duttleif Skrevet 16. juli 2007 Del Skrevet 16. juli 2007 hei. har hatt sånn security toolbar virus. såg i ein anna tråd og fulgte det som stod der. og den toolbaren som var oppe med adresse feltet på internett sida er vekke no. men eg har logg av hijackthis og andre logg som eg fekk. så om noken veit ka eg eventuelt må gjera videre elle om alt er vekk no hadde det vore kjempekjekt!! HJT- logg Klikk for å se/fjerne innholdet nedenfor Logfile of HijackThis v1.99.1Scan saved at 21:51:13, on 16.07.2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16473) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Programfiler\Java\jre1.5.0\bin\jusched.exe C:\windows\system\hpsysdrv.exe C:\Programfiler\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\WINDOWS\system32\hphmon06.exe C:\HP\KBD\KBD.EXE C:\Programfiler\Java\jre1.5.0\bin\jucheck.exe C:\WINDOWS\ALCXMNTR.EXE C:\Programfiler\Trend Micro\Internet Security 2007\pccguide.exe C:\Programfiler\QuickTime\qttask.exe C:\Programfiler\iTunes\iTunesHelper.exe C:\Programfiler\Trend Micro\Internet Security 2007\TMAS_OE\TMAS_OEMon.exe C:\WINDOWS\system32\ctfmon.exe C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Programfiler\HP\Digital Imaging\bin\hpqtra08.exe C:\PROGRA~1\TRENDM~1\INTERN~2\PcCtlCom.exe C:\WINDOWS\system32\HPZipm12.exe C:\WINDOWS\system32\svchost.exe C:\PROGRA~1\TRENDM~1\INTERN~2\Tmntsrv.exe C:\PROGRA~1\TRENDM~1\INTERN~2\tmproxy.exe C:\Programfiler\iPod\bin\iPodService.exe C:\PROGRA~1\TRENDM~1\INTERN~2\PcScnSrv.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\Programfiler\Internet Explorer\iexplore.exe C:\DOCUME~1\HP_Eier\LOKALE~1\Temp\Midlertidig mappe 1 for hijackthis[1].zip\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Programfiler\Canon\Easy-WebPrint\EWPBrowseLoader.dll O3 - Toolbar: HP-visning - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Programfiler\HP\Digital Imaging\bin\HPDTLK02.dll O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Programfiler\Canon\Easy-WebPrint\Toolband.dll O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Programfiler\Java\jre1.5.0\bin\jusched.exe O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe O4 - HKLM\..\Run: [ATIPTA] "C:\Programfiler\ATI Technologies\ATI Control Panel\atiptaxx.exe" O4 - HKLM\..\Run: [HPHUPD06] c:\Programfiler\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe O4 - HKLM\..\Run: [pccguide.exe] "C:\Programfiler\Trend Micro\Internet Security 2007\pccguide.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Programfiler\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [sNM] C:\Programfiler\SpyNoMore\SNM.exe /startup O4 - HKCU\..\Run: [OE] "C:\Programfiler\Trend Micro\Internet Security 2007\TMAS_OE\TMAS_OEMon.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programfiler\HP\Digital Imaging\bin\hpqtra08.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0\bin\npjpi150.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0\bin\npjpi150.dll O9 - Extra button: Tilkoblingshjelp - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm O9 - Extra 'Tools' menuitem: Tilkoblingshjelp - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O9 - Extra button: Tilkoblingshjelp - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU) O9 - Extra 'Tools' menuitem: Tilkoblingshjelp - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU) O11 - Options group: [iNTERNATIONAL] International* O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1179240520093 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1179240507500 O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O20 - Winlogon Notify: !SASWinLogon - C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Programfiler\iPod\bin\iPodService.exe O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\PcCtlCom.exe O23 - Service: Spionprogrambeskyttelse fra Trend Micro (PcScnSrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\PcScnSrv.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\Tmntsrv.exe O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\tmproxy.exe SAS- logg: Klikk for å se/fjerne innholdet nedenfor SUPERAntiSpyware Scan Loghttp://www.superantispyware.com Generated 07/16/2007 at 09:36 PM Application Version : 3.9.1008 Core Rules Database Version : 3269 Trace Rules Database Version: 1280 Scan type : Complete Scan Total Scan Time : 00:48:02 Memory items scanned : 452 Memory threats detected : 0 Registry items scanned : 4482 Registry threats detected : 6 File items scanned : 45748 File threats detected : 350 Adware.Tracking Cookie C:\Documents and Settings\HP_Eier\Cookies\hp_eier@indexstats[2].txt C:\Documents and Settings\HP_Eier\Cookies\hp_eier@gostats[1].txt C:\Documents and Settings\HP_Eier\Cookies\[email protected][2].txt C:\Documents and Settings\HP_Eier\Cookies\[email protected][1].txt C:\Documents and Settings\HP_Eier\Cookies\hp_eier@mtgnewmedia[2].txt C:\Documents and Settings\HP_Eier\Cookies\hp_eier@mediaplex[1].txt C:\Documents and Settings\HP_Eier\Cookies\hp_eier@revsci[1].txt C:\Documents and Settings\HP_Eier\Cookies\hp_eier@winantivirus[2].txt C:\Documents and Settings\HP_Eier\Cookies\[email protected][3].txt C:\Documents and Settings\HP_Eier\Cookies\[email protected][2].txt C:\Documents and Settings\HP_Eier\Cookies\hp_eier@overture[1].txt C:\Documents and Settings\HP_Eier\Cookies\hp_eier@serving-sys[2].txt C:\Documents and Settings\HP_Eier\Cookies\[email protected][1].txt C:\Documents and Settings\HP_Eier\Cookies\hp_eier@advertising[2].txt C:\Documents and Settings\HP_Eier\Cookies\hp_eier@questionmarket[2].txt C:\Documents and Settings\HP_Eier\Cookies\[email protected][3].txt C:\Documents and Settings\HP_Eier\Cookies\[email protected][1].txt C:\Documents and Settings\HP_Eier\Cookies\[email protected][2].txt C:\Documents and Settings\HP_Eier\Cookies\[email protected][1].txt C:\Documents and Settings\HP_Eier\Cookies\[email protected][1].txt C:\Documents and Settings\HP_Eier\Cookies\[email protected][2].txt C:\Documents and Settings\HP_Eier\Cookies\[email protected][1].txt C:\Documents and Settings\HP_Eier\Cookies\[email protected][2].txt C:\Documents and Settings\HP_Eier\Cookies\hp_eier@2o7[2].txt C:\Documents and Settings\HP_Eier\Cookies\[email protected][1].txt C:\Documents and Settings\HP_Eier\Cookies\[email protected][2].txt C:\Documents and Settings\HP_Eier\Cookies\hp_eier@casalemedia[2].txt C:\Documents and Settings\HP_Eier\Cookies\[email protected][4].txt C:\Documents and Settings\HP_Eier\Cookies\hp_eier@imrworldwide[2].txt C:\Documents and Settings\HP_Eier\Cookies\[email protected][1].txt C:\Documents and Settings\HP_Eier\Cookies\[email protected][1].txt C:\Documents and Settings\HP_Eier\Cookies\[email protected][1].txt C:\Documents and Settings\HP_Eier\Cookies\[email protected][3].txt C:\Documents and Settings\HP_Eier\Cookies\hp_eier@atwola[1].txt C:\Documents and Settings\HP_Eier\Cookies\[email protected][1].txt C:\Documents and Settings\HP_Eier\Cookies\hp_eier@malwarewiped[2].txt C:\Documents and Settings\HP_Eier\Cookies\[email protected][2].txt C:\Documents and Settings\HP_Eier\Cookies\hp_eier@drivecleaner[2].txt C:\Documents and Settings\HP_Eier\Cookies\[email protected][2].txt C:\Documents and Settings\HP_Eier\Cookies\[email protected][1].txt C:\Documents and Settings\HP_Eier\Cookies\[email protected][1].txt C:\Documents and Settings\HP_Eier\Cookies\[email protected][1].txt C:\Documents and Settings\HP_Eier\Cookies\hp_eier@hisfirstgaysex[2].txt C:\Documents and Settings\HP_Eier\Cookies\[email protected][1].txt C:\Documents and Settings\HP_Eier\Cookies\[email protected][1].txt C:\Documents and Settings\HP_Eier\Cookies\[email protected][1].txt C:\Documents and Settings\HP_Eier\Cookies\[email protected][1].txt C:\Documents and Settings\HP_Eier\Cookies\hp_eier@atdmt[1].txt C:\Documents and Settings\HP_Eier\Cookies\hp_eier@paycounter[1].txt C:\Documents and Settings\HP_Eier\Cookies\hp_eier@zedo[2].txt C:\Documents and Settings\HP_Eier\Cookies\[email protected][2].txt C:\Documents and Settings\HP_Eier\Cookies\[email protected][2].txt C:\Documents and Settings\HP_Eier\Cookies\[email protected][1].txt C:\Documents and Settings\HP_Eier\Cookies\hp_eier@adtech[2].txt C:\Documents and Settings\HP_Eier\Cookies\[email protected][3].txt C:\Documents and Settings\HP_Eier\Cookies\[email protected][2].txt C:\Documents and Settings\HP_Eier\Cookies\[email protected][1].txt C:\Documents and Settings\HP_Eier\Cookies\hp_eier@doubleclick[2].txt C:\Documents and Settings\HP_Eier\Cookies\hp_eier@tradedoubler[1].txt C:\Documents and Settings\Admin\Cookies\[email protected][2].txt C:\Documents and Settings\Admin\Cookies\admin@247realmedia[1].txt C:\Documents and Settings\Admin\Cookies\admin@2o7[1].txt C:\Documents and Settings\Admin\Cookies\[email protected][1].txt C:\Documents and Settings\Admin\Cookies\[email protected][1].txt C:\Documents and Settings\Admin\Cookies\[email protected][1].txt C:\Documents and Settings\Admin\Cookies\[email protected][2].txt C:\Documents and Settings\Admin\Cookies\[email protected][2].txt C:\Documents and Settings\Admin\Cookies\[email protected][1].txt C:\Documents and Settings\Admin\Cookies\[email protected][2].txt C:\Documents and Settings\Admin\Cookies\admin@adbrite[2].txt C:\Documents and Settings\Admin\Cookies\admin@adinterax[1].txt C:\Documents and Settings\Admin\Cookies\[email protected][2].txt C:\Documents and Settings\Admin\Cookies\[email protected][2].txt C:\Documents and Settings\Admin\Cookies\[email protected][1].txt C:\Documents and Settings\Admin\Cookies\[email protected][1].txt C:\Documents and Settings\Admin\Cookies\[email protected][1].txt C:\Documents and Settings\Admin\Cookies\[email protected][1].txt C:\Documents and Settings\Admin\Cookies\[email protected][1].txt C:\Documents and Settings\Admin\Cookies\[email protected][1].txt C:\Documents and Settings\Admin\Cookies\[email protected][2].txt C:\Documents and Settings\Admin\Cookies\[email protected][2].txt C:\Documents and Settings\Admin\Cookies\[email protected][1].txt C:\Documents and Settings\Admin\Cookies\admin@adtech[2].txt C:\Documents and Settings\Admin\Cookies\admin@adultcheck[1].txt C:\Documents and Settings\Admin\Cookies\admin@adultfriendfinder[1].txt C:\Documents and Settings\Admin\Cookies\admin@adultrevenueservice[2].txt C:\Documents and Settings\Admin\Cookies\admin@advertising[1].txt C:\Documents and Settings\Admin\Cookies\[email protected][1].txt C:\Documents and Settings\Admin\Cookies\admin@apmebf[2].txt C:\Documents and Settings\Admin\Cookies\[email protected][1].txt C:\Documents and Settings\Admin\Cookies\admin@atdmt[2].txt C:\Documents and Settings\Admin\Cookies\admin@atwola[2].txt C:\Documents and Settings\Admin\Cookies\[email protected][1].txt C:\Documents and Settings\Admin\Cookies\[email protected][1].txt C:\Documents and Settings\Admin\Cookies\[email protected][1].txt C:\Documents and Settings\Admin\Cookies\admin@belnk[1].txt C:\Documents and Settings\Admin\Cookies\admin@bluestreak[1].txt C:\Documents and Settings\Admin\Cookies\[email protected][2].txt C:\Documents and Settings\Admin\Cookies\admin@burstnet[2].txt C:\Documents and Settings\Admin\Cookies\admin@casalemedia[1].txt C:\Documents and Settings\Admin\Cookies\[email protected][1].txt C:\Documents and Settings\Admin\Cookies\admin@clickbank[1].txt C:\Documents and Settings\Admin\Cookies\admin@clicktorrent[2].txt C:\Documents and Settings\Admin\Cookies\[email protected][2].txt C:\Documents and Settings\Admin\Cookies\[email protected][1].txt C:\Documents and Settings\Admin\Cookies\admin@couplesseduceteens[2].txt C:\Documents and Settings\Admin\Cookies\[email protected][1].txt C:\Documents and Settings\Admin\Cookies\[email protected][2].txt C:\Documents and Settings\Admin\Cookies\admin@doubleclick[2].txt C:\Documents and Settings\Admin\Cookies\admin@drivecleaner[1].txt C:\Documents and Settings\Admin\Cookies\admin@dynamicsitestats[2].txt C:\Documents and Settings\Admin\Cookies\[email protected][1].txt C:\Documents and Settings\Admin\Cookies\[email protected][2].txt C:\Documents and Settings\Admin\Cookies\[email protected][2].txt C:\Documents and Settings\Admin\Cookies\[email protected][1].txt C:\Documents and Settings\Admin\Cookies\[email protected][1].txt C:\Documents and Settings\Admin\Cookies\[email protected][1].txt C:\Documents and Settings\Admin\Cookies\[email protected][1].txt C:\Documents and Settings\Admin\Cookies\[email protected][2].txt C:\Documents and Settings\Admin\Cookies\[email protected][2].txt C:\Documents and Settings\Admin\Cookies\admin@fastclick[1].txt C:\Documents and Settings\Admin\Cookies\[email protected][1].txt C:\Documents and Settings\Admin\Cookies\[email protected][2].txt C:\Documents and Settings\Admin\Cookies\[email protected][1].txt C:\Documents and Settings\Admin\Cookies\[email protected][1].txt C:\Documents and Settings\Admin\Cookies\admin@gostats[2].txt C:\Documents and Settings\Admin\Cookies\admin@hitbox[1].txt C:\Documents and Settings\Admin\Cookies\[email protected][1].txt C:\Documents and Settings\Admin\Cookies\[email protected][2].txt C:\Documents and Settings\Admin\Cookies\admin@indextools[1].txt C:\Documents and Settings\Admin\Cookies\admin@inventingtradition[1].txt C:\Documents and Settings\Admin\Cookies\admin@komtrack[2].txt C:\Documents and Settings\Admin\Cookies\[email protected][1].txt C:\Documents and Settings\Admin\Cookies\[email protected][1].txt C:\Documents and Settings\Admin\Cookies\admin@mediaplex[1].txt C:\Documents and Settings\Admin\Cookies\[email protected][1].txt C:\Documents and Settings\Admin\Cookies\[email protected][1].txt C:\Documents and Settings\Admin\Cookies\[email protected][1].txt C:\Documents and Settings\Admin\Cookies\[email protected][1].txt C:\Documents and Settings\Admin\Cookies\[email protected][1].txt C:\Documents and Settings\Admin\Cookies\[email protected][1].txt C:\Documents and Settings\Admin\Cookies\admin@overture[1].txt C:\Documents and Settings\Admin\Cookies\[email protected][1].txt C:\Documents and Settings\Admin\Cookies\admin@partypoker[2].txt C:\Documents and Settings\Admin\Cookies\admin@partypoker[3].txt C:\Documents and Settings\Admin\Cookies\[email protected][1].txt C:\Documents and Settings\Admin\Cookies\[email protected][1].txt C:\Documents and Settings\Admin\Cookies\[email protected][1].txt C:\Documents and Settings\Admin\Cookies\admin@pocketsex[2].txt C:\Documents and Settings\Admin\Cookies\admin@questionmarket[2].txt C:\Documents and Settings\Admin\Cookies\admin@realmedia[2].txt C:\Documents and Settings\Admin\Cookies\admin@revenue[2].txt C:\Documents and Settings\Admin\Cookies\admin@revsci[2].txt C:\Documents and Settings\Admin\Cookies\[email protected][1].txt C:\Documents and Settings\Admin\Cookies\[email protected][1].txt C:\Documents and Settings\Admin\Cookies\[email protected][2].txt C:\Documents and Settings\Admin\Cookies\[email protected][1].txt C:\Documents and Settings\Admin\Cookies\[email protected][2].txt C:\Documents and Settings\Admin\Cookies\admin@serving-sys[2].txt C:\Documents and Settings\Admin\Cookies\[email protected][1].txt C:\Documents and Settings\Admin\Cookies\[email protected][1].txt C:\Documents and Settings\Admin\Cookies\admin@smileycentral[2].txt C:\Documents and Settings\Admin\Cookies\[email protected][2].txt C:\Documents and Settings\Admin\Cookies\admin@specificclick[2].txt C:\Documents and Settings\Admin\Cookies\[email protected][1].txt C:\Documents and Settings\Admin\Cookies\[email protected][1].txt C:\Documents and Settings\Admin\Cookies\admin@statcounter[1].txt C:\Documents and Settings\Admin\Cookies\[email protected][2].txt C:\Documents and Settings\Admin\Cookies\[email protected][1].txt C:\Documents and Settings\Admin\Cookies\[email protected][2].txt C:\Documents and Settings\Admin\Cookies\admin@stats[1].txt C:\Documents and Settings\Admin\Cookies\admin@superstats[1].txt C:\Documents and Settings\Admin\Cookies\admin@tacoda[1].txt C:\Documents and Settings\Admin\Cookies\[email protected][1].txt C:\Documents and Settings\Admin\Cookies\[email protected][2].txt C:\Documents and Settings\Admin\Cookies\[email protected][3].txt C:\Documents and Settings\Admin\Cookies\[email protected][1].txt C:\Documents and Settings\Admin\Cookies\admin@tradedoubler[2].txt C:\Documents and Settings\Admin\Cookies\admin@tribalfusion[2].txt C:\Documents and Settings\Admin\Cookies\admin@valueclick[2].txt C:\Documents and Settings\Admin\Cookies\admin@valueclick[3].txt C:\Documents and Settings\Admin\Cookies\[email protected][1].txt C:\Documents and Settings\Admin\Cookies\admin@windowsmedia[2].txt C:\Documents and Settings\Admin\Cookies\admin@winfixer[2].txt C:\Documents and Settings\Admin\Cookies\[email protected][1].txt C:\Documents and Settings\Admin\Cookies\[email protected][2].txt C:\Documents and Settings\Admin\Cookies\[email protected][2].txt C:\Documents and Settings\Admin\Cookies\[email protected][1].txt C:\Documents and Settings\Admin\Cookies\[email protected][1].txt C:\Documents and Settings\Admin\Cookies\[email protected][2].txt C:\Documents and Settings\Admin\Cookies\[email protected][1].txt C:\Documents and Settings\Admin\Cookies\[email protected][1].txt C:\Documents and Settings\Admin\Cookies\[email protected][1].txt C:\Documents and Settings\Admin\Cookies\[email protected][2].txt C:\Documents and Settings\Admin\Cookies\[email protected][1].txt C:\Documents and Settings\Admin\Cookies\[email protected][2].txt C:\Documents and Settings\Admin\Cookies\admin@yadro[1].txt C:\Documents and Settings\Admin\Cookies\admin@zedo[2].txt C:\Documents and Settings\HP_Eier\Cookies\[email protected][1].txt C:\Documents and Settings\HP_Eier\Cookies\[email protected][2].txt C:\Documents and Settings\HP_Eier\Cookies\[email protected][2].txt Trojan.Media-Codec/V3 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IExplorer Security Plug-in HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IExplorer Security Plug-in#DisplayName HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IExplorer Security Plug-in#UninstallString HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Explorer Secure Bar HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Explorer Secure Bar#DisplayName HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Explorer Secure Bar#UninstallString C:\SYSTEM VOLUME INFORMATION\_RESTORE{3CDDF21C-93F9-4740-898C-6EBEAA821307}\RP42\A0013539.DLL C:\SYSTEM VOLUME INFORMATION\_RESTORE{3CDDF21C-93F9-4740-898C-6EBEAA821307}\RP42\A0013540.EXE Browser Hijacker.Favorites C:\DOCUMENTS AND SETTINGS\ADMIN\FAVORITTER\ONLINE SECURITY TEST.URL Malware.PestCapture C:\DOCUMENTS AND SETTINGS\ADMIN\LOKALE INNSTILLINGER\TEMPORARY INTERNET FILES\CONTENT.IE5\W9GZ83K7\PESTCAPTURESETUP[1].EXE Adware.Casino Games (Golden Palace Casino) C:\POKER\EXPEKT POKER\CASINO.EXE C:\DOCUMENTS AND SETTINGS\ALL USERS\SKRIVEBORD\EXPEKT POKER.LNK C:\DOCUMENTS AND SETTINGS\ALL USERS\START-MENY\PROGRAMMER\EXPEKT POKER\EXPEKT POKER.LNK C:\SYSTEM VOLUME INFORMATION\_RESTORE{3CDDF21C-93F9-4740-898C-6EBEAA821307}\RP9\A0002960.LNK C:\SYSTEM VOLUME INFORMATION\_RESTORE{3CDDF21C-93F9-4740-898C-6EBEAA821307}\RP9\A0002967.LNK Malware.VirusProtectPro C:\SYSTEM VOLUME INFORMATION\_RESTORE{3CDDF21C-93F9-4740-898C-6EBEAA821307}\RP44\A0013668.EXE C:\SYSTEM VOLUME INFORMATION\_RESTORE{3CDDF21C-93F9-4740-898C-6EBEAA821307}\RP45\A0013764.EXE Malware.SpyLocked C:\SYSTEM VOLUME INFORMATION\_RESTORE{3CDDF21C-93F9-4740-898C-6EBEAA821307}\RP45\A0013752.EXE C:\SYSTEM VOLUME INFORMATION\_RESTORE{3CDDF21C-93F9-4740-898C-6EBEAA821307}\RP45\A0013753.EXE Trace.Known Threat Sources C:\Documents and Settings\Admin\Lokale innstillinger\Temporary Internet Files\Content.IE5\UP0NMT25\logotype[1].jpg C:\Documents and Settings\Admin\Lokale innstillinger\Temporary Internet Files\Content.IE5\2VM7QPIV\track[1].gif C:\Documents and Settings\Admin\Lokale innstillinger\Temporary Internet Files\Content.IE5\2VM7QPIV\flag_fr[1].gif C:\Documents and Settings\Admin\Lokale innstillinger\Temporary Internet Files\Content.IE5\QTN0PKZE\fl_sep[1].gif C:\Documents and Settings\Admin\Lokale innstillinger\Temporary Internet Files\Content.IE5\43HF6IJ1\box_top[1].jpg C:\Documents and Settings\Admin\Lokale innstillinger\Temporary Internet Files\Content.IE5\8YTACFEQ\icon_down[1].gif C:\Documents and Settings\Admin\Lokale innstillinger\Temporary Internet Files\Content.IE5\HGPT53LT\win[1].gif C:\Documents and Settings\Admin\Lokale innstillinger\Temporary Internet Files\Content.IE5\W9GZ83K7\btn_get[1].jpg C:\Documents and Settings\Admin\Lokale innstillinger\Temporary Internet Files\Content.IE5\13FRT14E\nav_bg[1].gif C:\Documents and Settings\Admin\Lokale innstillinger\Temporary Internet Files\Content.IE5\FF3LD7PX\down[1].gif C:\Documents and Settings\Admin\Lokale innstillinger\Temporary Internet Files\Content.IE5\2VM7QPIV\br[1].gif C:\Documents and Settings\Admin\Lokale innstillinger\Temporary Internet Files\Content.IE5\W9GZ83K7\btn_download[1].gif C:\Documents and Settings\Admin\Lokale innstillinger\Temporary Internet Files\Content.IE5\IVMNS52N\ar1[1].gif C:\Documents and Settings\Admin\Lokale innstillinger\Temporary Internet Files\Content.IE5\JRLZVXGS\h[1].gif C:\Documents and Settings\Admin\Lokale innstillinger\Temporary Internet Files\Content.IE5\FF3LD7PX\fl_r[1].jpg C:\Documents and Settings\Admin\Lokale innstillinger\Temporary Internet Files\Content.IE5\43HF6IJ1\slogan[1].jpg C:\Documents and Settings\Admin\Lokale innstillinger\Temporary Internet Files\Content.IE5\4HEZSTUF\btn_support[1].gif C:\Documents and Settings\Admin\Lokale innstillinger\Temporary Internet Files\Content.IE5\AZVSD8TP\slogan[1].jpg C:\Documents and Settings\Admin\Lokale innstillinger\Temporary Internet Files\Content.IE5\W9GZ83K7\fot_l[1].gif C:\Documents and Settings\Admin\Lokale innstillinger\Temporary Internet Files\Content.IE5\ZH2EU0JX\ml[1].gif C:\Documents and Settings\Admin\Lokale innstillinger\Temporary Internet Files\Content.IE5\ZH2EU0JX\blur[1].jpg C:\Documents and Settings\Admin\Lokale innstillinger\Temporary Internet Files\Content.IE5\IVMNS52N\corner-left[1].gif C:\Documents and Settings\Admin\Lokale innstillinger\Temporary Internet Files\Content.IE5\KP81IBCL\spacer[4].gif C:\Documents and Settings\Admin\Lokale innstillinger\Temporary Internet Files\Content.IE5\13FRT14E\b_r[1].gif C:\Documents and Settings\Admin\Lokale innstillinger\Temporary Internet Files\Content.IE5\4HEZSTUF\b_l_bg[1].gif C:\Documents and Settings\Admin\Lokale innstillinger\Temporary Internet Files\Content.IE5\4HEZSTUF\contacts[1].gif C:\Documents and Settings\Admin\Lokale innstillinger\Temporary Internet Files\Content.IE5\KP81IBCL\screen1[1].jpg C:\Documents and Settings\Admin\Lokale innstillinger\Temporary Internet Files\Content.IE5\QTN0PKZE\sep1[1].gif C:\Documents and Settings\Admin\Lokale innstillinger\Temporary Internet Files\Content.IE5\QTN0PKZE\sep[1].gif C:\Documents and Settings\Admin\Lokale innstillinger\Temporary Internet Files\Content.IE5\HGPT53LT\btn_support[1].jpg C:\Documents and Settings\Admin\Lokale innstillinger\Temporary Internet Files\Content.IE5\FF3LD7PX\screen[1].jpg C:\Documents and Settings\Admin\Lokale innstillinger\Temporary Internet Files\Content.IE5\WJVJIC91\fl_btn[1].gif C:\Documents and Settings\Admin\Lokale innstillinger\Temporary Internet Files\Content.IE5\CBIVGJS7\b_buy[1].gif C:\Documents and Settings\Admin\Lokale innstillinger\Temporary Internet Files\Content.IE5\43HF6IJ1\btn_home[1].jpg C:\Documents and Settings\Admin\Lokale innstillinger\Temporary Internet Files\Content.IE5\W9GZ83K7\bullet2[1].gif C:\Documents and Settings\Admin\Lokale innstillinger\Temporary Internet Files\Content.IE5\8YVSENF4\wn[1].gif C:\Documents and Settings\Admin\Lokale innstillinger\Temporary Internet Files\Content.IE5\8YVSENF4\fl_l[1].gif C:\Documents and Settings\Admin\Lokale innstillinger\Temporary Internet Files\Content.IE5\UP0NMT25\f_bg[1].gif C:\Documents and Settings\Admin\Lokale innstillinger\Temporary Internet Files\Content.IE5\CBIVGJS7\bbr[1].gif C:\Documents and Settings\Admin\Lokale innstillinger\Temporary Internet Files\Content.IE5\IVMNS52N\shield[1].gif C:\Documents and Settings\Admin\Lokale innstillinger\Temporary Internet Files\Content.IE5\UP0NMT25\sn1[1].jpg C:\Documents and Settings\Admin\Lokale innstillinger\Temporary Internet Files\Content.IE5\43HF6IJ1\logo_bot[1].jpg C:\Documents and Settings\Admin\Lokale innstillinger\Temporary Internet Files\Content.IE5\43HF6IJ1\header_a[1].gif C:\Documents and Settings\Admin\Lokale innstillinger\Temporary Internet Files\Content.IE5\WJVJIC91\help[1].gif C:\Documents and Settings\Admin\Lokale innstillinger\Temporary Internet Files\Content.IE5\13FRT14E\header[1].gif C:\Documents and Settings\Admin\Lokale innstillinger\Temporary Internet Files\Content.IE5\WJVJIC91\copy[1].jpg C:\Documents and Settings\Admin\Lokale innstillinger\Temporary Internet Files\Content.IE5\AZVSD8TP\t[1].gif C:\Documents and Settings\Admin\Lokale innstillinger\Temporary Internet Files\Content.IE5\UP0NMT25\key[1].jpg C:\Documents and Settings\Admin\Lokale innstillinger\Temporary Internet Files\Content.IE5\4HEZSTUF\l[1].jpg C:\Documents and Settings\Admin\Lokale innstillinger\Temporary Internet Files\Content.IE5\7QG7RPOT\log2[1].jpg C:\Documents and Settings\Admin\Lokale innstillinger\Temporary Internet Files\Content.IE5\AZVSD8TP\icon_home[1].gif C:\Documents and Settings\Admin\Lokale innstillinger\Temporary Internet Files\Content.IE5\AZVSD8TP\table-2[1].gif C:\Documents and Settings\Admin\Lokale innstillinger\Temporary Internet Files\Content.IE5\IVMNS52N\nav_r[1].gif C:\Documents and Settings\Admin\Lokale innstillinger\Temporary Internet Files\Content.IE5\8YTACFEQ\bul1[1].gif C:\Documents and Settings\Admin\Lokale innstillinger\Temporary Internet Files\Content.IE5\056Z4PEN\icon_contacts[1].gif C:\Documents and Settings\Admin\Lokale innstillinger\Temporary Internet Files\Content.IE5\2VM7QPIV\style2[1].css C:\Documents and Settings\Admin\Lokale innstillinger\Temporary Internet Files\Content.IE5\7QG7RPOT\btn_updates[1].gif C:\Documents and Settings\Admin\Lokale innstillinger\Temporary Internet Files\Content.IE5\4HEZSTUF\main[1].css C:\Documents and Settings\Admin\Lokale innstillinger\Temporary Internet Files\Content.IE5\CBIVGJS7\b_bot[1].gif C:\Documents and Settings\Admin\Lokale innstillinger\Temporary Internet Files\Content.IE5\ZH2EU0JX\btn_buynow[1].jpg C:\Documents and Settings\Admin\Lokale innstillinger\Temporary Internet Files\Content.IE5\43HF6IJ1\bbl[1].gif C:\Documents and Settings\Admin\Lokale innstillinger\Temporary Internet Files\Content.IE5\W9GZ83K7\list[1].gif C:\Documents and Settings\Admin\Lokale innstillinger\Temporary Internet Files\Content.IE5\ZH2EU0JX\side-left[1].jpg C:\Documents and Settings\Admin\Lokale innstillinger\Temporary Internet Files\Content.IE5\13FRT14E\heal[1].jpg C:\Documents and Settings\Admin\Lokale innstillinger\Temporary Internet Files\Content.IE5\CBIVGJS7\btn_overview[1].jpg C:\Documents and Settings\Admin\Lokale innstillinger\Temporary Internet Files\Content.IE5\13FRT14E\header1[1].gif C:\Documents and Settings\Admin\Lokale innstillinger\Temporary Internet Files\Content.IE5\AZVSD8TP\btn_freescan[1].jpg C:\Documents and Settings\Admin\Lokale innstillinger\Temporary Internet Files\Content.IE5\KP81IBCL\b_l[1].gif C:\Documents and Settings\Admin\Lokale innstillinger\Temporary Internet Files\Content.IE5\8YTACFEQ\r[1].gif C:\Documents and Settings\Admin\Lokale innstillinger\Temporary Internet Files\Content.IE5\056Z4PEN\logo_r[1].jpg C:\Documents and Settings\Admin\Lokale innstillinger\Temporary Internet Files\Content.IE5\4HEZSTUF\b_t[1].gif C:\Documents and Settings\Admin\Lokale innstillinger\Temporary Internet Files\Content.IE5\UP0NMT25\main[1].css C:\Documents and Settings\Admin\Lokale innstillinger\Temporary Internet Files\Content.IE5\FF3LD7PX\table-4[1].gif C:\Documents and Settings\Admin\Lokale innstillinger\Temporary Internet Files\Content.IE5\8YVSENF4\logo_top[1].jpg C:\Documents and Settings\Admin\Lokale innstillinger\Temporary Internet Files\Content.IE5\43HF6IJ1\header2[1].gif C:\Documents and Settings\Admin\Lokale innstillinger\Temporary Internet Files\Content.IE5\056Z4PEN\main_bg[1].gif C:\Documents and Settings\Admin\Lokale innstillinger\Temporary Internet Files\Content.IE5\IVMNS52N\box[1].jpg C:\Documents and Settings\Admin\Lokale innstillinger\Temporary Internet Files\Content.IE5\UP0NMT25\ptop_bg[1].gif C:\Documents and Settings\Admin\Lokale innstillinger\Temporary Internet Files\Content.IE5\IVMNS52N\btl[1].gif C:\Documents and Settings\Admin\Lokale innstillinger\Temporary Internet Files\Content.IE5\8YVSENF4\btn_home[1].gif C:\Documents and Settings\Admin\Lokale innstillinger\Temporary Internet Files\Content.IE5\ZH2EU0JX\bul2[1].gif C:\Documents and Settings\Admin\Lokale innstillinger\Temporary Internet Files\Content.IE5\2VM7QPIV\icon_buy[1].gif C:\Documents and Settings\Admin\Lokale innstillinger\Temporary Internet Files\Content.IE5\FF3LD7PX\small-part-b[1].jpg C:\Documents and Settings\Admin\Lokale innstillinger\Temporary Internet Files\Content.IE5\WJVJIC91\h1_bg[1].gif C:\Documents and Settings\Admin\Lokale innstillinger\Temporary Internet Files\Content.IE5\13FRT14E\btn_aboutus[1].gif C:\Documents and Settings\Admin\Lokale innstillinger\Temporary Internet Files\Content.IE5\ZH2EU0JX\logo[2].gif C:\Documents and Settings\Admin\Lokale innstillinger\Temporary Internet Files\Content.IE5\43HF6IJ1\btn_company[1].jpg C:\Documents and Settings\Admin\Lokale innstillinger\Temporary Internet Files\Content.IE5\ZH2EU0JX\bul[1].gif C:\Documents and Settings\Admin\Lokale innstillinger\Temporary Internet Files\Content.IE5\8YVSENF4\down[1].gif C:\Documents and Settings\Admin\Lokale innstillinger\Temporary Internet Files\Content.IE5\4HEZSTUF\btn_features[1].jpg C:\Documents and Settings\Admin\Lokale innstillinger\Temporary Internet Files\Content.IE5\JRLZVXGS\sep[3].gif C:\Documents and Settings\Admin\Lokale innstillinger\Temporary Internet Files\Content.IE5\056Z4PEN\screen[1].jpg C:\Documents and Settings\Admin\Lokale innstillinger\Temporary Internet Files\Content.IE5\CBIVGJS7\nav_r[1].jpg C:\Documents and Settings\Admin\Lokale innstillinger\Temporary Internet Files\Content.IE5\ZH2EU0JX\btn_register[1].jpg C:\Documents and Settings\Admin\Lokale innstillinger\Temporary Internet Files\Content.IE5\HGPT53LT\bot_bg[1].gif C:\Documents and Settings\Admin\Lokale innstillinger\Temporary Internet Files\Content.IE5\13FRT14E\b_r_bg[1].gif C:\Documents and Settings\Admin\Lokale innstillinger\Temporary Internet Files\Content.IE5\HGPT53LT\download[1].gif C:\Documents and Settings\Admin\Lokale innstillinger\Temporary Internet Files\Content.IE5\JRLZVXGS\btn_features[1].gif C:\Documents and Settings\Admin\Lokale innstillinger\Temporary Internet Files\Content.IE5\056Z4PEN\btn_buy[1].jpg C:\Documents and Settings\Admin\Lokale innstillinger\Temporary Internet Files\Content.IE5\2VM7QPIV\sn[1].jpg C:\Documents and Settings\Admin\Lokale innstillinger\Temporary Internet Files\Content.IE5\W9GZ83K7\slogan[1].jpg C:\Documents and Settings\Admin\Lokale innstillinger\Temporary Internet Files\Content.IE5\056Z4PEN\top_bg[1].gif C:\Documents and Settings\Admin\Lokale innstillinger\Temporary Internet Files\Content.IE5\JRLZVXGS\ppb[1].gif C:\Documents and Settings\Admin\Lokale innstillinger\Temporary Internet Files\Content.IE5\FF3LD7PX\bultr[1].gif C:\Documents and Settings\Admin\Lokale innstillinger\Temporary Internet Files\Content.IE5\IVMNS52N\what[1].gif C:\Documents and Settings\Admin\Lokale innstillinger\Temporary Internet Files\Content.IE5\KP81IBCL\btn_overview[1].gif C:\Documents and Settings\Admin\Lokale innstillinger\Temporary Internet Files\Content.IE5\8YTACFEQ\down_btn[1].gif C:\Documents and Settings\Admin\Lokale innstillinger\Temporary Internet Files\Content.IE5\HGPT53LT\table-3[1].gif C:\Documents and Settings\Admin\Lokale innstillinger\Temporary Internet Files\Content.IE5\WJVJIC91\btn_purchase[1].gif C:\Documents and Settings\Admin\Lokale innstillinger\Temporary Internet Files\Content.IE5\AZVSD8TP\ar2[1].gif C:\Documents and Settings\Admin\Lokale innstillinger\Temporary Internet Files\Content.IE5\WJVJIC91\logo_bot[1].jpg C:\Documents and Settings\Admin\Lokale innstillinger\Temporary Internet Files\Content.IE5\056Z4PEN\h2_bg[1].gif C:\Documents and Settings\Admin\Lokale innstillinger\Temporary Internet Files\Content.IE5\8YTACFEQ\small-part-c[1].jpg C:\Documents and Settings\Admin\Lokale innstillinger\Temporary Internet Files\Content.IE5\8YVSENF4\main_bg[1].gif C:\Documents and Settings\Admin\Lokale innstillinger\Temporary Internet Files\Content.IE5\KP81IBCL\r[1].jpg C:\Documents and Settings\Admin\Lokale innstillinger\Temporary Internet Files\Content.IE5\AZVSD8TP\botr[1].gif C:\Documents and Settings\Admin\Lokale innstillinger\Temporary Internet Files\Content.IE5\QTN0PKZE\bot_bg[1].gif C:\Documents and Settings\Admin\Lokale innstillinger\Temporary Internet Files\Content.IE5\7QG7RPOT\malwarewiped[1].htm C:\Documents and Settings\Admin\Lokale innstillinger\Temporary Internet Files\Content.IE5\IVMNS52N\logo_top[1].jpg C:\Documents and Settings\Admin\Lokale innstillinger\Temporary Internet Files\Content.IE5\7QG7RPOT\navv_bg[1].gif C:\Documents and Settings\Admin\Lokale innstillinger\Temporary Internet Files\Content.IE5\8YVSENF4\sep1[1].gif C:\Documents and Settings\Admin\Lokale innstillinger\Temporary Internet Files\Content.IE5\KP81IBCL\segpay[1].png C:\Documents and Settings\Admin\Lokale innstillinger\Temporary Internet Files\Content.IE5\8YTACFEQ\bot_r[1].gif C:\Documents and Settings\Admin\Lokale innstillinger\Temporary Internet Files\Content.IE5\FF3LD7PX\td1[1].gif C:\Documents and Settings\Admin\Lokale innstillinger\Temporary Internet Files\Content.IE5\7QG7RPOT\buy[1].gif C:\Documents and Settings\Admin\Lokale innstillinger\Temporary Internet Files\Content.IE5\2VM7QPIV\b_oad[1].gif C:\Documents and Settings\Admin\Lokale innstillinger\Temporary Internet Files\Content.IE5\2VM7QPIV\block_bg[1].gif C:\Documents and Settings\Admin\Lokale innstillinger\Temporary Internet Files\Content.IE5\JRLZVXGS\sep2[1].gif C:\Documents and Settings\Admin\Lokale innstillinger\Temporary Internet Files\Content.IE5\13FRT14E\tc[1].jpg C:\Documents and Settings\Admin\Lokale innstillinger\Temporary Internet Files\Content.IE5\CBIVGJS7\10-30935822[1].htm C:\Documents and Settings\Admin\Lokale innstillinger\Temporary Internet Files\Content.IE5\JRLZVXGS\block_bg[1].gif C:\Documents and Settings\Admin\Lokale innstillinger\Temporary Internet Files\Content.IE5\13FRT14E\btn_affiliates[1].jpg C:\Documents and Settings\Admin\Lokale innstillinger\Temporary Internet Files\Content.IE5\WJVJIC91\index[3].htm C:\Documents and Settings\Admin\Lokale innstillinger\Temporary Internet Files\Content.IE5\FF3LD7PX\release[1].jpg C:\Documents and Settings\Admin\Lokale innstillinger\Temporary Internet Files\Content.IE5\JRLZVXGS\btn_overview[1].jpg C:\Documents and Settings\Admin\Lokale innstillinger\Temporary Internet Files\Content.IE5\FF3LD7PX\anim[1].gif Smitfraudfix- logg: Klikk for å se/fjerne innholdet nedenfor SmitFraudFix v2.204 Scan done at 20:38:59,18, 16.07.2007 Run from C:\Documents and Settings\HP_Eier\Skrivebord\SmitfraudFix OS: Microsoft Windows XP [Versjon 5.1.2600] - Windows_NT The filesystem type is NTFS Fix run in safe mode »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix !Attention, following keys are not inevitably infected! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler] "{33b8d257-07f6-4c06-8605-94bc21728635}"="discommodiousness" [HKEY_CLASSES_ROOT\CLSID\{33b8d257-07f6-4c06-8605-94bc21728635}\InProcServer32] @="C:\WINDOWS\system32\onljweo.dll" [HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{33b8d257-07f6-4c06-8605-94bc21728635}\InProcServer32] @="C:\WINDOWS\system32\onljweo.dll" »»»»»»»»»»»»»»»»»»»»»»»» Killing process »»»»»»»»»»»»»»»»»»»»»»»» hosts 127.0.0.1 localhost »»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix GenericRenosFix by S!Ri C:\WINDOWS\system32\onljweo.dll -> Hoax.Win32.Renos.gen.o C:\WINDOWS\system32\onljweo.dll -> Deleted »»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files C:\DOCUME~1\ALLUSE~1\START-~1\Online Security Guide.url Deleted C:\DOCUME~1\ALLUSE~1\START-~1\Security Troubleshooting.url Deleted C:\DOCUME~1\ALLUSE~1\SKRIVE~1\Online Security Guide.url Deleted C:\DOCUME~1\ALLUSE~1\SKRIVE~1\Security Troubleshooting.url Deleted C:\DOCUME~1\HP_Eier\FAVORI~1\Online Security Test.url Deleted C:\Programfiler\SpyLocked 3.7\ Deleted C:\Programfiler\Video ActiveX Access\ Deleted C:\Programfiler\VirusProtectPro 3.4\ Deleted »»»»»»»»»»»»»»»»»»»»»»»» DNS HKLM\SYSTEM\CCS\Services\Tcpip\..\{2824467F-2ABC-4E12-B2F7-474E57FF4C8C}: DhcpNameServer=84.205.33.21 194.19.2.11 HKLM\SYSTEM\CS1\Services\Tcpip\..\{2824467F-2ABC-4E12-B2F7-474E57FF4C8C}: DhcpNameServer=84.205.33.21 194.19.2.11 HKLM\SYSTEM\CS3\Services\Tcpip\..\{2824467F-2ABC-4E12-B2F7-474E57FF4C8C}: DhcpNameServer=84.205.33.21 194.19.2.11 HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=84.205.33.21 194.19.2.11 HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=84.205.33.21 194.19.2.11 HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=84.205.33.21 194.19.2.11 »»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System !Attention, following keys are not inevitably infected! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] "System"="" »»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning Registry Cleaning done. »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix !Attention, following keys are not inevitably infected! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» End Lenke til kommentar
Gjest medlem-105082 Skrevet 16. juli 2007 Del Skrevet 16. juli 2007 (endret) Hei og velkommen til forumet Kjør Hijackthis og slett: O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) Så laster du ned nyeste versjon av Hijackthis: Hijackthis V 2.02. Legg ut en ny logg Endret 16. juli 2007 av medlem-105082 Lenke til kommentar
duttleif Skrevet 17. juli 2007 Forfatter Del Skrevet 17. juli 2007 takk for hjelpe! sletta da du sa og lasta ned ny versjon. her er ny logg: Klikk for å se/fjerne innholdet nedenfor Logfile of Trend Micro HijackThis v2.0.2Scan saved at 13:34:28, on 17.07.2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16473) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Programfiler\Java\jre1.5.0\bin\jusched.exe C:\windows\system\hpsysdrv.exe C:\Programfiler\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\WINDOWS\system32\hphmon06.exe C:\HP\KBD\KBD.EXE C:\Programfiler\Java\jre1.5.0\bin\jucheck.exe C:\Programfiler\Trend Micro\Internet Security 2007\pccguide.exe C:\Programfiler\QuickTime\qttask.exe C:\Programfiler\iTunes\iTunesHelper.exe C:\Programfiler\Trend Micro\Internet Security 2007\TMAS_OE\TMAS_OEMon.exe C:\WINDOWS\system32\ctfmon.exe C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Programfiler\HP\Digital Imaging\bin\hpqtra08.exe C:\PROGRA~1\TRENDM~1\INTERN~2\PcCtlCom.exe C:\WINDOWS\system32\HPZipm12.exe C:\WINDOWS\system32\svchost.exe C:\PROGRA~1\TRENDM~1\INTERN~2\Tmntsrv.exe C:\Programfiler\iPod\bin\iPodService.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\Programfiler\Internet Explorer\iexplore.exe C:\PROGRA~1\TRENDM~1\INTERN~2\PcScnSrv.exe C:\PROGRA~1\TRENDM~1\INTERN~2\tmproxy.exe C:\DOCUME~1\HP_Eier\LOKALE~1\Temp\Midlertidig mappe 1 for HiJackThis.zip\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Programfiler\Canon\Easy-WebPrint\EWPBrowseLoader.dll O3 - Toolbar: HP-visning - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Programfiler\HP\Digital Imaging\bin\HPDTLK02.dll O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Programfiler\Canon\Easy-WebPrint\Toolband.dll O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Programfiler\Java\jre1.5.0\bin\jusched.exe O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe O4 - HKLM\..\Run: [ATIPTA] "C:\Programfiler\ATI Technologies\ATI Control Panel\atiptaxx.exe" O4 - HKLM\..\Run: [HPHUPD06] c:\Programfiler\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe O4 - HKLM\..\Run: [pccguide.exe] "C:\Programfiler\Trend Micro\Internet Security 2007\pccguide.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Programfiler\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [sNM] C:\Programfiler\SpyNoMore\SNM.exe /startup O4 - HKCU\..\Run: [OE] "C:\Programfiler\Trend Micro\Internet Security 2007\TMAS_OE\TMAS_OEMon.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETTVERKSTJENESTE') O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programfiler\HP\Digital Imaging\bin\hpqtra08.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0\bin\npjpi150.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0\bin\npjpi150.dll O9 - Extra button: Tilkoblingshjelp - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm O9 - Extra 'Tools' menuitem: Tilkoblingshjelp - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O9 - Extra button: Tilkoblingshjelp - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU) O9 - Extra 'Tools' menuitem: Tilkoblingshjelp - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU) O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1179240520093 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1179240507500 O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O20 - Winlogon Notify: !SASWinLogon - C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Programfiler\iPod\bin\iPodService.exe O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\PcCtlCom.exe O23 - Service: Spionprogrambeskyttelse fra Trend Micro (PcScnSrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\PcScnSrv.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\Tmntsrv.exe O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\tmproxy.exe -- End of file - 6349 bytes Lenke til kommentar
Gjest medlem-105082 Skrevet 18. juli 2007 Del Skrevet 18. juli 2007 Loggen ser fin ut den Hvis du vil ta en liten opprydding, så kan du laste ned CCleaner og installere det. Så får du slettet litt filer og gamle register oppføringer. Du bør nullstille gjenopprettingsmappa slik at du ikke blir infisert ved en evt. systemgjenoppretting. Kontrollpanel->system->systemgjenoppretting . Sett merke framfor "Slå av Systemgjenopprettingen .....", restart pc, fjern merket igjen for å aktivere funksjonen. Ha en fin dag Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå