iTANDBERG Skrevet 30. mars 2007 Del Skrevet 30. mars 2007 Her er mine logger: SAS: Klikk for å se/fjerne innholdet nedenfor Logfile of HijackThis v1.99.1 Scan saved at 21:37:57, on 30.03.2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16414) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Programfiler\Fellesfiler\Symantec Shared\ccSetMgr.exe C:\Programfiler\Fellesfiler\Symantec Shared\ccEvtMgr.exe C:\Programfiler\Fellesfiler\Symantec Shared\SNDSrvc.exe C:\Programfiler\Fellesfiler\Symantec Shared\CCPD-LC\symlcsvc.exe C:\WINDOWS\system32\spoolsv.exe c:\programfiler\fellesfiler\logitech\lvmvfm\LVPrcSrv.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Programfiler\Symantec\Norton Ghost\Agent\GhostTray.exe C:\Programfiler\Java\jre1.5.0_06\bin\jusched.exe C:\Programfiler\D-Tools\daemon.exe C:\Programfiler\Logitech\G-series Software\LGDCore.exe C:\Programfiler\Logitech\G-series Software\LCDMon.exe C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe C:\Programfiler\QuickTime\qttask.exe C:\Programfiler\iTunes\iTunesHelper.exe C:\Programfiler\Fellesfiler\System\fileWin.exe C:\WINDOWS\SOUNDMAN.EXE C:\Programfiler\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\WINDOWS\system32\ctfmon.exe C:\Programfiler\MSN Messenger\msnmsgr.exe C:\Programfiler\Skype\Phone\Skype.exe C:\Programfiler\Logitech\G-series Software\Applets\LCDMedia.exe C:\Programfiler\Logitech\G-series Software\Applets\LCDClock.exe C:\Programfiler\Norton SystemWorks\Norton GoBack\GBTray.exe C:\Programfiler\Xfire\Xfire.exe C:\Programfiler\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\Programfiler\Norton SystemWorks\Norton GoBack\GBPoll.exe C:\Programfiler\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe C:\Programfiler\Norton Internet Security\Norton AntiVirus\navapsvc.exe C:\Programfiler\Symantec\Norton Ghost\Agent\PQV2iSvc.exe C:\PROGRA~1\NORTON~2\NORTON~2\NPROTECT.EXE C:\PROGRA~1\NORTON~2\NORTON~2\SPEEDD~1\NOPDB.EXE C:\WINDOWS\system32\svchost.exe C:\Programfiler\iPod\bin\iPodService.exe C:\Programfiler\Fellesfiler\Symantec Shared\Security Console\NSCSRVCE.EXE C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Documents and Settings\Reserve\Skrivebord\hijackthis_sfx.exe C:\Program Files\HijackThis\test.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.co.uk/0SEENWW/SAOS01?FORM=TOOLBR R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.co.uk/0SEENWW/SAOS01?FORM=TOOLBR R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.catchgamer.no/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.meloco.com/index.php?i=sm R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.co.uk/0SEENWW/SAOS01?FORM=TOOLBR R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger R3 - URLSearchHook: (no name) - {A55581DC-2CDB-4089-8878-71A080B22342} - (no file) F2 - REG:system.ini: Shell=Explorer.exe, O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: ohb - {5ED7D3DE-6DBE-4516-8712-436325722327} - (no file) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.5.0_06\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Norton Internet Security 2006 - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Programfiler\Fellesfiler\Symantec Shared\AdBlocking\NISShExt.dll O2 - BHO: AutoSearch - {A55581DC-2CDB-4089-8878-71A080B22342} - (no file) O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Programfiler\Norton Internet Security\Norton AntiVirus\NavShExt.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programfiler\google\googletoolbar3.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programfiler\Windows Live Toolbar\msntb.dll O3 - Toolbar: Norton Internet Security 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Programfiler\Fellesfiler\Symantec Shared\AdBlocking\NISShExt.dll O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Programfiler\Norton Internet Security\Norton AntiVirus\NavShExt.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programfiler\google\googletoolbar3.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programfiler\Windows Live Toolbar\msntb.dll O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [Norton Ghost 9.0] C:\Programfiler\Symantec\Norton Ghost\Agent\GhostTray.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Programfiler\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Programfiler\D-Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [Launch LGDCore] "C:\Programfiler\Logitech\G-series Software\LGDCore.exe" /SHOWHIDE O4 - HKLM\..\Run: [Launch LCDMon] "C:\Programfiler\Logitech\G-series Software\LCDMon.exe" O4 - HKLM\..\Run: [ccApp] "C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Programfiler\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [Windows Update] C:\Programfiler\Fellesfiler\System\fileWin.exe O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [ATIPTA] C:\Programfiler\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Programfiler\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [nliab] C:\WINDOWS\system32\rwwhao.exe reg_run O4 - HKCU\..\Run: [swg] C:\Programfiler\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [skype] "C:\Programfiler\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - Startup: Xfire.lnk = C:\Programfiler\Xfire\Xfire.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programfiler\Fellesfiler\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Hurtigstart for Adobe Reader.lnk = C:\Programfiler\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Norton GoBack.lnk = C:\Programfiler\Norton SystemWorks\Norton GoBack\GBTray.exe O8 - Extra context menu item: &Windows Live Search - res://C:\Programfiler\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Programfiler\Norton SystemWorks\Norton Cleanup\WCQuick.lnk O9 - Extra 'Tools' menuitem: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Programfiler\Norton SystemWorks\Norton Cleanup\WCQuick.lnk O9 - Extra button: Oppslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O11 - Options group: [iNTERNATIONAL] International* O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab O16 - DPF: {31E68DE2-5548-4B23-88F0-C51E6A0F695E} (Microsoft PID Sniffer) - https://support.microsoft.com/OAS/ActiveX/odc.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://hellokjeks.spaces.live.com//PhotoUpload/MsnPUpld.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O16 - DPF: {8FCDF9D9-A28B-480F-8C3D-581F119A8AB8} - http://static.zangocash.com/cab/Zango/ie/bridge-c356.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab O16 - DPF: {DECEAAA2-370A-49BB-9362-68C3A58DDC62} - http://static.zangocash.com/cab/Zango/ie/b...67fd12e6bbded73 O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O20 - Winlogon Notify: !SASWinLogon - C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Programfiler\Fellesfiler\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Automatisk LiveUpdate-planlegging - Symantec Corporation - C:\Programfiler\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: BrSplService (Brother XP spl Service) - Unknown owner - C:\WINDOWS\system32\brsvc01a.exe (file missing) O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Programfiler\Norton Internet Security\ccPwdSvc.exe O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccProxy.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccSetMgr.exe O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Programfiler\Norton Internet Security\comHost.exe O23 - Service: GoBack Polling Service (GBPoll) - Symantec Corporation - C:\Programfiler\Norton SystemWorks\Norton GoBack\GBPoll.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programfiler\Fellesfiler\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Programfiler\iPod\bin\iPodService.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\programfiler\fellesfiler\logitech\lvmvfm\LVPrcSrv.exe O23 - Service: Norton AntiVirus Auto-Protect-tjeneste (navapsvc) - Symantec Corporation - C:\Programfiler\Norton Internet Security\Norton AntiVirus\navapsvc.exe O23 - Service: Norton Ghost - Symantec Corporation - C:\Programfiler\Symantec\Norton Ghost\Agent\PQV2iSvc.exe O23 - Service: Norton UnErase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~2\NORTON~2\NPROTECT.EXE O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\Security Console\NSCSRVCE.EXE O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Programfiler\Norton Internet Security\Norton AntiVirus\SAVScan.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~2\NORTON~2\SPEEDD~1\NOPDB.EXE O23 - Service: Symantec Core LC - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: Windows User Mode Driver Framework (UMWdf) - Unknown owner - C:\WINDOWS\system32\wdfmgr.exe (file missing) Hijack: Klikk for å se/fjerne innholdet nedenfor SUPERAntiSpyware Scan Log Generated 03/30/2007 at 09:32 PM Application Version : 3.6.1000 Core Rules Database Version : 3190 Trace Rules Database Version: 1200 Scan type : Complete Scan Total Scan Time : 00:40:19 Memory items scanned : 546 Memory threats detected : 0 Registry items scanned : 7333 Registry threats detected : 274 File items scanned : 46682 File threats detected : 130 Adware.IST/SideFind HKLM\Software\Classes\CLSID\{8CBA1B49-8144-4721-A7B1-64C578C9EED7} HKU\S-1-5-21-2511507171-956849931-1193322318-1007\Software\Microsoft\Internet Explorer\Explorer Bars\{8CBA1B49-8144-4721-A7B1-64C578C9EED7} HKCR\CLSID\{8CBA1B49-8144-4721-A7B1-64C578C9EED7} HKCR\CLSID\{8CBA1B49-8144-4721-A7B1-64C578C9EED7}\Implemented Categories C:\DOCUMENTS AND SETTINGS\JESPER\LOKALE INNSTILLINGER\TEMP\SIDEFIND.EXE Adware.IST/ISTBar (Slotch Bar) HKLM\Software\Microsoft\Internet Explorer\Toolbar#{FAA356E4-D317-42a6-AB41-A3021C6E7D52} C:\Programfiler\ISTBar\imagemap_normal.bmp C:\Programfiler\ISTBar\imagemap_over.bmp C:\Programfiler\ISTBar\Thumbs.db C:\Programfiler\ISTBar\version.txt C:\Programfiler\ISTBar\xml_istbar.xml C:\Programfiler\ISTBar HKLM\SOFTWARE\Microsoft\Internet Explorer\Main#BandRest [ Never ] C:\PROGRAMFILER\POWER SCAN\POWERSCAN.EXE C:\DOCUMENTS AND SETTINGS\JESPER\START-MENY\PROGRAMMER\POWER SCAN\POWER SCAN.LNK Browser Hijacker.Internet Explorer Zone Hijack HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\contentmatch.net HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\contentmatch.net\ny HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\contentmatch.net\ny#http HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\contentmatch.net\ny#https Adware.WhenU HKCR\WUSN.1 HKCR\WUSN.1#WUSN_Id Adware.180solutions/ZangoSearch HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/SAIX.dll HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/SAIX.dll#.Owner HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/SAIX.dll#{DECEAAA2-370A-49BB-9362-68C3A58DDC62} Adware.Ezula HKCR\CLSID\{0288B94B-0288-B94B-0288-B94B0288B94B} HKCR\CLSID\{0288B94B-0288-B94B-0288-B94B0288B94B}#ubvpCopxrPp HKCR\CLSID\{0288B94B-0288-B94B-0288-B94B0288B94B}#akMQNwhoedg HKCR\CLSID\{0288B94B-0288-B94B-0288-B94B0288B94B}#krxklQbJztdbw HKCR\CLSID\{0288B94B-0288-B94B-0288-B94B0288B94B}#sakCtA HKCR\CLSID\{0288B94B-0288-B94B-0288-B94B0288B94B}#mknQIqSjxmhcK HKCR\CLSID\{0288B94B-0288-B94B-0288-B94B0288B94B}#aohpfezmfasa HKCR\CLSID\{0288B94B-0288-B94B-0288-B94B0288B94B}#xnYaK HKCR\CLSID\{0288B94B-0288-B94B-0288-B94B0288B94B}#ZpOpieqpfhtbW HKCR\CLSID\{0288B94B-0288-B94B-0288-B94B0288B94B}#qHiorlk HKCR\CLSID\{0288B94B-0288-B94B-0288-B94B0288B94B}#alkjNg HKCR\CLSID\{0288B94B-0288-B94B-0288-B94B0288B94B}#qsRIGKd HKCR\CLSID\{0288B94B-0288-B94B-0288-B94B0288B94B}#rjAceazklxz HKCR\CLSID\{0288B94B-0288-B94B-0288-B94B0288B94B}#stzt HKCR\CLSID\{0288B94B-0288-B94B-0288-B94B0288B94B}\InprocServer32 HKCR\CLSID\{0288B94B-0288-B94B-0288-B94B0288B94B}\InprocServer32#ThreadingModel HKCR\CLSID\{0288B94B-0288-B94B-0288-B94B0288B94B}\ProgID HKCR\CLSID\{0288B94B-0288-B94B-0288-B94B0288B94B}\Programmable HKCR\CLSID\{0288B94B-0288-B94B-0288-B94B0288B94B}\VersionIndependentProgID Trojan.NewDotNet HKU\.DEFAULT\Software\New.net HKU\S-1-5-21-2511507171-956849931-1193322318-1007\Software\New.net HKU\S-1-5-18\Software\New.net C:\WINDOWS\NDNUNINSTALL6_98.EXE C:\WINDOWS\NDNUNINSTALL7_14.EXE C:\WINDOWS\NDNUNINSTALL7_22.EXE Adware.MediaMotor HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs#C:\WINDOWS\System32\safe.tlb [ ] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/amm06.ocx HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/amm06.ocx#.Owner HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/amm06.ocx#{5526B4C6-63D6-41A1-9783-0FABF529859A} HKLM\Software\Microsoft\Code Store Database\Distribution Units\{5526B4C6-63D6-41A1-9783-0FABF529859A} HKLM\Software\Microsoft\Code Store Database\Distribution Units\{5526B4C6-63D6-41A1-9783-0FABF529859A}#SystemComponent HKLM\Software\Microsoft\Code Store Database\Distribution Units\{5526B4C6-63D6-41A1-9783-0FABF529859A}#Installer HKLM\Software\Microsoft\Code Store Database\Distribution Units\{5526B4C6-63D6-41A1-9783-0FABF529859A}\Contains HKLM\Software\Microsoft\Code Store Database\Distribution Units\{5526B4C6-63D6-41A1-9783-0FABF529859A}\Contains\Files HKLM\Software\Microsoft\Code Store Database\Distribution Units\{5526B4C6-63D6-41A1-9783-0FABF529859A}\Contains\Files#C:\WINDOWS\system32\safe.tlb HKLM\Software\Microsoft\Code Store Database\Distribution Units\{5526B4C6-63D6-41A1-9783-0FABF529859A}\Contains\Files#C:\WINDOWS\system32\ObjSafe.tlb HKLM\Software\Microsoft\Code Store Database\Distribution Units\{5526B4C6-63D6-41A1-9783-0FABF529859A}\Contains\Files#C:\WINDOWS\Downloaded Program Files\motorsix.ocx HKLM\Software\Microsoft\Code Store Database\Distribution Units\{5526B4C6-63D6-41A1-9783-0FABF529859A}\DownloadInformation HKLM\Software\Microsoft\Code Store Database\Distribution Units\{5526B4C6-63D6-41A1-9783-0FABF529859A}\DownloadInformation#CODEBASE HKLM\Software\Microsoft\Code Store Database\Distribution Units\{5526B4C6-63D6-41A1-9783-0FABF529859A}\DownloadInformation#INF HKLM\Software\Microsoft\Code Store Database\Distribution Units\{5526B4C6-63D6-41A1-9783-0FABF529859A}\InstalledVersion HKLM\Software\Microsoft\Code Store Database\Distribution Units\{5526B4C6-63D6-41A1-9783-0FABF529859A}\InstalledVersion#LastModified HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/System32/safe.tlb HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/System32/safe.tlb#.Owner HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/System32/safe.tlb#{5526B4C6-63D6-41A1-9783-0FABF529859A} HKLM\software\mm HKLM\software\mm#check HKLM\software\mm#media-motor.net HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/motorsix.ocx HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/motorsix.ocx#.Owner HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/motorsix.ocx#{5526B4C6-63D6-41A1-9783-0FABF529859A} C:\WINDOWS\System32\safe.tlb C:\WINDOWS\mm06y.ini C:\WINDOWS\Downloaded Program Files\motorsix.inf Adware.GAIN/Gator HKLM\Software\Gator.com HKLM\Software\Gator.com\Gator HKLM\Software\Gator.com\Gator\dyn HKLM\Software\Gator.com\Gator\dyn#PdpFirstStart HKLM\Software\Gator.com\Gator\dyn\GCH HKLM\Software\Gator.com\Gator\dyn\GCH\_gi HKLM\Software\Gator.com\Gator\dyn\GCH\_gi#StartTime HKLM\Software\Gator.com\Gator\dyn\GCH\_gi#OldestTime HKLM\Software\Gator.com\Gator\dyn\GCH\_gi#320-12029 HKLM\Software\Gator.com\Gator\dyn\GCH\_gi#320-bytes HKLM\Software\Gator.com\Gator\dyn\GCH\_gi#321-12029 HKLM\Software\Gator.com\Gator\dyn\GCH\_gi#321-bytes HKLM\Software\Gator.com\Gator\dyn\GCH\_gi#322-12029 HKLM\Software\Gator.com\Gator\dyn\GCH\_gi#322-bytes HKLM\Software\Gator.com\Gator\dyn\GCH\_gi#323-12029 HKLM\Software\Gator.com\Gator\dyn\GCH\_gi#323-bytes HKLM\Software\Gator.com\Gator\dyn\GCH\_gi#324-12029 HKLM\Software\Gator.com\Gator\dyn\GCH\_gi#324-bytes HKLM\Software\Gator.com\Gator\dyn\GCH\_gi#325-12029 HKLM\Software\Gator.com\Gator\dyn\GCH\_gi#325-bytes HKLM\Software\Gator.com\Gator\dyn\GCH\_gi#326-12029 HKLM\Software\Gator.com\Gator\dyn\GCH\_gi#326-bytes HKLM\Software\Gator.com\Gator\dyn\GCH\_gi#327-12007 HKLM\Software\Gator.com\Gator\dyn\GCH\_gi#327-bytes HKLM\Software\Gator.com\Gator\dyn\GCH\_gi#327-12029 HKLM\Software\Gator.com\Gator\dyn\GCH\_gi#328-12029 HKLM\Software\Gator.com\Gator\dyn\GCH\_gi#328-bytes HKLM\Software\Gator.com\Gator\dyn\GCH\_gi#329-12029 HKLM\Software\Gator.com\Gator\dyn\GCH\_gi#329-bytes HKLM\Software\Gator.com\Gator\dyn\GCH\_gi#330-12029 HKLM\Software\Gator.com\Gator\dyn\GCH\_gi#330-bytes HKLM\Software\Gator.com\Gator\dyn\GCH\_gi#331-12029 HKLM\Software\Gator.com\Gator\dyn\GCH\_gi#331-bytes HKLM\Software\Gator.com\Gator\dyn\GCH\_gi#332-12029 HKLM\Software\Gator.com\Gator\dyn\GCH\_gi#332-bytes HKLM\Software\Gator.com\Gator\dyn\GCH\_gi#332-12007 HKLM\Software\Gator.com\Gator\dyn\GCH\_gi#333-12007 HKLM\Software\Gator.com\Gator\dyn\GCH\_gi#333-bytes HKLM\Software\Gator.com\Gator\dyn\GCH\_gi#333-12029 HKLM\Software\Gator.com\Gator\dyn\GCH\_gi#334-12029 HKLM\Software\Gator.com\Gator\dyn\GCH\_gi#334-bytes HKLM\Software\Gator.com\Gator\dyn\GCH\_gi#335-12029 HKLM\Software\Gator.com\Gator\dyn\GCH\_gi#335-bytes HKLM\Software\Gator.com\Gator\dyn\GCH\_gi#336-12029 HKLM\Software\Gator.com\Gator\dyn\GCH\_gi#336-bytes HKLM\Software\Gator.com\Gator\dyn\GCH\_gi#337-12029 HKLM\Software\Gator.com\Gator\dyn\GCH\_gi#337-bytes HKLM\Software\Gator.com\Gator\dyn\GCH\_gi#338-12029 HKLM\Software\Gator.com\Gator\dyn\GCH\_gi#338-bytes HKLM\Software\Gator.com\Gator\dyn\GCH\_gi#339-12029 HKLM\Software\Gator.com\Gator\dyn\GCH\_gi#339-bytes HKLM\Software\Gator.com\Gator\dyn\GCH\_gi#340-12029 HKLM\Software\Gator.com\Gator\dyn\GCH\_gi#340-bytes HKLM\Software\Gator.com\Gator\dyn\GCH\_gi#341-12029 HKLM\Software\Gator.com\Gator\dyn\GCH\_gi#341-bytes HKLM\Software\Gator.com\Gator\dyn\GCH\_gi#342-12029 HKLM\Software\Gator.com\Gator\dyn\GCH\_gi#342-bytes HKLM\Software\Gator.com\Gator\dyn\GCH\_gi#343-12029 HKLM\Software\Gator.com\Gator\dyn\GCH\_gi#343-bytes HKLM\Software\Gator.com\Gator\dyn\GCH\_gi#344-12029 HKLM\Software\Gator.com\Gator\dyn\GCH\_gi#344-bytes HKLM\Software\Gator.com\Gator\dyn\GCH\_gi#345-12029 HKLM\Software\Gator.com\Gator\dyn\GCH\_gi#345-bytes HKLM\Software\Gator.com\Gator\dyn\GCH\_gi#346-12029 HKLM\Software\Gator.com\Gator\dyn\GCH\_gi#346-bytes HKLM\Software\Gator.com\Gator\dyn\GCH\_gi#347-12029 HKLM\Software\Gator.com\Gator\dyn\GCH\_gi#347-bytes HKLM\Software\Gator.com\Gator\dyn\GCH\_gi#348-12029 HKLM\Software\Gator.com\Gator\dyn\GCH\_gi#348-bytes HKLM\Software\Gator.com\Gator\dyn\GCH\_gi#349-12029 HKLM\Software\Gator.com\Gator\dyn\GCH\_gi#349-bytes HKLM\Software\Gator.com\Gator\dyn\GCH\_gi#350-12029 HKLM\Software\Gator.com\Gator\dyn\GCH\_gi#350-bytes HKLM\Software\Gator.com\Gator\dyn\GCH\_trickle HKLM\Software\Gator.com\Gator\dyn\GCH\_trickle#StartTime HKLM\Software\Gator.com\Gator\dyn\GCH\_trickle#OldestTime HKLM\Software\Gator.com\Gator\dyn\GCH\_trickle#320-12029 HKLM\Software\Gator.com\Gator\dyn\GCH\_trickle#320-bytes HKLM\Software\Gator.com\Gator\dyn\GCH\_trickle#321-12029 HKLM\Software\Gator.com\Gator\dyn\GCH\_trickle#321-bytes HKLM\Software\Gator.com\Gator\dyn\GCH\_trickle#322-12029 HKLM\Software\Gator.com\Gator\dyn\GCH\_trickle#322-bytes HKLM\Software\Gator.com\Gator\dyn\GCH\_trickle#323-12029 HKLM\Software\Gator.com\Gator\dyn\GCH\_trickle#323-bytes HKLM\Software\Gator.com\Gator\dyn\GCH\_trickle#324-12029 HKLM\Software\Gator.com\Gator\dyn\GCH\_trickle#324-bytes HKLM\Software\Gator.com\Gator\dyn\GCH\_trickle#325-12029 HKLM\Software\Gator.com\Gator\dyn\GCH\_trickle#325-bytes HKLM\Software\Gator.com\Gator\dyn\GCH\_trickle#326-12029 HKLM\Software\Gator.com\Gator\dyn\GCH\_trickle#326-bytes HKLM\Software\Gator.com\Gator\dyn\GCH\_trickle#327-12007 HKLM\Software\Gator.com\Gator\dyn\GCH\_trickle#327-bytes HKLM\Software\Gator.com\Gator\dyn\GCH\_trickle#327-12029 HKLM\Software\Gator.com\Gator\dyn\GCH\_trickle#328-12029 HKLM\Software\Gator.com\Gator\dyn\GCH\_trickle#328-bytes HKLM\Software\Gator.com\Gator\dyn\GCH\_trickle#329-12029 HKLM\Software\Gator.com\Gator\dyn\GCH\_trickle#329-bytes HKLM\Software\Gator.com\Gator\dyn\GCH\_trickle#330-12029 HKLM\Software\Gator.com\Gator\dyn\GCH\_trickle#330-bytes HKLM\Software\Gator.com\Gator\dyn\GCH\_trickle#331-12029 HKLM\Software\Gator.com\Gator\dyn\GCH\_trickle#331-bytes HKLM\Software\Gator.com\Gator\dyn\GCH\_trickle#332-12029 HKLM\Software\Gator.com\Gator\dyn\GCH\_trickle#332-bytes HKLM\Software\Gator.com\Gator\dyn\GCH\_trickle#332-12007 HKLM\Software\Gator.com\Gator\dyn\GCH\_trickle#333-12029 HKLM\Software\Gator.com\Gator\dyn\GCH\_trickle#333-bytes HKLM\Software\Gator.com\Gator\dyn\GCH\_trickle#334-12029 HKLM\Software\Gator.com\Gator\dyn\GCH\_trickle#334-bytes HKLM\Software\Gator.com\Gator\dyn\GCH\_trickle#335-12029 HKLM\Software\Gator.com\Gator\dyn\GCH\_trickle#335-bytes HKLM\Software\Gator.com\Gator\dyn\GCH\_trickle#336-12029 HKLM\Software\Gator.com\Gator\dyn\GCH\_trickle#336-bytes HKLM\Software\Gator.com\Gator\dyn\GCH\_trickle#337-12029 HKLM\Software\Gator.com\Gator\dyn\GCH\_trickle#337-bytes HKLM\Software\Gator.com\Gator\dyn\GCH\_trickle#338-12029 HKLM\Software\Gator.com\Gator\dyn\GCH\_trickle#338-bytes HKLM\Software\Gator.com\Gator\dyn\GCH\_trickle#339-12029 HKLM\Software\Gator.com\Gator\dyn\GCH\_trickle#339-bytes HKLM\Software\Gator.com\Gator\dyn\GCH\_trickle#340-12029 HKLM\Software\Gator.com\Gator\dyn\GCH\_trickle#340-bytes HKLM\Software\Gator.com\Gator\dyn\GCH\_trickle#341-12029 HKLM\Software\Gator.com\Gator\dyn\GCH\_trickle#341-bytes HKLM\Software\Gator.com\Gator\dyn\GCH\_trickle#342-12029 HKLM\Software\Gator.com\Gator\dyn\GCH\_trickle#342-bytes HKLM\Software\Gator.com\Gator\dyn\GCH\_trickle#343-12029 HKLM\Software\Gator.com\Gator\dyn\GCH\_trickle#343-bytes HKLM\Software\Gator.com\Gator\dyn\GCH\_trickle#344-12029 HKLM\Software\Gator.com\Gator\dyn\GCH\_trickle#344-bytes HKLM\Software\Gator.com\Gator\dyn\GCH\_trickle#345-12029 HKLM\Software\Gator.com\Gator\dyn\GCH\_trickle#345-bytes HKLM\Software\Gator.com\Gator\dyn\GCH\_trickle#346-12029 HKLM\Software\Gator.com\Gator\dyn\GCH\_trickle#346-bytes HKLM\Software\Gator.com\Gator\dyn\GCH\_trickle#347-12029 HKLM\Software\Gator.com\Gator\dyn\GCH\_trickle#347-bytes HKLM\Software\Gator.com\Gator\dyn\GCH\_trickle#348-12029 HKLM\Software\Gator.com\Gator\dyn\GCH\_trickle#348-bytes HKLM\Software\Gator.com\Gator\dyn\GCH\_trickle#349-12029 HKLM\Software\Gator.com\Gator\dyn\GCH\_trickle#349-bytes HKLM\Software\Gator.com\Gator\dyn\GCH\_trickle#350-12029 HKLM\Software\Gator.com\Gator\dyn\GCH\_trickle#350-bytes HKLM\Software\Gator.com\Gator\dyn\GCH\_ts HKLM\Software\Gator.com\Gator\dyn\GCH\_ts#StartTime HKLM\Software\Gator.com\Gator\dyn\GCH\_ts#OldestTime HKLM\Software\Gator.com\Gator\dyn\GCH\_ts#320-12029 HKLM\Software\Gator.com\Gator\dyn\GCH\_ts#320-bytes HKLM\Software\Gator.com\Gator\dyn\GCH\_ts#321-12029 HKLM\Software\Gator.com\Gator\dyn\GCH\_ts#321-bytes HKLM\Software\Gator.com\Gator\dyn\GCH\_ts#322-12029 HKLM\Software\Gator.com\Gator\dyn\GCH\_ts#322-bytes HKLM\Software\Gator.com\Gator\dyn\GCH\_ts#323-12029 HKLM\Software\Gator.com\Gator\dyn\GCH\_ts#323-bytes HKLM\Software\Gator.com\Gator\dyn\GCH\_ts#324-12029 HKLM\Software\Gator.com\Gator\dyn\GCH\_ts#324-bytes HKLM\Software\Gator.com\Gator\dyn\GCH\_ts#325-12029 HKLM\Software\Gator.com\Gator\dyn\GCH\_ts#325-bytes HKLM\Software\Gator.com\Gator\dyn\GCH\_ts#326-12029 HKLM\Software\Gator.com\Gator\dyn\GCH\_ts#326-bytes HKLM\Software\Gator.com\Gator\dyn\GCH\_ts#327-12007 HKLM\Software\Gator.com\Gator\dyn\GCH\_ts#327-bytes HKLM\Software\Gator.com\Gator\dyn\GCH\_ts#327-12029 HKLM\Software\Gator.com\Gator\dyn\GCH\_ts#328-12029 HKLM\Software\Gator.com\Gator\dyn\GCH\_ts#328-bytes HKLM\Software\Gator.com\Gator\dyn\GCH\_ts#329-12029 HKLM\Software\Gator.com\Gator\dyn\GCH\_ts#329-bytes HKLM\Software\Gator.com\Gator\dyn\GCH\_ts#330-12029 HKLM\Software\Gator.com\Gator\dyn\GCH\_ts#330-bytes HKLM\Software\Gator.com\Gator\dyn\GCH\_ts#331-12029 HKLM\Software\Gator.com\Gator\dyn\GCH\_ts#331-bytes HKLM\Software\Gator.com\Gator\dyn\GCH\_ts#332-12029 HKLM\Software\Gator.com\Gator\dyn\GCH\_ts#332-bytes HKLM\Software\Gator.com\Gator\dyn\GCH\_ts#332-12007 HKLM\Software\Gator.com\Gator\dyn\GCH\_ts#333-12007 HKLM\Software\Gator.com\Gator\dyn\GCH\_ts#333-bytes HKLM\Software\Gator.com\Gator\dyn\GCH\_ts#333-12029 HKLM\Software\Gator.com\Gator\dyn\GCH\_ts#334-12029 HKLM\Software\Gator.com\Gator\dyn\GCH\_ts#334-bytes HKLM\Software\Gator.com\Gator\dyn\GCH\_ts#335-12029 HKLM\Software\Gator.com\Gator\dyn\GCH\_ts#335-bytes HKLM\Software\Gator.com\Gator\dyn\GCH\_ts#336-12029 HKLM\Software\Gator.com\Gator\dyn\GCH\_ts#336-bytes HKLM\Software\Gator.com\Gator\dyn\GCH\_ts#337-12029 HKLM\Software\Gator.com\Gator\dyn\GCH\_ts#337-bytes HKLM\Software\Gator.com\Gator\dyn\GCH\_ts#338-12029 HKLM\Software\Gator.com\Gator\dyn\GCH\_ts#338-bytes HKLM\Software\Gator.com\Gator\dyn\GCH\_ts#339-12029 HKLM\Software\Gator.com\Gator\dyn\GCH\_ts#339-bytes HKLM\Software\Gator.com\Gator\dyn\GCH\_ts#340-12029 HKLM\Software\Gator.com\Gator\dyn\GCH\_ts#340-bytes HKLM\Software\Gator.com\Gator\dyn\GCH\_ts#341-12029 HKLM\Software\Gator.com\Gator\dyn\GCH\_ts#341-bytes HKLM\Software\Gator.com\Gator\dyn\GCH\_ts#342-12029 HKLM\Software\Gator.com\Gator\dyn\GCH\_ts#342-bytes HKLM\Software\Gator.com\Gator\dyn\GCH\_ts#343-12029 HKLM\Software\Gator.com\Gator\dyn\GCH\_ts#343-bytes HKLM\Software\Gator.com\Gator\dyn\GCH\_ts#344-12029 HKLM\Software\Gator.com\Gator\dyn\GCH\_ts#344-bytes HKLM\Software\Gator.com\Gator\dyn\GCH\_ts#345-12029 HKLM\Software\Gator.com\Gator\dyn\GCH\_ts#345-bytes HKLM\Software\Gator.com\Gator\dyn\GCH\_ts#346-12029 HKLM\Software\Gator.com\Gator\dyn\GCH\_ts#346-bytes HKLM\Software\Gator.com\Gator\dyn\GCH\_ts#347-12029 HKLM\Software\Gator.com\Gator\dyn\GCH\_ts#347-bytes HKLM\Software\Gator.com\Gator\dyn\GCH\_ts#348-12029 HKLM\Software\Gator.com\Gator\dyn\GCH\_ts#348-bytes HKLM\Software\Gator.com\Gator\dyn\GCH\_ts#349-12029 HKLM\Software\Gator.com\Gator\dyn\GCH\_ts#349-bytes HKLM\Software\Gator.com\Gator\dyn\GCH\_ts#350-12029 HKLM\Software\Gator.com\Gator\dyn\GCH\_ts#350-bytes HKLM\Software\Gator.com\Gator\stat HKLM\Software\Gator.com\Gator\stat#Guid HKLM\Software\Gator.com\Gator\stat#MID128 Adware.Tracking Cookie C:\Documents and Settings\Jesper\Cookies\jesper@247realmedia[1].txt C:\Documents and Settings\Jesper\Cookies\jesper@2o7[2].txt C:\Documents and Settings\Jesper\Cookies\[email protected][1].txt C:\Documents and Settings\Jesper\Cookies\[email protected][1].txt C:\Documents and Settings\Jesper\Cookies\[email protected][2].txt C:\Documents and Settings\Jesper\Cookies\[email protected][1].txt C:\Documents and Settings\Jesper\Cookies\[email protected][2].txt C:\Documents and Settings\Jesper\Cookies\[email protected][1].txt C:\Documents and Settings\Jesper\Cookies\jesper@adbrite[1].txt C:\Documents and Settings\Jesper\Cookies\[email protected][2].txt C:\Documents and Settings\Jesper\Cookies\[email protected][2].txt C:\Documents and Settings\Jesper\Cookies\[email protected][2].txt C:\Documents and Settings\Jesper\Cookies\[email protected][2].txt C:\Documents and Settings\Jesper\Cookies\[email protected][1].txt C:\Documents and Settings\Jesper\Cookies\[email protected][2].txt C:\Documents and Settings\Jesper\Cookies\jesper@adsense[2].txt C:\Documents and Settings\Jesper\Cookies\[email protected][1].txt C:\Documents and Settings\Jesper\Cookies\[email protected][1].txt C:\Documents and Settings\Jesper\Cookies\[email protected][1].txt C:\Documents and Settings\Jesper\Cookies\jesper@adtech[2].txt C:\Documents and Settings\Jesper\Cookies\jesper@adultfriendfinder[2].txt C:\Documents and Settings\Jesper\Cookies\jesper@advertising[1].txt C:\Documents and Settings\Jesper\Cookies\[email protected][2].txt C:\Documents and Settings\Jesper\Cookies\[email protected][1].txt C:\Documents and Settings\Jesper\Cookies\jesper@atdmt[2].txt C:\Documents and Settings\Jesper\Cookies\[email protected][1].txt C:\Documents and Settings\Jesper\Cookies\jesper@burstnet[1].txt C:\Documents and Settings\Jesper\Cookies\jesper@casalemedia[2].txt C:\Documents and Settings\Jesper\Cookies\jesper@cassava[1].txt C:\Documents and Settings\Jesper\Cookies\[email protected][1].txt C:\Documents and Settings\Jesper\Cookies\jesper@crackmuffin[1].txt C:\Documents and Settings\Jesper\Cookies\[email protected][2].txt C:\Documents and Settings\Jesper\Cookies\[email protected][2].txt C:\Documents and Settings\Jesper\Cookies\jesper@doubleclick[1].txt C:\Documents and Settings\Jesper\Cookies\[email protected][1].txt C:\Documents and Settings\Jesper\Cookies\[email protected][1].txt C:\Documents and Settings\Jesper\Cookies\[email protected][1].txt C:\Documents and Settings\Jesper\Cookies\[email protected][1].txt C:\Documents and Settings\Jesper\Cookies\jesper@fastclick[1].txt C:\Documents and Settings\Jesper\Cookies\[email protected][1].txt C:\Documents and Settings\Jesper\Cookies\jesper@hitbox[1].txt C:\Documents and Settings\Jesper\Cookies\[email protected][2].txt C:\Documents and Settings\Jesper\Cookies\[email protected][1].txt C:\Documents and Settings\Jesper\Cookies\jesper@indexstats[2].txt C:\Documents and Settings\Jesper\Cookies\jesper@indextools[1].txt C:\Documents and Settings\Jesper\Cookies\jesper@linksynergy[1].txt C:\Documents and Settings\Jesper\Cookies\[email protected][1].txt C:\Documents and Settings\Jesper\Cookies\jesper@maxserving[1].txt C:\Documents and Settings\Jesper\Cookies\jesper@mediaplex[1].txt C:\Documents and Settings\Jesper\Cookies\[email protected][1].txt C:\Documents and Settings\Jesper\Cookies\[email protected][1].txt C:\Documents and Settings\Jesper\Cookies\jesper@overture[1].txt C:\Documents and Settings\Jesper\Cookies\[email protected][1].txt C:\Documents and Settings\Jesper\Cookies\jesper@partypoker[2].txt C:\Documents and Settings\Jesper\Cookies\[email protected][1].txt C:\Documents and Settings\Jesper\Cookies\jesper@precisionclick[1].txt C:\Documents and Settings\Jesper\Cookies\jesper@questionmarket[1].txt C:\Documents and Settings\Jesper\Cookies\jesper@revenue[2].txt C:\Documents and Settings\Jesper\Cookies\jesper@revsci[2].txt C:\Documents and Settings\Jesper\Cookies\[email protected][1].txt C:\Documents and Settings\Jesper\Cookies\[email protected][1].txt C:\Documents and Settings\Jesper\Cookies\[email protected][1].txt C:\Documents and Settings\Jesper\Cookies\jesper@sexhibition[1].txt C:\Documents and Settings\Jesper\Cookies\jesper@spylog[2].txt C:\Documents and Settings\Jesper\Cookies\[email protected][1].txt C:\Documents and Settings\Jesper\Cookies\[email protected][1].txt C:\Documents and Settings\Jesper\Cookies\[email protected][1].txt C:\Documents and Settings\Jesper\Cookies\jesper@statcounter[1].txt C:\Documents and Settings\Jesper\Cookies\[email protected][2].txt C:\Documents and Settings\Jesper\Cookies\[email protected][2].txt C:\Documents and Settings\Jesper\Cookies\jesper@stats[1].txt C:\Documents and Settings\Jesper\Cookies\jesper@tacoda[1].txt C:\Documents and Settings\Jesper\Cookies\jesper@targetnet[1].txt C:\Documents and Settings\Jesper\Cookies\[email protected][2].txt C:\Documents and Settings\Jesper\Cookies\[email protected][1].txt C:\Documents and Settings\Jesper\Cookies\jesper@tradedoubler[1].txt C:\Documents and Settings\Jesper\Cookies\jesper@trafficmp[2].txt C:\Documents and Settings\Jesper\Cookies\jesper@tribalfusion[1].txt C:\Documents and Settings\Jesper\Cookies\jesper@tripod[1].txt C:\Documents and Settings\Jesper\Cookies\jesper@valueclick[1].txt C:\Documents and Settings\Jesper\Cookies\jesper@valueclick[2].txt C:\Documents and Settings\Jesper\Cookies\[email protected][1].txt C:\Documents and Settings\Jesper\Cookies\jesper@warlog[1].txt C:\Documents and Settings\Jesper\Cookies\jesper@weborama[1].txt C:\Documents and Settings\Jesper\Cookies\jesper@winfixer[2].txt C:\Documents and Settings\Jesper\Cookies\[email protected][1].txt C:\Documents and Settings\Jesper\Cookies\[email protected][2].txt C:\Documents and Settings\Jesper\Cookies\[email protected][2].txt C:\Documents and Settings\Jesper\Cookies\[email protected][1].txt C:\Documents and Settings\Jesper\Cookies\[email protected][1].txt C:\Documents and Settings\Jesper\Cookies\jesper@yourmedia[1].txt C:\Documents and Settings\Jesper\Cookies\jesper@zedo[1].txt C:\Documents and Settings\Jesper\Lokale innstillinger\Temp\Cookies\[email protected][2].txt C:\Documents and Settings\Jesper\Lokale innstillinger\Temp\Cookies\jesper@adtech[2].txt C:\Documents and Settings\Jesper\Lokale innstillinger\Temp\Cookies\jesper@advertising[1].txt C:\Documents and Settings\Jesper\Lokale innstillinger\Temp\Cookies\jesper@doubleclick[1].txt C:\Documents and Settings\Jesper\Lokale innstillinger\Temp\Cookies\[email protected][1].txt C:\Documents and Settings\Jesper\Lokale innstillinger\Temp\Cookies\[email protected][1].txt C:\Documents and Settings\Jesper\Lokale innstillinger\Temp\Cookies\jesper@partypoker[2].txt C:\Documents and Settings\Jesper\Lokale innstillinger\Temp\Cookies\jesper@revenue[2].txt C:\Documents and Settings\Jesper\Lokale innstillinger\Temp\Cookies\[email protected][1].txt C:\Documents and Settings\Jesper\Lokale innstillinger\Temp\Cookies\jesper@tradedoubler[2].txt C:\Documents and Settings\Jesper\Lokale innstillinger\Temp\Cookies\jesper@trafficmp[1].txt C:\Documents and Settings\Jesper\Lokale innstillinger\Temp\Cookies\jesper@winfixer[2].txt C:\Documents and Settings\Jesper\Lokale innstillinger\Temp\Cookies\[email protected][2].txt C:\Documents and Settings\Jesper\Lokale innstillinger\Temp\Cookies\[email protected][1].txt Adware.Media Access C:\PROGRAM FILES\MEDIA ACCESS\MEDIAACCESS.EXE C:\PROGRAM FILES\MEDIA ACCESS\MEDIAACCK.EXE Adware.Lop-Gen C:\SYSTEM VOLUME INFORMATION\_RESTORE{914A3273-3EA6-413F-9CD8-5484153BD3A7}\RP501\A0145637.EXE Adware.Mirar/NetNucleus C:\WINDOWS\MIRAR_DISTRO_876088.EXE Trojan.SearchTool C:\WINDOWS\SYSTEM32\SEARCHENHANCER\NST2D.DLL Trojan.SMMSS C:\WINDOWS\SYSTEM32\SMMSS.EXE Trace.Known Threat Sources C:\Documents and Settings\Jesper\Lokale innstillinger\Temp\Temporary Internet Files\Content.IE5\WTYZKPIZ\checksoft[1].js C:\Documents and Settings\Jesper\Lokale innstillinger\Temp\Temporary Internet Files\Content.IE5\SHMBKPQB\index[1].htm C:\Documents and Settings\Jesper\Lokale innstillinger\Temp\Temporary Internet Files\Content.IE5\WTYZKPIZ\index[3].htm Help anyone Lenke til kommentar
norbat Skrevet 30. mars 2007 Del Skrevet 30. mars 2007 Last ned SDFix til skrivebordet. Dobbeltklikk på SDFix.exe og det vil pakke seg ut til ei mappe i C:\SDFix Sørg for at du kan se skjulte filer og mapper (kontrollpanel->mappealt.->vis->"vis skjulte filer og mapper") Kjør HJT, sett merke framfor følgende linjer og klikk 'Fix checked': R3 - URLSearchHook: (no name) - {A55581DC-2CDB-4089-8878-71A080B22342} - (no file) O2 - BHO: ohb - {5ED7D3DE-6DBE-4516-8712-436325722327} - (no file) O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: AutoSearch - {A55581DC-2CDB-4089-8878-71A080B22342} - (no file) O4 - HKLM\..\Run: [Windows Update] C:\Programfiler\Fellesfiler\System\fileWin.exe O16 - DPF: {8FCDF9D9-A28B-480F-8C3D-581F119A8AB8} - http://static.zangocash.com/cab/Zango/ie/bridge-c356.cab O16 - DPF: {DECEAAA2-370A-49BB-9362-68C3A58DDC62} - http://static.zangocash.com/cab/Zango/ie/b...67fd12e6bbded73 Restart pc'n i sikker modus (tapp F8 under oppstart, velg sikker modus) Bruk utforsker til å finne og slette (i fet): C:\Programfiler\Fellesfiler\System\fileWin.exe Åpne SDFix-mappa og dobbeltklikk på 'RunThis.bat' for å starte programmet Velg Y for å starte rensingen Pc'n vil restarte, og SDFix vil fortsette. Når du har gjort dette, poster du en ny HJT-logg + loggen fra SDFix (vil ligge som Report.txt i SDFix-mappa). Lenke til kommentar
iTANDBERG Skrevet 30. mars 2007 Forfatter Del Skrevet 30. mars 2007 Done, her er nye logger: SD fix: Klikk for å se/fjerne innholdet nedenfor SDFix: Version 1.75 Run by Reserve - 30.03.2007 - 22:52:59,62 Microsoft Windows XP [Versjon 5.1.2600] Running From: C:\SDFix Safe Mode: Checking Services: Restoring Windows Registry Entries Restoring Default Hosts File Rebooting... Normal Mode: Checking Files: Below files will be copied to Backups folder then removed: C:\WINDOWS\SoftwareDistribution\AuthCabs\7971f918-a847-4430-9279-4a52d1efe18d\MST2C.tmp - Deleted ADS Check: C:\WINDOWS\system32 No streams found. Final Check: Remaining Services: ------------------ Authorized Application Key Export: [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\\Programfiler\\Steam\\Steam.exe"="C:\\Programfiler\\Steam\\Steam.exe:*:Enabled:Steam" "C:\\Programfiler\\Messenger\\msmsgs.exe"="C:\\Programfiler\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger" "C:\\Programfiler\\Steam\\SteamApps\\[email protected]\\counter-strike\\hl.exe"="C:\\Programfiler\\Steam\\SteamApps\\[email protected]\\counter-strike\\hl.exe:*:Enabled:Half-Life Launcher" "C:\\Programfiler\\HLSW\\hlsw.exe"="C:\\Programfiler\\HLSW\\hlsw.exe:*:Enabled:HLSW" "C:\\Programfiler\\Valve\\hl.exe"="C:\\Programfiler\\Valve\\hl.exe:*:Enabled:Half-Life Launcher" "C:\\Programfiler\\LimeWire\\LimeWire.exe"="C:\\Programfiler\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire" "C:\\Programfiler\\Xfire\\Xfire.exe"="C:\\Programfiler\\Xfire\\Xfire.exe:*:Enabled:Xfire" "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\\Programfiler\\MSN Messenger\\msncall.exe"="C:\\Programfiler\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)" "C:\\Programfiler\\MSN Messenger\\msnmsgr.exe"="C:\\Programfiler\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1" "C:\\Programfiler\\MSN Messenger\\livecall.exe"="C:\\Programfiler\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)" "C:\\Programfiler\\BitDownload\\BitDownload.exe"="C:\\Programfiler\\BitDownload\\BitDownload.exe:*:Enabled:Warez3" "C:\\Programfiler\\TrackMania Nations ESWC\\TmNationsESWC.exe"="C:\\Programfiler\\TrackMania Nations ESWC\\TmNationsESWC.exe:*:Enabled:TmNationsESWC" "C:\\Programfiler\\iTunes\\iTunes.exe"="C:\\Programfiler\\iTunes\\iTunes.exe:*:Enabled:iTunes" "C:\\Program Files\\mIRC\\mirc.exe"="C:\\Program Files\\mIRC\\mirc.exe:*:Enabled:mIRC" "C:\\Programfiler\\Skype\\Phone\\Skype.exe"="C:\\Programfiler\\Skype\\Phone\\Skype.exe:*:Enabled:Skype" "C:\\Programfiler\\Fellesfiler\\System\\fileWin.exe"="C:\\Programfiler\\Fellesfiler\\System\\fileWin.exe:*:Enabled:Windows Update" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\\Programfiler\\MSN Messenger\\msncall.exe"="C:\\Programfiler\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)" "C:\\Programfiler\\MSN Messenger\\msnmsgr.exe"="C:\\Programfiler\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1" "C:\\Programfiler\\MSN Messenger\\livecall.exe"="C:\\Programfiler\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)" Remaining Files: --------------- Backups Folder: - C:\SDFix\backups\backups.zip Checking For Files with Hidden Attributes : C:\Programfiler\Steam\SteamApps\[email protected]\condition zero\czero\logos\Thumbs.db C:\Programfiler\Steam\SteamApps\[email protected]\condition zero\czero\media\Thumbs.db C:\Programfiler\Steam\SteamApps\[email protected]\counter-strike\cstrike\radial.cdb C:\Programfiler\Steam\SteamApps\[email protected]\counter-strike\cstrike\Thumbs.db C:\Programfiler\Steam\SteamApps\[email protected]\counter-strike\cstrike\gfx\Thumbs.db C:\Programfiler\Steam\SteamApps\[email protected]\counter-strike\cstrike\logos\Thumbs.db C:\Programfiler\Steam\SteamApps\[email protected]\counter-strike\cstrike\models\player\Thumbs.db C:\Programfiler\Steam\SteamApps\[email protected]\counter-strike\cstrike\overviews\Thumbs.db C:\Programfiler\Fellesfiler\System\fileWin.exe C:\Documents and Settings\Jesper\Lokale innstillinger\Temp\~10.tmp C:\Documents and Settings\Jesper\Lokale innstillinger\Temp\~11B0.tmp C:\Documents and Settings\Jesper\Lokale innstillinger\Temp\~15.tmp C:\Documents and Settings\Jesper\Lokale innstillinger\Temp\~175.tmp C:\Documents and Settings\Jesper\Lokale innstillinger\Temp\~20.tmp C:\Documents and Settings\Jesper\Lokale innstillinger\Temp\~25.tmp C:\Documents and Settings\Jesper\Lokale innstillinger\Temp\~26.tmp C:\Documents and Settings\Jesper\Lokale innstillinger\Temp\~3.tmp C:\Documents and Settings\Jesper\Lokale innstillinger\Temp\~41.tmp C:\Documents and Settings\Jesper\Lokale innstillinger\Temp\~4B.tmp C:\Documents and Settings\Jesper\Lokale innstillinger\Temp\~5.tmp C:\Documents and Settings\Jesper\Lokale innstillinger\Temp\~5E.tmp C:\Documents and Settings\Jesper\Lokale innstillinger\Temp\~67.tmp C:\Documents and Settings\Jesper\Lokale innstillinger\Temp\~7.tmp C:\Documents and Settings\Jesper\Lokale innstillinger\Temp\~95.tmp C:\Documents and Settings\Jesper\Lokale innstillinger\Temp\~A.tmp C:\Documents and Settings\Jesper\Lokale innstillinger\Temp\~A2.tmp C:\Documents and Settings\Jesper\Lokale innstillinger\Temp\~A5.tmp C:\Documents and Settings\Jesper\Lokale innstillinger\Temp\~C.tmp C:\Documents and Settings\Jesper\Lokale innstillinger\Temp\~C6.tmp C:\Documents and Settings\Jesper\Lokale innstillinger\Temp\~C7.tmp C:\Documents and Settings\Jesper\Lokale innstillinger\Temp\~DBD.tmp C:\Documents and Settings\Jesper\Lokale innstillinger\Temp\~F.tmp C:\Documents and Settings\Jesper\Lokale innstillinger\Temp\~FB.tmp C:\Program Files\InterActual\InterActual Player\iti1.tmp Finished Hijack: Klikk for å se/fjerne innholdet nedenfor Logfile of HijackThis v1.99.1 Scan saved at 23:05:51, on 30.03.2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16414) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Programfiler\Fellesfiler\Symantec Shared\ccSetMgr.exe C:\Programfiler\Fellesfiler\Symantec Shared\ccEvtMgr.exe C:\Programfiler\Fellesfiler\Symantec Shared\SNDSrvc.exe C:\Programfiler\Fellesfiler\Symantec Shared\CCPD-LC\symlcsvc.exe C:\WINDOWS\system32\spoolsv.exe c:\programfiler\fellesfiler\logitech\lvmvfm\LVPrcSrv.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Programfiler\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\Programfiler\Norton SystemWorks\Norton GoBack\GBPoll.exe C:\Programfiler\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe C:\Programfiler\Norton Internet Security\Norton AntiVirus\navapsvc.exe C:\Programfiler\Symantec\Norton Ghost\Agent\PQV2iSvc.exe C:\PROGRA~1\NORTON~2\NORTON~2\NPROTECT.EXE C:\PROGRA~1\NORTON~2\NORTON~2\SPEEDD~1\NOPDB.EXE C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\wuauclt.exe C:\Programfiler\Symantec\Norton Ghost\Agent\GhostTray.exe C:\Programfiler\Java\jre1.5.0_06\bin\jusched.exe C:\Programfiler\D-Tools\daemon.exe C:\Programfiler\Logitech\G-series Software\LGDCore.exe C:\Programfiler\Logitech\G-series Software\LCDMon.exe C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe C:\Programfiler\QuickTime\qttask.exe C:\Programfiler\iTunes\iTunesHelper.exe C:\WINDOWS\SOUNDMAN.EXE C:\Programfiler\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Programfiler\Logitech\G-series Software\Applets\LCDMedia.exe C:\Programfiler\Logitech\G-series Software\Applets\LCDClock.exe C:\WINDOWS\system32\ctfmon.exe C:\Programfiler\MSN Messenger\msnmsgr.exe C:\Programfiler\Skype\Phone\Skype.exe C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Programfiler\iPod\bin\iPodService.exe C:\Programfiler\Norton SystemWorks\Norton GoBack\GBTray.exe C:\Programfiler\Xfire\Xfire.exe C:\Programfiler\Fellesfiler\Symantec Shared\Security Console\NSCSRVCE.EXE C:\Program Files\HijackThis\test.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.co.uk/0SEENWW/SAOS01?FORM=TOOLBR R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.co.uk/0SEENWW/SAOS01?FORM=TOOLBR R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.catchgamer.no/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.meloco.com/index.php?i=sm R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.co.uk/0SEENWW/SAOS01?FORM=TOOLBR R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.5.0_06\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Norton Internet Security 2006 - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Programfiler\Fellesfiler\Symantec Shared\AdBlocking\NISShExt.dll O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Programfiler\Norton Internet Security\Norton AntiVirus\NavShExt.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programfiler\google\googletoolbar3.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programfiler\Windows Live Toolbar\msntb.dll O3 - Toolbar: Norton Internet Security 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Programfiler\Fellesfiler\Symantec Shared\AdBlocking\NISShExt.dll O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Programfiler\Norton Internet Security\Norton AntiVirus\NavShExt.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programfiler\google\googletoolbar3.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programfiler\Windows Live Toolbar\msntb.dll O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [Norton Ghost 9.0] C:\Programfiler\Symantec\Norton Ghost\Agent\GhostTray.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Programfiler\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Programfiler\D-Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [Launch LGDCore] "C:\Programfiler\Logitech\G-series Software\LGDCore.exe" /SHOWHIDE O4 - HKLM\..\Run: [Launch LCDMon] "C:\Programfiler\Logitech\G-series Software\LCDMon.exe" O4 - HKLM\..\Run: [ccApp] "C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Programfiler\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [ATIPTA] C:\Programfiler\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Programfiler\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [nliab] C:\WINDOWS\system32\rwwhao.exe reg_run O4 - HKCU\..\Run: [swg] C:\Programfiler\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [skype] "C:\Programfiler\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - Startup: Xfire.lnk = C:\Programfiler\Xfire\Xfire.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programfiler\Fellesfiler\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Hurtigstart for Adobe Reader.lnk = C:\Programfiler\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Norton GoBack.lnk = C:\Programfiler\Norton SystemWorks\Norton GoBack\GBTray.exe O8 - Extra context menu item: &Windows Live Search - res://C:\Programfiler\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Programfiler\Norton SystemWorks\Norton Cleanup\WCQuick.lnk O9 - Extra 'Tools' menuitem: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Programfiler\Norton SystemWorks\Norton Cleanup\WCQuick.lnk O9 - Extra button: Oppslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O11 - Options group: [iNTERNATIONAL] International* O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab O16 - DPF: {31E68DE2-5548-4B23-88F0-C51E6A0F695E} (Microsoft PID Sniffer) - https://support.microsoft.com/OAS/ActiveX/odc.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://hellokjeks.spaces.live.com//PhotoUpload/MsnPUpld.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O20 - Winlogon Notify: !SASWinLogon - C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Programfiler\Fellesfiler\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Automatisk LiveUpdate-planlegging - Symantec Corporation - C:\Programfiler\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: BrSplService (Brother XP spl Service) - Unknown owner - C:\WINDOWS\system32\brsvc01a.exe (file missing) O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Programfiler\Norton Internet Security\ccPwdSvc.exe O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccProxy.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccSetMgr.exe O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Programfiler\Norton Internet Security\comHost.exe O23 - Service: GoBack Polling Service (GBPoll) - Symantec Corporation - C:\Programfiler\Norton SystemWorks\Norton GoBack\GBPoll.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programfiler\Fellesfiler\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Programfiler\iPod\bin\iPodService.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\programfiler\fellesfiler\logitech\lvmvfm\LVPrcSrv.exe O23 - Service: Norton AntiVirus Auto-Protect-tjeneste (navapsvc) - Symantec Corporation - C:\Programfiler\Norton Internet Security\Norton AntiVirus\navapsvc.exe O23 - Service: Norton Ghost - Symantec Corporation - C:\Programfiler\Symantec\Norton Ghost\Agent\PQV2iSvc.exe O23 - Service: Norton UnErase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~2\NORTON~2\NPROTECT.EXE O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\Security Console\NSCSRVCE.EXE O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Programfiler\Norton Internet Security\Norton AntiVirus\SAVScan.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~2\NORTON~2\SPEEDD~1\NOPDB.EXE O23 - Service: Symantec Core LC - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: Windows User Mode Driver Framework (UMWdf) - Unknown owner - C:\WINDOWS\system32\wdfmgr.exe (file missing) Håper du husker at problemet mitt var at jeg ikke får internett på pcen Takker for all hjelp jeg får av deg! Lenke til kommentar
norbat Skrevet 30. mars 2007 Del Skrevet 30. mars 2007 Hei, Har du kjørt Winsockfix? Hvis ikke, gjør du det. Pc'n vil restarte. Lenke til kommentar
iTANDBERG Skrevet 30. mars 2007 Forfatter Del Skrevet 30. mars 2007 Kjørt det nå, nettet fungerer fremdeles ikke ... :/ Lenke til kommentar
norbat Skrevet 31. mars 2007 Del Skrevet 31. mars 2007 (endret) Skulle ha bedt deg sjekke ei fil, men fordi du mangler nettforbindelse blir det vanskelig. Fila rwwhao.exe er ukjent og vil derfor foreslå å slette den om du ikke vet hva det er. Kjører HJT, setter merke framfor følgende linje og klikker 'Fix checked': O4 - HKCU\..\Run: [nliab] C:\WINDOWS\system32\rwwhao.exe reg_run Gå i utforsker og forandre navnet til rwwhao.bak. Mulig du må gjøre dette i sikker modus. Hvis du har kjørt Winsockfix, kan vi prøve et lignende fix: Hent LSPfix og pakk det ut på skrivebordet. Start programmet, sett merke i "I know what I am doing" og klikk på finish. Last ned Combofix Kjør programmet. Det lager en logg som du kan poste senere. Hent DrWeb (engangsscanner) Fra sikker modus: Kjør drweb-cureit.exe (si ja til å kjøre en express scan) Når dette er ferdig klikker du på Option -> Change settings. Under fanearket Scan, fjerner du haken ved Heuristic analysis. Under fanearket Actions, skal alle punkt under Malware settes til Rename. Velg partisjon du vil scanne og klikk deretter på den grønne pilen for å starte scanningen. Velg "yes to all" når det finner noe for første gang. Restart i normal. Post loggen fra Combofix og en ny HJT-logg. Fortell også om DrWeb fant noe. Endret 31. mars 2007 av norbat Lenke til kommentar
iTANDBERG Skrevet 31. mars 2007 Forfatter Del Skrevet 31. mars 2007 Holder på nå med drweb. Men er det stor sannsynlighet for at nettet mitt fungerer igjen etter jeg har kjørt alle disse programme / slettet filer? Eller kan / bør jeg formatere ? Lenke til kommentar
Jack_The_Bull Skrevet 31. mars 2007 Del Skrevet 31. mars 2007 (endret) Jeg vil anbefale deg å prøve en virussjekk og en spywaresjekk i følgende rekkefølge: Dersom du har Windows XP kan en systemgjenoppretting etter at du har fjernet virusene føre til at du stiller tilbake maskinen til å være infisert igjen. Prøv først å fjerne virusene uten å deaktivere systemgjenoppretting. Dersom du klarer å desinfisere maskinen stenger du av systemgjenoppretting, restarter og setter på systemgjenoppretting igjen. Dersom du ikke klarer å fjerne virus kan en systemgjenoppretting fungere, velg da et gjenopprettingspunkt hvor du VET du ikke var infisert. All skanning etter virus og spyware skal du nå foreta i sikkermodus med nettverk. Følg lenken dersom du ikke vet hvordan du starter i Sikkermodus med nettverk. Foreta en virusskanning i nettleseren din med BitDefender. Dersom du finner virus starter du på nytt i sikkermodus med nettverk etter skanningen, og foretar en ny skanning. Deretter tar du en spywaresjekk med Ewido Onlinescan. Dersom du finner spyware starter du på nytt i sikkermodus med nettverk etter skanningen, og foretar en ny skanning. Så snart du har fått til å kjøre begge skannerne uten at de gir indikasjon på virus eller spyware er du ferdig med å skanne og skal starte maskinen i vanlig modus igjen. Deretter kan du gå videre til å installere antivirusprogramvare og antispyware dersom du ikke har noe slikt fra før. Slike programmer finner du på oss.viztnd.com/secprog.shtml. Les her dersom du ønsker informasjon om hva spyware er og hvordan du best mulig kan holde PC-en din ren for dette. Les her dersom du ønsker lenker til informasjon om hva virus, trojanere og ormer er. Når det gjelder sikkermodus skal du IKKE gjøre noe annet imens, dvs du skal ikke sitte og surfe her eller andre steder. Dette fordi du da kan starte spionprogrammene eller virusene manuelt. Ovenstående svar med virus og spywaresjekk er basert på en utvidelse for Firefox som henter hurtigsvar på enkelte gjentagende spørsmål. Svarene hentes fra http://hurtigsvar.viztnd.com og utvidelsen til Firefox kan hentes fra www.home.no/apepost for de som ønsker det. Edit: Leif. Endret 31. mars 2007 av Jack_The_Bull Lenke til kommentar
norbat Skrevet 31. mars 2007 Del Skrevet 31. mars 2007 Holder på nå med drweb. Men er det stor sannsynlighet for at nettet mitt fungerer igjen etter jeg har kjørt alle disse programme / slettet filer? Eller kan / bør jeg formatere ? 8279825[/snapback] Sannsynligheten for at nettet fungerer etter scanningen er ikke særlig stor, da det mest sannsynlig er noen systemfiler som er skadet av de infeksjonene du hadde. Kjør gjennom de scanningene som du holder på med, post de loggene det etterspørres slik at vi kan avgjøre om pc'n fortsatt har noen infeksjoner eller ei. Det var ikke lite smussfiler du hadde på pc'n, så manglende nettforbindelse er egentlig det minste problemet Når du er ferdig med scanningene, kan du sjekke og evt. fixe systemfilene ved å: Klikk Start -> kjør Skriv: sfc /scannow (mellomrom mellom sfc og / ) I de fleste tilfeller der man mister nettforbindelsen etter infeksjoner, er det Winsock-fila som har blir korrupt, men som fixes ved å bruke f.eks. Winsockfix eller LSPfix som nevnt tidligere. Vil derfor anbefale å kjøre f.eks. Winsockfix igjen når det over er gjennomført. Synes ikke at du bør tenke på å reinstallere - ennå Lenke til kommentar
iTANDBERG Skrevet 31. mars 2007 Forfatter Del Skrevet 31. mars 2007 Jeg kaster inn håndkleet. Tålmodigheten min er kommet til veis ende, og jeg har startet formatering nå. Håper virkelig at dette løser nettproblemet mitt, i og med dette er den eneste merkbare feilen jeg har opplevd med pcen min. Takker for all hjelp, og kommer sannsynlivis til å bruke mange av rådene du har gitt i framtiden. Mvh Jesper Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå