m0g1e Skrevet 22. mars 2008 Del Skrevet 22. mars 2008 Har ny rekord i antall infiseringer på en PC jeg skal ordne her - i alle fall mtp antallet infiseringer funnet i SAS. Ser og etter en liten sjekk på http://hijackthis.de/en med HJT-loggen at en del må ordnes. Tydeligvis en del i registeret som er blitt modifisert.. HJT er kjørt etter SAS naturligvis har og kjørt CCleaner for fjerning av alt midlertidig innhold på PC. SAS-logg: Klikk for å se/fjerne innholdet nedenfor SUPERAntiSpyware Scan Log http://www.superantispyware.com Generated 01/02/1988 at 10:37 PM Application Version : 3.9.1008 Core Rules Database Version : 3422 Trace Rules Database Version: 1414 Scan type : Complete Scan Total Scan Time : 00:18:34 Memory items scanned : 411 Memory threats detected : 0 Registry items scanned : 5301 Registry threats detected : 196 File items scanned : 14246 File threats detected : 250 Trojan.Bronto HKLM\Software\Classes\CLSID\{D27987B8-7244-4DE0-AE10-39B826B492F1} HKCR\CLSID\{D27987B8-7244-4DE0-AE10-39B826B492F1} HKCR\CLSID\{D27987B8-7244-4DE0-AE10-39B826B492F1}\InprocServer32 HKCR\CLSID\{D27987B8-7244-4DE0-AE10-39B826B492F1}\InprocServer32#ThreadingModel HKCR\CLSID\{D27987B8-7244-4DE0-AE10-39B826B492F1}\InprocServer32#Enable Browser Extensions C:\WINDOWS\SYSTEM32\BRONTO.DLL HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D27987B8-7244-4DE0-AE10-39B826B492F1} Trojan.SmitFraud Variant HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{77701e16-9bfe-4b63-a5b4-7bd156758a37} Adware.2020Search HKU\S-1-5-21-796845957-1708537768-854245398-1003\Software\Microsoft\Internet Explorer\Toolbar#{4e7bd74f-2b8d-469e-92c6-ce7eb590a94d} Adware.180solutions/Search Assistant HKCR\LMgr180.WMDRMAx HKCR\LMgr180.WMDRMAx\CLSID HKCR\LMgr180.WMDRMAx\CurVer HKCR\LMgr180.WMDRMAx.1 HKCR\LMgr180.WMDRMAx.1\CLSID HKCR\Interface\{2B0ECEAC-F597-4858-A542-D966B49055B9} HKCR\Interface\{2B0ECEAC-F597-4858-A542-D966B49055B9}\ProxyStubClsid HKCR\Interface\{2B0ECEAC-F597-4858-A542-D966B49055B9}\ProxyStubClsid32 HKCR\Interface\{DDEA2E1D-8555-45E5-AF09-EC9AA4EA27AD} HKCR\Interface\{DDEA2E1D-8555-45E5-AF09-EC9AA4EA27AD}\ProxyStubClsid HKCR\Interface\{DDEA2E1D-8555-45E5-AF09-EC9AA4EA27AD}\ProxyStubClsid32 HKCR\Interface\{F1F1E775-1B21-454D-8D38-7C16519969E5} HKCR\Interface\{F1F1E775-1B21-454D-8D38-7C16519969E5}\ProxyStubClsid HKCR\Interface\{F1F1E775-1B21-454D-8D38-7C16519969E5}\ProxyStubClsid32 Adware.180solutions/ZangoSearch HKCR\ClientAX.ClientInstaller.1 HKCR\ClientAX.ClientInstaller.1\CLSID HKCR\ClientAX.RequiredComponent.1 HKCR\ClientAX.RequiredComponent.1\CLSID HKCR\ClientAX.ZangoClientAX HKCR\ClientAX.ZangoClientAX\CLSID HKCR\ClientAX.ZangoClientAX\CurVer HKCR\ClientAX.ZangoClientAX.1 HKCR\ClientAX.ZangoClientAX.1\CLSID HKCR\CLSID\{51CF80DC-A309-4735-BB11-EF18BF4E3AD9} HKCR\CLSID\{51CF80DC-A309-4735-BB11-EF18BF4E3AD9}\Control HKCR\CLSID\{51CF80DC-A309-4735-BB11-EF18BF4E3AD9}\MiscStatus HKCR\CLSID\{51CF80DC-A309-4735-BB11-EF18BF4E3AD9}\MiscStatus\1 HKCR\CLSID\{51CF80DC-A309-4735-BB11-EF18BF4E3AD9}\ProgID HKCR\CLSID\{51CF80DC-A309-4735-BB11-EF18BF4E3AD9}\Programmable HKCR\CLSID\{51CF80DC-A309-4735-BB11-EF18BF4E3AD9}\Version HKCR\CLSID\{51CF80DC-A309-4735-BB11-EF18BF4E3AD9}\VersionIndependentProgID HKCR\CLSID\{F31A5D11-BF0B-4A4E-90AF-274F2090AAA6} HKCR\CLSID\{F31A5D11-BF0B-4A4E-90AF-274F2090AAA6}\ProgID HKCR\CLSID\{F31A5D11-BF0B-4A4E-90AF-274F2090AAA6}\Programmable HKCR\CLSID\{F31A5D11-BF0B-4A4E-90AF-274F2090AAA6}\VersionIndependentProgID HKCR\CLSID\{0AC49246-419B-4EE0-8917-8818DAAD6A4E} HKCR\CLSID\{0AC49246-419B-4EE0-8917-8818DAAD6A4E}\Control HKCR\CLSID\{0AC49246-419B-4EE0-8917-8818DAAD6A4E}\MiscStatus HKCR\CLSID\{0AC49246-419B-4EE0-8917-8818DAAD6A4E}\MiscStatus\1 HKCR\CLSID\{0AC49246-419B-4EE0-8917-8818DAAD6A4E}\ProgID HKCR\CLSID\{0AC49246-419B-4EE0-8917-8818DAAD6A4E}\Programmable HKCR\CLSID\{0AC49246-419B-4EE0-8917-8818DAAD6A4E}\Version HKCR\CLSID\{0AC49246-419B-4EE0-8917-8818DAAD6A4E}\VersionIndependentProgID HKCR\CLSID\{99410CDE-6F16-42ce-9D49-3807F78F0287} HKCR\CLSID\{99410CDE-6F16-42ce-9D49-3807F78F0287}\Control HKCR\CLSID\{99410CDE-6F16-42ce-9D49-3807F78F0287}\MiscStatus HKCR\CLSID\{99410CDE-6F16-42ce-9D49-3807F78F0287}\MiscStatus\1 HKCR\CLSID\{99410CDE-6F16-42ce-9D49-3807F78F0287}\ProgID HKCR\CLSID\{99410CDE-6F16-42ce-9D49-3807F78F0287}\Programmable HKCR\CLSID\{99410CDE-6F16-42ce-9D49-3807F78F0287}\Version HKCR\CLSID\{99410CDE-6F16-42ce-9D49-3807F78F0287}\VersionIndependentProgID HKCR\Interface\{6C092742-10FE-4DB2-988D-FC71948DE70C} HKCR\Interface\{6C092742-10FE-4DB2-988D-FC71948DE70C}\ProxyStubClsid HKCR\Interface\{6C092742-10FE-4DB2-988D-FC71948DE70C}\ProxyStubClsid32 HKCR\Interface\{7FA8976F-D00C-4E98-8729-A66569233FB5} HKCR\Interface\{7FA8976F-D00C-4E98-8729-A66569233FB5}\ProxyStubClsid HKCR\Interface\{7FA8976F-D00C-4E98-8729-A66569233FB5}\ProxyStubClsid32 HKCR\Interface\{A16650A9-B065-40EC-BBD1-F8D370D17FB1} HKCR\Interface\{A16650A9-B065-40EC-BBD1-F8D370D17FB1}\ProxyStubClsid HKCR\Interface\{A16650A9-B065-40EC-BBD1-F8D370D17FB1}\ProxyStubClsid32 HKCR\Interface\{BDDDF1A5-51A9-4F51-B38D-4CD0AD831B31} HKCR\Interface\{BDDDF1A5-51A9-4F51-B38D-4CD0AD831B31}\ProxyStubClsid HKCR\Interface\{BDDDF1A5-51A9-4F51-B38D-4CD0AD831B31}\ProxyStubClsid32 HKCR\Interface\{E43DFAA6-8C16-4519-B022-8792408505A4} HKCR\Interface\{E43DFAA6-8C16-4519-B022-8792408505A4}\ProxyStubClsid HKCR\Interface\{E43DFAA6-8C16-4519-B022-8792408505A4}\ProxyStubClsid32 Trojan.WinAntiSpyware/WinAntiVirus 2006/2007 HKCR\WAP6.PCheck HKCR\WAP6.PCheck\CLSID HKCR\WAP6.PCheck\CurVer HKCR\WAP6.PCheck.1 HKCR\WAP6.PCheck.1\CLSID HKCR\CLSID\{B2A3156E-3332-4b47-AF5A-5B121503514F} HKCR\CLSID\{B2A3156E-3332-4b47-AF5A-5B121503514F}\Implemented Categories HKCR\CLSID\{B2A3156E-3332-4b47-AF5A-5B121503514F}\Implemented Categories\{7DD95801-9882-11CF-9FA9-00AA006C42C4} HKCR\CLSID\{B2A3156E-3332-4b47-AF5A-5B121503514F}\Implemented Categories\{7DD95802-9882-11CF-9FA9-00AA006C42C4} HKCR\CLSID\{B2A3156E-3332-4b47-AF5A-5B121503514F}\InprocServer32 HKCR\CLSID\{B2A3156E-3332-4b47-AF5A-5B121503514F}\InprocServer32#ThreadingModel HKCR\CLSID\{B2A3156E-3332-4b47-AF5A-5B121503514F}\ProgID HKCR\CLSID\{B2A3156E-3332-4b47-AF5A-5B121503514F}\Programmable HKCR\CLSID\{B2A3156E-3332-4b47-AF5A-5B121503514F}\VersionIndependentProgID HKCR\TypeLib\{1234890A-5E6E-4867-8136-CA6F1456B235} HKCR\TypeLib\{1234890A-5E6E-4867-8136-CA6F1456B235}\1.0 HKCR\TypeLib\{1234890A-5E6E-4867-8136-CA6F1456B235}\1.0 HKCR\TypeLib\{1234890A-5E6E-4867-8136-CA6F1456B235}\1.0\win32 HKCR\TypeLib\{1234890A-5E6E-4867-8136-CA6F1456B235}\1.0\FLAGS HKCR\TypeLib\{1234890A-5E6E-4867-8136-CA6F1456B235}\1.0\HELPDIR HKCR\Interface\{E18B69D0-7E9E-4C6E-BDD8-879A1FFF7123} HKCR\Interface\{E18B69D0-7E9E-4C6E-BDD8-879A1FFF7123}\ProxyStubClsid HKCR\Interface\{E18B69D0-7E9E-4C6E-BDD8-879A1FFF7123}\ProxyStubClsid32 HKCR\Interface\{E18B69D0-7E9E-4C6E-BDD8-879A1FFF7123}\TypeLib HKCR\Interface\{E18B69D0-7E9E-4C6E-BDD8-879A1FFF7123}\TypeLib#Version HKU\S-1-5-21-796845957-1708537768-854245398-1003\Software\WinAntiVirus Pro 2007 HKCR\UWAP7.PCheck.1 HKCR\UWAP7.PCheck.1\CurVer HKCR\CLSID\{2A5C2E6D-864B-4f2c-9542-8B272741D78B} HKCR\CLSID\{2A5C2E6D-864B-4f2c-9542-8B272741D78B}\InprocServer32 HKCR\CLSID\{2A5C2E6D-864B-4f2c-9542-8B272741D78B}\InprocServer32#ThreadingModel HKCR\CLSID\{2A5C2E6D-864B-4f2c-9542-8B272741D78B}\ProgID HKCR\CLSID\{2A5C2E6D-864B-4f2c-9542-8B272741D78B}\Programmable HKCR\CLSID\{2A5C2E6D-864B-4f2c-9542-8B272741D78B}\VersionIndependentProgID HKCR\TypeLib\{6F520BE0-9B54-4558-816F-224E67997DF3} HKCR\TypeLib\{6F520BE0-9B54-4558-816F-224E67997DF3}\1.0 HKCR\TypeLib\{6F520BE0-9B54-4558-816F-224E67997DF3}\1.0 HKCR\TypeLib\{6F520BE0-9B54-4558-816F-224E67997DF3}\1.0\win32 HKCR\TypeLib\{6F520BE0-9B54-4558-816F-224E67997DF3}\1.0\FLAGS HKCR\TypeLib\{6F520BE0-9B54-4558-816F-224E67997DF3}\1.0\HELPDIR HKCR\Interface\{459F4226-1AAB-43B6-9DC1-B6313EF83749} HKCR\Interface\{459F4226-1AAB-43B6-9DC1-B6313EF83749}\ProxyStubClsid HKCR\Interface\{459F4226-1AAB-43B6-9DC1-B6313EF83749}\ProxyStubClsid32 HKCR\Interface\{459F4226-1AAB-43B6-9DC1-B6313EF83749}\TypeLib HKCR\Interface\{459F4226-1AAB-43B6-9DC1-B6313EF83749}\TypeLib#Version C:\Documents and Settings\Raymond\Programdata\WinAntiVirus Pro 2006\Logs C:\Documents and Settings\Raymond\Programdata\WinAntiVirus Pro 2006\PGE.dat C:\Documents and Settings\Raymond\Programdata\WinAntiVirus Pro 2006 C:\Documents and Settings\Raymond\Programdata\WinAntiVirus Pro 2007\avtasks.dat C:\Documents and Settings\Raymond\Programdata\WinAntiVirus Pro 2007\history.db C:\Documents and Settings\Raymond\Programdata\WinAntiVirus Pro 2007\Logs\update.log C:\Documents and Settings\Raymond\Programdata\WinAntiVirus Pro 2007\Logs\wa7Support.log C:\Documents and Settings\Raymond\Programdata\WinAntiVirus Pro 2007\Logs\winav.log C:\Documents and Settings\Raymond\Programdata\WinAntiVirus Pro 2007\Logs C:\Documents and Settings\Raymond\Programdata\WinAntiVirus Pro 2007\PGE.dat C:\Documents and Settings\Raymond\Programdata\WinAntiVirus Pro 2007 C:\Programfiler\Fellesfiler\WinAntiVirus Pro 2007\err.log C:\Programfiler\Fellesfiler\WinAntiVirus Pro 2007\mfc71.dll C:\Programfiler\Fellesfiler\WinAntiVirus Pro 2007\msvcp71.dll C:\Programfiler\Fellesfiler\WinAntiVirus Pro 2007\msvcr71.dll C:\Programfiler\Fellesfiler\WinAntiVirus Pro 2007 C:\UWA7P\Quar C:\WINDOWS\..\UWA7P Trojan.Malware C:\WINDOWS\bg.gif Trojan.Security Toolbar C:\Documents and Settings\All Users\Start-meny\Online Security Guide.url C:\Documents and Settings\All Users\Start-meny\Security Troubleshooting.url Malware.TitanShield C:\Programfiler\TitanShield Antispyware\interface C:\Programfiler\TitanShield Antispyware\sounds\crit.wav C:\Programfiler\TitanShield Antispyware\sounds C:\Programfiler\TitanShield Antispyware\titanshield.url C:\Programfiler\TitanShield Antispyware\unins000.dat C:\Programfiler\TitanShield Antispyware C:\Documents and Settings\Raymond\Lokale innstillinger\Programdata\TitanShield\DB\adesktop_dg.list C:\Documents and Settings\Raymond\Lokale innstillinger\Programdata\TitanShield\DB\explorer_dg.list C:\Documents and Settings\Raymond\Lokale innstillinger\Programdata\TitanShield\DB\fg_files.list C:\Documents and Settings\Raymond\Lokale innstillinger\Programdata\TitanShield\DB\fg_folders.list C:\Documents and Settings\Raymond\Lokale innstillinger\Programdata\TitanShield\DB\hijack.patterns C:\Documents and Settings\Raymond\Lokale innstillinger\Programdata\TitanShield\DB\hijack.places C:\Documents and Settings\Raymond\Lokale innstillinger\Programdata\TitanShield\DB\ie_dg.list C:\Documents and Settings\Raymond\Lokale innstillinger\Programdata\TitanShield\DB\ie_rg.list C:\Documents and Settings\Raymond\Lokale innstillinger\Programdata\TitanShield\DB\known.db C:\Documents and Settings\Raymond\Lokale innstillinger\Programdata\TitanShield\DB\rgexplorer_rg.list C:\Documents and Settings\Raymond\Lokale innstillinger\Programdata\TitanShield\DB\rgmisc_rg.list C:\Documents and Settings\Raymond\Lokale innstillinger\Programdata\TitanShield\DB\runcu_sg.list C:\Documents and Settings\Raymond\Lokale innstillinger\Programdata\TitanShield\DB\runlm_sg.list C:\Documents and Settings\Raymond\Lokale innstillinger\Programdata\TitanShield\DB\run_backup C:\Documents and Settings\Raymond\Lokale innstillinger\Programdata\TitanShield\DB\snapshots07854A9.regsnap C:\Documents and Settings\Raymond\Lokale innstillinger\Programdata\TitanShield\DB\snapshots29BFEF9.regsnap C:\Documents and Settings\Raymond\Lokale innstillinger\Programdata\TitanShield\DB\snapshots674D27B.regsnap C:\Documents and Settings\Raymond\Lokale innstillinger\Programdata\TitanShield\DB\snapshots82B8C8A.regsnap C:\Documents and Settings\Raymond\Lokale innstillinger\Programdata\TitanShield\DB\snapshots9A180E4.filesnap C:\Documents and Settings\Raymond\Lokale innstillinger\Programdata\TitanShield\DB\snapshotsBC6FBF8.regsnap C:\Documents and Settings\Raymond\Lokale innstillinger\Programdata\TitanShield\DB\snapshotsBDA58A7.regsnap C:\Documents and Settings\Raymond\Lokale innstillinger\Programdata\TitanShield\DB\snapshotsC4B874C.regsnap C:\Documents and Settings\Raymond\Lokale innstillinger\Programdata\TitanShield\DB\snapshotsED0311E.regsnap C:\Documents and Settings\Raymond\Lokale innstillinger\Programdata\TitanShield\DB\snapshotsF1FC349.regsnap C:\Documents and Settings\Raymond\Lokale innstillinger\Programdata\TitanShield\DB\snapshots\1F9E1FCD.regsnap C:\Documents and Settings\Raymond\Lokale innstillinger\Programdata\TitanShield\DB\snapshots\2635CE5B.regsnap C:\Documents and Settings\Raymond\Lokale innstillinger\Programdata\TitanShield\DB\snapshots\2A0C3AD8.regsnap C:\Documents and Settings\Raymond\Lokale innstillinger\Programdata\TitanShield\DB\snapshots\2A49AFF3.regsnap C:\Documents and Settings\Raymond\Lokale innstillinger\Programdata\TitanShield\DB\snapshots\2B2E1020.regsnap C:\Documents and Settings\Raymond\Lokale innstillinger\Programdata\TitanShield\DB\snapshots\2B848F35.regsnap C:\Documents and Settings\Raymond\Lokale innstillinger\Programdata\TitanShield\DB\snapshots\2C33E4AA.regsnap C:\Documents and Settings\Raymond\Lokale innstillinger\Programdata\TitanShield\DB\snapshots\2D8C4B11.regsnap C:\Documents and Settings\Raymond\Lokale innstillinger\Programdata\TitanShield\DB\snapshots\344AFC03.regsnap C:\Documents and Settings\Raymond\Lokale innstillinger\Programdata\TitanShield\DB\snapshots\3668B637.regsnap C:\Documents and Settings\Raymond\Lokale innstillinger\Programdata\TitanShield\DB\snapshots\3AB19C3A.regsnap C:\Documents and Settings\Raymond\Lokale innstillinger\Programdata\TitanShield\DB\snapshots\3B3E8124.regsnap C:\Documents and Settings\Raymond\Lokale innstillinger\Programdata\TitanShield\DB\snapshots\3F1B4E75.regsnap C:\Documents and Settings\Raymond\Lokale innstillinger\Programdata\TitanShield\DB\snapshots\458F325B.filesnap C:\Documents and Settings\Raymond\Lokale innstillinger\Programdata\TitanShield\DB\snapshots\45A66236.regsnap C:\Documents and Settings\Raymond\Lokale innstillinger\Programdata\TitanShield\DB\snapshots\474706CE.regsnap C:\Documents and Settings\Raymond\Lokale innstillinger\Programdata\TitanShield\DB\snapshots\484313B2.regsnap C:\Documents and Settings\Raymond\Lokale innstillinger\Programdata\TitanShield\DB\snapshots\4E16B0BC.regsnap C:\Documents and Settings\Raymond\Lokale innstillinger\Programdata\TitanShield\DB\snapshots\51B4EC5E.filesnap C:\Documents and Settings\Raymond\Lokale innstillinger\Programdata\TitanShield\DB\snapshots\5450B1DA.regsnap C:\Documents and Settings\Raymond\Lokale innstillinger\Programdata\TitanShield\DB\snapshots\562A3A82.regsnap C:\Documents and Settings\Raymond\Lokale innstillinger\Programdata\TitanShield\DB\snapshots\599D3BEA.regsnap C:\Documents and Settings\Raymond\Lokale innstillinger\Programdata\TitanShield\DB\snapshots\5DC25267.regsnap C:\Documents and Settings\Raymond\Lokale innstillinger\Programdata\TitanShield\DB\snapshots\5EA067CF.regsnap C:\Documents and Settings\Raymond\Lokale innstillinger\Programdata\TitanShield\DB\snapshots\5F2EFBE7.regsnap C:\Documents and Settings\Raymond\Lokale innstillinger\Programdata\TitanShield\DB\snapshots\620EBA7D.regsnap C:\Documents and Settings\Raymond\Lokale innstillinger\Programdata\TitanShield\DB\snapshots\6297474D.regsnap C:\Documents and Settings\Raymond\Lokale innstillinger\Programdata\TitanShield\DB\snapshots\63AB78AE.regsnap C:\Documents and Settings\Raymond\Lokale innstillinger\Programdata\TitanShield\DB\snapshots\6F032B99.regsnap C:\Documents and Settings\Raymond\Lokale innstillinger\Programdata\TitanShield\DB\snapshots\6F6D0EAC.regsnap C:\Documents and Settings\Raymond\Lokale innstillinger\Programdata\TitanShield\DB\snapshots\700BE660.regsnap C:\Documents and Settings\Raymond\Lokale innstillinger\Programdata\TitanShield\DB\snapshots\72478AC7.filesnap C:\Documents and Settings\Raymond\Lokale innstillinger\Programdata\TitanShield\DB\snapshots\731B4071.regsnap C:\Documents and Settings\Raymond\Lokale innstillinger\Programdata\TitanShield\DB\snapshots\760B8003.filesnap C:\Documents and Settings\Raymond\Lokale innstillinger\Programdata\TitanShield\DB\snapshots\79025847.regsnap C:\Documents and Settings\Raymond\Lokale innstillinger\Programdata\TitanShield\DB\snapshots\797224AB.regsnap C:\Documents and Settings\Raymond\Lokale innstillinger\Programdata\TitanShield\DB\snapshots\7D56A93A.regsnap C:\Documents and Settings\Raymond\Lokale innstillinger\Programdata\TitanShield\DB\snapshots\7D73B654.regsnap C:\Documents and Settings\Raymond\Lokale innstillinger\Programdata\TitanShield\DB\snapshots\7F081BD4.regsnap C:\Documents and Settings\Raymond\Lokale innstillinger\Programdata\TitanShield\DB\snapshots\81DA409C.regsnap C:\Documents and Settings\Raymond\Lokale innstillinger\Programdata\TitanShield\DB\snapshots\83E6BD92.regsnap C:\Documents and Settings\Raymond\Lokale innstillinger\Programdata\TitanShield\DB\snapshots\85B1A227.regsnap C:\Documents and Settings\Raymond\Lokale innstillinger\Programdata\TitanShield\DB\snapshots\85D3A1B8.regsnap C:\Documents and Settings\Raymond\Lokale innstillinger\Programdata\TitanShield\DB\snapshots\8754D03D.filesnap C:\Documents and Settings\Raymond\Lokale innstillinger\Programdata\TitanShield\DB\snapshots\879A6643.regsnap C:\Documents and Settings\Raymond\Lokale innstillinger\Programdata\TitanShield\DB\snapshots\8B574B57.regsnap C:\Documents and Settings\Raymond\Lokale innstillinger\Programdata\TitanShield\DB\snapshots\8C759FFA.filesnap C:\Documents and Settings\Raymond\Lokale innstillinger\Programdata\TitanShield\DB\snapshots\901D41C8.regsnap C:\Documents and Settings\Raymond\Lokale innstillinger\Programdata\TitanShield\DB\snapshots\9593ACC5.regsnap C:\Documents and Settings\Raymond\Lokale innstillinger\Programdata\TitanShield\DB\snapshots\9985314A.regsnap C:\Documents and Settings\Raymond\Lokale innstillinger\Programdata\TitanShield\DB\snapshots\9C441370.regsnap C:\Documents and Settings\Raymond\Lokale innstillinger\Programdata\TitanShield\DB\snapshots\9D82634C.regsnap C:\Documents and Settings\Raymond\Lokale innstillinger\Programdata\TitanShield\DB\snapshots\A1058808.regsnap C:\Documents and Settings\Raymond\Lokale innstillinger\Programdata\TitanShield\DB\snapshots\A7C385A8.regsnap C:\Documents and Settings\Raymond\Lokale innstillinger\Programdata\TitanShield\DB\snapshots\AA26BD23.regsnap C:\Documents and Settings\Raymond\Lokale innstillinger\Programdata\TitanShield\DB\snapshots\AB0EEEBA.filesnap C:\Documents and Settings\Raymond\Lokale innstillinger\Programdata\TitanShield\DB\snapshots\AB6199AA.regsnap C:\Documents and Settings\Raymond\Lokale innstillinger\Programdata\TitanShield\DB\snapshots\AD115882.regsnap C:\Documents and Settings\Raymond\Lokale innstillinger\Programdata\TitanShield\DB\snapshots\ADD0ED7F.regsnap C:\Documents and Settings\Raymond\Lokale innstillinger\Programdata\TitanShield\DB\snapshots\B568FDFA.regsnap C:\Documents and Settings\Raymond\Lokale innstillinger\Programdata\TitanShield\DB\snapshots\B63277AE.regsnap C:\Documents and Settings\Raymond\Lokale innstillinger\Programdata\TitanShield\DB\snapshots\B8802ABF.regsnap C:\Documents and Settings\Raymond\Lokale innstillinger\Programdata\TitanShield\DB\snapshots\B96FF3B2.regsnap C:\Documents and Settings\Raymond\Lokale innstillinger\Programdata\TitanShield\DB\snapshots\BB7326B4.regsnap C:\Documents and Settings\Raymond\Lokale innstillinger\Programdata\TitanShield\DB\snapshots\BD4E3B67.regsnap C:\Documents and Settings\Raymond\Lokale innstillinger\Programdata\TitanShield\DB\snapshots\C0EF59AC.regsnap C:\Documents and Settings\Raymond\Lokale innstillinger\Programdata\TitanShield\DB\snapshots\C152CE51.regsnap C:\Documents and Settings\Raymond\Lokale innstillinger\Programdata\TitanShield\DB\snapshots\C25D5084.regsnap C:\Documents and Settings\Raymond\Lokale innstillinger\Programdata\TitanShield\DB\snapshots\C26B8274.regsnap C:\Documents and Settings\Raymond\Lokale innstillinger\Programdata\TitanShield\DB\snapshots\C6A4D43B.regsnap C:\Documents and Settings\Raymond\Lokale innstillinger\Programdata\TitanShield\DB\snapshots\C979E988.filesnap C:\Documents and Settings\Raymond\Lokale innstillinger\Programdata\TitanShield\DB\snapshots\CA160F15.regsnap C:\Documents and Settings\Raymond\Lokale innstillinger\Programdata\TitanShield\DB\snapshots\CA8889B1.regsnap C:\Documents and Settings\Raymond\Lokale innstillinger\Programdata\TitanShield\DB\snapshots\CDE9E2A0.regsnap C:\Documents and Settings\Raymond\Lokale innstillinger\Programdata\TitanShield\DB\snapshots\D0D6C339.regsnap C:\Documents and Settings\Raymond\Lokale innstillinger\Programdata\TitanShield\DB\snapshots\D50C4C0E.regsnap C:\Documents and Settings\Raymond\Lokale innstillinger\Programdata\TitanShield\DB\snapshots\D7C8EB71.filesnap C:\Documents and Settings\Raymond\Lokale innstillinger\Programdata\TitanShield\DB\snapshots\D9F9A77A.filesnap C:\Documents and Settings\Raymond\Lokale innstillinger\Programdata\TitanShield\DB\snapshots\DCB433ED.regsnap C:\Documents and Settings\Raymond\Lokale innstillinger\Programdata\TitanShield\DB\snapshots\DD49A014.regsnap C:\Documents and Settings\Raymond\Lokale innstillinger\Programdata\TitanShield\DB\snapshots\DF47D914.regsnap C:\Documents and Settings\Raymond\Lokale innstillinger\Programdata\TitanShield\DB\snapshots\E18E4D46.regsnap C:\Documents and Settings\Raymond\Lokale innstillinger\Programdata\TitanShield\DB\snapshots\E1F6F90D.regsnap C:\Documents and Settings\Raymond\Lokale innstillinger\Programdata\TitanShield\DB\snapshots\E9CFDED5.regsnap C:\Documents and Settings\Raymond\Lokale innstillinger\Programdata\TitanShield\DB\snapshots\EAEF3407.regsnap C:\Documents and Settings\Raymond\Lokale innstillinger\Programdata\TitanShield\DB\snapshots\F269E51D.regsnap C:\Documents and Settings\Raymond\Lokale innstillinger\Programdata\TitanShield\DB\snapshots\F2B7E9B6.regsnap C:\Documents and Settings\Raymond\Lokale innstillinger\Programdata\TitanShield\DB\snapshots\F8FBB42D.regsnap C:\Documents and Settings\Raymond\Lokale innstillinger\Programdata\TitanShield\DB\snapshots\FB02CAD3.regsnap C:\Documents and Settings\Raymond\Lokale innstillinger\Programdata\TitanShield\DB\snapshots\FC57802F.regsnap C:\Documents and Settings\Raymond\Lokale innstillinger\Programdata\TitanShield\DB\snapshots\FD37A39A.regsnap C:\Documents and Settings\Raymond\Lokale innstillinger\Programdata\TitanShield\DB\snapshots\FDBC69A3.filesnap C:\Documents and Settings\Raymond\Lokale innstillinger\Programdata\TitanShield\DB\snapshots\FE1376B2.regsnap C:\Documents and Settings\Raymond\Lokale innstillinger\Programdata\TitanShield\DB\snapshots\FF0534F2.regsnap C:\Documents and Settings\Raymond\Lokale innstillinger\Programdata\TitanShield\DB\snapshots\FF135F90.regsnap C:\Documents and Settings\Raymond\Lokale innstillinger\Programdata\TitanShield\DB\snapshots C:\Documents and Settings\Raymond\Lokale innstillinger\Programdata\TitanShield\DB\spyware.db C:\Documents and Settings\Raymond\Lokale innstillinger\Programdata\TitanShield\DB\system_dg.list C:\Documents and Settings\Raymond\Lokale innstillinger\Programdata\TitanShield\DB\tracks.db C:\Documents and Settings\Raymond\Lokale innstillinger\Programdata\TitanShield\DB C:\Documents and Settings\Raymond\Lokale innstillinger\Programdata\TitanShield\Logs1_01_1988_00_04_50_615.log C:\Documents and Settings\Raymond\Lokale innstillinger\Programdata\TitanShield\Logs1_01_1988_00_10_17_107.log C:\Documents and Settings\Raymond\Lokale innstillinger\Programdata\TitanShield\Logs1_01_2007_13_59_06_929.log C:\Documents and Settings\Raymond\Lokale innstillinger\Programdata\TitanShield\Logs1_01_2007_14_37_06_185.log C:\Documents and Settings\Raymond\Lokale innstillinger\Programdata\TitanShield\Logs1_01_2007_15_42_01_937.log C:\Documents and Settings\Raymond\Lokale innstillinger\Programdata\TitanShield\Logs1_01_2007_15_44_52_500.log C:\Documents and Settings\Raymond\Lokale innstillinger\Programdata\TitanShield\Logs1_01_2007_17_37_58_288.log C:\Documents and Settings\Raymond\Lokale innstillinger\Programdata\TitanShield\Logs1_01_2007_18_19_23_819.log C:\Documents and Settings\Raymond\Lokale innstillinger\Programdata\TitanShield\Logs2_01_2007_00_44_54_652.log C:\Documents and Settings\Raymond\Lokale innstillinger\Programdata\TitanShield\Logs2_01_2007_21_56_19_791.log C:\Documents and Settings\Raymond\Lokale innstillinger\Programdata\TitanShield\Logs2_01_2007_22_48_11_931.log C:\Documents and Settings\Raymond\Lokale innstillinger\Programdata\TitanShield\Logs3_01_2007_01_03_11_842.log C:\Documents and Settings\Raymond\Lokale innstillinger\Programdata\TitanShield\Logs3_01_2007_01_44_19_912.log C:\Documents and Settings\Raymond\Lokale innstillinger\Programdata\TitanShield\Logs3_01_2007_17_12_00_917.log C:\Documents and Settings\Raymond\Lokale innstillinger\Programdata\TitanShield\Logs4_01_2007_19_15_02_987.log C:\Documents and Settings\Raymond\Lokale innstillinger\Programdata\TitanShield\Logs4_01_2007_19_56_28_94.log C:\Documents and Settings\Raymond\Lokale innstillinger\Programdata\TitanShield\Logs5_01_2007_19_24_35_683.log C:\Documents and Settings\Raymond\Lokale innstillinger\Programdata\TitanShield\Logs5_01_2007_23_06_28_626.log C:\Documents and Settings\Raymond\Lokale innstillinger\Programdata\TitanShield\Logs5_01_2007_23_39_32_971.log C:\Documents and Settings\Raymond\Lokale innstillinger\Programdata\TitanShield\Logs6_01_2007_19_42_18_297.log C:\Documents and Settings\Raymond\Lokale innstillinger\Programdata\TitanShield\Logs7_01_2007_17_34_35_915.log C:\Documents and Settings\Raymond\Lokale innstillinger\Programdata\TitanShield\Logs8_01_2007_00_01_01_430.log C:\Documents and Settings\Raymond\Lokale innstillinger\Programdata\TitanShield\Logs8_01_2007_21_56_24_472.log C:\Documents and Settings\Raymond\Lokale innstillinger\Programdata\TitanShield\Logs9_01_2007_11_14_15_234.log C:\Documents and Settings\Raymond\Lokale innstillinger\Programdata\TitanShield\Logs9_01_2007_21_23_53_985.log C:\Documents and Settings\Raymond\Lokale innstillinger\Programdata\TitanShield\Logs\10_01_2007_16_54_12_424.log C:\Documents and Settings\Raymond\Lokale innstillinger\Programdata\TitanShield\Logs\10_01_2007_18_46_26_402.log C:\Documents and Settings\Raymond\Lokale innstillinger\Programdata\TitanShield\Logs\10_01_2007_19_27_21_842.log C:\Documents and Settings\Raymond\Lokale innstillinger\Programdata\TitanShield\Logs\10_01_2007_20_30_27_968.log C:\Documents and Settings\Raymond\Lokale innstillinger\Programdata\TitanShield\Logs\10_01_2007_21_13_32_885.log C:\Documents and Settings\Raymond\Lokale innstillinger\Programdata\TitanShield\Logs\10_01_2007_21_20_52_492.log C:\Documents and Settings\Raymond\Lokale innstillinger\Programdata\TitanShield\Logs\11_01_2007_22_32_46_495.log C:\Documents and Settings\Raymond\Lokale innstillinger\Programdata\TitanShield\Logs\12_01_2007_21_51_44_728.log C:\Documents and Settings\Raymond\Lokale innstillinger\Programdata\TitanShield\Logs\13_01_2007_00_12_24_978.log C:\Documents and Settings\Raymond\Lokale innstillinger\Programdata\TitanShield\Logs\14_01_2007_01_26_31_799.log C:\Documents and Settings\Raymond\Lokale innstillinger\Programdata\TitanShield\Logs\14_01_2007_22_31_27_188.log C:\Documents and Settings\Raymond\Lokale innstillinger\Programdata\TitanShield\Logs\16_01_2007_23_36_03_819.log C:\Documents and Settings\Raymond\Lokale innstillinger\Programdata\TitanShield\Logs\17_01_2007_16_48_27_74.log C:\Documents and Settings\Raymond\Lokale innstillinger\Programdata\TitanShield\Logs\18_01_1988_23_52_45_102.log C:\Documents and Settings\Raymond\Lokale innstillinger\Programdata\TitanShield\Logs\20_01_1988_15_25_56_164.log C:\Documents and Settings\Raymond\Lokale innstillinger\Programdata\TitanShield\Logs\21_01_1988_05_04_53_313.log C:\Documents and Settings\Raymond\Lokale innstillinger\Programdata\TitanShield\Logs\21_01_1988_05_43_08_563.log C:\Documents and Settings\Raymond\Lokale innstillinger\Programdata\TitanShield\Logs\21_01_1988_18_54_20_626.log C:\Documents and Settings\Raymond\Lokale innstillinger\Programdata\TitanShield\Logs\21_01_1988_22_16_12_462.log C:\Documents and Settings\Raymond\Lokale innstillinger\Programdata\TitanShield\Logs\22_12_2006_13_18_51_668.log C:\Documents and Settings\Raymond\Lokale innstillinger\Programdata\TitanShield\Logs\23_12_2006_17_41_13_321.log C:\Documents and Settings\Raymond\Lokale innstillinger\Programdata\TitanShield\Logs\24_12_2006_02_28_32_224.log C:\Documents and Settings\Raymond\Lokale innstillinger\Programdata\TitanShield\Logs\24_12_2006_14_54_04_246.log C:\Documents and Settings\Raymond\Lokale innstillinger\Programdata\TitanShield\Logs\25_12_2006_15_09_25_135.log C:\Documents and Settings\Raymond\Lokale innstillinger\Programdata\TitanShield\Logs\26_12_2006_15_05_05_264.log C:\Documents and Settings\Raymond\Lokale innstillinger\Programdata\TitanShield\Logs\28_12_2006_19_43_44_605.log C:\Documents and Settings\Raymond\Lokale innstillinger\Programdata\TitanShield\Logs\29_12_2006_03_25_27_575.log C:\Documents and Settings\Raymond\Lokale innstillinger\Programdata\TitanShield\Logs\29_12_2006_11_54_32_839.log C:\Documents and Settings\Raymond\Lokale innstillinger\Programdata\TitanShield\Logs\29_12_2006_16_05_25_753.log C:\Documents and Settings\Raymond\Lokale innstillinger\Programdata\TitanShield\Logs\29_12_2006_16_56_47_505.log C:\Documents and Settings\Raymond\Lokale innstillinger\Programdata\TitanShield\Logs\30_12_2006_15_02_25_520.log C:\Documents and Settings\Raymond\Lokale innstillinger\Programdata\TitanShield\Logs\30_12_2006_19_31_21_367.log C:\Documents and Settings\Raymond\Lokale innstillinger\Programdata\TitanShield\Logs\31_12_2006_15_15_33_599.log C:\Documents and Settings\Raymond\Lokale innstillinger\Programdata\TitanShield\Logs C:\Documents and Settings\Raymond\Lokale innstillinger\Programdata\TitanShield\Quarantine C:\Documents and Settings\Raymond\Lokale innstillinger\Programdata\TitanShield\Settings\settings.txt C:\Documents and Settings\Raymond\Lokale innstillinger\Programdata\TitanShield\Settings C:\Documents and Settings\Raymond\Lokale innstillinger\Programdata\TitanShield Trojan.Media-Codec HKCR\VideoAXObject.Chl HKCR\VideoAXObject.Chl\CLSID Malware.Antispyware Soldier C:\Documents and Settings\Raymond\Lokale innstillinger\Programdata\AntispywareSoldier\Logs3_10_2006_02_33_54_545.log C:\Documents and Settings\Raymond\Lokale innstillinger\Programdata\AntispywareSoldier\Logs3_10_2006_02_55_52_189.log C:\Documents and Settings\Raymond\Lokale innstillinger\Programdata\AntispywareSoldier\Logs4_10_2006_17_40_05_120.log C:\Documents and Settings\Raymond\Lokale innstillinger\Programdata\AntispywareSoldier\Logs C:\Documents and Settings\Raymond\Lokale innstillinger\Programdata\AntispywareSoldier\Quarantine C:\Documents and Settings\Raymond\Lokale innstillinger\Programdata\AntispywareSoldier\Settings\settings.txt C:\Documents and Settings\Raymond\Lokale innstillinger\Programdata\AntispywareSoldier\Settings C:\Documents and Settings\Raymond\Lokale innstillinger\Programdata\AntispywareSoldier Adware.180solutions/Seekmo HKCR\SeekmoToolbar.SeekmoToolband HKCR\SeekmoToolbar.SeekmoToolband\CLSID HKCR\SeekmoToolbar.SeekmoToolband\CurVer HKCR\SeekmoToolbar.SeekmoToolband.1 HKCR\SeekmoToolbar.SeekmoToolband.1\CLSID HKCR\CLSID\{53E0B6E8-A51D-448B-B692-40B67B285543} HKCR\CLSID\{53E0B6E8-A51D-448B-B692-40B67B285543}#AppID HKCR\CLSID\{53E0B6E8-A51D-448B-B692-40B67B285543}\ProgID HKCR\CLSID\{53E0B6E8-A51D-448B-B692-40B67B285543}\Programmable HKCR\CLSID\{53E0B6E8-A51D-448B-B692-40B67B285543}\TypeLib HKCR\CLSID\{53E0B6E8-A51D-448B-B692-40B67B285543}\VersionIndependentProgID HKCR\TypeLib\{B3A2ECDA-1487-4E7B-815E-D91E43AC79DC} HKCR\TypeLib\{B3A2ECDA-1487-4E7B-815E-D91E43AC79DC}\1.0 HKCR\TypeLib\{B3A2ECDA-1487-4E7B-815E-D91E43AC79DC}\1.0 HKCR\TypeLib\{B3A2ECDA-1487-4E7B-815E-D91E43AC79DC}\1.0\FLAGS HKCR\TypeLib\{B3A2ECDA-1487-4E7B-815E-D91E43AC79DC}\1.0\HELPDIR HKCR\Interface\{AA06DE54-7B8A-4366-9209-D1FA2FD5E680} HKCR\Interface\{AA06DE54-7B8A-4366-9209-D1FA2FD5E680}\ProxyStubClsid HKCR\Interface\{AA06DE54-7B8A-4366-9209-D1FA2FD5E680}\ProxyStubClsid32 HKCR\Interface\{AA06DE54-7B8A-4366-9209-D1FA2FD5E680}\TypeLib HKCR\Interface\{AA06DE54-7B8A-4366-9209-D1FA2FD5E680}\TypeLib#Version HKCR\AppId\SeekmoTB.DLL HKCR\AppId\SeekmoTB.DLL#AppID HKCR\AppId\{21B8997E-251A-412C-A805-B0A4F791B03E} HKU\S-1-5-21-796845957-1708537768-854245398-1003\Software\seekmo HKLM\Software\seekmo HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Seekmo Toolbar HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Seekmo Toolbar#DisplayName HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Seekmo Toolbar#UninstallString HKLM\Software\Microsoft\Internet Explorer\Toolbar#{53E0B6E8-A51D-448B-B692-40B67B285543} [ Seekmo Toolbar ] C:\Programfiler\Seekmo C:\Documents and Settings\All Users\Start-meny\Programmer\Seekmo Search Assistant\Seekmo Customer Support.url C:\Documents and Settings\All Users\Start-meny\Programmer\Seekmo Search Assistant\Seekmo.com.url C:\Documents and Settings\All Users\Start-meny\Programmer\Seekmo Search Assistant Malware.DriveCleaner HKCR\UDCPChk.UDCPChk HKCR\UDCPChk.UDCPChk\CLSID HKCR\UDCPChk.UDCPChk\CurVer HKCR\UDCPChk.UDCPChk.1 HKCR\UDCPChk.UDCPChk.1\CLSID HKCR\UDCShell HKCR\UDCShell\CLSID HKCR\UDCShell\shellex HKCR\UDCShell\shellex\ContextMenuHandlers HKCR\UDCShell\shellex\ContextMenuHandlers\{7EC618F2-C506-4221-9F56-792B92BF762E} HKCR\UDCShell\shellex\ContextMenuHandlers\{C4C4786C-9861-46d2-BB63-AC782AB07046} HKCR\CLSID\{943B96A4-9BF6-42fe-8D0B-4BCA71C3632F} HKCR\CLSID\{943B96A4-9BF6-42fe-8D0B-4BCA71C3632F}\Implemented Categories HKCR\CLSID\{943B96A4-9BF6-42fe-8D0B-4BCA71C3632F}\Implemented Categories\{7DD95801-9882-11CF-9FA9-00AA006C42C4} HKCR\CLSID\{943B96A4-9BF6-42fe-8D0B-4BCA71C3632F}\Implemented Categories\{7DD95802-9882-11CF-9FA9-00AA006C42C4} HKCR\CLSID\{943B96A4-9BF6-42fe-8D0B-4BCA71C3632F}\ProgID HKCR\CLSID\{943B96A4-9BF6-42fe-8D0B-4BCA71C3632F}\Programmable HKCR\CLSID\{943B96A4-9BF6-42fe-8D0B-4BCA71C3632F}\TypeLib HKCR\CLSID\{943B96A4-9BF6-42fe-8D0B-4BCA71C3632F}\VersionIndependentProgID HKCR\Interface\{5954B2DB-09A7-4023-847C-107539DC560D} HKCR\Interface\{5954B2DB-09A7-4023-847C-107539DC560D}\ProxyStubClsid HKCR\Interface\{5954B2DB-09A7-4023-847C-107539DC560D}\ProxyStubClsid32 HKCR\Interface\{5954B2DB-09A7-4023-847C-107539DC560D}\TypeLib HKCR\Interface\{5954B2DB-09A7-4023-847C-107539DC560D}\TypeLib#Version Adware.Zango Toolbar/Hb HKCR\CLSID\{1E0004EC-5DF0-48C7-A8F0-FBB0488A3D94} HKCR\CLSID\{1E0004EC-5DF0-48C7-A8F0-FBB0488A3D94}\ProgID HKCR\CLSID\{1E0004EC-5DF0-48C7-A8F0-FBB0488A3D94}\Programmable HKCR\CLSID\{1E0004EC-5DF0-48C7-A8F0-FBB0488A3D94}\VersionIndependentProgID HKCR\HbCoreSrv.DynamicProp.1 HKCR\HbCoreSrv.DynamicProp.1\CLSID HKCR\Wallpaper.WallpaperManager.1 HKCR\Wallpaper.WallpaperManager.1\CLSID Adware.SiteError C:\Programfiler\SITEERROR SEARCH\readme.ico C:\Programfiler\SITEERROR SEARCH Trojan.DNSChanger-Codec HKCR\PrivateVideo HKCR\PrivateVideo\CLSID HKCR\AdultAccess HKCR\AdultAccess\CLSID Malware.SpyLocked HKCR\videoaccessactivex.Chl HKCR\videoaccessactivex.Chl\CLSID Rootkit.RunTime2 HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\runtime2.sys HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\runtime2.sys Trojan.Media-Codec/V4 C:\Programfiler\Video Add-on\ot.ico C:\Programfiler\Video Add-on\ts.ico C:\Programfiler\Video Add-on\uninst.exe C:\Programfiler\Video Add-on Malware.LocusSoftware Inc/ConfidentSurf HKCR\CLSID\{B33DE756-DEEE-4D7A-87DB-1D905BA2AA21} HKCR\Folder\shellex\contextmenuhandlers\secure_del HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved#{B33DE756-DEEE-4D7A-87DB-1D905BA2AA21} [ secure_del ] Malware.LocusSoftware Inc/PCPrivacyTool C:\Programfiler\Fellesfiler\PCPrivacyTool\mc.exe C:\Programfiler\Fellesfiler\PCPrivacyTool Rootkit.Unclassified/SysDamp-Traces HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\System Reserved HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\System Reserved C:\WINDOWS\system32\svcp.csv Malware.LocusSoftware Inc/BestSellerAntivirus C:\DOCUMENTS AND SETTINGS\RAYMOND\PROGRAMDATA\INSTALLER_EN[1].EXE Trojan.Laguna Media C:\WINDOWS\SPACER.GIF' Adware.AdRotator/AdsSite C:\WINDOWS\SYSTEM32\ADSSITE-REMOVE.EXE RootKit.Unclassified/PolyMorph-A C:\WINDOWS\SYSTEM32\DRIVERS\CKD43.SYS Trojan.Downloader-Gen/Suspicious C:\WINDOWS\SYSTEM32\EHCGPAH.DLL Adware.AdRotator/RightOnz C:\WINDOWS\SYSTEM32\GZMROTATE.DLL C:\WINDOWS\SYSTEM32\RIGHTONADZ-UNINST.EXE Trojan.Downloader-BoDU C:\WINDOWS\SYSTEM32\MSIYUHEV.DLL.BAK Trojan.Net-STTool C:\WINDOWS\SYSTEM32\STTOOL32.EXE Malware.Ultimate Defender C:\WINDOWS\SYSTEM32\WDUKIKBF\WDUKIKBF1.EXE C:\WINDOWS\SYSTEM32\WDUKIKBF\WDUKIKBF2.EXE Trojan.WinAntiSpyware/WinAntiVirus 2006 C:\WINDOWS\SYSTEM32\WDUKIKBF\WDUKIKBF3.EXE Trojan.Downloader-Gen C:\WINDOWS\SYSTEM32\WINSUB.XML Trojan.TaskDir C:\WINDOWS\SYSTEM32\ZLBW.DLL HJT-logg: Klikk for å se/fjerne innholdet nedenfor Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 22:24:32, on 04.01.1988 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16574) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\WgaTray.exe C:\WINDOWS\Explorer.exe C:\Programfiler\Macrogaming\SweetIM\SweetIM.exe C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE C:\Programfiler\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe C:\Programfiler\Google\Google Desktop Search\GoogleDesktop.exe C:\Programfiler\Messenger\msmsgs.exe C:\Programfiler\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\WINDOWS\system32\ctfmon.exe C:\Programfiler\Nokia\Nokia PC Suite 6\PcSync2.exe C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Programfiler\MSN Messenger\msnmsgr.exe C:\PROGRA~1\FELLES~1\Nokia\MPAPI\MPAPI3s.exe C:\Programfiler\Fellesfiler\PCSuite\Services\ServiceLayer.exe C:\Programfiler\Google\Google Desktop Search\GoogleDesktop.exe C:\WINDOWS\system32\svchost.exe H:\clean_box\HiJackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - (no file) F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\system32\proper.exe O2 - BHO: Koblingshjelpeprogram for Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Fellesfiler\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {0b88e546-1dd2-11b2-8973-edb2d6497e9b} - (no file) O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - (no file) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_02\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programfiler\google\googletoolbar4.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programfiler\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programfiler\Windows Live Toolbar\msntb.dll O2 - BHO: (no name) - {bee6b2be-1dd1-11b2-9f7c-81aefa3ad7da} - (no file) O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - (no file) O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programfiler\Windows Live Toolbar\msntb.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programfiler\google\googletoolbar4.dll O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [sweetIM] C:\Programfiler\Macrogaming\SweetIM\SweetIM.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Programfiler\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Programfiler\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Programfiler\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" O4 - HKCU\..\Run: [Google Desktop Search] "C:\Programfiler\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - HKCU\..\Run: [sweetIM] C:\Programfiler\Macrogaming\SweetIM\SweetIM.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Programfiler\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [swg] C:\Programfiler\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [msnmsgr] ~"C:\Programfiler\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [PcSync] C:\Programfiler\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKUS\S-1-5-19\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-20\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'NETTVERKSTJENESTE') O4 - HKUS\S-1-5-18\..\Run: [swg] C:\Programfiler\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [swg] C:\Programfiler\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'Default user') O4 - Startup: .protected O4 - Global Startup: .protected O4 - Global Startup: Microsoft Office.lnk = C:\Programfiler\Microsoft Office\Office10\OSA.EXE O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1 O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1 O8 - Extra context menu item: &Windows Live Search - res://C:\Programfiler\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Åpne i ny bakgrunnsflik - res://C:\Programfiler\Windows Live Toolbar\Components\nb-no\msntabres.dll.mui/229?b63aa9ec70054d279462c0355b7664c O8 - Extra context menu item: Åpne i ny forgrunnsflik - res://C:\Programfiler\Windows Live Toolbar\Components\nb-no\msntabres.dll.mui/230?b63aa9ec70054d279462c0355b7664c O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O20 - AppInit_DLLs: C:\WINDOWS\system32\sulimo.dat O20 - Winlogon Notify: !SASWinLogon - C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll O23 - Service: GoogleDesktopManager - Google - C:\Programfiler\Google\Google Desktop Search\GoogleDesktop.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Programfiler\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: ServiceLayer - Nokia. - C:\Programfiler\Fellesfiler\PCSuite\Services\ServiceLayer.exe O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Programfiler\TuneUp Utilities 2006\WinStylerThemeSvc.exe -- End of file - 8249 bytes Lenke til kommentar
norbat Skrevet 22. mars 2008 Del Skrevet 22. mars 2008 Start hjt, velg "Do a system scan only", sett merke framfor følgende linjer og klikk Fix checked: R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - (no file) F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\system32\proper.exe O2 - BHO: (no name) - {0b88e546-1dd2-11b2-8973-edb2d6497e9b} - (no file) O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - (no file) O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: (no name) - {bee6b2be-1dd1-11b2-9f7c-81aefa3ad7da} - (no file) O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - (no file) O4 - Startup: .protected O4 - Global Startup: .protected O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1 O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1 O20 - AppInit_DLLs: C:\WINDOWS\system32\sulimo.dat Ta en restart av PC-en og fortsett med følgende: Hent Combofix, og legg det på skrivebordet Kjør combofix.exe, og følg veiledningen. Post loggfilen fra combofix (c:\combofix.txt) Lenke til kommentar
m0g1e Skrevet 23. mars 2008 Forfatter Del Skrevet 23. mars 2008 Combofix-logg: Klikk for å se/fjerne innholdet nedenfor ComboFix 08-03-22.1 - Raymond 2008-03-22 17:53:59.1 - NTFSx86Microsoft Windows XP Professional 5.1.2600.2.1252.1.1044.18.499 [GMT 1:00] Running from: C:\Documents and Settings\Raymond\Skrivebord\ComboFix.exe * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\.protected C:\Documents and Settings\Raymond\err.log C:\Documents and Settings\Raymond\Programdata\HbTools C:\Documents and Settings\Raymond\Programdata\HbTools\v3.0\HbTools\dynamic\1065003.sdf C:\Documents and Settings\Raymond\Programdata\HbTools\v3.0\HbTools\dynamic\1418656.sdf C:\Documents and Settings\Raymond\Programdata\HbTools\v3.0\HbTools\dynamic\2896152.sdf C:\Documents and Settings\Raymond\Programdata\HbTools\v3.0\HbTools\dynamic\3251993.sdf C:\Documents and Settings\Raymond\Programdata\HbTools\v3.0\HbTools\dynamic\3781317.sdf C:\Documents and Settings\Raymond\Programdata\HbTools\v3.0\HbTools\dynamic\3783087.sdf C:\Documents and Settings\Raymond\Programdata\HbTools\v3.0\HbTools\dynamic\566217.sdf C:\Documents and Settings\Raymond\Programdata\HbTools\v3.0\HbTools\dynamic\ASPL1.dat C:\Documents and Settings\Raymond\Programdata\HbTools\v3.0\HbTools\dynamic\domains.txt C:\Documents and Settings\Raymond\Programdata\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000024210 C:\Documents and Settings\Raymond\Programdata\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000025078 C:\Documents and Settings\Raymond\Programdata\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000027125 C:\Documents and Settings\Raymond\Programdata\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000027383 C:\Documents and Settings\Raymond\Programdata\HbTools\v3.0\HbTools\dynamic\TooltipXML\17025 C:\Documents and Settings\Raymond\Programdata\HbTools\v3.0\HbTools\dynamic\TooltipXML\20570 C:\Documents and Settings\Raymond\Programdata\HbTools\v3.0\HbTools\dynamic\TooltipXML\26340 C:\Documents and Settings\Raymond\Programdata\HbTools\v3.0\HbTools\dynamic\TooltipXML\26664 C:\Documents and Settings\Raymond\Programdata\HbTools\v3.0\HbTools\dynamic\TooltipXML\34237 C:\Documents and Settings\Raymond\Programdata\HbTools\v3.0\HbTools\dynamic\TooltipXML\44228 C:\Documents and Settings\Raymond\Programdata\HbTools\v3.0\HbTools\dynamic\TooltipXML\45833 C:\Documents and Settings\Raymond\Programdata\HbTools\v3.0\HbTools\dynamic\TooltipXML\61779 C:\Documents and Settings\Raymond\Programdata\HbTools\v3.0\HbTools\dynamic\TooltipXML\66836 C:\Documents and Settings\Raymond\Programdata\HbTools\v3.0\HbTools\dynamic\TooltipXML\67226 C:\Documents and Settings\Raymond\Programdata\HbTools\v3.0\HbTools\dynamic\TooltipXML\82292 C:\Documents and Settings\Raymond\Programdata\HbTools\v3.0\HbTools\dynamic\TooltipXML\86379 C:\Documents and Settings\Raymond\Programdata\HbTools\v3.0\HbTools\dynamic\TooltipXML\99795 C:\Documents and Settings\Raymond\Programdata\HbTools\v3.0\HbTools\dynamic\ustat\3406.dat C:\Documents and Settings\Raymond\Programdata\HbTools\v3.0\HbTools\static\1\ads.cdf C:\Documents and Settings\Raymond\Programdata\HbTools\v3.0\HbTools\static\1\btntrans.idx C:\Documents and Settings\Raymond\Programdata\HbTools\v3.0\HbTools\static\1\btntrans1.dat C:\Documents and Settings\Raymond\Programdata\HbTools\v3.0\HbTools\static\1\business_promo.htm C:\Documents and Settings\Raymond\Programdata\HbTools\v3.0\HbTools\static\1\buttondir.txt C:\Documents and Settings\Raymond\Programdata\HbTools\v3.0\HbTools\static\1\components.cdf C:\Documents and Settings\Raymond\Programdata\HbTools\v3.0\HbTools\static\1\d_icons_buttons_1000.res C:\Documents and Settings\Raymond\Programdata\HbTools\v3.0\HbTools\static\1\d_icons_buttons_2000.res C:\Documents and Settings\Raymond\Programdata\HbTools\v3.0\HbTools\static\1\d_icons_buttons_3000.res C:\Documents and Settings\Raymond\Programdata\HbTools\v3.0\HbTools\static\1\d_icons_buttons_bar.res C:\Documents and Settings\Raymond\Programdata\HbTools\v3.0\HbTools\static\1\d_icons_buttons_bbar1.res C:\Documents and Settings\Raymond\Programdata\HbTools\v3.0\HbTools\static\1\d_icons_buttons_logos.res C:\Documents and Settings\Raymond\Programdata\HbTools\v3.0\HbTools\static\1\d_icons_buttons_other.res C:\Documents and Settings\Raymond\Programdata\HbTools\v3.0\HbTools\static\1\d_icons_weather.res C:\Documents and Settings\Raymond\Programdata\HbTools\v3.0\HbTools\static\1\default.cdf C:\Documents and Settings\Raymond\Programdata\HbTools\v3.0\HbTools\static\1\Default_511745-514279.mnu C:\Documents and Settings\Raymond\Programdata\HbTools\v3.0\HbTools\static\1\Default_bidz.mnu C:\Documents and Settings\Raymond\Programdata\HbTools\v3.0\HbTools\static\1\Default_bidz1.mnu C:\Documents and Settings\Raymond\Programdata\HbTools\v3.0\HbTools\static\1\Default_bidz10.mnu C:\Documents and Settings\Raymond\Programdata\HbTools\v3.0\HbTools\static\1\Default_bidz11.mnu C:\Documents and Settings\Raymond\Programdata\HbTools\v3.0\HbTools\static\1\Default_bidz12.mnu C:\Documents and Settings\Raymond\Programdata\HbTools\v3.0\HbTools\static\1\Default_bidz13.mnu C:\Documents and Settings\Raymond\Programdata\HbTools\v3.0\HbTools\static\1\Default_bidz14.mnu C:\Documents and Settings\Raymond\Programdata\HbTools\v3.0\HbTools\static\1\Default_bidz15.mnu C:\Documents and Settings\Raymond\Programdata\HbTools\v3.0\HbTools\static\1\Default_bidz16.mnu C:\Documents and Settings\Raymond\Programdata\HbTools\v3.0\HbTools\static\1\Default_bidz17.mnu C:\Documents and Settings\Raymond\Programdata\HbTools\v3.0\HbTools\static\1\Default_bidz18.mnu C:\Documents and Settings\Raymond\Programdata\HbTools\v3.0\HbTools\static\1\Default_bidz19.mnu C:\Documents and Settings\Raymond\Programdata\HbTools\v3.0\HbTools\static\1\Default_bidz2.mnu C:\Documents and Settings\Raymond\Programdata\HbTools\v3.0\HbTools\static\1\Default_bidz20.mnu C:\Documents and Settings\Raymond\Programdata\HbTools\v3.0\HbTools\static\1\Default_bidz3.mnu C:\Documents and Settings\Raymond\Programdata\HbTools\v3.0\HbTools\static\1\Default_bidz4.mnu C:\Documents and Settings\Raymond\Programdata\HbTools\v3.0\HbTools\static\1\Default_bidz5.mnu C:\Documents and Settings\Raymond\Programdata\HbTools\v3.0\HbTools\static\1\Default_bidz6.mnu C:\Documents and Settings\Raymond\Programdata\HbTools\v3.0\HbTools\static\1\Default_bidz7.mnu C:\Documents and Settings\Raymond\Programdata\HbTools\v3.0\HbTools\static\1\Default_bidz8.mnu C:\Documents and Settings\Raymond\Programdata\HbTools\v3.0\HbTools\static\1\Default_bidz9.mnu C:\Documents and Settings\Raymond\Programdata\HbTools\v3.0\HbTools\static\1\Default_categorize.mnu C:\Documents and Settings\Raymond\Programdata\HbTools\v3.0\HbTools\static\1\Default_comparison.mnu C:\Documents and Settings\Raymond\Programdata\HbTools\v3.0\HbTools\static\1\Default_em_PROFL_CA_flow_b_IEB.mnu C:\Documents and Settings\Raymond\Programdata\HbTools\v3.0\HbTools\static\1\Default_explorer-Mails.mnu C:\Documents and Settings\Raymond\Programdata\HbTools\v3.0\HbTools\static\1\Default_explorer-people.mnu C:\Documents and Settings\Raymond\Programdata\HbTools\v3.0\HbTools\static\1\Default_favorites.mnu C:\Documents and Settings\Raymond\Programdata\HbTools\v3.0\HbTools\static\1\Default_Games.mnu C:\Documents and Settings\Raymond\Programdata\HbTools\v3.0\HbTools\static\1\Default_Hide.mnu C:\Documents and Settings\Raymond\Programdata\HbTools\v3.0\HbTools\static\1\Default_hotbarcom.mnu C:\Documents and Settings\Raymond\Programdata\HbTools\v3.0\HbTools\static\1\Default_Hotmail.mnu C:\Documents and Settings\Raymond\Programdata\HbTools\v3.0\HbTools\static\1\Default_hsskin.mnu C:\Documents and Settings\Raymond\Programdata\HbTools\v3.0\HbTools\static\1\Default_jemster.mnu C:\Documents and Settings\Raymond\Programdata\HbTools\v3.0\HbTools\static\1\Default_jemsterie.mnu C:\Documents and Settings\Raymond\Programdata\HbTools\v3.0\HbTools\static\1\Default_jemsteruk.mnu C:\Documents and Settings\Raymond\Programdata\HbTools\v3.0\HbTools\static\1\Default_jobsearch.mnu C:\Documents and Settings\Raymond\Programdata\HbTools\v3.0\HbTools\static\1\Default_Mails.mnu C:\Documents and Settings\Raymond\Programdata\HbTools\v3.0\HbTools\static\1\Default_new.mnu C:\Documents and Settings\Raymond\Programdata\HbTools\v3.0\HbTools\static\1\Default_premium.mnu C:\Documents and Settings\Raymond\Programdata\HbTools\v3.0\HbTools\static\1\Default_reun.mnu C:\Documents and Settings\Raymond\Programdata\HbTools\v3.0\HbTools\static\1\Default_ringtones.mnu C:\Documents and Settings\Raymond\Programdata\HbTools\v3.0\HbTools\static\1\Default_SearchBoxTrapper.mnu C:\Documents and Settings\Raymond\Programdata\HbTools\v3.0\HbTools\static\1\Default_searchfor.mnu C:\Documents and Settings\Raymond\Programdata\HbTools\v3.0\HbTools\static\1\Default_searchgo.mnu C:\Documents and Settings\Raymond\Programdata\HbTools\v3.0\HbTools\static\1\Default_weather.mnu C:\Documents and Settings\Raymond\Programdata\HbTools\v3.0\HbTools\static\1\Default_yellowpages.mnu C:\Documents and Settings\Raymond\Programdata\HbTools\v3.0\HbTools\static\1\email-def-511724-548964.mnu C:\Documents and Settings\Raymond\Programdata\HbTools\v3.0\HbTools\static\1\email-def-511724-9595.mnu C:\Documents and Settings\Raymond\Programdata\HbTools\v3.0\HbTools\static\1\email-t1-bg.res C:\Documents and Settings\Raymond\Programdata\HbTools\v3.0\HbTools\static\1\hotbar-premium-hotbar-premium.mnu C:\Documents and Settings\Raymond\Programdata\HbTools\v3.0\HbTools\static\1\hotbar-premium.cdf C:\Documents and Settings\Raymond\Programdata\HbTools\v3.0\HbTools\static\1\hotbar_promo.htm C:\Documents and Settings\Raymond\Programdata\HbTools\v3.0\HbTools\static\1\icons2.res C:\Documents and Settings\Raymond\Programdata\HbTools\v3.0\HbTools\static\1\keywords.idx C:\Documents and Settings\Raymond\Programdata\HbTools\v3.0\HbTools\static\1\keywords1.dat C:\Documents and Settings\Raymond\Programdata\HbTools\v3.0\HbTools\static\1\layout.cdf C:\Documents and Settings\Raymond\Programdata\HbTools\v3.0\HbTools\static\1\linkpathlegal.txt C:\Documents and Settings\Raymond\Programdata\HbTools\v3.0\HbTools\static\1\progress.res C:\Documents and Settings\Raymond\Programdata\HbTools\v3.0\HbTools\static\1\s_icons_buttons.res C:\Documents and Settings\Raymond\Programdata\HbTools\v3.0\HbTools\static\1\sales_buttons.res C:\Documents and Settings\Raymond\Programdata\HbTools\v3.0\HbTools\static\1\t2_bg.res C:\Documents and Settings\Raymond\Programdata\HbTools\v3.0\HbTools\static\1\theweb.mnu C:\Documents and Settings\Raymond\Programdata\HbTools\v3.0\HbTools\static\1\top7.cdf C:\Documents and Settings\Raymond\Programdata\HbTools\v3.0\HbTools\static\1\Top7_theweb.mnu C:\Documents and Settings\Raymond\Programdata\HbTools\v3.0\HbTools\static\1\tsd_bg.res C:\Documents and Settings\Raymond\Programdata\HbTools\v3.0\HbTools\static\DownLoad\ads.xip C:\Documents and Settings\Raymond\Programdata\HbTools\v3.0\HbTools\static\DownLoad\BtnTrans.xip C:\Documents and Settings\Raymond\Programdata\HbTools\v3.0\HbTools\static\DownLoad\BtnTrans1.xip C:\Documents and Settings\Raymond\Programdata\HbTools\v3.0\HbTools\static\DownLoad\business_promo.xip C:\Documents and Settings\Raymond\Programdata\HbTools\v3.0\HbTools\static\DownLoad\buttondir.xip C:\Documents and Settings\Raymond\Programdata\HbTools\v3.0\HbTools\static\DownLoad\d_icons_buttons_1000.xip C:\Documents and Settings\Raymond\Programdata\HbTools\v3.0\HbTools\static\DownLoad\d_icons_buttons_2000.xip C:\Documents and Settings\Raymond\Programdata\HbTools\v3.0\HbTools\static\DownLoad\d_icons_buttons_3000.xip C:\Documents and Settings\Raymond\Programdata\HbTools\v3.0\HbTools\static\DownLoad\d_icons_buttons_bar.xip C:\Documents and Settings\Raymond\Programdata\HbTools\v3.0\HbTools\static\DownLoad\d_icons_buttons_bbar1.xip C:\Documents and Settings\Raymond\Programdata\HbTools\v3.0\HbTools\static\DownLoad\d_icons_buttons_logos.xip C:\Documents and Settings\Raymond\Programdata\HbTools\v3.0\HbTools\static\DownLoad\d_icons_buttons_other.xip C:\Documents and Settings\Raymond\Programdata\HbTools\v3.0\HbTools\static\DownLoad\d_icons_weather.xip C:\Documents and Settings\Raymond\Programdata\HbTools\v3.0\HbTools\static\DownLoad\default.xip C:\Documents and Settings\Raymond\Programdata\HbTools\v3.0\HbTools\static\DownLoad\email-t1-bg.xip C:\Documents and Settings\Raymond\Programdata\HbTools\v3.0\HbTools\static\DownLoad\hotbar-premium.xip C:\Documents and Settings\Raymond\Programdata\HbTools\v3.0\HbTools\static\DownLoad\hotbar_promo.xip C:\Documents and Settings\Raymond\Programdata\HbTools\v3.0\HbTools\static\DownLoad\icons2.xip C:\Documents and Settings\Raymond\Programdata\HbTools\v3.0\HbTools\static\DownLoad\keywords.xip C:\Documents and Settings\Raymond\Programdata\HbTools\v3.0\HbTools\static\DownLoad\keywords1.xip C:\Documents and Settings\Raymond\Programdata\HbTools\v3.0\HbTools\static\DownLoad\layout.xip C:\Documents and Settings\Raymond\Programdata\HbTools\v3.0\HbTools\static\DownLoad\linkpathlegal.xip C:\Documents and Settings\Raymond\Programdata\HbTools\v3.0\HbTools\static\DownLoad\progress.xip C:\Documents and Settings\Raymond\Programdata\HbTools\v3.0\HbTools\static\DownLoad\s_icons_buttons.xip C:\Documents and Settings\Raymond\Programdata\HbTools\v3.0\HbTools\static\DownLoad\sales_buttons.xip C:\Documents and Settings\Raymond\Programdata\HbTools\v3.0\HbTools\static\DownLoad\samplegroups2.txt C:\Documents and Settings\Raymond\Programdata\HbTools\v3.0\HbTools\static\DownLoad\samplegroups2.xip C:\Documents and Settings\Raymond\Programdata\HbTools\v3.0\HbTools\static\DownLoad\t2_bg.xip C:\Documents and Settings\Raymond\Programdata\HbTools\v3.0\HbTools\static\DownLoad\top7.xip C:\Documents and Settings\Raymond\Programdata\HbTools\v3.0\HbTools\static\DownLoad\tsd_bg.xip C:\Documents and Settings\Raymond\Programdata\HbTools\v3.0\HostOI\static\1\030104_emte10_prv.gif C:\Documents and Settings\Raymond\Programdata\HbTools\v3.0\HostOI\static\1\030104_emte11_prv.gif C:\Documents and Settings\Raymond\Programdata\HbTools\v3.0\HostOI\static\1\030104_emte12_prv.gif C:\Documents and Settings\Raymond\Programdata\HbTools\v3.0\HostOI\static\1\030104_emte13_prv.gif C:\Documents and Settings\Raymond\Programdata\HbTools\v3.0\HostOI\static\1\030104_emte14_prv.gif C:\Documents and Settings\Raymond\Programdata\HbTools\v3.0\HostOI\static\1\030104_emte19_prv.gif C:\Documents and Settings\Raymond\Programdata\HbTools\v3.0\HostOI\static\1\030104_emte20_prv.gif C:\Documents and Settings\Raymond\Programdata\HbTools\v3.0\HostOI\static\1\030104_emte21_prv.gif C:\Documents and Settings\Raymond\Programdata\HbTools\v3.0\HostOI\static\1\030104_emte9_prv.gif C:\Documents and Settings\Raymond\Programdata\HbTools\v3.0\HostOI\static\1\030203lib_prv.gif C:\Documents and Settings\Raymond\Programdata\HbTools\v3.0\HostOI\static\1\033102angel_1_prv.gif C:\Documents and Settings\Raymond\Programdata\HbTools\v3.0\HostOI\static\1\033102bigluf_1_prv.gif C:\Documents and Settings\Raymond\Programdata\HbTools\v3.0\HostOI\static\1\033102bigsmile_1_prv.gif C:\Documents and Settings\Raymond\Programdata\HbTools\v3.0\HostOI\static\1\033102birthday_1_prv.gif C:\Documents and Settings\Raymond\Programdata\HbTools\v3.0\HostOI\static\1\033102cheers_1_prv.gif C:\Documents and Settings\Raymond\Programdata\HbTools\v3.0\HostOI\static\1\033102flo_1_prv.gif C:\Documents and Settings\Raymond\Programdata\HbTools\v3.0\HostOI\static\1\033102good_1_prv.gif C:\Documents and Settings\Raymond\Programdata\HbTools\v3.0\HostOI\static\1\033102jump_1_prv.gif C:\Documents and Settings\Raymond\Programdata\HbTools\v3.0\HostOI\static\1\033102king_1_prv.gif C:\Documents and Settings\Raymond\Programdata\HbTools\v3.0\HostOI\static\1\033102lough_1_prv.gif C:\Documents and Settings\Raymond\Programdata\HbTools\v3.0\HostOI\static\1\033102luf_1_prv.gif C:\Documents and Settings\Raymond\Programdata\HbTools\v3.0\HostOI\static\1\033102smile_1_prv.gif C:\Documents and Settings\Raymond\Programdata\HbTools\v3.0\HostOI\static\1\033102smiled_1_prv.gif C:\Documents and Settings\Raymond\Programdata\HbTools\v3.0\HostOI\static\1\033102sor_1_prv.gif C:\Documents and Settings\Raymond\Programdata\HbTools\v3.0\HostOI\static\1\033102thanx_1_prv.gif C:\Documents and Settings\Raymond\Programdata\HbTools\v3.0\HostOI\static\1\033102uhu_1_prv.gif C:\Documents and Settings\Raymond\Programdata\HbTools\v3.0\HostOI\static\1\040103ahh_prv.gif C:\Documents and Settings\Raymond\Programdata\HbTools\v3.0\HostOI\static\1\040103wow_prv.gif C:\Documents and Settings\Raymond\Programdata\HbTools\v3.0\HostOI\static\1\040104_emi2_prv.gif C:\Documents and Settings\Raymond\Programdata\HbTools\v3.0\HostOI\static\1\042102_1134_112_prv.gif C:\Documents and Settings\Raymond\Programdata\HbTools\v3.0\HostOI\static\1\050103big_prv.gif C:\Documents and Settings\Raymond\Programdata\HbTools\v3.0\HostOI\static\1\050103gig_prv.gif C:\Documents and Settings\Raymond\Programdata\HbTools\v3.0\HostOI\static\1\050103hm_prv.gif C:\Documents and Settings\Raymond\Programdata\HbTools\v3.0\HostOI\static\1\050103nomail_emoti_prv.gif C:\Documents and Settings\Raymond\Programdata\HbTools\v3.0\HostOI\static\1\050103norm_prv.gif C:\Documents and Settings\Raymond\Programdata\HbTools\v3.0\HostOI\static\1\060104_ema15_prv.gif C:\Documents and Settings\Raymond\Programdata\HbTools\v3.0\HostOI\static\1\060104_ema16_prv.gif C:\Documents and Settings\Raymond\Programdata\HbTools\v3.0\HostOI\static\1\060104_ema17_prv.gif C:\Documents and Settings\Raymond\Programdata\HbTools\v3.0\HostOI\static\1\060104_ema18_prv.gif C:\Documents and Settings\Raymond\Programdata\HbTools\v3.0\HostOI\static\1\060104_ema19_prv.gif C:\Documents and Settings\Raymond\Programdata\HbTools\v3.0\HostOI\static\1\060104_ema20_prv.gif C:\Documents and Settings\Raymond\Programdata\HbTools\v3.0\HostOI\static\1\060104_ema21_prv.gif C:\Documents and Settings\Raymond\Programdata\HbTools\v3.0\HostOI\static\1\060104_ema24_prv.gif C:\Documents and Settings\Raymond\Programdata\HbTools\v3.0\HostOI\static\1\060104_ema25_prv.gif C:\Documents and Settings\Raymond\Programdata\HbTools\v3.0\HostOI\static\1\060104_ema26_prv.gif C:\Documents and Settings\Raymond\Programdata\HbTools\v3.0\HostOI\static\1\060104_ema30_prv.gif C:\Documents and Settings\Raymond\Programdata\HbTools\v3.0\HostOI\static\1\060104_ema33_prv.gif C:\Documents and Settings\Raymond\Programdata\HbTools\v3.0\HostOI\static\1\060104_ema34_prv.gif C:\Documents and Settings\Raymond\Programdata\HbTools\v3.0\HostOI\static\1\062802hippi_prv.gif C:\Documents and Settings\Raymond\Programdata\HbTools\v3.0\HostOI\static\1\062802jumpie_prv.gif C:\Documents and Settings\Raymond\Programdata\HbTools\v3.0\HostOI\static\1\080402argh_prv.gif C:\Documents and Settings\Raymond\Programdata\HbTools\v3.0\HostOI\static\1\080402oops_prv.gif C:\Documents and Settings\Raymond\Programdata\HbTools\v3.0\HostOI\static\1\080402ouch_prv.gif C:\Documents and Settings\Raymond\Programdata\HbTools\v3.0\HostOI\static\1\082502no_prv.gif C:\Documents and Settings\Raymond\Programdata\HbTools\v3.0\HostOI\static\1\082502yes_prv.gif C:\Documents and Settings\Raymond\Programdata\HbTools\v3.0\HostOI\static\1\110103_boring1_prv.gif C:\Documents and Settings\Raymond\Programdata\HbTools\v3.0\HostOI\static\1\110103_confused_prv.gif C:\Documents and Settings\Raymond\Programdata\HbTools\v3.0\HostOI\static\1\110103_crying_ugly_prv.gif C:\Documents and Settings\Raymond\Programdata\HbTools\v3.0\HostOI\static\1\110103_fantastic_prv.gif C:\Documents and Settings\Raymond\Programdata\HbTools\v3.0\HostOI\static\1\110103_feel_better_prv.gif C:\Documents and Settings\Raymond\Programdata\HbTools\v3.0\HostOI\static\1\110103_gimme_break_prv.gif C:\Documents and Settings\Raymond\Programdata\HbTools\v3.0\HostOI\static\1\110103_heehee_prv.gif C:\Documents and Settings\Raymond\Programdata\HbTools\v3.0\HostOI\static\1\110103_hlopaet_prv.gif C:\Documents and Settings\Raymond\Programdata\HbTools\v3.0\HostOI\static\1\110103_ign_prv.gif C:\Documents and Settings\Raymond\Programdata\HbTools\v3.0\HostOI\static\1\110103_lol_prv.gif C:\Documents and Settings\Raymond\Programdata\HbTools\v3.0\HostOI\static\1\110103_no_comment_prv.gif C:\Documents and Settings\Raymond\Programdata\HbTools\v3.0\HostOI\static\1\110103_peace_prv.gif C:\Documents and Settings\Raymond\Programdata\HbTools\v3.0\HostOI\static\1\110103_smashing_prv.gif C:\Documents and Settings\Raymond\Programdata\HbTools\v3.0\HostOI\static\1\110103_talk2thehand_prv.gif C:\Documents and Settings\Raymond\Programdata\HbTools\v3.0\HostOI\static\1\block_sm.gif C:\Documents and Settings\Raymond\Programdata\HbTools\v3.0\HostOI\static\1\block_sm2.gif C:\Documents and Settings\Raymond\Programdata\HbTools\v3.0\HostOI\static\1\block_smli.gif C:\Documents and Settings\Raymond\Programdata\HbTools\v3.0\HostOI\static\1\block_smli2.gif C:\Documents and Settings\Raymond\Programdata\HbTools\v3.0\HostOI\static\1\blocked.gif C:\Documents and Settings\Raymond\Programdata\HbTools\v3.0\HostOI\static\1\blocked2.gif C:\Documents and Settings\Raymond\Programdata\HbTools\v3.0\HostOI\static\1\btn_add-but.gif C:\Documents and Settings\Raymond\Programdata\HbTools\v3.0\HostOI\static\1\btn_back-but.gif C:\Documents and Settings\Raymond\Programdata\HbTools\v3.0\HostOI\static\1\btn_left_cut_enabled_1.gif C:\Documents and Settings\Raymond\Programdata\HbTools\v3.0\HostOI\static\1\btn_left_enabled_1.gif C:\Documents and Settings\Raymond\Programdata\HbTools\v3.0\HostOI\static\1\btn_left_pressed_1.gif C:\Documents and Settings\Raymond\Programdata\HbTools\v3.0\HostOI\static\1\btn_middle_enabled_1.gif C:\Documents and Settings\Raymond\Programdata\HbTools\v3.0\HostOI\static\1\btn_middle_pressed_1.gif C:\Documents and Settings\Raymond\Programdata\HbTools\v3.0\HostOI\static\1\btn_right_cut_enabled_1.gif C:\Documents and Settings\Raymond\Programdata\HbTools\v3.0\HostOI\static\1\btn_right_enabled_1.gif C:\Documents and Settings\Raymond\Programdata\HbTools\v3.0\HostOI\static\1\btn_right_pressed_1.gif C:\Documents and Settings\Raymond\Programdata\HbTools\v3.0\HostOI\static\1\business_promo.htm C:\;Documents and Settings\Raymond\Programdata\HbTools\v3.0\HostOI\static\1\buttondir.txt C:\Documents and Settings\Raymond\Programdata\HbTools\v3.0\HostOI\static\1\components.cdf C:\Documents and Settings\Raymond\Programdata\HbTools\v3.0\HostOI\static\1\css_cattree.css C:\Documents and Settings\Raymond\Programdata\HbTools\v3.0\HostOI\static\1\css_flashpreview.css C:\Documents and Settings\Raymond\Programdata\HbTools\v3.0\HostOI\static\1\css2_main.css C:\Documents and Settings\Raymond\Programdata\HbTools\v3.0\HostOI\static\1\css2_pagingmodule.css C:\Documents and Settings\Raymond\Programdata\HbTools\v3.0\HostOI\static\1\css2_topbuttons.css C:\Documents and Settings\Raymond\Programdata\HbTools\v3.0\HostOI\static\1\delete.gif C:\Documents and Settings\Raymond\Programdata\HbTools\v3.0\HostOI\static\1\edit_clear_sound.gif C:\Documents and Settings\Raymond\Programdata\HbTools\v3.0\HostOI\static\1\edit_fs.htm C:\Documents and Settings\Raymond\Programdata\HbTools\v3.0\HostOI\static\1\edit_select.gif C:\Documents and Settings\Raymond\Programdata\HbTools\v3.0\HostOI\static\1\email-def-511745-514279.mnu C:\Documents and Settings\Raymond\Programdata\HbTools\v3.0\HostOI\static\1\email-def-email-backgrounds.mnu C:\Documents and Settings\Raymond\Programdata\HbTools\v3.0\HostOI\static\1\email-def-email-bcards.mnu C:\Documents and Settings\Raymond\Programdata\HbTools\v3.0\HostOI\static\1\email-def-email-ecards.mnu C:\Documents and Settings\Raymond\Programdata\HbTools\v3.0\HostOI\static\1\email-def-email-edit.mnu C:\Documents and Settings\Raymond\Programdata\HbTools\v3.0\HostOI\static\1\email-def-email-emoticons.mnu C:\Documents and Settings\Raymond\Programdata\HbTools\v3.0\HostOI\static\1\email-def-email-estationery.mnu C:\Documents and Settings\Raymond\Programdata\HbTools\v3.0\HostOI\static\1\email-def-email-funny.mnu C:\Documents and Settings\Raymond\Programdata\HbTools\v3.0\HostOI\static\1\email-def-email-help.mnu C:\Documents and Settings\Raymond\Programdata\HbTools\v3.0\HostOI\static\1\email-def-email-images.mnu C:\Documents and Settings\Raymond\Programdata\HbTools\v3.0\HostOI\static\1\email-def-email-info.mnu C:\Documents and Settings\Raymond\Programdata\HbTools\v3.0\HostOI\static\1\email-def-email-more.mnu C:\Documents and Settings\Raymond\Programdata\HbTools\v3.0\HostOI\static\1\email-def-email-my.mnu C:\Documents and Settings\Raymond\Programdata\HbTools\v3.0\HostOI\static\1\email-def-email-people.mnu C:\Documents and Settings\Raymond\Programdata\HbTools\v3.0\HostOI\static\1\email-def-email-photo.mnu C:\Documents and Settings\Raymond\Programdata\HbTools\v3.0\HostOI\static\1\email-def-email-tell.mnu C:\Documents and Settings\Raymond\Programdata\HbTools\v3.0\HostOI\static\1\email-def-email-temp.mnu C:\Documents and Settings\Raymond\Programdata\HbTools\v3.0\HostOI\static\1\email-def-email-temp_OI.mnu C:\Documents and Settings\Raymond\Programdata\HbTools\v3.0\HostOI\static\1\email-def-email-text.mnu C:\Documents and Settings\Raymond\Programdata\HbTools\v3.0\HostOI\static\1\email-def-email-voice.mnu C:\Documents and Settings\Raymond\Programdata\HbTools\v3.0\HostOI\static\1\email-def.cdf C:\Documents and Settings\Raymond\Programdata\HbTools\v3.0\HostOI\static\1\email-premium-email-premium.mnu C:\Documents and Settings\Raymond\Programdata\HbTools\v3.0\HostOI\static\1\email-premium-email-premium_OI.mnu C:\Documents and Settings\Raymond\Programdata\HbTools\v3.0\HostOI\static\1\email-t1-bg.res C:\Documents and Settings\Raymond\Programdata\HbTools\v3.0\HostOI\static\1\email-temp-bg.res C:\Documents and Settings\Raymond\Programdata\HbTools\v3.0\HostOI\static\1\estatationery.gif C:\Documents and Settings\Raymond\Programdata\HbTools\v3.0\HostOI\static\1\flashpatch.js C:\Documents and Settings\Raymond\Programdata\HbTools\v3.0\HostOI\static\1\flashpreview.htm C:\Documents and Settings\Raymond\Programdata\HbTools\v3.0\HostOI\static\1\fs3.htm C:\Documents and Settings\Raymond\Programdata\HbTools\v3.0\HostOI\static\1\hotbar_promo.htm C:\Documents and Settings\Raymond\Programdata\HbTools\v3.0\HostOI\static\1\icon_checked_1.gif C:\Documents and Settings\Raymond\Programdata\HbTools\v3.0\HostOI\static\1\icon_close_1.gif C:\Documents and Settings\Raymond\Programdata\HbTools\v3.0\HostOI\static\1\icon_close_pressed_1.gif C:\Documents and Settings\Raymond\Programdata\HbTools\v3.0\HostOI\static\1\icon_edit_preview.gif C:\Documents and Settings\Raymond\Programdata\HbTools\v3.0\HostOI\static\1\icon_edit_send.gif C:\Documents and Settings\Raymond\Programdata\HbTools\v3.0\HostOI\static\1\icon_flash_preview.gif C:\Documents and Settings\Raymond\Programdata\HbTools\v3.0\HostOI\static\1\icon_recently_used.gif C:\Documents and Settings\Raymond\Programdata\HbTools\v3.0\HostOI\static\1\icon_remove_1.gif C:\Documents and Settings\Raymond\Programdata\HbTools\v3.0\HostOI\static\1\icon_remove_pressed_1.gif C:\Documents and Settings\Raymond\Programdata\HbTools\v3.0\HostOI\static\1\icon_sand-clock2.gif C:\Documents and Settings\Raymond\Programdata\HbTools\v3.0\HostOI\static\1\icon_tell_1.gif C:\Documents and Settings\Raymond\Programdata\HbTools\v3.0\HostOI\static\1\icon_tell_pressed_1.gif C:\Documents and Settings\Raymond\Programdata\HbTools\v3.0\HostOI\static\1\icon_tree_null.gif C:\Documents and Settings\Raymond\Programdata\HbTools\v3.0\HostOI\static\1\icon_unchecked_1.gif C:\Documents and Settings\Raymond\Programdata\HbTools\v3.0\HostOI\static\1\icon_unchecked_pressed_1.gif C:\Documents and Settings\Raymond\Programdata\HbTools\v3.0\HostOI\static\1\img_barlayout.gif C:\Documents and Settings\Raymond\Programdata\HbTools\v3.0\HostOI\static\1\img_barlayout2.gif C:\Documents and Settings\Raymond\Programdata\HbTools\v3.0\HostOI\static\1\img_barlayout4.gif C:\Documents and Settings\Raymond\Programdata\HbTools\v3.0\HostOI\static\1\img_corner_left.gif C:\Documents and Settings\Raymond\Programdata\HbTools\v3.0\HostOI\static\1\img_local_logo.gif C:\Documents and Settings\Raymond\Programdata\HbTools\v3.0\HostOI\static\1\js2_basetemplate.js C:\Documents and Settings\Raymond\Programdata\HbTools\v3.0\HostOI\static\1\js2_hbgroups.js C:\Documents and Settings\Raymond\Programdata\HbTools\v3.0\HostOI\static\1\js2_hbobject3.js C:\Documents and Settings\Raymond\Programdata\HbTools\v3.0\HostOI\static\1\js2_hbobjectset3.js C:\Documents and Settings\Raymond\Programdata\HbTools\v3.0\HostOI\static\1\js2_hotbarwrapper.js C:\Documents and Settings\Raymond\Programdata\HbTools\v3.0\HostOI\static\1\js2_iteratorsandreaders3nf.js C:\Documents and Settings\Raymond\Programdata\HbTools\v3.0\HostOI\static\1\js2_pagingmoduleobj3.js C:\Documents and Settings\Raymond\Programdata\HbTools\v3.0\HostOI\static\1\js2_texts3.js C:\Documents and Settings\Raymond\Programdata\HbTools\v3.0\HostOI\static\1\js2_xmltree3nf.js C:\Documents and Settings\Raymond\Programdata\HbTools\v3.0\HostOI\static\1\layout.cdf C:\Documents and Settings\Raymond\Programdata\HbTools\v3.0\HostOI\static\1\linkpathlegal.txt C:\Documents and Settings\Raymond\Programdata\HbTools\v3.0\HostOI\static\1\n.gif C:\Documents and Settings\Raymond\Programdata\HbTools\v3.0\HostOI\static\1\nav_b_2.gif C:\Documents and Settings\Raymond\Programdata\HbTools\v3.0\HostOI\static\1\nav_bb_2.gif C:\Documents and Settings\Raymond\Programdata\HbTools\v3.0\HostOI\static\1\nav_f_2.gif C:\Documents and Settings\Raymond\Programdata\HbTools\v3.0\HostOI\static\1\nav_ff_2.gif C:\Documents and Settings\Raymond\Programdata\HbTools\v3.0\HostOI\static\1\progress.res C:\Documents and Settings\Raymond\Programdata\HbTools\v3.0\HostOI\static\1\searchbtn.gif C:\Documents and Settings\Raymond\Programdata\HbTools\v3.0\HostOI\static\1\submit.gif C:\Documents and Settings\Raymond\Programdata\HbTools\v3.0\HostOI\static\1\tab_bg.gif C:\Documents and Settings\Raymond\Programdata\HbTools\v3.0\HostOI\static\1\tab_bga.gif C:\Documents and Settings\Raymond\Programdata\HbTools\v3.0\HostOI\static\1\tab_bgia.gif C:\Documents and Settings\Raymond\Programdata\HbTools\v3.0\HostOI\static\1\tab_l.gif C:\Documents and Settings\Raymond\Programdata\HbTools\v3.0\HostOI\static\1\tab_la.gif C:\Documents and Settings\Raymond\Programdata\HbTools\v3.0\HostOI\static\1\tab_lia.gif C:\Documents and Settings\Raymond\Programdata\HbTools\v3.0\HostOI\static\1\tab_r.gif C:\Documents and Settings\Raymond\Programdata\HbTools\v3.0\HostOI\static\1\tab_ra.gif C:\Documents and Settings\Raymond\Programdata\HbTools\v3.0\HostOI\static\1\tab_ria.gif C:\Documents and Settings\Raymond\Programdata\HbTools\v3.0\HostOI\static\1\tree_dots.gif C:\Documents and Settings\Raymond\Programdata\HbTools\v3.0\HostOI\static\1\tree_minus.gif C:\Documents and Settings\Raymond\Programdata\HbTools\v3.0\HostOI\static\1\tree_plus.gif C:\Documents and Settings\Raymond\Programdata\HbTools\v3.0\HostOI\static\1\treedata_animations.xml C:\Documents and Settings\Raymond\Programdata\HbTools\v3.0\HostOI\static\1\treedata_backgrounds.xml C:\Documents and Settings\Raymond\Programdata\HbTools\v3.0\HostOI\static\1\treedata_ecards.xml C:\Documents and Settings\Raymond\Programdata\HbTools\v3.0\HostOI\static\1\treedata_emoticons.xml C:\Documents and Settings\Raymond\Programdata\HbTools\v3.0\HostOI\static\1\treedata_notifiers.xml C:\Documents and Settings\Raymond\Programdata\HbTools\v3.0\HostOI\static\1\treedata_text.xml C:\Documents and Settings\Raymond\Programdata\HbTools\v3.0\HostOI\static\DownLoad\business_promo.xip C:\Documents and Settings\Raymond\Programdata\HbTools\v3.0\HostOI\static\DownLoad\buttondir.xip C:\Documents and Settings\Raymond\Programdata\HbTools\v3.0\HostOI\static\DownLoad\code.xip C:\Documents and Settings\Raymond\Programdata\HbTools\v3.0\HostOI\static\DownLoad\email-def.xip C:\Documents and Settings\Raymond\Programdata\HbTools\v3.0\HostOI\static\DownLoad\email-t1-bg.xip C:\Documents and Settings\Raymond\Programdata\HbTools\v3.0\HostOI\static\DownLoad\email-temp-bg.xip C:\Documents and Settings\Raymond\Programdata\HbTools\v3.0\HostOI\static\DownLoad\hotbar_promo.xip C:\Documents and Settings\Raymond\Programdata\HbTools\v3.0\HostOI\static\DownLoad\images.xip C:\Documents and Settings\Raymond\Programdata\HbTools\v3.0\HostOI\static\DownLoad\layout.xip C:\Documents and Settings\Raymond\Programdata\HbTools\v3.0\HostOI\static\DownLoad\linkpathlegal.xip C:\Documents and Settings\Raymond\Programdata\HbTools\v3.0\HostOI\static\DownLoad\localcontent.xip C:\Documents and Settings\Raymond\Programdata\HbTools\v3.0\HostOI\static\DownLoad\progress.xip C:\Documents and Settings\Raymond\Programdata\HbTools\v3.0\HostOI\static\DownLoad\treexml.xip C:\Documents and Settings\Raymond\ResErrors.log C:\Programfiler\Fellesfiler\winantivirus pro 2006 C:\Programfiler\HbTools C:\WINDOWS\.protected C:\WINDOWS\system32\0_exception.nls C:\WINDOWS\system32\drivers\etc\.protected C:\WINDOWS\system32\koos.exe C:\WINDOWS\system32\kprof C:\WINDOWS\system32\poof C:\WINDOWS\system32\stera.log . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_FMTR -------\Legacy_FOPN -------\Legacy_POOF -------\Legacy_RUNTIME2 -------\Service_kprof -------\Service_poof -------\Service_xlavba8 ((((((((((((((((((((((((( Files Created from 2008-02-22 to 2008-03-22 ))))))))))))))))))))))))))))))) . 2008-03-22 17:58 . 2008-03-22 17:58 <DIR> d-------- C:\WINDOWS\system32\xircom 2008-03-22 17:58 . 2008-03-22 17:58 <DIR> d-------- C:\Programfiler\microsoft frontpage 2008-03-22 17:56 . 2008-03-22 17:56 268 --ah----- C:\sqmdata07.sqm 2008-03-22 17:56 . 2008-03-22 17:56 244 --ah----- C:\sqmnoopt07.sqm . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-03-22 16:54 --------- d-----w C:\Programfiler\SUPERAntiSpyware 2008-03-22 16:54 --------- d-----w C:\Documents and Settings\Raymond\Programdata\SUPERAntiSpyware.com 2007-10-30 21:45 157,712 ----a-w C:\Documents and Settings\Raymond\Programdata\install_no[1].exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Google Desktop Search"="C:\Programfiler\Google\Google Desktop Search\GoogleDesktop.exe" [2007-08-13 20:58 1838592] "SweetIM"="C:\Programfiler\Macrogaming\SweetIM\SweetIM.exe" [2006-06-06 09:07 40960] "MSMSGS"="C:\Programfiler\Messenger\msmsgs.exe" [2004-08-03 23:15 1694208] "swg"="C:\Programfiler\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-15 21:36 68856] "msnmsgr"="~C:\Programfiler\MSN Messenger\msnmsgr.exe" [ ] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:03 15360] "PcSync"="C:\Programfiler\Nokia\Nokia PC Suite 6\PcSync2.exe" [2006-06-27 16:21 1449984] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NeroCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 01:50 155648] "SweetIM"="C:\Programfiler\Macrogaming\SweetIM\SweetIM.exe" [2006-06-06 09:07 40960] "SunJavaUpdateSched"="C:\Programfiler\Java\jre1.5.0_06\bin\jusched.exe" [ ] "!AVG Anti-Spyware"="C:\Programfiler\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [ ] "PCSuiteTrayApplication"="C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.exe" [2006-06-15 12:36 229376] "Adobe Photo Downloader"="C:\Programfiler\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-07-07 17:41 57344] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "swg"="C:\Programfiler\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-15 21:36 68856] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "nlsf"="cmd.exe" [2004-08-04 00:03 388096 C:\WINDOWS\system32\cmd.exe] "tscuninstall"="C:\WINDOWS\system32\tscupgrd.exe" [2004-08-03 23:52 44544] C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\ Microsoft Office.lnk - C:\Programfiler\Microsoft Office\Office10\OSA.EXE [2001-02-13 00:01:04 83360] [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Authentication Packages REG_MULTI_SZ msv1_0 nwprovau [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Programfiler\\MSN Messenger\\msnmsgr.exe"= "%windir%\\system32\\winav.exe"= "C:\\WINDOWS\\system32\\mmc.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= R1 SMBHC;Vertskontrollerdriver for Microsoft SM Bus;C:\WINDOWS\system32\DRIVERS\SMBHC.sys [2001-08-17 21:57] R2 UxTuneUp;TuneUp Design Expansion;C:\WINDOWS\System32\svchost.exe [2004-08-04 00:03] R3 SMBBATT;Driver for Microsoft Smart Battery;C:\WINDOWS\system32\DRIVERS\SMBBATT.sys [2004-08-03 23:07] R3 TOSHIBASoftModem;Toshiba Soft Modem;C:\WINDOWS\system32\DRIVERS\LTSMT.sys [2001-08-17 19:28] S2 NFGOTZAF;NFGOTZAF;C:\WINDOWS\system32\nfgotzaf.rma [] S3 ess;ESS Audio-driver (WDM);C:\WINDOWS\system32\drivers\ess.sys [2001-08-17 18:19] S3 IPN2220;INPROCOMM IPN2220 Wireless LAN Card Driver;C:\WINDOWS\system32\DRIVERS\i2220ntx.sys [2004-11-04 17:29] S3 MusCDriverV32;MusCDriverV32;C:\WINDOWS\system32\drivers\MusCDriverV32.sys [2007-07-19 13:58] S3 noskrnl.sys;noskrnl.sys;C:\WINDOWS\system32\noskrnl.sys [] S3 SIWIO;SIWIO;C:\WINDOWS\TEMP\SiwIo.sys [] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs UxTuneUp . Contents of the 'Scheduled Tasks' folder "2007-12-21 16:15:00 C:\WINDOWS\Tasks\1-Click Maintenance.job" - C:\Programfiler\TuneUp Utilities 2006\SystemOptimizer.exe "2007-12-22 02:26:01 C:\WINDOWS\Tasks\Se etter oppdateringer for Windows Live Toolbar.job" - C:\Programfiler\Windows Live Toolbar\MSNTBUP.EXE . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-03-22 17:59:08 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NFGOTZAF] "ImagePath"="\??\C:\WINDOWS\system32\nfgotzaf.rma" . ------------------------ Other Running Processes ------------------------ . C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\WgaTray.exe C:\Programfiler\Fellesfiler\PCSuite\Services\ServiceLayer.exe C:\PROGRA~1\FELLES~1\Nokia\MPAPI\MPAPI3s.exe H:\keyfinder.exe C:\DOCUME~1\Raymond\LOKALE~1\Temp\RarSFX0\findkey.exe . ************************************************************************** . Completion time: 2008-03-22 18:01:08 - machine was rebooted ComboFix-quarantined-files.txt 2008-03-22 17:01:03 . 2007-12-21 02:01:24 --- E O F --- en ekstra HJT-logg btw. Klikk for å se/fjerne innholdet nedenfor Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 18:24:00, on 23.03.2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16574) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\WgaTray.exe C:\Programfiler\Macrogaming\SweetIM\SweetIM.exe C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE C:\Programfiler\MSN Messenger\msnmsgr.exe C:\Programfiler\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe C:\Programfiler\Google\Google Desktop Search\GoogleDesktop.exe C:\Programfiler\Messenger\msmsgs.exe C:\Programfiler\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\WINDOWS\system32\ctfmon.exe C:\Programfiler\Nokia\Nokia PC Suite 6\PcSync2.exe C:\Programfiler\Fellesfiler\PCSuite\Services\ServiceLayer.exe C:\Programfiler\Google\Google Desktop Search\GoogleDesktop.exe C:\PROGRA~1\FELLES~1\Nokia\MPAPI\MPAPI3s.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\mmc.exe H:\siw.exe H:\clean_box\HiJackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger O2 - BHO: Koblingshjelpeprogram for Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Fellesfiler\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_02\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programfiler\google\googletoolbar4.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programfiler\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programfiler\Windows Live Toolbar\msntb.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programfiler\Windows Live Toolbar\msntb.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programfiler\google\googletoolbar4.dll O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [sweetIM] C:\Programfiler\Macrogaming\SweetIM\SweetIM.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Programfiler\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Programfiler\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Programfiler\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" O4 - HKCU\..\Run: [Google Desktop Search] "C:\Programfiler\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - HKCU\..\Run: [sweetIM] C:\Programfiler\Macrogaming\SweetIM\SweetIM.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Programfiler\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [swg] C:\Programfiler\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [msnmsgr] ~"C:\Programfiler\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [PcSync] C:\Programfiler\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog O4 - HKUS\S-1-5-19\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-20\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'NETTVERKSTJENESTE') O4 - HKUS\S-1-5-18\..\Run: [swg] C:\Programfiler\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [swg] C:\Programfiler\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'Default user') O4 - Global Startup: Microsoft Office.lnk = C:\Programfiler\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: &Windows Live Search - res://C:\Programfiler\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Åpne i ny bakgrunnsflik - res://C:\Programfiler\Windows Live Toolbar\Components\nb-no\msntabres.dll.mui/229?b63aa9ec70054d279462c0355b7664c O8 - Extra context menu item: Åpne i ny forgrunnsflik - res://C:\Programfiler\Windows Live Toolbar\Components\nb-no\msntabres.dll.mui/230?b63aa9ec70054d279462c0355b7664c O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O23 - Service: GoogleDesktopManager - Google - C:\Programfiler\Google\Google Desktop Search\GoogleDesktop.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Programfiler\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: ServiceLayer - Nokia. - C:\Programfiler\Fellesfiler\PCSuite\Services\ServiceLayer.exe O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - Unknown owner - C:\Programfiler\TuneUp Utilities 2006\WinStylerThemeSvc.exe (file missing) -- End of file - 7247 bytes Lenke til kommentar
norbat Skrevet 23. mars 2008 Del Skrevet 23. mars 2008 Åpne notisblokk og kopier inn det som står i fet skrift under, lagre fila på skrivebordet som CFScript.txt. Dra deretter fila over Combofix-iconet. Combofix vil starte igjen. File:: C:\Windows\System32\noskrnl.sys Driver:: noskrnl.sys NFGOTZAF Post loggen og fortell hvordan PC-en kjører. Lenke til kommentar
m0g1e Skrevet 24. mars 2008 Forfatter Del Skrevet 24. mars 2008 ComboFix logg: Klikk for å se/fjerne innholdet nedenfor ComboFix 08-03-22.1 - Raymond 2008-03-24 5:40:44.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1044.18.501 [GMT 1:00] Running from: C:\Documents and Settings\Raymond\Skrivebord\ComboFix.exe Command switches used :: C:\Documents and Settings\Raymond\Skrivebord\CFScript.txt * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! FILE :: C:\Windows\System32\noskrnl.sys . TimedOut: progfile.dat ((((((((((((((((((((((((( Files Created from 2008-02-24 to 2008-03-24 ))))))))))))))))))))))))))))))) . 2008-03-24 05:42 . 2008-03-24 05:42 <DIR> dr-h----- C:\Documents and Settings\Raymond\Siste 2008-03-24 05:42 . 2008-03-24 05:42 268 --ah----- C:\sqmdata08.sqm 2008-03-24 05:42 . 2008-03-24 05:42 244 --ah----- C:\sqmnoopt08.sqm 2008-03-24 05:40 . 2008-03-24 05:40 <DIR> d-------- C:\Documents and Settings\Raymond\Programdata\gtopala 2008-03-22 17:58 . 2008-03-22 17:58 <DIR> d-------- C:\WINDOWS\system32\xircom 2008-03-22 17:58 . 2008-03-22 17:58 <DIR> d-------- C:\Programfiler\microsoft frontpage 2008-03-22 17:56 . 2008-03-22 17:56 268 --ah----- C:\sqmdata07.sqm 2008-03-22 17:56 . 2008-03-22 17:56 244 --ah----- C:\sqmnoopt07.sqm . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-03-22 16:54 --------- d-----w C:\Programfiler\SUPERAntiSpyware 2008-03-22 16:54 --------- d-----w C:\Documents and Settings\Raymond\Programdata\SUPERAntiSpyware.com 2007-10-30 21:45 157,712 ----a-w C:\Documents and Settings\Raymond\Programdata\install_no[1].exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Google Desktop Search"="C:\Programfiler\Google\Google Desktop Search\GoogleDesktop.exe" [2007-08-13 20:58 1838592] "SweetIM"="C:\Programfiler\Macrogaming\SweetIM\SweetIM.exe" [2006-06-06 09:07 40960] "MSMSGS"="C:\Programfiler\Messenger\msmsgs.exe" [2004-08-03 23:15 1694208] "swg"="C:\Programfiler\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-15 21:36 68856] "msnmsgr"="~C:\Programfiler\MSN Messenger\msnmsgr.exe" [ ] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:03 15360] "PcSync"="C:\Programfiler\Nokia\Nokia PC Suite 6\PcSync2.exe" [2006-06-27 16:21 1449984] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NeroCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 01:50 155648] "SweetIM"="C:\Programfiler\Macrogaming\SweetIM\SweetIM.exe" [2006-06-06 09:07 40960] "SunJavaUpdateSched"="C:\Programfiler\Java\jre1.5.0_06\bin\jusched.exe" [ ] "!AVG Anti-Spyware"="C:\Programfiler\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [ ] "PCSuiteTrayApplication"="C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.exe" [2006-06-15 12:36 229376] "Adobe Photo Downloader"="C:\Programfiler\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-07-07 17:41 57344] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "swg"="C:\Programfiler\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-15 21:36 68856] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "nlsf"="cmd.exe" [2004-08-04 00:03 388096 C:\WINDOWS\system32\cmd.exe] "tscuninstall"="C:\WINDOWS\system32\tscupgrd.exe" [2004-08-03 23:52 44544] C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\ Microsoft Office.lnk - C:\Programfiler\Microsoft Office\Office10\OSA.EXE [2001-02-13 00:01:04 83360] [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Authentication Packages REG_MULTI_SZ msv1_0 nwprovau [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Programfiler\\MSN Messenger\\msnmsgr.exe"= "%windir%\\system32\\winav.exe"= "C:\\WINDOWS\\system32\\mmc.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= R1 SMBHC;Vertskontrollerdriver for Microsoft SM Bus;C:\WINDOWS\system32\DRIVERS\SMBHC.sys [2001-08-17 21:57] R2 UxTuneUp;TuneUp Design Expansion;C:\WINDOWS\System32\svchost.exe [2004-08-04 00:03] R3 SMBBATT;Driver for Microsoft Smart Battery;C:\WINDOWS\system32\DRIVERS\SMBBATT.sys [2004-08-03 23:07] R3 TOSHIBASoftModem;Toshiba Soft Modem;C:\WINDOWS\system32\DRIVERS\LTSMT.sys [2001-08-17 19:28] S3 ess;ESS Audio-driver (WDM);C:\WINDOWS\system32\drivers\ess.sys [2001-08-17 18:19] S3 IPN2220;INPROCOMM IPN2220 Wireless LAN Card Driver;C:\WINDOWS\system32\DRIVERS\i2220ntx.sys [2004-11-04 17:29] S3 MusCDriverV32;MusCDriverV32;C:\WINDOWS\system32\drivers\MusCDriverV32.sys [2007-07-19 13:58] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs UxTuneUp . Contents of the 'Scheduled Tasks' folder "2007-12-21 16:15:00 C:\WINDOWS\Tasks\1-Click Maintenance.job" - C:\Programfiler\TuneUp Utilities 2006\SystemOptimizer.exe "2008-03-24 04:26:00 C:\WINDOWS\Tasks\Se etter oppdateringer for Windows Live Toolbar.job" - C:\Programfiler\Windows Live Toolbar\MSNTBUP.EXE . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-03-24 05:50:26 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . ------------------------ Other Running Processes ------------------------ . C:\WINDOWS\system32\WgaTray.exe C:\WINDOWS\system32\wscntfy.exe C:\Programfiler\Fellesfiler\PCSuite\Services\ServiceLayer.exe C:\PROGRA~1\FELLES~1\Nokia\MPAPI\MPAPI3s.exe . ************************************************************************** . Completion time: 2008-03-24 5:52:07 - machine was rebooted ComboFix-quarantined-files.txt 2008-03-24 04:51:53 ComboFix2.txt 2008-03-22 17:01:09 . 2007-12-21 02:01:24 --- E O F --- Virker som jeg nå har rettigheter til det meste på PC-en igjen (avanserte egenskaper på "Min Datamaskin"", kontrollpanel osv) Om det er noen flere sjekker å gjøre vil jeg gjerne prøve for å være sikker tusen hjertelig takk for hjelpen btw! Lenke til kommentar
snippsat Skrevet 24. mars 2008 Del Skrevet 24. mars 2008 (endret) Ja gått over loggene jeg og. Ikke at trengs når norbat har sett på dem Tenke på om du må ha SweetIM. Er sånn i grensland. Anngånde sikkerhet så bør du ha antivirus. Dette er et bra gratis oppsett. Avira gratis + comodo brannvegg + superantispyware Bruk pcen litt funger den greit og du hører ikke noe fra norbat. Kan du gjøre dette. Du kan fjerne combofix ved å skrive combofix /u fra kjør-vinduet. Denne kommandoen gjør at filer i karantene og backups blir slette. Systemgjenopprettingsmappa nullstilt etc. Endret 24. mars 2008 av SNIPPSAT Lenke til kommentar
m0g1e Skrevet 24. mars 2008 Forfatter Del Skrevet 24. mars 2008 Takker Jeg lurte selv på SweetIM, og har vel nå avinstallert det med uninstall shield. mtp brannmur har jeg alltid hatt det inntrykket av at Windows Firewallen fungerer kurrant på de fleste PC-er. Da tenker jeg hjem som har Om noen kunne forklart litt nærmere hva som er pluss og minus med Comondo vs WinFW f.eks. ville det vært flott Jo, btw så har jeg kjørt NOD32 (som jeg pleier å anbefale til andre som AV og malware beskyttelse) og funnet el hel mulig executeble filer som er blitt fjernet. Om en logg her kunne vært interessant kan jeg jo gjerne legge denne ut. Forstår jeg det slik at det er infiseringer som "kjører" i systemet som HJT og ComboFix finner? Altså ikke "installasjonsfiler" osv? Takkker for alle hjelpen. Ufattelig godt å ha dere til rådighet her Lenke til kommentar
Gjest medlem-105082 Skrevet 24. mars 2008 Del Skrevet 24. mars 2008 Hva som er pluss med Comodo Firewall er at den er tett som banken. Minuset med Windows Firewall er at den lekker som en sil. Kort fortalt. Lenke til kommentar
norbat Skrevet 24. mars 2008 Del Skrevet 24. mars 2008 Forstår jeg det slik at det er infiseringer som "kjører" i systemet som HJT og ComboFix finner? Altså ikke "installasjonsfiler" osv? HJT lister opp 'kjørende' prosesser, gode som dårlige. Den lister også opp noen områder som malware typisk infiserer slik at man har mulighet til å sjekke nettopp disse områdene. Combofix fjerner en bråte med kjente malware og lister opp bla. filer som er opprettet siste måned. Dette kan være 'kjørende prosesser', 'installasjonsfiler' m.fl. I din siste logg ligger det en 'installasjonsfil' på følgende plassering: C:\Documents and Settings\Raymond\Programdata\install_no[1].exe. Jeg antar du vet hva dette er for en fil? Hvis ikke fjerner du den. Lenke til kommentar
m0g1e Skrevet 24. mars 2008 Forfatter Del Skrevet 24. mars 2008 Hva som er pluss med Comodo Firewall er at den er tett som banken. Minuset med Windows Firewall er at den lekker som en sil. Kort fortalt. Har du noen lenker å vise til? At man skal få opp 10x medlinger om hvordan man skal spesifikt behandle en innkommende eller utgående sending på nettet er noe jeg ønsker for all del å unngå. Dessuten er en standard red/green brannmur i routeren(modem) ganske vanlig i de fleste husholdninger. (Stengt utenifra) Med mindre du kjører direkte gjennom et modem og på nettet uten noen routing eller NAT imellom, så ser jeg ikke helt vitsen.. Lenke til kommentar
m0g1e Skrevet 24. mars 2008 Forfatter Del Skrevet 24. mars 2008 Forstår jeg det slik at det er infiseringer som "kjører" i systemet som HJT og ComboFix finner? Altså ikke "installasjonsfiler" osv? HJT lister opp 'kjørende' prosesser, gode som dårlige. Den lister også opp noen områder som malware typisk infiserer slik at man har mulighet til å sjekke nettopp disse områdene. Combofix fjerner en bråte med kjente malware og lister opp bla. filer som er opprettet siste måned. Dette kan være 'kjørende prosesser', 'installasjonsfiler' m.fl. I din siste logg ligger det en 'installasjonsfil' på følgende plassering: C:\Documents and Settings\Raymond\Programdata\install_no[1].exe. Jeg antar du vet hva dette er for en fil? Hvis ikke fjerner du den. Dette er en av de mange filene som NOD32 fikk fjernet. Føler meg temmelig sikker på at det meste er borte nå. Har også fjernet noen småting med HJT som angikk SweetIM osv. Skal gjøre bkp av alle personlige data nå, så hva som angår systemet av filer er heller lite relevant. Å ta bkp av en infisert PC er ikke min vei.. Lenke til kommentar
norbat Skrevet 24. mars 2008 Del Skrevet 24. mars 2008 Med forbehold om C:\Documents and Settings\Raymond\Programdata\install_no[1].exe (som kan sjekkes på http://virusscan.jotti.org/, så viser loggene ingen infeksjoner. Man kan derfor anta at PC-en er ren. Lenke til kommentar
snippsat Skrevet 24. mars 2008 Del Skrevet 24. mars 2008 Har du noen lenker å vise til? http://www.matousec.com/projects/windows-p...sts-results.php http://www.matousec.com/projects/firewall-...nge/results.php Å ta bkp av en infisert PC er ikke min vei.. Du får scanne litt da. Onlinescann. Nod32 onlinescan + f-secure online + prevx scann + Singel fil scann Lenke til kommentar
m0g1e Skrevet 24. mars 2008 Forfatter Del Skrevet 24. mars 2008 Comondo ble alt for paranoia for å kunne ha en liten enkel brannvegg mener jeg. (de har til og med en modus som heter "paranoia".. så det holder) Forsøker meg på Online Armor Personal Firewall. Lurte for øvrig på om det finnes noen tester MS WinFW vs "Third party FW". Lenke til kommentar
Gjest medlem-105082 Skrevet 24. mars 2008 Del Skrevet 24. mars 2008 (endret) Online Armor Free er også veldig god. Comodo kan du stille inn slik at den lærer selv hvilke program som skal godtas, og at du får minimalt med forespørsler. Endret 24. mars 2008 av medlem-105082 Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå