norbat Skrevet 17. januar 2008 Del Skrevet 17. januar 2008 Fint å høre Du bør nullstille gjenopprettingsmappa slik at du ikke blir infisert ved en evt. systemgjenoppretting. Kontrollpanel->system->systemgjenoppretting . Sett merke framfor "Slå av Systemgjenopprettingen .....", restart pc, fjern merket igjen for å aktivere funksjonen. Lenke til kommentar
kremt Skrevet 18. januar 2008 Forfatter Del Skrevet 18. januar 2008 Jeg har alltid systemgjenoppretting avslått på alle mine maskiner. Da trenger jeg vel ikke å gjøre det som du sa? Lenke til kommentar
norbat Skrevet 18. januar 2008 Del Skrevet 18. januar 2008 Nei, det trenger du ikke (eller, det kan du ikke ) Lenke til kommentar
kremt Skrevet 17. mai 2008 Forfatter Del Skrevet 17. mai 2008 ARRRG, jeg blir så sint på den personen som bruker denne PC-en. Han, min far, har tydeligvis trykket på all dritten som ødelegger maskin som fins der ute. PCPrivacy Tool skaper trøbbel, har tatt det vekk men er fortsatt trøblete. Kommer stadig opp spørsmål om ting som skal lastes ned, helt ukjente ting. Jeg vil få vekk dette, samtidig vil jeg fjerne IE6, FOR GODT! Legger ved en HJT logg, så kan kanskje en av dere snille hjelpsomme der ute guide meg på vei? Klikk for å se/fjerne innholdet nedenfor Logfile of Trend Micro HijackThis v2.0.2Scan saved at 10:57:18, on 18.05.2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Programfiler\Fellesfiler\Autodata Limited Shared\Service\ADCDLicSvc.exe C:\Programfiler\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\wuauclt.exe C:\z_Drivers\svchost.exe C:\z_Drivers\svchost.exe C:\WINDOWS\TEMP\ms-1.exe C:\z_Drivers\svchost.exe C:\z_Drivers\svchost.exe C:\z_Drivers\svchost.exe C:\z_Drivers\svchost.exe C:\z_Drivers\svchost.exe C:\z_Drivers\svchost.exe C:\Documents and Settings\Martin\Skrivebord\HJT\HiJackThis.exe C:\z_Drivers\svchost.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll O4 - HKLM\..\Run: [salestart(1)] "C:\Programfiler\Fellesfiler\PCPrivacyTool\stm.exe" dm=http://pcprivacytool.com ad=http://pcprivacytool.com sd=http://ilp.pcprivacytool.com O4 - HKCU\..\Run: [CDriver] c:\z_Drivers\svchost.exe O4 - HKCU\..\Run: [DDriver] c:\z_Drivers\svchost.exe O4 - HKCU\..\Run: [alpha] c:\z_Drivers\svchost.exe O4 - HKCU\..\Run: [beta] c:\z_Drivers\svchost.exe O4 - HKCU\..\Run: [gamma] c:\z_Drivers\svchost.exe O4 - HKLM\..\Policies\Explorer\Run: [CDriver] c:\z_Drivers\svchost.exe O4 - HKLM\..\Policies\Explorer\Run: [DDriver] c:\z_Drivers\svchost.exe O4 - HKLM\..\Policies\Explorer\Run: [alpha] c:\z_Drivers\svchost.exe O4 - HKLM\..\Policies\Explorer\Run: [beta] c:\z_Drivers\svchost.exe O4 - HKLM\..\Policies\Explorer\Run: [gamma] c:\z_Drivers\svchost.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETTVERKSTJENESTE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\Run: [systemDriverLoad] (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\Run: [systemDriver] (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\Run: [FDriver] (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\Run: [ADriver] (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\Run: [CDriver] c:\z_Drivers\svchost.exe (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\Run: [DDriver] c:\z_Drivers\svchost.exe (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\Run: [alpha] c:\z_Drivers\svchost.exe (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\Run: [beta] c:\z_Drivers\svchost.exe (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\Run: [gamma] c:\z_Drivers\svchost.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O23 - Service: Autodata Limited License Service - Autodata Limited - C:\Programfiler\Fellesfiler\Autodata Limited Shared\Service\ADCDLicSvc.exe O23 - Service: MS Software Shadow Download Provider (dnlsvc) - Unknown owner - C:\DOCUME~1\Martin\LOKALE~1\Temp\dnlsvc.exe -- End of file - 3987 bytes Lenke til kommentar
norbat Skrevet 17. mai 2008 Del Skrevet 17. mai 2008 Kjør gjennom langversjonen i følgende post: https://www.diskusjon.no/index.php?showtopic=691246 Loggene det spørres etter, poste du her i din egen tråd. Lenke til kommentar
kremt Skrevet 17. mai 2008 Forfatter Del Skrevet 17. mai 2008 Here you go. Klikk for å se/fjerne innholdet nedenfor ComboFix 08-05-15.3 - Martin 2008-05-17 12:54:58.2 - NTFSx86Microsoft Windows XP Professional 5.1.2600.2.1252.1.1044.18.291 [GMT 2:00] Running from: C:\Documents and Settings\Martin\Skrivebord\ComboFix.exe * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\All Users\Programdata\PCPrivacyTool C:\Documents and Settings\All Users\Programdata\PCPrivacyTool\Abbr C:\Documents and Settings\All Users\Programdata\PCPrivacyTool\prod_code C:\Documents and Settings\Martin\err.log C:\Documents and Settings\Martin\ResErrors.log C:\WINDOWS\system32\stera.log . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_FOPN ((((((((((((((((((((((((( Files Created from 2008-04-17 to 2008-05-17 ))))))))))))))))))))))))))))))) . 2008-05-18 10:35 . 2008-05-18 10:35 0 --ah----- C:\WINDOWS\system32\config\systemprofile\ntuser.dat.LOG 2008-05-17 23:20 . 2008-05-17 23:21 <DIR> d--h----- C:\WINDOWS\$hf_mig$ 2008-05-17 23:20 . 2005-02-25 05:36 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe 2008-05-17 12:13 . 2008-05-17 12:54 <DIR> d-------- C:\Programfiler\SUPERAntiSpyware 2008-05-17 12:13 . 2008-05-17 12:13 <DIR> d-------- C:\Programfiler\Fellesfiler\Wise Installation Wizard 2008-05-17 12:13 . 2008-05-17 12:13 <DIR> d-------- C:\Documents and Settings\Martin\Programdata\SUPERAntiSpyware.com 2008-05-17 12:13 . 2008-05-17 12:13 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\SUPERAntiSpyware.com 2008-05-17 12:12 . 2008-05-17 12:12 <DIR> dr-h----- C:\Documents and Settings\Martin\Siste 2008-05-17 12:10 . 2008-05-17 12:10 <DIR> d-------- C:\Programfiler\CCleaner 2008-05-11 00:34 . 2001-03-08 18:30 24,064 --a------ C:\WINDOWS\system32\msxml3a.dll 2008-05-10 02:46 . 2008-05-10 02:46 <DIR> d---s---- C:\Documents and Settings\LocalService\UserData . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-05-18 08:36 --------- d-----w C:\Programfiler\Yahoo! 2008-05-18 08:35 --------- d-----w C:\Programfiler\Windows Live Toolbar 2008-05-12 09:57 --------- d-----w C:\Documents and Settings\Martin\Programdata\AdobeUM . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SUPERAntiSpyware"="C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-02-29 16:03 1481968] "DriverLoad"="" [] "DriverCheck"="" [] "SystemDriverLoad"="" [] "SystemDriver"="" [] "FDriver"="" [] "ADriver"="" [] "CDriver"="c:\z_Drivers\svchost.exe" [ ] "DDriver"="c:\z_Drivers\svchost.exe" [ ] "alpha"="c:\z_Drivers\svchost.exe" [ ] "beta"="c:\z_Drivers\svchost.exe" [ ] "gamma"="c:\z_Drivers\svchost.exe" [ ] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 02:03 15360] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Programfiler\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 12:41 294912 C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start-meny^Programmer^Oppstart^Adobe Reader Speed Launch.lnk] path=C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\Adobe Reader Speed Launch.lnk backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start-meny^Programmer^Oppstart^Microsoft Office.lnk] path=C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\Microsoft Office.lnk backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup C:\Programfiler\PCPrivacyTool\GDC.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader] --a------ 2005-06-06 23:46 57344 C:\Programfiler\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ADriver] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\alpha] c:\z_Drivers\svchost.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\beta] c:\z_Drivers\svchost.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CDriver] c:\z_Drivers\svchost.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DDriver] c:\z_Drivers\svchost.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DriverCheck] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DriverLoad] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FDriver] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\gamma] c:\z_Drivers\svchost.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon] --a------ 2004-10-29 16:50 4620288 C:\WINDOWS\system32\NvCpl.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter] --a------ 2004-10-29 16:50 86016 C:\WINDOWS\system32\NvMcTray.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVMixerTray] --a------ 2004-06-03 20:51 131072 C:\Programfiler\NVIDIA Corporation\NvMixer\NVMixerTray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Salestart] C:\Programfiler\Fellesfiler\WinAntiVirus Pro 2007\mav_startupmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] --a------ 2007-09-25 02:11 132496 C:\Programfiler\Java\jre1.6.0_03\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SystemDriver] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SystemDriverLoad] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr] -ra------ 2006-03-30 17:45 313472 C:\Programfiler\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 "AntiVirusOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "C:\\Programfiler\\MSN Messenger\\msnmsgr.exe"= R0 stwlfbus;stwlfbus;C:\WINDOWS\system32\DRIVERS\stwlfbus.sys [2003-04-27 13:39] R3 st3wolf;st3wolf;C:\WINDOWS\system32\DRIVERS\st3wolf.sys [2003-04-27 12:43] *Newly Created Service* - SASDIFSV . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-05-17 12:57:41 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . ------------------------ Other Running Processes ------------------------ . C:\Programfiler\Fellesfiler\Autodata Limited Shared\Service\ADCDLicSvc.exe C:\WINDOWS\system32\wdfmgr.exe . ************************************************************************** . Completion time: 2008-05-17 12:58:29 - machine was rebooted ComboFix-quarantined-files.txt 2008-05-17 10:58:26 ComboFix2.txt 2008-01-18 20:20:02 Pre-Run: 5,397,409,792 byte ledig Post-Run: 5,489,111,040 byte ledig 133 --- E O F --- 2008-05-18 08:34:20 SUPERAntiSpyware Scan Log http://www.superantispyware.com Generated 05/17/2008 at 12:45 PM Application Version : 4.0.1154 Core Rules Database Version : 3463 Trace Rules Database Version: 1454 Scan type : Complete Scan Total Scan Time : 00:29:38 Memory items scanned : 265 Memory threats detected : 3 Registry items scanned : 3955 Registry threats detected : 149 File items scanned : 10104 File threats detected : 261 Trojan.DnlSvc C:\DOCUME~1\MARTIN\LOKALE~1\TEMP\DNLSVC.EXE C:\DOCUME~1\MARTIN\LOKALE~1\TEMP\DNLSVC.EXE C:\DOCUMENTS AND SETTINGS\MARTIN\LOKALE INNSTILLINGER\TEMP\DNLSVC.EXE C:\WINDOWS\Prefetch\DNLSVC.EXE-10AEA86E.pf Trojan.Downloader-SVCHost/Fake C:\Z_DRIVERS\SVCHOST.EXE C:\Z_DRIVERS\SVCHOST.EXE [CDriver] C:\Z_DRIVERS\SVCHOST.EXE [DDriver] C:\Z_DRIVERS\SVCHOST.EXE [alpha] C:\Z_DRIVERS\SVCHOST.EXE [beta] C:\Z_DRIVERS\SVCHOST.EXE [gamma] C:\Z_DRIVERS\SVCHOST.EXE [CDriver] C:\Z_DRIVERS\SVCHOST.EXE [DDriver] C:\Z_DRIVERS\SVCHOST.EXE [alpha] C:\Z_DRIVERS\SVCHOST.EXE [beta] C:\Z_DRIVERS\SVCHOST.EXE [gamma] C:\Z_DRIVERS\SVCHOST.EXE [CDriver] C:\Z_DRIVERS\SVCHOST.EXE [DDriver] C:\Z_DRIVERS\SVCHOST.EXE [alpha] C:\Z_DRIVERS\SVCHOST.EXE [beta] C:\Z_DRIVERS\SVCHOST.EXE [gamma] C:\Z_DRIVERS\SVCHOST.EXE [CDriver] C:\Z_DRIVERS\SVCHOST.EXE [DDriver] C:\Z_DRIVERS\SVCHOST.EXE [alpha] C:\Z_DRIVERS\SVCHOST.EXE [beta] C:\Z_DRIVERS\SVCHOST.EXE [gamma] C:\Z_DRIVERS\SVCHOST.EXE C:\WINDOWS\Prefetch\SVCHOST.EXE-35C42B9E.pf Trojan.Downloader-Gen/Searcher C:\WINDOWS\TEMP\MS-1.EXE C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\LOKALE INNSTILLINGER\TEMPORARY INTERNET FILES\CONTENT.IE5\8E5M5HU5\GO[1].EXE C:\WINDOWS\TEMP\MS-1.EXE Trojan.MSDirect HKLM\System\ControlSet002\Services\msdirect C:\WINDOWS\SYSTEM32\MSDIRECT.SYS HKLM\System\ControlSet002\Enum\Root\LEGACY_msdirect HKLM\System\ControlSet003\Services\msdirect HKLM\System\ControlSet003\Enum\Root\LEGACY_msdirect HKLM\System\CurrentControlSet\Services\msdirect HKLM\System\CurrentControlSet\Enum\Root\LEGACY_msdirect HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_DNLSVC HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_DNLSVC#NextInstance HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_DNLSVC�00 HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_DNLSVC�00#Service HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_DNLSVC�00#Legacy HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_DNLSVC�00#ConfigFlags HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_DNLSVC�00#Class HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_DNLSVC�00#ClassGUID HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_DNLSVC�00#DeviceDesc HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_DNLSVC�00\Control HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_DNLSVC�00\Control#ActiveService HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MSDIRECT#NextInstance HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MSDIRECT�00 HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MSDIRECT�00#Service HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MSDIRECT�00#Legacy HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MSDIRECT�00#ConfigFlags HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MSDIRECT�00#Class HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MSDIRECT�00#ClassGUID HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MSDIRECT�00#DeviceDesc HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MSDIRECT�00#Capabilities HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MSDIRECT�00\Control HKLM\SYSTEM\CurrentControlSet\Services\dnlsvc HKLM\SYSTEM\CurrentControlSet\Services\dnlsvc#Type HKLM\SYSTEM\CurrentControlSet\Services\dnlsvc#Start HKLM\SYSTEM\CurrentControlSet\Services\dnlsvc#ErrorControl HKLM\SYSTEM\CurrentControlSet\Services\dnlsvc#ImagePath HKLM\SYSTEM\CurrentControlSet\Services\dnlsvc#DisplayName HKLM\SYSTEM\CurrentControlSet\Services\dnlsvc#ObjectName HKLM\SYSTEM\CurrentControlSet\Services\dnlsvc\Security HKLM\SYSTEM\CurrentControlSet\Services\dnlsvc\Security#Security HKLM\SYSTEM\CurrentControlSet\Services\dnlsvc\Enum HKLM\SYSTEM\CurrentControlSet\Services\dnlsvc\Enum#0 HKLM\SYSTEM\CurrentControlSet\Services\dnlsvc\Enum#Count HKLM\SYSTEM\CurrentControlSet\Services\dnlsvc\Enum#NextInstance HKLM\SYSTEM\CurrentControlSet\Services\msdirect#Type HKLM\SYSTEM\CurrentControlSet\Services\msdirect#Start HKLM\SYSTEM\CurrentControlSet\Services\msdirect#ErrorControl HKLM\SYSTEM\CurrentControlSet\Services\msdirect#ImagePath HKLM\SYSTEM\CurrentControlSet\Services\msdirect#DisplayName HKLM\SYSTEM\CurrentControlSet\Services\msdirect\Security HKLM\SYSTEM\CurrentControlSet\Services\msdirect\Security#Security HKLM\SYSTEM\CurrentControlSet\Services\msdirect\Enum HKLM\SYSTEM\CurrentControlSet\Services\msdirect\Enum#0 HKLM\SYSTEM\CurrentControlSet\Services\msdirect\Enum#Count HKLM\SYSTEM\CurrentControlSet\Services\msdirect\Enum#NextInstance HKLM\SYSTEM\CurrentControlSet\Services\msdirect\Enum#INITSTARTFAILED C:\SYSTEM VOLUME INFORMATION\_RESTORE{9333D6CF-F121-4692-A62D-76CA6E977973}\RP1\A0001004.SYS C:\SYSTEM VOLUME INFORMATION\_RESTORE{9333D6CF-F121-4692-A62D-76CA6E977973}\RP2\A0001014.SYS Adware.Tracking Cookie C:\Documents and Settings\Martin\Cookies\martin@yourbdsm[1].txt C:\Documents and Settings\Martin\Cookies\[email protected][1].txt C:\Documents and Settings\Martin\Cookies\martin@fuckanalvids[2].txt C:\Documents and Settings\Martin\Cookies\martin@hornyjo[1].txt C:\Documents and Settings\Martin\Cookies\martin@amateursex[2].txt C:\Documents and Settings\Martin\Cookies\martin@trafficroup[2].txt C:\Documents and Settings\Martin\Cookies\[email protected][1].txt C:\Documents and Settings\Martin\Cookies\[email protected][1].txt C:\Documents and Settings\Martin\Cookies\martin@sextracker[1].txt C:\Documents and Settings\Martin\Cookies\martin@statcounter[1].txt C:\Documents and Settings\Martin\Cookies\martin@xxxcounter[1].txt C:\Documents and Settings\Martin\Cookies\martin@sexlist[1].txt C:\Documents and Settings\Martin\Cookies\[email protected][1].txt C:\Documents and Settings\Martin\Cookies\martin@st[6].txt C:\Documents and Settings\Martin\Cookies\[email protected][1].txt C:\Documents and Settings\Martin\Cookies\[email protected][1].txt C:\Documents and Settings\Martin\Cookies\[email protected][1].txt C:\Documents and Settings\Martin\Cookies\[email protected][1].txt C:\Documents and Settings\Martin\Cookies\[email protected][1].txt C:\Documents and Settings\Martin\Cookies\martin@chokertraffic[2].txt C:\Documents and Settings\Martin\Cookies\martin@ltraffic[1].txt C:\Documents and Settings\Martin\Cookies\[email protected][1].txt C:\Documents and Settings\Martin\Cookies\[email protected][1].txt C:\Documents and Settings\Martin\Cookies\martin@yadro[1].txt C:\Documents and Settings\Martin\Cookies\martin@got-fucked[1].txt C:\Documents and Settings\Martin\Cookies\[email protected][1].txt C:\Documents and Settings\Martin\Cookies\martin@st[2].txt C:\Documents and Settings\Martin\Cookies\[email protected][2].txt C:\Documents and Settings\Martin\Cookies\martin@adbrite[2].txt C:\Documents and Settings\Martin\Cookies\martin@dtr[6].txt C:\Documents and Settings\Martin\Cookies\[email protected][1].txt C:\Documents and Settings\Martin\Cookies\martin@energy-traffic[2].txt C:\Documents and Settings\Martin\Cookies\[email protected][1].txt C:\Documents and Settings\LocalService\Cookies\[email protected][1].txt C:\Documents and Settings\LocalService\Cookies\[email protected][1].txt C:\Documents and Settings\LocalService\Cookies\[email protected][1].txt C:\Documents and Settings\LocalService\Cookies\system@countermediagroup[2].txt C:\Documents and Settings\LocalService\Cookies\[email protected][1].txt C:\Documents and Settings\LocalService\Cookies\system@bdsma[2].txt C:\Documents and Settings\LocalService\Cookies\[email protected][2].txt C:\Documents and Settings\LocalService\Cookies\system@sexideffki[2].txt C:\Documents and Settings\LocalService\Cookies\system@toplist[1].txt C:\Documents and Settings\LocalService\Cookies\system@lucky-traffic[2].txt C:\Documents and Settings\LocalService\Cookies\system@stats[2].txt C:\Documents and Settings\LocalService\Cookies\system@stats[1].txt C:\Documents and Settings\LocalService\Cookies\system@stats[3].txt C:\Documents and Settings\LocalService\Cookies\system@wegcash[2].txt C:\Documents and Settings\LocalService\Cookies\system@paycounter[2].txt C:\Documents and Settings\LocalService\Cookies\system@adultfriendfinder[1].txt C:\Documents and Settings\LocalService\Cookies\system@youadults[1].txt C:\Documents and Settings\LocalService\Cookies\[email protected][2].txt C:\Documents and Settings\LocalService\Cookies\system@kissableteens[2].txt C:\Documents and Settings\LocalService\Cookies\system@my18teens[1].txt C:\Documents and Settings\LocalService\Cookies\system@statcounter[2].txt C:\Documents and Settings\LocalService\Cookies\system@sex-inc[2].txt C:\Documents and Settings\LocalService\Cookies\[email protected][1].txt C:\Documents and Settings\LocalService\Cookies\system@adnetserver[1].txt C:\Documents and Settings\LocalService\Cookies\system@teens-porno-movies[2].txt C:\Documents and Settings\LocalService\Cookies\system@teenshardvids[1].txt C:\Documents and Settings\LocalService\Cookies\[email protected][1].txt C:\Documents and Settings\LocalService\Cookies\[email protected][1].txt C:\Documents and Settings\LocalService\Cookies\system@chokertraffic[2].txt C:\Documents and Settings\LocalService\Cookies\system@sexonnet[1].txt C:\Documents and Settings\LocalService\Cookies\system@sexgroomhost[1].txt C:\Documents and Settings\LocalService\Cookies\[email protected][1].txt C:\Documents and Settings\LocalService\Cookies\[email protected][1].txt C:\Documents and Settings\LocalService\Cookies\system@freesex99[1].txt C:\Documents and Settings\LocalService\Cookies\system@yourbdsm[1].txt C:\Documents and Settings\LocalService\Cookies\system@adbrite[2].txt C:\Documents and Settings\LocalService\Cookies\[email protected][2].txt C:\Documents and Settings\LocalService\Cookies\[email protected][1].txt C:\Documents and Settings\LocalService\Cookies\[email protected][1].txt C:\Documents and Settings\LocalService\Cookies\system@fuck-club[2].txt C:\Documents and Settings\LocalService\Cookies\[email protected][1].txt C:\Documents and Settings\LocalService\Cookies\[email protected][1].txt C:\Documents and Settings\LocalService\Cookies\[email protected][1].txt C:\Documents and Settings\LocalService\Cookies\[email protected][1].txt C:\Documents and Settings\LocalService\Cookies\system@teenforlove[2].txt C:\Documents and Settings\LocalService\Cookies\[email protected][1].txt C:\Documents and Settings\LocalService\Cookies\system@hotsexshot[1].txt C:\Documents and Settings\LocalService\Cookies\system@shemaleporncams[2].txt C:\Documents and Settings\LocalService\Cookies\[email protected][2].txt C:\Documents and Settings\LocalService\Cookies\system@pornstarbase[2].txt C:\Documents and Settings\LocalService\Cookies\[email protected][1].txt C:\Documents and Settings\LocalService\Cookies\system@teenlesbianland[2].txt C:\Documents and Settings\LocalService\Cookies\system@jiveteens[1].txt C:\Documents and Settings\LocalService\Cookies\[email protected][1].txt C:\Documents and Settings\LocalService\Cookies\[email protected][1].txt C:\Documents and Settings\LocalService\Cookies\[email protected][1].txt C:\Documents and Settings\LocalService\Cookies\[email protected][2].txt C:\Documents and Settings\LocalService\Cookies\[email protected][1].txt C:\Documents and Settings\LocalService\Cookies\[email protected][1].txt C:\Documents and Settings\LocalService\Cookies\[email protected][1].txt C:\Documents and Settings\LocalService\Cookies\[email protected][2].txt C:\Documents and Settings\LocalService\Cookies\system@hornyblackmothers[2].txt C:\Documents and Settings\LocalService\Cookies\system@xxxvideosclip[1].txt C:\Documents and Settings\LocalService\Cookies\[email protected][1].txt C:\Documents and Settings\LocalService\Cookies\[email protected][1].txt C:\Documents and Settings\LocalService\Cookies\system@pornwebring[2].txt C:\Documents and Settings\LocalService\Cookies\[email protected][1].txt C:\Documents and Settings\LocalService\Cookies\[email protected][2].txt C:\Documents and Settings\LocalService\Cookies\[email protected][1].txt C:\Documents and Settings\LocalService\Cookies\[email protected][2].txt C:\Documents and Settings\LocalService\Cookies\system@yadro[1].txt C:\Documents and Settings\LocalService\Cookies\[email protected][1].txt C:\Documents and Settings\LocalService\Cookies\[email protected][1].txt C:\Documents and Settings\LocalService\Cookies\system@xxxvidsmovies[2].txt C:\Documents and Settings\LocalService\Cookies\[email protected][1].txt C:\Documents and Settings\LocalService\Cookies\[email protected][2].txt C:\Documents and Settings\LocalService\Cookies\[email protected][2].txt C:\Documents and Settings\LocalService\Cookies\[email protected][2].txt C:\Documents and Settings\LocalService\Cookies\[email protected][1].txt C:\Documents and Settings\LocalService\Cookies\system@teenshome[1].txt C:\Documents and Settings\LocalService\Cookies\[email protected][1].txt C:\Documents and Settings\LocalService\Cookies\system@professionalteen[2].txt C:\Documents and Settings\LocalService\Cookies\[email protected][1].txt C:\Documents and Settings\LocalService\Cookies\[email protected][2].txt C:\Documents and Settings\LocalService\Cookies\system@sexlist[2].txt C:\Documents and Settings\LocalService\Cookies\[email protected][1].txt C:\Documents and Settings\LocalService\Cookies\system@xxxvideosworld[1].txt C:\Documents and Settings\LocalService\Cookies\system@teenpix[1].txt C:\Documents and Settings\LocalService\Cookies\[email protected][1].txt C:\Documents and Settings\LocalService\Cookies\system@trafficroup[2].txt C:\Documents and Settings\LocalService\Cookies\system@privatesexshows[1].txt C:\Documents and Settings\LocalService\Cookies\[email protected][1].txt C:\Documents and Settings\LocalService\Cookies\system@porn-a-licious[1].txt C:\Documents and Settings\LocalService\Cookies\system@hotlog[2].txt C:\Documents and Settings\LocalService\Cookies\system@russian-sex-portal[1].txt C:\Documents and Settings\LocalService\Cookies\system@girlsneedsex[1].txt C:\Documents and Settings\LocalService\Cookies\[email protected][1].txt C:\Documents and Settings\LocalService\Cookies\[email protected][2].txt C:\Documents and Settings\LocalService\Cookies\[email protected][1].txt C:\Documents and Settings\LocalService\Cookies\[email protected][1].txt C:\Documents and Settings\LocalService\Cookies\[email protected][2].txt C:\Documents and Settings\LocalService\Cookies\system@bdsmsitez[1].txt C:\Documents and Settings\LocalService\Cookies\system@teen-video-galleries[1].txt C:\Documents and Settings\LocalService\Cookies\[email protected][1].txt C:\Documents and Settings\LocalService\Cookies\[email protected][1].txt C:\Documents and Settings\LocalService\Cookies\[email protected][1].txt C:\Documents and Settings\LocalService\Cookies\system@sextracker[2].txt C:\Documents and Settings\LocalService\Cookies\[email protected][1].txt C:\Documents and Settings\LocalService\Cookies\[email protected][1].txt C:\Documents and Settings\LocalService\Cookies\[email protected][1].txt C:\Documents and Settings\LocalService\Cookies\system@21sexturycash[2].txt C:\Documents and Settings\LocalService\Cookies\[email protected][1].txt C:\Documents and Settings\LocalService\Cookies\[email protected][1].txt C:\Documents and Settings\LocalService\Cookies\system@fuckingdungeon[1].txt C:\Documents and Settings\LocalService\Cookies\system@energy-traffic[2].txt C:\Documents and Settings\LocalService\Cookies\system@xxxcounter[1].txt C:\Documents and Settings\LocalService\Cookies\[email protected][1].txt C:\Documents and Settings\LocalService\Cookies\[email protected][1].txt C:\Documents and Settings\LocalService\Cookies\[email protected][1].txt C:\Documents and Settings\Martin\Cookies\[email protected][2].txt C:\Documents and Settings\Martin\Cookies\martin@toplist[1].txt C:\Documents and Settings\Martin\Cookies\[email protected][1].txt C:\Documents and Settings\Martin\Cookies\martin@adultfriendfinder[1].txt C:\Documents and Settings\Martin\Cookies\[email protected][2].txt C:\Documents and Settings\Martin\Cookies\martin@trafficroup[1].txt C:\Documents and Settings\Martin\Cookies\martin@adultrevenueservice[1].txt C:\Documents and Settings\Martin\Cookies\[email protected][1].txt C:\Documents and Settings\Martin\Cookies\martin@blackhornymamas[1].txt C:\Documents and Settings\Martin\Cookies\martin@energy-traffic[1].txt Trojan.WinAntiSpyware/WinAntiVirus 2006/2007 HKU\S-1-5-21-842925246-1303643608-725345543-1003\Software\WinAntiVirus Pro 2007 C:\WINDOWS\system32\stera.job C:\Documents and Settings\Martin\Programdata\WinAntiVirus Pro 2007\avtasks.dat C:\Documents and Settings\Martin\Programdata\WinAntiVirus Pro 2007\history.db C:\Documents and Settings\Martin\Programdata\WinAntiVirus Pro 2007\Logs\update.log C:\Documents and Settings\Martin\Programdata\WinAntiVirus Pro 2007\Logs\wa7Support.log C:\Documents and Settings\Martin\Programdata\WinAntiVirus Pro 2007\Logs\winav.log C:\Documents and Settings\Martin\Programdata\WinAntiVirus Pro 2007\Logs C:\Documents and Settings\Martin\Programdata\WinAntiVirus Pro 2007\PGE.dat C:\Documents and Settings\Martin\Programdata\WinAntiVirus Pro 2007 C:\UWA7P\Quar C:\WINDOWS\..\UWA7P Trojan.Unknown Origin c:\z_Drivers C:\WINDOWS\..\z_Drivers Trojan.SystemDriver HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run#DriverLoad HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run#DriverCheck HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run#SystemDriverLoad HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run#Winhost HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run#Winhost1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run#Winhost2 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run#Winhost3 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run#Winhost4 HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run#DriverLoad HKU\S-1-5-21-842925246-1303643608-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Run#DriverLoad HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run#DriverLoad HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run#DriverCheck HKU\S-1-5-21-842925246-1303643608-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Run#DriverCheck HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run#DriverCheck HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run#SystemDriverLoad HKU\S-1-5-21-842925246-1303643608-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Run#SystemDriverLoad HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run#SystemDriverLoad HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run#SystemDriver HKU\S-1-5-21-842925246-1303643608-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Run#SystemDriver HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run#SystemDriver HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run#FDriver HKU\S-1-5-21-842925246-1303643608-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Run#FDriver HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run#FDriver HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run#ADriver HKU\S-1-5-21-842925246-1303643608-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Run#ADriver HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run#ADriver HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run#CDriver [ c:\z_Drivers\svchost.exe ] HKU\S-1-5-21-842925246-1303643608-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Run#CDriver [ c:\z_Drivers\svchost.exe ] HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run#CDriver [ c:\z_Drivers\svchost.exe ] HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run#DDriver [ c:\z_Drivers\svchost.exe ] HKU\S-1-5-21-842925246-1303643608-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Run#DDriver [ c:\z_Drivers\svchost.exe ] HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run#DDriver [ c:\z_Drivers\svchost.exe ] HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run#alpha [ c:\z_Drivers\svchost.exe ] HKU\S-1-5-21-842925246-1303643608-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Run#alpha [ c:\z_Drivers\svchost.exe ] HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run#alpha [ c:\z_Drivers\svchost.exe ] HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run#beta [ c:\z_Drivers\svchost.exe ] HKU\S-1-5-21-842925246-1303643608-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Run#beta [ c:\z_Drivers\svchost.exe ] HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run#beta [ c:\z_Drivers\svchost.exe ] HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run#gamma [ c:\z_Drivers\svchost.exe ] HKU\S-1-5-21-842925246-1303643608-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Run#gamma [ c:\z_Drivers\svchost.exe ] HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run#gamma [ c:\z_Drivers\svchost.exe ] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run#ADriver HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run#CDriver [ c:\z_Drivers\svchost.exe ] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run#DDriver [ c:\z_Drivers\svchost.exe ] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run#FDriver HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run#SystemDriver HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run#alpha [ c:\z_Drivers\svchost.exe ] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run#beta [ c:\z_Drivers\svchost.exe ] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run#gamma [ c:\z_Drivers\svchost.exe ] Trojan.ErrorSafe HKCR\ESSPChck.ESSPChck HKCR\ESSPChck.ESSPChck\CLSID HKCR\ESSPChck.ESSPChck\CurVer HKCR\ESSPChck.ESSPChck.1 HKCR\ESSPChck.ESSPChck.1\CLSID HKCR\clsid\{647b8364-79e0-48e2-a4ca-233abada0c2d} HKCR\clsid\{647b8364-79e0-48e2-a4ca-233abada0c2d}\Implemented Categories HKCR\clsid\{647b8364-79e0-48e2-a4ca-233abada0c2d}\Implemented Categories\{7DD95801-9882-11CF-9FA9-00AA006C42C4} HKCR\clsid\{647b8364-79e0-48e2-a4ca-233abada0c2d}\Implemented Categories\{7DD95802-9882-11CF-9FA9-00AA006C42C4} HKCR\clsid\{647b8364-79e0-48e2-a4ca-233abada0c2d}\InprocServer32 HKCR\clsid\{647b8364-79e0-48e2-a4ca-233abada0c2d}\InprocServer32#ThreadingModel HKCR\clsid\{647b8364-79e0-48e2-a4ca-233abada0c2d}\ProgID HKCR\clsid\{647b8364-79e0-48e2-a4ca-233abada0c2d}\Programmable HKCR\clsid\{647b8364-79e0-48e2-a4ca-233abada0c2d}\TypeLib HKCR\clsid\{647b8364-79e0-48e2-a4ca-233abada0c2d}\VersionIndependentProgID HKCR\typelib\{1b197c22-561f-455f-8511-35b1a45c5c9f} HKCR\typelib\{1b197c22-561f-455f-8511-35b1a45c5c9f}\1.0 HKCR\typelib\{1b197c22-561f-455f-8511-35b1a45c5c9f}\1.0 HKCR\typelib\{1b197c22-561f-455f-8511-35b1a45c5c9f}\1.0\win32 HKCR\typelib\{1b197c22-561f-455f-8511-35b1a45c5c9f}\1.0\FLAGS HKCR\typelib\{1b197c22-561f-455f-8511-35b1a45c5c9f}\1.0\HELPDIR Trojan.Media-Codec/V4 HKCR\multimediaControls.chl HKCR\multimediaControls.chl\CLSID Malware.LocusSoftware Inc/PCPrivacyTool HKLM\Software\Purchased Products HKLM\Software\Purchased Products#ProductName HKLM\Software\Purchased Products#CompanyName HKLM\Software\Purchased Products#DomainName C:\Documents and Settings\Martin\Programdata\PCPrivacyTool\Logs\update.log C:\Documents and Settings\Martin\Programdata\PCPrivacyTool\Logs C:\Documents and Settings\Martin\Programdata\PCPrivacyTool Rogue.WindowsSecurityAdviser C:\Programfiler\Microsoft Security Adviser\msavsc.exe C:\Programfiler\Microsoft Security Adviser\msctrl.exe C:\Programfiler\Microsoft Security Adviser\msfw.exe C:\Programfiler\Microsoft Security Adviser\msiemon.exe C:\Programfiler\Microsoft Security Adviser\mssadv.exe C:\Programfiler\Microsoft Security Adviser\msscan.exe C:\Programfiler\Microsoft Security Adviser C:\WINDOWS\Prefetch\MSAVSC.EXE-072195F6.pf C:\WINDOWS\Prefetch\MSCTRL.EXE-175E3F63.pf C:\WINDOWS\Prefetch\MSFW.EXE-19EE8063.pf C:\WINDOWS\Prefetch\MSIEMON.EXE-285DB0A5.pf C:\WINDOWS\Prefetch\MSSADV.EXE-0D66DA34.pf C:\WINDOWS\Prefetch\MSSCAN.EXE-06BA5020.pf Trojan.Downloader-DnlSvc C:XF9.EXE Rogue.WinPCDoctor-Installer C:\DOCUMENTS AND SETTINGS\MARTIN\PROGRAMDATA\INSTALLER_EN[1].EXE C:\WINDOWS\Prefetch\INSTALLER_EN[1].EXE-1BC9E730.pf C:\WINDOWS\Prefetch\INSTALLER_EN[1].EXE-1D8C7147.pf C:\WINDOWS\Prefetch\INSTALLER_EN[1].EXE-35C77D0A.pf Trojan.Unclassified/DwnLdr C:\SVCHOST.EXE C:\SVCHOST2.EXE C:\WINDOWS\Prefetch\SVCHOST.EXE-38A14A50.pf C:\WINDOWS\Prefetch\SVCHOST2.EXE-06754C5C.pf Trojan.Unclassified/MSCTRL C:\WINDOWS\MSAVSC.DLL C:\WINDOWS\MSCTRL.DLL C:\WINDOWS\MSFW.DLL C:\WINDOWS\MSIEMON.DLL C:\WINDOWS\MSSCAN.DLL Trojan.Aff-YourThumbs C:\WINDOWS\MSSADV.DLL Trace.Known Threat Sources C:\Documents and Settings\LocalService\Lokale innstillinger\Temporary Internet Files\Content.IE5\4P360H8M\g_default[1].gif C:\Documents and Settings\LocalService\Lokale innstillinger\Temporary Internet Files\Content.IE5\BFLJZ5CW\go[1].htm C:\Documents and Settings\LocalService\Lokale innstillinger\Temporary Internet Files\Content.IE5\YJAFIXQV\go[1].htm C:\Documents and Settings\LocalService\Lokale innstillinger\Temporary Internet Files\Content.IE5\4P360H8M\v1[1].gif C:\Documents and Settings\LocalService\Lokale innstillinger\Temporary Internet Files\Content.IE5\2B13GB4B\polosa[1].gif C:\Documents and Settings\LocalService\Lokale innstillinger\Temporary Internet Files\Content.IE5\G3NEIEKQ\index[1].jpg C:\Documents and Settings\LocalService\Lokale innstillinger\Temporary Internet Files\Content.IE5\2B13GB4B\protectx[1].gif C:\Documents and Settings\LocalService\Lokale innstillinger\Temporary Internet Files\Content.IE5\BFLJZ5CW\jaynaosobgvid010.wmv[1].jpg C:\Documents and Settings\LocalService\Lokale innstillinger\Temporary Internet Files\Content.IE5\BFLJZ5CW\script[1].js C:\Documents and Settings\LocalService\Lokale innstillinger\Temporary Internet Files\Content.IE5\YJAFIXQV\lc[1].js C:\Documents and Settings\LocalService\Lokale innstillinger\Temporary Internet Files\Content.IE5\8TW9U30D\style[1].css C:\Documents and Settings\LocalService\Lokale innstillinger\Temporary Internet Files\Content.IE5\BFLJZ5CW\alert[1].gif C:\Documents and Settings\LocalService\Lokale innstillinger\Temporary Internet Files\Content.IE5\4DA3G52N\destrub[1].htm C:\Documents and Settings\Martin\Lokale innstillinger\Temporary Internet Files\Content.IE5\C90VWFON\go[1].htm C:\Documents and Settings\Martin\Lokale innstillinger\Temporary Internet Files\Content.IE5\6P16ZMDW\go[1].htm C:\Documents and Settings\Martin\Lokale innstillinger\Temporary Internet Files\Content.IE5\C90VWFON\protectx[1].gif C:\Documents and Settings\Martin\Lokale innstillinger\Temporary Internet Files\Content.IE5\RGU31SLS\g_default[1].gif C:\Documents and Settings\Martin\Lokale innstillinger\Temporary Internet Files\Content.IE5\RGU31SLS5f7bad3e1[1].jpg C:\Documents and Settings\Martin\Lokale innstillinger\Temporary Internet Files\Content.IE5\P0GBH9S5\3e5394c2c1[1].jpg C:\Documents and Settings\Martin\Lokale innstillinger\Temporary Internet Files\Content.IE5\KD4TANG9\400d5f96c8[1].jpg C:\Documents and Settings\Martin\Lokale innstillinger\Temporary Internet Files\Content.IE5\G3H7YEJ9\b2980bae55[1].jpg C:\Documents and Settings\Martin\Lokale innstillinger\Temporary Internet Files\Content.IE5N5ZIAFP\e2987a9c99[1].jpg C:\Documents and Settings\Martin\Lokale innstillinger\Temporary Internet Files\Content.IE5\KD4TANG9\79915c790f[1].jpg C:\Documents and Settings\Martin\Lokale innstillinger\Temporary Internet Files\Content.IE5\UNQFQP2V\3b39d75042[1].jpg C:\Documents and Settings\Martin\Lokale innstillinger\Temporary Internet Files\Content.IE5\RGU31SLS\44ea8fd85f[1].jpg C:\Documents and Settings\Martin\Lokale innstillinger\Temporary Internet Files\Content.IE5\BJPBN5GW\af0ffb7f26[1].jpg C:\Documents and Settings\Martin\Lokale innstillinger\Temporary Internet Files\Content.IE5\SXUJ09IF\d5d069023b[1].jpg C:\Documents and Settings\Martin\Lokale innstillinger\Temporary Internet Files\Content.IE5\9FBFXL4E\eefd70e4c4[1].jpg C:\Documents and Settings\Martin\Lokale innstillinger\Temporary Internet Files\Content.IE5\Z24BJ1WT\polosa[1].gif C:\Documents and Settings\Martin\Lokale innstillinger\Temporary Internet Files\Content.IE5\BJPBN5GW\1bb43d4246[1].jpg C:\Documents and Settings\Martin\Lokale innstillinger\Temporary Internet Files\Content.IE5\PBQY30XV\c55a741a09[1].jpg C:\Documents and Settings\Martin\Lokale innstillinger\Temporary Internet Files\Content.IE5\BJPBN5GW\e83f88d084[1].jpg C:\Documents and Settings\Martin\Lokale innstillinger\Temporary Internet Files\Content.IE5\TRF7DHKE\94e69162f0[1].jpg C:\Documents and Settings\Martin\Lokale innstillinger\Temporary Internet Files\Content.IE5\Z24BJ1WT\438ab0759a[1].jpg C:\Documents and Settings\Martin\Lokale innstillinger\Temporary Internet Files\Content.IE5\9FBFXL4E\5be74fa783[1].jpg C:\Documents and Settings\Martin\Lokale innstillinger\Temporary Internet Files\Content.IE5\P0GBH9S5\86fb480472[1].jpg C:\Documents and Settings\Martin\Lokale innstillinger\Temporary Internet Files\Content.IE5\8VF7E059\3f1c19a4e9[1].jpg C:\Documents and Settings\Martin\Lokale innstillinger\Temporary Internet Files\Content.IE5\UNQFQP2V\dec5afea04[1].jpg C:\Documents and Settings\Martin\Lokale innstillinger\Temporary Internet Files\Content.IE5\Y5PQJQP4\5bec87639f[1].jpg C:\Documents and Settings\Martin\Lokale innstillinger\Temporary Internet Files\Content.IE5\KD4TANG9\f9b2fd3cf1[1].jpg C:\Documents and Settings\Martin\Lokale innstillinger\Temporary Internet Files\Content.IE5\MP0JQHY5\5050880bac[1].jpg C:\Documents and Settings\Martin\Lokale innstillinger\Temporary Internet Files\Content.IE5\KFDBIMFT\502b24c9a0[1].jpg C:\Documents and Settings\Martin\Lokale innstillinger\Temporary Internet Files\Content.IE5\8VF7E059\a6bc31def9[1].jpg C:\Documents and Settings\Martin\Lokale innstillinger\Temporary Internet Files\Content.IE5\NGOGODI6\1a37443ba7[1].jpg C:\Documents and Settings\Martin\Lokale innstillinger\Temporary Internet Files\Content.IE5\ITFWLKFM\b5c90c3f88[1].jpg Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 13:02, on 2008-05-17 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Programfiler\Fellesfiler\Autodata Limited Shared\Service\ADCDLicSvc.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system32\notepad.exe C:\WINDOWS\system32\wuauclt.exe C:\Programfiler\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\notepad.exe C:\WINDOWS\system32\notepad.exe C:\Documents and Settings\Martin\Skrivebord\HJT\test.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKCU\..\Run: [CDriver] c:\z_Drivers\svchost.exe O4 - HKCU\..\Run: [DDriver] c:\z_Drivers\svchost.exe O4 - HKCU\..\Run: [alpha] c:\z_Drivers\svchost.exe O4 - HKCU\..\Run: [beta] c:\z_Drivers\svchost.exe O4 - HKCU\..\Run: [gamma] c:\z_Drivers\svchost.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETTVERKSTJENESTE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O20 - Winlogon Notify: !SASWinLogon - C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll O23 - Service: Autodata Limited License Service - Autodata Limited - C:\Programfiler\Fellesfiler\Autodata Limited Shared\Service\ADCDLicSvc.exe -- End of file - 3124 bytes Lenke til kommentar
norbat Skrevet 17. mai 2008 Del Skrevet 17. mai 2008 Start hjt, velg "Do a system scan only", sett merke framfor følgende linjer og klikk Fix checked: O4 - HKCU\..\Run: [CDriver] c:\z_Drivers\svchost.exe O4 - HKCU\..\Run: [DDriver] c:\z_Drivers\svchost.exe O4 - HKCU\..\Run: [alpha] c:\z_Drivers\svchost.exe O4 - HKCU\..\Run: [beta] c:\z_Drivers\svchost.exe O4 - HKCU\..\Run: [gamma] c:\z_Drivers\svchost.exe Restart PC-en Kjør ny runde med Combofix og post combofix-loggen. Lenke til kommentar
killer_ulf Skrevet 19. mai 2008 Del Skrevet 19. mai 2008 BearShare komme rbundlet med New Dot Net og vil derfor reinstallere seg vær gang du trykker på Bearshare.exe Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå