Just nu i M3-nätverket
Jump to content

Två "problem"


Sosso

Recommended Posts

Hejsan..

har två problem....

 

Det började med att de ploppade upp en massa rutor på min sambos dator från XP Antimalware (inte registrerade version) Den visade att det skulle finnas 31 infekterade filer osv.. Blockerade Explorer & Firefox osv..

 

Installerade Malwarebytes' Anti Malware.. den sökte och hittade över 300...

Tog bort, startade om, och sökte igen, Då visade det noll..

Är "faran" över då??

Förutom att AVG Free har börjat med licens nummer och prövotiden har gått ut..

Någon som vet om/hur man kan få ett nytt??

 

skickar med loggen så att någon som förstår sej kanske kan ta en titt..??

 

MVH

//Sofia.

[log]Malwarebytes' Anti-Malware 1.44

Databasversion: 3909

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

 

2010-03-24 20:15:23

mbam-log-2010-03-24 (20-15-04).txt

 

Skanningstyp: Snabb skanning

Antal skannade objekt: 128917

Förfluten tid: 10 minute(s), 17 second(s)

 

Infekterade minnesprocesser: 1

Infekterade minnesmoduler: 1

Infekterade registernycklar: 25

Infekterade registervärden: 5

Infekterade registerdataposter: 9

Infekterade mappar: 4

Infekterade filer: 259

 

Infekterade minnesprocesser:

C:\Documents and Settings\Langen\Application Data\svhost.exe (Backdoor.Bot) -> No action taken.

 

Infekterade minnesmoduler:

C:\Program\Windows Live\Messenger\msimg32.dll (Adware.MyWebSearch) -> No action taken.

 

Infekterade registernycklar:

HKEY_CLASSES_ROOT\Interface\{2e9937fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> No action taken.

HKEY_CLASSES_ROOT\Interface\{741de825-a6f0-4497-9aa6-8023cf9b0fff} (Adware.MyWebSearch) -> No action taken.

HKEY_CLASSES_ROOT\Interface\{cf54be1c-9359-4395-8533-1657cf209cfe} (Adware.MyWebSearch) -> No action taken.

HKEY_CLASSES_ROOT\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239} (Adware.MyWebSearch) -> No action taken.

HKEY_CLASSES_ROOT\Typelib\{d518921a-4a03-425e-9873-b9a71756821e} (Adware.MyWebSearch) -> No action taken.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> No action taken.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> No action taken.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea1-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> No action taken.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> No action taken.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> No action taken.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> No action taken.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) -> No action taken.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59c7fc09-1c83-4648-b3e6-003d2bbc7481} (Adware.MyWebSearch) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68af847f-6e91-45dd-9b68-d6a12c30e5d7} (Adware.MyWebSearch) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170b96c-28d4-4626-8358-27e6caeef907} (Adware.MyWebSearch) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{d1a71fa0-ff48-48dd-9b6d-7a13a3e42127} (Adware.MyWebSearch) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ddb1968e-ead6-40fd-8dae-ff14757f60c7} (Adware.MyWebSearch) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{f138d901-86f0-4383-99b6-9cdd406036da} (Adware.MyWebSearch) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> No action taken.

HKEY_CURRENT_USER\SOFTWARE\RegTool (Rogue.RegTool) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWebSearch) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\RegTool (Rogue.RegTool) -> No action taken.

 

Infekterade registervärden:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\windows service host (Backdoor.Bot) -> No action taken.

HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\windows service host (Backdoor.Bot) -> No action taken.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\regtool (Rogue.RegTool) -> No action taken.

HKEY_CLASSES_ROOT\.exe\shell\open\command\(default) (Hijack.ExeFile) -> No action taken.

HKEY_CLASSES_ROOT\secfile\shell\open\command\(default) (Rogue.MultipleAV) -> No action taken.

 

Infekterade registerdataposter:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Backdoor.Bot) -> Data: c:\documents and settings\langen\application data\svhost.exe -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Documents and Settings\Langen\Lokala inställningar\Application Data\ave.exe" /START "C:\Program\Mozilla Firefox\firefox.exe") Good: (firefox.exe) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Documents and Settings\Langen\Lokala inställningar\Application Data\ave.exe" /START "C:\Program\Internet Explorer\iexplore.exe") Good: (iexplore.exe) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Documents and Settings\Langen\Lokala inställningar\Application Data\ave.exe" /START "C:\Program\Mozilla Firefox\firefox.exe" -safe-mode) Good: (firefox.exe -safe-mode) -> No action taken.

HKEY_CLASSES_ROOT\.exe\(default) (Hijacked.exeFile) -> Bad: (secfile) Good: (exefile) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Hijack.Userinit) -> Bad: (C:\WINDOWS\system32\userinit.exe,C:\Documents and Settings\Langen\Application Data\svhost.exe) Good: (Userinit.exe) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.

 

Infekterade mappar:

C:\Documents and Settings\Langen\Application Data\RegTool (Rogue.RegTool) -> No action taken.

C:\Documents and Settings\Langen\Application Data\RegTool\Logs (Rogue.RegTool) -> No action taken.

C:\Documents and Settings\Langen\Application Data\RegTool\QuarantineW (Rogue.RegTool) -> No action taken.

C:\Documents and Settings\Langen\Application Data\RegTool\QuarantineW\2009-02-16 18-28-400 (Rogue.RegTool) -> No action taken.

 

Infekterade filer:

C:\Documents and Settings\Langen\Application Data\svhost.exe (Backdoor.Bot) -> No action taken.

C:\Program\Windows Live\Messenger\msimg32.dll (Adware.MyWebSearch) -> No action taken.

C:\Documents and Settings\Langen\Application Data\RegTool\resultsw.db (Rogue.RegTool) -> No action taken.

C:\Documents and Settings\Langen\Application Data\RegTool\Logs\2009-02-16 18-27-130.log (Rogue.RegTool) -> No action taken.

C:\Documents and Settings\Langen\Application Data\RegTool\Logs\2009-02-19 20-41-290.log (Rogue.RegTool) -> No action taken.

C:\Documents and Settings\Langen\Application Data\RegTool\Logs\2009-02-20 12-00-000.log (Rogue.RegTool) -> No action taken.

C:\Documents and Settings\Langen\Application Data\RegTool\Logs\2009-02-20 12-00-001.log (Rogue.RegTool) -> No action taken.

C:\Documents and Settings\Langen\Application Data\RegTool\QuarantineW\2009-02-16 18-28-400\filelist.db (Rogue.RegTool) -> No action taken.

C:\Documents and Settings\Langen\Application Data\RegTool\QuarantineW\2009-02-16 18-28-400\regb-0.db (Rogue.RegTool) -> No action taken.

C:\Documents and Settings\Langen\Application Data\RegTool\QuarantineW\2009-02-16 18-28-400\regb-1.db (Rogue.RegTool) -> No action taken.

C:\Documents and Settings\Langen\Application Data\RegTool\QuarantineW\2009-02-16 18-28-400\regb-10.db (Rogue.RegTool) -> No action taken.

C:\Documents and Settings\Langen\Application Data\RegTool\QuarantineW\2009-02-16 18-28-400\regb-100.db (Rogue.RegTool) -> No action taken.

C:\Documents and Settings\Langen\Application Data\RegTool\QuarantineW\2009-02-16 18-28-400\regb-101.db (Rogue.RegTool) -> No action taken.

C:\Documents and Settings\Langen\Application Data\RegTool\QuarantineW\2009-02-16 18-28-400\regb-102.db (Rogue.RegTool) -> No action taken.

C:\Documents and Settings\Langen\Application Data\RegTool\QuarantineW\2009-02-16 18-28-400\regb-103.db (Rogue.RegTool) -> No action taken.

C:\Documents and Settings\Langen\Application Data\RegTool\QuarantineW\2009-02-16 18-28-400\regb-104.db (Rogue.RegTool) -> No action taken.

C:\Documents and Settings\Langen\Application Data\RegTool\QuarantineW\2009-02-16 18-28-400\regb-105.db (Rogue.RegTool) -> No action taken.

C:\Documents and Settings\Langen\Application Data\RegTool\QuarantineW\2009-02-16 18-28-400\regb-106.db (Rogue.RegTool) -> No action taken.

C:\Documents and Settings\Langen\Application Data\RegTool\QuarantineW\2009-02-16 18-28-400\regb-107.db (Rogue.RegTool) -> No action taken.

C:\Documents and Settings\Langen\Application Data\RegTool\QuarantineW\2009-02-16 18-28-400\regb-108.db (Rogue.RegTool) -> No action taken.

C:\Documents and Settings\Langen\Application Data\RegTool\QuarantineW\2009-02-16 18-28-400\regb-109.db (Rogue.RegTool) -> No action taken.

C:\Documents and Settings\Langen\Application Data\RegTool\QuarantineW\2009-02-16 18-28-400\regb-11.db (Rogue.RegTool) -> No action taken.

C:\Documents and Settings\Langen\Application Data\RegTool\QuarantineW\2009-02-16 18-28-400\regb-110.db (Rogue.RegTool) -> No action taken.

C:\Documents and Settings\Langen\Application Data\RegTool\QuarantineW\2009-02-16 18-28-400\regb-111.db (Rogue.RegTool) -> No action taken.

C:\Documents and Settings\Langen\Application Data\RegTool\QuarantineW\2009-02-16 18-28-400\regb-112.db (Rogue.RegTool) -> No action taken.

C:\Documents and Settings\Langen\Application Data\RegTool\QuarantineW\2009-02-16 18-28-400\regb-113.db (Rogue.RegTool) -> No action taken.

C:\Documents and Settings\Langen\Application Data\RegTool\QuarantineW\2009-02-16 18-28-400\regb-114.db (Rogue.RegTool) -> No action taken.

C:\Documents and Settings\Langen\Application Data\RegTool\QuarantineW\2009-02-16 18-28-400\regb-115.db (Rogue.RegTool) -> No action taken.

C:\Documents and Settings\Langen\Application Data\RegTool\QuarantineW\2009-02-16 18-28-400\regb-116.db (Rogue.RegTool) -> No action taken.

C:\Documents and Settings\Langen\Application Data\RegTool\QuarantineW\2009-02-16 18-28-400\regb-117.db (Rogue.RegTool) -> No action taken.

C:\Documents and Settings\Langen\Application Data\RegTool\QuarantineW\2009-02-16 18-28-400\regb-118.db (Rogue.RegTool) -> No action taken.

C:\Documents and Settings\Langen\Application Data\RegTool\QuarantineW\2009-02-16 18-28-400\regb-119.db (Rogue.RegTool) -> No action taken.

C:\Documents and Settings\Langen\Application Data\RegTool\QuarantineW\2009-02-16 18-28-400\regb-12.db (Rogue.RegTool) -> No action taken.

C:\Documents and Settings\Langen\Application Data\RegTool\QuarantineW\2009-02-16 18-28-400\regb-120.db (Rogue.RegTool) -> No action taken.

C:\Documents and Settings\Langen\Application Data\RegTool\QuarantineW\2009-02-16 18-28-400\regb-121.db (Rogue.RegTool) -> No action taken.

C:\Documents and Settings\Langen\Application Data\RegTool\QuarantineW\2009-02-16 18-28-400\regb-122.db (Rogue.RegTool) -> No action taken.

C:\Documents and Settings\Langen\Application Data\RegTool\QuarantineW\2009-02-16 18-28-400\regb-123.db (Rogue.RegTool) -> No action taken.

C:\Documents and Settings\Langen\Application Data\RegTool\QuarantineW\2009-02-16 18-28-400\regb-124.db (Rogue.RegTool) -> No action taken.

C:\Documents and Settings\Langen\Application Data\RegTool\QuarantineW\2009-02-16 18-28-400\regb-125.db (Rogue.RegTool) -> No action taken.

C:\Documents and Settings\Langen\Application Data\RegTool\QuarantineW\2009-02-16 18-28-400\regb-126.db (Rogue.RegTool) -> No action taken.

C:\Documents and Settings\Langen\Application Data\RegTool\QuarantineW\2009-02-16 18-28-400\regb-127.db (Rogue.RegTool) -> No action taken.

C:\Documents and Settings\Langen\Application Data\RegTool\QuarantineW\2009-02-16 18-28-400\regb-128.db (Rogue.RegTool) -> No action taken.

C:\Documents and Settings\Langen\Application Data\RegTool\QuarantineW\2009-02-16 18-28-400\regb-129.db (Rogue.RegTool) -> No action taken.

C:\Documents and Settings\Langen\Application Data\RegTool\QuarantineW\2009-02-16 18-28-400\regb-13.db (Rogue.RegTool) -> No action taken.

C:\Documents and Settings\Langen\Application Data\RegTool\QuarantineW\2009-02-16 18-28-400\regb-130.db (Rogue.RegTool) -> No action taken.

C:\Documents and Settings\Langen\Application Data\RegTool\QuarantineW\2009-02-16 18-28-400\regb-131.db (Rogue.RegTool) -> No action taken.

C:\Documents and Settings\Langen\Application Data\RegTool\QuarantineW\2009-02-16 18-28-400\regb-132.db (Rogue.RegTool) -> No action taken.

C:\Documents and Settings\Langen\Application Data\RegTool\QuarantineW\2009-02-16 18-28-400\regb-133.db (Rogue.RegTool) -> No action taken.

C:\Documents and Settings\Langen\Application Data\RegTool\QuarantineW\2009-02-16 18-28-400\regb-134.db (Rogue.RegTool) -> No action taken.

C:\Documents and Settings\Langen\Application Data\RegTool\QuarantineW\2009-02-16 18-28-400\regb-135.db (Rogue.RegTool) -> No action taken.

C:\Documents and Settings\Langen\Application Data\RegTool\QuarantineW\2009-02-16 18-28-400\regb-136.db (Rogue.RegTool) -> No action taken.

C:\Documents and Settings\Langen\Application Data\RegTool\QuarantineW\2009-02-16 18-28-400\regb-137.db (Rogue.RegTool) -> No action taken.

C:\Documents and Settings\Langen\Application Data\RegTool\QuarantineW\2009-02-16 18-28-400\regb-138.db (Rogue.RegTool) -> No action taken.

C:\Documents and Settings\Langen\Application Data\RegTool\QuarantineW\2009-02-16 18-28-400\regb-139.db (Rogue.RegTool) -> No action taken.

C:\Documents and Settings\Langen\Application Data\RegTool\QuarantineW\2009-02-16 18-28-400\regb-14.db (Rogue.RegTool) -> No action taken.

C:\Documents and Settings\Langen\Application Data\RegTool\QuarantineW\2009-02-16 18-28-400\regb-140.db (Rogue.RegTool) -> No action taken.

C:\Documents and Settings\Langen\Application Data\RegTool\QuarantineW\2009-02-16 18-28-400\regb-141.db (Rogue.RegTool) -> No action taken.

C:\Documents and Settings\Langen\Application Data\RegTool\QuarantineW\2009-02-16 18-28-400\regb-142.db (Rogue.RegTool) -> No action taken.

C:\Documents and Settings\Langen\Application Data\RegTool\QuarantineW\2009-02-16 18-28-400\regb-143.db (Rogue.RegTool) -> No action taken.

C:\Documents and Settings\Langen\Application Data\RegTool\QuarantineW\2009-02-16 18-28-400\regb-144.db (Rogue.RegTool) -> No action taken.

C:\Documents and Settings\Langen\Application Data\RegTool\QuarantineW\2009-02-16 18-28-400\regb-145.db (Rogue.RegTool) -> No action taken.

C:\Documents and Settings\Langen\Application Data\RegTool\QuarantineW\2009-02-16 18-28-400\regb-146.db (Rogue.RegTool) -> No action taken.

C:\Documents and Settings\Langen\Application Data\RegTool\QuarantineW\2009-02-16 18-28-400\regb-147.db (Rogue.RegTool) -> No action taken.

C:\Documents and Settings\Langen\Application Data\RegTool\QuarantineW\2009-02-16 18-28-400\regb-148.db (Rogue.RegTool) -> No action taken.

C:\Documents and Settings\Langen\Application Data\RegTool\QuarantineW\2009-02-16 18-28-400\regb-149.db (Rogue.RegTool) -> No action taken.

C:\Documents and Settings\Langen\Application Data\RegTool\QuarantineW\2009-02-16 18-28-400\regb-15.db (Rogue.RegTool) -> No action taken.

C:\Documents and Settings\Langen\Application Data\RegTool\QuarantineW\2009-02-16 18-28-400\regb-150.db (Rogue.RegTool) -> No action taken.

C:\Documents and Settings\Langen\Application Data\RegTool\QuarantineW\2009-02-16 18-28-400\regb-151.db (Rogue.RegTool) -> No action taken.

C:\Documents and Settings\Langen\Application Data\RegTool\QuarantineW\2009-02-16 18-28-400\regb-152.db (Rogue.RegTool) -> No action taken.

C:\Documents and Settings\Langen\Application Data\RegTool\QuarantineW\2009-02-16 18-28-400\regb-153.db (Rogue.RegTool) -> No action taken.

C:\Documents and Settings\Langen\Application Data\RegTool\QuarantineW\2009-02-16 18-28-400\regb-154.db (Rogue.RegTool) -> No action taken.

C:\Documents and Settings\Langen\Application Data\RegTool\QuarantineW\2009-02-16 18-28-400\regb-155.db (Rogue.RegTool) -> No action taken.

C:\Documents and Settings\Langen\Application Data\RegTool\QuarantineW\2009-02-16 18-28-400\regb-156.db (Rogue.RegTool) -> No action taken.

C:\Documents and Settings\Langen\Application Data\RegTool\QuarantineW\2009-02-16 18-28-400\regb-157.db (Rogue.RegTool) -> No action taken.

C:\Documents and Settings\Langen\Application Data\RegTool\QuarantineW\2009-02-16 18-28-400\regb-158.db (Rogue.RegTool) -> No action taken.

C:\Documents and Settings\Langen\Application Data\RegTool\QuarantineW\2009-02-16 18-28-400\regb-159.db (Rogue.RegTool) -> No action taken.

C:\Documents and Settings\Langen\Application Data\RegTool\QuarantineW\2009-02-16 18-28-400\regb-16.db (Rogue.RegTool) -> No action taken.

C:\Documents and Settings\Langen\Application Data\RegTool\QuarantineW\2009-02-16 18-28-400\regb-160.db (Rogue.RegTool) -> No action taken.

C:\Documents and Settings\Langen\Application Data\RegTool\QuarantineW\2009-02-16 18-28-400\regb-161.db (Rogue.RegTool) -> No action taken.

C:\Documents and Settings\Langen\Application Data\RegTool\QuarantineW\2009-02-16 18-28-400\regb-162.db (Rogue.RegTool) -> No action taken.

C:\Documents and Settings\Langen\Application Data\RegTool\QuarantineW\2009-02-16 18-28-400\regb-163.db (Rogue.RegTool) -> No action taken.

C:\Documents and Settings\Langen\Application Data\RegTool\QuarantineW\2009-02-16 18-28-400\regb-164.db (Rogue.RegTool) -> No action taken.

C:\Documents and Settings\Langen\Application Data\RegTool\QuarantineW\2009-02-16 18-28-400\regb-165.db (Rogue.RegTool) -> No action taken.

C:\Documents and Settings\Langen\Application Data\RegTool\QuarantineW\2009-02-16 18-28-400\regb-166.db (Rogue.RegTool) -> No action taken.

C:\Documents and Settings\Langen\Application Data\RegTool\QuarantineW\2009-02-16 18-28-400\regb-167.db (Rogue.RegTool) -> No action taken.

C:\Documents and Settings\Langen\Application Data\RegTool\QuarantineW\2009-02-16 18-28-400\regb-168.db (Rogue.RegTool) -> No action taken.

C:\Documents and Settings\Langen\Application Data\RegTool\QuarantineW\2009-02-16 18-28-400\regb-169.db (Rogue.RegTool) -> No action taken.

C:\Documents and Settings\Langen\Application Data\RegTool\QuarantineW\2009-02-16 18-28-400\regb-17.db (Rogue.RegTool) -> No action taken.

C:\Documents and Settings\Langen\Application Data\RegTool\QuarantineW\2009-02-16 18-28-400\regb-170.db (Rogue.RegTool) -> No action taken.

C:\Documents and Settings\Langen\Application Data\RegTool\QuarantineW\2009-02-16 18-28-400\regb-171.db (Rogue.RegTool) -> No action taken.

C:\Documents and Settings\Langen\Application Data\RegTool\QuarantineW\2009-02-16 18-28-400\regb-172.db (Rogue.RegTool) -> No action taken.

C:\Documents and Settings\Langen\Application Data\RegTool\QuarantineW\2009-02-16 18-28-400\regb-173.db (Rogue.RegTool) -> No action taken.

C:\Documents and Settings\Langen\Application Data\RegTool\QuarantineW\2009-02-16 18-28-400\regb-174.db (Rogue.RegTool) -> No action taken.

C:\Documents and Settings\Langen\Application Data\RegTool\QuarantineW\2009-02-16 18-28-400\regb-175.db (Rogue.RegTool) -> No action taken.

C:\Documents and Settings\Langen\Application Data\RegTool\QuarantineW\2009-02-16 18-28-400\regb-176.db (Rogue.RegTool) -> No action taken.

C:\Documents and Settings\Langen\Application Data\RegTool\QuarantineW\2009-02-16 18-28-400\regb-177.db (Rogue.RegTool) -> No action taken.

C:\Documents and Settings\Langen\Application Data\RegTool\QuarantineW\2009-02-16 18-28-400\regb-178.db (Rogue.RegTool) -> No action taken.

C:\Documents and Settings\Langen\Application Data\RegTool\QuarantineW\2009-02-16 18-28-400\regb-179.db (Rogue.RegTool) -> No action taken.

C:\Documents and Settings\Langen\Application Data\RegTool\QuarantineW\2009-02-16 18-28-400\regb-18.db (Rogue.RegTool) -> No action taken.

C:\Documents and Settings\Langen\Application Data\RegTool\QuarantineW\2009-02-16 18-28-400\regb-180.db (Rogue.RegTool) -> No action taken.

C:\Documents and Settings\Langen\Application Data\RegTool\QuarantineW\2009-02-16 18-28-400\regb-181.db (Rogue.RegTool) -> No action taken.

C:\Documents and Settings\Langen\Application Data\RegTool\QuarantineW\2009-02-16 18-28-400\regb-182.db (Rogue.RegTool) -> No action taken.

C:\Documents and Settings\Langen\Application Data\RegTool\QuarantineW\2009-02-16 18-28-400\regb-183.db (Rogue.RegTool) -> No action taken.

C:\Documents and Settings\Langen\Application Data\RegTool\QuarantineW\2009-02-16 18-28-400\regb-184.db (Rogue.RegTool) -> No action taken.

C:\Documents and Settings\Langen\Application Data\RegTool\QuarantineW\2009-02-16 18-28-400\regb-185.db (Rogue.RegTool) -> No action taken.

C:\Documents and Settings\Langen\Application Data\RegTool\QuarantineW\2009-02-16 18-28-400\regb-186.db (Rogue.RegTool) -> No action taken.

C:\Documents and Settings\Langen\Application Data\RegTool\QuarantineW\2009-02-16 18-28-400\regb-187.db (Rogue.RegTool) -> No action taken.

C:\Documents and Settings\Langen\Application Data\RegTool\QuarantineW\2009-02-16 18-28-400\regb-188.db (Rogue.RegTool) -> No action taken.

C:\Documents and Settings\Langen\Application Data\RegTool\QuarantineW\2009-02-16 18-28-400\regb-189.db (Rogue.RegTool) -> No action taken.

C:\Documents and Settings\Langen\Application Data\RegTool\QuarantineW\2009-02-16 18-28-400\regb-19.db (Rogue.RegTool) -> No action taken.

C:\Documents and Settings\Langen\Application Data\RegTool\QuarantineW\2009-02-16 18-28-400\regb-190.db (Rogue.RegTool) -> No action taken.

C:\Documents and Settings\Langen\Application Data\RegTool\QuarantineW\2009-02-16 18-28-400\regb-191.db (Rogue.RegTool) -> No action taken.

C:\Documents and Settings\Langen\Application Data\RegTool\QuarantineW\2009-02-16 18-28-400\regb-192.db (Rogue.RegTool) -> No action taken.

C:\Documents and Settings\Langen\Application Data\RegTool\QuarantineW\2009-02-16 18-28-400\regb-193.db (Rogue.RegTool) -> No action taken.

C:\Documents and Settings\Langen\Application Data\RegTool\QuarantineW\2009-02-16 18-28-400\regb-194.db (Rogue.RegTool) -> No action taken.

C:\Documents and Settings\Langen\Application Data\RegTool\QuarantineW\2009-02-16 18-28-400\regb-195.db (Rogue.RegTool) -> No action taken.

C:\Documents and Settings\Langen\Application Data\RegTool\QuarantineW\2009-02-16 18-28-400\regb-196.db (Rogue.RegTool) -> No action taken.

C:\Documents and Settings\Langen\Application Data\RegTool\QuarantineW\2009-02-16 18-28-400\regb-197.db (Rogue.RegTool) -> No action taken.

C:\Documents and Settings\Langen\Application Data\RegTool\QuarantineW\2009-02-16 18-28-400\regb-198.db (Rogue.RegTool) -> No action taken.

C:\Documents and Settings\Langen\Application Data\RegTool\QuarantineW\2009-02-16 18-28-400\regb-199.db (Rogue.RegTool) -> No action taken.

C:\Documents and Settings\Langen\Application Data\RegTool\QuarantineW\2009-02-16 18-28-400\regb-2.db (Rogue.RegTool) -> No action taken.

C:\Documents and Settings\Langen\Application Data\RegTool\QuarantineW\2009-02-16 18-28-400\regb-20.db (Rogue.RegTool) -> No action taken.

C:\Documents and Settings\Langen\Application Data\RegTool\QuarantineW\2009-02-16 18-28-400\regb-200.db (Rogue.RegTool) -> No action taken.

C:\Documents and Settings\Langen\Application Data\RegTool\QuarantineW\2009-02-16 18-28-400\regb-201.db (Rogue.RegTool) -> No action taken.

C:\Documents and Settings\Langen\Application Data\RegTool\QuarantineW\2009-02-16 18-28-400\regb-202.db (Rogue.RegTool) -> No action taken.

C:\Documents and Settings\Langen\Application Data\RegTool\QuarantineW\2009-02-16 18-28-400\regb-203.db (Rogue.RegTool) -> No action taken.

C:\Documents and Settings\Langen\Application Data\RegTool\QuarantineW\2009-02-16 18-28-400\regb-204.db (Rogue.RegTool) -> No action taken.

C:\Documents and Settings\Langen\Application Data\RegTool\QuarantineW\2009-02-16 18-28-400\regb-205.db (Rogue.RegTool) -> No action taken.

C:\Documents and Settings\Langen\Application Data\RegTool\QuarantineW\2009-02-16 18-28-400\regb-206.db (Rogue.RegTool) -> No action taken.

C:\Documents and Settings\Langen\Application Data\RegTool\QuarantineW\2009-02-16 18-28-400\regb-207.db (Rogue.RegTool) -> No action taken.

C:\Documents and Settings\Langen\Application Data\RegTool\QuarantineW\2009-02-16 18-28-400\regb-208.db (Rogue.RegTool) -> No action taken.

C:\Documents and Settings\Langen\Application Data\RegTool\QuarantineW\2009-02-16 18-28-400\regb-209.db (Rogue.RegTool) -> No action taken.

C:\Documents and Settings\Langen\Application Data\RegTool\QuarantineW\2009-02-16 18-28-400\regb-21.db (Rogue.RegTool) -> No action taken.

C:\Documents and Settings\Langen\Application Data\RegTool\QuarantineW\2009-02-16 18-28-400\regb-210.db (Rogue.RegTool) -> No action taken.

C:\Documents and Settings\Langen\Application Data\RegTool\QuarantineW\2009-02-16 18-28-400\regb-211.db (Rogue.RegTool) -> No action taken.

C:\Documents and Settings\Langen\Application Data\RegTool\QuarantineW\2009-02-16 18-28-400\regb-212.db (Rogue.RegTool) -> No action taken.

C:\Documents and Settings\Langen\Application Data\RegTool\QuarantineW\2009-02-16 18-28-400\regb-213.db (Rogue.RegTool) -> No action taken.

C:\Documents and Settings\Langen\Application Data\RegTool\QuarantineW\2009-02-16 18-28-400\regb-214.db (Rogue.RegTool) -> No action taken.

C:\Documents and Settings\Langen\Application Data\RegTool\QuarantineW\2009-02-16 18-28-400\regb-215.db (Rogue.RegTool) -> No action taken.

C:\Documents and Settings\Langen\Application Data\RegTool\QuarantineW\2009-02-16 18-28-400\regb-216.db (Rogue.RegTool) -> No action taken.

C:\Documents and Settings\Langen\Application Data\RegTool\QuarantineW\2009-02-16 18-28-400\regb-217.db (Rogue.RegTool) -> No action taken.

C:\Documents and Settings\Langen\Application Data\RegTool\QuarantineW\2009-02-16 18-28-400\regb-218.db (Rogue.RegTool) -> No action taken.

C:\Documents and Settings\Langen\Application Data\RegTool\QuarantineW\2009-02-16 18-28-400\regb-219.db (Rogue.RegTool) -> No action taken.

C:\Documents and Settings\Langen\Application Data\RegTool\QuarantineW\2009-02-16 18-28-400\regb-22.db (Rogue.RegTool) -> No action taken.

C:\Documents and Settings\Langen\Application Data\RegTool\QuarantineW\2009-02-16 18-28-400\regb-220.db (Rogue.RegTool) -> No action taken.

C:\Documents and Settings\Langen\Application Data\RegTool\QuarantineW\2009-02-16 18-28-400\regb-221.db (Rogue.RegTool) -> No action taken.

C:\Documents and Settings\Langen\Application Data\RegTool\QuarantineW\2009-02-16 18-28-400\regb-222.db (Rogue.RegTool) -> No action taken.

C:\Documents and Settings\Langen\Application Data\RegTool\QuarantineW\2009-02-16 18-28-400\regb-223.db (Rogue.RegTool) -> No action taken.

C:\Documents and Settings\Langen\Application Data\RegTool\QuarantineW\2009-02-16 18-28-400\regb-224.db (Rogue.RegTool) -> No action taken.

C:\Documents and Settings\Langen\Application Data\RegTool\QuarantineW\2009-02-16 18-28-400\regb-225.db (Rogue.RegTool) -> No action taken.

C:\Documents and Settings\Langen\Application Data\RegTool\QuarantineW\2009-02-16 18-28-400\regb-226.db (Rogue.RegTool) -> No action taken.

C:\Documents and Settings\Langen\Application Data\RegTool\QuarantineW\2009-02-16 18-28-400\regb-227.db (Rogue.RegTool) -> No action taken.

C:\Documents and Settings\Langen\Application Data\RegTool\QuarantineW\2009-02-16 18-28-400\regb-228.db (Rogue.RegTool) -> No action taken.

C:\Documents and Settings\Langen\Application Data\RegTool\QuarantineW\2009-02-16 18-28-400\regb-229.db (Rogue.RegTool) -> No action taken.

C:\Documents and Settings\Langen\Application Data\RegTool\QuarantineW\2009-02-16 18-28-400\regb-23.db (Rogue.RegTool) -> No action taken.

C:\Documents and Settings\Langen\Application Data\RegTool\QuarantineW\2009-02-16 18-28-400\regb-230.db (Rogue.RegTool) -> No action taken.

C:\Documents and Settings\Langen\Application Data\RegTool\QuarantineW\2009-02-16 18-28-400\regb-231.db (Rogue.RegTool) -> No action taken.

C:\Documents and Settings\Langen\Application Data\RegTool\QuarantineW\2009-02-16 18-28-400\regb-232.db (Rogue.RegTool) -> No action taken.

C:\Documents and Settings\Langen\Application Data\RegTool\QuarantineW\2009-02-16 18-28-400\regb-233.db (Rogue.RegTool) -> No action taken.

C:\Documents and Settings\Langen\Application Data\RegTool\QuarantineW\2009-02-16 18-28-400\regb-234.db (Rogue.RegTool) -> No action taken.

C:\Documents and Settings\Langen\Application Data\RegTool\QuarantineW\2009-02-16 18-28-400\regb-235.db (Rogue.RegTool) -> No action taken.

C:\Documents and Settings\Langen\Application Data\RegTool\QuarantineW\2009-02-16 18-28-400\regb-236.db (Rogue.RegTool) -> No action taken.

C:\Documents and Settings\Langen\Application Data\RegTool\QuarantineW\2009-02-16 18-28-400\regb-237.db (Rogue.RegTool) -> No action taken.

C:\Documents and Settings\Langen\Application Data\RegTool\QuarantineW\2009-02-16 18-28-400\regb-238.db (Rogue.RegTool) -> No action taken.

C:\Documents and Settings\Langen\Application Data\RegTool\QuarantineW\2009-02-16 18-28-400\regb-239.db (Rogue.RegTool) -> No action taken.

C:\Documents and Settings\Langen\Application Data\RegTool\QuarantineW\2009-02-16 18-28-400\regb-24.db (Rogue.RegTool) -> No action taken.

C:\Documents and Settings\Langen\Application Data\RegTool\QuarantineW\2009-02-16 18-28-400\regb-240.db (Rogue.RegTool) -> No action taken.

C:\Documents and Settings\Langen\Application Data\RegTool\QuarantineW\2009-02-16 18-28-400\regb-241.db (Rogue.RegTool) -> No action taken.

C:\Documents and Settings\Langen\Application Data\RegTool\QuarantineW\2009-02-16 18-28-400\regb-242.db (Rogue.RegTool) -> No action taken.

C:\Documents and Settings\Langen\Application Data\RegTool\QuarantineW\2009-02-16 18-28-400\regb-243.db (Rogue.RegTool) -> No action taken.

C:\Documents and Settings\Langen\Application Data\RegTool\QuarantineW\2009-02-16 18-28-400\regb-244.db (Rogue.RegTool) -> No action taken.

C:\Documents and Settings\Langen\Application Data\RegTool\QuarantineW\2009-02-16 18-28-400\regb-245.db (Rogue.RegTool) -> No action taken.

C:\Documents and Settings\Langen\Application Data\RegTool\QuarantineW\2009-02-16 18-28-400\regb-246.db (Rogue.RegTool) -> No action taken.

C:\Documents and Settings\Langen\Application Data\RegTool\QuarantineW\2009-02-16 18-28-400\regb-247.db (Rogue.RegTool) -> No action taken.

C:\Documents and Settings\Langen\Application Data\RegTool\QuarantineW\2009-02-16 18-28-400\regb-25.db (Rogue.RegTool) -> No action taken.

C:\Documents and Settings\Langen\Application Data\RegTool\QuarantineW\2009-02-16 18-28-400\regb-26.db (Rogue.RegTool) -> No action taken.

C:\Documents and Settings\Langen\Application Data\RegTool\QuarantineW\2009-02-16 18-28-400\regb-27.db (Rogue.RegTool) -> No action taken.

C:\Documents and Settings\Langen\Application Data\RegTool\QuarantineW\2009-02-16 18-28-400\regb-28.db (Rogue.RegTool) -> No action taken.

C:\Documents and Settings\Langen\Application Data\RegTool\QuarantineW\2009-02-16 18-28-400\regb-29.db (Rogue.RegTool) -> No action taken.

C:\Documents and Settings\Langen\Application Data\RegTool\QuarantineW\2009-02-16 18-28-400\regb-3.db (Rogue.RegTool) -> No action taken.

C:\Documents and Settings\Langen\Application Data\RegTool\QuarantineW\2009-02-16 18-28-400\regb-30.db (Rogue.RegTool) -> No action taken.

C:\Documents and Settings\Langen\Application Data\RegTool\QuarantineW\2009-02-16 18-28-400\regb-31.db (Rogue.RegTool) -> No action taken.

C:\Documents and Settings\Langen\Application Data\RegTool\QuarantineW\2009-02-16 18-28-400\regb-32.db (Rogue.RegTool) -> No action taken.

C:\Documents and Settings\Langen\Application Data\RegTool\QuarantineW\2009-02-16 18-28-400\regb-33.db (Rogue.RegTool) -> No action taken.

C:\Documents and Settings\Langen\Application Data\RegTool\QuarantineW\2009-02-16 18-28-400\regb-34.db (Rogue.RegTool) -> No action taken.

C:\Documents and Settings\Langen\Application Data\RegTool\QuarantineW\2009-02-16 18-28-400\regb-35.db (Rogue.RegTool) -> No action taken.

C:\Documents and Settings\Langen\Application Data\RegTool\QuarantineW\2009-02-16 18-28-400\regb-36.db (Rogue.RegTool) -> No action taken.

C:\Documents and Settings\Langen\Application Data\RegTool\QuarantineW\2009-02-16 18-28-400\regb-37.db (Rogue.RegTool) -> No action taken.

C:\Documents and Settings\Langen\Application Data\RegTool\QuarantineW\2009-02-16 18-28-400\regb-38.db (Rogue.RegTool) -> No action taken.

C:\Documents and Settings\Langen\Application Data\RegTool\QuarantineW\2009-02-16 18-28-400\regb-39.db (Rogue.RegTool) -> No action taken.

C:\Documents and Settings\Langen\Application Data\RegTool\QuarantineW\2009-02-16 18-28-400\regb-4.db (Rogue.RegTool) -> No action taken.

C:\Documents and Settings\Langen\Application Data\RegTool\QuarantineW\2009-02-16 18-28-400\regb-40.db (Rogue.RegTool) -> No action taken.

C:\Documents and Settings\Langen\Application Data\RegTool\QuarantineW\2009-02-16 18-28-400\regb-41.db (Rogue.RegTool) -> No action taken.

C:\Documents and Settings\Langen\Application Data\RegTool\QuarantineW\2009-02-16 18-28-400\regb-42.db (Rogue.RegTool) -> No action taken.

C:\Documents and Settings\Langen\Application Data\RegTool\QuarantineW\2009-02-16 18-28-400\regb-43.db (Rogue.RegTool) -> No action taken.

C:\Documents and Settings\Langen\Application Data\RegTool\QuarantineW\2009-02-16 18-28-400\regb-44.db (Rogue.RegTool) -> No action taken.

C:\Documents and Settings\Langen\Application Data\RegTool\QuarantineW\2009-02-16 18-28-400\regb-45.db (Rogue.RegTool) -> No action taken.

C:\Documents and Settings\Langen\Application Data\RegTool\QuarantineW\2009-02-16 18-28-400\regb-46.db (Rogue.RegTool) -> No action taken.

C:\Documents and Settings\Langen\Application Data\RegTool\QuarantineW\2009-02-16 18-28-400\regb-47.db (Rogue.RegTool) -> No action taken.

C:\Documents and Settings\Langen\Application Data\RegTool\QuarantineW\2009-02-16 18-28-400\regb-48.db (Rogue.RegTool) -> No action taken.

C:\Documents and Settings\Langen\Application Data\RegTool\QuarantineW\2009-02-16 18-28-400\regb-49.db (Rogue.RegTool) -> No action taken.

C:\Documents and Settings\Langen\Application Data\RegTool\QuarantineW\2009-02-16 18-28-400\regb-5.db (Rogue.RegTool) -> No action taken.

C:\Documents and Settings\Langen\Application Data\RegTool\QuarantineW\2009-02-16 18-28-400\regb-50.db (Rogue.RegTool) -> No action taken.

C:\Documents and Settings\Langen\Application Data\RegTool\QuarantineW\2009-02-16 18-28-400\regb-51.db (Rogue.RegTool) -> No action taken.

C:\Documents and Settings\Langen\Application Data\RegTool\QuarantineW\2009-02-16 18-28-400\regb-52.db (Rogue.RegTool) -> No action taken.

C:\Documents and Settings\Langen\Application Data\RegTool\QuarantineW\2009-02-16 18-28-400\regb-53.db (Rogue.RegTool) -> No action taken.

C:\Documents and Settings\Langen\Application Data\RegTool\QuarantineW\2009-02-16 18-28-400\regb-54.db (Rogue.RegTool) -> No action taken.

C:\Documents and Settings\Langen\Application Data\RegTool\QuarantineW\2009-02-16 18-28-400\regb-55.db (Rogue.RegTool) -> No action taken.

C:\Documents and Settings\Langen\Application Data\RegTool\QuarantineW\2009-02-16 18-28-400\regb-56.db (Rogue.RegTool) -> No action taken.

C:\Documents and Settings\Langen\Application Data\RegTool\QuarantineW\2009-02-16 18-28-400\regb-57.db (Rogue.RegTool) -> No action taken.

C:\Documents and Settings\Langen\Application Data\RegTool\QuarantineW\2009-02-16 18-28-400\regb-58.db (Rogue.RegTool) -> No action taken.

C:\Documents and Settings\Langen\Application Data\RegTool\QuarantineW\2009-02-16 18-28-400\regb-59.db (Rogue.RegTool) -> No action taken.

C:\Documents and Settings\Langen\Application Data\RegTool\QuarantineW\2009-02-16 18-28-400\regb-6.db (Rogue.RegTool) -> No action taken.

C:\Documents and Settings\Langen\Application Data\RegTool\QuarantineW\2009-02-16 18-28-400\regb-60.db (Rogue.RegTool) -> No action taken.

C:\Documents and Settings\Langen\Application Data\RegTool\QuarantineW\2009-02-16 18-28-400\regb-61.db (Rogue.RegTool) -> No action taken.

C:\Documents and Settings\Langen\Application Data\RegTool\QuarantineW\2009-02-16 18-28-400\regb-62.db (Rogue.RegTool) -> No action taken.

C:\Documents and Settings\Langen\Application Data\RegTool\QuarantineW\2009-02-16 18-28-400\regb-63.db (Rogue.RegTool) -> No action taken.

C:\Documents and Settings\Langen\Application Data\RegTool\QuarantineW\2009-02-16 18-28-400\regb-64.db (Rogue.RegTool) -> No action taken.

C:\Documents and Settings\Langen\Application Data\RegTool\QuarantineW\2009-02-16 18-28-400\regb-65.db (Rogue.RegTool) -> No action taken.

C:\Documents and Settings\Langen\Application Data\RegTool\QuarantineW\2009-02-16 18-28-400\regb-66.db (Rogue.RegTool) -> No action taken.

C:\Documents and Settings\Langen\Application Data\RegTool\QuarantineW\2009-02-16 18-28-400\regb-67.db (Rogue.RegTool) -> No action taken.

C:\Documents and Settings\Langen\Application Data\RegTool\QuarantineW\2009-02-16 18-28-400\regb-68.db (Rogue.RegTool) -> No action taken.

C:\Documents and Settings\Langen\Application Data\RegTool\QuarantineW\2009-02-16 18-28-400\regb-69.db (Rogue.RegTool) -> No action taken.

C:\Documents and Settings\Langen\Application Data\RegTool\QuarantineW\2009-02-16 18-28-400\regb-7.db (Rogue.RegTool) -> No action taken.

C:\Documents and Settings\Langen\Application Data\RegTool\QuarantineW\2009-02-16 18-28-400\regb-70.db (Rogue.RegTool) -> No action taken.

C:\Documents and Settings\Langen\Application Data\RegTool\QuarantineW\2009-02-16 18-28-400\regb-71.db (Rogue.RegTool) -> No action taken.

C:\Documents and Settings\Langen\Application Data\RegTool\QuarantineW\2009-02-16 18-28-400\regb-72.db (Rogue.RegTool) -> No action taken.

C:\Documents and Settings\Langen\Application Data\RegTool\QuarantineW\2009-02-16 18-28-400\regb-73.db (Rogue.RegTool) -> No action taken.

C:\Documents and Settings\Langen\Application Data\RegTool\QuarantineW\2009-02-16 18-28-400\regb-74.db (Rogue.RegTool) -> No action taken.

C:\Documents and Settings\Langen\Application Data\RegTool\QuarantineW\2009-02-16 18-28-400\regb-75.db (Rogue.RegTool) -> No action taken.

C:\Documents and Settings\Langen\Application Data\RegTool\QuarantineW\2009-02-16 18-28-400\regb-76.db (Rogue.RegTool) -> No action taken.

C:\Documents and Settings\Langen\Application Data\RegTool\QuarantineW\2009-02-16 18-28-400\regb-77.db (Rogue.RegTool) -> No action taken.

C:\Documents and Settings\Langen\Application Data\RegTool\QuarantineW\2009-02-16 18-28-400\regb-78.db (Rogue.RegTool) -> No action taken.

C:\Documents and Settings\Langen\Application Data\RegTool\QuarantineW\2009-02-16 18-28-400\regb-79.db (Rogue.RegTool) -> No action taken.

C:\Documents and Settings\Langen\Application Data\RegTool\QuarantineW\2009-02-16 18-28-400\regb-8.db (Rogue.RegTool) -> No action taken.

C:\Documents and Settings\Langen\Application Data\RegTool\QuarantineW\2009-02-16 18-28-400\regb-80.db (Rogue.RegTool) -> No action taken.

C:\Documents and Settings\Langen\Application Data\RegTool\QuarantineW\2009-02-16 18-28-400\regb-81.db (Rogue.RegTool) -> No action taken.

C:\Documents and Settings\Langen\Application Data\RegTool\QuarantineW\2009-02-16 18-28-400\regb-82.db (Rogue.RegTool) -> No action taken.

C:\Documents and Settings\Langen\Application Data\RegTool\QuarantineW\2009-02-16 18-28-400\regb-83.db (Rogue.RegTool) -> No action taken.

C:\Documents and Settings\Langen\Application Data\RegTool\QuarantineW\2009-02-16 18-28-400\regb-84.db (Rogue.RegTool) -> No action taken.

C:\Documents and Settings\Langen\Application Data\RegTool\QuarantineW\2009-02-16 18-28-400\regb-85.db (Rogue.RegTool) -> No action taken.

C:\Documents and Settings\Langen\Application Data\RegTool\QuarantineW\2009-02-16 18-28-400\regb-86.db (Rogue.RegTool) -> No action taken.

C:\Documents and Settings\Langen\Application Data\RegTool\QuarantineW\2009-02-16 18-28-400\regb-87.db (Rogue.RegTool) -> No action taken.

C:\Documents and Settings\Langen\Application Data\RegTool\QuarantineW\2009-02-16 18-28-400\regb-88.db (Rogue.RegTool) -> No action taken.

C:\Documents and Settings\Langen\Application Data\RegTool\QuarantineW\2009-02-16 18-28-400\regb-89.db (Rogue.RegTool) -> No action taken.

C:\Documents and Settings\Langen\Application Data\RegTool\QuarantineW\2009-02-16 18-28-400\regb-9.db (Rogue.RegTool) -> No action taken.

C:\Documents and Settings\Langen\Application Data\RegTool\QuarantineW\2009-02-16 18-28-400\regb-90.db (Rogue.RegTool) -> No action taken.

C:\Documents and Settings\Langen\Application Data\RegTool\QuarantineW\2009-02-16 18-28-400\regb-91.db (Rogue.RegTool) -> No action taken.

C:\Documents and Settings\Langen\Application Data\RegTool\QuarantineW\2009-02-16 18-28-400\regb-92.db (Rogue.RegTool) -> No action taken.

C:\Documents and Settings\Langen\Application Data\RegTool\QuarantineW\2009-02-16 18-28-400\regb-93.db (Rogue.RegTool) -> No action taken.

C:\Documents and Settings\Langen\Application Data\RegTool\QuarantineW\2009-02-16 18-28-400\regb-94.db (Rogue.RegTool) -> No action taken.

C:\Documents and Settings\Langen\Application Data\RegTool\QuarantineW\2009-02-16 18-28-400\regb-95.db (Rogue.RegTool) -> No action taken.

C:\Documents and Settings\Langen\Application Data\RegTool\QuarantineW\2009-02-16 18-28-400\regb-96.db (Rogue.RegTool) -> No action taken.

C:\Documents and Settings\Langen\Application Data\RegTool\QuarantineW\2009-02-16 18-28-400\regb-97.db (Rogue.RegTool) -> No action taken.

C:\Documents and Settings\Langen\Application Data\RegTool\QuarantineW\2009-02-16 18-28-400\regb-98.db (Rogue.RegTool) -> No action taken.

C:\Documents and Settings\Langen\Application Data\RegTool\QuarantineW\2009-02-16 18-28-400\regb-99.db (Rogue.RegTool) -> No action taken.

C:\WINDOWS\system32:winregpi (Rootkit.ADS) -> No action taken.

C:\WINDOWS\system32\1442bf2G.exe.a_a (Trojan.Agent) -> No action taken.

C:\WINDOWS\Tasks\RegTool Scan.job (Rogue.RegTool) -> No action taken.[/log]

Link to comment
Share on other sites

HookProcess

Kör malwarebytes anti-malware en gång till och skicka med en ny logg.

 

Efter det kör du DDS:

Klistra in loggen/resultatet från programmet DDS. Spara DDS på Skrivbordet.

http://download.blee...om/sUBs/dds.scr

Starta programmet genom att dubbelklicka på det.

Tryck Yes/Ja om frågan om Optional Scan dyker upp.

I ditt svar klistrar du in loggen DSS.txt. Medan du bifogar Attach.txt som en fil.

Link to comment
Share on other sites

[log]DDS (Ver_10-03-17.01) - NTFSx86

Run by Langen at 22:12:43,87 on 2010-03-24

Internet Explorer: 8.0.6001.18702

Microsoft Windows XP Home Edition 5.1.2600.3.1252.46.1053.18.1022.249 [GMT 1:00]

 

 

============== Running Processes ===============

 

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Program\Analog Devices\SoundMAX\SMax4PNP.exe

C:\Program\Analog Devices\SoundMAX\smax4.exe

C:\Program\Delade filer\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe

C:\WINDOWS\vsnpstd.exe

C:\WINDOWS\vVX6000.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program\Java\jre6\bin\jusched.exe

C:\Program\AVG\AVG9\avgtray.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program\Windows Live\Messenger\MsnMsgr.Exe

C:\WINDOWS\NCLAUNCH.EXe

C:\Program\Delade filer\Ahead\lib\NMBgMonitor.exe

C:\Program\AVG\AVG9\Identity Protection\agent\bin\avgidsmonitor.exe

svchost.exe

C:\Program\Symantec\LiveUpdate\ALUSchedulerSvc.exe

C:\Program\AVG\AVG9\avgwdsvc.exe

svchost.exe

C:\Program\Java\jre6\bin\jqs.exe

C:\Program\Delade filer\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe

C:\Program\Microsoft LifeCam\MSCamS32.exe

C:\Program\Analog Devices\SoundMAX\SMAgent.exe

C:\WINDOWS\System32\svchost.exe -k imgsvc

C:\WINDOWS\System32\svchost.exe -k HTTPFilter

C:\Program\Windows Live\Contacts\wlcomm.exe

C:\WINDOWS\system32\WgaTray.exe

C:\Program\Mozilla Firefox\firefox.exe

C:\Documents and Settings\Langen\Mina dokument\Hämtade filer\avg_free_stb_all_9_114_cnet.exe

C:\DOCUME~1\Langen\LOKALA~1\Temp\7zS7.tmp\stub.exe

C:\DOCUME~1\Langen\LOKALA~1\Temp\AVGDownloadManager\packages\setup\setup.exe

C:\Program\Windows Live\Mail\wlmail.exe

C:\Program\Internet Explorer\IEXPLORE.EXE

C:\Program\Internet Explorer\IEXPLORE.EXE

C:\Documents and Settings\Langen\Lokala inställningar\Temporary Internet Files\Content.IE5\U2EPH1ZN\dds[1].scr

 

============== Pseudo HJT Report ===============

 

uStart Page = hxxp://www.blocket.se/

uSearch Page = hxxp://www.google.com

uSearch Bar = hxxp://www.google.com/ie

uSearchMigratedDefaultURL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

mURLSearchHooks: Winamp Search Class: {57bca5fa-5dbb-45a2-b558-1755c3f6253b} - c:\program\winamp toolbar\winamptb.dll

BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program\adobe\acrobat 7.0\activex\AcroIEHelper.dll

BHO: Winamp Toolbar Loader: {25cee8ec-5730-41bc-8b58-22ddc8ab8c20} - c:\program\winamp toolbar\winamptb.dll

BHO: {3ac260fc-2831-c220-1148-267814954bd9} - No File

BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program\avg\avg9\avgssie.dll

BHO: Windows Live inloggningshjälpen: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program\delade filer\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program\google\google toolbar\GoogleToolbar_32.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program\google\googletoolbarnotifier\5.2.4204.1700\swg.dll

BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program\google\google toolbar\component\fastsearch_B7C5AC242193BB3E.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: Winamp Toolbar: {ebf2ba02-9094-4c5a-858b-bb198f3d8de2} - c:\program\winamp toolbar\winamptb.dll

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program\google\google toolbar\GoogleToolbar_32.dll

TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File

TB: {C4069E3A-68F1-403E-B40E-20066696354B} - No File

EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File

uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe

uRun: [MessengerPlus3] "c:\program\messengerplus! 3\MsgPlus.exe" /WinStart

uRun: [updateMgr] "c:\program\adobe\acrobat 7.0\reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1

uRun: [msnmsgr] "c:\program\windows live\messenger\MsnMsgr.Exe" /background

uRun: [NCLaunch] c:\windows\NCLAUNCH.EXe

uRun: [swg] c:\program\google\googletoolbarnotifier\GoogleToolbarNotifier.exe

uRun: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program\delade filer\ahead\lib\NMBgMonitor.exe"

uRun: [OM2_Monitor] "c:\program\olympus\olympus master 2\MMonitor.exe" -NoStart

mRun: [soundMAXPnP] c:\program\analog devices\soundmax\SMax4PNP.exe

mRun: [soundMAX] "c:\program\analog devices\soundmax\smax4.exe" /tray

mRun: [symantec PIF AlertEng] "c:\program\delade filer\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\pifsvc.exe" /a /m "c:\program\delade

 

filer\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\AlertEng.dll"

mRun: [snpstd] c:\windows\vsnpstd.exe

mRun: [VX6000] c:\windows\vVX6000.exe

mRun: [LifeCam] "c:\program\microsoft lifecam\LifeExp.exe"

mRun: [QuickTime Task] "d:\program\quicktime\qttask.exe" -atboottime

mRun: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent

mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe

mRun: [OM2_Monitor] "c:\program\olympus\olympus master 2\FirstStart.exe" /OM

mRun: [sunJavaUpdateSched] "c:\program\java\jre6\bin\jusched.exe"

mRun: [AVG9_TRAY] c:\program\avg\avg9\avgtray.exe

dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE

StartupFolder: c:\docume~1\alluse~1\start-~1\program\autost~1\micros~1.lnk - d:\program\office\office10\OSA.EXE

IE: &Winamp Search - c:\documents and settings\all users\application data\winamp toolbar\ietoolbar\resources\en-us\local\search.html

IE: E&xportera till Microsoft Excel - d:\program\office\office10\EXCEL.EXE/3000

IE: {B863453A-26C3-4e1f-A54D-A2CD196348E9} - c:\program\icqlite\ICQLite.exe

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program\messenger\msmsgs.exe

DPF: CabBuilder - hxxp://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab

DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab

DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab

DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} - hxxp://downloadcenter.samsung.com/content/common/cab/DjVuControlLite_EN.cab

DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} - hxxp://office.microsoft.com/officeupdate/content/opuc3.cab

DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} - hxxp://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab

DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1153245389062

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab

DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} - hxxp://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab

DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} - hxxp://213.115.192.146/activex/AMC.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} - hxxp://by123fd.bay123.hotmail.msn.com/activex/HMAtchmt.ocx

DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} - hxxp://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program\avg\avg9\avgpp.dll

Notify: avgrsstarter - avgrsstx.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

mASetup: {AFAA082C-C3F0-3EAB-AD6A-EF4AB1F38D24} - c:\windows\system32:winregpi.exe

 

================= FIREFOX ===================

 

FF - ProfilePath - c:\docume~1\langen\applic~1\mozilla\firefox\profiles\5juqdjnu.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.blocket.se/

FF - component: c:\program\avg\avg9\firefox\components\avgssff.dll

FF - plugin: c:\program\personal\bin\np_prsnl.dll

FF - plugin: c:\program\windows live\photo gallery\NPWLPG.dll

FF - plugin: d:\program\quicktime\plugins\npqtplugin.dll

FF - plugin: d:\program\quicktime\plugins\npqtplugin2.dll

FF - plugin: d:\program\quicktime\plugins\npqtplugin3.dll

FF - plugin: d:\program\quicktime\plugins\npqtplugin4.dll

FF - plugin: d:\program\quicktime\plugins\npqtplugin5.dll

FF - plugin: d:\program\quicktime\plugins\npqtplugin6.dll

FF - plugin: d:\program\quicktime\plugins\npqtplugin7.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows

 

presentation foundation\dotnetassistantextension\

 

---- FIREFOX POLICIES ----

c:\program\mozilla firefox\greprefs\all.js - pref("browser.visited_color", "#551A8B");

c:\program\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

c:\program\mozilla firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".se");

c:\program\mozilla firefox\defaults\pref\firefox.js - pref("browser.videoFeeds.handler", "ask");

 

============= SERVICES / DRIVERS ===============

 

R0 AVGIDSErHrxpx;AVG9IDSErHr;c:\windows\system32\drivers\AVGIDSxx.sys [2010-2-4 25096]

R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [2010-2-4 52872]

R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-7-3 216200]

R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2008-3-29 29512]

R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2008-7-3 242696]

R2 avg9wd;AVG WatchDog;c:\program\avg\avg9\avgwdsvc.exe [2010-3-5 308064]

R3 AVGIDSDriverxpx;AVG9IDSDriver;c:\program\avg\avg9\identity protection\agent\driver\platform_xp\AVGIDSDriver.sys [2010-2-4 122376]

R3 AVGIDSFilterxpx;AVG9IDSFilter;c:\program\avg\avg9\identity protection\agent\driver\platform_xp\AVGIDSFilter.sys [2010-2-4 30216]

R3 AVGIDSShimxpx;AVG9IDSShim;c:\program\avg\avg9\identity protection\agent\driver\platform_xp\AVGIDSShim.sys [2010-2-4 26120]

S2 AVGIDSAgent;AVG9IDSAgent;c:\program\avg\avg9\identity protection\agent\bin\AVGIDSAgent.exe [2010-3-5 5888008]

S3 VX6000;Microsoft LifeCam VX-6000;c:\windows\system32\drivers\VX6000Xp.sys [2008-4-16 2383256]

 

=============== Created Last 30 ================

 

2010-03-24 19:02:28 0 d-----w- c:\docume~1\langen\applic~1\Malwarebytes

2010-03-24 19:02:21 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-03-24 19:02:12 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes

2010-03-24 19:02:11 19160 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-03-24 19:02:11 0 d-----w- c:\program\Malwarebytes' Anti-Malware

2010-03-10 22:42:28 3558912 -c----w- c:\windows\system32\dllcache\moviemk.exe

2010-03-06 18:51:15 0 d-----w- c:\docume~1\langen\applic~1\AVG9

2010-03-05 08:59:26 12464 ----a-w- c:\windows\system32\avgrsstx.dll

 

==================== Find3M ====================

 

2010-03-24 19:23:32 78734 ----a-w- c:\windows\system32\perfc01D.dat

2010-03-24 19:23:32 434528 ----a-w- c:\windows\system32\perfh01D.dat

2010-03-05 08:59:29 242696 ----a-w- c:\windows\system32\drivers\avgtdix.sys

2010-03-05 08:59:17 25096 ----a-w- c:\windows\system32\drivers\AVGIDSxx.sys

2010-03-05 08:58:24 216200 ----a-w- c:\windows\system32\drivers\avgldx86.sys

2010-03-05 08:58:21 52872 ----a-w- c:\windows\system32\drivers\avgrkx86.sys

2010-01-10 11:56:33 66496 ----a-w- c:\docume~1\langen\applic~1\GDIPFONTCACHEV1.DAT

2008-09-04 05:50:08 32768 --sha-w- c:\windows\system32\config\systemprofile\lokala

 

inställningar\tidigare\history.ie5\mshist012008090420080905\index.dat

 

============= FINISH: 22:13:28,85 ===============[/log]

Attach.txt

Link to comment
Share on other sites

glömde dock malware... ser jag nu, men om du vill så söker jag igenom ännu en gång me den, tar dock några minuter..

Link to comment
Share on other sites

[log]Malwarebytes' Anti-Malware 1.44

Databasversion: 3909

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

 

2010-03-24 22:43:21

mbam-log-2010-03-24 (22-43-21).txt

 

Skanningstyp: Snabb skanning

Antal skannade objekt: 128818

Förfluten tid: 10 minute(s), 13 second(s)

 

Infekterade minnesprocesser: 0

Infekterade minnesmoduler: 0

Infekterade registernycklar: 0

Infekterade registervärden: 0

Infekterade registerdataposter: 0

Infekterade mappar: 0

Infekterade filer: 0

 

Infekterade minnesprocesser:

(Inga illasinnade poster hittades)

 

Infekterade minnesmoduler:

(Inga illasinnade poster hittades)

 

Infekterade registernycklar:

(Inga illasinnade poster hittades)

 

Infekterade registervärden:

(Inga illasinnade poster hittades)

 

Infekterade registerdataposter:

(Inga illasinnade poster hittades)

 

Infekterade mappar:

(Inga illasinnade poster hittades)

 

Infekterade filer:

(Inga illasinnade poster hittades)[/log]

Link to comment
Share on other sites

HookProcess

Fann ett objekt i DDS-loggen som inte borde vara där, men innan vi tar tag i det råder jag dig att göra följande:

 

Avinstallera dessa:

Adobe Reader 7.0.8 - nyaste versionen finner du här

AVG 9.0 - Ladda hem Avast! Antivirus 5.0 här

Java 6 Update 3

Java 6 Update 5

Java 6 Update 17 - nyaste versionen finner du här

 

Sedan har du rester kvar från någon Norton-produkt. För att få bort det, laddar du hem Norton Removal Tool och kör det. Programmet hittar du här

 

 

Mozilla Firefox (3.5.7) - behöver inte avinstalleras, men jag råder dig att ladda hem den senaste versionen 3.6.2 här, och installera. Installationen skriver över den gamla utan att några bokmärken och lite annat lullull ska gå förlorat :)

 

PeerGuardian 2.0 - Finns ingen anledning att använda. Farbror Blå använder externa länkar från t.ex. Telia, så gömma sig fungerar inte :) Men det ligger utanför detta område ;) Gör som du behagar med det programmet.

 

Winamp Toolbar for Firefox

Winamp Toolbar for Internet Explorer

Använder du inte Winamp Toolbar, kan du ta bort dessa.

 

När allt detta är gjort, kan du köra en fullständig genomsökning med Avast! Antivirus och klistra in eventuell information om de hot som hittas (finns en fil som jag hoppas ska hittas), sist men inte minst, kör DDS igen och bifoga de nya loggarna.

Link to comment
Share on other sites

Åh! Du är en pärla...

Jag orkar dock inte påbörja nån mer operation med hans dator nå mer idag... Dax att hoppa i bingen närsomhelst..

Men så fort jag kommit hem imorgon ska jag ta tag i det igen.. (ca mitt på dagen kanske??)

 

PeerGuardian använde jag/vi förr.. men jag har slutat eftersom de ändå inte fanns/finns till Vista/7 när jag skulle ha de, klarar mej lika bra utan.. :)

 

Jag skriver imorgon så fort jag påbörjat "operationen"..

 

//Sofia.

Link to comment
Share on other sites

Okej.. nu har jag påbörjat "operationen"

eehm, idag på morgonen så fanns ett gäng rutor framme igen.. (från xp tjosan)

och visade 31 infekterade filer igen... min sambo körde igång malware på fullständig sökning tydligen.. och här är den loggen:

[log]Malwarebytes' Anti-Malware 1.44

Databasversion: 3909

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

 

2010-03-25 12:42:37

mbam-log-2010-03-25 (12-42-37).txt

 

Skanningstyp: Fullständig skanning (C:\|D:\|E:\|)

Antal skannade objekt: 250523

Förfluten tid: 1 hour(s), 19 minute(s), 53 second(s)

 

Infekterade minnesprocesser: 0

Infekterade minnesmoduler: 0

Infekterade registernycklar: 1

Infekterade registervärden: 2

Infekterade registerdataposter: 4

Infekterade mappar: 0

Infekterade filer: 2

 

Infekterade minnesprocesser:

(Inga illasinnade poster hittades)

 

Infekterade minnesmoduler:

(Inga illasinnade poster hittades)

 

Infekterade registernycklar:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\setup.exe (Hoax.BadJoke) -> Quarantined and deleted successfully.

 

Infekterade registervärden:

HKEY_CLASSES_ROOT\.exe\shell\open\command\(default) (Hijack.ExeFile) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\secfile\shell\open\command\(default) (Rogue.MultipleAV) -> Quarantined and deleted successfully.

 

Infekterade registerdataposter:

HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Documents and Settings\Langen\Lokala inställningar\Application Data\ave.exe" /START "firefox.exe") Good: (firefox.exe) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Documents and Settings\Langen\Lokala inställningar\Application Data\ave.exe" /START "iexplore.exe") Good: (iexplore.exe) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Documents and Settings\Langen\Lokala inställningar\Application Data\ave.exe" /START "firefox.exe -safe-mode") Good: (firefox.exe -safe-mode) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\.exe\(default) (Hijacked.exeFile) -> Bad: (secfile) Good: (exefile) -> Quarantined and deleted successfully.

 

Infekterade mappar:

(Inga illasinnade poster hittades)

 

Infekterade filer:

C:\Program\Windows Live\Messenger\riched20.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.

E:\Nero 9\Nero 9.4.13.2.c\setup.exe (Hoax.BadJoke) -> Quarantined and deleted successfully.

[/log]

 

Jag tog en PrintScreen på skärmen.. men de går inte att ladda upp den här.. så de är väll mail som gäller isf..

 

Nu ska jag ta och ta bort sakerna du skrev om..

Link to comment
Share on other sites

Jag tog en PrintScreen på skärmen.. men de går inte att ladda upp den här.. så de är väll mail som gäller isf..
Jo, om du tar upp skärmdumpen i Paint och sparar i formatet .png eller .jpg så går det bra att ladda upp i forumet. För att se möjligheten att ladda upp filer får du antingen trycka på "Svara med citat" i underkanten av inlägget eller under rutan som heter "Snabbsvar" trycka på "Använd full redigerare".
Link to comment
Share on other sites

det jag gjorde typ.. jag sparade den i jpg, och enligt vad jag kunde se här i redigeraren så va jag tvungen ladda upp den på en webbplats??

 

fick bara fram att denna filtyp är inte tillåten eller vad det nu stod..

 

för att ge uppdatering om hur det går, så har jag just avinstallerat och installerat program.. samt startat virussökningen..

 

återkommer ikväll...

Link to comment
Share on other sites

HookProcess

XP Antimalware verkar starta varje gång du kör en exe-fil, så låt oss fixa det:

 

Ladda hem min bifogade fil exeFix.zip och packa upp den. Kör filen exeFix.reg som du nyss packade upp och svara Ja/OK när det efterfrågas :)

 

Sedan ska vi ta bort en fil som har med XP Antimalware att göra.

Gå till Start -> Kör... -> skriv: cmd och klicka på OK -> en härlig svart ruta dyker upp. Där ska vi klistra in eller skriva följande:

 

taskkill /IM ave.exe och tryck på ENTER.

del /F /Q "C:\Documents and Settings\Langen\Lokala inställningar\Application Data\ave.exe" och tryck ENTER.

 

Notera att snabbkommandot för att klistra in, inte fungerar i den svarta rutan. Kopiera ett kommando i taget här ovan för att sedan högerklicka i den svarta rutan och välj klistra in. Se till att allt fet-textat följer med i inklistringen, även citationstecken alltså :)

 

Vad blev resultatet från det första kommandot?

För det andra kommandot bör svaret bli en svart tom rad, ett dåligt resultat är "Åtkomst nekad" :)

 

OM resultatet blev bra, starta Malwarebytes Anti-Malware utför en fullständig genomsökning. Glöm inte att uppdatera definitionerna först!

 

Klistra in loggen med nya DDS-loggar.

exeFix.zip

Link to comment
Share on other sites

Jag förstår.. :)

Jag gör det ikväll, för nu har jag inte mer tid + att virussökning pågår..

hoppas på att hitta den vilsna filen ;)

 

Jag säger bara de, tur min sambo har mej, och att jag har er att fråga om såna här saker :)

Link to comment
Share on other sites

DDS loggen... men viruprogrammet har jag ej gjort något åt sen resultatrutan, ska jag sätta i karantän där eller vad ska jag göra??

 

[log]DDS (Ver_10-03-17.01) - NTFSx86 Run by Langen at 15:39:19,03 on 2010-03-25 Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_18 Microsoft Windows XP Home Edition 5.1.2600.3.1252.46.1053.18.1022.373 [GMT 1:00] AV: avast! Antivirus *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D} ============== Running Processes =============== C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\ctfmon.exe C:\Program\Analog Devices\SoundMAX\SMax4PNP.exe C:\Program\Analog Devices\SoundMAX\smax4.exe C:\WINDOWS\vsnpstd.exe C:\WINDOWS\vVX6000.exe C:\Program\Delade filer\Java\Java Update\jusched.exe C:\Program\Windows Live\Messenger\MsnMsgr.Exe C:\WINDOWS\NCLAUNCH.EXe C:\Program\Delade filer\Ahead\lib\NMBgMonitor.exe svchost.exe C:\Program\Java\jre6\bin\jqs.exe C:\Program\Microsoft LifeCam\MSCamS32.exe C:\Program\Analog Devices\SoundMAX\SMAgent.exe C:\WINDOWS\System32\svchost.exe -k imgsvc C:\WINDOWS\System32\svchost.exe -k HTTPFilter C:\Program\Windows Live\Contacts\wlcomm.exe C:\WINDOWS\system32\WgaTray.exe C:\Program\Internet Explorer\IEXPLORE.EXE C:\Program\Internet Explorer\IEXPLORE.EXE C:\Program\Alwil Software\Avast5\AvastSvc.exe C:\Program\Alwil Software\Avast5\avastUI.exe C:\Program\Mozilla Firefox\firefox.exe C:\Documents and Settings\Langen\Mina dokument\Hämtade filer\dds.scr ============== Pseudo HJT Report =============== uStart Page = hxxp://www.blocket.se/ uSearch Page = hxxp://www.google.com uSearch Bar = hxxp://www.google.com/ie uSearchMigratedDefaultURL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program\delade filer\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: {3ac260fc-2831-c220-1148-267814954bd9} - No File BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program\avg\avg9\avgssie.dll BHO: Windows Live inloggningshjälpen: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program\delade filer\microsoft shared\windows live\WindowsLiveLogin.dll BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program\google\google toolbar\GoogleToolbar_32.dll BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program\google\googletoolbarnotifier\5.2.4204.1700\swg.dll BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program\google\google toolbar\component\fastsearch_B7C5AC242193BB3E.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program\google\google toolbar\GoogleToolbar_32.dll TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File TB: {C4069E3A-68F1-403E-B40E-20066696354B} - No File EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe uRun: [MessengerPlus3] "c:\program\messengerplus! 3\MsgPlus.exe" /WinStart uRun: [updateMgr] "c:\program\adobe\acrobat 7.0\reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1 uRun: [msnmsgr] "c:\program\windows live\messenger\MsnMsgr.Exe" /background uRun: [NCLaunch] c:\windows\NCLAUNCH.EXe uRun: [swg] c:\program\google\googletoolbarnotifier\GoogleToolbarNotifier.exe uRun: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program\delade filer\ahead\lib\NMBgMonitor.exe" uRun: [OM2_Monitor] "c:\program\olympus\olympus master 2\MMonitor.exe" -NoStart mRun: [soundMAXPnP] c:\program\analog devices\soundmax\SMax4PNP.exe mRun: [soundMAX] "c:\program\analog devices\soundmax\smax4.exe" /tray mRun: [snpstd] c:\windows\vsnpstd.exe mRun: [VX6000] c:\windows\vVX6000.exe mRun: [LifeCam] "c:\program\microsoft lifecam\LifeExp.exe" mRun: [QuickTime Task] "d:\program\quicktime\qttask.exe" -atboottime mRun: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe mRun: [OM2_Monitor] "c:\program\olympus\olympus master 2\FirstStart.exe" /OM mRun: [sunJavaUpdateSched] "c:\program\delade filer\java\java update\jusched.exe" mRun: [Adobe Reader Speed Launcher] "c:\program\adobe\reader 9.0\reader\Reader_sl.exe" mRun: [Adobe ARM] "c:\program\delade filer\adobe\arm\1.0\AdobeARM.exe" mRun: [avast5] c:\program\alwils~1\avast5\avastUI.exe /nogui dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE StartupFolder: c:\docume~1\alluse~1\start-~1\program\autost~1\micros~1.lnk - d:\program\office\office10\OSA.EXE IE: E&xportera till Microsoft Excel - d:\program\office\office10\EXCEL.EXE/3000 IE: {B863453A-26C3-4e1f-A54D-A2CD196348E9} - c:\program\icqlite\ICQLite.exe IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program\messenger\msmsgs.exe DPF: CabBuilder - hxxp://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} - hxxp://downloadcenter.samsung.com/content/common/cab/DjVuControlLite_EN.cab DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} - hxxp://office.microsoft.com/officeupdate/content/opuc3.cab DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} - hxxp://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1153245389062 DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} - hxxp://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} - hxxp://213.115.192.146/activex/AMC.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} - hxxp://by123fd.bay123.hotmail.msn.com/activex/HMAtchmt.ocx DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} - hxxp://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll mASetup: {AFAA082C-C3F0-3EAB-AD6A-EF4AB1F38D24} - c:\windows\system32:winregpi.exe ================= FIREFOX =================== FF - ProfilePath - c:\docume~1\langen\applic~1\mozilla\firefox\profiles\5juqdjnu.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.blocket.se/ FF - plugin: c:\program\personal\bin\np_prsnl.dll FF - plugin: c:\program\windows live\photo gallery\NPWLPG.dll FF - plugin: d:\program\quicktime\plugins\npqtplugin.dll FF - plugin: d:\program\quicktime\plugins\npqtplugin2.dll FF - plugin: d:\program\quicktime\plugins\npqtplugin3.dll FF - plugin: d:\program\quicktime\plugins\npqtplugin4.dll FF - plugin: d:\program\quicktime\plugins\npqtplugin5.dll FF - plugin: d:\program\quicktime\plugins\npqtplugin6.dll FF - plugin: d:\program\quicktime\plugins\npqtplugin7.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\ FF - HiddenExtension: Java Console: No Registry Reference - c:\program\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} ---- FIREFOX POLICIES ---- c:\program\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true); c:\program\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false); c:\program\mozilla firefox\greprefs\all.js - pref("browser.visited_color", "#551A8B"); c:\program\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true); c:\program\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true); c:\program\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32); c:\program\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600); c:\program\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false); c:\program\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false); c:\program\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1); c:\program\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false); c:\program\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2); c:\program\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1); c:\program\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25); c:\program\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800); c:\program\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25); c:\program\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5); c:\program\mozilla firefox\greprefs\all.js - pref("html5.enable", false); c:\program\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true); c:\program\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", ""); c:\program\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false); c:\program\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false); c:\program\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true); c:\program\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600); c:\program\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com"); c:\program\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff"); c:\program\mozilla firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".se"); c:\program\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties"); c:\program\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties"); c:\program\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org"); c:\program\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com"); c:\program\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true); c:\program\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false); c:\program\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false); c:\program\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false); c:\program\mozilla firefox\defaults\pref\firefox.js - pref("browser.videoFeeds.handler", "ask"); c:\program\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false); c:\program\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false); c:\program\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20); c:\program\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20); ============= SERVICES / DRIVERS =============== R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-3-25 162640] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-3-25 19024] R2 avast! Antivirus;avast! Antivirus;c:\program\alwil software\avast5\AvastSvc.exe [2010-3-25 40384] R3 avast! Mail Scanner;avast! Mail Scanner;c:\program\alwil software\avast5\AvastSvc.exe [2010-3-25 40384] R3 avast! Web Scanner;avast! Web Scanner;c:\program\alwil software\avast5\AvastSvc.exe [2010-3-25 40384] S3 VX6000;Microsoft LifeCam VX-6000;c:\windows\system32\drivers\VX6000Xp.sys [2008-4-16 2383256] =============== Created Last 30 ================ 2010-03-25 12:32:59 0 d-----w- c:\docume~1\alluse~1\applic~1\Alwil Software 2010-03-25 12:19:40 73728 ----a-w- c:\windows\system32\javacpl.cpl 2010-03-24 21:54:48 0 d-----w- c:\program\IVT Corporation 2010-03-24 21:54:41 32 ----a-w- c:\windows\0 2010-03-24 21:54:41 0 ----a-w- c:\windows\system32\0 2010-03-24 19:02:28 0 d-----w- c:\docume~1\langen\applic~1\Malwarebytes 2010-03-24 19:02:21 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-03-24 19:02:12 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes 2010-03-24 19:02:11 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-03-24 19:02:11 0 d-----w- c:\program\Malwarebytes' Anti-Malware 2010-03-10 22:42:28 3558912 -c----w- c:\windows\system32\dllcache\moviemk.exe ==================== Find3M ==================== 2010-03-25 12:19:25 411368 ----a-w- c:\windows\system32\deploytk.dll 2010-03-24 19:23:32 78734 ----a-w- c:\windows\system32\perfc01D.dat 2010-03-24 19:23:32 434528 ----a-w- c:\windows\system32\perfh01D.dat 2010-01-10 11:56:33 66496 ----a-w- c:\docume~1\langen\applic~1\GDIPFONTCACHEV1.DAT 2008-09-04 05:50:08 32768 --sha-w- c:\windows\system32\config\systemprofile\lokala inställningar\tidigare\history.ie5\mshist012008090420080905\index.dat ============= FINISH: 15:39:46,25 ===============[/log]Attach.txt

Link to comment
Share on other sites

HookProcess

Sätt dem i karantän, sedan kan du hoppa mina två kommandorader i tidigare svar ;)

 

Jag kikar på DDS-loggarna nu

Link to comment
Share on other sites

HookProcess

Ladda hem ComboFix.exe här och spara på skrivbordet.

 

Inaktivera Avast Antivirus.

Hur du gör kan du se här, alternativt kan du högerklicka på Avast!-ikonen och inaktivera antiviruset där så länge ;)

 

Kör ComboFix och följ anvisningarna som visas.

Om det kommer upp en fråga om du vill installera återställningskonsolen så svara Ja.

 

Loggen klistrar du in här, UTAN någon Kod-tagg eller Log-tagg. Loggen finns sparad i C:\ComboFix.txt om du råkar stänga ner den :)

 

När det är klart, glöm inte att aktivera Avast Antivirus.

Link to comment
Share on other sites

ComboFix 10-03-25.02 - Langen 2010-03-25 22:20:19.1.2 - x86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.46.1053.18.1022.380 [GMT 1:00]

Körs från: c:\documents and settings\Langen\Mina dokument\Hämtade filer\ComboFix.exe

AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

.

 

((((((((((((((((((((((((((((((((((((((( Andra raderingar ))))))))))))))))))))))))))))))))))))))))))))))))

.

 

c:\windows\Downloaded Program Files\f3initialsetup1.0.1.1.inf

 

.

(((((((((((((((((((((((( Filer Skapade från 2010-02-25 till 2010-03-25 ))))))))))))))))))))))))))))))

.

 

2010-03-25 12:33 . 2010-03-09 11:08 19024 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys

2010-03-25 12:33 . 2010-03-09 11:12 162640 ----a-w- c:\windows\system32\drivers\aswSP.sys

2010-03-25 12:33 . 2010-03-09 11:09 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys

2010-03-25 12:33 . 2010-03-09 11:12 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys

2010-03-25 12:33 . 2010-03-09 11:08 100432 ----a-w- c:\windows\system32\drivers\aswmon2.sys

2010-03-25 12:33 . 2010-03-09 11:08 94800 ----a-w- c:\windows\system32\drivers\aswmon.sys

2010-03-25 12:33 . 2010-03-09 11:08 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys

2010-03-25 12:33 . 2010-03-09 11:24 38848 ----a-w- c:\windows\system32\avastSS.scr

2010-03-25 12:33 . 2010-03-09 11:24 153184 ----a-w- c:\windows\system32\aswBoot.exe

2010-03-25 12:32 . 2010-03-25 12:32 -------- d-----w- c:\program\Alwil Software

2010-03-25 12:32 . 2010-03-25 12:32 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software

2010-03-25 12:20 . 2010-03-25 12:20 -------- d-----w- c:\program\Delade filer\Java

2010-03-25 12:19 . 2010-03-25 12:19 61440 ----a-w- c:\documents and settings\Langen\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-13299216-n\decora-sse.dll

2010-03-25 12:19 . 2010-03-25 12:19 12800 ----a-w- c:\documents and settings\Langen\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-13299216-n\decora-d3d.dll

2010-03-25 12:19 . 2010-03-25 12:19 503808 ----a-w- c:\documents and settings\Langen\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-14d91092-n\msvcp71.dll

2010-03-25 12:19 . 2010-03-25 12:19 499712 ----a-w- c:\documents and settings\Langen\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-14d91092-n\jmc.dll

2010-03-25 12:19 . 2010-03-25 12:19 348160 ----a-w- c:\documents and settings\Langen\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-14d91092-n\msvcr71.dll

2010-03-24 21:58 . 2010-03-24 21:58 -------- d-----w- c:\documents and settings\All Users\Application Data\Bluetooth

2010-03-24 21:54 . 2010-03-24 21:54 -------- d-----w- c:\program\IVT Corporation

2010-03-24 19:02 . 2010-03-24 19:02 -------- d-----w- c:\documents and settings\Langen\Application Data\Malwarebytes

2010-03-24 19:02 . 2010-01-07 15:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-03-24 19:02 . 2010-03-24 19:02 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2010-03-24 19:02 . 2010-03-24 19:02 -------- d-----w- c:\program\Malwarebytes' Anti-Malware

2010-03-24 19:02 . 2010-01-07 15:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-03-10 22:42 . 2009-10-23 15:28 3558912 -c----w- c:\windows\system32\dllcache\moviemk.exe

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-03-25 12:30 . 2006-07-20 17:10 -------- d-----w- c:\program\Delade filer\Adobe

2010-03-25 12:23 . 2007-03-01 16:45 -------- d-----w- c:\program\Symantec

2010-03-25 12:22 . 2006-07-18 12:19 -------- d-----w- c:\program\Delade filer\Symantec Shared

2010-03-25 12:19 . 2009-01-05 16:59 411368 ----a-w- c:\windows\system32\deploytk.dll

2010-03-25 12:19 . 2008-01-19 12:38 -------- d-----w- c:\program\Java

2010-03-25 12:12 . 2010-02-04 19:03 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9

2010-03-25 11:46 . 2008-01-07 14:53 -------- d-----w- c:\program\uTorrent

2010-03-24 20:43 . 2008-01-07 14:53 -------- d-----w- c:\documents and settings\Langen\Application Data\uTorrent

2010-03-24 19:23 . 2002-09-11 12:00 78734 ----a-w- c:\windows\system32\perfc01D.dat

2010-03-24 19:23 . 2002-09-11 12:00 434528 ----a-w- c:\windows\system32\perfh01D.dat

2010-03-22 19:53 . 2007-10-10 13:39 -------- d-----w- c:\documents and settings\Langen\Application Data\U3

2010-03-22 19:25 . 2008-11-06 16:23 -------- d-----w- c:\documents and settings\Langen\Application Data\Winamp

2010-03-22 18:50 . 2006-07-18 17:09 -------- d-----w- c:\program\DC++

2010-02-14 21:18 . 2010-02-14 21:18 90112 ----a-w- c:\documents and settings\Langen\Application Data\Agency9\3DMapsK1\3DMapsK1\natives\32\DXPlugin.dll

2010-02-14 21:18 . 2010-02-14 21:18 69632 ----a-w- c:\documents and settings\Langen\Application Data\Agency9\3DMapsK1\3DMapsK1\natives\32\SystemInfo.dll

2010-02-14 21:18 . 2010-02-14 21:18 6656 ----a-w- c:\documents and settings\Langen\Application Data\Agency9\3DMapsK1\3DMapsK1\natives\32\NativeDiskfree.dll

2010-02-14 21:18 . 2010-02-14 21:18 61440 ----a-w- c:\documents and settings\Langen\Application Data\Agency9\3DMapsK1\3DMapsK1\natives\32\NativeUnzip.dll

2010-02-14 21:18 . 2010-02-14 21:18 59904 ----a-w- c:\documents and settings\Langen\Application Data\Agency9\3DMapsK1\3DMapsK1\natives\32\zlib1.dll

2010-02-14 21:18 . 2010-02-14 21:18 57344 ----a-w- c:\documents and settings\Langen\Application Data\Agency9\3DMapsK1\3DMapsK1\natives\32\DXT.dll

2010-02-14 21:18 . 2010-02-14 21:18 315392 ----a-w- c:\documents and settings\Langen\Application Data\Agency9\3DMapsK1\3DMapsK1\natives\32\jogl.dll

2010-02-14 21:18 . 2010-02-14 21:18 20480 ----a-w- c:\documents and settings\Langen\Application Data\Agency9\3DMapsK1\3DMapsK1\natives\32\jogl_awt.dll

2010-02-14 21:18 . 2010-02-14 21:18 20480 ----a-w- c:\documents and settings\Langen\Application Data\Agency9\3DMapsK1\3DMapsK1\natives\32\gluegen-rt.dll

2010-02-14 21:18 . 2010-02-14 21:18 155648 ----a-w- c:\documents and settings\Langen\Application Data\Agency9\3DMapsK1\3DMapsK1\natives\32\NativeJpegDecoder.dll

2010-02-14 21:18 . 2010-02-14 21:18 -------- d-----w- c:\documents and settings\Langen\Application Data\Agency9

2010-02-04 19:03 . 2008-07-03 21:07 -------- d-----w- c:\program\AVG

2010-02-04 10:58 . 2009-12-07 17:01 -------- d-----w- c:\documents and settings\Langen\Application Data\Spotify

2009-12-31 16:50 . 2002-09-11 12:00 353792 ----a-w- c:\windows\system32\drivers\srv.sys

.

 

(((((((((((((((((((((((((((((((((( Startpunkter i registret )))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Not* Tomma poster & legitima standardposter visas inte.

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"MessengerPlus3"="c:\program\MessengerPlus! 3\MsgPlus.exe" [2006-09-29 190024]

"msnmsgr"="c:\program\Windows Live\Messenger\MsnMsgr.Exe" [2009-07-26 3883840]

"NCLaunch"="c:\windows\NCLAUNCH.EXe" [2008-01-05 40960]

"swg"="c:\program\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-04-04 68856]

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program\Delade filer\Ahead\lib\NMBgMonitor.exe" [2005-12-16 94208]

"OM2_Monitor"="c:\program\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" [2007-09-04 95536]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SoundMAXPnP"="c:\program\Analog Devices\SoundMAX\SMax4PNP.exe" [2003-05-29 790528]

"snpstd"="c:\windows\vsnpstd.exe" [2003-12-31 40960]

"VX6000"="c:\windows\vVX6000.exe" [2006-12-19 994072]

"LifeCam"="c:\program\Microsoft LifeCam\LifeExp.exe" [2007-01-13 275800]

"QuickTime Task"="d:\program\QuickTime\qttask.exe" [2008-03-28 413696]

"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]

"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]

"OM2_Monitor"="c:\program\OLYMPUS\OLYMPUS Master 2\FirstStart.exe" [2007-09-04 54576]

"SunJavaUpdateSched"="c:\program\Delade filer\Java\Java Update\jusched.exe" [2010-02-18 248040]

"Adobe Reader Speed Launcher"="c:\program\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]

"Adobe ARM"="c:\program\Delade filer\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]

"avast5"="c:\program\ALWILS~1\Avast5\avastUI.exe" [2010-03-09 2769336]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

 

c:\documents and settings\All Users\Start-meny\Program\Autostart\

Microsoft Office.lnk - d:\program\Office\Office10\OSA.EXE [2001-2-13 83360]

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

"FirewallOverride"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

"DisableNotifications"= 1 (0x1)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program\\ICQLite\\ICQLite.exe"=

"c:\\Program\\Messenger\\msmsgs.exe"=

"c:\\Program\\uTorrent\\uTorrent.exe"=

"c:\\Program\\Microsoft LifeCam\\LifeCam.exe"=

"c:\\Program\\Microsoft LifeCam\\LifeExp.exe"=

"c:\\Program\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program\\Windows Live\\Sync\\WindowsLiveSync.exe"=

"c:\\Program\\SYSteam CAB\\Epoq\\Kitchen Planner 4.0\\epoq.exe"=

"c:\\Program\\Spotify\\spotify.exe"=

"c:\\Program\\Nero\\Nero 7\\Nero Home\\NeroHome.exe"=

"c:\\Program\\Mozilla Firefox\\firefox.exe"=

"Windows Service Host"= c:\documents and settings\Langen\Application Data\svhost.exe

 

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-03-25 162640]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-03-25 19024]

S3 VX6000;Microsoft LifeCam VX-6000;c:\windows\system32\drivers\VX6000Xp.sys [2008-04-16 2383256]

 

--- Övriga tjänster/drivrutiner i minnet ---

 

*NewlyCreated* - AAVMKER4

*NewlyCreated* - ASWFSBLK

*NewlyCreated* - ASWMON2

*NewlyCreated* - ASWRDR

*NewlyCreated* - ASWSP

*NewlyCreated* - ASWTDI

*NewlyCreated* - AVAST!_ANTIVIRUS

*NewlyCreated* - AVAST!_MAIL_SCANNER

*NewlyCreated* - AVAST!_WEB_SCANNER

.

Innehållet i mappen 'Schemalagda aktiviteter':

.

.

------- Extra genomsökning -------

.

uStart Page = hxxp://www.blocket.se/

uSearchMigratedDefaultURL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

IE: E&xportera till Microsoft Excel - d:\program\Office\Office10\EXCEL.EXE/3000

DPF: CabBuilder - hxxp://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab

DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab

DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab

DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} - hxxp://213.115.192.146/activex/AMC.cab

FF - ProfilePath - c:\documents and settings\Langen\Application Data\Mozilla\Firefox\Profiles\5juqdjnu.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.blocket.se/

FF - plugin: c:\program\Personal\bin\np_prsnl.dll

FF - plugin: c:\program\Windows Live\Photo Gallery\NPWLPG.dll

FF - plugin: d:\program\QuickTime\Plugins\npqtplugin.dll

FF - plugin: d:\program\QuickTime\Plugins\npqtplugin2.dll

FF - plugin: d:\program\QuickTime\Plugins\npqtplugin3.dll

FF - plugin: d:\program\QuickTime\Plugins\npqtplugin4.dll

FF - plugin: d:\program\QuickTime\Plugins\npqtplugin5.dll

FF - plugin: d:\program\QuickTime\Plugins\npqtplugin6.dll

FF - plugin: d:\program\QuickTime\Plugins\npqtplugin7.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

 

---- FIREFOX POLICY ----

c:\program\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);

c:\program\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);

c:\program\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);

c:\program\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);

c:\program\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);

c:\program\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);

c:\program\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);

c:\program\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);

c:\program\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);

c:\program\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);

c:\program\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);

c:\program\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);

c:\program\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);

c:\program\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);

c:\program\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);

c:\program\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);

c:\program\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);

c:\program\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);

c:\program\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");

c:\program\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);

c:\program\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);

c:\program\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);

c:\program\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");

c:\program\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");

c:\program\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".se");

c:\program\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");

c:\program\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");

c:\program\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");

c:\program\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");

c:\program\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);

c:\program\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);

c:\program\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);

c:\program\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);

c:\program\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);

c:\program\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);

c:\program\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);

c:\program\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

.

- - - - FÖRÄLDRALÖSA POSTER SOM TAGITS BORT - - - -

 

BHO-{3ac260fc-2831-c220-1148-267814954bd9} - (no file)

HKCU-Run-updateMgr - c:\program\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe

ActiveSetup-{AFAA082C-C3F0-3EAB-AD6A-EF4AB1F38D24} - c:\windows\system32:winregpi.exe

AddRemove-MCC - e:\cocacola\Uninstall.exe

 

 

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-03-25 22:27

Windows 5.1.2600 Service Pack 3 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

.

Sluttid: 2010-03-25 22:29:59

ComboFix-quarantined-files.txt 2010-03-25 21:29

 

Före genomsökningen: 38 673 756 160 byte ledigt

Efter genomsökningen: 41 426 280 448 byte ledigt

 

WindowsXP-KB310994-SP2-Home-BootDisk-SVE.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn

 

- - End Of File - - A075E141F57261A2680515F619049D00

Link to comment
Share on other sites

HookProcess

Stäng ner alla program innan du börjar. Spara alltså ner denna text till ett textdokument och ladda hem de tre verktygen i förväg, eftersom inte ens webbläsaren får vara igång :)

 

Ladda hem HijackThis här. Starta programmet och klicka på Do a system scan only. När det laddat klart, letar du upp och bockar i följande:

(0xx kan vara 015, 016 eller något annat värde. Det viktiga är det som kommer efter)

0xx - DPF: CabBuilder - hxxp://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab

0xx - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} - hxxp://213.115.192.146/activex/AMC.cab

När du bockat i dessa två, klickar du på Fix checked. Svara Ja/Yes på frågan att ta bort dem.

 

Ladda hem OTC här.

Starta programmet och klicka helt enkelt på CleanUp! Tillåt omstart.

 

Ladda ner ATF-Cleaner här. (Verkligen viktigt att Internet Explorer och Firefox INTE är igång när du kör ATF-Cleaner!)

Starta ATF-Cleaner och bocka i Select All och klicka på Empty Selected.

Klicka på Firefox i toppen av ATF-Cleaner och bocka i Select All, Om du vill behålla sparade lösenord svara Nej/No på frågan "Are you sure you want to delete your Firefox saved password?", när du gjort ditt val klickar du på Empty Selected.

 

Ta bort följande mappar manuellt:

C:\Program\Symantec\

C:\Program\Delade filer\Symantec Shared\

C:\Program\AVG\

C:\Documents and Settings\All Users\Application Data\avg9\

Notera att sista raden kanske inte är synlig i Utforskaren, beroende på om man valt att visa dolda mappar och filer eller inte. Om så är fallet, gå till Start -> Kör... -> klistra in: C:\Documents and Settings\All Users\Application Data\ och tryck på OK. Leta upp mappen avg9 och ta bort den.

 

Windows-brandväggen är inaktiverad. Om du vill att den ska vara det kan du hoppa över nästa steg. Den är dock bättre än ingen brandvägg alls.

Gå till Start -> Kör... -> Skriv: firewall.cpl och klicka OK

Under fliken Allmänt väljer du På (rekommenderas), gå sedan till fliken Undantag och ta bort undantaget för svhost.exe

 

Starta om datorn och kör Malwarebytes Anti-Malware en sista gång, glöm inte uppdatera. Om några hot hittas, ta bort dem. Klistra in loggen utan kod-tagg eller log-tagg. (Alla hot ska dock vara borta nu, men lika bra att vara paranoida innan vi ropar hurra :))

 

När vi ändå håller på, kör DDS en sista gång och klistra in DDS-loggen utan taggar, samt bifoga Attach.txt

 

Alla filer du laddat hem och loggar du sparat kan nu raderas :)

Link to comment
Share on other sites

Jag hann typ somna igårkväll... så det blev bingen för mej istället för datorn ;)

 

Fixar detta vid lunch... :)

Link to comment
Share on other sites

så du inte sitter å väntar på mej så vill jag bara säga att jag inte hinner fixa detta nu.. senare idag, förmodligen mot kvällen fixar ja de :)

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.



×
×
  • Create New...