lite popups mm

[v_hakansson]

hej, skulle vilja att någon kollade på min hjt log, har haft problem med ett "msn-viruset" vilket jag tror är kallat photo eller "men titta det är ju du på bilden" verkar som jag har fått bort det men popupskom sedan

 

[log]Logfile of HijackThis v1.99.1

Scan saved at 19:15:56, on 2006-10-23

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\SYSTEM32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\CTHELPER.EXE

C:\Program\Java\jre1.5.0_06\bin\jusched.exe

C:\Program\Grisoft\AVGFRE~1\avgcc.exe

C:\Program\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe

C:\Program\iTunes\iTunesHelper.exe

C:\Program\ipwins\ipwins.exe

C:\Program\Delade filer\{F0D75811-0A78-1053-1021-02042520002e}\Update.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program\Messenger\msmsgs.exe

C:\MACRO\WMPHotkeys.exe

C:\Program\Grisoft\AVGFRE~1\avgamsvr.exe

C:\Program\Grisoft\AVGFRE~1\avgupsvc.exe

C:\WINDOWS\System32\svchost.exe

C:\Program\iPod\bin\iPodService.exe

C:\WINDOWS\system32\svchost.exe

D:\Program\Winamp\Winamp.exe

C:\Program\MSN Messenger\msnmsgr.exe

C:\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.se/

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program\Java\jre1.5.0_06\bin\ssv.dll

O2 - BHO: ToolBar888 - {C004DEC2-2623-438e-9CA2-C9043AB28508} - C:\Program\Delade filer\{30D75811-0A77-1053-1021-02042520002e}\MyToolBar.dll

O2 - BHO: PrintViewBHO Class - {D4E0C464-30CE-4075-9A10-71FD106C2847} - C:\PROGRA~1\PRINTV~1\PRINTH~1.DLL

O3 - Toolbar: ToolBar888 - {C004DEC2-2623-438e-9CA2-C9043AB28508} - C:\Program\Delade filer\{30D75811-0A77-1053-1021-02042520002e}\MyToolBar.dll

O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE

O4 - HKLM\..\Run: [storageGuard] "C:\Program\VERITAS Software\Update Manager\sgtray.exe" /r

O4 - HKLM\..\Run: [KONICA MINOLTA PagePro 1300WStatusDisplay] C:\WINDOWS\system32\MSTMON_N.EXE

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program\Java\jre1.5.0_06\bin\jusched.exe

O4 - HKLM\..\Run: [AVG7_CC] C:\Program\Grisoft\AVGFRE~1\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [ipWins] C:\Program\ipwins\ipwins.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Program\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program\Delade filer\Ahead\Lib\NMBgMonitor.exe"

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program\Microsoft Office\Office10\OSA.EXE

O4 - Global Startup: Workspace Macro Pro Hotkeys.lnk = C:\MACRO\WMPHotkeys.exe

O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra button: PartyCasino.com - {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - D:\PartyCasino\RunCasino.exe

O9 - Extra 'Tools' menuitem: PartyCasino.com - {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - D:\PartyCasino\RunCasino.exe

O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - D:\PartyPoker\RunApp.exe

O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - D:\PartyPoker\RunApp.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1132093891643

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program\MSNMES~1\MSGRAP~1.DLL

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\Program\Grisoft\AVGFRE~1\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\Program\Grisoft\AVGFRE~1\avgupsvc.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program\Delade filer\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program\iPod\bin\iPodService.exe

O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)

[/log]

 

 

 

 

[Cecilia]

Vad har du gjort hittills för att få bort otrevligheterna?

 

HijackThis ska ligga i sin egen mapp så att dess säkerhetskopior inte kommer bort. Ta bort den HijackThis du har och installera denna i stället:

http://www.thespykiller.co.uk/files/HJTsetup.exe

 

Ladda ner ComboFix:

http://download.bleepingcomputer.com/sUBs/combofix.exe

 

Kör den och följ anvisningarna som visas.

 

VIKTIGT! Klicka inte på Combofix-fönstret med musen när den körs annars kan den hänga upp sig.

 

När den är färdig så ska en logg komma upp klistra in den här, samt en ny HijackThis-logg.

 

[Viktor89]

tack för hjälpen

 

[log]Logfile of HijackThis v1.99.1

Scan saved at 17:46:33, on 2006-10-24

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\SYSTEM32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Program\Grisoft\AVGFRE~1\avgamsvr.exe

C:\Program\Grisoft\AVGFRE~1\avgupsvc.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\CTHELPER.EXE

C:\WINDOWS\system32\MSTMON_N.EXE

C:\Program\Java\jre1.5.0_06\bin\jusched.exe

C:\Program\Grisoft\AVGFRE~1\avgcc.exe

C:\Program\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe

C:\Program\QuickTime\qttask.exe

C:\Program\iTunes\iTunesHelper.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program\Messenger\msmsgs.exe

C:\MACRO\WMPHotkeys.exe

C:\Program\iPod\bin\iPodService.exe

C:\Program\MSN Messenger\msnmsgr.exe

C:\WINDOWS\system32\svchost.exe

C:\Program\Internet Explorer\iexplore.exe

C:\Documents and Settings\Håkansson\Skrivbord\hijackthis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.se/

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program\Java\jre1.5.0_06\bin\ssv.dll

O2 - BHO: ToolBar888 - {C004DEC2-2623-438e-9CA2-C9043AB28508} - C:\Program\Delade filer\{30D75811-0A77-1053-1021-02042520002e}\MyToolBar.dll (file missing)

O3 - Toolbar: ToolBar888 - {C004DEC2-2623-438e-9CA2-C9043AB28508} - C:\Program\Delade filer\{30D75811-0A77-1053-1021-02042520002e}\MyToolBar.dll (file missing)

O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE

O4 - HKLM\..\Run: [storageGuard] "C:\Program\VERITAS Software\Update Manager\sgtray.exe" /r

O4 - HKLM\..\Run: [KONICA MINOLTA PagePro 1300WStatusDisplay] C:\WINDOWS\system32\MSTMON_N.EXE

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program\Java\jre1.5.0_06\bin\jusched.exe

O4 - HKLM\..\Run: [AVG7_CC] C:\Program\Grisoft\AVGFRE~1\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program\iTunes\iTunesHelper.exe"

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Program\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program\Delade filer\Ahead\Lib\NMBgMonitor.exe"

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program\Microsoft Office\Office10\OSA.EXE

O4 - Global Startup: Workspace Macro Pro Hotkeys.lnk = C:\MACRO\WMPHotkeys.exe

O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra button: PartyCasino.com - {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - D:\PartyCasino\RunCasino.exe

O9 - Extra 'Tools' menuitem: PartyCasino.com - {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - D:\PartyCasino\RunCasino.exe

O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - D:\PartyPoker\RunApp.exe

O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - D:\PartyPoker\RunApp.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1132093891643

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program\MSNMES~1\MSGRAP~1.DLL

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\Program\Grisoft\AVGFRE~1\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\Program\Grisoft\AVGFRE~1\avgupsvc.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program\Delade filer\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program\iPod\bin\iPodService.exe

O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)

 

[/log]

 

[log]H†kansson - 06-10-24 17:38:05,81 Service Pack 2

ComboFix 06.10.19 - Running from: "C:\Documents and Settings\H†kansson\Skrivbord"

 

(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

 

 

C:\Program\Delade filer\Yazzle1122OinAdmin.exe

C:\Program\Delade filer\Yazzle1122OinUninstaller.exe

C:\Program\Inetget2

C:\Program\Ipwins

C:\Program\Delade filer\{30D75811-0A77-1053-1021-02042520002e}

C:\Program\Delade filer\{30D75811-0A78-1053-1021-02042520002e}

C:\Program\Delade filer\{F0D75811-0A77-1053-1021-02042520002e}

C:\Program\Delade filer\{F0D75811-0A78-1053-1021-02042520002e}

 

 

((((((((((((((((((((((((((((((( Files Created from 2006-09-24 to 2006-10-24 ))))))))))))))))))))))))))))))))))

 

 

2006-10-24 17:36 276,918 --a------ C:\combofix.exe

2006-10-24 17:35 488,144 --a------ C:\HJTsetup.exe

2006-10-22 15:08 53,248 --a------ C:\WINDOWS\system32\Process.exe

2006-10-22 15:08 40,960 --a------ C:\WINDOWS\system32\swsc.exe

2006-10-22 15:08 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe

2006-10-22 15:08 135,168 --a------ C:\WINDOWS\system32\swreg.exe

2006-10-22 14:57 115,947 --a------ C:\WINDOWS\system32\one.exe

2006-10-22 14:57 115,947 --a------ C:\Documents and Settings\H†kansson\one.exe

2006-10-22 14:57 113,664 --a------ C:\WINDOWS\system32\goll.exe

2006-10-22 14:57 113,664 --a------ C:\Documents and Settings\H†kansson\goll.exe

2006-10-22 14:57 109,056 --a------ C:\WINDOWS\system32\drv.exe

2006-10-22 14:57 109,056 --a------ C:\Documents and Settings\H†kansson\drv.exe

2006-10-22 14:54 115,947 --a------ C:\WINDOWS\one.exe

2006-10-22 14:54 113,664 --a------ C:\WINDOWS\goll.exe

2006-10-22 14:54 109,056 --a------ C:\WINDOWS\drv.exe

2006-10-11 16:21 68,888 --a------ C:\WINDOWS\system32\xinput1_3.dll

2006-10-11 16:21 62,744 --a------ C:\WINDOWS\system32\xinput1_2.dll

2006-10-11 16:21 237,848 --a------ C:\WINDOWS\system32\xactengine2_4.dll

2006-10-11 16:21 236,824 --a------ C:\WINDOWS\system32\xactengine2_3.dll

2006-10-11 16:21 2,414,360 --a------ C:\WINDOWS\system32\d3dx9_31.dll

2006-10-11 16:21 15,128 --a------ C:\WINDOWS\system32\x3daudio1_1.dll

 

 

(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

 

 

2006-10-24 17:39 -------- d-------- C:\Program\Delade filer

2006-10-24 17:33 -------- d-------- C:\Program\Mozilla Firefox

2006-10-23 21:17 -------- d-------- C:\Program\Windows Media Player

2006-10-22 16:45 -------- d-------- C:\Program\MSN Messenger

2006-10-22 16:45 -------- d-------- C:\Program\Delade filer\Microsoft Shared

2006-10-17 18:20 -------- d-------- C:\Program\LimeWire

2006-10-14 20:48 -------- d-------- C:\Documents and Settings\H†kansson\Application Data\U3

2006-10-11 16:10 -------- d--h----- C:\Program\InstallShield Installation Information

2006-10-03 21:55 -------- d-------- C:\Documents and Settings\H†kansson\Application Data\OpenOffice.org2

2006-09-28 13:05 -------- d-------- C:\Program\iTunes

2006-09-28 13:05 -------- d-------- C:\Program\iPod

2006-09-28 13:03 -------- d-------- C:\Program\QuickTime

2006-09-28 13:02 -------- d-------- C:\Program\Apple Software Update

2006-09-28 10:47 778656 --a------ C:\WINDOWS\system32\drivers\avg7core.sys

2006-09-23 14:44 68888 --a------ C:\Documents and Settings\H†kansson\Application Data\GDIPFONTCACHEV1.DAT

2006-09-22 17:02 555715 --a------ C:\WINDOWS\Audi_com.exe

2006-09-22 17:02 29696 --a------ C:\WINDOWS\mickey32.dll

2006-09-22 17:02 184912 --a------ C:\WINDOWS\Audi_com.scr

2006-09-13 07:07 1084416 --a------ C:\WINDOWS\system32\msxml3.dll

2006-08-30 18:31 -------- d-------- C:\Program\Trafik

2006-08-26 18:16 -------- d-------- C:\Program\InterActual

2006-08-25 21:50 98304 --a------ C:\WINDOWS\system32\CmdLineExt.dll

2006-08-25 21:40 -------- d-------- C:\Program\Ubisoft

2006-08-25 17:54 617472 --a------ C:\WINDOWS\system32\comctl32.dll

2006-08-21 14:28 16896 --a------ C:\WINDOWS\system32\fltlib.dll

2006-08-21 11:14 23040 --a------ C:\WINDOWS\system32\fltmc.exe

2006-08-16 13:59 100352 --a------ C:\WINDOWS\system32\6to4svc.dll

2006-07-29 19:32 48936 --a------ C:\WINDOWS\system32\sirenacm.dll

2006-07-27 15:26 679424 --a------ C:\WINDOWS\system32\inetcomm.dll

 

 

(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

 

*Note* empty entries are not shown

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]

"CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.exe"

"MSMSGS"="\"C:\\Program\\Messenger\\msmsgs.exe\" /background"

"Steam"=""

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="\"C:\\Program\\Delade filer\\Ahead\\Lib\\NMBgMonitor.exe\""

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]

"WINDVDPatch"="CTHELPER.EXE"

"StorageGuard"="\"C:\\Program\\VERITAS Software\\Update Manager\\sgtray.exe\" /r"

"KONICA MINOLTA PagePro 1300WStatusDisplay"="C:\\WINDOWS\\system32\\MSTMON_N.EXE"

"NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvMcTray.dll,NvTaskbarInit"

"SunJavaUpdateSched"="C:\\Program\\Java\\jre1.5.0_06\\bin\\jusched.exe"

"AVG7_CC"="C:\\Program\\Grisoft\\AVGFRE~1\\avgcc.exe /STARTUP"

"Adobe Photo Downloader"="\"C:\\Program\\Adobe\\Photoshop Album Starter Edition\\3.0\\Apps\\apdproxy.exe\""

"QuickTime Task"="\"C:\\Program\\QuickTime\\qttask.exe\" -atboottime"

"iTunesHelper"="\"C:\\Program\\iTunes\\iTunesHelper.exe\""

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]

"Installed"="1"

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]

"Installed"="1"

"NoChange"="1"

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]

"Installed"="1"

 

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]

"DeskHtmlVersion"=dword:00000110

"DeskHtmlMinorVersion"=dword:00000005

"Settings"=dword:00000001

"GeneralFlags"=dword:00000004

 

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]

"CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"

"AVG7_Run"="C:\\Program\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"

 

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]

"CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"

"AVG7_Run"="C:\\Program\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]

"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"

"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"NoDriveTypeAutoRun"=dword:00000091

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"dontdisplaylastusername"=dword:00000000

"legalnoticecaption"=""

"legalnoticetext"=""

"shutdownwithoutlogon"=dword:00000001

"undockwithoutlogon"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

"AllowLegacyWebView"=dword:00000001

"AllowUnhashedWebView"=dword:00000001

"NoCDBurning"=dword:00000000

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]

 

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]

"NoDriveTypeAutoRun"=dword:00000091

 

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]

"NoDriveTypeAutoRun"=dword:00000091

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]

"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"

"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"

"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"

"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"

"WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]

"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

 

 

Contents of the 'Scheduled Tasks' folder

C:\WINDOWS\tasks\AppleSoftwareUpdate.job

 

Completion time: 06-10-24 17:40:01.28

C:\ComboFix.txt ... 06-10-24 17:40

[/log]

 

[Cecilia]

Kontrollpanelen - Lägg till eller ta bort program

Om några/något av följande finns i listan så ta bort

MaxiFiles

Toolbar888

 

Skanna med HijackThis och bocka för:

 

O2 - BHO: ToolBar888 - {C004DEC2-2623-438e-9CA2-C9043AB28508} - C:\Program\Delade filer\{30D75811-0A77-1053-1021-02042520002e}\MyToolBar.dll (file missing)

O3 - Toolbar: ToolBar888 - {C004DEC2-2623-438e-9CA2-C9043AB28508} - C:\Program\Delade filer\{30D75811-0A77-1053-1021-02042520002e}\MyToolBar.dll (file missing)

 

Avsluta alla andra program.

Tryck Fix checked.

Starta om datorn.

 

I Combofix-loggen så finns en lista på filer under rubriken Files Created from 2006-09-24 to 2006-10-24, för var och en där som du inte vet vad det är (såsom combofix) gör så här:

Gå till http://www.virustotal.com/ klistra in filnamnet (t ex C:\WINDOWS\system32\Process.exe) i rutan och tryck på Send, vänta tills resultatet är klart (Status blir Finished). Om något av programmen hittar något otrevligt eller om filstorleken är 0, så ta bort filen. Om det är någon fil som inte går att ta bort så skriv det här.

 

Ladda hem och kör AVG Anti-Spyware (Ewido) enligt dessa anvisningar (säg till om det är något du inte förstår):

http://rstones12.geekstogo.com/ewidosetup.htm

Klistra in rapporten i ditt svar

 

Skanna datorn online här: http://www.kaspersky.com/virusscanner

Klistra in resultatet här så tittar jag på det imorgon.

 

[Viktor89]

alltid verkar ha fungerat som det ska på http://www.virustotal.com/ gick allt att ta bort

 

[log]-------------------------------------------------------------------------------

KASPERSKY ONLINE SCANNER REPORT

Tuesday, October 24, 2006 10:39:13 PM

Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)

Kaspersky Online Scanner version: 5.0.83.0

Kaspersky Anti-Virus database last update: 24/10/2006

Kaspersky Anti-Virus database records: 221185

-------------------------------------------------------------------------------

 

Scan Settings:

Scan using the following antivirus database: standard

Scan Archives: true

Scan Mail Bases: true

 

Scan Target - My Computer:

A: C: D: E: F: G:

Scan Statistics:

Total number of scanned objects: 54717

Number of viruses found: 1

Number of infected objects: 3 / 0

Number of suspicious objects: 0

Duration of the scan process: 00:56:27

 

Infected Object Name / Virus Name / Last Action

C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log.lck Object is locked skipped

C:\Documents and Settings\Håkansson\Application Data\Microsoft\Outlook\marianne Öberg håkansson.srs Object is locked skipped

C:\Documents and Settings\Håkansson\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\Håkansson\Lokala inställningar\Application Data\Microsoft\Messenger\v_hakansson@hotmail.com\SharingMetadata\Logs\Dfsr.log Object is locked skipped

C:\Documents and Settings\Håkansson\Lokala inställningar\Application Data\Microsoft\Messenger\v_hakansson@hotmail.com\SharingMetadata\pending.dat Object is locked skipped

C:\Documents and Settings\Håkansson\Lokala inställningar\Application Data\Microsoft\Messenger\v_hakansson@hotmail.com\SharingMetadata\Working\database_AF0_D767_F0D7_5811\dfsr.db Object is locked skipped

C:\Documents and Settings\Håkansson\Lokala inställningar\Application Data\Microsoft\Messenger\v_hakansson@hotmail.com\SharingMetadata\Working\database_AF0_D767_F0D7_5811\fsr.log Object is locked skipped

C:\Documents and Settings\Håkansson\Lokala inställningar\Application Data\Microsoft\Messenger\v_hakansson@hotmail.com\SharingMetadata\Working\database_AF0_D767_F0D7_5811\fsrtmp.log Object is locked skipped

C:\Documents and Settings\Håkansson\Lokala inställningar\Application Data\Microsoft\Messenger\v_hakansson@hotmail.com\SharingMetadata\Working\database_AF0_D767_F0D7_5811\tmp.edb Object is locked skipped

C:\Documents and Settings\Håkansson\Lokala inställningar\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\Håkansson\Lokala inställningar\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\Håkansson\Lokala inställningar\Application Data\Microsoft\Windows Live Contacts\v_hakansson@hotmail.com\real\members.stg Object is locked skipped

C:\Documents and Settings\Håkansson\Lokala inställningar\Application Data\Microsoft\Windows Live Contacts\v_hakansson@hotmail.com\shadow\members.stg Object is locked skipped

C:\Documents and Settings\Håkansson\Lokala inställningar\Application Data\Mozilla\Firefox\Profiles\jyox505i.default\Cache\_CACHE_001_ Object is locked skipped

C:\Documents and Settings\Håkansson\Lokala inställningar\Application Data\Mozilla\Firefox\Profiles\jyox505i.default\Cache\_CACHE_002_ Object is locked skipped

C:\Documents and Settings\Håkansson\Lokala inställningar\Application Data\Mozilla\Firefox\Profiles\jyox505i.default\Cache\_CACHE_003_ Object is locked skipped

C:\Documents and Settings\Håkansson\Lokala inställningar\Application Data\Mozilla\Firefox\Profiles\jyox505i.default\Cache\_CACHE_MAP_ Object is locked skipped

C:\Documents and Settings\Håkansson\Lokala inställningar\Temp\~DFDFCE.tmp Object is locked skipped

C:\Documents and Settings\Håkansson\Lokala inställningar\Temp\~DFE02F.tmp Object is locked skipped

C:\Documents and Settings\Håkansson\Lokala inställningar\Temp\~DFEB3B.tmp Object is locked skipped

C:\Documents and Settings\Håkansson\Lokala inställningar\Temp\~DFF934.tmp Object is locked skipped

C:\Documents and Settings\Håkansson\Lokala inställningar\Temp\~DFF946.tmp Object is locked skipped

C:\Documents and Settings\Håkansson\Lokala inställningar\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\Håkansson\Lokala inställningar\Tidigare\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\Håkansson\Lokala inställningar\Tidigare\History.IE5\MSHist012006102420061025\index.dat Object is locked skipped

C:\Documents and Settings\Håkansson\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\Håkansson\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Lokala inställningar\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\LocalService\Lokala inställningar\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\LocalService\Lokala inställningar\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Lokala inställningar\Tidigare\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\Lokala inställningar\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\NetworkService\Lokala inställningar\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped

C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

C:\System Volume Information\_restore{E53B1DB7-1F1A-4E50-906D-C48492AEED05}\RP291\A0080719.exe Object is locked skipped

C:\System Volume Information\_restore{E53B1DB7-1F1A-4E50-906D-C48492AEED05}\RP291\A0080736.exe Object is locked skipped

C:\System Volume Information\_restore{E53B1DB7-1F1A-4E50-906D-C48492AEED05}\RP291\A0080737.exe Object is locked skipped

C:\System Volume Information\_restore{E53B1DB7-1F1A-4E50-906D-C48492AEED05}\RP293\A0080814.exe Object is locked skipped

C:\System Volume Information\_restore{E53B1DB7-1F1A-4E50-906D-C48492AEED05}\RP293\A0080817.exe Object is locked skipped

C:\System Volume Information\_restore{E53B1DB7-1F1A-4E50-906D-C48492AEED05}\RP296\A0081143.exe Infected: Trojan-Downloader.Win32.Adload.hd skipped

C:\System Volume Information\_restore{E53B1DB7-1F1A-4E50-906D-C48492AEED05}\RP296\A0081144.exe Infected: Trojan-Downloader.Win32.Adload.hd skipped

C:\System Volume Information\_restore{E53B1DB7-1F1A-4E50-906D-C48492AEED05}\RP296\A0081145.exe Infected: Trojan-Downloader.Win32.Adload.hd skipped

C:\System Volume Information\_restore{E53B1DB7-1F1A-4E50-906D-C48492AEED05}\RP296\change.log Object is locked skipped

C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped

C:\WINDOWS\SchedLgU.Txt Object is locked skipped

C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped

C:\WINDOWS\Sti_Trace.log Object is locked skipped

C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped

C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped

C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\default Object is locked skipped

C:\WINDOWS\system32\config\default.LOG Object is locked skipped

C:\WINDOWS\system32\config\SAM Object is locked skipped

C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped

C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\SECURITY Object is locked skipped

C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped

C:\WINDOWS\system32\config\software Object is locked skipped

C:\WINDOWS\system32\config\software.LOG Object is locked skipped

C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\system Object is locked skipped

C:\WINDOWS\system32\config\system.LOG Object is locked skipped

C:\WINDOWS\system32\h323log.txt Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped

C:\WINDOWS\wiadebug.log Object is locked skipped

C:\WINDOWS\wiaservc.log Object is locked skipped

C:\WINDOWS\WindowsUpdate.log Object is locked skipped

D:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

 

Scan process completed.

[/log]

[log]---------------------------------------------------------

AVG Anti-Spyware - Scan Report

---------------------------------------------------------

 

+ Created at: 21:21:28 2006-10-24

 

+ Scan result:

 

 

 

C:\Program\Everest Poker\CStart.exe -> Adware.Casino : Cleaned.

C:\Program\Everest Poker\Everest Poker.exe -> Adware.Casino : Cleaned.

D:\Everest Poker.exe -> Adware.Casino : Cleaned.

C:\Program Files\PrintView\printhook030.dll -> Adware.PrintView : Cleaned.

C:\System Volume Information\_restore{E53B1DB7-1F1A-4E50-906D-C48492AEED05}\RP291\A0080746.dll -> Adware.Softomate : Cleaned.

C:\System Volume Information\_restore{E53B1DB7-1F1A-4E50-906D-C48492AEED05}\RP291\A0080747.exe -> Adware.Softomate : Cleaned.

C:\System Volume Information\_restore{E53B1DB7-1F1A-4E50-906D-C48492AEED05}\RP291\A0080748.dll -> Adware.Softomate : Cleaned.

C:\System Volume Information\_restore{E53B1DB7-1F1A-4E50-906D-C48492AEED05}\RP296\A0081052.dll -> Adware.Softomate : Cleaned.

C:\System Volume Information\_restore{E53B1DB7-1F1A-4E50-906D-C48492AEED05}\RP296\A0081054.dll -> Adware.Softomate : Cleaned.

C:\System Volume Information\_restore{E53B1DB7-1F1A-4E50-906D-C48492AEED05}\RP296\A0081056.dll -> Adware.Softomate : Cleaned.

C:\System Volume Information\_restore{E53B1DB7-1F1A-4E50-906D-C48492AEED05}\RP296\A0081057.exe -> Adware.Softomate : Cleaned.

C:\System Volume Information\_restore{E53B1DB7-1F1A-4E50-906D-C48492AEED05}\RP296\A0081061.dll -> Adware.Softomate : Cleaned.

C:\System Volume Information\_restore{E53B1DB7-1F1A-4E50-906D-C48492AEED05}\RP296\A0081062.exe -> Adware.Softomate : Cleaned.

C:\System Volume Information\_restore{E53B1DB7-1F1A-4E50-906D-C48492AEED05}\RP291\A0080762.pif -> Backdoor.MSNMaker.w : Cleaned.

C:\System Volume Information\_restore{E53B1DB7-1F1A-4E50-906D-C48492AEED05}\RP292\A0080790.rbf -> Backdoor.MSNMaker.w : Cleaned.

C:\RECYCLER\S-1-5-21-117609710-1482476501-725345543-1003\Dc7.exe -> Downloader.Adload.hd : Cleaned.

C:\RECYCLER\S-1-5-21-117609710-1482476501-725345543-1003\Dc8.exe -> Downloader.Adload.hd : Cleaned.

C:\System Volume Information\_restore{E53B1DB7-1F1A-4E50-906D-C48492AEED05}\RP291\A0080745.exe -> Downloader.Adload.hd : Cleaned.

C:\System Volume Information\_restore{E53B1DB7-1F1A-4E50-906D-C48492AEED05}\RP291\A0080751.exe -> Downloader.Adload.hd : Cleaned.

C:\System Volume Information\_restore{E53B1DB7-1F1A-4E50-906D-C48492AEED05}\RP296\A0081120.exe -> Downloader.Adload.hd : Cleaned.

C:\System Volume Information\_restore{E53B1DB7-1F1A-4E50-906D-C48492AEED05}\RP296\A0081121.exe -> Downloader.Adload.hd : Cleaned.

C:\System Volume Information\_restore{E53B1DB7-1F1A-4E50-906D-C48492AEED05}\RP296\A0081122.exe -> Downloader.Adload.hd : Cleaned.

C:\WINDOWS\system32\drv.exe -> Downloader.Adload.hd : Cleaned.

C:\System Volume Information\_restore{E53B1DB7-1F1A-4E50-906D-C48492AEED05}\RP291\A0080731.exe -> Downloader.Harnig.cu : Cleaned.

C:\System Volume Information\_restore{E53B1DB7-1F1A-4E50-906D-C48492AEED05}\RP291\A0080739.exe -> Downloader.Harnig.cu : Cleaned.

C:\System Volume Information\_restore{E53B1DB7-1F1A-4E50-906D-C48492AEED05}\RP293\A0080816.exe -> Downloader.Harnig.cu : Cleaned.

C:\System Volume Information\_restore{E53B1DB7-1F1A-4E50-906D-C48492AEED05}\RP293\A0080818.exe -> Downloader.Harnig.cu : Cleaned.

C:\System Volume Information\_restore{E53B1DB7-1F1A-4E50-906D-C48492AEED05}\RP291\A0080735.exe -> Dropper.PurityScan.ah : Cleaned.

C:\System Volume Information\_restore{E53B1DB7-1F1A-4E50-906D-C48492AEED05}\RP291\A0080738.exe -> Dropper.PurityScan.ah : Cleaned.

C:\System Volume Information\_restore{E53B1DB7-1F1A-4E50-906D-C48492AEED05}\RP293\A0080815.exe -> Dropper.PurityScan.ah : Cleaned.

C:\System Volume Information\_restore{E53B1DB7-1F1A-4E50-906D-C48492AEED05}\RP293\A0080819.exe -> Dropper.PurityScan.ah : Cleaned.

C:\System Volume Information\_restore{E53B1DB7-1F1A-4E50-906D-C48492AEED05}\RP296\A0081047.exe -> Dropper.Small : Cleaned.

:mozilla.137:C:\Documents and Settings\Håkansson\Application Data\Mozilla\Firefox\Profiles\jyox505i.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.

:mozilla.138:C:\Documents and Settings\Håkansson\Application Data\Mozilla\Firefox\Profiles\jyox505i.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.

:mozilla.139:C:\Documents and Settings\Håkansson\Application Data\Mozilla\Firefox\Profiles\jyox505i.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.

:mozilla.140:C:\Documents and Settings\Håkansson\Application Data\Mozilla\Firefox\Profiles\jyox505i.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.

:mozilla.143:C:\Documents and Settings\Håkansson\Application Data\Mozilla\Firefox\Profiles\jyox505i.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.

:mozilla.144:C:\Documents and Settings\Håkansson\Application Data\Mozilla\Firefox\Profiles\jyox505i.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.

:mozilla.145:C:\Documents and Settings\Håkansson\Application Data\Mozilla\Firefox\Profiles\jyox505i.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.

:mozilla.146:C:\Documents and Settings\Håkansson\Application Data\Mozilla\Firefox\Profiles\jyox505i.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.

:mozilla.147:C:\Documents and Settings\Håkansson\Application Data\Mozilla\Firefox\Profiles\jyox505i.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.

:mozilla.148:C:\Documents and Settings\Håkansson\Application Data\Mozilla\Firefox\Profiles\jyox505i.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.

:mozilla.149:C:\Documents and Settings\Håkansson\Application Data\Mozilla\Firefox\Profiles\jyox505i.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.

:mozilla.438:C:\Documents and Settings\Håkansson\Application Data\Mozilla\Firefox\Profiles\jyox505i.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.

:mozilla.219:C:\Documents and Settings\Håkansson\Application Data\Mozilla\Firefox\Profiles\jyox505i.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.

:mozilla.220:C:\Documents and Settings\Håkansson\Application Data\Mozilla\Firefox\Profiles\jyox505i.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.

:mozilla.16:C:\Documents and Settings\Håkansson\Application Data\Mozilla\Firefox\Profiles\jyox505i.default\cookies.txt -> TrackingCookie.Adtech : Cleaned.

:mozilla.17:C:\Documents and Settings\Håkansson\Application Data\Mozilla\Firefox\Profiles\jyox505i.default\cookies.txt -> TrackingCookie.Adtech : Cleaned.

:mozilla.37:C:\Documents and Settings\Håkansson\Application Data\Mozilla\Firefox\Profiles\jyox505i.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.

:mozilla.38:C:\Documents and Settings\Håkansson\Application Data\Mozilla\Firefox\Profiles\jyox505i.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.

:mozilla.40:C:\Documents and Settings\Håkansson\Application Data\Mozilla\Firefox\Profiles\jyox505i.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.

:mozilla.41:C:\Documents and Settings\Håkansson\Application Data\Mozilla\Firefox\Profiles\jyox505i.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.

:mozilla.43:C:\Documents and Settings\Håkansson\Application Data\Mozilla\Firefox\Profiles\jyox505i.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.

:mozilla.45:C:\Documents and Settings\Håkansson\Application Data\Mozilla\Firefox\Profiles\jyox505i.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.

:mozilla.62:C:\Documents and Settings\Håkansson\Application Data\Mozilla\Firefox\Profiles\jyox505i.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.

:mozilla.221:C:\Documents and Settings\Håkansson\Application Data\Mozilla\Firefox\Profiles\jyox505i.default\cookies.txt -> TrackingCookie.Bfast : Cleaned.

:mozilla.231:C:\Documents and Settings\Håkansson\Application Data\Mozilla\Firefox\Profiles\jyox505i.default\cookies.txt -> TrackingCookie.Bluestreak : Cleaned.

:mozilla.64:C:\Documents and Settings\Håkansson\Application Data\Mozilla\Firefox\Profiles\jyox505i.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.

:mozilla.70:C:\Documents and Settings\Håkansson\Application Data\Mozilla\Firefox\Profiles\jyox505i.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.

:mozilla.72:C:\Documents and Settings\Håkansson\Application Data\Mozilla\Firefox\Profiles\jyox505i.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.

:mozilla.73:C:\Documents and Settings\Håkansson\Application Data\Mozilla\Firefox\Profiles\jyox505i.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.

:mozilla.74:C:\Documents and Settings\Håkansson\Application Data\Mozilla\Firefox\Profiles\jyox505i.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.

:mozilla.75:C:\Documents and Settings\Håkansson\Application Data\Mozilla\Firefox\Profiles\jyox505i.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.

:mozilla.54:C:\Documents and Settings\Håkansson\Application Data\Mozilla\Firefox\Profiles\jyox505i.default\cookies.txt -> TrackingCookie.Com : Cleaned.

:mozilla.104:C:\Documents and Settings\Håkansson\Application Data\Mozilla\Firefox\Profiles\jyox505i.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.

:mozilla.507:C:\Documents and Settings\Håkansson\Application Data\Mozilla\Firefox\Profiles\jyox505i.default\cookies.txt -> TrackingCookie.Etracker : Cleaned.

:mozilla.268:C:\Documents and Settings\Håkansson\Application Data\Mozilla\Firefox\Profiles\jyox505i.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.

:mozilla.269:C:\Documents and Settings\Håkansson\Application Data\Mozilla\Firefox\Profiles\jyox505i.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.

:mozilla.271:C:\Documents and Settings\Håkansson\Application Data\Mozilla\Firefox\Profiles\jyox505i.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.

:mozilla.272:C:\Documents and Settings\Håkansson\Application Data\Mozilla\Firefox\Profiles\jyox505i.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.

:mozilla.311:C:\Documents and Settings\Håkansson\Application Data\Mozilla\Firefox\Profiles\jyox505i.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.

:mozilla.312:C:\Documents and Settings\Håkansson\Application Data\Mozilla\Firefox\Profiles\jyox505i.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.

:mozilla.313:C:\Documents and Settings\Håkansson\Application Data\Mozilla\Firefox\Profiles\jyox505i.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.

:mozilla.184:C:\Documents and Settings\Håkansson\Application Data\Mozilla\Firefox\Profiles\jyox505i.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.

:mozilla.185:C:\Documents and Settings\Håkansson\Application Data\Mozilla\Firefox\Profiles\jyox505i.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.

:mozilla.186:C:\Documents and Settings\Håkansson\Application Data\Mozilla\Firefox\Profiles\jyox505i.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.

:mozilla.323:C:\Documents and Settings\Håkansson\Application Data\Mozilla\Firefox\Profiles\jyox505i.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.

:mozilla.116:C:\Documents and Settings\Håkansson\Application Data\Mozilla\Firefox\Profiles\jyox505i.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.

:mozilla.117:C:\Documents and Settings\Håkansson\Application Data\Mozilla\Firefox\Profiles\jyox505i.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.

:mozilla.118:C:\Documents and Settings\Håkansson\Application Data\Mozilla\Firefox\Profiles\jyox505i.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.

:mozilla.206:C:\Documents and Settings\Håkansson\Application Data\Mozilla\Firefox\Profiles\jyox505i.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.

:mozilla.391:C:\Documents and Settings\Håkansson\Application Data\Mozilla\Firefox\Profiles\jyox505i.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.

:mozilla.392:C:\Documents and Settings\Håkansson\Application Data\Mozilla\Firefox\Profiles\jyox505i.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.

:mozilla.127:C:\Documents and Settings\Håkansson\Application Data\Mozilla\Firefox\Profiles\jyox505i.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.

:mozilla.248:C:\Documents and Settings\Håkansson\Application Data\Mozilla\Firefox\Profiles\jyox505i.default\cookies.txt -> TrackingCookie.Overture : Cleaned.

:mozilla.309:C:\Documents and Settings\Håkansson\Application Data\Mozilla\Firefox\Profiles\jyox505i.default\cookies.txt -> TrackingCookie.Overture : Cleaned.

:mozilla.501:C:\Documents and Settings\Håkansson\Application Data\Mozilla\Firefox\Profiles\jyox505i.default\cookies.txt -> TrackingCookie.Qksrv : Cleaned.

:mozilla.502:C:\Documents and Settings\Håkansson\Application Data\Mozilla\Firefox\Profiles\jyox505i.default\cookies.txt -> TrackingCookie.Qksrv : Cleaned.

:mozilla.307:C:\Documents and Settings\Håkansson\Application Data\Mozilla\Firefox\Profiles\jyox505i.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.

:mozilla.308:C:\Documents and Settings\Håkansson\Application Data\Mozilla\Firefox\Profiles\jyox505i.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.

:mozilla.211:C:\Documents and Settings\Håkansson\Application Data\Mozilla\Firefox\Profiles\jyox505i.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.

:mozilla.212:C:\Documents and Settings\Håkansson\Application Data\Mozilla\Firefox\Profiles\jyox505i.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.

:mozilla.215:C:\Documents and Settings\Håkansson\Application Data\Mozilla\Firefox\Profiles\jyox505i.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.

:mozilla.216:C:\Documents and Settings\Håkansson\Application Data\Mozilla\Firefox\Profiles\jyox505i.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.

:mozilla.218:C:\Documents and Settings\Håkansson\Application Data\Mozilla\Firefox\Profiles\jyox505i.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.

:mozilla.103:C:\Documents and Settings\Håkansson\Application Data\Mozilla\Firefox\Profiles\jyox505i.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.

:mozilla.94:C:\Documents and Settings\Håkansson\Application Data\Mozilla\Firefox\Profiles\jyox505i.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.

:mozilla.96:C:\Documents and Settings\Håkansson\Application Data\Mozilla\Firefox\Profiles\jyox505i.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.

:mozilla.97:C:\Documents and Settings\Håkansson\Application Data\Mozilla\Firefox\Profiles\jyox505i.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.

:mozilla.98:C:\Documents and Settings\Håkansson\Application Data\Mozilla\Firefox\Profiles\jyox505i.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.

:mozilla.99:C:\Documents and Settings\Håkansson\Application Data\Mozilla\Firefox\Profiles\jyox505i.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.

:mozilla.299:C:\Documents and Settings\Håkansson\Application Data\Mozilla\Firefox\Profiles\jyox505i.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.

:mozilla.300:C:\Documents and Settings\Håkansson\Application Data\Mozilla\Firefox\Profiles\jyox505i.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.

:mozilla.301:C:\Documents and Settings\Håkansson\Application Data\Mozilla\Firefox\Profiles\jyox505i.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.

:mozilla.76:C:\Documents and Settings\Håkansson\Application Data\Mozilla\Firefox\Profiles\jyox505i.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned.

:mozilla.77:C:\Documents and Settings\Håkansson\Application Data\Mozilla\Firefox\Profiles\jyox505i.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned.

:mozilla.78:C:\Documents and Settings\Håkansson\Application Data\Mozilla\Firefox\Profiles\jyox505i.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned.

:mozilla.79:C:\Documents and Settings\Håkansson\Application Data\Mozilla\Firefox\Profiles\jyox505i.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned.

:mozilla.80:C:\Documents and Settings\Håkansson\Application Data\Mozilla\Firefox\Profiles\jyox505i.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned.

:mozilla.179:C:\Documents and Settings\Håkansson\Application Data\Mozilla\Firefox\Profiles\jyox505i.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.

:mozilla.35:C:\Documents and Settings\Håkansson\Application Data\Mozilla\Firefox\Profiles\jyox505i.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.

:mozilla.421:C:\Documents and Settings\Håkansson\Application Data\Mozilla\Firefox\Profiles\jyox505i.default\cookies.txt -> TrackingCookie.Valueclick : Cleaned.

:mozilla.95:C:\Documents and Settings\Håkansson\Application Data\Mozilla\Firefox\Profiles\jyox505i.default\cookies.txt -> TrackingCookie.Valueclick : Cleaned.

:mozilla.520:C:\Documents and Settings\Håkansson\Application Data\Mozilla\Firefox\Profiles\jyox505i.default\cookies.txt -> TrackingCookie.Weborama : Cleaned.

:mozilla.123:C:\Documents and Settings\Håkansson\Application Data\Mozilla\Firefox\Profiles\jyox505i.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned.

:mozilla.326:C:\Documents and Settings\Håkansson\Application Data\Mozilla\Firefox\Profiles\jyox505i.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.

:mozilla.327:C:\Documents and Settings\Håkansson\Application Data\Mozilla\Firefox\Profiles\jyox505i.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.

:mozilla.328:C:\Documents and Settings\Håkansson\Application Data\Mozilla\Firefox\Profiles\jyox505i.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.

:mozilla.242:C:\Documents and Settings\Håkansson\Application Data\Mozilla\Firefox\Profiles\jyox505i.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.

:mozilla.243:C:\Documents and Settings\Håkansson\Application Data\Mozilla\Firefox\Profiles\jyox505i.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.

:mozilla.244:C:\Documents and Settings\Håkansson\Application Data\Mozilla\Firefox\Profiles\jyox505i.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.

 

 

::Report end

[/log]

 

[Cecilia]

Det som Kaspersky hittade tas bort så här:

 

C:\System Volume Information\_restore är stället där systemåterställningsfunktionen lagrar olika systemåterställningspunkter. Det betyder att medan din dator var infekterad så skapade Windows en systemåterställningspunkt. Så länge som otrevligheterna ligger i den mappen så är de ofarliga. Däremot så om du återställer till en tidpunkt då datorn var infekterad så blir även otrevligheterna återställda.

 

Du kan ta bort samtliga systemåterställningspunkter genom att stänga av systemåterställningsfunktionen, starta om datorn och så slå på funktionen igen. Systemåterställningsfunktionen slår man av och på här:

Högerklick på Den här datorn - Egenskaper - Systemåterställning.

 

Enligt Ewido ska föjande göras.

Ta bort mapparna:

C:\Program\Everest Poker

C:\Program Files\PrintView

C:\Program\Delade filer\{30D75811-0A77-1053-1021-02042520002e}

 

Hur uppför sig datorn nu?

 

[Viktor89]

datorn verkar vara popup fri just nu

men jag lyckades inte hitta:

C:\Program\Delade filer\{30D75811-0A77-1053-1021-02042520002e}

 

ska jag ha kvar /använda avg anti-spyware på datorn?

 

och jag har just nu bara ett gratis virusskydd (avg free edition) är det värt att ha kvar det eller ska jag skaffa något annat?

 

tack ialla fall för hjälpen

 

[Cecilia]

Vad bra att datorn sköter sig.

 

AVG Anti-Spyware är en mycket bra produkt och väl värd att behålla.

 

AVG antivirus är ett fullt tillräckligt antivirusprogram.

 

Här kommer mina vanliga råd för en säkrare dator, men det är såklart viktigt att man använder sitt förnuft också.

 

Uppdatera från Windows Update och kör antispionprogrammen AVG Anti-Spyware (Ewido), Spybot S&D och/eller Ad-aware regelbundet.

http://www.ewido.net/en/

http://www.safer-networking.org/en/download/index.html

http://www.lavasoft.com

 

Komplettera antivirusprogrammet med några online-skanningar då och då:

http://housecall.trendmicro.com/

http://www.bitdefender.com/scan8/ie.html

http://www.pandasoftware.com/products/activescan/

 

Använd en brandvägg (bättre än den inbyggda i XP), finns gratis från t ex ZoneLabs.

http://www.zonelabs.com/store/content/home.jsp

 

Om man använder Internet Explorer så kan det vara lämpligt att ha programmen SpywareBlaster och SpywareGuard, vilka hindrar en hel del otrevliga program från att laddas ner resp. köras:

http://www.javacoolsoftware.com

 

Se över säkerhetsinställningarna i Internet Explorer, det finns en hel del tips här:

http://www.spywarewarrior.com/uiuc/btw/ie/ie-opts.htm

 

Samt kör IE-SpyAd som lägger en hel massa otrevliga webbplatser i zonen Ej tillförlitliga i Internet Explorer så att de inte kan göra något med datorn:

http://www.spywarewarrior.com/uiuc/resource.htm

 

Om man byter webbläsare så är det bara SpywareGuard som behövs. Andra webbläsare är t ex Mozilla Firefox och Opera:

http://www.mozilla.org

http://www.opera.com

 

Allt gratis för hemanvändare/personligt bruk.