SUPERAntiSpyware Scan Log Generated 11/17/2006 at 08:14 PM Application Version : 3.3.1020 Core Rules Database Version : 3131 Trace Rules Database Version: 1149 Scan type : Quick Scan Total Scan Time : 00:23:16 Memory items scanned : 567 Memory threats detected : 0 Registry items scanned : 685 Registry threats detected : 46 File items scanned : 100966 File threats detected : 196 Trojan.WINIOGON [werters] C:\WINDOWS\SYSTEM32\WINIOGON.EXE C:\WINDOWS\SYSTEM32\WINIOGON.EXE [werters] C:\WINDOWS\SYSTEM32\WINIOGON.EXE C:\WINDOWS\Prefetch\WINIOGON.EXE-31623A7E.pf Unclassified.Oreans32 HKLM\System\ControlSet001\Services\oreans32 C:\WINDOWS\SYSTEM32\DRIVERS\OREANS32.SYS HKLM\System\ControlSet003\Services\oreans32 HKLM\System\CurrentControlSet\Services\oreans32 HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32 HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32#NextInstance HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32\0000 HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32\0000#Service HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32\0000#Legacy HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32\0000#ConfigFlags HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32\0000#Class HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32\0000#ClassGUID HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32\0000#DeviceDesc HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32\0000#Capabilities HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32\0000\Control HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32\0000\Control#ActiveService HKLM\SYSTEM\CurrentControlSet\Services\oreans32#Type HKLM\SYSTEM\CurrentControlSet\Services\oreans32#Start HKLM\SYSTEM\CurrentControlSet\Services\oreans32#ErrorControl HKLM\SYSTEM\CurrentControlSet\Services\oreans32#ImagePath HKLM\SYSTEM\CurrentControlSet\Services\oreans32#DisplayName HKLM\SYSTEM\CurrentControlSet\Services\oreans32\Security HKLM\SYSTEM\CurrentControlSet\Services\oreans32\Security#Security HKLM\SYSTEM\CurrentControlSet\Services\oreans32\Enum HKLM\SYSTEM\CurrentControlSet\Services\oreans32\Enum#0 HKLM\SYSTEM\CurrentControlSet\Services\oreans32\Enum#Count HKLM\SYSTEM\CurrentControlSet\Services\oreans32\Enum#NextInstance Adware.Tracking Cookie C:\Documents and Settings\Preben\Cookies\preben@track.adform[1].txt C:\Documents and Settings\Preben\Cookies\preben@2o7[1].txt C:\Documents and Settings\Preben\Cookies\preben@advertising[1].txt C:\Documents and Settings\Preben\Cookies\preben@adserver.adreactor[1].txt C:\Documents and Settings\Preben\Cookies\preben@statse.webtrendslive[2].txt C:\Documents and Settings\Preben\Cookies\preben@counter.hitslink[2].txt C:\Documents and Settings\Preben\Cookies\preben@ac.mediatemple[1].txt C:\Documents and Settings\Preben\Cookies\preben@list[1].txt C:\Documents and Settings\Preben\Cookies\preben@msnportal.112.2o7[1].txt C:\Documents and Settings\Preben\Cookies\preben@bravenetmedianetwork[1].txt C:\Documents and Settings\Preben\Cookies\preben@m1.webstats4u[1].txt C:\Documents and Settings\Preben\Cookies\preben@clickbank[1].txt C:\Documents and Settings\Preben\Cookies\preben@ehg-yvesrocher.hitbox[1].txt C:\Documents and Settings\Preben\Cookies\preben@tacoda[1].txt C:\Documents and Settings\Preben\Cookies\preben@serving-sys[1].txt C:\Documents and Settings\Preben\Cookies\preben@adtech[2].txt C:\Documents and Settings\Preben\Cookies\preben@roiservice[1].txt C:\Documents and Settings\Preben\Cookies\preben@valueclick[1].txt C:\Documents and Settings\Preben\Cookies\preben@malwarewipe[1].txt C:\Documents and Settings\Preben\Cookies\preben@fastclick[1].txt C:\Documents and Settings\Preben\Cookies\preben@terrestrialmedia[2].txt C:\Documents and Settings\Preben\Cookies\preben@ehg-bestwestern.hitbox[2].txt C:\Documents and Settings\Preben\Cookies\preben@ehg-ati.hitbox[1].txt C:\Documents and Settings\Preben\Cookies\preben@ad.yieldmanager[1].txt C:\Documents and Settings\Preben\Cookies\preben@statcounter[1].txt C:\Documents and Settings\Preben\Cookies\preben@ads.vg.basefarm[2].txt C:\Documents and Settings\Preben\Cookies\preben@overture[2].txt C:\Documents and Settings\Preben\Cookies\preben@as-eu.falkag[2].txt C:\Documents and Settings\Preben\Cookies\preben@www.pesttrap[1].txt C:\Documents and Settings\Preben\Cookies\preben@1069336987[1].txt C:\Documents and Settings\Preben\Cookies\preben@ad1.hardware[1].txt C:\Documents and Settings\Preben\Cookies\preben@tradedoubler[1].txt C:\Documents and Settings\Preben\Cookies\preben@tribalfusion[1].txt C:\Documents and Settings\Preben\Cookies\preben@xml.bravenetmedianetwork[1].txt C:\Documents and Settings\Preben\Cookies\preben@findexa.adbureau[2].txt C:\Documents and Settings\Preben\Cookies\preben@e2.emediate[1].txt C:\Documents and Settings\Preben\Cookies\preben@revsci[2].txt C:\Documents and Settings\Preben\Cookies\preben@microsofteup.112.2o7[1].txt C:\Documents and Settings\Preben\Cookies\preben@burstnet[2].txt C:\Documents and Settings\Preben\Cookies\preben@spyheal[1].txt C:\Documents and Settings\Preben\Cookies\preben@mediaplex[2].txt C:\Documents and Settings\Preben\Cookies\preben@mediatemple[1].txt C:\Documents and Settings\Preben\Cookies\preben@atdmt[2].txt C:\Documents and Settings\Preben\Cookies\preben@hitbox[1].txt C:\Documents and Settings\Preben\Cookies\preben@bs.serving-sys[2].txt C:\Documents and Settings\Preben\Cookies\preben@ad1.emediate[2].txt C:\Documents and Settings\Preben\Cookies\preben@stat.katalysatormedia[1].txt C:\Documents and Settings\Preben\Cookies\preben@clicktorrent[1].txt C:\Documents and Settings\Preben\Cookies\preben@yourmedia[1].txt C:\Documents and Settings\Preben\Cookies\preben@cgi-bin[2].txt C:\Documents and Settings\Preben\Cookies\preben@doubleclick[2].txt C:\Documents and Settings\Preben\Cookies\preben@ad.adtoma[1].txt C:\Documents and Settings\Berit\Cookies\berit@ad.adtoma[1].txt C:\Documents and Settings\Berit\Cookies\berit@ad.yieldmanager[2].txt C:\Documents and Settings\Berit\Cookies\berit@ad1.emediate[2].txt C:\Documents and Settings\Berit\Cookies\berit@ad1.hardware[1].txt C:\Documents and Settings\Berit\Cookies\berit@ads.touregypt[2].txt C:\Documents and Settings\Berit\Cookies\berit@ads.vg.basefarm[1].txt C:\Documents and Settings\Berit\Cookies\berit@adtech[2].txt C:\Documents and Settings\Berit\Cookies\berit@advertising[2].txt C:\Documents and Settings\Berit\Cookies\berit@atdmt[2].txt C:\Documents and Settings\Berit\Cookies\berit@bs.serving-sys[1].txt C:\Documents and Settings\Berit\Cookies\berit@burstnet[2].txt C:\Documents and Settings\Berit\Cookies\berit@c2.gostats[2].txt C:\Documents and Settings\Berit\Cookies\berit@casalemedia[1].txt C:\Documents and Settings\Berit\Cookies\berit@doubleclick[2].txt C:\Documents and Settings\Berit\Cookies\berit@ehg-yvesrocher.hitbox[2].txt C:\Documents and Settings\Berit\Cookies\berit@findexa.adbureau[2].txt C:\Documents and Settings\Berit\Cookies\berit@gostats[2].txt C:\Documents and Settings\Berit\Cookies\berit@hitbox[2].txt C:\Documents and Settings\Berit\Cookies\berit@hotelscom.122.2o7[1].txt C:\Documents and Settings\Berit\Cookies\berit@maxserving[1].txt C:\Documents and Settings\Berit\Cookies\berit@media.fastclick[1].txt C:\Documents and Settings\Berit\Cookies\berit@media.hotels[1].txt C:\Documents and Settings\Berit\Cookies\berit@msnuk.122.2o7[1].txt C:\Documents and Settings\Berit\Cookies\berit@overture[2].txt C:\Documents and Settings\Berit\Cookies\berit@phg.hitbox[2].txt C:\Documents and Settings\Berit\Cookies\berit@popularscreensavers[1].txt C:\Documents and Settings\Berit\Cookies\berit@questionmarket[1].txt C:\Documents and Settings\Berit\Cookies\berit@serving-sys[1].txt C:\Documents and Settings\Berit\Cookies\berit@stat.katalysatormedia[1].txt C:\Documents and Settings\Berit\Cookies\berit@statcounter[1].txt C:\Documents and Settings\Berit\Cookies\berit@statse.webtrendslive[2].txt C:\Documents and Settings\Berit\Cookies\berit@track.adform[2].txt C:\Documents and Settings\Berit\Cookies\berit@tradedoubler[1].txt C:\Documents and Settings\Berit\Cookies\berit@tribalfusion[2].txt C:\Documents and Settings\Berit\Cookies\berit@www.burstnet[2].txt C:\Documents and Settings\Berit\Cookies\berit@zedo[2].txt C:\Documents and Settings\Sandra Madsen\Cookies\sandra madsen@2o7[1].txt C:\Documents and Settings\Sandra Madsen\Cookies\sandra madsen@actualtrack[1].txt C:\Documents and Settings\Sandra Madsen\Cookies\sandra madsen@ad.adtoma[2].txt C:\Documents and Settings\Sandra Madsen\Cookies\sandra madsen@ad.tv2[1].txt C:\Documents and Settings\Sandra Madsen\Cookies\sandra madsen@ad.yieldmanager[1].txt C:\Documents and Settings\Sandra Madsen\Cookies\sandra madsen@ad.zanox[1].txt C:\Documents and Settings\Sandra Madsen\Cookies\sandra madsen@ad1.emediate[2].txt C:\Documents and Settings\Sandra Madsen\Cookies\sandra madsen@ad1.hardware[1].txt C:\Documents and Settings\Sandra Madsen\Cookies\sandra madsen@adbrite[2].txt C:\Documents and Settings\Sandra Madsen\Cookies\sandra madsen@admarketplace[1].txt C:\Documents and Settings\Sandra Madsen\Cookies\sandra madsen@adopt.euroclick[2].txt C:\Documents and Settings\Sandra Madsen\Cookies\sandra madsen@adopt.hbmediapro[2].txt C:\Documents and Settings\Sandra Madsen\Cookies\sandra madsen@ads.contactmusic[1].txt C:\Documents and Settings\Sandra Madsen\Cookies\sandra madsen@ads.gameforgeads[1].txt C:\Documents and Settings\Sandra Madsen\Cookies\sandra madsen@ads.greteroede[1].txt C:\Documents and Settings\Sandra Madsen\Cookies\sandra madsen@ads.monster[1].txt C:\Documents and Settings\Sandra Madsen\Cookies\sandra madsen@ads.pointroll[1].txt C:\Documents and Settings\Sandra Madsen\Cookies\sandra madsen@ads.realtechnetwork[2].txt C:\Documents and Settings\Sandra Madsen\Cookies\sandra madsen@ads.shopthescene[1].txt C:\Documents and Settings\Sandra Madsen\Cookies\sandra madsen@ads.tripod.lycos[1].txt C:\Documents and Settings\Sandra Madsen\Cookies\sandra madsen@ads.vg.basefarm[2].txt C:\Documents and Settings\Sandra Madsen\Cookies\sandra madsen@ads0.revenue[1].txt C:\Documents and Settings\Sandra Madsen\Cookies\sandra madsen@ads01.revenue[1].txt C:\Documents and Settings\Sandra Madsen\Cookies\sandra madsen@adserver.adreactor[1].txt C:\Documents and Settings\Sandra Madsen\Cookies\sandra madsen@adserver.easyad[2].txt C:\Documents and Settings\Sandra Madsen\Cookies\sandra madsen@adstat.4u[1].txt C:\Documents and Settings\Sandra Madsen\Cookies\sandra madsen@adtech[2].txt C:\Documents and Settings\Sandra Madsen\Cookies\sandra madsen@advertising[1].txt C:\Documents and Settings\Sandra Madsen\Cookies\sandra madsen@anad.tacoda[2].txt C:\Documents and Settings\Sandra Madsen\Cookies\sandra madsen@as-eu.falkag[1].txt C:\Documents and Settings\Sandra Madsen\Cookies\sandra madsen@as.casalemedia[1].txt C:\Documents and Settings\Sandra Madsen\Cookies\sandra madsen@as1.falkag[2].txt C:\Documents and Settings\Sandra Madsen\Cookies\sandra madsen@atdmt[2].txt C:\Documents and Settings\Sandra Madsen\Cookies\sandra madsen@atwola[1].txt C:\Documents and Settings\Sandra Madsen\Cookies\sandra madsen@bluestreak[2].txt C:\Documents and Settings\Sandra Madsen\Cookies\sandra madsen@burstnet[1].txt C:\Documents and Settings\Sandra Madsen\Cookies\sandra madsen@casalemedia[2].txt C:\Documents and Settings\Sandra Madsen\Cookies\sandra madsen@clickbank[1].txt C:\Documents and Settings\Sandra Madsen\Cookies\sandra madsen@clicktorrent[1].txt C:\Documents and Settings\Sandra Madsen\Cookies\sandra madsen@data2.perf.overture[1].txt C:\Documents and Settings\Sandra Madsen\Cookies\sandra madsen@data3.perf.overture[2].txt C:\Documents and Settings\Sandra Madsen\Cookies\sandra madsen@doubleclick[1].txt C:\Documents and Settings\Sandra Madsen\Cookies\sandra madsen@e-2dj6wjnyqkdzgep.stats.esomniture[2].txt C:\Documents and Settings\Sandra Madsen\Cookies\sandra madsen@e2.emediate[2].txt C:\Documents and Settings\Sandra Madsen\Cookies\sandra madsen@edge.ru4[2].txt C:\Documents and Settings\Sandra Madsen\Cookies\sandra madsen@ehg-dig.hitbox[1].txt C:\Documents and Settings\Sandra Madsen\Cookies\sandra madsen@ehg-findlaw.hitbox[2].txt C:\Documents and Settings\Sandra Madsen\Cookies\sandra madsen@ehg-futurepub.hitbox[1].txt C:\Documents and Settings\Sandra Madsen\Cookies\sandra madsen@ehg-gamespot.hitbox[1].txt C:\Documents and Settings\Sandra Madsen\Cookies\sandra madsen@ehg-hollywood.hitbox[1].txt C:\Documents and Settings\Sandra Madsen\Cookies\sandra madsen@ehg-idg.hitbox[1].txt C:\Documents and Settings\Sandra Madsen\Cookies\sandra madsen@ehg-myplanet.hitbox[1].txt C:\Documents and Settings\Sandra Madsen\Cookies\sandra madsen@ehg-warnerbrothers.hitbox[2].txt C:\Documents and Settings\Sandra Madsen\Cookies\sandra madsen@ehg-yvesrocher.hitbox[1].txt C:\Documents and Settings\Sandra Madsen\Cookies\sandra madsen@ehg.hitbox[2].txt C:\Documents and Settings\Sandra Madsen\Cookies\sandra madsen@fastclick[1].txt C:\Documents and Settings\Sandra Madsen\Cookies\sandra madsen@findexa.adbureau[2].txt C:\Documents and Settings\Sandra Madsen\Cookies\sandra madsen@fortunecity[2].txt C:\Documents and Settings\Sandra Madsen\Cookies\sandra madsen@hc2.humanclick[2].txt C:\Documents and Settings\Sandra Madsen\Cookies\sandra madsen@hitbox[1].txt C:\Documents and Settings\Sandra Madsen\Cookies\sandra madsen@indextools[1].txt C:\Documents and Settings\Sandra Madsen\Cookies\sandra madsen@infostat.hio[1].txt C:\Documents and Settings\Sandra Madsen\Cookies\sandra madsen@kanoodle[1].txt C:\Documents and Settings\Sandra Madsen\Cookies\sandra madsen@maxis.112.2o7[1].txt C:\Documents and Settings\Sandra Madsen\Cookies\sandra madsen@maxserving[1].txt C:\Documents and Settings\Sandra Madsen\Cookies\sandra madsen@mediaplex[1].txt C:\Documents and Settings\Sandra Madsen\Cookies\sandra madsen@nbcuniversal.122.2o7[1].txt C:\Documents and Settings\Sandra Madsen\Cookies\sandra madsen@network.realmedia[1].txt C:\Documents and Settings\Sandra Madsen\Cookies\sandra madsen@overture[1].txt C:\Documents and Settings\Sandra Madsen\Cookies\sandra madsen@partygaming.122.2o7[1].txt C:\Documents and Settings\Sandra Madsen\Cookies\sandra madsen@partypoker[1].txt C:\Documents and Settings\Sandra Madsen\Cookies\sandra madsen@perf.overture[1].txt C:\Documents and Settings\Sandra Madsen\Cookies\sandra madsen@phg.hitbox[2].txt C:\Documents and Settings\Sandra Madsen\Cookies\sandra madsen@questionmarket[2].txt C:\Documents and Settings\Sandra Madsen\Cookies\sandra madsen@realmedia[1].txt C:\Documents and Settings\Sandra Madsen\Cookies\sandra madsen@revenue[1].txt C:\Documents and Settings\Sandra Madsen\Cookies\sandra madsen@revsci[1].txt C:\Documents and Settings\Sandra Madsen\Cookies\sandra madsen@serving-sys[2].txt C:\Documents and Settings\Sandra Madsen\Cookies\sandra madsen@spylog[2].txt C:\Documents and Settings\Sandra Madsen\Cookies\sandra madsen@stat.katalysatormedia[1].txt C:\Documents and Settings\Sandra Madsen\Cookies\sandra madsen@stat.onestat[2].txt C:\Documents and Settings\Sandra Madsen\Cookies\sandra madsen@stat.www[1].txt C:\Documents and Settings\Sandra Madsen\Cookies\sandra madsen@statcounter[2].txt C:\Documents and Settings\Sandra Madsen\Cookies\sandra madsen@stats.channel4[1].txt C:\Documents and Settings\Sandra Madsen\Cookies\sandra madsen@stats1.clicktracks[2].txt C:\Documents and Settings\Sandra Madsen\Cookies\sandra madsen@statse.webtrendslive[1].txt C:\Documents and Settings\Sandra Madsen\Cookies\sandra madsen@studenti.adbureau[1].txt C:\Documents and Settings\Sandra Madsen\Cookies\sandra madsen@tacoda[1].txt C:\Documents and Settings\Sandra Madsen\Cookies\sandra madsen@talkcity.realtracker[1].txt C:\Documents and Settings\Sandra Madsen\Cookies\sandra madsen@terrestrialmedia[1].txt C:\Documents and Settings\Sandra Madsen\Cookies\sandra madsen@track.adform[1].txt C:\Documents and Settings\Sandra Madsen\Cookies\sandra madsen@tradedoubler[2].txt C:\Documents and Settings\Sandra Madsen\Cookies\sandra madsen@trafficmp[1].txt C:\Documents and Settings\Sandra Madsen\Cookies\sandra madsen@tribalfusion[1].txt C:\Documents and Settings\Sandra Madsen\Cookies\sandra madsen@tripod[1].txt C:\Documents and Settings\Sandra Madsen\Cookies\sandra madsen@usenext[2].txt C:\Documents and Settings\Sandra Madsen\Cookies\sandra madsen@valueclick[1].txt C:\Documents and Settings\Sandra Madsen\Cookies\sandra madsen@warlog[2].txt C:\Documents and Settings\Sandra Madsen\Cookies\sandra madsen@web4.realtracker[1].txt C:\Documents and Settings\Sandra Madsen\Cookies\sandra madsen@webstats4u[2].txt C:\Documents and Settings\Sandra Madsen\Cookies\sandra madsen@www.burstnet[1].txt C:\Documents and Settings\Sandra Madsen\Cookies\sandra madsen@www.etracker[1].txt C:\Documents and Settings\Sandra Madsen\Cookies\sandra madsen@www2.mystats[2].txt C:\Documents and Settings\Sandra Madsen\Cookies\sandra madsen@zedo[1].txt Trojan.Media-Codec HKCR\CLSID\{1A29A79A-B9C8-44A9-BEDF-7FADDE3CF33F} HKCR\CLSID\{1A29A79A-B9C8-44A9-BEDF-7FADDE3CF33F}\Implemented Categories HKCR\CLSID\{1A29A79A-B9C8-44A9-BEDF-7FADDE3CF33F}\Implemented Categories\{00021493-0000-0000-C000-000000000046} HKCR\CLSID\{1A29A79A-B9C8-44A9-BEDF-7FADDE3CF33F}\InprocServer32 HKCR\CLSID\{1A29A79A-B9C8-44A9-BEDF-7FADDE3CF33F}\InprocServer32#ThreadingModel HKCR\CodecsSoftwarePackage.chl HKCR\CodecsSoftwarePackage.chl\CLSID HKU\S-1-5-21-484763869-2025429265-839522115-1004\Software\Internet Security HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Explorer Security Plugin 2006 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Explorer Security Plugin 2006#DisplayName HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Explorer Security Plugin 2006#UninstallString HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Security Add-On HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad#bonspells [ {11853d5f-f894-4cc7-bbc3-fc7a9dcfd896} ] Unclassified.Unknown Origin HKCR\CLSID\{11853D5F-F894-4CC7-BBC3-FC7A9DCFD896} HKCR\CLSID\{11853D5F-F894-4CC7-BBC3-FC7A9DCFD896}\InProcServer32 HKCR\CLSID\{11853D5F-F894-4CC7-BBC3-FC7A9DCFD896}\InProcServer32#ThreadingModel Trojan.Malware HKCR\AVZipEnchancer.Chl HKCR\AVZipEnchancer.Chl\CLSID Browser Hijacker.Favorites C:\DOCUMENTS AND SETTINGS\PREBEN\FAVORITTER\ONLINE SECURITY TEST.URL