Help - Search - Members - Calendar
Full Version: Antivirus 360?
Malwarebytes Forum > Computer Help > Malware Removal - HijackThis Logs
Husmusen
Dec 13 2008, 12:11 AM
I think I have a problem with Antivirus 360. My broadband connection goes
up and down.

I got a blue screen when I tried to scan with Spybot Search & Destroy.

After 30 seconds scan with Malwarebytes' Anti-Malware the computer restarted.

Panda scan worked properly and I have posted the log.

HiJack this! Worked properly too and log is posted.

Thanks in advance,

Husmusen smile.gif


;****************************************************************************
********************************************************************************
*
**********************
ANALYSIS: 2008-12-12 14:15:13
PROTECTIONS: 1
MALWARE: 55
SUSPECTS: 0
;*******************************************************************************
********************************************************************************
*
*******************
PROTECTIONS
Description Version Active Updated
;===============================================================================
================================================================================
=
===================
ZoneAlarm Security Suite Antivirus 8.0.059.000 Yes Yes
;===============================================================================
================================================================================
=
===================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===============================================================================
================================================================================
=
===================
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No E:\Ominstallationen\Mozilla\Firefox\Profiles\gv4upq50.default\cookies.txt[.casalemedia.com/]
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No E:\Ominstallationen\Mozilla\Firefox\Profiles\gv4upq50.default\cookies.txt[.casalemedia.com/]
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No E:\Ominstallationen\Mozilla\Firefox\Profiles\gv4upq50.default\cookies.txt[.casalemedia.com/]
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No E:\Ominstallationen\Mozilla\Firefox\Profiles\gv4upq50.default\cookies.txt[.casalemedia.com/]
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No E:\Ominstallationen\Mozilla\Firefox\Profiles\gv4upq50.default\cookies.txt[.casalemedia.com/]
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No E:\RECYCLER\S-1-5-21-1801674531-117609710-839522115-1004\De3\Firefox\Profiles\gv4upq50.default\cookies.txt[.casalemedia.com/]
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No E:\RECYCLER\S-1-5-21-1801674531-117609710-839522115-1004\De3\Firefox\Profiles\gv4upq50.default\cookies.txt[.casalemedia.com/]
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No E:\RECYCLER\S-1-5-21-1801674531-117609710-839522115-1004\De3\Firefox\Profiles\gv4upq50.default\cookies.txt[.casalemedia.com/]
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No E:\RECYCLER\S-1-5-21-1801674531-117609710-839522115-1004\De3\Firefox\Profiles\gv4upq50.default\cookies.txt[.casalemedia.com/]
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No E:\RECYCLER\S-1-5-21-1801674531-117609710-839522115-1004\De3\Firefox\Profiles\gv4upq50.default\cookies.txt[.casalemedia.com/]
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No E:\RECYCLER\S-1-5-21-1801674531-117609710-839522115-1004\De3\Firefox\Profiles\gv4upq50.default\cookies.txt[.casalemedia.com/]
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No E:\RECYCLER\S-1-5-21-1801674531-117609710-839522115-1004\De3\Firefox\Profiles\gv4upq50.default\cookies.txt[.casalemedia.com/]
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No E:\RECYCLER\S-1-5-21-1801674531-117609710-839522115-1004\De3\Firefox\Profiles\gv4upq50.default\cookies.txt[.casalemedia.com/]
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No E:\Ominstallationen\Mozilla\Firefox\Profiles\gv4upq50.default\cookies.txt[.casalemedia.com/]
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No E:\Ominstallationen\Mozilla\Firefox\Profiles\gv4upq50.default\cookies.txt[.casalemedia.com/]
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No E:\Ominstallationen\Mozilla\Firefox\Profiles\gv4upq50.default\cookies.txt[.casalemedia.com/]
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No E:\Ominstallationen\Mozilla\Firefox\Profiles\gv4upq50.default\cookies.txt[.casalemedia.com/]
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No E:\RECYCLER\S-1-5-21-1801674531-117609710-839522115-1004\De3\Firefox\Profiles\gv4upq50.default\cookies.txt[.casalemedia.com/]
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No E:\Ominstallationen\Mozilla\Firefox\Profiles\gv4upq50.default\cookies.txt[.atdmt.com/]
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No E:\RECYCLER\S-1-5-21-1801674531-117609710-839522115-1004\De3\Firefox\Profiles\gv4upq50.default\cookies.txt[.atdmt.com/]
00145393 Cookie/Tradedoubler TrackingCookie No 0 Yes No E:\RECYCLER\S-1-5-21-1801674531-117609710-839522115-1004\De3\Firefox\Profiles\gv4upq50.default\cookies.txt[.tradedoubler.com/]
00145393 Cookie/Tradedoubler TrackingCookie No 0 Yes No C:\Documents and Settings\Hasse\Cookies\hasse@tradedoubler[2].txt
00145393 Cookie/Tradedoubler TrackingCookie No 0 Yes No E:\RECYCLER\S-1-5-21-1801674531-117609710-839522115-1004\De3\Firefox\Profiles\gv4upq50.default\cookies.txt[.tradedoubler.com/]
00145393 Cookie/Tradedoubler TrackingCookie No 0 Yes No E:\Ominstallationen\Mozilla\Firefox\Profiles\gv4upq50.default\cookies.txt[.tradedoubler.com/]
00145393 Cookie/Tradedoubler TrackingCookie No 0 Yes No E:\Ominstallationen\Mozilla\Firefox\Profiles\gv4upq50.default\cookies.txt[.tradedoubler.com/]
00145393 Cookie/Tradedoubler TrackingCookie No 0 Yes No E:\RECYCLER\S-1-5-21-1801674531-117609710-839522115-1004\De3\Firefox\Profiles\gv4upq50.default\cookies.txt[.tradedoubler.com/]
00145393 Cookie/Tradedoubler TrackingCookie No 0 Yes No E:\RECYCLER\S-1-5-21-1801674531-117609710-839522115-1004\De3\Firefox\Profiles\gv4upq50.default\cookies.txt[.tradedoubler.com/]
00145393 Cookie/Tradedoubler TrackingCookie No 0 Yes No E:\Ominstallationen\Mozilla\Firefox\Profiles\gv4upq50.default\cookies.txt[.tradedoubler.com/]
00145393 Cookie/Tradedoubler TrackingCookie No 0 Yes No E:\Ominstallationen\Mozilla\Firefox\Profiles\gv4upq50.default\cookies.txt[.tradedoubler.com/]
00145393 Cookie/Tradedoubler TrackingCookie No 0 Yes No E:\Ominstallationen\Mozilla\Firefox\Profiles\gv4upq50.default\cookies.txt[.tradedoubler.com/]
00145393 Cookie/Tradedoubler TrackingCookie No 0 Yes No E:\RECYCLER\S-1-5-21-1801674531-117609710-839522115-1004\De3\Firefox\Profiles\gv4upq50.default\cookies.txt[.tradedoubler.com/]
00145405 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\Hasse\Cookies\hasse@247realmedia[2].txt
00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No E:\Ominstallationen\Mozilla\Firefox\Profiles\gv4upq50.default\cookies.txt[.tribalfusion.com/]
00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No E:\RECYCLER\S-1-5-21-1801674531-117609710-839522115-1004\De3\Firefox\Profiles\gv4upq50.default\cookies.txt[.tribalfusion.com/]
00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No E:\Ominstallationen\Mozilla\Firefox\Profiles\gv4upq50.default\cookies.txt[.mediaplex.com/]
00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No E:\RECYCLER\S-1-5-21-1801674531-117609710-839522115-1004\De3\Firefox\Profiles\gv4upq50.default\cookies.txt[.mediaplex.com/]
00149116 Cookie/Ccbill TrackingCookie No 0 Yes No C:\Documents and Settings\Hasse\Cookies\hasse@ccbill[1].txt
00152401 Cookie/Belnk TrackingCookie No 0 Yes No E:\CamillasDator\Camilla\Camilla\Cookies\camilla@belnk[1].txt
00162730 Cookie/Belnk TrackingCookie No 0 Yes No E:\CamillasDator\Camilla\Camilla\Cookies\camilla@dist.belnk[2].txt
00167642 Cookie/Com.com TrackingCookie No 0 Yes No E:\RECYCLER\S-1-5-21-1801674531-117609710-839522115-1004\De3\Firefox\Profiles\gv4upq50.default\cookies.txt[.com.com/]
00167642 Cookie/Com.com TrackingCookie No 0 Yes No E:\Ominstallationen\Mozilla\Firefox\Profiles\gv4upq50.default\cookies.txt[.com.com/]
00167647 Cookie/Yadro TrackingCookie No 0 Yes No C:\Documents and Settings\Hasse\Cookies\hasse@yadro[1].txt
00167647 Cookie/Yadro TrackingCookie No 0 Yes No E:\Ominstallationen\Mozilla\Firefox\Profiles\gv4upq50.default\cookies.txt[.yadro.ru/]
00167647 Cookie/Yadro TrackingCookie No 0 Yes No E:\RECYCLER\S-1-5-21-1801674531-117609710-839522115-1004\De3\Firefox\Profiles\gv4upq50.default\cookies.txt[.yadro.ru/]
00167690 Cookie/Rightmedia TrackingCookie No 0 Yes No E:\CamillasDator\Camilla\Camilla\Cookies\camilla@rightmedia[2].txt
00167704 Cookie/Xiti TrackingCookie No 0 Yes No E:\CamillasDator\Camilla\Camilla\Cookies\camilla@xiti[1].txt
00167704 Cookie/Xiti TrackingCookie No 0 Yes No C:\Documents and Settings\Hasse\Cookies\hasse@xiti[1].txt
00167714 Cookie/64.62.232 TrackingCookie No 0 Yes No E:\CamillasDator\Camilla\Camilla\Cookies\camilla@64.62.232[2].txt
00167749 Cookie/Toplist TrackingCookie No 0 Yes No C:\Documents and Settings\Hasse\Cookies\hasse@toplist[2].txt
00167749 Cookie/Toplist TrackingCookie No 0 Yes No E:\Ominstallationen\Mozilla\Firefox\Profiles\gv4upq50.default\cookies.txt[.toplist.cz/]
00167749 Cookie/Toplist TrackingCookie No 0 Yes No E:\RECYCLER\S-1-5-21-1801674531-117609710-839522115-1004\De3\Firefox\Profiles\gv4upq50.default\cookies.txt[.toplist.cz/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No E:\Ominstallationen\Mozilla\Firefox\Profiles\gv4upq50.default\cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No E:\RECYCLER\S-1-5-21-1801674531-117609710-839522115-1004\De3\Firefox\Profiles\gv4upq50.default\cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No E:\RECYCLER\S-1-5-21-1801674531-117609710-839522115-1004\De3\Firefox\Profiles\gv4upq50.default\cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No E:\Ominstallationen\Mozilla\Firefox\Profiles\gv4upq50.default\cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No E:\Ominstallationen\Mozilla\Firefox\Profiles\gv4upq50.default\cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No E:\RECYCLER\S-1-5-21-1801674531-117609710-839522115-1004\De3\Firefox\Profiles\gv4upq50.default\cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No E:\RECYCLER\S-1-5-21-1801674531-117609710-839522115-1004\De3\Firefox\Profiles\gv4upq50.default\cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No E:\RECYCLER\S-1-5-21-1801674531-117609710-839522115-1004\De3\Firefox\Profiles\gv4upq50.default\cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No E:\Ominstallationen\Mozilla\Firefox\Profiles\gv4upq50.default\cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No E:\Ominstallationen\Mozilla\Firefox\Profiles\gv4upq50.default\cookies.txt[.statcounter.com/]
00167767 Cookie/WegCash TrackingCookie No 0 Yes No C:\Documents and Settings\Hasse\Cookies\hasse@programs.wegcash[2].txt
00168048 Cookie/Overture TrackingCookie No 0 Yes No E:\Ominstallationen\Mozilla\Firefox\Profiles\gv4upq50.default\cookies.txt[.perf.overture.com/]
00168048 Cookie/Overture TrackingCookie No 0 Yes No E:\RECYCLER\S-1-5-21-1801674531-117609710-839522115-1004\De3\Firefox\Profiles\gv4upq50.default\cookies.txt[.perf.overture.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No E:\Ominstallationen\Mozilla\Firefox\Profiles\gv4upq50.default\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No E:\Ominstallationen\Mozilla\Firefox\Profiles\gv4upq50.default\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Hasse\Cookies\hasse@ad.yieldmanager[1].txt
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No E:\RECYCLER\S-1-5-21-1801674531-117609710-839522115-1004\De3\Firefox\Profiles\gv4upq50.default\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No E:\Ominstallationen\Mozilla\Firefox\Profiles\gv4upq50.default\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No E:\RECYCLER\S-1-5-21-1801674531-117609710-839522115-1004\De3\Firefox\Profiles\gv4upq50.default\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No E:\RECYCLER\S-1-5-21-1801674531-117609710-839522115-1004\De3\Firefox\Profiles\gv4upq50.default\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No E:\RECYCLER\S-1-5-21-1801674531-117609710-839522115-1004\De3\Firefox\Profiles\gv4upq50.default\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No E:\Ominstallationen\Mozilla\Firefox\Profiles\gv4upq50.default\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No E:\Ominstallationen\Mozilla\Firefox\Profiles\gv4upq50.default\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No E:\RECYCLER\S-1-5-21-1801674531-117609710-839522115-1004\De3\Firefox\Profiles\gv4upq50.default\cookies.txt[ad.yieldmanager.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No E:\Ominstallationen\Mozilla\Firefox\Profiles\gv4upq50.default\cookies.txt[.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No E:\Ominstallationen\Mozilla\Firefox\Profiles\gv4upq50.default\cookies.txt[.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No E:\Ominstallationen\Mozilla\Firefox\Profiles\gv4upq50.default\cookies.txt[.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No E:\RECYCLER\S-1-5-21-1801674531-117609710-839522115-1004\De3\Firefox\Profiles\gv4upq50.default\cookies.txt[.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No E:\Ominstallationen\Mozilla\Firefox\Profiles\gv4upq50.default\cookies.txt[.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No E:\RECYCLER\S-1-5-21-1801674531-117609710-839522115-1004\De3\Firefox\Profiles\gv4upq50.default\cookies.txt[.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No E:\Ominstallationen\Mozilla\Firefox\Profiles\gv4upq50.default\cookies.txt[.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No E:\RECYCLER\S-1-5-21-1801674531-117609710-839522115-1004\De3\Firefox\Profiles\gv4upq50.default\cookies.txt[.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No E:\RECYCLER\S-1-5-21-1801674531-117609710-839522115-1004\De3\Firefox\Profiles\gv4upq50.default\cookies.txt[.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No E:\RECYCLER\S-1-5-21-1801674531-117609710-839522115-1004\De3\Firefox\Profiles\gv4upq50.default\cookies.txt[.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No E:\RECYCLER\S-1-5-21-1801674531-117609710-839522115-1004\De3\Firefox\Profiles\gv4upq50.default\cookies.txt[.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No E:\Ominstallationen\Mozilla\Firefox\Profiles\gv4upq50.default\cookies.txt[.serving-sys.com/]
00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No E:\Ominstallationen\Mozilla\Firefox\Profiles\gv4upq50.default\cookies.txt[.bs.serving-sys.com/]
00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No E:\RECYCLER\S-1-5-21-1801674531-117609710-839522115-1004\De3\Firefox\Profiles\gv4upq50.default\cookies.txt[.bs.serving-sys.com/]
00168109 Cookie/Adtech TrackingCookie No 0 Yes No C:\Documents and Settings\Hasse\Cookies\hasse@adtech[1].txt
00168109 Cookie/Adtech TrackingCookie No 0 Yes No E:\Ominstallationen\Mozilla\Firefox\Profiles\gv4upq50.default\cookies.txt[.adtech.de/]
00168109 Cookie/Adtech TrackingCookie No 0 Yes No C:\Documents and Settings\Administratör\Cookies\administratör@adtech[1].txt
00168109 Cookie/Adtech TrackingCookie No 0 Yes No E:\RECYCLER\S-1-5-21-1801674531-117609710-839522115-1004\De3\Firefox\Profiles\gv4upq50.default\cookies.txt[.adtech.de/]
00168110 Cookie/Server.iad.Liveperson TrackingCookie No 0 Yes No C:\Documents and Settings\Hasse\Cookies\hasse@server.iad.liveperson[1].txt
00168113 Cookie/fe.lea.lycos TrackingCookie No 0 Yes No C:\Documents and Settings\Hasse\Cookies\hasse@fe.lea.lycos[1].txt
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Hasse\Cookies\hasse@advertising[1].txt
00169190 Cookie/Advertising TrackingCookie No 0 Yes No E:\RECYCLER\S-1-5-21-1801674531-117609710-839522115-1004\De3\Firefox\Profiles\gv4upq50.default\cookies.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No E:\RECYCLER\S-1-5-21-1801674531-117609710-839522115-1004\De3\Firefox\Profiles\gv4upq50.default\cookies.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No E:\RECYCLER\S-1-5-21-1801674531-117609710-839522115-1004\De3\Firefox\Profiles\gv4upq50.default\cookies.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No E:\RECYCLER\S-1-5-21-1801674531-117609710-839522115-1004\De3\Firefox\Profiles\gv4upq50.default\cookies.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No E:\RECYCLER\S-1-5-21-1801674531-117609710-839522115-1004\De3\Firefox\Profiles\gv4upq50.default\cookies.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No E:\Ominstallationen\Mozilla\Firefox\Profiles\gv4upq50.default\cookies.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No E:\Ominstallationen\Mozilla\Firefox\Profiles\gv4upq50.default\cookies.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No E:\Ominstallationen\Mozilla\Firefox\Profiles\gv4upq50.default\cookies.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No E:\Ominstallationen\Mozilla\Firefox\Profiles\gv4upq50.default\cookies.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No E:\Ominstallationen\Mozilla\Firefox\Profiles\gv4upq50.default\cookies.txt[.advertising.com/]
00169286 Cookie/Sextracker TrackingCookie No 0 Yes No E:\RECYCLER\S-1-5-21-1801674531-117609710-839522115-1004\De3\Firefox\Profiles\gv4upq50.default\cookies.txt[.sextracker.com/]
00169286 Cookie/Sextracker TrackingCookie No 0 Yes No E:\Ominstallationen\Mozilla\Firefox\Profiles\gv4upq50.default\cookies.txt[.sextracker.com/]
00170087 Cookie/Hbmediapro TrackingCookie No 0 Yes No E:\CamillasDator\Camilla\Camilla\Cookies\camilla@adopt.hbmediapro[1].txt
00170304 Cookie/WebtrendsLive TrackingCookie No 0 Yes No C:\Documents and Settings\Hasse\Cookies\hasse@statse.webtrendslive[2].txt
00170549 Cookie/FortuneCity TrackingCookie No 0 Yes No E:\RECYCLER\S-1-5-21-1801674531-117609710-839522115-1004\De3\Firefox\Profiles\gv4upq50.default\cookies.txt[.fortunecity.com/]
00170549 Cookie/FortuneCity TrackingCookie No 0 Yes No E:\Ominstallationen\Mozilla\Firefox\Profiles\gv4upq50.default\cookies.txt[.fortunecity.com/]
00170549 Cookie/FortuneCity TrackingCookie No 0 Yes No E:\Ominstallationen\Mozilla\Firefox\Profiles\gv4upq50.default\cookies.txt[.fortunecity.com/]
00170549 Cookie/FortuneCity TrackingCookie No 0 Yes No E:\RECYCLER\S-1-5-21-1801674531-117609710-839522115-1004\De3\Firefox\Profiles\gv4upq50.default\cookies.txt[.fortunecity.com/]
00170553 Cookie/Com.com TrackingCookie No 0 Yes No E:\CamillasDator\Camilla\Camilla\Cookies\camilla@ig.com[1].txt
00170557 Cookie/Com.com TrackingCookie No 0 Yes No E:\CamillasDator\Camilla\Camilla\Cookies\camilla@terra.com[1].txt
00171633 Cookie/Cgi-bin TrackingCookie No 0 Yes No E:\CamillasDator\Camilla\Camilla\Cookies\camilla@cgi-bin[6].txt
00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No E:\Ominstallationen\Mozilla\Firefox\Profiles\gv4upq50.default\cookies.txt[.questionmarket.com/]
00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No E:\RECYCLER\S-1-5-21-1801674531-117609710-839522115-1004\De3\Firefox\Profiles\gv4upq50.default\cookies.txt[.questionmarket.com/]
00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No E:\Ominstallationen\Mozilla\Firefox\Profiles\gv4upq50.default\cookies.txt[.questionmarket.com/]
00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No E:\RECYCLER\S-1-5-21-1801674531-117609710-839522115-1004\De3\Firefox\Profiles\gv4upq50.default\cookies.txt[.questionmarket.com/]
00172221 Cookie/Zedo TrackingCookie No 0 Yes No E:\RECYCLER\S-1-5-21-1801674531-117609710-839522115-1004\De3\Firefox\Profiles\gv4upq50.default\cookies.txt[.zedo.com/]
00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\Documents and Settings\Administratör\Cookies\administratör@zedo[2].txt
00172221 Cookie/Zedo TrackingCookie No 0 Yes No E:\Ominstallationen\Mozilla\Firefox\Profiles\gv4upq50.default\cookies.txt[.zedo.com/]
00182104 Cookie/Hitbox TrackingCookie No 0 Yes No C:\Documents and Settings\Hasse\Cookies\hasse@phg.hitbox[1].txt
00191644 Cookie/adultfriendfinder TrackingCookie No 0 Yes No C:\Documents and Settings\Hasse\Cookies\hasse@adultfriendfinder[1].txt
00194327 Cookie/Go TrackingCookie No 0 Yes No C:\Documents and Settings\Hasse\Cookies\hasse@go[1].txt
00194327 Cookie/Go TrackingCookie No 0 Yes No E:\CamillasDator\Camilla\Camilla\Cookies\camilla@go[1].txt
00196960 Cookie/Belnk TrackingCookie No 0 Yes No E:\CamillasDator\Camilla\Camilla\Cookies\camilla@ath.belnk[2].txt
00199984 Cookie/Searchportal TrackingCookie No 0 Yes No C:\Documents and Settings\Hasse\Cookies\hasse@searchportal.information[2].txt
00205140 Cookie/Research-int TrackingCookie No 0 Yes No C:\Documents and Settings\Administratör\Cookies\administratör@research-int[1].txt
00205140 Cookie/Research-int TrackingCookie No 0 Yes No E:\Ominstallationen\Mozilla\Firefox\Profiles\gv4upq50.default\cookies.txt[.research-int.se/]
00205140 Cookie/Research-int TrackingCookie No 0 Yes No E:\RECYCLER\S-1-5-21-1801674531-117609710-839522115-1004\De3\Firefox\Profiles\gv4upq50.default\cookies.txt[.research-int.se/]
00205140 Cookie/Research-int TrackingCookie No 0 Yes No C:\Documents and Settings\Hasse\Cookies\hasse@research-int[2].txt
00216065 Cookie/Screensavers TrackingCookie No 0 Yes No E:\CamillasDator\Camilla\Camilla\Cookies\camilla@i.screensavers[1].txt
00249100 Cookie/Cgi-bin TrackingCookie No 0 Yes No E:\CamillasDator\Camilla\Camilla\Cookies\camilla@cgi-bin[7].txt
00262020 Cookie/Atwola TrackingCookie No 0 Yes No E:\CamillasDator\Camilla\Camilla\Cookies\camilla@atwola[2].txt
00286732 Cookie/Cgi-bin TrackingCookie No 0 Yes No E:\CamillasDator\Camilla\Camilla\Cookies\camilla@cgi-bin[5].txt
00286738 Cookie/Cgi-bin TrackingCookie No 0 Yes No E:\CamillasDator\Camilla\Camilla\Cookies\camilla@cgi-bin[8].txt
00366355 W32/Nuwar.D.worm Virus No 1 Yes No C:\Documents and Settings\Hasse\Application Data\Thunderbird\Profiles\0iwwpknr.default\Mail\pop.bredband.net\Inbox[Video.zl9]
00366355 W32/Nuwar.D.worm Virus No 1 Yes No E:\Ominstallationen\Thunderbird\Profiles\0iwwpknr.default\Mail\pop.bredband.net\Inbox[FullText.zl9]
00366355 W32/Nuwar.D.worm Virus No 1 Yes No E:\Ominstallationen\Thunderbird\Profiles\0iwwpknr.default\Mail\pop.bredband.net\Inbox[Video.zl9]
00366355 W32/Nuwar.D.worm Virus No 1 Yes No C:\Documents and Settings\Hasse\Application Data\Thunderbird\Profiles\0iwwpknr.default\Mail\pop.bredband.net\Inbox[FullText.zl9]
00472802 Adware/Beginto Adware No 0 No No C:\Hasse\Program\DivX\DivXInstaller.exe[²ÜÇ\GoogleToolbarFirefox.msi][unk_0020][xpi][components/googletoolbar.dll]
00478410 Spyware/Virtumonde Spyware No 1 Yes No C:\WINDOWS\system32\rovozefa.dll
01185814 Generic Malware Virus/Trojan No 0 Yes No C:\Program\iriver\iriver plus 3\JOCommLib.dll
01196325 Cookie/Enhance TrackingCookie No 0 Yes No C:\Documents and Settings\Hasse\Cookies\hasse@enhance[1].txt
02049102 Generic Malware Virus/Trojan No 0 Yes No E:\CamillasDator\Hasse\ftp\Ipswitch WS_FTP Professional 2006 + Keygen\KeygenIpswitchWSFTPProf2006.exe
02049102 Generic Malware Virus/Trojan No 0 No No E:\CamillasDator\Hasse\ftp\Ipswitch WS_FTP Professional 2006 + Keygen.rar[Ipswitch WS_FTP Professional 2006 + Keygen\KeygenIpswitchWSFTPProf2006.exe]
03898905 Generic Malware Virus/Trojan No 0 Yes No E:\Ominstallationen\Lavalys.EVEREST.Ultimate.Edition.v4.00.976.Multilingual.Incl.Keygen-ViRiLiTY\vrlle40a\keygen.exe
03898905 Generic Malware Virus/Trojan No 0 Yes No E:\Ominstallationen\Lavalys.EVEREST.Ultimate.Edition.v4.00.976.Multilingual.Incl.Keygen-ViRiLiTY\vrlle40a.zip[keygen.exe]
04315618 Generic Trojan Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{FC35F479-3B43-4A2D-AA4D-1E0C70606C29}\RP309\A0067615.dll
04334283 Spyware/Virtumonde Spyware No 1 Yes No C:\WINDOWS\system32\bofofevu.dll
04334283 Spyware/Virtumonde Spyware No 1 Yes No F:\RECYCLER\S-1-5-21-1659004503-412668190-839522115-1003\Df3.dap
04334489 Spyware/Virtumonde Spyware No 1 Yes No C:\WINDOWS\system32\kuwalobe.dll
04334489 Spyware/Virtumonde Spyware No 1 Yes No F:\RECYCLER\S-1-5-21-1659004503-412668190-839522115-1003\Df1.dap
;===============================================================================
================================================================================
=
===================
SUSPECTS
Sent Location `%
;===============================================================================
================================================================================
=
===================
;===============================================================================
================================================================================
=
===================
VULNERABILITIES
Id Severity Description `%
;===============================================================================
================================================================================
=
===================
;===============================================================================
================================================================================
=
===================

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:28:21, on 2008-12-13
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program\Delade filer\Acronis\Schedule2\schedul2.exe
C:\Program\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program\Acronis\TrueImageHome\TimounterMonitor.exe
C:\Program\Delade filer\Acronis\Schedule2\schedhlp.exe
C:\Program\Java\jre1.6.0_07\bin\jusched.exe
C:\Program\Unlocker\UnlockerAssistant.exe
C:\Program\Samsung\Samsung Media Studio 5\SMSTray.exe
C:\Program\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program\Delade filer\Ahead\Lib\NMBgMonitor.exe
C:\Program\Messenger\msmsgs.exe
C:\Program\DAEMON Tools Lite\daemon.exe
C:\Program\DAP\DAP.EXE
C:\Program\Delade filer\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program\TEXTware\HotKey\Twalink.exe
C:\Program\Logitech\SetPoint\SetPoint.exe
C:\Program\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program\Personal\bin\Personal.exe
C:\Program\Delade filer\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program\ZONELA~1\ZONEAL~1\MAILFR~1\mantispm.exe
C:\Program\Delade filer\Ahead\Lib\NMIndexingService.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program\Nero\Nero 7\Nero StartSmart\NeroStartSmart.exe
C:\Program\Nero\Nero 7\Core\nero.exe
C:\Hasse\Program\HiJackThis\HiJackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.se/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5730328a-6302-4c91-839f-0b890439e167} - C:\WINDOWS\system32\kolokilu.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Internet Service - {38BF827A-D7C5-46E1-A9A2-47B1B5BB5438} - C:\Program\Applications\iebr.dll (file missing)
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program\Acronis\TrueImageHome\TrueImageMonitor.exe
O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program\Acronis\TrueImageHome\TimounterMonitor.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program\Delade filer\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program\Delade filer\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [SMSTray] C:\Program\Samsung\Samsung Media Studio 5\SMSTray.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [kasitovuhi] Rundll32.exe "C:\WINDOWS\system32\revesele.dll",s
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [68f597fd] rundll32.exe "C:\WINDOWS\system32\bidifetu.dll",b
O4 - HKLM\..\Run: [CPM6bc6a461] Rundll32.exe "c:\windows\system32\kuwovogi.dll",a
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program\Delade filer\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [updateMgr] "C:\Program\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe" AcPro7_1_0 -reboot 1
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [DownloadAccelerator] "C:\Program\DAP\DAP.EXE" /STARTUP
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKAL TJÄNST')
O4 - HKUS\S-1-5-19\..\Run: [kasitovuhi] Rundll32.exe "C:\WINDOWS\system32\revesele.dll",s (User 'LOKAL TJÄNST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - S-1-5-18 Startup: everest.exe (User 'SYSTEM')
O4 - S-1-5-18 Startup: everest.ini (User 'SYSTEM')
O4 - S-1-5-18 Startup: pkey.txt (User 'SYSTEM')
O4 - .DEFAULT Startup: everest.exe (User 'Default user')
O4 - .DEFAULT Startup: everest.ini (User 'Default user')
O4 - .DEFAULT Startup: pkey.txt (User 'Default user')
O4 - Startup: everest.exe
O4 - Startup: everest.ini
O4 - Startup: pkey.txt
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: HotKey.lnk = C:\Program\TEXTware\HotKey\Twalink.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Personal.lnk = C:\Program\Personal\bin\Personal.exe
O8 - Extra context menu item: &Clean Traces - C:\Program\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program\DAP\dapextie2.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Referensinformation - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program\ICQLite\ICQLite.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe
O15 - Trusted Zone: *.handelsbanken.se
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1199743487484
O16 - DPF: {983A9C21-8207-4B58-BBB8-0EBC3D7C5505} (Domino Web Access 8 Control) - https://mail.sll.se/dwa8W.cab
O16 - DPF: {B9F79165-A264-4C4A-A211-133A5E8D647F} (F-Secure Health Check 1.1) - http://support.f-secure.com/enu/home/onlin.../fshc/fscax.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {E008A543-CEFB-4559-912F-C27C2B89F13B} (Domino Web Access 7 Control) - https://mail.sll.se/dwa7W.cab
O20 - AppInit_DLLs: C:\WINDOWS\system32\fohajifu.dll c:\windows\system32\kuwovogi.dll
O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\kuwovogi.dll
O22 - SharedTaskScheduler: STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\kuwovogi.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program\Delade filer\Acronis\Schedule2\schedul2.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program\Delade filer\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program\Delade filer\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: NBService - Nero AG - C:\Program\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program\Delade filer\Ahead\Lib\NMIndexingService.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program\WinPcap\rpcapd.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 11313 bytes
Husmusen
Dec 13 2008, 01:48 PM
I have done a new try to scan with MBAM.
This time i had only "scan memory objects" checked and i got a log.
What to do next?

Husmusen smile.gif


Malwarebytes' Anti-Malware 1.31
Database version: 1496
Windows 5.1.2600 Service Pack 3

2008-12-13 14:22:20
mbam-log-2008-12-13 (14-22-16).txt

Scan type: Quick Scan
Objects scanned: 3982
Time elapsed: 22 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 5
Registry Keys Infected: 4
Registry Values Infected: 5
Registry Data Items Infected: 5
Folders Infected: 0
Files Infected: 12

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\WINDOWS\system32\ridilave.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\kolokilu.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\revesele.dll (Trojan.Vundo.H) -> No action taken.
c:\WINDOWS\system32\vozobiya.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\fohajifu.dll (Trojan.Vundo.H) -> No action taken.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5730328a-6302-4c91-839f-0b890439e167} (Trojan.Vundo.H) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{5730328a-6302-4c91-839f-0b890439e167} (Trojan.Vundo.H) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{5730328a-6302-4c91-839f-0b890439e167} (Trojan.Vundo.H) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} (Trojan.Vundo.H) -> No action taken.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\68f597fd (Trojan.Vundo.H) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\kasitovuhi (Trojan.Vundo.H) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cpm6bc6a461 (Trojan.Vundo.H) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} (Trojan.Vundo.H) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\ssodl (Trojan.Vundo.H) -> No action taken.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: c:\windows\system32\vozobiya.dll -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: system32\vozobiya.dll -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: c:\windows\system32\fohajifu.dll -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\fohajifu.dll -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: system32\fohajifu.dll -> No action taken.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\bidifetu.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\utefidib.ini (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\fagesefa.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\afesegaf.ini (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\hunumalo.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\olamunuh.ini (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\ridilave.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\evalidir.ini (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\revesele.dll (Trojan.Vundo.H) -> No action taken.
c:\WINDOWS\system32\vozobiya.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\kolokilu.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\fohajifu.dll (Trojan.Vundo.H) -> No action taken.
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.
Invision Power Board © 2001-2010 Invision Power Services, Inc.