Spywarefri Forum | inficeret computer

1 af 2

inficeret computer

[ Ignorer ] morten60
18.12.2006 22:49:34 Antal indlæg: 12	Hej! - den er jo helt gal med min computer - håber I kan hjælpe;) ... her er de to logs: HijackThis-log: Logfile of HijackThis v1.99.1 Scan saved at 20:42:27, on 18-12-2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\wltrysvc.exe C:\WINDOWS\System32\bcmwltry.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Programmer\Synaptics\SynTP\SynTPEnh.exe C:\Programmer\Java\j2re1.4.2_03\bin\jusched.exe C:\WINDOWS\stsystra.exe C:\WINDOWS\system32\WLTRAY.exe C:\Programmer\r\CyberLink\PowerDVD\DVDLauncher.exe C:\Programmer\Fælles filer\InstallShield\UpdateService\issch.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\WINDOWS\system32\igfxsrvc.exe C:\Programmer\Winamp\winampa.exe C:\Programmer\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\Programmer\??mbols\w?crtupd.exe C:\Programmer\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\WINDOWS\system32\msasvc.exe C:\Programmer\Dell\NICCONFIGSVC\NICCONFIGSVC.exe C:\Programmer\Sun\StarOffice 8\program\soffice.exe C:\Programmer\Sun\StarOffice 8\program\soffice.BIN C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\wuauclt.exe C:\Documents and Settings\HAGEN SERVICE 3\Skrivebord\spywarefri\alternativ.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://signon.stofanet.dk/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www1.euro.dell.com/content/default.aspx?c=de&l=de&s=gen R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www1.euro.dell.com/content/default.aspx?c=de&l=de&s=gen R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks R3 - URLSearchHook: (no name) - {88E1197E-DD9F-F039-9EFD-86FA38DA6D96} - C:\WINDOWS\system32\rtjzahvj.dll (file missing) R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file) O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {88E1197E-DD9F-F039-9EFD-86FA38DA6D96} - C:\WINDOWS\system32\rtjzahvj.dll (file missing) O2 - BHO: Bar888 - {C1B4DEC2-2623-438e-9CA2-C9043AB28508} - C:\PROGRA~1\FÆLLES~1\{3C99D~1\Bar888.dll (file missing) O3 - Toolbar: Bar888 - {C1B4DEC2-2623-438e-9CA2-C9043AB28508} - C:\PROGRA~1\FÆLLES~1\{3C99D~1\Bar888.dll (file missing) O4 - HKLM\..\Run: [SynTPEnh] C:\Programmer\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmer\Java\j2re1.4.2_03\bin\jusched.exe O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe O4 - HKLM\..\Run: [Dell Wireless Manager UI] C:\WINDOWS\system32\WLTRAY O4 - HKLM\..\Run: [DVDLauncher] “C:\Programmer\r\CyberLink\PowerDVD\DVDLauncher.exe” O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FÆLLES~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup O4 - HKLM\..\Run: [ISUSScheduler] “C:\Programmer\Fælles filer\InstallShield\UpdateService\issch.exe” -start O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [WinampAgent] C:\Programmer\Winamp\winampa.exe O4 - HKLM\..\Run: [explorer] C:\Documents and Settings\HAGEN SERVICE 3\Skrivebord\ww.exe O4 - HKLM\..\Run: [WINDOWS] C:\egnt.exe O4 - HKLM\..\Run: [!AVG Anti-Spyware] “C:\Programmer\Grisoft\AVG Anti-Spyware 7.5\avgas.exe” /minimized O4 - HKCU\..\Run: [ModemOnHold] C:\Programmer\NetWaiting\netwaiting.exe O4 - HKCU\..\Run: [Mltoxizt] C:\Programmer\??mbols\w?crtupd.exe O4 - HKCU\..\Run: [Mmos] “C:\WINDOWS\FNTS~1\rundll32.exe” -vt ndrv O4 - Startup: StarOffice 8.lnk = C:\Programmer\Sun\StarOffice 8\program\quickstart.exe O8 - Extra context menu item: E&ksporter; til Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\j2re1.4.2_03\bin\npjpi142_03.dll O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\j2re1.4.2_03\bin\npjpi142_03.dll O9 - Extra button: Opslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe (file missing) O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe (file missing) O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {E055C02E-6258-40FF-80A7-3BDA52FACAD7} - http://activex.matcash.com/speedtest2.dll O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Programmer\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmer\Fælles filer\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Microsoft authenticate service (MsaSvc) - Unknown owner - C:\WINDOWS\system32\msasvc.exe O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Programmer\Dell\NICCONFIGSVC\NICCONFIGSVC.exe O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe ___________________________________ AVG antispyware log: ————————————————————————————- AVG Anti-Spyware - Scan Report ————————————————————————————- + Created at: 20:33:42 18-12-2006 + Scan result: C:\Programmer\Fælles filer\Yazzle1122OinUninstaller.exe -> Adware.ClickSpring : Ignored. C:\Programmer\Common Files\Companion Wizard\WapCHK.dll -> Adware.Companion : Ignored. C:\System Volume Information\_restore{26FBF7D6-90BD-4B6B-9B40-27D3A07CC125}\RP121\A0011105.exe -> Adware.Maxifiles : Ignored. C:\Documents and Settings\HAGEN SERVICE 3\mt-uninstaller.exe -> Adware.PurityScan : Ignored. C:\System Volume Information\_restore{26FBF7D6-90BD-4B6B-9B40-27D3A07CC125}\RP114\A0004931.dll -> Adware.PurityScan : Ignored. C:\System Volume Information\_restore{26FBF7D6-90BD-4B6B-9B40-27D3A07CC125}\RP115\A0004956.dll -> Adware.PurityScan : Ignored. C:\System Volume Information\_restore{26FBF7D6-90BD-4B6B-9B40-27D3A07CC125}\RP118\A0008991.dll -> Adware.PurityScan : Ignored. C:\WINDOWS\system32\rtjzahvj.dll -> Adware.PurityScan : Ignored. C:\Programmer\Fælles filer\{1C99DE5A-0574-1030-1121-05111420002d}\system.dll -> Adware.Softomate : Ignored. C:\Programmer\Fælles filer\{3C99DE5A-0574-1030-1121-05111420002d}\Bar888.dll -> Adware.Softomate : Ignored. C:\System Volume Information\_restore{26FBF7D6-90BD-4B6B-9B40-27D3A07CC125}\RP113\A0004573.dll -> Adware.Softomate : Ignored. C:\System Volume Information\_restore{26FBF7D6-90BD-4B6B-9B40-27D3A07CC125}\RP113\A0004574.exe -> Adware.Softomate : Ignored. C:\System Volume Information\_restore{26FBF7D6-90BD-4B6B-9B40-27D3A07CC125}\RP113\A0004577.dll -> Adware.Softomate : Ignored. C:\System Volume Information\_restore{26FBF7D6-90BD-4B6B-9B40-27D3A07CC125}\RP113\A0004578.exe -> Adware.Softomate : Ignored. C:\System Volume Information\_restore{26FBF7D6-90BD-4B6B-9B40-27D3A07CC125}\RP113\A0004579.dll -> Adware.Softomate : Ignored. C:\System Volume Information\_restore{26FBF7D6-90BD-4B6B-9B40-27D3A07CC125}\RP113\A0004580.exe -> Adware.Softomate : Ignored. C:\System Volume Information\_restore{26FBF7D6-90BD-4B6B-9B40-27D3A07CC125}\RP113\A0004581.dll -> Adware.Softomate : Ignored. C:\System Volume Information\_restore{26FBF7D6-90BD-4B6B-9B40-27D3A07CC125}\RP113\A0004582.exe -> Adware.Softomate : Ignored. C:\System Volume Information\_restore{26FBF7D6-90BD-4B6B-9B40-27D3A07CC125}\RP113\A0004583.dll -> Adware.Softomate : Ignored. C:\System Volume Information\_restore{26FBF7D6-90BD-4B6B-9B40-27D3A07CC125}\RP113\A0004584.exe -> Adware.Softomate : Ignored. C:\System Volume Information\_restore{26FBF7D6-90BD-4B6B-9B40-27D3A07CC125}\RP113\A0004585.dll -> Adware.Softomate : Ignored. C:\System Volume Information\_restore{26FBF7D6-90BD-4B6B-9B40-27D3A07CC125}\RP113\A0004586.exe -> Adware.Softomate : Ignored. C:\System Volume Information\_restore{26FBF7D6-90BD-4B6B-9B40-27D3A07CC125}\RP113\A0004587.dll -> Adware.Softomate : Ignored. C:\System Volume Information\_restore{26FBF7D6-90BD-4B6B-9B40-27D3A07CC125}\RP113\A0004588.exe -> Adware.Softomate : Ignored. C:\System Volume Information\_restore{26FBF7D6-90BD-4B6B-9B40-27D3A07CC125}\RP113\A0004589.dll -> Adware.Softomate : Ignored. C:\System Volume Information\_restore{26FBF7D6-90BD-4B6B-9B40-27D3A07CC125}\RP113\A0004590.exe -> Adware.Softomate : Ignored. C:\System Volume Information\_restore{26FBF7D6-90BD-4B6B-9B40-27D3A07CC125}\RP113\A0004591.dll -> Adware.Softomate : Ignored. C:\System Volume Information\_restore{26FBF7D6-90BD-4B6B-9B40-27D3A07CC125}\RP113\A0004592.exe -> Adware.Softomate : Ignored. C:\System Volume Information\_restore{26FBF7D6-90BD-4B6B-9B40-27D3A07CC125}\RP113\A0004593.dll -> Adware.Softomate : Ignored. C:\System Volume Information\_restore{26FBF7D6-90BD-4B6B-9B40-27D3A07CC125}\RP113\A0004594.exe -> Adware.Softomate : Ignored. C:\System Volume Information\_restore{26FBF7D6-90BD-4B6B-9B40-27D3A07CC125}\RP113\A0004595.dll -> Adware.Softomate : Ignored. C:\System Volume Information\_restore{26FBF7D6-90BD-4B6B-9B40-27D3A07CC125}\RP113\A0004596.exe -> Adware.Softomate : Ignored. C:\System Volume Information\_restore{26FBF7D6-90BD-4B6B-9B40-27D3A07CC125}\RP113\A0004597.dll -> Adware.Softomate : Ignored. C:\System Volume Information\_restore{26FBF7D6-90BD-4B6B-9B40-27D3A07CC125}\RP113\A0004598.exe -> Adware.Softomate : Ignored. C:\System Volume Information\_restore{26FBF7D6-90BD-4B6B-9B40-27D3A07CC125}\RP113\A0004602.dll -> Adware.Softomate : Ignored. C:\System Volume Information\_restore{26FBF7D6-90BD-4B6B-9B40-27D3A07CC125}\RP113\A0004603.exe -> Adware.Softomate : Ignored. C:\System Volume Information\_restore{26FBF7D6-90BD-4B6B-9B40-27D3A07CC125}\RP113\A0004607.dll -> Adware.Softomate : Ignored. C:\System Volume Information\_restore{26FBF7D6-90BD-4B6B-9B40-27D3A07CC125}\RP113\A0004608.exe -> Adware.Softomate : Ignored. C:\System Volume Information\_restore{26FBF7D6-90BD-4B6B-9B40-27D3A07CC125}\RP113\A0004609.dll -> Adware.Softomate : Ignored. C:\System Volume Information\_restore{26FBF7D6-90BD-4B6B-9B40-27D3A07CC125}\RP113\A0004610.exe -> Adware.Softomate : Ignored. C:\System Volume Information\_restore{26FBF7D6-90BD-4B6B-9B40-27D3A07CC125}\RP113\A0004611.dll -> Adware.Softomate : Ignored. C:\System Volume Information\_restore{26FBF7D6-90BD-4B6B-9B40-27D3A07CC125}\RP113\A0004612.exe -> Adware.Softomate : Ignored. C:\System Volume Information\_restore{26FBF7D6-90BD-4B6B-9B40-27D3A07CC125}\RP113\A0004613.dll -> Adware.Softomate : Ignored. C:\System Volume Information\_restore{26FBF7D6-90BD-4B6B-9B40-27D3A07CC125}\RP113\A0004614.exe -> Adware.Softomate : Ignored. C:\System Volume Information\_restore{26FBF7D6-90BD-4B6B-9B40-27D3A07CC125}\RP113\A0004615.dll -> Adware.Softomate : Ignored. C:\System Volume Information\_restore{26FBF7D6-90BD-4B6B-9B40-27D3A07CC125}\RP113\A0004616.exe -> Adware.Softomate : Ignored. C:\System Volume Information\_restore{26FBF7D6-90BD-4B6B-9B40-27D3A07CC125}\RP113\A0004617.dll -> Adware.Softomate : Ignored. C:\System Volume Information\_restore{26FBF7D6-90BD-4B6B-9B40-27D3A07CC125}\RP113\A0004618.exe -> Adware.Softomate : Ignored. C:\System Volume Information\_restore{26FBF7D6-90BD-4B6B-9B40-27D3A07CC125}\RP113\A0004619.dll -> Adware.Softomate : Ignored. C:\System Volume Information\_restore{26FBF7D6-90BD-4B6B-9B40-27D3A07CC125}\RP113\A0004620.exe -> Adware.Softomate : Ignored. C:\System Volume Information\_restore{26FBF7D6-90BD-4B6B-9B40-27D3A07CC125}\RP113\A0004621.dll -> Adware.Softomate : Ignored. C:\System Volume Information\_restore{26FBF7D6-90BD-4B6B-9B40-27D3A07CC125}\RP113\A0004622.exe -> Adware.Softomate : Ignored. C:\System Volume Information\_restore{26FBF7D6-90BD-4B6B-9B40-27D3A07CC125}\RP113\A0004623.dll -> Adware.Softomate : Ignored. C:\System Volume Information\_restore{26FBF7D6-90BD-4B6B-9B40-27D3A07CC125}\RP113\A0004624.exe -> Adware.Softomate : Ignored. C:\System Volume Information\_restore{26FBF7D6-90BD-4B6B-9B40-27D3A07CC125}\RP113\A0004625.dll -> Adware.Softomate : Ignored. C:\System Volume Information\_restore{26FBF7D6-90BD-4B6B-9B40-27D3A07CC125}\RP113\A0004626.exe -> Adware.Softomate : Ignored. C:\System Volume Information\_restore{26FBF7D6-90BD-4B6B-9B40-27D3A07CC125}\RP113\A0004627.dll -> Adware.Softomate : Ignored. C:\System Volume Information\_restore{26FBF7D6-90BD-4B6B-9B40-27D3A07CC125}\RP113\A0004628.exe -> Adware.Softomate : Ignored. C:\System Volume Information\_restore{26FBF7D6-90BD-4B6B-9B40-27D3A07CC125}\RP113\A0004629.dll -> Adware.Softomate : Ignored. C:\System Volume Information\_restore{26FBF7D6-90BD-4B6B-9B40-27D3A07CC125}\RP113\A0004630.exe -> Adware.Softomate : Ignored. C:\System Volume Information\_restore{26FBF7D6-90BD-4B6B-9B40-27D3A07CC125}\RP113\A0004631.dll -> Adware.Softomate : Ignored. C:\System Volume Information\_restore{26FBF7D6-90BD-4B6B-9B40-27D3A07CC125}\RP113\A0004632.exe -> Adware.Softomate : Ignored. C:\System Volume Information\_restore{26FBF7D6-90BD-4B6B-9B40-27D3A07CC125}\RP113\A0004633.dll -> Adware.Softomate : Ignored. C:\System Volume Information\_restore{26FBF7D6-90BD-4B6B-9B40-27D3A07CC125}\RP113\A0004634.exe -> Adware.Softomate : Ignored. C:\System Volume Information\_restore{26FBF7D6-90BD-4B6B-9B40-27D3A07CC125}\RP113\A0004635.dll -> Adware.Softomate : Ignored. C:\System Volume Information\_restore{26FBF7D6-90BD-4B6B-9B40-27D3A07CC125}\RP113\A0004636.exe -> Adware.Softomate : Ignored. C:\System Volume Information\_restore{26FBF7D6-90BD-4B6B-9B40-27D3A07CC125}\RP113\A0004637.dll -> Adware.Softomate : Ignored. C:\System Volume Information\_restore{26FBF7D6-90BD-4B6B-9B40-27D3A07CC125}\RP113\A0004638.exe -> Adware.Softomate : Ignored. C:\System Volume Information\_restore{26FBF7D6-90BD-4B6B-9B40-27D3A07CC125}\RP113\A0004639.dll -> Adware.Softomate : Ignored. C:\System Volume Information\_restore{26FBF7D6-90BD-4B6B-9B40-27D3A07CC125}\RP113\A0004640.exe -> Adware.Softomate : Ignored. C:\System Volume Information\_restore{26FBF7D6-90BD-4B6B-9B40-27D3A07CC125}\RP113\A0004641.dll -> Adware.Softomate : Ignored. C:\System Volume Information\_restore{26FBF7D6-90BD-4B6B-9B40-27D3A07CC125}\RP113\A0004642.exe -> Adware.Softomate : Ignored. C:\System Volume Information\_restore{26FBF7D6-90BD-4B6B-9B40-27D3A07CC125}\RP113\A0004643.dll -> Adware.Softomate : Ignored. C:\System Volume Information\_restore{26FBF7D6-90BD-4B6B-9B40-27D3A07CC125}\RP113\A0004644.exe -> Adware.Softomate : Ignored. C:\System Volume Information\_restore{26FBF7D6-90BD-4B6B-9B40-27D3A07CC125}\RP113\A0004645.dll -> Adware.Softomate : Ignored. C:\System Volume Information\_restore{26FBF7D6-90BD-4B6B-9B40-27D3A07CC125}\RP113\A0004646.exe -> Adware.Softomate : Ignored. C:\System Volume Information\_restore{26FBF7D6-90BD-4B6B-9B40-27D3A07CC125}\RP113\A0004647.dll -> Adware.Softomate : Ignored. C:\System Volume Information\_restore{26FBF7D6-90BD-4B6B-9B40-27D3A07CC125}\RP113\A0004648.exe -> Adware.Softomate : Ignored. C:\System Volume Information\_restore{26FBF7D6-90BD-4B6B-9B40-27D3A07CC125}\RP113\A0004653.dll -> Adware.Softomate : Ignored. C:\System Volume Information\_restore{26FBF7D6-90BD-4B6B-9B40-27D3A07CC125}\RP113\A0004654.exe -> Adware.Softomate : Ignored. C:\System Volume Information\_restore{26FBF7D6-90BD-4B6B-9B40-27D3A07CC125}\RP113\A0004655.dll -> Adware.Softomate : Ignored. C:\System Volume Information\_restore{26FBF7D6-90BD-4B6B-9B40-27D3A07CC125}\RP113\A0004656.exe -> Adware.Softomate : Ignored. C:\System Volume Information\_restore{26FBF7D6-90BD-4B6B-9B40-27D3A07CC125}\RP113\A0004657.dll -> Adware.Softomate : Ignored. C:\System Volume Information\_restore{26FBF7D6-90BD-4B6B-9B40-27D3A07CC125}\RP113\A0004658.exe -> Adware.Softomate : Ignored. C:\System Volume Information\_restore{26FBF7D6-90BD-4B6B-9B40-27D3A07CC125}\RP113\A0004659.dll -> Adware.Softomate : Ignored. C:\System Volume Information\_restore{26FBF7D6-90BD-4B6B-9B40-27D3A07CC125}\RP113\A0004660.exe -> Adware.Softomate : Ignored. C:\System Volume Information\_restore{26FBF7D6-90BD-4B6B-9B40-27D3A07CC125}\RP113\A0004661.dll -> Adware.Softomate : Ignored. C:\System Volume Information\_restore{26FBF7D6-90BD-4B6B-9B40-27D3A07CC125}\RP113\A0004662.exe -> Adware.Softomate : Ignored. C:\System Volume Information\_restore{26FBF7D6-90BD-4B6B-9B40-27D3A07CC125}\RP113\A0004663.dll -> Adware.Softomate : Ignored. C:\System Volume Information\_restore{26FBF7D6-90BD-4B6B-9B40-27D3A07CC125}\RP113\A0004664.exe -> Adware.Softomate : Ignored. C:\System Volume Information\_restore{26FBF7D6-90BD-4B6B-9B40-27D3A07CC125}\RP113\A0004665.dll -> Adware.Softomate : Ignored. C:\System Volume Information\_restore{26FBF7D6-90BD-4B6B-9B40-27D3A07CC125}\RP113\A0004666.exe -> Adware.Softomate : Ignored. C:\System Volume Information\_restore{26FBF7D6-90BD-4B6B-9B40-27D3A07CC125}\RP113\A0004667.dll -> Adware.Softomate : Ignored. C:\System Volume Information\_restore{26FBF7D6-90BD-4B6B-9B40-27D3A07CC125}\RP113\A0004668.exe -> Adware.Softomate : Ignored. C:\System Volume Information\_restore{26FBF7D6-90BD-4B6B-9B40-27D3A07CC125}\RP113\A0004669.dll -> Adware.Softomate : Ignored. C:\System Volume Information\_restore{26FBF7D6-90BD-4B6B-9B40-27D3A07CC125}\RP113\A0004670.exe -> Adware.Softomate : Ignored. C:\System Volume Information\_restore{26FBF7D6-90BD-4B6B-9B40-27D3A07CC125}\RP113\A0004671.dll -> Adware.Softomate : Ignored. C:\System Volume Information\_restore{26FBF7D6-90BD-4B6B-9B40-27D3A07CC125}\RP113\A0004672.exe -> Adware.Softomate : Ignored. C:\System Volume Information\_restore{26FBF7D6-90BD-4B6B-9B40-27D3A07CC125}\RP113\A0004673.dll -> Adware.Softomate : Ignored. C:\System Volume Information\_restore{26FBF7D6-90BD-4B6B-9B40-27D3A07CC125}\RP113\A0004674.exe -> Adware.Softomate : Ignored. C:\System Volume Information\_restore{26FBF7D6-90BD-4B6B-9B40-27D3A07CC125}\RP113\A0004675.dll -> Adware.Softomate : Ignored. C:\System Volume Information\_restore{26FBF7D6-90BD-4B6B-9B40-27D3A07CC125}\RP113\A0004676.exe -> Adware.Softomate : Ignored. C:\System Volume Information\_restore{26FBF7D6-90BD-4B6B-9B40-27D3A07CC125}\RP113\A0004677.dll -> Adware.Softomate : Ignored. C:\System Volume Information\_restore{26FBF7D6-90BD-4B6B-9B40-27D3A07CC125}\RP113\A0004678.exe -> Adware.Softomate : Ignored. C:\System Volume Information\_restore{26FBF7D6-90BD-4B6B-9B40-27D3A07CC125}\RP113\A0004679.dll -> Adware.Softomate : Ignored. C:\System Volume Information\_restore{26FBF7D6-90BD-4B6B-9B40-27D3A07CC125}\RP113\A0004680.exe -> Adware.Softomate : Ignored. C:\System Volume Information\_restore{26FBF7D6-90BD-4B6B-9B40-27D3A07CC125}\RP113\A0004681.dll -> Adware.Softomate : Ignored. C:\System Volume Information\_restore{26FBF7D6-90BD-4B6B-9B40-27D3A07CC125}\RP113\A0004682.exe -> Adware.Softomate : Ignored. C:\System Volume Information\_restore{26FBF7D6-90BD-4B6B-9B40-27D3A07CC125}\RP113\A0004683.dll -> Adware.Softomate : Ignored. C:\System Volume Information\_restore{26FBF7D6-90BD-4B6B-9B40-27D3A07CC125}\RP113\A0004684.exe -> Adware.Softomate : Ignored. C:\System Volume Information\_restore{26FBF7D6-90BD-4B6B-9B40-27D3A07CC125}\RP113\A0004685.dll -> Adware.Softomate : Ignored. C:\System Volume Information\_restore{26FBF7D6-90BD-4B6B-9B40-27D3A07CC125}\RP113\A0004686.exe -> Adware.Softomate : Ignored. C:\System Volume Information\_restore{26FBF7D6-90BD-4B6B-9B40-27D3A07CC125}\RP113\A0004687.dll -> Adware.Softomate : Ignored. C:\System Volume Information\_restore{26FBF7D6-90BD-4B6B-9B40-27D3A07CC125}\RP113\A0004688.exe -> Adware.Softomate : Ignored. C:\System Volume Information\_restore{26FBF7D6-90BD-4B6B-9B40-27D3A07CC125}\RP113\A0004689.dll -> Adware.Softomate : Ignored. C:\System Volume Information\_restore{26FBF7D6-90BD-4B6B-9B40-27D3A07CC125}\RP113\A0004690.exe -> Adware.Softomate : Ignored. C:\System Volume Information\_restore{26FBF7D6-90BD-4B6B-9B40-27D3A07CC125}\RP113\A0004691.dll -> Adware.Softomate : Ignored. C:\System Volume Information\_restore{26FBF7D6-90BD-4B6B-9B40-27D3A07CC125}\RP113\A0004692.exe -> Adware.Softomate : Ignored. C:\System Volume Information\_restore{26FBF7D6-90BD-4B6B-9B40-27D3A07CC125}\RP113\A0004693.dll -> Adware.Softomate : Ignored. C:\System Volume Information\_restore{26FBF7D6-90BD-4B6B-9B40-27D3A07CC125}\RP113\A0004694.exe -> Adware.Softomate : Ignored. C:\System Volume Information\_restore{26FBF7D6-90BD-4B6B-9B40-27D3A07CC125}\RP113\A0004695.dll -> Adware.Softomate : Ignored. C:\System Volume Information\_restore{26FBF7D6-90BD-4B6B-9B40-27D3A07CC125}\RP113\A0004696.exe -> Adware.Softomate : Ignored. C:\System Volume Information\_restore{26FBF7D6-90BD-4B6B-9B40-27D3A07CC125}\RP113\A0004697.dll -> Adware.Softomate : Ignored. C:\System Volume Information\_restore{26FBF7D6-90BD-4B6B-9B40-27D3A07CC125}\RP113\A0004698.exe -> Adware.Softomate : Ignored. C:\System Volume Information\_restore{26FBF7D6-90BD-4B6B-9B40-27D3A07CC125}\RP113\A0004699.dll -> Adware.Softomate : Ignored. C:\System Volume Information\_restore{26FBF7D6-90BD-4B6B-9B40-27D3A07CC125}\RP113\A0004700.exe -> Adware.Softomate : Ignored. C:\System Volume Information\_restore{26FBF7D6-90BD-4B6B-9B40-27D3A07CC125}\RP113\A0004701.dll -> Adware.Softomate : Ignored. C:\System Volume Information\_restore{26FBF7D6-90BD-4B6B-9B40-27D3A07CC125}\RP113\A0004702.exe -> Adware.Softomate : Ignored. C:\System Volume Information\_restore{26FBF7D6-90BD-4B6B-9B40-27D3A07CC125}\RP113\A0004703.dll -> Adware.Softomate : Ignored. C:\System Volume Information\_restore{26FBF7D6-90BD-4B6B-9B40-27D3A07CC125}\RP113\A0004704.exe -> Adware.Softomate : Ignored. C:\System Volume Information\_restore{26FBF7D6-90BD-4B6B-9B40-27D3A07CC125}\RP113\A0004705.dll -> Adware.Softomate : Ignored. C:\System Volume Information\_restore{26FBF7D6-90BD-4B6B-9B40-27D3A07CC125}\RP113\A0004706.exe -> Adware.Softomate : Ignored. C:\System Volume Information\_restore{26FBF7D6-90BD-4B6B-9B40-27D3A07CC125}\RP113\A0004707.dll -> Adware.Softomate : Ignored. C:\System Volume Information\_restore{26FBF7D6-90BD-4B6B-9B40-27D3A07CC125}\RP113\A0004708.exe -> Adware.Softomate : Ignored. C:\System Volume Information\_restore{26FBF7D6-90BD-4B6B-9B40-27D3A07CC125}\RP113\A0004709.dll -> Adware.Softomate : Ignored. C:\System Volume Information\_restore{26FBF7D6-90BD-4B6B-9B40-27D3A07CC125}\RP113\A0004710.exe -> Adware.Softomate : Ignored. C:\System Volume Information\_restore{26FBF7D6-90BD-4B6B-9B40-27D3A07CC125}\RP113\A0004711.dll -> Adware.Softomate : Ignored. C:\System Volume Information\_restore{26FBF7D6-90BD-4B6B-9B40-27D3A07CC125}\RP113\A0004712.exe -> Adware.Softomate : Ignored. C:\System Volume Information\_restore{26FBF7D6-90BD-4B6B-9B40-27D3A07CC125}\RP113\A0004713.dll -> Adware.Softomate : Ignored. C:\System Volume Information\_restore{26FBF7D6-90BD-4B6B-9B40-27D3A07CC125}\RP113\A0004714.exe -> Adware.Softomate : Ignored. C:\System Volume Information\_restore{26FBF7D6-90BD-4B6B-9B40-27D3A07CC125}\RP113\A0004715.dll -> Adware.Softomate : Ignored. C:\System Volume Information\_restore{26FBF7D6-90BD-4B6B-9B40-27D3A07CC125}\RP113\A0004716.exe -> Adware.Softomate : Ignored. C:\System Volume Information\_restore{26FBF7D6-90BD-4B6B-9B40-27D3A07CC125}\RP113\A0004717.dll -> Adware.Softomate : Ignored. C:\System Volume Information\_restore{26FBF7D6-90BD-4B6B-9B40-27D3A07CC125}\RP113\A0004718.exe -> Adware.Softomate : Ignored. C:\System Volume Information\_restore{26FBF7D6-90BD-4B6B-9B40-27D3A07CC125}\RP113\A0004719.dll -> Adware.Softomate : Ignored. C:\System Volume Information\_restore{26FBF7D6-90BD-4B6B-9B40-27D3A07CC125}\RP113\A0004720.exe -> Adware.Softomate : Ignored. C:\System Volume Information\_restore{26FBF7D6-90BD-4B6B-9B40-27D3A07CC125}\RP113\A0004721.dll -> Adware.Softomate : Ignored. C:\System Volume Information\_restore{26FBF7D6-90BD-4B6B-9B40-27D3A07CC125}\RP113\A0004722.exe -> Adware.Softomate : Ignored. C:\System Volume Information\_restore{26FBF7D6-90BD-4B6B-9B40-27D3A07CC125}\RP113\A0004723.dll -> Adware.Softomate : Ignored. C:\System Volume Information\_restore{26FBF7D6-90BD-4B6B-9B40-27D3A07CC125}\RP113\A0004724.exe -> Adware.Softomate : Ignored. C:\System Volume Information\_restore{26FBF7D6-90BD-4B6B-9B40-27D3A07CC125}\RP113\A0004725.dll -> Adware.Softomate : Ignored. C:\System Volume Information\_restore{26FBF7D6-90BD-4B6B-9B40-27D3A07CC125}\RP113\A0004726.exe -> Adware.Softomate : Ignored. C:\System Volume Information\_restore{26FBF7D6-90BD-4B6B-9B40-27D3A07CC125}\RP113\A0004727.dll -> Adware.Softomate : Ignored. C:\System Volume Information\_restore{26FBF7D6-90BD-4B6B-9B40-27D3A07CC125}\RP113\A0004728.exe -> Adware.Softomate : Ignored. C:\System Volume Information\_restore{26FBF7D6-90BD-4B6B-9B40-27D3A07CC125}\RP113\A0004729.dll -> Adware.Softomate : Ignored. C:\System Volume Information\_restore{26FBF7D6-90BD-4B6B-9B40-27D3A07CC125}\RP113\A0004730.exe -> Adware.Softomate : Ignored. C:\System Volume Information\_restore{26FBF7D6-90BD-4B6B-9B40-27D3A07CC125}\RP113\A0004731.dll -> Adware.Softomate : Ignored. C:\System Volume Information\_restore{26FBF7D6-90BD-4B6B-9B40-27D3A07CC125}\RP113\A0004732.exe -> Adware.Softomate : Ignored. C:\System Volume Information\_restore{26FBF7D6-90BD-4B6B-9B40-27D3A07CC125}\RP113\A0004733.dll -> Adware.Softomate : Ignored. C:\System Volume Information\_restore{26FBF7D6-90BD-4B6B-9B40-27D3A07CC125}\RP113\A0004734.exe -> Adware.Softomate : Ignored. C:\System Volume Information\_restore{26FBF7D6-90BD-4B6B-9B40-27D3A07CC125}\RP113\A0004735.dll -> Adware.Softomate : Ignored. C:\System Volume Information\_restore{26FBF7D6-90BD-4B6B-9B40-27D3A07CC125}\RP113\A0004736.exe -> Adware.Softomate : Ignored. C:\System Volume Information\_restore{26FBF7D6-90BD-4B6B-9B40-27D3A07CC125}\RP113\A0004737.dll -> Adware.Softomate : Ignored. C:\System Volume Information\_restore{26FBF7D6-90BD-4B6B-9B40-27D3A07CC125}\RP113\A0004738.exe -> Adware.Softomate : Ignored. C:\System Volume Information\_restore{26FBF7D6-90BD-4B6B-9B40-27D3A07CC125}\RP113\A0004739.dll -> Adware.Softomate : Ignored. C:\System Volume Information\_restore{26FBF7D6-90BD-4B6B-9B40-27D3A07CC125}\RP113\A0004740.exe -> Adware.Softomate : Ignored. C:\System Volume Information\_restore{26FBF7D6-90BD-4B6B-9B40-27D3A07CC125}\RP113\A0004741.dll -> Adware.Softomate : Ignored. C:\System Volume Information\_restore{26FBF7D6-90BD-4B6B-9B40-27D3A07CC125}\RP113\A0004742.exe -> Adware.Softomate : Ignored. C:\System Volume Information\_restore{26FBF7D6-90BD-4B6B-9B40-27D3A07CC125}\RP113\A0004743.dll -> Adware.Softomate : Ignored. C:\System Volume Information\_restore{26FBF7D6-90BD-4B6B-9B40-27D3A07CC125}\RP113\A0004744.exe -> Adware.Softomate : Ignored. C:\System Volume Information\_restore{26FBF7D6-90BD-4B6B-9B40-27D3A07CC125}\RP113\A0004745.dll -> Adware.Softomate : Ignored. C:\System Volume Information\_restore{26FBF7D6-90BD-4B6B-9B40-27D3A07CC125}\RP113\A0004746.exe -> Adware.Softomate : Ignored. C:\System Volume Information\_restore{26FBF7D6-90BD-4B6B-9B40-27D3A07CC125}\RP113\A0004747.dll -> Adware.Softomate : Ignored. C:\System Volume Information\_restore{26FBF7D6-90BD-4B6B-9B40-27D3A07CC125}\RP113\A0004748.exe -> Adware.Softomate : Ignored. C:\System Volume Information\_restore{26FBF7D6-90BD-4B6B-9B40-27D3A07CC125}\RP113\A0004749.dll -> Adware.Softomate : Ignored. C:\System Volume Information\_restore{26FBF7D6-90BD-4B6B-9B40-27D3A07CC125}\RP113\A0004750.exe -> Adware.Softomate : Ignored. C:\System Volume Information\_restore{26FBF7D6-90BD-4B6B-9B40-27D3A07CC125}\RP113\A0004751.dll -> Adware.Softomate : Ignored. C:\System Volume Information\_restore{26FBF7D6-90BD-4B6B-9B40-27D3A07CC125}\RP113\A0004752.exe -> Adware.Softomate : Ignored. C:\System Volume Information\_restore{26FBF7D6-90BD-4B6B-9B40-27D3A07CC125}\RP113\A0004753.dll -> Adware.Softomate : Ignored. C:\System Volume Information\_restore{26FBF7D6-90BD-4B6B-9B40-27D3A07CC125}\RP113\A0004754.exe -> Adware.Softomate : Ignored. C:\System Volume Information\_restore{26FBF7D6-90BD-4B6B-9B40-27D3A07CC125}\RP113\A0004755.dll -> Adware.Softomate : Ignored. C:\System Volume Information\_restore{26FBF7D6-90BD-4B6B-9B40-27D3A07CC125}\RP113\A0004756.exe -> Adware.Softomate : Ignored. C:\System Volume Information\_restore{26FBF7D6-90BD-4B6B-9B40-27D3A07CC125}\RP113\A0004757.dll -> Adware.Softomate : Ignored. C:\System Volume Information\_restore{26FBF7D6-90BD-4B6B-9B40-27D3A07CC125}\RP113\A0004758.exe -> Adware.Softomate : Ignored. C:\System Volume Information\_restore{26FBF7D6-90BD-4B6B-9B40-27D3A07CC125}\RP113\A0004759.dll -> Adware.Softomate : Ignored. C:\System Volume Information\_restore{26FBF7D6-90BD-4B6B-9B40-27D3A07CC125}\RP113\A0004760.exe -> Adware.Softomate : Ignored. C:\System Volume Information\_restore{26FBF7D6-90BD-4B6B-9B40-27D3A07CC125}\RP113\A0004761.dll -> Adware.Softomate : Ignored. C:\System Volume Information\_restore{26FBF7D6-90BD-4B6B-9B40-27D3A07CC125}\RP113\A0004762.exe -> Adware.Softomate : Ignored. C:\System Volume Information\_restore{26FBF7D6-90BD-4B6B-9B40-27D3A07CC125}\RP113\A0004763.dll -> Adware.Softomate : Ignored. C:\System Volume Information\_restore{26FBF7D6-90BD-4B6B-9B40-27D3A07CC125}\RP113\A0004764.exe -> Adware.Softomate : Ignored. C:\System Volume Information\_restore{26FBF7D6-90BD-4B6B-9B40-27D3A07CC125}\RP113\A0004765.dll -> Adware.Softomate : Ignored. C:\System Volume Information\_restore{26FBF7D6-90BD-4B6B-9B40-27D3A07CC125}\RP113\A0004766.exe -> Adware.Softomate : Ignored. C:\System Volume Information\_restore{26FBF7D6-90BD-4B6B-9B40-27D3A07CC125}\RP113\A0004767.dll -> Adware.Softomate : Ignored. C:\System Volume Information\_restore{26FBF7D6-90BD-4B6B-9B40-27D3A07CC125}\RP113\A0004768.exe -> Adware.Softomate : Ignored. C:\System Volume Information\_restore{26FBF7D6-90BD-4B6B-9B40-27D3A07CC125}\RP113\A0004769.dll -> Adware.Softomate : Ignored. C:\System Volume Information\_restore{26FBF7D6-90BD-4B6B-9B40-27D3A07CC125}\RP113\A0004770.exe -> Adware.Softomate : Ignored. C:\System Volume Information\_restore{26FBF7D6-90BD-4B6B-9B40-27D3A07CC125}\RP113\A0004771.dll -> Adware.Softomate : Ignored. C:\System Volume Information\_restore{26FBF7D6-90BD-4B6B-9B40-27D3A07CC125}\RP113\A0004772.exe -> Adware.Softomate : Ignored. C:\System Volume Information\_restore{26FBF7D6-90BD-4B6B-9B40-27D3A07CC125}\RP114\A0004795.dll -> Adware.Softomate : Ignored. C:\System Volume Information\_restore{26FBF7D6-90BD-4B6B-9B40-27D3A07CC125}\RP114\A0004796.exe -> Adware.Softomate : Ignored. C:\System Volume Information\_restore{26FBF7D6-90BD-4B6B-9B40-27D3A07CC125}\RP114\A0004807.dll -> Adware.Softomate : Ignored. C:\System Volume Information\_restore{26FBF7D6-90BD-4B6B-9B40-27D3A07CC125}\RP114\A0004808.exe -> Adware.Softomate : Ignored. C:\System Volume Information\_restore{26FBF7D6-90BD-4B6B-9B40-27D3A07CC125}\RP114\A0004809.dll -> Adware.Softomate : Ignored. C:\System Volume Information\_restore{26FBF7D6-90BD-4B6B-9B40-27D3A07CC125}\RP114\A0004810.exe -> Adware.Softomate : Ignored. C:\System Volume Information\_restore{26FBF7D6-90BD-4B6B-9B40-27D3A07CC125}\RP114\A0004811.dll -> Adware.Softomate : Ignored. C:\System Volume Information\_restore{26FBF7D6-90BD-4B6B-9B40-27D3A07CC125}\RP114\A0004812.exe -> Adware.Softomate : Ignored. C:\System Volume Information\_restore{26FBF7D6-90BD-4B6B-9B40-27D3A07CC125}\RP114\A0004813.dll -> Adware.Softomate : Ignored. C:\System Volume Information\_restore{26FBF7D6-90BD-4B6B-9B40-27D3A07CC125}\RP114\A0004814.exe -> Adware.Softomate : Ignored. C:\System Volume Information\_restore{26FBF7D6-90BD-4B6B-9B40-27D3A07CC125}\RP114\A0004815.dll -> Adware.Softomate : Ignored. C:\System Volume Information\_restore{26FBF7D6-90BD-4B6B-9B40-27D3A07CC125}\RP114\A0004816.dll -> Adware.Softomate : Ignored. C:\System Volume Information\_restore{26FBF7D6-90BD-4B6B-9B40-27D3A07CC125}\RP114\A0004817.exe -> Adware.Softomate : Ignored. C:\System Volume Information\_restore{26FBF7D6-90BD-4B6B-9B40-27D3A07CC125}\RP114\A0004818.dll -> Adware.Softomate : Ignored. C:\System Volume Information\_restore{26FBF7D6-90BD-4B6B-9B40-27D3A07CC125}\RP114\A0004819.exe -> Adware.Softomate : Ignored. C:\System Volume Information\_restore{26FBF7D6-90BD-4B6B-9B40-27D3A07CC125}\RP114\A0004820.dll -> Adware.Softomate : Ignored. C:\System Volume Information\_restore{26FBF7D6-90BD-4B6B-9B40-27D3A07CC125}\RP114\A0004821.exe -> Adware.Softomate : Ignored. C:\System Volume Information\_restore{26FBF7D6-90BD-4B6B-9B40-27D3A07CC125}\RP114\A0004822.dll -> Adware.Softomate : Ignored. C:\System Volume Information\_restore{26FBF7D6-90BD-4B6B-9B40-27D3A07CC125}\RP114\A0004823.exe -> Adware.Softomate : Ignored. C:\System Volume Information\_restore{26FBF7D6-90BD-4B6B-9B40-27D3A07CC125}\RP114\A0004824.dll -> Adware.Softomate : Ignored. C:\System Volume Information\_restore{26FBF7D6-90BD-4B6B-9B40-27D3A07CC125}\RP114\A0004825.exe -> Adware.Softomate : Ignored. C:\System Volume Information\_restore{26FBF7D6-90BD-4B6B-9B40-27D3A07CC125}\RP114\A0004826.dll -> Adware.Softomate : Ignored. C:\System Volume Information\_restore{26FBF7D6-90BD-4B6B-9B40-27D3A07CC125}\RP114\A0004827.exe -> Adware.Softomate : Ignored. C:\System Volume Information\_restore{26FBF7D6-90BD-4B6B-9B40-27D3A07CC125}\RP114\A0004828.dll -> Adware.Softomate : Ignored. C:\System Volume Information\_restore{26FBF7D6-90BD-4B6B-9B40-27D3A07CC125}\RP114\A0004829.exe -> Adware.Softomate : Ignored. C:\System Volume Information\_restore{26FBF7D6-90BD-4B6B-9B40-27D3A07CC125}\RP114\A0004830.dll -> Adware.Softomate : Ignored. C:\System Volume Information\_restore{26FBF7D6-90BD-4B6B-9B40-27D3A07CC125}\RP114\A0004831.exe -> Adware.Softomate : Ignored. C:\System Volume Information\_restore{26FBF7D6-90BD-4B6B-9B40-27D3A07CC125}\RP114\A0004832.dll -> Adware.Softomate : Ignored. C:\System Volume Information\_restore{26FBF7D6-90BD-4B6B-9B40-27D3A07CC125}\RP114\A0004833.exe -> Adware.Softomate : Ignored. C:\System Volume Information\_restore{26FBF7D6-90BD-4B6B-9B40-27D3A07CC125}\RP114\A0004834.dll -> Adware.Softomate : Ignored. C:\System Volume Information\_restore{26FBF7D6-90BD-4B6B-9B40-27D3A07CC125}\RP114\A0004835.exe -> Adware.Softomate : Ignored. C:\System Volume Information\_restore{26FBF7D6-90BD-4B6B-9B40-27D3A07CC125}\RP114\A0004836.dll -> Adware.Softomate : Ignored. C:\System Volume Information\_restore{26FBF7D6-90BD-4B6B-9B40-27D3A07CC125}\RP114\A0004837.exe -> Adware.Softomate : Ignored. C:\System Volume Information\_restore{26FBF7D6-90BD-4B6B-9B40-27D3A07CC125}\RP114\A0004838.dll -> Adware.Softomate : Ignored. C:\System Volume Information\_restore{26FBF7D6-90BD-4B6B-9B40-27D3A07CC125}\RP114\A0004839.exe -> Adware.Softomate : Ignored. C:\System Volume Information\_restore{26FBF7D6-90BD-4B6B-9B40-27D3A07CC125}\RP114\A0004840.dll -> Adware.Softomate : Ignored. C:\System Volume Information\_restore{26FBF7D6-90BD-4B6B-9B40-27D3A07CC125}\RP114\A0004841.exe -> Adware.Softomate : Ignored. C:\System Volume Information\_restore{26FBF7D6-90BD-4B6B-9B40-27D3A07CC125}\RP114\A0004842.dll -> Adware.Softomate : Ignored. C:\System Volume Information\_restore{26FBF7D6-90BD-4B6B-9B40-27D3A07CC125}\RP114\A0004843.exe -> Adware.Softomate : Ignored. C:\System Volume Information\_restore{26FBF7D6-90BD-4B6B-9B40-27D3A07CC125}\RP114\A0004844.dll -> Adware.Softomate : Ignored. C:\System Volume Information\_restore{26FBF7D6-90BD-4B6B-9B40-27D3A07CC125}\RP114\A0004845.exe -> Adware.Softomate : Ignored. C:\System Volume Information\_restore{26FBF7D6-90BD-4B6B-9B40-27D3A07CC125}\RP114\A0004846.dll -> Adware.Softomate : Ignored. C:\System Volume Information\_restore{26FBF7D6-90BD-4B6B-9B40-27D3A07CC125}\RP114\A0004847.exe -> Adware.Softomate : Ignored. C:\System Volume Information\_restore{26FBF7D6-90BD-4B6B-9B40-27D3A07CC125}\RP114\A0004848.dll -> Adware.Softomate : Ignored. C:\System Volume Information\_restore{26FBF7D6-90BD-4B6B-9B40-27D3A07CC125}\RP114\A0004849.exe -> Adware.Softomate : Ignored. C:\System Volume Information\_restore{26FBF7D6-90BD-4B6B-9B40-27D3A07CC125}\RP114\A0004850.dll -> Adware.Softomate : Ignored. C:\System Volume Information\_restore{26FBF7D6-90BD-4B6B-9B40-27D3A07CC125}\RP114\A0004851.exe -> Adware.Softomate : Ignored. C:\System Volume Information\_restore{26FBF7D6-90BD-4B6B-9B40-27D3A07CC125}\RP114\A0004852.dll -> Adware.Softomate : Ignored. C:\System Volume Information\_restore{26FBF7D6-90BD-4B6B-9B40-27D3A07CC125}\RP114\A0004853.exe -> Adware.Softomate : Ignored. C:\System Volume Information\_restore{26FBF7D6-90BD-4B6B-9B40-27D3A07CC125}\RP114\A0004854.dll -> Adware.Softomate : Ignored. C:\System Volume Information\_restore{26FBF7D6-90BD-4B6B-9B40-27D3A07CC125}\RP114\A0004855.exe -> Adware.Softomate : Ignored. C:\System Volume Information\_restore{26FBF7D6-90BD-4B6B-9B40-27D3A07CC125}\RP114\A0004856.dll -> Adware.Softomate : Ignored. C:\System Volume Information\_restore{26FBF7D6-90BD-4B6B-9B40-27D3A07CC125}\RP114\A0004857.exe -> Adware.Softomate : Ignored. C:\System Volume Information\_restore{26FBF7D6-90BD-4B6B-9B40-27D3A07CC125}\RP114\A0004858.dll -> Adware.Softomate : Ignored. C:\System Volume Information\_restore{26FBF7D6-90BD-4B6B-9B40-27D3A07CC125}\RP114\A0004859.exe -> Adware.Softomate : Ignored. C:\System Volume Information\_restore{26FBF7D6-90BD-4B6B-9B40-27D3A07CC125}\RP114\A0004860.dll -> Adware.Softomate : Ignored. C:\System Volume Information\_restore{26FBF7D6-90BD-4B6B-9B40-27D3A07CC125}\RP114\A0004861.exe -> Adware.Softomate : Ignored. C:\System Volume Information\_restore{26FBF7D6-90BD-4B6B-9B40-27D3A07CC125}\RP114\A0004862.dll -> Adware.Softomate : Ignored. C:\System Volume Information\_restore{26FBF7D6-90BD-4B6B-9B40-27D3A07CC125}\RP114\A0004863.exe -> Adware.Softomate : Ignored. C:\System Volume Information\_restore{26FBF7D6-90BD-4B6B-9B40-27D3A07CC125}\RP114\A0004864.dll -> Adware.Softomate : Ignored. C:\System Volume Information\_restore{26FBF7D6-90BD-4B6B-9B40-27D3A07CC125}\RP114\A0004865.exe -> Adware.Softomate : Ignored. C:\System Volume Information\_restore{26FBF7D6-90BD-4B6B-9B40-27D3A07CC125}\RP114\A0004866.dll -> Adware.Softomate : Ignored. C:\System Volume Information\_restore{26FBF7D6-90BD-4B6B-9B40-27D3A07CC125}\RP114\A0004867.exe -> Adware.Softomate : Ignored. C:\System Volume Information\_restore{26FBF7D6-90BD-4B6B-9B40-27D3A07CC125}\RP114\A0004868.dll -> Adware.Softomate : Ignored. C:\System Volume Information\_restore{26FBF7D6-90BD-4B6B-9B40-27D3A07CC125}\RP114\A0004869.exe -> Adware.Softomate : Ignored. C:\System Volume Information\_restore{26FBF7D6-90BD-4B6B-9B40-27D3A07CC125}\RP114\A0004887.dll -> Adware.Softomate : Ignored. C:\System Volume Information\_restore{26FBF7D6-90BD-4B6B-9B40-27D3A07CC125}\RP114\A0004895.dll -> Adware.Softomate : Ignored. C:\System Volume Information\_restore{26FBF7D6-90BD-4B6B-9B40-27D3A07CC125}\RP114\A0004896.exe -> Adware.Softomate : Ignored. C:\System Volume Information\_restore{26FBF7D6-90BD-4B6B-9B40-27D3A07CC125}\RP114\A0004897.dll -> Adware.Softomate : Ignored. C:\System Volume Information\_restore{26FBF7D6-90BD-4B6B-9B40-27D3A07CC125}\RP114\A0004898.exe -> Adware.Softomate : Ignored. C:\System Volume Information\_restore{26FBF7D6-90BD-4B6B-9B40-27D3A07CC125}\RP114\A0004899.dll -> Adware.Softomate : Ignored. C:\System Volume Information\_restore{26FBF7D6-90BD-4B6B-9B40-27D3A07CC125}\RP114\A0004900.exe -> Adware.Softomate : Ignored. C:\System Volume Information\_restore{26FBF7D6-90BD-4B6B-9B40-27D3A07CC125}\RP114\A0004901.dll -> Adware.Softomate : Ignored. C:\System Volume Information\_restore{26FBF7D6-90BD-4B6B-9B40-27D3A07CC125}\RP114\A0004902.exe -> Adware.Softomate : Ignored. C:\System Volume Information\_restore{26FBF7D6-90BD-4B6B-9B40-27D3A07CC125}\RP114\A0004907.dll -> Adware.Softomate : Ignored. C:\System Volume Information\_restore{26FBF7D6-90BD-4B6B-9B40-27D3A07CC125}\RP114\A0004908.exe -> Adware.Softomate : Ignored. C:\System Volume Information\_restore{26FBF7D6-90BD-4B6B-9B40-27D3A07CC125}\RP114\A0004909.dll -> Adware.Softomate : Ignored. C:\System Volume Information\_restore{26FBF7D6-90BD-4B6B-9B40-27D3A07CC125}\RP114\A0004910.exe -> Adware.Softomate : Ignored. C:\System Volume Information\_restore{26FBF7D6-90BD-4B6B-9B40-27D3A07CC125}\RP121\A0011112.exe -> Adware.Softomate : Ignored. HKU\S-1-5-21-3323540555-271867008-3276457838-1005\Software\ToolBar -> Adware.WebSearch : Ignored. HKU\S-1-5-21-3323540555-271867008-3276457838-1005\Software\ToolBar\all -> Adware.WebSearch : Ignored. HKU\S-1-5-21-3323540555-271867008-3276457838-1005\Software\ToolBar\all\History -> Adware.WebSearch : Ignored. C:\System Volume Information\_restore{26FBF7D6-90BD-4B6B-9B40-27D3A07CC125}\RP121\A0011065.sys -> Adware.WinAntiVirus : Ignored. C:\System Volume Information\_restore{26FBF7D6-90BD-4B6B-9B40-27D3A07CC125}\RP121\A0011066.dll -> Adware.WinAntiVirus : Ignored. C:\System Volume Information\_restore{26FBF7D6-90BD-4B6B-9B40-27D3A07CC125}\RP121\A0011067.exe -> Adware.WinAntiVirus : Ignored. C:\System Volume Information\_restore{26FBF7D6-90BD-4B6B-9B40-27D3A07CC125}\RP121\A0011069.dll -> Adware.WinAntiVirus : Ignored. C:\System Volume Information\_restore{26FBF7D6-90BD-4B6B-9B40-27D3A07CC125}\RP121\A0011072.dll -> Adware.WinAntiVirus : Ignored. C:\System Volume Information\_restore{26FBF7D6-90BD-4B6B-9B40-27D3A07CC125}\RP121\A0011073.cpl -> Adware.WinAntiVirus : Ignored. C:\System Volume Information\_restore{26FBF7D6-90BD-4B6B-9B40-27D3A07CC125}\RP121\A0011076.exe -> Adware.WinAntiVirus : Ignored. C:\System Volume Information\_restore{26FBF7D6-90BD-4B6B-9B40-27D3A07CC125}\RP121\A0011077.exe -> Adware.WinAntiVirus : Ignored. C:\System Volume Information\_restore{26FBF7D6-90BD-4B6B-9B40-27D3A07CC125}\RP121\A0011079.exe -> Adware.WinAntiVirus : Ignored. C:\System Volume Information\_restore{26FBF7D6-90BD-4B6B-9B40-27D3A07CC125}\RP121\A0011080.exe -> Adware.WinAntiVirus : Ignored. C:\System Volume Information\_restore{26FBF7D6-90BD-4B6B-9B40-27D3A07CC125}\RP121\A0011081.exe -> Adware.WinAntiVirus : Ignored. C:\System Volume Information\_restore{26FBF7D6-90BD-4B6B-9B40-27D3A07CC125}\RP121\A0011086.sys -> Adware.WinAntiVirus : Ignored. C:\System Volume Information\_restore{26FBF7D6-90BD-4B6B-9B40-27D3A07CC125}\RP121\A0011113.dll -> Adware.WinAntiVirus : Ignored. C:\System Volume Information\_restore{26FBF7D6-90BD-4B6B-9B40-27D3A07CC125}\RP121\A0011115.dll -> Adware.WinAntiVirus : Ignored. C:\System Volume Information\_restore{26FBF7D6-90BD-4B6B-9B40-27D3A07CC125}\RP121\A0011116.dll -> Adware.WinAntiVirus : Ignored. C:\System Volume Information\_restore{26FBF7D6-90BD-4B6B-9B40-27D3A07CC125}\RP121\A0011117.dll -> Adware.WinAntiVirus : Ignored. C:\System Volume Information\_restore{26FBF7D6-90BD-4B6B-9B40-27D3A07CC125}\RP121\A0011118.dll -> Adware.WinAntiVirus : Ignored. HKLM\SYSTEM\CurrentControlSet\Services\vspf -> Adware.WinAntiVirus : Ignored. HKLM\SYSTEM\CurrentControlSet\Services\vspf\Enum -> Adware.WinAntiVirus : Ignored. HKLM\SYSTEM\CurrentControlSet\Services\vspf\Security -> Adware.WinAntiVirus : Ignored. HKLM\SYSTEM\CurrentControlSet\Services\vspf_hk -> Adware.WinAntiVirus : Ignored. HKLM\SYSTEM\CurrentControlSet\Services\vspf_hk\Enum -> Adware.WinAntiVirus : Ignored. HKLM\SYSTEM\CurrentControlSet\Services\vspf_hk\Security -> Adware.WinAntiVirus : Ignored. C:\Programmer\MSN Messenger\msnmsgr.exe -> Backdoor.MSNMaker.ab : Ignored. C:\Documents and Settings\HAGEN SERVICE 3\install.exe -> Downloader.Agent.bca : Ignored. C:\Documents and Settings\HAGEN SERVICE 3\mi.exe -> Downloader.Agent.bca : Ignored. C:\System Volume Information\_restore{26FBF7D6-90BD-4B6B-9B40-27D3A07CC125}\RP113\A0004571.exe -> Downloader.Agent.bca : Ignored. C:\System Volume Information\_restore{26FBF7D6-90BD-4B6B-9B40-27D3A07CC125}\RP114\A0004804.exe -> Downloader.Agent.bca : Ignored. C:\System Volume Information\_restore{26FBF7D6-90BD-4B6B-9B40-27D3A07CC125}\RP114\A0004886.exe -> Downloader.Agent.bca : Ignored. C:\WINDOWS\F#959;nts\rundll32.exe -> Downloader.PurityScan.dr : Ignored. C:\WINDOWS\F#959;nts\F#959;nts\!update-4300.0000 -> Downloader.PurityScan.dx : Ignored. C:\System Volume Information\_restore{26FBF7D6-90BD-4B6B-9B40-27D3A07CC125}\RP114\A0004893.exe -> Downloader.Small.ctf : Ignored. C:\xfeq.exe -> Downloader.Small.ctf : Ignored. C:\Documents and Settings\HAGEN SERVICE 3\tel.exe -> Downloader.Small.ebj : Ignored. C:\System Volume Information\_restore{26FBF7D6-90BD-4B6B-9B40-27D3A07CC125}\RP121\A0011106.dll -> Downloader.Small.ece : Ignored. C:\System Volume Information\_restore{26FBF7D6-90BD-4B6B-9B40-27D3A07CC125}\RP121\A0011104.exe -> Dropper.DollarR.b : Ignored. C:\Programmer\Fælles filer\Yazzle1122OinAdmin.exe -> Dropper.Small : Ignored. C:\Documents and Settings\HAGEN SERVICE 3\Skrivebord\ww.exe -> Hijacker.Agent.bt : Ignored. C:\Documents and Settings\HAGEN SERVICE 3\ww.exe -> Hijacker.Agent.bt : Ignored. C:\System Volume Information\_restore{26FBF7D6-90BD-4B6B-9B40-27D3A07CC125}\RP114\A0004805.exe -> Hijacker.Agent.bt : Ignored. C:\WINDOWS\system32\install.exe -> Hijacker.Costrat.z : Ignored. C:\WINDOWS\Downloaded Program Files\UDC6K_0001_D19M0109NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.m : Ignored. C:\WINDOWS\Downloaded Program Files\CONFLICT.1\UERSK_0001_N91M2407NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Ignored. C:\WINDOWS\Downloaded Program Files\UERSK_0001_N91M2407NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Ignored. C:\WINDOWS\Downloaded Program Files\UWA6PK_0001_N91M2107NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Ignored. C:\System Volume Information\_restore{26FBF7D6-90BD-4B6B-9B40-27D3A07CC125}\RP114\A0004889.exe -> Trojan.ProcKill.DJ : Ignored. C:\System Volume Information\_restore{26FBF7D6-90BD-4B6B-9B40-27D3A07CC125}\RP114\A0004890.exe -> Trojan.ProcKill.DJ : Ignored. C:\System Volume Information\_restore{26FBF7D6-90BD-4B6B-9B40-27D3A07CC125}\RP114\A0004891.exe -> Trojan.ProcKill.DJ : Ignored. C:\System Volume Information\_restore{26FBF7D6-90BD-4B6B-9B40-27D3A07CC125}\RP114\A0004892.exe -> Trojan.ProcKill.DJ : Ignored. C:\gcue.exe -> Trojan.ProcKill.DJ : Ignored. C:\lwqojwt.exe -> Trojan.ProcKill.DJ : Ignored. C:\namn.exe -> Trojan.ProcKill.DJ : Ignored. C:\qoiy.exe -> Trojan.ProcKill.DJ : Ignored. C:\System Volume Information\_restore{26FBF7D6-90BD-4B6B-9B40-27D3A07CC125}\RP114\A0004927.dll -> Trojan.Sinowal.bh : Ignored. C:\System Volume Information\_restore{26FBF7D6-90BD-4B6B-9B40-27D3A07CC125}\RP114\A0004928.dll -> Trojan.Sinowal.bh : Ignored. C:\System Volume Information\_restore{26FBF7D6-90BD-4B6B-9B40-27D3A07CC125}\RP114\A0004929.exe -> Trojan.Sinowal.bh : Ignored. C:\System Volume Information\_restore{26FBF7D6-90BD-4B6B-9B40-27D3A07CC125}\RP114\A0004926.exe -> Trojan.Small : Ignored. C:\System Volume Information\_restore{26FBF7D6-90BD-4B6B-9B40-27D3A07CC125}\RP115\A0004958.exe -> Trojan.Small : Ignored. C:\System Volume Information\_restore{26FBF7D6-90BD-4B6B-9B40-27D3A07CC125}\RP121\A0011126.exe -> Trojan.Small : Ignored. C:\Documents and Settings\HAGEN SERVICE 3\qsetup.exe -> Worm.VB.ar : Ignored. C:\WINDOWS\system32\qsetup.exe -> Worm.VB.ar : Ignored. ::Report end ______________________________ /Morten
[ Ignorer ] [ # 1 ] Ejvindh
18.12.2006 23:41:57 Redaktør Team Spywarefri Antal indlæg: 6048	Prøv at følge denne vejledning, og læg de nævnte logs herind: http://www.spywarefri.dk/forum/topic.asp?TOPIC_ID=29791 Bemærk at hvor vejledningen henviser til Ewido, skal du bare bruge AVG-Antispyware. Denne gang skal du dog (modsat sidst du kørte den) give AVG-AS lov til at fixe det, den finder.
[ Ignorer ] [ # 2 ] morten60
20.12.2006 17:57:02 Antal indlæg: 12	hej igen! Så er jeg færdig med vejledningen. Min com går i øvrigt konstant ned med en blå skærm nu - noget med run-dll bla bla. Her er de 4 nye logs: hijackthis: Logfile of HijackThis v1.99.1 Scan saved at 15:46:54, on 20-12-2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\savedump.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\wltrysvc.exe C:\WINDOWS\System32\bcmwltry.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Programmer\Synaptics\SynTP\SynTPEnh.exe C:\Programmer\Java\j2re1.4.2_03\bin\jusched.exe C:\WINDOWS\stsystra.exe C:\WINDOWS\system32\WLTRAY.exe C:\Programmer\r\CyberLink\PowerDVD\DVDLauncher.exe C:\Programmer\Fælles filer\InstallShield\UpdateService\issch.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\Programmer\Winamp\winampa.exe C:\Programmer\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\Programmer\??mbols\w?crtupd.exe C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Programmer\Sun\StarOffice 8\program\soffice.exe C:\WINDOWS\system32\igfxsrvc.exe C:\Programmer\Sun\StarOffice 8\program\soffice.BIN C:\Programmer\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\Programmer\Dell\NICCONFIGSVC\NICCONFIGSVC.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\FNTS~1\rundll32.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\Documents and Settings\HAGEN SERVICE 3\Skrivebord\spywarefri\alternativ.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://signon.stofanet.dk/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www1.euro.dell.com/content/default.aspx?c=de&l=de&s=gen R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www1.euro.dell.com/content/default.aspx?c=de&l=de&s=gen R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks R3 - URLSearchHook: (no name) - {88E1197E-DD9F-F039-9EFD-86FA38DA6D96} - C:\WINDOWS\system32\rtjzahvj.dll (file missing) O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {88E1197E-DD9F-F039-9EFD-86FA38DA6D96} - C:\WINDOWS\system32\rtjzahvj.dll (file missing) O2 - BHO: (no name) - {C1B4DEC2-2623-438e-9CA2-C9043AB28508} - (no file) O3 - Toolbar: (no name) - {C1B4DEC2-2623-438e-9CA2-C9043AB28508} - (no file) O4 - HKLM\..\Run: [SynTPEnh] C:\Programmer\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmer\Java\j2re1.4.2_03\bin\jusched.exe O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe O4 - HKLM\..\Run: [Dell Wireless Manager UI] C:\WINDOWS\system32\WLTRAY O4 - HKLM\..\Run: [DVDLauncher] “C:\Programmer\r\CyberLink\PowerDVD\DVDLauncher.exe” O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FÆLLES~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup O4 - HKLM\..\Run: [ISUSScheduler] “C:\Programmer\Fælles filer\InstallShield\UpdateService\issch.exe” -start O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [WinampAgent] C:\Programmer\Winamp\winampa.exe O4 - HKLM\..\Run: [explorer] C:\Documents and Settings\HAGEN SERVICE 3\Skrivebord\ww.exe O4 - HKLM\..\Run: [WINDOWS] C:\egnt.exe O4 - HKLM\..\Run: [!AVG Anti-Spyware] “C:\Programmer\Grisoft\AVG Anti-Spyware 7.5\avgas.exe” /minimized O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKCU\..\Run: [ModemOnHold] C:\Programmer\NetWaiting\netwaiting.exe O4 - HKCU\..\Run: [Mltoxizt] C:\Programmer\??mbols\w?crtupd.exe O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKCU\..\Run: [Mmos] “C:\WINDOWS\FNTS~1\rundll32.exe” -vt ndrv O4 - Startup: StarOffice 8.lnk = C:\Programmer\Sun\StarOffice 8\program\quickstart.exe O8 - Extra context menu item: E&ksporter; til Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\j2re1.4.2_03\bin\npjpi142_03.dll O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\j2re1.4.2_03\bin\npjpi142_03.dll O9 - Extra button: Opslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe (file missing) O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe (file missing) O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {E055C02E-6258-40FF-80A7-3BDA52FACAD7} - http://activex.matcash.com/speedtest2.dll O20 - Winlogon Notify: !SASWinLogon - C:\Programmer\SUPERAntiSpyware\SASWINLO.dll O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Programmer\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmer\Fælles filer\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Programmer\Dell\NICCONFIGSVC\NICCONFIGSVC.exe O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe AVG Anti-Spyware: ————————————————————————————- AVG Anti-Spyware - Scan Report ————————————————————————————- + Created at: 23:34:59 19-12-2006 + Scan result: C:\System Volume Information\_restore{26FBF7D6-90BD-4B6B-9B40-27D3A07CC125}\RP121\A0011160.exe -> Adware.ClickSpring : Cleaned. C:\System Volume Information\_restore{26FBF7D6-90BD-4B6B-9B40-27D3A07CC125}\RP121\A0011159.dll -> Adware.Companion : Cleaned. C:\Documents and Settings\HAGEN SERVICE 3\DoctorWeb\Quarantine\A0011157.exe -> Adware.PurityScan : Cleaned. C:\System Volume Information\_restore{26FBF7D6-90BD-4B6B-9B40-27D3A07CC125}\RP121\A0011158.dll -> Adware.PurityScan : Cleaned. C:\System Volume Information\_restore{26FBF7D6-90BD-4B6B-9B40-27D3A07CC125}\RP121\A0011161.dll -> Adware.Softomate : Cleaned. C:\System Volume Information\_restore{26FBF7D6-90BD-4B6B-9B40-27D3A07CC125}\RP121\A0011162.#ll -> Adware.Softomate : Cleaned. C:\System Volume Information\_restore{26FBF7D6-90BD-4B6B-9B40-27D3A07CC125}\RP121\A0011153.exe -> Backdoor.MSNMaker.ab : Cleaned. C:\System Volume Information\_restore{26FBF7D6-90BD-4B6B-9B40-27D3A07CC125}\RP121\A0011141.#xe -> Downloader.Agent.bca : Cleaned. C:\System Volume Information\_restore{26FBF7D6-90BD-4B6B-9B40-27D3A07CC125}\RP121\A0011142.#xe -> Downloader.Agent.bca : Cleaned. C:\Documents and Settings\HAGEN SERVICE 3\Lokale indstillinger\Temporary Internet Files\Content.IE5\D0PHJTDR\!update-4295[1].0000 -> Downloader.PurityScan.co : Cleaned. C:\System Volume Information\_restore{26FBF7D6-90BD-4B6B-9B40-27D3A07CC125}\RP121\A0011155.#xe -> Downloader.PurityScan.dr : Cleaned. C:\System Volume Information\_restore{26FBF7D6-90BD-4B6B-9B40-27D3A07CC125}\RP121\A0011152.#xe -> Dropper.Small : Cleaned. C:\System Volume Information\_restore{26FBF7D6-90BD-4B6B-9B40-27D3A07CC125}\RP121\A0011145.exe -> Hijacker.Agent.bt : Cleaned. C:\System Volume Information\_restore{26FBF7D6-90BD-4B6B-9B40-27D3A07CC125}\RP121\A0011146.exe -> Hijacker.Agent.bt : Cleaned. C:\System Volume Information\_restore{26FBF7D6-90BD-4B6B-9B40-27D3A07CC125}\RP121\A0011156.exe -> Hijacker.Costrat.z : Cleaned. C:\Documents and Settings\HAGEN SERVICE 3\Lokale indstillinger\Temp\ICD1.tmp\UDC6K_0001_D19M0109NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.m : Cleaned. C:\Documents and Settings\HAGEN SERVICE 3\Lokale indstillinger\Temp\ICD2.tmp\UDC6K_0001_D19M0109NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.m : Cleaned. C:\Documents and Settings\HAGEN SERVICE 3\Lokale indstillinger\Temporary Internet Files\Content.IE5\63G7P2RY\installdrivecleanerstart_dk[1].cab/UDC6K_0001_D19M0109NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.m : Cleaned. C:\Documents and Settings\HAGEN SERVICE 3\Lokale indstillinger\Temporary Internet Files\Content.IE5\OLUZS1MZ\installdrivecleanerstart_dk[1].cab/UDC6K_0001_D19M0109NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.m : Cleaned. C:\System Volume Information\_restore{26FBF7D6-90BD-4B6B-9B40-27D3A07CC125}\RP121\A0011148.exe -> Trojan.ProcKill.DJ : Cleaned. C:\System Volume Information\_restore{26FBF7D6-90BD-4B6B-9B40-27D3A07CC125}\RP121\A0011149.exe -> Trojan.ProcKill.DJ : Cleaned. C:\System Volume Information\_restore{26FBF7D6-90BD-4B6B-9B40-27D3A07CC125}\RP121\A0011150.exe -> Trojan.ProcKill.DJ : Cleaned. C:\System Volume Information\_restore{26FBF7D6-90BD-4B6B-9B40-27D3A07CC125}\RP121\A0011151.exe -> Trojan.ProcKill.DJ : Cleaned. C:\System Volume Information\_restore{26FBF7D6-90BD-4B6B-9B40-27D3A07CC125}\RP121\A0011143.exe -> Worm.VB.ar : Cleaned. C:\System Volume Information\_restore{26FBF7D6-90BD-4B6B-9B40-27D3A07CC125}\RP121\A0011144.exe -> Worm.VB.ar : Cleaned. ::Report end SUPERAntiSpyware SUPERAntiSpyware Scan Log Generated 12/19/2006 at 10:32 PM Application Version : 3.3.1020 Core Rules Database Version : 3150 Trace Rules Database Version: 1166 Scan type : Complete Scan Total Scan Time : 00:03:53 Memory items scanned : 195 Memory threats detected : 0 Registry items scanned : 4506 Registry threats detected : 225 File items scanned : 1878 File threats detected : 9 Trojan.Downloader-Gen HKLM\System\ControlSet001\Services\MsaSvc C:\WINDOWS\SYSTEM32\MSASVC.EXE HKLM\System\ControlSet003\Services\MsaSvc HKLM\System\CurrentControlSet\Services\MsaSvc Adware.Tracking Cookie C:\Documents and Settings\HAGEN SERVICE 3\Cookies\hagen service 3@drivecleaner[2].txt C:\Documents and Settings\HAGEN SERVICE 3\Cookies\hagen service .[2].txt C:\Documents and Settings\HAGEN SERVICE 3\Cookies\hagen service 3@mediaplex[1].txt Adware.Toolbar888 HKCR\CLSID\{C1B4DEC2-2623-438E-9CA2-C9043AB28508} HKCR\CLSID\{C1B4DEC2-2623-438E-9CA2-C9043AB28508}\InprocServer32 HKCR\CLSID\{C1B4DEC2-2623-438E-9CA2-C9043AB28508}\InprocServer32#ThreadingModel HKCR\CLSID\{C1B4DEC2-2623-438E-9CA2-C9043AB28508}\ProgID HKCR\CLSID\{C1B4DEC2-2623-438E-9CA2-C9043AB28508}\Programmable HKCR\CLSID\{C1B4DEC2-2623-438E-9CA2-C9043AB28508}\TypeLib HKCR\CLSID\{C1B4DEC2-2623-438E-9CA2-C9043AB28508}\VersionIndependentProgID Trojan.WinAntiSpyware/WinAntiVirus 2006/2007 HKLM\SYSTEM\CurrentControlSet\Services\FOPN HKLM\SYSTEM\CurrentControlSet\Services\FOPN#Type HKLM\SYSTEM\CurrentControlSet\Services\FOPN#Start HKLM\SYSTEM\CurrentControlSet\Services\FOPN#ErrorControl HKLM\SYSTEM\CurrentControlSet\Services\FOPN#Tag HKLM\SYSTEM\CurrentControlSet\Services\FOPN#ImagePath HKLM\SYSTEM\CurrentControlSet\Services\FOPN#DisplayName HKLM\SYSTEM\CurrentControlSet\Services\FOPN#Group HKLM\SYSTEM\CurrentControlSet\Services\FOPN#Overflow HKLM\SYSTEM\CurrentControlSet\Services\FOPN\blocked HKLM\SYSTEM\CurrentControlSet\Services\FOPN\blocked#\DEVICE\HARDDISKVOLUME2\WA6P HKLM\SYSTEM\CurrentControlSet\Services\FOPN\blocked#\DEVICE\HARDDISKVOLUME2\PROGRAMMER\IPWINS\POP57.TMP HKLM\SYSTEM\CurrentControlSet\Services\FOPN\blocked#\DEVICE\HARDDISKVOLUME2\DOCUMENTS AND SETTINGS\HAGEN SERVICE 3\COOKIES\HAGEN SERVICE 3@ADVERTISING[1].TXT HKLM\SYSTEM\CurrentControlSet\Services\FOPN\blocked#\DEVICE\HARDDISKVOLUME2\DOCUMENTS AND SETTINGS\HAGEN SERVICE 3\COOKIES\HAGEN SERVICE . HKLM\SYSTEM\CurrentControlSet\Services\FOPN\blocked#\DEVICE\HARDDISKVOLUME2\PROGRAMMER\IPWINS\POP59.TMP HKLM\SYSTEM\CurrentControlSet\Services\FOPN\blocked#\DEVICE\HARDDISKVOLUME2\DOCUMENTS AND SETTINGS\HAGEN SERVICE 3\COOKIES\HAGEN SERVICE . HKLM\SYSTEM\CurrentControlSet\Services\FOPN\blocked#\DEVICE\HARDDISKVOLUME2\PROGRAMMER\IPWINS\POP5C.TMP HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME2\DOCUMENTS AND SETTINGS\HAGEN SERVICE 3\USERDATA HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME2\DOCUMENTS AND SETTINGS\HAGEN SERVICE 3\APPLICATION DATA\LAVASOFT\AD-AWARE\QUARANTINE HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME2\DOCUME~1\HAGENS~1\LOKALE~1\TEMP\AAWTMP\TMP HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME2\DOCUMENTS AND SETTINGS\HAGEN SERVICE 3\APPLICATION DATA\LAVASOFT\AD-AWARE\LOGS HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME2\DOCUME~1\HAGENS~1\LOKALE~1\TEMP\AAWTMP\C352640\2BEA1F HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME2\DOCUME~1\HAGENS~1\LOKALE~1\TEMP\AAWTMP\C352640\24DA5F HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME2\DOCUME~1\HAGENS~1\LOKALE~1\TEMP\AAWTMP\C352640\18BF62 HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME2\DOCUME~1\HAGENS~1\LOKALE~1\TEMP\AAWTMP\C352640\1C05A4 HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME2\DOCUME~1\HAGENS~1\LOKALE~1\TEMP\AAWTMP\C352640\12402 HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME2\DOCUME~1\HAGENS~1\LOKALE~1\TEMP\AAWTMP\C352640\29AD03\GRAPHICS HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME2\DOCUME~1\HAGENS~1\LOKALE~1\TEMP\AAWTMP\C352640\29AD03 HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME2\DOCUME~1\HAGENS~1\LOKALE~1\TEMP\AAWTMP\C352640\3EFCBF HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME2\DOCUME~1\HAGENS~1\LOKALE~1\TEMP\AAWTMP\C352640\1DCB6E HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME2\DOCUME~1\HAGENS~1\LOKALE~1\TEMP\AAWTMP\C352640\315877 HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME2\DOCUME~1\HAGENS~1\LOKALE~1\TEMP\AAWTMP\C352640\174380 HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME2\DOCUME~1\HAGENS~1\LOKALE~1\TEMP\AAWTMP\C352640\3EB087 HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME2\DOCUME~1\HAGENS~1\LOKALE~1\TEMP\AAWTMP\C352640\BF5F8 HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME2\DOCUME~1\HAGENS~1\LOKALE~1\TEMP\AAWTMP\C352640\235617 HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME2\DOCUME~1\HAGENS~1\LOKALE~1\TEMP\AAWTMP\C352640\17EC6B HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME2\DOCUME~1\HAGENS~1\LOKALE~1\TEMP\AAWTMP\C352640\3A3AA5 HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME2\DOCUME~1\HAGENS~1\LOKALE~1\TEMP\AAWTMP\C352640\188C25 HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME2\DOCUME~1\HAGENS~1\LOKALE~1\TEMP\AAWTMP\C352640\37AF80 HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME2\DOCUMENTS AND SETTINGS\HAGEN SERVICE 3\SKRIVEBORD HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME2\WINDOWS\SYSTEM32 HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME2\DOCUME~1\HAGENS~1\LOKALE~1\TEMP\ADES HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME2\DOCUME~1\HAGENS~1\LOKALE~1\TEMP\AAWTMP\C352640\38F809\NPDS HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME2\DOCUME~1\HAGENS~1\LOKALE~1\TEMP\AAWTMP\C352640\1BC0FE HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME2\DOCUME~1\HAGENS~1\LOKALE~1\TEMP\AAWTMP\C352640\DA68F HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME2\DOCUME~1\HAGENS~1\LOKALE~1\TEMP\AAWTMP\C352640\DA68F\WRITERVAERKTOEJ HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME2\DOCUME~1\HAGENS~1\LOKALE~1\TEMP\AAWTMP\C352640\DA68F\META-INF HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME2\DOCUME~1\HAGENS~1\LOKALE~1\TEMP\AAWTMP\C352640\3FBA15 HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME2\DOCUME~1\HAGENS~1\LOKALE~1\TEMP\AAWTMP\C352640\3FBA15\META-INF HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME2\DOCUME~1\HAGENS~1\LOKALE~1\TEMP\AAWTMP\C352640\3FBA15\CALCVAERKTOEJ HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME2\DOCUME~1\HAGENS~1\LOKALE~1\TEMP\AAWTMP\C352640\3299CB\LIB\FONTS HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME2\DOCUME~1\HAGENS~1\LOKALE~1\TEMP\AAWTMP\C352640\3299CB\LIB\CMM HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME2\DOCUME~1\HAGENS~1\LOKALE~1\TEMP\AAWTMP\C352640\3299CB\LIB\AUDIO HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME2\DOCUME~1\HAGENS~1\LOKALE~1\TEMP\AAWTMP\C352640\365275 HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME2\DOCUME~1\HAGENS~1\LOKALE~1\TEMP\AAWTMP\C352640\37FFD6 HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME2\DOCUME~1\HAGENS~1\LOKALE~1\TEMP\AAWTMP\C352640\23B39 HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME2\DOCUME~1\HAGENS~1\LOKALE~1\TEMP\AAWTMP\C352640\2B7908 HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME2\DOCUME~1\HAGENS~1\LOKALE~1\TEMP\AAWTMP\C352640\39C379 HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME2\DOCUME~1\HAGENS~1\LOKALE~1\TEMP\AAWTMP\C352640\36B284 HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME2\DOCUME~1\HAGENS~1\LOKALE~1\TEMP\AAWTMP\C352640\36CDA2 HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME2\DOCUME~1\HAGENS~1\LOKALE~1\TEMP\AAWTMP\C352640\452DD HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME2\DOCUME~1\HAGENS~1\LOKALE~1\TEMP\AAWTMP\C352640\403143 HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME2\DOCUME~1\HAGENS~1\LOKALE~1\TEMP\AAWTMP\C352640\8C8BF HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME2\DOCUME~1\HAGENS~1\LOKALE~1\TEMP\AAWTMP\C352640\1A2BB3 HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME2\DOCUME~1\HAGENS~1\LOKALE~1\TEMP\AAWTMP\C352640\3F94C8 HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME2\DOCUME~1\HAGENS~1\LOKALE~1\TEMP\AAWTMP\C352640\40FABE HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME2\DOCUME~1\HAGENS~1\LOKALE~1\TEMP\AAWTMP\C352640\36240F HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME2\DOCUME~1\HAGENS~1\LOKALE~1\TEMP\AAWTMP\C352640\90023 HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME2\DOCUME~1\HAGENS~1\LOKALE~1\TEMP\AAWTMP\C352640\1DB951 HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME2\DOCUME~1\HAGENS~1\LOKALE~1\TEMP\AAWTMP\C352640\41BD6D HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME2\DOCUME~1\HAGENS~1\LOKALE~1\TEMP\AAWTMP\C352640\16D175 HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME2\DOCUME~1\HAGENS~1\LOKALE~1\TEMP\AAWTMP\C352640\3076CE HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME2\DOCUME~1\HAGENS~1\LOKALE~1\TEMP\AAWTMP\C352640\ACDE8 HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME2\DOCUME~1\HAGENS~1\LOKALE~1\TEMP\AAWTMP\C352640\9F79B HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME2\DOCUME~1\HAGENS~1\LOKALE~1\TEMP\AAWTMP\C352640\107442 HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME2\DOCUME~1\HAGENS~1\LOKALE~1\TEMP\AAWTMP\C352640\3EE92E HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME2\DOCUME~1\HAGENS~1\LOKALE~1\TEMP\AAWTMP\C352640\3008A2 HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME2\DOCUME~1\HAGENS~1\LOKALE~1\TEMP\AAWTMP\C352640\B55FA HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME2\DOCUME~1\HAGENS~1\LOKALE~1\TEMP\AAWTMP\C352640\2A3BA5 HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME2\DOCUME~1\HAGENS~1\LOKALE~1\TEMP\AAWTMP\C352640\1E0485 HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME2\DOCUME~1\HAGENS~1\LOKALE~1\TEMP\AAWTMP\C352640\F9F80 HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME2\DOCUME~1\HAGENS~1\LOKALE~1\TEMP\AAWTMP\C352640\D1882 HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME2\DOCUME~1\HAGENS~1\LOKALE~1\TEMP\AAWTMP\C352640\28852D HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME2\DOCUME~1\HAGENS~1\LOKALE~1\TEMP\AAWTMP\C352640\40C1C4 HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME2\DOCUME~1\HAGENS~1\LOKALE~1\TEMP\AAWTMP\C352640\3A8902 HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME2\DOCUME~1\HAGENS~1\LOKALE~1\TEMP\AAWTMP\C352640\803F7 HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME2\DOCUME~1\HAGENS~1\LOKALE~1\TEMP\AAWTMP\C352640\33408A HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME2\DOCUME~1\HAGENS~1\LOKALE~1\TEMP\AAWTMP\C352640\202E68 HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME2\DOCUME~1\HAGENS~1\LOKALE~1\TEMP\AAWTMP\C352640\39E961 HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME2\DOCUME~1\HAGENS~1\LOKALE~1\TEMP\AAWTMP\C352640\253732 HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME2\DOCUME~1\HAGENS~1\LOKALE~1\TEMP\AAWTMP\C352640\105CAA HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME2\DOCUME~1\HAGENS~1\LOKALE~1\TEMP\AAWTMP\C352640\13FEB5 HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME2\DOCUME~1\HAGENS~1\LOKALE~1\TEMP\AAWTMP\C352640\1BD79D HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME2\DOCUME~1\HAGENS~1\LOKALE~1\TEMP\AAWTMP\C352640\23D10 HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME2\DOCUME~1\HAGENS~1\LOKALE~1\TEMP\AAWTMP\C352640\406EFD HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME2\DOCUME~1\HAGENS~1\LOKALE~1\TEMP\AAWTMP\C352640\EF562 HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME2\DOCUME~1\HAGENS~1\LOKALE~1\TEMP\AAWTMP\C352640\21290C HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME2\DOCUME~1\HAGENS~1\LOKALE~1\TEMP\AAWTMP\C352640\77BF0 HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME2\DOCUME~1\HAGENS~1\LOKALE~1\TEMP\AAWTMP\C352640\8D0EC HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME2\DOCUME~1\HAGENS~1\LOKALE~1\TEMP\AAWTMP\C352640\82DDC HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME2\DOCUME~1\HAGENS~1\LOKALE~1\TEMP\AAWTMP\C352640\2124EE HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME2\DOCUME~1\HAGENS~1\LOKALE~1\TEMP\AAWTMP\C352640\230566 HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME2\DOCUME~1\HAGENS~1\LOKALE~1\TEMP\AAWTMP\C352640\480B6 HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME2\DOCUME~1\HAGENS~1\LOKALE~1\TEMP\AAWTMP\C352640\270E8D HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME2\DOCUME~1\HAGENS~1\LOKALE~1\TEMP\AAWTMP\C352640\60BD8 HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME2\DOCUME~1\HAGENS~1\LOKALE~1\TEMP\AAWTMP\C352640\2345D3 HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME2\DOCUME~1\HAGENS~1\LOKALE~1\TEMP\AAWTMP\C352640\3E8233 HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME2\DOCUME~1\HAGENS~1\LOKALE~1\TEMP\AAWTMP\C352640\256041 HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME2\DOCUME~1\HAGENS~1\LOKALE~1\TEMP\AAWTMP\C352640\3BE550 HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME2\DOCUME~1\HAGENS~1\LOKALE~1\TEMP\AAWTMP\C352640\1A2A9 HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME2\DOCUME~1\HAGENS~1\LOKALE~1\TEMP\AAWTMP\C352640\ADE2 HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME2\DOCUME~1\HAGENS~1\LOKALE~1\TEMP\AAWTMP\C352640\5CFBC HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME2\DOCUME~1\HAGENS~1\LOKALE~1\TEMP\AAWTMP\C352640\33D678 HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME2\DOCUME~1\HAGENS~1\LOKALE~1\TEMP\AAWTMP\C352640\D6A91 HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME2\DOCUME~1\HAGENS~1\LOKALE~1\TEMP\AAWTMP\C352640\1BA58E HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME2\DOCUME~1\HAGENS~1\LOKALE~1\TEMP\AAWTMP\C352640\23F7CA HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME2\DOCUME~1\HAGENS~1\LOKALE~1\TEMP\AAWTMP\C352640\35779D HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME2\DOCUME~1\HAGENS~1\LOKALE~1\TEMP\AAWTMP\C352640\304B49 HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME2\DOCUME~1\HAGENS~1\LOKALE~1\TEMP\AAWTMP\C352640\29B0FD HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME2\DOCUME~1\HAGENS~1\LOKALE~1\TEMP\AAWTMP\C352640\C9A4 HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME2\DOCUME~1\HAGENS~1\LOKALE~1\TEMP\AAWTMP\C352640\12B22C HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME2\DOCUME~1\HAGENS~1\LOKALE~1\TEMP\AAWTMP\C352640\304909 HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME2\DOCUME~1\HAGENS~1\LOKALE~1\TEMP\AAWTMP\C352640\62476 HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME2\DOCUME~1\HAGENS~1\LOKALE~1\TEMP\AAWTMP\C352640\30755F HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME2\DOCUME~1\HAGENS~1\LOKALE~1\TEMP\AAWTMP\C352640\18EB4F HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME2\DOCUME~1\HAGENS~1\LOKALE~1\TEMP\AAWTMP\C352640\71CC9 HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME2\DOCUME~1\HAGENS~1\LOKALE~1\TEMP\AAWTMP\C352640\3148E8 HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME2\DOCUME~1\HAGENS~1\LOKALE~1\TEMP\AAWTMP\C352640\2A0802 HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME2\DOCUME~1\HAGENS~1\LOKALE~1\TEMP\AAWTMP\C352640\A3A34 HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME2\DOCUME~1\HAGENS~1\LOKALE~1\TEMP\AAWTMP\C352640\A3A34\META-INF HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME2\DOCUME~1\HAGENS~1\LOKALE~1\TEMP\AAWTMP\C352640\3F5CAF HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME2\DOCUME~1\HAGENS~1\LOKALE~1\TEMP\AAWTMP\C352640\3F5CAF\META-INF HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME2\DOCUME~1\HAGENS~1\LOKALE~1\TEMP\AAWTMP\C352640\1332FD HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME2\DOCUME~1\HAGENS~1\LOKALE~1\TEMP\AAWTMP\C352640\1332FD\META-INF HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME2\DOCUME~1\HAGENS~1\LOKALE~1\TEMP\AAWTMP\C352640 HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME2\DOCUME~1\HAGENS~1\LOKALE~1\TEMP\AAWTMP HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME2\DOCUMENTS AND SETTINGS\HAGEN SERVICE 3\APPLICATION DATA\LAVASOFT\AD-AWARE HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME2\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\INTERNET EXPLORER\QUICK LAUNCH HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME2\DOCUMENTS AND SETTINGS\ALL USERS\MENUEN START\PROGRAMMER\LAVASOFT AD-AWARE SE PERSONAL HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME2\DOCUMENTS AND SETTINGS\ALL USERS\SKRIVEBORD HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME2\PROGRAMMER\LAVASOFT\AD-AWARE SE PERSONAL\LANG HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME2\PROGRAMMER\LAVASOFT\AD-AWARE SE PERSONAL\SKINS HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME2\PROGRA~1\LAVASOFT\AD-AWA~1 HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME2\PROGRAMMER\LAVASOFT\AD-AWARE SE PERSONAL HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME2\DOCUMENTS AND SETTINGS\HAGEN SERVICE 3\DOKUMENTER HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME2\DOCUMENTS AND SETTINGS\HAGEN SERVICE 3\LOKALE INDSTILLINGER\TEMPORARY INTERNET FILES\CONTENT.IE5\63G7P2RY HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME2\DOCUMENTS AND SETTINGS\HAGEN SERVICE 3\LOKALE INDSTILLINGER\TEMPORARY INTERNET FILES\CONTENT.IE5\MWPUBP4H HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME2\DOCUMENTS AND SETTINGS\HAGEN SERVICE 3\USERDATA\0D2V81EB HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME2\DOCUMENTS AND SETTINGS\HAGEN SERVICE 3\LOKALE INDSTILLINGER\TEMPORARY INTERNET FILES\CONTENT.IE5\01QRO927 HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME2\DOCUMENTS AND SETTINGS\HAGEN SERVICE 3\LOKALE INDSTILLINGER\TEMPORARY INTERNET FILES\CONTENT.IE5\C9YJWXAJ HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME2\DOCUMENTS AND SETTINGS\HAGEN SERVICE 3\LOKALE INDSTILLINGER\TEMPORARY INTERNET FILES\CONTENT.IE5\OLUZS1MZ HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME2\DOCUMENTS AND SETTINGS\HAGEN SERVICE 3\LOKALE INDSTILLINGER\TEMPORARY INTERNET FILES\CONTENT.IE5\W96FGP6Z HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME2\DOCUMENTS AND SETTINGS\HAGEN SERVICE 3\LOKALE INDSTILLINGER\TEMPORARY INTERNET FILES\CONTENT.IE5\VNTXTHLI HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME2\DOCUMENTS AND SETTINGS\HAGEN SERVICE 3\LOKALE INDSTILLINGER\TEMPORARY INTERNET FILES\CONTENT.IE5\IQILTDS2 HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME2\DOCUMENTS AND SETTINGS\HAGEN SERVICE 3\LOKALE INDSTILLINGER\TEMPORARY INTERNET FILES\CONTENT.IE5\D0PHJTDR HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME2\DOCUME~1\HAGENS~1\LOKALE~1\TEMP\NSP42.TMP HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME2\WINDOWS\SYSTEM32\DRIVERS\ETC HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME2\DOCUME~1\HAGENS~1\LOKALE~1\TEMP\~NSU.TMP HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME2\DOCUME~1\HAGENS~1\LOKALE~1\TEMP\IS-GBHCG.TMP\_ISETUP HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME2\DOCUMENTS AND SETTINGS\HAGEN SERVICE 3\LOKALE INDSTILLINGER\TEMPORARY INTERNET FILES\CONTENT.IE5\O1CRO74N HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME2\DOCUMENTS AND SETTINGS\HAGEN SERVICE 3\LOKALE INDSTILLINGER\TEMPORARY INTERNET FILES\CONTENT.IE5\UTSBATI5 HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME2\DOCUMENTS AND SETTINGS\HAGEN SERVICE 3\LOKALE INDSTILLINGER\TEMPORARY INTERNET FILES\CONTENT.IE5\SXK9MZCX HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME2\DOCUMENTS AND SETTINGS\HAGEN SERVICE 3\LOKALE INDSTILLINGER\TEMPORARY INTERNET FILES\CONTENT.IE5\IJQNM9MJ HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME2\DOCUMENTS AND SETTINGS\HAGEN SERVICE 3\LOKALE INDSTILLINGER\TEMPORARY INTERNET FILES\CONTENT.IE5\R63UHSNC HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME2\DOCUMENTS AND SETTINGS\HAGEN SERVICE 3\LOKALE INDSTILLINGER\TEMPORARY INTERNET FILES\CONTENT.IE5\6V5FAJ38 HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME2\DOCUMENTS AND SETTINGS\HAGEN SERVICE 3\LOKALE INDSTILLINGER\TEMPORARY INTERNET FILES\CONTENT.IE5\3PZW5FZF HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME2\PROGRAMMER\WINANTIVIRUS PRO 2006 HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME2\WINDOWS\SOFTWAREDISTRIBUTION\DATASTORE\LOGS HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME2\WINDOWS\SOFTWAREDISTRIBUTION\DATASTORE HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME2\WINDOWS\SYSTEM32\CONFIG HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME2\DOCUMENTS AND SETTINGS\HAGEN SERVICE 3\APPLICATION DATA\WINANTIVIRUS PRO 2006\LOGS HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME2\DOCUMENTS AND SETTINGS\HAGEN SERVICE 3\COOKIES HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME2\DOCUME~1\HAGENS~1\LOKALE~1\TEMP HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME2\WINDOWS\MINIDUMP HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME2\WINDOWS HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME2\WINDOWS\SYSTEM32\WBEM\LOGS HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME2\SYSTEM VOLUME INFORMATION\_RESTORE{26FBF7D6-90BD-4B6B-9B40-27D3A07CC125} HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME2\WINDOWS\TASKS HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME2\WINDOWS\SYSTEM32\CATROOT2 HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME2\WINDOWS\TEMP HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME2\DOCUMENTS AND SETTINGS\HAGEN SERVICE 3 HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME2\WINDOWS\DEBUG\USERMODE HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME2\WINDOWS\PREFETCH HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME2\RECYCLER\S-1-5-21-3323540555-271867008-3276457838-1005 HKLM\SYSTEM\CurrentControlSet\Services\FOPN\Security HKLM\SYSTEM\CurrentControlSet\Services\FOPN\Security#Security HKLM\SYSTEM\CurrentControlSet\Services\FOPN\Enum HKLM\SYSTEM\CurrentControlSet\Services\FOPN\Enum#0 HKLM\SYSTEM\CurrentControlSet\Services\FOPN\Enum#Count HKLM\SYSTEM\CurrentControlSet\Services\FOPN\Enum#NextInstance HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_VSPF HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_VSPF#NextInstance HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_VSPF\0000 HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_VSPF\0000#Service HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_VSPF\0000#Legacy HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_VSPF\0000#ConfigFlags HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_VSPF\0000#Class HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_VSPF\0000#ClassGUID HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_VSPF\0000#DeviceDesc HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_VSPF\0000#Capabilities HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_VSPF\0000\LogConf HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_VSPF_HK HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_VSPF_HK#NextInstance HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_VSPF_HK\0000 HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_VSPF_HK\0000#Service HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_VSPF_HK\0000#Legacy HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_VSPF_HK\0000#ConfigFlags HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_VSPF_HK\0000#Class HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_VSPF_HK\0000#ClassGUID HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_VSPF_HK\0000#DeviceDesc HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_VSPF_HK\0000#Capabilities HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_VSPF_HK\0000\LogConf C:\WINDOWS\system32\stera.job Adware.Avenue Media/Internet Optimizer HKU\S-1-5-21-3323540555-271867008-3276457838-1005\Software\Microsoft\Internet Explorer\URLSearchHooks#_{CFBFAE00-17A6-11D0-99CB-00C04FD64497} Adware.IPWins HKU\S-1-5-21-3323540555-271867008-3276457838-1005\Software\IpWins C:\Programmer\ipwins\pop57.tmp C:\Programmer\ipwins\pop59.tmp C:\Programmer\ipwins\pop5C.tmp C:\Programmer\ipwins drweb: !update-4295[1].0000 C:\Documents and Settings\HAGEN SERVICE 3\Lokale indstillinger\Temporary Internet Files\Content.IE5\63G7P2RY Trojan.DownLoader.12196 Deleted. !update-4295[1].0000 C:\Documents and Settings\HAGEN SERVICE 3\Lokale indstillinger\Temporary Internet Files\Content.IE5\OLUZS1MZ Trojan.DownLoader.12196 Deleted. A0011078.exe C:\System Volume Information\_restore{26FBF7D6-90BD-4B6B-9B40-27D3A07CC125}\RP121 Trojan.Fakealert Deleted. A0011141.exe C:\System Volume Information\_restore{26FBF7D6-90BD-4B6B-9B40-27D3A07CC125}\RP121 Adware.Macfa Renamed. A0011142.exe C:\System Volume Information\_restore{26FBF7D6-90BD-4B6B-9B40-27D3A07CC125}\RP121 Adware.Macfa Renamed. A0011147.exe C:\System Volume Information\_restore{26FBF7D6-90BD-4B6B-9B40-27D3A07CC125}\RP121 Trojan.Spambot Deleted. A0011152.exe C:\System Volume Information\_restore{26FBF7D6-90BD-4B6B-9B40-27D3A07CC125}\RP121 Adware.ClickSpring Renamed. A0011154.exe C:\System Volume Information\_restore{26FBF7D6-90BD-4B6B-9B40-27D3A07CC125}\RP121 Trojan.DownLoader.15690 Deleted. A0011155.exe C:\System Volume Information\_restore{26FBF7D6-90BD-4B6B-9B40-27D3A07CC125}\RP121 Adware.ClickSpring Renamed. A0011157.exe C:\System Volume Information\_restore{26FBF7D6-90BD-4B6B-9B40-27D3A07CC125}\RP121 Trojan.PurityAd Incurable.Moved. A0011162.dll C:\System Volume Information\_restore{26FBF7D6-90BD-4B6B-9B40-27D3A07CC125}\RP121 Adware.Macfa Renamed. A0012269.exe C:\System Volume Information\_restore{26FBF7D6-90BD-4B6B-9B40-27D3A07CC125}\RP124 Trojan.DownLoader.12196 Deleted. _____ mvh. Morten
[ Ignorer ] [ # 3 ] Larry TeamSpywarefri
20.12.2006 19:07:29 Antal indlæg: 2293	Hi morten60 Joooo - der er en del uønskede elementer som skriger på at blive fixet Jeg lader dog et andet værktøj rulle først; plejer at være ganske effektivt… ————————————————————————————- Du bør rense temp med denne fil, det tager kun få sek. Hent den lille batfil, dobbeltklik på filen, og der går et split sek. Så er temp renset. http://www.spywareinfo.dk/download/cleantempxp2k.bat ————————————————————————————- —Hent S!Ri’s SmitfraudFix.zip og pak det ud til dit Skrivebord. http://siri.urz.free.fr/Fix/SmitfraudFix.zip Programmet pakker sig ud i en mappe, der hedder SmitfraudFix. —Genstart i fejlsikret, hvis du ikke ved hvordan så kig her: http://www.ctrlaltdel.dk/forum/forum_posts.asp?TID=23&PN=1 —Åbn mappen SmitfraudFix som du fik på Skrivebordet, og dobbeltklik på SmitfraudFix.cmd og tast 2 - svar ja til at rense (y=yes). Lad programmet gennemføre en rensning. Det vil også checke om systemfilen wininet.dll er inficeret. Hvis den er det, vil du blive bedt om tilladelse til at erstatte den med en anden. Her skal du vælge “Yes”, ved at taste “y”. Programmet bliver muligvis nødt til at genstarte undervejs. Herefter vil der dukke en liste med resultaterne af rensningen op . Kopiér denne liste ind i tråden. —Genstart og læg en frisk Hijackthislog herind, sammen med loggen fra SmitfraudFix (C:\rapport.txt). NB: Filen “process.exe” som ligger i dette værktøj bliver af visse antivirus-programmer identificeret som “RiskTool”. Det har dog ikke noget på sig!
[ Ignorer ] [ # 4 ] morten60
20.12.2006 19:27:39 Antal indlæg: 12	så er vi klar igen…;) HijackThis: Logfile of HijackThis v1.99.1 Scan saved at 15:46:54, on 20-12-2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\savedump.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\wltrysvc.exe C:\WINDOWS\System32\bcmwltry.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Programmer\Synaptics\SynTP\SynTPEnh.exe C:\Programmer\Java\j2re1.4.2_03\bin\jusched.exe C:\WINDOWS\stsystra.exe C:\WINDOWS\system32\WLTRAY.exe C:\Programmer\r\CyberLink\PowerDVD\DVDLauncher.exe C:\Programmer\Fælles filer\InstallShield\UpdateService\issch.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\Programmer\Winamp\winampa.exe C:\Programmer\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\Programmer\??mbols\w?crtupd.exe C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Programmer\Sun\StarOffice 8\program\soffice.exe C:\WINDOWS\system32\igfxsrvc.exe C:\Programmer\Sun\StarOffice 8\program\soffice.BIN C:\Programmer\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\Programmer\Dell\NICCONFIGSVC\NICCONFIGSVC.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\FNTS~1\rundll32.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\Documents and Settings\HAGEN SERVICE 3\Skrivebord\spywarefri\alternativ.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://signon.stofanet.dk/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www1.euro.dell.com/content/default.aspx?c=de&l=de&s=gen R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www1.euro.dell.com/content/default.aspx?c=de&l=de&s=gen R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks R3 - URLSearchHook: (no name) - {88E1197E-DD9F-F039-9EFD-86FA38DA6D96} - C:\WINDOWS\system32\rtjzahvj.dll (file missing) O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {88E1197E-DD9F-F039-9EFD-86FA38DA6D96} - C:\WINDOWS\system32\rtjzahvj.dll (file missing) O2 - BHO: (no name) - {C1B4DEC2-2623-438e-9CA2-C9043AB28508} - (no file) O3 - Toolbar: (no name) - {C1B4DEC2-2623-438e-9CA2-C9043AB28508} - (no file) O4 - HKLM\..\Run: [SynTPEnh] C:\Programmer\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmer\Java\j2re1.4.2_03\bin\jusched.exe O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe O4 - HKLM\..\Run: [Dell Wireless Manager UI] C:\WINDOWS\system32\WLTRAY O4 - HKLM\..\Run: [DVDLauncher] “C:\Programmer\r\CyberLink\PowerDVD\DVDLauncher.exe” O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FÆLLES~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup O4 - HKLM\..\Run: [ISUSScheduler] “C:\Programmer\Fælles filer\InstallShield\UpdateService\issch.exe” -start O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [WinampAgent] C:\Programmer\Winamp\winampa.exe O4 - HKLM\..\Run: [explorer] C:\Documents and Settings\HAGEN SERVICE 3\Skrivebord\ww.exe O4 - HKLM\..\Run: [WINDOWS] C:\egnt.exe O4 - HKLM\..\Run: [!AVG Anti-Spyware] “C:\Programmer\Grisoft\AVG Anti-Spyware 7.5\avgas.exe” /minimized O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKCU\..\Run: [ModemOnHold] C:\Programmer\NetWaiting\netwaiting.exe O4 - HKCU\..\Run: [Mltoxizt] C:\Programmer\??mbols\w?crtupd.exe O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKCU\..\Run: [Mmos] “C:\WINDOWS\FNTS~1\rundll32.exe” -vt ndrv O4 - Startup: StarOffice 8.lnk = C:\Programmer\Sun\StarOffice 8\program\quickstart.exe O8 - Extra context menu item: E&ksporter; til Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\j2re1.4.2_03\bin\npjpi142_03.dll O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\j2re1.4.2_03\bin\npjpi142_03.dll O9 - Extra button: Opslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe (file missing) O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe (file missing) O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {E055C02E-6258-40FF-80A7-3BDA52FACAD7} - http://activex.matcash.com/speedtest2.dll O20 - Winlogon Notify: !SASWinLogon - C:\Programmer\SUPERAntiSpyware\SASWINLO.dll O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Programmer\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmer\Fælles filer\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Programmer\Dell\NICCONFIGSVC\NICCONFIGSVC.exe O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe SmitFraudFix: SmitFraudFix v2.131 Scan done at 17:14:18,17, 20-12-2006 Run from C:\Documents and Settings\HAGEN SERVICE 3\Skrivebord\SmitfraudFix OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT The filesystem type is NTFS Fix run in safe mode »»»»»»»»»»»»»»»»»»»»»»»» Before SmitFraudFix !!!Attention, following keys are not inevitably infected!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler’s .dll »»»»»»»»»»»»»»»»»»»»»»»» Killing process »»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix GenericRenosFix by S!Ri »»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files »»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System !!!Attention, following keys are not inevitably infected!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] “System”=”“ »»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning Registry Cleaning done. »»»»»»»»»»»»»»»»»»»»»»»» After SmitFraudFix !!!Attention, following keys are not inevitably infected!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler’s .dll »»»»»»»»»»»»»»»»»»»»»»»» End
[ Ignorer ] [ # 5 ] Fromsej TeamSpywarefri
20.12.2006 19:50:24 Administrator Team Spywarefri Antal indlæg: 55091	Kør Hijackthis, scan, sæt flueben ved linierne listet her, luk alle vinduer undtaget Hijackthis, klik på fix checked, genstart i fejlsikret (tryk på <F8> under opstarten), slet mapper og filer listet længere nede. R3 - URLSearchHook: (no name) - {88E1197E-DD9F-F039-9EFD-86FA38DA6D96} - C:\WINDOWS\system32\rtjzahvj.dll (file missing) O2 - BHO: (no name) - {88E1197E-DD9F-F039-9EFD-86FA38DA6D96} - C:\WINDOWS\system32\rtjzahvj.dll (file missing) O2 - BHO: (no name) - {C1B4DEC2-2623-438e-9CA2-C9043AB28508} - (no file) O3 - Toolbar: (no name) - {C1B4DEC2-2623-438e-9CA2-C9043AB28508} - (no file) O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKCU\..\Run: [Mltoxizt] C:\Programmer\??mbols\w?crtupd.exe O4 - HKCU\..\Run: [Mmos] “C:\WINDOWS\FNTS~1\rundll32.exe” -vt ndrv ———————————————————- Sletning af \mapper\ og filer: Åbn Stifinder, klik på Funktioner=>Mappeindstillinger=>Vis. Fjern flueben ved “Skjul beskyttede operativsystemfiler”. Fjern flueben ved “Skjul filtypenavne for kendte filtyper”. Sæt prik i “Vis skjulte filer og mapper”. Mapper: C:\Programmer\??mbols\ C:\WINDOWS\FNTS~1\ —————————- Filer: C:\WINDOWS\system32\rtjzahvj.dll << Burde være væk. ———————————————————- Vi skal se en frisk hijackthislog. Signatur Member of “Alliance of Security Analysis Professionals” - Alle angaben wie immer “nur mit pistole” Græd du også over eventyret om smedens kat, da du var lille? http://www.spywarefri.dk/medarbejderne/ Nierne bomaye - You’ll never walk alone qui potest, obligatur
[ Ignorer ] [ # 6 ] morten60
20.12.2006 21:15:03 Antal indlæg: 12	Done… Nu har jeg blot følgende problem: Når jeg starter windows i normal tilstand, går windows død efter ca. 2 mins med en blå skærm. Der står følgende: Der er fundet en fejl, og windows er blevet lukket ned for at forhindre beskadigelse af computeren. Tekniske oplysninger: STOP: 0x0000008E (0X0000005, 0XAA41B439, 0XA9E4A20, 0X00000000) System32: lzx32.sys - adress AA41B439 base at AA419000, datestamp 45830b7f ___________ Således er det nærmest umuligt at bruge windows i normal tilstand… Her er det nye log: Logfile of HijackThis v1.99.1 Scan saved at 19:06:07, on 20-12-2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\savedump.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\wltrysvc.exe C:\WINDOWS\System32\bcmwltry.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Programmer\Synaptics\SynTP\SynTPEnh.exe C:\Programmer\Java\j2re1.4.2_03\bin\jusched.exe C:\WINDOWS\stsystra.exe C:\WINDOWS\system32\WLTRAY.exe C:\Programmer\r\CyberLink\PowerDVD\DVDLauncher.exe C:\Programmer\Fælles filer\InstallShield\UpdateService\issch.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\Programmer\Winamp\winampa.exe C:\Programmer\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Programmer\Sun\StarOffice 8\program\soffice.exe C:\WINDOWS\system32\igfxsrvc.exe C:\Programmer\Sun\StarOffice 8\program\soffice.BIN C:\Programmer\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\Programmer\Dell\NICCONFIGSVC\NICCONFIGSVC.exe C:\Documents and Settings\HAGEN SERVICE 3\Skrivebord\spywarefri\alternativ.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://signon.stofanet.dk/ R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O4 - HKLM\..\Run: [SynTPEnh] C:\Programmer\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmer\Java\j2re1.4.2_03\bin\jusched.exe O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe O4 - HKLM\..\Run: [Dell Wireless Manager UI] C:\WINDOWS\system32\WLTRAY O4 - HKLM\..\Run: [DVDLauncher] “C:\Programmer\r\CyberLink\PowerDVD\DVDLauncher.exe” O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FÆLLES~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup O4 - HKLM\..\Run: [ISUSScheduler] “C:\Programmer\Fælles filer\InstallShield\UpdateService\issch.exe” -start O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [WinampAgent] C:\Programmer\Winamp\winampa.exe O4 - HKLM\..\Run: [explorer] C:\Documents and Settings\HAGEN SERVICE 3\Skrivebord\ww.exe O4 - HKLM\..\Run: [WINDOWS] C:\egnt.exe O4 - HKLM\..\Run: [!AVG Anti-Spyware] “C:\Programmer\Grisoft\AVG Anti-Spyware 7.5\avgas.exe” /minimized O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKCU\..\Run: [ModemOnHold] C:\Programmer\NetWaiting\netwaiting.exe O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - Startup: StarOffice 8.lnk = C:\Programmer\Sun\StarOffice 8\program\quickstart.exe O8 - Extra context menu item: E&ksporter; til Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\j2re1.4.2_03\bin\npjpi142_03.dll O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\j2re1.4.2_03\bin\npjpi142_03.dll O9 - Extra button: Opslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe (file missing) O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe (file missing) O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {E055C02E-6258-40FF-80A7-3BDA52FACAD7} - http://activex.matcash.com/speedtest2.dll O20 - Winlogon Notify: !SASWinLogon - C:\Programmer\SUPERAntiSpyware\SASWINLO.dll O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Programmer\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmer\Fælles filer\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Programmer\Dell\NICCONFIGSVC\NICCONFIGSVC.exe O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe ______ mvh. Morten
[ Ignorer ] [ # 7 ] Fromsej TeamSpywarefri
20.12.2006 21:38:38 Administrator Team Spywarefri Antal indlæg: 55091	Tillykke du er den “heldige” ejer af et Rootkit. Nu skal du gøre op med dig selv om vi skal prøve at fjerne det, eller du vil bide i det meget sure æble og køre Killdisk på maskinen, for derefter at geninstallere den. Jeg flytter dig over i vores Rootkitafdeling, der er reglerne lidt anderledes, største ændring er at der godt kan gå noget længere tid, inden du vil få svar fra en af os. Vi er ikke så mange der er fortrolige med værktøjet endnu, vi er ude i noget af det mest ondskabsfulde snavs der nogensinde er opfundet. Hvis du vælger at fortsætte rensningen: Hent dette værktøj, og gem det på skrivebordet: http://www.uploads.ejvindh.net/rustbfix.exe Dobbeltklik på værktøjet. Hvis værktøjet finder en Rustock-infektion, vil du efter kort tid blive bedt om at genstarte computeren. Dette skal du så acceptere. Genstarten vil muligvis tage et godt stykke tid, og måske skal der 2 genstarter til, men dette vil ske helt automatisk. Når genstarten er færdig vil der åbnes 2 logfiler, som du skal kopiere ind i tråden. Signatur Member of “Alliance of Security Analysis Professionals” - Alle angaben wie immer “nur mit pistole” Græd du også over eventyret om smedens kat, da du var lille? http://www.spywarefri.dk/medarbejderne/ Nierne bomaye - You’ll never walk alone qui potest, obligatur
[ Ignorer ] [ # 8 ] morten60
20.12.2006 22:09:28 Antal indlæg: 12	jamen vi prøver da… den genstartede 2 gange…men kom kun med ét log: Logfile of The Avenger version 1, by Swandog46 Running from registry key: \Registry\Machine\System\CurrentControlSet\Services\ajqtwsfi ******************* Fatal error: integrity of Services key failed verification check! Security may be fatally compromised. Exiting immediately. Could not open script file! Status: 0xc0000034 Abort!
[ Ignorer ] [ # 9 ] Fromsej TeamSpywarefri
20.12.2006 22:34:33 Administrator Team Spywarefri Antal indlæg: 55091	Hent Combofix, og gem den på dit skrivebord: http://download.bleepingcomputer.com/sUBs/combofix.exe —Kør så combofix.exe, og følg anvisningerne. Du bør ikke klikke på vinduet imens værktøjet kører, idet det kan få din computer til at fryse. Når combofix er færdig, og efter det har genstartet, skulle der gerne åbnes en logfil: combofix.txt Indholdet af denne fil må du gerne lægge herind. Signatur Member of “Alliance of Security Analysis Professionals” - Alle angaben wie immer “nur mit pistole” Græd du også over eventyret om smedens kat, da du var lille? http://www.spywarefri.dk/medarbejderne/ Nierne bomaye - You’ll never walk alone qui potest, obligatur
[ Ignorer ] [ # 10 ] morten60
20.12.2006 22:39:52 Antal indlæg: 12	Log af combofix… HAGEN SERVICE 3 - 06-12-20 20:37:01,92 Service Pack 2 ComboFix 06.11.27 - Running from: “C:\Documents and Settings\HAGEN SERVICE 3\Skrivebord” (((((((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) C:\Programmer\Inetget2 C:\Programmer\F‘lles filer\{1C99DE5A-0574-1030-1121-05111420002d} C:\Programmer\F‘lles filer\{3C99DE5A-0574-1030-1121-05111420002d} ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ Purity ~ ~ ~ ~ ~ ~ ~ ~~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ Folders Quarantined: C:\QooBox\Purity\Documents and Settings\HAGEN SERVICE 3\Application Data\MBOLS~1 C:\QooBox\Purity\Documents and Settings\HAGEN SERVICE 3\Application Data\YSTEM3~1 C:\QooBox\Purity\Documents and Settings\HAGEN SERVICE 3\Dokumenter\SKS~1 C:\QooBox\Purity\Programmer\MBOLS~1 C:\QooBox\Purity\Programmer\MBOLS~1\w?crtupd.exe ((((((((((((((((((((((((((((((( Files Created from 2006-11-20 to 2006-12-20 )))))))))))))))))))))))))))))))))) 2006-12-20 20:06 <DIR> d————C:\avenger 2006-12-20 20:03 16—a———C:\chdir.bat 2006-12-20 20:03 <DIR> d————C:\Rustbfix 2006-12-20 17:18 <DIR> d————C:\Programmer\msn gaming zone 2006-12-20 17:14 79,360—a———C:\WINDOWS\system32\swxcacls.exe 2006-12-20 17:14 53,248—a———C:\WINDOWS\system32\Process.exe 2006-12-20 17:14 51,200—a———C:\WINDOWS\system32\dumphive.exe 2006-12-20 17:14 40,960—a———C:\WINDOWS\system32\swsc.exe 2006-12-20 17:14 3,388—a———C:\WINDOWS\system32\tmp.reg 2006-12-20 17:14 288,417—a———C:\WINDOWS\system32\SrchSTS.exe 2006-12-20 17:14 135,168—a———C:\WINDOWS\system32\swreg.exe 2006-12-20 17:12 <DIR> d————C:\WINDOWS\Temp 2006-12-19 21:46 <DIR> d————C:\Documents and Settings\HAGEN SERVICE 3\DoctorWeb 2006-12-18 22:12 <DIR> d————C:\Programmer\SUPERAntiSpyware 2006-12-18 22:12 <DIR> d————C:\Documents and Settings\HAGEN SERVICE 3\Application Data\SUPERAntiSpyware.com 2006-12-18 22:11 <DIR> d————C:\Programmer\F‘lles filer\Wise Installation Wizard 2006-12-18 22:07 <DIR> d————C:\Programmer\ewido 2006-12-18 22:02 <DIR> d————C:\WINDOWS\SxsCaPendDel 2006-12-18 20:06 <DIR> d————C:\Documents and Settings\HAGEN SERVICE 3\Local Settings 2006-12-18 19:12 <DIR> d—hs——C:\WINDOWS\CSC 2006-12-18 19:04 3,968—a———C:\WINDOWS\system32\drivers\AvgAsCln.sys 2006-12-18 19:04 <DIR> d————C:\Programmer\Grisoft 2006-12-18 18:26 76,560—a———C:\WINDOWS\system32\drivers\tmcomm.sys 2006-12-18 18:23 <DIR> d————C:\Documents and Settings\HAGEN SERVICE 3\.housecall6.6 2006-12-18 18:09 <DIR> d————C:\Documents and Settings\HAGEN SERVICE 3\Application Data\Lavasoft 2006-12-18 18:08 <DIR> d————C:\Programmer\Lavasoft 2006-12-16 18:06 <DIR> d————C:\Programmer\Common Files 2006-12-16 18:05 <DIR> d—hs——C:\WA6P 2006-12-16 18:05 <DIR> d————C:\Documents and Settings\All Users\Application Data\WinAntiVirus Pro 2006 2006-12-16 18:04 8,704—a———C:\WINDOWS\system32\SpOrder.dll 2006-12-14 07:07 <DIR> d————C:\WINDOWS\Minidump 2006-12-11 12:06 77,824—a———C:\Documents and Settings\HAGEN SERVICE 3\isetup.exe 2006-12-09 12:52 77,824—a———C:\Documents and Settings\HAGEN SERVICE 3\psetup.exe (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))) 2006-12-20 20:37————d-a———C:\Programmer\F‘lles filer 2006-12-20 20:12————d————C:\Documents and Settings\HAGEN SERVICE 3\Application Data\StarOffice8 2006-12-20 20:10————d————C:\Programmer\Internet Explorer 2006-12-20 20:09————d————C:\Programmer\Outlook Express 2006-12-20 20:09————d————C:\Programmer\F‘lles filer\System 2006-12-18 18:18————d————C:\Programmer\Google 2006-12-16 18:06 703—a———C:\Documents and Settings\HAGEN SERVICE 3\Application Data\update.log 2006-12-07 06:29 2374472—a———C:\WINDOWS\system32\wmvcore.dll 2006-11-23 15:49————d————C:\Documents and Settings\HAGEN SERVICE 3\Application Data\AdobeUM 2006-11-08 09:34————d————C:\Documents and Settings\HAGEN SERVICE 3\Application Data\Google 2006-11-08 06:07 679424—a———C:\WINDOWS\system32\inetcomm.dll 2006-10-20 16:40————d————C:\Documents and Settings\HAGEN SERVICE 3\Application Data\Macromedia 2006-10-20 02:39 713216—a———C:\WINDOWS\system32\sxs.dll 2006-10-13 13:39 65536—a———C:\WINDOWS\system32\nwwks.dll 2006-10-13 13:39 64000—a———C:\WINDOWS\system32\nwapi32.dll 2006-10-13 13:39 142848—a———C:\WINDOWS\system32\nwprovau.dll (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))) Note empty entries are not shown [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run] “ModemOnHold”=“C:\\Programmer\\NetWaiting\\netwaiting.exe” “SUPERAntiSpyware”=“C:\\Programmer\\SUPERAntiSpyware\\SUPERAntiSpyware.exe” [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run] “SynTPEnh”=“C:\\Programmer\\Synaptics\\SynTP\\SynTPEnh.exe” “SunJavaUpdateSched”=“C:\\Programmer\\Java\\j2re1.4.2_03\\bin\\jusched.exe” “SigmatelSysTrayApp”=“stsystra.exe” “Dell Wireless Manager UI”=“C:\\WINDOWS\\system32\\WLTRAY” “DVDLauncher”=”\“C:\\Programmer\\r\\CyberLink\\PowerDVD\\DVDLauncher.exe\”“ “ISUSPM Startup”=“C:\\PROGRA~1\\FÆLLES~1\\INSTAL~1\\UPDATE~1\\ISUSPM.exe -startup” “ISUSScheduler”=”\“C:\\Programmer\\Fælles filer\\InstallShield\\UpdateService\\issch.exe\” -start” “igfxtray”=“C:\\WINDOWS\\system32\\igfxtray.exe” “igfxhkcmd”=“C:\\WINDOWS\\system32\\hkcmd.exe” “igfxpers”=“C:\\WINDOWS\\system32\\igfxpers.exe” “WinampAgent”=“C:\\Programmer\\Winamp\\winampa.exe” “WINDOWS”=“C:\\egnt.exe” “!AVG Anti-Spyware”=”\“C:\\Programmer\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\” /minimized” “KernelFaultCheck”=hex(2):25,73,79,73,74,65,6d,72,6f,6f,74,25,5c,73,79,73,74,\ 65,6d,33,32,5c,64,75,6d,70,72,65,70,20,30,20,2d,6b,00 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL] “Installed”=“1” [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI] “Installed”=“1” “NoChange”=“1” [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS] “Installed”=“1” [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components] “DeskHtmlVersion”=dword:00000110 “DeskHtmlMinorVersion”=dword:00000005 “Settings”=dword:00000001 “GeneralFlags”=dword:00000001 [HKEY_USERS\.default\software\microsoft\windows\currentversion\run] “CTFMON.EXE”=“C:\\WINDOWS\\system32\\CTFMON.EXE” [HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run] “CTFMON.EXE”=“C:\\WINDOWS\\system32\\CTFMON.EXE” [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler] “{438755C2-A8BA-11D1-B96B-00A0C90312E1}”=“Browseui preloader” “{8C7461EF-2B13-11d2-BE35-3078302C2030}”=“Component Categories cache daemon” [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks] “{AEB6717E-7E19-11d0-97EE-00C04FD91972}”=”“ “{57B86673-276A-48B2-BAE7-C6DBB3020EB8}”=“AVG Anti-Spyware 7.5” “{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}”=”“ [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] “NoDriveTypeAutoRun”=dword:00000091 [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run] “{1C99DE5A-0574-1030-1121-05111420002d}”=”\“C:\\Programmer\\Fælles filer\\{1C99DE5A-0574-1030-1121-05111420002d}\\Update.exe\” mc-110-12-0001411” [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] “dontdisplaylastusername”=dword:00000000 “legalnoticecaption”=”“ “legalnoticetext”=”“ “shutdownwithoutlogon”=dword:00000001 “undockwithoutlogon”=dword:00000001 [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer] “NoDriveTypeAutoRun”=dword:00000091 [HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer] “NoDriveTypeAutoRun”=dword:00000091 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload] “PostBootReminder”=”{7849596a-48ea-486e-8937-a2a3009f31a9}” “CDBurn”=”{fbeb8a05-beee-4442-804e-409d6c4515e9}” “WebCheck”=”{E6FB5E20-DE35-11CF-9C87-00AA005127ED}” “SysTray”=”{35CEC8A3-2BE6-11D2-8773-92E220524153}” HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] “SecurityProviders”=“msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll” Completion time: 06-12-20 20:38:04.95 C:\ComboFix.txt ... 06-12-20 20:38
[ Ignorer ] [ # 11 ] FBJ Emeritus
20.12.2006 23:26:08 Redaktør Supporter Emeritus Antal indlæg: 17644	Lad os prøve med Avenger igen - du må gerne køre programmet fra Fejlsikret tilstand, hvis det virker bedre… 1. Dobbeltklik på avenger.exe 2. Sæt en prik i “Input Script Manually” og klik på Luppen - nu dukker der et lille vindue op, hvor du skal kopiere HELE indholdet med fed skrift ind: Files to delete: C:\egnt.exe Folders to delete: C:\Programmer\Fælles filer\{1C99DE5A-0574-1030-1121-05111420002d} C:\Documents and Settings\All Users\Application Data\WinAntiVirus Pro 2006 C:\WA6P Drivers to unload: pe386 3. Klik på Trafiklyset i Avenger. Programmet vil opfordre dig til at genstarte computeren straks, hvilket du skal gøre. Programmet vil lukke din computer, slette filerne og starte computeren igen. 4. Efter genstarten vil der dukke et notepad-vindue op, med en log for Avengers handlinger. Den må du gerne lægge ind i dit næste svar. 5. Kopiér indholdet med fed skrift ind i et notepad-vindue, og gem indholdet på skrivebordet som regfix.reg. Når du gemmer, skal du sikre, at der under “filtyper” står “alle filer”. REGEDIT4 [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run] “{1C99DE5A-0574-1030-1121-05111420002d}”=- Dobbeltklik så på den fil, som du lige har lavet (regfix.reg), og bekræft at du vil tilføje oplysningerne til registreringsdatabasen. 6. Genstart din computer i Normal tilstand (hvis du kan), kør en scan med HijackThis og læg en frisk log herind, sammen med log’en fra Avenger. Signatur Gode råd om sikkerhed….
[ Ignorer ] [ # 12 ] Payz_
26.12.2006 23:35:06 Antal indlæg: 48	Det med blå skærm, er oftes pga. piratkopi
[ Ignorer ] [ # 13 ] FBJ Emeritus
27.12.2006 00:23:46 Redaktør Supporter Emeritus Antal indlæg: 17644	Tak for dit input… Signatur Gode råd om sikkerhed….
[ Ignorer ] [ # 14 ] morten60
28.12.2006 19:52:14 Antal indlæg: 12	Hej - så er vi klar igen;) Efter jeg har brugt disse værktøjer forekommer den blå skærm tilsyneladende ikke mere… Hvar angår piratkopi - så er jeg ikke lige helt med - piratkopi af hvad? Her er de nye logs: HijackThis: Logfile of HijackThis v1.99.1 Scan saved at 17:47:10, on 28-12-2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\wltrysvc.exe C:\WINDOWS\System32\bcmwltry.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Programmer\Synaptics\SynTP\SynTPEnh.exe C:\Programmer\Java\j2re1.4.2_03\bin\jusched.exe C:\WINDOWS\stsystra.exe C:\WINDOWS\system32\WLTRAY.exe C:\Programmer\r\CyberLink\PowerDVD\DVDLauncher.exe C:\Programmer\Fælles filer\InstallShield\UpdateService\issch.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\Programmer\Winamp\winampa.exe C:\Programmer\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Programmer\Sun\StarOffice 8\program\soffice.exe C:\WINDOWS\system32\igfxsrvc.exe C:\Programmer\Sun\StarOffice 8\program\soffice.BIN C:\Programmer\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\Programmer\Dell\NICCONFIGSVC\NICCONFIGSVC.exe C:\WINDOWS\system32\wuauclt.exe C:\Documents and Settings\HAGEN SERVICE 3\Skrivebord\spywarefri\alternativ.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://signon.stofanet.dk/ R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O4 - HKLM\..\Run: [SynTPEnh] C:\Programmer\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmer\Java\j2re1.4.2_03\bin\jusched.exe O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe O4 - HKLM\..\Run: [Dell Wireless Manager UI] C:\WINDOWS\system32\WLTRAY O4 - HKLM\..\Run: [DVDLauncher] “C:\Programmer\r\CyberLink\PowerDVD\DVDLauncher.exe” O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FÆLLES~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup O4 - HKLM\..\Run: [ISUSScheduler] “C:\Programmer\Fælles filer\InstallShield\UpdateService\issch.exe” -start O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [WinampAgent] C:\Programmer\Winamp\winampa.exe O4 - HKLM\..\Run: [WINDOWS] C:\egnt.exe O4 - HKLM\..\Run: [!AVG Anti-Spyware] “C:\Programmer\Grisoft\AVG Anti-Spyware 7.5\avgas.exe” /minimized O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKCU\..\Run: [ModemOnHold] C:\Programmer\NetWaiting\netwaiting.exe O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - Startup: StarOffice 8.lnk = C:\Programmer\Sun\StarOffice 8\program\quickstart.exe O8 - Extra context menu item: E&ksporter; til Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\j2re1.4.2_03\bin\npjpi142_03.dll O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\j2re1.4.2_03\bin\npjpi142_03.dll O9 - Extra button: Opslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe (file missing) O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe (file missing) O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {E055C02E-6258-40FF-80A7-3BDA52FACAD7} - http://activex.matcash.com/speedtest2.dll O20 - Winlogon Notify: !SASWinLogon - C:\Programmer\SUPERAntiSpyware\SASWINLO.dll O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Programmer\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmer\Fælles filer\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Programmer\Dell\NICCONFIGSVC\NICCONFIGSVC.exe O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe Avenger: Logfile of The Avenger version 1, by Swandog46 Running from registry key: \Registry\Machine\System\CurrentControlSet\Services\enjbdyph ***************** Script file located at: \??\C:\Documents and Settings\aqaasnhi.txt Script file opened successfully. Script file read successfully Backups directory opened successfully at C:\Avenger *************** Beginning to process script file: File C:\egnt.exe not found! Deletion of file C:\egnt.exe failed! Could not process line: C:\egnt.exe Status: 0xc0000034 Folder C:\Programmer\Fælles filer\{1C99DE5A-0574-1030-1121-05111420002d} not found! Deletion of folder C:\Programmer\Fælles filer\{1C99DE5A-0574-1030-1121-05111420002d} failed! Could not process line: C:\Programmer\Fælles filer\{1C99DE5A-0574-1030-1121-05111420002d} Status: 0xc0000034 Folder C:\Documents and Settings\All Users\Application Data\WinAntiVirus Pro 2006 deleted successfully. Folder C:\WA6P deleted successfully. Registry key \Registry\Machine\System\CurrentControlSet\Services\pe386 not found! Unload of driver pe386 failed! Could not process line: pe386 Status: 0xc0000034 Completed script processing. ***************** Finished! Terminate.
[ Ignorer ] [ # 15 ] Fromsej TeamSpywarefri
28.12.2006 22:15:37 Administrator Team Spywarefri Antal indlæg: 55091	Fix de to her med hijackthis. O4 - HKLM\..\Run: [WINDOWS] C:\egnt.exe O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k genstart og kom med en frisk Hijackthislog. Signatur Member of “Alliance of Security Analysis Professionals” - Alle angaben wie immer “nur mit pistole” Græd du også over eventyret om smedens kat, da du var lille? http://www.spywarefri.dk/medarbejderne/ Nierne bomaye - You’ll never walk alone qui potest, obligatur

1 af 2

Næste