ed9 Skrevet 1. juli 2009 Del Skrevet 1. juli 2009 Hadde vært flott om noen kunne se over loggene for meg SAS: Klikk for å se/fjerne innholdet nedenfor SUPERAntiSpyware Scan Loghttp://www.superantispyware.com Generated 07/01/2009 at 00:25 AM Application Version : 4.26.1006 Core Rules Database Version : 3963 Trace Rules Database Version: 1904 Scan type : Complete Scan Total Scan Time : 01:08:43 Memory items scanned : 775 Memory threats detected : 2 Registry items scanned : 7239 Registry threats detected : 518 File items scanned : 32076 File threats detected : 62 Adware.180solutions/Seekmo/Zango C:\PROGRAM FILES\ZANGO\BIN\10.3.84.0\WEATHER.EXE C:\PROGRAM FILES\ZANGO\BIN\10.3.84.0\WEATHER.EXE C:\PROGRAM FILES\ZANGO\BIN\10.3.84.0\WESKIN.DLL C:\PROGRAM FILES\ZANGO\BIN\10.3.84.0\WESKIN.DLL [WeatherDPA] C:\PROGRAM FILES\ZANGO\BIN\10.3.84.0\WEATHER.EXE C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS\NPCLNTAX_ZANGOSA.DLL C:\USERS\ANETA\DOWNLOADS\SETUP(2).EXE C:\USERS\ANETA\DOWNLOADS\SETUP.EXE Adware.HotBar/SpamBlockerUtility (Low Risk) HKLM\Software\Classes\CLSID\{2AA2FBF8-9C76-4E97-A226-25C5F4AB6358} HKCR\CLSID\{2AA2FBF8-9C76-4E97-A226-25C5F4AB6358} HKCR\CLSID\{2AA2FBF8-9C76-4E97-A226-25C5F4AB6358} HKCR\CLSID\{2AA2FBF8-9C76-4E97-A226-25C5F4AB6358}\Control HKCR\CLSID\{2AA2FBF8-9C76-4E97-A226-25C5F4AB6358}\Implemented Categories HKCR\CLSID\{2AA2FBF8-9C76-4E97-A226-25C5F4AB6358}\Implemented Categories\{00021494-0000-0000-C000-000000000046} HKCR\CLSID\{2AA2FBF8-9C76-4E97-A226-25C5F4AB6358}\InprocServer32 HKCR\CLSID\{2AA2FBF8-9C76-4E97-A226-25C5F4AB6358}\InprocServer32#ThreadingModel HKCR\CLSID\{2AA2FBF8-9C76-4E97-A226-25C5F4AB6358}\Instance HKCR\CLSID\{2AA2FBF8-9C76-4E97-A226-25C5F4AB6358}\Instance#CLSID HKCR\CLSID\{2AA2FBF8-9C76-4E97-A226-25C5F4AB6358}\Instance\InitPropertyBag HKCR\CLSID\{2AA2FBF8-9C76-4E97-A226-25C5F4AB6358}\Instance\InitPropertyBag#Url HKCR\CLSID\{2AA2FBF8-9C76-4E97-A226-25C5F4AB6358}\MiscStatus HKCR\CLSID\{2AA2FBF8-9C76-4E97-A226-25C5F4AB6358}\MiscStatus\1 HKCR\CLSID\{2AA2FBF8-9C76-4E97-A226-25C5F4AB6358}\ProgID HKCR\CLSID\{2AA2FBF8-9C76-4E97-A226-25C5F4AB6358}\Programmable HKCR\CLSID\{2AA2FBF8-9C76-4E97-A226-25C5F4AB6358}\ToolboxBitmap32 HKCR\CLSID\{2AA2FBF8-9C76-4E97-A226-25C5F4AB6358}\TypeLib HKCR\CLSID\{2AA2FBF8-9C76-4E97-A226-25C5F4AB6358}\Version HKCR\CLSID\{2AA2FBF8-9C76-4E97-A226-25C5F4AB6358}\VersionIndependentProgID HKCR\HBMain.CommBand.1 HKCR\HBMain.CommBand.1\CLSID HKCR\HBMain.CommBand HKCR\HBMain.CommBand\CLSID HKCR\HBMain.CommBand\CurVer HKCR\TypeLib\{A57470DE-14C7-4FCD-9D4C-E5711F24F0ED} HKCR\TypeLib\{A57470DE-14C7-4FCD-9D4C-E5711F24F0ED}\1.0 HKCR\TypeLib\{A57470DE-14C7-4FCD-9D4C-E5711F24F0ED}\1.0 HKCR\TypeLib\{A57470DE-14C7-4FCD-9D4C-E5711F24F0ED}\1.0\win32 HKCR\TypeLib\{A57470DE-14C7-4FCD-9D4C-E5711F24F0ED}\1.0\FLAGS HKCR\TypeLib\{A57470DE-14C7-4FCD-9D4C-E5711F24F0ED}\1.0\HELPDIR C:\PROGRAM FILES\ZANGO\BIN\10.3.84.0\HOSTIE.DLL HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\{2AA2FBF8-9C76-4E97-A226-25C5F4AB6358} HKU\S-1-5-21-602728746-2119309579-3980973252-1000\Software\Microsoft\Internet Explorer\Explorer Bars\{2AA2FBF8-9C76-4E97-A226-25C5F4AB6358} Adware.Zango Toolbar/Hb HKLM\Software\Classes\CLSID\{90B8B761-DF2B-48AC-BBE0-BCC03A819B3B} HKCR\CLSID\{90B8B761-DF2B-48AC-BBE0-BCC03A819B3B} HKCR\CLSID\{90B8B761-DF2B-48AC-BBE0-BCC03A819B3B} HKCR\CLSID\{90B8B761-DF2B-48AC-BBE0-BCC03A819B3B}\InprocServer32 HKCR\CLSID\{90B8B761-DF2B-48AC-BBE0-BCC03A819B3B}\InprocServer32#ThreadingModel HKCR\CLSID\{90B8B761-DF2B-48AC-BBE0-BCC03A819B3B}\ProgID HKCR\CLSID\{90B8B761-DF2B-48AC-BBE0-BCC03A819B3B}\Programmable HKCR\CLSID\{90B8B761-DF2B-48AC-BBE0-BCC03A819B3B}\TypeLib HKCR\CLSID\{90B8B761-DF2B-48AC-BBE0-BCC03A819B3B}\VersionIndependentProgID HKCR\HostIE.Bho.1 HKCR\HostIE.Bho.1\CLSID HKCR\HostIE.Bho HKCR\HostIE.Bho\CLSID HKCR\HostIE.Bho\CurVer HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{90B8B761-DF2B-48AC-BBE0-BCC03A819B3B} HKU\S-1-5-21-602728746-2119309579-3980973252-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{90B8B761-DF2B-48AC-BBE0-BCC03A819B3B} HKLM\Software\Microsoft\Internet Explorer\Toolbar#{90B8B761-DF2B-48AC-BBE0-BCC03A819B3B} HKCR\HbCoreSrv.DynamicProp HKCR\HbCoreSrv.DynamicProp\CLSID HKCR\HbCoreSrv.DynamicProp\CurVer HKCR\HbCoreSrv.DynamicProp.1 HKCR\HbCoreSrv.DynamicProp.1\CLSID HKCR\Wallpaper.WallpaperManager HKCR\Wallpaper.WallpaperManager\CLSID HKCR\Wallpaper.WallpaperManager\CurVer HKCR\Wallpaper.WallpaperManager.1 HKCR\Wallpaper.WallpaperManager.1\CLSID HKCR\CoreSrv.CoreServices HKCR\CoreSrv.CoreServices\CLSID HKCR\CoreSrv.CoreServices\CurVer HKCR\CoreSrv.CoreServices.1 HKCR\CoreSrv.CoreServices.1\CLSID HKCR\CoreSrv.LfgAx HKCR\CoreSrv.LfgAx\CLSID HKCR\CoreSrv.LfgAx\CurVer HKCR\CoreSrv.LfgAx.1 HKCR\CoreSrv.LfgAx.1\CLSID HKCR\hbr.HbMain HKCR\hbr.HbMain\CLSID HKCR\hbr.HbMain\CurVer HKCR\hbr.HbMain.1 HKCR\hbr.HbMain.1\CLSID HKCR\HostOL.MailAnim HKCR\HostOL.MailAnim\CLSID HKCR\HostOL.MailAnim\CurVer HKCR\HostOL.MailAnim.1 HKCR\HostOL.MailAnim.1\CLSID HKCR\HostOL.WebmailSend HKCR\HostOL.WebmailSend\CLSID HKCR\HostOL.WebmailSend\CurVer HKCR\HostOL.WebmailSend.1 HKCR\HostOL.WebmailSend.1\CLSID HKCR\Srv.CoreServices HKCR\Srv.CoreServices\CLSID HKCR\Srv.CoreServices\CurVer HKCR\Srv.CoreServices.1 HKCR\Srv.CoreServices.1\CLSID HKCR\Toolbar.HtmlMenuUI HKCR\Toolbar.HtmlMenuUI\CLSID HKCR\Toolbar.HtmlMenuUI\CurVer HKCR\Toolbar.HtmlMenuUI.1 HKCR\Toolbar.HtmlMenuUI.1\CLSID HKCR\Toolbar.ToolbarCtl HKCR\Toolbar.ToolbarCtl\CLSID HKCR\Toolbar.ToolbarCtl\CurVer HKCR\Toolbar.ToolbarCtl.1 HKCR\Toolbar.ToolbarCtl.1\CLSID HKCR\ZangoAX.ClientDetector HKCR\ZangoAX.ClientDetector\CLSID HKCR\ZangoAX.ClientDetector\CurVer HKCR\ZangoAX.ClientDetector.1 HKCR\ZangoAX.ClientDetector.1\CLSID HKCR\ZangoAX.UserProfiles HKCR\ZangoAX.UserProfiles\CLSID HKCR\ZangoAX.UserProfiles\CurVer HKCR\ZangoAX.UserProfiles.1 HKCR\ZangoAX.UserProfiles.1\CLSID HKCR\CLSID\{B0CB585F-3271-4E42-88D9-AE5C9330D554} HKCR\CLSID\{B0CB585F-3271-4E42-88D9-AE5C9330D554}#AppID HKCR\CLSID\{B0CB585F-3271-4E42-88D9-AE5C9330D554}\Control HKCR\CLSID\{B0CB585F-3271-4E42-88D9-AE5C9330D554}\Implemented Categories HKCR\CLSID\{B0CB585F-3271-4E42-88D9-AE5C9330D554}\Implemented Categories\{7DD95801-9882-11CF-9FA9-00AA006C42C4} HKCR\CLSID\{B0CB585F-3271-4E42-88D9-AE5C9330D554}\InprocServer32 HKCR\CLSID\{B0CB585F-3271-4E42-88D9-AE5C9330D554}\InprocServer32#ThreadingModel HKCR\CLSID\{B0CB585F-3271-4E42-88D9-AE5C9330D554}\MiscStatus HKCR\CLSID\{B0CB585F-3271-4E42-88D9-AE5C9330D554}\MiscStatus\1 HKCR\CLSID\{B0CB585F-3271-4E42-88D9-AE5C9330D554}\ProgID HKCR\CLSID\{B0CB585F-3271-4E42-88D9-AE5C9330D554}\Programmable HKCR\CLSID\{B0CB585F-3271-4E42-88D9-AE5C9330D554}\ToolboxBitmap32 HKCR\CLSID\{B0CB585F-3271-4E42-88D9-AE5C9330D554}\TypeLib HKCR\CLSID\{B0CB585F-3271-4E42-88D9-AE5C9330D554}\Version HKCR\CLSID\{B0CB585F-3271-4E42-88D9-AE5C9330D554}\VersionIndependentProgID HKU\S-1-5-21-602728746-2119309579-3980973252-1000\Software\zangosa HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ZangoSA HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ZangoSA#DisplayName HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ZangoSA#DisplayIcon HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ZangoSA#UninstallString HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ZangoSA#DisplayVersion HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ZangoSA#HelpLink HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ZangoSA#Publisher HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ZangoSA#URLInfoAbout C:\Users\aneta\AppData\Roaming\Zango Adware.Zango/ShoppingReport HKU\S-1-5-21-602728746-2119309579-3980973252-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C5428486-50A0-4A02-9D20-520B59A9F9B2} HKU\S-1-5-21-602728746-2119309579-3980973252-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C5428486-50A0-4A02-9D20-520B59A9F9B3} HKCR\CntntCntr.CntntDic HKCR\CntntCntr.CntntDic\CLSID HKCR\CntntCntr.CntntDic\CurVer HKCR\CntntCntr.CntntDic.1 HKCR\CntntCntr.CntntDic.1\CLSID HKCR\CntntCntr.CntntDisp HKCR\CntntCntr.CntntDisp\CLSID HKCR\CntntCntr.CntntDisp\CurVer HKCR\CntntCntr.CntntDisp.1 HKCR\CntntCntr.CntntDisp.1\CLSID HKCR\ShoppingReport.HbAx HKCR\ShoppingReport.HbAx\CLSID HKCR\ShoppingReport.HbAx\CurVer HKCR\ShoppingReport.HbAx.1 HKCR\ShoppingReport.HbAx.1\CLSID HKCR\ShoppingReport.HbInfoBand HKCR\ShoppingReport.HbInfoBand\CLSID HKCR\ShoppingReport.HbInfoBand\CurVer HKCR\ShoppingReport.HbInfoBand.1 HKCR\ShoppingReport.HbInfoBand.1\CLSID HKCR\ShoppingReport.IEButton HKCR\ShoppingReport.IEButton\CLSID HKCR\ShoppingReport.IEButton\CurVer HKCR\ShoppingReport.IEButton.1 HKCR\ShoppingReport.IEButton.1\CLSID HKCR\ShoppingReport.IEButtonA HKCR\ShoppingReport.IEButtonA\CLSID HKCR\ShoppingReport.IEButtonA\CurVer HKCR\ShoppingReport.IEButtonA.1 HKCR\ShoppingReport.IEButtonA.1\CLSID HKCR\ShoppingReport.RprtCtrl HKCR\ShoppingReport.RprtCtrl\CLSID HKCR\ShoppingReport.RprtCtrl\CurVer HKCR\ShoppingReport.RprtCtrl.1 HKCR\ShoppingReport.RprtCtrl.1\CLSID HKCR\WeatherDPA.WeatherController HKCR\WeatherDPA.WeatherController\CLSID HKCR\WeatherDPA.WeatherController\CurVer HKCR\WeatherDPA.WeatherController.1 HKCR\WeatherDPA.WeatherController.1\CLSID HKCR\CLSID\{14113B47-D59C-4F0F-9D10-FF1730265584} HKCR\CLSID\{14113B47-D59C-4F0F-9D10-FF1730265584}#AppID HKCR\CLSID\{14113B47-D59C-4F0F-9D10-FF1730265584}\InprocServer32 HKCR\CLSID\{14113B47-D59C-4F0F-9D10-FF1730265584}\InprocServer32#ThreadingModel HKCR\CLSID\{14113B47-D59C-4F0F-9D10-FF1730265584}\ProgID HKCR\CLSID\{14113B47-D59C-4F0F-9D10-FF1730265584}\Programmable HKCR\CLSID\{14113B47-D59C-4F0F-9D10-FF1730265584}\TypeLib HKCR\CLSID\{14113B47-D59C-4F0F-9D10-FF1730265584}\VersionIndependentProgID HKCR\CLSID\{2D00AA2A-69EF-487a-8A40-B3E27F07C91E} HKCR\CLSID\{2D00AA2A-69EF-487a-8A40-B3E27F07C91E}\InprocServer32 HKCR\CLSID\{2D00AA2A-69EF-487a-8A40-B3E27F07C91E}\InprocServer32#ThreadingModel HKCR\CLSID\{2D00AA2A-69EF-487a-8A40-B3E27F07C91E}\ProgID HKCR\CLSID\{2D00AA2A-69EF-487a-8A40-B3E27F07C91E}\Programmable HKCR\CLSID\{2D00AA2A-69EF-487a-8A40-B3E27F07C91E}\TypeLib HKCR\CLSID\{2D00AA2A-69EF-487a-8A40-B3E27F07C91E}\VersionIndependentProgID HKCR\CLSID\{3788E535-897B-463d-B6D6-FEE5B86EC144} HKCR\CLSID\{3788E535-897B-463d-B6D6-FEE5B86EC144}\InprocServer32 HKCR\CLSID\{3788E535-897B-463d-B6D6-FEE5B86EC144}\InprocServer32#ThreadingModel HKCR\CLSID\{3788E535-897B-463d-B6D6-FEE5B86EC144}\ProgID HKCR\CLSID\{3788E535-897B-463d-B6D6-FEE5B86EC144}\Programmable HKCR\CLSID\{3788E535-897B-463d-B6D6-FEE5B86EC144}\TypeLib HKCR\CLSID\{3788E535-897B-463d-B6D6-FEE5B86EC144}\VersionIndependentProgID HKCR\CLSID\{69725738-CD68-4F36-8D02-8C43722EE5DA} HKCR\CLSID\{69725738-CD68-4F36-8D02-8C43722EE5DA}\InprocServer32 HKCR\CLSID\{69725738-CD68-4F36-8D02-8C43722EE5DA}\InprocServer32#ThreadingModel HKCR\CLSID\{69725738-CD68-4F36-8D02-8C43722EE5DA}\ProgID HKCR\CLSID\{69725738-CD68-4F36-8D02-8C43722EE5DA}\Programmable HKCR\CLSID\{69725738-CD68-4F36-8D02-8C43722EE5DA}\TypeLib HKCR\CLSID\{69725738-CD68-4F36-8D02-8C43722EE5DA}\VersionIndependentProgID HKCR\CLSID\{70880CE6-308C-4204-A89E-B266C3F7B7FA} HKCR\CLSID\{70880CE6-308C-4204-A89E-B266C3F7B7FA}\LocalServer32 HKCR\CLSID\{70880CE6-308C-4204-A89E-B266C3F7B7FA}\ProgID HKCR\CLSID\{70880CE6-308C-4204-A89E-B266C3F7B7FA}\Programmable HKCR\CLSID\{70880CE6-308C-4204-A89E-B266C3F7B7FA}\TypeLib HKCR\CLSID\{70880CE6-308C-4204-A89E-B266C3F7B7FA}\VersionIndependentProgID HKCR\CLSID\{71F731B3-008B-4052-9EA4-4145ACCE40C3} HKCR\CLSID\{71F731B3-008B-4052-9EA4-4145ACCE40C3}\InprocServer32 HKCR\CLSID\{71F731B3-008B-4052-9EA4-4145ACCE40C3}\InprocServer32#ThreadingModel HKCR\CLSID\{71F731B3-008B-4052-9EA4-4145ACCE40C3}\ProgID HKCR\CLSID\{71F731B3-008B-4052-9EA4-4145ACCE40C3}\Programmable HKCR\CLSID\{71F731B3-008B-4052-9EA4-4145ACCE40C3}\TypeLib HKCR\CLSID\{71F731B3-008B-4052-9EA4-4145ACCE40C3}\VersionIndependentProgID HKCR\CLSID\{86C5840B-80C4-4C30-A655-37344A542009} HKCR\CLSID\{86C5840B-80C4-4C30-A655-37344A542009}\InprocServer32 HKCR\CLSID\{86C5840B-80C4-4C30-A655-37344A542009}\InprocServer32#ThreadingModel HKCR\CLSID\{86C5840B-80C4-4C30-A655-37344A542009}\ProgID HKCR\CLSID\{86C5840B-80C4-4C30-A655-37344A542009}\TypeLib HKCR\CLSID\{86C5840B-80C4-4C30-A655-37344A542009}\VersionIndependentProgID HKCR\CLSID\{9473559B-50FC-4A8A-829B-E152E8D6A307} HKCR\CLSID\{9473559B-50FC-4A8A-829B-E152E8D6A307}\LocalServer32 HKCR\CLSID\{9473559B-50FC-4A8A-829B-E152E8D6A307}\ProgID HKCR\CLSID\{9473559B-50FC-4A8A-829B-E152E8D6A307}\Programmable HKCR\CLSID\{9473559B-50FC-4A8A-829B-E152E8D6A307}\TypeLib HKCR\CLSID\{9473559B-50FC-4A8A-829B-E152E8D6A307}\VersionIndependentProgID HKCR\CLSID\{A5B6FA30-D317-41CA-9CB1-C898D3C7F34E} HKCR\CLSID\{A5B6FA30-D317-41CA-9CB1-C898D3C7F34E}\Control HKCR\CLSID\{A5B6FA30-D317-41CA-9CB1-C898D3C7F34E}\InprocServer32 HKCR\CLSID\{A5B6FA30-D317-41CA-9CB1-C898D3C7F34E}\InprocServer32#ThreadingModel HKCR\CLSID\{A5B6FA30-D317-41CA-9CB1-C898D3C7F34E}\ProgID HKCR\CLSID\{A5B6FA30-D317-41CA-9CB1-C898D3C7F34E}\Programmable HKCR\CLSID\{A5B6FA30-D317-41CA-9CB1-C898D3C7F34E}\ToolboxBitmap32 HKCR\CLSID\{A5B6FA30-D317-41CA-9CB1-C898D3C7F34E}\TypeLib HKCR\CLSID\{A5B6FA30-D317-41CA-9CB1-C898D3C7F34E}\VersionIndependentProgID HKCR\CLSID\{A9C42A57-421C-4572-8B12-249C59183D1C} HKCR\CLSID\{A9C42A57-421C-4572-8B12-249C59183D1C}#AppID HKCR\CLSID\{A9C42A57-421C-4572-8B12-249C59183D1C}\InprocServer32 HKCR\CLSID\{A9C42A57-421C-4572-8B12-249C59183D1C}\InprocServer32#ThreadingModel HKCR\CLSID\{A9C42A57-421C-4572-8B12-249C59183D1C}\ProgID HKCR\CLSID\{A9C42A57-421C-4572-8B12-249C59183D1C}\Programmable HKCR\CLSID\{A9C42A57-421C-4572-8B12-249C59183D1C}\TypeLib HKCR\CLSID\{A9C42A57-421C-4572-8B12-249C59183D1C}\VersionIndependentProgID HKCR\CLSID\{CC19A5F2-B4AD-41D5-A5C9-0680904C1483} HKCR\CLSID\{CC19A5F2-B4AD-41D5-A5C9-0680904C1483}\InprocServer32 HKCR\CLSID\{CC19A5F2-B4AD-41D5-A5C9-0680904C1483}\InprocServer32#ThreadingModel HKCR\CLSID\{CC19A5F2-B4AD-41D5-A5C9-0680904C1483}\ProgID HKCR\CLSID\{CC19A5F2-B4AD-41D5-A5C9-0680904C1483}\Programmable HKCR\CLSID\{CC19A5F2-B4AD-41D5-A5C9-0680904C1483}\TypeLib HKCR\CLSID\{CC19A5F2-B4AD-41D5-A5C9-0680904C1483}\VersionIndependentProgID HKCR\CLSID\{D3F940EA-4E87-423b-9091-934E1E4FCEAE} HKCR\CLSID\{D3F940EA-4E87-423b-9091-934E1E4FCEAE}\Control HKCR\CLSID\{D3F940EA-4E87-423b-9091-934E1E4FCEAE}\InprocServer32 HKCR\CLSID\{D3F940EA-4E87-423b-9091-934E1E4FCEAE}\InprocServer32#ThreadingModel HKCR\CLSID\{D3F940EA-4E87-423b-9091-934E1E4FCEAE}\MiscStatus HKCR\CLSID\{D3F940EA-4E87-423b-9091-934E1E4FCEAE}\MiscStatus\1 HKCR\CLSID\{D3F940EA-4E87-423b-9091-934E1E4FCEAE}\ProgID HKCR\CLSID\{D3F940EA-4E87-423b-9091-934E1E4FCEAE}\Programmable HKCR\CLSID\{D3F940EA-4E87-423b-9091-934E1E4FCEAE}\ToolboxBitmap32 HKCR\CLSID\{D3F940EA-4E87-423b-9091-934E1E4FCEAE}\TypeLib HKCR\CLSID\{D3F940EA-4E87-423b-9091-934E1E4FCEAE}\Version HKCR\CLSID\{D3F940EA-4E87-423b-9091-934E1E4FCEAE}\VersionIndependentProgID HKCR\TypeLib\{03D7FF6E-9781-40B5-BB7F-94291A361604} HKCR\TypeLib\{03D7FF6E-9781-40B5-BB7F-94291A361604}\1.0 HKCR\TypeLib\{03D7FF6E-9781-40B5-BB7F-94291A361604}\1.0 HKCR\TypeLib\{03D7FF6E-9781-40B5-BB7F-94291A361604}\1.0\win32 HKCR\TypeLib\{03D7FF6E-9781-40B5-BB7F-94291A361604}\1.0\FLAGS HKCR\TypeLib\{03D7FF6E-9781-40B5-BB7F-94291A361604}\1.0\HELPDIR HKCR\TypeLib\{0729F461-8054-47DC-8D39-A31B61CC0119} HKCR\TypeLib\{0729F461-8054-47DC-8D39-A31B61CC0119}\1.0 HKCR\TypeLib\{0729F461-8054-47DC-8D39-A31B61CC0119}\1.0 HKCR\TypeLib\{0729F461-8054-47DC-8D39-A31B61CC0119}\1.0\win32 HKCR\TypeLib\{0729F461-8054-47DC-8D39-A31B61CC0119}\1.0\FLAGS HKCR\TypeLib\{0729F461-8054-47DC-8D39-A31B61CC0119}\1.0\HELPDIR HKCR\TypeLib\{148E1447-C728-48FD-BEEC-A7D06C5FFF58} HKCR\TypeLib\{148E1447-C728-48FD-BEEC-A7D06C5FFF58}\1.0 HKCR\TypeLib\{148E1447-C728-48FD-BEEC-A7D06C5FFF58}\1.0 HKCR\TypeLib\{148E1447-C728-48FD-BEEC-A7D06C5FFF58}\1.0\win32 HKCR\TypeLib\{148E1447-C728-48FD-BEEC-A7D06C5FFF58}\1.0\FLAGS HKCR\TypeLib\{148E1447-C728-48FD-BEEC-A7D06C5FFF58}\1.0\HELPDIR HKCR\TypeLib\{8292078F-F6E9-412B-8EB1-360C05C5ECE5} HKCR\TypeLib\{8292078F-F6E9-412B-8EB1-360C05C5ECE5}\1.0 HKCR\TypeLib\{8292078F-F6E9-412B-8EB1-360C05C5ECE5}\1.0 HKCR\TypeLib\{8292078F-F6E9-412B-8EB1-360C05C5ECE5}\1.0\win32 HKCR\TypeLib\{8292078F-F6E9-412B-8EB1-360C05C5ECE5}\1.0\FLAGS HKCR\TypeLib\{8292078F-F6E9-412B-8EB1-360C05C5ECE5}\1.0\HELPDIR HKCR\TypeLib\{89085678-632D-4DEB-BDA0-CD912C63203E} HKCR\TypeLib\{89085678-632D-4DEB-BDA0-CD912C63203E}\1.0 HKCR\TypeLib\{89085678-632D-4DEB-BDA0-CD912C63203E}\1.0 HKCR\TypeLib\{89085678-632D-4DEB-BDA0-CD912C63203E}\1.0\win32 HKCR\TypeLib\{89085678-632D-4DEB-BDA0-CD912C63203E}\1.0\FLAGS HKCR\TypeLib\{89085678-632D-4DEB-BDA0-CD912C63203E}\1.0\HELPDIR HKCR\TypeLib\{A56FE01C-77C4-4F5E-8198-E4B72207890A} HKCR\TypeLib\{A56FE01C-77C4-4F5E-8198-E4B72207890A}\1.0 HKCR\TypeLib\{A56FE01C-77C4-4F5E-8198-E4B72207890A}\1.0 HKCR\TypeLib\{A56FE01C-77C4-4F5E-8198-E4B72207890A}\1.0\win32 HKCR\TypeLib\{A56FE01C-77C4-4F5E-8198-E4B72207890A}\1.0\FLAGS HKCR\TypeLib\{A56FE01C-77C4-4F5E-8198-E4B72207890A}\1.0\HELPDIR HKCR\TypeLib\{ABEC1835-3181-4ABD-8DDE-875AEC4DF6D2} HKCR\TypeLib\{ABEC1835-3181-4ABD-8DDE-875AEC4DF6D2}\1.0 HKCR\TypeLib\{ABEC1835-3181-4ABD-8DDE-875AEC4DF6D2}\1.0 HKCR\TypeLib\{ABEC1835-3181-4ABD-8DDE-875AEC4DF6D2}\1.0\win32 HKCR\TypeLib\{ABEC1835-3181-4ABD-8DDE-875AEC4DF6D2}\1.0\FLAGS HKCR\TypeLib\{ABEC1835-3181-4ABD-8DDE-875AEC4DF6D2}\1.0\HELPDIR HKCR\TypeLib\{CDCA70D8-C6A6-49EE-9BED-7429D6C477A2} HKCR\TypeLib\{CDCA70D8-C6A6-49EE-9BED-7429D6C477A2}\1.0 HKCR\TypeLib\{CDCA70D8-C6A6-49EE-9BED-7429D6C477A2}\1.0 HKCR\TypeLib\{CDCA70D8-C6A6-49EE-9BED-7429D6C477A2}\1.0\win32 HKCR\TypeLib\{CDCA70D8-C6A6-49EE-9BED-7429D6C477A2}\1.0\FLAGS HKCR\TypeLib\{CDCA70D8-C6A6-49EE-9BED-7429D6C477A2}\1.0\HELPDIR HKCR\TypeLib\{D136987F-E1C4-4CCC-A220-893DF03EC5DF} HKCR\TypeLib\{D136987F-E1C4-4CCC-A220-893DF03EC5DF}\1.0 HKCR\TypeLib\{D136987F-E1C4-4CCC-A220-893DF03EC5DF}\1.0 HKCR\TypeLib\{D136987F-E1C4-4CCC-A220-893DF03EC5DF}\1.0\win32 HKCR\TypeLib\{D136987F-E1C4-4CCC-A220-893DF03EC5DF}\1.0\FLAGS HKCR\TypeLib\{D136987F-E1C4-4CCC-A220-893DF03EC5DF}\1.0\HELPDIR HKCR\Interface\{0AF9A087-0CBF-46B2-9DC9-52D0D16B5AB6} HKCR\Interface\{0AF9A087-0CBF-46B2-9DC9-52D0D16B5AB6}\ProxyStubClsid HKCR\Interface\{0AF9A087-0CBF-46B2-9DC9-52D0D16B5AB6}\ProxyStubClsid32 HKCR\Interface\{0AF9A087-0CBF-46B2-9DC9-52D0D16B5AB6}\TypeLib HKCR\Interface\{0AF9A087-0CBF-46B2-9DC9-52D0D16B5AB6}\TypeLib#Version HKCR\Interface\{2447E305-5E90-42A8-BD1E-0BC333B807E1} HKCR\Interface\{2447E305-5E90-42A8-BD1E-0BC333B807E1}\ProxyStubClsid HKCR\Interface\{2447E305-5E90-42A8-BD1E-0BC333B807E1}\ProxyStubClsid32 HKCR\Interface\{2447E305-5E90-42A8-BD1E-0BC333B807E1}\TypeLib HKCR\Interface\{2447E305-5E90-42A8-BD1E-0BC333B807E1}\TypeLib#Version HKCR\Interface\{2557DD3F-23A0-477C-BCD8-90FD0AECC4B8} HKCR\Interface\{2557DD3F-23A0-477C-BCD8-90FD0AECC4B8}\ProxyStubClsid HKCR\Interface\{2557DD3F-23A0-477C-BCD8-90FD0AECC4B8}\ProxyStubClsid32 HKCR\Interface\{2557DD3F-23A0-477C-BCD8-90FD0AECC4B8}\TypeLib HKCR\Interface\{2557DD3F-23A0-477C-BCD8-90FD0AECC4B8}\TypeLib#Version HKCR\Interface\{2893116C-A176-42B1-8794-DA8C9FC45564} HKCR\Interface\{2893116C-A176-42B1-8794-DA8C9FC45564}\ProxyStubClsid HKCR\Interface\{2893116C-A176-42B1-8794-DA8C9FC45564}\ProxyStubClsid32 HKCR\Interface\{2893116C-A176-42B1-8794-DA8C9FC45564}\TypeLib HKCR\Interface\{2893116C-A176-42B1-8794-DA8C9FC45564}\TypeLib#Version HKCR\Interface\{30B15818-E110-4527-9C05-46ACE5A3460D} HKCR\Interface\{30B15818-E110-4527-9C05-46ACE5A3460D}\ProxyStubClsid HKCR\Interface\{30B15818-E110-4527-9C05-46ACE5A3460D}\ProxyStubClsid32 HKCR\Interface\{30B15818-E110-4527-9C05-46ACE5A3460D}\TypeLib HKCR\Interface\{30B15818-E110-4527-9C05-46ACE5A3460D}\TypeLib#Version HKCR\Interface\{3CEB04AB-08AF-45F4-81B4-70D13C1F7B85} HKCR\Interface\{3CEB04AB-08AF-45F4-81B4-70D13C1F7B85}\ProxyStubClsid HKCR\Interface\{3CEB04AB-08AF-45F4-81B4-70D13C1F7B85}\ProxyStubClsid32 HKCR\Interface\{3CEB04AB-08AF-45F4-81B4-70D13C1F7B85}\TypeLib HKCR\Interface\{3CEB04AB-08AF-45F4-81B4-70D13C1F7B85}\TypeLib#Version HKCR\Interface\{40CA90F3-4098-4877-AE87-23EB612B18C7} HKCR\Interface\{40CA90F3-4098-4877-AE87-23EB612B18C7}\ProxyStubClsid HKCR\Interface\{40CA90F3-4098-4877-AE87-23EB612B18C7}\ProxyStubClsid32 HKCR\Interface\{40CA90F3-4098-4877-AE87-23EB612B18C7}\TypeLib HKCR\Interface\{40CA90F3-4098-4877-AE87-23EB612B18C7}\TypeLib#Version HKCR\Interface\{4C3B62AF-CA25-4FBA-8405-32E44F83BB6F} HKCR\Interface\{4C3B62AF-CA25-4FBA-8405-32E44F83BB6F}\ProxyStubClsid HKCR\Interface\{4C3B62AF-CA25-4FBA-8405-32E44F83BB6F}\ProxyStubClsid32 HKCR\Interface\{4C3B62AF-CA25-4FBA-8405-32E44F83BB6F}\TypeLib HKCR\Interface\{4C3B62AF-CA25-4FBA-8405-32E44F83BB6F}\TypeLib#Version HKCR\Interface\{50D2FDCC-2707-49CB-8223-7FE0424909AA} HKCR\Interface\{50D2FDCC-2707-49CB-8223-7FE0424909AA}\ProxyStubClsid HKCR\Interface\{50D2FDCC-2707-49CB-8223-7FE0424909AA}\ProxyStubClsid32 HKCR\Interface\{50D2FDCC-2707-49CB-8223-7FE0424909AA}\TypeLib HKCR\Interface\{50D2FDCC-2707-49CB-8223-7FE0424909AA}\TypeLib#Version HKCR\Interface\{5A635A91-C303-45C9-8DB9-F759D98A3B9D} HKCR\Interface\{5A635A91-C303-45C9-8DB9-F759D98A3B9D}\ProxyStubClsid HKCR\Interface\{5A635A91-C303-45C9-8DB9-F759D98A3B9D}\ProxyStubClsid32 HKCR\Interface\{5A635A91-C303-45C9-8DB9-F759D98A3B9D}\TypeLib HKCR\Interface\{5A635A91-C303-45C9-8DB9-F759D98A3B9D}\TypeLib#Version HKCR\Interface\{618AAD04-921F-44C2-BE38-C0818AF69861} HKCR\Interface\{618AAD04-921F-44C2-BE38-C0818AF69861}\ProxyStubClsid HKCR\Interface\{618AAD04-921F-44C2-BE38-C0818AF69861}\ProxyStubClsid32 HKCR\Interface\{618AAD04-921F-44C2-BE38-C0818AF69861}\TypeLib HKCR\Interface\{618AAD04-921F-44C2-BE38-C0818AF69861}\TypeLib#Version HKCR\Interface\{7E335D04-2E6E-4D0E-A921-C3D9192E7121} HKCR\Interface\{7E335D04-2E6E-4D0E-A921-C3D9192E7121}\ProxyStubClsid HKCR\Interface\{7E335D04-2E6E-4D0E-A921-C3D9192E7121}\ProxyStubClsid32 HKCR\Interface\{7E335D04-2E6E-4D0E-A921-C3D9192E7121}\TypeLib HKCR\Interface\{7E335D04-2E6E-4D0E-A921-C3D9192E7121}\TypeLib#Version HKCR\Interface\{878CE013-7BA9-4650-A78C-B2234C0C1648} HKCR\Interface\{878CE013-7BA9-4650-A78C-B2234C0C1648}\ProxyStubClsid HKCR\Interface\{878CE013-7BA9-4650-A78C-B2234C0C1648}\ProxyStubClsid32 HKCR\Interface\{878CE013-7BA9-4650-A78C-B2234C0C1648}\TypeLib HKCR\Interface\{878CE013-7BA9-4650-A78C-B2234C0C1648}\TypeLib#Version HKCR\Interface\{8AD9AD05-36BE-4E40-BA62-5422EB0D02FB} HKCR\Interface\{8AD9AD05-36BE-4E40-BA62-5422EB0D02FB}\ProxyStubClsid HKCR\Interface\{8AD9AD05-36BE-4E40-BA62-5422EB0D02FB}\ProxyStubClsid32 HKCR\Interface\{8AD9AD05-36BE-4E40-BA62-5422EB0D02FB}\TypeLib HKCR\Interface\{8AD9AD05-36BE-4E40-BA62-5422EB0D02FB}\TypeLib#Version HKCR\Interface\{8EE46F55-1CE1-4DB9-811A-68938EC7F3DD} HKCR\Interface\{8EE46F55-1CE1-4DB9-811A-68938EC7F3DD}\ProxyStubClsid HKCR\Interface\{8EE46F55-1CE1-4DB9-811A-68938EC7F3DD}\ProxyStubClsid32 HKCR\Interface\{8EE46F55-1CE1-4DB9-811A-68938EC7F3DD}\TypeLib HKCR\Interface\{8EE46F55-1CE1-4DB9-811A-68938EC7F3DD}\TypeLib#Version HKCR\Interface\{99CCFB8C-6380-4A14-8FDD-EF3E7E95335D} HKCR\Interface\{99CCFB8C-6380-4A14-8FDD-EF3E7E95335D}\ProxyStubClsid HKCR\Interface\{99CCFB8C-6380-4A14-8FDD-EF3E7E95335D}\ProxyStubClsid32 HKCR\Interface\{99CCFB8C-6380-4A14-8FDD-EF3E7E95335D}\TypeLib HKCR\Interface\{99CCFB8C-6380-4A14-8FDD-EF3E7E95335D}\TypeLib#Version HKCR\Interface\{99FDCA0C-7380-4E9C-8D99-5DC4750334EF} HKCR\Interface\{99FDCA0C-7380-4E9C-8D99-5DC4750334EF}\ProxyStubClsid HKCR\Interface\{99FDCA0C-7380-4E9C-8D99-5DC4750334EF}\ProxyStubClsid32 HKCR\Interface\{99FDCA0C-7380-4E9C-8D99-5DC4750334EF}\TypeLib HKCR\Interface\{99FDCA0C-7380-4E9C-8D99-5DC4750334EF}\TypeLib#Version HKCR\Interface\{A7213D71-47E1-4832-92D7-D61DFE9F231F} HKCR\Interface\{A7213D71-47E1-4832-92D7-D61DFE9F231F}\ProxyStubClsid HKCR\Interface\{A7213D71-47E1-4832-92D7-D61DFE9F231F}\ProxyStubClsid32 HKCR\Interface\{A7213D71-47E1-4832-92D7-D61DFE9F231F}\TypeLib HKCR\Interface\{A7213D71-47E1-4832-92D7-D61DFE9F231F}\TypeLib#Version HKCR\Interface\{A87DFD99-CF81-4241-85CE-881E0026B686} HKCR\Interface\{A87DFD99-CF81-4241-85CE-881E0026B686}\ProxyStubClsid HKCR\Interface\{A87DFD99-CF81-4241-85CE-881E0026B686}\ProxyStubClsid32 HKCR\Interface\{A87DFD99-CF81-4241-85CE-881E0026B686}\TypeLib HKCR\Interface\{A87DFD99-CF81-4241-85CE-881E0026B686}\TypeLib#Version HKCR\Interface\{AEBF09E2-0C15-43C8-99BF-928C645D98A0} HKCR\Interface\{AEBF09E2-0C15-43C8-99BF-928C645D98A0}\ProxyStubClsid HKCR\Interface\{AEBF09E2-0C15-43C8-99BF-928C645D98A0}\ProxyStubClsid32 HKCR\Interface\{AEBF09E2-0C15-43C8-99BF-928C645D98A0}\TypeLib HKCR\Interface\{AEBF09E2-0C15-43C8-99BF-928C645D98A0}\TypeLib#Version HKCR\Interface\{AF55160D-CDE1-4A8B-8001-66DA06BEE740} HKCR\Interface\{AF55160D-CDE1-4A8B-8001-66DA06BEE740}\ProxyStubClsid HKCR\Interface\{AF55160D-CDE1-4A8B-8001-66DA06BEE740}\ProxyStubClsid32 HKCR\Interface\{AF55160D-CDE1-4A8B-8001-66DA06BEE740}\TypeLib HKCR\Interface\{AF55160D-CDE1-4A8B-8001-66DA06BEE740}\TypeLib#Version HKCR\Interface\{B1D9F4B1-B9FF-463F-BF15-AB9CB26160F7} HKCR\Interface\{B1D9F4B1-B9FF-463F-BF15-AB9CB26160F7}\ProxyStubClsid HKCR\Interface\{B1D9F4B1-B9FF-463F-BF15-AB9CB26160F7}\ProxyStubClsid32 HKCR\Interface\{B1D9F4B1-B9FF-463F-BF15-AB9CB26160F7}\TypeLib HKCR\Interface\{B1D9F4B1-B9FF-463F-BF15-AB9CB26160F7}\TypeLib#Version HKCR\Interface\{B20D7ADD-989C-4BC0-A797-F6FE7998EFD7} HKCR\Interface\{B20D7ADD-989C-4BC0-A797-F6FE7998EFD7}\ProxyStubClsid HKCR\Interface\{B20D7ADD-989C-4BC0-A797-F6FE7998EFD7}\ProxyStubClsid32 HKCR\Interface\{B20D7ADD-989C-4BC0-A797-F6FE7998EFD7}\TypeLib HKCR\Interface\{B20D7ADD-989C-4BC0-A797-F6FE7998EFD7}\TypeLib#Version HKCR\Interface\{B5D2ED96-62F9-4C2C-956D-E425B1F67337} HKCR\Interface\{B5D2ED96-62F9-4C2C-956D-E425B1F67337}\ProxyStubClsid HKCR\Interface\{B5D2ED96-62F9-4C2C-956D-E425B1F67337}\ProxyStubClsid32 HKCR\Interface\{B5D2ED96-62F9-4C2C-956D-E425B1F67337}\TypeLib HKCR\Interface\{B5D2ED96-62F9-4C2C-956D-E425B1F67337}\TypeLib#Version HKCR\Interface\{BFC20A15-B0AC-44CC-A25A-A7039014BA9F} HKCR\Interface\{BFC20A15-B0AC-44CC-A25A-A7039014BA9F}\ProxyStubClsid HKCR\Interface\{BFC20A15-B0AC-44CC-A25A-A7039014BA9F}\ProxyStubClsid32 HKCR\Interface\{BFC20A15-B0AC-44CC-A25A-A7039014BA9F}\TypeLib HKCR\Interface\{BFC20A15-B0AC-44CC-A25A-A7039014BA9F}\TypeLib#Version HKCR\Interface\{C96B9FAE-A032-4100-BB47-32EF05E28BE4} HKCR\Interface\{C96B9FAE-A032-4100-BB47-32EF05E28BE4}\ProxyStubClsid HKCR\Interface\{C96B9FAE-A032-4100-BB47-32EF05E28BE4}\ProxyStubClsid32 HKCR\Interface\{C96B9FAE-A032-4100-BB47-32EF05E28BE4}\TypeLib HKCR\Interface\{C96B9FAE-A032-4100-BB47-32EF05E28BE4}\TypeLib#Version HKCR\Interface\{CF82F350-E1C4-4916-AC12-BA73DB60AFB7} HKCR\Interface\{CF82F350-E1C4-4916-AC12-BA73DB60AFB7}\ProxyStubClsid HKCR\Interface\{CF82F350-E1C4-4916-AC12-BA73DB60AFB7}\ProxyStubClsid32 HKCR\Interface\{CF82F350-E1C4-4916-AC12-BA73DB60AFB7}\TypeLib HKCR\Interface\{CF82F350-E1C4-4916-AC12-BA73DB60AFB7}\TypeLib#Version HKCR\Interface\{D3A412E8-1E4B-47D2-9B12-F88291F5AFBB} HKCR\Interface\{D3A412E8-1E4B-47D2-9B12-F88291F5AFBB}\ProxyStubClsid HKCR\Interface\{D3A412E8-1E4B-47D2-9B12-F88291F5AFBB}\ProxyStubClsid32 HKCR\Interface\{D3A412E8-1E4B-47D2-9B12-F88291F5AFBB}\TypeLib HKCR\Interface\{D3A412E8-1E4B-47D2-9B12-F88291F5AFBB}\TypeLib#Version HKCR\Interface\{F019AEC4-4C95-46DE-A107-E302473E3B9A} HKCR\Interface\{F019AEC4-4C95-46DE-A107-E302473E3B9A}\ProxyStubClsid HKCR\Interface\{F019AEC4-4C95-46DE-A107-E302473E3B9A}\ProxyStubClsid32 HKCR\Interface\{F019AEC4-4C95-46DE-A107-E302473E3B9A}\TypeLib HKCR\Interface\{F019AEC4-4C95-46DE-A107-E302473E3B9A}\TypeLib#Version HKU\S-1-5-21-602728746-2119309579-3980973252-1000\Software\ShoppingReport HKLM\Software\ShoppingReport HKLM\Software\ShoppingReport#affid HKLM\Software\ShoppingReport#Version HKLM\Software\ShoppingReport#ProductName HKLM\Software\ShoppingReport#requestor HKLM\Software\ShoppingReport#SG_Not_Set HKU\S-1-5-21-602728746-2119309579-3980973252-1000\Software\Microsoft\Windows\CurrentVersion\Run#WeatherDPA [ "C:\Program Files\Zango\bin\10.3.84.0\Weather.exe" -auto ] C:\Program Files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll C:\Program Files\ShoppingReport\Bin\2.5.0 C:\Program Files\ShoppingReport\Bin C:\Program Files\ShoppingReport C:\Users\aneta\AppData\Roaming\WeatherDPA\Weather\WeatherDPA\Weather_XML C:\Users\aneta\AppData\Roaming\WeatherDPA\Weather\WeatherDPA C:\Users\aneta\AppData\Roaming\WeatherDPA\Weather\WeatherStartup.xml C:\Users\aneta\AppData\Roaming\WeatherDPA\Weather C:\Users\aneta\AppData\Roaming\WeatherDPA Adware.180solutions/ZangoSearch C:\Program Files\Zango\bin\10.3.84.0\arrow.ico C:\Program Files\Zango\bin\10.3.84.0\CntntCntr.dll C:\Program Files\Zango\bin\10.3.84.0\copyright.txt C:\Program Files\Zango\bin\10.3.84.0\CoreSrv.dll C:\Program Files\Zango\bin\10.3.84.0\firefox\extensions\chrome.manifest C:\Program Files\Zango\bin\10.3.84.0\firefox\extensions\components\npclntax.xpt C:\Program Files\Zango\bin\10.3.84.0\firefox\extensions\components C:\Program Files\Zango\bin\10.3.84.0\firefox\extensions\install.rdf C:\Program Files\Zango\bin\10.3.84.0\firefox\extensions\plugins\npclntax_ZangoSA.dll C:\Program Files\Zango\bin\10.3.84.0\firefox\extensions\plugins C:\Program Files\Zango\bin\10.3.84.0\firefox\extensions C:\Program Files\Zango\bin\10.3.84.0\firefox C:\Program Files\Zango\bin\10.3.84.0\HostOL.dll C:\Program Files\Zango\bin\10.3.84.0\link.ico C:\Program Files\Zango\bin\10.3.84.0\Srv.exe C:\Program Files\Zango\bin\10.3.84.0\Wallpaper.dll C:\Program Files\Zango\bin\10.3.84.0\ZangoSAAX.dll C:\Program Files\Zango\bin\10.3.84.0\ZangoSADF.exe C:\Program Files\Zango\bin\10.3.84.0\ZangoSAHook.dll C:\Program Files\Zango\bin\10.3.84.0\ZangoUninstaller.exe C:\Program Files\Zango\bin\10.3.84.0 C:\Program Files\Zango\bin C:\Program Files\Zango C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zango\Reset Cursor.lnk C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zango\Weather.lnk C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zango\Zango Customer Support Center.lnk C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zango\Zango Games!.lnk C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zango\Zango Library.lnk C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zango\Zango Screensavers!.lnk C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zango\Zango Uninstall Instructions.lnk C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zango\Zango Videos!.lnk C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zango HKLM\Software\Zango HKLM\Software\Zango\Install HKLM\Software\Zango\Install#Install_Dir HKLM\Software\Zango\Install#Installed_From HKLM\Software\Zango\Install#IE HKLM\Software\Zango\Install#OL HKLM\Software\Zango\Install#OI HKLM\Software\Zango\Install#WP HKLM\Software\Zango\Install#SA HKLM\Software\Zango\Install\CmpMap HKLM\Software\Zango\Install\CmpMap#IE HKLM\Software\Zango\Install\CmpMap#OL HKLM\Software\Zango\Install\CmpMap#OI HKLM\Software\Zango\Install\CmpMap#WP HKLM\Software\Zango\Install\CmpMap#SA HKLM\Software\Zango\Zango HKLM\Software\Zango\Zango\Install HKLM\Software\Zango\Zango\Install#StartInstall HKLM\Software\Zango\Zango\Install#IID HKLM\Software\Zango\Zango\Install#IID_prv HKLM\Software\Zango\Zango\Install#PrevVer HKLM\Software\Zango\Zango\Install#CurrentVer HKLM\Software\Zango\Zango\Install#HbHostOEPath HKLM\Software\Zango\Zango\MachineInfo HKLM\Software\Zango\Zango\MachineInfo#CID HKLM\Software\Zango\Zango\MachineInfo#CID_prv HKLM\Software\Zango\Zango\PI HKLM\Software\Zango\Zango\PI\3.2 HKLM\Software\Zango\Zango\PI\3.2#PID00 Rogue.AdwareAlert HKCR\CLSID\{755C6BC2-A679-4025-84D3-4AE283A87B14} HKCR\CLSID\{755C6BC2-A679-4025-84D3-4AE283A87B14}#InfoTip HKCR\CLSID\{755C6BC2-A679-4025-84D3-4AE283A87B14}#{305ca226-d286-468e-b848-2b2e8e697b74} 2 HKCR\CLSID\{755C6BC2-A679-4025-84D3-4AE283A87B14}#SearchHelper HKCR\CLSID\{755C6BC2-A679-4025-84D3-4AE283A87B14}#System.ApplicationName HKCR\CLSID\{755C6BC2-A679-4025-84D3-4AE283A87B14}#System.ControlPanel.Category HKCR\CLSID\{755C6BC2-A679-4025-84D3-4AE283A87B14}#System.Software.TasksFileUrl HKCR\CLSID\{755C6BC2-A679-4025-84D3-4AE283A87B14}\DefaultIcon HKCR\CLSID\{755C6BC2-A679-4025-84D3-4AE283A87B14}\Shell HKCR\CLSID\{755C6BC2-A679-4025-84D3-4AE283A87B14}\Shell\Open HKCR\CLSID\{755C6BC2-A679-4025-84D3-4AE283A87B14}\Shell\Open\Command HKCR\CLSID\{755C6BC2-A679-4025-84D3-4AE283A87B14}\ShellFolder HKCR\CLSID\{755C6BC2-A679-4025-84D3-4AE283A87B14}\ShellFolder#Attributes HKCR\CLSID\{755C6BC2-A679-4025-84D3-4AE283A87B14}\ShellFolder#WantsFORPARSING HKU\S-1-5-21-602728746-2119309579-3980973252-1000\Software\AdwareAlert C:\Program Files\AdwareAlert\AdwareAlert.url C:\Program Files\AdwareAlert\DataBase.ref C:\Program Files\AdwareAlert\vistaCPtasks.xml C:\Program Files\AdwareAlert\zlib.dll C:\Program Files\AdwareAlert C:\Users\aneta\AppData\Roaming\AdwareAlert\DataBaseNew.ref C:\Users\aneta\AppData\Roaming\AdwareAlert\Log\2008 Sep 13 - 11_24_16 AM_211.log C:\Users\aneta\AppData\Roaming\AdwareAlert\Log\2008 Sep 13 - 11_27_31 AM_507.log C:\Users\aneta\AppData\Roaming\AdwareAlert\Log\2008 Sep 14 - 10_37_44 AM_065.log C:\Users\aneta\AppData\Roaming\AdwareAlert\Log\2008 Sep 14 - 10_50_13 AM_486.log C:\Users\aneta\AppData\Roaming\AdwareAlert\Log\2008 Sep 15 - 10_19_08 AM_331.log C:\Users\aneta\AppData\Roaming\AdwareAlert\Log C:\Users\aneta\AppData\Roaming\AdwareAlert\Settings C:\Users\aneta\AppData\Roaming\AdwareAlert Malwarebytes: Klikk for å se/fjerne innholdet nedenfor Malwarebytes' Anti-Malware 1.38 Databaseversjon: 2356 Windows 6.0.6001 Service Pack 1 01.07.2009 01:08:43 mbam-log-2009-07-01 (01-08-43).txt Skanntype: Rask Skann Objekter skannet: 77265 Tid tilbakelagt: 7 minute(s), 18 second(s) Minneprosesser infisert: 0 Minnemoduler infisert: 0 Registernøkler infisert: 11 Registerverdier infisert: 2 Registerfiler infisert: 1 Mapper infisert: 2 Filer infisert: 5 Minneprosesser infisert: (Ingen mistenkelige filer funnet) Minnemoduler infisert: (Ingen mistenkelige filer funnet) Registernøkler infisert: HKEY_CLASSES_ROOT\CLSID\{755c6bc2-a679-4025-84d3-4ae283a87b14} (Rogue.AdwareAlert) -> Delete on reboot. HKEY_CLASSES_ROOT\Installer\UpgradeCodes\7c673a5b871b8cd419f47dd0de5a6d18 (Rogue.AdwareAlert) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\7c673a5b871b8cd419f47dd0de5a6d18 (Rogue.AdwareAlert) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ControlPanel\NameSpace\{755c6bc2-a679-4025-84d3-4ae283a87b14} (Rogue.AdwareAlert) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{eddbb5ee-bb64-4bfc-9dbe-e7c85941335b} (Adware.Zango) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5b4016981c40d5f4b9925ed64ad7b526 (Rogue.AdwareAlert) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\70b07021d02a5e347a162b223ea41cd5 (Rogue.AdwareAlert) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\a491438a809f60f458df33e67c80a5d2 (Rogue.AdwareAlert) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\bf91bd5c23255be4c8550acdf0f2ee89 (Rogue.AdwareAlert) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\cb6591e4426ef2b49aee7437e1144918 (Rogue.AdwareAlert) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Trymedia Systems (Adware.Trymedia) -> Quarantined and deleted successfully. Registerverdier infisert: HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\Extensions\[email protected] (Adware.Zango) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform\zango 10.3.84.0 (Adware.Zango) -> Quarantined and deleted successfully. Registerfiler infisert: HKEY_CLASSES_ROOT\regfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: ("regedit.exe" "%1") Good: (regedit.exe "%1") -> Quarantined and deleted successfully. Mapper infisert: C:\ProgramData\ZangoSA (Adware.Zango) -> Quarantined and deleted successfully. C:\ProgramData\2ACA5CC3-0F83-453D-A079-1076FE1A8B65 (Adware.Seekmo) -> Quarantined and deleted successfully. Filer infisert: c:\programdata\ZangoSA\ZangoSA.dat (Adware.Zango) -> Quarantined and deleted successfully. c:\programdata\ZangoSA\ZangoSAAbout.mht (Adware.Zango) -> Quarantined and deleted successfully. c:\programdata\ZangoSA\ZangoSAau.dat (Adware.Zango) -> Quarantined and deleted successfully. c:\programdata\ZangoSA\ZangoSAEULA.mht (Adware.Zango) -> Quarantined and deleted successfully. c:\programdata\ZangoSA\ZangoSA_kyf.dat (Adware.Zango) -> Quarantined and deleted successfully. Combofix: Klikk for å se/fjerne innholdet nedenfor ComboFix 09-06-29.07 - aneta 01.07.2009 2:24.1 - NTFSx86 Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.47.1044.18.2037.943 [GMT 2:00] Kjører fra: c:\users\aneta\Desktop\ComboFix.exe AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF} SP: AVG Anti-Virus Free *enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF} SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7} SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46} . ((((((((((((((((((((((((((((((((((((((( Andre slettinger ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\drv\Tuner\Yuan\Resources\_desktop.ini c:\users\aneta\AppData\Roaming2000000a1dddc23625C.manifest c:\users\aneta\AppData\Roaming2000000a1dddc23625O.manifest c:\users\aneta\AppData\Roaming2000000a1dddc23625P.manifest c:\users\aneta\AppData\Roaming2000000a1dddc23625S.manifest c:\windows\system32\gwN7nbA9cTyPjkj.vbs c:\windows\system32\h78GK.vbs c:\windows\system32\kWwm65AIeKCpS.vbs c:\windows\system32\pd52WEX.vbs c:\windows\system32\QWcJp.vbs c:\windows\system32\WL4HPqmEwmaZb7q.vbs . ((((((((((((((((((((((((((( Filer Opprettet Fra 2009-06-01 til 2009-07-01 ))))))))))))))))))))))))))))))))) . 2009-07-01 00:30 . 2009-07-01 00:30 -------- d-----w- c:\users\aneta\AppData\Local\temp 2009-06-30 21:08 . 2009-06-30 21:08 -------- d-----w- c:\users\aneta\AppData\Roaming\Malwarebytes 2009-06-30 21:08 . 2009-06-17 09:27 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-06-30 21:08 . 2009-06-30 21:08 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-06-30 21:08 . 2009-06-30 21:08 -------- d-----w- c:\programdata\Malwarebytes 2009-06-30 21:08 . 2009-06-17 09:27 19096 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-06-30 21:07 . 2009-06-30 21:07 -------- d-----w- c:\program files\CCleaner 2009-06-30 20:59 . 2009-06-30 22:53 117760 ----a-w- c:\users\aneta\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL 2009-06-30 20:58 . 2009-06-30 20:58 -------- d-----w- c:\programdata\SUPERAntiSpyware.com 2009-06-30 20:57 . 2009-06-30 20:57 -------- d-----w- c:\program files\SUPERAntiSpyware 2009-06-30 20:57 . 2009-06-30 20:57 -------- d-----w- c:\users\aneta\AppData\Roaming\SUPERAntiSpyware.com 2009-06-30 20:57 . 2009-06-30 20:57 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard 2009-06-30 07:46 . 2009-06-30 07:46 -------- d-----w- c:\users\aneta\AppData\Local\AVG Security Toolbar 2009-06-29 20:55 . 2009-06-29 20:55 -------- d-----w- c:\programdata\AVG Security Toolbar 2009-06-26 18:42 . 2009-06-26 18:42 -------- d-----w- c:\programdata\6285 2009-06-26 18:40 . 2009-06-27 20:11 -------- d-----w- c:\program files\BearShare Applications 2009-06-14 17:52 . 2009-04-30 12:37 428544 ----a-w- c:\windows\system32\EncDec.dll 2009-06-14 17:52 . 2009-04-30 12:37 293376 ----a-w- c:\windows\system32\psisdecd.dll 2009-06-11 18:40 . 2009-04-21 11:55 2033152 ----a-w- c:\windows\system32\win32k.sys 2009-06-11 18:39 . 2009-04-23 12:42 636928 ----a-w- c:\windows\system32\localspl.dll 2009-06-11 18:39 . 2009-04-23 12:43 784896 ----a-w- c:\windows\system32\rpcrt4.dll 2009-06-03 17:59 . 2009-06-03 17:59 -------- d-----w- c:\program files\Common Files\PocketSoft 2009-06-03 17:59 . 2002-02-27 15:50 197120 ----a-w- c:\windows\patchw32.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-07-01 00:16 . 2008-09-20 11:12 -------- d-----w- c:\users\aneta\AppData\Roaming\Skype 2009-06-30 23:21 . 2006-11-21 05:16 76478 ----a-w- c:\windows\system32\perfc014.dat 2009-06-30 23:21 . 2006-11-21 05:16 452334 ----a-w- c:\windows\system32\perfh014.dat 2009-06-30 22:46 . 2007-08-09 23:08 -------- d-----w- c:\program files\Common Files\Symantec Shared 2009-06-30 22:45 . 2007-08-09 23:08 -------- d-----w- c:\programdata\Symantec 2009-06-30 22:38 . 2008-10-25 16:48 -------- d-----w- c:\users\aneta\AppData\Roaming\skypePM 2009-06-30 22:36 . 2008-09-15 08:42 -------- d-----w- c:\programdata\avg8 2009-06-29 20:55 . 2008-09-15 08:42 11952 ----a-w- c:\windows\system32\avgrsstx.dll 2009-06-29 20:55 . 2008-09-15 08:42 327688 ----a-w- c:\windows\system32\drivers\avgldx86.sys 2009-06-29 20:55 . 2008-09-15 08:42 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys 2009-06-28 20:30 . 2008-09-27 08:21 -------- d-----w- c:\users\aneta\AppData\Roaming\LimeWire 2009-06-12 11:13 . 2007-08-09 22:55 -------- d-----w- c:\programdata\Microsoft Help 2009-06-12 11:12 . 2007-08-09 22:57 -------- d-----w- c:\program files\Microsoft Works 2009-06-03 18:01 . 2009-05-29 21:39 -------- d-----w- c:\users\aneta\AppData\Roaming\Atari 2009-06-03 17:55 . 2007-08-09 21:34 -------- d--h--w- c:\program files\InstallShield Installation Information 2009-06-03 17:55 . 2009-05-20 18:27 -------- d-----w- c:\program files\Atari 2009-05-29 21:16 . 2009-05-29 21:16 -------- d-----w- c:\program files\ToggleEN 2009-05-29 21:16 . 2009-05-29 21:16 -------- d-----w- c:\program files\Conduit 2009-05-28 19:40 . 2009-05-28 19:40 -------- d-----w- c:\users\aneta\AppData\Roaming\ScanSoft 2009-05-24 18:35 . 2009-05-24 18:35 -------- d-----w- c:\users\aneta\AppData\Roaming\DivX 2009-05-23 22:21 . 2009-03-10 09:02 -------- d-----w- c:\program files\Google 2009-05-23 22:19 . 2009-05-23 22:18 -------- d-----w- c:\program files\DivX 2009-05-23 22:19 . 2009-05-23 22:19 -------- d-----w- c:\program files\Common Files\PX Storage Engine 2009-05-23 22:18 . 2009-05-23 22:18 -------- d-----w- c:\program files\Common Files\DivX Shared 2009-05-22 06:16 . 2009-01-29 15:21 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys 2009-05-19 17:09 . 2009-05-10 21:00 -------- d-----w- c:\program files\eGames 2009-05-18 16:44 . 2009-02-21 21:25 -------- d-----w- c:\programdata\NOS 2009-05-18 16:44 . 2009-02-21 21:25 -------- d-----w- c:\program files\NOS 2009-05-14 01:01 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail 2009-04-24 16:05 . 2009-06-11 18:38 827904 ----a-w- c:\windows\system32\wininet.dll 2009-04-24 16:02 . 2009-06-11 18:38 78336 ----a-w- c:\windows\system32\ieencode.dll 2009-04-24 13:44 . 2009-06-11 18:38 26624 ----a-w- c:\windows\system32\ieUnatt.exe 2009-04-15 20:24 . 2009-04-15 20:24 90112 ----a-w- c:\windows\system32\dpl100.dll 2009-04-15 20:24 . 2009-04-15 20:24 823296 ----a-w- c:\windows\system32\divx_xx0c.dll 2009-04-15 20:24 . 2009-04-15 20:24 823296 ----a-w- c:\windows\system32\divx_xx07.dll 2009-04-15 20:24 . 2009-04-15 20:24 815104 ----a-w- c:\windows\system32\divx_xx0a.dll 2009-04-15 20:24 . 2009-04-15 20:24 802816 ----a-w- c:\windows\system32\divx_xx11.dll 2009-04-15 20:24 . 2009-04-15 20:24 684032 ----a-w- c:\windows\system32\DivX.dll 2009-04-15 20:24 . 2009-04-15 20:24 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll 2009-04-15 20:24 . 2009-04-15 20:24 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll . (((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret ))))))))))))))))))))))))))))))))))))))))))))) . . *Merk* tomme oppføringer & gyldige standardoppføringer vises ikke REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{038cb5c7-48ea-4af9-94e0-a1646542e62b}] 2009-02-16 13:44 1882136 ----a-w- c:\program files\ToggleEN\tbTogg.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}] 2009-06-14 14:07 1004800 ----a-w- c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-07-24 490952] "Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-09-23 21755688] "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952] "WindowsWelcomeCenter"="oobefldr.dll" - c:\windows\System32\oobefldr.dll [2008-01-19 2153472] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "eAudio"="c:\acer\Empowering Technology\eAudio\eAudio.exe" [2007-06-11 1286144] "eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2007-04-25 457216] "PLFSetL"="c:\windows\PLFSetL.exe" [2007-07-05 94208] "LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2007-06-27 752136] "PlayMovie"="c:\program files\Acer Arcade Deluxe\Play Movie\PMVService.exe" [2007-05-24 206952] "IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-03-21 174872] "WarReg_PopUp"="c:\acer\WR_PopUp\WarReg_PopUp.exe" [2006-11-05 57344] "Apoint"="c:\program files\Apoint2K\Apoint.exe" [2007-06-06 159744] "Acer Tour Reminder"="c:\acer\AcerTour\Reminder.exe" [2007-05-22 151552] "AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-06-29 1948440] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-05-25 142104] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-05-25 154392] "Persistence"="c:\windows\system32\igfxpers.exe" [2007-05-25 138008] "SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472] "PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2007-01-29 30248] "IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2007-01-29 46632] "PPort11reminder"="c:\program files\ScanSoft\PaperPort\Ereg\Ereg.exe" [2007-02-01 255528] "BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2007-03-12 663552] "ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2007-01-26 65536] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-03-12 342312] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696] "RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2007-07-06 4669440] "Skytel"="Skytel.exe" - c:\windows\SkyTel.exe [2007-06-15 1826816] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "Acer Tour Reminder"="c:\acer\AcerTour\Reminder.exe" [2007-05-22 151552] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2008-12-22 10:05 356352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=c:\windows\System32\avgrsstx.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "aux"=wdmaud.drv [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] @="Service" [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules] "{729B66D6-00F1-416B-A5E9-9A8255A47FBB}"= c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\Acer Arcade Deluxe.exe:Acer Arcade Deluxe "{C01F176F-41CC-4DF0-9FC0-E40B94DF7765}"= c:\program files\Acer Arcade Deluxe\VideoMagician\VideoMagician.exe:VideoMagician "{E47AD20F-63D3-4F9A-A7F7-4BAE53E638CB}"= c:\program files\Acer Arcade Deluxe\HomeMedia\HomeMedia.exe:HomeMedia "{AAE65792-0A60-4482-A603-4647BA443C9E}"= c:\program files\Acer Arcade Deluxe\DV Wizard\DV Wizard.exe:DV Wizard "{C28D3D9E-3619-474C-9BB7-65473D255C5C}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "{F97C3EAC-DB0F-40C2-BCD5-E319311C9D13}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "{8032A363-60EF-42AA-BC44-B310C05C4A1E}"= c:\program files\Acer Arcade Deluxe\DVDivine\DVDivine.exe:DVDivine "{EE320D79-DA05-45C9-B024-BFBB6A96E47D}"= c:\program files\Acer Arcade Deluxe\Play Movie\PlayMovie.exe:Play Movie "{632D4E1E-5833-4EF1-948F-C797CDECC529}"= c:\program files\Acer Arcade Deluxe\Play Movie\PMVService.exe:Play Movie Resident Program "{428F2AAB-BDC1-4E4E-8DF8-2B272433B669}"= c:\program files\AVG\AVG8\avgemc.exe:avgemc.exe "{14F1AA22-407D-411E-A9DF-55A0D1AD369E}"= c:\program files\AVG\AVG8\avgupd.exe:avgupd.exe "TCP Query User{4027F8A6-6663-4997-88A4-8CC135545BBF}c:\\program files\\utorrent\\utorrent.exe"= UDP:c:\program files\utorrent\utorrent.exe:µTorrent "UDP Query User{9047E999-5FAE-4C38-8A9C-07185BC21C1D}c:\\program files\\utorrent\\utorrent.exe"= TCP:c:\program files\utorrent\utorrent.exe:µTorrent "{FFE14F7F-C718-455D-8DD5-3C0C4AC2FD13}"= UDP:c:\program files\Sports Interactive\Football Manager 2008\fm.exe:Football Manager 2008 "{652D87E3-D78E-493B-9A9E-36116E587FBF}"= TCP:c:\program files\Sports Interactive\Football Manager 2008\fm.exe:Football Manager 2008 "TCP Query User{F309626F-93AB-47A4-8E9B-DDA59D6A2377}c:\\program files\\limewire\\limewire.exe"= UDP:c:\program files\limewire\limewire.exe:LimeWire "UDP Query User{8DAADB10-9DF7-4785-AADE-DF63D30839E7}c:\\program files\\limewire\\limewire.exe"= TCP:c:\program files\limewire\limewire.exe:LimeWire "{87A0CAD6-5112-43DB-B5BA-807637E749B6}"= c:\program files\Skype\Phone\Skype.exe:Skype "TCP Query User{C76C1CCD-3219-4D23-A02C-8BE731BB5E15}c:\\program files\\bearshare applications\\bearshare\\bearshare.exe"= UDP:c:\program files\bearshare applications\bearshare\bearshare.exe:BearShare "UDP Query User{88FB953A-9BE9-460C-9B13-A129DBE270B9}c:\\program files\\bearshare applications\\bearshare\\bearshare.exe"= TCP:c:\program files\bearshare applications\bearshare\bearshare.exe:BearShare R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\drivers\avgldx86.sys [15.09.2008 10:42 327688] R2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};c:\program files\Acer Arcade Deluxe\Play Movie00.fcl [12.09.2008 16:41 13560] R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [15.09.2008 10:42 906520] R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [15.09.2008 10:42 298776] R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\System32\drivers\b57nd60x.sys [10.08.2007 07:44 179712] R3 enecir;ENE CIR Receiver;c:\windows\System32\drivers\enecir.sys [10.08.2007 07:44 32256] S2 AdwareAlertSrv;AdwareAlert Scanning Engine;"c:\program files\AdwareAlert\AdwareAlert.srv.exe" --> c:\program files\AdwareAlert\AdwareAlert.srv.exe [?] --- Andre tjenester/drivere lastet i minnet --- *NewlyCreated* - COMHOST . Innholdet i mappen 'Scheduled Tasks' (planlagte oppgaver) 2009-06-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-05-23 22:18] 2009-07-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-05-23 22:18] . - - - - TOMME PEKERE FJERNET - - - - HKCU-Run-Acer Tour Reminder - (no file) HKLM-Run-Acer Tour - (no file) HKLM-Run-eRecoveryService - (no file) . ------- Tilleggsskanning ------- . uStart Page = hxxp://search.bearshare.com/ uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7 mStart Page = hxxp://no.intl.acer.yahoo.com uInternet Settings,ProxyOverride = *.local uSearchURL,(Default) = hxxp://uk.rd.yahoo.com/customize/ycomp/defaults/su/*http://uk.yahoo.com IE: E&ksporter til Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 FF - ProfilePath - c:\users\aneta\AppData\Roaming\Mozilla\Firefox\Profiles\lt16v7mx.default\ FF - prefs.js: browser.search.selectedEngine - Yahoo! Search FF - prefs.js: browser.startup.homepage - hxxp://www.vg.no/ FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\xpavgtbapi.dll FF - component: c:\program files\DAEMON Tools Toolbar\FirefoxDTT\components\DTToolbarFF.dll FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll FF - component: c:\users\aneta\AppData\Roaming\Mozilla\Firefox\Profiles\lt16v7mx.default\extensions\{038cb5c7-48ea-4af9-94e0-a1646542e62b}\components\FFAlert.dll FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} ---- FIREFOX POLICIES ---- c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".no"); . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-07-01 02:30 Windows 6.0.6001 Service Pack 1 NTFS skanner skjulte prosesser ... skanner skjulte autostart-oppføringer ... skanner skjulte filer ... skanning vellykket skjulte filer: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\{49DE1C67-83F8-4102-99E0-C16DCC7EEC796}] "ImagePath"="\??\c:\program files\Acer Arcade Deluxe\Play Movie00.fcl" . --------------------- LÅSTE REGISTERNØKLER --------------------- [HKEY_USERS\S-1-5-21-602728746-2119309579-3980973252-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*] "??"=hex:aa,7a,1d,1c,be,73,ca,2c,16,f4,bc,6f,fb,57,7c,21,c7,4f,b8,a1,26,83,5b, ba,40,d3,dc,29,28,8f,4b,33,5d,69,01,8d,5c,20,6f,a7,72,44,cb,fd,4a,76,24,a5,\ "??"=hex:e4,ed,d9,ac,60,ef,ad,e4,dc,51,4a,07,c6,d3,3f,f5 [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{755C6BC2-A679-4025-84D3-4AE283A87B14}\DefaultIcon] @DACL=(02 0000) @="\"c:\\Program Files\\AdwareAlert\\AdwareAlert.exe\", 0" [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{755C6BC2-A679-4025-84D3-4AE283A87B14}\Shell] @DACL=(02 0000) [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{755C6BC2-A679-4025-84D3-4AE283A87B14}\ShellFolder] @DACL=(02 0000) "Attributes"=dword:00000004 "WantsFORPARSING"="" [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . Tidspunkt ferdig: 2009-07-01 2:33 ComboFix-quarantined-files.txt 2009-07-01 00:33 Pre-Run: 59 113 820 160 byte ledig Post-Run: 58 817 871 872 byte ledig 259 --- E O F --- 2009-06-29 14:11 Etter at jeg kjørte SuperAntiSpyware og fjernet det jeg fant gikk maskinen bare i loop under oppstart. Fikk opp oppstartsbildet til Vista, men så gikk det rundt igjen. Fikk heller ikke startet opp i sikkerhetsmodus, men måtte velge 'starte windows med sist fungerende konfigurasjon'. Noen tips? Mvh ed9 Lenke til kommentar
norbat Skrevet 1. juli 2009 Del Skrevet 1. juli 2009 Åpne notisblokk og kopier inn det som står i fet skrift under, lagre fila på skrivebordet som CFScript.txt. Dra deretter fila over Combofix-iconet. Combofix vil starte igjen. Post loggen. Driver:: AdwareAlertSrv Lenke til kommentar
ed9 Skrevet 1. juli 2009 Forfatter Del Skrevet 1. juli 2009 (endret) Hei! Her er ny Combofix-logg: Klikk for å se/fjerne innholdet nedenfor ComboFix 09-06-29.07 - aneta 01.07.2009 11:14.2 - NTFSx86 Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.47.1044.18.2037.1014 [GMT 2:00] Kjører fra: c:\users\aneta\Desktop\ComboFix.exe Command switches brukt :: c:\users\aneta\Desktop\CFScript.txt AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF} SP: AVG Anti-Virus Free *enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF} SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7} SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46} . ((((((((((((((((((((((((((((((((((((((( Andre slettinger ))))))))))))))))))))))))))))))))))))))))))))))))) . . ((((((((((((((((((((((((((((((((((((((( Drivere/Tjenester ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Service_AdwareAlertSrv ((((((((((((((((((((((((((( Filer Opprettet Fra 2009-06-01 til 2009-07-01 ))))))))))))))))))))))))))))))))) . 2009-07-01 09:19 . 2009-07-01 09:22 -------- d-----w- c:\users\aneta\AppData\Local\temp 2009-06-30 21:08 . 2009-06-30 21:08 -------- d-----w- c:\users\aneta\AppData\Roaming\Malwarebytes 2009-06-30 21:08 . 2009-06-17 09:27 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-06-30 21:08 . 2009-06-30 21:08 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-06-30 21:08 . 2009-06-30 21:08 -------- d-----w- c:\programdata\Malwarebytes 2009-06-30 21:08 . 2009-06-17 09:27 19096 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-06-30 21:07 . 2009-06-30 21:07 -------- d-----w- c:\program files\CCleaner 2009-06-30 20:59 . 2009-07-01 08:09 117760 ----a-w- c:\users\aneta\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL 2009-06-30 20:58 . 2009-06-30 20:58 -------- d-----w- c:\programdata\SUPERAntiSpyware.com 2009-06-30 20:57 . 2009-06-30 20:57 -------- d-----w- c:\program files\SUPERAntiSpyware 2009-06-30 20:57 . 2009-06-30 20:57 -------- d-----w- c:\users\aneta\AppData\Roaming\SUPERAntiSpyware.com 2009-06-30 20:57 . 2009-06-30 20:57 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard 2009-06-30 07:46 . 2009-06-30 07:46 -------- d-----w- c:\users\aneta\AppData\Local\AVG Security Toolbar 2009-06-29 20:55 . 2009-06-29 20:55 -------- d-----w- c:\programdata\AVG Security Toolbar 2009-06-26 18:42 . 2009-06-26 18:42 -------- d-----w- c:\programdata\6285 2009-06-26 18:40 . 2009-06-27 20:11 -------- d-----w- c:\program files\BearShare Applications 2009-06-14 17:52 . 2009-04-30 12:37 428544 ----a-w- c:\windows\system32\EncDec.dll 2009-06-14 17:52 . 2009-04-30 12:37 293376 ----a-w- c:\windows\system32\psisdecd.dll 2009-06-11 18:40 . 2009-04-21 11:55 2033152 ----a-w- c:\windows\system32\win32k.sys 2009-06-11 18:39 . 2009-04-23 12:42 636928 ----a-w- c:\windows\system32\localspl.dll 2009-06-11 18:39 . 2009-04-23 12:43 784896 ----a-w- c:\windows\system32\rpcrt4.dll 2009-06-03 17:59 . 2009-06-03 17:59 -------- d-----w- c:\program files\Common Files\PocketSoft 2009-06-03 17:59 . 2002-02-27 15:50 197120 ----a-w- c:\windows\patchw32.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-07-01 09:12 . 2006-11-21 05:16 76478 ----a-w- c:\windows\system32\perfc014.dat 2009-07-01 09:12 . 2006-11-21 05:16 452334 ----a-w- c:\windows\system32\perfh014.dat 2009-07-01 08:00 . 2008-09-20 11:12 -------- d-----w- c:\users\aneta\AppData\Roaming\Skype 2009-07-01 06:00 . 2008-10-25 16:48 -------- d-----w- c:\users\aneta\AppData\Roaming\skypePM 2009-06-30 22:46 . 2007-08-09 23:08 -------- d-----w- c:\program files\Common Files\Symantec Shared 2009-06-30 22:45 . 2007-08-09 23:08 -------- d-----w- c:\programdata\Symantec 2009-06-30 22:36 . 2008-09-15 08:42 -------- d-----w- c:\programdata\avg8 2009-06-29 20:55 . 2008-09-15 08:42 11952 ----a-w- c:\windows\system32\avgrsstx.dll 2009-06-29 20:55 . 2008-09-15 08:42 327688 ----a-w- c:\windows\system32\drivers\avgldx86.sys 2009-06-29 20:55 . 2008-09-15 08:42 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys 2009-06-28 20:30 . 2008-09-27 08:21 -------- d-----w- c:\users\aneta\AppData\Roaming\LimeWire 2009-06-12 11:13 . 2007-08-09 22:55 -------- d-----w- c:\programdata\Microsoft Help 2009-06-12 11:12 . 2007-08-09 22:57 -------- d-----w- c:\program files\Microsoft Works 2009-06-03 18:01 . 2009-05-29 21:39 -------- d-----w- c:\users\aneta\AppData\Roaming\Atari 2009-06-03 17:55 . 2007-08-09 21:34 -------- d--h--w- c:\program files\InstallShield Installation Information 2009-06-03 17:55 . 2009-05-20 18:27 -------- d-----w- c:\program files\Atari 2009-05-29 21:16 . 2009-05-29 21:16 -------- d-----w- c:\program files\ToggleEN 2009-05-29 21:16 . 2009-05-29 21:16 -------- d-----w- c:\program files\Conduit 2009-05-28 19:40 . 2009-05-28 19:40 -------- d-----w- c:\users\aneta\AppData\Roaming\ScanSoft 2009-05-24 18:35 . 2009-05-24 18:35 -------- d-----w- c:\users\aneta\AppData\Roaming\DivX 2009-05-23 22:21 . 2009-03-10 09:02 -------- d-----w- c:\program files\Google 2009-05-23 22:19 . 2009-05-23 22:18 -------- d-----w- c:\program files\DivX 2009-05-23 22:19 . 2009-05-23 22:19 -------- d-----w- c:\program files\Common Files\PX Storage Engine 2009-05-23 22:18 . 2009-05-23 22:18 -------- d-----w- c:\program files\Common Files\DivX Shared 2009-05-22 06:16 . 2009-01-29 15:21 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys 2009-05-19 17:09 . 2009-05-10 21:00 -------- d-----w- c:\program files\eGames 2009-05-18 16:44 . 2009-02-21 21:25 -------- d-----w- c:\programdata\NOS 2009-05-18 16:44 . 2009-02-21 21:25 -------- d-----w- c:\program files\NOS 2009-05-14 01:01 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail 2009-04-24 16:05 . 2009-06-11 18:38 827904 ----a-w- c:\windows\system32\wininet.dll 2009-04-24 16:02 . 2009-06-11 18:38 78336 ----a-w- c:\windows\system32\ieencode.dll 2009-04-24 13:44 . 2009-06-11 18:38 26624 ----a-w- c:\windows\system32\ieUnatt.exe 2009-04-15 20:24 . 2009-04-15 20:24 90112 ----a-w- c:\windows\system32\dpl100.dll 2009-04-15 20:24 . 2009-04-15 20:24 823296 ----a-w- c:\windows\system32\divx_xx0c.dll 2009-04-15 20:24 . 2009-04-15 20:24 823296 ----a-w- c:\windows\system32\divx_xx07.dll 2009-04-15 20:24 . 2009-04-15 20:24 815104 ----a-w- c:\windows\system32\divx_xx0a.dll 2009-04-15 20:24 . 2009-04-15 20:24 802816 ----a-w- c:\windows\system32\divx_xx11.dll 2009-04-15 20:24 . 2009-04-15 20:24 684032 ----a-w- c:\windows\system32\DivX.dll 2009-04-15 20:24 . 2009-04-15 20:24 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll 2009-04-15 20:24 . 2009-04-15 20:24 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll . ((((((((((((((((((((((((((((( SnapShot@2009-07-01_00.30.51 ))))))))))))))))))))))))))))))))))))))))) . + 2006-11-02 13:05 . 2009-07-01 09:02 86472 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin - 2008-09-12 14:33 . 2009-07-01 00:20 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2008-09-12 14:33 . 2009-07-01 09:21 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2008-09-12 14:33 . 2009-07-01 00:20 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2008-09-12 14:33 . 2009-07-01 09:21 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2008-09-12 14:33 . 2009-07-01 00:20 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2008-09-12 14:33 . 2009-07-01 09:21 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2008-09-12 14:55 . 2009-07-01 09:02 7544 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-602728746-2119309579-3980973252-1000_UserData.bin + 2008-09-16 13:10 . 2009-07-01 08:00 486862 c:\windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin + 2006-11-02 10:33 . 2009-07-01 09:12 587178 c:\windows\System32\perfh009.dat - 2006-11-02 10:33 . 2009-06-30 23:21 587178 c:\windows\System32\perfh009.dat + 2006-11-02 10:33 . 2009-07-01 09:12 101250 c:\windows\System32\perfc009.dat - 2006-11-02 10:33 . 2009-06-30 23:21 101250 c:\windows\System32\perfc009.dat . (((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret ))))))))))))))))))))))))))))))))))))))))))))) . . *Merk* tomme oppføringer & gyldige standardoppføringer vises ikke REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{038cb5c7-48ea-4af9-94e0-a1646542e62b}] 2009-02-16 13:44 1882136 ----a-w- c:\program files\ToggleEN\tbTogg.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}] 2009-06-14 14:07 1004800 ----a-w- c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-07-24 490952] "Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-09-23 21755688] "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952] "WindowsWelcomeCenter"="oobefldr.dll" - c:\windows\System32\oobefldr.dll [2008-01-19 2153472] "Acer Tour Reminder"="" [bU] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "eAudio"="c:\acer\Empowering Technology\eAudio\eAudio.exe" [2007-06-11 1286144] "eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2007-04-25 457216] "PLFSetL"="c:\windows\PLFSetL.exe" [2007-07-05 94208] "LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2007-06-27 752136] "PlayMovie"="c:\program files\Acer Arcade Deluxe\Play Movie\PMVService.exe" [2007-05-24 206952] "IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-03-21 174872] "WarReg_PopUp"="c:\acer\WR_PopUp\WarReg_PopUp.exe" [2006-11-05 57344] "Apoint"="c:\program files\Apoint2K\Apoint.exe" [2007-06-06 159744] "Acer Tour Reminder"="c:\acer\AcerTour\Reminder.exe" [2007-05-22 151552] "AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-06-29 1948440] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-05-25 142104] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-05-25 154392] "Persistence"="c:\windows\system32\igfxpers.exe" [2007-05-25 138008] "SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472] "PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2007-01-29 30248] "IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2007-01-29 46632] "PPort11reminder"="c:\program files\ScanSoft\PaperPort\Ereg\Ereg.exe" [2007-02-01 255528] "BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2007-03-12 663552] "ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2007-01-26 65536] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-03-12 342312] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696] "RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2007-07-06 4669440] "Skytel"="Skytel.exe" - c:\windows\SkyTel.exe [2007-06-15 1826816] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "Acer Tour Reminder"="c:\acer\AcerTour\Reminder.exe" [2007-05-22 151552] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2008-12-22 10:05 356352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=c:\windows\System32\avgrsstx.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "aux"=wdmaud.drv [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] @="Service" [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules] "{729B66D6-00F1-416B-A5E9-9A8255A47FBB}"= c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\Acer Arcade Deluxe.exe:Acer Arcade Deluxe "{C01F176F-41CC-4DF0-9FC0-E40B94DF7765}"= c:\program files\Acer Arcade Deluxe\VideoMagician\VideoMagician.exe:VideoMagician "{E47AD20F-63D3-4F9A-A7F7-4BAE53E638CB}"= c:\program files\Acer Arcade Deluxe\HomeMedia\HomeMedia.exe:HomeMedia "{AAE65792-0A60-4482-A603-4647BA443C9E}"= c:\program files\Acer Arcade Deluxe\DV Wizard\DV Wizard.exe:DV Wizard "{C28D3D9E-3619-474C-9BB7-65473D255C5C}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "{F97C3EAC-DB0F-40C2-BCD5-E319311C9D13}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "{8032A363-60EF-42AA-BC44-B310C05C4A1E}"= c:\program files\Acer Arcade Deluxe\DVDivine\DVDivine.exe:DVDivine "{EE320D79-DA05-45C9-B024-BFBB6A96E47D}"= c:\program files\Acer Arcade Deluxe\Play Movie\PlayMovie.exe:Play Movie "{632D4E1E-5833-4EF1-948F-C797CDECC529}"= c:\program files\Acer Arcade Deluxe\Play Movie\PMVService.exe:Play Movie Resident Program "{428F2AAB-BDC1-4E4E-8DF8-2B272433B669}"= c:\program files\AVG\AVG8\avgemc.exe:avgemc.exe "{14F1AA22-407D-411E-A9DF-55A0D1AD369E}"= c:\program files\AVG\AVG8\avgupd.exe:avgupd.exe "TCP Query User{4027F8A6-6663-4997-88A4-8CC135545BBF}c:\\program files\\utorrent\\utorrent.exe"= UDP:c:\program files\utorrent\utorrent.exe:µTorrent "UDP Query User{9047E999-5FAE-4C38-8A9C-07185BC21C1D}c:\\program files\\utorrent\\utorrent.exe"= TCP:c:\program files\utorrent\utorrent.exe:µTorrent "{FFE14F7F-C718-455D-8DD5-3C0C4AC2FD13}"= UDP:c:\program files\Sports Interactive\Football Manager 2008\fm.exe:Football Manager 2008 "{652D87E3-D78E-493B-9A9E-36116E587FBF}"= TCP:c:\program files\Sports Interactive\Football Manager 2008\fm.exe:Football Manager 2008 "TCP Query User{F309626F-93AB-47A4-8E9B-DDA59D6A2377}c:\\program files\\limewire\\limewire.exe"= UDP:c:\program files\limewire\limewire.exe:LimeWire "UDP Query User{8DAADB10-9DF7-4785-AADE-DF63D30839E7}c:\\program files\\limewire\\limewire.exe"= TCP:c:\program files\limewire\limewire.exe:LimeWire "{87A0CAD6-5112-43DB-B5BA-807637E749B6}"= c:\program files\Skype\Phone\Skype.exe:Skype "TCP Query User{C76C1CCD-3219-4D23-A02C-8BE731BB5E15}c:\\program files\\bearshare applications\\bearshare\\bearshare.exe"= UDP:c:\program files\bearshare applications\bearshare\bearshare.exe:BearShare "UDP Query User{88FB953A-9BE9-460C-9B13-A129DBE270B9}c:\\program files\\bearshare applications\\bearshare\\bearshare.exe"= TCP:c:\program files\bearshare applications\bearshare\bearshare.exe:BearShare R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\drivers\avgldx86.sys [15.09.2008 10:42 327688] R2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};c:\program files\Acer Arcade Deluxe\Play Movie00.fcl [12.09.2008 16:41 13560] R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [15.09.2008 10:42 906520] R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [15.09.2008 10:42 298776] R3 enecir;ENE CIR Receiver;c:\windows\System32\drivers\enecir.sys [10.08.2007 07:44 32256] S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\System32\drivers\b57nd60x.sys [10.08.2007 07:44 179712] --- Andre tjenester/drivere lastet i minnet --- *NewlyCreated* - COMHOST . Innholdet i mappen 'Scheduled Tasks' (planlagte oppgaver) 2009-07-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-05-23 22:18] 2009-07-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-05-23 22:18] . . ------- Tilleggsskanning ------- . uStart Page = hxxp://search.bearshare.com/ uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7 mStart Page = hxxp://no.intl.acer.yahoo.com uInternet Settings,ProxyOverride = *.local uSearchURL,(Default) = hxxp://uk.rd.yahoo.com/customize/ycomp/defaults/su/*http://uk.yahoo.com IE: E&ksporter til Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 FF - ProfilePath - c:\users\aneta\AppData\Roaming\Mozilla\Firefox\Profiles\lt16v7mx.default\ FF - prefs.js: browser.search.selectedEngine - Yahoo! Search FF - prefs.js: browser.startup.homepage - hxxp://www.vg.no/ FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\xpavgtbapi.dll FF - component: c:\program files\DAEMON Tools Toolbar\FirefoxDTT\components\DTToolbarFF.dll FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll FF - component: c:\users\aneta\AppData\Roaming\Mozilla\Firefox\Profiles\lt16v7mx.default\extensions\{038cb5c7-48ea-4af9-94e0-a1646542e62b}\components\FFAlert.dll FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} ---- FIREFOX POLICIES ---- c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".no"); . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-07-01 11:22 Windows 6.0.6001 Service Pack 1 NTFS skanner skjulte prosesser ... skanner skjulte autostart-oppføringer ... skanner skjulte filer ... skanning vellykket skjulte filer: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\system\ControlSet002\Services\{49DE1C67-83F8-4102-99E0-C16DCC7EEC796}] "ImagePath"="\??\c:\program files\Acer Arcade Deluxe\Play Movie00.fcl" . --------------------- LÅSTE REGISTERNØKLER --------------------- [HKEY_USERS\S-1-5-21-602728746-2119309579-3980973252-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*] "??"=hex:aa,7a,1d,1c,be,73,ca,2c,16,f4,bc,6f,fb,57,7c,21,c7,4f,b8,a1,26,83,5b, ba,40,d3,dc,29,28,8f,4b,33,5d,69,01,8d,5c,20,6f,a7,72,44,cb,fd,4a,76,24,a5,\ "??"=hex:e4,ed,d9,ac,60,ef,ad,e4,dc,51,4a,07,c6,d3,3f,f5 [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{755C6BC2-A679-4025-84D3-4AE283A87B14}\DefaultIcon] @DACL=(02 0000) @="\"c:\\Program Files\\AdwareAlert\\AdwareAlert.exe\", 0" [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{755C6BC2-A679-4025-84D3-4AE283A87B14}\Shell] @DACL=(02 0000) [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{755C6BC2-A679-4025-84D3-4AE283A87B14}\ShellFolder] @DACL=(02 0000) "Attributes"=dword:00000004 "WantsFORPARSING"="" [HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . --------------------- DLL'er Lastet Av Kjørende Prosesser --------------------- - - - - - - - > 'Explorer.exe'(5520) c:\windows\system32\MsnChatHook.dll c:\windows\system32\ShowErrMsg.dll c:\windows\system32\sysenv.dll c:\windows\system32\BatchCrypto.dll c:\windows\system32\CryptoAPI.dll c:\windows\system32\keyManager.dll . ------------------------ Andre Kjørende Prosesser ------------------------ . c:\windows\System32\audiodg.exe c:\acer\Empowering Technology\eDataSecurity\eDSService.exe c:\acer\Empowering Technology\eLock\Service\eLockServ.exe c:\progra~1\AVG\AVG8\avgrsx.exe c:\acer\Empowering Technology\eNet\eNet Service.exe c:\program files\Intel\Intel Matrix Storage Manager\IAANTmon.exe c:\program files\Common Files\LightScribe\LSSrvc.exe c:\acer\Mobility Center\MobilityService.exe c:\program files\CyberLink\Shared Files\RichVideo.exe c:\windows\System32\drivers\XAudio.exe c:\acer\Empowering Technology\eRecovery\eRecoveryService.exe c:\acer\Empowering Technology\eSettings\Service\capuserv.exe c:\program files\AVG\AVG8\avgcsrvx.exe c:\acer\Empowering Technology\ePower\ePowerSvc.exe c:\windows\System32\wbem\unsecapp.exe c:\windows\System32\conime.exe c:\windows\System32\igfxsrvc.exe c:\program files\Launch Manager\LManager.exe c:\program files\AVG\AVG8\avgtray.exe c:\program files\Apoint2K\ApMsgFwd.exe c:\program files\Apoint2K\ApntEx.exe c:\users\aneta\AppData\Local\temp\RtkBtMnt.exe c:\program files\Brother\ControlCenter3\BrccMCtl.exe c:\windows\System32\igfxext.exe c:\windows\System32\igfxsrvc.exe c:\program files\Brother\Brmfcmon\BrMfcMon.exe c:\windows\ehome\ehmsas.exe c:\program files\Skype\Plugin Manager\skypePM.exe c:\windows\System32\wbem\WMIADAP.exe . ************************************************************************** . Tidspunkt ferdig: 2009-07-01 11:28 - maskinen ble startet på nytt ComboFix-quarantined-files.txt 2009-07-01 09:28 ComboFix2.txt 2009-07-01 00:33 Pre-Run: 58 802 995 200 byte ledig Post-Run: 58 426 707 968 byte ledig 306 --- E O F --- 2009-06-29 14:11 -edit: Oppstarten gikk også fint nå Mvh ed9 Endret 1. juli 2009 av ed9 Lenke til kommentar
ed9 Skrevet 2. juli 2009 Forfatter Del Skrevet 2. juli 2009 (endret) Kjører Malwarebytes og finner en registeroppføring over og over igjen. Ser ikke ut som Malwarebytes klarer å slette denne nøkkelen under reboot. {755C6BC2-A679-4025-84D3-4AE283A87B14} Navn: (standard) Type: REG_SZ Data: AdwareAlert Prøvde å gå inn i regedit i sikkerhetsmodus og slette nøkkelen der, men får ikke tilgang. "Kan ikke slette {nøkkel}. Feil ved sletting av nøkkel" -edit: Lagt ved logger fra HJT og Malwarebytes kjørt 2/7 HJT: Klikk for å se/fjerne innholdet nedenfor Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 15:00:50, on 02.07.2009 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskeng.exe C:\Windows\RtHDVCpl.exe C:\Acer\Empowering Technology\eAudio\eAudio.exe C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe C:\Users\aneta\AppData\Local\Temp\RtkBtMnt.exe C:\Program Files\Launch Manager\LManager.exe C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe C:\Program Files\Apoint2K\Apoint.exe C:\Program Files\AVG\AVG8\avgtray.exe C:\Windows\System32\igfxtray.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Windows\system32\igfxsrvc.exe C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Apoint2K\ApMsgFwd.exe C:\Windows\system32\igfxext.exe C:\Program Files\Brother\ControlCenter3\brccMCtl.exe C:\Windows\system32\igfxsrvc.exe C:\Program Files\DAEMON Tools Lite\daemon.exe C:\Program Files\Skype\Phone\Skype.exe C:\Windows\ehome\ehtray.exe C:\Program Files\Apoint2K\Apntex.exe C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe C:\Windows\ehome\ehmsas.exe C:\Program Files\Skype\Plugin Manager\skypePM.exe C:\Windows\system32\NOTEPAD.EXE C:\Users\aneta\Desktop\joda\krapyl.exe C:\Windows\system32\DllHost.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.bearshare.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://no.intl.acer.yahoo.com R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.rd.yahoo.com/customize/ycomp/def...://uk.yahoo.com R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file) R3 - URLSearchHook: (no name) - *{EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) R3 - URLSearchHook: (no name) - *{038cb5c7-48ea-4af9-94e0-a1646542e62b} - (no file) O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: ToggleEN Toolbar - {038cb5c7-48ea-4af9-94e0-a1646542e62b} - C:\Program Files\ToggleEN\tbTogg.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Windows\system32\ActiveToolBand.dll O2 - BHO: Påloggingshjelp for Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: ToggleEN Toolbar - {038cb5c7-48ea-4af9-94e0-a1646542e62b} - C:\Program Files\ToggleEN\tbTogg.dll O3 - Toolbar: BearShare MediaBar - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - C:\Program Files\BearShare Applications\BearShare MediaBar\BearShareMediaBar.dll O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [eAudio] "C:\Acer\Empowering Technology\eAudio\eAudio.exe" O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe O4 - HKLM\..\Run: [PLFSetL] C:\Windows\PLFSetL.exe O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe O4 - HKLM\..\Run: [PlayMovie] "C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe" O4 - HKLM\..\Run: [iAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe O4 - HKLM\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKLM\..\Run: [skytel] Skytel.exe O4 - HKLM\..\Run: [igfxTray] C:\Windows\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe O4 - HKLM\..\Run: [sSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot O4 - HKLM\..\Run: [PaperPort PTD] "C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe" O4 - HKLM\..\Run: [indexSearch] "C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe" O4 - HKLM\..\Run: [PPort11reminder] "C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\ProgramData\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini O4 - HKLM\..\Run: [brMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKUS\S-1-5-18\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe (User 'Default user') O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\ssv.dll O9 - Extra button: Send til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O13 - Gopher Prefix: O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - AppInit_DLLs: C:\Windows\System32\avgrsstx.dll O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Automatic LiveUpdate Scheduler - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing) O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing) O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing) O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing) O23 - Service: COM Host (comHost) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe (file missing) O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Unknown owner - C:\Program Files\Norton Internet Security\isPwdSvc.exe (file missing) O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: LiveUpdate - Unknown owner - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE (file missing) O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe (file missing) O23 - Service: Symantec AppCore Service (SymAppCore) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe (file missing) O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe -- End of file - 11374 bytes Malwarebytes: Klikk for å se/fjerne innholdet nedenfor Malwarebytes' Anti-Malware 1.38 Databaseversjon: 2358 Windows 6.0.6002 Service Pack 2 02.07.2009 14:07:10 mbam-log-2009-07-02 (14-07-10).txt Skanntype: Full Skann (C:\|D:\|) Objekter skannet: 221600 Tid tilbakelagt: 2 hour(s), 11 minute(s), 30 second(s) Minneprosesser infisert: 0 Minnemoduler infisert: 0 Registernøkler infisert: 1 Registerverdier infisert: 0 Registerfiler infisert: 0 Mapper infisert: 0 Filer infisert: 0 Minneprosesser infisert: (Ingen mistenkelige filer funnet) Minnemoduler infisert: (Ingen mistenkelige filer funnet) Registernøkler infisert: HKEY_CLASSES_ROOT\CLSID\{755c6bc2-a679-4025-84d3-4ae283a87b14} (Rogue.AdwareAlert) -> Delete on reboot. Registerverdier infisert: (Ingen mistenkelige filer funnet) Registerfiler infisert: (Ingen mistenkelige filer funnet) Mapper infisert: (Ingen mistenkelige filer funnet) Filer infisert: (Ingen mistenkelige filer funnet) Mvh ed9 Endret 2. juli 2009 av ed9 Lenke til kommentar
norbat Skrevet 2. juli 2009 Del Skrevet 2. juli 2009 Gjør følgende: Opprett en ny CFScript-fil med følgende innhold som du drar og slipper over combofix-iconet. REGDELLOCK:: [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{755C6BC2-A679-4025-84D3-4AE283A87B14}\DefaultIcon] [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{755C6BC2-A679-4025-84D3-4AE283A87B14}\Shell] [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{755C6BC2-A679-4025-84D3-4AE283A87B14}\ShellFolder] REGISTRY:: [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{755C6BC2-A679-4025-84D3-4AE283A87B14}] Post loggen og nevn samtidig om malwarebytes fortsatt har problemer med registernøkkelen. Lenke til kommentar
ed9 Skrevet 3. juli 2009 Forfatter Del Skrevet 3. juli 2009 Hei! Kjørte Combofix med scriptet, tok en skann med Malwarebytes som fant den samme registernøkkelen. Tok en reboot av maskina og nok en rask skann med Malwarebytes. Ser ut som den fortsatt biter seg fast. Her er loggene: Combofix: Klikk for å se/fjerne innholdet nedenfor ComboFix 09-07-01.04 - aneta 02.07.2009 20:12.4 - NTFSx86 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.47.1044.18.2037.985 [GMT 2:00] Kjører fra: c:\users\aneta\Desktop\ComboFix.exe Command switches brukt :: c:\users\aneta\Desktop\CFScript.txt AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF} SP: AVG Anti-Virus Free *enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF} SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7} SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46} . ((((((((((((((((((((((((((( Filer Opprettet Fra 2009-06-02 til 2009-07-02 ))))))))))))))))))))))))))))))))) . 2009-07-02 18:18 . 2009-07-02 18:18 -------- d-----w- c:\users\aneta\AppData\Local\temp 2009-07-01 15:20 . 2009-03-19 14:32 23400 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys 2009-07-01 15:20 . 2008-04-17 10:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll 2009-07-01 15:20 . 2009-07-01 15:20 -------- d-----w- c:\program files\iPod 2009-07-01 15:20 . 2009-07-01 15:20 -------- d-----w- c:\programdata\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906} 2009-07-01 15:20 . 2009-07-01 15:20 -------- d-----w- c:\program files\iTunes 2009-07-01 15:19 . 2009-07-01 15:19 -------- d-----w- c:\program files\QuickTime 2009-07-01 15:12 . 2009-07-01 15:12 75048 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 8.2.0.23\SetupAdmin.exe 2009-07-01 13:42 . 2009-07-01 13:45 -------- d-----w- c:\windows\system32\ca-ES 2009-07-01 13:42 . 2009-07-01 13:45 -------- d-----w- c:\windows\system32\eu-ES 2009-07-01 13:42 . 2009-07-01 13:45 -------- d-----w- c:\windows\system32\vi-VN 2009-07-01 13:25 . 2009-07-01 13:25 -------- d-----w- c:\windows\system32\EventProviders 2009-07-01 13:22 . 2009-04-11 06:28 754688 ----a-w- c:\windows\system32\propsys.dll 2009-07-01 13:21 . 2009-04-11 06:28 125952 ----a-w- c:\windows\system32\softkbd.dll 2009-07-01 13:20 . 2009-04-11 06:28 218624 ----a-w- c:\windows\system32\wdscore.dll 2009-07-01 13:20 . 2009-04-11 06:27 130560 ----a-w- c:\windows\system32\PkgMgr.exe 2009-07-01 13:20 . 2009-04-11 06:28 247808 ----a-w- c:\windows\system32\drvstore.dll 2009-07-01 12:20 . 2009-05-09 05:34 71680 ----a-w- c:\windows\system32\iesetup.dll 2009-07-01 12:20 . 2009-05-09 05:50 915456 ----a-w- c:\windows\system32\wininet.dll 2009-06-30 21:08 . 2009-06-30 21:08 -------- d-----w- c:\users\aneta\AppData\Roaming\Malwarebytes 2009-06-30 21:08 . 2009-06-17 09:27 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-06-30 21:08 . 2009-06-30 21:08 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-06-30 21:08 . 2009-06-30 21:08 -------- d-----w- c:\programdata\Malwarebytes 2009-06-30 21:08 . 2009-06-17 09:27 19096 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-06-30 21:07 . 2009-06-30 21:07 -------- d-----w- c:\program files\CCleaner 2009-06-30 20:59 . 2009-07-01 15:43 117760 ----a-w- c:\users\aneta\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL 2009-06-30 20:58 . 2009-06-30 20:58 -------- d-----w- c:\programdata\SUPERAntiSpyware.com 2009-06-30 20:57 . 2009-06-30 20:57 -------- d-----w- c:\program files\SUPERAntiSpyware 2009-06-30 20:57 . 2009-06-30 20:57 -------- d-----w- c:\users\aneta\AppData\Roaming\SUPERAntiSpyware.com 2009-06-30 20:57 . 2009-06-30 20:57 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard 2009-06-30 07:46 . 2009-06-30 07:46 -------- d-----w- c:\users\aneta\AppData\Local\AVG Security Toolbar 2009-06-29 20:55 . 2009-06-29 20:55 -------- d-----w- c:\programdata\AVG Security Toolbar 2009-06-26 18:42 . 2009-06-26 18:42 -------- d-----w- c:\programdata\6285 2009-06-26 18:40 . 2009-06-27 20:11 -------- d-----w- c:\program files\BearShare Applications 2009-06-11 18:40 . 2009-04-21 11:39 2034688 ----a-w- c:\windows\system32\win32k.sys 2009-06-11 18:39 . 2009-04-23 12:14 623616 ----a-w- c:\windows\system32\localspl.dll 2009-06-11 18:39 . 2009-04-23 12:15 784896 ----a-w- c:\windows\system32\rpcrt4.dll 2009-06-03 17:59 . 2009-06-03 17:59 -------- d-----w- c:\program files\Common Files\PocketSoft 2009-06-03 17:59 . 2002-02-27 15:50 197120 ----a-w- c:\windows\patchw32.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-07-02 18:11 . 2006-11-21 05:16 76478 ----a-w- c:\windows\system32\perfc014.dat 2009-07-02 18:11 . 2006-11-21 05:16 452334 ----a-w- c:\windows\system32\perfh014.dat 2009-07-02 18:07 . 2008-10-25 16:48 -------- d-----w- c:\users\aneta\AppData\Roaming\skypePM 2009-07-02 10:33 . 2008-09-20 11:12 -------- d-----w- c:\users\aneta\AppData\Roaming\Skype 2009-07-01 15:23 . 2008-09-16 08:05 -------- d-----w- c:\program files\Java 2009-07-01 15:20 . 2009-02-21 21:17 -------- d-----w- c:\program files\Common Files\Apple 2009-07-01 13:46 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Calendar 2009-07-01 13:46 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail 2009-07-01 13:46 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Sidebar 2009-07-01 13:46 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Journal 2009-07-01 13:46 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Collaboration 2009-07-01 13:46 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Photo Gallery 2009-07-01 13:45 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Defender 2009-07-01 13:42 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat 2009-07-01 12:38 . 2008-09-12 14:38 71336 ----a-w- c:\users\aneta\AppData\Local\GDIPFONTCACHEV1.DAT 2009-07-01 12:38 . 2009-02-21 21:25 -------- d-----w- c:\programdata\NOS 2009-07-01 12:38 . 2009-02-21 21:25 -------- d-----w- c:\program files\NOS 2009-07-01 12:24 . 2007-08-09 22:55 -------- d-----w- c:\programdata\Microsoft Help 2009-07-01 12:23 . 2007-08-09 22:57 -------- d-----w- c:\program files\Microsoft Works 2009-06-30 22:46 . 2007-08-09 23:08 -------- d-----w- c:\program files\Common Files\Symantec Shared 2009-06-30 22:45 . 2007-08-09 23:08 -------- d-----w- c:\programdata\Symantec 2009-06-30 22:36 . 2008-09-15 08:42 -------- d-----w- c:\programdata\avg8 2009-06-29 20:55 . 2008-09-15 08:42 11952 ----a-w- c:\windows\system32\avgrsstx.dll 2009-06-29 20:55 . 2008-09-15 08:42 327688 ----a-w- c:\windows\system32\drivers\avgldx86.sys 2009-06-29 20:55 . 2008-09-15 08:42 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys 2009-06-28 20:30 . 2008-09-27 08:21 -------- d-----w- c:\users\aneta\AppData\Roaming\LimeWire 2009-06-03 18:01 . 2009-05-29 21:39 -------- d-----w- c:\users\aneta\AppData\Roaming\Atari 2009-06-03 17:55 . 2007-08-09 21:34 -------- d--h--w- c:\program files\InstallShield Installation Information 2009-06-03 17:55 . 2009-05-20 18:27 -------- d-----w- c:\program files\Atari 2009-05-29 21:16 . 2009-05-29 21:16 -------- d-----w- c:\program files\ToggleEN 2009-05-29 21:16 . 2009-05-29 21:16 -------- d-----w- c:\program files\Conduit 2009-05-28 19:40 . 2009-05-28 19:40 -------- d-----w- c:\users\aneta\AppData\Roaming\ScanSoft 2009-05-24 18:35 . 2009-05-24 18:35 -------- d-----w- c:\users\aneta\AppData\Roaming\DivX 2009-05-23 22:21 . 2009-03-10 09:02 -------- d-----w- c:\program files\Google 2009-05-23 22:19 . 2009-05-23 22:18 -------- d-----w- c:\program files\DivX 2009-05-23 22:19 . 2009-05-23 22:19 -------- d-----w- c:\program files\Common Files\PX Storage Engine 2009-05-23 22:18 . 2009-05-23 22:18 -------- d-----w- c:\program files\Common Files\DivX Shared 2009-05-22 06:16 . 2009-01-29 15:21 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys 2009-05-21 09:33 . 2008-12-06 22:34 410984 ----a-w- c:\windows\system32\deploytk.dll 2009-05-19 17:09 . 2009-05-10 21:00 -------- d-----w- c:\program files\eGames 2009-04-15 20:24 . 2009-04-15 20:24 90112 ----a-w- c:\windows\system32\dpl100.dll 2009-04-15 20:24 . 2009-04-15 20:24 823296 ----a-w- c:\windows\system32\divx_xx0c.dll 2009-04-15 20:24 . 2009-04-15 20:24 823296 ----a-w- c:\windows\system32\divx_xx07.dll 2009-04-15 20:24 . 2009-04-15 20:24 815104 ----a-w- c:\windows\system32\divx_xx0a.dll 2009-04-15 20:24 . 2009-04-15 20:24 802816 ----a-w- c:\windows\system32\divx_xx11.dll 2009-04-15 20:24 . 2009-04-15 20:24 684032 ----a-w- c:\windows\system32\DivX.dll 2009-04-11 06:33 . 2009-07-01 13:23 986600 ----a-w- c:\windows\system32\winload.exe 2009-04-11 06:33 . 2009-07-01 13:22 926184 ----a-w- c:\windows\system32\winresume.exe 2009-04-11 06:33 . 2009-07-01 13:22 292840 ----a-w- c:\windows\system32\drivers\volmgrx.sys 2009-04-11 06:33 . 2009-07-01 13:23 897000 ----a-w- c:\windows\system32\drivers\tcpip.sys 2009-04-11 06:33 . 2009-07-01 13:22 614376 ----a-w- c:\windows\system32\ci.dll 2009-04-11 06:28 . 2009-07-01 13:22 56320 ----a-w- c:\windows\system32\xmlfilter.dll 2009-04-11 06:27 . 2009-07-01 13:23 441344 ----a-w- c:\windows\system32\SearchIndexer.exe 2009-04-11 06:22 . 2009-07-01 13:21 7168 ----a-w- c:\windows\system32\f3ahvoas.dll 2009-04-11 06:21 . 2009-07-01 13:21 37376 ----a-w- c:\windows\system32\cdd.dll 2009-04-11 05:42 . 2009-07-01 13:21 93696 ----a-w- c:\windows\system32\drivers\bridge.sys 2009-04-11 05:03 . 2009-07-01 13:23 12240896 ----a-w- c:\windows\system32\NlsLexicons0007.dll 2009-04-11 05:03 . 2009-07-01 13:23 2644480 ----a-w- c:\windows\system32\NlsLexicons0009.dll 2009-04-11 04:57 . 2009-07-01 13:21 8147456 ----a-w- c:\windows\system32\wmploc.DLL 2009-04-11 04:54 . 2009-07-01 13:21 2048 ----a-w- c:\windows\system32\mferror.dll 2009-04-11 04:51 . 2009-07-01 13:21 180736 ----a-w- c:\windows\system32\drivers\rdpwd.sys 2009-04-11 04:47 . 2009-07-01 13:22 273920 ----a-w- c:\windows\system32\drivers\afd.sys 2009-04-11 04:46 . 2009-07-01 13:21 69120 ----a-w- c:\windows\system32\drivers\rassstp.sys 2009-04-11 04:46 . 2009-07-01 13:21 121344 ----a-w- c:\windows\system32\drivers\ndiswan.sys 2009-04-11 04:46 . 2009-07-01 13:21 41472 ----a-w- c:\windows\system32\drivers\raspppoe.sys 2009-04-11 04:46 . 2009-07-01 13:21 15872 ----a-w- c:\windows\system32\drivers\usb8023.sys 2009-04-11 04:46 . 2009-07-01 13:21 33280 ----a-w- c:\windows\system32\drivers\RNDISMP.sys 2009-04-11 04:46 . 2009-07-01 13:22 30720 ----a-w- c:\windows\system32\drivers\tcpipreg.sys 2009-04-11 04:45 . 2009-07-01 13:22 72192 ----a-w- c:\windows\system32\drivers\tdx.sys 2009-04-11 04:45 . 2009-07-01 13:22 72192 ----a-w- c:\windows\system32\drivers\pacer.sys 2009-04-11 04:45 . 2009-07-01 13:22 185856 ----a-w- c:\windows\system32\drivers\netbt.sys 2009-04-11 04:45 . 2009-07-01 13:22 401408 ----a-w- c:\windows\system32\drivers\http.sys 2009-04-11 04:45 . 2009-07-01 13:22 113664 ----a-w- c:\windows\system32\drivers\rmcast.sys 2009-04-11 04:45 . 2009-07-01 13:21 66560 ----a-w- c:\windows\system32\drivers\smb.sys 2009-04-11 04:43 . 2009-07-01 13:21 148480 ----a-w- c:\windows\system32\drivers\nwifi.sys 2009-04-11 04:43 . 2009-07-01 13:22 196096 ----a-w- c:\windows\system32\drivers\usbhub.sys 2009-04-11 04:43 . 2009-07-01 13:22 62208 ----a-w- c:\windows\system32\drivers\ohci1394.sys 2009-04-11 04:42 . 2009-07-01 13:22 226304 ----a-w- c:\windows\system32\drivers\usbport.sys 2009-04-11 04:42 . 2009-07-01 13:22 25856 ----a-w- c:\windows\system32\drivers\USBCAMD2.sys 2009-04-11 04:42 . 2009-07-01 13:22 25856 ----a-w- c:\windows\system32\drivers\USBCAMD.sys 2009-04-11 04:42 . 2009-07-01 13:22 39936 ----a-w- c:\windows\system32\drivers\usbehci.sys 2009-04-11 04:42 . 2009-07-01 13:22 167936 ----a-w- c:\windows\system32\drivers\portcls.sys 2009-04-11 04:42 . 2009-07-01 13:21 12800 ----a-w- c:\windows\system32\drivers\hidusb.sys 2009-04-11 04:42 . 2009-07-01 13:21 39424 ----a-w- c:\windows\system32\drivers\hidclass.sys 2009-04-11 04:42 . 2009-07-01 13:21 52992 ----a-w- c:\windows\system32\drivers\stream.sys 2009-04-11 04:42 . 2009-07-01 13:23 561152 ----a-w- c:\windows\system32\drivers\hdaudbus.sys 2009-04-11 04:39 . 2009-07-01 13:21 16384 ----a-w- c:\windows\system32\iscsilog.dll 2009-04-11 04:39 . 2009-07-01 13:21 67072 ----a-w- c:\windows\system32\drivers\cdrom.sys 2009-04-11 04:39 . 2009-07-01 13:21 11776 ----a-w- c:\windows\system32\drivers\sffp_sd.sys 2009-04-11 04:39 . 2009-07-01 13:21 19456 ----a-w- c:\windows\system32\drivers\Diskdump.sys 2009-04-11 04:38 . 2009-07-01 13:22 149504 ----a-w- c:\windows\system32\drivers\ks.sys 2009-04-11 04:38 . 2009-07-01 13:22 17408 ----a-w- c:\windows\system32\drivers\kbdhid.sys 2009-04-11 04:27 . 2009-07-01 13:21 2560 ----a-w- c:\windows\system32\msimsg.dll 2009-04-11 04:23 . 2009-07-01 13:22 626176 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys 2009-04-11 04:23 . 2009-07-01 13:21 76288 ----a-w- c:\windows\system32\drivers\dxg.sys 2009-04-11 04:23 . 2009-07-01 13:21 289792 ----a-w- c:\windows\system32\atmfd.dll 2009-04-11 04:22 . 2009-07-01 13:22 33280 ----a-w- c:\windows\system32\drivers\watchdog.sys 2009-04-11 04:19 . 2009-07-01 13:22 89088 ----a-w- c:\windows\system32\drivers\sdbus.sys 2009-04-11 04:15 . 2009-07-01 13:22 288768 ----a-w- c:\windows\system32\drivers\srv.sys 2009-04-11 04:15 . 2009-07-01 13:22 144896 ----a-w- c:\windows\system32\drivers\srv2.sys 2009-04-15 20:24 . 2009-04-15 20:24 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll 2009-04-15 20:24 . 2009-04-15 20:24 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll . (((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret ))))))))))))))))))))))))))))))))))))))))))))) . . *Merk* tomme oppføringer & gyldige standardoppføringer vises ikke REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{038cb5c7-48ea-4af9-94e0-a1646542e62b}] 2009-02-16 13:44 1882136 ----a-w- c:\program files\ToggleEN\tbTogg.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}] 2009-06-14 14:07 1004800 ----a-w- c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EnhancedStorageShell] @="{D9144DCD-E998-4ECA-AB6A-DCD83CCBA16D}" [HKEY_CLASSES_ROOT\CLSID\{D9144DCD-E998-4ECA-AB6A-DCD83CCBA16D}] 2009-04-11 06:28 114176 ----a-w- c:\windows\System32\EhStorShell.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-09-23 21755688] "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952] "DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-07-24 490952] "WindowsWelcomeCenter"="oobefldr.dll" - c:\windows\System32\oobefldr.dll [2009-04-11 2153472] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "WarReg_PopUp"="c:\acer\WR_PopUp\WarReg_PopUp.exe" [2006-11-05 57344] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-05-21 148888] "SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696] "PPort11reminder"="c:\program files\ScanSoft\PaperPort\Ereg\Ereg.exe" [2007-02-01 255528] "PLFSetL"="c:\windows\PLFSetL.exe" [2007-07-05 94208] "PlayMovie"="c:\program files\Acer Arcade Deluxe\Play Movie\PMVService.exe" [2007-05-24 206952] "Persistence"="c:\windows\system32\igfxpers.exe" [2007-05-25 138008] "PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2007-01-29 30248] "LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2007-06-27 752136] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-06-05 292136] "IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2007-01-29 46632] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-05-25 142104] "IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-03-21 174872] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-05-25 154392] "eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2007-04-25 457216] "eAudio"="c:\acer\Empowering Technology\eAudio\eAudio.exe" [2007-06-11 1286144] "ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2007-01-26 65536] "BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2007-03-12 663552] "AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-06-29 1948440] "Apoint"="c:\program files\Apoint2K\Apoint.exe" [2007-06-06 159744] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696] "Acer Tour Reminder"="c:\acer\AcerTour\Reminder.exe" [2007-05-22 151552] "Skytel"="Skytel.exe" - c:\windows\SkyTel.exe [2007-06-15 1826816] "RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2007-07-06 4669440] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "Acer Tour Reminder"="c:\acer\AcerTour\Reminder.exe" [2007-05-22 151552] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "BindDirectlyToPropertySetStorage"= 0 (0x0) [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2008-12-22 10:05 356352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=c:\windows\System32\avgrsstx.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] @="Service" [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc] "VistaSp2"=hex(b):09,e6,7f,36,53,fa,c9,01 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules] "{729B66D6-00F1-416B-A5E9-9A8255A47FBB}"= c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\Acer Arcade Deluxe.exe:Acer Arcade Deluxe "{C01F176F-41CC-4DF0-9FC0-E40B94DF7765}"= c:\program files\Acer Arcade Deluxe\VideoMagician\VideoMagician.exe:VideoMagician "{E47AD20F-63D3-4F9A-A7F7-4BAE53E638CB}"= c:\program files\Acer Arcade Deluxe\HomeMedia\HomeMedia.exe:HomeMedia "{AAE65792-0A60-4482-A603-4647BA443C9E}"= c:\program files\Acer Arcade Deluxe\DV Wizard\DV Wizard.exe:DV Wizard "{C28D3D9E-3619-474C-9BB7-65473D255C5C}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "{F97C3EAC-DB0F-40C2-BCD5-E319311C9D13}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "{8032A363-60EF-42AA-BC44-B310C05C4A1E}"= c:\program files\Acer Arcade Deluxe\DVDivine\DVDivine.exe:DVDivine "{EE320D79-DA05-45C9-B024-BFBB6A96E47D}"= c:\program files\Acer Arcade Deluxe\Play Movie\PlayMovie.exe:Play Movie "{632D4E1E-5833-4EF1-948F-C797CDECC529}"= c:\program files\Acer Arcade Deluxe\Play Movie\PMVService.exe:Play Movie Resident Program "{428F2AAB-BDC1-4E4E-8DF8-2B272433B669}"= c:\program files\AVG\AVG8\avgemc.exe:avgemc.exe "{14F1AA22-407D-411E-A9DF-55A0D1AD369E}"= c:\program files\AVG\AVG8\avgupd.exe:avgupd.exe "TCP Query User{4027F8A6-6663-4997-88A4-8CC135545BBF}c:\\program files\\utorrent\\utorrent.exe"= UDP:c:\program files\utorrent\utorrent.exe:µTorrent "UDP Query User{9047E999-5FAE-4C38-8A9C-07185BC21C1D}c:\\program files\\utorrent\\utorrent.exe"= TCP:c:\program files\utorrent\utorrent.exe:µTorrent "{FFE14F7F-C718-455D-8DD5-3C0C4AC2FD13}"= UDP:c:\program files\Sports Interactive\Football Manager 2008\fm.exe:Football Manager 2008 "{652D87E3-D78E-493B-9A9E-36116E587FBF}"= TCP:c:\program files\Sports Interactive\Football Manager 2008\fm.exe:Football Manager 2008 "TCP Query User{F309626F-93AB-47A4-8E9B-DDA59D6A2377}c:\\program files\\limewire\\limewire.exe"= UDP:c:\program files\limewire\limewire.exe:LimeWire "UDP Query User{8DAADB10-9DF7-4785-AADE-DF63D30839E7}c:\\program files\\limewire\\limewire.exe"= TCP:c:\program files\limewire\limewire.exe:LimeWire "{87A0CAD6-5112-43DB-B5BA-807637E749B6}"= c:\program files\Skype\Phone\Skype.exe:Skype "TCP Query User{C76C1CCD-3219-4D23-A02C-8BE731BB5E15}c:\\program files\\bearshare applications\\bearshare\\bearshare.exe"= UDP:c:\program files\bearshare applications\bearshare\bearshare.exe:BearShare "UDP Query User{88FB953A-9BE9-460C-9B13-A129DBE270B9}c:\\program files\\bearshare applications\\bearshare\\bearshare.exe"= TCP:c:\program files\bearshare applications\bearshare\bearshare.exe:BearShare "{E1ED0BDC-80B7-469D-8E66-FBC7B515B9DD}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes "{678302F2-E6C5-49E9-A856-414ED32A4A98}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\drivers\avgldx86.sys [15.09.2008 10:42 327688] R2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};c:\program files\Acer Arcade Deluxe\Play Movie00.fcl [12.09.2008 16:41 13560] R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [15.09.2008 10:42 906520] R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [15.09.2008 10:42 298776] R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\System32\drivers\b57nd60x.sys [10.08.2007 07:44 179712] R3 enecir;ENE CIR Receiver;c:\windows\System32\drivers\enecir.sys [10.08.2007 07:44 32256] --- Andre tjenester/drivere lastet i minnet --- *NewlyCreated* - COMHOST [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}] "c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP . Innholdet i mappen 'Scheduled Tasks' (planlagte oppgaver) 2009-07-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-05-23 22:18] 2009-07-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-05-23 22:18] . - - - - TOMME PEKERE FJERNET - - - - HKCU-Run-Acer Tour Reminder - (no file) . ------- Tilleggsskanning ------- . uStart Page = hxxp://search.bearshare.com/ uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7 mStart Page = hxxp://no.intl.acer.yahoo.com uInternet Settings,ProxyOverride = *.local uSearchURL,(Default) = hxxp://uk.rd.yahoo.com/customize/ycomp/defaults/su/*http://uk.yahoo.com IE: E&ksporter til Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab FF - ProfilePath - c:\users\aneta\AppData\Roaming\Mozilla\Firefox\Profiles\lt16v7mx.default\ FF - prefs.js: browser.search.selectedEngine - Yahoo! Search FF - prefs.js: browser.startup.homepage - hxxp://www.vg.no/ FF - prefs.js: keyword.URL - hxxp://no.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_no&p= FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\xpavgtbapi.dll FF - component: c:\program files\DAEMON Tools Toolbar\FirefoxDTT\components\DTToolbarFF.dll FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll FF - plugin: c:\program files\Google\Update\1.2.183.7\npGoogleOneClick8.dll FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} ---- FIREFOX POLICIES ---- c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200); c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess"); c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120); c:\program files\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1); c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1); c:\program files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072); c:\program files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true); c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35"); c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35"); c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".no"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json"); . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-07-02 20:18 Windows 6.0.6002 Service Pack 2 NTFS skanner skjulte prosesser ... skanner skjulte autostart-oppføringer ... skanner skjulte filer ... c:\users\aneta\AppData\Local\Temp\catchme.dll 53248 bytes executable skanning vellykket skjulte filer: 1 ************************************************************************** [HKEY_LOCAL_MACHINE\system\ControlSet002\Services\{49DE1C67-83F8-4102-99E0-C16DCC7EEC796}] "ImagePath"="\??\c:\program files\Acer Arcade Deluxe\Play Movie00.fcl" . --------------------- LÅSTE REGISTERNØKLER --------------------- [HKEY_USERS\S-1-5-21-602728746-2119309579-3980973252-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*] "??"=hex:aa,7a,1d,1c,be,73,ca,2c,16,f4,bc,6f,fb,57,7c,21,c7,4f,b8,a1,26,83,5b, ba,40,d3,dc,29,28,8f,4b,33,5d,69,01,8d,5c,20,6f,a7,72,44,cb,fd,4a,76,24,a5,\ "??"=hex:e4,ed,d9,ac,60,ef,ad,e4,dc,51,4a,07,c6,d3,3f,f5 [HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . --------------------- DLL'er Lastet Av Kjørende Prosesser --------------------- - - - - - - - > 'Explorer.exe'(4852) c:\windows\system32\MsnChatHook.dll c:\windows\system32\ShowErrMsg.dll c:\windows\system32\sysenv.dll c:\windows\system32\BatchCrypto.dll c:\windows\system32\CryptoAPI.dll c:\windows\system32\keyManager.dll . Tidspunkt ferdig: 2009-07-02 20:20 ComboFix-quarantined-files.txt 2009-07-02 18:20 ComboFix2.txt 2009-07-02 15:10 Pre-Run: 69 204 361 216 byte ledig Post-Run: 69 098 926 080 byte ledig 382 --- E O F --- 2009-07-02 14:06 Malwarebytes: Klikk for å se/fjerne innholdet nedenfor Malwarebytes' Anti-Malware 1.38 Databaseversjon: 2363 Windows 6.0.6002 Service Pack 2 02.07.2009 20:30:34 mbam-log-2009-07-02 (20-30-34).txt Skanntype: Rask Skann Objekter skannet: 77373 Tid tilbakelagt: 6 minute(s), 54 second(s) Minneprosesser infisert: 0 Minnemoduler infisert: 0 Registernøkler infisert: 1 Registerverdier infisert: 0 Registerfiler infisert: 0 Mapper infisert: 0 Filer infisert: 0 Minneprosesser infisert: (Ingen mistenkelige filer funnet) Minnemoduler infisert: (Ingen mistenkelige filer funnet) Registernøkler infisert: HKEY_CLASSES_ROOT\CLSID\{755c6bc2-a679-4025-84d3-4ae283a87b14} (Rogue.AdwareAlert) -> Delete on reboot. Registerverdier infisert: (Ingen mistenkelige filer funnet) Registerfiler infisert: (Ingen mistenkelige filer funnet) Mapper infisert: (Ingen mistenkelige filer funnet) Filer infisert: (Ingen mistenkelige filer funnet) Mvh ed9 Lenke til kommentar
norbat Skrevet 3. juli 2009 Del Skrevet 3. juli 2009 (endret) Lag ny CFScript med følgende innhold: REGDELLOCK:: [HKEY_CLASSES_ROOT\CLSID\{755c6bc2-a679-4025-84d3-4ae283a87b14}] Du trenger ikke å poste loggen, men nevn om malwarebytes fortsatt finner oppføringen. ps. Husk alltid å sjekke for oppdatering for Malwarebytes før du skanner med programmet. Endret 3. juli 2009 av norbat Lenke til kommentar
ed9 Skrevet 3. juli 2009 Forfatter Del Skrevet 3. juli 2009 (endret) Hei igjen! Kjørte Combofix med scriptet, oppdaterte malwarebytes og kjørte en skann. Fant den samme nøkkelen og tok reboot, så ny skann. Ser nok ut som den fortsatt klamrer seg fast... Mvh ed9 Endret 3. juli 2009 av ed9 Lenke til kommentar
norbat Skrevet 3. juli 2009 Del Skrevet 3. juli 2009 Finn oppføringen i regedit, høyreklikk på {755c6bc2-a679-4025-84d3-4ae283a87b14} og velg Tillatelser... Sørg for at brukeren din har tillatelse (f.eks. alle) til å endre/slette oppføringen. Lenke til kommentar
raWrz Skrevet 3. juli 2009 Del Skrevet 3. juli 2009 hvis du ikke er så datakynding slik at du greier og sjekke det norbat ber deg om så leser du det i skjult taggen under: Klikk for å se/fjerne innholdet nedenfor Hold inne windows knappen og trykk R - da vil Kjør vinduet poppe opp - skiv inn regedit og press enter (ikke slett noe som du ikke hvet hva er. det kan ødelegge windows / programvarer) - på høyere sia av vinduet klikker du på følgende "mapper" HKEY_LOCAL_MACHINE - software - Classes - CLSID - (når du er her ser du MANGE mapper med masse nummere) nå holder du inne CTRL og trykker B der koper og lim inn følgende tall og symboler: {755c6bc2-a679-4025-84d3-4ae283a87b14} - trykk på knappen "søk etter neste" og den "mappa" vil bli blotta ut - høyere klikk på den "mappa" velg Tilatelser også tror jeg du skal skrive hva som er på/av av tilatelser hvis jeg skjønte norbat rett Lenke til kommentar
ed9 Skrevet 5. juli 2009 Forfatter Del Skrevet 5. juli 2009 Har dessverre ikke tilgang til maskinen nå, men skal poste svar straks jeg har fått testet ut siste tips. Takk så mye for hjelpen så langt Fikk tilbakemelding fra eieren at maskina var som ny i forhold til det den var før vi begynte på fjerningen! Mvh ed9 Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå