Just nu i M3-nätverket
Gå till innehåll
Borsellini

Spyware som jag vill bli av med...

Rekommendera Poster

Borsellini

...en gång för alla. Använder Spybot Search & Destroy, men dessa spyware återkommer ständigt så det verkar inte som att S & D lyckas ta bort dem. Spywaren heter "Fake.Wget", "Windows Security Center.AntivirusDisableNotify" och "Windows Security Center.FirewallDisableNotify"

 

Körde en koll i hijackthis. Här är loggen:

 

[log]Logfile of HijackThis v1.99.1

Scan saved at 16:02:06, on 2006-01-21

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\SYSTEM32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program\Delade filer\Symantec Shared\ccProxy.exe

C:\Program\Delade filer\Symantec Shared\ccSetMgr.exe

C:\Program\Norton Internet Security\ISSVC.exe

C:\Program\Delade filer\Symantec Shared\SNDSrvc.exe

C:\Program\Delade filer\Symantec Shared\ccEvtMgr.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\CTSvcCDA.EXE

c:\Program\Delade filer\LightScribe\LSSrvc.exe

C:\Program\Norton Internet Security\Norton AntiVirus\navapsvc.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost.exe

C:\Program\Delade filer\Symantec Shared\CCPD-LC\symlcsvc.exe

C:\WINDOWS\system32\MsPMSPSv.exe

c:\Program\Delade filer\Symantec Shared\Security Center\SymWSC.exe

C:\windows\system\hpsysdrv.exe

C:\Program\Delade filer\InterVideo\SchSvr\SchSvr.exe

C:\Program\Delade filer\Symantec Shared\ccApp.exe

C:\WINDOWS\AGRSMMSG.exe

C:\Program\Messenger\msmsgs.exe

C:\Program\Mozilla Firefox\firefox.exe

C:\Program\Spybot - Search & Destroy\SpybotSD.exe

C:\Documents and Settings\HP_Ägaren\Lokala inställningar\Temp\wz2bf7\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=SV_SE&c=Q105&bd=pavilion&pf=desktop'>http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=SV_SE&c=Q105&bd=pavilion&pf=desktop'>http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=SV_SE&c=Q105&bd=pavilion&pf=desktop'>http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=SV_SE&c=Q105&bd=pavilion&pf=desktop'>http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=SV_SE&c=Q105&bd=pavilion&pf=desktop'>http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=SV_SE&c=Q105&bd=pavilion&pf=desktop

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=SV_SE&c=Q105&bd=pavilion&pf=desktop

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=SV_SE&c=Q105&bd=pavilion&pf=desktop

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=SV_SE&c=Q105&bd=pavilion&pf=desktop

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=SV_SE&c=Q105&bd=pavilion&pf=desktop

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=SV_SE&c=Q105&bd=pavilion&pf=desktop

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program\SPYBOT~1\SDHelper.dll

O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program\Delade filer\Symantec Shared\AdBlocking\NISShExt.dll

O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program\Norton Internet Security\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: HP-vy - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program\HP\Digital Imaging\bin\HPDTLK02.dll

O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program\Delade filer\Symantec Shared\AdBlocking\NISShExt.dll

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program\Norton Internet Security\Norton AntiVirus\NavShExt.dll

O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HPHUPD06] c:\Program\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe

O4 - HKLM\..\Run: [Home Theater SchSvr] "C:\Program\Delade filer\InterVideo\SchSvr\SchSvr.exe"

O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE

O4 - HKLM\..\Run: [siSPower] Rundll32.exe SiSPower.dll,ModeAgent

O4 - HKLM\..\Run: [updReg] C:\WINDOWS\UpdReg.EXE

O4 - HKLM\..\Run: [symantec NetDriver Monitor] C:\Program\SYMNET~1\SNDMon.exe /Consumer

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [ccApp] "C:\Program\Delade filer\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKCU\..\Run: [MSMSGS] "C:\Program\Messenger\msmsgs.exe" /background

O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\j2re1.4.2_03\bin\npjpi142_03.dll

O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\j2re1.4.2_03\bin\npjpi142_03.dll

O9 - Extra button: Referensinformation - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program\MICROS~2\OFFICE11\REFIEBAR.DLL

O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {2359626E-7524-4F87-B04E-22CD38A0C88C} (ICSScannerLight Class) - http://download.zonelabs.com/bin/free/cm/ICSCM.cab

O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab

O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab

O16 - DPF: {94EB57FE-2720-496C-B33F-D9353C6E23F7} (F-Secure Online Scanner 2.1) - http://support.f-secure.com/ols/fscax.cab

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\Program\MSNMES~1\msgrapp.dll" (file missing)

O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccProxy.exe

O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccPwdSvc.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccSetMgr.exe

O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTSvcCDA.EXE

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program\Delade filer\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPodService - Unknown owner - C:\Program\iPod\bin\iPodService.exe (file missing)

O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program\Norton Internet Security\ISSVC.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - c:\Program\Delade filer\LightScribe\LSSrvc.exe

O23 - Service: Norton AntiVirus Auto Protect-tjänst (navapsvc) - Symantec Corporation - C:\Program\Norton Internet Security\Norton AntiVirus\navapsvc.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:\Program\SiSoftware\SiSoftware Sandra Lite 2005.SR3\RpcDataSrv.exe

O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:\Program\SiSoftware\SiSoftware Sandra Lite 2005.SR3\RpcSandraSrv.exe

O23 - Service: SAVScan - Symantec Corporation - C:\Program\Norton Internet Security\Norton AntiVirus\SAVScan.exe

O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\Program\DELADE~1\SYMANT~1\SCRIPT~1\SBServ.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\SNDSrvc.exe

O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\SPBBC\SPBBCSvc.exe

O23 - Service: StarWind iSCSI Service (StarWindService) - Unknown owner - C:\Program\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe (file missing)

O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\CCPD-LC\symlcsvc.exe

O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - c:\Program\Delade filer\Symantec Shared\Security Center\SymWSC.exe

O23 - Service: Windows Log - Unknown owner - C:\WINDOWS\system32\nvsvcd.exe

[/log]

 

Dela detta inlägg


Länk till inlägg
Dela på andra webbplatser
Cecilia
"Windows Security Center.AntivirusDisableNotify" och "Windows Security Center.FirewallDisableNotify"

Anger väl att du har ställt in Säkerhetscentret på att inte säga till om antivirus resp. brandvägg inte är igång. Kan du väl ändra innifrån Säkerhetscentret om du vill ha det annorlunda.

 

"Fake.Wget"

Kan du skriva var Spybot S&D hittar det eller kopiera in loggen från Spybot i ditt svar, (i så fall så ska du markera loggen efteråt och trycka på LOG-knappen).

 

Gå även till en av de här sidorna:

http://virusscan.jotti.org/

http://www.virustotal.com/flash/index_en.html

och i rutan där så skriver du in filnamnet:

C:\WINDOWS\system32\nvsvcd.exe

tryck på Submit resp. Send.

Klistra in resultatet i ditt svar.

 

Dela detta inlägg


Länk till inlägg
Dela på andra webbplatser
Borsellini

 

 

AntiVir

Found Worm/IRCBot.NM.1

ArcaVir

Found nothing

Avast

Found nothing

AVG Antivirus

Found nothing

BitDefender

Found Trojan.Boxed.C

ClamAV

Found nothing

Dr.Web

Found nothing

F-Prot Antivirus

Found nothing

Fortinet

Found nothing

Kaspersky Anti-Virus

Found Backdoor.Win32.IRCBot.nm

NOD32

Found nothing

Norman Virus Control

Found nothing

UNA

Found nothing

VBA32

Found Backdoor.Win32.IRCBot.nm

 

This is a report processed by VirusTotal on 01/27/2006 at 14:56:22 (CET) after scanning the file "nvsvcd.exe" file.

 

Antivirus Version Update Result

AntiVir 6.33.0.77 01.27.2006 Worm/IRCBot.NM.1

Avast 4.6.695.0 01.26.2006 no virus found

AVG 718 01.27.2006 no virus found

Avira 6.33.0.77 01.27.2006 Worm/IRCBot.NM.1

BitDefender 7.2 01.27.2006 Trojan.Boxed.C

CAT-QuickHeal 8.00 01.27.2006 no virus found

ClamAV devel-20051123 01.27.2006 no virus found

DrWeb 4.33 01.27.2006 no virus found

eTrust-InoculateIT 23.71.61 01.27.2006 no virus found

eTrust-Vet 12.4.2058 01.27.2006 no virus found

Ewido 3.5 01.27.2006 Backdoor.IRCBot.nm

Fortinet 2.54.0.0 01.27.2006 no virus found

F-Prot 3.16c 01.26.2006 no virus found

Ikarus 0.2.59.0 01.27.2006 no virus found

Kaspersky 4.0.2.24 01.27.2006 no virus found

McAfee 4683 01.26.2006 no virus found

NOD32v2 1.1382 01.27.2006 no virus found

Norman 5.70.10 01.27.2006 no virus found

Panda 9.0.0.4 01.27.2006 Trj/Agent.BAF

Sophos 4.01.0 01.27.2006 no virus found

Symantec 8.0 01.27.2006 no virus found

TheHacker 5.9.3.082 01.27.2006 no virus found

UNA 1.83 01.27.2006 Backdoor.IRCBot

VBA32 3.10.5 01.27.2006 Backdoor.Win32.IRCBot.nm

 

Dela detta inlägg


Länk till inlägg
Dela på andra webbplatser
Cecilia

Var säker på att du förstår allt nedan, fråga annars.

 

Kontrollpanelen - Administrationsverktyg - Tjänster

Leta upp "Windows Log" i listan, dubbelklicka på den för att ta fram dess Egenskaper. Tryck på Stopp-knappen om det går, välj Startmetod Inaktiverad.

 

Starta om datorn i felsäkert läge genom att trycka på F8 upprepade gånger under uppstarten och välja Felsäkert i menyn.

 

Ställ in Utforskaren så att du kan se alla filer:

Verktyg - (Mapp)alternativ eller liknande - Visning

Välj Visa dolda filer och mappar

Avbocka Dölj filnamnstillägg för kända filtyper

Avbocka Dölj skyddade operativsystemfiler

 

Ta bort denna fil:

C:\WINDOWS\system32\nvsvcd.exe

 

Starta om i normalt läge.

 

HijackThis måste laddas ner och stoppas in i en egen mapp på hårddisken, annars så kan den inte spara säkerhetskopior på vad den gör. Enklaste sättet att göra detta är att använda denna variant av HijackThis som sköter om det själv:

http://www.thespykiller.co.uk/files/HJTsetup.exe

 

Angående Fake.Wget så behöver jag se en rapport från Spybot S&D för att veta var den har hittat otrevligheten.

Öppna Spybot 1.4, uppdatera den.

Stäng alla webbläsare.

Låt Spybot söka igenom datorn.

Menyval Mode - Advanced

Till vänster Tools - View report

Se till att allt är valt långt ner utom

Do not report disabled or known legitimate Items,

Include a list of services in report.

Include uninstall list in report

Välj View report (högt upp)

Export

Ange var du vill ha filen.

I ditt svar så klistra in filen, markera (måla) den och tryck på LOG-knappen.

 

Dessutom så klistrar du in en ny HijackThis-logg.

 

Dela detta inlägg


Länk till inlägg
Dela på andra webbplatser
Borsellini

Tack! Jag har tagit bort C:\WINDOWS\system32\nvsvcd.exe enligt dina instruktioner. Kan jag nu på något sätt kolla att allt skit försvunnit?

 

S & D:

 

 

[log]--- Search result list ---

Windows Security Center.FirewallDisableNotify: Settings (Registry change, fixed)

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify!=dword:0

 

Windows Security Center.AntiVirusDisableNotify: Settings (Registry change, fixed)

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify!=dword:0

 

 

--- Spybot - Search & Destroy version: 1.4 (build: 20050523) ---

 

2005-05-31 blindman.exe (1.0.0.1)

2005-05-31 SpybotSD.exe (1.4.0.3)

2005-05-31 TeaTimer.exe (1.4.0.2)

2005-11-10 unins000.exe (51.41.0.0)

2005-05-31 Update.exe (1.4.0.0)

2005-05-31 advcheck.dll (1.0.2.0)

2005-05-31 aports.dll (2.1.0.0)

2005-05-31 borlndmm.dll (7.0.4.453)

2005-05-31 delphimm.dll (7.0.4.453)

2005-05-31 SDHelper.dll (1.4.0.0)

2005-05-31 Tools.dll (2.0.0.2)

2005-05-31 UnzDll.dll (1.73.1.1)

2005-05-31 ZipDll.dll (1.73.2.0)

2006-01-27 Includes\Cookies.sbi (*)

2006-01-27 Includes\Dialer.sbi (*)

2006-01-27 Includes\Hijackers.sbi (*)

2006-01-27 Includes\Keyloggers.sbi (*)

2004-11-29 Includes\LSP.sbi (*)

2006-01-27 Includes\Malware.sbi (*)

2006-01-27 Includes\PUPS.sbi (*)

2006-01-27 Includes\Revision.sbi (*)

2006-01-27 Includes\Security.sbi (*)

2006-01-27 Includes\Spybots.sbi (*)

2005-02-17 Includes\Tracks.uti

2006-01-27 Includes\Trojans.sbi (*)

 

 

 

--- System information ---

Windows XP (Build: 2600) Service Pack 2

/ .NETFramework / 1.1: Microsoft .NET Framework 1.1 Hotfix (KB886903)

/ .NETFramework / 1.1: Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)

/ Step By Step Interactive Training / SP2: Säkerhetsuppdatering för Step by Step Interactive Training (KB898458)

/ Windows XP / SP3: Windows XP Hotfix - KB873339

/ Windows XP / SP3: Windows XP Hotfix - KB883667

/ Windows XP / SP3: Windows XP Hotfix - KB885250

/ Windows XP / SP3: Windows XP Hotfix - KB885835

/ Windows XP / SP3: Windows XP Hotfix - KB885836

/ Windows XP / SP3: Windows XP Hotfix - KB886185

/ Windows XP / SP3: Windows XP Hotfix - KB887472

/ Windows XP / SP3: Windows XP Hotfix - KB887742

/ Windows XP / SP3: Windows XP Hotfix - KB888113

/ Windows XP / SP3: Windows XP Hotfix - KB888302

/ Windows XP / SP3: Säkerhetsuppdatering för Windows XP (KB890046)

/ Windows XP / SP3: Windows XP Hotfix - KB890859

/ Windows XP / SP3: Windows XP Hotfix - KB891781

/ Windows XP / SP3: Säkerhetsuppdatering för Windows XP (KB893066)

/ Windows XP / SP3: Säkerhetsuppdatering för Windows XP (KB893756)

/ Windows XP / SP3: Windows Installer 3.1 (KB893803)

/ Windows XP / SP3: Uppdatering för Windows XP (KB894391)

/ Windows XP / SP3: Säkerhetsuppdatering för Windows XP (KB896358)

/ Windows XP / SP3: Säkerhetsuppdatering för Windows XP (KB896422)

/ Windows XP / SP3: Säkerhetsuppdatering för Windows XP (KB896423)

/ Windows XP / SP3: Säkerhetsuppdatering för Windows XP (KB896424)

/ Windows XP / SP3: Säkerhetsuppdatering för Windows XP (KB896428)

/ Windows XP / SP3: Säkerhetsuppdatering för Windows XP (KB896688)

/ Windows XP / SP3: Uppdatering för Windows XP (KB898461)

/ Windows XP / SP3: Säkerhetsuppdatering för Windows XP (KB899587)

/ Windows XP / SP3: Säkerhetsuppdatering för Windows XP (KB899591)

/ Windows XP / SP3: Säkerhetsuppdatering för Windows XP (KB900725)

/ Windows XP / SP3: Säkerhetsuppdatering för Windows XP (KB901017)

/ Windows XP / SP3: Säkerhetsuppdatering för Windows XP (KB901214)

/ Windows XP / SP3: Säkerhetsuppdatering för Windows XP (KB902400)

/ Windows XP / SP3: Säkerhetsuppdatering för Windows XP (KB904706)

/ Windows XP / SP3: Säkerhetsuppdatering för Windows XP (KB905414)

/ Windows XP / SP3: Säkerhetsuppdatering för Windows XP (KB905749)

/ Windows XP / SP3: Säkerhetsuppdatering för Windows XP (KB905915)

/ Windows XP / SP3: Säkerhetsuppdatering för Windows XP (KB908519)

/ Windows XP / SP3: Uppdatering för Windows XP (KB910437)

/ Windows XP / SP3: Säkerhetsuppdatering för Windows XP (KB912919)

/ Windows XP OOB / SP10: High Definition Audio Driver Package - KB835221

 

 

--- Startup entries list ---

Located: HK_LM:Run, ccApp

command: "C:\Program\Delade filer\Symantec Shared\ccApp.exe"

file: C:\Program\Delade filer\Symantec Shared\ccApp.exe

size: 58992

MD5: 823c748837bf1f57f151bdb6035fb7b5

 

Located: HK_LM:Run, HPHUPD06

command: c:\Program\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe

file: c:\Program\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe

size: 49152

MD5: eca65cc095bd6d541a4798294f61e52a

 

Located: HK_LM:Run, hpsysdrv

command: c:\windows\system\hpsysdrv.exe

file: c:\windows\system\hpsysdrv.exe

size: 52736

MD5: 06a1ecb63df139ec639e084d4ab3c9d7

 

Located: HK_LM:Run, IgfxTray

command: C:\WINDOWS\system32\igfxtray.exe

file: C:\WINDOWS\system32\igfxtray.exe

size: 155648

MD5: 8bbbada96ffe1449edd39256eda99cd8

 

Located: HK_LM:Run, NvCplDaemon

command: RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

file: C:\WINDOWS\SYSTEM32\RUNDLL32.EXE

size: 33280

MD5: 67feedf5974c7a4511bdb23c0ade34f2

 

Located: HK_LM:Run, NvMediaCenter

command: RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

file: C:\WINDOWS\SYSTEM32\RUNDLL32.EXE

size: 33280

MD5: 67feedf5974c7a4511bdb23c0ade34f2

 

Located: HK_LM:Run, Recguard

command: C:\WINDOWS\SMINST\RECGUARD.EXE

file: C:\WINDOWS\SMINST\RECGUARD.EXE

size: 233472

MD5: 310f1e8a0781887ba1c217448c0e4d48

 

Located: HK_LM:Run, SiSPower

command: Rundll32.exe SiSPower.dll,ModeAgent

file: C:\WINDOWS\SYSTEM32\Rundll32.exe

size: 33280

MD5: 67feedf5974c7a4511bdb23c0ade34f2

 

Located: HK_LM:Run, Symantec NetDriver Monitor

command: C:\Program\SYMNET~1\SNDMon.exe /Consumer

file: C:\Program\SYMNET~1\SNDMon.exe

size: 100056

MD5: f9418981ee4d7e995d359833adab59d5

 

Located: HK_LM:Run, UpdReg

command: C:\WINDOWS\UpdReg.EXE

file: C:\WINDOWS\UpdReg.EXE

size: 90112

MD5: c419df63e0121d72411285780c2fc6cc

 

Located: HK_CU:Run, MSMSGS

command: "C:\Program\Messenger\msmsgs.exe" /background

file: C:\Program\Messenger\msmsgs.exe

size: 1694208

MD5: 74e6e96c6f0e2eca4edbb7f7a468f259

 

Located: Startup (disabled), Adobe Gamma Loader (DISABLED)

command: C:\Program\DELADE~1\Adobe\CALIBR~1\ADOBEG~1.EXE

file: C:\Program\DELADE~1\Adobe\CALIBR~1\ADOBEG~1.EXE

size: 113664

MD5: c2ff17734176cd15221c10044ef0ba1a

 

Located: Startup (disabled), HP Digital Imaging Monitor (DISABLED)

command: C:\Program\HP\DIGITA~1\bin\hpqtra08.exe

file: C:\Program\HP\DIGITA~1\bin\hpqtra08.exe

size: 241664

MD5: 16e91805cc071039372ae0037aaa9a2b

 

Located: Startup (disabled), NkbMonitor.exe (DISABLED)

command: C:\Program\Nikon\PICTUR~1\NKBMON~1.EXE

file: C:\Program\Nikon\PICTUR~1\NKBMON~1.EXE

size: 118784

MD5: 8c920dfe944b0dce788db3cb0320b336

 

Located: System.ini, crypt32chain

command: crypt32.dll

file: crypt32.dll

 

Located: System.ini, cryptnet

command: cryptnet.dll

file: cryptnet.dll

 

Located: System.ini, cscdll

command: cscdll.dll

file: cscdll.dll

 

Located: System.ini, igfxcui

command: igfxsrvc.dll

file: igfxsrvc.dll

 

Located: System.ini, ScCertProp

command: wlnotify.dll

file: wlnotify.dll

 

Located: System.ini, Schedule

command: wlnotify.dll

file: wlnotify.dll

 

Located: System.ini, sclgntfy

command: sclgntfy.dll

file: sclgntfy.dll

 

Located: System.ini, SensLogn

command: WlNotify.dll

file: WlNotify.dll

 

Located: System.ini, termsrv

command: wlnotify.dll

file: wlnotify.dll

 

Located: System.ini, WgaLogon

command: WgaLogon.dll

file: WgaLogon.dll

 

Located: System.ini, wlballoon

command: wlnotify.dll

file: wlnotify.dll

 

 

 

--- Browser helper object list ---

{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)

BHO name:

CLSID name: AcroIEHlprObj Class

description: Adobe Acrobat reader

classification: Legitimate

known filename: AcroIEhelper.ocx<br>AcroIEhelper.dll

info link: http://www.adobe.com/products/acrobat/readstep2.html

info source: TonyKlein

Path: C:\Program\Adobe\Acrobat 6.0\Reader\ActiveX Long name: AcroIEHelper.dll

Short name: ACROIE~1.DLL

Date (created): 2003-11-03 21:17:44

Date (last access): 2006-01-27 18:21:12

Date (last write): 2003-11-03 21:17:44

Filesize: 54248

Attributes: archive

MD5: FC7850324464E4D19A24A03D882B5CC4

CRC32: 452E8571

Version: 6.0.1.1091

 

{53707962-6F74-2D53-2644-206D7942484F} ()

BHO name:

CLSID name:

description: Spybot-S&D IE Browser plugin

classification: Legitimate

known filename: SDhelper.dll

info link: http://spybot.eon.net.au/

info source: Patrick M. Kolla

Path: C:\Program\SPYBOT~1 Long name: SDHelper.dll

Short name:

Date (created): 2005-11-10 22:58:36

Date (last access): 2006-01-27 17:33:36

Date (last write): 2005-05-31 01:04:00

Filesize: 853672

Attributes: archive

MD5: 250D787A5712D7768DDC133B3E477759

CRC32: D4589A41

Version: 1.4.0.0

 

{9ECB9560-04F9-4bbc-943D-298DDF1699E1} (Norton Internet Security)

BHO name: Norton Internet Security

CLSID name: CNisExtBho Class

description: NIS 2004,

classification: Legitimate

known filename: NISShExt.dll

info link: http://www.symantec.com/sabu/nis/nis_pe/

info source: TonyKlein

Path: C:\Program\Delade filer\Symantec Shared\AdBlocking Long name: NISShExt.dll

Short name:

Date (created): 2004-09-15 18:06:12

Date (last access): 2006-01-27 18:06:40

Date (last write): 2004-09-15 18:06:12

Filesize: 103552

Attributes: archive

MD5: AB001D62CB2C4B6E238511AFCE9361F5

CRC32: F21FE1C6

Version: 8.0.0.64

 

{BDF3E430-B101-42AD-A544-FADC6B084872} (NAV Helper)

BHO name: NAV Helper

CLSID name: CNavExtBho Class

description: Norton Antivirus

classification: Legitimate

known filename: NavShExt.dll

info link: http://www.symantec.com/nav/nav_9xnt/

info source: TonyKlein

Path: C:\Program\Norton Internet Security\Norton AntiVirus Long name: NAVSHEXT.DLL

Short name:

Date (created): 2004-09-08 10:53:12

Date (last access): 2006-01-27 17:33:36

Date (last write): 2005-11-29 14:25:30

Filesize: 218760

Attributes: archive

MD5: AAE28767F9AC6A32697765AA97F5AFC9

CRC32: E0C3B14A

Version: 11.0.16.2

 

 

 

--- ActiveX list ---

{04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control)

DPF name:

CLSID name: HouseCall Control

Installer: C:\WINDOWS\Downloaded Program Files\xscan60.inf

Codebase: http://housecall60.trendmicro.com/housecall/xscan60.cab'>http://housecall60.trendmicro.com/housecall/xscan60.cab

description:

classification: Legitimate

known filename: xscan60.ocx

info link:

info source: Safer Networking Ltd.

Path: C:\WINDOWS\DOWNLO~1 Long name: xscan60.ocx

Short name:

Date (created): 2005-05-03 11:45:54

Date (last access): 2006-01-27 16:27:28

Date (last write): 2005-05-03 11:45:54

Filesize: 475190

Attributes: archive

MD5: 145C288D55A91D6469223136EA93A406

CRC32: A36DBA2A

Version: 6.0.0.1261

 

{17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool)

DPF name:

CLSID name: Windows Genuine Advantage Validation Tool

Installer: C:\WINDOWS\Downloaded Program Files\LegitCheckControl.inf

Codebase: http://go.microsoft.com/fwlink/?linkid=39204'>http://go.microsoft.com/fwlink/?linkid=39204

description:

classification: Legitimate

known filename: LegitCheckControl.DLL

info link:

info source: Safer Networking Ltd.

Path: C:\WINDOWS\system32 Long name: LegitCheckControl.dll

Short name: LEGITC~1.DLL

Date (created): 2005-07-12 18:04:22

Date (last access): 2006-01-27 18:11:56

Date (last write): 2005-11-09 11:30:32

Filesize: 534280

Attributes: archive

MD5: 37B2092E98644ED842906D5B82754442

CRC32: EFFC266D

Version: 1.4.393.0

 

{2359626E-7524-4F87-B04E-22CD38A0C88C} (ICSScannerLight Class)

DPF name:

CLSID name: ICSScannerLight Class

Installer: C:\WINDOWS\Downloaded Program Files\ICSScannerLight.inf

Codebase: http://download.zonelabs.com/bin/free/cm/ICSCM.cab'>http://download.zonelabs.com/bin/free/cm/ICSCM.cab

description:

classification: Open for discussion

known filename: ICSScannerLight.dll

info link:

info source: Safer Networking Ltd.

Path: C:\WINDOWS\Downloaded Program Files Long name: ICSScannerLight.dll

Short name: ICSSCA~1.DLL

Date (created): 2004-03-29 16:42:32

Date (last access): 2006-01-27 18:02:20

Date (last write): 2004-03-29 16:42:32

Filesize: 786432

Attributes: archive

MD5: 1D9B3A211E5A3AE2BD77384A8A825410

CRC32: 6A70E9F6

Version: 1.0.5.1

 

{2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner)

DPF name:

CLSID name: Symantec AntiVirus scanner

Installer: C:\WINDOWS\Downloaded Program Files\avsniff.inf

Codebase: http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab'>http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab

description: Symantec online scanner

classification: Legitimate

known filename: AVSNIFF.DLL

info link:

info source: Patrick M. Kolla

Path: C:\WINDOWS\Downloaded Program Files Long name: avsniff.dll

Short name:

Date (created): 2005-11-17 14:03:22

Date (last access): 2006-01-27 18:02:18

Date (last write): 2005-11-17 14:03:22

Filesize: 202400

Attributes: archive

MD5: BCE679811E5A7441A24C250803A87F26

CRC32: B9D953A5

Version: 2004.12.14.55

 

{644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class)

DPF name:

CLSID name: Symantec RuFSI Utility Class

Installer: C:\WINDOWS\Downloaded Program Files\CabSA.inf

Codebase: http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab'>http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab

description:

classification: Legitimate

known filename: rufsi.dll

info link:

info source: Safer Networking Ltd.

Path: C:\WINDOWS\Downloaded Program Files Long name: rufsi.dll

Short name:

Date (created): 2005-11-17 14:03:36

Date (last access): 2006-01-27 18:02:20

Date (last write): 2005-11-17 14:03:36

Filesize: 161480

Attributes: archive

MD5: 1A3A17DEC5DB03CD99ADCF3DABD4A3D0

CRC32: A399EBC2

Version: 2004.6.23.42

 

{94EB57FE-2720-496C-B33F-D9353C6E23F7} (F-Secure Online Scanner 2.1)

DPF name:

CLSID name: F-Secure Online Scanner 2.1

Installer:

Codebase: http://support.f-secure.com/ols/fscax.cab'>http://support.f-secure.com/ols/fscax.cab

Path: C:\WINDOWS\Downloaded Program Files Long name: fscax.dll

Short name:

Date (created): 2005-12-08 15:29:02

Date (last access): 2006-01-27 18:02:20

Date (last write): 2005-12-08 15:29:02

Filesize: 652736

Attributes: archive

MD5: C5C7A32B7BFBD919CDE78F340815DB26

CRC32: 3A1561D8

Version: 2.1.1.0

 

 

 

--- Process list ---

PID: 0 ( 0) [system]

PID: 552 ( 4) \SystemRoot\System32\smss.exe

PID: 604 ( 552) \??\C:\WINDOWS\system32\csrss.exe

PID: 628 ( 552) \??\C:\WINDOWS\SYSTEM32\winlogon.exe

PID: 680 ( 628) C:\WINDOWS\system32\services.exe

size: 108032

MD5: 0DF00535E2F5AEFAEAD3A800F75137AF

PID: 692 ( 628) C:\WINDOWS\system32\lsass.exe

size: 13312

MD5: BA428312D9A0726E4C07C2037E882520

PID: 864 ( 680) C:\WINDOWS\system32\svchost.exe

size: 14336

MD5: 22D8A75754B7B9ECC4753E3C09A56B18

PID: 928 ( 680) C:\WINDOWS\system32\svchost.exe

size: 14336

MD5: 22D8A75754B7B9ECC4753E3C09A56B18

PID: 1008 ( 680) C:\WINDOWS\System32\svchost.exe

size: 14336

MD5: 22D8A75754B7B9ECC4753E3C09A56B18

PID: 1056 ( 680) C:\WINDOWS\system32\svchost.exe

size: 14336

MD5: 22D8A75754B7B9ECC4753E3C09A56B18

PID: 1152 ( 680) C:\WINDOWS\system32\svchost.exe

size: 14336

MD5: 22D8A75754B7B9ECC4753E3C09A56B18

PID: 1204 ( 680) C:\Program\Delade filer\Symantec Shared\ccProxy.exe

size: 235120

MD5: CAD1447217E90DFE6629989781B86A1A

PID: 1232 ( 680) C:\Program\Delade filer\Symantec Shared\ccSetMgr.exe

size: 181872

MD5: 4BE62B29494D7E7A8910DD4017F2DB77

PID: 1260 ( 680) C:\Program\Norton Internet Security\ISSVC.exe

size: 83584

MD5: 64BC5239264896C8D8FCE558CFBA029B

PID: 1272 ( 680) C:\Program\Delade filer\Symantec Shared\SNDSrvc.exe

size: 206552

MD5: 443E397643965E08C5AB6A6CAA732B97

PID: 1432 ( 680) C:\Program\Delade filer\Symantec Shared\ccEvtMgr.exe

size: 198256

MD5: 5CA41885BEC5BB5F2FAFB70AD300992B

PID: 1552 (1512) C:\WINDOWS\Explorer.EXE

size: 1032704

MD5: 87A3C8EAD27CF3591713D629D8BCB990

PID: 1860 ( 680) C:\WINDOWS\system32\spoolsv.exe

size: 57856

MD5: DA81EC57ACD4CDC3D4C51CF3D409AF9F

PID: 320 ( 680) C:\WINDOWS\system32\CTSvcCDA.EXE

size: 44032

MD5: 3C8B6609712F4FF78E521F6DCFC4032B

PID: 400 ( 680) c:\Program\Delade filer\LightScribe\LSSrvc.exe

size: 38912

MD5: 75F8FDF480DBED5358188E0EAA2020D9

PID: 428 ( 680) C:\Program\Norton Internet Security\Norton AntiVirus\navapsvc.exe

size: 177288

MD5: 1DDDD368C8BFD34892557AC8D5CF90E0

PID: 456 ( 680) C:\WINDOWS\system32\nvsvc32.exe

size: 131139

MD5: A3B67AA9F60533557FD9141BCA9FA4A9

PID: 760 ( 680) C:\WINDOWS\system32\svchost.exe

size: 14336

MD5: 22D8A75754B7B9ECC4753E3C09A56B18

PID: 988 ( 680) C:\Program\Delade filer\Symantec Shared\CCPD-LC\symlcsvc.exe

size: 819352

MD5: F11341CD0D1DC5EFF5FEFFCC7424984E

PID: 1088 ( 680) C:\WINDOWS\system32\wdfmgr.exe

size: 38912

MD5: AB0A7CA90D9E3D6A193905DC1715DED0

PID: 1188 ( 680) C:\WINDOWS\system32\MsPMSPSv.exe

size: 53520

MD5: 581176F60885AEF8F78C6E38DCC3CDF9

PID: 1400 ( 680) c:\Program\Delade filer\Symantec Shared\Security Center\SymWSC.exe

size: 316544

MD5: 67C5AF84809468061121FBCBECB19285

PID: 2308 ( 680) C:\WINDOWS\System32\alg.exe

size: 44544

MD5: 674AD0546272F9ADB8028B9CA0D0658F

PID: 2336 (1552) C:\windows\system\hpsysdrv.exe

size: 52736

MD5: 06A1ECB63DF139EC639E084D4AB3C9D7

PID: 2436 (1552) C:\Program\Delade filer\Symantec Shared\ccApp.exe

size: 58992

MD5: 823C748837BF1F57F151BDB6035FB7B5

PID: 3980 (1552) C:\Program\Spybot - Search & Destroy\SpybotSD.exe

size: 4393096

MD5: 09CA174A605B480318731E691DC98539

PID: 4000 (1552) C:\Program\Mozilla Firefox\firefox.exe

size: 7162979

MD5: F375D4684A1F72D279A7CFA7A5DE1A9C

PID: 3676 ( 864) C:\Program\Messenger\msmsgs.exe

size: 1694208

MD5: 74E6E96C6F0E2ECA4EDBB7F7A468F259

PID: 4 ( 0) System

 

 

--- Browser start & search pages list ---

Spybot - Search & Destroy browser pages report, 2006-01-27 18:28:27

 

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Local Page

C:\WINDOWS\system32\blank.htm

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Page

http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=SV_SE&c=Q105&bd=pavilion&pf=desktop'>http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=SV_SE&c=Q105&bd=pavilion&pf=desktop'>http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=SV_SE&c=Q105&bd=pavilion&pf=desktop'>http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=SV_SE&c=Q105&bd=pavilion&pf=desktop'>http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=SV_SE&c=Q105&bd=pavilion&pf=desktop'>http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=SV_SE&c=Q105&bd=pavilion&pf=desktop'>http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=SV_SE&c=Q105&bd=pavilion&pf=desktop'>http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=SV_SE&c=Q105&bd=pavilion&pf=desktop'>http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=SV_SE&c=Q105&bd=pavilion&pf=desktop'>http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=SV_SE&c=Q105&bd=pavilion&pf=desktop'>http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=SV_SE&c=Q105&bd=pavilion&pf=desktop'>http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=SV_SE&c=Q105&bd=pavilion&pf=desktop

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Bar

http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=SV_SE&c=Q105&bd=pavilion&pf=desktop

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page

http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome'>http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Default_Search_URL

http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=SV_SE&c=Q105&bd=pavilion&pf=desktop

HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Local Page

%SystemRoot%\system32\blank.htm

HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Page

http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=SV_SE&c=Q105&bd=pavilion&pf=desktop

HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Bar

http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=SV_SE&c=Q105&bd=pavilion&pf=desktop

HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Start Page

http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home

HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Page_URL

http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome

HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Search_URL

http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=SV_SE&c=Q105&bd=pavilion&pf=desktop

HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\SearchAssistant

http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\CustomizeSearch

http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm

 

 

--- Winsock Layered Service Provider list ---

Protocol 0: MSAFD Tcpip [TCP/IP]

GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}

Filename: %SystemRoot%\system32\mswsock.dll

Description: Microsoft Windows NT/2k/XP IP protocol

DB filename: %SystemRoot%\system32\mswsock.dll

DB protocol: MSAFD Tcpip [*]

 

Protocol 1: MSAFD Tcpip [uDP/IP]

GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}

Filename: %SystemRoot%\system32\mswsock.dll

Description: Microsoft Windows NT/2k/XP IP protocol

DB filename: %SystemRoot%\system32\mswsock.dll

DB protocol: MSAFD Tcpip [*]

 

Protocol 2: MSAFD Tcpip [RAW/IP]

GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}

Filename: %SystemRoot%\system32\mswsock.dll

Description: Microsoft Windows NT/2k/XP IP protocol

DB filename: %SystemRoot%\system32\mswsock.dll

DB protocol: MSAFD Tcpip [*]

 

Protocol 3: RSVP UDP Service Provider

GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}

Filename: %SystemRoot%\system32\rsvpsp.dll

Description: Microsoft Windows NT/2k/XP RVSP

DB filename: %SystemRoot%\system32\rsvpsp.dll

DB protocol: RSVP * Service Provider

 

Protocol 4: RSVP TCP Service Provider

GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}

Filename: %SystemRoot%\system32\rsvpsp.dll

Description: Microsoft Windows NT/2k/XP RVSP

DB filename: %SystemRoot%\system32\rsvpsp.dll

DB protocol: RSVP * Service Provider

 

Protocol 5: MSAFD NetBIOS [\Device\NetBT_Tcpip_{AD9F55DE-5EB8-4278-B163-184813051B60}] SEQPACKET 5

GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}

Filename: %SystemRoot%\system32\mswsock.dll

Description: Microsoft Windows NT/2k/XP NetBios protocol

DB filename: %SystemRoot%\system32\mswsock.dll

DB protocol: MSAFD NetBIOS *

 

Protocol 6: MSAFD NetBIOS [\Device\NetBT_Tcpip_{AD9F55DE-5EB8-4278-B163-184813051B60}] DATAGRAM 5

GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}

Filename: %SystemRoot%\system32\mswsock.dll

Description: Microsoft Windows NT/2k/XP NetBios protocol

DB filename: %SystemRoot%\system32\mswsock.dll

DB protocol: MSAFD NetBIOS *

 

Protocol 7: MSAFD NetBIOS [\Device\NetBT_Tcpip_{C25EFA7D-4378-474F-9888-758C39E356C2}] SEQPACKET 4

GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}

Filename: %SystemRoot%\system32\mswsock.dll

Description: Microsoft Windows NT/2k/XP NetBios protocol

DB filename: %SystemRoot%\system32\mswsock.dll

DB protocol: MSAFD NetBIOS *

 

Protocol 8: MSAFD NetBIOS [\Device\NetBT_Tcpip_{C25EFA7D-4378-474F-9888-758C39E356C2}] DATAGRAM 4

GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}

Filename: %SystemRoot%\system32\mswsock.dll

Description: Microsoft Windows NT/2k/XP NetBios protocol

DB filename: %SystemRoot%\system32\mswsock.dll

DB protocol: MSAFD NetBIOS *

 

Protocol 9: MSAFD NetBIOS [\Device\NetBT_Tcpip_{2A6F0F2E-F949-4853-826D-0831EB2D9051}] SEQPACKET 3

GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}

Filename: %SystemRoot%\system32\mswsock.dll

Description: Microsoft Windows NT/2k/XP NetBios protocol

DB filename: %SystemRoot%\system32\mswsock.dll

DB protocol: MSAFD NetBIOS *

 

Protocol 10: MSAFD NetBIOS [\Device\NetBT_Tcpip_{2A6F0F2E-F949-4853-826D-0831EB2D9051}] DATAGRAM 3

GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}

Filename: %SystemRoot%\system32\mswsock.dll

Description: Microsoft Windows NT/2k/XP NetBios protocol

DB filename: %SystemRoot%\system32\mswsock.dll

DB protocol: MSAFD NetBIOS *

 

Protocol 11: MSAFD NetBIOS [\Device\NetBT_Tcpip_{A4E6F39D-C2D2-4D68-8332-49EDAEC92C5B}] SEQPACKET 0

GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}

Filename: %SystemRoot%\system32\mswsock.dll

Description: Microsoft Windows NT/2k/XP NetBios protocol

DB filename: %SystemRoot%\system32\mswsock.dll

DB protocol: MSAFD NetBIOS *

 

Protocol 12: MSAFD NetBIOS [\Device\NetBT_Tcpip_{A4E6F39D-C2D2-4D68-8332-49EDAEC92C5B}] DATAGRAM 0

GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}

Filename: %SystemRoot%\system32\mswsock.dll

Description: Microsoft Windows NT/2k/XP NetBios protocol

DB filename: %SystemRoot%\system32\mswsock.dll

DB protocol: MSAFD NetBIOS *

 

Protocol 13: MSAFD NetBIOS [\Device\NetBT_Tcpip_{A919080A-EB70-449D-86F2-D0E03E1ACDAC}] SEQPACKET 1

GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}

Filename: %SystemRoot%\system32\mswsock.dll

Description: Microsoft Windows NT/2k/XP NetBios protocol

DB filename: %SystemRoot%\system32\mswsock.dll

DB protocol: MSAFD NetBIOS *

 

Protocol 14: MSAFD NetBIOS [\Device\NetBT_Tcpip_{A919080A-EB70-449D-86F2-D0E03E1ACDAC}] DATAGRAM 1

GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}

Filename: %SystemRoot%\system32\mswsock.dll

Description: Microsoft Windows NT/2k/XP NetBios protocol

DB filename: %SystemRoot%\system32\mswsock.dll

DB protocol: MSAFD NetBIOS *

 

Protocol 15: MSAFD NetBIOS [\Device\NetBT_Tcpip_{78FE1FB3-0CC5-4458-9D42-1AA5B2D5D324}] SEQPACKET 2

GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}

Filename: %SystemRoot%\system32\mswsock.dll

Description: Microsoft Windows NT/2k/XP NetBios protocol

DB filename: %SystemRoot%\system32\mswsock.dll

DB protocol: MSAFD NetBIOS *

 

Protocol 16: MSAFD NetBIOS [\Device\NetBT_Tcpip_{78FE1FB3-0CC5-4458-9D42-1AA5B2D5D324}] DATAGRAM 2

GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}

Filename: %SystemRoot%\system32\mswsock.dll

Description: Microsoft Windows NT/2k/XP NetBios protocol

DB filename: %SystemRoot%\system32\mswsock.dll

DB protocol: MSAFD NetBIOS *

 

Namespace Provider 0: Tcpip

GUID: {22059D40-7E9E-11CF-AE5A-00AA00A7112B}

Filename: %SystemRoot%\System32\mswsock.dll

Description: Microsoft Windows NT/2k/XP TCP/IP name space provider

DB filename: %SystemRoot%\system32\mswsock.dll

DB protocol: TCP/IP

 

Namespace Provider 1: NTDS

GUID: {3B2637EE-E580-11CF-A555-00C04FD8D4AC}

Filename: %SystemRoot%\System32\winrnr.dll

Description: Microsoft Windows NT/2k/XP name space provider

DB filename: %SystemRoot%\system32\winrnr.dll

DB protocol: NTDS

 

Namespace Provider 2: Namnområde för NLA (Network Location Awareness)

GUID: {6642243A-3BA8-4AA6-BAA5-2E0BD71FDD83}

Filename: %SystemRoot%\System32\mswsock.dll

Description: Microsoft Windows NT/2k/XP name space provider

DB filename: %SystemRoot%\system32\mswsock.dll

DB protocol: NLA-Namespace

[/log]

 

 

 

 

 

Hijack:

 

[log]Logfile of HijackThis v1.99.1

Scan saved at 18:29:33, on 2006-01-27

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\SYSTEM32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program\Delade filer\Symantec Shared\ccProxy.exe

C:\Program\Delade filer\Symantec Shared\ccSetMgr.exe

C:\Program\Norton Internet Security\ISSVC.exe

C:\Program\Delade filer\Symantec Shared\SNDSrvc.exe

C:\Program\Delade filer\Symantec Shared\ccEvtMgr.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\CTSvcCDA.EXE

c:\Program\Delade filer\LightScribe\LSSrvc.exe

C:\Program\Norton Internet Security\Norton AntiVirus\navapsvc.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost.exe

C:\Program\Delade filer\Symantec Shared\CCPD-LC\symlcsvc.exe

C:\WINDOWS\system32\MsPMSPSv.exe

c:\Program\Delade filer\Symantec Shared\Security Center\SymWSC.exe

C:\windows\system\hpsysdrv.exe

C:\Program\Delade filer\Symantec Shared\ccApp.exe

C:\Program\Mozilla Firefox\firefox.exe

C:\Program\Messenger\msmsgs.exe

C:\Program\Hijackthis\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=SV_SE&c=Q105&bd=pavilion&pf=desktop

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=SV_SE&c=Q105&bd=pavilion&pf=desktop

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=SV_SE&c=Q105&bd=pavilion&pf=desktop

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=SV_SE&c=Q105&bd=pavilion&pf=desktop

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=SV_SE&c=Q105&bd=pavilion&pf=desktop

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=SV_SE&c=Q105&bd=pavilion&pf=desktop

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program\SPYBOT~1\SDHelper.dll

O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program\Delade filer\Symantec Shared\AdBlocking\NISShExt.dll

O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program\Norton Internet Security\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: HP-vy - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program\HP\Digital Imaging\bin\HPDTLK02.dll

O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program\Delade filer\Symantec Shared\AdBlocking\NISShExt.dll

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program\Norton Internet Security\Norton AntiVirus\NavShExt.dll

O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HPHUPD06] c:\Program\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe

O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE

O4 - HKLM\..\Run: [siSPower] Rundll32.exe SiSPower.dll,ModeAgent

O4 - HKLM\..\Run: [updReg] C:\WINDOWS\UpdReg.EXE

O4 - HKLM\..\Run: [symantec NetDriver Monitor] C:\Program\SYMNET~1\SNDMon.exe /Consumer

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [ccApp] "C:\Program\Delade filer\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKCU\..\Run: [MSMSGS] "C:\Program\Messenger\msmsgs.exe" /background

O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\j2re1.4.2_03\bin\npjpi142_03.dll

O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\j2re1.4.2_03\bin\npjpi142_03.dll

O9 - Extra button: Referensinformation - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program\MICROS~2\OFFICE11\REFIEBAR.DLL

O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {2359626E-7524-4F87-B04E-22CD38A0C88C} (ICSScannerLight Class) - http://download.zonelabs.com/bin/free/cm/ICSCM.cab

O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab

O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab

O16 - DPF: {94EB57FE-2720-496C-B33F-D9353C6E23F7} (F-Secure Online Scanner 2.1) - http://support.f-secure.com/ols/fscax.cab

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\Program\MSNMES~1\msgrapp.dll" (file missing)

O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccProxy.exe

O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccPwdSvc.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccSetMgr.exe

O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTSvcCDA.EXE

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program\Delade filer\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPodService - Unknown owner - C:\Program\iPod\bin\iPodService.exe (file missing)

O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program\Norton Internet Security\ISSVC.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - c:\Program\Delade filer\LightScribe\LSSrvc.exe

O23 - Service: Norton AntiVirus Auto Protect-tjänst (navapsvc) - Symantec Corporation - C:\Program\Norton Internet Security\Norton AntiVirus\navapsvc.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:\Program\SiSoftware\SiSoftware Sandra Lite 2005.SR3\RpcDataSrv.exe

O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:\Program\SiSoftware\SiSoftware Sandra Lite 2005.SR3\RpcSandraSrv.exe

O23 - Service: SAVScan - Symantec Corporation - C:\Program\Norton Internet Security\Norton AntiVirus\SAVScan.exe

O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\Program\DELADE~1\SYMANT~1\SCRIPT~1\SBServ.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\SNDSrvc.exe

O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\SPBBC\SPBBCSvc.exe

O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\CCPD-LC\symlcsvc.exe

O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - c:\Program\Delade filer\Symantec Shared\Security Center\SymWSC.exe

[/log]

 

 

 

[inlägget ändrat 2006-01-27 18:52:50 av Anders N]

Dela detta inlägg


Länk till inlägg
Dela på andra webbplatser
Cecilia

Jag ser inget i HijackThis-loggen längre.

 

Windows Security Center.FirewallDisableNotify

Windows Security Center.AntiVirusDisableNotify

beror på att du har ändrat i inställningarna i Säkerhetscentret från de normala mest säkra inställningarna. Om du i stället vill att Säkerhetscentret ska varna (nofify) dig om brandvägg resp. antivirus är inaktiverade (disabled) så gå till Säkerhetscentret och slå på varningarna så kommer Spybot att sluta klaga.

 

För övrigt syns inget konstigt i Spybot-loggen.

 

Kan jag nu på något sätt kolla att allt skit försvunnit?

Säker till 100 % är det ju alltid svårt att vara. Men om du följer tipsen nedan så kan du vara säker så långt det går. Du har ju en brandvägg också (som inte är XPs egna) och den lär väl varna om det är något illasinnat i farten som vill använda sig av internet.

 

För att undvika problem med otrevligheter i framtiden så kommer här mina vanliga råd för en säkrare dator.

 

Uppdatera från Windows Update och kör antispionprogrammen Ad-aware och Spybot S&D regelbundet.

http://www.lavasoft.com

http://www.safer-networking.org/en/download/index.html

 

Komplettera antivirusprogrammet med några online-skanningar då och då:

http://housecall.trendmicro.com/

http://www.pandasoftware.com/products/activescan/

 

Använd en brandvägg (annan än den inbyggda i XP), finns gratis från t ex ZoneLabs.

http://www.zonelabs.com/store/content/home.jsp

 

Om man använder Internet Explorer så kan det vara lämpligt att ha programmen SpywareBlaster och SpywareGuard, vilka hindrar en hel del otrevliga program från att laddas ner resp. köras:

http://www.javacoolsoftware.com

 

Se över säkerhetsinställningarna i Internet Explorer, det finns en hel del tips här:

https://netfiles.uiuc.edu/ehowes/www/btw/ie/ie-opts.htm

 

Samt kör IE-SpyAd som lägger en hel massa otrevliga webbplatser i zonen Ej tillförlitliga i Internet Explorer så att de inte kan göra något med datorn:

https://netfiles.uiuc.edu/ehowes/www/resource.htm

 

Om man byter webbläsare så är det bara SpywareGuard som behövs. Andra webbläsare är t ex Mozilla Firefox och Opera:

http://www.mozilla.org

http://www.opera.com

 

Allt gratis för hemanvändare/personligt bruk.

 

Dela detta inlägg


Länk till inlägg
Dela på andra webbplatser

Skapa ett konto eller logga in för att kommentera

Du måste vara medlem för att kunna kommentera

Skapa ett konto

Skapa ett nytt konto på vårt forum. Det är lätt!

Registrera ett nytt konto

Logga in

Redan medlem? Logga in här.

Logga in nu



×
×
  • Skapa nytt...