fxwz Skrevet 16. august 2006 Del Skrevet 16. august 2006 (endret) Siden tråden min ble helt "fucked-up" lager jeg en fortsettelse: Jøssog jøss, trodde du hadde kjørt ccleaner, jeg. Vel: Symantec har et fjerneverktøy for Istbar: http://securityresponse.symantec.com/avcenter/FxIstbar.exe Last ned og kjør. Så trialversjonen av Spysweeper: http://www.webroot.com/consumer/products/s...ode=af1&rc=4129 "Install it. Once the program is installed, it will open. It will prompt you to update to the latest definitions, click Yes. Once the definitions are installed, click Options on the left side. Click the Sweep Options tab. Under What to Sweep please put a check next to the following: * Sweep Memory * Sweep Registry * Sweep Cookies * Sweep All User Accounts * Enable Direct Disk Sweeping * Sweep Contents of Compressed Files * Sweep for Rootkits Please UNCHECK Do not Sweep System Restore Folder. Click Sweep Now on the left side. Click the Start button." Ta vare på loggen. Så var det de Panda fant, de må slettes: C:\Documents and Settings\Quickez\Mine dokumenter\backups\backup-20060815-160154-406.inf C:\Documents and Settings\Quickez\Mine dokumenter\backups\backup-20060815-160154-949.inf C:\Documents and Settings\Quickez\Skrivebord\Ubrukte skrivebordssnarveier\CEDP-Stealer-Setup.exe[MGW_SH.exe] C:\Documents and Settings\Quickez\Skrivebord\Ubrukte skrivebordssnarveier\CEDP-Stealer-Setup.exe[RKInstaller.exe] C:\keys.ini Fant ikke denne C:\WINDOWS\games.exe Disse skal nå teoretisk være borte, men se etter dem og evt slett dem: F:\Installz\Downloading\Azureus.exe[ounist.exe] F:\Installz\Downloading\Azureus.exe[ounist.exe][proxya.exe] F:\Installz\NimoPack10.exe[chchedr.exe] F:\Installz\NimoPack10.exe[cpa.exe] F:\Installz\NimoPack10.exe[cpa.exe][mgrsts.exe] Hvis de ikke lar seg slette bruker du Killbox (google), delete on reboot. CCLEANER trutt og jevnt. Trend Sysclean Sett en ny Pandascan til koking. Hvis du rekker det før bingetid bør du fleske til med en Trend Housecall også. Pfui! Ny HJTlogg, takk, sammen med Spysweeper og Pandalogg. Bernt K 6681782[/snapback] HJT-Logg Logfile of HijackThis v1.99.1 Scan saved at 19:08:21, on 16.08.2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Programfiler\Java\jre1.5.0_04\bin\jusched.exe C:\Programfiler\QuickTime\qttask.exe D:\Program\Media\PCSUIT~1\NOKIAP~1\LAUNCH~1.EXE C:\WINDOWS\system32\rundll32.exe C:\Programfiler\NetCom pcSMS Selvstendig\eSMS Executive Windows.exe D:\Program\Media\Ipod\Itunes\iTunesHelper.exe C:\WINDOWS\system32\ctfmon.exe D:\Program\Media\PC Suite\Nokia PC Suite 6\PcSync2.exe C:\WINDOWS\System32\cisvc.exe D:\Program\Virus\ewido anti-spyware 4.0\guard.exe C:\PROGRA~1\FELLES~1\Nokia\MPAPI\MPAPI3s.exe C:\Programfiler\Fellesfiler\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe D:\Program\Virus\Spy Sweeper\SpySweeper.exe C:\Programfiler\iPod\bin\iPodService.exe C:\Programfiler\Fellesfiler\PCSuite\Services\ServiceLayer.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\cidaemon.exe C:\WINDOWS\system32\svchost.exe D:\Program\Nedlasting\FireFox\firefox.exe C:\Programfiler\Internet Explorer\iexplore.exe D:\Program\Media\Ipod\Itunes\iTunes.exe C:\Programfiler\MSN Messenger\msnmsgr.exe C:\Documents and Settings\Quickez\Mine dokumenter\HijackThis.exe R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: NXIECatcher Class - {83B80A9C-D91A-4F22-8DCF-EA7204039F79} - D:\Program\Nedlasting\NetXfer\NXIEHelper.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O3 - Toolbar: NetXfer - {C16CBAAC-A75C-4DB5-A0DD-CDF5CAFCDD3A} - D:\Program\Nedlasting\NetXfer\NXToolBar.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programfiler\Yahoo!\Companion\Installs\cpn1\yt.dll O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Programfiler\Java\jre1.5.0_04\bin\jusched.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [PCSuiteTrayApplication] "D:\Program\Media\PCSUIT~1\NOKIAP~1\LAUNCH~1.EXE" -startup O4 - HKLM\..\Run: [NetCom pcSMS Selvstendig] "C:\Programfiler\NetCom pcSMS Selvstendig\eSMS Executive Windows.exe" NoDefault O4 - HKLM\..\Run: [iTunesHelper] "D:\Program\Media\Ipod\Itunes\iTunesHelper.exe" O4 - HKLM\..\Run: [spySweeper] "D:\Program\Virus\Spy Sweeper\SpySweeperUI.exe" /startintray O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Programfiler\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [PcSync] "D:\Program\Media\PC Suite\Nokia PC Suite 6\PcSync2.exe" /NoDialog O4 - HKCU\..\Run: [Orb] "D:\Program\Media\Orb\bin\OrbTray.exe" /background O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - d:\program\pda\activesync\INETREPL.DLL O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - d:\program\pda\activesync\INETREPL.DLL O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - d:\program\pda\activesync\INETREPL.DLL O9 - Extra button: Oppslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\Program\School\OFFICE11\REFIEBAR.DLL O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O15 - Trusted IP range: 213.159.117.133 (HKLM) O15 - ProtocolDefaults: 'http' protocol is in Trusted Zone, should be Internet Zone (HKLM) O15 - ProtocolDefaults: 'https' protocol is in Trusted Zone, should be Internet Zone (HKLM) O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O16 - DPF: {A37C6A0C-7CF2-4267-90D2-F0C9349E7950} (AniAvata Control) - http://www.jungsoft.com/muzio2/aniavata/AniAvata.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab31267.cab O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab31267.cab O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O20 - Winlogon Notify: WgaLogon - WgaLogon.dll (file missing) O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Programfiler\Fellesfiler\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - D:\Program\Virus\ewido anti-spyware 4.0\guard.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programfiler\Fellesfiler\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Programfiler\iPod\bin\iPodService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: ServiceLayer - Nokia. - C:\Programfiler\Fellesfiler\PCSuite\Services\ServiceLayer.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\SNDSrvc.exe O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - D:\Program\Virus\Spy Sweeper\SpySweeper.exe ___ Panda Logg Incident Status Location Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Quickez\Programdata\Mozilla\Firefox\Profiles\4gcos4v2.default\cookies.txt[.doubleclick.net/] Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Quickez\Programdata\Mozilla\Firefox\Profiles\4gcos4v2.default\cookies.txt[.mediaplex.com/] Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Quickez\Programdata\Mozilla\Firefox\Profiles\4gcos4v2.default\cookies.txt[.casalemedia.com/] Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Quickez\Programdata\Mozilla\Firefox\Profiles\4gcos4v2.default\cookies.txt[.tribalfusion.com/] Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Quickez\Programdata\Mozilla\Firefox\Profiles\4gcos4v2.default\cookies.txt[.advertising.com/] Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Quickez\Programdata\Mozilla\Firefox\Profiles\4gcos4v2.default\cookies.txt[.atdmt.com/] Spyware:Cookie/Tradedoubler Not disinfected C:\Documents and Settings\Quickez\Programdata\Mozilla\Firefox\Profiles\4gcos4v2.default\cookies.txt[.tradedoubler.com/] Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Quickez\Programdata\Mozilla\Firefox\Profiles\4gcos4v2.default\cookies.txt[ad.yieldmanager.com/] Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Quickez\Programdata\Mozilla\Firefox\Profiles\4gcos4v2.default\cookies.txt[.fastclick.net/] Spyware:Cookie/Adtech Not disinfected C:\Documents and Settings\Quickez\Programdata\Mozilla\Firefox\Profiles\4gcos4v2.default\cookies.txt[.adtech.de/] Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Quickez\Programdata\Mozilla\Firefox\Profiles\4gcos4v2.default\cookies.txt[.hitbox.com/] Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\Quickez\Programdata\Mozilla\Firefox\Profiles\4gcos4v2.default\cookies.txt[as1.falkag.de/] Spyware:Cookie/Bfast Not disinfected C:\Documents and Settings\Quickez\Programdata\Mozilla\Firefox\Profiles\4gcos4v2.default\cookies.txt[.bfast.com/] Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Quickez\Programdata\Mozilla\Firefox\Profiles\4gcos4v2.default\cookies.txt[.statcounter.com/] Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Quickez\Programdata\Mozilla\Firefox\Profiles\4gcos4v2.default\cookies.txt[.zedo.com/] Spyware:Cookie/Research-int Not disinfected C:\Documents and Settings\Quickez\Programdata\Mozilla\Firefox\Profiles\4gcos4v2.default\cookies.txt[.research-int.se/] Spyware:Cookie/Adviva Not disinfected C:\Documents and Settings\Quickez\Programdata\Mozilla\Firefox\Profiles\4gcos4v2.default\cookies.txt[.adviva.net/] Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Quickez\Programdata\Mozilla\Firefox\Profiles\4gcos4v2.default\cookies.txt[.perf.overture.com/] Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Quickez\Programdata\Mozilla\Firefox\Profiles\4gcos4v2.default\cookies.txt[.2o7.net/] Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Quickez\Programdata\Mozilla\Firefox\Profiles\4gcos4v2.default\cookies.txt[.realmedia.com/] Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\Quickez\Programdata\Mozilla\Firefox\Profiles\4gcos4v2.default\cookies.txt[server.iad.liveperson.net/hc/82763522] Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\Quickez\Programdata\Mozilla\Firefox\Profiles\4gcos4v2.default\cookies.txt[server.iad.liveperson.net/] Spyware:Cookie/onestat.com Not disinfected C:\Documents and Settings\Quickez\Programdata\Mozilla\Firefox\Profiles\4gcos4v2.default\cookies.txt[stat.onestat.com/] Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Quickez\Programdata\Mozilla\Firefox\Profiles\4gcos4v2.default\cookies.txt[.ads.pointroll.com/] Adware:adware/delfinmedia Not disinfected C:\keys.ini Spyware:Cookie/Sandboxer Not disinfected C:\RECYCLER\S-1-5-21-1454471165-630328440-839522115-500\Dc49\Cookies\tøbbi@307[1].txt Spyware:Cookie/Sandboxer Not disinfected C:\RECYCLER\S-1-5-21-1454471165-630328440-839522115-500\Dc49\Cookies\tøbbi@307[2].txt Dialer:Dialer.XD Not disinfected C:\RECYCLER\S-1-5-21-1454471165-630328440-839522115-500\Dc49\Lokale innstillinger\Temp\ICD4.tmp\ied.inf Spyware:Cookie/888 Not disinfected C:\RECYCLER\S-1-5-21-1454471165-630328440-839522115-500\Dc49\Programdata\Mozilla\Firefox\Profiles\lhu26co0.default\cookies.txt[.888.com/] Spyware:Cookie/Seeq Not disinfected C:\RECYCLER\S-1-5-21-1454471165-630328440-839522115-500\Dc49\Programdata\Mozilla\Firefox\Profiles\lhu26co0.default\cookies.txt[.seeq.com/] Spyware:Cookie/Maxserving Not disinfected C:\RECYCLER\S-1-5-21-1454471165-630328440-839522115-500\Dc49\Programdata\Mozilla\Firefox\Profiles\lhu26co0.default\cookies.txt[.maxserving.com/] Adware:Adware/IST.ISTBar Not disinfected F:\RECYCLER\S-1-5-21-1454471165-630328440-839522115-1012\Df62.exe[ounist.exe] Adware:Adware/IST.ISTBar Not disinfected F:\RECYCLER\S-1-5-21-1454471165-630328440-839522115-1012\Df62.exe[ounist.exe][proxya.exe] Virus:Trj/Zapchast.AA Not disinfected F:\RECYCLER\S-1-5-21-1454471165-630328440-839522115-1012\Df63.exe[chchedr.exe] Virus:Trj/Pakes.V Not disinfected F:\RECYCLER\S-1-5-21-1454471165-630328440-839522115-1012\Df63.exe[cpa.exe] Adware:Adware/IST.ISTBar Not disinfected F:\RECYCLER\S-1-5-21-1454471165-630328440-839522115-1012\Df63.exe[cpa.exe][mgrsts.exe] ____ Spysweeper Logg 00:30: Removal process completed. Elapsed time 00:02:39 00:28: Quarantining All Traces: statcounter cookie 00:28: Quarantining All Traces: ist sidefind 00:28: Quarantining All Traces: targetsaver 00:28: Quarantining All Traces: delfin 00:28: Quarantining All Traces: marketscore 00:28: Quarantining All Traces: elitebar 00:28: Removal process initiated 00:27: Traces Found: 15 00:27: Full Sweep has completed. Elapsed time 00:57:38 00:27: File Sweep Complete, Elapsed Time: 00:53:58 00:26: Warning: Unable to sweep compressed file: "f:\recycler\s-1-5-21-1454471165-630328440-839522115-1012\df52\nicci juice\wall6.zip": File not found 00:26: Warning: Unable to sweep compressed file: "f:\recycler\s-1-5-21-1454471165-630328440-839522115-1012\df52\nicci juice\wall28.zip": File not found 00:14: Warning: Stream read error 00:09: Warning: Failed to open file "f:\cs\photoshop cs2\goodies\optional plug-ins\ffactory\lights.afs". Operasjonen er utført 00:09: Warning: Failed to open file "f:\cs\photoshop cs2\goodies\web photo gallery templates\horizontal dark\indexpage.htm". Operasjonen er utført 00:09: Warning: Failed to open file "f:\cs\photoshop cs2\goodies\web photo gallery templates\horizontal dark\caption.htm". Operasjonen er utført 00:09: Warning: Failed to open file "f:\cs\photoshop cs2\goodies\web photo gallery templates\horizontal frame\caption.htm". Operasjonen er utført 00:09: Warning: Failed to open file "f:\cs\photoshop cs2\goodies\web photo gallery templates\horizontal light\indexpage.htm". Operasjonen er utført 00:09: Warning: Failed to open file "f:\cs\photoshop cs2\goodies\web photo gallery templates\horizontal light\caption.htm". Operasjonen er utført 00:09: Warning: Failed to open file "f:\cs\photoshop cs2\goodies\web photo gallery templates\horizontal patterned\indexpage.htm". Operasjonen er utført 00:09: Warning: Failed to open file "f:\cs\photoshop cs2\goodies\web photo gallery templates\horizontal patterned\caption.htm". Operasjonen er utført 00:09: Warning: Failed to open file "f:\cs\photoshop cs2\goodies\web photo gallery templates\table\images\previous.gif". Operasjonen er utført 00:09: Warning: Failed to open file "f:\cs\photoshop cs2\goodies\web photo gallery templates\table\images\next.gif". Operasjonen er utført 00:09: Warning: Failed to open file "f:\cs\photoshop cs2\goodies\web photo gallery templates\table\images\home.gif". Operasjonen er utført 00:09: Warning: Failed to open file "f:\cs\photoshop cs2\goodies\web photo gallery templates\table\caption.htm". Operasjonen er utført 00:09: Warning: Failed to open file "f:\cs\photoshop cs2\goodies\web photo gallery templates\table - blue\caption.htm". Operasjonen er utført 00:09: Warning: Failed to open file "f:\cs\photoshop cs2\goodies\web photo gallery templates\vertical slide show 1\indexpage.htm". Operasjonen er utført 00:09: Warning: Failed to open file "f:\cs\photoshop cs2\goodies\web photo gallery templates\vertical slide show 2\indexpage.htm". Operasjonen er utført 00:09: Warning: Failed to open file "f:\cs\photoshop cs2\adobe® photoshop® cs2\abcpy.ini". Operasjonen er utført 00:09: Warning: Failed to open file "f:\installz\driver-stuff te maskina\lydkort\wdm\setup.iss". Operasjonen er utført 00:09: Warning: Failed to open file "f:\installz\driver-stuff te maskina\lydkort\wdm\data2.cab". Operasjonen er utført 00:09: Warning: Failed to open file "f:\installz\driver-stuff te maskina\nættverks-kort\3cdisk1". Operasjonen er utført 00:09: Warning: Failed to open file "f:\div\mobilstuff\kristian cd\rplayer_install_guide_3650.txt". Operasjonen er utført 00:09: Warning: Failed to open file "f:\installz\driver-stuff te maskina\skjærmkort\data2.cab". Operasjonen er utført 00:09: Warning: Failed to open file "f:\div\document\det gode liv\thumbs.db:encryptable". Operasjonen er utført 00:09: Warning: Failed to open file "f:\div\document\div\www.doc". Operasjonen er utført 00:09: Warning: Failed to open file "f:\div\document\div\ny wordpad-dokument.doc". Operasjonen er utført 00:09: Warning: Failed to open file "f:\div\document\div\note2.pwi". Operasjonen er utført 00:09: Warning: Failed to open file "f:\installz\driver-stuff te maskina\usb-ting\layout.bin". Operasjonen er utført 00:09: Warning: Failed to open file "f:\div\document\div\julgava.rtf". Operasjonen er utført 00:09: Warning: Failed to open file "f:\div\document\div\drama stuff.txt". Operasjonen er utført 00:09: Warning: Failed to open file "f:\div\document\div\doc1.doc". Operasjonen er utført 00:09: Warning: Failed to open file "f:\div\document\div\95878371.doc". Operasjonen er utført 00:09: Warning: Failed to open file "f:\div\document\docs\school\thumbs.db:encryptable". Operasjonen er utført 00:09: Warning: Failed to open file "f:\div\document\ny mappe\thumbs.db:encryptable". Operasjonen er utført 00:09: Warning: Failed to open file "f:\div\document\prosjekt\japan\stuff\thumbs.db:encryptable". Operasjonen er utført 00:09: Warning: Failed to open file "f:\div\document\prosjekt\japan\thumbs.db:encryptable". Operasjonen er utført 00:09: Warning: Failed to open file "f:\div\document\prosjekt\mote\thumbs.db:encryptable". Operasjonen er utført 00:09: Warning: Failed to open file "f:\div\document\prosjekt\vindmøller\thumbs.db:encryptable". Operasjonen er utført 00:09: Warning: Failed to open file "f:\div\document\prosjekt\thumbs.db:encryptable". Operasjonen er utført 00:09: Warning: Failed to open file "f:\div\document\download.txt". Operasjonen er utført 00:09: Warning: Failed to open file "f:\div\document\bokstavleik.txt". Operasjonen er utført 00:09: Warning: Failed to open file "f:\div\snes romes\zziptmp_.__z\source\nester.dsw". Operasjonen er utført 00:09: Warning: Failed to open file "f:\bilda\women\elita löfblad\bakgrunner\thumbs.db:encryptable". Operasjonen er utført 00:09: Warning: Failed to open file "f:\bilda\women\elita löfblad\galleri nr (1)\thumbs.db:encryptable". Operasjonen er utført 00:09: Warning: Failed to open file "f:\bilda\women\elita löfblad\galleri nr (10)\thumbs.db:encryptable". Operasjonen er utført 00:09: Warning: Failed to open file "f:\bilda\women\elita löfblad\galleri nr (11)\thumbs.db:encryptable". Operasjonen er utført 00:09: Warning: Failed to open file "f:\bilda\women\elita löfblad\galleri nr (12)\thumbs.db:encryptable". Operasjonen er utført 00:09: Warning: Failed to open file "f:\bilda\women\elita löfblad\galleri nr (13)\thumbs.db:encryptable". Operasjonen er utført 00:09: Warning: Failed to open file "f:\bilda\women\elita löfblad\galleri nr (14)\thumbs.db:encryptable". Operasjonen er utført 00:09: Warning: Failed to open file "f:\bilda\women\elita löfblad\galleri nr (15)\thumbs.db:encryptable". Operasjonen er utført 00:09: Warning: Failed to open file "f:\bilda\women\elita löfblad\galleri nr (16)\thumbs.db:encryptable". Operasjonen er utført 00:09: Warning: Failed to open file "f:\bilda\women\elita löfblad\galleri nr (17)\thumbs.db:encryptable". Operasjonen er utført 00:09: Warning: Failed to open file "f:\bilda\women\elita löfblad\galleri nr (18)\thumbs.db:encryptable". Operasjonen er utført 00:09: Warning: Failed to open file "f:\bilda\women\elita löfblad\galleri nr (2)\thumbs.db:encryptable". Operasjonen er utført 00:09: Warning: Failed to open file "f:\bilda\women\elita löfblad\galleri nr (3)\thumbs.db:encryptable". Operasjonen er utført 00:09: Warning: Failed to open file "f:\bilda\women\elita löfblad\galleri nr (4)\thumbs.db:encryptable". Operasjonen er utført 00:09: Warning: Failed to open file "f:\div\snes romes\zziptmp_.__z\source\src\nes\mapper\245.h". Operasjonen er utført 00:09: Warning: Failed to open file "f:\div\snes romes\zziptmp_.__z\source\src\nes\mapper\060.h". Operasjonen er utført 00:09: Warning: Failed to open file "f:\div\snes romes\zziptmp_.__z\source\src\nes\mapper\183.h". Operasjonen er utført 00:09: Warning: Failed to open file "f:\div\snes romes\zziptmp_.__z\source\src\nes\mapper\058.h". Operasjonen er utført 00:09: Warning: Failed to open file "f:\div\snes romes\zziptmp_.__z\source\src\nes\mapper\057.h". Operasjonen er utført 00:09: Warning: Failed to open file "f:\div\snes romes\zziptmp_.__z\source\src\nes\mapper\237.h". Operasjonen er utført 00:09: Warning: Failed to open file "f:\div\snes romes\zziptmp_.__z\source\src\nes\mapper\236.h". Operasjonen er utført 00:09: Warning: Failed to open file "f:\div\snes romes\zziptmp_.__z\source\src\nes\mapper\051.h". Operasjonen er utført 00:09: Warning: Failed to open file "f:\div\snes romes\zziptmp_.__z\source\src\nes\mapper\105.h". Operasjonen er utført 00:09: Warning: Failed to open file "f:\div\snes romes\zziptmp_.__z\source\src\nes\mapper\235.h". Operasjonen er utført 00:09: Warning: Failed to open file "f:\div\snes romes\zziptmp_.__z\source\src\nes\mapper\234.h". Operasjonen er utført 00:09: Warning: Failed to open file "f:\bilda\women\elita löfblad\galleri nr (5)\thumbs.db:encryptable". Operasjonen er utført 00:09: Warning: Failed to open file "f:\div\snes romes\zziptmp_.__z\source\src\nes\mapper\233.h". Operasjonen er utført 00:09: Warning: Failed to open file "f:\div\snes romes\zziptmp_.__z\source\src\nes\mapper\232.h". Operasjonen er utført 00:09: Warning: Failed to open file "f:\div\snes romes\zziptmp_.__z\source\src\nes\mapper\232.cpp". Operasjonen er utført 00:09: Warning: Failed to open file "f:\div\snes romes\zziptmp_.__z\source\src\nes\mapper\181.h". Operasjonen er utført 00:09: Warning: Failed to open file "f:\div\snes romes\zziptmp_.__z\source\src\nes\mapper\230.h". Operasjonen er utført 00:09: Warning: Failed to open file "f:\div\snes romes\zziptmp_.__z\source\src\nes\mapper\229.h". Operasjonen er utført 00:09: Warning: Failed to open file "f:\div\snes romes\zziptmp_.__z\source\src\nes\mapper\228.h". Operasjonen er utført 00:09: Warning: Failed to open file "f:\bilda\women\elita löfblad\galleri nr (6)\thumbs.db:encryptable". Operasjonen er utført 00:09: Warning: Failed to open file "f:\bilda\women\elita löfblad\galleri nr (7)\thumbs.db:encryptable". Operasjonen er utført 00:09: Warning: Failed to open file "f:\div\snes romes\zziptmp_.__z\source\src\nes\mapper\227.h". Operasjonen er utført 00:09: Warning: Failed to open file "f:\div\snes romes\zziptmp_.__z\source\src\nes\mapper\226.h". Operasjonen er utført 00:09: Warning: Failed to open file "f:\div\snes romes\zziptmp_.__z\source\src\nes\mapper\225.h". Operasjonen er utført 00:09: Warning: Failed to open file "f:\div\snes romes\zziptmp_.__z\source\src\nes\mapper\041.h". Operasjonen er utført 00:09: Warning: Failed to open file "f:\div\snes romes\zziptmp_.__z\source\src\nes\mapper\242.h". Operasjonen er utført 00:09: Warning: Failed to open file "f:\div\snes romes\zziptmp_.__z\source\src\nes\mapper\242.cpp". Operasjonen er utført 00:09: Warning: Failed to open file "f:\div\snes romes\zziptmp_.__z\source\src\nes\mapper\240.h". Operasjonen er utført 00:09: Warning: Failed to open file "f:\bilda\women\elita löfblad\galleri nr (8)\thumbs.db:encryptable". Operasjonen er utført 00:09: Warning: Failed to open file "f:\div\snes romes\zziptmp_.__z\source\src\nes\mapper\013.h". Operasjonen er utført 00:09: Warning: Failed to open file "f:\div\snes romes\zziptmp_.__z\source\src\nes\mapper\088.h". Operasjonen er utført 00:09: Warning: Failed to open file "f:\div\snes romes\zziptmp_.__z\source\src\nes\mapper\076.h". Operasjonen er utført 00:09: Warning: Failed to open file "f:\div\snes romes\zziptmp_.__z\source\src\nes\mapper\189.h". Operasjonen er utført 00:09: Warning: Failed to open file "f:\div\snes romes\zziptmp_.__z\source\src\nes\mapper\182.h". Operasjonen er utført 00:09: Warning: Failed to open file "f:\div\snes romes\zziptmp_.__z\source\src\nes\mapper\160.h". Operasjonen er utført 00:09: Warning: Failed to open file "f:\div\snes romes\zziptmp_.__z\source\src\nes\mapper\117.h". Operasjonen er utført 00:09: Warning: Failed to open file "f:\div\snes romes\zziptmp_.__z\source\src\nes\mapper\113.h". Operasjonen er utført 00:09: Warning: Failed to open file "f:\bilda\women\elita löfblad\galleri nr (9)\thumbs.db:encryptable". Operasjonen er utført 00:09: Warning: Failed to open file "f:\bilda\women\elita löfblad\thumbs.db:encryptable". Operasjonen er utført 00:09: Warning: Failed to open file "f:\bilda\thumbs.db:encryptable". Operasjonen er utført 00:09: Warning: Failed to open file "f:\div\snes romes\zziptmp_.__z\source\src\nes\mapper\091.h". Operasjonen er utført 00:09: Warning: Failed to open file "f:\div\snes romes\zziptmp_.__z\source\src\nes\mapper\083.h". Operasjonen er utført 00:09: Warning: Failed to open file "f:\div\snes romes\zziptmp_.__z\source\src\nes\mapper\050.h". Operasjonen er utført 00:09: Warning: Failed to open file "f:\div\snes romes\zziptmp_.__z\source\src\nes\mapper\050.cpp". Operasjonen er utført 00:09: Warning: Failed to open file "f:\div\snes romes\zziptmp_.__z\source\src\nes\mapper\043.h". Operasjonen er utført 00:09: Warning: Failed to open file "f:\div\snes romes\zziptmp_.__z\source\src\nes\mapper\042.h". Operasjonen er utført 00:09: Warning: Failed to open file "f:\div\snes romes\zziptmp_.__z\source\src\nes\mapper\085.h". Operasjonen er utført 00:09: Warning: Failed to open file "f:\div\snes romes\zziptmp_.__z\source\src\nes\mapper\073.h". Operasjonen er utført 00:09: Warning: Failed to open file "f:\div\snes romes\zziptmp_.__z\source\src\nes\mapper\026.h". Operasjonen er utført 00:09: Warning: Failed to open file "f:\div\snes romes\zziptmp_.__z\source\src\nes\mapper\025.h". Operasjonen er utført 00:09: Warning: Failed to open file "f:\div\snes romes\zziptmp_.__z\source\src\nes\mapper\024.h". Operasjonen er utført 00:09: Warning: Failed to open file "f:\div\snes romes\zziptmp_.__z\source\src\nes\mapper\023.h". Operasjonen er utført 00:09: Warning: Failed to open file "f:\div\snes romes\zziptmp_.__z\source\src\nes\mapper\022.h". Operasjonen er utført 00:09: Warning: Failed to open file "f:\div\snes romes\zziptmp_.__z\source\src\nes\mapper\101.h". Operasjonen er utført 00:09: Warning: Failed to open file "f:\div\snes romes\zziptmp_.__z\source\src\nes\mapper\092.h". Operasjonen er utført 00:09: Warning: Failed to open file "f:\div\snes romes\zziptmp_.__z\source\src\nes\mapper\086.h". Operasjonen er utført 00:09: Warning: Failed to open file "f:\div\snes romes\zziptmp_.__z\source\src\nes\mapper\078.h". Operasjonen er utført 00:09: Warning: Failed to open file "f:\div\snes romes\zziptmp_.__z\source\src\nes\mapper\075.h". Operasjonen er utført 00:09: Warning: Failed to open file "f:\div\snes romes\zziptmp_.__z\source\src\nes\mapper\072.h". Operasjonen er utført 00:09: Warning: Failed to open file "f:\div\snes romes\zziptmp_.__z\source\src\nes\mapper\072.cpp". Operasjonen er utført 00:09: Warning: Failed to open file "f:\div\snes romes\zziptmp_.__z\source\src\nes\mapper\093.h". Operasjonen er utført 00:09: Warning: Failed to open file "f:\div\snes romes\zziptmp_.__z\source\src\nes\mapper\093.cpp". Operasjonen er utført 00:09: Warning: Failed to open file "f:\div\snes romes\zziptmp_.__z\source\src\nes\mapper\089.h". Operasjonen er utført 00:09: Warning: Failed to open file "f:\div\snes romes\zziptmp_.__z\source\src\nes\mapper\069.h". Operasjonen er utført 00:09: Warning: Failed to open file "f:\div\snes romes\zziptmp_.__z\source\src\nes\mapper\068.h". Operasjonen er utført 00:09: Warning: Failed to open file "f:\div\snes romes\zziptmp_.__z\source\src\nes\mapper\077.h". Operasjonen er utført 00:09: Warning: Failed to open file "f:\div\snes romes\zziptmp_.__z\source\src\nes\mapper\077.cpp". Operasjonen er utført 00:09: Warning: Failed to open file "f:\div\snes romes\zziptmp_.__z\source\src\nes\mapper\065.h". Operasjonen er utført 00:09: Warning: Failed to open file "f:\div\snes romes\zziptmp_.__z\source\src\nes\mapper\080.h". Operasjonen er utført 00:09: Warning: Failed to open file "f:\div\snes romes\zziptmp_.__z\source\src\nes\mapper\048.h". Operasjonen er utført 00:09: Warning: Failed to open file "f:\div\snes romes\zziptmp_.__z\source\src\nes\mapper\008.h". Operasjonen er utført 00:09: Warning: Failed to open file "f:\div\snes romes\zziptmp_.__z\source\src\nes\mapper\096.h". Operasjonen er utført 00:09: Warning: Failed to open file "f:\div\snes romes\zziptmp_.__z\source\src\nes\mapper\070.h". Operasjonen er utført 00:09: Warning: Failed to open file "f:\div\snes romes\zziptmp_.__z\source\src\nes\mapper\066.h". Operasjonen er utført 00:09: Warning: Failed to open file "f:\div\snes romes\zziptmp_.__z\source\src\nes\mapper\009.h". Operasjonen er utført 00:09: Warning: Failed to open file "f:\div\snes romes\zziptmp_.__z\source\src\nes\mapper\040.h". Operasjonen er utført 00:09: Warning: Failed to open file "f:\div\snes romes\zziptmp_.__z\source\src\nes\mapper\007.cpp". Operasjonen er utført 00:09: Warning: Failed to open file "f:\div\snes romes\zziptmp_.__z\source\src\nes\mapper\003.cpp". Operasjonen er utført 00:09: Warning: Failed to open file "f:\div\snes romes\zziptmp_.__z\source\src\nes\mapper\019.h". Operasjonen er utført 00:09: Warning: Failed to open file "f:\div\snes romes\zziptmp_.__z\source\src\nes\mapper\151.h". Operasjonen er utført 00:09: Warning: Failed to open file "f:\div\snes romes\zziptmp_.__z\source\src\nes\mapper\010.h". Operasjonen er utført 00:09: Warning: Failed to open file "f:\div\snes romes\zziptmp_.__z\source\src\nes\mapper\064.h". Operasjonen er utført 00:09: Warning: Failed to open file "f:\bilda\women\babe thread\imogan bailey\thumbs.db:encryptable". Operasjonen er utført 00:09: Warning: Failed to open file "f:\bilda\women\babe thread\stars\thumbs.db:encryptable". Operasjonen er utført 00:09: Warning: Failed to open file "f:\bilda\women\babe thread\stars\susan ward\thumbs.db:encryptable". Operasjonen er utført 00:09: Warning: Failed to open file "f:\bilda\women\babe thread\div\thumbs.db:encryptable". Operasjonen er utført 00:09: Warning: Failed to open file "f:\bilda\women\babe thread\military girl\thumbs.db:encryptable". Operasjonen er utført 00:09: Warning: Failed to open file "f:\bilda\women\babe thread\two blondies\thumbs.db:encryptable". Operasjonen er utført 00:09: Warning: Failed to open file "f:\bilda\women\babe thread\two girls\thumbs.db:encryptable". Operasjonen er utført 00:09: Warning: Failed to open file "f:\bilda\women\babe thread\thumbs.db:encryptable". Operasjonen er utført 00:09: Warning: Failed to open file "f:\bilda\women\damer\atomic kitten\liz mcclarnon\thumbs.db:encryptable". Operasjonen er utført 00:09: Warning: Failed to open file "f:\bilda\women\damer\atomic kitten\natasha hamilton\thumbs.db:encryptable". Operasjonen er utført 00:09: Warning: Failed to open file "f:\bilda\women\damer\atomic kitten\jenny frost\thumbs.db:encryptable". Operasjonen er utført 00:09: Warning: Failed to open file "f:\bilda\women\-=damer=-\-=e=-\-=estella warren=-\thumbs.db:encryptable". Operasjonen er utført 00:09: Warning: Failed to open file "f:\bilda\women\-=damer=-\-=h=-\-=heidi klum=-\thumbs.db:encryptable". Operasjonen er utført 00:09: Warning: Failed to open file "f:\bilda\women\-=damer=-\-=p=-\thumbs.db:encryptable". Operasjonen er utført 00:09: Warning: Failed to open file "f:\bilda\women\norwegian celeb\ingvild\ingvild\thumbs.db:encryptable". Operasjonen er utført 00:09: Warning: Failed to open file "f:\bilda\women\-=damer=-\thumbs.db:encryptable". Operasjonen er utført 00:09: Warning: Failed to open file "f:\bilda\women\-=damer=-\-=c=-\-=christina ricci=-\thumbs.db:encryptable". Operasjonen er utført 00:09: Warning: Failed to open file "f:\bilda\women\-=damer=-\-=c=-\-=christina aguilera=-\thumbs.db:encryptable". Operasjonen er utført 00:09: Warning: Failed to open file "f:\bilda\women\-=damer=-\-=c=-\-=cat deeley=-\thumbs.db:encryptable". Operasjonen er utført 00:09: Warning: Failed to open file "f:\bilda\women\-=damer=-\_-=ukjent=-\-=chilenas=-\thumbs.db:encryptable". Operasjonen er utført 00:09: Warning: Failed to open file "f:\bilda\women\-=damer=-\-=h=-\thumbs.db:encryptable". Operasjonen er utført 00:09: Warning: Failed to open file "f:\bilda\women\-=damer=-\-=e=-\thumbs.db:encryptable". Operasjonen er utført 00:09: Warning: Failed to open file "f:\bilda\women\-=damer=-\-=d=-\thumbs.db:encryptable". Operasjonen er utført 00:09: Warning: Failed to open file "f:\bilda\women\-=damer=-\-=c=-\thumbs.db:encryptable". Operasjonen er utført 00:09: Warning: Failed to open file "f:\bilda\women\-=damer=-\_-=ukjent=-\thumbs.db:encryptable". Operasjonen er utført 00:09: Warning: Failed to open file "f:\bilda\women\-=damer=-\-=c=-\-=carmen electra=-\thumbs.db:encryptable". Operasjonen er utført 00:09: Warning: Failed to open file "f:\div\snes romes\zziptmp_.__z\source\src\nes\mapper\185.h". Operasjonen er utført 00:09: Warning: Failed to open file "f:\div\snes romes\zziptmp_.__z\source\src\nes\mapper\032.h". Operasjonen er utført 00:09: Warning: Failed to open file "f:\div\snes romes\zziptmp_.__z\source\src\nes\mapper\082.h". Operasjonen er utført 00:09: Warning: Failed to open file "f:\div\snes romes\zziptmp_.__z\source\src\nes\mapper\018.h". Operasjonen er utført 00:09: Warning: Failed to open file "f:\div\snes romes\zziptmp_.__z\source\src\nes\mapper\122.h". Operasjonen er utført 00:09: Warning: Failed to open file "f:\div\snes romes\zziptmp_.__z\source\src\nes\mapper\231.h". Operasjonen er utført 00:09: Warning: Failed to open file "f:\div\snes romes\zziptmp_.__z\source\src\nes\mapper\243.h". Operasjonen er utført 00:09: Warning: Failed to open file "f:\div\snes romes\zziptmp_.__z\source\src\nes\mapper\015.h". Operasjonen er utført 00:09: Warning: Failed to open file "f:\div\snes romes\zziptmp_.__z\source\src\nes\mapper\246.h". Operasjonen er utført 00:09: Warning: Failed to open file "f:\div\snes romes\zziptmp_.__z\source\src\nes\mapper\033.h". Operasjonen er utført 00:09: Warning: Failed to open file "f:\div\snes romes\zziptmp_.__z\source\src\nes\mapper\079.h". Operasjonen er utført 00:09: Warning: Failed to open file "f:\div\snes romes\zziptmp_.__z\source\src\nes\mapper\255.h". Operasjonen er utført 00:09: Warning: Failed to open file "f:\div\snes romes\zziptmp_.__z\source\src\nes\mapper\034.h". Operasjonen er utført 00:09: Warning: Failed to open file "f:\div\snes romes\zziptmp_.__z\source\src\nes\mapper\087.h". Operasjonen er utført 00:09: Warning: Failed to open file "f:\div\snes romes\zziptmp_.__z\source\src\nes\mapper\021.h". Operasjonen er utført 00:09: Warning: Failed to open file "f:\div\snes romes\zziptmp_.__z\source\src\nes\mapper\067.h". Operasjonen er utført 00:09: Warning: Failed to open file "f:\div\snes romes\zziptmp_.__z\source\src\nes\mapper\097.h". Operasjonen er utført 00:09: Warning: Failed to open file "f:\div\snes romes\zziptmp_.__z\source\src\nes\mapper\180.h". Operasjonen er utført 00:09: Warning: Failed to open file "f:\div\snes romes\zziptmp_.__z\source\src\nes\mapper\017.h". Operasjonen er utført 00:09: Warning: Failed to open file "f:\div\snes romes\zziptmp_.__z\source\src\nes\mapper\180.cpp". Operasjonen er utført 00:09: Warning: Failed to open file "f:\div\snes romes\zziptmp_.__z\source\src\nes\mapper\099.h". Operasjonen er utført 00:09: Warning: Failed to open file "f:\div\snes romes\zziptmp_.__z\source\src\nes\mapper\046.h". Operasjonen er utført 00:09: Warning: Failed to open file "f:\div\snes romes\zziptmp_.__z\source\src\nes\mapper\011.h". Operasjonen er utført 00:09: Warning: Failed to open file "f:\div\snes romes\zziptmp_.__z\source\src\nes\mapper\094.h". Operasjonen er utført 00:09: Warning: Failed to open file "f:\div\snes romes\zziptmp_.__z\source\src\nes\mapper\094.cpp". Operasjonen er utført 00:09: Warning: Failed to open file "f:\div\snes romes\zziptmp_.__z\source\src\nes\mapper\071.h". Operasjonen er utført 00:09: Warning: Failed to open file "f:\div\sata disc\thumbs.db:encryptable". Operasjonen er utført 00:09: Warning: Failed to open file "f:\div\rydd opp\thumbs.db:encryptable". Operasjonen er utført 00:09: Warning: Failed to open file "f:\bilda\women\damer+++\bilder\bilder\bilder\coolstuff\thumbs.db:encryptable". Operasjonen er utført 00:09: Warning: Failed to open file "f:\bilda\women\damer\naomi watts\thumbs.db:encryptable". Operasjonen er utført 00:09: Warning: Failed to open file "f:\div\movies\thumbs.db:encryptable". Operasjonen er utført 00:09: Warning: Failed to open file "f:\bilda\privat\bilda\bilda\wallpapers\thumbs.db:encryptable". Operasjonen er utført 00:09: Warning: Failed to open file "f:\recycler\s-1-5-21-1454471165-630328440-839522115-1012\df52\damer\thumbs.db:encryptable". Operasjonen er utført 00:09: Warning: Failed to open file "f:\recycler\s-1-5-21-1454471165-630328440-839522115-1012\df52\katie price jordan\thumbs.db:encryptable". Operasjonen er utført 00:09: Warning: Failed to open file "f:\bilda\women\norwegian celeb\thumbs.db:encryptable". Operasjonen er utført 00:09: Warning: Failed to open file "f:\recycler\s-1-5-21-1454471165-630328440-839522115-1012\df52\mytti rart\thumbs.db:encryptable". Operasjonen er utført 00:09: Warning: Failed to open file "f:\recycler\s-1-5-21-1454471165-630328440-839522115-1012\df52\others\thumbs.db:encryptable". Operasjonen er utført 00:09: Warning: Failed to open file "f:\recycler\s-1-5-21-1454471165-630328440-839522115-1012\df52\have some more\thumbs.db:encryptable". Operasjonen er utført 00:09: Warning: Failed to open file "f:\recycler\s-1-5-21-1454471165-630328440-839522115-1012\df52\mystique\thumbs.db:encryptable". Operasjonen er utført 00:09: Warning: Failed to open file "f:\recycler\s-1-5-21-1454471165-630328440-839522115-1012\df52\other\lingerie\thumbs.db:encryptable". Operasjonen er utført 00:09: Warning: Failed to open file "f:\recycler\s-1-5-21-1454471165-630328440-839522115-1012\df52\other\selected\thumbs.db:encryptable". Operasjonen er utført 00:09: Warning: Failed to open file "f:\recycler\s-1-5-21-1454471165-630328440-839522115-1012\df52\other\thong\thumbs.db:encryptable". Operasjonen er utført 00:09: Warning: Failed to open file "f:\recycler\s-1-5-21-1454471165-630328440-839522115-1012\df52\other\wet\thumbs.db:encryptable". Operasjonen er utført 00:09: Warning: Failed to open file "f:\bilda\women\-=damer=-\-=h=-\-=hilton=-\thumbs.db:encryptable". Operasjonen er utført 00:09: Warning: Failed to open file "f:\bilda\women\stars\-=r=-\-=renee zellweger=-\thumbs.db:encryptable". Operasjonen er utført 00:09: Warning: Failed to open file "f:\bilda\women\stars\-=r=-\-=rachel stevens=-\thumbs.db:encryptable". Operasjonen er utført 00:09: Warning: Failed to open file "f:\bilda\women\stars\-=j=-\-=johanna Åberg=-\thumbs.db:encryptable". Operasjonen er utført 00:09: Warning: Failed to open Endret 16. august 2006 av Smallville Lenke til kommentar
berxter Skrevet 16. august 2006 Del Skrevet 16. august 2006 (endret) Nuh. Når du kjører ccleaner må du gå til options->advanced, se til at det ikke er noen hake i "only remove temp files older than 48 hours". Den må kjøres for hver profil du har på maskina. Se til at søppelbøttene er tømt. F:\disken din, hva er det? Det er mye søppel der. La oss se om vi får fixa 015-saken, åpne Notepad, kopier dette dit: REGEDIT4 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\Range1] "*"=dword:00000004 ":Range"="213.159.117.133" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\Range1] "*"=- File->save as type->all files Kall den fix.reg og save den til desktopen. Dobbelklikk den, eller høyreklikk og velg Merge, og svar ja på spørsmålet om du vil merge den med registeret. Dette skal tvinge denne russiske IP-en til restricted. ccleaner, og ny Panda og fersk HJTlogg. EDIT: Jeg glemte å si "kryss alle fingra"... Bernt K Endret 16. august 2006 av berxter Lenke til kommentar
fxwz Skrevet 16. august 2006 Forfatter Del Skrevet 16. august 2006 Fikk slettet endel gammelt skrot fra F:\ Samt fjernet den haken som ikke skulle være under innstillingene hos CCleaner __________ Logfile of HijackThis v1.99.1 Scan saved at 22:04:25, on 16.08.2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Programfiler\Java\jre1.5.0_04\bin\jusched.exe C:\Programfiler\QuickTime\qttask.exe D:\Program\Media\PCSUIT~1\NOKIAP~1\LAUNCH~1.EXE C:\WINDOWS\system32\rundll32.exe C:\Programfiler\NetCom pcSMS Selvstendig\eSMS Executive Windows.exe D:\Program\Media\Ipod\Itunes\iTunesHelper.exe C:\WINDOWS\system32\ctfmon.exe D:\Program\Media\PC Suite\Nokia PC Suite 6\PcSync2.exe C:\WINDOWS\System32\cisvc.exe D:\Program\Virus\ewido anti-spyware 4.0\guard.exe C:\PROGRA~1\FELLES~1\Nokia\MPAPI\MPAPI3s.exe C:\Programfiler\Fellesfiler\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe D:\Program\Virus\Spy Sweeper\SpySweeper.exe C:\Programfiler\iPod\bin\iPodService.exe C:\Programfiler\Fellesfiler\PCSuite\Services\ServiceLayer.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\cidaemon.exe C:\WINDOWS\system32\svchost.exe D:\Program\Media\Ipod\Itunes\iTunes.exe C:\Programfiler\MSN Messenger\msnmsgr.exe C:\Programfiler\Internet Explorer\iexplore.exe D:\Program\Nedlasting\FireFox\firefox.exe C:\Documents and Settings\Quickez\Mine dokumenter\HijackThis.exe R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: NXIECatcher Class - {83B80A9C-D91A-4F22-8DCF-EA7204039F79} - D:\Program\Nedlasting\NetXfer\NXIEHelper.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O3 - Toolbar: NetXfer - {C16CBAAC-A75C-4DB5-A0DD-CDF5CAFCDD3A} - D:\Program\Nedlasting\NetXfer\NXToolBar.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programfiler\Yahoo!\Companion\Installs\cpn1\yt.dll O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Programfiler\Java\jre1.5.0_04\bin\jusched.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [PCSuiteTrayApplication] "D:\Program\Media\PCSUIT~1\NOKIAP~1\LAUNCH~1.EXE" -startup O4 - HKLM\..\Run: [NetCom pcSMS Selvstendig] "C:\Programfiler\NetCom pcSMS Selvstendig\eSMS Executive Windows.exe" NoDefault O4 - HKLM\..\Run: [iTunesHelper] "D:\Program\Media\Ipod\Itunes\iTunesHelper.exe" O4 - HKLM\..\Run: [spySweeper] "D:\Program\Virus\Spy Sweeper\SpySweeperUI.exe" /startintray O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Programfiler\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [PcSync] "D:\Program\Media\PC Suite\Nokia PC Suite 6\PcSync2.exe" /NoDialog O4 - HKCU\..\Run: [Orb] "D:\Program\Media\Orb\bin\OrbTray.exe" /background O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - d:\program\pda\activesync\INETREPL.DLL O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - d:\program\pda\activesync\INETREPL.DLL O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - d:\program\pda\activesync\INETREPL.DLL O9 - Extra button: Oppslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\Program\School\OFFICE11\REFIEBAR.DLL O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O15 - ProtocolDefaults: 'http' protocol is in Trusted Zone, should be Internet Zone (HKLM) O15 - ProtocolDefaults: 'https' protocol is in Trusted Zone, should be Internet Zone (HKLM) O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O16 - DPF: {A37C6A0C-7CF2-4267-90D2-F0C9349E7950} (AniAvata Control) - http://www.jungsoft.com/muzio2/aniavata/AniAvata.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab31267.cab O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab31267.cab O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O20 - Winlogon Notify: WgaLogon - WgaLogon.dll (file missing) O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Programfiler\Fellesfiler\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - D:\Program\Virus\ewido anti-spyware 4.0\guard.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programfiler\Fellesfiler\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Programfiler\iPod\bin\iPodService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: ServiceLayer - Nokia. - C:\Programfiler\Fellesfiler\PCSuite\Services\ServiceLayer.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\SNDSrvc.exe O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - D:\Program\Virus\Spy Sweeper\SpySweeper.exe ____________ Panda Activescan Incident Status Location Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Quickez\Cookies\quickez@doubleclick[1].txt Adware:adware/delfinmedia Not disinfected C:\keys.ini Spyware:Cookie/Sandboxer Not disinfected C:\RECYCLER\S-1-5-21-1454471165-630328440-839522115-500\Dc49\Cookies\tøbbi@307[1].txt Spyware:Cookie/Sandboxer Not disinfected C:\RECYCLER\S-1-5-21-1454471165-630328440-839522115-500\Dc49\Cookies\tøbbi@307[2].txt Dialer:Dialer.XD Not disinfected C:\RECYCLER\S-1-5-21-1454471165-630328440-839522115-500\Dc49\Lokale innstillinger\Temp\ICD4.tmp\ied.inf Spyware:Cookie/888 Not disinfected C:\RECYCLER\S-1-5-21-1454471165-630328440-839522115-500\Dc49\Programdata\Mozilla\Firefox\Profiles\lhu26co0.default\cookies.txt[.888.com/] Spyware:Cookie/Seeq Not disinfected C:\RECYCLER\S-1-5-21-1454471165-630328440-839522115-500\Dc49\Programdata\Mozilla\Firefox\Profiles\lhu26co0.default\cookies.txt[.seeq.com/] Spyware:Cookie/Maxserving Not disinfected C:\RECYCLER\S-1-5-21-1454471165-630328440-839522115-500\Dc49\Programdata\Mozilla\Firefox\Profiles\lhu26co0.default\cookies.txt[.maxserving.com/] Lenke til kommentar
berxter Skrevet 16. august 2006 Del Skrevet 16. august 2006 Finner du fortsatt ikke C:\keys.ini ? Nå står bare den og søppelbøtta i c:\ igjen... La HJT fixe de to gjenstående 015greiene. Bernt K Lenke til kommentar
fxwz Skrevet 16. august 2006 Forfatter Del Skrevet 16. august 2006 Har slettet de to 015 greiene. Finner ikke keys.ini (Ja, jeg har valgt å vise skjulte filer) Papirkurven er tom. Hva nå, Bernt? Lenke til kommentar
berxter Skrevet 16. august 2006 Del Skrevet 16. august 2006 Tja, si det.. Delfinmedia skulle ikke være så tøff.. Du får prøve Spybot Adaware begge i safe mode Ewido igjen i safe mode. Spysweeper bør kjøres et par ganger til Trend Housecall i natt Finner du fortsatt den Dialer'n i C:\RECYCLER? Mange anbefaler Superantispyware, og den er verdt å prøve: http://www.spywarefri.dk/manualer/superant...ware-manual.htm Ellers får vi sove på saken. Hvordan er maskina nå? Bernt K Lenke til kommentar
fxwz Skrevet 16. august 2006 Forfatter Del Skrevet 16. august 2006 (endret) Tja, si det.. Delfinmedia skulle ikke være så tøff.. Du får prøve Spybot Adaware begge i safe mode Ewido igjen i safe mode. Spysweeper bør kjøres et par ganger til Trend Housecall i natt Finner du fortsatt den Dialer'n i C:\RECYCLER? Nei Mange anbefaler Superantispyware, og den er verdt å prøve: http://www.spywarefri.dk/manualer/superant...ware-manual.htm Ellers får vi sove på saken. Hvordan er maskina nå? Har ikke merket noe treg loading av nettsider nå Bernt K 6689341[/snapback] Skal se om vi får kjørt de tingene da Endret 16. august 2006 av Smallville Lenke til kommentar
berxter Skrevet 17. august 2006 Del Skrevet 17. august 2006 Jeg har tenkt litt, og søkt litt rundt, og finner intet som tyder på at Delfinmedia skulle være så forbasket hardnakket. I tillegg pleier Spysweeper å ta den. Prøv med de programmene jeg nevnte, og hvis du fortsatt har overskudd til det synes jeg du også skal søke etter rootkits med F-Secure Blacklight. Superantispyware skulle teoretisk kunne erstatte Spybot og Adaware, men jeg er mest vant til dem. Hvis alt dette viser seg å ikke avhjelpe finnes det fortsatt et par alternativer før vi begynner å slå i lufta. Bernt K Lenke til kommentar
fxwz Skrevet 17. august 2006 Forfatter Del Skrevet 17. august 2006 og hvis du fortsatt har overskudd til det synes jeg du også skal søke etter rootkits med F-Secure Blacklight. 6691099[/snapback] Får ikke til å installere, og har vel strengt tatt ingen antivirusprogram gående nå f_secure.bmp Lenke til kommentar
berxter Skrevet 17. august 2006 Del Skrevet 17. august 2006 (endret) Det var jo interessant; prøv http://www.silentrunners.org/. og/eller http://www.sysinternals.com/Utilities/RootkitRevealer.html Den siste har jeg ikke erfaring med, så der får du finne ut selv.. Silentrunners gir en logg som er leselig også for mennesker. Synes vel du skal installere f eks AVG, oppdatere og kjøre i safe mode. Hvis det ikke går kan du prøve med Trend Sysclean og/eller Mcafee Stinger; begge er frittstående scanneprogram. Sysclean er vel noe bedre til å finne svineri (mer omfattende virusdefinisjoner), mens Stinger går på en diskett og tar et begrenset antall problemer. Bernt K Endret 17. august 2006 av berxter Lenke til kommentar
toretors Skrevet 17. august 2006 Del Skrevet 17. august 2006 Fikk du lest posten min i forrige tråd? Lenke til kommentar
fxwz Skrevet 17. august 2006 Forfatter Del Skrevet 17. august 2006 (endret) Fikk til å kjøre f-secure alikevel, etter å ha foretatt all den scanninga Har nok ikke prøvd å resette ruterene/modeme mine, siden internettet fungerer strykende på laptopen. Nå skal jeg kjøre housecall, samt installere avg, og scanne pcen med det. Etterpå blir det vel HJT-Logg, tror jeg Endret 17. august 2006 av Smallville Lenke til kommentar
fxwz Skrevet 17. august 2006 Forfatter Del Skrevet 17. august 2006 (endret) Logfile of HijackThis v1.99.1 Scan saved at 19:18:46, on 17.08.2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Programfiler\Java\jre1.5.0_04\bin\jusched.exe C:\Programfiler\QuickTime\qttask.exe D:\Program\Media\PCSUIT~1\NOKIAP~1\LAUNCH~1.EXE C:\Programfiler\NetCom pcSMS Selvstendig\eSMS Executive Windows.exe C:\WINDOWS\system32\rundll32.exe D:\Program\Media\Ipod\Itunes\iTunesHelper.exe D:\Program\Virus\Spy Sweeper\SpySweeperUI.exe D:\Program\Div\Logitech\iTouch\iTouch.exe D:\Program\Div\plus\MsgPlus.exe D:\Program\Virus\AVG\avgcc.exe C:\WINDOWS\system32\ctfmon.exe D:\Program\Media\PC Suite\Nokia PC Suite 6\PcSync2.exe D:\Program\Virus\SASW\SUPERAntiSpyware.exe D:\Program\Virus\AVG\avgamsvr.exe D:\Program\Virus\AVG\avgupsvc.exe C:\WINDOWS\System32\cisvc.exe D:\Program\Virus\ewido anti-spyware 4.0\guard.exe C:\PROGRA~1\FELLES~1\Nokia\MPAPI\MPAPI3s.exe C:\Programfiler\Fellesfiler\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\Programfiler\MSN Messenger\msnmsgr.exe D:\Program\Virus\Spy Sweeper\SpySweeper.exe C:\Programfiler\iPod\bin\iPodService.exe C:\Programfiler\Fellesfiler\PCSuite\Services\ServiceLayer.exe D:\Program\Virus\Spy Sweeper\SSU.EXE C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\wscntfy.exe D:\Program\Nedlasting\FireFox\firefox.exe C:\Documents and Settings\Quickez\Mine dokumenter\HijackThis.exe R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: NXIECatcher Class - {83B80A9C-D91A-4F22-8DCF-EA7204039F79} - D:\Program\Nedlasting\NetXfer\NXIEHelper.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O3 - Toolbar: NetXfer - {C16CBAAC-A75C-4DB5-A0DD-CDF5CAFCDD3A} - D:\Program\Nedlasting\NetXfer\NXToolBar.dll O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Programfiler\Java\jre1.5.0_04\bin\jusched.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [PCSuiteTrayApplication] "D:\Program\Media\PCSUIT~1\NOKIAP~1\LAUNCH~1.EXE" -startup O4 - HKLM\..\Run: [NetCom pcSMS Selvstendig] "C:\Programfiler\NetCom pcSMS Selvstendig\eSMS Executive Windows.exe" NoDefault O4 - HKLM\..\Run: [iTunesHelper] "D:\Program\Media\Ipod\Itunes\iTunesHelper.exe" O4 - HKLM\..\Run: [spySweeper] "D:\Program\Virus\Spy Sweeper\SpySweeperUI.exe" /startintray O4 - HKLM\..\Run: [zBrowser Launcher] D:\Program\Div\Logitech\iTouch\iTouch.exe O4 - HKLM\..\Run: [MessengerPlus3] "D:\Program\Div\plus\MsgPlus.exe" O4 - HKLM\..\Run: [AVG7_CC] "D:\Program\Virus\AVG\avgcc.exe" /STARTUP O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [PcSync] "D:\Program\Media\PC Suite\Nokia PC Suite 6\PcSync2.exe" /NoDialog O4 - HKCU\..\Run: [Orb] "D:\Program\Media\Orb\bin\OrbTray.exe" /background O4 - HKCU\..\Run: [sUPERAntiSpyware] D:\Program\Virus\SASW\SUPERAntiSpyware.exe O4 - HKCU\..\Run: [MessengerPlus3] "D:\Program\Div\plus\MsgPlus.exe" /WinStart O4 - HKCU\..\Run: [msnmsgr] "C:\Programfiler\MSN Messenger\msnmsgr.exe" /background O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - d:\program\pda\activesync\INETREPL.DLL O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - d:\program\pda\activesync\INETREPL.DLL O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - d:\program\pda\activesync\INETREPL.DLL O9 - Extra button: Oppslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\Program\School\OFFICE11\REFIEBAR.DLL O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O16 - DPF: {A37C6A0C-7CF2-4267-90D2-F0C9349E7950} (AniAvata Control) - http://www.jungsoft.com/muzio2/aniavata/AniAvata.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab31267.cab O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab31267.cab O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O20 - Winlogon Notify: SASWinLogon - D:\Program\Virus\SASW\SASWINLO.dll O20 - Winlogon Notify: WgaLogon - WgaLogon.dll (file missing) O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Programfiler\Fellesfiler\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - D:\Program\Virus\AVG\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - D:\Program\Virus\AVG\avgupsvc.exe O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - D:\Program\Virus\ewido anti-spyware 4.0\guard.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programfiler\Fellesfiler\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Programfiler\iPod\bin\iPodService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: ServiceLayer - Nokia. - C:\Programfiler\Fellesfiler\PCSuite\Services\ServiceLayer.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\SNDSrvc.exe O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - D:\Program\Virus\Spy Sweeper\SpySweeper.exe ____ Nå ser det vel greit ut? Endret 17. august 2006 av Smallville Lenke til kommentar
berxter Skrevet 17. august 2006 Del Skrevet 17. august 2006 Jess! Denne loggen er rein. Kan du spesifisere hva som gjorde susen? Jeg følte nå og da at problemet var litt ugjennomsiktig, og at vi ikke klarte helt å "pinpointe" svineriet. Derfor så mange programmer som ble prøvd.... Bernt K Lenke til kommentar
fxwz Skrevet 17. august 2006 Forfatter Del Skrevet 17. august 2006 Men hvorfor finner jeg fremdeles elfinmedia og keys.int i pandaloggen da? Incident Status Location Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Quickez\Cookies\quickez@doubleclick[1].txt Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Quickez\Programdata\Mozilla\Firefox\Profiles\4gcos4v2.default\cookies.txt[.doubleclick.net/] Possible Virus. Not disinfected C:\Documents and Settings\Quickez\Skrivebord\OrbSetup.exe[OrbStats.dll] Adware:adware/delfinmedia Not disinfected C:\keys.ini Possible Virus. Not disinfected C:\Programfiler\InstallShield Installation Information\{1898B8E5-43E2-4BCA-AD6A-B9FBE0C93F84}\data1.cab[sendStats.exe] Possible Virus. Not disinfected C:\Programfiler\Napster\xdetect.ocx Spyware:Cookie/Sandboxer Not disinfected C:\RECYCLER\S-1-5-21-1454471165-630328440-839522115-500\Dc49\Cookies\tøbbi@307[1].txt Spyware:Cookie/Sandboxer Not disinfected C:\RECYCLER\S-1-5-21-1454471165-630328440-839522115-500\Dc49\Cookies\tøbbi@307[2].txt Dialer:Dialer.XD Not disinfected C:\RECYCLER\S-1-5-21-1454471165-630328440-839522115-500\Dc49\Lokale innstillinger\Temp\ICD4.tmp\ied.inf Spyware:Cookie/888 Not disinfected C:\RECYCLER\S-1-5-21-1454471165-630328440-839522115-500\Dc49\Programdata\Mozilla\Firefox\Profiles\lhu26co0.default\cookies.txt[.888.com/] Spyware:Cookie/Seeq Not disinfected C:\RECYCLER\S-1-5-21-1454471165-630328440-839522115-500\Dc49\Programdata\Mozilla\Firefox\Profiles\lhu26co0.default\cookies.txt[.seeq.com/] Spyware:Cookie/Maxserving Not disinfected C:\RECYCLER\S-1-5-21-1454471165-630328440-839522115-500\Dc49\Programdata\Mozilla\Firefox\Profiles\lhu26co0.default\cookies.txt[.maxserving.com/] Possible Virus. Not disinfected D:\Program\Media\Orb\bin\OrbStats.dll ______ Hva som gjorde susen, avg, ad-aware, eller superantispyware. Var bare disse tre jeg kjørte i sikkermodus, som fant noe. Lenke til kommentar
berxter Skrevet 17. august 2006 Del Skrevet 17. august 2006 Si meg, søker du etter keys.inT?? Du har nå to ganger skrevet det.. keys.ini skal det være. Har du prøvd å bare klistre inn C:\keys.ini i Killbox? Vel. HJT registrerer dem ikke, da de ikke er aktive på en slik måte at HJT ser dem. HJT registrerer bare det som i øyeblikket er aktivt. Nå har det også dukket opp mer; på D:\. Dette er kanskje cd/DVD-stasjonen din? Dersom du kjører ccleaner med haket av i system-> empty recycle bin skal den fjerne Dialer'n. Bernt K Lenke til kommentar
fxwz Skrevet 17. august 2006 Forfatter Del Skrevet 17. august 2006 (endret) Det som er på D:\ er vel ingenting å frykte, da dette er et troverdig program, tror jeg. Har ikke søkt etter keys.int, har bare sett etter via utforsker. Ingenting ved navn keys på c:\, men skal prøve killbox Tøm papirkurven har alltid vært huket av i ccleaner EDIT: Killbox tok keys.ini Endret 17. august 2006 av Smallville Lenke til kommentar
Thor. Skrevet 17. august 2006 Del Skrevet 17. august 2006 Hva gjør denne keys.ini da? Keylogger? Lenke til kommentar
berxter Skrevet 17. august 2006 Del Skrevet 17. august 2006 Neida, det er en komponent av Delfinmedia adware, så det er egentlig ingen svææær affære, men rein maskin er nå engang rein maskin. Ettersom dialer'n bare ligger og koser seg i søppelbøtta er det vel heller ingen stor sak. Bernt K Lenke til kommentar
berxter Skrevet 18. august 2006 Del Skrevet 18. august 2006 Ja, synes da det.. Har selv ikke kjørt Ewido på noen måneder, og vet at grensesnittet har endret seg noe siden sist jeg brukte den, men ser at guiden ble oppdatert i juni, og skulle derfor være up to date. Bernt K Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå