Contextadvisor - pop op køre mig gal

**christine154** · #1 22 februar 2008, 15:46

for de seneste 3 dage jeg bliver ved med at få dette pop up ikke sikker på, hvordan man kan slippe af med det gjort et hjt scanningen, hvis der er noget, der, som du mener kan være årsag eller andre problemer kan du hjælpe mig med, hvad de skal gøre

Logfile af Trend Micro HijackThis v2.0.2
Scan gemt kl 22:43:41 den 22/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal
Kørende processer:
C: \ WINDOWS \ System32 \ smss.exe
C: \ WINDOWS \ system32 \ Winlogon.exe
C: \ WINDOWS \ system32 \ Services.exe
C: \ WINDOWS \ system32 \ Lsass.exe
C: \ WINDOWS \ system32 \ Svchost.exe
C: \ WINDOWS \ System32 \ Svchost.exe
C: \ WINDOWS \ system32 \ ZoneLabs \ vsmon.exe
C: \ WINDOWS \ Explorer.EXE
C: \ Programmer \ Lavasoft \ Ad-Aware 2007 \ aawservice.exe
C: \ WINDOWS \ system32 \ Spoolsv.exe
C: \ Acer \ Stærke Technology \ ePerformance \ MemCheck.exe
C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgamsvr.exe
C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgupsvc.exe
C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgemc.exe
C: \ WINDOWS \ system32 \ hasplms.exe
c: \ Programmer \ Common Files \ LightScribe \ LSSrvc.exe
C: \ Acer \ Stærke Technology \ eLock \ LockServ.exe
C: \ WINDOWS \ system32 \ nvsvc32.exe
C: \ WINDOWS \ system32 \ Svchost.exe
C: \ WINDOWS \ RTHDCPL.EXE
C: \ Acer \ Stærke Technology \ eRecovery \ eRAgent.exe
C: \ Programmer \ Cyberlink \ PowerDVD \ PDVDServ.exe
C: \ WINDOWS \ system32 \ rundll32.exe
C: \ Programmer \ Java \ jre1.6.0_03 \ bin \ jusched.exe
C: \ WINDOWS \ system32 \ SysMonitor.exe
C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgcc.exe
C: \ Programmer \ Zone Labs \ ZoneAlarm \ zlclient.exe
C: \ WINDOWS \ CameraFixer.exe
C: \ WINDOWS \ tsnp2std.exe
C: \ WINDOWS \ vsnp2std.exe
C: \ Programmer \ Real \ RealPlayer \ RealPlay.exe
C: \ Acer \ Stærke Technology \ eLock \ Monitor \ LockMon.exe
C: \ Programmer \ QuickTime \ qttask.exe
C: \ PROGRA ~ 1 \ Yahoo! \ Browser \ ybrwicon.exe
C: \ WINDOWS \ System32 \ rundll32.exe
C: \ WINDOWS \ system32 \ Ctfmon.exe
C: \ Programmer \ Messenger \ msmsgs.exe
C: \ Programmer \ Internet Explorer \ IEXPLORE.EXE
C: \ PROGRA ~ 1 \ Yahoo! \ Browser \ ycommon.exe
C: \ Programmer \ Craft ROBO Controller \ CRSSupervisor.exe
C: \ Programmer \ Hewlett-Packard \ Digital Imaging \ bin \ hpohmr08.exe
C: \ Programmer \ Hewlett-Packard \ Digital Imaging \ bin \ hpotdd01.exe
C: \ Programmer \ TrueSwitchBTYahoo \ TrueWizard.exe
C: \ Programmer \ Hewlett-Packard \ Digital Imaging \ bin \ hpoevm08.exe
C: \ WINDOWS \ system32 \ Wbem \ wmiapsrv.exe
C: \ Programmer \ Hewlett-Packard \ Digital Imaging \ Bin \ hpoSTS08.exe
C: \ PROGRA ~ 1 \ Yahoo! \ Virksomhedsdata ~ 1 \ Installerer \ cpn0 \ YTBSDK.e XE
C: \ WINDOWS \ System32 \ Svchost.exe
C: \ PROGRA ~ 1 \ Yahoo! \ Messen ~ 1 \ YAHOOM ~ 1.EXE
C: \ Programmer \ King Kong Software \ Capture \ KingKongCapture.exe
C: \ Programmer \ Yahoo! \ Browser \ ybrowser.exe
C: \ Programmer \ Mozilla Firefox \ firefox.exe
C: \ Documents and Settings \ Christine \ Desktop \ HiJackThis.exe
R1 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Default_Search_URL = http://kingkongsearch.com/
R0 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://bt.my.yahoo.com/
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU \ Software \ Microsoft \ Internet Explorer \ SearchURL, (Default) = http://search.aol.co.uk/web?isinit=true&query =% s
R3 - URLSearchHook: Yahoo! Toolbar - (EF99BD32-C1FB-11D2-892F-0090271D4F88) - C: \ Programmer \ Yahoo! \ Companion \ Installerer \ cpn0 \ yt.dll
O2 - BHO: Yahoo! Toolbar Helper - (02478D38-C3F9-4EFB-9B51-7695ECA05670) - C: \ Programmer \ Yahoo! \ Companion \ Installerer \ cpn0 \ yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - (06849E9F-C8D7-4D59-B87D-784B7D6BE0B3) - C: \ Programmer \ Common Files \ Adobe \ Acrobat \ ActiveX \ AcroIEHelper.dll
O2 - BHO: Spybot-S & D IE Protection - (53707962-6F74-2D53-2644-206D7942484F) - C: \ PROGRA ~ 1 \ Spybot ~ 1 \ SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - (5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897) - C: \ PROGRA ~ 1 \ Yahoo! \ Common \ yiesrvc.dll
O2 - BHO: SSVHelper Class - (761497BB-D6F0-462C-B6EB-D4DAF1D92D43) - C: \ Programmer \ Java \ jre1.6.0_03 \ bin \ ssv.dll
O2 - BHO: rightonads optimizer - (7D9362F8-77D8-4b29-97B5-621D550890C0) - C: \ WINDOWS \ system32 \ gzmrt.dll
O2 - BHO: ContextAdvisor - (87E68009-29A8-D669-F7C2-B31D08635C50) - C: \ Programmer \ ContextAdvisor \ ContextAdvisor-3.dll
O2 - BHO: ads_optimizer - (9C8A568E-4201-478a-8536-526CF371D2E2) - C: \ WINDOWS \ system32 \ nst46.dll
O2 - BHO: XBTB06823 klasse - (BA463437-C3DE-47da-8280-87596824388A) - C: \ PROGRA ~ 1 \ GOOGLE ~ 1 \ TOOLBA ~ 1.DLL
O2 - BHO: ZoneAlarm Spy Blocker BHO - (F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA) - C: \ Programmer \ ZoneAlarmSB \ bar \ 1.bin \ SPYBLOCK.DLL
O2 - BHO: SidebarAutoLaunch Class - (F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D) - C: \ Programmer \ Yahoo! \ Browser \ YSidebarIEBHO.dll
O3 - Toolbar: Yahoo! Toolbar - (EF99BD32-C1FB-11D2-892F-0090271D4F88) - C: \ Programmer \ Yahoo! \ Companion \ Installerer \ cpn0 \ yt.dll
O3 - Toolbar: ZoneAlarm Spy Blocker - (F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA) - C: \ Programmer \ ZoneAlarmSB \ bar \ 1.bin \ SPYBLOCK.DLL
O4 - HKLM \ .. \ Run: [LaunchApp] Alaunch
O4 - HKLM \ .. \ Run: [NvCplDaemon] rundll32.exe C: \ WINDOWS \ system32 \ NvCpl.dll, NvStartup
O4 - HKLM \ .. \ Run: [nwiz] nwiz.exe / install
O4 - HKLM \ .. \ Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM \ .. \ Run: [SkyTel] SkyTel.EXE
O4 - HKLM \ .. \ Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM \ .. \ Run: [ntiMUI] c: \ Programmer \ NewTech Infosystems \ NTI CD & DVD-Maker 7 \ ntiMUI.exe
O4 - HKLM \ .. \ Run: [RemoteControl] "C: \ Programmer \ Cyberlink \ PowerDVD \ PDVDServ.exe"
O4 - HKLM \ .. \ Run: [IMJPMIG8.1] "C: \ WINDOWS \ IME \ imjp8_1 \ IMJPMIG.EXE" / forkæle / RemAdvDef / Migration32
O4 - HKLM \ .. \ Run: [IMEKRMIG6.1] C: \ WINDOWS \ Ime \ imkr6_1 \ IMEKRMIG.EXE
O4 - HKLM \ .. \ Run: [MSPY2002] C: \ WINDOWS \ system32 \ IME \ PINTLGNT \ ImScInst.exe / SYNC
O4 - HKLM \ .. \ Run: [PHIME2002ASync] C: \ WINDOWS \ system32 \ IME \ TINTLGNT \ TINTSETP.EXE / SYNC
O4 - HKLM \ .. \ Run: [PHIME2002A] C: \ WINDOWS \ system32 \ IME \ TINTLGNT \ TINTSETP.EXE / IMEName
O4 - HKLM \ .. \ Run: [NvMediaCenter] rundll32.exe C: \ WINDOWS \ system32 \ NvMcTray.dll, NvTaskbarInit
O4 - HKLM \ .. \ Run: [SunJavaUpdateSched] "C: \ Programmer \ Java \ jre1.6.0_03 \ bin \ jusched.exe"
O4 - HKLM \ .. \ Run: [Acer Stærke Technology Monitor] C: \ WINDOWS \ system32 \ SysMonitor.exe
O4 - HKLM \ .. \ Run: [eLockMonitor] C: \ Acer \ Stærke Technology \ eLock \ Monitor \ LaunchMonitor.exe
O4 - HKLM \ .. \ Run: [eRecoveryService] C: \ Acer \ Stærke Technology \ eRecovery \ eRAgent.exe
O4 - HKLM \ .. \ Run: [AVG7_CC] C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgcc.exe / START
O4 - HKLM \ .. \ Run: [ZoneAlarm Client] "C: \ Programmer \ Zone Labs \ ZoneAlarm \ zlclient.exe"
O4 - HKLM \ .. \ Run: [CameraFixer] C: \ WINDOWS \ CameraFixer.exe
O4 - HKLM \ .. \ Run: [tsnp2std] C: \ WINDOWS \ tsnp2std.exe
O4 - HKLM \ .. \ Run: [snp2std] C: \ WINDOWS \ vsnp2std.exe
O4 - HKLM \ .. \ Run: [RealTray] C: \ Programmer \ Real \ RealPlayer \ RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM \ .. \ Run: [QuickTime Task] "C: \ Programmer \ QuickTime \ qttask.exe"-atboottime
O4 - HKLM \ .. \ Run: [AOLDialer] C: \ Programmer \ Fælles filer \ AOL \ ACS \ AOLDial.exe
O4 - HKLM \ .. \ Run: [Adobe Reader Speed Launcher] "C: \ Programmer \ Adobe \ Reader 8.0 \ Reader \ Reader_sl.exe"
O4 - HKLM \ .. \ Run: [YBrowser] C: \ PROGRA ~ 1 \ Yahoo! \ Browser \ ybrwicon.exe
O4 - HKLM \ .. \ Run: [postSetupCheck] C: \ WINDOWS \ System32 \ rundll32.exe "C: \ WINDOWS \ system32 \ gzmrt.dll" DllStart
O4 - HKCU \ .. \ Run: [Ctfmon.exe] C: \ WINDOWS \ system32 \ Ctfmon.exe
O4 - HKCU \ .. \ Run: [MsnMsgr] "C: \ Programmer \ Windows Live \ Messenger \ MsnMsgr.Exe" / baggrund
O4 - HKCU \ .. \ Run: [MSMSGS] "C: \ Programmer \ Messenger \ msmsgs.exe" / baggrund
O4 - HKCU \ .. \ Run: [Yahoo! Pager] "C: \ PROGRA ~ 1 \ Yahoo! \ Messen ~ 1 \ YAHOOM ~ 1.EXE"-quiet
O4 - HKUS \ S-1-5-19 \ .. \ Run: [AVG7_Run] C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgw.exe / RunOnce (User 'LOCAL SERVICE')
O4 - HKUS \ S-1-5-20 \ .. \ Run: [AVG7_Run] C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgw.exe / RunOnce (User 'NETWORK SERVICE')
O4 - HKUS \ S-1-5-18 \ .. \ Run: [Ctfmon.exe] C: \ WINDOWS \ system32 \ Ctfmon.exe (User 'SYSTEM')
O4 - HKUS \. DEFAULT \ .. \ Run: [Ctfmon.exe] C: \ WINDOWS \ system32 \ Ctfmon.exe (User 'Default user')
O4 - Startup: TrueAssistant.lnk = C: \ Programmer \ TrueSwitchBTYahoo \ TrueWizard.exe
O4 - Global Startup: Craft ROBO Status Supervisor.lnk =?
O4 - Global Startup: HP PSC 1000 series.lnk =?
O4 - Global Startup: hpoddt01.exe.lnk =?
O4 - Global Startup: Microsoft Office.lnk = C: \ Programmer \ Microsoft Office \ Office10 \ OSA.EXE
O8 - Extra sammenhæng menupunktet: & AOL Toolbar søgning - res: / / C: \ Programmer \ AOL Toolbar \ toolbar.dll / SEARCH.HTML
O9 - Extra knappen: (no name) - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Programmer \ Java \ jre1.6.0_03 \ bin \ ssv.dll
O9 - Extra 'Tools' MENUITEM: Sun Java Console - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Programmer \ Java \ jre1.6.0_03 \ bin \ ssv.dll
O9 - Ekstra knap: BT Yahoo! Services - (5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897) - C: \ PROGRA ~ 1 \ Yahoo! \ Common \ yiesrvc.dll
O9 - Ekstra knap: Real.com - (CD67F990-D8E9-11d2-98FE-00C0F0318AFE) - C: \ WINDOWS \ system32 \ Shdocvw.dll
O9 - Extra knappen: (no name) - (DFB852A3-47F8-48C4-A200-58CAB36FD2A2) - C: \ PROGRA ~ 1 \ Spybot ~ 1 \ SDHelper.dll
O9 - Extra 'Tools' MENUITEM: Spybot - Search & Destroy Configuration - (DFB852A3-47F8-48C4-A200-58CAB36FD2A2) - C: \ PROGRA ~ 1 \ Spybot ~ 1 \ SDHelper.dll
O9 - Extra knappen: (no name) - (e2e2dd38-d088-4134-82b7-f2ba38496583) - C: \ WINDOWS \ Network Diagnostic \ xpnetdiag.exe
O9 - Extra 'Tools' MENUITEM: @ xpsp3res.dll, -20001 - (e2e2dd38-d088-4134-82b7-f2ba38496583) - C: \ WINDOWS \ Network Diagnostic \ xpnetdiag.exe
O9 - Ekstra knap: Messenger - (FB5F1910-F110-11D2-BB9E-00C04F795683) - C: \ Programmer \ Messenger \ msmsgs.exe
O9 - Extra 'Tools' MENUITEM: Windows Messenger - (FB5F1910-F110-11D2-BB9E-00C04F795683) - C: \ Programmer \ Messenger \ msmsgs.exe
O15 - Trusted Zone: http://www.photobucket.com
O16 - DPF: (30528230-99f7-4bb4-88d8-fa1d4f56a2ab) (Installation Support) - C: \ Programmer \ Yahoo! \ Common \ Yinsthelper.dll
O16 - DPF: (6B75345B-AA36-438A-BBE6-4078B4C6984D) (HpProductDetection klasse) -- http://h20270.www2.hp.com/ediags/gmn...tDetection.cab
O16 - DPF: (D27CDB6E-AE6D-11CF-96B8-444553540000) (Shockwave Flash Object) -- http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C: \ Programmer \ Lavasoft \ Ad-Aware 2007 \ aawservice.exe
O23 - Service: Acer ODDSpeedControl - TODO: <????> - C: \ Acer \ Stærke Technology \ eAcoustics \ ODDSpeedCtl \ speedcontrol.exe
O23 - Service: Memory Check Service (AcerMemUsageCheckService) - Acer Inc. - C: \ Acer \ Stærke Technology \ ePerformance \ MemCheck.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - Grisoft, sro - C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - Grisoft, sro - C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - Grisoft, sro - C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgemc.exe
O23 - Service: HASP License Manager (hasplms) - Aladdin Knowledge Systems Ltd - C: \ WINDOWS \ system32 \ hasplms.exe
O23 - Service: InstallDriver Tabel Manager (IDriverT) - Macrovision Corporation - C: \ Programmer \ Common Files \ InstallShield \ Driver \ 1150 \ Intel 32 \ IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c: \ Programmer \ Common Files \ LightScribe \ LSSrvc.exe
O23 - Service: LockServ - Ukendt ejer - C: \ Acer \ Stærke Technology \ eLock \ LockServ.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C: \ WINDOWS \ system32 \ nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C: \ WINDOWS \ system32 \ HPZipm12.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C: \ WINDOWS \ system32 \ ZoneLabs \ vsmon.exe
O24 - Desktop Component 0: (no name) -- http://www.pspug.org/pix/pspimem1.gif
--
End of file - 11705 bytes

**evilfantasy** · #2 22 februar 2008, 20:09

Gå til denne tråd og gøre skridt One Two og Tre.

Efter disse er helt færdig og computeren er genstartet køre en ny Hijackthis scanne og efter at logge også.

**christine154** · #3 23 februar 2008, 02:12

Jeg har 3 programmer, der im ikke sikker på, hvad de er, der er
commmercial
ekstraudstyr browser værktøjer rightonadz
sound'em 1,0
skal jeg fjerne afhandlinger? fra min Tilføj / fjern programmer liste

**christine154** · #4 23 februar 2008, 03:05

har kørt cc renere og super anti spyware men når pc'en genstartes Jeg fik denne fejlmeddelelse

Fejl ved indlæsning c \ Windows \ system32 \ gzmrt.dll
den angivne modul blev ikke fundet

**evilfantasy** · #5 23 februar 2008, 03:09

Citat:

Oprindeligt Indsendt af christine154

har kørt cc renere og super anti spyware men når pc'en genstartes Jeg fik denne fejlmeddelelse

Fejl ved indlæsning c \ Windows \ system32 \ gzmrt.dll
den angivne modul blev ikke fundet

Det er på grund af malware ikke fjernes af SAS. Jeg har brug for en ny Hijackthis log nu.

**christine154** · #6 23 februar 2008, 03:15

Logfile af Trend Micro HijackThis v2.0.2
Scan gemt kl 10:15:40 den 23/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal
Kørende processer:
C: \ WINDOWS \ System32 \ smss.exe
C: \ WINDOWS \ system32 \ Winlogon.exe
C: \ WINDOWS \ system32 \ Services.exe
C: \ WINDOWS \ system32 \ Lsass.exe
C: \ WINDOWS \ system32 \ Svchost.exe
C: \ WINDOWS \ System32 \ Svchost.exe
C: \ WINDOWS \ system32 \ ZoneLabs \ vsmon.exe
C: \ WINDOWS \ Explorer.EXE
C: \ Programmer \ Lavasoft \ Ad-Aware 2007 \ aawservice.exe
C: \ WINDOWS \ system32 \ Spoolsv.exe
C: \ Acer \ Stærke Technology \ ePerformance \ MemCheck.exe
C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgamsvr.exe
C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgupsvc.exe
C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgemc.exe
C: \ WINDOWS \ system32 \ hasplms.exe
c: \ Programmer \ Common Files \ LightScribe \ LSSrvc.exe
C: \ Acer \ Stærke Technology \ eLock \ LockServ.exe
C: \ WINDOWS \ system32 \ Svchost.exe
C: \ WINDOWS \ RTHDCPL.EXE
C: \ Programmer \ Cyberlink \ PowerDVD \ PDVDServ.exe
C: \ WINDOWS \ system32 \ rundll32.exe
C: \ Programmer \ Java \ jre1.6.0_04 \ bin \ jusched.exe
C: \ WINDOWS \ system32 \ SysMonitor.exe
C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgcc.exe
C: \ Programmer \ Zone Labs \ ZoneAlarm \ zlclient.exe
C: \ WINDOWS \ CameraFixer.exe
C: \ Acer \ Stærke Technology \ eRecovery \ eRAgent.exe
C: \ WINDOWS \ tsnp2std.exe
C: \ WINDOWS \ vsnp2std.exe
C: \ Programmer \ Real \ RealPlayer \ RealPlay.exe
C: \ Programmer \ QuickTime \ QTTask.exe
C: \ PROGRA ~ 1 \ Yahoo! \ Browser \ ybrwicon.exe
C: \ WINDOWS \ system32 \ Ctfmon.exe
C: \ Programmer \ Messenger \ msmsgs.exe
C: \ Programmer \ SUPERAntiSpyware \ SUPERAntiSpyware.exe
C: \ Acer \ Stærke Technology \ eLock \ Monitor \ LockMon.exe
C: \ PROGRA ~ 1 \ Yahoo! \ Browser \ ycommon.exe
C: \ Programmer \ Craft ROBO Controller \ CRSSupervisor.exe
C: \ Programmer \ Hewlett-Packard \ Digital Imaging \ bin \ hpohmr08.exe
C: \ Programmer \ Hewlett-Packard \ Digital Imaging \ bin \ hpoevm08.exe
C: \ Programmer \ Hewlett-Packard \ Digital Imaging \ Bin \ hpoSTS08.exe
C: \ Programmer \ Hewlett-Packard \ Digital Imaging \ bin \ hpotdd01.exe
C: \ Programmer \ TrueSwitchBTYahoo \ TrueWizard.exe
C: \ WINDOWS \ system32 \ Wbem \ wmiapsrv.exe
C: \ PROGRA ~ 1 \ Yahoo! \ Messen ~ 1 \ YAHOOM ~ 1.EXE
C: \ Programmer \ Yahoo! \ Browser \ ybrowser.exe
C: \ Programmer \ King Kong Software \ Capture \ KingKongCapture.exe
C: \ Documents and Settings \ Christine \ Desktop \ HiJackThis.exe
R1 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Default_Search_URL = http://kingkongsearch.com/
R0 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://bt.my.yahoo.com/
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU \ Software \ Microsoft \ Internet Explorer \ SearchURL, (Default) = http://search.aol.co.uk/web?isinit=true&query =% s
R3 - URLSearchHook: Yahoo! Toolbar - (EF99BD32-C1FB-11D2-892F-0090271D4F88) - C: \ Programmer \ Yahoo! \ Companion \ Installerer \ cpn0 \ yt.dll
O2 - BHO: Yahoo! Toolbar Helper - (02478D38-C3F9-4EFB-9B51-7695ECA05670) - C: \ Programmer \ Yahoo! \ Companion \ Installerer \ cpn0 \ yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - (06849E9F-C8D7-4D59-B87D-784B7D6BE0B3) - C: \ Programmer \ Common Files \ Adobe \ Acrobat \ ActiveX \ AcroIEHelper.dll
O2 - BHO: Spybot-S & D IE Protection - (53707962-6F74-2D53-2644-206D7942484F) - C: \ PROGRA ~ 1 \ Spybot ~ 1 \ SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - (5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897) - C: \ PROGRA ~ 1 \ Yahoo! \ Common \ yiesrvc.dll
O2 - BHO: SSVHelper Class - (761497BB-D6F0-462C-B6EB-D4DAF1D92D43) - C: \ Programmer \ Java \ jre1.6.0_04 \ bin \ ssv.dll
O2 - BHO: ContextAdvisor - (87E68009-29A8-D669-F7C2-B31D08635C50) - C: \ Programmer \ ContextAdvisor \ ContextAdvisor-3.dll
O2 - BHO: XBTB06823 klasse - (BA463437-C3DE-47da-8280-87596824388A) - C: \ PROGRA ~ 1 \ GOOGLE ~ 1 \ TOOLBA ~ 1.DLL
O2 - BHO: ZoneAlarm Spy Blocker BHO - (F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA) - C: \ Programmer \ ZoneAlarmSB \ bar \ 1.bin \ SPYBLOCK.DLL
O2 - BHO: SidebarAutoLaunch Class - (F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D) - C: \ Programmer \ Yahoo! \ Browser \ YSidebarIEBHO.dll
O3 - Toolbar: Yahoo! Toolbar - (EF99BD32-C1FB-11D2-892F-0090271D4F88) - C: \ Programmer \ Yahoo! \ Companion \ Installerer \ cpn0 \ yt.dll
O3 - Toolbar: ZoneAlarm Spy Blocker - (F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA) - C: \ Programmer \ ZoneAlarmSB \ bar \ 1.bin \ SPYBLOCK.DLL
O4 - HKLM \ .. \ Run: [LaunchApp] Alaunch
O4 - HKLM \ .. \ Run: [NvCplDaemon] rundll32.exe C: \ WINDOWS \ system32 \ NvCpl.dll, NvStartup
O4 - HKLM \ .. \ Run: [nwiz] nwiz.exe / install
O4 - HKLM \ .. \ Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM \ .. \ Run: [SkyTel] SkyTel.EXE
O4 - HKLM \ .. \ Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM \ .. \ Run: [ntiMUI] c: \ Programmer \ NewTech Infosystems \ NTI CD & DVD-Maker 7 \ ntiMUI.exe
O4 - HKLM \ .. \ Run: [RemoteControl] "C: \ Programmer \ Cyberlink \ PowerDVD \ PDVDServ.exe"
O4 - HKLM \ .. \ Run: [IMJPMIG8.1] "C: \ WINDOWS \ IME \ imjp8_1 \ IMJPMIG.EXE" / forkæle / RemAdvDef / Migration32
O4 - HKLM \ .. \ Run: [IMEKRMIG6.1] C: \ WINDOWS \ Ime \ imkr6_1 \ IMEKRMIG.EXE
O4 - HKLM \ .. \ Run: [MSPY2002] C: \ WINDOWS \ system32 \ IME \ PINTLGNT \ ImScInst.exe / SYNC
O4 - HKLM \ .. \ Run: [PHIME2002ASync] C: \ WINDOWS \ system32 \ IME \ TINTLGNT \ TINTSETP.EXE / SYNC
O4 - HKLM \ .. \ Run: [PHIME2002A] C: \ WINDOWS \ system32 \ IME \ TINTLGNT \ TINTSETP.EXE / IMEName
O4 - HKLM \ .. \ Run: [NvMediaCenter] rundll32.exe C: \ WINDOWS \ system32 \ NvMcTray.dll, NvTaskbarInit
O4 - HKLM \ .. \ Run: [SunJavaUpdateSched] "C: \ Programmer \ Java \ jre1.6.0_04 \ bin \ jusched.exe"
O4 - HKLM \ .. \ Run: [Acer Stærke Technology Monitor] C: \ WINDOWS \ system32 \ SysMonitor.exe
O4 - HKLM \ .. \ Run: [eLockMonitor] C: \ Acer \ Stærke Technology \ eLock \ Monitor \ LaunchMonitor.exe
O4 - HKLM \ .. \ Run: [eRecoveryService] C: \ Acer \ Stærke Technology \ eRecovery \ eRAgent.exe
O4 - HKLM \ .. \ Run: [AVG7_CC] C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgcc.exe / START
O4 - HKLM \ .. \ Run: [ZoneAlarm Client] "C: \ Programmer \ Zone Labs \ ZoneAlarm \ zlclient.exe"
O4 - HKLM \ .. \ Run: [CameraFixer] C: \ WINDOWS \ CameraFixer.exe
O4 - HKLM \ .. \ Run: [tsnp2std] C: \ WINDOWS \ tsnp2std.exe
O4 - HKLM \ .. \ Run: [snp2std] C: \ WINDOWS \ vsnp2std.exe
O4 - HKLM \ .. \ Run: [RealTray] C: \ Programmer \ Real \ RealPlayer \ RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM \ .. \ Run: [QuickTime Task] "C: \ Programmer \ QuickTime \ QTTask.exe"-atboottime
O4 - HKLM \ .. \ Run: [AOLDialer] C: \ Programmer \ Fælles filer \ AOL \ ACS \ AOLDial.exe
O4 - HKLM \ .. \ Run: [Adobe Reader Speed Launcher] "C: \ Programmer \ Adobe \ Reader 8.0 \ Reader \ Reader_sl.exe"
O4 - HKLM \ .. \ Run: [YBrowser] C: \ PROGRA ~ 1 \ Yahoo! \ Browser \ ybrwicon.exe
O4 - HKLM \ .. \ Run: [postSetupCheck] C: \ WINDOWS \ System32 \ rundll32.exe "C: \ WINDOWS \ system32 \ gzmrt.dll" DllStart
O4 - HKCU \ .. \ Run: [Ctfmon.exe] C: \ WINDOWS \ system32 \ Ctfmon.exe
O4 - HKCU \ .. \ Run: [MsnMsgr] "C: \ Programmer \ Windows Live \ Messenger \ MsnMsgr.Exe" / baggrund
O4 - HKCU \ .. \ Run: [MSMSGS] "C: \ Programmer \ Messenger \ msmsgs.exe" / baggrund
O4 - HKCU \ .. \ Run: [Yahoo! Pager] "C: \ PROGRA ~ 1 \ Yahoo! \ Messen ~ 1 \ YAHOOM ~ 1.EXE"-quiet
O4 - HKCU \ .. \ Run: [SUPERAntiSpyware] C: \ Programmer \ SUPERAntiSpyware \ SUPERAntiSpyware.exe
O4 - HKUS \ S-1-5-19 \ .. \ Run: [AVG7_Run] C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgw.exe / RunOnce (User 'LOCAL SERVICE')
O4 - HKUS \ S-1-5-20 \ .. \ Run: [AVG7_Run] C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgw.exe / RunOnce (User 'NETWORK SERVICE')
O4 - HKUS \ S-1-5-18 \ .. \ Run: [Ctfmon.exe] C: \ WINDOWS \ system32 \ Ctfmon.exe (User 'SYSTEM')
O4 - HKUS \. DEFAULT \ .. \ Run: [Ctfmon.exe] C: \ WINDOWS \ system32 \ Ctfmon.exe (User 'Default user')
O4 - Startup: TrueAssistant.lnk = C: \ Programmer \ TrueSwitchBTYahoo \ TrueWizard.exe
O4 - Global Startup: Craft ROBO Status Supervisor.lnk =?
O4 - Global Startup: HP PSC 1000 series.lnk =?
O4 - Global Startup: hpoddt01.exe.lnk =?
O4 - Global Startup: Microsoft Office.lnk = C: \ Programmer \ Microsoft Office \ Office10 \ OSA.EXE
O8 - Extra sammenhæng menupunktet: & AOL Toolbar søgning - res: / / C: \ Programmer \ AOL Toolbar \ toolbar.dll / SEARCH.HTML
O9 - Extra knappen: (no name) - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Programmer \ Java \ jre1.6.0_04 \ bin \ ssv.dll
O9 - Extra 'Tools' MENUITEM: Sun Java Console - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Programmer \ Java \ jre1.6.0_04 \ bin \ ssv.dll
O9 - Ekstra knap: BT Yahoo! Services - (5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897) - C: \ PROGRA ~ 1 \ Yahoo! \ Common \ yiesrvc.dll
O9 - Ekstra knap: Real.com - (CD67F990-D8E9-11d2-98FE-00C0F0318AFE) - C: \ WINDOWS \ system32 \ Shdocvw.dll
O9 - Extra knappen: (no name) - (DFB852A3-47F8-48C4-A200-58CAB36FD2A2) - C: \ PROGRA ~ 1 \ Spybot ~ 1 \ SDHelper.dll
O9 - Extra 'Tools' MENUITEM: Spybot - Search & Destroy Configuration - (DFB852A3-47F8-48C4-A200-58CAB36FD2A2) - C: \ PROGRA ~ 1 \ Spybot ~ 1 \ SDHelper.dll
O9 - Extra knappen: (no name) - (e2e2dd38-d088-4134-82b7-f2ba38496583) - C: \ WINDOWS \ Network Diagnostic \ xpnetdiag.exe
O9 - Extra 'Tools' MENUITEM: @ xpsp3res.dll, -20001 - (e2e2dd38-d088-4134-82b7-f2ba38496583) - C: \ WINDOWS \ Network Diagnostic \ xpnetdiag.exe
O9 - Ekstra knap: Messenger - (FB5F1910-F110-11D2-BB9E-00C04F795683) - C: \ Programmer \ Messenger \ msmsgs.exe
O9 - Extra 'Tools' MENUITEM: Windows Messenger - (FB5F1910-F110-11D2-BB9E-00C04F795683) - C: \ Programmer \ Messenger \ msmsgs.exe
O15 - Trusted Zone: http://www.photobucket.com
O16 - DPF: (30528230-99f7-4bb4-88d8-fa1d4f56a2ab) (Installation Support) - C: \ Programmer \ Yahoo! \ Common \ Yinsthelper.dll
O16 - DPF: (6B75345B-AA36-438A-BBE6-4078B4C6984D) (HpProductDetection klasse) -- http://h20270.www2.hp.com/ediags/gmn...tDetection.cab
O16 - DPF: (D27CDB6E-AE6D-11CF-96B8-444553540000) (Shockwave Flash Object) -- http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O20 - Winlogon Notify:! SASWinLogon - C: \ Programmer \ SUPERAntiSpyware \ SASWINLO.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C: \ Programmer \ Lavasoft \ Ad-Aware 2007 \ aawservice.exe
O23 - Service: Acer ODDSpeedControl - TODO: <????> - C: \ Acer \ Stærke Technology \ eAcoustics \ ODDSpeedCtl \ speedcontrol.exe
O23 - Service: Memory Check Service (AcerMemUsageCheckService) - Acer Inc. - C: \ Acer \ Stærke Technology \ ePerformance \ MemCheck.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - Grisoft, sro - C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - Grisoft, sro - C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - Grisoft, sro - C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgemc.exe
O23 - Service: HASP License Manager (hasplms) - Aladdin Knowledge Systems Ltd - C: \ WINDOWS \ system32 \ hasplms.exe
O23 - Service: InstallDriver Tabel Manager (IDriverT) - Macrovision Corporation - C: \ Programmer \ Common Files \ InstallShield \ Driver \ 1150 \ Intel 32 \ IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c: \ Programmer \ Common Files \ LightScribe \ LSSrvc.exe
O23 - Service: LockServ - Ukendt ejer - C: \ Acer \ Stærke Technology \ eLock \ LockServ.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C: \ WINDOWS \ system32 \ nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C: \ WINDOWS \ system32 \ HPZipm12.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C: \ WINDOWS \ system32 \ ZoneLabs \ vsmon.exe
O24 - Desktop Component 0: (no name) -- http://www.pspug.org/pix/pspimem1.gif
--
End of file - 11488 bytes

**evilfantasy** · #7 23 februar 2008, 03:38

Åbn Hijackthis og vælg Må en systemscanning først derefter anbringe en markering ved siden af:

O2 - BHO: XBTB06823 klasse - (BA463437-C3DE-47da-8280-87596824388A) - C: \ PROGRA ~ 1 \ GOOGLE ~ 1 \ TOOLBA ~ 1.DLL
O4 - HKLM \ .. \ Run: [postSetupCheck] C: \ WINDOWS \ System32 \ rundll32.exe "C: \ WINDOWS \ system32 \ gzmrt.dll" DllStart
O24 - Desktop Component 0: (no name) -- http://www.pspug.org/pix/pspimem1.gif <<Hvis du ikke tilføje denne dig derefter fjerne det med Hijackthis.

Luk alle vinduer undtagen Hijackthis og klik på Fix kontrolleres.

----------

Downloade SDFix.exe og gemme den til dit skrivebord.

Dobbeltklik SDFix.exe og det vil udpakke filerne til% systemdrive%
(Drive, der indeholder Windows Directory, typisk C: \ SDFix)

Du bedes derefter genstarte din computer i Fejlsikret tilstand ved at gøre følgende:

Genstart computeren
Efter at have hørt din computer bipper én gang under start, men før Windows-ikonet vises, tryk på F8 kontinuerligt;
I stedet for Windows lastning som normalt, Avancerede indstillinger Menu skal vises;
Vælg den første mulighed, for at køre Windows i fejlsikret tilstand, og tryk derefter på Indtast.
Vælg din normale konto.
Åbn ekstraheres SDFix mappe og dobbeltklik på RunThis.bat for at starte scriptet.
Type Y for at begynde Tilfældig proces.
Det vil fjerne enhver Trojan Service og registreringsdatabaseposter, at den konstaterer, derefter bede dig om at trykke på en tast for at genstarte.
Tryk på en tast, og det vil genstarte pc'en.
Når pc'en genstarter Fixtool vil løbe igen og færdiggøre processen til fjernelse derefter vise FinishedTryk på en vilkårlig tast for at afslutte scriptet og belastning skrivebordet ikoner.
Når skrivebordet ikoner indlæse SDFix rapport vil åbne på skærmen og også gemme i SDFix mappe som Report.txt
(Report.txt vil også blive kopieret til Udklipsholder).
Endelig tilføje indholdet af Report.txt i dit næste indlæg.

----------

Hent Combofix af subs fra en af de nedenstående links.
(Prøv alle tre, hvis det er nødvendigt)

Vigtigt! Combofix.exe SKAL gemmes på og løb fra Desktop.

Luk alle åbne Internet-browsere. (Firefox, Internet Explorer, osv.), før de starter Combofix.
Vigtigt! Midlertidigt deaktivere din antivirus, script blokering og enhver antispyware realtid beskyttelse før udførelse af en scanning.
- Klik på dette link at se en liste over sikkerhedsprogrammer, der skal være slået fra, og hvordan du deaktivere dem.
- Hvis din ikke er børsnoteret, og du ikke ved hvordan man deaktivere det, så spørg.
Advarsel: Combofix afbryder din computer fra Internettet. Forbindelsen automatisk gendannet før Combofix afslutter sit løb.
Dobbeltklik combofix.exe & følg instruktionerne.
- Fra tastaturet vælge 1 og tryk Indtast
Når du er færdig, vil den udarbejde en log for dig.
Post at logge på din næste svar.

Advarsel: Må ikke mouseclick combofix vindue mens den kører. Det kan få det til at stall

Hvis Combofix løber ind i vanskeligheder og udtræder for tidligt, at forbindelsen kan manuelt genoprettes ved at genstarte computeren.
Vigtigt: Husk at genaktivere dine antivirus-og antispyware før genskabe forbindelsen til internettet.

----------

HJT Uninstall liste

Åbn HijackThis> Klik på "Misc Tools Afsnit"
Klik på "Open Uninstall Manager".
Klik på "Gem List".
Gem på dit skrivebord.
Kopier indholdet af filen til dit næste svar.

----------

Næste post skal du tilføje
SDFix log
Combofix log
Afinstaller liste

**christine154** · #8 23 februar 2008, 05:03

lille problem gjorde alt, hvad du bad med sdfix log men dets noware til fundet loggen, der er? Jeg kan fortælle Dem, at den ikke finde nogen trojons Her er den andre lister
afinstallere liste
Acer eAcoustics Management
Acer eLock Management
Acer Stærke Technology
Acer ePerformance Management
Ad-Aware 2007
Adobe Flash Player 9 ActiveX
Adobe Flash Player ActiveX
Adobe Flash Player Plugin
Adobe Reader 8.1.2
Apple Software Update
AVG 7.5
Browser Optimizer Adssite
BT Yahoo! Ansøgninger
BT Yahoo! TrueSwitch Wizard
CCleaner (fjern først)
kommercielle
ContextAdvisor
Craft ROBO Controller
Create-A-Face 3.2
Cricut DesignStudio
Ekstraudstyr Browser Tools Rightonadz
Galaxy af Brain Games
Graphtec DesignMaster Web (C: \ Graphtec DesignMaster Web)
High Definition Audio Driver Package - KB888111
HijackThis 2.0.2
Hotfix til Windows Media Format 11 SDK (KB929399)
Hotfix til Windows Media Player 11 (KB939683)
Hotfix til Windows XP (KB893357)
Hotfix til Windows XP (KB896256)
Hotfix til Windows XP (KB906569)
Hotfix til Windows XP (KB914440)
Hotfix til Windows XP (KB915865)
Hotfix til Windows XP (KB926239)
Hotfix til Windows XP (KB935448)
HP Photo og Imaging 2.0 - All-in-One
HP Photo og Imaging 2.0 - All-in-One Drivers
HP Photo og Imaging 2.0 - HP PSC 1200 serie
HP Produktkode Detection
HP PSC 1200 serie
J2SE Runtime Environment 5.0 Update 6
Java (TM) 6 Update 3
Java (TM) 6 Update 4
King Kong Capture (fjern først)
Learn2 Player (Uninstall Kun)
MAX Console
Microsoft. NET Framework 1.1
Microsoft. NET Framework 1.1
Microsoft. NET Framework 1.1 Hotfix (KB928366)
Microsoft. NET Framework 2.0
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft internationaliseret Domain Names Skadebegrænsnings API'er
Microsoft National Language Support Downlevel API'er
Microsoft Office XP Standard til studerende og undervisere
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C + + 2005 Redistributable
Mozilla Firefox (2.0.0.12)
NTI Backup NOW! 4
NTI CD & DVD-Maker
NVIDIA Drivers
Oca Kundeanmeldelser historie værktøj installere
Olympus CAMEDIA Master 4.0
Paint Shop Pro 7 Anniversary Edition
PowerDVD
QuickTime
RealPlayer Basic
Realtek High Definition Audio Driver
ROBO Master
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Sikkerhedsopdatering til step by Step Interactive Training (KB898458)
Sikkerhedsopdatering til Windows Internet Explorer 7 (KB938127)
Sikkerhedsopdatering til Windows Internet Explorer 7 (KB942615)
Sikkerhedsopdatering til Windows Internet Explorer 7 (KB944533)
Sikkerhedsopdatering til Windows Media Player (KB911564)
Sikkerhedsopdatering til Windows Media Player 11 (KB936782)
Sikkerhedsopdatering til Windows Media Player 6.4 (KB925398)
Sikkerhedsopdatering til Windows Media Player 9 (KB936782)
Sikkerhedsopdatering til Windows XP (KB883939)
Sikkerhedsopdatering til Windows XP (KB890046)
Sikkerhedsopdatering til Windows XP (KB893756)
Sikkerhedsopdatering til Windows XP (KB896358)
Sikkerhedsopdatering til Windows XP (KB896422)
Sikkerhedsopdatering til Windows XP (KB896423)
Sikkerhedsopdatering til Windows XP (KB896424)
Sikkerhedsopdatering til Windows XP (KB896428)
Sikkerhedsopdatering til Windows XP (KB899587)
Sikkerhedsopdatering til Windows XP (KB899588)
Sikkerhedsopdatering til Windows XP (KB899589)
Sikkerhedsopdatering til Windows XP (KB899591)
Sikkerhedsopdatering til Windows XP (KB900725)
Sikkerhedsopdatering til Windows XP (KB901017)
Sikkerhedsopdatering til Windows XP (KB901190)
Sikkerhedsopdatering til Windows XP (KB901214)
Sikkerhedsopdatering til Windows XP (KB902400)
Sikkerhedsopdatering til Windows XP (KB903235)
Sikkerhedsopdatering til Windows XP (KB904706)
Sikkerhedsopdatering til Windows XP (KB905414)
Sikkerhedsopdatering til Windows XP (KB905749)
Sikkerhedsopdatering til Windows XP (KB905915)
Sikkerhedsopdatering til Windows XP (KB908519)
Sikkerhedsopdatering til Windows XP (KB908531)
Sikkerhedsopdatering til Windows XP (KB911562)
Sikkerhedsopdatering til Windows XP (KB911567)
Sikkerhedsopdatering til Windows XP (KB911927)
Sikkerhedsopdatering til Windows XP (KB912812)
Sikkerhedsopdatering til Windows XP (KB912919)
Sikkerhedsopdatering til Windows XP (KB913433)
Sikkerhedsopdatering til Windows XP (KB913446)
Sikkerhedsopdatering til Windows XP (KB913580)
Sikkerhedsopdatering til Windows XP (KB914388)
Sikkerhedsopdatering til Windows XP (KB914389)
Sikkerhedsopdatering til Windows XP (KB917344)
Sikkerhedsopdatering til Windows XP (KB918118)
Sikkerhedsopdatering til Windows XP (KB919007)
Sikkerhedsopdatering til Windows XP (KB920213)
Sikkerhedsopdatering til Windows XP (KB920670)
Sikkerhedsopdatering til Windows XP (KB920683)
Sikkerhedsopdatering til Windows XP (KB920685)
Sikkerhedsopdatering til Windows XP (KB921503)
Sikkerhedsopdatering til Windows XP (KB922819)
Sikkerhedsopdatering til Windows XP (KB923191)
Sikkerhedsopdatering til Windows XP (KB923414)
Sikkerhedsopdatering til Windows XP (KB923980)
Sikkerhedsopdatering til Windows XP (KB924270)
Sikkerhedsopdatering til Windows XP (KB924496)
Sikkerhedsopdatering til Windows XP (KB924667)
Sikkerhedsopdatering til Windows XP (KB925902)
Sikkerhedsopdatering til Windows XP (KB926255)
Sikkerhedsopdatering til Windows XP (KB926436)
Sikkerhedsopdatering til Windows XP (KB927779)
Sikkerhedsopdatering til Windows XP (KB927802)
Sikkerhedsopdatering til Windows XP (KB928255)
Sikkerhedsopdatering til Windows XP (KB928843)
Sikkerhedsopdatering til Windows XP (KB929123)
Sikkerhedsopdatering til Windows XP (KB930178)
Sikkerhedsopdatering til Windows XP (KB931261)
Sikkerhedsopdatering til Windows XP (KB931784)
Sikkerhedsopdatering til Windows XP (KB932168)
Sikkerhedsopdatering til Windows XP (KB933729)
Sikkerhedsopdatering til Windows XP (KB935839)
Sikkerhedsopdatering til Windows XP (KB935840)
Sikkerhedsopdatering til Windows XP (KB936021)
Sikkerhedsopdatering til Windows XP (KB937894)
Sikkerhedsopdatering til Windows XP (KB938127)
Sikkerhedsopdatering til Windows XP (KB938829)
Sikkerhedsopdatering til Windows XP (KB941202)
Sikkerhedsopdatering til Windows XP (KB941568)
Sikkerhedsopdatering til Windows XP (KB941569)
Sikkerhedsopdatering til Windows XP (KB941644)
Sikkerhedsopdatering til Windows XP (KB942615)
Sikkerhedsopdatering til Windows XP (KB943055)
Sikkerhedsopdatering til Windows XP (KB943460)
Sikkerhedsopdatering til Windows XP (KB943485)
Sikkerhedsopdatering til Windows XP (KB944653)
Sikkerhedsopdatering til Windows XP (KB946026)
Sound'Em 1,0
Spybot - Search & Destroy
SUPERAntiSpyware Free Edition
Sure Udskæringer A Lot 1.004
Opdatering til Windows XP (KB894391)
Opdatering til Windows XP (KB896727)
Opdatering til Windows XP (KB898461)
Opdatering til Windows XP (KB900485)
Opdatering til Windows XP (KB904942)
Opdatering til Windows XP (KB910437)
Opdatering til Windows XP (KB911280)
Opdatering til Windows XP (KB912945)
Opdatering til Windows XP (KB916595)
Opdatering til Windows XP (KB920872)
Opdatering til Windows XP (KB922120)
Opdatering til Windows XP (KB922582)
Opdatering til Windows XP (KB927891)
Opdatering til Windows XP (KB930916)
Opdatering til Windows XP (KB938828)
Opdatering til Windows XP (KB942763)
Opdatering til Windows XP (KB942840)
USB2.0 PC Camera (SN9C201 & 202)
Synspunkt Media Player
Windows Driver Package - Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0)
Windows Driver Package - FTDI CDM Driver Package (06/27/2007 2.02.04)
Windows Driver Package - FTDI CDM Driver Package (06/27/2007 2.02.04)
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows XP Hotfix - KB867282
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB884020
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885295
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890047
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB890923
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893086
ZoneAlarm
ZoneAlarm Spy Blocker

combofix log
ComboFix 08-02-23.2 - Christine 2008-02-23 11:39:25.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.294 [GMT 0:00]
Kører fra: C: \ Documents and Settings \ Christine \ Desktop \ ComboFix.exe
* Skabt et nyt gendannelsespunkt
ADVARSEL-maskinen IKKE HAR RECOVERY CONSOLE INSTALLERET!!
.
((((((((((((((((((((((((((((((((((((((( Andre Bortfald ))))))))) ))))))))))))))))))))))))))))))))))))))))
.
C: \ Documents and Settings \ All Users \ Application Data \ Microsoft \ Network \ Downloader \ qmgr0.dat
C: \ Documents and Settings \ All Users \ Application Data \ Microsoft \ Network \ Downloader \ qmgr1.dat
----- BITS: Possible inficerede sites -----
hxxp: / / au.download.windowsupdate
.
((((((((((((((((((((((((( Files Created fra 2008-01-23 til 2008-02-23 ))))))))))) ))))))))))))))))))))
.
2008-02-23 11:29. 2008-02-23 11:29 <DIR> d -------- C: \ WINDOWS \ ERUNT
2008-02-23 10:42. 2008-02-23 11:36 <DIR> d -------- C: \ SDFix
2008-02-23 09:01. 2008-02-23 09:14 <DIR> d -------- C: \ Programmer \ SUPERAntiSpyware
2008-02-23 09:01. 2008-02-23 09:01 <DIR> d -------- C: \ Documents and Settings \ Christine \ Application Data \ SUPERAntiSpyware.com
2008-02-23 09:01. 2008-02-23 09:01 <DIR> d -------- C: \ Documents and Settings \ All Users \ Application Data \ SUPERAntiSpyware.com
2008-02-23 08:59. 2008-02-23 08:59 <DIR> d -------- C: \ Programmer \ CCleaner
2008-02-22 23:07. 2008-02-22 23:07 <DIR> d -------- C: \ Programmer \ Apple Software Update
2008-02-22 23:07. 2008-02-22 23:07 <DIR> d -------- C: \ Documents and Settings \ All Users \ Application Data \ Apple Computer
2008-02-22 23:07. 2008-02-22 23:07 <DIR> d -------- C: \ Documents and Settings \ All Users \ Application Data \ Apple
2008-02-19 22:23. 2008-02-20 21:13 <DIR> d -------- C: \ Programmer \ FBrowsingAdvisor
2008-02-19 22:23. 2008-02-19 22:27 <DIR> d -------- C: \ Programmer \ FBrowserAdvisor
2008-02-19 22:23. 2008-02-23 03:45 <DIR> d -------- C: \ Programmer \ ContextAdvisor
2008-02-19 22:11. 2008-02-19 22:36 <DIR> d -------- C: \ Programmer \ LimeWire
2008-02-19 22:11. 2008-02-19 22:26 <DIR> d -------- C: \ Documents and Settings \ Christine \ Application Data \ LimeWire
2008-02-19 21:11. 2008-02-19 21:11 <DIR> d -------- C: \ Programmer \ Cricut Software
2008-02-16 23:34. 2008-02-16 23:34 <DIR> d -------- C: \ Programmer \ TrueSwitch
2008-02-16 23:34. 2008-02-16 23:34 <DIR> d -------- C: \ Documents and Settings \ Christine \ Application Data \ TrueSwitch
2008-02-16 23:33. 2008-02-23 11:37 <DIR> d -------- C: \ Programmer \ TrueSwitchBTYahoo
2008-02-16 04:57. 2008-02-16 04:57 <DIR> d -------- C: \ Programmer \ Fælles filer \ Aladdin Shared
2008-02-15 18:47. 2008-02-22 22:32 <DIR> d -------- C: \ Documents and Settings \ Christine \ Application Data \ Yahoo!
2008-02-15 18:44. 2008-02-15 18:51 <DIR> d -------- C: \ Documents and Settings \ All Users \ Application Data \ Yahoo!
2008-02-15 18:44. 2002-02-21 18:56 24.576 - a ------ C: \ WINDOWS \ system32 \ msxml3a.dll
2008-02-15 18:43. 2002-01-05 06:18 84.992 - a ------ C: \ WINDOWS \ system32 \ ATL70.DLL
2008-02-15 18:43. 2001-10-11 11:26 65.536 - a ------ C: \ WINDOWS \ system32 \ YCRWin32.dll
2008-02-15 16:28. 2008-02-15 16:28 <DIR> d -------- C: \ Documents and Settings \ All Users \ Application Data \ Citrix
2008-02-15 16:27. 2008-02-15 16:27 61.480 - a ------ C: \ Documents and Settings \ Christine \ GoToAssistDownloadHelper.exe
2008-02-14 15:06. 2008-02-14 15:12 <DIR> d -------- C: \ WINDOWS \ SxsCaPendDel
2008-02-14 13:38. 2008-02-14 13:38 <DIR> d -------- C: \ Documents and Settings \ All Users \ Application Data \ Olympus
2008-02-14 13:37. 2008-02-14 13:37 <DIR> d -------- C: \ Programmer \ Olympus
2008-02-08 18:04. 2008-02-08 18:24 <DIR> d -------- C: \ Temp \ AOL
2008-02-08 11:34. 2008-02-08 11:34 <DIR> d -------- C: \ Documents and Settings \ Christine \ Application Data \ ArcSoft
2008-02-07 16:55. 2008-02-07 16:55 <DIR> d -------- C: \ Programmer \ Common Files \ Scanner
2008-02-07 16:11. 2008-02-15 09:05 10 - a ------ C: \ WINDOWS \ msoffice.ini
2008-02-07 16:02. 2008-02-07 18:18 <DIR> d -------- C: \ WINDOWS \ Occache
2008-02-07 16:02. 2008-02-07 16:02 <DIR> d -------- C: \ Programmer \ Learn2.com
2008-02-07 16:02. 2008-02-08 18:09 <DIR> d -------- C: \ Programmer \ Common Files \ aolback
2008-02-07 16:02. 2008-02-07 16:02 <DIR> d -------- C: \ Documents and Settings \ Christine \ Application Data \ You've Got Pictures Screensaver
2008-02-07 16:02. 2007-10-11 05:57 1.498.112 - a ------ C: \ WINDOWS \ system32 \ shdocvw.bak
2008-02-07 16:02. 1998-06-26 00:00 644.400 - a ------ C: \ WINDOWS \ system32 \ MSComCt2.ocx
2008-02-07 16:02. 2000-05-22 00:00 203.976 - a ------ C: \ WINDOWS \ system32 \ RichTx32.ocx
2008-02-07 16:02. 1998-06-24 00:00 115.016 - a ------ C: \ WINDOWS \ system32 \ MSInet.ocx
2008-02-07 16:02. 2001-11-21 10:15 102.400 - a ------ C: \ WINDOWS \ system32 \ SimpleRegistry.dll
2008-02-07 16:02. 1999-04-17 01:06 10.752 - a ------ C: \ WINDOWS \ system32 \ aamd532.dll
2008-02-07 16:02. 2008-02-08 18:10 719 - a ------ C: \ WINDOWS \ aolback.exe.lnk
2008-02-07 16:01. 2008-02-22 23:08 <DIR> d -------- C: \ Programmer \ QuickTime
2008-02-07 16:01. 2008-02-07 16:01 <DIR> d -------- C: \ Programmer \ Common Files \ Real
2008-02-07 16:01. 2008-02-07 16:01 <DIR> d -------- C: \ My Music
2008-02-07 16:01. 2008-02-07 16:01 <DIR> d -------- C: \ Documents and Settings \ All Users \ Application Data \ QuickTime
2008-02-07 16:01. 2008-02-07 16:01 24.576 - a ------ C: \ WINDOWS \ system32 \ prefscpl.cpl
2008-02-07 16:01. 2008-02-07 16:01 8.552 - a ------ C: \ Windows \ System32 \ Drivers \ asctrm.sys
2008-02-07 16:00. 2005-05-12 12:36 29.184 - a ------ C: \ WINDOWS \ system32 \ popup.ocx
2008-02-07 15:45. 2008-02-22 18:50 <DIR> d - h ----- C: \ TEMP
2008-02-06 15:32. 2008-02-06 15:13 19.558 --------- C: \ WINDOWS \ hpoins01.dat.temp
2008-02-06 15:32. 2006-09-27 19:24 16.606 --------- C: \ WINDOWS \ hpomdl01.dat.temp
2008-02-06 15:16. 2008-02-23 10:46 526 - a ------ C: \ hpfr3420.xml
2008-02-06 15:14. 2008-02-06 15:14 <DIR> d -------- C: \ Documents and Settings \ Christine \ Application Data \ Hewlett-Packard
2008-02-06 15:12. 2008-02-06 15:12 <DIR> d -------- C: \ Programmer \ Common Files \ Hewlett-Packard
2008-02-06 15:10. 2008-02-06 15:11 <DIR> d -------- C: \ Programmer \ Hewlett-Packard
2008-02-06 15:10. 2006-09-27 19:23 233.528-ra ------ C: \ WINDOWS \ system32 \ HPZidr12.dll
2008-02-06 15:10. 2006-09-27 19:23 167.936-ra ------ C: \ WINDOWS \ system32 \ HPZipr12.dll
2008-02-06 15:10. 2006-09-27 19:23 94.208-ra ------ C: \ WINDOWS \ system32 \ HPZipt12.dll
2008-02-06 15:10. 2006-09-27 19:23 65.795-ra ------ C: \ WINDOWS \ system32 \ HPZipm12.exe
2008-02-06 15:10. 2006-09-27 19:23 61.699-ra ------ C: \ WINDOWS \ system32 \ HPZinw12.exe
2008-02-06 15:10. 2006-09-27 19:23 57.344-ra ------ C: \ WINDOWS \ system32 \ HPZisn12.dll
2008-02-06 15:10. 2006-09-27 19:23 51.024-ra ------ C: \ Windows \ System32 \ Drivers \ hpzid412.sys
2008-02-06 15:10. 2006-09-27 19:23 16.080-ra ------ C: \ Windows \ System32 \ Drivers \ HPZipr12.sys
2008-02-06 15:09. 2006-09-27 19:24 237.568-ra ------ C: \ WINDOWS \ system32 \ HPZc3212.dll
2008-02-06 15:09. 2006-09-27 19:23 21.456-ra ------ C: \ Windows \ System32 \ Drivers \ HPZius12.sys
2008-02-06 15:07. 2008-02-06 15:13 19.558 --------- C: \ WINDOWS \ hpoins01.dat
2008-02-06 15:07. 2006-09-27 19:24 16.606 --------- C: \ WINDOWS \ hpomdl01.dat
2008-02-06 14:21. 2008-02-06 14:21 <DIR> d -------- C: \ Programmer \ HP
2008-02-06 08:52. 2008-02-06 08:52 <DIR> d -------- C: \ Programmer \ Craft Edge
2008-02-04 14:52. 2008-02-04 14:52 <DIR> d -------- C: \ Programmer \ Windows Media Connect 2
2008-02-04 14:50. 2008-02-04 14:50 <DIR> d -------- C: \ WINDOWS \ system32 \ LogFiles
2008-02-04 14:50. 2008-02-04 14:51 <DIR> d -------- C: \ Windows \ System32 \ Drivers \ UMDF
2008-02-03 14:37. 1995-08-01 04:44 212.480 - a ------ C: \ WINDOWS \ PCDLIB32.DLL
2008-02-03 14:37. 2003-09-19 15:45 21.248 - a ------ C: \ Windows \ System32 \ Drivers \ pfc.sys
2008-02-03 14:35. 2008-02-03 14:35 <DIR> d -------- C: \ Programmer \ Common Files \ snp2std
2008-02-03 14:35. 2005-09-21 13:31 8,816,128 - a ------ C: \ Windows \ System32 \ Drivers \ snp2sxp.sys
2008-02-03 14:34. 2005-10-03 11:23 20,480 --------- C: \ WINDOWS \ CameraFixer.exe
2008-02-02 23:31. 2004-08-03 23:07 59.264 - a ------ C: \ Windows \ System32 \ Drivers \ USBAUDIO.sys
2008-02-02 23:31. 2004-08-03 23:07 59,264 - a - c --- C: \ WINDOWS \ system32 \ dllcache \ usbaudio.sys
2008-02-02 15:14. 2008-02-04 09:26 147 - a ------ C: \ WINDOWS \ fcp5.cfg
2008-02-02 11:39. 2008-02-02 11:39 <DIR> d -------- C: \ Programmer \ Jasc Software Inc
2008-02-01 01:09. 2007-03-20 19:33 43,520 - a ------ C: \ WINDOWS \ system32 \ libusb0.dll
2008-02-01 01:09. 2007-03-20 19:33 28,672 - a ------ C: \ Windows \ System32 \ Drivers \ libusb0.sys
2008-02-01 01:04. 2008-02-10 08:07 <DIR> d -------- C: \ Documents and Settings \ Admin \ Application Data \ AOL
2008-02-01 01:03. 2008-02-10 08:08 <DIR> d -------- C: \ Documents and Settings \ Admin \ Application Data \ AVG7
2008-01-31 23:13. 2008-01-31 23:13 90.112 - a ------ C: \ WINDOWS \ system32 \ QuickTimeVR.qtx
2008-01-31 23:13. 2008-01-31 23:13 57.344 - a ------ C: \ WINDOWS \ system32 \ QuickTime.qts
2008-01-28 05:24. 2007-06-27 21:10 202.048 - a ------ C: \ WINDOWS \ system32 \ ftd2xx.dll
2008-01-28 05:24. 2007-06-27 21:10 111.936 - a ------ C: \ WINDOWS \ system32 \ ftbusui.dll
2008-01-28 05:24. 2007-06-27 21:10 107.840 - a ------ C: \ WINDOWS \ system32 \ FTLang.dll
2008-01-28 05:24. 2007-06-27 21:04 71.488 - a ------ C: \ Windows \ System32 \ Drivers \ ftser2k.sys
2008-01-28 05:24. 2007-06-27 21:05 53.184 - a ------ C: \ Windows \ System32 \ Drivers \ ftdibus.sys
2008-01-28 05:24. 2007-06-27 21:06 47.432 - a ------ C: \ WINDOWS \ system32 \ ftserui2.dll
2008-01-27 08:28. 2008-01-27 08:28 268 - ah ----- C: \ sqmdata19.sqm
2008-01-27 08:28. 2008-01-27 08:28 244 - ah ----- C: \ sqmnoopt19.sqm
2008-01-26 07:27. 2008-02-03 15:52 268 - ah ----- C: \ sqmdata18.sqm
2008-01-26 07:27. 2008-02-03 15:52 244 - ah ----- C: \ sqmnoopt18.sqm
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))) ))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-23 11:40 15.783.968 - sha-w C: \ Windows \ System32 \ Drivers \ fidbox.dat
2008-02-23 11:25 185.732 - sha-w C: \ Windows \ System32 \ Drivers \ fidbox.idx
2008-02-23 10:52 --------- d ----- w C: \ Documents and Settings \ Christine \ Application Data \ AVG7
2008-02-23 09:01 --------- d ----- w C: \ Programmer \ Common Files \ Wise Installation Wizard
2008-02-22 23:12 --------- d ----- w C: \ Programmer \ Java
2008-02-15 18:47 --------- d ----- w C: \ Programmer \ Yahoo!
2008-02-15 09:41 --------- d - h - w C: \ Programmer \ InstallShield Installation Information
2008-02-15 09:36 --------- d ----- w C: \ Programmer \ Fælles filer \ AOL
2008-02-15 09:06 --------- d ----- w C: \ Documents and Settings \ Christine \ Application Data \ AOL
2008-02-15 09:06 --------- d ----- w C: \ Documents and Settings \ All Users \ Application Data \ AOL
2008-02-14 15:07 --------- d ----- w C: \ Programmer \ Common Files \ Adobe
2008-02-07 16:23 --------- dcsh - w C: \ Programmer \ Common Files \ WindowsLiveInstaller
2008-02-07 16:23 --------- d ----- w C: \ Programmer \ Google Toolbar
2008-02-05 12:00 --------- d ----- w C: \ Programmer \ Craft ROBO Controller
2008-02-05 11:59 --------- d ----- w C: \ Programmer \ ROBO Master
2008-02-04 13:06 --------- d ----- w C: \ Documents and Settings \ All Users \ Application Data \ WLInstaller
2008-02-03 15:21 --------- d ----- w C: \ Documents and Settings \ All Users \ Application Data \ avg7
2008-01-28 05:24 --------- d ----- w C: \ Programmer \ DIFX
2008-01-23 00:41 5.607 ---- aw C: \ WINDOWS \ ~ GLH0000.TMP
2008-01-23 00:41 137.504 ---- aw C: \ WINDOWS \ ~ GLC0000.TMP
2008-01-22 03:55 --------- d ----- w C: \ Documents and Settings \ Christine \ Application Data \ InstallShield
2008-01-22 02:21 --------- d ----- w C: \ Programmer \ eGames
2008-01-22 00:01 --------- d ----- w C: \ Documents and Settings \ Christine \ Application Data \ Cyberlink
2008-01-21 22:27 --------- d ----- w C: \ Documents and Settings \ Christine \ Application Data \ Avocent AdminWorks
2008-01-21 22:27 --------- d ----- w C: \ Documents and Settings \ All Users \ Application Data \ Avocent AdminWorks
2008-01-21 21:28 --------- d ----- w C: \ Documents and Settings \ All Users \ Application Data \ Cyberlink
2008-01-21 07:06 171.520 ---- aw C: \ WINDOWS \ Internet Logs \ xDB1.tmp
2008-01-21 01:58 --------- d ----- w C: \ Documents and Settings \ All Users \ Application Data \ Spybot - Search & Destroy
2008-01-21 01:33 --------- d ----- w C: \ Documents and Settings \ All Users \ Application Data \ Lavasoft
2008-01-21 01:32 --------- d ----- w C: \ Programmer \ Lavasoft
2008-01-20 19:42 --------- d ----- w C: \ Programmer \ Microsoft ActiveSync
2008-01-20 05:50 --------- d ----- w C: \ Documents and Settings \ Christine \ Application Data \ AdobeUM
2008-01-20 02:46 --------- d ----- w C: \ Programmer \ King Kong Software
2008-01-20 02:45 --------- d ----- w C: \ Programmer \ Create-A-Face 3.2
2008-01-20 02:15 --------- d ----- w C: \ Programmer \ GRAPHTEC
2008-01-20 02:05 --------- d ----- w C: \ Programmer \ ZoneAlarmSB
2008-01-20 02:04 --------- d ----- w C: \ Documents and Settings \ All Users \ Application Data \ MailFrontier
2008-01-20 02:03 --------- d ----- w C: \ Programmer \ Zone Labs
2008-01-20 01:51 --------- d ----- w C: \ Programmer \ Microsoft CAPICOM 2.1.0.2
2008-01-19 16:48 --------- d ----- w C: \ Programmer \ Spybot - Search & Destroy
2008-01-19 16:33 --------- d ----- w C: \ Programmer \ Real
2008-01-19 14:46 --------- d ----- w C: \ Documents and Settings \ All Users \ Application Data \ Yahoo! Netmakker
2008-01-19 14:45 --------- d ----- w C: \ Programmer \ Common Files \ Nullsoft
2008-01-19 14:44 --------- d ----- w C: \ Programmer \ synspunkt
2008-01-19 14:44 --------- d ----- w C: \ Documents and Settings \ All Users \ Application Data \ synspunkt
2008-01-19 14:34 --------- d ----- w C: \ Documents and Settings \ LocalService \ Application Data \ AVG7
2008-01-19 14:34 --------- d ----- w C: \ Documents and Settings \ All Users \ Application Data \ Grisoft
2008-01-19 14:32 --------- d ----- w C: \ Documents and Settings \ All Users \ Application Data \ AOL Downloads
2008-01-19 14:29 --------- d ----- w C: \ Programmer \ Common Files \ Symantec Shared
2008-01-19 14:29 --------- d ----- w C: \ Documents and Settings \ All Users \ Application Data \ Symantec
2008-01-19 14:09 --------- d ----- w C: \ Programmer \ acer
2008-01-19 14:02 --------- d ----- w C: \ Programmer \ Common Files \ Java
2007-12-21 14:39 10.752 ---- aw C: \ WINDOWS \ system32 \ WhoisCL.exe
2007-12-14 19:32 12,632 ---- aw C: \ WINDOWS \ system32 \ lsdelete.exe
2007-12-07 02:21 824.832 ---- aw C: \ WINDOWS \ system32 \ Wininet.dll
2007-12-04 18:38 550.912 ------ w C: \ WINDOWS \ system32 \ Oleaut32.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))) ))))))))))))))))))))))))))))))))))))))))
.
.
* Note * empty entries & legit default entries er ikke vist
REGEDIT4
[HKEY_LOCAL_MACHINE \ ~ \ Browser Helper Objects \ (87E68009-29A8-D669-F7C2-B31D08635C50)]
2007-12-30 20:48 1019904 - a ------ C: \ Programmer \ ContextAdvisor \ ContextAdvisor-3.dll
[HKEY_LOCAL_MACHINE \ ~ \ Browser Helper Objects \ (F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA)]
2008-01-20 02:05 262144 - a ------ C: \ Programmer \ ZoneAlarmSB \ bar \ 1.bin \ SPYBLOCK.DLL
[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Internet Explorer \ Toolbar]
(EF99BD32-C1FB-11D2-892F-0090271D4F88)
(F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA)
[HKEY_CLASSES_ROOT \ clsid \ (f0d4b239-da4b-4daf-81e4-dfee4931a4aa)]
[HKEY_CURRENT_USER \ Software \ Microsoft \ Internet Explorer \ Toolbar \ WebBrowser]
"(F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA)" = C: \ Programmer \ ZoneAlarmSB \ bar \ 1.bin \ SPYBLOCK.DLL [2008-01-20 02:05 262144]
[HKEY_CLASSES_ROOT \ clsid \ (f0d4b239-da4b-4daf-81e4-dfee4931a4aa)]
[HKEY_CURRENT_USER \ SOFTWARE \ Microsoft \ Windows \ Curre ntVersion \ Run]
"Ctfmon.exe" = "C: \ WINDOWS \ system32 \ Ctfmon.exe" [2004-08-04 05:00 15360]
"MsnMsgr" = "C: \ Programmer \ Windows Live \ Messenger \ MsnMsgr.exe" []
"MSMSGS" = "C: \ Programmer \ Messenger \ msmsgs.exe" [2004-10-13 16:24 1694208]
"Yahoo! Pager" = "C: \ PROGRA ~ 1 \ Yahoo! \ Messen ~ 1 \ YAHOOM ~ 1.exe" [2007-08-30 17:43 4670704]
"SUPERAntiSpyware" = "C: \ Programmer \ SUPERAntiSpyware \ SUPERAntiSpyware.exe" [2007-06-21 14:06 1318912]
[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Run]
"LaunchApp" = "Alaunch" []
"NvCplDaemon" = "C: \ WINDOWS \ system32 \ NvCpl.dll" [2006-07-11 22:19 7626752]
"nwiz" = "nwiz.exe" [2006-07-11 22:19 1519616 C: \ WINDOWS \ system32 \ nwiz.exe]
"RTHDCPL" = "RTHDCPL.EXE" [2006-06-01 00:48 16208384 C: \ WINDOWS \ RTHDCPL.exe]
"SkyTel" = "SkyTel.EXE" [2006-05-16 02:04 2879488 C: \ WINDOWS \ SkyTel.exe]
"ntiMUI" = "c: \ Programmer \ NewTech Infosystems \ NTI CD & DVD-Maker 7 \ ntiMUI.exe" [2005-05-12 00:15 45056]
"RemoteControl" = "C: \ Programmer \ Cyberlink \ PowerDVD \ PDVDServ.exe" [2004-11-03 03:24 32768]
"IMJPMIG8.1" = "C: \ WINDOWS \ IME \ imjp8_1 \ IMJPMIG.e XE" [2004-08-04 05:00 208952]
"IMEKRMIG6.1" = "C: \ WINDOWS \ Ime \ imkr6_1 \ IMEKRMIG.EXE" [2004-08-04 05:00 44032]
"MSPY2002" = "C: \ WINDOWS \ system32 \ IME \ PINTLGNT \ ImScI nst.exe" [2004-08-04 05:00 59392]
"PHIME2002ASync" = "C: \ WINDOWS \ system32 \ IME \ TINTLGNT \ TINTSETP.exe" [2004-08-04 05:00 455168]
"PHIME2002A" = "C: \ WINDOWS \ system32 \ IME \ TINTLGNT \ TIN TSETP.exe" [2004-08-04 05:00 455168]
"NvMediaCenter" = "C: \ WINDOWS \ system32 \ NvMcTray. Dll" [2006-07-11 22:19 86016]
"SunJavaUpdateSched" = "C: \ Programmer \ Java \ jre1.6.0_04 \ bin \ jusched.exe" [2007-12-14 03:42 144784]
»Acer Myndiggørelse Technology Monitor" = "D: \ WINDOWS \ system32 \ SysMonitor.exe" [2006-04-19 03:54 49152]
"eLockMonitor" = "C: \ Acer \ Stærke Technology \ eLock \ Monitor \ LaunchMonitor.exe" [2006-03-31 18:14 16384]
"eRecoveryService" = "C: \ Acer \ Stærke Technology \ eRecovery \ eRAgent.exe" [2006-06-01 22:40 413696]
"AVG7_CC" = "C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgcc.exe" [2008-01-19 16:21 579072]
"ZoneAlarm Client" = "C: \ Programmer \ Zone Labs \ ZoneAlarm \ zlclient.exe" [2007-11-15 00:05 919016]
"CameraFixer" = "C: \ WINDOWS \ CameraFixer.exe" [2005-10-03 11:23 20480]
"tsnp2std" = "C: \ WINDOWS \ tsnp2std.exe" [2005-11-03 10:12 106496]
"snp2std" = "C: \ WINDOWS \ vsnp2std.exe" [2005-08-16 21:54 339968]
"RealTray" = "C: \ Programmer \ Real \ RealPlayer \ RealPlay.exe" [2008-02-07 16:01 26112]
"QuickTime Task" = "C: \ Programmer \ QuickTime \ QTTask.exe" [2008-01-31 23:13 385024]
"AOLDialer" = "C: \ Programmer \ Common Files \ AOL \ ACS \ AOLDial.exe" []
"Adobe Reader Speed Launcher" = "C: \ Programmer \ Adobe \ Reader 8.0 \ Reader \ Reader_sl.exe" [2008-01-11 22:16 39792]
"YBrowser" = "C: \ PROGRA ~ 1 \ Yahoo! \ Browser \ ybrwicon.ex e" [2006-07-21 16:19 129536]
[HKEY_USERS \. DEFAULT \ Software \ Microsoft \ Windows \ Cur rentVersion \ Run]
"Ctfmon.exe" = "C: \ WINDOWS \ system32 \ Ctfmon.exe" [2004-08-04 05:00 15360]
"AVG7_Run" = "C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgw.exe" [2008-01-19 16:21 219136]
C: \ Documents and Settings \ Christine \ Menuen Start \ Programmer \ Start \
TrueAssistant.lnk - C: \ Programmer \ TrueSwitchBTYahoo \ TrueWizard.exe [2008-02-06 15:54:00 1060864]
C: \ Documents and Settings \ All Users \ Menuen Start \ Programmer \ Start \
Craft ROBO Status Supervisor.lnk - C: \ Programmer \ Craft ROBO Controller \ CRSSupervisor.exe [2008-02-05 12:00:04 32768]
HP PSC 1000 series.lnk - C: \ Programmer \ Hewlett-Packard \ Digital Imaging \ bin \ hpohmr08.exe [2003-04-09 18:21:38 147456]
hpoddt01.exe.lnk - C: \ Programmer \ Hewlett-Packard \ Digital Imaging \ bin \ hpotdd01.exe [2003-04-09 18:11:12 28672]
Microsoft Office.lnk - C: \ Programmer \ Microsoft Office \ Office10 \ OSA.EXE [2001-02-13 10:01:04 83360]
[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entversion \ Explorer \ shellexecutehooks]
"(5AE067D3-9AFB-48E0-853A-EBB7F4A000DA)" = C: \ Programmer \ SUPERAntiSpyware \ SASSEH.DLL [2006-12-20 13:55 77824]
[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows NT \ CurrentVersion \ Winlogon \ anmelde \! SASWinLogon]
C: \ Programmer \ SUPERAntiSpyware \ SASWINLO.dll 2007-04-19 13:41 294912 C: \ Programmer \ SUPERAntiSpyware \ SASWINLO.dll
[HKLM \ ~ \ startupfolder \ C: ^ Documents and Settings ^ All Users ^ Start Menu ^ Programs ^ Startup ^ Acer Stærke Technology.lnk]
path = C: \ Documents and Settings \ All Users \ Menuen Start \ Programmer \ Start \ Acer Stærke Technology.lnk
backup = C: \ WINDOWS \ PSS \ Acer Stærke Technology.lnkCommon Startup
[HKLM \ ~ \ startupfolder \ C: ^ Documents and Settings ^ All Users ^ Start Menu ^ Programs ^ Startup ^ Acer WLAN 11g USB Dongle.lnk]
path = C: \ Documents and Settings \ All Users \ Menuen Start \ Programmer \ Start \ Acer WLAN 11g USB Dongle.lnk
backup = C: \ WINDOWS \ PSS \ Acer WLAN 11g USB Dongle.lnkCommon Startup
[HKLM \ ~ \ startupfolder \ C: ^ Documents and Settings ^ All Users ^ Start Menu ^ Programs ^ Startup ^ Adobe Reader Speed Launch.lnk]
path = C: \ Documents and Settings \ All Users \ Menuen Start \ Programmer \ Start \ Adobe Reader Speed Launch.lnk
backup = C: \ WINDOWS \ PSS \ Adobe Reader Speed Launch.lnkCommon Startup
[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Shared Tools \ msconfig \ startupreg \ AdminWorks Tray]
C: \ Acer \ LANScope Agent \ awtray.exe
[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Shared Tools \ msconfig \ startupreg \ eDataSecurity Loader]
C: \ Acer \ Stærke Technology \ eDataSecurity \ eDSloader.exe
[HKLM \ ~ \ Services \ sharedaccess \ Parameters \ firewallpo licy \ standardprofile]
"EnableFirewall" = 0 (0x0)
[HKLM \ ~ \ Services \ sharedaccess \ Parameters \ firewallpo licy \ standardprofile \ AuthorizedApplications \ List]
"% windir% \ \ system32 \ \ sessmgr.exe" =% windir% \ \ system32 \ \ sessmgr.exe: @ Xpsp2res.dll, -22019
"C: \ \ Programmer \ \ Grisoft \ \ AVG7 \ \ avginet.exe" =
"C: \ \ Programmer \ \ Grisoft \ \ AVG7 \ \ avgamsvr.exe" =
"C: \ \ Programmer \ \ Grisoft \ \ AVG7 \ \ avgcc.exe" =
"C: \ \ Programmer \ \ Grisoft \ \ AVG7 \ \ avgemc.exe" =
"C: \ \ Programmer \ \ AOL 9.0 VR \ \ waol.exe" =
"C: \ \ Programmer \ \ Common Files \ \ AOL \ \ TopSpeed \ \ 3.0 \ \ aoltpsd3.exe" =
"C: \ \ Programmer \ \ Common Files \ \ AOL \ \ Loader \ \ aolload.exe" =
"C: \ \ Programmer \ \ Common Files \ \ AOL \ \ System Information \ \ sinf.exe" =
"% windir% \ \ Network Diagnostic \ \ xpnetdiag.exe" =% windir% \ \ Network Diagnostic \ \ xpnetdiag.exe: @ xpsp3res.dll, -20000
"C: \ \ Programmer \ \ Common Files \ \ AOL \ \ 1200753845 \ \ ee \ \ aolsoftware.exe" =
"C: \ \ Programmer \ \ Windows Live \ \ Messenger \ \ msnmsgr.exe" =
"C: \ \ Programmer \ \ Windows Live \ \ Messenger \ \ livecall.exe" =
"C: \ \ Programmer \ \ AOL \ \ RC \ \ regClient.exe" =
"C: \ \ Programmer \ \ Common Files \ \ AOL \ \ ACS \ \ AOLAcsd.exe" =
"C: \ \ Programmer \ \ Common Files \ \ AOL \ \ ACS \ \ AOLDial.exe" =
"C: \ \ Programmer \ \ Common Files \ \ AOL \ \ 1202403305 \ \ ee \ \ aolsoftware.exe" =
"C: \ \ Programmer \ \ AOL 9.0 \ \ waol.exe" =
"C: \ \ Programmer \ \ Yahoo! \ \ Messenger \ \ YahooMessenger.exe" =
"C: \ \ Programmer \ \ Yahoo! \ \ Messenger \ \ YServer.exe" =
"C: \ \ Programmer \ \ LimeWire \ \ LimeWire.exe" =
[HKLM \ ~ \ Services \ sharedaccess \ Parameters \ firewallpo licy \ standardprofile \ GloballyOpenPorts \ List]
"1947: TCP" = 1947: TCP: HASP SRM
"1947: UDP" = 1947: UDP: HASP SRM
R0 UBHelper; UBHelper; C: \ Windows \ System32 \ Drivers \ UBHe lper.sys [2004-12-17 02:14]
R2 aksfridge; aksfridge; C: \ Windows \ System32 \ Drivers \ ak sfridge.sys [2007-03-13 04:48]
R2 eLock2BurnerLockDriver; eLock2BurnerLockDriver; C: \ W INDOWS \ system32 \ eLock2BurnerLockDriver.sys [2006-06-05 19:30]
R2 eLock2FSCTLDriver; eLock2FSCTLDriver; C: \ WINDOWS \ sys tem32 \ eLock2FSCTLDriver.sys [2006-06-07 02:36]
R2 hasplms; HASP License Manager; C: \ WINDOWS \ system32 \ hasplms.exe [2007-03-15 22:48]
R2 LockServ; LockServ; C: \ Acer \ Stærke Technology \ eLock \ LockServ.exe [2006-05-29 20:25]
R3 int15.sys; int15.sys; C: \ Acer \ Stærke Technology \ eRecovery \ int15.sys [2005-01-13 22:46]
R3 SNP2STD; USB2.0 PC Camera (SNP2STD); C: \ Windows \ System32 \ Drivers \ snp2sxp.sys [2005-09-21 13:31]
S3 Acer ODDSpeedControl; Acer ODDSpeedControl; "C: \ Acer \ Stærke Technology \ eAcoustics \ ODDSpeedCtl \ speedcontrol.exe" [2005-02-15 17:02]
S3 CADlink; CADlink; C: \ Graphtec DesignMaster Web \ CADlink.sys [2007-09-25 17:10]
S3 libusb0; LibUsb-Win32 - Kernel Driver, version 0.1.12.1; C: \ Windows \ System32 \ Drivers \ libusb0.sys [2007-03-20 19:33]
S3 psdfilter; psdfilter; C: \ Windows \ System32 \ Drivers \ ps dfilter.sys []
S3 psdvdisk; psdvdisk; C: \ Windows \ System32 \ Drivers \ psdv disk.sys []
S3 ZD1211BU (ZyDAS); ZyDAS ZD1211B IEEE 802.11 b + g Wireless LAN Driver (USB) (ZyDAS); C: \ Windows \ System32 \ Drivers \ zd1211Bu. sys []
[HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ curre ntversion \ explorer \ mountpoints2 \ (a8054a34-c869-11dc-abff-806d6172696f)]
\ Shell \ AutoRun \ command - E: \ CDM.EXE
.
Indhold af "Planlagte opgaver" mappe
"2008-02-22 23:07:37 C: \ WINDOWS \ Tasks \ AppleSoftwareUpdate.job"
- C: \ Programmer \ Apple Software Update \ SoftwareUpdate.exe
"2008-02-06 15:27:09 C: \ WINDOWS \ Tasks \ Fru Task # Hewlett-Packard # hp psc 1200 serien # 1202310815.job"
- C: \ Programmer \ Hewlett-Packard \ Digital Imaging \ Bin \ hpqfrucl.exe4-I
.
************************************************** ************************
catchme 0.3.1344 W2K/XP/Vista - rootkit / stealth malware detector ved Gmer, http://www.gmer.net
Rootkit scan 2008-02-23 11:41:00
Windows 5.1.2600 Service Pack 2 NTFS
scanning skjulte processer ...
scanning skjulte autostart entries ...
scanning skjulte filer ...
scanning afsluttet med succes
skjulte filer: 0
************************************************** ************************
.
Afslutning tid: 2008-02-23 11:41:41
ComboFix-karantæne-files.txt 2008-02-23 11:41:38
.
2008-02-15 09:53:53 --- EOF ---

**evilfantasy** · #9 23 februar 2008, 12:37

Poster at afinstallere

Browser Optimizer Adssite
kommercielle
Ekstraudstyr Browser Tools Rightonadz
J2SE Runtime Environment 5.0 Update 6
Java (TM) 6 Update 3
Synspunkt Media Player

----------

Downloade Vundofix.exe til skrivebordet.

Dobbeltklik på VundoFix.exe at køre den.
Put en markeringen ud for Kør VundoFix som en opgave.
Du vil modtage en besked, siger vundofix vil lukke og genåbne for et minut eller derunder. Klik på OK
Når VundoFix igen åbnes, skal du klikke på Scan for Vundo knappen.
Når det er gjort scanning, skal du klikke på Fjern Vundo knappen.
Du vil modtage en prompt der spørger, om du vil fjerne filer, skal du klikke på JA
Når du klikker på Ja, skrivebordet går tom, da det begynder at fjerne Vundo.
Når afsluttet, vil det hurtigt, at det vil shutdown din computer, skal du klikke på OK.
Tænd computeren igen.
Please post indholdet af C: \vundofix.txt.

Bemærk: Det er muligt, at VundoFix mødt en fil den ikke kunne fjerne. I dette tilfælde VundoFix vil køre på reboot, blot følge ovenstående anvisninger fra "Klik på Scan for Vundo-knappen", når VundoFix vises ved genstart.

Lad Vundo finish, nogle gange kan det tage flere passerer

----------

Gå til dette indlæg at installere, scanner og gemme logfilen fra AVG Antispyware.

----------

Næste post
Vundofix log
Gå til C: \ SDFix og se efter en fil med navnet Report.txt og efter at logge også.

**christine154** · #10 23 februar 2008, 13:37

hi løb Vundo men jeg cant post en log da det ikke kan producere en da den sagde, at der var nogen inficerede filer, også kunne ikke fjerne kommercielle fra programmer kom op fejl se skærmbillede fastgjort og jeg har Spybot installeret på min pc, som jeg køre hele tiden for spyware, så jeg kan jeg virkelig nødt til at installere en anden på min pc?

Lignende Tråde
Tråd	Thread Starter	Forum	Svar	Last Post
IE6 køre mig gal!	lukeshep	Web Design, Hosting & SEO	3	6. maj 2009 09:41
Hvad er alles kørsel	CallumUK	Off Topic Discussion	6	13 marts 2008 12:01
ITunes er den drivende mig gal! Behage hjælp	harriet40	Multimedia & Codecs	2	28 november 2007 04:18
Hjælp venligst den drivende mig gal	Timbo	General Hardware Chat	17	24 november 2007 15:12
Hjælp! Pop ups kører mig krakningsenheder!	curlysmith	Virus, Spyware & Sikkerhed	1	23 oktober 2007 11:22