kommer inte in på windows xp, virus?

[CSO]

Hej!

För några dagar sen sa min dator till att jag hade spyware på datorn. Hur det kom dit vet jag inte, då jag har bra antivirus och antispyware program. Iallafall har jag sökt igenom datorn med olika program och de hittar filerna men de går inte att ta bort :/ inte ens om man startar om datorn. och nu idag så gick det inte att logga in på windows xp som jag har då. jag skriver in användarnamn och lösenord och den godkänner osv. men sen så "stannar" den precis när man fått upp bakrundsbilden, men ingen startmeny/genvägar på skrivbordet. det går dock att komma in när jag kör felsäkert läge, men det går inte att göra System Restore.

Vad ska jag göra? Behöver hjälp AKUT!

 

[Cecilia]

Går det att ta fram Aktivitetshanteraren genom att trycka Ctrl+Alt+Del?

I Aktivitetshanteraren:

Arkiv - Ny aktivitet

skriv in explorer.exe

Kommer startmenyn då?

 

Kan du föra över filer till den datorn när den är i felsäkert läge?

I så fall för över HijackThis.

http://www.trendsecure.com/portal/en-US/_download/HJTInstall.exe

Installera, starta och välj "Do a system scan and save a logfile", kopiera loggen som kommer upp (inget annat) och för över den tillbaks.

 

I ditt svar bifogar du HijackThis-loggen på detta sätt:

Tryck på LOG-knappen i Besvara-fönstret

Klistra in loggen

Tryck igen på LOG-knappen

 

[CSO]

Hej igen.

Nej jag kan varken ta fram aktivitetshanteraren då eller nu i felsäkert läge :/ kommer upp: Task Manager has been disabled by your administrator.

Vet dock inte vad jag har gjort för att "förbjuda" den :S

 

Har redan laddat ner HijackThis, så behövde inte det (: (tur det, tror inte det skulle gått annars...)

 

så här kommer loggen då:

[log]Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 16:40:09, on 2008-04-28

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Safe mode with network support

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

C:\Program Files\PC Tools AntiVirus\PCTAVSvc.exe

C:\Program Files\Spyware Doctor\pctsAuxs.exe

C:\Program Files\Spyware Doctor\pctsSvc.exe

C:\Program Files\Spyware Doctor\pctsTray.exe

C:\WINDOWS\explorer.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\Common Files\BortMedVirus\ugac.exe

C:\Program Files\Common Files\BortMedVirus\bm.exe

C:\WINDOWS\system32\rundll32.exe

C:\WINDOWS\system32\rundll32.exe

C:\PROGRA~1\Mozilla Firefox\firefox.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=6010&mid=MjI6Ojg5&lid=2

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://login.live.com/ppsecure/sha1auth.srf?lc=1053

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O3 - Toolbar: dpevflbg - {859D10F7-0E0F-43A8-8DF7-EC0466A40301} - C:\WINDOWS\dpevflbg.dll (file missing)

O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"

O4 - HKLM\..\Run: [D-Link AirPlus G] C:\Program Files\D-Link\AirPlus G\AirGCFG.exe

O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"

O4 - HKLM\..\Run: [DMXLauncher] "C:\Program Files\Roxio\Media Experience\DMXLauncher.exe"

O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe"

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent

O4 - HKLM\..\Run: [iSUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"

O4 - HKLM\..\Run: [PCTAVApp] "C:\Program Files\PC Tools AntiVirus\PCTAV.exe" /MONITORSCAN

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min

O4 - HKLM\..\Run: [Host Process] C:\WINDOWS\Fonts\svchost.exe

O4 - HKLM\..\Run: [LSA Shellu] C:\Documents and Settings\caroline\lsass.exe

O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"

O4 - HKLM\..\Run: [ucookw] "C:\PROGRA~1\TRYGGD~1\ucookw.exe" -start

O4 - HKLM\..\Run: [salestart] "C:\Program Files\Common Files\TryggDator\strpmon.exe" dm=http://tryggdator.com ad=http://tryggdator.com sd=http://ingo.tryggdator.com

O4 - HKLM\..\Run: [spywarefighterguard] C:\Program Files\SPYWAREfighter\spftray.exe

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized

O4 - HKLM\..\Run: [iSTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"

O4 - HKLM\..\Run: [bortMedVirus] C:\Program Files\BortMedVirus\pgs.exe

O4 - HKLM\..\Run: [ugac] "C:\PROGRA~1\COMMON~1\BORTME~1\ugac.exe" -start

O4 - HKLM\..\Run: [bm(1)] "C:\Program Files\Common Files\BortMedVirus\bm.exe" dm=http://bortmedvirus.com ad=http://bortmedvirus.com sd=http://atour.bortmedvirus.com

O4 - HKLM\..\Run: [a4a5ac12] rundll32.exe "C:\WINDOWS\system32\itswxieu.dll",b

O4 - HKLM\..\RunOnce: [overinstall] "C:\Program Files\BortMedVirus\pgs.exe" /empty

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart

O4 - HKCU\..\Run: [indxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020

O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [arjnyorp] C:\WINDOWS\system32\doxefura.exe

O4 - HKCU\..\Run: [VirusIsolator.exe] C:\Program Files\VirusIsolator\VirusIsolator.exe

O4 - HKCU\..\Run: [e©ùýùÇûï×óÎØøøÁøôóÊýÛñûöÞó] C:\Program Files\XP Antivirus\xpa.exe

O4 - HKLM\..\Policies\Explorer\Run: [Z2DYHUmNBr] C:\Documents and Settings\All Users\Application Data\laxyhuve\hczynynq.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: BTTray.lnk = ?

O4 - Global Startup: Picture Package Menu.lnk = ?

O4 - Global Startup: Picture Package VCD Maker.lnk = ?

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\caroline\Start Menu\Programs\IMVU\Run IMVU.lnk

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll

O21 - SSODL: vadokmxt - {D253013C-B2CD-4CC0-B4C8-427856ADDE39} - C:\WINDOWS\vadokmxt.dll (file missing)

O21 - SSODL: wdpoefan - {3327781F-46B1-4CAC-95E4-6B5CC59B4902} - C:\WINDOWS\wdpoefan.dll (file missing)

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe

O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: PC Tools AntiVirus Engine (PCTAVSvc) - PC Tools Research Pty Ltd - C:\Program Files\PC Tools AntiVirus\PCTAVSvc.exe

O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe

O23 - Service: PsExec (PSEXESVC) - Unknown owner - C:\WINDOWS\PSEXESVC.EXE (file missing)

O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Common Files\Sonic Shared\RoxioUPnPRenderer9.exe

O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Common Files\Sonic Shared\RoxioUpnpService9.exe

O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe

O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe

O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe

O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe

O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe

O23 - Service: SPYWAREfighterRP - SpamFighter APS - C:\Program Files\SPYWAREfighter\spfprc.exe

O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe

O24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm

 

--

End of file - 12148 bytes[/log]

 

observera alltså att detta är kört i felsäkert läge (:

 

[Cecilia]

Det är flera skadliga program i datorn. Tycker du inte att det är lite mycket att drabbas av på så kort tid?

 

Det är egentligen inte bra att ansluta till internet i felsäkert läge eftersom brandvägg och antivirusprogram inte är igång då. Det gör att datorn kan bli mer infekterad om datorn inte är ansluten till internet via en router eller annat med en brandvägg.

 

Det är inte du som gjort något med Aktivitetshanteraren utan det är ett av de skadliga programmen som har ändrat.

 

[log]Ladda ner SDFix till Skrivbordet:

http://downloads.andymanchesta.com/RemovalTools/SDFix.exe

Dubbelklicka på SDFix.exe och en ny mapp skapas, C:\SDFix.

 

I felsäkert läge öppna den nya mappen C:\SDFix och dubbelklicka på RunThis.bat för att starta programmet.

Tryck Y för att fortsätta.

Det arbetar ett tag och när det är klart så kommer det upp en fråga om du vill starta om datorn.

Tryck på godtycklig tangent för att omstarten ska påbörjas.

Starta om till normalt läge.

Datorn kommer att ta lång tid på sig under uppstarten eftersom programmet kommer att gå igång och fixa till en massa.

När det är klart visas Finished.

Tryck på valfri tangent för att avsluta programmet.

 

Öppna mappen SDFix och öppna filen Report.txt i Anteckningar.

Klistra in innehållet i filen i ditt svar här.

Skapa en ny HijackThis-logg också och klistra in här.[/log]

 

[CSO]

hej. jo, jag vet ärligt inte vad som hände :S måste varit något jag laddade ner eller något sådant...

 

jo... jag laddade ner programmet till datorn och det körde igång och bad mig snart starta om datorn, vilket jag gjorde. men när jag startade den helt normalt sen kom det, innan jag loggade in, upp en blå ruta där det står något om hardware och massa, sedan säger den åt mig att starta om men den komemr upp g¨ng på gång. och när jag tillslut kom igenom då så är ingenting förändrat och SDFix gör inget... kommer bara upp bakrundsbilden och virus-detector. har ju några program installerade som då säger till att det finns virus.

fick dock upp aktivitetshanteraren och skrev in att den skulle starta explorer.exe, men det sa den att den inte kunde hitta/fanns.

 

så... vad ska jag göra? :S kör alltså fortfarande felsäkert med nätvärk... kanske inte bra men enda utvägen i mitt fall. (:

 

[Cecilia]

upp en blå ruta där det står något om hardware och massa

Menar du en helt blå skärm?

 

Ladda ner ComboFix till Skrivbordet:

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

 

Starta om datorn i felsäkert läge utan nätverk.

Kör ComboFix och följ anvisningarna som visas.

 

VIKTIGT! Klicka inte på ComboFix-fönstret med musen när den körs annars kan den hänga upp sig.

 

När den är färdig så ska en logg komma upp, bifoga den till ditt svar.

 

Om du får problem med att komma ut på internet:

Kontrollpanelen - Nätverksanslutningar

högerklicka på din internetanslutning och välj Reparera och/eller starta om datorn.

 

Varning! ComboFix förhindrar automatisk körning av CD, disketter och USB-enheter för att göra det lättare att rensa datorn. Det kan bli problem t ex om du har internet via ett USB-modem eller USB-nätverkskort. Säg då till i stället för att köra ComboFix.

 

 

[CSO]

jag har D-link, trådlöst nätverk. den sitter ju i en USB-port, ska jag då inte köra ComboFix?

 

[Cecilia]

Då ska du inte köra ComboFix.

 

Ladda ner programmet SmitfraudFix (by S!Ri) till Skrivbordet:

http://siri.urz.free.fr/Fix/SmitfraudFix.exe

Dubbelklicka på den nedladdade filen Smitfraudfix.exe.

Först kommer en uppmaning att trycka på någon tangent så gör det.

Välj sedan alternativ 1 - Search genom att trycka på 1 och Enter.

Programmet kommer att skanna igenom datorn.

När den är klart visas resultatet och programmet har skapat loggfilen C:\rapport.txt.

 

Klistra in innehållet i loggfilen i ditt svar här.

 

Gör inget annat med SmitfraudFix.

 

[CSO]

Okej, här kommer loggfilen då:

 

[log]SmitFraudFix v2.319

 

Scan done at 22:52:18,64, 2008-04-28

Run from C:\Documents and Settings\caroline\SmitfraudFix

OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT

The filesystem type is NTFS

Fix run in safe mode

 

»»»»»»»»»»»»»»»»»»»»»»»» Process

 

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

C:\Program Files\PC Tools AntiVirus\PCTAVSvc.exe

C:\Program Files\Spyware Doctor\pctsAuxs.exe

C:\Program Files\Spyware Doctor\pctsSvc.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Spyware Doctor\pctsTray.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\PROGRA~1\Mozilla Firefox\firefox.exe

C:\WINDOWS\system32\cmd.exe

 

»»»»»»»»»»»»»»»»»»»»»»»» hosts

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\caroline

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\caroline\Application Data

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Start Menu

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\caroline\FAVORI~1

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Desktop

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files

 

C:\Program Files\akl\ FOUND !

 

»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]

"Source"="About:Home"

"SubscribedURL"="About:Home"

"FriendlyName"="My Current Home Page"

 

 

»»»»»»»»»»»»»»»»»»»»»»»» IEDFix

!!!Attention, following keys are not inevitably infected!!!

 

IEDFix

Credits: Malware Analysis & Diagnostic

Code: S!Ri

 

 

»»»»»»»»»»»»»»»»»»»»»»»» VACFix

!!!Attention, following keys are not inevitably infected!!!

 

VACFix

Credits: Malware Analysis & Diagnostic

Code: S!Ri

 

 

»»»»»»»»»»»»»»»»»»»»»»»» 404Fix

!!!Attention, following keys are not inevitably infected!!!

 

404Fix

Credits: Malware Analysis & Diagnostic

Code: S!Ri

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler

!!!Attention, following keys are not inevitably infected!!!

 

SrchSTS.exe by S!Ri

Search SharedTaskScheduler's .dll

 

 

»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs

!!!Attention, following keys are not inevitably infected!!!

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"AppInit_DLLs"=""

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Winlogon

!!!Attention, following keys are not inevitably infected!!!

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]

"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"

"System"=""

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Rustock

 

 

 

»»»»»»»»»»»»»»»»»»»»»»»» DNS

 

Description: D-Link AirPlus G DWL-G122 Wireless USB Adapter(rev.C) #5 - Packet Scheduler Miniport

DNS Server Search Order: 192.168.0.254

DNS Server Search Order: 192.168.0.254

 

Description: NVIDIA nForce Networking Controller - Packet Scheduler Miniport

DNS Server Search Order: 192.168.1.1

 

Description: D-Link AirPlus G DWL-G122 Wireless USB Adapter(rev.C) #5 - Packet Scheduler Miniport

DNS Server Search Order: 192.168.1.1

 

HKLM\SYSTEM\CCS\Services\Tcpip\..\{78B67FE7-311B-4D86-82B3-57F4C6E9C1C4}: DhcpNameServer=192.168.1.1

HKLM\SYSTEM\CCS\Services\Tcpip\..\{D9C24F19-40B1-48BF-8EB3-953B57895B6C}: DhcpNameServer=192.168.0.254 192.168.0.254

HKLM\SYSTEM\CCS\Services\Tcpip\..\{FA56CC08-AB7F-4A4B-A11F-11B3BB3B5DED}: DhcpNameServer=192.168.1.1

HKLM\SYSTEM\CS1\Services\Tcpip\..\{78B67FE7-311B-4D86-82B3-57F4C6E9C1C4}: DhcpNameServer=192.168.1.1

HKLM\SYSTEM\CS1\Services\Tcpip\..\{D9C24F19-40B1-48BF-8EB3-953B57895B6C}: DhcpNameServer=192.168.0.254 192.168.0.254

HKLM\SYSTEM\CS1\Services\Tcpip\..\{FA56CC08-AB7F-4A4B-A11F-11B3BB3B5DED}: DhcpNameServer=192.168.1.1

HKLM\SYSTEM\CS2\Services\Tcpip\..\{78B67FE7-311B-4D86-82B3-57F4C6E9C1C4}: DhcpNameServer=192.168.1.1

HKLM\SYSTEM\CS2\Services\Tcpip\..\{D9C24F19-40B1-48BF-8EB3-953B57895B6C}: DhcpNameServer=192.168.0.254 192.168.0.254

HKLM\SYSTEM\CS2\Services\Tcpip\..\{FA56CC08-AB7F-4A4B-A11F-11B3BB3B5DED}: DhcpNameServer=192.168.1.1

HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1

HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1

HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection

 

 

»»»»»»»»»»»»»»»»»»»»»»»» End[/log]

 

[Cecilia]

Dubbelklicka på smitfraudfix.exe för att starta programmet.

Välj alternativ 2 genom att trycka 2 och Enter.

Vänta på att verktyget blir klart och diskrensningen avslutas.

Under tiden så kommer det en fråga om du vill rensa registret (clean the registry) svara ja (Yes) genom att trycka Y och Enter.

 

Om datorn inte startar om av sig själv så gör du det.

Även denna gång ska det vara felsäkert läge.

 

Kontrollpanelen - Internet-alternativ - Allmänt - Ta bort filer, kryssa i rutan - OK

 

I ditt svar så klistra in den nyss skapade C:\rapport.txt.

 

Ladda ner Deckard's System Scanner till Skrivbordet.

http://www.techsupportforum.com/sectools/Deckard/dss.exe

 

Avsluta alla program.

Kör programmet och följ anvisningarna som visas.

När det är klart så skapas två loggfiler, main.txt och extra.txt i samma mapp som skannern ligger i. Klistra in dem här.

 

Programmet kommer bland annat att tömma Papperskorgarna och mappar för tillfälliga filer i datorn.

 

[CSO]

här kommer loggen för main.txt

 

[log]Deckard's System Scanner v20071014.68

Run by caroline on 2008-05-01 15:54:40

Computer is in Safe Mode with Networking.

--------------------------------------------------------------------------------

 

-- System Restore --------------------------------------------------------------

 

Failed to create restore point; computer is in safe mode.

 

 

-- Last 5 Restore Point(s) --

165: 2008-05-01 13:12:29 UTC - RP283 - Software Distribution Service 3.0

164: 2008-04-30 18:05:00 UTC - RP282 - Software Distribution Service 3.0

163: 2008-04-28 17:47:48 UTC - RP281 - Software Distribution Service 3.0

162: 2008-04-25 11:42:01 UTC - RP280 - Software Distribution Service 3.0

161: 2008-04-24 16:58:20 UTC - RP279 - System Checkpoint

 

 

-- First Restore Point --

1: 2008-04-18 19:03:52 UTC - RP119 - Software Distribution Service 3.0

 

 

Backed up registry hives.

Performed disk cleanup.

 

 

 

-- HijackThis (run as caroline.exe) --------------------------------------------

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 15:55:49, on 2008-05-01

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Safe mode with network support

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

C:\Program Files\PC Tools AntiVirus\PCTAVSvc.exe

C:\Program Files\Spyware Doctor\pctsAuxs.exe

C:\Program Files\Spyware Doctor\pctsSvc.exe

C:\Program Files\Spyware Doctor\pctsTray.exe

C:\Documents and Settings\caroline\Desktop\dss.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

C:\PROGRA~1\TRENDM~1\HIJACK~1\caroline.exe

 

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://login.live.com/ppsecure/sha1auth.srf?lc=1053

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: {a67f7741-2c81-ab8a-3fc4-26250edc3d04} - {40d3cde0-5262-4cf3-a8ba-18c21477f76a} - C:\WINDOWS\system32\feyrduba.dll

O2 - BHO: (no name) - {623B6C68-B4D9-4C1B-A789-B378B48D229B} - C:\WINDOWS\system32\xxyyVOHx.dll (file missing)

O2 - BHO: (no name) - {70CF0E53-42F0-4640-A672-52B14214439E} - C:\WINDOWS\system32\byXQJYQi.dll (file missing)

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O2 - BHO: Windows Live inloggningshjälpen - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll

O2 - BHO: (no name) - {EE5A1465-1E73-4784-8F63-45983FDF0DB8} - C:\WINDOWS\system32\byXrroOE.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"

O4 - HKLM\..\Run: [D-Link AirPlus G] C:\Program Files\D-Link\AirPlus G\AirGCFG.exe

O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"

O4 - HKLM\..\Run: [DMXLauncher] "C:\Program Files\Roxio\Media Experience\DMXLauncher.exe"

O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe"

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent

O4 - HKLM\..\Run: [iSUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"

O4 - HKLM\..\Run: [PCTAVApp] "C:\Program Files\PC Tools AntiVirus\PCTAV.exe" /MONITORSCAN

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min

O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"

O4 - HKLM\..\Run: [ucookw] "C:\PROGRA~1\TRYGGD~1\ucookw.exe" -start

O4 - HKLM\..\Run: [spywarefighterguard] C:\Program Files\SPYWAREfighter\spftray.exe

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized

O4 - HKLM\..\Run: [iSTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"

O4 - HKLM\..\Run: [bortMedVirus] C:\Program Files\BortMedVirus\pgs.exe

O4 - HKLM\..\Run: [bm(1)] "C:\Program Files\Common Files\BortMedVirus\bm.exe" dm=http://bortmedvirus.com ad=http://bortmedvirus.com sd=http://atour.bortmedvirus.com

O4 - HKLM\..\Run: [sDFix] C:\SDFix\RunThis.bat /second

O4 - HKLM\..\Run: [bMa7969f8e] Rundll32.exe "C:\WINDOWS\system32\hnywckwv.dll",s

O4 - HKLM\..\Run: [a4a5ac12] rundll32.exe "C:\WINDOWS\system32\yxgyrnqu.dll",b

O4 - HKLM\..\RunOnce: [sDFix] C:\SDFix\RunThis.bat /second

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart

O4 - HKCU\..\Run: [indxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020

O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [arjnyorp] C:\WINDOWS\system32\doxefura.exe

O4 - HKCU\..\Run: [e©ùýùÇûï×óÎØøøÁøôóÊýÛñûöÞó] C:\Program Files\XP Antivirus\xpa.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: BTTray.lnk = ?

O4 - Global Startup: Picture Package Menu.lnk = ?

O4 - Global Startup: Picture Package VCD Maker.lnk = ?

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\caroline\Start Menu\Programs\IMVU\Run IMVU.lnk

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll

O20 - Winlogon Notify: byXrroOE - C:\WINDOWS\SYSTEM32\byXrroOE.dll

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe

O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: PC Tools AntiVirus Engine (PCTAVSvc) - PC Tools Research Pty Ltd - C:\Program Files\PC Tools AntiVirus\PCTAVSvc.exe

O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe

O23 - Service: PsExec (PSEXESVC) - Unknown owner - C:\WINDOWS\PSEXESVC.EXE (file missing)

O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Common Files\Sonic Shared\RoxioUPnPRenderer9.exe

O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Common Files\Sonic Shared\RoxioUpnpService9.exe

O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe

O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe

O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe

O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe

O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe

O23 - Service: SPYWAREfighterRP - SpamFighter APS - C:\Program Files\SPYWAREfighter\spfprc.exe

O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe

 

--

End of file - 12004 bytes

 

-- File Associations -----------------------------------------------------------

 

All associations okay.

 

 

-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

 

R1 cdrbsdrv - c:\windows\system32\drivers\cdrbsdrv.sys <Not Verified; B.H.A Corporation; B's Recorder GOLD7>

R3 ASAPIW2k - c:\windows\system32\drivers\asapiw2k.sys <Not Verified; Pinnacle Systems GmbH; asapi>

 

S1 PCLEPCI - c:\windows\system32\drivers\pclepci.sys <Not Verified; Pinnacle Systems GmbH; PCLEPCI>

S2 ANIO (ANIO Service) - c:\windows\system32\anio.sys <Not Verified; Alpha Networks Inc.; ANIO (NT5) Driver>

S2 BTSERIAL (Bluetooth Serial Driver) - c:\windows\system32\drivers\btserial.sys <Not Verified; Broadcom Corporation.; Bluetooth Software 4.0.1.700>

S2 BTSLBCSP (Bluetooth Port Client Driver) - c:\windows\system32\drivers\btslbcsp.sys <Not Verified; Broadcom Corporation.; Bluetooth Software 4.0.1.700>

S2 ousbehci (%OWC_USBEHCD.DeviceDesc%) - c:\windows\system32\drivers\ousbehci.sys <Not Verified; OrangeWare Corporation; USB 2.0 Enhanced Host Controller Driver>

S3 catchme - c:\docume~1\caroline\locals~1\temp\catchme.sys (file missing)

 

 

-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

 

S2 ANIWZCSdService (ANIWZCSd Service) - c:\program files\ani\aniwzcs2 service\aniwzcsds.exe <Not Verified; Alpha Networks Inc.; ANIWZCS2 Service Launcher (NT)>

S2 AntiVirScheduler (AntiVir PersonalEdition Classic Scheduler) - "c:\program files\avira\antivir personaledition classic\sched.exe" <Not Verified; Avira GmbH; AntiVir Workstation>

S2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>

S2 Nero BackItUp Scheduler 3 - c:\program files\nero\nero8\nero backitup\nbservice.exe

S2 PLFlash DeviceIoControl Service - c:\windows\system32\ioctlsvc.exe <Not Verified; Prolific Technology Inc.; IoctlSvc Application>

S3 PSEXESVC (PsExec) - c:\windows\psexesvc.exe (file missing)

S3 stllssvr - "c:\program files\common files\surething shared\stllssvr.exe" <Not Verified; MicroVision Development, Inc.; SureThing CD Labeler>

 

 

-- Device Manager: Disabled ----------------------------------------------------

 

No disabled devices found.

 

 

-- Scheduled Tasks -------------------------------------------------------------

 

2008-04-18 17:34:01 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job

 

 

-- Files created between 2008-04-01 and 2008-05-01 -----------------------------

 

2008-05-01 15:31:10 55871 --a------ C:\Documents and Settings\caroline\gpqxfvie.exe

2008-04-30 20:16:31 0 d-------- C:\Documents and Settings\Administrator\Application Data\Macromedia

2008-04-30 20:14:53 0 d-------- C:\Documents and Settings\Administrator\Application Data\Mozilla

2008-04-30 20:14:26 55871 --a------ C:\Documents and Settings\Administrator\gpqxfvie.exe

2008-04-30 20:05:54 0 d-------- C:\WINDOWS\LastGood

2008-04-30 08:58:59 107072 --a------ C:\WINDOWS\system32\feyrduba.dll

2008-04-30 08:56:05 97856 --a------ C:\WINDOWS\system32\yxgyrnqu.dll

2008-04-30 08:55:59 104512 --a------ C:\WINDOWS\system32\hnywckwv.dll

2008-04-29 09:00:38 108608 --a------ C:\WINDOWS\system32\crunomya.dll

2008-04-29 08:54:38 104000 --a------ C:\WINDOWS\system32\efjbtxlx.dll

2008-04-28 22:52:21 6792 --a------ C:\WINDOWS\system32\tmp.reg

2008-04-28 22:51:56 25600 --a------ C:\WINDOWS\system32\WS2Fix.exe

2008-04-28 22:51:56 289144 --a------ C:\WINDOWS\system32\VCCLSID.exe <Not Verified; S!Ri; >

2008-04-28 22:51:56 86528 --a------ C:\WINDOWS\system32\VACFix.exe <Not Verified; S!Ri.URZ; VACFix>

2008-04-28 22:51:56 288417 --a------ C:\WINDOWS\system32\SrchSTS.exe <Not Verified; S!Ri; SrchSTS>

2008-04-28 22:51:56 53248 --a------ C:\WINDOWS\system32\Process.exe <Not Verified; http://www.beyondlogic.org; Command Line Process Utility>

2008-04-28 22:51:56 82944 --a------ C:\WINDOWS\system32\IEDFix.exe <Not Verified; S!Ri.URZ; IEDFix>

2008-04-28 22:51:56 51200 --a------ C:\WINDOWS\system32\dumphive.exe

2008-04-28 22:51:56 82944 --a------ C:\WINDOWS\system32\404Fix.exe <Not Verified; S!Ri.URZ; IEDFix>

2008-04-28 22:51:55 0 d-------- C:\Documents and Settings\caroline\SmitfraudFix <SMITFR~1>

2008-04-28 17:46:21 0 d-------- C:\WINDOWS\ERUNT

2008-04-28 08:59:22 107072 --a------ C:\WINDOWS\system32\nnlnvdbi.dll

2008-04-28 08:56:22 94784 --a------ C:\WINDOWS\system32\itswxieu.dll

2008-04-28 08:53:22 105024 --a------ C:\WINDOWS\system32\sqcdoepr.dll

2008-04-27 08:58:11 95808 --a------ C:\WINDOWS\system32\ialolpmm.dll

2008-04-27 08:55:11 107072 --a------ C:\WINDOWS\system32\dwvghsfm.dll

2008-04-27 08:52:11 106048 --a------ C:\WINDOWS\system32\swrumctv.dll

2008-04-26 11:06:49 0 d--hs---- C:\BortMedVirus

2008-04-26 11:06:44 0 d-------- C:\Documents and Settings\caroline\Application Data\Help

2008-04-26 11:06:38 0 d-------- C:\Documents and Settings\caroline\Application Data\BortMedVirus

2008-04-26 10:56:33 46592 --a------ C:\WINDOWS\system32\drivers\dhlp.sys

2008-04-26 10:56:29 0 d-------- C:\WINDOWS\system32\Engines

2008-04-26 10:56:26 0 d-------- C:\Program Files\Common Files\BortMedVirus

2008-04-26 10:56:26 0 d-------- C:\Program Files\BortMedVirus

2008-04-26 08:59:58 96320 --a------ C:\WINDOWS\system32\ronqoeix.dll

2008-04-26 08:56:58 107072 --a------ C:\WINDOWS\system32\sjxaqedc.dll

2008-04-26 08:53:58 105536 --a------ C:\WINDOWS\system32\ridbsavj.dll

2008-04-25 18:49:20 0 d-------- C:\Documents and Settings\Administrator\Application Data\Grisoft

2008-04-25 18:46:34 0 d--h----- C:\Documents and Settings\Administrator\Templates

2008-04-25 18:46:34 0 dr------- C:\Documents and Settings\Administrator\Start Menu

2008-04-25 18:46:34 0 dr-h----- C:\Documents and Settings\Administrator\SendTo

2008-04-25 18:46:34 0 d--h----- C:\Documents and Settings\Administrator\Recent

2008-04-25 18:46:34 0 d--h----- C:\Documents and Settings\Administrator\PrintHood

2008-04-25 18:46:34 0 d--h----- C:\Documents and Settings\Administrator\NetHood

2008-04-25 18:46:34 0 d-------- C:\Documents and Settings\Administrator\My Documents

2008-04-25 18:46:34 0 d--h----- C:\Documents and Settings\Administrator\Local Settings

2008-04-25 18:46:34 0 d-------- C:\Documents and Settings\Administrator\Favorites

2008-04-25 18:46:34 0 d-------- C:\Documents and Settings\Administrator\Desktop

2008-04-25 18:46:34 0 d---s---- C:\Documents and Settings\Administrator\Cookies

2008-04-25 18:46:34 0 dr-h----- C:\Documents and Settings\Administrator\Application Data

2008-04-25 18:46:34 0 d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft

2008-04-25 18:46:34 0 d-------- C:\Documents and Settings\Administrator\Application Data\Desperate Housewives

2008-04-25 18:46:33 786432 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT

2008-04-25 13:15:27 409600 --a------ C:\WINDOWS\system32\wrap_oal.dll <Not Verified; Creative Labs; Creative Labs OpenAL32>

2008-04-25 13:04:25 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard

2008-04-25 12:45:58 0 d-------- C:\Program Files\Spyware Doctor

2008-04-25 08:59:53 100416 --a------ C:\WINDOWS\system32\ewtbmokv.dll

2008-04-25 08:56:53 88640 --a------ C:\WINDOWS\system32\jrxatswl.dll

2008-04-25 08:53:53 96320 --a------ C:\WINDOWS\system32\xwvqewce.dll

2008-04-24 22:45:50 0 d-------- C:\Documents and Settings\caroline\Application Data\Grisoft

2008-04-24 22:45:39 0 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft

2008-04-24 08:56:28 89152 --a------ C:\WINDOWS\system32\rifriayx.dll

2008-04-24 08:53:28 93248 --a------ C:\WINDOWS\system32\qiyrwnsh.dll

2008-04-24 08:51:07 95808 --a------ C:\WINDOWS\system32\hfermkpl.dll

2008-04-24 08:50:28 178 --ahs---- C:\WINDOWS\system32\xHOVyyxx.ini2

2008-04-24 08:50:26 272384 --a------ C:\WINDOWS\system32\xxyyVOHx.VIR

2008-04-23 00:40:30 272320 --a------ C:\WINDOWS\system32\vtUopMee.dll

2008-04-22 20:59:44 0 d-------- C:\Program Files\Common Files\Application

2008-04-22 20:59:10 0 d-------- C:\Program Files\SPYWAREfighter

2008-04-22 20:42:59 0 d-------- C:\Documents and Settings\caroline\Application Data\tryggdator

2008-04-22 20:28:55 0 dr------- C:\Documents and Settings\All Users\Application Data\tryggdator

2008-04-22 20:28:52 0 dr------- C:\Documents and Settings\All Users\Application Data\SalesMon

2008-04-22 20:28:40 0 d-------- C:\Program Files\Common Files\TryggDator

2008-04-22 20:28:34 0 d-------- C:\Program Files\TryggDator

2008-04-22 19:28:34 0 d-------- C:\Program Files\XP Antivirus

2008-04-22 18:05:52 39936 --a------ C:\WINDOWS\system32\opnOiIXo.dll

2008-04-22 18:05:28 39936 --a------ C:\WINDOWS\system32\ljJbAsqn.dll

2008-04-22 18:01:28 39936 --a------ C:\WINDOWS\system32\awtussqn.dll

2008-04-22 10:21:00 0 d-------- C:\Documents and Settings\caroline\Application Data\TmpRecentIcons

2008-04-22 09:10:49 0 d-------- C:\Program Files\VirusIsolator

2008-04-22 08:58:01 4096 --a------ C:\WINDOWS\userconfig9x.dll

2008-04-22 08:58:01 4096 --a------ C:\WINDOWS\system32\winlogonpc.exe

2008-04-22 08:58:01 4096 --a------ C:\WINDOWS\system32\temp#01.exe

2008-04-22 08:58:01 4096 --a------ C:\WINDOWS\system32\taack.exe

2008-04-22 08:58:01 4096 --a------ C:\WINDOWS\system32\taack.dat

2008-04-22 08:58:01 4096 --a------ C:\WINDOWS\system32\ssvchost.exe

2008-04-22 08:58:01 4096 --a------ C:\WINDOWS\system32\ssvchost.com

2008-04-22 08:58:01 4096 --a------ C:\WINDOWS\system32\ssurf022.dll

2008-04-22 08:58:01 4096 --a------ C:\WINDOWS\system32\sncntr.exe

2008-04-22 08:58:01 0 d-------- C:\WINDOWS\system32\smp

2008-04-22 08:58:01 4096 --a------ C:\WINDOWS\system32\regm64.dll

2008-04-22 08:58:01 4096 --a------ C:\WINDOWS\system32\regc64.dll

2008-04-22 08:58:01 4096 --a------ C:\WINDOWS\system32\psoft1.exe

2008-04-22 08:58:01 4096 --a------ C:\WINDOWS\system32\psof1.exe

2008-04-22 08:58:01 4096 --a------ C:\WINDOWS\system32\ps1.exe

2008-04-22 08:58:01 4096 --a------ C:\WINDOWS\system32\netode.exe

2008-04-22 08:58:01 4096 --a------ C:\WINDOWS\system32\mwin32.exe

2008-04-22 08:58:01 4096 --a------ C:\WINDOWS\system32\mtr2.exe

2008-04-22 08:58:01 4096 --a------ C:\WINDOWS\system32\msnbho.dll

2008-04-22 08:58:01 4096 --a------ C:\WINDOWS\system32\msgp.exe

2008-04-22 08:58:01 4096 --a------ C:\WINDOWS\system32\medup020.dll

2008-04-22 08:58:01 4096 --a------ C:\WINDOWS\system32\medup012.dll

2008-04-22 08:58:01 4096 --a------ C:\WINDOWS\system32\hxiwlgpm.exe

2008-04-22 08:58:01 4096 --a------ C:\WINDOWS\system32\hxiwlgpm.dat

2008-04-22 08:58:01 4096 --a------ C:\WINDOWS\system32\hoproxy.dll

2008-04-22 08:58:01 4096 --a------ C:\WINDOWS\system32\h@tkeysh@@k.dll

2008-04-22 08:58:01 4096 --a------ C:\WINDOWS\system32\dpcproxy.exe

2008-04-22 08:58:01 4096 --a------ C:\WINDOWS\system32\bsva-egihsg52.exe

2008-04-22 08:58:01 4096 --a------ C:\WINDOWS\FVProtect.exe

2008-04-22 08:58:01 4096 --a------ C:\WINDOWS\a.bat

2008-04-22 08:58:01 0 d-------- C:\Program Files\Inet Delivery

2008-04-22 08:58:00 4096 --a------ C:\WINDOWS\winsystem.exe

2008-04-22 08:58:00 4096 --a------ C:\WINDOWS\system32\WINWGPX.EXE

2008-04-22 08:58:00 4096 --a------ C:\WINDOWS\system32\vcatchpi.dll

2008-04-22 08:58:00 4096 --a------ C:\WINDOWS\system32\vbsys2.dll

2008-04-22 08:58:00 4096 --a------ C:\WINDOWS\system32\thun32.dll

2008-04-22 08:58:00 4096 --a------ C:\WINDOWS\system32\thun.dll

2008-04-22 08:58:00 4096 --a------ C:\WINDOWS\system32\sysreq.exe

2008-04-22 08:58:00 4096 --a------ C:\WINDOWS\system32\Rundl1.exe

2008-04-22 08:58:00 4096 --a------ C:\WINDOWS\system32\newsd32.exe

2008-04-22 08:58:00 4096 --a------ C:\WINDOWS\system32\mssecu.exe

2008-04-22 08:58:00 4096 --a------ C:\WINDOWS\system32\emesx.dll

2008-04-22 08:58:00 4096 --a------ C:\WINDOWS\system32\bdn.com

2008-04-22 08:58:00 4096 --a------ C:\WINDOWS\system32\awtoolb.dll

2008-04-22 08:58:00 4096 --a------ C:\WINDOWS\system32\anticipator.dll

2008-04-22 08:58:00 4096 --a------ C:\WINDOWS\system32\akttzn.exe

2008-04-22 08:58:00 4096 --a------ C:\WINDOWS\mssecu.exe

2008-04-22 08:58:00 0 d-------- C:\WINDOWS\mslagent

2008-04-22 08:58:00 4096 --a------ C:\WINDOWS\bdn.com

2008-04-22 08:57:49 0 d-------- C:\Documents and Settings\All Users\Application Data\laxyhuve

2008-04-22 08:55:29 39936 --a------ C:\WINDOWS\system32\opnlLDwU.dll

2008-04-21 21:33:56 0 d-------- C:\Program Files\DAEMON Tools Lite

2008-04-21 21:10:49 717296 --a------ C:\WINDOWS\system32\drivers\sptd.sys

2008-04-21 21:10:44 0 d-------- C:\Documents and Settings\caroline\Application Data\DAEMON Tools

2008-04-21 18:43:49 0 d-------- C:\Program Files\NeroInstall.bak

2008-04-21 18:42:04 0 d-------- C:\Documents and Settings\caroline\Application Data\Nero

2008-04-21 18:39:16 0 d-------- C:\Program Files\Nero

2008-04-21 18:39:16 0 d-------- C:\Program Files\Common Files\Nero

2008-04-21 18:39:16 0 d-------- C:\Documents and Settings\All Users\Application Data\Nero

2008-04-21 17:46:44 0 d-------- C:\Documents and Settings\caroline\Application Data\ImgBurn

2008-04-21 17:43:21 0 d-------- C:\Program Files\ImgBurn

2008-04-21 15:20:49 207745 --ahs---- C:\WINDOWS\system32\iQYJQXyb.ini2

2008-04-20 23:59:44 0 d-------- C:\Program Files\IZArc

2008-04-20 17:21:54 0 d-------- C:\Program Files\Red Mile Entertainment

2008-04-20 16:54:52 0 d-------- C:\spel

2008-04-20 15:26:33 37888 --a------ C:\WINDOWS\system32\khfDvsQh.dll

2008-04-18 21:03:40 6454 --ahs---- C:\WINDOWS\system32\wFOpWvut.ini2

2008-04-18 16:49:05 0 d-------- C:\WINDOWS\system32\wTmp

2008-04-18 16:49:05 0 d-------- C:\WINDOWS\system32\le2

2008-04-18 16:49:05 0 d-------- C:\WINDOWS\system32\IBn

2008-04-18 16:49:03 0 d-------- C:\WINDOWS\system32\xcsDd18

2008-04-18 16:49:03 0 d-------- C:\Temp

2008-04-18 16:48:58 37888 --a------ C:\WINDOWS\system32\byXrroOE.dll

2008-04-18 16:44:36 0 d-------- C:\Documents and Settings\LocalService\My Documents

2008-04-18 16:44:08 147456 --a------ C:\WINDOWS\system32\vbzip10.dll <Not Verified; Info-ZIP; Info-ZIP's WiZ>

2008-04-18 16:43:54 0 d-------- C:\Documents and Settings\LocalService\Application Data\Adobe

2008-04-12 15:42:21 0 d-------- C:\Program Files\Avira

2008-04-12 15:42:21 0 d-------- C:\Documents and Settings\All Users\Application Data\Avira

2008-04-12 15:32:18 0 d-------- C:\Documents and Settings\caroline\Application Data\PC Tools

2008-04-12 15:31:35 0 dr-h----- C:\Documents and Settings\caroline\Recent

2008-04-12 15:30:42 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP

2008-04-12 15:30:34 0 d-------- C:\Program Files\Common Files\PC Tools

2008-04-12 15:30:30 0 d-------- C:\Program Files\PC Tools AntiVirus

2008-04-12 15:30:30 0 d-------- C:\Documents and Settings\All Users\Application Data\PC Tools

 

 

-- Find3M Report ---------------------------------------------------------------

 

2008-05-01 15:01:19 664 --a------ C:\WINDOWS\system32\d3d9caps.dat

2008-04-29 17:29:20 0 d-------- C:\Documents and Settings\caroline\Application Data\Adobe

2008-04-26 10:56:26 0 d-------- C:\Program Files\Common Files

2008-04-25 15:11:20 0 d-------- C:\Program Files\LimeWire

2008-04-25 13:15:27 114688 --a------ C:\WINDOWS\system32\OpenAL32.dll <Not Verified; Portions © Creative Labs Inc. and NVIDIA Corp.; Standard OpenAL Library>

2008-04-25 13:14:05 0 d-------- C:\Program Files\PAN Vision

2008-04-21 18:00:56 0 d-------- C:\Program Files\SlySoft

2008-04-20 15:30:32 0 d-------- C:\Documents and Settings\caroline\Application Data\LimeWire

2008-04-18 17:05:52 98304 --a------ C:\WINDOWS\system32\CmdLineExt.dll <Not Verified; Sony DADC Austria AG.; >

2008-04-12 13:45:49 0 d-------- C:\Program Files\Hewlett-Packard

2008-03-27 20:29:25 0 d-------- C:\Program Files\Java

2008-03-27 20:28:20 0 d-------- C:\Program Files\Common Files\Java

2008-03-24 19:00:32 0 d-------- C:\Documents and Settings\caroline\Application Data\Opera

2008-03-24 00:28:52 0 d-------- C:\Program Files\Common Files\Adobe

2008-03-23 23:41:16 0 d-------- C:\Documents and Settings\caroline\Application Data\Roxio

2008-03-21 16:14:07 0 d-------- C:\Documents and Settings\caroline\Application Data\Uniblue

2008-03-21 16:13:59 0 d-------- C:\Program Files\Uniblue

2008-03-21 16:01:45 0 d-------- C:\Program Files\Ubisoft

2008-03-21 00:09:42 0 d-------- C:\Program Files\MessengerPlus! 3

2008-03-21 00:05:24 0 d-------- C:\Program Files\Messenger Plus! Live

2008-03-20 14:30:50 0 d-------- C:\Program Files\Microsoft Games

2008-03-18 14:57:51 0 d-------- C:\Program Files\Mindscape

2008-03-13 22:56:35 0 d-------- C:\Documents and Settings\caroline\Application Data\Notepad++

2008-03-13 22:55:56 0 d-------- C:\Program Files\Chord Pickout

2008-03-08 16:15:35 0 d-------- C:\Documents and Settings\caroline\Application Data\Atari

2008-03-08 16:15:09 0 d-------- C:\Program Files\Common Files\PocketSoft

2008-03-08 16:12:48 0 d--h----- C:\Program Files\InstallShield Installation Information

2008-03-08 16:12:46 0 d-------- C:\Program Files\Atari

2008-03-03 20:26:47 0 d-------- C:\Program Files\Trend Micro

2008-03-03 00:21:23 0 d-------- C:\Program Files\Windows Live

2008-03-03 00:20:58 0 d--hs--c- C:\Program Files\Common Files\WindowsLiveInstaller

2008-02-03 19:46:56 33760 --a------ C:\Documents and Settings\caroline\Application Data\GDIPFONTCACHEV1.DAT

 

 

-- Registry Dump ---------------------------------------------------------------

 

*Note* empty entries & legit default entries are not shown

 

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{40d3cde0-5262-4cf3-a8ba-18c21477f76a}]

2008-04-30 08:58 107072 --a------ C:\WINDOWS\system32\feyrduba.dll

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{623B6C68-B4D9-4C1B-A789-B378B48D229B}]

C:\WINDOWS\system32\xxyyVOHx.dll

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{70CF0E53-42F0-4640-A672-52B14214439E}]

C:\WINDOWS\system32\byXQJYQi.dll

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EE5A1465-1E73-4784-8F63-45983FDF0DB8}]

2008-04-18 16:48 37888 --a------ C:\WINDOWS\system32\byXrroOE.dll

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NVMixerTray"="C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe" [2004-06-03 20:51]

"D-Link AirPlus G"="C:\Program Files\D-Link\AirPlus G\AirGCFG.exe" [2005-11-23 15:04]

"ANIWZCS2Service"="C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2005-10-19 18:19]

"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-11-11 07:47]

"nwiz"="nwiz.exe" [2005-11-11 07:47 C:\WINDOWS\system32\nwiz.exe]

"RoxWatchTray"="C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2006-08-10 12:10]

"DMXLauncher"="C:\Program Files\Roxio\Media Experience\DMXLauncher.exe" [2006-08-14 01:07]

"RoxioDragToDisc"="C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe" [2006-07-31 09:00]

"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2005-11-11 07:47]

"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 03:07 C:\WINDOWS\system32\bthprops.cpl]

"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 16:50]

"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 16:50]

"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 07:24]

"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-09-26 15:42]

"PinnacleDriverCheck"="C:\WINDOWS\system32\PSDrvCheck.exe" [2004-03-10 17:26]

"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16]

"MessengerPlus3"="C:\Program Files\MessengerPlus! 3\MsgPlus.exe" [2008-03-21 00:09]

"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25]

"PCTAVApp"="C:\Program Files\PC Tools AntiVirus\PCTAV.exe" [2008-03-05 09:37]

"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-04-17 14:58]

"CloneCDTray"="C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" [2006-09-28 21:21]

"NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [2008-02-28 09:59]

"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-02-18 16:29]

"ucookw"="C:\PROGRA~1\TRYGGD~1\ucookw.exe" []

"spywarefighterguard"="C:\Program Files\SPYWAREfighter\spftray.exe" [2008-02-21 15:37]

"KernelFaultCheck"="C:\WINDOWS\system32\dumprep 0 -k" []

"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-03-29 19:37]

"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 11:25]

"ISTray"="C:\Program Files\Spyware Doctor\pctsTray.exe" [2008-02-01 11:55]

"BortMedVirus"="C:\Program Files\BortMedVirus\pgs.exe" [2008-02-14 16:48]

"bm(1)"="C:\Program Files\Common Files\BortMedVirus\bm.exe" [2007-12-20 20:12]

"SDFix"="C:\SDFix\RunThis.bat /second" []

"BMa7969f8e"="C:\WINDOWS\system32\hnywckwv.dll" [2008-04-30 08:55]

"a4a5ac12"="C:\WINDOWS\system32\yxgyrnqu.dll" [2008-04-30 08:56]

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 03:07]

"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 12:35]

"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-10-27 13:08]

"MessengerPlus3"="C:\Program Files\MessengerPlus! 3\MsgPlus.exe" [2008-03-21 00:09]

"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2008-02-28 17:07]

"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-04-01 11:39]

"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 18:24]

"arjnyorp"="C:\WINDOWS\system32\doxefura.exe" []

"e©ùýùÇûï×óÎØøøÁøôóÊýÛñûöÞó"="C:\Program Files\XP Antivirus\xpa.exe" [2008-04-22 19:28]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce]

"SDFix"=C:\SDFix\RunThis.bat /second

 

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]

"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t

 

C:\Documents and Settings\caroline\Start Menu\Programs\StartupAdobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2008-02-12 22:54:03]

 

C:\Documents and Settings\All Users\Start Menu\Programs\StartupAdobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2008-02-12 22:54:03]

BTTray.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2004-11-29 19:55:44]

Picture Package Menu.lnk - C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe [2007-10-29 13:05:49]

Picture Package VCD Maker.lnk - C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe [2007-10-29 13:05:47]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]

"{EE5A1465-1E73-4784-8F63-45983FDF0DB8}"= C:\WINDOWS\system32\byXrroOE.dll [2008-04-18 16:48 37888]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\byXrroOE]

byXrroOE.dll 2008-04-18 16:48 37888 C:\WINDOWS\system32\byXrroOE.dll

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

"Authentication Packages"= msv1_0 C:\WINDOWS\system32\xxyyVOHx

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice"

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice"

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

bthsvcs BthServ

 

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]

AutoRun\command- D:\setup.exe

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{908bbcf2-bfaf-11dc-a40c-000ea132e704}]

Auto\command- H:\Start.exe

AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Start.exe

 

 

 

 

-- End of Deckard's System Scanner: finished at 2008-05-01 15:57:22 ------------

[/log]

 

 

och så för extra.txt

 

[log]Deckard's System Scanner v20071014.68

Extra logfile - please post this as an attachment with your post.

--------------------------------------------------------------------------------

 

-- System Information ----------------------------------------------------------

 

Microsoft Windows XP Professional (build 2600) SP 2.0

Architecture: X86; Language: English

 

CPU 0: AMD Athlon XP 2500+

Percentage of Memory in Use: 23%

Physical Memory (total/avail): 1535.48 MiB / 1181.5 MiB

Pagefile Memory (total/avail): 3434.23 MiB / 3130.65 MiB

Virtual Memory (total/avail): 2047.88 MiB / 1925.75 MiB

 

A: is Removable (No Media)

C: is Fixed (NTFS) - 298.08 GiB total, 251.47 GiB free.

D: is CDROM (CDFS)

E: is Fixed (NTFS) - 51.16 GiB total, 45.26 GiB free.

F: is Fixed (NTFS) - 51.13 GiB total, 49.42 GiB free.

G: is Fixed (NTFS) - 46.74 GiB total, 25.34 GiB free.

H: is CDROM (No Media)

I: is CDROM (No Media)

J: is CDROM (No Media)

K: is CDROM (No Media)

 

\\.\PHYSICALDRIVE0 - ST3160212A - 149.05 GiB - 3 partitions

\PARTITION0 - Installable File System - 51.16 GiB - E:

\PARTITION1 - Extended w/Extended Int 13 - 97.88 GiB - F: - G:

 

\\.\PHYSICALDRIVE1 - SAMSUNG HD321KJ SCSI Disk Device - 298.09 GiB - 1 partition

\PARTITION0 (bootable) - Installable File System - 298.08 GiB - C:

 

 

 

-- Security Center -------------------------------------------------------------

 

AUOptions is scheduled to auto-install.

Windows Internal Firewall is enabled.

 

FirstRunDisabled is set.

 

AV: PC Tools AntiVirus 4.0.0.26 v4.0.0.26 (PC Tools Research Pty Ltd)

AV: Avira AntiVir PersonalEdition v8.0.1.15 (Avira GmbH)

AV: avast! antivirus 4.8.1169 [VPS 080501-0] v4.8.1169 (ALWIL Software)

 

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"

"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

 

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"

"C:\\Program Files\\Mozilla Firefox\\firefox.exe"="C:\\Program Files\\Mozilla Firefox\\firefox.exe:*:Enabled:Firefox"

"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"

"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"

"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"

"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

"C:\\Documents and Settings\\caroline\\gpqxfvie.exe"="C:\\Documents and Settings\\caroline\\gpqxfvie.exe:*:Enabled:Flash Media"

 

 

-- Environment Variables -------------------------------------------------------

 

ALLUSERSPROFILE=C:\Documents and Settings\All Users

APPDATA=C:\Documents and Settings\caroline\Application Data

CLASSPATH=.;C:\Program Files\QuickTime\QTSystem\QTJava.zip

CLIENTNAME=Console

CommonProgramFiles=C:\Program Files\Common Files

COMPUTERNAME=MC-HEMMA

ComSpec=C:\WINDOWS\system32\cmd.exe

FP_NO_HOST_CHECK=NO

HOMEDRIVE=C:

HOMEPATH=\Documents and Settings\caroline

LOGONSERVER=\\MC-HEMMA

NUMBER_OF_PROCESSORS=1

OS=Windows_NT

Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\wbem;C:\Program Files\Common Files\Roxio Shared\DLLShared;C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared;C:\Program Files\QuickTime\QTSystem;C:\Program Files\Common Files\Adobe\AGL;;C:\PROGRA~1\COMMON~1\MUVEET~1\030625

PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH

PROCESSOR_ARCHITECTURE=x86

PROCESSOR_IDENTIFIER=x86 Family 6 Model 10 Stepping 0, AuthenticAMD

PROCESSOR_LEVEL=6

PROCESSOR_REVISION=0a00

ProgramFiles=C:\Program Files

PROMPT=$P$G

QTJAVA=C:\Program Files\QuickTime\QTSystem\QTJava.zip

RoxioCentral=C:\Program Files\Common Files\Roxio Shared\9.0\Roxio Central33SAFEBOOT_OPTION=NETWORK

SESSIONNAME=Console

SystemDrive=C:

SystemRoot=C:\WINDOWS

TEMP=C:\DOCUME~1\caroline\LOCALS~1\Temp

TMP=C:\DOCUME~1\caroline\LOCALS~1\Temp

USERDOMAIN=MC-HEMMA

USERNAME=caroline

USERPROFILE=C:\Documents and Settings\caroline

windir=C:\WINDOWS

 

 

-- User Profiles ---------------------------------------------------------------

 

thomas (admin)

caroline (admin)

marie (admin)

Administrator (admin)

 

 

-- Add/Remove Programs ---------------------------------------------------------

 

--> C:\Program Files\Nero\Nero8\\nero\uninstall\UNNERO.exe /UNINSTALL

--> C:\Program Files\PC Tools AntiVirus\unins000.exe /LOG

--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {637099FB-45FD-4BC7-9651-6FB540DBB749}

--> C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL

--> C:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL

--> C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL

--> C:\WINDOWS\UNNeroVision.exe /UNINSTALL

--> C:\WINDOWS\UNRecode.exe /UNINSTALL

--> MsiExec.exe /I{0394CDC8-FABD-4ed8-B104-03393876DFDF}

--> MsiExec.exe /I{0D330013-4A99-46D6-83C6-2C959C68DBFF}

--> MsiExec.exe /I{0D397393-9B50-4c52-84D5-77E344289F87}

--> MsiExec.exe /I{11F93B4B-48F0-4A4E-AE77-DFA96A99664B}

--> MsiExec.exe /I{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}

--> MsiExec.exe /I{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}

--> MsiExec.exe /I{637099FB-45FD-4BC7-9651-6FB540DBB749}

--> MsiExec.exe /I{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}

--> MsiExec.exe /I{83FFCFC7-88C6-41c6-8752-958A45325C82}

--> MsiExec.exe /I{880AF49C-34F7-4285-A8AD-8F7A3D1C33DC}

--> MsiExec.exe /I{8D337F77-BE7F-41A2-A7CB-D5A63FD7049B}

--> MsiExec.exe /I{AC0EE5B0-A8FB-4D0A-AF03-2EDC518F841B}

--> MsiExec.exe /I{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}

--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf

Adobe Bridge 1.0 --> MsiExec.exe /I{B74D4E10-6884-0000-0000-000000000101}

Adobe Common File Installer --> MsiExec.exe /I{8EDBA74D-0686-4C99-BFDD-F894678E5102}

Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe

Adobe Flash Player Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe

Adobe Help Center 1.0 --> MsiExec.exe /I{E9787678-551D-4478-9682-DBB587257110}

Adobe Photoshop CS --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EFB21DE7-8C19-4A88-BB28-A766E16493BC}\setup.exe" -l0x9

Adobe Photoshop CS2 --> msiexec /I {236BB7C4-4419-42FD-041D-1E257A25E34D}

Adobe Reader 8.1.2 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}

Adobe Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log

Adobe Stock Photos 1.0 --> MsiExec.exe /I{786C5747-1437-443D-B06E-79A00FE45110}

Age of Mythology --> "C:\Program Files\Microsoft Games\Age of Mythology\UNINSTAL.EXE" /runtemp /addremove

AirPlus G --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\10\INTEL3~1\IDriver.exe /M{2B7E4354-0492-460A-BDB1-1F59EE141025} /l1033

ANIO Service --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7B5CE976-C7A9-4E38-A7F3-6C8EF025DD8E}\Setup.exe"

ANIWZCS2 Service --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4C590030-7469-453E-8589-D15DA9D03F52}\Setup.exe"

Apple Mobile Device Support --> MsiExec.exe /I{3EBD3749-304E-4A4C-9575-C00E5F015217}

Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}

Arvet från Rosemond Hill --> C:\WINDOWS\IsUn041d.exe -f"C:\Program Files\Twister\Arvet från Rosemond Hill\Uninst.isu"

avast! Antivirus --> C:\Program Files\Alwil Software\Avast4\aswRunDll.exe "C:\Program Files\Alwil Software\Avast4\Setup\setiface.dll",RunSetup

AVG Anti-Spyware 7.5 --> C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Uninstall.exe

Avira AntiVir Personal – Free Antivirus --> C:\Program Files\Avira\AntiVir PersonalEdition Classic\SETUP.EXE /REMOVE

Best Friends --> C:\Program Files\Best Friends\Uninstall.exe

BortMedVirus 2.2.362.4 --> "C:\Program Files\BortMedVirus\unins000.exe"

CCleaner (remove only) --> "C:\Program Files\CCleaner\uninst.exe"

Chord Pickout 1.6 --> C:\Program Files\Chord Pickout\uninst.exe

CloneCD --> "C:\Program Files\SlySoft\CloneCD\ccd-uninst.exe" /D="C:\Program Files\SlySoft\CloneCD"

Desperate Housewives --> C:\Program Files\InstallShield Installation Information\{D41922D2-8272-48EE-B863-BE7EFF34A362}\setup.exe -runfromtemp -l0x0009Desperate Housewives -removeonly

Digimax Master --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AEC0CEBC-0FC7-4716-8222-1C4A742719B1}\Setup.exe" -l0x9 -removeonly

DivX --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC

Equestrian Challenge --> C:\Program Files\Red Mile Entertainment\Equestrian Challenge\uninst.exe

First Step Guide --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5EC786D5-C0CA-42E0-AF88-5379EF9D91EC}\setup.exe" -l0x1d UNINSTALL

Glosläxa 1.6.20 --> "C:\Program Files\Glosläxa\unins000.exe"

Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar2.dll"

HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall

ImageMixer VCD2 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F8C6BABF-0837-4EA0-AD6C-8E5A392A7538}\setup.exe" -l0x1d UNINSTALL

ImgBurn --> "C:\Program Files\ImgBurn\uninstall.exe"

IMVU Avatar Chat Software --> C:\Program Files\IMVU\Uninstall.exe

InterActual Player --> C:\Program Files\InterActual\InterActual Player\inuninst.exe

iTunes --> MsiExec.exe /I{B045B608-4A47-4C77-9EAD-06C394503306}

IZArc 3.81 --> "C:\Program Files\IZArc\unins000.exe"

Java 6 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}

LimeWire 4.14.10 --> "C:\Program Files\LimeWire\uninstall.exe"

Macromedia Flash Player --> MsiExec.exe /X{0456ebd7-5f67-4ab6-852e-63781e3f389c}

Messenger Plus! 3 --> "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /Remove

Messenger Plus! Live --> "C:\Program Files\Messenger Plus! Live\Uninstall.exe"

Microsoft Office Word Viewer 2003 --> MsiExec.exe /I{90850409-6000-11D3-8CFE-0150048383C9}

Microsoft Office XP Professional with FrontPage --> MsiExec.exe /I{90280409-6000-11D3-8CFE-0050048383C9}

Microsoft Windows Script 5.7 --> "C:\WINDOWS\$NtUninstallscripten$\spuninst\spuninst.exe"

Min djurskola (remove only) --> C:\Program Files\Mindscape\Min djurskola\Uninstall.exe

Min Första Ponny --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4389B230-EED4-4377-BD52-509E9DE8579C}\SETUP.EXE" -l0x1d

Mitt Stuteri --> C:\Program Files\MyEstate\Uninstall.exe

Mozilla Firefox (2.0.0.14) --> C:\PROGRA~1\Mozilla Firefox\uninstall\helper.exe

MSN --> C:\Program Files\MSN\MsnInstaller\msninst.exe /Action:ARP

MSXML4 Parser --> MsiExec.exe /I{01501EBA-EC35-4F9F-8889-3BE346E5DA13}

MusiTag LunarStorm --> MsiExec.exe /I{01B69FEC-C2E0-4FC0-95EA-E1A3571005C6}

My Horse and Me --> "C:\Program Files\InstallShield Installation Information\{6B86AB79-5FC2-4746-94D7-9CA8D3C91170}\setup.exe" -runfromtemp -l0x041d -removeonly

My Horse and Me --> MsiExec.exe /I{6B86AB79-5FC2-4746-94D7-9CA8D3C91170}

Nero 8 Trial --> MsiExec.exe /X{D6D5CB84-0E6E-4E69-B300-C690B6911033}

neroxml --> MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}

Notepad++ --> C:\Program Files\Notepad++\uninstall.exe

NVIDIA Drivers --> C:\WINDOWS\system32\nvudisp.exe UninstallGUI

NvMixer --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D7A6C517-11F2-419F-B5BB-27772B939698}\Setup.exe" -uninstall

On2 VP3 Video for Windows Codec --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CF59708F-60F4-11D5-866A-00A0D2183227}\Setup.exe" -l0x9

PC Tools AntiVirus4.0 --> "C:\Program Files\PC Tools AntiVirus\unins000.exe"

Picture Package --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1E2F8AE3-3437-44E6-BB75-E95751D6B83F}\setup.exe" -l0x1d UNINSTALL

Pinnacle Hollywood FX for Studio --> C:\WINDOWS\unvise32.exe C:\Program Files\Pinnacle\Hollywood FX for Studio\5.5\uninstal.log

QuickTime --> MsiExec.exe /I{95A890AA-B3B1-44B6-9C18-A8F7AB3EE7FC}

Ride! Next Generation Equitation 1.4 --> "C:\Program Files\PAN Vision\Ride! Next Generation Equitation\unins000.exe"

RollerCoaster Tycoon 3 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{907B4640-266B-4A21-92FB-CD1A86CD0F63}\Setup.exe" -l0x9

Roxio Content 9 --> MsiExec.exe /X{787F2DC2-1699-44FA-A72F-9107166AF9CC}

Roxio Drag-to-Disc --> MsiExec.exe /I{2F4C24E6-CBD4-4AAC-B56F-C9FD44DE5668}

Roxio Easy Media Creator 9 Suite --> MsiExec.exe /I{938B1CD7-7C60-491E-AA90-1F1888168240}

Samsung USB Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7ABE1621-5354-4136-A0EA-0BD9CD900B6B}\Setup.exe"

SightSpeed (remove only) --> "C:\Program Files\SightSpeed\uninst.exe"

SmartSound Quicktracks Plugin --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}

Sony USB Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5C29CB8B-AC1E-4114-8D68-9CD080140D4A}\Setup.exe" UNINSTALL

Spyware Doctor 5.5 --> C:\Program Files\Spyware Doctor\unins000.exe /LOG

SPYWAREfighter --> MsiExec.exe /X{772BD148-E274-495C-BF15-AB9454D57563}

Stjaernryttaren (Uninstall only) --> C:\Program Files\Mindscape\Stjaernryttaren\Uninstall.exe

THE SETTLERS - Heritage of Kings --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8FDC1610-3FB5-4EF2-A0D0-CEDC3A525A25}\setup.exe" -l0x9 -removeonly

TightVNC 1.3.9 --> "C:\Program Files\TightVNC\unins000.exe"

TryggDator 1.4.9.0 --> "C:\Program Files\TryggDator\unins000.exe"

Uniblue RegistryBooster 2 --> "C:\Program Files\Uniblue\RegistryBooster 2\unins000.exe"

USB 2.0 Setup program --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\VIA Technologies, INC.\USB 2.0 Setup program\Uninst.isu"

VCRedistSetup --> MsiExec.exe /I{3921A67A-5AB1-4E48-9444-C71814CF3027}

WIDCOMM Bluetooth Software --> MsiExec.exe /X{3F4EC965-28EF-45C3-B063-04B25D4E9679}

Windows Live inloggningsassistenten --> MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}

Windows Live installer --> MsiExec.exe /X{E17F76BE-50E9-4E7C-ADF6-6D8F44A9C6F3}

Windows Live Messenger --> MsiExec.exe /X{20503DFE-E5B2-491E-B2C5-8BCB5BF5B9E9}

WinRAR --> C:\Program Files\WinRAR\uninstall.exe

Xingtone Ringtone Maker --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{625304B0-2976-473B-AD81-5CA376093F03}\setup.exe" -l0x9 -removeonly

XviD 1.1 final uninstall --> "C:\Program Files\XviD\unins000.exe"

Yahoo! Install Manager --> C:\WINDOWS\system32\regsvr32 /u C:\PROGRA~1\Yahoo!\Common\YINSTH~1.DLL

Yahoo! Toolbar --> C:\PROGRA~1\Yahoo!\Common\unyt.exe

Zoo Tycoon Complete Collection --> "C:\Program Files\Microsoft Games\Zoo Tycoon\UNINSTAL.EXE" /runtemp /addremove

 

 

-- Application Event Log -------------------------------------------------------

 

Event Record #/Type7846 / Warning

Event Submitted/Written: 05/01/2008 03:13:48 PM

Event ID/Source: 4113 / Avira AntiVir

Event Description:

TR/Vundo.GenC:\WINDOWS\system32\xxyyVOHx.VIR

 

Event Record #/Type7843 / Warning

Event Submitted/Written: 05/01/2008 03:11:52 PM

Event ID/Source: 4113 / Avira AntiVir

Event Description:

TR/Vundo.GenC:\WINDOWS\system32\xxyyVOHx.dll

 

Event Record #/Type7842 / Warning

Event Submitted/Written: 05/01/2008 03:11:43 PM

Event ID/Source: 4113 / Avira AntiVir

Event Description:

TR/Vundo.GenC:\WINDOWS\system32\xxyyVOHx.dll

 

Event Record #/Type7841 / Warning

Event Submitted/Written: 05/01/2008 03:11:21 PM

Event ID/Source: 4113 / Avira AntiVir

Event Description:

TR/Vundo.GenC:\WINDOWS\system32\xxyyVOHx.dll

 

Event Record #/Type7839 / Warning

Event Submitted/Written: 05/01/2008 03:10:51 PM

Event ID/Source: 4113 / Avira AntiVir

Event Description:

TR/Agent.37888C:\WINDOWS\system32\byXrroOE.dll

 

 

 

-- Security Event Log ----------------------------------------------------------

 

No Errors/Warnings found.

 

 

-- System Event Log ------------------------------------------------------------

 

Event Record #/Type4960 / Error

Event Submitted/Written: 05/01/2008 03:54:38 PM

Event ID/Source: 7026 / Service Control Manager

Event Description:

The following boot-start or system-start driver(s) failed to load:

Aavmker4

AmdK7

aswSP

AVG Anti-Spyware Driver

avgio

avipbb

ElbyCDIO

Fips

PCLEPCI

ssmdrv

 

Event Record #/Type4959 / Error

Event Submitted/Written: 05/01/2008 03:53:52 PM

Event ID/Source: 10005 / DCOM

Event Description:

DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""

in order to run the server:

{1BE1F766-5536-11D1-B726-00C04FB926AF}

 

Event Record #/Type4944 / Error

Event Submitted/Written: 05/01/2008 03:51:41 PM

Event ID/Source: 10005 / DCOM

Event Description:

DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""

in order to run the server:

{1BE1F766-5536-11D1-B726-00C04FB926AF}

 

Event Record #/Type4941 / Error

Event Submitted/Written: 05/01/2008 03:32:24 PM

Event ID/Source: 7026 / Service Control Manager

Event Description:

The following boot-start or system-start driver(s) failed to load:

Aavmker4

AmdK7

aswSP

AVG Anti-Spyware Driver

avgio

avipbb

ElbyCDIO

Fips

PCLEPCI

ssmdrv

 

Event Record #/Type4940 / Error

Event Submitted/Written: 05/01/2008 03:31:52 PM / 05/01/2008 03:31:53 PM

Event ID/Source: 10005 / DCOM

Event Description:

DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""

in order to run the server:

{1BE1F766-5536-11D1-B726-00C04FB926AF}

 

 

 

-- End of Deckard's System Scanner: finished at 2008-05-01 15:57:22 ------------

 

[/log]

 

[Cecilia]

AV: PC Tools AntiVirus 4.0.0.26 v4.0.0.26 (PC Tools Research Pty Ltd)

AV: Avira AntiVir PersonalEdition v8.0.1.15 (Avira GmbH)

AV: avast! antivirus 4.8.1169 [VPS 080501-0] v4.8.1169 (ALWIL Software)

Du ska bara ha ett antivirusprogram. Om man har flera så är det stor risk för konstiga problem. Så avinstallera två av dem.

 

Avinstallera BortMedVirus också.

 

Det är en fruktansvärt infekterad dator, jag tror aldrig jag har sett så många skadliga filer någonsin i en dator.

 

Ladda ner Avenger på Skrivbordet och packa upp filen där:

http://swandog46.geekstogo.com/avenger2/download.php

 

Kopiera in följande i Anteckningar (använd Markera kod):

Files to delete:
C:\WINDOWS\system32\feyrduba.dll
C:\WINDOWS\system32\byXrroOE.dll
C:\WINDOWS\system32\hnywckwv.dll
C:\WINDOWS\system32\yxgyrnqu.dll
C:\WINDOWS\system32\doxefura.exe
C:\Documents and Settings\caroline\gpqxfvie.exe
C:\Documents and Settings\Administrator\gpqxfvie.exe
C:\WINDOWS\system32\hnywckwv.dll
C:\WINDOWS\system32\crunomya.dll
C:\WINDOWS\system32\efjbtxlx.dll
C:\WINDOWS\system32\nnlnvdbi.dll
C:\WINDOWS\system32\itswxieu.dll
C:\WINDOWS\system32\sqcdoepr.dll
C:\WINDOWS\system32\ialolpmm.dll
C:\WINDOWS\system32\dwvghsfm.dll
C:\WINDOWS\system32\swrumctv.dll
C:\WINDOWS\system32\drivers\dhlp.sys
C:\WINDOWS\system32\ronqoeix.dll
C:\WINDOWS\system32\sjxaqedc.dll
C:\WINDOWS\system32\ridbsavj.dll
C:\WINDOWS\system32\ewtbmokv.dll
C:\WINDOWS\system32\jrxatswl.dll
C:\WINDOWS\system32\xwvqewce.dll
C:\WINDOWS\system32\rifriayx.dll
C:\WINDOWS\system32\qiyrwnsh.dll
C:\WINDOWS\system32\hfermkpl.dll
C:\WINDOWS\system32\xHOVyyxx.ini2
C:\WINDOWS\system32\xxyyVOHx.VIR
C:\WINDOWS\system32\vtUopMee.dll
C:\WINDOWS\system32\opnOiIXo.dll
C:\WINDOWS\system32\ljJbAsqn.dll
C:\WINDOWS\system32\awtussqn.dll
C:\WINDOWS\userconfig9x.dll
C:\WINDOWS\system32\winlogonpc.exe
C:\WINDOWS\system32\temp#01.exe
C:\WINDOWS\system32\taack.exe
C:\WINDOWS\system32\taack.dat
C:\WINDOWS\system32\ssvchost.exe
C:\WINDOWS\system32\ssvchost.com
C:\WINDOWS\system32\ssurf022.dll
C:\WINDOWS\system32\sncntr.exe
C:\WINDOWS\system32\regm64.dll
C:\WINDOWS\system32\regc64.dll
C:\WINDOWS\system32\psoft1.exe
C:\WINDOWS\system32\psof1.exe
C:\WINDOWS\system32\ps1.exe
C:\WINDOWS\system32\netode.exe
C:\WINDOWS\system32\mwin32.exe
C:\WINDOWS\system32\mtr2.exe
C:\WINDOWS\system32\msnbho.dll
C:\WINDOWS\system32\msgp.exe
C:\WINDOWS\system32\medup020.dll
C:\WINDOWS\system32\medup012.dll
C:\WINDOWS\system32\hxiwlgpm.exe
C:\WINDOWS\system32\hxiwlgpm.dat
C:\WINDOWS\system32\hoproxy.dll
C:\WINDOWS\system32\h@tkeysh@@k.dll
C:\WINDOWS\system32\dpcproxy.exe
C:\WINDOWS\system32\bsva-egihsg52.exe
C:\WINDOWS\FVProtect.exe
C:\WINDOWS\a.bat
C:\WINDOWS\winsystem.exe
C:\WINDOWS\system32\WINWGPX.EXE
C:\WINDOWS\system32\vcatchpi.dll
C:\WINDOWS\system32\vbsys2.dll
C:\WINDOWS\system32\thun32.dll
C:\WINDOWS\system32\thun.dll
C:\WINDOWS\system32\sysreq.exe
C:\WINDOWS\system32\Rundl1.exe
C:\WINDOWS\system32\newsd32.exe
C:\WINDOWS\system32\mssecu.exe
C:\WINDOWS\system32\emesx.dll
C:\WINDOWS\system32\bdn.com
C:\WINDOWS\system32\awtoolb.dll
C:\WINDOWS\system32\anticipator.dll
C:\WINDOWS\system32\akttzn.exe
C:\WINDOWS\mssecu.exe
C:\WINDOWS\bdn.com
C:\WINDOWS\system32\opnlLDwU.dll
C:\WINDOWS\system32\iQYJQXyb.ini2
C:\WINDOWS\system32\khfDvsQh.dll
C:\WINDOWS\system32\wFOpWvut.ini2
C:\WINDOWS\system32\byXrroOE.dll

Folders to delete:
C:\PROGRA~1\TRYGGD~1
C:\Program Files\BortMedVirus
C:\Program Files\Common Files\BortMedVirus
C:\Program Files\XP Antivirus
C:\BortMedVirus
C:\Documents and Settings\caroline\Application Data\BortMedVirus
C:\WINDOWS\system32\Engines
C:\Documents and Settings\caroline\Application Data\tryggdator
C:\Documents and Settings\All Users\Application Data\tryggdator
C:\Documents and Settings\All Users\Application Data\SalesMon
C:\Program Files\Common Files\TryggDator
C:\Program Files\TryggDator
C:\Program Files\XP Antivirus
C:\Program Files\VirusIsolator
C:\Program Files\Inet Delivery
C:\WINDOWS\mslagent
C:\Documents and Settings\All Users\Application Data\laxyhuve
C:\WINDOWS\system32\smp
C:\WINDOWS\system32\wTmp
C:\WINDOWS\system32\le2
C:\WINDOWS\system32\IBn
C:\WINDOWS\system32\xcsDd18
C:\Temp

Starta Avenger.

I den stora rutan så klistrar du in texten som finns i Anteckningar.

Bocka i rutan Scan for rootkits om den inte redan är ibockad.

Tryck på Execute för att starta det.

Datorn startar nu om (kanske två gånger). OBS! Starta i normalt läge!

Efter en liten stund så kommer loggen (C:\avenger.txt) upp, klistra in den här.

Klistra in en Deckards-logg (main). Samt om loggen från SDFix kommer upp så klistra in den också (SDFix har inte kunant köra klart eftersom du inte har startat datorn i normalt läge).

 

 

[CSO]

går inte att starta windows i normalt läge. lyckas logga in men precis då loggen kommer upp så dyker det blåa fönstret upp igen :/ kommer alltså inte längre än så... så nu är man tillbaka i felsäkert läge då. har iallafall raderat de programmen du sa (:

 

[Cecilia]

Har Avenger lyckats ta bort de filer och mappar jag listade?

 

Samt som jag frågade förut:

Menar du en helt blå skärm?

 

[CSO]

jag hann ju inte läsa i loggen, men nu när jag kollar i WINDOWS mappen så verkar det flesta borta. Inte kollat alla men de jag kollat finns inte.

 

Ja, en helt blå skärm med vit text, och så börar den typ med "dumping physicall memory to disk" eller något sådant...

 

[Cecilia]

Den viktiga informationen på blåskärmen är följande:

Högt upp ett felmeddelande med stora bokstäver (t ex BAD_POOL)

Långt ner rad med mest siffror (STOP...)

Under det ibland ett filnamn

 

Får se hur det ser ut i en ny main-logg från Deckards skanner då.

 

[CSO]

ska jag försöka starta datorn normalt och se vad det står om den blåa skärmen kommer upp?

 

här är loggen iaf:

[log]Deckard's System Scanner v20071014.68

Run by caroline on 2008-05-05 11:48:23

Computer is in Safe Mode with Networking.

--------------------------------------------------------------------------------

 

 

 

-- HijackThis (run as caroline.exe) --------------------------------------------

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 11:48:27, on 2008-05-05

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Safe mode with network support

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\rundll32.exe

C:\WINDOWS\system32\rundll32.exe

C:\PROGRA~1\Mozilla Firefox\firefox.exe

C:\Program Files\Messenger\msmsgs.exe

C:\PROGRA~1\Mozilla Firefox\firefox.exe

C:\Documents and Settings\caroline\Desktop\dss.exe

C:\PROGRA~1\TRENDM~1\HIJACK~1\caroline.exe

 

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://login.live.com/ppsecure/sha1auth.srf?lc=1053

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: (no name) - {0F388CA8-620E-4CA1-AD03-84DA93E7C9B8} - C:\WINDOWS\system32\pmnkKaWn.dll

O2 - BHO: (no name) - {3A000524-5872-4AAB-8091-1D5CFC4EC720} - C:\WINDOWS\system32\mlJATjkL.dll

O2 - BHO: (no name) - {623B6C68-B4D9-4C1B-A789-B378B48D229B} - C:\WINDOWS\system32\xxyyVOHx.dll (file missing)

O2 - BHO: (no name) - {70CF0E53-42F0-4640-A672-52B14214439E} - C:\WINDOWS\system32\byXQJYQi.dll (file missing)

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O2 - BHO: Windows Live inloggningshjälpen - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll

O2 - BHO: {c79a1fb1-c1b4-d6a8-dde4-a9b4952a2c1b} - {b1c2a259-4b9a-4edd-8a6d-4b1c1bf1a97c} - C:\WINDOWS\system32\msfxyfgg.dll

O2 - BHO: (no name) - {EE5A1465-1E73-4784-8F63-45983FDF0DB8} - C:\WINDOWS\system32\byXrroOE.dll (file missing)

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"

O4 - HKLM\..\Run: [D-Link AirPlus G] C:\Program Files\D-Link\AirPlus G\AirGCFG.exe

O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"

O4 - HKLM\..\Run: [DMXLauncher] "C:\Program Files\Roxio\Media Experience\DMXLauncher.exe"

O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe"

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent

O4 - HKLM\..\Run: [iSUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"

O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"

O4 - HKLM\..\Run: [ucookw] "C:\PROGRA~1\TRYGGD~1\ucookw.exe" -start

O4 - HKLM\..\Run: [spywarefighterguard] C:\Program Files\SPYWAREfighter\spftray.exe

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKLM\..\Run: [bm(1)] "C:\Program Files\Common Files\BortMedVirus\bm.exe" dm=http://bortmedvirus.com ad=http://bortmedvirus.com sd=http://atour.bortmedvirus.com

O4 - HKLM\..\Run: [a4a5ac12] rundll32.exe "C:\WINDOWS\system32\fpcubxxk.dll",b

O4 - HKLM\..\Run: [bMa7969f8e] Rundll32.exe "C:\WINDOWS\system32\xoghpywg.dll",s

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart

O4 - HKCU\..\Run: [indxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020

O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [arjnyorp] C:\WINDOWS\system32\doxefura.exe

O4 - HKCU\..\Run: [e©ùýùÇûï×óÎØøøÁøôóÊýÛñûöÞó] C:\Program Files\XP Antivirus\xpa.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: BTTray.lnk = ?

O4 - Global Startup: Picture Package Menu.lnk = ?

O4 - Global Startup: Picture Package VCD Maker.lnk = ?

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\caroline\Start Menu\Programs\IMVU\Run IMVU.lnk

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll

O20 - Winlogon Notify: byXrroOE - byXrroOE.dll (file missing)

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe

O23 - Service: PsExec (PSEXESVC) - Unknown owner - C:\WINDOWS\PSEXESVC.EXE (file missing)

O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Common Files\Sonic Shared\RoxioUPnPRenderer9.exe

O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Common Files\Sonic Shared\RoxioUpnpService9.exe

O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe

O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe

O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe

O23 - Service: SPYWAREfighterRP - SpamFighter APS - C:\Program Files\SPYWAREfighter\spfprc.exe

O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe

 

--

End of file - 10125 bytes

 

-- Files created between 2008-04-05 and 2008-05-05 -----------------------------

 

2008-05-04 20:55:11 108096 --a------ C:\WINDOWS\system32\msfxyfgg.dll

2008-05-04 20:52:06 95296 --a------ C:\WINDOWS\system32\fpcubxxk.dll

2008-05-04 20:49:45 104512 --a------ C:\WINDOWS\system32\xoghpywg.dll

2008-05-04 20:41:21 0 d-------- C:\WINDOWS\LastGood

2008-05-04 20:37:18 55871 --a------ C:\Documents and Settings\caroline\gpqxfvie.exe

2008-05-04 14:53:45 95296 --a------ C:\WINDOWS\system32\alnacfhu.dll

2008-05-04 14:51:31 108096 --a------ C:\WINDOWS\system32\fltlagrp.dll

2008-05-04 14:51:25 104512 --a------ C:\WINDOWS\system32\vdnpcinq.dll

2008-05-02 23:52:47 105536 --a------ C:\WINDOWS\system32\ljcljyqv.dll

2008-05-02 23:49:47 96320 --a------ C:\WINDOWS\system32\kgjauyty.dll

2008-05-02 23:46:47 105536 --a------ C:\WINDOWS\system32\ppstrsbu.dll

2008-05-02 16:16:09 89243 --a------ C:\Documents and Settings\caroline\dpaidvЛ†›

2008-05-02 16:16:09 89243 --a------ C:\Documents and Settings\Administrator\gprobeЛ†›

2008-05-02 16:09:20 89243 --a------ C:\Documents and Settings\caroline\wigdodЛ†›

2008-05-02 16:09:20 89243 --a------ C:\Documents and Settings\Administrator\wigdodЛ†›

2008-05-02 15:48:27 89243 --a------ C:\Documents and Settings\caroline\nzbzslЛ†›

2008-05-02 15:48:27 89243 --a------ C:\Documents and Settings\Administrator\ncmmvpЛ†›

2008-05-02 13:16:57 105536 --a------ C:\WINDOWS\system32\frdvrdnw.dll

2008-05-02 13:14:01 96320 --a------ C:\WINDOWS\system32\rdljsdma.dll

2008-05-02 13:11:36 105536 --a------ C:\WINDOWS\system32\xwodxhmt.dll

2008-05-02 13:10:56 194037 --ahs---- C:\WINDOWS\system32\uxFfPqss.ini2

2008-05-02 13:10:53 280576 --a------ C:\WINDOWS\system32\ssqPfFxu.dll

2008-05-02 11:09:19 105536 --a------ C:\WINDOWS\system32\jppxkkbu.dll

2008-05-02 11:08:57 105536 --a------ C:\WINDOWS\system32\islogbmq.dll

2008-05-02 11:07:55 202940 --ahs---- C:\WINDOWS\system32\UFLmSvut.ini2

2008-05-02 11:07:54 280576 --a------ C:\WINDOWS\system32\tuvSmLFU.dll

2008-05-02 01:57:51 107072 --a------ C:\WINDOWS\system32\daamfxll.dll

2008-05-02 01:54:51 96320 --a------ C:\WINDOWS\system32\dvpehafs.dll

2008-05-02 01:52:29 107072 --a------ C:\WINDOWS\system32\xeuirnfy.dll

2008-05-02 01:51:51 187996 --ahs---- C:\WINDOWS\system32\cbKUwvut.ini2

2008-05-02 01:51:49 281600 --a------ C:\WINDOWS\system32\tuvwUKbc.dll

2008-05-02 00:46:24 107072 --a------ C:\WINDOWS\system32\fwwttgmb.dll

2008-05-02 00:46:09 345 --ahs---- C:\WINDOWS\system32\YbeOYcfe.ini2

2008-05-02 00:46:08 281600 --a------ C:\WINDOWS\system32\efcYOebY.dll

2008-05-01 23:49:39 96320 --a------ C:\WINDOWS\system32\knabiivv.dll

2008-05-01 23:46:39 107072 --a------ C:\WINDOWS\system32\ckmdwhjp.dll

2008-05-01 23:44:17 107072 --a------ C:\WINDOWS\system32\vvrfhxnp.dll

2008-05-01 23:43:39 199299 --ahs---- C:\WINDOWS\system32\nWaKknmp.ini2

2008-05-01 23:43:37 281600 --a------ C:\WINDOWS\system32\pmnkKaWn.dll

2008-05-01 23:38:52 0 d-------- C:\Documents and Settings\Administrator\Application Data\Adobe

2008-05-01 16:04:16 96320 --a------ C:\WINDOWS\system32\achbcrqh.dll

2008-05-01 16:01:16 107072 --a------ C:\WINDOWS\system32\jidaxoeo.dll

2008-05-01 15:58:54 107072 --a------ C:\WINDOWS\system32\bedyfcuu.dll

2008-05-01 15:58:15 199228 --ahs---- C:\WINDOWS\system32\LkjTAJlm.ini2

2008-05-01 15:58:14 281600 --a------ C:\WINDOWS\system32\mlJATjkL.dll

2008-04-30 20:16:31 0 d-------- C:\Documents and Settings\Administrator\Application Data\Macromedia

2008-04-30 20:14:53 0 d-------- C:\Documents and Settings\Administrator\Application Data\Mozilla

2008-04-28 22:52:21 5816 --a------ C:\WINDOWS\system32\tmp.reg

2008-04-28 22:51:56 25600 --a------ C:\WINDOWS\system32\WS2Fix.exe

2008-04-28 22:51:56 289144 --a------ C:\WINDOWS\system32\VCCLSID.exe <Not Verified; S!Ri; >

2008-04-28 22:51:56 86528 --a------ C:\WINDOWS\system32\VACFix.exe <Not Verified; S!Ri.URZ; VACFix>

2008-04-28 22:51:56 288417 --a------ C:\WINDOWS\system32\SrchSTS.exe <Not Verified; S!Ri; SrchSTS>

2008-04-28 22:51:56 53248 --a------ C:\WINDOWS\system32\Process.exe <Not Verified; http://www.beyondlogic.org; Command Line Process Utility>

2008-04-28 22:51:56 82944 --a------ C:\WINDOWS\system32\IEDFix.exe <Not Verified; S!Ri.URZ; IEDFix>

2008-04-28 22:51:56 51200 --a------ C:\WINDOWS\system32\dumphive.exe

2008-04-28 22:51:56 82944 --a------ C:\WINDOWS\system32\404Fix.exe <Not Verified; S!Ri.URZ; IEDFix>

2008-04-28 22:51:55 0 d-------- C:\Documents and Settings\caroline\SmitfraudFix <SMITFR~1>

2008-04-28 17:46:21 0 d-------- C:\WINDOWS\ERUNT

2008-04-26 11:06:44 0 d-------- C:\Documents and Settings\caroline\Application Data\Help

2008-04-25 18:49:20 0 d-------- C:\Documents and Settings\Administrator\Application Data\Grisoft

2008-04-25 18:46:34 0 d--h----- C:\Documents and Settings\Administrator\Templates

2008-04-25 18:46:34 0 dr------- C:\Documents and Settings\Administrator\Start Menu

2008-04-25 18:46:34 0 dr-h----- C:\Documents and Settings\Administrator\SendTo

2008-04-25 18:46:34 0 d--h----- C:\Documents and Settings\Administrator\Recent

2008-04-25 18:46:34 0 d--h----- C:\Documents and Settings\Administrator\PrintHood

2008-04-25 18:46:34 0 d--h----- C:\Documents and Settings\Administrator\NetHood

2008-04-25 18:46:34 0 d-------- C:\Documents and Settings\Administrator\My Documents

2008-04-25 18:46:34 0 d--h----- C:\Documents and Settings\Administrator\Local Settings

2008-04-25 18:46:34 0 d-------- C:\Documents and Settings\Administrator\Favorites

2008-04-25 18:46:34 0 d-------- C:\Documents and Settings\Administrator\Desktop

2008-04-25 18:46:34 0 d---s---- C:\Documents and Settings\Administrator\Cookies

2008-04-25 18:46:34 0 dr-h----- C:\Documents and Settings\Administrator\Application Data

2008-04-25 18:46:34 0 d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft

2008-04-25 18:46:34 0 d-------- C:\Documents and Settings\Administrator\Application Data\Desperate Housewives

2008-04-25 18:46:33 786432 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT

2008-04-25 13:15:27 409600 --a------ C:\WINDOWS\system32\wrap_oal.dll <Not Verified; Creative Labs; Creative Labs OpenAL32>

2008-04-25 13:04:25 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard

2008-04-24 22:45:39 0 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft

2008-04-22 20:59:44 0 d-------- C:\Program Files\Common Files\Application

2008-04-22 20:59:10 0 d-------- C:\Program Files\SPYWAREfighter

2008-04-22 10:21:00 0 d-------- C:\Documents and Settings\caroline\Application Data\TmpRecentIcons

2008-04-21 21:33:56 0 d-------- C:\Program Files\DAEMON Tools Lite

2008-04-21 21:10:49 717296 --a------ C:\WINDOWS\system32\drivers\sptd.sys

2008-04-21 21:10:44 0 d-------- C:\Documents and Settings\caroline\Application Data\DAEMON Tools

2008-04-21 18:43:49 0 d-------- C:\Program Files\NeroInstall.bak

2008-04-21 18:42:04 0 d-------- C:\Documents and Settings\caroline\Application Data\Nero

2008-04-21 18:39:16 0 d-------- C:\Program Files\Nero

2008-04-21 18:39:16 0 d-------- C:\Program Files\Common Files\Nero

2008-04-21 18:39:16 0 d-------- C:\Documents and Settings\All Users\Application Data\Nero

2008-04-21 17:46:44 0 d-------- C:\Documents and Settings\caroline\Application Data\ImgBurn

2008-04-21 17:43:21 0 d-------- C:\Program Files\ImgBurn

2008-04-20 23:59:44 0 d-------- C:\Program Files\IZArc

2008-04-20 17:21:54 0 d-------- C:\Program Files\Red Mile Entertainment

2008-04-20 16:54:52 0 d-------- C:\spel

2008-04-18 16:44:36 0 d-------- C:\Documents and Settings\LocalService\My Documents

2008-04-18 16:44:08 147456 --a------ C:\WINDOWS\system32\vbzip10.dll <Not Verified; Info-ZIP; Info-ZIP's WiZ>

2008-04-18 16:43:54 0 d-------- C:\Documents and Settings\LocalService\Application Data\Adobe

2008-04-12 15:42:21 0 d-------- C:\Documents and Settings\All Users\Application Data\Avira

2008-04-12 15:32:18 0 d-------- C:\Documents and Settings\caroline\Application Data\PC Tools

2008-04-12 15:31:35 0 dr-h----- C:\Documents and Settings\caroline\Recent

2008-04-12 15:30:42 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP

2008-04-12 15:30:34 0 d-------- C:\Program Files\Common Files\PC Tools

 

 

-- Find3M Report ---------------------------------------------------------------

 

2008-05-04 20:19:31 0 d-------- C:\Program Files\Common Files

2008-05-04 19:07:22 0 d-------- C:\Documents and Settings\caroline\Application Data\Adobe

2008-05-02 21:41:11 664 --a------ C:\WINDOWS\system32\d3d9caps.dat

2008-04-25 15:11:20 0 d-------- C:\Program Files\LimeWire

2008-04-25 13:15:27 114688 --a------ C:\WINDOWS\system32\OpenAL32.dll <Not Verified; Portions © Creative Labs Inc. and NVIDIA Corp.; Standard OpenAL Library>

2008-04-25 13:14:05 0 d-------- C:\Program Files\PAN Vision

2008-04-21 18:00:56 0 d-------- C:\Program Files\SlySoft

2008-04-20 15:30:32 0 d-------- C:\Documents and Settings\caroline\Application Data\LimeWire

2008-04-18 17:05:52 98304 --a------ C:\WINDOWS\system32\CmdLineExt.dll <Not Verified; Sony DADC Austria AG.; >

2008-04-12 13:45:49 0 d-------- C:\Program Files\Hewlett-Packard

2008-03-27 20:29:25 0 d-------- C:\Program Files\Java

2008-03-27 20:28:20 0 d-------- C:\Program Files\Common Files\Java

2008-03-24 19:00:32 0 d-------- C:\Documents and Settings\caroline\Application Data\Opera

2008-03-24 00:28:52 0 d-------- C:\Program Files\Common Files\Adobe

2008-03-23 23:41:16 0 d-------- C:\Documents and Settings\caroline\Application Data\Roxio

2008-03-21 16:14:07 0 d-------- C:\Documents and Settings\caroline\Application Data\Uniblue

2008-03-21 16:13:59 0 d-------- C:\Program Files\Uniblue

2008-03-21 16:01:45 0 d-------- C:\Program Files\Ubisoft

2008-03-21 00:09:42 0 d-------- C:\Program Files\MessengerPlus! 3

2008-03-21 00:05:24 0 d-------- C:\Program Files\Messenger Plus! Live

2008-03-20 14:30:50 0 d-------- C:\Program Files\Microsoft Games

2008-03-18 14:57:51 0 d-------- C:\Program Files\Mindscape

2008-03-13 22:56:35 0 d-------- C:\Documents and Settings\caroline\Application Data\Notepad++

2008-03-13 22:55:56 0 d-------- C:\Program Files\Chord Pickout

2008-03-08 16:15:35 0 d-------- C:\Documents and Settings\caroline\Application Data\Atari

2008-03-08 16:15:09 0 d-------- C:\Program Files\Common Files\PocketSoft

2008-03-08 16:12:48 0 d--h----- C:\Program Files\InstallShield Installation Information

2008-03-08 16:12:46 0 d-------- C:\Program Files\Atari

 

 

-- Registry Dump ---------------------------------------------------------------

 

*Note* empty entries & legit default entries are not shown

 

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0F388CA8-620E-4CA1-AD03-84DA93E7C9B8}]

2008-05-01 23:43 281600 --a------ C:\WINDOWS\system32\pmnkKaWn.dll

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3A000524-5872-4AAB-8091-1D5CFC4EC720}]

2008-05-01 15:58 281600 --a------ C:\WINDOWS\system32\mlJATjkL.dll

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{623B6C68-B4D9-4C1B-A789-B378B48D229B}]

C:\WINDOWS\system32\xxyyVOHx.dll

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{70CF0E53-42F0-4640-A672-52B14214439E}]

C:\WINDOWS\system32\byXQJYQi.dll

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{b1c2a259-4b9a-4edd-8a6d-4b1c1bf1a97c}]

2008-05-04 20:55 108096 --a------ C:\WINDOWS\system32\msfxyfgg.dll

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EE5A1465-1E73-4784-8F63-45983FDF0DB8}]

C:\WINDOWS\system32\byXrroOE.dll

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NVMixerTray"="C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe" [2004-06-03 20:51]

"D-Link AirPlus G"="C:\Program Files\D-Link\AirPlus G\AirGCFG.exe" [2005-11-23 15:04]

"ANIWZCS2Service"="C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2005-10-19 18:19]

"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-11-11 07:47]

"nwiz"="nwiz.exe" [2005-11-11 07:47 C:\WINDOWS\system32\nwiz.exe]

"RoxWatchTray"="C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2006-08-10 12:10]

"DMXLauncher"="C:\Program Files\Roxio\Media Experience\DMXLauncher.exe" [2006-08-14 01:07]

"RoxioDragToDisc"="C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe" [2006-07-31 09:00]

"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2005-11-11 07:47]

"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 03:07 C:\WINDOWS\system32\bthprops.cpl]

"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 16:50]

"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 16:50]

"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 07:24]

"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-09-26 15:42]

"PinnacleDriverCheck"="C:\WINDOWS\system32\PSDrvCheck.exe" [2004-03-10 17:26]

"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16]

"MessengerPlus3"="C:\Program Files\MessengerPlus! 3\MsgPlus.exe" [2008-03-21 00:09]

"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25]

"CloneCDTray"="C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" [2006-09-28 21:21]

"NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [2008-02-28 09:59]

"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-02-18 16:29]

"ucookw"="C:\PROGRA~1\TRYGGD~1\ucookw.exe" []

"spywarefighterguard"="C:\Program Files\SPYWAREfighter\spftray.exe" [2008-02-21 15:37]

"KernelFaultCheck"="C:\WINDOWS\system32\dumprep 0 -k" []

"bm(1)"="C:\Program Files\Common Files\BortMedVirus\bm.exe" []

"a4a5ac12"="C:\WINDOWS\system32\fpcubxxk.dll" [2008-05-04 20:52]

"BMa7969f8e"="C:\WINDOWS\system32\xoghpywg.dll" [2008-05-04 20:49]

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 03:07]

"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 12:35]

"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-10-27 13:08]

"MessengerPlus3"="C:\Program Files\MessengerPlus! 3\MsgPlus.exe" [2008-03-21 00:09]

"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2008-02-28 17:07]

"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-04-01 11:39]

"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 18:24]

"arjnyorp"="C:\WINDOWS\system32\doxefura.exe" []

"e©ùýùÇûï×óÎØøøÁøôóÊýÛñûöÞó"="C:\Program Files\XP Antivirus\xpa.exe" []

 

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]

"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t

 

C:\Documents and Settings\caroline\Start Menu\Programs\StartupAdobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2008-02-12 22:54:03]

 

C:\Documents and Settings\All Users\Start Menu\Programs\StartupAdobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2008-02-12 22:54:03]

BTTray.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2004-11-29 19:55:44]

Picture Package Menu.lnk - C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe [2007-10-29 13:05:49]

Picture Package VCD Maker.lnk - C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe [2007-10-29 13:05:47]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]

"{EE5A1465-1E73-4784-8F63-45983FDF0DB8}"= C:\WINDOWS\system32\byXrroOE.dll [ ]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\byXrroOE]

byXrroOE.dll

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

"Authentication Packages"= msv1_0 C:\WINDOWS\system32\pmnkKaWn

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

bthsvcs BthServ

 

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]

AutoRun\command- D:\setup.exe

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{908bbcf2-bfaf-11dc-a40c-000ea132e704}]

Auto\command- H:\Start.exe

AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Start.exe

 

 

 

 

-- End of Deckard's System Scanner: finished at 2008-05-05 11:49:13 ------------

 

[/log]

 

[Cecilia]

ska jag försöka starta datorn normalt och se vad det står om den blåa skärmen kommer upp?

Ja

Om det kommer upp ett meddelande om att det har varit ett allvarligt problem med datorn som hänvisar till en fil som slutar på .dmp så gå till http://skickafilen.se/ och ladda upp den filen där och så klistra in länken du får tillbaks i ditt svar.

 

[Cecilia]

Avenger ser ut att ha fått bort filer men det har skapats nya filer så allt gick inte bort.

SDFix ser ut att ha kört också. Kolla om det finns någon logg (Report.txt) i mappen SDFix.

 

[CSO]

fick upp den blåa skärmen och felmeddelandet: DRIVER_IRQL_NOT_LESS_OR_EQUAL

 

sen fick jag ***STOP: 0x000000D1 (0x7765C544, 0x0000002, 0x00000000, 0x07765C544)

 

hade även fått en rapport från SDFix så lägger upp loggen:

[log]SDFix: Version 1.176

Run by caroline on 2008-04-28 at 17:51

 

Microsoft Windows XP [Version 5.1.2600]

Running From: C:\SDFix

 

Checking Services :

 

Name :

dhlp

 

Path :

System32\Drivers\dhlp.sys

 

dhlp - Deleted

 

 

 

Restoring Windows Registry Values

Restoring Windows Default Hosts File

Restoring Default HomePage Value

Restoring Default Desktop Components Value

 

Rebooting

 

 

Checking Files :

 

Trojan Files Found:

 

C:\Documents and Settings\caroline\Start Menu\Programs\VirusIsolator\VirusIsolator.lnk - Deleted

C:\Documents and Settings\caroline\Desktop\Error Cleaner.url - Deleted

C:\Documents and Settings\caroline\Favorites\Error Cleaner.url - Deleted

C:\Documents and Settings\caroline\Favorites\Privacy Protector.url - Deleted

C:\Documents and Settings\caroline\Desktop\Spyware&Malware Protection.url - Deleted

C:\Documents and Settings\caroline\Favorites\Spyware&Malware Protection.url - Deleted

C:\Temp\1cb\syscheck.log - Deleted

C:\Program Files\akl\akl.dll - Deleted

C:\Program Files\akl\akl.exe - Deleted

C:\Program Files\akl\uninstall.exe - Deleted

C:\Program Files\akl\unsetup.exe - Deleted

C:\Program Files\VirusIsolator\VirusIsolator.exe - Deleted

C:\Program Files\VirusIsolator\vscan.tsi - Deleted

C:\Program Files\VirusIsolator\zlib.dll - Deleted

C:\Program Files\A.ico - Deleted

C:\Program Files\B.ico - Deleted

C:\Documents and Settings\caroline\Application Data\Microsoft\Internet Explorer\Quick Launch\VirusIsolator.lnk - Deleted

C:\DOCUME~1\caroline\LOCALS~1\Temp\ProductPath\pgs.exe - Deleted

C:\WINDOWS\Fonts\Crack.exe - Deleted

C:\WINDOWS\iTunesMusic.exe - Deleted

C:\WINDOWS\olgdqarf.exe - Deleted

C:\WINDOWS\system32\msvchost.exe - Deleted

C:\WINDOWS\system32\pac.txt - Deleted

C:\WINDOWS\system32\winsystem.exe - Deleted

C:\WINDOWS\Web\def.htm - Deleted

C:\WINDOWS\wxvgsdbq.exe - Deleted

 

 

 

Folder C:\WINDOWS\Fonts\' - Removed

 

 

Removing Temp Files

 

ADS Check :

 

 

 

Final Check :

 

catchme 0.3.1353.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-05-04 20:21:39

Windows 5.1.2600 Service Pack 2 NTFS

 

scanning hidden processes ...

 

C:\Documents and Settings\Administrator\gpqxfvie.exe [884] 0x89C707C0

 

scanning hidden services & system hive ...

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\BTHPORT\Parameters\Keys\000ea132e704]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]

"p0"="C:\Program Files\DAEMON Tools Lite\"

"h0"=dword:00000000

"khjeh"=hex:26,f7,20,bc,3a,f6,72,9e,af,7f,2d,f9,0f,a2,54,c1,4f,60,ec,68,47,..

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]

"a0"=hex:20,01,00,00,58,45,cb,e4,18,94,9b,c0,58,da,1c,a5,dc,36,71,55,7e,..

"khjeh"=hex:24,12,08,9e,54,e5,e4,8a,7b,8b,d7,f6,f6,87,ee,ba,d2,32,d3,33,73,..

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]

"khjeh"=hex:40,43,94,16,4a,86,c6,52,f2,65,81,2a,8c,e0,d5,e7,57,0a,cb,9f,9b,..

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41]

"khjeh"=hex:a2,a1,36,c4,ae,58,7e,15,5d,bf,6d,d5,52,7c,3e,64,11,0e,93,01,fe,..

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42]

"khjeh"=hex:a2,a1,36,c4,ae,58,7e,15,5d,bf,6d,d5,52,7c,3e,64,11,0e,93,01,fe,..

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43]

"khjeh"=hex:a2,a1,36,c4,ae,58,7e,15,5d,bf,6d,d5,52,7c,3e,64,11,0e,93,01,fe,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\000ea132e704]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]

"p0"="C:\Program Files\DAEMON Tools Lite\"

"h0"=dword:00000000

"khjeh"=hex:26,f7,20,bc,3a,f6,72,9e,af,7f,2d,f9,0f,a2,54,c1,4f,60,ec,68,47,..

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]

"a0"=hex:20,01,00,00,58,45,cb,e4,18,94,9b,c0,58,da,1c,a5,dc,36,71,55,7e,..

"khjeh"=hex:24,12,08,9e,54,e5,e4,8a,7b,8b,d7,f6,f6,87,ee,ba,d2,32,d3,33,73,..

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]

"khjeh"=hex:40,43,94,16,4a,86,c6,52,f2,65,81,2a,8c,e0,d5,e7,57,0a,cb,9f,9b,..

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41]

"khjeh"=hex:a2,a1,36,c4,ae,58,7e,15,5d,bf,6d,d5,52,7c,3e,64,11,0e,93,01,fe,..

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42]

"khjeh"=hex:a2,a1,36,c4,ae,58,7e,15,5d,bf,6d,d5,52,7c,3e,64,11,0e,93,01,fe,..

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43]

"khjeh"=hex:a2,a1,36,c4,ae,58,7e,15,5d,bf,6d,d5,52,7c,3e,64,11,0e,93,01,fe,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\000ea132e704]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]

"p0"="C:\Program Files\DAEMON Tools Lite\"

"h0"=dword:00000000

"khjeh"=hex:26,f7,20,bc,3a,f6,72,9e,af,7f,2d,f9,0f,a2,54,c1,4f,60,ec,68,47,..

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]

"a0"=hex:20,01,00,00,58,45,cb,e4,18,94,9b,c0,58,da,1c,a5,dc,36,71,55,7e,..

"khjeh"=hex:24,12,08,9e,54,e5,e4,8a,7b,8b,d7,f6,f6,87,ee,ba,d2,32,d3,33,73,..

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]

"khjeh"=hex:40,43,94,16,4a,86,c6,52,f2,65,81,2a,8c,e0,d5,e7,57,0a,cb,9f,9b,..

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41]

"khjeh"=hex:a2,a1,36,c4,ae,58,7e,15,5d,bf,6d,d5,52,7c,3e,64,11,0e,93,01,fe,..

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42]

"khjeh"=hex:a2,a1,36,c4,ae,58,7e,15,5d,bf,6d,d5,52,7c,3e,64,11,0e,93,01,fe,..

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43]

"khjeh"=hex:a2,a1,36,c4,ae,58,7e,15,5d,bf,6d,d5,52,7c,3e,64,11,0e,93,01,fe,..

 

scanning hidden registry entries ...

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\CancelAutoplay\CLSID]

"\30 A?E?2?A?E?D?8?F?-?5?6?9?5?-?4?a?6?d?-?9?7?0?9?-?1?4?E?5?1?C?D?1?7?B?1?C?'?"=""

 

scanning hidden files ...

 

 

scan completed successfully

hidden processes: 1

hidden services: 0

hidden files: 0

 

 

Remaining Services :

 

 

 

 

Authorized Application Key Export:

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"

"C:\\Program Files\\Mozilla Firefox\\firefox.exe"="C:\\Program Files\\Mozilla Firefox\\firefox.exe:*:Enabled:Firefox"

"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"

"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"

"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"

"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"

"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

 

Remaining Files :

 

 

File Backups: - C:\SDFix\backups\backups.zip

 

Files with Hidden Attributes :

 

Mon 29 Oct 2007 24 ..SH. --- "C:\WINDOWS\S2E54F77B.tmp"

Sat 15 Dec 2007 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"

Sat 19 Jan 2008 2,273 A..H. --- "C:\Program Files\InterActual\InterActual Player\iti77.tmp"

Sun 28 Oct 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\0089cd1ec7c03d0a52caa6b6ea801507\BIT61.tmp"

Tue 18 Dec 2007 8,692,264 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\0eb0aedbab80f97b2ed764e880524c11\BITC.tmp"

Mon 18 Feb 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\52e811b9b8a98e903e9af1663dd13485\BIT4D.tmp"

Mon 18 Feb 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\771350e502329b319ea4189fe126f571\BIT4C.tmp"

Mon 21 Apr 2008 1,660 A.SH. --- "C:\Documents and Settings\caroline\Application Data\Roxio\Dragon\3.x\DiscInfoCache\Optiarc_DVD_RW_AD-5170A_1.11_000_DICV018_DRGV9000007.TMP"

 

Finished![/log]

 

[Zipp.]

 

Fick du ingen felmeddelande om inte så gör en Sök på .dmp och hittas en fil som är skapad idag så ladda ner den i länken Cecilia gav.

 

[Cecilia]

Avinstallera Messenger Plus! Live om det går.

Byt sedan namn på mappen C:\Program Files\Messenger Plus! Live till något annat så att det absolut inte går igång.

 

Ställ in Utforskaren så att du kan se alla filer:

Verktyg - (Mapp)alternativ eller liknande - Visning

Välj Visa dolda filer och mappar

Avbocka Dölj filnamnstillägg för kända filtyper

Avbocka Dölj skyddade operativsystemfiler

 

Ta bort mapparna (om de finns kvar):

C:\Program Files\akl

C:\Program Files\VirusIsolator

 

Töm mappen:

C:\DOCUME~1\caroline\LOCALS~1\Temp

 

Kopiera in följande i Anteckningar:

Drivers to delete:
pmnkKaWn

Files to delete:
C:\Documents and Settings\Administrator\gpqxfvie.exe
C:\WINDOWS\system32\mlJATjkL.dll
C:\WINDOWS\system32\msfxyfgg.dll
C:\WINDOWS\system32\fpcubxxk.dll
C:\WINDOWS\system32\xoghpywg.dll
C:\WINDOWS\system32\doxefura.exe
C:\WINDOWS\system32\byXrroOE.dll
C:\WINDOWS\system32\msfxyfgg.dll
C:\Documents and Settings\caroline\gpqxfvie.exe
C:\WINDOWS\system32\alnacfhu.dll
C:\WINDOWS\system32\fltlagrp.dll
C:\WINDOWS\system32\vdnpcinq.dll
C:\WINDOWS\system32\ljcljyqv.dll
C:\WINDOWS\system32\kgjauyty.dll
C:\WINDOWS\system32\ppstrsbu.dll
C:\Documents and Settings\caroline\dpaidvЛ†›
C:\Documents and Settings\Administrator\gprobeЛ†›
C:\Documents and Settings\caroline\wigdodЛ†›
C:\Documents and Settings\Administrator\wigdodЛ†›
C:\Documents and Settings\caroline\nzbzslЛ†›
C:\Documents and Settings\Administrator\ncmmvpЛ†›
C:\WINDOWS\system32\frdvrdnw.dll
C:\WINDOWS\system32\rdljsdma.dll
C:\WINDOWS\system32\xwodxhmt.dll
C:\WINDOWS\system32\uxFfPqss.ini2
C:\WINDOWS\system32\ssqPfFxu.dll
C:\WINDOWS\system32\jppxkkbu.dll
C:\WINDOWS\system32\islogbmq.dll
C:\WINDOWS\system32\UFLmSvut.ini2
C:\WINDOWS\system32\tuvSmLFU.dll
C:\WINDOWS\system32\daamfxll.dll
C:\WINDOWS\system32\dvpehafs.dll
C:\WINDOWS\system32\xeuirnfy.dll
C:\WINDOWS\system32\cbKUwvut.ini2
C:\WINDOWS\system32\tuvwUKbc.dll
C:\WINDOWS\system32\fwwttgmb.dll
C:\WINDOWS\system32\YbeOYcfe.ini2
C:\WINDOWS\system32\efcYOebY.dll
C:\WINDOWS\system32\knabiivv.dll
C:\WINDOWS\system32\ckmdwhjp.dll
C:\WINDOWS\system32\vvrfhxnp.dll
C:\WINDOWS\system32\nWaKknmp.ini2
C:\WINDOWS\system32\pmnkKaWn.dll
C:\WINDOWS\system32\achbcrqh.dll
C:\WINDOWS\system32\jidaxoeo.dll
C:\WINDOWS\system32\bedyfcuu.dll
C:\WINDOWS\system32\LkjTAJlm.ini2
C:\WINDOWS\system32\mlJATjkL.dll

Folders to delete:
C:\PROGRA~1\TRYGGD~1
C:\Program Files\Common Files\BortMedVirus
C:\Program Files\XP Antivirus

Files to replace with dummy:
C:\WINDOWS\system32\pmnkKaWn.dll

Kontrollera att varje filnamn står på endast en rad och inte har delats upp på två rader.

Starta Avenger.

I den stora rutan så klistrar du in texten som finns i Anteckningar.

Bocka i rutan Scan for rootkits om den inte redan är ibockad.

Tryck på Execute för att starta det.

Datorn startar nu om (kanske två gånger). Starta till normalt läge.

Efter en liten stund så kommer loggen (C:\avenger.txt).

Klistra in den här liksom en ny main-logg.

 

[CSO]

hittade när jag sökte en dmp-fil som hade skapats idag. skickade filen och den var rätt stor så det tog ett tag att ladda upp... men här kommer länken iaf:

http://skickafilen.se/download.jsp?fileid=WusWbGQKRjTehSUXp8a8

 

nu ska jag starta avenger och hoppas på det bästa (:

 

[CSO]

såå.. messenger live avinstallerat och temp-mappen tömd. dom andra hgittade jag inte.

 

men, lyckades dock inte starta i normalt läge, blåa skärmen kom upp igen.

så, vad är nästa steg?

 

[Cecilia]

Dels så får vi se om zipp lyckas få ut något av dmp-filen och dels så en ny main-logg. Kontrollera också att det inte finns någon C:\avenger.txt