Just nu i M3-nätverket
Jump to content

gzmrotate.dll i windows\system32\


scoter

Recommended Posts

En kompis grabb som har många spel i sin dator har fått upp ett felmeddelande där gzmrotate.dll dyker upp.

Har hittat (på microsoft) att detta är ett virus och att man skall ta bort filen i msconfig.

 

Någon som vet om detta är korrekt?

 

Link to comment
Share on other sites

  • 3 weeks later...

 

hej, äntligen har jag tagit tag i gzmrotate.dell problemet!

 

laddade ner och scannade så som du skrev till alias: scoter

så här blev mitt resultat:

tacksam för hjälp!

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 22:02:34, on 2008-01-02

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16574)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\acs.exe

C:\WINDOWS\eHome\ehRecvr.exe

C:\WINDOWS\eHome\ehSched.exe

C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe

C:\Program Files\Canon\CAL\CALMAIN.exe

C:\WINDOWS\system32\dllhost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\ehome\ehtray.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\WINDOWS\eHome\ehmsas.exe

C:\Program Files\Atheros WLAN Adapter\ACU.exe

C:\WINDOWS\RTHDCPL.EXE

C:\WINDOWS\ATK0100\HControl.exe

C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe

C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe

C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe

C:\Program Files\Common Files\TryggPCVerktyg\strpmon.exe

C:\Documents and Settings\All Users\Application Data\Skype\Plugins\Plugins\1163D2B46CC742E5A3CC9E4157887751\TalkAndWrite.exe

C:\Program Files\QuickTime\qttask.exe

C:\APPS\SMP\SmpSys.exe

C:\Program Files\MSN Messenger\MsnMsgr.Exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\ATK0100\ATKOSD.exe

C:\Program Files\DORO\Skype with Doro212 2.4\Skype with Doro212.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hotmail.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157'>http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896'>http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: Search Assistant - {1648E328-3E5A-4EA5-A9C6-E5F09EE272DA} - C:\WINDOWS\system32\adssite_sidebar.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: ads_optimizer - {9C8A568E-4201-478a-8536-526CF371D2E2} - C:\WINDOWS\system32\nsa1229.dll

O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll

O2 - BHO: WhIeHelperObj Class - {c900b400-cdfe-11d3-976a-00e02913a9e0} - C:\Program Files\webHancer\programs\whiehlpr.dll

O3 - Toolbar: Adssite Toolbar - {41C29B07-6F91-4966-91BE-2E2841643C83} - C:\Program Files\Adssite Advanced Toolbar\toolbar.dll

O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll

O4 - HKLM\..\Run: [iMJPMIG8.1] 'C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE' /Spoil /RemAdvDef /Migration32

O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC

O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName

O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [ACU] 'C:\Program Files\Atheros WLAN Adapter\ACU.exe' -nogui

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [skyTel] SkyTel.EXE

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM\..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe

O4 - HKLM\..\Run: [DetectorApp] C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe

O4 - HKLM\..\Run: [iSUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup

O4 - HKLM\..\Run: [iSUSScheduler] 'C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe' -start

O4 - HKLM\..\Run: [symantec PIF AlertEng] 'C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe' /a /m 'C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll'

O4 - HKLM\..\Run: [webHancer Agent] C:\Program Files\webHancer\Programs\whagent.exe

O4 - HKLM\..\Run: [hid_start] C:\WINDOWS\System32\Rundll32.exe 'C:\WINDOWS\system32\gzmrotate.dll' DllVerify

O4 - HKLM\..\Run: [salestart] 'C:\Program Files\Common Files\TryggPCVerktyg\strpmon.exe' dm=http://tryggpcverktyg.com ad=http://tryggpcverktyg.com

O4 - HKLM\..\Run: [TalkAndWrite] C:\Documents and Settings\All Users\Application Data\Skype\Plugins\Plugins\1163D2B46CC742E5A3CC9E4157887751\TalkAndWrite.exe /run

O4 - HKLM\..\Run: [QuickTime Task] 'C:\Program Files\QuickTime\qttask.exe' -atboottime

O4 - HKCU\..\Run: [smpcSys] C:\APPS\SMP\SmpSys.exe

O4 - HKCU\..\Run: [MsnMsgr] 'C:\Program Files\MSN Messenger\MsnMsgr.Exe' /background

O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJÄNST')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Startup: Skype with Doro212.lnk = C:\Program Files\DORO\Skype with Doro212 2.4\Skype with Doro212.exe

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O8 - Extra context menu item: &ampWindows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm

O8 - Extra context menu item: Add to Windows &ampLive Favorites - http://favorites.live.com/quickadd.aspx

O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-ww\msntabres.dll.mui/229?68caf18b66ee4b3785df386eb2e60c83

O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-ww\msntabres.dll.mui/230?68caf18b66ee4b3785df386eb2e60c83

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab

O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/FacebookPhotoUploader3.cab

O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab

O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://korthuset.seavus.com/ImageUploader4.cab

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe

O23 - Service: Automatisk LiveUpdate-schemaläggare - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

O23 - Service: USBDeviceService - Unknown owner - C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe

 

--

End of file - 10038 bytes

 

 

Link to comment
Share on other sites

det finns en del adware i loggen, vi gör en scan för att få bort så mycket som går.

http://www.superantispyware.com/downloads/SUPERAntiSpyware.exe

installera >UPPDATERA superantispyware.

scan computer >välj complete scan... >klicka på next >starta om (om det står så).

öppna superantispyware >preferences >statistics/logs >markera senaste loggen >view >kopiera in texten från loggen här (det är frivilligt att radera ev cookies från loggen du postar här).

posta även en ny hijackthis logg

 

 

 

Link to comment
Share on other sites

 

tack, jag har scannat med superantispyware och skickar loggen här:

 

SUPERAntiSpyware Scan Log

http://www.superantispyware.com

 

Generated 01/03/2008 at 04:33 PM

 

Application Version : 3.9.1008

 

Core Rules Database Version : 3372

Trace Rules Database Version: 1367

 

Scan type : Complete Scan

Total Scan Time : 00:45:34

 

Memory items scanned : 476

Memory threats detected : 3

Registry items scanned : 5154

Registry threats detected : 99

File items scanned : 37772

File threats detected : 36

 

Rogue.AVSystemCare/Component

C:\PROGRAM FILES\COMMON FILES\TRYGGPCVERKTYG\STRPMON.EXE

C:\PROGRAM FILES\COMMON FILES\TRYGGPCVERKTYG\STRPMON.EXE

 

Unclassified.Unknown Origin

C:\WINDOWS\SYSTEM32\NSA1229.DLL

C:\WINDOWS\SYSTEM32\NSA1229.DLL

HKLM\Software\Classes\CLSID\{9C8A568E-4201-478a-8536-526CF371D2E2}

HKCR\CLSID\{9C8A568E-4201-478A-8536-526CF371D2E2}

HKCR\CLSID\{9C8A568E-4201-478A-8536-526CF371D2E2}

HKCR\CLSID\{9C8A568E-4201-478A-8536-526CF371D2E2}\InprocServer32

HKCR\CLSID\{9C8A568E-4201-478A-8536-526CF371D2E2}\InprocServer32#ThreadingModel

HKCR\CLSID\{9C8A568E-4201-478A-8536-526CF371D2E2}\ProgID

HKCR\CLSID\{9C8A568E-4201-478A-8536-526CF371D2E2}\Programmable

HKCR\CLSID\{9C8A568E-4201-478A-8536-526CF371D2E2}\TypeLib

HKCR\CLSID\{9C8A568E-4201-478A-8536-526CF371D2E2}\VersionIndependentProgID

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9C8A568E-4201-478a-8536-526CF371D2E2}

 

Adware.webHancer

C:\PROGRAM FILES\WEBHANCER\PROGRAMS\WHIEHLPR.DLL

C:\PROGRAM FILES\WEBHANCER\PROGRAMS\WHIEHLPR.DLL

HKLM\Software\Classes\CLSID\{c900b400-cdfe-11d3-976a-00e02913a9e0}

HKCR\CLSID\{C900B400-CDFE-11D3-976A-00E02913A9E0}

HKCR\CLSID\{C900B400-CDFE-11D3-976A-00E02913A9E0}

HKCR\CLSID\{C900B400-CDFE-11D3-976A-00E02913A9E0}\InprocServer32

HKCR\CLSID\{C900B400-CDFE-11D3-976A-00E02913A9E0}\InprocServer32#ThreadingModel

HKCR\CLSID\{C900B400-CDFE-11D3-976A-00E02913A9E0}\ProgID

HKCR\CLSID\{C900B400-CDFE-11D3-976A-00E02913A9E0}\Programmable

HKCR\CLSID\{C900B400-CDFE-11D3-976A-00E02913A9E0}\VersionIndependentProgID

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c900b400-cdfe-11d3-976a-00e02913a9e0}

HKCR\WhIeHelperObj.WhIeHelperObj

HKCR\WhIeHelperObj.WhIeHelperObj\CurVer

HKCR\WhIeHelperObj.WhIeHelperObj.1

HKCR\WhIeHelperObj.WhIeHelperObj.1\CLSID

HKCR\Interface\{C89435B0-CDFE-11D3-976A-00E02913A9E0}

HKCR\Interface\{C89435B0-CDFE-11D3-976A-00E02913A9E0}\ProxyStubClsid

HKCR\Interface\{C89435B0-CDFE-11D3-976A-00E02913A9E0}\ProxyStubClsid32

HKCR\Interface\{C89435B0-CDFE-11D3-976A-00E02913A9E0}\TypeLib

HKCR\Interface\{C89435B0-CDFE-11D3-976A-00E02913A9E0}\TypeLib#Version

HKCR\TypeLib\{C8CB3870-CDFE-11D3-976A-00E02913A9E0}

HKCR\TypeLib\{C8CB3870-CDFE-11D3-976A-00E02913A9E0}\1.0

HKCR\TypeLib\{C8CB3870-CDFE-11D3-976A-00E02913A9E0}\1.0\0

HKCR\TypeLib\{C8CB3870-CDFE-11D3-976A-00E02913A9E0}\1.0\0\win32

HKCR\TypeLib\{C8CB3870-CDFE-11D3-976A-00E02913A9E0}\1.0\FLAGS

HKCR\TypeLib\{C8CB3870-CDFE-11D3-976A-00E02913A9E0}\1.0\HELPDIR

HKLM\Software\WebHancer

HKLM\Software\WebHancer#BaseDir

HKLM\Software\WebHancer\CC

HKLM\Software\WebHancer\CC#DistTag

HKLM\Software\WebHancer\CC#INSTFRM

HKLM\Software\WebHancer\CC#DWLLTM

HKLM\Software\WebHancer\CC#SLNTIND

HKLM\Software\WebHancer\CC#ACCPTPS

HKLM\Software\WebHancer\CC#id

HKLM\Software\WebHancer\ESO

HKLM\Software\WebHancer\ESO#aa

C:\Program Files\WEBHANCER\Programs\license.txt

C:\Program Files\WEBHANCER\Programs\readme.txt

C:\Program Files\WEBHANCER\Programs\sporder.dll

C:\Program Files\WEBHANCER\Programs\webhdll.Vdll

C:\Program Files\WEBHANCER\Programs\whagent.exe

C:\Program Files\WEBHANCER\Programs\whagent.ini

C:\Program Files\WEBHANCER\Programs\whinstaller.exe

C:\Program Files\WEBHANCER\Programs

C:\Program Files\WEBHANCER\whAgent_update.exe

C:\Program Files\WEBHANCER

HKLM\Software\Microsoft\Windows\CurrentVersion\Run#webHancer Agent [ C:\Program Files\webHancer\Programs\whagent.exe ]

C:\WINDOWS\Prefetch\WHAGENT.EXE-268E9140.pf

 

Adware.AdsSite

HKLM\Software\Classes\CLSID\{1648E328-3E5A-4EA5-A9C6-E5F09EE272DA}

HKCR\CLSID\{1648E328-3E5A-4EA5-A9C6-E5F09EE272DA}

HKCR\CLSID\{1648E328-3E5A-4EA5-A9C6-E5F09EE272DA}

HKCR\CLSID\{1648E328-3E5A-4EA5-A9C6-E5F09EE272DA}#AppID

HKCR\CLSID\{1648E328-3E5A-4EA5-A9C6-E5F09EE272DA}\InprocServer32

HKCR\CLSID\{1648E328-3E5A-4EA5-A9C6-E5F09EE272DA}\InprocServer32#ThreadingModel

HKCR\CLSID\{1648E328-3E5A-4EA5-A9C6-E5F09EE272DA}\ProgID

HKCR\CLSID\{1648E328-3E5A-4EA5-A9C6-E5F09EE272DA}\Programmable

HKCR\CLSID\{1648E328-3E5A-4EA5-A9C6-E5F09EE272DA}\TypeLib

HKCR\CLSID\{1648E328-3E5A-4EA5-A9C6-E5F09EE272DA}\VersionIndependentProgID

C:\WINDOWS\SYSTEM32\ADSSITE_SIDEBAR.DLL

HKLM\Software\Classes\CLSID\{315108E4-E3AF-460F-B264-F2ACC9E1ACEB}

HKCR\CLSID\{315108E4-E3AF-460F-B264-F2ACC9E1ACEB}

HKCR\CLSID\{315108E4-E3AF-460F-B264-F2ACC9E1ACEB}

HKCR\CLSID\{315108E4-E3AF-460F-B264-F2ACC9E1ACEB}#AppID

HKCR\CLSID\{315108E4-E3AF-460F-B264-F2ACC9E1ACEB}\Implemented Categories

HKCR\CLSID\{315108E4-E3AF-460F-B264-F2ACC9E1ACEB}\Implemented Categories\{00021493-0000-0000-C000-000000000046}

HKCR\CLSID\{315108E4-E3AF-460F-B264-F2ACC9E1ACEB}\InprocServer32

HKCR\CLSID\{315108E4-E3AF-460F-B264-F2ACC9E1ACEB}\InprocServer32#ThreadingModel

HKCR\CLSID\{315108E4-E3AF-460F-B264-F2ACC9E1ACEB}\ProgID

HKCR\CLSID\{315108E4-E3AF-460F-B264-F2ACC9E1ACEB}\Programmable

HKCR\CLSID\{315108E4-E3AF-460F-B264-F2ACC9E1ACEB}\TypeLib

HKCR\CLSID\{315108E4-E3AF-460F-B264-F2ACC9E1ACEB}\VersionIndependentProgID

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1648E328-3E5A-4EA5-A9C6-E5F09EE272DA}

HKU\S-1-5-21-2272373958-1231707490-342012945-1005\Software\Microsoft\Internet Explorer\Explorer Bars\{315108E4-E3AF-460F-B264-F2ACC9E1ACEB}

 

Adware.AdRotator/AdsSite

HKLM\Software\Classes\CLSID\{41C29B07-6F91-4966-91BE-2E2841643C83}

HKCR\CLSID\{41C29B07-6F91-4966-91BE-2E2841643C83}

HKCR\CLSID\{41C29B07-6F91-4966-91BE-2E2841643C83}

HKCR\CLSID\{41C29B07-6F91-4966-91BE-2E2841643C83}#AppID

HKCR\CLSID\{41C29B07-6F91-4966-91BE-2E2841643C83}\InprocServer32

HKCR\CLSID\{41C29B07-6F91-4966-91BE-2E2841643C83}\InprocServer32#ThreadingModel

HKCR\CLSID\{41C29B07-6F91-4966-91BE-2E2841643C83}\ProgID

HKCR\CLSID\{41C29B07-6F91-4966-91BE-2E2841643C83}\Programmable

HKCR\CLSID\{41C29B07-6F91-4966-91BE-2E2841643C83}\TypeLib

HKCR\CLSID\{41C29B07-6F91-4966-91BE-2E2841643C83}\VersionIndependentProgID

C:\PROGRAM FILES\ADSSITE ADVANCED TOOLBAR\TOOLBAR.DLL

HKLM\Software\Microsoft\Internet Explorer\Toolbar#{41C29B07-6F91-4966-91BE-2E2841643C83}

HKCR\CoolToolBar.IEBarLogic.1

HKCR\CoolToolBar.IEBarLogic.1\CLSID

HKCR\CoolToolBar.IEBarLogic

HKCR\CoolToolBar.IEBarLogic\CLSID

HKCR\CoolToolBar.IEBarLogic\CurVer

HKCR\TypeLib\{6B4FA1DD-A353-49F8-A650-79C21D6B4824}

HKCR\TypeLib\{6B4FA1DD-A353-49F8-A650-79C21D6B4824}\1.0

HKCR\TypeLib\{6B4FA1DD-A353-49F8-A650-79C21D6B4824}\1.0\0

HKCR\TypeLib\{6B4FA1DD-A353-49F8-A650-79C21D6B4824}\1.0\0\win32

HKCR\TypeLib\{6B4FA1DD-A353-49F8-A650-79C21D6B4824}\1.0\FLAGS

HKCR\TypeLib\{6B4FA1DD-A353-49F8-A650-79C21D6B4824}\1.0\HELPDIR

C:\WINDOWS\SYSTEM32\ADSSITE-REMOVE.EXE

 

Adware.Tracking Cookie

C:\Documents and Settings\Katta\Cookies\katta@advertising[1].txt

C:\Documents and Settings\Katta\Cookies\katta@imrworldwide[2].txt

C:\Documents and Settings\Katta\Cookies\katta@adtech[1].txt

C:\Documents and Settings\Katta\Cookies\katta@track.adform[1].txt

C:\Documents and Settings\Katta\Cookies\katta@atdmt[2].txt

C:\Documents and Settings\Katta\Local Settings\Temp\Cookies\katta@ad.yieldmanager[1].txt

C:\Documents and Settings\Katta\Local Settings\Temp\Cookies\katta@ad.zanox[1].txt

C:\Documents and Settings\Katta\Local Settings\Temp\Cookies\katta@adrevolver[1].txt

C:\Documents and Settings\Katta\Local Settings\Temp\Cookies\katta@adrevolver[3].txt

C:\Documents and Settings\Katta\Local Settings\Temp\Cookies\katta@adserver.mediarun[1].txt

C:\Documents and Settings\Katta\Local Settings\Temp\Cookies\katta@advertising[1].txt

C:\Documents and Settings\Katta\Local Settings\Temp\Cookies\katta@atdmt[2].txt

C:\Documents and Settings\Katta\Local Settings\Temp\Cookies\katta@fastclick[1].txt

C:\Documents and Settings\Katta\Local Settings\Temp\Cookies\katta@media.adrevolver[2].txt

C:\Documents and Settings\Katta\Local Settings\Temp\Cookies\katta@msnportal.112.2o7[1].txt

C:\Documents and Settings\Katta\Local Settings\Temp\Cookies\katta@tradedoubler[2].txt

C:\Documents and Settings\Katta\Local Settings\Temp\Cookies\katta@zbox.zanox[2].txt

 

Malware.LocusSoftware Inc/ConfidentSurf

HKLM\Software\Microsoft\Windows\CurrentVersion\Run#Salestart [ 'C:\Program Files\Common Files\TryggPCVerktyg\strpmon.exe' dm=http://tryggpcverktyg.com ad=http://tryggpcverktyg.com ]

 

Adware.AdRotator/RightOnz

HKLM\Software\Microsoft\Windows\CurrentVersion\Run#hid_start [ C:\WINDOWS\System32\Rundll32.exe 'C:\WINDOWS\system32\gzmrotate.dll' DllVerify ]

C:\WINDOWS\SYSTEM32\RIGHTONADZ-UNINST.EXE

 

Malware.LocusSoftware Inc/PCPrivacyTool

HKLM\Software\Purchased Products

HKLM\Software\Purchased Products\System Error Repair

HKLM\Software\Purchased Products\System Error Repair#domain

HKLM\Software\Purchased Products\System Error Repair#pname

HKLM\Software\Purchased Products\System Error Repair#cname

 

Trojan.Downloader-AUPD

C:\DOCUMENTS AND SETTINGS\KATTA\LOCAL SETTINGS\TEMP\AUPD.EXE

 

 

Link to comment
Share on other sites

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 19:19:21, on 2008-01-03

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16574)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\acs.exe

C:\WINDOWS\eHome\ehRecvr.exe

C:\WINDOWS\eHome\ehSched.exe

C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe

C:\Program Files\Canon\CAL\CALMAIN.exe

C:\WINDOWS\system32\dllhost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\ehome\ehtray.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\WINDOWS\eHome\ehmsas.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Program Files\Atheros WLAN Adapter\ACU.exe

C:\WINDOWS\RTHDCPL.EXE

C:\WINDOWS\ATK0100\HControl.exe

C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe

C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe

C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe

C:\Program Files\Common Files\TryggPCVerktyg\strpmon.exe

C:\Documents and Settings\All Users\Application Data\Skype\Plugins\Plugins\1163D2B46CC742E5A3CC9E4157887751\TalkAndWrite.exe

C:\Program Files\QuickTime\qttask.exe

C:\APPS\SMP\SmpSys.exe

C:\Program Files\MSN Messenger\MsnMsgr.Exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\ATK0100\ATKOSD.exe

C:\Program Files\DORO\Skype with Doro212 2.4\Skype with Doro212.exe

C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\WINDOWS\system32\notepad.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

 

 

 

Link to comment
Share on other sites

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 21:31:00, on 2008-01-03

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16574)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\acs.exe

C:\WINDOWS\eHome\ehRecvr.exe

C:\WINDOWS\eHome\ehSched.exe

C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe

C:\Program Files\Canon\CAL\CALMAIN.exe

C:\WINDOWS\system32\dllhost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\ehome\ehtray.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\WINDOWS\eHome\ehmsas.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Program Files\Atheros WLAN Adapter\ACU.exe

C:\WINDOWS\RTHDCPL.EXE

C:\WINDOWS\ATK0100\HControl.exe

C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe

C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe

C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe

C:\Program Files\Common Files\TryggPCVerktyg\strpmon.exe

C:\Documents and Settings\All Users\Application Data\Skype\Plugins\Plugins\1163D2B46CC742E5A3CC9E4157887751\TalkAndWrite.exe

C:\Program Files\QuickTime\qttask.exe

C:\APPS\SMP\SmpSys.exe

C:\Program Files\MSN Messenger\MsnMsgr.Exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\ATK0100\ATKOSD.exe

C:\Program Files\DORO\Skype with Doro212 2.4\Skype with Doro212.exe

C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\APPS\skype\Phone\Skype.exe

C:\apps\skype\Plugin Manager\skypePM.exe

C:\Program Files\MSN Messenger\usnsvc.exe

C:\Program Files\Windows Live Toolbar\msn_sl.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hotmail.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157'>http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896'>http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: Search Assistant - {1648E328-3E5A-4EA5-A9C6-E5F09EE272DA} - C:\WINDOWS\SYSTEM32\ADSSITE_SIDEBAR.DLL

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: ads_optimizer - {9C8A568E-4201-478a-8536-526CF371D2E2} - C:\WINDOWS\SYSTEM32\NSA1229.DLL

O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll

O2 - BHO: WhIeHelperObj Class - {c900b400-cdfe-11d3-976a-00e02913a9e0} - C:\PROGRAM FILES\WEBHANCER\PROGRAMS\WHIEHLPR.DLL

O3 - Toolbar: Adssite Toolbar - {41C29B07-6F91-4966-91BE-2E2841643C83} - C:\PROGRAM FILES\ADSSITE ADVANCED TOOLBAR\TOOLBAR.DLL

O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll

O4 - HKLM\..\Run: [iMJPMIG8.1] 'C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE' /Spoil /RemAdvDef /Migration32

O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC

O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName

O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [ACU] 'C:\Program Files\Atheros WLAN Adapter\ACU.exe' -nogui

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [skyTel] SkyTel.EXE

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM\..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe

O4 - HKLM\..\Run: [DetectorApp] C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe

O4 - HKLM\..\Run: [iSUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup

O4 - HKLM\..\Run: [iSUSScheduler] 'C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe' -start

O4 - HKLM\..\Run: [symantec PIF AlertEng] 'C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe' /a /m 'C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll'

O4 - HKLM\..\Run: [webHancer Agent] C:\Program Files\webHancer\Programs\whagent.exe

O4 - HKLM\..\Run: [hid_start] C:\WINDOWS\System32\Rundll32.exe 'C:\WINDOWS\system32\gzmrotate.dll' DllVerify

O4 - HKLM\..\Run: [salestart] 'C:\Program Files\Common Files\TryggPCVerktyg\strpmon.exe' dm=http://tryggpcverktyg.com ad=http://tryggpcverktyg.com

O4 - HKLM\..\Run: [TalkAndWrite] C:\Documents and Settings\All Users\Application Data\Skype\Plugins\Plugins\1163D2B46CC742E5A3CC9E4157887751\TalkAndWrite.exe /run

O4 - HKLM\..\Run: [QuickTime Task] 'C:\Program Files\QuickTime\qttask.exe' -atboottime

O4 - HKCU\..\Run: [smpcSys] C:\APPS\SMP\SmpSys.exe

O4 - HKCU\..\Run: [MsnMsgr] 'C:\Program Files\MSN Messenger\MsnMsgr.Exe' /background

O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJÄNST')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Startup: Skype with Doro212.lnk = C:\Program Files\DORO\Skype with Doro212 2.4\Skype with Doro212.exe

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O8 - Extra context menu item: &ampWindows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm

O8 - Extra context menu item: Add to Windows &ampLive Favorites - http://favorites.live.com/quickadd.aspx

O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-ww\msntabres.dll.mui/229?68caf18b66ee4b3785df386eb2e60c83

O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-ww\msntabres.dll.mui/230?68caf18b66ee4b3785df386eb2e60c83

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab

O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/FacebookPhotoUploader3.cab

O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab

O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://korthuset.seavus.com/ImageUploader4.cab

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe

O23 - Service: Automatisk LiveUpdate-schemaläggare - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

O23 - Service: USBDeviceService - Unknown owner - C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe

 

--

End of file - 10439 bytes

 

 

Link to comment
Share on other sites

gör en ny scan, bocka för dessa rader

 

O2 - BHO: Search Assistant - {1648E328-3E5A-4EA5-A9C6-E5F09EE272DA} - C:\WINDOWS\SYSTEM32\ADSSITE_SIDEBAR.DLL

 

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

 

O2 - BHO: ads_optimizer - {9C8A568E-4201-478a-8536-526CF371D2E2} - C:\WINDOWS\SYSTEM32\NSA1229.DLL

 

O4 - HKLM\..\Run: [webHancer Agent] C:\Program Files\webHancer\Programs\whagent.exe

O4 - HKLM\..\Run: [hid_start] C:\WINDOWS\System32\Rundll32.exe 'C:\WINDOWS\system32\gzmrotate.dll' DllVerify

 

klicka på kanppen fix check.

 

den versionen är riktigt gammal, avinstallera den på vanligt vis

C:\Program Files\Java\jre1.5.0_04

 

hämta den senaste java här

http://www.filehippo.com/download_java_runtime/

 

superantispyware startar med windows, det är helt onödigt då det inte skyddar

[inlägget ändrat 2008-01-03 21:51:46 av 927]

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.



×
×
  • Create New...