Gå til innhold

Er denne loggen ok+gode gratis programmer?


Anbefalte innlegg

Sitter her på en litt treig maskin å skjekke for virus, så orker ikke bruke timesvis på å lete frem etter evt andre topicer der man kan poste logger.

Etter det jeg tror så har det ikke vært topp security på denne maskinen i det siste. Har jeg skannet igjennom hele maskinen?

 

Har dere noen gode gratis virusprogrammer som fjerne og holder borte virus?

 

 

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 17:54:47, on 10.06.2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16640)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\Programfiler\Lavasoft\Ad-Aware 2007\aawservice.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\Programfiler\Windows Live\Tryggere for familien\fssui.exe

C:\Programfiler\Java\jre1.6.0_06\bin\jusched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Programfiler\Windows Live\Messenger\MsnMsgr.Exe

C:\Programfiler\BitTorrent\bittorrent .exe

C:\WINDOWS\System32\PAStiSvc.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Programfiler\Windows Live\Messenger\usnsvc.exe

C:\Programfiler\BearShare Applications\BearShare\BearShare.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Programfiler\Mozilla Firefox\firefox.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Programfiler\Trend Micro\HijackThis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger

O2 - BHO: Windows Live OneCare Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Programfiler\Windows Live\Tryggere for familien\fssbho.dll

O2 - BHO: (no name) - {5AAF23D8-4489-43D8-A064-319D1254ABCA} - C:\WINDOWS\system32\wvutstr.dll (file missing)

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_06\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: (no name) - {7EC38BEC-6507-4F03-A05D-4BE9F3E0BFB0} - C:\WINDOWS\system32\mljgh.dll (file missing)

O2 - BHO: Påloggingshjelp for Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: (no name) - {A95B2816-1D7E-4561-A202-68C0DE02353A} - C:\WINDOWS\system32\ifmmsapt.dll (file missing)

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programfiler\google\googletoolbar1.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programfiler\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll

O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programfiler\Windows Live Toolbar\msntb.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programfiler\google\googletoolbar1.dll

O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programfiler\Windows Live Toolbar\msntb.dll

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [Windows Taskmanager] svchost.exe

O4 - HKLM\..\Run: [fssui] "C:\Programfiler\Windows Live\Tryggere for familien\fssui.exe" -autorun

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programfiler\Java\jre1.6.0_06\bin\jusched.exe"

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Programfiler\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [bitTorrent] "C:\Programfiler\BitTorrent\bittorrent .exe" --force_start_minimized

O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\NPSWF32_FlashUtil.exe -p

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETTVERKSTJENESTE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O8 - Extra context menu item: &Windows Live Search - res://C:\Programfiler\Windows Live Toolbar\msntb.dll/search.htm

O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Åpne i ny bakgrunnsflik - res://C:\Programfiler\Windows Live Toolbar\Components\nb-no\msntabres.dll.mui/229?849301a967d744fd993ffc51f0a86d90

O8 - Extra context menu item: Åpne i ny forgrunnsflik - res://C:\Programfiler\Windows Live Toolbar\Components\nb-no\msntabres.dll.mui/230?849301a967d744fd993ffc51f0a86d90

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_06\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_06\bin\ssv.dll

O9 - Extra button: Blogg dette - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programfiler\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Blogg dette i Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programfiler\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Oppslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe

O20 - Winlogon Notify: ifmmsapt - ifmmsapt.dll (file missing)

O20 - Winlogon Notify: wvutstr - wvutstr.dll (file missing)

O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Programfiler\Lavasoft\Ad-Aware 2007\aawservice.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Programfiler\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe

 

--

End of file - 6630 bytes

 

 

Lenke til kommentar
Videoannonse
Annonse

Hehe, det lille jeg leste lovet ikke bra :)

Hva må gjøres nå?

 

 

ComboFix 08-06-09.7 - Mats Nevland 2008-06-10 18:29:56.1 - NTFSx86

Running from: C:\Documents and Settings\Mats Nevland\Skrivebord\ComboFix.exe

 

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

 

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\Documents and Settings\All Users\Start-meny\Programmer\StorageProtector

C:\Documents and Settings\All Users\Start-meny\Programmer\StorageProtector\Contact Customer Service.lnk

C:\Documents and Settings\All Users\Start-meny\Programmer\StorageProtector\StorageProtector.lnk

C:\Documents and Settings\Mats Nevland\Programdata\storageprotector

C:\Documents and Settings\Mats Nevland\Programdata\storageprotector\Logs\update.log

C:\Programfiler\Fellesfiler\StorageProtector

C:\Programfiler\Fellesfiler\StorageProtector\strpmon .exe

C:\Programfiler\Fellesfiler\StorageProtector\strpmon .exe

C:\Programfiler\StorageProtector

C:\Programfiler\StorageProtector\atl71.dll

C:\Programfiler\StorageProtector\kernel.dll

C:\Programfiler\StorageProtector\License.rtf

C:\Programfiler\StorageProtector\mfc71.dll

C:\Programfiler\StorageProtector\msvcp71.dll

C:\Programfiler\StorageProtector\msvcr71.dll

C:\Programfiler\StorageProtector\Readme.rtf

C:\Programfiler\StorageProtector\Res\Main.ico

C:\Programfiler\StorageProtector\Res\RecycleBin.ico

C:\Programfiler\StorageProtector\rm.url

C:\Programfiler\StorageProtector\sr.log

C:\Programfiler\StorageProtector\swupd.log

C:\Programfiler\StorageProtector\SysRep .exe.Log

C:\Programfiler\StorageProtector\SysRep.exe.Log

C:\Programfiler\StorageProtector\SysRep.exe.xml

C:\Programfiler\StorageProtector\SysRep.url

C:\Programfiler\StorageProtector\transpaid.exe

C:\Programfiler\StorageProtector\unins000.dat

C:\Programfiler\StorageProtector\unins000.exe

C:\Programfiler\StorageProtector\urls.ini

C:\WINDOWS\BMcb4c0bea.xml

C:\WINDOWS\Downloaded Program Files\setup.inf

C:\WINDOWS\pskt.ini

C:\WINDOWS\svchost.exe

C:\WINDOWS\system32\afinipmn.dll

C:\WINDOWS\system32\amwrloko.dll

C:\WINDOWS\system32\boeopefv.ini

C:\WINDOWS\system32\bpehvbui.dll

C:\WINDOWS\system32\bptrksoj.dll

C:\WINDOWS\system32\bxytodxo.dll

C:\WINDOWS\system32\ccrllvkq.dll

C:\WINDOWS\system32\chocydir.ini

C:\WINDOWS\system32\cltwqffs.dll

C:\WINDOWS\system32\cqbcqebh.ini

C:\WINDOWS\system32\ctfmon.exe.tmp

C:\WINDOWS\system32\dakblxbg.dll

C:\WINDOWS\system32\ddcdbcb.dll

C:\WINDOWS\system32\ddgkpjri.dll

C:\WINDOWS\system32\deoicnaw.dll

C:\WINDOWS\system32\dftlqrcj.ini

C:\WINDOWS\system32\dgsrcmxu.dll

C:\WINDOWS\system32\difcgyub.ini

C:\WINDOWS\system32\dkfifaap.ini

C:\WINDOWS\system32\dofuwthm.dll

C:\WINDOWS\system32\dpelsftt.ini

C:\WINDOWS\system32\drxvanrt.dll

C:\WINDOWS\system32\dskfkukx.dll

C:\WINDOWS\system32\dwobrniw.dll

C:\WINDOWS\system32\dxtrcitc.dll

C:\WINDOWS\system32\dxwfwyeu.ini

C:\WINDOWS\system32\ebghpxnv.dll

C:\WINDOWS\system32\egpneuuk.dll

C:\WINDOWS\system32\ekhslqwj.dll

C:\WINDOWS\system32\eknebace.dll

C:\WINDOWS\system32\fcccaxu.dll

C:\WINDOWS\system32\fniamiwb.dll

C:\WINDOWS\system32\fskiqwys.dll

C:\WINDOWS\system32\fuidmgjr.dll

C:\WINDOWS\system32\gcrfgkub.dll

C:\WINDOWS\system32\gfgtcbmj.ini

C:\WINDOWS\system32\gigtbdsx.dll

C:\WINDOWS\system32\haijekfm.ini

C:\WINDOWS\system32\heqibbds.dll

C:\WINDOWS\system32\hgjlm.ini

C:\WINDOWS\system32\hgjlm.ini2

C:\WINDOWS\system32\hnpvqgfl.dll

C:\WINDOWS\system32\iaentnco.ini

C:\WINDOWS\system32\ihqowywy.dll

C:\WINDOWS\system32\iiffggg.dll

C:\WINDOWS\system32\iifgfgg.dll

C:\WINDOWS\system32\ilklssid.dll

C:\WINDOWS\system32\jgbdwtjx.dll

C:\WINDOWS\system32\jkkkkki.dll

C:\WINDOWS\system32\jxgpkceu.dll

C:\WINDOWS\system32\kffjiylm.dll

C:\WINDOWS\system32\ksvwgcya.ini

C:\WINDOWS\system32\kuuenpge.ini

C:\WINDOWS\system32\kydamvvu.ini

C:\WINDOWS\system32\lqgclogy.ini

C:\WINDOWS\system32\mcrh.tmp

C:\WINDOWS\system32\mgdmpljb.dll

C:\WINDOWS\system32\mhpbvhge.dll

C:\WINDOWS\system32\mhtwufod.ini

C:\WINDOWS\system32\miiidcbj.dll

C:\WINDOWS\system32\minjrfem.dll

C:\WINDOWS\system32\mtjabcno.dll

C:\WINDOWS\system32\nfoilmjc.ini

C:\WINDOWS\system32\ntjevspd.ini

C:\WINDOWS\system32\olqqrlfs.dll

C:\WINDOWS\system32\olvttvwl.ini

C:\WINDOWS\system32\omeiwksp.dll

C:\WINDOWS\system32\oncbajtm.ini

C:\WINDOWS\system32\pjmpvwia.ini

C:\WINDOWS\system32\plyrjoil.ini

C:\WINDOWS\system32\qbvarbay.ini

C:\WINDOWS\system32\qdlsdxvs.dll

C:\WINDOWS\system32\qomnkhh.dll

C:\WINDOWS\system32\qtnucxon.dll

C:\WINDOWS\system32\rrhrfxux.ini

C:\WINDOWS\system32\scpxcjgk.ini

C:\WINDOWS\system32\sffqwtlc.ini

C:\WINDOWS\system32\srcgovxr.dll

C:\WINDOWS\system32\tcewootm.dll

C:\WINDOWS\system32\tfpaaglh.dll

C:\WINDOWS\system32\tgjvsjbs.dll

C:\WINDOWS\system32\tkspucjo.ini

C:\WINDOWS\system32\tuvturo.dll

C:\WINDOWS\system32\tvigwedp.dll

C:\WINDOWS\system32\typsdkxm.dll

C:\WINDOWS\system32\uasrepgo.dll

C:\WINDOWS\system32\uaxcmnyq.ini

C:\WINDOWS\system32\ubdtnkfg.dll

C:\WINDOWS\system32\uiotfrik.dll

C:\WINDOWS\system32\uufqtqve.dll

C:\WINDOWS\system32\uywokptd.ini

C:\WINDOWS\system32\vmyuvheu.ini

C:\WINDOWS\system32\wancioed.ini

C:\WINDOWS\system32\wdhrudas.ini

C:\WINDOWS\system32\wilnkiju.dll

C:\WINDOWS\system32\wswyacis.ini

C:\WINDOWS\system32\wubimmef.dll

C:\WINDOWS\system32\wuwvfpbe.ini

C:\WINDOWS\system32\wvustro.dll

C:\WINDOWS\system32\wwjlivfj.ini

C:\WINDOWS\system32\xblwebxt.ini

C:\WINDOWS\system32\xcgkkrvt.ini

C:\WINDOWS\system32\xxyyvuu.dll

C:\WINDOWS\system32\yenmiqbc.ini

C:\WINDOWS\system32\ynqanmer.ini

C:\WINDOWS\system32\ynyautmt.dll

C:\WINDOWS\system32\yochnbsr.dll

C:\WINDOWS\system32\yxmoinnf.ini

 

.

((((((((((((((((((((((((( Files Created from 2008-05-10 to 2008-06-10 )))))))))))))))))))))))))))))))

.

 

2008-06-10 18:06 . 2008-06-10 18:05 102,664 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys

2008-06-10 18:05 . 2008-06-10 18:05 <DIR> d-------- C:\WINDOWS\Sun

2008-06-10 18:05 . 2008-06-10 18:07 <DIR> d-------- C:\Documents and Settings\Mats Nevland\.housecall6.6

2008-06-10 17:54 . 2008-06-10 18:02 <DIR> d-------- C:\Programfiler\Trend Micro

2008-05-30 07:19 . 2008-05-30 07:19 54,156 --ah----- C:\WINDOWS\QTFont.qfn

2008-05-30 07:19 . 2008-05-30 07:19 1,409 --a------ C:\WINDOWS\QTFont.for

2008-05-21 16:28 . 2008-05-21 16:28 <DIR> d-------- C:\Programfiler\Sun

2008-05-21 16:28 . 2008-05-21 16:32 <DIR> d-------- C:\Documents and Settings\Mats Nevland\Programdata\LimeWire

2008-05-21 16:28 . 2008-03-25 02:37 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl

2008-05-21 16:26 . 2008-05-21 16:27 <DIR> d-------- C:\Programfiler\Java

2008-05-21 16:26 . 2008-05-21 16:26 <DIR> d-------- C:\Programfiler\Fellesfiler\Java

2008-05-21 16:18 . 2008-05-21 16:24 <DIR> d-------- C:\Programfiler\LimeWire

2008-05-21 16:16 . 2008-05-21 16:16 <DIR> d-------- C:\Programfiler\MP3 Music Search

2008-05-18 23:28 . 2008-05-18 23:29 <DIR> d-------- C:\Documents and Settings\Mats Nevland\Programdata\fretsonfire

2008-05-18 22:50 . 2008-05-18 23:28 <DIR> d-------- C:\Programfiler\Frets on Fire

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-06-10 07:34 --------- d-----w C:\Documents and Settings\Mats Nevland\Programdata\BitTorrent

2008-05-22 13:20 --------- d-----w C:\Documents and Settings\Mats Nevland\Programdata\BearShare

2008-05-17 17:56 --------- d-----w C:\Programfiler\BearShare Applications

2008-05-09 20:15 --------- d-----w C:\Documents and Settings\Mats Nevland\Programdata\vlc

2008-05-09 20:14 --------- d-----w C:\Programfiler\VideoLAN

2008-04-26 21:55 230,432 ----a-w C:\StiImg.dat

2008-04-02 19:33 140,288 ----a-w C:\WINDOWS\~GLC0000.TMP

.

<pre>
----a-w			43,008 2008-03-13 11:34:54  C:\Programfiler\BitTorrent\bittorrent					.exe
----a-w		   401,920 2008-03-10 07:16:03  C:\Programfiler\BitTorrent\bittorrent				  .exe
----a-w		   401,920 2008-03-06 14:49:01  C:\Programfiler\BitTorrent\bittorrent				.exe
----a-w		   401,920 2008-03-04 14:25:11  C:\Programfiler\BitTorrent\bittorrent			   .exe
----a-w		   401,920 2008-02-28 23:14:18  C:\Programfiler\BitTorrent\bittorrent			  .exe
----a-w		   401,920 2008-02-27 21:32:38  C:\Programfiler\BitTorrent\bittorrent			 .exe
----a-w		   401,920 2008-02-24 11:30:45  C:\Programfiler\BitTorrent\bittorrent		  .exe
----a-w		   401,920 2008-02-19 17:34:33  C:\Programfiler\BitTorrent\bittorrent		 .exe
----a-w		   401,920 2008-02-13 02:13:02  C:\Programfiler\BitTorrent\bittorrent		.exe
----a-w		   401,920 2008-02-11 23:27:59  C:\Programfiler\BitTorrent\bittorrent	   .exe
----a-w		   401,920 2008-02-08 17:20:40  C:\Programfiler\BitTorrent\bittorrent	  .exe
----a-w		   401,920 2008-02-03 17:04:35  C:\Programfiler\BitTorrent\bittorrent	 .exe
----a-w		   401,920 2008-02-03 16:44:17  C:\Programfiler\BitTorrent\bittorrent	.exe
----a-w		   401,920 2008-01-29 15:49:43  C:\Programfiler\BitTorrent\bittorrent   .exe
----a-w		   401,920 2008-01-24 23:39:58  C:\Programfiler\BitTorrent\bittorrent .exe
----a-w			68,856 2008-03-13 11:34:59  C:\Programfiler\Google\GoogleToolbarNotifier\GoogleToolbarNotifier .exe
----a-w		 5,674,352 2008-03-13 11:35:28  C:\Programfiler\MSN Messenger\MsnMsgr .Exe
----a-w		   286,720 2008-03-13 11:34:25  C:\Programfiler\QuickTime\QTTask					.exe
----a-w		   652,288 2008-03-13 11:18:07  C:\Programfiler\QuickTime\QTTask				   .exe
----a-w		   652,288 2008-03-10 07:16:12  C:\Programfiler\QuickTime\QTTask				  .exe
----a-w		   652,288 2008-03-06 15:19:02  C:\Programfiler\QuickTime\QTTask				 .exe
----a-w		   652,288 2008-03-06 14:49:13  C:\Programfiler\QuickTime\QTTask				.exe
----a-w		   652,288 2008-03-04 14:25:20  C:\Programfiler\QuickTime\QTTask			   .exe
----a-w		   652,288 2008-02-28 23:14:25  C:\Programfiler\QuickTime\QTTask			  .exe
----a-w		   652,288 2008-02-27 21:32:47  C:\Programfiler\QuickTime\QTTask			 .exe
----a-w		   652,288 2008-02-26 21:18:51  C:\Programfiler\QuickTime\QTTask			.exe
----a-w		   652,288 2008-02-24 12:00:18  C:\Programfiler\QuickTime\QTTask		   .exe
----a-w		   652,288 2008-02-24 11:30:55  C:\Programfiler\QuickTime\QTTask		  .exe
----a-w		   652,288 2008-02-19 17:34:40  C:\Programfiler\QuickTime\QTTask		 .exe
----a-w		   652,288 2008-02-13 02:13:08  C:\Programfiler\QuickTime\QTTask		.exe
----a-w		   652,288 2008-02-11 23:28:05  C:\Programfiler\QuickTime\QTTask	   .exe
----a-w		   652,288 2008-02-08 17:20:49  C:\Programfiler\QuickTime\QTTask	  .exe
----a-w		   652,288 2008-02-03 17:04:48  C:\Programfiler\QuickTime\QTTask	 .exe
----a-w		   652,288 2008-02-03 16:44:30  C:\Programfiler\QuickTime\QTTask	.exe
----a-w		   652,288 2008-01-29 15:49:55  C:\Programfiler\QuickTime\QTTask   .exe
----a-w		   652,288 2008-01-25 21:07:08  C:\Programfiler\QuickTime\QTTask  .exe
----a-w		   652,288 2008-01-24 23:40:14  C:\Programfiler\QuickTime\QTTask .exe
----a-w			15,360 2008-03-10 07:16:44  C:\WINDOWS\system32\ctfmon .exe
----a-w		18,214,008 2008-02-13 02:15:02  C:\WINDOWS\system32\MRT .exe
</pre>

 

 

-- Snapshot reset to current date --

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4f3ed5cd-0726-42a9-87f5-d13f3d2976ac}]

2007-12-17 11:12 56360 --a------ C:\Programfiler\Windows Live\Tryggere for familien\fssbho.dll

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7EC38BEC-6507-4F03-A05D-4BE9F3E0BFB0}]

C:\WINDOWS\system32\mljgh.dll

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 14:00 15360]

"msnmsgr"="C:\Programfiler\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]

"BitTorrent"="C:\Programfiler\BitTorrent\bittorrent .exe" [2008-03-13 13:34 43008]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SoundMan"="SOUNDMAN.EXE" [2005-09-22 01:42 90112 C:\WINDOWS\soundman.exe]

"fssui"="C:\Programfiler\Windows Live\Tryggere for familien\fssui.exe" [2007-12-17 11:12 243240]

"SunJavaUpdateSched"="C:\Programfiler\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28 144784]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 14:00 15360]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ifmmsapt]

ifmmsapt.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wvutstr]

wvutstr.dll

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\Programfiler\\Messenger\\msmsgs.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"C:\\WINDOWS\\system32\\dpvsetup.exe"=

"C:\\Programfiler\\MSN Messenger\\MsnMsgr .Exe"=

"C:\\Programfiler\\Windows Live\\Messenger\\msnmsgr.exe"=

"C:\\Programfiler\\Windows Live\\Messenger\\livecall.exe"=

"C:\\Programfiler\\LimeWire\\LimeWire.exe"=

"C:\\Programfiler\\BitTorrent\\bittorrent .exe"=

 

R2 fssfltr;FssFltr;C:\WINDOWS\system32\DRIVERS\fssfltr.sys [2007-10-17 13:53]

R2 fsssvc;Windows Live OneCare Tryggere for familien;"C:\Programfiler\Windows Live\Tryggere for familien\fsssvc.exe" [2007-12-17 11:13]

R3 PAC207;Trust WB-1400T Webcam;C:\WINDOWS\system32\DRIVERS\pfc027.sys [2005-02-24 13:29]

 

.

Contents of the 'Scheduled Tasks' folder

"2008-06-09 14:00:21 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"

- C:\Programfiler\Apple Software Update\SoftwareUpdate.exe

"2008-06-10 15:56:01 C:\WINDOWS\Tasks\Se etter oppdateringer for Windows Live Toolbar.job"

- C:\Programfiler\Windows Live Toolbar\MSNTBUP.EXE

.

**************************************************************************

 

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-06-10 18:43:43

Windows 5.1.2600 Service Pack 2 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

.

------------------------ Other Running Processes ------------------------

.

C:\Programfiler\Lavasoft\Ad-Aware 2007\aawservice.exe

C:\WINDOWS\system32\PAStiSvc.exe

C:\WINDOWS\system32\Macromed\Flash\NPSWF32_FlashUtil.exe

C:\WINDOWS\system32\rundll32.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\system32\verclsid.exe

.

**************************************************************************

.

Completion time: 2008-06-10 18:46:04 - machine was rebooted

ComboFix-quarantined-files.txt 2008-06-10 16:45:58

 

Pre-Run: 103,129,288,704 byte ledig

Post-Run: 104,761,794,560 byte ledig

 

288 --- E O F --- 2008-05-18 21:14:07

 

 

Lenke til kommentar

Combofix slettet en masse infiserte filer.

 

Kopiere fet tekst under bildet->åpne notisblokk og lim inn.

Lagre på skrivebordet som CFScript.txt

Gjør som på bildet combofix vil starte,Post logg c:\combofix.txt

cfscriptyt1.gif

 

Registry::

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7EC38BEC-6507-4F03-A05D-4BE9F3E0BFB0}]

[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ifmmsapt]

[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wvutstr]

 

---

Last ned kjør CCleaner

'Valg'->'Avansert'. Fjern avkryssingen framfor: "bare slett midlertidige filer som er eldere enn 48 t.

Kjør register-renser og"svar ja til og reparere"

---

Last ned oppdatere og kjør full scan SAS free

Post loggen fra SAS (preferences->statistics/logs)

---

Restart

---

Lag en ny hijackthis logg.

Lenke til kommentar

Ok, here it comes

 

Log1: Loggen etter jeg kjørte den script fila i ComboFix

 

ComboFix 08-06-09.7 - Mats Nevland 2008-06-10 19:53:46.2 - NTFSx86

Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1044.18.140 [GMT 2:00]

Running from: C:\Documents and Settings\Mats Nevland\Skrivebord\ComboFix.exe

Command switches used :: C:\Documents and Settings\Mats Nevland\Skrivebord\CFScript.txt

* Created a new restore point

 

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

 

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\WINDOWS\system32\ifmmsapt.dllbox

 

.

((((((((((((((((((((((((( Files Created from 2008-05-10 to 2008-06-10 )))))))))))))))))))))))))))))))

.

 

2008-06-10 18:06 . 2008-06-10 18:05 102,664 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys

2008-06-10 18:05 . 2008-06-10 18:05 <DIR> d-------- C:\WINDOWS\Sun

2008-06-10 18:05 . 2008-06-10 18:07 <DIR> d-------- C:\Documents and Settings\Mats Nevland\.housecall6.6

2008-06-10 17:54 . 2008-06-10 18:02 <DIR> d-------- C:\Programfiler\Trend Micro

2008-05-30 07:19 . 2008-05-30 07:19 54,156 --ah----- C:\WINDOWS\QTFont.qfn

2008-05-30 07:19 . 2008-05-30 07:19 1,409 --a------ C:\WINDOWS\QTFont.for

2008-05-21 16:28 . 2008-05-21 16:28 <DIR> d-------- C:\Programfiler\Sun

2008-05-21 16:28 . 2008-05-21 16:32 <DIR> d-------- C:\Documents and Settings\Mats Nevland\Programdata\LimeWire

2008-05-21 16:28 . 2008-03-25 02:37 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl

2008-05-21 16:26 . 2008-05-21 16:27 <DIR> d-------- C:\Programfiler\Java

2008-05-21 16:26 . 2008-05-21 16:26 <DIR> d-------- C:\Programfiler\Fellesfiler\Java

2008-05-21 16:18 . 2008-05-21 16:24 <DIR> d-------- C:\Programfiler\LimeWire

2008-05-21 16:16 . 2008-05-21 16:16 <DIR> d-------- C:\Programfiler\MP3 Music Search

2008-05-18 23:28 . 2008-05-18 23:29 <DIR> d-------- C:\Documents and Settings\Mats Nevland\Programdata\fretsonfire

2008-05-18 22:50 . 2008-05-18 23:28 <DIR> d-------- C:\Programfiler\Frets on Fire

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-06-10 07:34 --------- d-----w C:\Documents and Settings\Mats Nevland\Programdata\BitTorrent

2008-05-22 13:20 --------- d-----w C:\Documents and Settings\Mats Nevland\Programdata\BearShare

2008-05-17 17:56 --------- d-----w C:\Programfiler\BearShare Applications

2008-05-09 20:15 --------- d-----w C:\Documents and Settings\Mats Nevland\Programdata\vlc

2008-05-09 20:14 --------- d-----w C:\Programfiler\VideoLAN

2008-04-26 21:55 230,432 ----a-w C:\StiImg.dat

2008-04-02 19:33 140,288 ----a-w C:\WINDOWS\~GLC0000.TMP

2008-03-25 04:51 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll

2008-03-25 04:51 166,688 ----a-w C:\WINDOWS\system32\msjint40.dll

2008-03-20 08:11 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys

2008-03-10 07:16 15,360 ----a-w C:\WINDOWS\system32\ctfmon .exe

.

<pre>
----a-w			43,008 2008-03-13 11:34:54  C:\Programfiler\BitTorrent\bittorrent					.exe
----a-w		   401,920 2008-03-10 07:16:03  C:\Programfiler\BitTorrent\bittorrent				  .exe
----a-w		   401,920 2008-03-06 14:49:01  C:\Programfiler\BitTorrent\bittorrent				.exe
----a-w		   401,920 2008-03-04 14:25:11  C:\Programfiler\BitTorrent\bittorrent			   .exe
----a-w		   401,920 2008-02-28 23:14:18  C:\Programfiler\BitTorrent\bittorrent			  .exe
----a-w		   401,920 2008-02-27 21:32:38  C:\Programfiler\BitTorrent\bittorrent			 .exe
----a-w		   401,920 2008-02-24 11:30:45  C:\Programfiler\BitTorrent\bittorrent		  .exe
----a-w		   401,920 2008-02-19 17:34:33  C:\Programfiler\BitTorrent\bittorrent		 .exe
----a-w		   401,920 2008-02-13 02:13:02  C:\Programfiler\BitTorrent\bittorrent		.exe
----a-w		   401,920 2008-02-11 23:27:59  C:\Programfiler\BitTorrent\bittorrent	   .exe
----a-w		   401,920 2008-02-08 17:20:40  C:\Programfiler\BitTorrent\bittorrent	  .exe
----a-w		   401,920 2008-02-03 17:04:35  C:\Programfiler\BitTorrent\bittorrent	 .exe
----a-w		   401,920 2008-02-03 16:44:17  C:\Programfiler\BitTorrent\bittorrent	.exe
----a-w		   401,920 2008-01-29 15:49:43  C:\Programfiler\BitTorrent\bittorrent   .exe
----a-w		   401,920 2008-01-24 23:39:58  C:\Programfiler\BitTorrent\bittorrent .exe
----a-w			68,856 2008-03-13 11:34:59  C:\Programfiler\Google\GoogleToolbarNotifier\GoogleToolbarNotifier .exe
----a-w		 5,674,352 2008-03-13 11:35:28  C:\Programfiler\MSN Messenger\MsnMsgr .Exe
----a-w		   286,720 2008-03-13 11:34:25  C:\Programfiler\QuickTime\QTTask					.exe
----a-w		   652,288 2008-03-13 11:18:07  C:\Programfiler\QuickTime\QTTask				   .exe
----a-w		   652,288 2008-03-10 07:16:12  C:\Programfiler\QuickTime\QTTask				  .exe
----a-w		   652,288 2008-03-06 15:19:02  C:\Programfiler\QuickTime\QTTask				 .exe
----a-w		   652,288 2008-03-06 14:49:13  C:\Programfiler\QuickTime\QTTask				.exe
----a-w		   652,288 2008-03-04 14:25:20  C:\Programfiler\QuickTime\QTTask			   .exe
----a-w		   652,288 2008-02-28 23:14:25  C:\Programfiler\QuickTime\QTTask			  .exe
----a-w		   652,288 2008-02-27 21:32:47  C:\Programfiler\QuickTime\QTTask			 .exe
----a-w		   652,288 2008-02-26 21:18:51  C:\Programfiler\QuickTime\QTTask			.exe
----a-w		   652,288 2008-02-24 12:00:18  C:\Programfiler\QuickTime\QTTask		   .exe
----a-w		   652,288 2008-02-24 11:30:55  C:\Programfiler\QuickTime\QTTask		  .exe
----a-w		   652,288 2008-02-19 17:34:40  C:\Programfiler\QuickTime\QTTask		 .exe
----a-w		   652,288 2008-02-13 02:13:08  C:\Programfiler\QuickTime\QTTask		.exe
----a-w		   652,288 2008-02-11 23:28:05  C:\Programfiler\QuickTime\QTTask	   .exe
----a-w		   652,288 2008-02-08 17:20:49  C:\Programfiler\QuickTime\QTTask	  .exe
----a-w		   652,288 2008-02-03 17:04:48  C:\Programfiler\QuickTime\QTTask	 .exe
----a-w		   652,288 2008-02-03 16:44:30  C:\Programfiler\QuickTime\QTTask	.exe
----a-w		   652,288 2008-01-29 15:49:55  C:\Programfiler\QuickTime\QTTask   .exe
----a-w		   652,288 2008-01-25 21:07:08  C:\Programfiler\QuickTime\QTTask  .exe
----a-w		   652,288 2008-01-24 23:40:14  C:\Programfiler\QuickTime\QTTask .exe
----a-w			15,360 2008-03-10 07:16:44  C:\WINDOWS\system32\ctfmon .exe
----a-w		18,214,008 2008-02-13 02:15:02  C:\WINDOWS\system32\MRT .exe
</pre>

 

 

-- Snapshot reset to current date --

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4f3ed5cd-0726-42a9-87f5-d13f3d2976ac}]

2007-12-17 11:12 56360 --a------ C:\Programfiler\Windows Live\Tryggere for familien\fssbho.dll

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 14:00 15360]

"msnmsgr"="C:\Programfiler\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]

"BitTorrent"="C:\Programfiler\BitTorrent\bittorrent .exe" [2008-03-13 13:34 43008]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SoundMan"="SOUNDMAN.EXE" [2005-09-22 01:42 90112 C:\WINDOWS\soundman.exe]

"fssui"="C:\Programfiler\Windows Live\Tryggere for familien\fssui.exe" [2007-12-17 11:12 243240]

"SunJavaUpdateSched"="C:\Programfiler\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28 144784]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 14:00 15360]

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\Programfiler\\Messenger\\msmsgs.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"C:\\WINDOWS\\system32\\dpvsetup.exe"=

"C:\\Programfiler\\MSN Messenger\\MsnMsgr .Exe"=

"C:\\Programfiler\\Windows Live\\Messenger\\msnmsgr.exe"=

"C:\\Programfiler\\Windows Live\\Messenger\\livecall.exe"=

"C:\\Programfiler\\LimeWire\\LimeWire.exe"=

"C:\\Programfiler\\BitTorrent\\bittorrent .exe"=

 

R2 fssfltr;FssFltr;C:\WINDOWS\system32\DRIVERS\fssfltr.sys [2007-10-17 13:53]

R2 fsssvc;Windows Live OneCare Tryggere for familien;"C:\Programfiler\Windows Live\Tryggere for familien\fsssvc.exe" [2007-12-17 11:13]

R3 PAC207;Trust WB-1400T Webcam;C:\WINDOWS\system32\DRIVERS\pfc027.sys [2005-02-24 13:29]

 

.

Contents of the 'Scheduled Tasks' folder

"2008-06-09 14:00:21 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"

- C:\Programfiler\Apple Software Update\SoftwareUpdate.exe

"2008-06-10 17:56:00 C:\WINDOWS\Tasks\Se etter oppdateringer for Windows Live Toolbar.job"

- C:\Programfiler\Windows Live Toolbar\MSNTBUP.EXE

.

**************************************************************************

 

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-06-10 19:55:19

Windows 5.1.2600 Service Pack 2 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

.

Completion time: 2008-06-10 19:56:14

ComboFix-quarantined-files.txt 2008-06-10 17:56:04

ComboFix2.txt 2008-06-10 16:46:05

 

Pre-Run: 106,689,138,688 byte ledig

Post-Run: 106,682,339,328 byte ledig

 

139 --- E O F --- 2008-05-18 21:14:07

 

 

 

SAS log:

 

SUPERAntiSpyware Scan Log

http://www.superantispyware.com

 

Generated 06/10/2008 at 08:32 PM

 

Application Version : 4.15.1000

 

Core Rules Database Version : 3478

Trace Rules Database Version: 1469

 

Scan type : Complete Scan

Total Scan Time : 00:29:41

 

Memory items scanned : 364

Memory threats detected : 0

Registry items scanned : 4567

Registry threats detected : 5

File items scanned : 12071

File threats detected : 217

 

Adware.Tracking Cookie

C:\Documents and Settings\Mats Nevland\Cookies\mats nevland@please[2].txt

C:\Documents and Settings\Mats Nevland\Cookies\mats_nevland@tradedoubler[3].txt

C:\Documents and Settings\Mats Nevland\Cookies\[email protected][1].txt

C:\Documents and Settings\Mats Nevland\Cookies\mats nevland@atwola[1].txt

C:\Documents and Settings\Mats Nevland\Cookies\mats_nevland@2o7[2].txt

C:\Documents and Settings\Mats Nevland\Cookies\mats_nevland@imrworldwide[1].txt

C:\Documents and Settings\Mats Nevland\Cookies\[email protected][2].txt

C:\Documents and Settings\Mats Nevland\Cookies\[email protected][1].txt

C:\Documents and Settings\Mats Nevland\Cookies\mats nevland@drivecleaner[1].txt

C:\Documents and Settings\Mats Nevland\Cookies\mats [email protected][1].txt

C:\Documents and Settings\Mats Nevland\Cookies\mats_nevland@atdmt[3].txt

C:\Documents and Settings\Mats Nevland\Cookies\mats_nevland@zedo[1].txt

C:\Documents and Settings\Mats Nevland\Cookies\mats_nevland@statcounter[1].txt

C:\Documents and Settings\Mats Nevland\Cookies\mats nevland@adnetserver[1].txt

C:\Documents and Settings\Mats Nevland\Cookies\mats_nevland@interclick[1].txt

C:\Documents and Settings\Mats Nevland\Cookies\mats [email protected][1].txt

C:\Documents and Settings\Mats Nevland\Cookies\mats nevland@crackle[2].txt

C:\Documents and Settings\Mats Nevland\Cookies\mats_nevland@serving-sys[2].txt

C:\Documents and Settings\Mats Nevland\Cookies\mats_nevland@statsgod[2].txt

C:\Documents and Settings\Mats Nevland\Cookies\[email protected][2].txt

C:\Documents and Settings\Mats Nevland\Cookies\mats_nevland@doubleclick[1].txt

C:\Documents and Settings\Mats Nevland\Cookies\mats_nevland@mediaplex[1].txt

C:\Documents and Settings\Mats Nevland\Cookies\mats_nevland@fastclick[1].txt

C:\Documents and Settings\Mats Nevland\Cookies\mats [email protected][1].txt

C:\Documents and Settings\Mats Nevland\Cookies\[email protected][1].txt

C:\Documents and Settings\Mats Nevland\Cookies\mats nevland@xiti[1].txt

C:\Documents and Settings\Mats Nevland\Cookies\[email protected][2].txt

C:\Documents and Settings\Mats Nevland\Cookies\[email protected][2].txt

C:\Documents and Settings\Mats Nevland\Cookies\mats nevland@clickaider[1].txt

C:\Documents and Settings\Mats Nevland\Cookies\[email protected][2].txt

C:\Documents and Settings\Mats Nevland\Cookies\[email protected][2].txt

C:\Documents and Settings\Mats Nevland\Cookies\mats_nevland@advertising[1].txt

C:\Documents and Settings\Mats Nevland\Cookies\mats_nevland@apmebf[1].txt

C:\Documents and Settings\Mats Nevland\Cookies\mats_nevland@adtech[1].txt

C:\Documents and Settings\Mats Nevland\Cookies\mats [email protected][1].txt

C:\Documents and Settings\Mats Nevland\Cookies\mats nevland@statcounter[2].txt

C:\Documents and Settings\Mats Nevland\Cookies\mats [email protected][3].txt

C:\Documents and Settings\Mats Nevland\Cookies\mats [email protected][1].txt

C:\Documents and Settings\Mats Nevland\Cookies\mats [email protected][2].txt

C:\Documents and Settings\Mats Nevland\Cookies\mats [email protected][1].txt

C:\Documents and Settings\Mats Nevland\Cookies\mats_nevland@atdmt[2].txt

C:\Documents and Settings\Mats Nevland\Cookies\mats nevland@adultadworld[2].txt

C:\Documents and Settings\Mats Nevland\Cookies\mats [email protected][1].txt

C:\Documents and Settings\Mats Nevland\Cookies\mats [email protected][1].txt

C:\Documents and Settings\Mats Nevland\Cookies\mats [email protected][1].txt

C:\Documents and Settings\Mats Nevland\Cookies\mats nevland@apmebf[1].txt

C:\Documents and Settings\Mats Nevland\Cookies\mats nevland@2o7[1].txt

C:\Documents and Settings\Mats Nevland\Cookies\mats nevland@adtech[2].txt

C:\Documents and Settings\Mats Nevland\Cookies\mats [email protected][2].txt

C:\Documents and Settings\Mats Nevland\Cookies\mats nevland@casalemedia[2].txt

C:\Documents and Settings\Mats Nevland\Cookies\mats nevland@realmedia[1].txt

C:\Documents and Settings\Mats Nevland\Cookies\mats [email protected][1].txt

C:\Documents and Settings\Mats Nevland\Cookies\mats [email protected][1].txt

C:\Documents and Settings\Mats Nevland\Cookies\mats nevland@dealtime[2].txt

C:\Documents and Settings\Mats Nevland\Cookies\mats [email protected][1].txt

C:\Documents and Settings\Mats Nevland\Cookies\mats [email protected][1].txt

C:\Documents and Settings\Mats Nevland\Cookies\mats nevland@bravenet[1].txt

C:\Documents and Settings\Mats Nevland\Cookies\mats nevland@partypoker[1].txt

C:\Documents and Settings\Mats Nevland\Cookies\mats nevland@serving-sys[1].txt

C:\Documents and Settings\Mats Nevland\Cookies\mats nevland@cassava[1].txt

C:\Documents and Settings\Mats Nevland\Cookies\mats nevland@kontera[2].txt

C:\Documents and Settings\Mats Nevland\Cookies\mats nevland@revenue[1].txt

C:\Documents and Settings\Mats Nevland\Cookies\mats nevland@overture[1].txt

C:\Documents and Settings\Mats Nevland\Cookies\mats nevland@yadro[2].txt

C:\Documents and Settings\Mats Nevland\Cookies\mats nevland@questionmarket[2].txt

C:\Documents and Settings\Mats Nevland\Cookies\mats [email protected][1].txt

C:\Documents and Settings\Mats Nevland\Cookies\mats nevland@adrevolver[1].txt

C:\Documents and Settings\Mats Nevland\Cookies\mats nevland@specificclick[2].txt

C:\Documents and Settings\Mats Nevland\Cookies\[email protected][1].txt

C:\Documents and Settings\Mats Nevland\Cookies\mats [email protected][1].txt

C:\Documents and Settings\Mats Nevland\Cookies\mats nevland@zedo[1].txt

C:\Documents and Settings\Mats Nevland\Cookies\mats nevland@tacoda[1].txt

C:\Documents and Settings\Mats Nevland\Cookies\mats [email protected][1].txt

C:\Documents and Settings\Mats Nevland\Cookies\mats [email protected][2].txt

C:\Documents and Settings\Mats Nevland\Cookies\mats nevland@clicktorrent[2].txt

C:\Documents and Settings\Mats Nevland\Cookies\mats nevland@burstnet[2].txt

C:\Documents and Settings\Mats Nevland\Cookies\mats [email protected][2].txt

C:\Documents and Settings\Mats Nevland\Cookies\mats nevland@enhance[2].txt

C:\Documents and Settings\Mats Nevland\Cookies\mats nevland@hitbox[1].txt

C:\Documents and Settings\Mats Nevland\Cookies\mats_nevland@tradedoubler[1].txt

C:\Documents and Settings\Mats Nevland\Cookies\mats nevland@adbrite[1].txt

C:\Documents and Settings\Mats Nevland\Cookies\mats [email protected][2].txt

C:\Documents and Settings\Mats Nevland\Cookies\mats [email protected][2].txt

C:\Documents and Settings\Mats Nevland\Cookies\mats [email protected][1].txt

C:\Documents and Settings\Mats Nevland\Cookies\mats [email protected][1].txt

.adtech.de [ C:\Documents and Settings\Mats Nevland\Programdata\Mozilla\Firefox\Profiles\fhnjvhp6.default\cookies.txt ]

track.adform.net [ C:\Documents and Settings\Mats Nevland\Programdata\Mozilla\Firefox\Profiles\fhnjvhp6.default\cookies.txt ]

track.adform.net [ C:\Documents and Settings\Mats Nevland\Programdata\Mozilla\Firefox\Profiles\fhnjvhp6.default\cookies.txt ]

track.adform.net [ C:\Documents and Settings\Mats Nevland\Programdata\Mozilla\Firefox\Profiles\fhnjvhp6.default\cookies.txt ]

track.adform.net [ C:\Documents and Settings\Mats Nevland\Programdata\Mozilla\Firefox\Profiles\fhnjvhp6.default\cookies.txt ]

track.adform.net [ C:\Documents and Settings\Mats Nevland\Programdata\Mozilla\Firefox\Profiles\fhnjvhp6.default\cookies.txt ]

track.adform.net [ C:\Documents and Settings\Mats Nevland\Programdata\Mozilla\Firefox\Profiles\fhnjvhp6.default\cookies.txt ]

track.adform.net [ C:\Documents and Settings\Mats Nevland\Programdata\Mozilla\Firefox\Profiles\fhnjvhp6.default\cookies.txt ]

.tradedoubler.com [ C:\Documents and Settings\Mats Nevland\Programdata\Mozilla\Firefox\Profiles\fhnjvhp6.default\cookies.txt ]

.tradedoubler.com [ C:\Documents and Settings\Mats Nevland\Programdata\Mozilla\Firefox\Profiles\fhnjvhp6.default\cookies.txt ]

statse.webtrendslive.com [ C:\Documents and Settings\Mats Nevland\Programdata\Mozilla\Firefox\Profiles\fhnjvhp6.default\cookies.txt ]

.mediaplex.com [ C:\Documents and Settings\Mats Nevland\Programdata\Mozilla\Firefox\Profiles\fhnjvhp6.default\cookies.txt ]

.bs.serving-sys.com [ C:\Documents and Settings\Mats Nevland\Programdata\Mozilla\Firefox\Profiles\fhnjvhp6.default\cookies.txt ]

.serving-sys.com [ C:\Documents and Settings\Mats Nevland\Programdata\Mozilla\Firefox\Profiles\fhnjvhp6.default\cookies.txt ]

.serving-sys.com [ C:\Documents and Settings\Mats Nevland\Programdata\Mozilla\Firefox\Profiles\fhnjvhp6.default\cookies.txt ]

.serving-sys.com [ C:\Documents and Settings\Mats Nevland\Programdata\Mozilla\Firefox\Profiles\fhnjvhp6.default\cookies.txt ]

.serving-sys.com [ C:\Documents and Settings\Mats Nevland\Programdata\Mozilla\Firefox\Profiles\fhnjvhp6.default\cookies.txt ]

.serving-sys.com [ C:\Documents and Settings\Mats Nevland\Programdata\Mozilla\Firefox\Profiles\fhnjvhp6.default\cookies.txt ]

.serving-sys.com [ C:\Documents and Settings\Mats Nevland\Programdata\Mozilla\Firefox\Profiles\fhnjvhp6.default\cookies.txt ]

.doubleclick.net [ C:\Documents and Settings\Mats Nevland\Programdata\Mozilla\Firefox\Profiles\fhnjvhp6.default\cookies.txt ]

.siba.112.2o7.net [ C:\Documents and Settings\Mats Nevland\Programdata\Mozilla\Firefox\Profiles\fhnjvhp6.default\cookies.txt ]

.indextools.com [ C:\Documents and Settings\Mats Nevland\Programdata\Mozilla\Firefox\Profiles\fhnjvhp6.default\cookies.txt ]

.elkjop.112.2o7.net [ C:\Documents and Settings\Mats Nevland\Programdata\Mozilla\Firefox\Profiles\fhnjvhp6.default\cookies.txt ]

.sonyeurope.112.2o7.net [ C:\Documents and Settings\Mats Nevland\Programdata\Mozilla\Firefox\Profiles\fhnjvhp6.default\cookies.txt ]

.revsci.net [ C:\Documents and Settings\Mats Nevland\Programdata\Mozilla\Firefox\Profiles\fhnjvhp6.default\cookies.txt ]

.revsci.net [ C:\Documents and Settings\Mats Nevland\Programdata\Mozilla\Firefox\Profiles\fhnjvhp6.default\cookies.txt ]

.revsci.net [ C:\Documents and Settings\Mats Nevland\Programdata\Mozilla\Firefox\Profiles\fhnjvhp6.default\cookies.txt ]

.revsci.net [ C:\Documents and Settings\Mats Nevland\Programdata\Mozilla\Firefox\Profiles\fhnjvhp6.default\cookies.txt ]

.revsci.net [ C:\Documents and Settings\Mats Nevland\Programdata\Mozilla\Firefox\Profiles\fhnjvhp6.default\cookies.txt ]

.revsci.net [ C:\Documents and Settings\Mats Nevland\Programdata\Mozilla\Firefox\Profiles\fhnjvhp6.default\cookies.txt ]

.atdmt.com [ C:\Documents and Settings\Mats Nevland\Programdata\Mozilla\Firefox\Profiles\fhnjvhp6.default\cookies.txt ]

ad.yieldmanager.com [ C:\Documents and Settings\Mats Nevland\Programdata\Mozilla\Firefox\Profiles\fhnjvhp6.default\cookies.txt ]

ad.yieldmanager.com [ C:\Documents and Settings\Mats Nevland\Programdata\Mozilla\Firefox\Profiles\fhnjvhp6.default\cookies.txt ]

ad.yieldmanager.com [ C:\Documents and Settings\Mats Nevland\Programdata\Mozilla\Firefox\Profiles\fhnjvhp6.default\cookies.txt ]

ad.yieldmanager.com [ C:\Documents and Settings\Mats Nevland\Programdata\Mozilla\Firefox\Profiles\fhnjvhp6.default\cookies.txt ]

ad.yieldmanager.com [ C:\Documents and Settings\Mats Nevland\Programdata\Mozilla\Firefox\Profiles\fhnjvhp6.default\cookies.txt ]

ad.yieldmanager.com [ C:\Documents and Settings\Mats Nevland\Programdata\Mozilla\Firefox\Profiles\fhnjvhp6.default\cookies.txt ]

.zedo.com [ C:\Documents and Settings\Mats Nevland\Programdata\Mozilla\Firefox\Profiles\fhnjvhp6.default\cookies.txt ]

.zedo.com [ C:\Documents and Settings\Mats Nevland\Programdata\Mozilla\Firefox\Profiles\fhnjvhp6.default\cookies.txt ]

.zedo.com [ C:\Documents and Settings\Mats Nevland\Programdata\Mozilla\Firefox\Profiles\fhnjvhp6.default\cookies.txt ]

.zedo.com [ C:\Documents and Settings\Mats Nevland\Programdata\Mozilla\Firefox\Profiles\fhnjvhp6.default\cookies.txt ]

.zedo.com [ C:\Documents and Settings\Mats Nevland\Programdata\Mozilla\Firefox\Profiles\fhnjvhp6.default\cookies.txt ]

.adbrite.com [ C:\Documents and Settings\Mats Nevland\Programdata\Mozilla\Firefox\Profiles\fhnjvhp6.default\cookies.txt ]

.adbrite.com [ C:\Documents and Settings\Mats Nevland\Programdata\Mozilla\Firefox\Profiles\fhnjvhp6.default\cookies.txt ]

.partygaming.122.2o7.net [ C:\Documents and Settings\Mats Nevland\Programdata\Mozilla\Firefox\Profiles\fhnjvhp6.default\cookies.txt ]

.partypoker.com [ C:\Documents and Settings\Mats Nevland\Programdata\Mozilla\Firefox\Profiles\fhnjvhp6.default\cookies.txt ]

.partypoker.com [ C:\Documents and Settings\Mats Nevland\Programdata\Mozilla\Firefox\Profiles\fhnjvhp6.default\cookies.txt ]

.partypoker.com [ C:\Documents and Settings\Mats Nevland\Programdata\Mozilla\Firefox\Profiles\fhnjvhp6.default\cookies.txt ]

.partypoker.com [ C:\Documents and Settings\Mats Nevland\Programdata\Mozilla\Firefox\Profiles\fhnjvhp6.default\cookies.txt ]

ad1.clickhype.com [ C:\Documents and Settings\Mats Nevland\Programdata\Mozilla\Firefox\Profiles\fhnjvhp6.default\cookies.txt ]

.tribalfusion.com [ C:\Documents and Settings\Mats Nevland\Programdata\Mozilla\Firefox\Profiles\fhnjvhp6.default\cookies.txt ]

.webcount.finn.no [ C:\Documents and Settings\Mats Nevland\Programdata\Mozilla\Firefox\Profiles\fhnjvhp6.default\cookies.txt ]

.specificclick.net [ C:\Documents and Settings\Mats Nevland\Programdata\Mozilla\Firefox\Profiles\fhnjvhp6.default\cookies.txt ]

.specificclick.net [ C:\Documents and Settings\Mats Nevland\Programdata\Mozilla\Firefox\Profiles\fhnjvhp6.default\cookies.txt ]

.specificclick.net [ C:\Documents and Settings\Mats Nevland\Programdata\Mozilla\Firefox\Profiles\fhnjvhp6.default\cookies.txt ]

.specificclick.net [ C:\Documents and Settings\Mats Nevland\Programdata\Mozilla\Firefox\Profiles\fhnjvhp6.default\cookies.txt ]

.adultfriendfinder.com [ C:\Documents and Settings\Mats Nevland\Programdata\Mozilla\Firefox\Profiles\fhnjvhp6.default\cookies.txt ]

.adultfriendfinder.com [ C:\Documents and Settings\Mats Nevland\Programdata\Mozilla\Firefox\Profiles\fhnjvhp6.default\cookies.txt ]

.adultfriendfinder.com [ C:\Documents and Settings\Mats Nevland\Programdata\Mozilla\Firefox\Profiles\fhnjvhp6.default\cookies.txt ]

.adultfriendfinder.com [ C:\Documents and Settings\Mats Nevland\Programdata\Mozilla\Firefox\Profiles\fhnjvhp6.default\cookies.txt ]

.statcounter.com [ C:\Documents and Settings\Mats Nevland\Programdata\Mozilla\Firefox\Profiles\fhnjvhp6.default\cookies.txt ]

.statcounter.com [ C:\Documents and Settings\Mats Nevland\Programdata\Mozilla\Firefox\Profiles\fhnjvhp6.default\cookies.txt ]

.statcounter.com [ C:\Documents and Settings\Mats Nevland\Programdata\Mozilla\Firefox\Profiles\fhnjvhp6.default\cookies.txt ]

.statcounter.com [ C:\Documents and Settings\Mats Nevland\Programdata\Mozilla\Firefox\Profiles\fhnjvhp6.default\cookies.txt ]

.statcounter.com [ C:\Documents and Settings\Mats Nevland\Programdata\Mozilla\Firefox\Profiles\fhnjvhp6.default\cookies.txt ]

.imrworldwide.com [ C:\Documents and Settings\Mats Nevland\Programdata\Mozilla\Firefox\Profiles\fhnjvhp6.default\cookies.txt ]

.imrworldwide.com [ C:\Documents and Settings\Mats Nevland\Programdata\Mozilla\Firefox\Profiles\fhnjvhp6.default\cookies.txt ]

.stat.katalysatormedia.no [ C:\Documents and Settings\Mats Nevland\Programdata\Mozilla\Firefox\Profiles\fhnjvhp6.default\cookies.txt ]

mediamgr.ugo.com [ C:\Documents and Settings\Mats Nevland\Programdata\Mozilla\Firefox\Profiles\fhnjvhp6.default\cookies.txt ]

.casalemedia.com [ C:\Documents and Settings\Mats Nevland\Programdata\Mozilla\Firefox\Profiles\fhnjvhp6.default\cookies.txt ]

.casalemedia.com [ C:\Documents and Settings\Mats Nevland\Programdata\Mozilla\Firefox\Profiles\fhnjvhp6.default\cookies.txt ]

.casalemedia.com [ C:\Documents and Settings\Mats Nevland\Programdata\Mozilla\Firefox\Profiles\fhnjvhp6.default\cookies.txt ]

.casalemedia.com [ C:\Documents and Settings\Mats Nevland\Programdata\Mozilla\Firefox\Profiles\fhnjvhp6.default\cookies.txt ]

.estat.com [ C:\Documents and Settings\Mats Nevland\Programdata\Mozilla\Firefox\Profiles\fhnjvhp6.default\cookies.txt ]

.msnportal.112.2o7.net [ C:\Documents and Settings\Mats Nevland\Programdata\Mozilla\Firefox\Profiles\fhnjvhp6.default\cookies.txt ]

.telenor.112.2o7.net [ C:\Documents and Settings\Mats Nevland\Programdata\Mozilla\Firefox\Profiles\fhnjvhp6.default\cookies.txt ]

statse.webtrendslive.com [ C:\Documents and Settings\Mats Nevland\Programdata\Mozilla\Firefox\Profiles\fhnjvhp6.default\cookies.txt ]

statse.webtrendslive.com [ C:\Documents and Settings\Mats Nevland\Programdata\Mozilla\Firefox\Profiles\fhnjvhp6.default\cookies.txt ]

findexa.adbureau.net [ C:\Documents and Settings\Mats Nevland\Programdata\Mozilla\Firefox\Profiles\fhnjvhp6.default\cookies.txt ]

.adrevolver.com [ C:\Documents and Settings\Mats Nevland\Programdata\Mozilla\Firefox\Profiles\fhnjvhp6.default\cookies.txt ]

.adrevolver.com [ C:\Documents and Settings\Mats Nevland\Programdata\Mozilla\Firefox\Profiles\fhnjvhp6.default\cookies.txt ]

media.adrevolver.com [ C:\Documents and Settings\Mats Nevland\Programdata\Mozilla\Firefox\Profiles\fhnjvhp6.default\cookies.txt ]

media.adrevolver.com [ C:\Documents and Settings\Mats Nevland\Programdata\Mozilla\Firefox\Profiles\fhnjvhp6.default\cookies.txt ]

media.adrevolver.com [ C:\Documents and Settings\Mats Nevland\Programdata\Mozilla\Firefox\Profiles\fhnjvhp6.default\cookies.txt ]

media.adrevolver.com [ C:\Documents and Settings\Mats Nevland\Programdata\Mozilla\Firefox\Profiles\fhnjvhp6.default\cookies.txt ]

.adrevolver.com [ C:\Documents and Settings\Mats Nevland\Programdata\Mozilla\Firefox\Profiles\fhnjvhp6.default\cookies.txt ]

.adrevolver.com [ C:\Documents and Settings\Mats Nevland\Programdata\Mozilla\Firefox\Profiles\fhnjvhp6.default\cookies.txt ]

.adrevolver.com [ C:\Documents and Settings\Mats Nevland\Programdata\Mozilla\Firefox\Profiles\fhnjvhp6.default\cookies.txt ]

.adrevolver.com [ C:\Documents and Settings\Mats Nevland\Programdata\Mozilla\Firefox\Profiles\fhnjvhp6.default\cookies.txt ]

.advertising.com [ C:\Documents and Settings\Mats Nevland\Programdata\Mozilla\Firefox\Profiles\fhnjvhp6.default\cookies.txt ]

.advertising.com [ C:\Documents and Settings\Mats Nevland\Programdata\Mozilla\Firefox\Profiles\fhnjvhp6.default\cookies.txt ]

.advertising.com [ C:\Documents and Settings\Mats Nevland\Programdata\Mozilla\Firefox\Profiles\fhnjvhp6.default\cookies.txt ]

.advertising.com [ C:\Documents and Settings\Mats Nevland\Programdata\Mozilla\Firefox\Profiles\fhnjvhp6.default\cookies.txt ]

.toplist.cz [ C:\Documents and Settings\Mats Nevland\Programdata\Mozilla\Firefox\Profiles\fhnjvhp6.default\cookies.txt ]

.overture.com [ C:\Documents and Settings\Mats Nevland\Programdata\Mozilla\Firefox\Profiles\fhnjvhp6.default\cookies.txt ]

.insightexpressai.com [ C:\Documents and Settings\Mats Nevland\Programdata\Mozilla\Firefox\Profiles\fhnjvhp6.default\cookies.txt ]

view.atdmt.com [ C:\Documents and Settings\Mats Nevland\Programdata\Mozilla\Firefox\Profiles\fhnjvhp6.default\cookies.txt ]

.insightexpressai.com [ C:\Documents and Settings\Mats Nevland\Programdata\Mozilla\Firefox\Profiles\fhnjvhp6.default\cookies.txt ]

.insightexpressai.com [ C:\Documents and Settings\Mats Nevland\Programdata\Mozilla\Firefox\Profiles\fhnjvhp6.default\cookies.txt ]

.insightexpressai.com [ C:\Documents and Settings\Mats Nevland\Programdata\Mozilla\Firefox\Profiles\fhnjvhp6.default\cookies.txt ]

.insightexpressai.com [ C:\Documents and Settings\Mats Nevland\Programdata\Mozilla\Firefox\Profiles\fhnjvhp6.default\cookies.txt ]

.insightexpressai.com [ C:\Documents and Settings\Mats Nevland\Programdata\Mozilla\Firefox\Profiles\fhnjvhp6.default\cookies.txt ]

.insightexpressai.com [ C:\Documents and Settings\Mats Nevland\Programdata\Mozilla\Firefox\Profiles\fhnjvhp6.default\cookies.txt ]

ads3.blastro.com [ C:\Documents and Settings\Mats Nevland\Programdata\Mozilla\Firefox\Profiles\fhnjvhp6.default\cookies.txt ]

ads4.blastro.com [ C:\Documents and Settings\Mats Nevland\Programdata\Mozilla\Firefox\Profiles\fhnjvhp6.default\cookies.txt ]

ads4.blastro.com [ C:\Documents and Settings\Mats Nevland\Programdata\Mozilla\Firefox\Profiles\fhnjvhp6.default\cookies.txt ]

.clicktorrent.info [ C:\Documents and Settings\Mats Nevland\Programdata\Mozilla\Firefox\Profiles\fhnjvhp6.default\cookies.txt ]

clicktorrent.info [ C:\Documents and Settings\Mats Nevland\Programdata\Mozilla\Firefox\Profiles\fhnjvhp6.default\cookies.txt ]

clicktorrent.info [ C:\Documents and Settings\Mats Nevland\Programdata\Mozilla\Firefox\Profiles\fhnjvhp6.default\cookies.txt ]

clicktorrent.info [ C:\Documents and Settings\Mats Nevland\Programdata\Mozilla\Firefox\Profiles\fhnjvhp6.default\cookies.txt ]

clicktorrent.info [ C:\Documents and Settings\Mats Nevland\Programdata\Mozilla\Firefox\Profiles\fhnjvhp6.default\cookies.txt ]

clicktorrent.info [ C:\Documents and Settings\Mats Nevland\Programdata\Mozilla\Firefox\Profiles\fhnjvhp6.default\cookies.txt ]

clicktorrent.info [ C:\Documents and Settings\Mats Nevland\Programdata\Mozilla\Firefox\Profiles\fhnjvhp6.default\cookies.txt ]

clicktorrent.info [ C:\Documents and Settings\Mats Nevland\Programdata\Mozilla\Firefox\Profiles\fhnjvhp6.default\cookies.txt ]

.clicktorrent.info [ C:\Documents and Settings\Mats Nevland\Programdata\Mozilla\Firefox\Profiles\fhnjvhp6.default\cookies.txt ]

clicktorrent.info [ C:\Documents and Settings\Mats Nevland\Programdata\Mozilla\Firefox\Profiles\fhnjvhp6.default\cookies.txt ]

.clicktorrent.info [ C:\Documents and Settings\Mats Nevland\Programdata\Mozilla\Firefox\Profiles\fhnjvhp6.default\cookies.txt ]

.clicktorrent.info [ C:\Documents and Settings\Mats Nevland\Programdata\Mozilla\Firefox\Profiles\fhnjvhp6.default\cookies.txt ]

.clicktorrent.info [ C:\Documents and Settings\Mats Nevland\Programdata\Mozilla\Firefox\Profiles\fhnjvhp6.default\cookies.txt ]

.clicktorrent.info [ C:\Documents and Settings\Mats Nevland\Programdata\Mozilla\Firefox\Profiles\fhnjvhp6.default\cookies.txt ]

.clicktorrent.info [ C:\Documents and Settings\Mats Nevland\Programdata\Mozilla\Firefox\Profiles\fhnjvhp6.default\cookies.txt ]

.clicktorrent.info [ C:\Documents and Settings\Mats Nevland\Programdata\Mozilla\Firefox\Profiles\fhnjvhp6.default\cookies.txt ]

.clicktorrent.info [ C:\Documents and Settings\Mats Nevland\Programdata\Mozilla\Firefox\Profiles\fhnjvhp6.default\cookies.txt ]

.clicktorrent.info [ C:\Documents and Settings\Mats Nevland\Programdata\Mozilla\Firefox\Profiles\fhnjvhp6.default\cookies.txt ]

.clicktorrent.info [ C:\Documents and Settings\Mats Nevland\Programdata\Mozilla\Firefox\Profiles\fhnjvhp6.default\cookies.txt ]

.clicktorrent.info [ C:\Documents and Settings\Mats Nevland\Programdata\Mozilla\Firefox\Profiles\fhnjvhp6.default\cookies.txt ]

.clicktorrent.info [ C:\Documents and Settings\Mats Nevland\Programdata\Mozilla\Firefox\Profiles\fhnjvhp6.default\cookies.txt ]

.clicktorrent.info [ C:\Documents and Settings\Mats Nevland\Programdata\Mozilla\Firefox\Profiles\fhnjvhp6.default\cookies.txt ]

.clicktorrent.info [ C:\Documents and Settings\Mats Nevland\Programdata\Mozilla\Firefox\Profiles\fhnjvhp6.default\cookies.txt ]

.windowsmedia.com [ C:\Documents and Settings\Mats Nevland\Programdata\Mozilla\Firefox\Profiles\fhnjvhp6.default\cookies.txt ]

.pro-market.net [ C:\Documents and Settings\Mats Nevland\Programdata\Mozilla\Firefox\Profiles\fhnjvhp6.default\cookies.txt ]

.pro-market.net [ C:\Documents and Settings\Mats Nevland\Programdata\Mozilla\Firefox\Profiles\fhnjvhp6.default\cookies.txt ]

.pro-market.net [ C:\Documents and Settings\Mats Nevland\Programdata\Mozilla\Firefox\Profiles\fhnjvhp6.default\cookies.txt ]

.microsoftgamestudio.112.2o7.net [ C:\Documents and Settings\Mats Nevland\Programdata\Mozilla\Firefox\Profiles\fhnjvhp6.default\cookies.txt ]

.fastclick.net [ C:\Documents and Settings\Mats Nevland\Programdata\Mozilla\Firefox\Profiles\fhnjvhp6.default\cookies.txt ]

.fastclick.net [ C:\Documents and Settings\Mats Nevland\Programdata\Mozilla\Firefox\Profiles\fhnjvhp6.default\cookies.txt ]

.blinck.112.2o7.net [ C:\Documents and Settings\Mats Nevland\Programdata\Mozilla\Firefox\Profiles\fhnjvhp6.default\cookies.txt ]

ad1.emediate.dk [ C:\Documents and Settings\Mats Nevland\Programdata\Mozilla\Firefox\Profiles\fhnjvhp6.default\cookies.txt ]

.bravenet.com [ C:\Documents and Settings\Mats Nevland\Programdata\Mozilla\Firefox\Profiles\fhnjvhp6.default\cookies.txt ]

.bravenet.com [ C:\Documents and Settings\Mats Nevland\Programdata\Mozilla\Firefox\Profiles\fhnjvhp6.default\cookies.txt ]

.saxotech.122.2o7.net [ C:\Documents and Settings\Mats Nevland\Programdata\Mozilla\Firefox\Profiles\fhnjvhp6.default\cookies.txt ]

.adserver.adtechus.com [ C:\Documents and Settings\Mats Nevland\Programdata\Mozilla\Firefox\Profiles\fhnjvhp6.default\cookies.txt ]

.indexstats.com [ C:\Documents and Settings\Mats Nevland\Programdata\Mozilla\Firefox\Profiles\fhnjvhp6.default\cookies.txt ]

.indexstats.com [ C:\Documents and Settings\Mats Nevland\Programdata\Mozilla\Firefox\Profiles\fhnjvhp6.default\cookies.txt ]

media.vlzserver.com [ C:\Documents and Settings\Mats Nevland\Programdata\Mozilla\Firefox\Profiles\fhnjvhp6.default\cookies.txt ]

media.vlzserver.com [ C:\Documents and Settings\Mats Nevland\Programdata\Mozilla\Firefox\Profiles\fhnjvhp6.default\cookies.txt ]

.interclick.com [ C:\Documents and Settings\Mats Nevland\Programdata\Mozilla\Firefox\Profiles\fhnjvhp6.default\cookies.txt ]

.interclick.com [ C:\Documents and Settings\Mats Nevland\Programdata\Mozilla\Firefox\Profiles\fhnjvhp6.default\cookies.txt ]

.interclick.com [ C:\Documents and Settings\Mats Nevland\Programdata\Mozilla\Firefox\Profiles\fhnjvhp6.default\cookies.txt ]

.hitbox.com [ C:\Documents and Settings\Mats Nevland\Programdata\Mozilla\Firefox\Profiles\fhnjvhp6.default\cookies.txt ]

.ehg-vcbs.hitbox.com [ C:\Documents and Settings\Mats Nevland\Programdata\Mozilla\Firefox\Profiles\fhnjvhp6.default\cookies.txt ]

.banners.victor.com [ C:\Documents and Settings\Mats Nevland\Programdata\Mozilla\Firefox\Profiles\fhnjvhp6.default\cookies.txt ]

date.ventivmedia.com [ C:\Documents and Settings\Mats Nevland\Programdata\Mozilla\Firefox\Profiles\fhnjvhp6.default\cookies.txt ]

date.ventivmedia.com [ C:\Documents and Settings\Mats Nevland\Programdata\Mozilla\Firefox\Profiles\fhnjvhp6.default\cookies.txt ]

date.ventivmedia.com [ C:\Documents and Settings\Mats Nevland\Programdata\Mozilla\Firefox\Profiles\fhnjvhp6.default\cookies.txt ]

date.ventivmedia.com [ C:\Documents and Settings\Mats Nevland\Programdata\Mozilla\Firefox\Profiles\fhnjvhp6.default\cookies.txt ]

date.ventivmedia.com [ C:\Documents and Settings\Mats Nevland\Programdata\Mozilla\Firefox\Profiles\fhnjvhp6.default\cookies.txt ]

date.ventivmedia.com [ C:\Documents and Settings\Mats Nevland\Programdata\Mozilla\Firefox\Profiles\fhnjvhp6.default\cookies.txt ]

date.ventivmedia.com [ C:\Documents and Settings\Mats Nevland\Programdata\Mozilla\Firefox\Profiles\fhnjvhp6.default\cookies.txt ]

servedby.adxpower.com [ C:\Documents and Settings\Mats Nevland\Programdata\Mozilla\Firefox\Profiles\fhnjvhp6.default\cookies.txt ]

ad.zanox.com [ C:\Documents and Settings\Mats Nevland\Programdata\Mozilla\Firefox\Profiles\fhnjvhp6.default\cookies.txt ]

.adopt.euroclick.com [ C:\Documents and Settings\Mats Nevland\Programdata\Mozilla\Firefox\Profiles\fhnjvhp6.default\cookies.txt ]

.questionmarket.com [ C:\Documents and Settings\Mats Nevland\Programdata\Mozilla\Firefox\Profiles\fhnjvhp6.default\cookies.txt ]

.questionmarket.com [ C:\Documents and Settings\Mats Nevland\Programdata\Mozilla\Firefox\Profiles\fhnjvhp6.default\cookies.txt ]

.pornhub.com [ C:\Documents and Settings\Mats Nevland\Programdata\Mozilla\Firefox\Profiles\fhnjvhp6.default\cookies.txt ]

.pornhub.com [ C:\Documents and Settings\Mats Nevland\Programdata\Mozilla\Firefox\Profiles\fhnjvhp6.default\cookies.txt ]

.sexdating.no [ C:\Documents and Settings\Mats Nevland\Programdata\Mozilla\Firefox\Profiles\fhnjvhp6.default\cookies.txt ]

.sexdating.no [ C:\Documents and Settings\Mats Nevland\Programdata\Mozilla\Firefox\Profiles\fhnjvhp6.default\cookies.txt ]

.adserver.easyad.info [ C:\Documents and Settings\Mats Nevland\Programdata\Mozilla\Firefox\Profiles\fhnjvhp6.default\cookies.txt ]

stat.onestat.com [ C:\Documents and Settings\Mats Nevland\Programdata\Mozilla\Firefox\Profiles\fhnjvhp6.default\cookies.txt ]

stat.onestat.com [ C:\Documents and Settings\Mats Nevland\Programdata\Mozilla\Firefox\Profiles\fhnjvhp6.default\cookies.txt ]

.adnetserver.com [ C:\Documents and Settings\Mats Nevland\Programdata\Mozilla\Firefox\Profiles\fhnjvhp6.default\cookies.txt ]

.apmebf.com [ C:\Documents and Settings\Mats Nevland\Programdata\Mozilla\Firefox\Profiles\fhnjvhp6.default\cookies.txt ]

.edge.ru4.com [ C:\Documents and Settings\Mats Nevland\Programdata\Mozilla\Firefox\Profiles\fhnjvhp6.default\cookies.txt ]

.antispywaresuite.com [ C:\Documents and Settings\Mats Nevland\Programdata\Mozilla\Firefox\Profiles\fhnjvhp6.default\cookies.txt ]

.antispywaresuite.com [ C:\Documents and Settings\Mats Nevland\Programdata\Mozilla\Firefox\Profiles\fhnjvhp6.default\cookies.txt ]

.antispywaresuite.com [ C:\Documents and Settings\Mats Nevland\Programdata\Mozilla\Firefox\Profiles\fhnjvhp6.default\cookies.txt ]

.antispywaresuite.com [ C:\Documents and Settings\Mats Nevland\Programdata\Mozilla\Firefox\Profiles\fhnjvhp6.default\cookies.txt ]

.antispywaresuite.com [ C:\Documents and Settings\Mats Nevland\Programdata\Mozilla\Firefox\Profiles\fhnjvhp6.default\cookies.txt ]

.antispywaresuite.com [ C:\Documents and Settings\Mats Nevland\Programdata\Mozilla\Firefox\Profiles\fhnjvhp6.default\cookies.txt ]

.antispywaresuite.com [ C:\Documents and Settings\Mats Nevland\Programdata\Mozilla\Firefox\Profiles\fhnjvhp6.default\cookies.txt ]

.antispywaresuite.com [ C:\Documents and Settings\Mats Nevland\Programdata\Mozilla\Firefox\Profiles\fhnjvhp6.default\cookies.txt ]

.antispywaresuite.com [ C:\Documents and Settings\Mats Nevland\Programdata\Mozilla\Firefox\Profiles\fhnjvhp6.default\cookies.txt ]

.antispywaresuite.com [ C:\Documents and Settings\Mats Nevland\Programdata\Mozilla\Firefox\Profiles\fhnjvhp6.default\cookies.txt ]

.antispywaresuite.com [ C:\Documents and Settings\Mats Nevland\Programdata\Mozilla\Firefox\Profiles\fhnjvhp6.default\cookies.txt ]

.antispywaresuite.com [ C:\Documents and Settings\Mats Nevland\Programdata\Mozilla\Firefox\Profiles\fhnjvhp6.default\cookies.txt ]

.avsystemcare.com [ C:\Documents and Settings\Mats Nevland\Programdata\Mozilla\Firefox\Profiles\fhnjvhp6.default\cookies.txt ]

.nextag.com [ C:\Documents and Settings\Mats Nevland\Programdata\Mozilla\Firefox\Profiles\fhnjvhp6.default\cookies.txt ]

.nextag.com [ C:\Documents and Settings\Mats Nevland\Programdata\Mozilla\Firefox\Profiles\fhnjvhp6.default\cookies.txt ]

.nextag.com [ C:\Documents and Settings\Mats Nevland\Programdata\Mozilla\Firefox\Profiles\fhnjvhp6.default\cookies.txt ]

.trustedantivirus.com [ C:\Documents and Settings\Mats Nevland\Programdata\Mozilla\Firefox\Profiles\fhnjvhp6.default\cookies.txt ]

.trustedantivirus.com [ C:\Documents and Settings\Mats Nevland\Programdata\Mozilla\Firefox\Profiles\fhnjvhp6.default\cookies.txt ]

.e2.emediate.se [ C:\Documents and Settings\Mats Nevland\Programdata\Mozilla\Firefox\Profiles\fhnjvhp6.default\cookies.txt ]

.e2.emediate.se [ C:\Documents and Settings\Mats Nevland\Programdata\Mozilla\Firefox\Profiles\fhnjvhp6.default\cookies.txt ]

www.3dstats.com [ C:\Documents and Settings\Mats Nevland\Programdata\Mozilla\Firefox\Profiles\fhnjvhp6.default\cookies.txt ]

.xiti.com [ C:\Documents and Settings\Mats Nevland\Programdata\Mozilla\Firefox\Profiles\fhnjvhp6.default\cookies.txt ]

 

Malware.LocusSoftware Inc/PCPrivacyTool

HKLM\Software\Purchased Products

HKLM\Software\Purchased Products\System Error Repair

HKLM\Software\Purchased Products\System Error Repair#domain

HKLM\Software\Purchased Products\System Error Repair#pname

HKLM\Software\Purchased Products\System Error Repair#cname

 

Rogue.LocusSoftware-Installer

C:\DOCUMENTS AND SETTINGS\MATS NEVLAND\SKRIVEBORD\DIV\SETUP_EN.EXE

 

BearShare File Sharing Client

C:\PROGRAMFILER\BEARSHARE APPLICATIONS\BEARSHARE\BEARSHARE.EXE

C:\WINDOWS\Prefetch\BEARSHARE.EXE-194E0F13.pf

 

Trojan.Vundo/Variant-Installer

C:\PROGRAMFILER\BITTORRENT\BITTORRENT .EXE

C:\PROGRAMFILER\BITTORRENT\BITTORRENT .EXE

C:\PROGRAMFILER\BITTORRENT\BITTORRENT .EXE

C:\PROGRAMFILER\BITTORRENT\BITTORRENT .EXE

C:\PROGRAMFILER\BITTORRENT\BITTORRENT .EXE

C:\PROGRAMFILER\BITTORRENT\BITTORRENT .EXE

C:\PROGRAMFILER\BITTORRENT\BITTORRENT .EXE

C:\PROGRAMFILER\BITTORRENT\BITTORRENT .EXE

C:\PROGRAMFILER\BITTORRENT\BITTORRENT .EXE

C:\PROGRAMFILER\BITTORRENT\BITTORRENT .EXE

C:\PROGRAMFILER\BITTORRENT\BITTORRENT .EXE

C:\PROGRAMFILER\BITTORRENT\BITTORRENT .EXE

C:\PROGRAMFILER\BITTORRENT\BITTORRENT .EXE

C:\PROGRAMFILER\BITTORRENT\BITTORRENT .EXE

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B5A23315-9474-4112-8DCE-8D60BCCB252D}\RP228\A0027896.EXE

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B5A23315-9474-4112-8DCE-8D60BCCB252D}\RP228\A0027898.EXE

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B5A23315-9474-4112-8DCE-8D60BCCB252D}\RP228\A0027906.EXE

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B5A23315-9474-4112-8DCE-8D60BCCB252D}\RP228\A0027907.EXE

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B5A23315-9474-4112-8DCE-8D60BCCB252D}\RP228\A0027908.EXE

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B5A23315-9474-4112-8DCE-8D60BCCB252D}\RP228\A0027909.EXE

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B5A23315-9474-4112-8DCE-8D60BCCB252D}\RP228\A0027910.EXE

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B5A23315-9474-4112-8DCE-8D60BCCB252D}\RP228\A0027911.EXE

 

Trojan.Vundo/Variant-Installer/A

C:\PROGRAMFILER\QUICKTIME\QTTASK .EXE

C:\PROGRAMFILER\QUICKTIME\QTTASK .EXE

C:\PROGRAMFILER\QUICKTIME\QTTASK .EXE

C:\PROGRAMFILER\QUICKTIME\QTTASK .EXE

C:\PROGRAMFILER\QUICKTIME\QTTASK .EXE

C:\PROGRAMFILER\QUICKTIME\QTTASK .EXE

C:\PROGRAMFILER\QUICKTIME\QTTASK .EXE

C:\PROGRAMFILER\QUICKTIME\QTTASK .EXE

C:\PROGRAMFILER\QUICKTIME\QTTASK .EXE

C:\PROGRAMFILER\QUICKTIME\QTTASK .EXE

C:\PROGRAMFILER\QUICKTIME\QTTASK .EXE

C:\PROGRAMFILER\QUICKTIME\QTTASK .EXE

C:\PROGRAMFILER\QUICKTIME\QTTASK .EXE

C:\PROGRAMFILER\QUICKTIME\QTTASK .EXE

C:\PROGRAMFILER\QUICKTIME\QTTASK .EXE

C:\PROGRAMFILER\QUICKTIME\QTTASK .EXE

C:\PROGRAMFILER\QUICKTIME\QTTASK .EXE

C:\PROGRAMFILER\QUICKTIME\QTTASK .EXE

C:\PROGRAMFILER\QUICKTIME\QTTASK .EXE

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B5A23315-9474-4112-8DCE-8D60BCCB252D}\RP227\A0027879.EXE

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B5A23315-9474-4112-8DCE-8D60BCCB252D}\RP227\A0027882.EXE

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B5A23315-9474-4112-8DCE-8D60BCCB252D}\RP227\A0027883.EXE

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B5A23315-9474-4112-8DCE-8D60BCCB252D}\RP228\A0027899.EXE

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B5A23315-9474-4112-8DCE-8D60BCCB252D}\RP228\A0027900.EXE

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B5A23315-9474-4112-8DCE-8D60BCCB252D}\RP228\A0027902.EXE

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B5A23315-9474-4112-8DCE-8D60BCCB252D}\RP228\A0027903.EXE

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B5A23315-9474-4112-8DCE-8D60BCCB252D}\RP228\A0027904.EXE

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B5A23315-9474-4112-8DCE-8D60BCCB252D}\RP228\A0027905.EXE

 

Adware.Vundo-Variant/Small-A

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B5A23315-9474-4112-8DCE-8D60BCCB252D}\RP227\A0027870.DLL

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B5A23315-9474-4112-8DCE-8D60BCCB252D}\RP227\A0027871.DLL

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B5A23315-9474-4112-8DCE-8D60BCCB252D}\RP227\A0027872.DLL

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B5A23315-9474-4112-8DCE-8D60BCCB252D}\RP228\A0027918.DLL

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B5A23315-9474-4112-8DCE-8D60BCCB252D}\RP258\A0030062.DLL

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B5A23315-9474-4112-8DCE-8D60BCCB252D}\RP258\A0030163.DLL

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B5A23315-9474-4112-8DCE-8D60BCCB252D}\RP321\A0038638.DLL

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B5A23315-9474-4112-8DCE-8D60BCCB252D}\RP321\A0038621.DLL

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B5A23315-9474-4112-8DCE-8D60BCCB252D}\RP321\A0038624.DLL

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B5A23315-9474-4112-8DCE-8D60BCCB252D}\RP321\A0038625.DLL

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B5A23315-9474-4112-8DCE-8D60BCCB252D}\RP321\A0038626.DLL

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B5A23315-9474-4112-8DCE-8D60BCCB252D}\RP321\A0038627.DLL

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B5A23315-9474-4112-8DCE-8D60BCCB252D}\RP321\A0038630.DLL

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B5A23315-9474-4112-8DCE-8D60BCCB252D}\RP321\A0038631.DLL

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B5A23315-9474-4112-8DCE-8D60BCCB252D}\RP321\A0038632.DLL

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B5A23315-9474-4112-8DCE-8D60BCCB252D}\RP321\A0038634.DLL

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B5A23315-9474-4112-8DCE-8D60BCCB252D}\RP321\A0038636.DLL

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B5A23315-9474-4112-8DCE-8D60BCCB252D}\RP321\A0038637.DLL

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B5A23315-9474-4112-8DCE-8D60BCCB252D}\RP321\A0038656.DLL

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B5A23315-9474-4112-8DCE-8D60BCCB252D}\RP321\A0038639.DLL

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B5A23315-9474-4112-8DCE-8D60BCCB252D}\RP321\A0038640.DLL

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B5A23315-9474-4112-8DCE-8D60BCCB252D}\RP321\A0038644.DLL

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B5A23315-9474-4112-8DCE-8D60BCCB252D}\RP321\A0038645.DLL

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B5A23315-9474-4112-8DCE-8D60BCCB252D}\RP321\A0038647.DLL

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B5A23315-9474-4112-8DCE-8D60BCCB252D}\RP321\A0038648.DLL

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B5A23315-9474-4112-8DCE-8D60BCCB252D}\RP321\A0038649.DLL

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B5A23315-9474-4112-8DCE-8D60BCCB252D}\RP321\A0038652.DLL

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B5A23315-9474-4112-8DCE-8D60BCCB252D}\RP321\A0038653.DLL

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B5A23315-9474-4112-8DCE-8D60BCCB252D}\RP321\A0038655.DLL

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B5A23315-9474-4112-8DCE-8D60BCCB252D}\RP321\A0038674.DLL

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B5A23315-9474-4112-8DCE-8D60BCCB252D}\RP321\A0038657.DLL

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B5A23315-9474-4112-8DCE-8D60BCCB252D}\RP321\A0038658.DLL

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B5A23315-9474-4112-8DCE-8D60BCCB252D}\RP321\A0038659.DLL

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B5A23315-9474-4112-8DCE-8D60BCCB252D}\RP321\A0038661.DLL

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B5A23315-9474-4112-8DCE-8D60BCCB252D}\RP321\A0038662.DLL

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B5A23315-9474-4112-8DCE-8D60BCCB252D}\RP321\A0038666.DLL

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B5A23315-9474-4112-8DCE-8D60BCCB252D}\RP321\A0038669.DLL

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B5A23315-9474-4112-8DCE-8D60BCCB252D}\RP321\A0038672.DLL

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B5A23315-9474-4112-8DCE-8D60BCCB252D}\RP321\A0038673.DLL

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B5A23315-9474-4112-8DCE-8D60BCCB252D}\RP321\A0038675.DLL

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B5A23315-9474-4112-8DCE-8D60BCCB252D}\RP321\A0038676.DLL

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B5A23315-9474-4112-8DCE-8D60BCCB252D}\RP321\A0038677.DLL

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B5A23315-9474-4112-8DCE-8D60BCCB252D}\RP321\A0038678.DLL

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B5A23315-9474-4112-8DCE-8D60BCCB252D}\RP321\A0038679.DLL

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B5A23315-9474-4112-8DCE-8D60BCCB252D}\RP321\A0038682.DLL

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B5A23315-9474-4112-8DCE-8D60BCCB252D}\RP321\A0038683.DLL

C:\WINDOWS\SYSTEM32\CAXVFTRQ.DLL

C:\WINDOWS\SYSTEM32\CMTTKMCK.DLL

C:\WINDOWS\SYSTEM32\HOHEAUSQ.DLL

C:\WINDOWS\SYSTEM32\JHRQGKIC.DLL

C:\WINDOWS\SYSTEM32\WQAFBRMN.DLL

 

Rogue.StorageProtector/Trace

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B5A23315-9474-4112-8DCE-8D60BCCB252D}\RP227\A0027884.EXE

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B5A23315-9474-4112-8DCE-8D60BCCB252D}\RP321\A0038604.EXE

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B5A23315-9474-4112-8DCE-8D60BCCB252D}\RP321\A0038605.EXE

 

Adware.Vundo-Variant/PolyMorph-A

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B5A23315-9474-4112-8DCE-8D60BCCB252D}\RP228\A0027915.DLL

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B5A23315-9474-4112-8DCE-8D60BCCB252D}\RP321\A0038628.DLL

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B5A23315-9474-4112-8DCE-8D60BCCB252D}\RP321\A0038641.DLL

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B5A23315-9474-4112-8DCE-8D60BCCB252D}\RP321\A0038650.DLL

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B5A23315-9474-4112-8DCE-8D60BCCB252D}\RP321\A0038651.DLL

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B5A23315-9474-4112-8DCE-8D60BCCB252D}\RP321\A0038654.DLL

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B5A23315-9474-4112-8DCE-8D60BCCB252D}\RP321\A0038665.DLL

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B5A23315-9474-4112-8DCE-8D60BCCB252D}\RP321\A0038671.DLL

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B5A23315-9474-4112-8DCE-8D60BCCB252D}\RP321\A0038680.DLL

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B5A23315-9474-4112-8DCE-8D60BCCB252D}\RP321\A0038681.DLL

 

Adware.Vundo-Variant

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B5A23315-9474-4112-8DCE-8D60BCCB252D}\RP228\A0027916.DLL

 

Trojan.Unclassified/Dropper-B

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B5A23315-9474-4112-8DCE-8D60BCCB252D}\RP321\A0038623.DLL

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B5A23315-9474-4112-8DCE-8D60BCCB252D}\RP321\A0038633.DLL

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B5A23315-9474-4112-8DCE-8D60BCCB252D}\RP321\A0038642.DLL

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B5A23315-9474-4112-8DCE-8D60BCCB252D}\RP321\A0038643.DLL

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B5A23315-9474-4112-8DCE-8D60BCCB252D}\RP321\A0038646.DLL

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B5A23315-9474-4112-8DCE-8D60BCCB252D}\RP321\A0038663.DLL

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B5A23315-9474-4112-8DCE-8D60BCCB252D}\RP321\A0038667.DLL

C:\SYSTEM VOLUME INFORMATION\_RESTORE{B5A23315-9474-4112-8DCE-8D60BCCB252D}\RP321\A0038670.DLL

 

Trojan.Downloader-Gen/DDC

C:\WINDOWS\SYSTEM32\AKDYJPJB.EXE

C:\WINDOWS\SYSTEM32\BGIKSLGF.EXE

C:\WINDOWS\SYSTEM32\CAIBEQDW.EXE

C:\WINDOWS\SYSTEM32\CCPBOMKO.EXE

C:\WINDOWS\SYSTEM32\QWPKIEGP.EXE

 

Trojan.Vundo-Variant/Small

C:\WINDOWS\SYSTEM32\LBJJFYMY.DLL

 

 

 

Siste log, etter restart:

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 21:28:30, on 10.06.2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16640)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Programfiler\Lavasoft\Ad-Aware 2007\aawservice.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\Programfiler\Windows Live\Tryggere for familien\fssui.exe

C:\Programfiler\Java\jre1.6.0_06\bin\jusched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Programfiler\Windows Live\Messenger\MsnMsgr.Exe

C:\Programfiler\BitTorrent\bittorrent .exe

C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe

C:\WINDOWS\System32\PAStiSvc.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Programfiler\Trend Micro\teswt\tt.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger

O2 - BHO: Windows Live OneCare Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Programfiler\Windows Live\Tryggere for familien\fssbho.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_06\bin\ssv.dll

O2 - BHO: Påloggingshjelp for Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programfiler\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll

O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programfiler\Windows Live Toolbar\msntb.dll

O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)

O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programfiler\Windows Live Toolbar\msntb.dll

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [fssui] "C:\Programfiler\Windows Live\Tryggere for familien\fssui.exe" -autorun

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programfiler\Java\jre1.6.0_06\bin\jusched.exe"

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Programfiler\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [bitTorrent] "C:\Programfiler\BitTorrent\bittorrent .exe" --force_start_minimized

O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETTVERKSTJENESTE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O8 - Extra context menu item: &Windows Live Search - res://C:\Programfiler\Windows Live Toolbar\msntb.dll/search.htm

O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Åpne i ny bakgrunnsflik - res://C:\Programfiler\Windows Live Toolbar\Components\nb-no\msntabres.dll.mui/229?849301a967d744fd993ffc51f0a86d90

O8 - Extra context menu item: Åpne i ny forgrunnsflik - res://C:\Programfiler\Windows Live Toolbar\Components\nb-no\msntabres.dll.mui/230?849301a967d744fd993ffc51f0a86d90

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_06\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_06\bin\ssv.dll

O9 - Extra button: Blogg dette - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programfiler\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Blogg dette i Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programfiler\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Oppslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe

O20 - Winlogon Notify: !SASWinLogon - C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll

O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Programfiler\Lavasoft\Ad-Aware 2007\aawservice.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Programfiler\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe

 

--

End of file - 5896 bytes

 

 

 

Hvordan ser det ut? Skal noe mer gjøres?

Lenke til kommentar

Start HijackThis "scan" finn disse linjene merk dem,så trykk fix checked.

O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)

O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)

 

Bearshare prøv og finne et annet p2p program,denne er kjent for og ta med seg en del grums.

 

Bruk pcen kjører den greit gjør du dette.

Du kan fjerne combofix ved å skrive combofix /u fra kjør-vinduet. Denne kommandoen gjør at filer i karantene og backups blir slette. Systemgjenopprettingsmappa nullstilt etc.

 

Anngående antivirus så er avira bra og gratis.

http://www.free-av.com/

 

Brannmur så er online armor free bra.

http://www.tallemu.com/

 

Sas fortsetter du og bruke.

 

Surf trygt.

Endret av SNIPPSAT
Lenke til kommentar

Opprett en konto eller logg inn for å kommentere

Du må være et medlem for å kunne skrive en kommentar

Opprett konto

Det er enkelt å melde seg inn for å starte en ny konto!

Start en konto

Logg inn

Har du allerede en konto? Logg inn her.

Logg inn nå
×
×
  • Opprett ny...