Øystein T. Skrevet 28. april 2007 Rapporter Del Skrevet 28. april 2007 (endret) Hei, har problem med spyLocked og lasta med SmitfraudFix, SAS og HJT. Ser ut som det har fjerna problemet. Loggfilene ser slik ut: HijackThis: Klikk for å se/fjerne innholdet nedenfor Logfile of HijackThis v1.99.1Scan saved at 14:25:21, on 28.04.2007 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\ZCfgSvc.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system32\spoolsv.exe C:\Programfiler\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\WINDOWS\BCMSMMSG.exe C:\WINDOWS\System32\hkcmd.exe C:\Programfiler\Apoint\Apoint.exe C:\Programfiler\Java\jre1.6.0_01\bin\jusched.exe C:\Programfiler\Dell\QuickSet\quickset.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\Sigve\PopUp Killer\popupkiller.EXE C:\Sigve\D-Tools\daemon.exe C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe C:\Programfiler\Fellesfiler\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\MXOALDR.EXE C:\WINDOWS\System32\RegSrvc.exe C:\WINDOWS\System32\svchost.exe C:\Programfiler\QuickTime\qttask.exe C:\Programfiler\Anti-Blaxx\Anti-Blaxx.exe C:\Sigve\Winamp\winampa.exe C:\Programfiler\Intel\NCS\PROSet\PRONoMgr.exe C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Programfiler\MicroStar\Bluetooth Software\BTTray.exe C:\Programfiler\Apoint\Apntex.exe C:\Programfiler\MicroStar\Bluetooth Software\BTStackServer.exe C:\Programfiler\Microsoft AntiSpyware\gcasDtServ.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\WINDOWS\system32\NOTEPAD.EXE C:\Programfiler\Internet Explorer\iexplore.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Documents and Settings\s.f.\Skrivebord\hjt\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sol.no/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger R3 - URLSearchHook: (no name) - _{00D6A7E7-4A97-456f-848A-3B75BF7554D7} - (no file) F2 - REG:system.ini: Shell=explorer.exe " O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_01\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM\..\Run: [bCMSMMSG] BCMSMMSG.exe O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\System32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe O4 - HKLM\..\Run: [Apoint] C:\Programfiler\Apoint\Apoint.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programfiler\Java\jre1.6.0_01\bin\jusched.exe" O4 - HKLM\..\Run: [Dell QuickSet] C:\Programfiler\Dell\QuickSet\quickset.exe O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [updateManager] "C:\Programfiler\Fellesfiler\Sonic\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [PopUpKiller] C:\Sigve\PopUp Killer\popupkiller.EXE O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Sigve\D-Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [MaxtorOneTouch] C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe O4 - HKLM\..\Run: [MXO Auto Loader] C:\WINDOWS\MXOALDR.EXE O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [¢‰¸u0–4C »}ïÁzî[8C:\Programfiler\ISTsvc\istsvc.exe] C:\WINDOWS\jufcbcyc.exe O4 - HKLM\..\Run: [¢‰¸u0Ô@ÔÁg]ú"ü‰üžiC:\Programfiler\ISTsvc\istsvc.exe] C:\WINDOWS\jufcbcyc.exe O4 - HKLM\..\Run: [sSC_UserPrompt] C:\Programfiler\Fellesfiler\Symantec Shared\Security Center\UsrPrmpt.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [gcasServ] "C:\Programfiler\Microsoft AntiSpyware\gcasServ.exe" O4 - HKLM\..\Run: [Anti-Blaxx Manager] C:\Programfiler\Anti-Blaxx\Anti-Blaxx.exe O4 - HKLM\..\Run: [WinampAgent] C:\Sigve\Winamp\winampa.exe O4 - HKLM\..\Run: [ZCfgSvc.exe] C:\WINDOWS\System32\ZCfgSvc.exe O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Programfiler\Intel\NCS\PROSet\PRONoMgr.exe O4 - HKCU\..\Run: [skype] "C:\Sigve\Skype\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programfiler\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: BTTray.lnk = ? O4 - Global Startup: GStartup.lnk = C:\Programfiler\Fellesfiler\GMT\GMT.exe O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra button: Oppslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra button: (no name) - {6685509E-B47B-4f47-8E16-9A5F3A62F683} - file://C:\Programfiler\Ebates_MoeMoneyMaker\Sy350\Tp350\scri350a.htm (file missing) (HKCU) O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://sieriks1984.spaces.msn.com//PhotoUpload/MsnPUpld.cab O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab O16 - DPF: {91433D86-9F27-402C-B5E3-DEBDD122C339} - http://www.netvenda.com/sites/games-no/no/games4.cab O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Filter: text/html - {6EA07FAF-2921-4439-B7C8-29DA60ED5548} - C:\Documents and Settings\s.f.\Lokale innstillinger\Programdata\microsoft\internet explorer\V0.39.dat O20 - Winlogon Notify: !SASWinLogon - C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll O20 - Winlogon Notify: Sebring - C:\WINDOWS\System32\LgNotify.dll O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Programfiler\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Programfiler\Intel\NCS\Sync\NetSvc.exe O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\System32\RegSrvc.exe O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\System32\S24EvMon.exe O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe (file missing) O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\Security Center\SymWSC.exe Og SAS: Klikk for å se/fjerne innholdet nedenfor SUPERAntiSpyware Scan Loghttp://www.superantispyware.com Generated 04/28/2007 at 02:14 PM Application Version : 3.7.1018 Core Rules Database Version : 3227 Trace Rules Database Version: 1238 Scan type : Complete Scan Total Scan Time : 00:39:17 Memory items scanned : 166 Memory threats detected : 1 Registry items scanned : 5439 Registry threats detected : 148 File items scanned : 29352 File threats detected : 257 Malware.SpyLocked C:\WINDOWS\SYSTEM32\ILMPJY.DLL C:\WINDOWS\SYSTEM32\ILMPJY.DLL HKLM\Software\Classes\CLSID\{4233ac08-a2c4-4742-a0b4-83719613d62c} HKCR\CLSID\{4233AC08-A2C4-4742-A0B4-83719613D62C} HKCR\CLSID\{4233AC08-A2C4-4742-A0B4-83719613D62C}\InProcServer32 HKCR\CLSID\{4233AC08-A2C4-4742-A0B4-83719613D62C}\InProcServer32#ThreadingModel HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler#{4233ac08-a2c4-4742-a0b4-83719613d62c} HKCR\CLSID\{4233AC08-A2C4-4742-A0B4-83719613D62C} HKCR\TypeLib\{DB926F0D-182A-4088-9B2A-1DB210619AC2} HKCR\TypeLib\{DB926F0D-182A-4088-9B2A-1DB210619AC2}\1.0 HKCR\TypeLib\{DB926F0D-182A-4088-9B2A-1DB210619AC2}\1.0\0 HKCR\TypeLib\{DB926F0D-182A-4088-9B2A-1DB210619AC2}\1.0\0\win32 HKCR\TypeLib\{DB926F0D-182A-4088-9B2A-1DB210619AC2}\1.0\FLAGS HKCR\TypeLib\{DB926F0D-182A-4088-9B2A-1DB210619AC2}\1.0\HELPDIR HKCR\Interface\{28C185E0-2782-4C11-B414-C749654CEBEF} HKCR\Interface\{28C185E0-2782-4C11-B414-C749654CEBEF}\ProxyStubClsid HKCR\Interface\{28C185E0-2782-4C11-B414-C749654CEBEF}\ProxyStubClsid32 HKCR\Interface\{28C185E0-2782-4C11-B414-C749654CEBEF}\TypeLib HKCR\Interface\{28C185E0-2782-4C11-B414-C749654CEBEF}\TypeLib#Version HKCR\Interface\{2D9C224E-1640-400D-83D0-3DE904F3CD51} HKCR\Interface\{2D9C224E-1640-400D-83D0-3DE904F3CD51}\ProxyStubClsid HKCR\Interface\{2D9C224E-1640-400D-83D0-3DE904F3CD51}\ProxyStubClsid32 HKCR\Interface\{2D9C224E-1640-400D-83D0-3DE904F3CD51}\TypeLib HKCR\Interface\{2D9C224E-1640-400D-83D0-3DE904F3CD51}\TypeLib#Version HKCR\Interface\{3BD36779-FABD-4974-B681-95B79900603D} HKCR\Interface\{3BD36779-FABD-4974-B681-95B79900603D}\ProxyStubClsid HKCR\Interface\{3BD36779-FABD-4974-B681-95B79900603D}\ProxyStubClsid32 HKCR\Interface\{3BD36779-FABD-4974-B681-95B79900603D}\TypeLib HKCR\Interface\{3BD36779-FABD-4974-B681-95B79900603D}\TypeLib#Version HKCR\Interface\{3FBD43FB-45D9-4AD6-97C5-DB2A208DBE1B} HKCR\Interface\{3FBD43FB-45D9-4AD6-97C5-DB2A208DBE1B}\ProxyStubClsid HKCR\Interface\{3FBD43FB-45D9-4AD6-97C5-DB2A208DBE1B}\ProxyStubClsid32 HKCR\Interface\{3FBD43FB-45D9-4AD6-97C5-DB2A208DBE1B}\TypeLib HKCR\Interface\{3FBD43FB-45D9-4AD6-97C5-DB2A208DBE1B}\TypeLib#Version HKCR\Interface\{458338B4-8CF4-4F76-B05A-391EFCB91DAF} HKCR\Interface\{458338B4-8CF4-4F76-B05A-391EFCB91DAF}\ProxyStubClsid HKCR\Interface\{458338B4-8CF4-4F76-B05A-391EFCB91DAF}\ProxyStubClsid32 HKCR\Interface\{458338B4-8CF4-4F76-B05A-391EFCB91DAF}\TypeLib HKCR\Interface\{458338B4-8CF4-4F76-B05A-391EFCB91DAF}\TypeLib#Version HKCR\Interface\{49792BDF-272E-485A-8EDC-0F26F3B499A8} HKCR\Interface\{49792BDF-272E-485A-8EDC-0F26F3B499A8}\ProxyStubClsid HKCR\Interface\{49792BDF-272E-485A-8EDC-0F26F3B499A8}\ProxyStubClsid32 HKCR\Interface\{49792BDF-272E-485A-8EDC-0F26F3B499A8}\TypeLib HKCR\Interface\{49792BDF-272E-485A-8EDC-0F26F3B499A8}\TypeLib#Version HKCR\Interface\{4D3DD52E-F48A-46F2-BE86-7F9B4BA7BB2F} HKCR\Interface\{4D3DD52E-F48A-46F2-BE86-7F9B4BA7BB2F}\ProxyStubClsid HKCR\Interface\{4D3DD52E-F48A-46F2-BE86-7F9B4BA7BB2F}\ProxyStubClsid32 HKCR\Interface\{4D3DD52E-F48A-46F2-BE86-7F9B4BA7BB2F}\TypeLib HKCR\Interface\{4D3DD52E-F48A-46F2-BE86-7F9B4BA7BB2F}\TypeLib#Version HKCR\Interface\{6DAEFDEA-1466-4A40-A530-E390FF58D248} HKCR\Interface\{6DAEFDEA-1466-4A40-A530-E390FF58D248}\ProxyStubClsid HKCR\Interface\{6DAEFDEA-1466-4A40-A530-E390FF58D248}\ProxyStubClsid32 HKCR\Interface\{6DAEFDEA-1466-4A40-A530-E390FF58D248}\TypeLib HKCR\Interface\{6DAEFDEA-1466-4A40-A530-E390FF58D248}\TypeLib#Version HKCR\Interface\{725BAD2A-8A0E-42D5-A028-B51794238C35} HKCR\Interface\{725BAD2A-8A0E-42D5-A028-B51794238C35}\ProxyStubClsid HKCR\Interface\{725BAD2A-8A0E-42D5-A028-B51794238C35}\ProxyStubClsid32 HKCR\Interface\{725BAD2A-8A0E-42D5-A028-B51794238C35}\TypeLib HKCR\Interface\{725BAD2A-8A0E-42D5-A028-B51794238C35}\TypeLib#Version HKCR\Interface\{9692D0FB-693D-4B8C-8D61-040DBBE5D617} HKCR\Interface\{9692D0FB-693D-4B8C-8D61-040DBBE5D617}\ProxyStubClsid HKCR\Interface\{9692D0FB-693D-4B8C-8D61-040DBBE5D617}\ProxyStubClsid32 HKCR\Interface\{9692D0FB-693D-4B8C-8D61-040DBBE5D617}\TypeLib HKCR\Interface\{9692D0FB-693D-4B8C-8D61-040DBBE5D617}\TypeLib#Version HKCR\Interface\{C099E01B-9751-46F7-AAC8-386F3B4EEC92} HKCR\Interface\{C099E01B-9751-46F7-AAC8-386F3B4EEC92}\ProxyStubClsid HKCR\Interface\{C099E01B-9751-46F7-AAC8-386F3B4EEC92}\ProxyStubClsid32 HKCR\Interface\{C099E01B-9751-46F7-AAC8-386F3B4EEC92}\TypeLib HKCR\Interface\{C099E01B-9751-46F7-AAC8-386F3B4EEC92}\TypeLib#Version HKCR\Interface\{CAB9D558-0A83-4528-988A-CB1D7A69022E} HKCR\Interface\{CAB9D558-0A83-4528-988A-CB1D7A69022E}\ProxyStubClsid HKCR\Interface\{CAB9D558-0A83-4528-988A-CB1D7A69022E}\ProxyStubClsid32 HKCR\Interface\{CAB9D558-0A83-4528-988A-CB1D7A69022E}\TypeLib HKCR\Interface\{CAB9D558-0A83-4528-988A-CB1D7A69022E}\TypeLib#Version HKCR\Interface\{CC17B63E-CB49-4D83-A33E-91ED305AB85E} HKCR\Interface\{CC17B63E-CB49-4D83-A33E-91ED305AB85E}\ProxyStubClsid HKCR\Interface\{CC17B63E-CB49-4D83-A33E-91ED305AB85E}\ProxyStubClsid32 HKCR\Interface\{CC17B63E-CB49-4D83-A33E-91ED305AB85E}\TypeLib HKCR\Interface\{CC17B63E-CB49-4D83-A33E-91ED305AB85E}\TypeLib#Version HKCR\Interface\{D5531EF6-EFDA-4894-9A24-8DA190940C38} HKCR\Interface\{D5531EF6-EFDA-4894-9A24-8DA190940C38}\ProxyStubClsid HKCR\Interface\{D5531EF6-EFDA-4894-9A24-8DA190940C38}\ProxyStubClsid32 HKCR\Interface\{D5531EF6-EFDA-4894-9A24-8DA190940C38}\TypeLib HKCR\Interface\{D5531EF6-EFDA-4894-9A24-8DA190940C38}\TypeLib#Version HKCR\Interface\{E916C096-5854-432E-8624-AFCF464D57F8} HKCR\Interface\{E916C096-5854-432E-8624-AFCF464D57F8}\ProxyStubClsid HKCR\Interface\{E916C096-5854-432E-8624-AFCF464D57F8}\ProxyStubClsid32 HKCR\Interface\{E916C096-5854-432E-8624-AFCF464D57F8}\TypeLib HKCR\Interface\{E916C096-5854-432E-8624-AFCF464D57F8}\TypeLib#Version HKCR\Interface\{FC55856C-204B-45B0-9467-4FBAE8D8FE73} HKCR\Interface\{FC55856C-204B-45B0-9467-4FBAE8D8FE73}\ProxyStubClsid HKCR\Interface\{FC55856C-204B-45B0-9467-4FBAE8D8FE73}\ProxyStubClsid32 HKCR\Interface\{FC55856C-204B-45B0-9467-4FBAE8D8FE73}\TypeLib HKCR\Interface\{FC55856C-204B-45B0-9467-4FBAE8D8FE73}\TypeLib#Version Adware.Avenue Media [Jptzacc] C:\PROGRAM FILES\RYAM\JIJHQ.EXE C:\PROGRAM FILES\RYAM\JIJHQ.EXE Trojan.IBM/Shell [shell] C:\PROGRAMFILER\FELLESFILER\MICROSOFT SHARED\WEB FOLDERS\IBM00003.EXE C:\PROGRAMFILER\FELLESFILER\MICROSOFT SHARED\WEB FOLDERS\IBM00003.EXE C:\PROGRAMFILER\FELLESFILER\MICROSOFT SHARED\WEB FOLDERS\IBM00004.DLL C:\WINDOWS\PREFETCH\IBM00003.EXE-0AEAE6CD.PF Trojan.Media-Codec/V2 HKLM\Software\Classes\CLSID\{D34F5D71-99E4-4D96-91CA-F4104F69B8AE} HKCR\CLSID\{D34F5D71-99E4-4D96-91CA-F4104F69B8AE} HKCR\CLSID\{D34F5D71-99E4-4D96-91CA-F4104F69B8AE} HKCR\CLSID\{D34F5D71-99E4-4D96-91CA-F4104F69B8AE}\InprocServer32 HKCR\CLSID\{D34F5D71-99E4-4D96-91CA-F4104F69B8AE}\InprocServer32#ThreadingModel C:\PROGRAMFILER\VIDEO AX OBJECT\BPVOL.DLL HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Browser Protection Volume HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Browser Protection Volume#DisplayName HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Browser Protection Volume#UninstallString HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Explorer Secure Plug-in HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Explorer Secure Plug-in#DisplayName HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Explorer Secure Plug-in#UninstallString Adware.IST/ISTBar (Slotch Bar) HKU\S-1-5-21-4161807351-332089663-2545455050-1006\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser#{5F1ABCDB-A875-46C1-8345-B72A4567E486} HKU\S-1-5-21-4161807351-332089663-2545455050-1006\Software\IST HKCR\TypeLib\{67907B3C-A6EF-4A01-99AD-3FCD5F526429} HKCR\TypeLib\{67907B3C-A6EF-4A01-99AD-3FCD5F526429}\1.1 HKCR\TypeLib\{67907B3C-A6EF-4A01-99AD-3FCD5F526429}\1.1\0 HKCR\TypeLib\{67907B3C-A6EF-4A01-99AD-3FCD5F526429}\1.1\0\win32 HKCR\TypeLib\{67907B3C-A6EF-4A01-99AD-3FCD5F526429}\1.1\FLAGS HKCR\TypeLib\{67907B3C-A6EF-4A01-99AD-3FCD5F526429}\1.1\HELPDIR HKCR\Interface\{0985C112-2562-46F2-8DA6-92648BA4630F} HKCR\Interface\{0985C112-2562-46F2-8DA6-92648BA4630F}\ProxyStubClsid HKCR\Interface\{0985C112-2562-46F2-8DA6-92648BA4630F}\ProxyStubClsid32 HKCR\Interface\{0985C112-2562-46F2-8DA6-92648BA4630F}\TypeLib HKCR\Interface\{0985C112-2562-46F2-8DA6-92648BA4630F}\TypeLib#Version HKU\S-1-5-21-4161807351-332089663-2545455050-1006\Software\Microsoft\Internet Explorer\Main#BandRest [ Never ] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main#BandRest [ Never ] Adware.Tracking Cookie C:\Documents and Settings\s.f.\Cookies\s.f.@statcounter[2].txt C:\Documents and Settings\s.f.\Cookies\[email protected][1].txt C:\Documents and Settings\s.f.\Cookies\[email protected][1].txt C:\Documents and Settings\s.f.\Cookies\[email protected][1].txt C:\Documents and Settings\s.f.\Cookies\[email protected][1].txt C:\Documents and Settings\s.f.\Cookies\[email protected][1].txt C:\Documents and Settings\s.f.\Cookies\s.f.@serviceswitching[2].txt C:\Documents and Settings\s.f.\Cookies\[email protected][1].txt C:\Documents and Settings\s.f.\Cookies\[email protected][1].txt C:\Documents and Settings\s.f.\Cookies\[email protected][1].txt C:\Documents and Settings\s.f.\Cookies\[email protected][1].txt C:\Documents and Settings\s.f.\Cookies\s.f.@revenue[1].txt C:\Documents and Settings\s.f.\Cookies\[email protected][1].txt C:\Documents and Settings\s.f.\Cookies\[email protected][1].txt C:\Documents and Settings\s.f.\Cookies\[email protected][2].txt C:\Documents and Settings\s.f.\Cookies\s.f.@belnk[2].txt C:\Documents and Settings\s.f.\Cookies\[email protected][1].txt C:\Documents and Settings\s.f.\Cookies\s.f.@pacificpoker[2].txt C:\Documents and Settings\s.f.\Cookies\[email protected][2].txt C:\Documents and Settings\s.f.\Cookies\[email protected][2].txt C:\Documents and Settings\s.f.\Cookies\[email protected][2].txt C:\Documents and Settings\s.f.\Cookies\s.f.@school[1].txt C:\Documents and Settings\s.f.\Cookies\[email protected][1].txt C:\Documents and Settings\s.f.\Cookies\[email protected][2].txt C:\Documents and Settings\s.f.\Cookies\[email protected][1].txt C:\Documents and Settings\s.f.\Cookies\[email protected][2].txt C:\Documents and Settings\s.f.\Cookies\s.f.@bluestreak[2].txt C:\Documents and Settings\s.f.\Cookies\s.f.@realmedia[2].txt C:\Documents and Settings\s.f.\Cookies\s.f.@888[1].txt C:\Documents and Settings\s.f.\Cookies\s.f.@leadgenetwork[2].txt C:\Documents and Settings\s.f.\Cookies\s.f.@hitbox[2].txt C:\Documents and Settings\s.f.\Cookies\[email protected][1].txt C:\Documents and Settings\s.f.\Cookies\[email protected][2].txt C:\Documents and Settings\s.f.\Cookies\[email protected][1].txt C:\Documents and Settings\s.f.\Cookies\[email protected][1].txt C:\Documents and Settings\s.f.\Cookies\s.f.@windowsmedia[2].txt C:\Documents and Settings\s.f.\Cookies\[email protected][3].txt C:\Documents and Settings\s.f.\Cookies\s.f.@xiti[1].txt C:\Documents and Settings\s.f.\Cookies\[email protected][2].txt C:\Documents and Settings\s.f.\Cookies\s.f.@partypoker[2].txt C:\Documents and Settings\s.f.\Cookies\[email protected][2].txt C:\Documents and Settings\s.f.\Cookies\[email protected][1].txt C:\Documents and Settings\s.f.\Cookies\[email protected][1].txt C:\Documents and Settings\s.f.\Cookies\[email protected][2].txt C:\Documents and Settings\s.f.\Cookies\s.f.@cgi-bin[2].txt C:\Documents and Settings\s.f.\Cookies\s.f.@cgi-bin[6].txt C:\Documents and Settings\s.f.\Cookies\[email protected][2].txt C:\Documents and Settings\s.f.\Cookies\[email protected][2].txt C:\Documents and Settings\s.f.\Cookies\[email protected][1].txt C:\Documents and Settings\s.f.\Cookies\[email protected][1].txt C:\Documents and Settings\s.f.\Cookies\s.f.@roiservice[1].txt C:\Documents and Settings\s.f.\Cookies\[email protected][2].txt C:\Documents and Settings\s.f.\Cookies\[email protected][1].txt C:\Documents and Settings\s.f.\Cookies\[email protected][1].txt C:\Documents and Settings\s.f.\Cookies\s.f.@winfixer[2].txt C:\Documents and Settings\s.f.\Cookies\s.f.@clickbank[1].txt C:\Documents and Settings\s.f.\Cookies\[email protected][2].txt C:\Documents and Settings\s.f.\Cookies\s.f.@pacificpoker[1].txt C:\Documents and Settings\s.f.\Cookies\s.f.@zedo[2].txt C:\Documents and Settings\s.f.\Cookies\[email protected][1].txt C:\Documents and Settings\s.f.\Cookies\s.f.@burstnet[2].txt C:\Documents and Settings\s.f.\Cookies\[email protected][2].txt C:\Documents and Settings\s.f.\Cookies\s.f.@superstats[1].txt C:\Documents and Settings\s.f.\Cookies\s.f.@valueclick[1].txt C:\Documents and Settings\s.f.\Cookies\[email protected][2].txt C:\Documents and Settings\s.f.\Cookies\[email protected][2].txt C:\Documents and Settings\s.f.\Cookies\[email protected][2].txt C:\Documents and Settings\s.f.\Cookies\s.f.@trafficmp[2].txt C:\Documents and Settings\s.f.\Cookies\[email protected][2].txt C:\Documents and Settings\s.f.\Cookies\s.f.@cpvfeed[2].txt C:\Documents and Settings\s.f.\Cookies\s.f.@tradedoubler[2].txt C:\Documents and Settings\s.f.\Cookies\[email protected][2].txt C:\Documents and Settings\s.f.\Cookies\s.f.@25238486[1].txt C:\Documents and Settings\s.f.\Cookies\[email protected][2].txt C:\Documents and Settings\s.f.\Cookies\[email protected][1].txt C:\Documents and Settings\s.f.\Cookies\[email protected][1].txt C:\Documents and Settings\s.f.\Cookies\[email protected][2].txt C:\Documents and Settings\s.f.\Cookies\[email protected][1].txt C:\Documents and Settings\s.f.\Cookies\s.f.@admarketplace[1].txt C:\Documents and Settings\s.f.\Cookies\s.f.@atdmt[2].txt C:\Documents and Settings\s.f.\Cookies\s.f.@advertising[1].txt C:\Documents and Settings\s.f.\Cookies\s.f.@cassava[1].txt C:\Documents and Settings\s.f.\Cookies\s.f.@fastclick[1].txt C:\Documents and Settings\s.f.\Cookies\[email protected][1].txt C:\Documents and Settings\s.f.\Cookies\[email protected][1].txt C:\Documents and Settings\s.f.\Cookies\s.f.@2o7[2].txt C:\Documents and Settings\s.f.\Cookies\s.f.@a[1].txt C:\Documents and Settings\s.f.\Cookies\[email protected][1].txt C:\Documents and Settings\s.f.\Cookies\s.f.@doubleclick[1].txt C:\Documents and Settings\s.f.\Cookies\s.f.@casalemedia[1].txt C:\Documents and Settings\s.f.\Cookies\[email protected][2].txt C:\Documents and Settings\s.f.\Cookies\s.f.@adtech[1].txt C:\Documents and Settings\s.f.\Cookies\[email protected][1].txt C:\Documents and Settings\s.f.\Cookies\s.f.@tribalfusion[1].txt C:\Documents and Settings\s.f.\Cookies\s.f.@1070364347[1].txt C:\Documents and Settings\s.f.\Cookies\[email protected][2].txt C:\Documents and Settings\s.f.\Cookies\[email protected][2].txt C:\Documents and Settings\s.f.\Cookies\[email protected][1].txt C:\Documents and Settings\s.f.\Cookies\s.f.@atwola[1].txt C:\Documents and Settings\s.f.\Cookies\[email protected][1].txt C:\Documents and Settings\s.f.\Cookies\[email protected][1].txt C:\Documents and Settings\s.f.\Cookies\[email protected][1].txt C:\Documents and Settings\s.f.\Cookies\s.f.@mediaplex[1].txt C:\Documents and Settings\s.f.\Cookies\s.f.@casinolasvegas[1].txt C:\Documents and Settings\s.f.\Cookies\[email protected][2].txt C:\Documents and Settings\s.f.\Cookies\[email protected][1].txt C:\Documents and Settings\s.f.\Cookies\s.f.@247realmedia[1].txt C:\Documents and Settings\s.f.\Cookies\[email protected][1].txt C:\Documents and Settings\s.f.\Cookies\[email protected][2].txt C:\Documents and Settings\s.f.\Cookies\[email protected][2].txt C:\Documents and Settings\s.f.\Cookies\[email protected][1].txt C:\Documents and Settings\s.f.\Cookies\[email protected][2].txt C:\Documents and Settings\s.f.\Cookies\[email protected][2].txt C:\Documents and Settings\s.f.\Cookies\[email protected][2].txt C:\Documents and Settings\s.f.\Cookies\s.f.@drivecleaner[2].txt C:\Documents and Settings\s.f.\Cookies\s.f.@adrevolver[2].txt C:\Documents and Settings\s.f.\Cookies\[email protected][2].txt C:\Documents and Settings\s.f.\Cookies\[email protected][1].txt C:\Documents and Settings\s.f.\Cookies\[email protected][1].txt C:\Documents and Settings\s.f.\Cookies\[email protected][1].txt C:\Documents and Settings\s.f.\Cookies\s.f.@serving-sys[2].txt C:\Documents and Settings\s.f.\Cookies\[email protected][2].txt C:\Documents and Settings\s.f.\Cookies\[email protected][1].txt C:\Documents and Settings\s.f.\Cookies\[email protected][2].txt C:\Documents and Settings\s.f.\Cookies\s.f.@click24[1].txt C:\Documents and Settings\s.f.\Cookies\[email protected][2].txt C:\Documents and Settings\s.f.\Cookies\[email protected][1].txt C:\Documents and Settings\s.f.\Cookies\[email protected][1].txt C:\Documents and Settings\s.f.\Cookies\s.f.@sextracker[1].txt C:\Documents and Settings\s.f.\Cookies\s.f.@cgi-bin[4].txt C:\Documents and Settings\s.f.\Cookies\[email protected][1].txt C:\Documents and Settings\s.f.\Cookies\[email protected][2].txt C:\Documents and Settings\s.f.\Cookies\s.f.@interclick[2].txt C:\Documents and Settings\s.f.\Cookies\s.f.@cgi-bin[7].txt C:\Documents and Settings\s.f.\Cookies\[email protected][2].txt C:\Documents and Settings\s.f.\Cookies\[email protected][2].txt C:\Documents and Settings\s.f.\Cookies\[email protected][1].txt C:\Documents and Settings\s.f.\Cookies\s.f.@linksynergy[2].txt C:\Documents and Settings\s.f.\Cookies\s.f.@mb[2].txt C:\Documents and Settings\s.f.\Cookies\[email protected][2].txt C:\Documents and Settings\s.f.\Cookies\[email protected][1].txt C:\Documents and Settings\s.f.\Cookies\[email protected][2].txt C:\Documents and Settings\s.f.\Cookies\[email protected][1].txt C:\Documents and Settings\s.f.\Cookies\[email protected][1].txt C:\Documents and Settings\s.f.\Cookies\s.f.@noeb[1].txt C:\Documents and Settings\s.f.\Cookies\[email protected][1].txt C:\Documents and Settings\s.f.\Cookies\[email protected][2].txt C:\Documents and Settings\s.f.\Cookies\[email protected][1].txt C:\Documents and Settings\s.f.\Cookies\s.f.@tacoda[1].txt C:\Documents and Settings\s.f.\Cookies\[email protected][1].txt C:\Documents and Settings\s.f.\Cookies\s.f.@questionmarket[1].txt C:\Documents and Settings\s.f.\Cookies\[email protected][2].txt C:\Documents and Settings\s.f.\Cookies\[email protected][1].txt C:\Documents and Settings\s.f.\Cookies\[email protected][1].txt C:\Documents and Settings\s.f.\Cookies\[email protected][2].txt C:\Documents and Settings\s.f.\Cookies\s.f.@mb[1].txt C:\Documents and Settings\s.f.\Cookies\[email protected][3].txt C:\Documents and Settings\s.f.\Cookies\s.f.@ebookers[2].txt C:\Documents and Settings\s.f.\Cookies\s.f.@flights[1].txt C:\Documents and Settings\s.f.\Cookies\[email protected][2].txt C:\Documents and Settings\s.f.\Cookies\s.f.@indexstats[2].txt C:\Documents and Settings\s.f.\Cookies\s.f.@cgi-bin[1].txt C:\Documents and Settings\s.f.\Cookies\[email protected][1].txt C:\Documents and Settings\s.f.\Cookies\[email protected][2].txt C:\Documents and Settings\s.f.\Cookies\[email protected][1].txt C:\Documents and Settings\s.f.\Cookies\[email protected][1].txt C:\Documents and Settings\s.f.\Cookies\[email protected][1].txt C:\Documents and Settings\s.f.\Cookies\s.f.@mb[3].txt C:\Documents and Settings\s.f.\Cookies\[email protected][1].txt C:\Documents and Settings\s.f.\Cookies\[email protected][1].txt C:\Documents and Settings\s.f.\Cookies\s.f.@ad[1].txt C:\Documents and Settings\s.f.\Cookies\s.f.@revsci[1].txt C:\Documents and Settings\s.f.\Cookies\[email protected][2].txt C:\Documents and Settings\s.f.\Cookies\[email protected][2].txt C:\Documents and Settings\s.f.\Cookies\[email protected][1].txt C:\Documents and Settings\s.f.\Cookies\[email protected][1].txt C:\Documents and Settings\s.f.\Cookies\s.f.@indextools[2].txt C:\Documents and Settings\s.f.\Cookies\s.f.@cgi-bin[5].txt C:\Documents and Settings\s.f.\Cookies\[email protected][2].txt C:\Documents and Settings\s.f.\Cookies\s.f.@overture[2].txt C:\Documents and Settings\s.f.\Cookies\s.f.@yourmedia[1].txt C:\Documents and Settings\s.f.\Cookies\s.f.@mb[5].txt C:\Documents and Settings\s.f.\Cookies\s.f.@clicksor[2].txt C:\Documents and Settings\s.f.\Cookies\[email protected][1].txt C:\Documents and Settings\s.f.\Cookies\s.f.@adultactioncam[2].txt C:\Documents and Settings\s.f.\Cookies\[email protected][2].txt C:\Documents and Settings\s.f.\Cookies\s.f.@1070479749[1].txt C:\Documents and Settings\s.f.\Cookies\[email protected][1].txt C:\Documents and Settings\s.f.\Cookies\[email protected][1].txt C:\Documents and Settings\s.f.\Cookies\s.f.@yadro[1].txt C:\Documents and Settings\s.f.\Cookies\[email protected][1].txt C:\Documents and Settings\s.f.\Cookies\[email protected][1].txt C:\Documents and Settings\s.f.\Cookies\s.f.@1066577276[2].txt C:\Documents and Settings\s.f.\Cookies\s.f.@targetnet[1].txt C:\Documents and Settings\s.f.\Cookies\[email protected][1].txt C:\Documents and Settings\s.f.\Cookies\[email protected][2].txt C:\Documents and Settings\s.f.\Cookies\[email protected][1].txt C:\Documents and Settings\s.f.\Cookies\[email protected][1].txt C:\Documents and Settings\s.f.\Cookies\s.f.@clicktorrent[2].txt C:\Documents and Settings\s.f.\Cookies\s.f.@pro-market[2].txt C:\Documents and Settings\s.f.\Cookies\s.f.@adbrite[1].txt C:\Documents and Settings\s.f.\Cookies\s.f.@adrevolver[3].txt C:\Documents and Settings\s.f.\Cookies\[email protected][2].txt C:\Documents and Settings\s.f.\Cookies\[email protected][2].txt C:\Documents and Settings\s.f.\Cookies\s.f.@ctxtad[1].txt C:\Documents and Settings\s.f.\Cookies\[email protected][2].txt C:\Documents and Settings\s.f.\Cookies\[email protected][2].txt C:\Documents and Settings\s.f.\Cookies\[email protected][2].txt C:\Documents and Settings\s.f.\Cookies\[email protected][2].txt C:\Documents and Settings\s.f.\Cookies\s.f.@1064440146[1].txt C:\Documents and Settings\s.f.\Cookies\[email protected][2].txt C:\Documents and Settings\s.f.\Cookies\[email protected][1].txt C:\Documents and Settings\s.f.\Cookies\[email protected][2].txt C:\Documents and Settings\s.f.\Cookies\s.f.@adserver[1].txt C:\Documents and Settings\s.f.\Cookies\s.f.@aprotectservice[1].txt C:\Documents and Settings\s.f.\Cookies\[email protected][1].txt C:\Documents and Settings\s.f.\Cookies\[email protected][2].txt C:\Documents and Settings\s.f.\Cookies\[email protected][2].txt C:\Documents and Settings\s.f.\Cookies\[email protected][1].txt C:\Documents and Settings\s.f.\Cookies\s.f.@netmediagroup[1].txt C:\Documents and Settings\s.f.\Cookies\s.f.@sexy_teen_blonde_pigtails_pussy_pics[1].txt C:\Documents and Settings\s.f.\Cookies\s.f.@stats[1].txt Adware.Avenue Media/Internet Optimizer HKU\S-1-5-21-4161807351-332089663-2545455050-1006\SOFTWARE\Policies\Avenue Media HKLM\SOFTWARE\Policies\Avenue Media Adware.MyWay HKLM\Software\MyWay HKLM\Software\MyWay\myBar HKLM\Software\MyWay\myBar#Dir HKLM\Software\MyWay\myBar#ShzmCurInstall HKLM\Software\MyWay\myBar#pid HKLM\Software\MyWay\myBar#CurInstall HKLM\Software\MyWay\myBar#sr HKLM\Software\MyWay\myBar#pl HKLM\Software\MyWay\myBar#Id HKLM\Software\MyWay\myBar#Build HKLM\Software\MyWay\myBar#CacheDir HKLM\Software\MyWay\myBar#HistoryDir HKLM\Software\MyWay\myBar#Visible HKLM\Software\MyWay\myBar#SettingsDir HKLM\Software\MyWay\myBar#ConfigRevisionURL HKLM\Software\MyWay\myBar#ConfigDateStamp HKLM\Software\MyWay\myBar#Maximized HKLM\Software\MyWay\myBar\partner HKLM\Software\MyWay\myBar\partner#bitmap HKLM\Software\MyWay\myBar\partner#name HKLM\Software\MyWay\myBar\partner#test HKLM\Software\MyWay\myBar\partner#PM-Home HKLM\Software\MyWay\myBar\partner#PM-Points HKLM\Software\MyWay\myBar\partner#PM-Redeem HKLM\Software\MyWay\myBar\partner#PM-Wallet HKLM\Software\MyWay\myBar\partner#PM-Settings Adware.Aurora/Nail C:\DOCUMENTS AND SETTINGS\s.f.\LOKALE INNSTILLINGER\TEMP\FAG\AURARECO.EXE Trace.Known Threat Sources C:\Documents and Settings\s.f.\Lokale innstillinger\Temporary Internet Files\Content.IE5\L3N9J1NC\main[1].css C:\Documents and Settings\s.f.\Lokale innstillinger\Temporary Internet Files\Content.IE5\G52NZAKE\t_l[1].gif C:\Documents and Settings\s.f.\Lokale innstillinger\Temporary Internet Files\Content.IE5\DSX9RD1R\btn_company[1].gif C:\Documents and Settings\s.f.\Lokale innstillinger\Temporary Internet Files\Content.IE5\LRTMD984\t_r[1].gif C:\Documents and Settings\s.f.\Lokale innstillinger\Temporary Internet Files\Content.IE5\X6EM246L\btn_home[1].gif C:\Documents and Settings\s.f.\Lokale innstillinger\Temporary Internet Files\Content.IE5\LRTMD984\btn_download[1].gif C:\Documents and Settings\s.f.\Lokale innstillinger\Temporary Internet Files\Content.IE5\VW6HXCYR\btn_buy[1].gif C:\Documents and Settings\s.f.\Lokale innstillinger\Temporary Internet Files\Content.IE5\X6EM246L\btn_features[1].gif C:\Documents and Settings\s.f.\Lokale innstillinger\Temporary Internet Files\Content.IE5\M8UDB9OG\btn_end[1].gif C:\Documents and Settings\s.f.\Lokale innstillinger\Temporary Internet Files\Content.IE5\6FC3TE7A\btn_support[1].gif C:\Documents and Settings\s.f.\Lokale innstillinger\Temporary Internet Files\Content.IE5\X6EM246L\icon_help[1].gif C:\Documents and Settings\s.f.\Lokale innstillinger\Temporary Internet Files\Content.IE5\6FC3TE7A\btn_order[1].gif C:\Documents and Settings\s.f.\Lokale innstillinger\Temporary Internet Files\Content.IE5\VW6HXCYR\box[1].jpg C:\Documents and Settings\s.f.\Lokale innstillinger\Temporary Internet Files\Content.IE5\M8UDB9OG\menu_bg[1].gif C:\Documents and Settings\s.f.\Lokale innstillinger\Temporary Internet Files\Content.IE5\L3N9J1NC\b_b[1].gif C:\Documents and Settings\s.f.\Lokale innstillinger\Temporary Internet Files\Content.IE5\M8UDB9OG\news_top1[1].jpg C:\Documents and Settings\s.f.\Lokale innstillinger\Temporary Internet Files\Content.IE5\L3N9J1NC\protect[1].png C:\Documents and Settings\s.f.\Lokale innstillinger\Temporary Internet Files\Content.IE5\DSX9RD1R\btn_win[1].gif C:\Documents and Settings\s.f.\Lokale innstillinger\Temporary Internet Files\Content.IE5\G52NZAKE\menu_right[1].gif C:\Documents and Settings\s.f.\Lokale innstillinger\Temporary Internet Files\Content.IE5\6FC3TE7A\copy_right[1].gif C:\Documents and Settings\s.f.\Lokale innstillinger\Temporary Internet Files\Content.IE5\X6EM246L\b_company[1].gif C:\Documents and Settings\s.f.\Lokale innstillinger\Temporary Internet Files\Content.IE5\L3N9J1NC\how[1].gif C:\Documents and Settings\s.f.\Lokale innstillinger\Temporary Internet Files\Content.IE5\LRTMD984\icon_ignore[1].gif C:\Documents and Settings\s.f.\Lokale innstillinger\Temporary Internet Files\Content.IE5\M8UDB9OG\newspaper[1].gif C:\Documents and Settings\s.f.\Lokale innstillinger\Temporary Internet Files\Content.IE5\VW6HXCYR\btn_download1[1].gif C:\Documents and Settings\s.f.\Lokale innstillinger\Temporary Internet Files\Content.IE5\G52NZAKE\copy_left[1].gif C:\Documents and Settings\s.f.\Lokale innstillinger\Temporary Internet Files\Content.IE5\VW6HXCYR\b_affiliates[1].gif C:\Documents and Settings\s.f.\Lokale innstillinger\Temporary Internet Files\Content.IE5\L3N9J1NC\news_bottom1[1].jpg Ser det bra ut? Endret 28. april 2007 av rec0n Lenke til kommentar
norbat Skrevet 28. april 2007 Rapporter Del Skrevet 28. april 2007 Du fikk fjernet mye, men det er nok ikke bare Spylocked som var/er problemet Se om du kan avinstallere fra legg til/fjern programmer: GMT Ebates MoeMoneyMaker Hent FxIsbar.exe og kjør fixet Kjør HJT, sett merke framfor følgende linjer og klikk 'Fix checked': R3 - URLSearchHook: (no name) - _{00D6A7E7-4A97-456f-848A-3B75BF7554D7} - (no file) O4 - HKLM\..\Run: [¢‰¸u0–4C»}ïÁzî[8C:\Programfiler\ISTsvc\istsvc.exe] C:\WINDOWS\jufcbcyc.exe O4 - HKLM\..\Run: [¢‰¸u0Ô@ÔÁg]ú"ü‰üžiC:\Programfiler\ISTsvc\istsvc.exe] C:\WINDOWS\jufcbcyc.exe O4 - Global Startup: GStartup.lnk = C:\Programfiler\Fellesfiler\GMT\GMT.exe O9 - Extra button: (no name) - {6685509E-B47B-4f47-8E16-9A5F3A62F683} - file://C:\Programfiler\Ebates_MoeMoneyMaker\Sy350\Tp350\scri350a.htm (file missing) (HKCU) O16 - DPF: {91433D86-9F27-402C-B5E3-DEBDD122C339} - http://www.netvenda.com/sites/games-no/no/games4.cab O18 - Filter: text/html - {6EA07FAF-2921-4439-B7C8-29DA60ED5548} - C:\Documents and Settings\s.f.\Lokale innstillinger\Programdata\microsoft\internet explorer\V0.39.dat O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe (file missing) Last ned SDFix.exe. Pakk ut programmet. Sørg for at du kan se skjulte filer og mapper: (kontrollpanel->mappealt.->vis->"vis skjulte filer og mapper") Restart i sikker modus (tapp F8 under oppstart) Bruk utforsker til å finne og slette hvis de finnes (i fet): C:\Programfiler\ISTsvc C:\Programfiler\Fellesfiler\GMT C:\Programfiler\Ebates_MoeMoneyMaker Fortsatt fra sikker modus: Kjør RunThis.bat i SDfix-mappa. Det lages en rapport (Report.txt) som du poster senere. Restart i normal tilstand. Post en ny HJT-logg + loggen fra SDfix. Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå