Linkage Skrevet 15. august 2008 Del Skrevet 15. august 2008 Hei, kan noen ta en titt på disse loggene? Combofix Klikk for å se/fjerne innholdet nedenfor ComboFix 08-08-14.05 - Petter 2008-08-15 21:16:51.1 - FAT32x86 Microsoft Windows XP Professional 5.1.2600.2.1252.47.1044.18.462 [GMT 2:00] Running from: C:\Documents and Settings\Petter\Mine dokumenter\harry\ComboFix.exe * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\Andrine\Cookies\[email protected][2].txt C:\Documents and Settings\Andrine\Cookies\andrine@harddiskvakt[1].txt C:\Documents and Settings\Andrine\Cookies\[email protected][1].txt C:\Documents and Settings\Andrine\Cookies\[email protected][4].txt C:\Documents and Settings\Baard\Cookies\baard@classmates[3].txt C:\Documents and Settings\Baard\Cookies\baard@harddiskvakt[1].txt C:\Documents and Settings\Baard\Cookies\[email protected][2].txt C:\Documents and Settings\Baard\Cookies\baard@real[2].txt C:\Documents and Settings\Baard\Cookies\baard@real[3].txt C:\Documents and Settings\Baard\Cookies\baard@symantecstore[2].txt C:\Documents and Settings\Baard\Cookies\[email protected][1].txt C:\Documents and Settings\Baard\Programdata\macromedia\Flash Player\#SharedObjects\76B9QZVT\iforex.com C:\Documents and Settings\Baard\Programdata\macromedia\Flash Player\#SharedObjects\76B9QZVT\iforex.com\Emerp\Events\flash_object.swf\user_data.sol C:\Documents and Settings\Baard\Programdata\macromedia\Flash Player\#SharedObjects\76B9QZVT\interclick.com C:\Documents and Settings\Baard\Programdata\macromedia\Flash Player\#SharedObjects\76B9QZVT\interclick.com\ud.sol C:\Documents and Settings\Baard\Programdata\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#iforex.com C:\Documents and Settings\Baard\Programdata\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#iforex.com\settings.sol C:\Documents and Settings\Baard\Programdata\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com C:\Documents and Settings\Baard\Programdata\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com\settings.sol C:\Documents and Settings\Karine\Cookies\[email protected][1].txt C:\Documents and Settings\Karine\Cookies\[email protected][2].txt C:\Documents and Settings\Karine\Programdata\macromedia\Flash Player\#SharedObjects\2FZENS7G\iforex.com C:\Documents and Settings\Karine\Programdata\macromedia\Flash Player\#SharedObjects\2FZENS7G\iforex.com\Emerp\Events\flash_object.swf\user_data.sol C:\Documents and Settings\Karine\Programdata\macromedia\Flash Player\#SharedObjects\2FZENS7G\interclick.com C:\Documents and Settings\Karine\Programdata\macromedia\Flash Player\#SharedObjects\2FZENS7G\interclick.com\ud.sol C:\Documents and Settings\Karine\Programdata\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#iforex.com C:\Documents and Settings\Karine\Programdata\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#iforex.com\settings.sol C:\Documents and Settings\Karine\Programdata\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com C:\Documents and Settings\Karine\Programdata\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com\settings.sol C:\WINDOWS\BM0a6725ef.txt C:\WINDOWS\BM0a6725ef.xml C:\WINDOWS\cookies.ini C:\WINDOWS\Downloaded Program Files\setup.inf C:\WINDOWS\pskt.ini C:\WINDOWS\system32\agwmrjwu.dll C:\WINDOWS\system32\bbufuswm.dll C:\WINDOWS\system32\bfhgrkmu.ini C:\WINDOWS\system32\boqgdtgr.dll C:\WINDOWS\system32\cfnogbpw.dll C:\WINDOWS\system32\cmkfhtjc.dll C:\WINDOWS\system32\DcIhQqru.ini C:\WINDOWS\system32\DcIhQqru.ini2 C:\WINDOWS\system32\drivers\npf.sys C:\WINDOWS\system32\dujckypp.exe C:\WINDOWS\system32\ehbapvbf.dll C:\WINDOWS\system32\estvot.dll C:\WINDOWS\system32\fgfethrx.dll C:\WINDOWS\system32\gdwjnrtn.ini C:\WINDOWS\system32\gtkwsftt.exe C:\WINDOWS\system32\gvhtuumw.ini C:\WINDOWS\system32\gyvndluh.ini C:\WINDOWS\system32\hbirpm.dll C:\WINDOWS\system32\hdrwfwnc.dll C:\WINDOWS\system32\hpcebxcu.dll C:\WINDOWS\system32\ijjvnfvg.exe C:\WINDOWS\system32\ionnmbje.dll C:\WINDOWS\system32\jdfilwyd.dll C:\WINDOWS\system32\jmuduxjd.dll C:\WINDOWS\system32\jvmxtwde.dll C:\WINDOWS\system32\kbtiyrnd.dll C:\WINDOWS\system32\kmcvqvfv.dll C:\WINDOWS\system32\lamolwfi.exe C:\WINDOWS\system32\lqylnbbn.dll C:\WINDOWS\system32\lztqnj.dll C:\WINDOWS\system32\mrvmabgo.dll C:\WINDOWS\system32\mtdypuvt.dll C:\WINDOWS\system32\nfyskvhp.ini C:\WINDOWS\system32\nkfsgitw.dll C:\WINDOWS\system32\oekdcwoh.dll C:\WINDOWS\system32\ohddtjou.ini C:\WINDOWS\system32\olqeiqgg.ini C:\WINDOWS\system32\ovdmccks.exe C:\WINDOWS\system32\ovkssh.dll C:\WINDOWS\system32\oysptgaa.dll C:\WINDOWS\system32\packet.dll C:\WINDOWS\system32\pahmvdhi.dll C:\WINDOWS\system32\pdrabcjb.dll C:\WINDOWS\system32\pthreadVC.dll C:\WINDOWS\system32\qdjqmepw.dll C:\WINDOWS\system32\qeahrfhx.dll C:\WINDOWS\system32\qixbgbce.dll C:\WINDOWS\system32\qkapgndl.dll C:\WINDOWS\system32\qwfhrk.dll C:\WINDOWS\system32\qwvsmjgg.dll C:\WINDOWS\system32\rdjjgk.dll C:\WINDOWS\system32\rgtdgqob.ini C:\WINDOWS\system32\rgucurvp.exe C:\WINDOWS\system32\ricmgnxt.dll C:\WINDOWS\system32\rmpedkee.dll C:\WINDOWS\system32\robsmm.dll C:\WINDOWS\system32\rwbsndof.dll C:\WINDOWS\system32\rwkgiefi.dll C:\WINDOWS\system32\uglfpyyx.exe C:\WINDOWS\system32\uojtddho.dll C:\WINDOWS\system32\uxmsyeyc.ini C:\WINDOWS\system32\vaumsscs.dll C:\WINDOWS\system32\vboluhrw.dll C:\WINDOWS\system32\VFffLRqr.ini C:\WINDOWS\system32\VFffLRqr.ini2 C:\WINDOWS\system32\vocyeo.dll C:\WINDOWS\system32\vyhepwqi.dll C:\WINDOWS\system32\WanPacket.dll C:\WINDOWS\system32\wjjwyurf.exe C:\WINDOWS\system32\wlvpqmtc.dll C:\WINDOWS\system32\wpbgonfc.ini C:\WINDOWS\system32\wpcap.dll C:\WINDOWS\system32\wqsfwe.dll C:\WINDOWS\system32\wvlnsx.dll C:\WINDOWS\system32\xrirlo.dll C:\WINDOWS\system32\xuhxjnjj.dll C:\WINDOWS\system32\xxmfcngl.dll C:\WINDOWS\system32\yFghgfii.ini C:\WINDOWS\system32\yFghgfii.ini2 C:\WINDOWS\system32\yjhgordk.ini C:\WINDOWS\system32\ynwddpqb.dll C:\WINDOWS\system32\yskbvpxs.dll C:\WINDOWS\system32\zdakzo.dll . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Service_NPF ((((((((((((((((((((((((( Files Created from 2008-07-15 to 2008-08-15 ))))))))))))))))))))))))))))))) . 2008-08-15 19:59 . 2008-08-15 19:59 <DIR> d-------- C:\Programfiler\SUPERAntiSpyware 2008-08-15 19:59 . 2008-08-15 19:59 <DIR> d-------- C:\Documents and Settings\Petter\Programdata\SUPERAntiSpyware.com 2008-08-15 19:59 . 2008-08-15 19:59 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\SUPERAntiSpyware.com 2008-08-15 19:58 . 2008-08-15 19:58 <DIR> d-------- C:\Programfiler\Fellesfiler\Wise Installation Wizard 2008-08-15 19:57 . 2008-08-15 19:57 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Yahoo! Companion 2008-08-15 19:53 . 2008-08-15 19:53 <DIR> dr-h----- C:\Documents and Settings\Petter\Siste 2008-08-15 19:52 . 2008-08-15 19:52 <DIR> d-------- C:\Programfiler\Yahoo! 2008-08-15 19:51 . 2008-08-15 19:51 <DIR> d-------- C:\Programfiler\CCleaner 2008-08-15 19:44 . 2004-08-04 20:00 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys 2008-08-15 19:44 . 2004-08-04 20:00 9,600 --a------ C:\WINDOWS\system32\dllcache\hidusb.sys 2008-08-12 17:11 . 2008-08-12 17:11 <DIR> d--hs---- C:\FOUND.075 2008-08-11 21:09 . 2008-08-15 19:12 54,156 --ah----- C:\WINDOWS\QTFont.qfn 2008-08-11 21:09 . 2008-08-11 21:09 1,409 --a------ C:\WINDOWS\QTFont.for 2008-08-10 19:24 . 2008-08-10 19:24 <DIR> d--hs---- C:\FOUND.074 2008-07-27 11:44 . 2008-08-02 16:07 414 ---hs---- C:\WINDOWS\system32\hhewdogv.ini . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-07-08 14:09 --------- d-----w C:\Programfiler\Mindscape 2008-06-21 09:17 805 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF 2008-06-21 09:17 60,800 ----a-w C:\WINDOWS\system32\S32EVNT1.DLL 2008-06-21 09:17 123,952 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.SYS 2008-06-21 09:17 10,671 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT 2008-05-19 12:44 94,208 ----a-w C:\WINDOWS\DUMP4286.tmp 2008-05-19 12:39 94,208 ----a-w C:\WINDOWS\DUMP8760.tmp 2007-08-02 16:13 20 ---h--w C:\Documents and Settings\All Users\Programdata\PKP_DLec.DAT 2007-11-08 15:05 3,766 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys 2007-11-08 15:05 56 --sh--r C:\WINDOWS\system32\90BE820EF0.sys . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 20:00 15360] "msnmsgr"="C:\Programfiler\MSN Messenger\msnmsgr.exe" [2007-01-19 12:54 5674352] "swg"="C:\Programfiler\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-18 20:20 68856] "SUPERAntiSpyware"="C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-05-28 10:33 1506544] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "LaunchApp"="Alaunch" [X] "SynTPLpr"="C:\Programfiler\Synaptics\SynTP\SynTPLpr.exe" [2005-11-02 00:11 102491] "SynTPEnh"="C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe" [2005-11-02 00:11 692315] "RemoteControl"="C:\Programfiler\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 20:24 32768] "IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 20:00 208952] "MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 20:00 59392] "PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 20:00 455168] "PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 20:00 455168] "eDataSecurity Loader"="C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2005-10-19 09:30 69632] "ePower_DMC"="C:\Acer\Empowering Technology\ePower\ePower_DMC.exe" [2006-01-17 18:28 344064] "Acer ePower Management"="C:\Acer\Empowering Technology\ePower\Acer ePower Management.exe" [2006-01-16 11:58 3080192] "LManager"="C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE" [2005-12-06 17:11 458752] "eRecoveryService"="C:\Acer\Empowering Technology\eRecovery\Monitor.exe" [2005-11-16 17:00 397312] "ADMTray.exe"="C:\Acer\Empowering Technology\admtray.exe" [2005-10-24 16:45 2462208] "ATICCC"="C:\Programfiler\ATI Technologies\ATI.ACE\cli.exe" [2005-08-12 14:43 45056] "ccApp"="C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe" [2006-04-12 11:30 53408] "TkBellExe"="C:\Programfiler\Fellesfiler\Real\Update_OB\realsched.exe" [2006-09-10 08:03 180269] "Google Desktop Search"="C:\Programfiler\Google\Google Desktop Search\GoogleDesktop.exe" [2007-09-01 20:31 1838592] "Adobe Photo Downloader"="C:\Programfiler\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 23:46 57344] "Symantec PIF AlertEng"="C:\Programfiler\Fellesfiler\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 18:30 517768] "EverioService"="C:\Programfiler\CyberLink\PCM4Everio\EverioService.exe" [2006-11-22 21:10 151552] "QuickTime Task"="C:\Programfiler\QuickTime\qttask.exe" [2008-01-10 15:27 385024] "SunJavaUpdateSched"="C:\Programfiler\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784] "Adobe Reader Speed Launcher"="C:\Programfiler\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792] "MATH DOES FIRST MODE"="C:\Documents and Settings\All Users\Programdata\live 64 math does\Surf Bags.exe" [2008-08-15 21:26 4909568] "RTHDCPL"="RTHDCPL.EXE" [2005-11-16 20:27 15600128 C:\WINDOWS\RTHDCPL.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 20:00 15360] C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\ BTTray.lnk - C:\Programfiler\WIDCOMM\Bluetooth Software\BTTray.exe [2005-12-02 14:30:42 618557] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Programfiler\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 10:13 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2007-04-19 13:41 294912 C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "C:\\Programfiler\\MSN Messenger\\MSNMSGR.EXE"= "C:\\Programfiler\\MSN Messenger\\livecall.exe"= "C:\\Programfiler\\LimeWire\\LimeWire.exe"= "C:\\Programfiler\\Messenger\\MSMSGS.EXE"= "C:\\Programfiler\\CyberLink\\PCM4Everio\\PCM4Everio.exe"= "C:\\Programfiler\\CyberLink\\PCM4Everio\\EverioService.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "1496:UDP"= 1496:UDP:Windows Media Format SDK (iexplore.exe) "1497:UDP"= 1497:UDP:Windows Media Format SDK (iexplore.exe) R1 OsaFsLoc;OsaFsLoc;C:\WINDOWS\system32\drivers\OsaFsLoc.sys [2005-10-15 18:20] R2 EpmPsd;Acer EPM Power Scheme Driver;C:\WINDOWS\system32\drivers\epm-psd.sys [2005-04-22 16:57] R2 EpmShd;Acer EPM System Hardware Driver;C:\WINDOWS\system32\drivers\epm-shd.sys [2005-04-22 16:57] R2 int15.sys;int15.sys;C:\Acer\Empowering Technology\eRecovery\int15.sys [2005-01-13 14:46] R2 osaio;osaio;C:\WINDOWS\system32\drivers\osaio.sys [2005-06-30 16:58] R2 osanbm;osanbm;C:\WINDOWS\system32\drivers\osanbm.sys [2005-01-14 15:57] R3 NdisFilt;OSA NdisFilter Protocol;C:\WINDOWS\system32\Drivers\NdisFilt.sys [2005-09-13 15:34] . Contents of the 'Scheduled Tasks' folder 2008-08-15 C:\WINDOWS\Tasks\Norton AntiVirus - Run Full System Scan - Baard.job - C:\PROGRA~1\NORTON~1\Navw32.exe [2007-05-23 12:13] 2008-05-15 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job - C:\Programfiler\Apple Software Update\SoftwareUpdate.exe [2007-08-29 14:57] 2008-08-15 C:\WINDOWS\Tasks\Se etter oppdateringer for Windows Live Toolbar.job - C:\Programfiler\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 11:20] . - - - - ORPHANS REMOVED - - - - BHO-{1ff73ac2-92a6-48d0-bb8c-515fd57c7c62} - C:\WINDOWS\system32\dasora.dll HKLM-Run-09541673 - C:\WINDOWS\system32\boqgdtgr.dll HKLM-Run-BM0a6725ef - C:\WINDOWS\system32\vboluhrw.dll . ------- Supplementary Scan ------- . FireFox -: Profile - C:\Documents and Settings\Petter\Programdata\Mozilla\Firefox\Profiles\u59m1ngy.default\ ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-08-15 21:23:14 Windows 5.1.2600 Service Pack 2 FAT NTAPI scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . ------------------------ Other Running Processes ------------------------ . C:\WINDOWS\SYSTEM32\ATI2EVXX.EXE C:\PROGRAMFILER\INTEL\WIRELESS\BIN\EVTENG.EXE C:\PROGRAMFILER\INTEL\WIRELESS\BIN\S24EVMON.EXE C:\PROGRAMFILER\FELLESFILER\SYMANTEC SHARED\CCSETMGR.EXE C:\PROGRAMFILER\FELLESFILER\SYMANTEC SHARED\CCEVTMGR.EXE C:\PROGRAMFILER\FELLESFILER\SYMANTEC SHARED\SNDSRVC.EXE C:\PROGRAMFILER\FELLESFILER\SYMANTEC SHARED\SPBBC\SPBBCSVC.EXE C:\PROGRAMFILER\FELLESFILER\SYMANTEC SHARED\CCPD-LC\SYMLCSVC.EXE C:\PROGRAMFILER\FELLESFILER\APPLE\MOBILE DEVICE SUPPORT\BIN\APPLEMOBILEDEVICESERVICE.EXE C:\PROGRAMFILER\SYMANTEC\LIVEUPDATE\ALUSCHEDULERSVC.EXE C:\ACER\EMPOWERING TECHNOLOGY\ADMSERV.EXE C:\PROGRAMFILER\WIDCOMM\BLUETOOTH SOFTWARE\BIN\BTWDINS.EXE C:\PROGRAMFILER\NORTON ANTIVIRUS\NAVAPSVC.EXE C:\PROGRAMFILER\NORTON ANTIVIRUS\IWP\NPFMNTOR.EXE C:\PROGRAMFILER\INTEL\WIRELESS\BIN\REGSRVC.EXE C:\PROGRAMFILER\CYBERLINK\SHARED FILES\RICHVIDEO.EXE C:\WINDOWS\SYSTEM32\ATI2EVXX.EXE C:\PROGRAMFILER\LAUNCH MANAGER\QTZGACER.EXE C:\WINDOWS\system32\wbem\unsecapp.exe C:\Programfiler\Internet Explorer\IEXPLORE.EXE C:\Programfiler\Fellesfiler\Symantec Shared\Security Console\NSCSRVCE.EXE C:\Programfiler\Messenger\msmsgs.exe C:\WINDOWS\system32\imapi.exe . ************************************************************************** . Completion time: 2008-08-15 21:28:36 - machine was rebooted ComboFix-quarantined-files.txt 2008-08-15 19:28:22 Pre-Run: 18,987,057,152 byte ledig Post-Run: 20,181,188,608 byte ledig 290 --- E O F --- 2008-06-10 20:10:01 HighJack This og SAS Klikk for å se/fjerne innholdet nedenfor Logfile of Trend Micro HijackThis v2.0.2Scan saved at 21:30:37, on 15.08.2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16674) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Programfiler\Intel\Wireless\Bin\EvtEng.exe C:\Programfiler\Intel\Wireless\Bin\S24EvMon.exe C:\Programfiler\Fellesfiler\Symantec Shared\ccSetMgr.exe C:\Programfiler\Fellesfiler\Symantec Shared\ccEvtMgr.exe C:\Programfiler\Fellesfiler\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe C:\Programfiler\Fellesfiler\Symantec Shared\SNDSrvc.exe C:\Programfiler\Fellesfiler\Symantec Shared\SPBBC\SPBBCSvc.exe C:\Programfiler\Fellesfiler\Symantec Shared\CCPD-LC\symlcsvc.exe C:\WINDOWS\system32\spoolsv.exe C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Programfiler\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\Acer\Empowering Technology\admServ.exe c:\Programfiler\WIDCOMM\Bluetooth Software\bin\btwdins.exe C:\Programfiler\Norton AntiVirus\navapsvc.exe C:\Programfiler\Norton AntiVirus\IWP\NPFMntor.exe C:\Programfiler\Intel\Wireless\Bin\RegSrvc.exe C:\Programfiler\CyberLink\Shared Files\RichVideo.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\RTHDCPL.EXE C:\Programfiler\Synaptics\SynTP\SynTPLpr.exe C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe C:\Programfiler\CyberLink\PowerDVD\PDVDServ.exe C:\Acer\Empowering Technology\eRecovery\Monitor.exe C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe C:\Acer\Empowering Technology\ePower\ePower_DMC.exe C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE C:\Acer\Empowering Technology\admtray.exe C:\Programfiler\ATI Technologies\ATI.ACE\cli.exe C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe C:\Programfiler\Fellesfiler\Real\Update_OB\realsched.exe C:\Programfiler\Google\Google Desktop Search\GoogleDesktop.exe C:\Programfiler\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe C:\Programfiler\CyberLink\PCM4Everio\EverioService.exe C:\Programfiler\Java\jre1.6.0_05\bin\jusched.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\wbem\unsecapp.exe C:\Programfiler\Internet Explorer\IEXPLORE.EXE C:\WINDOWS\system32\ctfmon.exe C:\Programfiler\MSN Messenger\msnmsgr.exe C:\Programfiler\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Programfiler\WIDCOMM\Bluetooth Software\BTTray.exe C:\WINDOWS\system32\svchost.exe C:\Programfiler\ATI Technologies\ATI.ACE\cli.exe C:\Programfiler\ATI Technologies\ATI.ACE\cli.exe C:\Programfiler\Fellesfiler\Symantec Shared\Security Console\NSCSRVCE.EXE C:\WINDOWS\explorer.exe C:\WINDOWS\system32\notepad.exe C:\Programfiler\Java\jre1.6.0_05\bin\jucheck.exe C:\Programfiler\Messenger\msmsgs.exe C:\Programfiler\Mozilla Firefox\firefox.exe C:\Documents and Settings\Petter\Mine dokumenter\harry\Ny mappe\test.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://global.acer.com/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programfiler\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programfiler\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Programfiler\Norton AntiVirus\NavShExt.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programfiler\google\googletoolbar3.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programfiler\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programfiler\Windows Live Toolbar\msntb.dll O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Programfiler\Norton AntiVirus\NavShExt.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programfiler\google\googletoolbar3.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programfiler\Windows Live Toolbar\msntb.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programfiler\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKLM\..\Run: [LaunchApp] Alaunch O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [synTPLpr] C:\Programfiler\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [synTPEnh] C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [RemoteControl] C:\Programfiler\CyberLink\PowerDVD\PDVDServ.exe O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe O4 - HKLM\..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe O4 - HKLM\..\Run: [Acer ePower Management] C:\Acer\Empowering Technology\ePower\Acer ePower Management.exe boot O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\Monitor.exe O4 - HKLM\..\Run: [ADMTray.exe] "C:\Acer\Empowering Technology\admtray.exe" O4 - HKLM\..\Run: [ATICCC] "C:\Programfiler\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay O4 - HKLM\..\Run: [ccApp] "C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Programfiler\Fellesfiler\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [Google Desktop Search] "C:\Programfiler\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Programfiler\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" O4 - HKLM\..\Run: [symantec PIF AlertEng] "C:\Programfiler\Fellesfiler\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Programfiler\Fellesfiler\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll" O4 - HKLM\..\Run: [EverioService] "C:\Programfiler\CyberLink\PCM4Everio\EverioService.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programfiler\Java\jre1.6.0_05\bin\jusched.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programfiler\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [MATH DOES FIRST MODE] C:\Documents and Settings\All Users\Programdata\live 64 math does\Surf Bags.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Programfiler\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [swg] C:\Programfiler\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETTVERKSTJENESTE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: BTTray.lnk = ? O8 - Extra context menu item: &Sample Toolband Serach - res://C:\WINDOWS\system32\ToolBand.dll/MENUSEARCH.HTM O8 - Extra context menu item: &Windows Live Search - res://C:\Programfiler\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Send til &Bluetooth-enhet... - c:\Programfiler\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O8 - Extra context menu item: Åpne i ny bakgrunnsflik - res://C:\Programfiler\Windows Live Toolbar\Components\nb-no\msntabres.dll.mui/229?ed3c73f80b2b4980989cfdcea904c305 O8 - Extra context menu item: Åpne i ny forgrunnsflik - res://C:\Programfiler\Windows Live Toolbar\Components\nb-no\msntabres.dll.mui/230?ed3c73f80b2b4980989cfdcea904c305 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: Oppslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O12 - Plugin for .spop: C:\Programfiler\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - http://www.nordea.no/Privat/404%2b-%2bside...kke/777052.html O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Programfiler\Yahoo!\Common\yinsthelper.dll O20 - Winlogon Notify: !SASWinLogon - C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Programfiler\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: AdminWorks Agent X6 (AWService) - Avocent Inc. - C:\Acer\Empowering Technology\admServ.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - c:\Programfiler\WIDCOMM\Bluetooth Software\bin\btwdins.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccSetMgr.exe O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Programfiler\Intel\Wireless\Bin\EvtEng.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Programfiler\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programfiler\Fellesfiler\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Programfiler\Norton AntiVirus\navapsvc.exe O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Programfiler\Norton AntiVirus\IWP\NPFMntor.exe O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\Security Console\NSCSRVCE.EXE O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Programfiler\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Programfiler\CyberLink\Shared Files\RichVideo.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Programfiler\WinPcap\rpcapd.exe O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Programfiler\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Programfiler\Norton AntiVirus\SAVScan.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\SNDSrvc.exe O23 - Service: SPBBCSvc - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec Core LC - Unknown owner - C:\Programfiler\Fellesfiler\Symantec Shared\CCPD-LC\symlcsvc.exe -- End of file - 13629 bytes [\skjul] SAS[\b] Klikk for å se/fjerne innholdet nedenfor SASSUPERAntiSpyware Scan Loghttp://www.superantispyware.com Generated 08/15/2008 at 08:28 PM Application Version : 4.15.1000 Core Rules Database Version : 3469 Trace Rules Database Version: 1460 Scan type : Quick Scan Total Scan Time : 00:27:09 Memory items scanned : 731 Memory threats detected : 3 Registry items scanned : 453 Registry threats detected : 35 File items scanned : 16928 File threats detected : 440 Trojan.Vundo-Variant/Small-GEN C:\WINDOWS\SYSTEM32\PMNMJIBU.DLL C:\WINDOWS\SYSTEM32\PMNMJIBU.DLL HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7588F3E3-0F4B-4680-B225-BB186E940EFB} HKCR\CLSID\{7588F3E3-0F4B-4680-B225-BB186E940EFB} HKCR\CLSID\{7588F3E3-0F4B-4680-B225-BB186E940EFB}\InprocServer32 HKCR\CLSID\{7588F3E3-0F4B-4680-B225-BB186E940EFB}\InprocServer32#ThreadingModel HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks#{7588F3E3-0F4B-4680-B225-BB186E940EFB} Software\Microsoft\Windows NT\CurrentVersion\WinLogon\Notify\pmnmjIBU C:\WINDOWS\SYSTEM32\AWTUSTJC.DLL C:\WINDOWS\SYSTEM32\RQRLFFFV.DLL C:\WINDOWS\SYSTEM32\URQQHICD.DLL C:\WINDOWS\SYSTEM32\RQRJOJXV.DLL C:\WINDOWS\SYSTEM32\DDCATQQH.DLL Adware.Vundo Variant/Resident C:\WINDOWS\SYSTEM32\IIFGHGFY.DLL C:\WINDOWS\SYSTEM32\IIFGHGFY.DLL Trojan.Downloader-NewJuan/VM C:\WINDOWS\SYSTEM32\DASORA.DLL C:\WINDOWS\SYSTEM32\DASORA.DLL Trojan.Vundo-Variant/Small HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{515FB3F3-09BB-4726-B9B7-C28736D20F8D} HKCR\CLSID\{515FB3F3-09BB-4726-B9B7-C28736D20F8D} HKCR\CLSID\{515FB3F3-09BB-4726-B9B7-C28736D20F8D}\InprocServer32 HKCR\CLSID\{515FB3F3-09BB-4726-B9B7-C28736D20F8D}\InprocServer32#ThreadingModel Adware.IWantSearchBar HKLM\Software\Microsoft\Internet Explorer\Toolbar#{0E1230F8-EA50-42A9-983C-D22ABC2EED3B} HKCR\CLSID\{0E1230F8-EA50-42A9-983C-D22ABC2EED3B} HKCR\CLSID\{0E1230F8-EA50-42A9-983C-D22ABC2EED3B} HKCR\CLSID\{0E1230F8-EA50-42A9-983C-D22ABC2EED3B}\InprocServer32 HKCR\CLSID\{0E1230F8-EA50-42A9-983C-D22ABC2EED3B}\InprocServer32#ThreadingModel HKCR\CLSID\{0E1230F8-EA50-42A9-983C-D22ABC2EED3B}\ProgID HKCR\CLSID\{0E1230F8-EA50-42A9-983C-D22ABC2EED3B}\Programmable HKCR\CLSID\{0E1230F8-EA50-42A9-983C-D22ABC2EED3B}\TypeLib HKCR\CLSID\{0E1230F8-EA50-42A9-983C-D22ABC2EED3B}\VersionIndependentProgID HKCR\ToolBand.ToolBandObj.1 HKCR\ToolBand.ToolBandObj.1\CLSID HKCR\ToolBand.ToolBandObj HKCR\ToolBand.ToolBandObj\CLSID HKCR\ToolBand.ToolBandObj\CurVer HKCR\TypeLib\{5297E905-1DFB-4A9C-9871-A4F95FD58945} HKCR\TypeLib\{5297E905-1DFB-4A9C-9871-A4F95FD58945}\1.0 HKCR\TypeLib\{5297E905-1DFB-4A9C-9871-A4F95FD58945}\1.0 HKCR\TypeLib\{5297E905-1DFB-4A9C-9871-A4F95FD58945}\1.0\win32 HKCR\TypeLib\{5297E905-1DFB-4A9C-9871-A4F95FD58945}\1.0\FLAGS HKCR\TypeLib\{5297E905-1DFB-4A9C-9871-A4F95FD58945}\1.0\HELPDIR C:\WINDOWS\SYSTEM32\TOOLBAND.DLL HKU\S-1-5-21-1827998096-2234055062-2392453420-1009\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser#{0E1230F8-EA50-42A9-983C-D22ABC2EED3B} Adware.Vundo Variant/Rel HKLM\SOFTWARE\Microsoft\aoprndtws HKLM\SOFTWARE\Microsoft\FCOVM HKLM\SOFTWARE\Microsoft\RemoveRP HKU\S-1-5-21-1827998096-2234055062-2392453420-1009\Software\Microsoft\rdfa C:\WINDOWS\SYSTEM32\MCRH.TMP Adware.Tracking Cookie C:\Documents and Settings\Karine\Cookies\[email protected][1].txt C:\Documents and Settings\Karine\Cookies\karine@fastclick[2].txt C:\Documents and Settings\Karine\Cookies\karine@doubleclick[1].txt C:\Documents and Settings\Karine\Cookies\[email protected][1].txt C:\Documents and Settings\Karine\Cookies\karine@clickbank[1].txt C:\Documents and Settings\Karine\Cookies\karine@tradedoubler[1].txt C:\Documents and Settings\Karine\Cookies\[email protected][1].txt C:\Documents and Settings\Karine\Cookies\karine@zedo[2].txt C:\Documents and Settings\Karine\Cookies\karine@indexstats[2].txt C:\Documents and Settings\Karine\Cookies\karine@partypoker[2].txt C:\Documents and Settings\Karine\Cookies\karine@apmebf[1].txt C:\Documents and Settings\Karine\Cookies\[email protected][1].txt C:\Documents and Settings\Karine\Cookies\[email protected][1].txt C:\Documents and Settings\Karine\Cookies\[email protected][2].txt C:\Documents and Settings\Karine\Cookies\karine@optimost[1].txt C:\Documents and Settings\Karine\Cookies\[email protected][1].txt C:\Documents and Settings\Karine\Cookies\[email protected][1].txt C:\Documents and Settings\Karine\Cookies\karine@advertising[2].txt C:\Documents and Settings\Karine\Cookies\[email protected][2].txt C:\Documents and Settings\Karine\Cookies\[email protected][3].txt C:\Documents and Settings\Baard\Cookies\baard@bravenet[1].txt C:\Documents and Settings\Baard\Cookies\baard@hitbox[2].txt C:\Documents and Settings\Baard\Cookies\[email protected][2].txt C:\Documents and Settings\Baard\Cookies\baard@mediaplex[1].txt C:\Documents and Settings\Baard\Cookies\[email protected][1].txt C:\Documents and Settings\Baard\Cookies\baard@adtech[2].txt C:\Documents and Settings\Baard\Cookies\baard@atdmt[2].txt C:\Documents and Settings\Baard\Cookies\[email protected][2].txt C:\Documents and Settings\Baard\Cookies\[email protected][1].txt C:\Documents and Settings\Baard\Cookies\[email protected][1].txt C:\Documents and Settings\Baard\Cookies\baard@statcounter[2].txt C:\Documents and Settings\Baard\Cookies\baard@indextools[1].txt C:\Documents and Settings\Baard\Cookies\baard@2o7[3].txt C:\Documents and Settings\Baard\Cookies\baard@xiti[1].txt C:\Documents and Settings\Baard\Cookies\[email protected][2].txt C:\Documents and Settings\Baard\Cookies\[email protected][2].txt C:\Documents and Settings\Baard\Cookies\[email protected][3].txt C:\Documents and Settings\Baard\Cookies\baard@advertising[2].txt C:\Documents and Settings\Baard\Cookies\baard@tacoda[2].txt C:\Documents and Settings\Baard\Cookies\[email protected][1].txt C:\Documents and Settings\Baard\Cookies\[email protected][1].txt C:\Documents and Settings\Baard\Cookies\baard@adinterax[2].txt C:\Documents and Settings\Baard\Cookies\[email protected][3].txt C:\Documents and Settings\Baard\Cookies\[email protected][1].txt C:\Documents and Settings\Baard\Cookies\baard@tribalfusion[1].txt C:\Documents and Settings\Baard\Cookies\baard@fastclick[2].txt C:\Documents and Settings\Baard\Cookies\baard@kanoodle[1].txt C:\Documents and Settings\Baard\Cookies\baard@hitbox[1].txt C:\Documents and Settings\Baard\Cookies\[email protected][1].txt C:\Documents and Settings\Baard\Cookies\[email protected][2].txt C:\Documents and Settings\Baard\Cookies\[email protected][1].txt C:\Documents and Settings\Baard\Cookies\[email protected][2].txt C:\Documents and Settings\Baard\Cookies\baard@overture[2].txt C:\Documents and Settings\Baard\Cookies\baard@tradedoubler[1].txt C:\Documents and Settings\Baard\Cookies\baard@2o7[2].txt C:\Documents and Settings\Baard\Cookies\[email protected][1].txt C:\Documents and Settings\Baard\Cookies\[email protected][2].txt C:\Documents and Settings\Baard\Cookies\[email protected][2].txt C:\Documents and Settings\Baard\Cookies\baard@overture[1].txt C:\Documents and Settings\Baard\Cookies\baard@questionmarket[1].txt C:\Documents and Settings\Baard\Cookies\baard@tradedoubler[3].txt C:\Documents and Settings\Baard\Cookies\baard@insightfirst[2].txt C:\Documents and Settings\Baard\Cookies\[email protected][1].txt C:\Documents and Settings\Baard\Cookies\[email protected][1].txt C:\Documents and Settings\Baard\Cookies\baard@247realmedia[1].txt C:\Documents and Settings\Baard\Cookies\[email protected][1].txt C:\Documents and Settings\Baard\Cookies\baard@realmedia[1].txt C:\Documents and Settings\Baard\Cookies\baard@zedo[3].txt C:\Documents and Settings\Baard\Cookies\[email protected][2].txt C:\Documents and Settings\Baard\Cookies\[email protected][1].txt C:\Documents and Settings\Baard\Cookies\[email protected][2].txt C:\Documents and Settings\Baard\Cookies\baard@questionmarket[3].txt C:\Documents and Settings\Baard\Cookies\[email protected][2].txt C:\Documents and Settings\Baard\Cookies\baard@tribalfusion[2].txt C:\Documents and Settings\Baard\Cookies\baard@tacoda[3].txt C:\Documents and Settings\Baard\Cookies\[email protected][1].txt C:\Documents and Settings\Baard\Cookies\baard@peoplefinders[1].txt C:\Documents and Settings\Baard\Cookies\baard@tradedoubler[4].txt C:\Documents and Settings\Baard\Cookies\baard@insightfirst[3].txt C:\Documents and Settings\Baard\Cookies\baard@adbrite[2].txt C:\Documents and Settings\Baard\Cookies\[email protected][1].txt C:\Documents and Settings\Baard\Cookies\[email protected][2].txt C:\Documents and Settings\Baard\Cookies\[email protected][1].txt C:\Documents and Settings\Baard\Cookies\[email protected][1].txt C:\Documents and Settings\Baard\Cookies\[email protected][1].txt C:\Documents and Settings\Baard\Cookies\baard@advertising[1].txt C:\Documents and Settings\Baard\Cookies\baard@tacoda[1].txt C:\Documents and Settings\Baard\Cookies\baard@fastclick[3].txt C:\Documents and Settings\Baard\Cookies\[email protected][2].txt C:\Documents and Settings\Baard\Cookies\baard@advertising[4].txt C:\Documents and Settings\Baard\Cookies\[email protected][1].txt C:\Documents and Settings\Baard\Cookies\baard@doubleclick[1].txt C:\Documents and Settings\Baard\Cookies\[email protected][2].txt C:\Documents and Settings\Baard\Cookies\[email protected][1].txt C:\Documents and Settings\Baard\Cookies\[email protected][1].txt C:\Documents and Settings\Baard\Cookies\baard@2o7[1].txt C:\Documents and Settings\Baard\Cookies\baard@overture[4].txt C:\Documents and Settings\Baard\Cookies\baard@bluestreak[1].txt C:\Documents and Settings\Baard\Cookies\[email protected][1].txt C:\Documents and Settings\Baard\Cookies\baard@hitbox[4].txt C:\Documents and Settings\Baard\Cookies\baard@indexstats[2].txt C:\Documents and Settings\Baard\Cookies\[email protected][4].txt C:\Documents and Settings\Baard\Cookies\[email protected][1].txt C:\Documents and Settings\Baard\Cookies\baard@specificclick[2].txt C:\Documents and Settings\Baard\Cookies\[email protected][2].txt C:\Documents and Settings\Baard\Cookies\[email protected][1].txt C:\Documents and Settings\Baard\Cookies\[email protected][1].txt C:\Documents and Settings\Baard\Cookies\[email protected][1].txt C:\Documents and Settings\Baard\Cookies\[email protected][1].txt C:\Documents and Settings\Baard\Cookies\[email protected][2].txt C:\Documents and Settings\Baard\Cookies\baard@questionmarket[4].txt C:\Documents and Settings\Baard\Cookies\[email protected][2].txt C:\Documents and Settings\Baard\Cookies\[email protected][2].txt C:\Documents and Settings\Baard\Cookies\[email protected][1].txt C:\Documents and Settings\Baard\Cookies\[email protected][1].txt C:\Documents and Settings\Baard\Cookies\[email protected][1].txt C:\Documents and Settings\Baard\Cookies\[email protected][3].txt C:\Documents and Settings\Baard\Cookies\baard@revsci[1].txt C:\Documents and Settings\Baard\Cookies\baard@specificclick[3].txt C:\Documents and Settings\Baard\Cookies\[email protected][1].txt C:\Documents and Settings\Baard\Cookies\baard@tradedoubler[5].txt C:\Documents and Settings\Baard\Cookies\[email protected][1].txt C:\Documents and Settings\Baard\Cookies\[email protected][3].txt C:\Documents and Settings\Baard\Cookies\[email protected][3].txt C:\Documents and Settings\Baard\Cookies\baard@zedo[1].txt C:\Documents and Settings\Baard\Cookies\baard@mediaplex[2].txt C:\Documents and Settings\Baard\Cookies\[email protected][2].txt C:\Documents and Settings\Baard\Cookies\[email protected][1].txt C:\Documents and Settings\Baard\Cookies\[email protected][1].txt C:\Documents and Settings\Baard\Cookies\[email protected][2].txt C:\Documents and Settings\Baard\Cookies\baard@tribalfusion[4].txt C:\Documents and Settings\Baard\Cookies\[email protected][1].txt C:\Documents and Settings\Baard\Cookies\[email protected][1].txt C:\Documents and Settings\Baard\Cookies\[email protected][1].txt C:\Documents and Settings\Baard\Cookies\[email protected][4].txt C:\Documents and Settings\Baard\Cookies\baard@bluestreak[2].txt C:\Documents and Settings\Baard\Cookies\[email protected][1].txt C:\Documents and Settings\Baard\Cookies\[email protected][1].txt C:\Documents and Settings\Baard\Cookies\baard@pacificpoker[2].txt C:\Documents and Settings\Baard\Cookies\[email protected][2].txt C:\Documents and Settings\Baard\Cookies\baard@apmebf[1].txt C:\Documents and Settings\Baard\Cookies\[email protected][2].txt C:\Documents and Settings\Baard\Cookies\baard@tacoda[4].txt C:\Documents and Settings\Baard\Cookies\[email protected][1].txt C:\Documents and Settings\Baard\Cookies\[email protected][1].txt C:\Documents and Settings\Baard\Cookies\baard@2o7[4].txt C:\Documents and Settings\Baard\Cookies\[email protected][1].txt C:\Documents and Settings\Baard\Cookies\baard@hitbox[5].txt C:\Documents and Settings\Baard\Cookies\[email protected][3].txt C:\Documents and Settings\Baard\Cookies\[email protected][5].txt C:\Documents and Settings\Baard\Cookies\baard@trafficmp[2].txt C:\Documents and Settings\Baard\Cookies\[email protected][1].txt C:\Documents and Settings\Baard\Cookies\[email protected][1].txt C:\Documents and Settings\Baard\Cookies\baard@adbrite[3].txt C:\Documents and Settings\Baard\Cookies\[email protected][1].txt C:\Documents and Settings\Baard\Cookies\[email protected][1].txt C:\Documents and Settings\Baard\Cookies\baard@fastclick[4].txt C:\Documents and Settings\Baard\Cookies\baard@serving-sys[2].txt C:\Documents and Settings\Baard\Cookies\[email protected][2].txt C:\Documents and Settings\Baard\Cookies\baard@tacoda[6].txt C:\Documents and Settings\Baard\Cookies\[email protected][3].txt C:\Documents and Settings\Baard\Cookies\[email protected][1].txt C:\Documents and Settings\Baard\Cookies\baard@advertising[3].txt C:\Documents and Settings\Baard\Cookies\[email protected][2].txt C:\Documents and Settings\Baard\Cookies\[email protected][2].txt C:\Documents and Settings\Baard\Cookies\[email protected][3].txt C:\Documents and Settings\Baard\Cookies\[email protected][1].txt C:\Documents and Settings\Baard\Cookies\baard@casalemedia[2].txt C:\Documents and Settings\Baard\Cookies\[email protected][1].txt C:\Documents and Settings\Baard\Cookies\[email protected][2].txt C:\Documents and Settings\Baard\Cookies\baard@insightexpressai[3].txt C:\Documents and Settings\Baard\Cookies\[email protected][2].txt C:\Documents and Settings\Baard\Cookies\baard@collective-media[1].txt C:\Documents and Settings\Baard\Cookies\baard@insightexpressai[1].txt C:\Documents and Settings\Baard\Cookies\baard@questionmarket[2].txt C:\Documents and Settings\Baard\Cookies\[email protected][3].txt C:\Documents and Settings\Baard\Cookies\[email protected][3].txt C:\Documents and Settings\Baard\Cookies\baard@fortunecity[1].txt C:\Documents and Settings\Baard\Cookies\[email protected][1].txt C:\Documents and Settings\Baard\Cookies\baard@statcounter[1].txt C:\Documents and Settings\Baard\Cookies\[email protected][1].txt C:\Documents and Settings\Baard\Cookies\baard@zanox[1].txt C:\Documents and Settings\Baard\Cookies\baard@trafficmp[1].txt C:\Documents and Settings\Baard\Cookies\baard@advertising[5].txt C:\Documents and Settings\Baard\Cookies\[email protected][1].txt C:\Documents and Settings\Baard\Cookies\[email protected][2].txt C:\Documents and Settings\Baard\Cookies\baard@fastclick[5].txt C:\Documents and Settings\Baard\Cookies\[email protected][3].txt C:\Documents and Settings\Baard\Cookies\[email protected][3].txt C:\Documents and Settings\Baard\Cookies\baard@partypoker[1].txt C:\Documents and Settings\Baard\Cookies\baard@2o7[5].txt C:\Documents and Settings\Baard\Cookies\[email protected][5].txt C:\Documents and Settings\Baard\Cookies\[email protected][2].txt C:\Documents and Settings\Baard\Cookies\[email protected][4].txt C:\Documents and Settings\Baard\Cookies\[email protected][1].txt C:\Documents and Settings\Baard\Cookies\[email protected][6].txt C:\Documents and Settings\Baard\Cookies\baard@zedo[4].txt C:\Documents and Settings\Baard\Cookies\[email protected][1].txt C:\Documents and Settings\Baard\Cookies\[email protected][3].txt C:\Documents and Settings\Baard\Cookies\[email protected][3].txt C:\Documents and Settings\Baard\Cookies\baard@tradedoubler[6].txt C:\Documents and Settings\Baard\Cookies\baard@revsci[2].txt C:\Documents and Settings\Baard\Cookies\baard@insightexpressai[2].txt C:\Documents and Settings\Baard\Cookies\baard@serving-sys[3].txt C:\Documents and Settings\Baard\Cookies\[email protected][2].txt C:\Documents and Settings\Baard\Cookies\baard@clickbank[1].txt C:\Documents and Settings\Baard\Cookies\baard@interclick[1].txt C:\Documents and Settings\Baard\Cookies\[email protected][1].txt C:\Documents and Settings\Baard\Cookies\baard@hitbox[3].txt C:\Documents and Settings\Baard\Cookies\baard@adnetserver[1].txt C:\Documents and Settings\Baard\Cookies\[email protected][5].txt C:\Documents and Settings\Baard\Cookies\[email protected][3].txt C:\Documents and Settings\Baard\Cookies\[email protected][7].txt C:\Documents and Settings\Baard\Cookies\baard@mediaplex[4].txt C:\Documents and Settings\Baard\Cookies\baard@pacificpoker[1].txt C:\Documents and Settings\Baard\Cookies\[email protected][4].txt C:\Documents and Settings\Baard\Cookies\[email protected][2].txt C:\Documents and Settings\Baard\Cookies\[email protected][4].txt .2o7.net [ C:\Documents and Settings\Baard\Programdata\Mozilla\Firefox\Profiles\a0qr7989.default\cookies.txt ] .2o7.net [ C:\Documents and Settings\Baard\Programdata\Mozilla\Firefox\Profiles\a0qr7989.default\cookies.txt ] .adtech.de [ C:\Documents and Settings\Petter\Programdata\Mozilla\Firefox\Profiles\u59m1ngy.default\cookies.txt ] C:\Documents and Settings\Vilde\Cookies\vilde@tribalfusion[2].txt C:\Documents and Settings\Vilde\Cookies\vilde@specificclick[2].txt C:\Documents and Settings\Vilde\Cookies\[email protected][1].txt C:\Documents and Settings\Vilde\Cookies\[email protected][1].txt C:\Documents and Settings\Vilde\Cookies\vilde@doubleclick[1].txt C:\Documents and Settings\Vilde\Cookies\vilde@adtech[1].txt C:\Documents and Settings\Vilde\Cookies\vilde@seventeen[1].txt C:\Documents and Settings\Vilde\Cookies\vilde@tradedoubler[2].txt C:\Documents and Settings\Vilde\Cookies\vilde@advertising[1].txt C:\Documents and Settings\Vilde\Cookies\vilde@atdmt[2].txt C:\Documents and Settings\Vilde\Cookies\vilde@socialmedia[1].txt C:\Documents and Settings\Vilde\Cookies\[email protected][1].txt C:\Documents and Settings\Vilde\Cookies\[email protected][1].txt C:\Documents and Settings\Vilde\Cookies\vilde@fastclick[2].txt C:\Documents and Settings\Vilde\Cookies\vilde@imrworldwide[2].txt C:\Documents and Settings\Vilde\Cookies\[email protected][1].txt C:\Documents and Settings\Vilde\Cookies\[email protected][2].txt C:\Documents and Settings\Vilde\Cookies\[email protected][1].txt C:\Documents and Settings\Vilde\Cookies\[email protected][1].txt C:\Documents and Settings\Vilde\Cookies\vilde@questionmarket[2].txt C:\Documents and Settings\Vilde\Cookies\[email protected][2].txt C:\Documents and Settings\Vilde\Cookies\vilde@mediaplex[1].txt C:\Documents and Settings\Vilde\Cookies\[email protected][1].txt C:\Documents and Settings\Vilde\Cookies\[email protected][1].txt C:\Documents and Settings\Vilde\Cookies\vilde@2o7[2].txt C:\Documents and Settings\Vilde\Cookies\vilde@casalemedia[1].txt C:\Documents and Settings\Vilde\Cookies\vilde@windowsmedia[1].txt C:\Documents and Settings\Vilde\Cookies\vilde@tacoda[2].txt C:\Documents and Settings\Vilde\Cookies\[email protected][2].txt C:\Documents and Settings\Vilde\Cookies\vilde@serving-sys[2].txt C:\Documents and Settings\Vilde\Cookies\[email protected][1].txt C:\Documents and Settings\Vilde\Cookies\[email protected][2].txt C:\Documents and Settings\Vilde\Cookies\[email protected][1].txt C:\Documents and Settings\Vilde\Cookies\vilde@advertising[2].txt C:\Documents and Settings\Vilde\Cookies\[email protected][1].txt C:\Documents and Settings\Vilde\Cookies\[email protected][3].txt C:\Documents and Settings\Vilde\Cookies\vilde@tradedoubler[3].txt C:\Documents and Settings\Vilde\Cookies\[email protected][3].txt C:\Documents and Settings\Vilde\Cookies\vilde@seventeen[3].txt C:\Documents and Settings\Vilde\Cookies\vilde@fastclick[3].txt C:\Documents and Settings\Vilde\Cookies\[email protected][1].txt C:\Documents and Settings\Vilde\Cookies\[email protected][2].txt C:\Documents and Settings\Andrine\Cookies\andrine@hitbox[2].txt C:\Documents and Settings\Andrine\Cookies\andrine@2o7[1].txt C:\Documents and Settings\Andrine\Cookies\andrine@mediaplex[2].txt C:\Documents and Settings\Andrine\Cookies\andrine@advertising[2].txt C:\Documents and Settings\Andrine\Cookies\andrine@2o7[2].txt C:\Documents and Settings\Andrine\Cookies\[email protected][2].txt C:\Documents and Settings\Andrine\Cookies\andrine@hitbox[1].txt C:\Documents and Settings\Andrine\Cookies\[email protected][2].txt C:\Documents and Settings\Andrine\Cookies\[email protected][2].txt C:\Documents and Settings\Andrine\Cookies\andrine@tribalfusion[1].txt C:\Documents and Settings\Andrine\Cookies\andrine@overture[1].txt C:\Documents and Settings\Andrine\Cookies\andrine@casalemedia[2].txt C:\Documents and Settings\Andrine\Cookies\andrine@fastclick[2].txt C:\Documents and Settings\Andrine\Cookies\andrine@statcounter[2].txt C:\Documents and Settings\Andrine\Cookies\[email protected][1].txt C:\Documents and Settings\Andrine\Cookies\andrine@hitbox[3].txt C:\Documents and Settings\Andrine\Cookies\[email protected][1].txt C:\Documents and Settings\Andrine\Cookies\[email protected][1].txt C:\Documents and Settings\Andrine\Cookies\[email protected][2].txt C:\Documents and Settings\Andrine\Cookies\[email protected][1].txt C:\Documents and Settings\Andrine\Cookies\[email protected][1].txt C:\Documents and Settings\Andrine\Cookies\andrine@tradedoubler[2].txt C:\Documents and Settings\Andrine\Cookies\[email protected][1].txt C:\Documents and Settings\Andrine\Cookies\andrine@adnetserver[1].txt C:\Documents and Settings\Andrine\Cookies\[email protected][2].txt C:\Documents and Settings\Andrine\Cookies\[email protected][2].txt C:\Documents and Settings\Andrine\Cookies\[email protected][2].txt C:\Documents and Settings\Andrine\Cookies\[email protected][1].txt C:\Documents and Settings\Andrine\Cookies\andrine@adtech[2].txt C:\Documents and Settings\Andrine\Cookies\[email protected][1].txt C:\Documents and Settings\Andrine\Cookies\andrine@adrevolver[1].txt C:\Documents and Settings\Andrine\Cookies\andrine@2o7[3].txt C:\Documents and Settings\Andrine\Cookies\[email protected][1].txt C:\Documents and Settings\Andrine\Cookies\andrine@fastclick[3].txt C:\Documents and Settings\Andrine\Cookies\andrine@screensavers[2].txt C:\Documents and Settings\Andrine\Cookies\[email protected][1].txt C:\Documents and Settings\Andrine\Cookies\andrine@casalemedia[3].txt C:\Documents and Settings\Andrine\Cookies\andrine@realmedia[2].txt C:\Documents and Settings\Andrine\Cookies\[email protected][1].txt C:\Documents and Settings\Andrine\Cookies\andrine@statcounter[1].txt C:\Documents and Settings\Andrine\Cookies\[email protected][1].txt C:\Documents and Settings\Andrine\Cookies\andrine@tacoda[1].txt C:\Documents and Settings\Andrine\Cookies\[email protected][2].txt C:\Documents and Settings\Andrine\Cookies\[email protected][3].txt C:\Documents and Settings\Andrine\Cookies\andrine@focalex[2].txt C:\Documents and Settings\Andrine\Cookies\andrine@tradedoubler[1].txt C:\Documents and Settings\Andrine\Cookies\[email protected][1].txt C:\Documents and Settings\Andrine\Cookies\[email protected][1].txt C:\Documents and Settings\Andrine\Cookies\[email protected][1].txt C:\Documents and Settings\Andrine\Cookies\[email protected][1].txt C:\Documents and Settings\Andrine\Cookies\[email protected][1].txt C:\Documents and Settings\Andrine\Cookies\andrine@doubleclick[1].txt C:\Documents and Settings\Andrine\Cookies\[email protected][1].txt C:\Documents and Settings\Andrine\Cookies\[email protected][1].txt C:\Documents and Settings\Andrine\Cookies\andrine@partyfriendfinder[1].txt C:\Documents and Settings\Andrine\Cookies\andrine@atdmt[2].txt C:\Documents and Settings\Andrine\Cookies\andrine@clickbank[1].txt C:\Documents and Settings\Andrine\Cookies\[email protected][2].txt C:\Documents and Settings\Andrine\Cookies\[email protected][1].txt C:\Documents and Settings\Andrine\Cookies\[email protected][2].txt C:\Documents and Settings\Andrine\Cookies\[email protected][1].txt C:\Documents and Settings\Andrine\Cookies\[email protected][2].txt C:\Documents and Settings\Andrine\Cookies\[email protected][3].txt C:\Documents and Settings\Andrine\Cookies\[email protected][1].txt C:\Documents and Settings\Andrine\Cookies\andrine@xiti[1].txt C:\Documents and Settings\Andrine\Cookies\[email protected][1].txt C:\Documents and Settings\Andrine\Cookies\[email protected][1].txt C:\Documents and Settings\Andrine\Cookies\[email protected][3].txt C:\Documents and Settings\Andrine\Cookies\andrine@advertising[3].txt C:\Documents and Settings\Andrine\Cookies\[email protected][1].txt C:\Documents and Settings\Andrine\Cookies\[email protected][1].txt C:\Documents and Settings\Andrine\Cookies\andrine@serving-sys[2].txt C:\Documents and Settings\Andrine\Cookies\[email protected][1].txt C:\Documents and Settings\Andrine\Cookies\[email protected][2].txt C:\Documents and Settings\Andrine\Cookies\[email protected][1].txt C:\Documents and Settings\Andrine\Cookies\[email protected][2].txt C:\Documents and Settings\Andrine\Cookies\[email protected][2].txt C:\Documents and Settings\Andrine\Cookies\andrine@fastclick[1].txt C:\Documents and Settings\Andrine\Cookies\andrine@revenue[2].txt C:\Documents and Settings\Andrine\Cookies\andrine@advertising[4].txt C:\Documents and Settings\Andrine\Cookies\[email protected][4].txt C:\Documents and Settings\Andrine\Cookies\andrine@smileycentral[2].txt C:\Documents and Settings\Andrine\Cookies\andrine@serving-sys[1].txt C:\Documents and Settings\Andrine\Cookies\[email protected][1].txt C:\Documents and Settings\Andrine\Cookies\[email protected][3].txt C:\Documents and Settings\Andrine\Cookies\[email protected][1].txt C:\Documents and Settings\Andrine\Cookies\andrine@zedo[1].txt C:\Documents and Settings\Andrine\Cookies\[email protected][3].txt C:\Documents and Settings\Andrine\Cookies\andrine@advertising[1].txt C:\Documents and Settings\Andrine\Cookies\andrine@tribalfusion[3].txt C:\Documents and Settings\Andrine\Cookies\[email protected][3].txt C:\Documents and Settings\Andrine\Cookies\[email protected][1].txt C:\Documents and Settings\Andrine\Cookies\[email protected][2].txt C:\Documents and Settings\Andrine\Cookies\andrine@hitbox[4].txt C:\Documents and Settings\Andrine\Cookies\[email protected][3].txt C:\Documents and Settings\Andrine\Cookies\andrine@casalemedia[1].txt C:\Documents and Settings\Andrine\Cookies\andrine@fastclick[4].txt C:\Documents and Settings\Andrine\Cookies\[email protected][1].txt C:\Documents and Settings\Andrine\Cookies\andrine@tacoda[2].txt C:\Documents and Settings\Andrine\Cookies\andrine@burstnet[2].txt C:\Documents and Settings\Andrine\Cookies\[email protected][2].txt C:\Documents and Settings\Andrine\Cookies\andrine@apmebf[1].txt C:\Documents and Settings\Andrine\Cookies\[email protected][4].txt C:\Documents and Settings\Andrine\Cookies\andrine@indextools[2].txt C:\Documents and Settings\Andrine\Cookies\[email protected][4].txt C:\Documents and Settings\Andrine\Cookies\[email protected][1].txt C:\Documents and Settings\Andrine\Cookies\[email protected][2].txt C:\Documents and Settings\Andrine\Cookies\[email protected][3].txt C:\Documents and Settings\Andrine\Cookies\andrine@tradedoubler[3].txt C:\Documents and Settings\Andrine\Cookies\[email protected][2].txt C:\Documents and Settings\Andrine\Cookies\andrine@specificclick[2].txt C:\Documents and Settings\Andrine\Cookies\[email protected][3].txt C:\Documents and Settings\Andrine\Cookies\andrine@pacificpoker[2].txt C:\Documents and Settings\Andrine\Cookies\[email protected][2].txt C:\Documents and Settings\Andrine\Cookies\andrine@smileycentral[1].txt C:\Documents and Settings\Andrine\Cookies\[email protected][2].txt C:\Documents and Settings\Andrine\Cookies\[email protected][1].txt C:\Documents and Settings\Andrine\Cookies\andrine@tribalfusion[2].txt C:\Documents and Settings\Andrine\Cookies\[email protected][4].txt C:\Documents and Settings\Andrine\Cookies\[email protected][1].txt C:\Documents and Settings\Andrine\Cookies\andrine@adinterax[2].txt C:\Documents and Settings\Andrine\Cookies\andrine@atwola[1].txt C:\Documents and Settings\Andrine\Cookies\[email protected][1].txt C:\Documents and Settings\Andrine\Cookies\andrine@revsci[1].txt C:\Documents and Settings\Andrine\Cookies\andrine@valueclick[1].txt C:\Documents and Settings\Andrine\Cookies\andrine@adbrite[2].txt C:\Documents and Settings\Andrine\Cookies\[email protected][1].txt C:\Documents and Settings\Andrine\Cookies\[email protected][1].txt C:\Documents and Settings\Andrine\Cookies\andrine@specificclick[3].txt C:\Documents and Settings\Andrine\Cookies\andrine@2o7[4].txt C:\Documents and Settings\Andrine\Cookies\[email protected][5].txt C:\Documents and Settings\Andrine\Cookies\[email protected][1].txt C:\Documents and Settings\Andrine\Cookies\andrine@precisionclick[2].txt C:\Documents and Settings\Andrine\Cookies\[email protected][3].txt C:\Documents and Settings\Andrine\Cookies\andrine@tribalfusion[4].txt C:\Documents and Settings\Andrine\Cookies\andrine@casalemedia[4].txt C:\Documents and Settings\Andrine\Cookies\andrine@pro-market[2].txt C:\Documents and Settings\Andrine\Cookies\[email protected][1].txt C:\Documents and Settings\Andrine\Cookies\[email protected][3].txt C:\Documents and Settings\Andrine\Cookies\[email protected][2].txt C:\Documents and Settings\Andrine\Cookies\andrine@pacificpoker[1].txt C:\Documents and Settings\Andrine\Cookies\[email protected][5].txt C:\Documents and Settings\Andrine\Cookies\andrine@partypoker[1].txt C:\Documents and Settings\Andrine\Cookies\andrine@overture[3].txt C:\Documents and Settings\Andrine\Cookies\[email protected][3].txt C:\Documents and Settings\Andrine\Cookies\[email protected][5].txt C:\Documents and Settings\Andrine\Cookies\[email protected][3].txt C:\Documents and Settings\Andrine\Cookies\andrine@questionmarket[1].txt C:\Documents and Settings\Andrine\Cookies\[email protected][1].txt C:\Documents and Settings\Andrine\Cookies\[email protected][1].txt C:\Documents and Settings\Andrine\Cookies\[email protected][1].txt C:\Documents and Settings\Andrine\Cookies\andrine@hitbox[6].txt C:\Documents and Settings\Andrine\Cookies\[email protected][5].txt C:\Documents and Settings\Andrine\Cookies\[email protected][3].txt C:\Documents and Settings\Andrine\Cookies\andrine@adultfriendfinder[1].txt C:\Documents and Settings\Andrine\Cookies\andrine@searchfeed[1].txt C:\Documents and Settings\Andrine\Cookies\[email protected][1].txt C:\Documents and Settings\Andrine\Cookies\[email protected][5].txt C:\Documents and Settings\Andrine\Cookies\[email protected][1].txt C:\Documents and Settings\Andrine\Cookies\[email protected][1].txt C:\Documents and Settings\Andrine\Cookies\[email protected][2].txt C:\Documents and Settings\Andrine\Cookies\andrine@indextools[1].txt C:\Documents and Settings\Andrine\Cookies\andrine@toplist[1].txt C:\Documents and Settings\Andrine\Cookies\[email protected][1].txt C:\Documents and Settings\Andrine\Cookies\[email protected][2].txt C:\Documents and Settings\Andrine\Cookies\[email protected][4].txt C:\Documents and Settings\Andrine\Cookies\andrine@advertising[5].txt C:\Documents and Settings\Andrine\Cookies\andrine@tradedoubler[4].txt C:\Documents and Settings\Andrine\Cookies\[email protected][3].txt C:\Documents and Settings\Andrine\Cookies\[email protected][6].txt [\skjul] Klikk for å se/fjerne innholdet nedenfor Lenke til kommentar
norbat Skrevet 15. august 2008 Del Skrevet 15. august 2008 Det er bare noe smårusk igjen. Før vi evt. tar disse manuelt, så gjør du følgende: Punkt 1: Last ned Malwarebytes Anti-Malware (MBAM) til skrivebordet. Kjør og installer programmet. Velg Norsk-språk La programmet oppdatere seg og velg å kjør en 'hurtig systemscan', klikk Skann. Det kommer en meldingsboks om at scannen er ferdig, klikk Ok Klikk på 'Vis resultat'-knappen.Hvis det er funnet malware, vil du nå se hva som er funnet. Klikk så på Fjern valgte -knappen for å fjerne malwaren som evt. ble funnet. Det vil deretter åpnes en logg i notisblokk. Den kopiere du og poster senere. Punkt 2: Kjør combofix på ny og post loggen sammen med loggen fra MBAM Lenke til kommentar
Linkage Skrevet 15. august 2008 Forfatter Del Skrevet 15. august 2008 Ok, her er nye MBAM og Combofix logger. MBAM Klikk for å se/fjerne innholdet nedenfor Malwarebytes' Anti-Malware 1.24Database versjon: 1056 Windows 5.1.2600 Service Pack 2 23:38:43 15.08.2008 mbam-log-8-15-2008 (23-38-43).txt Skanntype: Rask Skann Objekter skannet: 54519 Tid tilbakelagt: 6 minute(s), 39 second(s) Minneprosesser infisert: 0 Minnemoduler infisert: 0 Registernøkler infisert: 0 Registerverdier infisert: 2 Registerfiler infisert: 0 Mapper infisert: 0 Filer infisert: 2 Minneprosesser infisert: (Ingen mistenkelige filer funnet) Minnemoduler infisert: (Ingen mistenkelige filer funnet) Registernøkler infisert: (Ingen mistenkelige filer funnet) Registerverdier infisert: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow\host-domain-lookup.com (Malware.Trace) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow\www.host-domain-lookup.com (Malware.Trace) -> Quarantined and deleted successfully. Registerfiler infisert: (Ingen mistenkelige filer funnet) Mapper infisert: (Ingen mistenkelige filer funnet) Filer infisert: C:\WINDOWS\system32\clkcnt.txt (Trojan.Vundo) -> Quarantined and deleted successfully. C:\Documents and Settings\Petter\Programdata\Microsoft\Internet Explorer\Quick Launch\AntiSpywareExpert.lnk (Rogue.Antispyware) -> Quarantined and deleted successfully. [\skjul] Combofix Klikk for å se/fjerne innholdet nedenfor ComboFix 08-08-14.05 - Petter 2008-08-15 23:40:06.2 - FAT32x86Microsoft Windows XP Professional 5.1.2600.2.1252.47.1044.18.511 [GMT 2:00] Running from: C:\Documents and Settings\Petter\Mine dokumenter\harry\ComboFix.exe WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((( Files Created from 2008-07-15 to 2008-08-15 ))))))))))))))))))))))))))))))) . 2008-08-15 23:31 . 2008-08-15 23:31 <DIR> d-------- C:\Programfiler\Malwarebytes' Anti-Malware 2008-08-15 23:31 . 2008-08-15 23:31 <DIR> d-------- C:\Documents and Settings\Petter\Programdata\Malwarebytes 2008-08-15 23:31 . 2008-08-15 23:31 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Malwarebytes 2008-08-15 23:31 . 2008-07-30 20:07 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys 2008-08-15 23:31 . 2008-07-30 20:07 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys 2008-08-15 19:59 . 2008-08-15 19:59 <DIR> d-------- C:\Programfiler\SUPERAntiSpyware 2008-08-15 19:59 . 2008-08-15 19:59 <DIR> d-------- C:\Documents and Settings\Petter\Programdata\SUPERAntiSpyware.com 2008-08-15 19:59 . 2008-08-15 19:59 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\SUPERAntiSpyware.com 2008-08-15 19:57 . 2008-08-15 19:57 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Yahoo! Companion 2008-08-15 19:53 . 2008-08-15 19:53 <DIR> dr-h----- C:\Documents and Settings\Petter\Siste 2008-08-15 19:52 . 2008-08-15 19:52 <DIR> d-------- C:\Programfiler\Yahoo! 2008-08-15 19:44 . 2004-08-04 20:00 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys 2008-08-15 19:44 . 2004-08-04 20:00 9,600 --a------ C:\WINDOWS\system32\dllcache\hidusb.sys 2008-08-12 17:11 . 2008-08-12 17:11 <DIR> d--hs---- C:\FOUND.075 2008-08-11 21:09 . 2008-08-15 19:12 54,156 --ah----- C:\WINDOWS\QTFont.qfn 2008-08-11 21:09 . 2008-08-11 21:09 1,409 --a------ C:\WINDOWS\QTFont.for 2008-08-10 19:24 . 2008-08-10 19:24 <DIR> d--hs---- C:\FOUND.074 2008-07-27 11:44 . 2008-08-02 16:07 414 ---hs---- C:\WINDOWS\system32\hhewdogv.ini . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-07-08 14:09 --------- d-----w C:\Programfiler\Mindscape 2008-07-07 20:33 253,952 ----a-w C:\WINDOWS\system32\es.dll 2008-07-07 20:33 253,952 ----a-w C:\WINDOWS\system32\dllcache\es.dll 2008-06-24 16:24 74,240 ----a-w C:\WINDOWS\system32\mscms.dll 2008-06-24 16:24 74,240 ----a-w C:\WINDOWS\system32\dllcache\mscms.dll 2008-06-24 08:57 3,592,192 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll 2008-06-23 09:23 70,656 ----a-w C:\WINDOWS\system32\dllcache\ie4uinit.exe 2008-06-23 09:23 625,664 ----a-w C:\WINDOWS\system32\dllcache\iexplore.exe 2008-06-23 09:20 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe 2008-06-21 09:17 805 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF 2008-06-21 09:17 60,800 ----a-w C:\WINDOWS\system32\S32EVNT1.DLL 2008-06-21 09:17 123,952 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.SYS 2008-06-21 09:17 10,671 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT 2008-06-21 05:23 161,792 ----a-w C:\WINDOWS\system32\dllcache\ieakui.dll 2008-06-20 17:43 246,784 ----a-w C:\WINDOWS\system32\mswsock.dll 2008-06-20 17:43 246,784 ----a-w C:\WINDOWS\system32\dllcache\mswsock.dll 2008-06-20 17:43 148,992 ----a-w C:\WINDOWS\system32\dllcache\dnsapi.dll 2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys 2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\dllcache\tcpip.sys 2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys 2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\dllcache\afd.sys 2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys 2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\dllcache\tcpip6.sys 2008-06-14 18:00 272,256 ------w C:\WINDOWS\system32\dllcache\bthport.sys 2008-05-19 12:44 94,208 ----a-w C:\WINDOWS\DUMP4286.tmp 2008-05-19 12:39 94,208 ----a-w C:\WINDOWS\DUMP8760.tmp 2007-08-02 16:13 20 ---h--w C:\Documents and Settings\All Users\Programdata\PKP_DLec.DAT 2007-11-08 15:05 3,766 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys 2007-11-08 15:05 56 --sh--r C:\WINDOWS\system32\90BE820EF0.sys . ((((((((((((((((((((((((((((( snapshot@2008-08-15_21.27.49.50 ))))))))))))))))))))))))))))))))))))))))) . + 2008-04-23 04:22:22 124,928 ------w C:\WINDOWS\ie7updates\KB953838-IE7\advpack.dll + 2008-04-23 04:22:22 347,136 ------w C:\WINDOWS\ie7updates\KB953838-IE7\dxtmsft.dll + 2008-04-23 04:22:22 214,528 ------w C:\WINDOWS\ie7updates\KB953838-IE7\dxtrans.dll + 2008-04-23 04:22:22 133,120 ------w C:\WINDOWS\ie7updates\KB953838-IE7\extmgr.dll + 2008-04-23 04:22:22 63,488 ------w C:\WINDOWS\ie7updates\KB953838-IE7\icardie.dll + 2008-04-22 07:43:26 70,656 ------w C:\WINDOWS\ie7updates\KB953838-IE7\ie4uinit.exe + 2008-04-23 04:22:22 153,088 ------w C:\WINDOWS\ie7updates\KB953838-IE7\ieakeng.dll + 2008-04-23 04:22:22 230,400 ------w C:\WINDOWS\ie7updates\KB953838-IE7\ieaksie.dll + 2008-04-20 05:07:52 161,792 ------w C:\WINDOWS\ie7updates\KB953838-IE7\ieakui.dll + 2008-04-23 04:22:22 383,488 ------w C:\WINDOWS\ie7updates\KB953838-IE7\ieapfltr.dll + 2008-04-23 04:22:22 384,512 ------w C:\WINDOWS\ie7updates\KB953838-IE7\iedkcs32.dll + 2008-04-23 04:22:24 6,066,176 ------w C:\WINDOWS\ie7updates\KB953838-IE7\ieframe.dll + 2008-04-23 04:22:24 44,544 ------w C:\WINDOWS\ie7updates\KB953838-IE7\iernonce.dll + 2008-04-23 04:22:24 267,776 ------w C:\WINDOWS\ie7updates\KB953838-IE7\iertutil.dll + 2008-04-22 07:39:58 13,824 ------w C:\WINDOWS\ie7updates\KB953838-IE7\ieudinit.exe + 2008-04-22 07:43:46 625,664 ------w C:\WINDOWS\ie7updates\KB953838-IE7\iexplore.exe + 2008-04-23 04:22:24 27,648 ------w C:\WINDOWS\ie7updates\KB953838-IE7\jsproxy.dll + 2008-04-23 04:22:24 459,264 ------w C:\WINDOWS\ie7updates\KB953838-IE7\msfeeds.dll + 2008-04-23 04:22:24 52,224 ------w C:\WINDOWS\ie7updates\KB953838-IE7\msfeedsbs.dll + 2008-04-23 20:22:24 3,591,680 ------w C:\WINDOWS\ie7updates\KB953838-IE7\mshtml.dll + 2008-04-23 04:22:24 478,208 ------w C:\WINDOWS\ie7updates\KB953838-IE7\mshtmled.dll + 2008-04-23 04:22:24 193,024 ------w C:\WINDOWS\ie7updates\KB953838-IE7\msrating.dll + 2008-04-23 04:22:24 671,232 ------w C:\WINDOWS\ie7updates\KB953838-IE7\mstime.dll + 2008-04-23 04:22:24 102,912 ------w C:\WINDOWS\ie7updates\KB953838-IE7\occache.dll + 2008-04-23 04:22:24 44,544 ------w C:\WINDOWS\ie7updates\KB953838-IE7\pngfilt.dll + 2007-03-06 02:01:52 214,752 ------w C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe + 2007-03-06 02:03:02 374,496 ------w C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\updspapi.dll + 2008-04-23 04:22:24 105,984 ------w C:\WINDOWS\ie7updates\KB953838-IE7\url.dll + 2008-04-23 04:22:24 1,159,680 ------w C:\WINDOWS\ie7updates\KB953838-IE7\urlmon.dll + 2008-04-23 04:22:24 233,472 ------w C:\WINDOWS\ie7updates\KB953838-IE7\webcheck.dll + 2008-04-23 04:22:24 826,368 ------w C:\WINDOWS\ie7updates\KB953838-IE7\wininet.dll + 2007-05-10 08:11:42 1,767,256 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109020090400000000000F01FEC\12.0.6021\PPCNV.DLL + 2007-03-21 17:00:06 72,096 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109020090400000000000F01FEC\12.0.6021\PXBCOM.EXE + 2007-05-31 11:35:22 6,420,320 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\4140211900063D11C8EF10054038389C\11.0.8173\POWERPNT.EXE - 2008-06-10 20:07:02 38,240 ----a-r C:\WINDOWS\Installer\{90120000-0020-0409-0000-0000000FF1CE}\O12ConvIcon.exe + 2008-08-15 20:56:14 38,240 ----a-r C:\WINDOWS\Installer\{90120000-0020-0409-0000-0000000FF1CE}\O12ConvIcon.exe - 2008-06-10 20:07:56 12,288 ----a-r C:\WINDOWS\Installer\{91120414-6000-11D3-8CFE-0150048383C9}\cagicon.exe + 2008-08-15 20:57:20 12,288 ----a-r C:\WINDOWS\Installer\{91120414-6000-11D3-8CFE-0150048383C9}\cagicon.exe - 2008-06-10 20:07:56 135,168 ----a-r C:\WINDOWS\Installer\{91120414-6000-11D3-8CFE-0150048383C9}\misc.exe + 2008-08-15 20:57:20 135,168 ----a-r C:\WINDOWS\Installer\{91120414-6000-11D3-8CFE-0150048383C9}\misc.exe - 2008-06-10 20:07:56 11,264 ----a-r C:\WINDOWS\Installer\{91120414-6000-11D3-8CFE-0150048383C9}\mspicons.exe + 2008-08-15 20:57:20 11,264 ----a-r C:\WINDOWS\Installer\{91120414-6000-11D3-8CFE-0150048383C9}\mspicons.exe - 2008-06-10 20:07:56 27,136 ----a-r C:\WINDOWS\Installer\{91120414-6000-11D3-8CFE-0150048383C9}\oisicon.exe + 2008-08-15 20:57:20 27,136 ----a-r C:\WINDOWS\Installer\{91120414-6000-11D3-8CFE-0150048383C9}\oisicon.exe - 2008-06-10 20:07:56 4,096 ----a-r C:\WINDOWS\Installer\{91120414-6000-11D3-8CFE-0150048383C9}\opwicon.exe + 2008-08-15 20:57:20 4,096 ----a-r C:\WINDOWS\Installer\{91120414-6000-11D3-8CFE-0150048383C9}\opwicon.exe - 2008-06-10 20:07:56 794,624 ----a-r C:\WINDOWS\Installer\{91120414-6000-11D3-8CFE-0150048383C9}\outicon.exe + 2008-08-15 20:57:20 794,624 ----a-r C:\WINDOWS\Installer\{91120414-6000-11D3-8CFE-0150048383C9}\outicon.exe - 2008-06-10 20:07:56 249,856 ----a-r C:\WINDOWS\Installer\{91120414-6000-11D3-8CFE-0150048383C9}\pptico.exe + 2008-08-15 20:57:20 249,856 ----a-r C:\WINDOWS\Installer\{91120414-6000-11D3-8CFE-0150048383C9}\pptico.exe - 2008-06-10 20:07:56 23,040 ----a-r C:\WINDOWS\Installer\{91120414-6000-11D3-8CFE-0150048383C9}\unbndico.exe + 2008-08-15 20:57:20 23,040 ----a-r C:\WINDOWS\Installer\{91120414-6000-11D3-8CFE-0150048383C9}\unbndico.exe - 2008-06-10 20:07:56 286,720 ----a-r C:\WINDOWS\Installer\{91120414-6000-11D3-8CFE-0150048383C9}\wordicon.exe + 2008-08-15 20:57:20 286,720 ----a-r C:\WINDOWS\Installer\{91120414-6000-11D3-8CFE-0150048383C9}\wordicon.exe - 2008-06-10 20:07:56 409,600 ----a-r C:\WINDOWS\Installer\{91120414-6000-11D3-8CFE-0150048383C9}\xlicons.exe + 2008-08-15 20:57:20 409,600 ----a-r C:\WINDOWS\Installer\{91120414-6000-11D3-8CFE-0150048383C9}\xlicons.exe - 2008-04-23 04:22:22 124,928 ----a-w C:\WINDOWS\system32\advpack.dll + 2008-06-23 16:57:26 124,928 ----a-w C:\WINDOWS\system32\advpack.dll - 2008-04-23 04:22:22 124,928 ----a-w C:\WINDOWS\system32\dllcache\advpack.dll + 2008-06-23 16:57:26 124,928 ----a-w C:\WINDOWS\system32\dllcache\advpack.dll - 2008-04-23 04:22:22 347,136 ----a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll + 2008-06-23 16:57:26 347,136 ----a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll - 2008-04-23 04:22:22 214,528 ----a-w C:\WINDOWS\system32\dllcache\dxtrans.dll + 2008-06-23 16:57:26 214,528 ----a-w C:\WINDOWS\system32\dllcache\dxtrans.dll - 2008-04-23 04:22:22 133,120 ----a-w C:\WINDOWS\system32\dllcache\extmgr.dll + 2008-06-23 16:57:26 133,120 ----a-w C:\WINDOWS\system32\dllcache\extmgr.dll - 2008-04-23 04:22:22 63,488 ------w C:\WINDOWS\system32\dllcache\icardie.dll + 2008-06-23 16:57:26 63,488 ------w C:\WINDOWS\system32\dllcache\icardie.dll - 2008-04-23 04:22:22 153,088 ----a-w C:\WINDOWS\system32\dllcache\ieakeng.dll + 2008-06-23 16:57:28 153,088 ----a-w C:\WINDOWS\system32\dllcache\ieakeng.dll - 2008-04-23 04:22:22 230,400 ----a-w C:\WINDOWS\system32\dllcache\ieaksie.dll + 2008-06-23 16:57:28 230,400 ----a-w C:\WINDOWS\system32\dllcache\ieaksie.dll - 2008-04-23 04:22:22 383,488 ------w C:\WINDOWS\system32\dllcache\ieapfltr.dll + 2008-06-23 16:57:28 383,488 ------w C:\WINDOWS\system32\dllcache\ieapfltr.dll - 2008-04-23 04:22:22 384,512 ----a-w C:\WINDOWS\system32\dllcache\iedkcs32.dll + 2008-06-23 16:57:28 384,512 ----a-w C:\WINDOWS\system32\dllcache\iedkcs32.dll - 2008-04-23 04:22:24 6,066,176 ------w C:\WINDOWS\system32\dllcache\ieframe.dll + 2008-06-23 16:57:32 6,066,176 ------w C:\WINDOWS\system32\dllcache\ieframe.dll - 2008-04-23 04:22:24 44,544 ----a-w C:\WINDOWS\system32\dllcache\iernonce.dll + 2008-06-23 16:57:32 44,544 ----a-w C:\WINDOWS\system32\dllcache\iernonce.dll - 2008-04-23 04:22:24 267,776 ------w C:\WINDOWS\system32\dllcache\iertutil.dll + 2008-06-23 16:57:32 267,776 ------w C:\WINDOWS\system32\dllcache\iertutil.dll - 2007-08-21 06:18:26 683,520 ----a-w C:\WINDOWS\system32\dllcache\inetcomm.dll + 2008-04-11 18:52:26 683,520 ----a-w C:\WINDOWS\system32\dllcache\inetcomm.dll - 2008-04-23 04:22:24 27,648 ----a-w C:\WINDOWS\system32\dllcache\jsproxy.dll + 2008-06-23 16:57:34 27,648 ----a-w C:\WINDOWS\system32\dllcache\jsproxy.dll - 2004-08-04 18:00:00 331,776 ----a-w C:\WINDOWS\system32\dllcache\msadce.dll + 2008-05-01 14:34:30 331,776 ----a-w C:\WINDOWS\system32\dllcache\msadce.dll - 2008-04-23 04:22:24 459,264 ------w C:\WINDOWS\system32\dllcache\msfeeds.dll + 2008-06-23 16:57:34 459,264 ------w C:\WINDOWS\system32\dllcache\msfeeds.dll - 2008-04-23 04:22:24 52,224 ------w C:\WINDOWS\system32\dllcache\msfeedsbs.dll + 2008-06-23 16:57:34 52,224 ------w C:\WINDOWS\system32\dllcache\msfeedsbs.dll - 2008-04-23 04:22:24 478,208 ----a-w C:\WINDOWS\system32\dllcache\mshtmled.dll + 2008-06-23 16:57:38 477,696 ----a-w C:\WINDOWS\system32\dllcache\mshtmled.dll - 2008-04-23 04:22:24 193,024 ----a-w C:\WINDOWS\system32\dllcache\msrating.dll + 2008-06-23 16:57:38 193,024 ----a-w C:\WINDOWS\system32\dllcache\msrating.dll - 2008-04-23 04:22:24 671,232 ----a-w C:\WINDOWS\system32\dllcache\mstime.dll + 2008-06-23 16:57:38 671,232 ----a-w C:\WINDOWS\system32\dllcache\mstime.dll - 2008-04-23 04:22:24 102,912 ----a-w C:\WINDOWS\system32\dllcache\occache.dll + 2008-06-23 16:57:40 102,912 ----a-w C:\WINDOWS\system32\dllcache\occache.dll - 2008-04-23 04:22:24 44,544 ----a-w C:\WINDOWS\system32\dllcache\pngfilt.dll + 2008-06-23 16:57:40 44,544 ----a-w C:\WINDOWS\system32\dllcache\pngfilt.dll - 2008-04-23 04:22:24 105,984 ----a-w C:\WINDOWS\system32\dllcache\url.dll + 2008-06-23 16:57:40 105,984 ----a-w C:\WINDOWS\system32\dllcache\url.dll - 2008-04-23 04:22:24 1,159,680 ----a-w C:\WINDOWS\system32\dllcache\urlmon.dll + 2008-06-23 16:57:40 1,159,680 ----a-w C:\WINDOWS\system32\dllcache\urlmon.dll - 2008-04-23 04:22:24 233,472 ----a-w C:\WINDOWS\system32\dllcache\webcheck.dll + 2008-06-23 16:57:40 233,472 ----a-w C:\WINDOWS\system32\dllcache\webcheck.dll - 2008-04-23 04:22:24 826,368 ----a-w C:\WINDOWS\system32\dllcache\wininet.dll + 2008-06-23 16:57:40 826,368 ----a-w C:\WINDOWS\system32\dllcache\wininet.dll - 2008-02-20 05:39:06 148,992 ----a-w C:\WINDOWS\system32\dnsapi.dll + 2008-06-20 17:43:14 148,992 ----a-w C:\WINDOWS\system32\dnsapi.dll - 2008-04-14 15:54:26 272,256 ------w C:\WINDOWS\system32\drivers\bthport.sys + 2008-06-14 18:00:44 272,256 ------w C:\WINDOWS\system32\drivers\bthport.sys - 2008-04-23 04:22:22 347,136 ----a-w C:\WINDOWS\system32\dxtmsft.dll + 2008-06-23 16:57:26 347,136 ----a-w C:\WINDOWS\system32\dxtmsft.dll - 2008-04-23 04:22:22 214,528 ----a-w C:\WINDOWS\system32\dxtrans.dll + 2008-06-23 16:57:26 214,528 ----a-w C:\WINDOWS\system32\dxtrans.dll - 2008-04-23 04:22:22 133,120 ----a-w C:\WINDOWS\system32\extmgr.dll + 2008-06-23 16:57:26 133,120 ----a-w C:\WINDOWS\system32\extmgr.dll - 2008-04-23 04:22:22 63,488 ----a-w C:\WINDOWS\system32\icardie.dll + 2008-06-23 16:57:26 63,488 ----a-w C:\WINDOWS\system32\icardie.dll - 2008-04-22 07:43:26 70,656 ----a-w C:\WINDOWS\system32\ie4uinit.exe + 2008-06-23 09:23:00 70,656 ----a-w C:\WINDOWS\system32\ie4uinit.exe - 2008-04-23 04:22:22 153,088 ----a-w C:\WINDOWS\system32\ieakeng.dll + 2008-06-23 16:57:28 153,088 ----a-w C:\WINDOWS\system32\ieakeng.dll - 2008-04-23 04:22:22 230,400 ----a-w C:\WINDOWS\system32\ieaksie.dll + 2008-06-23 16:57:28 230,400 ----a-w C:\WINDOWS\system32\ieaksie.dll - 2008-04-20 05:07:52 161,792 ----a-w C:\WINDOWS\system32\ieakui.dll + 2008-06-21 05:23:54 161,792 ----a-w C:\WINDOWS\system32\ieakui.dll - 2008-04-23 04:22:22 383,488 ----a-w C:\WINDOWS\system32\ieapfltr.dll + 2008-06-23 16:57:28 383,488 ----a-w C:\WINDOWS\system32\ieapfltr.dll - 2008-04-23 04:22:22 384,512 ----a-w C:\WINDOWS\system32\iedkcs32.dll + 2008-06-23 16:57:28 384,512 ----a-w C:\WINDOWS\system32\iedkcs32.dll - 2008-04-23 04:22:24 6,066,176 ----a-w C:\WINDOWS\system32\ieframe.dll + 2008-06-23 16:57:32 6,066,176 ----a-w C:\WINDOWS\system32\ieframe.dll - 2008-04-23 04:22:24 44,544 ----a-w C:\WINDOWS\system32\iernonce.dll + 2008-06-23 16:57:32 44,544 ----a-w C:\WINDOWS\system32\iernonce.dll - 2008-04-23 04:22:24 267,776 ----a-w C:\WINDOWS\system32\iertutil.dll + 2008-06-23 16:57:32 267,776 ----a-w C:\WINDOWS\system32\iertutil.dll - 2008-04-22 07:39:58 13,824 ----a-w C:\WINDOWS\system32\ieudinit.exe + 2008-06-23 09:20:26 13,824 ----a-w C:\WINDOWS\system32\ieudinit.exe - 2007-08-21 06:18:26 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll + 2008-04-11 18:52:26 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll - 2008-04-23 04:22:24 27,648 ----a-w C:\WINDOWS\system32\jsproxy.dll + 2008-06-23 16:57:34 27,648 ----a-w C:\WINDOWS\system32\jsproxy.dll - 2008-04-23 04:22:24 459,264 ----a-w C:\WINDOWS\system32\msfeeds.dll + 2008-06-23 16:57:34 459,264 ----a-w C:\WINDOWS\system32\msfeeds.dll - 2008-04-23 04:22:24 52,224 ----a-w C:\WINDOWS\system32\msfeedsbs.dll + 2008-06-23 16:57:34 52,224 ----a-w C:\WINDOWS\system32\msfeedsbs.dll - 2008-04-23 20:22:24 3,591,680 ----a-w C:\WINDOWS\system32\mshtml.dll + 2008-06-24 08:57:38 3,592,192 ----a-w C:\WINDOWS\system32\mshtml.dll - 2008-04-23 04:22:24 478,208 ----a-w C:\WINDOWS\system32\mshtmled.dll + 2008-06-23 16:57:38 477,696 ----a-w C:\WINDOWS\system32\mshtmled.dll - 2008-04-23 04:22:24 193,024 ----a-w C:\WINDOWS\system32\msrating.dll + 2008-06-23 16:57:38 193,024 ----a-w C:\WINDOWS\system32\msrating.dll - 2008-04-23 04:22:24 671,232 ----a-w C:\WINDOWS\system32\mstime.dll + 2008-06-23 16:57:38 671,232 ----a-w C:\WINDOWS\system32\mstime.dll - 2008-04-23 04:22:24 102,912 ----a-w C:\WINDOWS\system32\occache.dll + 2008-06-23 16:57:40 102,912 ----a-w C:\WINDOWS\system32\occache.dll - 2008-04-23 04:22:24 44,544 ----a-w C:\WINDOWS\system32\pngfilt.dll + 2008-06-23 16:57:40 44,544 ----a-w C:\WINDOWS\system32\pngfilt.dll - 2007-11-13 10:31:12 60,416 ------w C:\WINDOWS\system32\tzchange.exe + 2008-07-14 11:09:18 62,976 ------w C:\WINDOWS\system32\tzchange.exe - 2008-04-23 04:22:24 105,984 ----a-w C:\WINDOWS\system32\url.dll + 2008-06-23 16:57:40 105,984 ----a-w C:\WINDOWS\system32\url.dll - 2008-04-23 04:22:24 1,159,680 ----a-w C:\WINDOWS\system32\urlmon.dll + 2008-06-23 16:57:40 1,159,680 ----a-w C:\WINDOWS\system32\urlmon.dll - 2008-04-23 04:22:24 233,472 ----a-w C:\WINDOWS\system32\webcheck.dll + 2008-06-23 16:57:40 233,472 ----a-w C:\WINDOWS\system32\webcheck.dll - 2008-04-23 04:22:24 826,368 ----a-w C:\WINDOWS\system32\wininet.dll + 2008-06-23 16:57:40 826,368 ----a-w C:\WINDOWS\system32\wininet.dll . -- Snapshot reset to current date -- . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 20:00 15360] "msnmsgr"="C:\Programfiler\MSN Messenger\msnmsgr.exe" [2007-01-19 12:54 5674352] "swg"="C:\Programfiler\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-18 20:20 68856] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "LaunchApp"="Alaunch" [X] "SynTPLpr"="C:\Programfiler\Synaptics\SynTP\SynTPLpr.exe" [2005-11-02 00:11 102491] "SynTPEnh"="C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe" [2005-11-02 00:11 692315] "RemoteControl"="C:\Programfiler\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 20:24 32768] "IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 20:00 208952] "MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 20:00 59392] "PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 20:00 455168] "PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 20:00 455168] "eDataSecurity Loader"="C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2005-10-19 09:30 69632] "ePower_DMC"="C:\Acer\Empowering Technology\ePower\ePower_DMC.exe" [2006-01-17 18:28 344064] "Acer ePower Management"="C:\Acer\Empowering Technology\ePower\Acer ePower Management.exe" [2006-01-16 11:58 3080192] "LManager"="C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE" [2005-12-06 17:11 458752] "eRecoveryService"="C:\Acer\Empowering Technology\eRecovery\Monitor.exe" [2005-11-16 17:00 397312] "ADMTray.exe"="C:\Acer\Empowering Technology\admtray.exe" [2005-10-24 16:45 2462208] "ATICCC"="C:\Programfiler\ATI Technologies\ATI.ACE\cli.exe" [2005-08-12 14:43 45056] "ccApp"="C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe" [2006-04-12 11:30 53408] "TkBellExe"="C:\Programfiler\Fellesfiler\Real\Update_OB\realsched.exe" [2006-09-10 08:03 180269] "Google Desktop Search"="C:\Programfiler\Google\Google Desktop Search\GoogleDesktop.exe" [2007-09-01 20:31 1838592] "Adobe Photo Downloader"="C:\Programfiler\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 23:46 57344] "Symantec PIF AlertEng"="C:\Programfiler\Fellesfiler\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 18:30 517768] "EverioService"="C:\Programfiler\CyberLink\PCM4Everio\EverioService.exe" [2006-11-22 21:10 151552] "QuickTime Task"="C:\Programfiler\QuickTime\qttask.exe" [2008-01-10 15:27 385024] "SunJavaUpdateSched"="C:\Programfiler\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784] "Adobe Reader Speed Launcher"="C:\Programfiler\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792] "MATH DOES FIRST MODE"="C:\Documents and Settings\All Users\Programdata\live 64 math does\Surf Bags.exe" [2008-08-15 23:25 4909568] "RTHDCPL"="RTHDCPL.EXE" [2005-11-16 20:27 15600128 C:\WINDOWS\RTHDCPL.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 20:00 15360] C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\ BTTray.lnk - C:\Programfiler\WIDCOMM\Bluetooth Software\BTTray.exe [2005-12-02 14:30:42 618557] [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "C:\\Programfiler\\MSN Messenger\\MSNMSGR.EXE"= "C:\\Programfiler\\MSN Messenger\\livecall.exe"= "C:\\Programfiler\\LimeWire\\LimeWire.exe"= "C:\\Programfiler\\Messenger\\MSMSGS.EXE"= "C:\\Programfiler\\CyberLink\\PCM4Everio\\PCM4Everio.exe"= "C:\\Programfiler\\CyberLink\\PCM4Everio\\EverioService.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "1496:UDP"= 1496:UDP:Windows Media Format SDK (iexplore.exe) "1497:UDP"= 1497:UDP:Windows Media Format SDK (iexplore.exe) R1 OsaFsLoc;OsaFsLoc;C:\WINDOWS\system32\drivers\OsaFsLoc.sys [2005-10-15 18:20] R2 EpmPsd;Acer EPM Power Scheme Driver;C:\WINDOWS\system32\drivers\epm-psd.sys [2005-04-22 16:57] R2 EpmShd;Acer EPM System Hardware Driver;C:\WINDOWS\system32\drivers\epm-shd.sys [2005-04-22 16:57] R2 int15.sys;int15.sys;C:\Acer\Empowering Technology\eRecovery\int15.sys [2005-01-13 14:46] R2 osaio;osaio;C:\WINDOWS\system32\drivers\osaio.sys [2005-06-30 16:58] R2 osanbm;osanbm;C:\WINDOWS\system32\drivers\osanbm.sys [2005-01-14 15:57] R3 NdisFilt;OSA NdisFilter Protocol;C:\WINDOWS\system32\Drivers\NdisFilt.sys [2005-09-13 15:34] *Newly Created Service* - CATCHME *Newly Created Service* - INT15.SYS . Contents of the 'Scheduled Tasks' folder 2008-08-15 C:\WINDOWS\Tasks\Norton AntiVirus - Run Full System Scan - Baard.job - C:\PROGRA~1\NORTON~1\Navw32.exe [2007-05-23 12:13] 2008-05-15 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job - C:\Programfiler\Apple Software Update\SoftwareUpdate.exe [2007-08-29 14:57] . . ------- Supplementary Scan ------- . FireFox -: Profile - C:\Documents and Settings\Petter\Programdata\Mozilla\Firefox\Profiles\u59m1ngy.default\ ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-08-15 23:42:37 Windows 5.1.2600 Service Pack 2 FAT NTAPI scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2008-08-15 23:43:18 ComboFix-quarantined-files.txt 2008-08-15 21:43:14 ComboFix2.txt 2008-08-15 19:28:40 Pre-Run: 19,662,700,544 byte ledig Post-Run: 19,654,672,384 byte ledig 329 --- E O F --- 2008-08-15 20:57:20 [\skjul] Lenke til kommentar
norbat Skrevet 15. august 2008 Del Skrevet 15. august 2008 Gå til nettstedet Jotti og last opp følgende fil for sjekk: C:\WINDOWS\system32\hhewdogv.ini Start hjt, velg "Do a system scan only", sett merke framfor følgende linje og klikk Fix checked: O4 - HKLM\..\Run: [MATH DOES FIRST MODE] C:\Documents and Settings\All Users\Programdata\live 64 math does\Surf Bags.exe Trenger ingen ny hjt-logg, men gi tilbakemelding på om Jotti fant noe på fila du lastet opp Lenke til kommentar
Linkage Skrevet 15. august 2008 Forfatter Del Skrevet 15. august 2008 Har fjernet filen med HJT, og jotti fant ingen virus. Så betyr det at PCen er renset? Lenke til kommentar
norbat Skrevet 15. august 2008 Del Skrevet 15. august 2008 Pc'n skulle være malwarefri nå Lenke til kommentar
r2d290 Skrevet 15. august 2008 Del Skrevet 15. august 2008 Oppdatere Java: Du bør oppdatere Java Det er viktig å bruke den seneste versjonen av Java, siden tidligere versjoner kan inneholde sikkerhetshull som vil øke sansynligheten for at du blir infisert igjen. Det ser ut til at din verjson av Java er utdatert Oppdatere Java: Trykk på følgende link, og last ned nyeste versjon av Java:http://java.com/en/download/index.jsp [*]Gå til Start > Kontrollpanel > Legg til/fjern programmer. [*]Søk i listen over alle tidligere versjoner av Java (JRE, J2SE Runtime, J2RE osv.... ) Alle disse versjonene bør ha dette bildet foran: Velg alle du finner, og trykk på Fjern [*]Deretter installerer du den Java-versjonen som du lastet ned i starten. Fortell hvordan det gikk med oppdateringen, da problemer med oppdatering kan indikere flere malware på systemet ditt. Avinstallere Combofix Combofix må avinstalleres. Gå til Start > Kjør Skriv følgende i boksen: combofix /u PS: legg merke til mellomrommet mellom X og /u Trykk Enter. Denne kommandoen vil: Fjerne følgende:ComboFix og dets tilhørende filer og mapper. VundoFix backups, hvis de eksisterer. Mappen C:\Deckard, hvis den eksisterer Mappen C:\OtMoveIt, hvis den eksisterer [*] Nullstille klokke-instillingene. [*] Skjule filetternavn hvis det er nødvendig. [*] Skjule System/Skjulte filer og mapper hvis det er nødvendig. [*] Nullstille systemgjennoprettingspunkter. Avinstallere HijackThis Du kan avinstallere HijackThis: Start HijackThis, velg None of the above, just start the program. Så trykker du på Config>>Misc Tools>>Uninstall HijackThis & exit>>Ja/Yes. Programmet er nå avinstallert. MBAM bør du beholde, og scanne av og til. Men hvis du vil kvitte deg med det, gjør du det fra legg til/fjern programmer. Er problemet løst? Dersom du mener at problemet med maskinen din er løst, kan du endre emnetittelen din, ved å trykke på i førsteposten din, og velge full endring. Øverst der emnetittelen din er, skriver du: [LØST] foran emnetittelen din. Eks: [LØST] Har fått virus på maskinen Dette vil være med på å holde forumet mer oversiktlig for supporterne, samt at nye folk som får samme problemet lettere vil finne en passende tråd å se i. -Surf trygt- Lenke til kommentar
Linkage Skrevet 15. august 2008 Forfatter Del Skrevet 15. august 2008 (endret) Ok. Takk for hjelpen nok en gang Norbat. Og R2D290 Endret 15. august 2008 av Linkage Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå