09 BasePriority : Normal FileVersion : 1, 0, 0, 4 ProductVersion : 1, 0, 0, 4 ProductName : NAVISearch Module CompanyName : eXact Advertising FileDescription : NLS Module InternalName : NLS LegalCopyright : Copyright © 2003, 2004. eXact Advertising, LLC. All Rights Reserved. OriginalFilename : nls.exe #:35 [bargains.exe] FilePath : C:\Program\BullsEye Network\bin ProcessID : 2208 ThreadCreationTime : 2004-10-28 07:17:09 BasePriority : Normal FileVersion : 2, 0, 0, 1 ProductVersion : 2, 0, 0, 1 ProductName : BargainsBuddy ADP Module CompanyName : eXact Advertising FileDescription : bargains InternalName : ADP LegalCopyright : Copyright © 2003, 2004. eXact Advertising, LLC. All Rights Reserved. OriginalFilename : bargains.exe #:36 [ctfmon.exe] FilePath : C:\WINDOWS\System32 ProcessID : 2216 ThreadCreationTime : 2004-10-28 07:17:09 BasePriority : Normal FileVersion : 5.1.2600.1106 (xpsp1.020828-1920) ProductVersion : 5.1.2600.1106 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : CTF Loader InternalName : CTFMON LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : CTFMON.EXE #:37 [mslagent.exe] FilePath : C:\WINDOWS\mslagent ProcessID : 2244 ThreadCreationTime : 2004-10-28 07:17:10 BasePriority : Normal FileVersion : 1, 0, 2, 8 ProductVersion : 1, 0, 2, 8 ProductName : mslagent FileDescription : mslagent InternalName : mslagent LegalCopyright : Copyright © 2002 OriginalFilename : mslagent.exe #:38 [msnmsgr.exe] FilePath : C:\Program\MSN Messenger ProcessID : 2264 ThreadCreationTime : 2004-10-28 07:17:11 BasePriority : Normal FileVersion : 6.2.0137 ProductVersion : Version 6.2 ProductName : MSN Messenger CompanyName : Microsoft Corporation FileDescription : MSN Messenger InternalName : msnmsgr LegalCopyright : Copyright © Microsoft Corporation 1997-2004 LegalTrademarks : Microsoft® is a registered trademark of Microsoft Corporation in the U.S. and/or other countries. OriginalFilename : msnmsgr.exe #:39 [exactupdate00136.exe] FilePath : c:\program\exact ProcessID : 2364 ThreadCreationTime : 2004-10-28 07:17:12 BasePriority : Normal FileVersion : 0, 0, 6, 0 ProductVersion : 0, 0, 6, 0 ProductName : ExactUpdate CompanyName : Pattern Discovery Software Systems Ltd. FileDescription : ExactUpdate InternalName : ExactUpdate LegalCopyright : Copyright © 2002 Pattern Discovery Software OriginalFilename : exactUpdate.exe Comments : Contains Free License for UniquE RAR File Library © 2000-2002 by Christian Scheurer (www.ChristianScheurer.ch) #:40 [wuauclt.exe] FilePath : C:\WINDOWS\System32 ProcessID : 1056 ThreadCreationTime : 2004-10-28 07:18:00 BasePriority : Normal FileVersion : 5.4.3790.2182 built by: srv03_rtm(ntvbl04) ProductVersion : 5.4.3790.2182 ProductName : Operativsystemet Microsoft® Windows® CompanyName : Microsoft Corporation FileDescription : Automatiska uppdateringar InternalName : wuauclt.exe LegalCopyright : © Microsoft Corporation. Med ensamrätt. OriginalFilename : wuauclt.exe #:41 [msimn.exe] FilePath : C:\Program\Outlook Express ProcessID : 1976 ThreadCreationTime : 2004-10-28 07:51:59 BasePriority : Normal FileVersion : 6.00.2800.1123 ProductVersion : 6.00.2800.1123 ProductName : Operativsystemet Microsoft® Windows® CompanyName : Microsoft Corporation FileDescription : Outlook Express InternalName : MSIMN LegalCopyright : © Microsoft Corporation. Med ensamrätt. OriginalFilename : MSIMN.EXE #:42 [iexplore.exe] FilePath : C:\Program\Internet Explorer ProcessID : 2300 ThreadCreationTime : 2004-10-28 08:53:57 BasePriority : Normal FileVersion : 6.00.2800.1106 (xpsp1.020828-1920) ProductVersion : 6.00.2800.1106 ProductName : Operativsystemet Microsoft® Windows® CompanyName : Microsoft Corporation FileDescription : Internet Explorer InternalName : iexplore LegalCopyright : © Microsoft Corporation. Med ensamrätt. OriginalFilename : IEXPLORE.EXE iWon Object Recognized! Type : Process Data : MYBAR.DLL Category : Data Miner Comment : Object : C:\Program\MyWay\myBar\1.bin FileVersion : 1, 1, 1, 6 ProductVersion : 1, 1, 1, 6 ProductName : My Way Speedbar for Internet Explorer and Netscape CompanyName : My Way FileDescription : My Way Speedbar InternalName : myBar LegalCopyright : Copyright © 2002, 2003 OriginalFilename : myBar.DLL Warning! iWon Object found in memory(C:\Program\MyWay\myBar\1.bin\MYBAR.DLL) BargainBuddy Object Recognized! Type : Process Data : nvms.dll Category : Malware Comment : Object : C:\WINDOWS\System32 FileVersion : 2, 0, 0, 18 ProductVersion : 2, 0, 0, 18 ProductName : nls.dll Module CompanyName : eXact Advertising FileDescription : nls.dll Module InternalName : nls.dll LegalCopyright : Copyright © 2003, 2004. eXact Advertising, LLC. All Rights Reserved. OriginalFilename : nls.dll Warning! BargainBuddy Object found in memory(C:\WINDOWS\System32\nvms.dll) BargainBuddy Object Recognized! Type : Process Data : mscb.dll Category : Malware Comment : Object : C:\WINDOWS\System32 FileVersion : 2, 0, 0, 16 ProductVersion : 2, 0, 0, 16 ProductName : cbdll Module CompanyName : eXact Advertising FileDescription : cb.dll Module InternalName : cb.dll LegalCopyright : Copyright © 2003, 2004. eXact Advertising, LLC. All Rights Reserved. OriginalFilename : cb.dll Warning! BargainBuddy Object found in memory(C:\WINDOWS\System32\mscb.dll) BargainBuddy Object Recognized! Type : Process Data : msbe.dll Category : Malware Comment : Object : C:\WINDOWS\System32 FileVersion : 2, 0, 0, 16 ProductVersion : 2, 0, 0, 16 ProductName : apuc Module CompanyName : eXact Advertising FileDescription : apuc Module InternalName : apuc LegalCopyright : Copyright © 2003, 2004. eXact Advertising, LLC. All Rights Reserved. OriginalFilename : apuc.DLL Warning! BargainBuddy Object found in memory(C:\WINDOWS\System32\msbe.dll) #:43 [msmsgs.exe] FilePath : C:\Program\Messenger ProcessID : 852 ThreadCreationTime : 2004-10-28 08:57:15 BasePriority : Normal FileVersion : 4.7.2009 ProductVersion : Version 4.7 ProductName : Messenger CompanyName : Microsoft Corporation FileDescription : Messenger InternalName : msmsgs LegalCopyright : Copyright © Microsoft Corporation 1997-2003 LegalTrademarks : Microsoft® is a registered trademark of Microsoft Corporation in the U.S. and/or other countries. OriginalFilename : msmsgs.exe #:44 [ad-aware.exe] FilePath : C:\Program\Lavasoft\Ad-Aware SE Personal ProcessID : 3664 ThreadCreationTime : 2004-10-28 08:58:24 BasePriority : Normal FileVersion : 6.2.0.162 ProductVersion : VI.Second Edition ProductName : Lavasoft Ad-Aware SE CompanyName : Lavasoft Sweden FileDescription : Ad-Aware SE Core application InternalName : Ad-Aware.exe LegalCopyright : Copyright © Lavasoft Sweden OriginalFilename : Ad-Aware.exe Comments : All Rights Reserved Memory scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 1 Objects found so far: 5 Started registry scan »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» AltnetBDE Object Recognized! Type : Regkey Data : Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\classes\adm4.adm4 AltnetBDE Object Recognized! Type : Regkey Data : Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\classes\adm25.adm25 AltnetBDE Object Recognized! Type : Regkey Data : Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\classes\adm4.adm4.1 AltnetBDE Object Recognized! Type : Regkey Data : Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\classes\adm25.adm25.1 AltnetBDE Object Recognized! Type : Regkey Data : Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\classes\appid\adm.exe AltnetBDE Object Recognized! Type : Regkey Data : Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\classes\appid\altnet signing module.exe BargainBuddy Object Recognized! Type : Regkey Data : Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : typelib\{4eb7bbe8-2e15-424b-9ddb-2cdb9516c2e3} BargainBuddy Object Recognized! Type : Regkey Data : Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : interface\{8eee58d5-130e-4cbd-9c83-35a0564e1357} BargainBuddy Object Recognized! Type : Regkey Data : Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : interface\{c6906a23-4717-4e1f-b6fd-f06ebed11357} BargainBuddy Object Recognized! Type : Regkey Data : Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : typelib\{4eb7bbe8-2e15-424b-9ddb-2cdb9516e2a3} BargainBuddy Object Recognized! Type : Regkey Data : Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : typelib\{4eb7bbe8-2e15-424b-9ddb-2cdb9516b2c3}\1.0\helpdir BargainBuddy Object Recognized! Type : Regkey Data : Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : typelib\{4eb7bbe8-2e15-424b-9ddb-2cdb9516b2c3}\1.0\flags BargainBuddy Object Recognized! Type : Regkey Data : Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : typelib\{4eb7bbe8-2e15-424b-9ddb-2cdb9516b2c3}\1.0\0 BargainBuddy Object Recognized! Type : Regkey Data : Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : typelib\{4eb7bbe8-2e15-424b-9ddb-2cdb9516b2c3}\1.0 BargainBuddy Object Recognized! Type : Regkey Data : Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : typelib\{4eb7bbe8-2e15-424b-9ddb-2cdb9516b2c3} BargainBuddy Object Recognized! Type : Regkey Data : Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : typelib\{4eb7bbe8-2e15-424b-9ddb-2cdb9516a2a3} BargainBuddy Object Recognized! Type : Regkey Data : Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : nls.urlcatcher.1 BargainBuddy Object Recognized! Type : Regkey Data : Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : nls.urlcatcher BargainBuddy Object Recognized! Type : Regkey Data : Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : interface\{c6906a23-4717-4e1f-b6fd-f06ebed15678} BargainBuddy Object Recognized! Type : Regkey Data : Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : interface\{c6906a23-4717-4e1f-b6fd-f06ebed14177} BargainBuddy Object Recognized! Type : Regkey Data : Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : interface\{c6906a23-4717-4e1f-b6fd-f06ebed12468} BargainBuddy Object Recognized! Type : Regkey Data : Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : interface\{8eee58d5-130e-4cbd-9c83-35a0564e5678} BargainBuddy Object Recognized! Type : Regkey Data : Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : interface\{8eee58d5-130e-4cbd-9c83-35a0564e2468} BargainBuddy Object Recognized! Type : Regkey Data : Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : clsid\{f4e04583-354e-4076-be7d-ed6a80fd66da} BargainBuddy Object Recognized! Type : Regkey Data : Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : clsid\{ce31a1f7-3d90-4874-8fbe-a5d97f8bc8f1} BargainBuddy Object Recognized! Type : Regkey Data : Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : clsid\{ce188402-6ee7-4022-8868-ab25173a3e14} BargainBuddy Object Recognized! Type : Regkey Data : Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : clsid\{aeecbfda-12fa-4881-bdce-8c3e1ce4b344} BargainBuddy Object Recognized! Type : Regkey Data : Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : cb.urlcatcher.1 BargainBuddy Object Recognized! Type : Regkey Data : Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : cb.urlcatcher BargainBuddy Object Recognized! Type : Regkey Data : Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : apuc.urlcatcher.1 BargainBuddy Object Recognized! Type : Regkey Data : Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : apuc.urlcatcher BargainBuddy Object Recognized! Type : Regkey Data : Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : adp.urlcatcher.1 BargainBuddy Object Recognized! Type : Regkey Data : Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : adp.urlcatcher BargainBuddy Object Recognized! Type : Regkey Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\navisearch BargainBuddy Object Recognized! Type : Regkey Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\windows\currentversion\explorer\browser helper objects\{f4e04583-354e-4076-be7d-ed6a80fd66da} BargainBuddy Object Recognized! Type : Regkey Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\windows\currentversion\explorer\browser helper objects\{ce31a1f7-3d90-4874-8fbe-a5d97f8bc8f1} BargainBuddy Object Recognized! Type : Regkey Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\windows\currentversion\explorer\browser helper objects\{ce188402-6ee7-4022-8868-ab25173a3e14} BargainBuddy Object Recognized! Type : Regkey Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\windows\currentversion\explorer\browser helper objects\{aeecbfda-12fa-4881-bdce-8c3e1ce4b344} BargainBuddy Object Recognized! Type : Regkey Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\cashback BargainBuddy Object Recognized! Type : Regkey Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\bargains Claria Object Recognized! Type : Regkey Data : Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : clsid\{21ffb6c0-0da1-11d5-a9d5-00500413153c} Claria Object Recognized! Type : Regkey Data : Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\gator.com DialPass Object Recognized! Type : Regkey Data : Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : egauth.egegauth.1 DialPass Object Recognized! Type : Regkey Data : Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : egauth.egegauth DialPass Object Recognized! Type : Regkey Data : Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : clsid\{0594af7e-573b-40df-8165-e47ab2eaefe8} DialPass Object Recognized! Type : Regkey Data : Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : typelib\{0e594d22-ace6-43a2-bcda-bb7c65d3fe8c} eUniverse Object Recognized! Type : Regkey Data : Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : bho.perfectnavbho eUniverse Object Recognized! Type : Regkey Data : Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : bho.perfectnavbho.1 eUniverse Object Recognized! Type : Regkey Data : Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : interface\{8b8f6968-2f24-41e3-b653-e9613226f14d} eUniverse Object Recognized! Type : Regkey Data : Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : typelib\{de289bfa-737b-4abb-a4ec-f8753551b875} eUniverse Object Recognized! Type : Regkey Data : Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\windows\currentversion\explorer\browser helper objects\{00d6a7e7-4a97-456f-848a-3b75bf7554d7} eUniverse Object Recognized! Type : Regkey Data : Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\searchupgrader ExactSearchBar Object Recognized! Type : Regkey Data : Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : clsid\{224530a0-c9cb-4aee-9c0f-54ac1b533211} ExactSearchBar Object Recognized! Type : Regkey Data : Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : clsid\{f9765480-72d1-11d4-a75a-004f49045a87} ExactSearchBar Object Recognized! Type : Regkey Data : Category : Data Miner Comment : Rootkey : HKEY_USERS Object : S-1-5-21-1390067357-1532298954-839522115-1004\software\exact ExactSearchBar Object Recognized! Type : Regkey Data : Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\exact ExactSearchBar Object Recognized! Type : Regkey Data : Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\windows\currentversion\explorer\browser helper objects\{f9765480-72d1-11d4-a75a-004f49045a87} ExactSearchBar Object Recognized! Type : Regkey Data : Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\windows\currentversion\uninstall\exact search bar iWon Object Recognized! Type : Regkey Data : Category : Data Miner Comment : SmileyCentralPFSetup2.0.0.0 Rootkey : HKEY_CLASSES_ROOT Object : clsid\{07b18ea1-a523-4961-b6bb-170de4475cca} iWon Object Recognized! Type : Regkey Data : Category : Data Miner Comment : SmileyCentralPFSetup2.0.0.0 Rootkey : HKEY_CLASSES_ROOT Object : clsid\{07b18eab-a523-4961-b6bb-170de4475cca} iWon Object Recognized! Type : Regkey Data : Category : Data Miner Comment : SmileyCentralPFSetup2.0.0.0 Rootkey : HKEY_CLASSES_ROOT Object : clsid\{7473d292-b7bb-4f24-ae82-7e2ce94bb6a9} iWon Object Recognized! Type : Regkey Data : Category : Data Miner Comment : SmileyCentralPFSetup2.0.0.0 Rootkey : HKEY_CLASSES_ROOT Object : mywebsearch.outlookaddin iWon Object Recognized! Type : Regkey Data : Category : Data Miner Comment : SmileyCentralPFSetup2.0.0.0 Rootkey : HKEY_CLASSES_ROOT Object : mywebsearch.outlookaddin.1 iWon Object Recognized! Type : Regkey Data : Category : Data Miner Comment : SmileyCentralPFSetup2.0.0.0 Rootkey : HKEY_CLASSES_ROOT Object : mywebsearchtoolbar.settingsplugin iWon Object Recognized! Type : Regkey Data : Category : Data Miner Comment : SmileyCentralPFSetup2.0.0.0 Rootkey : HKEY_CLASSES_ROOT Object : mywebsearchtoolbar.settingsplugin.1 iWon Object Recognized! Type : Regkey Data : Category : Data Miner Comment : SmileyCentralPFSetup2.0.0.0 Rootkey : HKEY_CLASSES_ROOT Object : typelib\{07b18ea0-a523-4961-b6bb-170de4475cca} iWon Object Recognized! Type : Regkey Data : Category : Data Miner Comment : SmileyCentralPFSetup2.0.0.0 Rootkey : HKEY_CLASSES_ROOT Object : typelib\{7473d290-b7bb-4f24-ae82-7e2ce94bb6a9} iWon Object Recognized! Type : Regkey Data : Category : Data Miner Comment : SmileyCentralPFSetup2.0.0.0 Rootkey : HKEY_CLASSES_ROOT Object : typelib\{adb01e80-3c79-4272-a0f1-7b2be7a782dc} iWon Object Recognized! Type : Regkey Data : Category : Data Miner Comment : SmileyCentralPFSetup2.0.0.0 Rootkey : HKEY_CLASSES_ROOT Object : clsid\{00a6faf1-072e-44cf-8957-5838f569a31d} iWon Object Recognized! Type : Regkey Data : Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : clsid\{07b18ea3-a523-4961-b6bb-170de4475cca} iWon Object Recognized! Type : Regkey Data : Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : interface\{07b18eac-a523-4961-b6bb-170de4475cca} iWon Object Recognized! Type : Regkey Data : Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : interface\{63d0ed2b-b45b-4458-8b3b-60c69bbbd83c} iWon Object Recognized! Type : Regkey Data : Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : funwebproducts.popswatterbarbutton iWon Object Recognized! Type : Regkey Data : Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : funwebproducts.popswattersettingscontrol.1 iWon Object Recognized! Type : Regkey Data : Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : funwebproducts.popswattersettingscontrol iWon Object Recognized! Type : Regkey Data : Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : clsid\{98d9753d-d73b-42d5-8c85-4469cda897ab} iWon Object Recognized! Type : Regkey Data : Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : funwebproducts.htmlmenu.2 iWon Object Recognized! Type : Regkey Data : Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : typelib\{8e6f1830-9607-4440-8530-13be7c4b1d14} iWon Object Recognized! Type : Regkey Data : Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : clsid\{63d0ed2c-b45b-4458-8b3b-60c69bbbd83c} iWon Object Recognized! Type : Regkey Data : Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : clsid\{a9571378-68a1-443d-b082-284f960c6d17} iWon Object Recognized! Type : Regkey Data : Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : typelib\{f42228fb-e84e-479e-b922-fbbd096e792c} iWon Object Recognized! Type : Regkey Data : Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : typelib\{e47caee0-deea-464a-9326-3f2801535a4d} iWon Object Recognized! Type : Regkey Data : Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : clsid\{8e6f1832-9607-4440-8530-13be7c4b1d14} iWon Object Recognized! Type : Regkey Data : Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : clsid\{147a976e-eee1-4377-8ea7-4716e4cdd239} iWon Object Recognized! Type : Regkey Data : Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : clsid\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} iWon Object Recognized! Type : Regkey Data : Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : interface\{63d0ed2d-b45b-4458-8b3b-60c69bbbd83c} iWon Object Recognized! Type : Regkey Data : Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : interface\{6e74766c-4d93-4cc0-96d1-47b8e07ff9ca} iWon Object Recognized! Type : Regkey Data : Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : funwebproducts.htmlmenu iWon Object Recognized! Type : Regkey Data : Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : clsid\{9afb8248-617f-460d-9366-d71cdeda3179} iWon Object Recognized! Type : Regkey Data : Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : interface\{de38c398-b328-4f4c-a3ad-1b5e4ed93477} iWon Object Recognized! Type : Regkey Data : Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : funwebproducts.htmlmenu.1 iWon Object Recognized! Type : Regkey Data : Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : funwebproducts.popswatterbarbutton.1 iWon Object Recognized! Type : Regkey Data : Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : typelib\{00a6faf0-072e-44cf-8957-5838f569a31d} iWon Object Recognized! Type : Regkey Data : Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : interface\{07b18eaa-a523-4961-b6bb-170de4475cca} iWon Object Recognized! Type : Regkey Data : Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : interface\{7473d291-b7bb-4f24-ae82-7e2ce94bb6a9} iWon Object Recognized! Type : Regkey Data : Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : clsid\{1e0de227-5ce4-4ea3-ab0c-8b03e1aa76bc} iWon Object Recognized! Type : Regkey Data : Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : clsid\{adb01e81-3c79-4272-a0f1-7b2be7a782dc} iWon Object Recognized! Type : Regkey Data : Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : interface\{3e1656ed-f60e-4597-b6aa-b6a58e171495} iWon Object Recognized! Type : Regkey Data : Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : interface\{741de825-a6f0-4497-9aa6-8023cf9b0fff} iWon Object Recognized! Type : Regkey Data : Category : Data Miner Comment : SmileyCentralPFSetup2.0.2.1 Rootkey : HKEY_CLASSES_ROOT Object : clsid\{938aa51a-996c-4884-98ce-80dd16a5c9da} iWon Object Recognized! Type : Regkey Data : Category : Data Miner Comment : SmileyCentralPFSetup2.0.2.1 Rootkey : HKEY_CLASSES_ROOT Object : clsid\{9ff05104-b030-46fc-94b8-81276e4e27df} iWon Object Recognized! Type : Regkey Data : Category : Data Miner Comment : SmileyCentralPFSetup2.0.2.1 Rootkey : HKEY_CLASSES_ROOT Object : screensavercontrol.screensaverinstaller iWon Object Recognized! Type : Regkey Data : Category : Data Miner Comment : SmileyCentralPFSetup2.0.2.1 Rootkey : HKEY_CLASSES_ROOT Object : screensavercontrol.screensaverinstaller.1 iWon Object Recognized! Type : Regkey Data : Category : Data Miner Comment : SmileyCentralPFSetup2.0.2.1 Rootkey : HKEY_CLASSES_ROOT Object : typelib\{29d67d3c-509a-4544-903f-c8c1b8236554} iWon Object Recognized! Type : Regkey Data : Category : Data Miner Comment : SmileyCentralPFSetup2.0.2.1 Rootkey : HKEY_CLASSES_ROOT Object : interface\{2e3537fc-cf2f-4f56-af54-5a6a3dd375cc} iWon Object Recognized! Type : Regkey Data : Category : Data Miner Comment : SmileyCentralPFSetup2.0.2.1 Rootkey : HKEY_CLASSES_ROOT Object : interface\{2e9937fc-cf2f-4f56-af54-5a6a3dd375cc} iWon Object Recognized! Type : Regkey Data : Category : Data Miner Comment : SmileyCentralPFSetup2.0.0.0 Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\windows\currentversion\explorer\browser helper objects\{07b18ea1-a523-4961-b6bb-170de4475cca} iWon Object Recognized! Type : Regkey Data : Category : Data Miner Comment : SmileyCentralPFSetup2.0.0.0 Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\windows\currentversion\explorer\browser helper objects\{00a6faf1-072e-44cf-8957-5838f569a31d} iWon Object Recognized! Type : Regkey Data : Category : Data Miner Comment : Rootkey : HKEY_USERS Object : S-1-5-21-1390067357-1532298954-839522115-1004\software\mywebsearch iWon Object Recognized! Type : Regkey Data : Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\mywebsearch iWon Object Recognized! Type : Regkey Data : Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\focusinteractive iWon Object Recognized! Type : Regkey Data : Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\office\word\addins\mywebsearch.outlookaddin iWon Object Recognized! Type : Regkey Data : Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\office\outlook\addins\mywebsearch.outlookaddin iWon Object Recognized! Type : Regkey Data : Category : Data Miner Comment : Rootkey : HKEY_USERS Object : S-1-5-21-1390067357-1532298954-839522115-1004\software\fun web products iWon Object Recognized! Type : Regkey Data : Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\fun web products iWon Object Recognized! Type : Regkey Data : Category : Data Miner Comment : SmileyCentralPFSetup2.0.2.1 Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\windows\currentversion\uninstall\mywebsearch bar uninstall MagicControl Object Recognized! Type : Regkey Data : Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : clsid\{19068197-6f58-4e8a-8007-7155a68ca967} MagicControl Object Recognized! Type : Regkey Data : Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : clsid\{75a603e7-8bb7-4272-abbe-9846ff1241c1} MagicControl Object Recognized! Type : Regkey Data : Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : clsid\{d7a82a12-05f5-42d8-b30d-6ef995075d2d} MagicControl Object Recognized! Type : Regkey Data : Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : interface\{1ef28cc5-8d97-4310-b71b-ca34ee15b897} MagicControl Object Recognized! Type : Regkey Data : Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : interface\{43cdad65-aa0d-4701-8108-117f86613b69} MagicControl Object Recognized! Type : Regkey Data : Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : interface\{6d3f48f4-b40a-4c3f-a95c-85e23c3a8a91} MagicControl Object Recognized! Type : Regkey Data : Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : magiccontrol.magiccomponent MagicControl Object Recognized! Type : Regkey Data : Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : magiccontrol.magiccomponent.1 MagicControl Object Recognized! Type : Regkey Data : Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : plugin_mc.mcplugin MagicControl Object Recognized! Type : Regkey Data : Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : plugin_mc.mcplugin.1 MagicControl Object Recognized! Type : Regkey Data : Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : typelib\{82c0673c-f1d1-47ba-b904-ab0de82300bc} MagicControl Object Recognized! Type : Regkey Data : Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : typelib\{ba49bd6a-039c-428e-af33-8c1288d75a7b} MagicControl Object Recognized! Type : Regkey Data : Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : typelib\{d55589f7-2879-47e8-9c66-27de6477a814} MyWay.Speedbar Object Recognized! Type : Regkey Data : Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : clsid\{07b18ea9-a523-4961-b6bb-170de4475cca} MyWay.Speedbar Object Recognized! Type : Regkey Data : Category : Misc Comment : Rootkey : HKEY_CLASSES_ROOT Object : mywaytoolbar.netscapestartup MyWay.Speedbar Object Recognized! Type : Regkey Data : Category : Misc Comment : Rootkey : HKEY_CLASSES_ROOT Object : mywaytoolbar.netscapeshutdown.1 MyWay.Speedbar Object Recognized! Type : Regkey Data : Category : Misc Comment : Rootkey : HKEY_CLASSES_ROOT Object : clsid\{0494d0d7-f8e0-41ad-92a3-14154ece70ac} MyWay.Speedbar Object Recognized! Type : Regkey Data : Category : Misc Comment : Rootkey : HKEY_CLASSES_ROOT Object : interface\{0494d0dc-f8e0-41ad-92a3-14154ece70ac} MyWay.Speedbar Object Recognized! Type : Regkey Data : Category : Misc Comment : Rootkey : HKEY_CLASSES_ROOT Object : mywaytoolbar.netscapeshutdown MyWay.Speedbar Object Recognized! Type : Regkey Data : Category : Misc Comment : Rootkey : HKEY_CLASSES_ROOT Object : clsid\{0494d0d5-f8e0-41ad-92a3-14154ece70ac} MyWay.Speedbar Object Recognized! Type : Regkey Data : Category : Misc Comment : Rootkey : HKEY_CLASSES_ROOT Object : mywaytoolbar.netscapestartup.1 MyWay.Speedbar Object Recognized! Type : Regkey Data : Category : Misc Comment : Rootkey : HKEY_CLASSES_ROOT Object : clsid\{014da6cd-189f-421a-88cd-07cfe51cff10} MyWay.Speedbar Object Recognized! Type : Regkey Data : Category : Misc Comment : Rootkey : HKEY_CLASSES_ROOT Object : interface\{0494d0d6-f8e0-41ad-92a3-14154ece70ac} MyWay.Speedbar Object Recognized! Type : Regkey Data : Category : Misc Comment : Rootkey : HKEY_CLASSES_ROOT Object : clsid\{0494d0db-f8e0-41ad-92a3-14154ece70ac} MyWay.Speedbar Object Recognized! Type : Regkey Data : Category : Misc Comment : Rootkey : HKEY_CLASSES_ROOT Object : clsid\{0494d0d9-f8e0-41ad-92a3-14154ece70ac} MyWay.Speedbar Object Recognized! Type : Regkey Data : Category : Misc Comment : Rootkey : HKEY_CLASSES_ROOT Object : clsid\{0494d0d3-f8e0-41ad-92a3-14154ece70ac} MyWay.Speedbar Object Recognized! Type : Regkey Data : Category : Misc Comment : Rootkey : HKEY_CLASSES_ROOT Object : interface\{0494d0da-f8e0-41ad-92a3-14154ece70ac} MyWay.Speedbar Object Recognized! Type : Regkey Data : Category : Misc Comment : Rootkey : HKEY_CLASSES_ROOT Object : clsid\{0494d0d1-f8e0-41ad-92a3-14154ece70ac} MyWay.Speedbar Object Recognized! Type : Regkey Data : Category : Misc Comment : Rootkey : HKEY_CLASSES_ROOT Object : interface\{0494d0d4-f8e0-41ad-92a3-14154ece70ac} MyWay.Speedbar Object Recognized! Type : Regkey Data : Category : Misc Comment : Rootkey : HKEY_CLASSES_ROOT Object : clsid\{0494d0d2-f8e0-41ad-92a3-14154ece70ac} MyWay.Speedbar Object Recognized! Type : Regkey Data : Category : Misc Comment : Rootkey : HKEY_CLASSES_ROOT Object : mywaytoolbar.settingsplugin MyWay.Speedbar Object Recognized! Type : Regkey Data : Category : Misc Comment : Rootkey : HKEY_CLASSES_ROOT Object : clsid\{014da6c9-189f-421a-88cd-07cfe51cff10} MyWay.Speedbar Object Recognized! Type : Regkey Data : Category : Misc Comment : Rootkey : HKEY_CLASSES_ROOT Object : mywaytoolbar.settingsplugin.1 MyWay.Speedbar Object Recognized! Type : Regkey Data : Category : Misc Comment : Rootkey : HKEY_CLASSES_ROOT Object : typelib\{0494d0d0-f8e0-41ad-92a3-14154ece70ac} MyWay.Speedbar Object Recognized! Type : Regkey Data : Category : Misc Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\windows\currentversion\uninstall\my way speedbar uninstall MyWay.Speedbar Object Recognized! Type : Regkey Data : Category : Misc Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\myway\mybar MyWay.Speedbar Object Recognized! Type : Regkey Data : Category : Misc Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\myway\mybar\partner MyWay.Speedbar Object Recognized! Type : Regkey Data : Category : Misc Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\windows\currentversion\explorer\browser helper objects\{0494d0d1-f8e0-41ad-92a3-14154ece70ac} NavExcel Object Recognized! Type : Regkey Data : Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : appid\{710bcb5b-8c6c-483e-a4f5-faf083b13184} NavExcel Object Recognized! Type : Regkey Data : Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : clsid\{c1e58a84-95b3-4630-b8c2-d06b77b7a0fc} NavExcel Object Recognized! Type : Regkey Data : Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : interface\{20f36af3-3486-4bb6-8bcb-f1f8abe74d07} NavExcel Object Recognized! Type : Regkey Data : Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : navexcel.navhelper NavExcel Object Recognized! Type : Regkey Data : Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : navexcel.navhelper.1 NavExcel Object Recognized! Type : Regkey Data : Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : typelib\{fa4de133-d3c3-4ed4-92d1-cd4dde839ab3} NavExcel Object Recognized! Type : Regkey Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\windows\currentversion\explorer\browser helper objects\{c1e58a84-95b3-4630-b8c2-d06b77b7a0fc} NavExcel Object Recognized! Type : Regkey Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\windows\currentversion\uninstall\navhelper NavExcel Object Recognized! Type : Regkey Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\navexcel WhenU Object Recognized! Type : Regkey Data : Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : wusn.1 WhenU Object Recognized! Type : Regkey Data : Category : Data Miner Comment : Rootkey : HKEY_USERS Object : S-1-5-21-1390067357-1532298954-839522115-1004\software\whenu WhenU Object Recognized! Type : Regkey Data : Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\windows\currentversion\uninstall\clocksync WhenU Object Recognized! Type : Regkey Data : Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\whenusave Win32.Adverts.TrojanDownloader Object Recognized! Type : Regkey Data : Category : Malware Comment : Rootkey : HKEY_USERS Object : S-1-5-21-1390067357-1532298954-839522115-1004\software\program info Alexa Object Recognized! Type : RegValue Data : Category : Data Miner Comment : "{c95fe080-8f5d-11d2-a20b-00aa003c157a}" Rootkey : HKEY_USERS Object : .DEFAULT\software\microsoft\internet explorer\extensions\cmdmapping Value : {c95fe080-8f5d-11d2-a20b-00aa003c157a} Alexa Object Recognized! Type : RegValue Data : Category : Data Miner Comment : "{c95fe080-8f5d-11d2-a20b-00aa003c157a}" Rootkey : HKEY_USERS Object : S-1-5-18\software\microsoft\internet explorer\extensions\cmdmapping Value : {c95fe080-8f5d-11d2-a20b-00aa003c157a} Alexa Object Recognized! Type : RegValue Data : Category : Data Miner Comment : "{c95fe080-8f5d-11d2-a20b-00aa003c157a}" Rootkey : HKEY_USERS Object : S-1-5-21-1390067357-1532298954-839522115-1004\software\microsoft\internet explorer\extensions\cmdmapping Value : {c95fe080-8f5d-11d2-a20b-00aa003c157a} BargainBuddy Object Recognized! Type : RegValue Data : Category : Malware Comment : "BullsEye Network" Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\windows\currentversion\run Value : BullsEye Network BargainBuddy Object Recognized! Type : RegValue Data : Category : Malware Comment : "PartnerID" Rootkey : HKEY_LOCAL_MACHINE Object : software\exactutil Value : PartnerID BargainBuddy Object Recognized! Type : RegValue Data : Category : Malware Comment : "UtilFolder" Rootkey : HKEY_LOCAL_MACHINE Object : software\exactutil Value : UtilFolder BargainBuddy Object Recognized! Type : RegValue Data : Category : Malware Comment : "PartnerName" Rootkey : HKEY_LOCAL_MACHINE Object : software\exactutil Value : PartnerName BargainBuddy Object Recognized! Type : RegValue Data : Category : Malware Comment : "FirstHit" Rootkey : HKEY_LOCAL_MACHINE Object : software\exactutil Value : FirstHit BargainBuddy Object Recognized! Type : RegValue Data : Category : Malware Comment : "BuildNumber" Rootkey : HKEY_LOCAL_MACHINE Object : software\exactutil Value : BuildNumber BargainBuddy Object Recognized! Type : RegValue Data : Category : Malware Comment : "UninstallUrl" Rootkey : HKEY_LOCAL_MACHINE Object : software\exactutil Value : UninstallUrl BargainBuddy Object Recognized! Type : RegValue Data : Category : Malware Comment : "UniqueKeyUrl" Rootkey : HKEY_LOCAL_MACHINE Object : software\exactutil Value : UniqueKeyUrl BargainBuddy Object Recognized! Type : RegValue Data : Category : Malware Comment : "FirstHitUrl" Rootkey : HKEY_LOCAL_MACHINE Object : software\exactutil Value : FirstHitUrl ExactSearchBar Object Recognized! Type : RegValue Data : Category : Data Miner Comment : "{224530A0-C9CB-4AEE-9C0F-54AC1B533211}" Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\windows\currentversion\shell extensions\approved Value : {224530A0-C9CB-4AEE-9C0F-54AC1B533211} iWon Object Recognized! Type : RegValue Data : Category : Data Miner Comment : SmileyCentralPFSetup2.0.2.1 Rootkey : HKEY_USERS Object : S-1-5-21-1390067357-1532298954-839522115-1004\software\microsoft\windows\currentversion\run Value : MyWebSearch Email Plugin iWon Object Recognized! Type : RegValue Data : Category : Data Miner Comment : SmileyCentralPFSetup2.0.2.1 Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\windows\currentversion\run Value : MyWebSearch Email Plugin MyWay.Speedbar Object Recognized! Type : RegValue Data : Category : Misc Comment : "{07B18EA9-A523-4961-B6BB-170DE4475CCA}" Rootkey : HKEY_USERS Object : S-1-5-21-1390067357-1532298954-839522115-1004\software\microsoft\internet explorer\toolbar\webbrowser Value : {07B18EA9-A523-4961-B6BB-170DE4475CCA} MyWay.Speedbar Object Recognized! Type : RegValue Data : Category : Misc Comment : "{0494D0D9-F8E0-41ad-92A3-14154ECE70AC}" Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\internet explorer\toolbar Value : {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} MyWay.Speedbar Object Recognized! Type : RegValue Data : Category : Misc Comment : "{07B18EA9-A523-4961-B6BB-170DE4475CCA}" Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\internet explorer\toolbar Value : {07B18EA9-A523-4961-B6BB-170DE4475CCA} WhenU Object Recognized! Type : RegValue Data : Category : Data Miner Comment : "WeatherCast" Rootkey : HKEY_USERS Object : S-1-5-21-1390067357-1532298954-839522115-1004\software\microsoft\windows\currentversion\run Value : WeatherCast WhenU Object Recognized! Type : RegValue Data : Category : Data Miner Comment : "WhenUSave" Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\windows\currentversion\run Value : WhenUSave Registry Scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 188 Objects found so far: 193 Started deep registry scan »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Possible Browser Hijack attempt Object Recognized! Type : Regkey Data : Software\Microsoft\Windows\CurrentVersion\Uninstall\BargainBuddy "http://www.exactadvertising.com'>http://www.exactadvertising.com"'>http://www.exactadvertising.com" Category : Data Miner Comment : (http://www.exactadvertising.com) Rootkey : HKEY_LOCAL_MACHINE Object : Software\Microsoft\Windows\CurrentVersion\Uninstall\BargainBuddy Possible Browser Hijack attempt Object Recognized! Type : Regkey Data : Software\Microsoft\Windows\CurrentVersion\Uninstall\CashBack "http://www.cashbackbuddy.com"'>http://www.cashbackbuddy.com" Category : Data Miner Comment : (http://www.cashbackbuddy.com) Rootkey : HKEY_LOCAL_MACHINE Object : Software\Microsoft\Windows\CurrentVersion\Uninstall\CashBack Possible Browser Hijack attempt Object Recognized! Type : Regkey Data : Software\Microsoft\Windows\CurrentVersion\Uninstall\NaviSearch "http://www.exactadvertising.com" Category : Data Miner Comment : (http://www.exactadvertising.com) Rootkey : HKEY_LOCAL_MACHINE Object : Software\Microsoft\Windows\CurrentVersion\Uninstall\NaviSearch Dialer Object Recognized! Type : Regkey Data : Category : Dialer Comment : Rootkey : HKEY_LOCAL_MACHINE Object : Software\microsoft\windows\currentversion\moduleusage\C:/WINDOWS/System32/eglivecam_1028.dll Dialer Object Recognized! Type : File Data : /windows/system32/eglivecam_1028.dll Category : Dialer Comment : Object : c: WhenU Object Recognized! Type : RegValue Data : Category : Data Miner Comment : "ClockSync" Rootkey : HKEY_CURRENT_USER Object : Software\Microsoft\Windows\CurrentVersion\Run Value : ClockSync WhenU Object Recognized! Type : File Data : sync.exe Category : Data Miner Comment : Object : c:\program\clocks~1 FileVersion : 1, 0, 1, 62 ProductVersion : 1, 0, 1, 62 ProductName : ClockSync FileDescription : ClockSync InternalName : TEST1 LegalCopyright : Copyright 2003 WhenU, Inc. OriginalFilename : ClockSync.exe eUniverse Object Recognized! Type : RegValue Data : Category : Data Miner Comment : "SearchUpgrader" Rootkey : HKEY_LOCAL_MACHINE Object : Software\Microsoft\Windows\CurrentVersion\Run Value : SearchUpgrader eUniverse Object Recognized! Type : File Data : searchupgrader.exe Category : Data Miner Comment : Object : c:\program\common files\searchupgrader FileVersion : 1, 5, 6, 0 ProductVersion : 1, 5, 6, 0 ProductName : SearchUpgrader FileDescription : Application InternalName : SearchUpgrader Dialer Object Recognized! Type : RegValue Data : C:\WINDOWS\System32\eglivecam_1028.dll Category : Dialer Comment : Rootkey : HKEY_LOCAL_MACHINE Object : Software\Microsoft\Windows\CurrentVersion\SharedDLLs Value : C:\WINDOWS\System32\eglivecam_1028.dll Deep registry scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 7 Objects found so far: 203 Started Tracking Cookie scan »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Tracking Cookie Object Recognized! Type : IECache Entry Data : marie nilsson@bravenet[2].txt Category : Data Miner Comment : Cookie:marie nilsson@bravenet.com/ Value : Cookie:marie nilsson@bravenet.com/ Tracking Cookie Object Recognized! Type : IECache Entry Data : marie nilsson@advertising[2].txt Category : Data Miner Comment : Cookie:marie nilsson@advertising.com/ Value : Cookie:marie nilsson@advertising.com/ Tracking Cookie Object Recognized! Type : IECache Entry Data : marie nilsson@0[1].txt Category : Data Miner Comment : Cookie:marie nilsson@jkazaa.cjt1.net/HTM/276/0 Value : Cookie:marie nilsson@jkazaa.cjt1.net/HTM/276/0 Tracking Cookie Object Recognized! Type : IECache Entry Data : marie nilsson@276[1].txt Category : Data Miner Comment : Cookie:marie nilsson@jkazaa.cjt1.net/HTM/276 Value : Cookie:marie nilsson@jkazaa.cjt1.net/HTM/276 Tracking Cookie Object Recognized! Type : IECache Entry Data : marie nilsson@as1.falkag[2].txt Category : Data Miner Comment : Cookie:marie nilsson@as1.falkag.de/ Value : Cookie:marie nilsson@as1.falkag.de/ Tracking Cookie Object Recognized! Type : IECache Entry Data : marie nilsson@vad.mainentrypoint[1].txt Category : Data Miner Comment : Cookie:marie nilsson@vad.mainentrypoint.com/ Value : Cookie:marie nilsson@vad.mainentrypoint.com/ Tracking Cookie Object Recognized! Type : IECache Entry Data : marie nilsson@cgi-bin[3].txt Category : Data Miner Comment : Cookie:marie nilsson@imrworldwide.com/cgi-bin Value : Cookie:marie nilsson@imrworldwide.com/cgi-bin Tracking Cookie Object Recognized! Type : IECache Entry Data : marie nilsson@www.mp3search[1].txt Category : Data Miner Comment : Cookie:marie nilsson@www.mp3search.com/ Value : Cookie:marie nilsson@www.mp3search.com/ Tracking Cookie Object Recognized! Type : IECache Entry Data : marie nilsson@2o7[1].txt Category : Data Miner Comment : Cookie:marie nilsson@2o7.net/ Value : Cookie:marie nilsson@2o7.net/ Tracking Cookie Object Recognized! Type : IECache Entry Data : marie nilsson@adtech[1].txt Category : Data Miner Comment : Cookie:marie nilsson@adtech.de/ Value : Cookie:marie nilsson@adtech.de/ Tracking Cookie Object Recognized! Type : IECache Entry Data : marie nilsson@www.goldenpalace[1].txt Category : Data Miner Comment : Cookie:marie nilsson@www.goldenpalace.com/ Value : Cookie:marie nilsson@www.goldenpalace.com/ Tracking Cookie Object Recognized! Type : IECache Entry Data : marie nilsson@tickle[1].txt Category : Data Miner Comment : Cookie:marie nilsson@tickle.com/ Value : Cookie:marie nilsson@tickle.com/ Tracking Cookie Object Recognized! Type : IECache Entry Data : marie nilsson@cgi-bin[2].txt Category : Data Miner Comment : Cookie:marie nilsson@www.fjallraven.se/cgi-bin/ Value : Cookie:marie nilsson@www.fjallraven.se/cgi-bin/ Tracking Cookie Object Recognized! Type : IECache Entry Data : marie nilsson@servedby.advertising[2].txt Category : Data Miner Comment : Cookie:marie nilsson@servedby.advertising.com/ Value : Cookie:marie nilsson@servedby.advertising.com/ Tracking Cookie Object Recognized! Type : IECache Entry Data : marie nilsson@a.as-us.falkag[1].txt Category : Data Miner Comment : Cookie:marie nilsson@a.as-us.falkag.net/ Value : Cookie:marie nilsson@a.as-us.falkag.net/ Tracking Cookie Object Recognized! Type : IECache Entry Data : marie nilsson@n3sport.adhostcenter[2].txt Category : Data Miner Comment : Cookie:marie nilsson@n3sport.adhostcenter.com/ Value : Cookie:marie nilsson@n3sport.adhostcenter.com/ Tracking Cookie Object Recognized! Type : IECache Entry Data : marie nilsson@banner.goldenpalace[2].txt Category : Data Miner Comment : Cookie:marie nilsson@banner.goldenpalace.com/ Value : Cookie:marie nilsson@banner.goldenpalace.com/ Tracking Cookie Object Recognized! Type : IECache Entry Data : marie nilsson@instadia[1].txt Category : Data Miner Comment : Cookie:marie nilsson@instadia.net/ Value : Cookie:marie nilsson@instadia.net/ Tracking Cookie Object Recognized! Type : IECache Entry Data : marie nilsson@overture[2].txt Category : Data Miner Comment : Cookie:marie nilsson@overture.com/ Value : Cookie:marie nilsson@overture.com/ Tracking Cookie Object Recognized! Type : IECache Entry Data : marie nilsson@www.loplabbet[2].txt Category : Data Miner Comment : Cookie:marie nilsson@www.loplabbet.se/ Value : Cookie:marie nilsson@www.loplabbet.se/ Tracking Cookie Object Recognized! Type : IECache Entry Data : marie nilsson@ehg-dig.hitbox[1].txt Category : Data Miner Comment : Cookie:marie nilsson@ehg-dig.hitbox.com/ Value : Cookie:marie nilsson@ehg-dig.hitbox.com/ Tracking Cookie Object Recognized! Type : IECache Entry Data : marie nilsson@trafficmp[1].txt Category : Data Miner Comment : Cookie:marie nilsson@trafficmp.com/ Value : Cookie:marie nilsson@trafficmp.com/ Tracking Cookie Object Recognized! Type : IECache Entry Data : marie nilsson@counter9.sextracker[1].txt Category : Data Miner Comment : Cookie:marie nilsson@counter9.sextracker.com/ Value : Cookie:marie nilsson@counter9.sextracker.com/ Tracking Cookie Object Recognized! Type : IECache Entry Data : marie nilsson@atdmt[1].txt Category : Data Miner Comment : Cookie:marie nilsson@atdmt.com/ Value : Cookie:marie nilsson@atdmt.com/ Tracking Cookie Object Recognized! Type : IECache Entry Data : marie nilsson@gator[2].txt Category : Data Miner Comment : Cookie:marie nilsson@gator.com/ Value : Cookie:marie nilsson@gator.com/ Tracking Cookie Object Recognized! Type : IECache Entry Data : marie nilsson@kelkoo[1].txt Category : Data Miner Comment : Cookie:marie nilsson@kelkoo.se/ Value : Cookie:marie nilsson@kelkoo.se/ Tracking Cookie Object Recognized! Type : IECache Entry Data : marie nilsson@realmedia[1].txt Category : Data Miner Comment : Cookie:marie nilsson@realmedia.com/ Value : Cookie:marie nilsson@realmedia.com/ Tracking Cookie Object Recognized! Type : IECache Entry Data : marie nilsson@tradedoubler[2].txt Category : Data Miner Comment : Cookie:marie nilsson@tradedoubler.com/ Value : Cookie:marie nilsson@tradedoubler.com/ Tracking Cookie Object Recognized! Type : IECache Entry Data : marie nilsson@sextracker[1].txt Category : Data Miner Comment : Cookie:marie nilsson@sextracker.com/ Value : Cookie:marie nilsson@sextracker.com/ Tracking Cookie Object Recognized! Type : IECache Entry Data : marie nilsson@maxserving[2].txt Category : Data Miner Comment : Cookie:marie nilsson@maxserving.com/ Value : Cookie:marie nilsson@maxserving.com/ Tracking Cookie Object Recognized! Type : IECache Entry Data : marie nilsson@fastclick[1].txt Category : Data Miner Comment : Cookie:marie nilsson@fastclick.net/ Value : Cookie:marie nilsson@fastclick.net/ Tracking Cookie Object Recognized! Type : IECache Entry Data : marie nilsson@adx.adhostcenter[2].txt Category : Data Miner Comment : Cookie:marie nilsson@adx.adhostcenter.com/ Value : Cookie:marie nilsson@adx.adhostcenter.com/ Tracking Cookie Object Recognized! Type : IECache Entry Data : marie nilsson@questionmarket[1].txt Category : Data Miner Comment : Cookie:marie nilsson@questionmarket.com/ Value : Cookie:marie nilsson@questionmarket.com/ Tracking Cookie Object Recognized! Type : IECache Entry Data : marie nilsson@doubleclick[1].txt Category : Data Miner Comment : Cookie:marie nilsson@doubleclick.net/ Value : Cookie:marie nilsson@doubleclick.net/ Tracking Cookie Object Recognized! Type : IECache Entry Data : marie nilsson@tribalfusion[1].txt Category : Data Miner Comment : Cookie:marie nilsson@tribalfusion.com/ Value : Cookie:marie nilsson@tribalfusion.com/ Tracking Cookie Object Recognized! Type : IECache Entry Data : marie nilsson@toteme[2].txt Category : Data Miner Comment : Cookie:marie nilsson@toteme.com/ Value : Cookie:marie nilsson@toteme.com/ Tracking Cookie Object Recognized! Type : IECache Entry Data : marie nilsson@ehg-tfl.hitbox[2].txt Category : Data Miner Comment : Cookie:marie nilsson@ehg-tfl.hitbox.com/ Value : Cookie:marie nilsson@ehg-tfl.hitbox.com/ Tracking Cookie Object Recognized! Type : IECache Entry Data : marie nilsson@adviva[2].txt Category : Data Miner Comment : Cookie:marie nilsson@adviva.net/ Value : Cookie:marie nilsson@adviva.net/ Tracking Cookie Object Recognized! Type : IECache Entry Data : marie nilsson@hitbox[1].txt Category : Data Miner Comment : Cookie:marie nilsson@hitbox.com/ Value : Cookie:marie nilsson@hitbox.com/ Tracking Cookie Object Recognized! Type : IECache Entry Data : marie nilsson@server.iad.liveperson[1].txt Category : Data Miner Comment : Cookie:marie nilsson@server.iad.liveperson.net/ Value : Cookie:marie nilsson@server.iad.liveperson.net/ Tracking Cookie Object Recognized! Type : IECache Entry Data : marie nilsson@bfast[1].txt Category : Data Miner Comment : Cookie:marie nilsson@bfast.com/ Value : Cookie:marie nilsson@bfast.com/ Tracking Cookie Object Recognized! Type : IECache Entry Data : marie nilsson@z1.adserver[1].txt Category : Data Miner Comment : Cookie:marie nilsson@z1.adserver.com/ Value : Cookie:marie nilsson@z1.adserver.com/ Tracking Cookie Object Recognized! Type : IECache Entry Data : marie nilsson@hc2.humanclick[1].txt Category : Data Miner Comment : Cookie:marie nilsson@hc2.humanclick.com/ Value : Cookie:marie nilsson@hc2.humanclick.com/ Tracking Cookie Object Recognized! Type : IECache Entry Data : marie nilsson@tmpad[2].txt Category : Data Miner Comment : Cookie:marie nilsson@ad.trafficmp.com/tmpad Value : Cookie:marie nilsson@ad.trafficmp.com/tmpad Tracking Cookie Object Recognized! Type : IECache Entry Data : marie nilsson@mediaplex[2].txt Category : Data Miner Comment : Cookie:marie nilsson@mediaplex.com/ Value : Cookie:marie nilsson@mediaplex.com/ Tracking Cookie Object Recognized! Type : IECache Entry Data : marie nilsson@banner.aspinallsonlinecasino[2].txt Category : Data Miner Comment : Cookie:marie nilsson@banner.aspinallsonlinecasino.com/ Value : Cookie:marie nilsson@banner.aspinallsonlinecasino.com/ Tracking Cookie Object Recognized! Type : IECache Entry Data : marie nilsson@phg.hitbox[1].txt Category : Data Miner Comment : Cookie:marie nilsson@phg.hitbox.com/ Value : Cookie:marie nilsson@phg.hitbox.com/ Tracking cookie scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 47 Objects found so far: 250 Deep scanning and examining files... »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Disk Scan Result for C:\WINDOWS »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 250 Dialer Object Recognized! Type : File Data : eglivecam_1028.dll Category : Dialer Comment : Object : C:\WINDOWS\System32 iWon Object Recognized! Type : File Data : f3pssavr.scr Category : Data Miner Comment : SmileyCentralPFSetup2.0.2.1 Object : C:\WINDOWS\System32 FileVersion : 1, 0, 2, 0 ProductVersion : 1, 0, 2, 0 ProductName : Popular Screensavers CompanyName : FunWebProducts.com FileDescription : Popular Screensavers InternalName : f3PSSavr LegalCopyright : Copyright © 2004 OriginalFilename : f3PSSavr.scr Disk Scan Result for C:\WINDOWS\System32 »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 252 Disk Scan Result for C:\DOCUME~1\MARIEN~1\LOKALA~1\Temp»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 252 Scanning Hosts file...... Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts". »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Hosts file scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» 1 entries scanned. New critical objects:0 Objects found so far: 252 MRU List Object Recognized! Location: : S-1-5-21-1390067357-1532298954-839522115-1004\software\microsoft\windows\currentversion\applets\paint\recent file list Description : list of files recently opened using microsoft paint MRU List Object Recognized! Location: : S-1-5-21-1390067357-1532298954-839522115-1004\software\microsoft\windows\currentversion\explorer\runmru Description : mru list for items opened in start | run MRU List Object Recognized! Location: : S-1-5-21-1390067357-1532298954-839522115-1004\software\microsoft\search assistant\acmru Description : list of recent search terms used with the search assistant MRU List Object Recognized! Location: : S-1-5-21-1390067357-1532298954-839522115-1004\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru Description : list of recently saved files, stored according to file extension MRU List Object Recognized! Location: : S-1-5-21-1390067357-1532298954-839522115-1004\software\microsoft\windows\currentversion\explorer\comdlg32\lastvisitedmru Description : list of recent programs opened MRU List Object Recognized! Location: : S-1-5-21-1390067357-1532298954-839522115-1004\software\microsoft\windows\currentversion\explorer\recentdocs Description : list of recent documents opened MRU List Object Recognized! Location: : S-1-5-21-1390067357-1532298954-839522115-1004\software\microsoft\mediaplayer\player\recentfilelist Description : list of recently used files in microsoft windows media player MRU List Object Recognized! Location: : S-1-5-21-1390067357-1532298954-839522115-1004\software\realnetworks\realplayer\6.0\preferences Description : list of recent skins in realplayer MRU List Object Recognized! Location: : S-1-5-21-1390067357-1532298954-839522115-1004\software\microsoft\internet explorer Description : last download directory used in microsoft internet explorer MRU List Object Recognized! Location: : software\microsoft\directdraw\mostrecentapplication Description : most recent application to use microsoft directdraw MRU List Object Recognized! Location: : S-1-5-21-1390067357-1532298954-839522115-1004\software\microsoft\microsoft management console\recent file list Description : list of recent snap-ins used in the microsoft management console MRU List Object Recognized! Location: : S-1-5-21-1390067357-1532298954-839522115-1004\software\google\navclient\1.1\history Description : list of recently used search terms in the google toolbar MRU List Object Recognized! Location: : S-1-5-21-1390067357-1532298954-839522115-1004\software\microsoft\internet explorer\typedurls Description : list of recently entered addresses in microsoft internet explorer MRU List Object Recognized! Location: : S-1-5-21-1390067357-1532298954-839522115-1004\software\creative tech\creative wavestudio\settings Description : list of recently used directories in creative wavestudio MRU List Object Recognized! Location: : software\microsoft\direct3d\mostrecentapplication Description : most recent application to use microsoft direct3d MRU List Object Recognized! Location: : S-1-5-21-1390067357-1532298954-839522115-1004\software\realnetworks\realplayer\6.0\preferences Description : list of recent clips in realplayer MRU List Object Recognized! Location: : S-1-5-21-1390067357-1532298954-839522115-1004\software\microsoft\frontpage\explorer\frontpage explorer\recent web list Description : list of recently used webs in microsoft frontpage MRU List Object Recognized! Location: : S-1-5-21-1390067357-1532298954-839522115-1004\software\microsoft\mediaplayer\preferences Description : last playlist loaded in microsoft windows media player MRU List Object Recognized! Location: : S-1-5-21-1390067357-1532298954-839522115-1004\software\realnetworks\realplayer\6.0\preferences Description : last login time in realplayer MRU List Object Recognized! Location: : S-1-5-21-1390067357-1532298954-839522115-1004\software\microsoft\frontpage\explorer\frontpage explorer\recent file list Description : list of recently used files in microsoft frontpage MRU List Object Recognized! Location: : software\microsoft\direct3d\mostrecentapplication Description : most recent application to use microsoft direct X MRU List Object Recognized! Location: : .DEFAULT\software\microsoft\windows media\wmsdk\general Description : windows media sdk MRU List Object Recognized! Location: : S-1-5-18\software\microsoft\windows media\wmsdk\general Description : windows media sdk MRU List Object Recognized! Location: : S-1-5-21-1390067357-1532298954-839522115-1004\software\microsoft\windows media\wmsdk\general Description : windows media sdk MRU List Object Recognized! Location: : C:\Documents and Settings\Marie Nilsson\Application Data\microsoft\office\recent Description : list of recently opened documents using microsoft office MRU List Object Recognized! Location: : C:\Documents and Settings\Marie Nilsson\recent Description : list of recently opened documents Performing conditional scans... »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» BargainBuddy Object Recognized! Type : Regkey Data : Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : interface\{8eee58d5-130e-4cbd-9c83-35a0564ea119} BargainBuddy Object Recognized! Type : Folder Category : Malware Comment : Object : C:\Program\BullsEye Network BargainBuddy Object Recognized! Type : Folder Category : Malware Comment : Object : C:\Program\Bargain Buddy BargainBuddy Object Recognized! Type : File Data : exul.exe Category : Malware Comment : Object : C:\WINDOWS\System32 FileVersion : 1, 0, 0, 1 ProductVersion : 1, 0, 0, 1 ProductName : Upload Module CompanyName : eXact Advertising FileDescription : Upload Module InternalName : Upload Utility LegalCopyright : Copyright © 2003, 2004. eXact Advertising, LLC. All Rights Reserved. OriginalFilename : exul.exe BargainBuddy Object Recognized! Type : File Data : exdl.exe Category : Malware Comment : Object : C:\WINDOWS\System32 FileVersion : 1, 0, 0, 6 ProductVersion : 1, 0, 0, 6 ProductName : Download Module CompanyName : eXact Advertising FileDescription : Download Module InternalName : Download Utility LegalCopyright : Copyright © 2003, 2004. eXact Advertising, LLC. All Rights Reserved. OriginalFilename : exdl.exe BargainBuddy Object Recognized! Type : File Data : bbchk.exe Category : Malware Comment : Object : C:\WINDOWS\System32 FileVersion : 5.101.1663.1 ProductVersion : 5.101.1663.1 ProductName : Microsoft® Windows NT® Operating System CompanyName : Microsoft Corporation FileDescription : ECM ChkTrust InternalName : CHKTRUST.EXE LegalCopyright : Copyright © Microsoft Corp. 1981-1997 OriginalFilename : CHKTRUST.EXE BargainBuddy Object Recognized! Type : File Data : adv.exe Category : Malware Comment : Object : C:\Program\bullseye network\bin FileVersion : 1.00 ProductVersion : 1.00 ProductName : adv CompanyName : eXact Advertising InternalName : adv LegalCopyright : Copyright © 2003, 2004. eXact Advertising, LLC. All Rights Reserved. OriginalFilename : adv.exe BargainBuddy Object Recognized! Type : File Data : adx.exe Category : Malware Comment : Object : C:\Program\bullseye network\bin FileVersion : 1.00 ProductVersion : 1.00 ProductName : adx CompanyName : eXact Advertising InternalName : adx LegalCopyright : Copyright © 2003, 2004. eXact Advertising, LLC. All Rights Reserved. OriginalFilename : adx.exe BargainBuddy Object Recognized! Type : File Data : bargains.exe Category : Malware Comment : Object : C:\Program\bullseye network\bin FileVersion : 2, 0, 0, 1 ProductVersion : 2, 0, 0, 1 ProductName : BargainsBuddy ADP Module CompanyName : eXact Advertising FileDescription : bargains InternalName : ADP LegalCopyright : Copyright © 2003, 2004. eXact Advertising, LLC. All Rights Reserved. OriginalFilename : bargains.exe BargainBuddy Object Recognized! Type : File Data : ad.dat Category : Malware Comment : Object : C:\Program\bullseye network BargainBuddy Object Recognized! Type : File Data : ub.dat Category : Malware Comment : Object : C:\Program\bullseye network BargainBuddy Object Recognized! Type : File Data : Uninstall.exe Category : Malware Comment : Object : C:\Program\bullseye network FileVersion : 8.0.3.1 ProductName : BullsEye Network CompanyName : eXact Advertising FileDescription : BargainBuddy Module LegalCopyright : Copyright © 2003, 2004. eXact Advertising, LLC. All Rights Reserved. LegalTrademarks : Copyright © 2003, 2004. eXact Advertising, LLC. All Rights Reserved. Comments : BargainBuddy Module iWon Object Recognized! Type : Regkey Data : Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : clsid\{a4730ebe-43a6-443e-9776-36915d323ad3} iWon Object Recognized! Type : Regkey Data : Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\funwebproducts iWon Object Recognized! Type : Folder Category : Data Miner Comment : Object : C:\Program\FunWebProducts iWon Object Recognized! Type : File Data : MyWebSearch Email Plugin.lnk Category : Data Miner Comment : Object : C:\Documents and Settings\Marie Nilsson\Start-meny\Program\Autostart AltnetBDE Object Recognized! Type : Folder Category : Data Miner Comment : Object : C:\WINDOWS\temp\Altnet AltnetBDE Object Recognized! Type : File Data : adm.exe Category : Data Miner Comment : Object : C:\WINDOWS\temp\altnet FileVersion : 4, 0, 0, 5 ProductVersion : 4, 0, 0, 0 ProductName : ADM CompanyName : Altnet FileDescription : ADM InternalName : ADM LegalCopyright : Copyright © 2003, 2004 Altnet OriginalFilename : ADM.exe AltnetBDE Object Recognized! Type : File Data : adm25.dll Category : Data Miner Comment : Object : C:\WINDOWS\temp\altnet FileVersion : 1, 2, 4, 3 ProductVersion : 1, 0, 0, 0 ProductName : ADM CompanyName : Altnet FileDescription : ADM InternalName : ADM LegalCopyright : Copyright 2002 OriginalFilename : ADM25.dll AltnetBDE Object Recognized! Type : File Data : adm4.dll Category : Data Miner Comment : Object : C:\WINDOWS\temp\altnet FileVersion : 4, 0, 0, 6 ProductVersion : 4, 0, 0, 0 ProductName : ADM CompanyName : Altnet FileDescription : ADM InternalName : ADM LegalCopyright : Copyright © 2003 Altnet OriginalFilename : ADM4.dll AltnetBDE Object Recognized! Type : File Data : admdata.dll Category : Data Miner Comment : Object : C:\WINDOWS\temp\altnet FileVersion : 1, 0, 1, 10 ProductVersion : 1, 0, 0, 0 ProductName : ADMData CompanyName : Altnet FileDescription : ADMData InternalName : ADMData LegalCopyright : Copyright 1999 OriginalFilename : ADMData.dll AltnetBDE Object Recognized! Type : File Data : admdloader.dll Category : Data Miner Comment : Object : C:\WINDOWS\temp\altnet FileVersion : 3, 0, 39, 2 ProductVersion : 3, 0, 0, 0 ProductName : ADMDloader CompanyName : Altnet FileDescription : BDEDownloader InternalName : ADMDloader LegalCopyright : Copyright © 2001 Altnet OriginalFilename : ADMDloader.dll AltnetBDE Object Recognized! Type : File Data : admfdi.dll Category : Data Miner Comment : Object : C:\WINDOWS\temp\altnet FileVersion : 1, 0, 0, 8 ProductVersion : 1, 0, 0, 0 ProductName : ADMFdi CompanyName : Altnet FileDescription : ADMFdi InternalName : ADMFdi LegalCopyright : Copyright © 2000 OriginalFilename : ADMFdi AltnetBDE Object Recognized! Type : File Data : admprog.dll Category : Data Miner Comment : Object : C:\WINDOWS\temp\altnet FileVersion : 4, 0, 0, 4 ProductVersion : 4, 0, 0, 0 ProductName : ADMProg CompanyName : Altnet InternalName : ADMProg LegalCopyright : Copyright © 2003 Altnet OriginalFilename : ADMProg.dll AltnetBDE Object Recognized! Type : File Data : atl.dll Category : Data Miner Comment : Object : C:\WINDOWS\temp\altnet FileVersion : 3.00.8168 ProductVersion : 6.00.8168 ProductName : Microsoft ® Visual C++ CompanyName : Microsoft Corporation FileDescription : ATL Module for Windows (ANSI) InternalName : ATL LegalCopyright : Copyright © Microsoft Corp. 1996-1998 OriginalFilename : ATL.DLL AltnetBDE Object Recognized! Type : File Data : dmfiles.cab Category : Data Miner Comment : Object : C:\WINDOWS\temp\altnet AltnetBDE Object Recognized! Type : File Data : DMinfo3.cab Category : Data Miner Comment : Object : C:\WINDOWS\temp\altnet AltnetBDE Object Recognized! Type : File Data : dminstall7.cab Category : Data Miner Comment : Object : C:\WINDOWS\temp\altnet AltnetBDE Object Recognized! Type : File Data : msvcirt.dll Category : Data Miner Comment : Object : C:\WINDOWS\temp\altnet FileVersion : 6.00.8168.0 ProductVersion : 6.00.8168.0 ProductName : Microsoft ® Visual C++ CompanyName : Microsoft Corporation FileDescription : Microsoft ® C++ Runtime Library InternalName : MSVCIRT.DLL LegalCopyright : Copyright © Microsoft Corp. 1981-1998 OriginalFilename : MSVCIRT.DLL AltnetBDE Object Recognized! Type : File Data : mysearch.cab Category : Data Miner Comment : Object : C:\WINDOWS\temp\altnet AltnetBDE Object Recognized! Type : File Data : pmexe.cab Category : Data Miner Comment : Object : C:\WINDOWS\temp\altnet AltnetBDE Object Recognized! Type : File Data : pmfiles.cab Category : Data Miner Comment : Object : C:\WINDOWS\temp\altnet AltnetBDE Object Recognized! Type : File Data : pminstall.cab Category : Data Miner Comment : Object : C:\WINDOWS\temp\altnet AltnetBDE Object Recognized! Type : File Data : Setup.cab Category : Data Miner Comment : Object : C:\WINDOWS\temp\altnet AltnetBDE Object Recognized! Type : File Data : Setup.exe Category : Data Miner Comment : Object : C:\WINDOWS\temp\altnet FileVersion : 1, 0, 4, 13 ProductVersion : 1, 0, 0, 0 ProductName : AltnetInstaller CompanyName : Altnet FileDescription : AltnetInstaller InternalName : AltnetInstaller LegalCopyright : Copyright © 2003 OriginalFilename : AltnetInstaller.exe Claria Object Recognized! Type : File Data : GatorPdpSetup.log Category : Data Miner Comment : Object : C:\WINDOWS Claria Object Recognized! Type : File Data : GatorUninstaller_cme.log Category : Data Miner Comment : Object : C:\WINDOWS Claria Object Recognized! Type : File Data : GatorUninstaller_cme_u.log Category : Data Miner Comment : Object : C:\WINDOWS eUniverse Object Recognized! Type : Folder Category : Data Miner Comment : Object : C:\Program\perfectnav\BHO eUniverse Object Recognized! Type : Folder Category : Data Miner Comment : Object : C:\Program\PerfectNav eUniverse Object Recognized! Type : File Data : PerfectNav150c.dll Category : Data Miner Comment : Object : C:\Program\perfectnav\bho FileVersion : 1, 5, 0, 0 ProductVersion : 1, 5, 0, 0 ProductName : BHO Module FileDescription : BHO Module InternalName : BHO LegalCopyright : Copyright 2003 OriginalFilename : BHO.DLL ExactSearchBar Object Recognized! Type : RegValue Data : Category : Data Miner Comment : Rootkey : HKEY_CURRENT_USER Object : software\microsoft\internet explorer\toolbar\webbrowser Value : {224530A0-C9CB-4AEE-9C0F-54AC1B533211} ExactSearchBar Object Recognized! Type : RegValue Data : Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\internet explorer\toolbar Value : {224530A0-C9CB-4AEE-9C0F-54AC1B533211} ExactSearchBar Object Recognized! Type : Folder Category : Data Miner Comment : Object : C:\Program\eXact ExactSearchBar Object Recognized! Type : File Data : buttons.xml Category : Data Miner Comment : Object : C:\Program\exact ExactSearchBar Object Recognized! Type : File Data : CloseWindow.exe Category : Data Miner Comment : Object : C:\Program\exact ExactSearchBar Object Recognized! Type : File Data : engines.xml Category : Data Miner Comment : Object : C:\Program\exact ExactSearchBar Object Recognized! Type : File Data : exactlog.txt Category : Data Miner Comment : Object : C:\Program\exact ExactSearchBar Object Recognized! Type : File Data : eXactToolbar.dll Category : Data Miner Comment : Object : C:\Program\exact FileVersion : 0, 0, 0, 0 ProductName : eXactToolbar CompanyName : Pattern Discovery Software FileDescription : eXactToolbar InternalName : eXactToolbar LegalCopyright : Copyright © 2002 OriginalFilename : eXactToolbar.dll ExactSearchBar Object Recognized! Type : File Data : exacttoolbar00067.dll Category : Data Miner Comment : Object : C:\Program\exact FileVersion : 0, 0, 0, 0 ProductName : eXactToolbar CompanyName : Pattern Discovery Software FileDescription : eXactToolbar InternalName : eXactToolbar LegalCopyright : Copyright © 2002 OriginalFilename : eXactToolbar.dll ExactSearchBar Object Recognized! Type : File Data : exacttoolbar00068.dll Category : Data Miner Comment : Object : C:\Program\exact FileVersion : 0, 0, 0, 0 ProductName : eXactToolbar CompanyName : Pattern Discovery Software FileDescription : eXactToolbar InternalName : eXactToolbar LegalCopyright : Copyright © 2002 OriginalFilename : eXactToolbar.dll ExactSearchBar Object Recognized! Type : File Data : exactUpdate.exe Category : Data Miner Comment : Object : C:\Program\exact FileVersion : 0, 0, 6, 0 ProductVersion : 0, 0, 6, 0 ProductName : ExactUpdate CompanyName : Pattern Discovery Software Systems Ltd. FileDescription : ExactUpdate InternalName : ExactUpdate LegalCopyright : Copyright © 2002 Pattern Discovery Software OriginalFilename : exactUpdate.exe Comments : Contains Free License for UniquE RAR File Library © 2000-2002 by Christian Scheurer (www.ChristianScheurer.ch) ExactSearchBar Object Recognized! Type : File Data : exactupdate00136.exe Category : Data Miner Comment : Object : C:\Program\exact FileVersion : 0, 0, 6, 0 ProductVersion : 0, 0, 6, 0 ProductName : ExactUpdate CompanyName : Pattern Discovery Software Systems Ltd. FileDescription : ExactUpdate InternalName : ExactUpdate LegalCopyright : Copyright © 2002 Pattern Discovery Software OriginalFilename : exactUpdate.exe Comments : Contains Free License for UniquE RAR File Library © 2000-2002 by Christian Scheurer (www.ChristianScheurer.ch) ExactSearchBar Object Recognized! Type : File Data : exactupdateguid.txt Category : Data Miner Comment : Object : C:\Program\exact ExactSearchBar Object Recognized! Type : File Data : INSTALL.LOG Category : Data Miner Comment : Object : C:\Program\exact ExactSearchBar Object Recognized! Type : File Data : mg03025.bmp Category : Data Miner Comment : Object : C:\Program\exact ExactSearchBar Object Recognized! Type : File Data : mg03025.xml Category : Data Miner Comment : Object : C:\Program\exact ExactSearchBar Object Recognized! Type : File Data : mg03025a.rar Category : Data Miner Comment : Object : C:\Program\exact ExactSearchBar Object Recognized! Type : File Data : mg03026.bmp Category : Data Miner Comment : Object : C:\Program\exact ExactSearchBar Object Recognized! Type : File Data : mg03026.xml Category : Data Miner Comment : Object : C:\Program\exact ExactSearchBar Object Recognized! Type : File Data : mg03026a.rar Category : Data Miner Comment : Object : C:\Program\exact ExactSearchBar Object Recognized! Type : File Data : mg03027.bmp Category : Data Miner Comment : Object : C:\Program\exact ExactSearchBar Object Recognized! Type : File Data : mg03027.xml Category : Data Miner Comment : Object : C:\Program\exact ExactSearchBar Object Recognized! Type : File Data : mg03027a.rar Category : Data Miner Comment : Object : C:\Program\exact ExactSearchBar Object Recognized! Type : File Data : mg03028.bmp Category : Data Miner Comment : Object : C:\Program\exact ExactSearchBar Object Recognized! Type : File Data : mg03028.xml Category : Data Miner Comment : Object : C:\Program\exact ExactSearchBar Object Recognized! Type : File Data : mg03028a.rar Category : Data Miner Comment : Object : C:\Program\exact ExactSearchBar Object Recognized! Type : File Data : mg03030.bmp Category : Data Miner Comment : Object : C:\Program\exact ExactSearchBar Object Recognized! Type : File Data : mg03030.xml Category : Data Miner Comment : Object : C:\Program\exact ExactSearchBar Object Recognized! Type : File Data : mg03030a.rar Category : Data Miner Comment : Object : C:\Program\exact ExactSearchBar Object Recognized! Type : File Data : mg03031.bmp Category : Data Miner Comment : Object : C:\Program\exact ExactSearchBar Object Recognized! Type : File Data : mg03031.xml Category : Data Miner Comment : Object : C:\Program\exact ExactSearchBar Object Recognized! Type : File Data : mg03031a.rar Category : Data Miner Comment : Object : C:\Program\exact ExactSearchBar Object Recognized! Type : File Data : mg03032.bmp Category : Data Miner Comment : Object : C:\Program\exact ExactSearchBar Object Recognized! Type : File Data : mg03032.xml Category : Data Miner Comment : Object : C:\Program\exact ExactSearchBar Object Recognized! Type : File Data : mg03032a.rar Category : Data Miner Comment : Object : C:\Program\exact ExactSearchBar Object Recognized! Type : File Data : mg03033.bmp Category : Data Miner Comment : Object : C:\Program\exact ExactSearchBar Object Recognized! Type : File Data : mg03033.xml Category : Data Miner Comment : Object : C:\Program\exact ExactSearchBar Object Recognized! Type : File Data : mg03033a.rar Category : Data Miner Comment : Object : C:\Program\exact ExactSearchBar Object Recognized! Type : File Data : mg03034.bmp Category : Data Miner Comment : Object : C:\Program\exact ExactSearchBar Object Recognized! Type : File Data : mg03034.xml Category : Data Miner Comment : Object : C:\Program\exact ExactSearchBar Object Recognized! Type : File Data : mg03034a.rar Category : Data Miner Comment : Object : C:\Program\exact ExactSearchBar Object Recognized! Type : File Data : mg10000.bmp Category : Data Miner Comment : Object : C:\Program\exact ExactSearchBar Object Recognized! Type : File Data : mg10000.xml Category : Data Miner Comment : Object : C:\Program\exact ExactSearchBar Object Recognized! Type : File Data : mg10000a.rar Category : Data Miner Comment : Object : C:\Program\exact ExactSearchBar Object Recognized! Type : File Data : msg_log.txt Category : Data Miner Comment : Object : C:\Program\exact ExactSearchBar Object Recognized! Type : File Data : poplinks.xml Category : Data Miner Comment : Object : C:\Program\exact ExactSearchBar Object Recognized! Type : File Data : popularlinks.reg Category : Data Miner Comment : Object : C:\Program\exact ExactSearchBar Object Recognized! Type : File Data : UNWISE.EXE Category : Data Miner Comment : Object : C:\Program\exact ExactSearchBar Object Recognized! Type : File Data : wipe.reg Category : Data Miner Comment : Object : C:\Program\exact MagicControl Object Recognized! Type : Regkey Data : Category : Data Miner Comment : Rootkey : HKEY_CURRENT_USER Object : software\mc MagicControl Object Recognized! Type : Folder Category : Data Miner Comment : Object : C:\WINDOWS\mslagent MagicControl Object Recognized! Type : File Data : msegcompid.dll Category : Data Miner Comment : Object : C:\WINDOWS\System32 MagicControl Object Recognized! Type : File Data : 2_1,0,3,7_mslagent.dll Category : Data Miner Comment : Object : C:\WINDOWS\mslagent MagicControl Object Recognized! Type : File Data : 3_1,0,1,4_mslagent.dll Category : Data Miner Comment : Object : C:\WINDOWS\mslagent FileVersion : 1, 0, 1, 4 ProductVersion : 1, 0, 1, 4 ProductName : 3_mslagent Module FileDescription : 3_mslagent Module InternalName : 3_mslagent LegalCopyright : Copyright 2002 OriginalFilename : 3_mslagent.dll MagicControl Object Recognized! Type : File Data : 4a_1,0,2,9_mslagent.dll Category : Data Miner Comment : Object : C:\WINDOWS\mslagent FileVersion : 1, 0, 2, 9 ProductVersion : 1, 0, 2, 9 ProductName : 4a_mslagent CompanyName : mslagent FileDescription : 4a_mslagent InternalName : 4a_mslagent LegalCopyright : Copyright © 2004 OriginalFilename : 4a_mslagent.dll MagicControl Object Recognized! Type : File Data : 4b_1,0,1,2_mslagent.dll Category : Data Miner Comment : Object : C:\WINDOWS\mslagent FileVersion : 1, 0, 1, 2 ProductVersion : 1, 0, 1, 2 ProductName : 4b_mslagent Module FileDescription : 4b_mslagent InternalName : 4b_mslagent LegalCopyright : Copyright 2003 OriginalFilename : 4b_mslagent.dll MagicControl Object Recognized! Type : File Data : 7_1,0,0,3_mslagent.dll Category : Data Miner Comment : Object : C:\WINDOWS\mslagent FileVersion : 1, 0, 0, 3 ProductVersion : 1, 0, 0, 3 ProductName : 7_mslagent.dll Module FileDescription : 7_mslagent.dll Module InternalName : 7_mslagent LegalCopyright : Copyright 2003 OriginalFilename : 7_mslagent.dll MagicControl Object Recognized! Type : File Data : 8_1,0,0,2_mslagent.dll Category : Data Miner Comment : Object : C:\WINDOWS\mslagent FileVersion : 1, 0, 0, 2 ProductVersion : 1, 0, 0, 2 ProductName : 8_mslagent Module FileDescription : 8_mslagent Module InternalName : 8_mslagent LegalCopyright : Copyright 2004 OriginalFilename : 8_mslagent.DLL MagicControl Object Recognized! Type : File Data : acknowledged.mc2 Category : Data Miner Comment : Object : C:\WINDOWS\mslagent MagicControl Object Recognized! Type : File Data : CompManagerPersist.mc2 Category : Data Miner Comment : Object : C:\WINDOWS\mslagent MagicControl Object Recognized! Type : File Data : mslagent.exe Category : Data Miner Comment : Object : C:\WINDOWS\mslagent FileVersion : 1, 0, 2, 8 ProductVersion : 1, 0, 2, 8 ProductName : mslagent FileDescription : mslagent InternalName : mslagent LegalCopyright : Copyright © 2002 OriginalFilename : mslagent.exe MagicControl Object Recognized! Type : File Data : NaviPersist.mc2 Category : Data Miner Comment : Object : C:\WINDOWS\mslagent MagicControl Object Recognized! Type : File Data : NaviPromo.mc2 Category : Data Miner Comment : Object : C:\WINDOWS\mslagent MagicControl Object Recognized! Type : File Data : OrderPersist.mc2 Category : Data Miner Comment : Object : C:\WINDOWS\mslagent MagicControl Object Recognized! Type : File Data : TimePersist Category : Data Miner Comment : Object : C:\WINDOWS\mslagent MagicControl Object Recognized! Type : File Data : uninstall.exe Category : Data Miner Comment : Object : C:\WINDOWS\mslagent FileVersion : 1, 0, 2, 8 ProductVersion : 1, 0, 2, 8 ProductName : mslagent FileDescription : mslagent InternalName : mslagent LegalCopyright : Copyright © 2002 OriginalFilename : mslagent.exe MyWay.Speedbar Object Recognized! Type : Regkey Data : Category : Misc Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\myway MyWay.Speedbar Object Recognized! Type : Folder Category : Misc Comment : Object : C:\Program\MyWay MyWay.Speedbar Object Recognized! Type : Folder Category : Misc Comment : Object : C:\Program\myway\myBar MyWay.Speedbar Object Recognized! Type : File Data : MY2NS.EXE Category : Misc Comment : Object : C:\Program\myway\mybar\1.bin MyWay.Speedbar Object Recognized! Type : File Data : MYWAYPLUGINPROXY.CLASS Category : Misc Comment : Object : C:\Program\myway\mybar\1.bin MyWay.Speedbar Object Recognized! Type : File Data : NPMYWAY.DLL Category : Misc Comment : Object : C:\Program\myway\mybar\1.bin FileVersion : 1, 0, 1, 1 ProductVersion : 1, 0, 1, 1 ProductName : My Way Plugin CompanyName : My Way FileDescription : My Way Plugin for 32-bit Windows InternalName : MyWayPlugin LegalCopyright : Copyright © 2000, 2001, 2002 OriginalFilename : NPMyWay.DLL MyWay.Speedbar Object Recognized! Type : File Data : PARTNER.BMP Category : Misc Comment : Object : C:\Program\myway\mybar\1.bin MyWay.Speedbar Object Recognized! Type : File Data : PARTNER.DAT Category : Misc Comment : Object : C:\Program\myway\mybar\1.bin MyWay.Speedbar Object Recognized! Type : File Data : PARTNER2.DAT Category : Misc Comment : Object : C:\Program\myway\mybar\1.bin MyWay.Speedbar Object Recognized! Type : File Data : PARTNER3.DAT Category : Misc Comment : Object : C:\Program\myway\mybar\1.bin MyWay.Speedbar Object Recognized! Type : File Data : PARTNER4.DAT Category : Misc Comment : Object : C:\Program\myway\mybar\1.bin MyWay.Speedbar Object Recognized! Type : File Data : PARTNER5.DAT Category : Misc Comment : Object : C:\Program\myway\mybar\1.bin MyWay.Speedbar Object Recognized! Type : File Data : PARTNER6.DAT Category : Misc Comment : Object : C:\Program\myway\mybar\1.bin NavExcel Object Recognized! Type : Regkey Data : Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : appid\nhelper.dll NavExcel Object Recognized! Type : Folder Category : Malware Comment : Object : C:\Program\NavExcel NavExcel Object Recognized! Type : Folder Category : Malware Comment : Object : C:\Program\navexcel\NavHelper WhenU Object Recognized! Type : Regkey Data : Category : Data Miner Comment : Rootkey : HKEY_CURRENT_USER Object : software\whenu WhenU Object Recognized! Type : Folder Category : Data Miner Comment : Object : C:\Program\ClockSync WhenU Object Recognized! Type : Folder Category : Data Miner Comment : Object : C:\Program\Save WhenU Object Recognized! Type : Folder Category : Data Miner Comment : Object : C:\Documents and Settings\Marie Nilsson\Start-meny\Program\ClockSync WhenU Object Recognized! Type : Folder Category : Data Miner Comment : Object : C:\Documents and Settings\Marie Nilsson\Start-meny\Program\WeatherCast WhenU Object Recognized! Type : File Data : Sync.exe Category : Data Miner Comment : Object : C:\Program\clocksync FileVersion : 1, 0, 1, 62 ProductVersion : 1, 0, 1, 62 ProductName : ClockSync FileDescription : ClockSync InternalName : TEST1 LegalCopyright : Copyright 2003 WhenU, Inc. OriginalFilename : ClockSync.exe WhenU Object Recognized! Type : File Data : Uninst.exe Category : Data Miner Comment : Object : C:\Program\clocksync FileVersion : 1, 0, 0, 1 ProductVersion : 1, 0, 0, 1 ProductName : ClockSync Uninstall FileDescription : ClockSync Uninstall Program InternalName : ClockSync Uninstall Program LegalCopyright : Copyright 2003 WhenU, Inc. OriginalFilename : Uninst.exe WhenU Object Recognized! Type : File Data : ReadMe.txt Category : Data Miner Comment : Object : C:\Program\save WhenU Object Recognized! Type : File Data : save.db Category : Data Miner Comment : Object : C:\Program\save WhenU Object Recognized! Type : File Data : save.htm Category : Data Miner Comment : Object : C:\Program\save WhenU Object Recognized! Type : File Data : SaveUninst.exe Category : Data Miner Comment : Object : C:\Program\save FileVersion : 2, 6, 2, 4 ProductVersion : 2, 6, 2, 4 ProductName : Save! Uninstall CompanyName : WhenU.com, Inc. FileDescription : Save! Uninstall InternalName : SaveUninst LegalCopyright : Copyright 2001 OriginalFilename : SaveUninst.exe WhenU Object Recognized! Type : File Data : store.db Category : Data Miner Comment : Object : C:\Program\save WhenU Object Recognized! Type : File Data : ClockSync.lnk Category : Data Miner Comment : Object : C:\Documents and Settings\Marie Nilsson\Start-meny\Program\clocksync Dialer Object Recognized! Type : File Data : kazaa-download-accelerator-lite.exe Category : Dialer Comment : Webdialer Object : C:\Documents and Settings\Marie Nilsson\Skrivbord WhenU Object Recognized! Type : File Data : ClockSync.lnk Category : Data Miner Comment : Shortcut to bad file : C:\Documents and Settings\Marie Nilsson\Start-meny\Program\ClockSync\ClockSync.lnk Object : C:\Documents and Settings\Marie Nilsson\Start-meny\Program\ClockSync Conditional scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 142 Objects found so far: 420 11:00:07 Scan Complete Summary Of This Scan »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Total scanning time:00:01:02.297 Objects scanned:68398 Objects identified:390 Objects ignored:0 New critical objects:390[/log] OK?/marni [inlägget ändrat 2004-10-28 14:02:04 av Erik Junesjö]
  13. Hur gör jag för att kopiera och skicka den? /Marni
  14. Hej! Jag har sparat och kört ad-aware. Samtidigt som den ködes kom mitt Norton AntiVirus med meddelande: Hög risk virusvarningobj c:windo..\2_1,0,3,7_mslagnt.dll Trojan.Simcss gick inte att laga filen. VAD HÄNDER? Nu har ad-aware scannat färdigt och visar resultatet. Det är en lång lista. Vad gör jag nu? Ska jag bocka för alla dem? /marni
  15. Tack för tipset, men vilken version ska jag ladda ner? Ad-aware SE personal edition? Den frågar om jag ska öppna eller spara - hur gör jag? Marni
×
×
  • Skapa nytt...