Hotmailvirus og Searchqu toolbar

8 innlegg i emnet

Skrevet

Hei. Har et lite problem med en acer-laptop som har fått seg noen skikkelige virus. Mistenker at det ligger en malware en plass som har hijacket pcen. Problemet er at e-postadressen sender ut flere eposter til kontaktliste med linker. Og samtidig er det en toolbar som jeg mistenker er et form for virus som heter Searchqu Toolbar, og den vil ikke la seg fjerne. Hva gjør jeg?

0

Del dette innlegget


Lenke til innlegg
Del på andre sider

Skrevet

Logger:

MBAM

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

Databaseversjon: 4780

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

08.10.2010 21:50:49

mbam-log-2010-10-08 (21-50-49).txt

Skanntype: Hurtigsøk

Objekter skannet: 153530

Tid tilbakelagt: 9 minutt(er), 55 sekund(er)

Minneprosesser infisert: 0

Minnemoduler infisert: 0

Registernøkler infisert: 0

Registerverdier infisert: 0

Registerfiler infisert: 0

Mapper infisert: 0

Filer infisert 0

Minneprosesser infisert:

(Ingen skadelige objekter funnet)

Minnemoduler infisert:

(Ingen skadelige objekter funnet)

Registernøkler infisert:

(Ingen skadelige objekter funnet)

Registerverdier infiserat:

(Ingen skadelige objekter funnet)

Registerfiler infisert:

(Ingen skadelige objekter funnet)

Mapper infisert:

(Ingen skadelige objekter funnet)

Filer infisert

(Ingen skadelige objekter funnet)

ComboFix

ComboFix 10-10-07.02 - Lærer 08.10.2010 22:01:53.1.1 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.47.1044.18.1014.679 [GMT 2:00]

Kjører fra: c:\documents and settings\Lærer\Skrivebord\ComboFix.exe

AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

.

((((((((((((((((((((((((((((((((((((((( Andre slettinger )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\windows\Downloaded Program Files\popcaploader.dll

c:\windows\Downloaded Program Files\popcaploader.inf

D:\Autorun.inf

.

((((((((((((((((((((((((((( Filer Opprettet Fra 2010-09-08 til 2010-10-08 )))))))))))))))))))))))))))))))))

.

2010-10-08 19:37 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-10-08 19:37 . 2010-10-08 19:37 -------- d-----w- c:\programfiler\Malwarebytes' Anti-Malware

2010-10-08 19:37 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-10-08 19:00 . 2010-09-07 15:12 38848 ----a-w- c:\windows\avastSS.scr

2010-10-08 18:59 . 2010-10-08 18:59 -------- d-----w- c:\documents and settings\All Users\Programdata\Alwil Software

2010-10-08 16:55 . 2010-10-08 16:55 -------- d--h--r- c:\documents and settings\Lærer\Siste

2010-10-05 10:59 . 2010-10-05 10:59 -------- d-----w- c:\programfiler\gs

2010-10-05 10:58 . 2010-10-05 10:59 -------- d-----w- c:\documents and settings\Lærer\.scribus

2010-10-05 10:57 . 2010-10-05 10:58 -------- d-----w- c:\programfiler\Scribus 1.3.3.14

2010-10-05 10:52 . 2010-10-05 10:54 -------- d-----w- c:\documents and settings\Lærer\Videoredigering

2010-09-25 20:01 . 2001-11-16 15:22 5076354 ----a-r- c:\documents and settings\All Users\Programdata\Transparent\Transparent Language\Common Data\PolAlpha.exe

2010-09-25 19:59 . 2010-09-25 19:59 -------- dc-h--w- c:\documents and settings\All Users\Programdata\{171E062A-F0D3-40F6-9A2F-10C4987C1939}

2010-09-25 19:59 . 2009-08-11 16:40 2818608 -c--a-w- c:\documents and settings\All Users\Programdata\{171E062A-F0D3-40F6-9A2F-10C4987C1939}\LanguageNow.exe

2010-09-25 19:59 . 2010-09-25 20:02 -------- d-----w- c:\documents and settings\All Users\Programdata\Transparent

2010-09-25 19:59 . 2010-09-25 20:02 -------- d-----w- c:\programfiler\Transparent

2010-09-24 13:20 . 2010-10-08 16:24 -------- d-----w- c:\documents and settings\Lærer\Programdata\searchqutb

2010-09-24 13:19 . 2010-09-24 13:21 -------- d-----w- c:\programfiler\Windows Searchqu Toolbar

2010-09-24 13:18 . 2010-09-24 20:12 -------- d-----w- c:\programfiler\Bandoo

.

(((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-10-08 20:10 . 2008-11-12 06:18 -------- d-----w- c:\documents and settings\Lærer\Programdata\Dropbox

2010-10-08 19:01 . 2008-06-27 04:57 -------- d-----w- c:\programfiler\Alwil Software

2010-10-08 16:49 . 2008-08-25 23:32 -------- d-----w- c:\documents and settings\Lærer\Programdata\Media Player Classic

2010-10-08 16:31 . 2006-08-23 06:59 -------- d--h--w- c:\programfiler\InstallShield Installation Information

2010-10-08 16:29 . 2008-06-22 21:28 -------- d-----w- c:\programfiler\uTorrent

2010-10-08 16:26 . 2007-12-03 21:13 -------- d-----w- c:\programfiler\CCleaner

2010-10-08 16:25 . 2010-04-17 11:11 -------- d-----w- c:\programfiler\Messenger_Plus_Live

2010-10-08 16:10 . 2008-11-12 20:58 1 ----a-w- c:\documents and settings\Lærer\Programdata\OpenOffice.org\3\user\uno_packages\cache\stamp.sys

2010-10-08 10:16 . 2006-08-23 22:30 81216 ----a-w- c:\windows\system32\perfc014.dat

2010-10-08 10:16 . 2006-08-23 22:30 446176 ----a-w- c:\windows\system32\perfh014.dat

2010-10-06 18:46 . 2009-01-19 15:25 -------- d-----w- c:\documents and settings\Lærer\Programdata\Spotify

2010-10-01 20:18 . 2008-06-03 11:20 -------- d-----w- c:\documents and settings\Lærer\Programdata\FrostWire

2010-09-30 13:59 . 2009-11-16 15:31 -------- d-----w- c:\programfiler\Microsoft Silverlight

2010-09-25 21:01 . 2007-08-23 14:49 48736 ----a-w- c:\documents and settings\Lærer\Lokale innstillinger\Programdata\GDIPFONTCACHEV1.DAT

2010-09-24 13:19 . 2010-09-24 13:19 288 ----a-w- c:\documents and settings\Lærer\Lokale innstillinger\Programdata\GLF6B.tmp

2010-09-11 07:42 . 2009-01-16 06:25 -------- d-----w- c:\programfiler\Opera

2010-09-07 15:11 . 2009-08-30 12:42 167592 ----a-w- c:\windows\system32\aswBoot.exe

2010-09-07 14:52 . 2009-08-30 12:43 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys

2010-09-07 14:52 . 2009-08-30 12:43 165584 ----a-w- c:\windows\system32\drivers\aswSP.sys

2010-09-07 14:47 . 2009-08-30 12:43 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys

2010-09-07 14:47 . 2009-08-30 12:43 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys

2010-09-07 14:47 . 2009-08-30 12:43 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys

2010-09-07 14:47 . 2009-08-30 12:43 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys

2010-09-07 14:46 . 2009-08-30 12:43 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys

2010-08-21 20:47 . 2010-08-21 20:47 188 ----a-w- c:\windows\system32\eDataSecurity.dat

2010-08-19 13:17 . 2010-08-22 08:30 52224 ----a-w- c:\documents and settings\Lærer\Programdata\Mozilla\Firefox\Profiles\6a4c85e2.default\extensions\{9b339f6e-ddcd-401b-8764-230adbd01761}\components\FFExternalAlert.dll

2010-08-19 13:17 . 2010-08-22 08:30 101376 ----a-w- c:\documents and settings\Lærer\Programdata\Mozilla\Firefox\Profiles\6a4c85e2.default\extensions\{9b339f6e-ddcd-401b-8764-230adbd01761}\components\RadioWMPCore.dll

2010-08-19 07:39 . 2010-08-19 07:39 503808 ----a-w- c:\documents and settings\Lærer\Programdata\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-17a32d91-n\msvcp71.dll

2010-08-19 07:39 . 2010-08-19 07:39 499712 ----a-w- c:\documents and settings\Lærer\Programdata\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-17a32d91-n\jmc.dll

2010-08-19 07:39 . 2010-08-19 07:39 12800 ----a-w- c:\documents and settings\Lærer\Programdata\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-4faa26dc-n\decora-d3d.dll

2010-08-19 07:39 . 2010-08-19 07:39 61440 ----a-w- c:\documents and settings\Lærer\Programdata\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-4faa26dc-n\decora-sse.dll

2010-08-19 07:39 . 2010-08-19 07:39 348160 ----a-w- c:\documents and settings\Lærer\Programdata\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-17a32d91-n\msvcr71.dll

2010-08-17 13:17 . 2004-08-04 19:00 58880 ----a-w- c:\windows\system32\spoolsv.exe

2010-07-22 15:46 . 2004-08-04 19:00 590848 ----a-w- c:\windows\system32\rpcrt4.dll

2010-07-22 15:33 . 2009-11-19 14:54 1965056 ----a-w- c:\documents and settings\All Users\Programdata\ifolor\Designer21_NO\Ifolor.Designer.exe

2010-07-22 15:33 . 2009-04-02 08:42 939008 ----a-w- c:\documents and settings\All Users\Programdata\ifolor\Designer21_NO\Plug-Ins\Designer.SmartBook.dll

2010-07-22 06:19 . 2008-05-05 05:25 5120 ----a-w- c:\windows\system32\xpsp4res.dll

.

(((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret )))))))))))))))))))))))))))))))))))))))))))))

.

.

*Merk* tomme oppføringer & gyldige standardoppføringer vises ikke

REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{9b339f6e-ddcd-401b-8764-230adbd01761}"= "c:\programfiler\Messenger_Plus_Live\tbMes1.dll" [2010-10-08 2735200]

[HKEY_CLASSES_ROOT\clsid\{9b339f6e-ddcd-401b-8764-230adbd01761}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9b339f6e-ddcd-401b-8764-230adbd01761}]

2010-10-08 16:25 2735200 ----a-w- c:\programfiler\Messenger_Plus_Live\tbMes1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{9b339f6e-ddcd-401b-8764-230adbd01761}"= "c:\programfiler\Messenger_Plus_Live\tbMes1.dll" [2010-10-08 2735200]

[HKEY_CLASSES_ROOT\clsid\{9b339f6e-ddcd-401b-8764-230adbd01761}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

"{9B339F6E-DDCD-401B-8764-230ADBD01761}"= "c:\programfiler\Messenger_Plus_Live\tbMes1.dll" [2010-10-08 2735200]

[HKEY_CLASSES_ROOT\clsid\{9b339f6e-ddcd-401b-8764-230adbd01761}]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2009-12-09 01:19 94208 ----a-w- c:\documents and settings\Lærer\Programdata\Dropbox\bin\DropboxExt.13.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2009-12-09 01:19 94208 ----a-w- c:\documents and settings\Lærer\Programdata\Dropbox\bin\DropboxExt.13.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2009-12-09 01:19 94208 ----a-w- c:\documents and settings\Lærer\Programdata\Dropbox\bin\DropboxExt.13.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"LaunchApp"="Alaunch" [X]

"igfxtray"="c:\windows\system32\igfxtray.exe" [2006-03-23 94208]

"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-03-23 77824]

"igfxpers"="c:\windows\system32\igfxpers.exe" [2006-03-23 118784]

"RTHDCPL"="RTHDCPL.EXE" [2006-06-28 16248320]

"AzMixerSel"="c:\programfiler\Realtek\InstallShield\AzMixerSel.exe" [2005-12-21 53248]

"SynTPEnh"="c:\programfiler\Synaptics\SynTP\SynTPEnh.exe" [2006-03-03 761946]

"ADMTray.exe"="c:\acer\Empowering Technology\admtray.exe" [2005-10-24 2462208]

"eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2005-12-27 69632]

"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]

"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 59392]

"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]

"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]

"ePower_DMC"="c:\acer\Empowering Technology\ePower\ePower_DMC.exe" [2006-08-10 352256]

"Acer ePower Management"="c:\acer\Empowering Technology\ePower\Acer ePower Management.exe" [2006-05-22 3080704]

"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2006-07-20 593920]

"eRecoveryService"="c:\acer\Empowering Technology\eRecovery\Monitor.exe" [2006-01-24 397312]

"SunJavaUpdateSched"="c:\programfiler\Fellesfiler\Java\Java Update\jusched.exe" [2010-02-18 248040]

"QuickTime Task"="c:\programfiler\QuickTime\QTTask.exe" [2010-03-18 421888]

"iTunesHelper"="c:\programfiler\iTunes\iTunesHelper.exe" [2010-06-15 141624]

"DataMngr"="c:\progra~1\WI9130~1\DataMngr\DataMngrUI.exe" [2010-05-06 796608]

"avast5"="c:\programfiler\Alwil Software\Avast5\avastUI.exe" [2010-09-07 2838912]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\L‘rer\Start-meny\Programmer\Oppstart\

Dropbox.lnk - c:\documents and settings\L‘rer\Programdata\Dropbox\bin\Dropbox.exe [2010-2-26 21979992]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start-meny^Programmer^Oppstart^Adobe Reader Speed Launch.lnk]

backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

path=c:\documents and settings\All Users\Start-meny\Programmer\Oppstart\Adobe Reader Speed Launch.lnk

[HKLM\~\startupfolder\C:^Documents and Settings^Lærer^Start-meny^Programmer^Oppstart^Dropbox.lnk]

path=c:\documents and settings\Lærer\Start-meny\Programmer\Oppstart\Dropbox.lnk

backup=c:\windows\pss\Dropbox.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Lærer^Start-meny^Programmer^Oppstart^OpenOffice.org 3.0.lnk]

path=c:\documents and settings\Lærer\Start-meny\Programmer\Oppstart\OpenOffice.org 3.0.lnk

backup=c:\windows\pss\OpenOffice.org 3.0.lnkStartup

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Orb

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SweetIM

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent]

2008-04-14 17:23 110592 ----a-w- c:\windows\system32\bthprops.cpl

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]

2009-04-23 13:51 691656 ----a-w- c:\programfiler\DAEMON Tools Lite\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\fssui]

2009-08-05 21:48 647520 ----a-w- c:\programfiler\Windows Live\Family Safety\fsui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

2010-06-15 14:33 141624 ----a-w- c:\programfiler\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ntiMUI]

2006-05-15 10:15 45056 ----a-w- c:\programfiler\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector]

2008-02-26 02:23 443968 ----a-w- c:\documents and settings\Lærer\Skrivebord\Picasa2\PicasaMediaDetector.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2010-03-18 20:16 421888 ----a-w- c:\programfiler\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]

2006-05-16 17:04 2879488 ----a-w- c:\windows\SkyTel.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

2007-09-25 00:11 132496 ----a-w- c:\programfiler\Java\jre1.6.0_03\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]

2006-03-30 15:45 313472 ----a-r- c:\programfiler\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]

"QuickTime Task"="c:\programfiler\QuickTime\qttask.exe" -atboottime

"iTunesHelper"="c:\programfiler\iTunes\iTunesHelper.exe"

"AVG8_TRAY"=c:\progra~1\AVG\AVG8\avgtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Programfiler\\Messenger\\msmsgs.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Programfiler\\FrostWire\\FrostWire.exe"=

"c:\\Programfiler\\Spotify\\spotify.exe"=

"c:\\Programfiler\\Mozilla Firefox\\firefox.exe"=

"c:\\Documents and Settings\\Lærer\\Programdata\\Dropbox\\bin\\Dropbox.exe"=

"c:\\WINDOWS\\system32\\PnkBstrA.exe"=

"c:\\WINDOWS\\system32\\PnkBstrB.exe"=

"c:\\Programfiler\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Programfiler\\Windows Live\\Sync\\WindowsLiveSync.exe"=

"c:\\Programfiler\\Opera\\opera.exe"=

"c:\\Programfiler\\Bonjour\\mDNSResponder.exe"=

"c:\\Programfiler\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [30.08.2009 14:43 165584]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [30.08.2009 14:43 17744]

S3 cxbu0wdm;CardMan 3x21;c:\windows\system32\drivers\cxbu0wdm.sys [24.06.2009 11:16 114304]

S3 USBAAPL;Apple Mobile USB Driver;c:\windows\system32\drivers\usbaapl.sys [20.10.2009 15:58 40448]

S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [23.09.2007 01:16 721904]

--- Andre tjenester/drivere lastet i minnet ---

*NewlyCreated* - INT15.SYS

.

Innholdet i mappen 'Scheduled Tasks' (planlagte oppgaver)

2010-10-05 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\programfiler\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]

2009-08-23 c:\windows\Tasks\NSSstub.job

- c:\windows\system32\Adobe\Shockwave 11\nssstub.exe [2009-07-31 14:57]

2010-10-08 c:\windows\Tasks\User_Feed_Synchronization-{9D2D110F-E3DE-4671-A1F1-F29D7479AE6D}.job

- c:\windows\system32\msfeedssync.exe [2007-08-13 02:31]

.

.

------- Tilleggsskanning -------

.

uStart Page = hxxp://www.searchqu.com/

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uDefault_Search_URL = hxxp://www.google.com/ie

uInternet Connection Wizard,ShellNext = iexplore

uInternet Settings,ProxyOverride = *.local

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

FF - ProfilePath - c:\documents and settings\Lærer\Programdata\Mozilla\Firefox\Profiles\6a4c85e2.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2124320&SearchSource=3&q={searchTerms}

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - hxxp://www.searchqu.com/

FF - prefs.js: keyword.URL - hxxp://www.searchqu.com/web?src=ffb&q=

FF - component: c:\documents and settings\Lærer\Programdata\Mozilla\Firefox\Profiles\6a4c85e2.default\extensions\{9b339f6e-ddcd-401b-8764-230adbd01761}\components\FFExternalAlert.dll

FF - component: c:\documents and settings\Lærer\Programdata\Mozilla\Firefox\Profiles\6a4c85e2.default\extensions\{9b339f6e-ddcd-401b-8764-230adbd01761}\components\RadioWMPCore.dll

FF - plugin: c:\programfiler\Google\Picasa3\npPicasa3.dll

FF - plugin: c:\programfiler\Java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\programfiler\Mozilla Firefox\plugins\npdeployJava1.dll

FF - plugin: c:\programfiler\Opera 10 Beta\program\plugins\npqtplugin.dll

FF - plugin: c:\programfiler\Opera 10 Beta\program\plugins\npqtplugin2.dll

FF - plugin: c:\programfiler\Opera 10 Beta\program\plugins\npqtplugin3.dll

FF - plugin: c:\programfiler\Opera 10 Beta\program\plugins\npqtplugin4.dll

FF - plugin: c:\programfiler\Opera 10 Beta\program\plugins\npqtplugin5.dll

FF - plugin: c:\programfiler\Opera 10 Beta\program\plugins\npqtplugin6.dll

FF - plugin: c:\programfiler\Opera 10 Beta\program\plugins\npqtplugin7.dll

FF - plugin: c:\programfiler\Opera 10 Beta\program\plugins\NPSWF32.dll

FF - plugin: c:\programfiler\Windows Live\Photo Gallery\NPWLPG.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----

FF - user.js: network.http.max-persistent-connections-per-server - 4

FF - user.js: nglayout.initialpaint.delay - 600

FF - user.js: content.notify.interval - 600000

FF - user.js: content.max.tokenizing.time - 1800000

FF - user.js: content.switch.threshold - 600000

c:\programfiler\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);

c:\programfiler\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);

c:\programfiler\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".no");

.

- - - - TOMME PEKERE FJERNET - - - -

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)

MSConfigStartUp-AVG8_TRAY - c:\progra~1\AVG\AVG8\avgtray.exe

MSConfigStartUp-LogitechSoftwareUpdate - c:\programfiler\Logitech\Video\ManifestEngine.exe

MSConfigStartUp-LogitechVideoRepair - c:\programfiler\Logitech\Video\ISStart.exe

MSConfigStartUp-LogitechVideoTray - c:\programfiler\Logitech\Video\LogiTray.exe

MSConfigStartUp-msnmsgr - ~c:\programfiler\MSN Messenger\msnmsgr.exe

MSConfigStartUp-NeroFilterCheck - c:\programfiler\Fellesfiler\Ahead\Lib\NeroCheck.exe

MSConfigStartUp-RemoteControl - c:\programfiler\CyberLink\PowerDVD\PDVDServ.exe

MSConfigStartUp-Skype - c:\programfiler\Skype\Phone\Skype.exe

MSConfigStartUp-Sony Ericsson PC Suite - c:\programfiler\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe

MSConfigStartUp-uTorrent - c:\programfiler\uTorrent\uTorrent.exe

AddRemove-uTorrent - c:\programfiler\uTorrent\uTorrent.exe

.

--------------------- DLL'er Lastet Av Kjørende Prosesser ---------------------

- - - - - - - > 'explorer.exe'(848)

c:\windows\system32\MSNChatHook.dll

c:\windows\system32\sysenv.dll

c:\windows\system32\MSVCR71.dll

c:\documents and settings\Lærer\Programdata\Dropbox\bin\DropboxExt.13.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

c:\acer\Empowering Technology\ePower\SysHook.dll

.

------------------------ Andre Kjørende Prosesser ------------------------

.

c:\programfiler\Alwil Software\Avast5\AvastSvc.exe

c:\windows\System32\SCardSvr.exe

c:\programfiler\Fellesfiler\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\windows\RTHDCPL.EXE

c:\acer\Empowering Technology\admServ.exe

c:\programfiler\Bonjour\mDNSResponder.exe

c:\documents and settings\Lærer\Programdata\Dropbox\bin\Dropbox.exe

c:\programfiler\Java\jre6\bin\jqs.exe

c:\windows\system32\igfxext.exe

c:\windows\system32\igfxsrvc.exe

c:\programfiler\Fellesfiler\LightScribe\LSSrvc.exe

c:\windows\system32\PnkBstrA.exe

c:\windows\system32\PnkBstrB.exe

c:\docume~1\Lærer\LOKALE~1\Temp\RtkBtMnt.exe

c:\programfiler\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

c:\programfiler\iPod\bin\iPodService.exe

c:\windows\system32\wbem\unsecapp.exe

c:\windows\system32\wbem\wmiapsrv.exe

.

**************************************************************************

.

Tidspunkt ferdig: 2010-10-08 22:15:15 - maskinen ble startet på nytt

ComboFix-quarantined-files.txt 2010-10-08 20:15

Pre-Run: 5 165 001 728 byte ledig

Post-Run: 5 206 160 896 byte ledig

WindowsXP-KB310994-SP2-Pro-BootDisk-NOR.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

UnsupportedDebug="do not select this" /debug

multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - 417E0F74C060D2E654B9C00A895688E3

HijackThis

Logfile of Trend Micro HijackThis v2.0.3 (BETA)

Scan saved at 22:21:44, on 08.10.2010

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Programfiler\Alwil Software\Avast5\AvastSvc.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Acer\Empowering Technology\eRecovery\Monitor.exe

C:\Acer\Empowering Technology\admServ.exe

C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe

C:\Acer\Empowering Technology\admtray.exe

C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe

C:\Acer\Empowering Technology\ePower\ePower_DMC.exe

C:\PROGRA~1\LAUNCH~1\LManager.exe

C:\Programfiler\Fellesfiler\Java\Java Update\jusched.exe

C:\Programfiler\iTunes\iTunesHelper.exe

C:\PROGRA~1\WI9130~1\DataMngr\DataMngrUI.exe

C:\Programfiler\Alwil Software\Avast5\avastUI.exe

C:\Programfiler\Bonjour\mDNSResponder.exe

C:\Documents and Settings\Lærer\Programdata\Dropbox\bin\Dropbox.exe

C:\WINDOWS\System32\svchost.exe

C:\Programfiler\Java\jre6\bin\jqs.exe

C:\WINDOWS\system32\igfxext.exe

C:\WINDOWS\system32\igfxsrvc.exe

C:\Programfiler\Fellesfiler\LightScribe\LSSrvc.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\WINDOWS\system32\PnkBstrB.exe

C:\DOCUME~1\Lærer\LOKALE~1\Temp\RtkBtMnt.exe

C:\Programfiler\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\WINDOWS\system32\svchost.exe

C:\Programfiler\iPod\bin\iPodService.exe

C:\WINDOWS\system32\wbem\unsecapp.exe

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\WINDOWS\explorer.exe

C:\WINDOWS\system32\notepad.exe

C:\WINDOWS\system32\msiexec.exe

C:\Programfiler\TrendMicro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.searchqu.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

R3 - URLSearchHook: (no name) - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - (no file)

R3 - URLSearchHook: Messenger Plus Live Toolbar - {9b339f6e-ddcd-401b-8764-230adbd01761} - C:\Programfiler\Messenger_Plus_Live\tbMes1.dll

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: Windows Live Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Programfiler\Windows Live\Family Safety\fssbho.dll

O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Programfiler\Windows Live\Messenger\wlchtc.dll

O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Programfiler\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll

O2 - BHO: Påloggingshjelp for Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Messenger Plus Live Toolbar - {9b339f6e-ddcd-401b-8764-230adbd01761} - C:\Programfiler\Messenger_Plus_Live\tbMes1.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programfiler\Java\jre6\bin\jp2ssv.dll

O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Programfiler\Windows Live\Toolbar\wltcore.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programfiler\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll

O3 - Toolbar: (no name) - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - (no file)

O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programfiler\Windows Live\Toolbar\wltcore.dll

O3 - Toolbar: Messenger Plus Live Toolbar - {9b339f6e-ddcd-401b-8764-230adbd01761} - C:\Programfiler\Messenger_Plus_Live\tbMes1.dll

O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [LaunchApp] Alaunch

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [AzMixerSel] C:\Programfiler\Realtek\InstallShield\AzMixerSel.exe

O4 - HKLM\..\Run: [synTPEnh] C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [ADMTray.exe] "C:\Acer\Empowering Technology\admtray.exe"

O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe

O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC

O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC

O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName

O4 - HKLM\..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe

O4 - HKLM\..\Run: [Acer ePower Management] C:\Acer\Empowering Technology\ePower\Acer ePower Management.exe boot

O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe

O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\Monitor.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programfiler\Fellesfiler\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Programfiler\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [DataMngr] C:\PROGRA~1\WI9130~1\DataMngr\DataMngrUI.exe

O4 - HKLM\..\Run: [avast5] "C:\Programfiler\Alwil Software\Avast5\avastUI.exe" /nogui

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Startup: Dropbox.lnk = ?

O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200

O9 - Extra button: Blogg dette - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programfiler\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Blogg dette i Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programfiler\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Programfiler\Yahoo!\Common\yinsthelper.dll

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1187878462765

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://l.yimg.com/jh/games/web_games/popcap/insaniquarium/popcaploader_v6.cab

O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab

O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\AppleMobileDeviceService.exe

O23 - Service: avast! Antivirus - AVAST Software - C:\Programfiler\Alwil Software\Avast5\AvastSvc.exe

O23 - Service: avast! Mail Scanner - AVAST Software - C:\Programfiler\Alwil Software\Avast5\AvastSvc.exe

O23 - Service: avast! Web Scanner - AVAST Software - C:\Programfiler\Alwil Software\Avast5\AvastSvc.exe

O23 - Service: AdminWorks Agent X6 (AWService) - Avocent Inc. - C:\Acer\Empowering Technology\admServ.exe

O23 - Service: Bonjour-tjeneste (Bonjour Service) - Apple Inc. - C:\Programfiler\Bonjour\mDNSResponder.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Programfiler\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programfiler\Fellesfiler\InstallShield\Driver\1150\Intel 32\IDriverT.exe

O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Programfiler\iPod\bin\iPodService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programfiler\Java\jre6\bin\jqs.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programfiler\Fellesfiler\LightScribe\LSSrvc.exe

O23 - Service: NMIndexingService - Unknown owner - C:\Programfiler\Fellesfiler\Ahead\Lib\NMIndexingService.exe (file missing)

O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe

--

End of file - 10307 bytes

0

Del dette innlegget


Lenke til innlegg
Del på andre sider

Skrevet (endret)

Med Messenger_Plus_Live og iMesh følger det gjerne med div. adware. Jeg vil anbefale å avinstallere disse om du ikke MÅ ha det.

Hvis du avinstallerer det, kjør combofix på nytt og post loggen. Si ifra om du beholder Messenger_Plus_Live og iMesh.

---

Skift passord på hotmail-kontoen din

Endret av norbat
0

Del dette innlegget


Lenke til innlegg
Del på andre sider

Skrevet

Kan ikke se til å ha iMesh installert, men jeg har fjernet både Windows Live Messenger da det ikke brukes på denne PCen, og Messenger Plus.

ComboFix 10-10-07.02 - Lærer 08.10.2010 23:45:14.2.1 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.47.1044.18.1014.510 [GMT 2:00]

Kjører fra: c:\documents and settings\Lærer\Mine dokumenter\Nedlastinger\ComboFix.exe

AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

.

((((((((((((((((((((((((((((((((((((((( Andre slettinger )))))))))))))))))))))))))))))))))))))))))))))))))

.

Infisert kopi av c:\windows\system32\Drivers\atapi.sys ble funnet og desinfisert

Gjenopprettet kopi fra - c:\windows\ERDNT\cache\atapi.sys

.

((((((((((((((((((((((((((( Filer Opprettet Fra 2010-09-08 til 2010-10-08 )))))))))))))))))))))))))))))))))

.

2010-10-08 21:35 . 2010-04-28 05:44 54760 ----a-w- c:\windows\system32\drivers\fssfltr_tdi.sys

2010-10-08 21:34 . 2010-10-08 21:34 -------- d-----w- c:\programfiler\Windows Live SkyDrive

2010-10-08 21:27 . 2010-10-08 21:27 -------- d--h--r- c:\documents and settings\Lærer\Siste

2010-10-08 20:20 . 2010-10-08 20:20 388096 ----a-r- c:\documents and settings\Lærer\Programdata\Microsoft\Installer\{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}\HiJackThis.exe

2010-10-08 20:20 . 2010-10-08 20:20 -------- d-----w- c:\programfiler\TrendMicro

2010-10-08 19:37 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-10-08 19:37 . 2010-10-08 19:37 -------- d-----w- c:\programfiler\Malwarebytes' Anti-Malware

2010-10-08 19:37 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-10-08 19:00 . 2010-09-07 15:12 38848 ----a-w- c:\windows\avastSS.scr

2010-10-08 18:59 . 2010-10-08 18:59 -------- d-----w- c:\documents and settings\All Users\Programdata\Alwil Software

2010-10-05 10:59 . 2010-10-05 10:59 -------- d-----w- c:\programfiler\gs

2010-10-05 10:58 . 2010-10-05 10:59 -------- d-----w- c:\documents and settings\Lærer\.scribus

2010-10-05 10:57 . 2010-10-05 10:58 -------- d-----w- c:\programfiler\Scribus 1.3.3.14

2010-10-05 10:52 . 2010-10-05 10:54 -------- d-----w- c:\documents and settings\Lærer\Videoredigering

2010-09-25 20:01 . 2001-11-16 15:22 5076354 ----a-r- c:\documents and settings\All Users\Programdata\Transparent\Transparent Language\Common Data\PolAlpha.exe

2010-09-25 19:59 . 2010-09-25 19:59 -------- dc-h--w- c:\documents and settings\All Users\Programdata\{171E062A-F0D3-40F6-9A2F-10C4987C1939}

2010-09-25 19:59 . 2009-08-11 16:40 2818608 -c--a-w- c:\documents and settings\All Users\Programdata\{171E062A-F0D3-40F6-9A2F-10C4987C1939}\LanguageNow.exe

2010-09-25 19:59 . 2010-09-25 20:02 -------- d-----w- c:\documents and settings\All Users\Programdata\Transparent

2010-09-25 19:59 . 2010-09-25 20:02 -------- d-----w- c:\programfiler\Transparent

2010-09-24 13:20 . 2010-10-08 16:24 -------- d-----w- c:\documents and settings\Lærer\Programdata\searchqutb

2010-09-24 13:19 . 2010-09-24 13:21 -------- d-----w- c:\programfiler\Windows Searchqu Toolbar

2010-09-24 13:18 . 2010-09-24 20:12 -------- d-----w- c:\programfiler\Bandoo

.

(((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-10-08 21:55 . 2008-11-12 06:18 -------- d-----w- c:\documents and settings\Lærer\Programdata\Dropbox

2010-10-08 21:34 . 2008-03-09 11:09 -------- d-----w- c:\programfiler\Windows Live

2010-10-08 19:01 . 2008-06-27 04:57 -------- d-----w- c:\programfiler\Alwil Software

2010-10-08 16:49 . 2008-08-25 23:32 -------- d-----w- c:\documents and settings\Lærer\Programdata\Media Player Classic

2010-10-08 16:31 . 2006-08-23 06:59 -------- d--h--w- c:\programfiler\InstallShield Installation Information

2010-10-08 16:29 . 2008-06-22 21:28 -------- d-----w- c:\programfiler\uTorrent

2010-10-08 16:26 . 2007-12-03 21:13 -------- d-----w- c:\programfiler\CCleaner

2010-10-08 16:25 . 2010-04-17 11:11 -------- d-----w- c:\programfiler\Messenger_Plus_Live

2010-10-08 16:10 . 2008-11-12 20:58 1 ----a-w- c:\documents and settings\Lærer\Programdata\OpenOffice.org\3\user\uno_packages\cache\stamp.sys

2010-10-08 10:16 . 2006-08-23 22:30 81216 ----a-w- c:\windows\system32\perfc014.dat

2010-10-08 10:16 . 2006-08-23 22:30 446176 ----a-w- c:\windows\system32\perfh014.dat

2010-10-06 18:46 . 2009-01-19 15:25 -------- d-----w- c:\documents and settings\Lærer\Programdata\Spotify

2010-10-01 20:18 . 2008-06-03 11:20 -------- d-----w- c:\documents and settings\Lærer\Programdata\FrostWire

2010-09-30 13:59 . 2009-11-16 15:31 -------- d-----w- c:\programfiler\Microsoft Silverlight

2010-09-25 21:01 . 2007-08-23 14:49 48736 ----a-w- c:\documents and settings\Lærer\Lokale innstillinger\Programdata\GDIPFONTCACHEV1.DAT

2010-09-24 13:19 . 2010-09-24 13:19 288 ----a-w- c:\documents and settings\Lærer\Lokale innstillinger\Programdata\GLF6B.tmp

2010-09-11 07:42 . 2009-01-16 06:25 -------- d-----w- c:\programfiler\Opera

2010-09-07 15:11 . 2009-08-30 12:42 167592 ----a-w- c:\windows\system32\aswBoot.exe

2010-09-07 14:52 . 2009-08-30 12:43 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys

2010-09-07 14:52 . 2009-08-30 12:43 165584 ----a-w- c:\windows\system32\drivers\aswSP.sys

2010-09-07 14:47 . 2009-08-30 12:43 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys

2010-09-07 14:47 . 2009-08-30 12:43 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys

2010-09-07 14:47 . 2009-08-30 12:43 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys

2010-09-07 14:47 . 2009-08-30 12:43 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys

2010-09-07 14:46 . 2009-08-30 12:43 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys

2010-08-21 20:47 . 2010-08-21 20:47 188 ----a-w- c:\windows\system32\eDataSecurity.dat

2010-08-19 13:17 . 2010-08-22 08:30 52224 ----a-w- c:\documents and settings\Lærer\Programdata\Mozilla\Firefox\Profiles\6a4c85e2.default\extensions\{9b339f6e-ddcd-401b-8764-230adbd01761}\components\FFExternalAlert.dll

2010-08-19 13:17 . 2010-08-22 08:30 101376 ----a-w- c:\documents and settings\Lærer\Programdata\Mozilla\Firefox\Profiles\6a4c85e2.default\extensions\{9b339f6e-ddcd-401b-8764-230adbd01761}\components\RadioWMPCore.dll

2010-08-19 07:39 . 2010-08-19 07:39 503808 ----a-w- c:\documents and settings\Lærer\Programdata\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-17a32d91-n\msvcp71.dll

2010-08-19 07:39 . 2010-08-19 07:39 499712 ----a-w- c:\documents and settings\Lærer\Programdata\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-17a32d91-n\jmc.dll

2010-08-19 07:39 . 2010-08-19 07:39 12800 ----a-w- c:\documents and settings\Lærer\Programdata\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-4faa26dc-n\decora-d3d.dll

2010-08-19 07:39 . 2010-08-19 07:39 61440 ----a-w- c:\documents and settings\Lærer\Programdata\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-4faa26dc-n\decora-sse.dll

2010-08-19 07:39 . 2010-08-19 07:39 348160 ----a-w- c:\documents and settings\Lærer\Programdata\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-17a32d91-n\msvcr71.dll

2010-08-17 13:17 . 2004-08-04 19:00 58880 ----a-w- c:\windows\system32\spoolsv.exe

2010-07-22 15:46 . 2004-08-04 19:00 590848 ----a-w- c:\windows\system32\rpcrt4.dll

2010-07-22 15:33 . 2009-11-19 14:54 1965056 ----a-w- c:\documents and settings\All Users\Programdata\ifolor\Designer21_NO\Ifolor.Designer.exe

2010-07-22 15:33 . 2009-04-02 08:42 939008 ----a-w- c:\documents and settings\All Users\Programdata\ifolor\Designer21_NO\Plug-Ins\Designer.SmartBook.dll

2010-07-22 06:19 . 2008-05-05 05:25 5120 ----a-w- c:\windows\system32\xpsp4res.dll

.

(((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret )))))))))))))))))))))))))))))))))))))))))))))

.

.

*Merk* tomme oppføringer & gyldige standardoppføringer vises ikke

REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{9b339f6e-ddcd-401b-8764-230adbd01761}"= "c:\programfiler\Messenger_Plus_Live\tbMes1.dll" [2010-10-08 2735200]

[HKEY_CLASSES_ROOT\clsid\{9b339f6e-ddcd-401b-8764-230adbd01761}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9b339f6e-ddcd-401b-8764-230adbd01761}]

2010-10-08 16:25 2735200 ----a-w- c:\programfiler\Messenger_Plus_Live\tbMes1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{9b339f6e-ddcd-401b-8764-230adbd01761}"= "c:\programfiler\Messenger_Plus_Live\tbMes1.dll" [2010-10-08 2735200]

[HKEY_CLASSES_ROOT\clsid\{9b339f6e-ddcd-401b-8764-230adbd01761}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

"{9B339F6E-DDCD-401B-8764-230ADBD01761}"= "c:\programfiler\Messenger_Plus_Live\tbMes1.dll" [2010-10-08 2735200]

[HKEY_CLASSES_ROOT\clsid\{9b339f6e-ddcd-401b-8764-230adbd01761}]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2009-12-09 01:19 94208 ----a-w- c:\documents and settings\Lærer\Programdata\Dropbox\bin\DropboxExt.13.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2009-12-09 01:19 94208 ----a-w- c:\documents and settings\Lærer\Programdata\Dropbox\bin\DropboxExt.13.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2009-12-09 01:19 94208 ----a-w- c:\documents and settings\Lærer\Programdata\Dropbox\bin\DropboxExt.13.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"LaunchApp"="Alaunch" [X]

"igfxtray"="c:\windows\system32\igfxtray.exe" [2006-03-23 94208]

"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-03-23 77824]

"igfxpers"="c:\windows\system32\igfxpers.exe" [2006-03-23 118784]

"RTHDCPL"="RTHDCPL.EXE" [2006-06-28 16248320]

"AzMixerSel"="c:\programfiler\Realtek\InstallShield\AzMixerSel.exe" [2005-12-21 53248]

"SynTPEnh"="c:\programfiler\Synaptics\SynTP\SynTPEnh.exe" [2006-03-03 761946]

"ADMTray.exe"="c:\acer\Empowering Technology\admtray.exe" [2005-10-24 2462208]

"eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2005-12-27 69632]

"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]

"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 59392]

"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]

"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]

"ePower_DMC"="c:\acer\Empowering Technology\ePower\ePower_DMC.exe" [2006-08-10 352256]

"Acer ePower Management"="c:\acer\Empowering Technology\ePower\Acer ePower Management.exe" [2006-05-22 3080704]

"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2006-07-20 593920]

"eRecoveryService"="c:\acer\Empowering Technology\eRecovery\Monitor.exe" [2006-01-24 397312]

"SunJavaUpdateSched"="c:\programfiler\Fellesfiler\Java\Java Update\jusched.exe" [2010-02-18 248040]

"QuickTime Task"="c:\programfiler\QuickTime\QTTask.exe" [2010-03-18 421888]

"iTunesHelper"="c:\programfiler\iTunes\iTunesHelper.exe" [2010-06-15 141624]

"DataMngr"="c:\progra~1\WI9130~1\DataMngr\DataMngrUI.exe" [2010-05-06 796608]

"avast5"="c:\programfiler\Alwil Software\Avast5\avastUI.exe" [2010-09-07 2838912]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\L‘rer\Start-meny\Programmer\Oppstart\

Dropbox.lnk - c:\documents and settings\L‘rer\Programdata\Dropbox\bin\Dropbox.exe [2010-2-26 21979992]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start-meny^Programmer^Oppstart^Adobe Reader Speed Launch.lnk]

backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

path=c:\documents and settings\All Users\Start-meny\Programmer\Oppstart\Adobe Reader Speed Launch.lnk

[HKLM\~\startupfolder\C:^Documents and Settings^Lærer^Start-meny^Programmer^Oppstart^Dropbox.lnk]

path=c:\documents and settings\Lærer\Start-meny\Programmer\Oppstart\Dropbox.lnk

backup=c:\windows\pss\Dropbox.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Lærer^Start-meny^Programmer^Oppstart^OpenOffice.org 3.0.lnk]

path=c:\documents and settings\Lærer\Start-meny\Programmer\Oppstart\OpenOffice.org 3.0.lnk

backup=c:\windows\pss\OpenOffice.org 3.0.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent]

2008-04-14 17:23 110592 ----a-w- c:\windows\system32\bthprops.cpl

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]

2009-04-23 13:51 691656 ----a-w- c:\programfiler\DAEMON Tools Lite\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\fssui]

2010-04-28 05:44 647528 ----a-w- c:\programfiler\Windows Live\Family Safety\fsui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

2010-06-15 14:33 141624 ----a-w- c:\programfiler\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ntiMUI]

2006-05-15 10:15 45056 ----a-w- c:\programfiler\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector]

2008-02-26 02:23 443968 ----a-w- c:\documents and settings\Lærer\Skrivebord\Picasa2\PicasaMediaDetector.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2010-03-18 20:16 421888 ----a-w- c:\programfiler\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]

2006-05-16 17:04 2879488 ----a-w- c:\windows\SkyTel.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

2007-09-25 00:11 132496 ----a-w- c:\programfiler\Java\jre1.6.0_03\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]

2006-03-30 15:45 313472 ----a-r- c:\programfiler\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]

"QuickTime Task"="c:\programfiler\QuickTime\qttask.exe" -atboottime

"iTunesHelper"="c:\programfiler\iTunes\iTunesHelper.exe"

"AVG8_TRAY"=c:\progra~1\AVG\AVG8\avgtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Programfiler\\Messenger\\msmsgs.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Programfiler\\FrostWire\\FrostWire.exe"=

"c:\\Programfiler\\Spotify\\spotify.exe"=

"c:\\Programfiler\\Mozilla Firefox\\firefox.exe"=

"c:\\Documents and Settings\\Lærer\\Programdata\\Dropbox\\bin\\Dropbox.exe"=

"c:\\Programfiler\\Opera\\opera.exe"=

"c:\\Programfiler\\Bonjour\\mDNSResponder.exe"=

"c:\\Programfiler\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [30.08.2009 14:43 165584]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [30.08.2009 14:43 17744]

S3 cxbu0wdm;CardMan 3x21;c:\windows\system32\drivers\cxbu0wdm.sys [24.06.2009 11:16 114304]

S3 USBAAPL;Apple Mobile USB Driver;c:\windows\system32\drivers\usbaapl.sys [20.10.2009 15:58 40448]

S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [23.09.2007 01:16 721904]

--- Andre tjenester/drivere lastet i minnet ---

*NewlyCreated* - INT15.SYS

.

Innholdet i mappen 'Scheduled Tasks' (planlagte oppgaver)

2010-10-05 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\programfiler\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]

2010-10-08 c:\windows\Tasks\User_Feed_Synchronization-{9D2D110F-E3DE-4671-A1F1-F29D7479AE6D}.job

- c:\windows\system32\msfeedssync.exe [2007-08-13 02:31]

.

.

------- Tilleggsskanning -------

.

uStart Page = hxxp://www.searchqu.com/

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uDefault_Search_URL = hxxp://www.google.com/ie

uInternet Connection Wizard,ShellNext = iexplore

uInternet Settings,ProxyOverride = *.local

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

FF - ProfilePath - c:\documents and settings\Lærer\Programdata\Mozilla\Firefox\Profiles\6a4c85e2.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2124320&SearchSource=3&q={searchTerms}

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - hxxp://www.searchqu.com/

FF - prefs.js: keyword.URL - hxxp://www.searchqu.com/web?src=ffb&q=

FF - component: c:\documents and settings\Lærer\Programdata\Mozilla\Firefox\Profiles\6a4c85e2.default\extensions\{9b339f6e-ddcd-401b-8764-230adbd01761}\components\FFExternalAlert.dll

FF - component: c:\documents and settings\Lærer\Programdata\Mozilla\Firefox\Profiles\6a4c85e2.default\extensions\{9b339f6e-ddcd-401b-8764-230adbd01761}\components\RadioWMPCore.dll

FF - plugin: c:\programfiler\Google\Picasa3\npPicasa3.dll

FF - plugin: c:\programfiler\Java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\programfiler\Mozilla Firefox\plugins\npdeployJava1.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----

FF - user.js: network.http.max-persistent-connections-per-server - 4

FF - user.js: nglayout.initialpaint.delay - 600

FF - user.js: content.notify.interval - 600000

FF - user.js: content.max.tokenizing.time - 1800000

FF - user.js: content.switch.threshold - 600000

c:\programfiler\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);

c:\programfiler\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);

c:\programfiler\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".no");

.

.

--------------------- DLL'er Lastet Av Kjørende Prosesser ---------------------

- - - - - - - > 'explorer.exe'(2804)

c:\windows\system32\MSNChatHook.dll

c:\windows\system32\sysenv.dll

c:\windows\system32\MSVCR71.dll

c:\documents and settings\Lærer\Programdata\Dropbox\bin\DropboxExt.13.dll

c:\acer\Empowering Technology\ePower\SysHook.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Andre Kjørende Prosesser ------------------------

.

c:\programfiler\Alwil Software\Avast5\AvastSvc.exe

c:\windows\System32\SCardSvr.exe

c:\programfiler\Fellesfiler\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\acer\Empowering Technology\admServ.exe

c:\windows\RTHDCPL.EXE

c:\documents and settings\Lærer\Programdata\Dropbox\bin\Dropbox.exe

c:\programfiler\Bonjour\mDNSResponder.exe

c:\windows\system32\igfxext.exe

c:\windows\system32\igfxsrvc.exe

c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

c:\programfiler\Java\jre6\bin\jqs.exe

c:\programfiler\Fellesfiler\LightScribe\LSSrvc.exe

c:\programfiler\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

c:\docume~1\Lærer\LOKALE~1\Temp\RtkBtMnt.exe

c:\windows\system32\wscntfy.exe

c:\programfiler\iPod\bin\iPodService.exe

c:\windows\system32\wbem\wmiapsrv.exe

c:\windows\system32\wbem\unsecapp.exe

.

**************************************************************************

.

Tidspunkt ferdig: 2010-10-09 00:00:38 - maskinen ble startet på nytt

ComboFix-quarantined-files.txt 2010-10-08 22:00

ComboFix2.txt 2010-10-08 20:15

Pre-Run: 5 835 628 032 byte ledig

Post-Run: 5 819 087 872 byte ledig

- - End Of File - - 84C2AC2B357512D9B441194580C22421

0

Del dette innlegget


Lenke til innlegg
Del på andre sider

Skrevet

Åpne notisblokk og kopier inn det som står i fet skrift under, lagre fila på skrivebordet som CFScript.txt.

Dra deretter fila over Combofix-iconet. Combofix vil starte igjen. Post loggen.

Folder::

c:\documents and settings\Lærer\Programdata\searchqutb

c:\programfiler\Windows Searchqu Toolbar

c:\programfiler\Bandoo

c:\programfiler\Messenger_Plus_Live

Registry::

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{9b339f6e-ddcd-401b-8764-230adbd01761}"=-

[-HKEY_CLASSES_ROOT\clsid\{9b339f6e-ddcd-401b-8764-230adbd01761}]

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9b339f6e-ddcd-401b-8764-230adbd01761}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{9b339f6e-ddcd-401b-8764-230adbd01761}"=-

[-HKEY_CLASSES_ROOT\clsid\{9b339f6e-ddcd-401b-8764-230adbd01761}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

"{9B339F6E-DDCD-401B-8764-230ADBD01761}"=-

[-HKEY_CLASSES_ROOT\clsid\{9b339f6e-ddcd-401b-8764-230adbd01761}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"DataMngr"=-

dds::

uStart Page = hxxp://www.searchqu.com/

FF - prefs.js: browser.startup.homepage - hxxp://www.searchqu.com/

FF - prefs.js: keyword.URL - hxxp://www.searchqu.com/web?src=ffb&q=

0

Del dette innlegget


Lenke til innlegg
Del på andre sider

Skrevet

Fullført.

ComboFix 10-10-07.02 - Lærer 09.10.2010 0:49.3.1 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.47.1044.18.1014.479 [GMT 2:00]

Kjører fra: c:\documents and settings\Lærer\Mine dokumenter\Nedlastinger\ComboFix.exe

Command switches brukt :: c:\documents and settings\Lærer\Skrivebord\CFScript.txt

AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

.

((((((((((((((((((((((((((((((((((((((( Andre slettinger )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\documents and settings\Lærer\Programdata\searchqutb

c:\documents and settings\Lærer\Programdata\searchqutb\dtx.ini

c:\documents and settings\Lærer\Programdata\searchqutb\games\00d2dfc64c07a4f32824abac1d6f735b

c:\documents and settings\Lærer\Programdata\searchqutb\games\3e4265e00cbc4a9cf22a105046a46d8a

c:\documents and settings\Lærer\Programdata\searchqutb\games\44a5d79f5451d3036ba3986425e234c8

c:\documents and settings\Lærer\Programdata\searchqutb\games\GameCategories.xml

c:\documents and settings\Lærer\Programdata\searchqutb\games\GameTypes.xml

c:\documents and settings\Lærer\Programdata\searchqutb\guid.dat

c:\documents and settings\Lærer\Programdata\searchqutb\preferences.dat

c:\documents and settings\Lærer\Programdata\searchqutb\stats.dat

c:\documents and settings\Lærer\Programdata\searchqutb\uninstallIE.dat

c:\documents and settings\Lærer\Programdata\searchqutb\widgets_cache\84b70525cff6359fdeca553342c23e4c

c:\documents and settings\Lærer\Programdata\searchqutb\widgets_cache\bf5b6317ae07da699882fc948f22eda4

c:\documents and settings\Lærer\Programdata\searchqutb\widgets_cache\category_cache.xml

c:\documents and settings\Lærer\Programdata\searchqutb\widgets_cache\widget_cache.xml

c:\programfiler\Bandoo

c:\programfiler\Messenger_Plus_Live

c:\programfiler\Messenger_Plus_Live\INSTALL.LOG

c:\programfiler\Messenger_Plus_Live\Messenger_Plus_LiveToolbarHelper.exe

c:\programfiler\Messenger_Plus_Live\tbMes1.dll

c:\programfiler\Messenger_Plus_Live\tbMess.dll

c:\programfiler\Messenger_Plus_Live\toolbar.cfg

c:\programfiler\Messenger_Plus_Live\UNWISE.EXE

c:\programfiler\Windows Searchqu Toolbar

c:\programfiler\Windows Searchqu Toolbar\DataMngr\datamngr.dll

c:\programfiler\Windows Searchqu Toolbar\DataMngr\DataMngrUI.exe

c:\programfiler\Windows Searchqu Toolbar\INSTALL.LOG

c:\programfiler\Windows Searchqu Toolbar\main.ico

c:\programfiler\Windows Searchqu Toolbar\ToolBar\chrome\content\.#searchqutb.js.1.3

c:\programfiler\Windows Searchqu Toolbar\ToolBar\chrome\content\data\search\engines.xml

c:\programfiler\Windows Searchqu Toolbar\ToolBar\chrome\content\data\search\search.xsl

c:\programfiler\Windows Searchqu Toolbar\ToolBar\chrome\content\lib\about.xml

c:\programfiler\Windows Searchqu Toolbar\ToolBar\chrome\content\lib\dtxpanelwin.xul

c:\programfiler\Windows Searchqu Toolbar\ToolBar\chrome\content\lib\dtxprefwin.xul

c:\programfiler\Windows Searchqu Toolbar\ToolBar\chrome\content\lib\dtxwin.xul

c:\programfiler\Windows Searchqu Toolbar\ToolBar\chrome\content\lib\emailnotifierproviders.xml

c:\programfiler\Windows Searchqu Toolbar\ToolBar\chrome\content\lib\external.js

c:\programfiler\Windows Searchqu Toolbar\ToolBar\chrome\content\lib\neterror.xhtml

c:\programfiler\Windows Searchqu Toolbar\ToolBar\chrome\content\lib\wmpstreamer.html

c:\programfiler\Windows Searchqu Toolbar\ToolBar\chrome\content\modules\datastore.jsm

c:\programfiler\Windows Searchqu Toolbar\ToolBar\chrome\content\preferences.xml

c:\programfiler\Windows Searchqu Toolbar\ToolBar\chrome\content\searchqutb.js

c:\programfiler\Windows Searchqu Toolbar\ToolBar\chrome\content\toolbar.htm

c:\programfiler\Windows Searchqu Toolbar\ToolBar\chrome\content\toolbar.xul

c:\programfiler\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227\bg-scalable-mdl.gif

c:\programfiler\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227\bg-scalable-tl.gif

c:\programfiler\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227\bg-scalable-tr.gif

c:\programfiler\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227\btn-dragresize.png

c:\programfiler\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227\btn-wide-close-down.PNG

c:\programfiler\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227\btn-wide-close-over.PNG

c:\programfiler\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227\btn-wide-close.png

c:\programfiler\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227\btn-wide-maximize-down.png

c:\programfiler\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227\btn-wide-maximize-over.png

c:\programfiler\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227\btn-wide-maximize.png

c:\programfiler\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227\btn-wide-minimize-down.PNG

c:\programfiler\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227\btn-wide-minimize-over.PNG

c:\programfiler\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227\btn-wide-minimize.PNG

c:\programfiler\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227\btnarrow-next-off.png

c:\programfiler\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227\btnarrow-next.png

c:\programfiler\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227\btnarrow-previous-off.png

c:\programfiler\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227\btnarrow-previous.png

c:\programfiler\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227\navico-home.gif

c:\programfiler\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227\panel.html

c:\programfiler\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227\powered-mystart.gif

c:\programfiler\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227\tb_icon.png

c:\programfiler\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227\widget.js

c:\programfiler\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227\widget.xml

c:\programfiler\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1255\bg-scalable-mdl.gif

c:\programfiler\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1255\bg-scalable-tl.gif

c:\programfiler\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1255\bg-scalable-tr.gif

c:\programfiler\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1255\btn-dragresize.png

c:\programfiler\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1255\btn-wide-close-down.PNG

c:\programfiler\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1255\btn-wide-close-over.PNG

c:\programfiler\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1255\btn-wide-close.png

c:\programfiler\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1255\btn-wide-maximize-down.png

c:\programfiler\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1255\btn-wide-maximize-over.png

c:\programfiler\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1255\btn-wide-maximize.png

c:\programfiler\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1255\btn-wide-minimize-down.PNG

c:\programfiler\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1255\btn-wide-minimize-over.PNG

c:\programfiler\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1255\btn-wide-minimize.PNG

c:\programfiler\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1255\btnarrow-next-off.png

c:\programfiler\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1255\btnarrow-next.png

c:\programfiler\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1255\btnarrow-previous-off.png

c:\programfiler\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1255\btnarrow-previous.png

c:\programfiler\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1255\navico-home.gif

c:\programfiler\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1255\panel.html

c:\programfiler\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1255\powered-mystart.gif

c:\programfiler\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1255\tb_icon.png

c:\programfiler\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1255\widget.js

c:\programfiler\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1255\widget.xml

c:\programfiler\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1257\bg-scalable-mdl.gif

c:\programfiler\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1257\bg-scalable-tl.gif

c:\programfiler\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1257\bg-scalable-tr.gif

c:\programfiler\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1257\btn-dragresize.png

c:\programfiler\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1257\btn-wide-close-down.PNG

c:\programfiler\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1257\btn-wide-close-over.PNG

c:\programfiler\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1257\btn-wide-close.png

c:\programfiler\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1257\btn-wide-maximize-down.png

c:\programfiler\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1257\btn-wide-maximize-over.png

c:\programfiler\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1257\btn-wide-maximize.png

c:\programfiler\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1257\btn-wide-minimize-down.PNG

c:\programfiler\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1257\btn-wide-minimize-over.PNG

c:\programfiler\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1257\btn-wide-minimize.PNG

c:\programfiler\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1257\btnarrow-next-off.png

c:\programfiler\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1257\btnarrow-next.png

c:\programfiler\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1257\btnarrow-previous-off.png

c:\programfiler\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1257\btnarrow-previous.png

c:\programfiler\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1257\navico-home.gif

c:\programfiler\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1257\panel.html

c:\programfiler\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1257\powered-mystart.gif

c:\programfiler\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1257\tb_icon.png

c:\programfiler\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1257\widget.js

c:\programfiler\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1257\widget.xml

c:\programfiler\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217.zip

c:\programfiler\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\bg-scalable-mdl.gif

c:\programfiler\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\bg-scalable-tl.gif

c:\programfiler\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\bg-scalable-tr.gif

c:\programfiler\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\btn-dragresize.png

c:\programfiler\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\btn-wide-close-down.PNG

c:\programfiler\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\btn-wide-close-over.PNG

c:\programfiler\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\btn-wide-close.png

c:\programfiler\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\btn-wide-maximize-down.png

c:\programfiler\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\btn-wide-maximize-over.png

c:\programfiler\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\btn-wide-maximize.png

c:\programfiler\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\btn-wide-minimize-down.PNG

c:\programfiler\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\btn-wide-minimize-over.PNG

c:\programfiler\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\btn-wide-minimize.PNG

c:\programfiler\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\btnarrow-next-off.png

c:\programfiler\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\btnarrow-next.png

c:\programfiler\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\btnarrow-previous-off.png

c:\programfiler\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\btnarrow-previous.png

c:\programfiler\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\navico-home.gif

c:\programfiler\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\panel.html

c:\programfiler\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\powered-mystart.gif

c:\programfiler\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\tb_icon.png

c:\programfiler\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\widget.js

c:\programfiler\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\widget.xml

c:\programfiler\Windows Searchqu Toolbar\ToolBar\chrome\skin\bluelite.gif

c:\programfiler\Windows Searchqu Toolbar\ToolBar\chrome\skin\bluesky.gif

c:\programfiler\Windows Searchqu Toolbar\ToolBar\chrome\skin\btn-search-over.png

c:\programfiler\Windows Searchqu Toolbar\ToolBar\chrome\skin\btn-search.png

c:\programfiler\Windows Searchqu Toolbar\ToolBar\chrome\skin\btn-settings-over.png

c:\programfiler\Windows Searchqu Toolbar\ToolBar\chrome\skin\btn-settings.png

c:\programfiler\Windows Searchqu Toolbar\ToolBar\chrome\skin\btn-widgets-over.png

c:\programfiler\Windows Searchqu Toolbar\ToolBar\chrome\skin\btn-widgets.png

c:\programfiler\Windows Searchqu Toolbar\ToolBar\chrome\skin\btn_settings.png

c:\programfiler\Windows Searchqu Toolbar\ToolBar\chrome\skin\button-down-back-ff.png

c:\programfiler\Windows Searchqu Toolbar\ToolBar\chrome\skin\button-down-back.png

c:\programfiler\Windows Searchqu Toolbar\ToolBar\chrome\skin\button-down-left.png

c:\programfiler\Windows Searchqu Toolbar\ToolBar\chrome\skin\button-down-right.png

c:\programfiler\Windows Searchqu Toolbar\ToolBar\chrome\skin\button-down-splitter.png

c:\programfiler\Windows Searchqu Toolbar\ToolBar\chrome\skin\button-drop-back.png

c:\programfiler\Windows Searchqu Toolbar\ToolBar\chrome\skin\button-drop-left.png

c:\programfiler\Windows Searchqu Toolbar\ToolBar\chrome\skin\button-drop-right.png

c:\programfiler\Windows Searchqu Toolbar\ToolBar\chrome\skin\button-drop-splitter.png

c:\programfiler\Windows Searchqu Toolbar\ToolBar\chrome\skin\button-hover-back-ff.png

c:\programfiler\Windows Searchqu Toolbar\ToolBar\chrome\skin\button-hover-back.png

c:\programfiler\Windows Searchqu Toolbar\ToolBar\chrome\skin\button-hover-left.png

c:\programfiler\Windows Searchqu Toolbar\ToolBar\chrome\skin\button-hover-right.png

c:\programfiler\Windows Searchqu Toolbar\ToolBar\chrome\skin\button-hover-splitter.png

c:\programfiler\Windows Searchqu Toolbar\ToolBar\chrome\skin\ca.png

c:\programfiler\Windows Searchqu Toolbar\ToolBar\chrome\skin\dictionary.png

c:\programfiler\Windows Searchqu Toolbar\ToolBar\chrome\skin\divider.png

c:\programfiler\Windows Searchqu Toolbar\ToolBar\chrome\skin\downloadcom.png

c:\programfiler\Windows Searchqu Toolbar\ToolBar\chrome\skin\email.png

c:\programfiler\Windows Searchqu Toolbar\ToolBar\chrome\skin\email_on.png

c:\programfiler\Windows Searchqu Toolbar\ToolBar\chrome\skin\games.png

c:\programfiler\Windows Searchqu Toolbar\ToolBar\chrome\skin\graphred0.png

c:\programfiler\Windows Searchqu Toolbar\ToolBar\chrome\skin\graphred0_5.png

c:\programfiler\Windows Searchqu Toolbar\ToolBar\chrome\skin\grey.gif

c:\programfiler\Windows Searchqu Toolbar\ToolBar\chrome\skin\headsup.png

c:\programfiler\Windows Searchqu Toolbar\ToolBar\chrome\skin\ico-shield.png

c:\programfiler\Windows Searchqu Toolbar\ToolBar\chrome\skin\images.png

c:\programfiler\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\add.png

c:\programfiler\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\aol.png

c:\programfiler\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\arrow-dn.gif

c:\programfiler\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\arrow-right.gif

c:\programfiler\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\arrow-up.gif

c:\programfiler\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\bg-btn-end.png

c:\programfiler\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\bg-btn-mdl.png

c:\programfiler\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\bg-btn-mdl_ff.png

c:\programfiler\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\bg-btn-start.png

c:\programfiler\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\bg-btnover-end.png

c:\programfiler\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\bg-btnover-mdl.png

c:\programfiler\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\bg-btnover-mdl_ff.png

c:\programfiler\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\bg-btnover-start.png

c:\programfiler\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\blank.gif

c:\programfiler\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\btnback-down-vista.png

c:\programfiler\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\btnback-vista.png

c:\programfiler\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\btnleft-down-vista.png

c:\programfiler\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\btnleft-vista.png

c:\programfiler\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\btnright-down-vista.png

c:\programfiler\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\btnright-vista.png

c:\programfiler\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\button-splitter-down-vista.png

c:\programfiler\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\button-splitter-vista.png

c:\programfiler\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\checkmark.png

c:\programfiler\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\chevron.png

c:\programfiler\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\collapse.png

c:\programfiler\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\comcast.png

c:\programfiler\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\dtx.css

c:\programfiler\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\edit-back-hot.png

c:\programfiler\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\edit-back.png

c:\programfiler\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\expand.png

c:\programfiler\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\found.png

c:\programfiler\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\gmail.png

c:\programfiler\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\highlight.png

c:\programfiler\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\highlight_blue.png

c:\programfiler\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\highlight_cyan.png

c:\programfiler\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\highlight_lime.png

c:\programfiler\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\highlight_magenta.png

c:\programfiler\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\highlight_yellow.png

c:\programfiler\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\hotmail.png

c:\programfiler\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\imap.png

c:\programfiler\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\lastsearch-thumb-back.gif

c:\programfiler\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\loadingMid.gif

c:\programfiler\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\lock.png

c:\programfiler\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\mailcom.png

c:\programfiler\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\menu_bg-basic.png

c:\programfiler\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\menu_separator_bar.png

c:\programfiler\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\menuitem-splitter.png

c:\programfiler\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\menuitemback-down-vista.png

c:\programfiler\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\menuitemback-vista.png

c:\programfiler\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\menuitemleft-down-vista.png

c:\programfiler\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\menuitemleft-vista.png

c:\programfiler\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\menuitemright-down-vista.png

c:\programfiler\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\menuitemright-vista.png

c:\programfiler\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\move.gif

c:\programfiler\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\movetarget.png

c:\programfiler\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\css\popupAbout.css

c:\programfiler\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\css\popupGames.css

c:\programfiler\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\css\popupWidgets.css

c:\programfiler\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\footer.htm

c:\programfiler\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\gamecategory.xsl

c:\programfiler\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\gameData.js

c:\programfiler\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\gameList.xsl

c:\programfiler\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\gametype.xsl

c:\programfiler\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\arrow-sml-drop.png

c:\programfiler\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\arrow-sml.png

c:\programfiler\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\arrowr-bluew5.png

c:\programfiler\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\bg-aboutbox.png

c:\programfiler\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\bg-btnover.png

c:\programfiler\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\bg-pnl520x390.png

c:\programfiler\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\btn-close-grey.png

c:\programfiler\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\btn-close-greyover.png

c:\programfiler\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\btn-drag.png

c:\programfiler\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\btn-next-over.png

c:\programfiler\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\btn-next.png

c:\programfiler\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\btn-previous-over.png

c:\programfiler\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\btn-previous.png

c:\programfiler\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\btn-search-pnlbtm-over.png

c:\programfiler\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\btn-search-pnlbtm.png

c:\programfiler\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\gamethumb-on.png

c:\programfiler\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\gamethumb2-over.png

c:\programfiler\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\ico-calendar.png

c:\programfiler\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\ico-download.png

c:\programfiler\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\ico-joystick24.png

c:\programfiler\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\ico-play.png

c:\programfiler\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\ico-tags.png

c:\programfiler\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\icon-Add.png

c:\programfiler\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\icon-download.png

c:\programfiler\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\icon-Info.png

c:\programfiler\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\icon-play.png

c:\programfiler\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\icon-shop.png

c:\programfiler\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\menul-bgon.png

c:\programfiler\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\menul-bgover.png

c:\programfiler\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\panel-botm-noscroll.png

c:\programfiler\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\scroll-bg-206.png

c:\programfiler\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\scroll-bg.png

c:\programfiler\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\scroll-topwin.png

c:\programfiler\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\scrollb-disable.png

c:\programfiler\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\scrollb-down.png

c:\programfiler\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\scrollb-over.png

c:\programfiler\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\scrollb.png

c:\programfiler\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\scrollt-disable.png

c:\programfiler\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\scrollt-down.png

c:\programfiler\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\scrollt-over.png

c:\programfiler\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\scrollt.png

c:\programfiler\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\searchbox-pnlbtm.png

c:\programfiler\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\star_x_grey.png

c:\programfiler\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\star_x_orange.png

c:\programfiler\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\TRUSTe_about.png

c:\programfiler\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\view-detailed-on.png

c:\programfiler\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\view-detailed-over.png

c:\programfiler\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\view-thumb-on.png

c:\programfiler\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\view-thumb-over.png

c:\programfiler\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\widgets-square-16px.png

c:\programfiler\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\widgets-square-24px.png

c:\programfiler\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\popupGames.html

c:\programfiler\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\popupWidgets.html

c:\programfiler\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\pop.png

c:\programfiler\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio.png

c:\programfiler\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\css\manager.css

c:\programfiler\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\css\slider.css

c:\programfiler\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\bg-pnl.png

c:\programfiler\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\btn-close-grey.png

c:\programfiler\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\btn-close-greyover.png

c:\programfiler\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\collapsed_button.gif

c:\programfiler\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\expanded_button.gif

c:\programfiler\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\ico-playstation-down.png

c:\programfiler\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\ico-playstation-over.png

c:\programfiler\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\ico-playstation.png

c:\programfiler\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\ico-radio.png

c:\programfiler\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\music-note.png

c:\programfiler\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\radio-btn-pause-on.png

c:\programfiler\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\radio-btn-pause.png

c:\programfiler\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\radio-btn-play-on.png

c:\programfiler\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\radio-btn-play.png

c:\programfiler\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\radio-eq-bg.png

c:\programfiler\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\radio-eq-busy.gif

c:\programfiler\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\radio-eq-off.png

c:\programfiler\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\radio-eq-on.gif

c:\programfiler\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\radio-eq-warning.png

c:\programfiler\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\radio-options-design-on.png

c:\programfiler\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\radio-options-design.png

c:\programfiler\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\radio-options-on.png

c:\programfiler\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\radio-options.png

c:\programfiler\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\radio-volume-0.png

c:\programfiler\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\radio-volume-1.png

c:\programfiler\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\radio-volume-2.png

c:\programfiler\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\radio-volume-3.png

c:\programfiler\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\radio-volume-mute.png

c:\programfiler\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\scrollbar-handle.png

c:\programfiler\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\scrollbar-track.png

c:\programfiler\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\slider.png

c:\programfiler\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\slideron.png

c:\programfiler\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\track.png

c:\programfiler\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\managerpanel.html

c:\programfiler\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\volumeslider.html

c:\programfiler\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\remove.png

c:\programfiler\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\rename.gif

c:\programfiler\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\resize-box.gif

c:\programfiler\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\rss.png

c:\programfiler\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\rsschannelback.png

c:\programfiler\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\RSSLogo.png

c:\programfiler\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\rsstabdivider.gif

c:\programfiler\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\scroll-left.png

c:\programfiler\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\scroll-right.png

c:\programfiler\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\search-go.png

c:\programfiler\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\search.png

c:\programfiler\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\text-ellipsis.xml

c:\programfiler\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\throbber.gif

c:\programfiler\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\toolbarsplitter.gif

c:\programfiler\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\transparent_1px.gif

c:\programfiler\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\border_02.png

c:\programfiler\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\border_03.png

c:\programfiler\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\border_04.png

c:\programfiler\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\border_06.png

c:\programfiler\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\border_07.png

c:\programfiler\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\border_08.png

c:\programfiler\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\border_09.png

c:\programfiler\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\border_10.png

c:\programfiler\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\border_11.png

c:\programfiler\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\border_12.png

c:\programfiler\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\border_13.png

c:\programfiler\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\border_14.png

c:\programfiler\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\border_15.png

c:\programfiler\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\border_16.png

c:\programfiler\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\border_18.png

c:\programfiler\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\border_19.png

c:\programfiler\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\border_20.png

c:\programfiler\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\border_21.png

c:\programfiler\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\btn-close-grey.png

c:\programfiler\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\btn-close-greyover.png

c:\programfiler\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\close-hot.png

c:\programfiler\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\close-normal.png

c:\programfiler\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\loadingMid.gif

c:\programfiler\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\proxy.html

c:\programfiler\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\template.html

c:\programfiler\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\template.xml

c:\programfiler\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\templateFF.html

c:\programfiler\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\throbber.gif

c:\programfiler\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\icons\cond999.png

c:\programfiler\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\icons\icons.xml

c:\programfiler\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\icons\na-s.png

c:\programfiler\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\icons\na.png

c:\programfiler\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\icons\weather.png

c:\programfiler\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\add.png

c:\programfiler\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\arrowr-bluew5.png

c:\programfiler\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\bg-pnl.png

c:\programfiler\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\bg-pnl520x350blue-whitebg.png

c:\programfiler\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\bg-pnl520x350blue.png

c:\programfiler\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\box-check.png

c:\programfiler\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\box-uncheck.png

c:\programfiler\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btn-close-grey.png

c:\programfiler\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btn-close-greyover.png

c:\programfiler\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btn-delete.png

c:\programfiler\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btn-search-pnlbtm.png

c:\programfiler\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btnarrow-next-off.png

c:\programfiler\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btnarrow-next.png

c:\programfiler\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btnarrow-previous-off.png

c:\programfiler\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btnarrow-previous.png

c:\programfiler\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\ico-check.png

c:\programfiler\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\ico-hotandhumid-s.png

c:\programfiler\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\ico-hotandhumid.png

c:\programfiler\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\options-weather.png

c:\programfiler\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\over-blue.png

c:\programfiler\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\over-orange.png

c:\programfiler\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\powered-by-weatherbug.png

c:\programfiler\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\powered-by-weatherbug2.png

c:\programfiler\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\radio-checked.png

c:\programfiler\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\radio-unchecked.png

c:\programfiler\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\searchbox-pnlbtm.png

c:\programfiler\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\weather-contour.png

c:\programfiler\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\popupWeather.css

c:\programfiler\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\popupWeather.html

c:\programfiler\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\yahoo.png

c:\programfiler\Windows Searchqu Toolbar\ToolBar\chrome\skin\lichen.gif

c:\programfiler\Windows Searchqu Toolbar\ToolBar\chrome\skin\logo-about.png

c:\programfiler\Windows Searchqu Toolbar\ToolBar\chrome\skin\logo.png

c:\programfiler\Windows Searchqu Toolbar\ToolBar\chrome\skin\maps.bmp

c:\programfiler\Windows Searchqu Toolbar\ToolBar\chrome\skin\menuseparatorback.gif

c:\programfiler\Windows Searchqu Toolbar\ToolBar\chrome\skin\modify-save.png

c:\programfiler\Windows Searchqu Toolbar\ToolBar\chrome\skin\modify.png

c:\programfiler\Windows Searchqu Toolbar\ToolBar\chrome\skin\modifyhot.png

c:\programfiler\Windows Searchqu Toolbar\ToolBar\chrome\skin\music.png

c:\programfiler\Windows Searchqu Toolbar\ToolBar\chrome\skin\news.png

c:\programfiler\Windows Searchqu Toolbar\ToolBar\chrome\skin\options\options-main.png

c:\programfiler\Windows Searchqu Toolbar\ToolBar\chrome\skin\options\options-search.png

c:\programfiler\Windows Searchqu Toolbar\ToolBar\chrome\skin\options\options-weather.gif

c:\programfiler\Windows Searchqu Toolbar\ToolBar\chrome\skin\options\options-widgets.png

c:\programfiler\Windows Searchqu Toolbar\ToolBar\chrome\skin\orange.gif

c:\programfiler\Windows Searchqu Toolbar\ToolBar\chrome\skin\pixsy.png

c:\programfiler\Windows Searchqu Toolbar\ToolBar\chrome\skin\relatedlinks.png

c:\programfiler\Windows Searchqu Toolbar\ToolBar\chrome\skin\rss-collapse.png

c:\programfiler\Windows Searchqu Toolbar\ToolBar\chrome\skin\rss-delete.png

c:\programfiler\Windows Searchqu Toolbar\ToolBar\chrome\skin\rss-expand.png

c:\programfiler\Windows Searchqu Toolbar\ToolBar\chrome\skin\rss-feed.png

c:\programfiler\Windows Searchqu Toolbar\ToolBar\chrome\skin\rss-folder-remove.png

c:\programfiler\Windows Searchqu Toolbar\ToolBar\chrome\skin\rss-folder-rename.png

c:\programfiler\Windows Searchqu Toolbar\ToolBar\chrome\skin\rss-folder.png

c:\programfiler\Windows Searchqu Toolbar\ToolBar\chrome\skin\rss-found.png

c:\programfiler\Windows Searchqu Toolbar\ToolBar\chrome\skin\rss-reload.png

c:\programfiler\Windows Searchqu Toolbar\ToolBar\chrome\skin\rss-subscribe.png

c:\programfiler\Windows Searchqu Toolbar\ToolBar\chrome\skin\rss.png

c:\programfiler\Windows Searchqu Toolbar\ToolBar\chrome\skin\rssback.gif

c:\programfiler\Windows Searchqu Toolbar\ToolBar\chrome\skin\rsstopback.gif

c:\programfiler\Windows Searchqu Toolbar\ToolBar\chrome\skin\search-over.png

c:\programfiler\Windows Searchqu Toolbar\ToolBar\chrome\skin\search.png

c:\programfiler\Windows Searchqu Toolbar\ToolBar\chrome\skin\searchbar\searchbar-background-left.png

c:\programfiler\Windows Searchqu Toolbar\ToolBar\chrome\skin\searchbar\searchbar-background-middle.png

c:\programfiler\Windows Searchqu Toolbar\ToolBar\chrome\skin\searchbar\searchbar-background-right.png

c:\programfiler\Windows Searchqu Toolbar\ToolBar\chrome\skin\searchqutb.css

c:\programfiler\Windows Searchqu Toolbar\ToolBar\chrome\skin\settings.png

c:\programfiler\Windows Searchqu Toolbar\ToolBar\chrome\skin\shopping.png

c:\programfiler\Windows Searchqu Toolbar\ToolBar\chrome\skin\siteinfo.png

c:\programfiler\Windows Searchqu Toolbar\ToolBar\chrome\skin\skin-bluelite.png

c:\programfiler\Windows Searchqu Toolbar\ToolBar\chrome\skin\skin-bluesky.png

c:\programfiler\Windows Searchqu Toolbar\ToolBar\chrome\skin\skin-grey.png

c:\programfiler\Windows Searchqu Toolbar\ToolBar\chrome\skin\skin-lichen.png

c:\programfiler\Windows Searchqu Toolbar\ToolBar\chrome\skin\skin-orange.png

c:\programfiler\Windows Searchqu Toolbar\ToolBar\chrome\skin\skin-yellow.png

c:\programfiler\Windows Searchqu Toolbar\ToolBar\chrome\skin\technorati.png

c:\programfiler\Windows Searchqu Toolbar\ToolBar\chrome\skin\throbber.gif

c:\programfiler\Windows Searchqu Toolbar\ToolBar\chrome\skin\toolbarsplitter.png

c:\programfiler\Windows Searchqu Toolbar\ToolBar\chrome\skin\video.bmp

c:\programfiler\Windows Searchqu Toolbar\ToolBar\chrome\skin\weather.png

c:\programfiler\Windows Searchqu Toolbar\ToolBar\chrome\skin\web.png

c:\programfiler\Windows Searchqu Toolbar\ToolBar\chrome\skin\widget_allocine.png

c:\programfiler\Windows Searchqu Toolbar\ToolBar\chrome\skin\widget_bliptv.png

c:\programfiler\Windows Searchqu Toolbar\ToolBar\chrome\skin\widget_calcal.png

c:\programfiler\Windows Searchqu Toolbar\ToolBar\chrome\skin\widget_calculator.png

c:\programfiler\Windows Searchqu Toolbar\ToolBar\chrome\skin\widget_gservices.png

c:\programfiler\Windows Searchqu Toolbar\ToolBar\chrome\skin\widget_sudoku.png

c:\programfiler\Windows Searchqu Toolbar\ToolBar\chrome\skin\widget_todo.jpg

c:\programfiler\Windows Searchqu Toolbar\ToolBar\chrome\skin\widget_todo.png

c:\programfiler\Windows Searchqu Toolbar\ToolBar\chrome\skin\widget_trio.png

c:\programfiler\Windows Searchqu Toolbar\ToolBar\chrome\skin\widget_uconverter.png

c:\programfiler\Windows Searchqu Toolbar\ToolBar\chrome\skin\widgets-square-16px.png

c:\programfiler\Windows Searchqu Toolbar\ToolBar\chrome\skin\widgets.png

c:\programfiler\Windows Searchqu Toolbar\ToolBar\chrome\skin\wikipedia.png

c:\programfiler\Windows Searchqu Toolbar\ToolBar\chrome\skin\yahoosearch.png

c:\programfiler\Windows Searchqu Toolbar\ToolBar\chrome\skin\yellow.gif

c:\programfiler\Windows Searchqu Toolbar\ToolBar\chrome\skin\youtube.png

c:\programfiler\Windows Searchqu Toolbar\ToolBar\chrome\skin\zoom.png

c:\programfiler\Windows Searchqu Toolbar\ToolBar\components\windowmediator.js

c:\programfiler\Windows Searchqu Toolbar\ToolBar\manifest.xml

c:\programfiler\Windows Searchqu Toolbar\ToolBar\SearchquDx.dll

c:\programfiler\Windows Searchqu Toolbar\ToolBar\SearchquTb.dll

c:\programfiler\Windows Searchqu Toolbar\ToolBar\uninstall.exe

c:\programfiler\Windows Searchqu Toolbar\UNWISE.EXE

c:\programfiler\Windows Searchqu Toolbar\UnwiseLauncher.exe

.

((((((((((((((((((((((((((( Filer Opprettet Fra 2010-09-08 til 2010-10-08 )))))))))))))))))))))))))))))))))

.

2010-10-08 22:22 . 2010-10-08 22:22 364560 ----a-r- c:\documents and settings\Lærer\Programdata\Microsoft\Installer\{D3880A64-6112-47b7-8BFE-70EEA07B43E0}\SCTUI.exe

2010-10-08 22:22 . 2010-10-08 22:22 -------- d-----w- c:\programfiler\Windows SteadyState

2010-10-08 21:35 . 2010-04-28 05:44 54760 ----a-w- c:\windows\system32\drivers\fssfltr_tdi.sys

2010-10-08 21:34 . 2010-10-08 21:34 -------- d-----w- c:\programfiler\Windows Live SkyDrive

2010-10-08 21:27 . 2010-10-08 22:46 -------- d--h--r- c:\documents and settings\Lærer\Siste

2010-10-08 20:20 . 2010-10-08 20:20 388096 ----a-r- c:\documents and settings\Lærer\Programdata\Microsoft\Installer\{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}\HiJackThis.exe

2010-10-08 20:20 . 2010-10-08 20:20 -------- d-----w- c:\programfiler\TrendMicro

2010-10-08 19:37 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-10-08 19:37 . 2010-10-08 19:37 -------- d-----w- c:\programfiler\Malwarebytes' Anti-Malware

2010-10-08 19:37 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-10-08 19:00 . 2010-09-07 15:12 38848 ----a-w- c:\windows\avastSS.scr

2010-10-08 18:59 . 2010-10-08 18:59 -------- d-----w- c:\documents and settings\All Users\Programdata\Alwil Software

2010-10-05 10:59 . 2010-10-05 10:59 -------- d-----w- c:\programfiler\gs

2010-10-05 10:58 . 2010-10-05 10:59 -------- d-----w- c:\documents and settings\Lærer\.scribus

2010-10-05 10:57 . 2010-10-05 10:58 -------- d-----w- c:\programfiler\Scribus 1.3.3.14

2010-10-05 10:52 . 2010-10-05 10:54 -------- d-----w- c:\documents and settings\Lærer\Videoredigering

2010-09-25 20:01 . 2001-11-16 15:22 5076354 ----a-r- c:\documents and settings\All Users\Programdata\Transparent\Transparent Language\Common Data\PolAlpha.exe

2010-09-25 19:59 . 2010-09-25 19:59 -------- dc-h--w- c:\documents and settings\All Users\Programdata\{171E062A-F0D3-40F6-9A2F-10C4987C1939}

2010-09-25 19:59 . 2009-08-11 16:40 2818608 -c--a-w- c:\documents and settings\All Users\Programdata\{171E062A-F0D3-40F6-9A2F-10C4987C1939}\LanguageNow.exe

2010-09-25 19:59 . 2010-09-25 20:02 -------- d-----w- c:\documents and settings\All Users\Programdata\Transparent

2010-09-25 19:59 . 2010-09-25 20:02 -------- d-----w- c:\programfiler\Transparent

.

(((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-10-08 21:55 . 2008-11-12 06:18 -------- d-----w- c:\documents and settings\Lærer\Programdata\Dropbox

2010-10-08 21:34 . 2008-03-09 11:09 -------- d-----w- c:\programfiler\Windows Live

2010-10-08 19:01 . 2008-06-27 04:57 -------- d-----w- c:\programfiler\Alwil Software

2010-10-08 16:49 . 2008-08-25 23:32 -------- d-----w- c:\documents and settings\Lærer\Programdata\Media Player Classic

2010-10-08 16:31 . 2006-08-23 06:59 -------- d--h--w- c:\programfiler\InstallShield Installation Information

2010-10-08 16:29 . 2008-06-22 21:28 -------- d-----w- c:\programfiler\uTorrent

2010-10-08 16:26 . 2007-12-03 21:13 -------- d-----w- c:\programfiler\CCleaner

2010-10-08 16:10 . 2008-11-12 20:58 1 ----a-w- c:\documents and settings\Lærer\Programdata\OpenOffice.org\3\user\uno_packages\cache\stamp.sys

2010-10-08 10:16 . 2006-08-23 22:30 81216 ----a-w- c:\windows\system32\perfc014.dat

2010-10-08 10:16 . 2006-08-23 22:30 446176 ----a-w- c:\windows\system32\perfh014.dat

2010-10-06 18:46 . 2009-01-19 15:25 -------- d-----w- c:\documents and settings\Lærer\Programdata\Spotify

2010-10-01 20:18 . 2008-06-03 11:20 -------- d-----w- c:\documents and settings\Lærer\Programdata\FrostWire

2010-09-30 13:59 . 2009-11-16 15:31 -------- d-----w- c:\programfiler\Microsoft Silverlight

2010-09-25 21:01 . 2007-08-23 14:49 48736 ----a-w- c:\documents and settings\Lærer\Lokale innstillinger\Programdata\GDIPFONTCACHEV1.DAT

2010-09-24 13:19 . 2010-09-24 13:19 288 ----a-w- c:\documents and settings\Lærer\Lokale innstillinger\Programdata\GLF6B.tmp

2010-09-11 07:42 . 2009-01-16 06:25 -------- d-----w- c:\programfiler\Opera

2010-09-07 15:11 . 2009-08-30 12:42 167592 ----a-w- c:\windows\system32\aswBoot.exe

2010-09-07 14:52 . 2009-08-30 12:43 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys

2010-09-07 14:52 . 2009-08-30 12:43 165584 ----a-w- c:\windows\system32\drivers\aswSP.sys

2010-09-07 14:47 . 2009-08-30 12:43 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys

2010-09-07 14:47 . 2009-08-30 12:43 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys

2010-09-07 14:47 . 2009-08-30 12:43 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys

2010-09-07 14:47 . 2009-08-30 12:43 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys

2010-09-07 14:46 . 2009-08-30 12:43 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys

2010-08-21 20:47 . 2010-08-21 20:47 188 ----a-w- c:\windows\system32\eDataSecurity.dat

2010-08-19 13:17 . 2010-08-22 08:30 52224 ----a-w- c:\documents and settings\Lærer\Programdata\Mozilla\Firefox\Profiles\6a4c85e2.default\extensions\{9b339f6e-ddcd-401b-8764-230adbd01761}\components\FFExternalAlert.dll

2010-08-19 13:17 . 2010-08-22 08:30 101376 ----a-w- c:\documents and settings\Lærer\Programdata\Mozilla\Firefox\Profiles\6a4c85e2.default\extensions\{9b339f6e-ddcd-401b-8764-230adbd01761}\components\RadioWMPCore.dll

2010-08-19 07:39 . 2010-08-19 07:39 503808 ----a-w- c:\documents and settings\Lærer\Programdata\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-17a32d91-n\msvcp71.dll

2010-08-19 07:39 . 2010-08-19 07:39 499712 ----a-w- c:\documents and settings\Lærer\Programdata\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-17a32d91-n\jmc.dll

2010-08-19 07:39 . 2010-08-19 07:39 12800 ----a-w- c:\documents and settings\Lærer\Programdata\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-4faa26dc-n\decora-d3d.dll

2010-08-19 07:39 . 2010-08-19 07:39 61440 ----a-w- c:\documents and settings\Lærer\Programdata\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-4faa26dc-n\decora-sse.dll

2010-08-19 07:39 . 2010-08-19 07:39 348160 ----a-w- c:\documents and settings\Lærer\Programdata\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-17a32d91-n\msvcr71.dll

2010-08-17 13:17 . 2004-08-04 19:00 58880 ----a-w- c:\windows\system32\spoolsv.exe

2010-07-22 15:46 . 2004-08-04 19:00 590848 ----a-w- c:\windows\system32\rpcrt4.dll

2010-07-22 15:33 . 2009-11-19 14:54 1965056 ----a-w- c:\documents and settings\All Users\Programdata\ifolor\Designer21_NO\Ifolor.Designer.exe

2010-07-22 15:33 . 2009-04-02 08:42 939008 ----a-w- c:\documents and settings\All Users\Programdata\ifolor\Designer21_NO\Plug-Ins\Designer.SmartBook.dll

2010-07-22 06:19 . 2008-05-05 05:25 5120 ----a-w- c:\windows\system32\xpsp4res.dll

.

(((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret )))))))))))))))))))))))))))))))))))))))))))))

.

.

*Merk* tomme oppføringer & gyldige standardoppføringer vises ikke

REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2009-12-09 01:19 94208 ----a-w- c:\documents and settings\Lærer\Programdata\Dropbox\bin\DropboxExt.13.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2009-12-09 01:19 94208 ----a-w- c:\documents and settings\Lærer\Programdata\Dropbox\bin\DropboxExt.13.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2009-12-09 01:19 94208 ----a-w- c:\documents and settings\Lærer\Programdata\Dropbox\bin\DropboxExt.13.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"LaunchApp"="Alaunch" [X]

"igfxtray"="c:\windows\system32\igfxtray.exe" [2006-03-23 94208]

"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-03-23 77824]

"igfxpers"="c:\windows\system32\igfxpers.exe" [2006-03-23 118784]

"RTHDCPL"="RTHDCPL.EXE" [2006-06-28 16248320]

"AzMixerSel"="c:\programfiler\Realtek\InstallShield\AzMixerSel.exe" [2005-12-21 53248]

"SynTPEnh"="c:\programfiler\Synaptics\SynTP\SynTPEnh.exe" [2006-03-03 761946]

"ADMTray.exe"="c:\acer\Empowering Technology\admtray.exe" [2005-10-24 2462208]

"eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2005-12-27 69632]

"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]

"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 59392]

"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]

"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]

"ePower_DMC"="c:\acer\Empowering Technology\ePower\ePower_DMC.exe" [2006-08-10 352256]

"Acer ePower Management"="c:\acer\Empowering Technology\ePower\Acer ePower Management.exe" [2006-05-22 3080704]

"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2006-07-20 593920]

"eRecoveryService"="c:\acer\Empowering Technology\eRecovery\Monitor.exe" [2006-01-24 397312]

"SunJavaUpdateSched"="c:\programfiler\Fellesfiler\Java\Java Update\jusched.exe" [2010-02-18 248040]

"QuickTime Task"="c:\programfiler\QuickTime\QTTask.exe" [2010-03-18 421888]

"iTunesHelper"="c:\programfiler\iTunes\iTunesHelper.exe" [2010-06-15 141624]

"avast5"="c:\programfiler\Alwil Software\Avast5\avastUI.exe" [2010-09-07 2838912]

"fssui"="c:\programfiler\Windows Live\Family Safety\fsui.exe" [2010-04-28 647528]

"Bubble"="c:\programfiler\Windows SteadyState\Bubble.exe" [2008-05-30 182288]

"Logoff"="c:\programfiler\Windows SteadyState\SCTUINotify.exe" [2008-05-30 163856]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\L‘rer\Start-meny\Programmer\Oppstart\

Dropbox.lnk - c:\documents and settings\L‘rer\Programdata\Dropbox\bin\Dropbox.exe [2010-2-26 21979992]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"HideFastUserSwitching"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\policies\microsoft\windows\windowsupdate\au]

"NoAutoUpdate"= 1 (0x1)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Windows SteadyState]

@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start-meny^Programmer^Oppstart^Adobe Reader Speed Launch.lnk]

backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

path=c:\documents and settings\All Users\Start-meny\Programmer\Oppstart\Adobe Reader Speed Launch.lnk

[HKLM\~\startupfolder\C:^Documents and Settings^Lærer^Start-meny^Programmer^Oppstart^Dropbox.lnk]

path=c:\documents and settings\Lærer\Start-meny\Programmer\Oppstart\Dropbox.lnk

backup=c:\windows\pss\Dropbox.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Lærer^Start-meny^Programmer^Oppstart^OpenOffice.org 3.0.lnk]

path=c:\documents and settings\Lærer\Start-meny\Programmer\Oppstart\OpenOffice.org 3.0.lnk

backup=c:\windows\pss\OpenOffice.org 3.0.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent]

2008-04-14 17:23 110592 ----a-w- c:\windows\system32\bthprops.cpl

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]

2009-04-23 13:51 691656 ----a-w- c:\programfiler\DAEMON Tools Lite\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\fssui]

2010-04-28 05:44 647528 ----a-w- c:\programfiler\Windows Live\Family Safety\fsui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

2010-06-15 14:33 141624 ----a-w- c:\programfiler\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ntiMUI]

2006-05-15 10:15 45056 ----a-w- c:\programfiler\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector]

2008-02-26 02:23 443968 ----a-w- c:\documents and settings\Lærer\Skrivebord\Picasa2\PicasaMediaDetector.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2010-03-18 20:16 421888 ----a-w- c:\programfiler\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]

2006-05-16 17:04 2879488 ----a-w- c:\windows\SkyTel.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

2007-09-25 00:11 132496 ----a-w- c:\programfiler\Java\jre1.6.0_03\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]

2006-03-30 15:45 313472 ----a-r- c:\programfiler\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]

"QuickTime Task"="c:\programfiler\QuickTime\qttask.exe" -atboottime

"iTunesHelper"="c:\programfiler\iTunes\iTunesHelper.exe"

"AVG8_TRAY"=c:\progra~1\AVG\AVG8\avgtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Programfiler\\Messenger\\msmsgs.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Programfiler\\FrostWire\\FrostWire.exe"=

"c:\\Programfiler\\Spotify\\spotify.exe"=

"c:\\Programfiler\\Mozilla Firefox\\firefox.exe"=

"c:\\Documents and Settings\\Lærer\\Programdata\\Dropbox\\bin\\Dropbox.exe"=

"c:\\Programfiler\\Opera\\opera.exe"=

"c:\\Programfiler\\Bonjour\\mDNSResponder.exe"=

"c:\\Programfiler\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [30.08.2009 14:43 165584]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [30.08.2009 14:43 17744]

R2 Windows SteadyState;Windows SteadyState Service;c:\programfiler\Windows SteadyState\SCTSvc.exe [30.05.2008 14:41 115728]

S3 cxbu0wdm;CardMan 3x21;c:\windows\system32\drivers\cxbu0wdm.sys [24.06.2009 11:16 114304]

S3 USBAAPL;Apple Mobile USB Driver;c:\windows\system32\drivers\usbaapl.sys [20.10.2009 15:58 40448]

S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [23.09.2007 01:16 721904]

--- Andre tjenester/drivere lastet i minnet ---

*NewlyCreated* - INT15.SYS

*NewlyCreated* - WINDOWS_STEADYSTATE

.

Innholdet i mappen 'Scheduled Tasks' (planlagte oppgaver)

2010-10-05 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\programfiler\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]

2010-10-08 c:\windows\Tasks\User_Feed_Synchronization-{9D2D110F-E3DE-4671-A1F1-F29D7479AE6D}.job

- c:\windows\system32\msfeedssync.exe [2007-08-13 02:31]

.

.

------- Tilleggsskanning -------

.

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uDefault_Search_URL = hxxp://www.google.com/ie

uInternet Connection Wizard,ShellNext = iexplore

uInternet Settings,ProxyOverride = *.local

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

FF - ProfilePath - c:\documents and settings\Lærer\Programdata\Mozilla\Firefox\Profiles\6a4c85e2.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2124320&SearchSource=3&q={searchTerms}

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - hxxp://www.searchqu.com/

FF - prefs.js: keyword.URL - hxxp://www.searchqu.com/web?src=ffb&q=

FF - component: c:\documents and settings\Lærer\Programdata\Mozilla\Firefox\Profiles\6a4c85e2.default\extensions\{9b339f6e-ddcd-401b-8764-230adbd01761}\components\FFExternalAlert.dll

FF - component: c:\documents and settings\Lærer\Programdata\Mozilla\Firefox\Profiles\6a4c85e2.default\extensions\{9b339f6e-ddcd-401b-8764-230adbd01761}\components\RadioWMPCore.dll

FF - plugin: c:\programfiler\Google\Picasa3\npPicasa3.dll

FF - plugin: c:\programfiler\Java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\programfiler\Mozilla Firefox\plugins\npdeployJava1.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----

FF - user.js: network.http.max-persistent-connections-per-server - 4

FF - user.js: nglayout.initialpaint.delay - 600

FF - user.js: content.notify.interval - 600000

FF - user.js: content.max.tokenizing.time - 1800000

FF - user.js: content.switch.threshold - 600000

c:\programfiler\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);

c:\programfiler\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);

c:\programfiler\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".no");

.

- - - - TOMME PEKERE FJERNET - - - -

AddRemove-Messenger_Plus_Live Toolbar - c:\progra~1\MESSEN~3\UNWISE.EXE

AddRemove-Searchqu MediaBar - c:\programfiler\Windows Searchqu Toolbar\UnwiseLauncher.exe

.

--------------------- DLL'er Lastet Av Kjørende Prosesser ---------------------

- - - - - - - > 'winlogon.exe'(940)

c:\windows\system32\igfxdev.dll

.

Tidspunkt ferdig: 2010-10-09 00:59:34

ComboFix-quarantined-files.txt 2010-10-08 22:59

ComboFix2.txt 2010-10-08 22:00

ComboFix3.txt 2010-10-08 20:15

Pre-Run: 6 553 730 048 byte ledig

Post-Run: 6 522 967 040 byte ledig

- - End Of File - - 0C69593E6C609E694C75B36E81548788

0

Del dette innlegget


Lenke til innlegg
Del på andre sider

Skrevet

Last ned CCleaner.

Start programmet. Gå til 'Valg'->'Avansert'. Fjern avkryssingen framfor: "Bare slett midlertidige filer som er eldre enn 48 timer" Klikk på 'Renser' og deretter 'Kjør CCleaner'. Kjør en runde med register-rens også. Si ja til å lage backup før du kjører register-rensen.

Du har husket å endre passord på msnkontoen?

Fortsatt problemer?

0

Del dette innlegget


Lenke til innlegg
Del på andre sider

Opprett en konto eller logg inn for å kommentere

Du må være et medlem for å kunne skrive en kommentar

Opprett konto

Det er enkelt å melde seg inn for å starte en ny konto!


Start en konto

Logg inn

Har du allerede en konto? Logg inn her.


Logg inn nå

  • Hvem er aktive   0 medlemmer

    Ingen innloggede medlemmer aktive