[caroleella]

iexplore.exe holder spratt frem opp på min Oppgavebehandling, til tross for at jeg ikke bruker IE. Det gjør maskinen min treg, det er pop-ups, noen ganger er det ikke dukker opp, bare en stemme som sa "Gratulerer, du har vunnet ____" (så freaky), eller høres ut som en feil vindu vises eller noe å klikke når jeg er gjør ingenting og ingenting vises på skjermen (faktisk, dette gjør datamaskinen min lyd hjemsøkt! Haha anyway)

Logfile of Trend Micro HijackThis v2.0.2
Scan lagret på 9:12:42 PM, on 9/27/2008
Plattform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Kjører prosesser:
C: \ WINDOWS \ System32 \ smss.exe
C: \ WINDOWS \ system32 \ Winlogon.exe
C: \ WINDOWS \ system32 \ Services.exe
C: \ WINDOWS \ system32 \ Lsass.exe
C: \ WINDOWS \ system32 \ Svchost.exe
C: \ Programfiler \ Windows Defender \ MsMpEng.exe
C: \ WINDOWS \ system32 \ Svchost.exe
C: \ Programfiler \ Intel \ Wireless \ Bin \ EvtEng.exe
C: \ Programfiler \ Intel \ Wireless \ Bin \ S24EvMon.exe
C: \ Programfiler \ Intel \ Wireless \ Bin \ WLKeeper.exe
C: \ WINDOWS \ system32 \ LEXBCES.EXE
C: \ WINDOWS \ system32 \ Spoolsv.exe
C: \ WINDOWS \ system32 \ LEXPPS.EXE
C: \ Programfiler \ Fellesfiler \ AOL \ ACS \ AOLAcsd.exe
C: \ Programfiler \ Fellesfiler \ AOL \ TopSpeed \ 2.0 \ aoltsmon.exe
C: \ Programfiler \ Fellesfiler \ Apple \ Mobile Device Support \ bin \ AppleMobileDeviceService.exe
C: \ Programfiler \ PrevxCSI \ prevxcsi.exe
C: \ WINDOWS \ system32 \ dlcxcoms.exe
C: \ Programfiler \ PrevxCSI \ prevxcsi.exe
C: \ WINDOWS \ system32 \ Svchost.exe
C: \ Programfiler \ Fellesfiler \ Microsoft Shared \ VS7DEBUG \ MDM.EXE
C: \ Programfiler \ Dell \ QuickSet \ NICCONFIGSVC.exe
C: \ WINDOWS \ system32 \ nvsvc32.exe
C: \ Programfiler \ Intel \ Wireless \ Bin \ RegSrvc.exe
C: \ WINDOWS \ system32 \ rpcnet.exe
C: \ WINDOWS \ system32 \ Svchost.exe
C: \ Program Files \ Viewpoint \ Common \ ViewpointService.exe
C: \ Program Files \ Webroot \ Enterprise \ Spy Sweeper \ spysweeper.exe
C: \ Program Files \ Webroot \ Enterprise \ Spy Sweeper \ commagent.exe
C: \ WINDOWS \ Explorer.exe
C: \ WINDOWS \ system32 \ wscntfy.exe
C: \ Programfiler \ Dell \ QuickSet \ quickset.exe
C: \ WINDOWS \ system32 \ rundll32.exe
C: \ WINDOWS \ system32 \ spool \ drivers \ w32x86 \ 3 \ hpztsb0 3.exe
C: \ Programfiler \ iTunes \ iTunesHelper.exe
C: \ Programfiler \ Java \ jre1.6.0_07 \ bin \ jusched.exe
C: \ Programfiler \ Windows Defender \ MSASCui.exe
C: \ WINDOWS \ system32 \ Ctfmon.exe
C: \ Program Files \ Cisco Systems \ Clean Access Agent \ CCAAgent.exe
C: \ Programfiler \ iPod \ bin \ iPodService.exe
C: \ Program Files \ Viewpoint \ Viewpoint Manager \ ViewMgr.exe
C: \ WINDOWS \ system32 \ wuauclt.exe
C: \ WINDOWS \ system32 \ SJv56bM4.exe
C: \ Programfiler \ Mozilla Firefox \ firefox.exe
C: \ WINDOWS \ system32 \ Ctfmon.exe
C: \ Program Files \ ErrorSmart \ ErrorSmart.exe
C: \ Program Files \ \ AOL \ 1155864818 \ ee \ aolsoftware.exe
C: \ Programfiler \ Adobe \ Acrobat 7.0 \ Reader \ AcroRd32.exe
C: \ Programfiler \ America Online 9.0 \ shellmon.exe
C: \ Programfiler \ SUPERAntiSpyware \ SUPERAntiSpyware.exe
C: \ Programfiler \ Trend Micro \ HijackThis \ HijackThis.exe

R0 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://www.bridgew.edu/
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU \ Software \ Microsoft \ Internet Connection Wizard, ShellNext = http://www.bridgew.edu/
O2 - BHO: Adobe PDF Reader Link Helper - (06849E9F-C8D7-4D59-B87D-784B7D6BE0B3) - C: \ Programfiler \ Adobe \ Acrobat 7.0 \ ActiveX \ AcroIEHelper.dll
O2 - BHO: SSVHelper Class - (761497BB-D6F0-462C-B6EB-D4DAF1D92D43) - C: \ Programfiler \ Java \ jre1.6.0_07 \ bin \ ssv.dll
O2 - BHO: løsning Class - (99C6D1BB-7555-474C-91DA-D8FB62A9CC75) - C: \ WINDOWS \ system32 \ 58VayB0u.dll
O2 - BHO: Viewpoint Toolbar BHO - (A7327C09-B521-4EDB-8509-7D2660C9EC98) - C: \ Program Files \ Viewpoint \ Viewpoint Toolbar \ 3.8.0 \ ViewBarBHO.dll
O3 - Toolbar: AOL Toolbar - (4982D40A-C53B-4615-B15B-B5B5E98D167C) - C: \ Program Files \ AOL Toolbar \ toolbar.dll
O3 - Toolbar: Viewpoint Toolbar - (F8AD5AA5-D966-4667-9DAF-2561D68B2012) - C: \ Programfiler \ Fellesfiler \ Viewpoint \ Toolbar Kjøretid \ 3.8.0 \ IEViewBar.dll
O4 - HKLM \ .. \ Run: [NvCplDaemon] rundll32.exe C: \ WINDOWS \ system32 \ NvCpl.dll, NvStartup
O4 - HKLM \ .. \ Run: [Dell QuickSet] C: \ Programfiler \ Dell \ QuickSet \ quickset.exe
O4 - HKLM \ .. \ Run: [NvMediaCenter] rundll32.exe NvMCTray.dll, NvTaskbarInit
O4 - HKLM \ .. \ Run: [HPDJ Taskbar Utility] C: \ WINDOWS \ system32 \ spool \ drivers \ w32x86 \ 3 \ hpztsb0 3.exe
O4 - HKLM \ .. \ Run: [QuickTime Task] "C: \ Programfiler \ QuickTime \ qttask.exe"-atboottime
O4 - HKLM \ .. \ Run: [iTunesHelper] "C: \ Programfiler \ iTunes \ iTunesHelper.exe"
O4 - HKLM \ .. \ Run: [DLCXCATS] rundll32 C: \ WINDOWS \ system32 \ spool \ DRIVERS \ W32X86 \ 3 \ DLCXtim e.dll, _RunDLLEntry @ 16
O4 - HKLM \ .. \ Run: [SunJavaUpdateSched] "C: \ Programfiler \ Java \ jre1.6.0_07 \ bin \ jusched.exe"
O4 - HKLM \ .. \ Run: [Windows Defender] "C: \ Programfiler \ Windows Defender \ MSASCui.exe"-hide
O4 - HKLM \ .. \ Run: [ErrorSmart] C: \ Program Files \ ErrorSmart \ ErrorSmart.exe
O4 - HKCU \ .. \ Run: [Ctfmon.exe] C: \ WINDOWS \ system32 \ Ctfmon.exe
O4 - HKCU \ .. \ Run: [AOL Fast Start] "C: \ Programfiler \ America Online 9.0 \ AOL.EXE"-b
O4 - HKUS \ S-1-5-18 \ .. \ RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS \. DEFAULT \ .. \ RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 -. DEFAULT User Startup: Clean Access Agent.lnk = C: \ Program Files \ Cisco Systems \ Clean Access Agent \ CCAAgent.exe (User '')
O4 - Startup: Clean Access Agent.lnk = C: \ Program Files \ Cisco Systems \ Clean Access Agent \ CCAAgent.exe
O6 - HKCU \ Software \ Policies \ Microsoft \ Internet Explorer \ Control Panel presentere
O8 - Extra sammenheng menyelement: & AOL Toolbar søk - res: / / C: \ Program Files \ AOL Toolbar \ toolbar.dll / SEARCH.HTML
O8 - Extra sammenheng menyelement: E & ksporter til Microsoft Excel - res: / / c: \ progra ~ 1 \ micros ~ 2 \ Office11 \ EXCEL.EXE/3000
O8 - Extra context menu item: Abonner på standard RSS-leser - C: \ Documents and Settings \ Administrator \ Application Data \ RssBandit \ iecontext_subscribefeed.htm
O9 - Extra knappen: (no name) - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Programfiler \ Java \ jre1.6.0_07 \ bin \ ssv.dll
O9 - Extra "Verktøy" MENUITEM: Sun Java Console - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Programfiler \ Java \ jre1.6.0_07 \ bin \ ssv.dll
O9 - Extra knappen: AOL Toolbar - (4982D40A-C53B-4615-B15B-B5B5E98D167C) - C: \ Program Files \ AOL Toolbar \ toolbar.dll
O9 - Extra "Verktøy" MENUITEM: AOL Toolbar - (4982D40A-C53B-4615-B15B-B5B5E98D167C) - C: \ Program Files \ AOL Toolbar \ toolbar.dll
O9 - Extra knappen: Research - (92780B25-18CC-41C8-B9BE-3C9C571A8263) - C: \ progra ~ 1 \ micros ~ 2 \ Office11 \ REFIEBAR.DLL
O9 - Extra knappen: Real.com - (CD67F990-D8E9-11d2-98FE-00C0F0318AFE) - C: \ WINDOWS \ system32 \ Shdocvw.dll
O9 - Extra knappen: (no name) - (e2e2dd38-d088-4134-82b7-f2ba38496583) - C: \ WINDOWS \ Network Diagnostic \ xpnetdiag.exe
O9 - Extra "Verktøy" MENUITEM: @ xpsp3res.dll, -20001 - (e2e2dd38-d088-4134-82b7-f2ba38496583) - C: \ WINDOWS \ Network Diagnostic \ xpnetdiag.exe
O9 - Extra knappen: PokerStars.net - (FA9B9510-9FCB-4ca0-818C-5D0987B47C4D) - C: \ Programfiler \ PokerStars.NET \ PokerStarsUpdate.exe
O9 - Extra knappen: Messenger - (FB5F1910-F110-11d2-BB9E-00C04F795683) - C: \ Programfiler \ Messenger \ msmsgs.exe
O9 - Extra "Verktøy" MENUITEM: Windows Messenger - (FB5F1910-F110-11d2-BB9E-00C04F795683) - C: \ Programfiler \ Messenger \ msmsgs.exe
O15 - Trusted Zone: *. bridgew.edu
O16 - DPF: (01A88BB1-1174-41EC-ACCB-963509EAE56B) (SysProWmi klasse) -- http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: (17492023-C23A-453E-A040-C7C580BBF700) (Windows Genuine Advantage Validation Tool) -- http://go.microsoft.com/fwlink/?link...67&clcid=0x409
Ø16 - DPF: (5e2a3510-4371-11d6-b64c-00c04faedb18) (Oracle JInitiator 1.1.8.18) -- http://frmserv.bridgew.edu/jinitiator/jinit.exe
O16 - DPF: (6414512B-B978-451D-A0D8-FCFDF33E833C) (WUWebControl Klassifikasjon) -- http://update.microsoft.com/windowsu...?1121111428606
O16 - DPF: (6E32070A-766D-4EE6-879C-DC1FA91D2FC3) (MUWebControl klasse) -- http://update.microsoft.com/microsof...?1121873156643
O16 - DPF: (BAE1D8DF-0B35-47E3-A1E7-EEB3FF2ECD19) (CPlayFirstddfotgControl Object) -- http://aolsvc.aol.com/onlinegames/fr...g.1.0.0.33.cab
O20 - Winlogon Notify:! SASWinLogon - C: \ Programfiler \ SUPERAntiSpyware \ SASWINLO.dll
O23 - Service: Adobe LM Service - Adobe Systems - C: \ Programfiler \ Fellesfiler \ Adobe Systems Shared \ Service \ Adobelmsvc.exe
O23 - Service: AOL Tilkobling Service (AOL ACS) - AOL LLC - C: \ Programfiler \ Fellesfiler \ AOL \ ACS \ AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C: \ Programfiler \ Fellesfiler \ AOL \ TopSpeed \ 2.0 \ aoltsmon.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C: \ Programfiler \ Fellesfiler \ Apple \ Mobile Device Support \ bin \ AppleMobileDeviceService.exe
O23 - Service: ATI Hurtigtast Poller - Unknown owner - C: \ WINDOWS \ system32 \ Ati2evxx.exe
O23 - Service: CSIScanner - Prevx - C: \ Programfiler \ PrevxCSI \ prevxcsi.exe
O23 - Service: dlcx_device - - C: \ WINDOWS \ system32 \ dlcxcoms.exe
O23 - Service: Intel (R) PROSet / Wireless Event Log (EvtEng) - Intel Corporation - C: \ Programfiler \ Intel \ Wireless \ Bin \ EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C: \ Programfiler \ Fellesfiler \ InstallShield \ Driver \ 11 \ Intel 32 \ IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C: \ Programfiler \ iPod \ bin \ iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C: \ WINDOWS \ system32 \ LEXBCES.EXE
O23 - Service: NICCONFIGSVC - Dell Inc. - C: \ Programfiler \ Dell \ QuickSet \ NICCONFIGSVC.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C: \ WINDOWS \ system32 \ nvsvc32.exe
O23 - Service: Intel (R) PROSet / Wireless Registry Service (RegSrvc) - Intel Corporation - C: \ Programfiler \ Intel \ Wireless \ Bin \ RegSrvc.exe
O23 - Service: Remote Procedure Call (RPC) Net (Rpcnet) - Unknown owner - C: \ WINDOWS \ system32 \ rpcnet.exe
O23 - Service: Intel (R) PROSet / Wireless Service (S24EventMonitor) - Intel Corporation - C: \ Programfiler \ Intel \ Wireless \ Bin \ S24EvMon.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C: \ Program Files \ Viewpoint \ Common \ ViewpointService.exe
O23 - Service: Webroot CommAgent Service (WebrootCommAgentService) - Webroot Software, Inc. - C: \ Program Files \ Webroot \ Enterprise \ Spy Sweeper \ commagent.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C: \ Program Files \ Webroot \ Enterprise \ Spy Sweeper \ spysweeper.exe
O23 - Service: Intel (R) PROSet / Wireless SSO Service (WLANKEEPER) - Intel (R) Corporation - C: \ Programfiler \ Intel \ Wireless \ Bin \ WLKeeper.exe

--
End of file - 10609 bytes

[evilfantasy]

Velkommen til CJ.

Vennligst skriv ut disse instruksjonene som de vil være nødvendig senere når Internett-tilgang er ikke tilgjengelig.

Laste ned SDFix av AndyManchesta og lagre den på skrivebordet.

Når du bruker dette verktøyet, må du bruke Administrator konto eller en konto med Administrative rettigheter

• Dobbeltklikk SDFix.exe og det vil pakke ut filene i% systemdrive%
• (dette er den stasjonen som inneholder Windows-katalogen, vanligvis C: \ SDFix).
• Ikke bruker den ennå.

Start datamaskinen i Sikkermodus bruker F8 metode. Du gjør dette ved å starte datamaskinen, og etter å ha hørt maskinen piper én gang under oppstart (men før Windows ikonet) trykker du F8-tasten gjentatte ganger. En meny vises med flere alternativer. Bruk piltastene til å navigere og velge alternativet for å kjøre Windows i "sikker modus".

Åpne SDFix mappe og dobbeltklikk RunThis.bat å starte skriptet.

• Type Y å starte Cleanup prosessen.
• Det vil fjerne enhver Trojan Services eller registeroppføringer finnes deretter be deg om å trykke en tast for å starte på nytt.
• Trykk på en tast og den vil starte PC.
• Når PC-en startes på nytt, det Fixtool vil kjøre igjen og fullføre fjerningen deretter vise Ferdig, Trykker på en tast for å avslutte skriptet og laste desktop ikoner.
• Når skrivebordsikonene laste SDFix rapporten åpnes på skjermen, og også lagre i SDFix mappen som Report.txt.
• Kopier og lim innholdet av resultatene fil Report.txt i neste svar sammen med en ny HijackThis log.

[caroleella]

SDFix: 1.229 Version
Kjør av Administrator på lørdag 09/27/2008 kl 10:50

Microsoft Windows XP [Versjon 5.1.2600]
Running Fra: C: \ SDFix

Checking Services :


Gjenopprette Standard Security Verdier
Gjenopprette Default Hosts File

Start


Checking Files :

No Trojan Files Found






Fjerne Temp Files

ADS Check :



Final Check :

CatchMe 0.3.1361.2 W2K/XP/Vista - rootkit / skjulemodus malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-27 23:14:36
Windows 5.1.2600 Service Pack 2 NTFS

skanning skjulte prosesser ...

skanning skjulte tjenester & Systemstrukturen ...

scanning hidden registeroppføringene ...

skanning skjulte filer ...

skanning er fullført
skjulte prosesser: 0
skjulte tjenester: 0
skjulte filer: 0


Resterende Services :




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ tjenester es \ sharedaccess \ Parameters \ firewallpolicy \ standard profil \ authorizedapplications \ listen]
"% windir% \ \ system32 \ \ sessmgr.exe" = "% windir% \ \ systemet m32 \ \ sessmgr.exe: *: Enabled: @ xpsp2res.dll, -22019"
"C: \ \ Programfiler \ \ RssBandit \ \ RSSBandit.exe" = "C: \ \ Programfiler \ \ RssBandit \ \ RSSBandit.exe: *: Enabled: RSS Bandit"
"E: \ \ CtmWeb27155-48482 \ \ ctmweb.exe" = "E: \ \ CtmWeb27155-48482 \ \ ctmweb.exe: *: Enabled: ctmweb.exe"
"C: \ \ Programfiler \ \ Fellesfiler \ \ AOL \ \ Loader \ \ aolload.exe" = "C: \ \ Programfiler \ \ Fellesfiler \ \ AOL \ \ Loader \ \ aolload.exe: *: Enabled : AOL Application Loader "
"C: \ \ Programfiler \ \ Fellesfiler \ \ AOL \ \ ACS \ \ AOLDial.exe" = "C: \ \ Programfiler \ \ Fellesfiler \ \ AOL \ \ ACS \ \ AOLDial.exe: *: Enabled : AOL "
"C: \ \ Programfiler \ \ Fellesfiler \ \ AOL \ \ ACS \ \ AOLacsd.exe" = "C: \ \ Programfiler \ \ Fellesfiler \ \ AOL \ \ ACS \ \ AOLacsd.exe: *: Enabled : AOL "
"C: \ \ Programfiler \ \ America Online 9.0 \ \ waol.exe" = "C: \ \ Programfiler \ \ America Online 9.0 \ \ waol.exe: *: Enabled: AOL"
"C: \ \ Programfiler \ \ Fellesfiler \ \ AOL \ \ TopSpeed \ \ 2.0 \ \ aoltsmon.exe" = "C: \ \ Prog ram Files \ \ Common Files \ \ AOL \ \ TopSpeed \ \ 2.0 \ \ aoltsmon.exe: *: Enabled: AOLTsMon "
"C: \ \ Programfiler \ \ Fellesfiler \ \ AOL \ \ TopSpeed \ \ 2.0 \ \ aoltpspd.exe" = "C: \ \ Prog ram Files \ \ Common Files \ \ AOL \ \ TopSpeed \ \ 2.0 \ \ aoltpspd.exe: *: Enabled: AOLTopSpeed "
"C: \ \ Program Files \ \ Common Files \ \ AOL \ \ 1155864818 \ \ EE \ \ AOLServiceHost.exe" = "C: \ \ Program Files \ \ Common Files \ \ AOL \ \ 1155864818 \ \ EE \ \ AOLServiceHost . exe: *: E nabled: AOL "
"C: \ \ Programfiler \ \ Fellesfiler \ \ AOL \ \ System Information \ \ sinf.exe" = "C: \ \ Programfiler \ \ Fellesfiler \ \ AOL \ \ System Information \ \ sinf.exe: * : Enabled: AOL "
"C: \ \ Programfiler \ \ Fellesfiler \ \ AOL \ AOL Spionprogrambeskyttelse \ \ AOLSP Scheduler.exe" = "C: \ \ Programfiler \ \ Fellesfiler \ \ AOL \ AOL Spionprogrambeskyttelse \ \ AOLSP Scheduler . exe: *: Enabled: AOL "
"C: \ \ Programfiler \ \ Fellesfiler \ \ AOL \ AOL Spionprogrambeskyttelse \ \ Asp.exe" = "C: \ \ Programfiler \ \ Fellesfiler \ \ AOL \ AOL Spionprogrambeskyttelse \ \ Asp.exe : *: Enabled: AOL "
"C: \ \ Programfiler \ \ Fellesfiler \ \ AolCoach \ \ en_en \ \ player \ \ AOLNySEV.exe" = "C: \ \ Programfiler \ \ Fellesfiler \ \ AolCoach \ \ en_en \ \ player \ \ AOLNySEV . exe: *: Ena blødde: AOL "
"C: \ \ Programfiler \ \ FTP Commander Pro \ \ cftp.exe" = "C: \ \ Programfiler \ \ FTP Commander Pro \ \ cftp.exe: *: Enabled: cftp"
"C: \ \ Programfiler \ \ FTP Commander \ \ ftpcomm.exe" = "C: \ \ Programfiler \ \ FTP Commander \ \ ftpcomm.exe: *: Enabled: ftpcomm"
"C: \ \ Program Files \ \ Real \ RealPlayer \ \ realplay.exe" = "C: \ \ progra m Files \ \ Real \ RealPlayer \ \ realplay.exe: *: Enabled: Re alPlayer"
"C: \ \ StubInstaller.exe" = "C: \ \ StubInstaller.exe: *: E nabled: LimeWire swarmed Installer"
"C: \ \ Program Files \ \ LimeWire \ \ LimeWire.exe" = "C: \ \ Program Files \ \ LimeWire \ \ LimeWire.exe: *: Enabled: LimeWire"
"C: \ \ Program Files \ SmartFTP Client 2.0 \ \ SmartFTP.exe" = "C: \ \ Program Files \ SmartFTP Client 2.0 \ \ SmartFTP.exe: *: Enabled: SmartFTP Client 2.0"
"C: \ \ Programfiler \ \ BitTornado \ \ btdownloadgui.exe" = "C: \ \ Programfiler \ \ BitTornado \ \ btdownloadgui.exe: *: Enabled: Btd ownloadgui"
"C: \ \ Program Files \ \ Common Files \ \ AOL \ \ 1155864818 \ \ EE \ \ aolsoftware.exe" = "C: \ \ Program Files \ \ Common Files \ \ AOL \ \ 1155864818 \ \ EE \ \ aolsoftware . exe: *: Enab ledede: AOL Services "
"C: \ \ Program Files \ \ Mozilla Firefox \ \ firefox.exe" = "C: \ \ Program Files \ \ Mozilla Firefox \ \ firefox.exe: *: Enabled: Firefox"
"C: \ \ Program Files \ \ Get-Torrent \ \ Get-Torrent.exe" = "C: \ \ Program Files \ \ Get-Torrent \ \ Get-Torrent.exe: *: Enabled: Torrent P2P program"
"C: \ \ Programfiler \ \ Restaurant Empire \ \ re.exe" = "C: \ \ Programfiler \ \ Restaurant Empire \ \ re.exe: *: Enabled: re"
"C: \ \ Programfiler \ \ BitZip \ \ bitzip.exe" = "C: \ \ Programfiler \ \ BitZip \ \ bitzip.exe: *: Enabled: BitZip"
"C: \ \ Program Files \ \ uTorrent \ \ uTorrent.exe" = "C: \ \ Program Files \ \ uTorrent \ \ uTorrent.exe: *: Enabled: æTorrent"
"C: \ \ Program Files \ \ iTunes \ \ iTunes.exe" = "C: \ \ Program Files \ \ iTunes \ \ iTunes.exe: *: Enabled: iTunes"
"% windir% \ \ Network Diagnostic \ \ xpnetdiag.exe" = "% windir% \ \ Network Diagnostic \ \ xpnetdiag.exe: *: Enabled: @ xpsp3res.dll, -20000"
"C: \ \ WINDOWS \ \ system32 \ \ dlcxcoms.exe" = "C: \ \ WINDOWS \ \ system32 \ \ dlcxcoms.exe: *: Enabled: Dell 926 Server"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ tjenester es \ sharedaccess \ Parameters \ firewallpolicy \ domainpr ofile \ authorizedapplications \ listen]
"% windir% \ \ system32 \ \ sessmgr.exe" = "% windir% \ \ systemet m32 \ \ sessmgr.exe: *: Enabled: @ xpsp2res.dll, -22019"
"E: \ \ CtmWeb27155-48482 \ \ ctmweb.exe" = "E: \ \ CtmWeb27155-48482 \ \ ctmweb.exe: *: Enabled: ctmweb Computrace Installasjon / Management Application"
"% windir% \ \ Network Diagnostic \ \ xpnetdiag.exe" = "% windir% \ \ Network Diagnostic \ \ xpnetdiag.exe: *: Enabled: @ xpsp3res.dll, -20000"

Resterende Filer :



Filer med skjulte attributter :

Tirs 12 juli 2005 54872 A.. H. --- "C: \ Program Files \ America Online 9.0 \ AOLphx.exe"
Tirs 12 juli 2005 31832 A.. H. --- "C: \ Program Files \ America Online 9.0 \ rbm.exe"
Ons 13 oktober 2004 1694208 A.. H. --- "C: \ Program Files \ Messenger \ Msmsgs.exe"
Ons 17 september 2008 162 A.. H. --- "C: \ Documents and Settings \ Administrator \ Mine dokumenter \ ~ $ RL3917.tmp"
Fre 23 november 2007 4840960 ... H. --- "C: \ Documents and Settings \ Administrator \ Mine dokumenter \ ~ WRL3917.tmp"
Søn 1 april 2007 247 A.. H. --- "C: \ Program Files \ InterActual \ InterActual Player \ itiC9F.tmp"
Søn 1 juli 2007 0 A.SH. --- "C: \ Documents and Settings \ All Users \ DRM \ Cache \ Indiv01.tmp"
Man 14 januar 2008 3459 ... HR --- "C: \ Documents and Settings \ Administrator \ Application Data \ SecuROM \ UserData \ securom_v7_01.bak"
Lør 27 september 2008 A. 4750. H. --- "C: \ Documents and Settings \ LocalService \ Application Data \ Webroot \ Spy Sweeper \ Temp \ SSCS00643642-9444-46D7-A0F8-98BCEC733FED.tmp"
Lør 27 september 2008 0 A.. H. --- "C: \ Documents and Settings \ LocalService \ Application Data \ Webroot \ Spy Sweeper \ Temp \ SSCS02319C6A-A321-4C8D-9995-820B7395AC0C.tmp"
Lør 27 september 2008 0 A.. H. --- "C: \ Documents and Settings \ LocalService \ Application Data \ Webroot \ Spy Sweeper \ Temp \ SSCS025EABA1-CC11-4560-8E12-630DDF3DA7B2.tmp"
Lør 27 september 2008 0 A.. H. --- "C: \ Documents and Settings \ LocalService \ Application Data \ Webroot \ Spy Sweeper \ Temp \ SSCS045F4367-E293-4856-99B6-A55965765747.tmp"
Lør 27 september 2008 0 A.. H. --- "C: \ Documents and Settings \ LocalService \ Application Data \ Webroot \ Spy Sweeper \ Temp \ SSCS068F3C9C-D92F-41E5-AF3C-3917DFD07FFB.tmp"
Lør 27 september 2008 0 A.. H. --- "C: \ Documents and Settings \ LocalService \ Application Data \ Webroot \ Spy Sweeper \ Temp \ SSCS0ABE791D-AAB6-45AE-94C0-81FF065FB64C.tmp"
Lør 27 september 2008 0 A.. H. --- "C: \ Documents and Settings \ LocalService \ Application Data \ Webroot \ Spy Sweeper \ Temp \ SSCS0B798094-B44A-427A-B9DC-654E158521EB.tmp"
Lør 27 september 2008 0 A.. H. --- "C: \ Documents and Settings \ LocalService \ Application Data \ Webroot \ Spy Sweeper \ Temp \ SSCS0C1801B8-619C-45EF-A0A9-6FDF58378626.tmp"
Lør 27 september 2008 0 A.. H. --- "C: \ Documents and Settings \ LocalService \ Application Data \ Webroot \ Spy Sweeper \ Temp \ SSCS0DC230DD-648D-4C7A-A46F-125E3BBCACF0.tmp"
Lør 27 september 2008 0 A.. H. --- "C: \ Documents and Settings \ LocalService \ Application Data \ Webroot \ Spy Sweeper \ Temp \ SSCS0FD1D4A0-7A3B-4426-BF06-CBE8A10161D9.tmp"
Lør 27 september 2008 12540 A.. H. --- "C: \ Documents and Settings \ LocalService \ Application Data \ Webroot \ Spy Sweeper \ Temp \ SSCS12E3E01D-D993-4077-84CD-270FC7998D10.tmp"
Lør 27 september 2008 A. 5616. H. --- "C: \ Documents and Settings \ LocalService \ Application Data \ Webroot \ Spy Sweeper \ Temp \ SSCS1558A464-A8A5-4699-8AD4-1FD636BA73F0.tmp"
Lør 27 september 2008 0 A.. H. --- "C: \ Documents and Settings \ LocalService \ Application Data \ Webroot \ Spy Sweeper \ Temp \ SSCS16C4CA8E-B45E-4C74-A16A-C6547AC6862A.tmp"
Lør 27 september 2008 0 A.. H. --- "C: \ Documents and Settings \ LocalService \ Application Data \ Webroot \ Spy Sweeper \ Temp \ SSCS171F971D-9918-4BF8-934E-9F971CE3A62E.tmp"
Lør 27 september 2008 0 A.. H. --- "C: \ Documents and Settings \ LocalService \ Application Data \ Webroot \ Spy Sweeper \ Temp \ SSCS18482343-5AA4-4A75-B35E-1DE367BE8DF8.tmp"
Lør 27 september 2008 0 A.. H. --- "C: \ Documents and Settings \ LocalService \ Application Data \ Webroot \ Spy Sweeper \ Temp \ SSCS1F408231-9AD4-4F3A-8F71-E4D1A885E2D9.tmp"
Lør 27 september 2008 0 A.. H. --- "C: \ Documents and Settings \ LocalService \ Application Data \ Webroot \ Spy Sweeper \ Temp \ SSCS22C553D7-9E17-42E7-9BAC-FD08E49F2DA7.tmp"
Lør 27 september 2008 0 A.. H. --- "C: \ Documents and Settings \ LocalService \ Application Data \ Webroot \ Spy Sweeper \ Temp \ SSCS29899F67-1A0A-49C1-BF8C-969C56BFE72D.tmp"
Lør 27 september 2008 40408 A.. H. --- "C: \ Documents and Settings \ LocalService \ Application Data \ Webroot \ Spy Sweeper \ Temp \ SSCS2CE2DD8D-1B89-4236-8CEB-8AE2092F011D.tmp"
Lør 27 september 2008 0 A.. H. --- "C: \ Documents and Settings \ LocalService \ Application Data \ Webroot \ Spy Sweeper \ Temp \ SSCS2DE8E664-10D0-4BC0-B385-C28929E5600F.tmp"
Lør 27 september 2008 0 A.. H. --- "C: \ Documents and Settings \ LocalService \ Application Data \ Webroot \ Spy Sweeper \ Temp \ SSCS35CD56A6-869F-4E8D-9744-F5243F94B4B1.tmp"
Lør 27 september 2008 0 A.. H. --- "C: \ Documents and Settings \ LocalService \ Application Data \ Webroot \ Spy Sweeper \ Temp \ SSCS3A52BAF2-C6D8-48C5-A517-8F08AFB8035A.tmp"
Lør 27 september 2008 0 A.. H. --- "C: \ Documents and Settings \ LocalService \ Application Data \ Webroot \ Spy Sweeper \ Temp \ SSCS3EC9B69D-3F89-4FC5-B941-1463F3BD2234.tmp"
Lør 27 september 2008 0 A.. H. --- "C: \ Documents and Settings \ LocalService \ Application Data \ Webroot \ Spy Sweeper \ Temp \ SSCS3EADD09D-E99C-4EDA-87E8-14DD31C5A1CA.tmp"
Lør 27 september 2008 0 A.. H. --- "C: \ Documents and Settings \ LocalService \ Application Data \ Webroot \ Spy Sweeper \ Temp \ SSCS3EDF6917-B0B7-4164-BAA8-7013E06D5FCA.tmp"
Lør 27 september 2008 0 A.. H. --- "C: \ Documents and Settings \ LocalService \ Application Data \ Webroot \ Spy Sweeper \ Temp \ SSCS3FF4AFC6-0025-4047-AEFB-7C34313D972F.tmp"
Lør 27 september 2008 0 A.. H. --- "C: \ Documents and Settings \ LocalService \ Application Data \ Webroot \ Spy Sweeper \ Temp \ SSCS4031D191-1F75-49F0-8272-A12ACD39C269.tmp"
Lør 27 september 2008 0 A.. H. --- "C: \ Documents and Settings \ LocalService \ Application Data \ Webroot \ Spy Sweeper \ Temp \ SSCS416C7484-2AC6-4BFE-8364-B3DC9640EB90.tmp"
Lør 27 september 2008 27677 A.. H. --- "C: \ Documents and Settings \ LocalService \ Application Data \ Webroot \ Spy Sweeper \ Temp \ SSCS42B72C22-0C5B-4053-87A4-D8EB671C2029.tmp"
Lør 27 september 2008 0 A.. H. --- "C: \ Documents and Settings \ LocalService \ Application Data \ Webroot \ Spy Sweeper \ Temp \ SSCS4C83367A-C322-4725-A861-182E13107846.tmp"
Lør 27 september 2008 0 A.. H. --- "C: \ Documents and Settings \ LocalService \ Application Data \ Webroot \ Spy Sweeper \ Temp \ SSCS4DB48154-31C5-424F-B7EB-6337D7279415.tmp"
Lør 27 september 2008 A. 3393. H. --- "C: \ Documents and Settings \ LocalService \ Application Data \ Webroot \ Spy Sweeper \ Temp \ SSCS4EAE423C-33F9-4D19-AD00-4127948E7F39.tmp"
Lør 27 september 2008 0 A.. H. --- "C: \ Documents and Settings \ LocalService \ Application Data \ Webroot \ Spy Sweeper \ Temp \ SSCS4FE7BDE5-631A-4BEE-BA59-2A86CECDA9DA.tmp"
Lør 27 september 2008 0 A.. H. --- "C: \ Documents and Settings \ LocalService \ Application Data \ Webroot \ Spy Sweeper \ Temp \ SSCS50B44EC6-2F2E-4D16-AC0C-376383467A7C.tmp"
Lør 27 september 2008 0 A.. H. --- "C: \ Documents and Settings \ LocalService \ Application Data \ Webroot \ Spy Sweeper \ Temp \ SSCS56CA220B-41A4-4EBA-B217-FF3A496AA590.tmp"
Lør 27 september 2008 0 A.. H. --- "C: \ Documents and Settings \ LocalService \ Application Data \ Webroot \ Spy Sweeper \ Temp \ SSCS5AF7C2DD-39F4-4B22-8F5A-11FC428681E1.tmp"
Lør 27 september 2008 101,080 A.. H. --- "C: \ Documents and Settings \ LocalService \ Application Data \ Webroot \ Spy Sweeper \ Temp \ SSCS5DCC2C2E-7275-4CC4-9192-B113F353FB5F.tmp"
Lør 27 september 2008 0 A.. H. --- "C: \ Documents and Settings \ LocalService \ Application Data \ Webroot \ Spy Sweeper \ Temp \ SSCS5D528DF5-B79E-4EE1-9D6C-1EC565BBBC62.tmp"
Lør 27 september 2008 0 A.. H. --- "C: \ Documents and Settings \ LocalService \ Application Data \ Webroot \ Spy Sweeper \ Temp \ SSCS6011FD6D-D50D-43A0-AE81-A050DD789327.tmp"
Lør 27 september 2008 0 A.. H. --- "C: \ Documents and Settings \ LocalService \ Application Data \ Webroot \ Spy Sweeper \ Temp \ SSCS62CC7F66-91D7-40E6-9C86-9E1A90363BBD.tmp"
Lør 27 september 2008 0 A.. H. --- "C: \ Documents and Settings \ LocalService \ Application Data \ Webroot \ Spy Sweeper \ Temp \ SSCS6548601C-9BB6-472C-AA53-447B881C2428.tmp"
Lør 27 september 2008 6247755 A.. H. --- "C: \ Documents and Settings \ LocalService \ Application Data \ Webroot \ Spy Sweeper \ Temp \ SSCS6946DC39-11B6-4B93-A005-7F3C9D123F87.tmp"
Lør 27 september 2008 0 A.. H. --- "C: \ Documents and Settings \ LocalService \ Application Data \ Webroot \ Spy Sweeper \ Temp \ SSCS69A2BD78-4F53-4EBE-A0E3-D640854156D9.tmp"
Lør 27 september 2008 198,358 A.. H. --- "C: \ Documents and Settings \ LocalService \ Application Data \ Webroot \ Spy Sweeper \ Temp \ SSCS6927849A-B300-4980-AAEB-7DBA1C6E4164.tmp"
Lør 27 september 2008 0 A.. H. --- "C: \ Documents and Settings \ LocalService \ Application Data \ Webroot \ Spy Sweeper \ Temp \ SSCS6945CE07-04BF-439F-987F-028637985DF0.tmp"
Lør 27 september 2008 0 A.. H. --- "C: \ Documents and Settings \ LocalService \ Application Data \ Webroot \ Spy Sweeper \ Temp \ SSCS6FE21A12-C11B-4E43-99E2-FA8F960870E1.tmp"
Lør 27 september 2008 0 A.. H. --- "C: \ Documents and Settings \ LocalService \ Application Data \ Webroot \ Spy Sweeper \ Temp \ SSCS700D83FE-2571-4AE3-89BC-6DD584F68699.tmp"
Lør 27 september 2008 3195852 A.. H. --- "C: \ Documents and Settings \ LocalService \ Application Data \ Webroot \ Spy Sweeper \ Temp \ SSCS713A2772-B7C7-4A87-BAEB-E92C67ED4580.tmp"
Lør 27 september 2008 143,110 A.. H. --- "C: \ Documents and Settings \ LocalService \ Application Data \ Webroot \ Spy Sweeper \ Temp \ SSCS71EC4FAD-E45A-4E20-AE13-D864D8CA24A1.tmp"
Lør 27 september 2008 0 A.. H. --- "C: \ Documents and Settings \ LocalService \ Application Data \ Webroot \ Spy Sweeper \ Temp \ SSCS716E87B1-65B4-4487-B09B-19A89B9F5C97.tmp"
Lør 27 september 2008 1909332 A.. H. --- "C: \ Documents and Settings \ LocalService \ Application Data \ Webroot \ Spy Sweeper \ Temp \ SSCS7366E027-AE32-4BC8-9360-699C2C95BEB0.tmp"
Lør 27 september 2008 270,314 A.. H. --- "C: \ Documents and Settings \ LocalService \ Application Data \ Webroot \ Spy Sweeper \ Temp \ SSCS75371617-A509-4E33-9F16-118AA8AC2918.tmp"
Lør 27 september 2008 0 A.. H. --- "C: \ Documents and Settings \ LocalService \ Application Data \ Webroot \ Spy Sweeper \ Temp \ SSCS767A458F-F431-46EB-A2DA-88FB1A7E3E7D.tmp"
Lør 27 september 2008 0 A.. H. --- "C: \ Documents and Settings \ LocalService \ Application Data \ Webroot \ Spy Sweeper \ Temp \ SSCS7A70C6B2-5850-4473-9585-E0C43F090F27.tmp"
Lør 27 september 2008 0 A.. H. --- "C: \ Documents and Settings \ LocalService \ Application Data \ Webroot \ Spy Sweeper \ Temp \ SSCS7B30F8F2-8A4F-42B9-B9F8-625709173611.tmp"
Lør 27 september 2008 0 A.. H. --- "C: \ Documents and Settings \ LocalService \ Application Data \ Webroot \ Spy Sweeper \ Temp \ SSCS7C1354E8-D74C-4AC8-BE8F-7167A5076F4A.tmp"
Lør 27 september 2008 0 A.. H. --- "C: \ Documents and Settings \ LocalService \ Application Data \ Webroot \ Spy Sweeper \ Temp \ SSCS7CBB22C6-4E66-4720-995F-1C2ADC632A9B.tmp"
Lør 27 september 2008 642 A.. H. --- "C: \ Documents and Settings \ LocalService \ Application Data \ Webroot \ Spy Sweeper \ Temp \ SSCS7E1AA5E0-2F18-4CF4-B64E-8EB8F378DF31.tmp"
Lør 27 september 2008 0 A.. H. --- "C: \ Documents and Settings \ LocalService \ Application Data \ Webroot \ Spy Sweeper \ Temp \ SSCS7FEECAB9-C6A6-4302-9AA6-F69FA542ED3D.tmp"
Lør 27 september 2008 0 A.. H. --- "C: \ Documents and Settings \ LocalService \ Application Data \ Webroot \ Spy Sweeper \ Temp \ SSCS840E4E3A-C733-4DC5-A8F3-B248CC83075B.tmp"
Lør 27 september 2008 0 A.. H. --- "C: \ Documents and Settings \ LocalService \ Application Data \ Webroot \ Spy Sweeper \ Temp \ SSCS8716D8FB-a364-4288-8B00-55605E1EF6C0.tmp"
Lør 27 september 2008 0 A.. H. --- "C: \ Documents and Settings \ LocalService \ Application Data \ Webroot \ Spy Sweeper \ Temp \ SSCS89FE094B-45FA-4923-87F1-139238C4F97B.tmp"
Lør 27 september 2008 610 A.. H. --- "C: \ Documents and Settings \ LocalService \ Application Data \ Webroot \ Spy Sweeper \ Temp \ SSCS8A4D2B50-2BB9-4DC6-9E5E-3CB11929C3D2.tmp"
Lør 27 september 2008 A. 4532. H. --- "C: \ Documents and Settings \ LocalService \ Application Data \ Webroot \ Spy Sweeper \ Temp \ SSCS8E7D97AA-E673-4952-AA06-A468A9C52A7C.tmp"
Lør 27 september 2008 0 A.. H. --- "C: \ Documents and Settings \ LocalService \ Application Data \ Webroot \ Spy Sweeper \ Temp \ SSCS8FB3E905-99BA-4D9E-9C2A-B17FB19F5132.tmp"
Lør 27 september 2008 0 A.. H. --- "C: \ Documents and Settings \ LocalService \ Application Data \ Webroot \ Spy Sweeper \ Temp \ SSCS92FF4DE9-51A7-4FEA-9F94-4984E35FDB14.tmp"
Lør 27 september 2008 0 A.. H. --- "C: \ Documents and Settings \ LocalService \ Application Data \ Webroot \ Spy Sweeper \ Temp \ SSCS94946861-C52C-4360-B5D7-0BAA075D88BB.tmp"
Lør 27 september 2008 674 A.. H. --- "C: \ Documents and Settings \ LocalService \ Application Data \ Webroot \ Spy Sweeper \ Temp \ SSCS9766DA24-0126-49B8-821D-0BBD42716F70.tmp"
Lør 27 september 2008 0 A.. H. --- "C: \ Documents and Settings \ LocalService \ Application Data \ Webroot \ Spy Sweeper \ Temp \ SSCS9CF76AA8-C8DD-426D-8974-7952EA0782D3.tmp"
Lør 27 september 2008 0 A.. H. --- "C: \ Documents and Settings \ LocalService \ Application Data \ Webroot \ Spy Sweeper \ Temp \ SSCS9DE19017-8F84-45F0-8707-3157A64B6CEA.tmp"
Lør 27 september 2008 1190410 A.. H. --- "C: \ Documents and Settings \ LocalService \ Application Data \ Webroot \ Spy Sweeper \ Temp \ SSCS9F48133A-1109-42EB-93AA-A3CB3CACBCBF.tmp"
Lør 27 september 2008 0 A.. H. --- "C: \ Documents and Settings \ LocalService \ Application Data \ Webroot \ Spy Sweeper \ Temp \ SSCSABDB0578-02AF-4BA8-A501-9A8992ED7BDB.tmp"
Lør 27 september 2008 A. 2736. H. --- "C: \ Documents and Settings \ LocalService \ Application Data \ Webroot \ Spy Sweeper \ Temp \ SSCSAD28D6FF-3940-4F08-A657-2E61F69B5449.tmp"
Lør 27 september 2008 75790 A.. H. --- "C: \ Documents and Settings \ LocalService \ Application Data \ Webroot \ Spy Sweeper \ Temp \ SSCSB18333D4-60E0-438D-B085-7DB36F72F77D.tmp"
Lør 27 september 2008 0 A.. H. --- "C: \ Documents and Settings \ LocalService \ Application Data \ Webroot \ Spy Sweeper \ Temp \ SSCSB74C069F-C392-4F81-8670-212FC280E95D.tmp"
Lør 27 september 2008 0 A.. H. --- "C: \ Documents and Settings \ LocalService \ Application Data \ Webroot \ Spy Sweeper \ Temp \ SSCSB76C1894-7B69-4834-97D3-B402FE20935A.tmp"
Lør 27 september 2008 0 A.. H. --- "C: \ Documents and Settings \ LocalService \ Application Data \ Webroot \ Spy Sweeper \ Temp \ SSCSB73D6FFC-0E8C-41B9-84D3-8810EC6D9228.tmp"
Lør 27 september 2008 0 A.. H. --- "C: \ Documents and Settings \ LocalService \ Application Data \ Webroot \ Spy Sweeper \ Temp \ SSCSB9036DEB-8242-4521-A54E-139AF6A9A190.tmp"
Lør 27 september 2008 0 A.. H. --- "C: \ Documents and Settings \ LocalService \ Application Data \ Webroot \ Spy Sweeper \ Temp \ SSCSBAE9F5F5-FA44-4E05-9A1D-A462CE8AF520.tmp"
Lør 27 september 2008 0 A.. H. --- "C: \ Documents and Settings \ LocalService \ Application Data \ Webroot \ Spy Sweeper \ Temp \ SSCSBBCD6D72-A069-40FF-9AF2-916180E0A88E.tmp"
Lør 27 september 2008 0 A.. H. --- "C: \ Documents and Settings \ LocalService \ Application Data \ Webroot \ Spy Sweeper \ Temp \ SSCSBBCBA3E5-E607-436E-B3EE-A1DEAC925872.tmp"
Lør 27 september 2008 0 A.. H. --- "C: \ Documents and Settings \ LocalService \ Application Data \ Webroot \ Spy Sweeper \ Temp \ SSCSBEC0CEEC-C42B-4B06-A604-EAAD26CE6255.tmp"
Lør 27 september 2008 0 A.. H. --- "C: \ Documents and Settings \ LocalService \ Application Data \ Webroot \ Spy Sweeper \ Temp \ SSCSC5D01365-2009-400C-A9A3-5F990CF4A80D.tmp"
Lør 27 september 2008 0 A.. H. --- "C: \ Documents and Settings \ LocalService \ Application Data \ Webroot \ Spy Sweeper \ Temp \ SSCSC9E0B767-5A0A-47B9-a439-227E2B94F887.tmp"
Lør 27 september 2008 134,148 A.. H. --- "C: \ Documents and Settings \ LocalService \ Application Data \ Webroot \ Spy Sweeper \ Temp \ SSCSD2617AFF-BC61-4BFE-B8E6-6CC988A0F275.tmp"
Lør 27 september 2008 0 A.. H. --- "C: \ Documents and Settings \ LocalService \ Application Data \ Webroot \ Spy Sweeper \ Temp \ SSCSD21BE94F-9EE4-475B-B0A2-24C81FFF173F.tmp"
Lør 27 september 2008 0 A.. H. --- "C: \ Documents and Settings \ LocalService \ Application Data \ Webroot \ Spy Sweeper \ Temp \ SSCSD4AA62E4-9D9E-4B7B-9CD0-686A2C05AEF7.tmp"
Lør 27 september 2008 0 A.. H. --- "C: \ Documents and Settings \ LocalService \ Application Data \ Webroot \ Spy Sweeper \ Temp \ SSCSD729F3FB-EE09-459B-A678-BD9132629FDF.tmp"
Lør 27 september 2008 0 A.. H. --- "C: \ Documents and Settings \ LocalService \ Application Data \ Webroot \ Spy Sweeper \ Temp \ SSCSD8157780-DB4C-464E-B192-D31296C412A8.tmp"
Lør 27 september 2008 0 A.. H. --- "C: \ Documents and Settings \ LocalService \ Application Data \ Webroot \ Spy Sweeper \ Temp \ SSCSD97D795A-5F39-4FDD-A7EF-691DEBB65005.tmp"
Lør 27 september 2008 0 A.. H. --- "C: \ Documents and Settings \ LocalService \ Application Data \ Webroot \ Spy Sweeper \ Temp \ SSCSDA1F438F-BCAF-4452-A79A-167408950654.tmp"
Lør 27 september 2008 0 A.. H. --- "C: \ Documents and Settings \ LocalService \ Application Data \ Webroot \ Spy Sweeper \ Temp \ SSCSDA218F7C-D867-4690-96E2-789F80A7D3E0.tmp"
Lør 27 september 2008 20968 A.. H. --- "C: \ Documents and Settings \ LocalService \ Application Data \ Webroot \ Spy Sweeper \ Temp \ SSCSDBBDCE8F-1CB9-456D-9A48-B332BFDD4DA3.tmp"
Lør 27 september 2008 0 A.. H. --- "C: \ Documents and Settings \ LocalService \ Application Data \ Webroot \ Spy Sweeper \ Temp \ SSCSDC4DE87E-7FB7-4AAF-9341-074C383E5277.tmp"
Lør 27 september 2008 2168120 A.. H. --- "C: \ Documents and Settings \ LocalService \ Application Data \ Webroot \ Spy Sweeper \ Temp \ SSCSDC4805C4-09F4-44DF-953F-40714AC7B32D.tmp"
Lør 27 september 2008 0 A.. H. --- "C: \ Documents and Settings \ LocalService \ Application Data \ Webroot \ Spy Sweeper \ Temp \ SSCSDC54187B-23EE-4C63-A3C1-F95DD71DC749.tmp"
Lør 27 september 2008 0 A.. H. --- "C: \ Documents and Settings \ LocalService \ Application Data \ Webroot \ Spy Sweeper \ Temp \ SSCSE542CE01-559A-4B52-B46E-3ABA034CB806.tmp"
Lør 27 september 2008 0 A.. H. --- "C: \ Documents and Settings \ LocalService \ Application Data \ Webroot \ Spy Sweeper \ Temp \ SSCSE76031B3-69B7-40CD-98AA-1FBADCFD80F9.tmp"
Lør 27 september 2008 538 A.. H. --- "C: \ Documents and Settings \ LocalService \ Application Data \ Webroot \ Spy Sweeper \ Temp \ SSCSE89A2A1E-7243-491E-8713-779584114914.tmp"
Lør 27 september 2008 0 A.. H. --- "C: \ Documents and Settings \ LocalService \ Application Data \ Webroot \ Spy Sweeper \ Temp \ SSCSE9F327DF-50B6-42E2-B361-B1279BCFE655.tmp"
Lør 27 september 2008 0 A.. H. --- "C: \ Documents and Settings \ LocalService \ Application Data \ Webroot \ Spy Sweeper \ Temp \ SSCSEAF8FCDA-0414-40ED-8AC7-F6E8BA990710.tmp"
Lør 27 september 2008 0 A.. H. --- "C: \ Documents and Settings \ LocalService \ Application Data \ Webroot \ Spy Sweeper \ Temp \ SSCSEC43267D-076B-42D7-838C-4A46B1619D44.tmp"
Lør 27 september 2008 0 A.. H. --- "C: \ Documents and Settings \ LocalService \ Application Data \ Webroot \ Spy Sweeper \ Temp \ SSCSED7CFB5E-591C-4B3A-BB59-99AC6B355CE9.tmp"
Lør 27 september 2008 0 A.. H. --- "C: \ Documents and Settings \ LocalService \ Application Data \ Webroot \ Spy Sweeper \ Temp \ SSCSF03658AA-EBC4-437C-8F4E-338B053BBCC5.tmp"
Lør 27 september 2008 0 A.. H. --- "C: \ Documents and Settings \ LocalService \ Application Data \ Webroot \ Spy Sweeper \ Temp \ SSCSF1EE7C84-96F2-4922-8549-E4F727B9B3A5.tmp"
Lør 27 september 2008 0 A.. H. --- "C: \ Documents and Settings \ LocalService \ Application Data \ Webroot \ Spy Sweeper \ Temp \ SSCSF5708FAD-F162-475A-BBD8-590D8EED1563.tmp"
Lør 27 september 2008 1609542 A.. H. --- "C: \ Documents and Settings \ LocalService \ Application Data \ Webroot \ Spy Sweeper \ Temp \ SSCSF60C8606-1E32-4C46-9DD9-9591141A47D3.tmp"
Lør 27 september 2008 29084 A.. H. --- "C: \ Documents and Settings \ LocalService \ Application Data \ Webroot \ Spy Sweeper \ Temp \ SSCSF7DCFFB4-3037-49B4-8FAF-FB62C2892816.tmp"
Lør 27 september 2008 16965 A.. H. --- "C: \ Documents and Settings \ LocalService \ Application Data \ Webroot \ Spy Sweeper \ Temp \ SSCSFABFD6CE-CC5D-4B27-9BE0-5CE94D2BE9C9.tmp"

Ferdig!






Logfile of Trend Micro HijackThis v2.0.2
Scan lagret 11:22:30 PM, on 9/27/2008
Plattform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Kjører prosesser:
C: \ WINDOWS \ System32 \ smss.exe
C: \ WINDOWS \ system32 \ Winlogon.exe
C: \ WINDOWS \ system32 \ Services.exe
C: \ WINDOWS \ system32 \ Lsass.exe
C: \ WINDOWS \ system32 \ Svchost.exe
C: \ Programfiler \ Windows Defender \ MsMpEng.exe
C: \ WINDOWS \ system32 \ Svchost.exe
C: \ Programfiler \ Intel \ Wireless \ Bin \ EvtEng.exe
C: \ Programfiler \ Intel \ Wireless \ Bin \ S24EvMon.exe
C: \ Programfiler \ Intel \ Wireless \ Bin \ WLKeeper.exe
C: \ WINDOWS \ system32 \ LEXBCES.EXE
C: \ WINDOWS \ system32 \ Spoolsv.exe
C: \ WINDOWS \ system32 \ LEXPPS.EXE
C: \ Programfiler \ Fellesfiler \ AOL \ ACS \ AOLAcsd.exe
C: \ Programfiler \ Fellesfiler \ AOL \ TopSpeed \ 2.0 \ aoltsmon.exe
C: \ Programfiler \ Fellesfiler \ Apple \ Mobile Device Support \ bin \ AppleMobileDeviceService.exe
C: \ Programfiler \ PrevxCSI \ prevxcsi.exe
C: \ Programfiler \ PrevxCSI \ prevxcsi.exe
C: \ WINDOWS \ system32 \ dlcxcoms.exe
C: \ WINDOWS \ system32 \ Svchost.exe
C: \ Programfiler \ Fellesfiler \ Microsoft Shared \ VS7DEBUG \ MDM.EXE
C: \ Programfiler \ Dell \ QuickSet \ NICCONFIGSVC.exe
C: \ WINDOWS \ system32 \ nvsvc32.exe
C: \ Programfiler \ Intel \ Wireless \ Bin \ RegSrvc.exe
C: \ WINDOWS \ system32 \ rpcnet.exe
C: \ WINDOWS \ system32 \ Svchost.exe
C: \ Program Files \ Viewpoint \ Common \ ViewpointService.exe
C: \ Program Files \ Webroot \ Enterprise \ Spy Sweeper \ spysweeper.exe
C: \ WINDOWS \ Explorer.exe
C: \ Program Files \ Webroot \ Enterprise \ Spy Sweeper \ commagent.exe
C: \ WINDOWS \ system32 \ wscntfy.exe
C: \ Program Files \ Viewpoint \ Viewpoint Manager \ ViewMgr.exe
C: \ WINDOWS \ system32 \ Notepad.exe
C: \ Programfiler \ Dell \ QuickSet \ quickset.exe
C: \ WINDOWS \ system32 \ rundll32.exe
C: \ WINDOWS \ system32 \ spool \ drivers \ w32x86 \ 3 \ hpztsb0 3.exe
C: \ Programfiler \ iTunes \ iTunesHelper.exe
C: \ Programfiler \ Java \ jre1.6.0_07 \ bin \ jusched.exe
C: \ Programfiler \ Windows Defender \ MSASCui.exe
C: \ Program Files \ ErrorSmart \ ErrorSmart.exe
C: \ WINDOWS \ system32 \ Ctfmon.exe
C: \ Programfiler \ America Online 9.0 \ waol.exe
C: \ Program Files \ Cisco Systems \ Clean Access Agent \ CCAAgent.exe
C: \ WINDOWS \ system32 \ wuauclt.exe
C: \ Programfiler \ iPod \ bin \ iPodService.exe
C: \ Programfiler \ America Online 9.0 \ shellmon.exe
C: \ Programfiler \ Trend Micro \ HijackThis \ HijackThis.exe

R0 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://www.bridgew.edu/
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU \ Software \ Microsoft \ Internet Connection Wizard, ShellNext = http://www.bridgew.edu/
O2 - BHO: Adobe PDF Reader Link Helper - (06849E9F-C8D7-4D59-B87D-784B7D6BE0B3) - C: \ Programfiler \ Adobe \ Acrobat 7.0 \ ActiveX \ AcroIEHelper.dll
O2 - BHO: SSVHelper Class - (761497BB-D6F0-462C-B6EB-D4DAF1D92D43) - C: \ Programfiler \ Java \ jre1.6.0_07 \ bin \ ssv.dll
O2 - BHO: Viewpoint Toolbar BHO - (A7327C09-B521-4EDB-8509-7D2660C9EC98) - C: \ Program Files \ Viewpoint \ Viewpoint Toolbar \ 3.8.0 \ ViewBarBHO.dll
O3 - Toolbar: AOL Toolbar - (4982D40A-C53B-4615-B15B-B5B5E98D167C) - C: \ Program Files \ AOL Toolbar \ toolbar.dll
O3 - Toolbar: Viewpoint Toolbar - (F8AD5AA5-D966-4667-9DAF-2561D68B2012) - C: \ Programfiler \ Fellesfiler \ Viewpoint \ Toolbar Kjøretid \ 3.8.0 \ IEViewBar.dll
O4 - HKLM \ .. \ Run: [NvCplDaemon] rundll32.exe C: \ WINDOWS \ system32 \ NvCpl.dll, NvStartup
O4 - HKLM \ .. \ Run: [Dell QuickSet] C: \ Programfiler \ Dell \ QuickSet \ quickset.exe
O4 - HKLM \ .. \ Run: [NvMediaCenter] rundll32.exe NvMCTray.dll, NvTaskbarInit
O4 - HKLM \ .. \ Run: [HPDJ Taskbar Utility] C: \ WINDOWS \ system32 \ spool \ drivers \ w32x86 \ 3 \ hpztsb0 3.exe
O4 - HKLM \ .. \ Run: [QuickTime Task] "C: \ Programfiler \ QuickTime \ qttask.exe"-atboottime
O4 - HKLM \ .. \ Run: [iTunesHelper] "C: \ Programfiler \ iTunes \ iTunesHelper.exe"
O4 - HKLM \ .. \ Run: [DLCXCATS] rundll32 C: \ WINDOWS \ system32 \ spool \ DRIVERS \ W32X86 \ 3 \ DLCXtim e.dll, _RunDLLEntry @ 16
O4 - HKLM \ .. \ Run: [SunJavaUpdateSched] "C: \ Programfiler \ Java \ jre1.6.0_07 \ bin \ jusched.exe"
O4 - HKLM \ .. \ Run: [Windows Defender] "C: \ Programfiler \ Windows Defender \ MSASCui.exe"-hide
O4 - HKLM \ .. \ Run: [ErrorSmart] C: \ Program Files \ ErrorSmart \ ErrorSmart.exe
O4 - HKCU \ .. \ Run: [Ctfmon.exe] C: \ WINDOWS \ system32 \ Ctfmon.exe
O4 - HKCU \ .. \ Run: [AOL Fast Start] "C: \ Programfiler \ America Online 9.0 \ AOL.EXE"-b
O4 - HKUS \ S-1-5-18 \ .. \ RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS \. DEFAULT \ .. \ RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 -. DEFAULT User Startup: Clean Access Agent.lnk = C: \ Program Files \ Cisco Systems \ Clean Access Agent \ CCAAgent.exe (User '')
O4 - Startup: Clean Access Agent.lnk = C: \ Program Files \ Cisco Systems \ Clean Access Agent \ CCAAgent.exe
O6 - HKCU \ Software \ Policies \ Microsoft \ Internet Explorer \ Control Panel presentere
O8 - Extra sammenheng menyelement: & AOL Toolbar søk - res: / / C: \ Program Files \ AOL Toolbar \ toolbar.dll / SEARCH.HTML
O8 - Extra sammenheng menyelement: E & ksporter til Microsoft Excel - res: / / c: \ progra ~ 1 \ micros ~ 2 \ Office11 \ EXCEL.EXE/3000
O8 - Extra context menu item: Abonner på standard RSS-leser - C: \ Documents and Settings \ Administrator \ Application Data \ RssBandit \ iecontext_subscribefeed.htm
O9 - Extra knappen: (no name) - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Programfiler \ Java \ jre1.6.0_07 \ bin \ ssv.dll
O9 - Extra "Verktøy" MENUITEM: Sun Java Console - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Programfiler \ Java \ jre1.6.0_07 \ bin \ ssv.dll
O9 - Extra knappen: AOL Toolbar - (4982D40A-C53B-4615-B15B-B5B5E98D167C) - C: \ Program Files \ AOL Toolbar \ toolbar.dll
O9 - Extra "Verktøy" MENUITEM: AOL Toolbar - (4982D40A-C53B-4615-B15B-B5B5E98D167C) - C: \ Program Files \ AOL Toolbar \ toolbar.dll
O9 - Extra knappen: Research - (92780B25-18CC-41C8-B9BE-3C9C571A8263) - C: \ progra ~ 1 \ micros ~ 2 \ Office11 \ REFIEBAR.DLL
O9 - Extra knappen: Real.com - (CD67F990-D8E9-11d2-98FE-00C0F0318AFE) - C: \ WINDOWS \ system32 \ Shdocvw.dll
O9 - Extra knappen: (no name) - (e2e2dd38-d088-4134-82b7-f2ba38496583) - C: \ WINDOWS \ Network Diagnostic \ xpnetdiag.exe
O9 - Extra "Verktøy" MENUITEM: @ xpsp3res.dll, -20001 - (e2e2dd38-d088-4134-82b7-f2ba38496583) - C: \ WINDOWS \ Network Diagnostic \ xpnetdiag.exe
O9 - Extra knappen: PokerStars.net - (FA9B9510-9FCB-4ca0-818C-5D0987B47C4D) - C: \ Programfiler \ PokerStars.NET \ PokerStarsUpdate.exe
O9 - Extra knappen: Messenger - (FB5F1910-F110-11d2-BB9E-00C04F795683) - C: \ Programfiler \ Messenger \ msmsgs.exe
O9 - Extra "Verktøy" MENUITEM: Windows Messenger - (FB5F1910-F110-11d2-BB9E-00C04F795683) - C: \ Programfiler \ Messenger \ msmsgs.exe
O15 - Trusted Zone: *. bridgew.edu
O16 - DPF: (01A88BB1-1174-41EC-ACCB-963509EAE56B) (SysProWmi klasse) -- http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: (17492023-C23A-453E-A040-C7C580BBF700) (Windows Genuine Advantage Validation Tool) -- http://go.microsoft.com/fwlink/?link...67&clcid=0x409
Ø16 - DPF: (5e2a3510-4371-11d6-b64c-00c04faedb18) (Oracle JInitiator 1.1.8.18) -- http://frmserv.bridgew.edu/jinitiator/jinit.exe
O16 - DPF: (6414512B-B978-451D-A0D8-FCFDF33E833C) (WUWebControl Klassifikasjon) -- http://update.microsoft.com/windowsu...?1121111428606
O16 - DPF: (6E32070A-766D-4EE6-879C-DC1FA91D2FC3) (MUWebControl klasse) -- http://update.microsoft.com/microsof...?1121873156643
O16 - DPF: (BAE1D8DF-0B35-47E3-A1E7-EEB3FF2ECD19) (CPlayFirstddfotgControl Object) -- http://aolsvc.aol.com/onlinegames/fr...g.1.0.0.33.cab
O20 - Winlogon Notify:! SASWinLogon - C: \ Programfiler \ SUPERAntiSpyware \ SASWINLO.dll
O23 - Service: Adobe LM Service - Adobe Systems - C: \ Programfiler \ Fellesfiler \ Adobe Systems Shared \ Service \ Adobelmsvc.exe
O23 - Service: AOL Tilkobling Service (AOL ACS) - AOL LLC - C: \ Programfiler \ Fellesfiler \ AOL \ ACS \ AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C: \ Programfiler \ Fellesfiler \ AOL \ TopSpeed \ 2.0 \ aoltsmon.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C: \ Programfiler \ Fellesfiler \ Apple \ Mobile Device Support \ bin \ AppleMobileDeviceService.exe
O23 - Service: ATI Hurtigtast Poller - Unknown owner - C: \ WINDOWS \ system32 \ Ati2evxx.exe
O23 - Service: CSIScanner - Prevx - C: \ Programfiler \ PrevxCSI \ prevxcsi.exe
O23 - Service: dlcx_device - - C: \ WINDOWS \ system32 \ dlcxcoms.exe
O23 - Service: Intel (R) PROSet / Wireless Event Log (EvtEng) - Intel Corporation - C: \ Programfiler \ Intel \ Wireless \ Bin \ EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C: \ Programfiler \ Fellesfiler \ InstallShield \ Driver \ 11 \ Intel 32 \ IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C: \ Programfiler \ iPod \ bin \ iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C: \ WINDOWS \ system32 \ LEXBCES.EXE
O23 - Service: NICCONFIGSVC - Dell Inc. - C: \ Programfiler \ Dell \ QuickSet \ NICCONFIGSVC.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C: \ WINDOWS \ system32 \ nvsvc32.exe
O23 - Service: Intel (R) PROSet / Wireless Registry Service (RegSrvc) - Intel Corporation - C: \ Programfiler \ Intel \ Wireless \ Bin \ RegSrvc.exe
O23 - Service: Remote Procedure Call (RPC) Net (Rpcnet) - Unknown owner - C: \ WINDOWS \ system32 \ rpcnet.exe
O23 - Service: Intel (R) PROSet / Wireless Service (S24EventMonitor) - Intel Corporation - C: \ Programfiler \ Intel \ Wireless \ Bin \ S24EvMon.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C: \ Program Files \ Viewpoint \ Common \ ViewpointService.exe
O23 - Service: Webroot CommAgent Service (WebrootCommAgentService) - Webroot Software, Inc. - C: \ Program Files \ Webroot \ Enterprise \ Spy Sweeper \ commagent.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C: \ Program Files \ Webroot \ Enterprise \ Spy Sweeper \ spysweeper.exe
O23 - Service: Intel (R) PROSet / Wireless SSO Service (WLANKEEPER) - Intel (R) Corporation - C: \ Programfiler \ Intel \ Wireless \ Bin \ WLKeeper.exe

--
End of file - 10298 bytes

[evilfantasy]

Deaktiver SpySweeper

Kan du aktivere det etter at du er ren.

Hvis du vil deaktivere SpySweeper:

Åpen Spysweeper klikk> Valg over mot venstre, deretter> Program Valg > Fjern merkingen "belastningen på windows oppstart

Over til venstre klikker "skjold" og Fjern merkingen alle der.

Fjern merkingen "startsiden skjold"

Fjern merkingen "automatisk gjenopprette standard uten varsel"

Etter alle reparasjonene er fullført er det svært viktig at du aktiverer Sanntidsprisdata Protection igjen.

----------

Deaktiver Windows Defender

Vi trenger å deaktivere Windows Defender Sanntidsprisdata beskyttelse som det kan forstyrre feilrettingsfilene at vi må gjøre.

• Åpen Windows Defender
• Klikk på Verktøy, Generelle innstillinger
• Bla ned og fjern Slå på sanntids beskyttelse (anbefales)
• Når du fjerner dette ved å klikke på Lagre knappen og lukke Windows Defender.

Etter alle reparasjonene er fullført er det svært viktig at du aktiverer Sanntidsprisdata Protection igjen.

----------

Vi må fjerne ErrorSmart. Dette regnes som en rouge program fordi den er upålitelig og ofte installert uten brukerens samtykke.

Gå til Legg til eller fjern programmer og avinstallere ErrorSmart (hvis det er der)

----------

Åpne HijackThis og velg Gjør et søk.

Sett et merke ved siden av følgende oppføringer: (hvis det)

• O4 - HKLM \ .. \ Run: [ErrorSmart] C: \ Program Files \ ErrorSmart \ ErrorSmart.exe

Viktig: Lukk alle vinduer unntatt HijackThis og klikk Fix kontrolleres.

Avslutt HijackThis.

----------

Merk: nedenstående instruksjoner ble laget spesielt for denne brukeren. Hvis du ikke bruker, IKKE Følg disse skiltene fordi de kan ødelegge hjemkomsten til systemet

Gå til Start> Kjør og skriver Notepad.exe deretter OK

Kopier og lim inn nedenfor i Notepad og lagre som fixme.reg til ditt Desktop

Code:

REGEDIT4 [HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows \ CurrentVersion \ Run] "ErrorSmart" =-

Finn fixme.reg på skrivebordet og dobbeltklikk på den. Svar Ja når du blir bedt om å fusjonere med Registry.

Pass på at du fortelle meg hvis du mottar en suksess beskjed om å legge det over
i registret. Hvis du ikke får en suksess melding, gjorde det ikke.

Slett fixme.reg fra Desktop.

----------

Laste ned CCleaner Slim og lagre det til skrivebordet ditt.
Når filen er lagret, gå til skrivebordet og dobbeltklikk på ccsetupxxx_slim.exe
Følg instruksjonene for å installere programmet.
Fullfør installasjonen deretter:

• Dobbeltklikk CCleaner snarvei på skrivebordet for å starte programmet.
• Klikk på Valg blokken til venstre, velg deretter Cookies.
  • Under Cookies til SlettMarkerer alle cookies du vil beholde permanent
  • Klikk høyrepilen > å flytte dem til Cookies til å vinduet.
• Gå inn Valg > Avansert unsjekk Bare slette filer i Windows Temp mapper eldre enn 48 timer
• Klikk Cleaner til venstre, deretter Kjør Cleaner til høyre for å kjøre programmet.
• Viktig: Kontroller at ALL webleservinduer er lukket før du velger Kjør Cleaner
• Forsiktig: Det anbefales ikke at du bruker "Register"-funksjonen med mindre du er veldig kjent med registret.
• Avslutt CCleaner etter at det har fullført sin prosess.

Omstart datamaskinen og kjøre mbam deretter poste loggen.

----------

Laste ned Malwarebytes' Anti-Malware (MBAM)

• Dobbeltklikk mbam-setup.exe og følger instruksjonene for å installere programmet.
• Ved utgangen, må du passe på et merke plasseres ved siden av det følgende:
  • Oppdater Malwarebytes' Anti-Malware
  • Launch Malwarebytes' Anti-Malware
• Deretter klikker du Fullfør.
• Hvis en oppdatering er funnet, vil laste ned og installere den nyeste versjonen.
• Når programmet er lastet, velger du Utføre rask skanning, Og klikk Scan.
• Når skanningen er fullført, klikker du OK, Deretter Vis resultater å vise resultater.
• Pass på at alt er sjekket, og klikk Fjern valgte.
• Når desinfeksjon er ferdig, en logg åpnes i Notepad, og du kan bli bedt om å starte. (Se Extra Note)
• Loggen lagres automatisk ved MBAM og kan vises ved å klikke Logger kategorien i MBAM.
• Kopier og lim inn hele rapporten i neste svaret.

Ekstra Merk: Hvis MBAM finner en fil som er vanskelig å fjerne, vil du bli presentert med 1 av 2 ledetekster, klikk OK for å enten og la MBAM fortsette med desinfeksjon prosessen, hvis du blir bedt om å starte datamaskinen på nytt, kan du gjøre det umiddelbart.

[caroleella]

Jeg fikk en suksess melding fra registeret.





Malwarebytes' Anti-Malware 1.28
Database versjon: 1216
Windows 5.1.2600 Service Pack 2

9/28/2008 12:45:51 AM
mbam-log-2008-09-28 (00-45-51). txt

Scan type: Quick Scan
Objekter skannet: 59369
Tid brukt: 10 minutt (er), 46 sekund (er)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registernøkler Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(Ingen skadelige eks oppdaget)

Memory Modules Infected:
(Ingen skadelige eks oppdaget)

Registernøkler Infected:
(Ingen skadelige eks oppdaget)

Registry Values Infected:
(Ingen skadelige eks oppdaget)

Registry Data Items Infected:
(Ingen skadelige eks oppdaget)

Folders Infected:
(Ingen skadelige eks oppdaget)

Files Infected:
C: \ WINDOWS \ system32 \ SJv56bM4.exe.a_a (Trojan.Agent) -> Quarantined and deleted successfully.

[evilfantasy]

Eventuelle endringer?

[caroleella]

Nope, der fremdeles

[evilfantasy]

Ikke bekymre vi finner det.

Last ned ComboFix av ubåter fra én av de nedenfor koblinger. Pass på at toppen lagre det til Desktop.

Link # 1
Link # 2

** Merk: Det er viktig at det er lagret direkte til skrivebordet ditt

Lukk alle åpne weblesere. (Firefox, Internet Explorer, osv.) før du starter ComboFix.

Midlertidig deaktivere din antivirus, Og eventuelle antispyware sanntid beskyttelse før utføre en skanning. Klikk denne koblingen å se en liste over sikkerhetsprogrammer som skal være deaktivert og hvordan du deaktiverer dem.

Dobbeltklikk combofix.exe og følg instruksjonene.
Når du er ferdig ComboFix vil produsere en logg for deg.
Poste ComboFix logg i neste svaret.

Viktig: Ikke mouseclick ComboFix's vinduet mens den kjører. Det kan føre til stall.

Husk å aktivere din antivirus og antispyware beskyttelse når ComboFix er fullført.

[caroleella]

ComboFix 08-09-27.05 - Administrator 2008-09-28 11:44:34.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.615 [GMT -4:00]
Running from: C: \ Documents and Settings \ Administrator \ Skrivebord \ ComboFix.exe
* Opprettet et nytt gjenopprettingspunkt

ADVARSEL-Denne maskinen har ikke gjenopprettingskonsollen INSTALLERT!
.

((((((((((((((((((((((((((((((((((((((( Other slettingene ))))))))) ))))))))))))))))))))))))))))))))))))))))
.

C: \ Documents and Settings \ NetworkService \ Cookies \ system @ trafficmp [1]. Txt
C: \ WINDOWS \ system32 \ drivers \ fad.sys

.
((((((((((((((((((((((((( Files Created fra 2008-08-28 til 2008-09-28 ))))))))))) ))))))))))))))))))))
.

2008-09-28 01:46. 2008-09-28 01:46 0 - a ------ C: \ WINDOWS \ system32 \ SJv56bM4.exe.a_a
2008-09-27 22:45. 2008-09-27 22:45 <DIR> d -------- C: \ WINDOWS \ ERUNT
2008-09-27 22:20. 2008-09-27 23:19 <DIR> d -------- C: \ SDFix
2008-09-27 21:03. 2008-09-27 21:03 <DIR> d -------- C: \ Programfiler \ Trend Micro
2008-09-27 20:48. 2008-09-27 20:48 <DIR> d -------- C: \ Documents and Settings \ NetworkService \ Application Data \ AdobeUM
2008-09-27 20:36. 2008-09-27 20:40 <DIR> d -------- C: \ Documents and Settings \ Administrator \ Application Data \ ErrorSmart
2008-09-27 19:38. 2008-09-27 19:38 <DIR> d -------- C: \ Programfiler \ Malwarebytes' Anti-Malware
2008-09-27 19:38. 2008-09-27 19:38 <DIR> d -------- C: \ Documents and Settings \ All Users \ Application Data \ Malwarebytes
2008-09-27 19:38. 2008-09-27 19:38 <DIR> d -------- C: \ Documents and Settings \ Administrator \ Application Data \ Malwarebytes
2008-09-27 19:38. 2008-09-10 00:04 38.528 - en ------ C: \ WINDOWS \ system32 \ drivers \ mbamswissarmy.sys
2008-09-27 19:38. 2008-09-10 00:03 17.200 - en ------ C: \ WINDOWS \ system32 \ drivers \ mbam.sys
2008-09-27 15:20. 2008-09-27 15:20 <DIR> d -------- C: \ Programfiler \ SUPERAntiSpyware
2008-09-27 15:20. 2008-09-27 15:20 <DIR> d -------- C: \ Programfiler \ Fellesfiler \ Wise Installation Wizard
2008-09-27 15:20. 2008-09-27 15:20 <DIR> d -------- C: \ Documents and Settings \ All Users \ Application Data \ SUPERAntiSpyware.com
2008-09-27 15:20. 2008-09-27 15:20 <DIR> d -------- C: \ Documents and Settings \ Administrator \ Application Data \ SUPERAntiSpyware.com
2008-09-27 15:13. 2008-09-27 15:13 <DIR> d -------- C: \ Programfiler \ CCleaner
2008-09-27 12:35. 2008-09-27 12:35 <DIR> d -------- C: \ Programfiler \ PrevxCSI
2008-09-27 12:35. 2008-09-28 11:36 <DIR> d -------- C: \ Documents and Settings \ All Users \ Application Data \ PrevxCSI
2008-09-27 12:35. 2008-09-27 12:35 17.408 - en ------ C: \ WINDOWS \ system32 \ drivers \ pxark.sys
2008-09-27 00:48. 2008-09-27 00:47 102.664 - en ------ C: \ WINDOWS \ system32 \ drivers \ tmcomm.sys
2008-09-27 00:47. 2008-09-27 00:48 <DIR> d -------- C: \ Documents and Settings \ Administrator \. Housecall6.6
2008-09-26 23:23. 2008-09-26 23:22 30.272 - a ------ C: \ WINDOWS \ system32 \0vx55IOc.exe
2008-09-23 19:04. 2008-09-23 22:56 <DIR> d -------- C: \ WINDOWS \ system32 \ CatRoot_bak
2008-09-21 00:19. 2008-09-21 00:19 <DIR> d -------- C: \ Programfiler \ Windows Defender
2008-09-12 13:32. 2004-03-29 16:23 90.112 - en ------ C: \ WINDOWS \ unvise32.exe
2008-09-11 12:41. 2008-09-28 11:36 54.156 - ah ----- C: \ WINDOWS \ QTFont.qfn
2008-09-11 12:41. 2008-09-11 12:41 1.409 - en ------ C: \ WINDOWS \ QTFont.for
2008-09-09 15:33. 2008-09-09 15:56 <DIR> d -------- C: \ Documents and Settings \ All Users \ Application Data \ FarmFrenzy2
2008-09-04 13:39. 2008-09-04 13:39 <DIR> d -------- C: \ Programfiler \ Atari
2008-09-03 23:06. 2008-06-10 02:32 73.728 - en ------ C: \ WINDOWS \ system32 \ javacpl.cpl
2008-09-01 20:34. 2008-09-01 20:34 <DIR> d -------- C: \ Documents and Settings \ Administrator \ Application Data \ Eyeblaster
2008-08-28 23:11. 2004-08-04 00:56 159.232 - en ------ C: \ WINDOWS \ system32 \ ptpusd.dll
2008-08-28 23:11. 2001-08-17 22:36 5.632 - en ------ C: \ WINDOWS \ system32 \ ptpusb.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))) ))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-28 15:35 31.232 ---- aw C: \ WINDOWS \ system32 \ rpcnet.dll
2008-09-28 15:35 17.408 ---- aw C: \ WINDOWS \ system32 \ Rpcnetp.exe
2008-09-28 03:10 17.408 ---- aw C: \ WINDOWS \ system32 \ rpcnetp.dll
2008-09-28 00:20 --------- d ----- w C: \ Programfiler \ RealArcade
2008-09-25 21:30 --------- d ----- w C: \ Programfiler \ FTP Commander
2008-09-21 04:33 --------- d ----- w C: \ Programfiler \ Fellesfiler \ Adobe
2008-09-11 16:36 --------- d ----- w C: \ Documents and Settings \ Administrator \ Application Data \ uTorrent
2008-09-05 18:19 98.304 ---- aw C: \ WINDOWS \ system32 \ CmdLineExt.dll
2008-09-04 17:39 --------- d - h - w C: \ Programfiler \ InstallShield Installasjonsinformasjon
2008-09-04 03:06 --------- d ----- w C: \ Programfiler \ Java
2008-08-30 00:32 --------- d ----- w C: \ Programfiler \ dl_Cats
2008-08-24 21:28 --------- d ----- w C: \ Documents and Settings \ Administrator \ Application Data \ Flytt Networks
2008-08-24 21:07 --------- d ----- w C: \ Documents and Settings \ Administrator \ Application Data \ Gamelab
2008-07-30 01:59 --------- d ----- w C: \ Documents and Settings \ All Users \ Application Data \ FreshGames
2008-07-19 02:10 94.920 ---- aw C: \ WINDOWS \ system32 \ cdm.dll
2008-07-19 02:10 53.448 ---- aw C: \ WINDOWS \ system32 \ wuauclt.exe
2008-07-19 02:10 45.768 ---- aw C: \ WINDOWS \ system32 \ wups2.dll
2008-07-19 02:10 36.552 ---- aw C: \ WINDOWS \ system32 \ wups.dll
2008-07-19 02:09 563.912 ---- aw C: \ WINDOWS \ system32 \ wuapi.dll
2008-07-19 02:09 325.832 ---- aw C: \ WINDOWS \ system32 \ wucltui.dll
2008-07-19 02:09 205.000 ---- aw C: \ WINDOWS \ system32 \ wuweb.dll
2008-07-19 02:09 1.811.656 ---- aw C: \ WINDOWS \ system32 \ wuaueng.dll
2008-07-19 02:07 270.880 ---- aw C: \ WINDOWS \ system32 \ mucltui.dll
2008-07-19 02:07 210.976 ---- aw C: \ WINDOWS \ system32 \ muweb.dll
2008-07-07 20:32 253.952 ---- aw C: \ WINDOWS \ system32 \ es.dll
2007-10-02 01:01 60.968 ---- aw C: \ Documents and Settings \ Administrator \ GoToAssistDownloadHelper.ex e
2007-01-13 12:49 774.144 ---- aw C: \ Programfiler \ RngInterstitial.dll
2007-08-10 19:03 6.275.816 ---- aw C: \ Programfiler \ Mozilla Firefox \ plugins \ ScorchPDFWrapper.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))) ))))))))))))))))))))))))))))))))))))))))
.
.
* Note * empty entries & legit default entries ikke vises
REGEDIT4

[HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ Curre ntVersion \ Run]
"Ctfmon.exe" = "C: \ WINDOWS \ system32 \ Ctfmon.exe" [2004-08-04 15360]
"AOL Fast Start" = "C: \ Programfiler \ America Online 9.0 \ AOL.EXE" [2005-07-12 50776]

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Run]
"NvCplDaemon" = "C: \ WINDOWS \ system32 \ NvCpl.dll" [2007-04-28 8429568]
"Dell QuickSet" = "C: \ Programfiler \ Dell \ QuickSet \ quickset.exe" [2007-07-20 1228800]
"HPDJ Oppgavelinjen Utility" = "C: \ WINDOWS \ system32 \ Spool \ drivers \ w32x86 \ 3 \ hpztsb03.exe" [2001-06-12 200704]
"QuickTime Task" = "C: \ Programfiler \ QuickTime \ qttask.exe" [2008-01-10 385024]
"iTunesHelper" = "C: \ Programfiler \ iTunes \ iTunesHelper.exe" [2008-01-15 267048]
"DLCXCATS" = "C: \ WINDOWS \ system32 \ Spool \ drivers \ W32X 86 \ 3 \ DLCXtime.dll" [2006-10-16 106496]
"SunJavaUpdateSched" = "C: \ Programfiler \ Java \ jre1.6.0_07 \ bin \ jusched.exe" [2008-06-10 144784]
"NvMediaCenter" = "NvMCTray.dll" [2007-04-28 C: \ WINDOWS \ system32 \ nvmctray.dll]

[HKEY_USERS \. DEFAULT \ Software \ Microsoft \ Windows \ Cur rentVersion \ RunOnce]
"RunNarrator" = "Narrator.exe" [2004-08-04 C: \ WINDOWS \ system32 \ narrator.exe]

C: \ Documents and Settings \ Administrator \ Start-meny \ Programmer \ Startup
Renhet Access Agent.lnk - C: \ Programfiler \ Cisco Systems \ Clean Access Agent \ CCAAgent.exe [2007-06-28 2056266]

[HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ curre ntversion \ Policies \ Explorer]
"NoSMBalloonTip" = 1 (0x1)
"NoAutoTrayNotify" = 1 (0x1)

[HKEY_USERS \. DEFAULT \ Software \ Microsoft \ Windows \ cur rentversion \ Policies \ Explorer]
"NoActiveDesktopChanges" = 0 (0x0)

[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows \ curr entversion \ Explorer \ ShellExecuteHooks]
"(5AE067D3-9AFB-48E0-853A-EBB7F4A000DA)" = "C: \ Programfiler \ SUPERAntiSpyware \ SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows NT \ CurrentVersion \ Winlogon \ Notify \! SASWinLogon]
2008-07-23 16:28 352256 C: \ Programfiler \ SUPERAntiSpyware \ SASWINLO.dll

[HKLM \ ~ \ startupfolder \ C: ^ Documents and Settings ^ Administrator ^ Start Menu ^ Programs ^ Startup ^ Adobe Gamma.lnk]
path = C: \ Documents and Settings \ Administrator \ Start-meny \ Programmer \ Oppstart \ Adobe Gamma.lnk
backup = C: \ WINDOWS \ PSS \ Adobe Gamma.lnkStartup

[HKLM \ ~ \ startupfolder \ C: ^ Documents and Settings ^ All Users ^ Start Menu ^ Programs ^ Startup ^ Adobe Reader Speed Launch.lnk]
path = C: \ Documents and Settings \ All Users \ Start-meny \ Programmer \ Oppstart \ Adobe Reader Speed Launch.lnk
backup = C: \ WINDOWS \ PSS \ Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Shared Tools \ msconfig \ startupreg \ AOLDialer]
-ra ------ 2006-10-23 08:50 71216 C: \ Programfiler \ Fellesfiler \ AOL \ ACS \ AOLDial.exe

[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Shared Tools \ msconfig \ startupreg \ Apoint]
- en ------ 2003-08-20 20:24 151552 C: \ Programfiler \ Apoint \ Apoint.exe

[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Shared Tools \ msconfig \ startupreg \ Ctfmon.exe]
- en ------ 2004-08-04 00:56 15360 C: \ WINDOWS \ system32 \ Ctfmon.exe

[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Shared Tools \ msconfig \ startupreg \ HostManager]
- en ------ 2006-09-25 20:52 50736 C: \ Programfiler \ Fellesfiler \ AOL \ 1155864818 \ EE \ aolsoftware.exe

[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Shared Tools \ msconfig \ startupreg \ igfxhkcmd]
- en ------ 2006-07-14 18:04 77824 C: \ WINDOWS \ system32 \ hkcmd.exe

[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Shared Tools \ msconfig \ startupreg \ igfxpers]
- en ------ 2006-07-14 18:08 118784 C: \ WINDOWS \ system32 \ igfxpers.exe

[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Shared Tools \ msconfig \ startupreg \ igfxtray]
- en ------ 2006-07-14 18:07 94208 C: \ WINDOWS \ system32 \ igfxtray.exe

[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Shared Tools \ msconfig \ startupreg \ IntelWireless]
- en ------ 2006-08-02 01:32 696320 C: \ Programfiler \ Intel \ Wireless \ Bin \ iFrmewrk.exe

[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Shared Tools \ msconfig \ startupreg \ IntelZeroConfig]
- en ------ 2006-08-02 01:38 802816 C: \ Programfiler \ Intel \ Wireless \ Bin \ ZCfgSvc.exe

[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Shared Tools \ msconfig \ startupreg \ iTunesHelper]
- en ------ 2008-01-15 04:22 267048 C: \ Programfiler \ iTunes \ iTunesHelper.exe

[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Shared Tools \ msconfig \ startupreg \ MSMSGS]
- ah ----- 2004-10-13 12:24 1694208 C: \ Programfiler \ Messenger \ msmsgs.exe

[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Shared Tools \ msconfig \ startupreg \ NvCplDaemon]
- en ------ 2007-04-28 19:05 8429568 C: \ WINDOWS \ system32 \ nvcpl.dll

[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Shared Tools \ msconfig \ startupreg \ NvMediaCenter]
- en ------ 2007-04-28 19:05 81920 C: \ WINDOWS \ system32 \ nvmctray.dll

[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Shared Tools \ msconfig \ startupreg \ QuickTime Task]
- en ------ 2008-01-10 16:27 385024 C: \ Programfiler \ QuickTime \ QTTask.exe

[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Shared Tools \ msconfig \ startupreg \ RealTray]
- en ------ 2006-08-17 21:34 26112 C: \ Programfiler \ Real \ RealPlayer \ realplay.exe

[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Shared Tools \ msconfig \ startupreg \ SunJavaUpdateSched]
- en ------ 2006-12-15 04:23 75520 C: \ Programfiler \ Java \ jre1.5.0_11 \ bin \ jusched.exe

[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Shared Tools \ msconfig \ startupreg \ WMPNSCFG]
--------- 2006-10-18 20:05 204288 C: \ Programfiler \ Windows Media Player \ wmpnscfg.exe

[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Shared Tools \ msconfig \ startupreg \ NVHotkey]
- en ------ 2007-04-28 19:05 67584 C: \ WINDOWS \ system32 \ nvhotkey.dll

[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Shared Tools \ msconfig \ startupreg \ nwiz]
- en ------ 2007-04-28 19:05 1626112 C: \ WINDOWS \ system32 \ nwiz.exe

[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Shared Tools \ msconfig \ startupreg \ SigmatelSysTrayApp]
- a - c --- 2005-11-16 15:35 397312 C: \ WINDOWS \ stsystra.exe

[HKLM \ ~ \ Services \ sharedaccess \ Parameters \ firewallpo licy \ standardprofile \ AuthorizedApplications \ List]
"% windir% \ \ system32 \ \ sessmgr.exe" =
"C: \ \ Program Files \ \ RssBandit \ \ RSSBandit.exe" =
"C: \ \ Programfiler \ \ Fellesfiler \ \ AOL \ \ Loader \ \ aolload.exe" =
"C: \ \ Programfiler \ \ Fellesfiler \ \ AOL \ \ ACS \ \ AOLDial.exe" =
"C: \ \ Programfiler \ \ Fellesfiler \ \ AOL \ \ ACS \ \ AOLacsd.exe" =
"C: \ \ Programfiler \ \ America Online 9.0 \ \ waol.exe" =
"C: \ \ Programfiler \ \ Fellesfiler \ \ AOL \ \ TopSpeed \ \ 2.0 \ \ aoltsmon.exe" =
"C: \ \ Programfiler \ \ Fellesfiler \ \ AOL \ \ TopSpeed \ \ 2.0 \ \ aoltpspd.exe" =
"C: \ \ Programfiler \ \ Fellesfiler \ \ AOL \ \ 1155864818 \ \ EE \ \ AOLServiceHost.exe" =
"C: \ \ Programfiler \ \ Fellesfiler \ \ AOL \ \ System Information \ \ sinf.exe" =
"C: \ \ Programfiler \ \ Fellesfiler \ \ AOL \ AOL Spionprogrambeskyttelse \ \ AOLSP Scheduler.exe" =
"C: \ \ Programfiler \ \ Fellesfiler \ \ AOL \ AOL Spionprogrambeskyttelse \ \ Asp.exe" =
"C: \ \ Programfiler \ \ Fellesfiler \ \ AolCoach \ \ en_en \ \ player \ \ AOLNySEV.exe" =
"C: \ \ Program Files \ \ FTP Commander \ \ ftpcomm.exe" =
"C: \ \ Program Files \ \ Real \ RealPlayer \ \ realplay.exe" =
"C: \ \ StubInstaller.exe" =
"C: \ \ Program Files \ \ SmartFTP Client 2.0 \ \ SmartFTP.exe" =
"C: \ \ Program Files \ \ BitTornado \ \ btdownloadgui.exe" =
"C: \ \ Programfiler \ \ Fellesfiler \ \ AOL \ \ 1155864818 \ \ EE \ \ aolsoftware.exe" =
"C: \ \ Program Files \ \ Mozilla Firefox \ \ firefox.exe" =
"C: \ \ Program Files \ \ BitZip \ \ bitzip.exe" =
"C: \ \ Program Files \ \ uTorrent \ \ uTorrent.exe" =
"C: \ \ Program Files \ \ iTunes \ \ iTunes.exe" =
"% windir% \ \ Network Diagnostic \ \ xpnetdiag.exe" =
"C: \ \ WINDOWS \ \ system32 \ \ dlcxcoms.exe" =

[HKLM \ ~ \ Services \ sharedaccess \ Parameters \ firewallpo licy \ standardprofile \ GloballyOpenPorts \ List]
"50001: TCP" = 50001: TCP: webroots
"50002: TCP" = 50002: TCP: webroots2
"3389: TCP" = 3389: TCP: @ xpsp2res.dll, -22,009

[HKLM \ ~ \ Services \ sharedaccess \ Parameters \ firewallpo licy \ standardprofile \ IcmpSettings]
"AllowInboundEchoRequest" = 1 (0x1)

R0 a320raid; a320raid; C: \ WINDOWS \ system32 \ drivers \ A320 raid.sys [2006-04-04 251578]
R0 pxark; pxark; C: \ WINDOWS \ system32 \ drivers \ pxark.sys [2008-09-27 17408]
R1 SAVOnAccess Control; SAVOnAccess Control, C: \ WINDOWS \ system32 \ drivers \ savonaccesscon trol.sys [2006-04-14 80128]
R1 SAVOnAccess Filter; SAVOnAccess Filtrer; C: \ WINDOWS \ system32 \ drivers \ savonaccessfilt er.sys [2006-04-14 24064]
R2 CSIScanner; CSIScanner, C: \ Programfiler \ PrevxCSI \ prevxcsi.exe [2008-09-27 618040]
R2 dlcx_device; dlcx_device; C: \ WINDOWS \ system32 \ dlcxco ms.exe [2006-11-03 537480]
R2 Viewpoint Manager Service; Viewpoint Manager Service; C: \ Program Files \ Viewpoint \ Common \ ViewpointService.exe [2007-01-04 24652]
S2 ousbehci; NEC PCI til USB forbedret vertskontroller; C: \ WINDOWS \ system32 \ drivers \ ousbehci.sy s [2003-08-01 41600]
S3 GTIPCI21; GTIPCI21; C: \ WINDOWS \ system32 \ drivers \ gtip ci21.sys [2004-05-03 80384]
S3 NWADI; NWADI Buss Enumerator; C: \ WINDOWS \ system32 \ drivers \ NWADIenum.s ys [2005-12-09 67840]
S3 ousb2hub; OrangeWare USB 2.0 rothub Support; C: \ WINDOWS \ system32 \ drivers \ ousb2hub.sys [2003-08-01 55552]
S3 whfltr2k; WheelMouse USB Lower Filter Driver; C: \ WINDOWS \ system32 \ drivers \ whfltr2k.sys [2007-01-25 6784]
S3 whmice2k; Advanced Wheel Mouse Upper Filter Driver; C: \ WINDOWS \ system32 \ drivers \ whmice2k.sys [2004-04-25 6885]

[HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ curre ntversion \ Explorer \ mountpoints2 \ D]
\ Shell \ AutoRun \ command - D: \ autorun.exe

[HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ curre ntversion \ Explorer \ mountpoints2 \ (64d8acf2-5f84-11db-b756-00038a000015)]
\ Shell \ AutoRun \ command - E: \ Installer.exe

[HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ curre ntversion \ Explorer \ mountpoints2 \ (7aebf132-2e3f-11db-b6e0-0015c547091a)]
\ Shell \ AutoRun \ command - E: \ wd_windows_tools \ setup.exe

[HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ curre ntversion \ Explorer \ mountpoints2 \ (c4f3f4e1-2c11-11d9-8305-806d6172696f)]
\ Shell \ AutoRun \ command - D: \ Programmer \ nu2menu \ nu2menu.exe

* Newly Created Service * - PROCEXP90
.
Innholdet i "Scheduled Tasks"-mappen
.
- - - - Orphans fjernet - - - --

MSConfigStartUp-! AVG Anti-Spyware - C: \ Program Files \ Grisoft \ AVG Anti-Spyware 7.5 \ avgas.exe
MSConfigStartUp-DVDLauncher - C: \ Program Files \ CyberLink \ PowerDVD \ DVDLauncher.exe
MSConfigStartUp-SpySweeperEnterprise - C: \ Program Files \ Webroot \ Enterprise \ Spy Sweeper \ \ SpySweeperUI.exe
MSConfigStartUp-SpysweeperUI - C: \ Program Files \ Webroot \ Enterprise \ Spy Sweeper \ SpySweeperUI.exe
MSConfigStartUp-UpdateManager - C: \ Program Files \ Common Files \ Sonic \ Update Manager \ sgtray.exe


.
------- Tilleggsavtale Scan -------
.
FireFox -: Profile - C: \ Documents and Settings \ Administrator \ Application Data \ Mozilla \ Firefox \ Profiles \ dlc1hobz.default \
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp: / / www.broadway.com/
FF -: plugin - C: \ Documents and Settings \ Administrator \ Application Data \ Mozilla \ Firefox \ Profiles \ dlc1hobz.default \ ext ensions \ npmozax@real.com \ plugins \ npmozax.dll
FF -: plugin - C: \ Program Files \ Adobe \ Acrobat 7.0 \ Reader \ browser \ nppdf32.dll
FF -: plugin - C: \ Programfiler \ iTunes \ Mozilla Plugins \ npitunes.dll
FF -: plugin - C: \ Programfiler \ Mozilla Firefox \ plugins \ npagent.dll
FF -: plugin - C: \ Programfiler \ Mozilla Firefox \ plugins \ npmozax.dll
FF -: plugin - C: \ Programfiler \ Mozilla Firefox \ plugins \ npmusicn.dll
FF -: plugin - C: \ Programfiler \ Mozilla Firefox \ plugins \ npracplug.dll
FF -: plugin - C: \ Programfiler \ Mozilla Firefox \ plugins \ nptgeqplugin.dll
FF -: plugin - C: \ Programfiler \ Mozilla Firefox \ plugins \ npunagi2.dll
FF -: plugin - C: \ Program Files \ Real \ RealArcade \ Plugins \ Mozilla \ npracplug.dl l
FF -: plugin - C: \ Program Files \ Viewpoint \ Viewpoint Experience Technology \ npViewpoint.dll
.

************************************************** ************************

CatchMe 0.3.1361 W2K/XP/Vista - rootkit / skjulemodus malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-28 11:48:43
Windows 5.1.2600 Service Pack 2 NTFS

skanning skjulte prosesser ...

scanning hidden autostart entries ...

HKLM \ Software \ Microsoft \ Windows \ CurrentVersion \ Run
DLCXCATS = rundll32 C: \ WINDOWS \ system32 \ spool \ DRIVERS \ W32X86 \ 3 \ DLCXtim e.dll, _RunDLLEntry @ 16 ???????????????????????? ????? ?????????????????????????????????????????????????? ?????????????????????????????????????????????????? ??????????????????????????????????????????????????

skanning skjulte filer ...

skanning er fullført
skjulte filer: 0

************************************************** ************************
.
--------------------- DLLer Loaded Under Running Processes ---------------------

PROSESSEN: C: \ WINDOWS \ system32 \ Winlogon.exe
-> C: \ WINDOWS \ system32 \ Ati2evxx.dll
.
Completion time: 2008-09-28 11:50:56
ComboFix-quarantined-files.txt 2008-09-28 15:50:52

Pre-Run: 25918537728 bytes free
Post-Run: 25986658304 bytes free

255 --- EOF --- 2008-09-26 12:22:29

[evilfantasy]

Merk: nedenstående instruksjoner ble laget spesielt for denne brukeren. Hvis du ikke bruker, IKKE Følg disse skiltene fordi de kan ødelegge hjemkomsten til systemet

Slett disse filer / mapper som følger:

1. Gå til Start > Løpe > Type Notepad.exe og klikk OK å åpne Notisblokk.
Det må være Notisblokk ikke Wordpad.
2. Kopier teksten i under kode boksen ved å markere all teksten og trykke Ctrl + C

Code:

Killall:: File:: C: \ WINDOWS \ system32 \ SJv56bM4.exe.a_a C: \ WINDOWS \ system32 \ 0vx55IOc.exe Folder:: C: \ Documents and Settings \ Administrator \ Application Data \ ErrorSmart

3. Gå til Notisblokk-vinduet og klikk Rediger > Lim
4. Deretter klikker du Fil > Lagre
5. Navn filen CFScript.txt - Lagre filen på skrivebordet
6. Dra CFScript (hold venstre museknapp mens du dra filen) og slipp den (release venstre museknapp) i ComboFix.exe som du ser i skjermbildet nedenfor. Viktig: Utføre denne instruksjonen nøye!



ComboFix begynner å kjøre, bare følg instruksjonene.
Etter reboot (i tilfelle den ber om å reboot), vil det generere en loggfil for deg.
Innlegg som log (Combofix.txt) i neste svaret.

Merk: Ikke mouseclick ComboFix's vinduet mens den kjører. Som kan føre til systemet ditt til å fryse