* Uofficiel Black/White liste V3
|
Denne tråd er over 6 måneder gammel
Er du sikker på, at du har noget relevant at tilføje?
HJT hjælpAf Ultrabruger DaDuck | 12-09-2007 01:14 | 1929 visninger | 8 svar, hop til senesteen masse crap, og popup vinduer hele tiden.... hjælp...
TAK
Logfile of HijackThis v1.99.1
Scan saved at 01:09:42, on 12-09-2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Launch Manager\LaunchAp.exe
C:\Program Files\Launch Manager\PowerKey.exe
C:\Program Files\Launch Manager\HotkeyApp.exe
C:\Program Files\Launch Manager\OSDCtrl.exe
C:\Program Files\Launch Manager\Wbutton.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\rundll32.exe
C:\Acer\Empowering Technology\admtray.exe
C:\Acer\Empowering Technology\eRecovery\Monitor.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe
C:\WINDOWS\C0100Mon.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\PeerGuardian2\pg2.exe
C:\Program Files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\Acer\Empowering Technology\admServ.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\DOCUME~1\MARIAL~1\LOCALS~1\Temp\RtkBtMnt.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\HijackThis\HijackThis.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\iexplore.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.dk[...]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com[...]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com[...]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com[...]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com[...]
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://global.acer.com[...]
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Seekmo - {07AA283A-43D7-4CBE-A064-32A21112D94D} - (no file)
O2 - BHO: (no name) - {47B83D78-F986-4E96-9769-2C55EF14DA0B} - C:\WINDOWS\system32\__c00A158C.dat
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Seekmo - {07AA283A-43D7-4CBE-A064-32A21112D94D} - (no file)
O3 - Toolbar: (no name) - {F06E2ABE-3A50-4079-BE25-FC100D9EAA25} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [preload] C:\Windows\RUNXMLPL.exe
O4 - HKLM\..\Run: [LaunchAp] "C:\Program Files\Launch Manager\LaunchAp.exe"
O4 - HKLM\..\Run: [PowerKey] "C:\Program Files\Launch Manager\PowerKey.exe"
O4 - HKLM\..\Run: [LManager] "C:\Program Files\Launch Manager\HotkeyApp.exe"
O4 - HKLM\..\Run: [CtrlVol] "C:\Program Files\Launch Manager\CtrlVol.exe"
O4 - HKLM\..\Run: [LMgrOSD] "C:\Program Files\Launch Manager\OSDCtrl.exe"
O4 - HKLM\..\Run: [Wbutton] "C:\Program Files\Launch Manager\Wbutton.exe"
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [ADMTray.exe] "C:\Acer\Empowering Technology\admtray.exe"
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\Monitor.exe
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [AVFX Engine] C:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe
O4 - HKLM\..\Run: [C0100Mon.exe] C:\WINDOWS\C0100Mon.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe
O4 - HKCU\..\Run: [Creative Live! Cam Manager] "C:\Program Files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Send til &Bluetooth-enhed... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com[...]
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com[...]
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\WINDOWS\system32\__c001864A.dat
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" -r (file missing)
O23 - Service: AdminWorks Agent X6 (AWService) - Avocent Inc. - C:\Acer\Empowering Technology\admServ.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
--
There are 10 types of people in the world; Those who understand binary and those who don't.
http://my.qxl.dk[...]
Ingen der kan hjælpe ?
TAK
--
Gæstebruger, opret dit eget login og få din egen signatur. SUPERAntiSpyware Scan Log
http://www.superantispyware.com[...]
Generated 09/13/2007 at 04:56 PM
Application Version : 3.9.1008
Core Rules Database Version : 3305
Trace Rules Database Version: 1311
Scan type : Complete Scan
Total Scan Time : 00:50:58
Memory items scanned : 675
Memory threats detected : 1
Registry items scanned : 6280
Registry threats detected : 227
File items scanned : 47870
File threats detected : 23
Trojan.Downloader-NewJuan/VM
C:\WINDOWS\SYSTEM32\__C00A158C.DAT
C:\WINDOWS\SYSTEM32\__C00A158C.DAT
Unclassified.Unknown Origin
HKLM\Software\Classes\CLSID\{47B83D78-F986-4E96-9769-2C55EF14DA0B}
HKCR\CLSID\{47B83D78-F986-4E96-9769-2C55EF14DA0B}
HKCR\CLSID\{47B83D78-F986-4E96-9769-2C55EF14DA0B}\InprocServer32
HKCR\CLSID\{47B83D78-F986-4E96-9769-2C55EF14DA0B}\InprocServer32#ThreadingModel
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{47B83D78-F986-4E96-9769-2C55EF14DA0B}
HKCR\CLSID\{47B83D78-F986-4E96-9769-2C55EF14DA0B}
Adware.Tracking Cookie
C:\Documents and Settings\Maria Lund\Cookies\maria_lund@zedo[2].txt
C:\Documents and Settings\Maria Lund\Cookies\maria_lund@doubleclick[2].txt
C:\Documents and Settings\Maria Lund\Cookies\ [email protected][2].txt
C:\Documents and Settings\Maria Lund\Cookies\maria_lund@smileycentral[1].txt
C:\Documents and Settings\Maria Lund\Cookies\ [email protected][1].txt
C:\Documents and Settings\Maria Lund\Cookies\maria_lund@tribalfusion[1].txt
C:\Documents and Settings\Maria Lund\Cookies\maria_lund@precisionclick[1].txt
C:\Documents and Settings\Maria Lund\Cookies\maria_lund@cpvfeed[2].txt
Trojan.Security Toolbar
C:\Documents and Settings\All Users\Start Menu\Online Security Guide.url
C:\Documents and Settings\All Users\Start Menu\Security Troubleshooting.url
Adware.180solutions/Seekmo
HKCR\HostIE.Bho
HKCR\HostIE.Bho\CLSID
HKCR\HostIE.Bho\CurVer
HKCR\HostIE.Bho.1
HKCR\HostIE.Bho.1\CLSID
HKCR\CLSID\{07AA283A-43D7-4CBE-A064-32A21112D94D}
HKCR\CLSID\{07AA283A-43D7-4CBE-A064-32A21112D94D}\ProgID
HKCR\CLSID\{07AA283A-43D7-4CBE-A064-32A21112D94D}\Programmable
HKCR\CLSID\{07AA283A-43D7-4CBE-A064-32A21112D94D}\TypeLib
HKCR\CLSID\{07AA283A-43D7-4CBE-A064-32A21112D94D}\VersionIndependentProgID
HKCR\CLSID\{93B0FA7B-50F6-41B4-AC7E-612A72CE8C3C}
HKCR\CLSID\{93B0FA7B-50F6-41B4-AC7E-612A72CE8C3C}\Control
HKCR\CLSID\{93B0FA7B-50F6-41B4-AC7E-612A72CE8C3C}\Implemented Categories
HKCR\CLSID\{93B0FA7B-50F6-41B4-AC7E-612A72CE8C3C}\Implemented Categories\{00021494-0000-0000-C000-000000000046}
HKCR\CLSID\{93B0FA7B-50F6-41B4-AC7E-612A72CE8C3C}\Instance
HKCR\CLSID\{93B0FA7B-50F6-41B4-AC7E-612A72CE8C3C}\Instance#CLSID
HKCR\CLSID\{93B0FA7B-50F6-41B4-AC7E-612A72CE8C3C}\Instance\InitPropertyBag
HKCR\CLSID\{93B0FA7B-50F6-41B4-AC7E-612A72CE8C3C}\Instance\InitPropertyBag#Url
HKCR\CLSID\{93B0FA7B-50F6-41B4-AC7E-612A72CE8C3C}\MiscStatus
HKCR\CLSID\{93B0FA7B-50F6-41B4-AC7E-612A72CE8C3C}\MiscStatus\1
HKCR\CLSID\{93B0FA7B-50F6-41B4-AC7E-612A72CE8C3C}\ProgID
HKCR\CLSID\{93B0FA7B-50F6-41B4-AC7E-612A72CE8C3C}\Programmable
HKCR\CLSID\{93B0FA7B-50F6-41B4-AC7E-612A72CE8C3C}\TypeLib
HKCR\CLSID\{93B0FA7B-50F6-41B4-AC7E-612A72CE8C3C}\Version
HKCR\CLSID\{93B0FA7B-50F6-41B4-AC7E-612A72CE8C3C}\VersionIndependentProgID
HKCR\TypeLib\{087C4054-0A2B-4F35-B0DB-BED3E21650F4}
HKCR\TypeLib\{087C4054-0A2B-4F35-B0DB-BED3E21650F4}\1.0
HKCR\TypeLib\{087C4054-0A2B-4F35-B0DB-BED3E21650F4}\1.0\0
HKCR\TypeLib\{087C4054-0A2B-4F35-B0DB-BED3E21650F4}\1.0\0\win32
HKCR\TypeLib\{087C4054-0A2B-4F35-B0DB-BED3E21650F4}\1.0\FLAGS
HKCR\TypeLib\{087C4054-0A2B-4F35-B0DB-BED3E21650F4}\1.0\HELPDIR
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{07AA283A-43D7-4CBE-A064-32A21112D94D}
HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\{93B0FA7B-50F6-41B4-AC7E-612A72CE8C3C}
HKU\S-1-5-21-3829295412-2816458135-4248073172-1005\Software\Microsoft\Internet Explorer\Explorer Bars\{93B0FA7B-50F6-41B4-AC7E-612A72CE8C3C}
HKLM\Software\Microsoft\Internet Explorer\Toolbar#{07AA283A-43D7-4CBE-A064-32A21112D94D} [ Seekmo ]
C:\Documents and Settings\Maria Lund\Application Data\Seekmo\IESkins
C:\Documents and Settings\Maria Lund\Application Data\Seekmo
C:\SYSTEM VOLUME INFORMATION\_RESTORE{522AA546-BDE3-4168-A439-CC5B83810CC6}\RP117\A0026019.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{522AA546-BDE3-4168-A439-CC5B83810CC6}\RP117\A0026020.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{522AA546-BDE3-4168-A439-CC5B83810CC6}\RP117\A0026021.DLL
Adware.Zango Toolbar/Hb
HKCR\CoreSrv.CoreServices
HKCR\CoreSrv.CoreServices\CLSID
HKCR\CoreSrv.CoreServices\CurVer
HKCR\CoreSrv.CoreServices.1
HKCR\CoreSrv.CoreServices.1\CLSID
HKCR\CoreSrv.LfgAx
HKCR\CoreSrv.LfgAx\CLSID
HKCR\CoreSrv.LfgAx\CurVer
HKCR\CoreSrv.LfgAx.1
HKCR\CoreSrv.LfgAx.1\CLSID
HKCR\HBMain.CommBand
HKCR\HBMain.CommBand\CLSID
HKCR\HBMain.CommBand\CurVer
HKCR\HBMain.CommBand.1
HKCR\HBMain.CommBand.1\CLSID
HKCR\hbr.HbMain
HKCR\hbr.HbMain\CLSID
HKCR\hbr.HbMain\CurVer
HKCR\hbr.HbMain.1
HKCR\hbr.HbMain.1\CLSID
HKCR\CLSID\{B0CB585F-3271-4E42-88D9-AE5C9330D554}
HKCR\CLSID\{B0CB585F-3271-4E42-88D9-AE5C9330D554}#AppID
HKCR\CLSID\{B0CB585F-3271-4E42-88D9-AE5C9330D554}\Control
HKCR\CLSID\{B0CB585F-3271-4E42-88D9-AE5C9330D554}\Implemented Categories
HKCR\CLSID\{B0CB585F-3271-4E42-88D9-AE5C9330D554}\Implemented Categories\{7DD95801-9882-11CF-9FA9-00AA006C42C4}
HKCR\CLSID\{B0CB585F-3271-4E42-88D9-AE5C9330D554}\MiscStatus
HKCR\CLSID\{B0CB585F-3271-4E42-88D9-AE5C9330D554}\MiscStatus\1
HKCR\CLSID\{B0CB585F-3271-4E42-88D9-AE5C9330D554}\ProgID
HKCR\CLSID\{B0CB585F-3271-4E42-88D9-AE5C9330D554}\Programmable
HKCR\CLSID\{B0CB585F-3271-4E42-88D9-AE5C9330D554}\TypeLib
HKCR\CLSID\{B0CB585F-3271-4E42-88D9-AE5C9330D554}\Version
HKCR\CLSID\{B0CB585F-3271-4E42-88D9-AE5C9330D554}\VersionIndependentProgID
HKCR\CLSID\{BF1BF02C-5A86-4ECF-ADAC-472C54C4D21E}
HKCR\CLSID\{BF1BF02C-5A86-4ECF-ADAC-472C54C4D21E}\Implemented Categories
HKCR\CLSID\{BF1BF02C-5A86-4ECF-ADAC-472C54C4D21E}\Implemented Categories\{EA39B285-5A7D-4918-8DF1-95C48E74E409}
HKCR\CLSID\{D2221CCB-F2BB-4858-AAD4-57C754153603}
HKCR\CLSID\{D2221CCB-F2BB-4858-AAD4-57C754153603}\ProgID
HKCR\CLSID\{D2221CCB-F2BB-4858-AAD4-57C754153603}\TypeLib
HKCR\CLSID\{D2221CCB-F2BB-4858-AAD4-57C754153603}\VersionIndependentProgID
HKCR\CLSID\{EA0B6A1A-6A59-4A58-9C41-9966504898A5}
HKCR\CLSID\{EA0B6A1A-6A59-4A58-9C41-9966504898A5}\ProgID
HKCR\CLSID\{EA0B6A1A-6A59-4A58-9C41-9966504898A5}\Programmable
HKCR\CLSID\{EA0B6A1A-6A59-4A58-9C41-9966504898A5}\TypeLib
HKCR\CLSID\{EA0B6A1A-6A59-4A58-9C41-9966504898A5}\VersionIndependentProgID
HKCR\TypeLib\{229D2451-A617-4B30-B5E8-8138694240CB}
HKCR\TypeLib\{229D2451-A617-4B30-B5E8-8138694240CB}\1.0
HKCR\TypeLib\{229D2451-A617-4B30-B5E8-8138694240CB}\1.0\0
HKCR\TypeLib\{229D2451-A617-4B30-B5E8-8138694240CB}\1.0\0\win32
HKCR\TypeLib\{229D2451-A617-4B30-B5E8-8138694240CB}\1.0\FLAGS
HKCR\TypeLib\{229D2451-A617-4B30-B5E8-8138694240CB}\1.0\HELPDIR
HKCR\Interface\{00B77587-BE1B-4201-B8E9-09FCF50AB771}
HKCR\Interface\{00B77587-BE1B-4201-B8E9-09FCF50AB771}\ProxyStubClsid
HKCR\Interface\{00B77587-BE1B-4201-B8E9-09FCF50AB771}\ProxyStubClsid32
HKCR\Interface\{00B77587-BE1B-4201-B8E9-09FCF50AB771}\TypeLib
HKCR\Interface\{00B77587-BE1B-4201-B8E9-09FCF50AB771}\TypeLib#Version
HKCR\Interface\{2E623B96-B166-4C70-8169-820761794299}
HKCR\Interface\{2E623B96-B166-4C70-8169-820761794299}\ProxyStubClsid
HKCR\Interface\{2E623B96-B166-4C70-8169-820761794299}\ProxyStubClsid32
HKCR\Interface\{2E623B96-B166-4C70-8169-820761794299}\TypeLib
HKCR\Interface\{2E623B96-B166-4C70-8169-820761794299}\TypeLib#Version
HKCR\Interface\{4E8B851B-05B0-4BAF-B24D-D0DFE88DDED3}
HKCR\Interface\{4E8B851B-05B0-4BAF-B24D-D0DFE88DDED3}\ProxyStubClsid
HKCR\Interface\{4E8B851B-05B0-4BAF-B24D-D0DFE88DDED3}\ProxyStubClsid32
HKCR\Interface\{4E8B851B-05B0-4BAF-B24D-D0DFE88DDED3}\TypeLib
HKCR\Interface\{4E8B851B-05B0-4BAF-B24D-D0DFE88DDED3}\TypeLib#Version
HKCR\Interface\{5A4737A8-B92A-4E54-970E-C2891D98CE3F}
HKCR\Interface\{5A4737A8-B92A-4E54-970E-C2891D98CE3F}\ProxyStubClsid
HKCR\Interface\{5A4737A8-B92A-4E54-970E-C2891D98CE3F}\ProxyStubClsid32
HKCR\Interface\{5A4737A8-B92A-4E54-970E-C2891D98CE3F}\TypeLib
HKCR\Interface\{5A4737A8-B92A-4E54-970E-C2891D98CE3F}\TypeLib#Version
HKCR\Interface\{62B0B239-F9AC-4A5B-BFAE-62C7A23F7627}
HKCR\Interface\{62B0B239-F9AC-4A5B-BFAE-62C7A23F7627}\ProxyStubClsid
HKCR\Interface\{62B0B239-F9AC-4A5B-BFAE-62C7A23F7627}\ProxyStubClsid32
HKCR\Interface\{62B0B239-F9AC-4A5B-BFAE-62C7A23F7627}\TypeLib
HKCR\Interface\{62B0B239-F9AC-4A5B-BFAE-62C7A23F7627}\TypeLib#Version
HKCR\Interface\{726F0AB9-B842-4AE4-90C7-230E233E6A99}
HKCR\Interface\{726F0AB9-B842-4AE4-90C7-230E233E6A99}\ProxyStubClsid
HKCR\Interface\{726F0AB9-B842-4AE4-90C7-230E233E6A99}\ProxyStubClsid32
HKCR\Interface\{726F0AB9-B842-4AE4-90C7-230E233E6A99}\TypeLib
HKCR\Interface\{726F0AB9-B842-4AE4-90C7-230E233E6A99}\TypeLib#Version
HKCR\Interface\{ACE99E77-AA2A-43C2-8C9D-CAF2020FDF2B}
HKCR\Interface\{ACE99E77-AA2A-43C2-8C9D-CAF2020FDF2B}\ProxyStubClsid
HKCR\Interface\{ACE99E77-AA2A-43C2-8C9D-CAF2020FDF2B}\ProxyStubClsid32
HKCR\Interface\{ACE99E77-AA2A-43C2-8C9D-CAF2020FDF2B}\TypeLib
HKCR\Interface\{ACE99E77-AA2A-43C2-8C9D-CAF2020FDF2B}\TypeLib#Version
HKCR\Interface\{B9CC2B92-5611-453F-8381-8B6F72D9C0B8}
HKCR\Interface\{B9CC2B92-5611-453F-8381-8B6F72D9C0B8}\ProxyStubClsid
HKCR\Interface\{B9CC2B92-5611-453F-8381-8B6F72D9C0B8}\ProxyStubClsid32
HKCR\Interface\{B9CC2B92-5611-453F-8381-8B6F72D9C0B8}\TypeLib
HKCR\Interface\{B9CC2B92-5611-453F-8381-8B6F72D9C0B8}\TypeLib#Version
HKCR\Interface\{C4543E64-1498-410D-8E72-4744EEA99AB9}
HKCR\Interface\{C4543E64-1498-410D-8E72-4744EEA99AB9}\ProxyStubClsid
HKCR\Interface\{C4543E64-1498-410D-8E72-4744EEA99AB9}\ProxyStubClsid32
HKCR\Interface\{C4543E64-1498-410D-8E72-4744EEA99AB9}\TypeLib
HKCR\Interface\{C4543E64-1498-410D-8E72-4744EEA99AB9}\TypeLib#Version
HKCR\Interface\{E0FB1610-B25B-49F6-BE20-751B2F230E6F}
HKCR\Interface\{E0FB1610-B25B-49F6-BE20-751B2F230E6F}\ProxyStubClsid
HKCR\Interface\{E0FB1610-B25B-49F6-BE20-751B2F230E6F}\ProxyStubClsid32
HKCR\Interface\{E0FB1610-B25B-49F6-BE20-751B2F230E6F}\TypeLib
HKCR\Interface\{E0FB1610-B25B-49F6-BE20-751B2F230E6F}\TypeLib#Version
C:\Documents and Settings\Maria Lund\Application Data\Zango
Malware.VirusProtectPro
HKCR\TypeLib\{6D7F9517-F134-45E3-BF2E-73414FF15CA1}
HKCR\TypeLib\{6D7F9517-F134-45E3-BF2E-73414FF15CA1}\1.0
HKCR\TypeLib\{6D7F9517-F134-45E3-BF2E-73414FF15CA1}\1.0\0
HKCR\TypeLib\{6D7F9517-F134-45E3-BF2E-73414FF15CA1}\1.0\0\win32
HKCR\TypeLib\{6D7F9517-F134-45E3-BF2E-73414FF15CA1}\1.0\FLAGS
HKCR\TypeLib\{6D7F9517-F134-45E3-BF2E-73414FF15CA1}\1.0\HELPDIR
HKCR\Interface\{03F65A7B-6E49-4ACE-848B-4459DDBD3981}
HKCR\Interface\{03F65A7B-6E49-4ACE-848B-4459DDBD3981}\ProxyStubClsid
HKCR\Interface\{03F65A7B-6E49-4ACE-848B-4459DDBD3981}\ProxyStubClsid32
HKCR\Interface\{03F65A7B-6E49-4ACE-848B-4459DDBD3981}\TypeLib
HKCR\Interface\{03F65A7B-6E49-4ACE-848B-4459DDBD3981}\TypeLib#Version
HKCR\Interface\{15125718-D196-47C9-8FBF-9889C0C85D67}
HKCR\Interface\{15125718-D196-47C9-8FBF-9889C0C85D67}\ProxyStubClsid
HKCR\Interface\{15125718-D196-47C9-8FBF-9889C0C85D67}\ProxyStubClsid32
HKCR\Interface\{15125718-D196-47C9-8FBF-9889C0C85D67}\TypeLib
HKCR\Interface\{15125718-D196-47C9-8FBF-9889C0C85D67}\TypeLib#Version
HKCR\Interface\{21C40A12-3079-4A70-A715-8A44CE0DE829}
HKCR\Interface\{21C40A12-3079-4A70-A715-8A44CE0DE829}\ProxyStubClsid
HKCR\Interface\{21C40A12-3079-4A70-A715-8A44CE0DE829}\ProxyStubClsid32
HKCR\Interface\{21C40A12-3079-4A70-A715-8A44CE0DE829}\TypeLib
HKCR\Interface\{21C40A12-3079-4A70-A715-8A44CE0DE829}\TypeLib#Version
HKCR\Interface\{2A3E745F-1EAE-441F-A5D5-E53C909CEEC1}
HKCR\Interface\{2A3E745F-1EAE-441F-A5D5-E53C909CEEC1}\ProxyStubClsid
HKCR\Interface\{2A3E745F-1EAE-441F-A5D5-E53C909CEEC1}\ProxyStubClsid32
HKCR\Interface\{2A3E745F-1EAE-441F-A5D5-E53C909CEEC1}\TypeLib
HKCR\Interface\{2A3E745F-1EAE-441F-A5D5-E53C909CEEC1}\TypeLib#Version
HKCR\Interface\{2F6A3DCF-D68F-4663-8C25-312BCDBE4D47}
HKCR\Interface\{2F6A3DCF-D68F-4663-8C25-312BCDBE4D47}\ProxyStubClsid
HKCR\Interface\{2F6A3DCF-D68F-4663-8C25-312BCDBE4D47}\ProxyStubClsid32
HKCR\Interface\{2F6A3DCF-D68F-4663-8C25-312BCDBE4D47}\TypeLib
HKCR\Interface\{2F6A3DCF-D68F-4663-8C25-312BCDBE4D47}\TypeLib#Version
HKCR\Interface\{48129B70-2F29-4DBA-A499-BEB1A1554E10}
HKCR\Interface\{48129B70-2F29-4DBA-A499-BEB1A1554E10}\ProxyStubClsid
HKCR\Interface\{48129B70-2F29-4DBA-A499-BEB1A1554E10}\ProxyStubClsid32
HKCR\Interface\{48129B70-2F29-4DBA-A499-BEB1A1554E10}\TypeLib
HKCR\Interface\{48129B70-2F29-4DBA-A499-BEB1A1554E10}\TypeLib#Version
HKCR\Interface\{484E9A1B-C631-47F3-9BC0-F752CDAAFB9A}
HKCR\Interface\{484E9A1B-C631-47F3-9BC0-F752CDAAFB9A}\ProxyStubClsid
HKCR\Interface\{484E9A1B-C631-47F3-9BC0-F752CDAAFB9A}\ProxyStubClsid32
HKCR\Interface\{484E9A1B-C631-47F3-9BC0-F752CDAAFB9A}\TypeLib
HKCR\Interface\{484E9A1B-C631-47F3-9BC0-F752CDAAFB9A}\TypeLib#Version
HKCR\Interface\{A1886D5E-3508-4109-A8A0-F045AA86F3A3}
HKCR\Interface\{A1886D5E-3508-4109-A8A0-F045AA86F3A3}\ProxyStubClsid
HKCR\Interface\{A1886D5E-3508-4109-A8A0-F045AA86F3A3}\ProxyStubClsid32
HKCR\Interface\{A1886D5E-3508-4109-A8A0-F045AA86F3A3}\TypeLib
HKCR\Interface\{A1886D5E-3508-4109-A8A0-F045AA86F3A3}\TypeLib#Version
HKCR\Interface\{A2817460-5C53-4B41-8D01-D3EF255DD41E}
HKCR\Interface\{A2817460-5C53-4B41-8D01-D3EF255DD41E}\ProxyStubClsid
HKCR\Interface\{A2817460-5C53-4B41-8D01-D3EF255DD41E}\ProxyStubClsid32
HKCR\Interface\{A2817460-5C53-4B41-8D01-D3EF255DD41E}\TypeLib
HKCR\Interface\{A2817460-5C53-4B41-8D01-D3EF255DD41E}\TypeLib#Version
HKCR\Interface\{AEEA2138-2168-449E-B995-B56612EEF65E}
HKCR\Interface\{AEEA2138-2168-449E-B995-B56612EEF65E}\ProxyStubClsid
HKCR\Interface\{AEEA2138-2168-449E-B995-B56612EEF65E}\ProxyStubClsid32
HKCR\Interface\{AEEA2138-2168-449E-B995-B56612EEF65E}\TypeLib
HKCR\Interface\{AEEA2138-2168-449E-B995-B56612EEF65E}\TypeLib#Version
HKCR\Interface\{AEFD40BB-03E3-4C66-ABFB-B5720ACB833E}
HKCR\Interface\{AEFD40BB-03E3-4C66-ABFB-B5720ACB833E}\ProxyStubClsid
HKCR\Interface\{AEFD40BB-03E3-4C66-ABFB-B5720ACB833E}\ProxyStubClsid32
HKCR\Interface\{AEFD40BB-03E3-4C66-ABFB-B5720ACB833E}\TypeLib
HKCR\Interface\{AEFD40BB-03E3-4C66-ABFB-B5720ACB833E}\TypeLib#Version
HKCR\Interface\{B9C7A624-88E3-4DFA-8D56-438B10BC0149}
HKCR\Interface\{B9C7A624-88E3-4DFA-8D56-438B10BC0149}\ProxyStubClsid
HKCR\Interface\{B9C7A624-88E3-4DFA-8D56-438B10BC0149}\ProxyStubClsid32
HKCR\Interface\{B9C7A624-88E3-4DFA-8D56-438B10BC0149}\TypeLib
HKCR\Interface\{B9C7A624-88E3-4DFA-8D56-438B10BC0149}\TypeLib#Version
HKCR\Interface\{D21FBDCE-EF01-417C-A1A1-C1EEDB8D5DB6}
HKCR\Interface\{D21FBDCE-EF01-417C-A1A1-C1EEDB8D5DB6}\ProxyStubClsid
HKCR\Interface\{D21FBDCE-EF01-417C-A1A1-C1EEDB8D5DB6}\ProxyStubClsid32
HKCR\Interface\{D21FBDCE-EF01-417C-A1A1-C1EEDB8D5DB6}\TypeLib
HKCR\Interface\{D21FBDCE-EF01-417C-A1A1-C1EEDB8D5DB6}\TypeLib#Version
HKCR\Interface\{EBA2671E-29BF-42D8-B17E-AB5315CC73C5}
HKCR\Interface\{EBA2671E-29BF-42D8-B17E-AB5315CC73C5}\ProxyStubClsid
HKCR\Interface\{EBA2671E-29BF-42D8-B17E-AB5315CC73C5}\ProxyStubClsid32
HKCR\Interface\{EBA2671E-29BF-42D8-B17E-AB5315CC73C5}\TypeLib
HKCR\Interface\{EBA2671E-29BF-42D8-B17E-AB5315CC73C5}\TypeLib#Version
HKCR\Interface\{F105F0C9-50E2-44FA-B3EC-92CA7BFE0C0D}
HKCR\Interface\{F105F0C9-50E2-44FA-B3EC-92CA7BFE0C0D}\ProxyStubClsid
HKCR\Interface\{F105F0C9-50E2-44FA-B3EC-92CA7BFE0C0D}\ProxyStubClsid32
HKCR\Interface\{F105F0C9-50E2-44FA-B3EC-92CA7BFE0C0D}\TypeLib
HKCR\Interface\{F105F0C9-50E2-44FA-B3EC-92CA7BFE0C0D}\TypeLib#Version
HKCR\Interface\{F664EA90-9B91-4825-9B51-5635AC38CCA6}
HKCR\Interface\{F664EA90-9B91-4825-9B51-5635AC38CCA6}\ProxyStubClsid
HKCR\Interface\{F664EA90-9B91-4825-9B51-5635AC38CCA6}\ProxyStubClsid32
HKCR\Interface\{F664EA90-9B91-4825-9B51-5635AC38CCA6}\TypeLib
HKCR\Interface\{F664EA90-9B91-4825-9B51-5635AC38CCA6}\TypeLib#Version
C:\SYSTEM VOLUME INFORMATION\_RESTORE{522AA546-BDE3-4168-A439-CC5B83810CC6}\RP110\A0019668.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{522AA546-BDE3-4168-A439-CC5B83810CC6}\RP117\A0026015.EXE
Adware.180solutions/ZangoSearch
C:\SYSTEM VOLUME INFORMATION\_RESTORE{522AA546-BDE3-4168-A439-CC5B83810CC6}\RP117\A0026018.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{522AA546-BDE3-4168-A439-CC5B83810CC6}\RP117\A0026024.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{522AA546-BDE3-4168-A439-CC5B83810CC6}\RP117\A0026025.DLL
Browser Hijacker.Favorites
C:\RECYCLED\DC3.URL
--
Gæstebruger, opret dit eget login og få din egen signatur. Men det har indtil videre ikke hjulpet... Der kommer stadig en millard pop-up vinduer når jg prøver at gå på nettet... :-(
HJT-log kommer om et øjeblik
--
Gæstebruger, opret dit eget login og få din egen signatur. Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:23:12, on 13-09-2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Launch Manager\LaunchAp.exe
C:\Program Files\Launch Manager\PowerKey.exe
C:\Program Files\Launch Manager\HotkeyApp.exe
C:\Program Files\Launch Manager\OSDCtrl.exe
C:\Program Files\Launch Manager\Wbutton.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\rundll32.exe
C:\Acer\Empowering Technology\admtray.exe
C:\Acer\Empowering Technology\eRecovery\Monitor.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe
C:\WINDOWS\C0100Mon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\Acer\Empowering Technology\admServ.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\DOCUME~1\MARIAL~1\LOCALS~1\Temp\RtkBtMnt.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\HJTrenamed.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.dk[...]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com[...]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com[...]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com[...]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com[...]
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://global.acer.com[...]
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: (no name) - {F06E2ABE-3A50-4079-BE25-FC100D9EAA25} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [preload] C:\Windows\RUNXMLPL.exe
O4 - HKLM\..\Run: [LaunchAp] "C:\Program Files\Launch Manager\LaunchAp.exe"
O4 - HKLM\..\Run: [PowerKey] "C:\Program Files\Launch Manager\PowerKey.exe"
O4 - HKLM\..\Run: [LManager] "C:\Program Files\Launch Manager\HotkeyApp.exe"
O4 - HKLM\..\Run: [CtrlVol] "C:\Program Files\Launch Manager\CtrlVol.exe"
O4 - HKLM\..\Run: [LMgrOSD] "C:\Program Files\Launch Manager\OSDCtrl.exe"
O4 - HKLM\..\Run: [Wbutton] "C:\Program Files\Launch Manager\Wbutton.exe"
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [ADMTray.exe] "C:\Acer\Empowering Technology\admtray.exe"
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\Monitor.exe
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [AVFX Engine] C:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe
O4 - HKLM\..\Run: [C0100Mon.exe] C:\WINDOWS\C0100Mon.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe
O4 - HKCU\..\Run: [Creative Live! Cam Manager] "C:\Program Files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [IETI] C:\Program Files\Skype\Phone\IEPlugin\unins000.exe /VERYSILENT /SUPPRESSMSGBOXES /NORESTART (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [IETI] C:\Program Files\Skype\Phone\IEPlugin\unins000.exe /VERYSILENT /SUPPRESSMSGBOXES /NORESTART (User 'Default user')
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Send til &Bluetooth-enhed... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com[...]
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com[...]
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\WINDOWS\system32\__c001864A.dat
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
O23 - Service: AdminWorks Agent X6 (AWService) - Avocent Inc. - C:\Acer\Empowering Technology\admServ.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
--
End of file - 10952 bytes
--
Gæstebruger, opret dit eget login og få din egen signatur. Da der er stadig snavs..
Download http://siri.urz.free.fr[...] (by S!Ri)
Eller her:
http://72.232.135.12[...]
Til roden af C:drevet
Genstart i fejlsikret tilstand, hvis du ikke ved hvordan så kig her:
http://www.ctrlaltdel.dk[...]
Dobbeltklik på C:\Smitfraud exe. Vælg option #2 - Clean.
Det vil også checke om systemfilen wininet.dll er inficeret. Hvis den er det, vil du blive bedt om tilladelse til at erstatte den med en anden. Her skal du vælge "Yes", ved at taste "[b]y[/b]".
Programmet bliver muligvis nødt til at genstarte undervejs. Herefter vil der dukke en liste med resultaterne af rensningen op . den kan findes her - C:\rapport.txt.
Kopiér denne liste ind i tråden.
Derefter:
Hent Combofix, og gem den på dit skrivebord:
http://download.bleepingcomputer.com[...]
Kør så combofix.exe, og følg vejledningen i vinduet.
Du bør ikke klikke på vinduet imens værktøjet kører, idet det kan få din computer til at fryse.
Når combofix er færdig, og efter det har genstartet, skulle der gerne åbnes en logfil: combofix.txt som kan findes her-C:\combofix.txt
Kopier også denne log herind sammen med en ny hijackthis log.
--
--
Med venlig hilsen Arlet
www.arlet.dk[...]
www.malwarecheck.dk[...] ComboFix 07-09-14.2 - "Maria Lund" 2007-09-14 17:04:45.1 - [color=red][b]FAT32[/b][/color]x86
Microsoft Windows XP Professional 5.1.2600.2.1252.45.1033.18.408 [GMT 2:00]
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\DOCUME~1\ALLUSE~1\APPLIC~1\SeekmoSA
C:\DOCUME~1\ALLUSE~1\APPLIC~1\SeekmoSA\SeekmoSA.dat
C:\DOCUME~1\ALLUSE~1\APPLIC~1\SeekmoSA\SeekmoSAEULA.mht
C:\DOCUME~1\ALLUSE~1\APPLIC~1\SeekmoSA\SeekmoSAAbout.mht
C:\WINDOWS\system32\__c001864A.dat
C:\WINDOWS\system32\_000004_.tmp.dll
C:\WINDOWS\system32\_000005_.tmp.dll
C:\WINDOWS\system32\_000006_.tmp.dll
C:\WINDOWS\system32\_000007_.tmp.dll
C:\WINDOWS\system32\_000008_.tmp.dll
C:\WINDOWS\system32\_000017_.tmp.dll
.
((((((((((((((((((((((((( Files Created from 2007-08-14 to 2007-09-14 )))))))))))))))))))))))))))))))
.
2007-09-14 17:03 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-09-14 16:58 53,248 --a------ C:\WINDOWS\system32\Process.exe
2007-09-14 16:58 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2007-09-14 16:58 4,930 --a------ C:\WINDOWS\system32\tmp.reg
2007-09-14 16:58 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2007-09-14 16:58 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2007-09-14 16:57 d-------- C:\SmitfraudFix
2007-09-14 16:49 1,004,608 --a------ C:\SmitfraudFix.exe
2007-09-13 18:17 401,720 --a------ C:\Program Files\HJTrenamed.exe
2007-09-13 16:03 d-------- C:\Program Files\SUPERAntiSpyware
2007-09-13 16:03 d-------- C:\DOCUME~1\MARIAL~1\APPLIC~1\SUPERAntiSpyware.com
2007-09-13 16:03 d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\SUPERAntiSpyware.com
2007-09-12 01:03 d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Yahoo! Companion
2007-09-12 00:59 d-------- C:\Program Files\Yahoo!
2007-09-12 00:58 d-------- C:\Program Files\CCleaner
2007-09-11 23:38 29,704 --a------ C:\WINDOWS\system32\uxtuneup.dll
2007-09-11 23:37 d-------- C:\Program Files\TuneUp Utilities 2007
2007-09-11 23:36 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-09-11 23:18 d--hs---- C:\FOUND.006
2007-09-11 21:02 d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2007-09-09 18:42 d--hs---- C:\FOUND.005
2007-09-08 14:03 d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Creative
2007-09-03 18:13 d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
2007-09-02 20:47 d--hs---- C:\FOUND.004
2007-08-31 21:52 d--hs---- C:\FOUND.003
2007-08-28 20:44 d--hs---- C:\FOUND.002
2007-08-26 20:28 5,632 --a------ C:\WINDOWS\system32\ptpusb.dll
2007-08-26 20:28 159,232 --a------ C:\WINDOWS\system32\ptpusd.dll
2007-08-26 20:28 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2007-08-26 20:28 15,104 --a------ C:\WINDOWS\system32\dllcache\usbscan.sys
2007-08-16 14:46 d-------- C:\Program Files\MSXML 6.0
2007-08-15 09:58 d-------- C:\Program Files\Common Files\Skype
2007-08-14 15:32 d-------- C:\DOCUME~1\MARIAL~1\APPLIC~1\Sony Corporation
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-09-14 17:09 37664 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2007-09-14 17:09 32 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx
2007-09-14 17:09 32 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2007-09-14 17:09 1580 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2007-09-13 18:23 10954 --a------ C:\Program Files\hijackthis.log
2007-09-04 21:48 82061 --a------ C:\WINDOWS\system32\drivers\klick.dat
2007-09-04 21:48 81549 --a------ C:\WINDOWS\system32\drivers\klin.dat
2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\dllcache\cdm.dll
2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\cdm.dll
2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\wuapi.dll
2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\dllcache\wuapi.dll
2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\wuauclt.exe
2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\dllcache\wuauclt.exe
2007-07-30 19:19 43352 --a------ C:\WINDOWS\system32\wups2.dll
2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\wucltui.dll
2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\dllcache\wucltui.dll
2007-07-30 19:19 271224 --a------ C:\WINDOWS\system32\mucltui.dll
2007-07-30 19:19 207736 --a------ C:\WINDOWS\system32\muweb.dll
2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\wuweb.dll
2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\dllcache\wuweb.dll
2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\wuaueng.dll
2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\dllcache\wuaueng.dll
2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\wups.dll
2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\dllcache\wups.dll
2007-07-26 15:29 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\ZangoSA
2007-07-26 15:29 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\2ACA5CC3-0F83-453D-A079-1076FE1A8B65
2007-07-19 09:00 3583488 --a------ C:\WINDOWS\system32\dllcache\mshtml.dll
2007-07-13 01:31 765952 --a------ C:\WINDOWS\system32\dllcache\vgx.dll
2007-06-27 16:35 823808 --a------ C:\WINDOWS\system32\dllcache\wininet.dll
2007-06-27 16:35 232960 --a------ C:\WINDOWS\system32\dllcache\webcheck.dll
2007-06-27 16:34 671232 --a------ C:\WINDOWS\system32\dllcache\mstime.dll
2007-06-27 16:34 6058496 --------- C:\WINDOWS\system32\dllcache\ieframe.dll
2007-06-27 16:34 52224 --------- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2007-06-27 16:34 477696 --a------ C:\WINDOWS\system32\dllcache\mshtmled.dll
2007-06-27 16:34 459264 --------- C:\WINDOWS\system32\dllcache\msfeeds.dll
2007-06-27 16:34 44544 --a------ C:\WINDOWS\system32\dllcache\iernonce.dll
2007-06-27 16:34 384512 --a------ C:\WINDOWS\system32\dllcache\iedkcs32.dll
2007-06-27 16:34 383488 --------- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2007-06-27 16:34 27648 --a------ C:\WINDOWS\system32\dllcache\jsproxy.dll
2007-06-27 16:34 267776 --------- C:\WINDOWS\system32\dllcache\iertutil.dll
2007-06-27 16:34 230400 --a------ C:\WINDOWS\system32\dllcache\ieaksie.dll
2007-06-27 16:34 193024 --a------ C:\WINDOWS\system32\dllcache\msrating.dll
2007-06-27 16:34 153088 --a------ C:\WINDOWS\system32\dllcache\ieakeng.dll
2007-06-27 16:34 132608 --a------ C:\WINDOWS\system32\dllcache\extmgr.dll
2007-06-27 16:34 124928 --a------ C:\WINDOWS\system32\dllcache\advpack.dll
2007-06-27 16:34 1152000 --a------ C:\WINDOWS\system32\dllcache\urlmon.dll
2007-06-27 16:34 105984 --a------ C:\WINDOWS\system32\dllcache\url.dll
2007-06-27 16:34 102400 --a------ C:\WINDOWS\system32\dllcache\occache.dll
2007-06-27 10:27 63488 --a------ C:\WINDOWS\system32\dllcache\ie4uinit.exe
2007-06-27 10:27 625152 --a------ C:\WINDOWS\system32\dllcache\iexplore.exe
2007-06-27 10:27 13824 --------- C:\WINDOWS\system32\dllcache\ieudinit.exe
2007-06-27 09:00 161792 --a------ C:\WINDOWS\system32\dllcache\ieakui.dll
2007-06-26 22:10 317440 --a------ C:\WINDOWS\system32\dllcache\unregmp2.exe
2007-06-26 08:08 1104896 --a------ C:\WINDOWS\system32\msxml3.dll
2007-06-26 08:08 1104896 --a------ C:\WINDOWS\system32\dllcache\msxml3.dll
2007-06-19 15:31 282112 --a------ C:\WINDOWS\system32\gdi32.dll
2007-06-19 15:31 282112 --a------ C:\WINDOWS\system32\dllcache\gdi32.dll
2007-06-15 10:12 474112 --a------ C:\WINDOWS\system32\dllcache\shlwapi.dll
2007-06-15 10:12 151040 --a------ C:\WINDOWS\system32\dllcache\cdfview.dll
2007-06-15 10:12 1498112 --a------ C:\WINDOWS\system32\dllcache\shdocvw.dll
2007-06-15 10:12 1054208 --a------ C:\WINDOWS\system32\dllcache\danim.dll
2007-06-15 10:12 1022976 --a------ C:\WINDOWS\system32\dllcache\browseui.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-05 13:56]
"preload"="C:\Windows\RUNXMLPL.exe" [2005-05-19 17:09]
"LaunchAp"="C:\Program Files\Launch Manager\LaunchAp.exe" [2005-07-25 13:36]
"PowerKey"="C:\Program Files\Launch Manager\PowerKey.exe" [2002-08-30 15:02]
"LManager"="C:\Program Files\Launch Manager\HotkeyApp.exe" [2005-11-08 10:45]
"CtrlVol"="C:\Program Files\Launch Manager\CtrlVol.exe" [2003-09-16 14:28]
"LMgrOSD"="C:\Program Files\Launch Manager\OSDCtrl.exe" [2005-07-25 10:45]
"Wbutton"="C:\Program Files\Launch Manager\Wbutton.exe" [2005-11-08 10:19]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2004-10-05 16:25]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2004-10-05 16:24]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-10 04:00]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-10 04:00]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-10 04:00]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-10 04:00]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2005-08-12 14:43]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-10 04:00 C:\WINDOWS\system32\bthprops.cpl]
"ADMTray.exe"="C:\Acer\Empowering Technology\admtray.exe" [2005-10-24 16:45]
"eRecoveryService"="C:\Acer\Empowering Technology\eRecovery\Monitor.exe" [2006-01-24 18:00]
"RTHDCPL"="RTHDCPL.EXE" [2007-03-21 14:49 C:\WINDOWS\RTHDCPL.exe]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-03-14 19:05]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43]
"AVFX Engine"="C:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe" [2006-12-18 10:11]
"C0100Mon.exe"="C:\WINDOWS\C0100Mon.exe" [2006-10-02 19:00]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" [2007-01-29 23:02]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:55]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2007-08-06 12:43]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 16:45]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-27 18:13]
"PeerGuardian"="C:\Program Files\PeerGuardian2\pg2.exe" [2005-09-18 18:40]
"Creative Live! Cam Manager"="C:\Program Files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe" [2006-12-22 10:14]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 04:00]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 14:06]
[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"IETI"=C:\Program Files\Skype\Phone\IEPlugin\unins000.exe /VERYSILENT /SUPPRESSMSGBOXES /NORESTART
C:\DOCUME~1\ALLUSE~1\STARTM~1\Programs\Startup\
BTTray.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2005-12-02 14:30:42]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 10:01:04]
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=C:\WINDOWS\system32\__c001864A.dat
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime
R0 UBHelper;UBHelper;C:\WINDOWS\system32\drivers\UBHelper.sys
R0 viaagp;VIA AGP Bus Filter;C:\WINDOWS\system32\DRIVERS\viaagp.sys
R1 Hotkey;Hotkey;C:\WINDOWS\system32\drivers\Hotkey.sys
R1 OsaFsLoc;OsaFsLoc;\??\C:\WINDOWS\system32\drivers\OsaFsLoc.sys
R2 int15.sys;int15.sys;\??\C:\Acer\Empowering Technology\eRecovery\int15.sys
R2 osaio;osaio;\??\C:\WINDOWS\system32\drivers\osaio.sys
R2 osanbm;osanbm;\??\C:\WINDOWS\system32\drivers\osanbm.sys
R2 UxTuneUp;TuneUp Theme Extension;C:\WINDOWS\System32\svchost.exe -k netsvcs
R3 NdisFilt;OSA NdisFilter Protocol;C:\WINDOWS\system32\Drivers\NdisFilt.sys
R3 pgfilter;pgfilter;\??\C:\Program Files\PeerGuardian2\pgfilter.sys
R3 POWERKEY;POWERKEY;\??\C:\Program Files\Launch Manager\POWERKEY.sys
S1 Wbutton;Wbutton;C:\WINDOWS\system32\drivers\Wbutton.sys
S3 C0100Afx;Provides a software interface to control audio effects of VC0100 camera.;\??\C:\WINDOWS\system32\Drivers\C0100Afx.sys
S3 C0100Aud;Provides a software interface to control noise cancellation of VC0100 camera.;\??\C:\WINDOWS\system32\Drivers\C0100Aud.sys
S3 C0100Dev;Creative Camera VC0100 Driver;C:\WINDOWS\system32\DRIVERS\C0100Dev.sys
S3 C0100Vfx;Creative Camera VC0100 Video VFX Driver;C:\WINDOWS\system32\DRIVERS\C0100Vfx.sys
S3 SI15CI;SI15CI;\??\c:\elements\1stboot\SI15CI.SYS
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0e2daf22-e201-11db-a5f4-0016cf9bd0f7}]
AutoRun\command- F:\Launch.exe
*Newly Created Service* - INT15.SYS
.
Contents of the 'Scheduled Tasks' folder
"2007-08-09 17:39:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
"2007-09-14 15:15:02 C:\WINDOWS\Tasks\1-Click Maintenance.job"
- C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe
.
**************************************************************************
catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net[...]
Rootkit scan 2007-09-14 17:11:15
Windows 5.1.2600 Service Pack 2 FAT NTAPI
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\viaagp]
"ImagePath"="system32\DRIVERS\viaagp.sys"
.
Completion time: 2007-09-14 17:16:08 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-09-14 17:16
.
--- E O F ---
SmitFraudFix v2.223
Scan done at 16:58:20,14, 14-09-2007
Run from C:\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
The filesystem type is FAT32
Fix run in safe mode
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» Killing process
»»»»»»»»»»»»»»»»»»»»»»»» hosts
127.0.0.1 localhost
»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix
GenericRenosFix by S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files
»»»»»»»»»»»»»»»»»»»»»»»» DNS
HKLM\SYSTEM\CCS\Services\Tcpip\..\{1EBDDAB3-8EA3-46ED-B431-AA90F27148BA}: DhcpNameServer=212.10.10.5 212.10.10.4 212.10.10.3
HKLM\SYSTEM\CS1\Services\Tcpip\..\{1EBDDAB3-8EA3-46ED-B431-AA90F27148BA}: DhcpNameServer=212.10.10.5 212.10.10.4 212.10.10.3
HKLM\SYSTEM\CS3\Services\Tcpip\..\{1EBDDAB3-8EA3-46ED-B431-AA90F27148BA}: DhcpNameServer=212.10.10.5 212.10.10.4 212.10.10.3
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=212.10.10.5 212.10.10.4 212.10.10.3
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=212.10.10.5 212.10.10.4 212.10.10.3
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=212.10.10.5 212.10.10.4 212.10.10.3
»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""
»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning
Registry Cleaning done.
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» End
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:18:07, on 14-09-2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\Acer\Empowering Technology\admServ.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Launch Manager\LaunchAp.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Launch Manager\PowerKey.exe
C:\Program Files\Launch Manager\HotkeyApp.exe
C:\Program Files\Launch Manager\OSDCtrl.exe
C:\Program Files\Launch Manager\Wbutton.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\rundll32.exe
C:\Acer\Empowering Technology\admtray.exe
C:\Acer\Empowering Technology\eRecovery\Monitor.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe
C:\WINDOWS\C0100Mon.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\PeerGuardian2\pg2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\WINDOWS\System32\svchost.exe
C:\DOCUME~1\MARIAL~1\LOCALS~1\Temp\RtkBtMnt.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\HJTrenamed.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.dk[...]
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://global.acer.com[...]
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [preload] C:\Windows\RUNXMLPL.exe
O4 - HKLM\..\Run: [LaunchAp] "C:\Program Files\Launch Manager\LaunchAp.exe"
O4 - HKLM\..\Run: [PowerKey] "C:\Program Files\Launch Manager\PowerKey.exe"
O4 - HKLM\..\Run: [LManager] "C:\Program Files\Launch Manager\HotkeyApp.exe"
O4 - HKLM\..\Run: [CtrlVol] "C:\Program Files\Launch Manager\CtrlVol.exe"
O4 - HKLM\..\Run: [LMgrOSD] "C:\Program Files\Launch Manager\OSDCtrl.exe"
O4 - HKLM\..\Run: [Wbutton] "C:\Program Files\Launch Manager\Wbutton.exe"
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [ADMTray.exe] "C:\Acer\Empowering Technology\admtray.exe"
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\Monitor.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [AVFX Engine] C:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe
O4 - HKLM\..\Run: [C0100Mon.exe] C:\WINDOWS\C0100Mon.exe
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe
O4 - HKCU\..\Run: [Creative Live! Cam Manager] "C:\Program Files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [IETI] C:\Program Files\Skype\Phone\IEPlugin\unins000.exe /VERYSILENT /SUPPRESSMSGBOXES /NORESTART (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [IETI] C:\Program Files\Skype\Phone\IEPlugin\unins000.exe /VERYSILENT /SUPPRESSMSGBOXES /NORESTART (User 'Default user')
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Send til &Bluetooth-enhed... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com[...]
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com[...]
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\WINDOWS\system32\__c001864A.dat
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
O23 - Service: AdminWorks Agent X6 (AWService) - Avocent Inc. - C:\Acer\Empowering Technology\admServ.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
--
End of file - 10486 bytes
--
Gæstebruger, opret dit eget login og få din egen signatur.
Opret svar til indlægget: HJT hjælp
Grundet øget spam aktivitet fra gæstebrugere, er det desværre ikke længere muligt, at oprette svar som gæst.
Hvis du ønsker at deltage i debatten, skal du oprette en brugerprofil.
Opret bruger | Login
|
Du skal være logget ind for at tilmelde dig nyhedsbrev.
Hvilken udbyder har du til internet? 425 personer har stemt - Mit energiselskab (Ewii f.eks) 12%
|
|
|