audda Skrevet 26. februar 2007 Del Skrevet 26. februar 2007 Åpner nytt emne pga. problemer med å komme inn på allerede oppstarta dialog. Problemet gjelder diverse forslag om å installere antivirius og sikkerhetsprogrammer, f.eks. winantiviruspro. norbat har allerede veileda meg gjennom flere trinn. Legger ved siste logg fra SAS: Klikk for å se/fjerne innholdet nedenfor SUPERAntiSpyware Scan LogGenerated 02/26/2007 at 08:17 PM Application Version : 3.5.1016 Core Rules Database Version : 3189 Trace Rules Database Version: 1199 Scan type : Complete Scan Total Scan Time : 00:51:34 Memory items scanned : 199 Memory threats detected : 0 Registry items scanned : 5626 Registry threats detected : 0 File items scanned : 40419 File threats detected : 238 Adware.Tracking Cookie C:\Documents and Settings\Ingar\Cookies\[email protected][1].txt C:\Documents and Settings\Ingar\Cookies\[email protected][1].txt C:\Documents and Settings\Ingar\Cookies\[email protected][3].txt C:\Documents and Settings\Ingar\Cookies\[email protected][1].txt C:\Documents and Settings\Ingar\Cookies\[email protected][2].txt C:\Documents and Settings\Ingar\Cookies\ingar@imrworldwide[1].txt C:\Documents and Settings\Ingar\Cookies\ingar@indexstats[2].txt C:\Documents and Settings\Ingar\Cookies\[email protected][2].txt C:\Documents and Settings\Ingar\Cookies\ingar@winantivirus[1].txt C:\Documents and Settings\Ingar\Cookies\[email protected][2].txt C:\Documents and Settings\Sigrid\Cookies\[email protected][2].txt C:\Documents and Settings\Sigrid\Cookies\[email protected][1].txt C:\Documents and Settings\Sigrid\Cookies\sigrid@accelerator-media[2].txt C:\Documents and Settings\Sigrid\Cookies\[email protected][2].txt C:\Documents and Settings\Sigrid\Cookies\[email protected][2].txt C:\Documents and Settings\Sigrid\Cookies\[email protected][1].txt C:\Documents and Settings\Sigrid\Cookies\[email protected][1].txt C:\Documents and Settings\Sigrid\Cookies\sigrid@adcentriconline[1].txt C:\Documents and Settings\Sigrid\Cookies\[email protected][2].txt C:\Documents and Settings\Sigrid\Cookies\[email protected][2].txt C:\Documents and Settings\Sigrid\Cookies\[email protected][1].txt C:\Documents and Settings\Sigrid\Cookies\[email protected][1].txt C:\Documents and Settings\Sigrid\Cookies\[email protected][1].txt C:\Documents and Settings\Sigrid\Cookies\[email protected][1].txt C:\Documents and Settings\Sigrid\Cookies\[email protected][2].txt C:\Documents and Settings\Sigrid\Cookies\[email protected][2].txt C:\Documents and Settings\Sigrid\Cookies\[email protected][1].txt C:\Documents and Settings\Sigrid\Cookies\[email protected][1].txt C:\Documents and Settings\Sigrid\Cookies\[email protected][1].txt C:\Documents and Settings\Sigrid\Cookies\[email protected][2].txt C:\Documents and Settings\Sigrid\Cookies\[email protected][1].txt C:\Documents and Settings\Sigrid\Cookies\[email protected][1].txt C:\Documents and Settings\Sigrid\Cookies\[email protected][1].txt C:\Documents and Settings\Sigrid\Cookies\[email protected][1].txt C:\Documents and Settings\Sigrid\Cookies\[email protected][1].txt C:\Documents and Settings\Sigrid\Cookies\[email protected][2].txt C:\Documents and Settings\Sigrid\Cookies\sigrid@adserver[1].txt C:\Documents and Settings\Sigrid\Cookies\[email protected][2].txt C:\Documents and Settings\Sigrid\Cookies\sigrid@advertising[1].txt C:\Documents and Settings\Sigrid\Cookies\sigrid@askiacsearchmedia[2].txt C:\Documents and Settings\Sigrid\Cookies\sigrid@atdmt[1].txt C:\Documents and Settings\Sigrid\Cookies\sigrid@atwola[1].txt C:\Documents and Settings\Sigrid\Cookies\sigrid@azjmp[1].txt C:\Documents and Settings\Sigrid\Cookies\sigrid@banner[1].txt C:\Documents and Settings\Sigrid\Cookies\sigrid@belnk[1].txt C:\Documents and Settings\Sigrid\Cookies\[email protected][2].txt C:\Documents and Settings\Sigrid\Cookies\sigrid@cassava[1].txt C:\Documents and Settings\Sigrid\Cookies\sigrid@clicksor[1].txt C:\Documents and Settings\Sigrid\Cookies\sigrid@clicktorrent[1].txt C:\Documents and Settings\Sigrid\Cookies\[email protected][2].txt C:\Documents and Settings\Sigrid\Cookies\[email protected][2].txt C:\Documents and Settings\Sigrid\Cookies\[email protected][1].txt C:\Documents and Settings\Sigrid\Cookies\[email protected][1].txt C:\Documents and Settings\Sigrid\Cookies\[email protected][1].txt C:\Documents and Settings\Sigrid\Cookies\sigrid@focalex[2].txt C:\Documents and Settings\Sigrid\Cookies\[email protected][2].txt C:\Documents and Settings\Sigrid\Cookies\[email protected][3].txt C:\Documents and Settings\Sigrid\Cookies\[email protected][1].txt C:\Documents and Settings\Sigrid\Cookies\[email protected][2].txt C:\Documents and Settings\Sigrid\Cookies\sigrid@indexstats[2].txt C:\Documents and Settings\Sigrid\Cookies\sigrid@indextools[2].txt C:\Documents and Settings\Sigrid\Cookies\sigrid@inteletrack[2].txt C:\Documents and Settings\Sigrid\Cookies\sigrid@interclick[2].txt C:\Documents and Settings\Sigrid\Cookies\sigrid@kanoodle[1].txt C:\Documents and Settings\Sigrid\Cookies\[email protected][1].txt C:\Documents and Settings\Sigrid\Cookies\sigrid@maxserving[2].txt C:\Documents and Settings\Sigrid\Cookies\[email protected][1].txt C:\Documents and Settings\Sigrid\Cookies\[email protected][1].txt C:\Documents and Settings\Sigrid\Cookies\[email protected][1].txt C:\Documents and Settings\Sigrid\Cookies\[email protected][1].txt C:\Documents and Settings\Sigrid\Cookies\sigrid@mywebsearch[2].txt C:\Documents and Settings\Sigrid\Cookies\sigrid@partypoker[1].txt C:\Documents and Settings\Sigrid\Cookies\sigrid@qnsr[1].txt C:\Documents and Settings\Sigrid\Cookies\[email protected][1].txt C:\Documents and Settings\Sigrid\Cookies\sigrid@revsci[2].txt C:\Documents and Settings\Sigrid\Cookies\sigrid@roiservice[1].txt C:\Documents and Settings\Sigrid\Cookies\[email protected][2].txt C:\Documents and Settings\Sigrid\Cookies\sigrid@smileycentral[1].txt C:\Documents and Settings\Sigrid\Cookies\[email protected][1].txt C:\Documents and Settings\Sigrid\Cookies\[email protected][2].txt C:\Documents and Settings\Sigrid\Cookies\[email protected][1].txt C:\Documents and Settings\Sigrid\Cookies\[email protected][1].txt C:\Documents and Settings\Sigrid\Cookies\sigrid@tripod[1].txt C:\Documents and Settings\Sigrid\Cookies\sigrid@winantivirus[1].txt C:\Documents and Settings\Sigrid\Cookies\[email protected][1].txt C:\Documents and Settings\Sigrid\Cookies\[email protected][1].txt C:\Documents and Settings\Sigrid\Cookies\[email protected][2].txt C:\Documents and Settings\Sigrid\Cookies\[email protected][2].txt C:\Documents and Settings\Sigrid\Cookies\sigrid@xiti[1].txt C:\Documents and Settings\Sigrid\Cookies\sigrid@yourmedia[1].txt C:\Documents and Settings\Vemund\Cookies\[email protected][1].txt C:\Documents and Settings\Vemund\Cookies\[email protected][2].txt C:\Documents and Settings\Vemund\Cookies\[email protected][2].txt C:\Documents and Settings\Vemund\Cookies\vemund@accelerator-media[2].txt C:\Documents and Settings\Vemund\Cookies\[email protected][2].txt C:\Documents and Settings\Vemund\Cookies\[email protected][1].txt C:\Documents and Settings\Vemund\Cookies\[email protected][1].txt C:\Documents and Settings\Vemund\Cookies\[email protected][1].txt C:\Documents and Settings\Vemund\Cookies\[email protected][1].txt C:\Documents and Settings\Vemund\Cookies\[email protected][3].txt C:\Documents and Settings\Vemund\Cookies\[email protected][2].txt C:\Documents and Settings\Vemund\Cookies\vemund@adecn[2].txt C:\Documents and Settings\Vemund\Cookies\vemund@adlegend[1].txt C:\Documents and Settings\Vemund\Cookies\[email protected][1].txt C:\Documents and Settings\Vemund\Cookies\[email protected][1].txt C:\Documents and Settings\Vemund\Cookies\vemund@adrevolver[1].txt C:\Documents and Settings\Vemund\Cookies\[email protected][1].txt C:\Documents and Settings\Vemund\Cookies\[email protected][2].txt C:\Documents and Settings\Vemund\Cookies\[email protected][1].txt C:\Documents and Settings\Vemund\Cookies\[email protected][2].txt C:\Documents and Settings\Vemund\Cookies\[email protected][1].txt C:\Documents and Settings\Vemund\Cookies\[email protected][1].txt C:\Documents and Settings\Vemund\Cookies\[email protected][1].txt C:\Documents and Settings\Vemund\Cookies\[email protected][1].txt C:\Documents and Settings\Vemund\Cookies\[email protected][1].txt C:\Documents and Settings\Vemund\Cookies\[email protected][1].txt C:\Documents and Settings\Vemund\Cookies\[email protected][1].txt C:\Documents and Settings\Vemund\Cookies\[email protected][1].txt C:\Documents and Settings\Vemund\Cookies\[email protected][2].txt C:\Documents and Settings\Vemund\Cookies\[email protected][1].txt C:\Documents and Settings\Vemund\Cookies\[email protected][2].txt C:\Documents and Settings\Vemund\Cookies\[email protected][1].txt C:\Documents and Settings\Vemund\Cookies\[email protected][2].txt C:\Documents and Settings\Vemund\Cookies\[email protected][2].txt C:\Documents and Settings\Vemund\Cookies\[email protected][3].txt C:\Documents and Settings\Vemund\Cookies\[email protected][2].txt C:\Documents and Settings\Vemund\Cookies\vemund@adserver[1].txt C:\Documents and Settings\Vemund\Cookies\vemund@adultswim[2].txt C:\Documents and Settings\Vemund\Cookies\[email protected][2].txt C:\Documents and Settings\Vemund\Cookies\vemund@atwola[2].txt C:\Documents and Settings\Vemund\Cookies\vemund@azjmp[1].txt C:\Documents and Settings\Vemund\Cookies\[email protected][2].txt C:\Documents and Settings\Vemund\Cookies\[email protected][2].txt C:\Documents and Settings\Vemund\Cookies\[email protected][2].txt C:\Documents and Settings\Vemund\Cookies\[email protected][2].txt C:\Documents and Settings\Vemund\Cookies\vemund@belnk[1].txt C:\Documents and Settings\Vemund\Cookies\vemund@bravenetmedianetwork[1].txt C:\Documents and Settings\Vemund\Cookies\vemund@cassava[1].txt C:\Documents and Settings\Vemund\Cookies\[email protected][2].txt C:\Documents and Settings\Vemund\Cookies\[email protected][3].txt C:\Documents and Settings\Vemund\Cookies\[email protected][4].txt C:\Documents and Settings\Vemund\Cookies\vemund@clicksor[1].txt C:\Documents and Settings\Vemund\Cookies\vemund@clicksor[2].txt C:\Documents and Settings\Vemund\Cookies\vemund@clicktorrent[2].txt C:\Documents and Settings\Vemund\Cookies\[email protected][1].txt C:\Documents and Settings\Vemund\Cookies\vemund@dealtime[1].txt C:\Documents and Settings\Vemund\Cookies\[email protected][2].txt C:\Documents and Settings\Vemund\Cookies\[email protected][3].txt C:\Documents and Settings\Vemund\Cookies\[email protected][2].txt C:\Documents and Settings\Vemund\Cookies\[email protected][2].txt C:\Documents and Settings\Vemund\Cookies\[email protected][1].txt C:\Documents and Settings\Vemund\Cookies\[email protected][2].txt C:\Documents and Settings\Vemund\Cookies\[email protected][2].txt C:\Documents and Settings\Vemund\Cookies\vemund@gamesbannernetwork[2].txt C:\Documents and Settings\Vemund\Cookies\[email protected][1].txt C:\Documents and Settings\Vemund\Cookies\[email protected][2].txt C:\Documents and Settings\Vemund\Cookies\[email protected][3].txt C:\Documents and Settings\Vemund\Cookies\[email protected][4].txt C:\Documents and Settings\Vemund\Cookies\[email protected][5].txt C:\Documents and Settings\Vemund\Cookies\[email protected][7].txt C:\Documents and Settings\Vemund\Cookies\[email protected][2].txt C:\Documents and Settings\Vemund\Cookies\vemund@hotbar[1].txt C:\Documents and Settings\Vemund\Cookies\[email protected][2].txt C:\Documents and Settings\Vemund\Cookies\[email protected][1].txt C:\Documents and Settings\Vemund\Cookies\vemund@imrworldwide[2].txt C:\Documents and Settings\Vemund\Cookies\vemund@imrworldwide[3].txt C:\Documents and Settings\Vemund\Cookies\vemund@indexstats[1].txt C:\Documents and Settings\Vemund\Cookies\vemund@indextools[1].txt C:\Documents and Settings\Vemund\Cookies\vemund@interclick[2].txt C:\Documents and Settings\Vemund\Cookies\[email protected][1].txt C:\Documents and Settings\Vemund\Cookies\[email protected][1].txt C:\Documents and Settings\Vemund\Cookies\vemund@maxserving[1].txt C:\Documents and Settings\Vemund\Cookies\vemund@minitrackmania[1].txt C:\Documents and Settings\Vemund\Cookies\vemund@mywebsearch[1].txt C:\Documents and Settings\Vemund\Cookies\vemund@mywebsearch[2].txt C:\Documents and Settings\Vemund\Cookies\vemund@mywebsearch[4].txt C:\Documents and Settings\Vemund\Cookies\vemund@netmediagroup[1].txt C:\Documents and Settings\Vemund\Cookies\vemund@partypoker[1].txt C:\Documents and Settings\Vemund\Cookies\vemund@popularscreensavers[2].txt C:\Documents and Settings\Vemund\Cookies\vemund@revsci[2].txt C:\Documents and Settings\Vemund\Cookies\vemund@roiservice[1].txt C:\Documents and Settings\Vemund\Cookies\[email protected][1].txt C:\Documents and Settings\Vemund\Cookies\[email protected][2].txt C:\Documents and Settings\Vemund\Cookies\[email protected][3].txt C:\Documents and Settings\Vemund\Cookies\[email protected][4].txt C:\Documents and Settings\Vemund\Cookies\[email protected][2].txt C:\Documents and Settings\Vemund\Cookies\vemund@smileycentral[2].txt C:\Documents and Settings\Vemund\Cookies\[email protected][1].txt C:\Documents and Settings\Vemund\Cookies\[email protected][1].txt C:\Documents and Settings\Vemund\Cookies\[email protected][2].txt C:\Documents and Settings\Vemund\Cookies\[email protected][1].txt C:\Documents and Settings\Vemund\Cookies\[email protected][1].txt C:\Documents and Settings\Vemund\Cookies\[email protected][2].txt C:\Documents and Settings\Vemund\Cookies\[email protected][3].txt C:\Documents and Settings\Vemund\Cookies\[email protected][1].txt C:\Documents and Settings\Vemund\Cookies\vemund@stats[2].txt C:\Documents and Settings\Vemund\Cookies\vemund@stats[3].txt C:\Documents and Settings\Vemund\Cookies\vemund@superstats[1].txt C:\Documents and Settings\Vemund\Cookies\[email protected][1].txt C:\Documents and Settings\Vemund\Cookies\vemund@toplist[1].txt C:\Documents and Settings\Vemund\Cookies\[email protected][1].txt C:\Documents and Settings\Vemund\Cookies\[email protected][2].txt C:\Documents and Settings\Vemund\Cookies\[email protected][3].txt C:\Documents and Settings\Vemund\Cookies\[email protected][1].txt C:\Documents and Settings\Vemund\Cookies\[email protected][2].txt C:\Documents and Settings\Vemund\Cookies\[email protected][1].txt C:\Documents and Settings\Vemund\Cookies\vemund@tripod[1].txt C:\Documents and Settings\Vemund\Cookies\vemund@upspiral[1].txt C:\Documents and Settings\Vemund\Cookies\vemund@upspiral[2].txt C:\Documents and Settings\Vemund\Cookies\vemund@valueclick[2].txt C:\Documents and Settings\Vemund\Cookies\vemund@winantivirus[1].txt C:\Documents and Settings\Vemund\Cookies\vemund@winantivirus[2].txt C:\Documents and Settings\Vemund\Cookies\vemund@winantivirus[3].txt C:\Documents and Settings\Vemund\Cookies\vemund@winfixer[1].txt C:\Documents and Settings\Vemund\Cookies\[email protected][1].txt C:\Documents and Settings\Vemund\Cookies\[email protected][2].txt C:\Documents and Settings\Vemund\Cookies\[email protected][3].txt C:\Documents and Settings\Vemund\Cookies\[email protected][4].txt C:\Documents and Settings\Vemund\Cookies\[email protected][5].txt C:\Documents and Settings\Vemund\Cookies\[email protected][6].txt C:\Documents and Settings\Vemund\Cookies\[email protected][7].txt C:\Documents and Settings\Vemund\Cookies\[email protected][1].txt C:\Documents and Settings\Vemund\Cookies\[email protected][1].txt C:\Documents and Settings\Vemund\Cookies\[email protected][1].txt C:\Documents and Settings\Vemund\Cookies\[email protected][2].txt C:\Documents and Settings\Vemund\Cookies\[email protected][2].txt C:\Documents and Settings\Vemund\Cookies\[email protected][2].txt C:\Documents and Settings\Vemund\Cookies\[email protected][1].txt C:\Documents and Settings\Vemund\Cookies\[email protected][2].txt C:\Documents and Settings\Vemund\Cookies\[email protected][1].txt C:\Documents and Settings\Vemund\Cookies\[email protected][1].txt C:\Documents and Settings\Vemund\Cookies\[email protected][1].txt C:\Documents and Settings\Vemund\Cookies\[email protected][1].txt C:\Documents and Settings\Vemund\Cookies\[email protected][1].txt C:\Documents and Settings\Vemund\Cookies\vemund@xiti[1].txt C:\Documents and Settings\Vemund\Cookies\vemund@xiti[2].txt C:\Documents and Settings\Vemund\Cookies\[email protected][2].txt C:\Documents and Settings\Vemund\Cookies\vemund@yourmedia[1].txt Lenke til kommentar
norbat Skrevet 26. februar 2007 Del Skrevet 26. februar 2007 Hei igjen, Hent Smitfraufix, legg det på skrivebordet Hent SDfix, og pakk det ut. Hent Rootchk. Legg det på skrivebordet. Restart i sikker modus Kjør Smitfraudfix. Velg valg 2. Når dette skiptet er ferdigkjørt, skal du fortsatt være i sikker modus og gjør følgende: Kjør RunThis.bat som ligger i SDfix-mappa Tast Y for å kjøre skriptet. Pc'n vil restarte og SDfix vil fortsette å kjøre til meldingen Finished kommer. Trykk en vilkårlig knapp og SDfix lukkes. Kjør Rootchk. Den vil lage en logg (C:\rootlog txt). Post Rootchk-loggen sammen men en ny HJT-logg Lenke til kommentar
audda Skrevet 27. februar 2007 Forfatter Del Skrevet 27. februar 2007 Oppdrag utført. Får fortsatt samme meldingene når jeg er i Explorer Nå har jeg 3 virusprogrammer på maskina - AVG free og AVG "prøve før betale" og SAS "prøve før betale". Bør jeg ta bort noen nå når jeg holder på med dette eller kan jeg vente til jeg er ferdig? Loggiler: Klikk for å se/fjerne innholdet nedenfor ********************************* ROOTCHK-LOG, by ejvindh27.02.2007 7:41:56,06 The rootkits that are detected by this tool were not found. ********************************* ROOTCHK-LOG-end Logfile of HijackThis v1.99.1 Scan saved at 07:49:52, on 27.02.2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16414) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\Programfiler\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Programfiler\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe C:\WINDOWS\system32\svchost.exe C:\Programfiler\Virtual CD v4 SDK\system\vcssecs.exe C:\Programfiler\Fellesfiler\Symantec Shared\Security Center\SymWSC.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Programfiler\Java\jre1.5.0_11\bin\jusched.exe C:\Apps\Powercinema\PCMService.exe C:\apps\ABoard\ABoard.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe C:\apps\ABoard\AOSD.exe C:\Programfiler\iTunes\iTunesHelper.exe C:\Programfiler\QuickTime\qttask.exe C:\Programfiler\ATI Technologies\ATI.ACE\cli.exe C:\Programfiler\iPod\bin\iPodService.exe C:\Programfiler\Windows Defender\MSASCui.exe C:\Programfiler\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\Programfiler\Google\Google Desktop Search\GoogleDesktop.exe C:\WINDOWS\system32\ctfmon.exe C:\Programfiler\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Programfiler\ATI Technologies\ATI.ACE\cli.exe C:\Programfiler\ATI Technologies\ATI.ACE\cli.exe C:\Programfiler\Google\Google Desktop Search\GoogleDesktopIndex.exe C:\Programfiler\Google\Google Desktop Search\GoogleDesktopCrawl.exe C:\Programfiler\Internet Explorer\iexplore.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\DOCUME~1\Aud\LOKALE~1\Temp\Midlertidig mappe 2 for testspyware.zip\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.folkedans.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.no/0SENBNO/SAOS01?FORM=TOOLBR R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Packard Bell R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.5.0_11\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programfiler\google\googletoolbar3.dll O2 - BHO: MSN Search Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programfiler\MSN Toolbar Suite\TB\02.05.0000.1105\nb-no\msntb.dll O3 - Toolbar: MSN Search Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programfiler\MSN Toolbar Suite\TB\02.05.0000.1105\nb-no\msntb.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programfiler\google\googletoolbar3.dll O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [ATIPTA] C:\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programfiler\Java\jre1.5.0_11\bin\jusched.exe" O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe" O4 - HKLM\..\Run: [ACTIVBOARD] c:\apps\ABoard\ABoard.exe O4 - HKLM\..\Run: [ClickMe] C:\apps\ClickMe\ClickMe.exe O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP O4 - HKLM\..\Run: [TkBellExe] "C:\Programfiler\Fellesfiler\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [iTunesHelper] "C:\Programfiler\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [ATICCC] "C:\Programfiler\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay O4 - HKLM\..\Run: [Windows Defender] "C:\Programfiler\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Programfiler\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKCU\..\Run: [Google Desktop Search] "C:\Programfiler\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] C:\Programfiler\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - Global Startup: Hurtigstart for Adobe Reader.lnk = C:\Programfiler\Adobe\Acrobat 7.0\Reader\reader_sl.exe O8 - Extra context menu item: &MSN Search - res://C:\Programfiler\MSN Toolbar Suite\TB\02.05.0000.1105\nb-no\msntb.dll/search.htm O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Åpne i ny bakgrunnsflik - res://C:\Programfiler\MSN Toolbar Suite\TAB\02.05.0000.1105\nb-no\msntabres.dll/229?b5ffb6e619d24c099cc21e1a649ae739 O8 - Extra context menu item: Åpne i ny forgrunnsflik - res://C:\Programfiler\MSN Toolbar Suite\TAB\02.05.0000.1105\nb-no\msntabres.dll/230?b5ffb6e619d24c099cc21e1a649ae739 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0_11\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0_11\bin\ssv.dll O9 - Extra button: Oppslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O11 - Options group: [iNTERNATIONAL] International* O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1120978288453 O16 - DPF: {6E2510E6-BF2D-4C78-9F28-2F5C8760F124} (ERPageAddin Class) - https://joint.prosjekthotell.com/eRoomSetup/client.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmesse...pdownloader.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab O16 - DPF: {C45B1500-7B63-47C2-AB25-C28CB46AFDEE} (Music Manager) - http://img.pvw.od2.com/installation/Plugin...nagerPlugin.CAB O16 - DPF: {DABFA9AD-4E31-43F4-9D60-4CDD20F57F28} (PhotomaxUploader.ActiveXControl) - http://www.photomax.com/web/PhotomaxUploader.CAB O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab31267.cab O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab31267.cab O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O20 - Winlogon Notify: !SASWinLogon - C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Programfiler\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Programfiler\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programfiler\Fellesfiler\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Programfiler\iPod\bin\iPodService.exe O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\Security Center\SymWSC.exe O23 - Service: Virtual CD v4 Security service (SDK - Version) (VCSSecS) - H+H Software GmbH - C:\Programfiler\Virtual CD v4 SDK\system\vcssecs.exe Lenke til kommentar
norbat Skrevet 27. februar 2007 Del Skrevet 27. februar 2007 (endret) HJT-loggen din ser fin ut, du kan alltids fixe følgende linjer: O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O16 - DPF: {DABFA9AD-4E31-43F4-9D60-4CDD20F57F28} (PhotomaxUploader.ActiveXControl) - http://www.photomax.com/web/PhotomaxUploader.CAB Sørg for at du har tømt midlertidige internettfile og cookies. Dette kan du gjøre fra Kontrollpanel-> Alternativer for Internett. Under Leselogg finner du valgene for å slette. Ha IE lukket når du gjør dette Du kan også kjøre CCleaner igjen. Start programmet. Gå til 'Valg'->'Avansert'. Fjern avkryssingen framfor: "bare slett midlertidige filer......." Klikk på 'Renser' og deretter 'Kjør CCleaner'. Klikk også på 'Saker' og kjør dette til det ikke finnes flere feil. Ha IE lukket når du gjøre dette. Restart pc Hvis det fortsatt kommer tilbake i IE, prøver vi dette: Hent DrWeb, legg det på skrivebordet. Restart pc i sikker modus (tapp F8 under oppstart) Kjør drweb-cureit.exe (si ja til å kjøre en express scan) Når dette er ferdig klikker du på Option -> Change settings. Under fanearket Scan, fjerner du haken ved Heuristic analysis. Under fanearket Actions, skal alle punkt under Malware settes til Rename. Velg partisjon du vil scanne og klikk deretter på den grønne pilen for å starte scanningen. Velg "yes to all" når det finner noe for første gang. Restart i normal og fortell hvordan det går. SDfix'et du kjørte tidligere laget en logg (typisk C:\Report.txt, kunne du har postet den) --------- Du bør ikke ha mer en ett antivirus program på pc. Så vidt jeg ser har du kun ett, de andre er antispyware. Disse kan du ha flere av, men slett de du ikke ønsker å bruke. Endret 27. februar 2007 av norbat Lenke til kommentar
audda Skrevet 27. februar 2007 Forfatter Del Skrevet 27. februar 2007 Trodde at jeg hadde fått med den loggen også- her er 2 logger en rapport.txt og en rootlog.txt. Da skal jeg sette i gang med neste oppdrag. Tusen takk for at du er så hjelpsom Klikk for å se/fjerne innholdet nedenfor ********************************* ROOTCHK-LOG, by ejvindh27.02.2007 7:41:56,06 The rootkits that are detected by this tool were not found. ********************************* ROOTCHK-LOG-end SmitFraudFix v2.144 Scan done at 7:04:14,95, 27.02.2007 Run from C:\Documents and Settings\Aud\Skrivebord\SmitfraudFix OS: Microsoft Windows XP [Versjon 5.1.2600] - Windows_NT The filesystem type is NTFS Fix run in safe mode »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix !Attention, following keys are not inevitably infected! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» Killing process »»»»»»»»»»»»»»»»»»»»»»»» hosts 127.0.0.1 localhost »»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix GenericRenosFix by S!Ri »»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files »»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System !Attention, following keys are not inevitably infected! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] "System"="" »»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning Registry Cleaning done. »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix !Attention, following keys are not inevitably infected! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» End Lenke til kommentar
norbat Skrevet 27. februar 2007 Del Skrevet 27. februar 2007 Trodde at jeg hadde fått med den loggen også- her er 2 logger en rapport.txt og en rootlog.txt. Da skal jeg sette i gang med neste oppdrag. Tusen takk for at du er så hjelpsom Klikk for å se/fjerne innholdet nedenfor ********************************* ROOTCHK-LOG, by ejvindh27.02.2007 7:41:56,06 The rootkits that are detected by this tool were not found. ********************************* ROOTCHK-LOG-end SmitFraudFix v2.144 Scan done at 7:04:14,95, 27.02.2007 Run from C:\Documents and Settings\Aud\Skrivebord\SmitfraudFix OS: Microsoft Windows XP [Versjon 5.1.2600] - Windows_NT The filesystem type is NTFS Fix run in safe mode »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix !Attention, following keys are not inevitably infected! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» Killing process »»»»»»»»»»»»»»»»»»»»»»»» hosts 127.0.0.1 localhost »»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix GenericRenosFix by S!Ri »»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files »»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System !Attention, following keys are not inevitably infected! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] "System"="" »»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning Registry Cleaning done. »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix !Attention, following keys are not inevitably infected! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» End 8037753[/snapback] Fine og rene logger dette Lenke til kommentar
audda Skrevet 27. februar 2007 Forfatter Del Skrevet 27. februar 2007 Ja, nå har jeg gjort dette også - drWeb tok laaang tid. Fikk først spm. om noe ang. smitfraudfix - jeg svarte "yes to all" da -og så en gang til litt etterpå (Beklager upresise forklaringer). Når jeg nå åpna IE og gikk inn på diskusjon.no fikk jeg opp advarsel + tilbud om drive cleaner og etterhvert de andre også. Legger ved i word-fil det som kom før jeg gjennomførte dette siste oppdraget. Legger også ved rapport fra DrWeb dersom det kan være til hjelp for du/dere som kan hjelpe meg. Jeg har fortsatt problemer DrWeb-rapport: Klikk for å se/fjerne innholdet nedenfor Process.exe C:\Documents and Settings\Aud\Skrivebord\SmitfraudFix Tool.Prockill Renamed.restart.exe C:\Documents and Settings\Aud\Skrivebord\SmitfraudFix Tool.ShutDown.11 Renamed. POSTOOBE.NEC C:\DRIVERS VBS.Generic.278 Deleted. riched20.dll C:\Programfiler\MSN Messenger Adware.Msearch Renamed. Process.exe C:\SDFix\apps Tool.Prockill Renamed. A0079126.DLL C:\System Volume Information\_restore{C9F0B078-DCCF-4440-BF1A-0BBF2DE6AC9F}\RP831 Adware.MWS Renamed. A0079131.DLL C:\System Volume Information\_restore{C9F0B078-DCCF-4440-BF1A-0BBF2DE6AC9F}\RP831 Adware.Msearch Renamed. A0079133.DLL C:\System Volume Information\_restore{C9F0B078-DCCF-4440-BF1A-0BBF2DE6AC9F}\RP831 Trojan.Isbar.438 Deleted. A0079135.DLL C:\System Volume Information\_restore{C9F0B078-DCCF-4440-BF1A-0BBF2DE6AC9F}\RP831 Adware.Funweb Renamed. A0079136.SCR C:\System Volume Information\_restore{C9F0B078-DCCF-4440-BF1A-0BBF2DE6AC9F}\RP831 Adware.Msearch Renamed. A0079138.DLL C:\System Volume Information\_restore{C9F0B078-DCCF-4440-BF1A-0BBF2DE6AC9F}\RP831 Adware.Msearch Renamed. A0079139.EXE C:\System Volume Information\_restore{C9F0B078-DCCF-4440-BF1A-0BBF2DE6AC9F}\RP831 Adware.Msearch Renamed. A0079140.DLL C:\System Volume Information\_restore{C9F0B078-DCCF-4440-BF1A-0BBF2DE6AC9F}\RP831 Trojan.DownLoader.7028 Deleted. A0079142.DLL C:\System Volume Information\_restore{C9F0B078-DCCF-4440-BF1A-0BBF2DE6AC9F}\RP831 Adware.Msearch Renamed. A0079145.DLL C:\System Volume Information\_restore{C9F0B078-DCCF-4440-BF1A-0BBF2DE6AC9F}\RP831 Adware.MWS Renamed. A0079149.DLL C:\System Volume Information\_restore{C9F0B078-DCCF-4440-BF1A-0BBF2DE6AC9F}\RP831 Adware.Msearch Renamed. A0079150.DLL C:\System Volume Information\_restore{C9F0B078-DCCF-4440-BF1A-0BBF2DE6AC9F}\RP831 Adware.Msearch Renamed. A0079155.DLL C:\System Volume Information\_restore{C9F0B078-DCCF-4440-BF1A-0BBF2DE6AC9F}\RP831 Adware.Websearch Renamed. A0079156.DLL C:\System Volume Information\_restore{C9F0B078-DCCF-4440-BF1A-0BBF2DE6AC9F}\RP831 Adware.MWS Renamed. A0079157.DLL C:\System Volume Information\_restore{C9F0B078-DCCF-4440-BF1A-0BBF2DE6AC9F}\RP831 Adware.Msearch Renamed. A0079159.DLL C:\System Volume Information\_restore{C9F0B078-DCCF-4440-BF1A-0BBF2DE6AC9F}\RP831 Adware.Msearch Renamed. A0079160.DLL C:\System Volume Information\_restore{C9F0B078-DCCF-4440-BF1A-0BBF2DE6AC9F}\RP831 Adware.Msearch Renamed. A0079161.DLL C:\System Volume Information\_restore{C9F0B078-DCCF-4440-BF1A-0BBF2DE6AC9F}\RP831 Adware.MWS Renamed. A0079162.EXE C:\System Volume Information\_restore{C9F0B078-DCCF-4440-BF1A-0BBF2DE6AC9F}\RP831 Adware.Websearch Renamed. A0079272.exe C:\System Volume Information\_restore{C9F0B078-DCCF-4440-BF1A-0BBF2DE6AC9F}\RP831 Tool.Prockill Renamed. A0079273.exe C:\System Volume Information\_restore{C9F0B078-DCCF-4440-BF1A-0BBF2DE6AC9F}\RP831 Tool.ShutDown.11 Renamed. A0079274.dll C:\System Volume Information\_restore{C9F0B078-DCCF-4440-BF1A-0BBF2DE6AC9F}\RP831 Adware.Msearch Renamed. A0079275.exe C:\System Volume Information\_restore{C9F0B078-DCCF-4440-BF1A-0BBF2DE6AC9F}\RP831 Tool.Prockill Renamed. f3PSSavr.scr C:\WINDOWS\system32 Adware.Msearch Renamed. Process.exe C:\WINDOWS\system32 Tool.Prockill Renamed. Spywaremeldinger2702.doc Lenke til kommentar
Gjest medlem-105082 Skrevet 27. februar 2007 Del Skrevet 27. februar 2007 Greit om du kunne ta en slik scan: www.windowsecurity.com/trojanscan Hvis den online scannen ikke fungerer last ned programmet her: www.emsisoft.com/en/software/free/ Lenke til kommentar
norbat Skrevet 27. februar 2007 Del Skrevet 27. februar 2007 Gjenstridig den der. I tillegg til Albert_E sitt forslag ønsker jeg å se en ny HJT-logg. Før du kjører programmet, forandrer du programnavnet, hijackthis.exe, til noe annet, eks. test.exe. Lenke til kommentar
audda Skrevet 27. februar 2007 Forfatter Del Skrevet 27. februar 2007 Skjønner ikke hva jeg skal laste ned fra Albert_E's forslag - og på den første linken finner jeg ikke startknappen - føler meg litt dum nå, men slik er det nå! Lenke til kommentar
norbat Skrevet 27. februar 2007 Del Skrevet 27. februar 2007 (endret) Vi har nå kjørt de 'vanlige' scanningene som normalt skal fjerne disse annonsepopupene som du får. På en eller annen måte ligger de skjult så det er litt vanskelig å finne prosessene som forårsaker dette. Ta nå først å forandre programnavnet, hijackthis.exe, til noe annet, eks. test.exe , og post en ny HJT-logg. Vi gir deg aldri opp (og det Albert_E viser til er en online scanner som du ikke skal laste ned, men kjøre direkte fra 'nettet'.) Endret 27. februar 2007 av norbat Lenke til kommentar
Gjest medlem-105082 Skrevet 27. februar 2007 Del Skrevet 27. februar 2007 (endret) Skjønner ikke hva jeg skal laste ned fra Albert_E's forslag - og på den første linken finner jeg ikke startknappen - føler meg litt dum nå, men slik er det nå! 8040188[/snapback] Vi dropper den online greia, så får du heller ta å laste ned programmet. Her er den riktige linken: http://www.emsisoft.com/en/software/download/ Gå inn på siden, og last ned programmet a-squared Free 2.1, oppdater, kjør en scan. EDIT: Legg ut en logg hvis du finner, så Norbat kan få se igjennom Endret 27. februar 2007 av medlem-105082 Lenke til kommentar
audda Skrevet 27. februar 2007 Forfatter Del Skrevet 27. februar 2007 Da har jeg scannet med a-squared Free 2.1 som jeg lasta ned. Håper at det var det rette programmet - det var flere å velge mellom på linken jeg fikk oppgitt. Jeg sletta alt som kom opp. Ny HJT logg ligger under. (Jeg hadde bare endret navnet på zip.fila og ikke exe.fila - men nå har jeg fiksa det) HJT: Klikk for å se/fjerne innholdet nedenfor ogfile of HijackThis v1.99.1Scan saved at 21:33:05, on 27.02.2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16414) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\Programfiler\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Programfiler\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe C:\WINDOWS\system32\svchost.exe C:\Programfiler\Virtual CD v4 SDK\system\vcssecs.exe C:\Programfiler\Fellesfiler\Symantec Shared\Security Center\SymWSC.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Programfiler\Java\jre1.5.0_11\bin\jusched.exe C:\Apps\Powercinema\PCMService.exe C:\apps\ABoard\ABoard.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe C:\Programfiler\iTunes\iTunesHelper.exe C:\Programfiler\QuickTime\qttask.exe C:\Programfiler\ATI Technologies\ATI.ACE\cli.exe C:\Programfiler\iPod\bin\iPodService.exe C:\apps\ABoard\AOSD.exe C:\Programfiler\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\Programfiler\Google\Google Desktop Search\GoogleDesktop.exe C:\WINDOWS\system32\ctfmon.exe C:\Programfiler\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Programfiler\ATI Technologies\ATI.ACE\cli.exe C:\Programfiler\ATI Technologies\ATI.ACE\cli.exe C:\Programfiler\Google\Google Desktop Search\GoogleDesktopIndex.exe C:\Programfiler\Google\Google Desktop Search\GoogleDesktopCrawl.exe C:\Programfiler\Internet Explorer\iexplore.exe C:\Programfiler\Adobe\Acrobat 7.0\Reader\AcroRd32.exe C:\Programfiler\a-squared Free\a2free.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Documents and Settings\Aud\Skrivebord\test\test.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.folkedans.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.no/0SENBNO/SAOS01?FORM=TOOLBR R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Packard Bell R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.5.0_11\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programfiler\google\googletoolbar3.dll O2 - BHO: MSN Search Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programfiler\MSN Toolbar Suite\TB\02.05.0000.1105\nb-no\msntb.dll O3 - Toolbar: MSN Search Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programfiler\MSN Toolbar Suite\TB\02.05.0000.1105\nb-no\msntb.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programfiler\google\googletoolbar3.dll O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [ATIPTA] C:\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programfiler\Java\jre1.5.0_11\bin\jusched.exe" O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe" O4 - HKLM\..\Run: [ACTIVBOARD] c:\apps\ABoard\ABoard.exe O4 - HKLM\..\Run: [ClickMe] C:\apps\ClickMe\ClickMe.exe O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP O4 - HKLM\..\Run: [TkBellExe] "C:\Programfiler\Fellesfiler\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [iTunesHelper] "C:\Programfiler\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [ATICCC] "C:\Programfiler\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay O4 - HKLM\..\Run: [Windows Defender] "C:\Programfiler\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Programfiler\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKCU\..\Run: [Google Desktop Search] "C:\Programfiler\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] C:\Programfiler\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - Global Startup: Hurtigstart for Adobe Reader.lnk = C:\Programfiler\Adobe\Acrobat 7.0\Reader\reader_sl.exe O8 - Extra context menu item: &MSN Search - res://C:\Programfiler\MSN Toolbar Suite\TB\02.05.0000.1105\nb-no\msntb.dll/search.htm O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Åpne i ny bakgrunnsflik - res://C:\Programfiler\MSN Toolbar Suite\TAB\02.05.0000.1105\nb-no\msntabres.dll/229?b5ffb6e619d24c099cc21e1a649ae739 O8 - Extra context menu item: Åpne i ny forgrunnsflik - res://C:\Programfiler\MSN Toolbar Suite\TAB\02.05.0000.1105\nb-no\msntabres.dll/230?b5ffb6e619d24c099cc21e1a649ae739 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0_11\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0_11\bin\ssv.dll O9 - Extra button: Oppslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O11 - Options group: [iNTERNATIONAL] International* O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1120978288453 O16 - DPF: {6E2510E6-BF2D-4C78-9F28-2F5C8760F124} (ERPageAddin Class) - https://joint.prosjekthotell.com/eRoomSetup/client.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmesse...pdownloader.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab O16 - DPF: {C45B1500-7B63-47C2-AB25-C28CB46AFDEE} (Music Manager) - http://img.pvw.od2.com/installation/Plugin...nagerPlugin.CAB O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab31267.cab O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab31267.cab O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O20 - Winlogon Notify: !SASWinLogon - C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Programfiler\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Programfiler\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programfiler\Fellesfiler\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Programfiler\iPod\bin\iPodService.exe O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\Security Center\SymWSC.exe O23 - Service: Virtual CD v4 Security service (SDK - Version) (VCSSecS) - H+H Software GmbH - C:\Programfiler\Virtual CD v4 SDK\system\vcssecs.exe Lenke til kommentar
audda Skrevet 27. februar 2007 Forfatter Del Skrevet 27. februar 2007 Her er rapport fra a-squard: Klikk for å se/fjerne innholdet nedenfor a-squared Free - Version 2.1 Scan settings: Objects: Memory, Traces, Cookies, C:\WINDOWS\, C:\Programfiler Scan archives: On Heuristics: On ADS Scan: On Scan start: 27.02.2007 20:33:48 [2756] C:\Programfiler\Internet Explorer\MSIMG32.dll detected: Riskware.AdTool.Win32.MyWebSearch.au C:\Programfiler\Fellesfiler\cmeii detected: Trace.Directory.Claria.CommonComponents C:\Programfiler\Fellesfiler\gmt detected: Trace.Directory.Claria.CommonComponents C:\Programfiler\funwebproducts detected: Trace.Directory.FunWebProducts C:\Programfiler\Fellesfiler\cmeii detected: Trace.Directory.Gator C:\Programfiler\Fellesfiler\gmt detected: Trace.Directory.Gator C:\Programfiler\Fellesfiler\gmt\data detected: Trace.Directory.Gator C:\Programfiler\Fellesfiler\gmt\scripts detected: Trace.Directory.Gator C:\Programfiler\funwebproducts\screensaver detected: Trace.Directory.MyWebSearch Toolbar C:\Programfiler\funwebproducts\screensaver\images detected: Trace.Directory.MyWebSearch Toolbar C:\Programfiler\funwebproducts\shared detected: Trace.Directory.MyWebSearch Toolbar C:\Programfiler\funwebproducts\shared\cache detected: Trace.Directory.MyWebSearch Toolbar C:\Documents and Settings\All Users\Start-meny\Programmer\gotsmiley\gotsmiley.lnk detected: Trace.File.Claria.GotSmiley C:\Programfiler\Fellesfiler\cmeii\gatorsupportinfo.txt detected: Trace.File.Gator C:\Programfiler\Fellesfiler\cmeii\greg.reg detected: Trace.File.Gator C:\Programfiler\Fellesfiler\gmt\gator.log detected: Trace.File.Gator C:\Programfiler\Fellesfiler\gmt\mepcme.dat detected: Trace.File.Gator C:\Programfiler\funwebproducts\shared\cache\cursormaniabtn.html detected: Trace.File.MyWebSearch Toolbar C:\Programfiler\funwebproducts\shared\cache\funbuddyiconbtn.html detected: Trace.File.MyWebSearch Toolbar C:\Programfiler\funwebproducts\shared\cache\myfuncardsimbtn.html detected: Trace.File.MyWebSearch Toolbar C:\Programfiler\funwebproducts\shared\cache\smileycentralbtn.html detected: Trace.File.MyWebSearch Toolbar Key: HKEY_CLASSES_ROOT\clsid\{9afb8248-617f-460d-9366-d71cdeda3179} detected: Trace.Registry.FunWebProducts Key: HKEY_CLASSES_ROOT\interface\{741de825-a6f0-4497-9aa6-8023cf9b0fff} detected: Trace.Registry.FunWebProducts Key: HKEY_CLASSES_ROOT\typelib\{29d67d3c-509a-4544-903f-c8c1b8236554} detected: Trace.Registry.FunWebProducts Key: HKEY_CLASSES_ROOT\typelib\{f42228fb-e84e-479e-b922-fbbd096e792c} detected: Trace.Registry.FunWebProducts Key: HKEY_LOCAL_MACHINE\software\fun web products detected: Trace.Registry.FunWebProducts Key: HKEY_LOCAL_MACHINE\software\funwebproducts detected: Trace.Registry.FunWebProducts Key: HKEY_CLASSES_ROOT\interface\{175816a5-219e-4079-b2f9-53c501c409ba} detected: Trace.Registry.HotBar Key: HKEY_CLASSES_ROOT\interface\{1c1793e0-1034-4cac-837d-aa545f6961bf}\proxystubclsid detected: Trace.Registry.HotBar Key: HKEY_CLASSES_ROOT\interface\{1c1793e0-1034-4cac-837d-aa545f6961bf}\proxystubclsid32 detected: Trace.Registry.HotBar Key: HKEY_CLASSES_ROOT\interface\{1c1793e0-1034-4cac-837d-aa545f6961bf}\typelib detected: Trace.Registry.HotBar Key: HKEY_CLASSES_ROOT\interface\{27c4569f-8728-4958-a920-a607cae8153c} detected: Trace.Registry.HotBar Key: HKEY_CLASSES_ROOT\interface\{38370864-346f-4afa-8c4b-4fbff518c0bb} detected: Trace.Registry.HotBar Key: HKEY_CLASSES_ROOT\interface\{397a208b-3d09-4b3e-93e8-ca171886612e} detected: Trace.Registry.HotBar Key: HKEY_CLASSES_ROOT\interface\{421745e9-16df-4ee4-a758-d51f939c49cb} detected: Trace.Registry.HotBar Key: HKEY_CLASSES_ROOT\interface\{4331ec56-0aab-499e-8757-dd2ee44ad671} detected: Trace.Registry.HotBar Key: HKEY_CLASSES_ROOT\interface\{54286c3a-e044-4e65-bd44-528d6ae28a18} detected: Trace.Registry.HotBar Key: HKEY_CLASSES_ROOT\interface\{5d16197a-1eaa-45af-b29a-69f1aa055e87} detected: Trace.Registry.HotBar Key: HKEY_CLASSES_ROOT\interface\{5d9c84e7-fa45-49e2-a0b8-b6b5e9a4f6be} detected: Trace.Registry.HotBar Key: HKEY_CLASSES_ROOT\interface\{5f2b9de7-f878-4762-8cfe-e9c58f082f0e} detected: Trace.Registry.HotBar Key: HKEY_CLASSES_ROOT\interface\{601a9784-1114-4089-9b3e-cbd70dafc6ad} detected: Trace.Registry.HotBar Key: HKEY_CLASSES_ROOT\interface\{8654592e-952a-4e7c-a960-304763b35fa6} detected: Trace.Registry.HotBar Key: HKEY_CLASSES_ROOT\interface\{8a61a950-c325-4f44-ba64-273180ff3464} detected: Trace.Registry.HotBar Key: HKEY_CLASSES_ROOT\interface\{8d5c4ec6-af8e-4b85-ba27-64babe410510} detected: Trace.Registry.HotBar Key: HKEY_CLASSES_ROOT\interface\{8e98faf8-794f-47f9-af90-15305564ed81} detected: Trace.Registry.HotBar Key: HKEY_CLASSES_ROOT\interface\{af15975b-1498-4740-8e6c-90af78e4198c} detected: Trace.Registry.HotBar Key: HKEY_CLASSES_ROOT\interface\{b53d4cd4-406d-43cc-8244-7893d72236dd} detected: Trace.Registry.HotBar Key: HKEY_CLASSES_ROOT\interface\{b671426c-5c1a-48ac-9652-bc9402b1c404} detected: Trace.Registry.HotBar Key: HKEY_CLASSES_ROOT\interface\{b9bb3219-f84c-4060-966b-4a1e73e24226} detected: Trace.Registry.HotBar Key: HKEY_CLASSES_ROOT\interface\{bc8c2e5f-d8b4-4997-bce3-8775c3707956} detected: Trace.Registry.HotBar Key: HKEY_CLASSES_ROOT\interface\{d082721f-4bd4-4b8b-bb82-06753ee6174f} detected: Trace.Registry.HotBar Key: HKEY_CLASSES_ROOT\interface\{d24f9d3c-5d4c-47f8-9ab7-632b44ad6a0d} detected: Trace.Registry.HotBar Key: HKEY_CLASSES_ROOT\interface\{f43ec88b-b6c8-4969-a763-e2bf55602cce} detected: Trace.Registry.HotBar Key: HKEY_CLASSES_ROOT\interface\{f786cb18-3809-4e49-bc99-9a66da47db8b} detected: Trace.Registry.HotBar Key: HKEY_CLASSES_ROOT\typelib\{45397063-d7d0-47c2-9508-26487608a298}\1.0 detected: Trace.Registry.HotBar Key: HKEY_CLASSES_ROOT\typelib\{4cf5a3c1-07a2-4336-9b54-6870452ebde1}\1.0 detected: Trace.Registry.HotBar Key: HKEY_CLASSES_ROOT\typelib\{71e9cf40-af72-4b55-bd3f-1fea2a0eaea6}\1.0 detected: Trace.Registry.HotBar Key: HKEY_CLASSES_ROOT\typelib\{71efe583-62fe-4419-9918-ca3b683f7b36}\1.0 detected: Trace.Registry.HotBar Key: HKEY_CLASSES_ROOT\typelib\{793af621-5cd0-4b92-b765-6712f6aaf48e}\1.0 detected: Trace.Registry.HotBar Key: HKEY_CLASSES_ROOT\typelib\{842d315a-7e1e-448b-96e8-9e76d1820be2} detected: Trace.Registry.HotBar Key: HKEY_CLASSES_ROOT\typelib\{9967a873-40f3-4c7e-9239-6c8760f19f61}\1.0 detected: Trace.Registry.HotBar Key: HKEY_CLASSES_ROOT\typelib\{b9f51d42-cca0-4408-bb02-d433d1865a3a}\1.0 detected: Trace.Registry.HotBar Key: HKEY_CLASSES_ROOT\typelib\{f8ee014f-b34c-4544-8e45-95a7971d323b}\1.0 detected: Trace.Registry.HotBar Value: HKEY_CURRENT_USER\Software\MyWebSearch\bar --> MenuExtLabel detected: Trace.Registry.MyWebSearch Toolbar Value: HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive\bar\Switches --> aim.exe detected: Trace.Registry.MyWebSearch Toolbar Value: HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive\bar\Switches --> icq.exe detected: Trace.Registry.MyWebSearch Toolbar Value: HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive\bar\Switches --> icqlite.exe detected: Trace.Registry.MyWebSearch Toolbar Value: HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive\bar\Switches --> incmail.exe detected: Trace.Registry.MyWebSearch Toolbar Value: HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive\bar\Switches --> msimn.exe detected: Trace.Registry.MyWebSearch Toolbar Value: HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive\bar\Switches --> msmsgs.exe detected: Trace.Registry.MyWebSearch Toolbar Value: HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive\bar\Switches --> msn.exe detected: Trace.Registry.MyWebSearch Toolbar Value: HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive\bar\Switches --> msnmsgr.exe detected: Trace.Registry.MyWebSearch Toolbar Value: HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive\bar\Switches --> mwsSrcAs.dll detected: Trace.Registry.MyWebSearch Toolbar Value: HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive\bar\Switches --> outlook.exe detected: Trace.Registry.MyWebSearch Toolbar Value: HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive\bar\Switches --> waol.exe detected: Trace.Registry.MyWebSearch Toolbar Value: HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive\bar\Switches --> ypager.exe detected: Trace.Registry.MyWebSearch Toolbar Value: HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive\Email-IM\0 --> AppName detected: Trace.Registry.MyWebSearch Toolbar Value: HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive\Email-IM\0 --> Path detected: Trace.Registry.MyWebSearch Toolbar Value: HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive\Email-IM\0 --> Toolbar detected: Trace.Registry.MyWebSearch Toolbar Value: HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive\Outlook --> MyWebSearch.OutlookAddin detected: Trace.Registry.MyWebSearch Toolbar Value: HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products\MSNMessenger --> DLLDir detected: Trace.Registry.MyWebSearch Toolbar Value: HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products\MSNMessenger --> DLLFile detected: Trace.Registry.MyWebSearch Toolbar Value: HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products\ScreenSaver --> ImagesDir detected: Trace.Registry.MyWebSearch Toolbar Value: HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products\Settings\CursorManiaBtn --> ETag detected: Trace.Registry.MyWebSearch Toolbar Value: HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products\Settings\CursorManiaBtn --> HTMLMenuRevision detected: Trace.Registry.MyWebSearch Toolbar Value: HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products\Settings\CursorManiaBtn --> LastHTMLMenuURL detected: Trace.Registry.MyWebSearch Toolbar Value: HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products\Settings\FunBuddyIconBtn --> ETag detected: Trace.Registry.MyWebSearch Toolbar Value: HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products\Settings\FunBuddyIconBtn --> HTMLMenuRevision detected: Trace.Registry.MyWebSearch Toolbar Value: HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products\Settings\FunBuddyIconBtn --> LastHTMLMenuURL detected: Trace.Registry.MyWebSearch Toolbar Value: HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products\Settings\MyFunCardsIMBtn --> ETag detected: Trace.Registry.MyWebSearch Toolbar Value: HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products\Settings\MyFunCardsIMBtn --> HTMLMenuRevision detected: Trace.Registry.MyWebSearch Toolbar Value: HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products\Settings\MyFunCardsIMBtn --> LastHTMLMenuURL detected: Trace.Registry.MyWebSearch Toolbar Value: HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products\Settings\Promos --> BuddyFreqNone detected: Trace.Registry.MyWebSearch Toolbar Value: HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products\Settings\Promos --> BuddyFreqUninstalled detected: Trace.Registry.MyWebSearch Toolbar Value: HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products\Settings\Promos --> BuddyTextNone.0 detected: Trace.Registry.MyWebSearch Toolbar Value: HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products\Settings\Promos --> BuddyTextNone.numActive detected: Trace.Registry.MyWebSearch Toolbar Value: HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products\Settings\Promos --> BuddyTextUninstalled.0 detected: Trace.Registry.MyWebSearch Toolbar Value: HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products\Settings\Promos --> BuddyTextUninstalled.numActive detected: Trace.Registry.MyWebSearch Toolbar Value: HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products\Settings\Promos --> MSN.1 detected: Trace.Registry.MyWebSearch Toolbar Value: HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products\Settings\Promos --> MSN.2 detected: Trace.Registry.MyWebSearch Toolbar Value: HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products\Settings\Promos --> MSN.numActive detected: Trace.Registry.MyWebSearch Toolbar Value: HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products\Settings\Promos --> MSN.numActive2 detected: Trace.Registry.MyWebSearch Toolbar Value: HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products\Settings\SmileyCentralBtn --> ETag detected: Trace.Registry.MyWebSearch Toolbar Value: HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products\Settings\SmileyCentralBtn --> HTMLMenuPosDeleted detected: Trace.Registry.MyWebSearch Toolbar Value: HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products\Settings\SmileyCentralBtn --> HTMLMenuRevision detected: Trace.Registry.MyWebSearch Toolbar Value: HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products\Settings\SmileyCentralBtn --> LastHTMLMenuURL detected: Trace.Registry.MyWebSearch Toolbar Value: HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products --> CacheDir detected: Trace.Registry.MyWebSearch Toolbar Value: HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products --> JpegConversionLib detected: Trace.Registry.MyWebSearch Toolbar Value: HKEY_LOCAL_MACHINE\SOFTWARE\FunWebProducts\Installer --> CacheDir detected: Trace.Registry.MyWebSearch Toolbar Value: HKEY_LOCAL_MACHINE\SOFTWARE\FunWebProducts\Installer --> CheckForConnection detected: Trace.Registry.MyWebSearch Toolbar Value: HKEY_LOCAL_MACHINE\SOFTWARE\FunWebProducts\Installer --> CurInstall detected: Trace.Registry.MyWebSearch Toolbar Value: HKEY_LOCAL_MACHINE\SOFTWARE\FunWebProducts\Installer --> Dir detected: Trace.Registry.MyWebSearch Toolbar Value: HKEY_LOCAL_MACHINE\SOFTWARE\FunWebProducts\Installer --> pl detected: Trace.Registry.MyWebSearch Toolbar Value: HKEY_LOCAL_MACHINE\SOFTWARE\FunWebProducts\Installer --> sr detected: Trace.Registry.MyWebSearch Toolbar Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0} --> DisplayName detected: Trace.Registry.MyWebSearch Toolbar Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0} --> URL detected: Trace.Registry.MyWebSearch Toolbar Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Outlook\Addins\MyWebSearch.OutlookAddin --> Description detected: Trace.Registry.MyWebSearch Toolbar Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Outlook\Addins\MyWebSearch.OutlookAddin --> FriendlyName detected: Trace.Registry.MyWebSearch Toolbar Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Outlook\Addins\MyWebSearch.OutlookAddin --> LoadBehavior detected: Trace.Registry.MyWebSearch Toolbar Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Word\Addins\MyWebSearch.OutlookAddin --> Description detected: Trace.Registry.MyWebSearch Toolbar Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Word\Addins\MyWebSearch.OutlookAddin --> FriendlyName detected: Trace.Registry.MyWebSearch Toolbar Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Word\Addins\MyWebSearch.OutlookAddin --> LoadBehavior detected: Trace.Registry.MyWebSearch Toolbar Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Media\WMSDK\sources --> f3PopularScreensavers detected: Trace.Registry.MyWebSearch Toolbar Value: HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch\bar --> CacheDir detected: Trace.Registry.MyWebSearch Toolbar Value: HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch\bar --> ConfigDateStamp detected: Trace.Registry.MyWebSearch Toolbar Value: HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch\bar --> ConfigRevision detected: Trace.Registry.MyWebSearch Toolbar Value: HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch\bar --> ConfigRevisionURL detected: Trace.Registry.MyWebSearch Toolbar Value: HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch\bar --> CurInstall detected: Trace.Registry.MyWebSearch Toolbar Value: HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch\bar --> Dir detected: Trace.Registry.MyWebSearch Toolbar Value: HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch\bar --> Flags detected: Trace.Registry.MyWebSearch Toolbar Value: HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch\bar --> HistoryDir detected: Trace.Registry.MyWebSearch Toolbar Value: HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch\bar --> HTMLMenuRevision detected: Trace.Registry.MyWebSearch Toolbar Value: HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch\bar --> Id detected: Trace.Registry.MyWebSearch Toolbar Value: HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch\bar --> LastConfigRequest detected: Trace.Registry.MyWebSearch Toolbar Value: HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch\bar --> NextConfigRequest detected: Trace.Registry.MyWebSearch Toolbar Value: HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch\bar --> pid detected: Trace.Registry.MyWebSearch Toolbar Value: HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch\bar --> pl detected: Trace.Registry.MyWebSearch Toolbar Value: HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch\bar --> PluginPath detected: Trace.Registry.MyWebSearch Toolbar Value: HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch\bar --> SettingsDir detected: Trace.Registry.MyWebSearch Toolbar Value: HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch\bar --> sr detected: Trace.Registry.MyWebSearch Toolbar Value: HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch\bar --> sscLabel detected: Trace.Registry.MyWebSearch Toolbar Value: HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch\bar --> sscSet detected: Trace.Registry.MyWebSearch Toolbar Value: HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch\bar --> sscURL detected: Trace.Registry.MyWebSearch Toolbar Value: HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch\bar --> un detected: Trace.Registry.MyWebSearch Toolbar Value: HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch\bar --> Visible detected: Trace.Registry.MyWebSearch Toolbar Value: HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch\MWSOEMON --> Version detected: Trace.Registry.MyWebSearch Toolbar Value: HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch\MWSOEPLG\Promo --> AIM.0.old detected: Trace.Registry.MyWebSearch Toolbar Value: HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch\MWSOEPLG\Promo --> AIM.1.old detected: Trace.Registry.MyWebSearch Toolbar Value: HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch\MWSOEPLG\Promo --> AIM.numActive detected: Trace.Registry.MyWebSearch Toolbar Value: HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch\MWSOEPLG\Promo --> AIM.numActive2 detected: Trace.Registry.MyWebSearch Toolbar Value: HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch\MWSOEPLG\Promo --> AIMT.0 detected: Trace.Registry.MyWebSearch Toolbar Value: HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch\MWSOEPLG\Promo --> AIMT.1 detected: Trace.Registry.MyWebSearch Toolbar Value: HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch\MWSOEPLG\Promo --> AIMT.numActive2 detected: Trace.Registry.MyWebSearch Toolbar Value: HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch\MWSOEPLG\Promo --> GoogleTalkHTML.0 detected: Trace.Registry.MyWebSearch Toolbar Value: HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch\MWSOEPLG\Promo --> GoogleTalkHTML.1 detected: Trace.Registry.MyWebSearch Toolbar Value: HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch\MWSOEPLG\Promo --> GoogleTalkHTML.numActive2 detected: Trace.Registry.MyWebSearch Toolbar Value: HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch\MWSOEPLG\Promo --> Yahoo.0.old detected: Trace.Registry.MyWebSearch Toolbar Value: HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch\MWSOEPLG\Promo --> Yahoo.1.old detected: Trace.Registry.MyWebSearch Toolbar Value: HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch\MWSOEPLG\Promo --> Yahoo.2.old detected: Trace.Registry.MyWebSearch Toolbar Value: HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch\MWSOEPLG\Promo --> Yahoo.3.old detected: Trace.Registry.MyWebSearch Toolbar Value: HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch\MWSOEPLG\Promo --> Yahoo.4.old detected: Trace.Registry.MyWebSearch Toolbar Value: HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch\MWSOEPLG\Promo --> Yahoo.5.old detected: Trace.Registry.MyWebSearch Toolbar Value: HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch\MWSOEPLG\Promo --> Yahoo.numActive detected: Trace.Registry.MyWebSearch Toolbar Value: HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch\MWSOEPLG\Promo --> Yahoo.numActive2 detected: Trace.Registry.MyWebSearch Toolbar Value: HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch\MWSOEPLG --> Path detected: Trace.Registry.MyWebSearch Toolbar Value: HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch\MWSOEPLG --> StandardSmileyDir.AIM detected: Trace.Registry.MyWebSearch Toolbar Value: HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch\MWSOEPLG --> Version detected: Trace.Registry.MyWebSearch Toolbar Value: HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch\OEHosts --> boscript detected: Trace.Registry.MyWebSearch Toolbar Value: HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch\OEHosts --> Windows2 detected: Trace.Registry.MyWebSearch Toolbar Value: HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch\OEHosts --> Windows3 detected: Trace.Registry.MyWebSearch Toolbar Value: HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch\OEHosts --> Windows4 detected: Trace.Registry.MyWebSearch Toolbar Value: HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch\OEHosts --> Windows5 detected: Trace.Registry.MyWebSearch Toolbar Value: HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch\OEHosts --> Windows6 detected: Trace.Registry.MyWebSearch Toolbar Value: HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch\OEHosts --> Windows7 detected: Trace.Registry.MyWebSearch Toolbar Value: HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch\SearchAssistant --> ABS detected: Trace.Registry.MyWebSearch Toolbar Value: HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch\SearchAssistant --> ConfigDateStamp detected: Trace.Registry.MyWebSearch Toolbar Value: HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch\SearchAssistant --> CurInstall detected: Trace.Registry.MyWebSearch Toolbar Value: HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch\SearchAssistant --> DES detected: Trace.Registry.MyWebSearch Toolbar Value: HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch\SearchAssistant --> Dir detected: Trace.Registry.MyWebSearch Toolbar Value: HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch\SearchAssistant --> eintl detected: Trace.Registry.MyWebSearch Toolbar Value: HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch\SearchAssistant --> esh detected: Trace.Registry.MyWebSearch Toolbar Value: HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch\SearchAssistant --> Id detected: Trace.Registry.MyWebSearch Toolbar Value: HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch\SearchAssistant --> LastRequest detected: Trace.Registry.MyWebSearch Toolbar Value: HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch\SearchAssistant --> lsp detected: Trace.Registry.MyWebSearch Toolbar Value: HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch\SearchAssistant --> NextRequest detected: Trace.Registry.MyWebSearch Toolbar Value: HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch\SearchAssistant --> pid detected: Trace.Registry.MyWebSearch Toolbar Value: HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch\SearchAssistant --> pl detected: Trace.Registry.MyWebSearch Toolbar Value: HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch\SearchAssistant --> sr detected: Trace.Registry.MyWebSearch Toolbar Value: HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch\SkinTools --> PlayerPath detected: Trace.Registry.MyWebSearch Toolbar Key: HKEY_CLASSES_ROOT\clsid\{147a976f-eee1-4377-8ea7-4716e4cdd239} detected: Trace.Registry.MyWebSearchToobar Key: HKEY_CLASSES_ROOT\clsid\{1e0de227-5ce4-4ea3-ab0c-8b03e1aa76bc} detected: Trace.Registry.MyWebSearchToobar Key: HKEY_CLASSES_ROOT\clsid\{a4730ebe-43a6-443e-9776-36915d323ad3} detected: Trace.Registry.MyWebSearchToobar Key: HKEY_CLASSES_ROOT\interface\{1093995a-ba37-41d2-836e-091067c4ad17} detected: Trace.Registry.MyWebSearchToobar Key: HKEY_CLASSES_ROOT\interface\{120927bf-1700-43bc-810f-fab92549b390} detected: Trace.Registry.MyWebSearchToobar Key: HKEY_CLASSES_ROOT\interface\{17de5e5e-bfe3-4e83-8e1f-8755795359ec} detected: Trace.Registry.MyWebSearchToobar Key: HKEY_CLASSES_ROOT\interface\{1f52a5fa-a705-4415-b975-88503b291728} detected: Trace.Registry.MyWebSearchToobar Key: HKEY_CLASSES_ROOT\interface\{247a115f-06c2-4fb3-967d-2d62d3cf4f0a} detected: Trace.Registry.MyWebSearchToobar Key: HKEY_CLASSES_ROOT\interface\{2e3537fc-cf2f-4f56-af54-5a6a3dd375cc} detected: Trace.Registry.MyWebSearchToobar Key: HKEY_CLASSES_ROOT\interface\{2e9937fc-cf2f-4f56-af54-5a6a3dd375cc} detected: Trace.Registry.MyWebSearchToobar Key: HKEY_CLASSES_ROOT\interface\{3e1656ed-f60e-4597-b6aa-b6a58e171495} detected: Trace.Registry.MyWebSearchToobar Key: HKEY_CLASSES_ROOT\interface\{3e720451-b472-4954-b7aa-33069eb53906} detected: Trace.Registry.MyWebSearchToobar Key: HKEY_CLASSES_ROOT\interface\{3e720453-b472-4954-b7aa-33069eb53906} detected: Trace.Registry.MyWebSearchToobar Key: HKEY_CLASSES_ROOT\interface\{63d0ed2b-b45b-4458-8b3b-60c69bbbd83c} detected: Trace.Registry.MyWebSearchToobar Key: HKEY_CLASSES_ROOT\interface\{6e74766c-4d93-4cc0-96d1-47b8e07ff9ca} detected: Trace.Registry.MyWebSearchToobar Key: HKEY_CLASSES_ROOT\interface\{7473d291-b7bb-4f24-ae82-7e2ce94bb6a9} detected: Trace.Registry.MyWebSearchToobar Key: HKEY_CLASSES_ROOT\interface\{7473d295-b7bb-4f24-ae82-7e2ce94bb6a9} detected: Trace.Registry.MyWebSearchToobar Key: HKEY_CLASSES_ROOT\interface\{7473d297-b7bb-4f24-ae82-7e2ce94bb6a9} detected: Trace.Registry.MyWebSearchToobar Key: HKEY_CLASSES_ROOT\interface\{90449521-d834-4703-bb4e-d3aa44042ff8} detected: Trace.Registry.MyWebSearchToobar Key: HKEY_CLASSES_ROOT\interface\{991aac62-b100-47ce-8b75-253965244f69} detected: Trace.Registry.MyWebSearchToobar Key: HKEY_CLASSES_ROOT\interface\{bbabdc90-f3d5-4801-863a-ee6ae529862d} detected: Trace.Registry.MyWebSearchToobar Key: HKEY_CLASSES_ROOT\interface\{d6ff3684-ad3b-48eb-bbb4-b9e6c5a355c1} detected: Trace.Registry.MyWebSearchToobar Key: HKEY_CLASSES_ROOT\interface\{de38c398-b328-4f4c-a3ad-1b5e4ed93477} detected: Trace.Registry.MyWebSearchToobar Key: HKEY_CLASSES_ROOT\interface\{e342af55-b78a-4cd0-a2bb-da7f52d9d25e} detected: Trace.Registry.MyWebSearchToobar Key: HKEY_CLASSES_ROOT\interface\{eb9e5c1c-b1f9-4c2b-be8a-27d6446fdaf8} detected: Trace.Registry.MyWebSearchToobar Key: HKEY_CLASSES_ROOT\typelib\{0d26bc71-a633-4e71-ad31-eadc3a1b6a3a} detected: Trace.Registry.MyWebSearchToobar Key: HKEY_CLASSES_ROOT\typelib\{3e720450-b472-4954-b7aa-33069eb53906} detected: Trace.Registry.MyWebSearchToobar Key: HKEY_CLASSES_ROOT\typelib\{7473d290-b7bb-4f24-ae82-7e2ce94bb6a9} detected: Trace.Registry.MyWebSearchToobar Key: HKEY_CLASSES_ROOT\typelib\{8ca01f0e-987c-49c3-b852-2f1ac4a7094c} detected: Trace.Registry.MyWebSearchToobar Key: HKEY_CLASSES_ROOT\typelib\{8e6f1830-9607-4440-8530-13be7c4b1d14} detected: Trace.Registry.MyWebSearchToobar Key: HKEY_CLASSES_ROOT\typelib\{c8cecde3-1ae1-4c4a-ad82-6d5b00212144} detected: Trace.Registry.MyWebSearchToobar Key: HKEY_CLASSES_ROOT\typelib\{e47caee0-deea-464a-9326-3f2801535a4d} detected: Trace.Registry.MyWebSearchToobar Key: HKEY_CURRENT_USER\software\mywebsearch detected: Trace.Registry.MyWebSearchToobar Key: HKEY_LOCAL_MACHINE\software\microsoft\office\outlook\addins\mywebsearch.outlookaddin detected: Trace.Registry.MyWebSearchToobar Key: HKEY_LOCAL_MACHINE\software\microsoft\office\word\addins\mywebsearch.outlookaddin detected: Trace.Registry.MyWebSearchToobar Key: HKEY_LOCAL_MACHINE\software\mywebsearch detected: Trace.Registry.MyWebSearchToobar Key: HKEY_CLASSES_ROOT\clsid\{147a976f-eee1-4377-8ea7-4716e4cdd239} detected: Trace.Registry.MyWebSearchToolbar Key: HKEY_CLASSES_ROOT\clsid\{1e0de227-5ce4-4ea3-ab0c-8b03e1aa76bc} detected: Trace.Registry.MyWebSearchToolbar Key: HKEY_CLASSES_ROOT\clsid\{a4730ebe-43a6-443e-9776-36915d323ad3} detected: Trace.Registry.MyWebSearchToolbar Key: HKEY_CLASSES_ROOT\interface\{1093995a-ba37-41d2-836e-091067c4ad17} detected: Trace.Registry.MyWebSearchToolbar Key: HKEY_CLASSES_ROOT\interface\{120927bf-1700-43bc-810f-fab92549b390} detected: Trace.Registry.MyWebSearchToolbar Key: HKEY_CLASSES_ROOT\interface\{17de5e5e-bfe3-4e83-8e1f-8755795359ec} detected: Trace.Registry.MyWebSearchToolbar Key: HKEY_CLASSES_ROOT\interface\{1f52a5fa-a705-4415-b975-88503b291728} detected: Trace.Registry.MyWebSearchToolbar Key: HKEY_CLASSES_ROOT\interface\{247a115f-06c2-4fb3-967d-2d62d3cf4f0a} detected: Trace.Registry.MyWebSearchToolbar Key: HKEY_CLASSES_ROOT\interface\{2e3537fc-cf2f-4f56-af54-5a6a3dd375cc} detected: Trace.Registry.MyWebSearchToolbar Key: HKEY_CLASSES_ROOT\interface\{2e9937fc-cf2f-4f56-af54-5a6a3dd375cc} detected: Trace.Registry.MyWebSearchToolbar Key: HKEY_CLASSES_ROOT\interface\{3e1656ed-f60e-4597-b6aa-b6a58e171495} detected: Trace.Registry.MyWebSearchToolbar Key: HKEY_CLASSES_ROOT\interface\{3e720451-b472-4954-b7aa-33069eb53906} detected: Trace.Registry.MyWebSearchToolbar Key: HKEY_CLASSES_ROOT\interface\{3e720453-b472-4954-b7aa-33069eb53906} detected: Trace.Registry.MyWebSearchToolbar Key: HKEY_CLASSES_ROOT\interface\{63d0ed2b-b45b-4458-8b3b-60c69bbbd83c} detected: Trace.Registry.MyWebSearchToolbar Key: HKEY_CLASSES_ROOT\interface\{6e74766c-4d93-4cc0-96d1-47b8e07ff9ca} detected: Trace.Registry.MyWebSearchToolbar Key: HKEY_CLASSES_ROOT\interface\{7473d291-b7bb-4f24-ae82-7e2ce94bb6a9} detected: Trace.Registry.MyWebSearchToolbar Key: HKEY_CLASSES_ROOT\interface\{7473d295-b7bb-4f24-ae82-7e2ce94bb6a9} detected: Trace.Registry.MyWebSearchToolbar Key: HKEY_CLASSES_ROOT\interface\{7473d297-b7bb-4f24-ae82-7e2ce94bb6a9} detected: Trace.Registry.MyWebSearchToolbar Key: HKEY_CLASSES_ROOT\interface\{90449521-d834-4703-bb4e-d3aa44042ff8} detected: Trace.Registry.MyWebSearchToolbar Key: HKEY_CLASSES_ROOT\interface\{991aac62-b100-47ce-8b75-253965244f69} detected: Trace.Registry.MyWebSearchToolbar Key: HKEY_CLASSES_ROOT\interface\{bbabdc90-f3d5-4801-863a-ee6ae529862d} detected: Trace.Registry.MyWebSearchToolbar Key: HKEY_CLASSES_ROOT\interface\{d6ff3684-ad3b-48eb-bbb4-b9e6c5a355c1} detected: Trace.Registry.MyWebSearchToolbar Key: HKEY_CLASSES_ROOT\interface\{de38c398-b328-4f4c-a3ad-1b5e4ed93477} detected: Trace.Registry.MyWebSearchToolbar Key: HKEY_CLASSES_ROOT\interface\{e342af55-b78a-4cd0-a2bb-da7f52d9d25e} detected: Trace.Registry.MyWebSearchToolbar Key: HKEY_CLASSES_ROOT\interface\{eb9e5c1c-b1f9-4c2b-be8a-27d6446fdaf8} detected: Trace.Registry.MyWebSearchToolbar Key: HKEY_CLASSES_ROOT\typelib\{0d26bc71-a633-4e71-ad31-eadc3a1b6a3a} detected: Trace.Registry.MyWebSearchToolbar Key: HKEY_CLASSES_ROOT\typelib\{3e720450-b472-4954-b7aa-33069eb53906} detected: Trace.Registry.MyWebSearchToolbar Key: HKEY_CLASSES_ROOT\typelib\{7473d290-b7bb-4f24-ae82-7e2ce94bb6a9} detected: Trace.Registry.MyWebSearchToolbar Key: HKEY_CLASSES_ROOT\typelib\{8ca01f0e-987c-49c3-b852-2f1ac4a7094c} detected: Trace.Registry.MyWebSearchToolbar Key: HKEY_CLASSES_ROOT\typelib\{8e6f1830-9607-4440-8530-13be7c4b1d14} detected: Trace.Registry.MyWebSearchToolbar Key: HKEY_CLASSES_ROOT\typelib\{c8cecde3-1ae1-4c4a-ad82-6d5b00212144} detected: Trace.Registry.MyWebSearchToolbar Key: HKEY_CLASSES_ROOT\typelib\{e47caee0-deea-464a-9326-3f2801535a4d} detected: Trace.Registry.MyWebSearchToolbar Key: HKEY_CURRENT_USER\software\mywebsearch detected: Trace.Registry.MyWebSearchToolbar Key: HKEY_LOCAL_MACHINE\software\microsoft\office\outlook\addins\mywebsearch.outlookaddin detected: Trace.Registry.MyWebSearchToolbar Key: HKEY_LOCAL_MACHINE\software\microsoft\office\word\addins\mywebsearch.outlookaddin detected: Trace.Registry.MyWebSearchToolbar Key: HKEY_LOCAL_MACHINE\software\mywebsearch detected: Trace.Registry.MyWebSearchToolbar C:\Documents and Settings\Aud\Cookies\aud@adtech[2].txt detected: Trace.TrackingCookie C:\Documents and Settings\Aud\Cookies\aud@doubleclick[1].txt detected: Trace.TrackingCookie C:\Documents and Settings\Aud\Cookies\aud@mediaplex[1].txt detected: Trace.TrackingCookie C:\Programfiler\Internet Explorer\msimg32.dll detected: Riskware.AdTool.Win32.MyWebSearch.au C:\Programfiler\MSN Messenger\msimg32.dll detected: Riskware.AdTool.Win32.MyWebSearch.au Scanned Files: 95154 Traces: 99742 Cookies: 39 Processes: 44 Found Files: 2 Traces: 260 Cookies: 3 Processes: 1 Registry keys: 0 Scan end: 27.02.2007 21:19:51 Scan time: 00:46:03 C:\Documents and Settings\Aud\Cookies\aud@adtech[2].txt Deleted Trace.TrackingCookie C:\Documents and Settings\Aud\Cookies\aud@doubleclick[1].txt Deleted Trace.TrackingCookie C:\Documents and Settings\Aud\Cookies\aud@mediaplex[1].txt Deleted Trace.TrackingCookie Key: HKEY_CLASSES_ROOT\clsid\{147a976f-eee1-4377-8ea7-4716e4cdd239} Deleted Trace.Registry.MyWebSearchToolbar Key: HKEY_CLASSES_ROOT\clsid\{1e0de227-5ce4-4ea3-ab0c-8b03e1aa76bc} Deleted Trace.Registry.MyWebSearchToolbar Key: HKEY_CLASSES_ROOT\clsid\{a4730ebe-43a6-443e-9776-36915d323ad3} Deleted Trace.Registry.MyWebSearchToolbar Key: HKEY_CLASSES_ROOT\interface\{1093995a-ba37-41d2-836e-091067c4ad17} Deleted Trace.Registry.MyWebSearchToolbar Key: HKEY_CLASSES_ROOT\interface\{120927bf-1700-43bc-810f-fab92549b390} Deleted Trace.Registry.MyWebSearchToolbar Key: HKEY_CLASSES_ROOT\interface\{17de5e5e-bfe3-4e83-8e1f-8755795359ec} Deleted Trace.Registry.MyWebSearchToolbar Key: HKEY_CLASSES_ROOT\interface\{1f52a5fa-a705-4415-b975-88503b291728} Deleted Trace.Registry.MyWebSearchToolbar Key: HKEY_CLASSES_ROOT\interface\{247a115f-06c2-4fb3-967d-2d62d3cf4f0a} Deleted Trace.Registry.MyWebSearchToolbar Key: HKEY_CLASSES_ROOT\interface\{2e3537fc-cf2f-4f56-af54-5a6a3dd375cc} Deleted Trace.Registry.MyWebSearchToolbar Key: HKEY_CLASSES_ROOT\interface\{2e9937fc-cf2f-4f56-af54-5a6a3dd375cc} Deleted Trace.Registry.MyWebSearchToolbar Key: HKEY_CLASSES_ROOT\interface\{3e1656ed-f60e-4597-b6aa-b6a58e171495} Deleted Trace.Registry.MyWebSearchToolbar Key: HKEY_CLASSES_ROOT\interface\{3e720451-b472-4954-b7aa-33069eb53906} Deleted Trace.Registry.MyWebSearchToolbar Key: HKEY_CLASSES_ROOT\interface\{3e720453-b472-4954-b7aa-33069eb53906} Deleted Trace.Registry.MyWebSearchToolbar Key: HKEY_CLASSES_ROOT\interface\{63d0ed2b-b45b-4458-8b3b-60c69bbbd83c} Deleted Trace.Registry.MyWebSearchToolbar Key: HKEY_CLASSES_ROOT\interface\{6e74766c-4d93-4cc0-96d1-47b8e07ff9ca} Deleted Trace.Registry.MyWebSearchToolbar Key: HKEY_CLASSES_ROOT\interface\{7473d291-b7bb-4f24-ae82-7e2ce94bb6a9} Deleted Trace.Registry.MyWebSearchToolbar Key: HKEY_CLASSES_ROOT\interface\{7473d295-b7bb-4f24-ae82-7e2ce94bb6a9} Deleted Trace.Registry.MyWebSearchToolbar Key: HKEY_CLASSES_ROOT\interface\{7473d297-b7bb-4f24-ae82-7e2ce94bb6a9} Deleted Trace.Registry.MyWebSearchToolbar Key: HKEY_CLASSES_ROOT\interface\{90449521-d834-4703-bb4e-d3aa44042ff8} Deleted Trace.Registry.MyWebSearchToolbar Key: HKEY_CLASSES_ROOT\interface\{991aac62-b100-47ce-8b75-253965244f69} Deleted Trace.Registry.MyWebSearchToolbar Key: HKEY_CLASSES_ROOT\interface\{bbabdc90-f3d5-4801-863a-ee6ae529862d} Deleted Trace.Registry.MyWebSearchToolbar Key: HKEY_CLASSES_ROOT\interface\{d6ff3684-ad3b-48eb-bbb4-b9e6c5a355c1} Deleted Trace.Registry.MyWebSearchToolbar Key: HKEY_CLASSES_ROOT\interface\{de38c398-b328-4f4c-a3ad-1b5e4ed93477} Deleted Trace.Registry.MyWebSearchToolbar Key: HKEY_CLASSES_ROOT\interface\{e342af55-b78a-4cd0-a2bb-da7f52d9d25e} Deleted Trace.Registry.MyWebSearchToolbar Key: HKEY_CLASSES_ROOT\interface\{eb9e5c1c-b1f9-4c2b-be8a-27d6446fdaf8} Deleted Trace.Registry.MyWebSearchToolbar Key: HKEY_CLASSES_ROOT\typelib\{0d26bc71-a633-4e71-ad31-eadc3a1b6a3a} Deleted Trace.Registry.MyWebSearchToolbar Key: HKEY_CLASSES_ROOT\typelib\{3e720450-b472-4954-b7aa-33069eb53906} Deleted Trace.Registry.MyWebSearchToolbar Key: HKEY_CLASSES_ROOT\typelib\{7473d290-b7bb-4f24-ae82-7e2ce94bb6a9} Deleted Trace.Registry.MyWebSearchToolbar Key: HKEY_CLASSES_ROOT\typelib\{8ca01f0e-987c-49c3-b852-2f1ac4a7094c} Deleted Trace.Registry.MyWebSearchToolbar Key: HKEY_CLASSES_ROOT\typelib\{8e6f1830-9607-4440-8530-13be7c4b1d14} Deleted Trace.Registry.MyWebSearchToolbar Key: HKEY_CLASSES_ROOT\typelib\{c8cecde3-1ae1-4c4a-ad82-6d5b00212144} Deleted Trace.Registry.MyWebSearchToolbar Key: HKEY_CLASSES_ROOT\typelib\{e47caee0-deea-464a-9326-3f2801535a4d} Deleted Trace.Registry.MyWebSearchToolbar Key: HKEY_CURRENT_USER\software\mywebsearch Deleted Trace.Registry.MyWebSearchToolbar Key: HKEY_LOCAL_MACHINE\software\microsoft\office\outlook\addins\mywebsearch.outlookaddin Deleted Trace.Registry.MyWebSearchToolbar Key: HKEY_LOCAL_MACHINE\software\microsoft\office\word\addins\mywebsearch.outlookaddin Deleted Trace.Registry.MyWebSearchToolbar Key: HKEY_LOCAL_MACHINE\software\mywebsearch Deleted Trace.Registry.MyWebSearchToolbar Key: HKEY_CLASSES_ROOT\clsid\{147a976f-eee1-4377-8ea7-4716e4cdd239} Deleted Trace.Registry.MyWebSearchToobar Key: HKEY_CLASSES_ROOT\clsid\{1e0de227-5ce4-4ea3-ab0c-8b03e1aa76bc} Deleted Trace.Registry.MyWebSearchToobar Key: HKEY_CLASSES_ROOT\clsid\{a4730ebe-43a6-443e-9776-36915d323ad3} Deleted Trace.Registry.MyWebSearchToobar Key: HKEY_CLASSES_ROOT\interface\{1093995a-ba37-41d2-836e-091067c4ad17} Deleted Trace.Registry.MyWebSearchToobar Key: HKEY_CLASSES_ROOT\interface\{120927bf-1700-43bc-810f-fab92549b390} Deleted Trace.Registry.MyWebSearchToobar Key: HKEY_CLASSES_ROOT\interface\{17de5e5e-bfe3-4e83-8e1f-8755795359ec} Deleted Trace.Registry.MyWebSearchToobar Key: HKEY_CLASSES_ROOT\interface\{1f52a5fa-a705-4415-b975-88503b291728} Deleted Trace.Registry.MyWebSearchToobar Key: HKEY_CLASSES_ROOT\interface\{247a115f-06c2-4fb3-967d-2d62d3cf4f0a} Deleted Trace.Registry.MyWebSearchToobar Key: HKEY_CLASSES_ROOT\interface\{2e3537fc-cf2f-4f56-af54-5a6a3dd375cc} Deleted Trace.Registry.MyWebSearchToobar Key: HKEY_CLASSES_ROOT\interface\{2e9937fc-cf2f-4f56-af54-5a6a3dd375cc} Deleted Trace.Registry.MyWebSearchToobar Key: HKEY_CLASSES_ROOT\interface\{3e1656ed-f60e-4597-b6aa-b6a58e171495} Deleted Trace.Registry.MyWebSearchToobar Key: HKEY_CLASSES_ROOT\interface\{3e720451-b472-4954-b7aa-33069eb53906} Deleted Trace.Registry.MyWebSearchToobar Key: HKEY_CLASSES_ROOT\interface\{3e720453-b472-4954-b7aa-33069eb53906} Deleted Trace.Registry.MyWebSearchToobar Key: HKEY_CLASSES_ROOT\interface\{63d0ed2b-b45b-4458-8b3b-60c69bbbd83c} Deleted Trace.Registry.MyWebSearchToobar Key: HKEY_CLASSES_ROOT\interface\{6e74766c-4d93-4cc0-96d1-47b8e07ff9ca} Deleted Trace.Registry.MyWebSearchToobar Key: HKEY_CLASSES_ROOT\interface\{7473d291-b7bb-4f24-ae82-7e2ce94bb6a9} Deleted Trace.Registry.MyWebSearchToobar Key: HKEY_CLASSES_ROOT\interface\{7473d295-b7bb-4f24-ae82-7e2ce94bb6a9} Deleted Trace.Registry.MyWebSearchToobar Key: HKEY_CLASSES_ROOT\interface\{7473d297-b7bb-4f24-ae82-7e2ce94bb6a9} Deleted Trace.Registry.MyWebSearchToobar Key: HKEY_CLASSES_ROOT\interface\{90449521-d834-4703-bb4e-d3aa44042ff8} Deleted Trace.Registry.MyWebSearchToobar Key: HKEY_CLASSES_ROOT\interface\{991aac62-b100-47ce-8b75-253965244f69} Deleted Trace.Registry.MyWebSearchToobar Key: HKEY_CLASSES_ROOT\interface\{bbabdc90-f3d5-4801-863a-ee6ae529862d} Deleted Trace.Registry.MyWebSearchToobar Key: HKEY_CLASSES_ROOT\interface\{d6ff3684-ad3b-48eb-bbb4-b9e6c5a355c1} Deleted Trace.Registry.MyWebSearchToobar Key: HKEY_CLASSES_ROOT\interface\{de38c398-b328-4f4c-a3ad-1b5e4ed93477} Deleted Trace.Registry.MyWebSearchToobar Key: HKEY_CLASSES_ROOT\interface\{e342af55-b78a-4cd0-a2bb-da7f52d9d25e} Deleted Trace.Registry.MyWebSearchToobar Key: HKEY_CLASSES_ROOT\interface\{eb9e5c1c-b1f9-4c2b-be8a-27d6446fdaf8} Deleted Trace.Registry.MyWebSearchToobar Key: HKEY_CLASSES_ROOT\typelib\{0d26bc71-a633-4e71-ad31-eadc3a1b6a3a} Deleted Trace.Registry.MyWebSearchToobar Key: HKEY_CLASSES_ROOT\typelib\{3e720450-b472-4954-b7aa-33069eb53906} Deleted Trace.Registry.MyWebSearchToobar Key: HKEY_CLASSES_ROOT\typelib\{7473d290-b7bb-4f24-ae82-7e2ce94bb6a9} Deleted Trace.Registry.MyWebSearchToobar Key: HKEY_CLASSES_ROOT\typelib\{8ca01f0e-987c-49c3-b852-2f1ac4a7094c} Deleted Trace.Registry.MyWebSearchToobar Key: HKEY_CLASSES_ROOT\typelib\{8e6f1830-9607-4440-8530-13be7c4b1d14} Deleted Trace.Registry.MyWebSearchToobar Key: HKEY_CLASSES_ROOT\typelib\{c8cecde3-1ae1-4c4a-ad82-6d5b00212144} Deleted Trace.Registry.MyWebSearchToobar Key: HKEY_CLASSES_ROOT\typelib\{e47caee0-deea-464a-9326-3f2801535a4d} Deleted Trace.Registry.MyWebSearchToobar Key: HKEY_CURRENT_USER\software\mywebsearch Deleted Trace.Registry.MyWebSearchToobar Key: HKEY_LOCAL_MACHINE\software\microsoft\office\outlook\addins\mywebsearch.outlookaddin Deleted Trace.Registry.MyWebSearchToobar Key: HKEY_LOCAL_MACHINE\software\microsoft\office\word\addins\mywebsearch.outlookaddin Deleted Trace.Registry.MyWebSearchToobar Key: HKEY_LOCAL_MACHINE\software\mywebsearch Deleted Trace.Registry.MyWebSearchToobar Value: HKEY_CURRENT_USER\Software\MyWebSearch\bar --> MenuExtLabel Deleted Trace.Registry.MyWebSearch Toolbar Value: HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive\bar\Switches --> aim.exe Deleted Trace.Registry.MyWebSearch Toolbar Value: HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive\bar\Switches --> icq.exe Deleted Trace.Registry.MyWebSearch Toolbar Value: HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive\bar\Switches --> icqlite.exe Deleted Trace.Registry.MyWebSearch Toolbar Value: HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive\bar\Switches --> incmail.exe Deleted Trace.Registry.MyWebSearch Toolbar Value: HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive\bar\Switches --> msimn.exe Deleted Trace.Registry.MyWebSearch Toolbar Value: HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive\bar\Switches --> msmsgs.exe Deleted Trace.Registry.MyWebSearch Toolbar Value: HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive\bar\Switches --> msn.exe Deleted Trace.Registry.MyWebSearch Toolbar Value: HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive\bar\Switches --> msnmsgr.exe Deleted Trace.Registry.MyWebSearch Toolbar Value: HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive\bar\Switches --> mwsSrcAs.dll Deleted Trace.Registry.MyWebSearch Toolbar Value: HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive\bar\Switches --> outlook.exe Deleted Trace.Registry.MyWebSearch Toolbar Value: HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive\bar\Switches --> waol.exe Deleted Trace.Registry.MyWebSearch Toolbar Value: HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive\bar\Switches --> ypager.exe Deleted Trace.Registry.MyWebSearch Toolbar Value: HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive\Email-IM\0 --> AppName Deleted Trace.Registry.MyWebSearch Toolbar Value: HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive\Email-IM\0 --> Path Deleted Trace.Registry.MyWebSearch Toolbar Value: HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive\Email-IM\0 --> Toolbar Deleted Trace.Registry.MyWebSearch Toolbar Value: HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive\Outlook --> MyWebSearch.OutlookAddin Deleted Trace.Registry.MyWebSearch Toolbar Value: HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products\MSNMessenger --> DLLDir Deleted Trace.Registry.MyWebSearch Toolbar Value: HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products\MSNMessenger --> DLLFile Deleted Trace.Registry.MyWebSearch Toolbar Value: HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products\ScreenSaver --> ImagesDir Deleted Trace.Registry.MyWebSearch Toolbar Value: HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products\Settings\CursorManiaBtn --> ETag Deleted Trace.Registry.MyWebSearch Toolbar Value: HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products\Settings\CursorManiaBtn --> HTMLMenuRevision Deleted Trace.Registry.MyWebSearch Toolbar Value: HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products\Settings\CursorManiaBtn --> LastHTMLMenuURL Deleted Trace.Registry.MyWebSearch Toolbar Value: HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products\Settings\FunBuddyIconBtn --> ETag Deleted Trace.Registry.MyWebSearch Toolbar Value: HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products\Settings\FunBuddyIconBtn --> HTMLMenuRevision Deleted Trace.Registry.MyWebSearch Toolbar Value: HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products\Settings\FunBuddyIconBtn --> LastHTMLMenuURL Deleted Trace.Registry.MyWebSearch Toolbar Value: HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products\Settings\MyFunCardsIMBtn --> ETag Deleted Trace.Registry.MyWebSearch Toolbar Value: HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products\Settings\MyFunCardsIMBtn --> HTMLMenuRevision Deleted Trace.Registry.MyWebSearch Toolbar Value: HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products\Settings\MyFunCardsIMBtn --> LastHTMLMenuURL Deleted Trace.Registry.MyWebSearch Toolbar Value: HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products\Settings\Promos --> BuddyFreqNone Deleted Trace.Registry.MyWebSearch Toolbar Value: HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products\Settings\Promos --> BuddyFreqUninstalled Deleted Trace.Registry.MyWebSearch Toolbar Value: HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products\Settings\Promos --> BuddyTextNone.0 Deleted Trace.Registry.MyWebSearch Toolbar Value: HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products\Settings\Promos --> BuddyTextNone.numActive Deleted Trace.Registry.MyWebSearch Toolbar Value: HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products\Settings\Promos --> BuddyTextUninstalled.0 Deleted Trace.Registry.MyWebSearch Toolbar Value: HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products\Settings\Promos --> BuddyTextUninstalled.numActive Deleted Trace.Registry.MyWebSearch Toolbar Value: HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products\Settings\Promos --> MSN.1 Deleted Trace.Registry.MyWebSearch Toolbar Value: HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products\Settings\Promos --> MSN.2 Deleted Trace.Registry.MyWebSearch Toolbar Value: HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products\Settings\Promos --> MSN.numActive Deleted Trace.Registry.MyWebSearch Toolbar Value: HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products\Settings\Promos --> MSN.numActive2 Deleted Trace.Registry.MyWebSearch Toolbar Value: HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products\Settings\SmileyCentralBtn --> ETag Deleted Trace.Registry.MyWebSearch Toolbar Value: HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products\Settings\SmileyCentralBtn --> HTMLMenuPosDeleted Deleted Trace.Registry.MyWebSearch Toolbar Value: HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products\Settings\SmileyCentralBtn --> HTMLMenuRevision Deleted Trace.Registry.MyWebSearch Toolbar Value: HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products\Settings\SmileyCentralBtn --> LastHTMLMenuURL Deleted Trace.Registry.MyWebSearch Toolbar Value: HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products --> CacheDir Deleted Trace.Registry.MyWebSearch Toolbar Value: HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products --> JpegConversionLib Deleted Trace.Registry.MyWebSearch Toolbar Value: HKEY_LOCAL_MACHINE\SOFTWARE\FunWebProducts\Installer --> CacheDir Deleted Trace.Registry.MyWebSearch Toolbar Value: HKEY_LOCAL_MACHINE\SOFTWARE\FunWebProducts\Installer --> CheckForConnection Deleted Trace.Registry.MyWebSearch Toolbar Value: HKEY_LOCAL_MACHINE\SOFTWARE\FunWebProducts\Installer --> CurInstall Deleted Trace.Registry.MyWebSearch Toolbar Value: HKEY_LOCAL_MACHINE\SOFTWARE\FunWebProducts\Installer --> Dir Deleted Trace.Registry.MyWebSearch Toolbar Value: HKEY_LOCAL_MACHINE\SOFTWARE\FunWebProducts\Installer --> pl Deleted Trace.Registry.MyWebSearch Toolbar Value: HKEY_LOCAL_MACHINE\SOFTWARE\FunWebProducts\Installer --> sr Deleted Trace.Registry.MyWebSearch Toolbar Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0} --> DisplayName Deleted Trace.Registry.MyWebSearch Toolbar Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0} --> URL Deleted Trace.Registry.MyWebSearch Toolbar Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Outlook\Addins\MyWebSearch.OutlookAddin --> Description Deleted Trace.Registry.MyWebSearch Toolbar Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Outlook\Addins\MyWebSearch.OutlookAddin --> FriendlyName Deleted Trace.Registry.MyWebSearch Toolbar Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Outlook\Addins\MyWebSearch.OutlookAddin --> LoadBehavior Deleted Trace.Registry.MyWebSearch Toolbar Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Word\Addins\MyWebSearch.OutlookAddin --> Description Deleted Trace.Registry.MyWebSearch Toolbar Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Word\Addins\MyWebSearch.OutlookAddin --> FriendlyName Deleted Trace.Registry.MyWebSearch Toolbar Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Word\Addins\MyWebSearch.OutlookAddin --> LoadBehavior Deleted Trace.Registry.MyWebSearch Toolbar Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Media\WMSDK\sources --> f3PopularScreensavers Deleted Trace.Registry.MyWebSearch Toolbar Value: HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch\bar --> CacheDir Deleted Trace.Registry.MyWebSearch Toolbar Value: HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch\bar --> ConfigDateStamp Deleted Trace.Registry.MyWebSearch Toolbar Value: HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch\bar --> ConfigRevision Deleted Trace.Registry.MyWebSearch Toolbar Value: HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch\bar --> ConfigRevisionURL Deleted Trace.Registry.MyWebSearch Toolbar Value: HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch\bar --> CurInstall Deleted Trace.Registry.MyWebSearch Toolbar Value: HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch\bar --> Dir Deleted Trace.Registry.MyWebSearch Toolbar Value: HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch\bar --> Flags Deleted Trace.Registry.MyWebSearch Toolbar Value: HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch\bar --> HistoryDir Deleted Trace.Registry.MyWebSearch Toolbar Value: HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch\bar --> HTMLMenuRevision Deleted Trace.Registry.MyWebSearch Toolbar Value: HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch\bar --> Id Deleted Trace.Registry.MyWebSearch Toolbar Value: HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch\bar --> LastConfigRequest Deleted Trace.Registry.MyWebSearch Toolbar Value: HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch\bar --> NextConfigRequest Deleted Trace.Registry.MyWebSearch Toolbar Value: HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch\bar --> pid Deleted Trace.Registry.MyWebSearch Toolbar Value: HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch\bar --> pl Deleted Trace.Registry.MyWebSearch Toolbar Value: HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch\bar --> PluginPath Deleted Trace.Registry.MyWebSearch Toolbar Value: HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch\bar --> SettingsDir Deleted Trace.Registry.MyWebSearch Toolbar Value: HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch\bar --> sr Deleted Trace.Registry.MyWebSearch Toolbar Value: HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch\bar --> sscLabel Deleted Trace.Registry.MyWebSearch Toolbar Value: HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch\bar --> sscSet Deleted Trace.Registry.MyWebSearch Toolbar Value: HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch\bar --> sscURL Deleted Trace.Registry.MyWebSearch Toolbar Value: HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch\bar --> un Deleted Trace.Registry.MyWebSearch Toolbar Value: HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch\bar --> Visible Deleted Trace.Registry.MyWebSearch Toolbar Value: HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch\MWSOEMON --> Version Deleted Trace.Registry.MyWebSearch Toolbar Value: HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch\MWSOEPLG\Promo --> AIM.0.old Deleted Trace.Registry.MyWebSearch Toolbar Value: HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch\MWSOEPLG\Promo --> AIM.1.old Deleted Trace.Registry.MyWebSearch Toolbar Value: HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch\MWSOEPLG\Promo --> AIM.numActive Deleted Trace.Registry.MyWebSearch Toolbar Value: HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch\MWSOEPLG\Promo --> AIM.numActive2 Deleted Trace.Registry.MyWebSearch Toolbar Value: HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch\MWSOEPLG\Promo --> AIMT.0 Deleted Trace.Registry.MyWebSearch Toolbar Value: HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch\MWSOEPLG\Promo --> AIMT.1 Deleted Trace.Registry.MyWebSearch Toolbar Value: HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch\MWSOEPLG\Promo --> AIMT.numActive2 Deleted Trace.Registry.MyWebSearch Toolbar Value: HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch\MWSOEPLG\Promo --> GoogleTalkHTML.0 Deleted Trace.Registry.MyWebSearch Toolbar Value: HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch\MWSOEPLG\Promo --> GoogleTalkHTML.1 Deleted Trace.Registry.MyWebSearch Toolbar Value: HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch\MWSOEPLG\Promo --> GoogleTalkHTML.numActive2 Deleted Trace.Registry.MyWebSearch Toolbar Value: HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch\MWSOEPLG\Promo --> Yahoo.0.old Deleted Trace.Registry.MyWebSearch Toolbar Value: HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch\MWSOEPLG\Promo --> Yahoo.1.old Deleted Trace.Registry.MyWebSearch Toolbar Value: HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch\MWSOEPLG\Promo --> Yahoo.2.old Deleted Trace.Registry.MyWebSearch Toolbar Value: HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch\MWSOEPLG\Promo --> Yahoo.3.old Deleted Trace.Registry.MyWebSearch Toolbar Value: HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch\MWSOEPLG\Promo --> Yahoo.4.old Deleted Trace.Registry.MyWebSearch Toolbar Value: HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch\MWSOEPLG\Promo --> Yahoo.5.old Deleted Trace.Registry.MyWebSearch Toolbar Value: HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch\MWSOEPLG\Promo --> Yahoo.numActive Deleted Trace.Registry.MyWebSearch Toolbar Value: HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch\MWSOEPLG\Promo --> Yahoo.numActive2 Deleted Trace.Registry.MyWebSearch Toolbar Value: HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch\MWSOEPLG --> Path Deleted Trace.Registry.MyWebSearch Toolbar Value: HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch\MWSOEPLG --> StandardSmileyDir.AIM Deleted Trace.Registry.MyWebSearch Toolbar Value: HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch\MWSOEPLG --> Version Deleted Trace.Registry.MyWebSearch Toolbar Value: HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch\OEHosts --> boscript Deleted Trace.Registry.MyWebSearch Toolbar Value: HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch\OEHosts --> Windows2 Deleted Trace.Registry.MyWebSearch Toolbar Value: HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch\OEHosts --> Windows3 Deleted Trace.Registry.MyWebSearch Toolbar Value: HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch\OEHosts --> Windows4 Deleted Trace.Registry.MyWebSearch Toolbar Value: HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch\OEHosts --> Windows5 Deleted Trace.Registry.MyWebSearch Toolbar Value: HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch\OEHosts --> Windows6 Deleted Trace.Registry.MyWebSearch Toolbar Value: HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch\OEHosts --> Windows7 Deleted Trace.Registry.MyWebSearch Toolbar Value: HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch\SearchAssistant --> ABS Deleted Trace.Registry.MyWebSearch Toolbar Value: HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch\SearchAssistant --> ConfigDateStamp Deleted Trace.Registry.MyWebSearch Toolbar Value: HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch\SearchAssistant --> CurInstall Deleted Trace.Registry.MyWebSearch Toolbar Value: HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch\SearchAssistant --> DES Deleted Trace.Registry.MyWebSearch Toolbar Value: HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch\SearchAssistant --> Dir Deleted Trace.Registry.MyWebSearch Toolbar Value: HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch\SearchAssistant --> eintl Deleted Trace.Registry.MyWebSearch Toolbar Value: HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch\SearchAssistant --> esh Deleted Trace.Registry.MyWebSearch Toolbar Value: HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch\SearchAssistant --> Id Deleted Trace.Registry.MyWebSearch Toolbar Value: HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch\SearchAssistant --> LastRequest Deleted Trace.Registry.MyWebSearch Toolbar Value: HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch\SearchAssistant --> lsp Deleted Trace.Registry.MyWebSearch Toolbar Value: HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch\SearchAssistant --> NextRequest Deleted Trace.Registry.MyWebSearch Toolbar Value: HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch\SearchAssistant --> pid Deleted Trace.Registry.MyWebSearch Toolbar Value: HKEY_LOCAL_MACHINE\SOFTWARE\My Lenke til kommentar
Gjest medlem-105082 Skrevet 27. februar 2007 Del Skrevet 27. februar 2007 Har du fortsatt problemer? Lenke til kommentar
audda Skrevet 27. februar 2007 Forfatter Del Skrevet 27. februar 2007 Har du fortsatt problemer? 8041060[/snapback] Har ikke kommet noe i det siste, men jeg har ikke starta på nytt heller - så jeg vet ikke - venter på norbat - han/hun skriver nå Lenke til kommentar
norbat Skrevet 27. februar 2007 Del Skrevet 27. februar 2007 Hvis problemet er løst, er det flott. Gratulerer! Det er ei linje i HJT-loggen som har vært litt under lupen: O4 - HKLM\..\Run: [ClickMe] C:\apps\ClickMe\ClickMe.exe Kjenner du til dette programmet? Hvis ikke, gjør du følgende: Kjør HJT, sett merke framfor linja som er nevnt over, og klikk 'Fix checked' Sørg for at du kan se skjulte filer og mapper (kontrollpanel->mappealt.->vis->"vis skjulte filer og mapper') Restart i sikker modus (tapp F8 under oppstart) Bruk utforsker til å finne og slette mappa (i bold): C:\apps\ClickMe \ClickMe.exe Restart i normal modus Kjør en rens med CCleaner før du starter IE og ser om det nå ikke kan la deg få være i fred Lenke til kommentar
audda Skrevet 27. februar 2007 Forfatter Del Skrevet 27. februar 2007 WindowsDefender har jeg brukt hittil og jeg kom på at jeg kunne sjekke der og der fant jeg det som vises i vedlegget. Kan dette være årsaken til problemene? WindowsDefender_History.doc Lenke til kommentar
norbat Skrevet 27. februar 2007 Del Skrevet 27. februar 2007 (endret) Er litt usikker der. Uansett skal temporære internett file være slette nå. Hvis du nå restart pc'n og kjører IE, er problemet der fortsatt? Hvis det er borte har a-squard klart å fjerne annonsepopupen. Hvis problemet er der fortsatt, gjør du som tidligere nevnt det som står om ClickMe hvis dette ikke er et program du kjenner til. Sakt på en annen måte, hvis ClickMe ikke er et program du absolutt må ha, fjern det. Endret 27. februar 2007 av norbat Lenke til kommentar
audda Skrevet 28. februar 2007 Forfatter Del Skrevet 28. februar 2007 (endret) Å, nei! Det har ikke hjulpet - hva nå?? Har fjerna clickme - tror det er noe smileygreier. (Det er også 2 barn/ungdom på denne pc'en) Har kjørt a-squard en gang til - deep scan - og sletta det som kom opp da, deretter cclean før jeg åpna IE igjen. Men reklamen får jeg likevel! Logg fra a-scuard: Klikk for å se/fjerne innholdet nedenfor -squared Free - Version 2.1 Scan settings: Objects: Memory, Traces, Cookies, C:\, D:\ Scan archives: On Heuristics: On ADS Scan: On Scan start: 28.02.2007 07:30:28 C:\Documents and Settings\Aud\Cookies\aud@mediaplex[1].txt detected: Trace.TrackingCookie C:\Documents and Settings\Aud\Skrivebord\Sdfix\SDFix.exe/Process.exe detected: Riskware.RiskTool.Win32.Processor.20 C:\Documents and Settings\Aud\Skrivebord\SmitfraudFix\Process.#xe detected: Riskware.RiskTool.Win32.Processor.20 C:\Documents and Settings\Aud\Skrivebord\SmitfraudFix\Reboot.exe detected: Riskware.RiskTool.Win32.Reboot.f C:\Programfiler\Internet Explorer\msimg32.dll detected: Riskware.AdTool.Win32.MyWebSearch.au C:\Programfiler\MSN Messenger\riched20.#ll detected: Adware.Win32.MyWebSearch C:\SDFix\apps\Process.#xe detected: Riskware.RiskTool.Win32.Processor.20 C:\WINDOWS\system32\f3PSSavr.#cr detected: Adware.Win32.MyWebSearch C:\WINDOWS\system32\Process.#xe detected: Riskware.RiskTool.Win32.Processor.20 Scanned Files: 257081 Traces: 99863 Cookies: 18 Processes: 46 Found Files: 8 Traces: 0 Cookies: 1 Processes: 0 Registry keys: 0 Scan end: 28.02.2007 08:56:35 Scan time: 01:26:07 C:\Programfiler\MSN Messenger\riched20.#ll Deleted Adware.Win32.MyWebSearch C:\WINDOWS\system32\f3PSSavr.#cr Deleted Adware.Win32.MyWebSearch C:\Programfiler\Internet Explorer\msimg32.dll Deleted Riskware.AdTool.Win32.MyWebSearch.au C:\Documents and Settings\Aud\Skrivebord\SmitfraudFix\Reboot.exe Deleted Riskware.RiskTool.Win32.Reboot.f C:\Documents and Settings\Aud\Skrivebord\Sdfix\SDFix.exe/Process.exe Deleted Riskware.RiskTool.Win32.Processor.20 C:\Documents and Settings\Aud\Skrivebord\SmitfraudFix\Process.#xe Deleted Riskware.RiskTool.Win32.Processor.20 C:\SDFix\apps\Process.#xe Deleted Riskware.RiskTool.Win32.Processor.20 C:\WINDOWS\system32\Process.#xe Deleted Riskware.RiskTool.Win32.Processor.20 C:\Documents and Settings\Aud\Cookies\aud@mediaplex[1].txt Deleted Trace.TrackingCookie Deleted Files: 8 Traces: 0 Cookies: 1 Og HJT: Klikk for å se/fjerne innholdet nedenfor ogfile of HijackThis v1.99.1Scan saved at 09:27:06, on 28.02.2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16414) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\Programfiler\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Programfiler\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe C:\WINDOWS\system32\svchost.exe C:\Programfiler\Virtual CD v4 SDK\system\vcssecs.exe C:\Programfiler\Fellesfiler\Symantec Shared\Security Center\SymWSC.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Programfiler\Java\jre1.5.0_11\bin\jusched.exe C:\Apps\Powercinema\PCMService.exe C:\apps\ABoard\ABoard.exe C:\Programfiler\iTunes\iTunesHelper.exe C:\Programfiler\QuickTime\qttask.exe C:\Programfiler\ATI Technologies\ATI.ACE\cli.exe C:\Programfiler\Windows Defender\MSASCui.exe C:\Programfiler\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\apps\ABoard\AOSD.exe C:\Programfiler\iPod\bin\iPodService.exe C:\Programfiler\Google\Google Desktop Search\GoogleDesktop.exe C:\WINDOWS\system32\ctfmon.exe C:\Programfiler\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Programfiler\ATI Technologies\ATI.ACE\cli.exe C:\Programfiler\ATI Technologies\ATI.ACE\cli.exe C:\Programfiler\Google\Google Desktop Search\GoogleDesktopIndex.exe C:\Programfiler\Google\Google Desktop Search\GoogleDesktopCrawl.exe C:\Programfiler\Internet Explorer\iexplore.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Documents and Settings\Aud\Skrivebord\test\test.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.folkedans.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.no/0SENBNO/SAOS01?FORM=TOOLBR R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Packard Bell R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.5.0_11\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programfiler\google\googletoolbar3.dll O2 - BHO: MSN Search Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programfiler\MSN Toolbar Suite\TB\02.05.0000.1105\nb-no\msntb.dll O3 - Toolbar: MSN Search Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programfiler\MSN Toolbar Suite\TB\02.05.0000.1105\nb-no\msntb.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programfiler\google\googletoolbar3.dll O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [ATIPTA] C:\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programfiler\Java\jre1.5.0_11\bin\jusched.exe" O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe" O4 - HKLM\..\Run: [ACTIVBOARD] c:\apps\ABoard\ABoard.exe O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP O4 - HKLM\..\Run: [TkBellExe] "C:\Programfiler\Fellesfiler\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [iTunesHelper] "C:\Programfiler\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [ATICCC] "C:\Programfiler\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay O4 - HKLM\..\Run: [Windows Defender] "C:\Programfiler\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Programfiler\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKCU\..\Run: [Google Desktop Search] "C:\Programfiler\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] C:\Programfiler\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - Global Startup: Hurtigstart for Adobe Reader.lnk = C:\Programfiler\Adobe\Acrobat 7.0\Reader\reader_sl.exe O8 - Extra context menu item: &MSN Search - res://C:\Programfiler\MSN Toolbar Suite\TB\02.05.0000.1105\nb-no\msntb.dll/search.htm O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Åpne i ny bakgrunnsflik - res://C:\Programfiler\MSN Toolbar Suite\TAB\02.05.0000.1105\nb-no\msntabres.dll/229?b5ffb6e619d24c099cc21e1a649ae739 O8 - Extra context menu item: Åpne i ny forgrunnsflik - res://C:\Programfiler\MSN Toolbar Suite\TAB\02.05.0000.1105\nb-no\msntabres.dll/230?b5ffb6e619d24c099cc21e1a649ae739 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0_11\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0_11\bin\ssv.dll O9 - Extra button: Oppslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O11 - Options group: [iNTERNATIONAL] International* O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1120978288453 O16 - DPF: {6E2510E6-BF2D-4C78-9F28-2F5C8760F124} (ERPageAddin Class) - https://joint.prosjekthotell.com/eRoomSetup/client.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmesse...pdownloader.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab O16 - DPF: {C45B1500-7B63-47C2-AB25-C28CB46AFDEE} (Music Manager) - http://img.pvw.od2.com/installation/Plugin...nagerPlugin.CAB O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab31267.cab O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab31267.cab O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O20 - Winlogon Notify: !SASWinLogon - C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Programfiler\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Programfiler\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programfiler\Fellesfiler\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Programfiler\iPod\bin\iPodService.exe O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\Security Center\SymWSC.exe O23 - Service: Virtual CD v4 Security service (SDK - Version) (VCSSecS) - H+H Software GmbH - C:\Programfiler\Virtual CD v4 SDK\system\vcssecs.exe Endret 28. februar 2007 av audda Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå