Just nu i M3-nätverket
Gå till innehåll

problem


Megera

Rekommendera Poster

Vi kan se om HijackThis visar något till att börja med. Ladda ner från en av länkarna:

http://www.trendsecure.com/portal/en-US/_download/HJTInstall.exe

http://www.download.com/Trend-Micro-HijackThis/3000-8022_4-10227353.html

Installera, starta och välj "Do a system scan and save a logfile", kopiera loggen som kommer upp (inget annat).

 

I ditt svar bifogar du HijackThis-loggen på detta sätt:

Tryck på LOG-knappen i Besvara-fönstret

Klistra in loggen

Tryck igen på LOG-knappen

 

Länk till kommentar
Dela på andra webbplatser

[log]Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 12:58:11, on 2008-12-26

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16762)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program\Delade filer\EPSON\EBAPI\SAgent2.exe

C:\Program\Telia\Telias Sakerhetstjanster\Anti-Virus\fsgk32st.exe

C:\Program\Telia\Telias Sakerhetstjanster\Common\FSMA32.EXE

C:\Program\Telia\Telias Sakerhetstjanster\Anti-Virus\FSGK32.EXE

C:\WINDOWS\System32\svchost.exe

C:\Program\Telia\Telias Sakerhetstjanster\Common\FSMB32.EXE

C:\Program\Telia\Telias Sakerhetstjanster\Common\FCH32.EXE

C:\Program\Telia\Telias Sakerhetstjanster\Common\FAMEH32.EXE

C:\Program\Telia\Telias Sakerhetstjanster\Anti-Virus\fsqh.exe

C:\Program\Telia\Telias Sakerhetstjanster\FSPC\fspc.exe

C:\Program\Telia\Telias Sakerhetstjanster\FSAUA\program\fsaua.exe

C:\Program\Telia\Telias Sakerhetstjanster\Anti-Virus\fssm32.exe

C:\Program\Telia\Telias Sakerhetstjanster\FWES\Program\fsdfwd.exe

C:\Program\Telia\Telias Sakerhetstjanster\FSAUA\program\fsus.exe

C:\Program\Telia\Telias Sakerhetstjanster\Anti-Virus\fsav32.exe

C:\WINDOWS\Explorer.EXE

C:\Program\Telia\Telias Sakerhetstjanster\Common\FSM32.EXE

C:\WINDOWS\system32\ctfmon.exe

C:\Program\Telia\Telias Sakerhetstjanster\FSGUI\fsguidll.exe

C:\WINDOWS\System32\svchost.exe

C:\Program\Internet Explorer\iexplore.exe

C:\Program\Delade filer\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\Program\Telia\Telias Sakerhetstjanster\FSGUI\scanwizard.exe

C:\Program\Trend Micro\HijackThis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program\SPYBOT~1\SDHelper.dll

O2 - BHO: Windows Live inloggningshjälpen - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program\Delade filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)

O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program\Windows Live Toolbar\msntb.dll

O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)

O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program\Windows Live Toolbar\msntb.dll

O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program\Telia\Telias Sakerhetstjanster\Common\FSM32.EXE" /splash

O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program\Telia\Telias Sakerhetstjanster\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKAL TJÄNST')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')

O8 - Extra context menu item: &Windows Live Search - res://C:\Program\Windows Live Toolbar\msntb.dll/search.htm

O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: Föräldra-... - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program\Telia\Telias Sakerhetstjanster\FSPC\fspcmsie.dll

O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program\Telia\Telias Sakerhetstjanster\FSPC\fspcmsie.dll

O9 - Extra 'Tools' menuitem: Föräldra-... - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program\Telia\Telias Sakerhetstjanster\FSPC\fspcmsie.dll

O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20070501/qtinstall.info.apple.com/qtactivex/qtplugin.cab

O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab'>http://support.f-secure.com/ols/fscax.cab

O16 - DPF: {19D6A3D5-EA50-4C3B-88F0-79627C325570} (IlosoftMultipleImageCtrl Class) - http://www.one.com/static/controls/IlosoftMultipleImageUpload.dll

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab

O16 - DPF: {5CE72DD0-4695-4D18-A4D3-3367ACD37578} (F-Secure Health Check 1.0) - http://support.f-secure.com/enu/home/onlineservices/fshc/fscax.cab'>http://support.f-secure.com/enu/home/onlineservices/fshc/fscax.cab'>http://support.f-secure.com/enu/home/onlineservices/fshc/fscax.cab

O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6662.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1228594487531

O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1228594466078

O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://rosengrenkocken.spaces.live.com/PhotoUpload/MsnPUpld.cab

O16 - DPF: {A4069847-C342-48E2-9257-01A24E5C78EA} (F-Secure Online Scanner 3.2) - http://support.f-secure.com/ols3beta/fscax.cab

O16 - DPF: {B9F79165-A264-4C4A-A211-133A5E8D647F} (F-Secure Health Check 1.1) - http://support.f-secure.com/enu/home/onlineservices/fshc/fscax.cab

O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O16 - DPF: {E1E73B44-2D20-47A9-9CA2-B534CEBBF856} (F-Secure Health Check 1.0) - http://support.f-secure.com/enu/home/onlineservices/fshc/fscax.cab

O20 - AppInit_DLLs: cvbqyu.dll

O20 - Winlogon Notify: !SASWinLogon - C:\Program\SUPERAntiSpyware\SASWINLO.DLL

O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program\Delade filer\EPSON\EBAPI\SAgent2.exe

O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corporation - C:\Program\Telia\Telias Sakerhetstjanster\Anti-Virus\fsgk32st.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program\Delade filer\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program\Telia\Telias Sakerhetstjanster\FSAUA\program\fsaua.exe

O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program\Telia\Telias Sakerhetstjanster\FWES\Program\fsdfwd.exe

O23 - Service: FSMA - F-Secure Corporation - C:\Program\Telia\Telias Sakerhetstjanster\Common\FSMA32.EXE

O23 - Service: F-Secure ORSP Client (FSORSPClient) - F-Secure Corporation - C:\Program\Telia\Telias Sakerhetstjanster\ORSP Client\fsorsp.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program\Google\Common\Google Updater\GoogleUpdaterService.exe

 

--

End of file - 7406 bytes

[/log]

 

Länk till kommentar
Dela på andra webbplatser

Ladda ner Malwarebytes Anti-Malware (MBAM) från en av dessa länkar:

http://www.download.com/Malwarebytes-Anti-Malware/3000-8022_4-10804572.html

http://projects.securitywonks.net/projects/details.php?file=158

Dubbelklicka på mbam-setup för att installera programmet.

 

Se till i slutet av installationen att det är bockar för:

Uppdatera Malwarebytes' Anti-Malware

Starta Malwarebytes' Anti-Malware

Tryck på Slutför

Om det finns någon uppdatering så kommer den att laddas ner och installeras.

 

[log]När programmet startar så välj "Utför snabb skanning" och tryck på Skanna.

Skanningen tar ett tag.

När den är klar så tryck på OK och sedan "Visa resultat".

Bocka för allt och tryck sedan Ta bort markerade.

När borttagningen är klar så öppnar Anteckningar med en logg.

 

Eventuellt så kommer det upp en begäran om att starta om datorn (Restart). I så fall gör det.

Om det blir ett felmeddelande Error loading... efter omstarten så starta om datorn än en gång.

Om programmet inte kommer igång efter omstarten så starta det.

 

Om loggen inte kommer upp själv i Anteckningar så hittar du loggen på fliken Loggar i MBAM.

Kopiera loggen och klistra in den i ditt svar tillsammans med en ny HijackThis-logg.[/log]

 

Länk till kommentar
Dela på andra webbplatser

[log]Malwarebytes' Anti-Malware 1.31

Databasversion: 1551

Windows 5.1.2600 Service Pack 3

 

2008-12-26 19:31:53

mbam-log-2008-12-26 (19-31-53).txt

 

Skanningstyp: Snabb skanning

Antal skannade objekt: 52799

Förfluten tid: 24 minute(s), 10 second(s)

 

Infekterade minnesprocesser: 0

Infekterade minnesmoduler: 0

Infekterade registernycklar: 10

Infekterade registervärden: 1

Infekterade registerdataposter: 0

Infekterade mappar: 7

Infekterade filer: 6

 

Infekterade minnesprocesser:

(Inga illasinnade poster hittades)

 

Infekterade minnesmoduler:

(Inga illasinnade poster hittades)

 

Infekterade registernycklar:

HKEY_CLASSES_ROOT\CLSID\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo) -> Delete on reboot.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{500bca15-57a7-4eaf-8143-8c619470b13d} (Trojan.FakeAlert) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1c3c4699-b285-475f-be47-0b26088ce876} (Trojan.Zlob) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{f06e2abe-3a50-4079-be25-fc100d9eaa25} (Trojan.Zlob) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{b64f4a7c-97c9-11da-8bde-f66bad1e3f3a} (Rogue.WinAntivirus) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Solt Lake Software (Rogue.ProAntispyware2009) -> Quarantined and deleted successfully.

 

Infekterade registervärden:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx\Windows Service (Backdoor.Bot) -> Quarantined and deleted successfully.

 

Infekterade registerdataposter:

(Inga illasinnade poster hittades)

 

Infekterade mappar:

C:\Program\A360 (Rogue.A360Antivirus) -> Quarantined and deleted successfully.

C:\Documents and Settings\All Users\Application Data\Solt Lake Software (Rogue.ProAntispyware2009) -> Quarantined and deleted successfully.

C:\Documents and Settings\All Users\Application Data\Solt Lake Software\Pro Antispyware 2009 (Rogue.ProAntispyware2009) -> Quarantined and deleted successfully.

C:\Documents and Settings\All Users\Application Data\Solt Lake Software\Pro Antispyware 2009\BASE (Rogue.ProAntispyware2009) -> Quarantined and deleted successfully.

C:\Documents and Settings\All Users\Application Data\Solt Lake Software\Pro Antispyware 2009\DELETED (Rogue.ProAntispyware2009) -> Quarantined and deleted successfully.

C:\Documents and Settings\All Users\Application Data\Solt Lake Software\Pro Antispyware 2009\LOG (Rogue.ProAntispyware2009) -> Quarantined and deleted successfully.

C:\Documents and Settings\All Users\Application Data\Solt Lake Software\Pro Antispyware 2009\SAVED (Rogue.ProAntispyware2009) -> Quarantined and deleted successfully.

 

Infekterade filer:

C:\WINDOWS\system32\ecprvfcr.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\Documents and Settings\All Users\Application Data\Solt Lake Software\Pro Antispyware 2009\LOG\20081205224553396.log (Rogue.ProAntispyware2009) -> Quarantined and deleted successfully.

C:\Documents and Settings\All Users\Application Data\Solt Lake Software\Pro Antispyware 2009\LOG\20081206114017859.log (Rogue.ProAntispyware2009) -> Quarantined and deleted successfully.

C:\Documents and Settings\All Users\Application Data\Solt Lake Software\Pro Antispyware 2009\LOG\20081206180033328.log (Rogue.ProAntispyware2009) -> Quarantined and deleted successfully.

C:\Documents and Settings\All Users\Application Data\Solt Lake Software\Pro Antispyware 2009\LOG\20081206183448203.log (Rogue.ProAntispyware2009) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\mcrh.tmp (Malware.Trace) -> Quarantined and deleted successfully.

[/log]

 

Länk till kommentar
Dela på andra webbplatser

[log]Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 19:49:14, on 2008-12-26

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16762)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program\Delade filer\EPSON\EBAPI\SAgent2.exe

C:\Program\Telia\Telias Sakerhetstjanster\Anti-Virus\fsgk32st.exe

C:\Program\Telia\Telias Sakerhetstjanster\Common\FSMA32.EXE

C:\Program\Telia\Telias Sakerhetstjanster\Anti-Virus\FSGK32.EXE

C:\WINDOWS\System32\svchost.exe

C:\Program\Telia\Telias Sakerhetstjanster\Common\FSMB32.EXE

C:\Program\Telia\Telias Sakerhetstjanster\Common\FCH32.EXE

C:\Program\Telia\Telias Sakerhetstjanster\Common\FAMEH32.EXE

C:\Program\Telia\Telias Sakerhetstjanster\Anti-Virus\fsqh.exe

C:\Program\Telia\Telias Sakerhetstjanster\FSPC\fspc.exe

C:\Program\Telia\Telias Sakerhetstjanster\FSAUA\program\fsaua.exe

C:\Program\Telia\Telias Sakerhetstjanster\Anti-Virus\fssm32.exe

C:\Program\Telia\Telias Sakerhetstjanster\FWES\Program\fsdfwd.exe

C:\Program\Telia\Telias Sakerhetstjanster\FSAUA\program\fsus.exe

C:\Program\Telia\Telias Sakerhetstjanster\Anti-Virus\fsav32.exe

C:\WINDOWS\Explorer.EXE

C:\Program\Telia\Telias Sakerhetstjanster\Common\FSM32.EXE

C:\WINDOWS\system32\ctfmon.exe

C:\Program\Telia\Telias Sakerhetstjanster\FSGUI\fsguidll.exe

C:\WINDOWS\System32\svchost.exe

C:\Program\Malwarebytes' Anti-Malware\mbam.exe

C:\Program\Internet Explorer\iexplore.exe

C:\Program\Delade filer\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\Program\Telia\Telias Sakerhetstjanster\FSGUI\scanwizard.exe

C:\Program\Trend Micro\HijackThis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program\SPYBOT~1\SDHelper.dll

O2 - BHO: Windows Live inloggningshjälpen - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program\Delade filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)

O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program\Windows Live Toolbar\msntb.dll

O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)

O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program\Windows Live Toolbar\msntb.dll

O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program\Telia\Telias Sakerhetstjanster\Common\FSM32.EXE" /splash

O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program\Telia\Telias Sakerhetstjanster\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKAL TJÄNST')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')

O8 - Extra context menu item: &Windows Live Search - res://C:\Program\Windows Live Toolbar\msntb.dll/search.htm

O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: Föräldra-... - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program\Telia\Telias Sakerhetstjanster\FSPC\fspcmsie.dll

O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program\Telia\Telias Sakerhetstjanster\FSPC\fspcmsie.dll

O9 - Extra 'Tools' menuitem: Föräldra-... - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program\Telia\Telias Sakerhetstjanster\FSPC\fspcmsie.dll

O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20070501/qtinstall.info.apple.com/qtactivex/qtplugin.cab

O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab'>http://support.f-secure.com/ols/fscax.cab

O16 - DPF: {19D6A3D5-EA50-4C3B-88F0-79627C325570} (IlosoftMultipleImageCtrl Class) - http://www.one.com/static/controls/IlosoftMultipleImageUpload.dll

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab

O16 - DPF: {5CE72DD0-4695-4D18-A4D3-3367ACD37578} (F-Secure Health Check 1.0) - http://support.f-secure.com/enu/home/onlineservices/fshc/fscax.cab'>http://support.f-secure.com/enu/home/onlineservices/fshc/fscax.cab'>http://support.f-secure.com/enu/home/onlineservices/fshc/fscax.cab

O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6662.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1228594487531

O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1228594466078

O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://rosengrenkocken.spaces.live.com/PhotoUpload/MsnPUpld.cab

O16 - DPF: {A4069847-C342-48E2-9257-01A24E5C78EA} (F-Secure Online Scanner 3.2) - http://support.f-secure.com/ols3beta/fscax.cab

O16 - DPF: {B9F79165-A264-4C4A-A211-133A5E8D647F} (F-Secure Health Check 1.1) - http://support.f-secure.com/enu/home/onlineservices/fshc/fscax.cab

O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O16 - DPF: {E1E73B44-2D20-47A9-9CA2-B534CEBBF856} (F-Secure Health Check 1.0) - http://support.f-secure.com/enu/home/onlineservices/fshc/fscax.cab

O20 - AppInit_DLLs: cvbqyu.dll

O20 - Winlogon Notify: !SASWinLogon - C:\Program\SUPERAntiSpyware\SASWINLO.DLL

O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program\Delade filer\EPSON\EBAPI\SAgent2.exe

O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corporation - C:\Program\Telia\Telias Sakerhetstjanster\Anti-Virus\fsgk32st.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program\Delade filer\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program\Telia\Telias Sakerhetstjanster\FSAUA\program\fsaua.exe

O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program\Telia\Telias Sakerhetstjanster\FWES\Program\fsdfwd.exe

O23 - Service: FSMA - F-Secure Corporation - C:\Program\Telia\Telias Sakerhetstjanster\Common\FSMA32.EXE

O23 - Service: F-Secure ORSP Client (FSORSPClient) - F-Secure Corporation - C:\Program\Telia\Telias Sakerhetstjanster\ORSP Client\fsorsp.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program\Google\Common\Google Updater\GoogleUpdaterService.exe

 

--

End of file - 7454 bytes

[/log]

 

Länk till kommentar
Dela på andra webbplatser

Om du inte har startat om datorn sedan du körde MBAM så gör det och skanna igen med MBAM. Om något hittas så klistra in loggen igen.

 

Skanna med HijackThis och bocka för:

 

O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)

O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)

O20 - AppInit_DLLs: cvbqyu.dll

 

Avsluta alla andra program.

Tryck Fix checked.

 

Starta om datorn och kontrollera själv att ovanstående rader är borta ur en ny HijackThis-logg.

 

Hur fungerar datorn nu?

 

Länk till kommentar
Dela på andra webbplatser

[log]Malwarebytes' Anti-Malware 1.31

Databasversion: 1551

Windows 5.1.2600 Service Pack 3

 

2008-12-26 22:33:41

mbam-log-2008-12-26 (22-33-41).txt

 

Skanningstyp: Snabb skanning

Antal skannade objekt: 52821

Förfluten tid: 15 minute(s), 11 second(s)

 

Infekterade minnesprocesser: 0

Infekterade minnesmoduler: 0

Infekterade registernycklar: 1

Infekterade registervärden: 0

Infekterade registerdataposter: 0

Infekterade mappar: 0

Infekterade filer: 0

 

Infekterade minnesprocesser:

(Inga illasinnade poster hittades)

 

Infekterade minnesmoduler:

(Inga illasinnade poster hittades)

 

Infekterade registernycklar:

HKEY_CLASSES_ROOT\CLSID\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo) -> Delete on reboot.

 

Infekterade registervärden:

(Inga illasinnade poster hittades)

 

Infekterade registerdataposter:

(Inga illasinnade poster hittades)

 

Infekterade mappar:

(Inga illasinnade poster hittades)

 

Infekterade filer:

(Inga illasinnade poster hittades)

[/log]

 

 

Den fungerar bättre men är fortfarande seg. Det klickar i hårddisken den kanske är på väg att gå sönder. när man scrollar är den jätteseg.

 

 

 

Länk till kommentar
Dela på andra webbplatser

Ladda ner Gmer till Skrivbordet från en av dessa sidor:

http://www.gmer.net/

http://www.majorgeeks.com/GMER_d5198.html

Packa upp filen till Skrivbordet.

 

Stäng alla program.

Starta programmet gmer.exe.

Välj fliken rootkit, kontrollera att allt är förbockat till höger utom Show All. Tryck på Scan. Låt datorn stå ifred medan Gmer håller på.

Tryck på Copy och klistra sedan in resultatet i ditt svar.

 

Länk till kommentar
Dela på andra webbplatser

[log]GMER 1.0.14.14536 - http://www.gmer.net

Rootkit scan 2008-12-27 18:35:50

Windows 5.1.2600 Service Pack 3

 

 

---- System - GMER 1.0.14 ----

 

SSDT \??\C:\Program\Telia\Telias Sakerhetstjanster\HIPS\drivers\fshs.sys (F-Secure HIPS 32-bit Driver/F-Secure Corporation) ZwCreateProcess [0xF89E8C26]

SSDT \??\C:\Program\Telia\Telias Sakerhetstjanster\HIPS\drivers\fshs.sys (F-Secure HIPS 32-bit Driver/F-Secure Corporation) ZwCreateProcessEx [0xF89E8C40]

SSDT \??\C:\Program\Telia\Telias Sakerhetstjanster\HIPS\drivers\fshs.sys (F-Secure HIPS 32-bit Driver/F-Secure Corporation) ZwCreateThread [0xF89E7DE4]

SSDT \??\C:\Program\Telia\Telias Sakerhetstjanster\HIPS\drivers\fshs.sys (F-Secure HIPS 32-bit Driver/F-Secure Corporation) ZwLoadDriver [0xF89E810C]

SSDT \??\C:\Program\Telia\Telias Sakerhetstjanster\HIPS\drivers\fshs.sys (F-Secure HIPS 32-bit Driver/F-Secure Corporation) ZwMapViewOfSection [0xF89E7B30]

SSDT \??\C:\Program\Telia\Telias Sakerhetstjanster\HIPS\drivers\fshs.sys (F-Secure HIPS 32-bit Driver/F-Secure Corporation) ZwOpenSection [0xF89E853E]

SSDT \??\C:\Program\Telia\Telias Sakerhetstjanster\HIPS\drivers\fshs.sys (F-Secure HIPS 32-bit Driver/F-Secure Corporation) ZwRenameKey [0xF89E97DC]

SSDT \??\C:\Program\Telia\Telias Sakerhetstjanster\HIPS\drivers\fshs.sys (F-Secure HIPS 32-bit Driver/F-Secure Corporation) ZwSetSystemInformation [0xF89E838E]

SSDT \??\C:\Program\Telia\Telias Sakerhetstjanster\HIPS\drivers\fshs.sys (F-Secure HIPS 32-bit Driver/F-Secure Corporation) ZwSuspendProcess [0xF89E79B6]

SSDT \??\C:\Program\Telia\Telias Sakerhetstjanster\HIPS\drivers\fshs.sys (F-Secure HIPS 32-bit Driver/F-Secure Corporation) ZwSuspendThread [0xF89E7E18]

SSDT \??\C:\Program\Telia\Telias Sakerhetstjanster\HIPS\drivers\fshs.sys (F-Secure HIPS 32-bit Driver/F-Secure Corporation) ZwSystemDebugControl [0xF89E7F92]

SSDT \??\C:\Program\Telia\Telias Sakerhetstjanster\HIPS\drivers\fshs.sys (F-Secure HIPS 32-bit Driver/F-Secure Corporation) ZwTerminateProcess [0xF89E7916]

SSDT \??\C:\Program\Telia\Telias Sakerhetstjanster\HIPS\drivers\fshs.sys (F-Secure HIPS 32-bit Driver/F-Secure Corporation) ZwTerminateThread [0xF89E7A6C]

SSDT \??\C:\Program\Telia\Telias Sakerhetstjanster\HIPS\drivers\fshs.sys (F-Secure HIPS 32-bit Driver/F-Secure Corporation) ZwWriteVirtualMemory [0xF89E7EDC]

 

Code fsdfw.sys (F-Secure Internet Shield Driver/F-Secure Corporation) IoCreateDevice

 

---- Kernel code sections - GMER 1.0.14 ----

 

.text ntoskrnl.exe!_abnormal_termination + 440 804E2A9C 12 Bytes [ B6, 79, 9E, F8, 18, 7E, 9E, ... ]

PAGE ntoskrnl.exe!IoCreateDevice 8059FA61 5 Bytes JMP F8601FA8 fsdfw.sys (F-Secure Internet Shield Driver/F-Secure Corporation)

PAGENPNP NDIS.SYS!NdisRegisterProtocol F85D217F 5 Bytes JMP F8601DBA fsdfw.sys (F-Secure Internet Shield Driver/F-Secure Corporation)

PAGENPNP NDIS.SYS!NdisOpenAdapter F85D2399 5 Bytes JMP F8602342 fsdfw.sys (F-Secure Internet Shield Driver/F-Secure Corporation)

PAGENPNP NDIS.SYS!NdisCloseAdapter F85DC642 5 Bytes JMP F8601EC6 fsdfw.sys (F-Secure Internet Shield Driver/F-Secure Corporation)

PAGENPNP NDIS.SYS!NdisDeregisterProtocol F85DC821 5 Bytes JMP F860215E fsdfw.sys (F-Secure Internet Shield Driver/F-Secure Corporation)

PAGENDSP NDIS.SYS!NdisReturnPackets F85DF810 5 Bytes JMP F8602BF4 fsdfw.sys (F-Secure Internet Shield Driver/F-Secure Corporation)

PAGENDSP NDIS.SYS!NdisRequest F85DF97B 5 Bytes JMP F860255A fsdfw.sys (F-Secure Internet Shield Driver/F-Secure Corporation)

PAGENDSP NDIS.SYS!NdisSend F85E2986 5 Bytes JMP F8603574 fsdfw.sys (F-Secure Internet Shield Driver/F-Secure Corporation)

PAGENDSP NDIS.SYS!NdisSendPackets F85E29A3 5 Bytes JMP F8603646 fsdfw.sys (F-Secure Internet Shield Driver/F-Secure Corporation)

PAGENDSP NDIS.SYS!NdisTransferData F85E29BE 5 Bytes JMP F8602CF2 fsdfw.sys (F-Secure Internet Shield Driver/F-Secure Corporation)

PAGENDCO NDIS.SYS!NdisCoCreateVc F85E9186 5 Bytes JMP F8601E24 fsdfw.sys (F-Secure Internet Shield Driver/F-Secure Corporation)

PAGENDCO NDIS.SYS!NdisCoDeleteVc F85EA557 5 Bytes JMP F8601E92 fsdfw.sys (F-Secure Internet Shield Driver/F-Secure Corporation)

PAGENDCO NDIS.SYS!NdisCoSendPackets F85EAAF1 5 Bytes JMP F860335E fsdfw.sys (F-Secure Internet Shield Driver/F-Secure Corporation)

 

---- Devices - GMER 1.0.14 ----

 

Device \Driver\Tcpip \Device\Ip fsdfw.sys (F-Secure Internet Shield Driver/F-Secure Corporation)

Device \Driver\Tcpip \Device\Tcp fsdfw.sys (F-Secure Internet Shield Driver/F-Secure Corporation)

Device \Driver\Tcpip \Device\Udp fsdfw.sys (F-Secure Internet Shield Driver/F-Secure Corporation)

Device \Driver\Tcpip \Device\RawIp fsdfw.sys (F-Secure Internet Shield Driver/F-Secure Corporation)

Device \Driver\Tcpip \Device\IPMULTICAST fsdfw.sys (F-Secure Internet Shield Driver/F-Secure Corporation)

 

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

 

---- Registry - GMER 1.0.14 ----

 

Reg HKLM\SOFTWARE\Classes\CLSID\{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}\InprocServer32@ C:\WINDOWS\system32\urqOIBQi.dll

Reg HKLM\SOFTWARE\Classes\CLSID\{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}\InprocServer32@ThreadingModel Both

 

---- EOF - GMER 1.0.14 ----

[/log]

 

Länk till kommentar
Dela på andra webbplatser

Ja, det ser man lite mer skadligt. Ladda ner ComboFix till Skrivbordet:

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

 

Stäng av alla program du ser inklusive antivirusprogram och antispionprogram men lämna brandväggen på.

Hur? Se http://www.bleepingcomputer.com/forums/topic114351.html

Kör ComboFix och följ anvisningarna som visas.

Om det kommer upp en fråga om du vill installera återställningskonsolen så svara ja.

 

VIKTIGT! Klicka inte på ComboFix-fönstret med musen när den körs annars kan den hänga upp sig.

 

När den är färdig så ska en logg komma upp, bifoga den till ditt svar. Kontrollera att antivirusprogram mm är igång innan du ansluter till internet.

 

Om du får problem med att komma ut på internet:

Kontrollpanelen - Nätverksanslutningar

högerklicka på din internetanslutning och välj Reparera och/eller starta om datorn.

 

Varning! ComboFix förhindrar automatisk körning av CD, disketter och USB-enheter för att göra det lättare att rensa datorn och skydda datorn mot infektioner i framtiden. Det kan bli problem t ex om datorn har internet via ett USB-modem eller USB-nätverkskort. Säg då till i stället för att köra ComboFix.

 

Länk till kommentar
Dela på andra webbplatser

Hej!

Gjorde nog bort mig lite i början av combo. Jag fattade fel datorn frågade om jag skulle installera något och jag svarade nej. Ja det ser du väl i loggen antar jag, hoppas att jag inte förstört något nu. Så är det när man inte läser ordentligt.[log]ComboFix 08-12-26.03 - Kjell Ramén 2008-12-27 19:23:55.1 - NTFSx86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1053.18.511.279 [GMT 1:00]

Körs från: c:\documents and settings\Kjell Ramén\Skrivbord\ComboFix.exe

AV: Telia Säker Surf 8.00 *On-access scanning disabled* (Outdated)

FW: Telia Säker Surf 8.00 *disabled*

* Skapade en ny återställningspunkt

 

VARNINIG -ÅTERSTÄLLNINGSKONSOLEN (THE RECOVERY CONSOLE) ÄR INTE INSTALLERAD PÅ DEN HÄR DATORN !!

.

 

((((((((((((((((((((((((((((((((((((((( Andra raderingar ))))))))))))))))))))))))))))))))))))))))))))))))))

.

 

c:\windows\admintxt.txt

c:\windows\Downloaded Program Files\setup.inf

c:\windows\Downloaded Program Files\Sweetopia.1.0.0.20

c:\windows\Downloaded Program Files\Sweetopia.1.0.0.20\activextest.bat

c:\windows\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Audio\Music\Level01.ogg

c:\windows\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Audio\Music\Level01B.ogg

c:\windows\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Audio\sfx\SND_ALARM01.ogg

c:\windows\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Audio\sfx\SND_ALARM02.ogg

c:\windows\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Audio\sfx\SND_ALARM03.ogg

c:\windows\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Audio\sfx\SND_ANYLOOP.ogg

c:\windows\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Audio\sfx\SND_BONUS100.ogg

c:\windows\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Audio\sfx\SND_BUMPSCENERY01.ogg

c:\windows\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Audio\sfx\SND_BUMPSWEET01.ogg

c:\windows\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Audio\sfx\SND_BUTTONCLICK.ogg

c:\windows\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Audio\sfx\SND_CASCADEGOOD.ogg

c:\windows\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Audio\sfx\SND_COMBOGOOD.ogg

c:\windows\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Audio\sfx\SND_FAILED.ogg

c:\windows\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Audio\sfx\SND_FIREWOOSH01.ogg

c:\windows\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Audio\sfx\SND_KATEHURRAY01.ogg

c:\windows\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Audio\sfx\SND_KATEHURRAY02.ogg

c:\windows\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Audio\sfx\SND_KEYSTROKE.ogg

c:\windows\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Audio\sfx\SND_LAUNCHERDOWN.ogg

c:\windows\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Audio\sfx\SND_POP01.ogg

c:\windows\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Audio\sfx\SND_PRODUCTION01.ogg

c:\windows\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Audio\sfx\SND_PUREWIND.ogg

c:\windows\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Audio\sfx\SND_PUSHERBONUS.ogg

c:\windows\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Audio\sfx\SND_PUSHERPOP.ogg

c:\windows\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Audio\sfx\SND_ROLLINGEND.ogg

c:\windows\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Audio\sfx\SND_ROLLINGLOOP.ogg

c:\windows\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Audio\sfx\SND_ROLLINGSTART.ogg

c:\windows\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Audio\sfx\SND_SHERBETDONE.ogg

c:\windows\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Audio\sfx\SND_SHUFFLE.ogg

c:\windows\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Audio\sfx\SND_SUCKEREND.ogg

c:\windows\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Audio\sfx\SND_SUCKERLOOP.ogg

c:\windows\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Audio\sfx\SND_SUCKERSTART.ogg

c:\windows\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Audio\sfx\SND_SWAP.ogg

c:\windows\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Audio\sfx\SND_TRANSITION.ogg

c:\windows\Downloaded Program Files\Sweetopia.1.0.0.20\assets\backgrounds\arcadepanel.png

c:\windows\Downloaded Program Files\Sweetopia.1.0.0.20\assets\backgrounds\dialog.png

c:\windows\Downloaded Program Files\Sweetopia.1.0.0.20\assets\backgrounds\fullscreendialoglocal.jpg

c:\windows\Downloaded Program Files\Sweetopia.1.0.0.20\assets\backgrounds\infodialog.png

c:\windows\Downloaded Program Files\Sweetopia.1.0.0.20\assets\backgrounds\longdialog.png

c:\windows\Downloaded Program Files\Sweetopia.1.0.0.20\assets\backgrounds\panel.png

c:\windows\Downloaded Program Files\Sweetopia.1.0.0.20\assets\backgrounds\screenshots.jpg

c:\windows\Downloaded Program Files\Sweetopia.1.0.0.20\assets\backgrounds\submitdialog.png

c:\windows\Downloaded Program Files\Sweetopia.1.0.0.20\assets\backgrounds\textfield.png

c:\windows\Downloaded Program Files\Sweetopia.1.0.0.20\assets\backgrounds\yesnodialog.png

c:\windows\Downloaded Program Files\Sweetopia.1.0.0.20\assets\buttons\bluearrowdown_down.png

c:\windows\Downloaded Program Files\Sweetopia.1.0.0.20\assets\buttons\bluearrowdown_over.png

c:\windows\Downloaded Program Files\Sweetopia.1.0.0.20\assets\buttons\bluearrowdown_up.png

c:\windows\Downloaded Program Files\Sweetopia.1.0.0.20\assets\buttons\bluearrowleft_down.png

c:\windows\Downloaded Program Files\Sweetopia.1.0.0.20\assets\buttons\bluearrowleft_over.png

c:\windows\Downloaded Program Files\Sweetopia.1.0.0.20\assets\buttons\bluearrowleft_up.png

c:\windows\Downloaded Program Files\Sweetopia.1.0.0.20\assets\buttons\bluearrowright_down.png

c:\windows\Downloaded Program Files\Sweetopia.1.0.0.20\assets\buttons\bluearrowright_over.png

c:\windows\Downloaded Program Files\Sweetopia.1.0.0.20\assets\buttons\bluearrowright_up.png

c:\windows\Downloaded Program Files\Sweetopia.1.0.0.20\assets\buttons\bluearrowup_down.png

c:\windows\Downloaded Program Files\Sweetopia.1.0.0.20\assets\buttons\bluearrowup_over.png

c:\windows\Downloaded Program Files\Sweetopia.1.0.0.20\assets\buttons\bluearrowup_up.png

c:\windows\Downloaded Program Files\Sweetopia.1.0.0.20\assets\buttons\buttondown.png

c:\windows\Downloaded Program Files\Sweetopia.1.0.0.20\assets\buttons\buttonrollover.png

c:\windows\Downloaded Program Files\Sweetopia.1.0.0.20\assets\buttons\buttonup.png

c:\windows\Downloaded Program Files\Sweetopia.1.0.0.20\assets\buttons\checkdown.png

c:\windows\Downloaded Program Files\Sweetopia.1.0.0.20\assets\buttons\checkup.png

c:\windows\Downloaded Program Files\Sweetopia.1.0.0.20\assets\buttons\choosenamedown.png

c:\windows\Downloaded Program Files\Sweetopia.1.0.0.20\assets\buttons\choosenameover.png

c:\windows\Downloaded Program Files\Sweetopia.1.0.0.20\assets\buttons\long_button_down.png

c:\windows\Downloaded Program Files\Sweetopia.1.0.0.20\assets\buttons\long_button_over.png

c:\windows\Downloaded Program Files\Sweetopia.1.0.0.20\assets\buttons\long_button_up.png

c:\windows\Downloaded Program Files\Sweetopia.1.0.0.20\assets\buttons\sliderknob.png

c:\windows\Downloaded Program Files\Sweetopia.1.0.0.20\assets\buttons\sliderknobover.png

c:\windows\Downloaded Program Files\Sweetopia.1.0.0.20\assets\buttons\sliderrail.png

c:\windows\Downloaded Program Files\Sweetopia.1.0.0.20\assets\cursor\cursor.png

c:\windows\Downloaded Program Files\Sweetopia.1.0.0.20\assets\cursor\nocursor.png

c:\windows\Downloaded Program Files\Sweetopia.1.0.0.20\assets\fonts\main.mvec

c:\windows\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Game\Comic\Intros.png

c:\windows\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Game\Comic\TipWindow.png

c:\windows\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Game\FX\FX_Flame.jpg

c:\windows\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Game\FX\FX_Hot.jpg

c:\windows\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Game\FX\FX_PowerUp.jpg

c:\windows\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Game\FX\FX_Ring.jpg

c:\windows\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Game\FX\FX_Sherbet.jpg

c:\windows\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Game\FX\FX_Steam.jpg

c:\windows\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Game\FX\FX_SugarFloor.jpg

c:\windows\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Game\FX\FX_White.jpg

c:\windows\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Game\Models\Machines\Mach01_PistonA.mesh

c:\windows\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Game\Models\Machines\Mach01A.mesh

c:\windows\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Game\Models\Machines\Mach02_RingA.mesh

c:\windows\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Game\Models\Machines\Mach02A.mesh

c:\windows\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Game\Models\Machines\Mach03_HammerA.mesh

c:\windows\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Game\Models\Machines\Mach03A.mesh

c:\windows\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Game\Models\Machines\Mach04_CrankA.mesh

c:\windows\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Game\Models\Machines\Mach04A.mesh

c:\windows\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Game\Models\Machines\Mach05A.mesh

c:\windows\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Game\Models\Machines\Mach06_CrossA.mesh

c:\windows\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Game\Models\Machines\Mach06_PistonA.mesh

c:\windows\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Game\Models\Machines\Mach06A.mesh

c:\windows\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Game\Models\Machines\Mach07A.mesh

c:\windows\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Game\Models\Machines\Mach08A.mesh

c:\windows\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Game\Models\Machines\Mach09A.mesh

c:\windows\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Game\Models\Mixers\MixerBase01A.mesh

c:\windows\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Game\Models\Mixers\MixerBase02A.mesh

c:\windows\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Game\Models\Mixers\MixerTop01A.mesh

c:\windows\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Game\Models\Mixers\MixerTop01B.mesh

c:\windows\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Game\Models\Mixers\MixerTop02A.mesh

c:\windows\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Game\Models\Mixers\MixerTop02B.mesh

c:\windows\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Game\Models\Paddle\PaddleBase.png

c:\windows\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Game\Models\Paddle\PaddleDoor.jpg

c:\windows\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Game\Models\Paddle\PaddleHead.png

c:\windows\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Game\Models\Paddle\PaddleHead2.png

c:\windows\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Game\Models\Paddle\PaddleHole.jpg

c:\windows\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Game\Models\Paddle\PaddleHoleA.mesh

c:\windows\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Game\Models\Paddle\PaddleHoleB.mesh

c:\windows\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Game\Models\Paddle\PaddleHurray1.png

c:\windows\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Game\Models\Paddle\PaddleHurray2.png

c:\windows\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Game\Models\Paddle\PaddleKateAhead.png

c:\windows\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Game\Models\Paddle\PaddleKateFire.png

c:\windows\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Game\Models\Paddle\PaddleKateLeft.png

c:\windows\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Game\Models\Paddle\PaddleKateRight.png

c:\windows\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Game\Models\Paddle\PaddleSling.jpg

c:\windows\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Game\Models\Paddle\PaddleSlingA.mesh

c:\windows\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Game\Models\Paddle\PaddleTop.png

c:\windows\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Game\Models\Paddle\PaddleTunnel.jpg

c:\windows\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Game\Models\Sucker\SuckerTop.png

c:\windows\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Game\Models\Sucker\SuckerWind.jpg

c:\windows\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Game\Models\Textures\Glass\Glass01.jpg

c:\windows\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Game\Models\Textures\Ingredients\Ingredient02.jpg

c:\windows\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Game\Models\Textures\Machines\Mach02A.jpg

c:\windows\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Game\Models\Textures\Walls\Wall02.jpg

c:\windows\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Game\Models\Walls\Wall01A.mesh

c:\windows\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Game\Models\Walls\Wall01B.mesh

c:\windows\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Game\Models\Walls\Wall02A.mesh

c:\windows\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Game\Models\Walls\Wall02B.mesh

c:\windows\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Game\Models\Walls\Wall03A.mesh

c:\windows\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Game\Models\Walls\Wall03B.mesh

c:\windows\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Game\Models\Vats\Vat01A.mesh

c:\windows\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Game\Models\Vats\Vat01B.mesh

c:\windows\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Game\Models\Vats\Vat01C.mesh

c:\windows\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Game\Models\Vents\Joints\JointCross01A.mesh

c:\windows\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Game\Models\Vents\Joints\JointStraight01A.mesh

c:\windows\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Game\Models\Vents\Vent01.jpg

c:\windows\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Game\Textures\Channels\Channel06.jpg

c:\windows\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Game\Textures\Channels\ChannelShadow.jpg

c:\windows\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Game\Textures\Channels\InsChannel.png

c:\windows\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Game\Textures\Floors\Floor01.jpg

c:\windows\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Game\Textures\Pusher\Pusher.png

c:\windows\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Game\Textures\Pusher\PusherBang.png

c:\windows\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Game\Textures\Pusher\PusherWheel.png

c:\windows\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Game\Textures\Shadows\Shadow01.jpg

c:\windows\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Game\Textures\Shadows\Shadow02.jpg

c:\windows\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Game\Textures\Sweets\SweetA.jpg

c:\windows\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Game\Textures\Sweets\SweetC.jpg

c:\windows\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Game\Textures\Sweets\SweetC_S.png

c:\windows\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Game\Textures\Sweets\SweetG.jpg

c:\windows\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Game\Textures\Sweets\SweetG_S.png

c:\windows\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Game\Textures\Sweets\SweetH.png

c:\windows\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Game\Textures\Sweets\SweetP.jpg

c:\windows\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Game\Textures\Sweets\SweetP_S.png

c:\windows\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Game\Textures\Sweets\SweetPUs.png

c:\windows\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Game\Textures\Sweets\SweetR.jpg

c:\windows\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Game\Textures\Sweets\SweetR_S.png

c:\windows\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Game\Textures\Sweets\SweetS.jpg

c:\windows\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Game\Textures\Sweets\SweetS_S.png

c:\windows\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Game\Textures\Sweets\SweetShine.jpg

c:\windows\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Game\Textures\Vat\MacLight01.png

c:\windows\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Game\Textures\Vat\VatPipes01.png

c:\windows\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Game\UI\InGame\PUDialog.png

c:\windows\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Game\UI\Instructions\InstBackdrop.jpg

c:\windows\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Game\UI\Instructions\SweetTypes.png

c:\windows\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Game\UI\Loading\LoadingBar.jpg

c:\windows\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Game\UI\Loading\LoadingScreen.jpg

c:\windows\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Game\UI\MainMenu\MainMenuScreen.jpg

c:\windows\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Game\UI\Pointers\InGameHole.png

c:\windows\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Game\UI\Pointers\InGamePointer.png

c:\windows\Downloaded Program Files\Sweetopia.1.0.0.20\assets\hiscore\global-hs-bb_large.png

c:\windows\Downloaded Program Files\Sweetopia.1.0.0.20\assets\hiscore\global-hs-bb_small.png

c:\windows\Downloaded Program Files\Sweetopia.1.0.0.20\assets\hiscore\hi.jpg

c:\windows\Downloaded Program Files\Sweetopia.1.0.0.20\assets\hiscore\local-hs-bb.png

c:\windows\Downloaded Program Files\Sweetopia.1.0.0.20\assets\hiscore\p1icon.png

c:\windows\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Levels\A01.lev

c:\windows\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Levels\A02.lev

c:\windows\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Levels\A03.lev

c:\windows\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Levels\A04.lev

c:\windows\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Levels\A05.lev

c:\windows\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Levels\A06.lev

c:\windows\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Levels\A07.lev

c:\windows\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Levels\A08.lev

c:\windows\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Levels\A09.lev

c:\windows\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Levels\A10.lev

c:\windows\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Levels\C01.lev

c:\windows\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Levels\C02.lev

c:\windows\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Levels\C03.lev

c:\windows\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Levels\C04.lev

c:\windows\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Levels\C05.lev

c:\windows\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Levels\C06.lev

c:\windows\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Levels\C07.lev

c:\windows\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Levels\C08.lev

c:\windows\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Levels\C09.lev

c:\windows\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Levels\C10.lev

c:\windows\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Pages\Complete.Pag

c:\windows\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Pages\CPaused.Pag

c:\windows\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Pages\Ins.Pag

c:\windows\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Pages\MoreInfo.Pag

c:\windows\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Pages\TIP_K1.Pag

c:\windows\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Pages\Tip_L1C.Pag

c:\windows\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Pages\Tip_L1D.Pag

c:\windows\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Pages\Tip_L1E.Pag

c:\windows\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Pages\Tip_L5A.Pag

c:\windows\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Scripts\arcade.lua

c:\windows\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Scripts\chooseplayer.lua

c:\windows\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Scripts\complete.lua

c:\windows\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Scripts\continue.lua

c:\windows\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Scripts\credits.lua

c:\windows\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Scripts\entername.lua

c:\windows\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Scripts\game.lua

c:\windows\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Scripts\hiscore.lua

c:\windows\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Scripts\hiscoreinfo.lua

c:\windows\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Scripts\hiscoresubmit.lua

c:\windows\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Scripts\instructions.lua

c:\windows\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Scripts\loading.lua

c:\windows\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Scripts\mainloop.lua

c:\windows\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Scripts\mainmenu.lua

c:\windows\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Scripts\moreinfo.lua

c:\windows\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Scripts\ok.lua

c:\windows\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Scripts\options.lua

c:\windows\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Scripts\pause.lua

c:\windows\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Scripts\pieye.lua

c:\windows\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Scripts\style.lua

c:\windows\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Scripts\yesno.lua

c:\windows\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Splash\PiEyeGames_logo.jpg

c:\windows\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Splash\playfirst_aol_logo.jpg

c:\windows\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Splash\playfirst_logo.jpg

c:\windows\Downloaded Program Files\Sweetopia.1.0.0.20\assets\strings.xml

c:\windows\Downloaded Program Files\Sweetopia.1.0.0.20\assets\xsellstyle.lua

c:\windows\Downloaded Program Files\Sweetopia.1.0.0.20\EULA.txt

c:\windows\Downloaded Program Files\Sweetopia.1.0.0.20\readme.htm

c:\windows\Downloaded Program Files\Sweetopia.1.0.0.20\Sweetopia.exe

c:\windows\system32\tmp.reg

 

.

((((((((((((((((((((( Filer Skapade från 2008-11-27 till 2008-12-27 ))))))))))))))))))))))))))))))))))))

.

 

2008-12-27 16:30 . 2008-12-27 17:13 250 --a------ c:\windows\gmer.ini

2008-12-26 18:56 . 2008-12-26 18:56 <KAT> d-------- c:\documents and settings\Kjell Ramén\Application Data\Malwarebytes

2008-12-26 18:55 . 2008-12-26 18:56 <KAT> d-------- c:\program\Malwarebytes' Anti-Malware

2008-12-26 18:55 . 2008-12-26 18:55 <KAT> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes

2008-12-26 18:55 . 2008-12-03 19:52 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys

2008-12-26 18:55 . 2008-12-03 19:52 15,504 --a------ c:\windows\system32\drivers\mbam.sys

2008-12-25 21:54 . 2008-12-25 22:55 <KAT> d-------- C:\Netgear

2008-12-24 23:25 . 2008-12-24 23:25 664 --a------ c:\windows\system32\d3d9caps.dat

2008-12-24 23:25 . 2008-12-24 23:25 552 --a------ c:\windows\system32\d3d8caps.dat

2008-12-22 16:12 . 2008-12-22 16:12 4,014 --a------ c:\windows\webupdat.exe

2008-12-13 14:56 . 2008-12-13 14:56 5,120 --ahs---- C:\Thumbs.db

2008-12-11 23:30 . 2008-12-11 23:30 <KAT> d-------- c:\documents and settings\NetworkService\Application Data\Xfire

2008-12-09 20:53 . 2008-12-09 20:53 30,856 --a------ c:\windows\system32\drivers\fsbts.sys

2008-12-09 18:19 . 2008-12-09 18:19 304,182 --a------ C:\Snap.bmp

2008-12-09 18:19 . 2008-12-09 18:19 152,064 --a------ c:\windows\snap.dat

2008-12-09 18:16 . 2008-12-09 18:17 31,666,200 --a------ C:\CAPTURE.AVI

2008-12-09 18:14 . 2008-12-09 18:33 130,560 --a------ C:\Snap.avi

2008-12-09 18:04 . 2008-12-09 18:04 <KAT> d-------- c:\windows\Setup2K

2008-12-09 18:04 . 2004-09-19 15:54 119,888 --a------ c:\windows\system32\drivers\SPCA561.SYS

2008-12-09 18:04 . 2002-11-22 15:56 118,784 --a------ c:\windows\ShowBmp.exe

2008-12-09 18:04 . 2003-08-05 11:41 53,248 --a------ c:\windows\ap561.exe

2008-12-09 18:04 . 2002-08-13 18:01 14,385 --a------ c:\windows\Tw561a.ini

2008-12-09 18:04 . 2004-09-19 15:53 14,336 --a------ c:\windows\system32\dshow508.ax

2008-12-09 18:04 . 2002-08-13 18:01 7,431 --a------ c:\windows\Tw561a.src

2008-12-09 18:04 . 2002-10-11 14:27 180 --a------ c:\windows\ap561.ini

2008-12-09 18:04 . 2002-03-19 14:11 81 --a------ c:\windows\Setup8a.ini

2008-12-07 13:29 . 2008-12-07 13:29 <KAT> d-------- c:\documents and settings\Kjell Ramén\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1

2008-12-07 12:22 . 2008-12-07 12:17 410,984 --a------ c:\windows\system32\deploytk.dll

2008-12-07 12:12 . 2008-12-07 12:27 <KAT> d-------- c:\documents and settings\Kjell Ramén\.SunDownloadManager

2008-12-07 12:12 . 2008-12-07 12:27 <KAT> d-------- c:\documents and settings\Kjell Ramén\.SunDownloadManager

2008-12-07 11:52 . 2008-12-20 22:51 <KAT> d-------- c:\program\NOS

2008-12-07 11:52 . 2008-12-20 22:51 <KAT> d-------- c:\documents and settings\All Users\Application Data\NOS

2008-12-07 11:47 . 2008-12-07 11:47 <KAT> d-------- c:\program\Delade filer\Apple

2008-12-07 11:46 . 2008-12-07 11:50 <KAT> d-------- c:\program\QuickTime

2008-12-07 11:42 . 2008-12-07 11:43 <KAT> d-------- c:\program\Apple Software Update

2008-12-07 11:42 . 2008-12-07 11:42 <KAT> d-------- c:\documents and settings\All Users\Application Data\Apple

2008-12-06 22:05 . 2008-12-06 22:05 <KAT> d-------- c:\program\MSXML 4.0

2008-12-06 21:40 . 2008-10-24 12:21 455,296 -----c--- c:\windows\system32\dllcache\mrxsmb.sys

2008-12-06 21:38 . 2008-09-04 18:17 1,106,944 -----c--- c:\windows\system32\dllcache\msxml3.dll

2008-12-06 21:36 . 2008-10-15 17:38 337,408 -----c--- c:\windows\system32\dllcache\netapi32.dll

2008-12-06 21:29 . 2008-09-08 11:41 333,824 -----c--- c:\windows\system32\dllcache\srv.sys

2008-12-06 21:28 . 2008-08-14 14:27 2,189,952 -----c--- c:\windows\system32\dllcache\ntoskrnl.exe

2008-12-06 21:28 . 2008-08-14 14:27 2,146,304 -----c--- c:\windows\system32\dllcache\ntkrnlmp.exe

2008-12-06 21:28 . 2008-08-14 14:27 2,066,816 -----c--- c:\windows\system32\dllcache\ntkrnlpa.exe

2008-12-06 21:28 . 2008-08-14 14:27 2,024,960 -----c--- c:\windows\system32\dllcache\ntkrpamp.exe

2008-12-06 21:26 . 2008-09-15 16:27 1,846,400 -----c--- c:\windows\system32\dllcache\win32k.sys

2008-12-06 21:15 . 2008-10-16 14:07 23,576 --a------ c:\windows\system32\wuapi.dll.mui

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-12-15 12:13 --------- d-----w c:\program\SUPERAntiSpyware

2008-12-15 05:32 --------- d-----w c:\program\Java

2008-12-14 14:23 --------- d-----w c:\program\Windows Live Safety Center

2008-12-12 10:44 --------- d-----w c:\program\Delade filer\Wise Installation Wizard

2008-12-10 19:24 --------- d-----w c:\documents and settings\All Users\Application Data\WLInstaller

2008-12-10 07:59 --------- d-----w c:\program\Google

2008-12-10 06:56 --------- d-----w c:\documents and settings\All Users\Application Data\fssg

2008-12-10 06:33 --------- d-----w c:\documents and settings\All Users\Application Data\F-Secure

2008-12-09 17:04 --------- d--h--w c:\program\InstallShield Installation Information

2008-12-07 10:46 --------- d-----w c:\documents and settings\All Users\Application Data\Apple Computer

2008-12-06 21:16 --------- d-----w c:\program\Microsoft Silverlight

2008-11-23 09:08 --------- d-----w c:\program\MSECache

2008-11-22 15:14 --------- d-----w c:\documents and settings\Kjell Ramén\Application Data\LimeWire

2008-11-17 11:43 --------- d-----w c:\program\Spybot - Search & Destroy

2008-10-23 12:43 286,720 ----a-w c:\windows\system32\gdi32.dll

2008-10-16 20:33 826,368 ----a-w c:\windows\system32\wininet.dll

2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll

2008-10-16 13:12 561,688 ----a-w c:\windows\system32\wuapi.dll

2008-10-16 13:12 323,608 ----a-w c:\windows\system32\wucltui.dll

2008-10-16 13:12 202,776 ----a-w c:\windows\system32\wuweb.dll

2008-10-16 13:09 92,696 ----a-w c:\windows\system32\cdm.dll

2008-10-16 13:09 51,224 ----a-w c:\windows\system32\wuauclt.exe

2008-10-16 13:09 43,544 ----a-w c:\windows\system32\wups2.dll

2008-10-16 13:08 34,328 ----a-w c:\windows\system32\wups.dll

2008-10-16 13:07 208,744 ----a-w c:\windows\system32\muweb.dll

2008-10-03 10:04 247,326 ----a-w c:\windows\system32\strmdll.dll

2008-09-30 15:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll

2008-06-01 18:04 0 -c--a-w c:\program\temp01

2008-06-27 14:41 32,768 -csha-w c:\windows\system32\config\systemprofile\Lokala inställningar\Tidigare\History.IE5\MSHist012008062720080628\index.dat

.

 

(((((((((((((((((((((((((((((((((((( Startpunkter i registret )))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Not* tomma poster & legitima standardposter visas inte

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"F-Secure Manager"="c:\program\Telia\Telias Sakerhetstjanster\Common\FSM32.EXE" [2008-09-23 182936]

"F-Secure TNB"="c:\program\Telia\Telias Sakerhetstjanster\FSGUI\TNBUtil.exe" [2008-09-23 957024]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

 

[HKEY_LOCAL_MACHINE\software\policies\microsoft\windows\windowsupdate\au]

"NoAutoUpdate"= 1 (0x1)

 

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program\SUPERAntiSpyware\SASSEH.DLL" [2008-09-10 77824]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

2008-12-15 13:13 352256 c:\program\SUPERAntiSpyware\SASWINLO.DLL

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start-meny^Program^Autostart^Microsoft Office.lnk]

path=c:\documents and settings\All Users\Start-meny\Program\Autostart\Microsoft Office.lnk

backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start-meny^Program^Autostart^SnapDetect.lnk]

path=c:\documents and settings\All Users\Start-meny\Program\Autostart\SnapDetect.lnk

backup=c:\windows\pss\SnapDetect.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^Kjell Ramén^Start-meny^Program^Autostart^ubisoft register.lnk]

path=c:\documents and settings\Kjell Ramén\Start-meny\Program\Autostart\ubisoft register.lnk

backup=c:\windows\pss\ubisoft register.lnkStartup

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cognac

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pro Antispyware 2009

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uniblue RegistryBooster 2

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]

--a------ 2007-03-22 14:09 63712 c:\program\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

--a--c--- 2008-01-11 22:16 39792 c:\program\Adobe\Reader 8.0\Reader\reader_sl.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeUpdater]

--a------ 2008-11-12 19:04 2356088 c:\program\Delade filer\Adobe\Updater5\AdobeUpdater.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]

--a------ 2008-04-14 17:05 15360 c:\windows\system32\ctfmon.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

--a------ 2008-09-06 15:09 413696 c:\program\QuickTime\QTTask.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\snpstd]

--a------ 2003-12-31 16:39 40960 c:\windows\vsnpstd.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]

-ra------ 2007-06-13 07:16 528384 c:\program\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]

-rahs---- 2008-09-16 11:16 1833296 c:\program\Spybot - Search & Destroy\TeaTimer.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]

--a------ 2008-12-15 13:13 1809648 c:\program\SUPERAntiSpyware\SUPERANTISPYWARE.EXE

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\USB Storage Toolbox]

--a--c--- 2005-09-14 19:44 65536 c:\program\USB Disk Win98 Driver\Res.exe

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program\\Messenger\\msmsgs.exe"=

"c:\\WINDOWS\\PCHealth\\HelpCtr\\Binaries\\helpctr.exe"=

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"25480:TCP"= 25480:TCP:*:Disabled:BitComet 25480 TCP

"25480:UDP"= 25480:UDP:*:Disabled:BitComet 25480 UDP

 

R0 FSFW;F-Secure Firewall Driver;c:\windows\system32\drivers\fsdfw.sys [2007-09-24 79904]

R1 F-Secure HIPS;F-Secure HIPS;\??\c:\program\Telia\Telias Sakerhetstjanster\HIPS\drivers\fshs.sys [2008-12-10 66720]

R1 SASDIFSV;SASDIFSV;\??\c:\program\SUPERAntiSpyware\SASDIFSV.SYS [2006-10-10 8944]

R1 SASKUTIL;SASKUTIL;\??\c:\program\SUPERAntiSpyware\SASKUTIL.sys [2007-02-27 55024]

R3 F-Secure Gatekeeper;F-Secure Gatekeeper;\??\c:\program\Telia\Telias Sakerhetstjanster\Anti-Virus\minifilter\fsgk.sys [2007-09-24 72288]

R3 FSORSPClient;F-Secure ORSP Client;"c:\program\Telia\Telias Sakerhetstjanster\ORSP Client\fsorsp.exe" [2008-12-10 55904]

S3 s816bus;Sony Ericsson Device 816 driver (WDM);c:\windows\system32\DRIVERS\s816bus.sys [2008-06-28 81832]

S3 s816mdfl;Sony Ericsson Device 816 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s816mdfl.sys [2008-06-28 13864]

S3 s816mdm;Sony Ericsson Device 816 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s816mdm.sys [2008-06-28 107304]

S3 s816mgmt;Sony Ericsson Device 816 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s816mgmt.sys [2008-06-28 99112]

S3 s816nd5;Sony Ericsson Device 816 USB Ethernet Emulation SEMCMR7 (NDIS);c:\windows\system32\DRIVERS\s816nd5.sys [2008-06-28 21928]

S3 s816obex;Sony Ericsson Device 816 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s816obex.sys [2008-06-28 97320]

S3 s816unic;Sony Ericsson Device 816 USB Ethernet Emulation SEMCMR7 (WDM);c:\windows\system32\DRIVERS\s816unic.sys [2008-06-28 97704]

S3 SASENUM;SASENUM;\??\c:\program\SUPERAntiSpyware\SASENUM.SYS [2006-02-16 4096]

S3 SDTHOOK;SDTHOOK;c:\windows\system32\DRIVERS\SDTHOOK.sys [2008-01-11 44928]

S3 ulusba;NEC 616 Command Port Driver;c:\windows\system32\DRIVERS\ulusba.sys [2007-08-20 25856]

S3 ulusbc;NEC 616 CONTROL Driver;c:\windows\system32\DRIVERS\ulusbc.sys [2007-08-20 43264]

S3 ulusbe;NEC 616 ENUMERATION Driver;c:\windows\system32\DRIVERS\ulusbe.sys [2007-08-20 12928]

S3 ulusbm;NEC 616 Modem Driver;c:\windows\system32\DRIVERS\ulusbm.sys [2007-08-20 36352]

S3 ulusbo;NEC 616 OBEX Port Driver;c:\windows\system32\DRIVERS\ulusbo.sys [2007-08-20 33920]

S4 F-Secure Filter;F-Secure File System Filter;\??\c:\program\Telia\Telias Sakerhetstjanster\Anti-Virus\Win2K\FSfilter.sys [2007-09-24 39776]

S4 F-Secure Recognizer;F-Secure File System Recognizer;\??\c:\program\Telia\Telias Sakerhetstjanster\Anti-Virus\Win2K\FSrec.sys [2007-09-24 25184]

.

Innehållet i mappen 'Schemalagda aktiviteter'

 

2008-12-23 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]

 

2008-12-27 c:\windows\Tasks\Kontrollera uppdateringar för Windows Live Toolbar.job

- c:\program\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 11:20]

 

2008-12-27 c:\windows\Tasks\Scheduled scanning task.job

- c:\program\Telia\TELIAS~1\ANTI-V~1\fsav.exe [2008-09-23 14:35]

 

2008-12-27 c:\windows\Tasks\vhnotwxb.job

- c:\windows\system32\rundll32.exe [2008-04-14 17:05]

.

- - - - FÖRÄLDRALÖSA POSTER SOM TAGITS BORT - - - -

 

MSConfigStartUp-MsnMsgr - c:\program\Windows Live\Messenger\MsnMsgr.Exe

MSConfigStartUp-SunJavaUpdateSched - c:\program\Java\jre6\bin\jusched.exe

 

 

.

------- Extra genomsökning -------

.

uStart Page = about:blank

IE: &Windows Live Search - c:\program\Windows Live Toolbar\msntb.dll/search.htm

IE: E&xportera till Microsoft Excel - c:\program\MICROS~2\Office10\EXCEL.EXE/3000

LSP: c:\program\Telia\Telias Sakerhetstjanster\FSPS\program\FSLSP.DLL

 

O16 -: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab

c:\windows\Downloaded Program Files\DirectAnimation Java Classes.osd

 

O16 -: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab

c:\windows\Downloaded Program Files\Microsoft XML Parser for Java.osd

 

c:\windows\Downloaded Program Files\IlosoftMultipleImageUpload.dll - O16 -: {19D6A3D5-EA50-4C3B-88F0-79627C325570}

hxxp://www.one.com/static/controls/IlosoftMultipleImageUpload.dll

.

 

**************************************************************************

 

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-12-27 19:35:44

Windows 5.1.2600 Service Pack 3 NTFS

 

genomsöker dolda processer ...

 

genomsöker dolda autostartpunkter ...

 

genomsöker dolda filer ...

 

genomsökningen avslutades lyckosamt

dolda filer: 0

 

**************************************************************************

.

--------------------- DLLer installerade under pågående processer ---------------------

 

- - - - - - - > 'winlogon.exe'(496)

c:\program\SUPERAntiSpyware\SASWINLO.DLL

c:\program\Telia\Telias Sakerhetstjanster\FWES\Program\fsdc32.dll

 

- - - - - - - > 'lsass.exe'(552)

c:\program\Telia\Telias Sakerhetstjanster\FSPS\program\FSLSP.DLL

c:\program\Telia\Telias Sakerhetstjanster\FWES\Program\fsdc32.dll

 

- - - - - - - > 'explorer.exe'(3476)

c:\program\Telia\Telias Sakerhetstjanster\Spam Control\fsscoepl.dll

 

- - - - - - - > 'csrss.exe'(472)

c:\program\Telia\Telias Sakerhetstjanster\FWES\Program\fsdc32.dll

.

------------------------ Andra pågående processer ------------------------

.

c:\program\Delade filer\EPSON\EBAPI\SAgent2.exe

c:\program\Telia\Telias Sakerhetstjanster\Anti-Virus\fsgk32st.exe

c:\program\Telia\Telias Sakerhetstjanster\Common\FSMA32.EXE

c:\program\Telia\Telias Sakerhetstjanster\Anti-Virus\fsgk32.exe

c:\program\Telia\Telias Sakerhetstjanster\Common\FSMB32.EXE

c:\program\Telia\Telias Sakerhetstjanster\Common\FCH32.EXE

c:\program\Telia\Telias Sakerhetstjanster\Common\FAMEH32.EXE

c:\program\Telia\Telias Sakerhetstjanster\Anti-Virus\fsqh.exe

c:\program\Telia\Telias Sakerhetstjanster\FSPC\fspc.exe

c:\program\Telia\Telias Sakerhetstjanster\FSAUA\program\fsaua.exe

c:\program\Telia\Telias Sakerhetstjanster\Anti-Virus\fssm32.exe

c:\program\Telia\Telias Sakerhetstjanster\FWES\program\fsdfwd.exe

c:\program\Telia\Telias Sakerhetstjanster\FSAUA\program\fsus.exe

c:\program\Telia\TELIAS~1\ANTI-V~1\fsav32.exe

c:\program\Telia\Telias Sakerhetstjanster\FSGUI\fsguidll.exe

.

**************************************************************************

.

Sluttid: 2008-12-27 19:48:05 - datorn startades om

ComboFix-quarantined-files.txt 2008-12-27 18:47:27

 

Före genomsökningen: 23 443 267 584 byte ledigt

Efter genomsökningen: 23,331,872,768 byte ledigt

 

489 --- E O F --- 2008-02-14 00:14:02

[/log]

 

 

Länk till kommentar
Dela på andra webbplatser

Ditt nej gjorde att återställningskonsolen inte installerades, eftersom den är bra att ha när man rensar datorn utifall att man rensar bort något viktigt så kör ComboFix igen så ska det gå bra att välja ja.

 

Länk till kommentar
Dela på andra webbplatser

Hej!

Jag provade att köra kombofix några ggr men den bara låste sig hela tiden. Nu vet jag inte vad jag skall göra. Viruset eller vad det nu är är ju kvar någonstans och datorn är väldigt underlig

 

 

Länk till kommentar
Dela på andra webbplatser

Surfa till http://www.virustotal.com (fungerar bäst med Internet Explorer) klistra in ett av följande filnamn i rutan, tryck på Skicka Fil och vänta tills resultatet är klart (Närvarande status blir genomförd). Klistra in resultatet från de olika antivirusprogrammen (inte Övrig information) här. Upprepa med nästa filnamn.

c:\windows\webupdat.exe

c:\windows\system32\drivers\fsbts.sys

C:\WINDOWS\system32\urqOIBQi.dll

 

Ta bort filen c:\windows\Tasks\vhnotwxb.job

 

Länk till kommentar
Dela på andra webbplatser

[log]

Antivirus Version Senaste Uppdatering Resultat

AhnLab-V3 - - -

AntiVir - - -

Authentium - - -

Avast - - -

AVG - - -

BitDefender - - -

CAT-QuickHeal - - -

ClamAV - - -

DrWeb - - -

eSafe - - -

eTrust-Vet - - -

Ewido - - -

F-Prot - - -

F-Secure - - -

Fortinet - - -

GData - - -

Ikarus - - -

K7AntiVirus - - -

Kaspersky - - -

McAfee - - -

McAfee+Artemis - - -

Microsoft - - -

NOD32 - - -

Norman - - -

Panda - - -

PCTools - - -

Prevx1 - - Malicious Software

Rising - - -

SecureWeb-Gateway - - -

Sophos - - -

Sunbelt - - -

Symantec - - -

TheHacker - - -

TrendMicro - - -

VBA32 - - -

ViRobot - - -

VirusBuster - - -

Övrig information

MD5: e98b0b5dfafb48b2267fab20312e0641

SHA1: adba6001c10b6f6ac9fcc15130f39d1123454354

SHA256: 279a9f90aa0e231b771dfa984e1c09cb0a5072ac4309cc4f4bd63a1f4d40b9af

SHA512: 92e61be0ff3d247b5df93f6c4142f108bbf0eea549e6fa7a4cfbd93f1c5542a14886bee12b10a55b3b4bb70c28430a39db3bebc096c9606a777c6f2a6530c1cd

 

 

 

 

 

Antivirus Version Senaste Uppdatering Resultat

AhnLab-V3 2008.11.14.3 2008.11.14 -

AntiVir 7.9.0.31 2008.11.14 -

Authentium 5.1.0.4 2008.11.14 -

Avast 4.8.1281.0 2008.11.14 -

AVG 8.0.0.199 2008.11.14 -

BitDefender 7.2 2008.11.14 -

CAT-QuickHeal 10.00 2008.11.13 -

ClamAV 0.94.1 2008.11.14 -

DrWeb 4.44.0.09170 2008.11.14 -

eSafe 7.0.17.0 2008.11.13 -

eTrust-Vet 31.6.6208 2008.11.13 -

Ewido 4.0 2008.11.14 -

F-Prot 4.4.4.56 2008.11.13 -

F-Secure 8.0.14332.0 2008.11.14 -

Fortinet 3.117.0.0 2008.11.14 -

GData 19 2008.11.14 -

Ikarus T3.1.1.45.0 2008.11.14 -

K7AntiVirus 7.10.524 2008.11.13 -

Kaspersky 7.0.0.125 2008.11.14 -

McAfee 5433 2008.11.13 -

Microsoft 1.4104 2008.11.14 -

NOD32 3613 2008.11.14 -

Norman 5.80.02 2008.11.14 -

Panda 9.0.0.4 2008.11.14 -

PCTools 4.4.2.0 2008.11.14 -

Prevx1 V2 2008.11.14 -

Rising 21.03.42.00 2008.11.14 -

SecureWeb-Gateway 6.7.6 2008.11.14 -

Sophos 4.35.0 2008.11.14 -

Sunbelt 3.1.1801.2 2008.11.14 -

Symantec 10 2008.11.14 -

TheHacker 6.3.1.1.152 2008.11.13 -

TrendMicro 8.700.0.1004 2008.11.14 -

VBA32 3.12.8.9 2008.11.14 -

ViRobot 2008.11.14.1468 2008.11.14 -

VirusBuster 4.5.11.0 2008.11.13 -

Övrig information

File size: 30856 bytes

MD5...: ed7bbc5777fd8b103fdde959caa0298c

SHA1..: 50213a2ef7ee91862be7bb421580acb73605c2b9

SHA256: 8e3ee25c4ae230cde9e4fec70c23cfabc9b9dcbe497f18030295147e86abbdb5

SHA512: 4447157e0cac5f2aa5f69c1bf7142ac49cb7b94cf95b4376bdcc9576c983b7f3

1a71a5a69ec196df476ce276c89b4e22b28f7edc8af137f078fda2df100acf6c

PEiD..: -

TrID..: File type identification

Generic Win/DOS Executable (49.9%)

DOS Executable Generic (49.8%)

Autodesk FLIC Image File (extensions: flc, fli, cel) (0.1%)

PEInfo: PE Structure information

 

( base data )

entrypointaddress.: 0x18005

timedatestamp.....: 0x48da2c66 (Wed Sep 24 12:02:46 2008)

machinetype.......: 0x14c (I386)

 

( 7 sections )

name viradd virsiz rawdsiz ntrpy md5

.text 0x1000 0x2818 0x2a00 6.18 a5926efe7daeb63bd7a7ecd47e846096

.rdata 0x4000 0x464 0x600 3.07 bce988cf22e975cb512f7dd0cf2a117f

.data 0x5000 0x5ac 0x600 6.50 598773a28a0b9bc6576c3002f6a7a563

PAGE 0x6000 0x13ac 0x1400 6.18 c7588b61ea709d0e389c6e0904aac779

INIT 0x8000 0x758 0x800 5.19 a3684c1d74cf8fd81452ca9d16ab90ab

.rsrc 0x9000 0x3e8 0x400 3.29 870343aab3d02ec284951173fb0f990b

.reloc 0xa000 0x34c 0x400 4.87 5db9a0d89f9d3c39c041c16a6a3362ca

 

( 2 imports )

> ntoskrnl.exe: IofCompleteRequest, PsRemoveLoadImageNotifyRoutine, IoDeleteDevice, IoUnregisterShutdownNotification, IoDeleteSymbolicLink, RtlInitUnicodeString, IoRegisterShutdownNotification, PsSetLoadImageNotifyRoutine, IoCreateSymbolicLink, InitSafeBootMode, ExInitializeResourceLite, ExDeleteResourceLite, ExAcquireResourceSharedLite, KeEnterCriticalRegion, ExAcquireResourceExclusiveLite, KeLeaveCriticalRegion, ExReleaseResourceLite, memcpy, ZwClose, ZwReadFile, ZwQueryInformationFile, ZwCreateFile, ExFreePoolWithTag, _snwprintf, ZwOpenKey, ZwCreateKey, ZwQueryValueKey, ZwSetValueKey, ZwEnumerateKey, ZwDeleteKey, ZwSetInformationFile, ZwOpenFile, ZwDeleteFile, memset, IoFreeMdl, MmUnlockPages, MmMapLockedPagesSpecifyCache, MmProbeAndLockPages, IoAllocateMdl, KeTickCount, KeBugCheckEx, RtlUnwind, RtlCompareUnicodeString, ExAllocatePoolWithTag, MmGetSystemRoutineAddress, ZwSetSecurityObject, ObOpenObjectByPointer, IoDeviceObjectType, IoCreateDevice, RtlGetDaclSecurityDescriptor, RtlGetSaclSecurityDescriptor, RtlGetGroupSecurityDescriptor, RtlGetOwnerSecurityDescriptor, RtlLengthSecurityDescriptor, SeCaptureSecurityDescriptor, SeExports, IoIsWdmVersionAvailable, _wcsnicmp, RtlAddAccessAllowedAce, RtlLengthSid, wcschr, RtlAbsoluteToSelfRelativeSD, RtlSetDaclSecurityDescriptor, RtlCreateSecurityDescriptor, RtlFreeUnicodeString

> HAL.dll: KeGetCurrentIrql

 

( 0 exports )

 

 

 

OBSERVERA: VirusTotal är en gratis tjänst av Hispasec Sistemas. Det är inga garantier på tillgängligheten eller uppföljandet av denna tjänst. Även fast upptäckandet av virus med användandet av flertal antivirus program är mer överlägsen användandet av endast ett, garanterar INTE dessa resultat om en fil är helt riskfri. För närvarande finns det ingen lösning som erbjuder 100% effektivitet för att uppäcka virus och malware.

 

VirusTotal © Hispasec Sistemas - Blog - Kontakt: info@virustotal.com - Terms of Service & Privacy Policy

 

 

0 bytes size received / Se ha recibido un archivo vacio

 

 

 

 

 

 

[/log]

 

hej det var jättesvårt att få det här gjort datorn låser sig hela tiden.

 

 

Länk till kommentar
Dela på andra webbplatser

Låter som att det kan vara andra problem med datorn också. Upplever du det fortfarande som att datorn är full med virus?

 

Du har skannat två filer så vitt jag förstår på virustotal-sidan, men jag bad om tre filer. Dessutom så ser det ut att vara så att filerna har skannats förut och då vore det bra om du kunde skanna dem igen och när frågan om att visa tidigare resultat eller skanna igen väljer skanna igen.

 

Länk till kommentar
Dela på andra webbplatser

[log] Version Senaste Uppdatering Resultat

a-squared 4.0.0.73 2008.12.30 -

AhnLab-V3 2008.12.31.0 2008.12.30 -

AntiVir 7.9.0.45 2008.12.30 -

Authentium 5.1.0.4 2008.12.30 -

Avast 4.8.1281.0 2008.12.30 -

AVG 8.0.0.199 2008.12.30 -

BitDefender 7.2 2008.12.30 -

CAT-QuickHeal 10.00 2008.12.30 -

ClamAV 0.94.1 2008.12.30 -

Comodo 837 2008.12.29 -

DrWeb 4.44.0.09170 2008.12.30 -

eSafe 7.0.17.0 2008.12.28 -

eTrust-Vet 31.6.6281 2008.12.29 -

Ewido 4.0 2008.12.30 -

F-Prot 4.4.4.56 2008.12.30 -

F-Secure 8.0.14470.0 2008.12.30 -

Fortinet 3.117.0.0 2008.12.30 -

GData 19 2008.12.30 -

Ikarus T3.1.1.45.0 2008.12.30 -

K7AntiVirus 7.10.571 2008.12.30 -

Kaspersky 7.0.0.125 2008.12.30 -

McAfee 5479 2008.12.30 -

McAfee+Artemis 5479 2008.12.30 -

Microsoft 1.4205 2008.12.30 -

NOD32 3724 2008.12.30 -

Norman 5.80.02 2008.12.30 -

Panda 9.0.0.4 2008.12.30 -

PCTools 4.4.2.0 2008.12.30 -

Prevx1 V2 2008.12.30 Malicious Software

Rising 21.10.12.00 2008.12.30 -

SecureWeb-Gateway 6.7.6 2008.12.30 -

Sophos 4.37.0 2008.12.30 -

Sunbelt 3.2.1809.2 2008.12.22 -

Symantec 10 2008.12.30 -

TheHacker 6.3.1.4.202 2008.12.30 -

TrendMicro 8.700.0.1004 2008.12.30 -

VBA32 3.12.8.10 2008.12.30 -

ViRobot 2008.12.30.1540 2008.12.30 -

VirusBuster 4.5.11.0 2008.12.30 -

[/log]

[log]Antivirus Version Senaste Uppdatering Resultat

a-squared 4.0.0.73 2008.12.30 -

AhnLab-V3 2008.12.31.0 2008.12.30 -

AntiVir 7.9.0.45 2008.12.30 -

Authentium 5.1.0.4 2008.12.30 -

Avast 4.8.1281.0 2008.12.30 -

AVG 8.0.0.199 2008.12.30 -

BitDefender 7.2 2008.12.30 -

CAT-QuickHeal 10.00 2008.12.30 -

ClamAV 0.94.1 2008.12.30 -

Comodo 837 2008.12.29 -

DrWeb 4.44.0.09170 2008.12.30 -

eSafe 7.0.17.0 2008.12.28 -

eTrust-Vet 31.6.6281 2008.12.29 -

Ewido 4.0 2008.12.30 -

F-Prot 4.4.4.56 2008.12.30 -

F-Secure 8.0.14470.0 2008.12.30 -

Fortinet 3.117.0.0 2008.12.30 -

GData 19 2008.12.30 -

Ikarus T3.1.1.45.0 2008.12.30 -

K7AntiVirus 7.10.571 2008.12.30 -

Kaspersky 7.0.0.125 2008.12.30 -

McAfee 5479 2008.12.30 -

McAfee+Artemis 5479 2008.12.30 -

Microsoft 1.4205 2008.12.30 -

NOD32 3724 2008.12.30 -

Norman 5.80.02 2008.12.30 -

Panda 9.0.0.4 2008.12.30 -

PCTools 4.4.2.0 2008.12.30 -

Prevx1 V2 2008.12.30 -

Rising 21.10.12.00 2008.12.30 -

SecureWeb-Gateway 6.7.6 2008.12.30 -

Sophos 4.37.0 2008.12.30 -

Sunbelt 3.2.1809.2 2008.12.22 -

Symantec 10 2008.12.30 -

TheHacker 6.3.1.4.202 2008.12.30 -

TrendMicro 8.700.0.1004 2008.12.30 -

VBA32 3.12.8.10 2008.12.30 -

ViRobot 2008.12.30.1540 2008.12.30 -

VirusBuster 4.5.11.0 2008.12.30 -

[/log]

 

0 bytes size received / Se ha recibido un archivo vacio

så här stog det när jag körde den här filen

C:\WINDOWS\system32\urqOIBQi.dll

 

 

 

 

Länk till kommentar
Dela på andra webbplatser

Om du högerklickar på c:\windows\webupdat.exe och väljer Egenskaper, går det då att knyta filen till något program eller företag?

 

Kan du hitta C:\WINDOWS\system32\urqOIBQi.dll i datorn?

 

 

Länk till kommentar
Dela på andra webbplatser

Hej!

Jag kunde inte hitta C:\WINDOWS\system32\urqOIBQi.dll i datorn. Jag gick in och kollade på c:\windows\webupdat.exe på ett ställe stod det ms dos den här filen var skapad den 22/12 lite mysko. När jag kör med malwarebytes så säger den att den inte kan ta bort ett proplem som heter trojan vundo är det ett virus eller? Tack för att du hjälper mig med datorn:thumbsup:

 

 

Länk till kommentar
Dela på andra webbplatser

Hej!

Tro det eller ej när jag körde malwerebyte så var trojan vundo inte där. Det är två trojan vundo i karantän kan det på något sätt påverkat så det har försvunnit?

Jag skulle kolla i autostarten om det var något konstigt där och då gick den inte att öppna när jag sökte på filen och då verkar det som om något lagt en del av den i karaktän. Är det något du kan hjälpa mig med?

 

 

Länk till kommentar
Dela på andra webbplatser

Har du uppdaterat MBAM idag så att den har blivit duktigare sedan igår? Eller det är kanske antivirusprogrammet som har blivit bättre?

 

Kan du klistra in MBAM-loggen från igår?

 

Länk till kommentar
Dela på andra webbplatser

Arkiverat

Det här ämnet är nu arkiverat och är stängt för ytterligare svar.

×
×
  • Skapa nytt...