Dll problem

[Niklas76]

Jag får upp detta meddelande när jag startar datorn

 

 

 

"Det gick inte att läsa in w296cd6d.dll

Det går inte att hitta den angivna modulen"

 

Jag har letat efter filen på div sidor med hittar den inte

Någon som känner igen filen eller har någon ide om vad

jag ska göra för att hitta filen, eller fixa felet

 

[Cecilia]

Vi kan ju se om HijackThis visar något till att börja med:

http://www.thespykiller.co.uk/files/HJTsetup.exe

Installera, kör, skanna och spara loggen (inget annat).

 

I ditt svar bifogar du HijackThis-loggen på detta sätt:

Tryck på LOG-knappen i Besvara-fönstret

Klistra in loggen

Tryck igen på LOG-knappen

 

[Niklas76]

[log]Logfile of HijackThis v1.99.1

Scan saved at 20:11:45, on 2007-01-05

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.5730.0011)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program\Diskeeper Corporation\Diskeeper\DkService.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\Program\CyberLink\Shared Files\RichVideo.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\SOUNDMAN.EXE

C:\Program\Microsoft IntelliType Pro\itype.exe

C:\Program\HP\HP Software Update\HPWuSchd2.exe

C:\Program\Java\jre1.5.0_09\bin\jusched.exe

C:\Program\QuickTime\qttask.exe

C:\Program\ATI Technologies\ATI.ACE\CLI.EXE

C:\Program\iTunes\iTunesHelper.exe

C:\Program\DAEMON Tools\daemon.exe

C:\Program\CyberLink\PowerDVD\PDVDServ.exe

C:\Program\SAMSUNG\FW LiveUpdate\Liveupdate.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program\MSN Messenger\MsnMsgr.Exe

C:\spel\valve\steam\steam.exe

C:\Program\MICROS~4\wcescomm.exe

C:\Program\Personal\bin\Personal.exe

C:\Program\MICROS~4\rapimgr.exe

C:\Program\ATI Technologies\ATI.ACE\cli.exe

C:\Program\iPod\bin\iPodService.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Program\WinRAR\WinRAR.exe

C:\Program\Mozilla Thunderbird\thunderbird.exe

C:\WINDOWS\regedit.exe

C:\Program\Hijackthis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.handelsbanken.se/hammarby

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157'>http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896'>http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {71AFD69A-7477-4A2A-BA56-6D26A71C5DE8} - C:\WINDOWS\system32\geedc.dll (file missing)

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program\Java\jre1.5.0_09\bin\ssv.dll

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE

O4 - HKLM\..\Run: [itype] "C:\Program\Microsoft IntelliType Pro\itype.exe"

O4 - HKLM\..\Run: [HP Software Update] C:\Program\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program\Diskeeper Corporation\Diskeeper\DkIcon.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program\Java\jre1.5.0_09\bin\jusched.exe"

O4 - HKLM\..\Run: [bhyf826d] RUNDLL32.EXE w296cd6d.dll,n 002f826b0000000a296cd6d

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [ATICCC] "C:\Program\ATI Technologies\ATI.ACE\CLIStart.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program\DAEMON Tools\daemon.exe" -lang 1033

O4 - HKLM\..\Run: [RemoteControl] C:\Program\CyberLink\PowerDVD\PDVDServ.exe

O4 - HKLM\..\Run: [LanguageShortcut] C:\Program\CyberLink\PowerDVD\Language\Language.exe

O4 - HKLM\..\Run: [Name of App] C:\Program\SAMSUNG\FW LiveUpdate\Liveupdate.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [steam] "c:\spel\valve\steam\steam.exe" -silent

O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program\MICROS~4\wcescomm.exe"

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Personal.lnk = C:\Program\Personal\bin\Personal.exe

O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~3\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_09\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_09\bin\ssv.dll

O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program\MICROS~4\INetRepl.dll

O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program\MICROS~4\INetRepl.dll

O9 - Extra 'Tools' menuitem: Skapa mobilfavorit... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program\MICROS~4\INetRepl.dll

O9 - Extra button: Referensinformation - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program\MICROS~3\OFFICE11\REFIEBAR.DLL

O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Poker Clienter\PartyGaming\PartyPoker\RunApp.exe (file missing)

O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Poker Clienter\PartyGaming\PartyPoker\RunApp.exe (file missing)

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O11 - Options group: [iNTERNATIONAL] International*

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program\MSNMES~1\MSGRAP~1.DLL

O20 - Winlogon Notify: ShellScrap - C:\WINDOWS\system32\MIC42SVE.DLL (file missing)

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program\Diskeeper Corporation\Diskeeper\DkService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program\Delade filer\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program\iPod\bin\iPodService.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program\CyberLink\Shared Files\RichVideo.exe

 

[/log]

 

[Cecilia]

Det finns otrevligheter i loggen.

 

Ladda ner ComboFix:

http://download.bleepingcomputer.com/sUBs/combofix.exe

 

Kör den och följ anvisningarna som visas.

 

VIKTIGT! Klicka inte på Combofix-fönstret med musen när den körs annars kan den hänga upp sig.

 

När den är färdig så ska en logg komma upp, klistra in den här, samt en ny HijackThis-logg.

 

[Cecilia]

Niklas76 har problem att logga in så jag fick loggarna på mejl i stället.

 

[log]Niklas - 07-01-06 0:35:20,01 Service Pack 2

ComboFix 06.11.27 - Running from: "C:\Div Program"

 

((((((((((((((((((((((((((((((((((((((((((((( Look2Me's Log ))))))))))))))))))))))))))))))))))))))))))))))))))

 

 

Granting sedebugprivilege to Administratörer ... successful

 

 

(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

 

 

C:\WINDOWS\system32\components

C:\Program\Delade filer\{883069C1-08A3-1053-1021-05092305002e}

 

 

((((((((((((((((((((((((((((((( Files Created from 2006-12-06 to 2007-01-06 ))))))))))))))))))))))))))))))))))

 

 

2007-01-05 20:11 <KAT> d-------- C:\Program\Hijackthis

2007-01-05 18:11 <KAT> d-------- C:\Program\SAMSUNG

2007-01-05 18:05 2,916,352 --------- C:\WINDOWS\UNNMP.exe

2007-01-05 18:04 155,648 --a------ C:\WINDOWS\system32\NeroCheck.exe

2007-01-05 18:03 2,977,792 --------- C:\WINDOWS\UNNeroVision.exe

2007-01-05 18:03 <KAT> d-------- C:\Program\Delade filer\Nero

2007-01-05 18:02 476,320 --------- C:\WINDOWS\system32\ImagXpr7.dll

2007-01-05 18:02 471,040 --------- C:\WINDOWS\system32\ImagXRA7.dll

2007-01-05 18:02 38,912 --------- C:\WINDOWS\system32\picn20.dll

2007-01-05 18:02 364,544 --------- C:\WINDOWS\system32\TwnLib4.dll

2007-01-05 18:02 262,144 --------- C:\WINDOWS\system32\ImagXR7.dll

2007-01-05 18:02 106,496 --a------ C:\WINDOWS\system32\TwnLib20.dll

2007-01-05 18:02 1,568,768 --------- C:\WINDOWS\system32\ImagX7.dll

2007-01-05 18:02 <KAT> d-------- C:\Documents and Settings\All Users\Application Data\Ahead

2007-01-04 18:04 <KAT> dr-h----- C:\Documents and Settings\Niklas\Recent

2006-12-26 22:14 24,064 --------- C:\WINDOWS\system32\msxml3a.dll

2006-12-26 22:14 <KAT> d-------- C:\Documents and Settings\All Users\Application Data\CyberLink

2006-12-26 21:48 <KAT> dr-h----- C:\Documents and Settings\Niklas\Application Data\SecuROM

2006-12-26 21:36 68,888 --a------ C:\WINDOWS\system32\xinput1_3.dll

2006-12-26 21:36 62,744 --a------ C:\WINDOWS\system32\xinput1_2.dll

2006-12-26 21:36 237,848 --a------ C:\WINDOWS\system32\xactengine2_4.dll

2006-12-26 21:36 236,824 --a------ C:\WINDOWS\system32\xactengine2_3.dll

2006-12-26 21:36 2,414,360 --a------ C:\WINDOWS\system32\d3dx9_31.dll

2006-12-26 21:36 15,128 --a------ C:\WINDOWS\system32\x3daudio1_1.dll

2006-12-26 21:14 <KAT> d-------- C:\Documents and Settings\Niklas\Application Data\InstallShield

2006-12-26 21:08 <KAT> d-------- C:\Program\DAEMON Tools

2006-12-25 15:02 <KAT> d-------- C:\Program\Apple Software Update

2006-12-25 14:48 <KAT> d-------- C:\Documents and Settings\Niklas\Application Data\Apple Computer

2006-12-25 14:47 <KAT> d-------- C:\Program\QuickTime

2006-12-25 14:46 <KAT> d-------- C:\Program\iTunes

2006-12-25 14:45 38,229 --------- C:\WINDOWS\system32\drivers\StMp3Rec.sys

2006-12-25 14:45 <KAT> d-------- C:\Program\iPod

2006-12-23 15:23 <KAT> d-------- C:\WINDOWS\system32\FlashAX

2006-12-21 18:41 <KAT> d-------- C:\ATI

2006-12-17 20:31 <KAT> d-------- C:\WINDOWS\system32\ageia

2006-12-17 20:31 <KAT> d-------- C:\Program\AGEIA Technologies

2006-12-11 20:33 <KAT> d-------- C:\Roliga klipp

 

 

(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

 

 

2007-01-06 00:36 -------- d-------- C:\Program\Delade filer

2007-01-06 00:34 -------- d-------- C:\Program\Mozilla Firefox

2007-01-06 00:33 -------- d-------- C:\Program\Mozilla Thunderbird

2007-01-05 18:11 -------- d--h----- C:\Program\InstallShield Installation Information

2007-01-05 18:05 -------- d-------- C:\Program\Ahead

2007-01-05 18:02 -------- d-------- C:\Program\Delade filer\Ahead

2007-01-05 17:44 -------- d-------- C:\Program\CyberLink DVD Solution

2007-01-04 18:32 -------- d-------- C:\Documents and Settings\Niklas\Application Data\Microgaming

2006-12-26 22:14 -------- d-------- C:\Program\CyberLink

2006-12-26 21:06 639224 --a------ C:\WINDOWS\system32\drivers\sptd.sys

2006-12-26 00:53 -------- d---s---- C:\Documents and Settings\Niklas\Application Data\Microsoft

2006-12-16 14:14 -------- d-------- C:\Program\Outlook Express

2006-12-16 14:14 -------- d-------- C:\Program\Delade filer\System

2006-12-09 16:56 -------- d-------- C:\Program\Electronic Arts

2006-12-07 06:29 2374472 --a------ C:\WINDOWS\system32\wmvcore.dll

2006-12-05 22:59 -------- d-------- C:\Program\Delade filer\DirectX

2006-11-22 10:52 520192 --------- C:\WINDOWS\system32\ati2sgag.exe

2006-11-22 04:25 2829824 --a------ C:\WINDOWS\system32\drivers\ati2mtag.sys

2006-11-22 04:25 261120 --a------ C:\WINDOWS\system32\ati2dvag.dll

2006-11-22 04:20 118784 --a------ C:\WINDOWS\system32\atipdlxx.dll

2006-11-22 04:20 106496 --a------ C:\WINDOWS\system32\Oemdspif.dll

2006-11-22 04:19 90112 --a------ C:\WINDOWS\system32\ati2evxx.dll

2006-11-22 04:19 42496 --a------ C:\WINDOWS\system32\ati2edxx.dll

2006-11-22 04:19 26112 --a------ C:\WINDOWS\system32\Ati2mdxx.exe

2006-11-22 04:18 430080 --a------ C:\WINDOWS\system32\ati2evxx.exe

2006-11-22 04:17 53248 --a------ C:\WINDOWS\system32\ATIDDC.DLL

2006-11-22 04:12 2526688 --a------ C:\WINDOWS\system32\ati3duag.dll

2006-11-22 04:11 5279744 --a------ C:\WINDOWS\system32\atioglxx.dll

2006-11-22 04:08 1090016 --a------ C:\WINDOWS\system32\ativvaxx.dll

2006-11-22 03:57 217088 --a------ C:\WINDOWS\system32\atikvmag.dll

2006-11-22 03:56 17408 --a------ C:\WINDOWS\system32\atitvo32.dll

2006-11-22 03:51 294912 --a------ C:\WINDOWS\system32\ati2cqag.dll

2006-11-22 03:50 6684672 --a------ C:\WINDOWS\system32\atioglx1.dll

2006-11-22 03:49 307200 --a------ C:\WINDOWS\system32\atiiiexx.dll

2006-11-22 03:21 303104 --a------ C:\WINDOWS\system32\ATIDEMGR.dll

2006-11-21 09:44 -------- d-------- C:\Program\MSXML 4.0

2006-11-17 18:11 -------- d-------- C:\Program\Logitech

2006-11-17 18:11 -------- d-------- C:\Program\Delade filer\Logitech

2006-11-08 06:07 679424 --a------ C:\WINDOWS\system32\inetcomm.dll

2006-11-08 01:31 -------- d-------- C:\Program\Java

2006-11-04 14:14 1245696 --a------ C:\WINDOWS\system32\msxml4.dll

2006-10-20 02:39 712192 --a------ C:\WINDOWS\system32\sxs.dll

2006-10-17 12:33 6049280 --------- C:\WINDOWS\system32\ieframe.dll

2006-10-17 12:33 50688 --------- C:\WINDOWS\system32\msfeedsbs.dll

2006-10-17 12:33 458752 --------- C:\WINDOWS\system32\msfeeds.dll

2006-10-17 12:33 413696 --a------ C:\WINDOWS\system32\vbscript.dll

2006-10-17 12:33 231424 --a------ C:\WINDOWS\system32\webcheck.dll

2006-10-17 12:33 180736 --------- C:\WINDOWS\system32\ieui.dll

2006-10-17 12:33 156160 --a------ C:\WINDOWS\system32\msls31.dll

2006-10-17 12:06 78336 --a------ C:\WINDOWS\system32\ieencode.dll

2006-10-17 12:05 40960 --a------ C:\WINDOWS\system32\licmgr10.dll

2006-10-17 12:05 206336 --------- C:\WINDOWS\system32\WinFXDocObj.exe

2006-10-17 12:05 105984 --a------ C:\WINDOWS\system32\url.dll

2006-10-17 12:04 101376 --a------ C:\WINDOWS\system32\occache.dll

2006-10-17 12:03 17408 --a------ C:\WINDOWS\system32\corpol.dll

2006-10-17 12:01 71680 --a------ C:\WINDOWS\system32\admparse.dll

2006-10-17 12:01 55296 --a------ C:\WINDOWS\system32\iesetup.dll

2006-10-17 12:01 382976 --a------ C:\WINDOWS\system32\iedkcs32.dll

2006-10-17 12:01 229376 --a------ C:\WINDOWS\system32\ieaksie.dll

2006-10-17 12:01 152064 --a------ C:\WINDOWS\system32\ieakeng.dll

2006-10-17 12:01 13312 --a------ C:\WINDOWS\system32\ieudinit.exe

2006-10-17 12:00 54784 --a------ C:\WINDOWS\system32\ie4uinit.exe

2006-10-17 12:00 43008 --a------ C:\WINDOWS\system32\iernonce.dll

2006-10-17 12:00 123904 --a------ C:\WINDOWS\system32\advpack.dll

2006-10-17 11:58 61952 --------- C:\WINDOWS\system32\icardie.dll

2006-10-17 11:58 12288 --------- C:\WINDOWS\system32\msfeedssync.exe

2006-10-17 11:57 36352 --a------ C:\WINDOWS\system32\imgutil.dll

2006-10-17 11:57 266752 --------- C:\WINDOWS\system32\iertutil.dll

2006-10-17 11:56 45568 --a------ C:\WINDOWS\system32\mshta.exe

2006-10-17 11:28 48128 --a------ C:\WINDOWS\system32\mshtmler.dll

2006-10-17 11:27 380928 --------- C:\WINDOWS\system32\ieapfltr.dll

2006-10-17 11:23 161792 --a------ C:\WINDOWS\system32\ieakui.dll

2006-10-13 13:41 141824 --a------ C:\WINDOWS\system32\nwprovau.dll

 

 

(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

 

*Note* empty entries are not shown

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]

"CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.exe"

"MsnMsgr"="\"C:\\Program\\MSN Messenger\\MsnMsgr.Exe\" /background"

"Steam"="\"c:\\spel\\valve\\steam\\steam.exe\" -silent"

"H/PC Connection Agent"="\"C:\\Program\\MICROS~4\\wcescomm.exe\""

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]

"SoundMan"="SOUNDMAN.EXE"

"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE"

@=""

"itype"="\"C:\\Program\\Microsoft IntelliType Pro\\itype.exe\""

"HP Software Update"="C:\\Program\\HP\\HP Software Update\\HPWuSchd2.exe"

"DiskeeperSystray"="\"C:\\Program\\Diskeeper Corporation\\Diskeeper\\DkIcon.exe\""

"SunJavaUpdateSched"="\"C:\\Program\\Java\\jre1.5.0_09\\bin\\jusched.exe\""

"bhyf826d"="RUNDLL32.EXE w296cd6d.dll,n 002f826b0000000a296cd6d"

"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"

"ATICCC"="\"C:\\Program\\ATI Technologies\\ATI.ACE\\CLIStart.exe\""

"QuickTime Task"="\"C:\\Program\\QuickTime\\qttask.exe\" -atboottime"

"iTunesHelper"="\"C:\\Program\\iTunes\\iTunesHelper.exe\""

"DAEMON Tools"="\"C:\\Program\\DAEMON Tools\\daemon.exe\" -lang 1033"

"RemoteControl"="C:\\Program\\CyberLink\\PowerDVD\\PDVDServ.exe"

"LanguageShortcut"="C:\\Program\\CyberLink\\PowerDVD\\Language\\Language.exe"

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]

"Installed"="1"

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]

"Installed"="1"

"NoChange"="1"

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]

"Installed"="1"

 

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]

"DeskHtmlVersion"=dword:00000110

"DeskHtmlMinorVersion"=dword:00000005

"Settings"=dword:00000001

"GeneralFlags"=dword:00000001

 

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]

"Source"="About:Home"

"SubscribedURL"="About:Home"

"FriendlyName"="Min aktuella startsida"

"Flags"=dword:00000002

"Position"=hex:2c,00,00,00,00,01,00,00,00,00,00,00,00,04,00,00,e2,03,00,00,00, 00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00

"CurrentState"=hex:04,00,00,40

"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff, ff,ff,04,00,00,00

"RestoredStateInfo"=hex:18,00,00,00,6a,02,00,00,23,00,00,00,a4,00,00,00,9a,00, 00,00,01,00,00,00

 

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]

"CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"

 

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]

"CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]

"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"

"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]

"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"NoDriveTypeAutoRun"=dword:00000091

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"dontdisplaylastusername"=dword:00000000

"legalnoticecaption"=""

"legalnoticetext"=""

"shutdownwithoutlogon"=dword:00000001

"undockwithoutlogon"=dword:00000001

 

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]

"NoDriveTypeAutoRun"=dword:00000091

 

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]

"NoDriveTypeAutoRun"=dword:00000091

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]

"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"

"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"

"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"

"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]

"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

 

 

Contents of the 'Scheduled Tasks' folder

C:\WINDOWS\tasks\AppleSoftwareUpdate.job

 

Completion time: 07-01-06 0:37:30.03

C:\ComboFix.txt ... 07-01-06 00:37[/log]

 

[log]Logfile of HijackThis v1.99.1

Scan saved at 00:41:09, on 2007-01-06

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.5730.0011)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Program\Diskeeper Corporation\Diskeeper\DkService.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\Program\CyberLink\Shared Files\RichVideo.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\Program\Microsoft IntelliType Pro\itype.exe

C:\Program\HP\HP Software Update\HPWuSchd2.exe

C:\Program\Java\jre1.5.0_09\bin\jusched.exe

C:\Program\QuickTime\qttask.exe

C:\Program\iTunes\iTunesHelper.exe

C:\Program\DAEMON Tools\daemon.exe

C:\Program\CyberLink\PowerDVD\PDVDServ.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program\ATI Technologies\ATI.ACE\CLI.EXE

C:\Program\MSN Messenger\MsnMsgr.Exe

C:\spel\valve\steam\steam.exe

C:\Program\MICROS~4\wcescomm.exe

C:\Program\Adobe\Acrobat 7.0\Reader\reader_sl.exe

C:\Program\Personal\bin\Personal.exe

C:\Program\MICROS~4\rapimgr.exe

C:\Program\iPod\bin\iPodService.exe

C:\Program\ATI Technologies\ATI.ACE\cli.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\Program\Hijackthis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.handelsbanken.se/hammarby

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157'>http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896'>http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {71AFD69A-7477-4A2A-BA56-6D26A71C5DE8} - C:\WINDOWS\system32\geedc.dll (file missing)

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program\Java\jre1.5.0_09\bin\ssv.dll

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE

O4 - HKLM\..\Run: [itype] "C:\Program\Microsoft IntelliType Pro\itype.exe"

O4 - HKLM\..\Run: [HP Software Update] C:\Program\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program\Diskeeper Corporation\Diskeeper\DkIcon.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program\Java\jre1.5.0_09\bin\jusched.exe"

O4 - HKLM\..\Run: [bhyf826d] RUNDLL32.EXE w296cd6d.dll,n 002f826b0000000a296cd6d

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [ATICCC] "C:\Program\ATI Technologies\ATI.ACE\CLIStart.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program\DAEMON Tools\daemon.exe" -lang 1033

O4 - HKLM\..\Run: [RemoteControl] C:\Program\CyberLink\PowerDVD\PDVDServ.exe

O4 - HKLM\..\Run: [LanguageShortcut] C:\Program\CyberLink\PowerDVD\Language\Language.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [steam] "c:\spel\valve\steam\steam.exe" -silent

O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program\MICROS~4\wcescomm.exe"

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Personal.lnk = C:\Program\Personal\bin\Personal.exe

O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~3\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_09\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_09\bin\ssv.dll

O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program\MICROS~4\INetRepl.dll

O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program\MICROS~4\INetRepl.dll

O9 - Extra 'Tools' menuitem: Skapa mobilfavorit... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program\MICROS~4\INetRepl.dll

O9 - Extra button: Referensinformation - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program\MICROS~3\OFFICE11\REFIEBAR.DLL

O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Poker Clienter\PartyGaming\PartyPoker\RunApp.exe (file missing)

O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Poker Clienter\PartyGaming\PartyPoker\RunApp.exe (file missing)

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O11 - Options group: [iNTERNATIONAL] International*

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program\MSNMES~1\MSGRAP~1.DLL

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program\Diskeeper Corporation\Diskeeper\DkService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program\Delade filer\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program\iPod\bin\iPodService.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program\CyberLink\Shared Files\RichVideo.exe[/log]

 

[Cecilia]

Det är en gammal Java-version med säkerhetshål i datorn. Avinstallera alla Java i Kontrollpanelen - Lägg till eller ta bort program och installera därefter en ny: http://www.java.com/sv/

 

Installera ett gratis antivirusprogram och skanna igenom datorn noggrant, t ex en av dessa:

http://www.avast.com/eng/avast_4_home.html

http://www.free-av.com/

http://free.grisoft.com/

 

Samt ett antispionprogram:

Ladda hem och installera gratisversionen av SUPERAntiSpyware Free Edition:

http://www.superantispyware.com/download.html

Starta programmet, klicka på Check for updates.

Avsluta programmet när uppdateringen är klar.

 

[log]Starta om datorn i felsäkert läge (tryck F8 upprepade gånger under uppstarten och välj felsäkert läge i menyn).

 

Starta SUPERAntiSpyware och klicka på Scan your Computer.

Bocka för alla hårddiskar (fixed drive/disk).

Välj Perform complete scan

Nästa/Next

 

När skanningen är klar som kommer det upp en sammanfattning, tryck på OK

Nästa/Next

Utför eller liknande

Ett fönster med Quarantine and removal Complete kommer upp

OK

Utför eller liknande

Avsluta programmet.

 

Starta om i normalt läge.

 

Starta programmet, tryck på Preferences, välj filken Statistics/Logs

Dubbelklicka på den nyaste SUPERAntiSpyware Scan Log så att loggen kommer upp i Anteckningar.

Klistra in loggen i ditt svar

 

Skanna med HijackThis och bocka för (om raderna fortfarande finns kvar):

 

O2 - BHO: (no name) - {71AFD69A-7477-4A2A-BA56-6D26A71C5DE8} - C:\WINDOWS\system32\geedc.dll (file missing)

O4 - HKLM\..\Run: [bhyf826d] RUNDLL32.EXE w296cd6d.dll,n 002f826b0000000a296cd6d

 

Om du inte längre kör PartyPoker så även dessa rader:

O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Poker Clienter\PartyGaming\PartyPoker\RunApp.exe (file missing)

O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Poker Clienter\PartyGaming\PartyPoker\RunApp.exe (file missing)

 

Avsluta alla andra program.

Tryck Fix checked.

 

Starta om datorn i felsäkert läge (tryck F8 upprepade gånger under uppstarten och välj felsäkert läge i menyn).

 

Ställ in Utforskaren så att du kan se alla filer:

Verktyg - (Mapp)alternativ eller liknande - Visning

Välj Visa dolda filer och mappar

Avbocka Dölj filnamnstillägg för kända filtyper

Avbocka Dölj skyddade operativsystemfiler

 

Ta bort filerna (om de finns kvar):

C:\WINDOWS\system32\geedc.dll

C:\WINDOWS\system32\w296cd6d.dll

C:\WINDOWS\w296cd6d.dll

 

Starta om i normalt läge och så en ny HijackThis-logg.[/log]

 

[Stefan Eklinder]

 

 

Tråden flyttad till Virus - Antivirus

 

 

---

C:\Eforum\Stefan Eklinder> moderator DrData|

 

"Om allt verkar gå bra, måste du ha missat något."

 

- Steven Wright