.dll virus

[kalleankaz]

tjeena

 

 

jag har virus programet avira antivir på min dator och den har hittat ett virus på min dator, viruset heter "nnnolkk.dll" viruset kan inte raderas :/

någon som har något tips på hur jag kan gö?

 

 

HijackThis

 

 

[log]

 

 

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 10:38, on 2008-03-26

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16608)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program\Ahead\InCD\InCDsrv.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program\Avira\AntiVir PersonalEdition Classic\avguard.exe

C:\Program\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe

C:\Program\Avira\AntiVir PersonalEdition Classic\sched.exe

C:\Program\Grisoft\AVG Anti-Spyware 7.5\guard.exe

C:\Program\IVT Corporation\BlueSoleil\BlueSoleilCS.exe

C:\Program\Delade filer\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\nvsvc32.exe

C:\Program\CyberLink\Shared files\RichVideo.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\dllhost.exe

C:\WINDOWS\System32\vssvc.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\dllhost.exe

C:\Program\IVT Corporation\BlueSoleil\BsHelpCS.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Program\Delade filer\InstallShield\UpdateService\issch.exe

C:\Program\Mozilla Firefox\firefox.exe

C:\Program\Java\jre1.6.0_05\bin\jusched.exe

C:\Program\IVT Corporation\BlueSoleil\BtTray.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program\Avira\AntiVir PersonalEdition Classic\avgnt.exe

C:\Program\Windows Live\Messenger\msnmsgr.exe

C:\Program\Messenger\msmsgs.exe

C:\Program\Ideazon\Reaper\Reaper_Settings.exe

C:\Program\NVTray\NVTray.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program\Cacheman\Cacheman.exe

C:\Program\Glary Utilities\memdefrag.exe

C:\Program\Windows Live\Messenger\msnmsgr.exe

C:\Program\Mozilla Thunderbird\thunderbird.exe

C:\Program\Windows Live\Messenger\usnsvc.exe

C:\Program\Avira\AntiVir PersonalEdition Classic\GUARDGUI.EXE

C:\Program\Trend Micro\HijackThis\HijackThis.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896'>http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.windowsxlive.net

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://login.live.com/ppsecure/sha1auth.srf?lc=1053

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar

R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program\ICQToolbar\toolbaru.dll

F3 - REG:win.ini: run="C:\WINDOWS\system32\winupdate.exe"

O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\Program\ICQToolbar\toolbaru.dll

O2 - BHO: (no name) - {206E52E0-D52E-11D4-AD54-0000E86C26F6} - C:\Program\FreshDevices\FreshDownload\FDCatch.dll

O2 - BHO: (no name) - {3FECA576-7AD2-4E11-A6AD-6B59D4FB5DB9} - C:\WINDOWS\system32\nnnolkk.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program\SPYBOT~1\SDHelper.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program\MICROS~2\2007\Office12\GRA8E1~1.DLL

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program\Java\jre1.6.0_05\bin\ssv.dll

O2 - BHO: Windows Live inloggningshjälpen - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program\Delade filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program\Windows Live Toolbar\msntb.dll

O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\Program\FlashFXP\IEFlash.dll

O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Program\Styler\TB\StylerTB.dll

O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program\Windows Live Toolbar\msntb.dll

O3 - Toolbar: FreshDownload Bar - {ED0E8CA5-42FB-4B18-997B-769E0408E79D} - C:\Program\FreshDevices\FreshDownload\fdiebar.dll

O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program\ICQToolbar\toolbaru.dll

O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC

O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [iSUSPM Startup] C:\Program\DELADE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program\Delade filer\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program\Java\jre1.6.0_05\bin\jusched.exe"

O4 - HKLM\..\Run: [btTray] "C:\Program\IVT Corporation\BlueSoleil\BtTray.exe"

O4 - HKLM\..\Run: [avgnt] "C:\Program\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min

O4 - HKLM\..\Run: [iMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE

O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC

O4 - HKCU\..\Run: [msnmsgr] "C:\Program\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [MSMSGS] "C:\Program\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [Reaper Gaming Mouse] C:\Program\Ideazon\Reaper\Reaper_Settings.exe

O4 - HKCU\..\Run: [NVTray] C:\Program\NVTray\NVTray.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [Cacheman] C:\Program\Cacheman\Cacheman.exe

O4 - HKCU\..\Run: [Glary Memory Optimizer] "C:\Program\Glary Utilities\memdefrag.exe" /autostart

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJÄNST')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')

O4 - Startup: AutorunsDisabled

O4 - Global Startup: Windows Live Messenger .lnk = C:\Program\Windows Live\Messenger\msnmsgr.exe

O8 - Extra context menu item: &Windows Live Search - res://C:\Program\Windows Live Toolbar\msntb.dll/search.htm

O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~2\2007\Office12\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: Blogga detta - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Blogga detta i Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Skicka till OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program\MICROS~2\2007\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: Ski&cka till OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program\MICROS~2\2007\Office12\ONBttnIE.dll

O9 - Extra button: FreshDownload - {35ACB4B3-ED95-48DB-A5D4-FB396EF7E489} - C:\Program\FreshDevices\FreshDownload\fd.exe

O9 - Extra button: Referensinformation - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\program\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program\ICQLite\ICQLite.exe

O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program\ICQLite\ICQLite.exe

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program\SPYBOT~1\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://fille-ft.spaces.live.com//PhotoUpload/MsnPUpld.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1166734017125

O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://fille117.spaces.live.com/PhotoUpload/MsnPUpld.cab

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab

O16 - DPF: {97E71027-0BA2-44F2-97DB-F84D808ED0B6} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab55762.cab

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program\MICROS~2\2007\Office12\GR99D3~1.DLL

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program\DELADE~1\Skype\SKYPE4~1.DLL

O20 - Winlogon Notify: nnnolkk - C:\WINDOWS\SYSTEM32\nnnolkk.dll

O20 - Winlogon Notify: winrkq32 - winrkq32.dll (file missing)

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program\Delade filer\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - C:\Program\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe

O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program\Avira\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program\Avira\AntiVir PersonalEdition Classic\avguard.exe

O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program\Grisoft\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: BlueSoleilCS - Unknown owner - C:\Program\IVT Corporation\BlueSoleil\BlueSoleilCS.exe

O23 - Service: BsHelpCS - Unknown owner - C:\Program\IVT Corporation\BlueSoleil\BsHelpCS.exe

O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program\MAGIX\Common\Database\bin\fbserver.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program\Delade filer\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program\Ahead\InCD\InCDsrv.exe

O23 - Service: InCD Helper (read only) (InCDsrvR) - Nero AG - C:\Program\Ahead\InCD\InCDsrv.exe

O23 - Service: WinFast® Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program\CyberLink\Shared files\RichVideo.exe

O23 - Service: UPnPService - Magix AG - C:\Program\Delade filer\MAGIX Shared\UPnPService\UPnPService.exe

 

--

End of file - 12305 bytes

 

 

 

 

 

 

[/log]

 

 

 

 

 

// är det något du vill fråga eller veta så finns jag på

MSN: felix.toftler95@hotmail.com

mail: fille777@gmail.com

ICQ: 418-484-09

och på det här underbara forum!

 

[kalleankaz]

tjeena

 

 

 

den hittar också ddayw.dll men kan inte radera

 

 

 

// är det något du vill fråga eller veta så finns jag på

MSN: felix.toftler95@hotmail.com

mail: fille777@gmail.com

ICQ: 418-484-09

och på det här underbara forum!

 

[inlägget ändrat 2008-03-26 11:02:34 av kalla mig Fille]

[Cecilia]

Ladda ner Malwarebytes Anti-Malware:

http://www.besttechie.net/tools/mbam-setup.exe

Dubbelklicka på mbam-setup.exe för att installera programmet.

Bocka för:

Update Malwarebytes' Anti-Malware

Launch Malwarebytes' Anti-Malware

Tryck på Finish

Om det finns någon uppdatering så kommer den att laddas ner och installeras.

 

När programmet startar så välj Perform Quick Scan och tryck på Scan.

Skanningen tar ett tag.

När den är klar så tryck på OK och sedan Show Results.

Bocka för allt och tryck sedan Remove Selected.

När borttagningen är klar så öppnar Anteckningar med en logg.

 

Eventuellt så kommer det upp en begäran om att starta om datorn (Restart). I så fall gör det.

Om programmet inte kommer igång efter omstarten så starta det.

 

Om loggen inte är öppen i Anteckningar så hittar du loggen på Logs-fliken i MBAM.

Kopiera loggen och klistra in den i ditt svar tillsammans med en ny HijackThis-logg, samt skriv hur datorn mår nu.

 

[kalleankaz]

tjeena

 

 

här kommer

 

Malwarebytes' Anti-Malware loggen

 

[log]

 

 

 

 

Malwarebytes' Anti-Malware 1.09

Databasversion: 547

 

Skanningstyp: Fullständig skanning (C:\|E:\|)

Antal skannade objekt: 151213

Förfluten tid: 1 hour(s), 11 minute(s), 55 second(s)

 

Infekterade minnesprocesser: 0

Infekterade minnesmoduler: 0

Infekterade registernycklar: 1

Infekterade registervärden: 1

Infekterade registerdataposter: 0

Infekterade mappar: 0

Infekterade filer: 0

 

Infekterade minnesprocesser:

(Inga illasinnade poster hittades)

 

Infekterade minnesmoduler:

(Inga illasinnade poster hittades)

 

Infekterade registernycklar:

HKEY_CLASSES_ROOT\CLSID\{3feca576-7ad2-4e11-a6ad-6b59d4fb5db9} (Trojan.Vundo) -> No action taken.

 

Infekterade registervärden:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{3feca576-7ad2-4e11-a6ad-6b59d4fb5db9} (Trojan.Vundo) -> No action taken.

 

Infekterade registerdataposter:

(Inga illasinnade poster hittades)

 

Infekterade mappar:

(Inga illasinnade poster hittades)

 

Infekterade filer:

(Inga illasinnade poster hittades)

 

 

 

 

 

 

[/log]

 

 

 

 

HijackThis logg

 

 

 

 

 

 

 

[log]

 

 

 

 

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 20:10, on 2008-03-26

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16608)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program\Ahead\InCD\InCDsrv.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program\Avira\AntiVir PersonalEdition Classic\avguard.exe

C:\WINDOWS\Explorer.EXE

C:\Program\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe

C:\Program\Avira\AntiVir PersonalEdition Classic\sched.exe

C:\Program\Grisoft\AVG Anti-Spyware 7.5\guard.exe

C:\Program\IVT Corporation\BlueSoleil\BlueSoleilCS.exe

C:\Program\Delade filer\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\nvsvc32.exe

C:\Program\CyberLink\Shared files\RichVideo.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\dllhost.exe

C:\WINDOWS\System32\vssvc.exe

C:\Program\IVT Corporation\BlueSoleil\BsHelpCS.exe

C:\WINDOWS\system32\dllhost.exe

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\system32\msdtc.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Program\Delade filer\InstallShield\UpdateService\issch.exe

C:\Program\Java\jre1.6.0_05\bin\jusched.exe

C:\Program\IVT Corporation\BlueSoleil\BtTray.exe

C:\Program\Avira\AntiVir PersonalEdition Classic\avgnt.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program\Windows Live\Messenger\msnmsgr.exe

C:\Program\Messenger\msmsgs.exe

C:\Program\Ideazon\Reaper\Reaper_Settings.exe

C:\Program\NVTray\NVTray.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program\Cacheman\Cacheman.exe

C:\Program\Glary Utilities\memdefrag.exe

C:\Program\Windows Live\Messenger\msnmsgr.exe

C:\Program\Windows Live\Messenger\usnsvc.exe

C:\Program\Mozilla Firefox\firefox.exe

C:\Program\Mozilla Thunderbird\thunderbird.exe

C:\Program\Glary Utilities\Integrator.exe

C:\Program\Malwarebytes' Anti-Malware\mbam.exe

C:\Program\foobar2000\foobar2000.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\Program\Delade filer\Teleca Shared\CapabilityManager.exe

C:\Program\Trend Micro\HijackThis\HijackThis.exe

C:\Program\Delade filer\Teleca Shared\Generic.exe

C:\Program\Sony Ericsson\Mobile\Mobile Phone Monitor\epmworker.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896'>http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.windowsxlive.net

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://login.live.com/ppsecure/sha1auth.srf?lc=1053

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar

R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program\ICQToolbar\toolbaru.dll

F3 - REG:win.ini: run="C:\WINDOWS\system32\winupdate.exe"

O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\Program\ICQToolbar\toolbaru.dll

O2 - BHO: (no name) - {206E52E0-D52E-11D4-AD54-0000E86C26F6} - C:\Program\FreshDevices\FreshDownload\FDCatch.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program\SPYBOT~1\SDHelper.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program\MICROS~2\2007\Office12\GRA8E1~1.DLL

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program\Java\jre1.6.0_05\bin\ssv.dll

O2 - BHO: Windows Live inloggningshjälpen - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program\Delade filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program\Windows Live Toolbar\msntb.dll

O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\Program\FlashFXP\IEFlash.dll

O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Program\Styler\TB\StylerTB.dll

O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program\Windows Live Toolbar\msntb.dll

O3 - Toolbar: FreshDownload Bar - {ED0E8CA5-42FB-4B18-997B-769E0408E79D} - C:\Program\FreshDevices\FreshDownload\fdiebar.dll

O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program\ICQToolbar\toolbaru.dll

O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC

O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [iSUSPM Startup] C:\Program\DELADE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program\Delade filer\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program\Java\jre1.6.0_05\bin\jusched.exe"

O4 - HKLM\..\Run: [btTray] "C:\Program\IVT Corporation\BlueSoleil\BtTray.exe"

O4 - HKLM\..\Run: [avgnt] "C:\Program\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min

O4 - HKLM\..\Run: [iMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE

O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC

O4 - HKCU\..\Run: [msnmsgr] "C:\Program\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [MSMSGS] "C:\Program\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [Reaper Gaming Mouse] C:\Program\Ideazon\Reaper\Reaper_Settings.exe

O4 - HKCU\..\Run: [NVTray] C:\Program\NVTray\NVTray.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [Cacheman] C:\Program\Cacheman\Cacheman.exe

O4 - HKCU\..\Run: [Glary Memory Optimizer] "C:\Program\Glary Utilities\memdefrag.exe" /autostart

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJÄNST')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')

O4 - Startup: AutorunsDisabled

O4 - Global Startup: Windows Live Messenger .lnk = C:\Program\Windows Live\Messenger\msnmsgr.exe

O8 - Extra context menu item: &Windows Live Search - res://C:\Program\Windows Live Toolbar\msntb.dll/search.htm

O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~2\2007\Office12\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: Blogga detta - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Blogga detta i Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Skicka till OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program\MICROS~2\2007\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: Ski&cka till OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program\MICROS~2\2007\Office12\ONBttnIE.dll

O9 - Extra button: FreshDownload - {35ACB4B3-ED95-48DB-A5D4-FB396EF7E489} - C:\Program\FreshDevices\FreshDownload\fd.exe

O9 - Extra button: Referensinformation - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\program\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program\SPYBOT~1\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://fille-ft.spaces.live.com//PhotoUpload/MsnPUpld.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1166734017125

O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://fille117.spaces.live.com/PhotoUpload/MsnPUpld.cab

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab

O16 - DPF: {97E71027-0BA2-44F2-97DB-F84D808ED0B6} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab55762.cab

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program\MICROS~2\2007\Office12\GR99D3~1.DLL

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program\DELADE~1\Skype\SKYPE4~1.DLL

O20 - Winlogon Notify: nnnolkk - nnnolkk.dll (file missing)

O20 - Winlogon Notify: winrkq32 - winrkq32.dll (file missing)

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program\Delade filer\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - C:\Program\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe

O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program\Avira\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program\Avira\AntiVir PersonalEdition Classic\avguard.exe

O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program\Grisoft\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: BlueSoleilCS - Unknown owner - C:\Program\IVT Corporation\BlueSoleil\BlueSoleilCS.exe

O23 - Service: BsHelpCS - Unknown owner - C:\Program\IVT Corporation\BlueSoleil\BsHelpCS.exe

O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program\MAGIX\Common\Database\bin\fbserver.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program\Delade filer\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program\Ahead\InCD\InCDsrv.exe

O23 - Service: InCD Helper (read only) (InCDsrvR) - Nero AG - C:\Program\Ahead\InCD\InCDsrv.exe

O23 - Service: Microsoft Office Groove Audit Service - Unknown owner - C:\Program\Microsoft Office\2007\Office12\GrooveAuditService.exe (file missing)

O23 - Service: WinFast® Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program\CyberLink\Shared files\RichVideo.exe

O23 - Service: UPnPService - Magix AG - C:\Program\Delade filer\MAGIX Shared\UPnPService\UPnPService.exe

 

--

End of file - 12609 bytes

 

 

 

 

 

 

[/log]

 

 

 

jag hoppas att det är borta nu

 

 

 

 

// är det något du vill fråga eller veta så finns jag på

MSN: felix.toftler95@hotmail.com

mail: fille777@gmail.com

ICQ: 418-484-09

och på det här underbara forum!

 

[Cecilia]

Ladda ner dagens version av ComboFix till Skrivbordet:

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

 

Dra ur internetanslutningen och stäng av alla program du ser inklusive antivirusprogram, antispionprogram och brandvägg (alternativt starta om datorn i felsäkert läge).

Kör ComboFix och följ anvisningarna som visas.

 

VIKTIGT! Klicka inte på ComboFix-fönstret med musen när den körs annars kan den hänga upp sig.

 

När den är färdig så ska en logg komma upp, bifoga den till ditt svar. Kontrollera att antivirusprogram och brandvägg är igång innan du ansluter till internet.

 

Om du får problem med att komma ut på internet:

Kontrollpanelen - Nätverksanslutningar

högerklicka på din internetanslutning och välj Reparera och/eller starta om datorn.

 

 

[kalleankaz]

tjeena

 

 

 

hur många gånder måste jag göra det egentligen?

 

 

// är det något du vill fråga eller veta så finns jag på

MSN: felix.toftler95@hotmail.com

mail: fille777@gmail.com

ICQ: 418-484-09

och på det här underbara forum!

 

[Cecilia]

Tills du slutar att få in nya skadliga program i datorn.

 

[kalleankaz]

tjeena

 

 

Tills du slutar att få in nya skadliga program i datorn.

 

men jag ärju nyfiken på hur det fungerar, fast då är det inte så snällt av mig att komma ropandes efter hjälp.

jag skall köra ComboFix senare ikväll

 

// är det något du vill fråga eller veta så finns jag på

MSN: felix.toftler95@hotmail.com

mail: fille777@gmail.com

ICQ: 418-484-09

och på det här underbara forum!

 

[Cecilia]

men jag ärju nyfiken på hur det fungerar

Du kan ju titta på vad virtualisering är för något, alltså att köra en virtuell miljö.

 

[kalleankaz]

tjeena

 

 

 

här kommer ComboFix loggen

 

 

 

 

[log]

 

 

 

 

ComboFix 08-03-26.3 - 123 2008-03-27 23:44:37.3 - NTFSx86 MINIMAL

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1053.18.780 [GMT 1:00]

Running from: C:\Documents and Settings\123\Skrivbord\ComboFix.exe

 

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

-- Script messages for sUBs --

 

VFind "C:\Program\spel\????.dll"

 

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\WINDOWS\system32\winupdate.exe

C:\WINDOWS\system32\wyadd.ini

C:\WINDOWS\system32\wyadd.ini2

.

---- Previous Run -------

.

C:\WINDOWS\system32\andt.sys

C:\WINDOWS\system32\driver

C:\WINDOWS\system32\driver\btcusb.inf

C:\WINDOWS\system32\drmgs.sys

C:\WINDOWS\system32\Indt2.sys

C:\WINDOWS\system32\kmd.exe

 

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

-------\npf

-------\Legacy_PERFMONS

-------\Legacy_ROUTING

 

 

((((((((((((((((((((((((( Files Created from 2008-02-27 to 2008-03-27 )))))))))))))))))))))))))))))))

.

 

2008-03-26 16:55 . 2008-03-26 16:55 <KAT> d-------- C:\Documents and Settings\123\Application Data\Malwarebytes

2008-03-26 16:54 . 2008-03-26 20:06 <KAT> d-------- C:\Program\Malwarebytes' Anti-Malware

2008-03-26 16:54 . 2008-03-26 16:54 <KAT> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes

2008-03-25 23:07 . 2008-03-25 23:07 <KAT> d-------- C:\Documents and Settings\NetworkService\Application Data\Xfire

2008-03-25 14:41 . 2007-05-30 13:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys

2008-03-22 11:43 . 2008-03-22 11:43 <KAT> d-------- C:\Program\Project64 1.6

2008-03-21 23:14 . 2008-03-21 23:14 41,296 --a------ C:\WINDOWS\system32\xfcodec.dll

2008-03-21 00:24 . 2008-03-21 00:24 <KAT> d-------- C:\Documents and Settings\123\Application Data\ICQ Toolbar

2008-03-20 21:27 . 2008-03-25 07:11 <KAT> d-------- C:\Program\ICQToolbar

2008-03-20 21:26 . 2008-03-26 15:54 <KAT> d-------- C:\Program\ICQLite

2008-03-20 19:23 . 2008-03-20 19:23 40,256 --a------ C:\WINDOWS\system32\drivers\Xprotector.sys

2008-03-20 15:16 . 2008-03-22 00:45 <KAT> d-------- C:\Program\Usb-Smart

2008-03-20 14:51 . 2008-03-20 14:51 <KAT> d-------- C:\Program\FreshDevices

2008-03-20 14:51 . 2008-03-20 14:51 675,328 --a------ C:\WINDOWS\isRS-000.tmp

2008-03-18 15:37 . 2008-03-18 15:37 <KAT> dr-h----- C:\Documents and Settings\123\Application Data\SecuROM

2008-03-18 15:33 . 2007-07-19 18:14 3,727,720 --a------ C:\WINDOWS\system32\d3dx9_35.dll

2008-03-18 15:33 . 2007-05-16 16:45 3,497,832 --a------ C:\WINDOWS\system32\d3dx9_34.dll

2008-03-18 15:33 . 2007-07-19 18:14 1,358,192 --a------ C:\WINDOWS\system32\D3DCompiler_35.dll

2008-03-18 15:33 . 2007-05-16 16:45 1,124,720 --a------ C:\WINDOWS\system32\D3DCompiler_34.dll

2008-03-18 15:33 . 2007-07-19 18:14 444,776 --a------ C:\WINDOWS\system32\d3dx10_35.dll

2008-03-18 15:33 . 2007-05-16 16:45 443,752 --a------ C:\WINDOWS\system32\d3dx10_34.dll

2008-03-18 15:33 . 2007-04-04 18:53 81,768 --a------ C:\WINDOWS\system32\xinput1_3.dll

2008-03-18 15:33 . 2008-03-18 15:33 66,872 --a------ C:\WINDOWS\system32\PnkBstrA.exe

2008-03-18 15:33 . 2008-03-18 15:33 22,328 --a------ C:\Documents and Settings\123\Application Data\PnkBstrK.sys

2008-03-17 20:30 . 2008-03-17 20:30 268 --ah----- C:\sqmdata07.sqm

2008-03-17 20:30 . 2008-03-17 20:30 244 --ah----- C:\sqmnoopt07.sqm

2008-03-17 20:30 . 2008-03-17 20:30 172 --ah----- C:\sqmnoopt08.sqm

2008-03-17 20:30 . 2008-03-17 20:30 172 --ah----- C:\sqmdata08.sqm

2008-03-17 04:16 . 2008-03-17 04:16 268 --ah----- C:\sqmdata05.sqm

2008-03-17 04:16 . 2008-03-17 04:16 244 --ah----- C:\sqmnoopt05.sqm

2008-03-17 04:16 . 2008-03-17 04:16 172 --ah----- C:\sqmnoopt06.sqm

2008-03-17 04:16 . 2008-03-17 04:16 172 --ah----- C:\sqmdata06.sqm

2008-03-15 16:35 . 2008-03-15 22:50 <KAT> d-------- C:\WINDOWS\system32\NtmsData

2008-03-10 14:17 . 2008-03-22 10:49 77,040 --a------ C:\WINDOWS\system32\GDIPFONTCACHEV1.DAT

2008-03-09 18:44 . 2008-03-09 18:44 268 --ah----- C:\sqmdata03.sqm

2008-03-09 18:44 . 2008-03-09 18:44 244 --ah----- C:\sqmnoopt03.sqm

2008-03-09 18:44 . 2008-03-09 18:44 172 --ah----- C:\sqmnoopt04.sqm

2008-03-09 18:44 . 2008-03-09 18:44 172 --ah----- C:\sqmdata04.sqm

2008-03-06 16:39 . 2008-03-06 16:39 120 --a------ C:\WINDOWS\Winchat.ini

2008-03-05 11:43 . 2008-03-05 11:43 <KAT> d-------- C:\Program\Glary Utilities

2008-03-04 14:30 . 2008-03-04 14:30 <KAT> d-------- C:\Documents and Settings\All Users\Application Data\Avg7

2008-03-04 14:26 . 2008-03-04 14:26 <KAT> d-------- C:\Program\Avira

2008-03-02 19:38 . 2008-03-26 15:52 <KAT> d-------- C:\Program\Game Cam

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-03-27 22:36 --------- d-----w C:\Documents and Settings\123\Application Data\SiteAdvisor

2008-03-27 22:33 --------- d-----w C:\Program\Mozilla Thunderbird

2008-03-27 22:33 --------- d-----w C:\Documents and Settings\123\Application Data\foobar2000

2008-03-27 18:42 --------- d-----w C:\Documents and Settings\123\Application Data\Skype

2008-03-27 17:04 --------- d-----w C:\Program\SpeedFan

2008-03-27 10:35 --------- d-----w C:\Documents and Settings\123\Application Data\uTorrent

2008-03-26 20:28 --------- d-----w C:\Documents and Settings\123\Application Data\Hamachi

2008-03-26 15:22 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help

2008-03-26 15:15 --------- d-----w C:\Program\Microsoft Visual Studio 8

2008-03-26 15:10 --------- d-----w C:\Documents and Settings\All Users\Application Data\SecTaskMan

2008-03-26 14:52 --------- d--h--w C:\Program\InstallShield Installation Information

2008-03-25 22:50 --------- d-----w C:\Program\Xfire

2008-03-25 22:08 --------- d-----w C:\Documents and Settings\123\Application Data\Xfire

2008-03-23 23:32 --------- d-----w C:\Program\WinFF

2008-03-22 11:12 --------- d-----w C:\Documents and Settings\123\Application Data\XnView

2008-03-21 19:26 --------- d-----w C:\Documents and Settings\123\Application Data\OpenOffice.org2

2008-03-18 17:07 --------- d-----w C:\Program\Microsoft Games

2008-03-18 16:29 --------- d-----w C:\Program\id Software

2008-03-18 14:37 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll

2008-03-17 13:45 15,440 ----a-w C:\WINDOWS\system32\drivers\hamachi.sys

2008-03-17 13:34 --------- d-----w C:\Program\Java

2008-03-07 21:26 --------- d-----w C:\Documents and Settings\123\Application Data\TeamViewer

2008-03-04 13:26 --------- d-----w C:\Documents and Settings\All Users\Application Data\Avira

2008-03-03 15:13 --------- d-----w C:\Program\Wise Registry Cleaner

2008-02-27 20:57 --------- d-----w C:\Program\Trillian

2008-02-27 18:20 --------- d-----w C:\Program\Lavasoft

2008-02-27 18:17 --------- d-----w C:\Program\Network Associates

2008-02-27 18:17 --------- d-----w C:\Documents and Settings\All Users\Application Data\Network Associates

2008-02-27 15:41 --------- d-----w C:\Program\GameSpy Arcade

2008-02-26 17:59 --------- d-----w C:\Documents and Settings\All Users\Application Data\Grisoft

2008-02-25 16:56 --------- d-----w C:\Program\Tolken

2008-02-23 22:00 --------- d-----w C:\Program\Alega

2008-02-22 23:03 --------- d-----w C:\Program\Glary Utilities PRO

2008-02-21 21:11 --------- d-----w C:\Program\Trend Micro

2008-02-21 17:22 --------- d-----w C:\Documents and Settings\Felix\Application Data\Grisoft

2008-02-21 11:56 --------- d-----w C:\Documents and Settings\123\Application Data\Grisoft

2008-02-20 16:59 --------- d-----w C:\Program\NVTray

2008-02-20 15:14 --------- d-----w C:\Program\Ideazon

2008-02-20 09:05 --------- d-----w C:\Program\a-squared Anti-Malware

2008-02-19 22:24 --------- d-----w C:\Program\Delade filer\Wise Installation Wizard

2008-02-19 20:00 --------- d-----w C:\Program\Winamp

2008-02-19 03:05 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP

2008-02-18 20:55 --------- d-----w C:\Program\Game Cam V2

2008-02-18 20:01 --------- d-----w C:\Program\XnView

2008-02-17 12:06 --------- d-----w C:\Program\Google

2008-02-17 12:03 --------- d-----w C:\Program\IVT Corporation

2008-02-17 12:03 --------- d-----w C:\Documents and Settings\All Users\Application Data\Bluetooth

2008-02-17 09:47 --------- d-----w C:\Documents and Settings\123\Application Data\StarOffice8

2008-02-16 23:14 --------- d-----w C:\Program\Winamp Remote

2008-02-16 23:14 --------- d-----w C:\Documents and Settings\All Users\Application Data\OrbNetworks

2008-02-16 06:56 --------- d-----w C:\Program\Sun

2008-02-14 11:24 --------- d-----w C:\Program\Sony Ericsson

2008-02-14 10:43 --------- d-----w C:\Program\Delade filer\Adobe

2008-02-11 14:06 --------- d-----w C:\Documents and Settings\123\Application Data\LimeWire

2008-02-07 15:21 --------- d-----w C:\Documents and Settings\Felix\Application Data\SiteAdvisor

2008-02-06 11:41 5,664,449 ----a-w C:\SpongebobBETA.zip

2008-02-06 10:06 --------- d-----w C:\Program\Security Task Manager

2008-02-05 15:23 --------- d-----w C:\Program\TeamViewer3

2008-02-04 17:53 --------- d-----w C:\Program\MAGIX

2008-02-04 12:19 --------- d-----w C:\Program\Common Files

2008-02-04 12:15 --------- d-----w C:\Documents and Settings\All Users\Application Data\FLEXnet

2008-02-04 11:15 108,544 ------w C:\WINDOWS\system32\pxcpyi64.exe

2008-02-04 11:14 --------- d-----w C:\Program\MagicISO

2008-02-04 11:06 --------- d-----w C:\Program\UltraISO

2008-02-04 11:06 --------- d-----w C:\Program\Delade filer\EZB Systems

2008-02-04 11:01 --------- d-----w C:\Program\CCleaner

2008-02-04 10:59 --------- d-----w C:\Documents and Settings\123\Application Data\MusicIP

2008-02-04 09:46 --------- d-----w C:\Documents and Settings\123\Application Data\URSoft

2008-02-04 09:25 --------- d-----w C:\Documents and Settings\123\Application Data\Azureus

2008-02-04 09:24 --------- d-----w C:\Documents and Settings\All Users\Application Data\Azureus

2008-02-04 09:20 --------- d-----w C:\Program\FlashFXP

2008-02-04 09:19 --------- d-----w C:\Documents and Settings\123\Application Data\FlashFXP

2008-02-04 09:04 --------- d-----w C:\Program\DVD Shrink

2008-02-04 09:04 --------- d-----w C:\Documents and Settings\All Users\Application Data\DVD Shrink

2008-02-04 09:01 --------- d-----w C:\Documents and Settings\123\Application Data\Notepad++

2008-02-04 09:00 --------- d-----w C:\Program\Notepad++

2008-02-04 08:43 --------- d-----w C:\Program\CyberLink

2008-02-03 22:38 --------- d-----w C:\Program\Intelore

2008-02-03 17:01 --------- d-----w C:\Documents and Settings\123\Application Data\Diino

2008-01-27 18:41 --------- d-----w C:\Documents and Settings\Felix\Application Data\OpenOffice.org2

2008-01-25 15:12 4,608 ----a-w C:\WINDOWS\system32\bbchlp.dll

2008-01-25 15:12 27,776 ----a-w C:\WINDOWS\system32\bbcap.dll

2008-01-15 15:39 0 ----a-w C:\tmp.dat

1998-12-20 10:49 132,012 ----a-w C:\Program\Whine.wav

1998-12-19 14:58 10,525 ----a-w C:\Program\Delade filer\Candy.sbk

.

 

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"msnmsgr"="C:\Program\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 11:35 5724184]

"MSMSGS"="C:\Program\Messenger\msmsgs.exe" [2004-10-13 17:24 1694208]

"Reaper Gaming Mouse"="C:\Program\Ideazon\Reaper\Reaper_Settings.exe" [2006-09-27 10:44 1347584]

"NVTray"="C:\Program\NVTray\NVTray.exe" [2006-08-31 09:28 483328]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2006-03-02 13:00 15360]

"Cacheman"="C:\Program\Cacheman\Cacheman.exe" [2003-07-31 13:13 1290752]

"Glary Memory Optimizer"="C:\Program\Glary Utilities\memdefrag.exe" [2007-11-13 17:12 91136]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2006-03-02 13:00 208952]

"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2006-03-02 13:00 455168]

"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2006-03-02 13:00 455168]

"RTHDCPL"="RTHDCPL.EXE" [2006-03-07 21:54 16010240 C:\WINDOWS\RTHDCPL.exe]

"ISUSPM Startup"="C:\Program\DELADE~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-06-16 05:03 221184]

"ISUSScheduler"="C:\Program\Delade filer\InstallShield\UpdateService\issch.exe" [2004-06-16 05:03 81920]

"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-07-20 21:07 7110656]

"nwiz"="nwiz.exe" [2005-07-20 21:07 1519616 C:\WINDOWS\system32\nwiz.exe]

"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2005-07-20 21:07 86016]

"SunJavaUpdateSched"="C:\Program\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]

"BtTray"="C:\Program\IVT Corporation\BlueSoleil\BtTray.exe" [2007-09-10 11:08 258134]

"avgnt"="C:\Program\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-03-05 09:44 249896]

"IMEKRMIG6.1"="C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE" [2006-03-02 13:00 44032]

"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2006-03-02 13:00 59392]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2006-03-02 13:00 15360]

 

C:\Documents and Settings\All Users\Start-meny\Program\AutostartWindows Live Messenger .lnk - C:\Program\Windows Live\Messenger\msnmsgr.exe [2007-10-18 11:35:08 5724184]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

"NoResolveSearch"= 1 (0x1)

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\nnnolkk]

nnnolkk.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winrkq32]

winrkq32.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]

"LanguageShortcut"=C:\Program\CyberLink\PowerDVD\Language\Language.exe

"RemoteControl"=C:\Program\CyberLink\PowerDVD\PDVDServ.exe

"Adobe Photo Downloader"="C:\Program\Adobe\Photoshop Elements 5.0\apdproxy.exe"

"ICQ Lite"="C:\Program\ICQLite\ICQLite.exe" -minimize

"GrooveMonitor"="C:\Program\Microsoft Office\2007\Office12\GrooveMonitor.exe"

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"FirewallOverride"=dword:00000001

 

R1 bbcap;bbcap;C:\WINDOWS\system32\DRIVERS\bbcap.sys [2008-01-25 16:12]

R2 {95808DC4-FA4A-4c74-92FE-5B863F82066B};{95808DC4-FA4A-4c74-92FE-5B863F82066B};C:\Program\CyberLink\PowerDVD\000.fcl [2006-11-02 16:51]

R2 BlueSoleilCS;BlueSoleilCS;C:\Program\IVT Corporation\BlueSoleil\BlueSoleilCS.exe [2007-09-14 09:44]

R2 ithsgt;ithsgt;C:\WINDOWS\system32\DRIVERS\ithsgt.sys [2007-05-13 15:34]

R2 lilsgt;lilsgt;C:\WINDOWS\system32\DRIVERS\lilsgt.sys [2007-05-13 15:34]

R2 XPROTECTOR;XPROTECTOR;C:\WINDOWS\system32\drivers\Xprotector.sys [2008-03-20 19:23]

R3 BsHelpCS;BsHelpCS;C:\Program\IVT Corporation\BlueSoleil\BsHelpCS.exe [2007-08-17 15:58]

S3 Camdrv30;Philips ToUcam XS;C:\WINDOWS\system32\Drivers\camdrv30.sys [2001-08-17 21:04]

S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;C:\Program\MAGIX\Common\Database\bin\fbserver.exe [2005-11-17 15:18]

S3 ntportio;ntportio;C:\Program\Usb-Smart\SEMC Tool\ntportio.sys []

S3 s115bus;Sony Ericsson Device 115 driver (WDM);C:\WINDOWS\system32\DRIVERS\s115bus.sys [2007-04-23 15:54]

S3 s115mdfl;Sony Ericsson Device 115 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\s115mdfl.sys [2007-04-23 15:54]

S3 s115mdm;Sony Ericsson Device 115 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\s115mdm.sys [2007-04-23 15:54]

S3 s115mgmt;Sony Ericsson Device 115 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\s115mgmt.sys [2007-04-23 15:54]

S3 s115obex;Sony Ericsson Device 115 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\s115obex.sys [2007-04-23 15:54]

S3 SetupNTGLM7X;SetupNTGLM7X;D:\NTGLM7X.sys []

S3 UPnPService;UPnPService;C:\Program\Delade filer\MAGIX Shared\UPnPService\UPnPService.exe [2006-12-14 17:00]

S4 Windows Display Driver Manager;Windows Display Manager;C:\Program\Common Files\System\Nvcpl.exe []

 

.

Contents of the 'Scheduled Tasks' folder

"2008-03-24 16:00:00 C:\WINDOWS\Tasks\Diino Backup - 123 - sparning.Full.job"

- C:\Documents and Settings\123\Mina dokument\Diino\DiinoBackupAgent.exe

"2008-03-24 17:00:00 C:\WINDOWS\Tasks\Diino Backup - 123 - sparning.Incremental.job"

- C:\Documents and Settings\123\Mina dokument\Diino\DiinoBackupAgent.exe

"2008-03-25 14:52:13 C:\WINDOWS\Tasks\Kontrollera uppdateringar för Windows Live Toolbar.job"

 

 

 

 

[/log]

 

 

 

 

här kommer HijackThis loggen

 

[log]

 

 

 

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 00:03, on 2008-03-28

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16608)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program\Ahead\InCD\InCDsrv.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program\Avira\AntiVir PersonalEdition Classic\avguard.exe

C:\Program\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe

C:\Program\Avira\AntiVir PersonalEdition Classic\sched.exe

C:\Program\Grisoft\AVG Anti-Spyware 7.5\guard.exe

C:\Program\IVT Corporation\BlueSoleil\BlueSoleilCS.exe

C:\Program\Delade filer\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\nvsvc32.exe

C:\Program\CyberLink\Shared files\RichVideo.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\dllhost.exe

C:\WINDOWS\System32\vssvc.exe

C:\WINDOWS\system32\dllhost.exe

C:\Program\IVT Corporation\BlueSoleil\BsHelpCS.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Program\Delade filer\InstallShield\UpdateService\issch.exe

C:\Program\Java\jre1.6.0_05\bin\jusched.exe

C:\Program\IVT Corporation\BlueSoleil\BtTray.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program\Avira\AntiVir PersonalEdition Classic\avgnt.exe

C:\Program\Windows Live\Messenger\msnmsgr.exe

C:\Program\Messenger\msmsgs.exe

C:\Program\Ideazon\Reaper\Reaper_Settings.exe

C:\Program\NVTray\NVTray.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program\Cacheman\Cacheman.exe

C:\Program\Glary Utilities\memdefrag.exe

C:\Program\Windows Live\Messenger\msnmsgr.exe

C:\WINDOWS\explorer.exe

C:\Program\Mozilla Thunderbird\thunderbird.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program\Windows Live Toolbar\msn_sl.exe

C:\Program\Mozilla Firefox\firefox.exe

C:\Program\Trend Micro\HijackThis\HijackThis.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896'>http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.windowsxlive.net

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://login.live.com/ppsecure/sha1auth.srf?lc=1053

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar

R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program\ICQToolbar\toolbaru.dll

O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\Program\ICQToolbar\toolbaru.dll

O2 - BHO: (no name) - {206E52E0-D52E-11D4-AD54-0000E86C26F6} - C:\Program\FreshDevices\FreshDownload\FDCatch.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program\SPYBOT~1\SDHelper.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program\MICROS~2\2007\Office12\GRA8E1~1.DLL

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program\Java\jre1.6.0_05\bin\ssv.dll

O2 - BHO: Windows Live inloggningshjälpen - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program\Delade filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program\Windows Live Toolbar\msntb.dll

O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\Program\FlashFXP\IEFlash.dll

O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Program\Styler\TB\StylerTB.dll

O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program\Windows Live Toolbar\msntb.dll

O3 - Toolbar: FreshDownload Bar - {ED0E8CA5-42FB-4B18-997B-769E0408E79D} - C:\Program\FreshDevices\FreshDownload\fdiebar.dll

O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program\ICQToolbar\toolbaru.dll

O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC

O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [iSUSPM Startup] C:\Program\DELADE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program\Delade filer\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program\Java\jre1.6.0_05\bin\jusched.exe"

O4 - HKLM\..\Run: [btTray] "C:\Program\IVT Corporation\BlueSoleil\BtTray.exe"

O4 - HKLM\..\Run: [avgnt] "C:\Program\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min

O4 - HKLM\..\Run: [iMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE

O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC

O4 - HKCU\..\Run: [msnmsgr] "C:\Program\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [MSMSGS] "C:\Program\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [Reaper Gaming Mouse] C:\Program\Ideazon\Reaper\Reaper_Settings.exe

O4 - HKCU\..\Run: [NVTray] C:\Program\NVTray\NVTray.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [Cacheman] C:\Program\Cacheman\Cacheman.exe

O4 - HKCU\..\Run: [Glary Memory Optimizer] "C:\Program\Glary Utilities\memdefrag.exe" /autostart

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJÄNST')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')

O4 - Startup: AutorunsDisabled

O4 - Global Startup: Windows Live Messenger .lnk = C:\Program\Windows Live\Messenger\msnmsgr.exe

O8 - Extra context menu item: &Windows Live Search - res://C:\Program\Windows Live Toolbar\msntb.dll/search.htm

O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~2\2007\Office12\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: Blogga detta - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Blogga detta i Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Skicka till OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program\MICROS~2\2007\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: Ski&cka till OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program\MICROS~2\2007\Office12\ONBttnIE.dll

O9 - Extra button: FreshDownload - {35ACB4B3-ED95-48DB-A5D4-FB396EF7E489} - C:\Program\FreshDevices\FreshDownload\fd.exe

O9 - Extra button: Referensinformation - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\program\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program\SPYBOT~1\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://fille-ft.spaces.live.com//PhotoUpload/MsnPUpld.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1166734017125

O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://fille117.spaces.live.com/PhotoUpload/MsnPUpld.cab

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab

O16 - DPF: {97E71027-0BA2-44F2-97DB-F84D808ED0B6} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab55762.cab

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program\MICROS~2\2007\Office12\GR99D3~1.DLL

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program\DELADE~1\Skype\SKYPE4~1.DLL

O20 - Winlogon Notify: nnnolkk - nnnolkk.dll (file missing)

O20 - Winlogon Notify: winrkq32 - winrkq32.dll (file missing)

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program\Delade filer\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - C:\Program\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe

O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program\Avira\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program\Avira\AntiVir PersonalEdition Classic\avguard.exe

O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program\Grisoft\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: BlueSoleilCS - Unknown owner - C:\Program\IVT Corporation\BlueSoleil\BlueSoleilCS.exe

O23 - Service: BsHelpCS - Unknown owner - C:\Program\IVT Corporation\BlueSoleil\BsHelpCS.exe

O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program\MAGIX\Common\Database\bin\fbserver.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program\Delade filer\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program\Ahead\InCD\InCDsrv.exe

O23 - Service: InCD Helper (read only) (InCDsrvR) - Nero AG - C:\Program\Ahead\InCD\InCDsrv.exe

O23 - Service: Microsoft Office Groove Audit Service - Unknown owner - C:\Program\Microsoft Office\2007\Office12\GrooveAuditService.exe (file missing)

O23 - Service: WinFast® Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program\CyberLink\Shared files\RichVideo.exe

O23 - Service: UPnPService - Magix AG - C:\Program\Delade filer\MAGIX Shared\UPnPService\UPnPService.exe

 

--

End of file - 12049 bytes

 

 

 

[/log]

 

 

 

 

 

 

// är det något du vill fråga eller veta så finns jag på

MSN: felix.toftler95@hotmail.com

mail: fille777@gmail.com

ICQ: 418-484-09

och på det här underbara forum!

 

[Cecilia]

Slutet på ComboFix-loggen ser ut att saknas.

 

Kontrollpanelen - Administrationsverktyg - Tjänster

Leta upp Windows Display Driver Manager i listan, om den finns så dubbelklicka och välj Startmetod Inaktiverad.

 

[log]Skanna med HijackThis och bocka för:

 

R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program\ICQToolbar\toolbaru.dll

O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\Program\ICQToolbar\toolbaru.dll

O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program\ICQToolbar\toolbaru.dll

O20 - Winlogon Notify: nnnolkk - nnnolkk.dll (file missing)

O20 - Winlogon Notify: winrkq32 - winrkq32.dll (file missing)

 

Avsluta alla andra program.

Tryck Fix checked.[/log]

 

Starta om datorn och kontrollera själv att ovanstående rader är borta ur en ny HijackThis-logg.

 

Gå till http://www.virustotal.com/ klistra in ett av följande filnamn i rutan, tryck på Skicka Fil och vänta tills resultatet är klart (Närvarande status blir genomförd). Klistra in resultatet från de olika antivirusprogrammen här. Upprepa med nästa filnamn.

C:\WINDOWS\system32\DRIVERS\bbcap.sys

C:\WINDOWS\system32\drivers\Xprotector.sys

 

Hittar Antivir något nu?

 

[kalleankaz]

tjeena

 

 

 

avira hittar inget, och jag har det inställt så att det skall reagera på allt som den tror är skit.

 

C:\WINDOWS\system32\DRIVERS\bbcap.sys :

[log]

AhnLab-V3 2008.3.26.0 2008.03.27 -

AntiVir 7.6.0.75 2008.03.27 -

Authentium 4.93.8 2008.03.27 -

Avast 4.7.1098.0 2008.03.27 -

AVG 7.5.0.516 2008.03.27 -

BitDefender 7.2 2008.03.27 -

CAT-QuickHeal 9.50 2008.03.26 -

ClamAV 0.92.1 2008.03.27 -

DrWeb 4.44.0.09170 2008.03.27 -

eSafe 7.0.15.0 2008.03.18 -

eTrust-Vet 31.3.5650 2008.03.27 -

Ewido 4.0 2008.03.27 -

F-Prot 4.4.2.54 2008.03.27 -

F-Secure 6.70.13260.0 2008.03.27 -

FileAdvisor 1 2008.03.28 -

Fortinet 3.14.0.0 2008.03.27 -

Ikarus T3.1.1.20 2008.03.27 -

Kaspersky 7.0.0.125 2008.03.28 -

McAfee 5261 2008.03.27 -

Microsoft 1.3301 2008.03.27 -

NOD32v2 2979 2008.03.27 -

Norman 5.80.02 2008.03.26 -

Panda 9.0.0.4 2008.03.26 -

Prevx1 V2 2008.03.28 -

Rising 20.37.32.00 2008.03.27 -

Sophos 4.27.0 2008.03.27 -

Sunbelt 3.0.978.0 2008.03.18 -

Symantec 10 2008.03.27 -

TheHacker 6.2.92.257 2008.03.27 -

VBA32 3.12.6.3 2008.03.25 -

VirusBuster 4.3.26:9 2008.03.27 -

Webwasher-Gateway 6.6.2 2008.03.27 -

[/log]

 

 

C:\WINDOWS\system32\drivers\Xprotector.sys

 

[log]

 

AhnLab-V3 2008.3.26.0 2008.03.27 -

AntiVir 7.6.0.75 2008.03.27 -

Authentium 4.93.8 2008.03.27 -

Avast 4.7.1098.0 2008.03.27 -

AVG 7.5.0.516 2008.03.27 -

BitDefender 7.2 2008.03.27 -

CAT-QuickHeal 9.50 2008.03.26 -

ClamAV 0.92.1 2008.03.27 -

DrWeb 4.44.0.09170 2008.03.27 -

eSafe 7.0.15.0 2008.03.18 -

eTrust-Vet 31.3.5650 2008.03.27 -

Ewido 4.0 2008.03.27 -

F-Prot 4.4.2.54 2008.03.27 -

F-Secure 6.70.13260.0 2008.03.27 -

FileAdvisor 1 2008.03.28 -

Fortinet 3.14.0.0 2008.03.27 -

Ikarus T3.1.1.20 2008.03.27 -

Kaspersky 7.0.0.125 2008.03.28 -

McAfee 5261 2008.03.27 -

Microsoft 1.3301 2008.03.27 -

NOD32v2 2979 2008.03.27 -

Norman 5.80.02 2008.03.26 -

Panda 9.0.0.4 2008.03.26 -

Prevx1 V2 2008.03.28 -

Rising 20.37.32.00 2008.03.27 -

Sophos 4.27.0 2008.03.27 -

Sunbelt 3.0.978.0 2008.03.18 -

Symantec 10 2008.03.27 -

TheHacker 6.2.92.257 2008.03.27 -

VBA32 3.12.6.3 2008.03.25 -

VirusBuster 4.3.26:9 2008.03.27 -

Webwasher-Gateway 6.6.2 2008.03.27 -

 

[/log]

 

 

inget virus

 

 

 

// är det något du vill fråga eller veta så finns jag på

MSN: felix.toftler95@hotmail.com

mail: fille777@gmail.com

ICQ: 418-484-09

och på det här underbara forum!

 

[Cecilia]

Vad bra!

Då hoppas jag att det är fixat för den här gången.

 

Men om du nu gillar att installera program som du inte borde installera så se om du inte kan göra det i en virtuell miljö i stället.

 

[kalleankaz]

tjeena

 

 

jag tror inte att jag har installerat något program som jag inte vet vad det är

 

 

 

// är det något du vill fråga eller veta så finns jag på

MSN: felix.toftler95@hotmail.com

mail: fille777@gmail.com

ICQ: 418-484-09

och på det här underbara forum!

 

[Cecilia]

jag tror inte att jag har installerat något program som jag inte vet vad det är

Okej, men på något sätt så fick du in en Vundo-infektion i alla fall. Vet du hur?

 

[kalleankaz]

tjeena

 

 

 

kan det ha vart min klåfingrige kompis som tog emot ett virus över msn?

för en del av mina kompisar har varigt duma och tagit emot virus från andra på det setet (på deras datorer).

 

 

 

// är det något du vill fråga eller veta så finns jag på

MSN: felix.toftler95@hotmail.com

mail: fille777@gmail.com

ICQ: 418-484-09

och på det här underbara forum!

 

[Cecilia]

MSN?

Då är det kanske bäst med detta:

Ladda ner MSN_Fix till Skrivbordet.

http://sosvirus.changelog.fr/MSNFix.zip

Packa upp filen och starta MSNFix.bat genom att dubbelklicka på den.

Välj språk genom att trycka på motsvarande bokstav.

Tryck R för att starta skanningen.

Om något hittas så tryck på valfri tangent för att starta borttagningen.

Ibland så kommer det upp ett meddelande om att starta om datorn, gör det i så fall.

Klistra in loggen som kommer upp i ditt svar här.

Om den inte kommer upp så hittar du den i den mappen där programmet ligger och namnet på loggen innehåller datum och klockslag för körningen.

 

[kalleankaz]

tjeena

 

 

här kommer loggen

 

 

[log]

MSNFix 1.692

 

C:\Documents and Settings\123\Skrivbord\MSNFix

Scan done at 2008-03-28 - 12:16:35.93 By 123

normal mode

 

************************ Checking Files

 

No files found

 

************************ Checking Folders

 

... \TEMP\

... C:\Temp\

 

 

 

 

************************ Deleting malware Files

 

.. OK ... C:\DOCUME~1\123\LOKALA~1\Temp\winlogon.exe

.. OK ... C:\DOCUME~1\123\LOKALA~1\Temp\services.exe

 

 

************************ Deleting malware Folders

 

/!\ ... \TEMP\

/!\ ... C:\Temp\

 

 

************************ Registry Cleaning

 

 

 

************************ Suspect Files

 

/!\ The detected files must be reviewed by a forum Helper before changes can be made

 

[C:\SpongebobBETA.zip] A1F3A1EAB9116D4DF708ED73DD734403

 

==> Please upload the file C:\DOCUME~1\123\SKRIVB~1\Upload_Me.zip to http://upload.changelog.fr

 

 

 

The File and Registry deletions have been saved in 2008-03-28_121750.25.zip

 

************************ HKLM\...\Winlogon\Userinit

 

Userinit = C:\WINDOWS\system32\userinit.exe,

 

 

------------------------------------------------------------------------

Author : !aur3n7 Contact: http://changelog.fr

------------------------------------------------------------------------

 

--------------------------------------------- END ---------------------------------------------

 

[/log]

 

 

 

 

// om du vill veta lite mer om mig klicka då på min profil :thumbsup:

 

[Cecilia]

Titta där försvann några filer till.

 

Vet du vad C:\SpongebobBETA.zip är för något?

Om inte så kolla upp den på http://www.virustotal.com/

 

Tänk nu på att vara rädd om datorn.

http://ceblstockholm.googlepages.com/home

 

 

[kalleankaz]

tjeena

 

 

C:\SpongebobBETA.zip är en halo trial mod (om byggd bana)

så det är inget farligt

 

 

 

// om du vill veta lite mer om mig klicka då på min profil :thumbsup:

 

[kalleankaz]

tjeena

 

 

 

skall jag klistra in en ny HijackThis logg?

 

 

 

// om du vill veta lite mer om mig klicka då på min profil :thumbsup:

 

[Cecilia]

Du kan titta själv in en ny HijackThis-logg och se om du ser någon skillnad.

 

[kalleankaz]

tjeena

 

 

 

jag kollade igenom loggen och jag hittade inget misstänkt

 

 

 

 

// om du vill veta lite mer om mig klicka då på min profil :thumbsup: