El-Deno Skrevet 8. juli 2008 Del Skrevet 8. juli 2008 (endret) Hei. Har en pc her som stelillbroren min vil skal gå bedre. Mistenker en del virus etc. Pluss at Firefox og Opera vil ikke funke, mens Explorer gjør det. Hijackthis loggen ligger under. Logfile of HijackThis v1.99.1 Scan saved at 00:12:34, on 09.07.2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\HPZipm12.exe C:\Programfiler\Analog Devices\SoundMAX\SMAgent.exe C:\WINDOWS\system32\svchost.exe C:\Norman\Nvc\BIN\nipsvc.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\System32\alg.exe C:\Programfiler\Silicon Integrated Systems\SiSRaidPackage\hot_plug.exe C:\Programfiler\Silicon Integrated Systems\SiSRaidPackage\SRaid.exe C:\Programfiler\Java\jre1.5.0_10\bin\jusched.exe C:\Programfiler\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe C:\WINDOWS\system32\ctfmon.exe C:\Programfiler\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Programfiler\RALINK\Common\RaUI.exe C:\WINDOWS\system32\sistray.exe C:\Programfiler\Fellesfiler\Teleca Shared\CapabilityManager.exe C:\Programfiler\Fellesfiler\Teleca Shared\Generic.exe C:\Programfiler\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe C:\Programfiler\MSN Messenger\usnsvc.exe C:\WINDOWS\System32\svchost.exe C:\Programfiler\Lavasoft\Ad-Aware\aawservice.exe C:\Programfiler\MSN Messenger\msnmsgr.exe C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\Programfiler\Internet Explorer\IEXPLORE.EXE C:\Programfiler\uTorrent\uTorrent.exe C:\WINDOWS\system32\msiexec.exe C:\WINDOWS\system32\rundll32.exe C:\Programfiler\Internet Explorer\IEXPLORE.EXE C:\Documents and Settings\Morten\Skrivebord\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - (no file) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.5.0_10\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programfiler\google\googletoolbar3.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programfiler\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Programfiler\Canon\Easy-WebPrint\Toolband.dll O3 - Toolbar: (no name) - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - (no file) O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programfiler\google\googletoolbar3.dll O4 - HKLM\..\Run: [siSUSBRG] C:\WINDOWS\SiSUSBrg.exe O4 - HKLM\..\Run: [Hotplug] C:\Programfiler\Silicon Integrated Systems\SiSRaidPackage\hot_plug.exe O4 - HKLM\..\Run: [siSRaid] C:\Programfiler\Silicon Integrated Systems\SiSRaidPackage\SRaid.exe O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Programfiler\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programfiler\Java\jre1.5.0_10\bin\jusched.exe" O4 - HKLM\..\Run: [sony Ericsson PC Suite] "C:\Programfiler\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions O4 - HKLM\..\Run: [Windows Taskmanager] svchost.exe O4 - HKLM\..\RunOnce: [NCInstallQueue] rundll32 netman.dll,ProcessQueue O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] C:\Programfiler\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Programfiler\MSN Messenger\msnmsgr.exe" /background O4 - Global Startup: Ralink Wireless Utility.lnk = C:\Programfiler\RALINK\Common\RaUI.exe O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0_10\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0_10\bin\ssv.dll O9 - Extra button: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Programfiler\UltimateBet\UltimateBet.exe O9 - Extra 'Tools' menuitem: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Programfiler\UltimateBet\UltimateBet.exe O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programfiler\PartyGaming\PartyPoker\RunApp.exe (file missing) O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programfiler\PartyGaming\PartyPoker\RunApp.exe (file missing) O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.srtest.com/srl_bin/sysreqlab3.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://kisn1986.spaces.msn.com//PhotoUpload/MsnPUpld.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://www.popcap.com/games/popcaploader_v6.cab O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Programfiler\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Programfiler\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Norman API-hooking helper (NipSvc) - Unknown owner - C:\Norman\Nvc\BIN\nipsvc.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programfiler\Analog Devices\SoundMAX\SMAgent.exe Endret 8. juli 2008 av El-Deno Lenke til kommentar
r2d290 Skrevet 8. juli 2008 Del Skrevet 8. juli 2008 Ja, du har en del rusk, men det må gjøres noen flere forberedelser før vi kan gå igang. For det første har du en gammel versjon av HijackThis, og for det andre ligger ikke denne versjonen i en egen mappe (den ligger direkte på skrivebordet). Derfor tror jeg vi starter fra scratch: følg veiledningen til norbat her: https://www.diskusjon.no/index.php?showtopic=691246 Lenke til kommentar
El-Deno Skrevet 8. juli 2008 Forfatter Del Skrevet 8. juli 2008 Gikk vist litt for fort fram her, skal gjøre det Lenke til kommentar
El-Deno Skrevet 9. juli 2008 Forfatter Del Skrevet 9. juli 2008 Mener jeg har gjort alt riktig nå. SAS SUPERAntiSpyware Scan Log http://www.superantispyware.com Generated 07/09/2008 at 01:19 AM Application Version : 4.15.1000 Core Rules Database Version : 3469 Trace Rules Database Version: 1460 Scan type : Complete Scan Total Scan Time : 00:51:23 Memory items scanned : 355 Memory threats detected : 0 Registry items scanned : 3769 Registry threats detected : 1 File items scanned : 21756 File threats detected : 403 Adware.Tracking Cookie C:\Documents and Settings\Morten\Cookies\[email protected][1].txt C:\Documents and Settings\Morten\Cookies\morten@apmebf[1].txt C:\Documents and Settings\Morten\Cookies\morten@overture[1].txt C:\Documents and Settings\Morten\Cookies\morten@2o7[2].txt C:\Documents and Settings\Morten\Cookies\morten@doubleclick[1].txt C:\Documents and Settings\Morten\Cookies\[email protected][2].txt C:\Documents and Settings\Morten\Cookies\[email protected][2].txt C:\Documents and Settings\Morten\Cookies\morten@cgi-bin[2].txt C:\Documents and Settings\Morten\Cookies\morten@advertising[1].txt C:\Documents and Settings\Morten\Cookies\morten@clicktorrent[1].txt C:\Documents and Settings\Morten\Cookies\morten@atdmt[2].txt C:\Documents and Settings\Morten\Cookies\morten@tradedoubler[1].txt C:\Documents and Settings\Morten\Cookies\morten@mediaplex[1].txt C:\Documents and Settings\Morten\Cookies\[email protected][1].txt C:\Documents and Settings\Morten\Cookies\[email protected][1].txt C:\Documents and Settings\Morten\Cookies\morten@revsci[1].txt C:\Documents and Settings\Morten\Cookies\[email protected][1].txt C:\Documents and Settings\Morten\Cookies\[email protected][2].txt C:\Documents and Settings\Morten\Cookies\[email protected][1].txt C:\Documents and Settings\Morten\Cookies\morten@adtech[1].txt C:\Documents and Settings\Ankaya !!\Cookies\ankaya !!@clicktorrent[2].txt C:\Documents and Settings\Ankaya !!\Cookies\ankaya [email protected][1].txt C:\Documents and Settings\Ankaya !!\Cookies\ankaya !!@2o7[1].txt C:\Documents and Settings\Ankaya !!\Cookies\ankaya [email protected][1].txt C:\Documents and Settings\Ankaya !!\Cookies\ankaya [email protected][1].txt C:\Documents and Settings\Ankaya !!\Cookies\ankaya !!@hitbox[1].txt C:\Documents and Settings\Ankaya !!\Cookies\ankaya [email protected][2].txt C:\Documents and Settings\Ankaya !!\Cookies\ankaya [email protected][1].txt C:\Documents and Settings\Ankaya !!\Cookies\ankaya !!@hotbar[2].txt C:\Documents and Settings\Ankaya !!\Cookies\ankaya [email protected][2].txt C:\Documents and Settings\Ankaya !!\Cookies\ankaya [email protected][2].txt C:\Documents and Settings\Ankaya !!\Cookies\ankaya [email protected][1].txt C:\Documents and Settings\Ankaya !!\Cookies\ankaya [email protected][2].txt C:\Documents and Settings\Ankaya !!\Cookies\ankaya [email protected][2].txt C:\Documents and Settings\Ankaya !!\Cookies\ankaya !!@serving-sys[1].txt C:\Documents and Settings\Ankaya !!\Cookies\ankaya !!@drivecleaner[1].txt C:\Documents and Settings\Ankaya !!\Cookies\ankaya [email protected][2].txt C:\Documents and Settings\Ankaya !!\Cookies\ankaya !!@focalex[2].txt C:\Documents and Settings\Ankaya !!\Cookies\ankaya !!@click24[1].txt C:\Documents and Settings\Ankaya !!\Cookies\ankaya [email protected][1].txt C:\Documents and Settings\Ankaya !!\Cookies\ankaya [email protected][2].txt C:\Documents and Settings\Ankaya !!\Cookies\ankaya !!@specificclick[2].txt C:\Documents and Settings\Ankaya !!\Cookies\ankaya !!@mediaplex[1].txt C:\Documents and Settings\Ankaya !!\Cookies\ankaya !!@eroticlick[1].txt C:\Documents and Settings\Ankaya !!\Cookies\ankaya [email protected][1].txt C:\Documents and Settings\Ankaya !!\Cookies\ankaya !!@adtech[2].txt C:\Documents and Settings\Ankaya !!\Cookies\ankaya !!@spylog[1].txt C:\Documents and Settings\Ankaya !!\Cookies\ankaya [email protected][1].txt C:\Documents and Settings\Ankaya !!\Cookies\ankaya [email protected][2].txt C:\Documents and Settings\Ankaya !!\Cookies\ankaya [email protected][1].txt C:\Documents and Settings\Ankaya !!\Cookies\ankaya [email protected][1].txt C:\Documents and Settings\Ankaya !!\Cookies\ankaya [email protected][2].txt C:\Documents and Settings\Ankaya !!\Cookies\ankaya [email protected][1].txt C:\Documents and Settings\Ankaya !!\Cookies\ankaya [email protected][2].txt C:\Documents and Settings\Ankaya !!\Cookies\ankaya !!@zedo[1].txt C:\Documents and Settings\Ankaya !!\Cookies\ankaya !!@sex-video[1].txt C:\Documents and Settings\Ankaya !!\Cookies\ankaya [email protected][1].txt C:\Documents and Settings\Ankaya !!\Cookies\ankaya [email protected][1].txt C:\Documents and Settings\Ankaya !!\Cookies\ankaya [email protected][2].txt C:\Documents and Settings\Ankaya !!\Cookies\ankaya [email protected][2].txt C:\Documents and Settings\Ankaya !!\Cookies\ankaya !!@pornstarxs[2].txt C:\Documents and Settings\Ankaya !!\Cookies\ankaya [email protected][2].txt C:\Documents and Settings\Ankaya !!\Cookies\ankaya [email protected][1].txt C:\Documents and Settings\Ankaya !!\Cookies\ankaya [email protected][1].txt C:\Documents and Settings\Ankaya !!\Cookies\ankaya [email protected][1].txt C:\Documents and Settings\Ankaya !!\Cookies\ankaya [email protected][1].txt C:\Documents and Settings\Ankaya !!\Cookies\ankaya [email protected][2].txt C:\Documents and Settings\Ankaya !!\Cookies\ankaya !!@tradedoubler[2].txt C:\Documents and Settings\Ankaya !!\Cookies\ankaya !!@tradedoubler[1].txt C:\Documents and Settings\Ankaya !!\Cookies\ankaya !!@indextools[2].txt C:\Documents and Settings\Ankaya !!\Cookies\ankaya [email protected][1].txt C:\Documents and Settings\Ankaya !!\Cookies\ankaya !!@porndirt[2].txt C:\Documents and Settings\Ankaya !!\Cookies\ankaya !!@winantivirus[1].txt C:\Documents and Settings\Ankaya !!\Cookies\ankaya [email protected][2].txt C:\Documents and Settings\Ankaya !!\Cookies\ankaya [email protected][2].txt C:\Documents and Settings\Ankaya !!\Cookies\ankaya [email protected][1].txt C:\Documents and Settings\Ankaya !!\Cookies\ankaya [email protected][2].txt C:\Documents and Settings\Ankaya !!\Cookies\ankaya !!@adbrite[1].txt C:\Documents and Settings\Ankaya !!\Cookies\ankaya !!@tacoda[1].txt C:\Documents and Settings\Ankaya !!\Cookies\ankaya [email protected][2].txt C:\Documents and Settings\Ankaya !!\Cookies\ankaya [email protected][2].txt C:\Documents and Settings\Ankaya !!\Cookies\ankaya !!@cassava[1].txt C:\Documents and Settings\Ankaya !!\Cookies\ankaya !!@stolenpornpasswords[1].txt C:\Documents and Settings\Ankaya !!\Cookies\ankaya [email protected][1].txt C:\Documents and Settings\Ankaya !!\Cookies\ankaya !!@revsci[2].txt C:\Documents and Settings\Ankaya !!\Cookies\ankaya [email protected][1].txt C:\Documents and Settings\Ankaya !!\Cookies\ankaya [email protected][1].txt C:\Documents and Settings\Ankaya !!\Cookies\ankaya !!@statcounter[2].txt C:\Documents and Settings\Ankaya !!\Cookies\ankaya !!@netmediagroup[1].txt C:\Documents and Settings\Ankaya !!\Cookies\ankaya !!@hornymatches[1].txt C:\Documents and Settings\Ankaya !!\Cookies\ankaya [email protected][2].txt C:\Documents and Settings\Ankaya !!\Cookies\ankaya !!@tribalfusion[2].txt C:\Documents and Settings\Ankaya !!\Cookies\ankaya !!@targetnet[1].txt C:\Documents and Settings\Ankaya !!\Cookies\ankaya !!@sexynatalie[1].txt C:\Documents and Settings\Ankaya !!\Cookies\ankaya !!@adultadworld[2].txt C:\Documents and Settings\Ankaya !!\Cookies\ankaya [email protected][1].txt C:\Documents and Settings\Ankaya !!\Cookies\ankaya [email protected][1].txt C:\Documents and Settings\Ankaya !!\Cookies\ankaya !!@burstnet[2].txt C:\Documents and Settings\Ankaya !!\Cookies\ankaya [email protected][1].txt C:\Documents and Settings\Ankaya !!\Cookies\ankaya [email protected][2].txt C:\Documents and Settings\Ankaya !!\Cookies\ankaya [email protected][1].txt C:\Documents and Settings\Ankaya !!\Cookies\ankaya [email protected][1].txt C:\Documents and Settings\Ankaya !!\Cookies\ankaya [email protected][1].txt C:\Documents and Settings\Ankaya !!\Cookies\ankaya [email protected][1].txt C:\Documents and Settings\Ankaya !!\Cookies\ankaya [email protected][2].txt C:\Documents and Settings\Ankaya !!\Cookies\ankaya [email protected][2].txt C:\Documents and Settings\Ankaya !!\Cookies\ankaya [email protected][1].txt C:\Documents and Settings\Ankaya !!\Cookies\ankaya !!@warlog[2].txt C:\Documents and Settings\Ankaya !!\Cookies\ankaya !!@revenue[2].txt C:\Documents and Settings\Ankaya !!\Cookies\ankaya [email protected][2].txt C:\Documents and Settings\Ankaya !!\Cookies\ankaya !!@mscracks[2].txt C:\Documents and Settings\Ankaya !!\Cookies\ankaya [email protected][1].txt C:\Documents and Settings\Ankaya !!\Cookies\ankaya [email protected][2].txt C:\Documents and Settings\Ankaya !!\Cookies\ankaya [email protected][2].txt C:\Documents and Settings\Ankaya !!\Cookies\ankaya [email protected][1].txt C:\Documents and Settings\Ankaya !!\Cookies\ankaya [email protected][1].txt C:\Documents and Settings\Ankaya !!\Cookies\ankaya !!@partypoker[1].txt C:\Documents and Settings\Ankaya !!\Cookies\ankaya !!@webpower[1].txt C:\Documents and Settings\Ankaya !!\Cookies\ankaya !!@dynamicsitestats[1].txt C:\Documents and Settings\Ankaya !!\Cookies\ankaya !!@advertising[2].txt C:\Documents and Settings\Ankaya !!\Cookies\ankaya [email protected][1].txt C:\Documents and Settings\Ankaya !!\Cookies\ankaya [email protected][2].txt C:\Documents and Settings\Ankaya !!\Cookies\ankaya [email protected][1].txt C:\Documents and Settings\Ankaya !!\Cookies\ankaya !!@indexstats[2].txt C:\Documents and Settings\Ankaya !!\Cookies\ankaya !!@fuckaroo[1].txt C:\Documents and Settings\Ankaya !!\Cookies\ankaya [email protected][2].txt C:\Documents and Settings\Ankaya !!\Cookies\ankaya !!@valueclick[1].txt C:\Documents and Settings\Ankaya !!\Cookies\ankaya !!@bravenet[2].txt C:\Documents and Settings\Ankaya !!\Cookies\ankaya !!@windowsmedia[1].txt C:\Documents and Settings\Ankaya !!\Cookies\ankaya [email protected][2].txt C:\Documents and Settings\Ankaya !!\Cookies\ankaya [email protected][1].txt C:\Documents and Settings\Ankaya !!\Cookies\ankaya !!@adecn[1].txt C:\Documents and Settings\Ankaya !!\Cookies\ankaya [email protected][2].txt C:\Documents and Settings\Ankaya !!\Cookies\ankaya !!@kontera[2].txt C:\Documents and Settings\Ankaya !!\Cookies\ankaya !!@realmedia[2].txt C:\Documents and Settings\Ankaya !!\Cookies\ankaya [email protected][1].txt C:\Documents and Settings\Ankaya !!\Cookies\ankaya !!@adultfriendfinder[2].txt C:\Documents and Settings\Ankaya !!\Cookies\ankaya [email protected][1].txt C:\Documents and Settings\Ankaya !!\Cookies\ankaya !!@clicksor[1].txt C:\Documents and Settings\Ankaya !!\Cookies\ankaya !!@fastclick[1].txt C:\Documents and Settings\Ankaya !!\Cookies\ankaya [email protected][1].txt C:\Documents and Settings\Ankaya !!\Cookies\ankaya !!@sextracker[1].txt C:\Documents and Settings\Ankaya !!\Cookies\ankaya !!@hotlog[2].txt C:\Documents and Settings\Ankaya !!\Cookies\ankaya [email protected][1].txt C:\Documents and Settings\Ankaya !!\Cookies\ankaya [email protected][2].txt C:\Documents and Settings\Ankaya !!\Cookies\ankaya !!@sexysms[1].txt C:\Documents and Settings\Ankaya !!\Cookies\ankaya !!@youporn[1].txt C:\Documents and Settings\Ankaya !!\Cookies\ankaya !!@casalemedia[1].txt C:\Documents and Settings\Ankaya !!\Cookies\ankaya !!@atdmt[2].txt C:\Documents and Settings\Ankaya !!\Cookies\ankaya !!@yadro[2].txt C:\Documents and Settings\Ankaya !!\Cookies\ankaya !!@overture[1].txt C:\Documents and Settings\Ankaya !!\Cookies\ankaya [email protected][2].txt C:\Documents and Settings\Ankaya !!\Cookies\ankaya !!@sexlist[1].txt C:\Documents and Settings\Ankaya !!\Cookies\ankaya !!@doubleclick[1].txt C:\Documents and Settings\kisn\Cookies\kisn@adbrite[1].txt C:\Documents and Settings\kisn\Cookies\kisn@specificclick[2].txt C:\Documents and Settings\kisn\Cookies\kisn@sextracker[1].txt C:\Documents and Settings\kisn\Cookies\kisn@casalemedia[2].txt C:\Documents and Settings\kisn\Cookies\[email protected][2].txt C:\Documents and Settings\kisn\Cookies\[email protected][1].txt C:\Documents and Settings\kisn\Cookies\kisn@adrevolver[2].txt C:\Documents and Settings\kisn\Cookies\kisn@serving-sys[2].txt C:\Documents and Settings\kisn\Cookies\[email protected][2].txt C:\Documents and Settings\kisn\Cookies\kisn@focalex[2].txt C:\Documents and Settings\kisn\Cookies\kisn@advertising[1].txt C:\Documents and Settings\kisn\Cookies\[email protected][1].txt C:\Documents and Settings\kisn\Cookies\kisn@atdmt[2].txt C:\Documents and Settings\kisn\Cookies\[email protected][2].txt C:\Documents and Settings\kisn\Cookies\kisn@adtech[2].txt C:\Documents and Settings\kisn\Cookies\kisn@atwola[2].txt C:\Documents and Settings\kisn\Cookies\[email protected][1].txt C:\Documents and Settings\kisn\Cookies\kisn@gostats[2].txt C:\Documents and Settings\kisn\Cookies\[email protected][1].txt C:\Documents and Settings\kisn\Cookies\kisn@adserver[1].txt C:\Documents and Settings\kisn\Cookies\[email protected][2].txt C:\Documents and Settings\kisn\Cookies\kisn@doubleclick[2].txt C:\Documents and Settings\kisn\Cookies\[email protected][1].txt C:\Documents and Settings\kisn\Cookies\[email protected][1].txt C:\Documents and Settings\kisn\Cookies\kisn@fastclick[2].txt C:\Documents and Settings\kisn\Cookies\[email protected][1].txt C:\Documents and Settings\kisn\Cookies\kisn@indexstats[2].txt C:\Documents and Settings\kisn\Cookies\kisn@revsci[2].txt C:\Documents and Settings\kisn\Cookies\[email protected][1].txt C:\Documents and Settings\kisn\Cookies\[email protected][2].txt C:\Documents and Settings\kisn\Cookies\kisn@tradedoubler[2].txt C:\Documents and Settings\kisn\Cookies\kisn@xiti[1].txt C:\Documents and Settings\kisn\Cookies\kisn@youporn[1].txt C:\Documents and Settings\kisn\Cookies\kisn@zedo[2].txt C:\Documents and Settings\Morten\Cookies\[email protected][2].txt C:\Documents and Settings\Morten\Cookies\morten@tradedoubler[2].txt C:\Documents and Settings\Stig\Cookies\stig@sextracker[2].txt C:\Documents and Settings\Stig\Cookies\[email protected][1].txt C:\Documents and Settings\Stig\Cookies\[email protected][1].txt C:\Documents and Settings\Stig\Cookies\[email protected][2].txt C:\Documents and Settings\Stig\Cookies\[email protected][1].txt C:\Documents and Settings\Stig\Cookies\[email protected][2].txt C:\Documents and Settings\Stig\Cookies\[email protected][2].txt C:\Documents and Settings\Stig\Cookies\[email protected][1].txt C:\Documents and Settings\Stig\Cookies\[email protected][2].txt C:\Documents and Settings\Stig\Cookies\[email protected][1].txt C:\Documents and Settings\Stig\Cookies\stig@partypoker[2].txt C:\Documents and Settings\Stig\Cookies\[email protected][1].txt C:\Documents and Settings\Stig\Cookies\[email protected][2].txt C:\Documents and Settings\Stig\Cookies\stig@casalemedia[1].txt C:\Documents and Settings\Stig\Cookies\[email protected][1].txt C:\Documents and Settings\Stig\Cookies\[email protected][1].txt C:\Documents and Settings\Stig\Cookies\stig@winantivirus[2].txt C:\Documents and Settings\Stig\Cookies\stig@adtech[2].txt C:\Documents and Settings\Stig\Cookies\[email protected][1].txt C:\Documents and Settings\Stig\Cookies\stig@atwola[1].txt C:\Documents and Settings\Stig\Cookies\stig@adrevolver[1].txt C:\Documents and Settings\Stig\Cookies\[email protected][2].txt C:\Documents and Settings\Stig\Cookies\stig@focalex[2].txt C:\Documents and Settings\Stig\Cookies\stig@sexlist[2].txt C:\Documents and Settings\Stig\Cookies\[email protected][1].txt C:\Documents and Settings\Stig\Cookies\[email protected][2].txt C:\Documents and Settings\Stig\Cookies\stig@tripod[1].txt C:\Documents and Settings\Stig\Cookies\[email protected][2].txt C:\Documents and Settings\Stig\Cookies\[email protected][1].txt C:\Documents and Settings\Stig\Cookies\[email protected][1].txt C:\Documents and Settings\Stig\Cookies\stig@specificclick[1].txt C:\Documents and Settings\Stig\Cookies\stig@webpower[1].txt C:\Documents and Settings\Stig\Cookies\[email protected][2].txt C:\Documents and Settings\Stig\Cookies\stig@fliptrack[1].txt C:\Documents and Settings\Stig\Cookies\[email protected][1].txt C:\Documents and Settings\Stig\Cookies\[email protected][1].txt C:\Documents and Settings\Stig\Cookies\[email protected][1].txt C:\Documents and Settings\Stig\Cookies\[email protected][1].txt C:\Documents and Settings\Stig\Cookies\stig@tribalfusion[2].txt C:\Documents and Settings\Stig\Cookies\[email protected][1].txt C:\Documents and Settings\Stig\Cookies\stig@dealtime[1].txt C:\Documents and Settings\Stig\Cookies\[email protected][1].txt C:\Documents and Settings\Stig\Cookies\stig@accounts[1].txt C:\Documents and Settings\Stig\Cookies\stig@twelvefifteen[2].txt C:\Documents and Settings\Stig\Cookies\[email protected][2].txt C:\Documents and Settings\Stig\Cookies\[email protected][2].txt C:\Documents and Settings\Stig\Cookies\[email protected][2].txt C:\Documents and Settings\Stig\Cookies\stig@accounts[2].txt C:\Documents and Settings\Stig\Cookies\[email protected][1].txt C:\Documents and Settings\Stig\Cookies\[email protected][2].txt C:\Documents and Settings\Stig\Cookies\stig@pornstarxs[2].txt C:\Documents and Settings\Stig\Cookies\[email protected][1].txt C:\Documents and Settings\Stig\Cookies\[email protected][1].txt C:\Documents and Settings\Stig\Cookies\[email protected][2].txt C:\Documents and Settings\Stig\Cookies\stig@serving-sys[3].txt C:\Documents and Settings\Stig\Cookies\[email protected][2].txt C:\Documents and Settings\Stig\Cookies\stig@serving-sys[1].txt C:\Documents and Settings\Stig\Cookies\[email protected][2].txt C:\Documents and Settings\Stig\Cookies\[email protected][1].txt C:\Documents and Settings\Stig\Cookies\stig@benningtonbanner[2].txt C:\Documents and Settings\Stig\Cookies\[email protected][2].txt C:\Documents and Settings\Stig\Cookies\[email protected][1].txt C:\Documents and Settings\Stig\Cookies\[email protected][1].txt C:\Documents and Settings\Stig\Cookies\stig@superstats[1].txt C:\Documents and Settings\Stig\Cookies\[email protected][1].txt C:\Documents and Settings\Stig\Cookies\stig@sexynatalie[2].txt C:\Documents and Settings\Stig\Cookies\stig@drivecleaner[1].txt C:\Documents and Settings\Stig\Cookies\stig@bravenet[2].txt C:\Documents and Settings\Stig\Cookies\[email protected][2].txt C:\Documents and Settings\Stig\Cookies\stig@admarketplace[1].txt C:\Documents and Settings\Stig\Cookies\stig@tradedoubler[1].txt C:\Documents and Settings\Stig\Cookies\[email protected][1].txt C:\Documents and Settings\Stig\Cookies\[email protected][1].txt C:\Documents and Settings\Stig\Cookies\[email protected][1].txt C:\Documents and Settings\Stig\Cookies\[email protected][2].txt C:\Documents and Settings\Stig\Cookies\[email protected][1].txt C:\Documents and Settings\Stig\Cookies\stig@smileycentral[2].txt C:\Documents and Settings\Stig\Cookies\stig@kontera[1].txt C:\Documents and Settings\Stig\Cookies\[email protected][2].txt C:\Documents and Settings\Stig\Cookies\stig@lt_stats[2].txt C:\Documents and Settings\Stig\Cookies\stig@count[1].txt C:\Documents and Settings\Stig\Cookies\[email protected][1].txt C:\Documents and Settings\Stig\Cookies\stig@overture[2].txt C:\Documents and Settings\Stig\Cookies\[email protected][2].txt C:\Documents and Settings\Stig\Cookies\[email protected][1].txt C:\Documents and Settings\Stig\Cookies\stig@indexstats[2].txt C:\Documents and Settings\Stig\Cookies\[email protected][1].txt C:\Documents and Settings\Stig\Cookies\[email protected][1].txt C:\Documents and Settings\Stig\Cookies\stig@revenue[2].txt C:\Documents and Settings\Stig\Cookies\stig@teenpinkvideos[1].txt C:\Documents and Settings\Stig\Cookies\stig@optimost[1].txt C:\Documents and Settings\Stig\Cookies\stig@gostats[2].txt C:\Documents and Settings\Stig\Cookies\[email protected][1].txt C:\Documents and Settings\Stig\Cookies\[email protected][1].txt C:\Documents and Settings\Stig\Cookies\stig@advertising[1].txt C:\Documents and Settings\Stig\Cookies\[email protected][1].txt C:\Documents and Settings\Stig\Cookies\stig@revsci[2].txt C:\Documents and Settings\Stig\Cookies\stig@bluestreak[2].txt C:\Documents and Settings\Stig\Cookies\stig@targetnet[1].txt C:\Documents and Settings\Stig\Cookies\stig@doubleclick[2].txt C:\Documents and Settings\Stig\Cookies\[email protected][3].txt C:\Documents and Settings\Stig\Cookies\stig@tacoda[1].txt C:\Documents and Settings\Stig\Cookies\[email protected][1].txt C:\Documents and Settings\Stig\Cookies\stig@webstats4u[1].txt C:\Documents and Settings\Stig\Cookies\[email protected][2].txt C:\Documents and Settings\Stig\Cookies\stig@eroticlick[1].txt C:\Documents and Settings\Stig\Cookies\[email protected][2].txt C:\Documents and Settings\Stig\Cookies\[email protected][1].txt C:\Documents and Settings\Stig\Cookies\[email protected][2].txt C:\Documents and Settings\Stig\Cookies\stig@hitbox[2].txt C:\Documents and Settings\Stig\Cookies\[email protected][1].txt C:\Documents and Settings\Stig\Cookies\[email protected][1].txt C:\Documents and Settings\Stig\Cookies\[email protected][1].txt C:\Documents and Settings\Stig\Cookies\[email protected][1].txt C:\Documents and Settings\Stig\Cookies\[email protected][1].txt C:\Documents and Settings\Stig\Cookies\[email protected][1].txt C:\Documents and Settings\Stig\Cookies\[email protected][1].txt C:\Documents and Settings\Stig\Cookies\[email protected][1].txt C:\Documents and Settings\Stig\Cookies\stig@valueclick[2].txt C:\Documents and Settings\Stig\Cookies\[email protected][1].txt C:\Documents and Settings\Stig\Cookies\stig@sexproadventures[1].txt C:\Documents and Settings\Stig\Cookies\[email protected][1].txt C:\Documents and Settings\Stig\Cookies\[email protected][1].txt C:\Documents and Settings\Stig\Cookies\[email protected][1].txt C:\Documents and Settings\Stig\Cookies\stig@burstnet[2].txt C:\Documents and Settings\Stig\Cookies\stig@statcounter[2].txt C:\Documents and Settings\Stig\Cookies\[email protected][2].txt C:\Documents and Settings\Stig\Cookies\stig@adbrite[2].txt C:\Documents and Settings\Stig\Cookies\[email protected][1].txt C:\Documents and Settings\Stig\Cookies\[email protected][1].txt C:\Documents and Settings\Stig\Cookies\[email protected][1].txt C:\Documents and Settings\Stig\Cookies\[email protected][1].txt C:\Documents and Settings\Stig\Cookies\[email protected][2].txt C:\Documents and Settings\Stig\Cookies\[email protected][2].txt C:\Documents and Settings\Stig\Cookies\stig@pornoarkivet[1].txt C:\Documents and Settings\Stig\Cookies\stig@realmedia[2].txt C:\Documents and Settings\Stig\Cookies\stig@karasxxx[1].txt C:\Documents and Settings\Stig\Cookies\[email protected][1].txt C:\Documents and Settings\Stig\Cookies\[email protected][1].txt C:\Documents and Settings\Stig\Cookies\[email protected][1].txt C:\Documents and Settings\Stig\Cookies\[email protected][1].txt C:\Documents and Settings\Stig\Cookies\[email protected][2].txt C:\Documents and Settings\Stig\Cookies\stig@medianewsgroup[2].txt C:\Documents and Settings\Stig\Cookies\[email protected][1].txt C:\Documents and Settings\Stig\Cookies\stig@fastclick[2].txt C:\Documents and Settings\Stig\Cookies\[email protected][2].txt C:\Documents and Settings\Stig\Cookies\[email protected][1].txt C:\Documents and Settings\Stig\Cookies\stig@adultadworld[2].txt C:\Documents and Settings\Stig\Cookies\[email protected][2].txt C:\Documents and Settings\Stig\Cookies\stig@atdmt[2].txt C:\Documents and Settings\Stig\Cookies\[email protected][2].txt C:\Documents and Settings\Stig\Cookies\[email protected][1].txt C:\Documents and Settings\Stig\Cookies\[email protected][2].txt C:\Documents and Settings\Stig\Cookies\stig@upspiral[2].txt C:\Documents and Settings\Stig\Cookies\[email protected][1].txt C:\Documents and Settings\Stig\Cookies\stig@2o7[2].txt C:\Documents and Settings\Stig\Cookies\[email protected][1].txt C:\Documents and Settings\Stig\Cookies\[email protected][2].txt C:\Documents and Settings\Stig\Cookies\stig@bfast[2].txt C:\Documents and Settings\Stig\Cookies\[email protected][2].txt C:\Documents and Settings\Stig\Cookies\[email protected][1].txt C:\Documents and Settings\Stig\Cookies\[email protected][2].txt C:\Documents and Settings\Stig\Cookies\[email protected][1].txt C:\Documents and Settings\Stig\Cookies\[email protected][1].txt C:\Documents and Settings\Stig\Cookies\stig@247realmedia[2].txt C:\Documents and Settings\Stig\Cookies\[email protected][1].txt C:\Documents and Settings\Stig\Cookies\[email protected][2].txt C:\Documents and Settings\Stig\Cookies\stig@clicksor[1].txt C:\Documents and Settings\Stig\Cookies\[email protected][1].txt C:\Documents and Settings\Stig\Cookies\stig@fuckthatasian[1].txt C:\Documents and Settings\Stig\Cookies\stig@indextools[2].txt C:\Documents and Settings\Stig\Cookies\stig@insightexpressai[1].txt C:\Documents and Settings\Stig\Cookies\stig@kanoodle[2].txt C:\Documents and Settings\Stig\Cookies\stig@mediaplex[1].txt C:\Documents and Settings\Stig\Cookies\[email protected][2].txt C:\Documents and Settings\Stig\Cookies\[email protected][1].txt C:\Documents and Settings\Stig\Cookies\stig@netmediagroup[2].txt C:\Documents and Settings\Stig\Cookies\stig@questionmarket[1].txt C:\Documents and Settings\Stig\Cookies\stig@xxxcounter[1].txt C:\Documents and Settings\Stig\Cookies\stig@youporn[2].txt C:\Documents and Settings\Stig\Cookies\stig@zedo[1].txt C:\Documents and Settings\Stig\Lokale innstillinger\Temp\Cookies\stig@casalemedia[2].txt C:\Documents and Settings\Stig\Lokale innstillinger\Temp\Cookies\[email protected][1].txt C:\Documents and Settings\Stig\Lokale innstillinger\Temp\Cookies\[email protected][2].txt C:\Documents and Settings\Stig\Lokale innstillinger\Temp\Cookies\stig@advertising[2].txt C:\Documents and Settings\Stig\Lokale innstillinger\Temp\Cookies\stig@weborama[1].txt C:\Documents and Settings\Stig\Lokale innstillinger\Temp\Cookies\stig@adbrite[2].txt C:\Documents and Settings\Stig\Lokale innstillinger\Temp\Cookies\stig@adultadworld[2].txt C:\Documents and Settings\Stig\Lokale innstillinger\Temp\Cookies\[email protected][2].txt C:\Documents and Settings\Stig\Lokale innstillinger\Temp\Cookies\[email protected][1].txt C:\Documents and Settings\Stig\Lokale innstillinger\Temp\Cookies\[email protected][1].txt C:\Documents and Settings\Stig\Lokale innstillinger\Temp\Cookies\stig@atdmt[1].txt C:\Documents and Settings\Stig\Lokale innstillinger\Temp\Cookies\stig@doubleclick[1].txt C:\Documents and Settings\Stig\Lokale innstillinger\Temp\Cookies\[email protected][2].txt C:\Documents and Settings\Stig\Lokale innstillinger\Temp\Cookies\[email protected][1].txt C:\Documents and Settings\Stig\Lokale innstillinger\Temp\Cookies\[email protected][1].txt C:\Documents and Settings\Stig\Lokale innstillinger\Temp\Cookies\stig@mediaplex[1].txt C:\Documents and Settings\Stig\Lokale innstillinger\Temp\Cookies\stig@serving-sys[2].txt C:\Documents and Settings\Stig\Lokale innstillinger\Temp\Cookies\[email protected][1].txt C:\Documents and Settings\Stig\Lokale innstillinger\Temp\Cookies\stig@tradedoubler[2].txt C:\Documents and Settings\Stig\Lokale innstillinger\Temp\Cookies\[email protected][1].txt C:\Documents and Settings\Stig\Lokale innstillinger\Temp\Cookies\stig@youporn[2].txt adserv.pitchforkmedia.com [ C:\Documents and Settings\Stig\Programdata\Mozilla\Firefox\Profiles\mcfvgrql.default\cookies.txt ] .atdmt.com [ C:\Documents and Settings\Stig\Programdata\Mozilla\Firefox\Profiles\mcfvgrql.default\cookies.txt ] .advertising.com [ C:\Documents and Settings\Stig\Programdata\Mozilla\Firefox\Profiles\mcfvgrql.default\cookies.txt ] .advertising.com [ C:\Documents and Settings\Stig\Programdata\Mozilla\Firefox\Profiles\mcfvgrql.default\cookies.txt ] .advertising.com [ C:\Documents and Settings\Stig\Programdata\Mozilla\Firefox\Profiles\mcfvgrql.default\cookies.txt ] .advertising.com [ C:\Documents and Settings\Stig\Programdata\Mozilla\Firefox\Profiles\mcfvgrql.default\cookies.txt ] .2o7.net [ C:\Documents and Settings\Stig\Programdata\Mozilla\Firefox\Profiles\mcfvgrql.default\cookies.txt ] .2o7.net [ C:\Documents and Settings\Stig\Programdata\Mozilla\Firefox\Profiles\mcfvgrql.default\cookies.txt ] .2o7.net [ C:\Documents and Settings\Stig\Programdata\Mozilla\Firefox\Profiles\mcfvgrql.default\cookies.txt ] .2o7.net [ C:\Documents and Settings\Stig\Programdata\Mozilla\Firefox\Profiles\mcfvgrql.default\cookies.txt ] .2o7.net [ C:\Documents and Settings\Stig\Programdata\Mozilla\Firefox\Profiles\mcfvgrql.default\cookies.txt ] .2o7.net [ C:\Documents and Settings\Stig\Programdata\Mozilla\Firefox\Profiles\mcfvgrql.default\cookies.txt ] .2o7.net [ C:\Documents and Settings\Stig\Programdata\Mozilla\Firefox\Profiles\mcfvgrql.default\cookies.txt ] .atwola.com [ C:\Documents and Settings\Stig\Programdata\Mozilla\Firefox\Profiles\mcfvgrql.default\cookies.txt ] .doubleclick.net [ C:\Documents and Settings\Stig\Programdata\Mozilla\Firefox\Profiles\mcfvgrql.default\cookies.txt ] .hitbox.com [ C:\Documents and Settings\Stig\Programdata\Mozilla\Firefox\Profiles\mcfvgrql.default\cookies.txt ] .ehg-hitent.hitbox.com [ C:\Documents and Settings\Stig\Programdata\Mozilla\Firefox\Profiles\mcfvgrql.default\cookies.txt ] .hitbox.com [ C:\Documents and Settings\Stig\Programdata\Mozilla\Firefox\Profiles\mcfvgrql.default\cookies.txt ] .imrworldwide.com [ C:\Documents and Settings\Stig\Programdata\Mozilla\Firefox\Profiles\mcfvgrql.default\cookies.txt ] .imrworldwide.com [ C:\Documents and Settings\Stig\Programdata\Mozilla\Firefox\Profiles\mcfvgrql.default\cookies.txt ] .adtech.de [ C:\Documents and Settings\Stig\Programdata\Mozilla\Firefox\Profiles\mcfvgrql.default\cookies.txt ] .adtech.de [ C:\Documents and Settings\Stig\Programdata\Mozilla\Firefox\Profiles\mcfvgrql.default\cookies.txt ] track.adform.net [ C:\Documents and Settings\Stig\Programdata\Mozilla\Firefox\Profiles\mcfvgrql.default\cookies.txt ] track.adform.net [ C:\Documents and Settings\Stig\Programdata\Mozilla\Firefox\Profiles\mcfvgrql.default\cookies.txt ] .tradedoubler.com [ C:\Documents and Settings\Stig\Programdata\Mozilla\Firefox\Profiles\mcfvgrql.default\cookies.txt ] .tradedoubler.com [ C:\Documents and Settings\Stig\Programdata\Mozilla\Firefox\Profiles\mcfvgrql.default\cookies.txt ] track.adform.net [ C:\Documents and Settings\Stig\Programdata\Mozilla\Firefox\Profiles\mcfvgrql.default\cookies.txt ] track.adform.net [ C:\Documents and Settings\Stig\Programdata\Mozilla\Firefox\Profiles\mcfvgrql.default\cookies.txt ] track.adform.net [ C:\Documents and Settings\Stig\Programdata\Mozilla\Firefox\Profiles\mcfvgrql.default\cookies.txt ] track.adform.net [ C:\Documents and Settings\Stig\Programdata\Mozilla\Firefox\Profiles\mcfvgrql.default\cookies.txt ] track.adform.net [ C:\Documents and Settings\Stig\Programdata\Mozilla\Firefox\Profiles\mcfvgrql.default\cookies.txt ] track.adform.net [ C:\Documents and Settings\Stig\Programdata\Mozilla\Firefox\Profiles\mcfvgrql.default\cookies.txt ] track.adform.net [ C:\Documents and Settings\Stig\Programdata\Mozilla\Firefox\Profiles\mcfvgrql.default\cookies.txt ] track.adform.net [ C:\Documents and Settings\Stig\Programdata\Mozilla\Firefox\Profiles\mcfvgrql.default\cookies.txt ] track.adform.net [ C:\Documents and Settings\Stig\Programdata\Mozilla\Firefox\Profiles\mcfvgrql.default\cookies.txt ] track.adform.net [ C:\Documents and Settings\Stig\Programdata\Mozilla\Firefox\Profiles\mcfvgrql.default\cookies.txt ] track.adform.net [ C:\Documents and Settings\Stig\Programdata\Mozilla\Firefox\Profiles\mcfvgrql.default\cookies.txt ] .mediaplex.com [ C:\Documents and Settings\Stig\Programdata\Mozilla\Firefox\Profiles\mcfvgrql.default\cookies.txt ] ad1.emediate.dk [ C:\Documents and Settings\Stig\Programdata\Mozilla\Firefox\Profiles\mcfvgrql.default\cookies.txt ] ad1.emediate.dk [ C:\Documents and Settings\Stig\Programdata\Mozilla\Firefox\Profiles\mcfvgrql.default\cookies.txt ] e2.emediate.se [ C:\Documents and Settings\Stig\Programdata\Mozilla\Firefox\Profiles\mcfvgrql.default\cookies.txt ] e2.emediate.se [ C:\Documents and Settings\Stig\Programdata\Mozilla\Firefox\Profiles\mcfvgrql.default\cookies.txt ] .fastclick.net [ C:\Documents and Settings\Stig\Programdata\Mozilla\Firefox\Profiles\mcfvgrql.default\cookies.txt ] .fastclick.net [ C:\Documents and Settings\Stig\Programdata\Mozilla\Firefox\Profiles\mcfvgrql.default\cookies.txt ] .fastclick.net [ C:\Documents and Settings\Stig\Programdata\Mozilla\Firefox\Profiles\mcfvgrql.default\cookies.txt ] .fastclick.net [ C:\Documents and Settings\Stig\Programdata\Mozilla\Firefox\Profiles\mcfvgrql.default\cookies.txt ] .fastclick.net [ C:\Documents and Settings\Stig\Programdata\Mozilla\Firefox\Profiles\mcfvgrql.default\cookies.txt ] ad.yieldmanager.com [ C:\Documents and Settings\Stig\Programdata\Mozilla\Firefox\Profiles\mcfvgrql.default\cookies.txt ] ad.yieldmanager.com [ C:\Documents and Settings\Stig\Programdata\Mozilla\Firefox\Profiles\mcfvgrql.default\cookies.txt ] ad.yieldmanager.com [ C:\Documents and Settings\Stig\Programdata\Mozilla\Firefox\Profiles\mcfvgrql.default\cookies.txt ] ad.yieldmanager.com [ C:\Documents and Settings\Stig\Programdata\Mozilla\Firefox\Profiles\mcfvgrql.default\cookies.txt ] .casalemedia.com [ C:\Documents and Settings\Stig\Programdata\Mozilla\Firefox\Profiles\mcfvgrql.default\cookies.txt ] .casalemedia.com [ C:\Documents and Settings\Stig\Programdata\Mozilla\Firefox\Profiles\mcfvgrql.default\cookies.txt ] .casalemedia.com [ C:\Documents and Settings\Stig\Programdata\Mozilla\Firefox\Profiles\mcfvgrql.default\cookies.txt ] .revsci.net [ C:\Documents and Settings\Stig\Programdata\Mozilla\Firefox\Profiles\mcfvgrql.default\cookies.txt ] .revsci.net [ C:\Documents and Settings\Stig\Programdata\Mozilla\Firefox\Profiles\mcfvgrql.default\cookies.txt ] .ehg-sigames.hitbox.com [ C:\Documents and Settings\Stig\Programdata\Mozilla\Firefox\Profiles\mcfvgrql.default\cookies.txt ] .adserver.easyad.info [ C:\Documents and Settings\Stig\Programdata\Mozilla\Firefox\Profiles\mcfvgrql.default\cookies.txt ] .adserver.easyad.info [ C:\Documents and Settings\Stig\Programdata\Mozilla\Firefox\Profiles\mcfvgrql.default\cookies.txt ] .statcounter.com [ C:\Documents and Settings\Stig\Programdata\Mozilla\Firefox\Profiles\mcfvgrql.default\cookies.txt ] .tacoda.net [ C:\Documents and Settings\Stig\Programdata\Mozilla\Firefox\Profiles\mcfvgrql.default\cookies.txt ] .tacoda.net [ C:\Documents and Settings\Stig\Programdata\Mozilla\Firefox\Profiles\mcfvgrql.default\cookies.txt ] .tacoda.net [ C:\Documents and Settings\Stig\Programdata\Mozilla\Firefox\Profiles\mcfvgrql.default\cookies.txt ] .maxserving.com [ C:\Documents and Settings\Stig\Programdata\Mozilla\Firefox\Profiles\mcfvgrql.default\cookies.txt ] .maxserving.com [ C:\Documents and Settings\Stig\Programdata\Mozilla\Firefox\Profiles\mcfvgrql.default\cookies.txt ] Adware.180solutions/Seekmo HKLM\Software\seekmo C:\Programfiler\Seekmo\seekmoau.dat C:\Programfiler\Seekmo\seekmo_gdf.dat C:\Programfiler\Seekmo\seekmo_hpk.dat C:\Programfiler\Seekmo\seekmo_kyf.dat C:\Programfiler\Seekmo C:\Documents and Settings\All Users\Start-meny\Programmer\Seekmo Search Assistant\Seekmo Customer Support.url C:\Documents and Settings\All Users\Start-meny\Programmer\Seekmo Search Assistant\Seekmo.com.url C:\Documents and Settings\All Users\Start-meny\Programmer\Seekmo Search Assistant\Uninstall Seekmo Instructions.lnk C:\Documents and Settings\All Users\Start-meny\Programmer\Seekmo Search Assistant Trojan.Downloader-Gen/Suspicious C:\DOCUMENTS AND SETTINGS\STIG\LOKALE INNSTILLINGER\TEMP\TEMPORARY INTERNET FILES\CONTENT.IE5\SDIZS1IB\NAKED0453[1].COM Trojan.Dropper/SVCHost-Fake C:\WINDOWS\SVCHOST.EXE COMBO FIX ComboFix 08-07-07.3 - Morten 2008-07-09 1:36:03.1 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1044.18.223 [GMT 2:00] Running from: C:\Documents and Settings\Morten\Skrivebord\ComboFix.exe * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((( Files Created from 2008-06-08 to 2008-07-08 ))))))))))))))))))))))))))))))) . 2008-07-09 00:26 . 2008-07-09 00:26 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\SUPERAntiSpyware.com 2008-07-09 00:25 . 2008-07-09 00:25 <DIR> d-------- C:\Programfiler\SUPERAntiSpyware 2008-07-09 00:25 . 2008-07-09 00:25 <DIR> d-------- C:\Documents and Settings\Morten\Programdata\SUPERAntiSpyware.com 2008-07-09 00:06 . 2008-07-09 00:06 <DIR> d-------- C:\Programfiler\Opera 2008-07-08 23:51 . 2008-07-08 23:51 <DIR> d-------- C:\Programfiler\uTorrent 2008-07-08 23:51 . 2008-07-09 00:33 <DIR> d-------- C:\Documents and Settings\Morten\Programdata\uTorrent 2008-07-08 23:31 . 2008-07-08 23:31 268 --ah----- C:\sqmdata00.sqm 2008-07-08 23:31 . 2008-07-08 23:31 244 --ah----- C:\sqmnoopt00.sqm 2008-07-08 21:49 . 2008-07-08 21:49 <DIR> d-------- C:\Programfiler\SystemRequirementsLab 2008-07-08 21:29 . 2008-07-08 21:29 <DIR> d---s---- C:\Documents and Settings\Morten\UserData 2008-07-08 16:32 . 2008-07-08 16:32 <DIR> d-------- C:\Programfiler\Lavasoft 2008-07-08 16:32 . 2008-07-08 16:32 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Lavasoft 2008-07-08 16:31 . 2008-07-09 00:25 <DIR> d-------- C:\Programfiler\Fellesfiler\Wise Installation Wizard 2008-07-08 16:28 . 2008-07-08 16:28 <DIR> d-------- C:\Documents and Settings\Morten\Programdata\Lavasoft 2008-07-08 16:20 . 2008-07-08 16:20 <DIR> d-------- C:\Programfiler\CCleaner 2008-07-08 16:20 . 2008-07-09 01:46 <DIR> dr-h----- C:\Documents and Settings\Morten\Siste 2008-07-08 15:47 . 2008-07-08 16:46 <DIR> d-------- C:\Documents and Settings\Morten\Contacts 2008-07-08 15:40 . 2008-07-08 23:51 <DIR> dr------- C:\Documents and Settings\Morten\Start-meny 2008-07-08 15:40 . 2006-01-13 17:26 <DIR> d--h----- C:\Documents and Settings\Morten\Skrivere 2008-07-08 15:40 . 2008-07-09 01:35 <DIR> d-------- C:\Documents and Settings\Morten\Skrivebord 2008-07-08 15:40 . 2008-07-08 15:40 <DIR> d-------- C:\Documents and Settings\Morten\Programdata\Teleca 2008-07-08 15:40 . 2008-07-09 00:25 <DIR> dr-h----- C:\Documents and Settings\Morten\Programdata 2008-07-08 15:40 . 2008-07-08 15:48 <DIR> dr------- C:\Documents and Settings\Morten\Mine dokumenter 2008-07-08 15:40 . 2006-01-13 16:31 <DIR> d--h----- C:\Documents and Settings\Morten\Maler 2008-07-08 15:40 . 2008-07-09 01:41 <DIR> d--h----- C:\Documents and Settings\Morten\Lokale innstillinger 2008-07-08 15:40 . 2008-07-08 15:40 <DIR> dr------- C:\Documents and Settings\Morten\Favoritter 2008-07-08 15:40 . 2006-01-13 17:26 <DIR> d--h----- C:\Documents and Settings\Morten\AndrMask 2008-07-08 15:40 . 2008-07-08 21:29 <DIR> d-------- C:\Documents and Settings\Morten . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-07-08 22:01 --------- d-----w C:\Programfiler\OpenOffice.org 2.0 2008-07-08 14:29 --------- d-----w C:\Documents and Settings\Stig\Programdata\Lavasoft 2008-07-08 12:20 --------- d-----w C:\Documents and Settings\Stig\Programdata\OpenOffice.org2 2008-05-23 11:03 --------- d-----w C:\Programfiler\Fellesfiler\Vivendi Universal Games 2008-05-23 11:03 --------- d-----w C:\Programfiler\Barbie 2008-05-23 11:03 --------- d-----w C:\Documents and Settings\All Users\Programdata\Vivendi Universal Games 2008-05-16 09:58 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 14:00 15360] "swg"="C:\Programfiler\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-09 14:39 68856] "msnmsgr"="C:\Programfiler\MSN Messenger\msnmsgr.exe" [2007-01-19 12:54 5674352] "SUPERAntiSpyware"="C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-05-28 10:33 1506544] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SiSUSBRG"="C:\WINDOWS\SiSUSBrg.exe" [2005-01-26 18:12 106496] "Hotplug"="C:\Programfiler\Silicon Integrated Systems\SiSRaidPackage\hot_plug.exe" [2005-05-05 21:10 290816] "SiSRaid"="C:\Programfiler\Silicon Integrated Systems\SiSRaidPackage\SRaid.exe" [2005-05-18 15:44 905216] "Easy-PrintToolBox"="C:\Programfiler\Canon\Easy-PrintToolBox\BJPSMAIN.EXE" [2004-01-14 03:10 409600] "SunJavaUpdateSched"="C:\Programfiler\Java\jre1.5.0_10\bin\jusched.exe" [2006-11-09 16:07 49263] "Sony Ericsson PC Suite"="C:\Programfiler\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2005-10-26 16:17 159744] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] "NCInstallQueue"="netman.dll" [2005-08-22 20:36 197632 C:\WINDOWS\system32\netman.dll] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 14:00 15360] C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\ Ralink Wireless Utility.lnk - C:\Programfiler\RALINK\Common\RaUI.exe [2007-08-09 13:36:18 606208] Utility Tray.lnk - C:\WINDOWS\system32\sistray.exe [2006-01-16 13:27:07 331776] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Programfiler\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 10:13 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2007-04-19 13:41 294912 C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\StubInstaller.exe"= "C:\\Programfiler\\LimeWire\\LimeWire.exe"= "C:\\WINDOWS\\system32\\usmt\\migwiz.exe"= "C:\\Programfiler\\MSN Messenger\\msnmsgr.exe"= "C:\\Programfiler\\MSN Messenger\\livecall.exe"= S3 AN983;ADMtek AN983/AN985/ADM951X 10/100Mbps Fast Ethernet-kort;C:\WINDOWS\system32\DRIVERS\AN983.sys [2004-08-03 22:31] S3 P1130VID;Creative WebCam NX Pro;C:\WINDOWS\system32\DRIVERS\P1130Vid.sys [2003-06-11 16:00] S3 ZDCndis5;ZDCndis5 Protocol Driver;C:\WINDOWS\system32\ZDCndis5.SYS [] *Newly Created Service* - CATCHME . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-07-09 01:47:53 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2008-07-09 1:51:47 ComboFix-quarantined-files.txt 2008-07-08 23:51:45 Pre-Run: 15,917,264,896 byte ledig Post-Run: 18,226,462,720 byte ledig 104 --- E O F --- 2008-05-16 22:01:47 Hijackthis Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 01:59:59, on 09.07.2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Programfiler\Lavasoft\Ad-Aware\aawservice.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\HPZipm12.exe C:\Programfiler\Analog Devices\SoundMAX\SMAgent.exe C:\WINDOWS\system32\svchost.exe C:\Programfiler\Java\jre1.5.0_10\bin\jusched.exe C:\Programfiler\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe C:\WINDOWS\system32\ctfmon.exe C:\Programfiler\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Programfiler\MSN Messenger\msnmsgr.exe C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Programfiler\Fellesfiler\Teleca Shared\CapabilityManager.exe C:\WINDOWS\system32\sistray.exe C:\Programfiler\Fellesfiler\Teleca Shared\Generic.exe C:\Programfiler\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe C:\Programfiler\Java\jre1.5.0_10\bin\jucheck.exe C:\WINDOWS\explorer.exe C:\Programfiler\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\SNDVOL32.EXE C:\Documents and Settings\Morten\Skrivebord\Ny mappe\test.exe.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - (no file) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.5.0_10\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programfiler\google\googletoolbar3.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programfiler\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Programfiler\Canon\Easy-WebPrint\Toolband.dll O3 - Toolbar: (no name) - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - (no file) O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programfiler\google\googletoolbar3.dll O4 - HKLM\..\Run: [siSUSBRG] C:\WINDOWS\SiSUSBrg.exe O4 - HKLM\..\Run: [Hotplug] C:\Programfiler\Silicon Integrated Systems\SiSRaidPackage\hot_plug.exe O4 - HKLM\..\Run: [siSRaid] C:\Programfiler\Silicon Integrated Systems\SiSRaidPackage\SRaid.exe O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Programfiler\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programfiler\Java\jre1.5.0_10\bin\jusched.exe" O4 - HKLM\..\Run: [sony Ericsson PC Suite] "C:\Programfiler\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions O4 - HKLM\..\RunOnce: [NCInstallQueue] rundll32 netman.dll,ProcessQueue O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] C:\Programfiler\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Programfiler\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETTVERKSTJENESTE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Ralink Wireless Utility.lnk = C:\Programfiler\RALINK\Common\RaUI.exe O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0_10\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0_10\bin\ssv.dll O9 - Extra button: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Programfiler\UltimateBet\UltimateBet.exe O9 - Extra 'Tools' menuitem: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Programfiler\UltimateBet\UltimateBet.exe O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programfiler\PartyGaming\PartyPoker\RunApp.exe (file missing) O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programfiler\PartyGaming\PartyPoker\RunApp.exe (file missing) O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.srtest.com/srl_bin/sysreqlab3.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://kisn1986.spaces.msn.com//PhotoUpload/MsnPUpld.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://www.popcap.com/games/popcaploader_v6.cab O20 - Winlogon Notify: !SASWinLogon - C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Programfiler\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Programfiler\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Norman API-hooking helper (NipSvc) - Unknown owner - C:\Norman\Nvc\BIN\nipsvc.exe (file missing) O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programfiler\Analog Devices\SoundMAX\SMAgent.exe -- End of file - 6661 bytes Lenke til kommentar
r2d290 Skrevet 9. juli 2008 Del Skrevet 9. juli 2008 (endret) edit: du har C:\Programfiler\UltimateBet\UltimateBet.exe på pc-en. Den kan du avinstallere hvis den ikke blir brukt. Gå til http://virusscan.jotti.org , trykk på Browse, og last opp følgende fil til analyse: C:\WINDOWS\system32\netman.dll Deretter trykker du på Submit. Godta at filen blir scannet. Til slutt kopierer du resultatet, og limer det inn i din neste post, så jeg kan se på den, og vurdere hva som må gjøres videre. Start HijackThis Velg: Do a systemscan only Sett en hake i boksene foran disse linjene: O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - (no file) O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O3 - Toolbar: (no name) - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - (no file) O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programfiler\PartyGaming\PartyPoker\RunApp.exe (file missing) O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programfiler\PartyGaming\PartyPoker\RunApp.exe (file missing) Avslutt alle vinduer og nettlesere (også dette du leser fra), og trykk Fix checked. Merk: Hvis du blir spurt om å bekrefte å fikse en linje, bekrefter du dette. Deretter restarter du maskinen, og lager en ny logg: Start HijackThis Velg: Do a systemscan, and save a logfile Post denne loggen i din neste post. Fortell også hvordan det går med maskinen. Post også en ny combofix-logg. Endret 9. juli 2008 av r2d290 Lenke til kommentar
Bludd Skrevet 10. juli 2008 Del Skrevet 10. juli 2008 C:\Documents and Settings\Morten\Skrivebord\Ny mappe\test.exe.exe Litt luguber, har du laget denne fila selv? Hvis ikke bør du fjerne den. Lenke til kommentar
r2d290 Skrevet 10. juli 2008 Del Skrevet 10. juli 2008 (endret) test.exe er nok HijackThis. Grunnen til at det ble test.exe.exe er fordi trådstarter ikke har skrudd på å vise filetternavn. Grunnen til dette filnavnet, kommer av norbat sin beskjed Man bør forandre programnavnet, hijackthis.exe, til noe annet, eks. test.exe før man kjører programmet da div. spyware har begynt å gjemme seg for program som heter hijackthis. Dette betyr nok at den fila er trygg Endret 10. juli 2008 av r2d290 Lenke til kommentar
Bludd Skrevet 10. juli 2008 Del Skrevet 10. juli 2008 Skjønner. Hijackthis-folkene burde heller implementere dette i selve programmet slik som Mark Russinovich har gjort med flere av Sysinternals-programmene. Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå