Contextadvisor - pop up driver meg gal

**christine154** · #1 22. Feb 2008, 15:46

de siste 3 dager Jeg blir denne pop up usikker på hvordan å bli kvitt det gjort en hjt skanning hvis det er noe der som du tror kan være årsaken eller andre problemer kan du hjelpe meg med hva jeg skal gjøre

Logfile of Trend Micro HijackThis v2.0.2
Scan lagret 22:43:41, on 22/02/2008
Plattform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal
Kjører prosesser:
C: \ WINDOWS \ System32 \ smss.exe
C: \ WINDOWS \ system32 \ Winlogon.exe
C: \ WINDOWS \ system32 \ Services.exe
C: \ WINDOWS \ system32 \ Lsass.exe
C: \ WINDOWS \ system32 \ Svchost.exe
C: \ WINDOWS \ system32 \ Svchost.exe
C: \ WINDOWS \ system32 \ ZoneLabs \ vsmon.exe
C: \ WINDOWS \ Explorer.exe
C: \ Programfiler \ Lavasoft \ Ad-Aware 2007 \ aawservice.exe
C: \ WINDOWS \ system32 \ Spoolsv.exe
C: \ Acer \ Styrke Technology \ ePerformance \ MemCheck.exe
C: \ progra ~ 1 \ Grisoft \ AVG7 \ avgamsvr.exe
C: \ progra ~ 1 \ Grisoft \ AVG7 \ avgupsvc.exe
C: \ progra ~ 1 \ Grisoft \ AVG7 \ avgemc.exe
C: \ WINDOWS \ system32 \ hasplms.exe
c: \ Programfiler \ Fellesfiler \ LightScribe \ LSSrvc.exe
C: \ Acer \ Styrke Technology \ eLock \ LockServ.exe
C: \ WINDOWS \ system32 \ nvsvc32.exe
C: \ WINDOWS \ system32 \ Svchost.exe
C: \ WINDOWS \ RTHDCPL.EXE
C: \ Acer \ Styrke Technology \ eRecovery \ eRAgent.exe
C: \ Program Files \ Cyberlink \ PowerDVD \ PDVDServ.exe
C: \ WINDOWS \ system32 \ rundll32.exe
C: \ Programfiler \ Java \ jre1.6.0_03 \ bin \ jusched.exe
C: \ WINDOWS \ system32 \ SysMonitor.exe
C: \ progra ~ 1 \ Grisoft \ AVG7 \ avgcc.exe
C: \ Programfiler \ Zone Labs \ ZoneAlarm \ zlclient.exe
C: \ WINDOWS \ CameraFixer.exe
C: \ WINDOWS \ tsnp2std.exe
C: \ WINDOWS \ vsnp2std.exe
C: \ Programfiler \ Real \ RealPlayer \ RealPlay.exe
C: \ Acer \ Styrke Technology \ eLock \ Monitor \ LockMon.exe
C: \ Programfiler \ QuickTime \ qttask.exe
C: \ progra ~ 1 \ Yahoo! \ Browser \ ybrwicon.exe
C: \ WINDOWS \ system32 \ rundll32.exe
C: \ WINDOWS \ system32 \ Ctfmon.exe
C: \ Programfiler \ Messenger \ msmsgs.exe
C: \ Programfiler \ Internet Explorer \ IEXPLORE.EXE
C: \ progra ~ 1 \ Yahoo! \ Browser \ ycommon.exe
C: \ Programfiler \ Craft Robo Controller \ CRSSupervisor.exe
C: \ Programfiler \ Hewlett-Packard \ Digital Imaging \ bin \ hpohmr08.exe
C: \ Programfiler \ Hewlett-Packard \ Digital Imaging \ bin \ hpotdd01.exe
C: \ Programfiler \ TrueSwitchBTYahoo \ TrueWizard.exe
C: \ Programfiler \ Hewlett-Packard \ Digital Imaging \ bin \ hpoevm08.exe
C: \ WINDOWS \ system32 \ wbem \ wmiapsrv.exe
C: \ Programfiler \ Hewlett-Packard \ Digital Imaging \ Bin \ hpoSTS08.exe
C: \ progra ~ 1 \ Yahoo! \ COMPAN ~ 1 \ Installerer \ cpn0 \ YTBSDK.e XE
C: \ WINDOWS \ system32 \ Svchost.exe
C: \ progra ~ 1 \ Yahoo! \ Messen ~ 1 \ YAHOOM ~ 1.EXE
C: \ Programfiler \ King Kong Software \ Capture \ KingKongCapture.exe
C: \ Programfiler \ Yahoo! \ Browser \ ybrowser.exe
C: \ Programfiler \ Mozilla Firefox \ firefox.exe
C: \ Documents and Settings \ Christine \ Skrivebord \ HiJackThis.exe
R1 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Default_Search_URL = http://kingkongsearch.com/
R0 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://bt.my.yahoo.com/
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU \ Software \ Microsoft \ Internet Explorer \ SearchURL, (Default) = http://search.aol.co.uk/web?isinit=true&query =% s
R3 - URLSearchHook: Yahoo! Toolbar - (EF99BD32-C1FB-11D2-892F-0090271D4F88) - C: \ Programfiler \ Yahoo! \ Companion \ Installerer \ cpn0 \ yt.dll
O2 - BHO: Yahoo! Toolbar Helper - (02478D38-C3F9-4EFB-9B51-7695ECA05670) - C: \ Programfiler \ Yahoo! \ Companion \ Installerer \ cpn0 \ yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - (06849E9F-C8D7-4D59-B87D-784B7D6BE0B3) - C: \ Programfiler \ Fellesfiler \ Adobe \ Acrobat \ ActiveX \ AcroIEHelper.dll
O2 - BHO: Spybot-S & D IE Protection - (53707962-6F74-2D53-2644-206D7942484F) - C: \ progra ~ 1 \ Spybot ~ 1 \ SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - (5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897) - c: \ progra ~ 1 \ Yahoo! \ Felles \ yiesrvc.dll
O2 - BHO: SSVHelper Class - (761497BB-D6F0-462C-B6EB-D4DAF1D92D43) - C: \ Programfiler \ Java \ jre1.6.0_03 \ bin \ ssv.dll
O2 - BHO: rightonads optimizer - (7D9362F8-77D8-4b29-97B5-621D550890C0) - C: \ WINDOWS \ system32 \ gzmrt.dll
O2 - BHO: ContextAdvisor - (87E68009-29A8-D669-F7C2-B31D08635C50) - C: \ Programfiler \ ContextAdvisor \ ContextAdvisor-3.dll
O2 - BHO: ads_optimizer - (9C8A568E-4201-478a-8536-526CF371D2E2) - C: \ WINDOWS \ system32 \ nst46.dll
O2 - BHO: XBTB06823 Class - (BA463437-C3DE-47da-8280-87596824388A) - c: \ progra ~ 1 \ GOOGLE ~ 1 \ TOOLBA ~ 1.DLL
O2 - BHO: ZoneAlarm Spy Blocker BHO - (F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA) - C: \ Programfiler \ ZoneAlarmSB \ bar \ 1.bin \ SPYBLOCK.DLL
O2 - BHO: SidebarAutoLaunch Class - (F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D) - C: \ Programfiler \ Yahoo! \ Browser \ YSidebarIEBHO.dll
O3 - Toolbar: Yahoo! Toolbar - (EF99BD32-C1FB-11D2-892F-0090271D4F88) - C: \ Programfiler \ Yahoo! \ Companion \ Installerer \ cpn0 \ yt.dll
O3 - Toolbar: ZoneAlarm Spy Blocker - (F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA) - C: \ Programfiler \ ZoneAlarmSB \ bar \ 1.bin \ SPYBLOCK.DLL
O4 - HKLM \ .. \ Run: [LaunchApp] Alaunch
O4 - HKLM \ .. \ Run: [NvCplDaemon] rundll32.exe C: \ WINDOWS \ system32 \ NvCpl.dll, NvStartup
O4 - HKLM \ .. \ Run: [nwiz] nwiz.exe / install
O4 - HKLM \ .. \ Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM \ .. \ Run: [SkyTel] SkyTel.EXE
O4 - HKLM \ .. \ Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM \ .. \ Run: [ntiMUI] c: \ Program Files \ NewTech Infosystems \ NTI CD & DVD-Maker 7 \ ntiMUI.exe
O4 - HKLM \ .. \ Run: [RemoteControl] "C: \ Program Files \ Cyberlink \ PowerDVD \ PDVDServ.exe"
O4 - HKLM \ .. \ Run: [IMJPMIG8.1] "C: \ WINDOWS \ IME \ imjp8_1 \ IMJPMIG.EXE" / Skjem bort / RemAdvDef / Migration32
O4 - HKLM \ .. \ Run: [IMEKRMIG6.1] C: \ WINDOWS \ IME \ imkr6_1 \ IMEKRMIG.EXE
O4 - HKLM \ .. \ Run: [MSPY2002] C: \ WINDOWS \ system32 \ IME \ PINTLGNT \ ImScInst.exe / SYNC
O4 - HKLM \ .. \ Run: [PHIME2002ASync] C: \ WINDOWS \ system32 \ IME \ TINTLGNT \ TINTSETP.EXE / SYNC
O4 - HKLM \ .. \ Run: [PHIME2002A] C: \ WINDOWS \ system32 \ IME \ TINTLGNT \ TINTSETP.EXE / IMEName
O4 - HKLM \ .. \ Run: [NvMediaCenter] rundll32.exe C: \ WINDOWS \ system32 \ NvMcTray.dll, NvTaskbarInit
O4 - HKLM \ .. \ Run: [SunJavaUpdateSched] "C: \ Programfiler \ Java \ jre1.6.0_03 \ bin \ jusched.exe"
O4 - HKLM \ .. \ Run: [Acer Styrke Technology Monitor] C: \ WINDOWS \ system32 \ SysMonitor.exe
O4 - HKLM \ .. \ Run: [eLockMonitor] C: \ Acer \ Styrke Technology \ eLock \ Monitor \ LaunchMonitor.exe
O4 - HKLM \ .. \ Run: [eRecoveryService] C: \ Acer \ Styrke Technology \ eRecovery \ eRAgent.exe
O4 - HKLM \ .. \ Run: [AVG7_CC] C: \ progra ~ 1 \ Grisoft \ AVG7 \ avgcc.exe / STARTUP
O4 - HKLM \ .. \ Run: [ZoneAlarm Client] "C: \ Programfiler \ Zone Labs \ ZoneAlarm \ zlclient.exe"
O4 - HKLM \ .. \ Run: [CameraFixer] C: \ WINDOWS \ CameraFixer.exe
O4 - HKLM \ .. \ Run: [tsnp2std] C: \ WINDOWS \ tsnp2std.exe
O4 - HKLM \ .. \ Run: [snp2std] C: \ WINDOWS \ vsnp2std.exe
O4 - HKLM \ .. \ Run: [RealTray] C: \ Programfiler \ Real \ RealPlayer \ RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM \ .. \ Run: [QuickTime Task] "C: \ Programfiler \ QuickTime \ qttask.exe"-atboottime
O4 - HKLM \ .. \ Run: [AOLDialer] C: \ Programfiler \ Fellesfiler \ AOL \ ACS \ AOLDial.exe
O4 - HKLM \ .. \ Run: [Adobe Reader Speed Launcher] "C: \ Programfiler \ Adobe \ Reader 8.0 \ Reader \ Reader_sl.exe"
O4 - HKLM \ .. \ Run: [YBrowser] C: \ progra ~ 1 \ Yahoo! \ Browser \ ybrwicon.exe
O4 - HKLM \ .. \ Run: [postSetupCheck] C: \ WINDOWS \ system32 \ rundll32.exe C: \ WINDOWS \ system32 \ gzmrt.dll "DllStart
O4 - HKCU \ .. \ Run: [Ctfmon.exe] C: \ WINDOWS \ system32 \ Ctfmon.exe
O4 - HKCU \ .. \ Run: [MsnMsgr] "C: \ Programfiler \ Windows Live \ Messenger \ MsnMsgr.Exe" / background
O4 - HKCU \ .. \ Run: [MSMSGS] "C: \ Programfiler \ Messenger \ msmsgs.exe" / background
O4 - HKCU \ .. \ Run: [Yahoo! Personsøker] "c: \ progra ~ 1 \ Yahoo! \ Messen ~ 1 \ YAHOOM ~ 1.EXE"-quiet
O4 - HKUS \ S-1-5-19 \ .. \ Run: [AVG7_Run] C: \ progra ~ 1 \ Grisoft \ AVG7 \ avgw.exe / RunOnce (User 'LOCAL SERVICE')
O4 - HKUS \ S-1-5-20 \ .. \ Run: [AVG7_Run] C: \ progra ~ 1 \ Grisoft \ AVG7 \ avgw.exe / RunOnce (User 'NETWORK SERVICE')
O4 - HKUS \ S-1-5-18 \ .. \ Run: [Ctfmon.exe] C: \ WINDOWS \ system32 \ Ctfmon.exe (User 'SYSTEM')
O4 - HKUS \. DEFAULT \ .. \ Run: [Ctfmon.exe] C: \ WINDOWS \ system32 \ Ctfmon.exe (User 'Default user')
O4 - Startup: TrueAssistant.lnk = C: \ Programfiler \ TrueSwitchBTYahoo \ TrueWizard.exe
O4 - Global Startup: Craft Robo Status Supervisor.lnk =?
O4 - Global Startup: HP PSC 1000 series.lnk =?
O4 - Global Startup: hpoddt01.exe.lnk =?
O4 - Global Startup: Microsoft Office.lnk = C: \ Programfiler \ Microsoft Office \ Office10 \ Osa.exe
O8 - Extra sammenheng menyelement: & AOL Toolbar søk - res: / / C: \ Program Files \ AOL Toolbar \ toolbar.dll / SEARCH.HTML
O9 - Extra knappen: (no name) - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Programfiler \ Java \ jre1.6.0_03 \ bin \ ssv.dll
O9 - Extra "Verktøy" MENUITEM: Sun Java Console - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Programfiler \ Java \ jre1.6.0_03 \ bin \ ssv.dll
O9 - Extra knappen: BT Yahoo! Services - (5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897) - c: \ progra ~ 1 \ Yahoo! \ Felles \ yiesrvc.dll
O9 - Extra knappen: Real.com - (CD67F990-D8E9-11d2-98FE-00C0F0318AFE) - C: \ WINDOWS \ system32 \ Shdocvw.dll
O9 - Extra knappen: (no name) - (DFB852A3-47F8-48C4-a200-58CAB36FD2A2) - C: \ progra ~ 1 \ Spybot ~ 1 \ SDHelper.dll
O9 - Extra "Verktøy" MENUITEM: Spybot - Search & Destroy Configuration - (DFB852A3-47F8-48C4-a200-58CAB36FD2A2) - C: \ progra ~ 1 \ Spybot ~ 1 \ SDHelper.dll
O9 - Extra knappen: (no name) - (e2e2dd38-d088-4134-82b7-f2ba38496583) - C: \ WINDOWS \ Network Diagnostic \ xpnetdiag.exe
O9 - Extra "Verktøy" MENUITEM: @ xpsp3res.dll, -20001 - (e2e2dd38-d088-4134-82b7-f2ba38496583) - C: \ WINDOWS \ Network Diagnostic \ xpnetdiag.exe
O9 - Extra knappen: Messenger - (FB5F1910-F110-11d2-BB9E-00C04F795683) - C: \ Programfiler \ Messenger \ msmsgs.exe
O9 - Extra "Verktøy" MENUITEM: Windows Messenger - (FB5F1910-F110-11d2-BB9E-00C04F795683) - C: \ Programfiler \ Messenger \ msmsgs.exe
O15 - Trusted Zone: http://www.photobucket.com
O16 - DPF: (30528230-99f7-4bb4-88d8-fa1d4f56a2ab) (Installation Support) - C: \ Programfiler \ Yahoo! \ Common \ Yinsthelper.dll
O16 - DPF: (6B75345B-AA36-438A-BBE6-4078B4C6984D) (HpProductDetection klasse) -- http://h20270.www2.hp.com/ediags/gmn...tDetection.cab
O16 - DPF: (D27CDB6E-AE6D-11CF-96B8-444553540000) (Shockwave Flash Object) -- http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C: \ Programfiler \ Lavasoft \ Ad-Aware 2007 \ aawservice.exe
O23 - Service: Acer ODDSpeedControl - TODO: <????> - C: \ Acer \ Styrke Technology \ eAcoustics \ ODDSpeedCtl \ speedcontrol.exe
O23 - Service: Memory Check Service (AcerMemUsageCheckService) - Acer Inc. - C: \ Acer \ Styrke Technology \ ePerformance \ MemCheck.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - Grisoft, sro - C: \ progra ~ 1 \ Grisoft \ AVG7 \ avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - Grisoft, sro - C: \ progra ~ 1 \ Grisoft \ AVG7 \ avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - Grisoft, sro - C: \ progra ~ 1 \ Grisoft \ AVG7 \ avgemc.exe
O23 - Service: HASP License Manager (hasplms) - Aladdin Knowledge Systems Ltd - C: \ WINDOWS \ system32 \ hasplms.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C: \ Programfiler \ Fellesfiler \ InstallShield \ Driver \ 1150 \ Intel 32 \ IDriverT.exe
O23 - Service: LightScribeService Direct Disc Merking Service (LightScribeService) - Hewlett-Packard Company - c: \ Programfiler \ Fellesfiler \ LightScribe \ LSSrvc.exe
O23 - Service: LockServ - Unknown owner - C: \ Acer \ Styrke Technology \ eLock \ LockServ.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C: \ WINDOWS \ system32 \ nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C: \ WINDOWS \ system32 \ HPZipm12.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C: \ WINDOWS \ system32 \ ZoneLabs \ vsmon.exe
O24 - Desktop Component 0: (no name) -- http://www.pspug.org/pix/pspimem1.gif
--
End of file - 11705 bytes

**evilfantasy** · #2 22. Feb 2008, 20:09

Gå til denne tråden og gjøre trinnene One Two og Tre.

Når disse er helt ferdig og datamaskinen startes på nytt kjøre en ny Hijackthis scan og post loggen også.

**christine154** · #3 23. Feb 2008, 02:12

Jeg har 3 programmer som im ikke sikker på hva de som er
commmercial
ekstrautstyr leseren verktøy rightonadz
sound'em 1.0
bør jeg fjerne disse? fra Legg til / fjern programmer-listen

**christine154** · #4 23. Feb 2008, 03:05

har kjørt cc renere og super anti spyware men når PC-en startes på nytt fikk jeg denne feilmeldingen

Feil ved lasting c \ windows \ system32 \ gzmrt.dll
den angitte modulen ble ikke funnet

**evilfantasy** · #5 23. Feb 2008, 03:09

Sitat:

Originally Posted by christine154

har kjørt cc renere og super anti spyware men når PC-en startes på nytt fikk jeg denne feilmeldingen

Feil ved lasting c \ windows \ system32 \ gzmrt.dll
den angitte modulen ble ikke funnet

Det skyldes malware blir fjernet av SAS. Jeg trenger en ny Hijackthis log nå.

**christine154** · #6 23. Feb 2008, 03:15

Logfile of Trend Micro HijackThis v2.0.2
Scan lagret 10:15:40, on 23/02/2008
Plattform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal
Kjører prosesser:
C: \ WINDOWS \ System32 \ smss.exe
C: \ WINDOWS \ system32 \ Winlogon.exe
C: \ WINDOWS \ system32 \ Services.exe
C: \ WINDOWS \ system32 \ Lsass.exe
C: \ WINDOWS \ system32 \ Svchost.exe
C: \ WINDOWS \ system32 \ Svchost.exe
C: \ WINDOWS \ system32 \ ZoneLabs \ vsmon.exe
C: \ WINDOWS \ Explorer.exe
C: \ Programfiler \ Lavasoft \ Ad-Aware 2007 \ aawservice.exe
C: \ WINDOWS \ system32 \ Spoolsv.exe
C: \ Acer \ Styrke Technology \ ePerformance \ MemCheck.exe
C: \ progra ~ 1 \ Grisoft \ AVG7 \ avgamsvr.exe
C: \ progra ~ 1 \ Grisoft \ AVG7 \ avgupsvc.exe
C: \ progra ~ 1 \ Grisoft \ AVG7 \ avgemc.exe
C: \ WINDOWS \ system32 \ hasplms.exe
c: \ Programfiler \ Fellesfiler \ LightScribe \ LSSrvc.exe
C: \ Acer \ Styrke Technology \ eLock \ LockServ.exe
C: \ WINDOWS \ system32 \ Svchost.exe
C: \ WINDOWS \ RTHDCPL.EXE
C: \ Program Files \ Cyberlink \ PowerDVD \ PDVDServ.exe
C: \ WINDOWS \ system32 \ rundll32.exe
C: \ Programfiler \ Java \ jre1.6.0_04 \ bin \ jusched.exe
C: \ WINDOWS \ system32 \ SysMonitor.exe
C: \ progra ~ 1 \ Grisoft \ AVG7 \ avgcc.exe
C: \ Programfiler \ Zone Labs \ ZoneAlarm \ zlclient.exe
C: \ WINDOWS \ CameraFixer.exe
C: \ Acer \ Styrke Technology \ eRecovery \ eRAgent.exe
C: \ WINDOWS \ tsnp2std.exe
C: \ WINDOWS \ vsnp2std.exe
C: \ Programfiler \ Real \ RealPlayer \ RealPlay.exe
C: \ Programfiler \ QuickTime \ QTTask.exe
C: \ progra ~ 1 \ Yahoo! \ Browser \ ybrwicon.exe
C: \ WINDOWS \ system32 \ Ctfmon.exe
C: \ Programfiler \ Messenger \ msmsgs.exe
C: \ Programfiler \ SUPERAntiSpyware \ SUPERAntiSpyware.exe
C: \ Acer \ Styrke Technology \ eLock \ Monitor \ LockMon.exe
C: \ progra ~ 1 \ Yahoo! \ Browser \ ycommon.exe
C: \ Programfiler \ Craft Robo Controller \ CRSSupervisor.exe
C: \ Programfiler \ Hewlett-Packard \ Digital Imaging \ bin \ hpohmr08.exe
C: \ Programfiler \ Hewlett-Packard \ Digital Imaging \ bin \ hpoevm08.exe
C: \ Programfiler \ Hewlett-Packard \ Digital Imaging \ Bin \ hpoSTS08.exe
C: \ Programfiler \ Hewlett-Packard \ Digital Imaging \ bin \ hpotdd01.exe
C: \ Programfiler \ TrueSwitchBTYahoo \ TrueWizard.exe
C: \ WINDOWS \ system32 \ wbem \ wmiapsrv.exe
C: \ progra ~ 1 \ Yahoo! \ Messen ~ 1 \ YAHOOM ~ 1.EXE
C: \ Programfiler \ Yahoo! \ Browser \ ybrowser.exe
C: \ Programfiler \ King Kong Software \ Capture \ KingKongCapture.exe
C: \ Documents and Settings \ Christine \ Skrivebord \ HiJackThis.exe
R1 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Default_Search_URL = http://kingkongsearch.com/
R0 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://bt.my.yahoo.com/
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU \ Software \ Microsoft \ Internet Explorer \ SearchURL, (Default) = http://search.aol.co.uk/web?isinit=true&query =% s
R3 - URLSearchHook: Yahoo! Toolbar - (EF99BD32-C1FB-11D2-892F-0090271D4F88) - C: \ Programfiler \ Yahoo! \ Companion \ Installerer \ cpn0 \ yt.dll
O2 - BHO: Yahoo! Toolbar Helper - (02478D38-C3F9-4EFB-9B51-7695ECA05670) - C: \ Programfiler \ Yahoo! \ Companion \ Installerer \ cpn0 \ yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - (06849E9F-C8D7-4D59-B87D-784B7D6BE0B3) - C: \ Programfiler \ Fellesfiler \ Adobe \ Acrobat \ ActiveX \ AcroIEHelper.dll
O2 - BHO: Spybot-S & D IE Protection - (53707962-6F74-2D53-2644-206D7942484F) - C: \ progra ~ 1 \ Spybot ~ 1 \ SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - (5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897) - c: \ progra ~ 1 \ Yahoo! \ Felles \ yiesrvc.dll
O2 - BHO: SSVHelper Class - (761497BB-D6F0-462C-B6EB-D4DAF1D92D43) - C: \ Programfiler \ Java \ jre1.6.0_04 \ bin \ ssv.dll
O2 - BHO: ContextAdvisor - (87E68009-29A8-D669-F7C2-B31D08635C50) - C: \ Programfiler \ ContextAdvisor \ ContextAdvisor-3.dll
O2 - BHO: XBTB06823 Class - (BA463437-C3DE-47da-8280-87596824388A) - c: \ progra ~ 1 \ GOOGLE ~ 1 \ TOOLBA ~ 1.DLL
O2 - BHO: ZoneAlarm Spy Blocker BHO - (F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA) - C: \ Programfiler \ ZoneAlarmSB \ bar \ 1.bin \ SPYBLOCK.DLL
O2 - BHO: SidebarAutoLaunch Class - (F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D) - C: \ Programfiler \ Yahoo! \ Browser \ YSidebarIEBHO.dll
O3 - Toolbar: Yahoo! Toolbar - (EF99BD32-C1FB-11D2-892F-0090271D4F88) - C: \ Programfiler \ Yahoo! \ Companion \ Installerer \ cpn0 \ yt.dll
O3 - Toolbar: ZoneAlarm Spy Blocker - (F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA) - C: \ Programfiler \ ZoneAlarmSB \ bar \ 1.bin \ SPYBLOCK.DLL
O4 - HKLM \ .. \ Run: [LaunchApp] Alaunch
O4 - HKLM \ .. \ Run: [NvCplDaemon] rundll32.exe C: \ WINDOWS \ system32 \ NvCpl.dll, NvStartup
O4 - HKLM \ .. \ Run: [nwiz] nwiz.exe / install
O4 - HKLM \ .. \ Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM \ .. \ Run: [SkyTel] SkyTel.EXE
O4 - HKLM \ .. \ Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM \ .. \ Run: [ntiMUI] c: \ Program Files \ NewTech Infosystems \ NTI CD & DVD-Maker 7 \ ntiMUI.exe
O4 - HKLM \ .. \ Run: [RemoteControl] "C: \ Program Files \ Cyberlink \ PowerDVD \ PDVDServ.exe"
O4 - HKLM \ .. \ Run: [IMJPMIG8.1] "C: \ WINDOWS \ IME \ imjp8_1 \ IMJPMIG.EXE" / Skjem bort / RemAdvDef / Migration32
O4 - HKLM \ .. \ Run: [IMEKRMIG6.1] C: \ WINDOWS \ IME \ imkr6_1 \ IMEKRMIG.EXE
O4 - HKLM \ .. \ Run: [MSPY2002] C: \ WINDOWS \ system32 \ IME \ PINTLGNT \ ImScInst.exe / SYNC
O4 - HKLM \ .. \ Run: [PHIME2002ASync] C: \ WINDOWS \ system32 \ IME \ TINTLGNT \ TINTSETP.EXE / SYNC
O4 - HKLM \ .. \ Run: [PHIME2002A] C: \ WINDOWS \ system32 \ IME \ TINTLGNT \ TINTSETP.EXE / IMEName
O4 - HKLM \ .. \ Run: [NvMediaCenter] rundll32.exe C: \ WINDOWS \ system32 \ NvMcTray.dll, NvTaskbarInit
O4 - HKLM \ .. \ Run: [SunJavaUpdateSched] "C: \ Programfiler \ Java \ jre1.6.0_04 \ bin \ jusched.exe"
O4 - HKLM \ .. \ Run: [Acer Styrke Technology Monitor] C: \ WINDOWS \ system32 \ SysMonitor.exe
O4 - HKLM \ .. \ Run: [eLockMonitor] C: \ Acer \ Styrke Technology \ eLock \ Monitor \ LaunchMonitor.exe
O4 - HKLM \ .. \ Run: [eRecoveryService] C: \ Acer \ Styrke Technology \ eRecovery \ eRAgent.exe
O4 - HKLM \ .. \ Run: [AVG7_CC] C: \ progra ~ 1 \ Grisoft \ AVG7 \ avgcc.exe / STARTUP
O4 - HKLM \ .. \ Run: [ZoneAlarm Client] "C: \ Programfiler \ Zone Labs \ ZoneAlarm \ zlclient.exe"
O4 - HKLM \ .. \ Run: [CameraFixer] C: \ WINDOWS \ CameraFixer.exe
O4 - HKLM \ .. \ Run: [tsnp2std] C: \ WINDOWS \ tsnp2std.exe
O4 - HKLM \ .. \ Run: [snp2std] C: \ WINDOWS \ vsnp2std.exe
O4 - HKLM \ .. \ Run: [RealTray] C: \ Programfiler \ Real \ RealPlayer \ RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM \ .. \ Run: [QuickTime Task] "C: \ Programfiler \ QuickTime \ QTTask.exe"-atboottime
O4 - HKLM \ .. \ Run: [AOLDialer] C: \ Programfiler \ Fellesfiler \ AOL \ ACS \ AOLDial.exe
O4 - HKLM \ .. \ Run: [Adobe Reader Speed Launcher] "C: \ Programfiler \ Adobe \ Reader 8.0 \ Reader \ Reader_sl.exe"
O4 - HKLM \ .. \ Run: [YBrowser] C: \ progra ~ 1 \ Yahoo! \ Browser \ ybrwicon.exe
O4 - HKLM \ .. \ Run: [postSetupCheck] C: \ WINDOWS \ system32 \ rundll32.exe C: \ WINDOWS \ system32 \ gzmrt.dll "DllStart
O4 - HKCU \ .. \ Run: [Ctfmon.exe] C: \ WINDOWS \ system32 \ Ctfmon.exe
O4 - HKCU \ .. \ Run: [MsnMsgr] "C: \ Programfiler \ Windows Live \ Messenger \ MsnMsgr.Exe" / background
O4 - HKCU \ .. \ Run: [MSMSGS] "C: \ Programfiler \ Messenger \ msmsgs.exe" / background
O4 - HKCU \ .. \ Run: [Yahoo! Personsøker] "c: \ progra ~ 1 \ Yahoo! \ Messen ~ 1 \ YAHOOM ~ 1.EXE"-quiet
O4 - HKCU \ .. \ Run: [SUPERAntiSpyware] C: \ Programfiler \ SUPERAntiSpyware \ SUPERAntiSpyware.exe
O4 - HKUS \ S-1-5-19 \ .. \ Run: [AVG7_Run] C: \ progra ~ 1 \ Grisoft \ AVG7 \ avgw.exe / RunOnce (User 'LOCAL SERVICE')
O4 - HKUS \ S-1-5-20 \ .. \ Run: [AVG7_Run] C: \ progra ~ 1 \ Grisoft \ AVG7 \ avgw.exe / RunOnce (User 'NETWORK SERVICE')
O4 - HKUS \ S-1-5-18 \ .. \ Run: [Ctfmon.exe] C: \ WINDOWS \ system32 \ Ctfmon.exe (User 'SYSTEM')
O4 - HKUS \. DEFAULT \ .. \ Run: [Ctfmon.exe] C: \ WINDOWS \ system32 \ Ctfmon.exe (User 'Default user')
O4 - Startup: TrueAssistant.lnk = C: \ Programfiler \ TrueSwitchBTYahoo \ TrueWizard.exe
O4 - Global Startup: Craft Robo Status Supervisor.lnk =?
O4 - Global Startup: HP PSC 1000 series.lnk =?
O4 - Global Startup: hpoddt01.exe.lnk =?
O4 - Global Startup: Microsoft Office.lnk = C: \ Programfiler \ Microsoft Office \ Office10 \ Osa.exe
O8 - Extra sammenheng menyelement: & AOL Toolbar søk - res: / / C: \ Program Files \ AOL Toolbar \ toolbar.dll / SEARCH.HTML
O9 - Extra knappen: (no name) - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Programfiler \ Java \ jre1.6.0_04 \ bin \ ssv.dll
O9 - Extra "Verktøy" MENUITEM: Sun Java Console - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Programfiler \ Java \ jre1.6.0_04 \ bin \ ssv.dll
O9 - Extra knappen: BT Yahoo! Services - (5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897) - c: \ progra ~ 1 \ Yahoo! \ Felles \ yiesrvc.dll
O9 - Extra knappen: Real.com - (CD67F990-D8E9-11d2-98FE-00C0F0318AFE) - C: \ WINDOWS \ system32 \ Shdocvw.dll
O9 - Extra knappen: (no name) - (DFB852A3-47F8-48C4-a200-58CAB36FD2A2) - C: \ progra ~ 1 \ Spybot ~ 1 \ SDHelper.dll
O9 - Extra "Verktøy" MENUITEM: Spybot - Search & Destroy Configuration - (DFB852A3-47F8-48C4-a200-58CAB36FD2A2) - C: \ progra ~ 1 \ Spybot ~ 1 \ SDHelper.dll
O9 - Extra knappen: (no name) - (e2e2dd38-d088-4134-82b7-f2ba38496583) - C: \ WINDOWS \ Network Diagnostic \ xpnetdiag.exe
O9 - Extra "Verktøy" MENUITEM: @ xpsp3res.dll, -20001 - (e2e2dd38-d088-4134-82b7-f2ba38496583) - C: \ WINDOWS \ Network Diagnostic \ xpnetdiag.exe
O9 - Extra knappen: Messenger - (FB5F1910-F110-11d2-BB9E-00C04F795683) - C: \ Programfiler \ Messenger \ msmsgs.exe
O9 - Extra "Verktøy" MENUITEM: Windows Messenger - (FB5F1910-F110-11d2-BB9E-00C04F795683) - C: \ Programfiler \ Messenger \ msmsgs.exe
O15 - Trusted Zone: http://www.photobucket.com
O16 - DPF: (30528230-99f7-4bb4-88d8-fa1d4f56a2ab) (Installation Support) - C: \ Programfiler \ Yahoo! \ Common \ Yinsthelper.dll
O16 - DPF: (6B75345B-AA36-438A-BBE6-4078B4C6984D) (HpProductDetection klasse) -- http://h20270.www2.hp.com/ediags/gmn...tDetection.cab
O16 - DPF: (D27CDB6E-AE6D-11CF-96B8-444553540000) (Shockwave Flash Object) -- http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O20 - Winlogon Notify:! SASWinLogon - C: \ Programfiler \ SUPERAntiSpyware \ SASWINLO.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C: \ Programfiler \ Lavasoft \ Ad-Aware 2007 \ aawservice.exe
O23 - Service: Acer ODDSpeedControl - TODO: <????> - C: \ Acer \ Styrke Technology \ eAcoustics \ ODDSpeedCtl \ speedcontrol.exe
O23 - Service: Memory Check Service (AcerMemUsageCheckService) - Acer Inc. - C: \ Acer \ Styrke Technology \ ePerformance \ MemCheck.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - Grisoft, sro - C: \ progra ~ 1 \ Grisoft \ AVG7 \ avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - Grisoft, sro - C: \ progra ~ 1 \ Grisoft \ AVG7 \ avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - Grisoft, sro - C: \ progra ~ 1 \ Grisoft \ AVG7 \ avgemc.exe
O23 - Service: HASP License Manager (hasplms) - Aladdin Knowledge Systems Ltd - C: \ WINDOWS \ system32 \ hasplms.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C: \ Programfiler \ Fellesfiler \ InstallShield \ Driver \ 1150 \ Intel 32 \ IDriverT.exe
O23 - Service: LightScribeService Direct Disc Merking Service (LightScribeService) - Hewlett-Packard Company - c: \ Programfiler \ Fellesfiler \ LightScribe \ LSSrvc.exe
O23 - Service: LockServ - Unknown owner - C: \ Acer \ Styrke Technology \ eLock \ LockServ.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C: \ WINDOWS \ system32 \ nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C: \ WINDOWS \ system32 \ HPZipm12.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C: \ WINDOWS \ system32 \ ZoneLabs \ vsmon.exe
O24 - Desktop Component 0: (no name) -- http://www.pspug.org/pix/pspimem1.gif
--
End of file - 11488 bytes

**evilfantasy** · #7 23. Feb 2008, 03:38

Åpne Hijackthis og velg Gjør et system skanne bare deretter plassere et merke ved siden:

O2 - BHO: XBTB06823 Class - (BA463437-C3DE-47da-8280-87596824388A) - c: \ progra ~ 1 \ GOOGLE ~ 1 \ TOOLBA ~ 1.DLL
O4 - HKLM \ .. \ Run: [postSetupCheck] C: \ WINDOWS \ system32 \ rundll32.exe C: \ WINDOWS \ system32 \ gzmrt.dll "DllStart
O24 - Desktop Component 0: (no name) -- http://www.pspug.org/pix/pspimem1.gif <<Hvis du ikke legge dette selv og deretter fjerne dem med Hijackthis.

Lukk alle vinduer unntatt Hijackthis og klikk Fix kontrollert.

----------

Laste ned SDFix.exe og lagre det til skrivebordet ditt.

Dobbeltklikk SDFix.exe og det vil pakke ut filene i% systemdrive%
(Stasjonen som inneholder Windows-katalogen, vanligvis C: \ SDFix)

Fyll deretter starte datamaskinen på nytt i Sikkermodus ved å gjøre følgende:

Start maskinen på nytt
Etter å ha hørt maskinen piper én gang under oppstart, men før Windows vises, trykker du F8 kontinuerlig;
I stedet for Windows lasting som normalt, Avansert alternativmenyen skal vises;
Velg det første alternativet, å kjøre Windows i sikkermodus, og trykk deretter på Angi.
Velg din vanlige konto.
Åpne de utpakkede SDFix mappe og dobbeltklikk RunThis.bat å starte skriptet.
Type Y å starte Cleanup prosessen.
Det vil fjerne enhver Trojan Service og registeroppføringene den finner deretter be deg om å trykke en tast for å starte på nytt.
Trykk på en tast og det vil starte PC.
Når PC-en starter Fixtool vil kjøre igjen og fullføre fjerningen deretter vise Ferdig, Trykker på en tast for å avslutte skriptet og laste desktop ikoner.
Når skrivebordsikonene laste SDFix rapporten åpnes på skjermen, og også lagre i SDFix mappen som Report.txt
(Report.txt vil også bli kopiert til utklippstavlen).
Legger innholdet i Report.txt i ditt neste innlegg.

----------

Last ned Combofix av ubåter fra én av de nedenfor koblinger.
(Prøv alle tre om nødvendig)

Viktig! Combofix.exe MÅ lagres til og løp fra Desktop.

Lukk alle åpne weblesere. (Firefox, Internet Explorer, osv.) før Combofix.
Viktig! Midlertidig deaktivere din antivirus, script blocking og eventuelle antispyware sanntid beskyttelse før utføre en skanning.
- Klikk denne koblingen å se en liste over sikkerhetsprogrammer som skal være deaktivert og hvordan du deaktiverer dem.
- Hvis din ikke er oppført og du ikke vet hvordan du deaktivere den, kan du spørre.
Advarsel: Combofix kobler maskinen fra Internett. Forbindelsen er automatisk gjenopprettet før Combofix fullfører sin kjøre.
Dobbeltklikk combofix.exe og følg instruksjonene.
- Fra tastaturet velger 1 og trykk Angi
Når du er ferdig, vil den produsere en logg for deg.
Post denne loggen i din neste svaret.

Advarsel: Ikke mouseclick combofix's vinduet mens den kjører. Det kan føre til stall

Hvis Combofix kjører i vanskelighetsgrad og avsluttes tidlig, forbindelsen kan manuelt gjenopprettes ved å starte datamaskinen på nytt.
Viktig: Husk å aktivere din antivirus og antispyware før Kobler til på nytt til Internett.

----------

HJT Uninstall listen

Åpne HijackThis> Klikk "Misc Tools Section"
Klikk "Åpne Uninstall Manager".
Klikk "Save List".
Lagre den på skrivebordet ditt.
Kopier innholdet i filen til neste svar.

----------

Neste innlegg kan du legge
SDFix logg
Combofix log
Uninstall listen

**christine154** · #8 23. Feb 2008, 05:03

liten problem gjorde alt hva du spurt med sdfix logge men noware til funnet loggen som er? Jeg kan fortelle deg det fant ingen trojons her er den andre lister
avinstallere listen
Acer eAcoustics Management
Acer eLock Management
Acer Styrke Technology
Acer ePerformance Management
Ad-Aware 2007
Adobe Flash Player 9 ActiveX
Adobe Flash Player ActiveX
Adobe Flash Player Plugin
Adobe Reader 8.1.2
Apple Software Update
AVG 7.5
Nettleser Optimizer Adssite
BT Yahoo! Programmer
BT Yahoo! TrueSwitch Wizard
CCleaner (fjern bare)
kommersiell
ContextAdvisor
Craft Robo Controller
Create-A-Face 3.2
Cricut DesignStudio
Ekstrautstyr Nettleser Verktøy Rightonadz
Galaxy av Brain Games
Graphtec DesignMaster Web (C: \ Graphtec DesignMaster Web)
High Definition Audio Driver Package - KB888111
HijackThis 2.0.2
Hurtigreparasjon for Windows Media Format 11 SDK (KB929399)
Hurtigreparasjon for Windows Media Player 11 (KB939683)
Hurtigreparasjonen for Windows XP (KB893357)
Hurtigreparasjonen for Windows XP (KB896256)
Hurtigreparasjonen for Windows XP (KB906569)
Hurtigreparasjonen for Windows XP (KB914440)
Hurtigreparasjonen for Windows XP (KB915865)
Hurtigreparasjonen for Windows XP (KB926239)
Hurtigreparasjonen for Windows XP (KB935448)
HP Photo and Imaging 2.0 - All-in-One
HP Photo and Imaging 2.0 - All-in-One Drivers
HP Photo and Imaging 2.0 - HP PSC 1200-serien
HP Produkt Detection
HP PSC 1200-serien
J2SE Runtime Environment 5.0 Update 6
Java (TM) 6 Update 3
Java (TM) 6 Update 4
King Kong Capture (fjern bare)
Learn2 Player (Uninstall Only)
MAX Console
Microsoft. NET Framework 1.1
Microsoft. NET Framework 1.1
Microsoft. NET Framework 1.1 Hotfix (KB928366)
Microsoft. NET Framework 2.0
Microsoft Komprimeringsfeil Kundekommentarer Pack 1.0 for Windows XP
Microsoft internasjonalt domenenavn Mitigation APIene
Microsoft National Language Support Downlevel APIene
Microsoft Office XP Standard for studenter og lærere
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C + + 2005 Redistributable
Mozilla Firefox (2.0.0.12)
NTI Backup NOW! 4
NTI CD & DVD-Maker
NVIDIA Drivers
OCA Kundekommentarer historie verktøyet installert
Olympus CAMEDIA Master 4.0
Paint Shop Pro 7 Anniversary Edition
PowerDVD
QuickTime
RealPlayer Basic
Realtek High Definition Audio Driver
Robo Master
Sikkerhetsoppdatering for CAPICOM (KB931906)
Sikkerhetsoppdatering for CAPICOM (KB931906)
Sikkerhetsoppdatering for Step By Step Interactive Training (KB898458)
Sikkerhetsoppdatering for Windows Internet Explorer 7 (KB938127)
Sikkerhetsoppdatering for Windows Internet Explorer 7 (KB942615)
Sikkerhetsoppdatering for Windows Internet Explorer 7 (KB944533)
Sikkerhetsoppdatering for Windows Media Player (KB911564)
Sikkerhetsoppdatering for Windows Media Player 11 (KB936782)
Sikkerhetsoppdatering for Windows Media Player 6.4 (KB925398)
Sikkerhetsoppdatering for Windows Media Player 9 (KB936782)
Sikkerhetsoppdatering for Windows XP (KB883939)
Sikkerhetsoppdatering for Windows XP (KB890046)
Sikkerhetsoppdatering for Windows XP (KB893756)
Sikkerhetsoppdatering for Windows XP (KB896358)
Sikkerhetsoppdatering for Windows XP (KB896422)
Sikkerhetsoppdatering for Windows XP (KB896423)
Sikkerhetsoppdatering for Windows XP (KB896424)
Sikkerhetsoppdatering for Windows XP (KB896428)
Sikkerhetsoppdatering for Windows XP (KB899587)
Sikkerhetsoppdatering for Windows XP (KB899588)
Sikkerhetsoppdatering for Windows XP (KB899589)
Sikkerhetsoppdatering for Windows XP (KB899591)
Sikkerhetsoppdatering for Windows XP (KB900725)
Sikkerhetsoppdatering for Windows XP (KB901017)
Sikkerhetsoppdatering for Windows XP (KB901190)
Sikkerhetsoppdatering for Windows XP (KB901214)
Sikkerhetsoppdatering for Windows XP (KB902400)
Sikkerhetsoppdatering for Windows XP (KB903235)
Sikkerhetsoppdatering for Windows XP (KB904706)
Sikkerhetsoppdatering for Windows XP (KB905414)
Sikkerhetsoppdatering for Windows XP (KB905749)
Sikkerhetsoppdatering for Windows XP (KB905915)
Sikkerhetsoppdatering for Windows XP (KB908519)
Sikkerhetsoppdatering for Windows XP (KB908531)
Sikkerhetsoppdatering for Windows XP (KB911562)
Sikkerhetsoppdatering for Windows XP (KB911567)
Sikkerhetsoppdatering for Windows XP (KB911927)
Sikkerhetsoppdatering for Windows XP (KB912812)
Sikkerhetsoppdatering for Windows XP (KB912919)
Sikkerhetsoppdatering for Windows XP (KB913433)
Sikkerhetsoppdatering for Windows XP (KB913446)
Sikkerhetsoppdatering for Windows XP (KB913580)
Sikkerhetsoppdatering for Windows XP (KB914388)
Sikkerhetsoppdatering for Windows XP (KB914389)
Sikkerhetsoppdatering for Windows XP (KB917344)
Sikkerhetsoppdatering for Windows XP (KB918118)
Sikkerhetsoppdatering for Windows XP (KB919007)
Sikkerhetsoppdatering for Windows XP (KB920213)
Sikkerhetsoppdatering for Windows XP (KB920670)
Sikkerhetsoppdatering for Windows XP (KB920683)
Sikkerhetsoppdatering for Windows XP (KB920685)
Sikkerhetsoppdatering for Windows XP (KB921503)
Sikkerhetsoppdatering for Windows XP (KB922819)
Sikkerhetsoppdatering for Windows XP (KB923191)
Sikkerhetsoppdatering for Windows XP (KB923414)
Sikkerhetsoppdatering for Windows XP (KB923980)
Sikkerhetsoppdatering for Windows XP (KB924270)
Sikkerhetsoppdatering for Windows XP (KB924496)
Sikkerhetsoppdatering for Windows XP (KB924667)
Sikkerhetsoppdatering for Windows XP (KB925902)
Sikkerhetsoppdatering for Windows XP (KB926255)
Sikkerhetsoppdatering for Windows XP (KB926436)
Sikkerhetsoppdatering for Windows XP (KB927779)
Sikkerhetsoppdatering for Windows XP (KB927802)
Sikkerhetsoppdatering for Windows XP (KB928255)
Sikkerhetsoppdatering for Windows XP (KB928843)
Sikkerhetsoppdatering for Windows XP (KB929123)
Sikkerhetsoppdatering for Windows XP (KB930178)
Sikkerhetsoppdatering for Windows XP (KB931261)
Sikkerhetsoppdatering for Windows XP (KB931784)
Sikkerhetsoppdatering for Windows XP (KB932168)
Sikkerhetsoppdatering for Windows XP (KB933729)
Sikkerhetsoppdatering for Windows XP (KB935839)
Sikkerhetsoppdatering for Windows XP (KB935840)
Sikkerhetsoppdatering for Windows XP (KB936021)
Sikkerhetsoppdatering for Windows XP (KB937894)
Sikkerhetsoppdatering for Windows XP (KB938127)
Sikkerhetsoppdatering for Windows XP (KB938829)
Sikkerhetsoppdatering for Windows XP (KB941202)
Sikkerhetsoppdatering for Windows XP (KB941568)
Sikkerhetsoppdatering for Windows XP (KB941569)
Sikkerhetsoppdatering for Windows XP (KB941644)
Sikkerhetsoppdatering for Windows XP (KB942615)
Sikkerhetsoppdatering for Windows XP (KB943055)
Sikkerhetsoppdatering for Windows XP (KB943460)
Sikkerhetsoppdatering for Windows XP (KB943485)
Sikkerhetsoppdatering for Windows XP (KB944653)
Sikkerhetsoppdatering for Windows XP (KB946026)
Sound'Em 1.0
Spybot - Search & Destroy
SUPERAntiSpyware Free Edition
Sure Cuts mye 1,004
Oppdatering for Windows XP (KB894391)
Oppdatering for Windows XP (KB896727)
Oppdatering for Windows XP (KB898461)
Oppdatering for Windows XP (KB900485)
Oppdatering for Windows XP (KB904942)
Oppdatering for Windows XP (KB910437)
Oppdatering for Windows XP (KB911280)
Oppdatering for Windows XP (KB912945)
Oppdatering for Windows XP (KB916595)
Oppdatering for Windows XP (KB920872)
Oppdatering for Windows XP (KB922120)
Oppdatering for Windows XP (KB922582)
Oppdatering for Windows XP (KB927891)
Oppdatering for Windows XP (KB930916)
Oppdatering for Windows XP (KB938828)
Oppdatering for Windows XP (KB942763)
Oppdatering for Windows XP (KB942840)
USB2.0 PC Camera (SN9C201 & 202)
Viewpoint Media Player
Windows Driver Package - Advanced Micro Devices (AmdK8) Prosessor (05/27/2006 1.3.2.0)
Windows Driver Package - FTDI CDM Driver Package (06/27/2007 2.02.04)
Windows Driver Package - FTDI CDM Driver Package (06/27/2007 2.02.04)
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows XP Hotfix - KB867282
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB884020
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885295
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885884
Windows XP hurtigreparasjon - kb886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890047
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB890923
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893086
ZoneAlarm
ZoneAlarm Spy Blocker

combofix log
ComboFix 08-02-23.2 - Christine 2008-02-23 11:39:25.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.294 [GMT 0:00]
Running from: C: \ Documents and Settings \ Christine \ Skrivebord \ ComboFix.exe
* Opprettet et nytt gjenopprettingspunkt
ADVARSEL-Denne maskinen har ikke gjenopprettingskonsollen INSTALLERT!
.
((((((((((((((((((((((((((((((((((((((( Other slettingene ))))))))) ))))))))))))))))))))))))))))))))))))))))
.
C: \ Documents and Settings \ All Users \ Application Data \ Microsoft \ Network \ Downloader \ qmgr0.dat
C: \ Documents and Settings \ All Users \ Application Data \ Microsoft \ Network \ Downloader \ qmgr1.dat
----- BITS: Possible infiserte nettsteder -----
hxxp: / / au.download.windowsupdate
.
((((((((((((((((((((((((( Files Created fra 2008-01-23 til 2008-02-23 ))))))))))) ))))))))))))))))))))
.
2008-02-23 11:29. 2008-02-23 11:29 <DIR> d -------- C: \ WINDOWS \ ERUNT
2008-02-23 10:42. 2008-02-23 11:36 <DIR> d -------- C: \ SDFix
2008-02-23 09:01. 2008-02-23 09:14 <DIR> d -------- C: \ Programfiler \ SUPERAntiSpyware
2008-02-23 09:01. 2008-02-23 09:01 <DIR> d -------- C: \ Documents and Settings \ Christine \ Application Data \ SUPERAntiSpyware.com
2008-02-23 09:01. 2008-02-23 09:01 <DIR> d -------- C: \ Documents and Settings \ All Users \ Application Data \ SUPERAntiSpyware.com
2008-02-23 08:59. 2008-02-23 08:59 <DIR> d -------- C: \ Programfiler \ CCleaner
2008-02-22 23:07. 2008-02-22 23:07 <DIR> d -------- C: \ Programfiler \ Apple Software Update
2008-02-22 23:07. 2008-02-22 23:07 <DIR> d -------- C: \ Documents and Settings \ All Users \ Application Data \ Apple Computer
2008-02-22 23:07. 2008-02-22 23:07 <DIR> d -------- C: \ Documents and Settings \ All Users \ Application Data \ Apple
2008-02-19 22:23. 2008-02-20 21:13 <DIR> d -------- C: \ Programfiler \ FBrowsingAdvisor
2008-02-19 22:23. 2008-02-19 22:27 <DIR> d -------- C: \ Programfiler \ FBrowserAdvisor
2008-02-19 22:23. 2008-02-23 03:45 <DIR> d -------- C: \ Programfiler \ ContextAdvisor
2008-02-19 22:11. 2008-02-19 22:36 <DIR> d -------- C: \ Programfiler \ LimeWire
2008-02-19 22:11. 2008-02-19 22:26 <DIR> d -------- C: \ Documents and Settings \ Christine \ Application Data \ LimeWire
2008-02-19 21:11. 2008-02-19 21:11 <DIR> d -------- C: \ Programfiler \ Cricut Software
2008-02-16 23:34. 2008-02-16 23:34 <DIR> d -------- C: \ Programfiler \ TrueSwitch
2008-02-16 23:34. 2008-02-16 23:34 <DIR> d -------- C: \ Documents and Settings \ Christine \ Application Data \ TrueSwitch
2008-02-16 23:33. 2008-02-23 11:37 <DIR> d -------- C: \ Programfiler \ TrueSwitchBTYahoo
2008-02-16 04:57. 2008-02-16 04:57 <DIR> d -------- C: \ Programfiler \ Fellesfiler \ Aladdin Delt
2008-02-15 18:47. 2008-02-22 22:32 <DIR> d -------- C: \ Documents and Settings \ Christine \ Application Data \ Yahoo!
2008-02-15 18:44. 2008-02-15 18:51 <DIR> d -------- C: \ Documents and Settings \ All Users \ Application Data \ Yahoo!
2008-02-15 18:44. 2002-02-21 18:56 24.576 - en ------ C: \ WINDOWS \ system32 \ msxml3a.dll
2008-02-15 18:43. 2002-01-05 06:18 84.992 - en ------ C: \ WINDOWS \ system32 \ ATL70.DLL
2008-02-15 18:43. 2001-10-11 11:26 65.536 - en ------ C: \ WINDOWS \ system32 \ YCRWin32.dll
2008-02-15 16:28. 2008-02-15 16:28 <DIR> d -------- C: \ Documents and Settings \ All Users \ Application Data \ Citrix
2008-02-15 16:27. 2008-02-15 16:27 61.480 - en ------ C: \ Documents and Settings \ Christine \ GoToAssistDownloadHelper.exe
2008-02-14 15:06. 2008-02-14 15:12 <DIR> d -------- C: \ WINDOWS \ SxsCaPendDel
2008-02-14 13:38. 2008-02-14 13:38 <DIR> d -------- C: \ Documents and Settings \ All Users \ Application Data \ Olympus
2008-02-14 13:37. 2008-02-14 13:37 <DIR> d -------- C: \ Programfiler \ Olympus
2008-02-08 18:04. 2008-02-08 18:24 <DIR> d -------- C: \ temp \ AOL
2008-02-08 11:34. 2008-02-08 11:34 <DIR> d -------- C: \ Documents and Settings \ Christine \ Application Data \ ArcSoft
2008-02-07 16:55. 2008-02-07 16:55 <DIR> d -------- C: \ Programfiler \ Fellesfiler \ Scanner
2008-02-07 16:11. 2008-02-15 09:05 10 - en ------ C: \ WINDOWS \ msoffice.ini
2008-02-07 16:02. 2008-02-07 18:18 <DIR> d -------- C: \ WINDOWS \ Occache
2008-02-07 16:02. 2008-02-07 16:02 <DIR> d -------- C: \ Programfiler \ Learn2.com
2008-02-07 16:02. 2008-02-08 18:09 <DIR> d -------- C: \ Programfiler \ Fellesfiler \ aolback
2008-02-07 16:02. 2008-02-07 16:02 <DIR> d -------- C: \ Documents and Settings \ Christine \ Application Data \ har du Pictures Screensaver
2008-02-07 16:02. 2007-10-11 05:57 1.498.112 - en ------ C: \ WINDOWS \ system32 \ shdocvw.bak
2008-02-07 16:02. 1998-06-26 00:00 644.400 - en ------ C: \ WINDOWS \ system32 \ MSComCt2.ocx
2008-02-07 16:02. 2000-05-22 00:00 203.976 - en ------ C: \ WINDOWS \ system32 \ RichTx32.ocx
2008-02-07 16:02. 1998-06-24 00:00 115.016 - en ------ C: \ WINDOWS \ system32 \ MSInet.ocx
2008-02-07 16:02. 2001-11-21 10:15 102.400 - en ------ C: \ WINDOWS \ system32 \ SimpleRegistry.dll
2008-02-07 16:02. 1999-04-17 01:06 10.752 - en ------ C: \ WINDOWS \ system32 \ aamd532.dll
2008-02-07 16:02. 2008-02-08 18:10 719 - en ------ C: \ WINDOWS \ aolback.exe.lnk
2008-02-07 16:01. 2008-02-22 23:08 <DIR> d -------- C: \ Programfiler \ QuickTime
2008-02-07 16:01. 2008-02-07 16:01 <DIR> d -------- C: \ Programfiler \ Fellesfiler \ Real
2008-02-07 16:01. 2008-02-07 16:01 <DIR> d -------- C: \ Min musikk
2008-02-07 16:01. 2008-02-07 16:01 <DIR> d -------- C: \ Documents and Settings \ All Users \ Application Data \ QuickTime
2008-02-07 16:01. 2008-02-07 16:01 24.576 - en ------ C: \ WINDOWS \ system32 \ prefscpl.cpl
2008-02-07 16:01. 2008-02-07 16:01 8.552 - en ------ C: \ WINDOWS \ system32 \ drivers \ asctrm.sys
2008-02-07 16:00. 2005-05-12 12:36 29.184 - en ------ C: \ WINDOWS \ system32 \ popup.ocx
2008-02-07 15:45. 2008-02-22 18:50 <DIR> d - h ----- C: \ temp
2008-02-06 15:32. 2008-02-06 15:13 19.558 --------- C: \ WINDOWS \ hpoins01.dat.temp
2008-02-06 15:32. 2006-09-27 19:24 16.606 --------- C: \ WINDOWS \ hpomdl01.dat.temp
2008-02-06 15:16. 2008-02-23 10:46 526 - en ------ C: \ hpfr3420.xml
2008-02-06 15:14. 2008-02-06 15:14 <DIR> d -------- C: \ Documents and Settings \ Christine \ Application Data \ Hewlett-Packard
2008-02-06 15:12. 2008-02-06 15:12 <DIR> d -------- C: \ Programfiler \ Fellesfiler \ Hewlett-Packard
2008-02-06 15:10. 2008-02-06 15:11 <DIR> d -------- C: \ Programfiler \ Hewlett-Packard
2008-02-06 15:10. 2006-09-27 19:23 233.528-ra ------ C: \ WINDOWS \ system32 \ HPZidr12.dll
2008-02-06 15:10. 2006-09-27 19:23 167.936-ra ------ C: \ WINDOWS \ system32 \ HPZipr12.dll
2008-02-06 15:10. 2006-09-27 19:23 94.208-ra ------ C: \ WINDOWS \ system32 \ HPZipt12.dll
2008-02-06 15:10. 2006-09-27 19:23 65.795-ra ------ C: \ WINDOWS \ system32 \ HPZipm12.exe
2008-02-06 15:10. 2006-09-27 19:23 61.699-ra ------ C: \ WINDOWS \ system32 \ HPZinw12.exe
2008-02-06 15:10. 2006-09-27 19:23 57.344-ra ------ C: \ WINDOWS \ system32 \ HPZisn12.dll
2008-02-06 15:10. 2006-09-27 19:23 51.024-ra ------ C: \ WINDOWS \ system32 \ drivers \ hpzid412.sys
2008-02-06 15:10. 2006-09-27 19:23 16.080-ra ------ C: \ WINDOWS \ system32 \ drivers \ HPZipr12.sys
2008-02-06 15:09. 2006-09-27 19:24 237.568-ra ------ C: \ WINDOWS \ system32 \ HPZc3212.dll
2008-02-06 15:09. 2006-09-27 19:23 21.456-ra ------ C: \ WINDOWS \ system32 \ drivers \ HPZius12.sys
2008-02-06 15:07. 2008-02-06 15:13 19.558 --------- C: \ WINDOWS \ hpoins01.dat
2008-02-06 15:07. 2006-09-27 19:24 16.606 --------- C: \ WINDOWS \ hpomdl01.dat
2008-02-06 14:21. 2008-02-06 14:21 <DIR> d -------- C: \ Programfiler \ HP
2008-02-06 08:52. 2008-02-06 08:52 <DIR> d -------- C: \ Programfiler \ Craft Edge
2008-02-04 14:52. 2008-02-04 14:52 <DIR> d -------- C: \ Programfiler \ Windows Media Connect 2
2008-02-04 14:50. 2008-02-04 14:50 <DIR> d -------- C: \ WINDOWS \ system32 \ LogFiles
2008-02-04 14:50. 2008-02-04 14:51 <DIR> d -------- C: \ WINDOWS \ system32 \ drivers \ UMDF
2008-02-03 14:37. 1995-08-01 04:44 212.480 - en ------ C: \ WINDOWS \ PCDLIB32.DLL
2008-02-03 14:37. 2003-09-19 15:45 21.248 - en ------ C: \ WINDOWS \ system32 \ drivers \ pfc.sys
2008-02-03 14:35. 2008-02-03 14:35 <DIR> d -------- C: \ Programfiler \ Fellesfiler \ snp2std
2008-02-03 14:35. 2005-09-21 13:31 8.816.128 - en ------ C: \ WINDOWS \ system32 \ drivers \ snp2sxp.sys
2008-02-03 14:34. 2005-10-03 11:23 20.480 --------- C: \ WINDOWS \ CameraFixer.exe
2008-02-02 23:31. 2004-08-03 23:07 59.264 - en ------ C: \ WINDOWS \ system32 \ drivers \ USBAUDIO.sys
2008-02-02 23:31. 2004-08-03 23:07 59.264 - a - c --- C: \ WINDOWS \ system32 \ dllcache \ usbaudio.sys
2008-02-02 15:14. 2008-02-04 09:26 147 - en ------ C: \ WINDOWS \ fcp5.cfg
2008-02-02 11:39. 2008-02-02 11:39 <DIR> d -------- C: \ Programfiler \ Jasc Software Inc
2008-02-01 01:09. 2007-03-20 19:33 43.520 - en ------ C: \ WINDOWS \ system32 \ libusb0.dll
2008-02-01 01:09. 2007-03-20 19:33 28.672 - en ------ C: \ WINDOWS \ system32 \ drivers \ libusb0.sys
2008-02-01 01:04. 2008-02-10 08:07 <DIR> d -------- C: \ Documents and Settings \ admin \ Application Data \ AOL
2008-02-01 01:03. 2008-02-10 08:08 <DIR> d -------- C: \ Documents and Settings \ admin \ Application Data \ AVG7
2008-01-31 23:13. 2008-01-31 23:13 90.112 - en ------ C: \ WINDOWS \ system32 \ QuickTimeVR.qtx
2008-01-31 23:13. 2008-01-31 23:13 57.344 - en ------ C: \ WINDOWS \ system32 \ QuickTime.qts
2008-01-28 05:24. 2007-06-27 21:10 202.048 - en ------ C: \ WINDOWS \ system32 \ ftd2xx.dll
2008-01-28 05:24. 2007-06-27 21:10 111.936 - en ------ C: \ WINDOWS \ system32 \ ftbusui.dll
2008-01-28 05:24. 2007-06-27 21:10 107.840 - en ------ C: \ WINDOWS \ system32 \ FTLang.dll
2008-01-28 05:24. 2007-06-27 21:04 71.488 - en ------ C: \ WINDOWS \ system32 \ drivers \ ftser2k.sys
2008-01-28 05:24. 2007-06-27 21:05 53.184 - en ------ C: \ WINDOWS \ system32 \ drivers \ ftdibus.sys
2008-01-28 05:24. 2007-06-27 21:06 47.432 - en ------ C: \ WINDOWS \ system32 \ ftserui2.dll
2008-01-27 08:28. 2008-01-27 08:28 268 - ah ----- C: \ sqmdata19.sqm
2008-01-27 08:28. 2008-01-27 08:28 244 - ah ----- C: \ sqmnoopt19.sqm
2008-01-26 07:27. 2008-02-03 15:52 268 - ah ----- C: \ sqmdata18.sqm
2008-01-26 07:27. 2008-02-03 15:52 244 - ah ----- C: \ sqmnoopt18.sqm
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))) ))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-23 11:40 15.783.968 - SHA-w C: \ WINDOWS \ system32 \ drivers \ fidbox.dat
2008-02-23 11:25 185.732 - SHA-w C: \ WINDOWS \ system32 \ drivers \ fidbox.idx
2008-02-23 10:52 --------- d ----- w C: \ Documents and Settings \ Christine \ Application Data \ AVG7
2008-02-23 09:01 --------- d ----- w C: \ Programfiler \ Fellesfiler \ Wise Installation Wizard
2008-02-22 23:12 --------- d ----- w C: \ Programfiler \ Java
2008-02-15 18:47 --------- d ----- w C: \ Programfiler \ Yahoo!
2008-02-15 09:41 --------- d - h - w C: \ Programfiler \ InstallShield Installasjonsinformasjon
2008-02-15 09:36 --------- d ----- w C: \ Programfiler \ Fellesfiler \ AOL
2008-02-15 09:06 --------- d ----- w C: \ Documents and Settings \ Christine \ Application Data \ AOL
2008-02-15 09:06 --------- d ----- w C: \ Documents and Settings \ All Users \ Application Data \ AOL
2008-02-14 15:07 --------- d ----- w C: \ Programfiler \ Fellesfiler \ Adobe
2008-02-07 16:23 --------- dcsh - w C: \ Programfiler \ Fellesfiler \ WindowsLiveInstaller
2008-02-07 16:23 --------- d ----- w C: \ Programfiler \ Google Toolbar
2008-02-05 12:00 --------- d ----- w C: \ Programfiler \ Craft Robo Controller
2008-02-05 11:59 --------- d ----- w C: \ Programfiler \ Robo Master
2008-02-04 13:06 --------- d ----- w C: \ Documents and Settings \ All Users \ Application Data \ WLInstaller
2008-02-03 15:21 --------- d ----- w C: \ Documents and Settings \ All Users \ Application Data \ avg7
2008-01-28 05:24 --------- d ----- w C: \ Programfiler \ DIFX
2008-01-23 00:41 5.607 ---- aw C: \ WINDOWS \ ~ GLH0000.TMP
2008-01-23 00:41 137.504 ---- aw C: \ WINDOWS \ ~ GLC0000.TMP
2008-01-22 03:55 --------- d ----- w C: \ Documents and Settings \ Christine \ Application Data \ InstallShield
2008-01-22 02:21 --------- d ----- w C: \ Programfiler \ eGames
2008-01-22 00:01 --------- d ----- w C: \ Documents and Settings \ Christine \ Application Data \ Cyberlink
2008-01-21 22:27 --------- d ----- w C: \ Documents and Settings \ Christine \ Application Data \ Avocent AdminWorks
2008-01-21 22:27 --------- d ----- w C: \ Documents and Settings \ All Users \ Application Data \ Avocent AdminWorks
2008-01-21 21:28 --------- d ----- w C: \ Documents and Settings \ All Users \ Application Data \ Cyberlink
2008-01-21 07:06 171.520 ---- aw C: \ WINDOWS \ Internet Logs \ xDB1.tmp
2008-01-21 01:58 --------- d ----- w C: \ Documents and Settings \ All Users \ Application Data \ Spybot - Search & Destroy
2008-01-21 01:33 --------- d ----- w C: \ Documents and Settings \ All Users \ Application Data \ Lavasoft
2008-01-21 01:32 --------- d ----- w C: \ Programfiler \ Lavasoft
2008-01-20 19:42 --------- d ----- w C: \ Programfiler \ Microsoft ActiveSync
2008-01-20 05:50 --------- d ----- w C: \ Documents and Settings \ Christine \ Application Data \ AdobeUM
2008-01-20 02:46 --------- d ----- w C: \ Programfiler \ King Kong Software
2008-01-20 02:45 --------- d ----- w C: \ Programfiler \ Create-A-Face 3.2
2008-01-20 02:15 --------- d ----- w C: \ Programfiler \ GRAPHTEC
2008-01-20 02:05 --------- d ----- w C: \ Programfiler \ ZoneAlarmSB
2008-01-20 02:04 --------- d ----- w C: \ Documents and Settings \ All Users \ Application Data \ MailFrontier
2008-01-20 02:03 --------- d ----- w C: \ Programfiler \ Zone Labs
2008-01-20 01:51 --------- d ----- w C: \ Programfiler \ Microsoft CAPICOM 2.1.0.2
2008-01-19 16:48 --------- d ----- w C: \ Programfiler \ Spybot - Search & Destroy
2008-01-19 16:33 --------- d ----- w C: \ Programfiler \ Real
2008-01-19 14:46 --------- d ----- w C: \ Documents and Settings \ All Users \ Application Data \ Yahoo! Companion
2008-01-19 14:45 --------- d ----- w C: \ Programfiler \ Fellesfiler \ Nullsoft
2008-01-19 14:44 --------- d ----- w C: \ Program Files \ Viewpoint
2008-01-19 14:44 --------- d ----- w C: \ Documents and Settings \ All Users \ Application Data \ Viewpoint
2008-01-19 14:34 --------- d ----- w C: \ Documents and Settings \ LocalService \ Application Data \ AVG7
2008-01-19 14:34 --------- d ----- w C: \ Documents and Settings \ All Users \ Application Data \ Grisoft
2008-01-19 14:32 --------- d ----- w C: \ Documents and Settings \ All Users \ Application Data \ AOL Nedlastinger
2008-01-19 14:29 --------- d ----- w C: \ Programfiler \ Fellesfiler \ Symantec Shared
2008-01-19 14:29 --------- d ----- w C: \ Documents and Settings \ All Users \ Application Data \ Symantec
2008-01-19 14:09 --------- d ----- w C: \ Program Files \ Acer
2008-01-19 14:02 --------- d ----- w C: \ Programfiler \ Fellesfiler \ Java
2007-12-21 14:39 10.752 ---- aw C: \ WINDOWS \ system32 \ WhoisCL.exe
2007-12-14 19:32 12.632 ---- aw C: \ WINDOWS \ system32 \ lsdelete.exe
2007-12-07 02:21 824.832 ---- aw C: \ WINDOWS \ system32 \ Wininet.dll
2007-12-04 18:38 550.912 ------ w C: \ WINDOWS \ system32 \ Oleaut32.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))) ))))))))))))))))))))))))))))))))))))))))
.
.
* Note * empty entries & legit default entries ikke vises
REGEDIT4
[HKEY_LOCAL_MACHINE \ ~ \ Browser Helper Objects \ (87E68009-29A8-D669-F7C2-B31D08635C50)]
2007-12-30 20:48 1019904 - en ------ C: \ Programfiler \ ContextAdvisor \ ContextAdvisor-3.dll
[HKEY_LOCAL_MACHINE \ ~ \ Browser Helper Objects \ (F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA)]
2008-01-20 02:05 262144 - en ------ C: \ Programfiler \ ZoneAlarmSB \ bar \ 1.bin \ SPYBLOCK.DLL
[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Internet Explorer \ Toolbar]
(EF99BD32-C1FB-11D2-892F-0090271D4F88)
(F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA)
[HKEY_CLASSES_ROOT \ CLSID \ (f0d4b239-da4b-4daf-81e4-dfee4931a4aa)]
[HKEY_CURRENT_USER \ Software \ Microsoft \ Internet Explorer \ Toolbar \ WebBrowser]
"(F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA)" = C: \ Programfiler \ ZoneAlarmSB \ bar \ 1.bin \ SPYBLOCK.DLL [2008-01-20 02:05 262144]
[HKEY_CLASSES_ROOT \ CLSID \ (f0d4b239-da4b-4daf-81e4-dfee4931a4aa)]
[HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ Curre ntVersion \ Run]
"Ctfmon.exe" = "C: \ WINDOWS \ system32 \ Ctfmon.exe" [2004-08-04 05:00 15360]
"MsnMsgr" = "C: \ Programfiler \ Windows Live \ Messenger \ MsnMsgr.exe" []
"MSMSGS" = "C: \ Programfiler \ Messenger \ msmsgs.exe" [2004-10-13 16:24 1694208]
"Yahoo! Personsøker" = "C: \ progra ~ 1 \ Yahoo! \ Messen ~ 1 \ YAHOOM ~ 1.exe" [2007-08-30 17:43 4670704]
"SUPERAntiSpyware" = "C: \ Programfiler \ SUPERAntiSpyware \ SUPERAntiSpyware.exe" [2007-06-21 14:06 1318912]
[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Run]
"LaunchApp" = "Alaunch" []
"NvCplDaemon" = "C: \ WINDOWS \ system32 \ NvCpl.dll" [2006-07-11 22:19 7626752]
"nwiz" = "nwiz.exe" [2006-07-11 22:19 1519616 C: \ WINDOWS \ system32 \ nwiz.exe]
"RTHDCPL" = "RTHDCPL.EXE" [2006-06-01 00:48 16208384 C: \ WINDOWS \ RTHDCPL.exe]
"SkyTel" = "SkyTel.EXE" [2006-05-16 02:04 2879488 C: \ WINDOWS \ SkyTel.exe]
"ntiMUI" = "c: \ Program Files \ NewTech Infosystems \ NTI CD & DVD-Maker 7 \ ntiMUI.exe" [2005-05-12 00:15 45056]
"RemoteControl" = "C: \ Program Files \ Cyberlink \ PowerDVD \ PDVDServ.exe" [2004-11-03 03:24 32768]
"IMJPMIG8.1" = "C: \ WINDOWS \ IME \ imjp8_1 \ IMJPMIG.e XE" [2004-08-04 05:00 208952]
"IMEKRMIG6.1" = "C: \ WINDOWS \ IME \ imkr6_1 \ IMEKRMIG.EXE" [2004-08-04 05:00 44032]
"MSPY2002" = "C: \ WINDOWS \ system32 \ IME \ PINTLGNT \ ImScI nst.exe" [2004-08-04 05:00 59392]
"PHIME2002ASync" = "C: \ WINDOWS \ system32 \ IME \ TINTLGNT \ TINTSETP.exe" [2004-08-04 05:00 455168]
"PHIME2002A" = "C: \ WINDOWS \ system32 \ IME \ TINTLGNT \ TIN TSETP.exe" [2004-08-04 05:00 455168]
"NvMediaCenter" = "C: \ WINDOWS \ system32 \ NvMcTray. Dll" [2006-07-11 22:19 86016]
"SunJavaUpdateSched" = "C: \ Programfiler \ Java \ jre1.6.0_04 \ bin \ jusched.exe" [2007-12-14 03:42 144784]
"Acer Styrke Technology Monitor" = "C: \ WINDOWS \ system32 \ SysMonitor.exe" [2006-04-19 03:54 49152]
"eLockMonitor" = "C: \ Acer \ Styrke Technology \ eLock \ Monitor \ LaunchMonitor.exe" [2006-03-31 18:14 16384]
"eRecoveryService" = "C: \ Acer \ Styrke Technology \ eRecovery \ eRAgent.exe" [2006-06-01 22:40 413696]
"AVG7_CC" = "C: \ progra ~ 1 \ Grisoft \ AVG7 \ avgcc.exe" [2008-01-19 16:21 579072]
"ZoneAlarm Client" = "C: \ Programfiler \ Zone Labs \ ZoneAlarm \ zlclient.exe" [2007-11-15 00:05 919016]
"CameraFixer" = "C: \ WINDOWS \ CameraFixer.exe" [2005-10-03 11:23 20480]
"tsnp2std" = "C: \ WINDOWS \ tsnp2std.exe" [2005-11-03 10:12 106496]
"snp2std" = "C: \ WINDOWS \ vsnp2std.exe" [2005-08-16 21:54 339968]
"RealTray" = "C: \ Programfiler \ Real \ RealPlayer \ RealPlay.exe" [2008-02-07 16:01 26112]
"QuickTime Task" = "C: \ Programfiler \ QuickTime \ QTTask.exe" [2008-01-31 23:13 385024]
"AOLDialer" = "C: \ Programfiler \ Fellesfiler \ AOL \ ACS \ AOLDial.exe" []
"Adobe Reader Speed Launcher" = "C: \ Programfiler \ Adobe \ Reader 8.0 \ Reader \ Reader_sl.exe" [2008-01-11 22:16 39792]
"YBrowser" = "C: \ progra ~ 1 \ Yahoo! \ Browser \ ybrwicon.ex e" [2006-07-21 16:19 129536]
[HKEY_USERS \. DEFAULT \ Software \ Microsoft \ Windows \ Cur rentVersion \ Run]
"Ctfmon.exe" = "C: \ WINDOWS \ system32 \ Ctfmon.exe" [2004-08-04 05:00 15360]
"AVG7_Run" = "C: \ progra ~ 1 \ Grisoft \ AVG7 \ avgw.exe" [2008-01-19 16:21 219136]
C: \ Documents and Settings \ Christine \ Start-meny \ Programmer \ Startup
TrueAssistant.lnk - C: \ Programfiler \ TrueSwitchBTYahoo \ TrueWizard.exe [2008-02-06 15:54:00 1060864]
C: \ Documents and Settings \ All Users \ Start-meny \ Programmer \ Startup
Craft Robo Status Supervisor.lnk - C: \ Programfiler \ Craft Robo Controller \ CRSSupervisor.exe [2008-02-05 12:00:04 32768]
HP PSC 1000 series.lnk - C: \ Programfiler \ Hewlett-Packard \ Digital Imaging \ bin \ hpohmr08.exe [2003-04-09 18:21:38 147456]
hpoddt01.exe.lnk - C: \ Programfiler \ Hewlett-Packard \ Digital Imaging \ bin \ hpotdd01.exe [2003-04-09 18:11:12 28672]
Microsoft Office.lnk - C: \ Programfiler \ Microsoft Office \ Office10 \ Osa.exe [2001-02-13 10:01:04 83360]
[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows \ curr entversion \ Explorer \ shellexecutehooks]
"(5AE067D3-9AFB-48E0-853A-EBB7F4A000DA)" = C: \ Programfiler \ SUPERAntiSpyware \ SASSEH.DLL [2006-12-20 13:55 77824]
[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows NT \ CurrentVersion \ Winlogon \ Notify \! SASWinLogon]
C: \ Programfiler \ SUPERAntiSpyware \ SASWINLO.dll 2007-04-19 13:41 294912 C: \ Programfiler \ SUPERAntiSpyware \ SASWINLO.dll
[HKLM \ ~ \ startupfolder \ C: ^ Documents and Settings ^ All Users ^ Start Menu ^ Programs ^ Startup ^ Acer Styrke Technology.lnk]
path = C: \ Documents and Settings \ All Users \ Start-meny \ Programmer \ Oppstart \ Acer Styrke Technology.lnk
backup = C: \ WINDOWS \ PSS \ Acer Styrke Technology.lnkCommon Startup
[HKLM \ ~ \ startupfolder \ C: ^ Documents and Settings ^ All Users ^ Start Menu ^ Programs ^ Startup ^ Acer WLAN 11g USB Dongle.lnk]
path = C: \ Documents and Settings \ All Users \ Start-meny \ Programmer \ Oppstart \ Acer WLAN 11g USB Dongle.lnk
backup = C: \ WINDOWS \ PSS \ Acer WLAN 11g USB Dongle.lnkCommon Startup
[HKLM \ ~ \ startupfolder \ C: ^ Documents and Settings ^ All Users ^ Start Menu ^ Programs ^ Startup ^ Adobe Reader Speed Launch.lnk]
path = C: \ Documents and Settings \ All Users \ Start-meny \ Programmer \ Oppstart \ Adobe Reader Speed Launch.lnk
backup = C: \ WINDOWS \ PSS \ Adobe Reader Speed Launch.lnkCommon Startup
[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Shared Tools \ msconfig \ startupreg \ AdminWorks Skuff]
C: \ Acer \ LANScope Agent \ awtray.exe
[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Shared Tools \ msconfig \ startupreg \ eDataSecurity Loader]
C: \ Acer \ Styrke Technology \ eDataSecurity \ eDSloader.exe
[HKLM \ ~ \ Services \ sharedaccess \ Parameters \ firewallpo licy \ standardprofile]
"EnableFirewall" = 0 (0x0)
[HKLM \ ~ \ Services \ sharedaccess \ Parameters \ firewallpo licy \ standardprofile \ AuthorizedApplications \ List]
"% windir% \ \ system32 \ \ sessmgr.exe" =% windir% \ \ system32 \ \ sessmgr.exe: @ xpsp2res.dll, -22,019
"C: \ \ Programfiler \ \ Grisoft \ \ AVG7 \ \ avginet.exe" =
"C: \ \ Programfiler \ \ Grisoft \ \ AVG7 \ avgamsvr.exe" =
"C: \ \ Programfiler \ \ Grisoft \ \ AVG7 \ avgcc.exe" =
"C: \ \ Programfiler \ \ Grisoft \ \ AVG7 \ \ avgemc.exe" =
"C: \ \ Program Files \ \ AOL 9.0 VR \ \ waol.exe" =
"C: \ \ Programfiler \ \ Fellesfiler \ \ AOL \ \ TopSpeed \ \ 3.0 \ \ aoltpsd3.exe" =
"C: \ \ Programfiler \ \ Fellesfiler \ \ AOL \ \ Loader \ \ aolload.exe" =
"C: \ \ Programfiler \ \ Fellesfiler \ \ AOL \ \ System Information \ \ sinf.exe" =
"% windir% \ \ Network Diagnostic \ \ xpnetdiag.exe" =% windir% \ \ Network Diagnostic \ \ xpnetdiag.exe: @ xpsp3res.dll, -20000
"C: \ \ Programfiler \ \ Fellesfiler \ \ AOL \ \ 1200753845 \ \ ee \ \ aolsoftware.exe" =
"C: \ \ Program Files \ \ Windows Live \ \ Messenger \ \ msnmsgr.exe" =
"C: \ \ Program Files \ \ Windows Live \ \ Messenger \ \ livecall.exe" =
"C: \ \ Program Files \ \ AOL \ \ RC \ \ regClient.exe" =
"C: \ \ Programfiler \ \ Fellesfiler \ \ AOL \ \ ACS \ \ AOLAcsd.exe" =
"C: \ \ Programfiler \ \ Fellesfiler \ \ AOL \ \ ACS \ \ AOLDial.exe" =
"C: \ \ Programfiler \ \ Fellesfiler \ \ AOL \ \ 1202403305 \ \ ee \ \ aolsoftware.exe" =
"C: \ \ Program Files \ \ AOL 9.0 \ \ waol.exe" =
"C: \ \ Program Files \ \ Yahoo! \ \ Messenger \ \ YahooMessenger.exe" =
"C: \ \ Program Files \ \ Yahoo! \ \ Messenger \ \ YServer.exe" =
"C: \ \ Program Files \ \ LimeWire \ \ LimeWire.exe" =
[HKLM \ ~ \ Services \ sharedaccess \ Parameters \ firewallpo licy \ standardprofile \ GloballyOpenPorts \ List]
"1947: TCP" = 1947: TCP: HASP SRM
"1947: UDP" = 1947: UDP: HASP SRM
R0 UBHelper; UBHelper; C: \ WINDOWS \ system32 \ drivers \ UBHe lper.sys [2004-12-17 02:14]
R2 aksfridge; aksfridge; C: \ WINDOWS \ system32 \ drivers \ ak sfridge.sys [2007-03-13 04:48]
R2 eLock2BurnerLockDriver; eLock2BurnerLockDriver; C: \ W INDOWS \ system32 \ eLock2BurnerLockDriver.sys [2006-06-05 19:30]
R2 eLock2FSCTLDriver; eLock2FSCTLDriver; C: \ WINDOWS \ sys tem32 \ eLock2FSCTLDriver.sys [2006-06-07 02:36]
R2 hasplms; HASP License Manager, C: \ WINDOWS \ system32 \ hasplms.exe [2007-03-15 22:48]
R2 LockServ; LockServ; C: \ Acer \ Styrke Technology \ eLock \ LockServ.exe [2006-05-29 20:25]
R3 int15.sys; int15.sys; C: \ Acer \ Styrke Technology \ eRecovery \ int15.sys [2005-01-13 22:46]
R3 SNP2STD; USB2.0 PC Camera (SNP2STD); C: \ WINDOWS \ system32 \ drivers \ snp2sxp.sys [2005-09-21 13:31]
S3 Acer ODDSpeedControl; Acer ODDSpeedControl; "C: \ Acer \ Styrke Technology \ eAcoustics \ ODDSpeedCtl \ speedcontrol.exe" [2005-02-15 17:02]
S3 CADlink; CADlink; C: \ Graphtec DesignMaster Web \ CADlink.sys [2007-09-25 17:10]
S3 libusb0; LibUsb-Win32 - Kernel Driver, versjon 0.1.12.1, C: \ WINDOWS \ system32 \ drivers \ libusb0.sys [2007-03-20 19:33]
S3 psdfilter; psdfilter; C: \ WINDOWS \ system32 \ drivers \ ps dfilter.sys []
S3 psdvdisk; psdvdisk; C: \ WINDOWS \ system32 \ drivers \ psdv disk.sys []
S3 ZD1211BU (ZyDAS); ZyDAS ZD1211B IEEE 802.11 b + g Wireless LAN Driver (USB) (ZyDAS); C: \ WINDOWS \ system32 \ drivers \ zd1211Bu. sys []
[HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ curre ntversion \ Explorer \ mountpoints2 \ (a8054a34-c869-11dc-abff-806d6172696f)]
\ Shell \ AutoRun \ command - E: \ CDM.EXE
.
Innholdet i "Scheduled Tasks"-mappen
"2008-02-22 23:07:37 C: \ WINDOWS \ Tasks \ AppleSoftwareUpdate.job"
- C: \ Programfiler \ Apple Software Update \ SoftwareUpdate.exe
"2008-02-06 15:27:09 C: \ WINDOWS \ Tasks \ Fru Task # Hewlett-Packard # HP PSC 1200 series # 1202310815.job"
- C: \ Programfiler \ Hewlett-Packard \ Digital Imaging \ Bin \ hpqfrucl.exe4-I
.
************************************************** ************************
CatchMe 0.3.1344 W2K/XP/Vista - rootkit / skjulemodus malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-23 11:41:00
Windows 5.1.2600 Service Pack 2 NTFS
skanning skjulte prosesser ...
scanning hidden autostart entries ...
skanning skjulte filer ...
skanning er fullført
skjulte filer: 0
************************************************** ************************
.
Fullføringstidspunkt: 2008-02-23 11:41:41
ComboFix-karantene-files.txt 2008-02-23 11:41:38
.
2008-02-15 09:53:53 --- EOF ---

**evilfantasy** · #9 23 februar 2008, 12:37

Eks avinstallere

Nettleser Optimizer Adssite
kommersiell
Ekstrautstyr Nettleser Verktøy Rightonadz
J2SE Runtime Environment 5.0 Update 6
Java (TM) 6 Update 3
Viewpoint Media Player

----------

Laste ned Vundofix.exe på skrivebordet.

Dobbeltklikk VundoFix.exe å kjøre den.
Sett et merke ved siden av Kjør VundoFix som en oppgave.
Du vil motta en melding som sier vundofix vil lukke og åpne i et minutt eller mindre. Klikk OK
Når VundoFix re-åpnes, klikker du Scan for Vundo knappen.
Når det er gjort skanning, klikker du Fjern Vundo knappen.
Du vil motta en melding som spør om du vil fjerne filer, klikker JA
Når du klikker Ja, skrivebordet vil gå tom så det begynner å fjerne Vundo.
Når denne er gjennomført, vil det om at det vil avslutningsprosessen datamaskinen, klikker du OK.
Slå maskinen på igjen.
Vær innlegget innholdet i C: \vundofix.txt.

Merk: Det er mulig at VundoFix oppstått en fil den ikke kunne fjerne. I dette tilfellet VundoFix vil kjøre på omstart, følger ovennevnte instruksjoner fra "Klikk på Scan for Vundo knappen" når VundoFix vises omstart.

Gi Vundo ferdig, noen ganger kan det ta flere passerer

----------

Vennligst gå til dette innlegget å installere, skanne og lagre logger fra AVG Antispyware.

----------

Neste post
Vundofix logg
Gå til C: \ SDFix og se etter en fil kalt Report.txt og post loggen også.

**christine154** · #10 23. Feb 2008, 13:37

hi ran Vundo men jeg skrånende poste en logg som den ikke produsere en som det er sagt var det ingen infiserte filer, også kunne ikke fjerne kommersielle fra programmene kom opp feilen kan du se skjermbilde festet og jeg har Spybot installert på PCen som jeg kjøres hele tiden for spyware så jeg gjør jeg virkelig trenger å installere en annen på min PC?