Petaaar Skrevet 11. juni 2008 Del Skrevet 11. juni 2008 (endret) Hei. lurte på om noen kan skjekke loggene mine:) HIJACKTHIS : Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 00:07:13, on 12.06.2008 Platform: Windows Vista (WinNT 6.00.1904) MSIE: Internet Explorer v7.00 (7.00.6000.16643) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\system32\taskeng.exe C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\DAEMON Tools Lite\daemon.exe C:\Program Files\Logitech\SetPoint\SetPoint.exe C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDClock.exe C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDCountdown.exe C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\Windows\Explorer.exe C:\Windows\system32\notepad.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Mozilla Firefox 3 Beta 5\firefox.exe C:\Windows\system32\SearchFilterHost.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\Windows\system32\DllHost.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hardware.no/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O4 - HKLM\..\Run: [Launch LCDMon] "C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe" O4 - HKLM\..\Run: [Launch LGDCore] "C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" /SHOWHIDE O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [startCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE') O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O13 - Gopher Prefix: O15 - Trusted Zone: http://*.ftwtv.com O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/...NPUpldnb-no.cab O16 - DPF: {A903E5AB-C67E-40FB-94F1-E1305982F6E0} (KooPlayer Control) - http://www.ftwtv.com/UKooPlayer.ocx O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe O23 - Service: Bonjour-tjeneste (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - Unknown owner - C:\Program Files\COMODO\Firewall\cmdagent.exe (file missing) O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\LogiShrd\Bluetooth\LBTServ.exe O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software GmbH - C:\Windows\System32\TuneUpDefragService.exe -- End of file - 6838 bytes Combo FIX ComboFix 08-06-10.2 - Peter 2008-06-11 23:11:19.2 - NTFSx86 Microsoft® Windows Vista™ Ultimate 6.0.6000.0.1252.1.1033.18.2177 [GMT 2:00] Running from: C:\Users\Peter\Downloads\ComboFix.exe * Resident AV is active . ((((((((((((((((((((((((( Files Created from 2008-05-11 to 2008-06-11 ))))))))))))))))))))))))))))))) . 2008-06-11 11:34 . 2008-06-11 11:34 <DIR> d-------- C:\Users\Peter\AppData\Roaming\Comodo 2008-06-11 11:34 . 2008-06-11 11:34 <DIR> d-------- C:\Users\All Users\comodo 2008-06-11 11:34 . 2008-06-11 11:34 <DIR> d-------- C:\ProgramData\comodo 2008-06-11 11:33 . 2008-06-11 11:33 <DIR> d-------- C:\Program Files\COMODO 2008-06-08 15:27 . 2008-06-08 15:27 <DIR> d-------- C:\Program Files\NCH Swift Sound 2008-06-08 15:23 . 2002-10-01 14:43 119,798 --a------ C:\Windows\System32\drivers\spca561.sys 2008-06-08 15:23 . 2002-10-31 16:37 118,784 --a------ C:\Windows\ShowBmp.exe 2008-06-08 15:23 . 2002-08-13 18:01 53,248 --a------ C:\Windows\ap561.exe 2008-06-08 15:23 . 2002-08-13 18:01 14,385 --a------ C:\Windows\Tw561a.ini 2008-06-08 15:23 . 2002-09-20 19:44 14,336 --a------ C:\Windows\System32\dshow508.ax 2008-06-08 15:23 . 2002-08-13 18:01 7,431 --a------ C:\Windows\Tw561a.src 2008-06-08 15:23 . 2002-03-19 14:11 81 --a------ C:\Windows\Setup8a.ini 2008-06-08 15:22 . 2008-06-08 15:23 <DIR> d-------- C:\Windows\Setup2K 2008-05-31 18:49 . 2008-05-31 18:49 <DIR> d-------- C:\Windows\System32\Adobe 2008-05-30 14:17 . 2008-05-30 14:17 <DIR> d-------- C:\Users\Peter\AppData\Roaming\Alloysoft 2008-05-30 14:17 . 2008-05-30 14:17 <DIR> d-------- C:\Program Files\Signal 2008-05-29 14:30 . 2008-05-29 14:30 <DIR> d-------- C:\Users\All Users\TEMP 2008-05-29 14:30 . 2008-05-29 14:30 <DIR> d-------- C:\ProgramData\TEMP 2008-05-29 14:30 . 2006-09-28 16:05 2,414,360 --a------ C:\Windows\System32\d3dx9_31.dll 2008-05-28 21:19 . 2008-03-08 02:37 4,247,552 --a------ C:\Windows\System32\GameUXLegacyGDFs.dll 2008-05-28 21:19 . 2008-03-08 06:30 1,686,528 --a------ C:\Windows\System32\gameux.dll 2008-05-27 20:39 . 2008-05-27 20:39 <DIR> d-------- C:\Users\All Users\Xerox 2008-05-27 20:39 . 2008-05-27 20:39 <DIR> d-------- C:\ProgramData\Xerox 2008-05-27 20:36 . 2008-05-27 20:36 <DIR> d-------- C:\Program Files\Canon 2008-05-27 20:17 . 2008-05-27 20:17 <DIR> d-------- C:\Program Files\Common Files\Canon 2008-05-25 22:56 . 2008-05-25 22:56 0 --a------ C:\Windows\System32\logonui.exe.flyakiteosx 2008-05-25 22:56 . 2008-05-25 22:56 0 --a------ C:\Windows\System32\logon.scr.flyakiteosx 2008-05-25 22:54 . 2008-05-25 22:54 0 --a------ C:\Windows\System32\wscui.cpl.flyakiteosx 2008-05-25 22:53 . 2008-05-25 22:53 0 --a------ C:\Windows\System32\shell32.dll.flyakiteosx 2008-05-25 22:53 . 2008-05-25 22:53 0 --a------ C:\Windows\System32\ncpa.cpl.flyakiteosx 2008-05-25 22:53 . 2008-05-25 22:53 0 --a------ C:\Windows\System32\mmsys.cpl.flyakiteosx 2008-05-25 22:53 . 2008-05-25 22:53 0 --a------ C:\Windows\System32\main.cpl.flyakiteosx 2008-05-25 22:53 . 2008-05-25 22:53 0 --a------ C:\Windows\System32\joy.cpl.flyakiteosx 2008-05-25 22:53 . 2008-05-25 22:53 0 --a------ C:\Windows\System32\irprops.cpl.flyakiteosx 2008-05-25 22:53 . 2008-05-25 22:53 0 --a------ C:\Windows\System32\intl.cpl.flyakiteosx 2008-05-25 22:53 . 2008-05-25 22:53 0 --a------ C:\Windows\System32\inetcpl.cpl.flyakiteosx 2008-05-25 22:53 . 2008-05-25 22:53 0 --a------ C:\Windows\System32\hdwwiz.cpl.flyakiteosx 2008-05-25 22:53 . 2008-05-25 22:53 0 --a------ C:\Windows\System32\desk.cpl.flyakiteosx 2008-05-25 22:53 . 2008-05-25 22:53 0 --a------ C:\Windows\System32\appwiz.cpl.flyakiteosx 2008-05-24 02:41 . 2008-05-24 02:41 <DIR> d-------- C:\Users\All Users\ATI 2008-05-24 02:41 . 2008-05-24 02:41 <DIR> d-------- C:\ProgramData\ATI 2008-05-20 18:46 . 2008-05-20 18:46 <DIR> d-------- C:\Users\Peter\AppData\Roaming\J River 2008-05-19 16:51 . 2008-05-19 16:51 <DIR> d-------- C:\Program Files\J River 2008-05-19 16:51 . 2007-12-24 10:15 585,728 --------- C:\Windows\System32\AReadyLB.dll 2008-05-19 16:51 . 2007-12-24 10:15 229,376 --------- C:\Windows\System32\AudDevicePlugin.dll 2008-05-19 16:51 . 2008-03-13 08:58 183,129 --------- C:\Windows\System32\AM Install1.INF 2008-05-16 22:58 . 2008-05-16 22:59 <DIR> d-------- C:\NYNO31 2008-05-15 14:26 . 2008-06-05 17:28 <DIR> d-------- C:\Program Files\winpwn 2008-05-12 18:30 . 2008-05-12 18:30 3,592,704 --a------ C:\Windows\System32\drivers\atikmdag.sys 2008-05-12 17:56 . 2008-05-12 17:56 397,312 --a------ C:\Windows\System32\ATIDEMGX.dll 2008-05-12 17:55 . 2008-05-12 17:55 262,144 --a------ C:\Windows\System32\Oemdspif.dll 2008-05-12 17:45 . 2008-05-12 17:45 1,554,944 --a------ C:\Windows\System32\atidxx32.dll 2008-05-12 17:26 . 2008-05-12 17:26 9,994,240 --a------ C:\Windows\System32\atioglxx.dll 2008-05-12 17:11 . 2008-05-12 17:11 48,640 --a------ C:\Windows\System32\amdpcom32.dll 2008-05-12 17:11 . 2008-05-12 17:11 19,968 --a------ C:\Windows\System32\atiadlxx.dll 2008-05-12 16:56 . 2008-05-12 16:56 49,152 --a------ C:\Windows\System32\drivers\ati2erec.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-06-11 11:59 --------- d-----w C:\Users\Peter\AppData\Roaming\OpenOffice.org2 2008-06-11 11:13 --------- d-----w C:\Program Files\Mozilla Firefox 3 Beta 5 2008-06-11 09:19 --------- d-----w C:\ProgramData\Microsoft Help 2008-06-09 22:18 --------- d-----w C:\Users\Peter\AppData\Roaming\uTorrent 2008-06-08 13:22 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-05-25 12:13 22,328 ----a-w C:\Windows\system32\drivers\PnkBstrK.sys 2008-05-25 12:13 103,736 ----a-w C:\Windows\System32\PnkBstrB.exe 2008-05-24 00:42 --------- d-----w C:\Program Files\ATI 2008-05-24 00:39 --------- d-----w C:\Program Files\ATI Technologies 2008-05-20 16:49 --------- d-----w C:\Program Files\Windows Live Toolbar 2008-05-20 16:48 --------- d-----w C:\Program Files\The Sir. Community 2008-05-20 16:46 --------- d-----w C:\Program Files\PeerGuardian2 2008-05-15 12:13 --------- d-----w C:\Program Files\Windows Mail 2008-05-12 15:55 43,520 ----a-w C:\Windows\System32\ati2edxx.dll 2008-05-12 15:55 327,680 ----a-w C:\Windows\System32\atipdlxx.dll 2008-05-12 15:55 266,240 ----a-w C:\Windows\System32\Ati2evxx.dll 2008-05-12 15:55 159,744 ----a-w C:\Windows\System32\atitmmxx.dll 2008-05-12 15:53 675,840 ----a-w C:\Windows\System32\Ati2evxx.exe 2008-05-12 15:40 3,101,184 ----a-w C:\Windows\System32\atiumdag.dll 2008-05-12 15:23 4,291,584 ----a-w C:\Windows\System32\atiumdva.dll 2008-05-10 09:25 --------- d-----w C:\Program Files\Microsoft CAPICOM 2.1.0.2 2008-05-09 23:41 --------- d-----w C:\Program Files\Microsoft Works 2008-05-09 23:40 --------- d-----w C:\Program Files\MSBuild 2008-05-09 23:38 --------- d-----w C:\Program Files\Microsoft.NET 2008-05-09 23:37 --------- d-----w C:\Program Files\TuneUp Utilities 2008 2008-05-09 23:36 354,560 ----a-w C:\Windows\System32\TuneUpDefragService.exe 2008-05-09 23:35 --------- d-----w C:\Program Files\Microsoft Visual Studio 8 2008-05-09 23:34 --------- d-----w C:\Users\Peter\AppData\Roaming\TuneUp Software 2008-05-09 23:34 --------- d-----w C:\ProgramData\TuneUp Software 2008-05-09 23:33 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard 2008-05-09 23:27 --------- d-----w C:\Users\Peter\AppData\Roaming\NCH Swift Sound 2008-05-09 23:26 --------- d-----w C:\ProgramData\NCH Software 2008-05-09 23:26 --------- d-----w C:\Program Files\NCH Software 2008-05-09 23:24 --------- d-----w C:\ProgramData\NCH Swift Sound 2008-05-09 23:20 26,112 ----a-w C:\Windows\system32\drivers\nchssvad.sys 2008-05-09 23:20 --------- d-----w C:\Users\Peter\AppData\Roaming\NCH Software 2008-05-09 12:35 --------- d-----w C:\Program Files\Steam 2008-05-09 12:35 --------- d-----w C:\Program Files\Common Files\Steam 2008-05-07 21:17 --------- d-----w C:\Program Files\easetech 2008-05-07 20:56 --------- d-----w C:\Program Files\VirtualDJ 2008-05-06 21:32 --------- d-----w C:\Program Files\Touchpad Pro 2008-05-05 15:18 704,000 ----a-w C:\Windows\System32\PhotoScreensaver.scr 2008-05-05 15:18 67,584 ----a-w C:\Windows\System32\wlanhlp.dll 2008-05-05 15:18 542,720 ----a-w C:\Windows\System32\sysmain.dll 2008-05-05 15:18 502,784 ----a-w C:\Windows\System32\wlansvc.dll 2008-05-05 15:18 47,104 ----a-w C:\Windows\System32\wlanapi.dll 2008-05-05 15:18 297,984 ----a-w C:\Windows\System32\wlansec.dll 2008-05-05 15:18 290,816 ----a-w C:\Windows\System32\wlanmsm.dll 2008-05-05 15:18 258,232 ----a-w C:\Windows\system32\drivers\acpi.sys 2008-05-05 15:18 24,064 ----a-w C:\Windows\System32\wtsapi32.dll 2008-05-05 15:18 2,923,520 ----a-w C:\Windows\explorer.exe 2008-05-05 15:17 41,984 ----a-w C:\Windows\system32\drivers\monitor.sys 2008-05-05 15:17 374,456 ----a-w C:\Windows\System32\mcupdate_GenuineIntel.dll 2008-05-05 15:17 1,060,920 ----a-w C:\Windows\system32\drivers\ntfs.sys 2008-05-05 15:14 944,184 ----a-w C:\Windows\System32\winload.exe 2008-05-05 15:14 7,168 ----a-w C:\Windows\System32\f3ahvoas.dll 2008-05-05 15:14 620,088 ----a-w C:\Windows\System32\ci.dll 2008-05-05 15:14 6,656 ----a-w C:\Windows\System32\kbd106n.dll 2008-05-05 15:14 40,960 ----a-w C:\Windows\System32\srclient.dll 2008-05-05 15:14 371,712 ----a-w C:\Windows\System32\srcore.dll 2008-05-05 15:14 313,856 ----a-w C:\Windows\System32\rstrui.exe 2008-05-05 15:14 19,000 ----a-w C:\Windows\System32\kd1394.dll 2008-05-05 15:14 16,384 ----a-w C:\Windows\System32\srdelayed.exe 2008-05-05 15:12 296,448 ----a-w C:\Windows\System32\gdi32.dll 2008-05-05 15:12 2,027,008 ----a-w C:\Windows\System32\win32k.sys 2008-05-05 15:11 83,968 ----a-w C:\Windows\System32\dnsrslvr.dll 2008-05-05 15:11 24,576 ----a-w C:\Windows\System32\dnscacheugc.exe 2008-05-05 15:10 53,760 ----a-w C:\Windows\system32\drivers\hdaudbus.sys 2008-05-05 15:09 826,368 ----a-w C:\Windows\System32\wininet.dll 2008-05-05 15:09 56,320 ----a-w C:\Windows\System32\iesetup.dll 2008-05-05 15:09 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll 2008-05-05 15:09 26,624 ----a-w C:\Windows\System32\ieUnatt.exe 2008-05-05 14:41 53,080 ----a-w C:\Windows\System32\wuauclt.exe 2008-05-05 14:41 43,352 ----a-w C:\Windows\System32\wups2.dll 2008-05-05 14:41 1,712,984 ----a-w C:\Windows\System32\wuaueng.dll 2008-05-05 14:41 1,524,224 ----a-w C:\Windows\System32\wucltux.dll 2008-05-05 14:40 80,896 ----a-w C:\Windows\System32\wudriver.dll 2008-05-05 14:40 549,720 ----a-w C:\Windows\System32\wuapi.dll 2008-05-05 14:40 33,624 ----a-w C:\Windows\System32\wups.dll 2008-05-05 14:40 31,232 ----a-w C:\Windows\System32\wuapp.exe 2008-05-05 14:40 163,000 ----a-w C:\Windows\System32\wuwebv.dll 2008-05-03 16:28 --------- d-----w C:\Program Files\Image-Line 2008-04-30 09:24 --------- d-----w C:\Users\Peter\AppData\Roaming\SystemRequirementsLab 2008-04-27 19:49 --------- d-----w C:\Program Files\Mozilla Firefox 3 Beta 2 2008-04-19 11:13 --------- d-----w C:\Program Files\iTunes 2008-04-19 11:13 --------- d-----w C:\Program Files\iPod 2008-04-19 11:12 --------- d-----w C:\Program Files\QuickTime 2008-04-19 11:09 --------- d-----w C:\Program Files\Apple Software Update 2008-04-19 10:50 --------- d-----w C:\Users\Peter\AppData\Roaming\cmw 2008-04-19 10:50 --------- d-----w C:\Program Files\cmw 2008-04-15 18:09 --------- d-----w C:\Users\Peter\AppData\Roaming\FrostWire 2008-04-13 17:20 --------- d-----w C:\Program Files\Unity 2008-04-11 10:40 --------- d-----w C:\Program Files\X-Projects 2008-04-04 12:51 28,416 ----a-w C:\Windows\System32\uxtuneup.dll 2008-04-04 12:51 16,640 ----a-w C:\Windows\System32\authuitu.dll 2008-04-04 12:10 737,280 ----a-w C:\Windows\iun6002.exe 2008-03-18 01:18 22,328 ----a-w C:\Users\Peter\AppData\Roaming\PnkBstrK.sys 2008-03-18 01:17 669,184 ----a-w C:\Windows\System32\pbsvc.exe 2008-03-18 01:17 66,872 ----a-w C:\Windows\System32\PnkBstrA.exe 2008-03-11 15:34 267,592 ----a-w C:\Program Files\Uninstall Ask Toolbar.dll . ((((((((((((((((((((((((((((( snapshot@2008-06-11_11.45.36,46 ))))))))))))))))))))))))))))))))))))))))) . - 2008-06-11 09:10:37 67,584 --s-a-w C:\Windows\bootstat.dat + 2008-06-11 21:09:15 67,584 --s-a-w C:\Windows\bootstat.dat - 2008-06-11 09:10:38 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat + 2008-06-11 21:09:16 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat - 2008-06-11 09:10:38 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat + 2008-06-11 21:09:16 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat - 2008-06-11 09:12:08 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT + 2008-06-11 21:10:59 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT - 2008-06-11 09:12:13 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT + 2008-06-11 21:10:53 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT - 2008-06-11 09:18:27 6,553,600 ----a-w C:\Windows\System32\SMI\Store\Machine\SCHEMA.DAT + 2008-06-11 11:20:18 6,553,600 ----a-w C:\Windows\System32\SMI\Store\Machine\SCHEMA.DAT - 2008-06-11 09:12:29 10,240 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3736516647-3423417371-3571029685-1000_UserData.bin + 2008-06-11 21:11:16 10,256 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3736516647-3423417371-3571029685-1000_UserData.bin - 2008-06-11 09:12:28 69,862 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin + 2008-06-11 21:11:16 70,578 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin - 2008-06-11 09:12:21 42,082 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin + 2008-06-11 11:23:41 42,090 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin - 2008-06-10 21:36:43 282,686 ----a-w C:\Windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin + 2008-06-11 19:19:06 284,964 ----a-w C:\Windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-09 00:33 1232896] "msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 12:34 5724184] "DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-02-14 01:09 486856] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Launch LCDMon"="C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe" [2007-12-13 18:43 2051096] "Launch LGDCore"="C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" [2007-12-13 18:57 2095640] "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-11-29 03:17 55824 C:\Windows\KHALMNPR.Exe] "egui"="C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-02-20 11:06 1443072] "GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 00:47 31016] "StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 12:17 61440] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2008-02-25 23:20:30 789008] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "VIDC.YV12"= yv12vfw.dll [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules] "TCP Query User{F9C7E5A2-F0A7-49BE-B43D-CF3862B7FF63}C:\\program files\\utorrent\\utorrent.exe"= UDP:C:\program files\utorrent\utorrent.exe:uTorrent "UDP Query User{FC4112A6-5791-41FC-B5E1-7946F911D36E}C:\\program files\\utorrent\\utorrent.exe"= TCP:C:\program files\utorrent\utorrent.exe:uTorrent "{C5A03194-183F-4081-A281-F4105BA11AE0}"= UDP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour "{BD3E2655-733D-49C9-878C-296741E0C82C}"= TCP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour "{3B1B9EAF-3030-4099-97A7-7A43D19E462E}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone) "TCP Query User{AFD64970-1ADA-41D8-9D1B-2966E6A430D2}C:\\users\\peter\\appdata\\local\\octoshape\\octoshape streaming services\\octoshapeclient.exe"= UDP:C:\users\peter\appdata\local\octoshape\octoshape streaming services\octoshapeclient.exe:octoshapeclient.exe "UDP Query User{0620F27C-964D-44F7-B28D-CD53BF0042FF}C:\\users\\peter\\appdata\\local\\octoshape\\octoshape streaming services\\octoshapeclient.exe"= TCP:C:\users\peter\appdata\local\octoshape\octoshape streaming services\octoshapeclient.exe:octoshapeclient.exe "TCP Query User{F1DA0A34-87E0-46B1-8225-30F67445B7D4}C:\\program files\\internet explorer\\iexplore.exe"= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer "UDP Query User{93AE3976-AD1C-4A95-A010-78627B747648}C:\\program files\\internet explorer\\iexplore.exe"= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer "TCP Query User{8400F727-BB7E-477C-BC54-3561CDBC85DA}C:\\program files\\mozilla firefox\\firefox.exe"= UDP:C:\program files\mozilla firefox\firefox.exe:Firefox "UDP Query User{39AE3BF3-467B-4417-8C95-A31283316BFD}C:\\program files\\mozilla firefox\\firefox.exe"= TCP:C:\program files\mozilla firefox\firefox.exe:Firefox "TCP Query User{54BD7192-1BAC-4CD1-99FF-C78D077FC073}C:\\users\\peter\\downloads\\viviplay.exe"= UDP:C:\users\peter\downloads\viviplay.exe:viviplay.exe "UDP Query User{10FA2F97-EB54-45F1-916C-24338105414C}C:\\users\\peter\\downloads\\viviplay.exe"= TCP:C:\users\peter\downloads\viviplay.exe:viviplay.exe "TCP Query User{97E73EA3-0493-4EF0-9830-ED3ACDF2CDFA}C:\\users\\peter\\appdata\\local\\simplify media\\simplifypeer.exe"= UDP:C:\users\peter\appdata\local\simplify media\simplifypeer.exe:simplifypeer.exe "UDP Query User{03E801AF-1F6C-47B8-B426-59445722A7C1}C:\\users\\peter\\appdata\\local\\simplify media\\simplifypeer.exe"= TCP:C:\users\peter\appdata\local\simplify media\simplifypeer.exe:simplifypeer.exe "TCP Query User{6305334A-53BB-451B-8162-FC2F450A582B}C:\\program files\\quicktime\\quicktimeplayer.exe"= UDP:C:\program files\quicktime\quicktimeplayer.exe:QuickTime Player "UDP Query User{BCF512A7-4E3F-4EDF-8041-E89A91DA9451}C:\\program files\\quicktime\\quicktimeplayer.exe"= TCP:C:\program files\quicktime\quicktimeplayer.exe:QuickTime Player "TCP Query User{CBC626F6-818A-47AB-A602-4F38BDA01A51}C:\\program files\\frostwire\\frostwire.exe"= UDP:C:\program files\frostwire\frostwire.exe:FrostWire "UDP Query User{F3D6D7AA-F6AA-4662-893B-5237ACCF1ED9}C:\\program files\\frostwire\\frostwire.exe"= TCP:C:\program files\frostwire\frostwire.exe:FrostWire "{A08FA36D-7D9C-413F-817B-3389EA4057B8}"= UDP:C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe:Crysis_32 "{7C5FAEC6-9A10-42A8-BFAB-9E92ABA424E0}"= TCP:C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe:Crysis_32 "{A90714F4-78E5-4E1A-A92D-671573484287}"= UDP:C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\CrysisDedicatedServer.exe:CrysisDedicatedServer_32 "{9DE0360C-ACE7-494D-9E79-5ABE2ECEA0AD}"= TCP:C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\CrysisDedicatedServer.exe:CrysisDedicatedServer_32 "{2C1B7131-3467-497B-9787-D31848CFE1D9}"= UDP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA "{05FD8F86-3D7D-44B8-B2AE-CE85E3218D15}"= TCP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA "{1CA2CC3E-0A13-4E2F-BBD6-EE4D3979B4DA}"= UDP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB "{B70E1396-40DE-4B4D-A14E-BF0B7823A74D}"= TCP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB "TCP Query User{EAEF6138-B3D0-4196-8811-1989BC076D19}C:\\program files\\videolan\\vlc\\vlc.exe"= UDP:C:\program files\videolan\vlc\vlc.exe:VLC media player "UDP Query User{061B6061-982F-4E2A-8A12-9729EE30457C}C:\\program files\\videolan\\vlc\\vlc.exe"= TCP:C:\program files\videolan\vlc\vlc.exe:VLC media player "{3CB61958-9341-4E5B-873D-606A3A93EB07}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone) "{DB23532B-08D9-4929-B14A-CEC325FF112A}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes "{CADE5BA5-44AD-43BD-8D67-58DBA8942775}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes "TCP Query User{E9D5175C-775A-4A4E-889E-A70D00827B19}C:\\program files\\mozilla firefox 3 beta 5\\firefox.exe"= UDP:C:\program files\mozilla firefox 3 beta 5\firefox.exe:Firefox "UDP Query User{8C00D7EC-0A09-43E4-9DD1-02C38B1D0866}C:\\program files\\mozilla firefox 3 beta 5\\firefox.exe"= TCP:C:\program files\mozilla firefox 3 beta 5\firefox.exe:Firefox "TCP Query User{6411FDF8-F468-4A59-8BE9-FBD4EEA45601}C:\\program files\\touchpad pro\\touchpad media server\\touchpadmediaserver.exe"= UDP:C:\program files\touchpad pro\touchpad media server\touchpadmediaserver.exe:TouchpadMediaServer "UDP Query User{473A5398-A742-4370-B122-B77C92091C0C}C:\\program files\\touchpad pro\\touchpad media server\\touchpadmediaserver.exe"= TCP:C:\program files\touchpad pro\touchpad media server\touchpadmediaserver.exe:TouchpadMediaServer "{8FE79D41-621C-47F0-8E53-CC60BF187656}"= UDP:86:BroadCam Web Server "{EFE27355-BF92-4F2B-BC27-D1432162EC0B}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook "{EA72D01B-1E03-4E33-96D0-647840BD5950}"= UDP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove "{D84DC149-9EFE-4291-BF74-4B08153C66EC}"= TCP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove "{A245CF24-633A-430A-924B-E7AB1B7CA99A}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "{A435159E-9709-46DF-B229-F08ECD3DEE61}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "TCP Query User{5FC6F8F0-A2B2-476E-9F98-7718E22276E0}C:\\program files\\signal\\signal.exe"= UDP:C:\program files\signal\signal.exe:Signal "UDP Query User{5E3B59CC-9D43-4A05-BA59-1A739D3B588B}C:\\program files\\signal\\signal.exe"= TCP:C:\program files\signal\signal.exe:Signal [HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System] "DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic| R1 epfwtdir;epfwtdir;C:\Windows\system32\DRIVERS\epfwtdir.sys [2008-02-20 11:11] R2 UxTuneUp;TuneUp Theme Extension;C:\Windows\System32\svchost.exe [2006-11-02 11:45] R3 atikmdag;atikmdag;C:\Windows\system32\DRIVERS\atikmdag.sys [2008-05-12 18:30] R3 P1120VID;Creative WebCam NX Ultra;C:\Windows\system32\DRIVERS\P1120Vid.sys [2004-01-12 17:51] S2 NOD32FiXTemDono;Eset Nod32 Boot;C:\Windows\system32\regedt32.exe [2006-11-02 11:45] S3 EverestDriver;Lavalys EVEREST Kernel Driver;C:\Program Files\EVEREST Ultimate Edition\kerneld.wnt [2006-10-19 01:00] S3 Steam Client Service;Steam Client Service;C:\Program Files\Common Files\Steam\SteamService.exe [2008-05-08 11:47] S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\Windows\System32\TuneUpDefragService.exe [2008-05-10 01:36] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs UxTuneUp [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e3c423f9-e6bf-11dc-b1f9-0018f30777d8}] \shell\AutoRun\command - E:\TmUnitedForever_Setup.exe . Contents of the 'Scheduled Tasks' folder "2008-06-11 21:09:36 C:\Windows\Tasks\1-Click Maintenance.job" - C:\Program Files\TuneUp Utilities 2008\OneClickStarter.exe "2008-06-11 12:32:11 C:\Windows\Tasks\User_Feed_Synchronization-{6EAABC5A-6341-4096-8BF6-150A60446606}.job" - C:\Windows\system32\msfeedssync.exe . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-06-11 23:15:19 Windows 6.0.6000 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... ************************************************************************** . Completion time: 2008-06-11 23:24:04 ComboFix-quarantined-files.txt 2008-06-11 21:23:01 ComboFix2.txt 2008-06-11 09:46:32 Pre-Run: 19,736,367,104 bytes free Post-Run: 19,749,302,272 bytes free 290 --- E O F --- 2008-06-11 09:19:43 Endret 11. juni 2008 av Nokia_dell Lenke til kommentar
norbat Skrevet 11. juni 2008 Del Skrevet 11. juni 2008 Ser grei ut dette. Var det bare en sjekk eller har du mistanke om noe? Lenke til kommentar
Petaaar Skrevet 12. juni 2008 Forfatter Del Skrevet 12. juni 2008 Ser grei ut dette. Var det bare en sjekk eller har du mistanke om noe? hovedsaklig en skjkk:) har kjørt det jeg hadde nå kan load opp igjen? viss det er nødvendig, sas fant 160"feil" nood kjører nå, og combo tok litt, Lenke til kommentar
norbat Skrevet 12. juni 2008 Del Skrevet 12. juni 2008 Jeg er interessert i å vite hva disse prog. fant. SAS sin logg finner du under Preferences->statistics/logs. Hvis det er funnet noe annet enn Tracking Cookies, så er det ønskelig å se loggen (fjerne cookies oppføringene før du kopierer og limer inn loggen) Hva fant Combofix? Lenke til kommentar
Petaaar Skrevet 12. juni 2008 Forfatter Del Skrevet 12. juni 2008 Jeg er interessert i å vite hva disse prog. fant. SAS sin logg finner du under Preferences->statistics/logs. Hvis det er funnet noe annet enn Tracking Cookies, så er det ønskelig å se loggen (fjerne cookies oppføringene før du kopierer og limer inn loggen) Hva fant Combofix? combofikxen er jeg ikke sikker på , gikk fra pcen, så sto det ferdig fjernet et eller annet,, er vel bare tracking cookies ja:P SUPERAntiSpyware Scan Log http://www.superantispyware.com Generated 06/12/2008 at 00:48 AM Application Version : 4.15.1000 Core Rules Database Version : 3479 Trace Rules Database Version: 1470 Scan type : Complete Scan Total Scan Time : 00:30:04 Memory items scanned : 688 Memory threats detected : 0 Registry items scanned : 6791 Registry threats detected : 0 File items scanned : 21810 File threats detected : 49 Adware.Tracking Cookie C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Cookies\peter@adtech[1].txt C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Cookies\peter@zedo[1].txt C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Cookies\peter@serving-sys[2].txt C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Cookies\peter@atdmt[2].txt C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Cookies\peter@tradedoubler[1].txt C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Cookies\peter@advertising[2].txt C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Cookies\peter@partypoker[1].txt C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Cookies\peter@2o7[2].txt C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Cookies\peter@adbrite[2].txt C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Cookies\peter@doubleclick[2].txt C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Cookies\Low\peter@indexstats[2].txt C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Cookies\Low\peter@casalemedia[1].txt C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Cookies\Low\peter@adbrite[1].txt C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Cookies\Low\peter@serving-sys[2].txt C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Cookies\Low\peter@atdmt[2].txt C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Cookies\Low\peter@mediaplex[1].txt C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Cookies\Low\peter@doubleclick[1].txt C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Cookies\Low\peter@zedo[1].txt C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Cookies\Low\peter@imrworldwide[2].txt C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Cookies\Low\peter@adtech[1].txt C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Cookies\Low\peter@tradedoubler[2].txt C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Cookies\Low\peter@partypoker[2].txt C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Cookies\Low\peter@advertising[2].txt C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt .112.2o7.net [ C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\7hpikns0.default\cookies.txt ] .247realmedia.com [ C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\7hpikns0.default\cookies.txt ] .2o7.net [ C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\7hpikns0.default\cookies.txt ] .2o7.net [ C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\7hpikns0.default\cookies.txt ] .adopt.euroclick.com [ C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\7hpikns0.default\cookies.txt ] .adopt.euroclick.com [ C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\7hpikns0.default\cookies.txt ] .adtech.de [ C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\7hpikns0.default\cookies.txt ] .adultfriendfinder.com [ C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\7hpikns0.default\cookies.txt ] .adultfriendfinder.com [ C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\7hpikns0.default\cookies.txt ] .advertising.com [ C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\7hpikns0.default\cookies.txt ] .advertising.com [ C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\7hpikns0.default\cookies.txt ] .advertising.com [ C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\7hpikns0.default\cookies.txt ] .advertising.com [ C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\7hpikns0.default\cookies.txt ] .advertising.com [ C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\7hpikns0.default\cookies.txt ] .atdmt.com [ C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\7hpikns0.default\cookies.txt ] .banner.finn.no [ C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\7hpikns0.default\cookies.txt ] .banner.finn.no [ C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\7hpikns0.default\cookies.txt ] .e-2dj6wjnywpc5sgo.stats.esomniture.com [ C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\7hpikns0.default\cookies.txt ] .estat.com [ C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\7hpikns0.default\cookies.txt ] .imrworldwide.com [ C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\7hpikns0.default\cookies.txt ] .imrworldwide.com [ C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\7hpikns0.default\cookies.txt ] .indextools.com [ C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\7hpikns0.default\cookies.txt ] .mediafire.com [ C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\7hpikns0.default\cookies.txt ] .mediafire.com [ C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\7hpikns0.default\cookies.txt ] .mediafire.com [ C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\7hpikns0.default\cookies.txt ] .overture.com [ C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\7hpikns0.default\cookies.txt ] .overture.com [ C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\7hpikns0.default\cookies.txt ] .partygaming.122.2o7.net [ C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\7hpikns0.default\cookies.txt ] .partypoker.com [ C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\7hpikns0.default\cookies.txt ] .partypoker.com [ C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\7hpikns0.default\cookies.txt ] .partypoker.com [ C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\7hpikns0.default\cookies.txt ] .partypoker.com [ C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\7hpikns0.default\cookies.txt ] .prospect.adbureau.net [ C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\7hpikns0.default\cookies.txt ] .questionmarket.com [ C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\7hpikns0.default\cookies.txt ] .revsci.net [ C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\7hpikns0.default\cookies.txt ] .revsci.net [ C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\7hpikns0.default\cookies.txt ] .revsci.net [ C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\7hpikns0.default\cookies.txt ] .revsci.net [ C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\7hpikns0.default\cookies.txt ] .stat.katalysatormedia.no [ C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\7hpikns0.default\cookies.txt ] .tribalfusion.com [ C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\7hpikns0.default\cookies.txt ] .xiti.com [ C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\7hpikns0.default\cookies.txt ] .yamaha.122.2o7.net [ C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\7hpikns0.default\cookies.txt ] .zanox.com [ C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\7hpikns0.default\cookies.txt ] ad.adition.net [ C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\7hpikns0.default\cookies.txt ] ad.adition.net [ C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\7hpikns0.default\cookies.txt ] ad.yieldmanager.com [ C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\7hpikns0.default\cookies.txt ] ad.yieldmanager.com [ C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\7hpikns0.default\cookies.txt ] ad.yieldmanager.com [ C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\7hpikns0.default\cookies.txt ] ad.yieldmanager.com [ C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\7hpikns0.default\cookies.txt ] ad.yieldmanager.com [ C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\7hpikns0.default\cookies.txt ] ad.yieldmanager.com [ C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\7hpikns0.default\cookies.txt ] ad.yieldmanager.com [ C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\7hpikns0.default\cookies.txt ] ad.yieldmanager.com [ C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\7hpikns0.default\cookies.txt ] ad1.clickhype.com [ C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\7hpikns0.default\cookies.txt ] clicktorrent.info [ C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\7hpikns0.default\cookies.txt ] clicktorrent.info [ C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\7hpikns0.default\cookies.txt ] clicktorrent.info [ C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\7hpikns0.default\cookies.txt ] clicktorrent.info [ C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\7hpikns0.default\cookies.txt ] clicktorrent.info [ C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\7hpikns0.default\cookies.txt ] clicktorrent.info [ C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\7hpikns0.default\cookies.txt ] clicktorrent.info [ C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\7hpikns0.default\cookies.txt ] clicktorrent.info [ C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\7hpikns0.default\cookies.txt ] clicktorrent.info [ C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\7hpikns0.default\cookies.txt ] clicktorrent.info [ C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\7hpikns0.default\cookies.txt ] clicktorrent.info [ C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\7hpikns0.default\cookies.txt ] clicktorrent.info [ C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\7hpikns0.default\cookies.txt ] clicktorrent.info [ C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\7hpikns0.default\cookies.txt ] clicktorrent.info [ C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\7hpikns0.default\cookies.txt ] clicktorrent.info [ C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\7hpikns0.default\cookies.txt ] clicktorrent.info [ C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\7hpikns0.default\cookies.txt ] clicktorrent.info [ C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\7hpikns0.default\cookies.txt ] clicktorrent.info [ C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\7hpikns0.default\cookies.txt ] clicktorrent.info [ C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\7hpikns0.default\cookies.txt ] clicktorrent.info [ C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\7hpikns0.default\cookies.txt ] clicktorrent.info [ C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\7hpikns0.default\cookies.txt ] clicktorrent.info [ C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\7hpikns0.default\cookies.txt ] clicktorrent.info [ C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\7hpikns0.default\cookies.txt ] clicktorrent.info [ C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\7hpikns0.default\cookies.txt ] clicktorrent.info [ C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\7hpikns0.default\cookies.txt ] clicktorrent.info [ C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\7hpikns0.default\cookies.txt ] clicktorrent.info [ C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\7hpikns0.default\cookies.txt ] clicktorrent.info [ C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\7hpikns0.default\cookies.txt ] clicktorrent.info [ C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\7hpikns0.default\cookies.txt ] clicktorrent.info [ C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\7hpikns0.default\cookies.txt ] clicktorrent.info [ C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\7hpikns0.default\cookies.txt ] clicktorrent.info [ C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\7hpikns0.default\cookies.txt ] clicktorrent.info [ C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\7hpikns0.default\cookies.txt ] clicktorrent.info [ C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\7hpikns0.default\cookies.txt ] clicktorrent.info [ C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\7hpikns0.default\cookies.txt ] clicktorrent.info [ C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\7hpikns0.default\cookies.txt ] clicktorrent.info [ C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\7hpikns0.default\cookies.txt ] clicktorrent.info [ C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\7hpikns0.default\cookies.txt ] counter.hisupplier.com [ C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\7hpikns0.default\cookies.txt ] counter.hisupplier.com [ C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\7hpikns0.default\cookies.txt ] findexa.adbureau.net [ C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\7hpikns0.default\cookies.txt ] gfx.i1media.no [ C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\7hpikns0.default\cookies.txt ] int.sitestat.com [ C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\7hpikns0.default\cookies.txt ] int.sitestat.com [ C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\7hpikns0.default\cookies.txt ] linkto.mediafire.com [ C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\7hpikns0.default\cookies.txt ] linkto.mediafire.com [ C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\7hpikns0.default\cookies.txt ] linkto.mediafire.com [ C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\7hpikns0.default\cookies.txt ] linkto.mediafire.com [ C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\7hpikns0.default\cookies.txt ] linkto.mediafire.com [ C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\7hpikns0.default\cookies.txt ] server.cpmstar.com [ C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\7hpikns0.default\cookies.txt ] server.cpmstar.com [ C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\7hpikns0.default\cookies.txt ] track.adform.net [ C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\7hpikns0.default\cookies.txt ] track.adform.net [ C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\7hpikns0.default\cookies.txt ] track.adform.net [ C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\7hpikns0.default\cookies.txt ] webcount.finn.no [ C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\7hpikns0.default\cookies.txt ] www.etracker.de [ C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\7hpikns0.default\cookies.txt ] www.etracker.de [ C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\7hpikns0.default\cookies.txt ] Lenke til kommentar
r2d290 Skrevet 12. juni 2008 Del Skrevet 12. juni 2008 Hva combofix fant, finner man ut ved å poste loggen den lager. Loggen ligger på C:/ og heter "Combofix.txt" Åpne denne fila, marker alt (Ctrl+a), kopier det (ctrl+c) og lim det inn i din neste post (ctrl+v) Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå