Just nu i M3-nätverket
Jump to content

Även jag har fått theuptodatesafety.com skräpet :/


S990WE

Recommended Posts

jag har kollat lite i dom andra trådarna om det programmet och har redan skapat en logg med HijackThis

 

[log]

Logfile of HijackThis v1.99.1

Scan saved at 19:08:59, on 2006-09-26

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.5346.0005)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Program\Delade filer\Autodesk Shared\Service\AdskScSrv.exe

C:\Program\GLOCAL~1\backweb\1334833\Program\SERVIC~1.EXE

C:\Program\WinMediaCodec\isamonitor.exe

C:\Program\WinMediaCodec\pmsngr.exe

C:\WINDOWS\system32\CTsvcCDA.EXE

C:\Program\Java\jre1.5.0_06\bin\jusched.exe

C:\windows\system\hpsysdrv.exe

C:\Program\Glocalnet Säkerhetspaket\Anti-Virus\fsgk32st.exe

C:\Program\Glocalnet Säkerhetspaket\backweb\1334833\Program\fspex.exe

C:\Program\Glocalnet Säkerhetspaket\backweb\1334833\program\fsbwsys.exe

C:\Program\Glocalnet Säkerhetspaket\Anti-Virus\FSGK32.EXE

C:\HP\KBD\KBD.EXE

C:\WINDOWS\ALCXMNTR.EXE

C:\Program\Glocalnet Säkerhetspaket\Common\FSMA32.EXE

C:\Program\Glocalnet Säkerhetspaket\Common\FSM32.EXE

C:\Program\WinMediaCodec\pmmon.exe

C:\WINDOWS\System32\svchost.exe

C:\Program\Glocalnet Säkerhetspaket\Anti-Virus\fssm32.exe

C:\Program\Glocalnet Säkerhetspaket\Common\FSMB32.EXE

C:\Program\Glocalnet Säkerhetspaket\FSGUI\ispnews.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Program\Microsoft IntelliPoint\ipoint.exe

C:\Program\Microsoft IntelliType Pro\itype.exe

C:\WINDOWS\system32\svchost.exe

C:\Program\Windows Media Connect 2\WMCCFG.exe

C:\Program\WinMediaCodec\isamini.exe

C:\Program\Glocalnet Säkerhetspaket\Common\FCH32.EXE

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Program\iTunes\iTunesHelper.exe

C:\Program\QuickTime\qttask.exe

C:\Program\TVAV~1\TVAV~1\TVTray.exe

C:\Program\Glocalnet Säkerhetspaket\Common\FAMEH32.EXE

C:\Program\Delade filer\Logitech\QCDriver3\LVCOMS.EXE

C:\Program\Logitech\ImageStudio\LogiTray.exe

C:\Program\Creative\MediaSource\Detector\CTDetect.exe

C:\Program\Glocalnet Säkerhetspaket\FSPC\fspc.exe

C:\WINDOWS\system32\taskmgr.exe

C:\Program\Glocalnet Säkerhetspaket\Anti-Virus\fsav32.exe

C:\Program\Glocalnet Säkerhetspaket\FWES\Program\fsdfwd.exe

C:\Program\iPod\bin\iPodService.exe

C:\Program\Glocalnet Säkerhetspaket\FSGUI\fsguiexe.exe

C:\Program\MSN Messenger\msnmsgr.exe

C:\Program\Skype\Phone\Skype.exe

C:\WINDOWS\system32\svchost.exe

C:\Program\Internet Explorer\iexplore.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program\Internet Explorer\iexplore.exe

C:\WINDOWS\system32\wuauclt.exe

D:\Program\Hijackthis\HijackThis.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\SoftwareDistribution\Download\Install\NDP1.1sp1-KB867460-X86.exe

C:\DOCUME~1\COMPAQ~1\LOKALA~1\Temp\SLCFD.tmp

C:\WINDOWS\system32\msiexec.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=SV_SE&c=Q105&bd=presario&pf=desktop'>http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=SV_SE&c=Q105&bd=presario&pf=desktop

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=54729

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896'>http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=SV_SE&c=Q105&bd=presario&pf=desktop

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=55245&clcid={SUB_CLCID}

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {202a961f-23ae-42b1-9505-ffe3c818d717} - C:\Program\WinMediaCodec\isaddon.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program\Java\jre1.5.0_06\bin\ssv.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program\Delade filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O3 - Toolbar: Protection Bar - {479fd0cf-5be9-4c63-8cda-b6d371c67bd5} - C:\Program\WinMediaCodec\iesplugin.dll

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program\Java\jre1.5.0_06\bin\jusched.exe

O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE

O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE

O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe

O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE

O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe

O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program\Glocalnet Säkerhetspaket\Common\FSM32.EXE" /splash

O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program\Glocalnet Säkerhetspaket\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW

O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program\Glocalnet Säkerhetspaket\FSGUI\FSSW.EXE" /reboot

O4 - HKLM\..\Run: [News Service] "C:\Program\Glocalnet Säkerhetspaket\FSGUI\ispnews.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [intelliPoint] "C:\Program\Microsoft IntelliPoint\ipoint.exe"

O4 - HKLM\..\Run: [itype] "C:\Program\Microsoft IntelliType Pro\itype.exe"

O4 - HKLM\..\Run: [Windows Media Connect 2] "C:\Program\Windows Media Connect 2\WMCCFG.exe" /StartQuiet

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [TVTray] C:\Program\TVAV~1\TVAV~1\TVTray.exe

O4 - HKLM\..\Run: [LVCOMS] C:\Program\Delade filer\Logitech\QCDriver3\LVCOMS.EXE

O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program\Logitech\ImageStudio\ISStart.exe

O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program\Logitech\ImageStudio\LogiTray.exe

O4 - HKCU\..\Run: [Creative Detector] C:\Program\Creative\MediaSource\Detector\CTDetect.exe /R

O4 - Startup: Adobe Gamma.lnk = C:\Program\Delade filer\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Startup: Genväg till taskmgr.lnk = C:\WINDOWS\system32\taskmgr.exe

O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra button: Webbfilter - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program\Glocalnet Säkerhetspaket\FSPC\fspcmsie.dll

O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program\Glocalnet Säkerhetspaket\FSPC\fspcmsie.dll

O9 - Extra 'Tools' menuitem: Visa &lista över webbplatser - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program\Glocalnet Säkerhetspaket\FSPC\fspcmsie.dll

O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F02} - C:\Program\Glocalnet Säkerhetspaket\FSPC\fspcmsie.dll

O9 - Extra 'Tools' menuitem: &Inaktivera webbsidefilter - {200DB664-75B5-47c0-8B45-A44ACCF73F02} - C:\Program\Glocalnet Säkerhetspaket\FSPC\fspcmsie.dll

O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F03} - C:\Program\Glocalnet Säkerhetspaket\FSPC\fspcmsie.dll

O9 - Extra 'Tools' menuitem: &Blockera den här webbplatsen - {200DB664-75B5-47c0-8B45-A44ACCF73F03} - C:\Program\Glocalnet Säkerhetspaket\FSPC\fspcmsie.dll

O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F04} - C:\Program\Glocalnet Säkerhetspaket\FSPC\fspcmsie.dll

O9 - Extra 'Tools' menuitem: &Tillåt den här webbplatsen - {200DB664-75B5-47c0-8B45-A44ACCF73F04} - C:\Program\Glocalnet Säkerhetspaket\FSPC\fspcmsie.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O10 - Broken Internet access because of LSP provider 'winsflt.dll' missing

O11 - Options group: [iNTERNATIONAL] International*

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O17 - HKLM\System\CCS\Services\Tcpip\..\{09D9EB24-9E4E-496B-B42E-63DF5AF395C7}: NameServer = 213.150.135.211 195.58.103.21

O17 - HKLM\System\CS1\Services\Tcpip\..\{09D9EB24-9E4E-496B-B42E-63DF5AF395C7}: NameServer = 213.150.135.211 195.58.103.21

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program\MSNMES~1\MSGRAP~1.DLL

O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program\Delade filer\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program\Delade filer\Autodesk Shared\Service\AdskScSrv.exe

O23 - Service: Glocalnet Säkerhetspaket (BackWeb Plug-in - 1334833) - Unknown owner - C:\Program\GLOCAL~1\backweb\1334833\Program\SERVIC~1.EXE

O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE

O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corp. - C:\Program\Glocalnet Säkerhetspaket\Anti-Virus\fsgk32st.exe

O23 - Service: fsbwsys - F-Secure Corp. - C:\Program\Glocalnet Säkerhetspaket\backweb\1334833\program\fsbwsys.exe

O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program\Glocalnet Säkerhetspaket\FWES\Program\fsdfwd.exe

O23 - Service: F-Secure HTTP Server (fshttps) - F-Secure Corporation - C:\Program\Glocalnet Säkerhetspaket\FSPC\fshttps\fshttps.exe

O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program\Glocalnet Säkerhetspaket\Common\FSMA32.EXE

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program\Delade filer\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPodService - Apple Computer, Inc. - C:\Program\iPod\bin\iPodService.exe

O23 - Service: RaySat_3dsmax8 Server (mi-raysat_3dsmax8) - Unknown owner - C:\Program\Autodesk\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)[/log]

 

är mycket tacksam för snabbt svar....

 

PS: försvinner även "Protection bar" i IE???

 

jag tror jag fick skiten av winmediacodec 9.0 - det har jag avinstallerat (tror och hoppas jag) via "Lägg til ta bort program"

 

 

jag får även upp nogot som öppnar en hemsida ( http://malwarewipe.com'>http://malwarewipe.com ) med jämna mellanrum - det kommer upp en "bubla" nere i vid klockan och alla program där som säjer att man ska klicka på den, även om jag ständer den så skickas jag till http://malwarewipe.com

 

någon som vill/har lust/ har tid att hjälpa till??? vill helst inte behöva formatera om datorn...

[inlägget ändrat 2006-09-26 19:43:42 av S990WE]

Link to comment
Share on other sites

 

Ladda ner SmitfraudFix på skrivbordet och unzippa den där.

 

http://siri.urz.free.fr/Fix/SmitfraudFix.zip

 

Starta sen datorn i felsäkert läge.

 

Efter det öppna SmitfraudFix mappen och dubbelklicka på smitfraudfix.cmd

Välj altenativ Clean = klicka 2 och Enter

Sen vänta tills den jobbar klart.

På frågan "Registry cleaning - Do you want to clean the registry ?"

svara Yes med att klicka Y och Enter

Om wininet.dll är infekterad får du frågan "Replace infected file ?"

svara Yes med att klicka Y och Enter.

Om inte datorn startar om automatiskt så starta den i normalläge.

 

Skicka sen C:\rapport.txt och en ny Hijack logg

 

 

 

Link to comment
Share on other sites

HijackThis log

[log]

Logfile of HijackThis v1.99.1

Scan saved at 11:44:31, on 2006-09-27

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.5346.0005)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program\Delade filer\Autodesk Shared\Service\AdskScSrv.exe

C:\Program\GLOCAL~1\backweb\1334833\Program\SERVIC~1.EXE

C:\WINDOWS\system32\CTsvcCDA.EXE

C:\Program\Glocalnet Säkerhetspaket\Anti-Virus\fsgk32st.exe

C:\Program\Glocalnet Säkerhetspaket\backweb\1334833\program\fsbwsys.exe

C:\Program\Glocalnet Säkerhetspaket\Anti-Virus\FSGK32.EXE

C:\Program\Glocalnet Säkerhetspaket\Common\FSMA32.EXE

C:\Program\Glocalnet Säkerhetspaket\Anti-Virus\fssm32.exe

C:\WINDOWS\System32\svchost.exe

C:\Program\Glocalnet Säkerhetspaket\Common\FSMB32.EXE

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost.exe

C:\Program\Glocalnet Säkerhetspaket\Common\FCH32.EXE

C:\Program\Glocalnet Säkerhetspaket\Common\FAMEH32.EXE

C:\Program\Glocalnet Säkerhetspaket\FSPC\fspc.exe

C:\Program\Glocalnet Säkerhetspaket\FWES\Program\fsdfwd.exe

C:\Program\Glocalnet Säkerhetspaket\Anti-Virus\fsav32.exe

C:\WINDOWS\Explorer.EXE

C:\Program\Java\jre1.5.0_06\bin\jusched.exe

C:\Program\Glocalnet Säkerhetspaket\backweb\1334833\Program\fspex.exe

C:\windows\system\hpsysdrv.exe

C:\HP\KBD\KBD.EXE

C:\WINDOWS\ALCXMNTR.EXE

C:\Program\Glocalnet Säkerhetspaket\Common\FSM32.EXE

C:\Program\Glocalnet Säkerhetspaket\FSGUI\fsguiexe.exe

C:\Program\Glocalnet Säkerhetspaket\FSGUI\ispnews.exe

C:\Program\Microsoft IntelliPoint\ipoint.exe

C:\Program\Microsoft IntelliType Pro\itype.exe

C:\Program\Windows Media Connect 2\WMCCFG.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Program\iTunes\iTunesHelper.exe

C:\Program\QuickTime\qttask.exe

C:\Program\iPod\bin\iPodService.exe

C:\Program\TVAV~1\TVAV~1\TVTray.exe

C:\Program\Delade filer\Logitech\QCDriver3\LVCOMS.EXE

C:\Program\Logitech\ImageStudio\LogiTray.exe

C:\Program\Creative\MediaSource\Detector\CTDetect.exe

C:\WINDOWS\system32\taskmgr.exe

D:\Program\Hijackthis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program\Java\jre1.5.0_06\bin\ssv.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program\Delade filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program\Java\jre1.5.0_06\bin\jusched.exe

O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE

O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE

O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe

O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE

O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe

O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program\Glocalnet Säkerhetspaket\Common\FSM32.EXE" /splash

O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program\Glocalnet Säkerhetspaket\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW

O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program\Glocalnet Säkerhetspaket\FSGUI\FSSW.EXE" /reboot

O4 - HKLM\..\Run: [News Service] "C:\Program\Glocalnet Säkerhetspaket\FSGUI\ispnews.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [intelliPoint] "C:\Program\Microsoft IntelliPoint\ipoint.exe"

O4 - HKLM\..\Run: [itype] "C:\Program\Microsoft IntelliType Pro\itype.exe"

O4 - HKLM\..\Run: [Windows Media Connect 2] "C:\Program\Windows Media Connect 2\WMCCFG.exe" /StartQuiet

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [TVTray] C:\Program\TVAV~1\TVAV~1\TVTray.exe

O4 - HKLM\..\Run: [LVCOMS] C:\Program\Delade filer\Logitech\QCDriver3\LVCOMS.EXE

O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program\Logitech\ImageStudio\ISStart.exe

O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program\Logitech\ImageStudio\LogiTray.exe

O4 - HKCU\..\Run: [Creative Detector] C:\Program\Creative\MediaSource\Detector\CTDetect.exe /R

O4 - Startup: Adobe Gamma.lnk = C:\Program\Delade filer\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Startup: Genväg till taskmgr.lnk = C:\WINDOWS\system32\taskmgr.exe

O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra button: Webbfilter - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program\Glocalnet Säkerhetspaket\FSPC\fspcmsie.dll

O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program\Glocalnet Säkerhetspaket\FSPC\fspcmsie.dll

O9 - Extra 'Tools' menuitem: Visa &lista över webbplatser - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program\Glocalnet Säkerhetspaket\FSPC\fspcmsie.dll

O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F02} - C:\Program\Glocalnet Säkerhetspaket\FSPC\fspcmsie.dll

O9 - Extra 'Tools' menuitem: &Inaktivera webbsidefilter - {200DB664-75B5-47c0-8B45-A44ACCF73F02} - C:\Program\Glocalnet Säkerhetspaket\FSPC\fspcmsie.dll

O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F03} - C:\Program\Glocalnet Säkerhetspaket\FSPC\fspcmsie.dll

O9 - Extra 'Tools' menuitem: &Blockera den här webbplatsen - {200DB664-75B5-47c0-8B45-A44ACCF73F03} - C:\Program\Glocalnet Säkerhetspaket\FSPC\fspcmsie.dll

O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F04} - C:\Program\Glocalnet Säkerhetspaket\FSPC\fspcmsie.dll

O9 - Extra 'Tools' menuitem: &Tillåt den här webbplatsen - {200DB664-75B5-47c0-8B45-A44ACCF73F04} - C:\Program\Glocalnet Säkerhetspaket\FSPC\fspcmsie.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O10 - Broken Internet access because of LSP provider 'winsflt.dll' missing

O11 - Options group: [iNTERNATIONAL] International*

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O17 - HKLM\System\CCS\Services\Tcpip\..\{09D9EB24-9E4E-496B-B42E-63DF5AF395C7}: NameServer = 213.150.135.211 195.58.103.21

O17 - HKLM\System\CS1\Services\Tcpip\..\{09D9EB24-9E4E-496B-B42E-63DF5AF395C7}: NameServer = 213.150.135.211 195.58.103.21

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program\MSNMES~1\MSGRAP~1.DLL

O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program\Delade filer\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program\Delade filer\Autodesk Shared\Service\AdskScSrv.exe

O23 - Service: Glocalnet Säkerhetspaket (BackWeb Plug-in - 1334833) - Unknown owner - C:\Program\GLOCAL~1\backweb\1334833\Program\SERVIC~1.EXE

O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE

O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corp. - C:\Program\Glocalnet Säkerhetspaket\Anti-Virus\fsgk32st.exe

O23 - Service: fsbwsys - F-Secure Corp. - C:\Program\Glocalnet Säkerhetspaket\backweb\1334833\program\fsbwsys.exe

O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program\Glocalnet Säkerhetspaket\FWES\Program\fsdfwd.exe

O23 - Service: F-Secure HTTP Server (fshttps) - F-Secure Corporation - C:\Program\Glocalnet Säkerhetspaket\FSPC\fshttps\fshttps.exe

O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program\Glocalnet Säkerhetspaket\Common\FSMA32.EXE

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program\Delade filer\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPodService - Apple Computer, Inc. - C:\Program\iPod\bin\iPodService.exe

O23 - Service: RaySat_3dsmax8 Server (mi-raysat_3dsmax8) - Unknown owner - C:\Program\Autodesk\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)[/log]

 

 

 

 

SmitFraudFix log

[log]

SmitFraudFix v2.100

 

Scan done at 11:28:56,10, 2006-09-27

Run from C:\Documents and Settings\Compaq_Žgaren\Skrivbord\SmitfraudFix

OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT

Fix ran in safe mode

 

»»»»»»»»»»»»»»»»»»»»»»»» Before SmitFraudFix

!!!Attention, following keys are not inevitably infected!!!

 

SrchSTS.exe by S!Ri

Search SharedTaskScheduler's .dll

 

»»»»»»»»»»»»»»»»»»»»»»»» Killing process

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

 

GenericRenosFix by S!Ri

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

 

C:\DOCUME~1\ALLUSE~1\START-~1\Online Security Guide.url Deleted

C:\DOCUME~1\ALLUSE~1\START-~1\Security Troubleshooting.url Deleted

C:\Program\WinMediaCodec\ Deleted

 

»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

 

Registry Cleaning done.

 

»»»»»»»»»»»»»»»»»»»»»»»» After SmitFraudFix

!!!Attention, following keys are not inevitably infected!!!

 

SrchSTS.exe by S!Ri

Search SharedTaskScheduler's .dll

 

 

»»»»»»»»»»»»»»»»»»»»»»»» End[/log]

 

 

 

 

Link to comment
Share on other sites

 

Scanna med Hijack bocka i följande rader stäng Web-läsaren och klicka Fix checked

 

O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE

 

sen är loggen ok.

Uppdatera Java hittas i Kontrollpanelen.

 

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.



×
×
  • Create New...