Enya
-
Innlegg
271 -
Ble med
-
Besøkte siden sist
Innholdstype
Profiler
Forum
Hendelser
Blogger
Om forumet
Innlegg skrevet av Enya
-
-
Ikke at jeg er ekspert på emnet, men slik jeg ser det har du "hindret" trafikken viss vedkomende må bremse ned for å ikke ta rompen på bilen din, og da har du vel ikke holdt vikeplikten din. Uansett om han tar framskjermen eller baken på bilen.
Mitt synstpunkt
-
Ja, er liksom det jeg og har hørt. :/ Har bare gjort det skriftlig, skal ta en tlf i morgen og snakke med de.
Liker ikke helt forskjellen de kjører, to kompiser av meg hadde helt lik "søknad" som meg bare ni på ryggen.. de kom ikke inn. Merkelig prioritering..
-
Det at man ender opp som kaffikoker, kopisjef, etc. er bare skremselspropaganda altså?
Er klar over at jeg brenner alle broer for å få fullført førsteganstjeneste, er litt surt egentlig. :/
-
Jeg beklager at jeg må opprette enda en "dimme" tråd, men jeg trenger noen råd.
Jeg har egentlig lyst til å fullføre førstegangstjenesten, men har ikke lyst inn nå av forskjellige grunner. Søkte derfor utsettelse pga av studier, men dette gikk selvfølgelig ikke gjennom. Jeg blir veldig irritert av sånt når jeg egentlig har lyst inn, men ikke før om ett, eller to år.
Alternativet jeg ser på nå er å gå til legen for å få attest på dårlig rygg. Dette er noe jeg faktisk har, men til daglig ikke har veldig store problemer med, merker det av og til. Legen på sesjonen gav meg 5/9 på ryggen bare ved å se på den (skeiv rygg). Han spurde om jeg slet med ryggen, og om jeg hadde legeerklæring på dette. Legeerklæring er noe jeg ikke har sett på som nødvendig tidligere da de på arbeidsplassen, gymtimer etc. har akseptert at jeg får vondt i ryggen når den blir overbelastet. Sesjonslegen sa at viss jeg hadde dokumentasjon på dårlig rygg kunne han sette meg som ikke tjenestedyktig, siden jeg ikke hadde dette ble jeg da tjenestedyktig.
Det jeg lurer på nå er om jeg skal til legen for å få erklæring på dårlig/skeiv rygg, og få dimmet militæret pga det. Er redd jeg blir satt som "kopimaskinsjef", eller noe i den duren. Hva tror folk?
Det som er fryktelig irriterende er at jeg lett hadde fullført om jeg fikk ta det om ett, eller to år, men jeg får jo ikke fullført viss jeg søker fritak grunnet dårlig rygg.. Er som sagt flere grunner til dette, men VPV godtok ikke de.
-
Aasen og Knudsen sitt arbeid går vel mer under språkhistorie, jeg har kun om litteraturhistorien, men det skal nok nevenes
1970-1900 var nå en merkelig måte å dele det opp på. Da stopper du jo midt i nyromantikken (1890-1905).
Jeg sitter og lurer på om jeg skal gå for noe som "Den viktigste litterære epoken?" Og grunngje det med at i starten av denne epoken var kvinnene "bundet fast til kjøkkenet", men i slutten av epoken hadde mange av de jobb i industrien og det var mulig å ta utdanning.
Konklusjonen vil allikvel ende opp med "tja" siden f.eks krigslitteraturen spilte en viktig rolle for veldig mangen også..
Dette vil kanskje være enda mer aktuelt for deg enn for meg, siden du slipper unna romantikken?
Flere tips mottas med takk
-
Jeg trenger sårt noen tips til en god problemstilling som dekker hele denne perioden. Hadde perioden vert avgrenset til én litterær periode hadde det ikke vert så vanskelig, men jeg må jo innom romantikken, realismen og naturalismen.
Eneste jeg har komt på er å se nærmere på overgangene, "hvorfor og hvordan", men føler det blit litt for enkelt.
Noen som har forslag til en god problemstilling?
Takker og bukker for tips
-
Russ '09
-
Jeg har en sterk følelse av at langsvarsoppgaven på del 1 heter " gjør rede for teknologisk bruk av induksjon"
Blir det noe sånt er jeg godt fornøyd. Problemstillingen min til prøveeksamen muntlig var ganske lik
-
Jeg tror Cern vil stå veldig sentralt med alt som skjer der nå Er i alle fall spådd av fysikklæreren min.
-
Aldri mer maskin, eller gillette høvler i mitt ansikt
Jeg ville ikke avskrevet Gillette helt enda. Hvis denne interessen tar av kommer du garantert til å saumfare ebay og andre barberfora for gamle Gillette DE-høvler fra 50-tallet (pluss minus noen tiår). Jeg har mange 50-60 år gamle høvler fra Gillette som er vel så bra som moderne saker fra Merkur. Gillette flerbladshøvler dermiot, det er en annen sak.
Pirke, pirke. Tenker du skjønte hva jeg mente Men er klart, du har helt rett.
-
Da var siste levering fra barbershop i hus. Kjøpt feather blader, Simpsons Commodore best badger kost og Anthony pre shave oil.
Nå gikk barberingen smertefritt, problemene jeg hadde på haken hvor det er tett skjegg er helt borte. Virker som feather blader og pre shave oil gjorde susen. Simpsons kosten er også i en helt anne klasse enn Proraso kosten av svinebust som jeg har brukt tidligere, det er rett og slett magisk deilig å smøre ut skum i ansiktet
Aldri mer maskin, eller gillette høvler i mitt ansikt
-
Takker for raskt svar norbat
Ser ut som det ble dedre. I utgangspunktet så var det "facebook virus" som var problemet, regner med du har hørt om dette? Er ikke min pc, men ser ut som det er bedre nå.
-
MBAM
Klikk for å se/fjerne innholdet nedenforMalwarebytes' Anti-Malware 1.37
Databaseversjon: 2201
Windows 5.1.2600 Service Pack 3
31.05.2009 19:21:48
mbam-log-2009-05-31 (19-21-48).txt
Skanntype: Rask Skann
Objekter skannet: 94957
Tid tilbakelagt: 8 minute(s), 37 second(s)
Minneprosesser infisert: 2
Minnemoduler infisert: 1
Registernøkler infisert: 15
Registerverdier infisert: 5
Registerfiler infisert: 0
Mapper infisert: 1
Filer infisert: 16
Minneprosesser infisert:
C:\Programfiler\websrvx\websrvx.exe (Trojan.Downloader) -> Unloaded process successfully.
C:\WINDOWS\mstre19.exe (Worm.KoobFace) -> Unloaded process successfully.
Minnemoduler infisert:
C:\Programfiler\GamesBar\oberontb.dll (Adware.Gamesbar) -> Delete on reboot.
Registernøkler infisert:
HKEY_CLASSES_ROOT\oberontb.band (Adware.Gamesbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{ad76633e-e50d-4844-9e7f-4dfbc7c18467} (Adware.Gamesbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{daa37aad-f156-4c2c-ac48-3c22ef92ae2f} (Adware.Gamesbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{6f282b65-56bf-4bd1-a8b2-a4449a05863d} (Adware.Gamesbar) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6f282b65-56bf-4bd1-a8b2-a4449a05863d} (Adware.Gamesbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{cb0d163c-e9f4-4236-9496-0597e24b23a5} (Adware.Gamesbar) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{cb0d163c-e9f4-4236-9496-0597e24b23a5} (Adware.Gamesbar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{cb0d163c-e9f4-4236-9496-0597e24b23a5} (Adware.Gamesbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\oberontb.band.1 (Adware.Gamesbar) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1a93c934-025b-4c3a-b38e-9654a7003239} (Adware.Gamesbar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{1a93c934-025b-4c3a-b38e-9654a7003239} (Adware.Gamesbar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\websrvx (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\websrvx (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\websrvx (Trojan.Downloader) -> Quarantined and deleted successfully.
Registerverdier infisert:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\pp (Worm.KoobFace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{6f282b65-56bf-4bd1-a8b2-a4449a05863d} (Adware.Gamesbar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sysfbtray (Worm.KoobFace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sysmstray (Worm.KoobFace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sysldtray (Worm.Koobface) -> Quarantined and deleted successfully.
Registerfiler infisert:
(Ingen mistenkelige filer funnet)
Mapper infisert:
C:\Programfiler\websrvx (Trojan.Downloader) -> Quarantined and deleted successfully.
Filer infisert:
C:\WINDOWS\pp10.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Programfiler\GamesBar\oberontb.dll (Adware.Gamesbar) -> Delete on reboot.
c:\programfiler\websrvx\websrvx.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\freddy43.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
c:\WINDOWS\freddy44.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\WINDOWS\msmark2.dat (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\WINDOWS\mstre19.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\WINDOWS\ld08.exe (Worm.Koobface) -> Quarantined and deleted successfully.
c:\WINDOWS\9g2234wesdf3dfgjf23 (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\WINDOWS\f5087.dat (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\WINDOWS\f23567.dat (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\sysloc\sysloc.dll (Trojan.BHO) -> Quarantined and deleted successfully.
c:\WINDOWS\sonce122712.dat (Worm.KoobFace) -> Quarantined and deleted successfully.
c:\WINDOWS\sonce122713.dat (Worm.KoobFace) -> Quarantined and deleted successfully.
c:\WINDOWS\sonce122739.dat (Worm.KoobFace) -> Quarantined and deleted successfully.
c:\WINDOWS\sonce123198.dat (Worm.KoobFace) -> Quarantined and deleted successfully.
Combofix
Klikk for å se/fjerne innholdet nedenforComboFix 09-05-31.02 - suskol 01.06.2009 0:10.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.47.1044.18.2038.1385 [GMT 2:00]
Kjører fra: c:\documents and settings\suskol\Skrivebord\ComboFix.exe
AV: Symantec AntiVirus Corporate Edition *On-access scanning disabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}
.
((((((((((((((((((((((((((((((((((((((( Andre slettinger )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\All Users\Programdata\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Programdata\Microsoft\Network\Downloader\qmgr1.dat
c:\documents and settings\suskol\Programdata\inst.exe
c:\windows\system32\sysloc
----- BITS: Mulige infiserte sider -----
hxxp://ped-01wsus
.
((((((((((((((((((((((((((( Filer Opprettet Fra 2009-04-28 til 2009-05-31 )))))))))))))))))))))))))))))))))
.
2009-05-31 16:58 . 2009-05-31 16:58 -------- d-----w- c:\documents and settings\suskol\Programdata\Malwarebytes
2009-05-31 16:58 . 2009-05-26 11:20 40160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-31 16:58 . 2009-05-31 16:58 -------- d-----w- c:\programfiler\Malwarebytes' Anti-Malware
2009-05-31 16:58 . 2009-05-31 16:58 -------- d-----w- c:\documents and settings\All Users\Programdata\Malwarebytes
2009-05-31 16:58 . 2009-05-26 11:19 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-05-29 22:52 . 2009-05-29 22:52 -------- d-----r- c:\documents and settings\LocalService\Favoritter
2009-05-13 07:39 . 2009-05-13 07:39 664 ----a-w- c:\windows\system32\d3d9caps.dat
2009-05-13 07:04 . 2001-10-06 12:02 5632 ----a-w- c:\windows\system32\ptpusb.dll
2009-05-13 07:04 . 2008-04-14 07:22 159232 ----a-w- c:\windows\system32\ptpusd.dll
2009-05-13 07:04 . 2008-04-13 09:45 15104 -c--a-w- c:\windows\system32\dllcache\usbscan.sys
2009-05-13 07:04 . 2008-04-13 09:45 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
2009-05-11 09:28 . 2009-05-10 08:00 259368 ----a-w- c:\documents and settings\All Users\Programdata\Symantec\Symantec AntiVirus Corporate Edition\7.5\I2_LDVP.VDB\vd2d5403.vdb\ECMSVR32.DLL
2009-05-11 09:28 . 2009-02-18 19:41 2414128 ----a-w- c:\documents and settings\All Users\Programdata\Symantec\Symantec AntiVirus Corporate Edition\7.5\I2_LDVP.VDB\vd2d5403.vdb\CCERASER.DLL
2009-05-11 09:28 . 2009-02-12 23:04 876144 ----a-w- c:\documents and settings\All Users\Programdata\Symantec\Symantec AntiVirus Corporate Edition\7.5\I2_LDVP.VDB\vd2d5403.vdb\NAVEX15.SYS
2009-05-11 09:28 . 2009-02-12 23:04 89104 ----a-w- c:\documents and settings\All Users\Programdata\Symantec\Symantec AntiVirus Corporate Edition\7.5\I2_LDVP.VDB\vd2d5403.vdb\NAVENG.SYS
2009-05-11 09:28 . 2009-02-12 23:03 1181040 ----a-w- c:\documents and settings\All Users\Programdata\Symantec\Symantec AntiVirus Corporate Edition\7.5\I2_LDVP.VDB\vd2d5403.vdb\NAVEX32A.DLL
2009-05-11 09:28 . 2009-02-12 23:03 177520 ----a-w- c:\documents and settings\All Users\Programdata\Symantec\Symantec AntiVirus Corporate Edition\7.5\I2_LDVP.VDB\vd2d5403.vdb\NAVENG32.DLL
2009-05-11 09:28 . 2009-02-06 19:26 101936 ----a-w- c:\documents and settings\All Users\Programdata\Symantec\Symantec AntiVirus Corporate Edition\7.5\I2_LDVP.VDB\vd2d5403.vdb\ERASER.SYS
2009-05-11 09:28 . 2009-02-06 19:26 371248 ----a-w- c:\documents and settings\All Users\Programdata\Symantec\Symantec AntiVirus Corporate Edition\7.5\I2_LDVP.VDB\vd2d5403.vdb\EECTRL.SYS
.
(((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-31 22:04 . 2008-04-29 08:37 -------- d-----w- c:\programfiler\Symantec AntiVirus
2009-05-31 17:23 . 2008-11-13 09:12 -------- d-----w- c:\programfiler\GamesBar
2009-05-27 21:03 . 2008-11-05 07:20 -------- d-----w- c:\documents and settings\All Users\Programdata\FLEXnet
2009-05-27 11:30 . 2008-05-06 07:19 -------- d-----w- c:\programfiler\Clue
2009-05-06 07:16 . 2009-01-23 12:05 -------- d-----w- c:\programfiler\Google
2009-04-28 11:13 . 2008-04-09 04:10 80620 ----a-w- c:\windows\system32\perfc014.dat
2009-04-28 11:13 . 2008-04-09 04:10 445362 ----a-w- c:\windows\system32\perfh014.dat
2009-04-28 11:12 . 2008-04-08 12:52 69696 ----a-w- c:\documents and settings\Administrator\Lokale innstillinger\Programdata\GDIPFONTCACHEV1.DAT
2009-04-28 11:11 . 2009-04-01 11:44 69696 ----a-w- c:\documents and settings\suskol\Lokale innstillinger\Programdata\GDIPFONTCACHEV1.DAT
2009-04-28 11:01 . 2008-04-08 11:25 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-03-06 14:24 . 2008-04-09 04:10 284160 ----a-w- c:\windows\system32\pdh.dll
2009-03-03 00:16 . 2008-04-09 04:10 826368 ----a-w- c:\windows\system32\wininet.dll
.
(((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Merk* tomme oppføringer & gyldige standardoppføringer vises ikke
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1F6C23D6-854C-497f-9275-439C89CF1F68}]
2007-10-23 23:47 282112 ----a-w- c:\windows\system32\mscoree.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MessengerPlus3"="c:\programfiler\MessengerPlus! 3\MsgPlus.exe" [2008-09-24 190024]
"msnmsgr"="c:\programfiler\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885400]
"swg"="c:\programfiler\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-02-18 68856]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TPHOTKEY"="c:\programfiler\Lenovo\HOTKEY\TPOSDSVC.exe" [2008-01-24 66928]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-03-05 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-03-05 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-03-05 137752]
"Apoint"="c:\programfiler\Apoint2K\Apoint.exe" [2007-08-20 172032]
"PSQLLauncher"="c:\programfiler\ThinkVantage Fingerprint Software\launcher.exe" [2007-08-14 48904]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2006-02-02 122940]
"PWRMGRTR"="c:\progra~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL" [2008-01-10 294912]
"BLOG"="c:\progra~1\ThinkPad\UTILIT~1\BatLogEx.DLL" [2008-01-10 208896]
"TPFNF7"="c:\programfiler\Lenovo\NPDIRECT\TPFNF7SP.exe" [2008-03-26 59680]
"QuickTime Task"="c:\programfiler\QuickTime\qttask.exe" [2008-03-28 413696]
"LPManager"="c:\progra~1\THINKV~2\PrdCtr\LPMGR.exe" [2008-01-11 144728]
"LPMailChecker"="c:\progra~1\THINKV~2\PrdCtr\LPMLCHK.exe" [2008-01-11 124248]
"ccApp"="c:\programfiler\Fellesfiler\Symantec Shared\ccApp.exe" [2007-05-29 52840]
"vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2007-10-07 125368]
"Acrobat Assistant 8.0"="c:\programfiler\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2008-10-14 623992]
"Adobe Reader Speed Launcher"="c:\programfiler\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-14 39792]
"TpShocks"="TpShocks.exe" - c:\windows\system32\TpShocks.exe [2007-11-22 181536]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"TSClientMSIUninstaller"="c:\windows\Installer\TSClientMsiTrans\tscuinst.vbs" [2007-10-30 13801]
"TSClientAXDisabler"="c:\windows\Installer\TSClientMsiTrans\tscdsbl.bat" [2008-01-18 2247]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
2007-08-14 13:54 89600 ----a-w- c:\windows\system32\psqlpwd.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpfnf2]
2006-09-06 14:37 34344 ----a-w- c:\programfiler\Lenovo\HOTKEY\notifyf2.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey]
2007-12-14 14:36 28672 ----a-w- c:\programfiler\Lenovo\HOTKEY\tphklock.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli psqlpwd
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\Machine\Scripts\Startup\0\0]
"Script"=pushprinterconnections.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\Machine\Scripts\Startup\1\0]
"Script"=Slett-Filer.cmd
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-489248529-1699838375-1845911597-313889\Scripts\Logon\0\0]
"Script"=Sym2Server.bat
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programfiler\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Programfiler\\Windows Live\\Messenger\\msnmsgr.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009
"53:TCP"= 53:TCP:websrvx
R0 Shockprf;Shockprf;c:\windows\system32\drivers\ApsX86.sys [16.10.2007 18:33 103472]
R0 TPDIGIMN;TPDIGIMN;c:\windows\system32\drivers\ApsHM86.sys [16.10.2007 18:32 19504]
R1 TPPWRIF;TPPWRIF;c:\windows\system32\drivers\TPPWRIF.SYS [22.04.2008 13:26 4442]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [10.03.2009 21:00 55152]
R2 smihlp;SMI Helper Driver (smihlp);c:\programfiler\Fellesfiler\ThinkVantage Fingerprint Software\Drivers\smihlp.sys [14.08.2007 15:46 10896]
R2 WinDefend;Windows Defender;c:\programfiler\Windows Defender\MsMpEng.exe [03.11.2006 19:19 13592]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\programfiler\Fellesfiler\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [26.02.2009 13:04 101936]
R3 WSIMD;wsimd Service;c:\windows\system32\drivers\wsimd.sys [08.04.2008 18:57 57344]
S3 fsssvc;Windows Live Tryggere for familien;c:\programfiler\Windows Live\Family Safety\fsssvc.exe [06.02.2009 19:08 533360]
S3 SavRoam;SAVRoam;c:\programfiler\Symantec AntiVirus\SavRoam.exe [07.10.2007 20:48 116664]
--- Andre tjenester/drivere lastet i minnet ---
*Deregistered* - uphcleanhlp
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Innholdet i mappen 'Scheduled Tasks' (planlagte oppgaver)
2009-05-31 c:\windows\Tasks\MP Scheduled Scan.job
- c:\programfiler\Windows Defender\MpCmdRun.exe [2006-11-03 17:20]
2009-05-31 c:\windows\Tasks\PMTask.job
- c:\progra~1\ThinkPad\UTILIT~1\PWMIDTSK.EXE [2008-04-22 23:30]
.
- - - - TOMME PEKERE FJERNET - - - -
HKCU-RunOnce-Shockwave Updater - c:\windows\system32\Adobe\SHOCKW~1\SWHELP~1.EXE -Update -1103471 -Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30; .NET
SafeBoot-procexp90.Sys
.
------- Tilleggsskanning -------
.
uStart Page = hxxp://fuv.hfk.no
mStart Page = hxxp://www.yahoo.com
uInternet Settings,ProxyOverride = *.local
IE: Append to existing PDF - c:\programfiler\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\programfiler\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\programfiler\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\programfiler\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\programfiler\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\programfiler\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\programfiler\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\programfiler\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&ksporter til Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://game02.zylom.com/activex/zylomgamesplayer.cab
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-01 00:12
Windows 5.1.2600 Service Pack 3 NTFS
skanner skjulte prosesser ...
skanner skjulte autostart-oppføringer ...
skanner skjulte filer ...
skanning vellykket
skjulte filer: 0
**************************************************************************
.
--------------------- DLL'er Lastet Av Kjørende Prosesser ---------------------
- - - - - - - > 'winlogon.exe'(1172)
c:\windows\system32\vrlogon.dll
c:\windows\system32\psqlpwd.dll
c:\programfiler\ThinkVantage Fingerprint Software\homefus2.dll
c:\programfiler\ThinkVantage Fingerprint Software\infra.dll
c:\programfiler\ThinkVantage Fingerprint Software\homepass.dll
c:\programfiler\ThinkVantage Fingerprint Software\bio.dll
c:\programfiler\ThinkVantage Fingerprint Software\ps2css.dll
c:\programfiler\ThinkVantage Fingerprint Software\remote.dll
c:\programfiler\Lenovo\HOTKEY\tphklock.dll
c:\programfiler\ThinkVantage Fingerprint Software\pscssint.dll
c:\programfiler\ThinkVantage Fingerprint Software\crypto.dll
- - - - - - - > 'lsass.exe'(1232)
c:\windows\system32\psqlpwd.dll
c:\programfiler\ThinkVantage Fingerprint Software\homefus2.dll
c:\programfiler\ThinkVantage Fingerprint Software\infra.dll
.
Tidspunkt ferdig: 2009-05-31 0:14
ComboFix-quarantined-files.txt 2009-05-31 22:14
Pre-Run: 89 752 694 784 byte ledig
Post-Run: 91 679 211 520 byte ledig
WindowsXP-KB310994-SP2-Pro-BootDisk-NOR.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
195 --- E O F --- 2009-05-19 10:06
-
Ettersom barbermaskinen min begynte å bli dårlig bestemte jeg meg for å prøve tradisjonell barbering. Kjøpte derfor det velkjente startsettet fra barbershop med Proraso produkter og Derby extra blader.
Etter å ha studert alle filmene til youtube mannen Mantic59 var jeg klar for å prøve på meg selv. Det gikk egentlig greit over alt uten de store kuttene, utenom på haken. Jeg tenkte at siden haken er den eneste plassen jeg har helt tett og stivt skjegg så trengte jeg mer trening for å få det bra til her.
Nå har jeg "trent" nesten hver dag i to uker, men jeg sliter fremdeles med hakepartiet der jeg har veldig tett og stivt skjegg. Har prøvd i alle mulige retninger og vinkler, men høvelen henger uansett igjen, og når jeg fortsetter å dra river jeg meg, og den begynner å blø (Jeg her også selvfølgelig ikke noe press på høvelen)
Tanken har slått meg at bladene ikke er skarpe nok, virker som derby bladene ikke klarer å kutte skjegget. Så jeg lurer på om det har noe for seg å kjøpe feather blader da disse er skarpere? Eller er teknikken min rett og slett for dårlig?
En annen ting jeg mislikte med startsettet er at kosten av svinebust er alt or stiv og virker veldig "billig", vil dere erfarne barbererer anbefale å legge noen ekstra hundre lapper i en dyrerer kost av grevling?
Håper noen med litt erfaring har noen råd til en som er lei barbermaskinen og ikke har lyst tilbake til flerbladshøvel.
-
Symptom: Sender ut pakker når den er koblet til internett.
MBAM
Klikk for å se/fjerne innholdet nedenforMalwarebytes' Anti-Malware 1.36Databaseversjon: 1988
Windows 5.1.2600 Service Pack 3
16.04.2009 08:08:13
mbam-log-2009-04-16 (08-08-13).txt
Skanntype: Rask Skann
Objekter skannet: 69129
Tid tilbakelagt: 3 minute(s), 39 second(s)
Minneprosesser infisert: 0
Minnemoduler infisert: 0
Registernøkler infisert: 0
Registerverdier infisert: 0
Registerfiler infisert: 0
Mapper infisert: 0
Filer infisert: 0
Minneprosesser infisert:
(Ingen mistenkelige filer funnet)
Minnemoduler infisert:
(Ingen mistenkelige filer funnet)
Registernøkler infisert:
(Ingen mistenkelige filer funnet)
Registerverdier infisert:
(Ingen mistenkelige filer funnet)
Registerfiler infisert:
(Ingen mistenkelige filer funnet)
Mapper infisert:
(Ingen mistenkelige filer funnet)
Filer infisert:
(Ingen mistenkelige filer funnet)
HJT
Klikk for å se/fjerne innholdet nedenforLogfile of Trend Micro HijackThis v2.0.2Scan saved at 08:18:08, on 16.04.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programfiler\Bonjour\mDNSResponder.exe
C:\Programfiler\NetLimiter 2 Pro\nlsvc.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Programfiler\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
C:\Programfiler\Google\Update\GoogleUpdate.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe
C:\Programfiler\Microsoft Office\Office12\GrooveMonitor.exe
C:\Programfiler\iTunes\iTunesHelper.exe
C:\Programfiler\DAEMON Tools Lite\daemon.exe
C:\Programfiler\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Programfiler\Realtek\8187SE Wireless LAN Utility\RtWLan.exe
C:\Programfiler\iPod\bin\iPodService.exe
C:\Programfiler\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Programfiler\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Programfiler\Malwarebytes' Anti-Malware\mbam.exe
C:\Programfiler\Java\jre6\bin\jusched.exe
C:\Programfiler\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Programfiler\Adobe\Reader 8.0\Reader\AcroRd32Info.exe
C:\Programfiler\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msi.com.tw
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.msi.com.tw/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Fellesfiler\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programfiler\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Påloggingshjelp for Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programfiler\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programfiler\Java\jre6\bin\jp2ssv.dll
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\Programfiler\FlashFXP\IEFlash.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programfiler\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [synTPEnh] C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [iTSecMng] %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Programfiler\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programfiler\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programfiler\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [MGSysCtrl] C:\Programfiler\System Control Manager\MGSysCtrl.exe
O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programfiler\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Programfiler\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [swg] C:\Programfiler\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: REALTEK RTL8187SE Wireless LAN Utility.lnk = C:\Programfiler\Realtek\8187SE Wireless LAN Utility\RtWLan.exe
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.msi.com.tw
O15 - Trusted Zone: http://asia.msi.com.tw
O15 - Trusted Zone: http://global.msi.com.tw
O15 - Trusted Zone: http://www.msi.com.tw
O16 - DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} (WebSDev Control) - http://liveupdate.msi.com.tw/autobios/LOnline/install.cab
O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - http://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programfiler\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour-tjeneste (Bonjour Service) - Apple Inc. - C:\Programfiler\Bonjour\mDNSResponder.exe
O23 - Service: Googles oppdateringstjeneste (gupdate1c9aa1df861930c) (gupdate1c9aa1df861930c) - Google Inc. - C:\Programfiler\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Programfiler\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Programfiler\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programfiler\Java\jre6\bin\jqs.exe
O23 - Service: Micro Star SCM - Unknown owner - C:\Programfiler\System Control Manager\MSIService.exe (file missing)
O23 - Service: NetLimiter (nlsvc) - Locktime Software - C:\Programfiler\NetLimiter 2 Pro\nlsvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Programfiler\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
--
End of file - 7941 bytes
Combofix
Klikk for å se/fjerne innholdet nedenforComboFix 09-04-16.02 - Jørgen 16.04.2009 8:13.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.47.1044.18.2037.1537 [GMT 2:00]
Kjører fra: c:\documents and settings\Jørgen\Skrivebord\ComboFix.exe
* Opprettet nytt gjenopprettingspunkt
ADVARSEL -DENNE MASKINEN HAR IKKE GJENOPPRETTINGSKONSOLLEN INSTALLERT !!
.
((((((((((((((((((((((((((( Filer Opprettet Fra 2009-03-16 til 2009-04-16 )))))))))))))))))))))))))))))))))
.
2009-04-16 06:03 . 2009-04-16 06:03 -------- d-----w c:\windows\LastGood
2009-04-11 13:03 . 2009-04-11 13:03 -------- d-----w c:\documents and settings\Jørgen\Programdata\Locktime
2009-04-11 13:03 . 2009-04-11 13:03 -------- d-----w c:\documents and settings\Jørgen\Programdata\Locktime
2009-04-11 13:03 . 2009-04-11 13:03 -------- d-----w c:\documents and settings\Jørgen\Programdata\Locktime
2009-04-11 12:45 . 2009-04-11 12:45 -------- d-----w c:\documents and settings\All Users\Programdata\Locktime
2009-04-11 12:45 . 2009-04-11 12:45 -------- d-----w c:\programfiler\NetLimiter 2 Pro
2009-04-09 14:00 . 2009-04-09 14:00 -------- d-----w c:\programfiler\Advanced IP Scanner
2009-04-05 15:23 . 2009-04-05 15:23 -------- d-----w c:\programfiler\WinISD
2009-03-23 10:13 . 2009-03-23 10:13 -------- d-----w c:\documents and settings\NetworkService\Lokale innstillinger\Programdata\Google
2009-03-21 12:10 . 2009-03-21 12:10 -------- d-----w c:\documents and settings\LocalService\Lokale innstillinger\Programdata\Google
2009-03-21 12:09 . 2009-03-23 20:20 -------- d-----w c:\documents and settings\Jørgen\Lokale innstillinger\Programdata\Google
2009-03-21 12:09 . 2009-04-16 05:57 -------- d-----w c:\documents and settings\All Users\Programdata\Google Updater
2009-03-21 12:09 . 2009-03-21 12:11 -------- d-----w c:\programfiler\Google
2009-03-19 21:18 . 2009-03-19 21:18 -------- d-----w C:\_Diverse
.
(((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-16 06:05 . 2008-10-16 20:08 -------- d-----w c:\programfiler\Java
2009-04-16 06:03 . 2009-01-22 15:05 -------- d-----w c:\programfiler\Malwarebytes' Anti-Malware
2009-04-16 05:55 . 2008-06-12 15:55 72104 ----a-w c:\windows\system32\perfc014.dat
2009-04-16 05:55 . 2008-06-12 15:55 407662 ----a-w c:\windows\system32\perfh014.dat
2009-04-13 20:57 . 2008-10-16 20:11 -------- d-----w c:\documents and settings\Jørgen\Programdata\LimeWire
2009-04-13 20:57 . 2008-10-16 20:11 -------- d-----w c:\documents and settings\Jørgen\Programdata\LimeWire
2009-04-13 20:57 . 2008-10-16 20:11 -------- d-----w c:\documents and settings\Jørgen\Programdata\LimeWire
2009-04-11 16:27 . 2009-03-08 14:13 -------- d-----w c:\documents and settings\Jørgen\Programdata\Spotify
2009-04-11 16:27 . 2009-03-08 14:13 -------- d-----w c:\documents and settings\Jørgen\Programdata\Spotify
2009-04-11 16:27 . 2009-03-08 14:13 -------- d-----w c:\documents and settings\Jørgen\Programdata\Spotify
2009-04-09 14:25 . 2008-08-08 16:21 -------- d-----w c:\documents and settings\Jørgen\Programdata\uTorrent
2009-04-09 14:25 . 2008-08-08 16:21 -------- d-----w c:\documents and settings\Jørgen\Programdata\uTorrent
2009-04-09 14:25 . 2008-08-08 16:21 -------- d-----w c:\documents and settings\Jørgen\Programdata\uTorrent
2009-04-06 13:32 . 2009-01-22 15:05 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-06 13:32 . 2009-01-22 15:05 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-03-13 09:35 . 2009-03-13 09:35 -------- d-----w c:\programfiler\Microsoft
2009-03-13 09:34 . 2009-03-13 09:34 -------- d-----w c:\programfiler\Windows Live SkyDrive
2009-03-13 09:34 . 2008-08-08 11:30 -------- d-----w c:\programfiler\Windows Live
2009-03-13 09:32 . 2009-03-13 09:32 -------- d-----w c:\programfiler\Fellesfiler\Windows Live
2009-03-11 23:21 . 2008-06-12 08:52 -------- d-----w c:\documents and settings\All Users\Programdata\Microsoft Help
2009-03-09 03:19 . 2008-12-06 12:18 410984 ----a-w c:\windows\system32\deploytk.dll
2009-03-08 14:13 . 2009-03-08 14:13 -------- d-----w c:\programfiler\Spotify
2009-02-25 17:39 . 2009-02-25 17:39 -------- d-----w c:\documents and settings\All Users\Programdata\Office Genuine Advantage
2009-02-20 20:41 . 2008-08-30 22:14 -------- d-----w c:\documents and settings\All Users\Programdata\TrackMania
2009-02-15 19:43 . 2009-02-15 19:43 -------- d-----w c:\programfiler\Lavalys
2009-02-15 18:28 . 2008-06-12 08:01 -------- d-----w c:\programfiler\System Control Manager
2009-02-15 18:19 . 2008-06-12 07:43 -------- d--h--w c:\programfiler\InstallShield Installation Information
2009-02-15 16:34 . 2008-09-30 16:04 -------- d-----w c:\programfiler\DB
2009-02-09 14:08 . 2008-06-12 15:55 1846784 ----a-w c:\windows\system32\win32k.sys
2009-02-06 17:52 . 2009-02-06 17:52 49504 ----a-w c:\windows\system32\sirenacm.dll
2009-01-07 20:13 . 2009-01-07 20:13 130 ----a-w c:\documents and settings\Jørgen\Lokale innstillinger\Programdata\fusioncache.dat
2008-10-23 13:40 . 2008-08-30 22:26 68456 ----a-w c:\documents and settings\Jørgen\Lokale innstillinger\Programdata\GDIPFONTCACHEV1.DAT
.
(((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Merk* tomme oppføringer & gyldige standardoppføringer vises ikke
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-15 15360]
"DAEMON Tools Lite"="c:\programfiler\DAEMON Tools Lite\daemon.exe" [2008-08-08 490952]
"swg"="c:\programfiler\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-03-21 39408]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-12-20 135168]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-12-20 159744]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-12-20 131072]
"SynTPEnh"="c:\programfiler\Synaptics\SynTP\SynTPEnh.exe" [2008-01-12 1028096]
"ITSecMng"="c:\programfiler\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe" [2007-09-28 75136]
"GrooveMonitor"="c:\programfiler\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"QuickTime Task"="c:\programfiler\QuickTime\QTTask.exe" [2008-09-06 413696]
"iTunesHelper"="c:\programfiler\iTunes\iTunesHelper.exe" [2008-10-01 289576]
"Adobe Reader Speed Launcher"="c:\programfiler\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"MGSysCtrl"="c:\programfiler\System Control Manager\MGSysCtrl.exe" [2008-10-09 688128]
"SunJavaUpdateSched"="c:\programfiler\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2008-05-08 16862208]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-15 15360]
c:\documents and settings\All Users\Start-meny\Programmer\Oppstart\
Bluetooth Manager.lnk - c:\programfiler\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2008-2-22 2938184]
REALTEK RTL8187SE Wireless LAN Utility.lnk - c:\programfiler\Realtek\8187SE Wireless LAN Utility\RtWLan.exe [2008-9-5 880640]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.dvacm"= c:\progra~1\FELLES~1\ULEADS~1\vio\dvacm.acm
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programfiler\\uTorrent\\uTorrent.exe"=
"c:\\Programfiler\\Steam\\steamapps\\common\\trackmania nations forever\\TmForever.exe"=
"c:\\Programfiler\\Realtek\\8187SE Wireless LAN Utility\\RtWLan.exe"=
"c:\\Programfiler\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Programfiler\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Programfiler\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Documents and Settings\\Jørgen\\Skrivebord\\Diverse\\WD Discovery Software\\WD Discovery.exe"=
"c:\\Programfiler\\Bonjour\\mDNSResponder.exe"=
"c:\\Programfiler\\FlashFXP\\FlashFXP.exe"=
"c:\\Programfiler\\LimeWire\\LimeWire.exe"=
"c:\\Documents and Settings\\Jørgen\\Skrivebord\\Diverse\\TmNationsForever\\TmForever.exe"=
"c:\\Programfiler\\Spotify\\spotify.exe"=
"c:\\Programfiler\\Windows Live\\Messenger\\msnmsgr.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1542:TCP"= 1542:TCP:Realtek WPS TCP Prot
"1542:UDP"= 1542:UDP:Realtek WPS UDP Prot
R2 gupdate1c9aa1df861930c;Googles oppdateringstjeneste (gupdate1c9aa1df861930c);c:\programfiler\Google\Update\GoogleUpdate.exe [2009-03-21 133104]
R2 Micro Star SCM;Micro Star SCM; [x]
R3 EverestDriver;Lavalys EVEREST Kernel Driver;c:\programfiler\Lavalys\EVEREST Ultimate Edition\kerneld.wnt [2009-02-04 26224]
R3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [2008-11-18 7808]
R3 USBAAPL;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl.sys [2008-10-01 32000]
S1 nltdi;nltdi;c:\windows\system32\drivers\nltdi.sys [2007-04-23 82200]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2009-04-06 38496]
S3 RSUSBSTOR;RTS5121.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RTS5121.sys [2008-06-11 156160]
S3 rtl8187Se;Realtek RTL8187SE Wireless LAN PCIE Network Adapter;c:\windows\system32\DRIVERS\rtl8187Se.sys [2008-08-22 308608]
--- Andre tjenester/drivere lastet i minnet ---
*NewlyCreated* - JAVAQUICKSTARTERSERVICE
*NewlyCreated* - MBAMSWISSARMY
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8cd5d22e-7b50-11dd-914a-001d92c7a17a}]
\Shell\AutoRun\command - E:\SETUP.EXE
\Shell\configure\command - E:\SETUP.EXE
\Shell\install\command - E:\SETUP.EXE
.
Innholdet i mappen 'Scheduled Tasks' (planlagte oppgaver)
2009-04-16 c:\windows\Tasks\Google Software Updater.job
- c:\programfiler\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-21 12:09]
2009-04-16 c:\windows\Tasks\GoogleUpdateTaskMachine.job
- c:\programfiler\Google\Update\GoogleUpdate.exe [2009-03-21 12:09]
.
.
------- Tilleggsskanning -------
.
uStart Page = hxxp://www.msi.com.tw
uInternet Connection Wizard,ShellNext = hxxp://www.msi.com.tw/
uInternet Settings,ProxyOverride = *.local
IE: E&ksporter til Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
Trusted Zone: com.tw\asia.msi
Trusted Zone: com.tw\global.msi
Trusted Zone: com.tw\www.msi
DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} - hxxp://liveupdate.msi.com.tw/autobios/LOnline/install.cab
FF - ProfilePath - c:\documents and settings\Jørgen\Programdata\Mozilla\Firefox\Profiles\r9v34ft9.default\
FF - plugin: c:\programfiler\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\programfiler\Google\Update\1.2.141.5\npGoogleOneClick7.dll
FF - plugin: c:\programfiler\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\programfiler\Vizky\npVizky.dll
.
**************************************************************************
catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-16 08:16
Windows 5.1.2600 Service Pack 3 NTFS
skanner skjulte prosesser ...
skanner skjulte autostart-oppføringer ...
skanner skjulte filer ...
skanning vellykket
skjulte filer: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\EverestDriver]
"ImagePath"="\??\c:\programfiler\Lavalys\EVEREST Ultimate Edition\kerneld.wnt"
.
--------------------- DLL'er Lastet Av Kjørende Prosesser ---------------------
- - - - - - - > 'explorer.exe'(3936)
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Tidspunkt ferdig: 2009-04-16 8:17
ComboFix-quarantined-files.txt 2009-04-16 06:17
ComboFix2.txt 2009-04-09 14:31
Pre-Run: 34 081 214 464 byte ledig
Post-Run: 34 081 308 672 byte ledig
171 --- E O F --- 2009-03-15 22:52
-
Edit.. for sein..
-
Hei!
Jeg er en gutt på 17år som endelig har bestemt meg for å begynne med fast styrketrening igjen etter flere års pause fra aktiv idrett.
Jeg er en relativt tynn kar på 192cm og bare 67kg.. stort sett skinn og bein. Jeg har tidligere erfaring med utholdenhetsidrett så det har stort sett gått i kondisjonstrening når jeg var aktiv for noen år tilbake og lite styrke, men nå har jeg tenkt til å ta meg sammen for å bygge opp muskelmasse og øke kroppsvekten.
Jeg har ikke så veldig lyst til å gå rett på treningsstudio, ja, sier seg selv med så lite muskler som jeg har på kroppen. Det jeg har av utstyr er manualer opp til 2x10kg, dette må da være mulig å bruke i starten?
Når det kommer til kosthold vil jeg si jeg spiser normalt og sunt, men jeg kan egentlig spise akkurat det jeg vil uten å legge på meg...
Så det jeg egentlig trenger hjelp til er å få laget et treningsprogram som får opp kroppsvekten og bygger muskelmasse, i starten ved hjelp av de manualene jeg har. Er dette mulig?
Håper på hjelp
-
Dette må drikkes bort...
-
Har kjørt CCleaner nå. Var vel rundt 600 feil i registeret som ble fikset, men maskinen kjører fremdeles seint.
Er loggene rene?
-
Ja, nok en maskin som jeg tror er full av malware. Ikke noen andre symptomer enn at den jobber forferdelig sent. Dette skal vistnok har skjedd "plutselig". Har blant annet brukt fire timer på å få til å lage loggene.
MBAM
Klikk for å se/fjerne innholdet nedenforMalwarebytes' Anti-Malware 1.34
Databaseversjon: 1813
Windows 5.1.2600 Service Pack 3
01.03.2009 15:44:57
mbam-log-2009-03-01 (15-44-57).txt
Skanntype: Rask Skann
Objekter skannet: 119052
Tid tilbakelagt: 1 hour(s), 13 minute(s), 48 second(s)
Minneprosesser infisert: 0
Minnemoduler infisert: 0
Registernøkler infisert: 107
Registerverdier infisert: 7
Registerfiler infisert: 0
Mapper infisert: 103
Filer infisert: 266
Minneprosesser infisert:
(Ingen mistenkelige filer funnet)
Minnemoduler infisert:
(Ingen mistenkelige filer funnet)
Registernøkler infisert:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{df780f87-ff2b-4df8-92d0-73db16a1543a} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{3e720450-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{3e53e2cb-86db-4a4a-8bd9-ffeb7a64df82} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{1093995a-ba37-41d2-836e-091067c4ad17} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{bbabdc90-f3d5-4801-863a-ee6ae529862d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{d6ff3684-ad3b-48eb-bbb4-b9e6c5a355c1} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{247a115f-06c2-4fb3-967d-2d62d3cf4f0a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.historykillerscheduler (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{c9d7be3e-141a-4c85-8cd6-32461f3df2c7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{120927bf-1700-43bc-810f-fab92549b390} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{0f8ecf4f-3646-4c3a-8881-8e138ffcaf70} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.historyswattercontrolbar (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.historyswattercontrolbar.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.htmlmenu (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.historykillerscheduler.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{991aac62-b100-47ce-8b75-253965244f69} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{3e1656ed-f60e-4597-b6aa-b6a58e171495} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{741de825-a6f0-4497-9aa6-8023cf9b0fff} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{98d9753d-d73b-42d5-8c85-4469cda897ab} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.htmlmenu.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.htmlmenu.2 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.iecookiesmanager (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.iecookiesmanager.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.killerobjmanager (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.killerobjmanager.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.popswatterbarbutton (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{90449521-d834-4703-bb4e-d3aa44042ff8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{8e6f1830-9607-4440-8530-13be7c4b1d14} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{63d0ed2b-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{63d0ed2d-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{63d0ed2c-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{8e6f1832-9607-4440-8530-13be7c4b1d14} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a9571378-68a1-443d-b082-284f960c6d17} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.popswatterbarbutton.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.popswattersettingscontrol (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{8ca01f0e-987c-49c3-b852-2f1ac4a7094c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.htmlpanel (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{2d51d869-c36b-42bd-ae68-0a81bc771fa5} (Adware.Starware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{7bed0340-176b-44bc-915e-c21c1dd6f617} (Adware.Starware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{3e720451-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{3e720453-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{3e720452-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.htmlpanel.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.outlookaddin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{eb9e5c1c-b1f9-4c2b-be8a-27d6446fdaf8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{adb01e81-3c79-4272-a0f1-7b2be7a782dc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{b813095c-81c0-4e40-aa14-67520372b987} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearchtoolbar.settingsplugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{cff4ce82-3aa2-451f-9b77-7165605fb835} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{07b18ea0-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{07b18eaa-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{07b18eac-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{07b18ea1-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea1-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{e47caee0-deea-464a-9326-3f2801535a4d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{07b18ea3-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{53ced2d0-5e9a-4761-9005-648404e6f7e5} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearchtoolbar.settingsplugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearchtoolbar.toolbarplugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearchtoolbar.toolbarplugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\screensavercontrol.screensaverinstaller (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\starware (Adware.Starware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{29d67d3c-509a-4544-903f-c8c1b8236554} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{2e3537fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{2e9937fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{938aa51a-996c-4884-98ce-80dd16a5c9da} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\screensavercontrol.screensaverinstaller.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{6e74766c-4d93-4cc0-96d1-47b8e07ff9ca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{7473d291-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{de38c398-b328-4f4c-a3ad-1b5e4ed93477} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.popswattersettingscontrol.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{2d51d869-c36b-42bd-ae68-0a81bc771fa5} (Adware.Starware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{00a6faf6-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{7bed0340-176b-44bc-915e-c21c1dd6f617} (Adware.Starware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{ca356d79-679b-4b4c-8e49-5af97014f4c1} (Adware.Starware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{ca356d79-679b-4b4c-8e49-5af97014f4c1} (Adware.Starware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ca356d79-679b-4b4c-8e49-5af97014f4c1} (Adware.Starware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{d49e9d35-254c-4c6a-9d17-95018d228ff5} (Adware.Starware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{d49e9d35-254c-4c6a-9d17-95018d228ff5} (Adware.Starware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.outlookaddin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Word\Addins\MyWebSearch.OutlookAddin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Outlook\Addins\MyWebSearch.OutlookAddin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{7473d290-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{1E0DE227-5CE4-4ea3-AB0C-8B03E1AA76BC} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{7473d292-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{07b18ea1-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a4730ebe-43a6-443e-9776-36915d323ad3} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{f42228fb-e84e-479e-b922-fbbd096e792c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyWebSearch bar Uninstall (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\starware (Adware.Starware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully.
Registerverdier infisert:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{d49e9d35-254c-4c6a-9d17-95018d228ff5} (Adware.Starware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Media\WMSDK\Sources\f3PopularScreensavers (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\{00a6faf6-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mywebsearch email plugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mywebsearch email plugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search\searchassistant (Adware.Starware) -> Quarantined and deleted successfully.
Registerfiler infisert:
(Ingen mistenkelige filer funnet)
Mapper infisert:
C:\Documents and Settings\Veronica\Programdata\Starware\Toolbar (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Veronica\Programdata\Starware\ToolbarSearch (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Veronica\Programdata\Starware (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Veronica\Programdata\Starware\Reference (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kristoffer\Programdata\Starware\Manager (Adware.Starware) -> Quarantined and deleted successfully.
C:\Programfiler\Starware (Adware.Starware) -> Quarantined and deleted successfully.
C:\Programfiler\MyWebSearch\bar\1.bin (Adware.MyWebSearch) -> Delete on reboot.
C:\Documents and Settings\Veronica\Programdata\Starware\TravelSearch (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kristoffer\Programdata\Starware\Toolbar (Adware.Starware) -> Quarantined and deleted successfully.
C:\Programfiler\FunWebProducts\PopSwatr\History (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kristoffer\Programdata\Starware\Maps (Adware.Starware) -> Quarantined and deleted successfully.
C:\Programfiler\MyWebSearch\bar\Cache (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programfiler\MyWebSearch\bar\Game (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Documents and Settings\Veronica\Programdata\Starware\ErrorSearch (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Veronica\Programdata\Starware\ScreensaversMarketingSitePager (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kristoffer\Programdata\Starware\TravelSearch (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Programdata\Starware\images (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Veronica\Programdata\Starware\Games (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kristoffer\Programdata\Starware\Weather (Adware.Starware) -> Quarantined and deleted successfully.
C:\Programfiler\MyWebSearch\bar (Adware.MyWebSearch) -> Delete on reboot.
C:\Documents and Settings\Veronica\Programdata\Starware\SearchMatch (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Alicia\Programdata\Starware\Games (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Veronica\Programdata\Starware\BrowserSearch (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Alicia\Programdata\Starware\TravelSearch (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Veronica\Programdata\Starware\RelatedSearch (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Alicia\Programdata\Starware\BrowserSearch (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kristoffer\Programdata\Starware\ToolbarSearch (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Veronica\Programdata\Starware\ToolbarLogo (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kristoffer\Programdata\Starware\Movies (Adware.Starware) -> Quarantined and deleted successfully.
C:\Programfiler\FunWebProducts\ScreenSaver\Images (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Programdata\Starware (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kristoffer\Programdata\Starware\Reference (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Programdata\Starware\SimpleUpdate (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Josefin\Programdata\Starware\ErrorSearch (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kristoffer\Programdata\Starware\RelatedSearch (Adware.Starware) -> Quarantined and deleted successfully.
C:\Programfiler\MyWebSearch\SrchAstt (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Documents and Settings\Josefin\Programdata\Starware\Games (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Alicia\Programdata\Starware\Layouts (Adware.Starware) -> Quarantined and deleted successfully.
C:\Programfiler\FunWebProducts\PopSwatr (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Documents and Settings\Alicia\Programdata\Starware\Weather (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kristoffer\Programdata\Starware\SearchAssistPlus (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Alicia\Programdata\Starware\RelatedSearch (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Veronica\Programdata\Starware\Maps (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kristoffer\Programdata\Starware\SearchMatch (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Josefin\Programdata\Starware\Manager (Adware.Starware) -> Quarantined and deleted successfully.
C:\Programfiler\FunWebProducts\Shared\Cache (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kristoffer\Programdata\Starware\SearchMatch\searchMatchPages (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Josefin\Programdata\Starware\Maps (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Veronica\Programdata\Starware\Movies (Adware.Starware) -> Quarantined and deleted successfully.
C:\Programfiler\Starware\icons (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Josefin\Programdata\Starware\Movies (Adware.Starware) -> Quarantined and deleted successfully.
C:\Programfiler\MyWebSearch\bar\History (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Documents and Settings\Josefin\Programdata\Starware\Layouts (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Josefin\Programdata\Starware\Reference (Adware.Starware) -> Quarantined and deleted successfully.
C:\Programfiler\MyWebSearch\bar\MSNBackgrounds (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Documents and Settings\Alicia\Programdata\Starware\Configurator (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Josefin\Programdata\Starware\RelatedSearch (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Alicia\Programdata\Starware\ToolbarLogo (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Veronica\Programdata\Starware\SearchAssistPlus (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Alicia\Programdata\Starware\ErrorSearch (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Alicia\Programdata\Starware\ToolbarSearch (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Josefin\Programdata\Starware\ToolbarSearch (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Josefin\Programdata\Starware\SearchAssistPlus (Adware.Starware) -> Quarantined and deleted successfully.
C:\Programfiler\MyWebSearch\SrchAstt\1.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programfiler\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Programdata\Starware\contexts (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Josefin\Programdata\Starware (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Josefin\Programdata\Starware\BrowserSearch (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Josefin\Programdata\Starware\Toolbar (Adware.Starware) -> Quarantined and deleted successfully.
C:\Programfiler\FunWebProducts\ScreenSaver (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Documents and Settings\Josefin\Programdata\Starware\Configurator (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Josefin\Programdata\Starware\ToolbarLogo (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Programdata\Starware\buttons (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Alicia\Programdata\Starware\Maps (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kristoffer\Programdata\Starware\BrowserSearch (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Veronica\Programdata\Starware\Layouts (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Alicia\Programdata\Starware\Movies (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Josefin\Programdata\Starware\TravelSearch (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Josefin\Programdata\Starware\SearchMatch (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Alicia\Programdata\Starware\Reference (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Josefin\Programdata\Starware\Weather (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Veronica\Programdata\Starware\Manager (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Alicia\Programdata\Starware\Toolbar (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kristoffer\Programdata\Starware\Games (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kristoffer\Programdata\Starware (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Alicia\Programdata\Starware\ScreensaversMarketingSitePager (Adware.Starware) -> Quarantined and deleted successfully.
C:\Programfiler\MyWebSearch (Adware.MyWebSearch) -> Delete on reboot.
C:\Documents and Settings\Josefin\Programdata\Starware\ScreensaversMarketingSitePager (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Alicia\Programdata\Starware\SearchAssistPlus (Adware.Starware) -> Quarantined and deleted successfully.
C:\Programfiler\Starware\bin (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kristoffer\Programdata\Starware\Configurator (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Alicia\Programdata\Starware\SearchMatch (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Alicia\Programdata\Starware (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kristoffer\Programdata\Starware\ErrorSearch (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Alicia\Programdata\Starware\SearchMatch\searchMatchPages (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kristoffer\Programdata\Starware\Layouts (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Veronica\Programdata\Starware\Configurator (Adware.Starware) -> Quarantined and deleted successfully.
C:\Programfiler\MyWebSearch\bar\Settings (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Documents and Settings\Alicia\Programdata\Starware\Manager (Adware.Starware) -> Quarantined and deleted successfully.
C:\Programfiler\FunWebProducts\Shared (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kristoffer\Programdata\Starware\ScreensaversMarketingSitePager (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Veronica\Programdata\Starware\Weather (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kristoffer\Programdata\Starware\ToolbarLogo (Adware.Starware) -> Quarantined and deleted successfully.
Filer infisert:
C:\Documents and Settings\Kristoffer\Programdata\Starware\Games\GamesOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Programfiler\MyWebSearch\bar\1.bin\F3HISTSW.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kristoffer\Programdata\Starware\Layouts\PreferencesLayout.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kristoffer\Programdata\Starware\Layouts\PreferencesLayout.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kristoffer\Programdata\Starware\Layouts\ToolbarLayout.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kristoffer\Programdata\Starware\Layouts\ToolbarLayout.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Alicia\Programdata\Starware\ToolbarSearch\ToolbarSearchOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kristoffer\Programdata\Starware\Manager\ManagerOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kristoffer\Programdata\Starware\Manager\ManagerOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Alicia\Programdata\Starware\TravelSearch\TravelSearchOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kristoffer\Programdata\Starware\Maps\MapsOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kristoffer\Programdata\Starware\Maps\MapsOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Programfiler\MyWebSearch\bar\Cache006B2D8 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kristoffer\Programdata\Starware\Movies\MoviesOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kristoffer\Programdata\Starware\Movies\MoviesOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Programfiler\MyWebSearch\bar\Cache00CC46E.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kristoffer\Programdata\Starware\Reference\ReferenceOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kristoffer\Programdata\Starware\Reference\ReferenceOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Programfiler\MyWebSearch\bar\Cache0165902 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kristoffer\Programdata\Starware\RelatedSearch\RelatedSearchOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Programfiler\MyWebSearch\bar\1.bin\F3HTMLMU.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programfiler\MyWebSearch\bar\Cache018F96E.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kristoffer\Programdata\Starware\ScreensaversMarketingSitePager\ScreensaversMarketingSitePagerOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kristoffer\Programdata\Starware\ScreensaversMarketingSitePager\ScreensaversMarketingSitePagerOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Programfiler\MyWebSearch\bar\Cache0227EBF.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kristoffer\Programdata\Starware\SearchAssistPlus\SearchAssistPlusOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kristoffer\Programdata\Starware\SearchAssistPlus\SearchAssistPlusOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Programfiler\MyWebSearch\bar\Cache0A4A23D.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kristoffer\Programdata\Starware\SearchMatch\SearchMatchOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kristoffer\Programdata\Starware\SearchMatch\SearchMatchOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Programfiler\MyWebSearch\bar\Cache18D7A26 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programfiler\MyWebSearch\bar\Cache\files.ini (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kristoffer\Programdata\Starware\Toolbar\TBProductsOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Programfiler\MyWebSearch\bar\1.bin\F3POPSWT.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programfiler\MyWebSearch\bar\Game\CHESS.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kristoffer\Programdata\Starware\ToolbarLogo\ToolbarLogoOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kristoffer\Programdata\Starware\ToolbarLogo\ToolbarLogoOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Programfiler\MyWebSearch\bar\History\search (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kristoffer\Programdata\Starware\ToolbarSearch\ToolbarSearchOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kristoffer\Programdata\Starware\ToolbarSearch\ToolbarSearchOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Programfiler\MyWebSearch\bar\MSNBackgrounds0792F21.jpeg (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kristoffer\Programdata\Starware\TravelSearch\TravelSearchOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kristoffer\Programdata\Starware\TravelSearch\TravelSearchOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Programfiler\MyWebSearch\bar\Settings\settings.dat (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programfiler\MyWebSearch\bar\1.bin\M3HTML.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kristoffer\Programdata\Starware\Weather\WeatherOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kristoffer\Programdata\Starware\Weather\WeatherOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Programdata\Starware\SimpleUpdate\SimpleUpdateConfig.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Programdata\Starware\SimpleUpdate\TimerManagerConfig.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Veronica\Programdata\Starware\BrowserSearch\BrowserSearch.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Veronica\Programdata\Starware\BrowserSearch\BrowserSearch.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Programfiler\MyWebSearch\bar\1.bin\M3OUTLCN.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Documents and Settings\Veronica\Programdata\Starware\Configurator\ConfiguratorOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Veronica\Programdata\Starware\Configurator\ConfiguratorOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Veronica\Programdata\Starware\ToolbarLogo\ToolbarLogoOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Programfiler\MyWebSearch\bar\1.bin\MWSBAR.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Documents and Settings\Veronica\Programdata\Starware\ErrorSearch\ErrorSearchOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Veronica\Programdata\Starware\ToolbarSearch\ToolbarSearchOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Veronica\Programdata\Starware\Games\GamesOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Veronica\Programdata\Starware\Games\GamesOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Programfiler\FunWebProducts\Shared\Cache\MailStampBtn.html (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Documents and Settings\Veronica\Programdata\Starware\Layouts\PreferencesLayout.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Veronica\Programdata\Starware\Layouts\PreferencesLayout.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Veronica\Programdata\Starware\Layouts\ToolbarLayout.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Veronica\Programdata\Starware\Layouts\ToolbarLayout.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Programfiler\FunWebProducts\Shared\Cache\MySignaturePreviewBtn.html (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Documents and Settings\Veronica\Programdata\Starware\Manager\ManagerOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Veronica\Programdata\Starware\Manager\ManagerOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\f3PSSavr.scr (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Documents and Settings\Veronica\Programdata\Starware\Maps\MapsOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Veronica\Programdata\Starware\Maps\MapsOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Programfiler\MyWebSearch\bar\1.bin\F3SCRCTR.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Documents and Settings\Veronica\Programdata\Starware\Movies\MoviesOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Veronica\Programdata\Starware\Movies\MoviesOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Programfiler\MyWebSearch\bar\1.bin\F3CJPEG.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Documents and Settings\Veronica\Programdata\Starware\Reference\ReferenceOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Veronica\Programdata\Starware\Reference\ReferenceOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Programfiler\MyWebSearch\bar\1.bin\F3RESTUB.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Documents and Settings\Veronica\Programdata\Starware\RelatedSearch\RelatedSearchOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Veronica\Programdata\Starware\RelatedSearch\RelatedSearchOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Programfiler\MyWebSearch\bar\1.bin\F3WALLPP.DAT (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Documents and Settings\Veronica\Programdata\Starware\ScreensaversMarketingSitePager\ScreensaversMarketingSitePagerOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Programfiler\Starware\bin\Starware.dll (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Veronica\Programdata\Starware\ScreensaversMarketingSitePager\ScreensaversMarketingSitePagerOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Veronica\Programdata\Starware\SearchAssistPlus\SearchAssistPlusOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Veronica\Programdata\Starware\SearchAssistPlus\SearchAssistPlusOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Alicia\Programdata\Starware\ToolbarSearch\ToolbarSearchOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Veronica\Programdata\Starware\SearchMatch\SearchMatchOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Veronica\Programdata\Starware\SearchMatch\SearchMatchOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Programfiler\MyWebSearch\bar\1.bin\NPMYWEBS.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Documents and Settings\Veronica\Programdata\Starware\Toolbar\TBProductsOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Veronica\Programdata\Starware\Toolbar\TBProductsOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Alicia\Programdata\Starware\Layouts\ToolbarLayout.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Programfiler\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programfiler\MyWebSearch\bar\Cache006C13F (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Documents and Settings\Alicia\Programdata\Starware\Manager\ManagerOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Veronica\Programdata\Starware\ToolbarSearch\ToolbarSearchOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Programfiler\MyWebSearch\bar\Cache00CCA79.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Documents and Settings\Alicia\Programdata\Starware\Maps\MapsOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Veronica\Programdata\Starware\TravelSearch\TravelSearchOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Veronica\Programdata\Starware\TravelSearch\TravelSearchOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Programfiler\MyWebSearch\bar\1.bin\M3SKIN.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Documents and Settings\Veronica\Programdata\Starware\Weather\AlertArchive.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Veronica\Programdata\Starware\Weather\WeatherOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Veronica\Programdata\Starware\Weather\WeatherOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Programfiler\MyWebSearch\bar\1.bin\MWSOEPLG.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Documents and Settings\Josefin\Programdata\Starware\Weather\WeatherOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Alicia\Programdata\Starware\RelatedSearch\RelatedSearchOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Programdata\Starware\buttons\maps.bmp (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Alicia\Programdata\setup_en[1].exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Documents and Settings\Alicia\Programdata\Starware\ScreensaversMarketingSitePager\ScreensaversMarketingSitePagerOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Alicia\Programdata\Starware\ScreensaversMarketingSitePager\ScreensaversMarketingSitePagerOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kristoffer\Programdata\Starware\BrowserSearch\BrowserSearch.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Programfiler\MyWebSearch\bar\1.bin\F3BKGERR.JPG (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programfiler\MyWebSearch\bar\Game\CHECKERS.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programfiler\MyWebSearch\bar\1.bin\F3PSSAVR.SCR (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programfiler\MyWebSearch\bar\1.bin\F3REPROX.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Documents and Settings\Josefin\Programdata\Starware\Movies\MoviesOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Programfiler\MyWebSearch\bar\1.bin\F3SCHMON.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programfiler\MyWebSearch\bar\1.bin\F3SPACER.WMV (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programfiler\MyWebSearch\bar\MSNBackgrounds074B707.jpeg (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programfiler\MyWebSearch\bar\1.bin\F3WPHOOK.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programfiler\MyWebSearch\bar\1.bin\M3FFXTBR.JAR (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programfiler\MyWebSearch\bar\1.bin\M3NTSTBR.JAR (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programfiler\MyWebSearch\bar\1.bin\M3PLUGIN.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programfiler\MyWebSearch\bar\1.bin\MWSOEMON.EXE (Adware.MyWebSearch) -> Delete on reboot.
C:\Programfiler\MyWebSearch\bar\Settings\s_pid.dat (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Programdata\Starware\SimpleUpdate\SimpleUpdateConfig.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Programfiler\MyWebSearch\bar\1.bin\MWSOESTB.DLL (Adware.MyWebSearch) -> Delete on reboot.
C:\Documents and Settings\Alicia\Programdata\Starware\Games\GamesOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Programdata\Starware\SimpleUpdate\TimerManagerConfig.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Programfiler\MyWebSearch\bar\Cache003E8FA (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programfiler\MyWebSearch\bar\Cache0040319 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Documents and Settings\Alicia\Programdata\Starware\Weather\WeatherOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Josefin\Programdata\Starware\BrowserSearch\BrowserSearch.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Programfiler\MyWebSearch\bar\Cache006D275 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Programdata\Starware\U0017DFF0.exe (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Josefin\Programdata\Starware\Configurator\ConfiguratorOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Programfiler\MyWebSearch\bar\Cache00CCC2F.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Programdata\Starware\buttons\FindItHot.bmp (Adware.Starware) -> Quarantined and deleted successfully.
C:\Programfiler\MyWebSearch\bar\Cache018F1DD.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programfiler\MyWebSearch\bar\Cache018F7B9.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Programdata\Starware\buttons\Highlight.bmp (Adware.Starware) -> Quarantined and deleted successfully.
C:\Programfiler\MyWebSearch\bar\Cache0227AC8.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programfiler\MyWebSearch\bar\Cache0227CBC.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Programdata\Starware\buttons\highlightxp.png (Adware.Starware) -> Quarantined and deleted successfully.
C:\Programfiler\MyWebSearch\bar\Cache0351DF6 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programfiler\MyWebSearch\bar\Cache05CC6CB (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programfiler\FunWebProducts\Shared\Cache\SmileyCentralBtn.html (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programfiler\MyWebSearch\bar\Cache0CE8E99 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programfiler\MyWebSearch\bar\Cache18D7515 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Programdata\Starware\buttons\ReferenceHot.bmp (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Programdata\Starware\buttons\referencehotxp.png (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Programdata\Starware\buttons\referencexp.png (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Josefin\Programdata\Starware\Maps\MapsOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Programdata\Starware\buttons\weatherhotxp.png (Adware.Starware) -> Quarantined and deleted successfully.
C:\Programfiler\MyWebSearch\bar\Game\REVERSI.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Documents and Settings\Alicia\Programdata\Starware\SearchMatch\SearchMatchOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Programdata\Starware\contexts\error.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Programdata\Starware\contexts\Related.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Alicia\Programdata\Starware\BrowserSearch\BrowserSearch.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Alicia\Programdata\Starware\Toolbar\TBProductsOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Programdata\Starware\images\walert.bmp (Adware.Starware) -> Quarantined and deleted successfully.
C:\Programfiler\MyWebSearch\bar\Settings\prevcfg.htm (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Documents and Settings\Alicia\Programdata\Starware\ToolbarLogo\ToolbarLogoOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Programfiler\MyWebSearch\bar\Settings\settings.htm (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Documents and Settings\Alicia\Programdata\Starware\ErrorSearch\ErrorSearchOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Programdata\Starware\SimpleUpdate\ProductMessagingConfig.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Alicia\Programdata\Starware\Games\GamesOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Josefin\Programdata\Starware\SearchAssistPlus\SearchAssistPlusOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Alicia\Programdata\Starware\TravelSearch\TravelSearchOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Alicia\Programdata\Starware\Layouts\PreferencesLayout.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Programfiler\FunWebProducts\PopSwatr\History\allowed (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programfiler\FunWebProducts\PopSwatr\History\notallow (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Documents and Settings\Alicia\Programdata\Starware\Layouts\ToolbarLayout.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Josefin\Programdata\Starware\Toolbar\TBProductsOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Programfiler\FunWebProducts\ScreenSaver\Images1310832.urr (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Documents and Settings\Alicia\Programdata\Starware\Manager\ManagerOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Josefin\Programdata\Starware\ToolbarLogo\ToolbarLogoOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Programfiler\FunWebProducts\Shared\Cache\CursorManiaBtn.html (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programfiler\FunWebProducts\Shared\Cache\FunBuddyIconBtn.html (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Documents and Settings\Josefin\Programdata\Starware\ToolbarSearch\ToolbarSearchOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Programfiler\FunWebProducts\Shared\Cache\MyFunCardsIMBtn.html (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programfiler\FunWebProducts\Shared\Cache\MySignatureInsertBtn-new.html (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programfiler\FunWebProducts\Shared\Cache\MySignatureInsertBtn.html (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programfiler\FunWebProducts\Shared\Cache\MySignaturePreviewBtn-new.html (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Documents and Settings\Josefin\Programdata\Starware\Layouts\PreferencesLayout.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Programfiler\FunWebProducts\Shared\Cache\MyStationeryBtn.html (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Documents and Settings\Josefin\Programdata\Starware\Weather\WeatherOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Alicia\Programdata\Starware\RelatedSearch\RelatedSearchOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Programfiler\Starware\brand.bmp (Adware.Starware) -> Quarantined and deleted successfully.
C:\Programfiler\Starware\StarwareConfig.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Programfiler\Starware\StarwareUninstall.exe (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Josefin\Programdata\Starware\Maps\MapsOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Alicia\Programdata\Starware\SearchAssistPlus\SearchAssistPlusOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Alicia\Programdata\Starware\SearchAssistPlus\SearchAssistPlusOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Programfiler\Starware\icons\star_16.ico (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Programdata\Starware\buttons\weatherxp.png (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Alicia\Programdata\Starware\SearchMatch\SearchMatchOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Alicia\Programdata\Starware\BrowserSearch\BrowserSearch.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kristoffer\Programdata\Starware\ErrorSearch\ErrorSearchOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Programdata\Starware\contexts\Travel.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Alicia\Programdata\Starware\Configurator\ConfiguratorOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Alicia\Programdata\Starware\Configurator\ConfiguratorOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Programdata\Starware\images\walertXP.bmp (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Alicia\Programdata\Starware\ErrorSearch\ErrorSearchOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Programdata\Starware\SimpleUpdate\ProductMessagingConfig.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Josefin\Programdata\Starware\ScreensaversMarketingSitePager\ScreensaversMarketingSitePagerOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kristoffer\Programdata\Starware\Weather\AlertArchive.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Alicia\Programdata\Starware\Movies\MoviesOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Josefin\Programdata\Starware\SearchAssistPlus\SearchAssistPlusOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Josefin\Programdata\Starware\TravelSearch\TravelSearchOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Alicia\Programdata\Starware\Layouts\PreferencesLayout.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Alicia\Programdata\Starware\Weather\AlertArchive.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Josefin\Programdata\Starware\BrowserSearch\BrowserSearch.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Alicia\Programdata\Starware\Weather\WeatherOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Veronica\Programdata\Starware\ToolbarLogo\ToolbarLogoOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Josefin\Programdata\Starware\Configurator\ConfiguratorOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Veronica\Programdata\Starware\ErrorSearch\ErrorSearchOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Programdata\Starware\buttons\FindIt.bmp (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Alicia\Programdata\Starware\Maps\MapsOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Programdata\Starware\buttons\findithotxp.png (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Programdata\Starware\buttons\Weather.bmp (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Alicia\Programdata\Starware\Movies\MoviesOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Josefin\Programdata\Starware\Movies\MoviesOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Alicia\Programdata\Starware\Reference\ReferenceOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Alicia\Programdata\Starware\Reference\ReferenceOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Programdata\Starware\buttons\logo.bmp (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Programdata\Starware\buttons\logoxp.bmp (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Josefin\Programdata\Starware\Layouts\ToolbarLayout.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kristoffer\Programdata\Starware\Tem835.tmp (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kristoffer\Programdata\Starware\TemBAA.tmp (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Josefin\Programdata\Starware\Manager\ManagerOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Josefin\Programdata\Starware\ScreensaversMarketingSitePager\ScreensaversMarketingSitePagerOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Josefin\Programdata\Starware\ErrorSearch\ErrorSearchOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Josefin\Programdata\Starware\ErrorSearch\ErrorSearchOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kristoffer\Programdata\Starware\Configurator\ConfiguratorOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kristoffer\Programdata\Starware\RelatedSearch\RelatedSearchOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kristoffer\Programdata\Starware\Configurator\ConfiguratorOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kristoffer\Programdata\Starware\ErrorSearch\ErrorSearchOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Josefin\Programdata\Starware\Reference\ReferenceOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Josefin\Programdata\Starware\Reference\ReferenceOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Alicia\Programdata\Starware\Toolbar\TBProductsOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Josefin\Programdata\Starware\RelatedSearch\RelatedSearchOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Josefin\Programdata\Starware\RelatedSearch\RelatedSearchOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Alicia\Programdata\Starware\ToolbarLogo\ToolbarLogoOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Josefin\Programdata\Starware\Manager\ManagerOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Programdata\Starware\buttons\HighlightHot.bmp (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Josefin\Programdata\Starware\SearchMatch\SearchMatchOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Programdata\Starware\buttons\finditxp.png (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kristoffer\Programdata\Starware\Toolbar\TBProductsOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Josefin\Programdata\Starware\Toolbar\TBProductsOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Josefin\Programdata\Starware\Games\GamesOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Josefin\Programdata\Starware\SearchMatch\SearchMatchOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Josefin\Programdata\Starware\Weather\AlertArchive.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Programdata\Starware\buttons\Reference.bmp (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Josefin\Programdata\Starware\Layouts\ToolbarLayout.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Programdata\Starware\buttons\maps_over.bmp (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Josefin\Programdata\Starware\ToolbarLogo\ToolbarLogoOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Josefin\Programdata\Starware\ToolbarSearch\ToolbarSearchOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Programdata\Starware\buttons\highlighthotxp.png (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kristoffer\Programdata\Starware\BrowserSearch\BrowserSearch.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Josefin\Programdata\Starware\TravelSearch\TravelSearchOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Josefin\Programdata\Starware\Layouts\PreferencesLayout.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kristoffer\Programdata\Starware\Games\GamesOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Josefin\Programdata\Starware\Games\GamesOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
HJT]
Klikk for å se/fjerne innholdet nedenforLogfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:03:14, on 01.03.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
C:\Programfiler\D-Link\Bluetooth-programvare\bin\btwdins.exe
C:\Programfiler\F-Secure\Anti-Virus\fsgk32st.exe
C:\Programfiler\F-Secure\Anti-Virus\FSGK32.EXE
C:\Programfiler\Java\jre6\bin\jqs.exe
C:\Programfiler\F-Secure\Anti-Virus\fssm32.exe
C:\Programfiler\Fellesfiler\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\Programfiler\F-Secure\BackWeb\7681197\Program\BackWeb-7681197.exe
C:\Programfiler\Eicon\Diva\DiTask.exe
C:\Programfiler\Eicon\Diva\Divamon.exe
C:\Programfiler\Eicon\Diva\watch.exe
C:\Programfiler\F-Secure\Common\FSMA32.EXE
C:\Programfiler\Eicon\Diva\cgserver.exe
C:\WINDOWS\System32\DSentry.exe
C:\Programfiler\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Programfiler\Eicon\Diva\diinfo.exe
C:\Programfiler\F-Secure\Common\FSMB32.EXE
C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\Programfiler\F-Secure\Common\FCH32.EXE
C:\Programfiler\F-Secure\Common\FSM32.EXE
C:\Programfiler\QuickTime\qttask.exe
C:\Programfiler\F-Secure\Common\FAMEH32.EXE
C:\WINDOWS\System32\LVCOMSX.EXE
C:\Programfiler\Logitech\Video\LogiTray.exe
C:\Programfiler\NETGEAR\WG311TSU\Utility\Gear311T.exe
C:\Programfiler\HP\HP Software Update\HPWuSchd2.exe
C:\Programfiler\iTunes\iTunesHelper.exe
C:\Programfiler\Java\jre6\bin\jusched.exe
C:\WINDOWS\SYSTEM32\tbctray.exe
C:\PROGRA~1\SYSTEM~1\soap.exe
C:\Programfiler\Messenger\msmsgs.exe
C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programfiler\Logitech\VideoCall\VideoCall.exe
C:\Programfiler\Skype\Phone\Skype.exe
C:\Garmin\gStart.exe
C:\Programfiler\F-Secure\Common\FNRB32.EXE
C:\Programfiler\F-Secure\Common\FIH32.EXE
C:\Programfiler\F-Secure\Anti-Virus\fsav32.exe
C:\Programfiler\D-Link\Bluetooth-programvare\BTTray.exe
C:\Programfiler\iPod\bin\iPodService.exe
C:\Programfiler\HP\Digital Imaging\bin\hpqtra08.exe
C:\Programfiler\CASIO\Photo Loader\Plauto.exe
C:\Programfiler\Logitech\Video\FxSvr2.exe
C:\Programfiler\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Programfiler\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell.com/countries/no/nor/gen/default.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ycomp/def.../search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ycomp/def...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ycomp/def...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger
R3 - URLSearchHook: {1A03F196-9617-4CA0-842B-A83CEECB022B} - - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programfiler\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programfiler\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programfiler\Windows Live Toolbar\msntb.dll
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programfiler\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programfiler\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programfiler\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programfiler\google\googletoolbar2.dll
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Programfiler\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [DiTask.exe] "C:\Programfiler\Eicon\Diva\DiTask.exe"
O4 - HKLM\..\Run: [Divamon.exe] "C:\Programfiler\Eicon\Diva\Divamon.exe"
O4 - HKLM\..\Run: [Eicon TechnologyLAN_DAEMON] "C:\Programfiler\Eicon\Diva\watch.exe"
O4 - HKLM\..\Run: [CGServer] "C:\Programfiler\Eicon\Diva\cgserver.exe"
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Programfiler\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Programfiler\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Programfiler\F-Secure\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iCQ Net] C:\WINDOWS\winlogon.exe -stealth
O4 - HKLM\..\Run: [avserve2.exe] C:\WINDOWS\avserve2.exe
O4 - HKLM\..\Run: [skynetave.exe] C:\WINDOWS\skynetave.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\System32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Programfiler\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Programfiler\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [AS00_Gear311T] C:\Programfiler\NETGEAR\WG311TSU\Utility\Gear311T.exe -hide
O4 - HKLM\..\Run: [HP Software Update] C:\Programfiler\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programfiler\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programfiler\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [TraySantaCruz] C:\WINDOWS\SYSTEM32\tbctray.exe
O4 - HKCU\..\Run: [system Soap Pro] C:\PROGRA~1\SYSTEM~1\soap.exe min
O4 - HKCU\..\Run: [MSMSGS] "C:\Programfiler\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [LDM] C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] C:\Programfiler\Logitech\Video\ManifestEngine.exe boot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [VideoCall] "C:\Programfiler\Logitech\VideoCall\VideoCall.exe" -minimized
O4 - HKCU\..\Run: [skype] "C:\Programfiler\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [gStart] C:\Garmin\gStart.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETTVERKSTJENESTE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: MyWebSearch Email Plugin.lnk = C:\Programfiler\MyWebSearch\bar\1.bin\MWSOEMON.EXE
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programfiler\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programfiler\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: MyWebSearch Email Plugin.lnk = C:\Programfiler\MyWebSearch\bar\1.bin\MWSOEMON.EXE
O4 - Global Startup: Photo Loader supervisory.lnk = C:\Programfiler\CASIO\Photo Loader\Plauto.exe
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html...NO_ZCxdm482YYNO
O8 - Extra context menu item: &Windows Live Search - res://C:\Programfiler\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Send til &Bluetooth - C:\Programfiler\D-Link\Bluetooth-programvare\btsendto_ie_ctx.htm
O8 - Extra context menu item: Åpne i ny bakgrunnsflik - res://C:\Programfiler\Windows Live Toolbar\Components\nb-no\msntabres.dll.mui/229?41e6c77fb0d04f58bd68b43c9ffa2891
O8 - Extra context menu item: Åpne i ny forgrunnsflik - res://C:\Programfiler\Windows Live Toolbar\Components\nb-no\msntabres.dll.mui/230?41e6c77fb0d04f58bd68b43c9ffa2891
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programfiler\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programfiler\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programfiler\D-Link\Bluetooth-programvare\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programfiler\D-Link\Bluetooth-programvare\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Programfiler\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/Facebo...toUploader3.cab
O16 - DPF: {5CD4310E-88FB-43C1-BE24-5F3FA9C5C9D1} (KooPlayer Control) - http://www.tvlution.com/KooPlayer.ocx
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1098552997250
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmesse...pdownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O16 - DPF: {CA034DCC-A580-4333-B52F-15F98C42E04C} (Downloader Class) - https://www.stopzilla.com/_download/Auto_In...ller/dwnldr.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab31267.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O23 - Service: F-Secure BackWeb (BackWeb Client - 7681197) - Unknown owner - C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Programfiler\D-Link\Bluetooth-programvare\bin\btwdins.exe
O23 - Service: F-Secure BackWeb LAN Access - Unknown owner - C:\Programfiler\F-Secure\BackWeb\7681197\Program\fsbwlan.exe
O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corp. - C:\Programfiler\F-Secure\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Network Request Broker - F-Secure Corporation - C:\Programfiler\F-Secure\Common\FNRB32.EXE
O23 - Service: F-Secure Authentication Agent (FSAA) - F-Secure Corporation. All Rights Reserved. - C:\Programfiler\F-Secure\Common\FSAA.EXE
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Programfiler\F-Secure\Common\FSMA32.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programfiler\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Programfiler\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programfiler\Java\jre6\bin\jqs.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Intel® NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
--
End of file - 14902 bytes
Combofix
Klikk for å se/fjerne innholdet nedenforComboFix 09-02-28.01 - Kristoffer 2009-03-01 17:00:40.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.47.1044.18.511.193 [GMT 1:00]
Kjører fra: c:\documents and settings\Kristoffer\Skrivebord\ComboFix.exe
* Resident AV is active
.
((((((((((((((((((((((((((((((((((((((( Andre slettinger )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Forrige skanning -------
.
c:\windows\IE4 Error Log.txt
.
((((((((((((((((((((((((((( Filer Opprettet Fra 2009-02-01 til 2009-03-01 )))))))))))))))))))))))))))))))))
.
2009-03-01 16:02 . 2009-03-01 16:02 <DIR> d-------- c:\programfiler\Trend Micro
2009-03-01 12:58 . 2008-04-13 19:45 10,368 --a------ c:\windows\SYSTEM32\DRIVERS\hidusb.sys
2009-03-01 12:58 . 2008-04-13 19:45 10,368 --a------ c:\windows\SYSTEM32\DLLCACHE\hidusb.sys
2009-02-28 18:54 . 2009-02-28 18:54 <DIR> d-------- c:\documents and settings\Kristoffer\Programdata\Malwarebytes
2009-02-28 18:53 . 2009-02-28 18:55 <DIR> d-------- c:\programfiler\Malwarebytes' Anti-Malware
2009-02-28 18:53 . 2009-02-28 18:53 <DIR> d-------- c:\documents and settings\All Users\Programdata\Malwarebytes
2009-02-28 18:53 . 2009-02-11 10:19 38,496 --a------ c:\windows\SYSTEM32\DRIVERS\mbamswissarmy.sys
2009-02-28 18:53 . 2009-02-11 10:19 15,504 --a------ c:\windows\SYSTEM32\DRIVERS\mbam.sys
.
(((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-01 16:11 --------- d-----w c:\documents and settings\Kristoffer\Programdata\Skype
2009-01-17 14:03 --------- d-----w c:\programfiler\Google
2009-01-16 20:31 3,594,752 ------w c:\windows\SYSTEM32\DLLCACHE\mshtml.dll
2009-01-16 09:06 410,984 ----a-w c:\windows\SYSTEM32\deploytk.dll
2009-01-16 09:05 --------- d-----w c:\programfiler\Java
2008-12-19 09:13 70,656 ------w c:\windows\SYSTEM32\DLLCACHE\ie4uinit.exe
2008-12-19 09:10 13,824 ------w c:\windows\SYSTEM32\DLLCACHE\ieudinit.exe
2008-12-19 05:25 634,024 ------w c:\windows\SYSTEM32\DLLCACHE\iexplore.exe
2008-12-19 05:23 161,792 ------w c:\windows\SYSTEM32\DLLCACHE\ieakui.dll
2008-12-11 10:57 333,952 ------w c:\windows\SYSTEM32\DLLCACHE\srv.sys
2006-07-11 18:33 45,416 -c--a-w c:\documents and settings\Kristoffer\Programdata\GDIPFONTCACHEV1.DAT
2006-06-01 05:36 45,416 -c--a-w c:\documents and settings\Alicia\Programdata\GDIPFONTCACHEV1.DAT
1998-10-14 09:19 10,000 -c--a-w c:\windows\INF\unregpn.exe
2008-11-21 17:59 32,768 --sha-w c:\windows\SYSTEM32\CONFIG\systemprofile\Lokale innstillinger\Logg\History.IE5\MSHist012008112120081122\index.dat
.
(((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Merk* tomme oppføringer & gyldige standardoppføringer vises ikke
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"System Soap Pro"="c:\progra~1\SYSTEM~1\soap.exe" [2003-08-21 777728]
"MSMSGS"="c:\programfiler\Messenger\msmsgs.exe" [2008-04-14 1695232]
"LDM"="c:\programfiler\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2007-02-16 67128]
"LogitechSoftwareUpdate"="c:\programfiler\Logitech\Video\ManifestEngine.exe" [2004-10-08 196608]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"VideoCall"="c:\programfiler\Logitech\VideoCall\VideoCall.exe" [2004-11-12 65602]
"Skype"="c:\programfiler\Skype\Phone\Skype.exe" [2006-07-21 20036648]
"gStart"="c:\garmin\gStart.exe" [2005-01-20 1896448]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="c:\programfiler\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2002-08-14 290816]
"DiTask.exe"="c:\programfiler\Eicon\Diva\DiTask.exe" [2002-04-10 143360]
"Divamon.exe"="c:\programfiler\Eicon\Diva\Divamon.exe" [2002-04-10 32768]
"Eicon TechnologyLAN_DAEMON"="c:\programfiler\Eicon\Diva\watch.exe" [2002-04-10 192512]
"CGServer"="c:\programfiler\Eicon\Diva\cgserver.exe" [2002-04-10 40960]
"DVDSentry"="c:\windows\System32\DSentry.exe" [2002-08-14 28672]
"AdaptecDirectCD"="c:\programfiler\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" [2002-04-10 679936]
"zBrowser Launcher"="c:\programfiler\Logitech\iTouch\iTouch.exe" [2002-07-22 577602]
"EM_EXEC"="c:\progra~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE" [2002-07-09 28672]
"F-Secure Manager"="c:\programfiler\F-Secure\Common\FSM32.EXE" [2002-06-06 106571]
"QuickTime Task"="c:\programfiler\QuickTime\qttask.exe" [2007-02-16 282624]
"LVCOMSX"="c:\windows\System32\LVCOMSX.EXE" [2004-10-08 221184]
"LogitechVideoRepair"="c:\programfiler\Logitech\Video\ISStart.exe" [2004-10-08 458752]
"LogitechVideoTray"="c:\programfiler\Logitech\Video\LogiTray.exe" [2004-10-08 217088]
"AS00_Gear311T"="c:\programfiler\NETGEAR\WG311TSU\Utility\Gear311T.exe" [2004-05-12 458752]
"HP Software Update"="c:\programfiler\HP\HP Software Update\HPWuSchd2.exe" [2005-05-11 49152]
"iTunesHelper"="c:\programfiler\iTunes\iTunesHelper.exe" [2007-03-02 257088]
"SunJavaUpdateSched"="c:\programfiler\Java\jre6\bin\jusched.exe" [2009-01-16 136600]
"TraySantaCruz"="c:\windows\SYSTEM32\tbctray.exe" [2002-04-03 290816]
"ATIModeChange"="Ati2mdxx.exe" [2002-08-19 c:\windows\SYSTEM32\Ati2mdxx.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\All Users\Start-meny\Programmer\Oppstart\
BTTray.lnk - c:\programfiler\D-Link\Bluetooth-programvare\BTTray.exe [2005-07-26 577597]
HP Digital Imaging Monitor.lnk - c:\programfiler\HP\Digital Imaging\bin\hpqtra08.exe [2005-05-11 282624]
Logitech Desktop Messenger.lnk - c:\programfiler\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2007-02-16 67128]
Microsoft Office.lnk - c:\programfiler\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.VDOM"= vdowave.drv
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programfiler\\Eicon\\Diva\\watch.exe"=
"c:\\Programfiler\\Logitech\\VideoCall\\VideoCall.exe"=
"c:\\Programfiler\\Messenger\\msmsgs.exe"=
"c:\\WINDOWS\\PCHealth\\HelpCtr\\Binaries\\helpctr.exe"=
"c:\\Programfiler\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Programfiler\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Programfiler\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Programfiler\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Programfiler\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Programfiler\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Programfiler\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Programfiler\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Programfiler\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Programfiler\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Programfiler\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Programfiler\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Programfiler\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\WINDOWS\\SYSTEM32\\LEXPPS.EXE"=
"c:\\Programfiler\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\Programfiler\\iTunes\\iTunes.exe"=
"c:\\StubInstaller.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programfiler\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programfiler\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Programfiler\\Skype\\Phone\\Skype.exe"=
R0 DiMaint;Eicon Maintenance Driver;c:\windows\SYSTEM32\DRIVERS\DISDN\dimaint.sys [1980-01-01 91408]
R2 BackWeb Client - 7681197;F-Secure BackWeb;c:\progra~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE [2003-05-18 16384]
R2 DiCapi;Eicon CAPI 2.0 Driver;c:\windows\SYSTEM32\DRIVERS\DISDN\capi202k.sys [1980-01-01 181168]
R2 DiPort;Eicon Port Driver;c:\windows\SYSTEM32\DRIVERS\DISDN\diport40.sys [1980-01-01 206976]
R2 F-Secure Filter;F-Secure File System Filter;c:\programfiler\F-Secure\Anti-Virus\win2k\FSfilter.sys [2003-05-18 47280]
R2 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\programfiler\F-Secure\Anti-Virus\win2k\fsgk.sys [2003-05-18 35152]
R2 F-Secure Recognizer;F-Secure File System Recognizer;c:\programfiler\F-Secure\Anti-Virus\win2k\FSrec.sys [2003-05-18 15984]
R2 FSpm;F-Secure Policy Manager;c:\programfiler\F-Secure\Common\FSpm.sys [2003-05-18 65328]
R3 AWINDIS5;AWINDIS5 Protocol Driver;c:\windows\SYSTEM32\AWINDIS5.SYS [2005-06-23 16194]
R3 DiWan;Eicon Driver for all Diva Client cards;c:\windows\SYSTEM32\DRIVERS\DISDN\Diwan.sys [1980-01-01 911920]
R3 NETGEAR_WG311T_SERVICE;NETGEAR WG311T Wireless Adapter Service;c:\windows\SYSTEM32\DRIVERS\wg311tn5.sys [2005-06-23 346784]
R3 tbcspud;Santa Cruz Driver;c:\windows\SYSTEM32\DRIVERS\tbcspud.sys [1980-01-01 144768]
R3 tbcwdm;Santa Cruz WDM Driver;c:\windows\SYSTEM32\DRIVERS\tbcwdm.sys [1980-01-01 545088]
S3 LCcfltr;Logitech USB Filter Driver;c:\windows\SYSTEM32\DRIVERS\LCCFLTR.SYS [2003-02-26 13724]
S3 vtdg46xx;vtdg46xx;c:\progra~1\TURTLE~1\SANTAC~1\CONTRO~1\vtdg46xx.sys [2003-02-06 19232]
.
Innholdet i mappen 'Scheduled Tasks' (planlagte oppgaver)
2007-10-01 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programfiler\Apple Software Update\SoftwareUpdate.exe [2007-01-10 15:42]
2009-03-01 c:\windows\Tasks\Se etter oppdateringer for Windows Live Toolbar.job
- c:\programfiler\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 11:20]
.
- - - - TOMME PEKERE FJERNET - - - -
HKLM-Run-ICQ Net - c:\windows\winlogon.exe
HKLM-Run-avserve2.exe - c:\windows\avserve2.exe
HKLM-Run-skynetave.exe - c:\windows\skynetave.exe
.
------- Tilleggsskanning -------
.
uStart Page = hxxp://www.yahoo.com
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mStart Page = hxxp://www.yahoo.com
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = localhost
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
IE: &Search - http://bar.mywebsearch.com/menusearch.html...NO_ZCxdm482YYNO
IE: &Windows Live Search - c:\programfiler\Windows Live Toolbar\msntb.dll/search.htm
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office10\EXCEL.EXE/3000
IE: Send til &Bluetooth - c:\programfiler\D-Link\Bluetooth-programvare\btsendto_ie_ctx.htm
IE: Åpne i ny bakgrunnsflik - c:\programfiler\Windows Live Toolbar\Components\nb-no\msntabres.dll.mui/229?41e6c77fb0d04f58bd68b43c9ffa2891
IE: Åpne i ny forgrunnsflik - c:\programfiler\Windows Live Toolbar\Components\nb-no\msntabres.dll.mui/230?41e6c77fb0d04f58bd68b43c9ffa2891
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\programfiler\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {5CD4310E-88FB-43C1-BE24-5F3FA9C5C9D1} - hxxp://www.tvlution.com/KooPlayer.ocx
DPF: {CA034DCC-A580-4333-B52F-15F98C42E04C} - hxxps://www.stopzilla.com/_download/Auto_Installer/dwnldr.cab
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-01 17:11:02
Windows 5.1.2600 Service Pack 3 NTFS
skanner skjulte prosesser ...
skanner skjulte autostart-oppføringer ...
skanner skjulte filer ...
**************************************************************************
.
Tidspunkt ferdig: 2009-03-01 17:17:09
ComboFix-quarantined-files.txt 2009-03-01 16:15:21
Pre-Run: 65,990,983,680 byte ledig
Post-Run: 65,974,534,144 byte ledig
174 --- E O F --- 2009-03-01 12:31:04
Håper noen tar seg tid til å se på de
-
Har nettopp ekprimentert litt med klokking av min U100. Har egentlig bare satt den opp til 24% boost i bios for å se om det ble noen merkbar ytelse i TMNF, noe det selvfølgelig gjorde . Så sjekket jeg temperaturer i Everest og lurer på om noen vet hva som er akseptabelt der?
Jeg har 82 grader på CPU diode og 64 på CPU under load.
-
Hmm, javel..
Takk for hjelp
-
Symptomer: Maskinen går tregt.
MBAM
Klikk for å se/fjerne innholdet nedenforMalwarebytes' Anti-Malware 1.34
Databaseversjon: 1753
Windows 6.0.6001 Service Pack 1
12.02.2009 10:15:18
mbam-log-2009-02-12 (10-15-18).txt
Skanntype: Rask Skann
Objekter skannet: 62062
Tid tilbakelagt: 15 minute(s), 8 second(s)
Minneprosesser infisert: 0
Minnemoduler infisert: 0
Registernøkler infisert: 0
Registerverdier infisert: 0
Registerfiler infisert: 0
Mapper infisert: 0
Filer infisert: 0
Minneprosesser infisert:
(Ingen mistenkelige filer funnet)
Minnemoduler infisert:
(Ingen mistenkelige filer funnet)
Registernøkler infisert:
(Ingen mistenkelige filer funnet)
Registerverdier infisert:
(Ingen mistenkelige filer funnet)
Registerfiler infisert:
(Ingen mistenkelige filer funnet)
Mapper infisert:
(Ingen mistenkelige filer funnet)
Filer infisert:
(Ingen mistenkelige filer funnet)
Combofix
Klikk for å se/fjerne innholdet nedenforComboFix 09-02-11.02 - Hans Martin 2009-02-12 10:46:10.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1044.18.3037.1965 [GMT 1:00]
Kjører fra: c:\users\Hans Martin\Downloads\ComboFix.exe
* Opprettet nytt gjenopprettingspunkt
* Resident AV is active
.
((((((((((((((((((((((((((((((((((((((( Andre slettinger )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\users\Hans Martin\AppData\Roaming\.#
.
((((((((((((((((((((((((((( Filer Opprettet Fra 2009-01-12 til 2009-02-12 )))))))))))))))))))))))))))))))))
.
2009-02-12 09:38 . 2009-02-12 09:38 <DIR> d-------- c:\users\Hans Martin\AppData\Roaming\Malwarebytes
2009-02-12 09:38 . 2009-02-12 09:38 <DIR> d-------- c:\users\All Users\Malwarebytes
2009-02-12 09:38 . 2009-02-12 09:38 <DIR> d-------- c:\programdata\Malwarebytes
2009-02-12 09:38 . 2009-02-12 09:38 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-02-12 09:38 . 2009-02-11 10:19 38,496 --a------ c:\windows\System32\drivers\mbamswissarmy.sys
2009-02-12 09:38 . 2009-02-11 10:19 15,504 --a------ c:\windows\System32\drivers\mbam.sys
2009-02-12 00:40 . 2009-02-12 00:40 <DIR> d-------- c:\users\Hans Martin\AppData\Roaming\Template
2009-02-12 00:39 . 2009-02-12 00:39 0 --a------ c:\users\Hans Martin\AppData\Roaming\wklnhst.dat
2009-02-11 20:48 . 2009-01-15 04:36 1,383,424 --a------ c:\windows\System32\mshtml.tlb
2009-02-11 20:48 . 2009-01-15 07:11 827,392 --a------ c:\windows\System32\wininet.dll
2009-02-09 20:23 . 2009-02-09 20:23 <DIR> d-------- c:\users\Hans Martin\AppData\Roaming\Uniblue
2009-02-09 20:23 . 2009-02-09 20:43 <DIR> d-------- c:\users\All Users\DriverScanner
2009-02-09 20:23 . 2009-02-09 20:43 <DIR> d-------- c:\programdata\DriverScanner
2009-02-09 20:23 . 2009-02-09 20:23 <DIR> d-------- c:\program files\Uniblue
2009-02-09 20:21 . 2009-02-09 20:23 <DIR> d--h-c--- c:\users\All Users\{148D8B8A-8F96-4822-81EC-D510B626B7D5}
2009-02-09 20:21 . 2009-02-09 20:23 <DIR> d--h-c--- c:\programdata\{148D8B8A-8F96-4822-81EC-D510B626B7D5}
2009-01-22 18:02 . 2009-01-22 18:02 <DIR> d-------- c:\windows\Sun
2009-01-22 13:05 . 2009-01-22 13:06 214,821,071 --a------ c:\windows\MEMORY.DMP
2009-01-15 18:31 . 2009-01-22 12:21 <DIR> d-------- c:\users\Hans Martin\AppData\Roaming\LimeWire
2009-01-15 18:30 . 2009-01-15 18:30 <DIR> d-------- c:\program files\Java
2009-01-15 18:30 . 2009-01-15 18:30 410,984 --a------ c:\windows\System32\deploytk.dll
2009-01-15 18:27 . 2009-01-15 18:27 <DIR> d-------- c:\program files\LimeWire
2009-01-14 23:59 . 2008-12-16 03:42 288,768 --a------ c:\windows\System32\drivers\srv.sys
.
(((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-12 06:48 --------- d-----w c:\program files\Windows Mail
2009-02-05 11:32 --------- d-----w c:\program files\McAfee
2009-01-23 07:52 --------- d-----w c:\programdata\TrackMania
2009-01-17 02:22 --------- d-----w c:\program files\Google
2009-01-11 14:10 --------- d-----w c:\program files\SiteAdvisor
2009-01-01 14:13 --------- d-----w c:\program files\Steam
2008-12-31 18:22 --------- d-----w c:\users\Hans Martin\AppData\Roaming\CyberLink
2008-12-31 18:22 --------- d-----w c:\programdata\CyberLink
2008-12-31 14:22 --------- d-----w c:\users\Hans Martin\AppData\Roaming\vlc
2008-12-30 22:39 0 ---ha-w c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2008-12-30 22:09 --------- d-----w c:\programdata\Microsoft Help
2008-12-30 21:53 --------- d-----w c:\program files\MSXML 4.0
2008-12-30 21:53 --------- d-----w c:\program files\Microsoft Works
2008-12-30 21:25 --------- d-----w c:\programdata\SiteAdvisor
2008-12-30 21:25 --------- d-----w c:\programdata\McAfee
2008-12-30 18:58 --------- d-----w c:\program files\Common Files\Steam
2008-12-30 18:38 --------- d-----w c:\program files\VideoLAN
2008-12-30 18:34 --------- d-----w c:\users\Hans Martin\AppData\Roaming\Apple Computer
2008-12-30 18:33 --------- d-----w c:\programdata\Apple Computer
2008-12-30 18:33 --------- d-----w c:\programdata\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-12-30 18:33 --------- d-----w c:\program files\iTunes
2008-12-30 18:33 --------- d-----w c:\program files\iPod
2008-12-30 18:33 --------- d-----w c:\program files\Common Files\Apple
2008-12-30 18:32 --------- d-----w c:\program files\QuickTime
2008-12-30 18:32 --------- d-----w c:\program files\Bonjour
2008-12-30 18:20 --------- d-----w c:\program files\Apple Software Update
2008-12-30 18:19 --------- d-----w c:\programdata\Apple
2008-12-30 16:14 --------- dcsh--w c:\program files\Common Files\WindowsLiveInstaller
2008-12-30 16:14 --------- d-----w c:\program files\Windows Live
2008-12-30 16:11 --------- d-----w c:\programdata\WLInstaller
2008-12-30 15:04 --------- d--h--w c:\program files\InstallShield Installation Information
2008-12-30 15:04 --------- d-----w c:\programdata\Temp
2008-12-30 15:03 --------- d-----w c:\program files\Acer GameZone
2008-12-30 15:02 --------- d-----w c:\users\Hans Martin\AppData\Roaming\ATI
2008-12-30 15:02 --------- d-----w c:\programdata\ATI
2008-12-30 01:38 --------- d-----w c:\program files\AMD
2008-12-29 21:20 --------- d-----w c:\program files\Acer Incorporated
2008-12-29 21:19 --------- d-----w c:\program files\Acer Arcade Deluxe
2008-12-29 20:46 0 ---ha-w c:\windows\system32\drivers\Msft_Kernel_Apfiltr_01005.Wdf
2008-12-29 20:46 --------- d-----w c:\program files\Acer Inc
2008-12-29 20:45 --------- d-----w c:\program files\Apoint2K
2008-12-29 20:40 --------- d-----w c:\program files\Launch Manager
2008-12-29 20:37 --------- d-----w c:\program files\ATI Technologies
2008-12-29 20:18 --------- d-----w c:\program files\ATI
2008-12-29 19:54 --------- d-----w c:\program files\Acer
2008-12-29 19:51 --------- d-sh--w c:\programdata\Start-meny
2008-12-29 19:51 --------- d-sh--w c:\programdata\Skrivebord
2008-12-29 19:51 --------- d-sh--w c:\programdata\Programdata
2008-12-29 19:51 --------- d-sh--w c:\programdata\Maler
2008-12-29 19:51 --------- d-sh--w c:\programdata\Favoritter
2008-12-29 19:51 --------- d-sh--w c:\programdata\Dokumenter
2008-12-29 19:51 --------- d-sh--w c:\program files\Fellesfiler
2008-01-21 02:43 174 --sha-w c:\program files\desktop.ini
.
(((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Merk* tomme oppføringer & gyldige standardoppføringer vises ikke
REGEDIT4
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2008-03-04 22:38 121392 --a------ c:\program files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2007-08-03 582992]
"ePower_DMC"="c:\program files\Acer\Empowering Technology\ePower\ePower_DMC.exe" [2008-05-09 397312]
"eDataSecurity Loader"="c:\program files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe" [2008-03-04 526896]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-03-08 40048]
"BkupTray"="c:\program files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe" [2008-04-25 28672]
"PLFSetI"="c:\windows\PLFSetI.exe" [2007-10-23 200704]
"WarReg_PopUp"="c:\program files\Acer\WR_PopUp\WarReg_PopUp.exe" [2008-01-29 303104]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-12-29 24064]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2008-05-27 850440]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2007-07-21 159744]
"eAudio"="c:\program files\Acer\Empowering Technology\eAudio\eAudio.exe" [2008-05-30 544768]
"ArcadeDeluxeAgent"="c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe" [2008-05-12 147456]
"PlayMovie"="c:\program files\Acer Arcade Deluxe\PlayMovie\PMVService.exe" [2008-05-12 167936]
"CLMLServer"="c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe" [2008-05-12 167936]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-01-15 136600]
"RtHDVCpl"="RtHDVCpl.exe" [2008-04-28 c:\windows\RtHDVCpl.exe]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GOEC62~1.DLL
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
SetupExecute REG_MULTI_SZ \0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-11-20 13:20 290088 c:\program files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-11-04 10:30 413696 c:\program files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{88BF001A-9987-4DD2-9B09-0D1250DCB920}"= Profile=Private|Profile=Public|c:\program files\Common Files\Mcafee\MNA\McNaSvc.exe:McAfee Network Agent
"{211A2D2F-B9CE-4DA3-BEE1-44529DE3BAA0}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{4CEEF326-38AE-436A-AD07-37F30156BDE2}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{B9E66FE4-6D43-43F7-9A2D-DE44F7B2F57F}"= c:\program files\Cyberlink\PowerDirector\PDR.EXE:CyberLink PowerDirector
"{0CF90B2C-0E12-4B0C-A7FC-035E5E4B4B24}"= UDP:c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe:SchedulerSvc.exe
"{54A8E449-C730-4705-922D-01AF15F3DEAF}"= TCP:c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe:SchedulerSvc.exe
"{74918C60-6D94-47F5-A813-2CF39A5672AA}"= UDP:c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe:BackupSvc.exe
"{1CEA23D8-6EA7-4FC2-8681-E994B5BE7D8A}"= UDP:c:\program files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe:AgentSvc.exe
"{D9FAD534-8285-4065-9AA4-3556434FB2B0}"= TCP:c:\program files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe:AgentSvc.exe
"{3987C1E3-04CB-4619-9D5B-2A88EA3BE5DC}"= TCP:c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe:BackupSvc.exe
"{9F6DCD7E-DBD8-4FA9-9BDA-C1AFE17822D9}"= c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\Acer Arcade Deluxe.exe:Acer Arcade Deluxe
"{8CCB968A-AA72-4E72-B5C8-3D78BCA50F9B}"= c:\program files\Acer Arcade Deluxe\PlayMovie\PlayMovie.exe:Acer Play Movie
"{09871E04-1BD7-406A-9EB5-B65EA982FF3F}"= c:\program files\Acer Arcade Deluxe\PlayMovie\PMVService.exe:Acer Play Movie Resident Program
"{E32FD8C3-FD1B-4A6E-BA89-2C453029D234}"= c:\program files\Acer Arcade Deluxe\HomeMedia\HomeMedia.exe:Acer HomeMedia
"{EBEC2E1A-0234-4577-A003-137F5E901AF4}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{B6E3983C-B1B8-48EA-9495-804A3EBE471C}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{43D6A6D3-4C5D-43B7-B340-B9C863AD45BC}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{035F5CF9-8374-48E5-93F9-3C82A57AA27F}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{F9197454-8898-404D-90F0-97AE07DBB148}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)
R2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};c:\program files\Acer Arcade Deluxe\PlayMovie\000.fcl [2008-12-29 22:13:08 61424]
R2 BUNAgentSvc;NTI Backup Now 5 Agent Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe [2008-03-03 16384]
R2 CLHNService;CLHNService;c:\program files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe [2008-12-29 81504]
R2 ETService;Empowering Technology Service;c:\program files\Acer\Empowering Technology\Service\ETService.exe [2008-05-22 24576]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [2008-12-30 203280]
R2 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2008-04-25 45056]
R2 NTIPPKernel;NTIPPKernel;c:\program files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\NTIPPKernel.sys [2008-12-29 122368]
R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2008-04-25 131072]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\System32\drivers\b57nd60x.sys [2008-05-23 210432]
R3 enecir;ENE CIR Receiver;c:\windows\System32\drivers\enecir.sys [2008-05-23 54784]
R3 usbfilter;AMD USB Filter Driver;c:\windows\System32\drivers\usbfilter.sys [2008-12-30 22072]
S3 GoogleDesktopManager-080708-050100;Google Desktop Manager 5.7.808.7150;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2008-12-29 24064]
S3 JMCR;JMCR;c:\windows\System32\drivers\jmcr.sys [2008-05-22 93968]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0c20a596-d6c2-11dd-8cfd-001eecc91e83}]
\shell\AutoRun\command - G:\LaunchU3.exe -a
.
Innholdet i mappen 'Scheduled Tasks' (planlagte oppgaver)
2008-05-22 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2007-12-04 13:32]
2008-05-22 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2007-12-04 13:32]
.
- - - - TOMME PEKERE FJERNET - - - -
HKLM-Run-eRecoveryService - (no file)
.
------- Tilleggsskanning -------
.
mStart Page = hxxp://no.intl.acer.yahoo.com
mDefault_Page_URL = hxxp://no.intl.acer.yahoo.com
uInternet Settings,ProxyOverride = *.local
IE: E&ksporter til Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Hans Martin\AppData\Roaming\Mozilla\Firefox\Profiles\g8ahkw8y.default\
FF - component: c:\program files\McAfee\SiteAdvisor\components\McFFPlg.dll
---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".no");
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-12 10:53:59
Windows 6.0.6001 Service Pack 1 NTFS
skanner skjulte prosesser ...
skanner skjulte autostart-oppføringer ...
skanner skjulte filer ...
skanning vellykket
skjulte filer: 0
**************************************************************************
.
--------------------- DLL'er Lastet Av Kjørende Prosesser ---------------------
- - - - - - - > 'Explorer.exe'(3968)
c:\program files\McAfee\SiteAdvisor\saHook.dll
c:\program files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll
c:\program files\Acer\Empowering Technology\eDataSecurity\x86\sysenv.dll
c:\windows\System32\SysHook.dll
.
Tidspunkt ferdig: 2009-02-12 10:59:13
ComboFix-quarantined-files.txt 2009-02-12 09:58:57
Pre-Run: 68 828 147 712 byte ledig
Post-Run: 71,253,327,872 byte ledig
220 --- E O F --- 2009-02-12 07:07:43
HJT
Klikk for å se/fjerne innholdet nedenforLogfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:02:52, on 12.02.2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal
Running processes:
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe
C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe
C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe
C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Windows\Explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
c:\PROGRA~1\mcafee\VIRUSS~1\mcvsshld.exe
C:\Windows\explorer.exe
C:\Users\Hans Martin\Downloads\test.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&a...p;m=aspire_5530
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://no.intl.acer.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - c:\PROGRA~1\mcafee\msk\mcapbho.dll
O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [ePower_DMC] C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [bkupTray] "C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe"
O4 - HKLM\..\Run: [PLFSetI] C:\Windows\PLFSetI.exe
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Program Files\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [startCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [eAudio] "C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe"
O4 - HKLM\..\Run: [ArcadeDeluxeAgent] "C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe"
O4 - HKLM\..\Run: [PlayMovie] "C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe"
O4 - HKLM\..\Run: [CLMLServer] "C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe"
O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Bonjour-tjeneste (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: NTI Backup Now 5 Agent Service (BUNAgentSvc) - NewTech Infosystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
O23 - Service: CLHNService - Unknown owner - C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe
O23 - Service: eDataSecurity Service - Egis Incorporated - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
O23 - Service: Empowering Technology Service (ETService) - Unknown owner - C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
O23 - Service: Google Desktop Manager 5.7.808.7150 (GoogleDesktopManager-080708-050100) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NewTech InfoSystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
O23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) - Unknown owner - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\Cyberlink\Shared files\RichVideo.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
--
End of file - 9667 bytes
-
Hadde et ganske likt scenario selv for noen mnd siden. Forskjellen var vel at jeg tok steget å kysset henne. Dagen etterpå turde jeg ikke å ta kontakt Angrer bittert på dette da jeg er ganske sikker på at det kunne blitt noe mer.
Så nå noen mnd senere går det ikke en dag uten at jeg tenker på henne, men nå føler jeg liksom at det blir for sent.
Så mitt råd til deg er å ikke vente, du vil angre på det. Svarer hun ikke på mld, så ringer du, da får du vertfall "sannheten".
Kan noen se over loggene?
i IKT-drift og sikkerhet
Skrevet
MBAM
Malwarebytes' Anti-Malware 1.38
Databaseversjon: 2420
Windows 5.1.2600 Service Pack 2
13.07.2009 19:02:55
mbam-log-2009-07-13 (19-02-55).txt
Skanntype: Rask Skann
Objekter skannet: 98689
Tid tilbakelagt: 6 minute(s), 4 second(s)
Minneprosesser infisert: 0
Minnemoduler infisert: 0
Registernøkler infisert: 1
Registerverdier infisert: 0
Registerfiler infisert: 2
Mapper infisert: 0
Filer infisert: 0
Minneprosesser infisert:
(Ingen mistenkelige filer funnet)
Minnemoduler infisert:
(Ingen mistenkelige filer funnet)
Registernøkler infisert:
HKEY_CURRENT_USER\SOFTWARE\Trymedia Systems (Adware.Trymedia) -> Quarantined and deleted successfully.
Registerverdier infisert:
(Ingen mistenkelige filer funnet)
Registerfiler infisert:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
Mapper infisert:
(Ingen mistenkelige filer funnet)
Filer infisert:
(Ingen mistenkelige filer funnet)
Combofix
ComboFix 09-07-12.03 - Rolf Vidar 13.07.2009 19:23.1.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.47.1044.18.1023.515 [GMT 2:00]
Kjører fra: c:\documents and settings\Rolf Vidar\Skrivebord\ComboFix.exe
AV: Norman Security Suite *On-access scanning disabled* (Updated) {EB9EFB40-AE72-4C43-B204-0FCD0E92D5F1}
AV: Norton AntiVirus 2006 *On-access scanning disabled* (Outdated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norman Security Suite *disabled* {83B29CE9-9DE2-2CB5-9AB3-780D70FF12B0}
FW: Norton Internet Worm Protection *enabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}
.
((((((((((((((((((((((((((((((((((((((( Andre slettinger )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\Installer\2634ceb.msp
.
((((((((((((((((((((((((((( Filer Opprettet Fra 2009-06-13 til 2009-07-13 )))))))))))))))))))))))))))))))))
.
2009-07-13 16:54 . 2009-06-17 09:27 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-13 16:52 . 2009-07-13 16:52 -------- d-----w- c:\documents and settings\Rolf Vidar\Programdata\Malwarebytes
2009-07-13 16:50 . 2009-07-13 16:50 -------- d-----w- c:\documents and settings\All Users\Programdata\Malwarebytes
2009-07-13 16:50 . 2009-07-13 16:55 -------- d-----w- c:\programfiler\Malwarebytes' Anti-Malware
2009-07-13 16:50 . 2009-06-17 09:27 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-01 19:02 . 2009-07-01 19:02 -------- d-----w- c:\programfiler\Innovative Solutions
2009-06-28 17:37 . 2009-06-28 19:25 -------- d-----w- c:\documents and settings\Rolf Vidar\Programdata\FileZilla
2009-06-28 17:37 . 2009-06-28 17:37 -------- d-----w- c:\programfiler\FileZilla FTP Client
2009-06-24 16:46 . 2009-06-24 16:46 -------- d-----w- c:\documents and settings\LocalService\Start-meny
2009-06-24 16:45 . 2008-04-16 10:57 42552 ----a-w- c:\windows\system32\drivers\ale_nf.sys
2009-06-24 16:45 . 2008-02-07 10:12 74624 ----a-w- c:\windows\system32\drivers\tdi_rd.sys
2009-06-24 16:45 . 2008-02-07 10:12 79752 ----a-w- c:\windows\system32\drivers\ndis_rd.sys
2009-06-24 16:45 . 2009-01-22 10:41 19512 ----a-w- c:\windows\system32\drivers\nvcw32mf.sys
2009-06-24 16:45 . 2008-05-16 09:28 212024 ----a-w- c:\windows\system32\nscrnsav.scr
2009-06-24 16:45 . 2009-07-13 17:14 -------- d-----w- c:\programfiler\Norman
.
(((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-13 16:58 . 2007-05-17 16:59 -------- d-----w- c:\programfiler\Fellesfiler\Symantec Shared
2009-07-01 19:36 . 2007-01-25 21:00 -------- d-----w- c:\documents and settings\Rolf Vidar\Programdata\Launchy
2009-07-01 19:33 . 2007-05-30 16:32 -------- d-----w- c:\programfiler\NCH Swift Sound
2009-07-01 19:30 . 2006-10-07 10:44 -------- d-----w- c:\programfiler\project dogwaffle
2009-07-01 19:27 . 2008-08-19 15:46 -------- d-----w- c:\documents and settings\All Users\Programdata\Microsoft Help
2009-07-01 19:25 . 2007-10-05 17:58 -------- d-----w- c:\programfiler\Vstep
2009-07-01 19:24 . 2006-10-25 18:39 98304 ----a-w- c:\windows\system32\CmdLineExt.dll
2009-07-01 19:04 . 2009-07-01 19:04 -------- d-----w- c:\windows\Fonts\AdvUninstal
2009-07-01 14:56 . 2006-08-22 14:02 -------- d-----w- c:\documents and settings\Rolf Vidar\Programdata\OpenOffice.org2
2009-06-26 20:08 . 2009-03-07 10:02 -------- d-----w- c:\programfiler\Data7EDS
2009-06-26 20:00 . 2007-08-24 19:24 -------- d-----w- c:\documents and settings\Rolf Vidar\Programdata\AdobeAUM
2009-06-26 19:58 . 2006-08-21 14:21 -------- d-----w- c:\programfiler\Fellesfiler\Adobe
2009-06-26 19:34 . 2006-09-01 18:16 -------- d--h--w- c:\programfiler\InstallShield Installation Information
2009-06-19 14:27 . 2001-10-09 12:00 511998 ----a-w- c:\windows\system32\perfh014.dat
2009-06-19 14:27 . 2001-10-09 12:00 105034 ----a-w- c:\windows\system32\perfc014.dat
2009-06-17 09:27 . 2009-07-13 16:51 38160 ----a-w- c:\windows\system32\drivers\is-NUREU.tmp
2009-06-17 09:27 . 2009-07-13 16:50 38160 ----a-w- c:\windows\system32\drivers\is-AA9AT.tmp
2009-05-20 08:33 . 2007-02-24 16:29 -------- d-----w- c:\programfiler\EA GAMES
2009-05-07 15:44 . 2004-08-03 23:03 344576 ----a-w- c:\windows\system32\localspl.dll
2009-04-29 04:50 . 2004-08-03 23:03 827392 ----a-w- c:\windows\system32\wininet.dll
2009-04-29 04:49 . 2004-08-03 23:03 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-04-19 20:12 . 2004-08-03 22:56 1846656 ----a-w- c:\windows\system32\win32k.sys
2009-04-15 15:18 . 2004-08-03 23:03 584192 ----a-w- c:\windows\system32\rpcrt4.dll
2009-03-07 10:02 . 2009-03-07 09:57 80 --sh--r- c:\windows\system32F41EED2AD.dll
2006-09-03 11:33 . 2006-09-03 11:33 848 --sha-w- c:\windows\system32\KGyGaAvL.sys
.
(((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Merk* tomme oppføringer & gyldige standardoppføringer vises ikke
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SweetIM"="c:\programfiler\Macrogaming\SweetIM\SweetIM.exe" [2006-12-27 73840]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-03 15360]
"MSMSGS"="c:\programfiler\Messenger\msmsgs.exe" [2004-10-13 1694208]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UserFaultCheck"="c:\windows\system32\dumprep 0 -u" [X]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-07-26 6803456]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2005-07-26 86016]
"SweetIM"="c:\programfiler\Macrogaming\SweetIM\SweetIM.exe" [2006-12-27 73840]
"ccApp"="c:\programfiler\Fellesfiler\Symantec Shared\ccApp.exe" [2007-01-22 52840]
"Symantec PIF AlertEng"="c:\programfiler\Fellesfiler\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 517768]
"DAEMON Tools-1033"="c:\programfiler\D-Tools\daemon.exe" [2004-08-22 81920]
"SunJavaUpdateSched"="c:\programfiler\Java\jre6\bin\jusched.exe" [2009-03-07 148888]
"Norman ZANDA"="c:\programfiler\Norman\Npm\Bin\ZLH.EXE" [2009-02-11 187504]
"NPCTray"="c:\programfiler\Norman\npc\bin\npc_tray.exe" [2007-09-17 126008]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2005-07-26 1519616]
"SoundMan"="SOUNDMAN.EXE" - c:\windows\SOUNDMAN.EXE [2005-04-15 77824]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programfiler\\LimeWire\\LimeWire.exe"=
"c:\\Documents and Settings\\Rolf Vidar\\Mine dokumenter\\ANNE\\Roller Coaster Tycoon 2\\rct2.exe"=
"c:\\WINDOWS\\system32\\spoolsv.exe"=
"c:\\Programfiler\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Programfiler\\MSN Messenger\\msnmsgr.exe"=
"c:\\Programfiler\\MSN Messenger\\livecall.exe"=
"c:\\Programfiler\\Mozilla Firefox\\firefox.exe"=
"c:\\Programfiler\\iTunes\\iTunes.exe"=
"c:\\Programfiler\\Mamut Home\\mamutdtx.exe"=
"c:\\Programfiler\\Mamut\\Mamut.exe"=
"c:\\Programfiler\\HP\\Diagnostic Assistant\\bin\\hprbevwr.exe"=
"c:\\Programfiler\\HP\\Digital Imaging\\bin\\Hpqdirec.exe"=
"c:\\Programfiler\\HP\\Digital Imaging\\HP Print Screen\\prnsys.exe"=
"c:\\Programfiler\\HP\\HP Software Update\\HPWUCli.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
P2 NPFSvc32;Norman Personal Firewall Service;c:\programfiler\Norman\Npf\Bin\npfsvc32.exe [24.06.2009 18:45 597104]
R0 NDIS_RD;Norman Firewall NDIS driver;c:\windows\system32\drivers\ndis_rd.sys [24.06.2009 18:45 79752]
R1 NGS;Norman General Security Driver;c:\programfiler\Norman\Ngs\Bin\ngs.sys [24.06.2009 18:45 22712]
R1 NPROSEC;Norman Security driver;c:\programfiler\Norman\Ngs\Bin\nprosec.sys [24.06.2009 18:45 53816]
R1 TDI_RD;Norman Firewall TDI driver;c:\windows\system32\drivers\tdi_rd.sys [24.06.2009 18:45 74624]
R2 Ndiskio;Ndiskio;c:\programfiler\Norman\Nse\Bin\Ndiskio.sys [24.06.2009 18:45 20448]
R2 NPROSECSVC;Norman Security service;c:\programfiler\Norman\Ngs\Bin\nprosec.exe [24.06.2009 18:45 121912]
R2 NVOY;Norman Resource Provider;c:\programfiler\Norman\Npm\Bin\nvoy.exe [24.06.2009 18:45 126008]
R2 TomTomHOMEService;TomTomHOMEService;c:\documents and settings\Rolf Vidar\Mine dokumenter\TomTom HOME 2\TomTomHOMEService.exe [08.04.2009 12:38 92008]
R3 NPC;Norman Parental Control;c:\programfiler\Norman\Npc\Bin\npcsvc32.exe [24.06.2009 18:45 416880]
R3 nsesvc;Norman Scanner Engine Service;c:\programfiler\Norman\Nse\Bin\Nsesvc.exe [24.06.2009 18:45 310328]
R3 NUAA;Norman User Activity Agent;c:\programfiler\Norman\Npc\Bin\nuaa.exe [24.06.2009 18:45 121912]
R3 NvcMFlt;NvcMFlt;c:\windows\system32\drivers\nvcw32mf.sys [24.06.2009 18:45 19512]
R3 nvcoas;Norman Virus Control on-access component;c:\programfiler\Norman\nvc\bin\Nvcoas.exe [24.06.2009 18:45 195640]
R3 Scheduler;Norman Scheduler Service;c:\programfiler\Norman\Npm\Bin\scheduler.exe [24.06.2009 18:45 130104]
S3 cxbu0wdm;CardMan 3x21;c:\windows\system32\drivers\cxbu0wdm.sys [11.07.2006 09:03 84608]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\programfiler\Fellesfiler\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [26.02.2009 20:33 101936]
S3 sea1bus;Sony Ericsson Device 0A1 driver (WDM);c:\windows\system32\drivers\sea1bus.sys [21.08.2007 20:00 61536]
S3 sea1mdfl;Sony Ericsson Device 0A1 USB WMC Modem Filter;c:\windows\system32\drivers\sea1mdfl.sys [27.10.2007 12:49 9360]
S3 sea1mdm;Sony Ericsson Device 0A1 USB WMC Modem Driver;c:\windows\system32\drivers\sea1mdm.sys [27.10.2007 12:49 97088]
S3 sea1mgmt;Sony Ericsson Device 0A1 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\sea1mgmt.sys [27.10.2007 12:49 88624]
S3 sea1nd5;Sony Ericsson Device 0A1 USB Ethernet Emulation SEMCA1 (NDIS);c:\windows\system32\drivers\sea1nd5.sys [14.06.2008 18:12 18704]
S3 sea1obex;Sony Ericsson Device 0A1 USB WMC OBEX Interface;c:\windows\system32\drivers\sea1obex.sys [27.10.2007 12:49 86432]
S3 sea1unic;Sony Ericsson Device 0A1 USB Ethernet Emulation SEMCA1 (WDM);c:\windows\system32\drivers\sea1unic.sys [14.06.2008 18:11 90800]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\programfiler\Microsoft SQL Server\100\Shared\sqladhlp.exe [10.07.2008 17:28 47128]
S4 RsFx0102;RsFx0102 Driver;c:\windows\system32\drivers\RsFx0102.sys [10.07.2008 02:49 242712]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\programfiler\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [10.07.2008 17:28 369688]
--- Andre tjenester/drivere lastet i minnet ---
*Deregistered* - mchInjDrv
.
Innholdet i mappen 'Scheduled Tasks' (planlagte oppgaver)
2009-06-21 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programfiler\Apple Software Update\SoftwareUpdate.exe [2006-10-10 16:13]
2009-07-03 c:\windows\Tasks\Norton AntiVirus - Run Full System Scan - Rolf Vidar.job
- c:\progra~1\NORTON~1\Navw32.exe [2005-09-24 10:13]
2009-07-13 c:\windows\Tasks\Se etter oppdateringer for Windows Live Toolbar.job
- c:\programfiler\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 10:20]
.
- - - - TOMME PEKERE FJERNET - - - -
HKCU-Run-msnmsgr - ~c:\programfiler\MSN Messenger\msnmsgr.exe
.
------- Tilleggsskanning -------
.
uStart Page = hxxp://www.startsiden.no/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE: &Windows Live Search - c:\programfiler\Windows Live Toolbar\msntb.dll/search.htm
IE: E&ksporter til Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
LSP: c:\programfiler\Norman\npc\bin\nlf.dll
DPF: {A92E0798-BFA4-4FEE-BB48-8E2C69B2B0C5} - hxxp://www.navigram.com/engine/v812/PageDive5.cab
FF - ProfilePath - c:\documents and settings\Rolf Vidar\Programdata\Mozilla\Firefox\Profiles\he6wbpl7.default\
FF - plugin: c:\programfiler\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\programfiler\Mozilla Firefox\plugins\npitunes.dll
FF - plugin: c:\programfiler\Unity\WebPlayer\loader\npUnity3D32.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\programfiler\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\programfiler\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
---- FIREFOX POLICIES ----
c:\programfiler\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".no");
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-13 19:28
Windows 5.1.2600 Service Pack 2 NTFS
skanner skjulte prosesser ...
skanner skjulte autostart-oppføringer ...
skanner skjulte filer ...
skanning vellykket
skjulte filer: 0
**************************************************************************
.
Tidspunkt ferdig: 2009-07-13 19:31
ComboFix-quarantined-files.txt 2009-07-13 17:30
Pre-Run: 10 497 204 224 byte ledig
Post-Run: 10 998 353 920 byte ledig
WindowsXP-KB310994-SP2-Pro-BootDisk-NOR.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
187 --- E O F --- 2009-06-11 20:31
Takker for hjelp