GLN Skrevet 10. juni 2008 Del Skrevet 10. juni 2008 Sitter her på en litt treig maskin å skjekke for virus, så orker ikke bruke timesvis på å lete frem etter evt andre topicer der man kan poste logger. Etter det jeg tror så har det ikke vært topp security på denne maskinen i det siste. Har jeg skannet igjennom hele maskinen? Har dere noen gode gratis virusprogrammer som fjerne og holder borte virus? Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 17:54:47, on 10.06.2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16640) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Programfiler\Lavasoft\Ad-Aware 2007\aawservice.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\SOUNDMAN.EXE C:\Programfiler\Windows Live\Tryggere for familien\fssui.exe C:\Programfiler\Java\jre1.6.0_06\bin\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Programfiler\Windows Live\Messenger\MsnMsgr.Exe C:\Programfiler\BitTorrent\bittorrent .exe C:\WINDOWS\System32\PAStiSvc.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\wscntfy.exe C:\Programfiler\Windows Live\Messenger\usnsvc.exe C:\Programfiler\BearShare Applications\BearShare\BearShare.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\wuauclt.exe C:\Programfiler\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\wuauclt.exe C:\Programfiler\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger O2 - BHO: Windows Live OneCare Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Programfiler\Windows Live\Tryggere for familien\fssbho.dll O2 - BHO: (no name) - {5AAF23D8-4489-43D8-A064-319D1254ABCA} - C:\WINDOWS\system32\wvutstr.dll (file missing) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_06\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: (no name) - {7EC38BEC-6507-4F03-A05D-4BE9F3E0BFB0} - C:\WINDOWS\system32\mljgh.dll (file missing) O2 - BHO: Påloggingshjelp for Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: (no name) - {A95B2816-1D7E-4561-A202-68C0DE02353A} - C:\WINDOWS\system32\ifmmsapt.dll (file missing) O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programfiler\google\googletoolbar1.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programfiler\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programfiler\Windows Live Toolbar\msntb.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programfiler\google\googletoolbar1.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programfiler\Windows Live Toolbar\msntb.dll O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [Windows Taskmanager] svchost.exe O4 - HKLM\..\Run: [fssui] "C:\Programfiler\Windows Live\Tryggere for familien\fssui.exe" -autorun O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programfiler\Java\jre1.6.0_06\bin\jusched.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Programfiler\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [bitTorrent] "C:\Programfiler\BitTorrent\bittorrent .exe" --force_start_minimized O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\NPSWF32_FlashUtil.exe -p O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETTVERKSTJENESTE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: &Windows Live Search - res://C:\Programfiler\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Åpne i ny bakgrunnsflik - res://C:\Programfiler\Windows Live Toolbar\Components\nb-no\msntabres.dll.mui/229?849301a967d744fd993ffc51f0a86d90 O8 - Extra context menu item: Åpne i ny forgrunnsflik - res://C:\Programfiler\Windows Live Toolbar\Components\nb-no\msntabres.dll.mui/230?849301a967d744fd993ffc51f0a86d90 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_06\bin\ssv.dll O9 - Extra button: Blogg dette - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programfiler\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Blogg dette i Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programfiler\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Oppslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O20 - Winlogon Notify: ifmmsapt - ifmmsapt.dll (file missing) O20 - Winlogon Notify: wvutstr - wvutstr.dll (file missing) O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Programfiler\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Programfiler\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe -- End of file - 6630 bytes Lenke til kommentar
snippsat Skrevet 10. juni 2008 Del Skrevet 10. juni 2008 Last Combofix ned ,legg på skrivebordet. Ikke klikk på vindu mens programet kjører. post logg C:\combofix.txt Har dere noen gode gratis virusprogrammer som fjerne og holder borte virus? Tar det når pcen er ren,for du har en del grums. Lenke til kommentar
GLN Skrevet 10. juni 2008 Forfatter Del Skrevet 10. juni 2008 Hehe, det lille jeg leste lovet ikke bra Hva må gjøres nå? ComboFix 08-06-09.7 - Mats Nevland 2008-06-10 18:29:56.1 - NTFSx86 Running from: C:\Documents and Settings\Mats Nevland\Skrivebord\ComboFix.exe WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\All Users\Start-meny\Programmer\StorageProtector C:\Documents and Settings\All Users\Start-meny\Programmer\StorageProtector\Contact Customer Service.lnk C:\Documents and Settings\All Users\Start-meny\Programmer\StorageProtector\StorageProtector.lnk C:\Documents and Settings\Mats Nevland\Programdata\storageprotector C:\Documents and Settings\Mats Nevland\Programdata\storageprotector\Logs\update.log C:\Programfiler\Fellesfiler\StorageProtector C:\Programfiler\Fellesfiler\StorageProtector\strpmon .exe C:\Programfiler\Fellesfiler\StorageProtector\strpmon .exe C:\Programfiler\StorageProtector C:\Programfiler\StorageProtector\atl71.dll C:\Programfiler\StorageProtector\kernel.dll C:\Programfiler\StorageProtector\License.rtf C:\Programfiler\StorageProtector\mfc71.dll C:\Programfiler\StorageProtector\msvcp71.dll C:\Programfiler\StorageProtector\msvcr71.dll C:\Programfiler\StorageProtector\Readme.rtf C:\Programfiler\StorageProtector\Res\Main.ico C:\Programfiler\StorageProtector\Res\RecycleBin.ico C:\Programfiler\StorageProtector\rm.url C:\Programfiler\StorageProtector\sr.log C:\Programfiler\StorageProtector\swupd.log C:\Programfiler\StorageProtector\SysRep .exe.Log C:\Programfiler\StorageProtector\SysRep.exe.Log C:\Programfiler\StorageProtector\SysRep.exe.xml C:\Programfiler\StorageProtector\SysRep.url C:\Programfiler\StorageProtector\transpaid.exe C:\Programfiler\StorageProtector\unins000.dat C:\Programfiler\StorageProtector\unins000.exe C:\Programfiler\StorageProtector\urls.ini C:\WINDOWS\BMcb4c0bea.xml C:\WINDOWS\Downloaded Program Files\setup.inf C:\WINDOWS\pskt.ini C:\WINDOWS\svchost.exe C:\WINDOWS\system32\afinipmn.dll C:\WINDOWS\system32\amwrloko.dll C:\WINDOWS\system32\boeopefv.ini C:\WINDOWS\system32\bpehvbui.dll C:\WINDOWS\system32\bptrksoj.dll C:\WINDOWS\system32\bxytodxo.dll C:\WINDOWS\system32\ccrllvkq.dll C:\WINDOWS\system32\chocydir.ini C:\WINDOWS\system32\cltwqffs.dll C:\WINDOWS\system32\cqbcqebh.ini C:\WINDOWS\system32\ctfmon.exe.tmp C:\WINDOWS\system32\dakblxbg.dll C:\WINDOWS\system32\ddcdbcb.dll C:\WINDOWS\system32\ddgkpjri.dll C:\WINDOWS\system32\deoicnaw.dll C:\WINDOWS\system32\dftlqrcj.ini C:\WINDOWS\system32\dgsrcmxu.dll C:\WINDOWS\system32\difcgyub.ini C:\WINDOWS\system32\dkfifaap.ini C:\WINDOWS\system32\dofuwthm.dll C:\WINDOWS\system32\dpelsftt.ini C:\WINDOWS\system32\drxvanrt.dll C:\WINDOWS\system32\dskfkukx.dll C:\WINDOWS\system32\dwobrniw.dll C:\WINDOWS\system32\dxtrcitc.dll C:\WINDOWS\system32\dxwfwyeu.ini C:\WINDOWS\system32\ebghpxnv.dll C:\WINDOWS\system32\egpneuuk.dll C:\WINDOWS\system32\ekhslqwj.dll C:\WINDOWS\system32\eknebace.dll C:\WINDOWS\system32\fcccaxu.dll C:\WINDOWS\system32\fniamiwb.dll C:\WINDOWS\system32\fskiqwys.dll C:\WINDOWS\system32\fuidmgjr.dll C:\WINDOWS\system32\gcrfgkub.dll C:\WINDOWS\system32\gfgtcbmj.ini C:\WINDOWS\system32\gigtbdsx.dll C:\WINDOWS\system32\haijekfm.ini C:\WINDOWS\system32\heqibbds.dll C:\WINDOWS\system32\hgjlm.ini C:\WINDOWS\system32\hgjlm.ini2 C:\WINDOWS\system32\hnpvqgfl.dll C:\WINDOWS\system32\iaentnco.ini C:\WINDOWS\system32\ihqowywy.dll C:\WINDOWS\system32\iiffggg.dll C:\WINDOWS\system32\iifgfgg.dll C:\WINDOWS\system32\ilklssid.dll C:\WINDOWS\system32\jgbdwtjx.dll C:\WINDOWS\system32\jkkkkki.dll C:\WINDOWS\system32\jxgpkceu.dll C:\WINDOWS\system32\kffjiylm.dll C:\WINDOWS\system32\ksvwgcya.ini C:\WINDOWS\system32\kuuenpge.ini C:\WINDOWS\system32\kydamvvu.ini C:\WINDOWS\system32\lqgclogy.ini C:\WINDOWS\system32\mcrh.tmp C:\WINDOWS\system32\mgdmpljb.dll C:\WINDOWS\system32\mhpbvhge.dll C:\WINDOWS\system32\mhtwufod.ini C:\WINDOWS\system32\miiidcbj.dll C:\WINDOWS\system32\minjrfem.dll C:\WINDOWS\system32\mtjabcno.dll C:\WINDOWS\system32\nfoilmjc.ini C:\WINDOWS\system32\ntjevspd.ini C:\WINDOWS\system32\olqqrlfs.dll C:\WINDOWS\system32\olvttvwl.ini C:\WINDOWS\system32\omeiwksp.dll C:\WINDOWS\system32\oncbajtm.ini C:\WINDOWS\system32\pjmpvwia.ini C:\WINDOWS\system32\plyrjoil.ini C:\WINDOWS\system32\qbvarbay.ini C:\WINDOWS\system32\qdlsdxvs.dll C:\WINDOWS\system32\qomnkhh.dll C:\WINDOWS\system32\qtnucxon.dll C:\WINDOWS\system32\rrhrfxux.ini C:\WINDOWS\system32\scpxcjgk.ini C:\WINDOWS\system32\sffqwtlc.ini C:\WINDOWS\system32\srcgovxr.dll C:\WINDOWS\system32\tcewootm.dll C:\WINDOWS\system32\tfpaaglh.dll C:\WINDOWS\system32\tgjvsjbs.dll C:\WINDOWS\system32\tkspucjo.ini C:\WINDOWS\system32\tuvturo.dll C:\WINDOWS\system32\tvigwedp.dll C:\WINDOWS\system32\typsdkxm.dll C:\WINDOWS\system32\uasrepgo.dll C:\WINDOWS\system32\uaxcmnyq.ini C:\WINDOWS\system32\ubdtnkfg.dll C:\WINDOWS\system32\uiotfrik.dll C:\WINDOWS\system32\uufqtqve.dll C:\WINDOWS\system32\uywokptd.ini C:\WINDOWS\system32\vmyuvheu.ini C:\WINDOWS\system32\wancioed.ini C:\WINDOWS\system32\wdhrudas.ini C:\WINDOWS\system32\wilnkiju.dll C:\WINDOWS\system32\wswyacis.ini C:\WINDOWS\system32\wubimmef.dll C:\WINDOWS\system32\wuwvfpbe.ini C:\WINDOWS\system32\wvustro.dll C:\WINDOWS\system32\wwjlivfj.ini C:\WINDOWS\system32\xblwebxt.ini C:\WINDOWS\system32\xcgkkrvt.ini C:\WINDOWS\system32\xxyyvuu.dll C:\WINDOWS\system32\yenmiqbc.ini C:\WINDOWS\system32\ynqanmer.ini C:\WINDOWS\system32\ynyautmt.dll C:\WINDOWS\system32\yochnbsr.dll C:\WINDOWS\system32\yxmoinnf.ini . ((((((((((((((((((((((((( Files Created from 2008-05-10 to 2008-06-10 ))))))))))))))))))))))))))))))) . 2008-06-10 18:06 . 2008-06-10 18:05 102,664 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys 2008-06-10 18:05 . 2008-06-10 18:05 <DIR> d-------- C:\WINDOWS\Sun 2008-06-10 18:05 . 2008-06-10 18:07 <DIR> d-------- C:\Documents and Settings\Mats Nevland\.housecall6.6 2008-06-10 17:54 . 2008-06-10 18:02 <DIR> d-------- C:\Programfiler\Trend Micro 2008-05-30 07:19 . 2008-05-30 07:19 54,156 --ah----- C:\WINDOWS\QTFont.qfn 2008-05-30 07:19 . 2008-05-30 07:19 1,409 --a------ C:\WINDOWS\QTFont.for 2008-05-21 16:28 . 2008-05-21 16:28 <DIR> d-------- C:\Programfiler\Sun 2008-05-21 16:28 . 2008-05-21 16:32 <DIR> d-------- C:\Documents and Settings\Mats Nevland\Programdata\LimeWire 2008-05-21 16:28 . 2008-03-25 02:37 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl 2008-05-21 16:26 . 2008-05-21 16:27 <DIR> d-------- C:\Programfiler\Java 2008-05-21 16:26 . 2008-05-21 16:26 <DIR> d-------- C:\Programfiler\Fellesfiler\Java 2008-05-21 16:18 . 2008-05-21 16:24 <DIR> d-------- C:\Programfiler\LimeWire 2008-05-21 16:16 . 2008-05-21 16:16 <DIR> d-------- C:\Programfiler\MP3 Music Search 2008-05-18 23:28 . 2008-05-18 23:29 <DIR> d-------- C:\Documents and Settings\Mats Nevland\Programdata\fretsonfire 2008-05-18 22:50 . 2008-05-18 23:28 <DIR> d-------- C:\Programfiler\Frets on Fire . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-06-10 07:34 --------- d-----w C:\Documents and Settings\Mats Nevland\Programdata\BitTorrent 2008-05-22 13:20 --------- d-----w C:\Documents and Settings\Mats Nevland\Programdata\BearShare 2008-05-17 17:56 --------- d-----w C:\Programfiler\BearShare Applications 2008-05-09 20:15 --------- d-----w C:\Documents and Settings\Mats Nevland\Programdata\vlc 2008-05-09 20:14 --------- d-----w C:\Programfiler\VideoLAN 2008-04-26 21:55 230,432 ----a-w C:\StiImg.dat 2008-04-02 19:33 140,288 ----a-w C:\WINDOWS\~GLC0000.TMP . <pre> ----a-w 43,008 2008-03-13 11:34:54 C:\Programfiler\BitTorrent\bittorrent .exe ----a-w 401,920 2008-03-10 07:16:03 C:\Programfiler\BitTorrent\bittorrent .exe ----a-w 401,920 2008-03-06 14:49:01 C:\Programfiler\BitTorrent\bittorrent .exe ----a-w 401,920 2008-03-04 14:25:11 C:\Programfiler\BitTorrent\bittorrent .exe ----a-w 401,920 2008-02-28 23:14:18 C:\Programfiler\BitTorrent\bittorrent .exe ----a-w 401,920 2008-02-27 21:32:38 C:\Programfiler\BitTorrent\bittorrent .exe ----a-w 401,920 2008-02-24 11:30:45 C:\Programfiler\BitTorrent\bittorrent .exe ----a-w 401,920 2008-02-19 17:34:33 C:\Programfiler\BitTorrent\bittorrent .exe ----a-w 401,920 2008-02-13 02:13:02 C:\Programfiler\BitTorrent\bittorrent .exe ----a-w 401,920 2008-02-11 23:27:59 C:\Programfiler\BitTorrent\bittorrent .exe ----a-w 401,920 2008-02-08 17:20:40 C:\Programfiler\BitTorrent\bittorrent .exe ----a-w 401,920 2008-02-03 17:04:35 C:\Programfiler\BitTorrent\bittorrent .exe ----a-w 401,920 2008-02-03 16:44:17 C:\Programfiler\BitTorrent\bittorrent .exe ----a-w 401,920 2008-01-29 15:49:43 C:\Programfiler\BitTorrent\bittorrent .exe ----a-w 401,920 2008-01-24 23:39:58 C:\Programfiler\BitTorrent\bittorrent .exe ----a-w 68,856 2008-03-13 11:34:59 C:\Programfiler\Google\GoogleToolbarNotifier\GoogleToolbarNotifier .exe ----a-w 5,674,352 2008-03-13 11:35:28 C:\Programfiler\MSN Messenger\MsnMsgr .Exe ----a-w 286,720 2008-03-13 11:34:25 C:\Programfiler\QuickTime\QTTask .exe ----a-w 652,288 2008-03-13 11:18:07 C:\Programfiler\QuickTime\QTTask .exe ----a-w 652,288 2008-03-10 07:16:12 C:\Programfiler\QuickTime\QTTask .exe ----a-w 652,288 2008-03-06 15:19:02 C:\Programfiler\QuickTime\QTTask .exe ----a-w 652,288 2008-03-06 14:49:13 C:\Programfiler\QuickTime\QTTask .exe ----a-w 652,288 2008-03-04 14:25:20 C:\Programfiler\QuickTime\QTTask .exe ----a-w 652,288 2008-02-28 23:14:25 C:\Programfiler\QuickTime\QTTask .exe ----a-w 652,288 2008-02-27 21:32:47 C:\Programfiler\QuickTime\QTTask .exe ----a-w 652,288 2008-02-26 21:18:51 C:\Programfiler\QuickTime\QTTask .exe ----a-w 652,288 2008-02-24 12:00:18 C:\Programfiler\QuickTime\QTTask .exe ----a-w 652,288 2008-02-24 11:30:55 C:\Programfiler\QuickTime\QTTask .exe ----a-w 652,288 2008-02-19 17:34:40 C:\Programfiler\QuickTime\QTTask .exe ----a-w 652,288 2008-02-13 02:13:08 C:\Programfiler\QuickTime\QTTask .exe ----a-w 652,288 2008-02-11 23:28:05 C:\Programfiler\QuickTime\QTTask .exe ----a-w 652,288 2008-02-08 17:20:49 C:\Programfiler\QuickTime\QTTask .exe ----a-w 652,288 2008-02-03 17:04:48 C:\Programfiler\QuickTime\QTTask .exe ----a-w 652,288 2008-02-03 16:44:30 C:\Programfiler\QuickTime\QTTask .exe ----a-w 652,288 2008-01-29 15:49:55 C:\Programfiler\QuickTime\QTTask .exe ----a-w 652,288 2008-01-25 21:07:08 C:\Programfiler\QuickTime\QTTask .exe ----a-w 652,288 2008-01-24 23:40:14 C:\Programfiler\QuickTime\QTTask .exe ----a-w 15,360 2008-03-10 07:16:44 C:\WINDOWS\system32\ctfmon .exe ----a-w 18,214,008 2008-02-13 02:15:02 C:\WINDOWS\system32\MRT .exe </pre> -- Snapshot reset to current date -- . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4f3ed5cd-0726-42a9-87f5-d13f3d2976ac}] 2007-12-17 11:12 56360 --a------ C:\Programfiler\Windows Live\Tryggere for familien\fssbho.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7EC38BEC-6507-4F03-A05D-4BE9F3E0BFB0}] C:\WINDOWS\system32\mljgh.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 14:00 15360] "msnmsgr"="C:\Programfiler\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184] "BitTorrent"="C:\Programfiler\BitTorrent\bittorrent .exe" [2008-03-13 13:34 43008] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SoundMan"="SOUNDMAN.EXE" [2005-09-22 01:42 90112 C:\WINDOWS\soundman.exe] "fssui"="C:\Programfiler\Windows Live\Tryggere for familien\fssui.exe" [2007-12-17 11:12 243240] "SunJavaUpdateSched"="C:\Programfiler\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28 144784] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 14:00 15360] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ifmmsapt] ifmmsapt.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wvutstr] wvutstr.dll [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Programfiler\\Messenger\\msmsgs.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "C:\\WINDOWS\\system32\\dpvsetup.exe"= "C:\\Programfiler\\MSN Messenger\\MsnMsgr .Exe"= "C:\\Programfiler\\Windows Live\\Messenger\\msnmsgr.exe"= "C:\\Programfiler\\Windows Live\\Messenger\\livecall.exe"= "C:\\Programfiler\\LimeWire\\LimeWire.exe"= "C:\\Programfiler\\BitTorrent\\bittorrent .exe"= R2 fssfltr;FssFltr;C:\WINDOWS\system32\DRIVERS\fssfltr.sys [2007-10-17 13:53] R2 fsssvc;Windows Live OneCare Tryggere for familien;"C:\Programfiler\Windows Live\Tryggere for familien\fsssvc.exe" [2007-12-17 11:13] R3 PAC207;Trust WB-1400T Webcam;C:\WINDOWS\system32\DRIVERS\pfc027.sys [2005-02-24 13:29] . Contents of the 'Scheduled Tasks' folder "2008-06-09 14:00:21 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - C:\Programfiler\Apple Software Update\SoftwareUpdate.exe "2008-06-10 15:56:01 C:\WINDOWS\Tasks\Se etter oppdateringer for Windows Live Toolbar.job" - C:\Programfiler\Windows Live Toolbar\MSNTBUP.EXE . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-06-10 18:43:43 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . ------------------------ Other Running Processes ------------------------ . C:\Programfiler\Lavasoft\Ad-Aware 2007\aawservice.exe C:\WINDOWS\system32\PAStiSvc.exe C:\WINDOWS\system32\Macromed\Flash\NPSWF32_FlashUtil.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\verclsid.exe . ************************************************************************** . Completion time: 2008-06-10 18:46:04 - machine was rebooted ComboFix-quarantined-files.txt 2008-06-10 16:45:58 Pre-Run: 103,129,288,704 byte ledig Post-Run: 104,761,794,560 byte ledig 288 --- E O F --- 2008-05-18 21:14:07 Lenke til kommentar
snippsat Skrevet 10. juni 2008 Del Skrevet 10. juni 2008 Combofix slettet en masse infiserte filer. Kopiere fet tekst under bildet->åpne notisblokk og lim inn. Lagre på skrivebordet som CFScript.txt Gjør som på bildet combofix vil starte,Post logg c:\combofix.txt Registry:: [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7EC38BEC-6507-4F03-A05D-4BE9F3E0BFB0}] [-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ifmmsapt] [-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wvutstr] --- Last ned kjør CCleaner 'Valg'->'Avansert'. Fjern avkryssingen framfor: "bare slett midlertidige filer som er eldere enn 48 t. Kjør register-renser og"svar ja til og reparere" --- Last ned oppdatere og kjør full scan SAS free Post loggen fra SAS (preferences->statistics/logs) --- Restart --- Lag en ny hijackthis logg. Lenke til kommentar
GLN Skrevet 10. juni 2008 Forfatter Del Skrevet 10. juni 2008 Takk takk snippsat, skal ta det etter Spania kampen, om ca 30min Lenke til kommentar
GLN Skrevet 10. juni 2008 Forfatter Del Skrevet 10. juni 2008 Ok, here it comes Log1: Loggen etter jeg kjørte den script fila i ComboFix ComboFix 08-06-09.7 - Mats Nevland 2008-06-10 19:53:46.2 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1044.18.140 [GMT 2:00] Running from: C:\Documents and Settings\Mats Nevland\Skrivebord\ComboFix.exe Command switches used :: C:\Documents and Settings\Mats Nevland\Skrivebord\CFScript.txt * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\system32\ifmmsapt.dllbox . ((((((((((((((((((((((((( Files Created from 2008-05-10 to 2008-06-10 ))))))))))))))))))))))))))))))) . 2008-06-10 18:06 . 2008-06-10 18:05 102,664 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys 2008-06-10 18:05 . 2008-06-10 18:05 <DIR> d-------- C:\WINDOWS\Sun 2008-06-10 18:05 . 2008-06-10 18:07 <DIR> d-------- C:\Documents and Settings\Mats Nevland\.housecall6.6 2008-06-10 17:54 . 2008-06-10 18:02 <DIR> d-------- C:\Programfiler\Trend Micro 2008-05-30 07:19 . 2008-05-30 07:19 54,156 --ah----- C:\WINDOWS\QTFont.qfn 2008-05-30 07:19 . 2008-05-30 07:19 1,409 --a------ C:\WINDOWS\QTFont.for 2008-05-21 16:28 . 2008-05-21 16:28 <DIR> d-------- C:\Programfiler\Sun 2008-05-21 16:28 . 2008-05-21 16:32 <DIR> d-------- C:\Documents and Settings\Mats Nevland\Programdata\LimeWire 2008-05-21 16:28 . 2008-03-25 02:37 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl 2008-05-21 16:26 . 2008-05-21 16:27 <DIR> d-------- C:\Programfiler\Java 2008-05-21 16:26 . 2008-05-21 16:26 <DIR> d-------- C:\Programfiler\Fellesfiler\Java 2008-05-21 16:18 . 2008-05-21 16:24 <DIR> d-------- C:\Programfiler\LimeWire 2008-05-21 16:16 . 2008-05-21 16:16 <DIR> d-------- C:\Programfiler\MP3 Music Search 2008-05-18 23:28 . 2008-05-18 23:29 <DIR> d-------- C:\Documents and Settings\Mats Nevland\Programdata\fretsonfire 2008-05-18 22:50 . 2008-05-18 23:28 <DIR> d-------- C:\Programfiler\Frets on Fire . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-06-10 07:34 --------- d-----w C:\Documents and Settings\Mats Nevland\Programdata\BitTorrent 2008-05-22 13:20 --------- d-----w C:\Documents and Settings\Mats Nevland\Programdata\BearShare 2008-05-17 17:56 --------- d-----w C:\Programfiler\BearShare Applications 2008-05-09 20:15 --------- d-----w C:\Documents and Settings\Mats Nevland\Programdata\vlc 2008-05-09 20:14 --------- d-----w C:\Programfiler\VideoLAN 2008-04-26 21:55 230,432 ----a-w C:\StiImg.dat 2008-04-02 19:33 140,288 ----a-w C:\WINDOWS\~GLC0000.TMP 2008-03-25 04:51 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll 2008-03-25 04:51 166,688 ----a-w C:\WINDOWS\system32\msjint40.dll 2008-03-20 08:11 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys 2008-03-10 07:16 15,360 ----a-w C:\WINDOWS\system32\ctfmon .exe . <pre> ----a-w 43,008 2008-03-13 11:34:54 C:\Programfiler\BitTorrent\bittorrent .exe ----a-w 401,920 2008-03-10 07:16:03 C:\Programfiler\BitTorrent\bittorrent .exe ----a-w 401,920 2008-03-06 14:49:01 C:\Programfiler\BitTorrent\bittorrent .exe ----a-w 401,920 2008-03-04 14:25:11 C:\Programfiler\BitTorrent\bittorrent .exe ----a-w 401,920 2008-02-28 23:14:18 C:\Programfiler\BitTorrent\bittorrent .exe ----a-w 401,920 2008-02-27 21:32:38 C:\Programfiler\BitTorrent\bittorrent .exe ----a-w 401,920 2008-02-24 11:30:45 C:\Programfiler\BitTorrent\bittorrent .exe ----a-w 401,920 2008-02-19 17:34:33 C:\Programfiler\BitTorrent\bittorrent .exe ----a-w 401,920 2008-02-13 02:13:02 C:\Programfiler\BitTorrent\bittorrent .exe ----a-w 401,920 2008-02-11 23:27:59 C:\Programfiler\BitTorrent\bittorrent .exe ----a-w 401,920 2008-02-08 17:20:40 C:\Programfiler\BitTorrent\bittorrent .exe ----a-w 401,920 2008-02-03 17:04:35 C:\Programfiler\BitTorrent\bittorrent .exe ----a-w 401,920 2008-02-03 16:44:17 C:\Programfiler\BitTorrent\bittorrent .exe ----a-w 401,920 2008-01-29 15:49:43 C:\Programfiler\BitTorrent\bittorrent .exe ----a-w 401,920 2008-01-24 23:39:58 C:\Programfiler\BitTorrent\bittorrent .exe ----a-w 68,856 2008-03-13 11:34:59 C:\Programfiler\Google\GoogleToolbarNotifier\GoogleToolbarNotifier .exe ----a-w 5,674,352 2008-03-13 11:35:28 C:\Programfiler\MSN Messenger\MsnMsgr .Exe ----a-w 286,720 2008-03-13 11:34:25 C:\Programfiler\QuickTime\QTTask .exe ----a-w 652,288 2008-03-13 11:18:07 C:\Programfiler\QuickTime\QTTask .exe ----a-w 652,288 2008-03-10 07:16:12 C:\Programfiler\QuickTime\QTTask .exe ----a-w 652,288 2008-03-06 15:19:02 C:\Programfiler\QuickTime\QTTask .exe ----a-w 652,288 2008-03-06 14:49:13 C:\Programfiler\QuickTime\QTTask .exe ----a-w 652,288 2008-03-04 14:25:20 C:\Programfiler\QuickTime\QTTask .exe ----a-w 652,288 2008-02-28 23:14:25 C:\Programfiler\QuickTime\QTTask .exe ----a-w 652,288 2008-02-27 21:32:47 C:\Programfiler\QuickTime\QTTask .exe ----a-w 652,288 2008-02-26 21:18:51 C:\Programfiler\QuickTime\QTTask .exe ----a-w 652,288 2008-02-24 12:00:18 C:\Programfiler\QuickTime\QTTask .exe ----a-w 652,288 2008-02-24 11:30:55 C:\Programfiler\QuickTime\QTTask .exe ----a-w 652,288 2008-02-19 17:34:40 C:\Programfiler\QuickTime\QTTask .exe ----a-w 652,288 2008-02-13 02:13:08 C:\Programfiler\QuickTime\QTTask .exe ----a-w 652,288 2008-02-11 23:28:05 C:\Programfiler\QuickTime\QTTask .exe ----a-w 652,288 2008-02-08 17:20:49 C:\Programfiler\QuickTime\QTTask .exe ----a-w 652,288 2008-02-03 17:04:48 C:\Programfiler\QuickTime\QTTask .exe ----a-w 652,288 2008-02-03 16:44:30 C:\Programfiler\QuickTime\QTTask .exe ----a-w 652,288 2008-01-29 15:49:55 C:\Programfiler\QuickTime\QTTask .exe ----a-w 652,288 2008-01-25 21:07:08 C:\Programfiler\QuickTime\QTTask .exe ----a-w 652,288 2008-01-24 23:40:14 C:\Programfiler\QuickTime\QTTask .exe ----a-w 15,360 2008-03-10 07:16:44 C:\WINDOWS\system32\ctfmon .exe ----a-w 18,214,008 2008-02-13 02:15:02 C:\WINDOWS\system32\MRT .exe </pre> -- Snapshot reset to current date -- . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4f3ed5cd-0726-42a9-87f5-d13f3d2976ac}] 2007-12-17 11:12 56360 --a------ C:\Programfiler\Windows Live\Tryggere for familien\fssbho.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 14:00 15360] "msnmsgr"="C:\Programfiler\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184] "BitTorrent"="C:\Programfiler\BitTorrent\bittorrent .exe" [2008-03-13 13:34 43008] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SoundMan"="SOUNDMAN.EXE" [2005-09-22 01:42 90112 C:\WINDOWS\soundman.exe] "fssui"="C:\Programfiler\Windows Live\Tryggere for familien\fssui.exe" [2007-12-17 11:12 243240] "SunJavaUpdateSched"="C:\Programfiler\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28 144784] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 14:00 15360] [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Programfiler\\Messenger\\msmsgs.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "C:\\WINDOWS\\system32\\dpvsetup.exe"= "C:\\Programfiler\\MSN Messenger\\MsnMsgr .Exe"= "C:\\Programfiler\\Windows Live\\Messenger\\msnmsgr.exe"= "C:\\Programfiler\\Windows Live\\Messenger\\livecall.exe"= "C:\\Programfiler\\LimeWire\\LimeWire.exe"= "C:\\Programfiler\\BitTorrent\\bittorrent .exe"= R2 fssfltr;FssFltr;C:\WINDOWS\system32\DRIVERS\fssfltr.sys [2007-10-17 13:53] R2 fsssvc;Windows Live OneCare Tryggere for familien;"C:\Programfiler\Windows Live\Tryggere for familien\fsssvc.exe" [2007-12-17 11:13] R3 PAC207;Trust WB-1400T Webcam;C:\WINDOWS\system32\DRIVERS\pfc027.sys [2005-02-24 13:29] . Contents of the 'Scheduled Tasks' folder "2008-06-09 14:00:21 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - C:\Programfiler\Apple Software Update\SoftwareUpdate.exe "2008-06-10 17:56:00 C:\WINDOWS\Tasks\Se etter oppdateringer for Windows Live Toolbar.job" - C:\Programfiler\Windows Live Toolbar\MSNTBUP.EXE . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-06-10 19:55:19 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2008-06-10 19:56:14 ComboFix-quarantined-files.txt 2008-06-10 17:56:04 ComboFix2.txt 2008-06-10 16:46:05 Pre-Run: 106,689,138,688 byte ledig Post-Run: 106,682,339,328 byte ledig 139 --- E O F --- 2008-05-18 21:14:07 SAS log: SUPERAntiSpyware Scan Log http://www.superantispyware.com Generated 06/10/2008 at 08:32 PM Application Version : 4.15.1000 Core Rules Database Version : 3478 Trace Rules Database Version: 1469 Scan type : Complete Scan Total Scan Time : 00:29:41 Memory items scanned : 364 Memory threats detected : 0 Registry items scanned : 4567 Registry threats detected : 5 File items scanned : 12071 File threats detected : 217 Adware.Tracking Cookie C:\Documents and Settings\Mats Nevland\Cookies\mats nevland@please[2].txt C:\Documents and Settings\Mats Nevland\Cookies\mats_nevland@tradedoubler[3].txt C:\Documents and Settings\Mats Nevland\Cookies\[email protected][1].txt C:\Documents and Settings\Mats Nevland\Cookies\mats nevland@atwola[1].txt C:\Documents and Settings\Mats Nevland\Cookies\mats_nevland@2o7[2].txt C:\Documents and Settings\Mats Nevland\Cookies\mats_nevland@imrworldwide[1].txt C:\Documents and Settings\Mats Nevland\Cookies\[email protected][2].txt C:\Documents and Settings\Mats Nevland\Cookies\[email protected][1].txt C:\Documents and Settings\Mats Nevland\Cookies\mats nevland@drivecleaner[1].txt C:\Documents and Settings\Mats Nevland\Cookies\mats [email protected][1].txt C:\Documents and Settings\Mats Nevland\Cookies\mats_nevland@atdmt[3].txt C:\Documents and Settings\Mats Nevland\Cookies\mats_nevland@zedo[1].txt C:\Documents and Settings\Mats Nevland\Cookies\mats_nevland@statcounter[1].txt C:\Documents and Settings\Mats Nevland\Cookies\mats nevland@adnetserver[1].txt C:\Documents and Settings\Mats Nevland\Cookies\mats_nevland@interclick[1].txt C:\Documents and Settings\Mats Nevland\Cookies\mats [email protected][1].txt C:\Documents and Settings\Mats Nevland\Cookies\mats nevland@crackle[2].txt C:\Documents and Settings\Mats Nevland\Cookies\mats_nevland@serving-sys[2].txt C:\Documents and Settings\Mats Nevland\Cookies\mats_nevland@statsgod[2].txt C:\Documents and Settings\Mats Nevland\Cookies\[email protected][2].txt C:\Documents and Settings\Mats Nevland\Cookies\mats_nevland@doubleclick[1].txt C:\Documents and Settings\Mats Nevland\Cookies\mats_nevland@mediaplex[1].txt C:\Documents and Settings\Mats Nevland\Cookies\mats_nevland@fastclick[1].txt C:\Documents and Settings\Mats Nevland\Cookies\mats [email protected][1].txt C:\Documents and Settings\Mats Nevland\Cookies\[email protected][1].txt C:\Documents and Settings\Mats Nevland\Cookies\mats nevland@xiti[1].txt C:\Documents and Settings\Mats Nevland\Cookies\[email protected][2].txt C:\Documents and Settings\Mats Nevland\Cookies\[email protected][2].txt C:\Documents and Settings\Mats Nevland\Cookies\mats nevland@clickaider[1].txt C:\Documents and Settings\Mats Nevland\Cookies\[email protected][2].txt C:\Documents and Settings\Mats Nevland\Cookies\[email protected][2].txt C:\Documents and Settings\Mats Nevland\Cookies\mats_nevland@advertising[1].txt C:\Documents and Settings\Mats Nevland\Cookies\mats_nevland@apmebf[1].txt C:\Documents and Settings\Mats Nevland\Cookies\mats_nevland@adtech[1].txt C:\Documents and Settings\Mats Nevland\Cookies\mats [email protected][1].txt C:\Documents and Settings\Mats Nevland\Cookies\mats nevland@statcounter[2].txt C:\Documents and Settings\Mats Nevland\Cookies\mats [email protected][3].txt C:\Documents and Settings\Mats Nevland\Cookies\mats [email protected][1].txt C:\Documents and Settings\Mats Nevland\Cookies\mats [email protected][2].txt C:\Documents and Settings\Mats Nevland\Cookies\mats [email protected][1].txt C:\Documents and Settings\Mats Nevland\Cookies\mats_nevland@atdmt[2].txt C:\Documents and Settings\Mats Nevland\Cookies\mats nevland@adultadworld[2].txt C:\Documents and Settings\Mats Nevland\Cookies\mats [email protected][1].txt C:\Documents and Settings\Mats Nevland\Cookies\mats [email protected][1].txt C:\Documents and Settings\Mats Nevland\Cookies\mats [email protected][1].txt C:\Documents and Settings\Mats Nevland\Cookies\mats nevland@apmebf[1].txt C:\Documents and Settings\Mats Nevland\Cookies\mats nevland@2o7[1].txt C:\Documents and Settings\Mats Nevland\Cookies\mats nevland@adtech[2].txt C:\Documents and Settings\Mats Nevland\Cookies\mats [email protected][2].txt C:\Documents and Settings\Mats Nevland\Cookies\mats nevland@casalemedia[2].txt C:\Documents and Settings\Mats Nevland\Cookies\mats nevland@realmedia[1].txt C:\Documents and Settings\Mats Nevland\Cookies\mats [email protected][1].txt C:\Documents and Settings\Mats Nevland\Cookies\mats [email protected][1].txt C:\Documents and Settings\Mats Nevland\Cookies\mats nevland@dealtime[2].txt C:\Documents and Settings\Mats Nevland\Cookies\mats [email protected][1].txt C:\Documents and Settings\Mats Nevland\Cookies\mats [email protected][1].txt C:\Documents and Settings\Mats Nevland\Cookies\mats nevland@bravenet[1].txt C:\Documents and Settings\Mats Nevland\Cookies\mats nevland@partypoker[1].txt C:\Documents and Settings\Mats Nevland\Cookies\mats nevland@serving-sys[1].txt C:\Documents and Settings\Mats Nevland\Cookies\mats nevland@cassava[1].txt C:\Documents and Settings\Mats Nevland\Cookies\mats nevland@kontera[2].txt C:\Documents and Settings\Mats Nevland\Cookies\mats nevland@revenue[1].txt C:\Documents and Settings\Mats Nevland\Cookies\mats nevland@overture[1].txt C:\Documents and Settings\Mats Nevland\Cookies\mats nevland@yadro[2].txt C:\Documents and Settings\Mats Nevland\Cookies\mats nevland@questionmarket[2].txt C:\Documents and Settings\Mats Nevland\Cookies\mats [email protected][1].txt C:\Documents and Settings\Mats Nevland\Cookies\mats nevland@adrevolver[1].txt C:\Documents and Settings\Mats Nevland\Cookies\mats nevland@specificclick[2].txt C:\Documents and Settings\Mats Nevland\Cookies\[email protected][1].txt C:\Documents and Settings\Mats Nevland\Cookies\mats [email protected][1].txt C:\Documents and Settings\Mats Nevland\Cookies\mats nevland@zedo[1].txt C:\Documents and Settings\Mats Nevland\Cookies\mats nevland@tacoda[1].txt C:\Documents and Settings\Mats Nevland\Cookies\mats [email protected][1].txt C:\Documents and Settings\Mats Nevland\Cookies\mats [email protected][2].txt C:\Documents and Settings\Mats Nevland\Cookies\mats nevland@clicktorrent[2].txt C:\Documents and Settings\Mats Nevland\Cookies\mats nevland@burstnet[2].txt C:\Documents and Settings\Mats Nevland\Cookies\mats [email protected][2].txt C:\Documents and Settings\Mats Nevland\Cookies\mats nevland@enhance[2].txt C:\Documents and Settings\Mats Nevland\Cookies\mats nevland@hitbox[1].txt C:\Documents and Settings\Mats Nevland\Cookies\mats_nevland@tradedoubler[1].txt C:\Documents and Settings\Mats Nevland\Cookies\mats nevland@adbrite[1].txt C:\Documents and Settings\Mats Nevland\Cookies\mats [email protected][2].txt C:\Documents and Settings\Mats Nevland\Cookies\mats [email protected][2].txt C:\Documents and Settings\Mats Nevland\Cookies\mats [email protected][1].txt C:\Documents and Settings\Mats Nevland\Cookies\mats [email protected][1].txt .adtech.de [ C:\Documents and Settings\Mats Nevland\Programdata\Mozilla\Firefox\Profiles\fhnjvhp6.default\cookies.txt ] track.adform.net [ C:\Documents and Settings\Mats Nevland\Programdata\Mozilla\Firefox\Profiles\fhnjvhp6.default\cookies.txt ] track.adform.net [ C:\Documents and Settings\Mats Nevland\Programdata\Mozilla\Firefox\Profiles\fhnjvhp6.default\cookies.txt ] track.adform.net [ C:\Documents and Settings\Mats Nevland\Programdata\Mozilla\Firefox\Profiles\fhnjvhp6.default\cookies.txt ] track.adform.net [ C:\Documents and Settings\Mats Nevland\Programdata\Mozilla\Firefox\Profiles\fhnjvhp6.default\cookies.txt ] track.adform.net [ C:\Documents and Settings\Mats Nevland\Programdata\Mozilla\Firefox\Profiles\fhnjvhp6.default\cookies.txt ] track.adform.net [ C:\Documents and Settings\Mats Nevland\Programdata\Mozilla\Firefox\Profiles\fhnjvhp6.default\cookies.txt ] track.adform.net [ C:\Documents and Settings\Mats Nevland\Programdata\Mozilla\Firefox\Profiles\fhnjvhp6.default\cookies.txt ] .tradedoubler.com [ C:\Documents and Settings\Mats Nevland\Programdata\Mozilla\Firefox\Profiles\fhnjvhp6.default\cookies.txt ] .tradedoubler.com [ C:\Documents and Settings\Mats Nevland\Programdata\Mozilla\Firefox\Profiles\fhnjvhp6.default\cookies.txt ] statse.webtrendslive.com [ C:\Documents and Settings\Mats Nevland\Programdata\Mozilla\Firefox\Profiles\fhnjvhp6.default\cookies.txt ] .mediaplex.com [ C:\Documents and Settings\Mats Nevland\Programdata\Mozilla\Firefox\Profiles\fhnjvhp6.default\cookies.txt ] .bs.serving-sys.com [ C:\Documents and Settings\Mats Nevland\Programdata\Mozilla\Firefox\Profiles\fhnjvhp6.default\cookies.txt ] .serving-sys.com [ C:\Documents and Settings\Mats Nevland\Programdata\Mozilla\Firefox\Profiles\fhnjvhp6.default\cookies.txt ] .serving-sys.com [ C:\Documents and Settings\Mats Nevland\Programdata\Mozilla\Firefox\Profiles\fhnjvhp6.default\cookies.txt ] .serving-sys.com [ C:\Documents and Settings\Mats Nevland\Programdata\Mozilla\Firefox\Profiles\fhnjvhp6.default\cookies.txt ] .serving-sys.com [ C:\Documents and Settings\Mats Nevland\Programdata\Mozilla\Firefox\Profiles\fhnjvhp6.default\cookies.txt ] .serving-sys.com [ C:\Documents and Settings\Mats Nevland\Programdata\Mozilla\Firefox\Profiles\fhnjvhp6.default\cookies.txt ] .serving-sys.com [ C:\Documents and Settings\Mats Nevland\Programdata\Mozilla\Firefox\Profiles\fhnjvhp6.default\cookies.txt ] .doubleclick.net [ C:\Documents and Settings\Mats Nevland\Programdata\Mozilla\Firefox\Profiles\fhnjvhp6.default\cookies.txt ] .siba.112.2o7.net [ C:\Documents and Settings\Mats Nevland\Programdata\Mozilla\Firefox\Profiles\fhnjvhp6.default\cookies.txt ] .indextools.com [ C:\Documents and Settings\Mats Nevland\Programdata\Mozilla\Firefox\Profiles\fhnjvhp6.default\cookies.txt ] .elkjop.112.2o7.net [ C:\Documents and Settings\Mats Nevland\Programdata\Mozilla\Firefox\Profiles\fhnjvhp6.default\cookies.txt ] .sonyeurope.112.2o7.net [ C:\Documents and Settings\Mats Nevland\Programdata\Mozilla\Firefox\Profiles\fhnjvhp6.default\cookies.txt ] .revsci.net [ C:\Documents and Settings\Mats Nevland\Programdata\Mozilla\Firefox\Profiles\fhnjvhp6.default\cookies.txt ] .revsci.net [ C:\Documents and Settings\Mats Nevland\Programdata\Mozilla\Firefox\Profiles\fhnjvhp6.default\cookies.txt ] .revsci.net [ C:\Documents and Settings\Mats Nevland\Programdata\Mozilla\Firefox\Profiles\fhnjvhp6.default\cookies.txt ] .revsci.net [ C:\Documents and Settings\Mats Nevland\Programdata\Mozilla\Firefox\Profiles\fhnjvhp6.default\cookies.txt ] .revsci.net [ C:\Documents and Settings\Mats Nevland\Programdata\Mozilla\Firefox\Profiles\fhnjvhp6.default\cookies.txt ] .revsci.net [ C:\Documents and Settings\Mats Nevland\Programdata\Mozilla\Firefox\Profiles\fhnjvhp6.default\cookies.txt ] .atdmt.com [ C:\Documents and Settings\Mats Nevland\Programdata\Mozilla\Firefox\Profiles\fhnjvhp6.default\cookies.txt ] ad.yieldmanager.com [ C:\Documents and Settings\Mats Nevland\Programdata\Mozilla\Firefox\Profiles\fhnjvhp6.default\cookies.txt ] ad.yieldmanager.com [ C:\Documents and Settings\Mats Nevland\Programdata\Mozilla\Firefox\Profiles\fhnjvhp6.default\cookies.txt ] ad.yieldmanager.com [ C:\Documents and Settings\Mats Nevland\Programdata\Mozilla\Firefox\Profiles\fhnjvhp6.default\cookies.txt ] ad.yieldmanager.com [ C:\Documents and Settings\Mats Nevland\Programdata\Mozilla\Firefox\Profiles\fhnjvhp6.default\cookies.txt ] ad.yieldmanager.com [ C:\Documents and Settings\Mats Nevland\Programdata\Mozilla\Firefox\Profiles\fhnjvhp6.default\cookies.txt ] ad.yieldmanager.com [ C:\Documents and Settings\Mats Nevland\Programdata\Mozilla\Firefox\Profiles\fhnjvhp6.default\cookies.txt ] .zedo.com [ C:\Documents and Settings\Mats Nevland\Programdata\Mozilla\Firefox\Profiles\fhnjvhp6.default\cookies.txt ] .zedo.com [ C:\Documents and Settings\Mats Nevland\Programdata\Mozilla\Firefox\Profiles\fhnjvhp6.default\cookies.txt ] .zedo.com [ C:\Documents and Settings\Mats Nevland\Programdata\Mozilla\Firefox\Profiles\fhnjvhp6.default\cookies.txt ] .zedo.com [ C:\Documents and Settings\Mats Nevland\Programdata\Mozilla\Firefox\Profiles\fhnjvhp6.default\cookies.txt ] .zedo.com [ C:\Documents and Settings\Mats Nevland\Programdata\Mozilla\Firefox\Profiles\fhnjvhp6.default\cookies.txt ] .adbrite.com [ C:\Documents and Settings\Mats Nevland\Programdata\Mozilla\Firefox\Profiles\fhnjvhp6.default\cookies.txt ] .adbrite.com [ C:\Documents and Settings\Mats Nevland\Programdata\Mozilla\Firefox\Profiles\fhnjvhp6.default\cookies.txt ] .partygaming.122.2o7.net [ C:\Documents and Settings\Mats Nevland\Programdata\Mozilla\Firefox\Profiles\fhnjvhp6.default\cookies.txt ] .partypoker.com [ C:\Documents and Settings\Mats Nevland\Programdata\Mozilla\Firefox\Profiles\fhnjvhp6.default\cookies.txt ] .partypoker.com [ C:\Documents and Settings\Mats Nevland\Programdata\Mozilla\Firefox\Profiles\fhnjvhp6.default\cookies.txt ] .partypoker.com [ C:\Documents and Settings\Mats Nevland\Programdata\Mozilla\Firefox\Profiles\fhnjvhp6.default\cookies.txt ] .partypoker.com [ C:\Documents and Settings\Mats Nevland\Programdata\Mozilla\Firefox\Profiles\fhnjvhp6.default\cookies.txt ] ad1.clickhype.com [ C:\Documents and Settings\Mats Nevland\Programdata\Mozilla\Firefox\Profiles\fhnjvhp6.default\cookies.txt ] .tribalfusion.com [ C:\Documents and Settings\Mats Nevland\Programdata\Mozilla\Firefox\Profiles\fhnjvhp6.default\cookies.txt ] .webcount.finn.no [ C:\Documents and Settings\Mats Nevland\Programdata\Mozilla\Firefox\Profiles\fhnjvhp6.default\cookies.txt ] .specificclick.net [ C:\Documents and Settings\Mats Nevland\Programdata\Mozilla\Firefox\Profiles\fhnjvhp6.default\cookies.txt ] .specificclick.net [ C:\Documents and Settings\Mats Nevland\Programdata\Mozilla\Firefox\Profiles\fhnjvhp6.default\cookies.txt ] .specificclick.net [ C:\Documents and Settings\Mats Nevland\Programdata\Mozilla\Firefox\Profiles\fhnjvhp6.default\cookies.txt ] .specificclick.net [ C:\Documents and Settings\Mats Nevland\Programdata\Mozilla\Firefox\Profiles\fhnjvhp6.default\cookies.txt ] .adultfriendfinder.com [ C:\Documents and Settings\Mats Nevland\Programdata\Mozilla\Firefox\Profiles\fhnjvhp6.default\cookies.txt ] .adultfriendfinder.com [ C:\Documents and Settings\Mats Nevland\Programdata\Mozilla\Firefox\Profiles\fhnjvhp6.default\cookies.txt ] .adultfriendfinder.com [ C:\Documents and Settings\Mats Nevland\Programdata\Mozilla\Firefox\Profiles\fhnjvhp6.default\cookies.txt ] .adultfriendfinder.com [ C:\Documents and Settings\Mats Nevland\Programdata\Mozilla\Firefox\Profiles\fhnjvhp6.default\cookies.txt ] .statcounter.com [ C:\Documents and Settings\Mats Nevland\Programdata\Mozilla\Firefox\Profiles\fhnjvhp6.default\cookies.txt ] .statcounter.com [ C:\Documents and Settings\Mats Nevland\Programdata\Mozilla\Firefox\Profiles\fhnjvhp6.default\cookies.txt ] .statcounter.com [ C:\Documents and Settings\Mats Nevland\Programdata\Mozilla\Firefox\Profiles\fhnjvhp6.default\cookies.txt ] .statcounter.com [ C:\Documents and Settings\Mats Nevland\Programdata\Mozilla\Firefox\Profiles\fhnjvhp6.default\cookies.txt ] .statcounter.com [ C:\Documents and Settings\Mats Nevland\Programdata\Mozilla\Firefox\Profiles\fhnjvhp6.default\cookies.txt ] .imrworldwide.com [ C:\Documents and Settings\Mats Nevland\Programdata\Mozilla\Firefox\Profiles\fhnjvhp6.default\cookies.txt ] .imrworldwide.com [ C:\Documents and Settings\Mats Nevland\Programdata\Mozilla\Firefox\Profiles\fhnjvhp6.default\cookies.txt ] .stat.katalysatormedia.no [ C:\Documents and Settings\Mats Nevland\Programdata\Mozilla\Firefox\Profiles\fhnjvhp6.default\cookies.txt ] mediamgr.ugo.com [ C:\Documents and Settings\Mats Nevland\Programdata\Mozilla\Firefox\Profiles\fhnjvhp6.default\cookies.txt ] .casalemedia.com [ C:\Documents and Settings\Mats Nevland\Programdata\Mozilla\Firefox\Profiles\fhnjvhp6.default\cookies.txt ] .casalemedia.com [ C:\Documents and Settings\Mats Nevland\Programdata\Mozilla\Firefox\Profiles\fhnjvhp6.default\cookies.txt ] .casalemedia.com [ C:\Documents and Settings\Mats Nevland\Programdata\Mozilla\Firefox\Profiles\fhnjvhp6.default\cookies.txt ] .casalemedia.com [ C:\Documents and Settings\Mats Nevland\Programdata\Mozilla\Firefox\Profiles\fhnjvhp6.default\cookies.txt ] .estat.com [ C:\Documents and Settings\Mats Nevland\Programdata\Mozilla\Firefox\Profiles\fhnjvhp6.default\cookies.txt ] .msnportal.112.2o7.net [ C:\Documents and Settings\Mats Nevland\Programdata\Mozilla\Firefox\Profiles\fhnjvhp6.default\cookies.txt ] .telenor.112.2o7.net [ C:\Documents and Settings\Mats Nevland\Programdata\Mozilla\Firefox\Profiles\fhnjvhp6.default\cookies.txt ] statse.webtrendslive.com [ C:\Documents and Settings\Mats Nevland\Programdata\Mozilla\Firefox\Profiles\fhnjvhp6.default\cookies.txt ] statse.webtrendslive.com [ C:\Documents and Settings\Mats Nevland\Programdata\Mozilla\Firefox\Profiles\fhnjvhp6.default\cookies.txt ] findexa.adbureau.net [ C:\Documents and Settings\Mats Nevland\Programdata\Mozilla\Firefox\Profiles\fhnjvhp6.default\cookies.txt ] .adrevolver.com [ C:\Documents and Settings\Mats Nevland\Programdata\Mozilla\Firefox\Profiles\fhnjvhp6.default\cookies.txt ] .adrevolver.com [ C:\Documents and Settings\Mats Nevland\Programdata\Mozilla\Firefox\Profiles\fhnjvhp6.default\cookies.txt ] media.adrevolver.com [ C:\Documents and Settings\Mats Nevland\Programdata\Mozilla\Firefox\Profiles\fhnjvhp6.default\cookies.txt ] media.adrevolver.com [ C:\Documents and Settings\Mats Nevland\Programdata\Mozilla\Firefox\Profiles\fhnjvhp6.default\cookies.txt ] media.adrevolver.com [ C:\Documents and Settings\Mats Nevland\Programdata\Mozilla\Firefox\Profiles\fhnjvhp6.default\cookies.txt ] media.adrevolver.com [ C:\Documents and Settings\Mats Nevland\Programdata\Mozilla\Firefox\Profiles\fhnjvhp6.default\cookies.txt ] .adrevolver.com [ C:\Documents and Settings\Mats Nevland\Programdata\Mozilla\Firefox\Profiles\fhnjvhp6.default\cookies.txt ] .adrevolver.com [ C:\Documents and Settings\Mats Nevland\Programdata\Mozilla\Firefox\Profiles\fhnjvhp6.default\cookies.txt ] .adrevolver.com [ C:\Documents and Settings\Mats Nevland\Programdata\Mozilla\Firefox\Profiles\fhnjvhp6.default\cookies.txt ] .adrevolver.com [ C:\Documents and Settings\Mats Nevland\Programdata\Mozilla\Firefox\Profiles\fhnjvhp6.default\cookies.txt ] .advertising.com [ C:\Documents and Settings\Mats Nevland\Programdata\Mozilla\Firefox\Profiles\fhnjvhp6.default\cookies.txt ] .advertising.com [ C:\Documents and Settings\Mats Nevland\Programdata\Mozilla\Firefox\Profiles\fhnjvhp6.default\cookies.txt ] .advertising.com [ C:\Documents and Settings\Mats Nevland\Programdata\Mozilla\Firefox\Profiles\fhnjvhp6.default\cookies.txt ] .advertising.com [ C:\Documents and Settings\Mats Nevland\Programdata\Mozilla\Firefox\Profiles\fhnjvhp6.default\cookies.txt ] .toplist.cz [ C:\Documents and Settings\Mats Nevland\Programdata\Mozilla\Firefox\Profiles\fhnjvhp6.default\cookies.txt ] .overture.com [ C:\Documents and Settings\Mats Nevland\Programdata\Mozilla\Firefox\Profiles\fhnjvhp6.default\cookies.txt ] .insightexpressai.com [ C:\Documents and Settings\Mats Nevland\Programdata\Mozilla\Firefox\Profiles\fhnjvhp6.default\cookies.txt ] view.atdmt.com [ C:\Documents and Settings\Mats Nevland\Programdata\Mozilla\Firefox\Profiles\fhnjvhp6.default\cookies.txt ] .insightexpressai.com [ C:\Documents and Settings\Mats Nevland\Programdata\Mozilla\Firefox\Profiles\fhnjvhp6.default\cookies.txt ] .insightexpressai.com [ C:\Documents and Settings\Mats Nevland\Programdata\Mozilla\Firefox\Profiles\fhnjvhp6.default\cookies.txt ] .insightexpressai.com [ C:\Documents and Settings\Mats Nevland\Programdata\Mozilla\Firefox\Profiles\fhnjvhp6.default\cookies.txt ] .insightexpressai.com [ C:\Documents and Settings\Mats Nevland\Programdata\Mozilla\Firefox\Profiles\fhnjvhp6.default\cookies.txt ] .insightexpressai.com [ C:\Documents and Settings\Mats Nevland\Programdata\Mozilla\Firefox\Profiles\fhnjvhp6.default\cookies.txt ] .insightexpressai.com [ C:\Documents and Settings\Mats Nevland\Programdata\Mozilla\Firefox\Profiles\fhnjvhp6.default\cookies.txt ] ads3.blastro.com [ C:\Documents and Settings\Mats Nevland\Programdata\Mozilla\Firefox\Profiles\fhnjvhp6.default\cookies.txt ] ads4.blastro.com [ C:\Documents and Settings\Mats Nevland\Programdata\Mozilla\Firefox\Profiles\fhnjvhp6.default\cookies.txt ] ads4.blastro.com [ C:\Documents and Settings\Mats Nevland\Programdata\Mozilla\Firefox\Profiles\fhnjvhp6.default\cookies.txt ] .clicktorrent.info [ C:\Documents and Settings\Mats Nevland\Programdata\Mozilla\Firefox\Profiles\fhnjvhp6.default\cookies.txt ] clicktorrent.info [ C:\Documents and Settings\Mats Nevland\Programdata\Mozilla\Firefox\Profiles\fhnjvhp6.default\cookies.txt ] clicktorrent.info [ C:\Documents and Settings\Mats Nevland\Programdata\Mozilla\Firefox\Profiles\fhnjvhp6.default\cookies.txt ] clicktorrent.info [ C:\Documents and Settings\Mats Nevland\Programdata\Mozilla\Firefox\Profiles\fhnjvhp6.default\cookies.txt ] clicktorrent.info [ C:\Documents and Settings\Mats Nevland\Programdata\Mozilla\Firefox\Profiles\fhnjvhp6.default\cookies.txt ] clicktorrent.info [ C:\Documents and Settings\Mats Nevland\Programdata\Mozilla\Firefox\Profiles\fhnjvhp6.default\cookies.txt ] clicktorrent.info [ C:\Documents and Settings\Mats Nevland\Programdata\Mozilla\Firefox\Profiles\fhnjvhp6.default\cookies.txt ] clicktorrent.info [ C:\Documents and Settings\Mats Nevland\Programdata\Mozilla\Firefox\Profiles\fhnjvhp6.default\cookies.txt ] .clicktorrent.info [ C:\Documents and Settings\Mats Nevland\Programdata\Mozilla\Firefox\Profiles\fhnjvhp6.default\cookies.txt ] clicktorrent.info [ C:\Documents and Settings\Mats Nevland\Programdata\Mozilla\Firefox\Profiles\fhnjvhp6.default\cookies.txt ] .clicktorrent.info [ C:\Documents and Settings\Mats Nevland\Programdata\Mozilla\Firefox\Profiles\fhnjvhp6.default\cookies.txt ] .clicktorrent.info [ C:\Documents and Settings\Mats Nevland\Programdata\Mozilla\Firefox\Profiles\fhnjvhp6.default\cookies.txt ] .clicktorrent.info [ C:\Documents and Settings\Mats Nevland\Programdata\Mozilla\Firefox\Profiles\fhnjvhp6.default\cookies.txt ] .clicktorrent.info [ C:\Documents and Settings\Mats Nevland\Programdata\Mozilla\Firefox\Profiles\fhnjvhp6.default\cookies.txt ] .clicktorrent.info [ C:\Documents and Settings\Mats Nevland\Programdata\Mozilla\Firefox\Profiles\fhnjvhp6.default\cookies.txt ] .clicktorrent.info [ C:\Documents and Settings\Mats Nevland\Programdata\Mozilla\Firefox\Profiles\fhnjvhp6.default\cookies.txt ] .clicktorrent.info [ C:\Documents and Settings\Mats Nevland\Programdata\Mozilla\Firefox\Profiles\fhnjvhp6.default\cookies.txt ] .clicktorrent.info [ C:\Documents and Settings\Mats Nevland\Programdata\Mozilla\Firefox\Profiles\fhnjvhp6.default\cookies.txt ] .clicktorrent.info [ C:\Documents and Settings\Mats Nevland\Programdata\Mozilla\Firefox\Profiles\fhnjvhp6.default\cookies.txt ] .clicktorrent.info [ C:\Documents and Settings\Mats Nevland\Programdata\Mozilla\Firefox\Profiles\fhnjvhp6.default\cookies.txt ] .clicktorrent.info [ C:\Documents and Settings\Mats Nevland\Programdata\Mozilla\Firefox\Profiles\fhnjvhp6.default\cookies.txt ] .clicktorrent.info [ C:\Documents and Settings\Mats Nevland\Programdata\Mozilla\Firefox\Profiles\fhnjvhp6.default\cookies.txt ] .clicktorrent.info [ C:\Documents and Settings\Mats Nevland\Programdata\Mozilla\Firefox\Profiles\fhnjvhp6.default\cookies.txt ] .windowsmedia.com [ C:\Documents and Settings\Mats Nevland\Programdata\Mozilla\Firefox\Profiles\fhnjvhp6.default\cookies.txt ] .pro-market.net [ C:\Documents and Settings\Mats Nevland\Programdata\Mozilla\Firefox\Profiles\fhnjvhp6.default\cookies.txt ] .pro-market.net [ C:\Documents and Settings\Mats Nevland\Programdata\Mozilla\Firefox\Profiles\fhnjvhp6.default\cookies.txt ] .pro-market.net [ C:\Documents and Settings\Mats Nevland\Programdata\Mozilla\Firefox\Profiles\fhnjvhp6.default\cookies.txt ] .microsoftgamestudio.112.2o7.net [ C:\Documents and Settings\Mats Nevland\Programdata\Mozilla\Firefox\Profiles\fhnjvhp6.default\cookies.txt ] .fastclick.net [ C:\Documents and Settings\Mats Nevland\Programdata\Mozilla\Firefox\Profiles\fhnjvhp6.default\cookies.txt ] .fastclick.net [ C:\Documents and Settings\Mats Nevland\Programdata\Mozilla\Firefox\Profiles\fhnjvhp6.default\cookies.txt ] .blinck.112.2o7.net [ C:\Documents and Settings\Mats Nevland\Programdata\Mozilla\Firefox\Profiles\fhnjvhp6.default\cookies.txt ] ad1.emediate.dk [ C:\Documents and Settings\Mats Nevland\Programdata\Mozilla\Firefox\Profiles\fhnjvhp6.default\cookies.txt ] .bravenet.com [ C:\Documents and Settings\Mats Nevland\Programdata\Mozilla\Firefox\Profiles\fhnjvhp6.default\cookies.txt ] .bravenet.com [ C:\Documents and Settings\Mats Nevland\Programdata\Mozilla\Firefox\Profiles\fhnjvhp6.default\cookies.txt ] .saxotech.122.2o7.net [ C:\Documents and Settings\Mats Nevland\Programdata\Mozilla\Firefox\Profiles\fhnjvhp6.default\cookies.txt ] .adserver.adtechus.com [ C:\Documents and Settings\Mats Nevland\Programdata\Mozilla\Firefox\Profiles\fhnjvhp6.default\cookies.txt ] .indexstats.com [ C:\Documents and Settings\Mats Nevland\Programdata\Mozilla\Firefox\Profiles\fhnjvhp6.default\cookies.txt ] .indexstats.com [ C:\Documents and Settings\Mats Nevland\Programdata\Mozilla\Firefox\Profiles\fhnjvhp6.default\cookies.txt ] media.vlzserver.com [ C:\Documents and Settings\Mats Nevland\Programdata\Mozilla\Firefox\Profiles\fhnjvhp6.default\cookies.txt ] media.vlzserver.com [ C:\Documents and Settings\Mats Nevland\Programdata\Mozilla\Firefox\Profiles\fhnjvhp6.default\cookies.txt ] .interclick.com [ C:\Documents and Settings\Mats Nevland\Programdata\Mozilla\Firefox\Profiles\fhnjvhp6.default\cookies.txt ] .interclick.com [ C:\Documents and Settings\Mats Nevland\Programdata\Mozilla\Firefox\Profiles\fhnjvhp6.default\cookies.txt ] .interclick.com [ C:\Documents and Settings\Mats Nevland\Programdata\Mozilla\Firefox\Profiles\fhnjvhp6.default\cookies.txt ] .hitbox.com [ C:\Documents and Settings\Mats Nevland\Programdata\Mozilla\Firefox\Profiles\fhnjvhp6.default\cookies.txt ] .ehg-vcbs.hitbox.com [ C:\Documents and Settings\Mats Nevland\Programdata\Mozilla\Firefox\Profiles\fhnjvhp6.default\cookies.txt ] .banners.victor.com [ C:\Documents and Settings\Mats Nevland\Programdata\Mozilla\Firefox\Profiles\fhnjvhp6.default\cookies.txt ] date.ventivmedia.com [ C:\Documents and Settings\Mats Nevland\Programdata\Mozilla\Firefox\Profiles\fhnjvhp6.default\cookies.txt ] date.ventivmedia.com [ C:\Documents and Settings\Mats Nevland\Programdata\Mozilla\Firefox\Profiles\fhnjvhp6.default\cookies.txt ] date.ventivmedia.com [ C:\Documents and Settings\Mats Nevland\Programdata\Mozilla\Firefox\Profiles\fhnjvhp6.default\cookies.txt ] date.ventivmedia.com [ C:\Documents and Settings\Mats Nevland\Programdata\Mozilla\Firefox\Profiles\fhnjvhp6.default\cookies.txt ] date.ventivmedia.com [ C:\Documents and Settings\Mats Nevland\Programdata\Mozilla\Firefox\Profiles\fhnjvhp6.default\cookies.txt ] date.ventivmedia.com [ C:\Documents and Settings\Mats Nevland\Programdata\Mozilla\Firefox\Profiles\fhnjvhp6.default\cookies.txt ] date.ventivmedia.com [ C:\Documents and Settings\Mats Nevland\Programdata\Mozilla\Firefox\Profiles\fhnjvhp6.default\cookies.txt ] servedby.adxpower.com [ C:\Documents and Settings\Mats Nevland\Programdata\Mozilla\Firefox\Profiles\fhnjvhp6.default\cookies.txt ] ad.zanox.com [ C:\Documents and Settings\Mats Nevland\Programdata\Mozilla\Firefox\Profiles\fhnjvhp6.default\cookies.txt ] .adopt.euroclick.com [ C:\Documents and Settings\Mats Nevland\Programdata\Mozilla\Firefox\Profiles\fhnjvhp6.default\cookies.txt ] .questionmarket.com [ C:\Documents and Settings\Mats Nevland\Programdata\Mozilla\Firefox\Profiles\fhnjvhp6.default\cookies.txt ] .questionmarket.com [ C:\Documents and Settings\Mats Nevland\Programdata\Mozilla\Firefox\Profiles\fhnjvhp6.default\cookies.txt ] .pornhub.com [ C:\Documents and Settings\Mats Nevland\Programdata\Mozilla\Firefox\Profiles\fhnjvhp6.default\cookies.txt ] .pornhub.com [ C:\Documents and Settings\Mats Nevland\Programdata\Mozilla\Firefox\Profiles\fhnjvhp6.default\cookies.txt ] .sexdating.no [ C:\Documents and Settings\Mats Nevland\Programdata\Mozilla\Firefox\Profiles\fhnjvhp6.default\cookies.txt ] .sexdating.no [ C:\Documents and Settings\Mats Nevland\Programdata\Mozilla\Firefox\Profiles\fhnjvhp6.default\cookies.txt ] .adserver.easyad.info [ C:\Documents and Settings\Mats Nevland\Programdata\Mozilla\Firefox\Profiles\fhnjvhp6.default\cookies.txt ] stat.onestat.com [ C:\Documents and Settings\Mats Nevland\Programdata\Mozilla\Firefox\Profiles\fhnjvhp6.default\cookies.txt ] stat.onestat.com [ C:\Documents and Settings\Mats Nevland\Programdata\Mozilla\Firefox\Profiles\fhnjvhp6.default\cookies.txt ] .adnetserver.com [ C:\Documents and Settings\Mats Nevland\Programdata\Mozilla\Firefox\Profiles\fhnjvhp6.default\cookies.txt ] .apmebf.com [ C:\Documents and Settings\Mats Nevland\Programdata\Mozilla\Firefox\Profiles\fhnjvhp6.default\cookies.txt ] .edge.ru4.com [ C:\Documents and Settings\Mats Nevland\Programdata\Mozilla\Firefox\Profiles\fhnjvhp6.default\cookies.txt ] .antispywaresuite.com [ C:\Documents and Settings\Mats Nevland\Programdata\Mozilla\Firefox\Profiles\fhnjvhp6.default\cookies.txt ] .antispywaresuite.com [ C:\Documents and Settings\Mats Nevland\Programdata\Mozilla\Firefox\Profiles\fhnjvhp6.default\cookies.txt ] .antispywaresuite.com [ C:\Documents and Settings\Mats Nevland\Programdata\Mozilla\Firefox\Profiles\fhnjvhp6.default\cookies.txt ] .antispywaresuite.com [ C:\Documents and Settings\Mats Nevland\Programdata\Mozilla\Firefox\Profiles\fhnjvhp6.default\cookies.txt ] .antispywaresuite.com [ C:\Documents and Settings\Mats Nevland\Programdata\Mozilla\Firefox\Profiles\fhnjvhp6.default\cookies.txt ] .antispywaresuite.com [ C:\Documents and Settings\Mats Nevland\Programdata\Mozilla\Firefox\Profiles\fhnjvhp6.default\cookies.txt ] .antispywaresuite.com [ C:\Documents and Settings\Mats Nevland\Programdata\Mozilla\Firefox\Profiles\fhnjvhp6.default\cookies.txt ] .antispywaresuite.com [ C:\Documents and Settings\Mats Nevland\Programdata\Mozilla\Firefox\Profiles\fhnjvhp6.default\cookies.txt ] .antispywaresuite.com [ C:\Documents and Settings\Mats Nevland\Programdata\Mozilla\Firefox\Profiles\fhnjvhp6.default\cookies.txt ] .antispywaresuite.com [ C:\Documents and Settings\Mats Nevland\Programdata\Mozilla\Firefox\Profiles\fhnjvhp6.default\cookies.txt ] .antispywaresuite.com [ C:\Documents and Settings\Mats Nevland\Programdata\Mozilla\Firefox\Profiles\fhnjvhp6.default\cookies.txt ] .antispywaresuite.com [ C:\Documents and Settings\Mats Nevland\Programdata\Mozilla\Firefox\Profiles\fhnjvhp6.default\cookies.txt ] .avsystemcare.com [ C:\Documents and Settings\Mats Nevland\Programdata\Mozilla\Firefox\Profiles\fhnjvhp6.default\cookies.txt ] .nextag.com [ C:\Documents and Settings\Mats Nevland\Programdata\Mozilla\Firefox\Profiles\fhnjvhp6.default\cookies.txt ] .nextag.com [ C:\Documents and Settings\Mats Nevland\Programdata\Mozilla\Firefox\Profiles\fhnjvhp6.default\cookies.txt ] .nextag.com [ C:\Documents and Settings\Mats Nevland\Programdata\Mozilla\Firefox\Profiles\fhnjvhp6.default\cookies.txt ] .trustedantivirus.com [ C:\Documents and Settings\Mats Nevland\Programdata\Mozilla\Firefox\Profiles\fhnjvhp6.default\cookies.txt ] .trustedantivirus.com [ C:\Documents and Settings\Mats Nevland\Programdata\Mozilla\Firefox\Profiles\fhnjvhp6.default\cookies.txt ] .e2.emediate.se [ C:\Documents and Settings\Mats Nevland\Programdata\Mozilla\Firefox\Profiles\fhnjvhp6.default\cookies.txt ] .e2.emediate.se [ C:\Documents and Settings\Mats Nevland\Programdata\Mozilla\Firefox\Profiles\fhnjvhp6.default\cookies.txt ] www.3dstats.com [ C:\Documents and Settings\Mats Nevland\Programdata\Mozilla\Firefox\Profiles\fhnjvhp6.default\cookies.txt ] .xiti.com [ C:\Documents and Settings\Mats Nevland\Programdata\Mozilla\Firefox\Profiles\fhnjvhp6.default\cookies.txt ] Malware.LocusSoftware Inc/PCPrivacyTool HKLM\Software\Purchased Products HKLM\Software\Purchased Products\System Error Repair HKLM\Software\Purchased Products\System Error Repair#domain HKLM\Software\Purchased Products\System Error Repair#pname HKLM\Software\Purchased Products\System Error Repair#cname Rogue.LocusSoftware-Installer C:\DOCUMENTS AND SETTINGS\MATS NEVLAND\SKRIVEBORD\DIV\SETUP_EN.EXE BearShare File Sharing Client C:\PROGRAMFILER\BEARSHARE APPLICATIONS\BEARSHARE\BEARSHARE.EXE C:\WINDOWS\Prefetch\BEARSHARE.EXE-194E0F13.pf Trojan.Vundo/Variant-Installer C:\PROGRAMFILER\BITTORRENT\BITTORRENT .EXE C:\PROGRAMFILER\BITTORRENT\BITTORRENT .EXE C:\PROGRAMFILER\BITTORRENT\BITTORRENT .EXE C:\PROGRAMFILER\BITTORRENT\BITTORRENT .EXE C:\PROGRAMFILER\BITTORRENT\BITTORRENT .EXE C:\PROGRAMFILER\BITTORRENT\BITTORRENT .EXE C:\PROGRAMFILER\BITTORRENT\BITTORRENT .EXE C:\PROGRAMFILER\BITTORRENT\BITTORRENT .EXE C:\PROGRAMFILER\BITTORRENT\BITTORRENT .EXE C:\PROGRAMFILER\BITTORRENT\BITTORRENT .EXE C:\PROGRAMFILER\BITTORRENT\BITTORRENT .EXE C:\PROGRAMFILER\BITTORRENT\BITTORRENT .EXE C:\PROGRAMFILER\BITTORRENT\BITTORRENT .EXE C:\PROGRAMFILER\BITTORRENT\BITTORRENT .EXE C:\SYSTEM VOLUME INFORMATION\_RESTORE{B5A23315-9474-4112-8DCE-8D60BCCB252D}\RP228\A0027896.EXE C:\SYSTEM VOLUME INFORMATION\_RESTORE{B5A23315-9474-4112-8DCE-8D60BCCB252D}\RP228\A0027898.EXE C:\SYSTEM VOLUME INFORMATION\_RESTORE{B5A23315-9474-4112-8DCE-8D60BCCB252D}\RP228\A0027906.EXE C:\SYSTEM VOLUME INFORMATION\_RESTORE{B5A23315-9474-4112-8DCE-8D60BCCB252D}\RP228\A0027907.EXE C:\SYSTEM VOLUME INFORMATION\_RESTORE{B5A23315-9474-4112-8DCE-8D60BCCB252D}\RP228\A0027908.EXE C:\SYSTEM VOLUME INFORMATION\_RESTORE{B5A23315-9474-4112-8DCE-8D60BCCB252D}\RP228\A0027909.EXE C:\SYSTEM VOLUME INFORMATION\_RESTORE{B5A23315-9474-4112-8DCE-8D60BCCB252D}\RP228\A0027910.EXE C:\SYSTEM VOLUME INFORMATION\_RESTORE{B5A23315-9474-4112-8DCE-8D60BCCB252D}\RP228\A0027911.EXE Trojan.Vundo/Variant-Installer/A C:\PROGRAMFILER\QUICKTIME\QTTASK .EXE C:\PROGRAMFILER\QUICKTIME\QTTASK .EXE C:\PROGRAMFILER\QUICKTIME\QTTASK .EXE C:\PROGRAMFILER\QUICKTIME\QTTASK .EXE C:\PROGRAMFILER\QUICKTIME\QTTASK .EXE C:\PROGRAMFILER\QUICKTIME\QTTASK .EXE C:\PROGRAMFILER\QUICKTIME\QTTASK .EXE C:\PROGRAMFILER\QUICKTIME\QTTASK .EXE C:\PROGRAMFILER\QUICKTIME\QTTASK .EXE C:\PROGRAMFILER\QUICKTIME\QTTASK .EXE C:\PROGRAMFILER\QUICKTIME\QTTASK .EXE C:\PROGRAMFILER\QUICKTIME\QTTASK .EXE C:\PROGRAMFILER\QUICKTIME\QTTASK .EXE C:\PROGRAMFILER\QUICKTIME\QTTASK .EXE C:\PROGRAMFILER\QUICKTIME\QTTASK .EXE C:\PROGRAMFILER\QUICKTIME\QTTASK .EXE C:\PROGRAMFILER\QUICKTIME\QTTASK .EXE C:\PROGRAMFILER\QUICKTIME\QTTASK .EXE C:\PROGRAMFILER\QUICKTIME\QTTASK .EXE C:\SYSTEM VOLUME INFORMATION\_RESTORE{B5A23315-9474-4112-8DCE-8D60BCCB252D}\RP227\A0027879.EXE C:\SYSTEM VOLUME INFORMATION\_RESTORE{B5A23315-9474-4112-8DCE-8D60BCCB252D}\RP227\A0027882.EXE C:\SYSTEM VOLUME INFORMATION\_RESTORE{B5A23315-9474-4112-8DCE-8D60BCCB252D}\RP227\A0027883.EXE C:\SYSTEM VOLUME INFORMATION\_RESTORE{B5A23315-9474-4112-8DCE-8D60BCCB252D}\RP228\A0027899.EXE C:\SYSTEM VOLUME INFORMATION\_RESTORE{B5A23315-9474-4112-8DCE-8D60BCCB252D}\RP228\A0027900.EXE C:\SYSTEM VOLUME INFORMATION\_RESTORE{B5A23315-9474-4112-8DCE-8D60BCCB252D}\RP228\A0027902.EXE C:\SYSTEM VOLUME INFORMATION\_RESTORE{B5A23315-9474-4112-8DCE-8D60BCCB252D}\RP228\A0027903.EXE C:\SYSTEM VOLUME INFORMATION\_RESTORE{B5A23315-9474-4112-8DCE-8D60BCCB252D}\RP228\A0027904.EXE C:\SYSTEM VOLUME INFORMATION\_RESTORE{B5A23315-9474-4112-8DCE-8D60BCCB252D}\RP228\A0027905.EXE Adware.Vundo-Variant/Small-A C:\SYSTEM VOLUME INFORMATION\_RESTORE{B5A23315-9474-4112-8DCE-8D60BCCB252D}\RP227\A0027870.DLL C:\SYSTEM VOLUME INFORMATION\_RESTORE{B5A23315-9474-4112-8DCE-8D60BCCB252D}\RP227\A0027871.DLL C:\SYSTEM VOLUME INFORMATION\_RESTORE{B5A23315-9474-4112-8DCE-8D60BCCB252D}\RP227\A0027872.DLL C:\SYSTEM VOLUME INFORMATION\_RESTORE{B5A23315-9474-4112-8DCE-8D60BCCB252D}\RP228\A0027918.DLL C:\SYSTEM VOLUME INFORMATION\_RESTORE{B5A23315-9474-4112-8DCE-8D60BCCB252D}\RP258\A0030062.DLL C:\SYSTEM VOLUME INFORMATION\_RESTORE{B5A23315-9474-4112-8DCE-8D60BCCB252D}\RP258\A0030163.DLL C:\SYSTEM VOLUME INFORMATION\_RESTORE{B5A23315-9474-4112-8DCE-8D60BCCB252D}\RP321\A0038638.DLL C:\SYSTEM VOLUME INFORMATION\_RESTORE{B5A23315-9474-4112-8DCE-8D60BCCB252D}\RP321\A0038621.DLL C:\SYSTEM VOLUME INFORMATION\_RESTORE{B5A23315-9474-4112-8DCE-8D60BCCB252D}\RP321\A0038624.DLL C:\SYSTEM VOLUME INFORMATION\_RESTORE{B5A23315-9474-4112-8DCE-8D60BCCB252D}\RP321\A0038625.DLL C:\SYSTEM VOLUME INFORMATION\_RESTORE{B5A23315-9474-4112-8DCE-8D60BCCB252D}\RP321\A0038626.DLL C:\SYSTEM VOLUME INFORMATION\_RESTORE{B5A23315-9474-4112-8DCE-8D60BCCB252D}\RP321\A0038627.DLL C:\SYSTEM VOLUME INFORMATION\_RESTORE{B5A23315-9474-4112-8DCE-8D60BCCB252D}\RP321\A0038630.DLL C:\SYSTEM VOLUME INFORMATION\_RESTORE{B5A23315-9474-4112-8DCE-8D60BCCB252D}\RP321\A0038631.DLL C:\SYSTEM VOLUME INFORMATION\_RESTORE{B5A23315-9474-4112-8DCE-8D60BCCB252D}\RP321\A0038632.DLL C:\SYSTEM VOLUME INFORMATION\_RESTORE{B5A23315-9474-4112-8DCE-8D60BCCB252D}\RP321\A0038634.DLL C:\SYSTEM VOLUME INFORMATION\_RESTORE{B5A23315-9474-4112-8DCE-8D60BCCB252D}\RP321\A0038636.DLL C:\SYSTEM VOLUME INFORMATION\_RESTORE{B5A23315-9474-4112-8DCE-8D60BCCB252D}\RP321\A0038637.DLL C:\SYSTEM VOLUME INFORMATION\_RESTORE{B5A23315-9474-4112-8DCE-8D60BCCB252D}\RP321\A0038656.DLL C:\SYSTEM VOLUME INFORMATION\_RESTORE{B5A23315-9474-4112-8DCE-8D60BCCB252D}\RP321\A0038639.DLL C:\SYSTEM VOLUME INFORMATION\_RESTORE{B5A23315-9474-4112-8DCE-8D60BCCB252D}\RP321\A0038640.DLL C:\SYSTEM VOLUME INFORMATION\_RESTORE{B5A23315-9474-4112-8DCE-8D60BCCB252D}\RP321\A0038644.DLL C:\SYSTEM VOLUME INFORMATION\_RESTORE{B5A23315-9474-4112-8DCE-8D60BCCB252D}\RP321\A0038645.DLL C:\SYSTEM VOLUME INFORMATION\_RESTORE{B5A23315-9474-4112-8DCE-8D60BCCB252D}\RP321\A0038647.DLL C:\SYSTEM VOLUME INFORMATION\_RESTORE{B5A23315-9474-4112-8DCE-8D60BCCB252D}\RP321\A0038648.DLL C:\SYSTEM VOLUME INFORMATION\_RESTORE{B5A23315-9474-4112-8DCE-8D60BCCB252D}\RP321\A0038649.DLL C:\SYSTEM VOLUME INFORMATION\_RESTORE{B5A23315-9474-4112-8DCE-8D60BCCB252D}\RP321\A0038652.DLL C:\SYSTEM VOLUME INFORMATION\_RESTORE{B5A23315-9474-4112-8DCE-8D60BCCB252D}\RP321\A0038653.DLL C:\SYSTEM VOLUME INFORMATION\_RESTORE{B5A23315-9474-4112-8DCE-8D60BCCB252D}\RP321\A0038655.DLL C:\SYSTEM VOLUME INFORMATION\_RESTORE{B5A23315-9474-4112-8DCE-8D60BCCB252D}\RP321\A0038674.DLL C:\SYSTEM VOLUME INFORMATION\_RESTORE{B5A23315-9474-4112-8DCE-8D60BCCB252D}\RP321\A0038657.DLL C:\SYSTEM VOLUME INFORMATION\_RESTORE{B5A23315-9474-4112-8DCE-8D60BCCB252D}\RP321\A0038658.DLL C:\SYSTEM VOLUME INFORMATION\_RESTORE{B5A23315-9474-4112-8DCE-8D60BCCB252D}\RP321\A0038659.DLL C:\SYSTEM VOLUME INFORMATION\_RESTORE{B5A23315-9474-4112-8DCE-8D60BCCB252D}\RP321\A0038661.DLL C:\SYSTEM VOLUME INFORMATION\_RESTORE{B5A23315-9474-4112-8DCE-8D60BCCB252D}\RP321\A0038662.DLL C:\SYSTEM VOLUME INFORMATION\_RESTORE{B5A23315-9474-4112-8DCE-8D60BCCB252D}\RP321\A0038666.DLL C:\SYSTEM VOLUME INFORMATION\_RESTORE{B5A23315-9474-4112-8DCE-8D60BCCB252D}\RP321\A0038669.DLL C:\SYSTEM VOLUME INFORMATION\_RESTORE{B5A23315-9474-4112-8DCE-8D60BCCB252D}\RP321\A0038672.DLL C:\SYSTEM VOLUME INFORMATION\_RESTORE{B5A23315-9474-4112-8DCE-8D60BCCB252D}\RP321\A0038673.DLL C:\SYSTEM VOLUME INFORMATION\_RESTORE{B5A23315-9474-4112-8DCE-8D60BCCB252D}\RP321\A0038675.DLL C:\SYSTEM VOLUME INFORMATION\_RESTORE{B5A23315-9474-4112-8DCE-8D60BCCB252D}\RP321\A0038676.DLL C:\SYSTEM VOLUME INFORMATION\_RESTORE{B5A23315-9474-4112-8DCE-8D60BCCB252D}\RP321\A0038677.DLL C:\SYSTEM VOLUME INFORMATION\_RESTORE{B5A23315-9474-4112-8DCE-8D60BCCB252D}\RP321\A0038678.DLL C:\SYSTEM VOLUME INFORMATION\_RESTORE{B5A23315-9474-4112-8DCE-8D60BCCB252D}\RP321\A0038679.DLL C:\SYSTEM VOLUME INFORMATION\_RESTORE{B5A23315-9474-4112-8DCE-8D60BCCB252D}\RP321\A0038682.DLL C:\SYSTEM VOLUME INFORMATION\_RESTORE{B5A23315-9474-4112-8DCE-8D60BCCB252D}\RP321\A0038683.DLL C:\WINDOWS\SYSTEM32\CAXVFTRQ.DLL C:\WINDOWS\SYSTEM32\CMTTKMCK.DLL C:\WINDOWS\SYSTEM32\HOHEAUSQ.DLL C:\WINDOWS\SYSTEM32\JHRQGKIC.DLL C:\WINDOWS\SYSTEM32\WQAFBRMN.DLL Rogue.StorageProtector/Trace C:\SYSTEM VOLUME INFORMATION\_RESTORE{B5A23315-9474-4112-8DCE-8D60BCCB252D}\RP227\A0027884.EXE C:\SYSTEM VOLUME INFORMATION\_RESTORE{B5A23315-9474-4112-8DCE-8D60BCCB252D}\RP321\A0038604.EXE C:\SYSTEM VOLUME INFORMATION\_RESTORE{B5A23315-9474-4112-8DCE-8D60BCCB252D}\RP321\A0038605.EXE Adware.Vundo-Variant/PolyMorph-A C:\SYSTEM VOLUME INFORMATION\_RESTORE{B5A23315-9474-4112-8DCE-8D60BCCB252D}\RP228\A0027915.DLL C:\SYSTEM VOLUME INFORMATION\_RESTORE{B5A23315-9474-4112-8DCE-8D60BCCB252D}\RP321\A0038628.DLL C:\SYSTEM VOLUME INFORMATION\_RESTORE{B5A23315-9474-4112-8DCE-8D60BCCB252D}\RP321\A0038641.DLL C:\SYSTEM VOLUME INFORMATION\_RESTORE{B5A23315-9474-4112-8DCE-8D60BCCB252D}\RP321\A0038650.DLL C:\SYSTEM VOLUME INFORMATION\_RESTORE{B5A23315-9474-4112-8DCE-8D60BCCB252D}\RP321\A0038651.DLL C:\SYSTEM VOLUME INFORMATION\_RESTORE{B5A23315-9474-4112-8DCE-8D60BCCB252D}\RP321\A0038654.DLL C:\SYSTEM VOLUME INFORMATION\_RESTORE{B5A23315-9474-4112-8DCE-8D60BCCB252D}\RP321\A0038665.DLL C:\SYSTEM VOLUME INFORMATION\_RESTORE{B5A23315-9474-4112-8DCE-8D60BCCB252D}\RP321\A0038671.DLL C:\SYSTEM VOLUME INFORMATION\_RESTORE{B5A23315-9474-4112-8DCE-8D60BCCB252D}\RP321\A0038680.DLL C:\SYSTEM VOLUME INFORMATION\_RESTORE{B5A23315-9474-4112-8DCE-8D60BCCB252D}\RP321\A0038681.DLL Adware.Vundo-Variant C:\SYSTEM VOLUME INFORMATION\_RESTORE{B5A23315-9474-4112-8DCE-8D60BCCB252D}\RP228\A0027916.DLL Trojan.Unclassified/Dropper-B C:\SYSTEM VOLUME INFORMATION\_RESTORE{B5A23315-9474-4112-8DCE-8D60BCCB252D}\RP321\A0038623.DLL C:\SYSTEM VOLUME INFORMATION\_RESTORE{B5A23315-9474-4112-8DCE-8D60BCCB252D}\RP321\A0038633.DLL C:\SYSTEM VOLUME INFORMATION\_RESTORE{B5A23315-9474-4112-8DCE-8D60BCCB252D}\RP321\A0038642.DLL C:\SYSTEM VOLUME INFORMATION\_RESTORE{B5A23315-9474-4112-8DCE-8D60BCCB252D}\RP321\A0038643.DLL C:\SYSTEM VOLUME INFORMATION\_RESTORE{B5A23315-9474-4112-8DCE-8D60BCCB252D}\RP321\A0038646.DLL C:\SYSTEM VOLUME INFORMATION\_RESTORE{B5A23315-9474-4112-8DCE-8D60BCCB252D}\RP321\A0038663.DLL C:\SYSTEM VOLUME INFORMATION\_RESTORE{B5A23315-9474-4112-8DCE-8D60BCCB252D}\RP321\A0038667.DLL C:\SYSTEM VOLUME INFORMATION\_RESTORE{B5A23315-9474-4112-8DCE-8D60BCCB252D}\RP321\A0038670.DLL Trojan.Downloader-Gen/DDC C:\WINDOWS\SYSTEM32\AKDYJPJB.EXE C:\WINDOWS\SYSTEM32\BGIKSLGF.EXE C:\WINDOWS\SYSTEM32\CAIBEQDW.EXE C:\WINDOWS\SYSTEM32\CCPBOMKO.EXE C:\WINDOWS\SYSTEM32\QWPKIEGP.EXE Trojan.Vundo-Variant/Small C:\WINDOWS\SYSTEM32\LBJJFYMY.DLL Siste log, etter restart: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 21:28:30, on 10.06.2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16640) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Programfiler\Lavasoft\Ad-Aware 2007\aawservice.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\SOUNDMAN.EXE C:\Programfiler\Windows Live\Tryggere for familien\fssui.exe C:\Programfiler\Java\jre1.6.0_06\bin\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Programfiler\Windows Live\Messenger\MsnMsgr.Exe C:\Programfiler\BitTorrent\bittorrent .exe C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\WINDOWS\System32\PAStiSvc.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\wuauclt.exe C:\Programfiler\Trend Micro\teswt\tt.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger O2 - BHO: Windows Live OneCare Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Programfiler\Windows Live\Tryggere for familien\fssbho.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_06\bin\ssv.dll O2 - BHO: Påloggingshjelp for Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file) O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programfiler\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programfiler\Windows Live Toolbar\msntb.dll O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file) O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programfiler\Windows Live Toolbar\msntb.dll O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [fssui] "C:\Programfiler\Windows Live\Tryggere for familien\fssui.exe" -autorun O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programfiler\Java\jre1.6.0_06\bin\jusched.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Programfiler\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [bitTorrent] "C:\Programfiler\BitTorrent\bittorrent .exe" --force_start_minimized O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETTVERKSTJENESTE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: &Windows Live Search - res://C:\Programfiler\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Åpne i ny bakgrunnsflik - res://C:\Programfiler\Windows Live Toolbar\Components\nb-no\msntabres.dll.mui/229?849301a967d744fd993ffc51f0a86d90 O8 - Extra context menu item: Åpne i ny forgrunnsflik - res://C:\Programfiler\Windows Live Toolbar\Components\nb-no\msntabres.dll.mui/230?849301a967d744fd993ffc51f0a86d90 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_06\bin\ssv.dll O9 - Extra button: Blogg dette - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programfiler\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Blogg dette i Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programfiler\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Oppslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O20 - Winlogon Notify: !SASWinLogon - C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Programfiler\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Programfiler\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe -- End of file - 5896 bytes Hvordan ser det ut? Skal noe mer gjøres? Lenke til kommentar
snippsat Skrevet 10. juni 2008 Del Skrevet 10. juni 2008 (endret) Start HijackThis "scan" finn disse linjene merk dem,så trykk fix checked. O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file) O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file) Bearshare prøv og finne et annet p2p program,denne er kjent for og ta med seg en del grums. Bruk pcen kjører den greit gjør du dette. Du kan fjerne combofix ved å skrive combofix /u fra kjør-vinduet. Denne kommandoen gjør at filer i karantene og backups blir slette. Systemgjenopprettingsmappa nullstilt etc. Anngående antivirus så er avira bra og gratis. http://www.free-av.com/ Brannmur så er online armor free bra. http://www.tallemu.com/ Sas fortsetter du og bruke. Surf trygt. Endret 11. juni 2008 av SNIPPSAT Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå