gzmrotate.dll i windows\system32\

15 december, 2007

En kompis grabb som har många spel i sin dator har fått upp ett felmeddelande där gzmrotate.dll dyker upp.

Har hittat (på microsoft) att detta är ett virus och att man skall ta bort filen i msconfig.

Någon som vet om detta är korrekt?

15 december, 2007

En otrevlighet är det med stor säkerhet, men det är troligen inte bästa lösningen att avbocka den i msconfig.

Vi kan ju se om HijackThis visar rätt lösning:

http://www.trendsecure.com/portal/en-US/_download/HJTInstall.exe

Installera, kör, skanna och spara loggen (inget annat).

Klistra in loggen här.

2 januari, 2008

hej, äntligen har jag tagit tag i gzmrotate.dell problemet!

laddade ner och scannade så som du skrev till alias: scoter

så här blev mitt resultat:

tacksam för hjälp!

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 22:02:34, on 2008-01-02

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16574)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\acs.exe

C:\WINDOWS\eHome\ehRecvr.exe

C:\WINDOWS\eHome\ehSched.exe

C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe

C:\Program Files\Canon\CAL\CALMAIN.exe

C:\WINDOWS\system32\dllhost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\ehome\ehtray.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\WINDOWS\eHome\ehmsas.exe

C:\Program Files\Atheros WLAN Adapter\ACU.exe

C:\WINDOWS\RTHDCPL.EXE

C:\WINDOWS\ATK0100\HControl.exe

C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe

C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe

C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe

C:\Program Files\Common Files\TryggPCVerktyg\strpmon.exe

C:\Documents and Settings\All Users\Application Data\Skype\Plugins\Plugins\1163D2B46CC742E5A3CC9E4157887751\TalkAndWrite.exe

C:\Program Files\QuickTime\qttask.exe

C:\APPS\SMP\SmpSys.exe

C:\Program Files\MSN Messenger\MsnMsgr.Exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\ATK0100\ATKOSD.exe

C:\Program Files\DORO\Skype with Doro212 2.4\Skype with Doro212.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hotmail.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157'>http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896'>http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: Search Assistant - {1648E328-3E5A-4EA5-A9C6-E5F09EE272DA} - C:\WINDOWS\system32\adssite_sidebar.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: ads_optimizer - {9C8A568E-4201-478a-8536-526CF371D2E2} - C:\WINDOWS\system32\nsa1229.dll

O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll

O2 - BHO: WhIeHelperObj Class - {c900b400-cdfe-11d3-976a-00e02913a9e0} - C:\Program Files\webHancer\programs\whiehlpr.dll

O3 - Toolbar: Adssite Toolbar - {41C29B07-6F91-4966-91BE-2E2841643C83} - C:\Program Files\Adssite Advanced Toolbar\toolbar.dll

O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll

O4 - HKLM\..\Run: [iMJPMIG8.1] 'C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE' /Spoil /RemAdvDef /Migration32

O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC

O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName

O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [ACU] 'C:\Program Files\Atheros WLAN Adapter\ACU.exe' -nogui

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [skyTel] SkyTel.EXE

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM\..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe

O4 - HKLM\..\Run: [DetectorApp] C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe

O4 - HKLM\..\Run: [iSUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup

O4 - HKLM\..\Run: [iSUSScheduler] 'C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe' -start

O4 - HKLM\..\Run: [symantec PIF AlertEng] 'C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe' /a /m 'C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll'

O4 - HKLM\..\Run: [webHancer Agent] C:\Program Files\webHancer\Programs\whagent.exe

O4 - HKLM\..\Run: [hid_start] C:\WINDOWS\System32\Rundll32.exe 'C:\WINDOWS\system32\gzmrotate.dll' DllVerify

O4 - HKLM\..\Run: [salestart] 'C:\Program Files\Common Files\TryggPCVerktyg\strpmon.exe' dm=http://tryggpcverktyg.com ad=http://tryggpcverktyg.com

O4 - HKLM\..\Run: [TalkAndWrite] C:\Documents and Settings\All Users\Application Data\Skype\Plugins\Plugins\1163D2B46CC742E5A3CC9E4157887751\TalkAndWrite.exe /run

O4 - HKLM\..\Run: [QuickTime Task] 'C:\Program Files\QuickTime\qttask.exe' -atboottime

O4 - HKCU\..\Run: [smpcSys] C:\APPS\SMP\SmpSys.exe

O4 - HKCU\..\Run: [MsnMsgr] 'C:\Program Files\MSN Messenger\MsnMsgr.Exe' /background

O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJÄNST')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Startup: Skype with Doro212.lnk = C:\Program Files\DORO\Skype with Doro212 2.4\Skype with Doro212.exe

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O8 - Extra context menu item: &ampWindows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm

O8 - Extra context menu item: Add to Windows &ampLive Favorites - http://favorites.live.com/quickadd.aspx

O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-ww\msntabres.dll.mui/229?68caf18b66ee4b3785df386eb2e60c83

O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-ww\msntabres.dll.mui/230?68caf18b66ee4b3785df386eb2e60c83

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab

O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/FacebookPhotoUploader3.cab

O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab

O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://korthuset.seavus.com/ImageUploader4.cab

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe

O23 - Service: Automatisk LiveUpdate-schemaläggare - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

O23 - Service: USBDeviceService - Unknown owner - C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe

--

End of file - 10038 bytes

2 januari, 2008

det finns en del adware i loggen, vi gör en scan för att få bort så mycket som går.

http://www.superantispyware.com/downloads/SUPERAntiSpyware.exe

installera >UPPDATERA superantispyware.

scan computer >välj complete scan... >klicka på next >starta om (om det står så).

öppna superantispyware >preferences >statistics/logs >markera senaste loggen >view >kopiera in texten från loggen här (det är frivilligt att radera ev cookies från loggen du postar här).

posta även en ny hijackthis logg

3 januari, 2008

tack, jag har scannat med superantispyware och skickar loggen här:

SUPERAntiSpyware Scan Log

http://www.superantispyware.com

Generated 01/03/2008 at 04:33 PM

Application Version : 3.9.1008

Core Rules Database Version : 3372

Trace Rules Database Version: 1367

Scan type : Complete Scan

Total Scan Time : 00:45:34

Memory items scanned : 476

Memory threats detected : 3

Registry items scanned : 5154

Registry threats detected : 99

File items scanned : 37772

File threats detected : 36

Rogue.AVSystemCare/Component

C:\PROGRAM FILES\COMMON FILES\TRYGGPCVERKTYG\STRPMON.EXE

Unclassified.Unknown Origin

C:\WINDOWS\SYSTEM32\NSA1229.DLL

HKLM\Software\Classes\CLSID\{9C8A568E-4201-478a-8536-526CF371D2E2}

HKCR\CLSID\{9C8A568E-4201-478A-8536-526CF371D2E2}

HKCR\CLSID\{9C8A568E-4201-478A-8536-526CF371D2E2}\InprocServer32

HKCR\CLSID\{9C8A568E-4201-478A-8536-526CF371D2E2}\InprocServer32#ThreadingModel

HKCR\CLSID\{9C8A568E-4201-478A-8536-526CF371D2E2}\ProgID

HKCR\CLSID\{9C8A568E-4201-478A-8536-526CF371D2E2}\Programmable

HKCR\CLSID\{9C8A568E-4201-478A-8536-526CF371D2E2}\TypeLib

HKCR\CLSID\{9C8A568E-4201-478A-8536-526CF371D2E2}\VersionIndependentProgID

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9C8A568E-4201-478a-8536-526CF371D2E2}

Adware.webHancer

C:\PROGRAM FILES\WEBHANCER\PROGRAMS\WHIEHLPR.DLL

HKLM\Software\Classes\CLSID\{c900b400-cdfe-11d3-976a-00e02913a9e0}

HKCR\CLSID\{C900B400-CDFE-11D3-976A-00E02913A9E0}

HKCR\CLSID\{C900B400-CDFE-11D3-976A-00E02913A9E0}\InprocServer32

HKCR\CLSID\{C900B400-CDFE-11D3-976A-00E02913A9E0}\InprocServer32#ThreadingModel

HKCR\CLSID\{C900B400-CDFE-11D3-976A-00E02913A9E0}\ProgID

HKCR\CLSID\{C900B400-CDFE-11D3-976A-00E02913A9E0}\Programmable

HKCR\CLSID\{C900B400-CDFE-11D3-976A-00E02913A9E0}\VersionIndependentProgID

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c900b400-cdfe-11d3-976a-00e02913a9e0}

HKCR\WhIeHelperObj.WhIeHelperObj

HKCR\WhIeHelperObj.WhIeHelperObj\CurVer

HKCR\WhIeHelperObj.WhIeHelperObj.1

HKCR\WhIeHelperObj.WhIeHelperObj.1\CLSID

HKCR\Interface\{C89435B0-CDFE-11D3-976A-00E02913A9E0}

HKCR\Interface\{C89435B0-CDFE-11D3-976A-00E02913A9E0}\ProxyStubClsid

HKCR\Interface\{C89435B0-CDFE-11D3-976A-00E02913A9E0}\ProxyStubClsid32

HKCR\Interface\{C89435B0-CDFE-11D3-976A-00E02913A9E0}\TypeLib

HKCR\Interface\{C89435B0-CDFE-11D3-976A-00E02913A9E0}\TypeLib#Version

HKCR\TypeLib\{C8CB3870-CDFE-11D3-976A-00E02913A9E0}

HKCR\TypeLib\{C8CB3870-CDFE-11D3-976A-00E02913A9E0}\1.0

HKCR\TypeLib\{C8CB3870-CDFE-11D3-976A-00E02913A9E0}\1.0\0

HKCR\TypeLib\{C8CB3870-CDFE-11D3-976A-00E02913A9E0}\1.0\0\win32

HKCR\TypeLib\{C8CB3870-CDFE-11D3-976A-00E02913A9E0}\1.0\FLAGS

HKCR\TypeLib\{C8CB3870-CDFE-11D3-976A-00E02913A9E0}\1.0\HELPDIR

HKLM\Software\WebHancer

HKLM\Software\WebHancer#BaseDir

HKLM\Software\WebHancer\CC

HKLM\Software\WebHancer\CC#DistTag

HKLM\Software\WebHancer\CC#INSTFRM

HKLM\Software\WebHancer\CC#DWLLTM

HKLM\Software\WebHancer\CC#SLNTIND

HKLM\Software\WebHancer\CC#ACCPTPS

HKLM\Software\WebHancer\CC#id

HKLM\Software\WebHancer\ESO

HKLM\Software\WebHancer\ESO#aa

C:\Program Files\WEBHANCER\Programs\license.txt

C:\Program Files\WEBHANCER\Programs\readme.txt

C:\Program Files\WEBHANCER\Programs\sporder.dll

C:\Program Files\WEBHANCER\Programs\webhdll.Vdll

C:\Program Files\WEBHANCER\Programs\whagent.exe

C:\Program Files\WEBHANCER\Programs\whagent.ini

C:\Program Files\WEBHANCER\Programs\whinstaller.exe

C:\Program Files\WEBHANCER\Programs

C:\Program Files\WEBHANCER\whAgent_update.exe

C:\Program Files\WEBHANCER

HKLM\Software\Microsoft\Windows\CurrentVersion\Run#webHancer Agent [ C:\Program Files\webHancer\Programs\whagent.exe ]

C:\WINDOWS\Prefetch\WHAGENT.EXE-268E9140.pf

Adware.AdsSite

HKLM\Software\Classes\CLSID\{1648E328-3E5A-4EA5-A9C6-E5F09EE272DA}

HKCR\CLSID\{1648E328-3E5A-4EA5-A9C6-E5F09EE272DA}

HKCR\CLSID\{1648E328-3E5A-4EA5-A9C6-E5F09EE272DA}#AppID

HKCR\CLSID\{1648E328-3E5A-4EA5-A9C6-E5F09EE272DA}\InprocServer32

HKCR\CLSID\{1648E328-3E5A-4EA5-A9C6-E5F09EE272DA}\InprocServer32#ThreadingModel

HKCR\CLSID\{1648E328-3E5A-4EA5-A9C6-E5F09EE272DA}\ProgID

HKCR\CLSID\{1648E328-3E5A-4EA5-A9C6-E5F09EE272DA}\Programmable

HKCR\CLSID\{1648E328-3E5A-4EA5-A9C6-E5F09EE272DA}\TypeLib

HKCR\CLSID\{1648E328-3E5A-4EA5-A9C6-E5F09EE272DA}\VersionIndependentProgID

C:\WINDOWS\SYSTEM32\ADSSITE_SIDEBAR.DLL

HKLM\Software\Classes\CLSID\{315108E4-E3AF-460F-B264-F2ACC9E1ACEB}

HKCR\CLSID\{315108E4-E3AF-460F-B264-F2ACC9E1ACEB}

HKCR\CLSID\{315108E4-E3AF-460F-B264-F2ACC9E1ACEB}#AppID

HKCR\CLSID\{315108E4-E3AF-460F-B264-F2ACC9E1ACEB}\Implemented Categories

HKCR\CLSID\{315108E4-E3AF-460F-B264-F2ACC9E1ACEB}\Implemented Categories\{00021493-0000-0000-C000-000000000046}

HKCR\CLSID\{315108E4-E3AF-460F-B264-F2ACC9E1ACEB}\InprocServer32

HKCR\CLSID\{315108E4-E3AF-460F-B264-F2ACC9E1ACEB}\InprocServer32#ThreadingModel

HKCR\CLSID\{315108E4-E3AF-460F-B264-F2ACC9E1ACEB}\ProgID

HKCR\CLSID\{315108E4-E3AF-460F-B264-F2ACC9E1ACEB}\Programmable

HKCR\CLSID\{315108E4-E3AF-460F-B264-F2ACC9E1ACEB}\TypeLib

HKCR\CLSID\{315108E4-E3AF-460F-B264-F2ACC9E1ACEB}\VersionIndependentProgID

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1648E328-3E5A-4EA5-A9C6-E5F09EE272DA}

HKU\S-1-5-21-2272373958-1231707490-342012945-1005\Software\Microsoft\Internet Explorer\Explorer Bars\{315108E4-E3AF-460F-B264-F2ACC9E1ACEB}

Adware.AdRotator/AdsSite

HKLM\Software\Classes\CLSID\{41C29B07-6F91-4966-91BE-2E2841643C83}

HKCR\CLSID\{41C29B07-6F91-4966-91BE-2E2841643C83}

HKCR\CLSID\{41C29B07-6F91-4966-91BE-2E2841643C83}#AppID

HKCR\CLSID\{41C29B07-6F91-4966-91BE-2E2841643C83}\InprocServer32

HKCR\CLSID\{41C29B07-6F91-4966-91BE-2E2841643C83}\InprocServer32#ThreadingModel

HKCR\CLSID\{41C29B07-6F91-4966-91BE-2E2841643C83}\ProgID

HKCR\CLSID\{41C29B07-6F91-4966-91BE-2E2841643C83}\Programmable

HKCR\CLSID\{41C29B07-6F91-4966-91BE-2E2841643C83}\TypeLib

HKCR\CLSID\{41C29B07-6F91-4966-91BE-2E2841643C83}\VersionIndependentProgID

C:\PROGRAM FILES\ADSSITE ADVANCED TOOLBAR\TOOLBAR.DLL

HKLM\Software\Microsoft\Internet Explorer\Toolbar#{41C29B07-6F91-4966-91BE-2E2841643C83}

HKCR\CoolToolBar.IEBarLogic.1

HKCR\CoolToolBar.IEBarLogic.1\CLSID

HKCR\CoolToolBar.IEBarLogic

HKCR\CoolToolBar.IEBarLogic\CLSID

HKCR\CoolToolBar.IEBarLogic\CurVer

HKCR\TypeLib\{6B4FA1DD-A353-49F8-A650-79C21D6B4824}

HKCR\TypeLib\{6B4FA1DD-A353-49F8-A650-79C21D6B4824}\1.0

HKCR\TypeLib\{6B4FA1DD-A353-49F8-A650-79C21D6B4824}\1.0\0

HKCR\TypeLib\{6B4FA1DD-A353-49F8-A650-79C21D6B4824}\1.0\0\win32

HKCR\TypeLib\{6B4FA1DD-A353-49F8-A650-79C21D6B4824}\1.0\FLAGS

HKCR\TypeLib\{6B4FA1DD-A353-49F8-A650-79C21D6B4824}\1.0\HELPDIR

C:\WINDOWS\SYSTEM32\ADSSITE-REMOVE.EXE

Adware.Tracking Cookie

C:\Documents and Settings\Katta\Cookies\katta@advertising[1].txt

C:\Documents and Settings\Katta\Cookies\katta@imrworldwide[2].txt

C:\Documents and Settings\Katta\Cookies\katta@adtech[1].txt

C:\Documents and Settings\Katta\Cookies\katta@track.adform[1].txt

C:\Documents and Settings\Katta\Cookies\katta@atdmt[2].txt

C:\Documents and Settings\Katta\Local Settings\Temp\Cookies\katta@ad.yieldmanager[1].txt

C:\Documents and Settings\Katta\Local Settings\Temp\Cookies\katta@ad.zanox[1].txt

C:\Documents and Settings\Katta\Local Settings\Temp\Cookies\katta@adrevolver[1].txt

C:\Documents and Settings\Katta\Local Settings\Temp\Cookies\katta@adrevolver[3].txt

C:\Documents and Settings\Katta\Local Settings\Temp\Cookies\katta@adserver.mediarun[1].txt

C:\Documents and Settings\Katta\Local Settings\Temp\Cookies\katta@advertising[1].txt

C:\Documents and Settings\Katta\Local Settings\Temp\Cookies\katta@atdmt[2].txt

C:\Documents and Settings\Katta\Local Settings\Temp\Cookies\katta@fastclick[1].txt

C:\Documents and Settings\Katta\Local Settings\Temp\Cookies\katta@media.adrevolver[2].txt

C:\Documents and Settings\Katta\Local Settings\Temp\Cookies\katta@msnportal.112.2o7[1].txt

C:\Documents and Settings\Katta\Local Settings\Temp\Cookies\katta@tradedoubler[2].txt

C:\Documents and Settings\Katta\Local Settings\Temp\Cookies\katta@zbox.zanox[2].txt

Malware.LocusSoftware Inc/ConfidentSurf

HKLM\Software\Microsoft\Windows\CurrentVersion\Run#Salestart [ 'C:\Program Files\Common Files\TryggPCVerktyg\strpmon.exe' dm=http://tryggpcverktyg.com ad=http://tryggpcverktyg.com ]

Adware.AdRotator/RightOnz

HKLM\Software\Microsoft\Windows\CurrentVersion\Run#hid_start [ C:\WINDOWS\System32\Rundll32.exe 'C:\WINDOWS\system32\gzmrotate.dll' DllVerify ]

C:\WINDOWS\SYSTEM32\RIGHTONADZ-UNINST.EXE

Malware.LocusSoftware Inc/PCPrivacyTool

HKLM\Software\Purchased Products

HKLM\Software\Purchased Products\System Error Repair

HKLM\Software\Purchased Products\System Error Repair#domain

HKLM\Software\Purchased Products\System Error Repair#pname

HKLM\Software\Purchased Products\System Error Repair#cname

Trojan.Downloader-AUPD

C:\DOCUMENTS AND SETTINGS\KATTA\LOCAL SETTINGS\TEMP\AUPD.EXE

3 januari, 2008

posta även en ny hijackthis logg

3 januari, 2008

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 19:19:21, on 2008-01-03

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16574)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\acs.exe

C:\WINDOWS\eHome\ehRecvr.exe

C:\WINDOWS\eHome\ehSched.exe

C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe

C:\Program Files\Canon\CAL\CALMAIN.exe

C:\WINDOWS\system32\dllhost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\ehome\ehtray.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\WINDOWS\eHome\ehmsas.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Program Files\Atheros WLAN Adapter\ACU.exe

C:\WINDOWS\RTHDCPL.EXE

C:\WINDOWS\ATK0100\HControl.exe

C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe

C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe

C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe

C:\Program Files\Common Files\TryggPCVerktyg\strpmon.exe

C:\Documents and Settings\All Users\Application Data\Skype\Plugins\Plugins\1163D2B46CC742E5A3CC9E4157887751\TalkAndWrite.exe

C:\Program Files\QuickTime\qttask.exe

C:\APPS\SMP\SmpSys.exe

C:\Program Files\MSN Messenger\MsnMsgr.Exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\ATK0100\ATKOSD.exe

C:\Program Files\DORO\Skype with Doro212 2.4\Skype with Doro212.exe

C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\WINDOWS\system32\notepad.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

3 januari, 2008

posta en hel HJT logg

3 januari, 2008

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 21:31:00, on 2008-01-03

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16574)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\acs.exe

C:\WINDOWS\eHome\ehRecvr.exe

C:\WINDOWS\eHome\ehSched.exe

C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe

C:\Program Files\Canon\CAL\CALMAIN.exe

C:\WINDOWS\system32\dllhost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\ehome\ehtray.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\WINDOWS\eHome\ehmsas.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Program Files\Atheros WLAN Adapter\ACU.exe

C:\WINDOWS\RTHDCPL.EXE

C:\WINDOWS\ATK0100\HControl.exe

C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe

C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe

C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe

C:\Program Files\Common Files\TryggPCVerktyg\strpmon.exe

C:\Documents and Settings\All Users\Application Data\Skype\Plugins\Plugins\1163D2B46CC742E5A3CC9E4157887751\TalkAndWrite.exe

C:\Program Files\QuickTime\qttask.exe

C:\APPS\SMP\SmpSys.exe

C:\Program Files\MSN Messenger\MsnMsgr.Exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\ATK0100\ATKOSD.exe

C:\Program Files\DORO\Skype with Doro212 2.4\Skype with Doro212.exe

C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\APPS\skype\Phone\Skype.exe

C:\apps\skype\Plugin Manager\skypePM.exe

C:\Program Files\MSN Messenger\usnsvc.exe

C:\Program Files\Windows Live Toolbar\msn_sl.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hotmail.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157'>http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896'>http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: Search Assistant - {1648E328-3E5A-4EA5-A9C6-E5F09EE272DA} - C:\WINDOWS\SYSTEM32\ADSSITE_SIDEBAR.DLL

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: ads_optimizer - {9C8A568E-4201-478a-8536-526CF371D2E2} - C:\WINDOWS\SYSTEM32\NSA1229.DLL

O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll

O2 - BHO: WhIeHelperObj Class - {c900b400-cdfe-11d3-976a-00e02913a9e0} - C:\PROGRAM FILES\WEBHANCER\PROGRAMS\WHIEHLPR.DLL

O3 - Toolbar: Adssite Toolbar - {41C29B07-6F91-4966-91BE-2E2841643C83} - C:\PROGRAM FILES\ADSSITE ADVANCED TOOLBAR\TOOLBAR.DLL