Till Cecilia ;)

[kingmooze]

Hej!

 

Tack för att du tar dig tid att kolla!

 

//Daniel

 

Här är nu loggen då:

 

[log]Logfile of HijackThis v1.99.1

Scan saved at 16:44:32, on 2006-12-18

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program\Alwil Software\Avast4\aswUpdSv.exe

C:\Program\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\svchosts.exe

C:\Program\Delade filer\Microsoft Shared\VS7DEBUG\mdm.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\oodag.exe

C:\Program\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\Tablet.exe

C:\WINDOWS\system32\UAService7.exe

C:\Program\Alwil Software\Avast4\ashMaiSv.exe

C:\Program\Alwil Software\Avast4\ashWebSv.exe

C:\Program\DAEMON Tools\daemon.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program\Microsoft IntelliPoint\ipoint.exe

C:\Program\Alwil Software\Avast4\ashDisp.exe

C:\WINDOWS\system32\WDBtnMgr.exe

C:\Program\Microsoft IntelliType Pro\type32.exe

C:\Program\Delade filer\{38B9853F-089C-1053-0329-04062803002e}\Update.exe

C:\Program\Bluetack\ProtoWall\ProtoWall.exe

C:\Program\Messenger\msmsgs.exe

C:\Program\Nikon\NkView6\NkvMon.exe

C:\WINDOWS\system32\WTablet\TabUserW.exe

C:\WINDOWS\explorer.exe

C:\Program\Spyware Terminator\SpywareTerminator.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program\Outlook Express\msimn.exe

C:\Documents and Settings\Administratör\Skrivbord\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar

R3 - URLSearchHook: (no name) - {F2ADC15D-50C4-286E-9F1B-09E52D1C1591} - C:\WINDOWS\system32\buidzy.dll (file missing)

F2 - REG:system.ini: Shell=

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program\Java\jre1.5.0_06\bin\ssv.dll

O2 - BHO: Bar888 - {C1B4DEC2-2623-438e-9CA2-C9043AB28508} - C:\Program\DELADE~1\{38B98~1\Bar888.dll

O2 - BHO: (no name) - {F2ADC15D-50C4-286E-9F1B-09E52D1C1591} - C:\WINDOWS\system32\buidzy.dll (file missing)

O3 - Toolbar: Bar888 - {C1B4DEC2-2623-438e-9CA2-C9043AB28508} - C:\Program\DELADE~1\{38B98~1\Bar888.dll

O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program\DAEMON Tools\daemon.exe" -lang 1033

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent

O4 - HKLM\..\Run: [intelliPoint] "C:\Program\Microsoft IntelliPoint\ipoint.exe"

O4 - HKLM\..\Run: [Avast!] C:\Program\Alwil Software\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [WD Button Manager] WDBtnMgr.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [type32] "C:\Program\Microsoft IntelliType Pro\type32.exe"

O4 - HKLM\..\Run: [{38B9853F-089C-1053-0329-04062803002e}] "C:\Program\Delade filer\{38B9853F-089C-1053-0329-04062803002e}\Update.exe" mc-110-12-0001291

O4 - HKLM\..\Run: [{38B9853F-089D-1053-0329-04062803002e}] "C:\Program\Delade filer\{38B9853F-089D-1053-0329-04062803002e}\Update.exe" mc-110-12-0001291

O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto

O4 - HKCU\..\Run: [ProtoWall] C:\Program\Bluetack\ProtoWall\ProtoWall.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Program\Messenger\msmsgs.exe" /background

O4 - Startup: Adobe Gamma.lnk = C:\Program\Delade filer\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program\Microsoft Office\Office10\OSA.EXE

O4 - Global Startup: NkvMon.exe.lnk = C:\Program\Nikon\NkView6\NkvMon.exe

O4 - Global Startup: TabUserW.exe.lnk = C:\WINDOWS\system32\WTablet\TabUserW.exe

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Toolbars\Restrictions present

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra button: Natural Reader - {0DF757C4-9999-463C-A4EB-B6BF1D8D8D3D} - C:\Program\NaturalReaders\Natural Voice Text To Speech Software Standard\read.html

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program\MIC273~1\Office12\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by115fd.bay115.hotmail.msn.com/resources/MsnPUpld.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1136822709091

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab

O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab

O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program\Delade filer\Microsoft Shared\Help\hxds.dll

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program\MSNMES~1\MSGRAP~1.DLL

O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program\DELADE~1\MICROS~1\OFFICE12\MSOXMLMF.DLL

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program\Delade filer\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - Unknown owner - C:\Program\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Program\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: COM+ Messages - Unknown owner - C:\WINDOWS\system32\svchosts.exe" -e mc-110-12-0001291 (file missing)

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program\Delade filer\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPodService - Apple Computer, Inc. - C:\Program\iPod\bin\iPodService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe

O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)

O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:\Program\SiSoftware\SiSoftware Sandra Pro Home 2007.SP1\Win32\RpcDataSrv.exe

O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:\Program\SiSoftware\SiSoftware Sandra Pro Home 2007.SP1\RpcSandraSrv.exe

O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe

O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\WINDOWS\system32\UAService7.exe

[/log]

 

 

 

[bild bifogad 2006-12-18 18:23:31 av kingmooze]

[Cecilia]

Gå till http://www.virustotal.com/ klistra in ett av följande filnamn i rutan, tryck på Send och vänta tills resultatet är klart (Status blir Finished). Klistra in resultatet (inkl. filstorlek) här. Upprepa med nästa filnamn.

C:\WINDOWS\system32\svchosts.exe

 

HijackThis ska ligga i sin egen mapp så att dess säkerhetskopior inte kommer bort. Antingen skapar du en ny mapp dit du flyttar HijackThis eller så installerar du denna variant av HijackThis:

http://www.thespykiller.co.uk/files/HJTsetup.exe

 

Spyware Terminator vet jag för lite om för att rekommendera vad man ska göra med det. Jag väljer i stället detta program i detta fall:

Ladda hem och installera gratisversionen av SUPERAntiSpyware Free Edition:

http://www.superantispyware.com/download.html

Starta programmet, klicka på Check for updates.

Avsluta programmet när uppdateringen är klar.

 

Starta om datorn i felsäkert läge (tryck F8 upprepade gånger under uppstarten och välj felsäkert läge i menyn).

 

Starta SUPERAntiSpyware och klicka på Scan your Computer.

Bocka för alla hårddiskar (fixed drive/disk).

Välj Perform complete scan

Nästa/Next

 

När skanningen är klar som kommer det upp en sammanfattning, tryck på OK

Nästa/Next

Utför eller liknande

Ett fönster med Quarantine and removal Complete kommer upp

OK

Utför eller liknande

Avsluta programmet.

 

Starta om i normalt läge.

 

Starta programmet, tryck på Preferences, välj filken Statistics/Logs

Dubbelklicka på den nyaste SUPERAntiSpyware Scan Log så att loggen kommer upp i Anteckningar.

Klistra in loggen i ditt svar samt en ny HijackThis-logg.

 

[kingmooze]

Hej!

 

Här kommer nya loggar o info efter att ha gjort som du sa.

 

Jag får upp via Avast! detta mess: C:\DOCUME~1\ADMINI~1\LOKALA~1\Temp\b116.exe (Win32:Adware-gen. [Adw]).

Det är då b116.exe som är skum men jag har tagit bort det flera gg... Ja, tydligen inte då..

Jag har en "extra" explorer.exe som ligger i mina dokument som jag inte kommer åt.

Den ligger i en under mapp som verkar heta w?ndows.

Hittar inget om det men den finns där iaf.

 

Jag trodde jag fick bort svcdhosts.exe men tydligen inte.

Här är det jag kunde kopiera från sidan du sa (alla andra progg sa att den var ren):

 

Norman 5.80.02 12.18.2006 W32/Softomate.EH.dropper

Panda 9.0.0.4 12.18.2006 Adware/Mytoolbar

Prevx1 V2 12.19.2006 Trojan.SystemPoser

 

 

 

Aditional Information

File size: 36864 bytes

MD5: 3fe5755470a1c9c223ac25944c0161fd

SHA1: 36c92adc1ca2ee0211124187cb2678c008b85958

 

 

Jag har nyss haft en fulingfil som hette scvhost.exe som jag tror är borta.

Om du nu behövde veta det!

 

 

***********************************************************

 

 

Här är en logg från Avast! om den är bra att ha:

*

* avast! Report

* This file is generated automatically

*

* Task 'Scanna C: med alla rar osv.' used

* Started on den 18 december 2006 19:26:49

* VPS: 0659-1, 2006-12-16

*

 

C:\Documents and Settings\Administratör\Lokala inställningar\Application Data\Microsoft\Windows\UsrClass.dat [E] Det går inte att komma åt filen eftersom den (32)

C:\Documents and Settings\Administratör\Lokala inställningar\Application Data\Microsoft\Windows\UsrClass.dat.LOG [E] Det går inte att komma åt filen eftersom den (32)

C:\Documents and Settings\Administratör\Mina dokument\M?crosoft\explorer.exe\[uPX] [L] Win32:Purityscan-Q [Trj] (0)

C:\Documents and Settings\Administratör\NTUSER.DAT [E] Det går inte att komma åt filen eftersom den (32)

C:\Documents and Settings\Administratör\NTUSER.DAT.LOG [E] Det går inte att komma åt filen eftersom den (32)

Infected files: 1

Total files: 28294

Total folders: 1423

Total size: 22,6 GB

 

*

* Task stopped: den 18 december 2006 20:25:08

* Run-time was 58 minute(s), 19 second(s)

 

 

 

**************************************************************

 

 

 

 

SUPERAntiSpyware Scan Log

Generated 12/18/2006 at 11:44 PM

 

Application Version : 3.4.1000

 

Core Rules Database Version : 3149

Trace Rules Database Version: 1165

 

Scan type : Complete Scan

Total Scan Time : 00:20:06

 

Memory items scanned : 167

Memory threats detected : 0

Registry items scanned : 7066

Registry threats detected : 36

File items scanned : 26004

File threats detected : 10

 

Trojan.Update-Mcboo

[{38B9853F-089C-1053-0329-04062803002e}] C:\PROGRAM\DELADE FILER\{38B9853F-089C-1053-0329-04062803002E}\UPDATE.EXE

C:\PROGRAM\DELADE FILER\{38B9853F-089C-1053-0329-04062803002E}\UPDATE.EXE

[{38B9853F-089D-1053-0329-04062803002e}] C:\PROGRAM\DELADE FILER\{38B9853F-089D-1053-0329-04062803002E}\UPDATE.EXE

C:\PROGRAM\DELADE FILER\{38B9853F-089D-1053-0329-04062803002E}\UPDATE.EXE

C:\WINDOWS\Prefetch\UPDATE.EXE-0AA67669.pf

 

Unclassified.Oreans32

HKLM\System\ControlSet003\Services\oreans32

C:\WINDOWS\SYSTEM32\DRIVERS\OREANS32.SYS

HKLM\System\ControlSet004\Services\oreans32

HKLM\System\CurrentControlSet\Services\oreans32

HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32

HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32#NextInstance

HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32\0000

HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32\0000#Service

HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32\0000#Legacy

HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32\0000#ConfigFlags

HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32\0000#Class

HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32\0000#ClassGUID

HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32\0000#DeviceDesc

HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32\0000#Capabilities

HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32\0000#Driver

HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32\0000\LogConf

HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32\0000\Control

HKLM\SYSTEM\CurrentControlSet\Services\oreans32#Type

HKLM\SYSTEM\CurrentControlSet\Services\oreans32#Start

HKLM\SYSTEM\CurrentControlSet\Services\oreans32#ErrorControl

HKLM\SYSTEM\CurrentControlSet\Services\oreans32#ImagePath

HKLM\SYSTEM\CurrentControlSet\Services\oreans32#DisplayName

HKLM\SYSTEM\CurrentControlSet\Services\oreans32\Security

HKLM\SYSTEM\CurrentControlSet\Services\oreans32\Security#Security

HKLM\SYSTEM\CurrentControlSet\Services\oreans32\Enum

HKLM\SYSTEM\CurrentControlSet\Services\oreans32\Enum#0

HKLM\SYSTEM\CurrentControlSet\Services\oreans32\Enum#Count

HKLM\SYSTEM\CurrentControlSet\Services\oreans32\Enum#NextInstance

 

Adware.Toolbar888

HKCR\CLSID\{C1B4DEC2-2623-438E-9CA2-C9043AB28508}

HKCR\CLSID\{C1B4DEC2-2623-438E-9CA2-C9043AB28508}\InprocServer32

HKCR\CLSID\{C1B4DEC2-2623-438E-9CA2-C9043AB28508}\InprocServer32#ThreadingModel

HKCR\CLSID\{C1B4DEC2-2623-438E-9CA2-C9043AB28508}\ProgID

HKCR\CLSID\{C1B4DEC2-2623-438E-9CA2-C9043AB28508}\Programmable

HKCR\CLSID\{C1B4DEC2-2623-438E-9CA2-C9043AB28508}\TypeLib

HKCR\CLSID\{C1B4DEC2-2623-438E-9CA2-C9043AB28508}\VersionIndependentProgID

 

Unclassified.Unknown Origin/System

C:\DOCUMENTS AND SETTINGS\ADMINISTRATöR\LOKALA INSTäLLNINGAR\TEMP\B116.EXE

 

Trojan.Freeprod

C:\DOCUMENTS AND SETTINGS\ADMINISTRATöR\SKRIVBORD\DOWNLOAD\WINDOWS.GENUINE.ADVANTAGE.VALIDATION.V1.5.723.1.CRACKED-ETH0\PATCH.EXE (denna ser mindre bra ut Ska den verkligen bort?)

 

Trojan.Hacktool

C:\PROGRAM\DELADE FILER\{38B9853F-089C-1053-0329-04062803002E}\SYSTEM.DLL

C:\PROGRAM\DELADE FILER\{38B9853F-089D-1053-0329-04062803002E}\SYSTEM.DLL

C:\RECYCLER\S-1-5-18\DC1\SYSTEM.DLL

C:\RECYCLER\S-1-5-18\DC2\SYSTEM.DLL

 

 

 

 

 

 

 

*******************************************************************************

 

 

 

[log]Logfile of HijackThis v1.99.1

Scan saved at 00:15:19, on 2006-12-19

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program\Alwil Software\Avast4\aswUpdSv.exe

C:\Program\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\svchosts.exe

C:\Program\Delade filer\Microsoft Shared\VS7DEBUG\mdm.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\oodag.exe

C:\Program\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\Tablet.exe

C:\WINDOWS\system32\UAService7.exe

C:\Program\DAEMON Tools\daemon.exe

C:\Program\Alwil Software\Avast4\ashMaiSv.exe

C:\Program\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program\Microsoft IntelliPoint\ipoint.exe

C:\Program\Alwil Software\Avast4\ashDisp.exe

C:\WINDOWS\system32\WDBtnMgr.exe

C:\Program\Microsoft IntelliType Pro\type32.exe

C:\Program\Delade filer\{38B9853F-089C-1053-0329-04062803002e}\Update.exe

C:\Program\Bluetack\ProtoWall\ProtoWall.exe

C:\Program\Messenger\msmsgs.exe

C:\Program\SUPERAntiSpyware\SUPERAntiSpyware.exe

C:\Program\Nikon\NkView6\NkvMon.exe

C:\WINDOWS\system32\WTablet\TabUserW.exe

C:\Program\Opera\Opera.exe

C:\WINDOWS\system32\notepad.exe

C:\Documents and Settings\Administratör\Skrivbord\Hi LogFile\HJT1991.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar

R3 - URLSearchHook: (no name) - {F2ADC15D-50C4-286E-9F1B-09E52D1C1591} - C:\WINDOWS\system32\buidzy.dll (file missing)

F2 - REG:system.ini: Shell=

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program\Java\jre1.5.0_06\bin\ssv.dll

O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program\DAEMON Tools\daemon.exe" -lang 1033

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent

O4 - HKLM\..\Run: [intelliPoint] "C:\Program\Microsoft IntelliPoint\ipoint.exe"

O4 - HKLM\..\Run: [Avast!] C:\Program\Alwil Software\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [WD Button Manager] WDBtnMgr.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [type32] "C:\Program\Microsoft IntelliType Pro\type32.exe"

O4 - HKLM\..\Run: [{38B9853F-089C-1053-0329-04062803002e}] "C:\Program\Delade filer\{38B9853F-089C-1053-0329-04062803002e}\Update.exe" mc-110-12-0001291

O4 - HKCU\..\Run: [ProtoWall] C:\Program\Bluetack\ProtoWall\ProtoWall.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Program\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program\SUPERAntiSpyware\SUPERAntiSpyware.exe

O4 - Startup: Adobe Gamma.lnk = C:\Program\Delade filer\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program\Microsoft Office\Office10\OSA.EXE

O4 - Global Startup: NkvMon.exe.lnk = C:\Program\Nikon\NkView6\NkvMon.exe

O4 - Global Startup: TabUserW.exe.lnk = C:\WINDOWS\system32\WTablet\TabUserW.exe

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Toolbars\Restrictions present

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra button: Natural Reader - {0DF757C4-9999-463C-A4EB-B6BF1D8D8D3D} - C:\Program\NaturalReaders\Natural Voice Text To Speech Software Standard\read.html

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program\MIC273~1\Office12\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by115fd.bay115.hotmail.msn.com/resources/MsnPUpld.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1136822709091

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab

O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab

O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program\Delade filer\Microsoft Shared\Help\hxds.dll

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program\MSNMES~1\MSGRAP~1.DLL

O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program\DELADE~1\MICROS~1\OFFICE12\MSOXMLMF.DLL

O20 - Winlogon Notify: !SASWinLogon - C:\Program\SUPERAntiSpyware\SASWINLO.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program\Delade filer\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - Unknown owner - C:\Program\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Program\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: COM+ Messages - Unknown owner - C:\WINDOWS\system32\svchosts.exe" -e mc-110-12-0001291 (file missing)

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program\Delade filer\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPodService - Apple Computer, Inc. - C:\Program\iPod\bin\iPodService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe

O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)

O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:\Program\SiSoftware\SiSoftware Sandra Pro Home 2007.SP1\Win32\RpcDataSrv.exe

O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:\Program\SiSoftware\SiSoftware Sandra Pro Home 2007.SP1\RpcSandraSrv.exe

O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe

O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\WINDOWS\system32\UAService7.exe

[/log]

 

 

[inlägget ändrat 2006-12-19 11:56:14 av kingmooze]

[Cecilia]

Kan du vara snäll och trycka på Redigera under ditt senaste inlägg och så markera (måla) hela loggen från Avast och sedan trycka på LOG-knappen som finns på samma rad som , upprepa med loggen från SUPERAntiSpyware så blir folk glada när de slipper skrolla så mycket.

 

[Cecilia]

Trojan.Freeprod

C:\DOCUMENTS AND SETTINGS\ADMINISTRATöR\SKRIVBORD\DOWNLOAD\WINDOWS.GENUINE.AD

VANTAGE.VALIDATION.V1.5.723.1.CRACKED-ETH0\PATCH.EXE (denna ser mindre bra ut Ska den verkligen bort?)

Filen innehåller en trojan. Är det den som har dragit in alla dessa otrevligheter i datorn?

 

PurityScan, då blir det till att göra på följande sätt:

Ladda ner http://www.mvps.org/winhelp2002/hosts.zip till Skrivbordet.

Packa upp filen. En ny mapp Hosts skapas på Skrivbordet.

Dubbelklicka på mappen för att öppna den.

Dubbelklicka på filen mvps.bat för att starta programmet.

Detta program kommer att byta ut datorns Hosts-fil så att PurityScan-otrevligheten förhindras komma i kontakt med sin skapare. Det kommer också förhindra att du kan besöka sidor som är ökända för att installera otrevligheter på datorn. Du kan läsa mer om det här:

http://www.mvps.org/winhelp2002/hosts.htm

 

Kontrollpanelen - Lägg till eller ta bort program

Om något av följande finns i listan så ta bort:

Oin

Yazzle by Oin

Purityscan by Oin

Snowballwars by Oin

eller något liknande med Oin eller Outerinfo i sig.

Zolero

Tizzletalk

MediaTickets

Cowabanga

 

Ladda ner och kör avinstallationsprogrammet

http://www.outerinfo.com/OiUninstaller.exe

Om du behöver anvisningar så finns de här: http://www.outerinfo.com/howto.html

 

Starta om datorn

 

Ladda ner ComboFix:

http://download.bleepingcomputer.com/sUBs/combofix.exe

 

Kör den och följ anvisningarna som visas.

 

VIKTIGT! Klicka inte på Combofix-fönstret med musen när den körs annars kan den hänga upp sig.

 

När den är färdig så ska en logg komma upp, klistra in den här, samt en ny HijackThis-logg.

 

[kingmooze]

Sover du aldrig??

 

Det blev 2 loggar av ComboFix. Tror jag gjorde fel på en av dom...

Explorer.exe som jag har i mina dokument\W?ndowsKan du se allt det i dessa loggarna?

Just det.. oui el. vad det hette har jag kört tidigare idag. Nu fick jag inte köra det då det inte kunde hitta mål... ledsen att jag inte minns exakt vad det stod.

 

//Daniel

 

 

[log]Administrat”r - 06-12-19 1:09:36,40 Service Pack 2

ComboFix 06.11.27 - Running from: "C:\Documents and Settings\Administrat”r\Skrivbord"

 

(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

 

 

C:\Program\Delade filer\{38B9853F-089D-1053-0329-04062803002e}

C:\Program\Delade filer\{38B9853F-089C-1053-0329-04062803002e}

 

~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ Purity ~ ~ ~ ~ ~ ~ ~ ~~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~

 

Folders Quarantined:

 

C:\QooBox\Purity\WINDOWS\CROSOF~1.NET

 

 

((((((((((((((((((((((((((((((( Files Created from 2006-11-19 to 2006-12-19 ))))))))))))))))))))))))))))))))))

 

 

2006-12-18 23:51 <KAT> d--hs---- C:\Documents and Settings\Administrat”r\Recent

2006-12-18 23:13 <KAT> d-------- C:\Program\SUPERAntiSpyware

2006-12-18 23:13 <KAT> d-------- C:\Documents and Settings\Administrat”r\Application Data\SUPERAntiSpyware.com

2006-12-18 13:32 <KAT> d-------- C:\WINDOWS\pss

2006-12-16 14:52 36,864 --a------ C:\WINDOWS\system32\svchosts.exe

2006-12-16 13:43 <KAT> d-------- C:\Documents and Settings\Administrat”r\Application Data\OfficeUpdate12

2006-12-15 12:04 <KAT> d-------- C:\Program\Siber Systems

2006-12-13 15:23 30,512 --a------ C:\WINDOWS\system32\mdimon.dll

2006-12-13 15:22 <KAT> d-------- C:\Program\Microsoft.NET

2006-12-13 15:22 <KAT> d-------- C:\Program\Microsoft Works

2006-12-13 15:22 <KAT> d-------- C:\Program\Microsoft Visual Studio 8

2006-12-13 15:22 <KAT> d-------- C:\Program\Microsoft Visual Studio

2006-12-13 15:21 <KAT> d-------- C:\Program\Microsoft Expression

2006-12-13 14:34 <KAT> d-------- C:\Program\Delade filer\Designer

2006-12-13 14:33 <KAT> d-------- C:\WINDOWS\ShellNew

2006-12-12 23:01 <KAT> d-------- C:\Documents and Settings\Administrat”r\Application Data\FlashFXP

2006-12-12 16:20 <KAT> d-------- C:\Program\MosaicCreator

2006-12-12 14:51 5 --a------ C:\WINDOWS\system32\wrnreg5.sys

2006-12-11 23:33 <KAT> d-------- C:\Program\Microsoft IntelliType Pro

2006-11-24 23:56 360,448 --a------ C:\WINDOWS\system32\WDBtnMgr.exe

2006-11-24 21:21 <KAT> d-------- C:\Documents and Settings\All Users\Application Data\NVIDIA

2006-11-24 21:00 <KAT> d-------- C:\Program\MSXML 4.0

2006-11-23 19:16 <KAT> d-------- C:\Documents and Settings\Administrat”r\Application Data\Nikon

2006-11-23 19:14 98,304 -ra------ C:\WINDOWS\system32\RCSigProc.dll

2006-11-23 19:14 944,640 --a------ C:\WINDOWS\system32\NEFLibrary3.dll

2006-11-23 19:14 876,544 --a------ C:\WINDOWS\system32\Asteroid6.dll

2006-11-23 19:14 53,760 --a------ C:\WINDOWS\system32\RedEye.dll

2006-11-23 19:14 495,616 --a------ C:\WINDOWS\system32\DRAGNKL1.dll

2006-11-23 19:14 42,496 --a------ C:\WINDOWS\system32\picn20.dll

2006-11-23 19:14 307,200 --a------ C:\WINDOWS\system32\StdFilters3.dll

2006-11-23 19:14 180,224 --a------ C:\WINDOWS\system32\Strato4.dll

2006-11-23 19:14 151,552 --a------ C:\WINDOWS\system32\picn1120.dll

2006-11-23 19:14 143,360 --a------ C:\WINDOWS\system32\picn1020.dll

2006-11-23 19:14 139,264 --a------ C:\WINDOWS\system32\CML5.dll

2006-11-23 19:14 <KAT> d-------- C:\Program\Nikon

2006-11-23 19:14 <KAT> d-------- C:\Program\Delade filer\Nikon

2006-11-22 20:38 <KAT> d-------- C:\Program\Intelore

2006-11-20 20:08 <KAT> d-------- C:\Program\Juice

2006-11-20 20:08 <KAT> d-------- C:\Documents and Settings\Administrat”r\Application Data\iPodder

 

 

(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

 

 

2006-12-19 01:13 -------- d-------- C:\Program\Delade filer

2006-12-18 23:12 -------- d-------- C:\Program\Delade filer\Wise Installation Wizard

2006-12-18 19:05 -------- d-------- C:\Program\Spyware Terminator

2006-12-17 23:52 -------- d---s---- C:\Documents and Settings\Administrat”r\Application Data\Microsoft

2006-12-16 15:05 -------- d-------- C:\Program\Delade filer\Microsoft Shared

2006-12-16 13:38 -------- d-------- C:\Program\Outlook Express

2006-12-16 13:38 -------- d-------- C:\Program\Internet Explorer

2006-12-16 13:38 -------- d-------- C:\Program\Delade filer\System

2006-12-16 01:55 -------- d-------- C:\Program\DC++

2006-12-13 14:33 -------- d-------- C:\Program\Microsoft Office

2006-12-12 23:03 34308 --a------ C:\WINDOWS\system32\BASSMOD.dll

2006-11-24 19:31 -------- d-------- C:\Program\MSN Messenger

2006-11-23 19:14 -------- d--h----- C:\Program\InstallShield Installation Information

2006-11-20 21:01 -------- d-------- C:\Documents and Settings\Administrat”r\Application Data\Apple Computer

2006-11-20 20:55 -------- d-------- C:\Program\QuickTime

2006-11-16 19:47 524288 --a------ C:\WINDOWS\opuc.dll

2006-11-15 19:05 -------- d-------- C:\Documents and Settings\Administrat”r\Application Data\n-Track Studio

2006-11-15 17:29 -------- d-------- C:\Program\Aldo's Macro Recorder

2006-11-15 17:27 -------- d-------- C:\Program\Google

2006-11-15 01:27 -------- d-------- C:\Documents and Settings\Administrat”r\Application Data\vlc

2006-11-14 20:02 -------- d-------- C:\Documents and Settings\Administrat”r\Application Data\Google

2006-11-08 06:07 679424 --a------ C:\WINDOWS\system32\inetcomm.dll

2006-11-07 13:54 -------- d-------- C:\Documents and Settings\Administrat”r\Application Data\Ulead Systems

2006-11-07 13:37 -------- d-------- C:\Program\Ulead Systems

2006-11-06 16:05 -------- d-------- C:\Program\Registry Mechanic

2006-11-06 15:53 -------- d-------- C:\Documents and Settings\Administrat”r\Application Data\ispnews

2006-11-06 15:53 -------- d-------- C:\Documents and Settings\Administrat”r\Application Data\Azureus

2006-11-06 14:11 96256 --a------ C:\WINDOWS\system32\drivers\sptd6845.sys

2006-11-06 13:58 -------- d-------- C:\Program\TuneUp Utilities 2006

2006-11-06 13:51 -------- d-------- C:\Program\Delade filer\Softwin

2006-11-06 00:40 -------- d-------- C:\Program\Softwin

2006-11-04 14:14 1245696 --a------ C:\WINDOWS\system32\msxml4.dll

2006-11-03 12:41 -------- d-------- C:\Program\EA GAMES

2006-10-30 18:38 -------- d-------- C:\Program\Microsoft IntelliPoint

2006-10-30 18:22 -------- d-------- C:\Program\Microsoft IntelliPoint 5.5

2006-10-26 14:10 33088 --a------ C:\WINDOWS\system32\FM20ENU.DLL

2006-10-26 14:10 1190688 --a------ C:\WINDOWS\system32\FM20.DLL

2006-10-26 13:45 293376 --a------ C:\WINDOWS\system32\WISPTIS.EXE

2006-10-26 13:45 207360 --a------ C:\WINDOWS\system32\INKED.DLL

2006-10-23 19:42 -------- d-------- C:\Program\Western Digital Technologies

2006-10-22 15:06 208896 --a------ C:\WINDOWS\system32\nvusmb.exe

2006-10-22 15:06 208896 --a------ C:\WINDOWS\system32\NVUNINST.EXE

2006-10-22 15:06 208896 --a------ C:\WINDOWS\system32\nvumctl.exe

2006-10-22 15:06 208896 --a------ C:\WINDOWS\system32\nvuide.exe

2006-10-22 15:06 208896 --a------ C:\WINDOWS\system32\nvugart.exe

2006-10-22 15:06 208896 --a------ C:\WINDOWS\system32\nvuenet.exe

2006-10-22 15:06 208896 --a------ C:\WINDOWS\system32\nvudisp.exe

2006-10-22 15:06 208896 --a------ C:\WINDOWS\system32\nvuaudio.exe

2006-10-22 12:22 888832 --a------ C:\WINDOWS\system32\nvmobls.dll

2006-10-22 12:22 86016 --a------ C:\WINDOWS\system32\nvmctray.dll

2006-10-22 12:22 81920 --a------ C:\WINDOWS\system32\nvwddi.dll

2006-10-22 12:22 794624 --a------ C:\WINDOWS\system32\nvcplui.exe

2006-10-22 12:22 7700480 --a------ C:\WINDOWS\system32\nvcpl.dll

2006-10-22 12:22 581632 --a------ C:\WINDOWS\system32\nvhwvid.dll

2006-10-22 12:22 5644288 --a------ C:\WINDOWS\system32\nvoglnt.dll

2006-10-22 12:22 5619712 --a------ C:\WINDOWS\system32\nvdisps.dll

2006-10-22 12:22 5255168 --a------ C:\WINDOWS\system32\nvdispsr.dll

2006-10-22 12:22 466944 --a------ C:\WINDOWS\system32\nvshell.dll

2006-10-22 12:22 458752 --a------ C:\WINDOWS\system32\nvmccssr.dll

2006-10-22 12:22 4527488 --a------ C:\WINDOWS\system32\nv4_disp.dll

2006-10-22 12:22 45056 --a------ C:\WINDOWS\system32\nvmccsrs.dll

2006-10-22 12:22 442368 --a------ C:\WINDOWS\system32\nvappbar.exe

2006-10-22 12:22 425984 --a------ C:\WINDOWS\system32\keystone.exe

2006-10-22 12:22 3994624 --a------ C:\WINDOWS\system32\drivers\nv4_mini.sys

2006-10-22 12:22 35840 --a------ C:\WINDOWS\system32\nvcodins.dll

2006-10-22 12:22 35840 --a------ C:\WINDOWS\system32\nvcod.dll

2006-10-22 12:22 335872 --a------ C:\WINDOWS\system32\nvwrses.dll

2006-10-22 12:22 335872 --a------ C:\WINDOWS\system32\nvwrsel.dll

2006-10-22 12:22 327680 --a------ C:\WINDOWS\system32\nvwrsfr.dll

2006-10-22 12:22 327680 --a------ C:\WINDOWS\system32\nvwrsesm.dll

2006-10-22 12:22 323584 --a------ C:\WINDOWS\system32\nvwrspt.dll

2006-10-22 12:22 323584 --a------ C:\WINDOWS\system32\nvwrsit.dll

2006-10-22 12:22 323584 --a------ C:\WINDOWS\system32\nvrshe.dll

2006-10-22 12:22 323584 --a------ C:\WINDOWS\system32\nvrsar.dll

2006-10-22 12:22 3203072 --a------ C:\WINDOWS\system32\nvgamesr.dll

2006-10-22 12:22 319488 --a------ C:\WINDOWS\system32\nvwrsptb.dll

2006-10-22 12:22 319488 --a------ C:\WINDOWS\system32\nvwrsnl.dll

2006-10-22 12:22 315392 --a------ C:\WINDOWS\system32\nvwrsru.dll

2006-10-22 12:22 315392 --a------ C:\WINDOWS\system32\nvwrshu.dll

2006-10-22 12:22 311296 --a------ C:\WINDOWS\system32\nvwrsde.dll

2006-10-22 12:22 311296 --a------ C:\WINDOWS\system32\nvexpbar.dll

2006-10-22 12:22 3047424 --a------ C:\WINDOWS\system32\nvgames.dll

2006-10-22 12:22 303104 --a------ C:\WINDOWS\system32\nvwrstr.dll

2006-10-22 12:22 303104 --a------ C:\WINDOWS\system32\nvwrssl.dll

2006-10-22 12:22 303104 --a------ C:\WINDOWS\system32\nvwrsfi.dll

2006-10-22 12:22 299008 --a------ C:\WINDOWS\system32\nvwrssk.dll

2006-10-22 12:22 299008 --a------ C:\WINDOWS\system32\nvwrsno.dll

2006-10-22 12:22 2973696 --a------ C:\WINDOWS\system32\nvvitvsr.dll

2006-10-22 12:22 294912 --a------ C:\WINDOWS\system32\nvwrssv.dll

2006-10-22 12:22 294912 --a------ C:\WINDOWS\system32\nvwrspl.dll

2006-10-22 12:22 294912 --a------ C:\WINDOWS\system32\nvwrsda.dll

2006-10-22 12:22 2924544 --a------ C:\WINDOWS\system32\nvvitvs.dll

2006-10-22 12:22 286720 --a------ C:\WINDOWS\system32\nvwrseng.dll

2006-10-22 12:22 286720 --a------ C:\WINDOWS\system32\nvwrscs.dll

2006-10-22 12:22 286720 --a------ C:\WINDOWS\system32\nvnt4cpl.dll

2006-10-22 12:22 2859008 --a------ C:\WINDOWS\system32\nvmoblsr.dll

2006-10-22 12:22 282624 --a------ C:\WINDOWS\system32\nvwrsar.dll

2006-10-22 12:22 278528 --a------ C:\WINDOWS\system32\nvwrshe.dll

2006-10-22 12:22 278528 --a------ C:\WINDOWS\system32\nvrsfr.dll

2006-10-22 12:22 274432 --a------ C:\WINDOWS\system32\nvrsit.dll

2006-10-22 12:22 274432 --a------ C:\WINDOWS\system32\nvrses.dll

2006-10-22 12:22 274432 --a------ C:\WINDOWS\system32\nvrsel.dll

2006-10-22 12:22 270336 --a------ C:\WINDOWS\system32\nvrsde.dll

2006-10-22 12:22 266240 --a------ C:\WINDOWS\system32\nvrspt.dll

2006-10-22 12:22 266240 --a------ C:\WINDOWS\system32\nvrsnl.dll

2006-10-22 12:22 266240 --a------ C:\WINDOWS\system32\nvrsesm.dll

2006-10-22 12:22 262144 --a------ C:\WINDOWS\system32\nvrsru.dll

2006-10-22 12:22 262144 --a------ C:\WINDOWS\system32\nvrsptb.dll

2006-10-22 12:22 262144 --a------ C:\WINDOWS\system32\nvrsja.dll

2006-10-22 12:22 258048 --a------ C:\WINDOWS\system32\nvrsko.dll

2006-10-22 12:22 253952 --a------ C:\WINDOWS\system32\nvrshu.dll

2006-10-22 12:22 249856 --a------ C:\WINDOWS\system32\nvrstr.dll

2006-10-22 12:22 249856 --a------ C:\WINDOWS\system32\nvrssl.dll

2006-10-22 12:22 249856 --a------ C:\WINDOWS\system32\nvrssk.dll

2006-10-22 12:22 249856 --a------ C:\WINDOWS\system32\nvrspl.dll

2006-10-22 12:22 249856 --a------ C:\WINDOWS\system32\nvrsno.dll

2006-10-22 12:22 245760 --a------ C:\WINDOWS\system32\nvrssv.dll

2006-10-22 12:22 245760 --a------ C:\WINDOWS\system32\nvrsda.dll

2006-10-22 12:22 241664 --a------ C:\WINDOWS\system32\nvrsfi.dll

2006-10-22 12:22 241664 --a------ C:\WINDOWS\system32\nvrseng.dll

2006-10-22 12:22 241664 --a------ C:\WINDOWS\system32\nvrscs.dll

2006-10-22 12:22 229376 --a------ C:\WINDOWS\system32\nvmccs.dll

2006-10-22 12:22 221184 --a------ C:\WINDOWS\system32\nvrszhc.dll

2006-10-22 12:22 212992 --a------ C:\WINDOWS\system32\nvwrsja.dll

2006-10-22 12:22 212992 --a------ C:\WINDOWS\system32\nvapi.dll

2006-10-22 12:22 196608 --a------ C:\WINDOWS\system32\nvwrsko.dll

2006-10-22 12:22 188416 --a------ C:\WINDOWS\system32\nvmccss.dll

2006-10-22 12:22 1732608 --a------ C:\WINDOWS\system32\nvwssr.dll

2006-10-22 12:22 167936 --a------ C:\WINDOWS\system32\nvwrszht.dll

2006-10-22 12:22 1662976 --a------ C:\WINDOWS\system32\nvwdmcpl.dll

2006-10-22 12:22 163840 --a------ C:\WINDOWS\system32\nvwrszhc.dll

2006-10-22 12:22 1622016 --a------ C:\WINDOWS\system32\nwiz.exe

2006-10-22 12:22 159810 --a------ C:\WINDOWS\system32\nvsvc32.exe

2006-10-22 12:22 147456 --a------ C:\WINDOWS\system32\nvcolor.exe

2006-10-22 12:22 1470464 --a------ C:\WINDOWS\system32\nview.dll

2006-10-22 12:22 1339392 --a------ C:\WINDOWS\system32\nvdspsch.exe

2006-10-22 12:22 1236992 --a------ C:\WINDOWS\system32\nvwss.dll

2006-10-22 12:22 118784 --a------ C:\WINDOWS\system32\nvrszht.dll

2006-10-22 12:22 1019904 --a------ C:\WINDOWS\system32\nvwimg.dll

2006-10-22 12:22 1011712 --a------ C:\WINDOWS\system32\nvcpluir.dll

2006-10-20 10:55 -------- d-------- C:\Program\ImTOO

2006-10-20 02:39 712192 --a------ C:\WINDOWS\system32\sxs.dll

2006-10-19 13:49 -------- d-------- C:\Documents and Settings\Administrat”r\Application Data\Macromedia

2006-10-19 13:48 -------- d-------- C:\Program\Macromedia

2006-10-19 13:48 -------- d-------- C:\Program\Delade filer\Macromedia

2006-10-19 12:30 -------- d-------- C:\Program\WinPcap

2006-10-13 13:41 65536 --a------ C:\WINDOWS\system32\nwwks.dll

2006-10-13 13:41 64000 --a------ C:\WINDOWS\system32\nwapi32.dll

2006-10-13 13:41 141824 --a------ C:\WINDOWS\system32\nwprovau.dll

2006-10-05 19:26 24072 --a------ C:\WINDOWS\system32\uxtuneup.dll

2006-09-25 16:45 666240 --a------ C:\WINDOWS\system32\aswBoot.exe

2006-09-25 16:37 90112 --a------ C:\WINDOWS\system32\AVASTSS.scr

 

 

(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

 

*Note* empty entries are not shown

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]

"ProtoWall"="C:\\Program\\Bluetack\\ProtoWall\\ProtoWall.exe"

"MSMSGS"="\"C:\\Program\\Messenger\\msmsgs.exe\" /background"

"SUPERAntiSpyware"="C:\\Program\\SUPERAntiSpyware\\SUPERAntiSpyware.exe"

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]

"DAEMON Tools"="\"C:\\Program\\DAEMON Tools\\daemon.exe\" -lang 1033"

"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"

"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"

"nwiz"="nwiz.exe /install"

"BluetoothAuthenticationAgent"="rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent"

"IntelliPoint"="\"C:\\Program\\Microsoft IntelliPoint\\ipoint.exe\""

"Avast!"="C:\\Program\\Alwil Software\\Avast4\\ashDisp.exe"

"NvMediaCenter"="RunDLL32.exe NvMCTray.dll,NvTaskbarInit"

"WD Button Manager"="WDBtnMgr.exe"

"QuickTime Task"="\"C:\\Program\\QuickTime\\qttask.exe\" -atboottime"

"type32"="\"C:\\Program\\Microsoft IntelliType Pro\\type32.exe\""

"{38B9853F-089C-1053-0329-04062803002e}"="\"C:\\Program\\Delade filer\\{38B9853F-089C-1053-0329-04062803002e}\\Update.exe\" mc-110-12-0001291"

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]

"Installed"="1"

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]

"Installed"="1"

"NoChange"="1"

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]

"Installed"="1"

 

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]

"DeskHtmlVersion"=dword:00000110

"DeskHtmlMinorVersion"=dword:00000005

"Settings"=dword:00000001

"GeneralFlags"=dword:00000001

 

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]

"Source"="About:Home"

"SubscribedURL"="About:Home"

"FriendlyName"="Min aktuella startsida"

"Flags"=dword:00000002

"Position"=hex:2c,00,00,00,00,01,00,00,00,00,00,00,00,04,00,00,cb,03,00,00,00, 00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00

"CurrentState"=hex:04,00,00,40

"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff, ff,ff,04,00,00,00

"RestoredStateInfo"=hex:18,00,00,00,6a,02,00,00,23,00,00,00,a4,00,00,00,9a,00, 00,00,01,00,00,00

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]

"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"

"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]

"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""

"{54D9498B-CF93-414F-8984-8CE7FDE0D391}"="ewido shell guard"

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=""

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]

"DisableChangePassword"=dword:00000000

"DisableLockWorkstation"=dword:00000000

"DisableCMD"=dword:00000000

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"NoFileUrl"=dword:00000000

"NoDriveAutoRun"=dword:04000000

"NoDrives"=dword:00000000

"NoRun"=dword:00000000

"NoViewOnDrive"=dword:00000000

"NoDesktop"=dword:00000000

"NoClose"=dword:00000000

"NoNetHood"=dword:00000000

"NoFind"=dword:00000000

"NoToolbarCustomize"=dword:00000000

"NoBandCustomize"=dword:00000000

"NoViewContextMenu"=dword:00000000

"NoFolderOptions"=dword:00000000

"NoNetConnectDisconnect"=dword:00000000

"NoFileMenu"=dword:00000000

"Btn_Folders"=dword:00000000

"NoDriveTypeAutoRun"=dword:ffffffdf

"ClearRecentDocsOnExit"=dword:00000001

"NoRecentDocsMenu"=dword:00000001

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

 

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]

"NoDriveTypeAutoRun"=dword:00000091

 

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]

"NoDriveTypeAutoRun"=dword:00000091

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]

"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"

"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"

"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"

"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"

"WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]

"MSMSGS"="\"C:\\Program\\Messenger\\msmsgs.exe\" /background"

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]

"RemoteControl"="C:\\Program\\CyberLink\\PowerDVD\\PDVDServ.exe"

"iTunesHelper"="\"C:\\Program\\iTunes\\iTunesHelper.exe\""

"Ulead AutoDetector v2"="C:\\Program\\Delade filer\\Ulead Systems\\AutoDetector\\monitor.exe"

"Sony Ericsson PC Suite"="\"C:\\Program\\Sony Ericsson\\Mobile2\\Application Launcher\\Application Launcher.exe\" /startoptions"

"CloneCDTray"="\"C:\\Program\\SlySoft\\CloneCD\\CloneCDTray.exe\" /s"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"=""

"hkey"="HKLM"

"command"=""

"inimapping"="0"

 

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]

"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

 

 

Contents of the 'Scheduled Tasks' folder

C:\WINDOWS\tasks\1-Click Maintenance.job

 

Completion time: 06-12-19 1:13:38.10

C:\ComboFix.txt ... 06-12-19 01:13

 

 

 

**********************************************************

 

 

 

 

Administrat”r - 06-12-19 1:14:04,35 Service Pack 2

ComboFix 06.11.27 - Running from: "C:\Documents and Settings\Administrat”r\Skrivbord"

 

(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

 

 

 

~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ Purity ~ ~ ~ ~ ~ ~ ~ ~~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~

 

Folders Quarantined:

 

C:\QooBox\Purity\WINDOWS\CROSOF~1.NET

 

 

((((((((((((((((((((((((((((((( Files Created from 2006-11-19 to 2006-12-19 ))))))))))))))))))))))))))))))))))

 

 

2006-12-18 23:51 <KAT> d--hs---- C:\Documents and Settings\Administrat”r\Recent

2006-12-18 23:13 <KAT> d-------- C:\Program\SUPERAntiSpyware

2006-12-18 23:13 <KAT> d-------- C:\Documents and Settings\Administrat”r\Application Data\SUPERAntiSpyware.com

2006-12-18 13:32 <KAT> d-------- C:\WINDOWS\pss

2006-12-16 14:52 36,864 --a------ C:\WINDOWS\system32\svchosts.exe

2006-12-16 13:43 <KAT> d-------- C:\Documents and Settings\Administrat”r\Application Data\OfficeUpdate12

2006-12-15 12:04 <KAT> d-------- C:\Program\Siber Systems

2006-12-13 15:23 30,512 --a------ C:\WINDOWS\system32\mdimon.dll

2006-12-13 15:22 <KAT> d-------- C:\Program\Microsoft.NET

2006-12-13 15:22 <KAT> d-------- C:\Program\Microsoft Works

2006-12-13 15:22 <KAT> d-------- C:\Program\Microsoft Visual Studio 8

2006-12-13 15:22 <KAT> d-------- C:\Program\Microsoft Visual Studio

2006-12-13 15:21 <KAT> d-------- C:\Program\Microsoft Expression

2006-12-13 14:34 <KAT> d-------- C:\Program\Delade filer\Designer

2006-12-13 14:33 <KAT> d-------- C:\WINDOWS\ShellNew

2006-12-12 23:01 <KAT> d-------- C:\Documents and Settings\Administrat”r\Application Data\FlashFXP

2006-12-12 16:20 <KAT> d-------- C:\Program\MosaicCreator

2006-12-12 14:51 5 --a------ C:\WINDOWS\system32\wrnreg5.sys

2006-12-11 23:33 <KAT> d-------- C:\Program\Microsoft IntelliType Pro

2006-11-24 23:56 360,448 --a------ C:\WINDOWS\system32\WDBtnMgr.exe

2006-11-24 21:21 <KAT> d-------- C:\Documents and Settings\All Users\Application Data\NVIDIA

2006-11-24 21:00 <KAT> d-------- C:\Program\MSXML 4.0

2006-11-23 19:16 <KAT> d-------- C:\Documents and Settings\Administrat”r\Application Data\Nikon

2006-11-23 19:14 98,304 -ra------ C:\WINDOWS\system32\RCSigProc.dll

2006-11-23 19:14 944,640 --a------ C:\WINDOWS\system32\NEFLibrary3.dll

2006-11-23 19:14 876,544 --a------ C:\WINDOWS\system32\Asteroid6.dll

2006-11-23 19:14 53,760 --a------ C:\WINDOWS\system32\RedEye.dll

2006-11-23 19:14 495,616 --a------ C:\WINDOWS\system32\DRAGNKL1.dll

2006-11-23 19:14 42,496 --a------ C:\WINDOWS\system32\picn20.dll

2006-11-23 19:14 307,200 --a------ C:\WINDOWS\system32\StdFilters3.dll

2006-11-23 19:14 180,224 --a------ C:\WINDOWS\system32\Strato4.dll

2006-11-23 19:14 151,552 --a------ C:\WINDOWS\system32\picn1120.dll

2006-11-23 19:14 143,360 --a------ C:\WINDOWS\system32\picn1020.dll

2006-11-23 19:14 139,264 --a------ C:\WINDOWS\system32\CML5.dll

2006-11-23 19:14 <KAT> d-------- C:\Program\Nikon

2006-11-23 19:14 <KAT> d-------- C:\Program\Delade filer\Nikon

2006-11-22 20:38 <KAT> d-------- C:\Program\Intelore

2006-11-20 20:08 <KAT> d-------- C:\Program\Juice

2006-11-20 20:08 <KAT> d-------- C:\Documents and Settings\Administrat”r\Application Data\iPodder

 

 

(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

 

 

2006-12-19 01:13 -------- d-------- C:\Program\Delade filer

2006-12-18 23:12 -------- d-------- C:\Program\Delade filer\Wise Installation Wizard

2006-12-18 19:05 -------- d-------- C:\Program\Spyware Terminator

2006-12-17 23:52 -------- d---s---- C:\Documents and Settings\Administrat”r\Application Data\Microsoft

2006-12-16 15:05 -------- d-------- C:\Program\Delade filer\Microsoft Shared

2006-12-16 13:38 -------- d-------- C:\Program\Outlook Express

2006-12-16 13:38 -------- d-------- C:\Program\Internet Explorer

2006-12-16 13:38 -------- d-------- C:\Program\Delade filer\System

2006-12-16 01:55 -------- d-------- C:\Program\DC++

2006-12-13 14:33 -------- d-------- C:\Program\Microsoft Office

2006-12-12 23:03 34308 --a------ C:\WINDOWS\system32\BASSMOD.dll

2006-11-24 19:31 -------- d-------- C:\Program\MSN Messenger

2006-11-23 19:14 -------- d--h----- C:\Program\InstallShield Installation Information

2006-11-20 21:01 -------- d-------- C:\Documents and Settings\Administrat”r\Application Data\Apple Computer

2006-11-20 20:55 -------- d-------- C:\Program\QuickTime

2006-11-16 19:47 524288 --a------ C:\WINDOWS\opuc.dll

2006-11-15 19:05 -------- d-------- C:\Documents and Settings\Administrat”r\Application Data\n-Track Studio

2006-11-15 17:29 -------- d-------- C:\Program\Aldo's Macro Recorder

2006-11-15 17:27 -------- d-------- C:\Program\Google

2006-11-15 01:27 -------- d-------- C:\Documents and Settings\Administrat”r\Application Data\vlc

2006-11-14 20:02 -------- d-------- C:\Documents and Settings\Administrat”r\Application Data\Google

2006-11-08 06:07 679424 --a------ C:\WINDOWS\system32\inetcomm.dll

2006-11-07 13:54 -------- d-------- C:\Documents and Settings\Administrat”r\Application Data\Ulead Systems

2006-11-07 13:37 -------- d-------- C:\Program\Ulead Systems

2006-11-06 16:05 -------- d-------- C:\Program\Registry Mechanic

2006-11-06 15:53 -------- d-------- C:\Documents and Settings\Administrat”r\Application Data\ispnews

2006-11-06 15:53 -------- d-------- C:\Documents and Settings\Administrat”r\Application Data\Azureus

2006-11-06 14:11 96256 --a------ C:\WINDOWS\system32\drivers\sptd6845.sys

2006-11-06 13:58 -------- d-------- C:\Program\TuneUp Utilities 2006

2006-11-06 13:51 -------- d-------- C:\Program\Delade filer\Softwin

2006-11-06 00:40 -------- d-------- C:\Program\Softwin

2006-11-04 14:14 1245696 --a------ C:\WINDOWS\system32\msxml4.dll

2006-11-03 12:41 -------- d-------- C:\Program\EA GAMES

2006-10-30 18:38 -------- d-------- C:\Program\Microsoft IntelliPoint

2006-10-30 18:22 -------- d-------- C:\Program\Microsoft IntelliPoint 5.5

2006-10-26 14:10 33088 --a------ C:\WINDOWS\system32\FM20ENU.DLL

2006-10-26 14:10 1190688 --a------ C:\WINDOWS\system32\FM20.DLL

2006-10-26 13:45 293376 --a------ C:\WINDOWS\system32\WISPTIS.EXE

2006-10-26 13:45 207360 --a------ C:\WINDOWS\system32\INKED.DLL

2006-10-23 19:42 -------- d-------- C:\Program\Western Digital Technologies

2006-10-22 15:06 208896 --a------ C:\WINDOWS\system32\nvusmb.exe

2006-10-22 15:06 208896 --a------ C:\WINDOWS\system32\NVUNINST.EXE

2006-10-22 15:06 208896 --a------ C:\WINDOWS\system32\nvumctl.exe

2006-10-22 15:06 208896 --a------ C:\WINDOWS\system32\nvuide.exe

2006-10-22 15:06 208896 --a------ C:\WINDOWS\system32\nvugart.exe

2006-10-22 15:06 208896 --a------ C:\WINDOWS\system32\nvuenet.exe

2006-10-22 15:06 208896 --a------ C:\WINDOWS\system32\nvudisp.exe

2006-10-22 15:06 208896 --a------ C:\WINDOWS\system32\nvuaudio.exe

2006-10-22 12:22 888832 --a------ C:\WINDOWS\system32\nvmobls.dll

2006-10-22 12:22 86016 --a------ C:\WINDOWS\system32\nvmctray.dll

2006-10-22 12:22 81920 --a------ C:\WINDOWS\system32\nvwddi.dll

2006-10-22 12:22 794624 --a------ C:\WINDOWS\system32\nvcplui.exe

2006-10-22 12:22 7700480 --a------ C:\WINDOWS\system32\nvcpl.dll

2006-10-22 12:22 581632 --a------ C:\WINDOWS\system32\nvhwvid.dll

2006-10-22 12:22 5644288 --a------ C:\WINDOWS\system32\nvoglnt.dll

2006-10-22 12:22 5619712 --a------ C:\WINDOWS\system32\nvdisps.dll

2006-10-22 12:22 5255168 --a------ C:\WINDOWS\system32\nvdispsr.dll

2006-10-22 12:22 466944 --a------ C:\WINDOWS\system32\nvshell.dll

2006-10-22 12:22 458752 --a------ C:\WINDOWS\system32\nvmccssr.dll

2006-10-22 12:22 4527488 --a------ C:\WINDOWS\system32\nv4_disp.dll

2006-10-22 12:22 45056 --a------ C:\WINDOWS\system32\nvmccsrs.dll

2006-10-22 12:22 442368 --a------ C:\WINDOWS\system32\nvappbar.exe

2006-10-22 12:22 425984 --a------ C:\WINDOWS\system32\keystone.exe

2006-10-22 12:22 3994624 --a------ C:\WINDOWS\system32\drivers\nv4_mini.sys

2006-10-22 12:22 35840 --a------ C:\WINDOWS\system32\nvcodins.dll

2006-10-22 12:22 35840 --a------ C:\WINDOWS\system32\nvcod.dll

2006-10-22 12:22 335872 --a------ C:\WINDOWS\system32\nvwrses.dll

2006-10-22 12:22 335872 --a------ C:\WINDOWS\system32\nvwrsel.dll

2006-10-22 12:22 327680 --a------ C:\WINDOWS\system32\nvwrsfr.dll

2006-10-22 12:22 327680 --a------ C:\WINDOWS\system32\nvwrsesm.dll

2006-10-22 12:22 323584 --a------ C:\WINDOWS\system32\nvwrspt.dll

2006-10-22 12:22 323584 --a------ C:\WINDOWS\system32\nvwrsit.dll

2006-10-22 12:22 323584 --a------ C:\WINDOWS\system32\nvrshe.dll

2006-10-22 12:22 323584 --a------ C:\WINDOWS\system32\nvrsar.dll

2006-10-22 12:22 3203072 --a------ C:\WINDOWS\system32\nvgamesr.dll

2006-10-22 12:22 319488 --a------ C:\WINDOWS\system32\nvwrsptb.dll

2006-10-22 12:22 319488 --a------ C:\WINDOWS\system32\nvwrsnl.dll

2006-10-22 12:22 315392 --a------ C:\WINDOWS\system32\nvwrsru.dll

2006-10-22 12:22 315392 --a------ C:\WINDOWS\system32\nvwrshu.dll

2006-10-22 12:22 311296 --a------ C:\WINDOWS\system32\nvwrsde.dll

2006-10-22 12:22 311296 --a------ C:\WINDOWS\system32\nvexpbar.dll

2006-10-22 12:22 3047424 --a------ C:\WINDOWS\system32\nvgames.dll

2006-10-22 12:22 303104 --a------ C:\WINDOWS\system32\nvwrstr.dll

2006-10-22 12:22 303104 --a------ C:\WINDOWS\system32\nvwrssl.dll

2006-10-22 12:22 303104 --a------ C:\WINDOWS\system32\nvwrsfi.dll

2006-10-22 12:22 299008 --a------ C:\WINDOWS\system32\nvwrssk.dll

2006-10-22 12:22 299008 --a------ C:\WINDOWS\system32\nvwrsno.dll

2006-10-22 12:22 2973696 --a------ C:\WINDOWS\system32\nvvitvsr.dll

2006-10-22 12:22 294912 --a------ C:\WINDOWS\system32\nvwrssv.dll

2006-10-22 12:22 294912 --a------ C:\WINDOWS\system32\nvwrspl.dll

2006-10-22 12:22 294912 --a------ C:\WINDOWS\system32\nvwrsda.dll

2006-10-22 12:22 2924544 --a------ C:\WINDOWS\system32\nvvitvs.dll

2006-10-22 12:22 286720 --a------ C:\WINDOWS\system32\nvwrseng.dll

2006-10-22 12:22 286720 --a------ C:\WINDOWS\system32\nvwrscs.dll

2006-10-22 12:22 286720 --a------ C:\WINDOWS\system32\nvnt4cpl.dll

2006-10-22 12:22 2859008 --a------ C:\WINDOWS\system32\nvmoblsr.dll

2006-10-22 12:22 282624 --a------ C:\WINDOWS\system32\nvwrsar.dll

2006-10-22 12:22 278528 --a------ C:\WINDOWS\system32\nvwrshe.dll

2006-10-22 12:22 278528 --a------ C:\WINDOWS\system32\nvrsfr.dll

2006-10-22 12:22 274432 --a------ C:\WINDOWS\system32\nvrsit.dll

2006-10-22 12:22 274432 --a------ C:\WINDOWS\system32\nvrses.dll

2006-10-22 12:22 274432 --a------ C:\WINDOWS\system32\nvrsel.dll

2006-10-22 12:22 270336 --a------ C:\WINDOWS\system32\nvrsde.dll

2006-10-22 12:22 266240 --a------ C:\WINDOWS\system32\nvrspt.dll

2006-10-22 12:22 266240 --a------ C:\WINDOWS\system32\nvrsnl.dll

2006-10-22 12:22 266240 --a------ C:\WINDOWS\system32\nvrsesm.dll

2006-10-22 12:22 262144 --a------ C:\WINDOWS\system32\nvrsru.dll

2006-10-22 12:22 262144 --a------ C:\WINDOWS\system32\nvrsptb.dll

2006-10-22 12:22 262144 --a------ C:\WINDOWS\system32\nvrsja.dll

2006-10-22 12:22 258048 --a------ C:\WINDOWS\system32\nvrsko.dll

2006-10-22 12:22 253952 --a------ C:\WINDOWS\system32\nvrshu.dll

2006-10-22 12:22 249856 --a------ C:\WINDOWS\system32\nvrstr.dll

2006-10-22 12:22 249856 --a------ C:\WINDOWS\system32\nvrssl.dll

2006-10-22 12:22 249856 --a------ C:\WINDOWS\system32\nvrssk.dll

2006-10-22 12:22 249856 --a------ C:\WINDOWS\system32\nvrspl.dll

2006-10-22 12:22 249856 --a------ C:\WINDOWS\system32\nvrsno.dll

2006-10-22 12:22 245760 --a------ C:\WINDOWS\system32\nvrssv.dll

2006-10-22 12:22 245760 --a------ C:\WINDOWS\system32\nvrsda.dll

2006-10-22 12:22 241664 --a------ C:\WINDOWS\system32\nvrsfi.dll

2006-10-22 12:22 241664 --a------ C:\WINDOWS\system32\nvrseng.dll

2006-10-22 12:22 241664 --a------ C:\WINDOWS\system32\nvrscs.dll

2006-10-22 12:22 229376 --a------ C:\WINDOWS\system32\nvmccs.dll

2006-10-22 12:22 221184 --a------ C:\WINDOWS\system32\nvrszhc.dll

2006-10-22 12:22 212992 --a------ C:\WINDOWS\system32\nvwrsja.dll

2006-10-22 12:22 212992 --a------ C:\WINDOWS\system32\nvapi.dll

2006-10-22 12:22 196608 --a------ C:\WINDOWS\system32\nvwrsko.dll

2006-10-22 12:22 188416 --a------ C:\WINDOWS\system32\nvmccss.dll

2006-10-22 12:22 1732608 --a------ C:\WINDOWS\system32\nvwssr.dll

2006-10-22 12:22 167936 --a------ C:\WINDOWS\system32\nvwrszht.dll

2006-10-22 12:22 1662976 --a------ C:\WINDOWS\system32\nvwdmcpl.dll

2006-10-22 12:22 163840 --a------ C:\WINDOWS\system32\nvwrszhc.dll

2006-10-22 12:22 1622016 --a------ C:\WINDOWS\system32\nwiz.exe

2006-10-22 12:22 159810 --a------ C:\WINDOWS\system32\nvsvc32.exe

2006-10-22 12:22 147456 --a------ C:\WINDOWS\system32\nvcolor.exe

2006-10-22 12:22 1470464 --a------ C:\WINDOWS\system32\nview.dll

2006-10-22 12:22 1339392 --a------ C:\WINDOWS\system32\nvdspsch.exe

2006-10-22 12:22 1236992 --a------ C:\WINDOWS\system32\nvwss.dll

2006-10-22 12:22 118784 --a------ C:\WINDOWS\system32\nvrszht.dll

2006-10-22 12:22 1019904 --a------ C:\WINDOWS\system32\nvwimg.dll

2006-10-22 12:22 1011712 --a------ C:\WINDOWS\system32\nvcpluir.dll

2006-10-20 10:55 -------- d-------- C:\Program\ImTOO

2006-10-20 02:39 712192 --a------ C:\WINDOWS\system32\sxs.dll

2006-10-19 13:49 -------- d-------- C:\Documents and Settings\Administrat”r\Application Data\Macromedia

2006-10-19 13:48 -------- d-------- C:\Program\Macromedia

2006-10-19 13:48 -------- d-------- C:\Program\Delade filer\Macromedia

2006-10-19 12:30 -------- d-------- C:\Program\WinPcap

2006-10-13 13:41 65536 --a------ C:\WINDOWS\system32\nwwks.dll

2006-10-13 13:41 64000 --a------ C:\WINDOWS\system32\nwapi32.dll

2006-10-13 13:41 141824 --a------ C:\WINDOWS\system32\nwprovau.dll

2006-10-05 19:26 24072 --a------ C:\WINDOWS\system32\uxtuneup.dll

2006-09-25 16:45 666240 --a------ C:\WINDOWS\system32\aswBoot.exe

2006-09-25 16:37 90112 --a------ C:\WINDOWS\system32\AVASTSS.scr

 

 

(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

 

*Note* empty entries are not shown

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]

"ProtoWall"="C:\\Program\\Bluetack\\ProtoWall\\ProtoWall.exe"

"MSMSGS"="\"C:\\Program\\Messenger\\msmsgs.exe\" /background"

"SUPERAntiSpyware"="C:\\Program\\SUPERAntiSpyware\\SUPERAntiSpyware.exe"

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]

"DAEMON Tools"="\"C:\\Program\\DAEMON Tools\\daemon.exe\" -lang 1033"

"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"

"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"

"nwiz"="nwiz.exe /install"

"BluetoothAuthenticationAgent"="rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent"

"IntelliPoint"="\"C:\\Program\\Microsoft IntelliPoint\\ipoint.exe\""

"Avast!"="C:\\Program\\Alwil Software\\Avast4\\ashDisp.exe"

"NvMediaCenter"="RunDLL32.exe NvMCTray.dll,NvTaskbarInit"

"WD Button Manager"="WDBtnMgr.exe"

"QuickTime Task"="\"C:\\Program\\QuickTime\\qttask.exe\" -atboottime"

"type32"="\"C:\\Program\\Microsoft IntelliType Pro\\type32.exe\""

"{38B9853F-089C-1053-0329-04062803002e}"="\"C:\\Program\\Delade filer\\{38B9853F-089C-1053-0329-04062803002e}\\Update.exe\" mc-110-12-0001291"

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]

"Installed"="1"

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]

"Installed"="1"

"NoChange"="1"

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]

"Installed"="1"

 

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]

"DeskHtmlVersion"=dword:00000110

"DeskHtmlMinorVersion"=dword:00000005

"Settings"=dword:00000001

"GeneralFlags"=dword:00000001

 

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]

"Source"="About:Home"

"SubscribedURL"="About:Home"

"FriendlyName"="Min aktuella startsida"

"Flags"=dword:00000002

"Position"=hex:2c,00,00,00,80,00,00,00,00,00,00,00,00,02,00,00,c4,01,00,00,00, 00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00

"CurrentState"=hex:04,00,00,40

"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff, ff,ff,04,00,00,00

"RestoredStateInfo"=hex:18,00,00,00,6a,02,00,00,23,00,00,00,a4,00,00,00,9a,00, 00,00,01,00,00,00

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]

"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"

"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]

"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""

"{54D9498B-CF93-414F-8984-8CE7FDE0D391}"="ewido shell guard"

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=""

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]

"DisableChangePassword"=dword:00000000

"DisableLockWorkstation"=dword:00000000

"DisableCMD"=dword:00000000

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"NoFileUrl"=dword:00000000

"NoDriveAutoRun"=dword:04000000

"NoDrives"=dword:00000000

"NoRun"=dword:00000000

"NoViewOnDrive"=dword:00000000

"NoDesktop"=dword:00000000

"NoClose"=dword:00000000

"NoNetHood"=dword:00000000

"NoFind"=dword:00000000

"NoToolbarCustomize"=dword:00000000

"NoBandCustomize"=dword:00000000

"NoViewContextMenu"=dword:00000000

"NoFolderOptions"=dword:00000000

"NoNetConnectDisconnect"=dword:00000000

"NoFileMenu"=dword:00000000

"Btn_Folders"=dword:00000000

"NoDriveTypeAutoRun"=dword:ffffffdf

"ClearRecentDocsOnExit"=dword:00000001

"NoRecentDocsMenu"=dword:00000001

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

 

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]

"NoDriveTypeAutoRun"=dword:00000091

 

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]

"NoDriveTypeAutoRun"=dword:00000091

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]

"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"

"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"

"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"

"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"

"WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]

"MSMSGS"="\"C:\\Program\\Messenger\\msmsgs.exe\" /background"

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]

"RemoteControl"="C:\\Program\\CyberLink\\PowerDVD\\PDVDServ.exe"

"iTunesHelper"="\"C:\\Program\\iTunes\\iTunesHelper.exe\""

"Ulead AutoDetector v2"="C:\\Program\\Delade filer\\Ulead Systems\\AutoDetector\\monitor.exe"

"Sony Ericsson PC Suite"="\"C:\\Program\\Sony Ericsson\\Mobile2\\Application Launcher\\Application Launcher.exe\" /startoptions"

"CloneCDTray"="\"C:\\Program\\SlySoft\\CloneCD\\CloneCDTray.exe\" /s"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"=""

"hkey"="HKLM"

"command"=""

"inimapping"="0"

 

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]

"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

 

 

Contents of the 'Scheduled Tasks' folder

C:\WINDOWS\tasks\1-Click Maintenance.job

 

Completion time: 06-12-19 1:15:12.56

C:\ComboFix.txt ... 06-12-19 01:15

C:\ComboFix2.txt ... 06-12-19 01:13

 

*************************************************

[/log]

 

 

 

[log]Logfile of HijackThis v1.99.1

Scan saved at 01:23:18, on 2006-12-19

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Program\DAEMON Tools\daemon.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program\Microsoft IntelliPoint\ipoint.exe

C:\Program\Alwil Software\Avast4\ashDisp.exe

C:\WINDOWS\system32\WDBtnMgr.exe

C:\Program\Microsoft IntelliType Pro\type32.exe

C:\Program\Bluetack\ProtoWall\ProtoWall.exe

C:\Program\Messenger\msmsgs.exe

C:\Program\SUPERAntiSpyware\SUPERAntiSpyware.exe

C:\Program\Alwil Software\Avast4\aswUpdSv.exe

C:\Program\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\svchosts.exe

C:\Program\Delade filer\Microsoft Shared\VS7DEBUG\mdm.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\oodag.exe

C:\Program\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\Tablet.exe

C:\WINDOWS\system32\UAService7.exe

C:\Program\Alwil Software\Avast4\ashMaiSv.exe

C:\Program\Alwil Software\Avast4\ashWebSv.exe

C:\Program\Nikon\NkView6\NkvMon.exe

C:\WINDOWS\system32\WTablet\TabUserW.exe

C:\Program\Alwil Software\Avast4\setup\avast.setup

C:\WINDOWS\system32\wuauclt.exe

C:\Documents and Settings\Administratör\Skrivbord\Hi LogFile\HJT1991.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar

R3 - URLSearchHook: (no name) - {F2ADC15D-50C4-286E-9F1B-09E52D1C1591} - C:\WINDOWS\system32\buidzy.dll (file missing)

F2 - REG:system.ini: Shell=

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program\Java\jre1.5.0_06\bin\ssv.dll

O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program\DAEMON Tools\daemon.exe" -lang 1033

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent

O4 - HKLM\..\Run: [intelliPoint] "C:\Program\Microsoft IntelliPoint\ipoint.exe"

O4 - HKLM\..\Run: [Avast!] C:\Program\Alwil Software\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [WD Button Manager] WDBtnMgr.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [type32] "C:\Program\Microsoft IntelliType Pro\type32.exe"

O4 - HKLM\..\Run: [{38B9853F-089C-1053-0329-04062803002e}] "C:\Program\Delade filer\{38B9853F-089C-1053-0329-04062803002e}\Update.exe" mc-110-12-0001291

O4 - HKCU\..\Run: [ProtoWall] C:\Program\Bluetack\ProtoWall\ProtoWall.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Program\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program\SUPERAntiSpyware\SUPERAntiSpyware.exe

O4 - Startup: Adobe Gamma.lnk = C:\Program\Delade filer\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program\Microsoft Office\Office10\OSA.EXE

O4 - Global Startup: NkvMon.exe.lnk = C:\Program\Nikon\NkView6\NkvMon.exe

O4 - Global Startup: TabUserW.exe.lnk = C:\WINDOWS\system32\WTablet\TabUserW.exe

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Toolbars\Restrictions present

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra button: Natural Reader - {0DF757C4-9999-463C-A4EB-B6BF1D8D8D3D} - C:\Program\NaturalReaders\Natural Voice Text To Speech Software Standard\read.html

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program\MIC273~1\Office12\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by115fd.bay115.hotmail.msn.com/resources/MsnPUpld.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1136822709091

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab

O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab

O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program\Delade filer\Microsoft Shared\Help\hxds.dll

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program\MSNMES~1\MSGRAP~1.DLL

O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program\DELADE~1\MICROS~1\OFFICE12\MSOXMLMF.DLL

O20 - Winlogon Notify: !SASWinLogon - C:\Program\SUPERAntiSpyware\SASWINLO.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program\Delade filer\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - Unknown owner - C:\Program\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Program\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: COM+ Messages - Unknown owner - C:\WINDOWS\system32\svchosts.exe" -e mc-110-12-0001291 (file missing)

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program\Delade filer\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPodService - Apple Computer, Inc. - C:\Program\iPod\bin\iPodService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe

O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)

O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:\Program\SiSoftware\SiSoftware Sandra Pro Home 2007.SP1\Win32\RpcDataSrv.exe

O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:\Program\SiSoftware\SiSoftware Sandra Pro Home 2007.SP1\RpcSandraSrv.exe

O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe

O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\WINDOWS\system32\UAService7.exe

[/log]

 

 

[inlägget ändrat 2006-12-19 01:25:37 av kingmooze]

 

[inlägget ändrat 2006-12-20 17:35:11 av Anders N]

[Jetmoon]

det måste nog vara det längsta medelandet i eforums historia

 

GJ

/Jetmoon

 

 

[kingmooze]

jo.. hehe..

 

Det va faktiskt min tanke! hehe

 

Stackars Cecilia som ska läsa...

 

[Anjuna Moon]

Det va faktiskt min tanke! hehe

Inga "hehe"! Ska du posta loggar så gör det inom LOG-taggar. Du är knappast först med att posta långa idiotiska loggar på det där sättet och det är ingen som uppskattar det! :thumbsdown:

 

[Cecilia]

Kan du vara snäll och trycka på Redigera under ditt senaste inlägg och så markera (måla) hela loggen från Avast och sedan trycka på LOG-knappen som finns på samma rad som Tumme nerTumme upp, upprepa med loggen från SUPERAntiSpyware så blir folk glada när de slipper skrolla så mycket.

Gäller fortfarande inlägget 00:13

 

Samt att du i fortsättningen också gör så här:

Klistra in en logg

Markera (måla) loggen

Tryck på LOG-knappen som finns på samma rad som

Så slipper vi alla jätteinlägg att skrolla förbi.

 

Oin-avinstallationen går nog bara att köra en gång och det viktiga är att den blir körd en gång det ska räcka.

 

Det är en gammal Java-version med säkerhetshål i datorn. Avinstallera alla Java i Kontrollpanelen - Lägg till eller ta bort program och installera därefter en ny: http://www.java.com/sv/

 

Är det du själv som har ställt in att det inte ska gå att ändra inställningar i Internet Explorer?

 

Uppdatera SUPERAntiSpyware.

 

Starta om datorn i felsäkert läge (tryck F8 upprepade gånger under uppstarten och välj felsäkert läge i menyn).

 

Kontrollpanelen - Administrationsverktyg - Tjänster

Leta upp COM+ Messages i listan, dubbelklicka och välj Startmetod Inaktiverad, tryck på Stoppa om det går.

 

[log]Skanna med HijackThis och bocka för:

 

R3 - URLSearchHook: (no name) - {F2ADC15D-50C4-286E-9F1B-09E52D1C1591} - C:\WINDOWS\system32\buidzy.dll (file missing)

F2 - REG:system.ini: Shell=

O4 - HKLM\..\Run: [{38B9853F-089C-1053-0329-04062803002e}] "C:\Program\Delade filer\{38B9853F-089C-1053-0329-04062803002e}\Update.exe" mc-110-12-0001291

 

Avsluta alla andra program.

Tryck Fix checked.

 

Ställ in Utforskaren så att du kan se alla filer:

Verktyg - (Mapp)alternativ eller liknande - Visning

Välj Visa dolda filer och mappar

Avbocka Dölj filnamnstillägg för kända filtyper

Avbocka Dölj skyddade operativsystemfiler

 

Ta bort filerna (om de finns kvar):

C:\WINDOWS\system32\svchosts.exe OBS! Stavningen, ej svchost.exe

C:\WINDOWS\system32\buidzy.dll

 

Ta bort mapparna (om de finns kvar):

C:\Program\Delade filer\{38B9853F-089C-1053-0329-04062803002e}

Mappen W?ndows i Mina dokument

 

Skanna med SUPERAntiSpyware.

 

Starta om i normalt läge och så en ny HijackThis-logg samt SUPERAntiSpyware-loggen.

 

OCH ANVÄND LOG-KNAPPEN![/log]

 

[kingmooze]

Jag var inte allvarlig!

 

Jag är ny här o hade ingen aning om hur man gjorde.... naturligtvis!

Vem fan vill scrolla så mkt.?

 

 

[kingmooze]

Jag kan inte hitta Log knappen.. inga tummar heller...

Bifogar bild...

Ledsen!

 

Väntar lite o ser om jag får ngt. tipps innan jag klistrar in log.

 

Det gick inte att redigera inläggen innan. Det stod att dom var besvarade.

 

[bild bifogad 2006-12-19 14:45:14 av kingmooze]

[inlägget ändrat 2006-12-19 14:45:59 av kingmooze]

[Cecilia]

Ahaa, Opera eller? Då får du skriva

[ LOG]

fast utan mellanrummet, för och efter loggarna.

Inlägget 00:13 ska inte vara besvarat så det ska gå bra att redigera det.

 

[kingmooze]

Så.. postar via IE....

 

Loggen från Superantispyware var helt tom så den kan ju inte behövas.

 

Här är iaf log från HJT:

 

 

 

[log]Logfile of HijackThis v1.99.1

Scan saved at 15:26:05, on 2006-12-19

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program\Alwil Software\Avast4\aswUpdSv.exe

C:\WINDOWS\Explorer.EXE

C:\Program\Alwil Software\Avast4\ashServ.exe

C:\Program\Delade filer\Microsoft Shared\VS7DEBUG\mdm.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\oodag.exe

C:\Program\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\Tablet.exe

C:\Program\DAEMON Tools\daemon.exe

C:\WINDOWS\system32\UAService7.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program\Microsoft IntelliPoint\ipoint.exe

C:\Program\Alwil Software\Avast4\ashDisp.exe

C:\WINDOWS\system32\WDBtnMgr.exe

C:\Program\Microsoft IntelliType Pro\type32.exe

C:\Program\Bluetack\ProtoWall\ProtoWall.exe

C:\Program\Messenger\msmsgs.exe

C:\Program\SUPERAntiSpyware\SUPERAntiSpyware.exe

C:\Program\Alwil Software\Avast4\ashMaiSv.exe

C:\Program\Alwil Software\Avast4\ashWebSv.exe

C:\Program\Nikon\NkView6\NkvMon.exe

C:\WINDOWS\system32\WTablet\TabUserW.exe

C:\Program\Opera\Opera.exe

C:\Program\Outlook Express\msimn.exe

C:\Program\BitComet\BitComet.exe

C:\Program\Internet Explorer\IEXPLORE.EXE

C:\Documents and Settings\Administratör\Skrivbord\Hi LogFile\HJT1991.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program\Java\jre1.5.0_10\bin\ssv.dll

O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program\DAEMON Tools\daemon.exe" -lang 1033

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent

O4 - HKLM\..\Run: [intelliPoint] "C:\Program\Microsoft IntelliPoint\ipoint.exe"

O4 - HKLM\..\Run: [Avast!] C:\Program\Alwil Software\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [WD Button Manager] WDBtnMgr.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [type32] "C:\Program\Microsoft IntelliType Pro\type32.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program\Java\jre1.5.0_10\bin\jusched.exe"

O4 - HKCU\..\Run: [ProtoWall] C:\Program\Bluetack\ProtoWall\ProtoWall.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Program\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program\SUPERAntiSpyware\SUPERAntiSpyware.exe

O4 - Startup: Adobe Gamma.lnk = C:\Program\Delade filer\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program\Microsoft Office\Office10\OSA.EXE

O4 - Global Startup: NkvMon.exe.lnk = C:\Program\Nikon\NkView6\NkvMon.exe

O4 - Global Startup: TabUserW.exe.lnk = C:\WINDOWS\system32\WTablet\TabUserW.exe

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Toolbars\Restrictions present

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_10\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_10\bin\ssv.dll

O9 - Extra button: Natural Reader - {0DF757C4-9999-463C-A4EB-B6BF1D8D8D3D} - C:\Program\NaturalReaders\Natural Voice Text To Speech Software Standard\read.html

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program\MIC273~1\Office12\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by115fd.bay115.hotmail.msn.com/resources/MsnPUpld.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1136822709091

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab

O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab

O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program\Delade filer\Microsoft Shared\Help\hxds.dll

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program\MSNMES~1\MSGRAP~1.DLL

O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program\DELADE~1\MICROS~1\OFFICE12\MSOXMLMF.DLL

O20 - Winlogon Notify: !SASWinLogon - C:\Program\SUPERAntiSpyware\SASWINLO.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program\Delade filer\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - Unknown owner - C:\Program\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Program\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program\Delade filer\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPodService - Apple Computer, Inc. - C:\Program\iPod\bin\iPodService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe

O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)

O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:\Program\SiSoftware\SiSoftware Sandra Pro Home 2007.SP1\Win32\RpcDataSrv.exe

O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:\Program\SiSoftware\SiSoftware Sandra Pro Home 2007.SP1\RpcSandraSrv.exe

O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe

O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\WINDOWS\system32\UAService7.exe[/log]

 

[Cecilia]

Loggen från Superantispyware var helt tom så den kan ju inte behövas.

Vad bra!

 

Jag ser inget otrevligt i loggen längre.

 

Här kommer mina vanliga råd för en säkrare dator, men det är så klart viktigt att man använder sitt förnuft också.

 

Uppdatera från Windows Update och kör antispionprogrammen AVG Anti-Spyware (Ewido), SUPERAntiSpyware, Spybot S&D och/eller Ad-aware regelbundet.

http://www.ewido.net/en/

http://www.superantispyware.com/

http://www.safer-networking.org/en/download/index.html

http://www.lavasoft.com

 

Komplettera antivirusprogrammet med några online-skanningar då och då:

http://housecall.trendmicro.com/

http://www.bitdefender.com/scan8/ie.html

http://www.pandasoftware.com/products/activescan/

 

Använd en brandvägg (bättre än den inbyggda i XP), finns gratis från t ex ZoneLabs.

http://www.zonelabs.com/store/content/home.jsp

 

Om man använder Internet Explorer så kan det vara lämpligt att ha programmen SpywareBlaster och SpywareGuard, vilka hindrar en hel del otrevliga program från att laddas ner resp. köras:

http://www.javacoolsoftware.com

 

Se över säkerhetsinställningarna i Internet Explorer, det finns en hel del tips här:

http://www.spywarewarrior.com/uiuc/btw/ie/ie-opts.htm

 

Samt kör IE-SpyAd som lägger en hel massa otrevliga webbplatser i zonen Ej tillförlitliga i Internet Explorer så att de inte kan göra något med datorn:

http://www.spywarewarrior.com/uiuc/resource.htm

 

Om man byter webbläsare så är det bara SpywareGuard som behövs. Andra webbläsare är t ex Mozilla Firefox och Opera:

http://www.mozilla.org

http://www.opera.com

 

Allt gratis för hemanvändare/personligt bruk.

 

[kingmooze]

Min burk är ren!

 

Äntligen!

 

Tusen tack snälla du!

 

Fantastisk att du tar dig tid att hjälpa så många! Stor eloge!!!

 

 

Ska följa dina tipps!

Ha det nu gott så hoppas jag att vi inte hörs allt för snart

 

Daniel

 

 

ps. är du i behov av bild hjälp el. liknande så tveka inte höra dig!

 

[Cecilia]

Tack själv för alla poäng! :)