yamahaen Skrevet 4. oktober 2008 Del Skrevet 4. oktober 2008 SAS logg. SUPERAntiSpyware Scan Log http://www.superantispyware.com Generated 10/04/2008 at 00:17 AM Application Version : 4.21.1004 Core Rules Database Version : 3588 Trace Rules Database Version: 1575 Scan type : Complete Scan Total Scan Time : 00:46:11 Memory items scanned : 506 Memory threats detected : 0 Registry items scanned : 5048 Registry threats detected : 253 File items scanned : 15875 File threats detected : 267 Adware.HotBar/ShopperReports (Low Risk) HKLM\Software\Classes\CLSID\{100EB1FD-D03E-47FD-81F3-EE91287F9465} HKCR\CLSID\{100EB1FD-D03E-47FD-81F3-EE91287F9465} HKCR\CLSID\{100EB1FD-D03E-47FD-81F3-EE91287F9465} HKCR\CLSID\{100EB1FD-D03E-47FD-81F3-EE91287F9465}\InprocServer32 HKCR\CLSID\{100EB1FD-D03E-47FD-81F3-EE91287F9465}\InprocServer32#ThreadingModel HKCR\CLSID\{100EB1FD-D03E-47FD-81F3-EE91287F9465}\ProgID HKCR\CLSID\{100EB1FD-D03E-47FD-81F3-EE91287F9465}\TypeLib HKCR\CLSID\{100EB1FD-D03E-47FD-81F3-EE91287F9465}\VersionIndependentProgID HKCR\ShoppingReport.RprtCtrl.1 HKCR\ShoppingReport.RprtCtrl.1\CLSID HKCR\ShoppingReport.RprtCtrl HKCR\ShoppingReport.RprtCtrl\CLSID HKCR\ShoppingReport.RprtCtrl\CurVer HKCR\TypeLib\{E343EDFC-1E6C-4CB5-AA29-E9C922641C80} HKCR\TypeLib\{E343EDFC-1E6C-4CB5-AA29-E9C922641C80}\1.0 HKCR\TypeLib\{E343EDFC-1E6C-4CB5-AA29-E9C922641C80}\1.0 HKCR\TypeLib\{E343EDFC-1E6C-4CB5-AA29-E9C922641C80}\1.0\win32 HKCR\TypeLib\{E343EDFC-1E6C-4CB5-AA29-E9C922641C80}\1.0\FLAGS HKCR\TypeLib\{E343EDFC-1E6C-4CB5-AA29-E9C922641C80}\1.0\HELPDIR C:\PROGRAMFILER\SHOPPINGREPORT\BIN\2.5.0\SHOPPINGREPORT.DLL HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{100EB1FD-D03E-47FD-81F3-EE91287F9465} Adware.Zango/ShoppingReport HKLM\Software\Classes\CLSID\{A7CDDCDC-BEEB-4685-A062-978F5E07CEEE} HKCR\CLSID\{A7CDDCDC-BEEB-4685-A062-978F5E07CEEE} HKCR\CLSID\{A7CDDCDC-BEEB-4685-A062-978F5E07CEEE} HKCR\CLSID\{A7CDDCDC-BEEB-4685-A062-978F5E07CEEE}\Implemented Categories HKCR\CLSID\{A7CDDCDC-BEEB-4685-A062-978F5E07CEEE}\Implemented Categories\{00021493-0000-0000-C000-000000000046} HKCR\CLSID\{A7CDDCDC-BEEB-4685-A062-978F5E07CEEE}\InprocServer32 HKCR\CLSID\{A7CDDCDC-BEEB-4685-A062-978F5E07CEEE}\InprocServer32#ThreadingModel HKCR\CLSID\{A7CDDCDC-BEEB-4685-A062-978F5E07CEEE}\ProgID HKCR\CLSID\{A7CDDCDC-BEEB-4685-A062-978F5E07CEEE}\TypeLib HKCR\CLSID\{A7CDDCDC-BEEB-4685-A062-978F5E07CEEE}\VersionIndependentProgID HKCR\ShoppingReport.HbInfoBand.1 HKCR\ShoppingReport.HbInfoBand.1\CLSID HKCR\ShoppingReport.HbInfoBand HKCR\ShoppingReport.HbInfoBand\CLSID HKCR\ShoppingReport.HbInfoBand\CurVer HKU\S-1-5-21-73586283-1604221776-682003330-1003\Software\Microsoft\Internet Explorer\Explorer Bars\{A7CDDCDC-BEEB-4685-A062-978F5E07CEEE} HKLM\Software\Microsoft\Internet Explorer\Extensions\{C5428486-50A0-4a02-9D20-520B59A9F9B2} HKLM\Software\Microsoft\Internet Explorer\Extensions\{C5428486-50A0-4a02-9D20-520B59A9F9B3} HKCR\ShoppingReport.HbAx HKCR\ShoppingReport.HbAx\CLSID HKCR\ShoppingReport.HbAx\CurVer HKCR\ShoppingReport.HbAx.1 HKCR\ShoppingReport.HbAx.1\CLSID HKCR\ShoppingReport.IEButton HKCR\ShoppingReport.IEButton\CLSID HKCR\ShoppingReport.IEButton\CurVer HKCR\ShoppingReport.IEButton.1 HKCR\ShoppingReport.IEButton.1\CLSID HKCR\ShoppingReport.IEButtonA HKCR\ShoppingReport.IEButtonA\CLSID HKCR\ShoppingReport.IEButtonA\CurVer HKCR\ShoppingReport.IEButtonA.1 HKCR\ShoppingReport.IEButtonA.1\CLSID HKCR\CLSID\{20EA9658-6BC3-4599-A87D-6371FE9295FC} HKCR\CLSID\{20EA9658-6BC3-4599-A87D-6371FE9295FC}\Control HKCR\CLSID\{20EA9658-6BC3-4599-A87D-6371FE9295FC}\Implemented Categories HKCR\CLSID\{20EA9658-6BC3-4599-A87D-6371FE9295FC}\Implemented Categories\{7DD95801-9882-11CF-9FA9-00AA006C42C4} HKCR\CLSID\{20EA9658-6BC3-4599-A87D-6371FE9295FC}\InprocServer32 HKCR\CLSID\{20EA9658-6BC3-4599-A87D-6371FE9295FC}\InprocServer32#ThreadingModel HKCR\CLSID\{20EA9658-6BC3-4599-A87D-6371FE9295FC}\ProgID HKCR\CLSID\{20EA9658-6BC3-4599-A87D-6371FE9295FC}\Programmable HKCR\CLSID\{20EA9658-6BC3-4599-A87D-6371FE9295FC}\ToolboxBitmap32 HKCR\CLSID\{20EA9658-6BC3-4599-A87D-6371FE9295FC}\TypeLib HKCR\CLSID\{20EA9658-6BC3-4599-A87D-6371FE9295FC}\Version HKCR\CLSID\{20EA9658-6BC3-4599-A87D-6371FE9295FC}\VersionIndependentProgID HKCR\CLSID\{A16AD1E9-F69A-45AF-9462-B1C286708842} HKCR\CLSID\{A16AD1E9-F69A-45AF-9462-B1C286708842}\InprocServer32 HKCR\CLSID\{A16AD1E9-F69A-45AF-9462-B1C286708842}\InprocServer32#ThreadingModel HKCR\CLSID\{A16AD1E9-F69A-45AF-9462-B1C286708842}\ProgID HKCR\CLSID\{A16AD1E9-F69A-45AF-9462-B1C286708842}\Programmable HKCR\CLSID\{A16AD1E9-F69A-45AF-9462-B1C286708842}\TypeLib HKCR\CLSID\{A16AD1E9-F69A-45AF-9462-B1C286708842}\VersionIndependentProgID HKCR\CLSID\{C9CCBB35-D123-4A31-AFFC-9B2933132116} HKCR\CLSID\{C9CCBB35-D123-4A31-AFFC-9B2933132116}\InprocServer32 HKCR\CLSID\{C9CCBB35-D123-4A31-AFFC-9B2933132116}\InprocServer32#ThreadingModel HKCR\CLSID\{C9CCBB35-D123-4A31-AFFC-9B2933132116}\ProgID HKCR\CLSID\{C9CCBB35-D123-4A31-AFFC-9B2933132116}\Programmable HKCR\CLSID\{C9CCBB35-D123-4A31-AFFC-9B2933132116}\TypeLib HKCR\CLSID\{C9CCBB35-D123-4A31-AFFC-9B2933132116}\VersionIndependentProgID HKCR\TypeLib\{CDCA70D8-C6A6-49EE-9BED-7429D6C477A2} HKCR\TypeLib\{CDCA70D8-C6A6-49EE-9BED-7429D6C477A2}\1.0 HKCR\TypeLib\{CDCA70D8-C6A6-49EE-9BED-7429D6C477A2}\1.0 HKCR\TypeLib\{CDCA70D8-C6A6-49EE-9BED-7429D6C477A2}\1.0\win32 HKCR\TypeLib\{CDCA70D8-C6A6-49EE-9BED-7429D6C477A2}\1.0\FLAGS HKCR\TypeLib\{CDCA70D8-C6A6-49EE-9BED-7429D6C477A2}\1.0\HELPDIR HKCR\TypeLib\{D136987F-E1C4-4CCC-A220-893DF03EC5DF} HKCR\TypeLib\{D136987F-E1C4-4CCC-A220-893DF03EC5DF}\1.0 HKCR\TypeLib\{D136987F-E1C4-4CCC-A220-893DF03EC5DF}\1.0 HKCR\TypeLib\{D136987F-E1C4-4CCC-A220-893DF03EC5DF}\1.0\win32 HKCR\TypeLib\{D136987F-E1C4-4CCC-A220-893DF03EC5DF}\1.0\FLAGS HKCR\TypeLib\{D136987F-E1C4-4CCC-A220-893DF03EC5DF}\1.0\HELPDIR HKCR\Interface\{8AD9AD05-36BE-4E40-BA62-5422EB0D02FB} HKCR\Interface\{8AD9AD05-36BE-4E40-BA62-5422EB0D02FB}\ProxyStubClsid HKCR\Interface\{8AD9AD05-36BE-4E40-BA62-5422EB0D02FB}\ProxyStubClsid32 HKCR\Interface\{8AD9AD05-36BE-4E40-BA62-5422EB0D02FB}\TypeLib HKCR\Interface\{8AD9AD05-36BE-4E40-BA62-5422EB0D02FB}\TypeLib#Version HKCR\Interface\{AEBF09E2-0C15-43C8-99BF-928C645D98A0} HKCR\Interface\{AEBF09E2-0C15-43C8-99BF-928C645D98A0}\ProxyStubClsid HKCR\Interface\{AEBF09E2-0C15-43C8-99BF-928C645D98A0}\ProxyStubClsid32 HKCR\Interface\{AEBF09E2-0C15-43C8-99BF-928C645D98A0}\TypeLib HKCR\Interface\{AEBF09E2-0C15-43C8-99BF-928C645D98A0}\TypeLib#Version HKCR\Interface\{D8560AC2-21B5-4C1A-BDD4-BD12BC83B082} HKCR\Interface\{D8560AC2-21B5-4C1A-BDD4-BD12BC83B082}\ProxyStubClsid HKCR\Interface\{D8560AC2-21B5-4C1A-BDD4-BD12BC83B082}\ProxyStubClsid32 HKCR\Interface\{D8560AC2-21B5-4C1A-BDD4-BD12BC83B082}\TypeLib HKCR\Interface\{D8560AC2-21B5-4C1A-BDD4-BD12BC83B082}\TypeLib#Version HKU\S-1-5-21-73586283-1604221776-682003330-1003\Software\ShoppingReport HKLM\Software\ShoppingReport HKLM\Software\ShoppingReport#affid HKLM\Software\ShoppingReport#Version HKLM\Software\ShoppingReport#ProductName HKLM\Software\ShoppingReport#SG_Not_Set HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ShoppingReport HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ShoppingReport#DisplayIcon HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ShoppingReport#DisplayName HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ShoppingReport#UninstallString HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ShoppingReport#DisplayVersion HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ShoppingReport#URLInfoAbout HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ShoppingReport#Publisher HKLM\Software\Microsoft\Internet Explorer\Extensions\{C5428486-50A0-4a02-9D20-520B59A9F9B2}#Default Visible HKLM\Software\Microsoft\Internet Explorer\Extensions\{C5428486-50A0-4a02-9D20-520B59A9F9B2}#ButtonText HKLM\Software\Microsoft\Internet Explorer\Extensions\{C5428486-50A0-4a02-9D20-520B59A9F9B2}#HotIcon HKLM\Software\Microsoft\Internet Explorer\Extensions\{C5428486-50A0-4a02-9D20-520B59A9F9B2}#Icon HKLM\Software\Microsoft\Internet Explorer\Extensions\{C5428486-50A0-4a02-9D20-520B59A9F9B2}#CLSID HKLM\Software\Microsoft\Internet Explorer\Extensions\{C5428486-50A0-4a02-9D20-520B59A9F9B2}#ClsidExtension HKLM\Software\Microsoft\Internet Explorer\Extensions\{C5428486-50A0-4a02-9D20-520B59A9F9B3}#Default Visible HKLM\Software\Microsoft\Internet Explorer\Extensions\{C5428486-50A0-4a02-9D20-520B59A9F9B3}#ButtonText HKLM\Software\Microsoft\Internet Explorer\Extensions\{C5428486-50A0-4a02-9D20-520B59A9F9B3}#HotIcon HKLM\Software\Microsoft\Internet Explorer\Extensions\{C5428486-50A0-4a02-9D20-520B59A9F9B3}#Icon HKLM\Software\Microsoft\Internet Explorer\Extensions\{C5428486-50A0-4a02-9D20-520B59A9F9B3}#CLSID HKLM\Software\Microsoft\Internet Explorer\Extensions\{C5428486-50A0-4a02-9D20-520B59A9F9B3}#ClsidExtension C:\Programfiler\ShoppingReport\Bin\2.5.0 C:\Programfiler\ShoppingReport\Bin C:\Programfiler\ShoppingReport\Uninst.exe C:\Programfiler\ShoppingReport C:\Documents and Settings\mitt navn\Programdata\ShoppingReport\cs\Config.xml C:\Documents and Settings\mitt navn\Programdata\ShoppingReport\cs\db\Aliases.dbs C:\Documents and Settings\mitt navn\Programdata\ShoppingReport\cs\db\Sites.dbs C:\Documents and Settings\mitt navn\Programdata\ShoppingReport\cs\db C:\Documents and Settings\mitt navn\Programdata\ShoppingReport\cs\dwld\WhiteList.xip C:\Documents and Settings\mitt navn\Programdata\ShoppingReport\cs\dwld C:\Documents and Settings\mitt navn\Programdata\ShoppingReport\cs\report\aggr_storage.xml C:\Documents and Settings\mitt navn\Programdata\ShoppingReport\cs\report\send_storage.xml C:\Documents and Settings\mitt navn\Programdata\ShoppingReport\cs\report C:\Documents and Settings\mitt navn\Programdata\ShoppingReport\cs\res1\WhiteList.dbs C:\Documents and Settings\mitt navn\Programdata\ShoppingReport\cs\res1 C:\Documents and Settings\mitt navn\Programdata\ShoppingReport\cs C:\Documents and Settings\mitt navn\Programdata\ShoppingReport\Programdata C:\Documents and Settings\mitt navn\Programdata\ShoppingReport\report C:\Documents and Settings\mitt navn\Programdata\ShoppingReport Trojan.Smitfraud Variant HKLM\Software\Classes\CLSID\{d70e9b0f-aabc-4066-8176-c6de84d92fa1} HKCR\CLSID\{D70E9B0F-AABC-4066-8176-C6DE84D92FA1} HKCR\CLSID\{D70E9B0F-AABC-4066-8176-C6DE84D92FA1}\InProcServer32 HKCR\CLSID\{D70E9B0F-AABC-4066-8176-C6DE84D92FA1}\InProcServer32#ThreadingModel C:\WINDOWS\SYSTEM32\KKNWG.DLL HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler#{d70e9b0f-aabc-4066-8176-c6de84d92fa1} Trojan.Media-Codec/V5 HKLM\Software\Classes\CLSID\{DB9FBA9D-AB1B-4CC6-9745-F3B549D64E40} HKCR\CLSID\{DB9FBA9D-AB1B-4CC6-9745-F3B549D64E40} HKCR\CLSID\{DB9FBA9D-AB1B-4CC6-9745-F3B549D64E40} HKCR\CLSID\{DB9FBA9D-AB1B-4CC6-9745-F3B549D64E40}\Implemented Categories HKCR\CLSID\{DB9FBA9D-AB1B-4CC6-9745-F3B549D64E40}\Implemented Categories\{00021493-0000-0000-C000-000000000046} HKCR\CLSID\{DB9FBA9D-AB1B-4CC6-9745-F3B549D64E40}\InprocServer32 HKCR\CLSID\{DB9FBA9D-AB1B-4CC6-9745-F3B549D64E40}\InprocServer32#ThreadingModel C:\PROGRAMFILER\NETPROJECT\WAMDL.DLL HKLM\Software\Microsoft\Internet Explorer\Toolbar#{DB9FBA9D-AB1B-4CC6-9745-F3B549D64E40} C:\Programfiler\NetProject\ot.ico C:\Programfiler\NetProject\Thumbs.db C:\Programfiler\NetProject\ts.ico C:\Programfiler\NetProject HKU\S-1-5-21-73586283-1604221776-682003330-1003\Software\NetProject HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Service HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Service#DisplayName HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Service#UninstallString HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Secure Browsing HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Secure Browsing#DisplayName HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Secure Browsing#UninstallString Adware.Tracking Cookie C:\Documents and Settings\mitt navn\Cookies\[email protected][1].txt C:\Documents and Settings\mitt navn\Cookies\[email protected][1].txt C:\Documents and Settings\mitt navn\Cookies\brustad!@x250[1].txt C:\Documents and Settings\mitt navn\Cookies\[email protected][2].txt C:\Documents and Settings\mitt navn\Cookies\brustad!@bravenet[1].txt C:\Documents and Settings\mitt navn\Cookies\[email protected][1].txt C:\Documents and Settings\mitt navn\Cookies\brustad!@findmore[1].txt C:\Documents and Settings\mitt navn\Cookies\brustad!@st[4].txt C:\Documents and Settings\mitt navn\Cookies\brustad!@youramateurporn[1].txt C:\Documents and Settings\mitt navn\Cookies\[email protected][2].txt C:\Documents and Settings\mitt navn\Cookies\brustad!@55674483[2].txt C:\Documents and Settings\mitt navn\Cookies\[email protected][2].txt C:\Documents and Settings\mitt navn\Cookies\brustad!@realmedia[2].txt C:\Documents and Settings\mitt navn\Cookies\[email protected][2].txt C:\Documents and Settings\mitt navn\Cookies\brustad!@sextracker[1].txt C:\Documents and Settings\mitt navn\Cookies\brustad!@0[1].txt C:\Documents and Settings\mitt navn\Cookies\[email protected][1].txt C:\Documents and Settings\mitt navn\Cookies\[email protected][1].txt C:\Documents and Settings\mitt navn\Cookies\[email protected][2].txt C:\Documents and Settings\mitt navn\Cookies\[email protected][2].txt C:\Documents and Settings\mitt navn!\Cookies\[email protected][2].txt C:\Documents and Settings\mitt navn!\Cookies\[email protected][1].txt C:\Documents and Settings\mitt navn!\Cookies\[email protected][1].txt C:\Documents and Settings\Brustad!\Cookies\brustad!@revsci[2].txt C:\Documents and Settings\Brustad!\Cookies\brustad!@specificclick[2].txt C:\Documents and Settings\Brustad!\Cookies\brustad!@sexlist[1].txt C:\Documents and Settings\Brustad!\Cookies\brustad!@sexzool[1].txt C:\Documents and Settings\Brustad!\Cookies\[email protected][2].txt C:\Documents and Settings\Brustad!\Cookies\brustad!@teeniefiles[2].txt C:\Documents and Settings\Brustad!\Cookies\brustad!@porndownloads[1].txt C:\Documents and Settings\Brustad!\Cookies\brustad!@serving-sys[1].txt C:\Documents and Settings\Brustad!\Cookies\[email protected][2].txt C:\Documents and Settings\Brustad!\Cookies\[email protected][2].txt C:\Documents and Settings\Brustad!\Cookies\brustad!@trafficmp[1].txt C:\Documents and Settings\Brustad!\Cookies\brustad!@cgi-bin[2].txt C:\Documents and Settings\Brustad!\Cookies\brustad!@drivecleaner[2].txt C:\Documents and Settings\Brustad!\Cookies\[email protected][1].txt C:\Documents and Settings\Brustad!\Cookies\[email protected][1].txt C:\Documents and Settings\Brustad!\Cookies\brustad!@hitbox[2].txt C:\Documents and Settings\Brustad!\Cookies\[email protected][1].txt C:\Documents and Settings\Brustad!\Cookies\brustad!@cgi-bin[3].txt C:\Documents and Settings\Brustad!\Cookies\brustad!@adbrite[1].txt C:\Documents and Settings\Brustad!\Cookies\[email protected][2].txt C:\Documents and Settings\Brustad!\Cookies\brustad!@adult-youtube-8[1].txt C:\Documents and Settings\Brustad!\Cookies\[email protected][1].txt C:\Documents and Settings\Brustad!\Cookies\brustad!@azjmp[2].txt C:\Documents and Settings\Brustad!\Cookies\[email protected][2].txt C:\Documents and Settings\Brustad!\Cookies\[email protected][1].txt C:\Documents and Settings\Brustad!\Cookies\[email protected][2].txt C:\Documents and Settings\Brustad!\Cookies\[email protected][1].txt C:\Documents and Settings\Brustad!\Cookies\brustad!@2o7[1].txt C:\Documents and Settings\Brustad!\Cookies\brustad!@tacoda[1].txt C:\Documents and Settings\Brustad!\Cookies\brustad!@cgi-bin[1].txt C:\Documents and Settings\Brustad!\Cookies\[email protected][2].txt C:\Documents and Settings\Brustad!\Cookies\[email protected][1].txt C:\Documents and Settings\Brustad!\Cookies\[email protected][1].txt C:\Documents and Settings\Brustad!\Cookies\[email protected][1].txt C:\Documents and Settings\Brustad!\Cookies\brustad!@clickbank[1].txt C:\Documents and Settings\Brustad!\Cookies\[email protected][1].txt C:\Documents and Settings\Brustad!\Cookies\brustad!@upspiral[3].txt C:\Documents and Settings\Brustad!\Cookies\brustad!@xiti[1].txt C:\Documents and Settings\Brustad!\Cookies\[email protected][1].txt C:\Documents and Settings\Brustad!\Cookies\[email protected][1].txt C:\Documents and Settings\Brustad!\Cookies\[email protected][1].txt C:\Documents and Settings\Brustad!\Cookies\[email protected][1].txt C:\Documents and Settings\Brustad!\Cookies\[email protected][2].txt C:\Documents and Settings\Brustad!\Cookies\brustad!@twelvefifteen[1].txt C:\Documents and Settings\Brustad!\Cookies\[email protected][2].txt C:\Documents and Settings\Brustad!\Cookies\brustad!@sexoyfamosas[1].txt C:\Documents and Settings\Brustad!\Cookies\brustad!@pornoarkivet[1].txt C:\Documents and Settings\Brustad!\Cookies\brustad!@hm-media[1].txt C:\Documents and Settings\Brustad!\Cookies\[email protected][2].txt C:\Documents and Settings\Brustad!\Cookies\[email protected][2].txt C:\Documents and Settings\Brustad!\Cookies\brustad!@adultswim[1].txt C:\Documents and Settings\Brustad!\Cookies\[email protected][1].txt C:\Documents and Settings\Brustad!\Cookies\[email protected][2].txt C:\Documents and Settings\Brustad!\Cookies\brustad!@overture[1].txt C:\Documents and Settings\Brustad!\Cookies\brustad!@partypoker[1].txt C:\Documents and Settings\Brustad!\Cookies\brustad!@humornsex[2].txt C:\Documents and Settings\Brustad!\Cookies\[email protected][1].txt C:\Documents and Settings\Brustad!\Cookies\[email protected][1].txt C:\Documents and Settings\Brustad!\Cookies\[email protected][2].txt C:\Documents and Settings\Brustad!\Cookies\[email protected][2].txt C:\Documents and Settings\Brustad!\Cookies\brustad!@megaporndump[1].txt C:\Documents and Settings\Brustad!\Cookies\[email protected][1].txt C:\Documents and Settings\Brustad!\Cookies\[email protected][1].txt C:\Documents and Settings\Brustad!\Cookies\[email protected][1].txt C:\Documents and Settings\Brustad!\Cookies\[email protected][1].txt C:\Documents and Settings\Brustad!\Cookies\brustad!@xxxcounter[1].txt C:\Documents and Settings\Brustad!\Cookies\brustad!@pornstarslikeitbig[1].txt C:\Documents and Settings\Brustad!\Cookies\[email protected][1].txt C:\Documents and Settings\Brustad!\Cookies\brustad!@burstnet[2].txt C:\Documents and Settings\Brustad!\Cookies\brustad!@sashafucksdasha[2].txt C:\Documents and Settings\Brustad!\Cookies\brustad!@1072482310[1].txt C:\Documents and Settings\Brustad!\Cookies\[email protected][1].txt C:\Documents and Settings\Brustad!\Cookies\brustad!@hqthefilmsxxx[1].txt C:\Documents and Settings\Brustad!\Cookies\[email protected][2].txt C:\Documents and Settings\Brustad!\Cookies\brustad!@pornL[1].txt C:\Documents and Settings\Brustad!\Cookies\[email protected][1].txt C:\Documents and Settings\Brustad!\Cookies\brustad!@0[3].txt C:\Documents and Settings\Brustad!\Cookies\brustad!@atdmt[2].txt C:\Documents and Settings\Brustad!\Cookies\brustad!@adultadworld[1].txt C:\Documents and Settings\Brustad!\Cookies\[email protected][1].txt C:\Documents and Settings\Brustad!\Cookies\[email protected][1].txt C:\Documents and Settings\Brustad!\Cookies\[email protected][2].txt C:\Documents and Settings\Brustad!\Cookies\brustad!@interfreesex[1].txt C:\Documents and Settings\Brustad!\Cookies\[email protected][1].txt C:\Documents and Settings\Brustad!\Cookies\[email protected][2].txt C:\Documents and Settings\Brustad!\Cookies\brustad!@1055750408[2].txt C:\Documents and Settings\Brustad!\Cookies\brustad!@1066577276[1].txt C:\Documents and Settings\Brustad!\Cookies\brustad!@windowsmedia[1].txt C:\Documents and Settings\Brustad!\Cookies\[email protected][2].txt C:\Documents and Settings\Brustad!\Cookies\[email protected][1].txt C:\Documents and Settings\Brustad!\Cookies\[email protected][1].txt C:\Documents and Settings\Brustad!\Cookies\brustad!@goclick[1].txt C:\Documents and Settings\Brustad!\Cookies\brustad!@toplist[1].txt C:\Documents and Settings\Brustad!\Cookies\brustad!@winanonymous[1].txt C:\Documents and Settings\Brustad!\Cookies\brustad!@videopornvault[1].txt C:\Documents and Settings\Brustad!\Cookies\brustad!@cassava[1].txt C:\Documents and Settings\Brustad!\Cookies\brustad!@adserver[1].txt C:\Documents and Settings\Brustad!\Cookies\[email protected][1].txt C:\Documents and Settings\Brustad!\Cookies\brustad!@247realmedia[2].txt C:\Documents and Settings\Brustad!\Cookies\[email protected][1].txt C:\Documents and Settings\Brustad!\Cookies\[email protected][1].txt C:\Documents and Settings\Brustad!\Cookies\brustad!@counter-strike[1].txt C:\Documents and Settings\Brustad!\Cookies\[email protected][1].txt C:\Documents and Settings\Brustad!\Cookies\[email protected][1].txt C:\Documents and Settings\Brustad!\Cookies\[email protected][1].txt C:\Documents and Settings\Brustad!\Cookies\brustad!@pro-market[2].txt C:\Documents and Settings\Brustad!\Cookies\brustad!@findwhat[1].txt C:\Documents and Settings\Brustad!\Cookies\brustad!@0[5].txt C:\Documents and Settings\Brustad!\Cookies\[email protected][1].txt C:\Documents and Settings\Brustad!\Cookies\brustad!@1069936947[2].txt C:\Documents and Settings\Brustad!\Cookies\[email protected][1].txt C:\Documents and Settings\Brustad!\Cookies\[email protected][1].txt C:\Documents and Settings\Brustad!\Cookies\[email protected][2].txt C:\Documents and Settings\Brustad!\Cookies\[email protected][1].txt C:\Documents and Settings\Brustad!\Cookies\[email protected][1].txt C:\Documents and Settings\Brustad!\Cookies\[email protected][1].txt C:\Documents and Settings\Brustad!\Cookies\[email protected][2].txt C:\Documents and Settings\Brustad!\Cookies\[email protected][2].txt C:\Documents and Settings\Brustad!\Cookies\[email protected][1].txt C:\Documents and Settings\Brustad!\Cookies\brustad!@apmebf[2].txt C:\Documents and Settings\Brustad!\Cookies\[email protected][1].txt C:\Documents and Settings\Brustad!\Cookies\brustad!@statcounter[1].txt C:\Documents and Settings\Brustad!\Cookies\[email protected][1].txt C:\Documents and Settings\Brustad!\Cookies\brustad!@adlegend[2].txt C:\Documents and Settings\Brustad!\Cookies\brustad!@porn365[2].txt C:\Documents and Settings\Brustad!\Cookies\brustad!@adviva[2].txt C:\Documents and Settings\Brustad!\Cookies\[email protected][2].txt C:\Documents and Settings\Brustad!\Cookies\brustad!@list[1].txt C:\Documents and Settings\Brustad!\Cookies\brustad!@optimost[2].txt C:\Documents and Settings\Brustad!\Cookies\[email protected][1].txt C:\Documents and Settings\Brustad!\Cookies\brustad!@upspiral[1].txt C:\Documents and Settings\Brustad!\Cookies\[email protected][1].txt C:\Documents and Settings\Brustad!\Cookies\[email protected][2].txt C:\Documents and Settings\Brustad!\Cookies\[email protected][1].txt C:\Documents and Settings\Brustad!\Cookies\brustad!@tradedoubler[2].txt C:\Documents and Settings\Brustad!\Cookies\brustad!@revenue[2].txt C:\Documents and Settings\Brustad!\Cookies\[email protected][2].txt C:\Documents and Settings\Brustad!\Cookies\[email protected][2].txt C:\Documents and Settings\Brustad!\Cookies\brustad!@yungporn[1].txt C:\Documents and Settings\Brustad!\Cookies\[email protected][2].txt C:\Documents and Settings\Brustad!\Cookies\[email protected][1].txt C:\Documents and Settings\Brustad!\Cookies\brustad!@st[5].txt C:\Documents and Settings\Brustad!\Cookies\[email protected][2].txt C:\Documents and Settings\Brustad!\Cookies\[email protected][1].txt C:\Documents and Settings\Brustad!\Cookies\[email protected][1].txt C:\Documents and Settings\Brustad!\Cookies\brustad!@hornyfux[1].txt C:\Documents and Settings\Brustad!\Cookies\[email protected][1].txt C:\Documents and Settings\Brustad!\Cookies\[email protected][1].txt C:\Documents and Settings\Brustad!\Cookies\brustad!@toplist[3].txt C:\Documents and Settings\Brustad!\Cookies\[email protected][1].txt C:\Documents and Settings\Brustad!\Cookies\[email protected][2].txt C:\Documents and Settings\Brustad!\Cookies\brustad!@mediaplex[2].txt C:\Documents and Settings\Brustad!\Cookies\brustad!@insightexpressai[1].txt C:\Documents and Settings\Brustad!\Cookies\brustad!@virusranger[2].txt C:\Documents and Settings\Brustad!\Cookies\[email protected][2].txt C:\Documents and Settings\Brustad!\Cookies\[email protected][1].txt C:\Documents and Settings\Brustad!\Cookies\brustad!@clicksor[2].txt C:\Documents and Settings\Brustad!\Cookies\[email protected][2].txt C:\Documents and Settings\Brustad!\Cookies\[email protected][2].txt C:\Documents and Settings\Brustad!\Cookies\[email protected][1].txt C:\Documents and Settings\Brustad!\Cookies\brustad!@888[2].txt C:\Documents and Settings\Brustad!\Cookies\[email protected][1].txt C:\Documents and Settings\Brustad!\Cookies\brustad!@work[1].txt C:\Documents and Settings\Brustad!\Cookies\brustad!@out[1].txt C:\Documents and Settings\Brustad!\Cookies\[email protected][2].txt C:\Documents and Settings\Brustad!\Cookies\brustad!@adrevolver[2].txt C:\Documents and Settings\Brustad!\Cookies\brustad!@minitrackmania[1].txt C:\Documents and Settings\Brustad!\Cookies\[email protected][2].txt C:\Documents and Settings\Brustad!\Cookies\brustad!@adultfriendfinder[1].txt C:\Documents and Settings\Brustad!\Cookies\brustad!@indextools[2].txt C:\Documents and Settings\Brustad!\Cookies\[email protected][2].txt C:\Documents and Settings\Brustad!\Cookies\brustad!@doubleclick[1].txt C:\Documents and Settings\Brustad!\Cookies\brustad!@dealtime[1].txt C:\Documents and Settings\Brustad!\Cookies\[email protected][2].txt C:\Documents and Settings\Brustad!\Cookies\brustad!@findology[2].txt C:\Documents and Settings\Brustad!\Cookies\[email protected][1].txt C:\Documents and Settings\Brustad!\Cookies\brustad!@antispykit[1].txt C:\Documents and Settings\Brustad!\Cookies\brustad!@zedo[1].txt C:\Documents and Settings\Brustad!\Cookies\brustad!@indexstats[2].txt C:\Documents and Settings\Brustad!\Cookies\brustad!@adtech[1].txt C:\Documents and Settings\Brustad!\Cookies\[email protected][2].txt C:\Documents and Settings\Brustad!\Cookies\brustad!@kontera[2].txt C:\Documents and Settings\Brustad!\Cookies\[email protected][2].txt C:\Documents and Settings\Brustad!\Cookies\brustad!@advancedcleaner[1].txt C:\Documents and Settings\Brustad!\Cookies\brustad!@fastclick[1].txt C:\Documents and Settings\Brustad!\Cookies\brustad!@mediatraffic[2].txt C:\Documents and Settings\Brustad!\Cookies\[email protected][1].txt C:\Documents and Settings\Brustad!\Cookies\brustad!@casalemedia[1].txt C:\Documents and Settings\Brustad!\Cookies\brustad!@hotlog[1].txt C:\Documents and Settings\Brustad!\Cookies\[email protected][1].txt C:\Documents and Settings\Brustad!\Cookies\brustad!@1070151330[1].txt C:\Documents and Settings\Brustad!\Cookies\[email protected][2].txt C:\Documents and Settings\Brustad!\Cookies\[email protected][1].txt C:\Documents and Settings\Brustad!\Cookies\brustad!@spylog[2].txt C:\Documents and Settings\Brustad!\Cookies\[email protected][2].txt C:\Documents and Settings\Brustad!\Cookies\brustad!@1066759023[1].txt C:\Documents and Settings\Brustad!\Cookies\brustad!@winpcdoctor[2].txt C:\Documents and Settings\Brustad!\Cookies\brustad!@winspycontrol[1].txt C:\Documents and Settings\Brustad!\Cookies\brustad!@tribalfusion[1].txt C:\Documents and Settings\Brustad!\Cookies\[email protected][1].txt C:\Documents and Settings\Brustad!\Cookies\[email protected][1].txt C:\Documents and Settings\Brustad!\Cookies\[email protected][1].txt C:\Documents and Settings\Brustad!\Cookies\brustad!@incentaclick[1].txt C:\Documents and Settings\Brustad!\Cookies\brustad!@advertising[2].txt C:\Documents and Settings\Brustad!\Cookies\[email protected][2].txt C:\Documents and Settings\Brustad!\Cookies\brustad!@atwola[2].txt C:\Documents and Settings\Brustad!\Cookies\brustad!@maxserving[1].txt C:\Documents and Settings\Brustad!\Cookies\[email protected][1].txt C:\Documents and Settings\Brustad!\Cookies\[email protected][2].txt C:\Documents and Settings\Brustad!\Cookies\[email protected][2].txt C:\Documents and Settings\Brustad!\Cookies\brustad!@clickaider[2].txt C:\Documents and Settings\Brustad!\Cookies\brustad!@yadro[1].txt C:\Documents and Settings\Brustad!\Cookies\brustad!@sex[1].txt C:\Documents and Settings\Brustad!\Cookies\brustad!@counter[1].txt C:\Documents and Settings\Brustad!\Cookies\brustad!@mediaPlayers[1].txt Adware.WhenU HKCR\WUSN.1 HKCR\WUSN.1#WUSN_Id HKCR\WUSE.1 HKCR\WUSE.1#WUSE_Id Trojan.Security Toolbar C:\Documents and Settings\All Users\Start-meny\Online Security Guide.url C:\Documents and Settings\All Users\Start-meny\Security Troubleshooting.url Trojan.Media-Codec C:\Documents and Settings\Brustad!\Favoritter\Online Security Test.url Trojan.Media-Codec/V4 HKU\S-1-5-21-73586283-1604221776-682003330-1003\Software\Online Add-on HKCR\multimediaControls.chl HKCR\multimediaControls.chl\CLSID Rogue.VirusHeat HKCR\CLSID\{E94EB13E-D78F-0857-7734-5E67A49FFFF1} HKCR\CLSID\{E94EB13E-D78F-0857-7734-5E67A49FFFF1}\caHY HKCR\CLSID\{E94EB13E-D78F-0857-7734-5E67A49FFFF1}\DllVersion HKCR\CLSID\{E94EB13E-D78F-0857-7734-5E67A49FFFF1}\jVxBmsn HKCR\CLSID\{E94EB13E-D78F-0857-7734-5E67A49FFFF1}\ProgId HKCR\CLSID\{E94EB13E-D78F-0857-7734-5E67A49FFFF1}\vzjxgTmpxplh HKCR\CLSID\{E94EB13E-D78F-0857-7734-5E67A49FFFF1}\WdxjiKwrhJNcx HKCR\CLSID\{E94EB13E-D78F-0857-7734-5E67A49FFFF1}\wnxagc HKCR\CLSID\{E94EB13E-D78F-0857-7734-5E67A49FFFF1}\yoaQNpykq HKCR\TypeLib\{83B0CADC-EA64-4AC6-822A-3ECE95F44DA6} HKCR\TypeLib\{83B0CADC-EA64-4AC6-822A-3ECE95F44DA6}\1.0 HKCR\TypeLib\{83B0CADC-EA64-4AC6-822A-3ECE95F44DA6}\1.0 HKCR\TypeLib\{83B0CADC-EA64-4AC6-822A-3ECE95F44DA6}\1.0\win32 HKCR\TypeLib\{83B0CADC-EA64-4AC6-822A-3ECE95F44DA6}\1.0\FLAGS HKCR\TypeLib\{83B0CADC-EA64-4AC6-822A-3ECE95F44DA6}\1.0\HELPDIR HKCR\Interface\{14E6D991-DB22-4661-981D-20C168D6847B} HKCR\Interface\{14E6D991-DB22-4661-981D-20C168D6847B}\ProxyStubClsid HKCR\Interface\{14E6D991-DB22-4661-981D-20C168D6847B}\ProxyStubClsid32 HKCR\Interface\{14E6D991-DB22-4661-981D-20C168D6847B}\TypeLib HKCR\Interface\{14E6D991-DB22-4661-981D-20C168D6847B}\TypeLib#Version HKCR\Interface\{2242513C-F5E9-41B3-BC89-4D9DAF487450} HKCR\Interface\{2242513C-F5E9-41B3-BC89-4D9DAF487450}\ProxyStubClsid HKCR\Interface\{2242513C-F5E9-41B3-BC89-4D9DAF487450}\ProxyStubClsid32 HKCR\Interface\{2242513C-F5E9-41B3-BC89-4D9DAF487450}\TypeLib HKCR\Interface\{2242513C-F5E9-41B3-BC89-4D9DAF487450}\TypeLib#Version HKCR\Interface\{3B489B37-FC1B-45C8-B1CE-78D9AEF5B336} HKCR\Interface\{3B489B37-FC1B-45C8-B1CE-78D9AEF5B336}\ProxyStubClsid HKCR\Interface\{3B489B37-FC1B-45C8-B1CE-78D9AEF5B336}\ProxyStubClsid32 HKCR\Interface\{3B489B37-FC1B-45C8-B1CE-78D9AEF5B336}\TypeLib HKCR\Interface\{3B489B37-FC1B-45C8-B1CE-78D9AEF5B336}\TypeLib#Version HKCR\Interface\{3D6A6E24-FDFF-418E-A93D-9FBDCBA377AF} HKCR\Interface\{3D6A6E24-FDFF-418E-A93D-9FBDCBA377AF}\ProxyStubClsid HKCR\Interface\{3D6A6E24-FDFF-418E-A93D-9FBDCBA377AF}\ProxyStubClsid32 HKCR\Interface\{3D6A6E24-FDFF-418E-A93D-9FBDCBA377AF}\TypeLib HKCR\Interface\{3D6A6E24-FDFF-418E-A93D-9FBDCBA377AF}\TypeLib#Version HKCR\Interface\{3E318E44-0C35-4292-AF91-18DD17795636} HKCR\Interface\{3E318E44-0C35-4292-AF91-18DD17795636}\ProxyStubClsid HKCR\Interface\{3E318E44-0C35-4292-AF91-18DD17795636}\ProxyStubClsid32 HKCR\Interface\{3E318E44-0C35-4292-AF91-18DD17795636}\TypeLib HKCR\Interface\{3E318E44-0C35-4292-AF91-18DD17795636}\TypeLib#Version HKCR\Interface\{495349A3-3A35-465F-88DF-6CCFC1348246} HKCR\Interface\{495349A3-3A35-465F-88DF-6CCFC1348246}\ProxyStubClsid HKCR\Interface\{495349A3-3A35-465F-88DF-6CCFC1348246}\ProxyStubClsid32 HKCR\Interface\{495349A3-3A35-465F-88DF-6CCFC1348246}\TypeLib HKCR\Interface\{495349A3-3A35-465F-88DF-6CCFC1348246}\TypeLib#Version HKCR\Interface\{575E8879-D6CF-4992-A7FE-651DA9277BCB} HKCR\Interface\{575E8879-D6CF-4992-A7FE-651DA9277BCB}\ProxyStubClsid HKCR\Interface\{575E8879-D6CF-4992-A7FE-651DA9277BCB}\ProxyStubClsid32 HKCR\Interface\{575E8879-D6CF-4992-A7FE-651DA9277BCB}\TypeLib HKCR\Interface\{575E8879-D6CF-4992-A7FE-651DA9277BCB}\TypeLib#Version HKCR\Interface\{76A15001-FF88-47EE-9E34-9F68E34246AF} HKCR\Interface\{76A15001-FF88-47EE-9E34-9F68E34246AF}\ProxyStubClsid HKCR\Interface\{76A15001-FF88-47EE-9E34-9F68E34246AF}\ProxyStubClsid32 HKCR\Interface\{76A15001-FF88-47EE-9E34-9F68E34246AF}\TypeLib HKCR\Interface\{76A15001-FF88-47EE-9E34-9F68E34246AF}\TypeLib#Version HKCR\Interface\{819A1C55-735F-4696-8727-3772EC87AD26} HKCR\Interface\{819A1C55-735F-4696-8727-3772EC87AD26}\ProxyStubClsid HKCR\Interface\{819A1C55-735F-4696-8727-3772EC87AD26}\ProxyStubClsid32 HKCR\Interface\{819A1C55-735F-4696-8727-3772EC87AD26}\TypeLib HKCR\Interface\{819A1C55-735F-4696-8727-3772EC87AD26}\TypeLib#Version HKCR\Interface\{8DC7E656-FFBC-4BA2-AF81-1C6C4FE04407} HKCR\Interface\{8DC7E656-FFBC-4BA2-AF81-1C6C4FE04407}\ProxyStubClsid HKCR\Interface\{8DC7E656-FFBC-4BA2-AF81-1C6C4FE04407}\ProxyStubClsid32 HKCR\Interface\{8DC7E656-FFBC-4BA2-AF81-1C6C4FE04407}\TypeLib HKCR\Interface\{8DC7E656-FFBC-4BA2-AF81-1C6C4FE04407}\TypeLib#Version HKCR\Interface\{A86BED71-2B56-4778-9C48-829A3D01C687} HKCR\Interface\{A86BED71-2B56-4778-9C48-829A3D01C687}\ProxyStubClsid HKCR\Interface\{A86BED71-2B56-4778-9C48-829A3D01C687}\ProxyStubClsid32 HKCR\Interface\{A86BED71-2B56-4778-9C48-829A3D01C687}\TypeLib HKCR\Interface\{A86BED71-2B56-4778-9C48-829A3D01C687}\TypeLib#Version HKCR\Interface\{AE119E11-CF86-43CB-91AA-1ACF2BBF9EC6} HKCR\Interface\{AE119E11-CF86-43CB-91AA-1ACF2BBF9EC6}\ProxyStubClsid HKCR\Interface\{AE119E11-CF86-43CB-91AA-1ACF2BBF9EC6}\ProxyStubClsid32 HKCR\Interface\{AE119E11-CF86-43CB-91AA-1ACF2BBF9EC6}\TypeLib HKCR\Interface\{AE119E11-CF86-43CB-91AA-1ACF2BBF9EC6}\TypeLib#Version HKCR\Interface\{B5A1CE7F-011D-4475-98DB-076AAF3B1D18} HKCR\Interface\{B5A1CE7F-011D-4475-98DB-076AAF3B1D18}\ProxyStubClsid HKCR\Interface\{B5A1CE7F-011D-4475-98DB-076AAF3B1D18}\ProxyStubClsid32 HKCR\Interface\{B5A1CE7F-011D-4475-98DB-076AAF3B1D18}\TypeLib HKCR\Interface\{B5A1CE7F-011D-4475-98DB-076AAF3B1D18}\TypeLib#Version HKCR\Interface\{B667F141-171C-4AC6-BD2B-8E0C646FB920} HKCR\Interface\{B667F141-171C-4AC6-BD2B-8E0C646FB920}\ProxyStubClsid HKCR\Interface\{B667F141-171C-4AC6-BD2B-8E0C646FB920}\ProxyStubClsid32 HKCR\Interface\{B667F141-171C-4AC6-BD2B-8E0C646FB920}\TypeLib HKCR\Interface\{B667F141-171C-4AC6-BD2B-8E0C646FB920}\TypeLib#Version HKCR\Interface\{DA4F8351-05EF-4956-B9AB-1093B732436F} HKCR\Interface\{DA4F8351-05EF-4956-B9AB-1093B732436F}\ProxyStubClsid HKCR\Interface\{DA4F8351-05EF-4956-B9AB-1093B732436F}\ProxyStubClsid32 HKCR\Interface\{DA4F8351-05EF-4956-B9AB-1093B732436F}\TypeLib HKCR\Interface\{DA4F8351-05EF-4956-B9AB-1093B732436F}\TypeLib#Version HKCR\Interface\{E1E4E46D-53B8-45DC-ABF0-3E7ADEF79012} HKCR\Interface\{E1E4E46D-53B8-45DC-ABF0-3E7ADEF79012}\ProxyStubClsid HKCR\Interface\{E1E4E46D-53B8-45DC-ABF0-3E7ADEF79012}\ProxyStubClsid32 HKCR\Interface\{E1E4E46D-53B8-45DC-ABF0-3E7ADEF79012}\TypeLib HKCR\Interface\{E1E4E46D-53B8-45DC-ABF0-3E7ADEF79012}\TypeLib#Version HJT logg. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 19:12:47, on 04.10.2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Programfiler\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\Programfiler\Netropa\Multimedia Keyboard\nhksrv.exe C:\WINDOWS\System32\svchost.exe C:\Programfiler\Avira\AntiVir PersonalEdition Classic\sched.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\ATKKBService.exe C:\WINDOWS\system32\lxctcoms.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\PnkBstrA.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\SOUNDMAN.EXE C:\Programfiler\Macrogaming\SweetIM\SweetIM.exe C:\Programfiler\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\Programfiler\Lexmark 5400 Series\lxctmon.exe C:\Programfiler\Lexmark 5400 Series\ezprint.exe C:\Programfiler\Java\jre1.6.0_07\bin\jusched.exe C:\Programfiler\MSI\Live Update 3\LMonitor.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Programfiler\Netropa\Multimedia Keyboard\MMKeybd.exe C:\Programfiler\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Programfiler\Windows Live\Messenger\msnmsgr.exe C:\Programfiler\DAEMON Tools Lite\daemon.exe C:\WINDOWS\NCLAUNCH.EXe C:\Program Files\ASUS\SmartDoctor\SmartDoctor.exe C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Programfiler\Netropa\Multimedia Keyboard\TrayMon.exe C:\Programfiler\Netropa\Onscreen Display\OSD.exe C:\Programfiler\OpenOffice.org 2.4\program\soffice.exe C:\Programfiler\OpenOffice.org 2.4\program\soffice.BIN C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\notepad.exe C:\Programfiler\Mozilla Firefox\firefox.exe C:\Documents and Settings\Brustad!\Skrivebord\HJT mappa\I like this shit.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://downloads.phpnuke.org/en/index.php?...&d=79919286 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Programfiler\Macrogaming\SweetIMBarForIE\toolbar.dll (file missing) R3 - URLSearchHook: P2P Energy Toolbar - {2bae58c2-79f9-45d1-a286-81f911301c3a} - C:\Programfiler\P2P_Energy\tbP2P_.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: ShoppingReport - {100EB1FD-D03E-47FD-81F3-EE91287F9465} - C:\Programfiler\ShoppingReport\Bin\2.5.0\ShoppingReport.dll (file missing) O2 - BHO: Lexmark Verktøylinje - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Programfiler\Lexmark Toolbar\toolband.dll O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.dll (file missing) O2 - BHO: P2P Energy Toolbar - {2bae58c2-79f9-45d1-a286-81f911301c3a} - C:\Programfiler\P2P_Energy\tbP2P_.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: Påloggingshjelp for Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programfiler\google\googletoolbar1.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programfiler\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programfiler\Windows Live Toolbar\msntb.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programfiler\google\googletoolbar1.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programfiler\Windows Live Toolbar\msntb.dll O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Programfiler\Macrogaming\SweetIMBarForIE\toolbar.dll (file missing) O3 - Toolbar: P2P Energy Toolbar - {2bae58c2-79f9-45d1-a286-81f911301c3a} - C:\Programfiler\P2P_Energy\tbP2P_.dll O3 - Toolbar: Lexmark Verktøylinje - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Programfiler\Lexmark Toolbar\toolband.dll O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [sweetIM] C:\Programfiler\Macrogaming\SweetIM\SweetIM.exe O4 - HKLM\..\Run: [avgnt] "C:\Programfiler\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [blubster] C:\Documents and Settings\Brustad!\Skrivebord\Blubster\blubster.exe SILENT O4 - HKLM\..\Run: [lxctmon.exe] "C:\Programfiler\Lexmark 5400 Series\lxctmon.exe" O4 - HKLM\..\Run: [Lexmark 5400 Series Fax Server] "C:\Programfiler\Lexmark 5400 Series\fm3032.exe" /s O4 - HKLM\..\Run: [EzPrint] "C:\Programfiler\Lexmark 5400 Series\ezprint.exe" O4 - HKLM\..\Run: [LXCTCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCTtime.dll,_RunDLLEntry@16 O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programfiler\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [LiveMonitor] C:\Programfiler\MSI\Live Update 3\LMonitor.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [MULTIMEDIA KEYBOARD] C:\Programfiler\Netropa\Multimedia Keyboard\MMKeybd.exe O4 - HKCU\..\Run: [swg] C:\Programfiler\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Programfiler\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [sweetIM] C:\Programfiler\Macrogaming\SweetIM\SweetIM.exe O4 - HKCU\..\Run: [ares] "C:\Programfiler\Ares\Ares.exe" -h O4 - HKCU\..\Run: [ATVSetup.exe] C:\DOCUME~1\Brustad!\SKRIVE~1\ATVSET~1.EXE /r O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Programfiler\DAEMON Tools Lite\daemon.exe" -autorun O4 - HKCU\..\Run: [NCLaunch] C:\WINDOWS\NCLAUNCH.EXe O4 - HKCU\..\Run: [ASUS SmartDoctor] C:\Program Files\ASUS\SmartDoctor\\SmartDoctor.exe /start O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETTVERKSTJENESTE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: Adobe Gamma.lnk = C:\Programfiler\Fellesfiler\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Startup: OpenOffice.org 2.4.lnk = C:\Programfiler\OpenOffice.org 2.4\program\quickstart.exe O4 - Startup: Ubisoft register.lnk = C:\Programfiler\Ubisoft\Register\schedule.exe O8 - Extra context menu item: &Windows Live Search - res://C:\Programfiler\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: Oppslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file://C:\Programfiler\Monopoly\Images\stg_drm.ocx O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab O16 - DPF: {A903E5AB-C67E-40FB-94F1-E1305982F6E0} (KooPlayer Control) - http://www.tvkoo.com/update/UKooPlayer.ocx O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file://C:\Programfiler\Monopoly\Images\armhelper.ocx O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.113.108 85.255.112.197 O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.113.108 85.255.112.197 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.113.108 85.255.112.197 O20 - Winlogon Notify: !SASWinLogon - C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Programfiler\Fellesfiler\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programfiler\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Programfiler\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programfiler\Fellesfiler\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Programfiler\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: lxct_device - - C:\WINDOWS\system32\lxctcoms.exe O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Programfiler\Netropa\Multimedia Keyboard\nhksrv.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O24 - Desktop Component 0: (no name) - http://images.autodb.no/spacer.gif O24 - Desktop Component 1: (no name) - file:///C:/DOCUME~1/Brustad!/LOKALE~1/Temp/msohtml1/01/clip_image002.jpg -- End of file - 10543 bytes blir veldig gla hvis noen sjekker loggene mine. Lenke til kommentar
Svenni212000 Skrevet 4. oktober 2008 Del Skrevet 4. oktober 2008 (endret) Last ned: RevoUninstaller - ewido micro scanner - Dr.Web CureIt! - Combofix - CCleaner Kjør Revo og avinstaller SweetIM og/eller Smiley Central og P2P Energy Toolbar Velg avansert modus og slett filer funnet etter avisntallering. Kjør CCleaner. Kjør "Renser" til det ikke er mer filer å slette, så "Register" til du får Ingen feil funnet Kjør ewido micro scanner Kjør Dr.Web CureIt! {-Kjør Full Scan-} Kjør Combofix Kjør HijackThis, se etter og marker følgende og velg Fix checked || R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Programfiler\Macrogaming\SweetIMBarForIE\toolbar.dll (file missing) || R3 - URLSearchHook: P2P Energy Toolbar - {2bae58c2-79f9-45d1-a286-81f911301c3a} - C:\Programfiler\P2P_Energy\tbP2P_.dll || O2 - BHO: ShoppingReport - {100EB1FD-D03E-47FD-81F3-EE91287F9465} - C:\Programfiler\ShoppingReport\Bin\2.5.0\ShoppingReport.dll (file missing) || O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.dll (file missing) || O2 - BHO: P2P Energy Toolbar - {2bae58c2-79f9-45d1-a286-81f911301c3a} - C:\Programfiler\P2P_Energy\tbP2P_.dll || O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Programfiler\Macrogaming\SweetIMBarForIE\toolbar.dll (file missing) || O3 - Toolbar: P2P Energy Toolbar - {2bae58c2-79f9-45d1-a286-81f911301c3a} - C:\Programfiler\P2P_Energy\tbP2P_.dll || O4 - HKLM\..\Run: [sweetIM] C:\Programfiler\Macrogaming\SweetIM\SweetIM.exe || O4 - HKCU\..\Run: [sweetIM] C:\Programfiler\Macrogaming\SweetIM\SweetIM.exe || O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.113.108 85.255.112.197 || O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.113.108 85.255.112.197 || O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.113.108 85.255.112.197 Kjør så en ny runde med Super Anti Spyware. Kontroller at du har de nyeste oppdateringene. Oppdater og kjør scan med ditt antivirusprogram, eller kjør en Online Scanner http://housecall.trendmicro.com/ http://www.bitdefender.com/scan8/ie.html http://support.f-secure.com/enu/home/ols.shtml http://www.pandasecurity.com/homeusers/solutions/activescan/ Kjør en ny runde med CCleaner. Kjør "Renser" til det ikke er mer filer å slette, så "Register" til du får Ingen feil funnet Kjør HijackThis på nytt og post de nye; SAS, CureIt, Combofix og HijackThis loggen i denne tråden Endret 4. oktober 2008 av Svenni212000 Lenke til kommentar
snippsat Skrevet 4. oktober 2008 Del Skrevet 4. oktober 2008 Vi har en guide fra norbat vi bruker Svenni21200. https://www.diskusjon.no/index.php?showtopic=691246 Dette er en meget bra guide fra den personen jeg mener kan mest om dette i norge. Du spør om comofix logg,vær klar at da bør du kunne analysere loggen og lage CFScript for fjerning av malware. Lenke til kommentar
yamahaen Skrevet 10. oktober 2008 Forfatter Del Skrevet 10. oktober 2008 hjt logg Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 17:36:35, on 07.10.2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Programfiler\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\Programfiler\Netropa\Multimedia Keyboard\nhksrv.exe C:\WINDOWS\System32\svchost.exe C:\Programfiler\Avira\AntiVir PersonalEdition Classic\sched.exe C:\WINDOWS\ATKKBService.exe C:\WINDOWS\system32\lxctcoms.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\PnkBstrA.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\SOUNDMAN.EXE C:\Programfiler\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\Programfiler\Lexmark 5400 Series\lxctmon.exe C:\Programfiler\Lexmark 5400 Series\ezprint.exe C:\Programfiler\Java\jre1.6.0_07\bin\jusched.exe C:\Programfiler\MSI\Live Update 3\LMonitor.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Programfiler\Netropa\Multimedia Keyboard\MMKeybd.exe C:\Programfiler\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Programfiler\Windows Live\Messenger\msnmsgr.exe C:\Programfiler\DAEMON Tools Lite\daemon.exe C:\WINDOWS\NCLAUNCH.EXe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\ASUS\SmartDoctor\SmartDoctor.exe C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Programfiler\Netropa\Multimedia Keyboard\TrayMon.exe C:\WINDOWS\System32\svchost.exe C:\Programfiler\Netropa\Onscreen Display\OSD.exe C:\Programfiler\OpenOffice.org 2.4\program\soffice.exe C:\Programfiler\OpenOffice.org 2.4\program\soffice.BIN C:\Programfiler\Windows Live\Messenger\usnsvc.exe C:\Programfiler\Mozilla Firefox\firefox.exe C:\Documents and Settings\Brustad!\Skrivebord\HJT mappa\I like this shit.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://downloads.phpnuke.org/en/index.php?...&d=79919286 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: Lexmark Verktøylinje - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Programfiler\Lexmark Toolbar\toolband.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: Påloggingshjelp for Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programfiler\google\googletoolbar1.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programfiler\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programfiler\Windows Live Toolbar\msntb.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programfiler\google\googletoolbar1.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programfiler\Windows Live Toolbar\msntb.dll O3 - Toolbar: Lexmark Verktøylinje - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Programfiler\Lexmark Toolbar\toolband.dll O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [avgnt] "C:\Programfiler\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [lxctmon.exe] "C:\Programfiler\Lexmark 5400 Series\lxctmon.exe" O4 - HKLM\..\Run: [Lexmark 5400 Series Fax Server] "C:\Programfiler\Lexmark 5400 Series\fm3032.exe" /s O4 - HKLM\..\Run: [EzPrint] "C:\Programfiler\Lexmark 5400 Series\ezprint.exe" O4 - HKLM\..\Run: [LXCTCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCTtime.dll,_RunDLLEntry@16 O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programfiler\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [LiveMonitor] C:\Programfiler\MSI\Live Update 3\LMonitor.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [MULTIMEDIA KEYBOARD] C:\Programfiler\Netropa\Multimedia Keyboard\MMKeybd.exe O4 - HKCU\..\Run: [swg] C:\Programfiler\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Programfiler\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Programfiler\DAEMON Tools Lite\daemon.exe" -autorun O4 - HKCU\..\Run: [NCLaunch] C:\WINDOWS\NCLAUNCH.EXe O4 - HKCU\..\Run: [ASUS SmartDoctor] C:\Program Files\ASUS\SmartDoctor\\SmartDoctor.exe /start O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETTVERKSTJENESTE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: Adobe Gamma.lnk = C:\Programfiler\Fellesfiler\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Startup: OpenOffice.org 2.4.lnk = C:\Programfiler\OpenOffice.org 2.4\program\quickstart.exe O8 - Extra context menu item: &Windows Live Search - res://C:\Programfiler\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: Oppslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file://C:\Programfiler\Monopoly\Images\stg_drm.ocx O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://go.divx.com/plugin/DivXBrowserPlugin.cab O16 - DPF: {A903E5AB-C67E-40FB-94F1-E1305982F6E0} (KooPlayer Control) - http://www.tvkoo.com/update/UKooPlayer.ocx O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file://C:\Programfiler\Monopoly\Images\armhelper.ocx O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.113.108 85.255.112.197 O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.113.108 85.255.112.197 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.113.108 85.255.112.197 O20 - Winlogon Notify: !SASWinLogon - C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Programfiler\Fellesfiler\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programfiler\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Programfiler\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programfiler\Fellesfiler\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Programfiler\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: lxct_device - - C:\WINDOWS\system32\lxctcoms.exe O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Programfiler\Netropa\Multimedia Keyboard\nhksrv.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O24 - Desktop Component 0: (no name) - http://images.autodb.no/spacer.gif O24 - Desktop Component 1: (no name) - file:///C:/DOCUME~1/Brustad!/LOKALE~1/Temp/msohtml1/01/clip_image002.jpg -- End of file - 9100 bytes sas ligg SUPERAntiSpyware Scan Log http://www.superantispyware.com Generated 10/05/2008 at 05:13 AM Application Version : 4.21.1004 Core Rules Database Version : 3588 Trace Rules Database Version: 1575 Scan type : Complete Scan Total Scan Time : 02:42:44 Memory items scanned : 525 Memory threats detected : 0 Registry items scanned : 4980 Registry threats detected : 6 File items scanned : 16299 File threats detected : 7 Adware.Tracking Cookie C:\Documents and Settings\Brustad!\Cookies\brustad!@serving-sys[2].txt C:\Documents and Settings\Brustad!\Cookies\brustad!@list[1].txt C:\Documents and Settings\Brustad!\Cookies\brustad!@hotlog[2].txt C:\Documents and Settings\Brustad!\Cookies\brustad!@spylog[2].txt C:\Documents and Settings\Brustad!\Cookies\[email protected][2].txt C:\Documents and Settings\Brustad!\Cookies\brustad!@advertising[1].txt C:\Documents and Settings\Brustad!\Cookies\brustad!@atdmt[2].txt Adware.Zango/ShoppingReport HKCR\TypeLib\{E343EDFC-1E6C-4CB5-AA29-E9C922641C80} HKCR\TypeLib\{E343EDFC-1E6C-4CB5-AA29-E9C922641C80}\1.0 HKCR\TypeLib\{E343EDFC-1E6C-4CB5-AA29-E9C922641C80}\1.0 HKCR\TypeLib\{E343EDFC-1E6C-4CB5-AA29-E9C922641C80}\1.0\win32 HKCR\TypeLib\{E343EDFC-1E6C-4CB5-AA29-E9C922641C80}\1.0\FLAGS HKCR\TypeLib\{E343EDFC-1E6C-4CB5-AA29-E9C922641C80}\1.0\HELPDIR combofix loggen lagret seg vist ikke fordi eg hadde en gammel combofix logg der. cure it fikk eg ikke til virke. den stoppet opp. Lenke til kommentar
snippsat Skrevet 10. oktober 2008 Del Skrevet 10. oktober 2008 Start HijackThis "scan" finn disse linjene merk dem,så trykk fix checked. O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.113.108 85.255.112.197 O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.113.108 85.255.112.197 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.113.108 85.255.112.197 Last ned MBAM til skrivebordet. Velg Norsk språkdrakt-->kjør hurtig systemskann. Når MBAM er ferdig åpner den en logg,den poster du. Last combofix på nytt. Last Combofix ned ,legg på skrivebordet. Ikke klikk på vindu mens programmet kjører. post logg C:\combofix.txt combofix loggen lagret seg vist ikke fordi eg hadde en gammel combofix logg der Den lager alltid en logg selv om det ligger logg der fra før. Lenke til kommentar
yamahaen Skrevet 10. oktober 2008 Forfatter Del Skrevet 10. oktober 2008 (endret) mbam logg her, combofix kommer strax. Malwarebytes' Anti-Malware 1.28 Database versjon: 1251 Windows 5.1.2600 Service Pack 2 10.10.2008 20:24:18 mbam-log-2008-10-10 (20-24-18).txt Skanntype: Rask Skann Objekter skannet: 46319 Tid tilbakelagt: 10 minute(s), 32 second(s) Minneprosesser infisert: 0 Minnemoduler infisert: 0 Registernøkler infisert: 6 Registerverdier infisert: 3 Registerfiler infisert: 4 Mapper infisert: 1 Filer infisert: 0 Minneprosesser infisert: (Ingen mistenkelige filer funnet) Minnemoduler infisert: (Ingen mistenkelige filer funnet) Registernøkler infisert: HKEY_CLASSES_ROOT\shoppingreport.rprtctrl (Adware.Shopping.Report) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\shoppingreport.rprtctrl.1 (Adware.Shopping.Report) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{100eb1fd-d03e-47fd-81f3-ee91287f9465} (Adware.Shopping.Report) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Typelib\{50ccd00a-66b6-4d95-aaef-8ee959498f92} (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Trymedia Systems (Adware.Trymedia) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\stfngdvw.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully. Registerverdier infisert: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow\*.securewebinfo.com (Trojan.Zlob) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow\*.safetyincludes.com (Trojan.Zlob) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow\*.securemanaging.com (Trojan.Zlob) -> Quarantined and deleted successfully. Registerfiler infisert: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\StartMenuLogOff (Hijack.StartMenu) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{fc0e5118-d839-4fb9-a6bd-acb4f1b1a6b2}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.113.108,85.255.112.197 -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{fc0e5118-d839-4fb9-a6bd-acb4f1b1a6b2}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.113.108,85.255.112.197 -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\Interfaces\{fc0e5118-d839-4fb9-a6bd-acb4f1b1a6b2}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.113.108,85.255.112.197 -> Quarantined and deleted successfully. Mapper infisert: C:\WINDOWS\system32\375013 (Trojan.Zlob) -> Quarantined and deleted successfully. Filer infisert: (Ingen mistenkelige filer funnet) hvordan deaktiverer jeg avira mens combofix kjører? Endret 10. oktober 2008 av yamahaen Lenke til kommentar
norbat Skrevet 10. oktober 2008 Del Skrevet 10. oktober 2008 Høyreklikk på 'paraplyen' og fjern avmerkingen framfor 'Antivir Guard enable' Lenke til kommentar
yamahaen Skrevet 10. oktober 2008 Forfatter Del Skrevet 10. oktober 2008 combofix logg. skal det være ny hjt også? ComboFix 08-10-10.01 - Brustad! 2008-10-10 20:59:40.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1044.18.79 [GMT 2:00] Running from: C:\Documents and Settings\Brustad!\Skrivebord\ComboFix.exe * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\Downloaded Program Files\setup.inf C:\WINDOWS\system32\MSINET.oca . ((((((((((((((((((((((((( Files Created from 2008-09-10 to 2008-10-10 ))))))))))))))))))))))))))))))) . 2008-10-10 20:57 . 2008-10-10 20:57 <DIR> d-------- C:\ERDNT 2008-10-10 20:10 . 2008-10-10 20:10 <DIR> d-------- C:\Programfiler\Malwarebytes' Anti-Malware 2008-10-10 20:10 . 2008-10-10 20:10 <DIR> d-------- C:\Documents and Settings\Brustad!\Programdata\Malwarebytes 2008-10-10 20:10 . 2008-10-10 20:10 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Malwarebytes 2008-10-10 20:10 . 2008-09-10 00:04 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys 2008-10-10 20:10 . 2008-09-10 00:03 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys 2008-10-10 13:23 . 2004-08-04 01:03 152,576 --a------ C:\WINDOWS\system32\irftp.exe 2008-10-10 13:23 . 2004-08-03 23:00 87,424 --a------ C:\WINDOWS\system32\drivers\irda.sys 2008-10-10 13:23 . 2004-08-04 01:03 27,136 --a------ C:\WINDOWS\system32\irmon.dll 2008-10-10 13:23 . 2001-08-17 21:51 19,584 --a------ C:\WINDOWS\system32\drivers\rasirda.sys 2008-10-10 13:23 . 2004-08-04 01:03 8,192 --a------ C:\WINDOWS\system32\wshirda.dll 2008-10-10 13:22 . 2001-08-17 21:51 18,688 --a------ C:\WINDOWS\system32\drivers\irsir.sys 2008-10-05 17:13 . 2008-10-10 19:57 <DIR> dr-h----- C:\Documents and Settings\Brustad!\Siste 2008-10-04 23:10 . 2008-10-04 23:10 <DIR> d-------- C:\Documents and Settings\Brustad!\DoctorWeb 2008-10-04 19:15 . 2008-10-04 19:15 <DIR> d-------- C:\Programfiler\CCleaner 2008-10-03 23:25 . 2008-10-03 23:25 <DIR> d-------- C:\Programfiler\SUPERAntiSpyware 2008-10-03 23:25 . 2008-10-03 23:25 <DIR> d-------- C:\Documents and Settings\Brustad!\Programdata\SUPERAntiSpyware.com 2008-10-03 23:25 . 2008-10-03 23:25 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\SUPERAntiSpyware.com 2008-10-03 23:19 . 2008-10-03 23:23 <DIR> d-------- C:\Programfiler\Fellesfiler\Wise Installation Wizard 2008-10-03 15:52 . 2008-10-03 15:53 <DIR> d-------- C:\Programfiler\Netropa 2008-10-03 15:52 . 2002-07-11 08:47 98,304 --a------ C:\WINDOWS\system32\msikbd.dll 2008-10-03 15:52 . 2000-06-08 03:09 28,672 --a------ C:\WINDOWS\system32\msiosd32.dll 2008-10-03 15:52 . 2001-12-20 10:02 6,656 --a------ C:\WINDOWS\system32\drivers\Msikbd2k.sys 2008-10-03 15:52 . 2008-10-10 21:03 245 --a------ C:\WINDOWS\Msiosd.ini 2008-10-02 22:47 . 2008-10-02 22:47 0 --a------ C:\WINDOWS\graphedit.INI 2008-10-02 21:31 . 2008-10-02 21:37 <DIR> d-------- C:\WINDOWS\nview 2008-10-02 21:31 . 2006-10-22 13:22 208,896 --a------ C:\WINDOWS\system32\nvudisp.exe 2008-10-02 21:31 . 2008-10-10 20:50 88,566 --a------ C:\WINDOWS\system32\nvapps.xml 2008-10-02 21:31 . 2006-10-22 13:22 17,056 --a------ C:\WINDOWS\system32\nvdisp.nvu 2008-10-02 21:30 . 2006-10-22 15:06 208,896 --a------ C:\WINDOWS\system32\NVUNINST.EXE 2008-10-02 21:12 . 2008-10-02 21:14 664 --a------ C:\WINDOWS\system32\d3d9caps.dat 2008-10-02 21:00 . 2008-10-02 21:00 552 --a------ C:\WINDOWS\system32\d3d8caps.dat 2008-10-02 20:13 . 2008-10-02 20:13 <DIR> d-------- C:\Programfiler\MSI 2008-10-02 20:13 . 2003-12-29 19:04 18,257 --a------ C:\WINDOWS\system32\Ntaccess.sys 2008-10-02 20:13 . 2004-07-23 16:09 13,368 --a------ C:\WINDOWS\system32\FlashVxd.vxd 2008-10-02 20:13 . 2004-09-22 16:02 9,076 --a------ C:\WINDOWS\system32\drivers\FlashSys.sys 2008-10-02 19:50 . 2008-10-02 19:50 <DIR> d-------- C:\Programfiler\VID_0E8F&PID_0003 2008-10-02 19:49 . 2008-10-02 19:49 <DIR> d-------- C:\Programfiler\ASUSTeK 2008-10-02 19:47 . 2008-10-02 19:47 <DIR> d-------- C:\Programfiler\ASUS 2008-10-02 19:43 . 2004-12-14 17:55 9,472 -ra------ C:\WINDOWS\system32\drivers\EIO.sys 2008-10-02 19:17 . 2008-10-02 19:17 <DIR> d-------- C:\Inetpub 2008-09-25 17:12 . 2008-09-25 17:12 <DIR> d-------- C:\Documents and Settings\ShoppingReport 2008-09-25 17:12 . 2008-09-25 17:12 <DIR> d-------- C:\Documents and Settings\cs 2008-09-25 17:12 . 2008-09-25 17:12 <DIR> d-------- C:\Documents and Settings\Brustad!\ShoppingReport 2008-09-25 17:12 . 2008-09-25 17:12 <DIR> d-------- C:\Documents and Settings\Brustad!\Programdata\Brustad! 2008-09-25 17:12 . 2008-09-25 17:12 <DIR> d-------- C:\Documents and Settings\Brustad!\Documents and Settings 2008-09-18 14:00 . 2008-09-18 14:00 <DIR> d-------- C:\Programfiler\AGEIA Technologies 2008-09-18 13:49 . 2008-10-10 21:04 <DIR> d-------- C:\Programfiler\Fellesfiler\Akamai 2008-09-18 13:48 . 2008-10-04 00:49 8,224 --a------ C:\WINDOWS\system32\GDIPFONTCACHEV1.DAT 2008-09-15 22:24 . 2008-10-10 20:50 <DIR> d-------- C:\Documents and Settings\Brustad!\Programdata\OpenOffice.org2 2008-09-15 22:20 . 2008-09-15 22:20 <DIR> d-------- C:\Programfiler\OpenOffice.org 2.4 2008-09-12 17:54 . 2008-10-10 19:42 <DIR> d-------- C:\WINDOWS\system32\CatRoot_bak . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-10-07 21:23 --------- d-----w C:\Documents and Settings\All Users\Programdata\TrackMania 2008-10-07 21:17 --------- d-----w C:\Programfiler\Sony Setup 2008-10-04 22:14 --------- d-----w C:\Documents and Settings\Brustad!\Programdata\Hamachi 2008-10-04 19:04 --------- d-----w C:\Programfiler\P2P_Energy 2008-10-04 19:04 --------- d-----w C:\Programfiler\Macrogaming 2008-10-04 19:04 --------- d-----w C:\Programfiler\Conduit 2008-10-03 13:52 --------- d--h--w C:\Programfiler\InstallShield Installation Information 2008-10-02 20:15 --------- d-----w C:\Programfiler\Warcraft III 2008-10-02 18:32 --------- d-----w C:\Programfiler\Lx_cats 2008-10-02 17:14 --------- d-----w C:\Programfiler\Java 2008-09-29 19:06 --------- d-----w C:\Documents and Settings\Brustad!\Programdata\uTorrent 2008-09-05 21:17 --------- d-----w C:\Programfiler\Fellesfiler\Adobe 2008-08-30 17:12 --------- d-----w C:\Programfiler\Fellesfiler\Macrovision Shared 2008-08-28 21:15 --------- d-----w C:\Documents and Settings\Brustad!\Programdata\vghd 2008-08-28 14:25 152,920 ----a-w C:\WINDOWS\system32\vghd.scr 2008-08-28 14:21 --------- d-----w C:\Programfiler\Fellesfiler\Symantec Shared 2008-08-28 14:20 --------- d-----w C:\Programfiler\THQ 2008-08-28 14:13 137,472 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys 2008-08-28 14:10 111,928 ----a-w C:\WINDOWS\system32\PnkBstrB.exe 2008-08-22 09:31 --------- d-----w C:\Documents and Settings\Brustad!\Programdata\report 2008-08-22 09:31 --------- d-----w C:\Documents and Settings\Brustad!\Programdata\cs 2008-08-20 15:32 45,056 ----a-w C:\WINDOWS\NCUNINST.EXe 2008-08-20 15:32 40,960 ----a-w C:\WINDOWS\NCLAUNCH.EXe 2008-08-20 15:32 --------- d-----w C:\Programfiler\Fellesfiler\SWF Studio 2008-08-20 14:41 --------- d-----w C:\Programfiler\MediaMonkey 2008-08-18 11:36 --------- d-----w C:\Documents and Settings\Brustad!\Programdata\5400 Series 2008-08-18 11:34 --------- d-----w C:\Programfiler\Lexmark 5400 Series 2008-08-16 15:47 --------- d-----w C:\Programfiler\BfSV 2008-08-15 15:43 --------- d-----w C:\Programfiler\Abbyy FineReader 6.0 Sprint 2008-08-15 11:59 --------- d-----w C:\Programfiler\Lexmark Toolbar 2008-08-15 11:46 --------- d-----w C:\Documents and Settings\All Users\Programdata\5400 Series 2008-08-15 09:29 --------- d-----w C:\Programfiler\HUAWEI PC Assistant 2008-08-12 21:34 --------- d-----w C:\Documents and Settings\All Users\Programdata\QubeSoft 2008-07-18 20:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll 2008-07-18 20:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe 2008-07-18 20:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll 2008-07-18 20:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll 2008-07-18 20:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll 2008-07-18 20:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll 2008-07-18 20:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll 2008-07-18 20:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll 2008-07-18 20:07 270,880 ----a-w C:\WINDOWS\system32\mucltui.dll 2008-07-18 20:07 210,976 ----a-w C:\WINDOWS\system32\muweb.dll 2007-12-21 21:20 2,931 ----a-w C:\Programfiler\_ReadMe.txt 2007-12-21 13:03 578 ----a-w C:\Programfiler\index.html 2007-12-21 13:03 337 ----a-w C:\Programfiler\gamelist.html 2007-12-21 13:03 313 ----a-w C:\Programfiler\gamelist-working.html 2007-12-21 13:03 256 ----a-w C:\Programfiler\lan-rss.xml 2007-12-21 13:03 234 ----a-w C:\Programfiler\lan-rss-working.xml 2007-11-22 17:35 1,362 ----a-w C:\Programfiler\RemoveReg.reg 2007-10-27 01:40 632,072 ----a-w C:\Programfiler\msvcr80.dll 2007-10-27 01:40 554,248 ----a-w C:\Programfiler\msvcp80.dll 2007-10-27 01:40 505,096 ----a-w C:\Programfiler\msvcp71.dll 2007-10-27 01:40 484,616 ----a-w C:\Programfiler\msvcm80.dll 2007-10-27 01:40 386,312 ----a-w C:\Programfiler\server.dll 2007-10-27 01:40 353,544 ----a-w C:\Programfiler\msvcr71.dll 2007-10-27 01:40 1,180,936 ----a-w C:\Programfiler\msvcr80d.dll 2007-10-27 01:40 1,041,672 ----a-w C:\Programfiler\msvcp80d.dll 2007-10-27 01:40 1,021,192 ----a-w C:\Programfiler\msvcm80d.dll 2007-10-18 20:17 258 ----a-w C:\Programfiler\dat.bin 2007-10-18 20:17 1,462 ----a-w C:\Programfiler\server.cfg 2007-10-18 20:13 1,869 -c--a-w C:\Programfiler\microsoft.vc80.crt.manifest . ------- Sigcheck ------- 2008-04-14 18:23 14336 2fade3d461e99941aaa13e0b83385b46 C:\WINDOWS\SoftwareDistribution\Download\6b87f018d0fb69e9c5ccb760afc4cb7b\svchost.exe 2004-08-03 23:03 14336 c4d272d897700c7ad4b8e8454cd08676 C:\WINDOWS\system32\svchost.exe 2008-04-14 18:22 82432 ead4ea14ca7fd71f9d34725f3045ded2 C:\WINDOWS\SoftwareDistribution\Download\6b87f018d0fb69e9c5ccb760afc4cb7b\ws2_32.dll 2004-08-03 23:03 82944 b169d7467910a23facb7ee0d557abb92 C:\WINDOWS\system32\ws2_32.dll 2008-04-14 18:23 506880 15ccfec060818dab936b8c5faeee21f9 C:\WINDOWS\SoftwareDistribution\Download\6b87f018d0fb69e9c5ccb760afc4cb7b\winlogon.exe 2004-08-03 23:03 501248 765b39061ca16d01abfea752c5e2db8f C:\WINDOWS\system32\winlogon.exe 2008-04-13 21:20 182656 1df7f42665c94b825322fae71721130d C:\WINDOWS\SoftwareDistribution\Download\6b87f018d0fb69e9c5ccb760afc4cb7b\ndis.sys 2004-08-03 21:14 182912 558635d3af1c7546d26067d5d9b6959e C:\WINDOWS\system32\drivers\ndis.sys 2008-04-13 20:53 36608 3bb22519a194418d5fec05d800a19ad0 C:\WINDOWS\SoftwareDistribution\Download\6b87f018d0fb69e9c5ccb760afc4cb7b\ip6fw.sys 2004-08-03 21:00 29056 4448006b6bc60e6c027932cfc38d6855 C:\WINDOWS\system32\drivers\ip6fw.sys 2004-08-03 23:03 1032192 0b4a898de1aa20d133c91ba260e7a8a1 C:\WINDOWS\explorer.exe 2008-04-14 18:22 1033728 8059c34b6f4758f678e975665eadfd87 C:\WINDOWS\SoftwareDistribution\Download\6b87f018d0fb69e9c5ccb760afc4cb7b\explorer.exe 2007-06-13 15:24 1033216 2964b3f5e59f5d989252e2564a21a4c1 C:\WINDOWS\SoftwareDistribution\Download\bd26e89c9a79faee6e0629b916a88ad9\SP2GDR\explorer.exe 2007-06-13 15:12 1033216 1a8e8cace017e1b143de91e11987ed39 C:\WINDOWS\SoftwareDistribution\Download\bd26e89c9a79faee6e0629b916a88ad9\SP2QFE\explorer.exe 2008-04-14 18:23 108544 7ed9ebf2d1449ce1c0bc53586f8a1f42 C:\WINDOWS\SoftwareDistribution\Download\6b87f018d0fb69e9c5ccb760afc4cb7b\services.exe 2004-08-03 23:03 108544 b44f7f43d33e308d07ba54c23b897e20 C:\WINDOWS\system32\services.exe 2008-04-14 18:22 13312 0eac811f89889a7585baedaa4bdd16af C:\WINDOWS\SoftwareDistribution\Download\6b87f018d0fb69e9c5ccb760afc4cb7b\lsass.exe 2004-08-03 23:03 13312 8235198cdb70aaeb3c1435c1911641f9 C:\WINDOWS\system32\lsass.exe 2008-04-14 18:22 15360 dd0a3ac0339d222329cbf9cfe0fe6aa5 C:\WINDOWS\SoftwareDistribution\Download\6b87f018d0fb69e9c5ccb760afc4cb7b\ctfmon.exe 2004-08-03 23:03 15360 ddc0e7a20f0f77bec5108c265c4ae435 C:\WINDOWS\system32\ctfmon.exe 2008-04-14 18:23 57856 24a34b0cdda0adf220c85150f042d4bb C:\WINDOWS\SoftwareDistribution\Download\6b87f018d0fb69e9c5ccb760afc4cb7b\spoolsv.exe 2005-06-11 01:53 57856 da81ec57acd4cdc3d4c51cf3d409af9f C:\WINDOWS\SoftwareDistribution\Download\dd91e14a3e08295f87bb231bf25f29b6\sp2gdr\spoolsv.exe 2005-06-11 02:17 57856 ad3d9d191aea7b5445fe1d82ffbb4788 C:\WINDOWS\SoftwareDistribution\Download\dd91e14a3e08295f87bb231bf25f29b6\sp2qfe\spoolsv.exe 2004-08-03 23:03 57856 1efb05d36736d2b6df8fd81c76fa0be6 C:\WINDOWS\system32\spoolsv.exe 2008-04-14 18:23 26112 5ee32955c86d583627f8d37350c1e145 C:\WINDOWS\SoftwareDistribution\Download\6b87f018d0fb69e9c5ccb760afc4cb7b\userinit.exe 2004-08-03 23:03 24576 025d58a521e0063b92adebd84f147e68 C:\WINDOWS\system32\userinit.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="C:\Programfiler\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-31 68856] "MsnMsgr"="C:\Programfiler\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184] "DAEMON Tools Lite"="C:\Programfiler\DAEMON Tools Lite\daemon.exe" [2008-04-01 486856] "NCLaunch"="C:\WINDOWS\NCLAUNCH.EXe" [2008-08-20 40960] "ASUS SmartDoctor"="C:\Program Files\ASUS\SmartDoctor\\SmartDoctor.exe" [2004-12-16 987136] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "lxctmon.exe"="C:\Programfiler\Lexmark 5400 Series\lxctmon.exe" [2006-11-22 291760] "Lexmark 5400 Series Fax Server"="C:\Programfiler\Lexmark 5400 Series\fm3032.exe" [2006-11-22 304048] "EzPrint"="C:\Programfiler\Lexmark 5400 Series\ezprint.exe" [2006-11-22 82864] "LXCTCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCTtime.dll" [2006-11-21 106496] "SunJavaUpdateSched"="C:\Programfiler\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784] "LiveMonitor"="C:\Programfiler\MSI\Live Update 3\LMonitor.exe" [2005-03-07 482816] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-10-22 7700480] "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-10-22 86016] "MULTIMEDIA KEYBOARD"="C:\Programfiler\Netropa\Multimedia Keyboard\MMKeybd.exe" [2003-09-30 425984] "MSConfig"="C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE" [2004-08-03 158208] "SoundMan"="SOUNDMAN.EXE" [2005-04-15 C:\WINDOWS\SOUNDMAN.EXE] "nwiz"="nwiz.exe" [2006-10-22 C:\WINDOWS\system32\nwiz.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-03 15360] C:\Documents and Settings\Brustad!\Start-meny\Programmer\Oppstart\ Adobe Gamma.lnk - C:\Programfiler\Fellesfiler\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 113664] OpenOffice.org 2.4.lnk - C:\Programfiler\OpenOffice.org 2.4\program\quickstart.exe [2008-01-21 393216] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Programfiler\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2008-07-23 16:28 352256 C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "VIDC.X264"= x264vfw.dll "vidc.asv2"= asusasv2.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avgnt] --a------ 2008-07-19 21:55 266497 C:\Programfiler\Avira\AntiVir PersonalEdition Classic\avgnt.exe [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Programfiler\\Messenger\\msmsgs.exe"= "C:\\Programfiler\\uTorrent\\uTorrent.exe"= "C:\\Programfiler\\Windows Live\\Messenger\\msnmsgr.exe"= "C:\\Programfiler\\Windows Live\\Messenger\\livecall.exe"= "C:\\Programfiler\\Opera\\Opera.exe"= "C:\\Programfiler\\TmNationsForever\\TmForever.exe"= "C:\\Programfiler\\Warcraft III\\Warcraft III.exe"= "C:\\Programfiler\\THQ\\MX vs ATV Unleashed\\MXvsATV.exe"= "C:\\Documents and Settings\\Brustad!\\Skrivebord\\Valve\\hl.exe"= "C:\\Documents and Settings\\Brustad!\\Skrivebord\\Valve\\hltv.exe"= "C:\\WINDOWS\\system32\\lxctcoms.exe"= "C:\\Documents and Settings\\Brustad!\\Skrivebord\\Condition Zero\\hl.exe"= "C:\\Documents and Settings\\Brustad!\\Skrivebord\\Condition Zero\\hlds.exe"= "C:\\Documents and Settings\\Brustad!\\Skrivebord\\Condition Zero\\hltv.exe"= "C:\\Documents and Settings\\Brustad!\\Lokale innstillinger\\Programdata\\Xenocode\\ApplianceCaches\\KumaClient.exe_v60664C46\\Native\\STUBEXE\\@PROGRAMFILES@\\Kuma Games\\Kuma.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "135:TCP"= 135:TCP:TCP Port 135 "5000:TCP"= 5000:TCP:TCP Port 5000 "5001:TCP"= 5001:TCP:TCP Port 5001 "5002:TCP"= 5002:TCP:TCP Port 5002 "5003:TCP"= 5003:TCP:TCP Port 5003 "5004:TCP"= 5004:TCP:TCP Port 5004 "5005:TCP"= 5005:TCP:TCP Port 5005 "5006:TCP"= 5006:TCP:TCP Port 5006 "5007:TCP"= 5007:TCP:TCP Port 5007 "5008:TCP"= 5008:TCP:TCP Port 5008 "5009:TCP"= 5009:TCP:TCP Port 5009 "5010:TCP"= 5010:TCP:TCP Port 5010 "5011:TCP"= 5011:TCP:TCP Port 5011 "5012:TCP"= 5012:TCP:TCP Port 5012 "5013:TCP"= 5013:TCP:TCP Port 5013 "5014:TCP"= 5014:TCP:TCP Port 5014 "5015:TCP"= 5015:TCP:TCP Port 5015 "5016:TCP"= 5016:TCP:TCP Port 5016 "5017:TCP"= 5017:TCP:TCP Port 5017 "5018:TCP"= 5018:TCP:TCP Port 5018 "5019:TCP"= 5019:TCP:TCP Port 5019 "5020:TCP"= 5020:TCP:TCP Port 5020 "9420:TCP"= 9420:TCP:Akamai Network Manager "5000:UDP"= 5000:UDP:Akamai Network Manager R1 msikbd2k;Multimedia Keyboard Filter Driver;C:\WINDOWS\system32\DRIVERS\msikbd2k.sys [2001-12-20 6656] R2 Akamai;Akamai;C:\WINDOWS\System32\svchost.exe [2004-08-03 14336] R2 nhksrv;Netropa NHK Server;C:\Programfiler\Netropa\Multimedia Keyboard\nhksrv.exe [2001-08-06 28672] R3 Video3D;ASUS Video3D Service;C:\WINDOWS\system32\Drivers\Video3D.sys [2004-07-06 44544] S0 viapdsk;VIA ATA/ATAPI Host Controller;C:\WINDOWS\system32\DRIVERS\viapdsk.sys [2005-02-11 29184] S3 MobileAdapter;Huawei Mobile Adapter USB Modem and USB Serial;C:\WINDOWS\system32\DRIVERS\hmumdm.sys [2007-09-05 101120] S3 NETIMFLT;PANDA NDIS IM Filter Miniport;C:\WINDOWS\system32\DRIVERS\netimflt.sys [ ] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] Akamai REG_MULTI_SZ Akamai [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{541c398a-55c9-11dd-9df2-0013d33bb87b}] \Shell\AutoRun\command - G:\hwpcassistant.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5915fbfc-6ebe-11dd-9e34-0013d33bb87b}] \Shell\AutoRun\command - G:\hwpcassistant.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{eff3949d-5515-11dd-9dec-0013d33bb87b}] \Shell\AutoRun\command - G:\hwpcassistant.exe . Contents of the 'Scheduled Tasks' folder 2008-10-10 C:\WINDOWS\Tasks\Se etter oppdateringer for Windows Live Toolbar.job - C:\Programfiler\Windows Live Toolbar\MSNTBUP.EXE [2006-09-27 17:39] . - - - - ORPHANS REMOVED - - - - HKCU-Run-ares - C:\Programfiler\Ares\Ares.exe HKCU-Run-ATVSetup.exe - C:\DOCUME~1\Brustad!\SKRIVE~1\ATVSET~1.EXE HKLM-Run-Blubster - C:\Documents and Settings\Brustad!\Skrivebord\Blubster\blubster.exe Notify-avldr - avldr.dll . ------- Supplementary Scan ------- . FireFox -: Profile - C:\Documents and Settings\Brustad!\Programdata\Mozilla\Firefox\Profiles\sefxqdpz.default\ FF -: plugin - C:\Programfiler\Adobe\Acrobat 6.0\Reader\browser\nppdf32.dll FF -: plugin - C:\Programfiler\Unity\WebPlayer\loader\npUnity3D32.dll . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-10-10 21:03:20 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... HKLM\Software\Microsoft\Windows\CurrentVersion\Run LXCTCATS = rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCTtime.dll,_RunDLLEntry@16??????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????? scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2008-10-10 21:10:16 Pre-Run: 8 121 450 496 byte ledig Post-Run: 8,154,939,392 byte ledig 287 --- E O F --- 2008-10-10 11:53:45 Lenke til kommentar
norbat Skrevet 10. oktober 2008 Del Skrevet 10. oktober 2008 Bruk utforsker til å finne og slett mappene: C:\Documents and Settings\ShoppingReport C:\Documents and Settings\Brustad!\ShoppingReport Kjører pc'n ok? Hvis, så avinstallerer du combofix ved å skrive combofix /u i kjør-feltet (start->kjør). Lenke til kommentar
yamahaen Skrevet 10. oktober 2008 Forfatter Del Skrevet 10. oktober 2008 den er lit treg Lenke til kommentar
Bruker-158599 Skrevet 11. oktober 2008 Del Skrevet 11. oktober 2008 (endret) den er lit treg Men er du fortsatt plaget av virus? Du kan prøve å fjerne ting i oppstarten når windows starter. Du trykker på start> kjør også skriver du "msconfig" hvis du har windows vista så må du søke etter kjør. Når du har skrivd inn "msconfig" så klikker du på fanen oppstart å fjerner det du ikke vil at datan skal starte opp med. Du må vite hva du fjerne der. Vet ikke om det hjelper så mye, det kan være flere virus på datan din også. Så vent med det jeg skrev. Endret 30. juli 2010 av riskake90 Lenke til kommentar
yamahaen Skrevet 11. oktober 2008 Forfatter Del Skrevet 11. oktober 2008 (endret) den er enda litt treg,men mye bedre etter scaningen,mbam fant enda noe spyware. har en feilmelding som jeg kommer opp etter vær gang jeg starter PCen. ka kan eg gjøre for å fikse det? Endret 11. oktober 2008 av yamahaen Lenke til kommentar
norbat Skrevet 11. oktober 2008 Del Skrevet 11. oktober 2008 Legg til/fjern programmer Avinstaller Microsoft SQL Server Lenke til kommentar
yamahaen Skrevet 11. oktober 2008 Forfatter Del Skrevet 11. oktober 2008 skal eg ta alle 3 Lenke til kommentar
norbat Skrevet 11. oktober 2008 Del Skrevet 11. oktober 2008 (endret) Tja, si det Hva heter de? Poenget mitt er egentlig at du skal reinstallere SQL Server. Om alle 3 program tilhører dette, så ja, avinstaller de før du evt. reinstallerer Endret 11. oktober 2008 av norbat Lenke til kommentar
yamahaen Skrevet 11. oktober 2008 Forfatter Del Skrevet 11. oktober 2008 Microsoft SQL Server native client,Microsoft SQL Server setup support files (English), Microsoft SQL Server wss writer Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå