Tregere og tregere

**RB211** · #1 4 apr 2008, 10:57

Når du laster ned noen ting mitt Puter blir tregere og tregere med irriterende spyware / malware legge dukker opp som jeg skrånende kvitt. Vennligst hjelp folkens ..

**Hybr! D** · #2 4 apr 2008, 11:02

Start her: http://www.computer-juice.com/forums...-posting-7476/

**RB211** · #3 4 apr 2008, 14:51

ok dette er første logg. Jeg tar det jeg bare fortsette?

SUPERAntiSpyware Scan Log
http://www.superantispyware.com
Generated 04.04.2008 at 10:06
Application Version: 4.0.1154
Core Rules Database Version: 3431
Trace Rules Database Version: 1423
Scan type: Complete Scan
Total Scan Time: 01:41:45
Minne eks skannet: 703
Minne trusler oppdages: 1
Registerelementene skannet: 5826
Registerverdi trusler oppdages: 43
Fil eks skannet: 289779
Fil trusler oppdages: 158
Adware.Vundo Variant / Resident
C: \ WINDOWS \ system32 \ MLJJJ.DLL
C: \ WINDOWS \ system32 \ MLJJJ.DLL
Trojan.WinFixer
HKLM \ Software \ Classes \ CLSID \ (09888678-51D6-42FC-9437-CBBFDA0B86EA)
HKCR \ CLSID \ (09888678-51D6-42FC-9437-CBBFDA0B86EA)
HKCR \ CLSID \ (09888678-51D6-42FC-9437-CBBFDA0B86EA) \ InprocServer32
HKCR \ CLSID \ (09888678-51D6-42FC-9437-CBBFDA0B86EA) \ InprocServer32 # ThreadingModel
HKLM \ Software \ Classes \ CLSID \ (6800D574-80D6-4F0F-B6C9-E590AF2F999B)
HKCR \ CLSID \ (6800D574-80D6-4F0F-B6C9-E590AF2F999B)
HKCR \ CLSID \ (6800D574-80D6-4F0F-B6C9-E590AF2F999B) \ InprocServer32
HKCR \ CLSID \ (6800D574-80D6-4F0F-B6C9-E590AF2F999B) \ InprocServer32 # ThreadingModel
C: \ WINDOWS \ system32 \ JKKLL.DLL
HKLM \ Software \ Microsoft \ Windows \ CurrentVersion \ EXP lorer \ Browser Helper Objects \ (09888678-51D6-42FC-9437-CBBFDA0B86EA)
Adware.Vundo Variant
HKLM \ Software \ Classes \ CLSID \ (3FECA576-7AD2-4E11-A6AD-6B59D4FB5DB9)
HKCR \ CLSID \ (3FECA576-7AD2-4E11-A6AD-6B59D4FB5DB9)
HKCR \ CLSID \ (3FECA576-7AD2-4E11-A6AD-6B59D4FB5DB9) \ InprocServer32
HKCR \ CLSID \ (3FECA576-7AD2-4E11-A6AD-6B59D4FB5DB9) \ InprocServer32 # ThreadingModel
C: \ WINDOWS \ system32 \ TUVSQPQ.DLL
HKLM \ Software \ Classes \ CLSID \ (D85530E8-D39D-49D0-9F36-300D594556D2)
HKCR \ CLSID \ (D85530E8-D39D-49D0-9F36-300D594556D2)
HKCR \ CLSID \ (D85530E8-D39D-49D0-9F36-300D594556D2) \ InprocServer32
HKCR \ CLSID \ (D85530E8-D39D-49D0-9F36-300D594556D2) \ InprocServer32 # ThreadingModel
C: \ WINDOWS \ system32 \ YAYWUVW.DLL
HKLM \ Software \ Microsoft \ Windows \ CurrentVersion \ EXP lorer \ Browser Helper Objects \ (3FECA576-7AD2-4E11-A6AD-6B59D4FB5DB9)
HKLM \ Software \ Microsoft \ Windows \ CurrentVersion \ EXP lorer \ ShellExecuteHooks # (D85530E8-D39D-49D0-9F36-300D594556D2)
HKLM \ Software \ Microsoft \ Windows \ CurrentVersion \ EXP lorer \ ShellExecuteHooks # (3FECA576-7AD2-4E11-A6AD-6B59D4FB5DB9)
HKCR \ CLSID \ (3FECA576-7AD2-4E11-A6AD-6B59D4FB5DB9)
HKCR \ CLSID \ (D85530E8-D39D-49D0-9F36-300D594556D2)
Unclassified.Unknown Origin
HKLM \ Software \ Classes \ CLSID \ (F4F10C1D-87C7-404A-B4B3-000000000000)
HKCR \ CLSID \ (F4F10C1D-87C7-404A-B4B3-000000000000)
HKCR \ CLSID \ (F4F10C1D-87C7-404A-B4B3-000000000000)
HKCR \ CLSID \ (F4F10C1D-87C7-404A-B4B3-000000000000) \ InprocServer32
HKCR \ CLSID \ (F4F10C1D-87C7-404A-B4B3-000000000000) \ InprocServer32 # ThreadingModel
HKCR \ CLSID \ (F4F10C1D-87C7-404A-B4B3-000000000000) \ ProgID
HKCR \ CLSID \ (F4F10C1D-87C7-404A-B4B3-000000000000) \ Programmable
HKCR \ CLSID \ (F4F10C1D-87C7-404A-B4B3-000000000000) \ TypeLib
HKCR \ CLSID \ (F4F10C1D-87C7-404A-B4B3-000000000000) \ VersionIndependentProgID
C: \ progra ~ 1 \ DAP \ SBSEARCH.DLL
HKU \ S-1-5-21-73586283-1326574676-839522115-1004 \ Software \ Microsoft \ Internet Explorer \ URLSearchHooks # (F4F10C1D-87C7-404A-B4B3-000000000000)
HKCR \ SearchHook.SrchHook.1
HKCR \ SearchHook.SrchHook
HKCR \ TypeLib \ (95EFB171-F3DF-4BEC-9EF7-829A800203E6)
HKCR \ TypeLib \ (95EFB171-F3DF-4BEC-9EF7-829A800203E6) \ 1.0
HKCR \ TypeLib \ (95EFB171-F3DF-4BEC-9EF7-829A800203E6) \ 1.0 \ 0
HKCR \ TypeLib \ (95EFB171-F3DF-4BEC-9EF7-829A800203E6) \ 1.0 \ 0 \ win32
HKCR \ TypeLib \ (95EFB171-F3DF-4BEC-9EF7-829A800203E6) \ 1.0 \ FLAGS
HKCR \ TypeLib \ (95EFB171-F3DF-4BEC-9EF7-829A800203E6) \ 1.0 \ HELPDIR
Adware.Tracking Cookie
C: \ Documents and Settings \ Danny \ Cookies \ danny @ serverer-sys [1]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny @ tribalfusion [1]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny @ DoubleClick [1]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny@bs.serving-sys [1]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny@bs.serving-sys [2]. Txt
C: \ Documents and Settings \ Roz \ Cookies \ roz@ad.yieldmanager [2]. Txt
C: \ Documents and Settings \ Roz \ Cookies \ roz@ad.zanox [1]. Txt
C: \ Documents and Settings \ Roz \ Cookies \ Roz @ adnetserver [1]. Txt
C: \ Documents and Settings \ Roz \ Cookies \ roz@ads.alpharooms [2]. Txt
C: \ Documents and Settings \ Roz \ Cookies \ roz@ads1.alpharooms [2]. Txt
C: \ Documents and Settings \ Roz \ Cookies \ roz@ads2.alpharooms [1]. Txt
C: \ Documents and Settings \ Roz \ Cookies \ roz@ads3.alpharooms [1]. Txt
C: \ Documents and Settings \ Roz \ Cookies \ roz@ads4.alpharooms [1]. Txt
C: \ Documents and Settings \ Roz \ Cookies \ Roz @ adultfriendfinder [2]. Txt
C: \ Documents and Settings \ Roz \ Cookies \ Roz @ gostats [2]. Txt
C: \ Documents and Settings \ Roz \ Cookies \ Roz @ hornymatches [2]. Txt
C: \ Documents and Settings \ Roz \ Cookies \ Roz @ indexstats [1]. Txt
C: \ Documents and Settings \ Roz \ Cookies \ Roz @ indexstats [3]. Txt
C: \ Documents and Settings \ Roz \ Cookies \ Roz @ linksynergy [1]. Txt
C: \ Documents and Settings \ Roz \ Cookies \ roz@media2.mediafileshost [2]. Txt
C: \ Documents and Settings \ Roz \ Cookies \ Roz @ statcounter [1]. Txt
C: \ Documents and Settings \ Roz \ Cookies \ roz@statse.webtrendslive [2]. Txt
C: \ Documents and Settings \ Roz \ Cookies \ roz@tracking.summitmedia.co [1]. Txt
C: \ Documents and Settings \ Roz \ Cookies \ roz@webstats.wthosting.co [2]. Txt
C: \ Documents and Settings \ Roz \ Cookies \ roz@www.admedia365 [2]. Txt
C: \ Documents and Settings \ Roz \ Cookies \ roz@www.admedia365 [3]. Txt
C: \ Documents and Settings \ Roz \ Cookies \ roz@www.hxtrack [2]. Txt
H: \ Documents and Settings \ Rozzie \ Cookies \ rozzie @ indexstats [2]. Txt
H: \ Documents and Settings \ Rozzie \ Cookies \ rozzie@pc-finder.co [2]. Txt
H: \ Documents and Settings \ Rozzie \ Cookies \ rozzie@www.pc-finder.co [2]. Txt
H: \ Nyere Docs & Sets \ Rozzie \ Cookies \ rozzie @ indexstats [2]. Txt
H: \ Nyere Docs & Sets \ Rozzie \ Cookies \ rozzie@pc-finder.co [2]. Txt
H: \ Nyere Docs & Sets \ Rozzie \ Cookies \ rozzie@www.pc-finder.co [2]. Txt
H: \ Rozzie \ Cookies \ rozzie @ indexstats [2]. Txt
H: \ Rozzie \ Cookies \ rozzie@pc-finder.co [2]. Txt
H: \ Rozzie \ Cookies \ rozzie@www.pc-finder.co [2]. Txt
Trojan.Unknown Origin
C: \ WINDOWS \ system32 \ nGpxx01
HKLM \ Software \ xpre
HKLM \ Software \ xpre # execount
Adware.VXGame-Trace
HKU \ S-1-5-21-73586283-1326574676-839522115-1005 \ Software \ kernelexe
Adware.Vundo Variant / rel
C: \ WINDOWS \ system32 \ ACCDD.INI
C: \ WINDOWS \ system32 \ ACCDD.INI2
C: \ WINDOWS \ system32 \ ILKKJ.INI
C: \ WINDOWS \ system32 \ ILKKJ.INI2
C: \ WINDOWS \ system32 \ JJJLM.INI
C: \ WINDOWS \ system32 \ JJJLM.INI2
C: \ WINDOWS \ system32 \ LLKKJ.INI
C: \ WINDOWS \ system32 \ LLKKJ.INI2
C: \ WINDOWS \ system32 \ LNNMP.INI2
C: \ WINDOWS \ system32 \ MCRH.TMP
C: \ WINDOWS \ system32 \ RRQSS.INI
C: \ WINDOWS \ system32 \ VVVWA.INI2
Adware.Vundo-Variant
C: \ WINDOWS \ system32 \ DDCCA.DLL
C: \ WINDOWS \ system32 \ SSQRR.DLL
Trace.Known Threat Kilder
C: \ Documents and Settings \ Roz \ Lokale innstillinger \ Temporary Internet Files \ Content.IE5 \ W9AJSLIB \ index [1]. Htm
C: \ Documents and Settings \ Roz \ Lokale innstillinger \ Temporary Internet Files \ Content.IE5 \ WTAN0PYF \ bunnen [2]. Gif
C: \ Documents and Settings \ Roz \ Lokale innstillinger \ Temporary Internet Files \ Content.IE5 \ WTAN0PYF \ i53b_t1 [1]. Gif
C: \ Documents and Settings \ Roz \ Lokale innstillinger \ Temporary Internet Files \ Content.IE5 \ 4P6RS5MF \ CAXOO75T.htm
C: \ Documents and Settings \ Roz \ Lokale innstillinger \ Temporary Internet Files \ Content.IE5 \ WTAN0PYF \ xrest [1]. Gif
C: \ Documents and Settings \ Roz \ Lokale innstillinger \ Temporary Internet Files \ Content.IE5 \ W9AJSLIB \ ajax [1]. Htm
C: \ Documents and Settings \ Roz \ Lokale innstillinger \ Temporary Internet Files \ Content.IE5 \ CTY381ER \ verx [1]. Gif
C: \ Documents and Settings \ Roz \ Lokale innstillinger \ Temporary Internet Files \ Content.IE5 \ WTAN0PYF \ i701_brd-top-1 [1]. Gif
C: \ Documents and Settings \ Roz \ Lokale innstillinger \ Temporary Internet Files \ Content.IE5 \ WTAN0PYF \ ledere [1]. Htm
C: \ Documents and Settings \ Roz \ Lokale innstillinger \ Temporary Internet Files \ Content.IE5 \ WTAN0PYF \ errorhandler [2]. Htm
C: \ Documents and Settings \ Roz \ Lokale innstillinger \ Temporary Internet Files \ Content.IE5 \ CTY381ER \ i701_line2 [1]. Jpg
C: \ Documents and Settings \ Roz \ Lokale innstillinger \ Temporary Internet Files \ Content.IE5 \ W9AJSLIB \ i701_boton1 [1]. Gif
C: \ Documents and Settings \ Roz \ Lokale innstillinger \ Temporary Internet Files \ Content.IE5 \ WTAN0PYF \ errorhandler [1]. Htm
C: \ Documents and Settings \ Roz \ Lokale innstillinger \ Temporary Internet Files \ Content.IE5 \ WTAN0PYF \ niz [1]. Gif
C: \ Documents and Settings \ Roz \ Lokale innstillinger \ Temporary Internet Files \ Content.IE5 \ 4P6RS5MF \ errorhandler [1]. Htm
C: \ Documents and Settings \ Roz \ Lokale innstillinger \ Temporary Internet Files \ Content.IE5 \ CTY381ER \ i53b_btn-funksjoner [1]. Gif
C: \ Documents and Settings \ Roz \ Lokale innstillinger \ Temporary Internet Files \ Content.IE5 \ W9AJSLIB \ i701_cor venstre-1 [1]. Gif
C: \ Documents and Settings \ Roz \ Lokale innstillinger \ Temporary Internet Files \ Content.IE5 \ CTY381ER \ i53b_icon3 [1]. Gif
C: \ Documents and Settings \ Roz \ Lokale innstillinger \ Temporary Internet Files \ Content.IE5 \ 4P6RS5MF \ CRYPT [1]. Htm
C: \ Documents and Settings \ Roz \ Lokale innstillinger \ Temporary Internet Files \ Content.IE5 \ 4P6RS5MF \ vindu [1]. Js
C: \ Documents and Settings \ Roz \ Lokale innstillinger \ Temporary Internet Files \ Content.IE5 \ W9AJSLIB \ ren [1]. Htm
C: \ Documents and Settings \ Roz \ Lokale innstillinger \ Temporary Internet Files \ Content.IE5 \ W9AJSLIB \ i53b_bg1 [1]. Gif
C: \ Documents and Settings \ Roz \ Lokale innstillinger \ Temporary Internet Files \ Content.IE5 \ W9AJSLIB \ stats [1]. Gif
C: \ Documents and Settings \ Roz \ Lokale innstillinger \ Temporary Internet Files \ Content.IE5 \ W9AJSLIB \ toppen [1]. Gif
C: \ Documents and Settings \ Roz \ Lokale innstillinger \ Temporary Internet Files \ Content.IE5 \ SDWBGNOV \ main_02 [1]. Gif
C: \ Documents and Settings \ Roz \ Lokale innstillinger \ Temporary Internet Files \ Content.IE5 \ W9AJSLIB \ CASL6F4X.htm
C: \ Documents and Settings \ Roz \ Lokale innstillinger \ Temporary Internet Files \ Content.IE5 \ W9AJSLIB \ i53b_line2 [1]. Gif
C: \ Documents and Settings \ Roz \ Lokale innstillinger \ Temporary Internet Files \ Content.IE5 \ 4P6RS5MF \ i701_cor høyre-1 [1]. Gif
C: \ Documents and Settings \ Roz \ Lokale innstillinger \ Temporary Internet Files \ Content.IE5 \ AHGZAXI5 \ anbefaler [1]. Gif
C: \ Documents and Settings \ Roz \ Lokale innstillinger \ Temporary Internet Files \ Content.IE5 \ W9AJSLIB \ i53b_icon5 [1]. Gif
C: \ Documents and Settings \ Roz \ Lokale innstillinger \ Temporary Internet Files \ Content.IE5 \ W9AJSLIB \ stiler [5]. Css
C: \ Documents and Settings \ Roz \ Lokale innstillinger \ Temporary Internet Files \ Content.IE5 \ ZLGK0BFB \ off_2 [1]. Gif
C: \ Documents and Settings \ Roz \ Lokale innstillinger \ Temporary Internet Files \ Content.IE5 \ 4P6RS5MF \ i701_bg2 [1]. Gif
C: \ Documents and Settings \ Roz \ Lokale innstillinger \ Temporary Internet Files \ Content.IE5 \ W9AJSLIB \ fremgang [1]. Gif
C: \ Documents and Settings \ Roz \ Lokale innstillinger \ Temporary Internet Files \ Content.IE5 \ CTY381ER \ i53b_btn-oversikt [1]. Gif
C: \ Documents and Settings \ Roz \ Lokale innstillinger \ Temporary Internet Files \ Content.IE5 \ CTY381ER \ index [5]. Htm
C: \ Documents and Settings \ Roz \ Lokale innstillinger \ Temporary Internet Files \ Content.IE5 \ CTY381ER \ stats [1]. Gif
C: \ Documents and Settings \ Roz \ Lokale innstillinger \ Temporary Internet Files \ Content.IE5 \ W9AJSLIB \ i701_bg3 [1]. Jpg
C: \ Documents and Settings \ Roz \ Lokale innstillinger \ Temporary Internet Files \ Content.IE5 \ 8NKJEV4R \ bottom_r_2 [1]. Gif
C: \ Documents and Settings \ Roz \ Lokale innstillinger \ Temporary Internet Files \ Content.IE5 \ 4P6RS5MF \ haster [1]. Gif
C: \ Documents and Settings \ Roz \ Lokale innstillinger \ Temporary Internet Files \ Content.IE5 \ W9AJSLIB \ errorhandler [1]. Htm
C: \ Documents and Settings \ Roz \ Lokale innstillinger \ Temporary Internet Files \ Content.IE5 \ 4P6RS5MF \ AC_RunActiveContent [1]. Htm
C: \ Documents and Settings \ Roz \ Lokale innstillinger \ Temporary Internet Files \ Content.IE5 \ 4P6RS5MF \ midle [1]. Gif
C: \ Documents and Settings \ Roz \ Lokale innstillinger \ Temporary Internet Files \ Content.IE5 \ QX8BMXM5 \ stiler [2]. Css
C: \ Documents and Settings \ Roz \ Lokale innstillinger \ Temporary Internet Files \ Content.IE5 \ 4P6RS5MF \ i53b_boton4 [1]. Gif
C: \ Documents and Settings \ Roz \ Lokale innstillinger \ Temporary Internet Files \ Content.IE5 \ WTAN0PYF \ i53b_btn-kjøpet [1]. Gif
C: \ Documents and Settings \ Roz \ Lokale innstillinger \ Temporary Internet Files \ Content.IE5 \ W9AJSLIB \ spacer [4]. Gif
C: \ Documents and Settings \ Roz \ Lokale innstillinger \ Temporary Internet Files \ Content.IE5 \ 4P6RS5MF \ ajax [1]. Htm
C: \ Documents and Settings \ Roz \ Lokale innstillinger \ Temporary Internet Files \ Content.IE5 \ G92ZKB2T \ mark [1]. Gif
C: \ Documents and Settings \ Roz \ Lokale innstillinger \ Temporary Internet Files \ Content.IE5 \ CX8VSB4B \ bottom_r [1]. Gif
C: \ Documents and Settings \ Roz \ Lokale innstillinger \ Temporary Internet Files \ Content.IE5 \ CTY381ER \ CRYPT [1]. Htm
C: \ Documents and Settings \ Roz \ Lokale innstillinger \ Temporary Internet Files \ Content.IE5 \ LO76ZR17 \ errsnd [1]. Swf
C: \ Documents and Settings \ Roz \ Lokale innstillinger \ Temporary Internet Files \ Content.IE5 \ CX8VSB4B \ bottom_l [1]. Gif
C: \ Documents and Settings \ Roz \ Lokale innstillinger \ Temporary Internet Files \ Content.IE5 \ CTY381ER \ i53b_brd-top-1 [1]. Gif
C: \ Documents and Settings \ Roz \ Lokale innstillinger \ Temporary Internet Files \ Content.IE5 \ CTY381ER \ CRYPT [2]. Htm
C: \ Documents and Settings \ Roz \ Lokale innstillinger \ Temporary Internet Files \ Content.IE5 \ AHGZAXI5 \ secpan [1]. Gif
C: \ Documents and Settings \ Roz \ Lokale innstillinger \ Temporary Internet Files \ Content.IE5 \ W9AJSLIB \ i53b_btn hjemmet [1]. Gif
C: \ Documents and Settings \ Roz \ Lokale innstillinger \ Temporary Internet Files \ Content.IE5 \ CTY381ER \ CAUJABA1.htm
C: \ Documents and Settings \ Roz \ Lokale innstillinger \ Temporary Internet Files \ Content.IE5 \ WTAN0PYF \ AC_ActiveX [1]. Htm
C: \ Documents and Settings \ Roz \ Lokale innstillinger \ Temporary Internet Files \ Content.IE5 \ 4P6RS5MF \ i53b_line3 [1]. Gif
C: \ Documents and Settings \ Roz \ Lokale innstillinger \ Temporary Internet Files \ Content.IE5 \ 4P6RS5MF \ chec [1]. Gif
C: \ Documents and Settings \ Roz \ Lokale innstillinger \ Temporary Internet Files \ Content.IE5 \ WTAN0PYF \ i53b_icon1 [1]. Gif
C: \ Documents and Settings \ Roz \ Lokale innstillinger \ Temporary Internet Files \ Content.IE5 \ WTAN0PYF \ ajax [1]. Htm
C: \ Documents and Settings \ Roz \ Lokale innstillinger \ Temporary Internet Files \ Content.IE5 \ 4P6RS5MF \ i53b_btn nedlasting [1]. Gif
C: \ Documents and Settings \ Roz \ Lokale innstillinger \ Temporary Internet Files \ Content.IE5 \ ZLGK0BFB \ x [2]. Gif
C: \ Documents and Settings \ Roz \ Lokale innstillinger \ Temporary Internet Files \ Content.IE5 \ CTY381ER \ CA3MKJZH.htm
C: \ Documents and Settings \ Roz \ Lokale innstillinger \ Temporary Internet Files \ Content.IE5 \ WTAN0PYF \ i701_BG [1]. Jpg
C: \ Documents and Settings \ Roz \ Lokale innstillinger \ Temporary Internet Files \ Content.IE5 \ W9AJSLIB \ i701_line1 [1]. Jpg
C: \ Documents and Settings \ Roz \ Lokale innstillinger \ Temporary Internet Files \ Content.IE5 \ W9AJSLIB \ i701_brd-bot-1 [1]. Gif
C: \ Documents and Settings \ Roz \ Lokale innstillinger \ Temporary Internet Files \ Content.IE5 \ WTAN0PYF \ i701_pc [1]. Jpg
C: \ Documents and Settings \ Roz \ Lokale innstillinger \ Temporary Internet Files \ Content.IE5 \ 4P6RS5MF \ i53b_boton2 [1]. Gif
C: \ Documents and Settings \ Roz \ Lokale innstillinger \ Temporary Internet Files \ Content.IE5 \ W9AJSLIB \ i53b_brd-bot-1 [1]. Gif
C: \ Documents and Settings \ Roz \ Lokale innstillinger \ Temporary Internet Files \ Content.IE5 \ WTAN0PYF \ i701_bg4 [1]. Jpg
C: \ Documents and Settings \ Roz \ Lokale innstillinger \ Temporary Internet Files \ Content.IE5 \ 4P6RS5MF \ ledere [1]. Htm
C: \ Documents and Settings \ Roz \ Lokale innstillinger \ Temporary Internet Files \ Content.IE5 \ 4P6RS5MF \ i53b_btn oppdateringer [1]. Gif
C: \ Documents and Settings \ Roz \ Lokale innstillinger \ Temporary Internet Files \ Content.IE5 \ W9AJSLIB \ ledere [1]. Htm
C: \ Documents and Settings \ Roz \ Lokale innstillinger \ Temporary Internet Files \ Content.IE5 \ UR2NQ1UR \ varsling [1]. Gif
C: \ Documents and Settings \ Roz \ Lokale innstillinger \ Temporary Internet Files \ Content.IE5 \ WTAN0PYF \ flash [1]. Js
C: \ Documents and Settings \ Roz \ Lokale innstillinger \ Temporary Internet Files \ Content.IE5 \ 4P6RS5MF \ i701_spacer [1]. Gif
C: \ Documents and Settings \ Roz \ Lokale innstillinger \ Temporary Internet Files \ Content.IE5 \ AL6HK9M7 \ main_06 [1]. Gif
C: \ Documents and Settings \ Roz \ Lokale innstillinger \ Temporary Internet Files \ Content.IE5 \ W9AJSLIB \ head_r_back [1]. Gif
C: \ Documents and Settings \ Roz \ Lokale innstillinger \ Temporary Internet Files \ Content.IE5 \ LO76ZR17 \ skjold [1]. Gif
C: \ Documents and Settings \ Roz \ Lokale innstillinger \ Temporary Internet Files \ Content.IE5 \ WTAN0PYF \ i701_line3 [1]. Gif
C: \ Documents and Settings \ Roz \ Lokale innstillinger \ Temporary Internet Files \ Content.IE5 \ CTY381ER \ i701_boton2 [1]. Gif
C: \ Documents and Settings \ Roz \ Lokale innstillinger \ Temporary Internet Files \ Content.IE5 \ CTY381ER \ flash_detect [1]. Htm
C: \ Documents and Settings \ Roz \ Lokale innstillinger \ Temporary Internet Files \ Content.IE5 \ M1Q5EV4X \ spille [1]. Js
C: \ Documents and Settings \ Roz \ Lokale innstillinger \ Temporary Internet Files \ Content.IE5 \ UR2NQ1UR \ main_10 [1]. Gif
C: \ Documents and Settings \ Roz \ Lokale innstillinger \ Temporary Internet Files \ Content.IE5 \ M1Q5EV4X \ main_05 [1]. Gif
C: \ Documents and Settings \ Roz \ Lokale innstillinger \ Temporary Internet Files \ Content.IE5 \ QX8BMXM5 \ kryss [1]. Gif
C: \ Documents and Settings \ Roz \ Lokale innstillinger \ Temporary Internet Files \ Content.IE5 \ G92ZKB2T \ main_07 [1]. Gif
C: \ Documents and Settings \ Roz \ Lokale innstillinger \ Temporary Internet Files \ Content.IE5 \ EJ23EDUF \ closebutton [1]. Gif
C: \ Documents and Settings \ Roz \ Lokale innstillinger \ Temporary Internet Files \ Content.IE5 \ 8NKJEV4R \ main_03 [1]. Gif
C: \ Documents and Settings \ Roz \ Lokale innstillinger \ Temporary Internet Files \ Content.IE5 \ CTY381ER \ ban_2 [1]. Swf
C: \ Documents and Settings \ Roz \ Lokale innstillinger \ Temporary Internet Files \ Content.IE5 \ CTY381ER \ logo2 [1]. Gif
C: \ Documents and Settings \ Roz \ Lokale innstillinger \ Temporary Internet Files \ Content.IE5 \ WTAN0PYF \ data [1]. Htm
C: \ Documents and Settings \ Roz \ Lokale innstillinger \ Temporary Internet Files \ Content.IE5 \ LO76ZR17 \ off_back [1]. Gif
C: \ Documents and Settings \ Roz \ Lokale innstillinger \ Temporary Internet Files \ Content.IE5 \ AL6HK9M7 \ download [1]. Gif
C: \ Documents and Settings \ Roz \ Lokale innstillinger \ Temporary Internet Files \ Content.IE5 \ M1Q5EV4X \ main_04 [1]. Gif
C: \ Documents and Settings \ Roz \ Lokale innstillinger \ Temporary Internet Files \ Content.IE5 \ W9AJSLIB \ popup [1]. Gif
C: \ Documents and Settings \ Roz \ Lokale innstillinger \ Temporary Internet Files \ Content.IE5 \ CTY381ER \ left_3 [1]. Gif
C: \ Documents and Settings \ Roz \ Lokale innstillinger \ Temporary Internet Files \ Content.IE5 \ QX8BMXM5 \ bottom_l_2 [1]. Gif
C: \ Documents and Settings \ Roz \ Lokale innstillinger \ Temporary Internet Files \ Content.IE5 \ Z81HJ8WK \ right_2 [1]. Gif

**evilfantasy** · #4 4 apr 2008, 19:20

Ja kan du fortsette med resten av trinnene. Hvert trinn ser etter og løser forskjellige trusler.

**RB211** · #5 5 april 2008, 00:13

OK Heres andre logge ..

Malwarebytes' Anti-Malware 1.10
Database versjon: 592
Scan type: Full Scan (A: \ | C: \ | D: \ | E: \ | H: \ | I: \ | J: \ |)
Objekter skannet: 336027
Tid brukt: 1 time (r), 8 minutt (er), 1 sekund (er)
Memory Processes Infected: 5
Memory Modules Infected: 0
Registernøkler Infected: 10
Registry Values Infected: 7
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 11
Memory Processes Infected:
C: \ WINDOWS \ system32 \ drivers \ Ctfmon.exe (Trojan.Agent) -> losses prosessen var vellykket.
C: \ WINDOWS \ system32 \ drivers \ Ctfmon.exe (Trojan.Agent) -> losses prosessen var vellykket.
C: \ Documents and Settings \ Danny \ Lokale innstillinger \ Programdata \ spool.exe (Trojan.Agent) -> losses prosessen var vellykket.
C: \ Documents and Settings \ Danny \ Lokale innstillinger \ Programdata \ spool.exe (Trojan.Agent) -> losses prosessen var vellykket.
C: \ Documents and Settings \ Danny \ Lokale innstillinger \ Programdata \ spool.exe (Trojan.Agent) -> losses prosessen var vellykket.
Memory Modules Infected:
(Ingen skadelige eks oppdaget)
Registernøkler Infected:
HKEY_LOCAL_MACHINE \ SYSTEM \ ControlSet001 \ Services \ s chedule (Trojan.Agent) -> karantene og slettet.
HKEY_LOCAL_MACHINE \ SYSTEM \ ControlSet002 \ Services \ s chedule (Trojan.Agent) -> karantene og slettet.
HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ tjenester es \ tidsplan (Trojan.Agent) -> karantene og slettet.
HKEY_CURRENT_USER \ Software \ Microsoft \ affri (Malware.Trace) -> karantene og slettet.
HKEY_CURRENT_USER \ Software \ Microsoft \ affltid (Malware.Trace) -> karantene og slettet.
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ affltid (Malware.Trace) -> karantene og slettet.
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ affri (Malware.Trace) -> karantene og slettet.
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ MS Juan (Malware.Trace) -> karantene og slettet.
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ FCOVM (Trojan.Vundo) -> karantene og slettet.
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ RemoveRP (Trojan.Vundo) -> karantene og slettet.
Registry Values Infected:
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Run \ BMafb2445c (Trojan.Agent) -> karantene og slettet.
HKEY_CURRENT_USER \ SOFTWARE \ Microsoft \ Windows \ Curre ntVersion \ Run \ ntuser (Trojan.Agent) -> karantene og slettet.
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Run \ ntuser (Trojan.Agent) -> karantene og slettet.
HKEY_USERS \. DEFAULT \ Software \ Microsoft \ Windows \ Cur rentVersion \ Run \ ntuser (Trojan.Agent) -> karantene og slettet.
HKEY_USERS \. DEFAULT \ Software \ Microsoft \ Windows \ Cur rentVersion \ Run \ autoload (Trojan.Agent) -> karantene og slettet.
HKEY_CURRENT_USER \ SOFTWARE \ Microsoft \ Windows \ Curre ntVersion \ Run \ autoload (Trojan.Agent) -> karantene og slettet.
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Run \ autoload (Trojan.Agent) -> karantene og slettet.
Registry Data Items Infected:
(Ingen skadelige eks oppdaget)
Folders Infected:
(Ingen skadelige eks oppdaget)
Files Infected:
C: \ Documents and Settings \ LocalService \ Lokale innstillinger \ Temporary Internet Files \ Content.IE5 \ GHIJKLMN \ runder [1]. Jpg (Trojan.Madcode) -> karantene og slettet.
C: \ System Volume Information \ _Restore (B4EDD13F-A6F1-41A1-814E-E5C94DDA45B5) \ RP8 \ A0002994.exe (Trojan.Downloader) -> karantene og slettet.
C: \ WINDOWS \ system32 \ iupdate.exe (Trojan.Madcode) -> karantene og slettet.
C: \ WINDOWS \ system32 \ kchkioor.dll (Trojan.Agent) -> Delete on reboot.
C: \ WINDOWS \ system32 \ drivers \ Ctfmon.exe (Trojan.Agent) -> karantene og slettet.
C: \ WINDOWS \ system32 \ pac.txt (Malware.Trace) -> karantene og slettet.
C: \ WINDOWS \ system32 \ drivers \ spools.exe (Trojan.Agent) -> karantene og slettet.
C: \ Documents and Settings \ Danny \ cftmon.exe (Trojan.Agent) -> karantene og slettet.
C: \ Documents and Settings \ Roz \ Lokale innstillinger \ Programdata \ spool.exe (Trojan.Agent) -> karantene og slettet.
C: \ Documents and Settings \ LocalService \ Lokale innstillinger \ Programdata \ spool.exe (Trojan.Agent) -> karantene og slettet.
C: \ Documents and Settings \ Danny \ Lokale innstillinger \ Programdata \ spool.exe (Trojan.Agent) -> karantene og slettet.

**RB211** · #6 5 april 2008, 00:51

Å OK jeg gjorde ikke innser jeg måtte legge dem alle sammen. Beklager folkens ... Her er de:

SUPERAntiSpyware Scan Log
http://www.superantispyware.com
Generated 04.04.2008 at 10:06
Application Version: 4.0.1154
Core Rules Database Version: 3431
Trace Rules Database Version: 1423
Scan type: Complete Scan
Total Scan Time: 01:41:45
Minne eks skannet: 703
Minne trusler oppdages: 1
Registerelementene skannet: 5826
Registerverdi trusler oppdages: 43
Fil eks skannet: 289779
Fil trusler oppdages: 158
Adware.Vundo Variant / Resident
C: \ WINDOWS \ system32 \ MLJJJ.DLL
C: \ WINDOWS \ system32 \ MLJJJ.DLL
Trojan.WinFixer
HKLM \ Software \ Classes \ CLSID \ (09888678-51D6-42FC-9437-CBBFDA0B86EA)
HKCR \ CLSID \ (09888678-51D6-42FC-9437-CBBFDA0B86EA)
HKCR \ CLSID \ (09888678-51D6-42FC-9437-CBBFDA0B86EA) \ InprocServer32
HKCR \ CLSID \ (09888678-51D6-42FC-9437-CBBFDA0B86EA) \ InprocServer32 # ThreadingModel
HKLM \ Software \ Classes \ CLSID \ (6800D574-80D6-4F0F-B6C9-E590AF2F999B)
HKCR \ CLSID \ (6800D574-80D6-4F0F-B6C9-E590AF2F999B)
HKCR \ CLSID \ (6800D574-80D6-4F0F-B6C9-E590AF2F999B) \ InprocServer32
HKCR \ CLSID \ (6800D574-80D6-4F0F-B6C9-E590AF2F999B) \ InprocServer32 # ThreadingModel
C: \ WINDOWS \ system32 \ JKKLL.DLL
HKLM \ Software \ Microsoft \ Windows \ CurrentVersion \ EXP lorer \ Browser Helper Objects \ (09888678-51D6-42FC-9437-CBBFDA0B86EA)
Adware.Vundo Variant
HKLM \ Software \ Classes \ CLSID \ (3FECA576-7AD2-4E11-A6AD-6B59D4FB5DB9)
HKCR \ CLSID \ (3FECA576-7AD2-4E11-A6AD-6B59D4FB5DB9)
HKCR \ CLSID \ (3FECA576-7AD2-4E11-A6AD-6B59D4FB5DB9) \ InprocServer32
HKCR \ CLSID \ (3FECA576-7AD2-4E11-A6AD-6B59D4FB5DB9) \ InprocServer32 # ThreadingModel
C: \ WINDOWS \ system32 \ TUVSQPQ.DLL
HKLM \ Software \ Classes \ CLSID \ (D85530E8-D39D-49D0-9F36-300D594556D2)
HKCR \ CLSID \ (D85530E8-D39D-49D0-9F36-300D594556D2)
HKCR \ CLSID \ (D85530E8-D39D-49D0-9F36-300D594556D2) \ InprocServer32
HKCR \ CLSID \ (D85530E8-D39D-49D0-9F36-300D594556D2) \ InprocServer32 # ThreadingModel
C: \ WINDOWS \ system32 \ YAYWUVW.DLL
HKLM \ Software \ Microsoft \ Windows \ CurrentVersion \ EXP lorer \ Browser Helper Objects \ (3FECA576-7AD2-4E11-A6AD-6B59D4FB5DB9)
HKLM \ Software \ Microsoft \ Windows \ CurrentVersion \ EXP lorer \ ShellExecuteHooks # (D85530E8-D39D-49D0-9F36-300D594556D2)
HKLM \ Software \ Microsoft \ Windows \ CurrentVersion \ EXP lorer \ ShellExecuteHooks # (3FECA576-7AD2-4E11-A6AD-6B59D4FB5DB9)
HKCR \ CLSID \ (3FECA576-7AD2-4E11-A6AD-6B59D4FB5DB9)
HKCR \ CLSID \ (D85530E8-D39D-49D0-9F36-300D594556D2)
Unclassified.Unknown Origin
HKLM \ Software \ Classes \ CLSID \ (F4F10C1D-87C7-404A-B4B3-000000000000)
HKCR \ CLSID \ (F4F10C1D-87C7-404A-B4B3-000000000000)
HKCR \ CLSID \ (F4F10C1D-87C7-404A-B4B3-000000000000)
HKCR \ CLSID \ (F4F10C1D-87C7-404A-B4B3-000000000000) \ InprocServer32
HKCR \ CLSID \ (F4F10C1D-87C7-404A-B4B3-000000000000) \ InprocServer32 # ThreadingModel
HKCR \ CLSID \ (F4F10C1D-87C7-404A-B4B3-000000000000) \ ProgID
HKCR \ CLSID \ (F4F10C1D-87C7-404A-B4B3-000000000000) \ Programmable
HKCR \ CLSID \ (F4F10C1D-87C7-404A-B4B3-000000000000) \ TypeLib
HKCR \ CLSID \ (F4F10C1D-87C7-404A-B4B3-000000000000) \ VersionIndependentProgID
C: \ progra ~ 1 \ DAP \ SBSEARCH.DLL
HKU \ S-1-5-21-73586283-1326574676-839522115-1004 \ Software \ Microsoft \ Internet Explorer \ URLSearchHooks # (F4F10C1D-87C7-404A-B4B3-000000000000)
HKCR \ SearchHook.SrchHook.1
HKCR \ SearchHook.SrchHook
HKCR \ TypeLib \ (95EFB171-F3DF-4BEC-9EF7-829A800203E6)
HKCR \ TypeLib \ (95EFB171-F3DF-4BEC-9EF7-829A800203E6) \ 1.0
HKCR \ TypeLib \ (95EFB171-F3DF-4BEC-9EF7-829A800203E6) \ 1.0 \ 0
HKCR \ TypeLib \ (95EFB171-F3DF-4BEC-9EF7-829A800203E6) \ 1.0 \ 0 \ win32
HKCR \ TypeLib \ (95EFB171-F3DF-4BEC-9EF7-829A800203E6) \ 1.0 \ FLAGS
HKCR \ TypeLib \ (95EFB171-F3DF-4BEC-9EF7-829A800203E6) \ 1.0 \ HELPDIR
Adware.Tracking Cookie
C: \ Documents and Settings \ Danny \ Cookies \ danny @ serverer-sys [1]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny @ tribalfusion [1]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny @ DoubleClick [1]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny@bs.serving-sys [1]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny@bs.serving-sys [2]. Txt
C: \ Documents and Settings \ Roz \ Cookies \ roz@ad.yieldmanager [2]. Txt
C: \ Documents and Settings \ Roz \ Cookies \ roz@ad.zanox [1]. Txt
C: \ Documents and Settings \ Roz \ Cookies \ Roz @ adnetserver [1]. Txt
C: \ Documents and Settings \ Roz \ Cookies \ roz@ads.alpharooms [2]. Txt
C: \ Documents and Settings \ Roz \ Cookies \ roz@ads1.alpharooms [2]. Txt
C: \ Documents and Settings \ Roz \ Cookies \ roz@ads2.alpharooms [1]. Txt
C: \ Documents and Settings \ Roz \ Cookies \ roz@ads3.alpharooms [1]. Txt
C: \ Documents and Settings \ Roz \ Cookies \ roz@ads4.alpharooms [1]. Txt
C: \ Documents and Settings \ Roz \ Cookies \ Roz @ adultfriendfinder [2]. Txt
C: \ Documents and Settings \ Roz \ Cookies \ Roz @ gostats [2]. Txt
C: \ Documents and Settings \ Roz \ Cookies \ Roz @ hornymatches [2]. Txt
C: \ Documents and Settings \ Roz \ Cookies \ Roz @ indexstats [1]. Txt
C: \ Documents and Settings \ Roz \ Cookies \ Roz @ indexstats [3]. Txt
C: \ Documents and Settings \ Roz \ Cookies \ Roz @ linksynergy [1]. Txt
C: \ Documents and Settings \ Roz \ Cookies \ roz@media2.mediafileshost [2]. Txt
C: \ Documents and Settings \ Roz \ Cookies \ Roz @ statcounter [1]. Txt
C: \ Documents and Settings \ Roz \ Cookies \ roz@statse.webtrendslive [2]. Txt
C: \ Documents and Settings \ Roz \ Cookies \ roz@tracking.summitmedia.co [1]. Txt
C: \ Documents and Settings \ Roz \ Cookies \ roz@webstats.wthosting.co [2]. Txt
C: \ Documents and Settings \ Roz \ Cookies \ roz@www.admedia365 [2]. Txt
C: \ Documents and Settings \ Roz \ Cookies \ roz@www.admedia365 [3]. Txt
C: \ Documents and Settings \ Roz \ Cookies \ roz@www.hxtrack [2]. Txt
H: \ Documents and Settings \ Rozzie \ Cookies \ rozzie @ indexstats [2]. Txt
H: \ Documents and Settings \ Rozzie \ Cookies \ rozzie@pc-finder.co [2]. Txt
H: \ Documents and Settings \ Rozzie \ Cookies \ rozzie@www.pc-finder.co [2]. Txt
H: \ Nyere Docs & Sets \ Rozzie \ Cookies \ rozzie @ indexstats [2]. Txt
H: \ Nyere Docs & Sets \ Rozzie \ Cookies \ rozzie@pc-finder.co [2]. Txt
H: \ Nyere Docs & Sets \ Rozzie \ Cookies \ rozzie@www.pc-finder.co [2]. Txt
H: \ Rozzie \ Cookies \ rozzie @ indexstats [2]. Txt
H: \ Rozzie \ Cookies \ rozzie@pc-finder.co [2]. Txt
H: \ Rozzie \ Cookies \ rozzie@www.pc-finder.co [2]. Txt
Trojan.Unknown Origin
C: \ WINDOWS \ system32 \ nGpxx01
HKLM \ Software \ xpre
HKLM \ Software \ xpre # execount
Adware.VXGame-Trace
HKU \ S-1-5-21-73586283-1326574676-839522115-1005 \ Software \ kernelexe
Adware.Vundo Variant / rel
C: \ WINDOWS \ system32 \ ACCDD.INI
C: \ WINDOWS \ system32 \ ACCDD.INI2
C: \ WINDOWS \ system32 \ ILKKJ.INI
C: \ WINDOWS \ system32 \ ILKKJ.INI2
C: \ WINDOWS \ system32 \ JJJLM.INI
C: \ WINDOWS \ system32 \ JJJLM.INI2
C: \ WINDOWS \ system32 \ LLKKJ.INI
C: \ WINDOWS \ system32 \ LLKKJ.INI2
C: \ WINDOWS \ system32 \ LNNMP.INI2
C: \ WINDOWS \ system32 \ MCRH.TMP
C: \ WINDOWS \ system32 \ RRQSS.INI
C: \ WINDOWS \ system32 \ VVVWA.INI2
Adware.Vundo-Variant
C: \ WINDOWS \ system32 \ DDCCA.DLL
C: \ WINDOWS \ system32 \ SSQRR.DLL
Trace.Known Threat Kilder
C: \ Documents and Settings \ Roz \ Lokale innstillinger \ Temporary Internet Files \ Content.IE5 \ W9AJSLIB \ index [1]. Htm
C: \ Documents and Settings \ Roz \ Lokale innstillinger \ Temporary Internet Files \ Content.IE5 \ WTAN0PYF \ bunnen [2]. Gif
C: \ Documents and Settings \ Roz \ Lokale innstillinger \ Temporary Internet Files \ Content.IE5 \ WTAN0PYF \ i53b_t1 [1]. Gif
C: \ Documents and Settings \ Roz \ Lokale innstillinger \ Temporary Internet Files \ Content.IE5 \ 4P6RS5MF \ CAXOO75T.htm
C: \ Documents and Settings \ Roz \ Lokale innstillinger \ Temporary Internet Files \ Content.IE5 \ WTAN0PYF \ xrest [1]. Gif
C: \ Documents and Settings \ Roz \ Lokale innstillinger \ Temporary Internet Files \ Content.IE5 \ W9AJSLIB \ ajax [1]. Htm
C: \ Documents and Settings \ Roz \ Lokale innstillinger \ Temporary Internet Files \ Content.IE5 \ CTY381ER \ verx [1]. Gif
C: \ Documents and Settings \ Roz \ Lokale innstillinger \ Temporary Internet Files \ Content.IE5 \ WTAN0PYF \ i701_brd-top-1 [1]. Gif
C: \ Documents and Settings \ Roz \ Lokale innstillinger \ Temporary Internet Files \ Content.IE5 \ WTAN0PYF \ ledere [1]. Htm
C: \ Documents and Settings \ Roz \ Lokale innstillinger \ Temporary Internet Files \ Content.IE5 \ WTAN0PYF \ errorhandler [2]. Htm
C: \ Documents and Settings \ Roz \ Lokale innstillinger \ Temporary Internet Files \ Content.IE5 \ CTY381ER \ i701_line2 [1]. Jpg
C: \ Documents and Settings \ Roz \ Lokale innstillinger \ Temporary Internet Files \ Content.IE5 \ W9AJSLIB \ i701_boton1 [1]. Gif
C: \ Documents and Settings \ Roz \ Lokale innstillinger \ Temporary Internet Files \ Content.IE5 \ WTAN0PYF \ errorhandler [1]. Htm
C: \ Documents and Settings \ Roz \ Lokale innstillinger \ Temporary Internet Files \ Content.IE5 \ WTAN0PYF \ niz [1]. Gif
C: \ Documents and Settings \ Roz \ Lokale innstillinger \ Temporary Internet Files \ Content.IE5 \ 4P6RS5MF \ errorhandler [1]. Htm
C: \ Documents and Settings \ Roz \ Lokale innstillinger \ Temporary Internet Files \ Content.IE5 \ CTY381ER \ i53b_btn-funksjoner [1]. Gif
C: \ Documents and Settings \ Roz \ Lokale innstillinger \ Temporary Internet Files \ Content.IE5 \ W9AJSLIB \ i701_cor venstre-1 [1]. Gif
C: \ Documents and Settings \ Roz \ Lokale innstillinger \ Temporary Internet Files \ Content.IE5 \ CTY381ER \ i53b_icon3 [1]. Gif
C: \ Documents and Settings \ Roz \ Lokale innstillinger \ Temporary Internet Files \ Content.IE5 \ 4P6RS5MF \ CRYPT [1]. Htm
C: \ Documents and Settings \ Roz \ Lokale innstillinger \ Temporary Internet Files \ Content.IE5 \ 4P6RS5MF \ vindu [1]. Js
C: \ Documents and Settings \ Roz \ Lokale innstillinger \ Temporary Internet Files \ Content.IE5 \ W9AJSLIB \ ren [1]. Htm
C: \ Documents and Settings \ Roz \ Lokale innstillinger \ Temporary Internet Files \ Content.IE5 \ W9AJSLIB \ i53b_bg1 [1]. Gif
C: \ Documents and Settings \ Roz \ Lokale innstillinger \ Temporary Internet Files \ Content.IE5 \ W9AJSLIB \ stats [1]. Gif
C: \ Documents and Settings \ Roz \ Lokale innstillinger \ Temporary Internet Files \ Content.IE5 \ W9AJSLIB \ toppen [1]. Gif
C: \ Documents and Settings \ Roz \ Lokale innstillinger \ Temporary Internet Files \ Content.IE5 \ SDWBGNOV \ main_02 [1]. Gif
C: \ Documents and Settings \ Roz \ Lokale innstillinger \ Temporary Internet Files \ Content.IE5 \ W9AJSLIB \ CASL6F4X.htm
C: \ Documents and Settings \ Roz \ Lokale innstillinger \ Temporary Internet Files \ Content.IE5 \ W9AJSLIB \ i53b_line2 [1]. Gif
C: \ Documents and Settings \ Roz \ Lokale innstillinger \ Temporary Internet Files \ Content.IE5 \ 4P6RS5MF \ i701_cor høyre-1 [1]. Gif
C: \ Documents and Settings \ Roz \ Lokale innstillinger \ Temporary Internet Files \ Content.IE5 \ AHGZAXI5 \ anbefaler [1]. Gif
C: \ Documents and Settings \ Roz \ Lokale innstillinger \ Temporary Internet Files \ Content.IE5 \ W9AJSLIB \ i53b_icon5 [1]. Gif
C: \ Documents and Settings \ Roz \ Lokale innstillinger \ Temporary Internet Files \ Content.IE5 \ W9AJSLIB \ stiler [5]. Css
C: \ Documents and Settings \ Roz \ Lokale innstillinger \ Temporary Internet Files \ Content.IE5 \ ZLGK0BFB \ off_2 [1]. Gif
C: \ Documents and Settings \ Roz \ Lokale innstillinger \ Temporary Internet Files \ Content.IE5 \ 4P6RS5MF \ i701_bg2 [1]. Gif
C: \ Documents and Settings \ Roz \ Lokale innstillinger \ Temporary Internet Files \ Content.IE5 \ W9AJSLIB \ fremgang [1]. Gif
C: \ Documents and Settings \ Roz \ Lokale innstillinger \ Temporary Internet Files \ Content.IE5 \ CTY381ER \ i53b_btn-oversikt [1]. Gif
C: \ Documents and Settings \ Roz \ Lokale innstillinger \ Temporary Internet Files \ Content.IE5 \ CTY381ER \ index [5]. Htm
C: \ Documents and Settings \ Roz \ Lokale innstillinger \ Temporary Internet Files \ Content.IE5 \ CTY381ER \ stats [1]. Gif
C: \ Documents and Settings \ Roz \ Lokale innstillinger \ Temporary Internet Files \ Content.IE5 \ W9AJSLIB \ i701_bg3 [1]. Jpg
C: \ Documents and Settings \ Roz \ Lokale innstillinger \ Temporary Internet Files \ Content.IE5 \ 8NKJEV4R \ bottom_r_2 [1]. Gif
C: \ Documents and Settings \ Roz \ Lokale innstillinger \ Temporary Internet Files \ Content.IE5 \ 4P6RS5MF \ haster [1]. Gif
C: \ Documents and Settings \ Roz \ Lokale innstillinger \ Temporary Internet Files \ Content.IE5 \ W9AJSLIB \ errorhandler [1]. Htm
C: \ Documents and Settings \ Roz \ Lokale innstillinger \ Temporary Internet Files \ Content.IE5 \ 4P6RS5MF \ AC_RunActiveContent [1]. Htm
C: \ Documents and Settings \ Roz \ Lokale innstillinger \ Temporary Internet Files \ Content.IE5 \ 4P6RS5MF \ midle [1]. Gif
C: \ Documents and Settings \ Roz \ Lokale innstillinger \ Temporary Internet Files \ Content.IE5 \ QX8BMXM5 \ stiler [2]. Css
C: \ Documents and Settings \ Roz \ Lokale innstillinger \ Temporary Internet Files \ Content.IE5 \ 4P6RS5MF \ i53b_boton4 [1]. Gif
C: \ Documents and Settings \ Roz \ Lokale innstillinger \ Temporary Internet Files \ Content.IE5 \ WTAN0PYF \ i53b_btn-kjøpet [1]. Gif
C: \ Documents and Settings \ Roz \ Lokale innstillinger \ Temporary Internet Files \ Content.IE5 \ W9AJSLIB \ spacer [4]. Gif
C: \ Documents and Settings \ Roz \ Lokale innstillinger \ Temporary Internet Files \ Content.IE5 \ 4P6RS5MF \ ajax [1]. Htm
C: \ Documents and Settings \ Roz \ Lokale innstillinger \ Temporary Internet Files \ Content.IE5 \ G92ZKB2T \ mark [1]. Gif
C: \ Documents and Settings \ Roz \ Lokale innstillinger \ Temporary Internet Files \ Content.IE5 \ CX8VSB4B \ bottom_r [1]. Gif
C: \ Documents and Settings \ Roz \ Lokale innstillinger \ Temporary Internet Files \ Content.IE5 \ CTY381ER \ CRYPT [1]. Htm
C: \ Documents and Settings \ Roz \ Lokale innstillinger \ Temporary Internet Files \ Content.IE5 \ LO76ZR17 \ errsnd [1]. Swf
C: \ Documents and Settings \ Roz \ Lokale innstillinger \ Temporary Internet Files \ Content.IE5 \ CX8VSB4B \ bottom_l [1]. Gif
C: \ Documents and Settings \ Roz \ Lokale innstillinger \ Temporary Internet Files \ Content.IE5 \ CTY381ER \ i53b_brd-top-1 [1]. Gif
C: \ Documents and Settings \ Roz \ Lokale innstillinger \ Temporary Internet Files \ Content.IE5 \ CTY381ER \ CRYPT [2]. Htm
C: \ Documents and Settings \ Roz \ Lokale innstillinger \ Temporary Internet Files \ Content.IE5 \ AHGZAXI5 \ secpan [1]. Gif
C: \ Documents and Settings \ Roz \ Lokale innstillinger \ Temporary Internet Files \ Content.IE5 \ W9AJSLIB \ i53b_btn hjemmet [1]. Gif
C: \ Documents and Settings \ Roz \ Lokale innstillinger \ Temporary Internet Files \ Content.IE5 \ CTY381ER \ CAUJABA1.htm
C: \ Documents and Settings \ Roz \ Lokale innstillinger \ Temporary Internet Files \ Content.IE5 \ WTAN0PYF \ AC_ActiveX [1]. Htm
C: \ Documents and Settings \ Roz \ Lokale innstillinger \ Temporary Internet Files \ Content.IE5 \ 4P6RS5MF \ i53b_line3 [1]. Gif
C: \ Documents and Settings \ Roz \ Lokale innstillinger \ Temporary Internet Files \ Content.IE5 \ 4P6RS5MF \ chec [1]. Gif
C: \ Documents and Settings \ Roz \ Lokale innstillinger \ Temporary Internet Files \ Content.IE5 \ WTAN0PYF \ i53b_icon1 [1]. Gif
C: \ Documents and Settings \ Roz \ Lokale innstillinger \ Temporary Internet Files \ Content.IE5 \ WTAN0PYF \ ajax [1]. Htm
C: \ Documents and Settings \ Roz \ Lokale innstillinger \ Temporary Internet Files \ Content.IE5 \ 4P6RS5MF \ i53b_btn nedlasting [1]. Gif
C: \ Documents and Settings \ Roz \ Lokale innstillinger \ Temporary Internet Files \ Content.IE5 \ ZLGK0BFB \ x [2]. Gif
C: \ Documents and Settings \ Roz \ Lokale innstillinger \ Temporary Internet Files \ Content.IE5 \ CTY381ER \ CA3MKJZH.htm
C: \ Documents and Settings \ Roz \ Lokale innstillinger \ Temporary Internet Files \ Content.IE5 \ WTAN0PYF \ i701_BG [1]. Jpg
C: \ Documents and Settings \ Roz \ Lokale innstillinger \ Temporary Internet Files \ Content.IE5 \ W9AJSLIB \ i701_line1 [1]. Jpg
C: \ Documents and Settings \ Roz \ Lokale innstillinger \ Temporary Internet Files \ Content.IE5 \ W9AJSLIB \ i701_brd-bot-1 [1]. Gif
C: \ Documents and Settings \ Roz \ Lokale innstillinger \ Temporary Internet Files \ Content.IE5 \ WTAN0PYF \ i701_pc [1]. Jpg
C: \ Documents and Settings \ Roz \ Lokale innstillinger \ Temporary Internet Files \ Content.IE5 \ 4P6RS5MF \ i53b_boton2 [1]. Gif
C: \ Documents and Settings \ Roz \ Lokale innstillinger \ Temporary Internet Files \ Content.IE5 \ W9AJSLIB \ i53b_brd-bot-1 [1]. Gif
C: \ Documents and Settings \ Roz \ Lokale innstillinger \ Temporary Internet Files \ Content.IE5 \ WTAN0PYF \ i701_bg4 [1]. Jpg
C: \ Documents and Settings \ Roz \ Lokale innstillinger \ Temporary Internet Files \ Content.IE5 \ 4P6RS5MF \ ledere [1]. Htm
C: \ Documents and Settings \ Roz \ Lokale innstillinger \ Temporary Internet Files \ Content.IE5 \ 4P6RS5MF \ i53b_btn oppdateringer [1]. Gif
C: \ Documents and Settings \ Roz \ Lokale innstillinger \ Temporary Internet Files \ Content.IE5 \ W9AJSLIB \ ledere [1]. Htm
C: \ Documents and Settings \ Roz \ Lokale innstillinger \ Temporary Internet Files \ Content.IE5 \ UR2NQ1UR \ varsling [1]. Gif
C: \ Documents and Settings \ Roz \ Lokale innstillinger \ Temporary Internet Files \ Content.IE5 \ WTAN0PYF \ flash [1]. Js
C: \ Documents and Settings \ Roz \ Lokale innstillinger \ Temporary Internet Files \ Content.IE5 \ 4P6RS5MF \ i701_spacer [1]. Gif
C: \ Documents and Settings \ Roz \ Lokale innstillinger \ Temporary Internet Files \ Content.IE5 \ AL6HK9M7 \ main_06 [1]. Gif
C: \ Documents and Settings \ Roz \ Lokale innstillinger \ Temporary Internet Files \ Content.IE5 \ W9AJSLIB \ head_r_back [1]. Gif
C: \ Documents and Settings \ Roz \ Lokale innstillinger \ Temporary Internet Files \ Content.IE5 \ LO76ZR17 \ skjold [1]. Gif
C: \ Documents and Settings \ Roz \ Lokale innstillinger \ Temporary Internet Files \ Content.IE5 \ WTAN0PYF \ i701_line3 [1]. Gif
C: \ Documents and Settings \ Roz \ Lokale innstillinger \ Temporary Internet Files \ Content.IE5 \ CTY381ER \ i701_boton2 [1]. Gif
C: \ Documents and Settings \ Roz \ Lokale innstillinger \ Temporary Internet Files \ Content.IE5 \ CTY381ER \ flash_detect [1]. Htm
C: \ Documents and Settings \ Roz \ Lokale innstillinger \ Temporary Internet Files \ Content.IE5 \ M1Q5EV4X \ spille [1]. Js
C: \ Documents and Settings \ Roz \ Lokale innstillinger \ Temporary Internet Files \ Content.IE5 \ UR2NQ1UR \ main_10 [1]. Gif
C: \ Documents and Settings \ Roz \ Lokale innstillinger \ Temporary Internet Files \ Content.IE5 \ M1Q5EV4X \ main_05 [1]. Gif
C: \ Documents and Settings \ Roz \ Lokale innstillinger \ Temporary Internet Files \ Content.IE5 \ QX8BMXM5 \ kryss [1]. Gif
C: \ Documents and Settings \ Roz \ Lokale innstillinger \ Temporary Internet Files \ Content.IE5 \ G92ZKB2T \ main_07 [1]. Gif
C: \ Documents and Settings \ Roz \ Lokale innstillinger \ Temporary Internet Files \ Content.IE5 \ EJ23EDUF \ closebutton [1]. Gif
C: \ Documents and Settings \ Roz \ Lokale innstillinger \ Temporary Internet Files \ Content.IE5 \ 8NKJEV4R \ main_03 [1]. Gif
C: \ Documents and Settings \ Roz \ Lokale innstillinger \ Temporary Internet Files \ Content.IE5 \ CTY381ER \ ban_2 [1]. Swf
C: \ Documents and Settings \ Roz \ Lokale innstillinger \ Temporary Internet Files \ Content.IE5 \ CTY381ER \ logo2 [1]. Gif
C: \ Documents and Settings \ Roz \ Lokale innstillinger \ Temporary Internet Files \ Content.IE5 \ WTAN0PYF \ data [1]. Htm
C: \ Documents and Settings \ Roz \ Lokale innstillinger \ Temporary Internet Files \ Content.IE5 \ LO76ZR17 \ off_back [1]. Gif
C: \ Documents and Settings \ Roz \ Lokale innstillinger \ Temporary Internet Files \ Content.IE5 \ AL6HK9M7 \ download [1]. Gif
C: \ Documents and Settings \ Roz \ Lokale innstillinger \ Temporary Internet Files \ Content.IE5 \ M1Q5EV4X \ main_04 [1]. Gif
C: \ Documents and Settings \ Roz \ Lokale innstillinger \ Temporary Internet Files \ Content.IE5 \ W9AJSLIB \ popup [1]. Gif
C: \ Documents and Settings \ Roz \ Lokale innstillinger \ Temporary Internet Files \ Content.IE5 \ CTY381ER \ left_3 [1]. Gif
C: \ Documents and Settings \ Roz \ Lokale innstillinger \ Temporary Internet Files \ Content.IE5 \ QX8BMXM5 \ bottom_l_2 [1]. Gif
C: \ Documents and Settings \ Roz \ Lokale innstillinger \ Temporary Internet Files \ Content.IE5 \ Z81HJ8WK \ right_2 [1]. Gif

Malwarebytes' Anti-Malware 1.10
Database versjon: 592
Scan type: Full Scan (A: \ | C: \ | D: \ | E: \ | H: \ | I: \ | J: \ |)
Objekter skannet: 336027
Tid brukt: 1 time (r), 8 minutt (er), 1 sekund (er)
Memory Processes Infected: 5
Memory Modules Infected: 0
Registernøkler Infected: 10
Registry Values Infected: 7
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 11
Memory Processes Infected:
C: \ WINDOWS \ system32 \ drivers \ Ctfmon.exe (Trojan.Agent) -> losses prosessen var vellykket.
C: \ WINDOWS \ system32 \ drivers \ Ctfmon.exe (Trojan.Agent) -> losses prosessen var vellykket.
C: \ Documents and Settings \ Danny \ Lokale innstillinger \ Programdata \ spool.exe (Trojan.Agent) -> losses prosessen var vellykket.
C: \ Documents and Settings \ Danny \ Lokale innstillinger \ Programdata \ spool.exe (Trojan.Agent) -> losses prosessen var vellykket.
C: \ Documents and Settings \ Danny \ Lokale innstillinger \ Programdata \ spool.exe (Trojan.Agent) -> losses prosessen var vellykket.
Memory Modules Infected:
(Ingen skadelige eks oppdaget)
Registernøkler Infected:
HKEY_LOCAL_MACHINE \ SYSTEM \ ControlSet001 \ Services \ s chedule (Trojan.Agent) -> karantene og slettet.
HKEY_LOCAL_MACHINE \ SYSTEM \ ControlSet002 \ Services \ s chedule (Trojan.Agent) -> karantene og slettet.
HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ tjenester es \ tidsplan (Trojan.Agent) -> karantene og slettet.
HKEY_CURRENT_USER \ Software \ Microsoft \ affri (Malware.Trace) -> karantene og slettet.
HKEY_CURRENT_USER \ Software \ Microsoft \ affltid (Malware.Trace) -> karantene og slettet.
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ affltid (Malware.Trace) -> karantene og slettet.
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ affri (Malware.Trace) -> karantene og slettet.
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ MS Juan (Malware.Trace) -> karantene og slettet.
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ FCOVM (Trojan.Vundo) -> karantene og slettet.
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ RemoveRP (Trojan.Vundo) -> karantene og slettet.
Registry Values Infected:
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Run \ BMafb2445c (Trojan.Agent) -> karantene og slettet.
HKEY_CURRENT_USER \ SOFTWARE \ Microsoft \ Windows \ Curre ntVersion \ Run \ ntuser (Trojan.Agent) -> karantene og slettet.
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Run \ ntuser (Trojan.Agent) -> karantene og slettet.
HKEY_USERS \. DEFAULT \ Software \ Microsoft \ Windows \ Cur rentVersion \ Run \ ntuser (Trojan.Agent) -> karantene og slettet.
HKEY_USERS \. DEFAULT \ Software \ Microsoft \ Windows \ Cur rentVersion \ Run \ autoload (Trojan.Agent) -> karantene og slettet.
HKEY_CURRENT_USER \ SOFTWARE \ Microsoft \ Windows \ Curre ntVersion \ Run \ autoload (Trojan.Agent) -> karantene og slettet.
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Run \ autoload (Trojan.Agent) -> karantene og slettet.
Registry Data Items Infected:
(Ingen skadelige eks oppdaget)
Folders Infected:
(Ingen skadelige eks oppdaget)
Files Infected:
C: \ Documents and Settings \ LocalService \ Lokale innstillinger \ Temporary Internet Files \ Content.IE5 \ GHIJKLMN \ runder [1]. Jpg (Trojan.Madcode) -> karantene og slettet.
C: \ System Volume Information \ _Restore (B4EDD13F-A6F1-41A1-814E-E5C94DDA45B5) \ RP8 \ A0002994.exe (Trojan.Downloader) -> karantene og slettet.
C: \ WINDOWS \ system32 \ iupdate.exe (Trojan.Madcode) -> karantene og slettet.
C: \ WINDOWS \ system32 \ kchkioor.dll (Trojan.Agent) -> Delete on reboot.
C: \ WINDOWS \ system32 \ drivers \ Ctfmon.exe (Trojan.Agent) -> karantene og slettet.
C: \ WINDOWS \ system32 \ pac.txt (Malware.Trace) -> karantene og slettet.
C: \ WINDOWS \ system32 \ drivers \ spools.exe (Trojan.Agent) -> karantene og slettet.
C: \ Documents and Settings \ Danny \ cftmon.exe (Trojan.Agent) -> karantene og slettet.
C: \ Documents and Settings \ Roz \ Lokale innstillinger \ Programdata \ spool.exe (Trojan.Agent) -> karantene og slettet.
C: \ Documents and Settings \ LocalService \ Lokale innstillinger \ Programdata \ spool.exe (Trojan.Agent) -> karantene og slettet.
C: \ Documents and Settings \ Danny \ Lokale innstillinger \ Programdata \ spool.exe (Trojan.Agent) -> karantene og slettet.

Logfile of Trend Micro HijackThis v2.0.2
Scan lagret 08:45:34, on 05/04/2008
Plattform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Kjører prosesser:
C: \ WINDOWS \ System32 \ smss.exe
C: \ WINDOWS \ system32 \ Winlogon.exe
C: \ WINDOWS \ system32 \ Services.exe
C: \ WINDOWS \ system32 \ Lsass.exe
C: \ WINDOWS \ system32 \ Ati2evxx.exe
C: \ WINDOWS \ system32 \ Svchost.exe
C: \ WINDOWS \ system32 \ Svchost.exe
C: \ WINDOWS \ system32 \ Ati2evxx.exe
C: \ WINDOWS \ system32 \ Spoolsv.exe
C: \ WINDOWS \ Explorer.exe
C: \ Program Files \ AMD \ RAIDXpert \ brygga \ ekstra \ win32 \ Wrapper.exe
C: \ Programfiler \ Fellesfiler \ Apple \ Mobile Device Support \ bin \ AppleMobileDeviceService.exe
C: \ Programfiler \ Grisoft \ AVG Anti-Spyware 7.5 \ guard.exe
C: \ Program Files \ AMD \ RAIDXpert \ _jvm \ bin \ java.exe
C: \ progra ~ 1 \ Grisoft \ AVG7 \ avgamsvr.exe
C: \ WINDOWS \ system32 \ rundll32.exe
C: \ Programfiler \ btbb_wcm \ McciTrayApp.exe
C: \ progra ~ 1 \ Yahoo! \ Browser \ ybrwicon.exe
C: \ Programfiler \ HP \ HP Software Update \ HPWuSchd2.exe
C: \ progra ~ 1 \ Grisoft \ AVG7 \ avgupsvc.exe
C: \ Programfiler \ Logitech \ MediaLife \ MediaLifeService.exe
C: \ progra ~ 1 \ Grisoft \ AVG7 \ avgemc.exe
C: \ WINDOWS \ Samsung \ LaserSMMgr \ ssmmgr.exe
C: \ progra ~ 1 \ Yahoo! \ YOP \ yop.exe
C: \ progra ~ 1 \ Yahoo! \ Browser \ ycommon.exe
C: \ Program Files \ SPAMfighter \ SFAgent.exe
C: \ Programfiler \ BT bredbånd Desktop \ bin \ BTHelpNotifier.exe
C: \ Programfiler \ Bonjour \ mDNSResponder.exe
C: \ Programfiler \ Google \ Common \ Google Updater \ GoogleUpdaterService.exe
C: \ Program Files \ SPAMfighter \ sfus.exe
C: \ Programfiler \ ATI Technologies \ ATI.ACE \ Core-Static \ MOM.EXE
C: \ WINDOWS \ system32 \ Svchost.exe
C: \ WINDOWS \ system32 \ Spool \ drivers \ w32x86 \ 3 \ hpztsb0 4.exe
C: \ WINDOWS \ system32 \ wltrysvc.exe
C: \ progra ~ 1 \ Grisoft \ AVG7 \ avgcc.exe
C: \ progra ~ 1 \ MI948F ~ 1 \ GAMECO ~ 1 \ Common \ SWTrayV4.exe
C: \ WINDOWS \ system32 \ bcmwltry.exe
C: \ Programfiler \ iTunes \ iTunesHelper.exe
C: \ Programfiler \ Microsoft IntelliType Pro \ itype.exe
C: \ Programfiler \ Microsoft IntelliPoint \ ipoint.exe
C: \ Programfiler \ Grisoft \ AVG Anti-Spyware 7.5 \ avgas.exe
C: \ Programfiler \ Microsoft IntelliType Pro \ dpupdchk.exe
C: \ Programfiler \ Java \ jre1.6.0_05 \ bin \ jusched.exe
C: \ WINDOWS \ system32 \ Ctfmon.exe
C: \ Programfiler \ Google \ GoogleToolbarNotifier \ GoogleToolbarNo tifier.exe
C: \ Programfiler \ DNA \ btdna.exe
C: \ Programfiler \ Messenger \ msmsgs.exe
C: \ progra ~ 1 \ Yahoo! \ YOP \ SSDK02.exe
C: \ Programfiler \ SUPERAntiSpyware \ SUPERAntiSpyware.exe
C: \ WINDOWS \ system32 \ msiexec.exe
C: \ Programfiler \ iPod \ bin \ iPodService.exe
C: \ Programfiler \ HP \ Digital Imaging \ bin \ hpqtra08.exe
C: \ Programfiler \ NETGEAR WG311v2 kort \ wlancfg5.exe
C: \ Programfiler \ BT bredbånd Desktop \ bin \ mpbtn.exe
C: \ WINDOWS \ system32 \ Svchost.exe
C: \ Programfiler \ Java \ jre1.6.0_05 \ bin \ javaw.exe
C: \ WINDOWS \ system32 \ wuauclt.exe
C: \ WINDOWS \ system32 \ wuauclt.exe
C: \ Programfiler \ ATI Technologies \ ATI.ACE \ Core-Static \ ccc.exe
C: \ Programfiler \ Internet Explorer \ iexplore.exe
C: \ Programfiler \ Trend Micro \ HijackThis \ HijackThis.exe
R0 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://news.bbc.co.uk/sport1/hi/football/default.stm
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Search Bar = http://uk.red.clientapps.yahoo.com/c...o/bt_side.html
R1 - HKCU \ Software \ Microsoft \ Windows \ CurrentVersion \ Int ernet Settings, ProxyOverride = 127.0.0.1, *. lokale
R3 - URLSearchHook: Yahoo! Toolbar - (EF99BD32-C1FB-11D2-892F-0090271D4F88) - C: \ Programfiler \ Yahoo! \ Companion \ Installerer \ cpn0 \ yt.dll
O2 - BHO: (no name) - (3CAB59B4-55A3-4737-9FD5-B93C6430BF75) - C: \ WINDOWS \ system32 \ sjmxcfmu.dll
O2 - BHO: SSVHelper Class - (761497BB-D6F0-462C-B6EB-D4DAF1D92D43) - C: \ Programfiler \ Java \ jre1.6.0_05 \ bin \ ssv.dll
O3 - Toolbar: Yahoo! Toolbar - (EF99BD32-C1FB-11D2-892F-0090271D4F88) - C: \ Programfiler \ Yahoo! \ Companion \ Installerer \ cpn0 \ yt.dll
O3 - Toolbar: & Google - (2318C2B1-4965-11D4-9B18-009027A5CD4F) - c: \ Programfiler \ Google \ googletoolbar1.dll
O3 - Toolbar: Ask Toolbar - (F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA) - C: \ Programfiler \ AskSBar \ bar \ 1.bin \ ASKSBAR.DLL
O4 - HKLM \ .. \ Run: [C6501Sound] rundll32 c6501.cpl, CMICtrlWnd
O4 - HKLM \ .. \ Run: [btbb_wcm_McciTrayApp] C: \ Programfiler \ btbb_wcm \ McciTrayApp.exe
O4 - HKLM \ .. \ Run: [YBrowser] C: \ progra ~ 1 \ Yahoo! \ Browser \ ybrwicon.exe
O4 - HKLM \ .. \ Run: [HPHUPD08] C: \ Programfiler \ HP \ Digital Imaging \ (33D6CC28-9F75-4d1b-A11D-98895B3A3729) \ hphupd08.exe
O4 - HKLM \ .. \ Run: [HP Software Update] C: \ Programfiler \ HP \ HP Software Update \ HPWuSchd2.exe
O4 - HKLM \ .. \ Run: [MediaLifeService] "C: \ Programfiler \ Logitech \ MediaLife \ MediaLifeService.exe"
O4 - HKLM \ .. \ Run: [Samsung LBP SM] "C: \ WINDOWS \ Samsung \ LaserSMMgr \ ssmmgr.exe" / autorun
O4 - HKLM \ .. \ Run: [YOP] C: \ progra ~ 1 \ Yahoo! \ YOP \ yop.exe / autostart
O4 - HKLM \ .. \ Run: [SPAMfighter Agent] "C: \ Program Files \ SPAMfighter \ SFAgent.exe" update delay 60
O4 - HKLM \ .. \ Run: [btbb_McciTrayApp] C: \ Programfiler \ BT bredbånd Desktop \ bin \ BTHelpNotifier.exe
O4 - HKLM \ .. \ Run: [StartCCC] "C: \ Programfiler \ ATI Technologies \ ATI.ACE \ Core-Static \ CLIStart.exe"
O4 - HKLM \ .. \ Run: [amd_dc_opt] C: \ Program Files \ AMD \ Dual-Core Optimizer \ amd_dc_opt.exe
O4 - HKLM \ .. \ Run: [HPDJ Oppgavelinjen Utility] C: \ WINDOWS \ system32 \ Spool \ drivers \ w32x86 \ 3 \ hpztsb0 4.exe
O4 - HKLM \ .. \ Run: [AVG7_CC] C: \ progra ~ 1 \ Grisoft \ AVG7 \ avgcc.exe / STARTUP
O4 - HKLM \ .. \ Run: [SideWinderTrayV4] C: \ progra ~ 1 \ MI948F ~ 1 \ GAMECO ~ 1 \ Common \ SWTrayV4.exe
O4 - HKLM \ .. \ Run: [QuickTime Task] "C: \ Programfiler \ QuickTime \ qttask.exe"-atboottime
O4 - HKLM \ .. \ Run: [iTunesHelper] "C: \ Programfiler \ iTunes \ iTunesHelper.exe"
O4 - HKLM \ .. \ Run: [itype] "C: \ Programfiler \ Microsoft IntelliType Pro \ itype.exe"
O4 - HKLM \ .. \ Run: [IntelliPoint] "C: \ Programfiler \ Microsoft IntelliPoint \ ipoint.exe"
O4 - HKLM \ .. \ Run: [! AVG Anti-Spyware] "C: \ Programfiler \ Grisoft \ AVG Anti-Spyware 7.5 \ avgas.exe" / minimeres
O4 - HKLM \ .. \ Run: [SunJavaUpdateSched] "C: \ Programfiler \ Java \ jre1.6.0_05 \ bin \ jusched.exe"
O4 - HKCU \ .. \ Run: [Ctfmon.exe] C: \ WINDOWS \ system32 \ Ctfmon.exe
O4 - HKCU \ .. \ Run: [swg] C: \ Programfiler \ Google \ GoogleToolbarNotifier \ GoogleToolbarNo tifier.exe
O4 - HKCU \ .. \ Run: [BitTorrent DNA] "C: \ Programfiler \ DNA \ btdna.exe"
O4 - HKCU \ .. \ Run: [MSMSGS] "C: \ Programfiler \ Messenger \ msmsgs.exe" / background
O4 - HKCU \ .. \ Run: [SUPERAntiSpyware] C: \ Programfiler \ SUPERAntiSpyware \ SUPERAntiSpyware.exe
O4 - HKUS \ S-1-5-19 \ .. \ Run: [Ctfmon.exe] C: \ WINDOWS \ system32 \ Ctfmon.exe (User 'LOCAL SERVICE')
O4 - HKUS \ S-1-5-19 \ .. \ Run: [AVG7_Run] C: \ progra ~ 1 \ Grisoft \ AVG7 \ avgw.exe / RunOnce (User 'LOCAL SERVICE')
O4 - HKUS \ S-1-5-20 \ .. \ Run: [Ctfmon.exe] C: \ WINDOWS \ system32 \ Ctfmon.exe (User 'NETWORK SERVICE')
O4 - HKUS \ S-1-5-18 \ .. \ Run: [Ctfmon.exe] C: \ WINDOWS \ system32 \ Ctfmon.exe (User 'SYSTEM')
O4 - HKUS \. DEFAULT \ .. \ Run: [Ctfmon.exe] C: \ WINDOWS \ system32 \ Ctfmon.exe (User 'Default user')
O4 - Startup: MP3 Rocket (Minimert). Lnk = C: \ Programfiler \ MP3 Rocket \ MP3Rocket.exe
O4 - Global Startup: BT bredbånd Desktop Help.lnk = C: \ Programfiler \ BT bredbånd Desktop \ bin \ matcli.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C: \ Programfiler \ HP \ Digital Imaging \ bin \ hpqtra08.exe
O4 - Global Startup: NETGEAR WG311v2 Smart Configuration.lnk = C: \ Programfiler \ NETGEAR WG311v2 kort \ wlancfg5.exe
O8 - Extra sammenheng menyelement: & Clean spor - C: \ Program Files \ DAP \ Privacy Package \ dapcleanerie.htm
O8 - Extra sammenheng menyelement: & Download med & DAP - C: \ Program Files \ DAP \ dapextie.htm
O8 - Extra sammenheng menyelement: Download & alle med DAP - C: \ Program Files \ DAP \ dapextie2.htm
O9 - Extra knappen: (no name) - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Programfiler \ Java \ jre1.6.0_05 \ bin \ ssv.dll
O9 - Extra "Verktøy" MENUITEM: Sun Java Console - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Programfiler \ Java \ jre1.6.0_05 \ bin \ ssv.dll
O9 - Extra knappen: BT Yahoo! Services - (5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897) - c: \ progra ~ 1 \ Yahoo! \ Common \ yiesrvc.dll
O9 - Extra knappen: Messenger - (FB5F1910-F110-11d2-BB9E-00C04F795683) - C: \ Programfiler \ Messenger \ msmsgs.exe
O9 - Extra "Verktøy" MENUITEM: Windows Messenger - (FB5F1910-F110-11d2-BB9E-00C04F795683) - C: \ Programfiler \ Messenger \ msmsgs.exe
O16 - DPF: (17492023-C23A-453E-A040-C7C580BBF700) (Windows Genuine Advantage Validation Tool) -- http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: (30528230-99f7-4bb4-88d8-fa1d4f56a2ab) (Installation Support) - C: \ Programfiler \ Yahoo! \ Common \ Yinsthelper20073151.dll
O16 - DPF: (6F15128C-E66A-490C-B848-5000B5ABEEAC) (HP Download Manager) -- https: / / h20436.www2.hp.com/ediags/de...e/HPDEXAXO.cab
O16 - DPF: (BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B) (Zylom Games Player) -- http://game07.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: (D27CDB6E-AE6D-11CF-96B8-444553540000) (Shockwave Flash Object) -- http://fpdownload2.macromedia.com/ge...nt/swflash.cab
O20 - Winlogon Notify:! SASWinLogon - C: \ Programfiler \ SUPERAntiSpyware \ SASWINLO.dll
O20 - Winlogon Notify: tuvsqpq - tuvsqpq.dll (fil mangler)
O20 - Winlogon Notify: yaywuvw - yaywuvw.dll (fil mangler)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C: \ Programfiler \ Lavasoft \ Ad-Aware 2007 \ aawservice.exe
O23 - Service: AMD RAIDXpert (AMDRAIDXpert) - Unknown owner - C: \ Program Files \ AMD \ RAIDXpert \ brygga \ ekstra \ win32 \ Wrapper.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C: \ Programfiler \ Fellesfiler \ Apple \ Mobile Device Support \ bin \ AppleMobileDeviceService.exe
O23 - Service: ATI Hurtigtast Poller - ATI Technologies Inc. - C: \ WINDOWS \ system32 \ Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C: \ WINDOWS \ system32 \ ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - Grisoft sro - C: \ Programfiler \ Grisoft \ AVG Anti-Spyware 7.5 \ guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - Grisoft, sro - C: \ progra ~ 1 \ Grisoft \ AVG7 \ avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - Grisoft, sro - C: \ progra ~ 1 \ Grisoft \ AVG7 \ avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - Grisoft, sro - C: \ progra ~ 1 \ Grisoft \ AVG7 \ avgemc.exe
O23 - Service: Bonjour Service - Apple Inc. - C: \ Programfiler \ Bonjour \ mDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Google - C: \ Programfiler \ Google \ Common \ Google Updater \ GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C: \ Programfiler \ Fellesfiler \ InstallShield \ Driver \ 11 \ Intel 32 \ IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C: \ Programfiler \ iPod \ bin \ iPodService.exe
O23 - Service: Pml Driver HPZ12 - Unknown owner - C: \ WINDOWS \ system32 \ HPZipm12.exe (fil mangler)
O23 - Service: SPAMfighter Update Service - SPAMfighter ApS - C: \ Program Files \ SPAMfighter \ sfus.exe
O23 - Service: WLTRYSVC - Unknown owner - C: \ WINDOWS \ system32 \ wltrysvc.exe
O23 - Service: YPCService - Yahoo! Inc. - C: \ WINDOWS \ system32 \ YPCSER ~ 1.EXE
--
End of file - 10856 bytes

Mange takk

**evilfantasy** · #7 5 april 2008, 01:27

Ser ut som det var mye fjernet, er det fortsatt noen tvilsomme oppføringer i Hijackthis loggen så vi må kjøre litt ulike verktøy.

Laste ned Vundofix.exe på skrivebordet.

Dobbeltklikk VundoFix.exe å kjøre den.
Når VundoFix åpnes, klikker du Scan for Vundo knappen.
Når det er gjort skanning, klikker du Fjern Vundo knappen.
Du vil motta en melding som spør om du vil fjerne filer, klikker JA
Når du klikker Ja, skrivebordet vil gå tom så det begynner å fjerne Vundo.
Når denne er gjennomført, vil det om at det vil avslutningsprosessen datamaskinen, klikker du OK.
Slå maskinen på igjen.
Vær innlegget innholdet i C: \vundofix.txt og en ny HiJackThis logg.

Merk: Det er mulig at VundoFix oppstått en fil den ikke kunne fjerne. I dette tilfellet VundoFix vil kjøre på omstart, følger ovennevnte instruksjoner fra "Klikk på Scan for Vundo knappen" når VundoFix vises omstart.

Gi Vundo ferdig, noen ganger kan det ta flere passerer

----------

Laste ned SDFix.exe og lagre det til skrivebordet ditt.

Dobbeltklikk SDFix.exe og det vil pakke ut filene i% systemdrive%
(Stasjonen som inneholder Windows-katalogen, vanligvis C: \ SDFix)

Fyll deretter starte datamaskinen på nytt i Sikkermodus ved å gjøre følgende:

Start maskinen på nytt
Etter å ha hørt maskinen piper én gang under oppstart, men før Windows vises, trykker du F8 kontinuerlig;
I stedet for Windows lasting som normalt, Avansert alternativmenyen skal vises;
Velg det første alternativet, å kjøre Windows i sikkermodus, og trykk deretter på Angi.
Velg din vanlige konto.
Åpne de utpakkede SDFix mappe og dobbeltklikk RunThis.bat å starte skriptet.
Type Y å starte Cleanup prosessen.
Det vil fjerne enhver Trojan Service og registeroppføringene den finner deretter be deg om å trykke en tast for å starte på nytt.
Trykk på en tast og det vil starte PC.
Når PC-en starter Fixtool vil kjøre igjen og fullføre fjerningen deretter vise Ferdig, Trykker på en tast for å avslutte skriptet og laste desktop ikoner.
Når skrivebordsikonene laste SDFix rapporten åpnes på skjermen, og også lagre i SDFix mappen som Report.txt
(Report.txt vil også bli kopiert til utklippstavlen).
Legger innholdet i Report.txt i ditt neste innlegg.

----------

Nå kjøre en ny Hijackthis scan og etter mye logge sammen med andre.

Også at jeg vet hvordan ting er nå.

**RB211** · #8 5 april 2008, 02:23

OK Neste to.

VundoFix V7.0.3
Scan started at 10:07:05 05/04/2008
Liste filer funnet under søk ....
C: \ WINDOWS \ system32 \ anthkpru.dll
Begynnelsen fjerning ...
Forsøk å slette C: \ WINDOWS \ system32 \ anthkpru.dll
C: \ WINDOWS \ system32 \ anthkpru.dll har blitt slettet!
Performing Repairs til registret.
Ferdig!

Logfile of Trend Micro HijackThis v2.0.2
Scan lagret 10:18:53, on 05/04/2008
Plattform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Kjører prosesser:
C: \ WINDOWS \ System32 \ smss.exe
C: \ WINDOWS \ system32 \ Winlogon.exe
C: \ WINDOWS \ system32 \ Services.exe
C: \ WINDOWS \ system32 \ Lsass.exe
C: \ WINDOWS \ system32 \ Ati2evxx.exe
C: \ WINDOWS \ system32 \ Svchost.exe
C: \ WINDOWS \ system32 \ Svchost.exe
C: \ WINDOWS \ system32 \ Ati2evxx.exe
C: \ WINDOWS \ system32 \ Spoolsv.exe
C: \ WINDOWS \ Explorer.exe
C: \ Program Files \ AMD \ RAIDXpert \ brygga \ ekstra \ win32 \ Wrapper.exe
C: \ Programfiler \ Fellesfiler \ Apple \ Mobile Device Support \ bin \ AppleMobileDeviceService.exe
C: \ Programfiler \ Grisoft \ AVG Anti-Spyware 7.5 \ guard.exe
C: \ Program Files \ AMD \ RAIDXpert \ _jvm \ bin \ java.exe
C: \ progra ~ 1 \ Grisoft \ AVG7 \ avgamsvr.exe
C: \ WINDOWS \ system32 \ rundll32.exe
C: \ Programfiler \ btbb_wcm \ McciTrayApp.exe
C: \ progra ~ 1 \ Yahoo! \ Browser \ ybrwicon.exe
C: \ progra ~ 1 \ Grisoft \ AVG7 \ avgupsvc.exe
C: \ Programfiler \ HP \ HP Software Update \ HPWuSchd2.exe
C: \ progra ~ 1 \ Grisoft \ AVG7 \ avgemc.exe
C: \ Programfiler \ Logitech \ MediaLife \ MediaLifeService.exe
C: \ progra ~ 1 \ Yahoo! \ Browser \ ycommon.exe
C: \ WINDOWS \ Samsung \ LaserSMMgr \ ssmmgr.exe
C: \ Programfiler \ Bonjour \ mDNSResponder.exe
C: \ progra ~ 1 \ Yahoo! \ YOP \ yop.exe
C: \ Programfiler \ Google \ Common \ Google Updater \ GoogleUpdaterService.exe
C: \ Program Files \ SPAMfighter \ SFAgent.exe
C: \ Program Files \ SPAMfighter \ sfus.exe
C: \ WINDOWS \ system32 \ Svchost.exe
C: \ WINDOWS \ system32 \ wltrysvc.exe
C: \ WINDOWS \ system32 \ bcmwltry.exe
C: \ Programfiler \ BT bredbånd Desktop \ bin \ BTHelpNotifier.exe
C: \ Programfiler \ ATI Technologies \ ATI.ACE \ Core-Static \ MOM.EXE
C: \ WINDOWS \ system32 \ Spool \ drivers \ w32x86 \ 3 \ hpztsb0 4.exe
C: \ progra ~ 1 \ Grisoft \ AVG7 \ avgcc.exe
C: \ progra ~ 1 \ MI948F ~ 1 \ GAMECO ~ 1 \ Common \ SWTrayV4.exe
C: \ Programfiler \ Microsoft IntelliType Pro \ itype.exe
C: \ Programfiler \ Microsoft IntelliPoint \ ipoint.exe
C: \ Programfiler \ Microsoft IntelliPoint \ dpupdchk.exe
C: \ Programfiler \ Grisoft \ AVG Anti-Spyware 7.5 \ avgas.exe
C: \ Programfiler \ Java \ jre1.6.0_05 \ bin \ jusched.exe
C: \ progra ~ 1 \ Yahoo! \ YOP \ SSDK02.exe
C: \ Programfiler \ iTunes \ iTunesHelper.exe
C: \ WINDOWS \ system32 \ Ctfmon.exe
C: \ Programfiler \ Google \ GoogleToolbarNotifier \ GoogleToolbarNo tifier.exe
C: \ Programfiler \ DNA \ btdna.exe
C: \ WINDOWS \ system32 \ msiexec.exe
C: \ Programfiler \ iPod \ bin \ iPodService.exe
C: \ Programfiler \ Messenger \ msmsgs.exe
C: \ Programfiler \ SUPERAntiSpyware \ SUPERAntiSpyware.exe
C: \ Programfiler \ ATI Technologies \ ATI.ACE \ Core-Static \ ccc.exe
C: \ Programfiler \ HP \ Digital Imaging \ bin \ hpqtra08.exe
C: \ WINDOWS \ system32 \ Svchost.exe
C: \ Programfiler \ BT bredbånd Desktop \ bin \ mpbtn.exe
C: \ Programfiler \ NETGEAR WG311v2 kort \ wlancfg5.exe
C: \ Programfiler \ Java \ jre1.6.0_05 \ bin \ javaw.exe
C: \ WINDOWS \ system32 \ wuauclt.exe
C: \ Programfiler \ Internet Explorer \ iexplore.exe
C: \ WINDOWS \ system32 \ wuauclt.exe
C: \ Programfiler \ Trend Micro \ HijackThis \ HijackThis.exe
R0 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://news.bbc.co.uk/sport1/hi/football/default.stm
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Search Bar = http://uk.red.clientapps.yahoo.com/c...o/bt_side.html
R1 - HKCU \ Software \ Microsoft \ Windows \ CurrentVersion \ Int ernet Settings, ProxyOverride = 127.0.0.1, *. lokale
R3 - URLSearchHook: Yahoo! Toolbar - (EF99BD32-C1FB-11D2-892F-0090271D4F88) - C: \ Programfiler \ Yahoo! \ Companion \ Installerer \ cpn0 \ yt.dll
O2 - BHO: (no name) - (3CAB59B4-55A3-4737-9FD5-B93C6430BF75) - C: \ WINDOWS \ system32 \ sjmxcfmu.dll
O2 - BHO: SSVHelper Class - (761497BB-D6F0-462C-B6EB-D4DAF1D92D43) - C: \ Programfiler \ Java \ jre1.6.0_05 \ bin \ ssv.dll
O3 - Toolbar: Yahoo! Toolbar - (EF99BD32-C1FB-11D2-892F-0090271D4F88) - C: \ Programfiler \ Yahoo! \ Companion \ Installerer \ cpn0 \ yt.dll
O3 - Toolbar: & Google - (2318C2B1-4965-11D4-9B18-009027A5CD4F) - c: \ Programfiler \ Google \ googletoolbar1.dll
O3 - Toolbar: Ask Toolbar - (F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA) - C: \ Programfiler \ AskSBar \ bar \ 1.bin \ ASKSBAR.DLL
O4 - HKLM \ .. \ Run: [C6501Sound] rundll32 c6501.cpl, CMICtrlWnd
O4 - HKLM \ .. \ Run: [btbb_wcm_McciTrayApp] C: \ Programfiler \ btbb_wcm \ McciTrayApp.exe
O4 - HKLM \ .. \ Run: [YBrowser] C: \ progra ~ 1 \ Yahoo! \ Browser \ ybrwicon.exe
O4 - HKLM \ .. \ Run: [HPHUPD08] C: \ Programfiler \ HP \ Digital Imaging \ (33D6CC28-9F75-4d1b-A11D-98895B3A3729) \ hphupd08.exe
O4 - HKLM \ .. \ Run: [HP Software Update] C: \ Programfiler \ HP \ HP Software Update \ HPWuSchd2.exe
O4 - HKLM \ .. \ Run: [MediaLifeService] "C: \ Programfiler \ Logitech \ MediaLife \ MediaLifeService.exe"
O4 - HKLM \ .. \ Run: [Samsung LBP SM] "C: \ WINDOWS \ Samsung \ LaserSMMgr \ ssmmgr.exe" / autorun
O4 - HKLM \ .. \ Run: [YOP] C: \ progra ~ 1 \ Yahoo! \ YOP \ yop.exe / autostart
O4 - HKLM \ .. \ Run: [SPAMfighter Agent] "C: \ Program Files \ SPAMfighter \ SFAgent.exe" update delay 60
O4 - HKLM \ .. \ Run: [btbb_McciTrayApp] C: \ Programfiler \ BT bredbånd Desktop \ bin \ BTHelpNotifier.exe
O4 - HKLM \ .. \ Run: [StartCCC] "C: \ Programfiler \ ATI Technologies \ ATI.ACE \ Core-Static \ CLIStart.exe"
O4 - HKLM \ .. \ Run: [amd_dc_opt] C: \ Program Files \ AMD \ Dual-Core Optimizer \ amd_dc_opt.exe
O4 - HKLM \ .. \ Run: [HPDJ Oppgavelinjen Utility] C: \ WINDOWS \ system32 \ Spool \ drivers \ w32x86 \ 3 \ hpztsb0 4.exe
O4 - HKLM \ .. \ Run: [AVG7_CC] C: \ progra ~ 1 \ Grisoft \ AVG7 \ avgcc.exe / STARTUP
O4 - HKLM \ .. \ Run: [SideWinderTrayV4] C: \ progra ~ 1 \ MI948F ~ 1 \ GAMECO ~ 1 \ Common \ SWTrayV4.exe
O4 - HKLM \ .. \ Run: [itype] "C: \ Programfiler \ Microsoft IntelliType Pro \ itype.exe"
O4 - HKLM \ .. \ Run: [IntelliPoint] "C: \ Programfiler \ Microsoft IntelliPoint \ ipoint.exe"
O4 - HKLM \ .. \ Run: [! AVG Anti-Spyware] "C: \ Programfiler \ Grisoft \ AVG Anti-Spyware 7.5 \ avgas.exe" / minimeres
O4 - HKLM \ .. \ Run: [SunJavaUpdateSched] "C: \ Programfiler \ Java \ jre1.6.0_05 \ bin \ jusched.exe"
O4 - HKLM \ .. \ Run: [QuickTime Task] "C: \ Programfiler \ QuickTime \ QTTask.exe"-atboottime
O4 - HKLM \ .. \ Run: [iTunesHelper] "C: \ Programfiler \ iTunes \ iTunesHelper.exe"
O4 - HKCU \ .. \ Run: [Ctfmon.exe] C: \ WINDOWS \ system32 \ Ctfmon.exe
O4 - HKCU \ .. \ Run: [swg] C: \ Programfiler \ Google \ GoogleToolbarNotifier \ GoogleToolbarNo tifier.exe
O4 - HKCU \ .. \ Run: [BitTorrent DNA] "C: \ Programfiler \ DNA \ btdna.exe"
O4 - HKCU \ .. \ Run: [MSMSGS] "C: \ Programfiler \ Messenger \ msmsgs.exe" / background
O4 - HKCU \ .. \ Run: [SUPERAntiSpyware] C: \ Programfiler \ SUPERAntiSpyware \ SUPERAntiSpyware.exe
O4 - HKUS \ S-1-5-19 \ .. \ Run: [Ctfmon.exe] C: \ WINDOWS \ system32 \ Ctfmon.exe (User 'LOCAL SERVICE')
O4 - HKUS \ S-1-5-19 \ .. \ Run: [AVG7_Run] C: \ progra ~ 1 \ Grisoft \ AVG7 \ avgw.exe / RunOnce (User 'LOCAL SERVICE')
O4 - HKUS \ S-1-5-20 \ .. \ Run: [Ctfmon.exe] C: \ WINDOWS \ system32 \ Ctfmon.exe (User 'NETWORK SERVICE')
O4 - HKUS \ S-1-5-18 \ .. \ Run: [Ctfmon.exe] C: \ WINDOWS \ system32 \ Ctfmon.exe (User 'SYSTEM')
O4 - HKUS \. DEFAULT \ .. \ Run: [Ctfmon.exe] C: \ WINDOWS \ system32 \ Ctfmon.exe (User 'Default user')
O4 - Startup: MP3 Rocket (Minimert). Lnk = C: \ Programfiler \ MP3 Rocket \ MP3Rocket.exe
O4 - Global Startup: BT bredbånd Desktop Help.lnk = C: \ Programfiler \ BT bredbånd Desktop \ bin \ matcli.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C: \ Programfiler \ HP \ Digital Imaging \ bin \ hpqtra08.exe
O4 - Global Startup: NETGEAR WG311v2 Smart Configuration.lnk = C: \ Programfiler \ NETGEAR WG311v2 kort \ wlancfg5.exe
O8 - Extra sammenheng menyelement: & Clean spor - C: \ Program Files \ DAP \ Privacy Package \ dapcleanerie.htm
O8 - Extra sammenheng menyelement: & Download med & DAP - C: \ Program Files \ DAP \ dapextie.htm
O8 - Extra sammenheng menyelement: Download & alle med DAP - C: \ Program Files \ DAP \ dapextie2.htm
O9 - Extra knappen: (no name) - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Programfiler \ Java \ jre1.6.0_05 \ bin \ ssv.dll
O9 - Extra "Verktøy" MENUITEM: Sun Java Console - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Programfiler \ Java \ jre1.6.0_05 \ bin \ ssv.dll
O9 - Extra knappen: BT Yahoo! Services - (5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897) - c: \ progra ~ 1 \ Yahoo! \ Common \ yiesrvc.dll
O9 - Extra knappen: Messenger - (FB5F1910-F110-11d2-BB9E-00C04F795683) - C: \ Programfiler \ Messenger \ msmsgs.exe
O9 - Extra "Verktøy" MENUITEM: Windows Messenger - (FB5F1910-F110-11d2-BB9E-00C04F795683) - C: \ Programfiler \ Messenger \ msmsgs.exe
O16 - DPF: (17492023-C23A-453E-A040-C7C580BBF700) (Windows Genuine Advantage Validation Tool) -- http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: (30528230-99f7-4bb4-88d8-fa1d4f56a2ab) (Installation Support) - C: \ Programfiler \ Yahoo! \ Common \ Yinsthelper20073151.dll
O16 - DPF: (6F15128C-E66A-490C-B848-5000B5ABEEAC) (HP Download Manager) -- https: / / h20436.www2.hp.com/ediags/de...e/HPDEXAXO.cab
O16 - DPF: (BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B) (Zylom Games Player) -- http://game07.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: (D27CDB6E-AE6D-11CF-96B8-444553540000) (Shockwave Flash Object) -- http://fpdownload2.macromedia.com/ge...nt/swflash.cab
O20 - Winlogon Notify:! SASWinLogon - C: \ Programfiler \ SUPERAntiSpyware \ SASWINLO.dll
O20 - Winlogon Notify: tuvsqpq - tuvsqpq.dll (fil mangler)
O20 - Winlogon Notify: yaywuvw - yaywuvw.dll (fil mangler)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C: \ Programfiler \ Lavasoft \ Ad-Aware 2007 \ aawservice.exe
O23 - Service: AMD RAIDXpert (AMDRAIDXpert) - Unknown owner - C: \ Program Files \ AMD \ RAIDXpert \ brygga \ ekstra \ win32 \ Wrapper.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C: \ Programfiler \ Fellesfiler \ Apple \ Mobile Device Support \ bin \ AppleMobileDeviceService.exe
O23 - Service: ATI Hurtigtast Poller - ATI Technologies Inc. - C: \ WINDOWS \ system32 \ Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C: \ WINDOWS \ system32 \ ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - Grisoft sro - C: \ Programfiler \ Grisoft \ AVG Anti-Spyware 7.5 \ guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - Grisoft, sro - C: \ progra ~ 1 \ Grisoft \ AVG7 \ avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - Grisoft, sro - C: \ progra ~ 1 \ Grisoft \ AVG7 \ avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - Grisoft, sro - C: \ progra ~ 1 \ Grisoft \ AVG7 \ avgemc.exe
O23 - Service: Bonjour Service - Apple Inc. - C: \ Programfiler \ Bonjour \ mDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Google - C: \ Programfiler \ Google \ Common \ Google Updater \ GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C: \ Programfiler \ Fellesfiler \ InstallShield \ Driver \ 11 \ Intel 32 \ IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C: \ Programfiler \ iPod \ bin \ iPodService.exe
O23 - Service: Pml Driver HPZ12 - Unknown owner - C: \ WINDOWS \ system32 \ HPZipm12.exe (fil mangler)
O23 - Service: SPAMfighter Update Service - SPAMfighter ApS - C: \ Program Files \ SPAMfighter \ sfus.exe
O23 - Service: WLTRYSVC - Unknown owner - C: \ WINDOWS \ system32 \ wltrysvc.exe
O23 - Service: YPCService - Yahoo! Inc. - C: \ WINDOWS \ system32 \ YPCSER ~ 1.EXE
--
End of file - 10853 bytes

**evilfantasy** · #9 5 april 2008, 02:36

SDFix log?

**RB211** · #10 5 april 2008, 02:51

OK SDFix og siste snikskytter:

Skål

SDFix: Versjon 1.166
Kjør av Danny på 05/04/2008 til 10:38
Microsoft Windows XP [Versjon 5.1.2600]
Running Fra: C: \ sdfix \ SDFix
Checking Services :

Gjenopprette Windows Registry Values
Gjenopprette Windows Default Hosts File
Start

Checking Files :
Trojan Files Found:
C: \ WINDOWS \ Temp \ 1852.tmp.lst - Slettet
C: \ WINDOWS \ Temp \ 2723.tmp.lst - Slettet
C: \ WINDOWS \ Temp \ 2F76.tmp.lst - Slettet
C: \ WINDOWS \ Temp \ 541A.tmp.lst - Slettet
C: \ WINDOWS \ Temp \ 580D.tmp.lst - Slettet
C: \ WINDOWS \ Temp \ 6E54.tmp.lst - Slettet
C: \ WINDOWS \ fetchuserid.exe - Slettet

Mappen C: \ Programfiler \ drmupgds - Removed

Fjerne Temp Files
ADS Check :

Final Check :
CatchMe 0.3.1344.2 W2K/XP/Vista - rootkit / skjulemodus malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-05 10:44:19
Windows 5.1.2600 Service Pack 2 NTFS
skanning skjulte prosesser ...
skanning skjulte tjenester & Systemstrukturen ...
scanning hidden registeroppføringene ...
skanning skjulte filer ...
skanning er fullført
skjulte prosesser: 0
skjulte tjenester: 0
skjulte filer: 0

Resterende Services :

Authorized Application Key Export:
[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ tjenester es \ sharedaccess \ Parameters \ firewallpolicy \ standard profil \ authorizedapplications \ listen]
"C: \ \ Program Files \ \ BitTorrent \ \ bittorrent.exe" = "C: \ \ Program Files \ \ BitTorrent \ \ bittorrent.exe: *: Enabled: BitTor leie"
"C: \ \ Program Files \ \ DNA \ \ btdna.exe" = "C: \ \ Program Files \ \ DNA \ \ btdna.exe: *: Enabled: DNA"
"C: \ \ Program Files \ \ ICQ \ \ Icq.exe" = "C: \ \ Program Files \ \ ICQ \ \ Icq.exe: *: Enabled: ICQ"
"C: \ \ Program Files \ \ Yahoo! \ \ Messenger \ \ YahooMessenger.exe" = "C: \ \ Program Files \ \ Yahoo! \ \ Messenger \ \ YahooMessenger.exe: *: Ena blødde: Yahoo Messenger"
"C: \ \ Program Files \ \ LimeWire \ \ LimeWire.exe" = "C: \ \ Program Files \ \ LimeWire \ \ LimeWire.exe: *: Enabled: LimeWire"
"D: \ \ Program Files \ \ Microsoft Games \ Flight Simulator 9 \ \ fs9.exe" = "D: \ \ Program Files \ \ Microsoft Games \ Flight Simulator 9 \ \ fs9.exe: *: Enabled: Microsoft Flight Simulator "
"C: \ \ WINDOWS \ \ system32 \ \ dpnsvr.exe" = "C: \ \ WINDOWS \ \ system32 \ \ dpnsvr.exe: *: Enabled: Microsoft DirectPlay8 Server"
"C: \ \ Program Files \ \ Kontiki \ \ KService.exe" = "C: \ \ Program Files \ \ Kontiki \ \ KService.exe: *: Enabled: Delivery Manager Service"
"C: \ \ Program Files \ \ Ubisoft \ \ gir Software \ \ BrothersInArmsEiB \ \ System \ \ EiB.exe" = "C: \ \ Program Files \ \ Ubisoft \ \ gir Software \ \ BrothersInArmsEiB \ \ System \ \ EIB . exe: *: Ena bled: Brothers In Arms tjent i Blood "
"C: \ \ Ventilverksted \ \ Condition Zero \ \ czero.exe" = "C: \ \ Ventilverksted \ \ Condition Zero \ \ czero.exe: *: Enabled: Condition Zero Launcher"
"C: \ \ Program Files \ \ Java \ \ jre1.6.0_04 \ \ bin \ \ javaw.exe" = "C: \ \ Pro gram Files \ \ Java \ \ jre1.6.0_04 \ \ bin \ \ javaw. exe: *: Enabled: Java (TM) Platform SE binary "
"C: \ \ Program Files \ DAP \ \ DAP.exe" = "C: \ \ Program Files \ DAP \ \ DAP.exe: *: Enabled: Download Accelerator Plus (DAP)
"% windir% \ \ system32 \ \ sessmgr.exe" = "% windir% \ \ systemet m32 \ \ sessmgr.exe: *: Enabled: @ xpsp2res.dll, -22019"
"C: \ \ Program Files \ \ SpeedBit Video Accelerator \ \ VideoAccelerator.exe" = "C: \ \ Program Files \ \ SpeedBit Video Accelerator \ \ VideoAccelerator.exe: *: Enabled: VideoA ccelerator"
"C: \ \ Program Files \ \ SpeedBit Video Accelerator \ \ VideoAcceleratorEngine.exe" = "C: \ \ Prog ram Files \ \ SpeedBit Video Accelerator \ \ VideoAcceleratorEngine.exe: *: Enabled: VideoAcceleratorService"
"C: \ \ Program Files \ \ Java \ \ jre1.6.0_05 \ \ bin \ \ javaw.exe" = "C: \ \ Pro gram Files \ \ Java \ \ jre1.6.0_05 \ \ bin \ \ javaw. exe: *: Enabled: Java (TM) Platform SE binary "
"C: \ \ Program Files \ \ iTunes \ \ iTunes.exe" = "C: \ \ Program Files \ \ iTunes \ \ iTunes.exe: *: Enabled: iTunes"
[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ tjenester es \ sharedaccess \ Parameters \ firewallpolicy \ domainpr ofile \ authorizedapplications \ listen]
"% windir% \ \ system32 \ \ sessmgr.exe" = "% windir% \ \ systemet m32 \ \ sessmgr.exe: *: Enabled: @ xpsp2res.dll, -22019"
Resterende Filer :

Fil sikkerhetskopier: - C: \ sdfix \ SDFix \ backup \ backups.zip
Filer med skjulte attributter :
Tirsdag 5 februar 2008 4.348 A.SH. --- "C: \ Documents and Settings \ All Users \ DRM \ DRMv1.bak"
Mandag 28 januar 2008 0 A.SH. --- "C: \ Documents and Settings \ All Users \ DRM \ Cache \ Indiv01.tmp"
Ferdig!

og

Logfile of Trend Micro HijackThis v2.0.2
Scan lagret 10:48:43, on 05/04/2008
Plattform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Kjører prosesser:
C: \ WINDOWS \ System32 \ smss.exe
C: \ WINDOWS \ system32 \ Csrss.exe
C: \ WINDOWS \ system32 \ Winlogon.exe
C: \ WINDOWS \ system32 \ Services.exe
C: \ WINDOWS \ system32 \ Lsass.exe
C: \ WINDOWS \ system32 \ Ati2evxx.exe
C: \ WINDOWS \ system32 \ Svchost.exe
C: \ WINDOWS \ system32 \ Svchost.exe
C: \ WINDOWS \ system32 \ Svchost.exe
C: \ WINDOWS \ system32 \ Svchost.exe
C: \ WINDOWS \ system32 \ Ati2evxx.exe
C: \ WINDOWS \ system32 \ Svchost.exe
C: \ WINDOWS \ system32 \ Spoolsv.exe
C: \ Program Files \ AMD \ RAIDXpert \ brygga \ ekstra \ win32 \ Wrapper.exe
C: \ Programfiler \ Fellesfiler \ Apple \ Mobile Device Support \ bin \ AppleMobileDeviceService.exe
C: \ Programfiler \ Grisoft \ AVG Anti-Spyware 7.5 \ guard.exe
C: \ progra ~ 1 \ Grisoft \ AVG7 \ avgamsvr.exe
C: \ Program Files \ AMD \ RAIDXpert \ _jvm \ bin \ java.exe
C: \ progra ~ 1 \ Grisoft \ AVG7 \ avgupsvc.exe
C: \ progra ~ 1 \ Grisoft \ AVG7 \ avgemc.exe
C: \ Programfiler \ Bonjour \ mDNSResponder.exe
C: \ Programfiler \ Google \ Common \ Google Updater \ GoogleUpdaterService.exe
C: \ Program Files \ SPAMfighter \ sfus.exe
C: \ WINDOWS \ system32 \ Svchost.exe
C: \ WINDOWS \ system32 \ wltrysvc.exe
C: \ WINDOWS \ system32 \ bcmwltry.exe
C: \ WINDOWS \ Explorer.exe
C: \ WINDOWS \ System32 \ alg.exe
C: \ WINDOWS \ system32 \ wuauclt.exe
C: \ WINDOWS \ system32 \ rundll32.exe
C: \ Programfiler \ btbb_wcm \ McciTrayApp.exe
C: \ WINDOWS \ system32 \ wuauclt.exe
C: \ WINDOWS \ system32 \ Svchost.exe
C: \ progra ~ 1 \ Yahoo! \ Browser \ ybrwicon.exe
C: \ progra ~ 1 \ Yahoo! \ Browser \ ycommon.exe
C: \ Programfiler \ HP \ HP Software Update \ HPWuSchd2.exe
C: \ Programfiler \ Logitech \ MediaLife \ MediaLifeService.exe
C: \ WINDOWS \ Samsung \ LaserSMMgr \ ssmmgr.exe
C: \ progra ~ 1 \ Yahoo! \ YOP \ yop.exe
C: \ Program Files \ SPAMfighter \ SFAgent.exe
C: \ Programfiler \ BT bredbånd Desktop \ bin \ BTHelpNotifier.exe
C: \ Programfiler \ ATI Technologies \ ATI.ACE \ Core-Static \ MOM.EXE
C: \ WINDOWS \ system32 \ msiexec.exe
C: \ WINDOWS \ system32 \ Spool \ drivers \ w32x86 \ 3 \ hpztsb0 4.exe
C: \ progra ~ 1 \ Grisoft \ AVG7 \ avgcc.exe
C: \ progra ~ 1 \ MI948F ~ 1 \ GAMECO ~ 1 \ Common \ SWTrayV4.exe
C: \ Programfiler \ Microsoft IntelliType Pro \ itype.exe
C: \ Programfiler \ Microsoft IntelliPoint \ ipoint.exe
C: \ Programfiler \ Microsoft IntelliType Pro \ dpupdchk.exe
C: \ progra ~ 1 \ Yahoo! \ YOP \ SSDK02.exe
C: \ Programfiler \ Grisoft \ AVG Anti-Spyware 7.5 \ avgas.exe
C: \ Programfiler \ Java \ jre1.6.0_05 \ bin \ jusched.exe
C: \ WINDOWS \ system32 \ wbem \ wmiprvse.exe
C: \ Programfiler \ iTunes \ iTunesHelper.exe
C: \ WINDOWS \ system32 \ Ctfmon.exe
C: \ Programfiler \ Google \ GoogleToolbarNotifier \ GoogleToolbarNo tifier.exe
C: \ Programfiler \ iPod \ bin \ iPodService.exe
C: \ Programfiler \ DNA \ btdna.exe
C: \ Programfiler \ Messenger \ msmsgs.exe
C: \ Programfiler \ SUPERAntiSpyware \ SUPERAntiSpyware.exe
C: \ Programfiler \ BT bredbånd Desktop \ bin \ mpbtn.exe
C: \ Programfiler \ HP \ Digital Imaging \ bin \ hpqtra08.exe
C: \ Programfiler \ NETGEAR WG311v2 kort \ wlancfg5.exe
C: \ Programfiler \ Java \ jre1.6.0_05 \ bin \ javaw.exe
C: \ Programfiler \ ATI Technologies \ ATI.ACE \ Core-Static \ ccc.exe
C: \ Programfiler \ Trend Micro \ HijackThis \ HijackThis.exe
C: \ WINDOWS \ system32 \ wbem \ wmiprvse.exe
R0 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://news.bbc.co.uk/sport1/hi/football/default.stm
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Search Bar = http://uk.red.clientapps.yahoo.com/c...o/bt_side.html
R1 - HKCU \ Software \ Microsoft \ Windows \ CurrentVersion \ Int ernet Settings, ProxyOverride = 127.0.0.1, *. lokale
R3 - URLSearchHook: Yahoo! Toolbar - (EF99BD32-C1FB-11D2-892F-0090271D4F88) - C: \ Programfiler \ Yahoo! \ Companion \ Installerer \ cpn0 \ yt.dll
O2 - BHO: (no name) - (3CAB59B4-55A3-4737-9FD5-B93C6430BF75) - C: \ WINDOWS \ system32 \ sjmxcfmu.dll
O2 - BHO: SSVHelper Class - (761497BB-D6F0-462C-B6EB-D4DAF1D92D43) - C: \ Programfiler \ Java \ jre1.6.0_05 \ bin \ ssv.dll
O3 - Toolbar: Yahoo! Toolbar - (EF99BD32-C1FB-11D2-892F-0090271D4F88) - C: \ Programfiler \ Yahoo! \ Companion \ Installerer \ cpn0 \ yt.dll
O3 - Toolbar: & Google - (2318C2B1-4965-11D4-9B18-009027A5CD4F) - c: \ Programfiler \ Google \ googletoolbar1.dll
O3 - Toolbar: Ask Toolbar - (F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA) - C: \ Programfiler \ AskSBar \ bar \ 1.bin \ ASKSBAR.DLL
O4 - HKLM \ .. \ Run: [C6501Sound] rundll32 c6501.cpl, CMICtrlWnd
O4 - HKLM \ .. \ Run: [btbb_wcm_McciTrayApp] C: \ Programfiler \ btbb_wcm \ McciTrayApp.exe
O4 - HKLM \ .. \ Run: [YBrowser] C: \ progra ~ 1 \ Yahoo! \ Browser \ ybrwicon.exe
O4 - HKLM \ .. \ Run: [HPHUPD08] C: \ Programfiler \ HP \ Digital Imaging \ (33D6CC28-9F75-4d1b-A11D-98895B3A3729) \ hphupd08.exe
O4 - HKLM \ .. \ Run: [HP Software Update] C: \ Programfiler \ HP \ HP Software Update \ HPWuSchd2.exe
O4 - HKLM \ .. \ Run: [MediaLifeService] "C: \ Programfiler \ Logitech \ MediaLife \ MediaLifeService.exe"
O4 - HKLM \ .. \ Run: [Samsung LBP SM] "C: \ WINDOWS \ Samsung \ LaserSMMgr \ ssmmgr.exe" / autorun
O4 - HKLM \ .. \ Run: [YOP] C: \ progra ~ 1 \ Yahoo! \ YOP \ yop.exe / autostart
O4 - HKLM \ .. \ Run: [SPAMfighter Agent] "C: \ Program Files \ SPAMfighter \ SFAgent.exe" update delay 60
O4 - HKLM \ .. \ Run: [btbb_McciTrayApp] C: \ Programfiler \ BT bredbånd Desktop \ bin \ BTHelpNotifier.exe
O4 - HKLM \ .. \ Run: [StartCCC] "C: \ Programfiler \ ATI Technologies \ ATI.ACE \ Core-Static \ CLIStart.exe"
O4 - HKLM \ .. \ Run: [amd_dc_opt] C: \ Program Files \ AMD \ Dual-Core Optimizer \ amd_dc_opt.exe
O4 - HKLM \ .. \ Run: [HPDJ Oppgavelinjen Utility] C: \ WINDOWS \ system32 \ Spool \ drivers \ w32x86 \ 3 \ hpztsb0 4.exe
O4 - HKLM \ .. \ Run: [AVG7_CC] C: \ progra ~ 1 \ Grisoft \ AVG7 \ avgcc.exe / STARTUP
O4 - HKLM \ .. \ Run: [SideWinderTrayV4] C: \ progra ~ 1 \ MI948F ~ 1 \ GAMECO ~ 1 \ Common \ SWTrayV4.exe
O4 - HKLM \ .. \ Run: [itype] "C: \ Programfiler \ Microsoft IntelliType Pro \ itype.exe"
O4 - HKLM \ .. \ Run: [IntelliPoint] "C: \ Programfiler \ Microsoft IntelliPoint \ ipoint.exe"
O4 - HKLM \ .. \ Run: [! AVG Anti-Spyware] "C: \ Programfiler \ Grisoft \ AVG Anti-Spyware 7.5 \ avgas.exe" / minimeres
O4 - HKLM \ .. \ Run: [SunJavaUpdateSched] "C: \ Programfiler \ Java \ jre1.6.0_05 \ bin \ jusched.exe"
O4 - HKLM \ .. \ Run: [QuickTime Task] "C: \ Programfiler \ QuickTime \ QTTask.exe"-atboottime
O4 - HKLM \ .. \ Run: [iTunesHelper] "C: \ Programfiler \ iTunes \ iTunesHelper.exe"
O4 - HKCU \ .. \ Run: [Ctfmon.exe] C: \ WINDOWS \ system32 \ Ctfmon.exe
O4 - HKCU \ .. \ Run: [swg] C: \ Programfiler \ Google \ GoogleToolbarNotifier \ GoogleToolbarNo tifier.exe
O4 - HKCU \ .. \ Run: [BitTorrent DNA] "C: \ Programfiler \ DNA \ btdna.exe"
O4 - HKCU \ .. \ Run: [MSMSGS] "C: \ Programfiler \ Messenger \ msmsgs.exe" / background
O4 - HKCU \ .. \ Run: [SUPERAntiSpyware] C: \ Programfiler \ SUPERAntiSpyware \ SUPERAntiSpyware.exe
O4 - HKUS \ S-1-5-19 \ .. \ Run: [Ctfmon.exe] C: \ WINDOWS \ system32 \ Ctfmon.exe (User 'LOCAL SERVICE')
O4 - HKUS \ S-1-5-19 \ .. \ Run: [AVG7_Run] C: \ progra ~ 1 \ Grisoft \ AVG7 \ avgw.exe / RunOnce (User 'LOCAL SERVICE')
O4 - HKUS \ S-1-5-20 \ .. \ Run: [Ctfmon.exe] C: \ WINDOWS \ system32 \ Ctfmon.exe (User 'NETWORK SERVICE')
O4 - HKUS \ S-1-5-18 \ .. \ Run: [Ctfmon.exe] C: \ WINDOWS \ system32 \ Ctfmon.exe (User 'SYSTEM')
O4 - HKUS \. DEFAULT \ .. \ Run: [Ctfmon.exe] C: \ WINDOWS \ system32 \ Ctfmon.exe (User 'Default user')
O4 - Startup: MP3 Rocket (Minimert). Lnk = C: \ Programfiler \ MP3 Rocket \ MP3Rocket.exe
O4 - Global Startup: BT bredbånd Desktop Help.lnk = C: \ Programfiler \ BT bredbånd Desktop \ bin \ matcli.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C: \ Programfiler \ HP \ Digital Imaging \ bin \ hpqtra08.exe
O4 - Global Startup: NETGEAR WG311v2 Smart Configuration.lnk = C: \ Programfiler \ NETGEAR WG311v2 kort \ wlancfg5.exe
O8 - Extra sammenheng menyelement: & Clean spor - C: \ Program Files \ DAP \ Privacy Package \ dapcleanerie.htm
O8 - Extra sammenheng menyelement: & Download med & DAP - C: \ Program Files \ DAP \ dapextie.htm
O8 - Extra sammenheng menyelement: Download & alle med DAP - C: \ Program Files \ DAP \ dapextie2.htm
O9 - Extra knappen: (no name) - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Programfiler \ Java \ jre1.6.0_05 \ bin \ ssv.dll
O9 - Extra "Verktøy" MENUITEM: Sun Java Console - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Programfiler \ Java \ jre1.6.0_05 \ bin \ ssv.dll
O9 - Extra knappen: BT Yahoo! Services - (5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897) - c: \ progra ~ 1 \ Yahoo! \ Common \ yiesrvc.dll
O9 - Extra knappen: Messenger - (FB5F1910-F110-11d2-BB9E-00C04F795683) - C: \ Programfiler \ Messenger \ msmsgs.exe
O9 - Extra "Verktøy" MENUITEM: Windows Messenger - (FB5F1910-F110-11d2-BB9E-00C04F795683) - C: \ Programfiler \ Messenger \ msmsgs.exe
O16 - DPF: (17492023-C23A-453E-A040-C7C580BBF700) (Windows Genuine Advantage Validation Tool) -- http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: (30528230-99f7-4bb4-88d8-fa1d4f56a2ab) (Installation Support) - C: \ Programfiler \ Yahoo! \ Common \ Yinsthelper20073151.dll
O16 - DPF: (6F15128C-E66A-490C-B848-5000B5ABEEAC) (HP Download Manager) -- https: / / h20436.www2.hp.com/ediags/de...e/HPDEXAXO.cab
O16 - DPF: (BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B) (Zylom Games Player) -- http://game07.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: (D27CDB6E-AE6D-11CF-96B8-444553540000) (Shockwave Flash Object) -- http://fpdownload2.macromedia.com/ge...nt/swflash.cab
O20 - Winlogon Notify:! SASWinLogon - C: \ Programfiler \ SUPERAntiSpyware \ SASWINLO.dll
O20 - Winlogon Notify: tuvsqpq - tuvsqpq.dll (fil mangler)
O20 - Winlogon Notify: yaywuvw - yaywuvw.dll (fil mangler)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C: \ Programfiler \ Lavasoft \ Ad-Aware 2007 \ aawservice.exe
O23 - Service: AMD RAIDXpert (AMDRAIDXpert) - Unknown owner - C: \ Program Files \ AMD \ RAIDXpert \ brygga \ ekstra \ win32 \ Wrapper.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C: \ Programfiler \ Fellesfiler \ Apple \ Mobile Device Support \ bin \ AppleMobileDeviceService.exe
O23 - Service: ATI Hurtigtast Poller - ATI Technologies Inc. - C: \ WINDOWS \ system32 \ Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C: \ WINDOWS \ system32 \ ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - Grisoft sro - C: \ Programfiler \ Grisoft \ AVG Anti-Spyware 7.5 \ guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - Grisoft, sro - C: \ progra ~ 1 \ Grisoft \ AVG7 \ avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - Grisoft, sro - C: \ progra ~ 1 \ Grisoft \ AVG7 \ avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - Grisoft, sro - C: \ progra ~ 1 \ Grisoft \ AVG7 \ avgemc.exe
O23 - Service: Bonjour Service - Apple Inc. - C: \ Programfiler \ Bonjour \ mDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Google - C: \ Programfiler \ Google \ Common \ Google Updater \ GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C: \ Programfiler \ Fellesfiler \ InstallShield \ Driver \ 11 \ Intel 32 \ IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C: \ Programfiler \ iPod \ bin \ iPodService.exe
O23 - Service: Pml Driver HPZ12 - Unknown owner - C: \ WINDOWS \ system32 \ HPZipm12.exe (fil mangler)
O23 - Service: SPAMfighter Update Service - SPAMfighter ApS - C: \ Program Files \ SPAMfighter \ sfus.exe
O23 - Service: WLTRYSVC - Unknown owner - C: \ WINDOWS \ system32 \ wltrysvc.exe
O23 - Service: YPCService - Yahoo! Inc. - C: \ WINDOWS \ system32 \ YPCSER ~ 1.EXE
--
End of file - 11044 bytes