Just nu i M3-nätverket
Gå till innehåll

Yazan

Medlem
  • Antal inlägg

    14
  • Gick med

  • Senaste besök

Om Yazan

  • Medlemstitel
    Användare
  • Födelsedag 1978-10-10

Profil

  • Ort
    Malmö
  1. Filerna är borta och problemet likaså. Nu håller jag på och installerar antivir. Tack för hjälpen!!
  2. Här är den i alla fall (lär inte behövas mer). [log]MSNFix 1.618 C:\Documents and Settings\yazan\Skrivbord\MSNFix(2)\MSNFix Sokningen var klar pa 2008-01-05 - 1:11:01,03 By yazan normalt lage ************************ Kollar filer Inga Filer Funna ************************ Kollar mappar Inga Mappar Funna ************************ Misstankta Filer /!\ Dem funna filerna maste kontrolleras innan borttagning [C:\winrar.exe] 8C1F7D4079ED6ECF216F39EB56705958 [\winrar.exe] 8C1F7D4079ED6ECF216F39EB56705958 ==> Var snall och ladda upp filen C:\DOCUME~1\yazan\SKRIVB~1\Upload_Me.zip on http://upload.changelog.fr ------------------------------------------------------------------------ Gjord av : !aur3n7 Contact: http://changelog.fr ------------------------------------------------------------------------ --------------------------------------------- END --------------------------------------------- [/log] Hur uppför sig MSN? Innan jag tog bort filerna: Normalt men skickar .zip filer till alla som loggar in. Ska se om det har försvunnit nu.
  3. Sådär, nu får vi hoppas på att det är allt som behövs:) Msnfix [log]\msnextension.exe \verifysystemtitle.exe C:\Documents and Settings\yazan\Modegreat.exe C:\WINDOWS\01.htm C:\WINDOWS\chirstmas-2007.zip C:\WINDOWS\LinksMode.dat C:\WINDOWS\nsreg.dat C:\WINDOWS\Partizan.jpg C:\WINDOWS\servidevice.exe C:\WINDOWS\system\msnrav.exe C:\WINDOWS\system\orkut.exe C:\WINDOWS\system32\dllcache\mravsc32.exe C:\WINDOWS\system32\drivers\msimn.exe C:\WINDOWS\system32\drivers\TaskEng.exe C:\WINDOWS\system32\drivers\Taskmgr.exe C:\WINDOWS\system32\eok.exe C:\WINDOWS\system32\etibqsuexhf.exe C:\WINDOWS\system32\femtkxtvbbr.exe C:\WINDOWS\system32\fooool.exe C:\WINDOWS\system32\forcemem.exe C:\WINDOWS\system32\fsu.exe C:\WINDOWS\system32\HotMail.exe C:\WINDOWS\system32\hsuqfrya.exe C:\WINDOWS\system32\jwjwn.exe C:\WINDOWS\system32\maiqiq.exe C:\WINDOWS\system32\mcrh.tmp C:\WINDOWS\system32\mmdmm.exe C:\WINDOWS\system32\msnextension.exe C:\WINDOWS\system32\msv.exe C:\WINDOWS\system32\ocxhd.exe C:\WINDOWS\system32\oigccdrw.exe C:\WINDOWS\system32\ouketutcroistiot.zip C:\WINDOWS\system32\qkrcdl.exe C:\WINDOWS\system32\SysUp23.exe C:\WINDOWS\system32\ultczti.exe C:\WINDOWS\system32\updater.dll C:\WINDOWS\system32\vdsgrweq.ini C:\WINDOWS\system32\verifysystemtitle.exe C:\WINDOWS\system32\winscare.exe C:\WINDOWS\system32\xeng.exe C:\WINDOWS\system32\f.exe C:\WINDOWS\system32\xnjfzpne.exe C:\WINDOWS\system32\y.exe C:\WINDOWS\system32\ytgna.exe [/log] GLC [log]Fil _GLC0001.TMP mottagen 2008.01.05 11:42:41 (CET) Antivirus Version Senaste Uppdatering Resultat AhnLab-V3 2008.1.5.11 2008.01.05 - AntiVir 7.6.0.46 2008.01.04 - Authentium 4.93.8 2008.01.04 - Avast 4.7.1098.0 2008.01.04 - AVG 7.5.0.516 2008.01.04 - BitDefender 7.2 2008.01.05 - CAT-QuickHeal 9.00 2008.01.05 - ClamAV 0.91.2 2008.01.05 - DrWeb 4.44.0.09170 2008.01.05 - eSafe 7.0.15.0 2008.01.03 - eTrust-Vet 31.3.5432 2008.01.04 - Ewido 4.0 2008.01.04 - FileAdvisor 1 2008.01.05 - Fortinet 3.14.0.0 2008.01.04 - F-Prot 4.4.2.54 2008.01.04 - F-Secure 6.70.13030.0 2008.01.04 - Ikarus T3.1.1.15 2008.01.05 - Kaspersky 7.0.0.125 2008.01.05 - McAfee 5200 2008.01.04 - Microsoft 1.3109 2008.01.05 - NOD32v2 2766 2008.01.04 - Norman 5.80.02 2008.01.04 - Panda 9.0.0.4 2008.01.04 - Prevx1 V2 2008.01.05 - Rising 20.25.52.00 2008.01.05 - Sophos 4.24.0 2008.01.05 - Sunbelt 2.2.907.0 2008.01.05 - Symantec 10 2008.01.05 - TheHacker 6.2.9.180 2008.01.04 - VBA32 3.12.2.5 2008.01.02 - VirusBuster 4.3.26:9 2008.01.04 - Webwasher-Gateway 6.6.2 2008.01.04 - Övrig information File size: 122480 bytes MD5: 6c8e0fd59b297eff8ce4424f25a8887f SHA1: 22329a784364b5a1c1355b43727dd2e7b09be41e PEiD: -[/log] GLH [log]Fil _GLH0001.TMP mottagen 2008.01.05 11:59:07 (CET) Antivirus Version Senaste Uppdatering Resultat AhnLab-V3 2008.1.5.11 2008.01.05 - AntiVir 7.6.0.46 2008.01.04 - Authentium 4.93.8 2008.01.04 - Avast 4.7.1098.0 2008.01.04 - AVG 7.5.0.516 2008.01.04 - BitDefender 7.2 2008.01.05 - CAT-QuickHeal 9.00 2008.01.05 - ClamAV 0.91.2 2008.01.05 - DrWeb 4.44.0.09170 2008.01.05 - eSafe 7.0.15.0 2008.01.03 - eTrust-Vet 31.3.5432 2008.01.04 - Ewido 4.0 2008.01.04 - FileAdvisor 1 2008.01.05 - Fortinet 3.14.0.0 2008.01.04 - F-Prot 4.4.2.54 2008.01.04 - F-Secure 6.70.13030.0 2008.01.04 - Ikarus T3.1.1.15 2008.01.05 - Kaspersky 7.0.0.125 2008.01.05 - McAfee 5200 2008.01.04 - Microsoft 1.3109 2008.01.05 - NOD32v2 2766 2008.01.04 - Norman 5.80.02 2008.01.04 - Panda 9.0.0.4 2008.01.04 - Prevx1 V2 2008.01.05 - Rising 20.25.52.00 2008.01.05 - Sophos 4.24.0 2008.01.05 - Sunbelt 2.2.907.0 2008.01.05 - Symantec 10 2008.01.05 - TheHacker 6.2.9.180 2008.01.04 - VBA32 3.12.2.5 2008.01.02 - VirusBuster 4.3.26:9 2008.01.04 - Webwasher-Gateway 6.6.2 2008.01.04 - Övrig information File size: 5607 bytes MD5: 3880bdc203719f808345ccfdf9a74066 SHA1: b2cfdf81e70e4ac057ca1c8f3ad42fe7196c3ab6 PEiD: -[/log] Winrar [log]Fil winrar.exe mottagen 2008.01.05 12:07:33 (CET) Antivirus Version Senaste Uppdatering Resultat AhnLab-V3 2008.1.5.11 2008.01.05 - AntiVir 7.6.0.46 2008.01.04 - Authentium 4.93.8 2008.01.04 - Avast 4.7.1098.0 2008.01.04 - AVG 7.5.0.516 2008.01.04 - BitDefender 7.2 2008.01.05 - CAT-QuickHeal 9.00 2008.01.05 - ClamAV 0.91.2 2008.01.05 - DrWeb 4.44.0.09170 2008.01.05 - eSafe 7.0.15.0 2008.01.03 - eTrust-Vet 31.3.5432 2008.01.04 - Ewido 4.0 2008.01.04 - FileAdvisor 1 2008.01.05 - Fortinet 3.14.0.0 2008.01.04 - F-Prot 4.4.2.54 2008.01.04 - F-Secure 6.70.13030.0 2008.01.04 - Ikarus T3.1.1.15 2008.01.05 - Kaspersky 7.0.0.125 2008.01.05 - McAfee 5200 2008.01.04 - Microsoft 1.3109 2008.01.05 - NOD32v2 2766 2008.01.04 - Norman 5.80.02 2008.01.04 - Panda 9.0.0.4 2008.01.04 - Prevx1 V2 2008.01.05 - Rising 20.25.52.00 2008.01.05 - Sophos 4.24.0 2008.01.05 - Sunbelt 2.2.907.0 2008.01.05 - Symantec 10 2008.01.05 - TheHacker 6.2.9.180 2008.01.04 - VBA32 3.12.2.5 2008.01.02 - VirusBuster 4.3.26:9 2008.01.04 - Webwasher-Gateway 6.6.2 2008.01.04 - Övrig information File size: 1207026 bytes MD5: 8c1f7d4079ed6ecf216f39eb56705958 SHA1: 19c20ab10616b44656b2c20e80072fa200a57016 PEiD: - packers: RAR packers: PE_Patch[/log] Senaste hijack-loggen [log]Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 12:22:24, on 2008-01-05 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\CTHELPER.EXE C:\Program\iTunes\iTunesHelper.exe C:\WINDOWS\system32\rundll32.exe C:\Program\Java\jre1.6.0_03\bin\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Program\DAEMON Tools Lite\daemon.exe C:\Program\Delade filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program\iPod\bin\iPodService.exe C:\WINDOWS\system32\wscntfy.exe C:\PROGRAM\MOZILL~1\FIREFOX.EXE C:\WINDOWS\system32\wuauclt.exe C:\Program\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.se/0SESVSE/SAOS01?FORM=TOOLBR R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program\Delade filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program\Windows Live Toolbar\msntb.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program\Windows Live Toolbar\msntb.dll O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [acsnfjgskort] C:\WINDOWS\system32\acsnfjgskort.exe O4 - HKLM\..\Run: [klnx] C:\WINDOWS\system32\klnx.exe O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [xjam] C:\WINDOWS\system32\xjam.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program\DAEMON Tools Lite\daemon.exe" O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJÄNST') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [setDefaultMidi] MIDIDEF.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [setDefaultMidi] MIDIDEF.EXE (User 'Default user') O8 - Extra context menu item: &Windows Live Search - res://C:\Program\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Öppna på ny flik i bakgrunden - res://C:\Program\Windows Live Toolbar\Components\sv-se\msntabres.dll.mui/229?23ed71a4597e4245a5ebbbd584fe2f17 O8 - Extra context menu item: Öppna på ny flik i förgrunden - res://C:\Program\Windows Live Toolbar\Components\sv-se\msntabres.dll.mui/230?23ed71a4597e4245a5ebbbd584fe2f17 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Referensinformation - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program\Delade filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: iPod Service - Apple Inc. - C:\Program\iPod\bin\iPodService.exe -- End of file - 4487 bytes [/log] [inlägget ändrat 2008-01-05 12:23:10 av Yazan]
  4. Väldigt flummigt svar du fick av mig, skyller på att det är snart är morgon. Det gick inte att uploada zipfilen "upload me".
  5. Msnfix kommer den ifrån. Här kommer combofix loggen: [log]ComboFix 08-01-04.1 - yazan 2008-01-04 21:21:23.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1053.18.588 [GMT 1:00] Running from: C:\Documents and Settings\yazan\Skrivbord\ComboFix.exe * Created a new restore point . ((((((((((((((((((((((((( Files Created from 2007-12-04 to 2008-01-04 ))))))))))))))))))))))))))))))) . 2008-01-04 21:20 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe 2008-01-04 21:02 . 2008-01-04 21:02 <KAT> d-------- C:\Program\Trend Micro 2008-01-04 14:50 . 2008-01-04 14:50 <KAT> d-------- C:\Program\SymNetDrv 2008-01-04 14:45 . 2008-01-04 15:43 <KAT> d-------- C:\Program\Delade filer\Symantec Shared 2008-01-04 14:45 . 2008-01-04 14:45 <KAT> d-------- C:\Documents and Settings\yazan\Application Data\Symantec 2008-01-04 14:45 . 2008-01-04 15:38 <KAT> d-------- C:\Documents and Settings\All Users\Application Data\Symantec 2007-12-30 16:57 . 2007-12-30 16:58 <KAT> d-------- C:\Program\SopCast 2007-12-28 09:33 . 2007-12-28 09:33 <KAT> d-------- C:\Documents and Settings\yazan\Application Data\vlc 2007-12-28 09:23 . 2007-12-28 09:23 <KAT> d-------- C:\Program\VideoLAN 2007-12-28 09:16 . 2007-12-28 09:24 <KAT> d-------- C:\Program\Winamp Remote 2007-12-28 09:15 . 2005-01-28 13:44 142,336 --a------ C:\WINDOWS\system32\setb3.tmp 2007-12-28 00:32 . 2003-06-19 01:31 17,920 --a------ C:\WINDOWS\system32\mdimon.dll 2007-12-28 00:32 . 2007-12-28 00:32 383 --a------ C:\WINDOWS\ODBC.INI 2007-12-28 00:31 . 2007-12-28 00:32 <KAT> d-------- C:\WINDOWS\SHELLNEW 2007-12-28 00:29 . 2007-12-28 00:29 <KAT> dr-h----- C:\MSOCache 2007-12-27 09:49 . 2007-12-27 09:49 122,480 --a------ C:\WINDOWS\~GLC0001.TMP 2007-12-27 09:49 . 2007-12-27 09:49 5,607 --a------ C:\WINDOWS\~GLH0001.TMP 2007-12-26 18:27 . 2007-12-26 18:34 <KAT> d-------- C:\Program\Opera 2007-12-26 18:26 . 2007-12-26 18:26 <KAT> d-------- C:\Program\iTunes 2007-12-26 18:26 . 2007-12-26 18:26 <KAT> d-------- C:\Program\iPod 2007-12-26 18:26 . 2007-12-26 18:26 <KAT> d-------- C:\Documents and Settings\yazan\Application Data\Apple Computer 2007-12-26 18:26 . 2008-01-04 15:41 54,156 --ah----- C:\WINDOWS\QTFont.qfn 2007-12-26 18:26 . 2007-12-26 18:26 1,409 --a------ C:\WINDOWS\QTFont.for 2007-12-26 18:25 . 2007-12-26 18:26 <KAT> d-------- C:\Program\QuickTime 2007-12-26 18:25 . 2007-12-26 18:25 <KAT> d-------- C:\Program\Delade filer\Apple 2007-12-26 18:25 . 2007-12-26 18:25 <KAT> d-------- C:\Program\Apple Software Update 2007-12-26 18:25 . 2007-12-26 18:26 <KAT> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer 2007-12-26 18:25 . 2007-12-26 18:25 <KAT> d-------- C:\Documents and Settings\All Users\Application Data\Apple 2007-12-25 23:13 . 2007-12-25 23:13 <KAT> d-------- C:\Program\Strmedia 2007-12-25 23:13 . 1998-10-27 11:08 317,952 --a------ C:\WINDOWS\system32\Roboex32.dll 2007-12-25 23:13 . 2007-12-25 23:13 122,480 --a------ C:\WINDOWS\~GLC0000.TMP 2007-12-25 23:13 . 1998-10-20 16:05 54,784 --a------ C:\WINDOWS\system32\Inetwh32.dll 2007-12-25 23:13 . 2007-12-25 23:13 5,607 --a------ C:\WINDOWS\~GLH0000.TMP 2007-12-25 18:34 . 2004-08-03 23:07 59,264 --a------ C:\WINDOWS\system32\drivers\USBAUDIO.sys 2007-12-25 18:34 . 2004-08-03 23:07 59,264 --a--c--- C:\WINDOWS\system32\dllcache\usbaudio.sys 2007-12-25 18:33 . 2007-12-25 18:36 <KAT> d-------- C:\Documents and Settings\yazan\Application Data\Voipwise 2007-12-25 18:32 . 2007-12-25 18:32 <KAT> d-------- C:\Program\Voipwise.com 2007-12-25 17:25 . 2007-12-25 17:25 <KAT> d-------- C:\Program\DivX 2007-12-25 00:50 . 2007-12-27 00:56 <KAT> d--h----- C:\WINDOWS\$hf_mig$ 2007-12-25 00:50 . 2005-06-28 10:21 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe 2007-12-25 00:02 . 2007-12-25 00:02 <KAT> d-------- C:\Program\Paradox Entertainment 2007-12-24 21:21 . 2007-12-25 00:01 139,264 --a------ C:\WINDOWS\War3Unin.exe 2007-12-24 21:21 . 2007-12-25 09:59 69,404 --a------ C:\WINDOWS\War3Unin.dat 2007-12-24 21:21 . 2007-12-25 00:01 2,829 --a------ C:\WINDOWS\War3Unin.pif 2007-12-24 21:18 . 2008-01-04 14:06 <KAT> d-------- C:\Program\Warcraft III 2007-12-24 17:56 . 2007-12-24 17:56 <KAT> d-------- C:\Documents and Settings\yazan\Application Data\Sports Interactive 2007-12-24 17:52 . 2007-12-24 17:52 <KAT> dr-h----- C:\Documents and Settings\yazan\Application Data\SecuROM 2007-12-24 17:52 . 2007-12-24 17:52 107,888 --a------ C:\WINDOWS\system32\CmdLineExt.dll 2007-12-24 17:50 . 2007-12-24 17:51 <KAT> d--h----- C:\Program\Zero G Registry 2007-12-24 17:50 . 2007-12-24 17:50 <KAT> d-------- C:\Program\Sports Interactive 2007-12-24 17:50 . 2007-12-24 17:50 <KAT> d--h----- C:\Documents and Settings\yazan\InstallAnywhere 2007-12-24 17:13 . 2007-12-25 09:22 <KAT> d-------- C:\Program\7-Zip 2007-12-24 17:09 . 2005-10-16 08:00 12,928 --a------ C:\WINDOWS\system32\drivers\filedisk.sys 2007-12-24 16:47 . 2008-01-04 10:59 <KAT> d-------- C:\Documents and Settings\yazan\Application Data\Azureus 2007-12-24 16:47 . 2007-12-24 16:47 <KAT> d-------- C:\Documents and Settings\All Users\Application Data\Azureus 2007-12-24 16:46 . 2007-12-24 16:46 <KAT> d-------- C:\Program\Azureus 2007-12-24 16:37 . 2007-12-24 16:38 <KAT> d-------- C:\Program\DAEMON Tools Lite 2007-12-24 16:37 . 2008-01-04 20:43 <KAT> d-------- C:\Program\AdVantage 2007-12-24 16:37 . 2007-12-24 17:49 <KAT> d-------- C:\Documents and Settings\yazan\Application Data\DAEMON Tools 2007-12-24 16:36 . 2007-12-24 16:36 715,248 --a------ C:\WINDOWS\system32\drivers\sptd.sys 2007-12-24 16:36 . 2008-01-04 15:40 30,180 --a------ C:\WINDOWS\system32\BMXStateBkp-{00000002-00000000-0000000A-00001102-00000004-10091102}.rfx 2007-12-24 16:36 . 2008-01-04 15:40 30,180 --a------ C:\WINDOWS\system32\BMXState-{00000002-00000000-0000000A-00001102-00000004-10091102}.rfx 2007-12-24 16:36 . 2008-01-04 15:40 30,168 --a------ C:\WINDOWS\system32\BMXCtrlState-{00000002-00000000-0000000A-00001102-00000004-10091102}.rfx 2007-12-24 16:36 . 2008-01-04 15:40 30,168 --a------ C:\WINDOWS\system32\BMXBkpCtrlState-{00000002-00000000-0000000A-00001102-00000004-10091102}.rfx 2007-12-24 16:36 . 2008-01-04 15:40 1,080 --a------ C:\WINDOWS\system32\settingsbkup.sfm 2007-12-24 16:36 . 2008-01-04 15:40 1,080 --a------ C:\WINDOWS\system32\settings.sfm 2007-12-24 16:36 . 2008-01-04 15:40 288 --a------ C:\WINDOWS\system32\DVCStateBkp-{00000002-00000000-0000000A-00001102-00000004-10091102}.dat 2007-12-24 16:36 . 2008-01-04 15:40 288 --a------ C:\WINDOWS\system32\DVCState-{00000002-00000000-0000000A-00001102-00000004-10091102}.dat 2007-12-24 15:32 . 2007-12-24 15:32 <KAT> d-------- C:\hp 2007-12-23 22:47 . 2007-12-25 17:25 671 --a------ C:\WINDOWS\mozver.dat 2007-12-23 22:40 . 2007-12-24 00:07 <KAT> d-------- C:\Documents and Settings\yazan\Contacts 2007-12-23 22:38 . 2007-12-23 22:38 <KAT> d-------- C:\Documents and Settings\All Users\Application Data\Windows Live Toolbar 2007-12-23 22:38 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll 2007-12-23 22:38 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll 2007-12-23 22:38 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui 2007-12-23 22:37 . 2007-07-30 19:19 43,352 --a------ C:\WINDOWS\system32\wups2.dll 2007-12-23 22:37 . 2007-07-30 19:18 34,136 --a------ C:\WINDOWS\system32\wucltui.dll.mui 2007-12-23 22:37 . 2007-07-30 19:19 25,944 --a------ C:\WINDOWS\system32\wuaucpl.cpl.mui 2007-12-23 22:37 . 2007-07-30 19:19 25,944 --a------ C:\WINDOWS\system32\wuapi.dll.mui 2007-12-23 22:37 . 2007-07-30 19:18 20,312 --a------ C:\WINDOWS\system32\wuaueng.dll.mui 2007-12-23 22:36 . 2007-12-25 18:20 <KAT> d-------- C:\Program\Windows Live Toolbar 2007-12-23 22:35 . 2007-12-26 18:25 <KAT> d----c--- C:\WINDOWS\system32\DRVSTORE 2007-12-23 22:34 . 2008-01-01 11:39 <KAT> d-------- C:\Program\MSN Messenger 2007-12-23 22:31 . 2007-12-23 22:31 1,207,026 --a------ C:\winrar.exe 2007-12-11 23:34 . 2007-12-11 23:34 1,044,480 --a------ C:\WINDOWS\system32\libdivx.dll 2007-12-11 23:34 . 2007-12-11 23:34 200,704 --a------ C:\WINDOWS\system32\ssldivx.dll 2007-12-11 10:57 . 2007-12-11 10:57 65,536 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx 2007-12-11 10:57 . 2007-12-11 10:57 49,152 --a------ C:\WINDOWS\system32\QuickTime.qts . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-12-23 20:25 --------- d-----w C:\Program\Delade filer\SpeechEngines 2007-12-23 20:25 --------- d-----w C:\Program\Delade filer\ODBC 2007-12-23 19:42 --------- d-----w C:\Program\microsoft frontpage 2007-12-23 19:40 --------- d-----w C:\Program\Onlinetjänster 2007-12-23 19:39 --------- d-----w C:\Program\Delade filer\MSSoap 2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys 2007-10-29 22:45 1,289,728 ----a-w C:\WINDOWS\system32\quartz.dll 2007-10-20 05:01 227,328 ----a-w C:\WINDOWS\system32\wmasf.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:34 15360] "DAEMON Tools Lite"="C:\Program\DAEMON Tools Lite\daemon.exe" [2007-12-19 21:13 486856] "AdVantage"="C:\Program\AdVantage\AdVantage.exe" [2007-06-28 15:19 880080] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTHelper"="CTHELPER.EXE" [2003-05-28 18:59 28672 C:\WINDOWS\system32\cthelper.exe] "QuickTime Task"="C:\Program\QuickTime\qttask.exe" [2007-12-11 10:56 286720] "iTunesHelper"="C:\Program\iTunes\iTunesHelper.exe" [2007-12-11 12:10 267048] "acsnfjgskort"="C:\WINDOWS\system32\acsnfjgskort.exe" [ ] "klnx"="C:\WINDOWS\system32\klnx.exe" [ ] "BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 00:34 110592 C:\WINDOWS\system32\bthprops.cpl] "xjam"="C:\WINDOWS\system32\xjam.exe" [ ] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 00:34 15360] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "SetDefaultMidi"="MIDIDEF.EXE" [2002-12-03 23:16 49152 C:\WINDOWS\mididef.exe] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fc8d3934-b198-11dc-82f0-000ea670fb2d}] \Shell\AutoRun\command - wd_windows_tools\setup.exe *Newly Created Service* - PROCEXP90 . Contents of the 'Scheduled Tasks' folder "2007-12-29 12:41:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - C:\Program\Apple Software Update\SoftwareUpdate.exe "2008-01-04 20:16:00 C:\WINDOWS\Tasks\Kontrollera uppdateringar för Windows Live Toolbar.job" - C:\Program\Windows Live Toolbar\MSNTBUP.EXE . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-01-04 21:22:14 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2008-01-04 21:22:30 . 2007-12-30 00:46:28 --- E O F --- [/log] [inlägget ändrat 2008-01-04 21:32:43 av Yazan]
  6. Mina syskon + msn= virus Har (förhoppningsvis) båda loggarna som behövs. [log] .. OK ... C:\DOCUME~1\yazan\LOKALA~1\Temp\*.dmp .. OK ...... .. OK ... C:\DOCUME~1\yazan\LOKALA~1\Temp\*.dmp .. OK ... C:\WINDOWS\nsreg.dat .. OK ... C:\WINDOWS\system32\acsnfjgskort.exe .. OK ... C:\WINDOWS\system32\gcg.exe .. OK ... C:\WINDOWS\system32\klnx.exe .. OK ... C:\WINDOWS\system32\mffsos.exe .. OK ... C:\WINDOWS\system32\szwilaevdrt.exe .. OK ... C:\WINDOWS\system32\xjam.exe ************************ Registry Cleaning ************************ Suspect Files /!\ The detected files must be reviewed by a forum Helper before changes can be made [C:\winrar.exe] 8C1F7D4079ED6ECF216F39EB56705958 ==> Please upload the file C:\DOCUME~1\yazan\SKRIVB~1\Upload_Me.zip to http://upload.changelog.fr'>http://upload.changelog.fr The File and Registry deletions have been saved in 2008-01-04_18452507.zip ==> Please upload the file 2008-01-04_18452507.zip to http://upload.changelog.fr ------------------------------------------------------------ ------------ Author : !aur3n7 Contact: http://changelog.fr ------------------------------------------------------------ ------------ --------------------------------------------- END --------------------------------------------- [/log] [log] Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 21:02:15, on 2008-01-04 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\CTHELPER.EXE C:\Program\iTunes\iTunesHelper.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\ctfmon.exe C:\Program\Messenger\msmsgs.exe C:\Program\DAEMON Tools Lite\daemon.exe C:\Program\AdVantage\AdVantage.exe C:\Program\Delade filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\WINDOWS\system32\wscntfy.exe C:\Program\iPod\bin\iPodService.exe C:\WINDOWS\system32\wuauclt.exe C:\PROGRAM\MOZILL~1\FIREFOX.EXE C:\Program\MSN Messenger\msnmsgr.exe C:\Program\MSN Messenger\usnsvc.exe C:\Program\Internet Explorer\iexplore.exe C:\Program\Delade filer\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\Documents and Settings\yazan\Skrivbord\HiJackThis_v2.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\WINDOWS\system32\svchost.exe C:\Program\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.se/0SESVSE/SAOS01?FORM=TOOLBR'>http://g.msn.se/0SESVSE/SAOS01?FORM=TOOLBR'>http://g.msn.se/0SESVSE/SAOS01?FORM=TOOLBR R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.se/0SESVSE/SAOS01?FORM=TOOLBR R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.se/0SESVSE/SAOS01?FORM=TOOLBR R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program\Delade filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program\Windows Live Toolbar\msntb.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program\Windows Live Toolbar\msntb.dll O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [acsnfjgskort] C:\WINDOWS\system32\acsnfjgskort.exe O4 - HKLM\..\Run: [klnx] C:\WINDOWS\system32\klnx.exe O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [xjam] C:\WINDOWS\system32\xjam.exe O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program\DAEMON Tools Lite\daemon.exe" O4 - HKCU\..\Run: [AdVantage] "C:\Program\AdVantage\AdVantage.exe" O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJÄNST') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [setDefaultMidi] MIDIDEF.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [setDefaultMidi] MIDIDEF.EXE (User 'Default user') O8 - Extra context menu item: &Windows Live Search - res://C:\Program\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Öppna på ny flik i bakgrunden - res://C:\Program\Windows Live Toolbar\Components\sv-se\msntabres.dll.mui/229?23ed71a4597e4245a5ebbbd584fe2f17 O8 - Extra context menu item: Öppna på ny flik i förgrunden - res://C:\Program\Windows Live Toolbar\Components\sv-se\msntabres.dll.mui/230?23ed71a4597e4245a5ebbbd584fe2f17 O9 - Extra button: Referensinformation - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program\Delade filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: iPod Service - Apple Inc. - C:\Program\iPod\bin\iPodService.exe -- End of file - 4677 bytes [/log] Tack på förhand. [inlägget ändrat 2008-01-04 21:07:38 av Yazan] [inlägget ändrat 2008-01-04 21:10:47 av Yazan]
  7. Ber om ursäkt för bumpen. Men nu har man fått samma problem. Har (förhoppningsvis) båda loggarna som behövs. [log].. OK ... C:\DOCUME~1\yazan\LOKALA~1\Temp\*.dmp .. OK ... C:\WINDOWS\nsreg.dat .. OK ... C:\WINDOWS\system32\acsnfjgskort.exe .. OK ... C:\WINDOWS\system32\gcg.exe .. OK ... C:\WINDOWS\system32\klnx.exe .. OK ... C:\WINDOWS\system32\mffsos.exe .. OK ... C:\WINDOWS\system32\szwilaevdrt.exe .. OK ... C:\WINDOWS\system32\xjam.exe ************************ Registry Cleaning ************************ Suspect Files /!\ The detected files must be reviewed by a forum Helper before changes can be made [C:\winrar.exe] 8C1F7D4079ED6ECF216F39EB56705958 ==> Please upload the file C:\DOCUME~1\yazan\SKRIVB~1\Upload_Me.zip to http://upload.changelog.fr'>http://upload.changelog.fr The File and Registry deletions have been saved in 2008-01-04_18452507.zip ==> Please upload the file 2008-01-04_18452507.zip to http://upload.changelog.fr ------------------------------------------------------------------------ Author : !aur3n7 Contact: http://changelog.fr ------------------------------------------------------------------------ --------------------------------------------- END --------------------------------------------- [/log] [log]Logfile of Trend Micro HijackThis v2.0.0 (BETA) Scan saved at 18:55:01, on 2008-01-04 Platform: Windows XP SP2 (WinNT 5.01.2600) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\CTHELPER.EXE C:\Program\iTunes\iTunesHelper.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\ctfmon.exe C:\Program\Messenger\msmsgs.exe C:\Program\DAEMON Tools Lite\daemon.exe C:\Program\AdVantage\AdVantage.exe C:\Program\Delade filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\WINDOWS\system32\wscntfy.exe C:\Program\iPod\bin\iPodService.exe C:\WINDOWS\system32\wuauclt.exe C:\PROGRAM\MOZILL~1\FIREFOX.EXE C:\Program\MSN Messenger\msnmsgr.exe C:\Program\MSN Messenger\usnsvc.exe C:\WINDOWS\system32\notepad.exe C:\WINDOWS\system32\wuauclt.exe C:\Program\Internet Explorer\iexplore.exe C:\Program\Delade filer\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\Program\Windows Live Toolbar\msn_sl.exe C:\Documents and Settings\yazan\Skrivbord\HiJackThis_v2.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.se/0SESVSE/SAOS01?FORM=TOOLBR'>http://g.msn.se/0SESVSE/SAOS01?FORM=TOOLBR'>http://g.msn.se/0SESVSE/SAOS01?FORM=TOOLBR R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.se/0SESVSE/SAOS01?FORM=TOOLBR R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.se/0SESVSE/SAOS01?FORM=TOOLBR R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program\Delade filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program\Windows Live Toolbar\msntb.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program\Windows Live Toolbar\msntb.dll O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [acsnfjgskort] C:\WINDOWS\system32\acsnfjgskort.exe O4 - HKLM\..\Run: [klnx] C:\WINDOWS\system32\klnx.exe O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [xjam] C:\WINDOWS\system32\xjam.exe O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program\DAEMON Tools Lite\daemon.exe" O4 - HKCU\..\Run: [AdVantage] "C:\Program\AdVantage\AdVantage.exe" O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJÄNST') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [setDefaultMidi] MIDIDEF.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [setDefaultMidi] MIDIDEF.EXE (User 'Default user') O8 - Extra context menu item: &Windows Live Search - res://C:\Program\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Öppna på ny flik i bakgrunden - res://C:\Program\Windows Live Toolbar\Components\sv-se\msntabres.dll.mui/229?23ed71a4597e4245a5ebbbd584fe2f17 O8 - Extra context menu item: Öppna på ny flik i förgrunden - res://C:\Program\Windows Live Toolbar\Components\sv-se\msntabres.dll.mui/230?23ed71a4597e4245a5ebbbd584fe2f17 O9 - Extra button: Referensinformation - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program\Delade filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: iPod Service - Apple Inc. - C:\Program\iPod\bin\iPodService.exe -- End of file - 4887 bytes [/log] Oerhört tacksam för all hjälp som man kan få.
  8. Här är förhoppningsvis den sista loggfilen, men jag kunde inte hitta "C:\WINDOWS\System32\outpostupdate.exe". Har nu laddat ner och installerat programen som du länkade till. [log] Logfile of HijackThis v1.99.1 Scan saved at 15:50:15, on 2005-08-28 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe c:\Program\Delade filer\Symantec Shared\ccSetMgr.exe c:\Program\Delade filer\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\windows\system\hpsysdrv.exe C:\Program\HP\Digital Imaging\Unload\hpqcmon.exe C:\WINDOWS\System32\hphmon05.exe C:\HP\KBD\KBD.EXE C:\Program\Delade filer\Symantec Shared\ccApp.exe C:\WINDOWS\System32\CTHELPER.EXE C:\Program\Multimedia Card Reader\shwicon2k.exe C:\Program\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe C:\Program\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE C:\Program\Winamp\winampa.exe C:\Program\QuickTime\qttask.exe C:\Program\iTunes\iTunesHelper.exe C:\Program\WildTangent\Apps\CDA\GameDrvr.exe C:\Program\Zone Labs\ZoneAlarm\zlclient.exe C:\Program\Messenger\msmsgs.exe C:\Program\MSN Messenger\MsnMsgr.Exe C:\WINDOWS\System32\rundll32.exe C:\Program\Ares\Ares.exe C:\Program\HP\Digital Imaging\bin\hpqtra08.exe C:\WINDOWS\System32\CTSvcCDA.EXE c:\Program\Norton AntiVirus\navapsvc.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\WINDOWS\System32\MsPMSPSv.exe C:\Program\iPod\bin\iPodService.exe C:\WINDOWS\System32\HPZipm12.exe c:\Program\Norton AntiVirus\SAVScan.exe C:\WINDOWS\System32\wuauclt.exe C:\Program\SpywareGuard\sgmain.exe C:\Program\SpywareGuard\sgbhp.exe C:\Program\Mozilla Firefox\firefox.exe C:\Program\HJT\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://msn.se/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program\SpywareGuard\dlprotect.dll O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program\MSN Apps\MSN Toolbar\01.02.4000.1001\sv\msntb.dll O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program\Norton AntiVirus\NavShExt.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program\MSN Apps\MSN Toolbar\01.02.4000.1001\sv\msntb.dll O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe O4 - HKLM\..\Run: [CamMonitor] c:\Program\HP\Digital Imaging\Unload\hpqcmon.exe O4 - HKLM\..\Run: [HPHUPD05] c:\Program\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE O4 - HKLM\..\Run: [updateManager] "C:\Program\Delade filer\Sonic\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE O4 - HKLM\..\Run: [VTTimer] VTTimer.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect O4 - HKLM\..\Run: [ccApp] "c:\Program\Delade filer\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe O4 - HKLM\..\Run: [sunkist2k] C:\Program\Multimedia Card Reader\shwicon2k.exe O4 - HKLM\..\Run: [CTSysVol] C:\Program\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe O4 - HKLM\..\Run: [CTDVDDet] C:\Program\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE O4 - HKLM\..\Run: [updReg] C:\WINDOWS\UpdReg.EXE O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe" O4 - HKLM\..\Run: [symantec NetDriver Monitor] C:\Program\SYMNET~1\SNDMon.exe /Consumer O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [WinampAgent] C:\Program\Winamp\winampa.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [WildTangent CDA] "C:\Program\WildTangent\Apps\CDA\GameDrvr.exe" /startup "C:\Program\WildTangent\Apps\CDA\cdaEngine0500.dll" O4 - HKLM\..\Run: [sSC_UserPrompt] C:\Program\Delade filer\Symantec Shared\Security Center\UsrPrmpt.exe O4 - HKLM\..\Run: [Zone Labs Client] C:\Program\Zone Labs\ZoneAlarm\zlclient.exe O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook O4 - HKCU\..\Run: [MSMSGS] "C:\Program\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [MsnMsgr] "C:\Program\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [NBJ] "C:\Program\Ahead\Nero BackItUp\NBJ.exe" O4 - HKCU\..\Run: [steam] C:\Program\Valve\Steam\Steam.exe -silent O4 - HKCU\..\Run: [ares] "C:\Program\Ares\Ares.exe" -h O4 - Startup: SpywareGuard.lnk = C:\Program\SpywareGuard\sgmain.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program\HP\Digital Imaging\bin\hpqtra08.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\MSMSGS.EXE O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\MSMSGS.EXE O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program\Delade filer\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Program\Delade filer\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program\Delade filer\Symantec Shared\ccSetMgr.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTSvcCDA.EXE O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program\iPod\bin\iPodService.exe O23 - Service: Norton AntiVirus Auto Protect-tjänst (navapsvc) - Symantec Corporation - c:\Program\Norton AntiVirus\navapsvc.exe O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe O23 - Service: SAVScan - Symantec Corporation - c:\Program\Norton AntiVirus\SAVScan.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\SNDSrvc.exe O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\Security Center\SymWSC.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe [/log]
  9. Tack för all hjälp, datorn fungerar bra igen:) Men här är alla loggfiler Från cwshredder fick jag endast "Removed CWS.hidden.dll" Från aboutbuster fick jag denna loggfil: [log]AboutBuster 5.0 reference file 31 Scan started on [2005-08-28] at [10:52:09] ------------------------------------------------ No Ads Found! ------------------------------------------------ No Files Found! ------------------------------------------------ Scan was COMPLETED SUCCESSFULLY at 10:52:35 [/log] Sphfix gav mig denna logg: [log](8-28-05 10:53:53) SPSeHjFix started v1.1.2 (8-28-05 10:53:53) OS: WinXP Service Pack 1 (5.1.2600) (8-28-05 10:53:53) Language: svenska (8-28-05 10:53:53) Win-Path: C:\WINDOWS (8-28-05 10:53:53) System-Path: C:\WINDOWS\System32 (8-28-05 10:53:53) Temp-Path: C:\DOCUME~1\ADMINI~1\LOKALA~1\Temp(8-28-05 10:54:00) Disinfection started (8-28-05 10:54:00) Bad-Dll(IEP): c:\docume~1\garen~1\lokala~1\temp\se.dll (8-28-05 10:54:00) Searchassistant Uninstaller found: regsvr32 /s /u C:\WINDOWS\System32\ohcl.dll (8-28-05 10:54:00) Searchassistant Uninstaller - Keys Deleted (8-28-05 10:54:00) UBF: 7 - UBB: 3 - UBR: 29 (8-28-05 10:54:00) Run-Key: HKLM\Software\Microsoft\Windows\CurrentVersion\Run\sp=rundll32 C:\DOCUME~1\GAREN~1\LOKALA~1\Temp\se.dll,DllInstall (deleted) (8-28-05 10:54:00) UBF: 7 - UBB: 3 - UBR: 28 (8-28-05 10:54:00) Bad IE-pages: deleted: HKLM\Software\Microsoft\Internet Explorer\Main, Search Bar: res://c:\docume~1\garen~1\lokala~1\temp\se.dll/space.html deleted: HKLM\Software\Microsoft\Internet Explorer\Main, Search Page: about:blank deleted: HKLM\Software\Microsoft\Internet Explorer\Main, Start Page: about:blank deleted: HKLM\Software\Microsoft\Internet Explorer\Main, HomeOldSP: about:blank deleted: HKLM\Software\Microsoft\Internet Explorer\Search, SearchAssistant: about:blank (8-28-05 10:54:00) Stealth-String not found (8-28-05 10:54:00) File added to delete: c:\windows\system32\ohcl.dll (8-28-05 10:54:00) File added to delete: c:\docume~1\garen~1\lokala~1\temp\se.dll (8-28-05 10:54:00) Reboot (8-28-05 11:26:03) SPSeHjFix started v1.1.2 (8-28-05 11:26:03) OS: WinXP Service Pack 1 (5.1.2600) (8-28-05 11:26:03) Language: svenska (8-28-05 11:26:03) Win-Path: C:\WINDOWS (8-28-05 11:26:03) System-Path: C:\WINDOWS\System32 (8-28-05 11:26:03) Temp-Path: C:\DOCUME~1\GAREN~1\LOKALA~1\Temp(8-28-05 11:26:44) Disinfection started (8-28-05 11:26:44) Bad-Dll(IEP): c:\docume~1\garen~1\lokala~1\temp\se.dll (8-28-05 11:26:44) UBF: 7 - UBB: 3 - UBR: 32 (8-28-05 11:26:44) UBF: 7 - UBB: 3 - UBR: 32 (8-28-05 11:26:44) Bad IE-pages: deleted: HKCU\Software\Microsoft\Internet Explorer\Main, Search Bar: res://c:\docume~1\garen~1\lokala~1\temp\se.dll/space.html deleted: HKCU\Software\Microsoft\Internet Explorer\Main, Search Page: about:blank deleted: HKCU\Software\Microsoft\Internet Explorer\Main, Start Page: about:blank deleted: HKCU\Software\Microsoft\Internet Explorer\Main, HomeOldSP: about:blank deleted: HKCU\Software\Microsoft\Internet Explorer\Search, SearchAssistant: about:blank (8-28-05 11:26:44) Stealth-String not found (8-28-05 11:26:44) No locked Files to delete. End without Reboot (8-28-05 11:26:47) Disinfection started (8-28-05 11:26:47) Bad-Dll(IEP): c:\docume~1\garen~1\lokala~1\temp\se.dll (8-28-05 11:26:47) UBF: 7 - UBB: 3 - UBR: 32 (8-28-05 11:26:47) UBF: 7 - UBB: 3 - UBR: 32 (8-28-05 11:26:47) Bad IE-pages: (none) (8-28-05 11:26:47) Stealth-String not found (8-28-05 11:26:47) No locked Files to delete. End without Reboot [/log] Senaste hijackthis loggen:[log] Logfile of HijackThis v1.99.1 Scan saved at 12:23:50, on 2005-08-28 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe c:\Program\Delade filer\Symantec Shared\ccSetMgr.exe c:\Program\Delade filer\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\windows\system\hpsysdrv.exe C:\Program\HP\Digital Imaging\Unload\hpqcmon.exe C:\WINDOWS\System32\hphmon05.exe C:\HP\KBD\KBD.EXE C:\Program\Delade filer\Symantec Shared\ccApp.exe C:\WINDOWS\System32\CTHELPER.EXE C:\Program\Multimedia Card Reader\shwicon2k.exe C:\Program\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe C:\Program\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE C:\Program\Winamp\winampa.exe C:\Program\QuickTime\qttask.exe C:\Program\iTunes\iTunesHelper.exe C:\Program\WildTangent\Apps\CDA\GameDrvr.exe C:\WINDOWS\System32\rundll32.exe C:\Program\Messenger\msmsgs.exe C:\Program\MSN Messenger\MsnMsgr.Exe C:\Program\Ares\Ares.exe C:\Program\HP\Digital Imaging\bin\hpqtra08.exe C:\WINDOWS\System32\CTSvcCDA.EXE c:\Program\Norton AntiVirus\navapsvc.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\MsPMSPSv.exe C:\Program\iPod\bin\iPodService.exe C:\WINDOWS\System32\HPZipm12.exe c:\Program\Norton AntiVirus\SAVScan.exe C:\WINDOWS\System32\wuauclt.exe C:\Program\Mozilla Firefox\firefox.exe C:\Program\Internet Explorer\IEXPLORE.EXE C:\Program\HJT\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://msn.se/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program\MSN Apps\MSN Toolbar\01.02.4000.1001\sv\msntb.dll O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program\Norton AntiVirus\NavShExt.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program\MSN Apps\MSN Toolbar\01.02.4000.1001\sv\msntb.dll O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe O4 - HKLM\..\Run: [CamMonitor] c:\Program\HP\Digital Imaging\Unload\hpqcmon.exe O4 - HKLM\..\Run: [HPHUPD05] c:\Program\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE O4 - HKLM\..\Run: [updateManager] "C:\Program\Delade filer\Sonic\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE O4 - HKLM\..\Run: [VTTimer] VTTimer.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect O4 - HKLM\..\Run: [ccApp] "c:\Program\Delade filer\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe O4 - HKLM\..\Run: [sunkist2k] C:\Program\Multimedia Card Reader\shwicon2k.exe O4 - HKLM\..\Run: [CTSysVol] C:\Program\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe O4 - HKLM\..\Run: [CTDVDDet] C:\Program\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE O4 - HKLM\..\Run: [updReg] C:\WINDOWS\UpdReg.EXE O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe" O4 - HKLM\..\Run: [symantec NetDriver Monitor] C:\Program\SYMNET~1\SNDMon.exe /Consumer O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [WinampAgent] C:\Program\Winamp\winampa.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [WildTangent CDA] "C:\Program\WildTangent\Apps\CDA\GameDrvr.exe" /startup "C:\Program\WildTangent\Apps\CDA\cdaEngine0500.dll" O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook O4 - HKCU\..\Run: [MSMSGS] "C:\Program\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [MsnMsgr] "C:\Program\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [NBJ] "C:\Program\Ahead\Nero BackItUp\NBJ.exe" O4 - HKCU\..\Run: [steam] C:\Program\Valve\Steam\Steam.exe -silent O4 - HKCU\..\Run: [outpostupdate] C:\WINDOWS\System32\outpostupdate.exe O4 - HKCU\..\Run: [ares] "C:\Program\Ares\Ares.exe" -h O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program\HP\Digital Imaging\bin\hpqtra08.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\MSMSGS.EXE O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\MSMSGS.EXE O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program\Delade filer\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Program\Delade filer\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program\Delade filer\Symantec Shared\ccSetMgr.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTSvcCDA.EXE O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program\iPod\bin\iPodService.exe O23 - Service: Norton AntiVirus Auto Protect-tjänst (navapsvc) - Symantec Corporation - c:\Program\Norton AntiVirus\navapsvc.exe O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe O23 - Service: SAVScan - Symantec Corporation - c:\Program\Norton AntiVirus\SAVScan.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\SNDSrvc.exe [/log] Här är loggen från trendmicros online skanning: [log] Virus Scan 0 virus cleaned, 2 viruses deleted Results: We have detected 2 infected file(s) with 2 virus(es) on your computer. Only 0 out of 0 infected files are displayed: - 0 virus(es) passed, 0 virus(es) no action available - 0 virus(es) cleaned, 0 virus(es) uncleanable - 2 virus(es) deleted, 0 virus(es) undeletable - 0 virus(es) not found, 0 virus(es) unaccessible Detected File Associated Virus Name Action Taken C:\Documents and Settings\Ägaren\Lokala inställningar\Temporary Internet Files\Content.IE5\F76KNZLY\2[1].exe TROJ_DROPPER.JW Deletion successful C:\RECYCLER\S-1-5-21-1276778682-488304209-1638530887-500\Dc1.exe TROJ_SMALL.QR Deletion successful Trojan/Worm Check 0 worm/Trojan horse deleted What we checked: Malicious activity by a Trojan horse program. Although a Trojan seems like a harmless program, it contains malicious code and once installed can cause damage to your computer. Results: We have detected 0 Trojan horse program(s) and worm(s) on your computer. Only 0 out of 0 Trojan horse programs and worms are displayed: - 0 worm(s)/Trojan(s) passed, 0 worm(s)/Trojan(s) no action available - 0 Worm(s)/Trojan(s) deleted, 0 worm(s)/Trojan(s) undeletable Trojan/Worm Name Trojan/Worm Type Action Taken Spyware Check 3 spyware programs removed What we checked: Whether personal information was tracked and reported by spyware. Spyware is often installed secretly with legitimate programs downloaded from the Internet. Results: We have detected 3 spyware(s) on your computer. Only 0 out of 0 spywares are displayed: - 0 spyware(s) passed, 0 spyware(s) no action available - 3 spyware(s) removed, 0 spyware(s) unremovable Spyware Name Spyware Type Action Taken COOKIE_1314 Cookie Removal successful COOKIE_1543 Cookie Removal successful ADW_BADBITOR.A Adware Removal successful Microsoft Vulnerability Check 54 vulnerabilities detected What we checked: Microsoft known security vulnerabilities. These are issues Microsoft has identified and released Critical Updates to fix. Results: We have detected 54 vulnerability/vulnerabilities on your computer. Only 0 out of 0 vulnerabilities are displayed. Risk Level Issue How to Fix Highly Critical This vulnerability enables a remote attacker to execute arbitrary code through a WebDAV request to IIS 5.0. This is caused by a buffer overflow in NTDLL.DLL on Windows NT 4.0, Windows NT 4.0 Terminal Server Edition, Windows 2000, and Windows XP. MS03-007 Critical This vulnerability allows a remote attacker to execute arbitrary code without user approval. This is caused by the authenticode capability in Microsoft Windows NT through Server 2003 not prompting the user to download and install ActiveX controls when system is low on memory. MS03-041 Important This vulnerability is due to a buffer overrun in the ListBox and ComboBox controls found in User32.dll. Any program that implements the ListBox control or the ComboBox control could allow arbitrary code to be executed at the same privilege level. This vulnerability cannot be exploited remotely. MS03-045 Critical This vulnerability could allow an attacker to access information from other Web sites, access files on a user's system, and run arbitrary code on a user's system, wherein this is executed under the security context of the currently logged on user.;This vulnerability could allow an attacker to save a file on the users system. This is due to dynamic HTML events related to the drag-and-drop of Internet Explorer.;This vulnerability, which is due to the incorrect parsing of URLs which contain special characters, could allow an attacker to trick a user by presenting one URL in the address bar, wherein it actually contains the content of another web site of the attackers choice. MS04-004 Highly Critical The LSASS vulnerability is a buffer overrun vulnerability allows remote code execution.;The LDAP vulnerability is a denial of service (DoS) vulnerability that causes the service in a Windows 2000 domain controller responsible for authenticating users in an Active Directory domain to stop responding.;The PCT vulnerability is a buffer overrun vulnerability in the Private Communications Transport (PCT) protocol, a part of the SSL library, that allows remote code execution.;The Winlogon vulnerability is a buffer overrun vulnerability in the Windows logon process (winlogon) that allows remote code execution.;The Metafile vulnerability is a buffer overrun vulnerability that exists in the rendering of Windows Metafile (WMF) and Enhanced Metafile (EMF) image formats.;The Help and Support Center vulnerability allows remote code execution and is due to the way Help and Support Center handles HCP URL validation.;The Utility Manager vulnerability is a privilege elevation vulnerability that exists due to the way that Utility Manager launches applications.;The Windows Management vulnerability is a privilege elevation vulnerability that when successfully exploited allows a local attacker to take complete control of a system by executing commands at the system privilege level.;The Local Descriptor Table vulnerability is a privilege elevation vulnerability that when successfully exploited allows a local attacker to take complete control of a system by executing commands at with system privileges.;The H.323 vulnerability is a buffer overrun vulnerability that when successfully exploited can allows attackers to gain full control of a system by arbitrarily executing commands with system privileges.;Virtual DOS Machine vulnerability is a privilege elevation vulnerability that when successfully exploited allows a local attacker to gain full control of a system by executing commands with system privileges.;The Negotiate SSP vulnerability is a buffer overrun vulnerability that exists in Microsoft's Negotiate Security Service Provider (SSP) interface and allows remote code execution.;The SSL vulnerability exists due to the way SSL packets are handled and can causes the affected systems to stop responding to SSL connection requests.;The ASN.1 'Double-Free' vulnerability exists in Microsoft's Abstract Syntax Notation One (ASN.1) Library and allows remote code execution at the system privilege level. MS04-011 Critical The RPC Runtime Library vulnerability is a remote code execution vulnerability that results from a race condition when the RPC Runtime Library processes specially crafted messages. An attacker who successfully exploits this vulnerability could take complete control of an affected system.;The RPCSS Service denial of service (DoS) vulnerability allows a malicious user or malware to send specially-crafted messages to a vulnerable system, which causes the RPCSS Service to stop responding.;The RPC Over HTTP vulnerability may be used to launch a denial of service (DoS) attack against a system with CIS or RPC over HTTP Proxy enabled.;When successfully exploited, the Object Identity vulnerability allows an attacker to force currently running applications to open network communication ports, thereby opening a system to remote attacks. MS04-012 Critical The MHTML URL Processing Vulnerability allows remote attackers to bypass domain restrictions and execute arbitrary code via script in a compiled help (CHM) file that references the InfoTech Storage (ITS) protocol handlers.This could allow an attacker to take complete control of an affected system. MS04-013 Critical This vulnerability exists in the Help and Support Center (HCP) and is due to the way it handles HCP URL validation. This vulnerability could allow an attacker to remotely execute arbitrary code with Local System privileges. MS04-015 Moderate This is a denial of service (DoS) vulnerability. It affects applications that implement the IDirectPlay4 Application Programming Interface (API) of Microsoft DirectPlay. Applications that use this API are typically network-based multiplayer games.;An attacker who successfully exploits this vulnerability could cause the DirectX application to fail while a user is playing a game. The affected user would then have to restart the application. MS04-016 Moderate A denial of service (DoS) vulnerability exists in Outlook Express that could cause the said program to fail. The malformed email should be removed before restarting Outlook Express in order to regain its normal operation. MS04-018 Critical This vulnerability lies in an unchecked buffer within the Task Scheduler component. When exploited, it allows the attacker to execute arbitrary code on the affected machine with the same privileges as the currently logged on user. MS04-022 Critical An attacker who successfully exploits this vulnerability could gain the same privileges as that of the currently logged on user. If the user is logged in with administrative privileges, the attacker could take complete control of the system. User accounts with fewer privileges are at less risk than users with administrative privileges. MS04-023 Critical The Navigation Method Cross-Domain Vulnerability is a remote execution vulnerability that exists in Internet Explorer because of the way that it handles navigation methods. An attacker could exploit this vulnerability by constructing a malicious Web page that could potentially allow remote code execution if a user visits a malicious Web site.;The Malformed BMP File Buffer Overrun Vulnerability exists in the processing of BMP image file formats that could allow remote code execution on an affected system.;The Malformed GIF File Double Free Vulnerability is a buffer overrun vulnerability that exists in the processing of GIF image file formats that could allow remote code execution on an affected system. MS04-025 Critical This vulnerability lies in the way the affected components process JPEG image files. An unchecked buffer within this process is the cause of the vulnerability.;This remote code execution vulnerability could allow a malicious user or a malware to take complete control of the affected system if the affected user is currently logged on with administrative privileges. The malicious user or malware can execute arbitrary code on the system giving them the ability to install or run programs and view or edit data with full privileges. Thus, this vulnerability can conceivably be used by a malware for replication purposes. MS04-028 Important An unchecked buffer exists in the NetDDE services that could allow remote code execution. An attacker who is able to successfully exploit this vulnerability is capable of gaining complete control over an affected system. However, the NetDDe services are not automatically executed, and so would then have to be manually started for an attacker to exploit this vulnerability. This vulnerability also allows attackers to perform a local elevation of privilege, or a remote denial of service (DoS) attack. MS04-031 Critical This cumulative release from Microsoft covers four newly discovered vulnerabilities: Windows Management Vulnerability, Virtual DOS Machine Vulnerability, Graphics Rendering Engine Vulnerability, and Windows Kernel Vulnerability. MS04-032 Critical This is another privately reported vulnerability about Windows Compressed Folders. There is vulnerability on the way that Windows processes Compressed (Zipped) Folders that could lead to remote code execution. Windows can not properly handle the extraction of the ZIP folder with a very long file name. Opening a specially crafted compressed file, a stack-based overflow occurs, enabling the remote user to execute arbitrary code. MS04-034 Critical This security bulletin focuses on the following vulnerabilities: Shell Vulnerability (CAN-2004-0214), and Program Group Converter Vulnerability (CAN-2004-0572). Shell vulnerability exists on the way Windows Shell launches applications that could enable remote malicious user or malware to execute arbitrary code. Windows Shell function does not properly check the length of the message before copying to the allocated buffer. Program Group Converter is an application used to convert Program Manager Group files that were produced in Windows 3.1, Windows 3.11, Windows for Workgroups 3.1, and Windows for Workgroups 3.11 so that they can still be used by later operating systems. The vulnerability lies in an unchecked buffer within the Group Converter Utility. MS04-037 Critical This is a remote code execution vulnerability that exists in the Internet Explorer. It allows remote code execution on an affected system. An attacker could exploit this vulnerability by constructing a malicious Web Page. The said routine could allow remote code execution if a user visited a malicious Web site. An attacker who successfully exploited this vulnerability could take complete control of an affected system. However, significant user interaction is required to exploit this vulnerability. MS04-038 Critical This security update addresses and resolves a vulnerability in Internet Explorer that could allow remote code execution. A Web page can be crafted to exploit this vulnerability such that an arbitrary application can be executed on visiting systems with the same priviledge as the currently logged on user. MS04-040 Important This security advisory explains the two discovered vulnerabilities in Microsoft Word for Windows 6.0 Converter, which is used by WordPad in converting Word 6.0 to WordPad file format. Once exploited, this remote code execution vulnerability could allow a malicious user or a malware to take complete control of the affected system if the affected user is currently logged on with administrative privileges. MS04-041 Critical A remote code execution vulnerability exists in HyperTerminal because of a buffer overrun. If a user is logged on with administrator privileges, an attacker could exploit the vulnerability by constructing a malicious HyperTerminal session file that could potentially allow remote code execution and then persuade a user to open this file. This malicious file may enable the attacker to gain complete control of the affected system. This vulnerability could also be exploited through a malicious Telnet URL if HyperTerminal had been set as the default Telnet client. MS04-043 Important This security update addresses and resolves two windows vulnerabilites, both of which may enable the current user to take control of the affected system. Both of these vulnerabilites require that the curernt user be able to log on locally and execute programs. They cannot be exploited remotely, or by anonymous users. A privilege elevation vulnerability exists in the way that the Windows Kernel launches applications. This vulnerability could allow the current user to take complete control of the system. A privilege elevation vulnerability exists in the way that the LSASS validates identity tokens. This vulnerability could allow the current user to take complete control of the affected system. MS04-044 Critical This update resolves a newly-discovered, publicly reported vulnerability. A vulnerability exists in the HTML Help ActiveX control in Windows that could allow information disclosure or remote code execution on an affected system. MS05-001 Critical This update resolves several newly-discovered, privately reported and public vulnerabilities. An attacker who successfully exploited the most severe of these vulnerabilities could take complete control of an affected system, install programs, view, change, or delete data, or create new accounts that have full privileges. MS05-002 Important This update resolves a newly-discovered, privately reported vulnerability. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs, view, change, or delete data, or create new accounts with full privileges. While remote code execution is possible, an attack would most likely result in a denial of service condition. MS05-003 Important A vulnerability in ASP.NET allows an attacker to bypass the security of an ASP.NET Web site, and access a machine. The attacker gains unauthorized access to some areas of the said Web site, and is able to control it accordingly. The actions that the attacker could take would depend on the specific content being protected. MS05-004 Important This is an information disclosure vulnerability. An attacker who successfully exploits this vulnerability could remotely read the user names for users who have an open connection to an available shared resource. MS05-007 Important This remote code execution vulnerability exists in the way Windows handles drag-and-drop events. An attacker could exploit the vulnerability by constructing a malicious Web page that could potentially allow an attacker to save a file on the users system if a user visited a malicious Web site or viewed a malicious e-mail message. MS05-008 Critical This remote code execution vulnerability exists in the processing of PNG image formats. An attacker who successfully exploits this vulnerability could take complete control of an affected system. MS05-009 Critical This remote code execution vulnerability exists in Server Message Block (SMB). It allows an attacker who successfully exploits this vulnerability to take complete control of the affected system. MS05-011 Critical This privilege elevation vulnerability exists in the way that the affected operating systems and programs access memory when they process COM structured storage files. This vulnerability could grant a currently logged-on user to take complete control of the system.;This remote code execution vulnerability exists in OLE because of the way that it handles input validation. An attacker could exploit the vulnerability by constructing a malicious document that could potentially allow remote code execution. MS05-012 Critical This vulnerability exists in the DHTML Editing Component ActiveX Control. This vulnerability could allow information disclosure or remote code execution on an affected system. MS05-013 Critical This update resolves known vulnerabilities affecting Internet Explorer. An attacker who successfully exploits these vulnerabilities could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. MS05-014 Critical A remote code execution vulnerability exists in the Hyperlink Object Library. This problem exists because of an unchecked buffer while handling hyperlinks. An attacker could exploit the vulnerability by constructing a malicious hyperlink which could potentially lead to remote code execution if a user clicks a malicious link within a Web site or e-mail message. MS05-015 Important A remote code execution vulnerability exists in the Windows Shell because of the way that it handles application association. If a user is logged on with administrative privileges, an attacker who successfully exploited this vulnerability could take complete control of the affected system. However, user interaction is required to exploit this vulnerability. MS05-016 Important This security bulletin resolves newly-discovered, privately-reported vulnerabilities affecting Windows. An attacker who successfully exploited the most severe of these vulnerabilities could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. MS05-018 Critical This security bulletin resolves newly discovered, privately-reported vulnerabilities affecting Windows. An attacker who successfully exploited the most severe of these vulnerabilities could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. However, an attacker who successfully exploited the most severe of these vulnerabilities would most likely cause the affected system to stop responding. MS05-019 Critical This security bulletin resolves three newly-discovered, privately-reported vulnerabilities affecting Internet Explorer. If a user is logged on with administrative user rights, an attacker who successfully exploited any of these vulnerabilities could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. MS05-020 Critical This security bulletin resolves the following vulnerabilities affecting Internet Explorer.; The PNG Image Rendering Memory Corruption vulnerability could allow an attacker to execute arbitrary code on the system because of a vulnerability in the way Internet Explorer handles PNG images.; The XML Redirect Information Disclosure vulnerability could allow an attacker to read XML data from another Internet Explorer domain because of a vulnerability in the way Internet Explorer handles certain requests to display XML content. MS05-025 Critical HTML Help is the standard help system for the Windows platform. Authors can use it to create online Help files for a software application or content for a multimedia title or a Web site. This vulnerability in HTML Help could allow attackers to execute arbitrary code on the affected system via a specially crafted Compiled Windows Help (CHM) file, because it does not completely validate input data. MS05-026 Critical A remote code execution vulnerability exists in the Microsofts implementation of the Server Message Block (SMB) protocol, which could allow an attacker to execute arbitrary codes to take complete control over a target system. This vulnerability could be exploited over the Internet. An attacker would have to transmit a specially crafted SMB packet to a target system to exploit it. However, failure to successfully exploit the vulnerability could only lead to a denial of service. MS05-027 Important A vulnerability exists in the way that Windows processes Web Client requests, which could allow a remote attacker to execute arbitrary code and take complete control over the affected system. MS05-028 Important A remote code execution vulnerability exists in Outlook Express when it is used as a newsgroup reader. An attacker could exploit this vulnerability by constructing a malicious newsgroup server that could that potentially allow remote code execution if a user queried the server for news. MS05-030 Moderate This vulnerability could enable an attacker to spoof trusted Internet content because security prompts can be disguised by a Microsoft Agent character. MS05-032 Moderate This vulnerability in the Microsoft Telnet client could allow an attacker to gain sensitive information about the affected system and read the session variables of users who have open connections to a malicious Telnet server. MS05-033 Critical This vulnerability could allow a remote attacker to execute arbitrary codes on the affected system via a malicious image file in a Web site or email message. This vulnerability exists because of the way Microsoft Color Management Module handles ICC profile format tag validation. MS05-036 Critical A COM object, the JView Profiler (Javaprxy.dll), contains a remote code execution vulnerability that could allow an attacker to take complete control of an affected system by hosting a malicious Web site. MS05-037 Critical This security bulletin resolves the following vulnerabilities found in Internet Explorer: (1) JPEG Image Rendering Memory Corruption vulnerability, which allows remote code execution when exploited by a remote malicious user, (2) Web Folder Behaviors Cross-Domain vulnerability, allows information disclosure or remote code execution on an affected system, and (3) COM Object Instantiation Memory Corruption vulnerability, which exists in the way Internet Explorer lists the instances of COM Objects that are not intended to be used in Internet Explorer. MS05-038 Critical An unchecked buffer in the Plug and Play service results in this vulnerability. Once successfully exploited, this vulnerability permits an attacker to have complete virtual control of an affected system. This vulnerability involves a remote code execution and local elevation of privilege. It can be exploited over the Internet. MS05-039 Important This security advisory explains a vulnerability in the Telephony Application Programming Interface (TAPI) service that could allow remote code execution. Attackers who successfully exploits the said vulnerability can take complete control of an affected system. They could then install programs, view, change, or delete data, and create new accounts with full user rights. MS05-040 Moderate A remote malicious user can use the process employed by the Remote Desktop Protocol (RDP) to validate data to cause a denial of service (DoS) attack, which stops an affected machine from responding and causing it to automatically restart. MS05-041 Moderate This security bulletin resolves the following vulnerabilities found in Microsoft Windows: (1) the Kerberos vulnerability, which is a denial of service vulnerability that allows an attacker to send a specially crafted message to a Windows domain controller, making the service that is responsible for authenticating users in an Active Directory domain to stop responding, and (2)the PKINIT vulnerability, which is an information disclosure and spoofing vulnerability that allows an attacker to manipulate certain information that is sent from a domain controller and potentially access sensitive client network communication. MS05-042 Critical A remote code execution vulnerability in the Printer Spooler service allows an attacker who successfully exploits this vulnerability to take complete control of the affected system. MS05-043 [/log] Det är nog allt. [inlägget ändrat 2005-08-28 12:26:16 av Yazan]
  10. Här är svaret på den scannade filen: AntiVir Found TR/Drop.Small.aad.3 ArcaVir Found Trojan.Downloader.Murlo.Ar Avast Found nothing AVG Antivirus Found Downloader.Generic.CRB BitDefender Found Trojan.Downloader.Murlo.AR ClamAV Found nothing Dr.Web Found Trojan.DownLoader.3823 F-Prot Antivirus Found nothing Fortinet Found nothing Kaspersky Anti-Virus Found Trojan-Downloader.Win32.Murlo.ar NOD32 Found nothing Norman Virus Control Found W32/Murlo.AA UNA Found nothing VBA32 Found Trojan-Downloader.Win32.Murlo.ar
  11. Till xbox spelar jag street fighter anniversary collection, medan PS2 används mest just nu till Shin Megami Tensei:Lucifers Call samt Marvel Vs Capcom 2. Donkey Kong Jungle Beat är spelet som snurrar flitigast i min Gamecube. Till DS spelas Yoshi touch and go och Diablo 2: LoD spelas mest på PC. [inlägget ändrat 2005-08-27 22:38:49 av Yazan]
  12. Får denna meddelande varje gång jag vill sätta på msn messenger. Misstänker att det är något virus eller annat jobbigt så jar skapat en loggfil med hjälp av hijackthis så att ni kan hjälpa mig att finna felet. Logfile of HijackThis v1.99.1 Scan saved at 21:58:22, on 2005-08-27 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe c:\Program\Delade filer\Symantec Shared\ccSetMgr.exe c:\Program\Delade filer\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\windows\system\hpsysdrv.exe C:\Program\HP\Digital Imaging\Unload\hpqcmon.exe C:\WINDOWS\System32\hphmon05.exe C:\Program\Delade filer\Symantec Shared\ccApp.exe C:\WINDOWS\System32\CTHELPER.EXE C:\Program\Multimedia Card Reader\shwicon2k.exe C:\Program\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe C:\Program\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE C:\Program\Winamp\winampa.exe C:\Program\QuickTime\qttask.exe C:\Program\iTunes\iTunesHelper.exe C:\WINDOWS\System32\outpostupdate.exe C:\WINDOWS\System32\rundll32.exe C:\Program\Messenger\msmsgs.exe C:\WINDOWS\System32\rundll32.exe C:\Program\HP\Digital Imaging\bin\hpqtra08.exe C:\WINDOWS\System32\CTSvcCDA.EXE c:\Program\Norton AntiVirus\navapsvc.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\MsPMSPSv.exe C:\Program\iPod\bin\iPodService.exe c:\Program\Norton AntiVirus\SAVScan.exe C:\WINDOWS\System32\wuauclt.exe C:\Program\Azureus\Azureus.exe C:\Program\Java\j2re1.4.2\bin\javaw.exe C:\Program\Valve\Steam\Steam.exe C:\Program\Mozilla Firefox\firefox.exe C:\Program\WildTangent\Apps\CDA\GameDrvr.exe C:\Program\WinRAR\WinRAR.exe C:\Program\HJT\HijackThis.exe C:\Program\Internet Explorer\iexplore.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\GAREN~1\LOKALA~1\Temp\se.dll/space.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\GAREN~1\LOKALA~1\Temp\se.dll/space.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program\MSN Apps\MSN Toolbar\01.02.4000.1001\sv\msntb.dll O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program\Norton AntiVirus\NavShExt.dll O2 - BHO: (no name) - {E4023EA0-761E-4B13-AC1D-95DFCBE03832} - C:\WINDOWS\System32\ohcl.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program\MSN Apps\MSN Toolbar\01.02.4000.1001\sv\msntb.dll O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe O4 - HKLM\..\Run: [CamMonitor] c:\Program\HP\Digital Imaging\Unload\hpqcmon.exe O4 - HKLM\..\Run: [HPHUPD05] c:\Program\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE O4 - HKLM\..\Run: [updateManager] "C:\Program\Delade filer\Sonic\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE O4 - HKLM\..\Run: [VTTimer] VTTimer.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect O4 - HKLM\..\Run: [ccApp] "c:\Program\Delade filer\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe O4 - HKLM\..\Run: [sunkist2k] C:\Program\Multimedia Card Reader\shwicon2k.exe O4 - HKLM\..\Run: [CTSysVol] C:\Program\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe O4 - HKLM\..\Run: [CTDVDDet] C:\Program\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE O4 - HKLM\..\Run: [updReg] C:\WINDOWS\UpdReg.EXE O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe" O4 - HKLM\..\Run: [symantec NetDriver Monitor] C:\Program\SYMNET~1\SNDMon.exe /Consumer O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [WinampAgent] C:\Program\Winamp\winampa.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [outpostupdate] C:\WINDOWS\System32\outpostupdate.exe O4 - HKLM\..\Run: [sp] rundll32 C:\DOCUME~1\GAREN~1\LOKALA~1\Temp\se.dll,DllInstall O4 - HKLM\..\Run: [WildTangent CDA] "C:\Program\WildTangent\Apps\CDA\GameDrvr.exe" /startup "C:\Program\WildTangent\Apps\CDA\cdaEngine0500.dll" O4 - HKLM\..\RunServices: [outpostupdate] C:\WINDOWS\System32\outpostupdate.exe O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook O4 - HKCU\..\Run: [MSMSGS] "C:\Program\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [MsnMsgr] "C:\Program\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [NBJ] "C:\Program\Ahead\Nero BackItUp\NBJ.exe" O4 - HKCU\..\Run: [steam] C:\Program\Valve\Steam\Steam.exe -silent O4 - HKCU\..\Run: [outpostupdate] C:\WINDOWS\System32\outpostupdate.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program\HP\Digital Imaging\bin\hpqtra08.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing) O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\MSMSGS.EXE O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\MSMSGS.EXE O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\Program\MSNMES~1\msgrapp.dll" (file missing) O18 - Filter: text/html - {E227FC80-D0BF-4A5D-8A35-F9DEF1AF444E} - C:\WINDOWS\System32\ohcl.dll O18 - Filter: text/plain - {E227FC80-D0BF-4A5D-8A35-F9DEF1AF444E} - C:\WINDOWS\System32\ohcl.dll O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll O21 - SSODL: LiveUpdate - {FABF9568-1A0D-8474-D5A3-25A00C3B91DE} - c:\program\symantec\liveupdate\winzzcjr32.dll O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program\Delade filer\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Program\Delade filer\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program\Delade filer\Symantec Shared\ccSetMgr.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTSvcCDA.EXE O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program\iPod\bin\iPodService.exe O23 - Service: Norton AntiVirus Auto Protect-tjänst (navapsvc) - Symantec Corporation - c:\Program\Norton AntiVirus\navapsvc.exe O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe O23 - Service: SAVScan - Symantec Corporation - c:\Program\Norton AntiVirus\SAVScan.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\SNDSrvc.exe Är tacksam för all hjälp.
×
×
  • Skapa nytt...