Går ej att aktivera windows brandvägg!

[ducdereve!]

Har ett mycket irriterande dilemma... det går inte att aktivera windows brandväggen... har testat o installera comodo, men nu är det också inaktiverat efter att jag tänkte installera om det. Nu går ej comodo att varken avinstallera eller aktivera! Har alltså INGEN brandvägg aktiv! Vad göra??

 

http://support.microsoft.com/kb/283673/sv = rubrik = Aktivera Windows-brandväggen i Windows XP SP2 - stöter på patrull direkt.. "kan inte nå intällningar av windows-brandväggen p.g.a. ett oidentifierat problem"

 

Kanske bör tillägga att det uppkom i samband med msn-virus....

 

tack på förhand!

 

 

 

[Cecilia]

Kanske bör tillägga att det uppkom i samband med msn-virus....

Då finns det väl fortfarande otrevligheter kvar i datorn. Vad har du gjort för att avlägsna msn-masken?

 

Vi kan ju se om HijackThis visar något till att börja med:

http://www.thespykiller.co.uk/files/HJTsetup.exe

Installera, kör, skanna och spara loggen (inget annat).

 

I ditt svar bifogar du HijackThis-loggen på detta sätt:

Tryck på LOG-knappen i Besvara-fönstret

Klistra in loggen

Tryck igen på LOG-knappen

 

[ducdereve!]

[log]Logfile of HijackThis v1.99.1

Scan saved at 13:52:07, on 2006-10-24

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program\Sygate\SPF\smc.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program\Grisoft\AVG7\avgamsvr.exe

C:\WINDOWS\Explorer.EXE

C:\Program\Grisoft\AVG7\avgupsvc.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Program\Analog Devices\SoundMAX\SMAgent.exe

C:\WINDOWS\system32\svchost.exe

C:\Program\Winamp\winampa.exe

C:\Program\Java\jre1.5.0_08\bin\jusched.exe

C:\Program\QuickTime\qttask.exe

C:\Program\iTunes\iTunesHelper.exe

C:\Program\D-Tools\daemon.exe

C:\Program\SlySoft\CloneCD\CloneCDTray.exe

C:\Program\Grisoft\AVG7\avgcc.exe

C:\Program\CA\eTrust Internet Security Suite\caissdt.exe

C:\Program\iPod\bin\iPodService.exe

C:\Program\CA\eTrust Internet Security Suite\eTrust PestPatrol Anti-Spyware\PPActiveDetection.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program\utorrent\utorrent.exe

C:\WINDOWS\system32\WgaTray.exe

C:\Program\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe

C:\Program\MSN Messenger\MsnMsgr.Exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program\Delade filer\Ahead\lib\NMBgMonitor.exe

C:\Program\LG PC Suite\LG PC Sync\LGSyncManager.exe

C:\Program\Personal\bin\Personal.exe

C:\Program\VIA\RAID\raid_tool.exe

C:\WINDOWS\system32\svchost.exe

C:\Program\Internet Explorer\iexplore.exe

C:\Program\Prevx1\PXConsole.exe

C:\Program\Prevx1\PXAgent.exe

C:\Program\Internet Explorer\IEXPLORE.EXE

C:\Program\Hijackthis\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.aftonbladet.se/'>http://www.aftonbladet.se/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.aftonbladet.se

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = IE_Window_Title

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer =

 

http=http://proxy1.telia.com:8080

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride =

 

http://login1.telia.com;http://10.0.0.6;<local>

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar

R3 - URLSearchHook: (no name) - {A8B28872-3324-4CD2-8AA3-7D555C872D96} - (no file)

O2 - BHO: Malicious Scripts Scanner - {55EA1964-F5E4-4D6A-B9B2-125B37655FCB} - C:\Documents and Settings\All

 

Users.WINDOWS\Application Data\Prevx\pxbho.dll

O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program\Siber Systems\AI RoboForm\roboform.dll

O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program\Windows Live

 

Toolbar\msntb.dll

O3 - Toolbar: (no name) - {C004DEC2-2623-438e-9CA2-C9043AB28508} - (no file)

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [WinampAgent] C:\Program\Winamp\winampa.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program\Java\jre1.5.0_08\bin\jusched.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program\D-Tools\daemon.exe" -lang 1033

O4 - HKLM\..\Run: [CloneCDTray] "C:\Program\SlySoft\CloneCD\CloneCDTray.exe" /s

O4 - HKLM\..\Run: [AVG7_CC] C:\Program\Grisoft\AVG7\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [PrevxOne] "C:\Program\Prevx1\PXConsole.exe"

O4 - HKLM\..\Run: [CaISSDT] "C:\Program\CA\eTrust Internet Security Suite\caissdt.exe"

O4 - HKLM\..\Run: [eTrustPPAP] "C:\Program\CA\eTrust Internet Security Suite\eTrust PestPatrol

 

Anti-Spyware\PPActiveDetection.exe"

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKLM\..\Run: [smcService] C:\Program\Sygate\SPF\smc.exe -startgui

O4 - HKCU\..\Run: [µTorrent] "C:\Program\utorrent\utorrent.exe"

O4 - HKCU\..\Run: [RoboForm] "C:\Program\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program\Delade

 

filer\Ahead\lib\NMBgMonitor.exe"

O4 - Startup: Adobe Gamma.lnk = C:\Program\Delade filer\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: LG SyncManager.lnk = C:\Program\LG PC Suite\LG PC Sync\LGSyncManager.exe

O4 - Global Startup: Personal.lnk = C:\Program\Personal\bin\Personal.exe

O4 - Global Startup: VIA RAID TOOL.lnk = C:\Program\VIA\RAID\raid_tool.exe

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O8 - Extra context menu item: &Windows Live Search - res://C:\Program\Windows Live Toolbar\msntb.dll/search.htm

O8 - Extra context menu item: Anpassa RF menu - file://C:\Program\Siber Systems\AI

 

RoboForm\RoboFormComCustomizeIEMenu.html

O8 - Extra context menu item: Blockera alla bilder från samma sida - C:\Program\Avant

 

Browser\AddAllToADBlackList.htm

O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~2\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Lägg till i AD Svartlistan - C:\Program\Avant Browser\AddToADBlackList.htm

O8 - Extra context menu item: Markera - C:\Program\Avant Browser\Highlight.htm

O8 - Extra context menu item: RF verktygslist - file://C:\Program\Siber Systems\AI

 

RoboForm\RoboFormComShowToolbar.html

O8 - Extra context menu item: Sök - C:\Program\Avant Browser\Search.htm

O8 - Extra context menu item: Öppna alla länkar på sidan... - C:\Program\Avant Browser\OpenAllLinks.htm

O8 - Extra context menu item: Öppna i ett nytt Avant Browser - C:\Program\Avant Browser\OpenInNewBrowser.htm

O8 - Extra context menu item: Öppna på ny flik i bakgrunden - res://C:\Program\Windows Live

 

Toolbar\Components\sv-se\msntabres.dll.mui/229?ca5364ffea36441e923c435c23b31b86

O8 - Extra context menu item: Öppna på ny flik i förgrunden - res://C:\Program\Windows Live

 

Toolbar\Components\sv-se\msntabres.dll.mui/230?ca5364ffea36441e923c435c23b31b86

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_08\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -

 

C:\Program\Java\jre1.5.0_08\bin\ssv.dll

O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program\Siber Systems\AI

 

RoboForm\RoboFormComShowToolbar.html

O9 - Extra 'Tools' menuitem: RF verktygslist - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program\Siber

 

Systems\AI RoboForm\RoboFormComShowToolbar.html

O9 - Extra button: Referensinformation - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -

 

C:\Program\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -

 

C:\Program\Messenger\msmsgs.exe

O14 - IERESET.INF: START_PAGE_URL=http://login1.telia.com

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) -

 

http://by112w.bay112.mail.live.com/mail/resources/MsnPUpld.cab

O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) -

 

http://cdn.scan.safety.live.com/resource/download/scanner/wlscbase969.cab

O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) -

 

http://www3.ca.com/securityadvisor/virusinfo/webscan.cab

O16 - DPF: {E055C02E-6258-40FF-80A7-3BDA52FACAD7} (Installer Class) - http://activex.matcash.com/speedtest2.dll

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program\MSNMES~1\MSGRAP~1.DLL

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program\Delade filer\Adobe Systems

 

Shared\Service\Adobelmsvc.exe

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\Program\Grisoft\AVG7\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\Program\Grisoft\AVG7\avgupsvc.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program\Delade

 

filer\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPodService - Apple Computer, Inc. - C:\Program\iPod\bin\iPodService.exe

O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program\Delade filer\Macromedia

 

Shared\Service\Macromedia Licensing.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Prevx Agent (PREVXAgent) - Unknown owner - C:\Program\Prevx1\PXAgent.exe" -f (file missing)

O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program\Sygate\SPF\smc.exe

O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program\Analog

 

Devices\SoundMAX\SMAgent.exe

 

[/log]

 

[Cecilia]

Vad har du gjort för att avlägsna msn-masken?

Vore bra att veta så att jag inte ber dig köra en massa program i onödan.

 

Skanna med HijackThis och bocka för:

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank

R3 - URLSearchHook: (no name) - {A8B28872-3324-4CD2-8AA3-7D555C872D96} - (no file)

O3 - Toolbar: (no name) - {C004DEC2-2623-438e-9CA2-C9043AB28508} - (no file)

O16 - DPF: {E055C02E-6258-40FF-80A7-3BDA52FACAD7} (Installer Class) - http://activex.matcash.com/speedtest2.dll

 

Avsluta alla program.

Tryck Fix checked.

Starta om datorn.

 

Du har ju Sygates brandvägg i datorn, då ska man inte starta Windows-brandväggen.

 

[ducdereve!]

Nu var inga program förbockade, men jag startade om datorn...

Sygate har jag, men det har hänt nåt som gör att att jag inte kommer in i inställningar för brandvägg genom kontrollpanelen.. jag kan varken aktivera windows brandväggen, eller göra ngt annat. det står " det gick inte att visa windowsbrandväggens inställningar pga ett oidentifierat problem".

 

[Cecilia]

Nu var inga program förbockade, men jag startade om datorn...

?

 

[ducdereve!]

I hijackthis....

 

[Cecilia]

Varför bockade du inte för raderna jag listade?

 

[ducdereve!]

vet inte vad som hände.... men nu har jag bockat för dem du skrev.... o har startat om datorn.

 

men medellandet är detsama då jag går in under inställningar för windowsbrandväggen...

[inlägget ändrat 2006-10-24 16:19:09 av ducdereve!]

[Cecilia]

Har du kört några andra program än Prevx1, AVG, PestPatrol för att ta bort MSN-masken?

 

Kör ComboFix så får vi se om den visar något som är kvar i datorn?

Ladda ner ComboFix:

http://download.bleepingcomputer.com/sUBs/combofix.exe

 

Kör den och följ anvisningarna som visas.

 

VIKTIGT! Klicka inte på Combofix-fönstret med musen när den körs annars kan den hänga upp sig.

 

När den är färdig så ska en logg komma upp klistra in den här, samt en ny HijackThis-logg.

 

[ducdereve!]

[log]Kristian - 06-10-24 17:00:13,85 Service Pack 2

ComboFix 06.10.19 - Running from: "C:\Documents and Settings\Kristian.DUCDEREV-298B3E\Skrivbord"

 

(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

 

 

C:\Program\Deskbar

C:\Program\Delade filer\{30238639-0729-1053-0724-03061103002e}

C:\Program\Delade filer\{B0238639-0729-1053-0724-03061103002e}

 

 

((((((((((((((((((((((((((((((( Files Created from 2006-09-24 to 2006-10-24 ))))))))))))))))))))))))))))))))))

 

 

2006-10-24 15:31 83,096 --a------ C:\WINDOWS\system32\SSSensor.dll

2006-10-24 15:31 59,984 --a------ C:\WINDOWS\system32\drivers\Teefer.sys

2006-10-24 15:31 21,075 --a------ C:\WINDOWS\system32\drivers\wpsdrvnt.sys

2006-10-24 15:31 14,240 --a------ C:\WINDOWS\system32\drivers\wg6n.sys

2006-10-24 15:31 14,240 --a------ C:\WINDOWS\system32\drivers\wg5n.sys

2006-10-24 15:31 14,240 --a------ C:\WINDOWS\system32\drivers\wg4n.sys

2006-10-24 15:31 14,240 --a------ C:\WINDOWS\system32\drivers\wg3n.sys

2006-10-16 13:33 69,120 --a------ C:\WINDOWS\system32\drivers\inspect.sys

2006-10-16 13:33 61,056 --a------ C:\WINDOWS\system32\drivers\cmdmon.sys

2006-10-06 16:38 9,728 --a------ C:\WINDOWS\system32\drivers\pxscinst.dll

2006-10-06 16:38 7,680 --a------ C:\WINDOWS\system32\drivers\pxinst.dll

2006-10-06 16:38 7,552 --a------ C:\WINDOWS\system32\drivers\pxcom.sys

2006-10-06 16:38 266,112 --a------ C:\WINDOWS\system32\drivers\pxfsf.sys

2006-10-06 16:38 18,432 --a------ C:\WINDOWS\system32\drivers\pxtdi.sys

2006-10-06 16:38 13,568 --a------ C:\WINDOWS\system32\drivers\pxrd.sys

2006-10-06 16:38 11,648 --a------ C:\WINDOWS\system32\drivers\pxscrmbl.sys

2006-10-06 16:38 100,864 --a------ C:\WINDOWS\system32\drivers\PxEmu.sys

2006-10-06 00:19 816,288 --a------ C:\WINDOWS\system32\drivers\avg7core.sys

2006-10-06 00:19 4,224 --a------ C:\WINDOWS\system32\drivers\avg7rsw.sys

2006-10-06 00:19 3,968 --a------ C:\WINDOWS\system32\drivers\avgclean.sys

2006-10-06 00:19 28,416 --a------ C:\WINDOWS\system32\drivers\avg7rsxp.sys

2006-10-06 00:19 18,240 --a------ C:\WINDOWS\system32\drivers\avgmfx86.sys

2006-10-05 22:33 1,233 --a------ C:\WINDOWS\system32\mlk5e07d.sys

 

 

(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

 

 

2006-10-24 17:01 -------- d-------- C:\Program\Prevx1

2006-10-24 17:01 -------- d-------- C:\Program\Delade filer

2006-10-24 16:12 -------- d-------- C:\Documents and Settings\Kristian.DUCDEREV-298B3E\Application Data\uTorrent

2006-10-24 15:56 -------- d-------- C:\Program\Hijackthis

2006-10-24 15:48 -------- d-------- C:\Program\Avant Browser

2006-10-24 15:31 -------- d-------- C:\Program\Sygate

2006-10-24 15:31 -------- d-------- C:\Program\Delade filer\Wise Installation Wizard

2006-10-24 15:25 -------- d-------- C:\Program\DC++

2006-10-24 10:14 -------- d-------- C:\Documents and Settings\Kristian.DUCDEREV-298B3E\Application Data\AVG7

2006-10-24 09:56 -------- d-------- C:\Documents and Settings\Kristian.DUCDEREV-298B3E\Application Data\Avant Browser

2006-10-16 13:42 -------- d-------- C:\Program\Trustix

2006-10-16 13:36 -------- d-------- C:\Documents and Settings\Kristian.DUCDEREV-298B3E\Application Data\Comodo

2006-10-16 13:33 -------- d-------- C:\Program\Comodo

2006-10-15 09:10 -------- d-------- C:\Program\MSXML 4.0

2006-10-11 09:44 -------- d-------- C:\Program\Delade filer\Scanner

2006-10-11 09:44 -------- d-------- C:\Program\CA

2006-10-06 21:37 -------- d-------- C:\Documents and Settings\Kristian.DUCDEREV-298B3E\Application Data\dvdcss

2006-10-06 20:51 -------- d-------- C:\Documents and Settings\Kristian.DUCDEREV-298B3E\Application Data\Prevx

2006-10-06 15:32 -------- d-------- C:\Documents and Settings\Kristian.DUCDEREV-298B3E\Application Data\Windows Live Safety Center

2006-10-06 14:04 -------- d-------- C:\Program\Windows Live Safety Center

2006-10-06 13:31 -------- d-------- C:\Program\Kazaa

2006-10-06 13:20 -------- d---s---- C:\Documents and Settings\Kristian.DUCDEREV-298B3E\Application Data\Microsoft

2006-10-06 12:34 -------- d-------- C:\Program\WinRAR

2006-10-06 12:22 -------- d-------- C:\Program\Delade filer\Panda Software

2006-10-06 00:19 -------- d-------- C:\Program\Grisoft

2006-10-06 00:01 -------- d-------- C:\Program\MSN Messenger

2006-10-05 23:31 -------- d-------- C:\Program\Lavasoft

2006-10-05 23:31 -------- d-------- C:\Documents and Settings\Kristian.DUCDEREV-298B3E\Application Data\Lavasoft

2006-10-05 23:08 -------- d-------- C:\Program\Yahoo!

2006-09-25 18:36 -------- d--h----- C:\Program\InstallShield Installation Information

2006-09-25 18:36 -------- d-------- C:\Program\Google

2006-09-25 18:36 -------- d-------- C:\Documents and Settings\Kristian.DUCDEREV-298B3E\Application Data\Google

2006-09-19 18:12 -------- d-------- C:\Program\Windows Live Toolbar

2006-09-19 18:11 -------- d-------- C:\Program\Delade filer\Microsoft Shared

2006-09-13 07:07 1084416 --a------ C:\WINDOWS\system32\msxml3.dll

2006-09-12 17:51 1245184 --a------ C:\WINDOWS\system32\msxml4.dll

2006-09-03 16:48 -------- d-------- C:\Documents and Settings\Kristian.DUCDEREV-298B3E\Application Data\Media Player Classic

2006-09-01 11:58 -------- d-------- C:\Program\CCleaner

2006-09-01 11:48 -------- d-------- C:\Program\Real Alternative

2006-09-01 11:48 -------- d-------- C:\Program\Media Player Classic

2006-09-01 10:57 -------- d-------- C:\Program\CDBurnerXP Pro 3

2006-08-27 18:52 -------- d-------- C:\Program\Java

2006-08-25 17:54 617472 --a------ C:\WINDOWS\system32\comctl32.dll

2006-08-21 14:28 16896 --a------ C:\WINDOWS\system32\fltlib.dll

2006-08-21 11:14 23040 --a------ C:\WINDOWS\system32\fltmc.exe

2006-08-16 13:59 100352 --a------ C:\WINDOWS\system32\6to4svc.dll

2006-07-29 19:32 48936 --a------ C:\WINDOWS\system32\sirenacm.dll

2006-07-27 15:26 679424 --a------ C:\WINDOWS\system32\inetcomm.dll

 

 

(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

 

*Note* empty entries are not shown

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]

"µTorrent"="\"C:\\Program\\utorrent\\utorrent.exe\""

"RoboForm"="\"C:\\Program\\Siber Systems\\AI RoboForm\\RoboTaskBarIcon.exe\""

"MsnMsgr"="\"C:\\Program\\MSN Messenger\\MsnMsgr.Exe\" /background"

"CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.exe"

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="\"C:\\Program\\Delade filer\\Ahead\\lib\\NMBgMonitor.exe\""

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]

"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"

"SunJavaUpdateSched"="\"C:\\Program\\Java\\jre1.5.0_08\\bin\\jusched.exe\""

"QuickTime Task"="\"C:\\Program\\QuickTime\\qttask.exe\" -atboottime"

"nwiz"="nwiz.exe /install"

"NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvMcTray.dll,NvTaskbarInit"

"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"

"NeroCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"

"iTunesHelper"="\"C:\\Program\\iTunes\\iTunesHelper.exe\""

"DAEMON Tools-1033"="\"C:\\Program\\D-Tools\\daemon.exe\" -lang 1033"

"CloneCDTray"="\"C:\\Program\\SlySoft\\CloneCD\\CloneCDTray.exe\" /s"

"AVG7_CC"="C:\\Program\\Grisoft\\AVG7\\avgcc.exe /STARTUP"

"PrevxOne"="\"C:\\Program\\Prevx1\\PXConsole.exe\""

"CaISSDT"="\"C:\\Program\\CA\\eTrust Internet Security Suite\\caissdt.exe\""

"eTrustPPAP"="\"C:\\Program\\CA\\eTrust Internet Security Suite\\eTrust PestPatrol Anti-Spyware\\PPActiveDetection.exe\""

"KernelFaultCheck"=hex(2):25,73,79,73,74,65,6d,72,6f,6f,74,25,5c,73,79,73,74, 65,6d,33,32,5c,64,75,6d,70,72,65,70,20,30,20,2d,6b,00

"SmcService"="C:\\Program\\Sygate\\SPF\\smc.exe -startgui"

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]

"Installed"="1"

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]

"Installed"="1"

"NoChange"="1"

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]

"Installed"="1"

 

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]

"DeskHtmlVersion"=dword:00000110

"DeskHtmlMinorVersion"=dword:00000005

"Settings"=dword:00000001

"GeneralFlags"=dword:00000001

 

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]

"Source"="About:Home"

"SubscribedURL"="About:Home"

"FriendlyName"="Min aktuella startsida"

"Flags"=dword:00000002

"Position"=hex:2c,00,00,00,00,01,00,00,00,00,00,00,00,04,00,00,e2,03,00,00,00, 00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00

"CurrentState"=hex:04,00,00,40

"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff, ff,ff,04,00,00,00

"RestoredStateInfo"=hex:18,00,00,00,6a,02,00,00,23,00,00,00,a4,00,00,00,9a,00, 00,00,01,00,00,00

 

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]

"CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"

"AVG7_Run"="C:\\Program\\Grisoft\\AVG7\\avgw.exe /RUNONCE"

 

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]

"CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"

"AVG7_Run"="C:\\Program\\Grisoft\\AVG7\\avgw.exe /RUNONCE"

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]

"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"

"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]

"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"NoDriveTypeAutoRun"=dword:00000091

"Btn_Back"=dword:00000000

"Btn_Forward"=dword:00000000

"Btn_Stop"=dword:00000000

"Btn_Refresh"=dword:00000000

"Btn_Home"=dword:00000000

"Btn_Search"=dword:00000000

"Btn_History"=dword:00000000

"Btn_Favorites"=dword:00000000

"Btn_Folders"=dword:00000000

"Btn_Fullscreen"=dword:00000000

"Btn_Tools"=dword:00000000

"Btn_MailNews"=dword:00000000

"Btn_Size"=dword:00000000

"Btn_Print"=dword:00000000

"Btn_Edit"=dword:00000000

"Btn_Discussions"=dword:00000000

"Btn_Cut"=dword:00000000

"Btn_Copy"=dword:00000000

"Btn_Paste"=dword:00000000

"Btn_Encoding"=dword:00000000

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"dontdisplaylastusername"=dword:00000000

"legalnoticecaption"=""

"legalnoticetext"=""

"shutdownwithoutlogon"=dword:00000001

"undockwithoutlogon"=dword:00000001

 

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]

"NoDriveTypeAutoRun"=dword:00000091

 

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]

"NoDriveTypeAutoRun"=dword:00000091

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]

"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"

"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"

"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"

"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]

"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

 

 

 

~ ~ ~ ~ ~ ~ ~ ~ Hijackthis Backups ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~

 

backup-20061024-155605-998

O16 - DPF: {E055C02E-6258-40FF-80A7-3BDA52FACAD7} (Installer Class) - http://activex.matcash.com/speedtest2.dll

backup-20061024-155605-342

R3 - URLSearchHook: (no name) - {A8B28872-3324-4CD2-8AA3-7D555C872D96} - (no file)

backup-20061024-155605-799

O3 - Toolbar: (no name) - {C004DEC2-2623-438e-9CA2-C9043AB28508} - (no file)

backup-20061024-155605-520

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank

backup-20061024-155605-705

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank

backup-20061024-155605-186

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank

backup-20061024-155605-426

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank

backup-20061024-155605-406

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank

 

Contents of the 'Scheduled Tasks' folder

C:\WINDOWS\tasks\Check Updates for Windows Live Toolbar.job

 

Completion time: 06-10-24 17:01:55.12

C:\ComboFix.txt ... 06-10-24 17:01

[/log]

 

[log]Logfile of HijackThis v1.99.1

Scan saved at 17:04:58, on 2006-10-24

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program\Sygate\SPF\smc.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program\Grisoft\AVG7\avgamsvr.exe

C:\Program\Grisoft\AVG7\avgupsvc.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Program\Prevx1\PXAgent.exe

C:\Program\Analog Devices\SoundMAX\SMAgent.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\WgaTray.exe

C:\WINDOWS\Explorer.EXE

C:\Program\Java\jre1.5.0_08\bin\jusched.exe

C:\Program\QuickTime\qttask.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program\iTunes\iTunesHelper.exe

C:\Program\D-Tools\daemon.exe

C:\Program\iPod\bin\iPodService.exe

C:\Program\SlySoft\CloneCD\CloneCDTray.exe

C:\Program\Grisoft\AVG7\avgcc.exe

C:\Program\Prevx1\PXConsole.exe

C:\Program\CA\eTrust Internet Security Suite\caissdt.exe

C:\Program\CA\eTrust Internet Security Suite\eTrust PestPatrol Anti-Spyware\PPActiveDetection.exe

C:\Program\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe

C:\Program\MSN Messenger\MsnMsgr.Exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program\Delade filer\Ahead\lib\NMBgMonitor.exe

C:\Program\LG PC Suite\LG PC Sync\LGSyncManager.exe

C:\Program\Personal\bin\Personal.exe

C:\Program\VIA\RAID\raid_tool.exe

C:\WINDOWS\system32\svchost.exe

C:\Program\Internet Explorer\IEXPLORE.EXE

C:\Program\Hijackthis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.aftonbladet.se/'>http://www.aftonbladet.se/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.aftonbladet.se

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = IE_Window_Title

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=http://proxy1.telia.com:8080

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = http://login1.telia.com;http://10.0.0.6;<local>

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar

O2 - BHO: Malicious Scripts Scanner - {55EA1964-F5E4-4D6A-B9B2-125B37655FCB} - C:\Documents and Settings\All Users.WINDOWS\Application Data\Prevx\pxbho.dll

O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program\Siber Systems\AI RoboForm\roboform.dll

O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program\Windows Live Toolbar\msntb.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program\Java\jre1.5.0_08\bin\jusched.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program\D-Tools\daemon.exe" -lang 1033

O4 - HKLM\..\Run: [CloneCDTray] "C:\Program\SlySoft\CloneCD\CloneCDTray.exe" /s

O4 - HKLM\..\Run: [AVG7_CC] C:\Program\Grisoft\AVG7\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [PrevxOne] "C:\Program\Prevx1\PXConsole.exe"

O4 - HKLM\..\Run: [CaISSDT] "C:\Program\CA\eTrust Internet Security Suite\caissdt.exe"

O4 - HKLM\..\Run: [eTrustPPAP] "C:\Program\CA\eTrust Internet Security Suite\eTrust PestPatrol Anti-Spyware\PPActiveDetection.exe"

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKLM\..\Run: [smcService] C:\Program\Sygate\SPF\smc.exe -startgui

O4 - HKCU\..\Run: [µTorrent] "C:\Program\utorrent\utorrent.exe"

O4 - HKCU\..\Run: [RoboForm] "C:\Program\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program\Delade filer\Ahead\lib\NMBgMonitor.exe"

O4 - Startup: Adobe Gamma.lnk = C:\Program\Delade filer\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: LG SyncManager.lnk = C:\Program\LG PC Suite\LG PC Sync\LGSyncManager.exe

O4 - Global Startup: Personal.lnk = C:\Program\Personal\bin\Personal.exe

O4 - Global Startup: VIA RAID TOOL.lnk = C:\Program\VIA\RAID\raid_tool.exe

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O8 - Extra context menu item: &Windows Live Search - res://C:\Program\Windows Live Toolbar\msntb.dll/search.htm

O8 - Extra context menu item: Anpassa RF menu - file://C:\Program\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html

O8 - Extra context menu item: Blockera alla bilder från samma sida - C:\Program\Avant Browser\AddAllToADBlackList.htm

O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~2\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Lägg till i AD Svartlistan - C:\Program\Avant Browser\AddToADBlackList.htm

O8 - Extra context menu item: Markera - C:\Program\Avant Browser\Highlight.htm

O8 - Extra context menu item: RF verktygslist - file://C:\Program\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html

O8 - Extra context menu item: Sök - C:\Program\Avant Browser\Search.htm

O8 - Extra context menu item: Öppna alla länkar på sidan... - C:\Program\Avant Browser\OpenAllLinks.htm

O8 - Extra context menu item: Öppna i ett nytt Avant Browser - C:\Program\Avant Browser\OpenInNewBrowser.htm

O8 - Extra context menu item: Öppna på ny flik i bakgrunden - res://C:\Program\Windows Live Toolbar\Components\sv-se\msntabres.dll.mui/229?ca5364ffea36441e923c435c23b31b86

O8 - Extra context menu item: Öppna på ny flik i förgrunden - res://C:\Program\Windows Live Toolbar\Components\sv-se\msntabres.dll.mui/230?ca5364ffea36441e923c435c23b31b86

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_08\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_08\bin\ssv.dll

O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html

O9 - Extra 'Tools' menuitem: RF verktygslist - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html

O9 - Extra button: Referensinformation - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O14 - IERESET.INF: START_PAGE_URL=http://login1.telia.com

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by112w.bay112.mail.live.com/mail/resources/MsnPUpld.cab

O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.safety.live.com/resource/download/scanner/wlscbase969.cab

O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program\MSNMES~1\MSGRAP~1.DLL

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program\Delade filer\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\Program\Grisoft\AVG7\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\Program\Grisoft\AVG7\avgupsvc.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program\Delade filer\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPodService - Apple Computer, Inc. - C:\Program\iPod\bin\iPodService.exe

O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program\Delade filer\Macromedia Shared\Service\Macromedia Licensing.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Prevx Agent (PREVXAgent) - Unknown owner - C:\Program\Prevx1\PXAgent.exe" -f (file missing)

O23 - Service: Sygate Personal Firewall Pro (SmcService) - Sygate Technologies, Inc. - C:\Program\Sygate\SPF\smc.exe

O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program\Analog Devices\SoundMAX\SMAgent.exe

 

[/log]

 

Jag har även kört spybot, ad-aware och xclean-micro.

 

[Cecilia]

2006-10-06 13:31 -------- d-------- C:\Program\Kazaa

Har du Kazaa i datorn? Avinstallera för där vimlar det av otrevligheter.

 

Under rubriken Files Created from 2006-09-24 to 2006-10-24 i ComboFix-loggen så finns en lång lista på filer som nyligen har kommit in i datorn. Gå till http://www.virustotal.com/ och klistra in ett filnamn i taget och tryck på Send. Vänta till resultatet är klart (Status = Finished), om något av alla programmen hittar något otrevligt eller om filstorleken är 0, så ta bort filen. Skriv här om det är någon fil som inte går att ta bort.

 

Se sedan detta inlägg: //eforum.idg.se/viewmsg.asp?EntriesId=876399#878342

 

 

[ducdereve!]

hej! hoppas det var dessa du menade lr var det även de filer nedanför??

 

2006-10-24 15:31 83,096 --a------ C:\WINDOWS\system32\SSSensor.dll

2006-10-24 15:31 59,984 --a------ C:\WINDOWS\system32\drivers\Teefer.sys

2006-10-24 15:31 21,075 --a------ C:\WINDOWS\system32\drivers\wpsdrvnt.sys

2006-10-24 15:31 14,240 --a------ C:\WINDOWS\system32\drivers\wg6n.sys

2006-10-24 15:31 14,240 --a------ C:\WINDOWS\system32\drivers\wg5n.sys

2006-10-24 15:31 14,240 --a------ C:\WINDOWS\system32\drivers\wg4n.sys

2006-10-24 15:31 14,240 --a------ C:\WINDOWS\system32\drivers\wg3n.sys

2006-10-16 13:33 69,120 --a------ C:\WINDOWS\system32\drivers\inspect.sys

2006-10-16 13:33 61,056 --a------ C:\WINDOWS\system32\drivers\cmdmon.sys

2006-10-06 16:38 9,728 --a------ C:\WINDOWS\system32\drivers\pxscinst.dll

2006-10-06 16:38 7,680 --a------ C:\WINDOWS\system32\drivers\pxinst.dll

2006-10-06 16:38 7,552 --a------ C:\WINDOWS\system32\drivers\pxcom.sys

2006-10-06 16:38 266,112 --a------ C:\WINDOWS\system32\drivers\pxfsf.sys

2006-10-06 16:38 18,432 --a------ C:\WINDOWS\system32\drivers\pxtdi.sys

2006-10-06 16:38 13,568 --a------ C:\WINDOWS\system32\drivers\pxrd.sys

2006-10-06 16:38 11,648 --a------ C:\WINDOWS\system32\drivers\pxscrmbl.sys

2006-10-06 16:38 100,864 --a------ C:\WINDOWS\system32\drivers\PxEmu.sys

2006-10-06 00:19 816,288 --a------ C:\WINDOWS\system32\drivers\avg7core.sys

2006-10-06 00:19 4,224 --a------ C:\WINDOWS\system32\drivers\avg7rsw.sys

2006-10-06 00:19 3,968 --a------ C:\WINDOWS\system32\drivers\avgclean.sys

2006-10-06 00:19 28,416 --a------ C:\WINDOWS\system32\drivers\avg7rsxp.sys

2006-10-06 00:19 18,240 --a------ C:\WINDOWS\system32\drivers\avgmfx86.sys

2006-10-05 22:33 1,233 --a------ C:\WINDOWS\system32\mlk5e07d.sys

 

verkar inte hitta ngt där i allafall...

 

 

I vilket avsnitt ska jag hoppa in i den tråden du länkade till?

Se sedan detta inlägg: //eforum.idg.se/viewmsg.asp?EntriesId=876399#878342

 

[Cecilia]

Det stämmer med filerna. Det var ju bra att det var rena filer.

 

Jag menade just det inlägg som du kommer till när du klickar på länken 24 okt. 17:18. Fast du behöver ju inte installera ZoneAlarm om du redan har Sygates brandvägg i datorn.

 

 

[ducdereve!]

Japp! Sygate är igång, men det går fortfarande inte att administrera windowsbrandväggen... hm.

 

Kontrollpanelen - Administrationsverktyg - Tjänster

Leta reda på Windows Firewall/Internet Connection Sharing (ICS), dubbelklicka på den och välj Startmetod Automatiskt, tryck på Starta.

Några felmeddelanden eller gick den igång?

 

den posten finns inte med när jag går in där...

 

[Cecilia]

Vet inte varör tjänsten inte finns där längre.

Kommandotolken:

C:\WINDOWS\System32\svchost.exe -k netsvcs

ger det något felmeddelande?

 

Finns Säkerhetscentret i Kontrollpanelen?

 

Du kan ju också skanna datorn här: http://www.kaspersky.com/virusscanner

utifall att det skulle finnas något mer otrevligt.

 

[ducdereve!]

Nej, det kommer inget meddelande i kommandotolken, det står då bara C:\>

 

Ja, säkerhetscentret finns kvar..

 

 

 

Här är en loggfil från igår. Jag gjorde även en panda-online scan..

 

[log]KASPERSKY ONLINE SCANNER REPORT

Wednesday, October 25, 2006 10:37:45 PM

Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)

Kaspersky Online Scanner version: 5.0.83.0

Kaspersky Anti-Virus database last update: 25/10/2006

Kaspersky Anti-Virus database records: 221505

 

 

Scan Settings

Scan using the following antivirus database standard

Scan Archives true

Scan Mail Bases true

 

Scan Target My Computer

A:C:D:E:F:G:\

 

Scan Statistics

Total number of scanned objects 141162

Number of viruses found 2

Number of infected objects 1 / 0

Number of suspicious objects 2

Duration of the scan process 01:30:13

 

Infected Object Name Virus Name Last Action

C:\Documents and Settings\All Users\Application Data\Microsoft\Dr Watson\user.dmp Object is locked skipped

 

C:\Documents and Settings\All Users.WINDOWS\Application Data\Grisoft\Avg7Data\avg7log.log Object is locked skipped

 

C:\Documents and Settings\All Users.WINDOWS\Application Data\Grisoft\Avg7Data\avg7log.log.lck Object is locked skipped

 

C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped

 

C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped

 

C:\Documents and Settings\All Users.WINDOWS\Application Data\Prevx\Local.dat Object is locked skipped

 

C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC2.zip/MTE3NDI6ODoxNg.exe Suspicious: Password-protected-EXE skipped

 

C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC2.zip ZIP: suspicious - 1 skipped

 

C:\Documents and Settings\Kristian.DUCDEREV-298B3E\Cookies\index.dat Object is locked skipped

 

C:\Documents and Settings\Kristian.DUCDEREV-298B3E\Lokala inställningar\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

 

C:\Documents and Settings\Kristian.DUCDEREV-298B3E\Lokala inställningar\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

 

C:\Documents and Settings\Kristian.DUCDEREV-298B3E\Lokala inställningar\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

 

C:\Documents and Settings\Kristian.DUCDEREV-298B3E\Lokala inställningar\Tidigare\History.IE5\index.dat Object is locked skipped

 

C:\Documents and Settings\Kristian.DUCDEREV-298B3E\Lokala inställningar\Tidigare\History.IE5\MSHist012006102520061026\index.dat Object is locked skipped

 

C:\Documents and Settings\Kristian.DUCDEREV-298B3E\NTUSER.DAT Object is locked skipped

 

C:\Documents and Settings\Kristian.DUCDEREV-298B3E\ntuser.dat.LOG Object is locked skipped

 

C:\Documents and Settings\LocalService.NT INSTANS\Cookies\index.dat Object is locked skipped

 

C:\Documents and Settings\LocalService.NT INSTANS\Lokala inställningar\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

 

C:\Documents and Settings\LocalService.NT INSTANS\Lokala inställningar\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

 

C:\Documents and Settings\LocalService.NT INSTANS\Lokala inställningar\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

 

C:\Documents and Settings\LocalService.NT INSTANS\Lokala inställningar\Tidigare\History.IE5\index.dat Object is locked skipped

 

C:\Documents and Settings\LocalService.NT INSTANS\NTUSER.DAT Object is locked skipped

 

C:\Documents and Settings\LocalService.NT INSTANS\ntuser.dat.LOG Object is locked skipped

 

C:\Documents and Settings\NetworkService.NT INSTANS\Lokala inställningar\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

 

C:\Documents and Settings\NetworkService.NT INSTANS\Lokala inställningar\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

 

C:\Documents and Settings\NetworkService.NT INSTANS\NTUSER.DAT Object is locked skipped

 

C:\Documents and Settings\NetworkService.NT INSTANS\ntuser.dat.LOG Object is locked skipped

 

C:\Program\Norton AntiVirus\Quarantine\225809E5.htm Infected: Exploit.HTML.Mht skipped

 

C:\Program\Prevx1\lclbrk.cache Object is locked skipped

 

C:\Program\Prevx1\log\px-log.txt Object is locked skipped

 

C:\Program\Prevx1\paws.cache Object is locked skipped

 

C:\Program\Prevx1\prevx.cache Object is locked skipped

 

C:\Program\Prevx1\proc.cat Object is locked skipped

 

C:\Program\Sygate\SPF\debug.log Object is locked skipped

 

C:\Program\Sygate\SPF\rawlog.log Object is locked skipped

 

C:\Program\Sygate\SPF\seclog.log Object is locked skipped

 

C:\Program\Sygate\SPF\syslog.log Object is locked skipped

 

C:\Program\Sygate\SPF\tralog.log Object is locked skipped

 

C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

 

C:\WINDOWS\CSC\00000001 Object is locked skipped

 

C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped

 

C:\WINDOWS\SchedLgU.Txt Object is locked skipped

 

C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped

 

C:\WINDOWS\Sti_Trace.log Object is locked skipped

 

C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped

 

C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped

 

C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped

 

C:\WINDOWS\system32\config\default Object is locked skipped

 

C:\WINDOWS\system32\config\default.LOG Object is locked skipped

 

C:\WINDOWS\system32\config\SAM Object is locked skipped

 

C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped

 

C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped

 

C:\WINDOWS\system32\config\SECURITY Object is locked skipped

 

C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped

 

C:\WINDOWS\system32\config\software Object is locked skipped

 

C:\WINDOWS\system32\config\software.LOG Object is locked skipped

 

C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped

 

C:\WINDOWS\system32\config\system Object is locked skipped

 

C:\WINDOWS\system32\config\system.LOG Object is locked skipped

 

C:\WINDOWS\system32\h323log.txt Object is locked skipped

 

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped

 

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped

 

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped

 

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped

 

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped

 

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped

 

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped

 

C:\WINDOWS\wiadebug.log Object is locked skipped

 

C:\WINDOWS\wiaservc.log Object is locked skipped

 

C:\WINDOWS\WindowsUpdate.log Object is locked skipped

 

D:\RECYCLER\NPROTECT\00000000.exe Object is locked skipped

 

D:\RECYCLER\NPROTECT\00000001.exe Object is locked skipped

 

D:\RECYCLER\NPROTECT\00000002._P Object is locked skipped

 

D:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

 

Scan process completed.

[/log]

 

 

 

 

[log]

Incident Status Location

 

Adware:adware/dollarrevenue Not disinfected c:\windows\keyboard1.dat

Potentially unwanted tool:application/myway Not disinfected c:\program\MyWay

Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Kristian\Cookies\kristian@ad.yieldmanager[1].txt

Spyware:Cookie/Hbmediapro Not disinfected C:\Documents and Settings\Kristian\Cookies\kristian@adopt.hbmediapro[2].txt

Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Kristian\Cookies\kristian@advertising[2].txt

Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Kristian\Cookies\kristian@atwola[2].txt

Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Kristian\Cookies\kristian@belnk[1].txt

Spyware:Cookie/Ccbill Not disinfected C:\Documents and Settings\Kristian\Cookies\kristian@ccbill[1].txt

Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Kristian\Cookies\kristian@com[2].txt

Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Kristian\Cookies\kristian@dist.belnk[2].txt

Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Kristian\Cookies\kristian@go[2].txt

Spyware:Cookie/Itrack Not disinfected C:\Documents and Settings\Kristian\Cookies\kristian@ilead.itrack[2].txt

Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Kristian\Cookies\kristian@microsofteup.112.2o7[1].txt

Spyware:Cookie/Research-int Not disinfected C:\Documents and Settings\Kristian\Cookies\kristian@research-int[2].txt

Spyware:Cookie/Searchportal Not disinfected C:\Documents and Settings\Kristian\Cookies\kristian@searchportal.information[1].txt

Spyware:Cookie/Tradedoubler Not disinfected C:\Documents and Settings\Kristian\Cookies\kristian@tradedoubler[2].txt

Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Kristian.DUCDEREV-298B3E\Cookies\kristian@ad.yieldmanager[1].txt

Spyware:Cookie/Research-int Not disinfected C:\Documents and Settings\Kristian.DUCDEREV-298B3E\Cookies\kristian@research-int[1].txt

Adware:Adware/YazzleSudoku Not disinfected C:\Documents and Settings\Kristian.DUCDEREV-298B3E\Lokala inställningar\Temp\Temporary Internet Files\Content.IE5\0B2DGHAL\116[1].net

Adware:Adware/PrintView Not disinfected C:\Documents and Settings\Kristian.DUCDEREV-298B3E\Lokala inställningar\Temp\Temporary Internet Files\Content.IE5\CJWFMT6T\124[1].net

Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Madde\Cookies\madde@atwola[1].txt

Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Madde\Cookies\madde@belnk[1].txt

Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Madde\Cookies\madde@dist.belnk[2].txt

Spyware:Cookie/Research-int Not disinfected C:\Documents and Settings\Madde\Cookies\madde@research-int[2].txt

Spyware:Cookie/Searchportal Not disinfected C:\Documents and Settings\Madde\Cookies\madde@searchportal.information[1].txt

Adware:Adware/Maxifiles Not disinfected C:\Program\Hijackthis\backups\backup-20061024-155605-998.dll

Adware:Adware/FavoriteMan Not disinfected D:\Gamla datorn\Program\trk.dll

[/log]

 

 

[inlägget ändrat 2006-10-26 18:27:51 av ducdereve!]

[inlägget ändrat 2006-10-26 18:32:07 av ducdereve!]

[inlägget ändrat 2006-10-26 21:19:40 av ducdereve!]

[Cecilia]

C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped

 

C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped

Ingen mapp som jag har på min dator. Höll du på med någon nedladdning samtidigt? Finns filerna kvar efter en omstart? Går det att öppna dem i Anteckningar?

 

Annars så ser jag inget särskilt som behöver åtgärdas i Kaspersky-loggen.

 

Kontrollpanelen - Lägg till eller ta bort program

Om MyWay finns där så ta bort.

Ta bort mappen c:\program\MyWay

 

Ta bort filen c:\windows\keyboard1.dat

 

Ta bort alla tillfälliga internet-filer: Kontrollpanelen - Internet-alternativ - Ta bort filer - Kryssa i rutan

 

Det är väl det man kan se från Panda-loggen.

 

Vet inte, men du kan ju alltid kolla om AVG Anti-Spyware hittar något: http://www.ewido.net/en/

 

[ducdereve!]

Hej! håller på o ska kolla upp hur det ligger till med det du frågar....

Jag har fått ett mail för ett par dar sen från paypal om att någon försökt att använda mitt konto... känns inte så trevligt.

 

[ducdereve!]

C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped

 

C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped

 

Ingen mapp som jag har på min dator. Höll du på med någon nedladdning samtidigt? Finns filerna kvar efter en omstart? Går det att öppna dem i Anteckningar?

 

Dom finns kvar o dom går o öppna i anteckningar...

 

[Cecilia]

Vad är innehållet i filerna? Om de inte är för stora så kan du klistra in dem här. Eller vet du vad de tillhör för program?

 

[ducdereve!]

ok!!

lägger de som "log"...

 

 

[log]õj+| �C�ü¤Ì›v÷+È@™JŸ:®½‰NêGD_ ©½ºD˜QÄ{¶ÀzÎ tç�Ò»ÌHžG†.�XóÆ Z:(X«äN–d$m]ßd W U C l i e n t D o w n l o a d S - 1 - 5 - 1 8 ` €H T 4 ? ? 6ÚVwoQZC¬¬D¢HÿóM | C : \ W I N D O W S \ S o f t w a r e D i s t r i b u t i o n \ D o w n l o a d \ S - 1 - 5 - 1 8 \ 4 1 4 2 f b 3 c 8 b c 1 1 b 4 f 0 f 7 9 3 8 4 8 8 a 0 d e 5 3 1 \ e 6 9 c d c 7 9 6 b 5 c 5 0 9 4 3 2 8 c 5 c e f 5 3 7 4 f 7 0 9 4 8 a 4 0 4 4 6 “ h t t p : / / a u . d o w n l o a d . w i n d o w s u p d a t e . c o m / m s d o w n l o a d / u p d a t e / v 3 - 1 9 9 9 0 5 1 8 / c a b p o o l / w i n d o w s x p - k b 9 0 5 4 7 4 - e n u - x 8 6 _ e 6 9 c d c 7 9 6 b 5 c 5 0 9 4 3 2 8 c 5 c e f 5 3 7 4 f 7 0 9 4 8 a 4 0 4 4 6 . e x e \ C : \ W I N D O W S \ S o f t w a r e D i s t r i b u t i o n \ D o w n l o a d \ S - 1 - 5 - 1 8 \ 4 1 4 2 f b 3 c 8 b c 1 1 b 4 f 0 f 7 9 3 8 4 8 8 a 0 d e 5 3 1 \ B I T 1 . t m p 0Á 0Á C : \ 2 \ \ ? \ V o l u m e { 5 9 8 e 7 3 d f - 7 9 8 6 - 1 1 d a - b f 6 a - 8 0 6 d 6 1 7 2 6 9 6 f } \ 9†#°0Á € €â“ñÝÆ6ÚVwoQZC¬¬D¢HÿóM ° u HIj-TñÆþABTñÆþABTñÆþABTñÆ

ð­ºþABTñÆþÁ8+

8Ç þABTñÆþABTñÆ tç�Ò»ÌHžG†.�XóÆGD_ ©½ºD˜QÄ{¶ÀzÎGD_ ©½ºD˜QÄ{¶ÀzÎ GD_ ©½ºD˜QÄ{¶ÀzÎ÷+È@™JŸ:®½‰Nêõj+| �C�ü¤Ì›vNêõj+| �C�ü¤Ì›vW U C l i e n t D o w n l o a d S - 1 - 5 - 1 8 ` €H T 4 ? ? 6ÚVwoQZC¬¬D¢HÿóM € C : \ W I N D O W S \ S o f t w a r e D i s t r i b u t i o n \ D o w n l o a d \ S - 1 - 5 - 1 8 \ 4 3 5 8 2 8 3 1 6 e 8 c 2 b d 0 a 7 5 7 c 9 e 3 9 6 1 c 7 4 3 0 \ d o w n l o a d \ W i n d o w s X P - K B 9 2 4 1 9 1 - x 8 6 - S V E . p s f . b l o b † h t t p : / / a u . d o w n l o a d . w i n d o w s u p d a t e . c o m / m s d o w n l o a d / u p d a t e / v 5 / p s f / w i n d o w s x p - k b 9 2 4 1 9 1 - x 8 6 - s v e _ 3 a f 0 9 d b 2 1 8 7 e 3 c f b b 9 1 7 6 4 3 d 9 0 5 3 4 3 b 4 6 f 3 3 f 1 b d . p s f f C : \ W I N D O W S \ S o f t w a r e D i s t r i b u t i o n \ D o w n l o a d \ S - 1 - 5 - 1 8 \ 4 3 5 8 2 8 3 1 6 e 8 c 2 b d 0 a 7 5 7 c 9 e 3 9 6 1 c 7 4 3 0 \ d o w n l o a d \ B I T 3 8 . t m p î÷ F2 C : \ 2 \ \ ? \ V o l u m e { 5 9 8 e 7 3 d f - 7 9 8 6 - 1 1 d a - b f 6 a - 8 0 6 d 6 1 7 2 6 9 6 f } \ 9†#°<ó3 € ø * N €aʼÞÆ 6ÚVwoQZC¬¬D¢HÿóM ° u Æ

Á+íÆ]ËÉ+íÆ&sÉ+íÆ

ð­º&sÉ+íƦ ²ä3Ç tç�Ò»ÌHžG†.�XóÆtç�Ò»ÌHžG†.�XóÆ v`än`Ò÷N£OíJ¦Ä¼ W U C l i e n t D o w n l o a d S - 1 - 5 - 1 8 ` €H T 4 ? ? 6ÚVwoQZC¬¬D¢HÿóM 6ÚVwoQZC¬¬D¢HÿóM X u ¤‚ñÉ+íƤ‚ñÉ+íƤ‚ñÉ+íÆ

𭺤‚ñÉ+íƤ³ä3Ç tç�Ò»ÌHžG†.�XóÆGD_ ©½ºD˜QÄ{¶ÀzÎGD_ ©½ºD˜QÄ{¶ÀzÎ GD_ ©½ºD˜QÄ{¶ÀzÎ÷+È@™JŸ:®½‰Nêõj+| �C�ü¤Ì›v P - K B 9 2 4 1 9 1 - x 8 6 - S V E . p s f . b l o b † h t t p : / / a u . d o w n l o a d . w i n d o w s u p d a t e . c o m / m s d o w n l o a d / u p d a t e / v 5 / p s f / w i n d o w s x p - k b 9 2 4 1 9 1 - x 8 6 - s v e _ 3 a f 0 9 d b 2 1 8 7 e 3 c f b b 9 1 7 6 4 3 d 9 0 5 3 4 3 b 4 6 f 3 3 f 1 b d . p s f f C : \ W I N D O W S \ S o f t w a r e D i s t r i b u t i o n \ D o w n l o a d \ S - 1 - 5 - 1 8 \ 4 3 5 8 2 8 3 1 6 e 8 c 2 b d 0 a 7 5 7 c 9 e 3 9 6 1 c 7 4 3 0 \ d o w n l o a d \ B I T 3 8 . t m p F2 C : \ 2 \ \ ? \ V o l u m e { 5 9 8 e 7 3 d f - 7 9 8 6 - 1 1 d a - b f 6 a - 8 0 6 d 6 1 7 2 6 9 6 f } \ 9†#°<ó3 € ø * N €aʼÞÆ 6ÚVwoQZC¬¬D¢HÿóM ° u Æ

Á+íÆ^8:Æ+íÆ^8:Æ+íÆ

ð­º^8:Æ+íÆ^¸g¯ä3Ç tç�Ò»ÌHžG†.�XóÆGD_ ©½ºD˜QÄ{¶ÀzÎGD_ ©½ºD˜QÄ{¶ÀzÎ GD_ ©½ºD˜QÄ{¶ÀzÎ÷+È@™JŸ:®½‰Nêõj+| �C�ü¤Ì›va d S - 1 - 5 - 1 8 ` €H T [/log]

 

[log]õj+| �C�ü¤Ì›v÷+È@™JŸ:®½‰NêGD_ ©½ºD˜QÄ{¶ÀzÎ GD_ ©½ºD˜QÄ{¶ÀzÎGD_ ©½ºD˜QÄ{¶ÀzÎ GD_ ©½ºD˜QÄ{¶ÀzÎ÷+È@™JŸ:®½‰Nêõj+| �C�ü¤Ì›va d S - 1 - 5 - 1 8 ` €H T 4 ? ? 6ÚVwoQZC¬¬D¢HÿóM | C : \ W I N D O W S \ S o f t w a r e D i s t r i b u t i o n \ D o w n l o a d \ S - 1 - 5 - 1 8 \ 4 1 4 2 f b 3 c 8 b c 1 1 b 4 f 0 f 7 9 3 8 4 8 8 a 0 d e 5 3 1 \ e 6 9 c d c 7 9 6 b 5 c 5 0 9 4 3 2 8 c 5 c e f 5 3 7 4 f 7 0 9 4 8 a 4 0 4 4 6 “ h t t p : / / a u . d o w n l o a d . w i n d o w s u p d a t e . c o m / m s d o w n l o a d / u p d a t e / v 3 - 1 9 9 9 0 5 1 8 / c a b p o o l / w i n d o w s x p - k b 9 0 5 4 7 4 - e n u - x 8 6 _ e 6 9 c d c 7 9 6 b 5 c 5 0 9 4 3 2 8 c 5 c e f 5 3 7 4 f 7 0 9 4 8 a 4 0 4 4 6 . e x e \ C : \ W I N D O W S \ S o f t w a r e D i s t r i b u t i o n \ D o w n l o a d \ S - 1 - 5 - 1 8 \ 4 1 4 2 f b 3 c 8 b c 1 1 b 4 f 0 f 7 9 3 8 4 8 8 a 0 d e 5 3 1 \ B I T 1 . t m p ‰š

0Á C : \ 2 \ \ ? \ V o l u m e { 5 9 8 e 7 3 d f - 7 9 8 6 - 1 1 d a - b f 6 a - 8 0 6 d 6 1 7 2 6 9 6 f } \ 9†#°0Á € €â“ñÝÆ 6ÚVwoQZC¬¬D¢HÿóM ° u HIj-TñÆ4zž@TñÆ4zž@TñÆ

ð­º4zž@TñÆ4úË)

8Ç tç�Ò»ÌHžG†.�XóÆGD_ ©½ºD˜QÄ{¶ÀzÎGD_ ©½ºD˜QÄ{¶ÀzÎ GD_ ©½ºD˜QÄ{¶ÀzÎ÷+È@™JŸ:®½‰Nêõj+| �C�ü¤Ì›v GD_ ©½ºD˜QÄ{¶ÀzÎ÷+È@™JŸ:®½‰Nêõj+| �C�ü¤Ì›v S - 1 - 5 - 1 8 ` €H T 4 ? ? 6ÚVwoQZC¬¬D¢HÿóM 6ÚVwoQZC¬¬D¢HÿóM X u þ>VÌ+íÆþ>VÌ+íÆþ>VÌ+íÆ

ð­ºþ>VÌ+íÆþ¾ƒµä3Ç tç�Ò»ÌHžG†.�XóÆGD_ ©½ºD˜QÄ{¶ÀzÎGD_ ©½ºD˜QÄ{¶ÀzÎ GD_ ©½ºD˜QÄ{¶ÀzÎ÷+È@™JŸ:®½‰Nêõj+| �C�ü¤Ì›v o w n l o a d \ W i n d o w s X P - K B 9 2 4 1 9 1 - x 8 6 - S V E . p s f . b l o b † h t t p : / / a u . d o w n l o a d . w i n d o w s u p d a t e . c o m / m s d o w n l o a d / u p d a t e / v 5 / p s f / w i n d o w s x p - k b 9 2 4 1 9 1 - x 8 6 - s v e _ 3 a f 0 9 d b 2 1 8 7 e 3 c f b b 9 1 7 6 4 3 d 9 0 5 3 4 3 b 4 6 f 3 3 f 1 b d . p s f f C : \ W I N D O W S \ S o f t w a r e D i s t r i b u t i o n \ D o w n l o a d \ S - 1 - 5 - 1 8 \ 4 3 5 8 2 8 3 1 6 e 8 c 2 b d 0 a 7 5 7 c 9 e 3 9 6 1 c 7 4 3 0 \ d o w n l o a d \ B I T 3 8 . t m p qð F2 C : \ 2 \ \ ? \ V o l u m e { 5 9 8 e 7 3 d f - 7 9 8 6 - 1 1 d a - b f 6 a - 8 0 6 d 6 1 7 2 6 9 6 f } \ 9†#°<ó3 € ø * N €aʼÞÆ 6ÚVwoQZC¬¬D¢HÿóM ° u Æ

Á+íÆXGöÉ+íÆXGöÉ+íÆ

ð­ºXGöÉ+íÆXÇ#³ä3Ç tç�Ò»ÌHžG†.�XóÆGD_ ©½ºD˜QÄ{¶ÀzÎGD_ ©½ºD˜QÄ{¶ÀzÎ GD_ ©½ºD˜QÄ{¶ÀzÎ÷+È@™JŸ:®½‰Nêõj+| �C�ü¤Ì›va d S - 1 - 5 - 1 8 ` €H T 4 ? ? 6ÚVwoQZC¬¬D¢HÿóM € C : \ W I N D O W S \ S o f t w a r e D i s t r i b u t i o n \ D o w n l o a d \ S - 1 - 5 - 1 8 \ 4 3 5 8 2 8 3 1 6 e 8 c 2 b d 0 a 7 5 7 c 9 e 3 9 6 1 c 7 4 3 0 \ d o w n l o a d \ W i n d o w s X P - K B 9 2 4 1 9 1 - x 8 6 - S V E . p s f . b l o b † h t t p : / / a u . d o w n l o a d . w i n d o w s u p d a t e . c o m / m s d o w n l o a d / u p d a t e / v 5 / p s f / w i n d o w s x p - k b 9 2 4 1 9 1 - x 8 6 - s v e _ 3 a f 0 9 d b 2 1 8 7 e 3 c f b b 9 1 7 6 4 3 d 9 0 5 3 4 3 b 4 6 f 3 3 f 1 b d . p s f f C : \ W I N D O W S \ S o f t w a r e D i s t r i b u t i o n \ D o w n l o a d \ S - 1 - 5 - 1 8 \ 4 3 5 8 2 8 3 1 6 e 8 c 2 b d 0 a 7 5 7 c 9 e 3 9 6 1 c 7 4 3 0 \ d o w n l o a d \ B I T 3 8 . t m p F2 C : \ 2 \ \ ? \ V o l u m e { 5 9 8 e 7 3 d f - 7 9 8 6 - 1 1 d a - b f 6 a - 8 0 6 d 6 1 7 2 6 9 6 f } \ 9†#°<ó3 € ø * N €aʼÞÆ 6ÚVwoQZC¬¬D¢HÿóM ° u Æ

Á+íÆ^8:Æ+íÆ^8:Æ+íÆ

ð­º^8:Æ+íÆ^¸g¯ä3Ç tç�Ò»ÌHžG†.�XóÆtç�Ò»ÌHžG†.�XóÆ “¹×ÓO½B–ܘýÑx~ W U C l i e n t D o w n l o a d S - 1 - 5 - 1 8 ` €H T [/log]

 

[Cecilia]

Det verkar ju vara några Windows-filer, så det är väl lugnt med dem.

 

[ducdereve!]

Ok! Tack så otroligt mkt för hjälpen!!!

 

[Cecilia]

Tack själv för poängen!

 

Här kommer mina vanliga råd för en säkrare dator, men det är såklart viktigt att man använder sitt förnuft också.

 

Uppdatera från Windows Update och kör antispionprogrammen AVG Anti-Spyware (Ewido), Spybot S&D och/eller Ad-aware regelbundet.

http://www.ewido.net/en/

http://www.safer-networking.org/en/download/index.html

http://www.lavasoft.com

 

Komplettera antivirusprogrammet med några online-skanningar då och då:

http://housecall.trendmicro.com/

http://www.bitdefender.com/scan8/ie.html

http://www.pandasoftware.com/products/activescan/

 

Använd en brandvägg (bättre än den inbyggda i XP), finns gratis från t ex ZoneLabs.

http://www.zonelabs.com/store/content/home.jsp

 

Om man använder Internet Explorer så kan det vara lämpligt att ha programmen SpywareBlaster och SpywareGuard, vilka hindrar en hel del otrevliga program från att laddas ner resp. köras:

http://www.javacoolsoftware.com

 

Se över säkerhetsinställningarna i Internet Explorer, det finns en hel del tips här:

http://www.spywarewarrior.com/uiuc/btw/ie/ie-opts.htm

 

Samt kör IE-SpyAd som lägger en hel massa otrevliga webbplatser i zonen Ej tillförlitliga i Internet Explorer så att de inte kan göra något med datorn:

http://www.spywarewarrior.com/uiuc/resource.htm

 

Om man byter webbläsare så är det bara SpywareGuard som behövs. Andra webbläsare är t ex Mozilla Firefox och Opera:

http://www.mozilla.org

http://www.opera.com

 

Allt gratis för hemanvändare/personligt bruk.