Just nu i M3-nätverket
Gå till innehåll
marni

bargainbuddy

Rekommendera Poster

Sökte lite på google om det och det verkade som om folk hade lite problem med att få bort Bargain Buddy. Det är program, ett i mängden, som snokar på var du surfar och presenterar reklam för dig, bla beroende på var du surfar.

Men det första jag tycker du gör är att köra Ad-Aware som du laddar ner här http://www.download.com/3000-2144-10045910.html

Det är ett program som söker igenom din dator efter sådant skräp och lite till och sedan låter dig ta bort det. Ladda ner om du inte redan har det.

Prova först med det och om du inte får bort skräpet så återkom hit så ska vi nog kunna fixa det ändå.

 

Dela detta inlägg


Länk till inlägg
Dela på andra webbplatser

Tack för tipset, men vilken version ska jag ladda ner? Ad-aware SE personal edition? Den frågar om jag ska öppna eller spara - hur gör jag?

Marni

 

 

Dela detta inlägg


Länk till inlägg
Dela på andra webbplatser

Hej! Jag har sparat och kört ad-aware. Samtidigt som den ködes kom mitt Norton AntiVirus med meddelande: Hög risk virusvarningobj c:windo..\2_1,0,3,7_mslagnt.dll Trojan.Simcss gick inte att laga filen. VAD HÄNDER?

Nu har ad-aware scannat färdigt och visar resultatet. Det är en lång lista. Vad gör jag nu? Ska jag bocka för alla dem? /marni

 

Dela detta inlägg


Länk till inlägg
Dela på andra webbplatser

När du scannat så har du en knapp under resultatet som heter Show logfile. Klicka på den och kopiera in texten här när du svarar.

 

Dela detta inlägg


Länk till inlägg
Dela på andra webbplatser

[log]Lavasoft Ad-Aware Personal Build 1.03

Logfile created on:den 28 oktober 2004 10:59:04

Created with Ad-Aware SE Personal, free for private use.

Using definitions file:SE1R15 26.10.2004

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

 

References detected during the scan:

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Alexa(TAC index:5):3 total references

AltnetBDE(TAC index:4):25 total references

BargainBuddy(TAC index:8):59 total references

Claria(TAC index:7):5 total references

Dialer(TAC index:5):5 total references

DialPass(TAC index:5):4 total references

eUniverse(TAC index:10):11 total references

ExactSearchBar(TAC index:5):56 total references

iWon(TAC index:5):66 total references

MagicControl(TAC index:7):30 total references

MRU List(TAC index:0):26 total references

MyWay.Speedbar(TAC index:0):41 total references

NavExcel(TAC index:5):12 total references

Other(TAC index:5):4 total references

Possible Browser Hijack attempt(TAC index:3):3 total references

Tracking Cookie(TAC index:3):47 total references

WhenU(TAC index:10):22 total references

Win32.Adverts.TrojanDownloader(TAC index:6):1 total references

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

 

Ad-Aware Settings

===========================

Set : Search for negligible risk entries

Set : Safe mode (always request confirmation)

Set : Scan active processes

Set : Scan registry

Set : Deep-scan registry

Set : Scan my IE Favorites for banned URLs

Set : Scan my Hosts file

 

Extended Ad-Aware Settings

===========================

Set : Unload recognized processes & modules during scan

Set : Scan registry for all users instead of current user only

Set : Always try to unload modules before deletion

Set : During removal, unload Explorer and IE if necessary

Set : Let Windows remove files in use at next reboot

Set : Delete quarantined objects after restoring

Set : Include basic Ad-Aware settings in log file

Set : Include additional Ad-Aware settings in log file

Set : Include reference summary in log file

Set : Backup current definitions file before updating

Set : Play sound at scan completion if scan locates critical objects

 

 

2004-10-28 10:59:04 - Scan started. (Smart mode)

 

Listing running processes

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

 

#:1 [smss.exe]

FilePath : \SystemRoot\System32 ProcessID : 632

ThreadCreationTime : 2004-10-28 07:16:55

BasePriority : Normal

 

 

#:2 [csrss.exe]

FilePath : \??\C:\WINDOWS\system32 ProcessID : 680

ThreadCreationTime : 2004-10-28 07:16:55

BasePriority : Normal

 

 

#:3 [winlogon.exe]

FilePath : \??\C:\WINDOWS\system32 ProcessID : 704

ThreadCreationTime : 2004-10-28 07:16:56

BasePriority : High

 

 

#:4 [services.exe]

FilePath : C:\WINDOWS\system32 ProcessID : 748

ThreadCreationTime : 2004-10-28 07:16:56

BasePriority : Normal

FileVersion : 5.1.2600.0 (xpclient.010817-1148)

ProductVersion : 5.1.2600.0

ProductName : Operativsystemet Microsoft® Windows®

CompanyName : Microsoft Corporation

FileDescription : Tjänst- och styrenhetsprogram

InternalName : services.exe

LegalCopyright : © Microsoft Corporation. Med ensamrätt.

OriginalFilename : services.exe

 

#:5 [lsass.exe]

FilePath : C:\WINDOWS\system32 ProcessID : 760

ThreadCreationTime : 2004-10-28 07:16:56

BasePriority : Normal

FileVersion : 5.1.2600.1106 (xpsp1.020828-1920)

ProductVersion : 5.1.2600.1106

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : LSA Shell (Export Version)

InternalName : lsass.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : lsass.exe

 

#:6 [ati2evxx.exe]

FilePath : C:\WINDOWS\System32 ProcessID : 960

ThreadCreationTime : 2004-10-28 07:16:57

BasePriority : Normal

 

 

#:7 [svchost.exe]

FilePath : C:\WINDOWS\system32 ProcessID : 984

ThreadCreationTime : 2004-10-28 07:16:57

BasePriority : Normal

FileVersion : 5.1.2600.0 (xpclient.010817-1148)

ProductVersion : 5.1.2600.0

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Generic Host Process for Win32 Services

InternalName : svchost.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : svchost.exe

 

#:8 [svchost.exe]

FilePath : C:\WINDOWS\System32 ProcessID : 1088

ThreadCreationTime : 2004-10-28 07:16:57

BasePriority : Normal

FileVersion : 5.1.2600.0 (xpclient.010817-1148)

ProductVersion : 5.1.2600.0

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Generic Host Process for Win32 Services

InternalName : svchost.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : svchost.exe

 

#:9 [svchost.exe]

FilePath : C:\WINDOWS\System32 ProcessID : 1224

ThreadCreationTime : 2004-10-28 07:16:57

BasePriority : Normal

FileVersion : 5.1.2600.0 (xpclient.010817-1148)

ProductVersion : 5.1.2600.0

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Generic Host Process for Win32 Services

InternalName : svchost.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : svchost.exe

 

#:10 [svchost.exe]

FilePath : C:\WINDOWS\System32 ProcessID : 1256

ThreadCreationTime : 2004-10-28 07:16:57

BasePriority : Normal

FileVersion : 5.1.2600.0 (xpclient.010817-1148)

ProductVersion : 5.1.2600.0

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Generic Host Process for Win32 Services

InternalName : svchost.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : svchost.exe

 

#:11 [ccsetmgr.exe]

FilePath : C:\Program\Delade filer\Symantec Shared ProcessID : 1356

ThreadCreationTime : 2004-10-28 07:16:57

BasePriority : Normal

FileVersion : 2.0.0.635

ProductVersion : 2.0.0.635

ProductName : Common Client

CompanyName : Symantec Corporation

FileDescription : Common Client Settings Manager Service

InternalName : ccSetMgr

LegalCopyright : Copyright © 2000-2003 Symantec Corporation. All rights reserved.

OriginalFilename : ccSetMgr.exe

 

#:12 [ccevtmgr.exe]

FilePath : C:\Program\Delade filer\Symantec Shared ProcessID : 1396

ThreadCreationTime : 2004-10-28 07:16:58

BasePriority : Normal

FileVersion : 2.0.0.635

ProductVersion : 2.0.0.635

ProductName : Common Client

CompanyName : Symantec Corporation

FileDescription : Common Client Event Manager Service

InternalName : ccEvtMgr

LegalCopyright : Copyright © 2000-2003 Symantec Corporation. All rights reserved.

OriginalFilename : ccEvtMgr.exe

 

#:13 [spoolsv.exe]

FilePath : C:\WINDOWS\system32 ProcessID : 1652

ThreadCreationTime : 2004-10-28 07:16:58

BasePriority : Normal

FileVersion : 5.1.2600.0 (XPClient.010817-1148)

ProductVersion : 5.1.2600.0

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Spooler SubSystem App

InternalName : spoolsv.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : spoolsv.exe

 

#:14 [ctsvccda.exe]

FilePath : C:\WINDOWS\System32 ProcessID : 1768

ThreadCreationTime : 2004-10-28 07:17:00

BasePriority : Normal

FileVersion : 1.0.1.0

ProductVersion : 1.0.0.0

ProductName : Creative Service for CDROM Access

CompanyName : Creative Technology Ltd

FileDescription : Creative Service for CDROM Access

InternalName : CTsvcCDAEXE

LegalCopyright : Copyright © Creative Technology Ltd., 1999. All rights reserved.

OriginalFilename : CTsvcCDA.EXE

 

#:15 [sagent2.exe]

FilePath : C:\Program\Delade filer\EPSON\EBAPI ProcessID : 1788

ThreadCreationTime : 2004-10-28 07:17:00

BasePriority : Normal

FileVersion : 2, 3, 0, 0

ProductVersion : 1, 0, 0, 0

ProductName : EPSON Bidirectional Printer

CompanyName : SEIKO EPSON CORPORATION

FileDescription : EPSON Printer Status Agent

InternalName : SAgent2

LegalCopyright : Copyright © SEIKO EPSON CORP. 2000-2001

OriginalFilename : SAgent2.exe

 

#:16 [navapsvc.exe]

FilePath : C:\Program\Norton AntiVirus ProcessID : 1844

ThreadCreationTime : 2004-10-28 07:17:00

BasePriority : Normal

FileVersion : 10.00.2

ProductVersion : 10.00.2

ProductName : Norton AntiVirus

CompanyName : Symantec Corporation

FileDescription : Norton AntiVirus Auto-Protect Service

InternalName : NAVAPSVC

LegalCopyright : Norton AntiVirus 2004 for Windows 98/ME/2000/XP Copyright © 2003 Symantec Corporation. All rights reserved.

OriginalFilename : NAVAPSVC.EXE

 

#:17 [mspmspsv.exe]

FilePath : C:\WINDOWS\System32 ProcessID : 2016

ThreadCreationTime : 2004-10-28 07:17:00

BasePriority : Normal

FileVersion : 7.00.00.1954

ProductVersion : 7.00.00.1954

ProductName : Microsoft ® DRM

CompanyName : Microsoft Corporation

FileDescription : WMDM PMSP Service

InternalName : MSPMSPSV.EXE

LegalCopyright : Copyright © Microsoft Corp. 1981-2000

OriginalFilename : MSPMSPSV.EXE

 

#:18 [savscan.exe]

FilePath : C:\Program\Norton AntiVirus ProcessID : 356

ThreadCreationTime : 2004-10-28 07:17:01

BasePriority : Normal

FileVersion : 9.2.1.14

ProductVersion : 9.2

ProductName : Symantec AntiVirus AutoProtect

CompanyName : Symantec Corporation

FileDescription : Symantec AntiVirus Scanner

InternalName : SAVSCAN

LegalCopyright : Copyright © 2003 Symantec Corporation

OriginalFilename : SAVSCAN.EXE

 

#:19 [explorer.exe]

FilePath : C:\WINDOWS ProcessID : 1016

ThreadCreationTime : 2004-10-28 07:17:05

BasePriority : Normal

FileVersion : 6.00.2800.1106 (xpsp1.020828-1920)

ProductVersion : 6.00.2800.1106

ProductName : Operativsystemet Microsoft® Windows®

CompanyName : Microsoft Corporation

FileDescription : Utforskaren

InternalName : explorer

LegalCopyright : © Microsoft Corporation. Med ensamrätt.

OriginalFilename : EXPLORER.EXE

 

#:20 [ctsysvol.exe]

FilePath : C:\Program\Creative\SBAudigy2\Surround Mixer ProcessID : 1240

ThreadCreationTime : 2004-10-28 07:17:06

BasePriority : Normal

FileVersion : 1.1.3.0

ProductVersion : 1.0.0.0

ProductName : Creative Volume Control

CompanyName : Creative Technology Ltd

FileDescription : CTSysVol.exe

LegalCopyright : Copyright © Creative Technology Ltd., 2002. All rights reserved.

OriginalFilename : CTSysVol.exe

 

#:21 [ctdvddet.exe]

FilePath : C:\Program\Creative\SBAudigy2\DVDAudio ProcessID : 1276

ThreadCreationTime : 2004-10-28 07:17:06

BasePriority : Normal

FileVersion : 1.0.2.0

ProductVersion : 1.0.2.0

ProductName : CTDVDDET

CompanyName : Creative Technology Ltd

FileDescription : CTDVDDET

InternalName : CTDVDDET

LegalCopyright : Copyright © Creative Technology Ltd., 2002. All rights reserved.

OriginalFilename : CTDVDDET.EXE

 

#:22 [cthelper.exe]

FilePath : C:\WINDOWS\System32 ProcessID : 1288

ThreadCreationTime : 2004-10-28 07:17:06

BasePriority : Normal

FileVersion : 1, 0, 0, 11

ProductVersion : 1, 0, 0, 11

ProductName : CtHelper Application

CompanyName : Creative Technology Ltd

FileDescription : CtHelper MFC Application

InternalName : CtHelper

LegalCopyright : Copyright © 2002

OriginalFilename : CtHelper.EXE

 

#:23 [tfswctrl.exe]

FilePath : C:\WINDOWS\system32\dla ProcessID : 1728

ThreadCreationTime : 2004-10-28 07:17:07

BasePriority : Normal

FileVersion : 1.04.05b

CompanyName : Sonic Solutions

FileDescription : Drive Letter Access Component

LegalCopyright : Copyright © 2003 Sonic Solutions

 

#:24 [ccapp.exe]

FilePath : C:\Program\Delade filer\Symantec Shared ProcessID : 1948

ThreadCreationTime : 2004-10-28 07:17:07

BasePriority : Normal

FileVersion : 2.0.0.635

ProductVersion : 2.0.0.635

ProductName : Common Client

CompanyName : Symantec Corporation

FileDescription : Symantec Common Client User Session

InternalName : ccApp

LegalCopyright : Copyright © 2000-2003 Symantec Corporation. All rights reserved.

OriginalFilename : ccApp.exe

 

#:25 [bcmsmmsg.exe]

FilePath : C:\WINDOWS ProcessID : 1672

ThreadCreationTime : 2004-10-28 07:17:07

BasePriority : Normal

FileVersion : 3.5.24 02/24/2003 18:29:41

ProductVersion : 3.5.24 02/24/2003 18:29:41

ProductName : BCM Modem Messaging Applet

CompanyName : Broadcom Corporation

FileDescription : Modem Messaging Applet

InternalName : smdmstat.exe

LegalCopyright : Copyright © Broadcom Corporation 1998-2000

OriginalFilename : smdmstat.exe

 

#:26 [e_s10ic2.exe]

FilePath : C:\WINDOWS\System32\spool\DRIVERS\W32X86\3 ProcessID : 464

ThreadCreationTime : 2004-10-28 07:17:08

BasePriority : Normal

FileVersion : 3.06

ProductVersion : 3.06

ProductName : EPSON Status Monitor 3

CompanyName : SEIKO EPSON CORPORATION

FileDescription : EPSON Status Monitor 3

InternalName : E_S10IC2

LegalCopyright : Copyright © SEIKO EPSON CORP. 2002

OriginalFilename : E_S10IC2.EXE

 

#:27 [jusched.exe]

FilePath : C:\Program\Java\j2re1.4.2_03\bin ProcessID : 1492

ThreadCreationTime : 2004-10-28 07:17:08

BasePriority : Normal

 

 

#:28 [realsched.exe]

FilePath : C:\Program\Delade filer\Real\Update_OB ProcessID : 1164

ThreadCreationTime : 2004-10-28 07:17:08

BasePriority : Normal

FileVersion : 0.1.0.1622

ProductVersion : 0.1.0.1622

ProductName : RealOne Player (32-bit)

CompanyName : RealNetworks, Inc.

FileDescription : RealNetworks Scheduler

InternalName : schedapp

LegalCopyright : Copyright © RealNetworks, Inc. 1995-2002

LegalTrademarks : RealAudio is a trademark of RealNetworks, Inc.

OriginalFilename : realsched.exe

 

#:29 [qttask.exe]

FilePath : C:\Program\QuickTime ProcessID : 1928

ThreadCreationTime : 2004-10-28 07:17:08

BasePriority : Normal

FileVersion : 6.5.1

ProductVersion : QuickTime 6.5.1

ProductName : QuickTime

CompanyName : Apple Computer, Inc.

InternalName : QuickTime Task

LegalCopyright : © Apple Computer, Inc. 2001-2004

OriginalFilename : QTTask.exe

 

#:30 [winampa.exe]

FilePath : C:\Program\Winamp3 ProcessID : 1700

ThreadCreationTime : 2004-10-28 07:17:08

BasePriority : Normal

 

 

#:31 [tgcmd.exe]

FilePath : C:\Program\Telia\Supportassistent\bin ProcessID : 1196

ThreadCreationTime : 2004-10-28 07:17:08

BasePriority : Normal

FileVersion : 5,6,875,0

ProductVersion : 5,6,875,0

ProductName : Telia Supportassistent - Support.com Scheduler and Command Dispatcher

CompanyName : TeliaSonera, AB - SupportSoft, Inc.

FileDescription : Telia Supportassistent - Support.com Scheduler and Command Dispatcher

InternalName : TGCMD

LegalCopyright : Copyright 1997-2069 SupportSoft

OriginalFilename : TGCMD.EXE

Comments : Telia Supportassistent

 

#:32 [ekort.exe]

FilePath : C:\Program\ekort ProcessID : 1784

ThreadCreationTime : 2004-10-28 07:17:09

BasePriority : Normal

FileVersion : 2, 4, 0, 1, 81

ProductVersion : 2, 4, 0, 1, 81

ProductName : Swedbank e-kort

CompanyName : Orbiscom Ltd. All rights reserved.

FileDescription : Swedbank e-kort

InternalName : WEBOCARD

LegalCopyright : Copyright © 1999-2002, Orbiscom Ltd.

All rights reserved.

OriginalFilename : WebOCard.EXE

 

#:33 [cashback.exe]

FilePath : C:\Program\CashBack\bin ProcessID : 2092

ThreadCreationTime : 2004-10-28 07:17:09

BasePriority : Normal

FileVersion : 1, 0, 0, 3

ProductVersion : 1, 0, 0, 3

ProductName : CashBack Module

CompanyName : eXact Advertising

FileDescription : CashBack Module

InternalName : CashBack

LegalCopyright : Copyright © 2003, 2004. eXact Advertising, LLC. All Rights Reserved.

OriginalFilename : cashback.exe

 

BargainBuddy Object Recognized!

Type : Process

Data : cashback.exe

Category : Malware

Comment :

Object : C:\Program\CashBack\bin FileVersion : 1, 0, 0, 3

ProductVersion : 1, 0, 0, 3

ProductName : CashBack Module

CompanyName : eXact Advertising

FileDescription : CashBack Module

InternalName : CashBack

LegalCopyright : Copyright © 2003, 2004. eXact Advertising, LLC. All Rights Reserved.

OriginalFilename : cashback.exe

 

Warning! BargainBuddy Object found in memory(C:\Program\CashBack\bin\cashback.exe)

 

"C:\Program\CashBack\bin\cashback.exe"Process terminated successfully

 

#:34 [nls.exe]

FilePath : C:\Program\NaviSearch\bin ProcessID : 2116

ThreadCreationTime : 2004-10-28 07:17:09

BasePriority : Normal

FileVersion : 1, 0, 0, 4

ProductVersion : 1, 0, 0, 4

ProductName : NAVISearch Module

CompanyName : eXact Advertising

FileDescription : NLS Module

InternalName : NLS

LegalCopyright : Copyright © 2003, 2004. eXact Advertising, LLC. All Rights Reserved.

OriginalFilename : nls.exe

 

#:35 [bargains.exe]

FilePath : C:\Program\BullsEye Network\bin ProcessID : 2208

ThreadCreationTime : 2004-10-28 07:17:09

BasePriority : Normal

FileVersion : 2, 0, 0, 1

ProductVersion : 2, 0, 0, 1

ProductName : BargainsBuddy ADP Module

CompanyName : eXact Advertising

FileDescription : bargains

InternalName : ADP

LegalCopyright : Copyright © 2003, 2004. eXact Advertising, LLC. All Rights Reserved.

OriginalFilename : bargains.exe

 

#:36 [ctfmon.exe]

FilePath : C:\WINDOWS\System32 ProcessID : 2216

ThreadCreationTime : 2004-10-28 07:17:09

BasePriority : Normal

FileVersion : 5.1.2600.1106 (xpsp1.020828-1920)

ProductVersion : 5.1.2600.1106

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : CTF Loader

InternalName : CTFMON

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : CTFMON.EXE

 

#:37 [mslagent.exe]

FilePath : C:\WINDOWS\mslagent ProcessID : 2244

ThreadCreationTime : 2004-10-28 07:17:10

BasePriority : Normal

FileVersion : 1, 0, 2, 8

ProductVersion : 1, 0, 2, 8

ProductName : mslagent

FileDescription : mslagent

InternalName : mslagent

LegalCopyright : Copyright © 2002

OriginalFilename : mslagent.exe

 

#:38 [msnmsgr.exe]

FilePath : C:\Program\MSN Messenger ProcessID : 2264

ThreadCreationTime : 2004-10-28 07:17:11

BasePriority : Normal

FileVersion : 6.2.0137

ProductVersion : Version 6.2

ProductName : MSN Messenger

CompanyName : Microsoft Corporation

FileDescription : MSN Messenger

InternalName : msnmsgr

LegalCopyright : Copyright © Microsoft Corporation 1997-2004

LegalTrademarks : Microsoft® is a registered trademark of Microsoft Corporation in the U.S. and/or other countries.

OriginalFilename : msnmsgr.exe

 

#:39 [exactupdate00136.exe]

FilePath : c:\program\exact ProcessID : 2364

ThreadCreationTime : 2004-10-28 07:17:12

BasePriority : Normal

FileVersion : 0, 0, 6, 0

ProductVersion : 0, 0, 6, 0

ProductName : ExactUpdate

CompanyName : Pattern Discovery Software Systems Ltd.

FileDescription : ExactUpdate

InternalName : ExactUpdate

LegalCopyright : Copyright © 2002 Pattern Discovery Software

OriginalFilename : exactUpdate.exe

Comments : Contains Free License for UniquE RAR File Library © 2000-2002 by Christian Scheurer (www.ChristianScheurer.ch)

 

#:40 [wuauclt.exe]

FilePath : C:\WINDOWS\System32 ProcessID : 1056

ThreadCreationTime : 2004-10-28 07:18:00

BasePriority : Normal

FileVersion : 5.4.3790.2182 built by: srv03_rtm(ntvbl04)

ProductVersion : 5.4.3790.2182

ProductName : Operativsystemet Microsoft® Windows®

CompanyName : Microsoft Corporation

FileDescription : Automatiska uppdateringar

InternalName : wuauclt.exe

LegalCopyright : © Microsoft Corporation. Med ensamrätt.

OriginalFilename : wuauclt.exe

 

#:41 [msimn.exe]

FilePath : C:\Program\Outlook Express ProcessID : 1976

ThreadCreationTime : 2004-10-28 07:51:59

BasePriority : Normal

FileVersion : 6.00.2800.1123

ProductVersion : 6.00.2800.1123

ProductName : Operativsystemet Microsoft® Windows®

CompanyName : Microsoft Corporation

FileDescription : Outlook Express

InternalName : MSIMN

LegalCopyright : © Microsoft Corporation. Med ensamrätt.

OriginalFilename : MSIMN.EXE

 

#:42 [iexplore.exe]

FilePath : C:\Program\Internet Explorer ProcessID : 2300

ThreadCreationTime : 2004-10-28 08:53:57

BasePriority : Normal

FileVersion : 6.00.2800.1106 (xpsp1.020828-1920)

ProductVersion : 6.00.2800.1106

ProductName : Operativsystemet Microsoft® Windows®

CompanyName : Microsoft Corporation

FileDescription : Internet Explorer

InternalName : iexplore

LegalCopyright : © Microsoft Corporation. Med ensamrätt.

OriginalFilename : IEXPLORE.EXE

 

iWon Object Recognized!

Type : Process

Data : MYBAR.DLL

Category : Data Miner

Comment :

Object : C:\Program\MyWay\myBar\1.bin FileVersion : 1, 1, 1, 6

ProductVersion : 1, 1, 1, 6

ProductName : My Way Speedbar for Internet Explorer and Netscape

CompanyName : My Way

FileDescription : My Way Speedbar

InternalName : myBar

LegalCopyright : Copyright © 2002, 2003

OriginalFilename : myBar.DLL

 

Warning! iWon Object found in memory(C:\Program\MyWay\myBar\1.bin\MYBAR.DLL)

 

 

BargainBuddy Object Recognized!

Type : Process

Data : nvms.dll

Category : Malware

Comment :

Object : C:\WINDOWS\System32 FileVersion : 2, 0, 0, 18

ProductVersion : 2, 0, 0, 18

ProductName : nls.dll Module

CompanyName : eXact Advertising

FileDescription : nls.dll Module

InternalName : nls.dll

LegalCopyright : Copyright © 2003, 2004. eXact Advertising, LLC. All Rights Reserved.

OriginalFilename : nls.dll

 

Warning! BargainBuddy Object found in memory(C:\WINDOWS\System32\nvms.dll)

 

 

BargainBuddy Object Recognized!

Type : Process

Data : mscb.dll

Category : Malware

Comment :

Object : C:\WINDOWS\System32 FileVersion : 2, 0, 0, 16

ProductVersion : 2, 0, 0, 16

ProductName : cbdll Module

CompanyName : eXact Advertising

FileDescription : cb.dll Module

InternalName : cb.dll

LegalCopyright : Copyright © 2003, 2004. eXact Advertising, LLC. All Rights Reserved.

OriginalFilename : cb.dll

 

Warning! BargainBuddy Object found in memory(C:\WINDOWS\System32\mscb.dll)

 

 

BargainBuddy Object Recognized!

Type : Process

Data : msbe.dll

Category : Malware

Comment :

Object : C:\WINDOWS\System32 FileVersion : 2, 0, 0, 16

ProductVersion : 2, 0, 0, 16

ProductName : apuc Module

CompanyName : eXact Advertising

FileDescription : apuc Module

InternalName : apuc

LegalCopyright : Copyright © 2003, 2004. eXact Advertising, LLC. All Rights Reserved.

OriginalFilename : apuc.DLL

 

Warning! BargainBuddy Object found in memory(C:\WINDOWS\System32\msbe.dll)

 

 

#:43 [msmsgs.exe]

FilePath : C:\Program\Messenger ProcessID : 852

ThreadCreationTime : 2004-10-28 08:57:15

BasePriority : Normal

FileVersion : 4.7.2009

ProductVersion : Version 4.7

ProductName : Messenger

CompanyName : Microsoft Corporation

FileDescription : Messenger

InternalName : msmsgs

LegalCopyright : Copyright © Microsoft Corporation 1997-2003

LegalTrademarks : Microsoft® is a registered trademark of Microsoft Corporation in the U.S. and/or other countries.

OriginalFilename : msmsgs.exe

 

#:44 [ad-aware.exe]

FilePath : C:\Program\Lavasoft\Ad-Aware SE Personal ProcessID : 3664

ThreadCreationTime : 2004-10-28 08:58:24

BasePriority : Normal

FileVersion : 6.2.0.162

ProductVersion : VI.Second Edition

ProductName : Lavasoft Ad-Aware SE

CompanyName : Lavasoft Sweden

FileDescription : Ad-Aware SE Core application

InternalName : Ad-Aware.exe

LegalCopyright : Copyright © Lavasoft Sweden

OriginalFilename : Ad-Aware.exe

Comments : All Rights Reserved

 

Memory scan result:

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

New critical objects: 1

Objects found so far: 5

 

 

Started registry scan

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

 

AltnetBDE Object Recognized!

Type : Regkey

Data :

Category : Data Miner

Comment :

Rootkey : HKEY_LOCAL_MACHINE

Object : software\classes\adm4.adm4

 

AltnetBDE Object Recognized!

Type : Regkey

Data :

Category : Data Miner

Comment :

Rootkey : HKEY_LOCAL_MACHINE

Object : software\classes\adm25.adm25

 

AltnetBDE Object Recognized!

Type : Regkey

Data :

Category : Data Miner

Comment :

Rootkey : HKEY_LOCAL_MACHINE

Object : software\classes\adm4.adm4.1

 

AltnetBDE Object Recognized!

Type : Regkey

Data :

Category : Data Miner

Comment :

Rootkey : HKEY_LOCAL_MACHINE

Object : software\classes\adm25.adm25.1

 

AltnetBDE Object Recognized!

Type : Regkey

Data :

Category : Data Miner

Comment :

Rootkey : HKEY_LOCAL_MACHINE

Object : software\classes\appid\adm.exe

 

AltnetBDE Object Recognized!

Type : Regkey

Data :

Category : Data Miner

Comment :

Rootkey : HKEY_LOCAL_MACHINE

Object : software\classes\appid\altnet signing module.exe

 

BargainBuddy Object Recognized!

Type : Regkey

Data :

Category : Data Miner

Comment :

Rootkey : HKEY_CLASSES_ROOT

Object : typelib\{4eb7bbe8-2e15-424b-9ddb-2cdb9516c2e3}

 

BargainBuddy Object Recognized!

Type : Regkey

Data :

Category : Data Miner

Comment :

Rootkey : HKEY_CLASSES_ROOT

Object : interface\{8eee58d5-130e-4cbd-9c83-35a0564e1357}

 

BargainBuddy Object Recognized!

Type : Regkey

Data :

Category : Data Miner

Comment :

Rootkey : HKEY_CLASSES_ROOT

Object : interface\{c6906a23-4717-4e1f-b6fd-f06ebed11357}

 

BargainBuddy Object Recognized!

Type : Regkey

Data :

Category : Malware

Comment :

Rootkey : HKEY_CLASSES_ROOT

Object : typelib\{4eb7bbe8-2e15-424b-9ddb-2cdb9516e2a3}

 

BargainBuddy Object Recognized!

Type : Regkey

Data :

Category : Malware

Comment :

Rootkey : HKEY_CLASSES_ROOT

Object : typelib\{4eb7bbe8-2e15-424b-9ddb-2cdb9516b2c3}\1.0\helpdir

 

BargainBuddy Object Recognized!

Type : Regkey

Data :

Category : Malware

Comment :

Rootkey : HKEY_CLASSES_ROOT

Object : typelib\{4eb7bbe8-2e15-424b-9ddb-2cdb9516b2c3}\1.0\flags

 

BargainBuddy Object Recognized!

Type : Regkey

Data :

Category : Malware

Comment :

Rootkey : HKEY_CLASSES_ROOT

Object : typelib\{4eb7bbe8-2e15-424b-9ddb-2cdb9516b2c3}\1.0\0

 

BargainBuddy Object Recognized!

Type : Regkey

Data :

Category : Malware

Comment :

Rootkey : HKEY_CLASSES_ROOT

Object : typelib\{4eb7bbe8-2e15-424b-9ddb-2cdb9516b2c3}\1.0

 

BargainBuddy Object Recognized!

Type : Regkey

Data :

Category : Malware

Comment :

Rootkey : HKEY_CLASSES_ROOT

Object : typelib\{4eb7bbe8-2e15-424b-9ddb-2cdb9516b2c3}

 

BargainBuddy Object Recognized!

Type : Regkey

Data :

Category : Malware

Comment :

Rootkey : HKEY_CLASSES_ROOT

Object : typelib\{4eb7bbe8-2e15-424b-9ddb-2cdb9516a2a3}

 

BargainBuddy Object Recognized!

Type : Regkey

Data :

Category : Malware

Comment :

Rootkey : HKEY_CLASSES_ROOT

Object : nls.urlcatcher.1

 

BargainBuddy Object Recognized!

Type : Regkey

Data :

Category : Malware

Comment :

Rootkey : HKEY_CLASSES_ROOT

Object : nls.urlcatcher

 

BargainBuddy Object Recognized!

Type : Regkey

Data :

Category : Malware

Comment :

Rootkey : HKEY_CLASSES_ROOT

Object : interface\{c6906a23-4717-4e1f-b6fd-f06ebed15678}

 

BargainBuddy Object Recognized!

Type : Regkey

Data :

Category : Malware

Comment :

Rootkey : HKEY_CLASSES_ROOT

Object : interface\{c6906a23-4717-4e1f-b6fd-f06ebed14177}

 

BargainBuddy Object Recognized!

Type : Regkey

Data :

Category : Malware

Comment :

Rootkey : HKEY_CLASSES_ROOT

Object : interface\{c6906a23-4717-4e1f-b6fd-f06ebed12468}

 

BargainBuddy Object Recognized!

Type : Regkey

Data :

Category : Malware

Comment :

Rootkey : HKEY_CLASSES_ROOT

Object : interface\{8eee58d5-130e-4cbd-9c83-35a0564e5678}

 

BargainBuddy Object Recognized!

Type : Regkey

Data :

Category : Malware

Comment :

Rootkey : HKEY_CLASSES_ROOT

Object : interface\{8eee58d5-130e-4cbd-9c83-35a0564e2468}

 

BargainBuddy Object Recognized!

Type : Regkey

Data :

Category : Malware

Comment :

Rootkey : HKEY_CLASSES_ROOT

Object : clsid\{f4e04583-354e-4076-be7d-ed6a80fd66da}

 

BargainBuddy Object Recognized!

Type : Regkey

Data :

Category : Malware

Comment :

Rootkey : HKEY_CLASSES_ROOT

Object : clsid\{ce31a1f7-3d90-4874-8fbe-a5d97f8bc8f1}

 

BargainBuddy Object Recognized!

Type : Regkey

Data :

Category : Malware

Comment :

Rootkey : HKEY_CLASSES_ROOT

Object : clsid\{ce188402-6ee7-4022-8868-ab25173a3e14}

 

BargainBuddy Object Recognized!

Type : Regkey

Data :

Category : Malware

Comment :

Rootkey : HKEY_CLASSES_ROOT

Object : clsid\{aeecbfda-12fa-4881-bdce-8c3e1ce4b344}

 

BargainBuddy Object Recognized!

Type : Regkey

Data :

Category : Malware

Comment :

Rootkey : HKEY_CLASSES_ROOT

Object : cb.urlcatcher.1

 

BargainBuddy Object Recognized!

Type : Regkey

Data :

Category : Malware

Comment :

Rootkey : HKEY_CLASSES_ROOT

Object : cb.urlcatcher

 

BargainBuddy Object Recognized!

Type : Regkey

Data :

Category : Malware

Comment :

Rootkey : HKEY_CLASSES_ROOT

Object : apuc.urlcatcher.1

 

BargainBuddy Object Recognized!

Type : Regkey

Data :

Category : Malware

Comment :

Rootkey : HKEY_CLASSES_ROOT

Object : apuc.urlcatcher

 

BargainBuddy Object Recognized!

Type : Regkey

Data :

Category : Malware

Comment :

Rootkey : HKEY_CLASSES_ROOT

Object : adp.urlcatcher.1

 

BargainBuddy Object Recognized!

Type : Regkey

Data :

Category : Malware

Comment :

Rootkey : HKEY_CLASSES_ROOT

Object : adp.urlcatcher

 

BargainBuddy Object Recognized!

Type : Regkey

Data :

Category : Malware

Comment :

Rootkey : HKEY_LOCAL_MACHINE

Object : software\navisearch

 

BargainBuddy Object Recognized!

Type : Regkey

Data :

Category : Malware

Comment :

Rootkey : HKEY_LOCAL_MACHINE

Object : software\microsoft\windows\currentversion\explorer\browser helper objects\{f4e04583-354e-4076-be7d-ed6a80fd66da}

 

BargainBuddy Object Recognized!

Type : Regkey

Data :

Category : Malware

Comment :

Rootkey : HKEY_LOCAL_MACHINE

Object : software\microsoft\windows\currentversion\explorer\browser helper objects\{ce31a1f7-3d90-4874-8fbe-a5d97f8bc8f1}

 

BargainBuddy Object Recognized!

Type : Regkey

Data :

Category : Malware

Comment :

Rootkey : HKEY_LOCAL_MACHINE

Object : software\microsoft\windows\currentversion\explorer\browser helper objects\{ce188402-6ee7-4022-8868-ab25173a3e14}

 

BargainBuddy Object Recognized!

Type : Regkey

Data :

Category : Malware

Comment :

Rootkey : HKEY_LOCAL_MACHINE

Object : software\microsoft\windows\currentversion\explorer\browser helper objects\{aeecbfda-12fa-4881-bdce-8c3e1ce4b344}

 

BargainBuddy Object Recognized!

Type : Regkey

Data :

Category : Malware

Comment :

Rootkey : HKEY_LOCAL_MACHINE

Object : software\cashback

 

BargainBuddy Object Recognized!

Type : Regkey

Data :

Category : Malware

Comment :

Rootkey : HKEY_LOCAL_MACHINE

Object : software\bargains

 

Claria Object Recognized!

Type : Regkey

Data :

Category : Data Miner

Comment :

Rootkey : HKEY_CLASSES_ROOT

Object : clsid\{21ffb6c0-0da1-11d5-a9d5-00500413153c}

 

Claria Object Recognized!

Type : Regkey

Data :

Category : Data Miner

Comment :

Rootkey : HKEY_LOCAL_MACHINE

Object : software\gator.com

 

DialPass Object Recognized!

Type : Regkey

Data :

Category : Malware

Comment :

Rootkey : HKEY_CLASSES_ROOT

Object : egauth.egegauth.1

 

DialPass Object Recognized!

Type : Regkey

Data :

Category : Malware

Comment :

Rootkey : HKEY_CLASSES_ROOT

Object : egauth.egegauth

 

DialPass Object Recognized!

Type : Regkey

Data :

Category : Malware

Comment :

Rootkey : HKEY_CLASSES_ROOT

Object : clsid\{0594af7e-573b-40df-8165-e47ab2eaefe8}

 

DialPass Object Recognized!

Type : Regkey

Data :

Category : Malware

Comment :

Rootkey : HKEY_CLASSES_ROOT

Object : typelib\{0e594d22-ace6-43a2-bcda-bb7c65d3fe8c}

 

eUniverse Object Recognized!

Type : Regkey

Data :

Category : Data Miner

Comment :

Rootkey : HKEY_CLASSES_ROOT

Object : bho.perfectnavbho

 

eUniverse Object Recognized!

Type : Regkey

Data :

Category : Data Miner

Comment :

Rootkey : HKEY_CLASSES_ROOT

Object : bho.perfectnavbho.1

 

eUniverse Object Recognized!

Type : Regkey

Data :

Category : Data Miner

Comment :

Rootkey : HKEY_CLASSES_ROOT

Object : interface\{8b8f6968-2f24-41e3-b653-e9613226f14d}

 

eUniverse Object Recognized!

Type : Regkey

Data :

Category : Data Miner

Comment :

Rootkey : HKEY_CLASSES_ROOT

Object : typelib\{de289bfa-737b-4abb-a4ec-f8753551b875}

 

eUniverse Object Recognized!

Type : Regkey

Data :

Category : Data Miner

Comment :

Rootkey : HKEY_LOCAL_MACHINE

Object : software\microsoft\windows\currentversion\explorer\browser helper objects\{00d6a7e7-4a97-456f-848a-3b75bf7554d7}

 

eUniverse Object Recognized!

Type : Regkey

Data :

Category : Data Miner

Comment :

Rootkey : HKEY_LOCAL_MACHINE

Object : software\searchupgrader

 

ExactSearchBar Object Recognized!

Type : Regkey

Data :

Category : Data Miner

Comment :

Rootkey : HKEY_CLASSES_ROOT

Object : clsid\{224530a0-c9cb-4aee-9c0f-54ac1b533211}

 

ExactSearchBar Object Recognized!

Type : Regkey

Data :

Category : Data Miner

Comment :

Rootkey : HKEY_CLASSES_ROOT

Object : clsid\{f9765480-72d1-11d4-a75a-004f49045a87}

 

ExactSearchBar Object Recognized!

Type : Regkey

Data :

Category : Data Miner

Comment :

Rootkey : HKEY_USERS

Object : S-1-5-21-1390067357-1532298954-839522115-1004\software\exact

 

ExactSearchBar Object Recognized!

Type : Regkey

Data :

Category : Data Miner

Comment :

Rootkey : HKEY_LOCAL_MACHINE

Object : software\exact

 

ExactSearchBar Object Recognized!

Type : Regkey

Data :

Category : Data Miner

Comment :

Rootkey : HKEY_LOCAL_MACHINE

Object : software\microsoft\windows\currentversion\explorer\browser helper objects\{f9765480-72d1-11d4-a75a-004f49045a87}

 

ExactSearchBar Object Recognized!

Type : Regkey

Data :

Category : Data Miner

Comment :

Rootkey : HKEY_LOCAL_MACHINE

Object : software\microsoft\windows\currentversion\uninstall\exact search bar

 

iWon Object Recognized!

Type : Regkey

Data :

Category : Data Miner

Comment : SmileyCentralPFSetup2.0.0.0

Rootkey : HKEY_CLASSES_ROOT

Object : clsid\{07b18ea1-a523-4961-b6bb-170de4475cca}

 

iWon Object Recognized!

Type : Regkey

Data :

Category : Data Miner

Comment : SmileyCentralPFSetup2.0.0.0

Rootkey : HKEY_CLASSES_ROOT

Object : clsid\{07b18eab-a523-4961-b6bb-170de4475cca}

 

iWon Object Recognized!

Type : Regkey

Data :

Category : Data Miner

Comment : SmileyCentralPFSetup2.0.0.0

Rootkey : HKEY_CLASSES_ROOT

Object : clsid\{7473d292-b7bb-4f24-ae82-7e2ce94bb6a9}

 

iWon Object Recognized!

Type : Regkey

Data :

Category : Data Miner

Comment : SmileyCentralPFSetup2.0.0.0

Rootkey : HKEY_CLASSES_ROOT

Object : mywebsearch.outlookaddin

 

iWon Object Recognized!

Type : Regkey

Data :

Category : Data Miner

Comment : SmileyCentralPFSetup2.0.0.0

Rootkey : HKEY_CLASSES_ROOT

Object : mywebsearch.outlookaddin.1

 

iWon Object Recognized!

Type : Regkey

Data :

Category : Data Miner

Comment : SmileyCentralPFSetup2.0.0.0

Rootkey : HKEY_CLASSES_ROOT

Object : mywebsearchtoolbar.settingsplugin

 

iWon Object Recognized!

Type : Regkey

Data :

Category : Data Miner

Comment : SmileyCentralPFSetup2.0.0.0

Rootkey : HKEY_CLASSES_ROOT

Object : mywebsearchtoolbar.settingsplugin.1

 

iWon Object Recognized!

Type : Regkey

Data :

Category : Data Miner

Comment : SmileyCentralPFSetup2.0.0.0

Rootkey : HKEY_CLASSES_ROOT

Object : typelib\{07b18ea0-a523-4961-b6bb-170de4475cca}

 

iWon Object Recognized!

Type : Regkey

Data :

Category : Data Miner

Comment : SmileyCentralPFSetup2.0.0.0

Rootkey : HKEY_CLASSES_ROOT

Object : typelib\{7473d290-b7bb-4f24-ae82-7e2ce94bb6a9}

 

iWon Object Recognized!

Type : Regkey

Data :

Category : Data Miner

Comment : SmileyCentralPFSetup2.0.0.0

Rootkey : HKEY_CLASSES_ROOT

Object : typelib\{adb01e80-3c79-4272-a0f1-7b2be7a782dc}

 

iWon Object Recognized!

Type : Regkey

Data :

Category : Data Miner

Comment : SmileyCentralPFSetup2.0.0.0

Rootkey : HKEY_CLASSES_ROOT

Object : clsid\{00a6faf1-072e-44cf-8957-5838f569a31d}

 

iWon Object Recognized!

Type : Regkey

Data :

Category : Data Miner

Comment :

Rootkey : HKEY_CLASSES_ROOT

Object : clsid\{07b18ea3-a523-4961-b6bb-170de4475cca}

 

iWon Object Recognized!

Type : Regkey

Data :

Category : Data Miner

Comment :

Rootkey : HKEY_CLASSES_ROOT

Object : interface\{07b18eac-a523-4961-b6bb-170de4475cca}

 

iWon Object Recognized!

Type : Regkey

Data :

Category : Data Miner

Comment :

Rootkey : HKEY_CLASSES_ROOT

Object : interface\{63d0ed2b-b45b-4458-8b3b-60c69bbbd83c}

 

iWon Object Recognized!

Type : Regkey

Data :

Category : Data Miner

Comment :

Rootkey : HKEY_CLASSES_ROOT

Object : funwebproducts.popswatterbarbutton

 

iWon Object Recognized!

Type : Regkey

Data :

Category : Data Miner

Comment :

Rootkey : HKEY_CLASSES_ROOT

Object : funwebproducts.popswattersettingscontrol.1

 

iWon Object Recognized!

Type : Regkey

Data :

Category : Data Miner

Comment :

Rootkey : HKEY_CLASSES_ROOT

Object : funwebproducts.popswattersettingscontrol

 

iWon Object Recognized!

Type : Regkey

Data :

Category : Data Miner

Comment :

Rootkey : HKEY_CLASSES_ROOT

Object : clsid\{98d9753d-d73b-42d5-8c85-4469cda897ab}

 

iWon Object Recognized!

Type : Regkey

Data :

Category : Data Miner

Comment :

Rootkey : HKEY_CLASSES_ROOT

Object : funwebproducts.htmlmenu.2

 

iWon Object Recognized!

Type : Regkey

Data :

Category : Data Miner

Comment :

Rootkey : HKEY_CLASSES_ROOT

Object : typelib\{8e6f1830-9607-4440-8530-13be7c4b1d14}

 

iWon Object Recognized!

Type : Regkey

Data :

Category : Data Miner

Comment :

Rootkey : HKEY_CLASSES_ROOT

Object : clsid\{63d0ed2c-b45b-4458-8b3b-60c69bbbd83c}

 

iWon Object Recognized!

Type : Regkey

Data :

Category : Data Miner

Comment :

Rootkey : HKEY_CLASSES_ROOT

Object : clsid\{a9571378-68a1-443d-b082-284f960c6d17}

 

iWon Object Recognized!

Type : Regkey

Data :

Category : Data Miner

Comment :

Rootkey : HKEY_CLASSES_ROOT

Object : typelib\{f42228fb-e84e-479e-b922-fbbd096e792c}

 

iWon Object Recognized!

Type : Regkey

Data :

Category : Data Miner

Comment :

Rootkey : HKEY_CLASSES_ROOT

Object : typelib\{e47caee0-deea-464a-9326-3f2801535a4d}

 

iWon Object Recognized!

Type : Regkey

Data :

Category : Data Miner

Comment :

Rootkey : HKEY_CLASSES_ROOT

Object : clsid\{8e6f1832-9607-4440-8530-13be7c4b1d14}

 

iWon Object Recognized!

Type : Regkey

Data :

Category : Data Miner

Comment :

Rootkey : HKEY_CLASSES_ROOT

Object : clsid\{147a976e-eee1-4377-8ea7-4716e4cdd239}

 

iWon Object Recognized!

Type : Regkey

Data :

Category : Data Miner

Comment :

Rootkey : HKEY_CLASSES_ROOT

Object : clsid\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8}

 

iWon Object Recognized!

Type : Regkey

Data :

Category : Data Miner

Comment :

Rootkey : HKEY_CLASSES_ROOT

Object : interface\{63d0ed2d-b45b-4458-8b3b-60c69bbbd83c}

 

iWon Object Recognized!

Type : Regkey

Data :

Category : Data Miner

Comment :

Rootkey : HKEY_CLASSES_ROOT

Object : interface\{6e74766c-4d93-4cc0-96d1-47b8e07ff9ca}

 

iWon Object Recognized!

Type : Regkey

Data :

Category : Data Miner

Comment :

Rootkey : HKEY_CLASSES_ROOT

Object : funwebproducts.htmlmenu

 

iWon Object Recognized!

Type : Regkey

Data :

Category : Data Miner

Comment :

Rootkey : HKEY_CLASSES_ROOT

Object : clsid\{9afb8248-617f-460d-9366-d71cdeda3179}

 

iWon Object Recognized!

Type : Regkey

Data :

Category : Data Miner

Comment :

Rootkey : HKEY_CLASSES_ROOT

Object : interface\{de38c398-b328-4f4c-a3ad-1b5e4ed93477}

 

iWon Object Recognized!

Type : Regkey

Data :

Category : Data Miner

Comment :

Rootkey : HKEY_CLASSES_ROOT

Object : funwebproducts.htmlmenu.1

 

iWon Object Recognized!

Type : Regkey

Data :

Category : Data Miner

Comment :

Rootkey : HKEY_CLASSES_ROOT

Object : funwebproducts.popswatterbarbutton.1

 

iWon Object Recognized!

Type : Regkey

Data :

Category : Data Miner

Comment :

Rootkey : HKEY_CLASSES_ROOT

Object : typelib\{00a6faf0-072e-44cf-8957-5838f569a31d}

 

iWon Object Recognized!

Type : Regkey

Data :

Category : Data Miner

Comment :

Rootkey : HKEY_CLASSES_ROOT

Object : interface\{07b18eaa-a523-4961-b6bb-170de4475cca}

 

iWon Object Recognized!

Type : Regkey

Data :

Category : Data Miner

Comment :

Rootkey : HKEY_CLASSES_ROOT

Object : interface\{7473d291-b7bb-4f24-ae82-7e2ce94bb6a9}

 

iWon Object Recognized!

Type : Regkey

Data :

Category : Data Miner

Comment :

Rootkey : HKEY_CLASSES_ROOT

Object : clsid\{1e0de227-5ce4-4ea3-ab0c-8b03e1aa76bc}

 

iWon Object Recognized!

Type : Regkey

Data :

Category : Data Miner

Comment :

Rootkey : HKEY_CLASSES_ROOT

Object : clsid\{adb01e81-3c79-4272-a0f1-7b2be7a782dc}

 

iWon Object Recognized!

Type : Regkey

Data :

Category : Data Miner

Comment :

Rootkey : HKEY_CLASSES_ROOT

Object : interface\{3e1656ed-f60e-4597-b6aa-b6a58e171495}

 

iWon Object Recognized!

Type : Regkey

Data :

Category : Data Miner

Comment :

Rootkey : HKEY_CLASSES_ROOT

Object : interface\{741de825-a6f0-4497-9aa6-8023cf9b0fff}

 

iWon Object Recognized!

Type : Regkey

Data :

Category : Data Miner

Comment : SmileyCentralPFSetup2.0.2.1

Rootkey : HKEY_CLASSES_ROOT

Object : clsid\{938aa51a-996c-4884-98ce-80dd16a5c9da}

 

iWon Object Recognized!

Type : Regkey

Data :

Category : Data Miner

Comment : SmileyCentralPFSetup2.0.2.1

Rootkey : HKEY_CLASSES_ROOT

Object : clsid\{9ff05104-b030-46fc-94b8-81276e4e27df}

 

iWon Object Recognized!

Type : Regkey

Data :

Category : Data Miner

Comment : SmileyCentralPFSetup2.0.2.1

Rootkey : HKEY_CLASSES_ROOT

Object : screensavercontrol.screensaverinstaller

 

iWon Object Recognized!

Type : Regkey

Data :

Category : Data Miner

Comment : SmileyCentralPFSetup2.0.2.1

Rootkey : HKEY_CLASSES_ROOT

Object : screensavercontrol.screensaverinstaller.1

 

iWon Object Recognized!

Type : Regkey

Data :

Category : Data Miner

Comment : SmileyCentralPFSetup2.0.2.1

Rootkey : HKEY_CLASSES_ROOT

Object : typelib\{29d67d3c-509a-4544-903f-c8c1b8236554}

 

iWon Object Recognized!

Type : Regkey

Data :

Category : Data Miner

Comment : SmileyCentralPFSetup2.0.2.1

Rootkey : HKEY_CLASSES_ROOT

Object : interface\{2e3537fc-cf2f-4f56-af54-5a6a3dd375cc}

 

iWon Object Recognized!

Type : Regkey

Data :

Category : Data Miner

Comment : SmileyCentralPFSetup2.0.2.1

Rootkey : HKEY_CLASSES_ROOT

Object : interface\{2e9937fc-cf2f-4f56-af54-5a6a3dd375cc}

 

iWon Object Recognized!

Type : Regkey

Data :

Category : Data Miner

Comment : SmileyCentralPFSetup2.0.0.0

Rootkey : HKEY_LOCAL_MACHINE

Object : software\microsoft\windows\currentversion\explorer\browser helper objects\{07b18ea1-a523-4961-b6bb-170de4475cca}

 

iWon Object Recognized!

Type : Regkey

Data :

Category : Data Miner

Comment : SmileyCentralPFSetup2.0.0.0

Rootkey : HKEY_LOCAL_MACHINE

Object : software\microsoft\windows\currentversion\explorer\browser helper objects\{00a6faf1-072e-44cf-8957-5838f569a31d}

 

iWon Object Recognized!

Type : Regkey

Data :

Category : Data Miner

Comment :

Rootkey : HKEY_USERS

Object : S-1-5-21-1390067357-1532298954-839522115-1004\software\mywebsearch

 

iWon Object Recognized!

Type : Regkey

Data :

Category : Data Miner

Comment :

Rootkey : HKEY_LOCAL_MACHINE

Object : software\mywebsearch

 

iWon Object Recognized!

Type : Regkey

Data :

Category : Data Miner

Comment :

Rootkey : HKEY_LOCAL_MACHINE

Object : software\focusinteractive

 

iWon Object Recognized!

Type : Regkey

Data :

Category : Data Miner

Comment :

Rootkey : HKEY_LOCAL_MACHINE

Object : software\microsoft\office\word\addins\mywebsearch.outlookaddin

 

iWon Object Recognized!

Type : Regkey

Data :

Category : Data Miner

Comment :

Rootkey : HKEY_LOCAL_MACHINE

Object : software\microsoft\office\outlook\addins\mywebsearch.outlookaddin

 

iWon Object Recognized!

Type : Regkey

Data :

Category : Data Miner

Comment :

Rootkey : HKEY_USERS

Object : S-1-5-21-1390067357-1532298954-839522115-1004\software\fun web products

 

iWon Object Recognized!

Type : Regkey

Data :

Category : Data Miner

Comment :

Rootkey : HKEY_LOCAL_MACHINE

Object : software\fun web products

 

iWon Object Recognized!

Type : Regkey

Data :

Category : Data Miner

Comment : SmileyCentralPFSetup2.0.2.1

Rootkey : HKEY_LOCAL_MACHINE

Object : software\microsoft\windows\currentversion\uninstall\mywebsearch bar uninstall

 

MagicControl Object Recognized!

Type : Regkey

Data :

Category : Data Miner

Comment :

Rootkey : HKEY_CLASSES_ROOT

Object : clsid\{19068197-6f58-4e8a-8007-7155a68ca967}

 

MagicControl Object Recognized!

Type : Regkey

Data :

Category : Data Miner

Comment :

Rootkey : HKEY_CLASSES_ROOT

Object : clsid\{75a603e7-8bb7-4272-abbe-9846ff1241c1}

 

MagicControl Object Recognized!

Type : Regkey

Data :

Category : Data Miner

Comment :

Rootkey : HKEY_CLASSES_ROOT

Object : clsid\{d7a82a12-05f5-42d8-b30d-6ef995075d2d}

 

MagicControl Object Recognized!

Type : Regkey

Data :

Category : Data Miner

Comment :

Rootkey : HKEY_CLASSES_ROOT

Object : interface\{1ef28cc5-8d97-4310-b71b-ca34ee15b897}

 

MagicControl Object Recognized!

Type : Regkey

Data :

Category : Data Miner

Comment :

Rootkey : HKEY_CLASSES_ROOT

Object : interface\{43cdad65-aa0d-4701-8108-117f86613b69}

 

MagicControl Object Recognized!

Type : Regkey

Data :

Category : Data Miner

Comment :

Rootkey : HKEY_CLASSES_ROOT

Object : interface\{6d3f48f4-b40a-4c3f-a95c-85e23c3a8a91}

 

MagicControl Object Recognized!

Type : Regkey

Data :

Category : Data Miner

Comment :

Rootkey : HKEY_CLASSES_ROOT

Object : magiccontrol.magiccomponent

 

MagicControl Object Recognized!

Type : Regkey

Data :

Category : Data Miner

Comment :

Rootkey : HKEY_CLASSES_ROOT

Object : magiccontrol.magiccomponent.1

 

MagicControl Object Recognized!

Type : Regkey

Data :

Category : Data Miner

Comment :

Rootkey : HKEY_CLASSES_ROOT

Object : plugin_mc.mcplugin

 

MagicControl Object Recognized!

Type : Regkey

Data :

Category : Data Miner

Comment :

Rootkey : HKEY_CLASSES_ROOT

Object : plugin_mc.mcplugin.1

 

MagicControl Object Recognized!

Type : Regkey

Data :

Category : Data Miner

Comment :

Rootkey : HKEY_CLASSES_ROOT

Object : typelib\{82c0673c-f1d1-47ba-b904-ab0de82300bc}

 

MagicControl Object Recognized!

Type : Regkey

Data :

Category : Data Miner

Comment :

Rootkey : HKEY_CLASSES_ROOT

Object : typelib\{ba49bd6a-039c-428e-af33-8c1288d75a7b}

 

MagicControl Object Recognized!

Type : Regkey

Data :

Category : Data Miner

Comment :

Rootkey : HKEY_CLASSES_ROOT

Object : typelib\{d55589f7-2879-47e8-9c66-27de6477a814}

 

MyWay.Speedbar Object Recognized!

Type : Regkey

Data :

Category : Data Miner

Comment :

Rootkey : HKEY_CLASSES_ROOT

Object : clsid\{07b18ea9-a523-4961-b6bb-170de4475cca}

 

MyWay.Speedbar Object Recognized!

Type : Regkey

Data :

Category : Misc

Comment :

Rootkey : HKEY_CLASSES_ROOT

Object : mywaytoolbar.netscapestartup

 

MyWay.Speedbar Object Recognized!

Type : Regkey

Data :

Category : Misc

Comment :

Rootkey : HKEY_CLASSES_ROOT

Object : mywaytoolbar.netscapeshutdown.1

 

MyWay.Speedbar Object Recognized!

Type : Regkey

Data :

Category : Misc

Comment :

Rootkey : HKEY_CLASSES_ROOT

Object : clsid\{0494d0d7-f8e0-41ad-92a3-14154ece70ac}

 

MyWay.Speedbar Object Recognized!

Type : Regkey

Data :

Category : Misc

Comment :

Rootkey : HKEY_CLASSES_ROOT

Object : interface\{0494d0dc-f8e0-41ad-92a3-14154ece70ac}

 

MyWay.Speedbar Object Recognized!

Type : Regkey

Data :

Category : Misc

Comment :

Rootkey : HKEY_CLASSES_ROOT

Object : mywaytoolbar.netscapeshutdown

 

MyWay.Speedbar Object Recognized!

Type : Regkey

Data :

Category : Misc

Comment :

Rootkey : HKEY_CLASSES_ROOT

Object : clsid\{0494d0d5-f8e0-41ad-92a3-14154ece70ac}

 

MyWay.Speedbar Object Recognized!

Type : Regkey

Data :

Category : Misc

Comment :

Rootkey : HKEY_CLASSES_ROOT

Object : mywaytoolbar.netscapestartup.1

 

MyWay.Speedbar Object Recognized!

Type : Regkey

Data :

Category : Misc

Comment :

Rootkey : HKEY_CLASSES_ROOT

Object : clsid\{014da6cd-189f-421a-88cd-07cfe51cff10}

 

MyWay.Speedbar Object Recognized!

Type : Regkey

Data :

Category : Misc

Comment :

Rootkey : HKEY_CLASSES_ROOT

Object : interface\{0494d0d6-f8e0-41ad-92a3-14154ece70ac}

 

MyWay.Speedbar Object Recognized!

Type : Regkey

Data :

Category : Misc

Comment :

Rootkey : HKEY_CLASSES_ROOT

Object : clsid\{0494d0db-f8e0-41ad-92a3-14154ece70ac}

 

MyWay.Speedbar Object Recognized!

Type : Regkey

Data :

Category : Misc

Comment :

Rootkey : HKEY_CLASSES_ROOT

Object : clsid\{0494d0d9-f8e0-41ad-92a3-14154ece70ac}

 

MyWay.Speedbar Object Recognized!

Type : Regkey

Data :

Category : Misc

Comment :

Rootkey : HKEY_CLASSES_ROOT

Object : clsid\{0494d0d3-f8e0-41ad-92a3-14154ece70ac}

 

MyWay.Speedbar Object Recognized!

Type : Regkey

Data :

Category : Misc

Comment :

Rootkey : HKEY_CLASSES_ROOT

Object : interface\{0494d0da-f8e0-41ad-92a3-14154ece70ac}

 

MyWay.Speedbar Object Recognized!

Type : Regkey

Data :

Category : Misc

Comment :

Rootkey : HKEY_CLASSES_ROOT

Object : clsid\{0494d0d1-f8e0-41ad-92a3-14154ece70ac}

 

MyWay.Speedbar Object Recognized!

Type : Regkey

Data :

Category : Misc

Comment :

Rootkey : HKEY_CLASSES_ROOT

Object : interface\{0494d0d4-f8e0-41ad-92a3-14154ece70ac}

 

MyWay.Speedbar Object Recognized!

Type : Regkey

Data :

Category : Misc

Comment :

Rootkey : HKEY_CLASSES_ROOT

Object : clsid\{0494d0d2-f8e0-41ad-92a3-14154ece70ac}

 

MyWay.Speedbar Object Recognized!

Type : Regkey

Data :

Category : Misc

Comment :

Rootkey : HKEY_CLASSES_ROOT

Object : mywaytoolbar.settingsplugin

 

MyWay.Speedbar Object Recognized!

Type : Regkey

Data :

Category : Misc

Comment :

Rootkey : HKEY_CLASSES_ROOT

Object : clsid\{014da6c9-189f-421a-88cd-07cfe51cff10}

 

MyWay.Speedbar Object Recognized!

Type : Regkey

Data :

Category : Misc

Comment :

Rootkey : HKEY_CLASSES_ROOT

Object : mywaytoolbar.settingsplugin.1

 

MyWay.Speedbar Object Recognized!

Type : Regkey

Data :

Category : Misc

Comment :

Rootkey : HKEY_CLASSES_ROOT

Object : typelib\{0494d0d0-f8e0-41ad-92a3-14154ece70ac}

 

MyWay.Speedbar Object Recognized!

Type : Regkey

Data :

Category : Misc

Comment :

Rootkey : HKEY_LOCAL_MACHINE

Object : software\microsoft\windows\currentversion\uninstall\my way speedbar uninstall

 

MyWay.Speedbar Object Recognized!

Type : Regkey

Data :

Category : Misc

Comment :

Rootkey : HKEY_LOCAL_MACHINE

Object : software\myway\mybar

 

MyWay.Speedbar Object Recognized!

Type : Regkey

Data :

Category : Misc

Comment :

Rootkey : HKEY_LOCAL_MACHINE

Object : software\myway\mybar\partner

 

MyWay.Speedbar Object Recognized!

Type : Regkey

Data :

Category : Misc

Comment :

Rootkey : HKEY_LOCAL_MACHINE

Object : software\microsoft\windows\currentversion\explorer\browser helper objects\{0494d0d1-f8e0-41ad-92a3-14154ece70ac}

 

NavExcel Object Recognized!

Type : Regkey

Data :

Category : Malware

Comment :

Rootkey : HKEY_CLASSES_ROOT

Object : appid\{710bcb5b-8c6c-483e-a4f5-faf083b13184}

 

NavExcel Object Recognized!

Type : Regkey

Data :

Category : Malware

Comment :

Rootkey : HKEY_CLASSES_ROOT

Object : clsid\{c1e58a84-95b3-4630-b8c2-d06b77b7a0fc}

 

NavExcel Object Recognized!

Type : Regkey

Data :

Category : Malware

Comment :

Rootkey : HKEY_CLASSES_ROOT

Object : interface\{20f36af3-3486-4bb6-8bcb-f1f8abe74d07}

 

NavExcel Object Recognized!

Type : Regkey

Data :

Category : Malware

Comment :

Rootkey : HKEY_CLASSES_ROOT

Object : navexcel.navhelper

 

NavExcel Object Recognized!

Type : Regkey

Data :

Category : Malware

Comment :

Rootkey : HKEY_CLASSES_ROOT

Object : navexcel.navhelper.1

 

NavExcel Object Recognized!

Type : Regkey

Data :

Category : Malware

Comment :

Rootkey : HKEY_CLASSES_ROOT

Object : typelib\{fa4de133-d3c3-4ed4-92d1-cd4dde839ab3}

 

NavExcel Object Recognized!

Type : Regkey

Data :

Category : Malware

Comment :

Rootkey : HKEY_LOCAL_MACHINE

Object : software\microsoft\windows\currentversion\explorer\browser helper objects\{c1e58a84-95b3-4630-b8c2-d06b77b7a0fc}

 

NavExcel Object Recognized!

Type : Regkey

Data :

Category : Malware

Comment :

Rootkey : HKEY_LOCAL_MACHINE

Object : software\microsoft\windows\currentversion\uninstall\navhelper

 

NavExcel Object Recognized!

Type : Regkey

Data :

Category : Malware

Comment :

Rootkey : HKEY_LOCAL_MACHINE

Object : software\navexcel

 

WhenU Object Recognized!

Type : Regkey

Data :

Category : Data Miner

Comment :

Rootkey : HKEY_CLASSES_ROOT

Object : wusn.1

 

WhenU Object Recognized!

Type : Regkey

Data :

Category : Data Miner

Comment :

Rootkey : HKEY_USERS

Object : S-1-5-21-1390067357-1532298954-839522115-1004\software\whenu

 

WhenU Object Recognized!

Type : Regkey

Data :

Category : Data Miner

Comment :

Rootkey : HKEY_LOCAL_MACHINE

Object : software\microsoft\windows\currentversion\uninstall\clocksync

 

WhenU Object Recognized!

Type : Regkey

Data :

Category : Data Miner

Comment :

Rootkey : HKEY_LOCAL_MACHINE

Object : software\whenusave

 

Win32.Adverts.TrojanDownloader Object Recognized!

Type : Regkey

Data :

Category : Malware

Comment :

Rootkey : HKEY_USERS

Object : S-1-5-21-1390067357-1532298954-839522115-1004\software\program info

 

Alexa Object Recognized!

Type : RegValue

Data :

Category : Data Miner

Comment : "{c95fe080-8f5d-11d2-a20b-00aa003c157a}"

Rootkey : HKEY_USERS

Object : .DEFAULT\software\microsoft\internet explorer\extensions\cmdmapping

Value : {c95fe080-8f5d-11d2-a20b-00aa003c157a}

 

Alexa Object Recognized!

Type : RegValue

Data :

Category : Data Miner

Comment : "{c95fe080-8f5d-11d2-a20b-00aa003c157a}"

Rootkey : HKEY_USERS

Object : S-1-5-18\software\microsoft\internet explorer\extensions\cmdmapping

Value : {c95fe080-8f5d-11d2-a20b-00aa003c157a}

 

Alexa Object Recognized!

Type : RegValue

Data :

Category : Data Miner

Comment : "{c95fe080-8f5d-11d2-a20b-00aa003c157a}"

Rootkey : HKEY_USERS

Object : S-1-5-21-1390067357-1532298954-839522115-1004\software\microsoft\internet explorer\extensions\cmdmapping

Value : {c95fe080-8f5d-11d2-a20b-00aa003c157a}

 

BargainBuddy Object Recognized!

Type : RegValue

Data :

Category : Malware

Comment : "BullsEye Network"

Rootkey : HKEY_LOCAL_MACHINE

Object : software\microsoft\windows\currentversion\run

Value : BullsEye Network

 

BargainBuddy Object Recognized!

Type : RegValue

Data :

Category : Malware

Comment : "PartnerID"

Rootkey : HKEY_LOCAL_MACHINE

Object : software\exactutil

Value : PartnerID

 

BargainBuddy Object Recognized!

Type : RegValue

Data :

Category : Malware

Comment : "UtilFolder"

Rootkey : HKEY_LOCAL_MACHINE

Object : software\exactutil

Value : UtilFolder

 

BargainBuddy Object Recognized!

Type : RegValue

Data :

Category : Malware

Comment : "PartnerName"

Rootkey : HKEY_LOCAL_MACHINE

Object : software\exactutil

Value : PartnerName

 

BargainBuddy Object Recognized!

Type : RegValue

Data :

Category : Malware

Comment : "FirstHit"

Rootkey : HKEY_LOCAL_MACHINE

Object : software\exactutil

Value : FirstHit

 

BargainBuddy Object Recognized!

Type : RegValue

Data :

Category : Malware

Comment : "BuildNumber"

Rootkey : HKEY_LOCAL_MACHINE

Object : software\exactutil

Value : BuildNumber

 

BargainBuddy Object Recognized!

Type : RegValue

Data :

Category : Malware

Comment : "UninstallUrl"

Rootkey : HKEY_LOCAL_MACHINE

Object : software\exactutil

Value : UninstallUrl

 

BargainBuddy Object Recognized!

Type : RegValue

Data :

Category : Malware

Comment : "UniqueKeyUrl"

Rootkey : HKEY_LOCAL_MACHINE

Object : software\exactutil

Value : UniqueKeyUrl

 

BargainBuddy Object Recognized!

Type : RegValue

Data :

Category : Malware

Comment : "FirstHitUrl"

Rootkey : HKEY_LOCAL_MACHINE

Object : software\exactutil

Value : FirstHitUrl

 

ExactSearchBar Object Recognized!

Type : RegValue

Data :

Category : Data Miner

Comment : "{224530A0-C9CB-4AEE-9C0F-54AC1B533211}"

Rootkey : HKEY_LOCAL_MACHINE

Object : software\microsoft\windows\currentversion\shell extensions\approved

Value : {224530A0-C9CB-4AEE-9C0F-54AC1B533211}

 

iWon Object Recognized!

Type : RegValue

Data :

Category : Data Miner

Comment : SmileyCentralPFSetup2.0.2.1

Rootkey : HKEY_USERS

Object : S-1-5-21-1390067357-1532298954-839522115-1004\software\microsoft\windows\currentversion\run

Value : MyWebSearch Email Plugin

 

iWon Object Recognized!

Type : RegValue

Data :

Category : Data Miner

Comment : SmileyCentralPFSetup2.0.2.1

Rootkey : HKEY_LOCAL_MACHINE

Object : software\microsoft\windows\currentversion\run

Value : MyWebSearch Email Plugin

 

MyWay.Speedbar Object Recognized!

Type : RegValue

Data :

Category : Misc

Comment : "{07B18EA9-A523-4961-B6BB-170DE4475CCA}"

Rootkey : HKEY_USERS

Object : S-1-5-21-1390067357-1532298954-839522115-1004\software\microsoft\internet explorer\toolbar\webbrowser

Value : {07B18EA9-A523-4961-B6BB-170DE4475CCA}

 

MyWay.Speedbar Object Recognized!

Type : RegValue

Data :

Category : Misc

Comment : "{0494D0D9-F8E0-41ad-92A3-14154ECE70AC}"

Rootkey : HKEY_LOCAL_MACHINE

Object : software\microsoft\internet explorer\toolbar

Value : {0494D0D9-F8E0-41ad-92A3-14154ECE70AC}

 

MyWay.Speedbar Object Recognized!

Type : RegValue

Data :

Category : Misc

Comment : "{07B18EA9-A523-4961-B6BB-170DE4475CCA}"

Rootkey : HKEY_LOCAL_MACHINE

Object : software\microsoft\internet explorer\toolbar

Value : {07B18EA9-A523-4961-B6BB-170DE4475CCA}

 

WhenU Object Recognized!

Type : RegValue

Data :

Category : Data Miner

Comment : "WeatherCast"

Rootkey : HKEY_USERS

Object : S-1-5-21-1390067357-1532298954-839522115-1004\software\microsoft\windows\currentversion\run

Value : WeatherCast

 

WhenU Object Recognized!

Type : RegValue

Data :

Category : Data Miner

Comment : "WhenUSave"

Rootkey : HKEY_LOCAL_MACHINE

Object : software\microsoft\windows\currentversion\run

Value : WhenUSave

 

Registry Scan result:

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

New critical objects: 188

Objects found so far: 193

 

 

Started deep registry scan

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

 

Possible Browser Hijack attempt Object Recognized!

Type : Regkey

Data : Software\Microsoft\Windows\CurrentVersion\Uninstall\BargainBuddy "http://www.exactadvertising.com'>http://www.exactadvertising.com"'>http://www.exactadvertising.com"

Category : Data Miner

Comment : (http://www.exactadvertising.com)

Rootkey : HKEY_LOCAL_MACHINE

Object : Software\Microsoft\Windows\CurrentVersion\Uninstall\BargainBuddy

 

Possible Browser Hijack attempt Object Recognized!

Type : Regkey

Data : Software\Microsoft\Windows\CurrentVersion\Uninstall\CashBack "http://www.cashbackbuddy.com"'>http://www.cashbackbuddy.com"

Category : Data Miner

Comment : (http://www.cashbackbuddy.com)

Rootkey : HKEY_LOCAL_MACHINE

Object : Software\Microsoft\Windows\CurrentVersion\Uninstall\CashBack

 

Possible Browser Hijack attempt Object Recognized!

Type : Regkey

Data : Software\Microsoft\Windows\CurrentVersion\Uninstall\NaviSearch "http://www.exactadvertising.com"

Category : Data Miner

Comment : (http://www.exactadvertising.com)

Rootkey : HKEY_LOCAL_MACHINE

Object : Software\Microsoft\Windows\CurrentVersion\Uninstall\NaviSearch

 

Dialer Object Recognized!

Type : Regkey

Data :

Category : Dialer

Comment :

Rootkey : HKEY_LOCAL_MACHINE

Object : Software\microsoft\windows\currentversion\moduleusage\C:/WINDOWS/System32/eglivecam_1028.dll

 

Dialer Object Recognized!

Type : File

Data : /windows/system32/eglivecam_1028.dll

Category : Dialer

Comment :

Object : c:

 

 

WhenU Object Recognized!

Type : RegValue

Data :

Category : Data Miner

Comment : "ClockSync"

Rootkey : HKEY_CURRENT_USER

Object : Software\Microsoft\Windows\CurrentVersion\Run

Value : ClockSync

 

WhenU Object Recognized!

Type : File

Data : sync.exe

Category : Data Miner

Comment :

Object : c:\program\clocks~1 FileVersion : 1, 0, 1, 62

ProductVersion : 1, 0, 1, 62

ProductName : ClockSync

FileDescription : ClockSync

InternalName : TEST1

LegalCopyright : Copyright 2003 WhenU, Inc.

OriginalFilename : ClockSync.exe

 

 

eUniverse Object Recognized!

Type : RegValue

Data :

Category : Data Miner

Comment : "SearchUpgrader"

Rootkey : HKEY_LOCAL_MACHINE

Object : Software\Microsoft\Windows\CurrentVersion\Run

Value : SearchUpgrader

 

eUniverse Object Recognized!

Type : File

Data : searchupgrader.exe

Category : Data Miner

Comment :

Object : c:\program\common files\searchupgrader FileVersion : 1, 5, 6, 0

ProductVersion : 1, 5, 6, 0

ProductName : SearchUpgrader

FileDescription : Application

InternalName : SearchUpgrader

 

 

Dialer Object Recognized!

Type : RegValue

Data : C:\WINDOWS\System32\eglivecam_1028.dll

Category : Dialer

Comment :

Rootkey : HKEY_LOCAL_MACHINE

Object : Software\Microsoft\Windows\CurrentVersion\SharedDLLs

Value : C:\WINDOWS\System32\eglivecam_1028.dll

 

Deep registry scan result:

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

New critical objects: 7

Objects found so far: 203

 

 

Started Tracking Cookie scan

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

 

 

Tracking Cookie Object Recognized!

Type : IECache Entry

Data : marie nilsson@bravenet[2].txt

Category : Data Miner

Comment : Cookie:marie nilsson@bravenet.com/

Value : Cookie:marie nilsson@bravenet.com/

 

Tracking Cookie Object Recognized!

Type : IECache Entry

Data : marie nilsson@advertising[2].txt

Category : Data Miner

Comment : Cookie:marie nilsson@advertising.com/

Value : Cookie:marie nilsson@advertising.com/

 

Tracking Cookie Object Recognized!

Type : IECache Entry

Data : marie nilsson@0[1].txt

Category : Data Miner

Comment : Cookie:marie nilsson@jkazaa.cjt1.net/HTM/276/0

Value : Cookie:marie nilsson@jkazaa.cjt1.net/HTM/276/0

 

Tracking Cookie Object Recognized!

Type : IECache Entry

Data : marie nilsson@276[1].txt

Category : Data Miner

Comment : Cookie:marie nilsson@jkazaa.cjt1.net/HTM/276

Value : Cookie:marie nilsson@jkazaa.cjt1.net/HTM/276

 

Tracking Cookie Object Recognized!

Type : IECache Entry

Data : marie nilsson@as1.falkag[2].txt

Category : Data Miner

Comment : Cookie:marie nilsson@as1.falkag.de/

Value : Cookie:marie nilsson@as1.falkag.de/

 

Tracking Cookie Object Recognized!

Type : IECache Entry

Data : marie nilsson@vad.mainentrypoint[1].txt

Category : Data Miner

Comment : Cookie:marie nilsson@vad.mainentrypoint.com/

Value : Cookie:marie nilsson@vad.mainentrypoint.com/

 

Tracking Cookie Object Recognized!

Type : IECache Entry

Data : marie nilsson@cgi-bin[3].txt

Category : Data Miner

Comment : Cookie:marie nilsson@imrworldwide.com/cgi-bin

Value : Cookie:marie nilsson@imrworldwide.com/cgi-bin

 

Tracking Cookie Object Recognized!

Type : IECache Entry

Data : marie nilsson@www.mp3search[1].txt

Category : Data Miner

Comment : Cookie:marie nilsson@www.mp3search.com/

Value : Cookie:marie nilsson@www.mp3search.com/

 

Tracking Cookie Object Recognized!

Type : IECache Entry

Data : marie nilsson@2o7[1].txt

Category : Data Miner

Comment : Cookie:marie nilsson@2o7.net/

Value : Cookie:marie nilsson@2o7.net/

 

Tracking Cookie Object Recognized!

Type : IECache Entry

Data : marie nilsson@adtech[1].txt

Category : Data Miner

Comment : Cookie:marie nilsson@adtech.de/

Value : Cookie:marie nilsson@adtech.de/

 

Tracking Cookie Object Recognized!

Type : IECache Entry

Data : marie nilsson@www.goldenpalace[1].txt

Category : Data Miner

Comment : Cookie:marie nilsson@www.goldenpalace.com/

Value : Cookie:marie nilsson@www.goldenpalace.com/

 

Tracking Cookie Object Recognized!

Type : IECache Entry

Data : marie nilsson@tickle[1].txt

Category : Data Miner

Comment : Cookie:marie nilsson@tickle.com/

Value : Cookie:marie nilsson@tickle.com/

 

Tracking Cookie Object Recognized!

Type : IECache Entry

Data : marie nilsson@cgi-bin[2].txt

Category : Data Miner

Comment : Cookie:marie nilsson@www.fjallraven.se/cgi-bin/

Value : Cookie:marie nilsson@www.fjallraven.se/cgi-bin/

 

Tracking Cookie Object Recognized!

Type : IECache Entry

Data : marie nilsson@servedby.advertising[2].txt

Category : Data Miner

Comment : Cookie:marie nilsson@servedby.advertising.com/

Value : Cookie:marie nilsson@servedby.advertising.com/

 

Tracking Cookie Object Recognized!

Type : IECache Entry

Data : marie nilsson@a.as-us.falkag[1].txt

Category : Data Miner

Comment : Cookie:marie nilsson@a.as-us.falkag.net/

Value : Cookie:marie nilsson@a.as-us.falkag.net/

 

Tracking Cookie Object Recognized!

Type : IECache Entry

Data : marie nilsson@n3sport.adhostcenter[2].txt

Category : Data Miner

Comment : Cookie:marie nilsson@n3sport.adhostcenter.com/

Value : Cookie:marie nilsson@n3sport.adhostcenter.com/

 

Tracking Cookie Object Recognized!

Type : IECache Entry

Data : marie nilsson@banner.goldenpalace[2].txt

Category : Data Miner

Comment : Cookie:marie nilsson@banner.goldenpalace.com/

Value : Cookie:marie nilsson@banner.goldenpalace.com/

 

Tracking Cookie Object Recognized!

Type : IECache Entry

Data : marie nilsson@instadia[1].txt

Category : Data Miner

Comment : Cookie:marie nilsson@instadia.net/

Value : Cookie:marie nilsson@instadia.net/

 

Tracking Cookie Object Recognized!

Type : IECache Entry

Data : marie nilsson@overture[2].txt

Category : Data Miner

Comment : Cookie:marie nilsson@overture.com/

Value : Cookie:marie nilsson@overture.com/

 

Tracking Cookie Object Recognized!

Type : IECache Entry

Data : marie nilsson@www.loplabbet[2].txt

Category : Data Miner

Comment : Cookie:marie nilsson@www.loplabbet.se/

Value : Cookie:marie nilsson@www.loplabbet.se/

 

Tracking Cookie Object Recognized!

Type : IECache Entry

Data : marie nilsson@ehg-dig.hitbox[1].txt

Category : Data Miner

Comment : Cookie:marie nilsson@ehg-dig.hitbox.com/

Value : Cookie:marie nilsson@ehg-dig.hitbox.com/

 

Tracking Cookie Object Recognized!

Type : IECache Entry

Data : marie nilsson@trafficmp[1].txt

Category : Data Miner

Comment : Cookie:marie nilsson@trafficmp.com/

Value : Cookie:marie nilsson@trafficmp.com/

 

Tracking Cookie Object Recognized!

Type : IECache Entry

Data : marie nilsson@counter9.sextracker[1].txt

Category : Data Miner

Comment : Cookie:marie nilsson@counter9.sextracker.com/

Value : Cookie:marie nilsson@counter9.sextracker.com/

 

Tracking Cookie Object Recognized!

Type : IECache Entry

Data : marie nilsson@atdmt[1].txt

Category : Data Miner

Comment : Cookie:marie nilsson@atdmt.com/

Value : Cookie:marie nilsson@atdmt.com/

 

Tracking Cookie Object Recognized!

Type : IECache Entry

Data : marie nilsson@gator[2].txt

Category : Data Miner

Comment : Cookie:marie nilsson@gator.com/

Value : Cookie:marie nilsson@gator.com/

 

Tracking Cookie Object Recognized!

Type : IECache Entry

Data : marie nilsson@kelkoo[1].txt

Category : Data Miner

Comment : Cookie:marie nilsson@kelkoo.se/

Value : Cookie:marie nilsson@kelkoo.se/

 

Tracking Cookie Object Recognized!

Type : IECache Entry

Data : marie nilsson@realmedia[1].txt

Category : Data Miner

Comment : Cookie:marie nilsson@realmedia.com/

Value : Cookie:marie nilsson@realmedia.com/

 

Tracking Cookie Object Recognized!

Type : IECache Entry

Data : marie nilsson@tradedoubler[2].txt

Category : Data Miner

Comment : Cookie:marie nilsson@tradedoubler.com/

Value : Cookie:marie nilsson@tradedoubler.com/

 

Tracking Cookie Object Recognized!

Type : IECache Entry

Data : marie nilsson@sextracker[1].txt

Category : Data Miner

Comment : Cookie:marie nilsson@sextracker.com/

Value : Cookie:marie nilsson@sextracker.com/

 

Tracking Cookie Object Recognized!

Type : IECache Entry

Data : marie nilsson@maxserving[2].txt

Category : Data Miner

Comment : Cookie:marie nilsson@maxserving.com/

Value : Cookie:marie nilsson@maxserving.com/

 

Tracking Cookie Object Recognized!

Type : IECache Entry

Data : marie nilsson@fastclick[1].txt

Category : Data Miner

Comment : Cookie:marie nilsson@fastclick.net/

Value : Cookie:marie nilsson@fastclick.net/

 

Tracking Cookie Object Recognized!

Type : IECache Entry

Data : marie nilsson@adx.adhostcenter[2].txt

Category : Data Miner

Comment : Cookie:marie nilsson@adx.adhostcenter.com/

Value : Cookie:marie nilsson@adx.adhostcenter.com/

 

Tracking Cookie Object Recognized!

Type : IECache Entry

Data : marie nilsson@questionmarket[1].txt

Category : Data Miner

Comment : Cookie:marie nilsson@questionmarket.com/

Value : Cookie:marie nilsson@questionmarket.com/

 

Tracking Cookie Object Recognized!

Type : IECache Entry

Data : marie nilsson@doubleclick[1].txt

Category : Data Miner

Comment : Cookie:marie nilsson@doubleclick.net/

Value : Cookie:marie nilsson@doubleclick.net/

 

Tracking Cookie Object Recognized!

Type : IECache Entry

Data : marie nilsson@tribalfusion[1].txt

Category : Data Miner

Comment : Cookie:marie nilsson@tribalfusion.com/

Value : Cookie:marie nilsson@tribalfusion.com/

 

Tracking Cookie Object Recognized!

Type : IECache Entry

Data : marie nilsson@toteme[2].txt

Category : Data Miner

Comment : Cookie:marie nilsson@toteme.com/

Value : Cookie:marie nilsson@toteme.com/

 

Tracking Cookie Object Recognized!

Type : IECache Entry

Data : marie nilsson@ehg-tfl.hitbox[2].txt

Category : Data Miner

Comment : Cookie:marie nilsson@ehg-tfl.hitbox.com/

Value : Cookie:marie nilsson@ehg-tfl.hitbox.com/

 

Tracking Cookie Object Recognized!

Type : IECache Entry

Data : marie nilsson@adviva[2].txt

Category : Data Miner

Comment : Cookie:marie nilsson@adviva.net/

Value : Cookie:marie nilsson@adviva.net/

 

Tracking Cookie Object Recognized!

Type : IECache Entry

Data : marie nilsson@hitbox[1].txt

Category : Data Miner

Comment : Cookie:marie nilsson@hitbox.com/

Value : Cookie:marie nilsson@hitbox.com/

 

Tracking Cookie Object Recognized!

Type : IECache Entry

Data : marie nilsson@server.iad.liveperson[1].txt

Category : Data Miner

Comment : Cookie:marie nilsson@server.iad.liveperson.net/

Value : Cookie:marie nilsson@server.iad.liveperson.net/

 

Tracking Cookie Object Recognized!

Type : IECache Entry

Data : marie nilsson@bfast[1].txt

Category : Data Miner

Comment : Cookie:marie nilsson@bfast.com/

Value : Cookie:marie nilsson@bfast.com/

 

Tracking Cookie Object Recognized!

Type : IECache Entry

Data : marie nilsson@z1.adserver[1].txt

Category : Data Miner

Comment : Cookie:marie nilsson@z1.adserver.com/

Value : Cookie:marie nilsson@z1.adserver.com/

 

Tracking Cookie Object Recognized!

Type : IECache Entry

Data : marie nilsson@hc2.humanclick[1].txt

Category : Data Miner

Comment : Cookie:marie nilsson@hc2.humanclick.com/

Value : Cookie:marie nilsson@hc2.humanclick.com/

 

Tracking Cookie Object Recognized!

Type : IECache Entry

Data : marie nilsson@tmpad[2].txt

Category : Data Miner

Comment : Cookie:marie nilsson@ad.trafficmp.com/tmpad

Value : Cookie:marie nilsson@ad.trafficmp.com/tmpad

 

Tracking Cookie Object Recognized!

Type : IECache Entry

Data : marie nilsson@mediaplex[2].txt

Category : Data Miner

Comment : Cookie:marie nilsson@mediaplex.com/

Value : Cookie:marie nilsson@mediaplex.com/

 

Tracking Cookie Object Recognized!

Type : IECache Entry

Data : marie nilsson@banner.aspinallsonlinecasino[2].txt

Category : Data Miner

Comment : Cookie:marie nilsson@banner.aspinallsonlinecasino.com/

Value : Cookie:marie nilsson@banner.aspinallsonlinecasino.com/

 

Tracking Cookie Object Recognized!

Type : IECache Entry

Data : marie nilsson@phg.hitbox[1].txt

Category : Data Miner

Comment : Cookie:marie nilsson@phg.hitbox.com/

Value : Cookie:marie nilsson@phg.hitbox.com/

 

Tracking cookie scan result:

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

New critical objects: 47

Objects found so far: 250

 

 

 

Deep scanning and examining files...

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

 

Disk Scan Result for C:\WINDOWS

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

New critical objects: 0

Objects found so far: 250

 

Dialer Object Recognized!

Type : File

Data : eglivecam_1028.dll

Category : Dialer

Comment :

Object : C:\WINDOWS\System32

 

 

iWon Object Recognized!

Type : File

Data : f3pssavr.scr

Category : Data Miner

Comment : SmileyCentralPFSetup2.0.2.1

Object : C:\WINDOWS\System32 FileVersion : 1, 0, 2, 0

ProductVersion : 1, 0, 2, 0

ProductName : Popular Screensavers

CompanyName : FunWebProducts.com

FileDescription : Popular Screensavers

InternalName : f3PSSavr

LegalCopyright : Copyright © 2004

OriginalFilename : f3PSSavr.scr

 

 

Disk Scan Result for C:\WINDOWS\System32

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

New critical objects: 0

Objects found so far: 252

 

Disk Scan Result for C:\DOCUME~1\MARIEN~1\LOKALA~1\Temp»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

New critical objects: 0

Objects found so far: 252

 

 

Scanning Hosts file......

Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts".

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

 

Hosts file scan result:

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

1 entries scanned.

New critical objects:0

Objects found so far: 252

 

 

 

MRU List Object Recognized!

Location: : S-1-5-21-1390067357-1532298954-839522115-1004\software\microsoft\windows\currentversion\applets\paint\recent file list

Description : list of files recently opened using microsoft paint

 

 

MRU List Object Recognized!

Location: : S-1-5-21-1390067357-1532298954-839522115-1004\software\microsoft\windows\currentversion\explorer\runmru

Description : mru list for items opened in start | run

 

 

MRU List Object Recognized!

Location: : S-1-5-21-1390067357-1532298954-839522115-1004\software\microsoft\search assistant\acmru

Description : list of recent search terms used with the search assistant

 

 

MRU List Object Recognized!

Location: : S-1-5-21-1390067357-1532298954-839522115-1004\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru

Description : list of recently saved files, stored according to file extension

 

 

MRU List Object Recognized!

Location: : S-1-5-21-1390067357-1532298954-839522115-1004\software\microsoft\windows\currentversion\explorer\comdlg32\lastvisitedmru

Description : list of recent programs opened

 

 

MRU List Object Recognized!

Location: : S-1-5-21-1390067357-1532298954-839522115-1004\software\microsoft\windows\currentversion\explorer\recentdocs

Description : list of recent documents opened

 

 

MRU List Object Recognized!

Location: : S-1-5-21-1390067357-1532298954-839522115-1004\software\microsoft\mediaplayer\player\recentfilelist

Description : list of recently used files in microsoft windows media player

 

 

MRU List Object Recognized!

Location: : S-1-5-21-1390067357-1532298954-839522115-1004\software\realnetworks\realplayer\6.0\preferences

Description : list of recent skins in realplayer

 

 

MRU List Object Recognized!

Location: : S-1-5-21-1390067357-1532298954-839522115-1004\software\microsoft\internet explorer

Description : last download directory used in microsoft internet explorer

 

 

MRU List Object Recognized!

Location: : software\microsoft\directdraw\mostrecentapplication

Description : most recent application to use microsoft directdraw

 

 

MRU List Object Recognized!

Location: : S-1-5-21-1390067357-1532298954-839522115-1004\software\microsoft\microsoft management console\recent file list

Description : list of recent snap-ins used in the microsoft management console

 

 

MRU List Object Recognized!

Location: : S-1-5-21-1390067357-1532298954-839522115-1004\software\google\navclient\1.1\history

Description : list of recently used search terms in the google toolbar

 

 

MRU List Object Recognized!

Location: : S-1-5-21-1390067357-1532298954-839522115-1004\software\microsoft\internet explorer\typedurls

Description : list of recently entered addresses in microsoft internet explorer

 

 

MRU List Object Recognized!

Location: : S-1-5-21-1390067357-1532298954-839522115-1004\software\creative tech\creative wavestudio\settings

Description : list of recently used directories in creative wavestudio

 

 

MRU List Object Recognized!

Location: : software\microsoft\direct3d\mostrecentapplication

Description : most recent application to use microsoft direct3d

 

 

MRU List Object Recognized!

Location: : S-1-5-21-1390067357-1532298954-839522115-1004\software\realnetworks\realplayer\6.0\preferences

Description : list of recent clips in realplayer

 

 

MRU List Object Recognized!

Location: : S-1-5-21-1390067357-1532298954-839522115-1004\software\microsoft\frontpage\explorer\frontpage explorer\recent web list

Description : list of recently used webs in microsoft frontpage

 

 

MRU List Object Recognized!

Location: : S-1-5-21-1390067357-1532298954-839522115-1004\software\microsoft\mediaplayer\preferences

Description : last playlist loaded in microsoft windows media player

 

 

MRU List Object Recognized!

Location: : S-1-5-21-1390067357-1532298954-839522115-1004\software\realnetworks\realplayer\6.0\preferences

Description : last login time in realplayer

 

 

MRU List Object Recognized!

Location: : S-1-5-21-1390067357-1532298954-839522115-1004\software\microsoft\frontpage\explorer\frontpage explorer\recent file list

Description : list of recently used files in microsoft frontpage

 

 

MRU List Object Recognized!

Location: : software\microsoft\direct3d\mostrecentapplication

Description : most recent application to use microsoft direct X

 

 

MRU List Object Recognized!

Location: : .DEFAULT\software\microsoft\windows media\wmsdk\general

Description : windows media sdk

 

 

MRU List Object Recognized!

Location: : S-1-5-18\software\microsoft\windows media\wmsdk\general

Description : windows media sdk

 

 

MRU List Object Recognized!

Location: : S-1-5-21-1390067357-1532298954-839522115-1004\software\microsoft\windows media\wmsdk\general

Description : windows media sdk

 

 

MRU List Object Recognized!

Location: : C:\Documents and Settings\Marie Nilsson\Application Data\microsoft\office\recent

Description : list of recently opened documents using microsoft office

 

 

MRU List Object Recognized!

Location: : C:\Documents and Settings\Marie Nilsson\recent

Description : list of recently opened documents

 

 

 

Performing conditional scans...

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

 

BargainBuddy Object Recognized!

Type : Regkey

Data :

Category : Malware

Comment :

Rootkey : HKEY_CLASSES_ROOT

Object : interface\{8eee58d5-130e-4cbd-9c83-35a0564ea119}

 

BargainBuddy Object Recognized!

Type : Folder

Category : Malware

Comment :

Object : C:\Program\BullsEye Network

 

BargainBuddy Object Recognized!

Type : Folder

Category : Malware

Comment :

Object : C:\Program\Bargain Buddy

 

BargainBuddy Object Recognized!

Type : File

Data : exul.exe

Category : Malware

Comment :

Object : C:\WINDOWS\System32 FileVersion : 1, 0, 0, 1

ProductVersion : 1, 0, 0, 1

ProductName : Upload Module

CompanyName : eXact Advertising

FileDescription : Upload Module

InternalName : Upload Utility

LegalCopyright : Copyright © 2003, 2004. eXact Advertising, LLC. All Rights Reserved.

OriginalFilename : exul.exe

 

 

BargainBuddy Object Recognized!

Type : File

Data : exdl.exe

Category : Malware

Comment :

Object : C:\WINDOWS\System32 FileVersion : 1, 0, 0, 6

ProductVersion : 1, 0, 0, 6

ProductName : Download Module

CompanyName : eXact Advertising

FileDescription : Download Module

InternalName : Download Utility

LegalCopyright : Copyright © 2003, 2004. eXact Advertising, LLC. All Rights Reserved.

OriginalFilename : exdl.exe

 

 

BargainBuddy Object Recognized!

Type : File

Data : bbchk.exe

Category : Malware

Comment :

Object : C:\WINDOWS\System32 FileVersion : 5.101.1663.1

ProductVersion : 5.101.1663.1

ProductName : Microsoft® Windows NT® Operating System

CompanyName : Microsoft Corporation

FileDescription : ECM ChkTrust

InternalName : CHKTRUST.EXE

LegalCopyright : Copyright © Microsoft Corp. 1981-1997

OriginalFilename : CHKTRUST.EXE

 

 

BargainBuddy Object Recognized!

Type : File

Data : adv.exe

Category : Malware

Comment :

Object : C:\Program\bullseye network\bin FileVersion : 1.00

ProductVersion : 1.00

ProductName : adv

CompanyName : eXact Advertising

InternalName : adv

LegalCopyright : Copyright © 2003, 2004. eXact Advertising, LLC. All Rights Reserved.

OriginalFilename : adv.exe

 

 

BargainBuddy Object Recognized!

Type : File

Data : adx.exe

Category : Malware

Comment :

Object : C:\Program\bullseye network\bin FileVersion : 1.00

ProductVersion : 1.00

ProductName : adx

CompanyName : eXact Advertising

InternalName : adx

LegalCopyright : Copyright © 2003, 2004. eXact Advertising, LLC. All Rights Reserved.

OriginalFilename : adx.exe

 

 

BargainBuddy Object Recognized!

Type : File

Data : bargains.exe

Category : Malware

Comment :

Object : C:\Program\bullseye network\bin FileVersion : 2, 0, 0, 1

ProductVersion : 2, 0, 0, 1

ProductName : BargainsBuddy ADP Module

CompanyName : eXact Advertising

FileDescription : bargains

InternalName : ADP

LegalCopyright : Copyright © 2003, 2004. eXact Advertising, LLC. All Rights Reserved.

OriginalFilename : bargains.exe

 

 

BargainBuddy Object Recognized!

Type : File

Data : ad.dat

Category : Malware

Comment :

Object : C:\Program\bullseye network

 

 

BargainBuddy Object Recognized!

Type : File

Data : ub.dat

Category : Malware

Comment :

Object : C:\Program\bullseye network

 

 

BargainBuddy Object Recognized!

Type : File

Data : Uninstall.exe

Category : Malware

Comment :

Object : C:\Program\bullseye network FileVersion : 8.0.3.1

ProductName : BullsEye Network

CompanyName : eXact Advertising

FileDescription : BargainBuddy Module

LegalCopyright : Copyright © 2003, 2004. eXact Advertising, LLC. All Rights Reserved.

LegalTrademarks : Copyright © 2003, 2004. eXact Advertising, LLC. All Rights Reserved.

Comments : BargainBuddy Module

 

 

iWon Object Recognized!

Type : Regkey

Data :

Category : Data Miner

Comment :

Rootkey : HKEY_CLASSES_ROOT

Object : clsid\{a4730ebe-43a6-443e-9776-36915d323ad3}

 

iWon Object Recognized!

Type : Regkey

Data :

Category : Data Miner

Comment :

Rootkey : HKEY_LOCAL_MACHINE

Object : software\funwebproducts

 

iWon Object Recognized!

Type : Folder

Category : Data Miner

Comment :

Object : C:\Program\FunWebProducts

 

iWon Object Recognized!

Type : File

Data : MyWebSearch Email Plugin.lnk

Category : Data Miner

Comment :

Object : C:\Documents and Settings\Marie Nilsson\Start-meny\Program\Autostart

 

 

AltnetBDE Object Recognized!

Type : Folder

Category : Data Miner

Comment :

Object : C:\WINDOWS\temp\Altnet

 

AltnetBDE Object Recognized!

Type : File

Data : adm.exe

Category : Data Miner

Comment :

Object : C:\WINDOWS\temp\altnet FileVersion : 4, 0, 0, 5

ProductVersion : 4, 0, 0, 0

ProductName : ADM

CompanyName : Altnet

FileDescription : ADM

InternalName : ADM

LegalCopyright : Copyright © 2003, 2004 Altnet

OriginalFilename : ADM.exe

 

 

AltnetBDE Object Recognized!

Type : File

Data : adm25.dll

Category : Data Miner

Comment :

Object : C:\WINDOWS\temp\altnet FileVersion : 1, 2, 4, 3

ProductVersion : 1, 0, 0, 0

ProductName : ADM

CompanyName : Altnet

FileDescription : ADM

InternalName : ADM

LegalCopyright : Copyright 2002

OriginalFilename : ADM25.dll

 

 

AltnetBDE Object Recognized!

Type : File

Data : adm4.dll

Category : Data Miner

Comment :

Object : C:\WINDOWS\temp\altnet FileVersion : 4, 0, 0, 6

ProductVersion : 4, 0, 0, 0

ProductName : ADM

CompanyName : Altnet

FileDescription : ADM

InternalName : ADM

LegalCopyright : Copyright © 2003 Altnet

OriginalFilename : ADM4.dll

 

 

AltnetBDE Object Recognized!

Type : File

Data : admdata.dll

Category : Data Miner

Comment :

Object : C:\WINDOWS\temp\altnet FileVersion : 1, 0, 1, 10

ProductVersion : 1, 0, 0, 0

ProductName : ADMData

CompanyName : Altnet

FileDescription : ADMData

InternalName : ADMData

LegalCopyright : Copyright 1999

OriginalFilename : ADMData.dll

 

 

AltnetBDE Object Recognized!

Type : File

Data : admdloader.dll

Category : Data Miner

Comment :

Object : C:\WINDOWS\temp\altnet FileVersion : 3, 0, 39, 2

ProductVersion : 3, 0, 0, 0

ProductName : ADMDloader

CompanyName : Altnet

FileDescription : BDEDownloader

InternalName : ADMDloader

LegalCopyright : Copyright © 2001 Altnet

OriginalFilename : ADMDloader.dll

 

 

AltnetBDE Object Recognized!

Type : File

Data : admfdi.dll

Category : Data Miner

Comment :

Object : C:\WINDOWS\temp\altnet FileVersion : 1, 0, 0, 8

ProductVersion : 1, 0, 0, 0

ProductName : ADMFdi

CompanyName : Altnet

FileDescription : ADMFdi

InternalName : ADMFdi

LegalCopyright : Copyright © 2000

OriginalFilename : ADMFdi

 

 

AltnetBDE Object Recognized!

Type : File

Data : admprog.dll

Category : Data Miner

Comment :

Object : C:\WINDOWS\temp\altnet FileVersion : 4, 0, 0, 4

ProductVersion : 4, 0, 0, 0

ProductName : ADMProg

CompanyName : Altnet

InternalName : ADMProg

LegalCopyright : Copyright © 2003 Altnet

OriginalFilename : ADMProg.dll

 

 

AltnetBDE Object Recognized!

Type : File

Data : atl.dll

Category : Data Miner

Comment :

Object : C:\WINDOWS\temp\altnet FileVersion : 3.00.8168

ProductVersion : 6.00.8168

ProductName : Microsoft ® Visual C++

CompanyName : Microsoft Corporation

FileDescription : ATL Module for Windows (ANSI)

InternalName : ATL

LegalCopyright : Copyright © Microsoft Corp. 1996-1998

OriginalFilename : ATL.DLL

 

 

AltnetBDE Object Recognized!

Type : File

Data : dmfiles.cab

Category : Data Miner

Comment :

Object : C:\WINDOWS\temp\altnet

 

 

AltnetBDE Object Recognized!

Type : File

Data : DMinfo3.cab

Category : Data Miner

Comment :

Object : C:\WINDOWS\temp\altnet

 

 

AltnetBDE Object Recognized!

Type : File

Data : dminstall7.cab

Category : Data Miner

Comment :

Object : C:\WINDOWS\temp\altnet

 

 

AltnetBDE Object Recognized!

Type : File

Data : msvcirt.dll

Category : Data Miner

Comment :

Object : C:\WINDOWS\temp\altnet FileVersion : 6.00.8168.0

ProductVersion : 6.00.8168.0

ProductName : Microsoft ® Visual C++

CompanyName : Microsoft Corporation

FileDescription : Microsoft ® C++ Runtime Library

InternalName : MSVCIRT.DLL

LegalCopyright : Copyright © Microsoft Corp. 1981-1998

OriginalFilename : MSVCIRT.DLL

 

 

AltnetBDE Object Recognized!

Type : File

Data : mysearch.cab

Category : Data Miner

Comment :

Object : C:\WINDOWS\temp\altnet

 

 

AltnetBDE Object Recognized!

Type : File

Data : pmexe.cab

Category : Data Miner

Comment :

Object : C:\WINDOWS\temp\altnet

 

 

AltnetBDE Object Recognized!

Type : File

Data : pmfiles.cab

Category : Data Miner

Comment :

Object : C:\WINDOWS\temp\altnet

 

 

AltnetBDE Object Recognized!

Type : File

Data : pminstall.cab

Category : Data Miner

Comment :

Object : C:\WINDOWS\temp\altnet

 

 

AltnetBDE Object Recognized!

Type : File

Data : Setup.cab

Category : Data Miner

Comment :

Object : C:\WINDOWS\temp\altnet

 

 

AltnetBDE Object Recognized!

Type : File

Data : Setup.exe

Category : Data Miner

Comment :

Object : C:\WINDOWS\temp\altnet FileVersion : 1, 0, 4, 13

ProductVersion : 1, 0, 0, 0

ProductName : AltnetInstaller

CompanyName : Altnet

FileDescription : AltnetInstaller

InternalName : AltnetInstaller

LegalCopyright : Copyright © 2003

OriginalFilename : AltnetInstaller.exe

 

 

Claria Object Recognized!

Type : File

Data : GatorPdpSetup.log

Category : Data Miner

Comment :

Object : C:\WINDOWS

 

 

Claria Object Recognized!

Type : File

Data : GatorUninstaller_cme.log

Category : Data Miner

Comment :

Object : C:\WINDOWS

 

 

Claria Object Recognized!

Type : File

Data : GatorUninstaller_cme_u.log

Category : Data Miner

Comment :

Object : C:\WINDOWS

 

 

eUniverse Object Recognized!

Type : Folder

Category : Data Miner

Comment :

Object : C:\Program\perfectnav\BHO

 

eUniverse Object Recognized!

Type : Folder

Category : Data Miner

Comment :

Object : C:\Program\PerfectNav

 

eUniverse Object Recognized!

Type : File

Data : PerfectNav150c.dll

Category : Data Miner

Comment :

Object : C:\Program\perfectnav\bho FileVersion : 1, 5, 0, 0

ProductVersion : 1, 5, 0, 0

ProductName : BHO Module

FileDescription : BHO Module

InternalName : BHO

LegalCopyright : Copyright 2003

OriginalFilename : BHO.DLL

 

 

ExactSearchBar Object Recognized!

Type : RegValue

Data :

Category : Data Miner

Comment :

Rootkey : HKEY_CURRENT_USER

Object : software\microsoft\internet explorer\toolbar\webbrowser

Value : {224530A0-C9CB-4AEE-9C0F-54AC1B533211}

 

ExactSearchBar Object Recognized!

Type : RegValue

Data :

Category : Data Miner

Comment :

Rootkey : HKEY_LOCAL_MACHINE

Object : software\microsoft\internet explorer\toolbar

Value : {224530A0-C9CB-4AEE-9C0F-54AC1B533211}

 

ExactSearchBar Object Recognized!

Type : Folder

Category : Data Miner

Comment :

Object : C:\Program\eXact

 

ExactSearchBar Object Recognized!

Type : File

Data : buttons.xml

Category : Data Miner

Comment :

Object : C:\Program\exact

 

 

ExactSearchBar Object Recognized!

Type : File

Data : CloseWindow.exe

Category : Data Miner

Comment :

Object : C:\Program\exact

 

 

ExactSearchBar Object Recognized!

Type : File

Data : engines.xml

Category : Data Miner

Comment :

Object : C:\Program\exact

 

 

ExactSearchBar Object Recognized!

Type : File

Data : exactlog.txt

Category : Data Miner

Comment :

Object : C:\Program\exact

 

 

ExactSearchBar Object Recognized!

Type : File

Data : eXactToolbar.dll

Category : Data Miner

Comment :

Object : C:\Program\exact FileVersion : 0, 0, 0, 0

ProductName : eXactToolbar

CompanyName : Pattern Discovery Software

FileDescription : eXactToolbar

InternalName : eXactToolbar

LegalCopyright : Copyright © 2002

OriginalFilename : eXactToolbar.dll

 

 

ExactSearchBar Object Recognized!

Type : File

Data : exacttoolbar00067.dll

Category : Data Miner

Comment :

Object : C:\Program\exact FileVersion : 0, 0, 0, 0

ProductName : eXactToolbar

CompanyName : Pattern Discovery Software

FileDescription : eXactToolbar

InternalName : eXactToolbar

LegalCopyright : Copyright © 2002

OriginalFilename : eXactToolbar.dll

 

 

ExactSearchBar Object Recognized!

Type : File

Data : exacttoolbar00068.dll

Category : Data Miner

Comment :

Object : C:\Program\exact FileVersion : 0, 0, 0, 0

ProductName : eXactToolbar

CompanyName : Pattern Discovery Software

FileDescription : eXactToolbar

InternalName : eXactToolbar

LegalCopyright : Copyright © 2002

OriginalFilename : eXactToolbar.dll

 

 

ExactSearchBar Object Recognized!

Type : File

Data : exactUpdate.exe

Category : Data Miner

Comment :

Object : C:\Program\exact FileVersion : 0, 0, 6, 0

ProductVersion : 0, 0, 6, 0

ProductName : ExactUpdate

CompanyName : Pattern Discovery Software Systems Ltd.

FileDescription : ExactUpdate

InternalName : ExactUpdate

LegalCopyright : Copyright © 2002 Pattern Discovery Software

OriginalFilename : exactUpdate.exe

Comments : Contains Free License for UniquE RAR File Library © 2000-2002 by Christian Scheurer (www.ChristianScheurer.ch)

 

 

ExactSearchBar Object Recognized!

Type : File

Data : exactupdate00136.exe

Category : Data Miner

Comment :

Object : C:\Program\exact FileVersion : 0, 0, 6, 0

ProductVersion : 0, 0, 6, 0

ProductName : ExactUpdate

CompanyName : Pattern Discovery Software Systems Ltd.

FileDescription : ExactUpdate

InternalName : ExactUpdate

LegalCopyright : Copyright © 2002 Pattern Discovery Software

OriginalFilename : exactUpdate.exe

Comments : Contains Free License for UniquE RAR File Library © 2000-2002 by Christian Scheurer (www.ChristianScheurer.ch)

 

 

ExactSearchBar Object Recognized!

Type : File

Data : exactupdateguid.txt

Category : Data Miner

Comment :

Object : C:\Program\exact

 

 

ExactSearchBar Object Recognized!

Type : File

Data : INSTALL.LOG

Category : Data Miner

Comment :

Object : C:\Program\exact

 

 

ExactSearchBar Object Recognized!

Type : File

Data : mg03025.bmp

Category : Data Miner

Comment :

Object : C:\Program\exact

 

 

ExactSearchBar Object Recognized!

Type : File

Data : mg03025.xml

Category : Data Miner

Comment :

Object : C:\Program\exact

 

 

ExactSearchBar Object Recognized!

Type : File

Data : mg03025a.rar

Category : Data Miner

Comment :

Object : C:\Program\exact

 

 

ExactSearchBar Object Recognized!

Type : File

Data : mg03026.bmp

Category : Data Miner

Comment :

Object : C:\Program\exact

 

 

ExactSearchBar Object Recognized!

Type : File

Data : mg03026.xml

Category : Data Miner

Comment :

Object : C:\Program\exact

 

 

ExactSearchBar Object Recognized!

Type : File

Data : mg03026a.rar

Category : Data Miner

Comment :

Object : C:\Program\exact

 

 

ExactSearchBar Object Recognized!

Type : File

Data : mg03027.bmp

Category : Data Miner

Comment :

Object : C:\Program\exact

 

 

ExactSearchBar Object Recognized!

Type : File

Data : mg03027.xml

Category : Data Miner

Comment :

Object : C:\Program\exact

 

 

ExactSearchBar Object Recognized!

Type : File

Data : mg03027a.rar

Category : Data Miner

Comment :

Object : C:\Program\exact

 

 

ExactSearchBar Object Recognized!

Type : File

Data : mg03028.bmp

Category : Data Miner

Comment :

Object : C:\Program\exact

 

 

ExactSearchBar Object Recognized!

Type : File

Data : mg03028.xml

Category : Data Miner

Comment :

Object : C:\Program\exact

 

 

ExactSearchBar Object Recognized!

Type : File

Data : mg03028a.rar

Category : Data Miner

Comment :

Object : C:\Program\exact

 

 

ExactSearchBar Object Recognized!

Type : File

Data : mg03030.bmp

Category : Data Miner

Comment :

Object : C:\Program\exact

 

 

ExactSearchBar Object Recognized!

Type : File

Data : mg03030.xml

Category : Data Miner

Comment :

Object : C:\Program\exact

 

 

ExactSearchBar Object Recognized!

Type : File

Data : mg03030a.rar

Category : Data Miner

Comment :

Object : C:\Program\exact

 

 

ExactSearchBar Object Recognized!

Type : File

Data : mg03031.bmp

Category : Data Miner

Comment :

Object : C:\Program\exact

 

 

ExactSearchBar Object Recognized!

Type : File

Data : mg03031.xml

Category : Data Miner

Comment :

Object : C:\Program\exact

 

 

ExactSearchBar Object Recognized!

Type : File

Data : mg03031a.rar

Category : Data Miner

Comment :

Object : C:\Program\exact

 

 

ExactSearchBar Object Recognized!

Type : File

Data : mg03032.bmp

Category : Data Miner

Comment :

Object : C:\Program\exact

 

 

ExactSearchBar Object Recognized!

Type : File

Data : mg03032.xml

Category : Data Miner

Comment :

Object : C:\Program\exact

 

 

ExactSearchBar Object Recognized!

Type : File

Data : mg03032a.rar

Category : Data Miner

Comment :

Object : C:\Program\exact

 

 

ExactSearchBar Object Recognized!

Type : File

Data : mg03033.bmp

Category : Data Miner

Comment :

Object : C:\Program\exact

 

 

ExactSearchBar Object Recognized!

Type : File

Data : mg03033.xml

Category : Data Miner

Comment :

Object : C:\Program\exact

 

 

ExactSearchBar Object Recognized!

Type : File

Data : mg03033a.rar

Category : Data Miner

Comment :

Object : C:\Program\exact

 

 

ExactSearchBar Object Recognized!

Type : File

Data : mg03034.bmp

Category : Data Miner

Comment :

Object : C:\Program\exact

 

 

ExactSearchBar Object Recognized!

Type : File

Data : mg03034.xml

Category : Data Miner

Comment :

Object : C:\Program\exact

 

 

ExactSearchBar Object Recognized!

Type : File

Data : mg03034a.rar

Category : Data Miner

Comment :

Object : C:\Program\exact

 

 

ExactSearchBar Object Recognized!

Type : File

Data : mg10000.bmp

Category : Data Miner

Comment :

Object : C:\Program\exact

 

 

ExactSearchBar Object Recognized!

Type : File

Data : mg10000.xml

Category : Data Miner

Comment :

Object : C:\Program\exact

 

 

ExactSearchBar Object Recognized!

Type : File

Data : mg10000a.rar

Category : Data Miner

Comment :

Object : C:\Program\exact

 

 

ExactSearchBar Object Recognized!

Type : File

Data : msg_log.txt

Category : Data Miner

Comment :

Object : C:\Program\exact

 

 

ExactSearchBar Object Recognized!

Type : File

Data : poplinks.xml

Category : Data Miner

Comment :

Object : C:\Program\exact

 

 

ExactSearchBar Object Recognized!

Type : File

Data : popularlinks.reg

Category : Data Miner

Comment :

Object : C:\Program\exact

 

 

ExactSearchBar Object Recognized!

Type : File

Data : UNWISE.EXE

Category : Data Miner

Comment :

Object : C:\Program\exact

 

 

ExactSearchBar Object Recognized!

Type : File

Data : wipe.reg

Category : Data Miner

Comment :

Object : C:\Program\exact

 

 

MagicControl Object Recognized!

Type : Regkey

Data :

Category : Data Miner

Comment :

Rootkey : HKEY_CURRENT_USER

Object : software\mc

 

MagicControl Object Recognized!

Type : Folder

Category : Data Miner

Comment :

Object : C:\WINDOWS\mslagent

 

MagicControl Object Recognized!

Type : File

Data : msegcompid.dll

Category : Data Miner

Comment :

Object : C:\WINDOWS\System32

 

 

MagicControl Object Recognized!

Type : File

Data : 2_1,0,3,7_mslagent.dll

Category : Data Miner

Comment :

Object : C:\WINDOWS\mslagent

 

 

MagicControl Object Recognized!

Type : File

Data : 3_1,0,1,4_mslagent.dll

Category : Data Miner

Comment :

Object : C:\WINDOWS\mslagent FileVersion : 1, 0, 1, 4

ProductVersion : 1, 0, 1, 4

ProductName : 3_mslagent Module

FileDescription : 3_mslagent Module

InternalName : 3_mslagent

LegalCopyright : Copyright 2002

OriginalFilename : 3_mslagent.dll

 

 

MagicControl Object Recognized!

Type : File

Data : 4a_1,0,2,9_mslagent.dll

Category : Data Miner

Comment :

Object : C:\WINDOWS\mslagent FileVersion : 1, 0, 2, 9

ProductVersion : 1, 0, 2, 9

ProductName : 4a_mslagent

CompanyName : mslagent

FileDescription : 4a_mslagent

InternalName : 4a_mslagent

LegalCopyright : Copyright © 2004

OriginalFilename : 4a_mslagent.dll

 

 

MagicControl Object Recognized!

Type : File

Data : 4b_1,0,1,2_mslagent.dll

Category : Data Miner

Comment :

Object : C:\WINDOWS\mslagent FileVersion : 1, 0, 1, 2

ProductVersion : 1, 0, 1, 2

ProductName : 4b_mslagent Module

FileDescription : 4b_mslagent

InternalName : 4b_mslagent

LegalCopyright : Copyright 2003

OriginalFilename : 4b_mslagent.dll

 

 

MagicControl Object Recognized!

Type : File

Data : 7_1,0,0,3_mslagent.dll

Category : Data Miner

Comment :

Object : C:\WINDOWS\mslagent FileVersion : 1, 0, 0, 3

ProductVersion : 1, 0, 0, 3

ProductName : 7_mslagent.dll Module

FileDescription : 7_mslagent.dll Module

InternalName : 7_mslagent

LegalCopyright : Copyright 2003

OriginalFilename : 7_mslagent.dll

 

 

MagicControl Object Recognized!

Type : File

Data : 8_1,0,0,2_mslagent.dll

Category : Data Miner

Comment :

Object : C:\WINDOWS\mslagent FileVersion : 1, 0, 0, 2

ProductVersion : 1, 0, 0, 2

ProductName : 8_mslagent Module

FileDescription : 8_mslagent Module

InternalName : 8_mslagent

LegalCopyright : Copyright 2004

OriginalFilename : 8_mslagent.DLL

 

 

MagicControl Object Recognized!

Type : File

Data : acknowledged.mc2

Category : Data Miner

Comment :

Object : C:\WINDOWS\mslagent

 

 

MagicControl Object Recognized!

Type : File

Data : CompManagerPersist.mc2

Category : Data Miner

Comment :

Object : C:\WINDOWS\mslagent

 

 

MagicControl Object Recognized!

Type : File

Data : mslagent.exe

Category : Data Miner

Comment :

Object : C:\WINDOWS\mslagent FileVersion : 1, 0, 2, 8

ProductVersion : 1, 0, 2, 8

ProductName : mslagent

FileDescription : mslagent

InternalName : mslagent

LegalCopyright : Copyright © 2002

OriginalFilename : mslagent.exe

 

 

MagicControl Object Recognized!

Type : File

Data : NaviPersist.mc2

Category : Data Miner

Comment :

Object : C:\WINDOWS\mslagent

 

 

MagicControl Object Recognized!

Type : File

Data : NaviPromo.mc2

Category : Data Miner

Comment :

Object : C:\WINDOWS\mslagent

 

 

MagicControl Object Recognized!

Type : File

Data : OrderPersist.mc2

Category : Data Miner

Comment :

Object : C:\WINDOWS\mslagent

 

 

MagicControl Object Recognized!

Type : File

Data : TimePersist

Category : Data Miner

Comment :

Object : C:\WINDOWS\mslagent

 

 

MagicControl Object Recognized!

Type : File

Data : uninstall.exe

Category : Data Miner

Comment :

Object : C:\WINDOWS\mslagent FileVersion : 1, 0, 2, 8

ProductVersion : 1, 0, 2, 8

ProductName : mslagent

FileDescription : mslagent

InternalName : mslagent

LegalCopyright : Copyright © 2002

OriginalFilename : mslagent.exe

 

 

MyWay.Speedbar Object Recognized!

Type : Regkey

Data :

Category : Misc

Comment :

Rootkey : HKEY_LOCAL_MACHINE

Object : software\myway

 

MyWay.Speedbar Object Recognized!

Type : Folder

Category : Misc

Comment :

Object : C:\Program\MyWay

 

MyWay.Speedbar Object Recognized!

Type : Folder

Category : Misc

Comment :

Object : C:\Program\myway\myBar

 

MyWay.Speedbar Object Recognized!

Type : File

Data : MY2NS.EXE

Category : Misc

Comment :

Object : C:\Program\myway\mybar\1.bin

 

 

MyWay.Speedbar Object Recognized!

Type : File

Data : MYWAYPLUGINPROXY.CLASS

Category : Misc

Comment :

Object : C:\Program\myway\mybar\1.bin

 

 

MyWay.Speedbar Object Recognized!

Type : File

Data : NPMYWAY.DLL

Category : Misc

Comment :

Object : C:\Program\myway\mybar\1.bin FileVersion : 1, 0, 1, 1

ProductVersion : 1, 0, 1, 1

ProductName : My Way Plugin

CompanyName : My Way

FileDescription : My Way Plugin for 32-bit Windows

InternalName : MyWayPlugin

LegalCopyright : Copyright © 2000, 2001, 2002

OriginalFilename : NPMyWay.DLL

 

 

MyWay.Speedbar Object Recognized!

Type : File

Data : PARTNER.BMP

Category : Misc

Comment :

Object : C:\Program\myway\mybar\1.bin

 

 

MyWay.Speedbar Object Recognized!

Type : File

Data : PARTNER.DAT

Category : Misc

Comment :

Object : C:\Program\myway\mybar\1.bin

 

 

MyWay.Speedbar Object Recognized!

Type : File

Data : PARTNER2.DAT

Category : Misc

Comment :

Object : C:\Program\myway\mybar\1.bin

 

 

MyWay.Speedbar Object Recognized!

Type : File

Data : PARTNER3.DAT

Category : Misc

Comment :

Object : C:\Program\myway\mybar\1.bin

 

 

MyWay.Speedbar Object Recognized!

Type : File

Data : PARTNER4.DAT

Category : Misc

Comment :

Object : C:\Program\myway\mybar\1.bin

 

 

MyWay.Speedbar Object Recognized!

Type : File

Data : PARTNER5.DAT

Category : Misc

Comment :

Object : C:\Program\myway\mybar\1.bin

 

 

MyWay.Speedbar Object Recognized!

Type : File

Data : PARTNER6.DAT

Category : Misc

Comment :

Object : C:\Program\myway\mybar\1.bin

 

 

NavExcel Object Recognized!

Type : Regkey

Data :

Category : Malware

Comment :

Rootkey : HKEY_CLASSES_ROOT

Object : appid\nhelper.dll

 

NavExcel Object Recognized!

Type : Folder

Category : Malware

Comment :

Object : C:\Program\NavExcel

 

NavExcel Object Recognized!

Type : Folder

Category : Malware

Comment :

Object : C:\Program\navexcel\NavHelper

 

WhenU Object Recognized!

Type : Regkey

Data :

Category : Data Miner

Comment :

Rootkey : HKEY_CURRENT_USER

Object : software\whenu

 

WhenU Object Recognized!

Type : Folder

Category : Data Miner

Comment :

Object : C:\Program\ClockSync

 

WhenU Object Recognized!

Type : Folder

Category : Data Miner

Comment :

Object : C:\Program\Save

 

WhenU Object Recognized!

Type : Folder

Category : Data Miner

Comment :

Object : C:\Documents and Settings\Marie Nilsson\Start-meny\Program\ClockSync

 

WhenU Object Recognized!

Type : Folder

Category : Data Miner

Comment :

Object : C:\Documents and Settings\Marie Nilsson\Start-meny\Program\WeatherCast

 

WhenU Object Recognized!

Type : File

Data : Sync.exe

Category : Data Miner

Comment :

Object : C:\Program\clocksync FileVersion : 1, 0, 1, 62

ProductVersion : 1, 0, 1, 62

ProductName : ClockSync

FileDescription : ClockSync

InternalName : TEST1

LegalCopyright : Copyright 2003 WhenU, Inc.

OriginalFilename : ClockSync.exe

 

 

WhenU Object Recognized!

Type : File

Data : Uninst.exe

Category : Data Miner

Comment :

Object : C:\Program\clocksync FileVersion : 1, 0, 0, 1

ProductVersion : 1, 0, 0, 1

ProductName : ClockSync Uninstall

FileDescription : ClockSync Uninstall Program

InternalName : ClockSync Uninstall Program

LegalCopyright : Copyright 2003 WhenU, Inc.

OriginalFilename : Uninst.exe

 

 

WhenU Object Recognized!

Type : File

Data : ReadMe.txt

Category : Data Miner

Comment :

Object : C:\Program\save

 

 

WhenU Object Recognized!

Type : File

Data : save.db

Category : Data Miner

Comment :

Object : C:\Program\save

 

 

WhenU Object Recognized!

Type : File

Data : save.htm

Category : Data Miner

Comment :

Object : C:\Program\save

 

 

WhenU Object Recognized!

Type : File

Data : SaveUninst.exe

Category : Data Miner

Comment :

Object : C:\Program\save FileVersion : 2, 6, 2, 4

ProductVersion : 2, 6, 2, 4

ProductName : Save! Uninstall

CompanyName : WhenU.com, Inc.

FileDescription : Save! Uninstall

InternalName : SaveUninst

LegalCopyright : Copyright 2001

OriginalFilename : SaveUninst.exe

 

 

WhenU Object Recognized!

Type : File

Data : store.db

Category : Data Miner

Comment :

Object : C:\Program\save

 

 

WhenU Object Recognized!

Type : File

Data : ClockSync.lnk

Category : Data Miner

Comment :

Object : C:\Documents and Settings\Marie Nilsson\Start-meny\Program\clocksync

 

 

Dialer Object Recognized!

Type : File

Data : kazaa-download-accelerator-lite.exe

Category : Dialer

Comment : Webdialer

Object : C:\Documents and Settings\Marie Nilsson\Skrivbord

 

 

WhenU Object Recognized!

Type : File

Data : ClockSync.lnk

Category : Data Miner

Comment : Shortcut to bad file : C:\Documents and Settings\Marie Nilsson\Start-meny\Program\ClockSync\ClockSync.lnk

Object : C:\Documents and Settings\Marie Nilsson\Start-meny\Program\ClockSync

 

 

Conditional scan result:

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

New critical objects: 142

Objects found so far: 420

 

11:00:07 Scan Complete

 

Summary Of This Scan

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Total scanning time:00:01:02.297

Objects scanned:68398

Objects identified:390

Objects ignored:0

New critical objects:390[/log]

OK?/marni

 

 

[inlägget ändrat 2004-10-28 14:02:04 av Erik Junesjö]

Dela detta inlägg


Länk till inlägg
Dela på andra webbplatser

Ursäkta mig, men jag kan ju nästan inget och jag frågade hur man skulle göra. Trodde att jag gjorde rätt! Hur tar jag bort detta?/Marni

 

Dela detta inlägg


Länk till inlägg
Dela på andra webbplatser

Ursäkta mig, men jag kan ju nästan inget och jag frågade hur man skulle göra. Trodde att jag gjorde rätt! Hur tar jag bort detta?/Marni

 

Dela detta inlägg


Länk till inlägg
Dela på andra webbplatser

Blevv visst en hel del. :)

 

Tror det enklast är att du går tillbaka till sökresultatet i Ad-aware, högerklickar och väljer Select all. Sedan klickar du på Continue.

 

Dela detta inlägg


Länk till inlägg
Dela på andra webbplatser

Fick meddelande:

some objects could not be removed. Try closing all open browser windows prior to the removal. If it does not help, reboot and run Ad-Aware again.

c:\WINDOWS\mslagent\2_1,0,3,7_mslagent.dll

c:\WINDOWS\mslagent\4a_1,0,2,9_mslagent.dll

c:\WINDOWS\mslagent\8_1,0,0,2mslagent.dll

Do you want ti let Ad-Aware remove them after the next reboot

Ska jag svar OK eller cancel?/Marni

 

Dela detta inlägg


Länk till inlägg
Dela på andra webbplatser

Du ser ut att ha en gammal version av Ad-aware 1.03 och inte 1.05. Kolla här:

 

http://lavasoft.element5.com/swedish/support/download/

Avinstallera den gamla innan du installerar den nya.

 

Med den nya versionen låter du Ad-aware ta bort allt otyg den hittar.

Starta om och kör Ad-aware igen, rensa igen om det behövs.

När den inte hittar mer ta ut en ny logg men denna gång lägg in den på följande sätt:

Tryck på LOG-rutan(knappen) i Besvara-fönstret

Klistra in loggen

Tryck på LOG-rutan igen

 

Sedan tar du hem HijackThis, lägger HijackThis.exe i sin egen mapp, skannar, sparar loggen och lägger ut även den här (på samma sätt som Ad-aware-loggen). HijackThis hittar du här:

http://www.spywareinfo.com/~merijn/downloads.html

 

 

Dela detta inlägg


Länk till inlägg
Dela på andra webbplatser

För det första se mitt inlägg 12.20 angående version av Ad-aware.

 

Om du med den nya versionen får samma meddelanden svarar du OK, mslagent är en säkerhetsrisk. Se till att stänga så många program och fönster som möjligt innan du kör Ad-aware.

 

 

Dela detta inlägg


Länk till inlägg
Dela på andra webbplatser

[log]

Lavasoft Ad-Aware Personal Build 1.03

Logfile created on:den 28 oktober 2004 13:33:38

Created with Ad-Aware SE Personal, free for private use.

Using definitions file:SE1R15 26.10.2004

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

 

References detected during the scan:

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

MRU List(TAC index:0):26 total references

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

 

Ad-Aware Settings

===========================

Set : Search for negligible risk entries

Set : Safe mode (always request confirmation)

Set : Scan active processes

Set : Scan registry

Set : Deep-scan registry

Set : Scan my IE Favorites for banned URLs

Set : Scan my Hosts file

 

Extended Ad-Aware Settings

===========================

Set : Unload recognized processes & modules during scan

Set : Scan registry for all users instead of current user only

Set : Always try to unload modules before deletion

Set : During removal, unload Explorer and IE if necessary

Set : Let Windows remove files in use at next reboot

Set : Delete quarantined objects after restoring

Set : Include basic Ad-Aware settings in log file

Set : Include additional Ad-Aware settings in log file

Set : Include reference summary in log file

Set : Backup current definitions file before updating

Set : Play sound at scan completion if scan locates critical objects

 

 

2004-10-28 13:33:38 - Scan started. (Smart mode)

 

Listing running processes

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

 

#:1 [smss.exe]

FilePath : \SystemRoot\System32 ProcessID : 628

ThreadCreationTime : 2004-10-28 11:33:08

BasePriority : Normal

 

 

#:2 [csrss.exe]

FilePath : \??\C:\WINDOWS\system32 ProcessID : 680

ThreadCreationTime : 2004-10-28 11:33:10

BasePriority : Normal

 

 

#:3 [winlogon.exe]

FilePath : \??\C:\WINDOWS\system32 ProcessID : 704

ThreadCreationTime : 2004-10-28 11:33:11

BasePriority : High

 

 

#:4 [services.exe]

FilePath : C:\WINDOWS\system32 ProcessID : 748

ThreadCreationTime : 2004-10-28 11:33:11

BasePriority : Normal

FileVersion : 5.1.2600.0 (xpclient.010817-1148)

ProductVersion : 5.1.2600.0

ProductName : Operativsystemet Microsoft® Windows®

CompanyName : Microsoft Corporation

FileDescription : Tjänst- och styrenhetsprogram

InternalName : services.exe

LegalCopyright : © Microsoft Corporation. Med ensamrätt.

OriginalFilename : services.exe

 

#:5 [lsass.exe]

FilePath : C:\WINDOWS\system32 ProcessID : 760

ThreadCreationTime : 2004-10-28 11:33:11

BasePriority : Normal

FileVersion : 5.1.2600.1106 (xpsp1.020828-1920)

ProductVersion : 5.1.2600.1106

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : LSA Shell (Export Version)

InternalName : lsass.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : lsass.exe

 

#:6 [ati2evxx.exe]

FilePath : C:\WINDOWS\System32 ProcessID : 952

ThreadCreationTime : 2004-10-28 11:33:11

BasePriority : Normal

 

 

#:7 [svchost.exe]

FilePath : C:\WINDOWS\system32 ProcessID : 976

ThreadCreationTime : 2004-10-28 11:33:11

BasePriority : Normal

FileVersion : 5.1.2600.0 (xpclient.010817-1148)

ProductVersion : 5.1.2600.0

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Generic Host Process for Win32 Services

InternalName : svchost.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : svchost.exe

 

#:8 [svchost.exe]

FilePath : C:\WINDOWS\System32 ProcessID : 1080

ThreadCreationTime : 2004-10-28 11:33:11

BasePriority : Normal

FileVersion : 5.1.2600.0 (xpclient.010817-1148)

ProductVersion : 5.1.2600.0

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Generic Host Process for Win32 Services

InternalName : svchost.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : svchost.exe

 

#:9 [svchost.exe]

FilePath : C:\WINDOWS\System32 ProcessID : 1220

ThreadCreationTime : 2004-10-28 11:33:11

BasePriority : Normal

FileVersion : 5.1.2600.0 (xpclient.010817-1148)

ProductVersion : 5.1.2600.0

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Generic Host Process for Win32 Services

InternalName : svchost.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : svchost.exe

 

#:10 [svchost.exe]

FilePath : C:\WINDOWS\System32 ProcessID : 1280

ThreadCreationTime : 2004-10-28 11:33:11

BasePriority : Normal

FileVersion : 5.1.2600.0 (xpclient.010817-1148)

ProductVersion : 5.1.2600.0

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Generic Host Process for Win32 Services

InternalName : svchost.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : svchost.exe

 

#:11 [ccsetmgr.exe]

FilePath : C:\Program\Delade filer\Symantec Shared ProcessID : 1344

ThreadCreationTime : 2004-10-28 11:33:12

BasePriority : Normal

FileVersion : 2.0.0.635

ProductVersion : 2.0.0.635

ProductName : Common Client

CompanyName : Symantec Corporation

FileDescription : Common Client Settings Manager Service

InternalName : ccSetMgr

LegalCopyright : Copyright © 2000-2003 Symantec Corporation. All rights reserved.

OriginalFilename : ccSetMgr.exe

 

#:12 [ccevtmgr.exe]

FilePath : C:\Program\Delade filer\Symantec Shared ProcessID : 1432

ThreadCreationTime : 2004-10-28 11:33:12

BasePriority : Normal

FileVersion : 2.0.0.635

ProductVersion : 2.0.0.635

ProductName : Common Client

CompanyName : Symantec Corporation

FileDescription : Common Client Event Manager Service

InternalName : ccEvtMgr

LegalCopyright : Copyright © 2000-2003 Symantec Corporation. All rights reserved.

OriginalFilename : ccEvtMgr.exe

 

#:13 [spoolsv.exe]

FilePath : C:\WINDOWS\system32 ProcessID : 1628

ThreadCreationTime : 2004-10-28 11:33:12

BasePriority : Normal

FileVersion : 5.1.2600.0 (XPClient.010817-1148)

ProductVersion : 5.1.2600.0

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Spooler SubSystem App

InternalName : spoolsv.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : spoolsv.exe

 

#:14 [ctsvccda.exe]

FilePath : C:\WINDOWS\System32 ProcessID : 1756

ThreadCreationTime : 2004-10-28 11:33:13

BasePriority : Normal

FileVersion : 1.0.1.0

ProductVersion : 1.0.0.0

ProductName : Creative Service for CDROM Access

CompanyName : Creative Technology Ltd

FileDescription : Creative Service for CDROM Access

InternalName : CTsvcCDAEXE

LegalCopyright : Copyright © Creative Technology Ltd., 1999. All rights reserved.

OriginalFilename : CTsvcCDA.EXE

 

#:15 [sagent2.exe]

FilePath : C:\Program\Delade filer\EPSON\EBAPI ProcessID : 1780

ThreadCreationTime : 2004-10-28 11:33:13

BasePriority : Normal

FileVersion : 2, 3, 0, 0

ProductVersion : 1, 0, 0, 0

ProductName : EPSON Bidirectional Printer

CompanyName : SEIKO EPSON CORPORATION

FileDescription : EPSON Printer Status Agent

InternalName : SAgent2

LegalCopyright : Copyright © SEIKO EPSON CORP. 2000-2001

OriginalFilename : SAgent2.exe

 

#:16 [navapsvc.exe]

FilePath : C:\Program\Norton AntiVirus ProcessID : 1844

ThreadCreationTime : 2004-10-28 11:33:13

BasePriority : Normal

FileVersion : 10.00.2

ProductVersion : 10.00.2

ProductName : Norton AntiVirus

CompanyName : Symantec Corporation

FileDescription : Norton AntiVirus Auto-Protect Service

InternalName : NAVAPSVC

LegalCopyright : Norton AntiVirus 2004 for Windows 98/ME/2000/XP Copyright © 2003 Symantec Corporation. All rights reserved.

OriginalFilename : NAVAPSVC.EXE

 

#:17 [mspmspsv.exe]

FilePath : C:\WINDOWS\System32 ProcessID : 2032

ThreadCreationTime : 2004-10-28 11:33:14

BasePriority : Normal

FileVersion : 7.00.00.1954

ProductVersion : 7.00.00.1954

ProductName : Microsoft ® DRM

CompanyName : Microsoft Corporation

FileDescription : WMDM PMSP Service

InternalName : MSPMSPSV.EXE

LegalCopyright : Copyright © Microsoft Corp. 1981-2000

OriginalFilename : MSPMSPSV.EXE

 

#:18 [wuauclt.exe]

FilePath : C:\WINDOWS\System32 ProcessID : 296

ThreadCreationTime : 2004-10-28 11:33:14

BasePriority : Normal

FileVersion : 5.4.3790.2182 built by: srv03_rtm(ntvbl04)

ProductVersion : 5.4.3790.2182

ProductName : Operativsystemet Microsoft® Windows®

CompanyName : Microsoft Corporation

FileDescription : Automatiska uppdateringar

InternalName : wuauclt.exe

LegalCopyright : © Microsoft Corporation. Med ensamrätt.

OriginalFilename : wuauclt.exe

 

#:19 [savscan.exe]

FilePath : C:\Program\Norton AntiVirus ProcessID : 408

ThreadCreationTime : 2004-10-28 11:33:15

BasePriority : Normal

FileVersion : 9.2.1.14

ProductVersion : 9.2

ProductName : Symantec AntiVirus AutoProtect

CompanyName : Symantec Corporation

FileDescription : Symantec AntiVirus Scanner

InternalName : SAVSCAN

LegalCopyright : Copyright © 2003 Symantec Corporation

OriginalFilename : SAVSCAN.EXE

 

#:20 [userinit.exe]

FilePath : C:\WINDOWS\system32 ProcessID : 896

ThreadCreationTime : 2004-10-28 11:33:17

BasePriority : Normal

FileVersion : 5.1.2600.1106 (xpsp1.020828-1920)

ProductVersion : 5.1.2600.1106

ProductName : Operativsystemet Microsoft® Windows®

CompanyName : Microsoft Corporation

FileDescription : Inloggningsprogrammet Userinit

InternalName : userinit

LegalCopyright : © Microsoft Corporation. Med ensamrätt.

OriginalFilename : USERINIT.EXE

 

#:21 [explorer.exe]

FilePath : C:\WINDOWS ProcessID : 1008

ThreadCreationTime : 2004-10-28 11:33:18

BasePriority : Normal

FileVersion : 6.00.2800.1106 (xpsp1.020828-1920)

ProductVersion : 6.00.2800.1106

ProductName : Operativsystemet Microsoft® Windows®

CompanyName : Microsoft Corporation

FileDescription : Utforskaren

InternalName : explorer

LegalCopyright : © Microsoft Corporation. Med ensamrätt.

OriginalFilename : EXPLORER.EXE

 

#:22 [ctsysvol.exe]

FilePath : C:\Program\Creative\SBAudigy2\Surround Mixer ProcessID : 1236

ThreadCreationTime : 2004-10-28 11:33:19

BasePriority : Normal

FileVersion : 1.1.3.0

ProductVersion : 1.0.0.0

ProductName : Creative Volume Control

CompanyName : Creative Technology Ltd

FileDescription : CTSysVol.exe

LegalCopyright : Copyright © Creative Technology Ltd., 2002. All rights reserved.

OriginalFilename : CTSysVol.exe

 

#:23 [ctdvddet.exe]

FilePath : C:\Program\Creative\SBAudigy2\DVDAudio ProcessID : 1232

ThreadCreationTime : 2004-10-28 11:33:19

BasePriority : Normal

FileVersion : 1.0.2.0

ProductVersion : 1.0.2.0

ProductName : CTDVDDET

CompanyName : Creative Technology Ltd

FileDescription : CTDVDDET

InternalName : CTDVDDET

LegalCopyright : Copyright © Creative Technology Ltd., 2002. All rights reserved.

OriginalFilename : CTDVDDET.EXE

 

#:24 [cthelper.exe]

FilePath : C:\WINDOWS\System32 ProcessID : 1328

ThreadCreationTime : 2004-10-28 11:33:19

BasePriority : Normal

FileVersion : 1, 0, 0, 11

ProductVersion : 1, 0, 0, 11

ProductName : CtHelper Application

CompanyName : Creative Technology Ltd

FileDescription : CtHelper MFC Application

InternalName : CtHelper

LegalCopyright : Copyright © 2002

OriginalFilename : CtHelper.EXE

 

#:25 [tfswctrl.exe]

FilePath : C:\WINDOWS\system32\dla ProcessID : 1728

ThreadCreationTime : 2004-10-28 11:33:19

BasePriority : Normal

FileVersion : 1.04.05b

CompanyName : Sonic Solutions

FileDescription : Drive Letter Access Component

LegalCopyright : Copyright © 2003 Sonic Solutions

 

#:26 [sgtray.exe]

FilePath : C:\Program\Delade filer\Sonic\Update Manager ProcessID : 1720

ThreadCreationTime : 2004-10-28 11:33:19

BasePriority : Normal

FileVersion : 1.01.11a

CompanyName : Sonic Solutions

FileDescription : Sonic Update Manager

LegalCopyright : Copyright © 2002 Sonic Solutions

 

#:27 [ccapp.exe]

FilePath : C:\Program\Delade filer\Symantec Shared ProcessID : 1804

ThreadCreationTime : 2004-10-28 11:33:19

BasePriority : Normal

FileVersion : 2.0.0.635

ProductVersion : 2.0.0.635

ProductName : Common Client

CompanyName : Symantec Corporation

FileDescription : Symantec Common Client User Session

InternalName : ccApp

LegalCopyright : Copyright © 2000-2003 Symantec Corporation. All rights reserved.

OriginalFilename : ccApp.exe

 

#:28 [bcmsmmsg.exe]

FilePath : C:\WINDOWS ProcessID : 1824

ThreadCreationTime : 2004-10-28 11:33:19

BasePriority : Normal

FileVersion : 3.5.24 02/24/2003 18:29:41

ProductVersion : 3.5.24 02/24/2003 18:29:41

ProductName : BCM Modem Messaging Applet

CompanyName : Broadcom Corporation

FileDescription : Modem Messaging Applet

InternalName : smdmstat.exe

LegalCopyright : Copyright © Broadcom Corporation 1998-2000

OriginalFilename : smdmstat.exe

 

#:29 [e_s10ic2.exe]

FilePath : C:\WINDOWS\System32\spool\DRIVERS\W32X86\3 ProcessID : 1984

ThreadCreationTime : 2004-10-28 11:33:19

BasePriority : Normal

FileVersion : 3.06

ProductVersion : 3.06

ProductName : EPSON Status Monitor 3

CompanyName : SEIKO EPSON CORPORATION

FileDescription : EPSON Status Monitor 3

InternalName : E_S10IC2

LegalCopyright : Copyright © SEIKO EPSON CORP. 2002

OriginalFilename : E_S10IC2.EXE

 

#:30 [jusched.exe]

FilePath : C:\Program\Java\j2re1.4.2_03\bin ProcessID : 1996

ThreadCreationTime : 2004-10-28 11:33:19

BasePriority : Normal

 

 

#:31 [realsched.exe]

FilePath : C:\Program\Delade filer\Real\Update_OB ProcessID : 2060

ThreadCreationTime : 2004-10-28 11:33:20

BasePriority : Normal

FileVersion : 0.1.0.1622

ProductVersion : 0.1.0.1622

ProductName : RealOne Player (32-bit)

CompanyName : RealNetworks, Inc.

FileDescription : RealNetworks Scheduler

InternalName : schedapp

LegalCopyright : Copyright © RealNetworks, Inc. 1995-2002

LegalTrademarks : RealAudio is a trademark of RealNetworks, Inc.

OriginalFilename : realsched.exe

 

#:32 [qttask.exe]

FilePath : C:\Program\QuickTime ProcessID : 2088

ThreadCreationTime : 2004-10-28 11:33:20

BasePriority : Normal

FileVersion : 6.5.1

ProductVersion : QuickTime 6.5.1

ProductName : QuickTime

CompanyName : Apple Computer, Inc.

InternalName : QuickTime Task

LegalCopyright : © Apple Computer, Inc. 2001-2004

OriginalFilename : QTTask.exe

 

#:33 [winampa.exe]

FilePath : C:\Program\Winamp3 ProcessID : 2112

ThreadCreationTime : 2004-10-28 11:33:20

BasePriority : Normal

 

 

#:34 [tgcmd.exe]

FilePath : C:\Program\Telia\Supportassistent\bin ProcessID : 2188

ThreadCreationTime : 2004-10-28 11:33:20

BasePriority : Normal

FileVersion : 5,6,875,0

ProductVersion : 5,6,875,0

ProductName : Telia Supportassistent - Support.com Scheduler and Command Dispatcher

CompanyName : TeliaSonera, AB - SupportSoft, Inc.

FileDescription : Telia Supportassistent - Support.com Scheduler and Command Dispatcher

InternalName : TGCMD

LegalCopyright : Copyright 1997-2069 SupportSoft

OriginalFilename : TGCMD.EXE

Comments : Telia Supportassistent

 

#:35 [ekort.exe]

FilePath : C:\Program\ekort ProcessID : 2196

ThreadCreationTime : 2004-10-28 11:33:20

BasePriority : Normal

FileVersion : 2, 4, 0, 1, 81

ProductVersion : 2, 4, 0, 1, 81

ProductName : Swedbank e-kort

CompanyName : Orbiscom Ltd. All rights reserved.

FileDescription : Swedbank e-kort

InternalName : WEBOCARD

LegalCopyright : Copyright © 1999-2002, Orbiscom Ltd.

All rights reserved.

OriginalFilename : WebOCard.EXE

 

#:36 [ctfmon.exe]

FilePath : C:\WINDOWS\System32 ProcessID : 2236

ThreadCreationTime : 2004-10-28 11:33:20

BasePriority : Normal

FileVersion : 5.1.2600.1106 (xpsp1.020828-1920)

ProductVersion : 5.1.2600.1106

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : CTF Loader

InternalName : CTFMON

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : CTFMON.EXE

 

#:37 [msnmsgr.exe]

FilePath : C:\Program\MSN Messenger ProcessID : 2288

ThreadCreationTime : 2004-10-28 11:33:21

BasePriority : Normal

FileVersion : 6.2.0137

ProductVersion : Version 6.2

ProductName : MSN Messenger

CompanyName : Microsoft Corporation

FileDescription : MSN Messenger

InternalName : msnmsgr

LegalCopyright : Copyright © Microsoft Corporation 1997-2004

LegalTrademarks : Microsoft® is a registered trademark of Microsoft Corporation in the U.S. and/or other countries.

OriginalFilename : msnmsgr.exe

 

#:38 [msmsgs.exe]

FilePath : C:\Program\Messenger ProcessID : 2716

ThreadCreationTime : 2004-10-28 11:33:23

BasePriority : Normal

FileVersion : 4.7.2009

ProductVersion : Version 4.7

ProductName : Messenger

CompanyName : Microsoft Corporation

FileDescription : Messenger

InternalName : msmsgs

LegalCopyright : Copyright © Microsoft Corporation 1997-2003

LegalTrademarks : Microsoft® is a registered trademark of Microsoft Corporation in the U.S. and/or other countries.

OriginalFilename : msmsgs.exe

 

#:39 [ad-aware.exe]

FilePath : C:\Program\Lavasoft\Ad-Aware SE Personal ProcessID : 2972

ThreadCreationTime : 2004-10-28 11:33:26

BasePriority : Normal

FileVersion : 6.2.0.162

ProductVersion : VI.Second Edition

ProductName : Lavasoft Ad-Aware SE

CompanyName : Lavasoft Sweden

FileDescription : Ad-Aware SE Core application

InternalName : Ad-Aware.exe

LegalCopyright : Copyright © Lavasoft Sweden

OriginalFilename : Ad-Aware.exe

Comments : All Rights Reserved

 

Memory scan result:

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

New critical objects: 0

Objects found so far: 0

 

 

Started registry scan

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

 

Registry Scan result:

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

New critical objects: 0

Objects found so far: 0

 

 

Started deep registry scan

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

 

Deep registry scan result:

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

New critical objects: 0

Objects found so far: 0

 

 

Started Tracking Cookie scan

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

 

 

Tracking cookie scan result:

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

New critical objects: 0

Objects found so far: 0

 

 

 

Deep scanning and examining files...

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

 

Disk Scan Result for C:\WINDOWS

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

New critical objects: 0

Objects found so far: 0

 

Disk Scan Result for C:\WINDOWS\System32

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

New critical objects: 0

Objects found so far: 0

 

Disk Scan Result for C:\DOCUME~1\MARIEN~1\LOKALA~1\Temp»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

New critical objects: 0

Objects found so far: 0

 

 

Scanning Hosts file......

Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts".

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

 

Hosts file scan result:

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

1 entries scanned.

New critical objects:0

Objects found so far: 0

 

 

 

MRU List Object Recognized!

Location: : S-1-5-21-1390067357-1532298954-839522115-1004\software\microsoft\windows\currentversion\applets\paint\recent file list

Description : list of files recently opened using microsoft paint

 

 

MRU List Object Recognized!

Location: : S-1-5-21-1390067357-1532298954-839522115-1004\software\microsoft\windows\currentversion\explorer\runmru

Description : mru list for items opened in start | run

 

 

MRU List Object Recognized!

Location: : S-1-5-21-1390067357-1532298954-839522115-1004\software\microsoft\search assistant\acmru

Description : list of recent search terms used with the search assistant

 

 

MRU List Object Recognized!

Location: : S-1-5-21-1390067357-1532298954-839522115-1004\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru

Description : list of recently saved files, stored according to file extension

 

 

MRU List Object Recognized!

Location: : S-1-5-21-1390067357-1532298954-839522115-1004\software\microsoft\windows\currentversion\explorer\comdlg32\lastvisitedmru

Description : list of recent programs opened

 

 

MRU List Object Recognized!

Location: : S-1-5-21-1390067357-1532298954-839522115-1004\software\microsoft\windows\currentversion\explorer\recentdocs

Description : list of recent documents opened

 

 

MRU List Object Recognized!

Location: : S-1-5-21-1390067357-1532298954-839522115-1004\software\microsoft\mediaplayer\player\recentfilelist

Description : list of recently used files in microsoft windows media player

 

 

MRU List Object Recognized!

Location: : S-1-5-21-1390067357-1532298954-839522115-1004\software\realnetworks\realplayer\6.0\preferences

Description : list of recent skins in realplayer

 

 

MRU List Object Recognized!

Location: : S-1-5-21-1390067357-1532298954-839522115-1004\software\microsoft\internet explorer

Description : last download directory used in microsoft internet explorer

 

 

MRU List Object Recognized!

Location: : software\microsoft\directdraw\mostrecentapplication

Description : most recent application to use microsoft directdraw

 

 

MRU List Object Recognized!

Location: : S-1-5-21-1390067357-1532298954-839522115-1004\software\microsoft\microsoft management console\recent file list

Description : list of recent snap-ins used in the microsoft management console

 

 

MRU List Object Recognized!

Location: : S-1-5-21-1390067357-1532298954-839522115-1004\software\google\navclient\1.1\history

Description : list of recently used search terms in the google toolbar

 

 

MRU List Object Recognized!

Location: : S-1-5-21-1390067357-1532298954-839522115-1004\software\microsoft\internet explorer\typedurls

Description : list of recently entered addresses in microsoft internet explorer

 

 

MRU List Object Recognized!

Location: : S-1-5-21-1390067357-1532298954-839522115-1004\software\creative tech\creative wavestudio\settings

Description : list of recently used directories in creative wavestudio

 

 

MRU List Object Recognized!

Location: : software\microsoft\direct3d\mostrecentapplication

Description : most recent application to use microsoft direct3d

 

 

MRU List Object Recognized!

Location: : S-1-5-21-1390067357-1532298954-839522115-1004\software\realnetworks\realplayer\6.0\preferences

Description : list of recent clips in realplayer

 

 

MRU List Object Recognized!

Location: : S-1-5-21-1390067357-1532298954-839522115-1004\software\microsoft\frontpage\explorer\frontpage explorer\recent web list

Description : list of recently used webs in microsoft frontpage

 

 

MRU List Object Recognized!

Location: : S-1-5-21-1390067357-1532298954-839522115-1004\software\microsoft\mediaplayer\preferences

Description : last playlist loaded in microsoft windows media player

 

 

MRU List Object Recognized!

Location: : S-1-5-21-1390067357-1532298954-839522115-1004\software\realnetworks\realplayer\6.0\preferences

Description : last login time in realplayer

 

 

MRU List Object Recognized!

Location: : S-1-5-21-1390067357-1532298954-839522115-1004\software\microsoft\frontpage\explorer\frontpage explorer\recent file list

Description : list of recently used files in microsoft frontpage

 

 

MRU List Object Recognized!

Location: : software\microsoft\direct3d\mostrecentapplication

Description : most recent application to use microsoft direct X

 

 

MRU List Object Recognized!

Location: : .DEFAULT\software\microsoft\windows media\wmsdk\general

Description : windows media sdk

 

 

MRU List Object Recognized!

Location: : S-1-5-18\software\microsoft\windows media\wmsdk\general

Description : windows media sdk

 

 

MRU List Object Recognized!

Location: : S-1-5-21-1390067357-1532298954-839522115-1004\software\microsoft\windows media\wmsdk\general

Description : windows media sdk

 

 

MRU List Object Recognized!

Location: : C:\Documents and Settings\Marie Nilsson\Application Data\microsoft\office\recent

Description : list of recently opened documents using microsoft office

 

 

MRU List Object Recognized!

Location: : C:\Documents and Settings\Marie Nilsson\recent

Description : list of recently opened documents

 

 

 

Performing conditional scans...

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

 

Conditional scan result:

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

New critical objects: 0

Objects found so far: 26

 

13:34:49 Scan Complete

 

Summary Of This Scan

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Total scanning time:00:01:11.719

Objects scanned:57457

Objects identified:0

Objects ignored:0

New critical objects:0

 

 

[/log][log]Logfile of HijackThis v1.97.7

Scan saved at 13:50:43, on 2004-10-28

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\System32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program\Delade filer\Symantec Shared\ccSetMgr.exe

C:\Program\Delade filer\Symantec Shared\ccEvtMgr.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\System32\CTsvcCDA.exe

C:\Program\Delade filer\EPSON\EBAPI\SAgent2.exe

C:\Program\Norton AntiVirus\navapsvc.exe

C:\WINDOWS\System32\MsPMSPSv.exe

C:\Program\Norton AntiVirus\SAVScan.exe

C:\WINDOWS\Explorer.EXE

C:\Program\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe

C:\Program\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE

C:\WINDOWS\System32\CTHELPER.EXE

C:\WINDOWS\system32\dla\tfswctrl.exe

C:\Program\Delade filer\Symantec Shared\ccApp.exe

C:\WINDOWS\BCMSMMSG.exe

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE

C:\Program\Java\j2re1.4.2_03\bin\jusched.exe

C:\Program\Delade filer\Real\Update_OB\realsched.exe

C:\Program\QuickTime\qttask.exe

C:\Program\Winamp3\winampa.exe

C:\Program\Telia\Supportassistent\bin\tgcmd.exe

C:\Program\ekort\ekort.exe

C:\WINDOWS\System32\ctfmon.exe

C:\Program\MSN Messenger\msnmsgr.exe

C:\WINDOWS\System32\wuauclt.exe

C:\Program\Internet Explorer\iexplore.exe

C:\Program\Outlook Express\msimn.exe

C:\Documents and Settings\Marie Nilsson\Lokala inställningar\Temp\Temporär katalog 1 för hjt.zip\HijackThis.exe

C:\Program\Messenger\msmsgs.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.se/0SESVSE/SAOS02

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ycomp_wave/defaults/sp/*http://www.yahoo.com

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://login1.telia.com/

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch'>http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ycomp_wave/defaults/su/*http://www.yahoo.com

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,Shellnext = "C:\Program\Outlook Express\msimn.exe"

O2 - BHO: (no name) - {008DB894-99ED-445D-8547-0E7C9808898D} - C:\WINDOWS\mslagent\4b_1,0,1,2_mslagent.dll (file missing)

O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: e-kort Browser Helper Object - {1C900459-DEEF-4aa9-B260-1EF0F0C70A8D} - C:\WINDOWS\System32\Bhoekort.dll

O2 - BHO: (no name) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll

O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program\google\googletoolbar2.dll

O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program\google\googletoolbar2.dll

O4 - HKLM\..\Run: [CTSysVol] C:\Program\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe

O4 - HKLM\..\Run: [CTDVDDet] C:\Program\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE

O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE

O4 - HKLM\..\Run: [AsioReg] REGSVR32.EXE /S CTASIO.DLL

O4 - HKLM\..\Run: [updReg] C:\WINDOWS\UpdReg.EXE

O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe

O4 - HKLM\..\Run: [storageGuard] "C:\Program\Delade filer\Sonic\Update Manager\sgtray.exe" /r

O4 - HKLM\..\Run: [ccApp] "C:\Program\Delade filer\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [bCMSMMSG] BCMSMMSG.exe

O4 - HKLM\..\Run: [ATIPTA] C:\Program\ATI Technologies\ATI Control Panel\atiptaxx.exe

O4 - HKLM\..\Run: [EPSON Stylus C44 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P23 "EPSON Stylus C44 Series" /O6 "USB001" /M "Stylus C44"

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program\Java\j2re1.4.2_03\bin\jusched.exe

O4 - HKLM\..\Run: [websx] C:\Program\websx\int339890.exe -auto

O4 - HKLM\..\Run: [TkBellExe] "C:\Program\Delade filer\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [WinampAgent] "C:\Program\Winamp3\winampa.exe"

O4 - HKLM\..\Run: [TeliaTGCMD] "C:\Program\Telia\Supportassistent\bin\tgcmd.exe" /server /startmonitor /deaf

O4 - HKLM\..\Run: [ekort] C:\Program\ekort\ekort.exe /dontopenmycards

O4 - HKLM\..\Run: [CashBack] C:\Program\CashBack\bin\cashback.exe

O4 - HKLM\..\Run: [NaviSearch] C:\Program\NaviSearch\bin\nls.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe

O4 - HKCU\..\Run: [mslagent] C:\WINDOWS\mslagent\mslagent.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Program\MSN Messenger\msnmsgr.exe" /background

O4 - Global Startup: MyWebSearch Email Plugin.lnk = C:\Program\MyWebSearch\bar\1.bin\MWSOEMON.EXE

O8 - Extra context menu item: &Google Search - res://c:\program\google\GoogleToolbar1.dll/cmsearch.html

O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZCxdm127

O8 - Extra context menu item: Backward &Links - res://c:\program\google\GoogleToolbar1.dll/cmbacklinks.html

O8 - Extra context menu item: Cac&hed Snapshot of Page - res://c:\program\google\GoogleToolbar1.dll/cmcache.html

O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~2\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Si&milar Pages - res://c:\program\google\GoogleToolbar1.dll/cmsimilar.html

O8 - Extra context menu item: Translate into English - res://c:\program\google\GoogleToolbar1.dll/cmtrans.html

O9 - Extra 'Tools' menuitem: Sun Java-konsol (HKLM)

O9 - Extra button: e-kort (HKLM)

O9 - Extra button: Referensinformation (HKLM)

O9 - Extra button: Messenger (HKLM)

O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)

O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab

O16 - DPF: {0594AF7E-573B-40DF-8165-E47AB2EAEFE8} - http://akamai.downloadv3.com/binaries/P2EClient/EGAUTH_1021_EN_XP.cab

O16 - DPF: {0990D180-4226-4530-9777-AB82315505B9} (Installer Class) - http://www.foreningssparbanken.se/betala/ekort/oinstall.cab

O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab

O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/ei/CursorManiaInitialSetup1.0.0.8.cab

O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab28578.cab

O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB

O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - http://office.microsoft.com/officeupdate/content/opuc.cab

O16 - DPF: {50AD557E-3426-41FD-AFDD-2AF39BB1C387} - http://akamai.downloadv3.com/binaries/LiveService/LiveService_5_EN_XP.cab

O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/212f1e21087c45762917/netzip/RdxIE601.cab

O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/20040427/qtinstall.info.apple.com/saba/us/win/QuickTimeInstaller.exe

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab28578.cab

O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installengine.com/engine/isetup.cab

O16 - DPF: {CA034DCC-A580-4333-B52F-15F98C42E04C} (Downloader Class) - http://www.stopzilla.com/_download/Auto_Installer/dwnldr.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Obje[/log]

Har jag gjort rätt nu?/Marni

 

Dela detta inlägg


Länk till inlägg
Dela på andra webbplatser

:thumbsup:Verkar som allt är som det ska. Inga mer varningar om virushot!!!. Tack för hjälpen! Till alla som engagerat sig i min fråga.

SKOJ]

Vad har man Hijack This till hur använder man den?/Marni

 

[inlägget ändrat 2004-10-28 14:25:54 av marni]

Dela detta inlägg


Länk till inlägg
Dela på andra webbplatser

Tack för poängen :), men vi är inte klara än.

 

LOG-filerna kom rätt, jättebra! :thumbsup:

 

Men programversionen på HijackThis ska vara 1.98.2. Radera den du har och försök ladda ner den från en av de andra nedladdningslänkarna. Efter nedladdningen ska du skapa en ny mapp, C:\HjT och flytta HijackThis.exe till den mappen, t ex genom att dra filen dit.

 

Jag ser att Ad-aware har kunnat rensa en massa. :)

Men tyvärr är datorn inte riktigt ren än, men det ska den väl kunna bli med lite mer jobb.

 

Installerade du om med en ny Ad-aware? Jag undrar eftersom det fortfarande står 1.03 i loggen och varje ny version kan hitta lite mer otrevligheter.

 

Kör också Ad-aware i Full system scan och inte i Smart scan, konfigurera också genom att trycka på kugghjulet (har jag för mig att det är) upptill i Ad-aware-fönstret på följande sätt:

http://www.lavasoftsupport.com/index.php?showtopic=42066

och ta bort om den hittar något mer.

 

Kör dessa online antivirusskanningar:

http://housecall.trendmicro.com/housecall/start_corp.asp

http://www.pandasoftware.com/activescan/com/activescan_principal.htm

Om de hittar något skriv ner vilket virus de hittar och i vilken fil.

 

När det är gjort så lägg ut nya loggar (både Ad-aware och HijackThis) samt resultatet från antivirusskanningarna här, så får du hjälp att rensa lite mer med hjälp av HijackThis.

 

 

Dela detta inlägg


Länk till inlägg
Dela på andra webbplatser

Nu har jag laddat ner, men jag förstår inte denna instruktionen: "ny mapp, C:\HjT "

HijackThis ligger nu på skrivbordet, hur fortsätter jag?/Marni

 

[inlägget ändrat 2004-10-28 15:45:11 av marni]

Dela detta inlägg


Länk till inlägg
Dela på andra webbplatser

Bra att du frångar! :thumbsup:

 

Öppna Utforskaren eller Den här datorn.

Gå så att du är inne i C:\ (C:\ i titelraden)

Högerklicka någonstans till höger (inte på ett filnamn) och välj Nytt - Mapp

Det kommer upp en liten ruta där man ska skriva vad mappen ska heta, skriv HjT följt av Enter.

Dubbelklicka på HjT-mappen så att du kommer in i den.

Titta nu på ditt skrivbord och dubbelklicka på den nedladdade filen HijackThis.

Du får nu upp ett nytt fönster med en fil som heter HijackThis.exe.

Högerklicka på den och välj Kopiera.

Gå nu till ditt fönster där du är inne i HjT-mappen och högerklicka i utrymmet där det brukar finnas filer och välj Klistra in.

Nu får du en ny fil där, det är HijackThis.exe, även om du kanske inte ser ".exe" (beror på en inställning).

 

Så fortsätt sedan med Ad-aware och online antivirusskanningarna enligt mitt förra inlägg.

 

 

Dela detta inlägg


Länk till inlägg
Dela på andra webbplatser

1. När jag dubbelklickar på HijackThis så kommer det upp ett nytt fönster som heter HijackThis - v1.98.2 (inte exe.) det händer inget när jag högerklickar på den.

Virus hittade på one-linesökning:

Exploit-MS04-028 Non cleanable c:\Documents and settings...

TROJ WINTRIM.BY c:\WINDOWS\system32...

/Marni

 

[log]Logfile of HijackThis v1.98.2

Scan saved at 18:39:45, on 2004-10-28

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\System32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program\Delade filer\Symantec Shared\ccSetMgr.exe

C:\Program\Delade filer\Symantec Shared\ccEvtMgr.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\System32\CTsvcCDA.exe

C:\Program\Delade filer\EPSON\EBAPI\SAgent2.exe

C:\Program\Norton AntiVirus\navapsvc.exe

C:\WINDOWS\System32\MsPMSPSv.exe

C:\Program\Norton AntiVirus\SAVScan.exe

C:\WINDOWS\Explorer.EXE

C:\Program\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe

C:\Program\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE

C:\WINDOWS\System32\CTHELPER.EXE

C:\WINDOWS\system32\dla\tfswctrl.exe

C:\Program\Delade filer\Symantec Shared\ccApp.exe

C:\WINDOWS\BCMSMMSG.exe

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE

C:\Program\Java\j2re1.4.2_03\bin\jusched.exe

C:\Program\Delade filer\Real\Update_OB\realsched.exe

C:\Program\QuickTime\qttask.exe

C:\Program\Winamp3\winampa.exe

C:\Program\Telia\Supportassistent\bin\tgcmd.exe

C:\Program\ekort\ekort.exe

C:\WINDOWS\System32\ctfmon.exe

C:\Program\MSN Messenger\msnmsgr.exe

C:\WINDOWS\System32\wuauclt.exe

C:\Program\Outlook Express\msimn.exe

C:\Program\Internet Explorer\iexplore.exe

C:\Documents and Settings\Marie Nilsson\Skrivbord\HijackThis.exe

C:\Program\Messenger\msmsgs.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.se/0SESVSE/SAOS02

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ycomp_wave/defaults/sp/*http://www.yahoo.com

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://login1.telia.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch'>http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ycomp_wave/defaults/su/*http://www.yahoo.com

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = "C:\Program\Outlook Express\msimn.exe"

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar

O2 - BHO: (no name) - {008DB894-99ED-445D-8547-0E7C9808898D} - C:\WINDOWS\mslagent\4b_1,0,1,2_mslagent.dll (file missing)

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: e-kort Browser Helper Object - {1C900459-DEEF-4aa9-B260-1EF0F0C70A8D} - C:\WINDOWS\System32\Bhoekort.dll

O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program\google\googletoolbar1.dll

O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program\google\googletoolbar1.dll

O4 - HKLM\..\Run: [CTSysVol] C:\Program\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe

O4 - HKLM\..\Run: [CTDVDDet] C:\Program\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE

O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE

O4 - HKLM\..\Run: [AsioReg] REGSVR32.EXE /S CTASIO.DLL

O4 - HKLM\..\Run: [updReg] C:\WINDOWS\UpdReg.EXE

O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe

O4 - HKLM\..\Run: [storageGuard] "C:\Program\Delade filer\Sonic\Update Manager\sgtray.exe" /r

O4 - HKLM\..\Run: [ccApp] "C:\Program\Delade filer\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [bCMSMMSG] BCMSMMSG.exe

O4 - HKLM\..\Run: [ATIPTA] C:\Program\ATI Technologies\ATI Control Panel\atiptaxx.exe

O4 - HKLM\..\Run: [EPSON Stylus C44 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P23 "EPSON Stylus C44 Series" /O6 "USB001" /M "Stylus C44"

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program\Java\j2re1.4.2_03\bin\jusched.exe

O4 - HKLM\..\Run: [websx] C:\Program\websx\int339890.exe -auto

O4 - HKLM\..\Run: [TkBellExe] "C:\Program\Delade filer\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [WinampAgent] "C:\Program\Winamp3\winampa.exe"

O4 - HKLM\..\Run: [TeliaTGCMD] "C:\Program\Telia\Supportassistent\bin\tgcmd.exe" /server /startmonitor /deaf

O4 - HKLM\..\Run: [ekort] C:\Program\ekort\ekort.exe /dontopenmycards

O4 - HKLM\..\Run: [CashBack] C:\Program\CashBack\bin\cashback.exe

O4 - HKLM\..\Run: [NaviSearch] C:\Program\NaviSearch\bin\nls.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe

O4 - HKCU\..\Run: [mslagent] C:\WINDOWS\mslagent\mslagent.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Program\MSN Messenger\msnmsgr.exe" /background

O4 - Global Startup: MyWebSearch Email Plugin.lnk = C:\Program\MyWebSearch\bar\1.bin\MWSOEMON.EXE

O8 - Extra context menu item: &Google Search - res://c:\program\google\GoogleToolbar1.dll/cmsearch.html

O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZCxdm127

O8 - Extra context menu item: Backward Links - res://c:\program\google\GoogleToolbar1.dll/cmbacklinks.html

O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program\google\GoogleToolbar1.dll/cmcache.html

O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~2\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Similar Pages - res://c:\program\google\GoogleToolbar1.dll/cmsimilar.html

O8 - Extra context menu item: Translate into English - res://c:\program\google\GoogleToolbar1.dll/cmtrans.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)

O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)

O9 - Extra button: e-kort - {4C730913-3961-439b-83D5-F4E445520422} - C:\Program\ekort\ekort.exe

O9 - Extra button: Referensinformation - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\MSMSGS.EXE

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\MSMSGS.EXE

O16 - DPF: {0594AF7E-573B-40DF-8165-E47AB2EAEFE8} - http://akamai.downloadv3.com/binaries/P2EClient/EGAUTH_1021_EN_XP.cab

O16 - DPF: {0990D180-4226-4530-9777-AB82315505B9} (Installer Class) - http://www.foreningssparbanken.se/betala/ekort/oinstall.cab

O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/ei/CursorManiaInitialSetup1.0.0.8.cab

O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab28578.cab

O16 - DPF: {50AD557E-3426-41FD-AFDD-2AF39BB1C387} - http://akamai.downloadv3.com/binaries/LiveService/LiveService_5_EN_XP.cab

O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/212f1e21087c45762917/netzip/RdxIE601.cab

O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/20040427/qtinstall.info.apple.com/saba/us/win/QuickTimeInstaller.exe

O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab28578.cab

O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installengine.com/engine/isetup.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab

O16 - DPF: {CA034DCC-A580-4333-B52F-15F98C42E04C} (Downloader Class) - http://www.stopzilla.com/_download/Auto_Installer/dwnldr.cab

[/log]

 

[log]

Ad-Aware SE Build 1.05

Logfile Created on:den 28 oktober 2004 20:06:41

Created with Ad-Aware SE Personal, free for private use.

Using definitions file:SE1R16 28.10.2004

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

 

References detected during the scan:

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

MRU List(TAC index:0):26 total references

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

 

Ad-Aware SE Settings

===========================

Set : Search for negligible risk entries

Set : Safe mode (always request confirmation)

Set : Scan active processes

Set : Scan registry

Set : Deep-scan registry

Set : Scan my IE Favorites for banned URLs

Set : Scan my Hosts file

 

Extended Ad-Aware SE Settings

===========================

Set : Unload recognized processes & modules during scan

Set : Scan registry for all users instead of current user only

Set : Always try to unload modules before deletion

Set : During removal, unload Explorer and IE if necessary

Set : Let Windows remove files in use at next reboot

Set : Delete quarantined objects after restoring

Set : Include basic Ad-Aware settings in log file

Set : Include additional Ad-Aware settings in log file

Set : Include reference summary in log file

Set : Include alternate data stream details in log file

Set : Play sound at scan completion if scan locates critical objects

 

 

2004-10-28 20:06:41 - Scan started. (Full System Scan)

 

MRU List Object Recognized!

Location: : S-1-5-21-1390067357-1532298954-839522115-1004\software\microsoft\windows\currentversion\applets\paint\recent file list

Description : list of files recently opened using microsoft paint

 

 

MRU List Object Recognized!

Location: : S-1-5-21-1390067357-1532298954-839522115-1004\software\microsoft\windows\currentversion\explorer\runmru

Description : mru list for items opened in start | run

 

 

MRU List Object Recognized!

Location: : S-1-5-21-1390067357-1532298954-839522115-1004\software\microsoft\search assistant\acmru

Description : list of recent search terms used with the search assistant

 

 

MRU List Object Recognized!

Location: : S-1-5-21-1390067357-1532298954-839522115-1004\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru

Description : list of recently saved files, stored according to file extension

 

 

MRU List Object Recognized!

Location: : S-1-5-21-1390067357-1532298954-839522115-1004\software\microsoft\windows\currentversion\explorer\comdlg32\lastvisitedmru

Description : list of recent programs opened

 

 

MRU List Object Recognized!

Location: : S-1-5-21-1390067357-1532298954-839522115-1004\software\microsoft\windows\currentversion\explorer\recentdocs

Description : list of recent documents opened

 

 

MRU List Object Recognized!

Location: : S-1-5-21-1390067357-1532298954-839522115-1004\software\microsoft\mediaplayer\player\recentfilelist

Description : list of recently used files in microsoft windows media player

 

 

MRU List Object Recognized!

Location: : S-1-5-21-1390067357-1532298954-839522115-1004\software\realnetworks\realplayer\6.0\preferences

Description : list of recent skins in realplayer

 

 

MRU List Object Recognized!

Location: : S-1-5-21-1390067357-1532298954-839522115-1004\software\microsoft\internet explorer

Description : last download directory used in microsoft internet explorer

 

 

MRU List Object Recognized!

Location: : software\microsoft\directdraw\mostrecentapplication

Description : most recent application to use microsoft directdraw

 

 

MRU List Object Recognized!

Location: : S-1-5-21-1390067357-1532298954-839522115-1004\software\microsoft\microsoft management console\recent file list

Description : list of recent snap-ins used in the microsoft management console

 

 

MRU List Object Recognized!

Location: : S-1-5-21-1390067357-1532298954-839522115-1004\software\google\navclient\1.1\history

Description : list of recently used search terms in the google toolbar

 

 

MRU List Object Recognized!

Location: : S-1-5-21-1390067357-1532298954-839522115-1004\software\microsoft\internet explorer\typedurls

Description : list of recently entered addresses in microsoft internet explorer

 

 

MRU List Object Recognized!

Location: : S-1-5-21-1390067357-1532298954-839522115-1004\software\creative tech\creative wavestudio\settings

Description : list of recently used directories in creative wavestudio

 

 

MRU List Object Recognized!

Location: : software\microsoft\direct3d\mostrecentapplication

Description : most recent application to use microsoft direct3d

 

 

MRU List Object Recognized!

Location: : S-1-5-21-1390067357-1532298954-839522115-1004\software\realnetworks\realplayer\6.0\preferences

Description : list of recent clips in realplayer

 

 

MRU List Object Recognized!

Location: : S-1-5-21-1390067357-1532298954-839522115-1004\software\microsoft\frontpage\explorer\frontpage explorer\recent web list

Description : list of recently used webs in microsoft frontpage

 

 

MRU List Object Recognized!

Location: : S-1-5-21-1390067357-1532298954-839522115-1004\software\microsoft\mediaplayer\preferences

Description : last playlist loaded in microsoft windows media player

 

 

MRU List Object Recognized!

Location: : S-1-5-21-1390067357-1532298954-839522115-1004\software\realnetworks\realplayer\6.0\preferences

Description : last login time in realplayer

 

 

MRU List Object Recognized!

Location: : S-1-5-21-1390067357-1532298954-839522115-1004\software\microsoft\frontpage\explorer\frontpage explorer\recent file list

Description : list of recently used files in microsoft frontpage

 

 

MRU List Object Recognized!

Location: : software\microsoft\direct3d\mostrecentapplication

Description : most recent application to use microsoft direct X

 

 

MRU List Object Recognized!

Location: : .DEFAULT\software\microsoft\windows media\wmsdk\general

Description : windows media sdk

 

 

MRU List Object Recognized!

Location: : S-1-5-18\software\microsoft\windows media\wmsdk\general

Description : windows media sdk

 

 

MRU List Object Recognized!

Location: : S-1-5-21-1390067357-1532298954-839522115-1004\software\microsoft\windows media\wmsdk\general

Description : windows media sdk

 

 

MRU List Object Recognized!

Location: : C:\Documents and Settings\Marie Nilsson\Application Data\microsoft\office\recent

Description : list of recently opened documents using microsoft office

 

 

MRU List Object Recognized!

Location: : C:\Documents and Settings\Marie Nilsson\recent

Description : list of recently opened documents

 

 

Listing running processes

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

 

#:1 [smss.exe]

FilePath : \SystemRoot\System32 ProcessID : 628

ThreadCreationTime : 2004-10-28 11:33:08

BasePriority : Normal

 

 

#:2 [csrss.exe]

FilePath : \??\C:\WINDOWS\system32 ProcessID : 680

ThreadCreationTime : 2004-10-28 11:33:10

BasePriority : Normal

 

 

#:3 [winlogon.exe]

FilePath : \??\C:\WINDOWS\system32 ProcessID : 704

ThreadCreationTime : 2004-10-28 11:33:11

BasePriority : High

 

 

#:4 [services.exe]

FilePath : C:\WINDOWS\system32 ProcessID : 748

ThreadCreationTime : 2004-10-28 11:33:11

BasePriority : Normal

FileVersion : 5.1.2600.0 (xpclient.010817-1148)

ProductVersion : 5.1.2600.0

ProductName : Operativsystemet Microsoft® Windows®

CompanyName : Microsoft Corporation

FileDescription : Tjänst- och styrenhetsprogram

InternalName : services.exe

LegalCopyright : © Microsoft Corporation. Med ensamrätt.

OriginalFilename : services.exe

 

#:5 [lsass.exe]

FilePath : C:\WINDOWS\system32 ProcessID : 760

ThreadCreationTime : 2004-10-28 11:33:11

BasePriority : Normal

FileVersion : 5.1.2600.1106 (xpsp1.020828-1920)

ProductVersion : 5.1.2600.1106

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : LSA Shell (Export Version)

InternalName : lsass.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : lsass.exe

 

#:6 [ati2evxx.exe]

FilePath : C:\WINDOWS\System32 ProcessID : 952

ThreadCreationTime : 2004-10-28 11:33:11

BasePriority : Normal

 

 

#:7 [svchost.exe]

FilePath : C:\WINDOWS\system32 ProcessID : 976

ThreadCreationTime : 2004-10-28 11:33:11

BasePriority : Normal

FileVersion : 5.1.2600.0 (xpclient.010817-1148)

ProductVersion : 5.1.2600.0

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Generic Host Process for Win32 Services

InternalName : svchost.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : svchost.exe

 

#:8 [svchost.exe]

FilePath : C:\WINDOWS\System32 ProcessID : 1080

ThreadCreationTime : 2004-10-28 11:33:11

BasePriority : Normal

FileVersion : 5.1.2600.0 (xpclient.010817-1148)

ProductVersion : 5.1.2600.0

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Generic Host Process for Win32 Services

InternalName : svchost.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : svchost.exe

 

#:9 [svchost.exe]

FilePath : C:\WINDOWS\System32 ProcessID : 1220

ThreadCreationTime : 2004-10-28 11:33:11

BasePriority : Normal

FileVersion : 5.1.2600.0 (xpclient.010817-1148)

ProductVersion : 5.1.2600.0

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Generic Host Process for Win32 Services

InternalName : svchost.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : svchost.exe

 

#:10 [svchost.exe]

FilePath : C:\WINDOWS\System32 ProcessID : 1280

ThreadCreationTime : 2004-10-28 11:33:11

BasePriority : Normal

FileVersion : 5.1.2600.0 (xpclient.010817-1148)

ProductVersion : 5.1.2600.0

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Generic Host Process for Win32 Services

InternalName : svchost.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : svchost.exe

 

#:11 [ccsetmgr.exe]

FilePath : C:\Program\Delade filer\Symantec Shared ProcessID : 1344

ThreadCreationTime : 2004-10-28 11:33:12

BasePriority : Normal

FileVersion : 2.0.0.635

ProductVersion : 2.0.0.635

ProductName : Common Client

CompanyName : Symantec Corporation

FileDescription : Common Client Settings Manager Service

InternalName : ccSetMgr

LegalCopyright : Copyright © 2000-2003 Symantec Corporation. All rights reserved.

OriginalFilename : ccSetMgr.exe

 

#:12 [ccevtmgr.exe]

FilePath : C:\Program\Delade filer\Symantec Shared ProcessID : 1432

ThreadCreationTime : 2004-10-28 11:33:12

BasePriority : Normal

FileVersion : 2.0.0.635

ProductVersion : 2.0.0.635

ProductName : Common Client

CompanyName : Symantec Corporation

FileDescription : Common Client Event Manager Service

InternalName : ccEvtMgr

LegalCopyright : Copyright © 2000-2003 Symantec Corporation. All rights reserved.

OriginalFilename : ccEvtMgr.exe

 

#:13 [spoolsv.exe]

FilePath : C:\WINDOWS\system32 ProcessID : 1628

ThreadCreationTime : 2004-10-28 11:33:12

BasePriority : Normal

FileVersion : 5.1.2600.0 (XPClient.010817-1148)

ProductVersion : 5.1.2600.0

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Spooler SubSystem App

InternalName : spoolsv.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : spoolsv.exe

 

#:14 [ctsvccda.exe]

FilePath : C:\WINDOWS\System32 ProcessID : 1756

ThreadCreationTime : 2004-10-28 11:33:13

BasePriority : Normal

FileVersion : 1.0.1.0

ProductVersion : 1.0.0.0

ProductName : Creative Service for CDROM Access

CompanyName : Creative Technology Ltd

FileDescription : Creative Service for CDROM Access

InternalName : CTsvcCDAEXE

LegalCopyright : Copyright © Creative Technology Ltd., 1999. All rights reserved.

OriginalFilename : CTsvcCDA.EXE

 

#:15 [sagent2.exe]

FilePath : C:\Program\Delade filer\EPSON\EBAPI ProcessID : 1780

ThreadCreationTime : 2004-10-28 11:33:13

BasePriority : Normal

FileVersion : 2, 3, 0, 0

ProductVersion : 1, 0, 0, 0

ProductName : EPSON Bidirectional Printer

CompanyName : SEIKO EPSON CORPORATION

FileDescription : EPSON Printer Status Agent

InternalName : SAgent2

LegalCopyright : Copyright © SEIKO EPSON CORP. 2000-2001

OriginalFilename : SAgent2.exe

 

#:16 [navapsvc.exe]

FilePath : C:\Program\Norton AntiVirus ProcessID : 1844

ThreadCreationTime : 2004-10-28 11:33:13

BasePriority : Normal

FileVersion : 10.00.2

ProductVersion : 10.00.2

ProductName : Norton AntiVirus

CompanyName : Symantec Corporation

FileDescription : Norton AntiVirus Auto-Protect Service

InternalName : NAVAPSVC

LegalCopyright : Norton AntiVirus 2004 for Windows 98/ME/2000/XP Copyright © 2003 Symantec Corporation. All rights reserved.

OriginalFilename : NAVAPSVC.EXE

 

#:17 [mspmspsv.exe]

FilePath : C:\WINDOWS\System32 ProcessID : 2032

ThreadCreationTime : 2004-10-28 11:33:14

BasePriority : Normal

FileVersion : 7.00.00.1954

ProductVersion : 7.00.00.1954

ProductName : Microsoft ® DRM

CompanyName : Microsoft Corporation

FileDescription : WMDM PMSP Service

InternalName : MSPMSPSV.EXE

LegalCopyright : Copyright © Microsoft Corp. 1981-2000

OriginalFilename : MSPMSPSV.EXE

 

#:18 [savscan.exe]

FilePath : C:\Program\Norton AntiVirus ProcessID : 408

ThreadCreationTime : 2004-10-28 11:33:15

BasePriority : Normal

FileVersion : 9.2.1.14

ProductVersion : 9.2

ProductName : Symantec AntiVirus AutoProtect

CompanyName : Symantec Corporation

FileDescription : Symantec AntiVirus Scanner

InternalName : SAVSCAN

LegalCopyright : Copyright © 2003 Symantec Corporation

OriginalFilename : SAVSCAN.EXE

 

#:19 [explorer.exe]

FilePath : C:\WINDOWS ProcessID : 1008

ThreadCreationTime : 2004-10-28 11:33:18

BasePriority : Normal

FileVersion : 6.00.2800.1106 (xpsp1.020828-1920)

ProductVersion : 6.00.2800.1106

ProductName : Operativsystemet Microsoft® Windows®

CompanyName : Microsoft Corporation

FileDescription : Utforskaren

InternalName : explorer

LegalCopyright : © Microsoft Corporation. Med ensamrätt.

OriginalFilename : EXPLORER.EXE

 

#:20 [ctsysvol.exe]

FilePath : C:\Program\Creative\SBAudigy2\Surround Mixer ProcessID : 1236

ThreadCreationTime : 2004-10-28 11:33:19

BasePriority : Normal

FileVersion : 1.1.3.0

ProductVersion : 1.0.0.0

ProductName : Creative Volume Control

CompanyName : Creative Technology Ltd

FileDescription : CTSysVol.exe

LegalCopyright : Copyright © Creative Technology Ltd., 2002. All rights reserved.

OriginalFilename : CTSysVol.exe

 

#:21 [ctdvddet.exe]

FilePath : C:\Program\Creative\SBAudigy2\DVDAudio ProcessID : 1232

ThreadCreationTime : 2004-10-28 11:33:19

BasePriority : Normal

FileVersion : 1.0.2.0

ProductVersion : 1.0.2.0

ProductName : CTDVDDET

CompanyName : Creative Technology Ltd

FileDescription : CTDVDDET

InternalName : CTDVDDET

LegalCopyright : Copyright © Creative Technology Ltd., 2002. All rights reserved.

OriginalFilename : CTDVDDET.EXE

 

#:22 [cthelper.exe]

FilePath : C:\WINDOWS\System32 ProcessID : 1328

ThreadCreationTime : 2004-10-28 11:33:19

BasePriority : Normal

FileVersion : 1, 0, 0, 11

ProductVersion : 1, 0, 0, 11

ProductName : CtHelper Application

CompanyName : Creative Technology Ltd

FileDescription : CtHelper MFC Application

InternalName : CtHelper

LegalCopyright : Copyright © 2002

OriginalFilename : CtHelper.EXE

 

#:23 [tfswctrl.exe]

FilePath : C:\WINDOWS\system32\dla ProcessID : 1728

ThreadCreationTime : 2004-10-28 11:33:19

BasePriority : Normal

FileVersion : 1.04.05b

CompanyName : Sonic Solutions

FileDescription : Drive Letter Access Component

LegalCopyright : Copyright © 2003 Sonic Solutions

 

#:24 [ccapp.exe]

FilePath : C:\Program\Delade filer\Symantec Shared ProcessID : 1804

ThreadCreationTime : 2004-10-28 11:33:19

BasePriority : Normal

FileVersion : 2.0.0.635

ProductVersion : 2.0.0.635

ProductName : Common Client

CompanyName : Symantec Corporation

FileDescription : Symantec Common Client User Session

InternalName : ccApp

LegalCopyright : Copyright © 2000-2003 Symantec Corporation. All rights reserved.

OriginalFilename : ccApp.exe

 

#:25 [bcmsmmsg.exe]

FilePath : C:\WINDOWS ProcessID : 1824

ThreadCreationTime : 2004-10-28 11:33:19

BasePriority : Normal

FileVersion : 3.5.24 02/24/2003 18:29:41

ProductVersion : 3.5.24 02/24/2003 18:29:41

ProductName : BCM Modem Messaging Applet

CompanyName : Broadcom Corporation

FileDescription : Modem Messaging Applet

InternalName : smdmstat.exe

LegalCopyright : Copyright © Broadcom Corporation 1998-2000

OriginalFilename : smdmstat.exe

 

#:26 [e_s10ic2.exe]

FilePath : C:\WINDOWS\System32\spool\DRIVERS\W32X86\3 ProcessID : 1984

ThreadCreationTime : 2004-10-28 11:33:19

BasePriority : Normal

FileVersion : 3.06

ProductVersion : 3.06

ProductName : EPSON Status Monitor 3

CompanyName : SEIKO EPSON CORPORATION

FileDescription : EPSON Status Monitor 3

InternalName : E_S10IC2

LegalCopyright : Copyright © SEIKO EPSON CORP. 2002

OriginalFilename : E_S10IC2.EXE

 

#:27 [jusched.exe]

FilePath : C:\Program\Java\j2re1.4.2_03\bin ProcessID : 1996

ThreadCreationTime : 2004-10-28 11:33:19

BasePriority : Normal

 

 

#:28 [realsched.exe]

FilePath : C:\Program\Delade filer\Real\Update_OB ProcessID : 2060

ThreadCreationTime : 2004-10-28 11:33:20

BasePriority : Normal

FileVersion : 0.1.0.1622

ProductVersion : 0.1.0.1622

ProductName : RealOne Player (32-bit)

CompanyName : RealNetworks, Inc.

FileDescription : RealNetworks Scheduler

InternalName : schedapp

LegalCopyright : Copyright © RealNetworks, Inc. 1995-2002

LegalTrademarks : RealAudio is a trademark of RealNetworks, Inc.

OriginalFilename : realsched.exe

 

#:29 [qttask.exe]

FilePath : C:\Program\QuickTime ProcessID : 2088

ThreadCreationTime : 2004-10-28 11:33:20

BasePriority : Normal

FileVersion : 6.5.1

ProductVersion : QuickTime 6.5.1

ProductName : QuickTime

CompanyName : Apple Computer, Inc.

InternalName : QuickTime Task

LegalCopyright : © Apple Computer, Inc. 2001-2004

OriginalFilename : QTTask.exe

 

#:30 [winampa.exe]

FilePath : C:\Program\Winamp3 ProcessID : 2112

ThreadCreationTime : 2004-10-28 11:33:20

BasePriority : Normal

 

 

#:31 [tgcmd.exe]

FilePath : C:\Program\Telia\Supportassistent\bin ProcessID : 2188

ThreadCreationTime : 2004-10-28 11:33:20

BasePriority : Normal

FileVersion : 5,6,875,0

ProductVersion : 5,6,875,0

ProductName : Telia Supportassistent - Support.com Scheduler and Command Dispatcher

CompanyName : TeliaSonera, AB - SupportSoft, Inc.

FileDescription : Telia Supportassistent - Support.com Scheduler and Command Dispatcher

InternalName : TGCMD

LegalCopyright : Copyright 1997-2069 SupportSoft

OriginalFilename : TGCMD.EXE

Comments : Telia Supportassistent

 

#:32 [ekort.exe]

FilePath : C:\Program\ekort ProcessID : 2196

ThreadCreationTime : 2004-10-28 11:33:20

BasePriority : Normal

FileVersion : 2, 4, 0, 1, 81

ProductVersion : 2, 4, 0, 1, 81

ProductName : Swedbank e-kort

CompanyName : Orbiscom Ltd. All rights reserved.

FileDescription : Swedbank e-kort

InternalName : WEBOCARD

LegalCopyright : Copyright © 1999-2002, Orbiscom Ltd.

All rights reserved.

OriginalFilename : WebOCard.EXE

 

#:33 [ctfmon.exe]

FilePath : C:\WINDOWS\System32 ProcessID : 2236

ThreadCreationTime : 2004-10-28 11:33:20

BasePriority : Normal

FileVersion : 5.1.2600.1106 (xpsp1.020828-1920)

ProductVersion : 5.1.2600.1106

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : CTF Loader

InternalName : CTFMON

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : CTFMON.EXE

 

#:34 [msnmsgr.exe]

FilePath : C:\Program\MSN Messenger ProcessID : 2288

ThreadCreationTime : 2004-10-28 11:33:21

BasePriority : Normal

FileVersion : 6.2.0137

ProductVersion : Version 6.2

ProductName : MSN Messenger

CompanyName : Microsoft Corporation

FileDescription : MSN Messenger

InternalName : msnmsgr

LegalCopyright : Copyright © Microsoft Corporation 1997-2004

LegalTrademarks : Microsoft® is a registered trademark of Microsoft Corporation in the U.S. and/or other countries.

OriginalFilename : msnmsgr.exe

 

#:35 [wuauclt.exe]

FilePath : C:\WINDOWS\System32 ProcessID : 2012

ThreadCreationTime : 2004-10-28 11:34:13

BasePriority : Normal

FileVersion : 5.4.3790.2182 built by: srv03_rtm(ntvbl04)

ProductVersion : 5.4.3790.2182

ProductName : Operativsystemet Microsoft® Windows®

CompanyName : Microsoft Corporation

FileDescription : Automatiska uppdateringar

InternalName : wuauclt.exe

LegalCopyright : © Microsoft Corporation. Med ensamrätt.

OriginalFilename : wuauclt.exe

 

#:36 [msimn.exe]

FilePath : C:\Program\Outlook Express ProcessID : 1060

ThreadCreationTime : 2004-10-28 15:05:41

BasePriority : Normal

FileVersion : 6.00.2800.1123

ProductVersion : 6.00.2800.1123

ProductName : Operativsystemet Microsoft® Windows®

CompanyName : Microsoft Corporation

FileDescription : Outlook Express

InternalName : MSIMN

LegalCopyright : © Microsoft Corporation. Med ensamrätt.

OriginalFilename : MSIMN.EXE

 

#:37 [iexplore.exe]

FilePath : C:\Program\Internet Explorer ProcessID : 3528

ThreadCreationTime : 2004-10-28 17:56:06

BasePriority : Normal

FileVersion : 6.00.2800.1106 (xpsp1.020828-1920)

ProductVersion : 6.00.2800.1106

ProductName : Operativsystemet Microsoft® Windows®

CompanyName : Microsoft Corporation

FileDescription : Internet Explorer

InternalName : iexplore

LegalCopyright : © Microsoft Corporation. Med ensamrätt.

OriginalFilename : IEXPLORE.EXE

 

#:38 [ad-aware.exe]

FilePath : C:\Program\Lavasoft\AD-AWA~2 ProcessID : 3172

ThreadCreationTime : 2004-10-28 18:00:05

BasePriority : Normal

FileVersion : 6.2.0.206

ProductVersion : VI.Second Edition

ProductName : Lavasoft Ad-Aware SE

CompanyName : Lavasoft Sweden

FileDescription : Ad-Aware SE Core application

InternalName : Ad-Aware.exe

LegalCopyright : Copyright © Lavasoft Sweden

OriginalFilename : Ad-Aware.exe

Comments : All Rights Reserved

 

#:39 [msmsgs.exe]

FilePath : C:\Program\Messenger ProcessID : 3208

ThreadCreationTime : 2004-10-28 18:05:20

BasePriority : Normal

FileVersion : 4.7.2009

ProductVersion : Version 4.7

ProductName : Messenger

CompanyName : Microsoft Corporation

FileDescription : Messenger

InternalName : msmsgs

LegalCopyright : Copyright © Microsoft Corporation 1997-2003

LegalTrademarks : Microsoft® is a registered trademark of Microsoft Corporation in the U.S. and/or other countries.

OriginalFilename : msmsgs.exe

 

Memory scan result:

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

New critical objects: 0

Objects found so far: 26

 

 

Started registry scan

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

 

Registry Scan result:

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

New critical objects: 0

Objects found so far: 26

 

 

Started deep registry scan

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

 

Deep registry scan result:

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

New critical objects: 0

Objects found so far: 26

 

 

Started Tracking Cookie scan

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

 

 

Tracking cookie scan result:

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

New critical objects: 0

Objects found so far: 26

 

 

Disk Scan Result for C:»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

New critical objects: 0

Objects found so far: 26

 

 

Scanning Hosts file......

Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts".

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

 

Hosts file scan result:

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

1 entries scanned.

New critical objects:0

Objects found so far: 26

 

 

 

 

Performing conditional scans...

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

 

Conditional scan result:

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

New critical objects: 0

Objects found so far: 26

 

20:11:44 Scan Complete

 

Summary Of This Scan

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Total scanning time:00:05:03.641

Objects scanned:146971

Objects identified:0

Objects ignored:0

New critical objects:0

 

[/log]

/Marni

[inlägget ändrat 2004-10-28 20:32:16 av marni]

Dela detta inlägg


Länk till inlägg
Dela på andra webbplatser

Skapa ett konto eller logga in för att kommentera

Du måste vara medlem för att kunna kommentera

Skapa ett konto

Skapa ett nytt konto på vårt forum. Det är lätt!

Registrera ett nytt konto

Logga in

Redan medlem? Logga in här.

Logga in nu



×
×
  • Skapa nytt...