Just nu i M3-nätverket
Jump to content

Winstall (msn virus)


Jonson_92

Recommended Posts

Ladda hem och installera gratisversionen av SUPERAntiSpyware Free Edition:

http://www.superantispyware.com/download.html

Starta programmet, klicka på Check for updates.

Avsluta programmet när uppdateringen är klar.

 

Starta om datorn i felsäkert läge (tryck F8 upprepade gånger under uppstarten och välj felsäkert läge i menyn).

 

Starta SUPERAntiSpyware och klicka på Scan your Computer.

Bocka för alla hårddiskar (fixed drive/disk).

Välj Perform complete scan

Nästa/Next

 

När skanningen är klar som kommer det upp en sammanfattning, tryck på OK

Nästa/Next

Utför eller liknande

Ett fönster med Quarantine and removal Complete kommer upp

OK

Utför eller liknande

Avsluta programmet.

 

Starta om i normalt läge.

 

Starta programmet, tryck på Preferences, välj filken Statistics/Logs

Dubbelklicka på den nyaste SUPERAntiSpyware Scan Log så att loggen kommer upp i Anteckningar.

Klistra in loggen i ditt svar.

 

Ladda ner HijackThis:

http://www.thespykiller.co.uk/files/HJTsetup.exe

Installera, kör, skanna och spara loggen (inget annat).

Klistra in loggen i ditt svar.

 

I ditt svar gör du så här när du har klistrat in en logg:

Markera (måla) hela loggen och tryck sedan på LOG-knappen i Besvara-fönstret.

 

Link to comment
Share on other sites

SUPERAntiSpyware Scan Log

Generated 11/29/2006 at 05:32 PM

 

Application Version : 3.3.1020

 

Core Rules Database Version : 3107

Trace Rules Database Version: 1133

 

Scan type : Complete Scan

Total Scan Time : 00:46:47

 

Memory items scanned : 171

Memory threats detected : 0

Registry items scanned : 4468

Registry threats detected : 15

File items scanned : 36837

File threats detected : 127

 

Adware.IPWins

[ipWins] C:\PROGRAM\IPWINS\IPWINS.EXE

C:\PROGRAM\IPWINS\IPWINS.EXE

HKU\S-1-5-21-299502267-1580818891-839522115-1007\Software\IpWins

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IpWins

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IpWins#DisplayName

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IpWins#UninstallString

C:\Program\ipwins\popA.tmp

C:\Program\ipwins\Services.dll

C:\Program\ipwins\Uninst.exe

C:\Program\ipwins

C:\WINDOWS\Prefetch\IPWINS.EXE-2B63173B.pf

 

Worm.Sober Variant

[Poss] C:\WINDOWS\DOBE~1\SPOOLSV.EXE

C:\WINDOWS\DOBE~1\SPOOLSV.EXE

C:\WINDOWS\Prefetch\SPOOLSV.EXE-1E418DC7.pf

 

Adware.Tracking Cookie

C:\Documents and Settings\Joppe\Cookies\joppe@viator.122.2o7[1].txt

C:\Documents and Settings\Joppe\Cookies\joppe@fastclick[2].txt

C:\Documents and Settings\Joppe\Cookies\joppe@go.drivecleaner[1].txt

C:\Documents and Settings\Joppe\Cookies\joppe@revenue[1].txt

C:\Documents and Settings\Joppe\Cookies\joppe@mediaplex[1].txt

C:\Documents and Settings\Joppe\Cookies\joppe@1071982361[1].txt

C:\Documents and Settings\Joppe\Cookies\joppe@adbrite[2].txt

C:\Documents and Settings\Joppe\Cookies\joppe@ad.cibleclick[2].txt

C:\Documents and Settings\Joppe\Cookies\joppe@ads.exitexchange[2].txt

C:\Documents and Settings\Joppe\Cookies\joppe@advertising[2].txt

C:\Documents and Settings\Joppe\Cookies\joppe@oc[2].txt

C:\Documents and Settings\Joppe\Cookies\joppe@1066230470[1].txt

C:\Documents and Settings\Joppe\Cookies\joppe@adopt.hbmediapro[2].txt

C:\Documents and Settings\Joppe\Cookies\joppe@free-counter[1].txt

C:\Documents and Settings\Joppe\Cookies\joppe@burstnet[1].txt

C:\Documents and Settings\Joppe\Cookies\joppe@track.adform[1].txt

C:\Documents and Settings\Joppe\Cookies\joppe@cgi-bin[2].txt

C:\Documents and Settings\Joppe\Cookies\joppe@tradedoubler[1].txt

C:\Documents and Settings\Joppe\Cookies\joppe@usenext[1].txt

C:\Documents and Settings\Joppe\Cookies\joppe@ads.itv[2].txt

C:\Documents and Settings\Joppe\Cookies\joppe@1071364750[1].txt

C:\Documents and Settings\Joppe\Cookies\joppe@1072273079[1].txt

C:\Documents and Settings\Joppe\Cookies\joppe@888[2].txt

C:\Documents and Settings\Joppe\Cookies\joppe@stats.fotbollsbiljetter[1].txt

C:\Documents and Settings\Joppe\Cookies\joppe@www.burstnet[1].txt

C:\Documents and Settings\Joppe\Cookies\joppe@ad1.emediate[2].txt

C:\Documents and Settings\Joppe\Cookies\joppe@kanoodle[2].txt

C:\Documents and Settings\Joppe\Cookies\joppe@mb[2].txt

C:\Documents and Settings\Joppe\Cookies\joppe@ad1.emediate[1].txt

C:\Documents and Settings\Joppe\Cookies\joppe@clicktorrent[1].txt

C:\Documents and Settings\Joppe\Cookies\joppe@cgi-bin[3].txt

C:\Documents and Settings\Joppe\Cookies\joppe@www.soundclick[1].txt

C:\Documents and Settings\Joppe\Cookies\joppe@media.fastclick[2].txt

C:\Documents and Settings\Joppe\Cookies\joppe@ads.managerzone[2].txt

C:\Documents and Settings\Joppe\Cookies\joppe@drivecleaner[1].txt

C:\Documents and Settings\Joppe\Cookies\joppe@www.drivecleaner[1].txt

C:\Documents and Settings\Joppe\Cookies\joppe@1072707600[1].txt

C:\Documents and Settings\Joppe\Cookies\joppe@mb[1].txt

C:\Documents and Settings\Joppe\Cookies\joppe@1070818065[2].txt

C:\Documents and Settings\Joppe\Cookies\joppe@90594700[1].txt

C:\Documents and Settings\Joppe\Cookies\joppe@adtech[2].txt

C:\Documents and Settings\Joppe\Cookies\joppe@m1.webstats4u[1].txt

C:\Documents and Settings\Joppe\Cookies\joppe@xiti[1].txt

C:\Documents and Settings\Joppe\Cookies\joppe@ad.adtoma[1].txt

C:\Documents and Settings\Joppe\Cookies\joppe@cassava[1].txt

C:\Documents and Settings\Joppe\Cookies\joppe@indextools[2].txt

C:\Documents and Settings\Joppe\Cookies\joppe@rotator.adjuggler[1].txt

C:\Documents and Settings\Joppe\Cookies\joppe@toplist[1].txt

C:\Documents and Settings\Joppe\Cookies\joppe@doubleclick[1].txt

C:\Documents and Settings\Joppe\Cookies\joppe@atdmt[2].txt

C:\Documents and Settings\Joppe\Cookies\joppe@ad.yieldmanager[2].txt

C:\Documents and Settings\Joppe\Cookies\joppe@exitexchange[1].txt

C:\Documents and Settings\Joppe\Cookies\joppe@belnk[1].txt

C:\Documents and Settings\Joppe\Cookies\joppe@ad.zanox[1].txt

C:\Documents and Settings\Joppe\Cookies\joppe@tripod.lycos[1].txt

C:\Documents and Settings\Joppe\Cookies\joppe@data3.perf.overture[1].txt

C:\Documents and Settings\Joppe\Cookies\joppe@publishers.clickbooth[2].txt

C:\Documents and Settings\Joppe\Cookies\joppe@dist.belnk[2].txt

C:\Documents and Settings\Joppe\Cookies\joppe@revsci[1].txt

C:\Documents and Settings\Joppe\Cookies\joppe@msnportal.112.2o7[1].txt

C:\Documents and Settings\Joppe\Cookies\joppe@tacoda[2].txt

C:\Documents and Settings\Joppe\Cookies\joppe@ads.tripod.spray[1].txt

C:\Documents and Settings\Joppe\Cookies\joppe@server.cpmstar[2].txt

C:\Documents and Settings\Gäst\Cookies\gäst@ad.adtoma[1].txt

C:\Documents and Settings\Gäst\Cookies\gäst@ad1.emediate[2].txt

C:\Documents and Settings\Gäst\Cookies\gäst@ad1.emediate[3].txt

C:\Documents and Settings\Gäst\Cookies\gäst@ads.managerzone[1].txt

C:\Documents and Settings\Gäst\Cookies\gäst@adtech[2].txt

C:\Documents and Settings\Gäst\Cookies\gäst@advertising[1].txt

C:\Documents and Settings\Gäst\Cookies\gäst@atdmt[1].txt

C:\Documents and Settings\Gäst\Cookies\gäst@doubleclick[1].txt

C:\Documents and Settings\Gäst\Cookies\gäst@tradedoubler[2].txt

C:\Documents and Settings\jocke\Cookies\jocke@ad.adtoma[1].txt

C:\Documents and Settings\jocke\Cookies\jocke@ad.yieldmanager[2].txt

C:\Documents and Settings\jocke\Cookies\jocke@ad.zanox[2].txt

C:\Documents and Settings\jocke\Cookies\jocke@ad1.emediate[2].txt

C:\Documents and Settings\jocke\Cookies\jocke@ad1.emediate[3].txt

C:\Documents and Settings\jocke\Cookies\jocke@adecn[2].txt

C:\Documents and Settings\jocke\Cookies\jocke@adopt.hbmediapro[2].txt

C:\Documents and Settings\jocke\Cookies\jocke@adultfriendfinder[2].txt

C:\Documents and Settings\jocke\Cookies\jocke@belnk[1].txt

C:\Documents and Settings\jocke\Cookies\jocke@burstnet[1].txt

C:\Documents and Settings\jocke\Cookies\jocke@clicks.jackpot[2].txt

C:\Documents and Settings\jocke\Cookies\jocke@cts.metricsdirect[1].txt

C:\Documents and Settings\jocke\Cookies\jocke@discountrealitysites[2].txt

C:\Documents and Settings\jocke\Cookies\jocke@dist.belnk[2].txt

C:\Documents and Settings\jocke\Cookies\jocke@eztracks.aavalue[2].txt

C:\Documents and Settings\jocke\Cookies\jocke@focalex[2].txt

C:\Documents and Settings\jocke\Cookies\jocke@interclick[1].txt

C:\Documents and Settings\jocke\Cookies\jocke@m1.webstats4u[2].txt

C:\Documents and Settings\jocke\Cookies\jocke@optimost[1].txt

C:\Documents and Settings\jocke\Cookies\jocke@qnsr[2].txt

C:\Documents and Settings\jocke\Cookies\jocke@revsci[2].txt

C:\Documents and Settings\jocke\Cookies\jocke@rotator.adjuggler[1].txt

C:\Documents and Settings\jocke\Cookies\jocke@server.cpmstar[2].txt

C:\Documents and Settings\jocke\Cookies\jocke@smileycentral[2].txt

C:\Documents and Settings\jocke\Cookies\jocke@soundclick[2].txt

C:\Documents and Settings\jocke\Cookies\jocke@starware[2].txt

C:\Documents and Settings\jocke\Cookies\jocke@stat.www[1].txt

C:\Documents and Settings\jocke\Cookies\jocke@superstats[1].txt

C:\Documents and Settings\jocke\Cookies\jocke@tacoda[1].txt

C:\Documents and Settings\jocke\Cookies\jocke@track.adform[1].txt

C:\Documents and Settings\jocke\Cookies\jocke@webpower[2].txt

C:\Documents and Settings\jocke\Cookies\jocke@www.burstbeacon[1].txt

C:\Documents and Settings\jocke\Cookies\jocke@www.screensavers[2].txt

C:\Documents and Settings\jocke\Cookies\jocke@yadro[2].txt

C:\Documents and Settings\jocke\Cookies\jocke@yieldmanager[2].txt

C:\Documents and Settings\Joppe\Cookies\joppe@track[1].txt

 

Adware.Avenue Media/Internet Optimizer

HKU\S-1-5-21-299502267-1580818891-839522115-1007\Software\Microsoft\Internet Explorer\URLSearchHooks#_{CFBFAE00-17A6-11D0-99CB-00C04FD64497}

 

Adware.Toolbar888

HKCR\Interface\{C6F2214E-0B54-45A9-B90D-7DD4BA45ED0B}

HKCR\Interface\{C6F2214E-0B54-45A9-B90D-7DD4BA45ED0B}\ProxyStubClsid

HKCR\Interface\{C6F2214E-0B54-45A9-B90D-7DD4BA45ED0B}\ProxyStubClsid32

HKCR\Interface\{C6F2214E-0B54-45A9-B90D-7DD4BA45ED0B}\TypeLib

HKCR\Interface\{C6F2214E-0B54-45A9-B90D-7DD4BA45ED0B}\TypeLib#Version

 

Adware.ClickSpring/Yazzle

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yazzle1122Oin

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yazzle1122Oin#DisplayName

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yazzle1122Oin#UninstallString

C:\PROGRAM\DELADE FILER\YAZZLE1122OINADMIN.EXE

C:\PROGRAM\DELADE FILER\YAZZLE1122OINUNINSTALLER.EXE

 

Adware.180solutions/Search Assistant

C:\DOCUMENTS AND SETTINGS\JOCKE\LOKALA INSTäLLNINGAR\TEMP\RES9C.TMP

C:\DOCUMENTS AND SETTINGS\JOCKE\LOKALA INSTäLLNINGAR\TEMP\RESC3.TMP

 

Trojan.Freeprod

C:\DOCUMENTS AND SETTINGS\JOPPE\LOKALA INSTäLLNINGAR\TEMP\MC-110-12-0001411.EXE

C:\DOCUMENTS AND SETTINGS\JOPPE\LOKALA INSTäLLNINGAR\TEMPORARY INTERNET FILES\CONTENT.IE5\AIYT85Q0\MCCBNEW[1].EXE

C:\DOCUMENTS AND SETTINGS\JOPPE\LOKALA INSTäLLNINGAR\TEMPORARY INTERNET FILES\CONTENT.IE5\AON6J6VR\INSTALL[1].EXE

C:\DOCUMENTS AND SETTINGS\JOPPE\MCNEW.EXE

 

Adware.ClickSpring

C:\Documents and Settings\Joppe\Mina dokument\CURITY~1\SANREG~1.EXE

C:\WINDOWS\SYSTEM32\ILK.DLL

 

Trojan.Unknown Origin

C:\WINDOWS\SYSTEM32\WNSTSCC.EXE

 

 

Link to comment
Share on other sites

Från HijackThis..

 

 

 

[log]Logfile of HijackThis v1.99.1

Scan saved at 18:49:06, on 2006-11-29

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\Program\D-Link\AirPlus G\AirGCFG.exe

C:\Program\ANI\ANIWZCS2 Service\WZCSLDR2.exe

C:\Program\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe

C:\Program\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe

C:\Program\QuickTime\qttask.exe

C:\Program\ScanSoft\OmniPageSE2.0\OpwareSE2.exe

C:\Documents and Settings\Joppe\Skrivbord\winstall.exe

C:\Program\Delade filer\{B80688FA-06B0-1053-0620-02041002002e}\Update.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program\MSN Messenger\msnmsgr.exe

C:\Program\SUPERAntiSpyware\SUPERAntiSpyware.exe

C:\Program\Delade filer\Microsoft Shared\Works Shared\wkcalrem.exe

C:\Program\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program\Internet Explorer\iexplore.exe

C:\Program\Hijackthis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.managerzone.se/

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar

R3 - URLSearchHook: (no name) - {D4621137-83FE-FD54-DEA6-D728967130BE} - C:\WINDOWS\system32\ilk.dll (file missing)

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program\google\googletoolbar2.dll

O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\sv\msntb.dll

O2 - BHO: (no name) - {D4621137-83FE-FD54-DEA6-D728967130BE} - C:\WINDOWS\system32\ilk.dll (file missing)

O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\sv\msntb.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program\google\googletoolbar2.dll

O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program\Canon\Easy-WebPrint\Toolband.dll

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [WorksFUD] C:\Program\Microsoft Works\wkfud.exe

O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program\Microsoft Works\WksSb.exe /AllUsers

O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program\Microsoft Works\WkDetect.exe

O4 - HKLM\..\Run: [Generic Host Process8 System Backup] scvhost8.exe

O4 - HKLM\..\Run: [D-Link AirPlus G] C:\Program\D-Link\AirPlus G\AirGCFG.exe

O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program\ANI\ANIWZCS2 Service\WZCSLDR2.exe

O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program\Logitech\Video\ISStart.exe

O4 - HKLM\..\Run: [CamMonitor] C:\Program\Hewlett-Packard\Digital Imaging\\Unload\hpqcmon.exe

O4 - HKLM\..\Run: [share-to-Web Namespace Daemon] C:\Program\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [OpwareSE2] "C:\Program\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"

O4 - HKLM\..\Run: [OPSE reminder] "C:\Program\ScanSoft\OmniPageSE2.0\EregEng\Ereg.exe" -r "C:\Program\ScanSoft\OmniPageSE2.0\EregEng\ereg.ini"

O4 - HKLM\..\Run: [explorer] C:\Documents and Settings\Joppe\Skrivbord\winstall.exe

O4 - HKLM\..\RunServices: [Generic Host Process8 System Backup] scvhost8.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Program\MSN Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [steam] "c:\program\steam\steam.exe" -silent

O4 - HKCU\..\Run: [updateMgr] "C:\Program\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7 -reboot 1

O4 - HKCU\..\Run: [Jmsjojbi] C:\Documents and Settings\Joppe\Mina dokument\??curity\s?anregw.exe

O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program\SUPERAntiSpyware\SUPERAntiSpyware.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program\Microsoft Office\Office10\OSA.EXE

O4 - Global Startup: Påminnelser för Kalendern i Microsoft Works.lnk = ?

O8 - Extra context menu item: &Google Search - res://c:\program\google\GoogleToolbar2.dll/cmsearch.html

O8 - Extra context menu item: &Translate English Word - res://c:\program\google\GoogleToolbar2.dll/cmwordtrans.html

O8 - Extra context menu item: Backward Links - res://c:\program\google\GoogleToolbar2.dll/cmbacklinks.html

O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program\google\GoogleToolbar2.dll/cmcache.html

O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~3\Office10\EXCEL.EXE/3000

O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html

O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html

O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html

O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program\Canon\Easy-WebPrint\Resource.dll/RC_Print.html

O8 - Extra context menu item: Similar Pages - res://c:\program\google\GoogleToolbar2.dll/cmsimilar.html

O8 - Extra context menu item: Translate Page into English - res://c:\program\google\GoogleToolbar2.dll/cmtrans.html

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_44.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by14fd.bay14.hotmail.msn.com/resources/MsnPUpld.cab

O16 - DPF: {E055C02E-6258-40FF-80A7-3BDA52FACAD7} - http://activex.matcash.com/speedtest2.dll

O20 - Winlogon Notify: !SASWinLogon - C:\Program\SUPERAntiSpyware\SASWINLO.dll

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program\Delade filer\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Norman API-hooking helper (NipSvc) - Unknown owner - C:\Norman\Nvc\BIN\nipsvc.exe (file missing)

O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

[/log]

 

Tack:)

 

Link to comment
Share on other sites

När du har klistrat in en logg så markerar (målar) du hela loggen och så trycker du på LOG-knappen som finns på samma rad som :thumbsdown::thumbsup: så blir folk glada när de inte behöver skrolla så mycket.

 

Bland annat finns det spionprogrammet PurityScan i loggen. Vi börjar med att åtgärda den.

 

Ladda ner http://www.mvps.org/winhelp2002/hosts.zip till Skrivbordet.

Packa upp filen. En ny mapp Hosts skapas på Skrivbordet.

Dubbelklicka på mappen för att öppna den.

Dubbelklicka på filen mvps.bat för att starta programmet.

Detta program kommer att byta ut datorns Hosts-fil så att PurityScan-otrevligheten förhindras komma i kontakt med sin skapare. Det kommer också förhindra att du kan besöka sidor som är ökända för att installera otrevligheter på datorn. Du kan läsa mer om det här:

http://www.mvps.org/winhelp2002/hosts.htm

 

Kontrollpanelen - Lägg till eller ta bort program

Om något av följande finns i listan så ta bort:

Oin

Yazzle by Oin

Purityscan by Oin

Snowballwars by Oin

eller något liknande med Oin eller Outerinfo i sig.

Zolero

Tizzletalk

MediaTickets

Cowabanga

 

Ladda ner och kör avinstallationsprogrammet

http://www.outerinfo.com/OiUninstaller.exe

Om du behöver anvisningar så finns de här: http://www.outerinfo.com/howto.html

 

Starta om datorn.

 

Ladda ner ComboFix:

http://download.bleepingcomputer.com/sUBs/combofix.exe

 

Kör den och följ anvisningarna som visas.

 

VIKTIGT! Klicka inte på Combofix-fönstret med musen när den körs annars kan den hänga upp sig.

 

När den är färdig så ska en logg komma upp, klistra in den här, samt en ny HijackThis-logg.

 

Jag tittar på loggarna i morgon.

 

Link to comment
Share on other sites

[log]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]

"Installed"="1"

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices]

"Generic Host Process8 System Backup"="scvhost8.exe"

 

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]

"DeskHtmlVersion"=dword:00000110

"DeskHtmlMinorVersion"=dword:00000005

"Settings"=dword:00000001

"GeneralFlags"=dword:00000005

 

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]

"Source"="About:Home"

"SubscribedURL"="About:Home"

"FriendlyName"="Min aktuella startsida"

"Flags"=dword:00000002

"Position"=hex:2c,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,e2,02,00,00,00, 00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00

"CurrentState"=hex:04,00,00,40

"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff, ff,ff,04,00,00,00

"RestoredStateInfo"=hex:18,00,00,00,12,03,00,00,23,00,00,00,dc,00,00,00,d2,00, 00,00,01,00,00,00

 

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]

"CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"

"Generic Host Process8 System Backup"="scvhost8.exe"

 

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]

"CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"

"Generic Host Process8 System Backup"="scvhost8.exe"

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]

"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"

"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]

"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=""

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"NoDriveTypeAutoRun"=dword:00000091

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"dontdisplaylastusername"=dword:00000000

"legalnoticecaption"=""

"legalnoticetext"=""

"shutdownwithoutlogon"=dword:00000001

"undockwithoutlogon"=dword:00000001

 

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]

"NoDriveTypeAutoRun"=dword:00000091

 

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]

"NoDriveTypeAutoRun"=dword:00000091

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]

"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"

"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"

"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"

"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="ctfmon"

"hkey"="HKCU"

"command"="C:\\WINDOWS\\System32\\ctfmon.exe"

"inimapping"="0"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="msmsgs"

"hkey"="HKCU"

"command"="\"C:\\Program\\Messenger\\msmsgs.exe\" /background"

"inimapping"="0"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="RUNDLL32"

"hkey"="HKLM"

"command"="RUNDLL32.EXE NvQTwk,NvCplDaemon initialize"

"inimapping"="0"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="nwiz"

"hkey"="HKLM"

"command"="nwiz.exe /install"

"inimapping"="0"

 

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]

"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

 

Completion time: 06-11-30 16:23:13.59

C:\ComboFix.txt ... 06-11-30 16:23

C:\ComboFix2.txt ... 06-11-29 19:43[/log]

 

Link to comment
Share on other sites

Hijackthis:

 

 

[log]Logfile of HijackThis v1.99.1

Scan saved at 16:25:25, on 2006-11-30

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\Program\D-Link\AirPlus G\AirGCFG.exe

C:\Program\ANI\ANIWZCS2 Service\WZCSLDR2.exe

C:\Program\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe

C:\Program\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe

C:\Program\QuickTime\qttask.exe

C:\Program\ScanSoft\OmniPageSE2.0\OpwareSE2.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program\MSN Messenger\msnmsgr.exe

C:\Program\SUPERAntiSpyware\SUPERAntiSpyware.exe

C:\Program\Delade filer\Microsoft Shared\Works Shared\wkcalrem.exe

C:\Program\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Program\Internet Explorer\iexplore.exe

C:\Program\Hijackthis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.managerzone.se/

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar

R3 - URLSearchHook: (no name) - {D4621137-83FE-FD54-DEA6-D728967130BE} - C:\WINDOWS\system32\ilk.dll (file missing)

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program\google\googletoolbar2.dll

O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\sv\msntb.dll

O2 - BHO: (no name) - {D4621137-83FE-FD54-DEA6-D728967130BE} - C:\WINDOWS\system32\ilk.dll (file missing)

O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\sv\msntb.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program\google\googletoolbar2.dll

O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program\Canon\Easy-WebPrint\Toolband.dll

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [WorksFUD] C:\Program\Microsoft Works\wkfud.exe

O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program\Microsoft Works\WksSb.exe /AllUsers

O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program\Microsoft Works\WkDetect.exe

O4 - HKLM\..\Run: [Generic Host Process8 System Backup] scvhost8.exe

O4 - HKLM\..\Run: [D-Link AirPlus G] C:\Program\D-Link\AirPlus G\AirGCFG.exe

O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program\ANI\ANIWZCS2 Service\WZCSLDR2.exe

O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program\Logitech\Video\ISStart.exe

O4 - HKLM\..\Run: [CamMonitor] C:\Program\Hewlett-Packard\Digital Imaging\\Unload\hpqcmon.exe

O4 - HKLM\..\Run: [share-to-Web Namespace Daemon] C:\Program\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [OpwareSE2] "C:\Program\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"

O4 - HKLM\..\Run: [OPSE reminder] "C:\Program\ScanSoft\OmniPageSE2.0\EregEng\Ereg.exe" -r "C:\Program\ScanSoft\OmniPageSE2.0\EregEng\ereg.ini"

O4 - HKLM\..\RunServices: [Generic Host Process8 System Backup] scvhost8.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Program\MSN Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [steam] "c:\program\steam\steam.exe" -silent

O4 - HKCU\..\Run: [updateMgr] "C:\Program\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7 -reboot 1

O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program\SUPERAntiSpyware\SUPERAntiSpyware.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program\Microsoft Office\Office10\OSA.EXE

O4 - Global Startup: Påminnelser för Kalendern i Microsoft Works.lnk = ?

O8 - Extra context menu item: &Google Search - res://c:\program\google\GoogleToolbar2.dll/cmsearch.html

O8 - Extra context menu item: &Translate English Word - res://c:\program\google\GoogleToolbar2.dll/cmwordtrans.html

O8 - Extra context menu item: Backward Links - res://c:\program\google\GoogleToolbar2.dll/cmbacklinks.html

O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program\google\GoogleToolbar2.dll/cmcache.html

O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~3\Office10\EXCEL.EXE/3000

O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html

O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html

O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html

O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program\Canon\Easy-WebPrint\Resource.dll/RC_Print.html

O8 - Extra context menu item: Similar Pages - res://c:\program\google\GoogleToolbar2.dll/cmsimilar.html

O8 - Extra context menu item: Translate Page into English - res://c:\program\google\GoogleToolbar2.dll/cmtrans.html

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_44.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by14fd.bay14.hotmail.msn.com/resources/MsnPUpld.cab

O16 - DPF: {E055C02E-6258-40FF-80A7-3BDA52FACAD7} - http://activex.matcash.com/speedtest2.dll

O20 - Winlogon Notify: !SASWinLogon - C:\Program\SUPERAntiSpyware\SASWINLO.dll

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program\Delade filer\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Norman API-hooking helper (NipSvc) - Unknown owner - C:\Norman\Nvc\BIN\nipsvc.exe (file missing)

O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe[/log]

 

Link to comment
Share on other sites

Det där är knappast hela ComboFix-loggen.

Klistra in både loggen från igår: C:\ComboFix2.txt och dagens: C:\ComboFix.txt

 

Link to comment
Share on other sites

Ladda ner SDFix till Skrivbordet:

http://downloads.andymanchesta.com/RemovalTools/SDFix.exe

Dubbelklicka på SDFix.exe och en ny mapp skapas, C:\SDFix.

 

Starta om datorn i felsäkert läge (tryck F8 upprepade gånger under uppstarten och välj felsäkert läge i menyn).

 

Öppna den nya mappen C:\SDFix och dubbelklicka på RunThis.bat för att starta programmet.

Tryck Y för att fortsätta.

Det arbetar ett tag och när det är klart så kommer det upp en fråga om du vill starta om datorn.

Tryck på godtycklig tangent för att omstarten ska påbörjas.

Datorn kommer att ta lång tid på sig under uppstarten eftersom programmet kommer att gå igång och fixa till en massa.

När det är klart visas Finished.

Tryck på valfri tangent för att avsluta programmet.

 

Öppna mappen SDFix och öppna filen Report.txt i Anteckningar.

Klistra in innehållet i filen i ditt svar här.

Skapa en ny HijackThis-logg också och klistra in här.

 

Link to comment
Share on other sites

[log]Joppe - 06-11-30 17:38:32,62 Service Pack 2

ComboFix 06.11.27W - Running from: "C:\Documents and Settings\Joppe\Skrivbord"

 

(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

 

 

 

~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ Purity ~ ~ ~ ~ ~ ~ ~ ~~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~

 

Folders Quarantined:

 

C:\QooBox\Purity\Documents and Settings\Joppe\Mina dokument\CURITY~1

C:\QooBox\Purity\WINDOWS\DOBE~1

C:\QooBox\Purity\WINDOWS\ICROSO~1.NET

C:\QooBox\Purity\WINDOWS\DOBE~1\?dobe

 

 

((((((((((((((((((((((((((((((( Files Created from 2006-10-30 to 2006-11-30 ))))))))))))))))))))))))))))))))))

 

 

2006-11-29 18:48 <KAT> d-------- C:\Program\Hijackthis

2006-11-29 16:40 <KAT> d-------- C:\Program\SUPERAntiSpyware

2006-11-29 16:40 <KAT> d-------- C:\Documents and Settings\Joppe\Application Data\SUPERAntiSpyware.com

2006-11-27 20:05 <KAT> d-------- C:\SDFix

2006-11-26 21:40 <KAT> d-------- C:\Program\Enigma Software Group

2006-11-26 21:22 <KAT> d-------- C:\Program\NoAdware4

2006-11-26 21:11 <KAT> d-------- C:\Documents and Settings\Joppe\Application Data\Uniblue

2006-11-26 20:28 <KAT> d--hs---- C:\Config.Msi

2006-11-26 20:09 77,824 --a------ C:\Documents and Settings\Joppe\isetup.exe

2006-11-19 01:47 <KAT> d-------- C:\Documents and Settings\Joppe\Application Data\Canon

2006-11-18 23:52 <KAT> d--h----- C:\BJPrinter

2006-11-18 23:51 7,680 --a------ C:\WINDOWS\system32\CNMVS6f.DLL

2006-11-18 23:51 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys

2006-11-18 23:51 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys

2006-11-18 23:51 116,736 --a------ C:\WINDOWS\system32\CNMLM6f.DLL

2006-11-18 23:41 <KAT> d-------- C:\Documents and Settings\Joppe\Application Data\ScanSoft

2006-11-18 23:41 <KAT> d-------- C:\Documents and Settings\All Users\Application Data\SSScanWizard

2006-11-18 23:41 <KAT> d-------- C:\Documents and Settings\All Users\Application Data\SSScanAppDataDir

2006-11-18 23:40 <KAT> d-------- C:\Program\ScanSoft

2006-11-18 23:40 <KAT> d-------- C:\Program\Delade filer\ScanSoft Shared

2006-11-18 23:37 212,480 --a------ C:\WINDOWS\PCDLIB32.DLL

2006-11-18 23:37 <KAT> d-------- C:\Program\ArcSoft

2006-11-18 23:34 94,208 --a------ C:\WINDOWS\system32\CNCL110.DLL

2006-11-18 23:34 90,112 --a------ C:\WINDOWS\system32\CNCI110.DLL

2006-11-18 23:34 557,056 --a------ C:\WINDOWS\system32\CNCC110.DLL

2006-11-18 23:34 49,152 --a------ C:\WINDOWS\system32\cncisco.dll

2006-11-18 23:34 389,180 --a------ C:\WINDOWS\system32\UCS32P.DLL

2006-11-18 23:34 <KAT> d--h----- C:\CanonMP

2006-11-18 23:33 <KAT> d-------- C:\WINDOWS\StartHtmico

2006-11-18 23:33 <KAT> d-------- C:\WINDOWS\MP130,110

2006-11-18 23:32 <KAT> d-------- C:\Program\Canon

 

 

(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

 

 

2006-11-30 17:35 -------- d-------- C:\Program\Steam

2006-11-29 19:43 -------- d-------- C:\Program\Delade filer

2006-11-29 16:38 -------- d-------- C:\Program\Delade filer\Wise Installation Wizard

2006-11-27 15:47 -------- d-------- C:\Program\MSN Messenger

2006-11-26 20:34 28944 --a--c--- C:\Documents and Settings\Joppe\Application Data\GDIPFONTCACHEV1.DAT

2006-11-25 11:18 -------- d-------- C:\Program\MZ Manager

2006-11-18 23:37 -------- d--h----- C:\Program\InstallShield Installation Information

2006-10-17 19:39 -------- d---s---- C:\Documents and Settings\Joppe\Application Data\Microsoft

2006-10-15 00:07 -------- d-------- C:\Program\EA SPORTS

 

 

(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

 

*Note* empty entries are not shown

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]

"CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.exe"

"msnmsgr"="\"C:\\Program\\MSN Messenger\\msnmsgr.exe\" /background"

"Steam"="\"c:\\program\\steam\\steam.exe\" -silent"

"updateMgr"="\"C:\\Program\\Adobe\\Acrobat 7.0\\Reader\\AdobeUpdateManager.exe\" AcRdB7_0_7 -reboot 1"

"SUPERAntiSpyware"="C:\\Program\\SUPERAntiSpyware\\SUPERAntiSpyware.exe"

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]

"nwiz"="nwiz.exe /install"

"SoundMan"="SOUNDMAN.EXE"

"WorksFUD"="C:\\Program\\Microsoft Works\\wkfud.exe"

"Microsoft Works Portfolio"="C:\\Program\\Microsoft Works\\WksSb.exe /AllUsers"

"Microsoft Works Update Detection"="C:\\Program\\Microsoft Works\\WkDetect.exe"

"Generic Host Process8 System Backup"="scvhost8.exe"

"D-Link AirPlus G"="C:\\Program\\D-Link\\AirPlus G\\AirGCFG.exe"

"ANIWZCS2Service"="C:\\Program\\ANI\\ANIWZCS2 Service\\WZCSLDR2.exe"

"LogitechVideoRepair"="C:\\Program\\Logitech\\Video\\ISStart.exe"

"CamMonitor"="C:\\Program\\Hewlett-Packard\\Digital Imaging\\\\Unload\\hpqcmon.exe"

"Share-to-Web Namespace Daemon"="C:\\Program\\Hewlett-Packard\\HP Share-to-Web\\hpgs2wnd.exe"

"QuickTime Task"="\"C:\\Program\\QuickTime\\qttask.exe\" -atboottime"

"OpwareSE2"="\"C:\\Program\\ScanSoft\\OmniPageSE2.0\\OpwareSE2.exe\""

"OPSE reminder"="\"C:\\Program\\ScanSoft\\OmniPageSE2.0\\EregEng\\Ereg.exe\" -r \"C:\\Program\\ScanSoft\\OmniPageSE2.0\\EregEng\\ereg.ini\""

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]

"Installed"="1"

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]

"Installed"="1"

"NoChange"="1"

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]

"Installed"="1"

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices]

"Generic Host Process8 System Backup"="scvhost8.exe"

 

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]

"DeskHtmlVersion"=dword:00000110

"DeskHtmlMinorVersion"=dword:00000005

"Settings"=dword:00000001

"GeneralFlags"=dword:00000005

 

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]

"Source"="About:Home"

"SubscribedURL"="About:Home"

"FriendlyName"="Min aktuella startsida"

"Flags"=dword:00000002

"Position"=hex:2c,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,e2,02,00,00,00, 00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00

"CurrentState"=hex:04,00,00,40

"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff, ff,ff,04,00,00,00

"RestoredStateInfo"=hex:18,00,00,00,12,03,00,00,23,00,00,00,dc,00,00,00,d2,00, 00,00,01,00,00,00

 

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]

"CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"

"Generic Host Process8 System Backup"="scvhost8.exe"

 

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]

"CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"

"Generic Host Process8 System Backup"="scvhost8.exe"

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]

"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"

"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]

"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=""

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"NoDriveTypeAutoRun"=dword:00000091

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"dontdisplaylastusername"=dword:00000000

"legalnoticecaption"=""

"legalnoticetext"=""

"shutdownwithoutlogon"=dword:00000001

"undockwithoutlogon"=dword:00000001

 

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]

"NoDriveTypeAutoRun"=dword:00000091

 

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]

"NoDriveTypeAutoRun"=dword:00000091

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]

"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"

"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"

"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"

"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="ctfmon"

"hkey"="HKCU"

"command"="C:\\WINDOWS\\System32\\ctfmon.exe"

"inimapping"="0"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="msmsgs"

"hkey"="HKCU"

"command"="\"C:\\Program\\Messenger\\msmsgs.exe\" /background"

"inimapping"="0"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="RUNDLL32"

"hkey"="HKLM"

"command"="RUNDLL32.EXE NvQTwk,NvCplDaemon initialize"

"inimapping"="0"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="nwiz"

"hkey"="HKLM"

"command"="nwiz.exe /install"

"inimapping"="0"

 

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]

"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

 

Completion time: 06-11-30 17:40:01.69

C:\ComboFix.txt ... 06-11-30 17:40

C:\ComboFix2.txt ... 06-11-30 16:23[/log]

 

Link to comment
Share on other sites

När jag trycker på SDFix så laddar det någonting, sen kommer de upp anteckningar och ingen mapp..

 

 

ComboFix från idag:

 

[log]Joppe - 06-11-30 17:47:48,95 Service Pack 2

ComboFix 06.11.27W - Running from: "C:\Documents and Settings\Joppe\Skrivbord"

 

(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

 

 

 

~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ Purity ~ ~ ~ ~ ~ ~ ~ ~~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~

 

Folders Quarantined:

 

C:\QooBox\Purity\Documents and Settings\Joppe\Mina dokument\CURITY~1

C:\QooBox\Purity\WINDOWS\DOBE~1

C:\QooBox\Purity\WINDOWS\ICROSO~1.NET

C:\QooBox\Purity\WINDOWS\DOBE~1\?dobe

 

 

((((((((((((((((((((((((((((((( Files Created from 2006-10-30 to 2006-11-30 ))))))))))))))))))))))))))))))))))

 

 

2006-11-29 18:48 <KAT> d-------- C:\Program\Hijackthis

2006-11-29 16:40 <KAT> d-------- C:\Program\SUPERAntiSpyware

2006-11-29 16:40 <KAT> d-------- C:\Documents and Settings\Joppe\Application Data\SUPERAntiSpyware.com

2006-11-27 20:05 <KAT> d-------- C:\SDFix

2006-11-26 21:40 <KAT> d-------- C:\Program\Enigma Software Group

2006-11-26 21:22 <KAT> d-------- C:\Program\NoAdware4

2006-11-26 21:11 <KAT> d-------- C:\Documents and Settings\Joppe\Application Data\Uniblue

2006-11-26 20:28 <KAT> d--hs---- C:\Config.Msi

2006-11-26 20:09 77,824 --a------ C:\Documents and Settings\Joppe\isetup.exe

2006-11-19 01:47 <KAT> d-------- C:\Documents and Settings\Joppe\Application Data\Canon

2006-11-18 23:52 <KAT> d--h----- C:\BJPrinter

2006-11-18 23:51 7,680 --a------ C:\WINDOWS\system32\CNMVS6f.DLL

2006-11-18 23:51 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys

2006-11-18 23:51 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys

2006-11-18 23:51 116,736 --a------ C:\WINDOWS\system32\CNMLM6f.DLL

2006-11-18 23:41 <KAT> d-------- C:\Documents and Settings\Joppe\Application Data\ScanSoft

2006-11-18 23:41 <KAT> d-------- C:\Documents and Settings\All Users\Application Data\SSScanWizard

2006-11-18 23:41 <KAT> d-------- C:\Documents and Settings\All Users\Application Data\SSScanAppDataDir

2006-11-18 23:40 <KAT> d-------- C:\Program\ScanSoft

2006-11-18 23:40 <KAT> d-------- C:\Program\Delade filer\ScanSoft Shared

2006-11-18 23:37 212,480 --a------ C:\WINDOWS\PCDLIB32.DLL

2006-11-18 23:37 <KAT> d-------- C:\Program\ArcSoft

2006-11-18 23:34 94,208 --a------ C:\WINDOWS\system32\CNCL110.DLL

2006-11-18 23:34 90,112 --a------ C:\WINDOWS\system32\CNCI110.DLL

2006-11-18 23:34 557,056 --a------ C:\WINDOWS\system32\CNCC110.DLL

2006-11-18 23:34 49,152 --a------ C:\WINDOWS\system32\cncisco.dll

2006-11-18 23:34 389,180 --a------ C:\WINDOWS\system32\UCS32P.DLL

2006-11-18 23:34 <KAT> d--h----- C:\CanonMP

2006-11-18 23:33 <KAT> d-------- C:\WINDOWS\StartHtmico

2006-11-18 23:33 <KAT> d-------- C:\WINDOWS\MP130,110

2006-11-18 23:32 <KAT> d-------- C:\Program\Canon

 

 

(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

 

 

2006-11-30 17:35 -------- d-------- C:\Program\Steam

2006-11-29 19:43 -------- d-------- C:\Program\Delade filer

2006-11-29 16:38 -------- d-------- C:\Program\Delade filer\Wise Installation Wizard

2006-11-27 15:47 -------- d-------- C:\Program\MSN Messenger

2006-11-26 20:34 28944 --a--c--- C:\Documents and Settings\Joppe\Application Data\GDIPFONTCACHEV1.DAT

2006-11-25 11:18 -------- d-------- C:\Program\MZ Manager

2006-11-18 23:37 -------- d--h----- C:\Program\InstallShield Installation Information

2006-10-17 19:39 -------- d---s---- C:\Documents and Settings\Joppe\Application Data\Microsoft

2006-10-15 00:07 -------- d-------- C:\Program\EA SPORTS

 

 

(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

 

*Note* empty entries are not shown

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]

"CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.exe"

"msnmsgr"="\"C:\\Program\\MSN Messenger\\msnmsgr.exe\" /background"

"Steam"="\"c:\\program\\steam\\steam.exe\" -silent"

"updateMgr"="\"C:\\Program\\Adobe\\Acrobat 7.0\\Reader\\AdobeUpdateManager.exe\" AcRdB7_0_7 -reboot 1"

"SUPERAntiSpyware"="C:\\Program\\SUPERAntiSpyware\\SUPERAntiSpyware.exe"

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]

"nwiz"="nwiz.exe /install"

"SoundMan"="SOUNDMAN.EXE"

"WorksFUD"="C:\\Program\\Microsoft Works\\wkfud.exe"

"Microsoft Works Portfolio"="C:\\Program\\Microsoft Works\\WksSb.exe /AllUsers"

"Microsoft Works Update Detection"="C:\\Program\\Microsoft Works\\WkDetect.exe"

"Generic Host Process8 System Backup"="scvhost8.exe"

"D-Link AirPlus G"="C:\\Program\\D-Link\\AirPlus G\\AirGCFG.exe"

"ANIWZCS2Service"="C:\\Program\\ANI\\ANIWZCS2 Service\\WZCSLDR2.exe"

"LogitechVideoRepair"="C:\\Program\\Logitech\\Video\\ISStart.exe"

"CamMonitor"="C:\\Program\\Hewlett-Packard\\Digital Imaging\\\\Unload\\hpqcmon.exe"

"Share-to-Web Namespace Daemon"="C:\\Program\\Hewlett-Packard\\HP Share-to-Web\\hpgs2wnd.exe"

"QuickTime Task"="\"C:\\Program\\QuickTime\\qttask.exe\" -atboottime"

"OpwareSE2"="\"C:\\Program\\ScanSoft\\OmniPageSE2.0\\OpwareSE2.exe\""

"OPSE reminder"="\"C:\\Program\\ScanSoft\\OmniPageSE2.0\\EregEng\\Ereg.exe\" -r \"C:\\Program\\ScanSoft\\OmniPageSE2.0\\EregEng\\ereg.ini\""

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]

"Installed"="1"

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]

"Installed"="1"

"NoChange"="1"

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]

"Installed"="1"

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices]

"Generic Host Process8 System Backup"="scvhost8.exe"

 

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]

"DeskHtmlVersion"=dword:00000110

"DeskHtmlMinorVersion"=dword:00000005

"Settings"=dword:00000001

"GeneralFlags"=dword:00000005

 

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]

"Source"="About:Home"

"SubscribedURL"="About:Home"

"FriendlyName"="Min aktuella startsida"

"Flags"=dword:00000002

"Position"=hex:2c,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,e2,02,00,00,00, 00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00

"CurrentState"=hex:04,00,00,40

"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff, ff,ff,04,00,00,00

"RestoredStateInfo"=hex:18,00,00,00,12,03,00,00,23,00,00,00,dc,00,00,00,d2,00, 00,00,01,00,00,00

 

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]

"CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"

"Generic Host Process8 System Backup"="scvhost8.exe"

 

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]

"CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"

"Generic Host Process8 System Backup"="scvhost8.exe"

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]

"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"

"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]

"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=""

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"NoDriveTypeAutoRun"=dword:00000091

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"dontdisplaylastusername"=dword:00000000

"legalnoticecaption"=""

"legalnoticetext"=""

"shutdownwithoutlogon"=dword:00000001

"undockwithoutlogon"=dword:00000001

 

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]

"NoDriveTypeAutoRun"=dword:00000091

 

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]

"NoDriveTypeAutoRun"=dword:00000091

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]

"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"

"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"

"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"

"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="ctfmon"

"hkey"="HKCU"

"command"="C:\\WINDOWS\\System32\\ctfmon.exe"

"inimapping"="0"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="msmsgs"

"hkey"="HKCU"

"command"="\"C:\\Program\\Messenger\\msmsgs.exe\" /background"

"inimapping"="0"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="RUNDLL32"

"hkey"="HKLM"

"command"="RUNDLL32.EXE NvQTwk,NvCplDaemon initialize"

"inimapping"="0"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="nwiz"

"hkey"="HKLM"

"command"="nwiz.exe /install"

"inimapping"="0"

 

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]

"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

 

Completion time: 06-11-30 17:48:43.51

C:\ComboFix.txt ... 06-11-30 17:48

C:\ComboFix2.txt ... 06-11-30 17:40

C:\ComboFix3.txt ... 06-11-30 16:23[/log]

[inlägget ändrat 2006-11-30 17:49:11 av Jonson_92]

Link to comment
Share on other sites

Gå till http://www.virustotal.com/ klistra in följande filnamn i rutan, tryck på Send och vänta tills resultatet är klart (Status blir Finished). Klistra in resultatet (inkl. filstorlek) här.

C:\Documents and Settings\Joppe\isetup.exe

 

Så Anteckningar kom inte upp efter SDFix, finns det någon fil C:\Report.txt på datorn?

Du kör väl SDFix i felsäkert läge?

 

Link to comment
Share on other sites

När du dubbelklickar på den nedladdade filen så skapas en ny mapp, C:\SDFix, inget annat, den kommer inte upp eftersom du inte ska köra programmet just då.

 

virustotal finns när jag trycker på länken. Men om den inte går så skanna filen här i stället: http://virusscan.jotti.org/

 

 

Link to comment
Share on other sites

[log]Service load: 0% 100%

 

File: isetup.exe

Status: INFECTED/MALWARE (Note: this file has been scanned before. Therefore, this file's scan results will not be stored in the database)

MD5 bdb5b1e9a1ee0d525e6157af32b131f8

Packers detected: MOLEBOX

Scanner results

AntiVir Found nothing

ArcaVir Found nothing

Avast Found nothing

AVG Antivirus Found nothing

BitDefender Found Backdoor.MSNMaker.AB

ClamAV Found nothing

Dr.Web Found nothing

F-Prot Antivirus Found nothing

F-Secure Anti-Virus Found Backdoor.Win32.MSNMaker.ab

Fortinet Found nothing

Kaspersky Anti-Virus Found Backdoor.Win32.MSNMaker.ab

NOD32 Found nothing

Norman Virus Control Found W32/MSNMaker.I

VirusBuster Found nothing

VBA32 Found nothing [/log]

 

 

SDFix:

 

 

 

[log]SDFix: Version 1.44

-------------------

 

2006-11-30 - 19:28:22,72

 

 

Microsoft Windows XP [Version 5.1.2600]

 

Running from C:\SDFix

 

Stage One - Safe Mode

Service Check...

 

Service Name:

------------

 

FilePath:

--------

 

 

Starting Registry Repairs...

 

 

Restoring Default Hosts File...

 

Stage One Complete

 

Rebooting...

 

Stage Two - Normal Mode

 

Checking For Malware:

--------------------

 

 

Backing Up and Removing any Files Found...

 

Final Check:

 

Services:

---------

 

 

Authorized Applications Export:

 

 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List

%windir%\system32\sessmgr.exe REG_SZ %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019

C:\WINDOWS\system32\inetmgrr.exe REG_SZ C:\WINDOWS\system32\inetmgrr.exe:*:Disabled:Generic Host Process for Win32 Services

C:\Program\EA GAMES\Battlefield Vietnam\bfvietnam.exe REG_SZ C:\Program\EA GAMES\Battlefield Vietnam\bfvietnam.exe:*:Disabled:bfvietnam

C:\Program\Steam\SteamApps\aggejonas\counter-strike\hl.exe REG_SZ C:\Program\Steam\SteamApps\aggejonas\counter-strike\hl.exe:*:Enabled:Half-Life Launcher

C:\Program\Steam\SteamApps\joppe_92@hotmail.com\counter-strike\hl.exe REG_SZ C:\Program\Steam\SteamApps\joppe_92@hotmail.com\counter-strike\hl.exe:*:Enabled:Half-Life Launcher

C:\Program\Messenger\msmsgs.exe REG_SZ C:\Program\Messenger\msmsgs.exe:*:Enabled:Windows Messenger

C:\Program\MSN Messenger\msncall.exe REG_SZ C:\Program\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)

C:\Program\MSN Messenger\msnmsgr.exe REG_SZ C:\Program\MSN Messenger\msnmsgr.exe:*:Enabled:MSN Messenger 7.5

C:\WINDOWS\system32\dpvsetup.exe REG_SZ C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test

C:\WINDOWS\system32\rundll32.exe REG_SZ C:\WINDOWS\system32\rundll32.exe:*:Enabled:Kör en DLL-fil som ett program

C:\Program\MSN Messenger\msrr.exe REG_SZ C:\Program\MSN Messenger\msrr.exe:*:Disabled:MSN Messenger

 

 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List

%windir%\system32\sessmgr.exe REG_SZ %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019

C:\Program\MSN Messenger\msncall.exe REG_SZ C:\Program\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)

C:\Program\MSN Messenger\msnmsgr.exe REG_SZ C:\Program\MSN Messenger\msnmsgr.exe:*:Enabled:MSN Messenger 7.5

 

Files:

------

 

Checking For Hidden Files:

 

C:\Program\Delade filer\Adobe\ESD\DLMCleanup.exe

C:\hiberfil.sys

C:\IO.SYS

C:\MSDOS.SYS

C:\pagefile.sys

C:\Documents and Settings\jocke\Lokala inst„llningar\Temp\~13.tmp

C:\Documents and Settings\jocke\Lokala inst„llningar\Temp\~51.tmp

C:\Documents and Settings\jocke\Lokala inst„llningar\Temp\~7.tmp

C:\Documents and Settings\jocke\Lokala inst„llningar\Temp\~83.tmp

C:\Documents and Settings\jocke\Lokala inst„llningar\Temp\~9.tmp

C:\Documents and Settings\jocke\Lokala inst„llningar\Temp\~A.tmp

C:\Documents and Settings\jocke\Lokala inst„llningar\Temp\~B.tmp

C:\Documents and Settings\jocke\Lokala inst„llningar\Temp\~B5.tmp

C:\Documents and Settings\jocke\Lokala inst„llningar\Temp\~D.tmp

C:\Documents and Settings\jocke\Lokala inst„llningar\Temp\~E6.tmp

C:\Documents and Settings\jocke\Lokala inst„llningar\Temp\~F.tmp

 

 

Backups folder: - C:\SDFix\backups\backups.zip

 

FINISHED![/log]

[inlägget ändrat 2006-11-30 19:39:11 av Jonson_92]

Link to comment
Share on other sites

[log]Logfile of HijackThis v1.99.1

Scan saved at 19:39:54, on 2006-11-30

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\system32\notepad.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\Program\D-Link\AirPlus G\AirGCFG.exe

C:\Program\ANI\ANIWZCS2 Service\WZCSLDR2.exe

C:\Program\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe

C:\Program\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe

C:\Program\QuickTime\qttask.exe

C:\Program\ScanSoft\OmniPageSE2.0\OpwareSE2.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program\MSN Messenger\msnmsgr.exe

C:\Program\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe

C:\Program\SUPERAntiSpyware\SUPERAntiSpyware.exe

C:\Program\Adobe\Acrobat 7.0\Reader\reader_sl.exe

C:\Program\Internet Explorer\iexplore.exe

C:\Program\Delade filer\Microsoft Shared\Works Shared\wkcalrem.exe

C:\Program\Hijackthis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.managerzone.se/

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar

R3 - URLSearchHook: (no name) - {D4621137-83FE-FD54-DEA6-D728967130BE} - C:\WINDOWS\system32\ilk.dll (file missing)

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program\google\googletoolbar2.dll

O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\sv\msntb.dll

O2 - BHO: (no name) - {D4621137-83FE-FD54-DEA6-D728967130BE} - C:\WINDOWS\system32\ilk.dll (file missing)

O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\sv\msntb.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program\google\googletoolbar2.dll

O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program\Canon\Easy-WebPrint\Toolband.dll

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [WorksFUD] C:\Program\Microsoft Works\wkfud.exe

O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program\Microsoft Works\WksSb.exe /AllUsers

O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program\Microsoft Works\WkDetect.exe

O4 - HKLM\..\Run: [Generic Host Process8 System Backup] scvhost8.exe

O4 - HKLM\..\Run: [D-Link AirPlus G] C:\Program\D-Link\AirPlus G\AirGCFG.exe

O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program\ANI\ANIWZCS2 Service\WZCSLDR2.exe

O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program\Logitech\Video\ISStart.exe

O4 - HKLM\..\Run: [CamMonitor] C:\Program\Hewlett-Packard\Digital Imaging\\Unload\hpqcmon.exe

O4 - HKLM\..\Run: [share-to-Web Namespace Daemon] C:\Program\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [OpwareSE2] "C:\Program\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"

O4 - HKLM\..\Run: [OPSE reminder] "C:\Program\ScanSoft\OmniPageSE2.0\EregEng\Ereg.exe" -r "C:\Program\ScanSoft\OmniPageSE2.0\EregEng\ereg.ini"

O4 - HKLM\..\RunServices: [Generic Host Process8 System Backup] scvhost8.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Program\MSN Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [steam] "c:\program\steam\steam.exe" -silent

O4 - HKCU\..\Run: [updateMgr] "C:\Program\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7 -reboot 1

O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program\SUPERAntiSpyware\SUPERAntiSpyware.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program\Microsoft Office\Office10\OSA.EXE

O4 - Global Startup: Påminnelser för Kalendern i Microsoft Works.lnk = ?

O8 - Extra context menu item: &Google Search - res://c:\program\google\GoogleToolbar2.dll/cmsearch.html

O8 - Extra context menu item: &Translate English Word - res://c:\program\google\GoogleToolbar2.dll/cmwordtrans.html

O8 - Extra context menu item: Backward Links - res://c:\program\google\GoogleToolbar2.dll/cmbacklinks.html

O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program\google\GoogleToolbar2.dll/cmcache.html

O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~3\Office10\EXCEL.EXE/3000

O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html

O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html

O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html

O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program\Canon\Easy-WebPrint\Resource.dll/RC_Print.html

O8 - Extra context menu item: Similar Pages - res://c:\program\google\GoogleToolbar2.dll/cmsimilar.html

O8 - Extra context menu item: Translate Page into English - res://c:\program\google\GoogleToolbar2.dll/cmtrans.html

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_44.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by14fd.bay14.hotmail.msn.com/resources/MsnPUpld.cab

O16 - DPF: {E055C02E-6258-40FF-80A7-3BDA52FACAD7} - http://activex.matcash.com/speedtest2.dll

O20 - Winlogon Notify: !SASWinLogon - C:\Program\SUPERAntiSpyware\SASWINLO.dll

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program\Delade filer\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Norman API-hooking helper (NipSvc) - Unknown owner - C:\Norman\Nvc\BIN\nipsvc.exe (file missing)

O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe[/log]

 

Link to comment
Share on other sites

Skanna med HijackThis och bocka för:

 

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch

R3 - URLSearchHook: (no name) - {D4621137-83FE-FD54-DEA6-D728967130BE} - C:\WINDOWS\system32\ilk.dll (file missing)

O2 - BHO: (no name) - {D4621137-83FE-FD54-DEA6-D728967130BE} - C:\WINDOWS\system32\ilk.dll (file missing)

O4 - HKLM\..\Run: [Generic Host Process8 System Backup] scvhost8.exe

O4 - HKLM\..\RunServices: [Generic Host Process8 System Backup] scvhost8.exe

O16 - DPF: {E055C02E-6258-40FF-80A7-3BDA52FACAD7} - http://activex.matcash.com/speedtest2.dll

 

Avsluta alla andra program.

Tryck Fix checked.

 

Starta om datorn i felsäkert läge (tryck F8 upprepade gånger under uppstarten och välj felsäkert läge i menyn).

 

Ställ in Utforskaren så att du kan se alla filer:

Verktyg - (Mapp)alternativ eller liknande - Visning

Välj Visa dolda filer och mappar

Avbocka Dölj filnamnstillägg för kända filtyper

Avbocka Dölj skyddade operativsystemfiler

 

Ta bort filerna (om de finns kvar):

C:\Documents and Settings\Joppe\isetup.exe

C:\WINDOWS\system32\ilk.dll

C:\WINDOWS\system32\scvhost8.exe

C:\WINDOWS\scvhost8.exe

 

Töm mappen C:\Documents and Settings\jocke\Lokala inställningar\Temp

 

Starta om i normalt läge och så en ny HijackThis-logg så tittar jag på dem i morgon.

Vid den här smittan så kan själva MSN programmet vara smittat så det är lämpligt att avinstallera det och installera när allt är rent.

Hur uppför sig datorn nu?

 

Link to comment
Share on other sites

[log]Logfile of HijackThis v1.99.1

Scan saved at 20:41:07, on 2006-11-30

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\Program\D-Link\AirPlus G\AirGCFG.exe

C:\Program\ANI\ANIWZCS2 Service\WZCSLDR2.exe

C:\Program\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe

C:\Program\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe

C:\Program\QuickTime\qttask.exe

C:\Program\ScanSoft\OmniPageSE2.0\OpwareSE2.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program\MSN Messenger\msnmsgr.exe

C:\Program\SUPERAntiSpyware\SUPERAntiSpyware.exe

C:\Program\Delade filer\Microsoft Shared\Works Shared\wkcalrem.exe

C:\Program\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Program\Hijackthis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.managerzone.se/

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program\google\googletoolbar2.dll

O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\sv\msntb.dll

O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\sv\msntb.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program\google\googletoolbar2.dll

O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program\Canon\Easy-WebPrint\Toolband.dll

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [WorksFUD] C:\Program\Microsoft Works\wkfud.exe

O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program\Microsoft Works\WksSb.exe /AllUsers

O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program\Microsoft Works\WkDetect.exe

O4 - HKLM\..\Run: [D-Link AirPlus G] C:\Program\D-Link\AirPlus G\AirGCFG.exe

O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program\ANI\ANIWZCS2 Service\WZCSLDR2.exe

O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program\Logitech\Video\ISStart.exe

O4 - HKLM\..\Run: [CamMonitor] C:\Program\Hewlett-Packard\Digital Imaging\\Unload\hpqcmon.exe

O4 - HKLM\..\Run: [share-to-Web Namespace Daemon] C:\Program\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [OpwareSE2] "C:\Program\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"

O4 - HKLM\..\Run: [OPSE reminder] "C:\Program\ScanSoft\OmniPageSE2.0\EregEng\Ereg.exe" -r "C:\Program\ScanSoft\OmniPageSE2.0\EregEng\ereg.ini"

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Program\MSN Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [steam] "c:\program\steam\steam.exe" -silent

O4 - HKCU\..\Run: [updateMgr] "C:\Program\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7 -reboot 1

O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program\SUPERAntiSpyware\SUPERAntiSpyware.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program\Microsoft Office\Office10\OSA.EXE

O4 - Global Startup: Påminnelser för Kalendern i Microsoft Works.lnk = ?

O8 - Extra context menu item: &Google Search - res://c:\program\google\GoogleToolbar2.dll/cmsearch.html

O8 - Extra context menu item: &Translate English Word - res://c:\program\google\GoogleToolbar2.dll/cmwordtrans.html

O8 - Extra context menu item: Backward Links - res://c:\program\google\GoogleToolbar2.dll/cmbacklinks.html

O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program\google\GoogleToolbar2.dll/cmcache.html

O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~3\Office10\EXCEL.EXE/3000

O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html

O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html

O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html

O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program\Canon\Easy-WebPrint\Resource.dll/RC_Print.html

O8 - Extra context menu item: Similar Pages - res://c:\program\google\GoogleToolbar2.dll/cmsimilar.html

O8 - Extra context menu item: Translate Page into English - res://c:\program\google\GoogleToolbar2.dll/cmtrans.html

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_44.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by14fd.bay14.hotmail.msn.com/resources/MsnPUpld.cab

O20 - Winlogon Notify: !SASWinLogon - C:\Program\SUPERAntiSpyware\SASWINLO.dll

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program\Delade filer\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Norman API-hooking helper (NipSvc) - Unknown owner - C:\Norman\Nvc\BIN\nipsvc.exe (file missing)

O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe[/log]

 

 

Datan funkar bra.. Det har slutat komma upp massa reklam när datan startas och när jag går in på nätet..

vad ska jag göra med alla program jag har laddat ner? (hosts.zip, combofix, och allt.. kan jag ta bort de eller är de bra att ha dom?

 

Tack så mycket för all hjälp !

 

[inlägget ändrat 2006-11-30 20:49:08 av Jonson_92]

Link to comment
Share on other sites

Jag ser inget otrevligt i loggen heller.

Avinstallera MSN Messenger, starta om datorn och installera den igen.

 

HijackThis, SDFix, OiUninstaller och ComboFix kan du ta bort. SUPERAntiSpyware är ett bra program att ha och skanna igenom datorn med då och då.

 

Här kommer mina vanliga råd för en säkrare dator, men det är så klart viktigt att man använder sitt förnuft också.

 

Uppdatera från Windows Update och kör antispionprogrammen AVG Anti-Spyware (Ewido), SUPERAntiSpyware, Spybot S&D och/eller Ad-aware regelbundet.

http://www.ewido.net/en/

http://www.superantispyware.com/

http://www.safer-networking.org/en/download/index.html

http://www.lavasoft.com

 

Komplettera antivirusprogrammet med några online-skanningar då och då:

http://housecall.trendmicro.com/

http://www.bitdefender.com/scan8/ie.html

http://www.pandasoftware.com/products/activescan/

 

Använd en brandvägg (bättre än den inbyggda i XP), finns gratis från t ex ZoneLabs.

http://www.zonelabs.com/store/content/home.jsp

 

Om man använder Internet Explorer så kan det vara lämpligt att ha programmen SpywareBlaster och SpywareGuard, vilka hindrar en hel del otrevliga program från att laddas ner resp. köras:

http://www.javacoolsoftware.com

 

Se över säkerhetsinställningarna i Internet Explorer, det finns en hel del tips här:

http://www.spywarewarrior.com/uiuc/btw/ie/ie-opts.htm

 

Samt kör IE-SpyAd som lägger en hel massa otrevliga webbplatser i zonen Ej tillförlitliga i Internet Explorer så att de inte kan göra något med datorn:

http://www.spywarewarrior.com/uiuc/resource.htm

 

Om man byter webbläsare så är det bara SpywareGuard som behövs. Andra webbläsare är t ex Mozilla Firefox och Opera:

http://www.mozilla.org

http://www.opera.com

 

Allt gratis för hemanvändare/personligt bruk.

 

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.



×
×
  • Create New...