det håber jeg da ikke jeg har (o;
Logfile of HijackThis v1.99.1
Scan saved at 20:02:58, on 09-06-2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Programmer\Analog Devices\SoundMAX\SMTray.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Programmer\Java\jre1.5.0_06\bin\jusched.exe
F:\Programmer\DAEMON Tools\daemon.exe
C:\Programmer\SPYWAREfighter\spfprc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\Google\Google Desktop Search\GoogleDesktop.exe
C:\Programmer\MSN Messenger\MsnMsgr.Exe
C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Programmer\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Programmer\Fælles filer\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\Programmer\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\All Users\Menuen Start\Programmer\Start\msconfig.exe
C:\Programmer\TClock\TClock.exe
C:\Documents and Settings\All Users\Menuen Start\Programmer\Start\taskmgr.exe
C:\Programmer\WinZip\WZQKPICK.EXE
C:\Programmer\SpywareGuard\sgmain.exe
C:\Programmer\Weather\Weather.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\p2pnetworking.exe
C:\Programmer\SpywareGuard\sgbhp.exe
C:\Documents and Settings\Administrator\Skrivebord\hjt.exe
C:\WINDOWS\system32\p2pnetworking.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
R3 - URLSearchHook: (no name) - {F6EC44DA-8C40-A5CC-6DD2-F45D4DC94EB2} - C:\WINDOWS\system32\ouf.dll (file missing)
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Programmer\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programmer\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmer\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Smapp] C:\Programmer\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmer\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [DAEMON Tools] "f:\Programmer\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [winlog] winlog.exe
O4 - HKLM\..\Run: [keyboard] C:\\keyboard25.exe
O4 - HKLM\..\Run: [spywarefighterguard] C:\Programmer\SPYWAREfighter\spfprc.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\RunServices: [winlog] winlog.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Google Desktop Search] "C:\Programmer\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmer\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [zqzm] C:\PROGRA~1\FLLESF~1\zqzm\zqzmm.exe
O4 - HKCU\..\Run: [TClock.exe] C:\Programmer\TClock\tclock_install.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: SpywareGuard.lnk = C:\Programmer\SpywareGuard\sgmain.exe
O4 - Startup: Weather.lnk = C:\Programmer\Weather\Weather.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programmer\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: msconfig.exe
O4 - Global Startup: taskmgr.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Programmer\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Google Search -
res://c:\programmer\google\GoogleToolbar2.dll/cmsearch.htmlO8 - Extra context menu item: &MyToolBar Search -
res://C:\Programmer\ToolBar888\MyToolBar.dll/MENUSEARCH.HTMO8 - Extra context menu item: &Translate English Word -
res://c:\programmer\google\GoogleToolbar2.dll/cmwordtrans.htmlO8 - Extra context menu item: Backward Links -
res://c:\programmer\google\GoogleToolbar2.dll/cmbacklinks.htmlO8 - Extra context menu item: Cached Snapshot of Page -
res://c:\programmer\google\GoogleToolbar2.dll/cmcache.htmlO8 - Extra context menu item: E&ksporter til Microsoft Excel -
res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000O8 - Extra context menu item: Similar Pages -
res://c:\programmer\google\GoogleToolbar2.dll/cmsimilar.htmlO8 - Extra context menu item: Translate Page into English -
res://c:\programmer\google\GoogleToolbar2.dll/cmtrans.htmlO9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Opslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1147600336545O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) -
https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocxO18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - AppInit_DLLs: C:\WINDOWS\system32\chkdsk.dll
O20 - Winlogon Notify: DIFx - C:\WINDOWS\system32\m646lghs1646.dll (file missing)
O20 - Winlogon Notify: SASWinLogon - C:\Programmer\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: SystemCheck2 - {54645654-2225-4455-44A1-9F4543D34546} - C:\WINDOWS\System32\vbsys2.dll (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programmer\Analog Devices\SoundMAX\SMAgent.exe
SUPERAntiSpyware Scan Log
Generated 06/09/2006 at 07:55 PM
Core Rules Database Version : 2971
Trace Rules Database Version: 1070
Memory threats detected : 1
Registry threats detected : 140
File threats detected : 215
Adware.webHancer
C:\PROGRAMMER\WEBHANCER\PROGRAMS\WEBHDLL.DLL
C:\PROGRAMMER\WEBHANCER\PROGRAMS\WEBHDLL.DLL
[webHancer Agent] C:\Programmer\webHancer\Programs\whagent.exe
C:\Programmer\webHancer\Programs\whagent.exe
[webHancer Survey Companion] C:\Programmer\webHancer\Programs\whsurvey.exe
C:\Programmer\webHancer\Programs\whsurvey.exe
HKLM\Software\Classes\CLSID\{c900b400-cdfe-11d3-976a-00e02913a9e0}
HKCR\CLSID\{c900b400-cdfe-11d3-976a-00e02913a9e0}
HKCR\CLSID\{c900b400-cdfe-11d3-976a-00e02913a9e0}
HKCR\CLSID\{c900b400-cdfe-11d3-976a-00e02913a9e0}\InprocServer32
HKCR\CLSID\{c900b400-cdfe-11d3-976a-00e02913a9e0}\InprocServer32#ThreadingModel
HKCR\CLSID\{c900b400-cdfe-11d3-976a-00e02913a9e0}\ProgID
HKCR\CLSID\{c900b400-cdfe-11d3-976a-00e02913a9e0}\Programmable
HKCR\CLSID\{c900b400-cdfe-11d3-976a-00e02913a9e0}\VersionIndependentProgID
C:\Programmer\webHancer\programs\whiehlpr.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c900b400-cdfe-11d3-976a-00e02913a9e0}
SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000001
SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000002
SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000014
HKCR\WhIeHelperObj.WhIeHelperObj
HKCR\WhIeHelperObj.WhIeHelperObj\CurVer
HKCR\WhIeHelperObj.WhIeHelperObj.1
HKCR\WhIeHelperObj.WhIeHelperObj.1\CLSID
HKCR\Interface\{C89435B0-CDFE-11D3-976A-00E02913A9E0}
HKCR\Interface\{C89435B0-CDFE-11D3-976A-00E02913A9E0}\ProxyStubClsid
HKCR\Interface\{C89435B0-CDFE-11D3-976A-00E02913A9E0}\ProxyStubClsid32
HKCR\Interface\{C89435B0-CDFE-11D3-976A-00E02913A9E0}\TypeLib
HKCR\Interface\{C89435B0-CDFE-11D3-976A-00E02913A9E0}\TypeLib#Version
HKCR\TypeLib\{C8CB3870-CDFE-11D3-976A-00E02913A9E0}
HKCR\TypeLib\{C8CB3870-CDFE-11D3-976A-00E02913A9E0}\1.0
HKCR\TypeLib\{C8CB3870-CDFE-11D3-976A-00E02913A9E0}\1.0\0
HKCR\TypeLib\{C8CB3870-CDFE-11D3-976A-00E02913A9E0}\1.0\0\win32
HKCR\TypeLib\{C8CB3870-CDFE-11D3-976A-00E02913A9E0}\1.0\FLAGS
HKCR\TypeLib\{C8CB3870-CDFE-11D3-976A-00E02913A9E0}\1.0\HELPDIR
HKLM\Software\WebHancer
HKLM\Software\WebHancer#BaseDir
HKLM\Software\WebHancer\CC
HKLM\Software\WebHancer\CC#DistTag
HKLM\Software\WebHancer\CC#id
HKLM\Software\WebHancer\ESO
HKLM\Software\WebHancer\ESO#aa
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\webHancer Agent
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\webHancer Agent#UninstallString
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\webHancer Agent#DisplayName
C:\Programmer\WEBHANCER\Programs\license.txt
C:\Programmer\WEBHANCER\Programs\readme.txt
C:\Programmer\WEBHANCER\Programs\sporder.dll
C:\Programmer\WEBHANCER\Programs\whagent.ini
C:\Programmer\WEBHANCER\Programs\whinstaller.exe
C:\Programmer\WEBHANCER\Programs\whSurvey.ini
C:\Programmer\WEBHANCER\Programs
C:\Programmer\WEBHANCER
C:\Programmer\whInstall\license.txt
C:\Programmer\whInstall\readme.txt
C:\Programmer\whInstall\whAgent.ini
C:\Programmer\whInstall
C:\WHCC2.exe
C:\WINDOWS\Prefetch\WHAGENT.EXE-2D5707F7.pf
C:\WINDOWS\Prefetch\WHCC2.EXE-29C4F9E2.pf
C:\WINDOWS\Prefetch\WHSURVEY.EXE-13CFD1A3.pf
Trojan.GimmySmilies
[newname] C:\\newname25.exe
C:\\newname25.exe
C:\newname25.exe
Adware.IPWins
[IpWins] C:\Programmer\ipwins\ipwins.exe
C:\Programmer\ipwins\ipwins.exe
HKU\S-1-5-21-2052111302-1844823847-725345543-500\Software\IpWins
C:\Programmer\ipwins\data.dat
C:\Programmer\ipwins\settings.dat
C:\Programmer\ipwins
Trojan.Defender1
[defender] C:\\defender25.exe
C:\\defender25.exe
C:\defender25.exe
C:\Documents and Settings\Administrator\Lokale indstillinger\Temporary Internet Files\Content.IE5\LV3L3XFG\defender25[1].exe
Adware.ClickSpring
[Uwtw] C:\DOCUME~1\ADMINI~1\APPLIC~1\FNTS~1\ping.exe
C:\DOCUME~1\ADMINI~1\APPLIC~1\FNTS~1\ping.exe
[Mwjetvx] C:\DOCUME~1\ADMINI~1\DOKUME~1\SMANTE~1\WCRTUP~1.EXE
C:\DOCUME~1\ADMINI~1\DOKUME~1\SMANTE~1\WCRTUP~1.EXE
C:\Documents and Settings\Administrator\Application Data\FNTS~1\ping.exe
C:\Documents and Settings\Administrator\Dokumenter\SMANTE~1\WCRTUP~1.EXE
C:\Documents and Settings\Administrator\Lokale indstillinger\Temp\!update.exe
C:\WINDOWS\system32\ouf.dll
Trojan.WinUpdate
[WinUpdate.exe] C:\Programmer\Windows\WinUpdate.exe
C:\Programmer\Windows\WinUpdate.exe
HKU\S-1-5-21-2052111302-1844823847-725345543-500\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run#WinUpdate.exe [ C:\Programmer\Windows\WinUpdate.exe ]
IWantSearchBar Browser Helper Object
HKLM\Software\Classes\CLSID\{0E1230F8-EA50-42A9-983C-D22ABC2EED3B}
HKCR\CLSID\{0E1230F8-EA50-42A9-983C-D22ABC2EED3B}
HKCR\CLSID\{0E1230F8-EA50-42A9-983C-D22ABC2EED3B}
HKCR\CLSID\{0E1230F8-EA50-42A9-983C-D22ABC2EED3B}\InprocServer32
HKCR\CLSID\{0E1230F8-EA50-42A9-983C-D22ABC2EED3B}\InprocServer32#ThreadingModel
HKCR\CLSID\{0E1230F8-EA50-42A9-983C-D22ABC2EED3B}\ProgID
HKCR\CLSID\{0E1230F8-EA50-42A9-983C-D22ABC2EED3B}\Programmable
HKCR\CLSID\{0E1230F8-EA50-42A9-983C-D22ABC2EED3B}\TypeLib
HKCR\CLSID\{0E1230F8-EA50-42A9-983C-D22ABC2EED3B}\VersionIndependentProgID
C:\Programmer\ToolBar888\MyToolBar.dll
HKLM\Software\Microsoft\Internet Explorer\Toolbar#{0E1230F8-EA50-42A9-983C-D22ABC2EED3B}
HKCR\MyToolBar.MyToolBarObj.1
HKCR\MyToolBar.MyToolBarObj.1\CLSID
HKCR\MyToolBar.MyToolBarObj
HKCR\MyToolBar.MyToolBarObj\CLSID
HKCR\MyToolBar.MyToolBarObj\CurVer
HKCR\TypeLib\{E5AD4FBC-37C0-4b7c-AEA8-ED6734D583CA}
Unclassified.Unknown Origin
HKLM\System\ControlSet001\Services\cmdService
C:\WINDOWS\Umlja2llIEJlY2tlcg\command.exe
HKLM\System\ControlSet003\Services\cmdService
HKLM\System\CurrentControlSet\Services\cmdService
Adware.Tracking Cookie
C:\Documents and Settings\Administrator\Cookies\administrator@atdmt[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@apmebf[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@adtech[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@56632994[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@tradedoubler[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@partypoker[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@cgi-bin[3].txt
C:\Documents and Settings\Administrator\Cookies\administrator@ads.i-am-bored[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@ehg-dig.hitbox[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@www.wisecounter[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@valueclick[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@click.cashengines[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@statse.webtrendslive[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@cgi-bin[4].txt
C:\Documents and Settings\Administrator\Cookies\administrator@dealtime[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@revsci[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@sextracker[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@ads.newgrounds[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@perf.overture[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@free.wegcash[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@tribalfusion[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@2o7[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@focalex[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@e2.emediate[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@www.freeserials[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@qksrv[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@yadro[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@adultfriendfinder[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@888[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@spylog[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@1071638124[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@hotlog[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@overture[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@cgi-bin[5].txt
C:\Documents and Settings\Administrator\Cookies\administrator@bs.serving-sys[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@www.dealtime[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@sexyfurniture[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@cgi-bin[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@stats1.reliablestats[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@1068906080[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@atwola[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@www.riverbelle[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@hotbar[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@image.masterstats[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@findwhat[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@microsofteup.112.2o7[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@revenue[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@adopt.hbmediapro[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@doubleclick[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@ads.softure[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@www.888[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@adserver.banneradministration[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@questionmarket[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@cpvfeed[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@indextools[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@serving-sys[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@sexnoveller[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@statcounter[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@trafficmp[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@ad[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@ehg-nvidia.hitbox[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@partner2profit[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@fastclick[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@server.iad.liveperson[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@as-eu.falkag[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@www.xctrk[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@r72[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@www.jackpotmadness[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@mediaplex[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@advertising[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@ads.mininova[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@data4.perf.overture[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@ad1.emediate[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@stat.dealtime[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@ads.pointroll[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@zedo[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@web2.realtracker[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@ad.yieldmanager[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@versiontracker[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@targetnet[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@mb[3].txt
C:\Documents and Settings\Administrator\Cookies\administrator@82763522[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@bizrate[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@counter15.sextracker[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@247realmedia[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@tacoda[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@hitbox[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@http.edge.vru4[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@publishers.clickbooth[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@track.adform[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@realmedia[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@server.cpmstar[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@mb[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@indexstats[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@bluestreak[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@cassava[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@www.comprabanner[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@www.winantiviruspro[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@smileycentral[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@www.popupsandbanners[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@searchbar.findthewebsiteyouneed[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@ehg-ads.hitbox[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@partygaming.122.2o7[1].txt
C:\Documents and Settings\Administrator\Lokale indstillinger\Temp\Cookies\administrator@ad1.emediate[1].txt
C:\Documents and Settings\Administrator\Lokale indstillinger\Temp\Cookies\administrator@adserver.banneradministration[2].txt
C:\Documents and Settings\Administrator\Lokale indstillinger\Temp\Cookies\administrator@adultfriendfinder[2].txt
C:\Documents and Settings\Administrator\Lokale indstillinger\Temp\Cookies\administrator@clickbank[1].txt
C:\Documents and Settings\Administrator\Lokale indstillinger\Temp\Cookies\administrator@cpvfeed[1].txt
C:\Documents and Settings\Administrator\Lokale indstillinger\Temp\Cookies\administrator@doubleclick[2].txt
C:\Documents and Settings\Administrator\Lokale indstillinger\Temp\Cookies\administrator@indexstats[1].txt
C:\Documents and Settings\Administrator\Lokale indstillinger\Temp\Cookies\administrator@indextools[1].txt
C:\Documents and Settings\Administrator\Lokale indstillinger\Temp\Cookies\administrator@mediaplex[1].txt
C:\Documents and Settings\Administrator\Lokale indstillinger\Temp\Cookies\administrator@overture[1].txt
C:\Documents and Settings\Administrator\Lokale indstillinger\Temp\Cookies\administrator@realmedia[1].txt
C:\Documents and Settings\Administrator\Lokale indstillinger\Temp\Cookies\administrator@searchbar.findthewebsiteyouneed[1].txt
C:\Documents and Settings\Administrator\Lokale indstillinger\Temp\Cookies\administrator@track.adform[1].txt
C:\Documents and Settings\Administrator\Lokale indstillinger\Temp\Cookies\administrator@versiontracker[1].txt
C:\Documents and Settings\Administrator\Lokale indstillinger\Temp\Cookies\administrator@www.popupsandbanners[2].txt
C:\Documents and Settings\Administrator\Lokale indstillinger\Temp\Cookies\administrator@www.winantiviruspro[1].txt
C:\Documents and Settings\Administrator\Lokale indstillinger\Temp\Cookies\administrator@www.winantivirus[1].txt
C:\WINDOWS\Temp\Cookies\administrator@ad.yieldmanager[1].txt
C:\WINDOWS\Temp\Cookies\administrator@adopt.hbmediapro[2].txt
C:\WINDOWS\Temp\Cookies\administrator@bluestreak[1].txt
C:\WINDOWS\Temp\Cookies\administrator@cpvfeed[2].txt
C:\WINDOWS\Temp\Cookies\administrator@indexstats[1].txt
C:\WINDOWS\Temp\Cookies\administrator@partygaming.122.2o7[1].txt
C:\WINDOWS\Temp\Cookies\administrator@realmedia[1].txt
C:\WINDOWS\Temp\Cookies\administrator@searchbar.findthewebsiteyouneed[1].txt
C:\WINDOWS\Temp\Cookies\administrator@stats1.reliablestats[2].txt
C:\WINDOWS\Temp\Cookies\administrator@web2.realtracker[1].txt
C:\WINDOWS\Temp\Cookies\administrator@www.winantiviruspro[1].txt
C:\WINDOWS\Temp\Cookies\administrator@www.winantivirus[1].txt
C:\WINDOWS\Temp\Cookies\administrator@zedo[2].txt
Trojan.NetMon/DNSChange
HKLM\SYSTEM\CurrentControlSet\Services\Network Monitor
HKLM\SYSTEM\CurrentControlSet\Services\Network Monitor#Type
HKLM\SYSTEM\CurrentControlSet\Services\Network Monitor#Start
HKLM\SYSTEM\CurrentControlSet\Services\Network Monitor#ErrorControl
HKLM\SYSTEM\CurrentControlSet\Services\Network Monitor#ImagePath
HKLM\SYSTEM\CurrentControlSet\Services\Network Monitor#DisplayName
HKLM\SYSTEM\CurrentControlSet\Services\Network Monitor#ObjectName
HKLM\SYSTEM\CurrentControlSet\Services\Network Monitor\Security
HKLM\SYSTEM\CurrentControlSet\Services\Network Monitor\Security#Security
HKLM\SYSTEM\CurrentControlSet\Services\Network Monitor\Enum
HKLM\SYSTEM\CurrentControlSet\Services\Network Monitor\Enum#0
HKLM\SYSTEM\CurrentControlSet\Services\Network Monitor\Enum#Count
HKLM\SYSTEM\CurrentControlSet\Services\Network Monitor\Enum#NextInstance
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETWORK_MONITOR
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETWORK_MONITOR#NextInstance
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETWORK_MONITOR\0000
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETWORK_MONITOR\0000#Service
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETWORK_MONITOR\0000#Legacy
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETWORK_MONITOR\0000#ConfigFlags
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETWORK_MONITOR\0000#Class
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETWORK_MONITOR\0000#ClassGUID
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETWORK_MONITOR\0000#DeviceDesc
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A394E835-C8D6-4B4B-884B-D2709059F3BE}
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A394E835-C8D6-4B4B-884B-D2709059F3BE}#Contact
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A394E835-C8D6-4B4B-884B-D2709059F3BE}#DisplayName
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A394E835-C8D6-4B4B-884B-D2709059F3BE}#DisplayVersion
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A394E835-C8D6-4B4B-884B-D2709059F3BE}#NoModify
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A394E835-C8D6-4B4B-884B-D2709059F3BE}#NoRemove
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A394E835-C8D6-4B4B-884B-D2709059F3BE}#NoRepair
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A394E835-C8D6-4B4B-884B-D2709059F3BE}#UninstallString
C:\Programmer\Network Monitor\netmon.exe
C:\Programmer\Network Monitor
Trojan.cmdService
HKLM\SYSTEM\CurrentControlSet\Services\cmdService#Type
HKLM\SYSTEM\CurrentControlSet\Services\cmdService#Start
HKLM\SYSTEM\CurrentControlSet\Services\cmdService#ErrorControl
HKLM\SYSTEM\CurrentControlSet\Services\cmdService#ImagePath
HKLM\SYSTEM\CurrentControlSet\Services\cmdService#DisplayName
HKLM\SYSTEM\CurrentControlSet\Services\cmdService#ObjectName
HKLM\SYSTEM\CurrentControlSet\Services\cmdService\Security
HKLM\SYSTEM\CurrentControlSet\Services\cmdService\Security#Security
HKLM\SYSTEM\CurrentControlSet\Services\cmdService\Enum
HKLM\SYSTEM\CurrentControlSet\Services\cmdService\Enum#0
HKLM\SYSTEM\CurrentControlSet\Services\cmdService\Enum#Count
HKLM\SYSTEM\CurrentControlSet\Services\cmdService\Enum#NextInstance
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3877C2CD-F137-4144-BDB2-0A811492F920}
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3877C2CD-F137-4144-BDB2-0A811492F920}#Contact
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3877C2CD-F137-4144-BDB2-0A811492F920}#DisplayName
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3877C2CD-F137-4144-BDB2-0A811492F920}#DisplayVersion
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3877C2CD-F137-4144-BDB2-0A811492F920}#NoModify
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3877C2CD-F137-4144-BDB2-0A811492F920}#NoRemove
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3877C2CD-F137-4144-BDB2-0A811492F920}#NoRepair
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3877C2CD-F137-4144-BDB2-0A811492F920}#UninstallString
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE#NextInstance
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE\0000
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE\0000#Service
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE\0000#Legacy
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE\0000#ConfigFlags
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE\0000#Class
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE\0000#ClassGUID
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE\0000#DeviceDesc
Adware.TargetSavers
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\TSA
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\TSA#DisplayName
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\TSA#UninstallString
C:\Programmer\Fælles filer\zqzm\zqzml.exe
C:\Programmer\Fælles filer\zqzm\zqzmp.exe
Adware.Adservs
C:\WINDOWS\system32\atmtd.dll
C:\WINDOWS\system32\atmtd.dll._
Adware.Avenue Media/Internet Optimizer
HKU\S-1-5-21-2052111302-1844823847-725345543-500\Software\Microsoft\Internet Explorer\URLSearchHooks#_{CFBFAE00-17A6-11D0-99CB-00C04FD64497}
Adware.Director
HKU\S-1-5-21-2052111302-1844823847-725345543-500\Software\Director
Trojan.Freeprod
C:\Documents and Settings\Administrator\Skrivebord\freeprodtb.exe
Adware.Toolbar888
C:\Programmer\Toolbar888\Uninst.exe
C:\Programmer\Toolbar888
Trojan.SmartLoad
HKLM\Software\Microsoft\drsmartload2
HKLM\Software\Microsoft\drsmartload2#Installed
C:\drsmartload1.exe
C:\drsmartload45a.exe
C:\drsmartload46a.exe
C:\drsmartload849a.exe
C:\WINDOWS\drsmartload2.dat
Browser Hijacker.Internet Explorer Settings Hijack
HKU\S-1-5-21-2052111302-1844823847-725345543-500\Software\Microsoft\Internet Explorer\Search\SearchAssistant Explorer\Main#Default_Search_URL [
http://searchbar.findthewebsiteyouneed.com ]
Adware.ClickSpring/Yazzle
HKLM\Software\Snowball Wars
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Snowball Wars
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Snowball Wars#DisplayName
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Snowball Wars#UninstallString
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yazzle1122Oin
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yazzle1122Oin#DisplayName
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yazzle1122Oin#UninstallString
C:\Programmer\Snowball Wars\License.txt
C:\Programmer\Snowball Wars\SnowballWars.exe
C:\Programmer\Snowball Wars\uninstaller.exe
C:\Programmer\Snowball Wars
C:\Documents and Settings\Administrator\Lokale indstillinger\Temporary Internet Files\Content.IE5\0XMZGH6N\Trelew[1].exe
C:\Documents and Settings\Administrator\Menuen Start\Programmer\Games\Snowball Wars.lnk
C:\Programmer\Fælles filer\Yazzle1122OinUninstaller.exe
C:\Trelew.exe
Worm.Rbot Variant
C:\b.exe
Trojan.Unknown Origin
C:\Documents and Settings\Administrator\Lokale indstillinger\Temp\cmdinst.exe
C:\Documents and Settings\Administrator\Lokale indstillinger\Temporary Internet Files\Content.IE5\0XMZGH6N\installer[1].exe
C:\WINDOWS\system32\wapisvcc.exe
C:\WINDOWS\teller2.chk
C:\WINDOWS\Umlja2llIEJlY2tlcg\oA53uZ55KHL5sZQ5w0.vbs
C:\WINDOWS\uninstall_nmon.vbs
TargetSaver, Inc. Process
C:\Documents and Settings\Administrator\Lokale indstillinger\Temp\tsinstall_4_0_4_0_b4.exe
C:\WINDOWS\system32\tsuninst.exe
Trojan.MC Downloader Variant
C:\Documents and Settings\Administrator\mc-110-12-0000137.exe
C:\Documents and Settings\Administrator\mc-110-12-0000140.exe
C:\mc-110-12-0000228.exe
C:\WINDOWS\system32\mc-110-12-0000140.exe
Trojan.Downloader-Variant
C:\Programmer\WinRAR\wUnRAR.exe
Adware.NicTech Networks
C:\warebundle.exe
Worm.Alcra Variant
C:\WINDOWS\system32\cmd.com
C:\WINDOWS\system32\netstat.com
C:\WINDOWS\system32\ping.com
C:\WINDOWS\system32\regedit.com
C:\WINDOWS\system32\taskkill.com
C:\WINDOWS\system32\tasklist.com
C:\WINDOWS\system32\tracert.com
