Just nu i M3-nätverket
Jump to content

Hur blir jag av med errorsafe?


Stefan Örnerdal

Recommended Posts

Stefan Örnerdal

Jag får några ad-ware som uppenbarligen tycks vara omöjliga att bli av med. Har provat ad-aware.se, zone-lab, spy-boot, microsofts eget beta-program med flera. Inget tar bort eländet.

 

Jäkligast är http://www.errorsafe.com (ibland http://se.errorsafe.com) och http://ad.oinadserver.com.

 

Errorsafe ploppar upp ungefär var femte minut, jag måste klicka på tre fyra ställen för att bli av med skiten och efter några minuter är det tillbaka igen.

Det här gör att jag faktiskt inte kan använda min dator.

 

Kan man på något sätt göra en manuell inställning som blockerar skräpet?

 

Någon som kan hjälpa mig?

 

Steffe

 

Link to comment
Share on other sites

  • Replies 61
  • Created
  • Last Reply
Stefan Örnerdal

Så här ser loggen ut (jag begriper inte ett dugg av det här!!):

[log]Logfile of HijackThis v1.99.1

Scan saved at 15:50:43, on 2006-01-24

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\CTHELPER.EXE

C:\Program\Microsoft Works\WksSb.exe

C:\Program\Real\RealPlayer\RealPlay.exe

C:\Program\iTunes\iTunesHelper.exe

C:\Program\QuickTime\qttask.exe

C:\Program\AVPersonal\AVGNT.EXE

C:\Program\Microsoft AntiSpyware\gcasServ.exe

C:\Program\Zone Labs\ZoneAlarm\zlclient.exe

C:\WINDOWS\System32\w?auboot.exe

C:\Program\MSN Messenger\msnmsgr.exe

C:\Program\Plaxo\2.6.2.9\PlaxoHelper.exe

C:\Program\sthe\ereb.exe

C:\Program\Microsoft AntiSpyware\gcasDtServ.exe

C:\Program\AVPersonal\AVGUARD.EXE

C:\Program\AVPersonal\AVWUPSRV.EXE

C:\WINDOWS\System32\gearsec.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\ZoneLabs\vsmon.exe

C:\WINDOWS\System32\MsPMSPSv.exe

C:\Program\iPod\bin\iPodService.exe

C:\Program\Internet Explorer\iexplore.exe

C:\Program\Outlook Express\msimn.exe

C:\Documents and Settings\Fujitsu\Lokala inställningar\Temporary Internet Files\Content.IE5\45GTM3S5\HijackThis[1].exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.vargarna.nu/'>http://www.vargarna.nu/

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.vargarna.nu/

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy1.telia.com:8080

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = login1.telia.com;<local>

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar

R3 - URLSearchHook: (no name) - {7497FBB1-3A55-1284-77E3-67833AADC893} - C:\WINDOWS\System32\omtubikp.dll (file missing)

R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)

R3 - URLSearchHook: (no name) - {66D57032-B7D0-9D04-F168-EF2B20EDD896} - C:\WINDOWS\system32\saoarcxb.dll

F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\Userinit.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: (no name) - {66D57032-B7D0-9D04-F168-EF2B20EDD896} - C:\WINDOWS\system32\saoarcxb.dll

O2 - BHO: (no name) - {7497FBB1-3A55-1284-77E3-67833AADC893} - C:\WINDOWS\System32\omtubikp.dll (file missing)

O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll

O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program\MSN Apps\MSN Toolbar\01.02.4000.1001\sv\msntb.dll

O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program\MSN Apps\MSN Toolbar\01.02.4000.1001\sv\msntb.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe

O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE

O4 - HKLM\..\Run: [updReg] C:\WINDOWS\UpdReg.EXE

O4 - HKLM\..\Run: [Jet Detection] C:\Program\Creative\SBLive\PROGRAM\ADGJDet.exe

O4 - HKLM\..\Run: [CTStartup] C:\Program\Creative\Splash Screen\CTEaxSpl.EXE /run

O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program\Microsoft Works\WkDetect.exe

O4 - HKLM\..\Run: [WorksFUD] C:\Program\Microsoft Works\wkfud.exe

O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program\Microsoft Works\WksSb.exe /AllUsers

O4 - HKLM\..\Run: [RealTray] C:\Program\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER

O4 - HKLM\..\Run: [iTunesHelper] C:\Program\iTunes\iTunesHelper.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [AVGCtrl] "C:\Program\AVPersonal\AVGNT.EXE" /min

O4 - HKLM\..\Run: [gcasServ] "C:\Program\Microsoft AntiSpyware\gcasServ.exe"

O4 - HKLM\..\Run: [Zone Labs Client] C:\Program\Zone Labs\ZoneAlarm\zlclient.exe

O4 - HKLM\..\RunOnce: [srePostpone] rundll32.exe c:\windows\system32\zonelabs\srescan.dll,DoSpecialAction

O4 - HKCU\..\Run: [spamihilator] "C:\Program\Spamihilator\spamihilator.exe"

O4 - HKCU\..\Run: [Tzmeedmk] C:\WINDOWS\System32\w?auboot.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Program\MSN Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [PlaxoUpdate] C:\Program\Plaxo\2.6.2.9\PlaxoHelper.exe -a

O4 - HKCU\..\Run: [Poss] "C:\Program\sthe\ereb.exe" -vt mt

O4 - Global Startup: Microsoft Office.lnk = C:\Program\Microsoft Office\Office10\OSA.EXE

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O16 - DPF: {04CCFF26-7D52-4E42-BF6A-F8ECE0896EB7} - http://scripts.downloadv3.com/binaries/EGDAccess/EGDACCESS_1071_XP.cab

O16 - DPF: {08BEF711-06DA-48B2-9534-802ECAA2E4F9} (PlxInstall Class) - https://www.plaxo.com/down/latest/PlaxoInstall.cab

O16 - DPF: {0D1011B3-89C8-4F8E-8693-BB970E2E81E0} - http://scripts.downloadv3.com/binaries/EGDAccess/EGDACCESS_1069_ASPIV4_XP.cab

O16 - DPF: {0DA910BC-6919-489E-B584-D9A4AAC7B8DE} - http://scripts.downloadv3.com/binaries/EGDAccess/EGDACCESS_1068_ASPIV4_XP.cab

O16 - DPF: {0DCABC94-5086-4E08-A4C9-BF284A614E81} (WwwPlugin Class) - http://espana.netvenda.com/perf/WwwPlugin.cab

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/ei/SmileyCentralInitialSetup1.0.0.8.cab

O16 - DPF: {2359626E-7524-4F87-B04E-22CD38A0C88C} (ICSScannerLight Class) - http://download.zonelabs.com/bin/free/cm/ICSCM.cab

O16 - DPF: {3616F4B5-F6AD-4E67-966A-C218673648A0} - http://scripts.downloadv3.com/binaries/EGDAccess/EGDACCESS_1070_ASPIV4_XP.cab

O16 - DPF: {3DAD912E-D2B9-4323-B7C9-7F2C5CC0C57B} - http://scripts.downloadv3.com/binaries/EGDAccess/EGDACCESS_1070_XP.cab

O16 - DPF: {469C7080-8EC8-43A6-AD97-45848113743C} - http://akamai.downloadv3.com/binaries/IA/nethv32_EN_XP.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by20fd.bay20.hotmail.msn.com/resources/MsnPUpld.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1120487821937

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1132760507765

O16 - DPF: {78F584DF-BBF5-4296-839C-31DE60914DBC} - http://scripts.downloadv3.com/binaries/EGDAccess/EGDACCESS_1071_ASPIV4_XP.cab

O16 - DPF: {9059F30F-4EB1-4BD2-9FDC-36F43A218F4A} (Microsoft RDP Client Control (redist)) - http://kakan.no-ip.com/tsweb/msrdp.cab

O16 - DPF: {95460ABD-946A-46FF-9F56-268718323EEE} - http://scripts.downloadv3.com/binaries/EGDAccess/EGDACCESS_1068_XP.cab

O16 - DPF: {B2B0AEDF-7CDF-4792-BB67-7654AD1E1B13} - http://scripts.downloadv3.com/binaries/IA/sysinetsvc32_EN_XP.cab

O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab

O16 - DPF: {BA749BC1-143E-430D-B1DA-1D2AF67A3658} - http://scripts.downloadv3.com/binaries/EGDAccess/EGDACCESS_1069_XP.cab

O16 - DPF: {BD11A280-2E73-11CF-B6CF-00AA00A74DAE} - file://C:\Info_sex2.cab

O16 - DPF: {D8B94E9A-A34B-4253-BF48-C7CB7F2CFDB0} - http://scripts.downloadv3.com/binaries/P2EClient/EGAUTH_1046_EN_XP.cab

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\Program\MSNMES~1\msgrapp.dll" (file missing)

O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Program\AVPersonal\AVGUARD.EXE

O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Program\AVPersonal\AVWUPSRV.EXE

O23 - Service: Gear-säkerhetstjänster (GEARSecurity) - GEAR Software - C:\WINDOWS\System32\gearsec.exe

O23 - Service: iPod-tjänst (iPodService) - Apple Computer, Inc. - C:\Program\iPod\bin\iPodService.exe

O23 - Service: Norman API-hooking helper (NipSvc) - Unknown owner - C:\PROGRAM\NORMAN\Nvc\BIN\nipsvc.exe (file missing)

O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

[/log]

 

Link to comment
Share on other sites

Stefan Örnerdal

Den första filen:

 

AntiVir Found Adware-Spyware/PuritySca.ak2 adware

ArcaVir Found nothing

Avast Found nothing

AVG Antivirus Found nothing

BitDefender Found nothing

ClamAV Found nothing

Dr.Web Found nothing

F-Prot Antivirus Found nothing

Fortinet Found nothing

Kaspersky Anti-Virus Found not-a-virus:AdWare.Win32.PurityScan.ak

NOD32 Found nothing

Norman Virus Control Found nothing

UNA Found nothing

VBA32 Found Malware.Agent.17 (probable variant)

 

 

Link to comment
Share on other sites

Stefan Örnerdal

...och den andra:

 

Scanner results

AntiVir Found nothing

ArcaVir Found nothing

Avast Found nothing

AVG Antivirus Found nothing

BitDefender Found nothing

ClamAV Found nothing

Dr.Web Found nothing

F-Prot Antivirus Found nothing

Fortinet Found nothing

Kaspersky Anti-Virus Found Trojan-Downloader.Win32.PurityScan.ax

NOD32 Found probably a variant of Win32/Adware.MediaTickets application (probable variant)

Norman Virus Control Found nothing

UNA Found nothing

VBA32 Found Backdoor.Rbot.2 (probable variant)

 

 

Link to comment
Share on other sites

 

Skapa en ny mapp på C:\ och placera HijackThis.exe dit så C:\HjT\HijackThis.exe

 

Scanna med Hijack bocka i följande rader stäng Web-läsaren och alla andra öppna fönster och klicka FIX checked

 

 

[log]R3 - URLSearchHook: (no name) - {7497FBB1-3A55-1284-77E3-67833AADC893} - C:\WINDOWS\System32\omtubikp.dll (file missing)

R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)

R3 - URLSearchHook: (no name) - {66D57032-B7D0-9D04-F168-EF2B20EDD896} - C:\WINDOWS\system32\saoarcxb.dll

O2 - BHO: (no name) - {66D57032-B7D0-9D04-F168-EF2B20EDD896} - C:\WINDOWS\system32\saoarcxb.dll

O2 - BHO: (no name) - {7497FBB1-3A55-1284-77E3-67833AADC893} - C:\WINDOWS\System32\omtubikp.dll (file missing)

O4 - HKCU\..\Run: [Tzmeedmk] C:\WINDOWS\System32\w?auboot.exe

O4 - HKCU\..\Run: [Poss] "C:\Program\sthe\ereb.exe" -vt mt

O16 - DPF: {04CCFF26-7D52-4E42-BF6A-F8ECE0896EB7} - http://scripts.downloadv3.com/binaries/EGDAccess/EGDACCESS_1071_X

P.cab

O16 - DPF: {0D1011B3-89C8-4F8E-8693-BB970E2E81E0} - http://scripts.downloadv3.com/binaries/EGDAccess/EGDACCESS_1069_A

SPIV4_XP.cab

O16 - DPF: {0DA910BC-6919-489E-B584-D9A4AAC7B8DE} - http://scripts.downloadv3.com/binaries/EGDAccess/EGDACCESS_1068_A

SPIV4_XP.cab

O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/ei/SmileyCent

ralInitialSetup1.0.0.8.cab

O16 - DPF: {3616F4B5-F6AD-4E67-966A-C218673648A0} - http://scripts.downloadv3.com/binaries/EGDAccess/EGDACCESS_1070_A

SPIV4_XP.cab

O16 - DPF: {3DAD912E-D2B9-4323-B7C9-7F2C5CC0C57B} - http://scripts.downloadv3.com/binaries/EGDAccess/EGDACCESS_1070_X

P.cab

O16 - DPF: {469C7080-8EC8-43A6-AD97-45848113743C} - http://akamai.downloadv3.com/binaries/IA/nethv32_EN_XP.cab

O16 - DPF: {78F584DF-BBF5-4296-839C-31DE60914DBC} - http://scripts.downloadv3.com/binaries/EGDAccess/EGDACCESS_1071_A

SPIV4_XP.cab

O16 - DPF: {95460ABD-946A-46FF-9F56-268718323EEE} - http://scripts.downloadv3.com/binaries/EGDAccess/EGDACCESS_1068_X

P.cab

O16 - DPF: {B2B0AEDF-7CDF-4792-BB67-7654AD1E1B13} - http://scripts.downloadv3.com/binaries/IA/sysinetsvc32_EN_XP.cab

O16 - DPF: {BA749BC1-143E-430D-B1DA-1D2AF67A3658} - http://scripts.downloadv3.com/binaries/EGDAccess/EGDACCESS_1069_X

P.cab

O16 - DPF: {BD11A280-2E73-11CF-B6CF-00AA00A74DAE} - file://C:\Info_sex2.cab

O16 - DPF: {D8B94E9A-A34B-4253-BF48-C7CB7F2CFDB0} - http://scripts.downloadv3.com/binaries/P2EClient/EGAUTH_1046_EN_X

P.cab

 

 

Starta sen i felsäkert läge och med dolda filer synliga ta bort om hittas

 

C:\WINDOWS\system32\saoarcxb.dll

C:\WINDOWS\System32\w?auboot.exe

C:\Program\sthe\ < mappen

 

Starta sen normalt och ny logg.[/log]

 

Link to comment
Share on other sites

  • 5 weeks later...

jag har oxå fått problem med detta och undrar om kanske jag har blivit smittad (ni tröttnar vell på mig men min dator är väldigt bra förövrigt.. tack för all hjälpa jga fått genomm tiderna...)

men här är iaf loggen..

 

 

[log]Logfile of HijackThis v1.99.1

Scan saved at 21:52:13, on 2006-02-23

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\windows\System32\smss.exe

C:\windows\system32\winlogon.exe

C:\windows\system32\services.exe

C:\windows\system32\lsass.exe

C:\windows\system32\svchost.exe

C:\windows\System32\svchost.exe

C:\windows\system32\spoolsv.exe

C:\windows\Explorer.EXE

C:\WINDOWS\System32\CTsvcCDA.exe

C:\Program\Norton AntiVirus\navapsvc.exe

C:\Program\Norton Internet Security\NISUM.EXE

C:\WINDOWS\System32\NMSSvc.exe

C:\windows\system32\nvsvc32.exe

C:\Program\COMPAQ\Easy Access Button Support\StartEAK.exe

C:\windows\system32\CTHELPER.EXE

C:\windows\system32\PROMon.exe

C:\Program\Real\RealPlayer\realplay.exe

C:\Program\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe

C:\Program\Norton Internet Security\IAMAPP.EXE

C:\Program\NORTON~1\navapw32.exe

C:\Program\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe

C:\Program\Winamp\winampa.exe

C:\Program\D-Tools\daemon.exe

C:\Program\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe

C:\windows\system32\RUNDLL32.EXE

C:\Program\Hewlett-Packard\HP Software Update\HPWuSchd2.exe

C:\Program\Real\RealJukebox\tsystray.exe

C:\windows\system32\ctfmon.exe

C:\windows\System32\svchost.exe

C:\Program\Norton Internet Security\SymProxySvc.exe

C:\Program\Compaq\Easy Access Button Support\CPQEAKSYSTEMTRAY.EXE

C:\Program\Compaq\Easy Access Button Support\CPQEADM.EXE

C:\WINDOWS\System32\MsPMSPSv.exe

C:\Compaq\EAKDRV\EAUSBKBD.EXE

C:\Program\Norton Internet Security\NISSERV.EXE

C:\Program\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe

C:\Program\Compaq\EASYAC~1\BttnServ.exe

C:\Program\Delade filer\Microsoft Shared\Works Shared\wkcalrem.exe

C:\Program\Delade filer\Symantec Shared\Security Center\SymWSC.exe

C:\Program\Hewlett-Packard\Digital Imaging\bin\hpqgalry.exe

C:\Program\Norton Internet Security\ATRACK.EXE

C:\Program\Messenger\msmsgs.exe

C:\windows\System32\svchost.exe

C:\Program\SPAMfighter\SFAgent.exe

C:\Program\Internet Explorer\iexplore.exe

C:\Program\Hijackthis.prog\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.se/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://desktop.presario.net/scripts/redirectors/presario/deskredir2.dll?s=consumer&ap=b201&c=1c02&lc=041d&ac'>http://desktop.presario.net/scripts/redirectors/presario/deskredir2.dll?s=consumer&ap=b201&c=1c02&lc=041d&ac

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://desktop.presario.net/scripts/redirectors/presario/deskredir2.dll?s=consumer&ap=b201&c=1c02&lc=041d&ac

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program\Spybot - Search & Destroy\SDHelper.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [CPQEASYACC] C:\Program\COMPAQ\Easy Access Button Support\StartEAK.exe

O4 - HKLM\..\Run: [WCOLOREAL] C:\Program\COMPAQ\Coloreal\coloreal.exe

O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE

O4 - HKLM\..\Run: [updReg] C:\WINDOWS\UpdReg.EXE

O4 - HKLM\..\Run: [Jet Detection] C:\Program\Creative\SBAudigy\PROGRAM\ADGJDet.exe

O4 - HKLM\..\Run: [PROMon.exe] PROMon.exe

O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe

O4 - HKLM\..\Run: [RealTray] C:\Program\Real\RealPlayer\realplay.exe SYSTEMBOOTHIDEPLAYER

O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program\Microsoft Works\WksSb.exe /AllUsers

O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program\Microsoft Works\WkDetect.exe

O4 - HKLM\..\Run: [share-to-Web Namespace Daemon] C:\Program\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe

O4 - HKLM\..\Run: [iamapp] C:\Program\Norton Internet Security\IAMAPP.EXE

O4 - HKLM\..\Run: [NAV Agent] C:\Program\NORTON~1\navapw32.exe

O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"

O4 - HKLM\..\Run: [symantec NetDriver Monitor] C:\Program\SYMNET~1\SNDMon.exe /Consumer

O4 - HKLM\..\Run: [WinampAgent] C:\Program\Winamp\winampa.exe

O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program\D-Tools\daemon.exe" -lang 1033

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [HP Software Update] "C:\Program\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"

O4 - HKLM\..\Run: [RealJukeboxSystray] "C:\Program\Real\RealJukebox\tsystray.exe"

O4 - HKLM\..\Run: [sPAMfighter Agent] "C:\Program\SPAMfighter\SFAgent.exe" update delay 60

O4 - HKCU\..\Run: [CTFMON.EXE] C:\windows\system32\ctfmon.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Program\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [steam] "C:\Program\Steam\Steam.exe" -silent

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: HP Image Zone Snabbstarta.lnk = C:\Program\Hewlett-Packard\Digital Imaging\bin\hpqthb08.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program\Microsoft Office\Office10\OSA.EXE

O4 - Global Startup: Påminnelser för Kalendern i Microsoft Works.lnk = ?

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll

O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\Program\MSNMES~1\msgrapp.dll" (file missing)

O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe

O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program\Delade filer\Macromedia Shared\Service\Macromedia Licensing.exe

O23 - Service: Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program\Norton AntiVirus\navapsvc.exe

O23 - Service: Norton Internet Security Service (NISSERV) - Symantec Corporation - C:\Program\Norton Internet Security\NISSERV.EXE

O23 - Service: Norton Internet Security Accounts Manager (NISUM) - Symantec Corporation - C:\Program\Norton Internet Security\NISUM.EXE

O23 - Service: Intel® NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\windows\system32\nvsvc32.exe

O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\Program\DELADE~1\SYMANT~1\SCRIPT~1\SBServ.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\SNDSrvc.exe

O23 - Service: Norton Internet Security Proxy Service (SymProxySvc) - Symantec Corporation - C:\Program\Norton Internet Security\SymProxySvc.exe

O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\Security Center\SymWSC.exe[/log]

 

 

 

Link to comment
Share on other sites

det kom upp en ruta med eroorsafe och när jag tryckte på avbryt så började den skanna. tryckte jag på kyss på scanningen kom samma ruta upp igen. jag tryckte på kryss så kom jag till derashemsida.. så jag tänkte att jag kanske skulle kunna ha blivit smittad av något otrevligt..?

(//eforum.idg.se/viewmsg.asp?EntriesId=808186#808232)

[inlägget ändrat 2006-02-24 08:04:48 av andersson31]

Link to comment
Share on other sites

OK, men om du inte har något problem för tillfället så kom det nog inte in något i alla fall. Alltid säkrare att kryssa fönstrena.

 

Link to comment
Share on other sites

  • 2 weeks later...

Även jag har problem med detta. Kan Ni vara snälla och hjälpa även mig?

 

Min logg ser ut så här:

 

[log]Logfile of HijackThis v1.99.1

Scan saved at 22:06:01, on 2006-03-08

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Program\IVT Corporation\BlueSoleil\BTNtService.exe

c:\Program\Delade filer\Symantec Shared\ccEvtMgr.exe

c:\Program\Norton AntiVirus\navapsvc.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\WINDOWS\System32\svchost.exe

C:\Program\Delade filer\Symantec Shared\Security Center\SymWSC.exe

C:\windows\system\hpsysdrv.exe

C:\Program\USB Storage RW\shwicon.exe

C:\HP\KBD\KBD.EXE

C:\Program\Delade filer\Symantec Shared\ccApp.exe

C:\Program\Delade filer\Microsoft Shared\Works Shared\WkUFind.exe

C:\Program\Messenger\msmsgs.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program\IVT Corporation\BlueSoleil\BlueSoleil.exe

C:\Program\Microsoft Office\Office\1053\OLFSNT40.EXE

c:\program\intern~1\iexplore.exe

C:\Program\Internet Explorer\iexplore.exe

C:\Program\Adobe\Acrobat 7.0\Reader\AcroRd32.exe

C:\HjT\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.qrqynntroxrfppwizazert.net/Wzyz8RdLJksGFEkoSIVF/K57hYbTFzEilmGahargR5uD/6qnG5RSCFRMgpMGSFPZ.html

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fmkiyrqxsxdfqdmgtzdrwdi.info/Wzyz8RdLJktz4sLOYwxsJFCkpYbDvsqUXpxSgLP07XY.jsp

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {0F519950-54B8-2583-447D-8ADDAD38DACD} - C:\DOCUME~1\GAREN~1\APPLIC~1\drawidol\atom creative.exe (file missing)

O2 - BHO: (no name) - {54926CF6-C966-21DB-1244-913B69ED4201} - C:\DOCUME~1\GAREN~1\APPLIC~1\drawidol\Nurb Logo.exe

O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program\Norton AntiVirus\NavShExt.dll

O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe

O4 - HKLM\..\Run: [KYE_Showicon] "C:\Program\USB Storage RW\shwicon.exe" -t"KYE\USB Storage RW"

O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE

O4 - HKLM\..\Run: [WCOLOREAL] C:\Program\Coloreal\coloreal.exe

O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded

O4 - HKLM\..\Run: [ccApp] "c:\Program\Delade filer\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [ccRegVfy] "c:\Program\Delade filer\Symantec Shared\ccRegVfy.exe"

O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program\Delade filer\Microsoft Shared\Works Shared\WkUFind.exe

O4 - HKLM\..\Run: [Dial32] C:\WINDOWS\dl.exe

O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe

O4 - HKLM\..\Run: [seek heck ref great] C:\Documents and Settings\All Users\Application Data\Draw Ball Seek Heck\SAVE SHOW.exe

O4 - HKLM\..\Run: [symantec NetDriver Monitor] C:\Program\SYMNET~1\SNDMon.exe /Consumer

O4 - HKLM\..\Run: [download data funk date] C:\Documents and Settings\All Users\Application Data\DupeLoadDownloadData\Knob Proc.exe

O4 - HKLM\..\RunOnce: [NCInstallQueue] rundll32 netman.dll,ProcessQueue

O4 - HKCU\..\Run: [MSMSGS] "C:\Program\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook

O4 - HKCU\..\Run: [drive extra] C:\DOCUME~1\GAREN~1\APPLIC~1\SPAMBA~1\pollsignpure.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: BlueSoleil.lnk = ?

O4 - Global Startup: Microsoft Office.lnk = C:\Program\Microsoft Office\Office\OSA9.EXE

O4 - Global Startup: Port för Symantec Fax Starter Edition.lnk = C:\Program\Microsoft Office\Office\1053\OLFSNT40.EXE

O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program\ICQLite\ICQLite.exe

O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program\ICQLite\ICQLite.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1125703953359

O16 - DPF: {AE1C01E3-0283-11D3-9B3F-00C04F8EF466} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab

O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/activedata/SymAData.dll

O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.symantec.com/techsupp/activedata/ActiveData.cab

O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll

O21 - SSODL: Trayz - {F5B7D0BE-5f02-4211-96DB-386DFA244900} - C:\WINDOWS\olpehmcp.dll (file missing)

O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program\IVT Corporation\BlueSoleil\BTNtService.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program\Delade filer\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - c:\Program\Delade filer\Symantec Shared\ccPwdSvc.exe

O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - c:\Program\Norton AntiVirus\navapsvc.exe

O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\SNDSrvc.exe

O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\Security Center\SymWSC.exe

[/log]

 

 

 

Link to comment
Share on other sites

andersson31

jag kan intte mycket (försöker lära mig lite..) så gör ingenting.. emn är verkligen denna filen bra cissi elelr nån anna:P?

O4 - HKLM\..\RunOnce: [NCInstallQueue] rundll32 netman.dll,ProcessQueue

 

 

Link to comment
Share on other sites

MatzJ :)

 

Ladda ner L2mfix från någon av dessa länkar:

http://www.atribune.org/downloads/l2mfix.exe

http://www.downloads.subratam.org/l2mfix.exe

 

Spara filen på skrivbordet och dubbelklicka l2mfix.exe. Klicka "Installera" för att packa upp filerna och följ instruktionerna. Öppna sedan den nya L2mfix-mappen och klicka på l2mfix.bat och välj #1 för att köra Run Find Log genom att knappa in "1" och sedan "Enter".

Detta kommer att skanna ditt system och det kan verka som om ingenting händer, men efter en minut eller 2 så kommer Anteckningsblocket att öppna ett blad med en log. Kopiera innehållet i den loggen hit. Starta INTE om datorn innan du postat och jag sett loggen. Anledningen är att filerna som eventuellt hittas, byter namn vid omstart.

 

Viktigt: Kör INTE någon annan fil i L2mfix-mappen annat än att du ombedes göra det.

 

VARNING till andra användare : använd inte detta verktyg på egen hand, utan sakkunnig assistans, då de olika infektionerna kan se olika ut.

 

Die Hard :)

 

Link to comment
Share on other sites

  • 2 weeks later...

Starta då upp en egen tråd här i Eforum genom att välja Skriv inlägg i vänsterkolumnen.

I inlägget så klistrar du in loggen från HijackThis:

http://www.thespykiller.co.uk/files/HJTsetup.exe

Installera, kör, skanna och spara loggen (inget annat).

 

Så får vi se vad för verktyg som är bäst i just ditt fall.

 

I ditt inlägg så bifogar du HijackThis-loggen på detta sätt:

Tryck på LOG-knappen i inläggsfönstret

Klistra in loggen

Tryck igen på LOG-knappen

 

Link to comment
Share on other sites

Även jag har problem att bli av med errorsafe.

[log]Logfile of HijackThis v1.99.1

Scan saved at 07:59:23, on 2006-03-22

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program\Nero\Nero 7\InCD\InCDsrv.exe

C:\Program\Delade filer\Symantec Shared\ccSetMgr.exe

C:\Program\Delade filer\Symantec Shared\SPBBC\SPBBCSvc.exe

C:\WINDOWS\Explorer.EXE

C:\Program\Delade filer\Symantec Shared\ccEvtMgr.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program\ScanSoft\OmniPageSE2.0\OpwareSE2.exe

C:\Program\Creative\SB Live! 24-bit\Surround Mixer\CTSysVol.exe

C:\Program\Delade filer\Symantec Shared\ccApp.exe

C:\WINDOWS\VM_STI.EXE

C:\Program\Nero\Nero 7\InCD\InCD.exe

C:\Program\ISTsvc\istsvc.exe

C:\WINDOWS\btxeuyev.exe

C:\Program\Java\jre1.5.0_06\bin\jusched.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\WINDOWS\TBPanel.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe

C:\Program\Logitech\SetPoint\KEM.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program\Logitech\SetPoint\KHALMNPR.EXE

C:\WINDOWS\system32\CTsvcCDA.exe

F:\Program\HistorySweep\HSSvc.exe

C:\Program\Delade filer\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Program\Norton SystemWorks\Norton AntiVirus\navapsvc.exe

C:\Program\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe

C:\Program\NORTON~1\NORTON~1\NPROTECT.EXE

C:\WINDOWS\system32\nvsvc32.exe

C:\Program\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE

F:\Program\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

C:\WINDOWS\system32\svchost.exe

C:\Program\Delade filer\Symantec Shared\CCPD-LC\symlcsvc.exe

C:\WINDOWS\system32\MsPMSPSv.exe

C:\Program\Messenger\msmsgs.exe

C:\Program\Internet Explorer\IEXPLORE.EXE

F:\Program\Hijackthis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program\Java\jre1.5.0_06\bin\ssv.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program\google\googletoolbar2.dll

O2 - BHO: MSN Search Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program\MSN Toolbar Suite\TB\02.05.0000.1105\sv-se\msntb.dll

O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program\Norton SystemWorks\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program\Canon\Easy-WebPrint\Toolband.dll

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program\Norton SystemWorks\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: MSN Search Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program\MSN Toolbar Suite\TB\02.05.0000.1105\sv-se\msntb.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program\google\googletoolbar2.dll

O4 - HKLM\..\Run: [OpwareSE2] "C:\Program\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"

O4 - HKLM\..\Run: [CTSysVol] C:\Program\Creative\SB Live! 24-bit\Surround Mixer\CTSysVol.exe /r

O4 - HKLM\..\Run: [updReg] C:\WINDOWS\UpdReg.EXE

O4 - HKLM\..\Run: [ccApp] "C:\Program\Delade filer\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [symantec NetDriver Monitor] C:\Program\SYMNET~1\SNDMon.exe /Consumer

O4 - HKLM\..\Run: [smart Start UP] C:\Program\NewSoft\Smart Start UP\PnPDetect.exe /Automation

O4 - HKLM\..\Run: [bigDogPath] C:\WINDOWS\VM_STI.EXE VIMICRO USB PC Camera

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [inCD] C:\Program\Nero\Nero 7\InCD\InCD.exe

O4 - HKLM\..\Run: [iST Service] C:\Program\ISTsvc\istsvc.exe

O4 - HKLM\..\Run: [FvKAV] C:\WINDOWS\btxeuyev.exe

O4 - HKLM\..\Run: [Fvùõš/‚²‘ÆßfÏNb‰»9C:\Program\ISTsvc\istsvc.exe] C:\WINDOWS\btxeuyev.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program\Java\jre1.5.0_06\bin\jusched.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [Gainward] C:\WINDOWS\TBPanel.exe /A

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [LDM] C:\Program\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe

O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe

O4 - Global Startup: Logitech SetPoint.lnk = C:\Program\Logitech\SetPoint\KEM.exe

O4 - Global Startup: Windows Desktop Search.lnk = C:\Program\MSN Toolbar Suite\DS\02.05.0001.1119\sv-se\bin\WindowsSearch.exe

O8 - Extra context menu item: &Google-sökning - res://c:\program\google\GoogleToolbar2.dll/cmsearch.html

O8 - Extra context menu item: &MSN Search - res://C:\Program\MSN Toolbar Suite\TB\02.05.0000.1105\sv-se\msntb.dll/search.htm

O8 - Extra context menu item: &Översätt engelskt ord - res://c:\program\google\GoogleToolbar2.dll/cmwordtrans.html

O8 - Extra context menu item: Bakåtlänkar - res://c:\program\google\GoogleToolbar2.dll/cmbacklinks.html

O8 - Extra context menu item: Download Using &BitSpirit - F:\Program\BitSpirit\bsurl.htm

O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~2\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html

O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html

O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html

O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program\Canon\Easy-WebPrint\Resource.dll/RC_Print.html

O8 - Extra context menu item: Lagrad bild på sida - res://c:\program\google\GoogleToolbar2.dll/cmcache.html

O8 - Extra context menu item: Liknande sidor - res://c:\program\google\GoogleToolbar2.dll/cmsimilar.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra button: Referensinformation - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab

O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab

O16 - DPF: {42F2C9BA-614F-47C0-B3E3-ECFD34EED658} - http://www.ysbweb.com/ist/softwares/v4.0/ysb_cracks.cab

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab

O16 - DPF: {91433D86-9F27-402C-B5E3-DEBDD122C339} - http://www.playqames.com/default.cab?uid=57&id=60911&1s&ex&ppd=4

O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab

O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab

O16 - DPF: {BD8667B7-38D8-4C77-B580-18C3E146372C} (Creative Toolbox Plug-in) - http://ak.imgag.com/imgag/cp/install/Crusher.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{328C1954-4B07-4467-9C38-5898B6A1F362}: NameServer = 213.150.135.211 195.58.103.21

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\Program\MSNMES~1\msgrapp.dll" (file missing)

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccPwdSvc.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccSetMgr.exe

O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe

O23 - Service: HistorySweepService - Unknown owner - F:\Program\HistorySweep\HSSvc.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program\Delade filer\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program\Nero\Nero 7\InCD\InCDsrv.exe

O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program\Norton SystemWorks\Norton AntiVirus\navapsvc.exe

O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe

O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program\NORTON~1\NORTON~1\NPROTECT.EXE

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: SAVScan - Symantec Corporation - C:\Program\Norton SystemWorks\Norton AntiVirus\SAVScan.exe

O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\Program\DELADE~1\SYMANT~1\SCRIPT~1\SBServ.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\SNDSrvc.exe

O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\SPBBC\SPBBCSvc.exe

O23 - Service: Speed Disk service - Symantec Corporation - C:\Program\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE

O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - F:\Program\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\CCPD-LC\symlcsvc.exe

 

[/log]

 

 

Link to comment
Share on other sites

Det enklaste sättet är att ladda ner ett litet program som heter OIUninstaller, som tar bort det. Sök på Google efter det. Du behöver inte alls hälla på med Hijackthis och en massa krångel.

 

[inlägget ändrat 2006-03-26 01:17:35 av LO Ström]

Link to comment
Share on other sites

OIUninstaller är ett avinstallationsprogram för PurityScan.

Det finns inte det minsta spår av PurityScan i Marcin78s HijackThis-logg, däremot av ISTbar.

Jag har rekommenderat OIUninstaller i trådar där jag sett PurityScan i HijackThis-loggar, men det har ju aldrig tagit bort allting otrevligt i deras loggar.

 

Link to comment
Share on other sites

Ok, Cecilia, jag vet bara att jag hade problem med dessa pop-up's och jag installerade OiUnistaller och fick bort rubbet. Det måste ha varit någon annan typ av spyware då, sorry.

 

Link to comment
Share on other sites

  • 2 months later...

hejsan.

jag har också problem med errorsafe grejen som poppar upp lite överallt - löste popup fönsterna med att installera flashblock till firefox - men jag undrar om jag faktiskt har nån errorsafe på min dator? vundofix hittar inget heller.

 

skickar med en hjt logg iaf.

 

:)

 

[log]

Logfile of HijackThis v1.99.1

Scan saved at 14:57:16, on 2006-06-08

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program\Delade filer\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\svchost.exe

C:\DOCUME~1\ADMINI~1\MINADO~1\Program\BBLEAN~1\blackbox.exe

C:\Program\TweakNow PowerPack\RAM_XP.exe

C:\Program\ATI Technologies\ATI.ACE\cli.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program\PeerGuardian2\pg2.exe

C:\Program\Delade filer\Ahead\lib\NMBgMonitor.exe

C:\Program\Mozilla Firefox\firefox.exe

C:\Program\Winamp\Winamp.exe

C:\Program\Hijackthis\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.se/keyword/%s

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.bitcomet.com/client/changelog/?v=0.63&l=sv_se

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar

F2 - REG:system.ini: Shell=C:\DOCUME~1\ADMINI~1\MINADO~1\Program\BBLEAN~1\blackbox.exe

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program\SPYBOT~1\SDHelper.dll

O2 - BHO: (no name) - {B0744341-96E0-4341-9ED2-8BC36CE0CCD0} - (no file)

O4 - HKLM\..\Run: [KAVPersonal50] "C:\Program\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\kav.exe" /minimize

O4 - HKLM\..\Run: [synTPLpr] C:\Program\Synaptics\SynTP\SynTPLpr.exe

O4 - HKLM\..\Run: [synTPEnh] C:\Program\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [icon] C:\WINDOWS\system32\drivers\Icon.exe

O4 - HKLM\..\Run: [RAM Idle Professional] C:\Program\TweakNow PowerPack\RAM_XP.exe

O4 - HKLM\..\Run: [ATICCC] "C:\Program\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay

O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe

O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [PeerGuardian] C:\Program\PeerGuardian2\pg2.exe

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program\Delade filer\Ahead\lib\NMBgMonitor.exe"

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program\Delade filer\Adobe\Calibration\Adobe Gamma Loader.exe

O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {20CCCFEC-D26F-4ffe-996B-388B39C8CCCA} - C:\WINDOWS\system32\shdocvw.dll

O9 - Extra 'Tools' menuitem: Tri&xie Options... - {20CCCFEC-D26F-4ffe-996B-388B39C8CCCA} - C:\WINDOWS\system32\shdocvw.dll

O9 - Extra button: Referensinformation - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program\MICROS~2\OFFICE11\REFIEBAR.DLL

O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15015/CTSUEng.cab

O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15023/CTPID.cab

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\Program\MSNMES~1\msgrapp.dll" (file missing)

O20 - Winlogon Notify: Antiwpa - C:\WINDOWS\SYSTEM32\antiwpa.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: Kaspersky Anti-Virus Service (kavsvc) - Kaspersky Lab - C:\Program\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\kavsvc.exe

[/log]

 

Link to comment
Share on other sites

hejsan

 

blackbox är ett shell till xp för att göra det lite snyggare & smidigare att använda bara.

 

Icon.exe är nån ikon som indikerar om mitt trådlösa nätverk är påslaget eller inte - installerade det från Packard Bell's hemsida tillsammans med alla andra drivrutinerna.

 

antiwpa.dll är nån sorts crack och inget farligt.

 

betyder detta att jag e ren? :D

 

Link to comment
Share on other sites

 

Bocka i och Fixa denna rad

 

O2 - BHO: (no name) - {B0744341-96E0-4341-9ED2-8BC36CE0CCD0} - (no file)

 

sen är loggen ok.

Om errorsafe problemet är kvar så scanna datorn med Ewido.

Installera och uppdatera.

Scanna och rensa i felsäkert läge och spara loggen.

Starta sen normalt och skicka Ewido loggen.

 

http://www.ewido.net/en/download/

 

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.




×
×
  • Create New...