Just nu i M3-nätverket
Jump to content

Jag har slagits med msn viruset!!!!


jagularen

Recommended Posts

Jag har tagit bort massor med elaka filer uppgraderat norton och scannat med spybot,Vundo,Avg,mm och nu verkar dom inte hitta några konstiga saker.

Nu har jag fortfarande problem. Kan inte öppna säkerhetsinställningar för windows brandvägg. När jag trycker på ikonen så kommer det bara upp ett fönster där det står: Det gick inte att visa Windows-brandväggens inställnigar på grund av ett oidentifierat problem.

Jag får oxo popups med reklam.

Vill inte formatera om datorn.

 

HJÄLP!

 

Link to comment
Share on other sites

Ladda hem HijackThis:

 

http://www.majorgeeks.com/download3155.html

 

Installera,kör,scanna datorn,spara loggen i en egen mapp t.ex C:\HJT

Men in på skrivbordet

 

I ditt svar bifogar du HijackThis-loggen på följande sätt

 

Tryck på LOG-knappen i besvara-fönstret

Klistra in loggen

Tryck på LOG-knappen igen

 

Zipp,Cecilia eller någon annan av våra experter här på forumet

kan hjälpa dig att tolka loggen...

 

 

Link to comment
Share on other sites

[log]Logfile of HijackThis v1.99.1

Scan saved at 19:08, on 06-10-29

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Program\Delade filer\Symantec Shared\ccSvcHst.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\Program\Delade filer\Symantec Shared\AppCore\AppSvc32.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program\Symantec\LiveUpdate\ALUSchedulerSvc.exe

C:\WINDOWS\system32\RunDll32.exe

C:\WINDOWS\AGRSMMSG.exe

C:\Program\Home Cinema\PowerCinema\PCMService.exe

C:\WINDOWS\Dit.exe

C:\WINDOWS\mHotkey.exe

C:\WINDOWS\CNYHKey.exe

C:\Program\Microsoft Works\WksSb.exe

C:\Program\Grisoft\AVG Anti-Spyware 7.5\guard.exe

C:\Program\D-Tools\daemon.exe

C:\WINDOWS\system32\svchost.exe

C:\Program\Winamp\winampa.exe

C:\WINDOWS\system32\wdfmgr.exe

C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe

C:\Program\QuickTime\qttask.exe

C:\Program\Nokia\NOKIAP~1\LAUNCH~1.EXE

C:\Program\Grisoft\AVG Anti-Spyware 7.5\avgas.exe

C:\Program\Delade filer\Symantec Shared\ccApp.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program\Nokia\Nokia PC Suite 6\PcSync2.exe

C:\Documents and Settings\Ägaren\Application Data\?ymbols\??anregw.exe

C:\Program\DELADE~1\Nokia\MPAPI\MPAPI3s.exe

C:\Program\MSN Messenger\MsnMsgr.Exe

C:\Program\Kodak\Kodak EasyShare software\bin\EasyShare.exe

C:\Program\VCOM\PowerDesk\pddlghlp.exe

C:\Program\COMMON~1\X10\Common\x10nets.exe

C:\Program\Delade filer\PCSuite\Services\ServiceLayer.exe

C:\WINDOWS\System32\svchost.exe

C:\Program\Spyware Doctor\sdhelp.exe

C:\Program\Spyware Doctor\swdoctor.exe

C:\Program\Defenza\pcd-as.exe

C:\WINDOWS\explorer.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\rsvp.exe

C:\Program\Internet Explorer\iexplore.exe

C:\Program\Hijackthis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar

R3 - URLSearchHook: (no name) - {A8B28872-3324-4CD2-8AA3-7D555C872D96} - (no file)

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {153B81DF-4138-14CF-1986-13D4C4B5A99C} - blank (file missing)

O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program\Delade filer\Symantec Shared\coShared\Browser\1.0\NppBho.dll

O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\Program\SPYWAR~1\tools\iesdsg.dll

O2 - BHO: (no name) - {8C5C7FBB-6C7E-4264-849A-08BDBFBA9738} - O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program\Delade filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: (no name) - {A54E21B1-A9EB-4472-B0C8-32440AA66E1E} - O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\Program\SPYWAR~1\tools\iesdpb.dll

O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program\Windows Live Toolbar\msntb.dll

O2 - BHO: PrintViewBHO Class - {D4E0C464-30CE-4075-9A10-71FD106C2847} - blank (file missing)

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program\Yahoo!\Companion\Installs\cpn\yt.dll

O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program\Windows Live Toolbar\msntb.dll

O3 - Toolbar: Visa Norton-verktygsfältet - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program\Delade filer\Symantec Shared\coShared\Browser\1.0\UIBHO.dll

O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE

O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe

O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd

O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe

O4 - HKLM\..\Run: [PCMService] "C:\Program\Home Cinema\PowerCinema\PCMService.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [Dit] Dit.exe

O4 - HKLM\..\Run: [CHotkey] mHotkey.exe

O4 - HKLM\..\Run: [ledpointer] CNYHKey.exe

O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program\Microsoft Works\WkDetect.exe

O4 - HKLM\..\Run: [WorksFUD] C:\Program\Microsoft Works\wkfud.exe

O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program\Microsoft Works\WksSb.exe /AllUsers

O4 - HKLM\..\Run: [Transparent] C:\Program\TweakNow PowerPack 2006\Transparent.exe 254

O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program\D-Tools\daemon.exe" -lang 1033

O4 - HKLM\..\Run: [ATICCC] "C:\Program\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay

O4 - HKLM\..\Run: [WinampAgent] C:\Program\Winamp\winampa.exe

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup

O4 - HKLM\..\Run: [explorer] C:\Documents and Settings\Ägaren\Skrivbord\two.exe

O4 - HKLM\..\Run: [sfo1bb34] RUNDLL32.EXE w04a5db8.dll,n 0061bb2e0000000a04a5db8

O4 - HKLM\..\Run: [ipWins] C:\Program\ipwins\ipwins.exe

O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized

O4 - HKLM\..\Run: [ccApp] "C:\Program\Delade filer\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [osCheck] "C:\Program\Norton Internet Security\osCheck.exe"

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [PcSync] C:\Program\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog

O4 - HKCU\..\Run: [Ztdo] C:\Documents and Settings\Ägaren\Application Data\?ymbols\??anregw.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [slnt] "C:\DOCUME~1\GAREN~1\APPLIC~1\MANTEC~1\winword.exe" -vt ndrv

O4 - HKCU\..\Run: [spyware Doctor] "C:\Program\Spyware Doctor\swdoctor.exe" /Q

O4 - Startup: Dialog Helper.lnk = C:\Program\VCOM\PowerDesk\pddlghlp.exe

O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program\Kodak\Kodak EasyShare software\bin\EasyShare.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program\Microsoft Office\Office10\OSA.EXE

O8 - Extra context menu item: &Windows Live Search - res://C:\Program\Windows Live Toolbar\msntb.dll/search.htm

O8 - Extra context menu item: Öppna på ny flik i bakgrunden - res://C:\Program\Windows Live Toolbar\Components\sv-se\msntabres.dll.mui/229?268389f268aa4c74b17a8243336b2c59

O8 - Extra context menu item: Öppna på ny flik i förgrunden - res://C:\Program\Windows Live Toolbar\Components\sv-se\msntabres.dll.mui/230?268389f268aa4c74b17a8243336b2c59

O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\Program\SPYWAR~1\tools\iesdpb.dll

O9 - Extra button: Expekt.com Poker - {3852AC86-965F-4abe-A75F-3DCB7E81A4B2} - C:\Program\expektMPP\MPPoker.exe (file missing)

O9 - Extra button: MultiPoker - {641F4F4E-6C91-4159-869E-9F5CE6F0F64E} - C:\Program\MultiPoker\MultiPoker.exe (file missing)

O9 - Extra 'Tools' menuitem: MultiPoker - {641F4F4E-6C91-4159-869E-9F5CE6F0F64E} - C:\Program\MultiPoker\MultiPoker.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O16 - DPF: {13EC55CF-D993-475B-9ACA-F4A384957956} (Controller Class) - https://www.windowsonecare.com/install/cli/1.1.1067.8/WinSSWebAgent.CAB

O17 - HKLM\System\CCS\Services\Tcpip\..\{BE382EA1-B1E6-4014-9B19-BFB28AAAD56E}: NameServer = 195.67.199.12 195.67.199.13

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program\MSNMES~1\MSGRAP~1.DLL

O20 - Winlogon Notify: App Management - C:\WINDOWS\system32\dvghelp.dll (file missing)

O20 - Winlogon Notify: Applets - C:\WINDOWS\system32\mldart.dll (file missing)

O20 - Winlogon Notify: Nls - C:\WINDOWS\system32\socurity.dll (file missing)

O20 - Winlogon Notify: Run - C:\WINDOWS\system32\xbnroll.dll (file missing)

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: Automatisk LiveUpdate-schemaläggare - Symantec Corporation - C:\Program\Symantec\LiveUpdate\ALUSchedulerSvc.exe

O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program\Grisoft\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program\Delade filer\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)

O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program\Delade filer\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)

O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program\Delade filer\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)

O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\VAScanner\comHost.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program\Delade filer\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Symantec IS Verifiering av lösenord (ISPwdSvc) - Symantec Corporation - C:\Program\Norton Internet Security\isPwdSvc.exe

O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\Program\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program\Spyware Doctor\sdhelp.exe

O23 - Service: ServiceLayer - Nokia. - C:\Program\Delade filer\PCSuite\Services\ServiceLayer.exe

O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\CCPD-LC\symlcsvc.exe

O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\AppCore\AppSvc32.exe

O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\Program\COMMON~1\X10\Common\x10nets.exe

 

[/log]

Ojojoj förstår inte mycket av detta hihi

 

 

 

 

Link to comment
Share on other sites

Bland annat finns det spionprogrammet PurityScan i loggen. Vi börjar med att åtgärda den.

 

Ladda ner http://www.mvps.org/winhelp2002/hosts.zip till Skrivbordet.

Packa upp filen. En ny mapp Hosts skapas på Skrivbordet.

Dubbelklicka på mappen för att öppna den.

Dubbelklicka på filen mvps.bat för att starta programmet.

Detta program kommer att byta ut datorns Hosts-fil så att PurityScan-otrevligheten förhindras komma i kontakt med sin skapare. Det kommer också förhindra att du kan besöka sidor som är ökända för att installera otrevligheter på datorn. Du kan läsa mer om det här:

http://www.mvps.org/winhelp2002/hosts.htm

 

Kontrollpanelen - Lägg till eller ta bort program

Om något av följande finns i listan så ta bort:

Oin

Yazzle by Oin

Purityscan by Oin

Snowballwars by Oin

eller något liknande med Oin eller Outerinfo i sig.

Zolero

Tizzletalk

MediaTickets

Cowabanga

 

Ladda ner och kör avinstallationsprogrammet http://www.outerinfo.com/OiUninstaller.exe

Om du behöver anvisningar så finns de här: http://www.outerinfo.com/howto.html

 

Ladda ner ComboFix:

http://download.bleepingcomputer.com/sUBs/combofix.exe

 

Kör den och följ anvisningarna som visas.

 

VIKTIGT! Klicka inte på Combofix-fönstret med musen när den körs annars kan den hänga upp sig.

 

När den är färdig så ska en logg komma upp klistra in den här, samt en ny HijackThis-logg.

 

Link to comment
Share on other sites

[log]Logfile of HijackThis v1.99.1

Scan saved at 20:51, on 06-10-30

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Program\Delade filer\Symantec Shared\ccSvcHst.exe

C:\Program\Delade filer\Symantec Shared\AppCore\AppSvc32.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program\Symantec\LiveUpdate\ALUSchedulerSvc.exe

C:\Program\Grisoft\AVG Anti-Spyware 7.5\guard.exe

C:\Program\Spyware Doctor\sdhelp.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\wdfmgr.exe

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZENG04.EXE

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\RunDll32.exe

C:\WINDOWS\AGRSMMSG.exe

C:\Program\Home Cinema\PowerCinema\PCMService.exe

C:\WINDOWS\mHotkey.exe

C:\WINDOWS\CNYHKey.exe

C:\Program\Microsoft Works\WksSb.exe

C:\WINDOWS\System32\svchost.exe

C:\Program\D-Tools\daemon.exe

C:\Program\Winamp\winampa.exe

C:\Program\COMMON~1\X10\Common\x10nets.exe

C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe

C:\Program\QuickTime\qttask.exe

C:\Program\Nokia\NOKIAP~1\LAUNCH~1.EXE

C:\Program\Grisoft\AVG Anti-Spyware 7.5\avgas.exe

C:\Program\Delade filer\Symantec Shared\ccApp.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program\Nokia\Nokia PC Suite 6\PcSync2.exe

C:\Program\Delade filer\PCSuite\Services\ServiceLayer.exe

C:\Program\MSN Messenger\MsnMsgr.Exe

C:\Program\Spyware Doctor\swdoctor.exe

C:\Program\DELADE~1\Nokia\MPAPI\MPAPI3s.exe

C:\Program\Kodak\Kodak EasyShare software\bin\EasyShare.exe

C:\Program\VCOM\PowerDesk\pddlghlp.exe

C:\Program\Symantec\LiveUpdate\AUPDATE.EXE

C:\Program\Internet Explorer\iexplore.exe

C:\Program\Hijackthis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar

R3 - URLSearchHook: (no name) - {A8B28872-3324-4CD2-8AA3-7D555C872D96} - (no file)

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {153B81DF-4138-14CF-1986-13D4C4B5A99C} - blank (file missing)

O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program\Delade filer\Symantec Shared\coShared\Browser\1.0\NppBho.dll

O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\Program\SPYWAR~1\tools\iesdsg.dll

O2 - BHO: (no name) - {8C5C7FBB-6C7E-4264-849A-08BDBFBA9738} - O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program\Delade filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: (no name) - {A54E21B1-A9EB-4472-B0C8-32440AA66E1E} - O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\Program\SPYWAR~1\tools\iesdpb.dll

O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program\Windows Live Toolbar\msntb.dll

O2 - BHO: PrintViewBHO Class - {D4E0C464-30CE-4075-9A10-71FD106C2847} - blank (file missing)

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program\Yahoo!\Companion\Installs\cpn\yt.dll

O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program\Windows Live Toolbar\msntb.dll

O3 - Toolbar: Visa Norton-verktygsfältet - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program\Delade filer\Symantec Shared\coShared\Browser\1.0\UIBHO.dll

O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE

O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe

O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd

O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe

O4 - HKLM\..\Run: [PCMService] "C:\Program\Home Cinema\PowerCinema\PCMService.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [CHotkey] mHotkey.exe

O4 - HKLM\..\Run: [ledpointer] CNYHKey.exe

O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program\Microsoft Works\WkDetect.exe

O4 - HKLM\..\Run: [WorksFUD] C:\Program\Microsoft Works\wkfud.exe

O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program\Microsoft Works\WksSb.exe /AllUsers

O4 - HKLM\..\Run: [Transparent] C:\Program\TweakNow PowerPack 2006\Transparent.exe 254

O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program\D-Tools\daemon.exe" -lang 1033

O4 - HKLM\..\Run: [ATICCC] "C:\Program\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay

O4 - HKLM\..\Run: [WinampAgent] C:\Program\Winamp\winampa.exe

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup

O4 - HKLM\..\Run: [explorer] C:\Documents and Settings\Ägaren\Skrivbord\two.exe

O4 - HKLM\..\Run: [sfo1bb34] RUNDLL32.EXE w04a5db8.dll,n 0061bb2e0000000a04a5db8

O4 - HKLM\..\Run: [ipWins] C:\Program\ipwins\ipwins.exe

O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized

O4 - HKLM\..\Run: [ccApp] "C:\Program\Delade filer\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [osCheck] "C:\Program\Norton Internet Security\osCheck.exe"

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [PcSync] C:\Program\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [slnt] "C:\DOCUME~1\GAREN~1\APPLIC~1\MANTEC~1\winword.exe" -vt ndrv

O4 - HKCU\..\Run: [spyware Doctor] "C:\Program\Spyware Doctor\swdoctor.exe" /Q

O4 - Startup: Dialog Helper.lnk = C:\Program\VCOM\PowerDesk\pddlghlp.exe

O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program\Kodak\Kodak EasyShare software\bin\EasyShare.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program\Microsoft Office\Office10\OSA.EXE

O8 - Extra context menu item: &Windows Live Search - res://C:\Program\Windows Live Toolbar\msntb.dll/search.htm

O8 - Extra context menu item: Öppna på ny flik i bakgrunden - res://C:\Program\Windows Live Toolbar\Components\sv-se\msntabres.dll.mui/229?268389f268aa4c74b17a8243336b2c59

O8 - Extra context menu item: Öppna på ny flik i förgrunden - res://C:\Program\Windows Live Toolbar\Components\sv-se\msntabres.dll.mui/230?268389f268aa4c74b17a8243336b2c59

O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\Program\SPYWAR~1\tools\iesdpb.dll

O9 - Extra button: Expekt.com Poker - {3852AC86-965F-4abe-A75F-3DCB7E81A4B2} - C:\Program\expektMPP\MPPoker.exe (file missing)

O9 - Extra button: MultiPoker - {641F4F4E-6C91-4159-869E-9F5CE6F0F64E} - C:\Program\MultiPoker\MultiPoker.exe (file missing)

O9 - Extra 'Tools' menuitem: MultiPoker - {641F4F4E-6C91-4159-869E-9F5CE6F0F64E} - C:\Program\MultiPoker\MultiPoker.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O16 - DPF: {13EC55CF-D993-475B-9ACA-F4A384957956} (Controller Class) - https://www.windowsonecare.com/install/cli/1.1.1067.8/WinSSWebAgent.CAB

O17 - HKLM\System\CCS\Services\Tcpip\..\{BE382EA1-B1E6-4014-9B19-BFB28AAAD56E}: NameServer = 195.67.199.12 195.67.199.13

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program\MSNMES~1\MSGRAP~1.DLL

O20 - Winlogon Notify: App Management - C:\WINDOWS\system32\dvghelp.dll (file missing)

O20 - Winlogon Notify: Applets - C:\WINDOWS\system32\mldart.dll (file missing)

O20 - Winlogon Notify: Nls - C:\WINDOWS\system32\socurity.dll (file missing)

O20 - Winlogon Notify: Run - C:\WINDOWS\system32\xbnroll.dll (file missing)

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: Automatisk LiveUpdate-schemaläggare - Symantec Corporation - C:\Program\Symantec\LiveUpdate\ALUSchedulerSvc.exe

O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program\Grisoft\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program\Delade filer\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)

O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program\Delade filer\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)

O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program\Delade filer\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)

O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\VAScanner\comHost.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program\Delade filer\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Symantec IS Verifiering av lösenord (ISPwdSvc) - Symantec Corporation - C:\Program\Norton Internet Security\isPwdSvc.exe

O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\Program\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program\Spyware Doctor\sdhelp.exe

O23 - Service: ServiceLayer - Nokia. - C:\Program\Delade filer\PCSuite\Services\ServiceLayer.exe

O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\CCPD-LC\symlcsvc.exe

O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\AppCore\AppSvc32.exe

O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\Program\COMMON~1\X10\Common\x10nets.exe

 

[/log]

 

Link to comment
Share on other sites

Jag är ingen super hacker hoppas att jag gjorde rätt.

Tack! Ni är ljuset i mörkret :) Man lär sig ju alltid något :) Kanske

 

Link to comment
Share on other sites

Visst lär man sig en del av att rensa datorn.

 

Ladda ner ComboFix:

http://download.bleepingcomputer.com/sUBs/combofix.exe

 

Kör den och följ anvisningarna som visas.

 

VIKTIGT! Klicka inte på Combofix-fönstret med musen när den körs annars kan den hänga upp sig.

 

När den är färdig så ska en logg komma upp klistra in den här

 

Link to comment
Share on other sites

[log]Žgaren - 06-10-31 18:51:54.68 Service Pack 2

ComboFix 06.10.19 - Running from: "C:\Documents and Settings\Žgaren\Skrivbord"

 

((((((((((((((((((((((((((((((((((((((((((((( Look2Me's Log ))))))))))))))))))))))))))))))))))))))))))))))))))

 

REGISTRY ENTRIES REMOVED:

 

[HKEY_CLASSES_ROOT\clsid\{DDF2381B-D52C-4077-9D50-A26E02D455CE}]

@=""

"IDEx"="ADDR"

 

[HKEY_CLASSES_ROOT\clsid\{DDF2381B-D52C-4077-9D50-A26E02D455CE}\Implemented Categories]

@=""

 

[HKEY_CLASSES_ROOT\clsid\{DDF2381B-D52C-4077-9D50-A26E02D455CE}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]

@=""

 

[HKEY_CLASSES_ROOT\clsid\{DDF2381B-D52C-4077-9D50-A26E02D455CE}\InprocServer32]

@="blank"

"ThreadingModel"="Apartment"

 

[HKEY_CLASSES_ROOT\clsid\{D8642BA0-E01C-471C-A674-594A0E52A519}]

@=""

"IDEx"="ADDR"

 

[HKEY_CLASSES_ROOT\clsid\{D8642BA0-E01C-471C-A674-594A0E52A519}\Implemented Categories]

@=""

 

[HKEY_CLASSES_ROOT\clsid\{D8642BA0-E01C-471C-A674-594A0E52A519}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]

@=""

 

[HKEY_CLASSES_ROOT\clsid\{D8642BA0-E01C-471C-A674-594A0E52A519}\InprocServer32]

@="blank"

"ThreadingModel"="Apartment"

 

[HKEY_CLASSES_ROOT\clsid\{44DF4C59-4B4F-4F0B-AC26-1D73F9F4739F}]

@=""

"IDEx"="ADDR"

 

[HKEY_CLASSES_ROOT\clsid\{44DF4C59-4B4F-4F0B-AC26-1D73F9F4739F}\Implemented Categories]

@=""

 

[HKEY_CLASSES_ROOT\clsid\{44DF4C59-4B4F-4F0B-AC26-1D73F9F4739F}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]

@=""

 

[HKEY_CLASSES_ROOT\clsid\{44DF4C59-4B4F-4F0B-AC26-1D73F9F4739F}\InprocServer32]

@="blank"

"ThreadingModel"="Apartment"

 

[HKEY_CLASSES_ROOT\clsid\{542EBD69-5945-4B37-A83C-2527B572962D}]

@=""

"IDEx"="ADDR"

 

[HKEY_CLASSES_ROOT\clsid\{542EBD69-5945-4B37-A83C-2527B572962D}\Implemented Categories]

@=""

 

[HKEY_CLASSES_ROOT\clsid\{542EBD69-5945-4B37-A83C-2527B572962D}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]

@=""

 

[HKEY_CLASSES_ROOT\clsid\{542EBD69-5945-4B37-A83C-2527B572962D}\InprocServer32]

@="blank"

"ThreadingModel"="Apartment"

 

* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *

 

 

Granting sedebugprivilege to Administratörer ... successful

 

 

(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

 

 

C:\WINDOWS\system32\aaa00000.sys

C:\Program\Delade filer\{34C190F0-0ECE-1033-1029-04090204002e}

C:\Program\Delade filer\{44C190F0-0ECE-1033-1029-04090204002e}

 

~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ Purity ~ ~ ~ ~ ~ ~ ~ ~~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~

 

Folders Quarantined:

 

C:\QooBox\Purity\Documents and Settings\Žgaren\Application Data\MANTEC~1

C:\QooBox\Purity\Documents and Settings\Žgaren\Application Data\YMBOLS~1

C:\QooBox\Purity\Documents and Settings\Žgaren\Application Data\MANTEC~1\??mantec

 

 

((((((((((((((((((((((((((((((( Files Created from 2006-09-31 to 2006-10-31 ))))))))))))))))))))))))))))))))))

 

 

2006-10-31 18:51 61,440 --a--c--- C:\WINDOWS\system32\W32N50.dll

2006-10-31 18:51 16,292 --a--c--- C:\WINDOWS\system32\PCANDIS5.SYS

2006-10-29 15:02 51,072 --a--c--- C:\WINDOWS\system32\drivers\ikhlayer.sys

2006-10-29 15:02 30,592 --a--c--- C:\WINDOWS\system32\drivers\ikhfile.sys

2006-10-27 21:46 53,248 --a--c--- C:\WINDOWS\system32\Process.exe

2006-10-27 21:46 40,960 --a--c--- C:\WINDOWS\system32\swsc.exe

2006-10-27 21:46 288,417 --a--c--- C:\WINDOWS\system32\SrchSTS.exe

2006-10-27 21:46 135,168 --a--c--- C:\WINDOWS\system32\swreg.exe

2006-10-27 06:45 24,576 --a--c--- C:\WINDOWS\system32\STKIT432.DLL

2006-10-27 06:28 5,632 --a--c--- C:\WINDOWS\system32\Machnm64.sys

2006-10-27 06:28 2,304 --a--c--- C:\WINDOWS\system32\Machnm32.sys

2006-10-27 06:28 15,840 --a--c--- C:\WINDOWS\system32\Machnm1.exe

2006-10-25 18:36 178,408 --a--c--- C:\WINDOWS\system32\muweb.dll

2006-10-25 18:36 127,720 --a--c--- C:\WINDOWS\system32\mucltui.dll

2006-10-23 19:25 3,968 --a--c--- C:\WINDOWS\system32\drivers\AvgAsCln.sys

2006-10-20 18:42 1,259 --a--c--- C:\WINDOWS\system32\sfo1bb34.sys

 

 

(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

 

 

2006-10-31 18:52 -------- d----c--- C:\Program\Delade filer

2006-10-31 18:51 -------- d--h-c--- C:\Program\InstallShield Installation Information

2006-10-31 18:51 -------- d----c--- C:\Program\NETGEAR

2006-10-31 18:29 -------- d----c--- C:\Program\Delade filer\Symantec Shared

2006-10-30 22:20 -------- d----c--- C:\Program\Steam

2006-10-30 20:51 -------- d----c--- C:\Program\Hijackthis

2006-10-29 18:28 -------- d----c--- C:\Program\Google

2006-10-29 15:19 -------- d----c--- C:\Program\Spyware Doctor

2006-10-29 15:02 -------- d----c--- C:\Documents and Settings\Žgaren\Application Data\PC Tools

2006-10-29 14:17 -------- d----c--- C:\Program\Registry Mechanic

2006-10-29 12:43 -------- d----c--- C:\Documents and Settings\Žgaren\Application Data\Google

2006-10-28 21:18 -------- d----c--- C:\Program\Expekt

2006-10-28 19:55 -------- d----c--- C:\Program\Symantec

2006-10-28 18:39 -------- d----c--- C:\Program\Norton Internet Security

2006-10-28 09:20 -------- d----c--- C:\Program\Delade filer\Microsoft Shared

2006-10-27 06:33 -------- d----c--- C:\Program\Defenza

2006-10-25 18:41 -------- d----c--- C:\Program\MSXML 4.0

2006-10-24 07:00 -------- d----c--- C:\Program\Windows Live Toolbar

2006-10-24 07:00 -------- d----c--- C:\Program\MSN Messenger

2006-10-23 19:24 -------- d----c--- C:\Program\Grisoft

2006-10-23 17:33 -------- d----c--- C:\Program\XoftSpy

2006-10-23 16:04 -------- d----c--- C:\Program\SpeedFan

2006-10-21 17:11 -------- d----c--- C:\Program\PonyGirl2

2006-10-19 06:31 -------- d----c--- C:\Documents and Settings\Žgaren\Application Data\AdobeUM

2006-09-21 15:42 618328 --a--c--- C:\WINDOWS\system32\WINSSWEBAGENT.DLL

2006-09-15 21:04 48816 --a--c--- C:\WINDOWS\system32\S32EVNT1.DLL

2006-09-15 21:04 109744 --a--c--- C:\WINDOWS\system32\drivers\SYMEVENT.SYS

2006-09-13 06:07 1084416 --a--c--- C:\WINDOWS\system32\msxml3.dll

2006-09-12 16:51 1245184 --a--c--- C:\WINDOWS\system32\msxml4.dll

2006-09-11 15:30 275112 --a--c--- C:\WINDOWS\system32\drivers\srtspl.sys

2006-09-11 15:30 243368 --a--c--- C:\WINDOWS\system32\drivers\srtsp.sys

2006-09-11 15:30 24232 --a--c--- C:\WINDOWS\system32\drivers\srtspx.sys

2006-09-08 15:26 39685 --a--c--- C:\Documents and Settings\Žgaren\Application Data\NMM-MetaData.db

2006-09-07 19:25 -------- d----c--- C:\Program\Nokia

2006-09-07 19:25 -------- d----c--- C:\Program\Delade filer\PCSuite

2006-09-07 19:25 -------- d----c--- C:\Program\Delade filer\Nokia

2006-09-07 19:17 -------- d----c--- C:\Documents and Settings\Žgaren\Application Data\Datalayer

2006-09-07 19:16 -------- d----c--- C:\Documents and Settings\Žgaren\Application Data\Nokia

2006-09-07 19:15 -------- d----c--- C:\Program\Yahoo!

2006-09-07 19:14 -------- d----c--- C:\Program\DIFX

2006-09-07 19:14 -------- d----c--- C:\Documents and Settings\Žgaren\Application Data\PC Suite

2006-09-02 12:35 613056 --a--c--- C:\WINDOWS\system32\SymNeti.dll

2006-09-02 12:35 36032 --a--c--- C:\WINDOWS\system32\drivers\symndisv.sys

2006-09-02 12:35 239808 --a--c--- C:\WINDOWS\system32\SymRedir.dll

2006-09-02 12:35 186048 --a--c--- C:\WINDOWS\system32\drivers\symtdi.sys

2006-09-02 12:34 39104 --a--c--- C:\WINDOWS\system32\drivers\symids.sys

2006-09-02 12:34 33216 --a--c--- C:\WINDOWS\system32\drivers\symndis.sys

2006-09-02 12:34 26432 --a--c--- C:\WINDOWS\system32\drivers\symredrv.sys

2006-09-02 12:34 144832 --a--c--- C:\WINDOWS\system32\drivers\symfw.sys

2006-09-02 12:34 11968 --a--c--- C:\WINDOWS\system32\drivers\symdns.sys

2006-08-25 16:54 617472 --a--c--- C:\WINDOWS\system32\comctl32.dll

2006-08-21 13:28 16896 --a--c--- C:\WINDOWS\system32\fltlib.dll

2006-08-21 10:14 23040 --a--c--- C:\WINDOWS\system32\fltmc.exe

2006-08-16 12:59 100352 --a--c--- C:\WINDOWS\system32\6to4svc.dll

 

 

(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

 

*Note* empty entries are not shown

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]

"CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.exe"

"PcSync"="C:\\Program\\Nokia\\Nokia PC Suite 6\\PcSync2.exe /NoDialog"

"MsnMsgr"="\"C:\\Program\\MSN Messenger\\MsnMsgr.Exe\" /background"

"Slnt"="\"C:\\DOCUME~1\\GAREN~1\\APPLIC~1\\MANTEC~1\\winword.exe\" -vt ndrv"

"Spyware Doctor"="\"C:\\Program\\Spyware Doctor\\swdoctor.exe\" /Q"

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]

"Recguard"="C:\\WINDOWS\\SMINST\\RECGUARD.EXE"

@=""

"High Definition Audio Property Page Shortcut"="HDAudPropShortcut.exe"

"Cmaudio"="RunDll32 cmicnfg.cpl,CMICtrlWnd"

"AGRSMMSG"="AGRSMMSG.exe"

"PCMService"="\"C:\\Program\\Home Cinema\\PowerCinema\\PCMService.exe\""

"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"

"CHotkey"="mHotkey.exe"

"ledpointer"="CNYHKey.exe"

"Microsoft Works Update Detection"="C:\\Program\\Microsoft Works\\WkDetect.exe"

"WorksFUD"="C:\\Program\\Microsoft Works\\wkfud.exe"

"Microsoft Works Portfolio"="C:\\Program\\Microsoft Works\\WksSb.exe /AllUsers"

"Transparent"="C:\\Program\\TweakNow PowerPack 2006\\Transparent.exe 254"

"DAEMON Tools-1033"="\"C:\\Program\\D-Tools\\daemon.exe\" -lang 1033"

"ATICCC"="\"C:\\Program\\ATI Technologies\\ATI.ACE\\cli.exe\" runtime -Delay"

"WinampAgent"="C:\\Program\\Winamp\\winampa.exe"

"HPDJ Taskbar Utility"="C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\hpztsb04.exe"

"QuickTime Task"="\"C:\\Program\\QuickTime\\qttask.exe\" -atboottime"

"PCSuiteTrayApplication"="C:\\Program\\Nokia\\NOKIAP~1\\LAUNCH~1.EXE -startup"

"sfo1bb34"="RUNDLL32.EXE w04a5db8.dll,n 0061bb2e0000000a04a5db8"

"!AVG Anti-Spyware"="\"C:\\Program\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"

"RegistryMechanic"=""

"ccApp"="\"C:\\Program\\Delade filer\\Symantec Shared\\ccApp.exe\""

"osCheck"="\"C:\\Program\\Norton Internet Security\\osCheck.exe\""

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]

"Installed"="1"

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]

"Installed"="1"

"NoChange"="1"

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]

"Installed"="1"

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonceex]

@=""

 

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]

"DeskHtmlVersion"=dword:00000110

"DeskHtmlMinorVersion"=dword:00000005

"Settings"=dword:00000001

"GeneralFlags"=dword:00000004

 

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]

"CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"

"Spyware Doctor"="\"C:\\Program\\Spyware Doctor\\swdoctor.exe\" /Q"

 

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]

"CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"

"Spyware Doctor"="\"C:\\Program\\Spyware Doctor\\swdoctor.exe\" /Q"

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]

"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"

"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]

"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""

"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"NoDriveTypeAutoRun"=dword:00000091

"NoDrives"=hex:00,00,00,00

"NoSharedDocuments"=hex:01,00,00,00

"NoChangeStartMenu"=dword:00000000

"ClearRecentDocsOnExit"=dword:00000000

"NoRecentDocsHistory"=dword:00000000

"MaxRecentDocs"=dword:0000000b

"NoStartMenuMFUprogramsList"=dword:00000000

"NoLowDiskSpaceChecks"=dword:00000000

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\DisallowRun]

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"dontdisplaylastusername"=dword:00000000

"legalnoticecaption"=""

"legalnoticetext"=""

"shutdownwithoutlogon"=dword:00000001

"undockwithoutlogon"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

"NoCDBurning"=dword:00000000

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]

 

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]

"NoDriveTypeAutoRun"=dword:00000091

 

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]

"NoDriveTypeAutoRun"=dword:00000091

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]

"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"

"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"

"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"

"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]

"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

 

 

Contents of the 'Scheduled Tasks' folder

C:\WINDOWS\tasks\Check Updates for Windows Live Toolbar.job

C:\WINDOWS\tasks\Norton Internet Security - S”k igenom datorn - Žgaren.job

 

Completion time: 06-10-31 18:54:42.76

C:\ComboFix.txt ... 06-10-31 18:54

[/log]

 

Åhh vad skönt datorn funkar igen! WHEEE!!

 

Link to comment
Share on other sites

Gå till http://www.virustotal.com/ klistra in ett av följande filnamn, tryck på Send och vänta tills resultatet är klart (Status blir Finished). Klistra in resultatet (inkl. filstorlek) här. Upprepa med nästa filnamn.

Ta alla filnamnen som finns under rubriken Files Created from 2006-09-31 to 2006-10-31 i ComboFix-loggen.

 

Och så slutligen en ny HijackThis-logg, så tittar jag på alltihop imorgon.

 

Link to comment
Share on other sites

Hej jag har försökt att klistra in filerna på virustotal.com men det står bara downloading file hos dom och det händer ingenting.

Jag har även mailat dom filerna men det fungerade inte heller

Jag har forfarande något bus i datorn, det blir fel i explorer ibland och när jag startar datorn kommer det upp ett litet fönster där det står.

RUNDLL

Det gick inte att läsa w04a5db8.dll

Det går inte att hitta modulen

 

MVH Danne

 

Link to comment
Share on other sites

Hej nu har jag haft tid att scanna filerna.

Det var två filer som kunde vara infekterade.

2006-10-27 21:46 288,417 --a--c--- C:\WINDOWS\system32\SrchSTS.exe

2006-10-27 21:46 135,168 --a--c--- C:\WINDOWS\system32\swreg.exe

 

 

här kommer en hijack logg oxo

 

 

[log]Logfile of HijackThis v1.99.1

Scan saved at 20:36, on 06-11-08

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Program\Delade filer\Symantec Shared\ccSvcHst.exe

C:\Program\Delade filer\Symantec Shared\AppCore\AppSvc32.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\RunDll32.exe

C:\WINDOWS\AGRSMMSG.exe

C:\Program\Symantec\LiveUpdate\ALUSchedulerSvc.exe

C:\Program\Home Cinema\PowerCinema\PCMService.exe

C:\WINDOWS\mHotkey.exe

C:\WINDOWS\CNYHKey.exe

C:\Program\Microsoft Works\WksSb.exe

C:\Program\D-Tools\daemon.exe

C:\Program\Grisoft\AVG Anti-Spyware 7.5\guard.exe

C:\Program\Winamp\winampa.exe

C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe

C:\Program\Spyware Doctor\sdhelp.exe

C:\WINDOWS\system32\svchost.exe

C:\Program\QuickTime\qttask.exe

C:\Program\Nokia\NOKIAP~1\LAUNCH~1.EXE

C:\Program\Grisoft\AVG Anti-Spyware 7.5\avgas.exe

C:\WINDOWS\system32\wdfmgr.exe

C:\Program\Delade filer\Symantec Shared\ccApp.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program\Nokia\Nokia PC Suite 6\PcSync2.exe

C:\Program\MSN Messenger\MsnMsgr.Exe

C:\Program\Spyware Doctor\swdoctor.exe

C:\Program\DELADE~1\Nokia\MPAPI\MPAPI3s.exe

C:\Program\Kodak\Kodak EasyShare software\bin\EasyShare.exe

C:\Program\NETGEAR\MA111 Configuration Utility\wlancfg4.exe

C:\Program\VCOM\PowerDesk\pddlghlp.exe

C:\Program\COMMON~1\X10\Common\x10nets.exe

C:\Program\Delade filer\PCSuite\Services\ServiceLayer.exe

C:\Program\Delade filer\Symantec Shared\CCPD-LC\symlcsvc.exe

C:\WINDOWS\System32\svchost.exe

C:\Program\Internet Explorer\iexplore.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\rsvp.exe

C:\Program\Hijackthis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {153B81DF-4138-14CF-1986-13D4C4B5A99C} - blank (file missing)

O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program\Delade filer\Symantec Shared\coShared\Browser\1.0\NppBho.dll

O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\Program\SPYWAR~1\tools\iesdsg.dll

O2 - BHO: (no name) - {8C5C7FBB-6C7E-4264-849A-08BDBFBA9738} - O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program\Delade filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: (no name) - {A54E21B1-A9EB-4472-B0C8-32440AA66E1E} - O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\Program\SPYWAR~1\tools\iesdpb.dll

O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program\Windows Live Toolbar\msntb.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program\Yahoo!\Companion\Installs\cpn\yt.dll

O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program\Windows Live Toolbar\msntb.dll

O3 - Toolbar: Visa Norton-verktygsfältet - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program\Delade filer\Symantec Shared\coShared\Browser\1.0\UIBHO.dll

O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE

O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe

O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd

O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe

O4 - HKLM\..\Run: [PCMService] "C:\Program\Home Cinema\PowerCinema\PCMService.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [CHotkey] mHotkey.exe

O4 - HKLM\..\Run: [ledpointer] CNYHKey.exe

O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program\Microsoft Works\WkDetect.exe

O4 - HKLM\..\Run: [WorksFUD] C:\Program\Microsoft Works\wkfud.exe

O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program\Microsoft Works\WksSb.exe /AllUsers

O4 - HKLM\..\Run: [Transparent] C:\Program\TweakNow PowerPack 2006\Transparent.exe 254

O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program\D-Tools\daemon.exe" -lang 1033

O4 - HKLM\..\Run: [ATICCC] "C:\Program\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay

O4 - HKLM\..\Run: [WinampAgent] C:\Program\Winamp\winampa.exe

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup

O4 - HKLM\..\Run: [sfo1bb34] RUNDLL32.EXE w04a5db8.dll,n 0061bb2e0000000a04a5db8

O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized

O4 - HKLM\..\Run: [ccApp] "C:\Program\Delade filer\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [osCheck] "C:\Program\Norton Internet Security\osCheck.exe"

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [PcSync] C:\Program\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [slnt] "C:\DOCUME~1\GAREN~1\APPLIC~1\MANTEC~1\winword.exe" -vt ndrv

O4 - HKCU\..\Run: [spyware Doctor] "C:\Program\Spyware Doctor\swdoctor.exe" /Q

O4 - Startup: Dialog Helper.lnk = C:\Program\VCOM\PowerDesk\pddlghlp.exe

O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program\Kodak\Kodak EasyShare software\bin\EasyShare.exe

O4 - Global Startup: MA111 Configuration Utility.lnk = ?

O4 - Global Startup: Microsoft Office.lnk = C:\Program\Microsoft Office\Office10\OSA.EXE

O8 - Extra context menu item: &Windows Live Search - res://C:\Program\Windows Live Toolbar\msntb.dll/search.htm

O8 - Extra context menu item: Öppna på ny flik i bakgrunden - res://C:\Program\Windows Live Toolbar\Components\sv-se\msntabres.dll.mui/229?268389f268aa4c74b17a8243336b2c59

O8 - Extra context menu item: Öppna på ny flik i förgrunden - res://C:\Program\Windows Live Toolbar\Components\sv-se\msntabres.dll.mui/230?268389f268aa4c74b17a8243336b2c59

O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\Program\SPYWAR~1\tools\iesdpb.dll

O9 - Extra button: Expekt.com Poker - {3852AC86-965F-4abe-A75F-3DCB7E81A4B2} - C:\Program\expektMPP\MPPoker.exe (file missing)

O9 - Extra button: MultiPoker - {641F4F4E-6C91-4159-869E-9F5CE6F0F64E} - C:\Program\MultiPoker\MultiPoker.exe (file missing)

O9 - Extra 'Tools' menuitem: MultiPoker - {641F4F4E-6C91-4159-869E-9F5CE6F0F64E} - C:\Program\MultiPoker\MultiPoker.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O16 - DPF: {13EC55CF-D993-475B-9ACA-F4A384957956} (Controller Class) - https://www.windowsonecare.com/install/cli/1.1.1067.8/WinSSWebAgent.CAB

O17 - HKLM\System\CCS\Services\Tcpip\..\{BE382EA1-B1E6-4014-9B19-BFB28AAAD56E}: NameServer = 195.67.199.12 195.67.199.13

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program\MSNMES~1\MSGRAP~1.DLL

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: Automatisk LiveUpdate-schemaläggare - Symantec Corporation - C:\Program\Symantec\LiveUpdate\ALUSchedulerSvc.exe

O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program\Grisoft\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program\Delade filer\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)

O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program\Delade filer\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)

O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program\Delade filer\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)

O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\VAScanner\comHost.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program\Delade filer\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Symantec IS Verifiering av lösenord (ISPwdSvc) - Symantec Corporation - C:\Program\Norton Internet Security\isPwdSvc.exe

O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\Program\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program\Spyware Doctor\sdhelp.exe

O23 - Service: ServiceLayer - Nokia. - C:\Program\Delade filer\PCSuite\Services\ServiceLayer.exe

O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\CCPD-LC\symlcsvc.exe

O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\AppCore\AppSvc32.exe

O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\Program\COMMON~1\X10\Common\x10nets.exe

 

[/log]

 

Vad göra nu ? MVH Danne hmm jag menade Jagularen :)

 

Link to comment
Share on other sites

2006-10-27 21:46 288,417 --a--c--- C:\WINDOWS\system32\SrchSTS.exe

2006-10-27 21:46 135,168 --a--c--- C:\WINDOWS\system32\swreg.exe

Dessa filer kan vara en del av Smitfraudfix. Har du laddat ner det programmet? Om inte så vore det bra att veta vad de är infekterade med!

 

[log]Skanna med HijackThis och bocka för:

 

O2 - BHO: (no name) - {153B81DF-4138-14CF-1986-13D4C4B5A99C} - blank (file missing)

O2 - BHO: (no name) - {8C5C7FBB-6C7E-4264-849A-08BDBFBA9738} -

O4 - HKLM\..\Run: [sfo1bb34] RUNDLL32.EXE w04a5db8.dll,n 0061bb2e0000000a04a5db8

O4 - HKCU\..\Run: [slnt] "C:\DOCUME~1\GAREN~1\APPLIC~1\MANTEC~1\winword.exe" -vt ndrv

 

Om du inte använder dessa Poker-program längre så även dessa rader:

 

O9 - Extra button: Expekt.com Poker - {3852AC86-965F-4abe-A75F-3DCB7E81A4B2} - C:\Program\expektMPP\MPPoker.exe (file missing)

O9 - Extra button: MultiPoker - {641F4F4E-6C91-4159-869E-9F5CE6F0F64E} - C:\Program\MultiPoker\MultiPoker.exe (file missing)

O9 - Extra 'Tools' menuitem: MultiPoker - {641F4F4E-6C91-4159-869E-9F5CE6F0F64E} - C:\Program\MultiPoker\MultiPoker.exe (file missing)

 

Avsluta alla andra program.

Tryck Fix checked.

 

Starta om datorn i felsäkert läge (tryck F8 upprepade gånger under uppstarten och välj felsäkert läge i menyn).

 

Ställ in Utforskaren så att du kan se alla filer:

Verktyg - (Mapp)alternativ eller liknande - Visning

Välj Visa dolda filer och mappar

Avbocka Dölj filnamnstillägg för kända filtyper

Avbocka Dölj skyddade operativsystemfiler

 

Ta bort filerna (om de finns kvar):

w04a5db8.dll

finns troligen i C:\WINDOWS\system32 eller C:\WINDOWS\, men om inte så sök igenom datorn.

 

Ta bort mapparna (om de finns kvar):

C:\DOCUME~1\GAREN~1\APPLIC~1\MANTEC~1

där ~1 står för ett antal godtyckliga tecken

 

Starta om i normalt läge och så en ny HijackThis-logg.[/log]

 

Link to comment
Share on other sites

[log]Logfile of HijackThis v1.99.1

Scan saved at 19:04, on 06-11-09

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Program\Delade filer\Symantec Shared\ccSvcHst.exe

C:\Program\Delade filer\Symantec Shared\AppCore\AppSvc32.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program\Symantec\LiveUpdate\ALUSchedulerSvc.exe

C:\Program\Grisoft\AVG Anti-Spyware 7.5\guard.exe

C:\Program\Spyware Doctor\sdhelp.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\wdfmgr.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\RunDll32.exe

C:\WINDOWS\AGRSMMSG.exe

C:\Program\Home Cinema\PowerCinema\PCMService.exe

C:\WINDOWS\mHotkey.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\CNYHKey.exe

C:\Program\Microsoft Works\WksSb.exe

C:\Program\D-Tools\daemon.exe

C:\Program\Winamp\winampa.exe

C:\Program\COMMON~1\X10\Common\x10nets.exe

C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe

C:\Program\QuickTime\qttask.exe

C:\Program\Nokia\NOKIAP~1\LAUNCH~1.EXE

C:\Program\Grisoft\AVG Anti-Spyware 7.5\avgas.exe

C:\Program\Delade filer\Symantec Shared\ccApp.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program\Nokia\Nokia PC Suite 6\PcSync2.exe

C:\Program\Delade filer\PCSuite\Services\ServiceLayer.exe

C:\Program\MSN Messenger\MsnMsgr.Exe

C:\Program\DELADE~1\Nokia\MPAPI\MPAPI3s.exe

C:\Program\Spyware Doctor\swdoctor.exe

C:\Program\Kodak\Kodak EasyShare software\bin\EasyShare.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program\NETGEAR\MA111 Configuration Utility\wlancfg4.exe

C:\Program\VCOM\PowerDesk\pddlghlp.exe

C:\Program\Internet Explorer\iexplore.exe

C:\Program\Norton Internet Security\Norton AntiVirus\NAVW32.exe

C:\Program\Hijackthis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program\Delade filer\Symantec Shared\coShared\Browser\1.0\NppBho.dll

O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\Program\SPYWAR~1\tools\iesdsg.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program\Delade filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: (no name) - {A54E21B1-A9EB-4472-B0C8-32440AA66E1E} - O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\Program\SPYWAR~1\tools\iesdpb.dll

O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program\Windows Live Toolbar\msntb.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program\Yahoo!\Companion\Installs\cpn\yt.dll

O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program\Windows Live Toolbar\msntb.dll

O3 - Toolbar: Visa Norton-verktygsfältet - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program\Delade filer\Symantec Shared\coShared\Browser\1.0\UIBHO.dll

O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE

O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe

O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd

O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe

O4 - HKLM\..\Run: [PCMService] "C:\Program\Home Cinema\PowerCinema\PCMService.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [CHotkey] mHotkey.exe

O4 - HKLM\..\Run: [ledpointer] CNYHKey.exe

O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program\Microsoft Works\WkDetect.exe

O4 - HKLM\..\Run: [WorksFUD] C:\Program\Microsoft Works\wkfud.exe

O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program\Microsoft Works\WksSb.exe /AllUsers

O4 - HKLM\..\Run: [Transparent] C:\Program\TweakNow PowerPack 2006\Transparent.exe 254

O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program\D-Tools\daemon.exe" -lang 1033

O4 - HKLM\..\Run: [ATICCC] "C:\Program\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay

O4 - HKLM\..\Run: [WinampAgent] C:\Program\Winamp\winampa.exe

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup

O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized

O4 - HKLM\..\Run: [ccApp] "C:\Program\Delade filer\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [osCheck] "C:\Program\Norton Internet Security\osCheck.exe"

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [PcSync] C:\Program\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [spyware Doctor] "C:\Program\Spyware Doctor\swdoctor.exe" /Q

O4 - Startup: Dialog Helper.lnk = C:\Program\VCOM\PowerDesk\pddlghlp.exe

O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program\Kodak\Kodak EasyShare software\bin\EasyShare.exe

O4 - Global Startup: MA111 Configuration Utility.lnk = ?

O4 - Global Startup: Microsoft Office.lnk = C:\Program\Microsoft Office\Office10\OSA.EXE

O8 - Extra context menu item: &Windows Live Search - res://C:\Program\Windows Live Toolbar\msntb.dll/search.htm

O8 - Extra context menu item: Öppna på ny flik i bakgrunden - res://C:\Program\Windows Live Toolbar\Components\sv-se\msntabres.dll.mui/229?268389f268aa4c74b17a8243336b2c59

O8 - Extra context menu item: Öppna på ny flik i förgrunden - res://C:\Program\Windows Live Toolbar\Components\sv-se\msntabres.dll.mui/230?268389f268aa4c74b17a8243336b2c59

O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\Program\SPYWAR~1\tools\iesdpb.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O16 - DPF: {13EC55CF-D993-475B-9ACA-F4A384957956} (Controller Class) - https://www.windowsonecare.com/install/cli/1.1.1067.8/WinSSWebAgent.CAB

O17 - HKLM\System\CCS\Services\Tcpip\..\{BE382EA1-B1E6-4014-9B19-BFB28AAAD56E}: NameServer = 195.67.199.12 195.67.199.13

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program\MSNMES~1\MSGRAP~1.DLL

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: Automatisk LiveUpdate-schemaläggare - Symantec Corporation - C:\Program\Symantec\LiveUpdate\ALUSchedulerSvc.exe

O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program\Grisoft\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program\Delade filer\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)

O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program\Delade filer\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)

O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program\Delade filer\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)

O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\VAScanner\comHost.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program\Delade filer\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Symantec IS Verifiering av lösenord (ISPwdSvc) - Symantec Corporation - C:\Program\Norton Internet Security\isPwdSvc.exe

O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\Program\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program\Spyware Doctor\sdhelp.exe

O23 - Service: ServiceLayer - Nokia. - C:\Program\Delade filer\PCSuite\Services\ServiceLayer.exe

O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\CCPD-LC\symlcsvc.exe

O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\AppCore\AppSvc32.exe

O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\Program\COMMON~1\X10\Common\x10nets.exe

 

[/log]

 

Hej igen ! Tack för att du orkar med mig!

Nu verkar datorn lite mer stabil efter bort tagningen.

Det verkade som att w04a5db8.dll filen försvann oxo. Den har varit irriterande.

Datorn har haft en tendens att hänga sig ibland men det kanske är borta nu.

 

 

 

Link to comment
Share on other sites

Jag ser inget otrevligt i loggen i alla fall längre. Om datorn nu uppför sig bra och inga andra program hittar något så är det nog bra nu.

 

Här kommer mina vanliga råd för en säkrare dator, men det är så klart viktigt att man använder sitt förnuft också.

 

Uppdatera från Windows Update och kör antispionprogrammen AVG Anti-Spyware (Ewido), Spybot S&D och/eller Ad-aware regelbundet.

http://www.ewido.net/en/

http://www.safer-networking.org/en/download/index.html

http://www.lavasoft.com

 

Komplettera antivirusprogrammet med några online-skanningar då och då:

http://housecall.trendmicro.com/

http://www.bitdefender.com/scan8/ie.html

http://www.pandasoftware.com/products/activescan/

 

Använd en brandvägg (bättre än den inbyggda i XP), finns gratis från t ex ZoneLabs.

http://www.zonelabs.com/store/content/home.jsp

 

Om man använder Internet Explorer så kan det vara lämpligt att ha programmen SpywareBlaster och SpywareGuard, vilka hindrar en hel del otrevliga program från att laddas ner resp. köras:

http://www.javacoolsoftware.com

 

Se över säkerhetsinställningarna i Internet Explorer, det finns en hel del tips här:

http://www.spywarewarrior.com/uiuc/btw/ie/ie-opts.htm

 

Samt kör IE-SpyAd som lägger en hel massa otrevliga webbplatser i zonen Ej tillförlitliga i Internet Explorer så att de inte kan göra något med datorn:

http://www.spywarewarrior.com/uiuc/resource.htm

 

Om man byter webbläsare så är det bara SpywareGuard som behövs. Andra webbläsare är t ex Mozilla Firefox och Opera:

http://www.mozilla.org

http://www.opera.com

 

Allt gratis för hemanvändare/personligt bruk.

 

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.



×
×
  • Create New...