Snytefant Skrevet 14. november 2007 Del Skrevet 14. november 2007 (endret) Jeg har da som sagt vært så heldig å få Quick Browser Search på min PC. Det kommer med jevne mellomrom når jeg skal gå til en side i IE. Veldig plagsomt Så da lurer jeg på hvordan kan jeg få fjernet det? Skrev feil, men det kommer uansett om man skriver feil eller ikke. Kan forøvrig si at det ikke ligger under Legg til/fjern programmer. Endret 14. november 2007 av --MrDave-- Lenke til kommentar
norbat Skrevet 14. november 2007 Del Skrevet 14. november 2007 Langversjonen: https://www.diskusjon.no/index.php?showtopic=691246 Loggene poster du her i din egen tråd Lenke til kommentar
Snytefant Skrevet 16. november 2007 Forfatter Del Skrevet 16. november 2007 Hijack this logg: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 22:16:47, on 16.11.2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16544) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\ehome\ehtray.exe C:\WINDOWS\stsystra.exe C:\Program Files\Dell\Media Experience\DMXLauncher.exe C:\WINDOWS\System32\DLA\DLACTRLW.EXE C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe C:\Program Files\D-Link\Air USB Utility\AirCFG.exe C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe C:\Program Files\DAEMON Tools\daemon.exe C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\Program Files\Winamp\winampa.exe C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe C:\Program Files\QuickTime\QTTask.exe C:\Program Files\iTunes\iTunesHelper.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Messenger\msmsgs.exe C:\WINDOWS\NCLAUNCH.EXe C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe C:\Program Files\Packard Bell Data Secure\PBDataSecure.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\WINDOWS\eHome\ehRecvr.exe C:\Program Files\Windows Media Player\WMPNSCFG.exe C:\WINDOWS\eHome\ehSched.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Network Associates\Common Framework\FrameworkService.exe C:\Program Files\Network Associates\VirusScan\Mcshield.exe C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\eHome\ehmsas.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe C:\Program Files\Logitech\SetPoint\SetPoint.exe C:\Program Files\Orbitdownloader\orbitdm.exe C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE C:\Program Files\Orbitdownloader\orbitnet.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startsiden.no/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Octh Class - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe O4 - HKLM\..\Run: [sigmatelSysTrayApp] stsystra.exe O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe O4 - HKLM\..\Run: [iSUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall O4 - HKLM\..\Run: [shStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe" O4 - HKLM\..\Run: [D-Link Air USB Utility] C:\Program Files\D-Link\Air USB Utility\AirCFG.exe O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [semanticInsight] C:\Program Files\RXToolBar\Semantic Insight\SemanticInsight.exe O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [mmtask] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe" O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [NCLaunch] C:\WINDOWS\NCLAUNCH.EXe O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe O4 - HKCU\..\Run: [Packard Bell Data Secure] C:\Program Files\Packard Bell Data Secure\PBDataSecure.exe O4 - HKCU\..\Run: [Free Download Manager] C:\Program Files\Free Download Manager\fdm.exe -autorun O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\Download Manager\DLM.exe /windowsstart /startifwork O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: HP Image Zone Hurtigstart.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe O4 - Global Startup: Orbit.lnk = C:\Program Files\Orbitdownloader\orbitdm.exe O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201 O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204 O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203 O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202 O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Oppslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {17D667BA-5675-4AAB-9221-08B9379384D4} (Image Uploader Control) - http://cdnimg.piczo.com/images/uploader/pi...st_uploader.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.6.108.cab O16 - DPF: {66D845A0-C3BB-45AD-807C-9BFEAF20EF2C} (InPEditor Class) - https://portal.ovgs.no/content/static/ecm/a...it_In_Place.cab O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1151176980123 O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe -- End of file - 13485 bytes Root Logg: ********************************* ROOTCHK-(21-09-07)-LOG, by ejvindh 16.11.2007 22:17:46,34 The rootkits that are detected by this tool were not found. ********************************* ROOTCHK-LOG-end catchme 0.3.1160 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-11-16 22:17:47 Windows 5.1.2600 Service Pack 2 scanning hidden processes ... scanning hidden services & system hive ... [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys00a3a569ec4] "00124731ba60"=hex:2d,7c,45,2c,9e,7f,9f,fd,25,44,8e,64,80,ff,1d,d0 "001620b07d2d"=hex:f5,42,bf,39,8e,7d,4b,68,80,91,b6,26,4d,cd,d9,5d "00180fd854dc"=hex:ec,6a,a0,20,e0,79,d9,e0,a1,9b,c7,0b,62,ae,17,53 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg] "s1"=dword:cbd941d2 "s2"=dword:17e5db2f "h0"=dword:00000002 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\CfgD79C293C1ED61418462E24595C90D04] "p0"="C:\Program Files\Alcohol Soft\Alcohol 52\" "h0"=dword:00000001 "ujdew"=hex:a9,8d,ef,d1,f1,ec,8c,e6,71,6e,b3,8f,ba,a9,9b,91,76,57,af,b3,46,.. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4] "p0"="C:\Program Files\DAEMON Tools\" "h0"=dword:00000000 "khjeh"=hex:3a,50,66,a2,5d,e9,7a,95,be,58,18,7c,ea,40,d2,7c,65,a1,d4,5b,db,.. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA40000001] "a0"=hex:20,01,00,00,c7,e7,f5,dd,cc,be,57,c3,8b,89,e1,51,59,5f,af,aa,99,.. "khjeh"=hex:39,d0,34,1d,6b,6e,4d,70,c0,b0,71,ce,dc,07,dd,3e,b9,fd,f4,9c,f6,.. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA40000001Jf40] "khjeh"=hex:18,99,34,53,3a,48,84,86,1a,54,e9,fa,2f,42,57,f1,42,35,1b,78,2b,.. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA40000001Jf41] "khjeh"=hex:a6,27,f7,c4,9b,22,b0,ca,95,be,eb,8e,17,fd,37,ff,75,07,69,1d,7e,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys00a3a569ec4] "00124731ba60"=hex:2d,7c,45,2c,9e,7f,9f,fd,25,44,8e,64,80,ff,1d,d0 "001620b07d2d"=hex:f5,42,bf,39,8e,7d,4b,68,80,91,b6,26,4d,cd,d9,5d "00180fd854dc"=hex:ec,6a,a0,20,e0,79,d9,e0,a1,9b,c7,0b,62,ae,17,53 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\CfgD79C293C1ED61418462E24595C90D04] "p0"="C:\Program Files\Alcohol Soft\Alcohol 52\" "h0"=dword:00000001 "ujdew"=hex:a9,8d,ef,d1,f1,ec,8c,e6,71,6e,b3,8f,ba,a9,9b,91,76,57,af,b3,46,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4] "p0"="C:\Program Files\DAEMON Tools\" "h0"=dword:00000000 "khjeh"=hex:3a,50,66,a2,5d,e9,7a,95,be,58,18,7c,ea,40,d2,7c,65,a1,d4,5b,db,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA40000001] "a0"=hex:20,01,00,00,c7,e7,f5,dd,cc,be,57,c3,8b,89,e1,51,59,5f,af,aa,99,.. "khjeh"=hex:39,d0,34,1d,6b,6e,4d,70,c0,b0,71,ce,dc,07,dd,3e,b9,fd,f4,9c,f6,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA40000001Jf40] "khjeh"=hex:18,99,34,53,3a,48,84,86,1a,54,e9,fa,2f,42,57,f1,42,35,1b,78,2b,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA40000001Jf41] "khjeh"=hex:a6,27,f7,c4,9b,22,b0,ca,95,be,eb,8e,17,fd,37,ff,75,07,69,1d,7e,.. scanning hidden registry entries ... [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher] "TracesProcessed"=dword:0000002f scanning hidden files ... hidden processes: 0 hidden services: 0 hidden files: 0 Combo Fix Logg: ComboFix 07-11-08.1 - Erik 2007-11-16 20:10:21.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1225 [GMT 1:00] Running from: C:\Documents and Settings\Erik\Desktop\ComboFix.exe * Created a new restore point . ADS - system32: deleted 69500 bytes in 1 streams. ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\LocalService\Application Data\NetMon C:\Documents and Settings\LocalService\Application Data\NetMon\domains.txt C:\Documents and Settings\LocalService\Application Data\NetMon\log.txt C:\Program Files\Common Files\{3C2C4~1 C:\Program Files\Common Files\Yazzle1122OinUninstaller.exe C:\Program Files\inetget2 C:\Program Files\newdotnet C:\Program Files\newdotnet\nncore.dll C:\Program Files\newdotnet\nnrun.exe C:\Program Files\newdotnet\readme.html C:\Program Files\newdotnet\uninstall.exe C:\WINDOWS\NDNuninstall6_38.exe C:\WINDOWS\NDNuninstall7_48.exe C:\WINDOWS\system32\atmtd.dll.tmp C:\WINDOWS\system32\kr_done1 C:\WINDOWS\system32\rk.bin C:\WINDOWS\system32\rlls.dll J:\Autorun.inf . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\LEGACY_NNSERV -------\NNServ ((((((((((((((((((((((((( Files Created from 2007-10-16 to 2007-11-16 ))))))))))))))))))))))))))))))) . 2007-11-16 20:13 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion 2007-11-16 20:01 <DIR> d-------- C:\Program Files\Yahoo! 2007-11-16 20:00 <DIR> d-------- C:\Program Files\Trend Micro 2007-11-16 20:00 <DIR> d-------- C:\Program Files\CCleaner 2007-11-16 20:00 51,200 --a------ C:\WINDOWS\NirCmd.exe 2007-11-15 12:15 <DIR> d-------- C:\Program Files\MSECache 2007-11-10 09:50 21,840 --a----t- C:\WINDOWS\system32\SIntfNT.dll 2007-11-10 09:50 17,212 --a----t- C:\WINDOWS\system32\SIntf32.dll 2007-11-10 09:50 12,067 --a----t- C:\WINDOWS\system32\SIntf16.dll 2007-11-09 17:54 <DIR> d-------- C:\Program Files\Counter-Strike 1.6 2007-11-03 12:07 3,497,832 --a------ C:\WINDOWS\system32\d3dx9_34.dll 2007-11-03 12:07 1,124,720 --a------ C:\WINDOWS\system32\D3DCompiler_34.dll 2007-11-03 12:07 1,123,696 --a------ C:\WINDOWS\system32\D3DCompiler_33.dll 2007-11-03 12:07 443,752 --a------ C:\WINDOWS\system32\d3dx10_34.dll 2007-11-03 12:07 443,752 --a------ C:\WINDOWS\system32\d3dx10_33.dll 2007-11-03 12:07 266,088 --a------ C:\WINDOWS\system32\xactengine2_8.dll 2007-11-03 12:07 261,480 --a------ C:\WINDOWS\system32\xactengine2_7.dll 2007-11-03 12:07 18,280 --a------ C:\WINDOWS\system32\x3daudio1_2.dll 2007-11-03 12:06 3,495,784 --a------ C:\WINDOWS\system32\d3dx9_33.dll 2007-11-03 12:06 255,848 --a------ C:\WINDOWS\system32\xactengine2_6.dll 2007-11-03 10:50 <DIR> d-------- C:\Program Files\Download Manager 2007-11-03 10:49 <DIR> d-------- C:\Documents and Settings\Erik\Application Data\IGN_DLM 2007-10-26 15:20 <DIR> d-------- C:\Program Files\StepMania 2007-10-18 18:28 1,156 --a------ C:\WINDOWS\mozver.dat 2007-10-18 18:23 <DIR> d-------- C:\Program Files\Orbitdownloader 2007-10-18 18:23 <DIR> d-------- C:\Documents and Settings\Erik\Application Data\Orbit 2007-10-18 16:43 <DIR> d-------- C:\Documents and Settings\Erik\Application Data\Talkback 2007-10-18 16:43 0 --a------ C:\WINDOWS\nsreg.dat 2007-10-17 21:19 <DIR> d-------- C:\Program Files\Ultra Mobile 3GP Video Converter 2007-10-17 21:19 129,024 --a------ C:\WINDOWS\system32\AVERM.dll 2007-10-17 21:19 28,672 --a------ C:\WINDOWS\system32\AVEQT.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-11-16 18:18 --------- d-----w C:\Program Files\Packard Bell Data Secure 2007-11-13 18:42 --------- d-----w C:\Program Files\Windows Live Safety Center 2007-11-12 21:39 --------- d-----w C:\Documents and Settings\Erik\Application Data\uTorrent 2007-11-10 13:46 --------- d-----w C:\Program Files\THQ 2007-11-10 08:53 --------- d--h--w C:\Program Files\InstallShield Installation Information 2007-11-09 14:30 --------- d-----w C:\Program Files\Rockstar Games 2007-10-18 14:42 --------- d-----w C:\Program Files\WMR11 2007-10-16 12:01 --------- d-----w C:\Program Files\Java 2007-10-14 17:22 --------- d-----w C:\Documents and Settings\Erik\Application Data\Sports Interactive 2007-10-14 17:03 --------- d-----w C:\Program Files\Sports Interactive 2007-10-14 10:39 --------- d-----w C:\Program Files\World of Warcraft 2007-10-10 15:46 --------- d-----w C:\Documents and Settings\Erik\Application Data\Skype 2007-09-29 08:41 --------- d-----w C:\Program Files\iTunes 2007-09-29 08:40 --------- d-----w C:\Program Files\iPod 2007-09-29 08:38 --------- d-----w C:\Program Files\QuickTime 2007-09-29 08:38 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer 2007-09-29 08:36 --------- d-----w C:\Program Files\Apple Software Update 2007-09-29 08:35 --------- d-----w C:\Program Files\Common Files\Apple 2007-09-29 08:35 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple 2007-09-29 08:20 --------- d-----w C:\Program Files\BearShare 2007-09-21 17:31 --------- d-----w C:\Program Files\TrackMania Nations ESWC 2007-09-21 15:32 --------- d-----w C:\Program Files\BeeThink MusicHandle 3.2 2007-09-19 20:06 --------- d-----w C:\Program Files\FREE Hi-Q Recorder 2007-09-19 20:03 --------- d-----w C:\Program Files\Advanced Sound Recorder 2007-09-16 17:19 --------- d-----w C:\Documents and Settings\Erik\Application Data\AdobeUM 2007-09-16 12:37 --------- d-----w C:\Program Files\Common Files\EasyInfo 2007-09-16 11:12 --------- d-----w C:\Program Files\EA SPORTS 2007-09-16 08:22 --------- d-----w C:\Documents and Settings\All Users\Application Data\GlobalSCAPE 2006-05-24 18:34 251 ----a-w C:\Program Files\wt3d.ini 2005-03-29 21:46 12,288 ----a-w C:\WINDOWS\Fonts\RandFont.dll 2007-04-02 16:24:10 88 --sh--r C:\WINDOWS\system32\410407341C.sys . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-09-29 14:01] "SigmatelSysTrayApp"="stsystra.exe" [2005-03-22 23:20 C:\WINDOWS\stsystra.exe] "ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2006-02-09 20:05] "DMXLauncher"="C:\Program Files\Dell\Media Experience\DMXLauncher.exe" [2006-05-03 02:12] "ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 10:44] "ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 10:44] "DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [2005-09-08 05:20] "McAfeeUpdaterUI"="C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" [2004-08-06 02:50] "MSKDetectorExe"="C:\Program Files\McAfee\SpamKiller\MSKDetct.exe" [2005-07-12 19:05] "ShStatEXE"="C:\Program Files\Network Associates\VirusScan\SHSTAT.exe" [2004-08-18 07:00] "Network Associates Error Reporting Service"="C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe" [2003-10-07 08:48] "D-Link Air USB Utility"="C:\Program Files\D-Link\Air USB Utility\AirCFG.exe" [2004-05-25 17:09] "ANIWZCS2Service"="C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2004-04-14 10:54] "BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-10 05:00 C:\WINDOWS\system32\bthprops.cpl] "HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-03-29 22:16] "SemanticInsight"="C:\Program Files\RXToolBar\Semantic Insight\SemanticInsight.exe" [] "NeroCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2003-07-13 01:49] "Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2005-05-20 13:46 C:\WINDOWS\KHALMNPR.Exe] "mmtask"="C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe" [2006-01-17 12:03] "DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2005-12-10 15:57] "Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 23:46] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11] "WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2006-11-21 18:38] "Corel Photo Downloader"="C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe" [2006-02-09 23:34] "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-06-29 05:24] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-09-26 13:42] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 05:00] "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 17:24] "NCLaunch"="C:\WINDOWS\NCLAUNCH.EXe" [2006-07-11 16:40] "LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2007-03-13 17:37] "Packard Bell Data Secure"="C:\Program Files\Packard Bell Data Secure\PBDataSecure.exe" [2006-06-20 14:15] "Free Download Manager"="C:\Program Files\Free Download Manager\fdm.exe" [] "msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-05-11 14:07] "igndlm.exe"="C:\Program Files\Download Manager\DLM.exe" [2007-03-05 22:57] "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-15 10:46] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2006-06-22 23:36:19] Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-24 07:05:26] HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2005-03-29 22:29:10] HP Image Zone Hurtigstart.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [2005-03-30 00:18:30] Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2007-03-13 17:37:53] Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2006-08-07 16:49:06] Orbit.lnk - C:\Program Files\Orbitdownloader\orbitdm.exe [2007-10-18 18:23:57] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles "InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon] "UIHost"="LogonUI.EXE" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Winter Fun Wallpaper Changer.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Winter Fun Wallpaper Changer.lnk backup=C:\WINDOWS\pss\Winter Fun Wallpaper Changer.lnkCommon Startup R1 NaiAvTdi1;NaiAvTdi1;C:\WINDOWS\system32\drivers\mvstdi5x.sys R3 WmBEnum;Logitech Virtual Bus Enumerator Driver;C:\WINDOWS\system32\drivers\WmBEnum.sys R3 WmXlCore;Logitech WingMan Translation Layer Driver;C:\WINDOWS\system32\drivers\WmXlCore.sys S3 NPF;NetGroup Packet Filter Driver;C:\WINDOWS\system32\drivers\npf.sys S3 PRISM_USB;D-Link Air Wireless USB Adapter Driver;C:\WINDOWS\system32\DRIVERS\PRISMUSB.sys S3 WmFilter;Logitech Gaming HID Filter Driver;C:\WINDOWS\system32\drivers\WmFilter.sys S3 WmHidLo;Logitech Gaming USB Filter Driver;C:\WINDOWS\system32\drivers\WmHidLo.sys S3 WmVirHid;Logitech Virtual Hid Device Driver;C:\WINDOWS\system32\drivers\WmVirHid.sys S4 viaagp;VIA AGP Bus Filter;C:\WINDOWS\system32\DRIVERS\viaagp.sys *Newly Created Service* - ENTDRV51 . Contents of the 'Scheduled Tasks' folder "2007-11-03 22:53:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - C:\Program Files\Apple Software Update\SoftwareUpdate.exe . ************************************************************************** catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-11-16 20:18:51 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... ************************************************************************** . Completion time: 2007-11-16 20:23:02 . --- E O F --- SAS Logg: SUPERAntiSpyware Scan Log http://www.superantispyware.com Generated 11/16/2007 at 10:07 PM Application Version : 3.9.1008 Core Rules Database Version : 3345 Trace Rules Database Version: 1346 Scan type : Complete Scan Total Scan Time : 01:35:12 Memory items scanned : 559 Memory threats detected : 0 Registry items scanned : 7346 Registry threats detected : 48 File items scanned : 79084 File threats detected : 23 Adware.Tracking Cookie C:\Documents and Settings\Erik\Cookies\[email protected][1].txt C:\Documents and Settings\Erik\Cookies\[email protected][1].txt C:\Documents and Settings\Erik\Cookies\erik@doubleclick[1].txt C:\Documents and Settings\Erik\Cookies\[email protected][1].txt C:\Documents and Settings\Erik\Cookies\erik@mediaplex[1].txt Adware.180solutions/Search Assistant HKCR\Interface\{2B0ECEAC-F597-4858-A542-D966B49055B9} HKCR\Interface\{2B0ECEAC-F597-4858-A542-D966B49055B9}\ProxyStubClsid HKCR\Interface\{2B0ECEAC-F597-4858-A542-D966B49055B9}\ProxyStubClsid32 HKCR\Interface\{2B0ECEAC-F597-4858-A542-D966B49055B9}\TypeLib HKCR\Interface\{2B0ECEAC-F597-4858-A542-D966B49055B9}\TypeLib#Version HKCR\Interface\{DDEA2E1D-8555-45E5-AF09-EC9AA4EA27AD} HKCR\Interface\{DDEA2E1D-8555-45E5-AF09-EC9AA4EA27AD}\ProxyStubClsid HKCR\Interface\{DDEA2E1D-8555-45E5-AF09-EC9AA4EA27AD}\ProxyStubClsid32 HKCR\Interface\{DDEA2E1D-8555-45E5-AF09-EC9AA4EA27AD}\TypeLib HKCR\Interface\{DDEA2E1D-8555-45E5-AF09-EC9AA4EA27AD}\TypeLib#Version HKCR\Interface\{F1F1E775-1B21-454D-8D38-7C16519969E5} HKCR\Interface\{F1F1E775-1B21-454D-8D38-7C16519969E5}\ProxyStubClsid HKCR\Interface\{F1F1E775-1B21-454D-8D38-7C16519969E5}\ProxyStubClsid32 HKCR\Interface\{F1F1E775-1B21-454D-8D38-7C16519969E5}\TypeLib HKCR\Interface\{F1F1E775-1B21-454D-8D38-7C16519969E5}\TypeLib#Version Adware.180solutions/ZangoSearch HKCR\CLSID\{0AC49246-419B-4EE0-8917-8818DAAD6A4E} HKCR\CLSID\{0AC49246-419B-4EE0-8917-8818DAAD6A4E}\Control HKCR\CLSID\{0AC49246-419B-4EE0-8917-8818DAAD6A4E}\InprocServer32 HKCR\CLSID\{0AC49246-419B-4EE0-8917-8818DAAD6A4E}\InprocServer32#ThreadingModel HKCR\CLSID\{0AC49246-419B-4EE0-8917-8818DAAD6A4E}\MiscStatus HKCR\CLSID\{0AC49246-419B-4EE0-8917-8818DAAD6A4E}\MiscStatus\1 HKCR\CLSID\{0AC49246-419B-4EE0-8917-8818DAAD6A4E}\ProgID HKCR\CLSID\{0AC49246-419B-4EE0-8917-8818DAAD6A4E}\Programmable HKCR\CLSID\{0AC49246-419B-4EE0-8917-8818DAAD6A4E}\ToolboxBitmap32 HKCR\CLSID\{0AC49246-419B-4EE0-8917-8818DAAD6A4E}\TypeLib HKCR\CLSID\{0AC49246-419B-4EE0-8917-8818DAAD6A4E}\Version HKCR\CLSID\{0AC49246-419B-4EE0-8917-8818DAAD6A4E}\VersionIndependentProgID HKCR\CLSID\{99410CDE-6F16-42ce-9D49-3807F78F0287} HKCR\CLSID\{99410CDE-6F16-42ce-9D49-3807F78F0287}\Control HKCR\CLSID\{99410CDE-6F16-42ce-9D49-3807F78F0287}\InprocServer32 HKCR\CLSID\{99410CDE-6F16-42ce-9D49-3807F78F0287}\InprocServer32#ThreadingModel HKCR\CLSID\{99410CDE-6F16-42ce-9D49-3807F78F0287}\MiscStatus HKCR\CLSID\{99410CDE-6F16-42ce-9D49-3807F78F0287}\MiscStatus\1 HKCR\CLSID\{99410CDE-6F16-42ce-9D49-3807F78F0287}\ProgID HKCR\CLSID\{99410CDE-6F16-42ce-9D49-3807F78F0287}\Programmable HKCR\CLSID\{99410CDE-6F16-42ce-9D49-3807F78F0287}\ToolboxBitmap32 HKCR\CLSID\{99410CDE-6F16-42ce-9D49-3807F78F0287}\TypeLib HKCR\CLSID\{99410CDE-6F16-42ce-9D49-3807F78F0287}\Version HKCR\CLSID\{99410CDE-6F16-42ce-9D49-3807F78F0287}\VersionIndependentProgID HKCR\TypeLib\{5B6689B5-C2D4-4DC7-BFD1-24AC17E5FCDA} HKCR\TypeLib\{5B6689B5-C2D4-4DC7-BFD1-24AC17E5FCDA}\1.0 HKCR\TypeLib\{5B6689B5-C2D4-4DC7-BFD1-24AC17E5FCDA}\1.0 HKCR\TypeLib\{5B6689B5-C2D4-4DC7-BFD1-24AC17E5FCDA}\1.0\win32 HKCR\TypeLib\{5B6689B5-C2D4-4DC7-BFD1-24AC17E5FCDA}\1.0\FLAGS HKCR\TypeLib\{5B6689B5-C2D4-4DC7-BFD1-24AC17E5FCDA}\1.0\HELPDIR C:\PROGRAM FILES\BEARSHARE\BEARSHAREZANGOINSTALLER.EXE Adware.ClickSpring/Yazzle HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yazzle1122Oin HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yazzle1122Oin#DisplayName HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yazzle1122Oin#UninstallString C:\QOOBOX\QUARANTINE\C\PROGRAM FILES\COMMON FILES\YAZZLE1122OINUNINSTALLER.EXE.VIR C:\SYSTEM VOLUME INFORMATION\_RESTORE{F4F887E8-C53C-4245-8F1D-9D2E60F8E217}\RP361\A0115176.EXE BearShare File Sharing Client C:\BEARSHARE\BEARSHARE.EXE C:\PROGRAM FILES\BEARSHARE\BEARSHARE.EXE Trojan.NewDotNet-Installer C:\PROGRAM FILES\THEMEXP\NNWDAB638.EXE Adware.WhenU C:\PROGRAM FILES\THEMEXP\VVSNINST.EXE Trojan.NewDotNet C:\QOOBOX\QUARANTINE\C\WINDOWS\NDNUNINSTALL6_38.EXE.VIR C:\QOOBOX\QUARANTINE\C\WINDOWS\NDNUNINSTALL7_48.EXE.VIR C:\SYSTEM VOLUME INFORMATION\_RESTORE{F4F887E8-C53C-4245-8F1D-9D2E60F8E217}\RP351\A0112346.EXE C:\SYSTEM VOLUME INFORMATION\_RESTORE{F4F887E8-C53C-4245-8F1D-9D2E60F8E217}\RP351\A0112347.EXE C:\SYSTEM VOLUME INFORMATION\_RESTORE{F4F887E8-C53C-4245-8F1D-9D2E60F8E217}\RP351\A0112374.DLL C:\SYSTEM VOLUME INFORMATION\_RESTORE{F4F887E8-C53C-4245-8F1D-9D2E60F8E217}\RP361\A0115177.EXE C:\SYSTEM VOLUME INFORMATION\_RESTORE{F4F887E8-C53C-4245-8F1D-9D2E60F8E217}\RP361\A0115178.EXE RelevantKnowledge Spyware Component C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\RK.BIN.VIR C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\RLLS.DLL.VIR C:\SYSTEM VOLUME INFORMATION\_RESTORE{F4F887E8-C53C-4245-8F1D-9D2E60F8E217}\RP361\A0115182.DLL C:\WINDOWS\SYSTEM32\RLLS.DL_ La dem i spoiler Lenke til kommentar
norbat Skrevet 16. november 2007 Del Skrevet 16. november 2007 Kjør HJT, velg "Do a system scan only", sett merke framfor følgende linje og klikk Fix checked: O4 - HKLM\..\Run: [semanticInsight] C:\Program Files\RXToolBar\Semantic Insight\SemanticInsight.exe Hent Avenger og pakk det ut. Start programmet, sett prikk i "Input Script Manually" og klikk på lupen. I vinduet som kommer opp kopierer du og limer inn det som er i fet skrift under: Folders to delete: C:\Program Files\RXToolBar Klikk på Trafikklyset. Restart PC-en. Etter restart vil det komme en loggfil som forteller hva som har skjedd. Du trenger ikke å poste den. Fortsatt problemer med QBS? Lenke til kommentar
Snytefant Skrevet 17. november 2007 Forfatter Del Skrevet 17. november 2007 Har ikke fått det den siste timen, så da håper jeg det er bra nå Takker for raske svar Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå