Ive got something in my computer that should'nt be there..
Panda Activescan says following:
Incident Status Location
Adware:adware/ist.istbar No disinfected Windows Registry
Virus:Trj/Downloader.FFZ Disinfected C:\System Volume Information\_restore{59CF28CB-DFFA-42D8-9995-9C31C2C1F24C}\RP1\A0000027.exe
Ive run a lot of different programs for example;
FxIstbar doesnt find anything,
Ewid Security Suite find 17 "TrojanDownloader.Agent.uj" in memory,
Ad-Aware SE Personal doesnt find anything, just cookies,
BHODemon doesnt find anything,
SpyBot-Search & Destroy reboot the computer,
Spyware Doctor hangs up the computer totally,
TrojanHunter doesnt find anything.
And the HijackThis log:
Logfile of HijackThis v1.99.1
Scan saved at 05:37:22, on 2005-11-17
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program\Microsoft IntelliType Pro\type32.exe
C:\Program\Microsoft IntelliPoint\point32.exe
C:\Program\Messenger Plus! 3\MsgPlus.exe
C:\Program\HP\hpcoretech\hpcmpmgr.exe
C:\Program\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program\Zone Labs\ZoneAlarm\zonealarm.exe
C:\Program\HP\hpcoretech\comp\hptskmgr.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\System32\taskmgr.exe
C:\Program\MSN Messenger\msnmsgr.exe
C:\Program\Internet Explorer\IEXPLORE.EXE
C:\Program\Winamp\Winamp.exe
c:\windows\system32\notepad.exe
c:\windows\system32\notepad.exe
c:\windows\system32\notepad.exe
c:\windows\system32\notepad.exe
C:\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDaemon] !!! RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] !!! nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] !!! RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [type32] "C:\Program\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program\Messenger Plus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKCU\..\Run: [MessengerDiscovery] C:\Program\MessengerDiscovery\msgdiscoveryx.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: ZoneAlarm.lnk = C:\Program\Zone Labs\ZoneAlarm\zonealarm.exe
O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\MSMSGS.EXE
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - http://www.bitdefend...can8/oscan8.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {8EB3FF4E-86A1-4717-884D-7BA2D38272CB} (F-Secure Online Scanner) - http://support.f-sec...m/ols/fscax.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcaf...608/mcfscan.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\Program\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: ewido security suite control - ewido networks - C:\Program\ewido\security suite\ewidoctrl.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools - C:\Program\Spyware Doctor\sdhelp.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
Its me who put the three ! om those three, because I dont know if they need to be there or not. And I dont want to delete them if they need to be there. Do they need to be there?
O4 - HKLM\..\Run: [NvCplDaemon] !!! RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] !!! nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] !!! RunDLL32.exe NvMCTray.dll,NvTaskbarInit
Sign In
Create Account
