Just nu i M3-nätverket
Gå till innehåll
Eforum är stängt för nya inlägg och svar sedan 20 juni 2022. Klicka för att läsa vad som hände och om alternativ.

Seg dator

Djezzy

Startad av Djezzy,
i Virus, skadliga program & botemedel

Rekommendera Poster

Djezzy

Djezzy

Postad
Postad

Min dator har blivit väldigt seg... Den mal och mal i minst 20 minuter innan man kan komma in på nätet eller in i word. I aktivitetshanteraren har jag sett att en svchost står på 95000 till 103 000 kB, men sen efter ca 20 min går den ner till ca 23000 och då blir datorn "normal" igen. Jag har rensat så mycket jag kunnat dock utan större resultat.

Vore mycket tacksam om någon kunnig kan hjälpa mig läsa nedanstående HJT-logg.

Tack på förhand!

Djezzy

 

[log]Logfile of HijackThis v1.99.1

Scan saved at 14:49:18, on 2007-02-25

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Program\Alwil Software\Avast4\aswUpdSv.exe

C:\Program\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\UAService7.exe

C:\WINDOWS\system32\MsPMSPSv.exe

C:\Program\ALWILS~1\Avast4\ashDisp.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program\Alwil Software\Avast4\ashMaiSv.exe

C:\Program\Alwil Software\Avast4\ashWebSv.exe

C:\Program\Zone Labs\ZoneAlarm\zlclient.exe

C:\WINDOWS\system32\ZoneLabs\vsmon.exe

C:\Program\Internet Explorer\iexplore.exe

C:\DOCUME~1\djezzy\LOKALA~1\Temp\Temporär katalog 1 för hijackthis[2].zip\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=proxy1.telia.com:8080

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = http://login1.telia.com

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program\SPYBOT~1\SDHelper.dll

O2 - BHO: QUICKfind BHO Object - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - C:\Program\IDM\QUICKfind\PlugIns\IEHelp.dll

O4 - HKLM\..\Run: [avast!] C:\Program\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program\Zone Labs\ZoneAlarm\zlclient.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O9 - Extra button: Föräldra-... - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\WINDOWS\System32\shdocvw.dll

O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\WINDOWS\System32\shdocvw.dll

O9 - Extra 'Tools' menuitem: Föräldra-... - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\WINDOWS\System32\shdocvw.dll

O9 - Extra button: Referensinformation - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O11 - Options group: [iNTERNATIONAL] International*

O14 - IERESET.INF: START_PAGE_URL=http://start.tele2.se

O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} -

O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - http://ipgweb.cce.hp.com/rdqaio/downloads/sysinfo.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1120729057060

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1121525141883

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,4950/mcfscan.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{A6E53535-B4F1-4EF2-B09F-75D293807A85}: NameServer = 81.216.65.11,81.216.65.12

O20 - Winlogon Notify: WgaLogon - WgaLogon.dll (file missing)

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - Unknown owner - C:\Program\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Program\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: MicrosoftSecure - Unknown owner - C:\WINDOWS\system32\x64\sd.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe

O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe[/log]

 

 

[inlägget ändrat 2007-02-25 16:19:15 av Djezzy]

[inlägget ändrat 2007-02-25 16:20:56 av Djezzy]

 

[inlägget ändrat 2007-03-03 18:22:27 av Anders N]

Länk till kommentar
Dela på andra webbplatser
Cecilia

Cecilia

Postad
Postad

Gå till http://www.virustotal.com/ klistra in följande filnamn i rutan, tryck på Send och vänta tills resultatet är klart (Status blir Finished). Klistra in resultatet (inkl. filstorlek) här.

C:\WINDOWS\system32\x64\sd.exe

 

Vet du vad följande kan vara för knappar/menyval du har extra i Internet Explorer?

O9 - Extra button: Föräldra-... - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\WINDOWS\System32\shdocvw.dll

O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\WINDOWS\System32\shdocvw.dll

O9 - Extra 'Tools' menuitem: Föräldra-... - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\WINDOWS\System32\shdocvw.dll

 

 

Länk till kommentar
Dela på andra webbplatser
Djezzy

Djezzy

Postad
  • Trådskapare
Postad

1. svaret från virustotal

AntiVir 7.3.1.38 02.25.2007 no virus found

Authentium 4.93.8 02.25.2007 no virus found

Avast 4.7.936.0 02.23.2007 no virus found

AVG 386 02.25.2007 no virus found

BitDefender 7.2 02.25.2007 no virus found

CAT-QuickHeal 9.00 02.24.2007 no virus found

ClamAV devel-20060426 02.25.2007 no virus found

DrWeb 4.33 02.25.2007 no virus found

eSafe 7.0.14.0 02.25.2007 no virus found

eTrust-Vet 30.4.3424 02.23.2007 no virus found

Ewido 4.0 02.25.2007 no virus found

FileAdvisor 1 02.25.2007 No threat detected

Fortinet 2.85.0.0 02.25.2007 HackerTool/Srunner

F-Prot 4.3.1.45 02.25.2007 no virus found

F-Secure 6.70.13030.0 02.25.2007 no virus found

Ikarus T3.1.0.31 02.25.2007 no virus found

Kaspersky 4.0.2.24 02.25.2007 no virus found

McAfee 4970 02.23.2007 potentially unwanted program Tool-SRunner

Microsoft 1.2204 02.25.2007 no virus found

NOD32v2 2080 02.25.2007 no virus found

Norman 5.80.02 02.23.2007 no virus found

Panda 9.0.0.4 02.25.2007 Hacktool/SRunner.H

Prevx1 V2 02.25.2007 Spyware.Banker

Sophos 4.14.0 02.24.2007 Service Daemon

Sunbelt 2.2.907.0 02.24.2007 no virus found

Symantec 10 02.25.2007 Trojan Horse

TheHacker 6.1.6.064 02.25.2007 no virus found

UNA 1.83 02.23.2007 no virus found

VBA32 3.11.2 02.25.2007 no virus found

VirusBuster 4.3.19:9 02.25.2007 no virus found

 

 

Aditional Information

File size: 61440 bytes

MD5: b1ea2a037ad3a594b2bf9acfaaf2b4f5

SHA1: 13d84204d3df7e800bae8232baa3b5e20d89f783

Bit9 info: http://fileadvisor.bit9.com/services/extinfo.aspx?md5=b1ea2a037ad3a594b2bf9acfaaf2b4f5

Prevx info: http://fileinfo

 

2.har inga knappar/menyval som jag inte känner väl. Jag misstänker att dessa kan vara rester från F-secure som var installerad på datorn och som orsakade mig en hel bekymmer i samband med avinstallation.

 

Hälsningar

Djezzy

 

 

Länk till kommentar
Dela på andra webbplatser
Djezzy

Djezzy

Postad
  • Trådskapare
Postad

Hej Cecilia

Panda har inte hittat nåt, har skannat datorn 2 ggr för att vara helt säker.

Här är svaret: No viruses or other malicious software have been found!

Mvh

Djezzy

 

Länk till kommentar
Dela på andra webbplatser
Cecilia

Cecilia

Postad
Postad

Okej

 

Inget otrevligt kvar i HijackThis-loggen, men du kan ju ta bort de där resterna av F-secure. Fast då är det viktigt att du inte kör HijackThis inifrån zip-filen, utan det måste packas upp och stoppas i en egen mapp, alternativt installera denna variant av HijackThis: http://www.thespykiller.co.uk/files/HJTsetup.exe

 

Skanna med HijackThis och bocka för:

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

O9 - Extra button: Föräldra-... - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\WINDOWS\System32\shdocvw.dll

O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\WINDOWS\System32\shdocvw.dll

O9 - Extra 'Tools' menuitem: Föräldra-... - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\WINDOWS\System32\shdocvw.dll

 

Avsluta alla andra program.

Tryck Fix checked.

 

Starta om datorn och kontrollera själv att ovanstående rader är borta ur en ny HijackThis-logg.

Hur uppför sig datorn nu?

 

Länk till kommentar
Dela på andra webbplatser
Djezzy

Djezzy

Postad
  • Trådskapare
Postad

Datorn är lika seg som om vi inte gjort nåt med den.

Men Cecilia, ska vi låta O23 - Service: MicrosoftSecure - Unknown owner - C:\WINDOWS\system32\x64\sd.exe vara utan åtgärd?

Svaret från Virustotal var ju att vissa virusprogram som bl.a Fortinet ansåg den vara en HackerTool/SRunner.

Mvh

 

 

Länk till kommentar
Dela på andra webbplatser
Cecilia

Cecilia

Postad
Postad

Finns den kvar i HijackThis-loggen nu när den är inaktiverad?

 

Lite konstigt att Panda-skanningen inte hittade filen. Symantec hittade något också på Virustotal-sidan, se om deras online-skanning hittar något:

http://security.symantec.com/

 

Hur rensade du datorn själv?

 

Länk till kommentar
Dela på andra webbplatser
Djezzy

Djezzy

Postad
  • Trådskapare
Postad

Symantec hittade C:\WINDOWS\system32\x64\sd.exe is infected with Trojan Horse .

Vad gör vi med den?

Jag har varken erfarenhet eller kunskap om virus och liknande. Det är första gången jag drabbas av eländet fast jag har haft internet i över 10 år. Men nångång ska det vara första gången ....

Mvh

 

 

 

[inlägget ändrat 2007-02-27 02:29:20 av Djezzy]

Länk till kommentar
Dela på andra webbplatser
Djezzy

Djezzy

Postad
  • Trådskapare
Postad

Hej igen Cecilia!

1.

C:\WINDOWS\system32\x64\sd.exe BORTTAGEN

 

2.

[log]Logfile of HijackThis v1.99.1

Scan saved at 18:17:54, on 2007-02-27

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16414)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\ZoneLabs\vsmon.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Program\Alwil Software\Avast4\aswUpdSv.exe

C:\Program\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\UAService7.exe

C:\WINDOWS\system32\MsPMSPSv.exe

C:\Program\Alwil Software\Avast4\ashMaiSv.exe

C:\Program\Alwil Software\Avast4\ashWebSv.exe

C:\Program\ALWILS~1\Avast4\ashDisp.exe

C:\Program\Zone Labs\ZoneAlarm\zlclient.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program\Hijackthis\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=proxy1.telia.com:8080

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = http://login1.telia.com

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program\SPYBOT~1\SDHelper.dll

O2 - BHO: QUICKfind BHO Object - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - C:\Program\IDM\QUICKfind\PlugIns\IEHelp.dll

O4 - HKLM\..\Run: [avast!] C:\Program\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program\Zone Labs\ZoneAlarm\zlclient.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O9 - Extra button: Referensinformation - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O11 - Options group: [iNTERNATIONAL] International*

O14 - IERESET.INF: START_PAGE_URL=http://start.tele2.se

O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} -

O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab

O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - http://ipgweb.cce.hp.com/rdqaio/downloads/sysinfo.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1120729057060

O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1121525141883

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,4950/mcfscan.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{A6E53535-B4F1-4EF2-B09F-75D293807A85}: NameServer = 81.216.65.11,81.216.65.12

O20 - Winlogon Notify: WgaLogon - WgaLogon.dll (file missing)

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - Unknown owner - C:\Program\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Program\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe

O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

[/log]

3.

Ska jag fortsätta ha MicrosoftSecure inaktiverad?

Mvh

Djezzy

 

 

 

 

Länk till kommentar
Dela på andra webbplatser
Cecilia

Cecilia

Postad
Postad

1. Bra!

 

2. Jag ser inget otrevligt i loggen

 

3. Ja, det var ju sd.exe

 

Kolla upp datorn med ett av dessa antispionprogram:

http://www.ewido.net/en/

http://www.superantispyware.com/

 

Vi kan se om ComboScan visar något. Ladda ner ComboScan till Skrivbordet.

http://www.techsupportforum.com/sectools/Deckard/comboscan.exe

 

Avsluta alla program.

Kör ComboScan och följ anvisningarna som visas.

Om brandväggen frågar så tillåt sigcheck.exe att komma ut på internet.

När det är klart så skapas två loggfiler, C:\ComboScan.txt och C:\Supplementary.txt. Klistra in dem här.

 

Jag kollar loggarna i morgon.

 

Länk till kommentar
Dela på andra webbplatser
Djezzy

Djezzy

Postad
  • Trådskapare
Postad

Ewido hittade ingeting.

 

[log]ComboScan v20070226.18 run by djezzy on 2007-02-27 at 21:51:58

Computer is in Normal Mode.

--------------------------------------------------------------------------------

 

Unable to create System Restore WMI object; error code: 0x80070422

Performed disk cleanup.

 

 

-- HijackThis (run as djezzy.exe) -----------------------------------------------

 

[LOG]Logfile of HijackThis v1.99.1

Scan saved at 21:52:14, on 2007-02-27

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16414)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Program\Alwil Software\Avast4\aswUpdSv.exe

C:\Program\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\UAService7.exe

C:\WINDOWS\system32\MsPMSPSv.exe

C:\Program\ALWILS~1\Avast4\ashDisp.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program\Internet Explorer\iexplore.exe

C:\Documents and Settings\djezzy\Skrivbord\comboscan.exe

C:\Program\HIJACK~1\djezzy.exe

 

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=proxy1.telia.com:8080

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = http://login1.telia.com

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program\SPYBOT~1\SDHelper.dll

O2 - BHO: QUICKfind BHO Object - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - C:\Program\IDM\QUICKfind\PlugIns\IEHelp.dll

O4 - HKLM\..\Run: [avast!] C:\Program\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program\Zone Labs\ZoneAlarm\zlclient.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O9 - Extra button: Referensinformation - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O11 - Options group: [iNTERNATIONAL] International*

O14 - IERESET.INF: START_PAGE_URL=http://start.tele2.se

O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab

O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} -

O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab

O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - http://ipgweb.cce.hp.com/rdqaio/downloads/sysinfo.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1120729057060

O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1121525141883

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,4950/mcfscan.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{A6E53535-B4F1-4EF2-B09F-75D293807A85}: NameServer = 81.216.65.11,81.216.65.12

O20 - Winlogon Notify: WgaLogon - WgaLogon.dll (file missing)

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - Unknown owner - C:\Program\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Program\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe

O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

 

 

-- HijackThis Fixed Entries (C:\Program\HIJACK~1\backups\) ----------------------

 

backup-20070226-191847-103 O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\WINDOWS\System32\shdocvw.dll

backup-20070226-191847-137 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

backup-20070226-191847-416 O9 - Extra button: Föräldra-... - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\WINDOWS\System32\shdocvw.dll

backup-20070226-191847-772 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

backup-20070226-191848-967 O9 - Extra 'Tools' menuitem: Föräldra-... - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\WINDOWS\System32\shdocvw.dll

 

-- File Associations ------------------------------------------------------------

 

.bat - batfile - "%1" %*

.chm - chm.file - "C:\WINDOWS\hh.exe" %1

.cmd - cmdfile - "%1" %*

.com - comfile - "%1" %*

.exe - exefile - "%1" %*

.hlp - hlpfile - %SystemRoot%\System32\winhlp32.exe %1

.inf - inffile - %SystemRoot%\System32\NOTEPAD.EXE %1

.ini - inifile - %SystemRoot%\System32\NOTEPAD.EXE %1

.js - JSFile - NOTEPAD.EXE %1

.lnk - lnkfile - {00021401-0000-0000-C000-000000000046}

.pif - piffile - "%1" %*

.reg - regfile - regedit.exe "%1"

.scr - scrfile - "%1" /s

.txt - txtfile - %SystemRoot%\system32\NOTEPAD.EXE %1

.vbs - VBSFile - NOTEPAD.EXE %1

 

 

-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ----------------------

 

3 ac97intc (Installationstjänst för Intel® 82801-ljuddrivrutin (WDM)) - system32\drivers\ac97intc.sys (not found)

3 actser - system32\drivers\actser.sys (not found)

3 CCDECODE (Avkodare för dold textning) - system32\DRIVERS\CCDECODE.sys (not found)

3 CO_Mon - C:\WINDOWS\system32\drivers\CO_Mon.sys

3 HidUsb (Microsoft HID-klassdrivrutin) - system32\DRIVERS\hidusb.sys (not found)

3 HPZid412 (IEEE-1284.4 Driver HPZid412) - system32\DRIVERS\HPZid412.sys (not found)

3 HPZipr12 (Print Class Driver for IEEE-1284.4 HPZipr12) - system32\DRIVERS\HPZipr12.sys (not found)

3 HPZius12 (USB to IEEE-1284.4 Translation Driver HPZius12) - system32\DRIVERS\HPZius12.sys (not found)

3 i81x - System32\DRIVERS\i81xnt5.sys (not found)

3 iAimFP0 - System32\DRIVERS\wADV01nt.sys (not found)

3 iAimFP1 - System32\DRIVERS\wADV02NT.sys (not found)

3 iAimFP2 - System32\DRIVERS\wADV05NT.sys (not found)

3 iAimFP3 - System32\DRIVERS\wSiINTxx.sys (not found)

3 iAimFP4 - System32\DRIVERS\wVchNTxx.sys (not found)

3 iAimFP5 - system32\DRIVERS\wADV07nt.sys (not found)

3 iAimFP6 - system32\DRIVERS\wADV08nt.sys (not found)

3 iAimFP7 - system32\DRIVERS\wADV09nt.sys (not found)

3 iAimTV0 - System32\DRIVERS\wATV01nt.sys (not found)

3 iAimTV1 - System32\DRIVERS\wATV02NT.sys (not found)

3 iAimTV2 - System32\DRIVERS\wATV03nt.sys (not found)

3 iAimTV3 - System32\DRIVERS\wATV04nt.sys (not found)

3 iAimTV4 - System32\DRIVERS\wCh7xxNT.sys (not found)

3 iAimTV5 - system32\DRIVERS\wATV10nt.sys (not found)

3 iAimTV6 - system32\DRIVERS\wATV06nt.sys (not found)

1 kbdhid (HID-drivrutin för tangentbord) - system32\DRIVERS\kbdhid.sys (not found)

3 LVUSBSta (Logitech USB Monitor Filter) - system32\drivers\lvusbsta.sys (not found)

3 MODEMCSA (Enhet för Unimodem-direktuppspelningsfilter) - system32\drivers\MODEMCSA.sys (not found)

3 mouhid (HID-drivrutin för mus) - System32\DRIVERS\mouhid.sys (not found)

3 MSTEE (Tee/Sink-to-Sink-konverterare för Microsoft-direktuppspelning) - system32\drivers\MSTEE.sys (not found)

3 ms_mpu401 (Drivrutin för Microsoft MPU-401 MIDI UART) - system32\drivers\msmpu401.sys (not found)

3 NABTSFEC (NABTS/FEC VBI Codec) - system32\DRIVERS\NABTSFEC.sys (not found)

3 NdisIP (Microsoft TV/Video-anslutning) - system32\DRIVERS\NdisIP.sys (not found)

2 PavProc (Panda Process Protection Driver) - C:\WINDOWS\system32\drivers\PavProc.sys

2 PfModNT - C:\WINDOWS\system32\drivers\PfModNT.sys (not found)

0 PxHelp20 - System32\Drivers\PxHelp20.sys (not found)

3 QCMerced (Logitech QuickCam Communicate) - system32\DRIVERS\LVCM.sys (not found)

3 ROOTMODEM (Microsoft Legacy Modem Driver) - System32\Drivers\RootMdm.sys (not found)

3 rtl8139 (Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver) - System32\DRIVERS\RTL8139.SYS (not found)

3 SLIP (BDA Slip De-Framer) - system32\DRIVERS\SLIP.sys (not found)

3 SONYPVU1 (Sony USB Filter Driver (SONYPVU1)) - system32\DRIVERS\SONYPVU1.SYS (not found)

0 srescan - system32\ZoneLabs\srescan.sys (not found)

3 streamip (BDA IPSink) - system32\DRIVERS\StreamIP.sys (not found)

3 usbaudio (USB-ljuddrivrutiner (WDM)) - system32\drivers\usbaudio.sys (not found)

3 usbccgp (Microsoft USB Generic Parent Driver) - system32\DRIVERS\usbccgp.sys (not found)

3 usbprint (Microsoft USB-skrivarklass) - system32\DRIVERS\usbprint.sys (not found)

3 usbscan (Drivrutin för USB-skanner) - system32\DRIVERS\usbscan.sys (not found)

3 USBSTOR (Drivrutin för USB-masslagringsenheter) - system32\DRIVERS\USBSTOR.SYS (not found)

1 vsdatant - System32\vsdatant.sys (not found)

4 WS2IFSL (Stödmiljö för Windows Socket 2.0 Icke-IFS-tjänstprovider) - C:\WINDOWS\system32\drivers\ws2ifsl.sys

3 WSTCODEC (Teletext-codec för världsstandard) - system32\DRIVERS\WSTCODEC.SYS (not found)

3 WudfPf (Windows Driver Foundation - User-mode Driver Framework Platform Driver) - system32\DRIVERS\WudfPf.sys (not found)

3 WudfRd (Windows Driver Foundation - User-mode Driver Framework Reflector) - system32\DRIVERS\wudfrd.sys (not found)

 

 

-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

 

2 aswUpdSv (avast! iAVS4 Control Service) - "C:\Program\Alwil Software\Avast4\aswUpdSv.exe"

2 avast! Antivirus - "C:\Program\Alwil Software\Avast4\ashServ.exe"

3 avast! Mail Scanner - "C:\Program\Alwil Software\Avast4\ashMaiSv.exe" /service

3 avast! Web Scanner - "C:\Program\Alwil Software\Avast4\ashWebSv.exe" /service

4 MicrosoftSecure - C:\WINDOWS\system32\x64\sd.exe

3 ose (Office Source Engine) - "C:\Program\Delade filer\Microsoft Shared\Source Engine\OSE.EXE"

4 PavPrSrv (Panda Process Protection Service) - "C:\Program\Delade filer\Panda Software\PavShld\pavprsrv.exe"

2 Pml Driver HPZ12 - C:\WINDOWS\system32\HPZipm12.exe

2 UserAccess7 (SecuROM User Access Service (V7)) - C:\WINDOWS\system32\UAService7.exe

2 vsmon (TrueVector Internet Monitor) - C:\WINDOWS\system32\ZoneLabs\vsmon.exe -service

2 WMDM PMSP Service - C:\WINDOWS\system32\MsPMSPSv.exe

 

 

-- Scheduled Tasks --------------------------------------------------------------

 

2007-02-11 14:53:36 534 --a------ C:\WINDOWS\Tasks\Scheduled scanning task.job<SCHEDU~1.JOB>

 

 

-- Files created between 2007-01-27 and 2007-02-27 ------------------------------

 

2007-02-26 21:19:34 28672 --a------ C:\WINDOWS\system32\drivers\CO_Mon.sys

2007-02-26 19:13:04 0 d-------- C:\Program\Hijackthis<HIJACK~1>

2007-02-26 18:09:36 90112 --a------ C:\WINDOWS\system32\LQCUI2.dll

2007-02-25 19:18:20 113014 --a------ C:\WINDOWS\hpoins07.dat

2007-02-25 19:18:18 21124 -----n--- C:\WINDOWS\hpomdl07.dat

2007-02-25 18:50:16 0 dr--s---- C:\WINDOWS\assembly

2007-02-25 18:50:15 0 d-------- C:\WINDOWS\Microsoft.NET<MICROS~1.NET>

2007-02-25 18:50:09 0 d-------- C:\WINDOWS\system32\URTTemp

2007-02-25 17:14:23 2560 --a------ C:\WINDOWS\_MSRSTRT.EXE

2007-02-25 16:30:27 133120 --a------ C:\WINDOWS\system32\zip32.dll

2007-02-25 16:30:27 102400 --a------ C:\WINDOWS\system32\Unzip32.dll

2007-02-25 14:53:13 0 d-------- C:\Program\Loggen

2007-02-25 14:10:33 0 d-------- C:\WINDOWS\SxsCaPendDel<SXSCAP~1>

2007-02-23 17:51:18 0 d-------- C:\Program\CCleaner

2007-02-23 17:08:12 127720 --a------ C:\WINDOWS\system32\mucltui.dll

2007-02-23 16:31:44 1888992 --a------ C:\WINDOWS\system32\ati3duag.dll

2007-02-23 16:29:17 8704 --a------ C:\WINDOWS\system32\kbdjpn.dll

2007-02-23 16:28:51 0 d-------- C:\WINDOWS\DLLArchive<DLLARC~1>

2007-02-16 16:37:04 0 d-------- C:\Program\Lavasoft

2007-02-15 23:22:08 0 d-------- C:\WINDOWS\system32\ZoneLabs

2007-02-14 23:16:04 23352 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys

2007-02-14 23:16:03 43176 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys

2007-02-14 23:16:03 31560 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys

2007-02-14 23:16:00 94424 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys

2007-02-14 23:16:00 85952 --a------ C:\WINDOWS\system32\drivers\aswmon.sys

2007-02-14 23:15:39 90112 --a------ C:\WINDOWS\system32\AVASTSS.scr

2007-02-14 23:15:39 689280 --a------ C:\WINDOWS\system32\aswBoot.exe

2007-02-14 16:48:26 0 d-------- C:\Program\Uninstall Tool<UNINST~2>

2007-02-12 18:58:36 26752 --a------ C:\WINDOWS\system32\drivers\ShldDrv.sys

2007-02-12 18:58:36 163856 --a------ C:\WINDOWS\system32\drivers\PavProc.sys

2007-02-12 18:33:37 0 d-------- C:\Program\Delade filer\Panda Software<PANDAS~1>

2007-02-11 19:47:43 0 d-------- C:\Program\Alwil Software<ALWILS~1>

2007-02-11 14:53:52 0 d-------- C:\Documents and Settings\djezzy\Application Data\F-Secure

2007-02-11 14:36:37 29472 --a------ C:\WINDOWS\system32\drivers\fsndis5.sys

2007-02-11 14:36:37 50080 --a------ C:\WINDOWS\system32\drivers\fsdfw.sys

2007-02-11 14:35:28 0 d-------- C:\Documents and Settings\All Users\Application Data\F-Secure

2007-02-11 14:24:12 0 d-------- C:\Documents and Settings\All Users\Application Data\fssg

2007-02-02 19:53:47 0 d-------- C:\Documents and Settings\djezzy\Application Data\Lavasoft

2007-01-29 09:58:06 60416 -----n--- C:\WINDOWS\system32\tzchange.exe

2007-01-27 17:56:47 0 d-------- C:\WINDOWS\McAfee.com

 

 

-- Find3M Report ----------------------------------------------------------------

 

2007-02-25 19:02:15 321226 --a------ C:\WINDOWS\system32\perfh01D.dat

2007-02-25 19:02:15 50448 --a------ C:\WINDOWS\system32\perfc01D.dat

2007-02-25 11:51:36 0 d--h----- C:\Program\InstallShield Installation Information<INSTAL~1>

2007-02-17 17:36:10 0 d-------- C:\Documents and Settings\djezzy\Application Data\AdobeUM

2007-02-17 16:45:18 0 d-------- C:\Program\Delade filer<DELADE~1>

2007-02-17 16:45:18 0 d-------- C:\Documents and Settings\djezzy\Application Data\XCPCSync.OEM

2007-02-15 23:25:06 4212 ---h----- C:\WINDOWS\system32\zllictbl.dat

2007-02-14 02:32:09 0 d-------- C:\Program\Delade filer\Microsoft Shared<MICROS~1>

2007-02-11 14:08:01 0 d---s---- C:\Documents and Settings\djezzy\Application Data\Microsoft<MICROS~1>

2007-01-26 17:54:15 0 d-------- C:\Program\NE

2007-01-21 17:10:25 0 d-------- C:\Documents and Settings\djezzy\Application Data\iolo

2007-01-12 09:27:42 232960 --a------ C:\WINDOWS\system32\webcheck.dll

2007-01-12 09:27:42 51712 -----n--- C:\WINDOWS\system32\msfeedsbs.dll<MSFEED~1.DLL>

2007-01-12 09:27:42 458752 --a------ C:\WINDOWS\system32\msfeeds.dll

2007-01-12 09:27:42 6054400 --a------ C:\WINDOWS\system32\ieframe.dll

2007-01-08 19:04:54 105984 --a------ C:\WINDOWS\system32\url.dll

2007-01-08 19:04:08 102400 --a------ C:\WINDOWS\system32\occache.dll

2007-01-08 19:02:04 266752 --a------ C:\WINDOWS\system32\iertutil.dll

2007-01-08 19:02:04 44544 --a------ C:\WINDOWS\system32\iernonce.dll

2007-01-08 19:02:02 384000 --a------ C:\WINDOWS\system32\iedkcs32.dll

2007-01-08 19:02:02 230400 --a------ C:\WINDOWS\system32\ieaksie.dll

2007-01-08 19:02:02 153088 --a------ C:\WINDOWS\system32\ieakeng.dll

2007-01-08 19:01:14 17408 --a------ C:\WINDOWS\system32\corpol.dll

2007-01-08 19:00:48 124928 --a------ C:\WINDOWS\system32\advpack.dll

2007-01-08 18:08:14 56832 --a------ C:\WINDOWS\system32\ie4uinit.exe

2007-01-08 18:08:10 13824 --a------ C:\WINDOWS\system32\ieudinit.exe

2007-01-04 19:07:24 0 d-------- C:\Program\Windows Media Connect 2<WINDOW~4>

2006-12-31 17:56:34 1982 --a------ C:\WINDOWS\system32\tmp.reg

2006-12-29 18:55:09 0 d-------- C:\Documents and Settings\djezzy\Application Data\Help

2006-12-19 22:51:09 134656 --a------ C:\WINDOWS\system32\shsvcs.dll

2006-12-19 19:18:38 333824 --a------ C:\WINDOWS\system32\wiaservc.dll

2006-12-01 05:20:32 79360 --a------ C:\WINDOWS\system32\swxcacls.exe

2006-11-27 15:55:51 433152 --a------ C:\WINDOWS\system32\riched20.dll

2006-11-27 15:55:51 539136 --a------ C:\WINDOWS\system32\msftedit.dll

 

 

-- Registry Dump ----------------------------------------------------------------

 

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]

"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]

"avast!"="C:\\Program\\ALWILS~1\\Avast4\\ashDisp.exe"

"Zone Labs Client"="\"C:\\Program\\Zone Labs\\ZoneAlarm\\zlclient.exe\""

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]

"Installed"="1"

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]

"Installed"="1"

"NoChange"="1"

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]

"Installed"="1"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Akhmed^Start-meny^Program^Autostart^TA_Start.lnk]

"path"="C:\\Documents and Settings\\djezzy\\Start-meny\\Program\\Autostart\\TA_Start.lnk"

"backup"="C:\\WINDOWS\\pss\\TA_Start.lnkStartup"

"location"="Startup"

"command"="C:\\WINDOWS\\system32\\dwdsregt.exe OLI001"

"item"="TA_Start"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Akhmed^Start-meny^Program^Autostart^Think-Adz.lnk]

"path"="C:\\Documents and Settings\\djezzy\\Start-meny\\Program\\Autostart\\Think-Adz.lnk"

"backup"="C:\\WINDOWS\\pss\\Think-Adz.lnkStartup"

"location"="Startup"

"command"="C:\\WINDOWS\\system32\\mwintoed.exe OLI001"

"item"="Think-Adz"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start-meny^Program^Autostart^Adobe Reader Speed Launch.lnk]

"backup"="C:\\WINDOWS\\pss\\Adobe Reader Speed Launch.lnkCommon Startup"

"location"="Common Startup"

"command"="C:\\Program\\Adobe\\ACROBA~1.0\\Reader\\READER~1.EXE "

"item"="Adobe Reader Speed Launch"

"path"="C:\\Documents and Settings\\All Users\\Start-meny\\Program\\Autostart\\Adobe Reader Speed Launch.lnk"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start-meny^Program^Autostart^HP Digital Imaging Monitor.lnk]

"backup"="C:\\WINDOWS\\pss\\HP Digital Imaging Monitor.lnkCommon Startup"

"location"="Common Startup"

"command"="C:\\Program\\HP\\DIGITA~1\\bin\\hpqtra08.exe "

"item"="HP Digital Imaging Monitor"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start-meny^Program^Autostart^Logitech Desktop Messenger.lnk]

"backup"="C:\\WINDOWS\\pss\\Logitech Desktop Messenger.lnkCommon Startup"

"location"="Common Startup"

"command"="C:\\PROGRA~1\\Logitech\\DESKTO~1\\8876480\\Program\\LDMConf.exe /start"

"item"="Logitech Desktop Messenger"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AltnetPointsManager]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="points manager"

"hkey"="HKLM"

"inimapping"="0"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\au]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="DealioAU"

"hkey"="HKLM"

"inimapping"="0"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AutoSys]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="autosys"

"hkey"="HKLM"

"inimapping"="0"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="NMBgMonitor"

"hkey"="HKCU"

"command"="\"C:\\Program\\Delade filer\\Ahead\\Lib\\NMBgMonitor.exe\""

"inimapping"="0"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="ctfmon"

"hkey"="HKCU"

"command"="C:\\WINDOWS\\system32\\ctfmon.exe"

"inimapping"="0"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ExploreUpdSched]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="mwintoed"

"hkey"="HKLM"

"command"="C:\\WINDOWS\\system32\\mwintoed.exe OLI001"

"inimapping"="0"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="HPWuSchd2"

"hkey"="HKLM"

"command"="C:\\Program\\HP\\HP Software Update\\HPWuSchd2.exe"

"inimapping"="0"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LDM]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="BackWeb-8876480"

"hkey"="HKCU"

"command"="C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\BackWeb-8876480.exe"

"inimapping"="0"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechSoftwareUpdate]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="ManifestEngine"

"hkey"="HKCU"

"command"="C:\\Program\\Logitech\\Video\\ManifestEngine.exe boot"

"inimapping"="0"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoRepair]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="ISStart"

"hkey"="HKLM"

"command"="C:\\Program\\Logitech\\Video\\ISStart.exe"

"inimapping"="0"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoTray]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="LogiTray"

"hkey"="HKLM"

"command"="C:\\Program\\Logitech\\Video\\LogiTray.exe"

"inimapping"="0"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMSX]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="LVCOMSX"

"hkey"="HKLM"

"command"="C:\\WINDOWS\\system32\\LVCOMSX.EXE"

"inimapping"="0"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft DLL Control]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="sys32"

"hkey"="HKLM"

"command"="sys32.exe"

"inimapping"="0"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="NeroCheck"

"hkey"="HKLM"

"inimapping"="0"

"command"="C:\\WINDOWS\\system32\\NeroCheck.exe"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\New.net Startup]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="NEWDOT~1"

"hkey"="HKLM"

"command"="rundll32 C:\\Program\\NEWDOT~1\\NEWDOT~1.DLL,NewDotNetStartup -s"

"inimapping"="0"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\P2P Networking]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="P2P Networking"

"hkey"="HKLM"

"inimapping"="0"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="qttask"

"hkey"="HKLM"

"command"="\"C:\\Program\\QuickTime\\qttask.exe\" -atboottime"

"inimapping"="0"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegistryMechanic]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"=""

"hkey"="HKLM"

"command"=""

"inimapping"="0"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ReJf5vH]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="kkbyh"

"hkey"="HKLM"

"inimapping"="0"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Siemens SmartSync - ScheduleSync]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="SCHEDU~1"

"hkey"="HKLM"

"inimapping"="0"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="Skype"

"hkey"="HKCU"

"command"="\"C:\\Program\\Skype\\Phone\\Skype.exe\" /nosplash /minimized"

"inimapping"="0"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSystemAnalyzer]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="SMSystemAnalyzer"

"hkey"="HKLM"

"command"="\"C:\\Program\\iolo\\System Mechanic 7\\SMSystemAnalyzer.exe\""

"inimapping"="0"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SurfAccuracy]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="SAcc"

"hkey"="HKLM"

"inimapping"="0"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tbon]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="tbon"

"hkey"="HKCU"

"inimapping"="0"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="MSASCui"

"hkey"="HKLM"

"command"="\"C:\\Program\\Windows Defender\\MSASCui.exe\" -hide"

"inimapping"="0"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="ypager"

"hkey"="HKCU"

"inimapping"="0"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\{9C-C9-95-54-ZN}]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="nsdsregn"

"hkey"="HKLM"

"command"="c:\\windows\\system32\\nsdsregn.exe OLI001"

"inimapping"="0"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"winmgmt"=dword:00000002

"BackWeb Plug-in - 7681197"=dword:00000002

"cmdService"=dword:00000002

"FSMA"=dword:00000002

"FSDFWD"=dword:00000003

"FSAUA"=dword:00000003

"PavPrSrv"=dword:00000002

 

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]

"WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"

 

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]

"DWQueuedReporting"="\"C:\\Program\\DELADE~1\\MICROS~1\\DW\\dwtrig20.exe\" -t"

 

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]

"DWQueuedReporting"="\"C:\\Program\\DELADE~1\\MICROS~1\\DW\\dwtrig20.exe\" -t"

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]

"DisableRegistryTools"=dword:00000000

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"NoClose"=dword:00000000

"nousernameinstartmenu"=dword:00000000

"nosimplestartmenu"=dword:00000000

"nostartmenumfuprogramslist"=dword:00000000

"nostartmenumoreprograms"=dword:00000000

"nochangestartmenu"=dword:00000000

"norecentdochistory"=dword:00000000

"maxrecentdocs"=dword:00000000

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]

"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

 

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\MicrosoftSecure

 

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]

LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0

NetworkService REG_MULTI_SZ DnsCache\0\0

rpcss REG_MULTI_SZ RpcSs\0\0

imgsvc REG_MULTI_SZ StiSvc\0\0

termsvcs REG_MULTI_SZ TermService\0\0

HTTPFilter REG_MULTI_SZ HTTPFilter\0\0

DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0

WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0

 

 

 

-- End of ComboScan: finished at 2007-02-27 at 21:53:41 -------------------------

 

 

ComboScan v20070226.18 run by djezzy on 2007-02-27 at 21:51:58

Supplementary logfile - please post this as an attachment with your post.

--------------------------------------------------------------------------------

 

-- System Information -----------------------------------------------------------

 

Unable to create WMI object; error code: 0x80070422

 

-- Security Center --------------------------------------------------------------

 

AUOptions is set to notify before install.

Windows Internal Firewall is enabled.

 

Unable to create WMI object; error code: 0x80070422

 

 

-- Environment Variables --------------------------------------------------------

 

ALLUSERSPROFILE=C:\Documents and Settings\All Users

APPDATA=C:\Documents and Settings\djezzy\Application Data

CLIENTNAME=Console

CommonProgramFiles=C:\Program\Delade filer

COMPUTERNAME=HEMMADATOR

ComSpec=C:\WINDOWS\system32\cmd.exe

FP_NO_HOST_CHECK=NO

HOMEDRIVE=C:

HOMEPATH=\Documents and Settings\djezzy

LOGONSERVER=\\HEMMADATOR

NUMBER_OF_PROCESSORS=1

OS=Windows_NT

Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem

PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH

PROCESSOR_ARCHITECTURE=x86

PROCESSOR_IDENTIFIER=x86 Family 6 Model 6 Stepping 5, GenuineIntel

PROCESSOR_LEVEL=6

PROCESSOR_REVISION=0605

ProgramFiles=C:\Program

PROMPT=$P$G

SESSIONNAME=Console

SystemDrive=C:

SystemRoot=C:\WINDOWS

TEMP=C:\DOCUME~1\djezzy\LOKALA~1\Temp

TMP=C:\DOCUME~1\djezzy\LOKALA~1\Temp

tvdumpflags=8

USERDOMAIN=HEMMADATOR

USERNAME=djezzy

USERPROFILE=C:\Documents and Settings\djezzy

windir=C:\WINDOWS

 

 

-- User Profiles ----------------------------------------------------------------

 

Djezzy (admin)

 

 

-- Add/Remove Programs ----------------------------------------------------------

 

--> C:\WINDOWS\BWUnin-6.3.2.116-7681197L.exe -AppId 7681197

--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf

Ad-Aware SE Personal --> C:\Program\Lavasoft\AD-AWA~1\UNWISE.EXE C:\Program\Lavasoft\AD-AWA~1\INSTALL.LOG

Adobe Download Manager 2.0 (endast avinstallation) --> "C:\Program\Delade filer\Adobe\ESD\uninst.exe"

Adobe Photoshop Album 2.0 Starter Edition --> MsiExec.exe /I{11B569C2-4BF6-4ED0-9D17-A4273943CB24}

Adobe Reader 7.0.9 - Svenska --> MsiExec.exe /I{AC76BA86-7AD7-1053-7B44-A70900000002}

avast! Antivirus --> rundll32 C:\Program\ALWILS~1\Avast4\Setup\setiface.dll,RunSetup

CCleaner (remove only) --> "C:\Program\CCleaner\uninst.exe"

Drivrutiner till Logitech® Camera --> "C:\Program\Delade filer\Logitech\QCDRV\BIN\SETUP.EXE" UNINSTALL REMOVEPROMPT

GdiplusUpgrade --> MsiExec.exe /I{5421155F-B033-49DB-9B33-8F80F233D4D5}

Hijackthis 1.99.1 --> "C:\Program\Hijackthis\unins000.exe"

HijackThis 1.99.1 --> C:\Program\Hijackthis\HijackThis.exe /uninstall

HP Extended Capabilities 5.3 --> C:\Program\HP\Digital Imaging\ExtCapUninstall\hpzscr01.exe -datfile hpqhsc01.dat

HP Image Zone Express --> MsiExec.exe /X{759524D5-08C9-4E88-8EB3-8D6ECB226C52}

HP Imaging Device Functions 5.3 --> C:\Program\HP\Digital Imaging\DigitalImagingMonitor\hpzscr01.exe -datfile hpqbud01.dat

HP PSC & OfficeJet 5.3.B --> "C:\Program\HP\Digital Imaging\{5B79CFD1-6845-4158-9D7D-6BE89DF2C135}\setup\hpzscr01.exe" -datfile hposcr07.dat

HP Software Update --> MsiExec.exe /X{15EE79F4-4ED1-4267-9B0F-351009325D7D}

HP Solution Center & Imaging Support Tools 5.3 --> C:\Program\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat

JetShell for iAUDIO U2 --> RunDll32 C:\Program\DELADE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program\InstallShield Installation Information\{6ACA4B22-870B-48D9-8C61-C0A032944F0C}\setup.exe" -l0x9

Language pack for Ad-Aware SE --> C:\Download\Plugins\Langs\UNWISE.EXE C:\Download\Plugins\Langs\INSTALL.LOG

Logitech Desktop Messenger --> RunDll32 C:\Program\DELADE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program\InstallShield Installation Information\{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}\Setup.exe" -l0x1d UNINSTALL

Logitech QuickCam --> MsiExec.exe /I{0496D9E9-224B-4AFA-8F37-23B98D52F1EB}

LSP Explorer plug-in for Ad-Aware SE --> C:\Download\Plugins\LSPEXP~1\UNWISE.EXE C:\Download\Plugins\LSPEXP~1\INSTALL.LOG

Macromedia Flash Player 8 --> RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\swflash.inf,DefaultUninstall,5

Macromedia Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log

Messenger-Control plug-in for Ad-Aware SE --> C:\Download\Plugins\MESSEN~1\UNWISE.EXE C:\Download\Plugins\MESSEN~1\INSTALL.LOG

Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"

Microsoft Office Standard Edition 2003 --> MsiExec.exe /I{9112041D-6000-11D3-8CFE-0150048383C9}

Microsoft Office XP Professional med FrontPage --> MsiExec.exe /I{9028041D-6000-11D3-8CFE-0050048383C9}

Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"

[/log]MSN Messenger 7.0 --> MsiExec.exe /I{ABEB838C-A1A7-4C5D-B7E1-8B4314600816}

Multimediautgåvan av Nationalencyklopedin --> C:\Program\NE\INSTALL\UNWISE.EXE C:\Program\NE\INSTALL\INSTALL.LOG

Multimediautgåvan av Nationalencyklopedins ordbok --> C:\Program\NEO\INSTALL\UNWISE.EXE C:\Program\NEO\INSTALL\INSTALL.LOG

Nero 6 Ultra Edition --> C:\Program\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL

Nero Digital --> C:\WINDOWS\UNNeroVision.exe /UNINSTALL

OE/W Messengerctrl plug-in for Ad-Aware SE --> C:\Download\Plugins\OEMESS~1\UNWISE.EXE C:\Download\Plugins\OEMESS~1\INSTALL.LOG

Panda ActiveScan --> C:\WINDOWS\system32\ASUninst.exe Panda ActiveScan

QUICKfind --> RunDll32 C:\Program\DELADE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program\InstallShield Installation Information\{593AFFA4-D08E-4272-BABB-420949D32A10}\Setup.exe" -l0x9

QuickTime --> C:\WINDOWS\unvise32qt.exe C:\WINDOWS\system32\QuickTime\Uninstall.log

Skype 1.3 --> "C:\Program\Skype\Phone\unins000.exe"

Snabbkorrigering för Windows XP (KB914440) --> "C:\WINDOWS\$NtUninstallKB914440$\spuninst\spuninst.exe"

Säkerhetsuppdatering för Windows XP (KB883939) --> "C:\WINDOWS\$NtUninstallKB883939$\spuninst\spuninst.exe"

Säkerhetsuppdatering för Windows XP (KB890046) --> "C:\WINDOWS\$NtUninstallKB890046$\spuninst\spuninst.exe"

Säkerhetsuppdatering för Windows XP (KB893066) --> "C:\WINDOWS\$NtUninstallKB893066$\spuninst\spuninst.exe"

Säkerhetsuppdatering för Windows XP (KB893756) --> "C:\WINDOWS\$NtUninstallKB893756$\spuninst\spuninst.exe"

Säkerhetsuppdatering för Windows XP (KB896358) --> "C:\WINDOWS\$NtUninstallKB896358$\spuninst\spuninst.exe"

Säkerhetsuppdatering för Windows XP (KB896422) --> "C:\WINDOWS\$NtUninstallKB896422$\spuninst\spuninst.exe"

Säkerhetsuppdatering för Windows XP (KB896423) --> "C:\WINDOWS\$NtUninstallKB896423$\spuninst\spuninst.exe"

Säkerhetsuppdatering för Windows XP (KB896424) --> "C:\WINDOWS\$NtUninstallKB896424$\spuninst\spuninst.exe"

Säkerhetsuppdatering för Windows XP (KB896428) --> "C:\WINDOWS\$NtUninstallKB896428$\spuninst\spuninst.exe"

Säkerhetsuppdatering för Windows XP (KB896688) --> "C:\WINDOWS\$NtUninstallKB896688$\spuninst\spuninst.exe"

Säkerhetsuppdatering för Windows XP (KB899587) --> "C:\WINDOWS\$NtUninstallKB899587$\spuninst\spuninst.exe"

Säkerhetsuppdatering för Windows XP (KB899588) --> "C:\WINDOWS\$NtUninstallKB899588$\spuninst\spuninst.exe"

Säkerhetsuppdatering för Windows XP (KB899589) --> "C:\WINDOWS\$NtUninstallKB899589$\spuninst\spuninst.exe"

Säkerhetsuppdatering för Windows XP (KB899591) --> "C:\WINDOWS\$NtUninstallKB899591$\spuninst\spuninst.exe"

Säkerhetsuppdatering för Windows XP (KB900725) --> "C:\WINDOWS\$NtUninstallKB900725$\spuninst\spuninst.exe"

Säkerhetsuppdatering för Windows XP (KB901017) --> "C:\WINDOWS\$NtUninstallKB901017$\spuninst\spuninst.exe"

Säkerhetsuppdatering för Windows XP (KB901190) --> "C:\WINDOWS\$NtUninstallKB901190$\spuninst\spuninst.exe"

Säkerhetsuppdatering för Windows XP (KB901214) --> "C:\WINDOWS\$NtUninstallKB901214$\spuninst\spuninst.exe"

Säkerhetsuppdatering för Windows XP (KB902400) --> "C:\WINDOWS\$NtUninstallKB902400$\spuninst\spuninst.exe"

Säkerhetsuppdatering för Windows XP (KB903235) --> "C:\WINDOWS\$NtUninstallKB903235$\spuninst\spuninst.exe"

Säkerhetsuppdatering för Windows XP (KB904706) --> "C:\WINDOWS\$NtUninstallKB904706$\spuninst\spuninst.exe"

Säkerhetsuppdatering för Windows XP (KB905414) --> "C:\WINDOWS\$NtUninstallKB905414$\spuninst\spuninst.exe"

Säkerhetsuppdatering för Windows XP (KB905749) --> "C:\WINDOWS\$NtUninstallKB905749$\spuninst\spuninst.exe"

Säkerhetsuppdatering för Windows XP (KB905915) --> "C:\WINDOWS\$NtUninstallKB905915$\spuninst\spuninst.exe"

Säkerhetsuppdatering för Windows XP (KB908519) --> "C:\WINDOWS\$NtUninstallKB908519$\spuninst\spuninst.exe"

Säkerhetsuppdatering för Windows XP (KB908531) --> "C:\WINDOWS\$NtUninstallKB908531$\spuninst\spuninst.exe"

Säkerhetsuppdatering för Windows XP (KB911280) --> "C:\WINDOWS\$NtUninstallKB911280$\spuninst\spuninst.exe"

Säkerhetsuppdatering för Windows XP (KB911562) --> "C:\WINDOWS\$NtUninstallKB911562$\spuninst\spuninst.exe"

Säkerhetsuppdatering för Windows XP (KB911567) --> "C:\WINDOWS\$NtUninstallKB911567$\spuninst\spuninst.exe"

Säkerhetsuppdatering för Windows XP (KB911927) --> "C:\WINDOWS\$NtUninstallKB911927$\spuninst\spuninst.exe"

Säkerhetsuppdatering för Windows XP (KB912812) --> "C:\WINDOWS\$NtUninstallKB912812$\spuninst\spuninst.exe"

Säkerhetsuppdatering för Windows XP (KB912919) --> "C:\WINDOWS\$NtUninstallKB912919$\spuninst\spuninst.exe"

Säkerhetsuppdatering för Windows XP (KB913446) --> "C:\WINDOWS\$NtUninstallKB913446$\spuninst\spuninst.exe"

Säkerhetsuppdatering för Windows XP (KB913580) --> "C:\WINDOWS\$NtUninstallKB913580$\spuninst\spuninst.exe"

Säkerhetsuppdatering för Windows XP (KB914388) --> "C:\WINDOWS\$NtUninstallKB914388$\spuninst\spuninst.exe"

Säkerhetsuppdatering för Windows XP (KB914389) --> "C:\WINDOWS\$NtUninstallKB914389$\spuninst\spuninst.exe"

Säkerhetsuppdatering för Windows XP (KB916281) --> "C:\WINDOWS\$NtUninstallKB916281$\spuninst\spuninst.exe"

Säkerhetsuppdatering för Windows XP (KB917159) --> "C:\WINDOWS\$NtUninstallKB917159$\spuninst\spuninst.exe"

Säkerhetsuppdatering för Windows XP (KB917344) --> "C:\WINDOWS\$NtUninstallKB917344$\spuninst\spuninst.exe"

Säkerhetsuppdatering för Windows XP (KB917422) --> "C:\WINDOWS\$NtUninstallKB917422$\spuninst\spuninst.exe"

Säkerhetsuppdatering för Windows XP (KB917953) --> "C:\WINDOWS\$NtUninstallKB917953$\spuninst\spuninst.exe"

Säkerhetsuppdatering för Windows XP (KB918118) --> "C:\WINDOWS\$NtUninstallKB918118$\spuninst\spuninst.exe"

Säkerhetsuppdatering för Windows XP (KB918439) --> "C:\WINDOWS\$NtUninstallKB918439$\spuninst\spuninst.exe"

Säkerhetsuppdatering för Windows XP (KB918899) --> "C:\WINDOWS\$NtUninstallKB918899$\spuninst\spuninst.exe"

Säkerhetsuppdatering för Windows XP (KB919007) --> "C:\WINDOWS\$NtUninstallKB919007$\spuninst\spuninst.exe"

Säkerhetsuppdatering för Windows XP (KB920213) --> "C:\WINDOWS\$NtUninstallKB920213$\spuninst\spuninst.exe"

Säkerhetsuppdatering för Windows XP (KB920214) --> "C:\WINDOWS\$NtUninstallKB920214$\spuninst\spuninst.exe"

Säkerhetsuppdatering för Windows XP (KB920670) --> "C:\WINDOWS\$NtUninstallKB920670$\spuninst\spuninst.exe"

Säkerhetsuppdatering för Windows XP (KB920683) --> "C:\WINDOWS\$NtUninstallKB920683$\spuninst\spuninst.exe"

Säkerhetsuppdatering för Windows XP (KB920685) --> "C:\WINDOWS\$NtUninstallKB920685$\spuninst\spuninst.exe"

Säkerhetsuppdatering för Windows XP (KB921398) --> "C:\WINDOWS\$NtUninstallKB921398$\spuninst\spuninst.exe"

Säkerhetsuppdatering för Windows XP (KB921883) --> "C:\WINDOWS\$NtUninstallKB921883$\spuninst\spuninst.exe"

Säkerhetsuppdatering för Windows XP (KB922616) --> "C:\WINDOWS\$NtUninstallKB922616$\spuninst\spuninst.exe"

Säkerhetsuppdatering för Windows XP (KB922760) --> "C:\WINDOWS\$NtUninstallKB922760$\spuninst\spuninst.exe"

Säkerhetsuppdatering för Windows XP (KB922819) --> "C:\WINDOWS\$NtUninstallKB922819$\spuninst\spuninst.exe"

Säkerhetsuppdatering för Windows XP (KB923191) --> "C:\WINDOWS\$NtUninstallKB923191$\spuninst\spuninst.exe"

Säkerhetsuppdatering för Windows XP (KB923414) --> "C:\WINDOWS\$NtUninstallKB923414$\spuninst\spuninst.exe"

Säkerhetsuppdatering för Windows XP (KB923689) --> "C:\WINDOWS\$NtUninstallKB923689$\spuninst\spuninst.exe"

Säkerhetsuppdatering för Windows XP (KB923694) --> "C:\WINDOWS\$NtUninstallKB923694$\spuninst\spuninst.exe"

Säkerhetsuppdatering för Windows XP (KB923980) --> "C:\WINDOWS\$NtUninstallKB923980$\spuninst\spuninst.exe"

Säkerhetsuppdatering för Windows XP (KB924191) --> "C:\WINDOWS\$NtUninstallKB924191$\spuninst\spuninst.exe"

Säkerhetsuppdatering för Windows XP (KB924270) --> "C:\WINDOWS\$NtUninstallKB924270$\spuninst\spuninst.exe"

Säkerhetsuppdatering för Windows XP (KB924496) --> "C:\WINDOWS\$NtUninstallKB924496$\spuninst\spuninst.exe"

Säkerhetsuppdatering för Windows XP (KB924667) --> "C:\WINDOWS\$NtUninstallKB924667$\spuninst\spuninst.exe"

Säkerhetsuppdatering för Windows XP (KB925454) --> "C:\WINDOWS\$NtUninstallKB925454$\spuninst\spuninst.exe"

Säkerhetsuppdatering för Windows XP (KB925486) --> "C:\WINDOWS\$NtUninstallKB925486$\spuninst\spuninst.exe"

Säkerhetsuppdatering för Windows XP (KB926255) --> "C:\WINDOWS\$NtUninstallKB926255$\spuninst\spuninst.exe"

Säkerhetsuppdatering för Windows XP (KB926436) --> "C:\WINDOWS\$NtUninstallKB926436$\spuninst\spuninst.exe"

Säkerhetsuppdatering för Windows XP (KB927779) --> "C:\WINDOWS\$NtUninstallKB927779$\spuninst\spuninst.exe"

Säkerhetsuppdatering för Windows XP (KB927802) --> "C:\WINDOWS\$NtUninstallKB927802$\spuninst\spuninst.exe"

Säkerhetsuppdatering för Windows XP (KB928255) --> "C:\WINDOWS\$NtUninstallKB928255$\spuninst\spuninst.exe"

Säkerhetsuppdatering för Windows XP (KB928843) --> "C:\WINDOWS\$NtUninstallKB928843$\spuninst\spuninst.exe"

Spybot - Search & Destroy 1.4 --> "C:\Program\Spybot - Search & Destroy\unins000.exe"

The Sims Unleashed --> RunDll32 C:\Program\DELADE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program\InstallShield Installation Information\{7C32C567-DC0F-4C80-B06C-7873850A2E06}\setup.exe" -l001d

Tweak-SE plug-in for Ad-Aware SE --> C:\Download\Plugins\tweakse\UNWISE.EXE C:\Download\Plugins\tweakse\INSTALL.LOG

Uninstall Tool --> "C:\Program\Uninstall Tool\unins000.exe"

Uppdatering för Windows XP (KB894391) --> "C:\WINDOWS\$NtUninstallKB894391$\spuninst\spuninst.exe"

Uppdatering för Windows XP (KB896727) --> "C:\WINDOWS\$NtUninstallKB896727$\spuninst\spuninst.exe"

Uppdatering för Windows XP (KB898461) --> "C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"

Uppdatering för Windows XP (KB900485) --> "C:\WINDOWS\$NtUninstallKB900485$\spuninst\spuninst.exe"

Uppdatering för Windows XP (KB904942) --> "C:\WINDOWS\$NtUninstallKB904942$\spuninst\spuninst.exe"

Uppdatering för Windows XP (KB910437) --> "C:\WINDOWS\$NtUninstallKB910437$\spuninst\spuninst.exe"

Uppdatering för Windows XP (KB916595) --> "C:\WINDOWS\$NtUninstallKB916595$\spuninst\spuninst.exe"

Uppdatering för Windows XP (KB920872) --> "C:\WINDOWS\$NtUninstallKB920872$\spuninst\spuninst.exe"

Uppdatering för Windows XP (KB922582) --> "C:\WINDOWS\$NtUninstallKB922582$\spuninst\spuninst.exe"

Uppdatering för Windows XP (KB931836) --> "C:\WINDOWS\$NtUninstallKB931836$\spuninst\spuninst.exe"

Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"

WinRAR --> C:\Program\WinRAR\uninstall.exe

ZoneAlarm --> C:\Program\Zone Labs\ZoneAlarm\zauninst.exe

 

 

-- End of ComboScan: finished at 2007-02-27 at 21:53:41 ------------------------- [/log]

 

Tack för hjälpen och ha en bra dag!

 

[inlägget ändrat 2007-02-27 22:25:33 av Djezzy]

 

[inlägget ändrat 2007-03-03 18:21:33 av Anders N]

Länk till kommentar
Dela på andra webbplatser
Cecilia

Cecilia

Postad
Postad

Djezzy, kan du vara snäll och trycka på Redigera under ditt senaste inlägg. Leta upp var det står [/LOG ] (fast utan mellanrummet), klipp ut dessa 6 tecken och så klistra in dem allra sist i inlägget.

 

Det var en del otrevligheter i den loggen.

 

Gå till Kontrollpanelen - Lägg till eller ta bort program och se efter om New.Net eller NewDotNet finns där, ta bort i så fall.

Om New.Net eller NewDotNet inte fanns där så följ anvisningarna på den här sidan:

http://www.newdotnet.com/removal.html

 

Använd sedan detta rensningsprogram:

http://securityresponse.symantec.com/avcenter/FxNdotN.exe

 

Starta om datorn

 

Gå till http://www.virustotal.com/ klistra in ett av följande filnamn i rutan, tryck på Send och vänta tills resultatet är klart (Status blir Finished). Klistra in resultatet (inkl. filstorlek) här. Upprepa med nästa filnamn.

C:\WINDOWS\system32\dwdsregt.exe

C:\WINDOWS\system32\mwintoed.exe

C:\WINDOWS\system32\sys32.exe

c:\windows\system32\nsdsregn.exe

Varje gång du har klistrat in ett resultat så markerar (målar) du resultatet och så trycker du på LOG-knappen som finns på samma rad som :thumbsdown::thumbsup: i Besvara-fönstret.

 

Det ser ut att finnas ett användarkonto på datorn som heter Akhmed. Om det stämmer så vore det bra med en HijackThis-logg som är skapad när man är inloggad på det kontot.

 

Länk till kommentar
Dela på andra webbplatser
Djezzy

Djezzy

Postad
  • Trådskapare
Postad

Hej igen Cecilia och förlåt dröjsmålet.

 

- Jag hittade varken New.net eller NewDotNet i lägg till och bort.

- Finns inte i Progam Files

- I Windows kan jag hitta NDNuninstallx_xx.exe

- Jag gick in i newdonet.com och ladde ner NNuninstall.exe på en diskett, men när jag försökte öppna den fick jag en ruta med "A:/NNuninstall.exe är inte ett gilitigt W32-pragram" fast jag har följt anvisningarna på hemsidan och gjort flera försök bäde igår och idag.

 

Sen gick jag in i virustotal.com, fick samma svar "O bytes size received" på

C:\WINDOWS\system32\dwdsregt.exe

C:\WINDOWS\system32\mwintoed.exe

C:\WINDOWS\system32\sys32.exe

C:\windows\system32\nsdsregn.exe

Här också gjorde jag flera försök, både igår och idag.

 

Antingen är datorn koko eller är det nåt annat som är det...

 

Mvh

Djezzy

 

 

 

 

Länk till kommentar
Dela på andra webbplatser
Cecilia

Cecilia

Postad
Postad

Här ligger NewDotNet: C:\Program\NEWDOTNET

Använde du rensningsprogrammet från Symantec? Om inte gör det.

 

"O bytes size received" innebär att otrevligheterna förhindrar uppladdningen. Kan du se de filerna om du ställer in Utforskaren så här:

Verktyg - (Mapp)alternativ eller liknande - Visning

Välj Visa dolda filer och mappar

Avbocka Dölj filnamnstillägg för kända filtyper

Avbocka Dölj skyddade operativsystemfiler

 

I så fall går de att ta bort?

 

Hur var det med Akhmed-kontot?

 

Länk till kommentar
Dela på andra webbplatser
Djezzy

Djezzy

Postad
  • Trådskapare
Postad

Det finns ingen NewDotnet i Program, jag har kollat och låtit datorn söka.

 

Svaret från Semantec "Adware.NDotnet har not been found on your computer".

 

I registereditorn har jag både New.net Startup och Newdot ~1.

 

Behövde inte göra några ändringar i utforskaren, det var såsom du har skrivit att jag ska göra.

 

Kontot Akhmed fanns när vi köpte datorn (en begagnad sådan), men det togs bort för någon månad sen.

 

 

 

 

[inlägget ändrat 2007-03-02 21:14:37 av Djezzy]

Länk till kommentar
Dela på andra webbplatser
Cecilia

Cecilia

Postad
Postad

Lägg hit en ny logg med ComboScan så får vi se om det ser bra ut nu.

När du har klistrat in loggen så markera (måla) hela loggen och tryck sedan på LOG-knappen som finns på samma rad som :thumbsdown::thumbsup: i svarsfönstret.

 

Länk till kommentar
Dela på andra webbplatser
Djezzy

Djezzy

Postad
  • Trådskapare
Postad

[log]ComboScan v20070226.18 run by Djezzy on 2007-03-03 at 15:59:14

Computer is in Normal Mode.

--------------------------------------------------------------------------------

 

 

 

-- HijackThis (run as Djezzy.exe) -----------------------------------------------

 

Logfile of HijackThis v1.99.1

Scan saved at 15:59:16, on 2007-03-03

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16414)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Program\Ashampoo\Ashampoo Magical Defrag\bin\aDefragService.exe

C:\Program\Alwil Software\Avast4\aswUpdSv.exe

C:\Program\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\UAService7.exe

C:\WINDOWS\system32\MsPMSPSv.exe

C:\Program\ALWILS~1\Avast4\ashDisp.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Documents and Settings\Djezzy\Skrivbord\comboscan.exe

C:\Program\HIJACK~1\Djezzy.exe

 

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=proxy1.telia.com:8080

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = http://login1.telia.com

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program\SPYBOT~1\SDHelper.dll

O2 - BHO: QUICKfind BHO Object - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - C:\Program\IDM\QUICKfind\PlugIns\IEHelp.dll

O4 - HKLM\..\Run: [avast!] C:\Program\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program\Zone Labs\ZoneAlarm\zlclient.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O9 - Extra button: Referensinformation - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O11 - Options group: [iNTERNATIONAL] International*

O14 - IERESET.INF: START_PAGE_URL=http://start.tele2.se

O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} - http://downloads.ewido.net/ewidoOnlineScan.cab

O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} -

O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab

O16 - DPF: {49232000-16E4-426C-A231-62846947304B} - http://ipgweb.cce.hp.com/rdqaio/downloads/sysinfo.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1120729057060

O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1121525141883

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,4950/mcfscan.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{A6E53535-B4F1-4EF2-B09F-75D293807A85}: NameServer = 81.216.65.11,81.216.65.12

O20 - Winlogon Notify: WgaLogon - WgaLogon.dll (file missing)

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: AshampooDefragService - - C:\Program\Ashampoo\Ashampoo Magical Defrag\bin\aDefragService.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - Unknown owner - C:\Program\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Program\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe

O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

 

 

-- Files created between 2007-02-03 and 2007-03-03 ------------------------------

 

2007-03-03 15:35:06 0 d-------- C:\Program\HijackThis<HIJACK~1>

2007-03-02 19:31:40 0 d-------- C:\Program\Ashampoo

2007-02-26 21:19:34 28672 --a------ C:\WINDOWS\system32\drivers\CO_Mon.sys

2007-02-26 18:09:36 90112 --a------ C:\WINDOWS\system32\LQCUI2.dll

2007-02-25 19:18:20 113014 --a------ C:\WINDOWS\hpoins07.dat

2007-02-25 19:18:18 21124 -----n--- C:\WINDOWS\hpomdl07.dat

2007-02-25 18:50:16 0 dr--s---- C:\WINDOWS\assembly

2007-02-25 18:50:15 0 d-------- C:\WINDOWS\Microsoft.NET<MICROS~1.NET>

2007-02-25 18:50:09 0 d-------- C:\WINDOWS\system32\URTTemp

2007-02-25 17:14:23 2560 --a------ C:\WINDOWS\_MSRSTRT.EXE

2007-02-25 16:30:27 133120 --a------ C:\WINDOWS\system32\zip32.dll

2007-02-25 16:30:27 102400 --a------ C:\WINDOWS\system32\Unzip32.dll

2007-02-25 14:53:13 0 d-------- C:\Program\Loggen

2007-02-25 14:10:33 0 d-------- C:\WINDOWS\SxsCaPendDel<SXSCAP~1>

2007-02-23 17:51:18 0 d-------- C:\Program\CCleaner

2007-02-23 17:08:12 127720 --a------ C:\WINDOWS\system32\mucltui.dll

2007-02-23 16:31:44 1888992 --a------ C:\WINDOWS\system32\ati3duag.dll

2007-02-23 16:29:17 8704 --a------ C:\WINDOWS\system32\kbdjpn.dll

2007-02-23 16:28:51 0 d-------- C:\WINDOWS\DLLArchive<DLLARC~1>

2007-02-16 16:37:04 0 d-------- C:\Program\Lavasoft

2007-02-15 23:22:08 0 d-------- C:\WINDOWS\system32\ZoneLabs

2007-02-14 23:16:04 23352 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys

2007-02-14 23:16:03 43176 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys

2007-02-14 23:16:03 31560 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys

2007-02-14 23:16:00 94424 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys

2007-02-14 23:16:00 85952 --a------ C:\WINDOWS\system32\drivers\aswmon.sys

2007-02-14 23:15:39 90112 --a------ C:\WINDOWS\system32\AVASTSS.scr

2007-02-14 23:15:39 689280 --a------ C:\WINDOWS\system32\aswBoot.exe

2007-02-14 16:48:26 0 d-------- C:\Program\Uninstall Tool<UNINST~2>

2007-02-12 18:58:36 26752 --a------ C:\WINDOWS\system32\drivers\ShldDrv.sys

2007-02-12 18:58:36 163856 --a------ C:\WINDOWS\system32\drivers\PavProc.sys

2007-02-12 18:33:37 0 d-------- C:\Program\Delade filer\Panda Software<PANDAS~1>

2007-02-11 19:47:43 0 d-------- C:\Program\Alwil Software<ALWILS~1>

2007-02-11 14:53:52 0 d-------- C:\Documents and Settings\Djezzy\Application Data\F-Secure

2007-02-11 14:36:37 29472 --a------ C:\WINDOWS\system32\drivers\fsndis5.sys

2007-02-11 14:36:37 50080 --a------ C:\WINDOWS\system32\drivers\fsdfw.sys

2007-02-11 14:35:28 0 d-------- C:\Documents and Settings\All Users\Application Data\F-Secure

2007-02-11 14:24:12 0 d-------- C:\Documents and Settings\All Users\Application Data\fssg

 

 

-- Find3M Report ----------------------------------------------------------------

 

2007-02-25 19:02:15 321226 --a------ C:\WINDOWS\system32\perfh01D.dat

2007-02-25 19:02:15 50448 --a------ C:\WINDOWS\system32\perfc01D.dat

2007-02-25 11:51:36 0 d--h----- C:\Program\InstallShield Installation Information<INSTAL~1>

2007-02-17 17:36:10 0 d-------- C:\Documents and Settings\Djezzy\Application Data\AdobeUM

2007-02-17 16:45:18 0 d-------- C:\Program\Delade filer<DELADE~1>

2007-02-17 16:45:18 0 d-------- C:\Documents and Settings\Djezzy\Application Data\XCPCSync.OEM

2007-02-16 16:37:25 0 d-------- C:\Documents and Settings\Djezzy\Application Data\Lavasoft

2007-02-15 23:25:06 4212 ---h----- C:\WINDOWS\system32\zllictbl.dat

2007-02-14 02:32:09 0 d-------- C:\Program\Delade filer\Microsoft Shared<MICROS~1>

2007-02-11 14:08:01 0 d---s---- C:\Documents and Settings\Djezzy\Application Data\Microsoft<MICROS~1>

2007-01-29 09:58:06 60416 -----n--- C:\WINDOWS\system32\tzchange.exe

2007-01-26 17:54:15 0 d-------- C:\Program\NE

2007-01-21 17:10:25 0 d-------- C:\Documents and Settings\Djezzy\Application Data\iolo

2007-01-12 09:27:42 232960 --a------ C:\WINDOWS\system32\webcheck.dll

2007-01-12 09:27:42 51712 -----n--- C:\WINDOWS\system32\msfeedsbs.dll<MSFEED~1.DLL>

2007-01-12 09:27:42 458752 --a------ C:\WINDOWS\system32\msfeeds.dll

2007-01-12 09:27:42 6054400 --a------ C:\WINDOWS\system32\ieframe.dll

2007-01-08 19:04:54 105984 --a------ C:\WINDOWS\system32\url.dll

2007-01-08 19:04:08 102400 --a------ C:\WINDOWS\system32\occache.dll

2007-01-08 19:02:04 266752 --a------ C:\WINDOWS\system32\iertutil.dll

2007-01-08 19:02:04 44544 --a------ C:\WINDOWS\system32\iernonce.dll

2007-01-08 19:02:02 384000 --a------ C:\WINDOWS\system32\iedkcs32.dll

2007-01-08 19:02:02 230400 --a------ C:\WINDOWS\system32\ieaksie.dll

2007-01-08 19:02:02 153088 --a------ C:\WINDOWS\system32\ieakeng.dll

2007-01-08 19:01:14 17408 --a------ C:\WINDOWS\system32\corpol.dll

2007-01-08 19:00:48 124928 --a------ C:\WINDOWS\system32\advpack.dll

2007-01-08 18:08:14 56832 --a------ C:\WINDOWS\system32\ie4uinit.exe

2007-01-08 18:08:10 13824 --a------ C:\WINDOWS\system32\ieudinit.exe

2007-01-04 19:07:24 0 d-------- C:\Program\Windows Media Connect 2<WINDOW~4>

2006-12-31 17:56:34 1982 --a------ C:\WINDOWS\system32\tmp.reg

2006-12-19 22:51:09 134656 --a------ C:\WINDOWS\system32\shsvcs.dll

2006-12-19 19:18:38 333824 --a------ C:\WINDOWS\system32\wiaservc.dll

 

 

-- Registry Dump ----------------------------------------------------------------

 

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]

"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]

"avast!"="C:\\Program\\ALWILS~1\\Avast4\\ashDisp.exe"

"Zone Labs Client"="\"C:\\Program\\Zone Labs\\ZoneAlarm\\zlclient.exe\""

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]

"Installed"="1"

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]

"Installed"="1"

"NoChange"="1"

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]

"Installed"="1"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Djezzy^Start-meny^Program^Autostart^TA_Start.lnk]

"path"="C:\\Documents and Settings\\Djezzy\\Start-meny\\Program\\Autostart\\TA_Start.lnk"

"backup"="C:\\WINDOWS\\pss\\TA_Start.lnkStartup"

"location"="Startup"

"command"="C:\\WINDOWS\\system32\\dwdsregt.exe OLI001"

"item"="TA_Start"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Djezzy^Start-meny^Program^Autostart^Think-Adz.lnk]

"path"="C:\\Documents and Settings\\Djezzy\\Start-meny\\Program\\Autostart\\Think-Adz.lnk"

"backup"="C:\\WINDOWS\\pss\\Think-Adz.lnkStartup"

"location"="Startup"

"command"="C:\\WINDOWS\\system32\\mwintoed.exe OLI001"

"item"="Think-Adz"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start-meny^Program^Autostart^Adobe Reader Speed Launch.lnk]

"backup"="C:\\WINDOWS\\pss\\Adobe Reader Speed Launch.lnkCommon Startup"

"location"="Common Startup"

"command"="C:\\Program\\Adobe\\ACROBA~1.0\\Reader\\READER~1.EXE "

"item"="Adobe Reader Speed Launch"

"path"="C:\\Documents and Settings\\All Users\\Start-meny\\Program\\Autostart\\Adobe Reader Speed Launch.lnk"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start-meny^Program^Autostart^Ashampoo Magical Defrag.lnk]

"path"="C:\\Documents and Settings\\All Users\\Start-meny\\Program\\Autostart\\Ashampoo Magical Defrag.lnk"

"backup"="C:\\WINDOWS\\pss\\Ashampoo Magical Defrag.lnkCommon Startup"

"location"="Common Startup"

"command"="C:\\Program\\Ashampoo\\ASHAMP~1\\bin\\ADEFRA~1.EXE -startup"

"item"="Ashampoo Magical Defrag"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start-meny^Program^Autostart^HP Digital Imaging Monitor.lnk]

"backup"="C:\\WINDOWS\\pss\\HP Digital Imaging Monitor.lnkCommon Startup"

"location"="Common Startup"

"command"="C:\\Program\\HP\\DIGITA~1\\bin\\hpqtra08.exe "

"item"="HP Digital Imaging Monitor"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start-meny^Program^Autostart^Logitech Desktop Messenger.lnk]

"backup"="C:\\WINDOWS\\pss\\Logitech Desktop Messenger.lnkCommon Startup"

"location"="Common Startup"

"command"="C:\\PROGRA~1\\Logitech\\DESKTO~1\\8876480\\Program\\LDMConf.exe /start"

"item"="Logitech Desktop Messenger"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AltnetPointsManager]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="points manager"

"hkey"="HKLM"

"inimapping"="0"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\au]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="DealioAU"

"hkey"="HKLM"

"inimapping"="0"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AutoSys]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="autosys"

"hkey"="HKLM"

"inimapping"="0"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="NMBgMonitor"

"hkey"="HKCU"

"command"="\"C:\\Program\\Delade filer\\Ahead\\Lib\\NMBgMonitor.exe\""

"inimapping"="0"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="ctfmon"

"hkey"="HKCU"

"command"="C:\\WINDOWS\\system32\\ctfmon.exe"

"inimapping"="0"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ExploreUpdSched]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="mwintoed"

"hkey"="HKLM"

"command"="C:\\WINDOWS\\system32\\mwintoed.exe OLI001"

"inimapping"="0"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="HPWuSchd2"

"hkey"="HKLM"

"command"="C:\\Program\\HP\\HP Software Update\\HPWuSchd2.exe"

"inimapping"="0"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LDM]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="BackWeb-8876480"

"hkey"="HKCU"

"command"="C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\BackWeb-8876480.exe"

"inimapping"="0"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechSoftwareUpdate]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="ManifestEngine"

"hkey"="HKCU"

"command"="C:\\Program\\Logitech\\Video\\ManifestEngine.exe boot"

"inimapping"="0"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoRepair]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="ISStart"

"hkey"="HKLM"

"command"="C:\\Program\\Logitech\\Video\\ISStart.exe"

"inimapping"="0"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoTray]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="LogiTray"

"hkey"="HKLM"

"command"="C:\\Program\\Logitech\\Video\\LogiTray.exe"

"inimapping"="0"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMSX]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="LVCOMSX"

"hkey"="HKLM"

"command"="C:\\WINDOWS\\system32\\LVCOMSX.EXE"

"inimapping"="0"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft DLL Control]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="sys32"

"hkey"="HKLM"

"command"="sys32.exe"

"inimapping"="0"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="NeroCheck"

"hkey"="HKLM"

"inimapping"="0"

"command"="C:\\WINDOWS\\system32\\NeroCheck.exe"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\P2P Networking]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="P2P Networking"

"hkey"="HKLM"

"inimapping"="0"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="qttask"

"hkey"="HKLM"

"command"="\"C:\\Program\\QuickTime\\qttask.exe\" -atboottime"

"inimapping"="0"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ReJf5vH]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="kkbyh"

"hkey"="HKLM"

"inimapping"="0"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="Skype"

"hkey"="HKCU"

"command"="\"C:\\Program\\Skype\\Phone\\Skype.exe\" /nosplash /minimized"

"inimapping"="0"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSystemAnalyzer]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="SMSystemAnalyzer"

"hkey"="HKLM"

"command"="\"C:\\Program\\iolo\\System Mechanic 7\\SMSystemAnalyzer.exe\""

"inimapping"="0"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SurfAccuracy]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="SAcc"

"hkey"="HKLM"

"inimapping"="0"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tbon]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="tbon"

"hkey"="HKCU"

"inimapping"="0"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\{9C-C9-95-54-ZN}]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="nsdsregn"

"hkey"="HKLM"

"command"="c:\\windows\\system32\\nsdsregn.exe OLI001"

"inimapping"="0"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"winmgmt"=dword:00000002

"BackWeb Plug-in - 7681197"=dword:00000002

"cmdService"=dword:00000002

"FSMA"=dword:00000002

"FSDFWD"=dword:00000003

"FSAUA"=dword:00000003

"PavPrSrv"=dword:00000002

 

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]

"WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"

 

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]

"DWQueuedReporting"="\"C:\\Program\\DELADE~1\\MICROS~1\\DW\\dwtrig20.exe\" -t"

 

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]

"DWQueuedReporting"="\"C:\\Program\\DELADE~1\\MICROS~1\\DW\\dwtrig20.exe\" -t"

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]

"DisableRegistryTools"=dword:00000000

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"NoClose"=dword:00000000

"nousernameinstartmenu"=dword:00000000

"nosimplestartmenu"=dword:00000000

"nostartmenumfuprogramslist"=dword:00000000

"nostartmenumoreprograms"=dword:00000000

"nochangestartmenu"=dword:00000000

"norecentdochistory"=dword:00000000

"maxrecentdocs"=dword:00000000

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]

"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

 

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\MicrosoftSecure

 

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]

LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0

NetworkService REG_MULTI_SZ DnsCache\0\0

rpcss REG_MULTI_SZ RpcSs\0\0

imgsvc REG_MULTI_SZ StiSvc\0\0

termsvcs REG_MULTI_SZ TermService\0\0

HTTPFilter REG_MULTI_SZ HTTPFilter\0\0

DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0

WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0

 

 

 

-- End of ComboScan: finished at 2007-03-03 at 16:00:37 -------------------------

[/log]

 

 

[inlägget ändrat 2007-03-03 18:22:02 av Anders N]

Länk till kommentar
Dela på andra webbplatser
0x2A

0x2A

Postad
Postad

Hmmmm, för att slippa störa ut hela eforum så kan man använda LOG-taggar i rutan där man skriver inläggen.

Använd helst det då du skickar ut en log ifrån tex HiJackThis.

 

/TN

 

Länk till kommentar
Dela på andra webbplatser
Cecilia

Cecilia

Postad
Postad

Vad hände med LOG-knappen?

 

Ladda ner Avenger på Skrivbordet och packa upp filen där:

http://swandog46.geekstogo.com/avenger.zip

Kopiera in följande i Anteckningar, inklusive rubriken Files to delete:

 

Files to delete:

C:\Documents and Settings\Djezzy\Start-meny\Program\Autostart\TA_Start.lnk

C:\Documents and Settings\Djezzy\Start-meny\Program\Autostart\Think-Adz.lnk

C:\WINDOWS\system32\dwdsregt.exe

C:\WINDOWS\system32\mwintoed.exe

C:\WINDOWS\system32\sys32.exe

c:\windows\system32\nsdsregn.exe

 

Starta Avenger

Bocka i "Input Script Manually"

Klicka på förstoringsglaset och i "View/edit script" så klistrar du in texten som finns i Anteckningar.

Klicka på Done

Klicka på det gröna ljuset och svara Ja på frågorna.

Datorn startar nu om.

Ett DOS-fönster ska komma fram och sedan ska loggen komma upp.

Klistra in den här och använd LOG-knappen, tack!

 

Länk till kommentar
Dela på andra webbplatser
Djezzy

Djezzy

Postad
  • Trådskapare
Postad

Tryckte 2 ggr på LOG-knappen vilket var helt galet. Jag ber om ursäkt!

 

[log]Logfile of The Avenger version 1, by Swandog46

Running from registry key:

\Registry\Machine\System\CurrentControlSet\Services\hvotllmj

 

*******************

 

Script file located at: \??\C:\WINDOWS\system32\ykmdlhhm.txt

Script file opened successfully.

 

Script file read successfully

 

Backups directory opened successfully at C:\Avenger

 

*******************

 

Beginning to process script file:

 

 

 

Could not open file C:\Documents and Settings\Djezzy\Start-meny\Program\Autostart\TA_Start.lnk for deletion

Deletion of file C:\Documents and Settings\Djezzy\Start-meny\Program\Autostart\TA_Start.lnk failed!

 

Could not process line:

C:\Documents and Settings\Djezzy\Start-meny\Program\Autostart\TA_Start.lnk

Status: 0xc000003a

 

 

 

Could not open file C:\Documents and Settings\Djezzy\Start-meny\Program\Autostart\Think-Adz.lnk for deletion

Deletion of file C:\Documents and Settings\Djezzy\Start-meny\Program\Autostart\Think-Adz.lnk failed!

 

Could not process line:

C:\Documents and Settings\Djezzy\Start-meny\Program\Autostart\Think-Adz.lnk

Status: 0xc000003a

 

 

 

File C:\WINDOWS\system32\dwdsregt.exe not found!

Deletion of file C:\WINDOWS\system32\dwdsregt.exe failed!

 

Could not process line:

C:\WINDOWS\system32\dwdsregt.exe

Status: 0xc0000034

 

 

 

File C:\WINDOWS\system32\mwintoed.exe not found!

Deletion of file C:\WINDOWS\system32\mwintoed.exe failed!

 

Could not process line:

C:\WINDOWS\system32\mwintoed.exe

Status: 0xc0000034

 

 

 

File C:\WINDOWS\system32\sys32.exe not found!

Deletion of file C:\WINDOWS\system32\sys32.exe failed!

 

Could not process line:

C:\WINDOWS\system32\sys32.exe

Status: 0xc0000034

 

 

 

File c:\windows\system32\nsdsregn.exe not found!

Deletion of file c:\windows\system32\nsdsregn.exe failed!

 

Could not process line:

c:\windows\system32\nsdsregn.exe

Status: 0xc0000034

 

 

Completed script processing.

 

*******************

 

Finished! Terminate.[/log]

 

Länk till kommentar
Dela på andra webbplatser
Cecilia

Cecilia

Postad
Postad

Det är okej, det är inte lätt att veta hur allt fungerar.

 

Se efter om du har något som heter TA_Start och/eller Think-Adz i Start - Program - Autostart, ta bort i så fall.

 

Eftersom du vet hur registereditorn regedit fungerar så se om du hittar AltnetPointsManager och ta bort det i så fall, likadant med C:\WINDOWS\system32\dwdsregt.exe, C:\WINDOWS\system32\mwintoed.exe, C:\WINDOWS\system32\sys32.exe, c:\windows\system32\nsdsregn.exe. Fråga om det är något oklart. Skapa en säkerhetskopia av registret först (Arkiv - Export).

 

Starta om datorn.

Hur uppför sig svchost nu vid uppstarten?

 

Länk till kommentar
Dela på andra webbplatser
Djezzy

Djezzy

Postad
  • Trådskapare
Postad

I registereditorn har jag nyckeln Microsoft DLL Controll och trycker man på den så kommer fram dessa uppgifter på höger sidan av registereditorn:

(Standard) REG_SZ (värde har ej angetts)

command REG_SZ sys32.exe

hkey REG_SZ HKLM

inimapping REG_SZ O

item REG_SZ sys32

key REG_SZ SOFTWARE\Microsoft\Windows\Currentversion\run

Min fråga är: vågar jag ta bort raden med sys32.exe och raden med sys32 utan att datorn kraschar?

Allt annat har jag tagit bort och datorn börjat uppföra mycket bättre.

Tack för ditt svar.

 

 

Länk till kommentar
Dela på andra webbplatser
Cecilia

Cecilia

Postad
Postad

sys32.exe är en fil som är en del av diverse otrevligheter, kan t ex vara denna http://www.castlecops.com/s6001-sys32.html eller http://www.sophos.com/virusinfo/analyses/w32mytobk.html

Enligt Avenger så finns inte filen kvar i datorn längre, utan det är bara i registret som det finns kvar en referens till filen.

 

Men det är klart att några garantier kan jag inte ge.

 

Länk till kommentar
Dela på andra webbplatser

Arkiverat

Det här ämnet är nu arkiverat och är stängt för ytterligare svar.

Gå till ämneslista


×
×
  • Skapa nytt...