Datorn infekterad efter ett LAN [Mod]

Malwarebytes' Anti-Malware 1.36
Databasversion: 1945
Windows 5.1.2600 Service Pack 3

2009-05-25 22:09:17
mbam-log-2009-05-25 (22-09-10).txt

Skanningstyp: Snabb skanning
Antal skannade objekt: 95837
Förfluten tid: 11 minute(s), 15 second(s)

Infekterade minnesprocesser: 0
Infekterade minnesmoduler: 0
Infekterade registernycklar: 0
Infekterade registervärden: 1
Infekterade registerdataposter: 0
Infekterade mappar: 1
Infekterade filer: 2

Infekterade minnesprocesser:
(Inga illasinnade poster hittades)

Infekterade minnesmoduler:
(Inga illasinnade poster hittades)

Infekterade registernycklar:
(Inga illasinnade poster hittades)

Infekterade registervärden:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run\Explore (Trojan.Agent) -> No action taken.

Infekterade registerdataposter:
(Inga illasinnade poster hittades)

Infekterade mappar:
C:\Program\RelevantKnowledge (Spyware.Marketscore) -> No action taken.

Infekterade filer:
C:\Program\RelevantKnowledge\rloci.bin (Spyware.Marketscore) -> No action taken.
C:\Program\RelevantKnowledge\sporder.dll (Spyware.Marketscore) -> No action taken.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:30:45, on 2009-05-25
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
c:\Program\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program\Delade filer\Symantec Shared\ccSetMgr.exe
C:\Program\Delade filer\Symantec Shared\ccEvtMgr.exe
C:\Program\Delade filer\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\agrsmsvc.exe
C:\Program\Bonjour\mDNSResponder.exe
C:\Program\Symantec AntiVirus\DefWatch.exe
C:\Program\Intel\Intel Matrix Storage Manager\Iaantmon.exe
c:\WINDOWS\system32\ifxspmgt.exe
C:\WINDOWS\system32\IFXTCS.exe
C:\WINDOWS\System32\svchost.exe
c:\WINDOWS\system32\IfxPsdSv.exe
C:\Program\Symantec AntiVirus\SavRoam.exe
C:\WINDOWS\system32\svchost.exe
C:\Program\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\Explorer.EXE
c:\Program\Hewlett-Packard\IAM\bin\asghost.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program\Analog Devices\Core\smax4pnp.exe
C:\Program\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Program\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE
C:\Program\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program\Java\jre1.6.0_07\bin\jusched.exe
C:\Program\Delade filer\Symantec Shared\ccApp.exe
c:\Program\Hewlett-Packard\Embedded Security Software\PSDrt.exe
C:\Program\SYMANT~1\VPTray.exe
C:\Program\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program\MMEDIA\TV Jukebox 3.0\tvjbMonitor.exe
C:\Program\ClocX\ClocX.exe
C:\Program\Skype\Phone\Skype.exe
C:\Program\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
C:\Program\Windows Live\Messenger\MsnMsgr.Exe
C:\program\steam\steam.exe
C:\Documents and Settings\adalin01\Lokala inställningar\Application Data\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe
C:\Program\DAEMON Tools Lite\daemon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program\Ideazon\Reaper\Reaper_Settings.exe
C:\Program\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program\Spybot - Search & Destroy\TeaTimer.exe
C:\Program\Delade filer\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program\Skype\Plugin Manager\skypePM.exe
C:\Program\Java\jre1.6.0_07\bin\jucheck.exe
C:\Program\Mozilla Firefox\firefox.exe
C:\Program\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer = jbupp-student1:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar
R3 - URLSearchHook: Winamp Search Class - {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program\Winamp Toolbar\winamptb.dll
O1 - Hosts: 115.47.207.146 www.yahoo.com
O1 - Hosts: 115.47.207.146 www.google.com
O1 - Hosts: 115.47.207.146 www.google.co.uk
O1 - Hosts: 115.47.207.146 www.myspace.com
O1 - Hosts: 115.47.207.146 www.youtube.com
O1 - Hosts: 115.47.207.146 www.facebook.com
O1 - Hosts: 115.47.207.146 www.antispy.com
O1 - Hosts: 115.47.207.146 www.yahoo.com
O1 - Hosts: 115.47.207.146 www.yahoo.co.uk
O1 - Hosts: 115.47.207.146 www.antispyware.com
O1 - Hosts: 115.47.207.146 antispyware.com
O1 - Hosts: 115.47.207.146 antispy.com
O1 - Hosts: 115.47.207.146 www.msn.com
O1 - Hosts: 115.47.207.146 www.asdfasdfd.com
O1 - Hosts: 115.47.207.146 www.gg.com
O1 - Hosts: 115.47.207.146 www.ghfhj.com
O1 - Hosts: 115.47.207.146 www.cvnbcvnb.com
O1 - Hosts: 115.47.207.146 www.1.com
O1 - Hosts: 115.47.207.146 www.3.com
O1 - Hosts: 115.47.207.146 www.asdf4asdfd.com
O1 - Hosts: 115.47.207.146 www.asdfawsdfd.com
O1 - Hosts: 115.47.207.146 www.asdfatsdfd.com
O1 - Hosts: 115.47.207.146 www.asdfasdfd.com
O1 - Hosts: 115.47.207.146 www.asdfadsdfd.com
O1 - Hosts: 115.47.207.146 www.asdfasdfd.com
O1 - Hosts: 115.47.207.146 www.asdfafsdfd.com
O1 - Hosts: 115.47.207.146 www.asdfasdfd.com
O1 - Hosts: 115.47.207.146 www.asdfagsdfd.com
O1 - Hosts: 115.47.207.146 www.asdfasgdfd.com
O1 - Hosts: 115.47.207.146 www.asdfasdhfd.com
O1 - Hosts: 115.47.207.146 www.asdfasdfjd.com
O1 - Hosts: 115.47.207.146 www.asdfasdfkd.com
O1 - Hosts: 115.47.207.146 www.asdfasdfld.com
O1 - Hosts: 115.47.207.146 www.asdfasdf,d.com
O1 - Hosts: 115.47.207.146 www.asxdfasdfd.com
O1 - Hosts: 115.47.207.146 www.asdzfasdfd.com
O1 - Hosts: 115.47.207.146 www.asdcfasdfd.com
O1 - Hosts: 115.47.207.146 www.asdfvasdfd.com
O1 - Hosts: 115.47.207.146 www.asdfabsdfd.com
O1 - Hosts: 115.47.207.146 www.asdfasndfd.com
O1 - Hosts: 115.47.207.146 www.asdfasdmfd.com
O1 - Hosts: 115.47.207.146 www.asdfasdfd.com
O1 - Hosts: 115.47.207.146 www.11asdfasdfd.com
O1 - Hosts: 115.47.207.146 www.as222dfasdfd.com
O1 - Hosts: 115.47.207.146 www.asdfa33sdfd.com
O1 - Hosts: 115.47.207.146 www.asdfasd44fd.com
O1 - Hosts: 115.47.207.146 www.asdfasdfd5.com
O1 - Hosts: 115.47.207.146 www.as66dfasdfd.com
O1 - Hosts: 115.47.207.146 www.asdf77asdfd.com
O1 - Hosts: 115.47.207.146 www.asdf8asdfd.com
O1 - Hosts: 115.47.207.146 www.asdf9asdfd.com
O1 - Hosts: 115.47.207.146 www.asdf0asdfd.com
O1 - Hosts: 115.47.207.146 www.asdf-asdfd.com
O1 - Hosts: 115.47.207.146 www.aqqsdfasdfd.com
O1 - Hosts: 115.47.207.146 www.aswwdfasdfd.com
O1 - Hosts: 123.16.197.121 www.asdhhfasdfdyy.com
O1 - Hosts: 115.47.207.146 www.live.com
O1 - Hosts: 115.47.207.146 www.asdwwwfasdfd.com
O1 - Hosts: 115.47.207.146 www.asdfeasdfd.com
O1 - Hosts: 115.47.207.146 www.asdfrrasdfd.com
O1 - Hosts: 115.47.207.146 www.asdfttasdfd.com
O1 - Hosts: 115.47.207.146 www.asdfyyasdfd.com
O1 - Hosts: 115.47.207.146 www.asdfuuuasdfd.com
O1 - Hosts: 115.47.207.146 www.asdfaiisdfd.com
O1 - Hosts: 115.47.207.146 www.asdfaoosdfd.com
O1 - Hosts: 115.47.207.146 www.asdfappsdfd.com
O1 - Hosts: 115.47.207.146 www.asdfasssdfd.com
O1 - Hosts: 115.47.207.146 www.aswwdfasdfd.com
O1 - Hosts: 115.47.207.146 www.asdeefasdfd.com
O1 - Hosts: 115.47.207.146 www.asdfffasdfd.com
O1 - Hosts: 115.47.207.146 www.asdfavvvsdfd.com
O1 - Hosts: 115.47.207.146 www.asnnndfasdfd.com
O1 - Hosts: 115.47.207.146 www.asdmmmfasdfd.com
O1 - Hosts: 115.47.207.146 www.asdfaffsdfd.com
O1 - Hosts: 115.47.207.146 www.asdhhfasdfd.com
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Delade filer\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program\Winamp Toolbar\winamptb.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live inloggningshjälpen - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program\Delade filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program\Windows Live Toolbar\msntb.dll
O2 - BHO: Credential Manager for HP ProtectTools - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - c:\Program\Hewlett-Packard\IAM\Bin\ItIEAddIn.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program\Winamp Toolbar\winamptb.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] C:\Program\Analog Devices\SoundMAX\Smax4.exe /tray
O4 - HKLM\..\Run: [IAAnotif] "C:\Program\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [PTHOSTTR] c:\Program\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE /Start
O4 - HKLM\..\Run: [CognizanceTS] rundll32.exe c:\Program\HEWLET~1\IAM\Bin\ASTSVCC.dll,RegisterMo dule

O4 - HKLM\..\Run: [IFXSPMGT] c:\WINDOWS\system32\ifxspmgt.exe /NotifyLogon
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [ccApp] "C:\Program\Delade filer\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\Program\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [Adobe_ID0EYTHM] C:\Program\DELADE~1\Adobe\ADOBEV~1\Server\bin\VERS IO~2.EXE
O4 - HKLM\..\Run: [tvjbmonitor] C:\Program\MMEDIA\TV Jukebox 3.0\tvjbMonitor.exe
O4 - HKLM\..\Run: [ClocX] C:\Program\ClocX\ClocX.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [QuickTime Task] "C:\Program\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [Skype] "C:\Program\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Steam] "c:\program\steam\steam.exe" -silent
O4 - HKCU\..\Run: [Octoshape Streaming Services] "C:\Documents and Settings\adalin01\Lokala inställningar\Application Data\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe" -inv:bootrun
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Reaper Gaming Mouse] C:\Program\Ideazon\Reaper\Reaper_Settings.exe
O4 - HKCU\..\Run: [AdobeUpdater] C:\Program\Delade filer\Adobe\Updater5\AdobeUpdater.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJÄNST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: hamachi.lnk = C:\Program\hamachi.exe
O8 - Extra context menu item: &Winamp Search - C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: &Windows Live Search - res://C:\Program\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Append to existing PDF - res://C:\Program\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Skicka till OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Ski&cka till OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1215438699437
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1215438773796
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.sun.com/s/ESD44/JSCDL/jdk/6u7/jinstall-6u7-windows-i586-jc.cab?e=1215591999577&h=f7c9e2abccc8e56f076e70b9a 0113b48/&filename=jinstall-6u7-windows-i586-jc.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = jbupp.local
O17 - HKLM\Software\..\Telephony: DomainName = jbupp.local
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = jbupp.local
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = jbupp.local
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = jbupp.local
O17 - HKLM\System\CS4\Services\Tcpip\Parameters: Domain = jbupp.local
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program\DELADE~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: APSHook.dll,C:\program\relevantknowledge\rlai.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: DeviceNP - C:\WINDOWS\SYSTEM32\DeviceNP.dll
O20 - Winlogon Notify: OneCard - c:\Program\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll
O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program\Delade filer\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\WINDOWS\system32\agrsmsvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762# # (Bonjour Service) - Apple Computer, Inc. - C:\Program\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccSetMgr.exe
O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program\Symantec AntiVirus\DefWatch.exe
O23 - Service: HP ProtectTools Device Locking / Auditing (FLCDLOCK) - Hewlett-Packard Ltd - c:\WINDOWS\system32\flcdlock.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program\Delade filer\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Drive Encryption Service (HpFkCryptService) - SafeBoot International - c:\Program\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: Security Platform Management Service (IFXSpMgtSrv) - Infineon Technologies AG - c:\WINDOWS\system32\ifxspmgt.exe
O23 - Service: Trusted Platform Core Service (IFXTCS) - Infineon Technologies AG - C:\WINDOWS\system32\IFXTCS.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Personal Secure Drive service (PersonalSecureDriveService) - Infineon Technologies AG - c:\WINDOWS\system32\IfxPsdSv.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program\Symantec AntiVirus\Rtvscan.exe

--
End of file - 19092 bytes

Malwarebytes' Anti-Malware 1.36
Databasversion: 2178
Windows 5.1.2600 Service Pack 3

2009-05-26 02:11:33
mbam-log-2009-05-26 (02-11-27).txt

Skanningstyp: Fullständig skanning (C:\|D:\|)
Antal skannade objekt: 294321
Förfluten tid: 2 hour(s), 3 minute(s), 17 second(s)

Infekterade minnesprocesser: 0
Infekterade minnesmoduler: 0
Infekterade registernycklar: 0
Infekterade registervärden: 0
Infekterade registerdataposter: 0
Infekterade mappar: 0
Infekterade filer: 2

Infekterade minnesprocesser:
(Inga illasinnade poster hittades)

Infekterade minnesmoduler:
(Inga illasinnade poster hittades)

Infekterade registernycklar:
(Inga illasinnade poster hittades)

Infekterade registervärden:
(Inga illasinnade poster hittades)

Infekterade registerdataposter:
(Inga illasinnade poster hittades)

Infekterade mappar:
(Inga illasinnade poster hittades)

Infekterade filer:
C:\System Volume Information\_restore{812BA31B-A81C-47BA-B206-5AF9DC6CFD5F}\RP237\A0052533.exe (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\phajv.exe (Trojan.Agent) -> No action taken.