Just nu i M3-nätverket
Jump to content

Behöver hjälp med Combofixlogg, tack!


dawnil

Recommended Posts

En kompis till mig var inne och surfade på existenz.se, kanske känd sida? Blev skickad vidare till en porrsida och BANG. Datorn var fullproppad av virus..

 

Läste lite kommentarer om sidan, det var fler som blivit infekterade av sidan.

Några hade fått något fejk AV som kallar sig för "Malware Defence" tror dock inte att min kompis är infekterad av det.

 

Men AVG AV free varnar om "trojan horse generic15.AZYM". Får lite varningar då och då. Vet ej om det är samma, eller om det är andra.

 

Men igårkväll sa jag åt honom att köra mbam, fick bort ca 180 infekterade filer, ska kolla på loggen snart, kan ladda upp om det behövs.

 

Men får fortfarande varningar ifrån AVG att han är infekterad.

 

Så nu håller han på att göra en skanning med Combofix, skickade länk ifrån bleepingcomputer, han döpte om till dsakheajh.exe och körde.

 

Väntar på logg.

Laddar upp när det är klart.

 

Men hoppas på hjälp, då jag inte är så insatt i combofix skulle jag bli glad om någon kunde kolla igenom loggen lite närmare :)

 

Mvh dawnilbooi ;)

 

Link to comment
Share on other sites

Skriver här istället, då de inte går att uppdatera tråden..

 

Combofixloggen här:

 

[log]ComboFix 09-12-29.06 - User 2009-12-30 22:12:00.1.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.46.1053.18.2037.1496 [GMT 1:00]

Körs från: c:\documents and settings\User\Mina dokument\Hämtade filer\ComboFix.exe

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

.

 

((((((((((((((((((((((((((((((((((((((( Andra raderingar ))))))))))))))))))))))))))))))))))))))))))))))))

.

 

c:\documents and settings\User\Application Data\SystemProc

c:\windows\Readme.txt

c:\windows\system32\pagefileconfig.vbs

 

Infekterad kopia av c:\windows\system32\DRIVERS\atapi.sys hittades och desinficerades.

Återställd kopia från - Kitty ate it :P

.

(((((((((((((((((((((((( Filer Skapade från 2009-11-28 till 2009-12-30 ))))))))))))))))))))))))))))))

.

 

2009-12-27 10:55 . 2009-12-29 21:52 118256 ----a-w- c:\windows\system32\-NO3kB_-Ekz-Qf.exe

2009-12-27 10:54 . 2009-12-30 21:23 707072 ----a-w- c:\windows\system32\drivers\gkozp.sys

2009-12-25 15:14 . 2009-12-02 13:19 15880 ----a-w- c:\windows\system32\lsdelete.exe

2009-12-25 15:12 . 2009-12-25 15:12 -------- d-----w- c:\documents and settings\LocalService\Skrivbord

2009-12-25 15:01 . 2009-12-02 13:19 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys

2009-12-25 14:59 . 2009-12-25 14:59 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{BC9FCCF7-E686-494B-8C9B-55C9A39A7CA9}

2009-12-25 14:59 . 2009-12-25 15:01 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft

2009-12-25 14:59 . 2009-12-25 14:59 -------- d-----w- c:\program\Lavasoft

2009-12-11 17:04 . 2009-12-25 14:56 -------- d-----w- c:\program\Delade filer\Symantec Shared

2009-12-06 07:54 . 2009-12-25 14:57 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton

2009-12-06 07:54 . 2009-12-06 07:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec

2009-12-06 07:54 . 2009-12-06 07:54 -------- d-----w- c:\documents and settings\All Users\Application Data\NortonInstaller

2009-12-05 20:45 . 2009-12-05 20:45 -------- d-----w- c:\program\Delade filer\DivX Shared

2009-12-05 20:45 . 2009-12-05 20:46 -------- d-----w- c:\program\DivX

2009-12-01 17:29 . 2009-02-26 12:46 147456 ----a-w- c:\windows\system32\ANIWConnService.exe

2009-12-01 17:29 . 2009-05-07 13:17 716800 ----a-w- c:\windows\system32\ANIWZCS2.dll

2009-12-01 17:29 . 2009-04-22 09:23 270336 ----a-w- c:\windows\system32\wnicapi.dll

2009-12-01 17:29 . 2009-03-05 10:12 258048 ----a-w- c:\windows\system32\wlanapp.dll

2009-12-01 17:29 . 2008-11-27 17:25 204800 ----a-w- c:\windows\system32\aIPH.dll

2009-12-01 17:29 . 2008-11-27 17:22 45115 ----a-w- c:\windows\system32\ANICtl.dll

2009-12-01 17:29 . 2008-11-27 17:20 49152 ----a-w- c:\windows\system32\AQCKGen.dll

2009-12-01 17:29 . 2005-10-27 07:55 49152 ----a-w- c:\windows\system32\JJAKEn.dll

2009-12-01 17:29 . 2005-10-19 17:19 1327189 ----a-w- c:\windows\system32\odSupp_M.dll

2009-12-01 17:28 . 2009-02-09 17:26 315392 ----a-w- c:\windows\system32\ANIOApi.dll

2009-12-01 17:28 . 2009-12-01 17:29 -------- d-----w- c:\program\ANI

2009-12-01 17:28 . 2009-02-09 17:36 48640 ----a-w- c:\windows\system32\ANIO64.sys

2009-12-01 17:28 . 2009-02-09 17:10 29411 ----a-w- c:\windows\system32\ANIO.sys

2009-12-01 17:28 . 2007-05-12 15:39 11904 ----a-w- c:\windows\system32\anio4.sys

2009-12-01 17:28 . 2009-05-18 09:31 724992 ----a-w- c:\windows\system32\ANIOWPS.dll

2009-12-01 17:28 . 2009-02-26 10:22 237568 ----a-w- c:\windows\system32\ANIWPS.exe

2009-12-01 17:28 . 2008-09-25 12:16 204800 ----a-w- c:\windows\system32\ssleay32.dll

2009-12-01 17:28 . 2008-09-25 12:15 1110016 ----a-w- c:\windows\system32\libeay32.dll

2009-12-01 17:27 . 2009-12-01 17:27 -------- d-----w- c:\program\D-Link

2009-12-01 17:27 . 2009-04-15 13:32 715520 ----a-w- c:\windows\system32\drivers\rt2870.sys

2009-12-01 17:27 . 2009-12-01 17:27 -------- d-----w- c:\documents and settings\User\Application Data\InstallShield

2009-12-01 16:27 . 2009-04-15 13:31 221184 ----a-w- c:\windows\system32\RaCoInst.dll

2009-12-01 16:27 . 2009-04-15 13:31 13931 ----a-w- c:\windows\system32\RaCoInst.dat

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-12-30 21:25 . 2009-02-22 20:06 -------- d-----w- c:\documents and settings\User\Application Data\Skype

2009-12-30 21:24 . 2009-03-08 12:32 -------- d-----w- c:\documents and settings\User\Application Data\skypePM

2009-12-30 21:22 . 2009-07-26 21:40 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP

2009-12-30 19:22 . 2009-09-01 19:56 -------- d-----w- c:\documents and settings\User\Application Data\Spotify

2009-12-30 01:31 . 2008-12-30 17:30 -------- d-----w- c:\program\uTorrent

2009-12-30 00:56 . 2008-12-30 17:30 -------- d-----w- c:\documents and settings\User\Application Data\uTorrent

2009-12-29 21:52 . 2009-01-27 15:00 -------- d-----w- c:\program\Malwarebytes' Anti-Malware

2009-12-29 14:08 . 2008-04-13 22:10 96512 ----a-w- c:\windows\system32\drivers\atapi.sys

2009-12-28 16:18 . 2009-01-13 17:57 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8

2009-12-24 20:59 . 2008-12-18 20:59 -------- d-----w- c:\program\World of Warcraft

2009-12-20 21:33 . 2009-08-25 20:12 -------- d-----w- c:\program\Google

2009-12-20 16:21 . 2009-11-04 19:20 -------- d-----w- c:\program\Softonic-Eng7

2009-12-20 16:21 . 2009-07-25 12:11 -------- d-----w- c:\program\ToggleSW

2009-12-09 18:31 . 2001-09-28 12:00 78734 ----a-w- c:\windows\system32\perfc01D.dat

2009-12-09 18:31 . 2001-09-28 12:00 434528 ----a-w- c:\windows\system32\perfh01D.dat

2009-12-04 21:27 . 2009-07-25 23:51 -------- d-----w- c:\documents and settings\User\Application Data\mIRC

2009-12-04 21:19 . 2009-07-25 23:51 -------- d-----w- c:\program\mIRC

2009-12-03 15:14 . 2009-01-27 15:00 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2009-12-03 15:13 . 2009-01-27 15:00 19160 ----a-w- c:\windows\system32\drivers\mbam.sys

2009-12-01 17:29 . 2008-12-17 18:45 -------- d--h--w- c:\program\InstallShield Installation Information

2009-12-01 17:28 . 2008-12-17 18:45 -------- d-----w- c:\program\Delade filer\InstallShield

2009-11-29 00:20 . 2008-12-26 19:03 -------- d-----w- c:\documents and settings\User\Application Data\dvdcss

2009-11-28 20:59 . 2009-11-28 20:59 -------- d-----w- c:\program\Windows Media Connect 2

2009-11-17 21:25 . 2009-01-10 11:14 -------- d-----w- c:\documents and settings\User\Application Data\LimeWire

2009-11-16 15:58 . 2009-02-22 20:06 -------- d-----r- c:\program\Skype

2009-11-16 15:58 . 2009-11-16 15:58 -------- d-----w- c:\program\Delade filer\Skype

2009-11-16 15:58 . 2009-02-22 20:06 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype

2009-11-11 10:52 . 2008-12-18 17:08 -------- d-----w- c:\program\Windows Live

2009-11-11 10:52 . 2009-11-11 10:52 -------- d-----w- c:\program\Microsoft Sync Framework

2009-11-11 10:50 . 2009-11-11 10:50 -------- d-----w- c:\program\Microsoft

2009-11-09 16:46 . 2009-11-09 16:46 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee

2009-11-07 18:18 . 2009-11-07 16:45 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS

2009-11-07 16:46 . 2009-11-07 16:46 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee Security Scan

2009-11-07 16:46 . 2009-11-07 16:46 -------- d-----w- c:\program\McAfee Security Scan

2009-11-05 14:25 . 2009-06-05 15:43 -------- d-----w- c:\program\Windows Live Safety Center

2009-11-04 19:21 . 2009-11-04 19:21 -------- d-----w- c:\program\LogMeIn Hamachi

2009-10-29 07:46 . 2008-04-14 19:34 832512 ----a-w- c:\windows\system32\wininet.dll

2009-10-29 07:46 . 2008-04-14 19:34 78336 ----a-w- c:\windows\system32\ieencode.dll

2009-10-29 07:46 . 2008-04-14 19:34 17408 ----a-w- c:\windows\system32\corpol.dll

2009-10-21 05:40 . 2008-04-14 19:34 75776 ----a-w- c:\windows\system32\strmfilt.dll

2009-10-21 05:40 . 2008-04-14 19:34 25088 ----a-w- c:\windows\system32\httpapi.dll

2009-10-20 16:20 . 2008-04-13 22:23 265728 ----a-w- c:\windows\system32\drivers\http.sys

2009-10-13 10:38 . 2008-04-14 19:34 270848 ----a-w- c:\windows\system32\oakley.dll

2009-10-12 13:40 . 2008-04-14 19:34 79872 ----a-w- c:\windows\system32\raschap.dll

2009-10-12 13:40 . 2008-04-14 19:34 150016 ----a-w- c:\windows\system32\rastls.dll

2009-10-06 20:01 . 2008-12-17 12:13 410984 ----a-w- c:\windows\system32\deploytk.dll

.

 

(((((((((((((((((((((((((((((((((( Startpunkter i registret )))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Not* Tomma poster & legitima standardposter visas inte.

REGEDIT4

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-09-02 1107200]

 

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}]

2009-12-20 16:21 2166296 ----a-w- c:\program\Softonic-Eng7\tbSof1.dll

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6dabbda0-1da5-4a2f-bc89-2ae084c572fa}]

2009-12-20 16:21 2166296 ----a-w- c:\program\ToggleSW\tbTog1.dll

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]

2009-09-02 09:58 1107200 ----a-w- c:\program\AVG\AVG8\Toolbar\IEToolbar.dll

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-09-02 1107200]

"{6dabbda0-1da5-4a2f-bc89-2ae084c572fa}"= "c:\program\ToggleSW\tbTog1.dll" [2009-12-20 2166296]

"{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}"= "c:\program\Softonic-Eng7\tbSof1.dll" [2009-12-20 2166296]

 

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

 

[HKEY_CLASSES_ROOT\clsid\{6dabbda0-1da5-4a2f-bc89-2ae084c572fa}]

 

[HKEY_CLASSES_ROOT\clsid\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}]

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-09-02 1107200]

"{6DABBDA0-1DA5-4A2F-BC89-2AE084C572FA}"= "c:\program\ToggleSW\tbTog1.dll" [2009-12-20 2166296]

"{414B6D9D-4A95-4E8D-B5B1-149DD2D93BB3}"= "c:\program\Softonic-Eng7\tbSof1.dll" [2009-12-20 2166296]

 

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

 

[HKEY_CLASSES_ROOT\clsid\{6dabbda0-1da5-4a2f-bc89-2ae084c572fa}]

 

[HKEY_CLASSES_ROOT\clsid\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}]

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"MsnMsgr"="c:\program\Windows Live\Messenger\MsnMsgr.Exe" [2009-07-26 3883840]

"Steam"="c:\program\valve\steam\steam.exe" [2009-10-25 1217808]

"MSMSGS"="c:\program\Messenger\msmsgs.exe" [2008-04-14 1695232]

"VOIPlay"="c:\program\VOIPlay\voiplay.exe" [2009-05-25 1261344]

"swg"="c:\program\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-08-25 39408]

"RegistryMechanic"="c:\program\Registry Mechanic\RegMech.exe" [2009-09-11 2836440]

"Skype"="c:\program\Skype\Phone\Skype.exe" [2009-10-09 25623336]

"AdobeUpdater"="c:\program\Delade filer\Adobe\Updater5\AdobeUpdater.exe" [2008-09-26 2356088]

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

"Shockwave Updater"="c:\windows\system32\Adobe\Shockwave 11\SwHelper_1150600.exe" [2009-06-05 468408]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-12-19 135168]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-12-19 159744]

"Persistence"="c:\windows\system32\igfxpers.exe" [2007-12-19 131072]

"RTHDCPL"="RTHDCPL.EXE" [2007-12-01 16858624]

"LifeCam"="c:\program\Microsoft LifeCam\LifeExp.exe" [2007-05-17 279912]

"VX1000"="c:\windows\vVX1000.exe" [2007-04-10 709992]

"AVG8_TRAY"="c:\program\AVG\AVG8\avgtray.exe" [2009-12-12 2043160]

"QuickTime Task"="c:\program\QuickTime\qttask.exe" [2008-11-04 413696]

"iTunesHelper"="c:\program\iTunes\iTunesHelper.exe" [2008-11-20 290088]

"Adobe Reader Speed Launcher"="c:\program\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-14 39792]

"SunJavaUpdateSched"="c:\program\Java\jre6\bin\jusched.exe" [2009-10-06 148888]

"ANIWZCS2Service"="c:\program\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2009-05-07 98304]

"D-Link D-Link Wireless N DWA-140"="c:\program\D-Link\DWA-140 revB\AirNCFG.exe" [2009-05-07 1683456]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

 

c:\documents and settings\User\Start-meny\Program\AutostartCurseClientStartup.ccip [2009-12-13 0]

OpenOffice.org 3.1.lnk - c:\program\OpenOffice.org 3\program\quickstart.exe [2009-4-16 384000]

 

c:\documents and settings\All Users\Start-meny\Program\AutostartMcAfee Security Scan.lnk - c:\program\McAfee Security Scan\1.0.150\SSScheduler.exe [2009-7-28 199184]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]

2009-08-17 07:36 11952 ----a-w- c:\windows\system32\avgrsstx.dll

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

@="Service"

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program\\Valve\\Steam\\SteamApps\\fjex\\counter-strike\\hl.exe"=

"c:\\Program\\Valve\\hl.exe"=

"c:\\Program\\Java\\jre6\\bin\\javaw.exe"=

"c:\\Program\\uTorrent\\uTorrent.exe"=

"c:\\Program\\Microsoft LifeCam\\LifeCam.exe"=

"c:\\Program\\Microsoft LifeCam\\LifeExp.exe"=

"c:\\Program\\Valve\\Steam\\SteamApps\\alexborg96\\counter-strike\\hl.exe"=

"c:\\Program\\Valve\\Steam\\SteamApps\\fjex\\condition zero\\hl.exe"=

"c:\\Program\\LimeWire\\LimeWire.exe"=

"c:\\Program\\AVG\\AVG8\\avgemc.exe"=

"c:\\Program\\AVG\\AVG8\\avgupd.exe"=

"c:\\Program\\Bonjour\\mDNSResponder.exe"=

"c:\\Program\\iTunes\\iTunes.exe"=

"c:\\Program\\Valve\\Steam\\SteamApps\\alexanderblomqvist\\counter-strike\\hl.exe"=

"c:\\Program\\Valve\\Steam\\SteamApps\\w0zz0\\condition zero\\hl.exe"=

"c:\\Program\\Valve\\Steam\\SteamApps\\w0zz0\\counter-strike\\hl.exe"=

"c:\\Program\\Valve\\Steam\\SteamApps\\w0zz0\\day of defeat source\\hl2.exe"=

"c:\\Program\\Mozilla Firefox\\firefox.exe"=

"c:\\Program\\World of Warcraft\\Launcher.exe"=

"c:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"=

"c:\\Program\\World of Warcraft\\BackgroundDownloader.exe"=

"c:\\Program\\Valve\\Steam\\SteamApps\\fjex\\day of defeat\\hl.exe"=

"c:\\Program\\Valve\\Steam\\SteamApps\\w0zz0\\day of defeat\\hl.exe"=

"c:\\Documents and Settings\\User\\Skrivbord\\Age of Empires 2\\empires2.exe"=

"c:\\Program\\World of Warcraft\\WoW-3.1.1.9835-to-3.1.2.9901-enGB-downloader.exe"=

"c:\\Program\\mIRC\\mirc.exe"=

"c:\\Program\\MessengerDiscovery 2\\MessengerDiscovery 2.exe"=

"c:\\Program\\World of Warcraft\\WoW-3.1.3.9947-to-3.2.0.10192-enGB-downloader.exe"=

"c:\\WINDOWS\\system32\\rtcshare.exe"=

"c:\\Program\\Spotify\\spotify.exe"=

"c:\\Program\\World of Warcraft\\WoW-3.2.0.10192-to-3.2.0.10314-enGB-downloader.exe"=

"c:\\Program\\Java\\jre6\\bin\\java.exe"=

"c:\\Program\\TeamViewer\\Version4\\TeamViewer.exe"=

"c:\\Program\\World of Warcraft\\WoW-3.2.0.10314-to-3.2.2.10482-enGB-downloader.exe"=

"c:\\Program\\World of Warcraft\\WoW-3.2.2.10482-to-3.2.2.10505-enGB-downloader.exe"=

"c:\\Program\\World of Warcraft\\WoW-3.2.0-enGB-downloader.exe"=

"c:\\Program\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program\\Windows Live\\Sync\\WindowsLiveSync.exe"=

"c:\\Program\\Skype\\Plugin Manager\\skypePM.exe"=

"c:\\Program\\Valve\\Steam\\SteamApps\\common\\left 4 dead 2 demo\\left4dead2.exe"=

"c:\\Program\\Valve\\Steam\\SteamApps\\izaak\\counter-strike\\hl.exe"=

"c:\\Documents and Settings\\User\\Lokala inställningar\\Apps\\2.0\\PM4QOW44.LLT\\4BGNHWBJ.89L\\curs..tion_eee711038731a406_0004.0000_1332b9f434841748\\CurseClient.exe"=

"c:\\Program\\Skype\\Phone\\Skype.exe"=

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724

 

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-12-25 64288]

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-01-13 335240]

R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-01-13 108552]

R2 ANIWConnService;ANIWConn Service;c:\windows\system32\ANIWConnService.exe [2009-12-01 147456]

R2 avg8emc;AVG Free8 E-mail Scanner;c:\program\AVG\AVG8\avgemc.exe [2009-01-13 908056]

R2 avg8wd;AVG Free8 WatchDog;c:\program\AVG\AVG8\avgwdsvc.exe [2009-01-13 297752]

R2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;c:\program\LogMeIn Hamachi\hamachi-2.exe [2009-10-29 1074568]

R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program\Lavasoft\Ad-Aware\AAWService.exe [2009-12-02 1181328]

R3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\windows\system32\drivers\ScreamingBAudio.sys [2009-03-27 23064]

S2 gupdate1ca25c07c218300;Tjänsten Google Update (gupdate1ca25c07c218300);c:\program\Google\Update\GoogleUpdate.exe [2009-08-25 133104]

S3 rt2870;D-Link 802.11n USB Wireless LAN Card Driver;c:\windows\system32\drivers\rt2870.sys [2009-12-01 715520]

 

--- Övriga tjänster/drivrutiner i minnet ---

 

*Deregistered* - gkozp

.

Innehållet i mappen 'Schemalagda aktiviteter':

 

2009-12-30 c:\windows\Tasks\Ad-Aware Update (Daily 1).job

- c:\program\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-12-02 15:01]

 

2009-12-30 c:\windows\Tasks\Ad-Aware Update (Daily 2).job

- c:\program\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-12-02 15:01]

 

2009-12-30 c:\windows\Tasks\Ad-Aware Update (Daily 3).job

- c:\program\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-12-02 15:01]

 

2009-12-30 c:\windows\Tasks\Ad-Aware Update (Daily 4).job

- c:\program\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-12-02 15:01]

 

2009-12-30 c:\windows\Tasks\Ad-Aware Update (Weekly).job

- c:\program\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-12-02 15:01]

 

2009-12-25 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

 

2009-12-30 c:\windows\Tasks\Google Software Updater.job

- c:\program\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-08-25 20:12]

 

2009-12-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program\Google\Update\GoogleUpdate.exe [2009-08-25 20:13]

 

2009-12-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program\Google\Update\GoogleUpdate.exe [2009-08-25 20:13]

 

2009-12-30 c:\windows\Tasks\WGASetup.job

- c:\windows\system32\KB905474\wgasetup.exe [2009-04-22 20:18]

.

.

------- Extra genomsökning -------

.

uStart Page = hxxp://www.shareware-sw.com/sv/index.php?rvs=hompag

mStart Page = hxxp://www.shareware-sw.com/sv/index.php?rvs=hompag

uInternet Settings,ProxyOverride = *.local

IE: &Search

FF - ProfilePath - c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\9tljuk0t.defaultFF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2405280&SearchSource=3&q={searchTerms}

FF - prefs.js: browser.search.selectedEngine - MyWebSearch

FF - prefs.js: browser.startup.homepage - hxxp://bilddagboken.se/p/frontpage.html

FF - prefs.js: keyword.URL - hxxp://www.mywebsearch.com/jsp/cfg_redir2.jsp?id=ZP&fl=0&ptb=XJydt7VB9WTP35O2byJtbg&url=http://search.mywebsearch.com/mywebsearch/dft_redir.jhtml&st=kwd&searchfor=

FF - component: c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\9tljuk0t.default\extensions\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}\components\FFExternalAlert.dll

FF - component: c:\program\Mozilla Firefox\extensions\{1dd72830-9694-2f4d-0534-7bda816f5d1c}\components\2C-8MLt90pOR.dll

FF - component: c:\program\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll

FF - plugin: c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\9tljuk0t.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp071101000055.dll

FF - plugin: c:\program\DivX\DivX Plus Web Player\npdivx32.dll

FF - plugin: c:\program\Google\Google Earth\plugin\npgeplugin.dll

FF - plugin: c:\program\Google\Google Updater\2.4.1691.8062\npCIDetect13.dll

FF - plugin: c:\program\Google\Update\1.2.183.13\npGoogleOneClick8.dll

FF - plugin: c:\program\Windows Live\Photo Gallery\NPWLPG.dll

FF - plugin: c:\program\VOIPlay\npvoiplay.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension

---- FIREFOX POLICY ----

c:\program\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".se");

.

- - - - FÖRÄLDRALÖSA POSTER SOM TAGITS BORT - - - -

 

URLSearchHooks-*{6dabbda0-1da5-4a2f-bc89-2ae084c572fa} - (no file)

URLSearchHooks-*{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - (no file)

AddRemove-Fraps - c:\fraps\uninstall.exe

 

 

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-12-30 22:24

Windows 5.1.2600 Service Pack 3 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

 

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\gkozp]

 

.

--------------------- DLLer som "laddats" under processer som körs ---------------------

 

- - - - - - - > 'explorer.exe'(840)

c:\program\VOIPlay\hud_hook_2060.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Andra processer som körs ------------------------

.

c:\program\Google\Update\1.2.183.13\GoogleCrashHandler.exe

c:\windows\system32\igfxsrvc.exe

c:\windows\RTHDCPL.EXE

c:\windows\Microsoft.NET\Framework\v2.0.50727\dfsvc.exe

c:\program\OpenOffice.org 3\program\soffice.exe

c:\program\OpenOffice.org 3\program\soffice.bin

c:\program\MessengerDiscovery 2\MessengerDiscovery 2.exe

c:\program\ANI\ANIWZCS2 Service\ANIWZCSdS.exe

c:\program\Delade filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

c:\program\Bonjour\mDNSResponder.exe

c:\program\AVG\AVG8\avgrsx.exe

c:\program\AVG\AVG8\avgnsx.exe

c:\program\Java\jre6\bin\jqs.exe

c:\program\Skype\Plugin Manager\skypePM.exe

c:\program\Microsoft LifeCam\MSCamS32.exe

c:\program\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

c:\program\AVG\AVG8\avgcsrvx.exe

c:\program\iPod\bin\iPodService.exe

c:\windows\system32\wbem\unsecapp.exe

c:\windows\system32\wscntfy.exe

c:\program\Java\jre6\bin\jucheck.exe

c:\program\Lavasoft\Ad-Aware\AAWTray.exe

.

**************************************************************************

.

Sluttid: 2009-12-30 22:31:40 - datorn startades om.

ComboFix-quarantined-files.txt 2009-12-30 21:31

 

Före genomsökningen: 49 000 771 584 byte ledigt

Efter genomsökningen: 53 573 451 776 byte ledigt

 

WindowsXP-KB310994-SP2-Pro-BootDisk-SVE.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

 

- - End Of File - - 2F77B71F456BBBA9D732E6F83A74D6A8

[/log]

 

Link to comment
Share on other sites

Hej! ComboFix är körd på fel sätt,den skall ligga på skrivbordet och antivirusprogrammet skall stängas av för att det inte skall bli fel!!

 

Surfa till http://www.virustotal.com (fungerar bäst med Internet Explorer) klistra in ett av följande filnamn i rutan,

 

c:\windows\system32\-NO3kB_-Ekz-Qf.exe

c:\windows\system32\drivers\gkozp.sys

tryck på Skicka Fil och vänta tills resultatet är klart (Närvarande status blir genomförd). Klistra in resultatet från de olika antivirusprogrammen (inte Övrig information) här. Upprepa med nästa filnamn

 

Mvh Laston

 

Link to comment
Share on other sites

Jag sa åt honom att lägga det på skrivbordet och avaktivera AVG :o

 

Väntar på att han laddar upp filerna.

 

Tack för svar ;p

 

 

På filen c:\windows\system32\-NO3kB_-Ekz-Qf.exe är det enda resultat han får Jiangmin 13.0.900 2009.12.30 "TrojanDownloader.Swizzor.nat"

 

söker igenom andra nu.

[inlägget ändrat 2009-12-30 23:27:35 av dawnil]

Link to comment
Share on other sites

Posta gärna loggan från malwarebytes med och det skadar inte att uppdatera till den nya versionen som släpptes ikväll o skanna igen!

 

Mvh Laston

 

Link to comment
Share on other sites

[log]Malwarebytes' Anti-Malware 1.42

Databasversion: 3452

Windows 5.1.2600 Service Pack 3

Internet Explorer 7.0.5730.13

 

2009-12-30 02:29:01

mbam-log-2009-12-30 (02-29-00).txt

 

Skanningstyp: Fullständig skanning (C:\|)

Antal skannade objekt: 216283

Förfluten tid: 3 hour(s), 29 minute(s), 17 second(s)

 

Infekterade minnesprocesser: 1

Infekterade minnesmoduler: 6

Infekterade registernycklar: 145

Infekterade registervärden: 12

Infekterade registerdataposter: 1

Infekterade mappar: 21

Infekterade filer: 189

 

Infekterade minnesprocesser:

C:\Program\MyWebSearch\bar\4.bin\MWSOEMON.EXE (Adware.MyWebSearch) -> Unloaded process successfully.

 

Infekterade minnesmoduler:

C:\Program\Windows Live\Messenger\msimg32.dll (Adware.MyWebSearch) -> Delete on reboot.

C:\Program\MyWebSearch\bar\firefox\NPMYWEBS.DLL (Adware.MyWebSearch) -> Delete on reboot.

C:\Program\MyWebSearch\bar\4.bin\M3PLUGIN.DLL (Adware.MyWebSearch) -> Delete on reboot.

C:\Program\MyWebSearch\bar\4.bin\MWSBAR.DLL (Adware.MyWebSearch) -> Delete on reboot.

C:\Program\MyWebSearch\bar\4.bin\F3HTMLMU.DLL (Adware.MyWebSearch) -> Delete on reboot.

C:\Program\MyWebSearch\bar\4.bin\F3POPSWT.DLL (Adware.MyWebSearch) -> Delete on reboot.

 

Infekterade registernycklar:

HKEY_CLASSES_ROOT\TypeLib\{07b18ea0-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{07b18eaa-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{07b18eac-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{f87d7fb5-9dc5-4c8c-b998-d8dfe02e2978} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{07b18ea1-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea1-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{07b18ea1-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{53ced2d0-5e9a-4761-9005-648404e6f7e5} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\funwebproducts.datacontrol (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\TypeLib\{c8cecde3-1ae1-4c4a-ad82-6d5b00212144} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{17de5e5e-bfe3-4e83-8e1f-8755795359ec} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{1f52a5fa-a705-4415-b975-88503b291728} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{a626cdbd-3d13-4f78-b819-440a28d7e8fc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{25560540-9571-4d7b-9389-0f166788785a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{25560540-9571-4d7b-9389-0f166788785a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\funwebproducts.datacontrol.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\funwebproducts.historykillerscheduler (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\TypeLib\{8ca01f0e-987c-49c3-b852-2f1ac4a7094c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{1093995a-ba37-41d2-836e-091067c4ad17} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{120927bf-1700-43bc-810f-fab92549b390} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{247a115f-06c2-4fb3-967d-2d62d3cf4f0a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{3e53e2cb-86db-4a4a-8bd9-ffeb7a64df82} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{90449521-d834-4703-bb4e-d3aa44042ff8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{991aac62-b100-47ce-8b75-253965244f69} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{bbabdc90-f3d5-4801-863a-ee6ae529862d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{d6ff3684-ad3b-48eb-bbb4-b9e6c5a355c1} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{eb9e5c1c-b1f9-4c2b-be8a-27d6446fdaf8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{0f8ecf4f-3646-4c3a-8881-8e138ffcaf70} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{b813095c-81c0-4e40-aa14-67520372b987} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{c9d7be3e-141a-4c85-8cd6-32461f3df2c7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{cff4ce82-3aa2-451f-9b77-7165605fb835} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\funwebproducts.historykillerscheduler.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\funwebproducts.historyswattercontrolbar (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\funwebproducts.historyswattercontrolbar.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\funwebproducts.htmlmenu (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\TypeLib\{e47caee0-deea-464a-9326-3f2801535a4d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{3e1656ed-f60e-4597-b6aa-b6a58e171495} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{741de825-a6f0-4497-9aa6-8023cf9b0fff} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{98d9753d-d73b-42d5-8c85-4469cda897ab} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{98d9753d-d73b-42d5-8c85-4469cda897ab} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\funwebproducts.htmlmenu.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\funwebproducts.htmlmenu.2 (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\funwebproducts.iecookiesmanager (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\funwebproducts.iecookiesmanager.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\funwebproducts.killerobjmanager (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\funwebproducts.killerobjmanager.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\funwebproducts.popswatterbarbutton (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\TypeLib\{8e6f1830-9607-4440-8530-13be7c4b1d14} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{63d0ed2b-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{63d0ed2d-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{63d0ed2c-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{63d0ed2c-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{8e6f1832-9607-4440-8530-13be7c4b1d14} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{a9571378-68a1-443d-b082-284f960c6d17} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\funwebproducts.popswatterbarbutton.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\funwebproducts.popswattersettingscontrol (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\funwebproducts.popswattersettingscontrol.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\mywebsearch.chatsessionplugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\TypeLib\{e79dfbc0-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{72ee7f04-15bd-4845-a005-d6711144d86a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{e79dfbc9-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{e79dfbcb-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{e79dfbca-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{e79dfbca-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\mywebsearch.chatsessionplugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\mywebsearch.htmlpanel (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\TypeLib\{3e720450-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{3e720451-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{3e720453-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{3e720452-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3e720452-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\mywebsearch.htmlpanel.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\mywebsearch.outlookaddin (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{adb01e81-3c79-4272-a0f1-7b2be7a782dc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\mywebsearch.outlookaddin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\mywebsearch.pseudotransparentplugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\TypeLib\{7473d290-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{7473d291-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{7473d293-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{7473d295-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{7473d297-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{7473d292-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{7473d294-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7473d294-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{7473d296-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\mywebsearch.pseudotransparentplugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\mywebsearchtoolbar.settingsplugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\mywebsearchtoolbar.settingsplugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\mywebsearchtoolbar.toolbarplugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\mywebsearchtoolbar.toolbarplugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\screensavercontrol.screensaverinstaller (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\TypeLib\{29d67d3c-509a-4544-903f-c8c1b8236554} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{2e3537fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{2e9937fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{938aa51a-996c-4884-98ce-80dd16a5c9da} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\screensavercontrol.screensaverinstaller.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{6e74766c-4d93-4cc0-96d1-47b8e07ff9ca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{cf54be1c-9359-4395-8533-1657cf209cfe} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{de38c398-b328-4f4c-a3ad-1b5e4ed93477} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{e342af55-b78a-4cd0-a2bb-da7f52d9d25e} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{e342af55-b78a-4cd0-a2bb-da7f52d9d25f} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{00a6faf6-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{1e0de227-5ce4-4ea3-ab0c-8b03e1aa76bc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{84da4fdf-a1cf-4195-8688-3e961f505983} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{d9fffb27-d62a-4d64-8cec-1ff006528805} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\TypeLib\{0d26bc71-a633-4e71-ad31-eadc3a1b6a3a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Typelib\{d518921a-4a03-425e-9873-b9a71756821e} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Typelib\{f42228fb-e84e-479e-b922-fbbd096e792c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59c7fc09-1c83-4648-b3e6-003d2bbc7481} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68af847f-6e91-45dd-9b68-d6a12c30e5d7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170b96c-28d4-4626-8358-27e6caeef907} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{d1a71fa0-ff48-48dd-9b6d-7a13a3e42127} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ddb1968e-ead6-40fd-8dae-ff14757f60c7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{f138d901-86f0-4383-99b6-9cdd406036da} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\LEO0WTUNO7 (Trojan.FakeAlert) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Outlook\Addins\MyWebSearch.OutlookAddin (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Word\Addins\MyWebSearch.OutlookAddin (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyWebSearch bar Uninstall (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\net (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\AppDataLow\HavingFunOnline (Adware.BHO.FL) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\J8RPLTROBQ (Trojan.FakeAlert) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{77d99ee5-b233-fa10-67f6-28e944a2f2b7} (Adware.BHO) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{77d99ee5-b233-fa10-67f6-28e944a2f2b7} (Adware.BHO) -> Quarantined and deleted successfully.

 

Infekterade registervärden:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\{00a6faf6-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\rthdbpl (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\MenuExt\&Search\(default) (Adware.Hotbar) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Media\WMSDK\Sources\f3popularscreensavers (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform\funwebproducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\my web search bar search scope monitor (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mywebsearch email plugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mywebsearch email plugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\richtx64.exe (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\j8rpltrobq (Trojan.FakeAlert) -> Quarantined and deleted successfully.

 

Infekterade registerdataposter:

HKEY_CLASSES_ROOT\regfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: ("regedit.exe" "%1") Good: (regedit.exe "%1") -> Quarantined and deleted successfully.

 

Infekterade mappar:

C:\Program\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Program\FunWebProducts\ScreenSaver (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Program\FunWebProducts\ScreenSaver\Images (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Program\FunWebProducts\Shared (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Program\FunWebProducts\Shared\Cache (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Program\MyWebSearch (Adware.MyWebSearch) -> Delete on reboot.

C:\Program\MyWebSearch\bar (Adware.MyWebSearch) -> Delete on reboot.

C:\Program\MyWebSearch\bar\2.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Program\MyWebSearch\bar\4.bin (Adware.MyWebSearch) -> Delete on reboot.

C:\Program\MyWebSearch\bar\Avatar (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Program\MyWebSearch\bar\Cache (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Program\MyWebSearch\bar\firefox (Adware.MyWebSearch) -> Delete on reboot.

C:\Program\MyWebSearch\bar\firefox\chrome (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Program\MyWebSearch\bar\Game (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Program\MyWebSearch\bar\History (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Program\MyWebSearch\bar\icons (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Program\MyWebSearch\bar\Message (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Program\MyWebSearch\bar\Message\COMMON (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Program\MyWebSearch\bar\Notifier (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Program\MyWebSearch\bar\Settings (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Program\MyWebSearch\bar\setups (Adware.MyWebSearch) -> Quarantined and deleted successfully.

 

Infekterade filer:

C:\Program\MyWebSearch\bar\4.bin\F3HKSTUB.DLL (Adware.MyWebSearch) -> Delete on reboot.

C:\Program\MyWebSearch\bar\4.bin\MWSOESTB.DLL (Adware.MyWebSearch) -> Delete on reboot.

C:\Program\MyWebSearch\bar\4.bin\M3SRCHMN.EXE (Adware.MyWebSearch) -> Delete on reboot.

C:\Program\Windows Live\Messenger\msimg32.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Program\MyWebSearch\bar\4.bin\MWSOEMON.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Program\MyWebSearch\bar\firefox\NPMYWEBS.DLL (Adware.MyWebSearch) -> Delete on reboot.

C:\Program\MyWebSearch\bar\4.bin\M3PLUGIN.DLL (Adware.MyWebSearch) -> Delete on reboot.

C:\Program\MyWebSearch\bar\4.bin\MWSBAR.DLL (Adware.MyWebSearch) -> Delete on reboot.

C:\Program\MyWebSearch\bar\4.bin\F3DTACTL.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Program\MyWebSearch\bar\4.bin\F3HISTSW.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Program\MyWebSearch\bar\4.bin\F3HTMLMU.DLL (Adware.MyWebSearch) -> Delete on reboot.

C:\Program\MyWebSearch\bar\4.bin\F3POPSWT.DLL (Adware.MyWebSearch) -> Delete on reboot.

C:\Program\MyWebSearch\bar\4.bin\M3MSG.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Program\MyWebSearch\bar\4.bin\M3HTML.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Program\MyWebSearch\bar\4.bin\M3OUTLCN.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Program\MyWebSearch\bar\4.bin\M3SKIN.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Program\MyWebSearch\bar\4.bin\F3SCRCTR.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Program\MyWebSearch\bar\4.bin\MWSSRCAS.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Program\MyWebSearch\bar\4.bin\F3CJPEG.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Program\MyWebSearch\bar\4.bin\F3HTTPCT.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Program\MyWebSearch\bar\4.bin\F3REPROX.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Program\MyWebSearch\bar\4.bin\MWSOEPLG.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Documents and Settings\User\Lokala inställningar\Temp\Setup.tmp (Adware.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\User\Lokala inställningar\Temp\oaecwrnsxm.tmp (Trojan.Dropper) -> Quarantined and deleted successfully.

C:\Documents and Settings\User\Mina dokument\Hämtade filer\MyWebFaceSetup2.3.50.56_2.GRfox000.exe (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Program\MyWebSearch\bar\2.bin\NPMYWEBS.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Program\MyWebSearch\bar\4.bin\F3PSSAVR.SCR (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Program\MyWebSearch\bar\4.bin\F3REGHK.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Program\MyWebSearch\bar\4.bin\F3RESTUB.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Program\MyWebSearch\bar\4.bin\M3AUXSTB.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Program\MyWebSearch\bar\4.bin\M3DLGHK.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Program\MyWebSearch\bar\4.bin\M3HIGHIN.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Program\MyWebSearch\bar\4.bin\M3IDLE.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Program\MyWebSearch\bar\4.bin\M3IMPIPE.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Program\MyWebSearch\bar\4.bin\M3MEDINT.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Program\MyWebSearch\bar\4.bin\M3SKPLAY.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Program\MyWebSearch\bar\4.bin\M3SLSRCH.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Program\MyWebSearch\bar\4.bin\MWSSVC.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Program\Windows Live\Messenger\riched20.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{3B1857B3-B66E-416D-8DDA-FAA2E34724A5}\RP338\A0153967.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{3B1857B3-B66E-416D-8DDA-FAA2E34724A5}\RP338\A0153968.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{3B1857B3-B66E-416D-8DDA-FAA2E34724A5}\RP338\A0153969.scr (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{3B1857B3-B66E-416D-8DDA-FAA2E34724A5}\RP338\A0153970.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{3B1857B3-B66E-416D-8DDA-FAA2E34724A5}\RP338\A0153978.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{3B1857B3-B66E-416D-8DDA-FAA2E34724A5}\RP338\A0153981.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{3B1857B3-B66E-416D-8DDA-FAA2E34724A5}\RP338\A0153985.SCR (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{3B1857B3-B66E-416D-8DDA-FAA2E34724A5}\RP338\A0153986.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{3B1857B3-B66E-416D-8DDA-FAA2E34724A5}\RP338\A0153988.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{3B1857B3-B66E-416D-8DDA-FAA2E34724A5}\RP338\A0153993.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{3B1857B3-B66E-416D-8DDA-FAA2E34724A5}\RP338\A0153994.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{3B1857B3-B66E-416D-8DDA-FAA2E34724A5}\RP338\A0153995.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{3B1857B3-B66E-416D-8DDA-FAA2E34724A5}\RP338\A0153996.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{3B1857B3-B66E-416D-8DDA-FAA2E34724A5}\RP338\A0153997.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{3B1857B3-B66E-416D-8DDA-FAA2E34724A5}\RP338\A0153998.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{3B1857B3-B66E-416D-8DDA-FAA2E34724A5}\RP338\A0153999.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{3B1857B3-B66E-416D-8DDA-FAA2E34724A5}\RP338\A0154000.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{3B1857B3-B66E-416D-8DDA-FAA2E34724A5}\RP338\A0154001.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{3B1857B3-B66E-416D-8DDA-FAA2E34724A5}\RP338\A0154002.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{3B1857B3-B66E-416D-8DDA-FAA2E34724A5}\RP338\A0154003.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{3B1857B3-B66E-416D-8DDA-FAA2E34724A5}\RP338\A0154004.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{3B1857B3-B66E-416D-8DDA-FAA2E34724A5}\RP338\A0154005.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{3B1857B3-B66E-416D-8DDA-FAA2E34724A5}\RP338\A0154006.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{3B1857B3-B66E-416D-8DDA-FAA2E34724A5}\RP338\A0154007.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{3B1857B3-B66E-416D-8DDA-FAA2E34724A5}\RP338\A0154008.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{3B1857B3-B66E-416D-8DDA-FAA2E34724A5}\RP338\A0153992.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{3B1857B3-B66E-416D-8DDA-FAA2E34724A5}\RP338\A0154009.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{3B1857B3-B66E-416D-8DDA-FAA2E34724A5}\RP338\A0154977.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{3B1857B3-B66E-416D-8DDA-FAA2E34724A5}\RP338\A0154995.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{3B1857B3-B66E-416D-8DDA-FAA2E34724A5}\RP338\A0154010.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{3B1857B3-B66E-416D-8DDA-FAA2E34724A5}\RP338\A0154011.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{3B1857B3-B66E-416D-8DDA-FAA2E34724A5}\RP338\A0154012.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{3B1857B3-B66E-416D-8DDA-FAA2E34724A5}\RP338\A0154013.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{3B1857B3-B66E-416D-8DDA-FAA2E34724A5}\RP338\A0154967.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{3B1857B3-B66E-416D-8DDA-FAA2E34724A5}\RP338\A0154968.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{3B1857B3-B66E-416D-8DDA-FAA2E34724A5}\RP338\A0154969.scr (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{3B1857B3-B66E-416D-8DDA-FAA2E34724A5}\RP338\A0154978.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{3B1857B3-B66E-416D-8DDA-FAA2E34724A5}\RP338\A0154981.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{3B1857B3-B66E-416D-8DDA-FAA2E34724A5}\RP338\A0154985.SCR (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{3B1857B3-B66E-416D-8DDA-FAA2E34724A5}\RP338\A0154986.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{3B1857B3-B66E-416D-8DDA-FAA2E34724A5}\RP338\A0154988.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{3B1857B3-B66E-416D-8DDA-FAA2E34724A5}\RP338\A0154992.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{3B1857B3-B66E-416D-8DDA-FAA2E34724A5}\RP338\A0154993.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{3B1857B3-B66E-416D-8DDA-FAA2E34724A5}\RP338\A0154994.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{3B1857B3-B66E-416D-8DDA-FAA2E34724A5}\RP338\A0154996.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{3B1857B3-B66E-416D-8DDA-FAA2E34724A5}\RP338\A0154997.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{3B1857B3-B66E-416D-8DDA-FAA2E34724A5}\RP338\A0154998.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{3B1857B3-B66E-416D-8DDA-FAA2E34724A5}\RP338\A0154999.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{3B1857B3-B66E-416D-8DDA-FAA2E34724A5}\RP338\A0155000.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{3B1857B3-B66E-416D-8DDA-FAA2E34724A5}\RP338\A0155001.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{3B1857B3-B66E-416D-8DDA-FAA2E34724A5}\RP338\A0155002.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{3B1857B3-B66E-416D-8DDA-FAA2E34724A5}\RP338\A0155003.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{3B1857B3-B66E-416D-8DDA-FAA2E34724A5}\RP338\A0155004.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{3B1857B3-B66E-416D-8DDA-FAA2E34724A5}\RP338\A0155005.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{3B1857B3-B66E-416D-8DDA-FAA2E34724A5}\RP338\A0155006.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{3B1857B3-B66E-416D-8DDA-FAA2E34724A5}\RP338\A0155007.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{3B1857B3-B66E-416D-8DDA-FAA2E34724A5}\RP338\A0155008.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{3B1857B3-B66E-416D-8DDA-FAA2E34724A5}\RP338\A0155009.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{3B1857B3-B66E-416D-8DDA-FAA2E34724A5}\RP338\A0155010.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{3B1857B3-B66E-416D-8DDA-FAA2E34724A5}\RP338\A0155011.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{3B1857B3-B66E-416D-8DDA-FAA2E34724A5}\RP338\A0155178.exe (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{3B1857B3-B66E-416D-8DDA-FAA2E34724A5}\RP341\A0158289.exe (Adware.AdRotator) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\f3PSSavr.scr (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\drivers\gkozp.sys (Rootkit.Agent) -> Delete on reboot.

C:\Program\FunWebProducts\Shared\Cache\CursorManiaBtn.html (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Program\FunWebProducts\Shared\Cache\SmileyCentralBtn.html (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Program\FunWebProducts\Shared\Cache\WebfettiBtn-new.html (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Program\FunWebProducts\Shared\Cache\WebfettiBtn.html (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Program\MyWebSearch\bar\2.bin\M3FFXTBR.JAR (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Program\MyWebSearch\bar\2.bin\M3FFXTBR.MANIFEST (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Program\MyWebSearch\bar\2.bin\M3NTSTBR.JAR (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Program\MyWebSearch\bar\2.bin\M3NTSTBR.MANIFEST (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Program\MyWebSearch\bar\4.bin\F3BKGERR.JPG (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Program\MyWebSearch\bar\4.bin\F3SCHMON.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Program\MyWebSearch\bar\4.bin\F3SPACER.WMV (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Program\MyWebSearch\bar\4.bin\F3WALLPP.DAT (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Program\MyWebSearch\bar\4.bin\F3WPHOOK.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Program\MyWebSearch\bar\4.bin\FWPBUDDY.PNG (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Program\MyWebSearch\bar\Avatar\COMMON.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Program\MyWebSearch\bar\Cache\0003ED7E (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Program\MyWebSearch\bar\Cache\0005A550 (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Program\MyWebSearch\bar\Cache\0005B4D0 (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Program\MyWebSearch\bar\Cache\0005BAEB (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Program\MyWebSearch\bar\Cache\0016B1E0.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Program\MyWebSearch\bar\Cache\0016C0A5.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Program\MyWebSearch\bar\Cache\0039B725.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Program\MyWebSearch\bar\Cache\0039C399.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Program\MyWebSearch\bar\Cache\0039C4B2 (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Program\MyWebSearch\bar\Cache\02E1858A.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Program\MyWebSearch\bar\Cache\02E1879E.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Program\MyWebSearch\bar\Cache\02E189B1.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Program\MyWebSearch\bar\Cache\02E18BB4.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Program\MyWebSearch\bar\Cache\02E18D6A.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Program\MyWebSearch\bar\Cache\02E18FAC.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Program\MyWebSearch\bar\Cache\files.ini (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Program\MyWebSearch\bar\firefox\CHROME.MANIFEST (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Program\MyWebSearch\bar\firefox\INSTALL.RDF (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Program\MyWebSearch\bar\firefox\chrome\M3FFXTBR.JAR (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Program\MyWebSearch\bar\Game\CHECKERS.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Program\MyWebSearch\bar\Game\CHESS.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Program\MyWebSearch\bar\Game\REVERSI.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Program\MyWebSearch\bar\History\search3 (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Program\MyWebSearch\bar\icons\CM.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Program\MyWebSearch\bar\icons\MFC.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Program\MyWebSearch\bar\icons\PSS.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Program\MyWebSearch\bar\icons\SMILEY.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Program\MyWebSearch\bar\icons\WB.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Program\MyWebSearch\bar\icons\ZWINKY.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Program\MyWebSearch\bar\Message\COMMON.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Program\MyWebSearch\bar\Message\COMMON\ask_logo.gif (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Program\MyWebSearch\bar\Message\COMMON\autoup.gif (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Program\MyWebSearch\bar\Message\COMMON\autoup.htm (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Program\MyWebSearch\bar\Message\COMMON\center.htm (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Program\MyWebSearch\bar\Message\COMMON\index.htm (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Program\MyWebSearch\bar\Message\COMMON\logo_ZJ.png (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Program\MyWebSearch\bar\Message\COMMON\logo_ZR.png (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Program\MyWebSearch\bar\Message\COMMON\mid_dots.gif (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Program\MyWebSearch\bar\Message\COMMON\mws_logo.gif (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Program\MyWebSearch\bar\Message\COMMON\protect.htm (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Program\MyWebSearch\bar\Message\COMMON\rebbtnbg.png (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Program\MyWebSearch\bar\Message\COMMON\rebbtnn1.png (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Program\MyWebSearch\bar\Message\COMMON\rebbtnn2.png (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Program\MyWebSearch\bar\Message\COMMON\rebbtny1.png (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Program\MyWebSearch\bar\Message\COMMON\rebbtny2.png (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Program\MyWebSearch\bar\Message\COMMON\rebclose.png (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Program\MyWebSearch\bar\Message\COMMON\rebut.htm (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Program\MyWebSearch\bar\Message\COMMON\rebut2.htm (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Program\MyWebSearch\bar\Message\COMMON\reb_bg.png (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Program\MyWebSearch\bar\Message\COMMON\shocked.gif (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Program\MyWebSearch\bar\Message\COMMON\stop.gif (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Program\MyWebSearch\bar\Message\COMMON\systray.htm (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Program\MyWebSearch\bar\Message\COMMON\systrayp.htm (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Program\MyWebSearch\bar\Message\COMMON\tp_grad.gif (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Program\MyWebSearch\bar\Message\COMMON\warn.gif (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Program\MyWebSearch\bar\Notifier\COMMON.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Program\MyWebSearch\bar\Notifier\DOG.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Program\MyWebSearch\bar\Notifier\FISH.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Program\MyWebSearch\bar\Notifier\KUNGFU.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Program\MyWebSearch\bar\Notifier\LIFEGARD.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Program\MyWebSearch\bar\Notifier\MAID.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Program\MyWebSearch\bar\Notifier\MAILBOX.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Program\MyWebSearch\bar\Notifier\OPERA.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Program\MyWebSearch\bar\Notifier\ROBOT.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Program\MyWebSearch\bar\Notifier\SEDUCT.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Program\MyWebSearch\bar\Notifier\SURFER.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Program\MyWebSearch\bar\Settings\prevcfg2.htm (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Program\MyWebSearch\bar\Settings\s_pid.dat (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\WINDOWS\Tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\WINDOWS\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\e1I18-.dll (Adware.BHO) -> Quarantined and deleted successfully.

[/log]

 

Galet o.o

 

Han gjorde en ny genomsökning, eller halva, och hittade då inget.

 

Link to comment
Share on other sites

Ok jag väntar på skanningen av dessa filer men vi får fortsätta im för jag tar natt nu,posta loggarna när du är färdig så jag kan kolla!

 

Mvh Laston

 

Link to comment
Share on other sites

Okej, ha en bra natts sömn. Tack för hjälpen :)

 

 

Det verkar som att han vägrar söka igenom dom där filerna.

Han säger att han installerar om datorn om det är mer problem.

 

Men jag tycker att min dator blivit lite seg under senaste månaderna.

 

Skannat med Nod32 för ca 1 månad sen. AVG 9.0 free, för typ 1 vecka sen, och Mbam för 1 vecka sen.

 

Hittar inget, men jag förstår inte varför det tar 4 sekunder att trycka upp den här datorn ibland?

 

Har ca 500 gb filmer, spel och program, men det borde inte påverka prestandan..?

 

CPU-anv. pendlar mellan 0-5%, alla spel flyter på galant. Använder 500 mb ram, har 3 gb.

 

Inga konstiga processer som tar speciellt mycket, och inga krävande filmredigeringsprogram eller dyligt.

 

Vet inte om jag ska testa combofix, kanske lite onödigt ifall jag inte hittar något annat?

 

Jaja, låter dig se över det hela :)

 

Återigen, tack för allt ;)

[inlägget ändrat 2009-12-31 01:07:52 av dawnil]

Link to comment
Share on other sites

Hej! Ok men detta ska han inte behöva installera om datorn för,dessa 2 filer ska vi kunna fixa ändå!Se till att ComboFix flyttas till skrivbordet!!

 

Har ca 500 gb filmer, spel och program, men det borde inte påverka prestandan..?

 

Jovisst blir datorn segare ju mer du har sparat på hårddisken:)

Kör inte combo utan posta isånafall en DDS logga så kan vi titta om det kan finnas anledning till rensning men det är inte troligt som du beskriver det!

 

Mvh Laston

 

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.



×
×
  • Create New...