hijackthis log + lidt "ekstra"

Right - fik et alvorligt virusproblem i går aftes, og har nu endelig fået kørt det hele igennem. Jeg får dog stadig fejl i winlogon.exe der resulterer i følgende fejlmeddelse et par gange kort efter jeg har startet winxp op:
"The instruction at "0x00ad1f4a" referenced memory at "0x6f632e90". The memory could not be "read"."

Jeg startede med AVG, lod den køre igennem, og trykkede "heal" ved langt de fleste (det ved jeg så nu var forkert, men sådan er livet).
Fortsatte med Microsoft Anti-Spyware, og derefter Ad-Aware.

Fulgte så fromsej's glimrende guide:

DrWeb log:

-----------------------------------------------------------------------------
Scan statistics
-----------------------------------------------------------------------------
Objects scanned: 119758
Infected objects found: 16
Objects with modifications found: 0
Suspicious objects found: 0
Adware programs found: 0
Dialer programs found: 0
Joke programs found: 0
Riskware programs found: 0
Hacktool programs found: 0
Objects cured: 0
Objects deleted: 15
Objects renamed: 0
Objects moved: 0
Objects ignored: 0
Scan speed: 1083 Kb/s
Scan time: 00:29:50
-----------------------------------------------------------------------------

Ewido log:
---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on:            01:56:25, 30-12-2005
+ Report-Checksum:        BC7341EA

+ Scan result:

    HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\CLSID -> Spyware.PurityScan : Cleaned with backup
    HKU\S-1-5-21-1390067357-1770027372-725345543-1003\Software\Microsoft\Internet Explorer\Keywords -> Spyware.CoolWebSearch : Cleaned with backup
    HKU\S-1-5-21-1390067357-1770027372-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5321E378-FFAD-4999-8C62-03CA8155F0B3} -> Spyware.CoolWebSearch : Cleaned with backup
    HKU\S-1-5-21-1390067357-1770027372-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A6790AA5-C6C7-4BCF-A46D-0FDAC4EA90EB} -> Spyware.Azsearch : Cleaned with backup
    HKU\S-1-5-21-1390067357-1770027372-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B75F75B8-93F3-429D-FF34-660B206D897A} -> Spyware.PurityScan : Cleaned with backup
    HKU\S-1-5-21-1390067357-1770027372-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FFF5092F-7172-4018-827B-FA5868FB0478} -> Spyware.ZToolbar : Cleaned with backup
    C:\Program Files\SpySheriff\Uninstall.exe -> Adware.SpySheriff : Cleaned with backup
    D:\Documents and Settings\Rune Hansen\Cookies\rune hansen@adtech[2].txt -> Spyware.Cookie.Adtech : Cleaned with backup
    D:\Documents and Settings\Rune Hansen\Cookies\rune hansen@com[2].txt -> Spyware.Cookie.Com : Cleaned with backup
    D:\Documents and Settings\Rune Hansen\Cookies\rune hansen@mediaplex[1].txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
    D:\Documents and Settings\Rune Hansen\Cookies\rune hansen@microsofteup.112.2o7[1].txt -> Spyware.Cookie.2o7 : Cleaned with backup
    D:\Documents and Settings\Rune Hansen\Local Settings\Temp\Cookies\rune hansen@com[2].txt -> Spyware.Cookie.Com : Cleaned with backup
    D:\Documents and Settings\Rune Hansen\Local Settings\Temp\vx1.game -> Downloader.Small.aqu : Cleaned with backup
    D:\Documents and Settings\Rune Hansen\Local Settings\Temp\vx3.game -> Downloader.Small.aqu : Cleaned with backup
    D:\WINDOWS\system32\vxgame1.exe -> Downloader.Small.aqu : Cleaned with backup
    D:\WINDOWS\system32\vxgame3.exe -> Downloader.Small.aqu : Cleaned with backup
    D:\WINDOWS\system32\ztoolbar.bmp -> Spyware.TNS-Search : Cleaned with backup


::Report End


Og til sidst, Hijackthis log:


Logfile of HijackThis v1.99.1
Scan saved at 02:08:27, on 30-12-2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\Explorer.EXE
D:\Program Files\Internet Explorer\iexplore.exe
D:\WINDOWS\system32\ctfmon.exe
C:\Downloads\hijackthis.exe

F3 - REG:win.ini: run=D:\WINDOWS\inet20001\winlogon.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Apps\Diverse\Acrobat Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SoundMAXPnP] D:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "D:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [DAEMON Tools] "D:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [AVG7_CC] D:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [gcasServ] "D:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKCU\..\Run: [MsnMsgr] "D:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = D:\Program Files\Apps\Diverse\Acrobat Reader\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O16 - DPF: {029FDBA6-3547-11D7-AA4C-0050BF051A00} (Rawflow ICD Client) - http://downol.dr.dk/download/netradio/Rawflow.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1130652816935
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by110fd.bay110.hotmail.msn.com/activex/HMAtchmt.ocx
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "D:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: msupdate - D:\WINDOWS\SYSTEM32\msupdate32.dll
O21 - SSODL: JUDsZqxl - {D01E50B0-7AB4-FA1A-6C9F-9060B1A52B2A} - D:\WINDOWS\system32\stou.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: ewido security suite control - ewido networks - D:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - D:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - D:\Program Files\Analog Devices\SoundMAX\SMAgent.exe