Poster utskilt fra veiledertråden-2

[mona14]

HijackThis logg:

 

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 12:50:56, on 22.03.2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\Programfiler\Lavasoft\Ad-Aware 2007\aawservice.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Programfiler\Juniper Networks\Common Files\dsNcService.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\system32\igfxtray.exe

C:\WINDOWS\system32\hkcmd.exe

C:\Programfiler\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe

C:\Programfiler\Telenor\ecc\ecc.exe

C:\Programfiler\Java\jre1.6.0_03\bin\jusched.exe

C:\Programfiler\HP\HP Software Update\HPWuSchd2.exe

C:\Programfiler\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe

C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwsoemon.exe

C:\Programfiler\Fellesfiler\Microsoft Shared\Works Shared\WkUFind.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Programfiler\MSN Messenger\MsnMsgr.Exe

C:\Programfiler\Messenger\msmsgs.exe

C:\Programfiler\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Programfiler\HP\Digital Imaging\bin\hpqtra08.exe

C:\Programfiler\HP\Digital Imaging\bin\hpqSTE08.exe

C:\Programfiler\Fellesfiler\Teleca Shared\Generic.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Programfiler\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe

C:\Programfiler\Java\jre1.6.0_03\bin\jucheck.exe

C:\Programfiler\MSN Messenger\usnsvc.exe

C:\Programfiler\Internet Explorer\iexplore.exe

C:\Programfiler\HP\Smart Web Printing\hpswp_clipbook.exe

C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\Programfiler\Trend Micro\HijackThis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sol.no/

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger

R3 - URLSearchHook: (no name) - {6638A9DE-0745-4292-8A2E-AE530E7B9B3F} - (no file)

R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Programfiler\MyWebSearch\SrchAstt\2.bin\MWSSRCAS.DLL

O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Programfiler\MyWebSearch\SrchAstt\2.bin\MWSSRCAS.DLL

O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Programfiler\HP\Smart Web Printing\hpswp_printenhancer.dll

O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Programfiler\HP\Smart Web Printing\hpswp_framework.dll

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Fellesfiler\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Programfiler\MyWebSearch\bar\2.bin\MWSBAR.DLL

O2 - BHO: UrlHelper Class - {74322BF9-DF26-493f-B0DA-6D2FC5E6429E} - C:\Programfiler\BearShare Applications\BearShare MediaBar\BearShareIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programfiler\google\googletoolbar1.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programfiler\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programfiler\google\googletoolbar1.dll

O3 - Toolbar: My Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Programfiler\MyWebSearch\bar\2.bin\MWSBAR.DLL

O3 - Toolbar: BearShare MediaBar - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - C:\Programfiler\BearShare Applications\BearShare MediaBar\BearShareMediaBar.dll

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Programfiler\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"

O4 - HKLM\..\Run: [EPSON Stylus C46 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0T1.EXE /P23 "EPSON Stylus C46 Series" /O6 "USB001" /M "Stylus C46"

O4 - HKLM\..\Run: [EPSON Stylus C46 Series (Kopier 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0T1.EXE /P34 "EPSON Stylus C46 Series (Kopier 1)" /O6 "USB001" /M "Stylus C46"

O4 - HKLM\..\Run: [ecc] C:\Programfiler\Telenor\ecc\ecc.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programfiler\Java\jre1.6.0_03\bin\jusched.exe"

O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [HP Software Update] C:\Programfiler\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [sony Ericsson PC Suite] "C:\Programfiler\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions

O4 - HKLM\..\Run: [My Web Search Bar] rundll32 C:\PROGRA~1\MYWEBS~1\bar\2.bin\MWSBAR.DLL,S

O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwsoemon.exe

O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Programfiler\Fellesfiler\Microsoft Shared\Works Shared\WkUFind.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programfiler\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Programfiler\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [EPSON Stylus C46 Series (Kopier 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0T1.EXE /P34 "EPSON Stylus C46 Series (Kopier 1)" /M "Stylus C46" /EF "HKCU"

O4 - HKCU\..\Run: [MSMSGS] "C:\Programfiler\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [swg] C:\Programfiler\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE

O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwsoemon.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE')

O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOKAL TJENESTE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETTVERKSTJENESTE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programfiler\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Programfiler\Microsoft Office\Office10\OSA.EXE

O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/...?p=ZNxmk142YYNO

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra button: HP Utklippsbok - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Programfiler\HP\Smart Web Printing\hpswp_extensions.dll

O9 - Extra button: HP Smart valgmetode - {700259D7-1666-479a-93B1-3250410481E8} - C:\Programfiler\HP\Smart Web Printing\hpswp_extensions.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/f...p1.0.0.15-3.cab

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Programfiler\Lavasoft\Ad-Aware 2007\aawservice.exe

O23 - Service: Juniper Network Connect Service (dsNcService) - Juniper Networks - C:\Programfiler\Juniper Networks\Common Files\dsNcService.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Programfiler\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programfiler\Fellesfiler\InstallShield\Driver\1150\Intel 32\IDriverT.exe

 

--

End of file - 9019 bytes

 

 

 

Problemer med at dataen går ekstremt treigt, henger seg opp og låser seg.

[norbat]

Avinstaller, om mulig, fra legg til/fjern programmer:

MyWebSearch

Bearshare

 

Kjør en full (complete) scan med SAS (gratisversjonen).

 

Post ny HJT-logg + loggen fra SAS (preferences->statistics/logs), fortrinnsvis i en egen tråd som du oppretter ved å klikke 'Nytt Emne'-knappen

[mona14]

Ny HijackThis logg:

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 18:41:07, on 24.03.2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\Programfiler\Lavasoft\Ad-Aware 2007\aawservice.exe

C:\WINDOWS\system32\igfxtray.exe

C:\WINDOWS\system32\hkcmd.exe

C:\Programfiler\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Programfiler\Telenor\ecc\ecc.exe

C:\Programfiler\Java\jre1.6.0_03\bin\jusched.exe

C:\Programfiler\HP\HP Software Update\HPWuSchd2.exe

C:\Programfiler\QuickTime\qttask.exe

C:\Programfiler\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe

C:\Programfiler\Fellesfiler\Microsoft Shared\Works Shared\WkUFind.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Programfiler\MSN Messenger\MsnMsgr.Exe

C:\Programfiler\Messenger\msmsgs.exe

C:\Programfiler\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe

C:\Programfiler\Juniper Networks\Common Files\dsNcService.exe

C:\Programfiler\HP\Digital Imaging\bin\hpqtra08.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Programfiler\HP\Digital Imaging\bin\hpqSTE08.exe

C:\Programfiler\Fellesfiler\Teleca Shared\Generic.exe

C:\Programfiler\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Programfiler\Java\jre1.6.0_03\bin\jucheck.exe

C:\Programfiler\Trend Micro\HijackThis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sol.no/

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger

R3 - URLSearchHook: (no name) - {6638A9DE-0745-4292-8A2E-AE530E7B9B3F} - (no file)

O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Programfiler\HP\Smart Web Printing\hpswp_printenhancer.dll

O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Programfiler\HP\Smart Web Printing\hpswp_framework.dll

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Fellesfiler\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: UrlHelper Class - {74322BF9-DF26-493f-B0DA-6D2FC5E6429E} - C:\Programfiler\BearShare Applications\BearShare MediaBar\BearShareIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programfiler\google\googletoolbar1.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programfiler\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programfiler\google\googletoolbar1.dll

O3 - Toolbar: BearShare MediaBar - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - C:\Programfiler\BearShare Applications\BearShare MediaBar\BearShareMediaBar.dll

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Programfiler\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"

O4 - HKLM\..\Run: [EPSON Stylus C46 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0T1.EXE /P23 "EPSON Stylus C46 Series" /O6 "USB001" /M "Stylus C46"

O4 - HKLM\..\Run: [EPSON Stylus C46 Series (Kopier 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0T1.EXE /P34 "EPSON Stylus C46 Series (Kopier 1)" /O6 "USB001" /M "Stylus C46"

O4 - HKLM\..\Run: [ecc] C:\Programfiler\Telenor\ecc\ecc.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programfiler\Java\jre1.6.0_03\bin\jusched.exe"

O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [HP Software Update] C:\Programfiler\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [sony Ericsson PC Suite] "C:\Programfiler\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions

O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Programfiler\Fellesfiler\Microsoft Shared\Works Shared\WkUFind.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programfiler\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Programfiler\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [EPSON Stylus C46 Series (Kopier 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0T1.EXE /P34 "EPSON Stylus C46 Series (Kopier 1)" /M "Stylus C46" /EF "HKCU"

O4 - HKCU\..\Run: [MSMSGS] "C:\Programfiler\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [swg] C:\Programfiler\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE

O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE')

O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOKAL TJENESTE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETTVERKSTJENESTE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programfiler\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Programfiler\Microsoft Office\Office10\OSA.EXE

O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/...?p=ZNxmk142YYNO

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra button: HP Utklippsbok - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Programfiler\HP\Smart Web Printing\hpswp_extensions.dll

O9 - Extra button: HP Smart valgmetode - {700259D7-1666-479a-93B1-3250410481E8} - C:\Programfiler\HP\Smart Web Printing\hpswp_extensions.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/f...p1.0.0.15-3.cab

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O20 - Winlogon Notify: !SASWinLogon - C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll

O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Programfiler\Lavasoft\Ad-Aware 2007\aawservice.exe

O23 - Service: Juniper Network Connect Service (dsNcService) - Juniper Networks - C:\Programfiler\Juniper Networks\Common Files\dsNcService.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Programfiler\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programfiler\Fellesfiler\InstallShield\Driver\1150\Intel 32\IDriverT.exe

 

--

End of file - 8240 bytes

 

 

SAS logg :

 

SUPERAntiSpyware Scan Log

http://www.superantispyware.com

 

Generated 03/23/2008 at 03:51 PM

 

Application Version : 4.0.1154

 

Core Rules Database Version : 3423

Trace Rules Database Version: 1415

 

Scan type : Complete Scan

Total Scan Time : 01:49:07

 

Memory items scanned : 478

Memory threats detected : 1

Registry items scanned : 4435

Registry threats detected : 0

File items scanned : 21953

File threats detected : 355

 

Adware.MyWebSearch

C:\PROGRA~1\MYWEBS~1\BAR\2.BIN\MWSOEMON.EXE

C:\PROGRA~1\MYWEBS~1\BAR\2.BIN\MWSOEMON.EXE

C:\PROGRAMFILER\MYWEBSEARCH\BAR\2.BIN\MWSOEMON.EXE

C:\WINDOWS\Prefetch\MWSOEMON.EXE-0250F76E.pf

 

Adware.Tracking Cookie

C:\Documents and Settings\Administrator.LENE-0DB330A0CE\Cookies\administrator@atdmt[3].txt

C:\Documents and Settings\Administrator.LENE-0DB330A0CE\Cookies\[email protected][3].txt

C:\Documents and Settings\Administrator.LENE-0DB330A0CE\Cookies\administrator@1065744044[1].txt

C:\Documents and Settings\Administrator.LENE-0DB330A0CE\Cookies\administrator@adtech[1].txt

C:\Documents and Settings\Administrator.LENE-0DB330A0CE\Cookies\administrator@tradedoubler[3].txt

C:\Documents and Settings\Administrator.LENE-0DB330A0CE\Cookies\administrator@partypoker[3].txt

C:\Documents and Settings\Administrator.LENE-0DB330A0CE\Cookies\administrator@pornorotten[1].txt

C:\Documents and Settings\Administrator.LENE-0DB330A0CE\Cookies\[email protected][2].txt

C:\Documents and Settings\Administrator.LENE-0DB330A0CE\Cookies\administrator@mywebsearch[3].txt

C:\Documents and Settings\Administrator.LENE-0DB330A0CE\Cookies\administrator@32[1].txt

C:\Documents and Settings\Administrator.LENE-0DB330A0CE\Cookies\[email protected][1].txt

C:\Documents and Settings\Administrator.LENE-0DB330A0CE\Cookies\administrator@sexdebut[2].txt

C:\Documents and Settings\Administrator.LENE-0DB330A0CE\Cookies\[email protected][1].txt

C:\Documents and Settings\Administrator.LENE-0DB330A0CE\Cookies\[email protected][2].txt

C:\Documents and Settings\Administrator.LENE-0DB330A0CE\Cookies\[email protected][2].txt

C:\Documents and Settings\Administrator.LENE-0DB330A0CE\Cookies\administrator@revsci[3].txt

C:\Documents and Settings\Administrator.LENE-0DB330A0CE\Cookies\[email protected][1].txt

C:\Documents and Settings\Administrator.LENE-0DB330A0CE\Cookies\administrator@2o7[2].txt

C:\Documents and Settings\Administrator.LENE-0DB330A0CE\Cookies\[email protected][1].txt

C:\Documents and Settings\Administrator.LENE-0DB330A0CE\Cookies\[email protected][1].txt

C:\Documents and Settings\Administrator.LENE-0DB330A0CE\Cookies\[email protected][1].txt

C:\Documents and Settings\Administrator.LENE-0DB330A0CE\Cookies\administrator@toplist[2].txt

C:\Documents and Settings\Administrator.LENE-0DB330A0CE\Cookies\administrator@adultadworld[3].txt

C:\Documents and Settings\Administrator.LENE-0DB330A0CE\Cookies\[email protected][3].txt

C:\Documents and Settings\Administrator.LENE-0DB330A0CE\Cookies\administrator@cgi-bin[5].txt

C:\Documents and Settings\Administrator.LENE-0DB330A0CE\Cookies\[email protected][2].txt

C:\Documents and Settings\Administrator.LENE-0DB330A0CE\Cookies\[email protected][2].txt

C:\Documents and Settings\Administrator.LENE-0DB330A0CE\Cookies\administrator@newfrm6[2].txt

C:\Documents and Settings\Administrator.LENE-0DB330A0CE\Cookies\administrator@alladultchannel[1].txt

C:\Documents and Settings\Administrator.LENE-0DB330A0CE\Cookies\[email protected][1].txt

C:\Documents and Settings\Administrator.LENE-0DB330A0CE\Cookies\[email protected][2].txt

C:\Documents and Settings\Administrator.LENE-0DB330A0CE\Cookies\administrator@doubleclick[3].txt

C:\Documents and Settings\Administrator.LENE-0DB330A0CE\Cookies\[email protected][1].txt

C:\Documents and Settings\Administrator.LENE-0DB330A0CE\Cookies\administrator@indextools[3].txt

C:\Documents and Settings\Administrator.LENE-0DB330A0CE\Cookies\administrator@serving-sys[1].txt

C:\Documents and Settings\Administrator.LENE-0DB330A0CE\Cookies\[email protected][1].txt

C:\Documents and Settings\Administrator.LENE-0DB330A0CE\Cookies\administrator@advertising[2].txt

C:\Documents and Settings\Administrator.LENE-0DB330A0CE\Cookies\[email protected][1].txt

C:\Documents and Settings\Administrator.LENE-0DB330A0CE\Cookies\administrator@windowsmedia[1].txt

C:\Documents and Settings\Administrator.LENE-0DB330A0CE\Cookies\[email protected][1].txt

C:\Documents and Settings\Administrator.LENE-0DB330A0CE\Cookies\[email protected][1].txt

C:\Documents and Settings\Administrator.LENE-0DB330A0CE\Cookies\administrator@gomyron[2].txt

C:\Documents and Settings\Administrator.LENE-0DB330A0CE\Cookies\[email protected][1].txt

C:\Documents and Settings\Administrator.LENE-0DB330A0CE\Cookies\[email protected][2].txt

C:\Documents and Settings\Administrator.LENE-0DB330A0CE\Cookies\[email protected][1].txt

C:\Documents and Settings\Administrator.LENE-0DB330A0CE\Cookies\administrator@tacoda[2].txt

C:\Documents and Settings\Administrator.LENE-0DB330A0CE\Cookies\[email protected][3].txt

C:\Documents and Settings\Administrator.LENE-0DB330A0CE\Cookies\[email protected][1].txt

C:\Documents and Settings\Administrator.LENE-0DB330A0CE\Cookies\administrator@dk-sex[1].txt

C:\Documents and Settings\Administrator.LENE-0DB330A0CE\Cookies\administrator@indexstats[3].txt

C:\Documents and Settings\Administrator.LENE-0DB330A0CE\Cookies\[email protected][3].txt

C:\Documents and Settings\Administrator.LENE-0DB330A0CE\Cookies\administrator@toplist[1].txt

C:\Documents and Settings\Administrator.LENE-0DB330A0CE\Cookies\administrator@statcounter[1].txt

C:\Documents and Settings\Administrator.LENE-0DB330A0CE\Cookies\administrator@porno[2].txt

C:\Documents and Settings\Administrator.LENE-0DB330A0CE\Cookies\[email protected][2].txt

C:\Documents and Settings\Administrator.LENE-0DB330A0CE\Cookies\administrator@zedo[2].txt

C:\Documents and Settings\Administrator.LENE-0B9D407562\Cookies\administrator@atdmt[2].txt

C:\Documents and Settings\Administrator.LENE-0B9D407562\Cookies\[email protected][1].txt

C:\Documents and Settings\Administrator.LENE-0B9D407562\Cookies\[email protected][1].txt

C:\Documents and Settings\Administrator.LENE-0B9D407562\Cookies\[email protected][1].txt

C:\Documents and Settings\Administrator.LENE-0B9D407562\Cookies\[email protected][1].txt

C:\Documents and Settings\Administrator.LENE-0B9D407562\Cookies\[email protected][1].txt

C:\Documents and Settings\Administrator.LENE-0DB330A0CE\Cookies\[email protected][1].txt

C:\Documents and Settings\Administrator.LENE-0DB330A0CE\Cookies\[email protected][1].txt

C:\Documents and Settings\Administrator.LENE-0DB330A0CE\Cookies\[email protected][1].txt

C:\Documents and Settings\Administrator.LENE-0DB330A0CE\Cookies\[email protected][2].txt

C:\Documents and Settings\Administrator.LENE-0DB330A0CE\Cookies\administrator@hitbox[1].txt

C:\Documents and Settings\Administrator.LENE-0DB330A0CE\Cookies\[email protected][2].txt

C:\Documents and Settings\Administrator.LENE-0DB330A0CE\Cookies\[email protected][1].txt

C:\Documents and Settings\Administrator.LENE-0DB330A0CE\Cookies\administrator@atdmt[1].txt

C:\Documents and Settings\Administrator.LENE-0DB330A0CE\Cookies\administrator@azjmp[2].txt

C:\Documents and Settings\Administrator.LENE-0DB330A0CE\Cookies\[email protected][2].txt

C:\Documents and Settings\Administrator.LENE-0DB330A0CE\Cookies\[email protected][2].txt

C:\Documents and Settings\Administrator.LENE-0DB330A0CE\Cookies\[email protected][2].txt

C:\Documents and Settings\Administrator.LENE-0DB330A0CE\Cookies\[email protected][1].txt

C:\Documents and Settings\Administrator.LENE-0DB330A0CE\Cookies\[email protected][1].txt

C:\Documents and Settings\Administrator.LENE-0DB330A0CE\Cookies\[email protected][2].txt

C:\Documents and Settings\Administrator.LENE-0DB330A0CE\Cookies\[email protected][1].txt

C:\Documents and Settings\Administrator.LENE-0DB330A0CE\Cookies\administrator@findwhat[1].txt

C:\Documents and Settings\Administrator.LENE-0DB330A0CE\Cookies\[email protected][1].txt

C:\Documents and Settings\Administrator.LENE-0DB330A0CE\Cookies\[email protected][1].txt

C:\Documents and Settings\Administrator.LENE-0DB330A0CE\Cookies\[email protected][1].txt

C:\Documents and Settings\Administrator.LENE-0DB330A0CE\Cookies\[email protected][1].txt

C:\Documents and Settings\Administrator.LENE-0DB330A0CE\Cookies\administrator@pornoarkivet[1].txt

C:\Documents and Settings\Administrator.LENE-0DB330A0CE\Cookies\[email protected][1].txt

C:\Documents and Settings\Administrator.LENE-0DB330A0CE\Cookies\[email protected][2].txt

C:\Documents and Settings\Administrator.LENE-0DB330A0CE\Cookies\[email protected][1].txt

C:\Documents and Settings\Administrator.LENE-0DB330A0CE\Cookies\[email protected][2].txt

C:\Documents and Settings\Administrator.LENE-0DB330A0CE\Cookies\[email protected][1].txt

C:\Documents and Settings\Administrator.LENE-0DB330A0CE\Cookies\[email protected][2].txt

C:\Documents and Settings\Administrator.LENE-0DB330A0CE\Cookies\[email protected][1].txt

C:\Documents and Settings\Administrator.LENE-0DB330A0CE\Cookies\[email protected][1].txt

C:\Documents and Settings\Administrator.LENE-0DB330A0CE\Cookies\administrator@indextools[2].txt

C:\Documents and Settings\Administrator.LENE-0DB330A0CE\Cookies\administrator@2o7[1].txt

C:\Documents and Settings\Administrator.LENE-0DB330A0CE\Cookies\[email protected][1].txt

C:\Documents and Settings\Administrator.LENE-0DB330A0CE\Cookies\[email protected][2].txt

C:\Documents and Settings\Administrator.LENE-0DB330A0CE\Cookies\administrator@dagligsex[1].txt

C:\Documents and Settings\Administrator.LENE-0DB330A0CE\Cookies\[email protected][1].txt

C:\Documents and Settings\Administrator.LENE-0DB330A0CE\Cookies\[email protected][1].txt

C:\Documents and Settings\Administrator.LENE-0DB330A0CE\Cookies\administrator@adtech[2].txt

C:\Documents and Settings\Administrator.LENE-0DB330A0CE\Cookies\administrator@3d-sexgames[2].txt

C:\Documents and Settings\Administrator.LENE-0DB330A0CE\Cookies\[email protected][2].txt

C:\Documents and Settings\Administrator.LENE-0DB330A0CE\Cookies\administrator@adtech[3].txt

C:\Documents and Settings\Administrator.LENE-0DB330A0CE\Cookies\[email protected][1].txt

C:\Documents and Settings\Administrator.LENE-0DB330A0CE\Cookies\administrator@pornhub[2].txt

C:\Documents and Settings\Administrator.LENE-0DB330A0CE\Cookies\[email protected][1].txt

C:\Documents and Settings\Administrator.LENE-0DB330A0CE\Cookies\[email protected][1].txt

C:\Documents and Settings\Administrator.LENE-0DB330A0CE\Cookies\administrator@upspiral[2].txt

C:\Documents and Settings\Administrator.LENE-0DB330A0CE\Cookies\[email protected][2].txt

C:\Documents and Settings\Administrator.LENE-0DB330A0CE\Cookies\administrator@smileycentral[1].txt

C:\Documents and Settings\Administrator.LENE-0DB330A0CE\Cookies\administrator@webpower[1].txt

C:\Documents and Settings\Administrator.LENE-0DB330A0CE\Cookies\[email protected][1].txt

C:\Documents and Settings\Administrator.LENE-0DB330A0CE\Cookies\administrator@yourmomhassex[1].txt

C:\Documents and Settings\Administrator.LENE-0DB330A0CE\Cookies\administrator@statcounter[2].txt

C:\Documents and Settings\Administrator.LENE-0DB330A0CE\Cookies\administrator@sexynatalie[2].txt

C:\Documents and Settings\Administrator.LENE-0DB330A0CE\Cookies\[email protected][1].txt

C:\Documents and Settings\Administrator.LENE-0DB330A0CE\Cookies\[email protected][1].txt

C:\Documents and Settings\Administrator.LENE-0DB330A0CE\Cookies\[email protected][2].txt

C:\Documents and Settings\Administrator.LENE-0DB330A0CE\Cookies\[email protected][1].txt

C:\Documents and Settings\Administrator.LENE-0DB330A0CE\Cookies\administrator@pornyube[1].txt

C:\Documents and Settings\Administrator.LENE-0DB330A0CE\Cookies\administrator@mywebsearch[1].txt

C:\Documents and Settings\Administrator.LENE-0DB330A0CE\Cookies\[email protected][2].txt

C:\Documents and Settings\Administrator.LENE-0DB330A0CE\Cookies\administrator@kiamedia[1].txt

C:\Documents and Settings\Administrator.LENE-0DB330A0CE\Cookies\administrator@adrevolver[3].txt

C:\Documents and Settings\Administrator.LENE-0DB330A0CE\Cookies\administrator@adrevolver[1].txt

C:\Documents and Settings\Administrator.LENE-0DB330A0CE\Cookies\administrator@goclick[2].txt

C:\Documents and Settings\Administrator.LENE-0DB330A0CE\Cookies\administrator@sexdating[1].txt

C:\Documents and Settings\Administrator.LENE-0DB330A0CE\Cookies\[email protected][1].txt

C:\Documents and Settings\Administrator.LENE-0DB330A0CE\Cookies\[email protected][1].txt

C:\Documents and Settings\Administrator.LENE-0DB330A0CE\Cookies\[email protected][1].txt

C:\Documents and Settings\Administrator.LENE-0DB330A0CE\Cookies\[email protected][2].txt

C:\Documents and Settings\Administrator.LENE-0DB330A0CE\Cookies\administrator@questionmarket[2].txt

C:\Documents and Settings\Administrator.LENE-0DB330A0CE\Cookies\administrator@mikes_apartment_blonde_porn_video[1].txt

C:\Documents and Settings\Administrator.LENE-0DB330A0CE\Cookies\administrator@gostats[2].txt

C:\Documents and Settings\Administrator.LENE-0DB330A0CE\Cookies\[email protected][1].txt

C:\Documents and Settings\Administrator.LENE-0DB330A0CE\Cookies\administrator@adbrite[2].txt

C:\Documents and Settings\Administrator.LENE-0DB330A0CE\Cookies\[email protected][1].txt

C:\Documents and Settings\Administrator.LENE-0DB330A0CE\Cookies\[email protected][1].txt

C:\Documents and Settings\Administrator.LENE-0DB330A0CE\Cookies\administrator@sexkanaler[1].txt

C:\Documents and Settings\Administrator.LENE-0DB330A0CE\Cookies\[email protected][2].txt

C:\Documents and Settings\Administrator.LENE-0DB330A0CE\Cookies\administrator@revsci[1].txt

C:\Documents and Settings\Administrator.LENE-0DB330A0CE\Cookies\administrator@specificclick[2].txt

C:\Documents and Settings\Administrator.LENE-0DB330A0CE\Cookies\administrator@pornspree[1].txt

C:\Documents and Settings\Administrator.LENE-0DB330A0CE\Cookies\administrator@porno[1].txt

C:\Documents and Settings\Administrator.LENE-0DB330A0CE\Cookies\administrator@partypoker[2].txt

C:\Documents and Settings\Administrator.LENE-0DB330A0CE\Cookies\[email protected][1].txt

C:\Documents and Settings\Administrator.LENE-0DB330A0CE\Cookies\administrator@pornofilm[1].txt

C:\Documents and Settings\Administrator.LENE-0DB330A0CE\Cookies\[email protected][1].txt

C:\Documents and Settings\Administrator.LENE-0DB330A0CE\Cookies\administrator@maxserving[2].txt

C:\Documents and Settings\Administrator.LENE-0DB330A0CE\Cookies\administrator@indexstats[1].txt

C:\Documents and Settings\Administrator.LENE-0DB330A0CE\Cookies\[email protected][1].txt

C:\Documents and Settings\Administrator.LENE-0DB330A0CE\Cookies\[email protected][2].txt

C:\Documents and Settings\Administrator.LENE-0DB330A0CE\Cookies\[email protected][2].txt

C:\Documents and Settings\Administrator.LENE-0DB330A0CE\Cookies\administrator@mediaplex[1].txt

C:\Documents and Settings\Administrator.LENE-0DB330A0CE\Cookies\[email protected][1].txt

C:\Documents and Settings\Administrator.LENE-0DB330A0CE\Cookies\administrator@mediaplex[2].txt

C:\Documents and Settings\Administrator.LENE-0DB330A0CE\Cookies\administrator@clickbank[2].txt

C:\Documents and Settings\Administrator.LENE-0DB330A0CE\Cookies\[email protected][2].txt

C:\Documents and Settings\Administrator.LENE-0DB330A0CE\Cookies\[email protected][1].txt

C:\Documents and Settings\Administrator.LENE-0DB330A0CE\Cookies\administrator@sextracker[2].txt

C:\Documents and Settings\Administrator.LENE-0DB330A0CE\Cookies\[email protected][1].txt

C:\Documents and Settings\Administrator.LENE-0DB330A0CE\Cookies\[email protected][1].txt

C:\Documents and Settings\Administrator.LENE-0DB330A0CE\Cookies\administrator@tradedoubler[2].txt

C:\Documents and Settings\Administrator.LENE-0DB330A0CE\Cookies\administrator@atwola[1].txt

C:\Documents and Settings\Administrator.LENE-0DB330A0CE\Cookies\[email protected][1].txt

C:\Documents and Settings\Administrator.LENE-0DB330A0CE\Cookies\administrator@apmebf[1].txt

C:\Documents and Settings\Administrator.LENE-0DB330A0CE\Cookies\[email protected][1].txt

C:\Documents and Settings\Administrator.LENE-0DB330A0CE\Cookies\[email protected][2].txt

C:\Documents and Settings\Administrator.LENE-0DB330A0CE\Cookies\[email protected][2].txt

C:\Documents and Settings\Administrator.LENE-0DB330A0CE\Cookies\[email protected][1].txt

C:\Documents and Settings\Administrator.LENE-0DB330A0CE\Cookies\administrator@gratis-porno[1].txt

C:\Documents and Settings\Administrator.LENE-0DB330A0CE\Cookies\[email protected][1].txt

C:\Documents and Settings\Administrator.LENE-0DB330A0CE\Cookies\administrator@lejsexfilm[1].txt

C:\Documents and Settings\Administrator.LENE-0DB330A0CE\Cookies\[email protected][1].txt

C:\Documents and Settings\Administrator.LENE-0DB330A0CE\Cookies\administrator@websitestats[1].txt

C:\Documents and Settings\Administrator.LENE-0DB330A0CE\Cookies\[email protected][1].txt

C:\Documents and Settings\Administrator.LENE-0DB330A0CE\Cookies\[email protected][1].txt

C:\Documents and Settings\Administrator.LENE-0DB330A0CE\Cookies\[email protected][2].txt

C:\Documents and Settings\Administrator.LENE-0DB330A0CE\Cookies\[email protected][2].txt

C:\Documents and Settings\Administrator.LENE-0DB330A0CE\Cookies\[email protected][1].txt

C:\Documents and Settings\Administrator.LENE-0DB330A0CE\Cookies\[email protected][2].txt

C:\Documents and Settings\Administrator.LENE-0DB330A0CE\Cookies\[email protected][1].txt

C:\Documents and Settings\Administrator.LENE-0DB330A0CE\Cookies\[email protected][1].txt

C:\Documents and Settings\Administrator.LENE-0DB330A0CE\Cookies\administrator@porntube[1].txt

C:\Documents and Settings\Administrator.LENE-0DB330A0CE\Cookies\[email protected][2].txt

C:\Documents and Settings\Administrator.LENE-0DB330A0CE\Cookies\[email protected][1].txt

C:\Documents and Settings\Administrator.LENE-0DB330A0CE\Cookies\administrator@porndirt[1].txt

C:\Documents and Settings\Administrator.LENE-0DB330A0CE\Cookies\[email protected][1].txt

C:\Documents and Settings\Administrator.LENE-0DB330A0CE\Cookies\[email protected][2].txt

C:\Documents and Settings\Administrator.LENE-0DB330A0CE\Cookies\[email protected][1].txt

C:\Documents and Settings\Administrator.LENE-0DB330A0CE\Cookies\[email protected][1].txt

C:\Documents and Settings\Administrator.LENE-0DB330A0CE\Cookies\administrator@tribalfusion[2].txt

C:\Documents and Settings\Administrator.LENE-0DB330A0CE\Cookies\[email protected][2].txt

C:\Documents and Settings\Administrator.LENE-0DB330A0CE\Cookies\administrator@socialmedia[2].txt

C:\Documents and Settings\Administrator.LENE-0DB330A0CE\Cookies\[email protected][1].txt

C:\Documents and Settings\Administrator.LENE-0DB330A0CE\Cookies\administrator@adultadworld[1].txt

C:\Documents and Settings\Administrator.LENE-0DB330A0CE\Cookies\[email protected][2].txt

C:\Documents and Settings\Administrator.LENE-0DB330A0CE\Cookies\[email protected][1].txt

C:\Documents and Settings\Administrator.LENE-0DB330A0CE\Cookies\[email protected][1].txt

C:\Documents and Settings\Administrator.LENE-0DB330A0CE\Cookies\administrator@youporn[1].txt

C:\Documents and Settings\Administrator.LENE-0DB330A0CE\Cookies\administrator@doubleclick[1].txt

C:\Documents and Settings\Administrator.LENE-0DB330A0CE\Lokale innstillinger\Temp\Cookies\[email protected][2].txt

C:\Documents and Settings\Administrator.LENE-0DB330A0CE\Lokale innstillinger\Temp\Cookies\[email protected][1].txt

C:\Documents and Settings\Administrator.LENE-0DB330A0CE\Lokale innstillinger\Temp\Cookies\[email protected][1].txt

C:\Documents and Settings\Administrator.LENE-0DB330A0CE\Lokale innstillinger\Temp\Cookies\[email protected][2].txt

C:\Documents and Settings\Administrator.LENE-0DB330A0CE\Lokale innstillinger\Temp\Cookies\administrator@indextools[2].txt

C:\Documents and Settings\Administrator.LENE-0DB330A0CE\Lokale innstillinger\Temp\Cookies\administrator@adtech[1].txt

C:\Documents and Settings\Administrator.LENE-0DB330A0CE\Lokale innstillinger\Temp\Cookies\[email protected][2].txt

C:\Documents and Settings\Administrator.LENE-0DB330A0CE\Lokale innstillinger\Temp\Cookies\administrator@statcounter[1].txt

C:\Documents and Settings\Administrator.LENE-0DB330A0CE\Lokale innstillinger\Temp\Cookies\[email protected][2].txt

C:\Documents and Settings\Administrator.LENE-0DB330A0CE\Lokale innstillinger\Temp\Cookies\administrator@sexynatalie[1].txt

C:\Documents and Settings\Administrator.LENE-0DB330A0CE\Lokale innstillinger\Temp\Cookies\administrator@mywebsearch[1].txt

C:\Documents and Settings\Administrator.LENE-0DB330A0CE\Lokale innstillinger\Temp\Cookies\administrator@zedo[2].txt

C:\Documents and Settings\Administrator.LENE-0DB330A0CE\Lokale innstillinger\Temp\Cookies\[email protected][1].txt

C:\Documents and Settings\Administrator.LENE-0DB330A0CE\Lokale innstillinger\Temp\Cookies\[email protected][1].txt

C:\Documents and Settings\Administrator.LENE-0DB330A0CE\Lokale innstillinger\Temp\Cookies\administrator@adbrite[2].txt

C:\Documents and Settings\Administrator.LENE-0DB330A0CE\Lokale innstillinger\Temp\Cookies\[email protected][1].txt

C:\Documents and Settings\Administrator.LENE-0DB330A0CE\Lokale innstillinger\Temp\Cookies\administrator@mediaplex[1].txt

C:\Documents and Settings\Administrator.LENE-0DB330A0CE\Lokale innstillinger\Temp\Cookies\administrator@adultfriendfinder[1].txt

C:\Documents and Settings\Administrator.LENE-0DB330A0CE\Lokale innstillinger\Temp\Cookies\administrator@advertising[1].txt

C:\Documents and Settings\Administrator.LENE-0DB330A0CE\Lokale innstillinger\Temp\Cookies\[email protected][1].txt

C:\Documents and Settings\Administrator.LENE-0DB330A0CE\Lokale innstillinger\Temp\Cookies\administrator@indexstats[1].txt

C:\Documents and Settings\Administrator.LENE-0DB330A0CE\Lokale innstillinger\Temp\Cookies\[email protected][1].txt

C:\Documents and Settings\Administrator.LENE-0DB330A0CE\Lokale innstillinger\Temp\Cookies\administrator@nordiskporno[1].txt

C:\Documents and Settings\Administrator.LENE-0DB330A0CE\Lokale innstillinger\Temp\Cookies\[email protected][1].txt

C:\Documents and Settings\Administrator.LENE-0DB330A0CE\Lokale innstillinger\Temp\Cookies\[email protected][2].txt

C:\Documents and Settings\Administrator.LENE-0DB330A0CE\Lokale innstillinger\Temp\Cookies\administrator@tradedoubler[2].txt

C:\Documents and Settings\Administrator.LENE-0DB330A0CE\Lokale innstillinger\Temp\Cookies\administrator@casalemedia[1].txt

C:\Documents and Settings\Administrator.LENE-0DB330A0CE\Lokale innstillinger\Temp\Cookies\[email protected][1].txt

C:\Documents and Settings\Administrator.LENE-0DB330A0CE\Lokale innstillinger\Temp\Cookies\[email protected][1].txt

C:\Documents and Settings\Administrator.LENE-0DB330A0CE\Lokale innstillinger\Temp\Cookies\[email protected][2].txt

C:\Documents and Settings\Administrator.LENE-0DB330A0CE\Lokale innstillinger\Temp\Cookies\[email protected][1].txt

C:\Documents and Settings\Administrator.LENE-0DB330A0CE\Lokale innstillinger\Temp\Cookies\administrator@doubleclick[2].txt

C:\Documents and Settings\Administrator.LENE-A8AE0B268C\Cookies\[email protected][1].txt

C:\Documents and Settings\Elisabeth Sylling\Cookies\elisabeth [email protected][1].txt

C:\Documents and Settings\Elisabeth Sylling\Cookies\elisabeth [email protected][1].txt

C:\Documents and Settings\Gjest\Cookies\[email protected][4].txt

C:\Documents and Settings\Gjest\Cookies\gjest@kanoodle[2].txt

C:\Documents and Settings\Gjest\Cookies\gjest@serving-sys[2].txt

C:\Documents and Settings\Gjest\Cookies\gjest@adknowledge[1].txt

C:\Documents and Settings\Gjest\Cookies\gjest@tribalfusion[2].txt

C:\Documents and Settings\Gjest\Cookies\[email protected][1].txt

C:\Documents and Settings\Gjest\Cookies\[email protected][2].txt

C:\Documents and Settings\Gjest\Cookies\[email protected][2].txt

C:\Documents and Settings\Gjest\Cookies\[email protected][3].txt

C:\Documents and Settings\Gjest\Cookies\[email protected][1].txt

C:\Documents and Settings\Gjest\Cookies\[email protected][2].txt

C:\Documents and Settings\Gjest\Cookies\[email protected][1].txt

C:\Documents and Settings\Gjest\Cookies\[email protected][2].txt

C:\Documents and Settings\Gjest\Cookies\gjest@tripod[2].txt

C:\Documents and Settings\Gjest\Cookies\[email protected][1].txt

C:\Documents and Settings\Gjest\Cookies\[email protected][1].txt

C:\Documents and Settings\Gjest\Cookies\[email protected][2].txt

C:\Documents and Settings\Gjest\Cookies\[email protected][1].txt

C:\Documents and Settings\Gjest\Cookies\gjest@doubleclick[1].txt

C:\Documents and Settings\Gjest\Cookies\gjest@pornoarkivet[1].txt

C:\Documents and Settings\Gjest\Cookies\[email protected][1].txt

C:\Documents and Settings\Gjest\Cookies\[email protected][2].txt

C:\Documents and Settings\Gjest\Cookies\[email protected][2].txt

C:\Documents and Settings\Gjest\Cookies\gjest@exitexchange[2].txt

C:\Documents and Settings\Gjest\Cookies\gjest@indextools[1].txt

C:\Documents and Settings\Gjest\Cookies\gjest@atdmt[2].txt

C:\Documents and Settings\Gjest\Cookies\[email protected][2].txt

C:\Documents and Settings\Gjest\Cookies\[email protected][2].txt

C:\Documents and Settings\Gjest\Cookies\[email protected][2].txt

C:\Documents and Settings\Gjest\Cookies\[email protected][1].txt

C:\Documents and Settings\Gjest\Cookies\gjest@stats[1].txt

C:\Documents and Settings\Gjest\Cookies\[email protected][1].txt

C:\Documents and Settings\Gjest\Cookies\gjest@webstats4u[1].txt

C:\Documents and Settings\Gjest\Cookies\[email protected][2].txt

C:\Documents and Settings\Gjest\Cookies\gjest@free-porn[1].txt

C:\Documents and Settings\Gjest\Cookies\gjest@revs=sc9sex[2].txt

C:\Documents and Settings\Gjest\Cookies\gjest@atwola[1].txt

C:\Documents and Settings\Gjest\Cookies\gjest@revs=sc9sex[3].txt

C:\Documents and Settings\Gjest\Cookies\gjest@statcounter[2].txt

C:\Documents and Settings\Gjest\Cookies\[email protected][1].txt

C:\Documents and Settings\Gjest\Cookies\gjest@revenue[2].txt

C:\Documents and Settings\Gjest\Cookies\gjest@smileycentral[1].txt

C:\Documents and Settings\Gjest\Cookies\[email protected][1].txt

C:\Documents and Settings\Gjest\Cookies\[email protected][1].txt

C:\Documents and Settings\Gjest\Cookies\[email protected][2].txt

C:\Documents and Settings\Gjest\Cookies\[email protected][1].txt

C:\Documents and Settings\Gjest\Cookies\[email protected][2].txt

C:\Documents and Settings\Gjest\Cookies\[email protected][1].txt

C:\Documents and Settings\Gjest\Cookies\[email protected][2].txt

C:\Documents and Settings\Gjest\Cookies\[email protected][1].txt

C:\Documents and Settings\Gjest\Cookies\[email protected][1].txt

C:\Documents and Settings\Gjest\Cookies\gjest@mywebsearch[2].txt

C:\Documents and Settings\Gjest\Cookies\[email protected][1].txt

C:\Documents and Settings\Gjest\Cookies\[email protected][2].txt

C:\Documents and Settings\Gjest\Cookies\gjest@paycounter[1].txt

C:\Documents and Settings\Gjest\Cookies\[email protected][1].txt

C:\Documents and Settings\Gjest\Cookies\[email protected][2].txt

C:\Documents and Settings\Gjest\Cookies\gjest@upspiral[1].txt

C:\Documents and Settings\Gjest\Cookies\[email protected][1].txt

C:\Documents and Settings\Gjest\Cookies\gjest@trafficmp[1].txt

C:\Documents and Settings\Gjest\Cookies\gjest@sexlist[1].txt

C:\Documents and Settings\Gjest\Cookies\gjest@sexkanaler[3].txt

C:\Documents and Settings\Gjest\Cookies\gjest@sexkanaler[1].txt

C:\Documents and Settings\Gjest\Cookies\gjest@hotlog[1].txt

C:\Documents and Settings\Gjest\Cookies\gjest@advertising[1].txt

C:\Documents and Settings\Gjest\Cookies\[email protected][1].txt

C:\Documents and Settings\Gjest\Cookies\gjest@zedo[2].txt

C:\Documents and Settings\Gjest\Cookies\[email protected][2].txt

C:\Documents and Settings\Gjest\Cookies\[email protected][2].txt

C:\Documents and Settings\Gjest\Cookies\gjest@hitbox[1].txt

C:\Documents and Settings\Gjest\Cookies\[email protected][1].txt

C:\Documents and Settings\Gjest\Cookies\[email protected][2].txt

C:\Documents and Settings\Gjest\Cookies\[email protected][1].txt

C:\Documents and Settings\Gjest\Cookies\[email protected][1].txt

C:\Documents and Settings\Gjest\Cookies\[email protected][2].txt

C:\Documents and Settings\Gjest\Cookies\gjest@indexstats[2].txt

C:\Documents and Settings\Gjest\Cookies\gjest@247realmedia[2].txt

C:\Documents and Settings\Gjest\Cookies\gjest@tradedoubler[1].txt

C:\Documents and Settings\Gjest\Cookies\gjest@belnk[2].txt

C:\Documents and Settings\Gjest\Cookies\[email protected][2].txt

C:\Documents and Settings\Gjest\Cookies\[email protected][1].txt

C:\Documents and Settings\Gjest\Cookies\gjest@fastclick[2].txt

C:\Documents and Settings\Gjest\Cookies\[email protected][2].txt

C:\Documents and Settings\Gjest\Cookies\gjest@overture[2].txt

C:\Documents and Settings\Gjest\Cookies\gjest@2o7[1].txt

C:\Documents and Settings\Gjest\Cookies\[email protected][1].txt

C:\Documents and Settings\Gjest\Cookies\[email protected][1].txt

C:\Documents and Settings\Gjest\Cookies\gjest@toplist[2].txt

C:\Documents and Settings\Gjest\Cookies\[email protected][1].txt

C:\Documents and Settings\Gjest\Cookies\[email protected][1].txt

C:\Documents and Settings\Gjest\Cookies\gjest@gratis-porno[1].txt

C:\Documents and Settings\Gjest\Cookies\gjest@minitrackmania[1].txt

C:\Documents and Settings\Gjest\Cookies\gjest@sextracker[1].txt

C:\Documents and Settings\Gjest\Cookies\[email protected][1].txt

C:\Documents and Settings\Gjest\Cookies\gjest@toplist[1].txt

C:\Documents and Settings\Gjest\Cookies\[email protected][1].txt

C:\Documents and Settings\Gjest\Cookies\gjest@mediaplex[1].txt

C:\Documents and Settings\Gjest\Cookies\[email protected][2].txt

C:\Documents and Settings\Gjest\Cookies\[email protected][1].txt

C:\Documents and Settings\Gjest\Cookies\[email protected][1].txt

C:\Documents and Settings\Gjest\Cookies\[email protected][3].txt

 

Adware.WebHancer

C:\Programfiler\whInstall\whAgent.inf

C:\Programfiler\whInstall\whInstaller.ini

C:\Programfiler\whInstall

 

Malware.SpyLocked

C:\Programfiler\SpyLocked\ignored.lst

C:\Programfiler\SpyLocked\sd.ini

C:\Programfiler\SpyLocked

C:\SYSTEM VOLUME INFORMATION\_RESTORE{2F3419E5-2C41-49D4-BD23-3B8A8F01B814}\RP1019\A0260493.EXE

 

Adware.Search-Exe

C:\ISP\TISCALI\DATA\SE.EXE

 

Trojan.ErrorSafe

C:\SYSTEM VOLUME INFORMATION\_RESTORE{2F3419E5-2C41-49D4-BD23-3B8A8F01B814}\RP1017\A0259467.LNK

C:\SYSTEM VOLUME INFORMATION\_RESTORE{2F3419E5-2C41-49D4-BD23-3B8A8F01B814}\RP1038\A0261051.EXE

 

Trojan.Media-Codec/Installer

C:\SYSTEM VOLUME INFORMATION\_RESTORE{2F3419E5-2C41-49D4-BD23-3B8A8F01B814}\RP1019\A0260494.EXE

C:\SYSTEM VOLUME INFORMATION\_RESTORE{2F3419E5-2C41-49D4-BD23-3B8A8F01B814}\RP1019\A0260496.EXE

C:\SYSTEM VOLUME INFORMATION\_RESTORE{2F3419E5-2C41-49D4-BD23-3B8A8F01B814}\RP1019\A0260500.EXE

 

Trojan.Smitfraud Variant

C:\SYSTEM VOLUME INFORMATION\_RESTORE{2F3419E5-2C41-49D4-BD23-3B8A8F01B814}\RP1038\A0261052.EXE

 

Trace.Known Threat Sources

C:\Documents and Settings\Administrator.LENE-0DB330A0CE\Lokale innstillinger\Temporary Internet Files\Content.IE5\P3V5F9N8\askeladd[1].htm

 

[norbat]

Start hjt, velg "Do a system scan only", sett merke framfor følgende linjer og klikk Fix checked:

R3 - URLSearchHook: (no name) - {6638A9DE-0745-4292-8A2E-AE530E7B9B3F} - (no file)

O2 - BHO: UrlHelper Class - {74322BF9-DF26-493f-B0DA-6D2FC5E6429E} - C:\Programfiler\BearShare Applications\BearShare MediaBar\BearShareIEHelper.dl

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O3 - Toolbar: BearShare MediaBar - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - C:\Programfiler\BearShare Applications\BearShare MediaBar\BearShareMediaBar.dll

O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/...?p=ZNxmk142YYNO

O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/f...p1.0.0.15-3.cab

 

Slett, om mulig, følgende mapper:

C:\Programfiler\BearShare Applications

C:\PROGRAMFILER\MYWEBSEARCH

 

Fortell hvordan PC-en kjører.

[mona14]

hm, har prøvd å slette BEARSHARE og MYWEBSEARCH på legg til/fjern programmer..

er det ikke blitt gjort riktig? eller er det bare enkelt mappene jeg skal slette?

[norbat]

Det er riktig å avintallere de fra legg til/fjern programmer, men ofte så blir mappene liggende.

[retepnad]

Hei, har et problem med spyware eller en trojan er ikke sikker siden jeg ikke har så mye peiling på dette... Kommer hele tiden frem en "falsk" ting som sier jeg har virus/spyware og skal klikke inn på den. Er rimelig sikker på at dette er tull, men klarer ikke fjerne den. Kommer frem i ny og ne.

 

Noen som vet hva jeg kan gjøre for å fjerne den?

 

Har Vista og virusprogram er Norton 360 (den sier det ikke er noe virus).

 

Takker for hjelp!

[mona14]

Okej, da skal jeg se om jeg finner mappene og slette dem. Har fått tilbakemelding fra eieren av pc-en om at den går fint nå.

 

Så har jeg en ny HijackThis logg fra en annen pc. Fått beskjed om at det er de samme problemene på denne - treg og henger seg opp.

 

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 20:07:40, on 15.12.2007

Platform: Windows Vista (WinNT 6.00.1904)

MSIE: Internet Explorer v7.00 (7.00.6000.16546)

Boot mode: Normal

 

Running processes:

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\SMINST\scheduler.exe

C:\Program Files\Windows Defender\MSASCui.exe

C:\Program Files\Analog Devices\Core\smax4pnp.exe

C:\Program Files\PDF Complete\pdfsty.exe

C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\pthosttr.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe

C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe

C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe

C:\Program Files\Hewlett-Packard\HP Software Update\hpwuSchd2.exe

C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

C:\Program Files\F-Secure\common\FSM32.EXE

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe

C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe

c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE

C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe

C:\Program Files\OpenOffice.org 2.3\program\soffice.exe

C:\Program Files\F-Secure\FSGUI\fsguidll.exe

C:\Program Files\OpenOffice.org 2.3\program\soffice.BIN

C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe

C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

C:\Program Files\Windows Media Player\WMPNSCFG.exe

C:\Program Files\BearShare Applications\BearShare\BearShare.exe

C:\Windows\system32\taskeng.exe

C:\Program Files\Internet Explorer\IEUser.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Program Files\Hewlett-Packard\Smart Web Printing\hpswp_clipbook.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Windows\system32\Macromed\Flash\FlashUtil9e.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

C:\Program Files\Windows Live Toolbar\msn_sl.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...b&pf=laptop

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...b&pf=laptop

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O1 - Hosts: ::1 localhost

O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\Hewlett-Packard\Smart Web Printing\hpswp_framework.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL

O2 - BHO: UrlHelper Class - {74322BF9-DF26-493f-B0DA-6D2FC5E6429E} - C:\Program Files\BearShare Applications\BearShare MediaBar\BearShareIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Påloggingshjelp for Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll

O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll

O3 - Toolbar: BearShare MediaBar - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - C:\Program Files\BearShare Applications\BearShare MediaBar\BearShareMediaBar.dll

O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe

O4 - HKLM\..\Run: [PDF Complete] "C:\Program Files\PDF Complete\pdfsty.exe"

O4 - HKLM\..\Run: [PTHOSTTR] C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE /Start

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe

O4 - HKLM\..\Run: [HP Health Check Scheduler] C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"

O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [WatchDog] C:\Program Files\InterVideo\DVD Check\DVDCheck.exe

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure\Common\FSM32.EXE" /splash

O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\F-Secure\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW

O4 - HKLM\..\RunOnce: [sT Recovery Launcher] %WINDIR%\SMINST\launcher.exe

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter

O4 - HKCU\..\Run: [startCCC] c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe

O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKAL TJENESTE')

O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKAL TJENESTE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETTVERKSTJENESTE')

O4 - Startup: OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe

O4 - Global Startup: BTTray.lnk = ?

O4 - Global Startup: DVD Check.lnk = C:\Program Files\InterVideo\DVD Check\DVDCheck.exe

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe

O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm

O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: Send bilde til &Bluetooth-enhet... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

O8 - Extra context menu item: Send side til &Bluetooth-enhet... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll

O9 - Extra button: Send til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: S&end til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: HP Utklippsbok - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\Hewlett-Packard\Smart Web Printing\hpswp_extensions.dll

O9 - Extra button: HP Smart valgmetode - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\Hewlett-Packard\Smart Web Printing\hpswp_extensions.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O13 - Gopher Prefix:

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL

O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe

O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe

O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe

O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe

O23 - Service: F-Secure Network Request Broker - F-Secure Corporation - C:\Program Files\F-Secure\Common\FNRB32.EXE

O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\F-Secure\FSAUA\program\fsaua.exe

O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe

O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure\Common\FSMA32.EXE

O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe

O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: PDF Document Manager (pdfcDispatcher) - PDF Complete Inc - C:\Program Files\PDF Complete\pdfsvc.exe

O23 - Service: RoxMediaDB9 - Sonic Solutions - c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe

O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe

 

--

End of file - 11512 bytes

 

 

[norbat]

Hei, har et problem med spyware eller en trojan er ikke sikker siden jeg ikke har så mye peiling på dette... Kommer hele tiden frem en "falsk" ting som sier jeg har virus/spyware og skal klikke inn på den. Er rimelig sikker på at dette er tull, men klarer ikke fjerne den. Kommer frem i ny og ne.

 

Noen som vet hva jeg kan gjøre for å fjerne den?

 

Har Vista og virusprogram er Norton 360 (den sier det ikke er noe virus).

 

Takker for hjelp!

 

Hei, retepnad.

Kjør gjennom langversjonen i 1.post og post loggene i en egen tråd som du oppretter ved å klikke på NYTT EMNE-knappen.

[norbat]

mona14,

Det er ingen opplagte ting i loggen som skulle tilsi problemene, men vil anbefale å kjøre gjennom langversjonen i 1.post. Loggene poster du, helst i en egen tråd som du oppretter ved å klikke NYTT EMNE-knappen.

[elZiko]

 

Logfile of HijackThis v1.99.1

Scan saved at 15:40:05, on 27.03.2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe

C:\WINDOWS\system32\spoolsv.exe

C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

C:\PROGRA~1\Grisoft\AVG7\avgemc.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe

C:\WINDOWS\Explorer.EXE

C:\Documents and Settings\All Users\Application Data\arwbyron\ancfytmd.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

C:\Program Files\Winamp\winampa.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\PROGRA~1\Grisoft\AVG7\avgcc.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Steam\Steam.exe

C:\WINDOWS\system32\ebidonwt.exe

C:\PROGRA~1\HEWLET~1\Shared\HPQTOA~1.EXE

C:\Program Files\Pidgin\pidgin.exe

C:\PROGRA~1\MOZILL~2\FIREFOX.EXE

C:\WINDOWS\system32\wuauclt.exe

C:\Documents and Settings\Fredeh\Desktop\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=...6Ojg5&lid=2

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Påloggingshjelp for Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: CoTGT_BHO Class - {C333CF63-767F-4831-94AC-E683D962C63C} - C:\Program Files\TGTSoft\StyleXP\TGT_BHO.dll

O2 - BHO: GNX Bingo - {C6B9885D-B686-49A0-806B-062D4D3B9091} - C:\WINDOWS\kdftlboedsb.dll (file missing)

O3 - Toolbar: qvdntlmw - {66D17C3E-C589-4E86-B772-B03D50846900} - C:\WINDOWS\qvdntlmw.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /nodetect

O4 - HKLM\..\Run: [synTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe

O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe

O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"

O4 - HKLM\..\Run: [antiviirus] C:\Program Files\antiviirus.exe

O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [sTYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide

O4 - HKCU\..\Run: [steam] "C:\Program Files\Steam\Steam.exe" -silent

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [ejjbgroh] C:\WINDOWS\system32\ebidonwt.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1206545745479

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL

O21 - SSODL: VolumeSetup - {f3d88ca2-4888-44cc-8e3c-a2d8a2963be5} - C:\WINDOWS\Installer\{f3d88ca2-4888-44cc-8e3c-a2d8a2963be5}\VolumeSetup.dll

O21 - SSODL: zip - {25237d75-aef0-4d2e-87be-6f19cc384bc7} - C:\WINDOWS\Installer\{25237d75-aef0-4d2e-87be-6f19cc384bc7}\zip.dll

O21 - SSODL: vbgtorfd - {28B05049-8FDD-43A5-8366-63D68BBFB0B4} - C:\WINDOWS\vbgtorfd.dll

O21 - SSODL: dwnrpofk - {FDA762CA-8BA4-446C-9B52-D1513EFF743F} - C:\WINDOWS\dwnrpofk.dll

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe

O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe

 

 

 

 

Noen som kan gå igjenom denne ?

Endret 27. mars 2008 av elZiko

[r2d290]

Hallo elZiko

Gå gjennom LANGVERSONEN av denne guiden (se første post). Posten det blir spurt etter, lager du i en egen tråd (ved å trykke "NY TOPIC").

Du har litt grums på maskinen som må renskes opp i, og det er mer ryddig å gjøre dette i en egen tråd

Endret 27. mars 2008 av r2d290

[CorradoPower]

Hei virus godtfolk!

Sliter med treig data for tiden, har kjørt hijack og lurer på om noen snille sjeler kunne sett over loggen?

 

Klikk for å se/fjerne innholdet nedenfor

Logfile of HijackThis v1.99.1

Scan saved at 22:55:40, on 27.03.2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16608)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe

C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe

C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\Winamp\winampa.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE

C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe

D:\instalert\DAEMON Tools\daemon.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe

C:\Program Files\Logitech\SetPoint\KEM.exe

C:\Program Files\Logitech\SetPoint\KHALMNPR.EXE

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe

C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe

C:\WINDOWS\System32\svchost.exe

C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Windows Live\Messenger\usnsvc.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\LG PC Suite 2\LGPCSuiteLanucher_Setup.exe

D:\instalert\sas\SUPERAntiSpyware.exe

C:\Program Files\Winamp\winamp.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe

D:\instalasjonsfiler\hijackthisNY\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Påloggingshjelp for Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"

O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe

O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [startCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"

O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [DAEMON Tools] "D:\instalert\DAEMON Tools\daemon.exe" -lang 1033

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe

O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe

O4 - HKCU\..\Run: [sUPERAntiSpyware] D:\instalert\sas\SUPERAntiSpyware.exe

O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe

O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\KEM.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O11 - Options group: [iNTERNATIONAL] International*

O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/200612...ex/qtplugin.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by117fd.bay117.hotmail.msn.com/resources/MsnPUpld.cab

O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/Facebo...toUploader3.cab

O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1172252406404

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6.0/jin...ows-i586-jc.cab

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL

O20 - Winlogon Notify: !SASWinLogon - D:\instalert\sas\SASWINLO.dll

O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe

 

[norbat]

CorradoPower:

Loggen viser ingen infiserte filer.

 

Du kunne ha prøvd følgende:

 

Last ned CCleaner. Under installasjonen får du valget om å installere Yahoo Toolbar. Det ønsker du kanskje ikke.

 

Start programmet. Gå til 'Valg'->'Avansert'. Fjern avkryssingen framfor: "bare slett midlertidige filer......." Klikk på 'Renser' og deretter 'Kjør CCleaner'.

 

Sjekk om PC-en trenger en diskdefragmentering:

Tilbehør->systemverktøy->diskdefragmentering.

 

----

Ble PC-en plutselig treg, eller har det gradvis skjedd?

Installerte du noe rett før PC-en ble treg?

[CorradoPower]

Takk skal du ha:)

 

Holder på å gå gjennom langversjon-sjekken nå, kan legge ut log når det er ferdig.

 

Den har blitt gradvis treig, med gradvis mener jeg to-tre uker.

Har ikke instalert noe spesiellet i den perioden!

 

Kan kjøre defragmentering inatt, men hvordan kan jeg "se" om jeg trenger en egentlig?

[norbat]

Du klikker bare på 'Analyser', så får du en anbefaling om hva du bør gjøre.

[CorradoPower]

Og her er sas loggen!

 

Klikk for å se/fjerne innholdet nedenfor

SUPERAntiSpyware Scan Log

http://www.superantispyware.com

 

Generated 03/28/2008 at 00:43 AM

 

Application Version : 4.0.1154

 

Core Rules Database Version : 3426

Trace Rules Database Version: 1418

 

Scan type : Complete Scan

Total Scan Time : 01:45:03

 

Memory items scanned : 593

Memory threats detected : 0

Registry items scanned : 5634

Registry threats detected : 0

File items scanned : 50497

File threats detected : 148

 

Adware.Tracking Cookie

C:\Documents and Settings\Lukas\Cookies\lukas@sexyteenlatinas[1].txt

C:\Documents and Settings\Lukas\Cookies\lukas@advertising[1].txt

C:\Documents and Settings\Lukas\Cookies\lukas@adrevolver[2].txt

C:\Documents and Settings\Lukas\Cookies\lukas@tradedoubler[1].txt

C:\Documents and Settings\Lukas\Cookies\lukas@tribalfusion[2].txt

C:\Documents and Settings\Lukas\Cookies\lukas@mediaplex[1].txt

C:\Documents and Settings\Lukas\Cookies\[email protected][2].txt

C:\Documents and Settings\Lukas\Cookies\lukas@questionmarket[2].txt

C:\Documents and Settings\Lukas\Cookies\[email protected][1].txt

C:\Documents and Settings\Lukas\Cookies\[email protected][1].txt

C:\Documents and Settings\Lukas\Cookies\[email protected][2].txt

C:\Documents and Settings\Lukas\Cookies\lukas@vortexmediagroup[1].txt

C:\Documents and Settings\Lukas\Cookies\lukas@tdstats[1].txt

C:\Documents and Settings\Lukas\Cookies\[email protected][1].txt

C:\Documents and Settings\Lukas\Cookies\[email protected][2].txt

C:\Documents and Settings\Lukas\Cookies\[email protected][1].txt

C:\Documents and Settings\Lukas\Cookies\lukas@pornhub[2].txt

C:\Documents and Settings\Lukas\Cookies\lukas@onlysexybutt[2].txt

C:\Documents and Settings\Lukas\Cookies\lukas@burstnet[2].txt

C:\Documents and Settings\Lukas\Cookies\lukas@freebuttpornvideo[2].txt

C:\Documents and Settings\Lukas\Cookies\[email protected][1].txt

C:\Documents and Settings\Lukas\Cookies\[email protected][2].txt

C:\Documents and Settings\Lukas\Cookies\lukas@interclick[2].txt

C:\Documents and Settings\Lukas\Cookies\lukas@fuckedmature[2].txt

C:\Documents and Settings\Lukas\Cookies\[email protected][1].txt

C:\Documents and Settings\Lukas\Cookies\[email protected][2].txt

C:\Documents and Settings\Lukas\Cookies\[email protected][1].txt

C:\Documents and Settings\Lukas\Cookies\[email protected][1].txt

C:\Documents and Settings\Lukas\Cookies\lukas@tacoda[2].txt

C:\Documents and Settings\Lukas\Cookies\lukas@doubleclick[1].txt

C:\Documents and Settings\Lukas\Cookies\[email protected][1].txt

C:\Documents and Settings\Lukas\Cookies\lukas@4xxxtremepleasures[2].txt

C:\Documents and Settings\Lukas\Cookies\[email protected][1].txt

C:\Documents and Settings\Lukas\Cookies\[email protected][1].txt

C:\Documents and Settings\Lukas\Cookies\[email protected][1].txt

C:\Documents and Settings\Lukas\Cookies\[email protected][2].txt

C:\Documents and Settings\Lukas\Cookies\[email protected][1].txt

C:\Documents and Settings\Lukas\Cookies\lukas@euros4click[2].txt

C:\Documents and Settings\Lukas\Cookies\[email protected][2].txt

C:\Documents and Settings\Lukas\Cookies\lukas@roiservice[1].txt

C:\Documents and Settings\Lukas\Cookies\[email protected][1].txt

C:\Documents and Settings\Lukas\Cookies\lukas@zedo[1].txt

C:\Documents and Settings\Lukas\Cookies\lukas@serving-sys[1].txt

C:\Documents and Settings\Lukas\Cookies\lukas@imrworldwide[2].txt

C:\Documents and Settings\Lukas\Cookies\lukas@xxxblackbook[2].txt

C:\Documents and Settings\Lukas\Cookies\[email protected][2].txt

C:\Documents and Settings\Lukas\Cookies\[email protected][1].txt

C:\Documents and Settings\Lukas\Cookies\lukas@clicksor[1].txt

C:\Documents and Settings\Lukas\Cookies\lukas@indexstats[2].txt

C:\Documents and Settings\Lukas\Cookies\[email protected][1].txt

C:\Documents and Settings\Lukas\Cookies\[email protected][1].txt

C:\Documents and Settings\Lukas\Cookies\lukas@atdmt[1].txt

C:\Documents and Settings\Lukas\Cookies\[email protected][2].txt

C:\Documents and Settings\Lukas\Cookies\lukas@adtech[1].txt

C:\Documents and Settings\Lukas\Cookies\lukas@adbrite[2].txt

C:\Documents and Settings\Lukas\Cookies\[email protected][1].txt

C:\Documents and Settings\Lukas\Cookies\[email protected][1].txt

C:\Documents and Settings\Lukas\Cookies\[email protected][3].txt

C:\Documents and Settings\Lukas\Cookies\[email protected][2].txt

C:\Documents and Settings\Lukas\Cookies\[email protected][1].txt

C:\Documents and Settings\Lukas\Cookies\[email protected][1].txt

C:\Documents and Settings\Lukas\Cookies\lukas@overture[2].txt

C:\Documents and Settings\Lukas\Cookies\lukas@specificclick[2].txt

C:\Documents and Settings\Lukas\Cookies\[email protected][2].txt

C:\Documents and Settings\Lukas\Cookies\lukas@statcounter[1].txt

C:\Documents and Settings\Lukas\Cookies\[email protected][1].txt

C:\Documents and Settings\Lukas\Cookies\[email protected][3].txt

C:\Documents and Settings\Lukas\Cookies\[email protected][2].txt

C:\Documents and Settings\Lukas\Cookies\[email protected][1].txt

C:\Documents and Settings\Lukas\Cookies\[email protected][1].txt

C:\Documents and Settings\Lukas\Cookies\lukas@casalemedia[2].txt

C:\Documents and Settings\Lukas\Cookies\[email protected][1].txt

C:\Documents and Settings\Lukas\Cookies\[email protected][1].txt

C:\Documents and Settings\Lukas\Cookies\[email protected][1].txt

C:\Documents and Settings\Lukas\Cookies\[email protected][4].txt

C:\Documents and Settings\Lukas\Cookies\[email protected][1].txt

C:\Documents and Settings\Lukas\Cookies\[email protected][1].txt

C:\Documents and Settings\Lukas\Cookies\lukas@revsci[1].txt

C:\Documents and Settings\Lukas\Cookies\lukas@clickshift[1].txt

C:\Documents and Settings\Lukas\Cookies\[email protected][1].txt

C:\Documents and Settings\Lukas\Cookies\[email protected][3].txt

C:\Documents and Settings\Lukas\Cookies\[email protected][1].txt

C:\Documents and Settings\Lukas\Cookies\[email protected][2].txt

C:\Documents and Settings\Lukas\Cookies\[email protected][2].txt

C:\Documents and Settings\Lukas\Cookies\lukas@linksynergy[1].txt

C:\Documents and Settings\Lukas\Cookies\lukas@bizrate[2].txt

E:\Users\lukas\AppData\Roaming\Microsoft\Windows\Cookies\Low\lukas@qualitylatinaporn[2].txt

E:\Users\lukas\AppData\Roaming\Microsoft\Windows\Cookies\Low\lukas@freebuttpornvideo[2].txt

E:\Users\lukas\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt

E:\Users\lukas\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt

E:\Users\lukas\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt

E:\Users\lukas\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt

E:\Users\lukas\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt

E:\Users\lukas\AppData\Roaming\Microsoft\Windows\Cookies\Low\lukas@yadro[2].txt

E:\Users\lukas\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt

E:\Users\lukas\AppData\Roaming\Microsoft\Windows\Cookies\Low\lukas@vortexmediagroup[1].txt

E:\Users\lukas\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt

E:\Users\lukas\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt

E:\Users\lukas\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt

E:\Users\lukas\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt

E:\Users\lukas\AppData\Roaming\Microsoft\Windows\Cookies\Low\lukas@xxxblackbook[2].txt

E:\Users\lukas\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt

E:\Users\lukas\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt

E:\Users\lukas\AppData\Roaming\Microsoft\Windows\Cookies\Low\lukas@adnetserver[1].txt

E:\Users\lukas\AppData\Roaming\Microsoft\Windows\Cookies\Low\lukas@famouspornstars[2].txt

E:\Users\lukas\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt

E:\Users\lukas\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt

E:\Users\lukas\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt

E:\Users\lukas\AppData\Roaming\Microsoft\Windows\Cookies\Low\lukas@clickaider[1].txt

E:\Users\lukas\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt

E:\Users\lukas\AppData\Roaming\Microsoft\Windows\Cookies\Low\lukas@onlysexybutt[2].txt

E:\Users\lukas\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt

E:\Users\lukas\AppData\Roaming\Microsoft\Windows\Cookies\Low\lukas@xiti[1].txt

E:\Users\lukas\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt

E:\Users\lukas\AppData\Roaming\Microsoft\Windows\Cookies\Low\lukas@imrworldwide[2].txt

E:\Users\lukas\AppData\Roaming\Microsoft\Windows\Cookies\Low\lukas@superstats[1].txt

E:\Users\lukas\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt

E:\Users\lukas\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][6].txt

E:\Users\lukas\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt

E:\Users\lukas\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt

E:\Users\lukas\AppData\Roaming\Microsoft\Windows\Cookies\Low\lukas@clicktorrent[2].txt

E:\Users\lukas\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt

E:\Users\lukas\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt

E:\Users\lukas\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt

E:\Users\lukas\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt

E:\Users\lukas\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt

E:\Users\lukas\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt

E:\Users\lukas\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt

E:\Users\lukas\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt

E:\Users\lukas\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt

E:\Users\lukas\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt

E:\Users\lukas\AppData\Roaming\Microsoft\Windows\Cookies\Low\lukas@sexynatalie[1].txt

E:\Users\lukas\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt

E:\Users\lukas\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt

E:\Users\lukas\AppData\Roaming\Microsoft\Windows\Cookies\Low\lukas@coolsextoons[2].txt

E:\Users\lukas\AppData\Roaming\Microsoft\Windows\Cookies\Low\lukas@burstnet[1].txt

E:\Users\lukas\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt

E:\Users\lukas\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt

E:\Users\lukas\AppData\Roaming\Microsoft\Windows\Cookies\Low\lukas@precisionclick[1].txt

E:\Users\lukas\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt

E:\Users\lukas\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt

E:\Users\lukas\AppData\Roaming\Microsoft\Windows\Cookies\Low\lukas@atwola[2].txt

E:\Users\lukas\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt

E:\Users\lukas\AppData\Roaming\Microsoft\Windows\Cookies\Low\lukas@4xxxtremepleasures[2].txt

E:\Users\lukas\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt

E:\Users\lukas\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt

E:\Users\lukas\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt

E:\Users\lukas\AppData\Roaming\Microsoft\Windows\Cookies\lukas@imrworldwide[1].txt

[r2d290]

SAS tok en del... Hvordan kjører pc-en nå?

[CorradoPower]

Hei, joda den tok en del! Virker mye raskere nå, takk skal dere ha:)

[r2d290]

fortsett med resten av loggene, så ser vi om det er noe igjen