Spywarefri Forum | endnu en orm i msn

endnu en orm i msn

[ Ignorer ] Teddy1977
21.09.2006 21:14:26 Antal indlæg: 509	jeg prøver at f’lge vejledningen, men allerede ved sletning af msn går det galt. i tilføj/fjern program er der simpelthen ikk en fjern knap ud for msn, en anden måde man kan få det fjernet på??
[ Ignorer ] [ # 1 ] forevernewbie
21.09.2006 22:39:24 Redaktør Antal indlæg: 3361	Du kan slette programmappen MSN Messenger. Det skal sikkert gøres i fejlsikret tilstand. Signatur “Truth is treason in the empire of lies” / Ron Paul Medlem af Alliance of Security Analysis Professionals
[ Ignorer ] [ # 2 ] Magic Emeritus
22.09.2006 08:15:02 Administrator Supporter Emeritus Antal indlæg: 29613	Ellers bare fortsæt med resten af vejledningen: http://www.spywarefri.dk/forum/topic.asp?TOPIC_ID=29791 Og send de forskellige log filer herind
[ Ignorer ] [ # 3 ] Teddy1977
23.09.2006 11:21:05 Antal indlæg: 509	sas log: SUPERAntiSpyware Scan Log Generated 09/22/2006 at 06:25 PM Core Rules Database Version : 3089 Trace Rules Database Version: 1118 Memory threats detected : 0 Registry threats detected : 3 File threats detected : 259 Trojan.LZX32 HKLM\System\ControlSet001\Services\pe386 C:\WINDOWS\system32:lzx32.sys HKLM\System\ControlSet003\Services\pe386 HKLM\System\CurrentControlSet\Services\pe386 Adware.Tracking Cookie C:\Documents and Settings\Niels\Cookies\niels@ads.arto[2].txt C:\Documents and Settings\Niels\Cookies\niels@adserver.virgin[1].txt C:\Documents and Settings\Niels\Cookies\niels@yieldmanager[1].txt C:\Documents and Settings\Niels\Cookies\niels@www.0stats[1].txt C:\Documents and Settings\Niels\Cookies\niels@weborama[1].txt C:\Documents and Settings\Niels\Cookies\niels@questionmarket[2].txt C:\Documents and Settings\Niels\Cookies\niels@tribalfusion[1].txt C:\Documents and Settings\Niels\Cookies\niels@maxserving[1].txt C:\Documents and Settings\Niels\Cookies\niels@ads.monster[1].txt C:\Documents and Settings\Niels\Cookies\niels@adserver.adreactor[1].txt C:\Documents and Settings\Niels\Cookies\niels@casalemedia[1].txt C:\Documents and Settings\Niels\Cookies\niels@overture[1].txt C:\Documents and Settings\Niels\Cookies\niels@www.webstat[1].txt C:\Documents and Settings\Niels\Cookies\niels@adfair[1].txt C:\Documents and Settings\Niels\Cookies\niels@statcounter[1].txt C:\Documents and Settings\Niels\Cookies\niels@ad.ofir[1].txt C:\Documents and Settings\Niels\Cookies\niels@as-eu.falkag[1].txt C:\Documents and Settings\Niels\Cookies\niels@adtech[2].txt C:\Documents and Settings\Niels\Cookies\niels@ads.as4x.tmcs[1].txt C:\Documents and Settings\Niels\Cookies\niels@mediaplex[1].txt C:\Documents and Settings\Niels\Cookies\niels@tradedoubler[1].txt C:\Documents and Settings\Niels\Cookies\niels@doubleclick[1].txt C:\Documents and Settings\Niels\Cookies\niels@ads.contactmusic[1].txt C:\Documents and Settings\Niels\Cookies\niels@track.adform[2].txt C:\Documents and Settings\Niels\Cookies\niels@2o7[2].txt C:\Documents and Settings\Niels\Cookies\niels@cgi-bin[2].txt C:\Documents and Settings\Niels\Cookies\niels@zedo[2].txt C:\Documents and Settings\Niels\Cookies\niels@adserver.banneradministration[2].txt C:\Documents and Settings\Niels\Cookies\niels@adecn[1].txt C:\Documents and Settings\Niels\Cookies\niels@ad2.adecn[1].txt C:\Documents and Settings\Niels\Cookies\niels@advertising[2].txt C:\Documents and Settings\Niels\Cookies\niels@hotbar[1].txt C:\Documents and Settings\Niels\Cookies\niels@fastclick[1].txt C:\Documents and Settings\Niels\Cookies\niels@ads.realtechnetwork[2].txt C:\Documents and Settings\Niels\Cookies\niels@ad.ifrance[2].txt C:\Documents and Settings\Niels\Cookies\niels@1069388533[1].txt C:\Documents and Settings\Niels\Cookies\niels@ad1.emediate[1].txt C:\Documents and Settings\Niels\Cookies\niels@e2.emediate[1].txt C:\Documents and Settings\Niels\Cookies\niels@tracker.affistats[1].txt C:\Documents and Settings\Niels\Cookies\niels@linksynergy[2].txt C:\Documents and Settings\Niels\Cookies\niels@ilead.itrack[2].txt C:\Documents and Settings\Niels\Cookies\niels@clicktorrent[2].txt C:\Documents and Settings\Niels\Cookies\niels@revenue[1].txt C:\Documents and Settings\Niels\Cookies\niels@atwola[1].txt C:\Documents and Settings\Niels\Cookies\niels@atdmt[2].txt C:\Documents and Settings\Niels\Cookies\niels@serving-sys[2].txt C:\Documents and Settings\Niels\Cookies\niels@adopt.hbmediapro[2].txt C:\Documents and Settings\Niels\Cookies\niels@focalex[1].txt C:\Documents and Settings\Niels\Cookies\niels@a[1].txt C:\Documents and Settings\Niels\Cookies\niels@mb[1].txt C:\Documents and Settings\Niels\Cookies\niels@advertstream[1].txt C:\Documents and Settings\Niels\Cookies\niels@xiti[1].txt C:\Documents and Settings\Niels\Cookies\niels@bs.serving-sys[1].txt C:\Documents and Settings\Niels\Cookies\niels@ad.yieldmanager[1].txt C:\Documents and Settings\Niels\Cookies\niels@banner.cdpoker[1].txt C:\Documents and Settings\Niels\Cookies\niels@msnportal.112.2o7[1].txt C:\Documents and Settings\Administrator\Cookies\administrator@atdmt[1].txt C:\Documents and Settings\Anja\Cookies\anja@247realmedia[1].txt C:\Documents and Settings\Anja\Cookies\anja@2o7[2].txt C:\Documents and Settings\Anja\Cookies\anja@ad-logics[1].txt C:\Documents and Settings\Anja\Cookies\anja@ad.ofir[2].txt C:\Documents and Settings\Anja\Cookies\anja@ad.yieldmanager[1].txt C:\Documents and Settings\Anja\Cookies\anja@ad1.emediate[2].txt C:\Documents and Settings\Anja\Cookies\anja@adopt.euroclick[1].txt C:\Documents and Settings\Anja\Cookies\anja@ads.arto[1].txt C:\Documents and Settings\Anja\Cookies\anja@ads.as4x.tmcs[1].txt C:\Documents and Settings\Anja\Cookies\anja@ads.monster[2].txt C:\Documents and Settings\Anja\Cookies\anja@ads.pointroll[2].txt C:\Documents and Settings\Anja\Cookies\anja@ads.tripod.lycos[2].txt C:\Documents and Settings\Anja\Cookies\anja@ads.x10[1].txt C:\Documents and Settings\Anja\Cookies\anja@ads2.jubii[1].txt C:\Documents and Settings\Anja\Cookies\anja@adserver.banneradministration[2].txt C:\Documents and Settings\Anja\Cookies\anja@adtech[1].txt C:\Documents and Settings\Anja\Cookies\anja@advert.travlang[1].txt C:\Documents and Settings\Anja\Cookies\anja@advertising[1].txt C:\Documents and Settings\Anja\Cookies\anja@as-eu.falkag[2].txt C:\Documents and Settings\Anja\Cookies\anja@as1.falkag[1].txt C:\Documents and Settings\Anja\Cookies\anja@atdmt[2].txt C:\Documents and Settings\Anja\Cookies\anja@atwola[1].txt C:\Documents and Settings\Anja\Cookies\anja@azjmp[2].txt C:\Documents and Settings\Anja\Cookies\anja@banner2.ofir[1].txt C:\Documents and Settings\Anja\Cookies\anja@belnk[1].txt C:\Documents and Settings\Anja\Cookies\anja@bluestreak[2].txt C:\Documents and Settings\Anja\Cookies\anja@bs.serving-sys[2].txt C:\Documents and Settings\Anja\Cookies\anja@burstnet[2].txt C:\Documents and Settings\Anja\Cookies\anja@c5.zedo[2].txt C:\Documents and Settings\Anja\Cookies\anja@casalemedia[1].txt C:\Documents and Settings\Anja\Cookies\anja@click-fr[2].txt C:\Documents and Settings\Anja\Cookies\anja@clicksor[1].txt C:\Documents and Settings\Anja\Cookies\anja@counter2.hitslink[1].txt C:\Documents and Settings\Anja\Cookies\anja@counter7.sextracker[1].txt C:\Documents and Settings\Anja\Cookies\anja@counter9.sextracker[1].txt C:\Documents and Settings\Anja\Cookies\anja@data1.perf.overture[1].txt C:\Documents and Settings\Anja\Cookies\anja@dist.belnk[2].txt C:\Documents and Settings\Anja\Cookies\anja@doubleclick[1].txt C:\Documents and Settings\Anja\Cookies\anja@easy-hit-counters[1].txt C:\Documents and Settings\Anja\Cookies\anja@ehg-dig.hitbox[2].txt C:\Documents and Settings\Anja\Cookies\anja@ehg-legonewyorkinc.hitbox[2].txt C:\Documents and Settings\Anja\Cookies\anja@ehg.hitbox[2].txt C:\Documents and Settings\Anja\Cookies\anja@fastclick[1].txt C:\Documents and Settings\Anja\Cookies\anja@focalex[2].txt C:\Documents and Settings\Anja\Cookies\anja@fortunecity[2].txt C:\Documents and Settings\Anja\Cookies\anja@hg1.hitbox[2].txt C:\Documents and Settings\Anja\Cookies\anja@hitbox[1].txt C:\Documents and Settings\Anja\Cookies\anja@hotlog[1].txt C:\Documents and Settings\Anja\Cookies\anja@i.screensavers[1].txt C:\Documents and Settings\Anja\Cookies\anja@ilead.itrack[2].txt C:\Documents and Settings\Anja\Cookies\anja@image.masterstats[1].txt C:\Documents and Settings\Anja\Cookies\anja@media.fastclick[1].txt C:\Documents and Settings\Anja\Cookies\anja@mediaplex[2].txt C:\Documents and Settings\Anja\Cookies\anja@microsofteup.112.2o7[1].txt C:\Documents and Settings\Anja\Cookies\anja@overture[1].txt C:\Documents and Settings\Anja\Cookies\anja@partypoker[2].txt C:\Documents and Settings\Anja\Cookies\anja@perf.overture[1].txt C:\Documents and Settings\Anja\Cookies\anja@phg.hitbox[2].txt C:\Documents and Settings\Anja\Cookies\anja@qksrv[1].txt C:\Documents and Settings\Anja\Cookies\anja@questionmarket[1].txt C:\Documents and Settings\Anja\Cookies\anja@realmedia[2].txt C:\Documents and Settings\Anja\Cookies\anja@reduxads.valuead[2].txt C:\Documents and Settings\Anja\Cookies\anja@revenue[1].txt C:\Documents and Settings\Anja\Cookies\anja@rotator.adjuggler[2].txt C:\Documents and Settings\Anja\Cookies\anja@sel.as-eu.falkag[2].txt C:\Documents and Settings\Anja\Cookies\anja@server.iad.liveperson[1].txt C:\Documents and Settings\Anja\Cookies\anja@serving-sys[2].txt C:\Documents and Settings\Anja\Cookies\anja@sexlist[1].txt C:\Documents and Settings\Anja\Cookies\anja@sextracker[2].txt C:\Documents and Settings\Anja\Cookies\anja@sextv[1].txt C:\Documents and Settings\Anja\Cookies\anja@spylog[2].txt C:\Documents and Settings\Anja\Cookies\anja@starware[2].txt C:\Documents and Settings\Anja\Cookies\anja@stat.onestat[2].txt C:\Documents and Settings\Anja\Cookies\anja@statcounter[2].txt C:\Documents and Settings\Anja\Cookies\anja@statse.webtrendslive[2].txt C:\Documents and Settings\Anja\Cookies\anja@tacoda[1].txt C:\Documents and Settings\Anja\Cookies\anja@targetnet[1].txt C:\Documents and Settings\Anja\Cookies\anja@toplist[1].txt C:\Documents and Settings\Anja\Cookies\anja@track.adform[1].txt C:\Documents and Settings\Anja\Cookies\anja@track.adform[2].txt C:\Documents and Settings\Anja\Cookies\anja@tradedoubler[1].txt C:\Documents and Settings\Anja\Cookies\anja@trafficmp[2].txt C:\Documents and Settings\Anja\Cookies\anja@tribalfusion[1].txt C:\Documents and Settings\Anja\Cookies\anja@tripod[1].txt C:\Documents and Settings\Anja\Cookies\anja@valueclick[2].txt C:\Documents and Settings\Anja\Cookies\anja@warlog[1].txt C:\Documents and Settings\Anja\Cookies\anja@www.0stats[2].txt C:\Documents and Settings\Anja\Cookies\anja@www.bettersexmall[1].txt C:\Documents and Settings\Anja\Cookies\anja@www.screensavers[2].txt C:\Documents and Settings\Anja\Cookies\anja@www.sextv[1].txt C:\Documents and Settings\Anja\Cookies\anja@www.smartadserver[1].txt C:\Documents and Settings\Anja\Cookies\anja@www3.paypopup[1].txt C:\Documents and Settings\Anja\Cookies\anja@www4.paypopup[1].txt C:\Documents and Settings\Anja\Cookies\anja@www6.paypopup[1].txt C:\Documents and Settings\Anja\Cookies\anja@xiti[1].txt C:\Documents and Settings\Anja\Cookies\anja@yieldmanager[1].txt C:\Documents and Settings\Anja\Cookies\anja@z1.adserver[1].txt C:\Documents and Settings\Anja\Cookies\anja@zedo[2].txt C:\Documents and Settings\Henry\Cookies\henry@ad1.emediate[1].txt C:\Documents and Settings\Henry\Cookies\henry@ads2.jubii[1].txt C:\Documents and Settings\Henry\Cookies\henry@adtech[1].txt C:\Documents and Settings\Henry\Cookies\henry@advertising[1].txt C:\Documents and Settings\Henry\Cookies\henry@as1.falkag[1].txt C:\Documents and Settings\Henry\Cookies\henry@bs.serving-sys[2].txt C:\Documents and Settings\Henry\Cookies\henry@doubleclick[1].txt C:\Documents and Settings\Henry\Cookies\henry@mediaplex[1].txt C:\Documents and Settings\Henry\Cookies\henry@serving-sys[2].txt C:\Documents and Settings\Henry\Cookies\henry@track.adform[2].txt C:\Documents and Settings\Henry\Cookies\henry@tradedoubler[2].txt C:\Documents and Settings\Karina\Cookies\karina@2o7[2].txt C:\Documents and Settings\Karina\Cookies\karina@ad.ofir[1].txt C:\Documents and Settings\Karina\Cookies\karina@ad1.emediate[1].txt C:\Documents and Settings\Karina\Cookies\karina@ads.pointroll[2].txt C:\Documents and Settings\Karina\Cookies\karina@ads.x10[1].txt C:\Documents and Settings\Karina\Cookies\karina@ads2.jubii[1].txt C:\Documents and Settings\Karina\Cookies\karina@adtech[1].txt C:\Documents and Settings\Karina\Cookies\karina@advertising[1].txt C:\Documents and Settings\Karina\Cookies\karina@as1.falkag[1].txt C:\Documents and Settings\Karina\Cookies\karina@atdmt[2].txt C:\Documents and Settings\Karina\Cookies\karina@banner2.ofir[1].txt C:\Documents and Settings\Karina\Cookies\karina@bs.serving-sys[2].txt C:\Documents and Settings\Karina\Cookies\karina@c1.zedo[1].txt C:\Documents and Settings\Karina\Cookies\karina@doubleclick[2].txt C:\Documents and Settings\Karina\Cookies\karina@ehg-nokiafin.hitbox[2].txt C:\Documents and Settings\Karina\Cookies\karina@fastclick[2].txt C:\Documents and Settings\Karina\Cookies\karina@hitbox[2].txt C:\Documents and Settings\Karina\Cookies\karina@ilead.itrack[2].txt C:\Documents and Settings\Karina\Cookies\karina@indextools[1].txt C:\Documents and Settings\Karina\Cookies\karina@maxserving[1].txt C:\Documents and Settings\Karina\Cookies\karina@mediaplex[1].txt C:\Documents and Settings\Karina\Cookies\karina@questionmarket[1].txt C:\Documents and Settings\Karina\Cookies\karina@realmedia[2].txt C:\Documents and Settings\Karina\Cookies\karina@serving-sys[2].txt C:\Documents and Settings\Karina\Cookies\karina@stat.onestat[1].txt C:\Documents and Settings\Karina\Cookies\karina@statse.webtrendslive[2].txt C:\Documents and Settings\Karina\Cookies\karina@toplist[1].txt C:\Documents and Settings\Karina\Cookies\karina@track.adform[2].txt C:\Documents and Settings\Karina\Cookies\karina@tradedoubler[2].txt C:\Documents and Settings\Karina\Cookies\karina@tripod[1].txt C:\Documents and Settings\Karina\Cookies\karina@valueclick[1].txt C:\Documents and Settings\Karina\Cookies\karina@z1.adserver[1].txt C:\Documents and Settings\Karina\Cookies\karina@zedo[2].txt C:\Documents and Settings\Lone\Cookies\lone@2o7[2].txt C:\Documents and Settings\Lone\Cookies\lone@ad.borsen[1].txt C:\Documents and Settings\Lone\Cookies\lone@ad.ifrance[1].txt C:\Documents and Settings\Lone\Cookies\lone@ad.ofir[1].txt C:\Documents and Settings\Lone\Cookies\lone@ad1.emediate[2].txt C:\Documents and Settings\Lone\Cookies\lone@adfair[2].txt C:\Documents and Settings\Lone\Cookies\lone@ads.arto[2].txt C:\Documents and Settings\Lone\Cookies\lone@ads.netdok[1].txt C:\Documents and Settings\Lone\Cookies\lone@ads2.jubii[1].txt C:\Documents and Settings\Lone\Cookies\lone@adserver.banneradministration[1].txt C:\Documents and Settings\Lone\Cookies\lone@adtech[1].txt C:\Documents and Settings\Lone\Cookies\lone@advertising[2].txt C:\Documents and Settings\Lone\Cookies\lone@apmebf[2].txt C:\Documents and Settings\Lone\Cookies\lone@as-eu.falkag[2].txt C:\Documents and Settings\Lone\Cookies\lone@as1.falkag[2].txt C:\Documents and Settings\Lone\Cookies\lone@atdmt[2].txt C:\Documents and Settings\Lone\Cookies\lone@banner2.ofir[1].txt C:\Documents and Settings\Lone\Cookies\lone@belnk[1].txt C:\Documents and Settings\Lone\Cookies\lone@bizrate[1].txt C:\Documents and Settings\Lone\Cookies\lone@bs.serving-sys[2].txt C:\Documents and Settings\Lone\Cookies\lone@c.enhance[1].txt C:\Documents and Settings\Lone\Cookies\lone@c.goclick[2].txt C:\Documents and Settings\Lone\Cookies\lone@casalemedia[1].txt C:\Documents and Settings\Lone\Cookies\lone@dist.belnk[2].txt C:\Documents and Settings\Lone\Cookies\lone@ehg-legonewyorkinc.hitbox[2].txt C:\Documents and Settings\Lone\Cookies\lone@fastclick[2].txt C:\Documents and Settings\Lone\Cookies\lone@hg1.hitbox[2].txt C:\Documents and Settings\Lone\Cookies\lone@hitbox[1].txt C:\Documents and Settings\Lone\Cookies\lone@ilead.itrack[1].txt C:\Documents and Settings\Lone\Cookies\lone@indextools[2].txt C:\Documents and Settings\Lone\Cookies\lone@m1.webstats4u[1].txt C:\Documents and Settings\Lone\Cookies\lone@media.fastclick[1].txt C:\Documents and Settings\Lone\Cookies\lone@mediaplex[1].txt C:\Documents and Settings\Lone\Cookies\lone@overture[1].txt C:\Documents and Settings\Lone\Cookies\lone@qksrv[1].txt C:\Documents and Settings\Lone\Cookies\lone@questionmarket[1].txt C:\Documents and Settings\Lone\Cookies\lone@revenue[2].txt C:\Documents and Settings\Lone\Cookies\lone@serving-sys[2].txt C:\Documents and Settings\Lone\Cookies\lone@statcounter[2].txt C:\Documents and Settings\Lone\Cookies\lone@Statstidende[1].txt C:\Documents and Settings\Lone\Cookies\lone@track.adform[1].txt C:\Documents and Settings\Lone\Cookies\lone@tracker.wholinked[1].txt C:\Documents and Settings\Lone\Cookies\lone@tradedoubler[1].txt C:\Documents and Settings\Lone\Cookies\lone@tripod[1].txt C:\Documents and Settings\Lone\Cookies\lone@weborama[2].txt C:\Documents and Settings\Lone\Cookies\lone@www.smartadserver[1].txt C:\Documents and Settings\Lone\Cookies\lone@z1.adserver[1].txt C:\Documents and Settings\TEMP\Cookies\anja@ads.arto[1].txt C:\Documents and Settings\TEMP\Cookies\anja@advertising[1].txt C:\Documents and Settings\TEMP\Cookies\anja@atdmt[1].txt Adware.Toolbar888 C:\Programmer\Toolbar888\Activate.exe C:\Programmer\Toolbar888\MyToolBa0.#ll C:\Programmer\Toolbar888\Uninst.exe C:\Programmer\Toolbar888 Trojan.Freeprod C:\Documents and Settings\Niels\Skrivebord\alfa.exe C:\RECYCLER\S-1-5-21-1275210071-1343024091-250079155-1008\Dc20.exe C:\WINDOWS\Prefetch\ALFA.EXE-2AFD3DF5.pf Unclassified.Unknown Origin C:\Programmer\Logitech\Desktop Messenger\8876480\7.2.0.157-8876480SL\Program\Restart.exe Trojan.LoadAdv-Gen C:\WINDOWS\Prefetch\LOADADV642.EXE-1DBE7F3B.pf Dr web: nsProcess.#ll C:\Documents and Settings\Niels\Lokale indstillinger\Temp\nsu5.tmp Tool.ProcessKill Renamed. drsmartload1135a.#xe C:\Documents and Settings\Niels\Skrivebord Adware.DollarRevenue Renamed. loadadv642.exe C:\Documents and Settings\Niels\Skrivebord Trojan.DownLoader.9899 Civilization3Setup-dm[1].#xe C:\Downloads Adware.TryMedia Renamed. MyToolBar.#ll C:\Programmer\ToolBar888 Adware.FastSearch Renamed. Dc17.exe C:\RECYCLER\S-1-5-21-1275210071-1343024091-250079155-1008 Trojan.DownLoader.9899 Dc21.#xe C:\RECYCLER\S-1-5-21-1275210071-1343024091-250079155-1008 Adware.DollarRevenue Renamed. A0587749.#xe C:\System Volume Information\_restore{A8B1EE5D-9FAA-4466-A359-A3AB289D19AE}\RP341 Adware.DollarRevenue Renamed. A0587751.#ll C:\System Volume Information\_restore{A8B1EE5D-9FAA-4466-A359-A3AB289D19AE}\RP341 Adware.FastSearch Renamed. A0588853.#xe C:\System Volume Information\_restore{A8B1EE5D-9FAA-4466-A359-A3AB289D19AE}\RP342 Adware.DollarRevenue Renamed. A0588854.#xe C:\System Volume Information\_restore{A8B1EE5D-9FAA-4466-A359-A3AB289D19AE}\RP342 Adware.TryMedia Renamed. A0588861.#ll C:\System Volume Information\_restore{A8B1EE5D-9FAA-4466-A359-A3AB289D19AE}\RP343 Adware.FastSearch Renamed. A0588864.#xe C:\System Volume Information\_restore{A8B1EE5D-9FAA-4466-A359-A3AB289D19AE}\RP343 Adware.DollarRevenue Renamed. ewido: ————————————————————————————- ewido anti-malware - Scanningsrapport ————————————————————————————- + Oprettet den: 09:01:00, 23-09-2006 + Rapport-Checksum: 6F823DD9 + Scanningsresultat: C:\Documents and Settings\Anja\Cookies\anja@7search[1].txt -> TrackingCookie.7search : Renset med backup C:\Documents and Settings\Anja\Cookies\anja@adviva[1].txt -> TrackingCookie.Adviva : Renset med backup C:\Documents and Settings\Anja\Cookies\anja@bfast[1].txt -> TrackingCookie.Bfast : Renset med backup C:\Documents and Settings\Anja\Cookies\anja@centrport[1].txt -> TrackingCookie.Centrport : Renset med backup C:\Documents and Settings\Anja\Cookies\anja@estat[1].txt -> TrackingCookie.Estat : Renset med backup C:\Documents and Settings\Anja\Cookies\anja@euniverseads[1].txt -> TrackingCookie.Euniverseads : Renset med backup C:\Documents and Settings\Anja\Cookies\anja@popups.ad-logics[2].txt -> TrackingCookie.Ad-logics : Renset med backup C:\Documents and Settings\Anja\Cookies\anja@trafic[1].txt -> TrackingCookie.Trafic : Renset med backup C:\Documents and Settings\Anja\Cookies\anja@x10[2].txt -> TrackingCookie.X10 : Renset med backup C:\Documents and Settings\Karina\Cookies\karina@commissionpartner[2].txt -> TrackingCookie.Commissionpartner : Renset med backup C:\Documents and Settings\Karina\Cookies\karina@data.coremetrics[1].txt -> TrackingCookie.Coremetrics : Renset med backup C:\Documents and Settings\Karina\Cookies\karina@gator[2].txt -> TrackingCookie.Gator : Renset med backup C:\Documents and Settings\Niels\Cookies\niels@ivwbox[1].txt -> TrackingCookie.Ivwbox : Renset med backup C:\Documents and Settings\Niels\Skrivebord\1.exe/dev.exe -> Backdoor.Rbot.biz : Renset med backup C:\Documents and Settings\Niels\Skrivebord\drsmartload11350.#xe -> Downloader.Adload.ds : Renset med backup C:\Documents and Settings\Niels\Skrivebord\sprY.exe -> Worm.VB.aj : Renset med backup C:\Downloads\Civilization3Setup-dm[10.#xe -> Adware.Trymedia : Renset med backup C:\RECYCLER\S-1-5-21-1275210071-1343024091-250079155-1008\Dc18.exe -> Worm.VB.aj : Renset med backup C:\RECYCLER\S-1-5-21-1275210071-1343024091-250079155-1008\Dc19.exe/dev.exe -> Backdoor.Rbot.biz : Renset med backup C:\RECYCLER\S-1-5-21-1275210071-1343024091-250079155-1008\Dc21___0.#xe -> Downloader.Adload.ds : Renset med backup C:\rnomn.exe -> Hijacker.Costrat.k : Renset med backup ::Rapport slut Hijack Logfile of HijackThis v1.99.1 Scan saved at 09:20:29, on 23-09-2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Programmer\Alwil Software\Avast4\aswUpdSv.exe C:\Programmer\Alwil Software\Avast4\ashServ.exe C:\Programmer\ewido\security suite\ewidoctrl.exe C:\Programmer\ewido\security suite\ewidoguard.exe C:\Programmer\Fælles filer\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\system32\slserv.exe C:\WINDOWS\System32\svchost.exe C:\Programmer\Alwil Software\Avast4\ashMaiSv.exe C:\Programmer\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\Explorer.EXE C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\WINDOWS\System32\LVCOMSX.EXE C:\Programmer\Logitech\Video\LogiTray.exe C:\Programmer\iTunes\iTunesHelper.exe C:\Programmer\iPod\bin\iPodService.exe C:\Programmer\QuickTime\qttask.exe C:\WINDOWS\system32\ctfmon.exe C:\Programmer\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe C:\Programmer\Logitech\Video\FxSvr2.exe C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Programmer\Internet Explorer\IEXPLORE.EXE C:\Documents and Settings\Niels\Skrivebord\Ny mappe\Alternativ.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Programmer\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmer\MSN Apps\MSN Toolbar\01.02.5000.1021\da\msntb.dll O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmer\MSN Apps\MSN Toolbar\01.02.5000.1021\da\msntb.dll O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\System32\LVCOMSX.EXE O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Programmer\Logitech\Video\ISStart.exe O4 - HKLM\..\Run: [LogitechVideoTray] C:\Programmer\Logitech\Video\LogiTray.exe O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u O4 - HKLM\..\Run: [iTunesHelper] “C:\Programmer\iTunes\iTunesHelper.exe” O4 - HKLM\..\Run: [QuickTime Task] “C:\Programmer\QuickTime\qttask.exe” -atboottime O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [LDM] C:\Programmer\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe O4 - HKCU\..\Run: [msnmsgr] “C:\Programmer\MSN Messenger\msnmsgr.exe” /background O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - Global Startup: Adobe Reader Hurtigstart.lnk = C:\Programmer\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Programmer\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe O4 - Global Startup: Microsoft Office.lnk = C:\Programmer\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: E&ksporter; til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe O16 - DPF: Nordea Online investering - https://www.onlineinvestering.nordea.dk/oiclient.nsf/files/client/$FILE/oiclient.cab O16 - DPF: Nordea Online investering 7 - https://www.onlineinvestering.nordea.dk/oiclient.nsf/files/client/$FILE/oiclient.cab O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab O16 - DPF: {258A4F22-23CE-4810-B788-54FD1BCA7C4D} (PrimeInk for Web Applications Signing Component) - https://webreg.dk/nbreg/plugin/web.dll O16 - DPF: {3D6DDD23-870A-4FC8-B3AF-5F67C935A9B7} (Util Class) - https://udstedelse.certifikat.tdc.dk/csp/authenticode/PrimeInkCSP-1204.exe O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab O18 - Protocol: bw+0 - {ABFFC458-5D7B-45FF-8C4D-2ADB9D7D0364} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw+0s - {ABFFC458-5D7B-45FF-8C4D-2ADB9D7D0364} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw-0 - {ABFFC458-5D7B-45FF-8C4D-2ADB9D7D0364} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw-0s - {ABFFC458-5D7B-45FF-8C4D-2ADB9D7D0364} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw00 - {ABFFC458-5D7B-45FF-8C4D-2ADB9D7D0364} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw00s - {ABFFC458-5D7B-45FF-8C4D-2ADB9D7D0364} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw10 - {ABFFC458-5D7B-45FF-8C4D-2ADB9D7D0364} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw10s - {ABFFC458-5D7B-45FF-8C4D-2ADB9D7D0364} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw20 - {ABFFC458-5D7B-45FF-8C4D-2ADB9D7D0364} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw20s - {ABFFC458-5D7B-45FF-8C4D-2ADB9D7D0364} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw30 - {ABFFC458-5D7B-45FF-8C4D-2ADB9D7D0364} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw30s - {ABFFC458-5D7B-45FF-8C4D-2ADB9D7D0364} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw40 - {ABFFC458-5D7B-45FF-8C4D-2ADB9D7D0364} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw40s - {ABFFC458-5D7B-45FF-8C4D-2ADB9D7D0364} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw50 - {ABFFC458-5D7B-45FF-8C4D-2ADB9D7D0364} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw50s - {ABFFC458-5D7B-45FF-8C4D-2ADB9D7D0364} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw60 - {ABFFC458-5D7B-45FF-8C4D-2ADB9D7D0364} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw60s - {ABFFC458-5D7B-45FF-8C4D-2ADB9D7D0364} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw70 - {ABFFC458-5D7B-45FF-8C4D-2ADB9D7D0364} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw70s - {ABFFC458-5D7B-45FF-8C4D-2ADB9D7D0364} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw80 - {ABFFC458-5D7B-45FF-8C4D-2ADB9D7D0364} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw80s - {ABFFC458-5D7B-45FF-8C4D-2ADB9D7D0364} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw90 - {ABFFC458-5D7B-45FF-8C4D-2ADB9D7D0364} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw90s - {ABFFC458-5D7B-45FF-8C4D-2ADB9D7D0364} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwa0 - {ABFFC458-5D7B-45FF-8C4D-2ADB9D7D0364} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwa0s - {ABFFC458-5D7B-45FF-8C4D-2ADB9D7D0364} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwb0 - {ABFFC458-5D7B-45FF-8C4D-2ADB9D7D0364} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwb0s - {ABFFC458-5D7B-45FF-8C4D-2ADB9D7D0364} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwc0 - {ABFFC458-5D7B-45FF-8C4D-2ADB9D7D0364} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwc0s - {ABFFC458-5D7B-45FF-8C4D-2ADB9D7D0364} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwd0 - {ABFFC458-5D7B-45FF-8C4D-2ADB9D7D0364} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwd0s - {ABFFC458-5D7B-45FF-8C4D-2ADB9D7D0364} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwe0 - {ABFFC458-5D7B-45FF-8C4D-2ADB9D7D0364} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwe0s - {ABFFC458-5D7B-45FF-8C4D-2ADB9D7D0364} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwf0 - {ABFFC458-5D7B-45FF-8C4D-2ADB9D7D0364} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwf0s - {ABFFC458-5D7B-45FF-8C4D-2ADB9D7D0364} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll O18 - Protocol: bwg0 - {ABFFC458-5D7B-45FF-8C4D-2ADB9D7D0364} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwg0s - {ABFFC458-5D7B-45FF-8C4D-2ADB9D7D0364} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwh0 - {ABFFC458-5D7B-45FF-8C4D-2ADB9D7D0364} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwh0s - {ABFFC458-5D7B-45FF-8C4D-2ADB9D7D0364} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwi0 - {ABFFC458-5D7B-45FF-8C4D-2ADB9D7D0364} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwi0s - {ABFFC458-5D7B-45FF-8C4D-2ADB9D7D0364} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwj0 - {ABFFC458-5D7B-45FF-8C4D-2ADB9D7D0364} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwj0s - {ABFFC458-5D7B-45FF-8C4D-2ADB9D7D0364} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwk0 - {ABFFC458-5D7B-45FF-8C4D-2ADB9D7D0364} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwk0s - {ABFFC458-5D7B-45FF-8C4D-2ADB9D7D0364} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwl0 - {ABFFC458-5D7B-45FF-8C4D-2ADB9D7D0364} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwl0s - {ABFFC458-5D7B-45FF-8C4D-2ADB9D7D0364} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwm0 - {ABFFC458-5D7B-45FF-8C4D-2ADB9D7D0364} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwm0s - {ABFFC458-5D7B-45FF-8C4D-2ADB9D7D0364} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwn0 - {ABFFC458-5D7B-45FF-8C4D-2ADB9D7D0364} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwn0s - {ABFFC458-5D7B-45FF-8C4D-2ADB9D7D0364} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwo0 - {ABFFC458-5D7B-45FF-8C4D-2ADB9D7D0364} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwo0s - {ABFFC458-5D7B-45FF-8C4D-2ADB9D7D0364} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwp0 - {ABFFC458-5D7B-45FF-8C4D-2ADB9D7D0364} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwp0s - {ABFFC458-5D7B-45FF-8C4D-2ADB9D7D0364} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwq0 - {ABFFC458-5D7B-45FF-8C4D-2ADB9D7D0364} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwq0s - {ABFFC458-5D7B-45FF-8C4D-2ADB9D7D0364} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwr0 - {ABFFC458-5D7B-45FF-8C4D-2ADB9D7D0364} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwr0s - {ABFFC458-5D7B-45FF-8C4D-2ADB9D7D0364} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bws0 - {ABFFC458-5D7B-45FF-8C4D-2ADB9D7D0364} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bws0s - {ABFFC458-5D7B-45FF-8C4D-2ADB9D7D0364} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwt0 - {ABFFC458-5D7B-45FF-8C4D-2ADB9D7D0364} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwt0s - {ABFFC458-5D7B-45FF-8C4D-2ADB9D7D0364} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwu0 - {ABFFC458-5D7B-45FF-8C4D-2ADB9D7D0364} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwu0s - {ABFFC458-5D7B-45FF-8C4D-2ADB9D7D0364} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwv0 - {ABFFC458-5D7B-45FF-8C4D-2ADB9D7D0364} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwv0s - {ABFFC458-5D7B-45FF-8C4D-2ADB9D7D0364} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bww0 - {ABFFC458-5D7B-45FF-8C4D-2ADB9D7D0364} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bww0s - {ABFFC458-5D7B-45FF-8C4D-2ADB9D7D0364} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwx0 - {ABFFC458-5D7B-45FF-8C4D-2ADB9D7D0364} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwx0s - {ABFFC458-5D7B-45FF-8C4D-2ADB9D7D0364} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwy0 - {ABFFC458-5D7B-45FF-8C4D-2ADB9D7D0364} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwy0s - {ABFFC458-5D7B-45FF-8C4D-2ADB9D7D0364} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwz0 - {ABFFC458-5D7B-45FF-8C4D-2ADB9D7D0364} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwz0s - {ABFFC458-5D7B-45FF-8C4D-2ADB9D7D0364} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: offline-8876480 - {ABFFC458-5D7B-45FF-8C4D-2ADB9D7D0364} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O20 - Winlogon Notify: SASWinLogon - C:\Programmer\SUPERAntiSpyware\SASWINLO.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Programmer\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - Unknown owner - C:\Programmer\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Programmer\Alwil Software\Avast4\ashMaiSv.exe” /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Programmer\Alwil Software\Avast4\ashWebSv.exe” /service (file missing) O23 - Service: ewido security suite control - ewido networks - C:\Programmer\ewido\security suite\ewidoctrl.exe O23 - Service: ewido security suite guard - ewido networks - C:\Programmer\ewido\security suite\ewidoguard.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmer\Fælles filer\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Programmer\iPod\bin\iPodService.exe O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Programmer\TuneUp Utilities 2006\WinStylerThemeSvc.exe
[ Ignorer ] [ # 4 ] Magic Emeritus
23.09.2006 12:12:19 Administrator Supporter Emeritus Antal indlæg: 29613	Der er kun nogen småting i loggen, men der er tegn på et Rootkit i Superantispyware loggen, så jeg får lige vores Rootkit “haj” til at kigge herind, når han kommer online
[ Ignorer ] [ # 5 ] Teddy1977
23.09.2006 16:38:41 Antal indlæg: 509	cool.. efter jeg har fået renset den så når jeg logger på så er der en eller anden fejl når jeg starter, den starter windows fint og jeg får logget fint på, men der kommer sådan et error adgang nægtet hvor jeg kun kan trykke ok, så når jeg har gjort det og det er sket gentagne gange(3-4 stykker) så går det væk og alting ser ud til at virke perfekt [ Rettet: 23.09.2006, 16:42 af Teddy1977 ]
[ Ignorer ] [ # 6 ] Ejvindh
23.09.2006 21:39:12 Redaktør Team Spywarefri Antal indlæg: 6048	Det ser ud til at SAS måske er begyndt at tage sig af et kendt rootkit, men for en sikkerhedsskyld må vi hellere lige checke den. Jeg overfører derfor tråden til Rootkit-kategorien. Der gælder nogle særlige forhold for supporten i denne kategori, som du kan læse om her: http://www.spywarefri.dk/forum/topic.asp?TOPIC_ID=29320 (1) Gå ned på bunden af denne side, og download Rootkitrevealer http://www.sysinternals.com/Utilities/RootkitRevealer.html Pak filen ud til en mappe på skrivebordet. Tag netstikket ud af computeren, og luk alle åbne vinduer. Åbn rootkitrevealer-mappen, og dobbeltklik på rootkitrevealer.exe Klik på Options, og sørg for, at der er flueben ud for “Hide standard NTFS Metadata files”. Klik så på Scan, nederst til højre. Imens programmet scanner må du ikke bruge computeren til andre ting. Når scanningen er færdig, klik på File igen, vælg Save og gem logfilen. Kopier RootkitReveal.txt herind. (2) Hent Blacklight her https://europe.f-secure.com/blacklight/try.shtml Scroll ned på siden, og klik “iaccept”. På næste side kan du downloade Blacklight til skrivebordet. Dobbeltklik filen, og klik scan. Når den er færdig laver den en log på skrivebordet. Kopier loggen her ind. Du skal ikke lade Blacklight fjerne noget endnu. (3)Download Gmer-rootkit scanner, og pak den ud til skrivebordet: http://www.gmer.net/gmer.zip Kør programmet, klik på fanebladet “Rootkit”, og klik på “Scan”. Når scanningen er færdig, skal du klikke på “Copy”. Så dukker et vindue op, som fortæller at resultatet af rootkit-scanningen er blevet lagt ind i udklipsholderen. Du kan herefter gå ind i denne tråd, og kopiere indholdet herind, ved at stille dig i indtastningsfeltet, og trykke ctrl-v.
[ Ignorer ] [ # 7 ] Teddy1977
24.09.2006 01:46:27 Antal indlæg: 509	får af en eller anden årsag ikk lov at installere rootkitrevealer. den siger bare en eller anden tone og så sker der ikk mere
[ Ignorer ] [ # 8 ] Ejvindh
24.09.2006 14:25:44 Redaktør Team Spywarefri Antal indlæg: 6048	Så fortsæt med de 2 andre.
[ Ignorer ] [ # 9 ] Teddy1977
26.09.2006 19:36:16 Antal indlæg: 509	har måtte aflevere computeren til ejeren da den bare skulle bruges.. men mange tak for hjælpen
[ Ignorer ] [ # 10 ] Fromsej TeamSpywarefri
26.09.2006 20:56:06 Administrator Team Spywarefri Antal indlæg: 55091	Velbekomme. Jeg låser tråden, du er velkommen igen. Signatur Member of “Alliance of Security Analysis Professionals” - Alle angaben wie immer “nur mit pistole” Græd du også over eventyret om smedens kat, da du var lille? http://www.spywarefri.dk/medarbejderne/ Nierne bomaye - You’ll never walk alone qui potest, obligatur
[ Ignorer ] [ # 11 ] Ejvindh
26.09.2006 21:31:51 Redaktør Team Spywarefri Antal indlæg: 6048	Lige en afsluttende bemærkning: Du bør i så fald informere ejeren om, at den sandsynligvis er sikkerhedsmæssigt kompromiteret. Det faktum at rootkitrevealer ikke fungerede tyder på, at rootkittet stadig er aktivt.