Kazento Skrevet 30. juli 2008 Del Skrevet 30. juli 2008 (endret) hey hey.... jeg føler at jeg scanner/sletter direrse sånne ting med SAS nesten hele tida så fort jeg har fjerna noe føler jeg at den alltid finner noen nytt igjen kan noen sjekke om det kansje er noe den ikke får med seg Hijackthis loggfil Klikk for å se/fjerne innholdet nedenfor Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 00:08:58, on 31.07.2008 Platform: Windows Vista (WinNT 6.00.1904) MSIE: Internet Explorer v7.00 (7.00.6000.16681) Boot mode: Normal Running processes: C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\RtHDVCpl.exe C:\Program Files\Winamp\winampa.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe C:\Windows\System32\rundll32.exe C:\Windows\System32\rundll32.exe C:\Windows\System32\rundll32.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe C:\Program Files\DAEMON Tools Lite\daemon.exe C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe C:\Program Files\DNA\btdna.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Program Files\Sacor\Sacor.exe C:\Program Files\mjc\mjc.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe C:\Program Files\Mozilla Firefox 3 Beta 3\firefox.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\Windows\system32\conime.exe C:\Windows\system32\SearchFilterHost.exe C:\Program Files\Trend Micro\HijackThis\OterLars.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.daemon-search.com/startpage R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: targetedbanner browser optimizer - {25c33154-988a-5a54-1cf3-ae03e27af58c} - C:\Windows\system32\auhpikajisxobodwu.dll O2 - BHO: (no name) - {68950839-2675-49E2-B6A5-442E0B0D1BA4} - (no file) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: Påloggingshjelp for Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: (no name) - {92B468B7-86D1-4938-AB1C-3C5B508689DB} - (no file) O2 - BHO: {fb3ea106-0430-d898-0324-3a5a3fe85d79} - {97d58ef3-a5a3-4230-898d-0340601ae3bf} - C:\Windows\system32\rpibzj.dll (file missing) O2 - BHO: (no name) - {9F6BCFFE-EE49-46A7-A566-41229D70F789} - (no file) O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [startCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [585d0f21] rundll32.exe "C:\Windows\system32\eutcgita.dll",b O4 - HKLM\..\Run: [{245ef5f1-52c4-f6b0-aafa-6d8011db1c34}] C:\Windows\System32\Rundll32.exe "C:\Windows\system32\auhpikajisxobodwu.dll" DllStart O4 - HKLM\..\Run: [OutpostFeedBack] "C:\Program Files\Agnitum\Outpost Antivirus Pro\feedback.exe" /dump:os_startup O4 - HKLM\..\Run: [OutpostMonitor] C:\PROGRA~1\Agnitum\OUTPOS~1\op_mon.exe /tray /noservice O4 - HKLM\..\Run: [bM5b6e3cbd] Rundll32.exe "C:\Windows\system32\ityhuyjs.dll",s O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun O4 - HKCU\..\Run: [steam] C:\Program Files\Valve\Steam\\Steam.exe -silent O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [bitTorrent DNA] "C:\Program Files\DNA\btdna.exe" O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKCU\..\Run: [sacor] C:\Program Files\Sacor\Sacor.exe O4 - HKCU\..\Run: [mjc] C:\Program Files\mjc\mjc.exe O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETTVERKSTJENESTE') O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~3.0_0\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~3.0_0\bin\ssv.dll O9 - Extra button: Send til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O13 - Gopher Prefix: O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - AppInit_DLLs: c:\progra~1\agnitum\outpos~1\wl_hook.dll O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O23 - Service: Agnitum Client Security Service (acssrv) - Agnitum Ltd. - C:\PROGRA~1\Agnitum\OUTPOS~1\acs.exe O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe -- End of file - 7087 bytes Endret 30. juli 2008 av Kazento Lenke til kommentar
snippsat Skrevet 30. juli 2008 Del Skrevet 30. juli 2008 Ja du har noe grums. Last Combofix ned ,legg på skrivebordet. Ikke klikk på vindu mens programet kjører. post logg C:\combofix.txt Lenke til kommentar
Svenni212000 Skrevet 30. juli 2008 Del Skrevet 30. juli 2008 Lim inn HJT loggen her og kjør en annalyse http://www.hijackthis.de/en Du kan også brenne ut og kjøre en scan med Avira AntiVir Rescue System http://www.free-av.com/en/tools/12/avira_a...cue_system.html Lenke til kommentar
Kazento Skrevet 30. juli 2008 Forfatter Del Skrevet 30. juli 2008 combofix loggen Klikk for å se/fjerne innholdet nedenfor ComboFix 08-07-29.1 - Kazento 2008-07-31 0:43:04.2 - NTFSx86 Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1044.18.866 [GMT 2:00] Running from: C:\Users\Kazento\Downloads\ComboFix.exe * Created a new restore point * Resident AV is active . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Program Files\mjc C:\Program Files\mjc\mjc.exe C:\Temp\1cb C:\Temp\1cb\syscheck.log C:\Users\Kazento\AppData\Local\Microsoft\Windows\Temporary Internet Files\bestwiner.stt C:\Windows\b155.exe C:\Windows\b156.exe C:\Windows\cookies.ini C:\Windows\crosof~1.net C:\Windows\crosof~1.net\??crosoft.NET\ C:\Windows\stem32~1 C:\Windows\System32\atigctue.ini C:\Windows\system32\auhpikajisxobodwu.dll C:\Windows\system32\eoofahra.dll C:\Windows\system32\eutcgita.dll C:\Windows\system32\ityhuyjs.dll C:\Windows\System32\JjSYGjlm.ini C:\Windows\System32\JjSYGjlm.ini2 C:\Windows\System32\kjkmmSDd.ini C:\Windows\System32\kjkmmSDd.ini2 C:\Windows\system32\mcrh.tmp C:\Windows\system32\MSINET.oca C:\Windows\system32\pac.txt C:\Windows\system32\qyqpmhnp.dll C:\Windows\system32\rvaxnyor.dll C:\Windows\system32\rvdffsah.ini . ((((((((((((((((((((((((( Files Created from 2008-06-28 to 2008-07-30 ))))))))))))))))))))))))))))))) . No new files created in this timespan . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-07-30 22:47 --------- d-----w C:\Users\Kazento\AppData\Roaming\uTorrent 2008-07-30 22:47 --------- d-----w C:\Users\Kazento\AppData\Roaming\DNA 2008-07-30 22:02 --------- d-----w C:\ProgramData\Media Center Programs 2008-07-30 22:02 --------- d-----w C:\Program Files\The Witcher 2008-07-30 21:45 --------- d-----w C:\Program Files\SystemRequirementsLab 2008-07-30 21:45 --------- d-----w C:\Program Files\Common Files\Steam 2008-07-30 21:45 --------- d-----w C:\Program Files\Apple Software Update 2008-07-30 21:44 --------- d-----w C:\Program Files\Microsoft Works 2008-07-30 21:44 --------- d-----w C:\Program Files\Common Files\Skype 2008-07-30 21:29 --------- d-----w C:\Program Files\Mozilla Firefox 3 Beta 3 2008-07-30 21:27 --------- d-----w C:\Program Files\Windows Defender 2008-07-30 21:25 --------- d-----w C:\Users\Kazento\AppData\Roaming\Blueberry 2008-07-30 21:25 --------- d-----w C:\Program Files\Winamp 2008-07-30 21:25 --------- d-----w C:\Program Files\PlayLinc 2008-07-30 21:25 --------- d-----w C:\Program Files\Hamachi 2008-07-30 21:24 --------- d-----w C:\Program Files\DNA 2008-07-30 21:10 --------- d-----w C:\Program Files\Agnitum 2008-07-30 21:08 --------- d-----w C:\ProgramData\Agnitum 2008-07-30 21:03 --------- d-----w C:\ProgramData\Blueberry 2008-07-30 20:58 --------- d-----w C:\Users\Kazento\AppData\Roaming\LogSys 2008-07-30 20:57 4,096 ----a-w C:\Windows\system32\drivers\bbcap.sys 2008-07-30 20:57 --------- d-----w C:\ProgramData\LogSys 2008-07-30 20:57 --------- d-----w C:\Program Files\Common Files\Blueberry Software 2008-07-30 20:57 --------- d-----w C:\Program Files\Blueberry Software 2008-07-30 20:03 --------- d-----w C:\Program Files\Webtools 2008-07-30 19:31 --------- d-----w C:\Program Files\Sun 2008-07-30 19:30 --------- d-----w C:\Program Files\Java 2008-07-30 19:10 77 ----a-w C:\Users\Kazento\3399.bat 2008-06-30 12:41 --------- d-----w C:\Users\Kazento\AppData\Roaming\LimeWire 2008-06-28 12:52 --------- d-----w C:\Program Files\Common Files\Adobe AIR 2008-06-25 14:27 --------- d-----w C:\Users\Kazento\AppData\Roaming\Azureus 2008-06-24 23:40 --------- d-----w C:\Program Files\Common Files\Java 2008-06-24 21:31 --------- d-----w C:\Program Files\Trend Micro 2008-06-24 20:38 --------- d-----w C:\Users\Kazento\AppData\Roaming\SUPERAntiSpyware.com 2008-06-24 20:38 --------- d-----w C:\ProgramData\SUPERAntiSpyware.com 2008-06-24 20:37 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard 2008-06-24 20:21 --------- d-----w C:\Program Files\RM Converter 2008-06-20 12:50 --------- d-----w C:\Users\Kazento\AppData\Roaming\Media Player Classic 2008-06-18 11:34 --------- d-----w C:\Users\Kazento\AppData\Roaming\.BitTornado 2008-06-18 11:33 --------- d-----w C:\Program Files\BitComet 2008-06-11 10:23 --------- d-----w C:\ProgramData\Microsoft Help 2008-06-04 22:47 --------- d-----w C:\Users\Kazento\AppData\Roaming\Skype 2008-06-04 22:03 --------- d-----w C:\Users\Kazento\AppData\Roaming\skypePM 2008-05-31 17:57 --------- d-----w C:\ProgramData\Futuremark 2008-05-31 17:51 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-05-31 17:51 --------- d-----w C:\Program Files\Common Files\Futuremark Shared 2008-05-31 17:49 --------- d-----w C:\Program Files\Futuremark 2008-05-31 17:49 --------- d-----w C:\Program Files\AGEIA Technologies 2008-05-10 13:56 2,829 ----a-w C:\Windows\War3Unin.pif 2008-05-10 13:56 139,264 ----a-w C:\Windows\War3Unin.exe 2008-04-25 04:23 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll 2008-03-14 18:13 22,328 ----a-w C:\Users\Kazento\AppData\Roaming\PnkBstrK.sys 2008-02-28 15:02 32 ----a-w C:\Users\All Users\ezsid.dat 2008-02-28 15:02 32 ----a-w C:\ProgramData\ezsid.dat 2008-02-23 23:17 174 --sha-w C:\Program Files\desktop.ini . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-02-24 01:01 1232896] "MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 12:34 5724184] "LightScribe Control Panel"="C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-07-18 18:55 451872] "DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-02-14 01:09 486856] "Steam"="C:\Program Files\Valve\Steam\\Steam.exe" [2008-04-05 20:28 1271032] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-01 11:21 153136] "BitTorrent DNA"="C:\Program Files\DNA\btdna.exe" [2008-05-09 16:12 289088] "SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-05-28 10:33 1506544] "Sacor"="C:\Program Files\Sacor\Sacor.exe" [2008-07-30 21:17 33280] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 16:57 153136] "WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2008-01-16 00:54 37376] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792] "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-03-28 23:37 413696] "StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 12:17 61440] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784] "OutpostFeedBack"="C:\Program Files\Agnitum\Outpost Antivirus Pro\feedback.exe" [2008-04-28 13:23 413696] "OutpostMonitor"="C:\PROGRA~1\Agnitum\OUTPOS~1\op_mon.exe" [2008-04-28 13:44 1186624] "RtHDVCpl"="RtHDVCpl.exe" [2007-07-06 05:06 4669440 C:\Windows\RtHDVCpl.exe] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableLUA"= 0 (0x0) [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 10:13 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=c:\progra~1\agnitum\outpos~1\wl_hook.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "vidc.ffds"= C:\PROGRA~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-3195349631-297410775-901768349-1000] "EnableNotificationsRef"=dword:00000002 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules] "{A13D277D-AC77-4C35-ADE5-BEA886E4687F}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone) "TCP Query User{29C380A4-0AED-4051-BA3D-77210952B34B}C:\\program files\\azureus\\azureus.exe"= UDP:C:\program files\azureus\azureus.exe:Azureus "UDP Query User{435844A3-7C39-49E9-A327-4759F0613CF3}C:\\program files\\azureus\\azureus.exe"= TCP:C:\program files\azureus\azureus.exe:Azureus "{E5A39CDD-8EE6-4AC1-8F21-3A0699774B66}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "{D271E86D-CE2B-4187-91A1-E0CE73C0432F}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "{C5245F7B-1375-41E4-97B9-70FE555C5F51}"= UDP:C:\Program Files\Sierra\FEAR\FEAR.exe:FEAR "{A8FCE03B-6471-440D-BD49-367F667ECB4A}"= TCP:C:\Program Files\Sierra\FEAR\FEAR.exe:FEAR "{9D12587D-AF71-4EA4-A510-ADD3651491D1}"= UDP:C:\Program Files\Sierra\FEAR\FEARMP.exe:FEARMP "{DBB1E142-B683-4E8B-A50E-6BA9D484270D}"= TCP:C:\Program Files\Sierra\FEAR\FEARMP.exe:FEARMP "{16E3D406-B45F-4A98-A906-2A4744271F81}"= UDP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire "{DAB67281-E420-40C1-A9DC-50FC7AA2AE06}"= TCP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire "TCP Query User{EFB97342-90BF-40EA-B6BC-FC9315C93B97}C:\\program files\\hamachi\\hamachi.exe"= UDP:C:\program files\hamachi\hamachi.exe:Hamachi Client "UDP Query User{133E258F-818B-458D-9173-4C23092E97D7}C:\\program files\\hamachi\\hamachi.exe"= TCP:C:\program files\hamachi\hamachi.exe:Hamachi Client "TCP Query User{5C2D0C32-BCE3-45EC-92F8-D9FFC80FD825}C:\\program files\\internet explorer\\iexplore.exe"= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer "UDP Query User{2524F9E7-8357-41E2-88A1-0FC634A2DB0B}C:\\program files\\internet explorer\\iexplore.exe"= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer "{6BE538D0-E7CC-47CB-84E4-64FC52D929FE}"= UDP:C:\UT2004\System\UT2004.exe:UT2004 "{F270AD44-A36D-46A3-8C00-71087A5927CA}"= TCP:C:\UT2004\System\UT2004.exe:UT2004 "{AA25AB95-EF59-460A-9522-73478E7DCF08}"= UDP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA "{6D3CFB91-D95B-4924-ADDF-BACD0EE882DB}"= TCP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA "{85EE770F-DA85-4B5E-91AB-1537623EB627}"= UDP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB "{E557E04B-9355-41FB-930C-901E7D05B7BD}"= TCP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB "{9EB32458-1EA5-4688-826B-BD19CF6085F3}"= UDP:C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty® 4 - Modern Warfare "{8C27DE75-812B-4E73-8447-37EC02BB4302}"= TCP:C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty® 4 - Modern Warfare "{78A96D62-01D4-47A3-A5C5-0C973DD4A7DF}"= UDP:C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx9.exe:Assassin's Creed Dx9 "{29A1DA0C-4F39-450D-9B08-22FBCE542A09}"= TCP:C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx9.exe:Assassin's Creed Dx9 "{D232C38E-518B-45EF-96CF-9405BDB0D231}"= UDP:C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx10.exe:Assassin's Creed Dx10 "{79CCC63A-97F1-4F32-B292-841BE463F3F7}"= TCP:C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx10.exe:Assassin's Creed Dx10 "{841EB9EE-446C-48B9-A69C-F4FCE2128085}"= UDP:C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Launcher.exe:Assassin's Creed Update "{C9C60A5B-F5AC-43CF-BE68-AE79D3B65339}"= TCP:C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Launcher.exe:Assassin's Creed Update "TCP Query User{EBDBFC21-7822-41A4-9EB1-43CD18F5ED5A}C:\\program files\\azureus\\azureus.exe"= UDP:C:\program files\azureus\azureus.exe:Azureus "UDP Query User{9120603E-0C8E-4E02-BB93-9464A4921D94}C:\\program files\\azureus\\azureus.exe"= TCP:C:\program files\azureus\azureus.exe:Azureus "{6CB62496-AA59-4D3B-A829-C2F45310D6EA}"= UDP:C:\Program Files\DNA\btdna.exe:DNA "{8260C2CF-E1D1-4BC3-900F-EEEA11178E9C}"= TCP:C:\Program Files\DNA\btdna.exe:DNA "{A4A8F798-C058-42B0-8D2B-497FCE40A182}"= UDP:C:\Program Files\DNA\btdna.exe:DNA "{4CF00EF7-0BDC-4684-86E5-AFA7DA4CA432}"= TCP:C:\Program Files\DNA\btdna.exe:DNA "{AABB82DA-A9A4-4275-A932-FA3412B34622}"= Disabled:UDP:C:\Program Files\Skype\Phone\Skype.exe:Skype "{DBBEDC14-EFA8-49C0-9612-887F0D1FEC13}"= Disabled:TCP:C:\Program Files\Skype\Phone\Skype.exe:Skype "{6C37852E-5FEC-440C-BDD1-A1CFFE2FA07A}"= UDP:9272:BitComet 9272 TCP "{0946EF08-D1E0-4688-A7FC-6DF177BD5C33}"= TCP:9272:BitComet 9272 UDP "TCP Query User{3293CEB3-3833-4B7F-BFAF-4E8EE8A72AE9}C:\\program files\\bitcomet\\bitcomet.exe"= UDP:C:\program files\bitcomet\bitcomet.exe:BitComet - a BitTorrent Client "UDP Query User{AFD7BB94-41FF-4981-95C5-AF89D54BE9D0}C:\\program files\\bitcomet\\bitcomet.exe"= TCP:C:\program files\bitcomet\bitcomet.exe:BitComet - a BitTorrent Client "TCP Query User{3CC1FBAA-1AFB-452C-85FD-0CAFCBCE4090}C:\\program files\\bittornado\\btdownloadgui.exe"= UDP:C:\program files\bittornado\btdownloadgui.exe:btdownloadgui "UDP Query User{0B67C11C-2436-496C-BD55-29CD12CB6FA7}C:\\program files\\bittornado\\btdownloadgui.exe"= TCP:C:\program files\bittornado\btdownloadgui.exe:btdownloadgui "{24022713-32CE-4A92-861F-2D48D7E08CF5}"= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent "{1E166229-0C4D-42B7-BA3A-8FC686E0B9C3}"= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent "{8E5D846C-439A-475F-9422-9AD101610F16}"= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent "{2D1A94E6-BE14-4302-8FA1-43B82AECE74C}"= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent "{2710CCE9-926E-4A6C-B9DD-E9EF6E44E22D}"= UDP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire "{8164E803-2415-4547-8366-2FDADDA25A0E}"= TCP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire [HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System] "DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic| R1 afw;Agnitum Firewall Driver;C:\Windows\system32\DRIVERS\afw.sys [2008-02-27 18:26] R1 SandBox;SandBox;C:\Windows\system32\DRIVERS\SandBox.sys [2008-03-12 12:31] R2 acssrv;Agnitum Client Security Service;C:\PROGRA~1\Agnitum\OUTPOS~1\acs.exe [2008-04-28 13:24] R3 ASWFilt;ASWFilt;C:\Windows\system32\Filt\ASWFilt.dll [2008-03-12 12:32] R3 atikmdag;atikmdag;C:\Windows\system32\DRIVERS\atikmdag.sys [2008-05-12 18:30] R3 bbcap;bbcap;C:\Windows\system32\DRIVERS\bbcap.sys [2008-07-30 22:57] R3 VBEngNT;VBEngNT;C:\Windows\system32\DRIVERS\VBEngNT.sys [2008-02-21 18:31] R3 VBFilt;VBFilt;C:\Windows\system32\Filt\VBFilt.dll [2008-03-12 12:32] S0 OemBiosDevice;Royalty OEM BIOS Extension;C:\Windows\system32\DRIVERS\royal.sys [2008-02-24 00:14] S3 hamachi_oem;PlayLinc Adapter;C:\Windows\system32\DRIVERS\gan_adapter.sys [2006-08-28 23:54] S3 Steam Client Service;Steam Client Service;C:\Program Files\Common Files\Steam\SteamService.exe [2008-04-05 20:57] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E] \shell\Auto\command - E:\Start.exe \shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL E:\Start.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\I] \shell\AutoRun\command - I:\wd_windows_tools\setup.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5d4949f8-e556-11dc-a2f1-001d7da5ce1f}] \shell\AutoRun\command - F:\autoplay.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5d4949fb-e556-11dc-a2f1-001d7da5ce1f}] \shell\AutoRun\command - G:\OblivionLauncher.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5d4949fc-e556-11dc-a2f1-001d7da5ce1f}] \shell\AutoRun\command - H:\setup.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8fee49f9-469b-11dd-8daf-001d7da5ce1f}] \shell\Auto\command - E:\Start.exe \shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL E:\Start.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bd9574db-ed2c-11dc-94c8-001d7da5ce1f}] \shell\AutoRun\command - I:\LaunchU3.exe -a [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c3674282-f5d9-11dc-913d-001d7da5ce1f}] \shell\AutoRun\command - I:\wd_windows_tools\setup.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c6373085-e253-11dc-a9f8-806e6f6e6963}] \shell\AutoRun\command - D:\setup.exe /autorun [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d47b88d8-e265-11dc-af8a-001d7da5ce1f}] \shell\Auto\command - E:\Start.exe \shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL E:\Start.exe [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}] "C:\Program Files\Common Files\LightScribe\LSRunOnce.exe" . - - - - ORPHANS REMOVED - - - - BHO-{97d58ef3-a5a3-4230-898d-0340601ae3bf} - C:\Windows\system32\rpibzj.dll HKCU-Run-mjc - C:\Program Files\mjc\mjc.exe HKLM-Run-585d0f21 - C:\Windows\system32\eutcgita.dll HKLM-Run-{245ef5f1-52c4-f6b0-aafa-6d8011db1c34} - C:\Windows\system32\auhpikajisxobodwu.dll HKLM-Run-BM5b6e3cbd - C:\Windows\system32\ityhuyjs.dll ShellExecuteHooks-{748D6EA8-CD59-4682-91E7-AF92F4F2D40E} - (no file) . ------- Supplementary Scan ------- . R0 -: HKCU-Main,Start Page = hxxp://www.daemon-search.com/startpage O8 -: E&ksporter til Microsoft Excel - C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-07-31 00:50:03 Windows 6.0.6000 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... C:\Program Files\OP_CACHE.ATR 24 bytes C:\Program Files\OP_CACHE.IDX 12 bytes C:\Windows\OP_CACHE.ATR 1584 bytes C:\Windows\OP_CACHE.IDX 792 bytes C:\Windows\system32\drivers\etc\OP_CACHE.ATR 24 bytes C:\Windows\system32\drivers\etc\OP_CACHE.IDX 12 bytes C:\Windows\system32\drivers\nb-NO\OP_CACHE.ATR 1248 bytes C:\Windows\system32\drivers\nb-NO\OP_CACHE.IDX 624 bytes C:\Windows\system32\drivers\OP_CACHE.ATR 6240 bytes C:\Windows\system32\drivers\OP_CACHE.IDX 3120 bytes C:\OP_CACHE.ATR 864 bytes C:\OP_CACHE.IDX 432 bytes C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\OP_CACHE.ATR 24 bytes C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\OP_CACHE.IDX 12 bytes C:\Users\Kazento\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OP_CACHE.ATR 24 bytes C:\Users\Kazento\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OP_CACHE.IDX 12 bytes C:\Users\Kazento\AppData\Local\Temp\OP_CACHE.ATR 576 bytes C:\Users\Kazento\AppData\Local\Temp\OP_CACHE.IDX 288 bytes C:\Windows\Fonts\OP_CACHE.ATR 5856 bytes C:\Windows\Fonts\OP_CACHE.IDX 2928 bytes C:\Windows\system32\wbem\en-US\OP_CACHE.ATR 144 bytes C:\Windows\system32\wbem\en-US\OP_CACHE.IDX 72 bytes C:\Windows\system32\wbem\nb-NO\OP_CACHE.ATR 24 bytes C:\Windows\system32\wbem\nb-NO\OP_CACHE.IDX 12 bytes C:\Windows\system32\wbem\OP_CACHE.ATR 1152 bytes C:\Windows\system32\wbem\OP_CACHE.IDX 576 bytes C:\Windows\system32\OP_CACHE.ATR 30120 bytes C:\Windows\system32\OP_CACHE.IDX 15060 bytes C:\Users\Kazento\AppData\Local\Ahead\Nero Home\idx\OP_CACHE.ATR 2352 bytes C:\Users\Kazento\AppData\Local\Ahead\Nero Home\idx\OP_CACHE.IDX 1176 bytes C:\Users\Kazento\AppData\Local\Ahead\Nero Home\OP_CACHE.ATR 144 bytes C:\Users\Kazento\AppData\Local\Ahead\Nero Home\OP_CACHE.IDX 72 bytes C:\Users\Kazento\AppData\Local\ATI\ACE\OP_CACHE.ATR 72 bytes C:\Users\Kazento\AppData\Local\ATI\ACE\OP_CACHE.IDX 36 bytes C:\Users\Kazento\AppData\Local\Microsoft\Credentials\OP_CACHE.ATR 24 bytes C:\Users\Kazento\AppData\Local\Microsoft\Credentials\OP_CACHE.IDX 12 bytes C:\Users\Kazento\AppData\Local\Microsoft\Feeds Cache\OP_CACHE.ATR 24 bytes C:\Users\Kazento\AppData\Local\Microsoft\Feeds Cache\OP_CACHE.IDX 12 bytes C:\Users\Kazento\AppData\Local\Microsoft\Internet Explorer\OP_CACHE.ATR 24 bytes C:\Users\Kazento\AppData\Local\Microsoft\Internet Explorer\OP_CACHE.IDX 12 bytes C:\Users\Kazento\AppData\Local\Microsoft\Media Player\OP_CACHE.ATR 48 bytes C:\Users\Kazento\AppData\Local\Microsoft\Media Player\OP_CACHE.IDX 24 bytes C:\Users\Kazento\AppData\Local\Microsoft\Messenger\[email protected]\ObjectStore\Backgrounds\OP_CACHE.ATR 120 bytes C:\Users\Kazento\AppData\Local\Microsoft\Messenger\[email protected]\ObjectStore\Backgrounds\OP_CACHE.IDX 60 bytes C:\Users\Kazento\AppData\Local\Microsoft\Messenger\[email protected]\ObjectStore\CustomEmoticons\OP_CACHE.ATR 816 bytes C:\Users\Kazento\AppData\Local\Microsoft\Messenger\[email protected]\ObjectStore\CustomEmoticons\OP_CACHE.IDX 408 bytes C:\Users\Kazento\AppData\Local\Microsoft\Messenger\[email protected]\ObjectStore\DynamicBackgrounds\OP_CACHE.ATR 96 bytes C:\Users\Kazento\AppData\Local\Microsoft\Messenger\[email protected]\ObjectStore\DynamicBackgrounds\OP_CACHE.IDX 48 bytes C:\Users\Kazento\AppData\Local\Microsoft\Messenger\[email protected]\ObjectStore\UserTile\OP_CACHE.ATR 72 bytes C:\Users\Kazento\AppData\Local\Microsoft\Messenger\[email protected]\ObjectStore\UserTile\OP_CACHE.IDX 36 bytes C:\Users\Kazento\AppData\Local\Microsoft\Messenger\[email protected]\ObjectStore\Winks3\OP_CACHE.ATR 360 bytes C:\Users\Kazento\AppData\Local\Microsoft\Messenger\[email protected]\ObjectStore\Winks3\OP_CACHE.IDX 180 bytes C:\Users\Kazento\AppData\Local\Microsoft\Messenger\[email protected]\SharingMetadata\OP_CACHE.ATR 96 bytes C:\Users\Kazento\AppData\Local\Microsoft\Messenger\[email protected]\SharingMetadata\OP_CACHE.IDX 48 bytes C:\Users\Kazento\AppData\Local\Microsoft\Messenger\[email protected]\SharingMetadata\Working\database_BC58_5D55_585D_F8E\OP_CACHE.ATR 48 bytes C:\Users\Kazento\AppData\Local\Microsoft\Messenger\[email protected]\SharingMetadata\Working\database_BC58_5D55_585D_F8E\OP_CACHE.IDX 24 bytes C:\Users\Kazento\AppData\Local\Microsoft\Messenger\OP_CACHE.ATR 24 bytes C:\Users\Kazento\AppData\Local\Microsoft\Messenger\OP_CACHE.IDX 12 bytes C:\Users\Kazento\AppData\Local\Microsoft\Windows\1044\OP_CACHE.ATR 24 bytes C:\Users\Kazento\AppData\Local\Microsoft\Windows\1044\OP_CACHE.IDX 12 bytes C:\Users\Kazento\AppData\Local\Microsoft\Windows\Burn\Burn\OP_CACHE.ATR 24 bytes C:\Users\Kazento\AppData\Local\Microsoft\Windows\Burn\Burn\OP_CACHE.IDX 12 bytes C:\Users\Kazento\AppData\Local\Microsoft\Windows\Explorer\OP_CACHE.ATR 96 bytes C:\Users\Kazento\AppData\Local\Microsoft\Windows\Explorer\OP_CACHE.IDX 48 bytes C:\Users\Kazento\AppData\Local\Microsoft\Windows\GameExplorer\{0B538431-4A6A-45A7-9AE4-A412E766E8CD}\PlayTasks\0\OP_CACHE.ATR 24 bytes C:\Users\Kazento\AppData\Local\Microsoft\Windows\GameExplorer\{0B538431-4A6A-45A7-9AE4-A412E766E8CD}\PlayTasks\0\OP_CACHE.IDX 12 bytes C:\Users\Kazento\AppData\Local\Microsoft\Windows\GameExplorer\{110C03B1-EE8E-4F8D-9723-7650490FFC1C}\PlayTasks\0\OP_CACHE.ATR 24 bytes C:\Users\Kazento\AppData\Local\Microsoft\Windows\GameExplorer\{110C03B1-EE8E-4F8D-9723-7650490FFC1C}\PlayTasks\0\OP_CACHE.IDX 12 bytes C:\Users\Kazento\AppData\Local\Microsoft\Windows\GameExplorer\{468D4E30-F0C8-4EC5-812E-4B48D6F78DF4}\PlayTasks\0\OP_CACHE.ATR 24 bytes C:\Users\Kazento\AppData\Local\Microsoft\Windows\GameExplorer\{468D4E30-F0C8-4EC5-812E-4B48D6F78DF4}\PlayTasks\0\OP_CACHE.IDX 12 bytes C:\Users\Kazento\AppData\Local\Microsoft\Windows\GameExplorer\{540DD17F-EE42-4988-827A-E3905936ABE3}\PlayTasks\0\OP_CACHE.ATR 24 bytes C:\Users\Kazento\AppData\Local\Microsoft\Windows\GameExplorer\{540DD17F-EE42-4988-827A-E3905936ABE3}\PlayTasks\0\OP_CACHE.IDX 12 bytes C:\Users\Kazento\AppData\Local\Microsoft\Windows\GameExplorer\{87F0E906-07C5-453E-9D4A-98507EBF2F46}\PlayTasks\0\OP_CACHE.ATR 24 bytes C:\Users\Kazento\AppData\Local\Microsoft\Windows\GameExplorer\{87F0E906-07C5-453E-9D4A-98507EBF2F46}\PlayTasks\0\OP_CACHE.IDX 12 bytes C:\Users\Kazento\AppData\Local\Microsoft\Windows\GameExplorer\{94F4AFE5-E82A-4A75-932B-78EAF2A76473}\PlayTasks\0\OP_CACHE.ATR 24 bytes C:\Users\Kazento\AppData\Local\Microsoft\Windows\GameExplorer\{94F4AFE5-E82A-4A75-932B-78EAF2A76473}\PlayTasks\0\OP_CACHE.IDX 12 bytes C:\Users\Kazento\AppData\Local\Microsoft\Windows\GameExplorer\{95A54004-4D5A-4F0B-832A-DE0D0C354527}\PlayTasks\0\OP_CACHE.ATR 24 bytes C:\Users\Kazento\AppData\Local\Microsoft\Windows\GameExplorer\{95A54004-4D5A-4F0B-832A-DE0D0C354527}\PlayTasks\0\OP_CACHE.IDX 12 bytes C:\Users\Kazento\AppData\Local\Microsoft\Windows\GameExplorer\{A17677E4-37B0-4263-9BD6-BC05ABA39ACA}\PlayTasks\0\OP_CACHE.ATR 24 bytes C:\Users\Kazento\AppData\Local\Microsoft\Windows\GameExplorer\{A17677E4-37B0-4263-9BD6-BC05ABA39ACA}\PlayTasks\0\OP_CACHE.IDX 12 bytes C:\Users\Kazento\AppData\Local\Microsoft\Windows\GameExplorer\{CFEE2DD3-E493-4E17-AFB7-1DAE3B6B62FE}\PlayTasks\0\OP_CACHE.ATR 24 bytes C:\Users\Kazento\AppData\Local\Microsoft\Windows\GameExplorer\{CFEE2DD3-E493-4E17-AFB7-1DAE3B6B62FE}\PlayTasks\0\OP_CACHE.IDX 12 bytes C:\Users\Kazento\AppData\Local\Microsoft\Windows\GameExplorer\{F856BA10-B8E4-4B5F-AA49-DC676718464C}\PlayTasks\0\OP_CACHE.ATR 24 bytes C:\Users\Kazento\AppData\Local\Microsoft\Windows\GameExplorer\{F856BA10-B8E4-4B5F-AA49-DC676718464C}\PlayTasks\0\OP_CACHE.IDX 12 bytes C:\Users\Kazento\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012008073020080731\OP_CACHE.ATR 24 bytes C:\Users\Kazento\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012008073020080731\OP_CACHE.IDX 12 bytes C:\Users\Kazento\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012008073120080801\OP_CACHE.ATR 24 bytes C:\Users\Kazento\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012008073120080801\OP_CACHE.IDX 12 bytes C:\Users\Kazento\AppData\Local\Microsoft\Windows\History\History.IE5\OP_CACHE.ATR 24 bytes C:\Users\Kazento\AppData\Local\Microsoft\Windows\History\History.IE5\OP_CACHE.IDX 12 bytes C:\Users\Kazento\AppData\Local\Microsoft\Windows\History\OP_CACHE.ATR 24 bytes C:\Users\Kazento\AppData\Local\Microsoft\Windows\History\OP_CACHE.IDX 12 bytes C:\Users\Kazento\AppData\Local\Microsoft\Windows\OP_CACHE.ATR 120 bytes C:\Users\Kazento\AppData\Local\Microsoft\Windows\OP_CACHE.IDX 60 bytes C:\Users\Kazento\AppData\Local\Microsoft\Windows\Temporary Internet Files\AntiPhishing\OP_CACHE.ATR 24 bytes C:\Users\Kazento\AppData\Local\Microsoft\Windows\Temporary Internet Files\AntiPhishing\OP_CACHE.IDX 12 bytes C:\Users\Kazento\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\64SD122V\OP_CACHE.ATR 48 bytes C:\Users\Kazento\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\64SD122V\OP_CACHE.IDX 24 bytes C:\Users\Kazento\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OP_CACHE.ATR 48 bytes C:\Users\Kazento\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OP_CACHE.IDX 24 bytes C:\Users\Kazento\AppData\Local\Microsoft\Windows\Temporary Internet Files\OP_CACHE.ATR 48 bytes C:\Users\Kazento\AppData\Local\Microsoft\Windows\Temporary Internet Files\OP_CACHE.IDX 24 bytes C:\Users\Kazento\AppData\Local\Microsoft\Windows\WER\ERC\ResponseCache\OP_CACHE.ATR 24 bytes C:\Users\Kazento\AppData\Local\Microsoft\Windows\WER\ERC\ResponseCache\OP_CACHE.IDX 12 bytes C:\Users\Kazento\AppData\Local\Microsoft\Windows\WER\ReportArchive\Report0579ffc3\OP_CACHE.ATR 24 bytes C:\Users\Kazento\AppData\Local\Microsoft\Windows\WER\ReportArchive\Report0579ffc3\OP_CACHE.IDX 12 bytes C:\Users\Kazento\AppData\Local\Microsoft\Windows\WER\ReportArchive\Report057d3fbe\OP_CACHE.ATR 24 bytes C:\Users\Kazento\AppData\Local\Microsoft\Windows\WER\ReportArchive\Report057d3fbe\OP_CACHE.IDX 12 bytes C:\Users\Kazento\AppData\Local\Microsoft\Windows\WER\ReportArchive\Report05ce5f7b\OP_CACHE.ATR 24 bytes C:\Users\Kazento\AppData\Local\Microsoft\Windows\WER\ReportArchive\Report05ce5f7b\OP_CACHE.IDX 12 bytes C:\Users\Kazento\AppData\Local\Microsoft\Windows\WER\ReportArchive\Report05d2c522\OP_CACHE.ATR 24 bytes C:\Users\Kazento\AppData\Local\Microsoft\Windows\WER\ReportArchive\Report05d2c522\OP_CACHE.IDX 12 bytes C:\Users\Kazento\AppData\Local\Microsoft\Windows\WER\ReportArchive\Report05eeda47\OP_CACHE.ATR 24 bytes C:\Users\Kazento\AppData\Local\Microsoft\Windows\WER\ReportArchive\Report05eeda47\OP_CACHE.IDX 12 bytes C:\Users\Kazento\AppData\Local\Microsoft\Windows\WER\ReportArchive\Report0602ae29\OP_CACHE.ATR 24 bytes C:\Users\Kazento\AppData\Local\Microsoft\Windows\WER\ReportArchive\Report0602ae29\OP_CACHE.IDX 12 bytes C:\Users\Kazento\AppData\Local\Microsoft\Windows\WER\ReportArchive\Report0602af51\OP_CACHE.ATR 24 bytes C:\Users\Kazento\AppData\Local\Microsoft\Windows\WER\ReportArchive\Report0602af51\OP_CACHE.IDX 12 bytes C:\Users\Kazento\AppData\Local\Microsoft\Windows\WER\ReportArchive\Report064df102\OP_CACHE.ATR 24 bytes C:\Users\Kazento\AppData\Local\Microsoft\Windows\WER\ReportArchive\Report064df102\OP_CACHE.IDX 12 bytes C:\Users\Kazento\AppData\Local\Microsoft\Windows\WER\ReportArchive\Report066d3d6d\OP_CACHE.ATR 24 bytes C:\Users\Kazento\AppData\Local\Microsoft\Windows\WER\ReportArchive\Report066d3d6d\OP_CACHE.IDX 12 bytes C:\Users\Kazento\AppData\Local\Microsoft\Windows\WER\ReportArchive\Report06c9f768\OP_CACHE.ATR 24 bytes C:\Users\Kazento\AppData\Local\Microsoft\Windows\WER\ReportArchive\Report06c9f768\OP_CACHE.IDX 12 bytes C:\Users\Kazento\AppData\Local\Microsoft\Windows\WER\ReportArchive\Report07208c28\OP_CACHE.ATR 24 bytes C:\Users\Kazento\AppData\Local\Microsoft\Windows\WER\ReportArchive\Report07208c28\OP_CACHE.IDX 12 bytes C:\Users\Kazento\AppData\Local\Microsoft\Windows\WER\ReportArchive\Report0755aa13\OP_CACHE.ATR 24 bytes C:\Users\Kazento\AppData\Local\Microsoft\Windows\WER\ReportArchive\Report0755aa13\OP_CACHE.IDX 12 bytes C:\Users\Kazento\AppData\Local\Microsoft\Windows\WER\ReportArchive\Report075aac35\OP_CACHE.ATR 24 bytes C:\Users\Kazento\AppData\Local\Microsoft\Windows\WER\ReportArchive\Report075aac35\OP_CACHE.IDX 12 bytes C:\Users\Kazento\AppData\Local\Microsoft\Windows\WER\ReportArchive\Report076c3c06\OP_CACHE.ATR 24 bytes C:\Users\Kazento\AppData\Local\Microsoft\Windows\WER\ReportArchive\Report076c3c06\OP_CACHE.IDX 12 bytes C:\Users\Kazento\AppData\Local\Microsoft\Windows\WER\ReportArchive\Report0780fef6\OP_CACHE.ATR 24 bytes C:\Users\Kazento\AppData\Local\Microsoft\Windows\WER\ReportArchive\Report0780fef6\OP_CACHE.IDX 12 bytes C:\Users\Kazento\AppData\Local\Microsoft\Windows\WER\ReportArchive\Report07a11a5d\OP_CACHE.ATR 24 bytes C:\Users\Kazento\AppData\Local\Microsoft\Windows\WER\ReportArchive\Report07a11a5d\OP_CACHE.IDX 12 bytes C:\Users\Kazento\AppData\Local\Microsoft\Windows\WER\ReportArchive\Report07c11f81\OP_CACHE.ATR 24 bytes C:\Users\Kazento\AppData\Local\Microsoft\Windows\WER\ReportArchive\Report07c11f81\OP_CACHE.IDX 12 bytes C:\Users\Kazento\AppData\Local\Microsoft\Windows\WER\ReportArchive\Report07fcafce\OP_CACHE.ATR 24 bytes C:\Users\Kazento\AppData\Local\Microsoft\Windows\WER\ReportArchive\Report07fcafce\OP_CACHE.IDX 12 bytes C:\Users\Kazento\AppData\Local\Microsoft\Windows\WER\ReportArchive\Report08b1c2ac\OP_CACHE.ATR 24 bytes C:\Users\Kazento\AppData\Local\Microsoft\Windows\WER\ReportArchive\Report08b1c2ac\OP_CACHE.IDX 12 bytes C:\Users\Kazento\AppData\Local\Microsoft\Windows\WER\ReportArchive\Report0921fe45\OP_CACHE.ATR 24 bytes C:\Users\Kazento\AppData\Local\Microsoft\Windows\WER\ReportArchive\Report0921fe45\OP_CACHE.IDX 12 bytes C:\Users\Kazento\AppData\Local\Microsoft\Windows\WER\ReportArchive\Report097ddeab\OP_CACHE.ATR 24 bytes C:\Users\Kazento\AppData\Local\Microsoft\Windows\WER\ReportArchive\Report097ddeab\OP_CACHE.IDX 12 bytes C:\Users\Kazento\AppData\Local\Microsoft\Windows\WER\ReportArchive\Report0cbefe4b\OP_CACHE.ATR 24 bytes C:\Users\Kazento\AppData\Local\Microsoft\Windows\WER\ReportArchive\Report0cbefe4b\OP_CACHE.IDX 12 bytes C:\Users\Kazento\AppData\Local\Microsoft\Windows\WER\ReportArchive\Report0d3716da\OP_CACHE.ATR 24 bytes C:\Users\Kazento\AppData\Local\Microsoft\Windows\WER\ReportArchive\Report0d3716da\OP_CACHE.IDX 12 bytes C:\Users\Kazento\AppData\Local\Microsoft\Windows\WER\ReportArchive\Report0d3d5ba6\OP_CACHE.ATR 24 bytes C:\Users\Kazento\AppData\Local\Microsoft\Windows\WER\ReportArchive\Report0d3d5ba6\OP_CACHE.IDX 12 bytes C:\Users\Kazento\AppData\Local\Microsoft\Windows\WER\ReportArchive\Report0d9d40b7\OP_CACHE.ATR 24 bytes C:\Users\Kazento\AppData\Local\Microsoft\Windows\WER\ReportArchive\Report0d9d40b7\OP_CACHE.IDX 12 bytes C:\Users\Kazento\AppData\Local\Microsoft\Windows\WER\ReportArchive\Report0e563047\OP_CACHE.ATR 24 bytes C:\Users\Kazento\AppData\Local\Microsoft\Windows\WER\ReportArchive\Report0e563047\OP_CACHE.IDX 12 bytes C:\Users\Kazento\AppData\Local\Microsoft\Windows\WER\ReportArchive\Report0e6aecce\OP_CACHE.ATR 24 bytes C:\Users\Kazento\AppData\Local\Microsoft\Windows\WER\ReportArchive\Report0e6aecce\OP_CACHE.IDX 12 bytes C:\Users\Kazento\AppData\Local\Microsoft\Windows\WER\ReportArchive\Report0ea6752f\OP_CACHE.ATR 24 bytes C:\Users\Kazento\AppData\Local\Microsoft\Windows\WER\ReportArchive\Report0ea6752f\OP_CACHE.IDX 12 bytes C:\Users\Kazento\AppData\Local\Microsoft\Windows\WER\ReportArchive\Report0eab197b\OP_CACHE.ATR 24 bytes C:\Users\Kazento\AppData\Local\Microsoft\Windows\WER\ReportArchive\Report0eab197b\OP_CACHE.IDX 12 bytes C:\Users\Kazento\AppData\Local\Microsoft\Windows\WER\ReportArchive\Report0ef718a2\OP_CACHE.ATR 24 bytes C:\Users\Kazento\AppData\Local\Microsoft\Windows\WER\ReportArchive\Report0ef718a2\OP_CACHE.IDX 12 bytes C:\Users\Kazento\AppData\Local\Microsoft\Windows\WER\ReportArchive\Report0f54c2cb\OP_CACHE.ATR 24 bytes C:\Users\Kazento\AppData\Local\Microsoft\Windows\WER\ReportArchive\Report0f54c2cb\OP_CACHE.IDX 12 bytes C:\Users\Kazento\AppData\Local\Microsoft\Windows\WER\ReportArchive\Report0f64432f\OP_CACHE.ATR 24 bytes C:\Users\Kazento\AppData\Local\Microsoft\Windows\WER\ReportArchive\Report0f64432f\OP_CACHE.IDX 12 bytes C:\Users\Kazento\AppData\Local\Microsoft\Windows\WER\ReportArchive\Report0f80a1cb\OP_CACHE.ATR 24 bytes C:\Users\Kazento\AppData\Local\Microsoft\Windows\WER\ReportArchive\Report0f80a1cb\OP_CACHE.IDX 12 bytes C:\Users\Kazento\AppData\Local\Microsoft\Windows\WER\ReportArchive\Report0f8aeec1\OP_CACHE.ATR 24 bytes C:\Users\Kazento\AppData\Local\Microsoft\Windows\WER\ReportArchive\Report0f8aeec1\OP_CACHE.IDX 12 bytes C:\Users\Kazento\AppData\Local\Microsoft\Windows\WER\ReportArchive\Report0fbab0d8\OP_CACHE.ATR 24 bytes C:\Users\Kazento\AppData\Local\Microsoft\Windows\WER\ReportArchive\Report0fbab0d8\OP_CACHE.IDX 12 bytes C:\Users\Kazento\AppData\Local\Microsoft\Windows\WER\ReportArchive\Report0fd4a7e4\OP_CACHE.ATR 24 bytes C:\Users\Kazento\AppData\Local\Microsoft\Windows\WER\ReportArchive\Report0fd4a7e4\OP_CACHE.IDX 12 bytes C:\Users\Kazento\AppData\Local\Microsoft\Windows\WER\ReportArchive\Report104867e6\OP_CACHE.ATR 24 bytes C:\Users\Kazento\AppData\Local\Microsoft\Windows\WER\ReportArchive\Report104867e6\OP_CACHE.IDX 12 bytes C:\Users\Kazento\AppData\Local\Microsoft\Windows\WER\ReportArchive\Report10fc1513\OP_CACHE.ATR 24 bytes C:\Users\Kazento\AppData\Local\Microsoft\Windows\WER\ReportArchive\Report10fc1513\OP_CACHE.IDX 12 bytes C:\Users\Kazento\AppData\Local\Microsoft\Windows\WER\ReportArchive\Report1135e38d\OP_CACHE.ATR 24 bytes C:\Users\Kazento\AppData\Local\Microsoft\Windows\WER\ReportArchive\Report1135e38d\OP_CACHE.IDX 12 bytes C:\Users\Kazento\AppData\Local\Microsoft\Windows\WER\ReportArchive\Report11b6658c\OP_CACHE.ATR 24 bytes C:\Users\Kazento\AppData\Local\Microsoft\Windows\WER\ReportArchive\Report11b6658c\OP_CACHE.IDX 12 bytes C:\Users\Kazento\AppData\Local\Microsoft\Windows\WER\ReportArchive\Report11d3ab3a\OP_CACHE.ATR 24 bytes C:\Users\Kazento\AppData\Local\Microsoft\Windows\WER\ReportArchive\Report11d3ab3a\OP_CACHE.IDX 12 bytes C:\Users\Kazento\AppData\Local\Microsoft\Windows\WER\ReportArchive\Report129ec699\OP_CACHE.ATR 24 bytes C:\Users\Kazento\AppData\Local\Microsoft\Windows\WER\ReportArchive\Report129ec699\OP_CACHE.IDX 12 bytes C:\Users\Kazento\AppData\Local\Microsoft\Windows\WER\ReportArchive\Report12a04d69\OP_CACHE.ATR 24 bytes C:\Users\Kazento\AppData\Local\Microsoft\Windows\WER\ReportArchive\Report12a04d69\OP_CACHE.IDX 12 bytes C:\Users\Kazento\AppData\Local\Microsoft\Windows\WER\ReportArchive\Report12e568ac\OP_CACHE.ATR 24 bytes C:\Users\Kazento\AppData\Local\Microsoft\Windows\WER\ReportArchive\Report12e568ac\OP_CACHE.IDX 12 bytes C:\Users\Kazento\AppData\Local\Microsoft\Windows\WER\ReportArchive\Report12ee06c0\OP_CACHE.ATR 24 bytes C:\Users\Kazento\AppData\Local\Microsoft\Windows\WER\ReportArchive\Report12ee06c0\OP_CACHE.IDX 12 bytes C:\Users\Kazento\AppData\Local\Microsoft\Windows\WER\ReportArchive\Report055ca3dc\OP_CACHE.ATR 24 bytes C:\Users\Kazento\AppData\Local\Microsoft\Windows\WER\ReportArchive\Report055ca3dc\OP_CACHE.IDX 12 bytes C:\Users\Kazento\AppData\Local\Microsoft\Windows\WER\ReportArchive\Report098fa8f8\OP_CACHE.ATR 24 bytes C:\Users\Kazento\AppData\Local\Microsoft\Windows\WER\ReportArchive\Report098fa8f8\OP_CACHE.IDX 12 bytes C:\Users\Kazento\AppData\Local\Microsoft\Windows\WER\ReportArchive\Report0cb4fa37\OP_CACHE.ATR 24 bytes C:\Users\Kazento\AppData\Local\Microsoft\Windows\WER\ReportArchive\Report0cb4fa37\OP_CACHE.IDX 12 bytes C:\Users\Kazento\AppData\Local\Microsoft\Windows\WER\ReportArchive\Report135f0c38\OP_CACHE.ATR 24 bytes C:\Users\Kazento\AppData\Local\Microsoft\Windows\WER\ReportArchive\Report135f0c38\OP_CACHE.IDX 12 bytes C:\Users\Kazento\AppData\Local\Microsoft\Windows\WER\ReportArchive\Report001480c9\OP_CACHE.ATR 24 bytes C:\Users\Kazento\AppData\Local\Microsoft\Windows\WER\ReportArchive\Report001480c9\OP_CACHE.IDX 12 bytes C:\Users\Kazento\AppData\Local\Microsoft\Windows\WER\ReportArchive\Report010ba82e\OP_CACHE.ATR 24 bytes C:\Users\Kazento\AppData\Local\Microsoft\Windows\WER\ReportArchive\Report010ba82e\OP_CACHE.IDX 12 bytes C:\Users\Kazento\AppData\Local\Microsoft\Windows\WER\ReportArchive\Report01108007\OP_CACHE.ATR 24 bytes C:\Users\Kazento\AppData\Local\Microsoft\Windows\WER\ReportArchive\Report01108007\OP_CACHE.IDX 12 bytes C:\Users\Kazento\AppData\Local\Microsoft\Windows\WER\ReportArchive\Report011d5d99\OP_CACHE.ATR 24 bytes C:\Users\Kazento\AppData\Local\Microsoft\Windows\WER\ReportArchive\Report011d5d99\OP_CACHE.IDX 12 bytes C:\Users\Kazento\AppData\Local\Microsoft\Windows\WER\ReportArchive\Report01551988\OP_CACHE.ATR 24 bytes C:\Users\Kazento\AppData\Local\Microsoft\Windows\WER\ReportArchive\Report01551988\OP_CACHE.IDX 12 bytes C:\Users\Kazento\AppData\Local\Microsoft\Windows\WER\ReportArchive\Report01615e45\OP_CACHE.ATR 24 bytes C:\Users\Kazento\AppData\Local\Microsoft\Windows\WER\ReportArchive\Report01615e45\OP_CACHE.IDX 12 bytes C:\Users\Kazento\AppData\Local\Microsoft\Windows\WER\ReportArchive\Report0192fc58\OP_CACHE.ATR 24 bytes C:\Users\Kazento\AppData\Local\Microsoft\Windows\WER\ReportArchive\Report0192fc58\OP_CACHE.IDX 12 bytes C:\Users\Kazento\AppData\Local\Microsoft\Windows\WER\ReportArchive\Report01b971e6\OP_CACHE.ATR 24 bytes C:\Users\Kazento\AppData\Local\Microsoft\Windows\WER\ReportArchive\Report01b971e6\OP_CACHE.IDX 12 bytes C:\Users\Kazento\AppData\Local\Microsoft\Windows\WER\ReportArchive\Report01ee1535\OP_CACHE.ATR 24 bytes C:\Users\Kazento\AppData\Local\Microsoft\Windows\WER\ReportArchive\Report01ee1535\OP_CACHE.IDX 12 bytes C:\Users\Kazento\AppData\Local\Microsoft\Windows\WER\ReportArchive\Report022bb82c\OP_CACHE.ATR 24 bytes C:\Users\Kazento\AppData\Local\Microsoft\Windows\WER\ReportArchive\Report022bb82c\OP_CACHE.IDX 12 bytes C:\Users\Kazento\AppData\Local\Microsoft\Windows\WER\ReportArchive\Report0261953c\OP_CACHE.ATR 24 bytes C:\Users\Kazento\AppData\Local\Microsoft\Windows\WER\ReportArchive\Report0261953c\OP_CACHE.IDX 12 bytes C:\Users\Kazento\AppData\Local\Microsoft\Windows\WER\ReportArchive\Report02bfcc38\OP_CACHE.ATR 24 bytes C:\Users\Kazento\AppData\Local\Microsoft\Windows\WER\ReportArchive\Report02bfcc38\OP_CACHE.IDX 12 bytes C:\Users\Kazento\AppData\Local\Microsoft\Windows\WER\ReportArchive\Report02c561bf\OP_CACHE.ATR 24 bytes C:\Users\Kazento\AppData\Local\Microsoft\Windows\WER\ReportArchive\Report02c561bf\OP_CACHE.IDX 12 bytes C:\Users\Kazento\AppData\Local\Microsoft\Windows\WER\ReportArchive\Report02f7a740\OP_CACHE.ATR 24 bytes C:\Users\Kazento\AppData\Local\Microsoft\Windows\WER\ReportArchive\Report02f7a740\OP_CACHE.IDX 12 bytes C:\Users\Kazento\AppData\Local\Microsoft\Windows\WER\ReportArchive\Report0358ebe4\OP_CACHE.ATR 24 bytes C:\Users\Kazento\AppData\Local\Microsoft\Windows\WER\ReportArchive\Report0358ebe4\OP_CACHE.IDX 12 bytes C:\Users\Kazento\AppData\Local\Microsoft\Windows\WER\ReportArchive\Report03e15f9d\OP_CACHE.ATR 24 bytes C:\Users\Kazento\AppData\Local\Microsoft\Windows\WER\ReportArchive\Report03e15f9d\OP_CACHE.IDX 12 bytes C:\Users\Kazento\AppData\Local\Microsoft\Windows\WER\ReportArchive\Report04244bc4\OP_CACHE.ATR 24 bytes C:\Users\Kazento\AppData\Local\Microsoft\Windows\WER\ReportArchive\Report04244bc4\OP_CACHE.IDX 12 bytes C:\Users\Kazento\AppData\Local\Microsoft\Windows\WER\ReportArchive\Report0434d829\OP_CACHE.ATR 24 bytes C:\Users\Kazento\AppData\Local\Microsoft\Windows\WER\ReportArchive\Report0434d829\OP_CACHE.IDX 12 bytes C:\Users\Kazento\AppData\Local\Microsoft\Windows\WER\ReportArchive\Report04a2d835\OP_CACHE.ATR 24 bytes C:\Users\Kazento\AppData\Local\Microsoft\Windows\WER\ReportArchive\Report04a2d835\OP_CACHE.IDX 12 bytes C:\Users\Kazento\AppData\Local\Microsoft\Windows\WER\ReportArchive\Report13f2b69c\OP_CACHE.ATR 24 bytes C:\Users\Kazento\AppData\Local\Microsoft\Windows\WER\ReportArchive\Report13f2b69c\OP_CACHE.IDX 12 bytes C:\Users\Kazento\AppData\Local\Microsoft\Windows\WER\ReportArchive\Report144fd68d\OP_CACHE.ATR 24 bytes C:\Users\Kazento\AppData\Local\Microsoft\Windows\WER\ReportArchive\Report144fd68d\OP_CACHE.IDX 12 bytes C:\Users\Kazento\AppData\Local\Microsoft\Windows\WER\ReportArchive\Report14840bee\OP_CACHE.ATR 24 bytes C:\Users\Kazento\AppData\Local\Microsoft\Windows\WER\ReportArchive\Report14840bee\OP_CACHE.IDX 12 bytes C:\Users\Kazento\AppData\Local\Microsoft\Windows\WER\ReportArchive\Report15bbaa64\OP_CACHE.ATR 24 bytes C:\Users\Kazento\AppData\Local\Microsoft\Windows\WER\ReportArchive\Report15bbaa64\OP_CACHE.IDX 12 bytes C:\Users\Kazento\AppData\Local\Microsoft\Windows\WER\ReportArchive\Report15d2dcd7\OP_CACHE.ATR 24 bytes C:\Users\Kazento\AppData\Local\Microsoft\Windows\WER\ReportArchive\Report15d2dcd7\OP_CACHE.IDX 12 bytes C:\Users\Kazento\AppData\Local\Microsoft\Windows\WER\ReportArchive\Report15e78e55\OP_CACHE.ATR 24 bytes C:\Users\Kazento\AppData\Local\Microsoft\Windows\WER\ReportArchive\Report15e78e55\OP_CACHE.IDX 12 bytes C:\Users\Kazento\AppData\Local\Microsoft\Windows\WER\ReportArchive\Report15f34527\OP_CACHE.ATR 24 bytes C:\Users\Kazento\AppData\Local\Microsoft\Windows\WER\ReportArchive\Report15f34527\OP_CACHE.IDX 12 bytes C:\Users\Kazento\AppData\Local\Microsoft\Windows\WER\ReportArchive\Report160c7992\OP_CACHE.ATR 24 bytes C:\Users\Kazento\AppData\Local\Microsoft\Windows\WER\ReportArchive\Report160c7992\OP_CACHE.IDX 12 bytes C:\Users\Kazento\AppData\Local\Microsoft\Windows\WER\ReportArchive\Report1628c8c4\OP_CACHE.ATR 24 bytes C:\Users\Kazento\AppData\Local\Microsoft\Windows\WER\ReportArchive\Report1628c8c4\OP_CACHE.IDX 12 bytes C:\Users\Kazento\AppData\Local\Microsoft\Windows\WER\ReportArchive\Report1632ded0\OP_CACHE.ATR 24 bytes C:\Users\Kazento\AppData\Local\Microsoft\Windows\WER\ReportArchive\Report1632ded0\OP_CACHE.IDX 12 bytes C:\Users\Kazento\AppData\Local\Microsoft\Windows\WER\ReportArchive\Report17173b4a\OP_CACHE.ATR 24 bytes C:\Users\Kazento\AppData\Local\Microsoft\Windows\WER\ReportArchive\Report17173b4a\OP_CACHE.IDX 12 bytes C:\Users\Kazento\AppData\Local\Microsoft\Windows\WER\ReportArchive\Report1757d8de\OP_CACHE.ATR 24 bytes C:\Users\Kazento\AppData\Local\Microsoft\Windows\WER\ReportArchive\Report1757d8de\OP_CACHE.IDX 12 bytes C:\Users\Kazento\AppData\Local\Microsoft\Windows\WER\ReportArchive\Report17ae61fa\OP_CACHE.ATR 24 bytes C:\Users\Kazento\AppData\Local\Microsoft\Windows\WER\ReportArchive\Report17ae61fa\OP_CACHE.IDX 12 bytes C:\Users\Kazento\AppData\Local\Microsoft\Windows\WER\ReportArchive\Report17d1e5c1\OP_CACHE.ATR 24 bytes C:\Users\Kazento\AppData\Local\Microsoft\Windows\WER\ReportArchive\Report17d1e5c1\OP_CACHE.IDX 12 bytes C:\Users\Kazento\AppData\Local\Microsoft\Windows\WER\ReportArchive\Report17f6d102\OP_CACHE.ATR 24 bytes C:\Users\Kazento\AppData\Local\Microsoft\Windows\WER\ReportArchive\Report17f6d102\OP_CACHE.IDX 12 bytes C:\Users\Kazento\AppData\Local\Microsoft\Windows\WER\ReportArchive\Report1a4d5795\OP_CACHE.ATR 24 bytes C:\Users\Kazento\AppData\Local\Microsoft\Windows\WER\ReportArchive\Report1a4d5795\OP_CACHE.IDX 12 bytes C:\Users\Kazento\AppData\Local\Microsoft\Windows\WER\ReportArchive\Report09b58991\OP_CACHE.ATR 24 bytes C:\Users\Kazento\AppData\Local\Microsoft\Windows\WER\ReportArchive\Report09b58991\OP_CACHE.IDX 12 bytes C:\Users\Kazento\AppData\Local\Microsoft\Windows\WER\ReportArchive\Report09bd12e4\OP_CACHE.ATR 24 bytes C:\Users\Kazento\AppData\Local\Microsoft\Windows\WER\ReportArchive\Report09bd12e4\OP_CACHE.IDX 12 bytes C:\Users\Kazento\AppData\Local\Microsoft\Windows\WER\ReportArchive\Report09c434c7\OP_CACHE.ATR 24 bytes C:\Users\Kazento\AppData\Local\Microsoft\Windows\WER\ReportArchive\Report09c434c7\OP_CACHE.IDX 12 bytes C:\Users\Kazento\AppData\Local\Microsoft\Windows\WER\ReportArchive\Report09dec061\OP_CACHE.ATR 24 bytes C:\Users\Kazento\AppData\Local\Microsoft\Windows\WER\ReportArchive\Report09dec061\OP_CACHE.IDX 12 bytes C:\Users\Kazento\AppData\Local\Microsoft\Windows\WER\ReportArchive\Report09df04d1\OP_CACHE.ATR 24 bytes C:\Users\Kazento\AppData\Local\Microsoft\Windows\WER\ReportArchive\Report09df04d1\OP_CACHE.IDX 12 bytes C:\Users\Kazento\AppData\Local\Microsoft\Windows\WER\ReportArchive\Report09e0e8c4\OP_CACHE.ATR 24 bytes C:\Users\Kazento\AppData\Local\Microsoft\Windows\WER\ReportArchive\Report09e0e8c4\OP_CACHE.IDX 12 bytes C:\Users\Kazento\AppData\Local\Microsoft\Windows\WER\ReportArchive\Report09e8102a\OP_CACHE.ATR 24 bytes C:\Users\Kazento\AppData\Local\Microsoft\Windows\WER\ReportArchive\Report09e8102a\OP_CACHE.IDX 12 bytes C:\Users\Kazento\AppData\Local\Microsoft\Windows\WER\ReportArchive\Report0a45f94c\OP_CACHE.ATR 24 bytes C:\Users\Kazento\AppData\Local\Microsoft\Windows\WER\ReportArchive\Report0a45f94c\OP_CACHE.IDX 12 bytes C:\Users\Kazento\AppData\Local\Microsoft\Windows\WER\ReportArchive\Report0a5baddb\OP_CACHE.ATR 24 bytes C:\Users\Kazento\AppData\Local\Microsoft\Windows\WER\ReportArchive\Report0a5baddb\OP_CACHE.IDX 12 bytes C:\Users\Kazento\AppData\Local\Microsoft\Windows\WER\ReportArchive\Report0aa61d75\OP_CACHE.ATR 24 bytes C:\Users\Kazento\AppData\Local\Microsoft\Windows\WER\ReportArchive\Report0aa61d75\OP_CACHE.IDX 12 bytes C:\Users\Kazento\AppData\Local\Microsoft\Windows\WER\ReportArchive\Report0ab3101e\OP_CACHE.ATR 24 bytes C:\Users\Kazento\AppData\Local\Microsoft\Windows\WER\ReportArchive\Report0ab3101e\OP_CACHE.IDX 12 bytes C:\Users\Kazento\AppData\Local\Microsoft\Windows\WER\ReportArchive\Report0abdc00c\OP_CACHE.ATR 24 bytes C:\Users\Kazento\AppData\Local\Microsoft\Windows\WER\ReportArchive\Report0abdc00c\OP_CACHE.IDX 12 bytes C:\Users\Kazento\AppData\Local\Microsoft\Windows\WER\ReportArchive\Report0b05ef0f\OP_CACHE.ATR 24 bytes C:\Users\Kazento\AppData\Local\Microsoft\Windows\WER\ReportArchive\Report0b05ef0f\OP_CACHE.IDX 12 bytes C:\Users\Kazento\AppData\Local\Microsoft\Windows\WER\ReportArchive\Report0b1272fd\OP_CACHE.ATR 24 bytes C:\Users\Kazento\AppData\Local\Microsoft\Windows\WER\ReportArchive\Report0b1272fd\OP_CACHE.IDX 12 bytes C:\Users\Kazento\AppData\Local\Microsoft\catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net C:\Users\Kazento\AppData\Roaming\Adobe\Acrobat\8.0\OP_CACHE.ATR 24 bytes C:\Users\Kazento\AppData\Roaming\Adobe\Acrobat\8.0\OP_CACHE.IDX 12 bytes C:\Users\Kazento\AppData\Roaming\Blueberry\OP_CACHE.ATR 48 bytes C:\Users\Kazento\AppData\Roaming\Blueberry\OP_CACHE.IDX 24 bytes C:\Users\Kazento\AppData\Roaming\DAEMON Tools\OP_CACHE.ATR 24 bytes C:\Users\Kazento\AppData\Roaming\DAEMON Tools\OP_CACHE.IDX 12 bytes C:\Users\Kazento\AppData\Roaming\DNA\OP_CACHE.ATR 120 bytes C:\Users\Kazento\AppData\Roaming\DNA\OP_CACHE.IDX 60 bytes C:\Users\Kazento\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\4UB7EFG3\www.youtube.com\OP_CACHE.ATR 24 bytes C:\Users\Kazento\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\4UB7EFG3\www.youtube.com\OP_CACHE.IDX 12 bytes C:\Users\Kazento\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#bin.clearspring.com\OP_CACHE.ATR 24 bytes C:\Users\Kazento\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#bin.clearspring.com\OP_CACHE.IDX 12 bytes C:\Users\Kazento\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#media.mtvnservices.com\OP_CACHE.ATR 24 bytes C:\Users\Kazento\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#media.mtvnservices.com\OP_CACHE.IDX 12 bytes C:\Users\Kazento\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\OP_CACHE.ATR 24 bytes C:\Users\Kazento\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\OP_CACHE.IDX 12 bytes C:\Users\Kazento\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-3195349631-297410775-901768349-1000\OP_CACHE.ATR 24 bytes C:\Users\Kazento\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-3195349631-297410775-901768349-1000\OP_CACHE.IDX 12 bytes C:\Users\Kazento\AppData\Roaming\Microsoft\Installer\{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}\OP_CACHE.ATR 48 bytes C:\Users\Kazento\AppData\Roaming\Microsoft\Installer\{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}\OP_CACHE.IDX 24 bytes C:\Users\Kazento\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\OP_CACHE.ATR 336 bytes C:\Users\Kazento\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\OP_CACHE.IDX 168 bytes C:\Users\Kazento\AppData\Roaming\Microsoft\Office\Siste\OP_CACHE.ATR 264 bytes C:\Users\Kazento\AppData\Roaming\Microsoft\Office\Siste\OP_CACHE.IDX 132 bytes C:\Users\Kazento\AppData\Roaming\Microsoft\Protect\OP_CACHE.ATR 24 bytes C:\Users\Kazento\AppData\Roaming\Microsoft\Protect\OP_CACHE.IDX 12 bytes C:\Users\Kazento\AppData\Roaming\Microsoft\Protect\S-1-5-21-3195349631-297410775-901768349-1000\OP_CACHE.ATR 72 bytes C:\Users\Kazento\AppData\Roaming\Microsoft\Protect\S-1-5-21-3195349631-297410775-901768349-1000\OP_CACHE.IDX 36 bytes C:\Users\Kazento\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates\OP_CACHE.ATR 24 bytes C:\Users\Kazento\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates\OP_CACHE.IDX 12 bytes C:\Users\Kazento\AppData\Roaming\Microsoft\Windows\Cookies\OP_CACHE.ATR 1008 bytes C:\Users\Kazento\AppData\Roaming\Microsoft\Windows\Cookies\OP_CACHE.IDX 504 bytes C:\Users\Kazento\AppData\Roaming\Microsoft\Windows\Recent\OP_CACHE.ATR 11112 bytes C:\Users\Kazento\AppData\Roaming\Microsoft\Windows\Recent\OP_CACHE.IDX 5556 bytes C:\Users\Kazento\AppData\Roaming\Microsoft\Windows\SendTo\OP_CACHE.ATR 48 bytes C:\Users\Kazento\AppData\Roaming\Microsoft\Windows\SendTo\OP_CACHE.IDX 24 bytes C:\Users\Kazento\AppData\Roaming\Microsoft\Windows\Start Menu\OP_CACHE.ATR 48 bytes C:\Users\Kazento\AppData\Roaming\Microsoft\Windows\Start Menu\OP_CACHE.IDX 24 bytes C:\Users\Kazento\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\OP_CACHE.ATR 120 bytes C:\Users\Kazento\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\OP_CACHE.IDX 60 bytes C:\Users\Kazento\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\OP_CACHE.ATR 120 bytes C:\Users\Kazento\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\OP_CACHE.IDX 60 bytes C:\Users\Kazento\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\OP_CACHE.ATR 96 bytes C:\Users\Kazento\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\OP_CACHE.IDX 48 bytes C:\Users\Kazento\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\OP_CACHE.ATR 24 bytes C:\Users\Kazento\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\OP_CACHE.IDX 12 bytes C:\Users\Kazento\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CCleaner\OP_CACHE.ATR 72 bytes C:\Users\Kazento\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CCleaner\OP_CACHE.IDX 36 bytes C:\Users\Kazento\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GameSpy Arcade\OP_CACHE.ATR 96 bytes C:\Users\Kazento\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GameSpy Arcade\OP_CACHE.IDX 48 bytes C:\Users\Kazento\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance\OP_CACHE.ATR 48 bytes C:\Users\Kazento\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance\OP_CACHE.IDX 24 bytes C:\Users\Kazento\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OP_CACHE.ATR 96 bytes C:\Users\Kazento\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OP_CACHE.IDX 48 bytes C:\Users\Kazento\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RivaTuner v2.08\OP_CACHE.ATR 192 bytes C:\Users\Kazento\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RivaTuner v2.08\OP_CACHE.IDX 96 bytes C:\Users\Kazento\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OP_CACHE.ATR 24 bytes C:\Users\Kazento\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OP_CACHE.IDX 12 bytes C:\Users\Kazento\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam\OP_CACHE.ATR 144 bytes C:\Users\Kazento\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam\OP_CACHE.IDX 72 bytes C:\Users\Kazento\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VentriloMIX\OP_CACHE.ATR 48 bytes C:\Users\Kazento\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VentriloMIX\OP_CACHE.IDX 24 bytes C:\Users\Kazento\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Warcraft III\OP_CACHE.ATR 72 bytes C:\Users\Kazento\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Warcraft III\OP_CACHE.IDX 36 bytes C:\Users\Kazento\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WD Diagnostics\OP_CACHE.ATR 48 bytes C:\Users\Kazento\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WD Diagnostics\OP_CACHE.IDX 24 bytes C:\Users\Kazento\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\OP_CACHE.ATR 72 bytes C:\Users\Kazento\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\OP_CACHE.IDX 36 bytes C:\Users\Kazento\AppData\Roaming\Microsoft\Windows Photo Gallery\OP_CACHE.ATR 24 bytes C:\Users\Kazento\AppData\Roaming\Microsoft\Windows Photo Gallery\OP_CACHE.IDX 12 bytes C:\Users\Kazento\AppData\Roaming\Mozilla\Firefox\Crash Reports\OP_CACHE.ATR 48 bytes C:\Users\Kazento\AppData\Roaming\Mozilla\Firefox\Crash Reports\OP_CACHE.IDX 24 bytes C:\Users\Kazento\AppData\Roaming\Mozilla\Firefox\OP_CACHE.ATR 24 bytes C:\Users\Kazento\AppData\Roaming\Mozilla\Firefox\OP_CACHE.IDX 12 bytes C:\Users\Kazento\AppData\Roaming\Mozilla\Firefox\Profiles\b672fyix.default\bookmarkbackups\OP_CACHE.ATR 24 bytes C:\Users\Kazento\AppData\Roaming\Mozilla\Firefox\Profiles\b672fyix.default\bookmarkbackups\OP_CACHE.IDX 12 bytes C:\Users\Kazento\AppData\Roaming\Mozilla\Firefox\Profiles\b672fyix.default\OP_CACHE.ATR 648 bytes C:\Users\Kazento\AppData\Roaming\Mozilla\Firefox\Profiles\b672fyix.default\OP_CACHE.IDX 324 bytes C:\Users\Kazento\AppData\Roaming\Mozilla\Firefox\Profiles\b672fyix.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}\chrome\OP_CACHE.ATR 24 bytes C:\Users\Kazento\AppData\Roaming\Mozilla\Firefox\Profiles\b672fyix.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}\chrome\OP_catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\OP_CACHE.ATR 72 bytes C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\OP_CACHE.IDX 36 bytes C:\Program Files\Common Files\Ahead\DSFilter\OP_CACHE.ATR 1200 bytes C:\Program Files\Common Files\Ahead\DSFilter\OP_CACHE.IDX 600 bytes C:\Program Files\Common Files\Ahead\Lib\OP_CACHE.ATR 1896 bytes C:\Program Files\Common Files\Ahead\Lib\OP_CACHE.IDX 948 bytes C:\Program Files\Common Files\Ahead\Nero Web\OP_CACHE.ATR 24 bytes C:\Program Files\Common Files\Ahead\Nero Web\OP_CACHE.IDX 12 bytes C:\Program Files\Common Files\Ahead\RemoteControl\OP_CACHE.ATR 72 bytes C:\Program Files\Common Files\Ahead\RemoteControl\OP_CACHE.IDX 36 bytes C:\Program Files\Common Files\ATI Technologies\Multimedia\OP_CACHE.ATR 72 bytes C:\Program Files\Common Files\ATI Technologies\Multimedia\OP_CACHE.IDX 36 bytes C:\Program Files\Common Files\Blizzard Entertainment\World of Warcraft\OP_CACHE.ATR 24 bytes C:\Program Files\Common Files\Blizzard Entertainment\World of Warcraft\OP_CACHE.IDX 12 bytes C:\Program Files\Common Files\Blueberry Software\Blueberry Software\OP_CACHE.ATR 120 bytes C:\Program Files\Common Files\Blueberry Software\Blueberry Software\OP_CACHE.IDX 60 bytes C:\Program Files\Common Files\DESIGNER\OP_CACHE.ATR 24 bytes C:\Program Files\Common Files\DESIGNER\OP_CACHE.IDX 12 bytes C:\Program Files\Common Files\Futuremark Shared\Futuremark SystemInfo\OP_CACHE.ATR 48 bytes C:\Program Files\Common Files\Futuremark Shared\Futuremark SystemInfo\OP_CACHE.IDX 24 bytes C:\Program Files\Common Files\InstallShield\Professional\RunTime\OP_CACHE.ATR 24 bytes C:\Program Files\Common Files\InstallShield\Professional\RunTime\OP_CACHE.IDX 12 bytes C:\Program Files\Common Files\LightScribe\controlpanel\OP_CACHE.ATR 48 bytes C:\Program Files\Common Files\LightScribe\controlpanel\OP_CACHE.IDX 24 bytes C:\Program Files\Common Files\LightScribe\OP_CACHE.ATR 240 bytes C:\Program Files\Common Files\LightScribe\OP_CACHE.IDX 120 bytes C:\Program Files\Common Files\microsoft shared\DAO\OP_CACHE.ATR 24 bytes C:\Program Files\Common Files\microsoft shared\DAO\OP_CACHE.IDX 12 bytes C:\Program Files\Common Files\microsoft shared\DW\OP_CACHE.ATR 48 bytes C:\Program Files\Common Files\microsoft shared\DW\OP_CACHE.IDX 24 bytes C:\Program Files\Common Files\microsoft shared\EQUATION\OP_CACHE.ATR 48 bytes C:\Program Files\Common Files\microsoft shared\EQUATION\OP_CACHE.IDX 24 bytes C:\Program Files\Common Files\microsoft shared\EURO\OP_CACHE.ATR 24 bytes C:\Program Files\Common Files\microsoft shared\EURO\OP_CACHE.IDX 12 bytes C:\Program Files\Common Files\microsoft shared\Filters\OP_CACHE.ATR 48 bytes C:\Program Files\Common Files\microsoft shared\Filters\OP_CACHE.IDX 24 bytes C:\Program Files\Common Files\microsoft shared\Help\OP_CACHE.ATR 24 bytes C:\Program Files\Common Files\microsoft shared\Help\OP_CACHE.IDX 12 bytes C:\Program Files\Common Files\microsoft shared\ink\nb-NO\OP_CACHE.ATR 24 bytes C:\Program Files\Common Files\microsoft shared\ink\nb-NO\OP_CACHE.IDX 12 bytes C:\Program Files\Common Files\microsoft shared\ink\OP_CACHE.ATR 408 bytes C:\Program Files\Common Files\microsoft shared\ink\OP_CACHE.IDX 204 bytes C:\Program Files\Common Files\microsoft shared\MSInfo\OP_CACHE.ATR 120 bytes C:\Program Files\Common Files\microsoft shared\MSInfo\OP_CACHE.IDX 60 bytes C:\Program Files\Common Files\microsoft shared\MSORUN\OP_CACHE.ATR 24 bytes C:\Program Files\Common Files\microsoft shared\MSORUN\OP_CACHE.IDX 12 bytes C:\Program Files\Common Files\microsoft shared\OFFICE11\1044\OP_CACHE.ATR 24 bytes C:\Program Files\Common Files\microsoft shared\OFFICE11\1044\OP_CACHE.IDX 12 bytes C:\Program Files\Common Files\microsoft shared\OFFICE11\OP_CACHE.ATR 24 bytes C:\Program Files\Common Files\microsoft shared\OFFICE11\OP_CACHE.IDX 12 bytes C:\Program Files\Common Files\microsoft shared\OFFICE12\Office Setup Controller\OP_CACHE.ATR 48 bytes C:\ProCACHE.IDX 12 bytes C:\Users\Kazento\AppData\Roaming\Mozilla\Firefox\Profiles\b672fyix.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}\components\OP_CACHE.ATR 216 bytes C:\Users\Kazento\AppData\Roaming\Mozilla\Firefox\Profiles\b672fyix.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}\components\OP_CACHE.IDX 108 bytes C:\Users\Kazento\AppData\Roaming\Mozilla\Firefox\Profiles\b672fyix.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}\defaults\preferences\OP_CACHE.ATR 24 bytes C:\Users\Kazento\AppData\Roaming\Mozilla\Firefox\Profiles\b672fyix.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}\defaults\preferences\OP_CACHE.IDX 12 bytes C:\Users\Kazento\AppData\Roaming\Mozilla\Firefox\Profiles\b672fyix.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}\OP_CACHE.ATR 48 bytes C:\Users\Kazento\AppData\Roaming\Mozilla\Firefox\Profiles\b672fyix.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}\OP_CACHE.IDX 24 bytes C:\Users\Kazento\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\OP_CACHE.ATR 72 bytes C:\Users\Kazento\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\OP_CACHE.IDX 36 bytes C:\Users\Kazento\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\OP_CACHE.ATR 192 bytes C:\Users\Kazento\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\OP_CACHE.IDX 96 bytes C:\Users\Kazento\AppData\Roaming\uTorrent\OP_CACHE.ATR 384 bytes C:\Users\Kazento\AppData\Roaming\uTorrent\OP_CACHE.IDX 192 bytes C:\Users\Kazento\AppData\Roaming\Winamp\OP_CACHE.ATR 24 bytes C:\Users\Kazento\AppData\Roaming\Winamp\OP_CACHE.IDX 12 bytes C:\Program Files\Common Files\microsoft shared\OFFICE12\OP_CACHE.ATR 384 bytes C:\Program Files\Common Files\microsoft shared\OFFICE12\OP_CACHE.IDX 192 bytes C:\Program Files\Common Files\microsoft shared\Portal\OP_CACHE.ATR 24 bytes C:\Program Files\Common Files\microsoft shared\Portal\OP_CACHE.IDX 12 bytes C:\Program Files\Common Files\microsoft shared\PROOF\1033\OP_CACHE.ATR 24 bytes C:\Program Files\Common Files\microsoft shared\PROOF\1033\OP_CACHE.IDX 12 bytes C:\Program Files\Common Files\microsoft shared\Smart Tag\OP_CACHE.ATR 168 bytes C:\Program Files\Common Files\microsoft shared\Smart Tag\OP_CACHE.IDX 84 bytes C:\Program Files\Common Files\microsoft shared\Source Engine\OP_CACHE.ATR 24 bytes C:\Program Files\Common Files\microsoft shared\Source Engine\OP_CACHE.IDX 12 bytes C:\Program Files\Common Files\microsoft shared\TRANSLAT\GEEN\OP_CACHE.ATR 24 bytes C:\Program Files\Common Files\microsoft shared\TRANSLAT\GEEN\OP_CACHE.IDX 12 bytes C:\Program Files\Common Files\microsoft shared\TRANSLAT\OP_CACHE.ATR 48 bytes C:\Program Files\Common Files\microsoft shared\TRANSLAT\OP_CACHE.IDX 24 bytes C:\Program Files\Common Files\microsoft shared\vgx\OP_CACHE.ATR 24 bytes C:\Program Files\Common Files\microsoft shared\vgx\OP_CACHE.IDX 12 bytes C:\Program Files\Common Files\microsoft shared\Web Server Extensions\12\BIN\OP_CACHE.ATR 24 bytes C:\Program Files\Common Files\microsoft shared\Web Server Extensions\12\BIN\OP_CACHE.IDX 12 bytes C:\Program Files\Common Files\microsoft shared\Windows Live\OP_CACHE.ATR 72 bytes C:\Program Files\Common Files\microsoft shared\Windows Live\OP_CACHE.IDX 36 bytes C:\Program Files\Common Files\Skype\OP_CACHE.ATR 24 bytes C:\Program Files\Common Files\Skype\OP_CACHE.IDX 12 bytes C:\Program Files\Common Files\SpeechEngines\Microsoft\TTS20\en-US\OP_CACHE.ATR 24 bytes C:\Program Files\Common Files\SpeechEngines\Microsoft\TTS20\en-US\OP_CACHE.IDX 12 bytes C:\Program Files\Common Files\SpeechEngines\Microsoft\TTS20\OP_CACHE.ATR 72 bytes C:\Program Files\Common Files\SpeechEngines\Microsoft\TTS20\OP_CACHE.IDX 36 bytes C:\Program Files\Common Files\Steam\OP_CACHE.ATR 24 bytes C:\Program Files\Common Files\Steam\OP_CACHE.IDX 12 bytes C:\Users\Kazento\AppData\Local\Microsoft\Windows\WER\ReportArchive\Report0be841e8\OP_CACHE.IDX 12 bytes C:\Users\Kazento\AppData\Local\Microsoft\Windows\WER\ReportArchive\Report0c0d41ff\OP_CACHE.ATR 24 bytes C:\Users\Kazento\AppData\Local\Microsoft\Windows\WER\ReportArchive\Report0c0d41ff\OP_CACHE.IDX 12 bytes C:\Users\Kazento\AppData\Local\Microsoft\Windows\WER\ReportArchive\Report0c48e58e\OP_CACHE.ATR 24 bytes C:\Users\Kazento\AppData\Local\Microsoft\Windows\WER\ReportArchive\Report0c48e58e\OP_CACHE.IDX 12 bytes C:\Users\Kazento\AppData\Local\Microsoft\Windows\WER\ReportArchive\Report0cab9cc8\OP_CACHE.ATR 24 bytes C:\Users\Kazento\AppData\Local\Microsoft\Windows\WER\ReportArchive\Report0cab9cc8\OP_CACHE.IDX 12 bytes C:\Users\Kazento\AppData\Local\Microsoft\Windows\WER\ReportQueue\Report0b44cee2\OP_CACHE.ATR 96 bytes C:\Users\Kazento\AppData\Local\Microsoft\Windows\WER\ReportQueue\Report0b44cee2\OP_CACHE.IDX 48 bytes C:\Users\Kazento\AppData\Local\Microsoft\Windows\WER\ReportQueue\Report0e85f93c\OP_CACHE.ATR 96 bytes C:\Users\Kazento\AppData\Local\Microsoft\Windows\WER\ReportQueue\Report0e85f93c\OP_CACHE.IDX 48 bytes C:\Users\Kazento\AppData\Local\Microsoft\Windows\WER\ReportQueue\Report0f00003c\OP_CACHE.ATR 96 bytes C:\Users\Kazento\AppData\Local\Microsoft\Windows\WER\ReportQueue\Report0f00003c\OP_CACHE.IDX 48 bytes C:\Users\Kazento\AppData\Local\Microsoft\Windows\WER\ReportQueue\Report0f7f3dcb\OP_CACHE.ATR 96 bytes C:\Users\Kazento\AppData\Local\Microsoft\Windows\WER\ReportQueue\Report0f7f3dcb\OP_CACHE.IDX 48 bytes C:\Users\Kazento\AppData\Local\Microsoft\Windows Live Contacts\[email protected]\real\OP_CACHE.ATR 72 bytes C:\Users\Kazento\AppData\Local\Microsoft\Windows Live Contacts\[email protected]\real\OP_CACHE.IDX 36 bytes C:\Users\Kazento\AppData\Local\Microsoft\Windows Live Contacts\[email protected]\shadow\OP_CACHE.ATR 48 bytes C:\Users\Kazento\AppData\Local\Microsoft\Windows Live Contacts\[email protected]\shadow\OP_CACHE.IDX 24 bytes C:\Users\Kazento\AppData\Local\Microsoft\Windows Live Contacts\OP_CACHE.ATR 24 bytes C:\Users\Kazento\AppData\Local\Microsoft\Windows Live Contacts\OP_CACHE.IDX 12 bytes C:\Users\Kazento\AppData\Local\Microsoft\Windows Sidebar\OP_CACHE.ATR 24 bytes C:\Users\Kazento\AppData\Local\Microsoft\Windows Sidebar\OP_CACHE.IDX 12 bytes C:\Users\Kazento\AppData\Local\Mozilla\Firefox\Mozilla Firefox 3 Beta 3\OP_CACHE.ATR 48 bytes C:\Users\Kazento\AppData\Local\Mozilla\Firefox\Mozilla Firefox 3 Beta 3\OP_CACHE.IDX 24 bytes C:\Users\Kazento\AppData\Local\Mozilla\Firefox\Profiles\b672fyix.default\Cache\OP_CACHE.ATR 8544 bytes C:\Users\Kazento\AppData\Local\Mozilla\Firefox\Profiles\b672fyix.default\Cache\OP_CACHE.IDX 4272 bytes C:\Users\Kazento\AppData\Local\Mozilla\Firefox\Profiles\b672fyix.default\OP_CACHE.ATR 72 bytes C:\Users\Kazento\AppData\Local\Mozilla\Firefox\Profiles\b672fyix.default\OP_CACHE.IDX 36 bytes C:\Users\Kazento\AppData\Local\OP_CACHE.ATR 48 bytes C:\Users\Kazento\AppData\Local\OP_CACHE.IDX 24 bytes C:\Users\Kazento\AppData\Local\Temp\OP_CACHE.ATR 576 bytes C:\Users\Kazento\AppData\Local\Temp\OP_CACHE.IDX 288 bytes scan completed successfully hidden files: 508 ************************************************************************** . ------------------------ Other Running Processes ------------------------ . C:\Windows\System32\Ati2evxx.exe C:\Windows\System32\audiodg.exe C:\Windows\System32\Ati2evxx.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Program Files\Agnitum\Outpost Antivirus Pro\op_mon.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Windows\System32\PnkBstrA.exe C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\Windows\System32\conime.exe C:\Windows\servicing\TrustedInstaller.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Common Files\microsoft shared\Windows Live\WLLoginProxy.exe . ************************************************************************** . Completion time: 2008-07-31 0:55:04 - machine was rebooted ComboFix-quarantined-files.txt 2008-07-30 22:54:43 ComboFix2.txt 2008-06-24 22:43:29 Pre-Run: Finner ikke meldingstekst for melding nummer 0x2379 i meldingsfilen for Application. Post-Run: 102,429,962,240 byte ledig 780 --- E O F --- 2008-06-26 11:42:22 det er sikkert mye dritt på pcen q.q Lenke til kommentar
snippsat Skrevet 30. juli 2008 Del Skrevet 30. juli 2008 Det var litt grums ja,nå slettet combofix det meste. Vi kjører litt til for og være sikker på at du er ren. --- Last ned kjør CCleaner 'Valg'->'Avansert'. Fjern avkryssingen framfor: "bare slett midlertidige filer som er eldere enn 48 t. Kjør og register-renser"svar ja til og reparere"-->backup svar ja når du blir spørt. Kjør register-renser et par ganger til alle feil er borte. --- Last ned MBAM til skrivebordet. Velg Norsk språkdrakt-->kjør hurtig systemskann. Når MBAM er ferdig åpner den en logg,den poster du. --- Restart --- Lag en ny hijackthis logg. Lenke til kommentar
Kazento Skrevet 30. juli 2008 Forfatter Del Skrevet 30. juli 2008 har combofix nå automatisk fiksa en del? Lenke til kommentar
snippsat Skrevet 30. juli 2008 Del Skrevet 30. juli 2008 har combofix nå automatisk fiksa en del? Ja den har fixa en del. Jeg har gått over loggen,hadde jeg funnet noe ville jeg lagd et script som fjernet resten. Lenke til kommentar
Kazento Skrevet 30. juli 2008 Forfatter Del Skrevet 30. juli 2008 Klikk for å se/fjerne innholdet nedenfor Malwarebytes' Anti-Malware 1.23 Database versjon: 1011 Windows 6.0.6000 01:26:40 31.07.2008 mbam-log-7-31-2008 (01-26-40).txt Skanntype: Rask Skann Objekter skannet: 34936 Tid tilbakelagt: 3 minute(s), 42 second(s) Minneprosesser infisert: 1 Minnemoduler infisert: 0 Registernøkler infisert: 1 Registerverdier infisert: 2 Registerfiler infisert: 0 Mapper infisert: 4 Filer infisert: 6 Minneprosesser infisert: C:\Program Files\Sacor\Sacor.exe (Trojan.Agent) -> Unloaded process successfully. Minnemoduler infisert: (Ingen mistenkelige filer funnet) Registernøkler infisert: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Sacor (Trojan.Agent) -> Quarantined and deleted successfully. Registerverdier infisert: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sacor (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Mozilla\Firefox\Extensions\{59a40ac9-e67d-4155-b31d-4b7330fcd2d6} (Adware.PurityScan) -> Quarantined and deleted successfully. Registerfiler infisert: (Ingen mistenkelige filer funnet) Mapper infisert: C:\Program Files\Webtools (Trojan.Agent) -> Quarantined and deleted successfully. C:\Windows\System32\modtrux18 (Trojan.Agent) -> Quarantined and deleted successfully. C:\Windows\System32\kBin02 (Trojan.Agent) -> Quarantined and deleted successfully. C:\Program Files\Sacor (Trojan.Agent) -> Quarantined and deleted successfully. Filer infisert: C:\Program Files\Sacor\Sacor.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\Windows\System32\arleylldfaqbcfj.exe (Rootkit.Agent) -> Quarantined and deleted successfully. C:\Windows\System32\modtrux18\modtrux182328.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\Windows\System32\kBin02\kBin022328.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\Program Files\Sacor\OP_CACHE.ATR (Trojan.Agent) -> Quarantined and deleted successfully. C:\Program Files\Sacor\OP_CACHE.IDX (Trojan.Agent) -> Quarantined and deleted successfully. da restarter jeg så kommer Hijackthis rett etterpå Lenke til kommentar
Kazento Skrevet 30. juli 2008 Forfatter Del Skrevet 30. juli 2008 Klikk for å se/fjerne innholdet nedenfor Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 01:31:57, on 31.07.2008 Platform: Windows Vista (WinNT 6.00.1904) MSIE: Internet Explorer v7.00 (7.00.6000.16681) Boot mode: Normal Running processes: C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\RtHDVCpl.exe C:\Program Files\Winamp\winampa.exe C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe C:\Program Files\DAEMON Tools Lite\daemon.exe C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe C:\Program Files\DNA\btdna.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\Trend Micro\HijackThis\OterLars.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.daemon-search.com/startpage R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: Påloggingshjelp for Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [startCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [OutpostFeedBack] "C:\Program Files\Agnitum\Outpost Antivirus Pro\feedback.exe" /dump:os_startup O4 - HKLM\..\Run: [OutpostMonitor] C:\PROGRA~1\Agnitum\OUTPOS~1\op_mon.exe /tray /noservice O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun O4 - HKCU\..\Run: [steam] C:\Program Files\Valve\Steam\\Steam.exe -silent O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [bitTorrent DNA] "C:\Program Files\DNA\btdna.exe" O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETTVERKSTJENESTE') O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~3.0_0\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~3.0_0\bin\ssv.dll O9 - Extra button: Send til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O13 - Gopher Prefix: O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - AppInit_DLLs: c:\progra~1\agnitum\outpos~1\wl_hook.dll O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O23 - Service: Agnitum Client Security Service (acssrv) - Agnitum Ltd. - C:\PROGRA~1\Agnitum\OUTPOS~1\acs.exe O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe -- End of file - 5782 bytes her er hijackthis loggen Lenke til kommentar
snippsat Skrevet 30. juli 2008 Del Skrevet 30. juli 2008 (endret) Da ser det bra ut. Bruk pcen litt og se om problemet er borte. Da avinstallerer du combofix sånn. Du kan fjerne combofix ved å skrive combofix /u fra kjør-vinduet. Denne kommandoen gjør at filer i karantene og backups blir slette. Systemgjenopprettingsmappa nullstilt etc. Endret 30. juli 2008 av SNIPPSAT Lenke til kommentar
Kazento Skrevet 30. juli 2008 Forfatter Del Skrevet 30. juli 2008 tusen takk for hjelpa ^^ Lenke til kommentar
Kazento Skrevet 31. juli 2008 Forfatter Del Skrevet 31. juli 2008 tror ikke den fungerer helt som den skal har fått 3 bluscreen dem siste timene Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå