[LØST] Antivirus programmet : ANTIVIRUSASKELADD!-VIRUS!

Trulsz · 5. mai 2008

hello. Jeg logget nylig på PC-en min og merket at det ikke var som det skulle.

"bakgrundsbildet" var byttet ut med et bilde som også var en link til et antivirus program (egentlig et VIRUS).

I tillegg har jeg også fått 3 nye programmer instalert på PC-en:

1. Error cleaner

2. Spyware&... protection

3. Privacy protector.

- I tillegg til dette får jeg hele tiden melding om at PC-en er infiltrert av spyware og noe som kalles :

"Worm.Win32.netbooster".

Da får jeg et tilbud om å laste ned antivirus programmet: ANTIVIRUSASKELADD! -> dette er et VIRUS.

Men det som er problemet er at jeg ikke vet hvordan jeg skal bli kvitt dette... Virus-søkene jeg tar hjelper ikke, og hvis jeg deleter noe- er det tilbake når PC-en skrus på igjen.

HJEEELP!

-"Håper" noen har en løsning på dette. "skriv detaljer hvis det er mulig" :ermm:

Endret 13. mai 2008 av Trulsz

snippsat · 5. mai 2008

Hei!

Last ned HijackThis legg i egen mappe på skrivebordet.

Start programmet og velg "Trykk scan og save log" .

Loggfilen kopierer du og limer inn i posten din.

Helst med skjult tekst [1skjul] logg her [1/skjul] fjern 1 for skjult tekst.

Last Combofix ned ,legg på skrivebordet.

Ikke klikk på vindu mens programet kjører.

post logg C:\combofix.txt

Trulsz · 5. mai 2008

Hei!
Last ned HijackThis legg i egen mappe på skrivebordet.

Start programmet og velg "Trykk scan og save log" .

Loggfilen kopierer du og limer inn i posten din.

Helst med skjult tekst [1skjul] logg her [1/skjul] fjern 1 for skjult tekst.

Last Combofix ned ,legg på skrivebordet.

Ikke klikk på vindu mens programet kjører.

post logg C:\combofix.txt

Jeg har kjørt "Combofix og fått loggen. Hva mener du med : "Post Logg C:\combofix.txt?" Hva er det :ohmy:

norbat · 5. mai 2008

Du merker all tekst (altså loggen), kopierer den og limer den inn i din neste post

Trulsz · 5. mai 2008

Hei!
Last ned HijackThis legg i egen mappe på skrivebordet.

Start programmet og velg "Trykk scan og save log" .

Loggfilen kopierer du og limer inn i posten din.

Helst med skjult tekst [1skjul] logg her [1/skjul] fjern 1 for skjult tekst.

Last Combofix ned ,legg på skrivebordet.

Ikke klikk på vindu mens programet kjører.

post logg C:\combofix.txt

Seriøst! TUSEN TAKK.

Nå virker det som at jeg har fjærna det.

var litt skummelt når jeg skrudde av PC-en for da hadde alt på PC-en forsvunnet og bare bakgrunsbildet var igjen;P

Men jeg fikk opp task manager og ba den kjøre : Explorer- og da var alt normalt!

:love:

takk Igjen!

norbat · 5. mai 2008

Finn loggen som combofix laget. Den vil ligge her: C:\combofix.txt (bruk utforsker til å finne denne fila)

Dobbeltklikk på fila, og den vil åpne seg i notisblokk. Der merker du all tekst, kopierer, og limer den inn i din neste post.

(Det kan fortsatt ligge filer på PC-en din som bør fjernes. Det kan evt. loggen vise)

Trulsz · 6. mai 2008

Finn loggen som combofix laget. Den vil ligge her: C:\combofix.txt (bruk utforsker til å finne denne fila)
Dobbeltklikk på fila, og den vil åpne seg i notisblokk. Der merker du all tekst, kopierer, og limer den inn i din neste post.

(Det kan fortsatt ligge filer på PC-en din som bør fjernes. Det kan evt. loggen vise)

Joa jeg finner og merker den fila i notisblokken, men jeg henger ikke helt med hvor jeg skal lime den inn i min "neste post". Hvilken post? Hvilke poster er det lissom jeg skal lime den inn i?

-ps. det kom tilbake igjen;S

Endret 6. mai 2008 av Trulsz

norbat · 6. mai 2008

Du klikker på 'Svar nå' og så limer du loggen rett inn i posten (innlegget ditt)

Trulsz · 6. mai 2008

Skal gjøre det.... Må bare på skolen først :thumbdown:

Trulsz · 6. mai 2008

Dette kom da jeg hadde tatt "Hijackthis" : Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 15:21:27, on 06.05.2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16640)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\userinit.exe

C:\WINDOWS\system32\PRISMSVR.EXE

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\WINDOWS\system32\CTsvcCDA.exe

C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe

C:\Program Files\Electronic Arts\Medal of Honor Airborne\UnrealEngine3\MOHAGame\pb\PnkBstrA.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\UAService7.exe

C:\WINDOWS\system32\MsPMSPSv.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\Explorer.exe

C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe

C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe

C:\Program Files\Dell\Media Experience\PCMService.exe

C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe

C:\WINDOWS\system32\CTHELPER.EXE

C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe

C:\Program Files\DAEMON Tools\daemon.exe

C:\Program Files\D-Link\AirPlus G\AirGCFG.exe

C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

C:\Program Files\Messenger\msmsgs.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

C:\Program Files\Dell Wireless\PRISMCFG.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

C:\Documents and Settings\Fredrik\Desktop\HiJackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=...6Ojg5&lid=2

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll

O2 - BHO: DVA First - {40815A9A-BC7C-46D1-837D-A49ED3444F06} - C:\WINDOWS\qvlbodmnmle.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~4\Office12\GRA8E1~1.DLL

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll

O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll

O3 - Toolbar: mkrndofl - {091E4684-9A84-453B-A5AC-E82BCD2109E2} - C:\WINDOWS\mkrndofl.dll

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe

O4 - HKLM\..\Run: [iAAnotif] C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe

O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"

O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

O4 - HKLM\..\Run: [intelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe

O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE

O4 - HKLM\..\Run: [AsioReg] REGSVR32.EXE /S CTASIO.DLL

O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"

O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon

O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033

O4 - HKLM\..\Run: [D-Link AirPlus G] C:\Program Files\D-Link\AirPlus G\AirGCFG.exe

O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [steam] "c:\valve\steam\steam.exe" -silent

O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h

O4 - HKCU\..\Run: [WhenUSave] "C:\Program Files\Save\Save.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Wireless USB 2.0 WLAN Card Utility.lnk = ?

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll

O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab

O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/200707...ex/qtplugin.cab

O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab

O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab

O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{CC9C7CDD-98FF-47E8-BC93-068B7984B8B4}: NameServer = 193.216.1.10 193.216.69.10

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~4\Office12\GR99D3~1.DLL

O21 - SSODL: tdomgafw - {E1D74D90-8788-46A1-935F-427291C6425F} - C:\WINDOWS\tdomgafw.dll

O21 - SSODL: wetkadmr - {74FE2CB6-3D4B-4152-A404-520396DC163C} - C:\WINDOWS\wetkadmr.dll

O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe

O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe

O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe

O23 - Service: PunkBuster (PnkBstrA) - Unknown owner - C:\Program Files\Electronic Arts\Medal of Honor Airborne\UnrealEngine3\MOHAGame\pb\PnkBstrA.exe

O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe

O24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm

--

End of file - 11274 bytes

Trulsz · 6. mai 2008

Dette er fra Combofix!:

Klikk for å se/fjerne innholdet nedenfor

ComboFix 08-05-01.3 - Fredrik 2008-05-06 15:25:05.3 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1515 [GMT 2:00]

Running from: C:\Documents and Settings\Fredrik\Desktop\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\Documents and Settings\Fredrik\Desktop\Error Cleaner.url

C:\Documents and Settings\Fredrik\Desktop\Privacy Protector.url

C:\Documents and Settings\Fredrik\Desktop\Spyware&Malware Protection.url

C:\Documents and Settings\Fredrik\Favorites\Error Cleaner.url

C:\Documents and Settings\Fredrik\Favorites\Privacy Protector.url

C:\Documents and Settings\Fredrik\Favorites\Spyware&Malware Protection.url

C:\WINDOWS\privacy_danger

C:\WINDOWS\privacy_danger\images\capt.gif

C:\WINDOWS\privacy_danger\images\danger.jpg

C:\WINDOWS\privacy_danger\images\down.gif

C:\WINDOWS\privacy_danger\images\spacer.gif

C:\WINDOWS\privacy_danger\index.htm

.

((((((((((((((((((((((((( Files Created from 2008-04-06 to 2008-05-06 )))))))))))))))))))))))))))))))

.

2008-05-05 15:02 . 2008-05-05 22:22 <DIR> d-------- C:\Documents and Settings\Fredrik\Application Data\TmpRecentIcons

2008-05-05 08:18 . 2008-05-05 03:53 266,240 --a------ C:\WINDOWS\qvlbodmnmle.dll

2008-05-05 08:18 . 2008-05-05 03:53 225,280 --a------ C:\WINDOWS\wetkadmr.dll

2008-05-05 08:18 . 2008-05-05 03:53 200,704 --a------ C:\WINDOWS\mkrndofl.dll

2008-05-05 08:18 . 2008-05-05 03:53 196,608 --a------ C:\WINDOWS\tdomgafw.dll

2008-05-05 08:18 . 2008-05-05 03:53 94,208 --a------ C:\WINDOWS\svorbmke.exe

2008-05-05 08:18 . 2008-05-05 03:53 81,920 --a------ C:\WINDOWS\knxsrgte.exe

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-05-06 13:22 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec

2008-05-05 13:02 --------- d-----w C:\Program Files\Common Files\Symantec Shared

2008-04-25 20:20 --------- d-----w C:\Documents and Settings\Fredrik\Application Data\Azureus

2008-04-19 05:29 --------- d-----w C:\Program Files\World of Warcraft

2008-04-09 21:03 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help

2008-03-22 16:16 --------- d-----w C:\Program Files\MSBuild

2008-03-22 16:16 --------- d-----w C:\Program Files\Microsoft Works

2008-03-22 16:15 --------- d-----w C:\Program Files\Microsoft.NET

2008-03-22 16:10 --------- d-----w C:\Program Files\Microsoft Visual Studio 8

2008-03-22 16:00 --------- d-----w C:\Program Files\Reference Assemblies

2008-03-22 15:59 --------- d-----w C:\Program Files\MSXML 6.0

2008-03-22 15:27 --------- d-----w C:\Documents and Settings\Fredrik\Application Data\AdobeUM

2008-03-21 13:12 --------- d-----w C:\Documents and Settings\Fredrik\Application Data\Lavasoft

2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\SYSTEM32\win32k.sys

2008-03-19 09:47 1,845,248 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\win32k.sys

2008-03-06 20:32 706 ----a-w C:\WINDOWS\system32\drivers\COH_Mon.inf

2008-03-06 20:32 23,904 ----a-w C:\WINDOWS\system32\drivers\COH_Mon.sys

2008-03-06 20:32 10,537 ----a-w C:\WINDOWS\system32\drivers\COH_Mon.cat

2008-03-06 15:02 --------- d-----w C:\Documents and Settings\Fredrik\Application Data\Beyond

2008-03-01 16:36 3,591,680 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\mshtml.dll

2008-02-29 08:55 70,656 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\ie4uinit.exe

2008-02-29 08:55 625,664 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\iexplore.exe

2008-02-22 10:00 13,824 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\ieudinit.exe

2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\SYSTEM32\gdi32.dll

2008-02-20 06:51 282,624 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\gdi32.dll

2008-02-20 05:32 45,568 ----a-w C:\WINDOWS\SYSTEM32\dnsrslvr.dll

2008-02-20 05:32 45,568 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\dnsrslvr.dll

2008-02-20 05:32 148,992 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\dnsapi.dll

2008-02-15 05:44 161,792 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\ieakui.dll

2007-03-14 15:01 52,264 ----a-w C:\Documents and Settings\Fredrik\Application Data\GDIPFONTCACHEV1.DAT

.

((((((((((((((((((((((((((((( snapshot@2008-05-05_20.47.45,45 )))))))))))))))))))))))))))))))))))))))))

.

- 2008-05-05 15:52:44 2,048 --s-a-w C:\WINDOWS\BOOTSTAT.DAT

+ 2008-05-06 13:19:07 2,048 --s-a-w C:\WINDOWS\BOOTSTAT.DAT

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{40815A9A-BC7C-46D1-837D-A49ED3444F06}]

2008-05-05 03:53 266240 --a------ C:\WINDOWS\qvlbodmnmle.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{091E4684-9A84-453B-A5AC-E82BCD2109E2}"= "C:\WINDOWS\mkrndofl.dll" [2008-05-05 03:53 200704]

[HKEY_CLASSES_ROOT\clsid\{091e4684-9a84-453b-a5ac-e82bcd2109e2}]

[HKEY_CLASSES_ROOT\mkrndofl.1]

[HKEY_CLASSES_ROOT\TypeLib\{83D61EFC-B305-444C-8097-C6ADBBF10548}]

[HKEY_CLASSES_ROOT\mkrndofl]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 18:24 1694208]

"Steam"="c:\valve\steam\steam.exe" [2008-03-28 08:30 1271032]

"ares"="C:\Program Files\Ares\Ares.exe" [ ]

"WhenUSave"="C:\Program Files\Save\Save.exe" [ ]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 07:00 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SunJavaUpdateSched"="C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe" [2003-11-19 19:48 32881]

"IAAnotif"="C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe" [2004-06-29 13:23 135168]

"PCMService"="C:\Program Files\Dell\Media Experience\PCMService.exe" [2004-04-11 22:15 290816]

"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-08-25 14:52 339968]

"IntelMeM"="C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-03 22:12 221184]

"CTHelper"="CTHELPER.EXE" [2003-02-21 00:45 28672 C:\WINDOWS\SYSTEM32\CTHELPER.EXE]

"AsioReg"="REGSVR32.exe" [2004-08-04 07:00 11776 C:\WINDOWS\SYSTEM32\REGSVR32.EXE]

"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2004-08-23 20:19 57344]

"Easy-PrintToolBox"="C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.exe" [2004-01-14 04:10 409600]

"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2005-12-10 16:57 133016]

"D-Link AirPlus G"="C:\Program Files\D-Link\AirPlus G\AirGCFG.exe" [2005-07-22 10:42 1519616]

"ANIWZCS2Service"="C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2004-12-16 17:49 49152]

"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-11-15 00:43 286720]

"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-11-15 14:11 267048]

"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-10 07:59 115816]

"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 11:22 517768]

"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 01:47 31016]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 07:00 15360]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\

Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 05:44:06 29696]

Wireless USB 2.0 WLAN Card Utility.lnk - C:\Program Files\Dell Wireless\PRISMCFG.exe [2005-08-15 11:25:47 917611]

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]

Source= file:///C:\WINDOWS\privacy_danger\index.htm

FriendlyName= Privacy Protection

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]

"tdomgafw"= {E1D74D90-8788-46A1-935F-427291C6425F} - C:\WINDOWS\tdomgafw.dll [2008-05-05 03:53 196608]

"wetkadmr"= {74FE2CB6-3D4B-4152-A404-520396DC163C} - C:\WINDOWS\wetkadmr.dll [2008-05-05 03:53 225280]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"msacm.l3acm"= l3codecp.acm

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\Program Files\\Messenger\\MSMSGS.EXE"=

"C:\\Documents and Settings\\Fredrik\\My Documents\\spill\\Steam\\Steam.exe"=

"C:\\Documents and Settings\\Fredrik\\My Documents\\spill\\Steam\\SteamApps\\magnu_3k\\counter-strike\\hl.exe"=

"C:\\Documents and Settings\\Fredrik\\My Documents\\spill\\warcraft\\war3.exe"=

"C:\\Documents and Settings\\Fredrik\\My Documents\\spill\\Steam\\SteamApps\\fredrikpet\\counter-strike\\hl.exe"=

"C:\\Program Files\\MultiHubSearch\\Multi-Hub-Search.exe"=

"C:\\Documents and Settings\\Fredrik\\My Documents\\spill\\Steam\\SteamApps\\fredrikpet\\condition zero\\hl.exe"=

"C:\\Program Files\\LimeWire\\LimeWire.exe"=

"C:\\Program Files\\World of Warcraft\\WoW-1.6.0-enGB-downloader.exe"=

"C:\\Program Files\\World of Warcraft\\WoW-1.6.0.4500-to-1.6.1-enGB-downloader.exe"=

"C:\\Program Files\\World of Warcraft\\WoW-1.6.1.4544-to-1.7.0-enGB-downloader.exe"=

"C:\\Program Files\\World of Warcraft\\WoW-1.7.1.4695-to-1.8.0-enGB-downloader.exe"=

"C:\\Documents and Settings\\Fredrik\\My Documents\\WoW-1.8.3.4807-to-0.9.0-enGB-downloader.exe"=

"C:\\Program Files\\World of Warcraft\\WoW-1.8.3.4807-to-1.8.4.4878-enGB-downloader.exe"=

"C:\\Documents and Settings\\Fredrik\\My Documents\\Arathi_Basin_new_EG-downloader.exe"=

"C:\\Program Files\\World of Warcraft\\WoW-1.8.4.4878-to-1.9.0.4937-enGB-downloader.exe"=

"C:\\Program Files\\World of Warcraft\\WoW-1.9.2.4996-to-1.9.3.5059-enGB-downloader.exe"=

"C:\\Valve\\Steam\\SteamApps\\aafk\\counter-strike\\hl.exe"=

"C:\\Program Files\\World of Warcraft\\WoW-1.9.4.5086-to-1.10.0.5195-enGB-downloader.exe"=

"C:\\Program Files\\Azureus\\Azureus.exe"=

"C:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe"=

"C:\\Program Files\\World of Warcraft\\WoW-1.10.2.5302-to-1.11.0.5428-enGB-downloader.exe"=

"C:\\Program Files\\World of Warcraft\\WoW-1.11.1.5462-to-1.11.2.5464-enGB-downloader.exe"=

"C:\\Program Files\\World of Warcraft\\WoW-1.11.2.5464-to-1.12.0.5595-enGB-downloader.exe"=

"C:\\Program Files\\World of Warcraft\\WoW-1.12.0.5595-to-1.12.1.5875-enGB-downloader.exe"=

"C:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=

"C:\\Program Files\\MSN Messenger\\livecall.exe"=

"C:\\Program Files\\iTunes\\iTunes.exe"=

"C:\\Program Files\\Electronic Arts\\Medal of Honor Airborne\\UnrealEngine3\\Binaries\\MOHA.exe"=

"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=

"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=

R0 DiMaint;Eicon Maintenance Driver;C:\WINDOWS\system32\DRIVERS\DISDN\dimaint.sys [2002-12-04 15:49]

R2 DiCapi;Eicon CAPI 2.0 Driver;C:\WINDOWS\system32\DRIVERS\DISDN\capi202k.sys [2002-12-09 13:06]

R2 DiPort;Eicon Port Driver;C:\WINDOWS\system32\DRIVERS\DISDN\diport40.sys [2004-01-20 12:27]

R2 IAANTMon;IAA Event Monitor;C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe [2004-06-29 13:22]

S3 BM;Novell Virtual Private Network Miniport;C:\WINDOWS\system32\DRIVERS\vptunnel.sys [2004-01-23 12:16]

S3 DiWan;Eicon Driver for all Diva Client cards;C:\WINDOWS\system32\DRIVERS\DISDN\Diwan.sys [2004-02-27 16:05]

S3 USBAAPL;Apple Mobile USB Driver;C:\WINDOWS\system32\Drivers\usbaapl.sys [2007-10-31 15:09]

S4 PRISMSVC;PRISMSVC;C:\WINDOWS\system32\PRISMSVC.EXE [2004-10-04 14:12]

*Newly Created Service* - COMHOST

.

Contents of the 'Scheduled Tasks' folder

"2008-04-23 13:02:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"

- C:\Program Files\Apple Software Update\SoftwareUpdate.exe

.

**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, <a href="http://www.gmer.net" target="_blank">http://www.gmer.net</a>

Rootkit scan 2008-05-06 15:27:39

Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IAAnotif"="C:\\Program Files\\Intel\\Intel Application Accelerator\\iaanotif.exe"

.

Completion time: 2008-05-06 15:28:24

ComboFix-quarantined-files.txt 2008-05-06 13:28:17

ComboFix2.txt 2008-05-05 20:50:53

ComboFix3.txt 2008-05-05 19:02:28

Pre-Run: 162,688,155,648 bytes free

Post-Run: 162,676,826,112 bytes free

195 --- E O F --- 2008-04-12 16:45:39

"Recovery console?

Vet ikke om det var dette du mente NorBat, men håper det var det;P :dontgetit:

Endret 6. mai 2008 av Trulsz

r2d290 · 6. mai 2008

Ser riktig ut dette.

Var litt grums her, ja.

Last ned gratisversjonen avSUPERantispyware. Du vil få spørsmål om å oppdatere programmet, og da svarer du ja.

Kjør deretter FULL scan (ikke quick). Det vil bli laget en logg, som du finner ved å: Starte programmet. Velg: Preferences->statistics/logs

Denne loggen poster du her i forumet.

Restart deretter maskinen, og post en ny hijackthis-logg

Trulsz · 6. mai 2008

Skal gjøre det r2d290..

Skriver tilbake når jeg har fått gjort dette..

-folk er veldig hjelpsomme må jeg si :thumbup:

Trulsz · 6. mai 2008

Holder på med superantispyware nå, og det ser ikke bra ut... flere hundre threats :no:

Trulsz · 6. mai 2008

Jeg kjørte Superantispyware og dette er loggen:

Klikk for å se/fjerne innholdet nedenfor

SUPERAntiSpyware Scan Log

http://www.superantispyware.com

Generated 05/06/2008 at 08:45 PM

Application Version : 4.0.1154

Core Rules Database Version : 3453

Trace Rules Database Version: 1445

Scan type : Complete Scan

Total Scan Time : 00:34:21

Memory items scanned : 554

Memory threats detected : 4

Registry items scanned : 6246

Registry threats detected : 123

File items scanned : 21782

File threats detected : 121

Adware.Vundo-Variant/J

C:\WINDOWS\TDOMGAFW.DLL

C:\WINDOWS\WETKADMR.DLL

Trojan.Unclassified/GTS

C:\WINDOWS\MKRNDOFL.DLL

HKLM\Software\Microsoft\Internet Explorer\Toolbar#{091E4684-9A84-453B-A5AC-E82BCD2109E2}

HKCR\CLSID\{091E4684-9A84-453B-A5AC-E82BCD2109E2}

HKCR\CLSID\{091E4684-9A84-453B-A5AC-E82BCD2109E2}\InprocServer32

HKCR\CLSID\{091E4684-9A84-453B-A5AC-E82BCD2109E2}\InprocServer32#ThreadingModel

HKCR\CLSID\{091E4684-9A84-453B-A5AC-E82BCD2109E2}\ProgID

HKCR\CLSID\{091E4684-9A84-453B-A5AC-E82BCD2109E2}\Programmable

HKCR\CLSID\{091E4684-9A84-453B-A5AC-E82BCD2109E2}\TypeLib

HKCR\CLSID\{091E4684-9A84-453B-A5AC-E82BCD2109E2}\VersionIndependentProgID

HKCR\mkrndofl.1

HKCR\mkrndofl

HKCR\TypeLib\{83D61EFC-B305-444C-8097-C6ADBBF10548}

HKCR\TypeLib\{83D61EFC-B305-444C-8097-C6ADBBF10548}\1.0

HKCR\TypeLib\{83D61EFC-B305-444C-8097-C6ADBBF10548}\1.0\win32

HKCR\TypeLib\{83D61EFC-B305-444C-8097-C6ADBBF10548}\1.0\FLAGS

HKCR\TypeLib\{83D61EFC-B305-444C-8097-C6ADBBF10548}\1.0\HELPDIR

Adware.SXGAdvisor-A

C:\WINDOWS\QVLBODMNMLE.DLL

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{40815A9A-BC7C-46D1-837D-A49ED3444F06}

HKCR\CLSID\{40815A9A-BC7C-46D1-837D-A49ED3444F06}

HKCR\CLSID\{40815A9A-BC7C-46D1-837D-A49ED3444F06}\InprocServer32

HKCR\CLSID\{40815A9A-BC7C-46D1-837D-A49ED3444F06}\InprocServer32#ThreadingModel

HKCR\CLSID\{40815A9A-BC7C-46D1-837D-A49ED3444F06}\ProgID

HKCR\CLSID\{40815A9A-BC7C-46D1-837D-A49ED3444F06}\Programmable

HKCR\CLSID\{40815A9A-BC7C-46D1-837D-A49ED3444F06}\TypeLib

HKCR\CLSID\{40815A9A-BC7C-46D1-837D-A49ED3444F06}\VersionIndependentProgID

Adware.Tracking Cookie

C:\Documents and Settings\Fredrik\Cookies\[email protected][1].txt

C:\Documents and Settings\Fredrik\Cookies\fredrik@casalemedia[2].txt

C:\Documents and Settings\Fredrik\Cookies\[email protected][1].txt

C:\Documents and Settings\Fredrik\Cookies\fredrik@apmebf[1].txt

C:\Documents and Settings\Fredrik\Cookies\fredrik@atdmt[1].txt

C:\Documents and Settings\Fredrik\Cookies\fredrik@serving-sys[2].txt

C:\Documents and Settings\Fredrik\Cookies\fredrik@clickaider[1].txt

C:\Documents and Settings\Fredrik\Cookies\fredrik@mediaplex[1].txt

C:\Documents and Settings\Fredrik\Cookies\fredrik@advancedcleaner[1].txt

C:\Documents and Settings\Fredrik\Cookies\fredrik@fastclick[1].txt

C:\Documents and Settings\Fredrik\Cookies\fredrik@statcounter[2].txt

C:\Documents and Settings\Fredrik\Cookies\[email protected][2].txt

C:\Documents and Settings\Fredrik\Cookies\fredrik@clicksor[2].txt

C:\Documents and Settings\Fredrik\Cookies\fredrik@burstnet[1].txt

C:\Documents and Settings\Fredrik\Cookies\[email protected][1].txt

C:\Documents and Settings\Fredrik\Cookies\[email protected][2].txt

C:\Documents and Settings\Fredrik\Cookies\fredrik@kontera[1].txt

C:\Documents and Settings\Fredrik\Cookies\fredrik@tns-counter[2].txt

C:\Documents and Settings\Fredrik\Cookies\fredrik@imrworldwide[2].txt

C:\Documents and Settings\Fredrik\Cookies\fredrik@pornhub[1].txt

C:\Documents and Settings\Fredrik\Cookies\[email protected][3].txt

C:\Documents and Settings\Fredrik\Cookies\[email protected][1].txt

C:\Documents and Settings\Fredrik\Cookies\[email protected][2].txt

C:\Documents and Settings\Fredrik\Cookies\fredrik@nextag[1].txt

C:\Documents and Settings\Fredrik\Cookies\[email protected][2].txt

C:\Documents and Settings\Fredrik\Cookies\fredrik@overture[1].txt

C:\Documents and Settings\Fredrik\Cookies\fredrik@teenhitchhikers[1].txt

C:\Documents and Settings\Fredrik\Cookies\[email protected][1].txt

C:\Documents and Settings\Fredrik\Cookies\fredrik@doubleclick[2].txt

C:\Documents and Settings\Fredrik\Cookies\fredrik@smartadserver[1].txt

C:\Documents and Settings\Fredrik\Cookies\[email protected][1].txt

C:\Documents and Settings\Fredrik\Cookies\fredrik@2o7[2].txt

C:\Documents and Settings\Fredrik\Cookies\[email protected][1].txt

C:\Documents and Settings\Fredrik\Cookies\fredrik@questionmarket[2].txt

C:\Documents and Settings\Fredrik\Cookies\[email protected][2].txt

C:\Documents and Settings\Fredrik\Cookies\fredrik@tribalfusion[2].txt

C:\Documents and Settings\Fredrik\Cookies\fredrik@specificclick[2].txt

C:\Documents and Settings\Fredrik\Cookies\fredrik@revenue[2].txt

C:\Documents and Settings\Fredrik\Cookies\fredrik@adnetserver[1].txt

C:\Documents and Settings\Fredrik\Cookies\fredrik@advertising[2].txt

C:\Documents and Settings\Fredrik\Cookies\[email protected][1].txt

C:\Documents and Settings\Fredrik\Cookies\fredrik@tacoda[2].txt

C:\Documents and Settings\Fredrik\Cookies\fredrik@tradedoubler[1].txt

C:\Documents and Settings\Fredrik\Cookies\[email protected][1].txt

C:\Documents and Settings\Fredrik\Cookies\fredrik@xiti[2].txt

C:\Documents and Settings\Fredrik\Cookies\[email protected][1].txt

C:\Documents and Settings\Fredrik\Cookies\[email protected][3].txt

C:\Documents and Settings\Fredrik\Cookies\fredrik@freeporn[1].txt

C:\Documents and Settings\Fredrik\Cookies\fredrik@atwola[2].txt

C:\Documents and Settings\Fredrik\Cookies\fredrik@interclick[2].txt

C:\Documents and Settings\Fredrik\Cookies\[email protected][1].txt

C:\Documents and Settings\Fredrik\Cookies\[email protected][2].txt

C:\Documents and Settings\Fredrik\Cookies\fredrik@pro-market[2].txt

C:\Documents and Settings\Fredrik\Cookies\fredrik@antispywaremaster[1].txt

C:\Documents and Settings\Fredrik\Cookies\[email protected][2].txt

C:\Documents and Settings\Fredrik\Cookies\fredrik@gomyhit[3].txt

C:\Documents and Settings\Fredrik\Cookies\[email protected][2].txt

C:\Documents and Settings\Fredrik\Cookies\fredrik@gomyhit[4].txt

C:\Documents and Settings\Fredrik\Cookies\fredrik@adbrite[2].txt

C:\Documents and Settings\Fredrik\Cookies\fredrik@gomyhit[1].txt

C:\Documents and Settings\Fredrik\Cookies\fredrik@bravenet[1].txt

C:\Documents and Settings\Fredrik\Cookies\[email protected][2].txt

C:\Documents and Settings\Fredrik\Cookies\[email protected][3].txt

C:\Documents and Settings\Fredrik\Cookies\[email protected][4].txt

C:\Documents and Settings\Fredrik\Cookies\fredrik@revsci[2].txt

C:\Documents and Settings\Fredrik\Cookies\fredrik@insightexpressai[1].txt

C:\Documents and Settings\Fredrik\Cookies\[email protected][2].txt

C:\Documents and Settings\Fredrik\Cookies\fredrik@adtech[1].txt

C:\Documents and Settings\Fredrik\Cookies\fredrik@hothousemedia[1].txt

C:\Documents and Settings\Fredrik\Cookies\[email protected][2].txt

C:\Documents and Settings\Fredrik\Cookies\fredrik@freeporn[2].txt

C:\Documents and Settings\Fredrik\Cookies\[email protected][1].txt

C:\Documents and Settings\Fredrik\Cookies\[email protected][2].txt

C:\Documents and Settings\Fredrik\Cookies\[email protected][1].txt

C:\Documents and Settings\Fredrik\Cookies\[email protected][2].txt

C:\Documents and Settings\BEP\Cookies\bep@advertising[2].txt

C:\Documents and Settings\BEP\Cookies\[email protected][2].txt

C:\Documents and Settings\BEP\Cookies\[email protected][1].txt

C:\Documents and Settings\BEP\Cookies\bep@atdmt[2].txt

C:\Documents and Settings\BEP\Cookies\[email protected][2].txt

C:\Documents and Settings\BEP\Cookies\bep@casalemedia[1].txt

C:\Documents and Settings\BEP\Cookies\bep@doubleclick[1].txt

C:\Documents and Settings\BEP\Cookies\bep@imrworldwide[2].txt

C:\Documents and Settings\BEP\Cookies\bep@mediaplex[1].txt

C:\Documents and Settings\BEP\Cookies\[email protected][1].txt

C:\Documents and Settings\BEP\Cookies\bep@serving-sys[1].txt

C:\Documents and Settings\BEP\Cookies\[email protected][1].txt

C:\Documents and Settings\BEP\Cookies\bep@tradedoubler[1].txt

C:\Documents and Settings\BEP\Cookies\bep@tribalfusion[2].txt

Adware.WhenU

HKCR\ACM.ACMFactory

HKCR\ACM.ACMFactory\CLSID

HKCR\ACM.ACMFactory\CurVer

HKCR\ACM.ACMFactory.1

HKCR\ACM.ACMFactory.1\CLSID

HKCR\Interface\{572FB162-C0BA-4EDF-8CFF-E3846153B9B0}

HKCR\Interface\{572FB162-C0BA-4EDF-8CFF-E3846153B9B0}\ProxyStubClsid

HKCR\Interface\{572FB162-C0BA-4EDF-8CFF-E3846153B9B0}\ProxyStubClsid32

HKCR\Interface\{572FB162-C0BA-4EDF-8CFF-E3846153B9B0}\TypeLib

HKCR\Interface\{572FB162-C0BA-4EDF-8CFF-E3846153B9B0}\TypeLib#Version

HKCR\AppId\{127DF9B4-D75D-44A6-AF78-8C3A8CEB03DB}

HKCR\CLSID\{A9AAE1AB-9688-42C5-86F5-C12F6B9015AD}

HKCR\CLSID\{A9AAE1AB-9688-42C5-86F5-C12F6B9015AD}#AppID

HKCR\CLSID\{A9AAE1AB-9688-42C5-86F5-C12F6B9015AD}\InprocServer32

HKCR\CLSID\{A9AAE1AB-9688-42C5-86F5-C12F6B9015AD}\InprocServer32#ThreadingModel

HKCR\CLSID\{A9AAE1AB-9688-42C5-86F5-C12F6B9015AD}\ProgID

HKCR\CLSID\{A9AAE1AB-9688-42C5-86F5-C12F6B9015AD}\Programmable

HKCR\CLSID\{A9AAE1AB-9688-42C5-86F5-C12F6B9015AD}\TypeLib

HKCR\CLSID\{A9AAE1AB-9688-42C5-86F5-C12F6B9015AD}\VersionIndependentProgID

HKCR\AppId\ACM.DLL

HKCR\AppId\ACM.DLL#AppID

HKCR\TypeLib\{DF901432-1B9F-4F5B-9E56-301C553F9095}

HKCR\TypeLib\{DF901432-1B9F-4F5B-9E56-301C553F9095}\1.0

HKCR\TypeLib\{DF901432-1B9F-4F5B-9E56-301C553F9095}\1.0\win32

HKCR\TypeLib\{DF901432-1B9F-4F5B-9E56-301C553F9095}\1.0\FLAGS

HKCR\TypeLib\{DF901432-1B9F-4F5B-9E56-301C553F9095}\1.0\HELPDIR

HKCR\Interface\{72A836D1-BC00-43C0-A941-17960E4FB842}

HKCR\Interface\{72A836D1-BC00-43C0-A941-17960E4FB842}\ProxyStubClsid

HKCR\Interface\{72A836D1-BC00-43C0-A941-17960E4FB842}\ProxyStubClsid32

HKCR\Interface\{72A836D1-BC00-43C0-A941-17960E4FB842}\TypeLib

HKCR\Interface\{72A836D1-BC00-43C0-A941-17960E4FB842}\TypeLib#Version

HKCR\Interface\{43382522-A846-46F4-AC57-1F71AE6E1086}

HKCR\Interface\{43382522-A846-46F4-AC57-1F71AE6E1086}\ProxyStubClsid

HKCR\Interface\{43382522-A846-46F4-AC57-1F71AE6E1086}\ProxyStubClsid32

HKCR\Interface\{43382522-A846-46F4-AC57-1F71AE6E1086}\TypeLib

HKCR\Interface\{43382522-A846-46F4-AC57-1F71AE6E1086}\TypeLib#Version

HKLM\Software\WhenUSave

HKLM\Software\WhenUSave#db_script_update

HKLM\Software\WhenUSave#InstallDir

HKLM\Software\WhenUSave#pats_url

HKLM\Software\WhenUSave#pat_chunks_url

HKLM\Software\WhenUSave#script_url

HKLM\Software\WhenUSave#update_url

HKLM\Software\WhenUSave#ver_url

HKLM\Software\WhenUSave#Version

HKLM\Software\WhenUSave#uninst_rs

HKLM\Software\WhenUSave#timedDBUpdate_rs

HKLM\Software\WhenUSave#SystemParam_rs

HKLM\Software\WhenUSave#extra_url

HKLM\Software\WhenUSave#extraver_url

HKLM\Software\WhenUSave#ziptomsa_url

HKLM\Software\WhenUSave#InstallTime

HKLM\Software\WhenUSave#LastPartner

HKLM\Software\WhenUSave#zip

HKLM\Software\WhenUSave#uninstall_cmd_rs

HKLM\Software\WhenUSave#acm_rs

HKLM\Software\WhenUSave#TotalPartner

HKLM\Software\WhenUSave#newuser_rs

HKLM\Software\WhenUSave#Partner

HKLM\Software\WhenUSave#PartnerB

HKLM\Software\WhenUSave#PartnerDesc

HKLM\Software\WhenUSave#PartnerParam

HKLM\Software\WhenUSave#FullDBTime

HKLM\Software\WhenUSave#TotalPopup

HKLM\Software\WhenUSave#HeartbeatTime

HKLM\Software\WhenUSave#HeartbeatCount

HKLM\Software\WhenUSave#brandskin_url

HKLM\Software\WhenUSave#brandstrip_rs

HKLM\Software\WhenUSave#brandstrip_url

HKLM\Software\WhenUSave#bstat_rs

HKLM\Software\WhenUSave#himp_url

HKLM\Software\WhenUSave#iptomsa_url

HKLM\Software\WhenUSave#maxPopups_rs

HKLM\Software\WhenUSave#redir3p_url

HKLM\Software\WhenUSave#src_url

HKLM\Software\WhenUSave#uninstalltag_rs

HKLM\Software\WhenUSave#db_stamp_rs

HKLM\Software\WhenUSave#db_server_update

HKLM\Software\WhenUSave#fword_rs

HKLM\Software\WhenUSave#MSA

HKLM\Software\WhenUSave#PartnerUTag

HKLM\Software\WhenUSave#IPToMsaTime_rs

HKLM\Software\WhenUSave\Partners

HKLM\Software\WhenUSave\Partners\WUSV

HKLM\Software\WhenUSave\Partners\WUSV#Partner

HKLM\Software\WhenUSave\Partners\WUSV#InstallTime

HKLM\Software\WhenUSave\Partners\WUSV#PartnerDesc

HKLM\Software\WhenUSave\Partners\WUSV#PartnerParam

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SaveNow

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SaveNow#DisplayIcon

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SaveNow#DisplayName

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SaveNow#DisplayVersion

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SaveNow#HelpLink

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SaveNow#Publisher

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SaveNow#UninstallString

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SaveNow#UrlInfoAbout

C:\PROGRAM FILES\DAEMON TOOLS\SETUPDTSB.EXE

Desktop Hijacker.AboutYourPrivacy

C:\WINDOWS\privacy_danger\images\capt.gif

C:\WINDOWS\privacy_danger\images\danger.jpg

C:\WINDOWS\privacy_danger\images\down.gif

C:\WINDOWS\privacy_danger\images\spacer.gif

C:\WINDOWS\privacy_danger\images

C:\WINDOWS\privacy_danger\index.htm

C:\WINDOWS\privacy_danger

C:\Documents and Settings\Fredrik\Desktop\Error Cleaner.url

C:\Documents and Settings\Fredrik\Desktop\Privacy Protector.url

C:\Documents and Settings\Fredrik\Desktop\Spyware&Malware Protection.url

C:\Documents and Settings\Fredrik\Favorites\Error Cleaner.url

C:\Documents and Settings\Fredrik\Favorites\Privacy Protector.url

C:\Documents and Settings\Fredrik\Favorites\Spyware&Malware Protection.url

jeg er hva man kaller en skikkelig NOOB på pc.. så hvis noen vet hva jeg skal gjøre så skriv gjerne detailjert

r2d290 · 6. mai 2008

Se det som positivt, ikke negativt, at SAS finner masse

edit: fortsett med en ny hijackthis-logg

Endret 6. mai 2008 av r2d290

Trulsz · 6. mai 2008

Jeg kjørte Superantispyware og dette er loggen:
Klikk for å se/fjerne innholdet nedenfor

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 05/06/2008 at 08:45 PM

Application Version : 4.0.1154

Core Rules Database Version : 3453

Trace Rules Database Version: 1445

Scan type : Complete Scan

Total Scan Time : 00:34:21

Memory items scanned : 554

Memory threats detected : 4

Registry items scanned : 6246

Registry threats detected : 123

File items scanned : 21782

File threats detected : 121

Adware.Vundo-Variant/J

C:\WINDOWS\TDOMGAFW.DLL

C:\WINDOWS\TDOMGAFW.DLL

C:\WINDOWS\WETKADMR.DLL

C:\WINDOWS\WETKADMR.DLL

Trojan.Unclassified/GTS

C:\WINDOWS\MKRNDOFL.DLL

C:\WINDOWS\MKRNDOFL.DLL

HKLM\Software\Microsoft\Internet Explorer\Toolbar#{091E4684-9A84-453B-A5AC-E82BCD2109E2}

HKCR\CLSID\{091E4684-9A84-453B-A5AC-E82BCD2109E2}

HKCR\CLSID\{091E4684-9A84-453B-A5AC-E82BCD2109E2}

HKCR\CLSID\{091E4684-9A84-453B-A5AC-E82BCD2109E2}\InprocServer32

HKCR\CLSID\{091E4684-9A84-453B-A5AC-E82BCD2109E2}\InprocServer32#ThreadingModel

HKCR\CLSID\{091E4684-9A84-453B-A5AC-E82BCD2109E2}\ProgID

HKCR\CLSID\{091E4684-9A84-453B-A5AC-E82BCD2109E2}\Programmable

HKCR\CLSID\{091E4684-9A84-453B-A5AC-E82BCD2109E2}\TypeLib

HKCR\CLSID\{091E4684-9A84-453B-A5AC-E82BCD2109E2}\VersionIndependentProgID

HKCR\mkrndofl.1

HKCR\mkrndofl

HKCR\TypeLib\{83D61EFC-B305-444C-8097-C6ADBBF10548}

HKCR\TypeLib\{83D61EFC-B305-444C-8097-C6ADBBF10548}\1.0

HKCR\TypeLib\{83D61EFC-B305-444C-8097-C6ADBBF10548}\1.0

HKCR\TypeLib\{83D61EFC-B305-444C-8097-C6ADBBF10548}\1.0\win32

HKCR\TypeLib\{83D61EFC-B305-444C-8097-C6ADBBF10548}\1.0\FLAGS

HKCR\TypeLib\{83D61EFC-B305-444C-8097-C6ADBBF10548}\1.0\HELPDIR

Adware.SXGAdvisor-A

C:\WINDOWS\QVLBODMNMLE.DLL

C:\WINDOWS\QVLBODMNMLE.DLL

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{40815A9A-BC7C-46D1-837D-A49ED3444F06}

HKCR\CLSID\{40815A9A-BC7C-46D1-837D-A49ED3444F06}

HKCR\CLSID\{40815A9A-BC7C-46D1-837D-A49ED3444F06}

HKCR\CLSID\{40815A9A-BC7C-46D1-837D-A49ED3444F06}\InprocServer32

HKCR\CLSID\{40815A9A-BC7C-46D1-837D-A49ED3444F06}\InprocServer32#ThreadingModel

HKCR\CLSID\{40815A9A-BC7C-46D1-837D-A49ED3444F06}\ProgID

HKCR\CLSID\{40815A9A-BC7C-46D1-837D-A49ED3444F06}\Programmable

HKCR\CLSID\{40815A9A-BC7C-46D1-837D-A49ED3444F06}\TypeLib

HKCR\CLSID\{40815A9A-BC7C-46D1-837D-A49ED3444F06}\VersionIndependentProgID

Adware.Tracking Cookie

C:\Documents and Settings\Fredrik\Cookies\[email protected][1].txt

C:\Documents and Settings\Fredrik\Cookies\[email protected][1].txt

C:\Documents and Settings\Fredrik\Cookies\fredrik@casalemedia[2].txt

C:\Documents and Settings\Fredrik\Cookies\[email protected][1].txt

C:\Documents and Settings\Fredrik\Cookies\fredrik@apmebf[1].txt

C:\Documents and Settings\Fredrik\Cookies\fredrik@atdmt[1].txt

C:\Documents and Settings\Fredrik\Cookies\fredrik@serving-sys[2].txt

C:\Documents and Settings\Fredrik\Cookies\fredrik@clickaider[1].txt

C:\Documents and Settings\Fredrik\Cookies\fredrik@mediaplex[1].txt

C:\Documents and Settings\Fredrik\Cookies\fredrik@advancedcleaner[1].txt

C:\Documents and Settings\Fredrik\Cookies\fredrik@fastclick[1].txt

C:\Documents and Settings\Fredrik\Cookies\fredrik@statcounter[2].txt

C:\Documents and Settings\Fredrik\Cookies\[email protected][2].txt

C:\Documents and Settings\Fredrik\Cookies\fredrik@clicksor[2].txt

C:\Documents and Settings\Fredrik\Cookies\fredrik@burstnet[1].txt

C:\Documents and Settings\Fredrik\Cookies\[email protected][1].txt

C:\Documents and Settings\Fredrik\Cookies\[email protected][2].txt

C:\Documents and Settings\Fredrik\Cookies\fredrik@kontera[1].txt

C:\Documents and Settings\Fredrik\Cookies\fredrik@tns-counter[2].txt

C:\Documents and Settings\Fredrik\Cookies\fredrik@imrworldwide[2].txt

C:\Documents and Settings\Fredrik\Cookies\fredrik@pornhub[1].txt

C:\Documents and Settings\Fredrik\Cookies\[email protected][3].txt

C:\Documents and Settings\Fredrik\Cookies\[email protected][1].txt

C:\Documents and Settings\Fredrik\Cookies\[email protected][2].txt

C:\Documents and Settings\Fredrik\Cookies\fredrik@nextag[1].txt

C:\Documents and Settings\Fredrik\Cookies\[email protected][2].txt

C:\Documents and Settings\Fredrik\Cookies\[email protected][2].txt

C:\Documents and Settings\Fredrik\Cookies\fredrik@overture[1].txt

C:\Documents and Settings\Fredrik\Cookies\fredrik@teenhitchhikers[1].txt

C:\Documents and Settings\Fredrik\Cookies\[email protected][1].txt

C:\Documents and Settings\Fredrik\Cookies\[email protected][1].txt

C:\Documents and Settings\Fredrik\Cookies\fredrik@doubleclick[2].txt

C:\Documents and Settings\Fredrik\Cookies\fredrik@smartadserver[1].txt

C:\Documents and Settings\Fredrik\Cookies\[email protected][1].txt

C:\Documents and Settings\Fredrik\Cookies\fredrik@2o7[2].txt

C:\Documents and Settings\Fredrik\Cookies\[email protected][1].txt

C:\Documents and Settings\Fredrik\Cookies\[email protected][1].txt

C:\Documents and Settings\Fredrik\Cookies\[email protected][1].txt

C:\Documents and Settings\Fredrik\Cookies\fredrik@questionmarket[2].txt

C:\Documents and Settings\Fredrik\Cookies\[email protected][2].txt

C:\Documents and Settings\Fredrik\Cookies\[email protected][2].txt

C:\Documents and Settings\Fredrik\Cookies\[email protected][2].txt

C:\Documents and Settings\Fredrik\Cookies\[email protected][2].txt

C:\Documents and Settings\Fredrik\Cookies\fredrik@tribalfusion[2].txt

C:\Documents and Settings\Fredrik\Cookies\fredrik@specificclick[2].txt

C:\Documents and Settings\Fredrik\Cookies\fredrik@revenue[2].txt

C:\Documents and Settings\Fredrik\Cookies\fredrik@adnetserver[1].txt

C:\Documents and Settings\Fredrik\Cookies\fredrik@advertising[2].txt

C:\Documents and Settings\Fredrik\Cookies\[email protected][1].txt

C:\Documents and Settings\Fredrik\Cookies\[email protected][1].txt

C:\Documents and Settings\Fredrik\Cookies\fredrik@tacoda[2].txt

C:\Documents and Settings\Fredrik\Cookies\fredrik@tradedoubler[1].txt

C:\Documents and Settings\Fredrik\Cookies\[email protected][1].txt

C:\Documents and Settings\Fredrik\Cookies\fredrik@xiti[2].txt

C:\Documents and Settings\Fredrik\Cookies\[email protected][1].txt

C:\Documents and Settings\Fredrik\Cookies\[email protected][1].txt

C:\Documents and Settings\Fredrik\Cookies\[email protected][3].txt

C:\Documents and Settings\Fredrik\Cookies\fredrik@freeporn[1].txt

C:\Documents and Settings\Fredrik\Cookies\fredrik@atwola[2].txt

C:\Documents and Settings\Fredrik\Cookies\fredrik@interclick[2].txt

C:\Documents and Settings\Fredrik\Cookies\[email protected][1].txt

C:\Documents and Settings\Fredrik\Cookies\[email protected][2].txt

C:\Documents and Settings\Fredrik\Cookies\fredrik@pro-market[2].txt

C:\Documents and Settings\Fredrik\Cookies\fredrik@antispywaremaster[1].txt

C:\Documents and Settings\Fredrik\Cookies\[email protected][2].txt

C:\Documents and Settings\Fredrik\Cookies\fredrik@gomyhit[3].txt

C:\Documents and Settings\Fredrik\Cookies\[email protected][2].txt

C:\Documents and Settings\Fredrik\Cookies\fredrik@gomyhit[4].txt

C:\Documents and Settings\Fredrik\Cookies\fredrik@adbrite[2].txt

C:\Documents and Settings\Fredrik\Cookies\fredrik@gomyhit[1].txt

C:\Documents and Settings\Fredrik\Cookies\fredrik@bravenet[1].txt

C:\Documents and Settings\Fredrik\Cookies\[email protected][2].txt

C:\Documents and Settings\Fredrik\Cookies\[email protected][3].txt

C:\Documents and Settings\Fredrik\Cookies\[email protected][4].txt

C:\Documents and Settings\Fredrik\Cookies\fredrik@revsci[2].txt

C:\Documents and Settings\Fredrik\Cookies\fredrik@insightexpressai[1].txt

C:\Documents and Settings\Fredrik\Cookies\[email protected][2].txt

C:\Documents and Settings\Fredrik\Cookies\fredrik@adtech[1].txt

C:\Documents and Settings\Fredrik\Cookies\fredrik@hothousemedia[1].txt

C:\Documents and Settings\Fredrik\Cookies\[email protected][2].txt

C:\Documents and Settings\Fredrik\Cookies\fredrik@freeporn[2].txt

C:\Documents and Settings\Fredrik\Cookies\[email protected][1].txt

C:\Documents and Settings\Fredrik\Cookies\[email protected][2].txt

C:\Documents and Settings\Fredrik\Cookies\[email protected][1].txt

C:\Documents and Settings\Fredrik\Cookies\[email protected][1].txt

C:\Documents and Settings\Fredrik\Cookies\[email protected][1].txt

C:\Documents and Settings\Fredrik\Cookies\[email protected][2].txt

C:\Documents and Settings\BEP\Cookies\bep@advertising[2].txt

C:\Documents and Settings\BEP\Cookies\[email protected][2].txt

C:\Documents and Settings\BEP\Cookies\[email protected][1].txt

C:\Documents and Settings\BEP\Cookies\bep@atdmt[2].txt

C:\Documents and Settings\BEP\Cookies\[email protected][2].txt

C:\Documents and Settings\BEP\Cookies\bep@casalemedia[1].txt

C:\Documents and Settings\BEP\Cookies\bep@doubleclick[1].txt

C:\Documents and Settings\BEP\Cookies\bep@imrworldwide[2].txt

C:\Documents and Settings\BEP\Cookies\bep@mediaplex[1].txt

C:\Documents and Settings\BEP\Cookies\[email protected][1].txt

C:\Documents and Settings\BEP\Cookies\[email protected][1].txt

C:\Documents and Settings\BEP\Cookies\bep@serving-sys[1].txt

C:\Documents and Settings\BEP\Cookies\[email protected][1].txt

C:\Documents and Settings\BEP\Cookies\[email protected][1].txt

C:\Documents and Settings\BEP\Cookies\bep@tradedoubler[1].txt

C:\Documents and Settings\BEP\Cookies\bep@tribalfusion[2].txt

Adware.WhenU

HKCR\ACM.ACMFactory

HKCR\ACM.ACMFactory\CLSID

HKCR\ACM.ACMFactory\CurVer

HKCR\ACM.ACMFactory.1

HKCR\ACM.ACMFactory.1\CLSID

HKCR\Interface\{572FB162-C0BA-4EDF-8CFF-E3846153B9B0}

HKCR\Interface\{572FB162-C0BA-4EDF-8CFF-E3846153B9B0}\ProxyStubClsid

HKCR\Interface\{572FB162-C0BA-4EDF-8CFF-E3846153B9B0}\ProxyStubClsid32

HKCR\Interface\{572FB162-C0BA-4EDF-8CFF-E3846153B9B0}\TypeLib

HKCR\Interface\{572FB162-C0BA-4EDF-8CFF-E3846153B9B0}\TypeLib#Version

HKCR\AppId\{127DF9B4-D75D-44A6-AF78-8C3A8CEB03DB}

HKCR\CLSID\{A9AAE1AB-9688-42C5-86F5-C12F6B9015AD}

HKCR\CLSID\{A9AAE1AB-9688-42C5-86F5-C12F6B9015AD}#AppID

HKCR\CLSID\{A9AAE1AB-9688-42C5-86F5-C12F6B9015AD}\InprocServer32

HKCR\CLSID\{A9AAE1AB-9688-42C5-86F5-C12F6B9015AD}\InprocServer32#ThreadingModel

HKCR\CLSID\{A9AAE1AB-9688-42C5-86F5-C12F6B9015AD}\ProgID

HKCR\CLSID\{A9AAE1AB-9688-42C5-86F5-C12F6B9015AD}\Programmable

HKCR\CLSID\{A9AAE1AB-9688-42C5-86F5-C12F6B9015AD}\TypeLib

HKCR\CLSID\{A9AAE1AB-9688-42C5-86F5-C12F6B9015AD}\VersionIndependentProgID

HKCR\AppId\ACM.DLL

HKCR\AppId\ACM.DLL#AppID

HKCR\TypeLib\{DF901432-1B9F-4F5B-9E56-301C553F9095}

HKCR\TypeLib\{DF901432-1B9F-4F5B-9E56-301C553F9095}\1.0

HKCR\TypeLib\{DF901432-1B9F-4F5B-9E56-301C553F9095}\1.0

HKCR\TypeLib\{DF901432-1B9F-4F5B-9E56-301C553F9095}\1.0\win32

HKCR\TypeLib\{DF901432-1B9F-4F5B-9E56-301C553F9095}\1.0\FLAGS

HKCR\TypeLib\{DF901432-1B9F-4F5B-9E56-301C553F9095}\1.0\HELPDIR

HKCR\Interface\{72A836D1-BC00-43C0-A941-17960E4FB842}

HKCR\Interface\{72A836D1-BC00-43C0-A941-17960E4FB842}\ProxyStubClsid

HKCR\Interface\{72A836D1-BC00-43C0-A941-17960E4FB842}\ProxyStubClsid32

HKCR\Interface\{72A836D1-BC00-43C0-A941-17960E4FB842}\TypeLib

HKCR\Interface\{72A836D1-BC00-43C0-A941-17960E4FB842}\TypeLib#Version

HKCR\Interface\{43382522-A846-46F4-AC57-1F71AE6E1086}

HKCR\Interface\{43382522-A846-46F4-AC57-1F71AE6E1086}\ProxyStubClsid

HKCR\Interface\{43382522-A846-46F4-AC57-1F71AE6E1086}\ProxyStubClsid32

HKCR\Interface\{43382522-A846-46F4-AC57-1F71AE6E1086}\TypeLib

HKCR\Interface\{43382522-A846-46F4-AC57-1F71AE6E1086}\TypeLib#Version

HKLM\Software\WhenUSave

HKLM\Software\WhenUSave#db_script_update

HKLM\Software\WhenUSave#InstallDir

HKLM\Software\WhenUSave#pats_url

HKLM\Software\WhenUSave#pat_chunks_url

HKLM\Software\WhenUSave#script_url

HKLM\Software\WhenUSave#update_url

HKLM\Software\WhenUSave#ver_url

HKLM\Software\WhenUSave#Version

HKLM\Software\WhenUSave#uninst_rs

HKLM\Software\WhenUSave#timedDBUpdate_rs

HKLM\Software\WhenUSave#SystemParam_rs

HKLM\Software\WhenUSave#extra_url

HKLM\Software\WhenUSave#extraver_url

HKLM\Software\WhenUSave#ziptomsa_url

HKLM\Software\WhenUSave#InstallTime

HKLM\Software\WhenUSave#LastPartner

HKLM\Software\WhenUSave#zip

HKLM\Software\WhenUSave#uninstall_cmd_rs

HKLM\Software\WhenUSave#acm_rs

HKLM\Software\WhenUSave#TotalPartner

HKLM\Software\WhenUSave#newuser_rs

HKLM\Software\WhenUSave#Partner

HKLM\Software\WhenUSave#PartnerB

HKLM\Software\WhenUSave#PartnerDesc

HKLM\Software\WhenUSave#PartnerParam

HKLM\Software\WhenUSave#FullDBTime

HKLM\Software\WhenUSave#TotalPopup

HKLM\Software\WhenUSave#HeartbeatTime

HKLM\Software\WhenUSave#HeartbeatCount

HKLM\Software\WhenUSave#brandskin_url

HKLM\Software\WhenUSave#brandstrip_rs

HKLM\Software\WhenUSave#brandstrip_url

HKLM\Software\WhenUSave#bstat_rs

HKLM\Software\WhenUSave#himp_url

HKLM\Software\WhenUSave#iptomsa_url

HKLM\Software\WhenUSave#maxPopups_rs

HKLM\Software\WhenUSave#redir3p_url

HKLM\Software\WhenUSave#src_url

HKLM\Software\WhenUSave#uninstalltag_rs

HKLM\Software\WhenUSave#db_stamp_rs

HKLM\Software\WhenUSave#db_server_update

HKLM\Software\WhenUSave#fword_rs

HKLM\Software\WhenUSave#MSA

HKLM\Software\WhenUSave#PartnerUTag

HKLM\Software\WhenUSave#IPToMsaTime_rs

HKLM\Software\WhenUSave\Partners

HKLM\Software\WhenUSave\Partners\WUSV

HKLM\Software\WhenUSave\Partners\WUSV#Partner

HKLM\Software\WhenUSave\Partners\WUSV#InstallTime

HKLM\Software\WhenUSave\Partners\WUSV#PartnerDesc

HKLM\Software\WhenUSave\Partners\WUSV#PartnerParam

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SaveNow

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SaveNow#DisplayIcon

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SaveNow#DisplayName

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SaveNow#DisplayVersion

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SaveNow#HelpLink

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SaveNow#Publisher

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SaveNow#UninstallString

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SaveNow#UrlInfoAbout

C:\PROGRAM FILES\DAEMON TOOLS\SETUPDTSB.EXE

Desktop Hijacker.AboutYourPrivacy

C:\WINDOWS\privacy_danger\images\capt.gif

C:\WINDOWS\privacy_danger\images\danger.jpg

C:\WINDOWS\privacy_danger\images\down.gif

C:\WINDOWS\privacy_danger\images\spacer.gif

C:\WINDOWS\privacy_danger\images

C:\WINDOWS\privacy_danger\index.htm

C:\WINDOWS\privacy_danger

C:\Documents and Settings\Fredrik\Desktop\Error Cleaner.url

C:\Documents and Settings\Fredrik\Desktop\Privacy Protector.url

C:\Documents and Settings\Fredrik\Desktop\Spyware&Malware Protection.url

C:\Documents and Settings\Fredrik\Favorites\Error Cleaner.url

C:\Documents and Settings\Fredrik\Favorites\Privacy Protector.url

C:\Documents and Settings\Fredrik\Favorites\Spyware&Malware Protection.url

jeg er hva man kaller en skikkelig NOOB på pc.. så hvis noen vet hva jeg skal gjøre så skriv gjerne detailjert

Den loggen kan umulig være bra?

Se det som positivt, ikke negativt, at SAS finner masse

er det noe mere jeg kan gjøre da?

det ser ut som at de ble borte;P

r2d290 · 6. mai 2008

Du fortsetter med en hijackthis-logg

Deretter lar du oss få se litt over loggene dine, og så får du en tilbakemelding så fort som mulig

Edit: post gjerne også en ny combofix-logg, så er også dén oppdatert etter SAS-scannen

Endret 6. mai 2008 av r2d290

Trulsz · 6. mai 2008

Hijackthis logg:

Klikk for å se/fjerne innholdet nedenfor

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 21:02:08, on 06.05.2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16640)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\userinit.exe

C:\WINDOWS\system32\PRISMSVR.EXE

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\WINDOWS\system32\CTsvcCDA.exe

C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe

C:\Program Files\Electronic Arts\Medal of Honor Airborne\UnrealEngine3\MOHAGame\pb\PnkBstrA.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\UAService7.exe

C:\WINDOWS\system32\MsPMSPSv.exe

C:\WINDOWS\Explorer.exe

C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe

C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe

C:\Program Files\Dell\Media Experience\PCMService.exe

C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe

C:\WINDOWS\system32\CTHELPER.EXE

C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe

C:\Program Files\DAEMON Tools\daemon.exe

C:\Program Files\D-Link\AirPlus G\AirGCFG.exe

C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

C:\Program Files\Messenger\msmsgs.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Dell Wireless\PRISMCFG.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Documents and Settings\Fredrik\Desktop\HiJackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.diskusjon.no/