Trenger analyse av HJT-logg [LØST]

Etnies · 29. april 2007

SAS-LOGG

Klikk for å se/fjerne innholdet nedenfor

SUPERAntiSpyware Scan Log

http://www.superantispyware.com

Generated 04/30/2007 at 01:36 AM

Application Version : 3.7.1018

Core Rules Database Version : 3227Trace Rules Database Version: 1238

Scan type : Complete Scan

Total Scan Time : 00:33:33

Memory items scanned : 197

Memory threats detected : 0

Registry items scanned : 5474

Registry threats detected : 230

File items scanned : 30714

File threats detected : 14

Trojan.Smitfraud Variant

HKLM\Software\Classes\CLSID\{b23dc537-3e13-44c7-bf67-d8405eb377f7}

HKCR\CLSID\{B23DC537-3E13-44C7-BF67-D8405EB377F7}

HKCR\CLSID\{B23DC537-3E13-44C7-BF67-D8405EB377F7}\InProcServer32

HKCR\CLSID\{B23DC537-3E13-44C7-BF67-D8405EB377F7}\InProcServer32#ThreadingModel

C:\WINDOWS\SYSTEM32\RCOHTY.DLL

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler#{b23dc537-3e13-44c7-bf67-d8405eb377f7}

Adware.ToolBar888

HKLM\Software\Classes\CLSID\{CBCC61FA-0221-4ccc-B409-CEE865CACA3A}

HKCR\CLSID\{CBCC61FA-0221-4CCC-B409-CEE865CACA3A}

HKCR\CLSID\{CBCC61FA-0221-4CCC-B409-CEE865CACA3A}\InprocServer32

HKCR\CLSID\{CBCC61FA-0221-4CCC-B409-CEE865CACA3A}\InprocServer32#ThreadingModel

HKCR\CLSID\{CBCC61FA-0221-4CCC-B409-CEE865CACA3A}\ProgID

HKCR\CLSID\{CBCC61FA-0221-4CCC-B409-CEE865CACA3A}\Programmable

HKCR\CLSID\{CBCC61FA-0221-4CCC-B409-CEE865CACA3A}\TypeLib

HKCR\CLSID\{CBCC61FA-0221-4CCC-B409-CEE865CACA3A}\VersionIndependentProgID

C:\PROGRAMFILER\TOOLBAR888\MYTOOLBAR.DLL

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CBCC61FA-0221-4ccc-B409-CEE865CACA3A}

HKLM\Software\Microsoft\Internet Explorer\Toolbar#{CBCC61FA-0221-4ccc-B409-CEE865CACA3A}

HKCR\MyToolBar.MyToolBarObj.1

HKCR\MyToolBar.MyToolBarObj.1\CLSID

HKCR\MyToolBar.MyToolBarObj

HKCR\MyToolBar.MyToolBarObj\CLSID

HKCR\MyToolBar.MyToolBarObj\CurVer

HKCR\TypeLib\{CD2A09D7-EE7E-4c25-993C-C2678ECFAD01}

HKCR\TypeLib\{569304BA-83ED-4CFF-AC26-BE3E482F7208}

HKCR\TypeLib\{569304BA-83ED-4CFF-AC26-BE3E482F7208}\1.0

HKCR\TypeLib\{569304BA-83ED-4CFF-AC26-BE3E482F7208}\1.0\0

HKCR\TypeLib\{569304BA-83ED-4CFF-AC26-BE3E482F7208}\1.0\0\win32

HKCR\TypeLib\{569304BA-83ED-4CFF-AC26-BE3E482F7208}\1.0\FLAGS

HKCR\TypeLib\{569304BA-83ED-4CFF-AC26-BE3E482F7208}\1.0\HELPDIR

HKCR\Interface\{C6F2214E-0B54-45A9-B90D-7DD4BA45ED0B}

HKCR\Interface\{C6F2214E-0B54-45A9-B90D-7DD4BA45ED0B}\ProxyStubClsid

HKCR\Interface\{C6F2214E-0B54-45A9-B90D-7DD4BA45ED0B}\ProxyStubClsid32

HKCR\Interface\{C6F2214E-0B54-45A9-B90D-7DD4BA45ED0B}\TypeLib

HKCR\Interface\{C6F2214E-0B54-45A9-B90D-7DD4BA45ED0B}\TypeLib#Version

HKLM\Software\Classes\MyToolBar.MyToolBarObj

HKLM\Software\Classes\MyToolBar.MyToolBarObj\CLSID

HKLM\Software\Classes\MyToolBar.MyToolBarObj\CurVer

HKLM\Software\Classes\MyToolBar.MyToolBarObj.1

HKLM\Software\Classes\MyToolBar.MyToolBarObj.1\CLSID

HKU\S-1-5-21-1645522239-484061587-839522115-1014\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CBCC61FA-0221-4CCC-B409-CEE865CACA3A}

Trojan.Media-Codec/V2

HKLM\Software\Classes\CLSID\{D34F5D71-99E4-4D96-91CA-F4104F69B8AE}

HKCR\CLSID\{D34F5D71-99E4-4D96-91CA-F4104F69B8AE}

HKCR\CLSID\{D34F5D71-99E4-4D96-91CA-F4104F69B8AE}\InprocServer32

HKCR\CLSID\{D34F5D71-99E4-4D96-91CA-F4104F69B8AE}\InprocServer32#ThreadingModel

C:\PROGRAMFILER\VIDEO AX OBJECT\BPVOL.DLL

HKLM\Software\Classes\CLSID\{F0993251-2512-4710-AF6E-0A13EA199D02}

HKCR\CLSID\{F0993251-2512-4710-AF6E-0A13EA199D02}

HKCR\CLSID\{F0993251-2512-4710-AF6E-0A13EA199D02}\Implemented Categories

HKCR\CLSID\{F0993251-2512-4710-AF6E-0A13EA199D02}\Implemented Categories\{00021493-0000-0000-C000-000000000046}

HKCR\CLSID\{F0993251-2512-4710-AF6E-0A13EA199D02}\InprocServer32

HKCR\CLSID\{F0993251-2512-4710-AF6E-0A13EA199D02}\InprocServer32#ThreadingModel

C:\PROGRAMFILER\VIDEO AX OBJECT\SPLUG.DLL

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D34F5D71-99E4-4D96-91CA-F4104F69B8AE}

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Explorer Secure Plug-in

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Explorer Secure Plug-in#DisplayName

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Explorer Secure Plug-in#UninstallString

Trojan.WinAntiSpyware/WinAntiVirus 2006/2007

HKCR\WAP6.PCheck

HKCR\WAP6.PCheck\CLSID

HKCR\WAP6.PCheck\CurVer

HKCR\WAP6.PCheck.1

HKCR\WAP6.PCheck.1\CLSID

HKCR\CLSID\{B2A3156E-3332-4b47-AF5A-5B121503514F}

HKCR\CLSID\{B2A3156E-3332-4b47-AF5A-5B121503514F}\Implemented Categories

HKCR\CLSID\{B2A3156E-3332-4b47-AF5A-5B121503514F}\Implemented Categories\{7DD95801-9882-11CF-9FA9-00AA006C42C4}

HKCR\CLSID\{B2A3156E-3332-4b47-AF5A-5B121503514F}\Implemented Categories\{7DD95802-9882-11CF-9FA9-00AA006C42C4}

HKCR\CLSID\{B2A3156E-3332-4b47-AF5A-5B121503514F}\InprocServer32

HKCR\CLSID\{B2A3156E-3332-4b47-AF5A-5B121503514F}\InprocServer32#ThreadingModel

HKCR\CLSID\{B2A3156E-3332-4b47-AF5A-5B121503514F}\ProgID

HKCR\CLSID\{B2A3156E-3332-4b47-AF5A-5B121503514F}\Programmable

HKCR\CLSID\{B2A3156E-3332-4b47-AF5A-5B121503514F}\VersionIndependentProgID

HKCR\TypeLib\{1234890A-5E6E-4867-8136-CA6F1456B235}

HKCR\TypeLib\{1234890A-5E6E-4867-8136-CA6F1456B235}\1.0

HKCR\TypeLib\{1234890A-5E6E-4867-8136-CA6F1456B235}\1.0\0

HKCR\TypeLib\{1234890A-5E6E-4867-8136-CA6F1456B235}\1.0\0\win32

HKCR\TypeLib\{1234890A-5E6E-4867-8136-CA6F1456B235}\1.0\FLAGS

HKCR\TypeLib\{1234890A-5E6E-4867-8136-CA6F1456B235}\1.0\HELPDIR

HKCR\Interface\{E18B69D0-7E9E-4C6E-BDD8-879A1FFF7123}

HKCR\Interface\{E18B69D0-7E9E-4C6E-BDD8-879A1FFF7123}\ProxyStubClsid

HKCR\Interface\{E18B69D0-7E9E-4C6E-BDD8-879A1FFF7123}\ProxyStubClsid32

HKCR\Interface\{E18B69D0-7E9E-4C6E-BDD8-879A1FFF7123}\TypeLib

HKCR\Interface\{E18B69D0-7E9E-4C6E-BDD8-879A1FFF7123}\TypeLib#Version

Trojan.Unknown Origin

HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{42F2C9BA-614F-47C0-B3E3-ECFD34EED658}

HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{42F2C9BA-614F-47C0-B3E3-ECFD34EED658}#SystemComponent

HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{42F2C9BA-614F-47C0-B3E3-ECFD34EED658}#Installer

HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{42F2C9BA-614F-47C0-B3E3-ECFD34EED658}\Contains

HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{42F2C9BA-614F-47C0-B3E3-ECFD34EED658}\DownloadInformation

HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{42F2C9BA-614F-47C0-B3E3-ECFD34EED658}\DownloadInformation#CODEBASE

HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{42F2C9BA-614F-47C0-B3E3-ECFD34EED658}\InstalledVersion

HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{42F2C9BA-614F-47C0-B3E3-ECFD34EED658}\InstalledVersion#LastModified

Trojan.ZQuest

C:\WINDOWS\dh.ini

Trojan.DollarRevenue

C:\WINDOWS\newname.dat

C:\WINDOWS\keyboard1.dat

Trojan.ErrorSafe

HKCR\clsid\{647b8364-79e0-48e2-a4ca-233abada0c2d}

HKCR\clsid\{647b8364-79e0-48e2-a4ca-233abada0c2d}\Implemented Categories

HKCR\clsid\{647b8364-79e0-48e2-a4ca-233abada0c2d}\Implemented Categories\{7DD95801-9882-11CF-9FA9-00AA006C42C4}

HKCR\clsid\{647b8364-79e0-48e2-a4ca-233abada0c2d}\Implemented Categories\{7DD95802-9882-11CF-9FA9-00AA006C42C4}

HKCR\clsid\{647b8364-79e0-48e2-a4ca-233abada0c2d}\InprocServer32

HKCR\clsid\{647b8364-79e0-48e2-a4ca-233abada0c2d}\InprocServer32#ThreadingModel

HKCR\clsid\{647b8364-79e0-48e2-a4ca-233abada0c2d}\ProgID

HKCR\clsid\{647b8364-79e0-48e2-a4ca-233abada0c2d}\Programmable

HKCR\clsid\{647b8364-79e0-48e2-a4ca-233abada0c2d}\TypeLib

HKCR\clsid\{647b8364-79e0-48e2-a4ca-233abada0c2d}\VersionIndependentProgID

Browser Hijacker.Deskbar

HKCR\DBTB00001.DBTB00001

HKCR\DBTB00001.DBTB00001\CLSID

HKCR\DBTB00001.DBTB00001\CurVer

HKCR\DBTB00001.DBTB00001.1

HKCR\DBTB00001.DBTB00001.1\CLSID

HKCR\DBTB00001.DeskBar

HKCR\DBTB00001.DeskBar\CLSID

HKCR\DBTB00001.DeskBar\CurVer

HKCR\DBTB00001.DeskBar.1

HKCR\DBTB00001.DeskBar.1\CLSID

HKCR\DBTB00001.deskbarBHO

HKCR\DBTB00001.deskbarBHO\CLSID

HKCR\DBTB00001.deskbarBHO\CurVer

HKCR\DBTB00001.deskbarBHO.1

HKCR\DBTB00001.deskbarBHO.1\CLSID

HKCR\DBTB00001.DeskbarEnabler

HKCR\DBTB00001.DeskbarEnabler\CLSID

HKCR\DBTB00001.DeskbarEnabler.1

HKCR\DBTB00001.DeskbarEnabler.1\CLSID

HKCR\Interface\{8F15B157-40D9-4B20-8D3B-B1F8B475B58D}

HKCR\Interface\{8F15B157-40D9-4B20-8D3B-B1F8B475B58D}\ProxyStubClsid

HKCR\Interface\{8F15B157-40D9-4B20-8D3B-B1F8B475B58D}\ProxyStubClsid32

HKCR\Interface\{8F15B157-40D9-4B20-8D3B-B1F8B475B58D}\TypeLib

HKCR\Interface\{8F15B157-40D9-4B20-8D3B-B1F8B475B58D}\TypeLib#Version

HKCR\Interface\{A0881AA1-68BE-41AC-9C0D-4C8A69C6C72C}

HKCR\Interface\{A0881AA1-68BE-41AC-9C0D-4C8A69C6C72C}\ProxyStubClsid

HKCR\Interface\{A0881AA1-68BE-41AC-9C0D-4C8A69C6C72C}\ProxyStubClsid32

HKCR\Interface\{A0881AA1-68BE-41AC-9C0D-4C8A69C6C72C}\TypeLib

HKCR\Interface\{A0881AA1-68BE-41AC-9C0D-4C8A69C6C72C}\TypeLib#Version

HKCR\Interface\{E827FFD9-95D1-4B49-BEB3-5D49E688C108}

HKCR\Interface\{E827FFD9-95D1-4B49-BEB3-5D49E688C108}\ProxyStubClsid

HKCR\Interface\{E827FFD9-95D1-4B49-BEB3-5D49E688C108}\ProxyStubClsid32

HKCR\Interface\{E827FFD9-95D1-4B49-BEB3-5D49E688C108}\TypeLib

HKCR\Interface\{E827FFD9-95D1-4B49-BEB3-5D49E688C108}\TypeLib#Version

Trojan.Media-Codec

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run#user32.dll [ C:\Programfiler\Video AX Object\bpmon.exe ]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run#rare [ C:\Programfiler\Video AX Object\smmain.exe ]

Malware.SpyLocked

HKCR\CLSID\{0B847A1A-A872-95FC-8E22-F8B4AE044657}

HKCR\CLSID\{0B847A1A-A872-95FC-8E22-F8B4AE044657}\InprocServer32

HKCR\CLSID\{0B847A1A-A872-95FC-8E22-F8B4AE044657}\InprocServer32#ThreadingModel

HKCR\CLSID\{0B847A1A-A872-95FC-8E22-F8B4AE044657}\OtiLglrhUikvj

HKCR\CLSID\{0B847A1A-A872-95FC-8E22-F8B4AE044657}\podtlbEyd

HKCR\CLSID\{0B847A1A-A872-95FC-8E22-F8B4AE044657}\pysFxsmg

HKCR\CLSID\{0B847A1A-A872-95FC-8E22-F8B4AE044657}\rxirdocusi

HKCR\CLSID\{0B847A1A-A872-95FC-8E22-F8B4AE044657}\TypeLib

HKCR\CLSID\{0B847A1A-A872-95FC-8E22-F8B4AE044657}\uCniqDrba

HKCR\CLSID\{0B847A1A-A872-95FC-8E22-F8B4AE044657}\wnFySqsxcxws

HKCR\TypeLib\{DB926F0D-182A-4088-9B2A-1DB210619AC2}

HKCR\TypeLib\{DB926F0D-182A-4088-9B2A-1DB210619AC2}\1.0

HKCR\TypeLib\{DB926F0D-182A-4088-9B2A-1DB210619AC2}\1.0\0

HKCR\TypeLib\{DB926F0D-182A-4088-9B2A-1DB210619AC2}\1.0\0\win32

HKCR\TypeLib\{DB926F0D-182A-4088-9B2A-1DB210619AC2}\1.0\FLAGS

HKCR\TypeLib\{DB926F0D-182A-4088-9B2A-1DB210619AC2}\1.0\HELPDIR

HKCR\Interface\{28C185E0-2782-4C11-B414-C749654CEBEF}

HKCR\Interface\{28C185E0-2782-4C11-B414-C749654CEBEF}\ProxyStubClsid

HKCR\Interface\{28C185E0-2782-4C11-B414-C749654CEBEF}\ProxyStubClsid32

HKCR\Interface\{28C185E0-2782-4C11-B414-C749654CEBEF}\TypeLib

HKCR\Interface\{28C185E0-2782-4C11-B414-C749654CEBEF}\TypeLib#Version

HKCR\Interface\{2D9C224E-1640-400D-83D0-3DE904F3CD51}

HKCR\Interface\{2D9C224E-1640-400D-83D0-3DE904F3CD51}\ProxyStubClsid

HKCR\Interface\{2D9C224E-1640-400D-83D0-3DE904F3CD51}\ProxyStubClsid32

HKCR\Interface\{2D9C224E-1640-400D-83D0-3DE904F3CD51}\TypeLib

HKCR\Interface\{2D9C224E-1640-400D-83D0-3DE904F3CD51}\TypeLib#Version

HKCR\Interface\{3BD36779-FABD-4974-B681-95B79900603D}

HKCR\Interface\{3BD36779-FABD-4974-B681-95B79900603D}\ProxyStubClsid

HKCR\Interface\{3BD36779-FABD-4974-B681-95B79900603D}\ProxyStubClsid32

HKCR\Interface\{3BD36779-FABD-4974-B681-95B79900603D}\TypeLib

HKCR\Interface\{3BD36779-FABD-4974-B681-95B79900603D}\TypeLib#Version

HKCR\Interface\{3FBD43FB-45D9-4AD6-97C5-DB2A208DBE1B}

HKCR\Interface\{3FBD43FB-45D9-4AD6-97C5-DB2A208DBE1B}\ProxyStubClsid

HKCR\Interface\{3FBD43FB-45D9-4AD6-97C5-DB2A208DBE1B}\ProxyStubClsid32

HKCR\Interface\{3FBD43FB-45D9-4AD6-97C5-DB2A208DBE1B}\TypeLib

HKCR\Interface\{3FBD43FB-45D9-4AD6-97C5-DB2A208DBE1B}\TypeLib#Version

HKCR\Interface\{458338B4-8CF4-4F76-B05A-391EFCB91DAF}

HKCR\Interface\{458338B4-8CF4-4F76-B05A-391EFCB91DAF}\ProxyStubClsid

HKCR\Interface\{458338B4-8CF4-4F76-B05A-391EFCB91DAF}\ProxyStubClsid32

HKCR\Interface\{458338B4-8CF4-4F76-B05A-391EFCB91DAF}\TypeLib

HKCR\Interface\{458338B4-8CF4-4F76-B05A-391EFCB91DAF}\TypeLib#Version

HKCR\Interface\{49792BDF-272E-485A-8EDC-0F26F3B499A8}

HKCR\Interface\{49792BDF-272E-485A-8EDC-0F26F3B499A8}\ProxyStubClsid

HKCR\Interface\{49792BDF-272E-485A-8EDC-0F26F3B499A8}\ProxyStubClsid32

HKCR\Interface\{49792BDF-272E-485A-8EDC-0F26F3B499A8}\TypeLib

HKCR\Interface\{49792BDF-272E-485A-8EDC-0F26F3B499A8}\TypeLib#Version

HKCR\Interface\{4D3DD52E-F48A-46F2-BE86-7F9B4BA7BB2F}

HKCR\Interface\{4D3DD52E-F48A-46F2-BE86-7F9B4BA7BB2F}\ProxyStubClsid

HKCR\Interface\{4D3DD52E-F48A-46F2-BE86-7F9B4BA7BB2F}\ProxyStubClsid32

HKCR\Interface\{4D3DD52E-F48A-46F2-BE86-7F9B4BA7BB2F}\TypeLib

HKCR\Interface\{4D3DD52E-F48A-46F2-BE86-7F9B4BA7BB2F}\TypeLib#Version

HKCR\Interface\{6DAEFDEA-1466-4A40-A530-E390FF58D248}

HKCR\Interface\{6DAEFDEA-1466-4A40-A530-E390FF58D248}\ProxyStubClsid

HKCR\Interface\{6DAEFDEA-1466-4A40-A530-E390FF58D248}\ProxyStubClsid32

HKCR\Interface\{6DAEFDEA-1466-4A40-A530-E390FF58D248}\TypeLib

HKCR\Interface\{6DAEFDEA-1466-4A40-A530-E390FF58D248}\TypeLib#Version

HKCR\Interface\{725BAD2A-8A0E-42D5-A028-B51794238C35}

HKCR\Interface\{725BAD2A-8A0E-42D5-A028-B51794238C35}\ProxyStubClsid

HKCR\Interface\{725BAD2A-8A0E-42D5-A028-B51794238C35}\ProxyStubClsid32

HKCR\Interface\{725BAD2A-8A0E-42D5-A028-B51794238C35}\TypeLib

HKCR\Interface\{725BAD2A-8A0E-42D5-A028-B51794238C35}\TypeLib#Version

HKCR\Interface\{9692D0FB-693D-4B8C-8D61-040DBBE5D617}

HKCR\Interface\{9692D0FB-693D-4B8C-8D61-040DBBE5D617}\ProxyStubClsid

HKCR\Interface\{9692D0FB-693D-4B8C-8D61-040DBBE5D617}\ProxyStubClsid32

HKCR\Interface\{9692D0FB-693D-4B8C-8D61-040DBBE5D617}\TypeLib

HKCR\Interface\{9692D0FB-693D-4B8C-8D61-040DBBE5D617}\TypeLib#Version

HKCR\Interface\{C099E01B-9751-46F7-AAC8-386F3B4EEC92}

HKCR\Interface\{C099E01B-9751-46F7-AAC8-386F3B4EEC92}\ProxyStubClsid

HKCR\Interface\{C099E01B-9751-46F7-AAC8-386F3B4EEC92}\ProxyStubClsid32

HKCR\Interface\{C099E01B-9751-46F7-AAC8-386F3B4EEC92}\TypeLib

HKCR\Interface\{C099E01B-9751-46F7-AAC8-386F3B4EEC92}\TypeLib#Version

HKCR\Interface\{CAB9D558-0A83-4528-988A-CB1D7A69022E}

HKCR\Interface\{CAB9D558-0A83-4528-988A-CB1D7A69022E}\ProxyStubClsid

HKCR\Interface\{CAB9D558-0A83-4528-988A-CB1D7A69022E}\ProxyStubClsid32

HKCR\Interface\{CAB9D558-0A83-4528-988A-CB1D7A69022E}\TypeLib

HKCR\Interface\{CAB9D558-0A83-4528-988A-CB1D7A69022E}\TypeLib#Version

HKCR\Interface\{CC17B63E-CB49-4D83-A33E-91ED305AB85E}

HKCR\Interface\{CC17B63E-CB49-4D83-A33E-91ED305AB85E}\ProxyStubClsid

HKCR\Interface\{CC17B63E-CB49-4D83-A33E-91ED305AB85E}\ProxyStubClsid32

HKCR\Interface\{CC17B63E-CB49-4D83-A33E-91ED305AB85E}\TypeLib

HKCR\Interface\{CC17B63E-CB49-4D83-A33E-91ED305AB85E}\TypeLib#Version

HKCR\Interface\{D5531EF6-EFDA-4894-9A24-8DA190940C38}

HKCR\Interface\{D5531EF6-EFDA-4894-9A24-8DA190940C38}\ProxyStubClsid

HKCR\Interface\{D5531EF6-EFDA-4894-9A24-8DA190940C38}\ProxyStubClsid32

HKCR\Interface\{D5531EF6-EFDA-4894-9A24-8DA190940C38}\TypeLib

HKCR\Interface\{D5531EF6-EFDA-4894-9A24-8DA190940C38}\TypeLib#Version

HKCR\Interface\{E916C096-5854-432E-8624-AFCF464D57F8}

HKCR\Interface\{E916C096-5854-432E-8624-AFCF464D57F8}\ProxyStubClsid

HKCR\Interface\{E916C096-5854-432E-8624-AFCF464D57F8}\ProxyStubClsid32

HKCR\Interface\{E916C096-5854-432E-8624-AFCF464D57F8}\TypeLib

HKCR\Interface\{E916C096-5854-432E-8624-AFCF464D57F8}\TypeLib#Version

HKCR\Interface\{FC55856C-204B-45B0-9467-4FBAE8D8FE73}

HKCR\Interface\{FC55856C-204B-45B0-9467-4FBAE8D8FE73}\ProxyStubClsid

HKCR\Interface\{FC55856C-204B-45B0-9467-4FBAE8D8FE73}\ProxyStubClsid32

HKCR\Interface\{FC55856C-204B-45B0-9467-4FBAE8D8FE73}\TypeLib

HKCR\Interface\{FC55856C-204B-45B0-9467-4FBAE8D8FE73}\TypeLib#Version

Worm.Alcra Variant

C:\WINDOWS\SYSTEM32\CMD.COM

C:\WINDOWS\SYSTEM32\NETSTAT.COM

C:\WINDOWS\SYSTEM32\PING.COM

C:\WINDOWS\SYSTEM32\REGEDIT.COM

C:\WINDOWS\SYSTEM32\TASKKILL.COM

C:\WINDOWS\SYSTEM32\TASKLIST.COM

C:\WINDOWS\SYSTEM32\TRACERT.COM

HJT-Logg

Klikk for å se/fjerne innholdet nedenfor

Logfile of HijackThis v1.99.1

Scan saved at 01:48:14, on 30.04.07

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\msnlogm.exe

C:\WINDOWS\system32\VTTimer.exe

C:\WINDOWS\msnlogs.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Programfiler\MSN Messenger\msnmsgr.exe

C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\notepad.exe

C:\PROGRA~1\Mozilla Firefox\firefox.exe

C:\Documents and Settings\- Nils\Skrivebord\rootchk.exe

C:\WINDOWS\system32\cmd.exe

C:\DOCUME~1\-NILS~1\LOKALE~1\Temp\Rootchk\catchme.exe

C:\Programfiler\HijackThis\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.5.0_11\bin\ssv.dll

O2 - BHO: FoxyTunes Toolbar Helper - {784D8FBC-4165-4D88-90FB-62907ACDD045} - C:\Programfiler\FoxyTunes\ForInternetExplorer\components\IE\FoxyTunesForIE.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: NOW!Imaging - {9AA2F14F-E956-44B8-8694-A5B615CDF341} - C:\Programfiler\Start.no Turbo\components\NOWImaging.dll (file missing)

O2 - BHO: (no name) - {CA48BC8F-2338-74B6-10FC-01E2E9737694} - C:\WINDOWS\system32\xjaww.dll (file missing)

O2 - BHO: PrintViewBHO Class - {D4E0C464-30CE-4075-9A10-71FD106C2847} - C:\PROGRA~2\PRINTV~1\PRINTH~1.DLL (file missing)

O2 - BHO: (no name) - {F789DB71-1D9F-4E1C-E180-6664718B4E90} - C:\WINDOWS\system32\ilkau.dll (file missing)

O3 - Toolbar: FoxyTunes Toolbar - {1D1901C3-F72A-46f3-9DBB-0AAA0DEEF6DF} - C:\Programfiler\FoxyTunes\ForInternetExplorer\components\IE\FoxyTunesForIE.dll

O4 - HKLM\..\Run: [msnsyslog] C:\WINDOWS\msnlogm.exe

O4 - HKLM\..\Run: [defender] C:\\dfndrff_e37.exe

O4 - HKLM\..\Run: [VTTimer] VTTimer.exe

O4 - HKLM\..\Run: [newname] C:\\nwnmff_e37.exe

O4 - HKLM\..\Run: [keyboard] C:\\kybrdff_e37.exe

O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto

O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Programfiler\MSN Messenger\msnmsgr.exe" /background

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0_11\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0_11\bin\ssv.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: c:\programfiler\bonjour\mdnsnsp.dll

O11 - Options group: [iNTERNATIONAL] International*

O12 - Plugin for .spop: C:\Programfiler\Internet Explorer\Plugins\NPDocBox.dll

O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab

O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab

O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwe...tup1.0.0.15.cab

O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab

O16 - DPF: {2E28242B-A689-11D4-80F2-0040266CBB8D} (KXHCM10 Control) - http://domecam.uridium.ch/kxhcm10.ocx

O16 - DPF: {39D420B3-E0EB-424C-89AA-C24F8DE7EF79} (KooPlayer Control) - http://www.mpw.no/TvNorge/KooPlayer.ocx

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by111fd.bay111.hotmail.msn.com/resources/MsnPUpld.cab

O16 - DPF: {5CD4310E-88FB-43C1-BE24-5F3FA9C5C9D1} (KooPlayer Control) - http://www.tvlution.com/KooPlayer.ocx

O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1125581468077

O16 - DPF: {745395C8-D0E1-4227-8586-624CA9A10A8D} (AxisMediaControl Class) - http://webcam.datainstituttet.no/activex/AMC.cab

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab

O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://www.opentopia.com/support/activex/AxisCamControl.cab

O16 - DPF: {C111A91F-D4EC-4D22-8D27-C3BCB0389F43} (AudioHandlerEmbedded) - http://aucam.dyndns.biz/activex/AMC.cab

O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} (AxisMediaControlEmb Class) - http://cafecam.heerenvanbeijerland.nl/activex/AMC.cab

O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.com/games/popcaploader_v6.cab

O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab

O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab31267.cab

O18 - Protocol: bw+0 - {17440C8A-E758-431C-93AC-CDFF676E2C79} - C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw+0s - {17440C8A-E758-431C-93AC-CDFF676E2C79} - C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw-0 - {17440C8A-E758-431C-93AC-CDFF676E2C79} - C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw-0s - {17440C8A-E758-431C-93AC-CDFF676E2C79} - C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw00 - {17440C8A-E758-431C-93AC-CDFF676E2C79} - C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw00s - {17440C8A-E758-431C-93AC-CDFF676E2C79} - C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw10 - {17440C8A-E758-431C-93AC-CDFF676E2C79} - C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw10s - {17440C8A-E758-431C-93AC-CDFF676E2C79} - C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw20 - {17440C8A-E758-431C-93AC-CDFF676E2C79} - C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw20s - {17440C8A-E758-431C-93AC-CDFF676E2C79} - C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw30 - {17440C8A-E758-431C-93AC-CDFF676E2C79} - C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw30s - {17440C8A-E758-431C-93AC-CDFF676E2C79} - C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw40 - {17440C8A-E758-431C-93AC-CDFF676E2C79} - C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw40s - {17440C8A-E758-431C-93AC-CDFF676E2C79} - C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw50 - {17440C8A-E758-431C-93AC-CDFF676E2C79} - C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw50s - {17440C8A-E758-431C-93AC-CDFF676E2C79} - C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw60 - {17440C8A-E758-431C-93AC-CDFF676E2C79} - C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw60s - {17440C8A-E758-431C-93AC-CDFF676E2C79} - C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw70 - {17440C8A-E758-431C-93AC-CDFF676E2C79} - C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw70s - {17440C8A-E758-431C-93AC-CDFF676E2C79} - C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw80 - {17440C8A-E758-431C-93AC-CDFF676E2C79} - C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw80s - {17440C8A-E758-431C-93AC-CDFF676E2C79} - C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw90 - {17440C8A-E758-431C-93AC-CDFF676E2C79} - C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw90s - {17440C8A-E758-431C-93AC-CDFF676E2C79} - C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwa0 - {17440C8A-E758-431C-93AC-CDFF676E2C79} - C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwa0s - {17440C8A-E758-431C-93AC-CDFF676E2C79} - C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwb0 - {17440C8A-E758-431C-93AC-CDFF676E2C79} - C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwb0s - {17440C8A-E758-431C-93AC-CDFF676E2C79} - C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwc0 - {17440C8A-E758-431C-93AC-CDFF676E2C79} - C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwc0s - {17440C8A-E758-431C-93AC-CDFF676E2C79} - C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwd0 - {17440C8A-E758-431C-93AC-CDFF676E2C79} - C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwd0s - {17440C8A-E758-431C-93AC-CDFF676E2C79} - C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwe0 - {17440C8A-E758-431C-93AC-CDFF676E2C79} - C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwe0s - {17440C8A-E758-431C-93AC-CDFF676E2C79} - C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwf0 - {17440C8A-E758-431C-93AC-CDFF676E2C79} - C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwf0s - {17440C8A-E758-431C-93AC-CDFF676E2C79} - C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll

O18 - Protocol: bwg0 - {17440C8A-E758-431C-93AC-CDFF676E2C79} - C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwg0s - {17440C8A-E758-431C-93AC-CDFF676E2C79} - C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwh0 - {17440C8A-E758-431C-93AC-CDFF676E2C79} - C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwh0s - {17440C8A-E758-431C-93AC-CDFF676E2C79} - C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwi0 - {17440C8A-E758-431C-93AC-CDFF676E2C79} - C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwi0s - {17440C8A-E758-431C-93AC-CDFF676E2C79} - C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwj0 - {17440C8A-E758-431C-93AC-CDFF676E2C79} - C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwj0s - {17440C8A-E758-431C-93AC-CDFF676E2C79} - C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwk0 - {17440C8A-E758-431C-93AC-CDFF676E2C79} - C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwk0s - {17440C8A-E758-431C-93AC-CDFF676E2C79} - C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwl0 - {17440C8A-E758-431C-93AC-CDFF676E2C79} - C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwl0s - {17440C8A-E758-431C-93AC-CDFF676E2C79} - C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwm0 - {17440C8A-E758-431C-93AC-CDFF676E2C79} - C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwm0s - {17440C8A-E758-431C-93AC-CDFF676E2C79} - C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwn0 - {17440C8A-E758-431C-93AC-CDFF676E2C79} - C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwn0s - {17440C8A-E758-431C-93AC-CDFF676E2C79} - C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwo0 - {17440C8A-E758-431C-93AC-CDFF676E2C79} - C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwo0s - {17440C8A-E758-431C-93AC-CDFF676E2C79} - C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwp0 - {17440C8A-E758-431C-93AC-CDFF676E2C79} - C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwp0s - {17440C8A-E758-431C-93AC-CDFF676E2C79} - C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwq0 - {17440C8A-E758-431C-93AC-CDFF676E2C79} - C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwq0s - {17440C8A-E758-431C-93AC-CDFF676E2C79} - C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwr0 - {17440C8A-E758-431C-93AC-CDFF676E2C79} - C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwr0s - {17440C8A-E758-431C-93AC-CDFF676E2C79} - C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bws0 - {17440C8A-E758-431C-93AC-CDFF676E2C79} - C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bws0s - {17440C8A-E758-431C-93AC-CDFF676E2C79} - C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwt0 - {17440C8A-E758-431C-93AC-CDFF676E2C79} - C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwt0s - {17440C8A-E758-431C-93AC-CDFF676E2C79} - C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwu0 - {17440C8A-E758-431C-93AC-CDFF676E2C79} - C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwu0s - {17440C8A-E758-431C-93AC-CDFF676E2C79} - C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwv0 - {17440C8A-E758-431C-93AC-CDFF676E2C79} - C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwv0s - {17440C8A-E758-431C-93AC-CDFF676E2C79} - C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bww0 - {17440C8A-E758-431C-93AC-CDFF676E2C79} - C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bww0s - {17440C8A-E758-431C-93AC-CDFF676E2C79} - C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwx0 - {17440C8A-E758-431C-93AC-CDFF676E2C79} - C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwx0s - {17440C8A-E758-431C-93AC-CDFF676E2C79} - C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwy0 - {17440C8A-E758-431C-93AC-CDFF676E2C79} - C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwy0s - {17440C8A-E758-431C-93AC-CDFF676E2C79} - C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwz0 - {17440C8A-E758-431C-93AC-CDFF676E2C79} - C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwz0s - {17440C8A-E758-431C-93AC-CDFF676E2C79} - C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: offline-8876480 - {17440C8A-E758-431C-93AC-CDFF676E2C79} - C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O20 - Winlogon Notify: !SASWinLogon - C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

Rootchk Logg

Klikk for å se/fjerne innholdet nedenfor

******************************** ROOTCHK-(25-04-07)-LOG, by ejvindh

30.04.07 1:46:49,21

Driver nm (visible) is present. Run COMBOFIX by sUBs.

********************************* ROOTCHK-LOG-end

catchme 0.3.660 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net

Rootkit scan 2007-04-30 01:46:50

Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run

msnsyslog = C:\WINDOWS\msnlogm.exe??X?2??|d?2??|p?2??|??8[??H??|8??|??2??|?|?|??%?@?R?B~??%?@?\?B~??@?@?

scanning hidden files ...

C:\RECYCLER\S-1-5-21-1645522239-484061587-839522115-1006\Dc75\Thumbs.db

C:\RECYCLER\S-1-5-21-1645522239-484061587-839522115-1006\Dc75\Thumbs.db:encryptable 0 bytes hidden from API

C:\RECYCLER\S-1-5-21-1645522239-484061587-839522115-1006\Dc99\Thumbs.db

C:\RECYCLER\S-1-5-21-1645522239-484061587-839522115-1006\Dc99\Thumbs.db:encryptable 0 bytes hidden from API

C:\RECYCLER\S-1-5-21-1645522239-484061587-839522115-1006\Dc307\DSCN0229.JPG

C:\RECYCLER\S-1-5-21-1645522239-484061587-839522115-1006\Dc307\DSCN0230.JPG

C:\RECYCLER\S-1-5-21-1645522239-484061587-839522115-1006\Dc307\Thumbs.db

C:\RECYCLER\S-1-5-21-1645522239-484061587-839522115-1006\Dc307\Thumbs.db:encryptable 0 bytes hidden from API

C:\RECYCLER\S-1-5-21-1645522239-484061587-839522115-1006\Dc336\Thumbs.db

C:\RECYCLER\S-1-5-21-1645522239-484061587-839522115-1006\Dc336\Thumbs.db:encryptable 0 bytes hidden from API

C:\RECYCLER\S-1-5-21-1645522239-484061587-839522115-1006\Dc437\54.wpl

C:\RECYCLER\S-1-5-21-1645522239-484061587-839522115-1006\Dc437\Bra Musikk.wpl

C:\RECYCLER\S-1-5-21-1645522239-484061587-839522115-1006\Dc437\cnzxklcn lkds[ nfoøidarc pmeow9uria.wpl

C:\RECYCLER\S-1-5-21-1645522239-484061587-839522115-1006\Dc437\Gaute Ormåsen.wpl

C:\RECYCLER\S-1-5-21-1645522239-484061587-839522115-1006\Dc437\Goflon Band.wpl

C:\RECYCLER\S-1-5-21-1645522239-484061587-839522115-1006\Dc437\Idol.wpl

C:\RECYCLER\S-1-5-21-1645522239-484061587-839522115-1006\Dc437\Lillians mix.wpl

C:\RECYCLER\S-1-5-21-1645522239-484061587-839522115-1006\Dc437\Limewire.wpl

C:\RECYCLER\S-1-5-21-1645522239-484061587-839522115-1006\Dc437\Limewire2.wpl

C:\RECYCLER\S-1-5-21-1645522239-484061587-839522115-1006\Dc437\musikk(=.wpl

C:\RECYCLER\S-1-5-21-1645522239-484061587-839522115-1006\Dc437\Opptak.wpl

C:\RECYCLER\S-1-5-21-1645522239-484061587-839522115-1006\Dc437\På mp3 (2).wpl

C:\RECYCLER\S-1-5-21-1645522239-484061587-839522115-1006\Dc437\PÅ mp3.wpl

C:\RECYCLER\S-1-5-21-1645522239-484061587-839522115-1006\Dc437\Rock 2005.wpl

C:\RECYCLER\S-1-5-21-1645522239-484061587-839522115-1006\Dc437\Svenne Rubins.wpl

C:\RECYCLER\S-1-5-21-1645522239-484061587-839522115-1006\Dc437\The carburetors.wpl

C:\RECYCLER\S-1-5-21-1645522239-484061587-839522115-1006\Dc437\Til Mariell.wpl

C:\RECYCLER\S-1-5-21-1645522239-484061587-839522115-1006\Dc150\Thumbs.db

C:\RECYCLER\S-1-5-21-1645522239-484061587-839522115-1006\Dc150\Thumbs.db:encryptable 0 bytes hidden from API

C:\RECYCLER\S-1-5-21-1645522239-484061587-839522115-1006\Dc160\Thumbs.db

C:\RECYCLER\S-1-5-21-1645522239-484061587-839522115-1006\Dc160\Thumbs.db:encryptable 0 bytes hidden from API

C:\RECYCLER\S-1-5-21-1645522239-484061587-839522115-1006\Dc165\Thumbs.db

C:\RECYCLER\S-1-5-21-1645522239-484061587-839522115-1006\Dc165\Thumbs.db:encryptable 0 bytes hidden from API

C:\RECYCLER\S-1-5-21-1645522239-484061587-839522115-1006\Dc249\Desktop.ini

C:\RECYCLER\S-1-5-21-1645522239-484061587-839522115-1006\Dc249\Thumbs.db

C:\RECYCLER\S-1-5-21-1645522239-484061587-839522115-1006\Dc249\Thumbs.db:encryptable 0 bytes hidden from API

C:\RECYCLER\S-1-5-21-1645522239-484061587-839522115-1006\Dc256\Fine damer og musikk.wma

C:\RECYCLER\S-1-5-21-1645522239-484061587-839522115-1006\Dc256\Helt normal.wma

C:\RECYCLER\S-1-5-21-1645522239-484061587-839522115-1006\Dc256\Hva skjer.wma

C:\RECYCLER\S-1-5-21-1645522239-484061587-839522115-1006\Dc256\Kjærlighet er mer enn forelskelse.wma

C:\RECYCLER\S-1-5-21-1645522239-484061587-839522115-1006\Dc256\Mammas lille venn.wma

C:\RECYCLER\S-1-5-21-1645522239-484061587-839522115-1006\Dc256\Protein vitamin.wma

C:\RECYCLER\S-1-5-21-1645522239-484061587-839522115-1006\Dc256\Singel.wma

C:\RECYCLER\S-1-5-21-1645522239-484061587-839522115-1006\Dc256\Sommer hele året.wma

C:\RECYCLER\S-1-5-21-1645522239-484061587-839522115-1006\Dc256\Thumbs.db

C:\RECYCLER\S-1-5-21-1645522239-484061587-839522115-1006\Dc256\Thumbs.db:encryptable 0 bytes hidden from API

C:\RECYCLER\S-1-5-21-1645522239-484061587-839522115-1006\Dc256\Usminka sjel.wma

C:\RECYCLER\S-1-5-21-1645522239-484061587-839522115-1006\Dc256\Utpå bygda.wma

C:\RECYCLER\S-1-5-21-1645522239-484061587-839522115-1006\Dc257\Hallelujah.wma

C:\RECYCLER\S-1-5-21-1645522239-484061587-839522115-1006\Dc257\miss a thing.wma

C:\RECYCLER\S-1-5-21-1645522239-484061587-839522115-1006\Dc257\REC01.wav

C:\RECYCLER\S-1-5-21-1645522239-484061587-839522115-1006\Dc257\REC02.wav

C:\RECYCLER\S-1-5-21-1645522239-484061587-839522115-1006\Dc257\REC03.wav

C:\RECYCLER\S-1-5-21-1645522239-484061587-839522115-1006\Dc257\REC04.wav

C:\RECYCLER\S-1-5-21-1645522239-484061587-839522115-1006\Dc258\Thumbs.db

C:\RECYCLER\S-1-5-21-1645522239-484061587-839522115-1006\Dc258\Thumbs.db:encryptable 0 bytes hidden from API

C:\RECYCLER\S-1-5-21-1645522239-484061587-839522115-1006\Dc259\Med mp3

C:\RECYCLER\S-1-5-21-1645522239-484061587-839522115-1006\Dc259\Med mp3\Bjørn.wav

C:\RECYCLER\S-1-5-21-1645522239-484061587-839522115-1006\Dc259\Med mp3\Bjørn2.wav

C:\RECYCLER\S-1-5-21-1645522239-484061587-839522115-1006\Dc259\Med mp3\Brannmann Sam.wav

C:\RECYCLER\S-1-5-21-1645522239-484061587-839522115-1006\Dc259\Med mp3\Fra Grease.wav

C:\RECYCLER\S-1-5-21-1645522239-484061587-839522115-1006\Dc259\Med mp3\Svein Krogstad.wav

C:\RECYCLER\S-1-5-21-1645522239-484061587-839522115-1006\Dc259\Med mp3\Ørjan 3.3.06.wav

C:\RECYCLER\S-1-5-21-1645522239-484061587-839522115-1006\Dc259\Thumbs.db

C:\RECYCLER\S-1-5-21-1645522239-484061587-839522115-1006\Dc259\Thumbs.db:encryptable 0 bytes hidden from API

C:\RECYCLER\S-1-5-21-1645522239-484061587-839522115-1006\Dc296\10B.jpg

C:\RECYCLER\S-1-5-21-1645522239-484061587-839522115-1006\Dc296\Gjengen med sine kjære;).JPG

C:\RECYCLER\S-1-5-21-1645522239-484061587-839522115-1006\Dc296\Gjengen.JPG

C:\RECYCLER\S-1-5-21-1645522239-484061587-839522115-1006\Dc296\Halve 10B.JPG

C:\RECYCLER\S-1-5-21-1645522239-484061587-839522115-1006\Dc296\Ida Oline og meg.JPG

C:\RECYCLER\S-1-5-21-1645522239-484061587-839522115-1006\Dc296\Ida Oline på jakt.JPG

C:\RECYCLER\S-1-5-21-1645522239-484061587-839522115-1006\Dc296\Ida Oline tenker på sin kjære=).JPG

C:\RECYCLER\S-1-5-21-1645522239-484061587-839522115-1006\Dc296\Ida Oline.JPG

C:\RECYCLER\S-1-5-21-1645522239-484061587-839522115-1006\Dc296\Ida Oline2.JPG

C:\RECYCLER\S-1-5-21-1645522239-484061587-839522115-1006\Dc296\Ida Olinee3.JPG

C:\RECYCLER\S-1-5-21-1645522239-484061587-839522115-1006\Dc296\Konfirmasjon.jpg

C:\RECYCLER\S-1-5-21-1645522239-484061587-839522115-1006\Dc296\Konfirmasjon2.JPG

C:\RECYCLER\S-1-5-21-1645522239-484061587-839522115-1006\Dc296\Konfirmasjon3.jpg

C:\RECYCLER\S-1-5-21-1645522239-484061587-839522115-1006\Dc296\Kristoffer.JPG

C:\RECYCLER\S-1-5-21-1645522239-484061587-839522115-1006\Dc296\Maiken og Ida Oline.JPG

C:\RECYCLER\S-1-5-21-1645522239-484061587-839522115-1006\Dc296\Meg & Ida Oline.JPG

C:\RECYCLER\S-1-5-21-1645522239-484061587-839522115-1006\Dc296\Oss to=).JPG

C:\RECYCLER\S-1-5-21-1645522239-484061587-839522115-1006\Dc296\På Kjølen.JPG

C:\RECYCLER\S-1-5-21-1645522239-484061587-839522115-1006\Dc296\Robin syng.jpg

C:\RECYCLER\S-1-5-21-1645522239-484061587-839522115-1006\Dc296\Silje og Silje=).JPG

C:\RECYCLER\S-1-5-21-1645522239-484061587-839522115-1006\Dc296\Silje.JPG

C:\RECYCLER\S-1-5-21-1645522239-484061587-839522115-1006\Dc296\Silje2.JPG

C:\RECYCLER\S-1-5-21-1645522239-484061587-839522115-1006\Dc296\Thumbs.db

C:\RECYCLER\S-1-5-21-1645522239-484061587-839522115-1006\Dc296\Thumbs.db:encryptable 0 bytes hidden from API

C:\RECYCLER\S-1-5-21-1645522239-484061587-839522115-1006\Dc298\Elvis.jpg

C:\RECYCLER\S-1-5-21-1645522239-484061587-839522115-1006\Dc298\Jonna og Ole Runar.jpg

C:\RECYCLER\S-1-5-21-1645522239-484061587-839522115-1006\Dc298\Nickolas.JPG

C:\RECYCLER\S-1-5-21-1645522239-484061587-839522115-1006\Dc298\Ole Runar og Sigurd.jpg

C:\RECYCLER\S-1-5-21-1645522239-484061587-839522115-1006\Dc298\Sigurd.jpg

C:\RECYCLER\S-1-5-21-1645522239-484061587-839522115-1006\Dc298\Thumbs.db

C:\RECYCLER\S-1-5-21-1645522239-484061587-839522115-1006\Dc298\Thumbs.db:encryptable 0 bytes hidden from API

C:\RECYCLER\S-1-5-21-1645522239-484061587-839522115-1006\Dc330\Thumbs.db

C:\RECYCLER\S-1-5-21-1645522239-484061587-839522115-1006\Dc330\Thumbs.db:encryptable 0 bytes hidden from API

C:\RECYCLER\S-1-5-21-1645522239-484061587-839522115-1006\Dc335\Thumbs.db

C:\RECYCLER\S-1-5-21-1645522239-484061587-839522115-1006\Dc335\Thumbs.db:encryptable 0 bytes hidden from API

C:\RECYCLER\S-1-5-21-1645522239-484061587-839522115-1006\Dc435\Thumbs.db

C:\RECYCLER\S-1-5-21-1645522239-484061587-839522115-1006\Dc435\Thumbs.db:encryptable 0 bytes hidden from API

scan completed successfully

hidden processes: 0

hidden services: 0

hidden files: 102

Har jeg noe ufine ting? :thumbdown:

Og hvordan fjerner jeg hvis jeg har? :dontgetit:

Endret 2. mai 2007 av trysilgutt

Znoken · 29. april 2007

WOW.... :dribble: Der var det endel og ta tak i ser jeg...Midt beste forslag akkurat er og gå på denne siden og følge guiden som er satt opp der....Når det er gjort så legger du ut en ny logg....

Etnies · 29. april 2007

WOW.... Der var det endel og ta tak i ser jeg...Midt beste forslag akkurat er og gå på denne siden og følge guiden som er satt opp der....Når det er gjort så legger du ut en ny logg....

8499132[/snapback]

Legge til en SAS-Logg?

Edit: Nå skjønte jeg

Endret 29. april 2007 av trysilgutt

Etnies · 29. april 2007