CIO Tech Eksperten IT-JOB IT-Kurser Events Podcast Søg

Log ind eller opret profil

Du kan også logge ind via nedenstående tjenester

supermehl Nybegynder

15. marts 2006 - 12:30 Der er 9 kommentarer og
1 løsning

HijackThis log file

Hejsa! jeg har et problem med min PC. Når jeg er på MSN eller IE så crasher lortet. Jeg har ingen anelse om hvorfor, men hvis nogen af jer kloge hoveder lige vil kigge det her igennem så ville det være rart.

Logfile of HijackThis v1.99.1
Scan saved at 12:28:50, on 15-03-2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\TWlra2VsIE1vc2x1bmQ\command.exe
C:\WINDOWS\mswinpad.exe
C:\Programmer\Network Monitor\netmon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Programmer\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\System32\sstray.exe
C:\Programmer\Java\jre1.5.0_01\bin\jusched.exe
C:\mousepad2.exe
C:\dinst.exe
C:\WINDOWS\newfrn.exe
C:\WINDOWS\System32\rundll32.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Programmer\Messenger\msmsgs.exe
C:\Programmer\Error Safe Free\ers.exe
C:\Programmer\ZyDAS\ZD1211 802.11g Utility\ZDWlan.exe
C:\WINDOWS\system32\cmd.exe
C:\Programmer\Mozilla Firefox\firefox.exe
C:\Programmer\Internet Explorer\iexplore.exe
C:\Documents and Settings\The champ\Lokale indstillinger\Temp\Midlertidig mappe 1 for hijackthis.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.signon.stofanet.dk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: (no name) - {20D57A66-F7DF-467d-907B-9B7F4A118AB7} - C:\WINDOWS\System32\geeby.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [ATIPTA] C:\Programmer\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmer\Java\jre1.5.0_01\bin\jusched.exe
O4 - HKLM\..\Run: [mdr procce] gona.exe
O4 - HKLM\..\Run: [keyboard] c:\\keyboard2.exe
O4 - HKLM\..\Run: [mousepad] C:\\mousepad2.exe
O4 - HKLM\..\Run: [gimmysmileys] C:\\newname.exe
O4 - HKLM\..\Run: [Windows Firewall Monitor] C:\dinst.exe
O4 - HKLM\..\Run: [NewFrn] C:\WINDOWS\newfrn.exe
O4 - HKLM\..\Run: [asdgs] C:\dinst.exe
O4 - HKLM\..\Run: [ifdrv] rundll32.exe C:\WINDOWS\System32\ifdrv.dll,start
O4 - HKLM\..\Run: [Error Safe] C:\Programmer\Error Safe Free\ers.exe /scan
O4 - HKLM\..\RunServices: [mdr procce] gona.exe
O4 - HKLM\..\RunServices: [Windows Firewall Monitor] C:\dinst.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmer\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmer\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ErrorSafe] "C:\Programmer\Error Safe Free\ers.exe" /scan
O4 - Global Startup: ZDWlan.lnk = ?
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O12 - Plugin for .spop: C:\Programmer\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {8FCDF9D9-A28B-480F-8C3D-581F119A8AB8} (MediaGatewayX) - http://static.zangocash.com/cab/Zango/ie/bridge-c18.cab?83e5fc6d995c376ab70458af1b406574d8c437787d8dd6c88b6c2ac3f84c5c4e1ad957b13b6defd6eebdb1dff93974d7acba375bbc19f23d91e9c49c9ce792b34d1a074f2a:6f750d40ae25fea7e1b37b6906113080
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O20 - Winlogon Notify: geeby - C:\WINDOWS\SYSTEM32\geeby.dll
O20 - Winlogon Notify: RunServices - C:\WINDOWS\system32\en42l1ho1.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\TWlra2VsIE1vc2x1bmQ\command.exe
O23 - Service: Hardware Clock Driver (hwclock) - Unknown owner - C:\WINDOWS\System32\hwclock.exe
O23 - Service: Word Process (msproc) - Unknown owner - C:\WINDOWS\mswinpad.exe
O23 - Service: Network Monitor - Unknown owner - C:\Programmer\Network Monitor\netmon.exe

Synes godt om

ejvindh Ekspert

15. marts 2006 - 12:41 #1

Den er svært angrebet, men jeg giver den lige et kig :-)

Synes godt om

supermehl Nybegynder

15. marts 2006 - 12:43 #2

Ja, den er helt fucked up lige for tiden :D men hvis du kan hjælpe mig med det her, så er du sgu nok dagens mand i skysovs

Synes godt om

ejvindh Ekspert

15. marts 2006 - 12:49 #3

Du får lige en 3-trins-raket at starte på. Du skal bruge 3 downloads:

-- Hent Ewido herfra (14 dages version af plus-versionen)
http://www.spywarefri.dk/downloads1/ewido-setup.exe
Installer og kør Ewido - opdater programmet, men vent med at scanne.

-- Hent Look2Me-Destroyer herfra:
http://www.atribune.org/ccount/click.php?id=7
...og gem værktøjet på dit Skrivebord.

-- Hent VirtumundoBeGone, gem det på skrivebordet:
http://secured2k.home.comcast.net/tools/VirtumundoBeGone.exe

=================================================================
(1)
-- Genstart til fejlsikret tilstand (tryk F8 under opstarten).

-- Kør en fuld scanning med Ewido. Programmet laver en lille log, som du skal kopiere herind i dit næste svar.

=================================================================
(2)
-- Genstart herefter til normal tilstand

-- Luk alle åbne programvinduer - inklusiv Internet Explorer.

-- Dobbeltklik på Look2Me-Destroyer, sæt et flueben i "Run this program as a task". Du får en meddelelse om, at Look2Me-Destroyer vil lukke og åbne efter 10 sekunder - klik på OK.

Når Look2Me-Destroyer genåbner - klik på "Scan for L2M" - dine ikoner forsvinder - klik "Remove L2M". Klik OK når du får meddelelsen "Done scanning".

Nu får du meddelelsen "Done removing infected files!. Programmet vil lukke din computer - klik OK. Nu skal du finde filen C:\Look2Me-Destroyer.txt og kopiere indholdet herind.

-- Hvis din firewall vil blokere Look2Me-Destroyers adgang til nettet, så skal du lade programmet få adgang.

Hvis du får en runtime error 339, så skal du hente MSWINSCK.OCX herfra:
http://www.ascentive.com/support/new/images/lib/MSWINSCK.OCX
...og placere den i mappen C:\Windows\System32 Directory.
=================================================================
(3)
-- Luk alle kørende programmer, også Internetvinduer, dobbeltklik på VirtumundoBeGone.exe på skrivebordet, læs intro-informationen, klik så på Continue, klik på Start.
Når den spørger om du vil fortsætte, klik på Yes for at køre fixet.
Klik så på Save log.

-- Det sker sommetider at fixet afslutter med "BSOD"(blå skærm og frosset PC) så skal du bare genstarte på Resetknappen.

-- Der kommer en tekstfil på dit skrivebord der hedder VBG.TXT åbn den og kopier teksten herind.
=================================================================

I tillæg til de 3 nævnte logs (fra Ewido, Look2Me-Destroyer og VirtumondoBegone), må du gerne lave en ny log med Hijackthis, som du lægger herind -- så jeg kan se hvor langt du er kommet.

Synes godt om

supermehl Nybegynder

15. marts 2006 - 15:10 #4

Her er alle rapporterne :) Det tog sgu sin tid alt det der!

---------------------------------------------------------
ewido anti-malware - Scanningsrapport
---------------------------------------------------------

+ Oprettet den: 14:04:42, 15-03-2006
+ Rapport-Checksum: 730DD17A

+ Scanningsresultat:
HKLM\SOFTWARE\Classes\CLSID\{6001CDF7-6F45-471b-A203-0225615E35A7} -> Adware.Generic : Renset med backup
HKLM\SOFTWARE\webhancer -> Adware.WebHancer : Renset med backup
HKLM\SOFTWARE\webhancer\CC -> Adware.WebHancer : Renset med backup
HKU\.DEFAULT\Software\DNS -> Adware.Shorty : Renset med backup
HKU\.DEFAULT\Software\Effective-i -> Adware.EffectiveBrandToolbar : Renset med backup
HKU\.DEFAULT\Software\Effective-i\TheSearchAccelerator -> Adware.EffectiveBrandToolbar : Renset med backup
HKU\.DEFAULT\Software\Effective-i\TheSearchAccelerator\IE5 -> Adware.EffectiveBrandToolbar : Renset med backup
HKU\S-1-5-18\Software\DNS -> Adware.Shorty : Renset med backup
HKU\S-1-5-18\Software\Effective-i -> Adware.EffectiveBrandToolbar : Renset med backup
HKU\S-1-5-18\Software\Effective-i\TheSearchAccelerator -> Adware.EffectiveBrandToolbar : Renset med backup
HKU\S-1-5-18\Software\Effective-i\TheSearchAccelerator\IE5 -> Adware.EffectiveBrandToolbar : Renset med backup
[608] C:\WINDOWS\system32\wpsapi32.dll -> Adware.Look2Me : Renset med backup
[764] C:\WINDOWS\system32\wpsapi32.dll -> Adware.Look2Me : Fejl under renselse
C:\Documents and Settings\LocalService\Lokale indstillinger\Temporary Internet Files\Content.IE5\91QC7KUP\exe1[1].exe -> Proxy.Agent.iy : Renset med backup
C:\Documents and Settings\LocalService\Lokale indstillinger\Temporary Internet Files\Content.IE5\91QC7KUP\exe1[2].exe -> Proxy.Agent.iy : Renset med backup
C:\Documents and Settings\LocalService\Lokale indstillinger\Temporary Internet Files\Content.IE5\91QC7KUP\exe1[3].exe -> Proxy.Agent.iy : Renset med backup
C:\Documents and Settings\LocalService\Lokale indstillinger\Temporary Internet Files\Content.IE5\91QC7KUP\exe1[4].exe -> Proxy.Agent.iy : Renset med backup
C:\Documents and Settings\LocalService\Lokale indstillinger\Temporary Internet Files\Content.IE5\91QC7KUP\exe1[5].exe -> Proxy.Agent.iy : Renset med backup
C:\Documents and Settings\LocalService\Lokale indstillinger\Temporary Internet Files\Content.IE5\91QC7KUP\exe1[6].exe -> Proxy.Agent.iy : Renset med backup
C:\Documents and Settings\LocalService\Lokale indstillinger\Temporary Internet Files\Content.IE5\91QC7KUP\exe1[7].exe -> Proxy.Agent.iy : Renset med backup
C:\Documents and Settings\LocalService\Lokale indstillinger\Temporary Internet Files\Content.IE5\K75LZM58\exe1[1].exe -> Proxy.Agent.iy : Renset med backup
C:\Documents and Settings\LocalService\Lokale indstillinger\Temporary Internet Files\Content.IE5\K75LZM58\exe1[2].exe -> Proxy.Agent.iy : Renset med backup
C:\Documents and Settings\LocalService\Lokale indstillinger\Temporary Internet Files\Content.IE5\K75LZM58\exe1[3].exe -> Proxy.Agent.iy : Renset med backup
C:\Documents and Settings\LocalService\Lokale indstillinger\Temporary Internet Files\Content.IE5\K75LZM58\exe1[4].exe -> Proxy.Agent.iy : Renset med backup
C:\Documents and Settings\LocalService\Lokale indstillinger\Temporary Internet Files\Content.IE5\K75LZM58\exe1[5].exe -> Proxy.Agent.iy : Renset med backup
:mozilla.7:C:\Documents and Settings\The champ\Application Data\Mozilla\Firefox\Profiles\v3ryvorx.default\cookies.txt -> TrackingCookie.Yieldmanager : Renset med backup
:mozilla.8:C:\Documents and Settings\The champ\Application Data\Mozilla\Firefox\Profiles\v3ryvorx.default\cookies.txt -> TrackingCookie.Yieldmanager : Renset med backup
:mozilla.9:C:\Documents and Settings\The champ\Application Data\Mozilla\Firefox\Profiles\v3ryvorx.default\cookies.txt -> TrackingCookie.Yieldmanager : Renset med backup
:mozilla.10:C:\Documents and Settings\The champ\Application Data\Mozilla\Firefox\Profiles\v3ryvorx.default\cookies.txt -> TrackingCookie.Yieldmanager : Renset med backup
:mozilla.11:C:\Documents and Settings\The champ\Application Data\Mozilla\Firefox\Profiles\v3ryvorx.default\cookies.txt -> TrackingCookie.Yieldmanager : Renset med backup
:mozilla.12:C:\Documents and Settings\The champ\Application Data\Mozilla\Firefox\Profiles\v3ryvorx.default\cookies.txt -> TrackingCookie.Yieldmanager : Renset med backup
:mozilla.13:C:\Documents and Settings\The champ\Application Data\Mozilla\Firefox\Profiles\v3ryvorx.default\cookies.txt -> TrackingCookie.Yieldmanager : Renset med backup
:mozilla.14:C:\Documents and Settings\The champ\Application Data\Mozilla\Firefox\Profiles\v3ryvorx.default\cookies.txt -> TrackingCookie.Yieldmanager : Renset med backup
:mozilla.15:C:\Documents and Settings\The champ\Application Data\Mozilla\Firefox\Profiles\v3ryvorx.default\cookies.txt -> TrackingCookie.Yieldmanager : Renset med backup
:mozilla.16:C:\Documents and Settings\The champ\Application Data\Mozilla\Firefox\Profiles\v3ryvorx.default\cookies.txt -> TrackingCookie.Yieldmanager : Renset med backup
:mozilla.17:C:\Documents and Settings\The champ\Application Data\Mozilla\Firefox\Profiles\v3ryvorx.default\cookies.txt -> TrackingCookie.Yieldmanager : Renset med backup
:mozilla.18:C:\Documents and Settings\The champ\Application Data\Mozilla\Firefox\Profiles\v3ryvorx.default\cookies.txt -> TrackingCookie.Yieldmanager : Renset med backup
:mozilla.19:C:\Documents and Settings\The champ\Application Data\Mozilla\Firefox\Profiles\v3ryvorx.default\cookies.txt -> TrackingCookie.Yieldmanager : Renset med backup
:mozilla.21:C:\Documents and Settings\The champ\Application Data\Mozilla\Firefox\Profiles\v3ryvorx.default\cookies.txt -> TrackingCookie.Mediaplex : Renset med backup
:mozilla.22:C:\Documents and Settings\The champ\Application Data\Mozilla\Firefox\Profiles\v3ryvorx.default\cookies.txt -> TrackingCookie.Adtech : Renset med backup
:mozilla.23:C:\Documents and Settings\The champ\Application Data\Mozilla\Firefox\Profiles\v3ryvorx.default\cookies.txt -> TrackingCookie.Adtech : Renset med backup
:mozilla.45:C:\Documents and Settings\The champ\Application Data\Mozilla\Firefox\Profiles\v3ryvorx.default\cookies.txt -> TrackingCookie.Paypopup : Renset med backup
:mozilla.50:C:\Documents and Settings\The champ\Application Data\Mozilla\Firefox\Profiles\v3ryvorx.default\cookies.txt -> TrackingCookie.Sitestat : Renset med backup
:mozilla.51:C:\Documents and Settings\The champ\Application Data\Mozilla\Firefox\Profiles\v3ryvorx.default\cookies.txt -> TrackingCookie.Sitestat : Renset med backup
:mozilla.52:C:\Documents and Settings\The champ\Application Data\Mozilla\Firefox\Profiles\v3ryvorx.default\cookies.txt -> TrackingCookie.Sitestat : Renset med backup
:mozilla.53:C:\Documents and Settings\The champ\Application Data\Mozilla\Firefox\Profiles\v3ryvorx.default\cookies.txt -> TrackingCookie.Popuptraffic : Renset med backup
:mozilla.54:C:\Documents and Settings\The champ\Application Data\Mozilla\Firefox\Profiles\v3ryvorx.default\cookies.txt -> TrackingCookie.Popuptraffic : Renset med backup
:mozilla.57:C:\Documents and Settings\The champ\Application Data\Mozilla\Firefox\Profiles\v3ryvorx.default\cookies.txt -> TrackingCookie.Reliablestats : Renset med backup
:mozilla.58:C:\Documents and Settings\The champ\Application Data\Mozilla\Firefox\Profiles\v3ryvorx.default\cookies.txt -> TrackingCookie.Reliablestats : Renset med backup
:mozilla.59:C:\Documents and Settings\The champ\Application Data\Mozilla\Firefox\Profiles\v3ryvorx.default\cookies.txt -> TrackingCookie.Reliablestats : Renset med backup
:mozilla.60:C:\Documents and Settings\The champ\Application Data\Mozilla\Firefox\Profiles\v3ryvorx.default\cookies.txt -> TrackingCookie.Reliablestats : Renset med backup
:mozilla.61:C:\Documents and Settings\The champ\Application Data\Mozilla\Firefox\Profiles\v3ryvorx.default\cookies.txt -> TrackingCookie.Reliablestats : Renset med backup
:mozilla.62:C:\Documents and Settings\The champ\Application Data\Mozilla\Firefox\Profiles\v3ryvorx.default\cookies.txt -> TrackingCookie.Reliablestats : Renset med backup
:mozilla.63:C:\Documents and Settings\The champ\Application Data\Mozilla\Firefox\Profiles\v3ryvorx.default\cookies.txt -> TrackingCookie.Reliablestats : Renset med backup
:mozilla.64:C:\Documents and Settings\The champ\Application Data\Mozilla\Firefox\Profiles\v3ryvorx.default\cookies.txt -> TrackingCookie.Reliablestats : Renset med backup
:mozilla.65:C:\Documents and Settings\The champ\Application Data\Mozilla\Firefox\Profiles\v3ryvorx.default\cookies.txt -> TrackingCookie.Realtracker : Renset med backup
:mozilla.66:C:\Documents and Settings\The champ\Application Data\Mozilla\Firefox\Profiles\v3ryvorx.default\cookies.txt -> TrackingCookie.Realtracker : Renset med backup
:mozilla.73:C:\Documents and Settings\The champ\Application Data\Mozilla\Firefox\Profiles\v3ryvorx.default\cookies.txt -> TrackingCookie.Top-banners : Renset med backup
:mozilla.85:C:\Documents and Settings\The champ\Application Data\Mozilla\Firefox\Profiles\v3ryvorx.default\cookies.txt -> TrackingCookie.Adtrak : Renset med backup
:mozilla.91:C:\Documents and Settings\The champ\Application Data\Mozilla\Firefox\Profiles\v3ryvorx.default\cookies.txt -> TrackingCookie.Casalemedia : Renset med backup
:mozilla.92:C:\Documents and Settings\The champ\Application Data\Mozilla\Firefox\Profiles\v3ryvorx.default\cookies.txt -> TrackingCookie.Casalemedia : Renset med backup
:mozilla.93:C:\Documents and Settings\The champ\Application Data\Mozilla\Firefox\Profiles\v3ryvorx.default\cookies.txt -> TrackingCookie.Trafficmp : Renset med backup
:mozilla.94:C:\Documents and Settings\The champ\Application Data\Mozilla\Firefox\Profiles\v3ryvorx.default\cookies.txt -> TrackingCookie.Trafficmp : Renset med backup
:mozilla.95:C:\Documents and Settings\The champ\Application Data\Mozilla\Firefox\Profiles\v3ryvorx.default\cookies.txt -> TrackingCookie.Trafficmp : Renset med backup
:mozilla.96:C:\Documents and Settings\The champ\Application Data\Mozilla\Firefox\Profiles\v3ryvorx.default\cookies.txt -> TrackingCookie.Trafficmp : Renset med backup
:mozilla.97:C:\Documents and Settings\The champ\Application Data\Mozilla\Firefox\Profiles\v3ryvorx.default\cookies.txt -> TrackingCookie.Trafficmp : Renset med backup
:mozilla.98:C:\Documents and Settings\The champ\Application Data\Mozilla\Firefox\Profiles\v3ryvorx.default\cookies.txt -> TrackingCookie.Trafficmp : Renset med backup
:mozilla.99:C:\Documents and Settings\The champ\Application Data\Mozilla\Firefox\Profiles\v3ryvorx.default\cookies.txt -> TrackingCookie.Trafficmp : Renset med backup
:mozilla.101:C:\Documents and Settings\The champ\Application Data\Mozilla\Firefox\Profiles\v3ryvorx.default\cookies.txt -> TrackingCookie.Com : Renset med backup
:mozilla.102:C:\Documents and Settings\The champ\Application Data\Mozilla\Firefox\Profiles\v3ryvorx.default\cookies.txt -> TrackingCookie.Com : Renset med backup
:mozilla.104:C:\Documents and Settings\The champ\Application Data\Mozilla\Firefox\Profiles\v3ryvorx.default\cookies.txt -> TrackingCookie.Epilot : Renset med backup
:mozilla.105:C:\Documents and Settings\The champ\Application Data\Mozilla\Firefox\Profiles\v3ryvorx.default\cookies.txt -> TrackingCookie.Advertising : Renset med backup
:mozilla.106:C:\Documents and Settings\The champ\Application Data\Mozilla\Firefox\Profiles\v3ryvorx.default\cookies.txt -> TrackingCookie.Advertising : Renset med backup
:mozilla.107:C:\Documents and Settings\The champ\Application Data\Mozilla\Firefox\Profiles\v3ryvorx.default\cookies.txt -> TrackingCookie.Advertising : Renset med backup
:mozilla.130:C:\Documents and Settings\The champ\Application Data\Mozilla\Firefox\Profiles\v3ryvorx.default\cookies.txt -> TrackingCookie.Bfast : Renset med backup
:mozilla.146:C:\Documents and Settings\The champ\Application Data\Mozilla\Firefox\Profiles\v3ryvorx.default\cookies.txt -> TrackingCookie.2o7 : Renset med backup
:mozilla.156:C:\Documents and Settings\The champ\Application Data\Mozilla\Firefox\Profiles\v3ryvorx.default\cookies.txt -> TrackingCookie.Atdmt : Renset med backup
:mozilla.157:C:\Documents and Settings\The champ\Application Data\Mozilla\Firefox\Profiles\v3ryvorx.default\cookies.txt -> TrackingCookie.Webtrendslive : Renset med backup
:mozilla.158:C:\Documents and Settings\The champ\Application Data\Mozilla\Firefox\Profiles\v3ryvorx.default\cookies.txt -> TrackingCookie.Webtrendslive : Renset med backup
:mozilla.159:C:\Documents and Settings\The champ\Application Data\Mozilla\Firefox\Profiles\v3ryvorx.default\cookies.txt -> TrackingCookie.Webtrendslive : Renset med backup
:mozilla.160:C:\Documents and Settings\The champ\Application Data\Mozilla\Firefox\Profiles\v3ryvorx.default\cookies.txt -> TrackingCookie.Revenue : Renset med backup
:mozilla.161:C:\Documents and Settings\The champ\Application Data\Mozilla\Firefox\Profiles\v3ryvorx.default\cookies.txt -> TrackingCookie.Revenue : Renset med backup
:mozilla.162:C:\Documents and Settings\The champ\Application Data\Mozilla\Firefox\Profiles\v3ryvorx.default\cookies.txt -> TrackingCookie.Revenue : Renset med backup
:mozilla.203:C:\Documents and Settings\The champ\Application Data\Mozilla\Firefox\Profiles\v3ryvorx.default\cookies.txt -> TrackingCookie.Serving-sys : Renset med backup
:mozilla.204:C:\Documents and Settings\The champ\Application Data\Mozilla\Firefox\Profiles\v3ryvorx.default\cookies.txt -> TrackingCookie.Serving-sys : Renset med backup
:mozilla.205:C:\Documents and Settings\The champ\Application Data\Mozilla\Firefox\Profiles\v3ryvorx.default\cookies.txt -> TrackingCookie.Serving-sys : Renset med backup
:mozilla.206:C:\Documents and Settings\The champ\Application Data\Mozilla\Firefox\Profiles\v3ryvorx.default\cookies.txt -> TrackingCookie.Serving-sys : Renset med backup
:mozilla.212:C:\Documents and Settings\The champ\Application Data\Mozilla\Firefox\Profiles\v3ryvorx.default\cookies.txt -> TrackingCookie.Tribalfusion : Renset med backup
:mozilla.221:C:\Documents and Settings\The champ\Application Data\Mozilla\Firefox\Profiles\v3ryvorx.default\cookies.txt -> TrackingCookie.Linkbuddies : Renset med backup
:mozilla.225:C:\Documents and Settings\The champ\Application Data\Mozilla\Firefox\Profiles\v3ryvorx.default\cookies.txt -> TrackingCookie.Tradedoubler : Renset med backup
:mozilla.226:C:\Documents and Settings\The champ\Application Data\Mozilla\Firefox\Profiles\v3ryvorx.default\cookies.txt -> TrackingCookie.Tradedoubler : Renset med backup
:mozilla.227:C:\Documents and Settings\The champ\Application Data\Mozilla\Firefox\Profiles\v3ryvorx.default\cookies.txt -> TrackingCookie.Tradedoubler : Renset med backup
:mozilla.229:C:\Documents and Settings\The champ\Application Data\Mozilla\Firefox\Profiles\v3ryvorx.default\cookies.txt -> TrackingCookie.Tacoda : Renset med backup
:mozilla.230:C:\Documents and Settings\The champ\Application Data\Mozilla\Firefox\Profiles\v3ryvorx.default\cookies.txt -> TrackingCookie.Tacoda : Renset med backup
:mozilla.231:C:\Documents and Settings\The champ\Application Data\Mozilla\Firefox\Profiles\v3ryvorx.default\cookies.txt -> TrackingCookie.Tacoda : Renset med backup
:mozilla.232:C:\Documents and Settings\The champ\Application Data\Mozilla\Firefox\Profiles\v3ryvorx.default\cookies.txt -> TrackingCookie.Tacoda : Renset med backup
:mozilla.248:C:\Documents and Settings\The champ\Application Data\Mozilla\Firefox\Profiles\v3ryvorx.default\cookies.txt -> TrackingCookie.Clickbank : Renset med backup
:mozilla.250:C:\Documents and Settings\The champ\Application Data\Mozilla\Firefox\Profiles\v3ryvorx.default\cookies.txt -> TrackingCookie.Epilot : Renset med backup
:mozilla.251:C:\Documents and Settings\The champ\Application Data\Mozilla\Firefox\Profiles\v3ryvorx.default\cookies.txt -> TrackingCookie.2o7 : Renset med backup
:mozilla.252:C:\Documents and Settings\The champ\Application Data\Mozilla\Firefox\Profiles\v3ryvorx.default\cookies.txt -> TrackingCookie.2o7 : Renset med backup
:mozilla.255:C:\Documents and Settings\The champ\Application Data\Mozilla\Firefox\Profiles\v3ryvorx.default\cookies.txt -> TrackingCookie.Searchingbooth : Renset med backup
:mozilla.273:C:\Documents and Settings\The champ\Application Data\Mozilla\Firefox\Profiles\v3ryvorx.default\cookies.txt -> TrackingCookie.Doubleclick : Renset med backup
:mozilla.274:C:\Documents and Settings\The champ\Application Data\Mozilla\Firefox\Profiles\v3ryvorx.default\cookies.txt -> TrackingCookie.Fastclick : Renset med backup
:mozilla.275:C:\Documents and Settings\The champ\Application Data\Mozilla\Firefox\Profiles\v3ryvorx.default\cookies.txt -> TrackingCookie.Fastclick : Renset med backup
:mozilla.276:C:\Documents and Settings\The champ\Application Data\Mozilla\Firefox\Profiles\v3ryvorx.default\cookies.txt -> TrackingCookie.Fastclick : Renset med backup
:mozilla.277:C:\Documents and Settings\The champ\Application Data\Mozilla\Firefox\Profiles\v3ryvorx.default\cookies.txt -> TrackingCookie.Fastclick : Renset med backup
:mozilla.279:C:\Documents and Settings\The champ\Application Data\Mozilla\Firefox\Profiles\v3ryvorx.default\cookies.txt -> TrackingCookie.Revenue : Renset med backup
:mozilla.280:C:\Documents and Settings\The champ\Application Data\Mozilla\Firefox\Profiles\v3ryvorx.default\cookies.txt -> TrackingCookie.Revenue : Renset med backup
:mozilla.281:C:\Documents and Settings\The champ\Application Data\Mozilla\Firefox\Profiles\v3ryvorx.default\cookies.txt -> TrackingCookie.Revenue : Renset med backup
:mozilla.282:C:\Documents and Settings\The champ\Application Data\Mozilla\Firefox\Profiles\v3ryvorx.default\cookies.txt -> TrackingCookie.Revenue : Renset med backup
:mozilla.283:C:\Documents and Settings\The champ\Application Data\Mozilla\Firefox\Profiles\v3ryvorx.default\cookies.txt -> TrackingCookie.Revenue : Renset med backup
:mozilla.284:C:\Documents and Settings\The champ\Application Data\Mozilla\Firefox\Profiles\v3ryvorx.default\cookies.txt -> TrackingCookie.Revenue : Renset med backup
:mozilla.288:C:\Documents and Settings\The champ\Application Data\Mozilla\Firefox\Profiles\v3ryvorx.default\cookies.txt -> TrackingCookie.Paypopup : Renset med backup
:mozilla.289:C:\Documents and Settings\The champ\Application Data\Mozilla\Firefox\Profiles\v3ryvorx.default\cookies.txt -> TrackingCookie.Paypopup : Renset med backup
:mozilla.290:C:\Documents and Settings\The champ\Application Data\Mozilla\Firefox\Profiles\v3ryvorx.default\cookies.txt -> TrackingCookie.Paypopup : Renset med backup
:mozilla.291:C:\Documents and Settings\The champ\Application Data\Mozilla\Firefox\Profiles\v3ryvorx.default\cookies.txt -> TrackingCookie.Paypopup : Renset med backup
:mozilla.292:C:\Documents and Settings\The champ\Application Data\Mozilla\Firefox\Profiles\v3ryvorx.default\cookies.txt -> TrackingCookie.Paypopup : Renset med backup
:mozilla.293:C:\Documents and Settings\The champ\Application Data\Mozilla\Firefox\Profiles\v3ryvorx.default\cookies.txt -> TrackingCookie.Paypopup : Renset med backup
:mozilla.294:C:\Documents and Settings\The champ\Application Data\Mozilla\Firefox\Profiles\v3ryvorx.default\cookies.txt -> TrackingCookie.Paypopup : Renset med backup
:mozilla.295:C:\Documents and Settings\The champ\Application Data\Mozilla\Firefox\Profiles\v3ryvorx.default\cookies.txt -> TrackingCookie.Paypopup : Renset med backup
:mozilla.296:C:\Documents and Settings\The champ\Application Data\Mozilla\Firefox\Profiles\v3ryvorx.default\cookies.txt -> TrackingCookie.Paypopup : Renset med backup
:mozilla.297:C:\Documents and Settings\The champ\Application Data\Mozilla\Firefox\Profiles\v3ryvorx.default\cookies.txt -> TrackingCookie.Paypopup : Renset med backup
:mozilla.298:C:\Documents and Settings\The champ\Application Data\Mozilla\Firefox\Profiles\v3ryvorx.default\cookies.txt -> TrackingCookie.Paypopup : Renset med backup
:mozilla.299:C:\Documents and Settings\The champ\Application Data\Mozilla\Firefox\Profiles\v3ryvorx.default\cookies.txt -> TrackingCookie.Paypopup : Renset med backup
:mozilla.300:C:\Documents and Settings\The champ\Application Data\Mozilla\Firefox\Profiles\v3ryvorx.default\cookies.txt -> TrackingCookie.Paypopup : Renset med backup
:mozilla.301:C:\Documents and Settings\The champ\Application Data\Mozilla\Firefox\Profiles\v3ryvorx.default\cookies.txt -> TrackingCookie.Paypopup : Renset med backup
:mozilla.302:C:\Documents and Settings\The champ\Application Data\Mozilla\Firefox\Profiles\v3ryvorx.default\cookies.txt -> TrackingCookie.Paypopup : Renset med backup
:mozilla.303:C:\Documents and Settings\The champ\Application Data\Mozilla\Firefox\Profiles\v3ryvorx.default\cookies.txt -> TrackingCookie.Paypopup : Renset med backup
:mozilla.304:C:\Documents and Settings\The champ\Application Data\Mozilla\Firefox\Profiles\v3ryvorx.default\cookies.txt -> TrackingCookie.Paypopup : Renset med backup
:mozilla.305:C:\Documents and Settings\The champ\Application Data\Mozilla\Firefox\Profiles\v3ryvorx.default\cookies.txt -> TrackingCookie.Paypopup : Renset med backup
:mozilla.306:C:\Documents and Settings\The champ\Application Data\Mozilla\Firefox\Profiles\v3ryvorx.default\cookies.txt -> TrackingCookie.Paypopup : Renset med backup
C:\Documents and Settings\The champ\Cookies\the champ@banners.searchingbooth[1].txt -> TrackingCookie.Searchingbooth : Renset med backup
C:\Documents and Settings\The champ\Cookies\the champ@doubleclick[1].txt -> TrackingCookie.Doubleclick : Renset med backup
C:\Documents and Settings\The champ\Cookies\the champ@media.top-banners[1].txt -> TrackingCookie.Top-banners : Renset med backup
C:\Documents and Settings\The champ\Cookies\the champ@revenue[2].txt -> TrackingCookie.Revenue : Renset med backup
C:\Documents and Settings\The champ\Lokale indstillinger\Temp\Cookies\the champ@clickbank[2].txt -> TrackingCookie.Clickbank : Renset med backup
C:\Documents and Settings\The champ\Lokale indstillinger\Temp\ICD1.tmp\UERSK_0001_N68M2202NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.d : Renset med backup
C:\Documents and Settings\The champ\Lokale indstillinger\Temp\tmp0000f220 -> Downloader.ConHook.y : Renset med backup
C:\Documents and Settings\The champ\Lokale indstillinger\Temp\tmp000113c1 -> Downloader.ConHook.y : Renset med backup
C:\Documents and Settings\The champ\Lokale indstillinger\Temp\tmp00011d95 -> Downloader.ConHook.y : Renset med backup
C:\Documents and Settings\The champ\Lokale indstillinger\Temp\tmp00014292 -> Downloader.ConHook.y : Renset med backup
C:\Documents and Settings\The champ\Lokale indstillinger\Temp\tmp0001491a -> Downloader.ConHook.y : Renset med backup
C:\Documents and Settings\The champ\Lokale indstillinger\Temp\tmp000166c3 -> Downloader.ConHook.y : Renset med backup
C:\Documents and Settings\The champ\Lokale indstillinger\Temp\tmp000199ab -> Downloader.ConHook.y : Renset med backup
C:\Documents and Settings\The champ\Lokale indstillinger\Temp\tmp0002483a -> Downloader.ConHook.y : Renset med backup
C:\Documents and Settings\The champ\Lokale indstillinger\Temp\tmp00024feb -> Downloader.ConHook.y : Renset med backup
C:\Documents and Settings\The champ\Lokale indstillinger\Temp\tmp00117339 -> Downloader.ConHook.y : Renset med backup
C:\Documents and Settings\The champ\Lokale indstillinger\Temp\tmp00826c6d -> Downloader.ConHook.y : Renset med backup
C:\Installer.exe -> Adware.Look2Me : Renset med backup
C:\MTE3NDI6ODoxNg.exe -> Downloader.Small.buy : Renset med backup
C:\newname.exe -> Downloader.VB.yo : Renset med backup
C:\Programmer\Fælles filer\InetGet\mc-110-12-0000228.exe -> Dropper.Agent.aac : Renset med backup
C:\Programmer\Fælles filer\urrk\urrka.exe -> Downloader.TSUpdate.l : Renset med backup
C:\Programmer\Fælles filer\urrk\urrkl.exe -> Downloader.TSUpdate.p : Renset med backup
C:\Programmer\Fælles filer\urrk\urrkm.exe -> Downloader.TSUpdate.n : Renset med backup
C:\Programmer\Fælles filer\urrk\urrkp.exe -> Downloader.TSUpdate.f : Renset med backup
C:\Programmer\Fælles filer\Windows\mc-110-12-0000228.exe -> Dropper.Agent.aac : Renset med backup
C:\Programmer\Fælles filer\Windows\services32.exe -> Adware.Maxifiles : Renset med backup
C:\RECYCLER\S-1-5-21-1417001333-1580818891-725345543-1004\Dc11.exe -> Hijacker.VB.li : Renset med backup
C:\RECYCLER\S-1-5-21-1417001333-1580818891-725345543-1004\Dc12.exe -> Hijacker.VB.li : Renset med backup
C:\RECYCLER\S-1-5-21-1417001333-1580818891-725345543-1004\Dc4.exe/UCMTSAIE.DLL -> Adware.Ucmore : Renset med backup
C:\RECYCLER\S-1-5-21-1417001333-1580818891-725345543-1004\Dc4.exe/IUCMORE.DLL -> Adware.Ucmore : Renset med backup
C:\RECYCLER\S-1-5-21-1417001333-1580818891-725345543-1004\Dc5.exe/whAgent.exe -> Adware.WebHancer : Renset med backup
C:\RECYCLER\S-1-5-21-1417001333-1580818891-725345543-1004\Dc6.exe -> Downloader.VB.xu : Renset med backup
C:\RECYCLER\S-1-5-21-1417001333-1580818891-725345543-1004\Dc7.exe -> Downloader.VB.ya : Renset med backup
C:\RECYCLER\S-1-5-21-1417001333-1580818891-725345543-1004\Dc8.exe -> Downloader.VB.yn : Renset med backup
C:\RECYCLER\S-1-5-21-1417001333-1580818891-725345543-1004\Dc9.exe -> Downloader.VB.xv : Renset med backup
C:\stub_113_4_0_4_0.exe -> Downloader.TSUpdate.o : Renset med backup
C:\WINDOWS\DH.dll -> Hijacker.Small.jf : Renset med backup
C:\WINDOWS\Downloaded Program Files\MediaGatewayX.dll -> Adware.WinAD : Renset med backup
C:\WINDOWS\Downloaded Program Files\UERSK_0001_N68M2202NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.d : Renset med backup
C:\WINDOWS\icont.exe -> Adware.AdURL : Renset med backup
C:\WINDOWS\iconu.exe -> Adware.Zestyfind : Renset med backup
C:\WINDOWS\newfrn.exe -> Hijacker.VB.is : Renset med backup
C:\WINDOWS\system32\ad.html -> Hijacker.Agent.e : Renset med backup
C:\WINDOWS\system32\awvtq.dll -> Downloader.ConHook.y : Renset med backup
C:\WINDOWS\system32\awvvt.dll -> Downloader.ConHook.y : Renset med backup
C:\WINDOWS\system32\config\systemprofile\Lokale indstillinger\Temporary Internet Files\Content.IE5\056J8HYR\drsmartload[1].exe -> Downloader.Adload.u : Renset med backup
C:\WINDOWS\system32\config\systemprofile\Lokale indstillinger\Temporary Internet Files\Content.IE5\056J8HYR\stub_113_4_0_4_0[1].exe -> Downloader.TSUpdate.o : Renset med backup
C:\WINDOWS\system32\config\systemprofile\Lokale indstillinger\Temporary Internet Files\Content.IE5\4XIZK5E3\drdata[1].avi -> Dropper.Agent.aac : Renset med backup
C:\WINDOWS\system32\config\systemprofile\Lokale indstillinger\Temporary Internet Files\Content.IE5\4XIZK5E3\ucmoreiex[1].exe/UCMTSAIE.DLL -> Adware.Ucmore : Renset med backup
C:\WINDOWS\system32\config\systemprofile\Lokale indstillinger\Temporary Internet Files\Content.IE5\4XIZK5E3\ucmoreiex[1].exe/IUCMORE.DLL -> Adware.Ucmore : Renset med backup
C:\WINDOWS\system32\config\systemprofile\Lokale indstillinger\Temporary Internet Files\Content.IE5\85YV0XY3\gimmysmileys[1].exe -> Downloader.VB.xu : Renset med backup
C:\WINDOWS\system32\config\systemprofile\Lokale indstillinger\Temporary Internet Files\Content.IE5\85YV0XY3\keyboard[1].exe -> Downloader.VB.xv : Renset med backup
C:\WINDOWS\system32\config\systemprofile\Lokale indstillinger\Temporary Internet Files\Content.IE5\85YV0XY3\MTE3NDI6ODoxNg[1].exe -> Downloader.Small.buy : Renset med backup
C:\WINDOWS\system32\config\systemprofile\Lokale indstillinger\Temporary Internet Files\Content.IE5\K9MVKDIZ\Installer[1].exe -> Adware.Look2Me : Renset med backup
C:\WINDOWS\system32\config\systemprofile\Lokale indstillinger\Temporary Internet Files\Content.IE5\K9MVKDIZ\mousepad[1].exe -> Hijacker.VB.li : Renset med backup
C:\WINDOWS\system32\cx32.exe/rm32.dll -> Downloader.ConHook.y : Renset med backup
C:\WINDOWS\system32\cx32.exe/dr32.exe -> Downloader.VB.vz : Renset med backup
C:\WINDOWS\system32\ddabb.dll -> Downloader.ConHook.y : Renset med backup
C:\WINDOWS\system32\ddccc.dll -> Downloader.ConHook.y : Renset med backup
C:\WINDOWS\system32\dn4801hue.dll -> Adware.Look2Me : Renset med backup
C:\WINDOWS\system32\dr32.exe -> Downloader.VB.vz : Renset med backup
C:\WINDOWS\system32\dxmsrpcn.dll -> Adware.Look2Me : Renset med backup
C:\WINDOWS\system32\en06l1ds1.dll -> Adware.Look2Me : Renset med backup
C:\WINDOWS\system32\en0ol1d31.dll -> Adware.Look2Me : Renset med backup
C:\WINDOWS\system32\EnnClass.Dll -> Adware.Look2Me : Renset med backup
C:\WINDOWS\system32\enpul1791.dll -> Adware.Look2Me : Renset med backup
C:\WINDOWS\system32\gebyw.dll -> Downloader.ConHook.y : Renset med backup
C:\WINDOWS\system32\geeby.dll -> Downloader.ConHook.y : Renset med backup
C:\WINDOWS\system32\guard.tmp -> Adware.Look2Me : Renset med backup
C:\WINDOWS\system32\h62o0gf3e62.dll -> Adware.Look2Me : Renset med backup
C:\WINDOWS\system32\hcpu0579e.dll -> Adware.Look2Me : Renset med backup
C:\WINDOWS\system32\hmrq0595e.dll -> Adware.Look2Me : Renset med backup
C:\WINDOWS\system32\hrpu0579e.dll -> Adware.Look2Me : Renset med backup
C:\WINDOWS\system32\hrrq0595e.dll -> Adware.Look2Me : Renset med backup
C:\WINDOWS\system32\ieagehlp.dll -> Adware.Look2Me : Renset med backup
C:\WINDOWS\system32\ilsutil.dll -> Adware.Look2Me : Renset med backup
C:\WINDOWS\system32\irpul5791.dll -> Adware.Look2Me : Renset med backup
C:\WINDOWS\system32\irr2l59o1.dll -> Adware.Look2Me : Renset med backup
C:\WINDOWS\system32\ismpagnt.dll -> Adware.Look2Me : Renset med backup
C:\WINDOWS\system32\j2j6lc1s1f.dll -> Adware.Look2Me : Renset med backup
C:\WINDOWS\system32\j60slgd7160.dll -> Adware.Look2Me : Renset med backup
C:\WINDOWS\system32\jdaw400.dll -> Adware.Look2Me : Renset med backup
C:\WINDOWS\system32\jkhhg.dll -> Downloader.ConHook.y : Renset med backup
C:\WINDOWS\system32\k0js0a17ed.dll -> Adware.Look2Me : Renset med backup
C:\WINDOWS\system32\ktj2l71o1.dll -> Adware.Look2Me : Renset med backup
C:\WINDOWS\system32\lv6009jme.dll -> Adware.Look2Me : Renset med backup
C:\WINDOWS\system32\lv8609lse.dll -> Adware.Look2Me : Renset med backup
C:\WINDOWS\system32\lvr2099oe.dll -> Adware.Look2Me : Renset med backup
C:\WINDOWS\system32\m6po0g73e6.dll -> Adware.Look2Me : Renset med backup
C:\WINDOWS\system32\m846lihs1846.dll -> Adware.Look2Me : Renset med backup
C:\WINDOWS\system32\mvn4l95q1.dll -> Adware.Look2Me : Renset med backup
C:\WINDOWS\system32\mvn6l95s1.dll -> Adware.Look2Me : Renset med backup
C:\WINDOWS\system32\n08o0al3edq.dll -> Adware.Look2Me : Renset med backup
C:\WINDOWS\system32\nyth.dll -> Adware.Look2Me : Renset med backup
C:\WINDOWS\system32\o0pqla751d.dll -> Adware.Look2Me : Renset med backup
C:\WINDOWS\system32\o2660cjsefo60.dll -> Adware.Look2Me : Renset med backup
C:\WINDOWS\system32\o2nslc571f.dll -> Adware.Look2Me : Renset med backup
C:\WINDOWS\system32\pmkjh.dll -> Downloader.ConHook.y : Renset med backup
C:\WINDOWS\system32\pOnmap.dll -> Adware.Look2Me : Renset med backup
C:\WINDOWS\system32\q8nu0i59e8.dll -> Adware.Look2Me : Renset med backup
C:\WINDOWS\system32\r0p80a7ued.dll -> Adware.Look2Me : Renset med backup
C:\WINDOWS\system32\r68s0gl7e6q.dll -> Adware.Look2Me : Renset med backup
C:\WINDOWS\system32\rVschap.dll -> Adware.Look2Me : Renset med backup
C:\WINDOWS\system32\SDtrmHU.dll -> Adware.Look2Me : Renset med backup
C:\WINDOWS\system32\sjndmail.dll -> Adware.Look2Me : Renset med backup
C:\WINDOWS\system32\SLCplKO.dll -> Adware.Look2Me : Renset med backup
C:\WINDOWS\system32\snnceng.dll -> Adware.Look2Me : Renset med backup
C:\WINDOWS\system32\sstqo.dll -> Downloader.ConHook.y : Renset med backup
C:\WINDOWS\system32\sstqq.dll -> Downloader.ConHook.y : Renset med backup
C:\WINDOWS\system32\ssttr.dll -> Downloader.ConHook.y : Renset med backup
C:\WINDOWS\system32\tcsvc.dll -> Backdoor.Agent.vc : Renset med backup
C:\WINDOWS\system32\tUpisrv.dll -> Adware.Look2Me : Renset med backup
C:\WINDOWS\system32\vturs.dll -> Downloader.ConHook.y : Renset med backup
C:\WINDOWS\system32\vuajet32.dll -> Adware.Look2Me : Renset med backup
C:\WINDOWS\system32\wdnrnr.dll -> Adware.Look2Me : Renset med backup
C:\WINDOWS\system32\winpad.exe -> Backdoor.SdBot.aad : Renset med backup
C:\WINDOWS\system32\wpsapi32.dll -> Adware.Look2Me : Renset med backup
C:\WINDOWS\system32\wrcdlg.dll -> Adware.Look2Me : Renset med backup
C:\WINDOWS\system32\wxvcore.dll -> Adware.Look2Me : Renset med backup
C:\WINDOWS\system32\__delete_on_reboot__hwclock.exe -> Backdoor.Small.eo : Renset med backup
C:\WINDOWS\system32\__delete_on_reboot__krdcan.dll -> Adware.Look2Me : Renset med backup
C:\WINDOWS\Temp\bw2.com -> Adware.Zestyfind : Renset med backup
C:\WINDOWS\Temp\tmp000730b2 -> Downloader.ConHook.y : Renset med backup
C:\WINDOWS\TWlra2VsIE1vc2x1bmQ\__delete_on_reboot__asappsrv.dll -> Adware.CommAd : Renset med backup
C:\WINDOWS\wallpap.exe -> Hijacker.Agent.gp : Renset med backup
C:\WINDOWS\winpad.exe -> Backdoor.SdBot.aad : Renset med backup
C:\WINDOWS\__delete_on_reboot__mswinpad.exe -> Backdoor.SdBot.aad : Renset med backup

::Rapport slut

Look2Me-Destroyer V1.0.10

Scanning for infected files.....
Scan started at 15-03-2006 14:15:05

Infected! C:\WINDOWS\system32\kt0ol7d31.dll
Infected! C:\System Volume Information\_restore{CC2A1C96-014B-40AF-95DC-BC3CE542C0D6}\RP77\A0076641.dll
Infected! C:\System Volume Information\_restore{CC2A1C96-014B-40AF-95DC-BC3CE542C0D6}\RP77\A0077639.dll
Infected! C:\System Volume Information\_restore{CC2A1C96-014B-40AF-95DC-BC3CE542C0D6}\RP77\A0078641.dll
Infected! C:\System Volume Information\_restore{CC2A1C96-014B-40AF-95DC-BC3CE542C0D6}\RP78\A0079642.dll
Infected! C:\System Volume Information\_restore{CC2A1C96-014B-40AF-95DC-BC3CE542C0D6}\RP78\A0079654.dll
Infected! C:\System Volume Information\_restore{CC2A1C96-014B-40AF-95DC-BC3CE542C0D6}\RP78\A0079663.dll
Infected! C:\System Volume Information\_restore{CC2A1C96-014B-40AF-95DC-BC3CE542C0D6}\RP78\A0079672.dll
Infected! C:\System Volume Information\_restore{CC2A1C96-014B-40AF-95DC-BC3CE542C0D6}\RP78\A0082679.dll
Infected! C:\System Volume Information\_restore{CC2A1C96-014B-40AF-95DC-BC3CE542C0D6}\RP79\A0084687.dll
Infected! C:\System Volume Information\_restore{CC2A1C96-014B-40AF-95DC-BC3CE542C0D6}\RP79\A0085682.dll
Infected! C:\System Volume Information\_restore{CC2A1C96-014B-40AF-95DC-BC3CE542C0D6}\RP79\A0086682.dll
Infected! C:\System Volume Information\_restore{CC2A1C96-014B-40AF-95DC-BC3CE542C0D6}\RP79\A0087680.dll
Infected! C:\System Volume Information\_restore{CC2A1C96-014B-40AF-95DC-BC3CE542C0D6}\RP79\A0090682.dll
Infected! C:\System Volume Information\_restore{CC2A1C96-014B-40AF-95DC-BC3CE542C0D6}\RP80\A0090685.dll
Infected! C:\System Volume Information\_restore{CC2A1C96-014B-40AF-95DC-BC3CE542C0D6}\RP80\A0090694.dll
Infected! C:\System Volume Information\_restore{CC2A1C96-014B-40AF-95DC-BC3CE542C0D6}\RP81\A0091704.dll
Infected! C:\System Volume Information\_restore{CC2A1C96-014B-40AF-95DC-BC3CE542C0D6}\RP81\A0092713.dll
Infected! C:\System Volume Information\_restore{CC2A1C96-014B-40AF-95DC-BC3CE542C0D6}\RP82\A0094720.dll
Infected! C:\System Volume Information\_restore{CC2A1C96-014B-40AF-95DC-BC3CE542C0D6}\RP82\A0096721.dll
Infected! C:\System Volume Information\_restore{CC2A1C96-014B-40AF-95DC-BC3CE542C0D6}\RP82\A0098722.dll
Infected! C:\System Volume Information\_restore{CC2A1C96-014B-40AF-95DC-BC3CE542C0D6}\RP83\A0100721.dll
Infected! C:\System Volume Information\_restore{CC2A1C96-014B-40AF-95DC-BC3CE542C0D6}\RP83\A0100749.dll
Infected! C:\System Volume Information\_restore{CC2A1C96-014B-40AF-95DC-BC3CE542C0D6}\RP83\A0100780.dll
Infected! C:\System Volume Information\_restore{CC2A1C96-014B-40AF-95DC-BC3CE542C0D6}\RP83\A0100782.dll
Infected! C:\System Volume Information\_restore{CC2A1C96-014B-40AF-95DC-BC3CE542C0D6}\RP83\A0100783.dll
Infected! C:\System Volume Information\_restore{CC2A1C96-014B-40AF-95DC-BC3CE542C0D6}\RP83\A0100784.dll
Infected! C:\System Volume Information\_restore{CC2A1C96-014B-40AF-95DC-BC3CE542C0D6}\RP83\A0100786.dll
Infected! C:\System Volume Information\_restore{CC2A1C96-014B-40AF-95DC-BC3CE542C0D6}\RP83\A0100788.dll
Infected! C:\System Volume Information\_restore{CC2A1C96-014B-40AF-95DC-BC3CE542C0D6}\RP83\A0100789.dll
Infected! C:\System Volume Information\_restore{CC2A1C96-014B-40AF-95DC-BC3CE542C0D6}\RP83\A0100790.dll
Infected! C:\System Volume Information\_restore{CC2A1C96-014B-40AF-95DC-BC3CE542C0D6}\RP83\A0100791.dll
Infected! C:\System Volume Information\_restore{CC2A1C96-014B-40AF-95DC-BC3CE542C0D6}\RP83\A0100792.dll
Infected! C:\System Volume Information\_restore{CC2A1C96-014B-40AF-95DC-BC3CE542C0D6}\RP83\A0100793.dll
Infected! C:\System Volume Information\_restore{CC2A1C96-014B-40AF-95DC-BC3CE542C0D6}\RP83\A0100794.dll
Infected! C:\System Volume Information\_restore{CC2A1C96-014B-40AF-95DC-BC3CE542C0D6}\RP83\A0100795.dll
Infected! C:\System Volume Information\_restore{CC2A1C96-014B-40AF-95DC-BC3CE542C0D6}\RP83\A0100796.dll
Infected! C:\System Volume Information\_restore{CC2A1C96-014B-40AF-95DC-BC3CE542C0D6}\RP83\A0100797.dll
Infected! C:\System Volume Information\_restore{CC2A1C96-014B-40AF-95DC-BC3CE542C0D6}\RP83\A0100798.dll
Infected! C:\System Volume Information\_restore{CC2A1C96-014B-40AF-95DC-BC3CE542C0D6}\RP83\A0100799.dll
Infected! C:\System Volume Information\_restore{CC2A1C96-014B-40AF-95DC-BC3CE542C0D6}\RP83\A0100800.dll
Infected! C:\System Volume Information\_restore{CC2A1C96-014B-40AF-95DC-BC3CE542C0D6}\RP83\A0100802.dll
Infected! C:\System Volume Information\_restore{CC2A1C96-014B-40AF-95DC-BC3CE542C0D6}\RP83\A0100803.dll
Infected! C:\System Volume Information\_restore{CC2A1C96-014B-40AF-95DC-BC3CE542C0D6}\RP83\A0100804.dll
Infected! C:\System Volume Information\_restore{CC2A1C96-014B-40AF-95DC-BC3CE542C0D6}\RP83\A0100805.dll
Infected! C:\System Volume Information\_restore{CC2A1C96-014B-40AF-95DC-BC3CE542C0D6}\RP83\A0100806.dll
Infected! C:\System Volume Information\_restore{CC2A1C96-014B-40AF-95DC-BC3CE542C0D6}\RP83\A0100807.dll
Infected! C:\System Volume Information\_restore{CC2A1C96-014B-40AF-95DC-BC3CE542C0D6}\RP83\A0100808.dll
Infected! C:\System Volume Information\_restore{CC2A1C96-014B-40AF-95DC-BC3CE542C0D6}\RP83\A0100809.dll
Infected! C:\System Volume Information\_restore{CC2A1C96-014B-40AF-95DC-BC3CE542C0D6}\RP83\A0100810.dll
Infected! C:\System Volume Information\_restore{CC2A1C96-014B-40AF-95DC-BC3CE542C0D6}\RP83\A0100811.dll
Infected! C:\System Volume Information\_restore{CC2A1C96-014B-40AF-95DC-BC3CE542C0D6}\RP83\A0100812.dll
Infected! C:\System Volume Information\_restore{CC2A1C96-014B-40AF-95DC-BC3CE542C0D6}\RP83\A0100813.dll
Infected! C:\System Volume Information\_restore{CC2A1C96-014B-40AF-95DC-BC3CE542C0D6}\RP83\A0100814.dll
Infected! C:\System Volume Information\_restore{CC2A1C96-014B-40AF-95DC-BC3CE542C0D6}\RP83\A0100815.dll
Infected! C:\System Volume Information\_restore{CC2A1C96-014B-40AF-95DC-BC3CE542C0D6}\RP83\A0100817.dll
Infected! C:\System Volume Information\_restore{CC2A1C96-014B-40AF-95DC-BC3CE542C0D6}\RP83\A0100818.dll
Infected! C:\System Volume Information\_restore{CC2A1C96-014B-40AF-95DC-BC3CE542C0D6}\RP83\A0100819.dll
Infected! C:\System Volume Information\_restore{CC2A1C96-014B-40AF-95DC-BC3CE542C0D6}\RP83\A0100820.dll
Infected! C:\System Volume Information\_restore{CC2A1C96-014B-40AF-95DC-BC3CE542C0D6}\RP83\A0100821.dll
Infected! C:\System Volume Information\_restore{CC2A1C96-014B-40AF-95DC-BC3CE542C0D6}\RP83\A0100822.dll
Infected! C:\System Volume Information\_restore{CC2A1C96-014B-40AF-95DC-BC3CE542C0D6}\RP83\A0100823.dll
Infected! C:\System Volume Information\_restore{CC2A1C96-014B-40AF-95DC-BC3CE542C0D6}\RP83\A0100824.dll
Infected! C:\System Volume Information\_restore{CC2A1C96-014B-40AF-95DC-BC3CE542C0D6}\RP83\A0100825.dll
Infected! C:\System Volume Information\_restore{CC2A1C96-014B-40AF-95DC-BC3CE542C0D6}\RP83\A0100830.dll
Infected! C:\System Volume Information\_restore{CC2A1C96-014B-40AF-95DC-BC3CE542C0D6}\RP83\A0100832.dll
Infected! C:\System Volume Information\_restore{CC2A1C96-014B-40AF-95DC-BC3CE542C0D6}\RP83\A0100833.dll
Infected! C:\System Volume Information\_restore{CC2A1C96-014B-40AF-95DC-BC3CE542C0D6}\RP83\A0100835.dll
Infected! C:\System Volume Information\_restore{CC2A1C96-014B-40AF-95DC-BC3CE542C0D6}\RP83\A0100836.dll
Infected! C:\System Volume Information\_restore{CC2A1C96-014B-40AF-95DC-BC3CE542C0D6}\RP83\A0100838.dll
Infected! C:\System Volume Information\_restore{CC2A1C96-014B-40AF-95DC-BC3CE542C0D6}\RP83\A0100844.dll
Infected! C:\System Volume Information\_restore{CC2A1C96-014B-40AF-95DC-BC3CE542C0D6}\RP83\A0101853.dll
Infected! C:\WINDOWS\system32\dnjm0111e.dll
Infected! C:\WINDOWS\system32\kt0ol7d31.dll
Infected! C:\WINDOWS\system32\mvr2l99o1.dll
Infected! C:\WINDOWS\system32\__delete_on_reboot__mfisip.dll
Infected! C:\WINDOWS\system32\__delete_on_reboot__wpsapi32.dll
Infected! C:\WINDOWS\System32\guard.tmp

Attempting to delete infected files...

Attempting to delete: C:\WINDOWS\system32\kt0ol7d31.dll
C:\WINDOWS\system32\kt0ol7d31.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{CC2A1C96-014B-40AF-95DC-BC3CE542C0D6}\RP77\A0076641.dll
C:\System Volume Information\_restore{CC2A1C96-014B-40AF-95DC-BC3CE542C0D6}\RP77\A0076641.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{CC2A1C96-014B-40AF-95DC-BC3CE542C0D6}\RP77\A0077639.dll
C:\System Volume Information\_restore{CC2A1C96-014B-40AF-95DC-BC3CE542C0D6}\RP77\A0077639.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{CC2A1C96-014B-40AF-95DC-BC3CE542C0D6}\RP77\A0078641.dll
C:\System Volume Information\_restore{CC2A1C96-014B-40AF-95DC-BC3CE542C0D6}\RP77\A0078641.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{CC2A1C96-014B-40AF-95DC-BC3CE542C0D6}\RP78\A0079642.dll
C:\System Volume Information\_restore{CC2A1C96-014B-40AF-95DC-BC3CE542C0D6}\RP78\A0079642.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{CC2A1C96-014B-40AF-95DC-BC3CE542C0D6}\RP78\A0079654.dll
C:\System Volume Information\_restore{CC2A1C96-014B-40AF-95DC-BC3CE542C0D6}\RP78\A0079654.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{CC2A1C96-014B-40AF-95DC-BC3CE542C0D6}\RP78\A0079663.dll
C:\System Volume Information\_restore{CC2A1C96-014B-40AF-95DC-BC3CE542C0D6}\RP78\A0079663.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{CC2A1C96-014B-40AF-95DC-BC3CE542C0D6}\RP78\A0079672.dll
C:\System Volume Information\_restore{CC2A1C96-014B-40AF-95DC-BC3CE542C0D6}\RP78\A0079672.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{CC2A1C96-014B-40AF-95DC-BC3CE542C0D6}\RP78\A0082679.dll
C:\System Volume Information\_restore{CC2A1C96-014B-40AF-95DC-BC3CE542C0D6}\RP78\A0082679.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{CC2A1C96-014B-40AF-95DC-BC3CE542C0D6}\RP79\A0084687.dll
C:\System Volume Information\_restore{CC2A1C96-014B-40AF-95DC-BC3CE542C0D6}\RP79\A0084687.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{CC2A1C96-014B-40AF-95DC-BC3CE542C0D6}\RP79\A0085682.dll
C:\System Volume Information\_restore{CC2A1C96-014B-40AF-95DC-BC3CE542C0D6}\RP79\A0085682.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{CC2A1C96-014B-40AF-95DC-BC3CE542C0D6}\RP79\A0086682.dll
C:\System Volume Information\_restore{CC2A1C96-014B-40AF-95DC-BC3CE542C0D6}\RP79\A0086682.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{CC2A1C96-014B-40AF-95DC-BC3CE542C0D6}\RP79\A0087680.dll
C:\System Volume Information\_restore{CC2A1C96-014B-40AF-95DC-BC3CE542C0D6}\RP79\A0087680.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{CC2A1C96-014B-40AF-95DC-BC3CE542C0D6}\RP79\A0090682.dll
C:\System Volume Information\_restore{CC2A1C96-014B-40AF-95DC-BC3CE542C0D6}\RP79\A0090682.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{CC2A1C96-014B-40AF-95DC-BC3CE542C0D6}\RP80\A0090685.dll
C:\System Volume Information\_restore{CC2A1C96-014B-40AF-95DC-BC3CE542C0D6}\RP80\A0090685.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{CC2A1C96-014B-40AF-95DC-BC3CE542C0D6}\RP80\A0090694.dll
C:\System Volume Information\_restore{CC2A1C96-014B-40AF-95DC-BC3CE542C0D6}\RP80\A0090694.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{CC2A1C96-014B-40AF-95DC-BC3CE542C0D6}\RP81\A0091704.dll
C:\System Volume Information\_restore{CC2A1C96-014B-40AF-95DC-BC3CE542C0D6}\RP81\A0091704.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{CC2A1C96-014B-40AF-95DC-BC3CE542C0D6}\RP81\A0092713.dll
C:\System Volume Information\_restore{CC2A1C96-014B-40AF-95DC-BC3CE542C0D6}\RP81\A0092713.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{CC2A1C96-014B-40AF-95DC-BC3CE542C0D6}\RP82\A0094720.dll
C:\System Volume Information\_restore{CC2A1C96-014B-40AF-95DC-BC3CE542C0D6}\RP82\A0094720.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{CC2A1C96-014B-40AF-95DC-BC3CE542C0D6}\RP82\A0096721.dll
C:\System Volume Information\_restore{CC2A1C96-014B-40AF-95DC-BC3CE542C0D6}\RP82\A0096721.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{CC2A1C96-014B-40AF-95DC-BC3CE542C0D6}\RP82\A0098722.dll
C:\System Volume Information\_restore{CC2A1C96-014B-40AF-95DC-BC3CE542C0D6}\RP82\A0098722.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{CC2A1C96-014B-40AF-95DC-BC3CE542C0D6}\RP83\A0100721.dll
C:\System Volume Information\_restore{CC2A1C96-014B-40AF-95DC-BC3CE542C0D6}\RP83\A0100721.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{CC2A1C96-014B-40AF-95DC-BC3CE542C0D6}\RP83\A0100749.dll
C:\System Volume Information\_restore{CC2A1C96-014B-40AF-95DC-BC3CE542C0D6}\RP83\A0100749.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{CC2A1C96-014B-40AF-95DC-BC3CE542C0D6}\RP83\A0100780.dll
C:\System Volume Information\_restore{CC2A1C96-014B-40AF-95DC-BC3CE542C0D6}\RP83\A0100780.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{CC2A1C96-014B-40AF-95DC-BC3CE542C0D6}\RP83\A0100782.dll
C:\System Volume Information\_restore{CC2A1C96-014B-40AF-95DC-BC3CE542C0D6}\RP83\A0100782.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{CC2A1C96-014B-40AF-95DC-BC3CE542C0D6}\RP83\A0100783.dll
C:\System Volume Information\_restore{CC2A1C96-014B-40AF-95DC-BC3CE542C0D6}\RP83\A0100783.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{CC2A1C96-014B-40AF-95DC-BC3CE542C0D6}\RP83\A0100784.dll
C:\System Volume Information\_restore{CC2A1C96-014B-40AF-95DC-BC3CE542C0D6}\RP83\A0100784.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{CC2A1C96-014B-40AF-95DC-BC3CE542C0D6}\RP83\A0100786.dll
C:\System Volume Information\_restore{CC2A1C96-014B-40AF-95DC-BC3CE542C0D6}\RP83\A0100786.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{CC2A1C96-014B-40AF-95DC-BC3CE542C0D6}\RP83\A0100788.dll
C:\System Volume Information\_restore{CC2A1C96-014B-40AF-95DC-BC3CE542C0D6}\RP83\A0100788.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{CC2A1C96-014B-40AF-95DC-BC3CE542C0D6}\RP83\A0100789.dll
C:\System Volume Information\_restore{CC2A1C96-014B-40AF-95DC-BC3CE542C0D6}\RP83\A0100789.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{CC2A1C96-014B-40AF-95DC-BC3CE542C0D6}\RP83\A0100790.dll
C:\System Volume Information\_restore{CC2A1C96-014B-40AF-95DC-BC3CE542C0D6}\RP83\A0100790.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{CC2A1C96-014B-40AF-95DC-BC3CE542C0D6}\RP83\A0100791.dll
C:\System Volume Information\_restore{CC2A1C96-014B-40AF-95DC-BC3CE542C0D6}\RP83\A0100791.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{CC2A1C96-014B-40AF-95DC-BC3CE542C0D6}\RP83\A0100792.dll
C:\System Volume Information\_restore{CC2A1C96-014B-40AF-95DC-BC3CE542C0D6}\RP83\A0100792.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{CC2A1C96-014B-40AF-95DC-BC3CE542C0D6}\RP83\A0100793.dll
C:\System Volume Information\_restore{CC2A1C96-014B-40AF-95DC-BC3CE542C0D6}\RP83\A0100793.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{CC2A1C96-014B-40AF-95DC-BC3CE542C0D6}\RP83\A0100794.dll
C:\System Volume Information\_restore{CC2A1C96-014B-40AF-95DC-BC3CE542C0D6}\RP83\A0100794.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{CC2A1C96-014B-40AF-95DC-BC3CE542C0D6}\RP83\A0100795.dll
C:\System Volume Information\_restore{CC2A1C96-014B-40AF-95DC-BC3CE542C0D6}\RP83\A0100795.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{CC2A1C96-014B-40AF-95DC-BC3CE542C0D6}\RP83\A0100796.dll
C:\System Volume Information\_restore{CC2A1C96-014B-40AF-95DC-BC3CE542C0D6}\RP83\A0100796.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{CC2A1C96-014B-40AF-95DC-BC3CE542C0D6}\RP83\A0100797.dll
C:\System Volume Information\_restore{CC2A1C96-014B-40AF-95DC-BC3CE542C0D6}\RP83\A0100797.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{CC2A1C96-014B-40AF-95DC-BC3CE542C0D6}\RP83\A0100798.dll
C:\System Volume Information\_restore{CC2A1C96-014B-40AF-95DC-BC3CE542C0D6}\RP83\A0100798.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{CC2A1C96-014B-40AF-95DC-BC3CE542C0D6}\RP83\A0100799.dll
C:\System Volume Information\_restore{CC2A1C96-014B-40AF-95DC-BC3CE542C0D6}\RP83\A0100799.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{CC2A1C96-014B-40AF-95DC-BC3CE542C0D6}\RP83\A0100800.dll
C:\System Volume Information\_restore{CC2A1C96-014B-40AF-95DC-BC3CE542C0D6}\RP83\A0100800.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{CC2A1C96-014B-40AF-95DC-BC3CE542C0D6}\RP83\A0100802.dll
C:\System Volume Information\_restore{CC2A1C96-014B-40AF-95DC-BC3CE542C0D6}\RP83\A0100802.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{CC2A1C96-014B-40AF-95DC-BC3CE542C0D6}\RP83\A0100803.dll
C:\System Volume Information\_restore{CC2A1C96-014B-40AF-95DC-BC3CE542C0D6}\RP83\A0100803.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{CC2A1C96-014B-40AF-95DC-BC3CE542C0D6}\RP83\A0100804.dll
C:\System Volume Information\_restore{CC2A1C96-014B-40AF-95DC-BC3CE542C0D6}\RP83\A0100804.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{CC2A1C96-014B-40AF-95DC-BC3CE542C0D6}\RP83\A0100805.dll
C:\System Volume Information\_restore{CC2A1C96-014B-40AF-95DC-BC3CE542C0D6}\RP83\A0100805.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{CC2A1C96-014B-40AF-95DC-BC3CE542C0D6}\RP83\A0100806.dll
C:\System Volume Information\_restore{CC2A1C96-014B-40AF-95DC-BC3CE542C0D6}\RP83\A0100806.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{CC2A1C96-014B-40AF-95DC-BC3CE542C0D6}\RP83\A0100807.dll
C:\System Volume Information\_restore{CC2A1C96-014B-40AF-95DC-BC3CE542C0D6}\RP83\A0100807.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{CC2A1C96-014B-40AF-95DC-BC3CE542C0D6}\RP83\A0100808.dll
C:\System Volume Information\_restore{CC2A1C96-014B-40AF-95DC-BC3CE542C0D6}\RP83\A0100808.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{CC2A1C96-014B-40AF-95DC-BC3CE542C0D6}\RP83\A0100809.dll
C:\System Volume Information\_restore{CC2A1C96-014B-40AF-95DC-BC3CE542C0D6}\RP83\A0100809.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{CC2A1C96-014B-40AF-95DC-BC3CE542C0D6}\RP83\A0100810.dll
C:\System Volume Information\_restore{CC2A1C96-014B-40AF-95DC-BC3CE542C0D6}\RP83\A0100810.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{CC2A1C96-014B-40AF-95DC-BC3CE542C0D6}\RP83\A0100811.dll
C:\System Volume Information\_restore{CC2A1C96-014B-40AF-95DC-BC3CE542C0D6}\RP83\A0100811.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{CC2A1C96-014B-40AF-95DC-BC3CE542C0D6}\RP83\A0100812.dll
C:\System Volume Information\_restore{CC2A1C96-014B-40AF-95DC-BC3CE542C0D6}\RP83\A0100812.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{CC2A1C96-014B-40AF-95DC-BC3CE542C0D6}\RP83\A0100813.dll
C:\System Volume Information\_restore{CC2A1C96-014B-40AF-95DC-BC3CE542C0D6}\RP83\A0100813.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{CC2A1C96-014B-40AF-95DC-BC3CE542C0D6}\RP83\A0100814.dll
C:\System Volume Information\_restore{CC2A1C96-014B-40AF-95DC-BC3CE542C0D6}\RP83\A0100814.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{CC2A1C96-014B-40AF-95DC-BC3CE542C0D6}\RP83\A0100815.dll
C:\System Volume Information\_restore{CC2A1C96-014B-40AF-95DC-BC3CE542C0D6}\RP83\A0100815.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{CC2A1C96-014B-40AF-95DC-BC3CE542C0D6}\RP83\A0100817.dll
C:\System Volume Information\_restore{CC2A1C96-014B-40AF-95DC-BC3CE542C0D6}\RP83\A0100817.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{CC2A1C96-014B-40AF-95DC-BC3CE542C0D6}\RP83\A0100818.dll
C:\System Volume Information\_restore{CC2A1C96-014B-40AF-95DC-BC3CE542C0D6}\RP83\A0100818.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{CC2A1C96-014B-40AF-95DC-BC3CE542C0D6}\RP83\A0100819.dll
C:\System Volume Information\_restore{CC2A1C96-014B-40AF-95DC-BC3CE542C0D6}\RP83\A0100819.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{CC2A1C96-014B-40AF-95DC-BC3CE542C0D6}\RP83\A0100820.dll
C:\System Volume Information\_restore{CC2A1C96-014B-40AF-95DC-BC3CE542C0D6}\RP83\A0100820.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{CC2A1C96-014B-40AF-95DC-BC3CE542C0D6}\RP83\A0100821.dll
C:\System Volume Information\_restore{CC2A1C96-014B-40AF-95DC-BC3CE542C0D6}\RP83\A0100821.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{CC2A1C96-014B-40AF-95DC-BC3CE542C0D6}\RP83\A0100822.dll
C:\System Volume Information\_restore{CC2A1C96-014B-40AF-95DC-BC3CE542C0D6}\RP83\A0100822.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{CC2A1C96-014B-40AF-95DC-BC3CE542C0D6}\RP83\A0100823.dll
C:\System Volume Information\_restore{CC2A1C96-014B-40AF-95DC-BC3CE542C0D6}\RP83\A0100823.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{CC2A1C96-014B-40AF-95DC-BC3CE542C0D6}\RP83\A0100824.dll
C:\System Volume Information\_restore{CC2A1C96-014B-40AF-95DC-BC3CE542C0D6}\RP83\A0100824.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{CC2A1C96-014B-40AF-95DC-BC3CE542C0D6}\RP83\A0100825.dll
C:\System Volume Information\_restore{CC2A1C96-014B-40AF-95DC-BC3CE542C0D6}\RP83\A0100825.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{CC2A1C96-014B-40AF-95DC-BC3CE542C0D6}\RP83\A0100830.dll
C:\System Volume Information\_restore{CC2A1C96-014B-40AF-95DC-BC3CE542C0D6}\RP83\A0100830.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{CC2A1C96-014B-40AF-95DC-BC3CE542C0D6}\RP83\A0100832.dll
C:\System Volume Information\_restore{CC2A1C96-014B-40AF-95DC-BC3CE542C0D6}\RP83\A0100832.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{CC2A1C96-014B-40AF-95DC-BC3CE542C0D6}\RP83\A0100833.dll
C:\System Volume Information\_restore{CC2A1C96-014B-40AF-95DC-BC3CE542C0D6}\RP83\A0100833.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{CC2A1C96-014B-40AF-95DC-BC3CE542C0D6}\RP83\A0100835.dll
C:\System Volume Information\_restore{CC2A1C96-014B-40AF-95DC-BC3CE542C0D6}\RP83\A0100835.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{CC2A1C96-014B-40AF-95DC-BC3CE542C0D6}\RP83\A0100836.dll
C:\System Volume Information\_restore{CC2A1C96-014B-40AF-95DC-BC3CE542C0D6}\RP83\A0100836.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{CC2A1C96-014B-40AF-95DC-BC3CE542C0D6}\RP83\A0100838.dll
C:\System Volume Information\_restore{CC2A1C96-014B-40AF-95DC-BC3CE542C0D6}\RP83\A0100838.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{CC2A1C96-014B-40AF-95DC-BC3CE542C0D6}\RP83\A0100844.dll
C:\System Volume Information\_restore{CC2A1C96-014B-40AF-95DC-BC3CE542C0D6}\RP83\A0100844.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{CC2A1C96-014B-40AF-95DC-BC3CE542C0D6}\RP83\A0101853.dll
C:\System Volume Information\_restore{CC2A1C96-014B-40AF-95DC-BC3CE542C0D6}\RP83\A0101853.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\dnjm0111e.dll
C:\WINDOWS\system32\dnjm0111e.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\kt0ol7d31.dll
C:\WINDOWS\system32\kt0ol7d31.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\mvr2l99o1.dll
C:\WINDOWS\system32\mvr2l99o1.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\__delete_on_reboot__mfisip.dll
C:\WINDOWS\system32\__delete_on_reboot__mfisip.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\__delete_on_reboot__wpsapi32.dll
C:\WINDOWS\system32\__delete_on_reboot__wpsapi32.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\System32\guard.tmp
C:\WINDOWS\System32\guard.tmp Deleted successfully!

Making registry repairs.

Removing: HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Hints

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{C990E4A4-3B02-4F5E-9F93-9D68878DD67F}"
HKCR\Clsid\{C990E4A4-3B02-4F5E-9F93-9D68878DD67F}

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{230C9BA3-B518-4EB2-9EE8-ABFE8062C583}"
HKCR\Clsid\{230C9BA3-B518-4EB2-9EE8-ABFE8062C583}

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{D93A6B81-9128-410F-AA98-8FB40FB5C322}"
HKCR\Clsid\{D93A6B81-9128-410F-AA98-8FB40FB5C322}

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{D240E970-6850-416C-902C-283792579F9D}"
HKCR\Clsid\{D240E970-6850-416C-902C-283792579F9D}

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{C5C99708-3F36-436C-A949-8F1C79AE51FB}"
HKCR\Clsid\{C5C99708-3F36-436C-A949-8F1C79AE51FB}

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{6745B93B-74BB-4CA0-875F-A4B87F7AA053}"
HKCR\Clsid\{6745B93B-74BB-4CA0-875F-A4B87F7AA053}

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{B3A4CD4E-3820-4C20-8102-9E11A2589B1D}"
HKCR\Clsid\{B3A4CD4E-3820-4C20-8102-9E11A2589B1D}

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{CBC0936A-175B-4D89-AA38-3D8480C50C64}"
HKCR\Clsid\{CBC0936A-175B-4D89-AA38-3D8480C50C64}

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{4189F74C-AE53-4426-B0CA-294C67A30255}"
HKCR\Clsid\{4189F74C-AE53-4426-B0CA-294C67A30255}

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{0AE9FD40-D41F-4756-8ABF-33D54850AF6A}"
HKCR\Clsid\{0AE9FD40-D41F-4756-8ABF-33D54850AF6A}

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{AC8D3E6F-6925-4314-AFCF-9BB34B2F19CD}"
HKCR\Clsid\{AC8D3E6F-6925-4314-AFCF-9BB34B2F19CD}

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{44580EC8-1F2D-4C7D-9068-866EA76BF433}"
HKCR\Clsid\{44580EC8-1F2D-4C7D-9068-866EA76BF433}

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{F09BCDE6-C6BB-4AE5-AEBA-D6A47A5B0383}"
HKCR\Clsid\{F09BCDE6-C6BB-4AE5-AEBA-D6A47A5B0383}

Restoring Windows certificates.

Replaced hosts file with default windows hosts file

[03/15/2006, 15:06:14] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\The champ\Skrivebord\VirtumundoBeGone.exe" )
[03/15/2006, 15:06:17] - Detected System Information:
[03/15/2006, 15:06:17] - Windows Version: 5.1.2600, Service Pack 1
[03/15/2006, 15:06:17] - Current Username: The champ (Admin)
[03/15/2006, 15:06:17] - Windows is in NORMAL mode.
[03/15/2006, 15:06:17] - Searching for Browser Helper Objects:
[03/15/2006, 15:06:17] - BHO 1: {20D57A66-F7DF-467d-907B-9B7F4A118AB7} ()
[03/15/2006, 15:06:17] - WARNING: BHO has no default name. Checking for Winlogon reference.
[03/15/2006, 15:06:17] - Checking for HKLM\...\Winlogon\Notify\geeby
[03/15/2006, 15:06:17] - Found: HKLM\...\Winlogon\Notify\geeby - This is probably Virtumundo.
[03/15/2006, 15:06:17] - Assigning {20D57A66-F7DF-467d-907B-9B7F4A118AB7} MSEvents Object
[03/15/2006, 15:06:17] - BHO list has been changed! Starting over...
[03/15/2006, 15:06:17] - BHO 1: {20D57A66-F7DF-467d-907B-9B7F4A118AB7} (MSEvents Object)
[03/15/2006, 15:06:17] - ALERT: Found MSEvents Object!
[03/15/2006, 15:06:17] - Finished Searching Browser Helper Objects
[03/15/2006, 15:06:17] - *** Detected MSEvents Object
[03/15/2006, 15:06:17] - Trying to remove MSEvents Object...
[03/15/2006, 15:06:18] - Terminating Process: IEXPLORE.EXE
[03/15/2006, 15:06:18] - Terminating Process: RUNDLL32.EXE
[03/15/2006, 15:06:18] - Disabling Automatic Shell Restart
[03/15/2006, 15:06:18] - Terminating Process: EXPLORER.EXE
[03/15/2006, 15:06:18] - Suspending the NT Session Manager System Service
[03/15/2006, 15:06:18] - Terminating Windows NT Logon/Logoff Manager
[03/15/2006, 15:06:18] - Re-enabling Automatic Shell Restart
[03/15/2006, 15:06:18] - File to disable: C:\WINDOWS\System32\geeby.dll
[03/15/2006, 15:06:18] - Removing HKLM\...\Browser Helper Objects\{20D57A66-F7DF-467d-907B-9B7F4A118AB7}
[03/15/2006, 15:06:18] - Removing HKCR\CLSID\{20D57A66-F7DF-467d-907B-9B7F4A118AB7}
[03/15/2006, 15:06:18] - Adding Kill Bit for ActiveX for GUID: {20D57A66-F7DF-467d-907B-9B7F4A118AB7}
[03/15/2006, 15:06:18] - Deleting ATLEvents/MSEvents Registry entries
[03/15/2006, 15:06:18] - Removing HKLM\...\Winlogon\Notify\geeby
[03/15/2006, 15:06:18] - Searching for Browser Helper Objects:
[03/15/2006, 15:06:18] - Finished Searching Browser Helper Objects
[03/15/2006, 15:06:18] - Finishing up...
[03/15/2006, 15:06:18] - A restart is needed.
[03/15/2006, 15:06:21] - Attempting to Restart via STOP error (Blue Screen!)

Synes godt om

supermehl Nybegynder

15. marts 2006 - 15:14 #5

Og her har du Hijack loggen:

Logfile of HijackThis v1.99.1
Scan saved at 15:13:50, on 15-03-2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmer\ewido\security suite\ewidoctrl.exe
C:\Programmer\ewido\security suite\ewidoguard.exe
C:\Programmer\Spyware Doctor\sdhelp.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\Explorer.EXE
C:\Programmer\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\System32\sstray.exe
C:\Programmer\Java\jre1.5.0_01\bin\jusched.exe
C:\dinst.exe
C:\WINDOWS\System32\rundll32.exe
C:\Programmer\Error Safe Free\ers.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Programmer\Messenger\msmsgs.exe
C:\Programmer\ZyDAS\ZD1211 802.11g Utility\ZDWlan.exe
C:\WINDOWS\System32\imapi.exe
C:\Documents and Settings\The champ\Lokale indstillinger\Temp\Midlertidig mappe 3 for hijackthis.zip\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.signon.stofanet.dk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [ATIPTA] C:\Programmer\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmer\Java\jre1.5.0_01\bin\jusched.exe
O4 - HKLM\..\Run: [mdr procce] gona.exe
O4 - HKLM\..\Run: [keyboard] c:\\keyboard2.exe
O4 - HKLM\..\Run: [Windows Firewall Monitor] C:\dinst.exe
O4 - HKLM\..\Run: [asdgs] C:\dinst.exe
O4 - HKLM\..\Run: [ifdrv] rundll32.exe C:\WINDOWS\System32\ifdrv.dll,start
O4 - HKLM\..\Run: [Error Safe] C:\Programmer\Error Safe Free\ers.exe /scan
O4 - HKLM\..\RunServices: [mdr procce] gona.exe
O4 - HKLM\..\RunServices: [Windows Firewall Monitor] C:\dinst.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmer\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmer\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ErrorSafe] "C:\Programmer\Error Safe Free\ers.exe" /scan
O4 - Global Startup: ZDWlan.lnk = ?
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O12 - Plugin for .spop: C:\Programmer\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {8FCDF9D9-A28B-480F-8C3D-581F119A8AB8} (MediaGatewayX) - http://static.zangocash.com/cab/Zango/ie/bridge-c18.cab?83e5fc6d995c376ab70458af1b406574d8c437787d8dd6c88b6c2ac3f84c5c4e1ad957b13b6defd6eebdb1dff93974d7acba375bbc19f23d91e9c49c9ce792b34d1a074f2a:6f750d40ae25fea7e1b37b6906113080
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\TWlra2VsIE1vc2x1bmQ\command.exe (file missing)
O23 - Service: ewido security suite control - ewido networks - C:\Programmer\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Programmer\ewido\security suite\ewidoguard.exe
O23 - Service: Hardware Clock Driver (hwclock) - Unknown owner - C:\WINDOWS\System32\hwclock.exe (file missing)
O23 - Service: Word Process (msproc) - Unknown owner - C:\WINDOWS\mswinpad.exe (file missing)
O23 - Service: Network Monitor - Unknown owner - C:\Programmer\Network Monitor\netmon.exe (file missing)
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Programmer\Spyware Doctor\sdhelp.exe

Synes godt om

ejvindh Ekspert

15. marts 2006 - 16:33 #6

Ja, jeg skal love for, at værktøjerne har været på arbejde!!! Især Look2me-infektionen har du da vist haft længe på din computer. Men nu er den død. Og det samme gælder Virtumondo-infektionen. Så det værste er vist overstået nu. Der er dog lidt mere arbejde endnu:

-- Hent Avenger her:
http://swandog46.geekstogo.com/avenger.zip

-- Pak Avenger-programmet ud og dobbeltklik på avenger.exe

-- Sæt en prik i "Input Script Manually" og klik på Luppen - nu dukker der et lille vindue op, hvor du skal kopiere indholdet mellem de stiplede linier ind:

-----------------------------
Files to delete:
C:\WINDOWS\System32\gona.exe
c:\keyboard2.exe
C:\dinst.exe
C:\WINDOWS\System32\ifdrv.dll
C:\WINDOWS\web\related.htm
C:\WINDOWS\System32\hwclock.exe
C:\WINDOWS\mswinpad.exe

Folders to Delete:
C:\Programmer\Error Safe Free
C:\WINDOWS\TWlra2VsIE1vc2x1bmQ
C:\Programmer\Network Monitor
-----------------------------

-- Klik på Trafiklyset i Avenger. Programmet vil opfordre dig til at genstarte computeren straks, hvilket du skal gøre. Programmet vil lukke din computer, slette filerne og starte computeren igen.

-- Efter genstarten vil der dukke et notepad-vindue op, med en log for Avengers handlinger. Den må du gerne lægge ind i dit næste svar.

-- Klik på Start-kør. Skriv: Services.msc Tast OK.
Find følgende services, højreklik på dem og vælg egenskaber. Under starttype vælger du deaktiveret. Klik også på Stop:
Command Service
Hardware Clock Driver
Word Process
Network Monitor

-- Kør Hijackthis, vælg "Do a system scan only", sæt flueben ved linierne listet her, luk alle vinduer undtaget Hijackthis, klik på fix checked.

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
O4 - HKLM\..\Run: [mdr procce] gona.exe
O4 - HKLM\..\Run: [keyboard] c:\\keyboard2.exe
O4 - HKLM\..\Run: [Windows Firewall Monitor] C:\dinst.exe
O4 - HKLM\..\Run: [asdgs] C:\dinst.exe
O4 - HKLM\..\Run: [ifdrv] rundll32.exe C:\WINDOWS\System32\ifdrv.dll,start
O4 - HKLM\..\Run: [Error Safe] C:\Programmer\Error Safe Free\ers.exe /scan
O4 - HKLM\..\RunServices: [mdr procce] gona.exe
O4 - HKLM\..\RunServices: [Windows Firewall Monitor] C:\dinst.exe
O4 - HKCU\..\Run: [ErrorSafe] "C:\Programmer\Error Safe Free\ers.exe" /scan
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O16 - DPF: {8FCDF9D9-A28B-480F-8C3D-581F119A8AB8} (MediaGatewayX) - http://static.zangocash.com/cab/Zango/ie/bridge-c18.cab?83e5fc6d995c376ab70458af1b406574d8c437787d8dd6c88b6c2ac3f84c5c4e1ad957b13b6defd6eebdb1dff93974d7acba375bbc19f23d91e9c49c9ce792b34d1a074f2a:6f750d40ae25fea7e1b37b6906113080
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\TWlra2VsIE1vc2x1bmQ\command.exe (file missing)
O23 - Service: Hardware Clock Driver (hwclock) - Unknown owner - C:\WINDOWS\System32\hwclock.exe (file missing)
O23 - Service: Word Process (msproc) - Unknown owner - C:\WINDOWS\mswinpad.exe (file missing)
O23 - Service: Network Monitor - Unknown owner - C:\Programmer\Network Monitor\netmon.exe (file missing)

Genstart computeren, og lav en ny log med Hijackthis, som du lægger herind sammen med loggen fra Avenger

Synes godt om

ejvindh Ekspert

15. marts 2006 - 16:35 #7

O23-linierne er muligvis forsvundet når du kommer til det punkt, hvor du skal fixe med Hijackthis.

Synes godt om

ejvindh Ekspert

24. marts 2006 - 11:38 #8

Kom du videre med dit problem?

Synes godt om

ejvindh Ekspert

10. april 2006 - 01:24 #9

Husk at lukke spørgsmålet.

Synes godt om

ejvindh Ekspert

26. januar 2007 - 12:29 #10

Det ville være fint, hvis du ville lukke dette spørgsmål, eftersom vi jo nu er i gang her:
http://www.eksperten.dk/spm/758398

Synes godt om

Ny bruger Nybegynder

Din løsning...

Tilladte BB-code-tags: [b]fed[/b] [i]kursiv[/i] [u]understreget[/u] Web- og emailadresser omdannes automatisk til links. Der sættes "nofollow" på alle links.

Følg dette spørgsmål

Opret Preview

Flere spørgsmål fra Virus kategorien

Titel	Indlæg	Oprettet	Seneste aktivitet
trusler Af gerhardpet i Virus	4	26/01/202410:02	27/01/202408:32
Kan ikke fjerne virus Af mik28 i Virus	16	09/01/202416:37	10/01/202419:59
virusscanning Af JetteD i Virus	2	10/11/202312:55	10/11/202316:36
Google ser ud til at være malware, lyder advarsel på alle vore mobiler! Af vbr i Virus	9	30/10/202312:12	15/12/202310:17
Jeg får en fejl på Enhedssikkerhed Af pouls i Virus	8	04/06/202321:28	05/06/202316:28

Se alle spørgsmål i kategorien Opret spørgsmål

Log ind eller opret profil

Hov!

For at kunne deltage på Computerworld Eksperten skal du være logget ind.

Det er heldigvis nemt at oprette en bruger: Det tager to minutter og du kan vælge at bruge enten e-mail, Facebook eller Google som login.

Du kan også logge ind via nedenstående tjenester

Alle kategorier på Eksperten

Seneste artiklerRSS