Just nu i M3-nätverket
Gå till innehåll

kean

Medlem
  • Antal inlägg

    9
  • Gick med

  • Senaste besök

  1. Sedan ett par dagar går det inte längre att skicka mail. Inkommande utan problem. Har chattat med Telia support, som kom fram till att konton och inställningar och brandvägg är ok. Felet ligger tydligen i min dator eller outlook. Vad göra?
  2. TACK!!! igen. Nu känner vi oss trygga igen
  3. Nu har vi gjort allt det där. TACK!!! Vad rekommenderar du att vi gör för att skydda oss i fortsättningen?
  4. HijackThis [log]Logfile of HijackThis v1.99.1 Scan saved at 21:46:14, on 2007-06-24 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16473) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program\Logitech\iTouch\iTouch.exe C:\Program\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE C:\WINDOWS\SOUNDMAN.EXE C:\Program\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program\Java\jre1.5.0_11\bin\jusched.exe C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE C:\Program\QuickTime\qttask.exe C:\Program\EPSON\Creativity Suite\Event Manager\EEventManager.exe C:\Program\Delade filer\Real\Update_OB\realsched.exe C:\Program\iTunes\iTunesHelper.exe C:\Program\Telia\Supportassistent\bin\tgcmd.exe C:\Program\Telia\Telias sakerhetstjanster\Common\FSM32.EXE C:\Program\SpyNoMore\SNM.exe C:\WINDOWS\system32\ctfmon.exe C:\Program\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe C:\Program\Pinnacle\Shared Files\InstantCDDVD\PCLETray.exe C:\Program\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.exe C:\Program\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Program\Adobe\Acrobat 7.0\Reader\reader_sl.exe C:\Program\SmartTrust\SmartTrust Personal\Csp\SmartCertmover.exe C:\Program\Lavasoft\Ad-Aware 2007\aawservice.exe C:\Program\Telia\TELIAS~1\backweb\7836882\Program\SERVIC~1.EXE C:\WINDOWS\system32\cisvc.exe C:\Program\Telia\Telias sakerhetstjanster\Anti-Virus\fsgk32st.exe C:\Program\Telia\Telias sakerhetstjanster\Anti-Virus\FSGK32.EXE C:\Program\Telia\Telias sakerhetstjanster\backweb\7836882\program\fsbwsys.exe C:\Program\Telia\Telias sakerhetstjanster\Anti-Virus\fssm32.exe C:\Program\Telia\Telias sakerhetstjanster\Common\FSMA32.EXE C:\Program\Telia\Telias sakerhetstjanster\Common\FSMB32.EXE C:\Program\Delade filer\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\system32\tcpsvcs.exe C:\Program\Telia\Telias sakerhetstjanster\backweb\7836882\Program\fspex.exe C:\WINDOWS\system32\Smartscaps.exe C:\Program\Telia\Telias sakerhetstjanster\Common\FCH32.EXE C:\WINDOWS\System32\snmp.exe C:\WINDOWS\system32\svchost.exe C:\Program\Delade filer\Symantec Shared\CCPD-LC\symlcsvc.exe C:\Program\Telia\Telias sakerhetstjanster\Common\FAMEH32.EXE C:\Program\Telia\Telias sakerhetstjanster\Anti-Virus\fsqh.exe C:\Program\Telia\Telias sakerhetstjanster\Anti-Virus\fsrw.exe C:\Program\Telia\Telias sakerhetstjanster\Anti-Virus\fsav32.exe C:\Program\iPod\bin\iPodService.exe C:\Program\Telia\Telias sakerhetstjanster\FWES\Program\fsdfwd.exe C:\Program\Telia\TELIAS~1\ANTI-S~1\fsaw.exe C:\Program\Telia\Telias sakerhetstjanster\FSGUI\fsguidll.exe C:\WINDOWS\system32\wuauclt.exe C:\Program\Microsoft Office\Office10\OUTLOOK.EXE C:\Program\Microsoft Office\Office10\WINWORD.EXE C:\Program\Messenger\msmsgs.exe C:\Program\Internet Explorer\IEXPLORE.EXE C:\Program\Hijackthis\HijackThis.exe R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {36ADA89D-2440-4DC4-820A-3A05E8630935} - C:\Program\Video ActiveX Access\iesplg.dll (file missing) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program\Java\jre1.5.0_11\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program\google\googletoolbar4.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program\google\googletoolbar4.dll O3 - Toolbar: Protection Bar - {29C5A3B6-9A8D-4FA0-B5AD-3E20F4AA5C00} - C:\Program\Video ActiveX Access\iesbpl.dll (file missing) O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program\Logitech\iTouch\iTouch.exe O4 - HKLM\..\Run: [EM_EXEC] C:\Program\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe O4 - HKLM\..\Run: [ATIPTA] C:\Program\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program\Java\jre1.5.0_11\bin\jusched.exe" O4 - HKLM\..\Run: [DXM6Patch_981116] C:\WINDOWS\p_981116.exe /Q:A O4 - HKLM\..\Run: [EPSON Stylus Photo R300 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P30 "EPSON Stylus Photo R300 Series" /O6 "USB002" /M "Stylus Photo R300" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [userFaultCheck] %systemroot%\system32\dumprep 0 -u O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - HKLM\..\Run: [EEventManager] C:\Program\EPSON\Creativity Suite\Event Manager\EEventManager.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program\Delade filer\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [iTunesHelper] "C:\Program\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [tgcmd] "C:\Program\Telia\Supportassistent\bin\tgcmd.exe" /server /startmonitor /deaf O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program\Telia\Telias sakerhetstjanster\Common\FSM32.EXE" /splash O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program\Telia\Telias sakerhetstjanster\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program\Telia\Telias sakerhetstjanster\FSGUI\FSSW.EXE" /reboot O4 - HKLM\..\Run: [DriveCleaner 2006 Free] "C:\Program\DriveCleaner 2006 Free\UDC2006.exe" /min O4 - HKLM\..\Run: [sNM] C:\Program\SpyNoMore\SNM.exe /startup O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [LDM] C:\Program\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe O4 - HKCU\..\Run: [instantTray] C:\Program\Pinnacle\Shared Files\InstantCDDVD\PCLETray.exe O4 - HKCU\..\Run: [iW_Drop_Icon] C:\Program\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.exe /dropdisc O4 - HKCU\..\Run: [swg] C:\Program\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Certificate Mover.lnk = ? O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: Telias säkerhetstjänster.lnk = C:\Program\Telia\Telias sakerhetstjanster\backweb\7836882\Program\fspex.exe O8 - Extra context menu item: &Blockera detta popup-fönster - C:\Program\Telia\Telias sakerhetstjanster\Anti-Spyware\blockpopups.htm O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_11\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_11\bin\ssv.dll O9 - Extra button: IE-sköld - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program\Telia\Telias sakerhetstjanster\Anti-Spyware\ieshield.dll O9 - Extra 'Tools' menuitem: IE-sköld... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program\Telia\Telias sakerhetstjanster\Anti-Spyware\ieshield.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe O11 - Options group: [iNTERNATIONAL] International* O14 - IERESET.INF: START_PAGE_URL=http://start.glocalnet.se O15 - Trusted Zone: *.handelsbanken.se O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://webkc.support.telia.se/sdccommon/download/tgctlcm.cab O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll O20 - AppInit_DLLs: C:\Program\Google\GOOGLE~1\GOEC62~1.DLL O20 - Winlogon Notify: !SASWinLogon - C:\Program\SUPERAntiSpyware\SASWINLO.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Automatisk LiveUpdate-schemaläggare - Unknown owner - C:\Program\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing) O23 - Service: Telias säkerhetstjänster (BackWeb Plug-in - 7836882) - BackWeb Technologies Inc. - C:\Program\Telia\TELIAS~1\backweb\7836882\Program\SERVIC~1.EXE O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program\Telia\Telias sakerhetstjanster\Anti-Virus\fsgk32st.exe O23 - Service: FSBWSYS - F-Secure Corp. - C:\Program\Telia\Telias sakerhetstjanster\backweb\7836882\program\fsbwsys.exe O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program\Telia\Telias sakerhetstjanster\FWES\Program\fsdfwd.exe O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program\Telia\Telias sakerhetstjanster\Common\FSMA32.EXE O23 - Service: Google Updater Service (gusvc) - Google - C:\Program\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program\iPod\bin\iPodService.exe O23 - Service: SmartTrust Smart Card Server (Smartscaps) - SmartTrust - C:\WINDOWS\system32\Smartscaps.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\CCPD-LC\symlcsvc.exe [/log] SmitfraudFix [log]SmitFraudFix v2.195 Scan done at 21:47:36,50, 2007-06-24 Run from C:\Documents and Settings\Anne\Skrivbord\SmitfraudFix OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT The filesystem type is NTFS Fix run in normal mode »»»»»»»»»»»»»»»»»»»»»»»» Process C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program\Logitech\iTouch\iTouch.exe C:\Program\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE C:\WINDOWS\SOUNDMAN.EXE C:\Program\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program\Java\jre1.5.0_11\bin\jusched.exe C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE C:\Program\QuickTime\qttask.exe C:\Program\EPSON\Creativity Suite\Event Manager\EEventManager.exe C:\Program\Delade filer\Real\Update_OB\realsched.exe C:\Program\iTunes\iTunesHelper.exe C:\Program\Telia\Supportassistent\bin\tgcmd.exe C:\Program\Telia\Telias sakerhetstjanster\Common\FSM32.EXE C:\Program\SpyNoMore\SNM.exe C:\WINDOWS\system32\ctfmon.exe C:\Program\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe C:\Program\Pinnacle\Shared Files\InstantCDDVD\PCLETray.exe C:\Program\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.exe C:\Program\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Program\Adobe\Acrobat 7.0\Reader\reader_sl.exe C:\Program\SmartTrust\SmartTrust Personal\Csp\SmartCertmover.exe C:\Program\Lavasoft\Ad-Aware 2007\aawservice.exe C:\Program\Telia\TELIAS~1\backweb\7836882\Program\SERVIC~1.EXE C:\WINDOWS\system32\cisvc.exe C:\Program\Telia\Telias sakerhetstjanster\Anti-Virus\fsgk32st.exe C:\Program\Telia\Telias sakerhetstjanster\Anti-Virus\FSGK32.EXE C:\Program\Telia\Telias sakerhetstjanster\backweb\7836882\program\fsbwsys.exe C:\Program\Telia\Telias sakerhetstjanster\Anti-Virus\fssm32.exe C:\Program\Telia\Telias sakerhetstjanster\Common\FSMA32.EXE C:\Program\Telia\Telias sakerhetstjanster\Common\FSMB32.EXE C:\Program\Delade filer\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\system32\tcpsvcs.exe C:\Program\Telia\Telias sakerhetstjanster\backweb\7836882\Program\fspex.exe C:\WINDOWS\system32\Smartscaps.exe C:\Program\Telia\Telias sakerhetstjanster\Common\FCH32.EXE C:\WINDOWS\System32\snmp.exe C:\WINDOWS\system32\svchost.exe C:\Program\Delade filer\Symantec Shared\CCPD-LC\symlcsvc.exe C:\Program\Telia\Telias sakerhetstjanster\Common\FAMEH32.EXE C:\Program\Telia\Telias sakerhetstjanster\Anti-Virus\fsqh.exe C:\Program\Telia\Telias sakerhetstjanster\Anti-Virus\fsrw.exe C:\Program\Telia\Telias sakerhetstjanster\Anti-Virus\fsav32.exe C:\Program\iPod\bin\iPodService.exe C:\Program\Telia\Telias sakerhetstjanster\FWES\Program\fsdfwd.exe C:\Program\Telia\TELIAS~1\ANTI-S~1\fsaw.exe C:\Program\Telia\Telias sakerhetstjanster\FSGUI\fsguidll.exe C:\WINDOWS\system32\wuauclt.exe C:\Program\Microsoft Office\Office10\OUTLOOK.EXE C:\Program\Microsoft Office\Office10\WINWORD.EXE C:\Program\Messenger\msmsgs.exe C:\Program\Internet Explorer\IEXPLORE.EXE C:\Program\Java\jre1.5.0_11\bin\jucheck.exe C:\WINDOWS\system32\cmd.exe »»»»»»»»»»»»»»»»»»»»»»»» hosts »»»»»»»»»»»»»»»»»»»»»»»» C: »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32 »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Anne »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Anne\Application Data »»»»»»»»»»»»»»»»»»»»»»»» Start Menu »»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Anne\FAVORI~1 »»»»»»»»»»»»»»»»»»»»»»»» Desktop »»»»»»»»»»»»»»»»»»»»»»»» C:\Program »»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys »»»»»»»»»»»»»»»»»»»»»»»» Desktop Components »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler !!!Attention, following keys are not inevitably infected!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs !!!Attention, following keys are not inevitably infected!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"="C:\\Program\\Google\\GOOGLE~1\\GOEC62~1.DLL" »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System !!!Attention, following keys are not inevitably infected!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] "System"="" »»»»»»»»»»»»»»»»»»»»»»»» Rustock »»»»»»»»»»»»»»»»»»»»»»»» DNS Description: VIA Compatable Fast Ethernet Adapter - Miniport för paketschemaläggning DNS Server Search Order: 195.67.199.21 DNS Server Search Order: 195.67.199.22 HKLM\SYSTEM\CCS\Services\Tcpip\..\{90E03677-203D-4FB1-BEA7-9615B24FBACB}: DhcpNameServer=195.67.199.21 195.67.199.22 HKLM\SYSTEM\CS1\Services\Tcpip\..\{90E03677-203D-4FB1-BEA7-9615B24FBACB}: DhcpNameServer=195.67.199.21 195.67.199.22 HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=195.67.199.21 195.67.199.22 HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=195.67.199.21 195.67.199.22 »»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection »»»»»»»»»»»»»»»»»»»»»»»» End[/log] Ja, Norton ska vara avinstallerat. Hittade inte Drivecleaner i kontrollpanelen, men tog bort hittade genvägar.
  5. [log]SmitFraudFix v2.195 Scan done at 21:15:53,32, 2007-06-24 Run from C:\Documents and Settings\Anne\Skrivbord\SmitfraudFix OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT The filesystem type is NTFS Fix run in normal mode »»»»»»»»»»»»»»»»»»»»»»»» Process C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program\Lavasoft\Ad-Aware 2007\aawservice.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\cisvc.exe C:\Program\Telia\Telias sakerhetstjanster\Anti-Virus\fsgk32st.exe C:\Program\Telia\Telias sakerhetstjanster\Anti-Virus\FSGK32.EXE C:\Program\Telia\Telias sakerhetstjanster\Anti-Virus\fssm32.exe C:\Program\Telia\Telias sakerhetstjanster\Common\FSMA32.EXE C:\Program\Delade filer\Microsoft Shared\VS7Debug\mdm.exe C:\Program\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE C:\WINDOWS\SOUNDMAN.EXE C:\Program\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program\Java\jre1.5.0_11\bin\jusched.exe C:\Program\QuickTime\qttask.exe C:\Program\EPSON\Creativity Suite\Event Manager\EEventManager.exe C:\WINDOWS\system32\tcpsvcs.exe C:\Program\Delade filer\Real\Update_OB\realsched.exe C:\Program\iTunes\iTunesHelper.exe C:\Program\Telia\Supportassistent\bin\tgcmd.exe C:\Program\SpyNoMore\SNM.exe C:\WINDOWS\system32\ctfmon.exe C:\Program\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe C:\Program\Pinnacle\Shared Files\InstantCDDVD\PCLETray.exe C:\Program\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.exe C:\Program\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Program\SmartTrust\SmartTrust Personal\Csp\SmartCertmover.exe C:\WINDOWS\system32\Smartscaps.exe C:\WINDOWS\System32\snmp.exe C:\WINDOWS\system32\svchost.exe C:\Program\Delade filer\Symantec Shared\CCPD-LC\symlcsvc.exe C:\Program\iPod\bin\iPodService.exe C:\Program\Java\jre1.5.0_11\bin\jucheck.exe C:\WINDOWS\system32\cidaemon.exe C:\Program\Hijackthis\HijackThis.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Program\Microsoft Office\Office10\OUTLOOK.EXE C:\Program\Microsoft Office\Office10\WINWORD.EXE C:\Program\Messenger\msmsgs.exe C:\Program\Internet Explorer\IEXPLORE.EXE C:\Program\Telia\Telias sakerhetstjanster\Common\FSM32.EXE C:\Program\Telia\Telias sakerhetstjanster\Common\FSMB32.EXE C:\Program\Telia\Telias sakerhetstjanster\Common\FCH32.EXE C:\Program\Telia\Telias sakerhetstjanster\backweb\7836882\program\fsbwsys.exe C:\Program\Telia\TELIAS~1\backweb\7836882\Program\SERVIC~1.EXE C:\Program\Telia\Telias sakerhetstjanster\Common\FAMEH32.EXE C:\Program\Telia\Telias sakerhetstjanster\Anti-Virus\fsqh.exe C:\Program\Telia\Telias sakerhetstjanster\Anti-Virus\fsrw.exe C:\Program\Telia\Telias sakerhetstjanster\FWES\Program\fsdfwd.exe C:\Program\Telia\Telias sakerhetstjanster\backweb\7836882\Program\fspex.exe C:\Program\Telia\Telias sakerhetstjanster\Anti-Virus\fsav32.exe C:\Program\Telia\TELIAS~1\ANTI-S~1\fsaw.exe C:\Program\Telia\Telias sakerhetstjanster\FSGUI\fsguidll.exe C:\WINDOWS\system32\cmd.exe »»»»»»»»»»»»»»»»»»»»»»»» hosts »»»»»»»»»»»»»»»»»»»»»»»» C: »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32 »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Anne »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Anne\Application Data »»»»»»»»»»»»»»»»»»»»»»»» Start Menu »»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Anne\FAVORI~1 C:\DOCUME~1\Anne\FAVORI~1\Online Security Test.url FOUND ! »»»»»»»»»»»»»»»»»»»»»»»» Desktop »»»»»»»»»»»»»»»»»»»»»»»» C:\Program C:\Program\Video ActiveX Access\ FOUND ! »»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys »»»»»»»»»»»»»»»»»»»»»»»» Desktop Components [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0] "Source"="About:Home" "SubscribedURL"="About:Home" "FriendlyName"="Min aktuella startsida" »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler !!!Attention, following keys are not inevitably infected!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler] "{44e670f2-d57b-4815-a576-955d17dbbf2d}"="cankered" [HKEY_CLASSES_ROOT\CLSID\{44e670f2-d57b-4815-a576-955d17dbbf2d}\InProcServer32] @="C:\WINDOWS\system32\dooep.dll" [HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{44e670f2-d57b-4815-a576-955d17dbbf2d}\InProcServer32] @="C:\WINDOWS\system32\dooep.dll" »»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs !!!Attention, following keys are not inevitably infected!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"="C:\\Program\\Google\\GOOGLE~1\\GOEC62~1.DLL" »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System !!!Attention, following keys are not inevitably infected!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] "System"="" »»»»»»»»»»»»»»»»»»»»»»»» Rustock »»»»»»»»»»»»»»»»»»»»»»»» DNS Description: VIA Compatable Fast Ethernet Adapter - Miniport för paketschemaläggning DNS Server Search Order: 195.67.199.21 DNS Server Search Order: 195.67.199.22 HKLM\SYSTEM\CCS\Services\Tcpip\..\{90E03677-203D-4FB1-BEA7-9615B24FBACB}: DhcpNameServer=195.67.199.21 195.67.199.22 HKLM\SYSTEM\CS1\Services\Tcpip\..\{90E03677-203D-4FB1-BEA7-9615B24FBACB}: DhcpNameServer=195.67.199.21 195.67.199.22 HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=195.67.199.21 195.67.199.22 HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=195.67.199.21 195.67.199.22 »»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection »»»»»»»»»»»»»»»»»»»»»»»» End [/log]
  6. Här kommer den. Är så himla tacksam för din hjälp. [log]Logfile of HijackThis v1.99.1 Scan saved at 21:01:22, on 2007-06-24 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16473) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program\Lavasoft\Ad-Aware 2007\aawservice.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\cisvc.exe C:\Program\Telia\Telias sakerhetstjanster\Anti-Virus\fsgk32st.exe C:\Program\Telia\Telias sakerhetstjanster\Anti-Virus\FSGK32.EXE C:\Program\Telia\Telias sakerhetstjanster\Anti-Virus\fssm32.exe C:\Program\Telia\Telias sakerhetstjanster\Common\FSMA32.EXE C:\Program\Delade filer\Microsoft Shared\VS7Debug\mdm.exe C:\Program\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE C:\WINDOWS\SOUNDMAN.EXE C:\Program\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program\Java\jre1.5.0_11\bin\jusched.exe C:\Program\QuickTime\qttask.exe C:\Program\EPSON\Creativity Suite\Event Manager\EEventManager.exe C:\WINDOWS\system32\tcpsvcs.exe C:\Program\Delade filer\Real\Update_OB\realsched.exe C:\Program\iTunes\iTunesHelper.exe C:\Program\Telia\Supportassistent\bin\tgcmd.exe C:\Program\SpyNoMore\SNM.exe C:\WINDOWS\system32\ctfmon.exe C:\Program\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe C:\Program\Pinnacle\Shared Files\InstantCDDVD\PCLETray.exe C:\Program\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.exe C:\Program\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Program\SmartTrust\SmartTrust Personal\Csp\SmartCertmover.exe C:\WINDOWS\system32\Smartscaps.exe C:\WINDOWS\System32\snmp.exe C:\WINDOWS\system32\svchost.exe C:\Program\Delade filer\Symantec Shared\CCPD-LC\symlcsvc.exe C:\Program\iPod\bin\iPodService.exe C:\Program\Java\jre1.5.0_11\bin\jucheck.exe C:\WINDOWS\system32\cidaemon.exe C:\Program\Telia\Telias sakerhetstjanster\Common\FSM32.EXE C:\Program\Telia\Telias sakerhetstjanster\Common\FSMB32.EXE C:\Program\Telia\Telias sakerhetstjanster\Common\FCH32.EXE C:\Program\Telia\Telias sakerhetstjanster\backweb\7836882\program\fsbwsys.exe C:\Program\Telia\TELIAS~1\backweb\7836882\Program\SERVIC~1.EXE C:\Program\Telia\Telias sakerhetstjanster\Common\FAMEH32.EXE C:\Program\Telia\Telias sakerhetstjanster\Anti-Virus\fsqh.exe C:\Program\Telia\Telias sakerhetstjanster\Anti-Virus\fsrw.exe C:\Program\Telia\Telias sakerhetstjanster\FWES\Program\fsdfwd.exe C:\Program\Telia\Telias sakerhetstjanster\backweb\7836882\Program\fspex.exe C:\Program\Telia\Telias sakerhetstjanster\Anti-Virus\fsav32.exe C:\Program\Telia\TELIAS~1\ANTI-S~1\fsaw.exe C:\Program\Telia\Telias sakerhetstjanster\FSGUI\fsguidll.exe C:\Program\Hijackthis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157'>http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896'>http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {36ADA89D-2440-4DC4-820A-3A05E8630935} - C:\Program\Video ActiveX Access\iesplg.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program\Java\jre1.5.0_11\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program\google\googletoolbar4.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program\google\googletoolbar4.dll O3 - Toolbar: Protection Bar - {29C5A3B6-9A8D-4FA0-B5AD-3E20F4AA5C00} - C:\Program\Video ActiveX Access\iesbpl.dll O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program\Logitech\iTouch\iTouch.exe O4 - HKLM\..\Run: [EM_EXEC] C:\Program\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe O4 - HKLM\..\Run: [ATIPTA] C:\Program\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program\Java\jre1.5.0_11\bin\jusched.exe" O4 - HKLM\..\Run: [DXM6Patch_981116] C:\WINDOWS\p_981116.exe /Q:A O4 - HKLM\..\Run: [EPSON Stylus Photo R300 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P30 "EPSON Stylus Photo R300 Series" /O6 "USB002" /M "Stylus Photo R300" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [userFaultCheck] %systemroot%\system32\dumprep 0 -u O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - HKLM\..\Run: [EEventManager] C:\Program\EPSON\Creativity Suite\Event Manager\EEventManager.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program\Delade filer\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [iTunesHelper] "C:\Program\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [tgcmd] "C:\Program\Telia\Supportassistent\bin\tgcmd.exe" /server /startmonitor /deaf O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program\Telia\Telias sakerhetstjanster\Common\FSM32.EXE" /splash O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program\Telia\Telias sakerhetstjanster\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program\Telia\Telias sakerhetstjanster\FSGUI\FSSW.EXE" /reboot O4 - HKLM\..\Run: [DriveCleaner 2006 Free] "C:\Program\DriveCleaner 2006 Free\UDC2006.exe" /min O4 - HKLM\..\Run: [sNM] C:\Program\SpyNoMore\SNM.exe /startup O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [LDM] C:\Program\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe O4 - HKCU\..\Run: [instantTray] C:\Program\Pinnacle\Shared Files\InstantCDDVD\PCLETray.exe O4 - HKCU\..\Run: [iW_Drop_Icon] C:\Program\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.exe /dropdisc O4 - HKCU\..\Run: [swg] C:\Program\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Certificate Mover.lnk = ? O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: Telias säkerhetstjänster.lnk = C:\Program\Telia\Telias sakerhetstjanster\backweb\7836882\Program\fspex.exe O8 - Extra context menu item: &Blockera detta popup-fönster - C:\Program\Telia\Telias sakerhetstjanster\Anti-Spyware\blockpopups.htm O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_11\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_11\bin\ssv.dll O9 - Extra button: IE-sköld - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program\Telia\Telias sakerhetstjanster\Anti-Spyware\ieshield.dll O9 - Extra 'Tools' menuitem: IE-sköld... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program\Telia\Telias sakerhetstjanster\Anti-Spyware\ieshield.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe O11 - Options group: [iNTERNATIONAL] International* O14 - IERESET.INF: START_PAGE_URL=http://start.glocalnet.se O15 - Trusted Zone: *.handelsbanken.se O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://webkc.support.telia.se/sdccommon/download/tgctlcm.cab O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll O20 - AppInit_DLLs: C:\Program\Google\GOOGLE~1\GOEC62~1.DLL O20 - Winlogon Notify: !SASWinLogon - C:\Program\SUPERAntiSpyware\SASWINLO.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Automatisk LiveUpdate-schemaläggare - Unknown owner - C:\Program\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing) O23 - Service: Telias säkerhetstjänster (BackWeb Plug-in - 7836882) - BackWeb Technologies Inc. - C:\Program\Telia\TELIAS~1\backweb\7836882\Program\SERVIC~1.EXE O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program\Telia\Telias sakerhetstjanster\Anti-Virus\fsgk32st.exe O23 - Service: FSBWSYS - F-Secure Corp. - C:\Program\Telia\Telias sakerhetstjanster\backweb\7836882\program\fsbwsys.exe O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program\Telia\Telias sakerhetstjanster\FWES\Program\fsdfwd.exe O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program\Telia\Telias sakerhetstjanster\Common\FSMA32.EXE O23 - Service: Google Updater Service (gusvc) - Google - C:\Program\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program\iPod\bin\iPodService.exe O23 - Service: SmartTrust Smart Card Server (Smartscaps) - SmartTrust - C:\WINDOWS\system32\Smartscaps.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\CCPD-LC\symlcsvc.exe [/log]
  7. Gick inte det heller. Hur låser jag upp skölden? Har provat gå in på Verktyg, men allt är grått, kan inte ändra på något.
  8. När vi klickar på länken till HijackThis blockeras hämtningen av Telias iesköld. Vad gör vi då?
  9. Finns det någon som kan hjälpa oss bli av med detta? Har kört en AdAware scan och removal, men allt försvann inte. Vågar inte köra HijackThis själva. /kean
×
×
  • Skapa nytt...