Just nu i M3-nätverket
Jump to content

startsidan ändras hela tiden! kan nån hjelpa mej??


monawar

Recommended Posts

hej när jag startar internet så är min startsida (securityfeature.com)

jag ändrar den hela tiden men den ändras tillbacka till samma jag har programet hijackthis men jag fattar inget, så om nån kan hjälp mej så vore jag tacksam

 

Link to comment
Share on other sites

menar du så här??

 

[log]

Logfile of HijackThis v1.99.1

Scan saved at 17:50:07, on 2006-11-20

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\brsvc01a.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\System32\brss01a.exe

C:\WINDOWS\Explorer.EXE

C:\Program\Bredbandsbolaget Security Services\Common\FSM32.EXE

C:\Program\Java\jre1.5.0_09\bin\jusched.exe

C:\Program\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe

C:\Program\Delade filer\Real\Update_OB\realsched.exe

C:\Program\MSN Messenger\msnmsgr.exe

C:\valve\steam\steam.exe

C:\Program\Delade filer\Teleca Shared\CapabilityManager.exe

C:\Program\BREDBA~1\backweb\1803213\Program\SERVIC~1.EXE

C:\WINDOWS\system32\Brmfrmps.exe

C:\WINDOWS\system32\cisvc.exe

C:\Program\Bredbandsbolaget Security Services\Anti-Virus\fsgk32st.exe

C:\Program\Bredbandsbolaget Security Services\Anti-Virus\FSGK32.EXE

C:\Program\Bredbandsbolaget Security Services\backweb\1803213\program\fsbwsys.exe

C:\Program\Bredbandsbolaget Security Services\Common\FSMA32.EXE

C:\Program\Delade filer\Teleca Shared\Generic.exe

C:\Program\Bredbandsbolaget Security Services\Anti-Virus\fssm32.exe

C:\Program\Bredbandsbolaget Security Services\Common\FSMB32.EXE

C:\WINDOWS\System32\nvsvc32.exe

C:\WINDOWS\System32\svchost.exe

C:\Program\Bredbandsbolaget Security Services\backweb\1803213\Program\fspex.exe

C:\Program\Sony Ericsson\Mobile\Mobile Phone Monitor\epmworker.exe

C:\Program\Bredbandsbolaget Security Services\Common\FCH32.EXE

C:\Program\Bredbandsbolaget Security Services\Common\FAMEH32.EXE

C:\Program\Bredbandsbolaget Security Services\Anti-Virus\fsrw.exe

C:\Program\Bredbandsbolaget Security Services\Anti-Virus\fsav32.exe

C:\Program\Bredbandsbolaget Security Services\FWES\Program\fsdfwd.exe

C:\Program\BREDBA~1\ANTI-S~1\fsaw.exe

C:\Program\Bredbandsbolaget Security Services\FSGUI\fsguidll.exe

C:\Program\Internet Explorer\iexplore.exe

C:\WINDOWS\system32\cidaemon.exe

C:\Program\Internet Explorer\iexplore.exe

C:\Program\Internet Explorer\iexplore.exe

C:\Documents and Settings\Ägaren\Mina dokument\HijackThis[1].exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.yahoo.com/ext/search/search.html'>http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr7/*http://www.yahoo.com/ext/search/search.html'>http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr7/*http://www.yahoo.com/ext/search/search.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr7/*http://www.yahoo.com/ext/search/search.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr7/*http://www.yahoo.com

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr7/*http://www.yahoo.com

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

O2 - BHO: Nothing - {4da4616d-7e6e-4fd9-a2d5-b6c535733e22} - C:\WINDOWS\System32\hp8B67.tmp

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program\Java\jre1.5.0_09\bin\ssv.dll

O3 - Toolbar: HP-vy - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program\HP\Digital Imaging\bin\hpdtlk02.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O4 - HKLM\..\Run: [Registry oidet] win32.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program\Bredbandsbolaget Security Services\Common\FSM32.EXE" /splash

O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program\Bredbandsbolaget Security Services\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW

O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program\Bredbandsbolaget Security Services\FSGUI\FSSW.EXE" /reboot

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program\Java\jre1.5.0_09\bin\jusched.exe"

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [sony Ericsson PC Suite] "C:\Program\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions

O4 - HKLM\..\Run: [TkBellExe] "C:\Program\Delade filer\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\RunServices: [Registry oidet] win32.exe

O4 - HKLM\..\RunServices: [Windows Help] Stney.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Program\MSN Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [steam] "c:\valve\steam\steam.exe" -silent

O4 - HKCU\..\Run: [backupNotify] c:\Program\HP\Digital Imaging\bin\backupnotify.exe

O4 - HKCU\..\Run: [Acme.PCHButton] C:\Program\HPPAVI~1\Pavilion\XPHWWBP4\plugin\bin\PCHButton.exe

O4 - Global Startup: Bredbandsbolaget Security Services.lnk = C:\Program\Bredbandsbolaget Security Services\backweb\1803213\Program\fspex.exe

O4 - Global Startup: Status Monitor.lnk = C:\Program\Brother\Brmfcmon\BrMfcWnd.exe

O8 - Extra context menu item: &Blockera detta popup-fönster - C:\Program\Bredbandsbolaget Security Services\Anti-Spyware\blockpopups.htm

O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~4\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_09\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_09\bin\ssv.dll

O9 - Extra button: IE-sköld - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program\Bredbandsbolaget Security Services\Anti-Spyware\ieshield.dll

O9 - Extra 'Tools' menuitem: IE-sköld... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program\Bredbandsbolaget Security Services\Anti-Spyware\ieshield.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\MSMSGS.EXE

O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\MSMSGS.EXE

O16 - DPF: {1538D4E0-B2C4-402D-B71A-BA6A04BC7A5D} (PictureChooser.picChooser) - http://direct.fotomenyn.com/direct/PictureChooser.cab

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program\Yahoo!\Common\yinsthelper.dll

O16 - DPF: {33331111-1111-1111-1111-611111193458} - file://c:\ex.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by110fd.bay110.hotmail.msn.com/resources/MsnPUpld.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1135545113156

O16 - DPF: {64311111-1111-1121-1111-111191113457} - file://c:\eied_s7.cab

O16 - DPF: {65F77758-B822-45FB-8F0C-08E85705EC4A} (Upload.ctlUpload) - http://direct.fotomenyn.com/direct/upload.cab

O16 - DPF: {6924091F-CD97-41E1-B1D4-D9079409D413} (IMCv1 Control) - http://64.38.18.6/talk.cab

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab

O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\Program\MSNMES~1\msgrapp.dll" (file missing)

O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll

O21 - SSODL: System - {418B69B4-5BE7-4E67-AC9E-2B3811FDA01C} - dgflib.dll (file missing)

O23 - Service: Bredbandsbolaget Security Services (BackWeb Plug-in - 1803213) - BackWeb Technologies Inc. - C:\Program\BREDBA~1\backweb\1803213\Program\SERVIC~1.EXE

O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Unknown owner - C:\WINDOWS\system32\Brmfrmps.exe" -service (file missing)

O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\System32\brsvc01a.exe

O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corp. - C:\Program\Bredbandsbolaget Security Services\Anti-Virus\fsgk32st.exe

O23 - Service: fsbwsys - F-Secure Corp. - C:\Program\Bredbandsbolaget Security Services\backweb\1803213\program\fsbwsys.exe

O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program\Bredbandsbolaget Security Services\FWES\Program\fsdfwd.exe

O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program\Bredbandsbolaget Security Services\Common\FSMA32.EXE

O23 - Service: MSSQL$SONY_MEDIAMGR - Unknown owner - C:\Program\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe (file missing)

O23 - Service: MSSQLServerADHelper - Unknown owner - C:\Program\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe (file missing)

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

O23 - Service: SQLAgent$SONY_MEDIAMGR - Unknown owner - C:\Program\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlagent.EXE (file missing)

O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

 

[/log]

 

 

 

Link to comment
Share on other sites

Stefan Eklinder

 

 

Tråden flyttad till Virus - Antivirus

 

 

---

C:\Eforum\Stefan Eklinder> moderator Internet - övrigt|

 

"Om allt verkar gå bra, måste du ha missat något."

 

- Steven Wright

 

 

 

Link to comment
Share on other sites

här är loggen och jag undrar om nån kan hjälpa mej??

för nu har det börjat komma upp att jag har massor av trojaner och grejer

säger f-secure och ja, här är loggen från hijackthis

[log]Logfile of HijackThis v1.99.1

Scan saved at 21:11:48, on 2006-11-20

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\brsvc01a.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\System32\brss01a.exe

C:\WINDOWS\Explorer.EXE

C:\Program\Bredbandsbolaget Security Services\Common\FSM32.EXE

C:\Program\Java\jre1.5.0_09\bin\jusched.exe

C:\Program\Delade filer\Real\Update_OB\realsched.exe

C:\Program\MSN Messenger\msnmsgr.exe

C:\Program\BREDBA~1\backweb\1803213\Program\SERVIC~1.EXE

C:\WINDOWS\system32\Brmfrmps.exe

C:\WINDOWS\system32\cisvc.exe

C:\Program\Bredbandsbolaget Security Services\Anti-Virus\fsgk32st.exe

C:\Program\Bredbandsbolaget Security Services\Anti-Virus\FSGK32.EXE

C:\Program\Bredbandsbolaget Security Services\backweb\1803213\program\fsbwsys.exe

C:\Program\Bredbandsbolaget Security Services\Common\FSMA32.EXE

C:\Program\Delade filer\Teleca Shared\Generic.exe

C:\Program\Bredbandsbolaget Security Services\Anti-Virus\fssm32.exe

C:\Program\Bredbandsbolaget Security Services\Common\FSMB32.EXE

C:\WINDOWS\System32\nvsvc32.exe

C:\WINDOWS\System32\svchost.exe

C:\Program\Bredbandsbolaget Security Services\backweb\1803213\Program\fspex.exe

C:\Program\Sony Ericsson\Mobile\Mobile Phone Monitor\epmworker.exe

C:\Program\Bredbandsbolaget Security Services\Common\FCH32.EXE

C:\Program\Bredbandsbolaget Security Services\Common\FAMEH32.EXE

C:\Program\Bredbandsbolaget Security Services\Anti-Virus\fsrw.exe

C:\Program\Bredbandsbolaget Security Services\Anti-Virus\fsav32.exe

C:\Program\Bredbandsbolaget Security Services\FWES\Program\fsdfwd.exe

C:\Program\BREDBA~1\ANTI-S~1\fsaw.exe

C:\Program\Bredbandsbolaget Security Services\FSGUI\fsguidll.exe

C:\WINDOWS\system32\cidaemon.exe

C:\Program\BitComet\BitComet.exe

C:\Program\Internet Explorer\iexplore.exe

C:\Program\Internet Explorer\iexplore.exe

C:\Program\Hijackthis\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.yahoo.com/ext/search/search.html'>http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr7/*http://www.yahoo.com/ext/search/search.html'>http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr7/*http://www.yahoo.com/ext/search/search.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr7/*http://www.yahoo.com/ext/search/search.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr7/*http://www.yahoo.com

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr7/*http://www.yahoo.com

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

O2 - BHO: Nothing - {4da4616d-7e6e-4fd9-a2d5-b6c535733e22} - C:\WINDOWS\System32\hp8B67.tmp

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program\Java\jre1.5.0_09\bin\ssv.dll

O3 - Toolbar: HP-vy - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program\HP\Digital Imaging\bin\hpdtlk02.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O4 - HKLM\..\Run: [Registry oidet] win32.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program\Bredbandsbolaget Security Services\Common\FSM32.EXE" /splash

O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program\Bredbandsbolaget Security Services\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW

O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program\Bredbandsbolaget Security Services\FSGUI\FSSW.EXE" /reboot

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program\Java\jre1.5.0_09\bin\jusched.exe"

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [sony Ericsson PC Suite] "C:\Program\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions

O4 - HKLM\..\Run: [TkBellExe] "C:\Program\Delade filer\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\RunServices: [Registry oidet] win32.exe

O4 - HKLM\..\RunServices: [Windows Help] Stney.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Program\MSN Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [steam] "c:\valve\steam\steam.exe" -silent

O4 - HKCU\..\Run: [backupNotify] c:\Program\HP\Digital Imaging\bin\backupnotify.exe

O4 - HKCU\..\Run: [Acme.PCHButton] C:\Program\HPPAVI~1\Pavilion\XPHWWBP4\plugin\bin\PCHButton.exe

O4 - Global Startup: Bredbandsbolaget Security Services.lnk = C:\Program\Bredbandsbolaget Security Services\backweb\1803213\Program\fspex.exe

O4 - Global Startup: Status Monitor.lnk = C:\Program\Brother\Brmfcmon\BrMfcWnd.exe

O8 - Extra context menu item: &Blockera detta popup-fönster - C:\Program\Bredbandsbolaget Security Services\Anti-Spyware\blockpopups.htm

O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~4\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_09\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_09\bin\ssv.dll

O9 - Extra button: IE-sköld - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program\Bredbandsbolaget Security Services\Anti-Spyware\ieshield.dll

O9 - Extra 'Tools' menuitem: IE-sköld... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program\Bredbandsbolaget Security Services\Anti-Spyware\ieshield.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\MSMSGS.EXE

O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\MSMSGS.EXE

O16 - DPF: {1538D4E0-B2C4-402D-B71A-BA6A04BC7A5D} (PictureChooser.picChooser) - http://direct.fotomenyn.com/direct/PictureChooser.cab

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program\Yahoo!\Common\yinsthelper.dll

O16 - DPF: {33331111-1111-1111-1111-611111193458} - file://c:\ex.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by110fd.bay110.hotmail.msn.com/resources/MsnPUpld.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1135545113156

O16 - DPF: {64311111-1111-1121-1111-111191113457} - file://c:\eied_s7.cab

O16 - DPF: {65F77758-B822-45FB-8F0C-08E85705EC4A} (Upload.ctlUpload) - http://direct.fotomenyn.com/direct/upload.cab

O16 - DPF: {6924091F-CD97-41E1-B1D4-D9079409D413} (IMCv1 Control) - http://64.38.18.6/talk.cab

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab

O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\Program\MSNMES~1\msgrapp.dll" (file missing)

O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll

O21 - SSODL: System - {418B69B4-5BE7-4E67-AC9E-2B3811FDA01C} - dgflib.dll (file missing)

O23 - Service: Bredbandsbolaget Security Services (BackWeb Plug-in - 1803213) - BackWeb Technologies Inc. - C:\Program\BREDBA~1\backweb\1803213\Program\SERVIC~1.EXE

O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Unknown owner - C:\WINDOWS\system32\Brmfrmps.exe" -service (file missing)

O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\System32\brsvc01a.exe

O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corp. - C:\Program\Bredbandsbolaget Security Services\Anti-Virus\fsgk32st.exe

O23 - Service: fsbwsys - F-Secure Corp. - C:\Program\Bredbandsbolaget Security Services\backweb\1803213\program\fsbwsys.exe

O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program\Bredbandsbolaget Security Services\FWES\Program\fsdfwd.exe

O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program\Bredbandsbolaget Security Services\Common\FSMA32.EXE

O23 - Service: MSSQL$SONY_MEDIAMGR - Unknown owner - C:\Program\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe (file missing)

O23 - Service: MSSQLServerADHelper - Unknown owner - C:\Program\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe (file missing)

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

O23 - Service: SQLAgent$SONY_MEDIAMGR - Unknown owner - C:\Program\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlagent.EXE (file missing)

O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

 

[/log]

 

Link to comment
Share on other sites

Använd inte fildelningsprogram som BitComet när datorn är infekterad, det är så lätt att det sprids vidare eller att mer kommer in den vägen då.

 

Du har en mask i datorn som spids via fildelningsprogram och dåligt uppdaterade datorer, den öppnar en bakdörr till datorn så att andra kan komma åt din dator, håll därför internetanslutningen urdragen så mycket som möjligt tills datorn är ren.

 

Ladda ner programmet SmitfraudFix (by S!Ri) till Skrivbordet:

http://siri.urz.free.fr/Fix/SmitfraudFix.zip

Högerklicka och extrahera allt innehåll till Skrivbordet. En mapp SmitfraudFix kommer att skapas.

 

Öppna SmitfraudFix-mappen och dubbelklicka på smitfraudfix.cmd.

Välj alternativ #1 - Search genom att trycka på 1 och Enter.

Programmet kommer att skanna igenom datorn.

När den är klart visas resultatet och programmet har skapat loggfilen C:\rapport.txt.

 

Klistra in innehållet i loggfilen i ditt svar här.

 

Gör inget annat med SmitfraudFix-mappen eller smitfraudfix.cmd.

 

Link to comment
Share on other sites

så----

[log]

SmitFraudFix v2.123

 

Scan done at 20:26:50,32, 2006-11-21

Run from C:\unzipped\SmitfraudFix\SmitfraudFix

OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT

Fix run in normal mode

 

»»»»»»»»»»»»»»»»»»»»»»»» C:

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

 

C:\WINDOWS\system32\hp????.tmp FOUND !

C:\WINDOWS\system32\ld????.tmp FOUND !

C:\WINDOWS\system32\ncompat.tlb FOUND !

C:\WINDOWS\system32\ot.ico FOUND !

C:\WINDOWS\system32\ts.ico FOUND !

C:\WINDOWS\system32\1024\ FOUND !

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Žgaren

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Žgaren\Application Data

 

C:\Documents and Settings\Žgaren\Application Data\Install.dat FOUND !

 

»»»»»»»»»»»»»»»»»»»»»»»» Start Menu

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\GAREN~1\FAVORI~1

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Desktop

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\Program

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]

"Source"="About:Home"

"SubscribedURL"="About:Home"

"FriendlyName"="Min aktuella startsida"

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler

!!!Attention, following keys are not inevitably infected!!!

 

SrchSTS.exe by S!Ri

Search SharedTaskScheduler's .dll

 

 

»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs

!!!Attention, following keys are not inevitably infected!!!

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"AppInit_DLLs"=""

 

 

»»»»»»»»»»»»»»»»»»»»»»»» pe386-msguard-lzx32

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection

 

 

»»»»»»»»»»»»»»»»»»»»»»»» End

 

[/log]

 

Link to comment
Share on other sites

Starta om datorn i felsäkert läge genom att trycka F8 upprepade gånger under uppstarten och välja Felsäkert i menyn.

 

Öppna SmitfraudFix-mappen och dubbelklicka på smitfraudfix.cmd för att starta programmet.

Välj alternativ #2 genom att trycka 2 och Enter.

Vänta på att verktyget blir klart och diskrensningen avslutas.

Under tiden så kommer det en fråga om du vill rensa registret (clean the registry) svara ja (Yes) genom att trycka Y och Enter.

 

Om datorn inte startar om av sig själv så gör du det.

Även denna gång ska det vara felsäkert läge.

 

Kontrollpanelen - Internet-alternativ - Allmänt - Ta bort filer, kryssa i rutan - OK

Sedan på fliken Program, välj Återställ webbinställningar. Verkställ - OK

 

Kontrollpanelen - Bildskärm - Skrivbord - Anpassa skrivbordet - Webb

Om det finns något med Security info eller liknande så Ta bort det.

OK - Verkställ - OK

 

Starta om datorn i normalt läge.

 

I ditt svar så klistra in den nyss skapade C:\rapport.txt och en ny HijackThis-logg.

 

Link to comment
Share on other sites

[log]

Logfile of HijackThis v1.99.1

Scan saved at 15:56:55, on 2006-11-22

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\brsvc01a.exe

C:\WINDOWS\System32\brss01a.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Program\Bredbandsbolaget Security Services\Common\FSM32.EXE

C:\Program\Java\jre1.5.0_09\bin\jusched.exe

C:\Program\Delade filer\Real\Update_OB\realsched.exe

C:\valve\steam\steam.exe

C:\Program\Delade filer\Teleca Shared\CapabilityManager.exe

C:\Program\Delade filer\Teleca Shared\Generic.exe

C:\Program\Sony Ericsson\Mobile\Mobile Phone Monitor\epmworker.exe

C:\Program\BREDBA~1\backweb\1803213\Program\SERVIC~1.EXE

C:\WINDOWS\system32\Brmfrmps.exe

C:\WINDOWS\system32\cisvc.exe

C:\Program\Bredbandsbolaget Security Services\Anti-Virus\fsgk32st.exe

C:\Program\Bredbandsbolaget Security Services\Anti-Virus\FSGK32.EXE

C:\Program\Bredbandsbolaget Security Services\backweb\1803213\program\fsbwsys.exe

C:\Program\Bredbandsbolaget Security Services\Common\FSMA32.EXE

C:\Program\Bredbandsbolaget Security Services\Anti-Virus\fssm32.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\Program\Bredbandsbolaget Security Services\Common\FSMB32.EXE

C:\Program\Bredbandsbolaget Security Services\backweb\1803213\Program\fspex.exe

C:\Program\Bredbandsbolaget Security Services\Common\FCH32.EXE

C:\WINDOWS\System32\svchost.exe

C:\Program\Bredbandsbolaget Security Services\Common\FAMEH32.EXE

C:\Program\Bredbandsbolaget Security Services\Anti-Virus\fsav32.exe

C:\Program\Bredbandsbolaget Security Services\Anti-Virus\fsrw.exe

C:\Program\Bredbandsbolaget Security Services\FWES\Program\fsdfwd.exe

C:\Program\BREDBA~1\ANTI-S~1\fsaw.exe

C:\Program\Bredbandsbolaget Security Services\FSGUI\fsguidll.exe

C:\WINDOWS\System32\wuauclt.exe

C:\Program\Internet Explorer\iexplore.exe

C:\Program\Hijackthis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program\Java\jre1.5.0_09\bin\ssv.dll

O3 - Toolbar: HP-vy - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program\HP\Digital Imaging\bin\hpdtlk02.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O4 - HKLM\..\Run: [Registry oidet] win32.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program\Bredbandsbolaget Security Services\Common\FSM32.EXE" /splash

O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program\Bredbandsbolaget Security Services\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW

O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program\Bredbandsbolaget Security Services\FSGUI\FSSW.EXE" /reboot

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program\Java\jre1.5.0_09\bin\jusched.exe"

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [sony Ericsson PC Suite] "C:\Program\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions

O4 - HKLM\..\Run: [TkBellExe] "C:\Program\Delade filer\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\RunServices: [Registry oidet] win32.exe

O4 - HKLM\..\RunServices: [Windows Help] Stney.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Program\MSN Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [steam] "c:\valve\steam\steam.exe" -silent

O4 - HKCU\..\Run: [backupNotify] c:\Program\HP\Digital Imaging\bin\backupnotify.exe

O4 - HKCU\..\Run: [Acme.PCHButton] C:\Program\HPPAVI~1\Pavilion\XPHWWBP4\plugin\bin\PCHButton.exe

O4 - Global Startup: Bredbandsbolaget Security Services.lnk = C:\Program\Bredbandsbolaget Security Services\backweb\1803213\Program\fspex.exe

O4 - Global Startup: Status Monitor.lnk = C:\Program\Brother\Brmfcmon\BrMfcWnd.exe

O8 - Extra context menu item: &Blockera detta popup-fönster - C:\Program\Bredbandsbolaget Security Services\Anti-Spyware\blockpopups.htm

O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~4\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_09\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_09\bin\ssv.dll

O9 - Extra button: IE-sköld - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program\Bredbandsbolaget Security Services\Anti-Spyware\ieshield.dll

O9 - Extra 'Tools' menuitem: IE-sköld... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program\Bredbandsbolaget Security Services\Anti-Spyware\ieshield.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\MSMSGS.EXE

O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\MSMSGS.EXE

O16 - DPF: {1538D4E0-B2C4-402D-B71A-BA6A04BC7A5D} (PictureChooser.picChooser) - http://direct.fotomenyn.com/direct/PictureChooser.cab

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program\Yahoo!\Common\yinsthelper.dll

O16 - DPF: {33331111-1111-1111-1111-611111193458} - file://c:\ex.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by110fd.bay110.hotmail.msn.com/resources/MsnPUpld.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1135545113156

O16 - DPF: {64311111-1111-1121-1111-111191113457} - file://c:\eied_s7.cab

O16 - DPF: {65F77758-B822-45FB-8F0C-08E85705EC4A} (Upload.ctlUpload) - http://direct.fotomenyn.com/direct/upload.cab

O16 - DPF: {6924091F-CD97-41E1-B1D4-D9079409D413} (IMCv1 Control) - http://64.38.18.6/talk.cab

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab

O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\Program\MSNMES~1\msgrapp.dll" (file missing)

O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll

O21 - SSODL: System - {418B69B4-5BE7-4E67-AC9E-2B3811FDA01C} - dgflib.dll (file missing)

O23 - Service: Bredbandsbolaget Security Services (BackWeb Plug-in - 1803213) - BackWeb Technologies Inc. - C:\Program\BREDBA~1\backweb\1803213\Program\SERVIC~1.EXE

O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Unknown owner - C:\WINDOWS\system32\Brmfrmps.exe" -service (file missing)

O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\System32\brsvc01a.exe

O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corp. - C:\Program\Bredbandsbolaget Security Services\Anti-Virus\fsgk32st.exe

O23 - Service: fsbwsys - F-Secure Corp. - C:\Program\Bredbandsbolaget Security Services\backweb\1803213\program\fsbwsys.exe

O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program\Bredbandsbolaget Security Services\FWES\Program\fsdfwd.exe

O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program\Bredbandsbolaget Security Services\Common\FSMA32.EXE

O23 - Service: MSSQL$SONY_MEDIAMGR - Unknown owner - C:\Program\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe (file missing)

O23 - Service: MSSQLServerADHelper - Unknown owner - C:\Program\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe (file missing)

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

O23 - Service: SQLAgent$SONY_MEDIAMGR - Unknown owner - C:\Program\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlagent.EXE (file missing)

O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

 

[/log]

 

Link to comment
Share on other sites

Skanna med HijackThis och bocka för:

 

O4 - HKLM\..\RunServices: [Registry oidet] win32.exe

O4 - HKLM\..\RunServices: [Windows Help] Stney.exe

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program\Yahoo!\Common\yinsthelper.dll

O16 - DPF: {33331111-1111-1111-1111-611111193458} - file://c:\ex.cab

O16 - DPF: {64311111-1111-1121-1111-111191113457} - file://c:\eied_s7.cab

O16 - DPF: {6924091F-CD97-41E1-B1D4-D9079409D413} (IMCv1 Control) - http://64.38.18.6/talk.cab

O21 - SSODL: System - {418B69B4-5BE7-4E67-AC9E-2B3811FDA01C} - dgflib.dll (file missing)

 

Avsluta alla andra program.

Tryck Fix checked.

 

Starta om datorn i felsäkert läge (tryck F8 upprepade gånger under uppstarten och välj felsäkert läge i menyn).

 

Ställ in Utforskaren så att du kan se alla filer:

Verktyg - (Mapp)alternativ eller liknande - Visning

Välj Visa dolda filer och mappar

Avbocka Dölj filnamnstillägg för kända filtyper

Avbocka Dölj skyddade operativsystemfiler

 

Ta bort filerna (om de finns kvar):

c:\eied_s7.cab

c:\ex.cab

win32.exe

Stney.exe

Titta i mapparna C:\WINDOWS\System32 och C:\WINDOWS

 

Starta om i normalt läge och så en ny HijackThis-logg.

 

Link to comment
Share on other sites

jag hittade inte dom där filerna som står däruppe men, här är loggen

[log]

Logfile of HijackThis v1.99.1

Scan saved at 17:10:15, on 2006-11-23

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\brsvc01a.exe

C:\WINDOWS\System32\brss01a.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Program\Bredbandsbolaget Security Services\Common\FSM32.EXE

C:\Program\Java\jre1.5.0_09\bin\jusched.exe

C:\Program\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe

C:\Program\Delade filer\Real\Update_OB\realsched.exe

C:\Program\MSN Messenger\msnmsgr.exe

C:\valve\steam\steam.exe

C:\Program\Delade filer\Teleca Shared\CapabilityManager.exe

C:\Program\Delade filer\Teleca Shared\Generic.exe

C:\Program\Sony Ericsson\Mobile\Mobile Phone Monitor\epmworker.exe

C:\Program\BREDBA~1\backweb\1803213\Program\SERVIC~1.EXE

C:\WINDOWS\system32\Brmfrmps.exe

C:\WINDOWS\system32\cisvc.exe

C:\Program\Bredbandsbolaget Security Services\Anti-Virus\fsgk32st.exe

C:\Program\Bredbandsbolaget Security Services\Anti-Virus\FSGK32.EXE

C:\Program\Bredbandsbolaget Security Services\backweb\1803213\program\fsbwsys.exe

C:\Program\Bredbandsbolaget Security Services\Common\FSMA32.EXE

C:\Program\Bredbandsbolaget Security Services\Anti-Virus\fssm32.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\Program\Bredbandsbolaget Security Services\Common\FSMB32.EXE

C:\Program\Bredbandsbolaget Security Services\backweb\1803213\Program\fspex.exe

C:\WINDOWS\System32\svchost.exe

C:\Program\Bredbandsbolaget Security Services\Common\FCH32.EXE

C:\Program\Bredbandsbolaget Security Services\Common\FAMEH32.EXE

C:\Program\Bredbandsbolaget Security Services\Anti-Virus\fsrw.exe

C:\Program\Bredbandsbolaget Security Services\Anti-Virus\fsav32.exe

C:\Program\Bredbandsbolaget Security Services\FWES\Program\fsdfwd.exe

C:\Program\BREDBA~1\ANTI-S~1\fsaw.exe

C:\Program\Bredbandsbolaget Security Services\FSGUI\fsguidll.exe

C:\Program\Internet Explorer\iexplore.exe

C:\WINDOWS\System32\wuauclt.exe

C:\Program\Hijackthis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.se/

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program\Java\jre1.5.0_09\bin\ssv.dll

O3 - Toolbar: HP-vy - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program\HP\Digital Imaging\bin\hpdtlk02.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O4 - HKLM\..\Run: [Registry oidet] win32.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program\Bredbandsbolaget Security Services\Common\FSM32.EXE" /splash

O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program\Bredbandsbolaget Security Services\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW

O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program\Bredbandsbolaget Security Services\FSGUI\FSSW.EXE" /reboot

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program\Java\jre1.5.0_09\bin\jusched.exe"

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [sony Ericsson PC Suite] "C:\Program\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions

O4 - HKLM\..\Run: [TkBellExe] "C:\Program\Delade filer\Real\Update_OB\realsched.exe" -osboot

O4 - HKCU\..\Run: [msnmsgr] "C:\Program\MSN Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [steam] "c:\valve\steam\steam.exe" -silent

O4 - HKCU\..\Run: [backupNotify] c:\Program\HP\Digital Imaging\bin\backupnotify.exe

O4 - HKCU\..\Run: [Acme.PCHButton] C:\Program\HPPAVI~1\Pavilion\XPHWWBP4\plugin\bin\PCHButton.exe

O4 - Global Startup: Bredbandsbolaget Security Services.lnk = C:\Program\Bredbandsbolaget Security Services\backweb\1803213\Program\fspex.exe

O4 - Global Startup: Status Monitor.lnk = C:\Program\Brother\Brmfcmon\BrMfcWnd.exe

O8 - Extra context menu item: &Blockera detta popup-fönster - C:\Program\Bredbandsbolaget Security Services\Anti-Spyware\blockpopups.htm

O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~4\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_09\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_09\bin\ssv.dll

O9 - Extra button: IE-sköld - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program\Bredbandsbolaget Security Services\Anti-Spyware\ieshield.dll

O9 - Extra 'Tools' menuitem: IE-sköld... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program\Bredbandsbolaget Security Services\Anti-Spyware\ieshield.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\MSMSGS.EXE

O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\MSMSGS.EXE

O16 - DPF: {1538D4E0-B2C4-402D-B71A-BA6A04BC7A5D} (PictureChooser.picChooser) - http://direct.fotomenyn.com/direct/PictureChooser.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by110fd.bay110.hotmail.msn.com/resources/MsnPUpld.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1135545113156

O16 - DPF: {65F77758-B822-45FB-8F0C-08E85705EC4A} (Upload.ctlUpload) - http://direct.fotomenyn.com/direct/upload.cab

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab

O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\Program\MSNMES~1\msgrapp.dll" (file missing)

O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll

O23 - Service: Bredbandsbolaget Security Services (BackWeb Plug-in - 1803213) - BackWeb Technologies Inc. - C:\Program\BREDBA~1\backweb\1803213\Program\SERVIC~1.EXE

O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Unknown owner - C:\WINDOWS\system32\Brmfrmps.exe" -service (file missing)

O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\System32\brsvc01a.exe

O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corp. - C:\Program\Bredbandsbolaget Security Services\Anti-Virus\fsgk32st.exe

O23 - Service: fsbwsys - F-Secure Corp. - C:\Program\Bredbandsbolaget Security Services\backweb\1803213\program\fsbwsys.exe

O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program\Bredbandsbolaget Security Services\FWES\Program\fsdfwd.exe

O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program\Bredbandsbolaget Security Services\Common\FSMA32.EXE

O23 - Service: MSSQL$SONY_MEDIAMGR - Unknown owner - C:\Program\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe (file missing)

O23 - Service: MSSQLServerADHelper - Unknown owner - C:\Program\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe (file missing)

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

O23 - Service: SQLAgent$SONY_MEDIAMGR - Unknown owner - C:\Program\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlagent.EXE (file missing)

O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

 

[/log]

 

Link to comment
Share on other sites

ehh jag håller på att scanna hela datorn med där progRAMMET?

ochså plötsligt stängs f-secure av och de kommer upp en varning att nån fil var tvungen att ändra nam

aa,men hur somehlest raportenn kommer snart

 

 

Link to comment
Share on other sites

Det är svårare för AVG AntiSpyware att plocka bort de otrevligheter den hittar om det är normalt läge. Men vi kan ju se hur det går i alla fall.

 

Link to comment
Share on other sites

här

[log]

---------------------------------------------------------

AVG Anti-Spyware - Scan Report

---------------------------------------------------------

 

+ Created at: 17:48:13 2006-11-24

 

+ Scan result:

 

 

 

C:\WINDOWS\Sngsh33.0ll -> Adware.AdBlaster : No action taken.

C:\Documents and Settings\Default User\Lokala inställningar\Temp\__unin__.exe -> Adware.Altnet : No action taken.

C:\Program\Bredbandsbolaget Security Services\FWES\program\__delete_on_reboot__f_s_d_f_w_d_._e_x_e_ -> Adware.Gator : No action taken.

C:\System Volume Information\_restore{2BC35477-68FF-4CB0-A8A2-E7170F1B8F7B}\RP459\A0069303.exe -> Adware.Gator : No action taken.

C:\WINDOWS\system\UpdInstall.exe -> Adware.Look2Me : No action taken.

C:\Program\Delade filer\Real\WeatherBug\MiniBugTransporter.dll -> Adware.Minibug : No action taken.

C:\Program\NewDotNet -> Adware.NewDotNet : No action taken.

C:\Program\NewDotNet\newdotnet6_98.dll -> Adware.NewDotNet : No action taken.

C:\Program\NewDotNet\readme.html -> Adware.NewDotNet : No action taken.

C:\Program\NewDotNet\uninstall6_38.exe -> Adware.NewDotNet : No action taken.

C:\Program\NewDotNet\uninstall6_98.exe -> Adware.NewDotNet : No action taken.

C:\WINDOWS\NDNuninstall6_22.exe -> Adware.NewDotNet : No action taken.

C:\WINDOWS\NDNuninstall6_30.exe -> Adware.NewDotNet : No action taken.

C:\WINDOWS\NDNuninstall6_98.exe -> Adware.NewDotNet : No action taken.

C:\Program\Yahoo!\Messenger\ycomp.dll -> Adware.Yahoo : No action taken.

C:\RECYCLER\S-1-5-18\Dc298.0xe -> Backdoor.SdBot : No action taken.

C:\Documents and Settings\Default User\Lokala inställningar\Temp\xbox game copy (FULL WEBINSTALLER).rar/install.exe -> Dialer.Generic : No action taken.

C:\Documents and Settings\Default User\Mina dokument\backtash.zip/xbox game copy (FULL WEBINSTALLER).rar/install.exe -> Dialer.Generic : No action taken.

C:\WINDOWS\system32\actskn45.ocx -> Downloader.IstBar : No action taken.

C:\WINDOWS\system32\mstmp.html -> Downloader.Psyme.bd : No action taken.

C:\Documents and Settings\Default User\Lokala inställningar\Temp\ImInstaller\IncrediMail\imloader.exe -> Not-A-Virus.Downloader.Win32.ImLoader.b : No action taken.

C:\Documents and Settings\LocalService\Lokala inställningar\Temporary Internet Files\Content.IE5\5GT1ZLXF\send_ocx_sof[2].htm -> Not-A-Virus.Exploit.HTML.CodeBaseExec : No action taken.

C:\Documents and Settings\LocalService\Cookies\system@ads18.bpath[2].txt -> TrackingCookie.Bpath : No action taken.

C:\Documents and Settings\LocalService\Cookies\system@com[2].txt -> TrackingCookie.Com : No action taken.

C:\Documents and Settings\LocalService\Cookies\system@download.com[2].txt -> TrackingCookie.Com : No action taken.

C:\Documents and Settings\LocalService\Cookies\system@c.enhance[1].txt -> TrackingCookie.Enhance : No action taken.

C:\Documents and Settings\LocalService\Cookies\system@ivwbox[1].txt -> TrackingCookie.Ivwbox : No action taken.

C:\Documents and Settings\LocalService\Cookies\system@yadro[2].txt -> TrackingCookie.Yadro : No action taken.

 

 

::Report end[/log]

 

 

[log]

Logfile of HijackThis v1.99.1

Scan saved at 18:18:50, on 2006-11-24

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\brsvc01a.exe

C:\WINDOWS\System32\brss01a.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Program\Java\jre1.5.0_09\bin\jusched.exe

C:\Program\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe

C:\Program\Delade filer\Real\Update_OB\realsched.exe

C:\Program\MSN Messenger\msnmsgr.exe

C:\valve\steam\steam.exe

C:\Program\Delade filer\Teleca Shared\CapabilityManager.exe

C:\Program\BREDBA~1\backweb\1803213\Program\SERVIC~1.EXE

C:\WINDOWS\system32\Brmfrmps.exe

C:\WINDOWS\system32\cisvc.exe

C:\Program\Bredbandsbolaget Security Services\Anti-Virus\fsgk32st.exe

C:\Program\Bredbandsbolaget Security Services\Anti-Virus\FSGK32.EXE

C:\Program\Bredbandsbolaget Security Services\backweb\1803213\program\fsbwsys.exe

C:\Program\Bredbandsbolaget Security Services\Anti-Virus\fssm32.exe

C:\Program\Bredbandsbolaget Security Services\Common\FSMA32.EXE

C:\Program\Bredbandsbolaget Security Services\Common\FSMB32.EXE

C:\WINDOWS\System32\nvsvc32.exe

C:\WINDOWS\System32\svchost.exe

C:\Program\Delade filer\Teleca Shared\Generic.exe

C:\Program\Bredbandsbolaget Security Services\backweb\1803213\Program\fspex.exe

C:\Program\Sony Ericsson\Mobile\Mobile Phone Monitor\epmworker.exe

C:\Program\Bredbandsbolaget Security Services\Common\FCH32.EXE

C:\Program\Bredbandsbolaget Security Services\Common\FAMEH32.EXE

C:\Program\Bredbandsbolaget Security Services\Anti-Virus\fsrw.exe

C:\Program\Bredbandsbolaget Security Services\Anti-Virus\fsav32.exe

C:\Program\BREDBA~1\ANTI-S~1\fsaw.exe

C:\Program\Bredbandsbolaget Security Services\FSGUI\fsguidll.exe

C:\Program\Grisoft\AVG Anti-Spyware 7.5\guard.exe

C:\Program\Grisoft\AVG Anti-Spyware 7.5\avgas.exe

C:\WINDOWS\system32\cidaemon.exe

C:\Program\Internet Explorer\iexplore.exe

C:\Program\Hijackthis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.se/

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program\Java\jre1.5.0_09\bin\ssv.dll

O3 - Toolbar: HP-vy - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program\HP\Digital Imaging\bin\hpdtlk02.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O4 - HKLM\..\Run: [Registry oidet] win32.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program\Bredbandsbolaget Security Services\Common\FSM32.EXE" /splash

O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program\Bredbandsbolaget Security Services\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW

O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program\Bredbandsbolaget Security Services\FSGUI\FSSW.EXE" /reboot

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program\Java\jre1.5.0_09\bin\jusched.exe"

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [sony Ericsson PC Suite] "C:\Program\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions

O4 - HKLM\..\Run: [TkBellExe] "C:\Program\Delade filer\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized

O4 - HKCU\..\Run: [msnmsgr] "C:\Program\MSN Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [steam] "c:\valve\steam\steam.exe" -silent

O4 - HKCU\..\Run: [backupNotify] c:\Program\HP\Digital Imaging\bin\backupnotify.exe

O4 - HKCU\..\Run: [Acme.PCHButton] C:\Program\HPPAVI~1\Pavilion\XPHWWBP4\plugin\bin\PCHButton.exe

O4 - Global Startup: Bredbandsbolaget Security Services.lnk = C:\Program\Bredbandsbolaget Security Services\backweb\1803213\Program\fspex.exe

O4 - Global Startup: Status Monitor.lnk = C:\Program\Brother\Brmfcmon\BrMfcWnd.exe

O8 - Extra context menu item: &Blockera detta popup-fönster - C:\Program\Bredbandsbolaget Security Services\Anti-Spyware\blockpopups.htm

O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~4\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_09\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_09\bin\ssv.dll

O9 - Extra button: IE-sköld - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program\Bredbandsbolaget Security Services\Anti-Spyware\ieshield.dll

O9 - Extra 'Tools' menuitem: IE-sköld... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program\Bredbandsbolaget Security Services\Anti-Spyware\ieshield.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\MSMSGS.EXE

O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\MSMSGS.EXE

O16 - DPF: {1538D4E0-B2C4-402D-B71A-BA6A04BC7A5D} (PictureChooser.picChooser) - http://direct.fotomenyn.com/direct/PictureChooser.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by110fd.bay110.hotmail.msn.com/resources/MsnPUpld.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1135545113156

O16 - DPF: {65F77758-B822-45FB-8F0C-08E85705EC4A} (Upload.ctlUpload) - http://direct.fotomenyn.com/direct/upload.cab

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab

O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\Program\MSNMES~1\msgrapp.dll" (file missing)

O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll

O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program\Grisoft\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: Bredbandsbolaget Security Services (BackWeb Plug-in - 1803213) - BackWeb Technologies Inc. - C:\Program\BREDBA~1\backweb\1803213\Program\SERVIC~1.EXE

O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Unknown owner - C:\WINDOWS\system32\Brmfrmps.exe" -service (file missing)

O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\System32\brsvc01a.exe

O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corp. - C:\Program\Bredbandsbolaget Security Services\Anti-Virus\fsgk32st.exe

O23 - Service: fsbwsys - F-Secure Corp. - C:\Program\Bredbandsbolaget Security Services\backweb\1803213\program\fsbwsys.exe

O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - Unknown owner - C:\Program\Bredbandsbolaget Security Services\FWES\Program\fsdfwd.exe (file missing)

O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program\Bredbandsbolaget Security Services\Common\FSMA32.EXE

O23 - Service: MSSQL$SONY_MEDIAMGR - Unknown owner - C:\Program\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe (file missing)

O23 - Service: MSSQLServerADHelper - Unknown owner - C:\Program\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe (file missing)

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

O23 - Service: SQLAgent$SONY_MEDIAMGR - Unknown owner - C:\Program\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlagent.EXE (file missing)

O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

 

[/log]

 

Link to comment
Share on other sites

Gå till Kontrollpanelen - Lägg till eller ta bort program och se efter om New.Net eller NewDotNet finns där, ta bort i så fall.

Samma ska med Gain, Gator, Istbar

 

Om det inte finns där så följ anvisningarna på den här sidan:

http://www.newdotnet.com/removal.html

 

Använd sedan detta rensningsprogram:

http://securityresponse.symantec.com/avcenter/FxNdotN.exe

 

Starta om datorn.

 

Ladda ner detta borttagningsprogram för Istbar:

http://securityresponse.symantec.com/avcenter/venc/data/adware.is

tbar.html

Kör det.

 

Ladda ner detta Gain-borttagningsprogram:

http://securityresponse.symantec.com/avcenter/RemGAIN.exe

Kör det.

 

Ta bort tillfälliga internet-filer:

Kontrollpanelen - Internet-alternativ - Ta bort filer - Kryssa i rutan - OK - OK

 

Töm mapparna

C:\Documents and Settings\Default User\Lokala inställningar\Temp

 

Starta om datorn i felsäkert läge.

 

Starta AVG AntiSpyware och ställ in det så att alla filer stoppas i karantän (se punkt 5 i instruktionerna.

Skanna med programmet.

 

Starta om i normalt läge och lägg hit loggen från AVG AntiSpyware och HijackThis.

 

Link to comment
Share on other sites

asså nu när jag har gjort det så har nåra grejer börjat ändras tillexempel

f-secure startar inte när datorn startar eller rättare sagt dett startar inte alls

och när man söker på google eller nåt, då är texten jätte liten!?

a men hursomehelst

här är loggen på dom olika grejerna

[log]

Logfile of HijackThis v1.99.1

Scan saved at 19:10:43, on 2006-11-30

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\brsvc01a.exe

C:\WINDOWS\System32\brss01a.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Program\Bredbandsbolaget Security Services\Common\FSM32.EXE

C:\Program\Java\jre1.5.0_09\bin\jusched.exe

C:\Program\Delade filer\Real\Update_OB\realsched.exe

C:\Program\Grisoft\AVG Anti-Spyware 7.5\avgas.exe

C:\Program\MSN Messenger\msnmsgr.exe

C:\valve\steam\steam.exe

C:\Program\Grisoft\AVG Anti-Spyware 7.5\guard.exe

C:\Program\BREDBA~1\backweb\1803213\Program\SERVIC~1.EXE

C:\WINDOWS\system32\Brmfrmps.exe

C:\WINDOWS\system32\cisvc.exe

C:\Program\Bredbandsbolaget Security Services\Anti-Virus\fsgk32st.exe

C:\Program\Bredbandsbolaget Security Services\Anti-Virus\FSGK32.EXE

C:\Program\Bredbandsbolaget Security Services\backweb\1803213\program\fsbwsys.exe

C:\Program\Bredbandsbolaget Security Services\Anti-Virus\fssm32.exe

C:\Program\Bredbandsbolaget Security Services\Common\FSMA32.EXE

C:\WINDOWS\System32\nvsvc32.exe

C:\Program\Bredbandsbolaget Security Services\Common\FSMB32.EXE

C:\Program\Bredbandsbolaget Security Services\backweb\1803213\Program\fspex.exe

C:\Program\Delade filer\Teleca Shared\Generic.exe

C:\Program\Bredbandsbolaget Security Services\Common\FCH32.EXE

C:\Program\Bredbandsbolaget Security Services\Common\FAMEH32.EXE

C:\WINDOWS\System32\svchost.exe

C:\Program\Sony Ericsson\Mobile\Mobile Phone Monitor\epmworker.exe

C:\Program\Bredbandsbolaget Security Services\Anti-Virus\fsrw.exe

C:\Program\Bredbandsbolaget Security Services\Anti-Virus\fsav32.exe

C:\WINDOWS\system32\cidaemon.exe

C:\Program\Internet Explorer\iexplore.exe

C:\Documents and Settings\Ägaren\Lokala inställningar\Temporary Internet Files\Content.IE5\IV8R4NO7\RemGAIN[1].exe

C:\Program\Hijackthis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.se/

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program\Java\jre1.5.0_09\bin\ssv.dll

O3 - Toolbar: HP-vy - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program\HP\Digital Imaging\bin\hpdtlk02.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O4 - HKLM\..\Run: [Registry oidet] win32.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program\Bredbandsbolaget Security Services\Common\FSM32.EXE" /splash

O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program\Bredbandsbolaget Security Services\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW

O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program\Bredbandsbolaget Security Services\FSGUI\FSSW.EXE" /reboot

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program\Java\jre1.5.0_09\bin\jusched.exe"

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [sony Ericsson PC Suite] "C:\Program\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions

O4 - HKLM\..\Run: [TkBellExe] "C:\Program\Delade filer\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKCU\..\Run: [msnmsgr] "C:\Program\MSN Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [steam] "c:\valve\steam\steam.exe" -silent

O4 - HKCU\..\Run: [backupNotify] c:\Program\HP\Digital Imaging\bin\backupnotify.exe

O4 - HKCU\..\Run: [Acme.PCHButton] C:\Program\HPPAVI~1\Pavilion\XPHWWBP4\plugin\bin\PCHButton.exe

O4 - Global Startup: Bredbandsbolaget Security Services.lnk = C:\Program\Bredbandsbolaget Security Services\backweb\1803213\Program\fspex.exe

O4 - Global Startup: Status Monitor.lnk = C:\Program\Brother\Brmfcmon\BrMfcWnd.exe

O8 - Extra context menu item: &Blockera detta popup-fönster - C:\Program\Bredbandsbolaget Security Services\Anti-Spyware\blockpopups.htm

O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~4\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_09\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_09\bin\ssv.dll

O9 - Extra button: IE-sköld - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program\Bredbandsbolaget Security Services\Anti-Spyware\ieshield.dll

O9 - Extra 'Tools' menuitem: IE-sköld... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program\Bredbandsbolaget Security Services\Anti-Spyware\ieshield.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\MSMSGS.EXE

O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\MSMSGS.EXE

O16 - DPF: {1538D4E0-B2C4-402D-B71A-BA6A04BC7A5D} (PictureChooser.picChooser) - http://direct.fotomenyn.com/direct/PictureChooser.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by110fd.bay110.hotmail.msn.com/resources/MsnPUpld.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1135545113156

O16 - DPF: {65F77758-B822-45FB-8F0C-08E85705EC4A} (Upload.ctlUpload) - http://direct.fotomenyn.com/direct/upload.cab

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab

O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\Program\MSNMES~1\msgrapp.dll" (file missing)

O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll

O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program\Grisoft\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: Bredbandsbolaget Security Services (BackWeb Plug-in - 1803213) - BackWeb Technologies Inc. - C:\Program\BREDBA~1\backweb\1803213\Program\SERVIC~1.EXE

O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Unknown owner - C:\WINDOWS\system32\Brmfrmps.exe" -service (file missing)

O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\System32\brsvc01a.exe

O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corp. - C:\Program\Bredbandsbolaget Security Services\Anti-Virus\fsgk32st.exe

O23 - Service: fsbwsys - F-Secure Corp. - C:\Program\Bredbandsbolaget Security Services\backweb\1803213\program\fsbwsys.exe

O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - Unknown owner - C:\Program\Bredbandsbolaget Security Services\FWES\Program\fsdfwd.exe (file missing)

O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program\Bredbandsbolaget Security Services\Common\FSMA32.EXE

O23 - Service: MSSQL$SONY_MEDIAMGR - Unknown owner - C:\Program\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe (file missing)

O23 - Service: MSSQLServerADHelper - Unknown owner - C:\Program\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe (file missing)

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

O23 - Service: SQLAgent$SONY_MEDIAMGR - Unknown owner - C:\Program\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlagent.EXE (file missing)

O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

 

[/log]

 

 

[log]

---------------------------------------------------------

AVG Anti-Spyware - Scan Report

---------------------------------------------------------

 

+ Created at: 19:04:47 2006-11-30

 

+ Scan result:

 

 

 

C:\System Volume Information\_restore{2BC35477-68FF-4CB0-A8A2-E7170F1B8F7B}\RP459\A0069330.exe -> Adware.Altnet : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{2BC35477-68FF-4CB0-A8A2-E7170F1B8F7B}\RP459\A0069339.exe -> Adware.Look2Me : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{2BC35477-68FF-4CB0-A8A2-E7170F1B8F7B}\RP459\A0069331.dll -> Adware.Minibug : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{2BC35477-68FF-4CB0-A8A2-E7170F1B8F7B}\RP459\A0069332.dll -> Adware.NewDotNet : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{2BC35477-68FF-4CB0-A8A2-E7170F1B8F7B}\RP459\A0069333.exe -> Adware.NewDotNet : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{2BC35477-68FF-4CB0-A8A2-E7170F1B8F7B}\RP459\A0069334.exe -> Adware.NewDotNet : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{2BC35477-68FF-4CB0-A8A2-E7170F1B8F7B}\RP459\A0069335.exe -> Adware.NewDotNet : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{2BC35477-68FF-4CB0-A8A2-E7170F1B8F7B}\RP459\A0069336.exe -> Adware.NewDotNet : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{2BC35477-68FF-4CB0-A8A2-E7170F1B8F7B}\RP459\A0069337.exe -> Adware.NewDotNet : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{2BC35477-68FF-4CB0-A8A2-E7170F1B8F7B}\RP460\A0069454.exe -> Adware.NewDotNet : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{2BC35477-68FF-4CB0-A8A2-E7170F1B8F7B}\RP459\A0069338.dll -> Adware.Yahoo : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{2BC35477-68FF-4CB0-A8A2-E7170F1B8F7B}\RP459\A0069329.ocx -> Downloader.IstBar : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{2BC35477-68FF-4CB0-A8A2-E7170F1B8F7B}\RP459\A0069340.exe -> Not-A-Virus.Downloader.Win32.ImLoader.b : Cleaned with backup (quarantined).

 

 

::Report end

 

[/log]

 

Link to comment
Share on other sites

AVG Anti-Spyware resultatet ser bra men det här kan du fixa.

C:\System Volume Information\_restore är stället där systemåterställningsfunktionen lagrar olika systemåterställningspunkter. Det betyder att medan din dator var infekterad så skapade Windows en systemåterställningspunkt. Så länge som otrevligheterna ligger i den mappen så är de ofarliga. Däremot så om du återställer till en tidpunkt då datorn var infekterad så blir även otrevligheterna återställda.

 

Du kan ta bort samtliga systemåterställningspunkter genom att stänga av systemåterställningsfunktionen, starta om datorn och så slå på funktionen igen. Systemåterställningsfunktionen slår man av och på här:

Högerklick på Den här datorn - Egenskaper - Systemåterställning.

 

Hur uppför sig startsidan?

 

Link to comment
Share on other sites

mm nu har jag gjort det. startsidan uppför sig perfekt men det är bara det där med google att när man söker så du vet för varje grej som kommer fram på sökningen så är det en rubrik med blå text den texten

är mycket mindre än vanligt.

 

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.



×
×
  • Create New...