Hijackthis logg!

[salomonsson]

Hej!

 

Jag har som alla andra problem med errorsafe och har oxå fått en trevlig häst som vägrar försvinna.Jag har använt bitdefender och ad-aware.se som visserligen hjälpte mig lite men det e fortfarande skit kvar i registret tror jag.Just nu startar inte windows upp och jag får öppna program genom aktivitetshanteraren! Please help me...

Jag kollade de andra inläggen och gjorde en "hijackthis" scan och här är resultatet:

 

 

Tack på förhand...

[log]

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Program\Delade filer\Softwin\BitDefender Communicator\xcommsvr.exe

C:\Program\Delade filer\Stardock\SDMCP.exe

C:\Program\Delade filer\Softwin\BitDefender Update Service\livesrv.exe

C:\Program\Delade filer\Softwin\BitDefender Scan Server\bdss.exe

C:\Program\Softwin\BitDefender9\vsserv.exe

C:\Program\Hijackthis\HijackThis.exe

C:\Program\Mozilla Firefox\firefox.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell.com/countries/se/sve/gen/default.htm'>http://www.euro.dell.com/countries/se/sve/gen/default.htm

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.allmusic.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell.com/countries/se/sve/gen/default.htm

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar

R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program\Macrogaming\SweetIMBarForIE\toolbar.dll (file missing)

O3 - Toolbar: MSN Verktygslåda - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program\MSN Toolbar\01.01.2607.0\sv\msntb.dll

O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program\Macrogaming\SweetIMBarForIE\toolbar.dll (file missing)

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [TaskMon] C:\WINDOWS\System32\taskmon.exe

O4 - HKLM\..\Run: [AceGain LiveUpdate] C:\Program\AceGain\LiveUpdate\LiveUpdate.exe

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program\Java\jre1.5.0_09\bin\jusched.exe"

O4 - HKLM\..\Run: [H2O] C:\Program\SyncroSoft\Pos\H2O\cledx.exe

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [WinampAgent] C:\Program\Winamp\winampa.exe

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [CTDrive] rundll32.exe C:\WINDOWS\system32\drvwex.dll,startup

O4 - HKLM\..\Run: [bDMCon] c:\program\softwin\bitdef~1\bdmcon.exe

O4 - HKLM\..\Run: [bDOESRV] "C:\Program\Softwin\BitDefender9\bdoesrv.exe"

O4 - HKLM\..\Run: [bDNewsAgent] "C:\Program\Softwin\BitDefender9\bdnagent.exe"

O4 - HKLM\..\Run: [bDSwitchAgent] "C:\Program\Softwin\BitDefender9\bdswitch.exe"

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [FreeRAM XP] "C:\Program\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" -win

O4 - HKCU\..\Run: [tunebite.exe] C:\Program\tunebite\tunebite.exe -hidden

O4 - HKCU\..\Run: [OM_Monitor] C:\Program\OLYMPUS\OLYMPUS Master\Monitor.exe -NoStart

O4 - HKCU\..\Run: [skype] "C:\Program\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKCU\..\Run: [updateMgr] "C:\Program\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7 -reboot 1

O4 - Startup: Adobe Gamma.lnk = C:\Program\Delade filer\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~3\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_09\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_09\bin\ssv.dll

O9 - Extra button: Referensinformation - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program\MICROS~3\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe (file missing)

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe (file missing)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = Salo

O17 - HKLM\Software\..\Telephony: DomainName = Salo

O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = Salo

O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = Salo

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program\MSNMES~1\MSGRAP~1.DLL

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program\Delade filer\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program\Delade filer\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program\Delade filer\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPodService - Apple Computer, Inc. - C:\Program\iPod\bin\iPodService.exe

O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Program\Delade filer\Softwin\BitDefender Update Service\livesrv.exe" /service (file missing)

O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program\Intel\NCS\Sync\NetSvc.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Program\Softwin\BitDefender9\vsserv.exe" /service (file missing)

O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program\Delade filer\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)

[/log]

 

 

/salomonsson

 

[Cecilia]

Gå till mappen C:\Program\Hijackthis med Utforskaren eller Den här datorn och byt namn på programmet HijackThis.exe till något annat, t ex rensning.exe, skapa sedan en ny logg som klistras in här.

 

Det var någon annan tidigare idag som rapporterade om problem med genvägar efter att ha kört Ad-aware.

 

[salomonsson]

Jag gjorde som du bad och döpte om den till rensning.exe

 

[log]

Logfile of HijackThis v1.99.1

Scan saved at 17:18:24, on 2006-11-30

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Program\Delade filer\Softwin\BitDefender Communicator\xcommsvr.exe

C:\Program\Delade filer\Stardock\SDMCP.exe

C:\WINDOWS\Explorer.EXE

C:\Program\Java\jre1.5.0_09\bin\jusched.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program\SyncroSoft\Pos\H2O\cledx.exe

C:\Program\iTunes\iTunesHelper.exe

C:\Program\Winamp\winampa.exe

C:\Program\iPod\bin\iPodService.exe

C:\Program\Softwin\BitDefender9\bdoesrv.exe

C:\program\softwin\bitdef~1\bdnagent.exe

C:\Program\Softwin\BitDefender9\bdswitch.exe

C:\Program\Delade filer\{907E6AFB-0A21-1053-0919-03082203002e}\Update.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe

C:\Program\Delade filer\Softwin\BitDefender Update Service\livesrv.exe

C:\Program\Delade filer\Softwin\BitDefender Scan Server\bdss.exe

C:\Program\Softwin\BitDefender9\vsserv.exe

c:\program\softwin\bitdef~1\bdmcon.exe

C:\Program\Mozilla Firefox\firefox.exe

C:\Program\Hijackthis\rensning.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell.com/countries/se/sve/gen/default.htm'>http://www.euro.dell.com/countries/se/sve/gen/default.htm

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.allmusic.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell.com/countries/se/sve/gen/default.htm

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar

R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program\Macrogaming\SweetIMBarForIE\toolbar.dll (file missing)

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\Program\MACROG~1\SWEETI~1\toolbar.dll (file missing)

O2 - BHO: (no name) - {35F7813A-AF74-4474-B1DC-7EE6FB6C43C6} - C:\WINDOWS\system32\vknwgkot.dll

O2 - BHO: (no name) - {39f25b12-74ff-4079-a51f-1d70f5b08b84} - C:\WINDOWS\system32\ixt0.dll (file missing)

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program\Java\jre1.5.0_09\bin\ssv.dll

O2 - BHO: (no name) - {80342A91-C6FC-44D2-AB24-E2408A86BEF0} - C:\WINDOWS\system32\pmnli.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program\Delade filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O3 - Toolbar: MSN Verktygslåda - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program\MSN Toolbar\01.01.2607.0\sv\msntb.dll

O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program\Macrogaming\SweetIMBarForIE\toolbar.dll (file missing)

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [TaskMon] C:\WINDOWS\System32\taskmon.exe

O4 - HKLM\..\Run: [AceGain LiveUpdate] C:\Program\AceGain\LiveUpdate\LiveUpdate.exe

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program\Java\jre1.5.0_09\bin\jusched.exe"

O4 - HKLM\..\Run: [H2O] C:\Program\SyncroSoft\Pos\H2O\cledx.exe

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [WinampAgent] C:\Program\Winamp\winampa.exe

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [CTDrive] rundll32.exe C:\WINDOWS\system32\drvwex.dll,startup

O4 - HKLM\..\Run: [bDMCon] c:\program\softwin\bitdef~1\bdmcon.exe

O4 - HKLM\..\Run: [bDOESRV] "C:\Program\Softwin\BitDefender9\bdoesrv.exe"

O4 - HKLM\..\Run: [bDNewsAgent] "c:\program\softwin\bitdef~1\bdnagent.exe"

O4 - HKLM\..\Run: [bDSwitchAgent] "c:\program\softwin\bitdef~1\bdswitch.exe"

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [FreeRAM XP] "C:\Program\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" -win

O4 - HKCU\..\Run: [tunebite.exe] C:\Program\tunebite\tunebite.exe -hidden

O4 - HKCU\..\Run: [OM_Monitor] C:\Program\OLYMPUS\OLYMPUS Master\Monitor.exe -NoStart

O4 - HKCU\..\Run: [skype] "C:\Program\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKCU\..\Run: [updateMgr] "C:\Program\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7 -reboot 1

O4 - Startup: Adobe Gamma.lnk = C:\Program\Delade filer\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~3\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_09\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_09\bin\ssv.dll

O9 - Extra button: Referensinformation - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program\MICROS~3\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe (file missing)

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe (file missing)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = Salo

O17 - HKLM\Software\..\Telephony: DomainName = Salo

O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = Salo

O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = Salo

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program\MSNMES~1\MSGRAP~1.DLL

O20 - Winlogon Notify: MCPClient - C:\Program\Delade filer\Stardock\mcpstub.dll

O20 - Winlogon Notify: pmnli - C:\WINDOWS\system32\pmnli.dll

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O20 - Winlogon Notify: winubg32 - winubg32.dll (file missing)

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program\Delade filer\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program\Delade filer\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program\Delade filer\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPodService - Apple Computer, Inc. - C:\Program\iPod\bin\iPodService.exe

O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Program\Delade filer\Softwin\BitDefender Update Service\livesrv.exe" /service (file missing)

O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program\Intel\NCS\Sync\NetSvc.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Program\Softwin\BitDefender9\vsserv.exe" /service (file missing)

O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program\Delade filer\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)

[/log]

 

/Salomonsson

 

[Cecilia]

Ladda ner Vundofix:

http://www.atribune.org/ccount/click.php?id=4

 

Starta om datorn i felsäkert läge (tryck F8 upprepade gånger under uppstarten och välj felsäkert läge i menyn).

 

Dubbelklicka på VundoFix.exe för att starta programmet.

När den startar igen så tryck på Scan for Vundo.

När skanningen är klar så tryck på Remove Vundo.

Svara Ja/Yes på frågan om du vill ta bort filerna.

Därefter kommer Skrivbordet att försvinna medan filerna tas bort.

När det är klart så kommer det en fråga om att din dator kommer att stängas av, tryck på OK.

Sätt igång datorn igen i normalt läge.

 

Om det är så att VundoFix inte kunde ta bort någon fil vid första försöket så kommer VundoFix att starta igen när datorn startas, följ i så fall beskrivningen en gång till.

 

Klistra in C:\vundofix.txt och en ny HijackThis-logg i ditt svar.

 

[salomonsson]

här är vundofix.txt

[log]

VundoFix V6.2.13

 

Checking Java version...

 

Sun Java not detected

Scan started at 18:00:46 2006-11-30

 

Listing files found while scanning....

 

C:\WINDOWS\SYSTEM32\pmnli.dll

C:\WINDOWS\SYSTEM32\ilnmp.ini

C:\WINDOWS\SYSTEM32\ilnmp.bak1

C:\WINDOWS\SYSTEM32\ilnmp.bak2

C:\WINDOWS\SYSTEM32\ilnmp.ini2

C:\WINDOWS\SYSTEM32\ilnmp.tmp

C:\WINDOWS\system32\pmnli.dll

C:\WINDOWS\SYSTEM32\ilnmp.ini

C:\WINDOWS\SYSTEM32\ilnmp.bak1

C:\WINDOWS\SYSTEM32\ilnmp.bak2

C:\WINDOWS\SYSTEM32\ilnmp.ini2

C:\WINDOWS\SYSTEM32\ilnmp.tmp

C:\WINDOWS\system32\ilnmp.ini

C:\WINDOWS\system32\ilnmp.bak1

C:\WINDOWS\system32\ilnmp.bak2

C:\WINDOWS\system32\ilnmp.ini2

C:\WINDOWS\system32\ilnmp.tmp

 

Beginning removal...

 

Attempting to delete C:\WINDOWS\SYSTEM32\pmnli.dll

C:\WINDOWS\SYSTEM32\pmnli.dll Could not be deleted.

 

Attempting to delete C:\WINDOWS\SYSTEM32\ilnmp.ini

C:\WINDOWS\SYSTEM32\ilnmp.ini Has been deleted!

 

Attempting to delete C:\WINDOWS\SYSTEM32\ilnmp.bak1

C:\WINDOWS\SYSTEM32\ilnmp.bak1 Has been deleted!

 

Attempting to delete C:\WINDOWS\SYSTEM32\ilnmp.bak2

C:\WINDOWS\SYSTEM32\ilnmp.bak2 Has been deleted!

 

Attempting to delete C:\WINDOWS\SYSTEM32\ilnmp.ini2

C:\WINDOWS\SYSTEM32\ilnmp.ini2 Has been deleted!

 

Attempting to delete C:\WINDOWS\SYSTEM32\ilnmp.tmp

C:\WINDOWS\SYSTEM32\ilnmp.tmp Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\pmnli.dll

C:\WINDOWS\system32\pmnli.dll Could not be deleted.

 

Performing Repairs to the registry.

Done!

 

Beginning removal...

 

Attempting to delete C:\WINDOWS\SYSTEM32\pmnli.dll

C:\WINDOWS\SYSTEM32\pmnli.dll Could not be deleted.

 

Attempting to delete C:\WINDOWS\SYSTEM32\ilnmp.ini

C:\WINDOWS\SYSTEM32\ilnmp.ini Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\pmnli.dll

C:\WINDOWS\system32\pmnli.dll Could not be deleted.

 

Performing Repairs to the registry.

Done!

 

Beginning removal...

 

VundoFix V6.2.13

 

Checking Java version...

 

Sun Java not detected

Scan started at 18:29:49 2006-11-30

 

Listing files found while scanning....

 

C:\WINDOWS\SYSTEM32\pmnli.dll

C:\WINDOWS\SYSTEM32\ilnmp.ini

C:\WINDOWS\SYSTEM32\ilnmp.bak1

C:\WINDOWS\SYSTEM32\ilnmp.bak2

C:\WINDOWS\system32\pmnli.dll

C:\WINDOWS\SYSTEM32\ilnmp.ini

C:\WINDOWS\SYSTEM32\ilnmp.bak1

C:\WINDOWS\SYSTEM32\ilnmp.bak2

C:\WINDOWS\system32\ilnmp.ini

C:\WINDOWS\system32\ilnmp.bak1

C:\WINDOWS\system32\ilnmp.bak2

 

Beginning removal...

 

Attempting to delete C:\WINDOWS\SYSTEM32\pmnli.dll

C:\WINDOWS\SYSTEM32\pmnli.dll Could not be deleted.

 

Attempting to delete C:\WINDOWS\SYSTEM32\ilnmp.ini

C:\WINDOWS\SYSTEM32\ilnmp.ini Has been deleted!

 

Attempting to delete C:\WINDOWS\SYSTEM32\ilnmp.bak1

C:\WINDOWS\SYSTEM32\ilnmp.bak1 Has been deleted!

 

Attempting to delete C:\WINDOWS\SYSTEM32\ilnmp.bak2

C:\WINDOWS\SYSTEM32\ilnmp.bak2 Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\pmnli.dll

C:\WINDOWS\system32\pmnli.dll Could not be deleted.

 

Attempting to delete C:\WINDOWS\SYSTEM32\ilnmp.ini

C:\WINDOWS\SYSTEM32\ilnmp.ini Has been deleted!

 

Performing Repairs to the registry.

Done!

 

Beginning removal...

 

Attempting to delete C:\WINDOWS\SYSTEM32\pmnli.dll

C:\WINDOWS\SYSTEM32\pmnli.dll Could not be deleted.

 

Attempting to delete C:\WINDOWS\SYSTEM32\ilnmp.ini

C:\WINDOWS\SYSTEM32\ilnmp.ini Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\pmnli.dll

C:\WINDOWS\system32\pmnli.dll Could not be deleted.

 

Performing Repairs to the registry.

Done!

 

Beginning removal...

[/log]

 

och

 

här är den nya hijackthis.log

[log]Logfile of HijackThis v1.99.1

Scan saved at 18:50:42, on 2006-11-30

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program\Delade filer\Stardock\SDMCP.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\wdfmgr.exe

C:\Program\Delade filer\Softwin\BitDefender Communicator\xcommsvr.exe

C:\Program\Delade filer\Softwin\BitDefender Scan Server\bdss.exe

C:\Program\Delade filer\Softwin\BitDefender Update Service\livesrv.exe

C:\Program\Softwin\BitDefender9\vsserv.exe

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program\Java\jre1.5.0_09\bin\jusched.exe

C:\Program\SyncroSoft\Pos\H2O\cledx.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program\iTunes\iTunesHelper.exe

C:\Program\Winamp\winampa.exe

C:\Program\iPod\bin\iPodService.exe

C:\program\softwin\bitdef~1\bdmcon.exe

C:\Program\Softwin\BitDefender9\bdoesrv.exe

C:\program\softwin\bitdef~1\bdnagent.exe

C:\program\softwin\bitdef~1\bdswitch.exe

C:\Program\Delade filer\{907E6AFB-0A21-1053-0919-03082203002e}\Update.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe

C:\Program\Adobe\Acrobat 7.0\Reader\reader_sl.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\Program\Mozilla Firefox\firefox.exe

C:\Program\Hijackthis\rensning.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell.com/countries/se/sve/gen/default.htm'>http://www.euro.dell.com/countries/se/sve/gen/default.htm

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.allmusic.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell.com/countries/se/sve/gen/default.htm

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar

R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program\Macrogaming\SweetIMBarForIE\toolbar.dll (file missing)

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\Program\MACROG~1\SWEETI~1\toolbar.dll (file missing)

O2 - BHO: (no name) - {35F7813A-AF74-4474-B1DC-7EE6FB6C43C6} - C:\WINDOWS\system32\vknwgkot.dll

O2 - BHO: (no name) - {39f25b12-74ff-4079-a51f-1d70f5b08b84} - C:\WINDOWS\system32\ixt0.dll (file missing)

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program\Java\jre1.5.0_09\bin\ssv.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program\Delade filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: (no name) - {A4AE3849-764C-4613-817C-8AA56AEC5FFD} - C:\WINDOWS\system32\pmnli.dll

O3 - Toolbar: MSN Verktygslåda - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program\MSN Toolbar\01.01.2607.0\sv\msntb.dll

O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program\Macrogaming\SweetIMBarForIE\toolbar.dll (file missing)

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [TaskMon] C:\WINDOWS\System32\taskmon.exe

O4 - HKLM\..\Run: [AceGain LiveUpdate] C:\Program\AceGain\LiveUpdate\LiveUpdate.exe

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program\Java\jre1.5.0_09\bin\jusched.exe"

O4 - HKLM\..\Run: [H2O] C:\Program\SyncroSoft\Pos\H2O\cledx.exe

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [WinampAgent] C:\Program\Winamp\winampa.exe

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [CTDrive] rundll32.exe C:\WINDOWS\system32\drvwex.dll,startup

O4 - HKLM\..\Run: [bDMCon] c:\program\softwin\bitdef~1\bdmcon.exe

O4 - HKLM\..\Run: [bDOESRV] "C:\Program\Softwin\BitDefender9\bdoesrv.exe"

O4 - HKLM\..\Run: [bDNewsAgent] "C:\program\softwin\bitdef~1\bdnagent.exe"

O4 - HKLM\..\Run: [bDSwitchAgent] "C:\program\softwin\bitdef~1\bdswitch.exe"

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [FreeRAM XP] "C:\Program\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" -win

O4 - HKCU\..\Run: [tunebite.exe] C:\Program\tunebite\tunebite.exe -hidden

O4 - HKCU\..\Run: [OM_Monitor] C:\Program\OLYMPUS\OLYMPUS Master\Monitor.exe -NoStart

O4 - HKCU\..\Run: [skype] "C:\Program\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKCU\..\Run: [updateMgr] "C:\Program\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7 -reboot 1

O4 - Startup: Adobe Gamma.lnk = C:\Program\Delade filer\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~3\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_09\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_09\bin\ssv.dll

O9 - Extra button: Referensinformation - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program\MICROS~3\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe (file missing)

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe (file missing)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = Salo

O17 - HKLM\Software\..\Telephony: DomainName = Salo

O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = Salo

O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = Salo

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program\MSNMES~1\MSGRAP~1.DLL

O20 - Winlogon Notify: MCPClient - C:\Program\Delade filer\Stardock\mcpstub.dll

O20 - Winlogon Notify: pmnli - C:\WINDOWS\system32\pmnli.dll

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O20 - Winlogon Notify: winubg32 - winubg32.dll (file missing)

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program\Delade filer\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program\Delade filer\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program\Delade filer\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPodService - Apple Computer, Inc. - C:\Program\iPod\bin\iPodService.exe

O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Program\Delade filer\Softwin\BitDefender Update Service\livesrv.exe" /service (file missing)

O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program\Intel\NCS\Sync\NetSvc.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Program\Softwin\BitDefender9\vsserv.exe" /service (file missing)

O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program\Delade filer\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)

[/log]

 

 

Vad händer sedan? > ?

 

[Cecilia]

Ladda ner Avenger på Skrivbordet och packa upp filen där:

http://swandog46.geekstogo.com/avenger.zip

Kopiera in följande i Anteckningar, inklusive rubriken Files to delete:

 

Files to delete:

C:\WINDOWS\system32\pmnli.dll

 

Starta Avenger

Bocka i "Input Script Manually"

Klicka på förstoringsglaset och i "View/edit script" så klistrar du in texten som finns i Anteckningar.

Klicka på Done

Klicka på det gröna ljuset och svara Ja på frågorna.

Datorn startar nu om.

Ett DOS-fönster ska komma fram och sedan ska loggen komma upp.

Klistra in den här liksom en ny HijackThis-logg så tittar jag på dem i morgon.

 

[salomonsson]

här är avanger.txt

[log]Logfile of The Avenger version 1, by Swandog46

Running from registry key:

\Registry\Machine\System\CurrentControlSet\Services\wrcgbabm

 

*******************

 

Script file located at: \??\C:\ckmytdhi.txt

Script file opened successfully.

 

Script file read successfully

 

Backups directory opened successfully at C:\Avenger

 

*******************

 

Beginning to process script file:

 

File C:\WINDOWS\system32\pmnli.dll deleted successfully.

 

Completed script processing.

 

*******************

 

Finished! Terminate.

[/log]

 

och hijackthis loggen

[log]

Logfile of HijackThis v1.99.1

Scan saved at 16:48:21, on 2006-12-01

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Program\Delade filer\Softwin\BitDefender Communicator\xcommsvr.exe

C:\Program\Delade filer\Softwin\BitDefender Scan Server\bdss.exe

C:\Program\Delade filer\Softwin\BitDefender Update Service\livesrv.exe

C:\Program\Softwin\BitDefender9\vsserv.exe

C:\Program\Delade filer\Stardock\SDMCP.exe

C:\WINDOWS\Explorer.EXE

C:\Program\Java\jre1.5.0_09\bin\jusched.exe

C:\Program\SyncroSoft\Pos\H2O\cledx.exe

C:\Program\iTunes\iTunesHelper.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program\Winamp\winampa.exe

C:\program\softwin\bitdef~1\bdmcon.exe

C:\Program\Softwin\BitDefender9\bdoesrv.exe

C:\program\softwin\bitdef~1\bdnagent.exe

C:\Program\iPod\bin\iPodService.exe

C:\program\softwin\bitdef~1\bdswitch.exe

C:\Program\Delade filer\{907E6AFB-0A21-1053-0919-03082203002e}\Update.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe

C:\WINDOWS\system32\notepad.exe

C:\Program\Mozilla Firefox\firefox.exe

C:\Program\Hijackthis\rensning.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell.com/countries/se/sve/gen/default.htm'>http://www.euro.dell.com/countries/se/sve/gen/default.htm

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.allmusic.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell.com/countries/se/sve/gen/default.htm

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar

R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program\Macrogaming\SweetIMBarForIE\toolbar.dll (file missing)

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {13E028EE-6D3F-4530-9915-68516CC99A72} - C:\WINDOWS\system32\pmnli.dll (file missing)

O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\Program\MACROG~1\SWEETI~1\toolbar.dll (file missing)

O2 - BHO: (no name) - {35F7813A-AF74-4474-B1DC-7EE6FB6C43C6} - C:\WINDOWS\system32\vknwgkot.dll

O2 - BHO: (no name) - {39f25b12-74ff-4079-a51f-1d70f5b08b84} - C:\WINDOWS\system32\ixt0.dll (file missing)

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program\Java\jre1.5.0_09\bin\ssv.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program\Delade filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O3 - Toolbar: MSN Verktygslåda - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program\MSN Toolbar\01.01.2607.0\sv\msntb.dll

O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program\Macrogaming\SweetIMBarForIE\toolbar.dll (file missing)

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [TaskMon] C:\WINDOWS\System32\taskmon.exe

O4 - HKLM\..\Run: [AceGain LiveUpdate] C:\Program\AceGain\LiveUpdate\LiveUpdate.exe

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program\Java\jre1.5.0_09\bin\jusched.exe"

O4 - HKLM\..\Run: [H2O] C:\Program\SyncroSoft\Pos\H2O\cledx.exe

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [WinampAgent] C:\Program\Winamp\winampa.exe

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [CTDrive] rundll32.exe C:\WINDOWS\system32\drvwex.dll,startup

O4 - HKLM\..\Run: [bDMCon] c:\program\softwin\bitdef~1\bdmcon.exe

O4 - HKLM\..\Run: [bDOESRV] "C:\Program\Softwin\BitDefender9\bdoesrv.exe"

O4 - HKLM\..\Run: [bDNewsAgent] "C:\program\softwin\bitdef~1\bdnagent.exe"

O4 - HKLM\..\Run: [bDSwitchAgent] "C:\program\softwin\bitdef~1\bdswitch.exe"

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [FreeRAM XP] "C:\Program\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" -win

O4 - HKCU\..\Run: [tunebite.exe] C:\Program\tunebite\tunebite.exe -hidden

O4 - HKCU\..\Run: [OM_Monitor] C:\Program\OLYMPUS\OLYMPUS Master\Monitor.exe -NoStart

O4 - HKCU\..\Run: [skype] "C:\Program\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKCU\..\Run: [updateMgr] "C:\Program\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7 -reboot 1

O4 - Startup: Adobe Gamma.lnk = C:\Program\Delade filer\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~3\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_09\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_09\bin\ssv.dll

O9 - Extra button: Referensinformation - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program\MICROS~3\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe (file missing)

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe (file missing)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = Salo

O17 - HKLM\Software\..\Telephony: DomainName = Salo

O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = Salo

O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = Salo

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program\MSNMES~1\MSGRAP~1.DLL

O20 - Winlogon Notify: MCPClient - C:\Program\Delade filer\Stardock\mcpstub.dll

O20 - Winlogon Notify: pmnli - C:\WINDOWS\system32\pmnli.dll (file missing)

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O20 - Winlogon Notify: winubg32 - winubg32.dll (file missing)

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program\Delade filer\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program\Delade filer\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program\Delade filer\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPodService - Apple Computer, Inc. - C:\Program\iPod\bin\iPodService.exe

O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Program\Delade filer\Softwin\BitDefender Update Service\livesrv.exe" /service (file missing)

O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program\Intel\NCS\Sync\NetSvc.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Program\Softwin\BitDefender9\vsserv.exe" /service (file missing)

O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program\Delade filer\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)

[/log]

 

så nu kanske det börjar närma sig?

 

[Cecilia]

Det blir allt bättre.

Tack för poängen också!

 

Gå till http://www.virustotal.com/ klistra in ett av följande filnamn i rutan, tryck på Send och vänta tills resultatet är klart (Status blir Finished). Klistra in resultatet (inkl. filstorlek) här. Upprepa med nästa filnamn.

C:\WINDOWS\system32\vknwgkot.dll

C:\WINDOWS\System32\taskmon.exe

 

Ladda ner programmet SmitfraudFix (by S!Ri) till Skrivbordet:

http://siri.urz.free.fr/Fix/SmitfraudFix.zip

Högerklicka och extrahera allt innehåll till Skrivbordet. En mapp SmitfraudFix kommer att skapas.

 

Öppna SmitfraudFix-mappen och dubbelklicka på smitfraudfix.cmd.

Välj alternativ #1 - Search genom att trycka på 1 och Enter.

Programmet kommer att skanna igenom datorn.

När den är klart visas resultatet och programmet har skapat loggfilen C:\rapport.txt.

 

Klistra in innehållet i loggfilen i ditt svar här.

 

Gör inget annat med SmitfraudFix-mappen eller smitfraudfix.cmd.

 

[salomonsson]

vknwgkot.dll resultatet:

[log]Antivirus Version Update Result

AntiVir 7.2.0.46 12.01.2006 no virus found

Authentium 4.93.8 11.30.2006 no virus found

Avast 4.7.892.0 12.01.2006 no virus found

AVG 386 12.01.2006 no virus found

BitDefender 7.2 12.01.2006 no virus found

CAT-QuickHeal 8.00 12.01.2006 no virus found

ClamAV devel-20060426 12.01.2006 no virus found

DrWeb 4.33 12.01.2006 no virus found

eSafe 7.0.14.0 11.30.2006 no virus found

eTrust-InoculateIT 23.73.73 12.01.2006 no virus found

eTrust-Vet 30.3.3225 12.01.2006 no virus found

Ewido 4.0 12.01.2006 no virus found

Fortinet 2.82.0.0 12.01.2006 no virus found

F-Prot 3.16f 11.30.2006 no virus found

F-Prot4 4.2.1.29 11.30.2006 no virus found

Ikarus 0.2.65.0 12.01.2006 no virus found

Kaspersky 4.0.2.24 12.01.2006 no virus found

McAfee 4908 11.30.2006 no virus found

Microsoft 1.1804 12.01.2006 no virus found

NOD32v2 1892 11.30.2006 no virus found

Norman 5.80.02 12.01.2006 no virus found

Panda 9.0.0.4 12.01.2006 no virus found

Prevx1 V2 12.01.2006 no virus found

Sophos 4.12.0 12.01.2006 no virus found

Sunbelt 2.2.907.0 11.30.2006 no virus found

TheHacker 6.0.3.127 12.01.2006 no virus found

UNA 1.83 11.30.2006 no virus found

VBA32 3.11.1 11.30.2006 no virus found

VirusBuster 4.3.15:9 12.01.2006 no virus found

 

Aditional Information

File size: 0 bytes

MD5: d41d8cd98f00b204e9800998ecf8427e

SHA1: da39a3ee5e6b4b0d3255bfef95601890afd80709[/log]

 

taskmon.exe resultatet:

[log]Antivirus Version Update Result

AntiVir 7.2.0.46 12.01.2006 no virus found

Authentium 4.93.8 11.30.2006 no virus found

Avast 4.7.892.0 12.01.2006 no virus found

AVG 386 12.01.2006 no virus found

BitDefender 7.2 12.01.2006 no virus found

CAT-QuickHeal 8.00 12.01.2006 no virus found

ClamAV devel-20060426 12.01.2006 no virus found

DrWeb 4.33 12.01.2006 no virus found

eSafe 7.0.14.0 11.30.2006 no virus found

eTrust-InoculateIT 23.73.73 12.01.2006 no virus found

eTrust-Vet 30.3.3225 12.01.2006 no virus found

Ewido 4.0 12.01.2006 no virus found

Fortinet 2.82.0.0 12.01.2006 no virus found

F-Prot 3.16f 11.30.2006 no virus found

F-Prot4 4.2.1.29 11.30.2006 no virus found

Ikarus 0.2.65.0 12.01.2006 no virus found

 

Aditional Information

File size: 0 bytes

MD5: d41d8cd98f00b204e9800998ecf8427e

SHA1: da39a3ee5e6b4b0d3255bfef95601890afd80709

[/log]

 

 

Här är smitfraudfix.txt

 

[log]SmitFraudFix v2.126

 

Scan done at 17:59:54,98, 2006-12-01

Run from C:\Documents and Settings\P„r Salomonsson\Skrivbord\SmitfraudFix

OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT

Fix run in normal mode

 

»»»»»»»»»»»»»»»»»»»»»»»» C:

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

 

C:\WINDOWS\system32\ot.ico FOUND !

C:\WINDOWS\system32\ts.ico FOUND !

C:\WINDOWS\system32\drvwex.dll FOUND !

C:\WINDOWS\system32\components\flx?.dll FOUND !

C:\WINDOWS\system32\components\flx??.dll FOUND !

C:\WINDOWS\system32\components\flx???.dll FOUND !

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\P„r Salomonsson

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\P„r Salomonsson\Application Data

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Start Menu

 

 

»»»»»»»»»»»»»»»»»»»»»»»»

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Desktop

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\Program

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]

"Source"="file:///C:/DOCUME~1/PRSALO~1/LOKALA~1/Temp/msohtml1/01/clip_image002.jpg"

"SubscribedURL"="file:///C:/DOCUME~1/PRSALO~1/LOKALA~1/Temp/msohtml1/01/clip_image002.jpg"

"FriendlyName"=""

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\1]

"Source"="About:Home"

"SubscribedURL"="About:Home"

"FriendlyName"="Min aktuella startsida"

 

»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler

!!!Attention, following keys are not inevitably infected!!!

 

SrchSTS.exe by S!Ri

Search SharedTaskScheduler's .dll

 

 

»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs

!!!Attention, following keys are not inevitably infected!!!

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"AppInit_DLLs"="sockspy.dll"

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System

!!!Attention, following keys are not inevitably infected!!!

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]

"System"=""

"Startup"="MCPSystemStartup"

"DllName"="C:\\WINDOWS\\system32\\pmnli.dll"

 

 

»»»»»»»»»»»»»»»»»»»»»»»» pe386-msguard-lzx32

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection

 

 

»»»»»»»»»»»»»»»»»»»»»»»» End

[/log]

[inlägget ändrat 2006-12-01 18:02:34 av salomonsson]

[Cecilia]

Starta om datorn i felsäkert läge genom att trycka F8 upprepade gånger under uppstarten och välja Felsäkert i menyn.

 

Öppna SmitfraudFix-mappen och dubbelklicka på smitfraudfix.cmd för att starta programmet.

Välj alternativ #2 genom att trycka 2 och Enter.

Vänta på att verktyget blir klart och diskrensningen avslutas.

Under tiden så kommer det en fråga om du vill rensa registret (clean the registry) svara ja (Yes) genom att trycka Y och Enter.

 

Om datorn inte startar om av sig själv så gör du det.

Även denna gång ska det vara felsäkert läge.

 

Kontrollpanelen - Internet-alternativ - Allmänt - Ta bort filer, kryssa i rutan - OK

Sedan på fliken Program, välj Återställ webbinställningar. Verkställ - OK

 

Kontrollpanelen - Bildskärm - Skrivbord - Anpassa skrivbordet - Webb

Om det finns något med Security info eller liknande så Ta bort det.

OK - Verkställ - OK

 

Starta om datorn i normalt läge.

 

I ditt svar så klistra in den nyss skapade C:\rapport.txt och en ny HijackThis-logg

 

[salomonsson]

hijack:

[log]Logfile of HijackThis v1.99.1

Scan saved at 19:06:45, on 2006-12-01

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Program\Delade filer\Softwin\BitDefender Communicator\xcommsvr.exe

C:\Program\Delade filer\Softwin\BitDefender Scan Server\bdss.exe

C:\Program\Delade filer\Softwin\BitDefender Update Service\livesrv.exe

C:\Program\Softwin\BitDefender9\vsserv.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program\Delade filer\Stardock\SDMCP.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\rundll32.exe

C:\Program\Java\jre1.5.0_09\bin\jusched.exe

C:\Program\SyncroSoft\Pos\H2O\cledx.exe

C:\Program\iTunes\iTunesHelper.exe

C:\Program\Winamp\winampa.exe

C:\program\softwin\bitdef~1\bdmcon.exe

C:\Program\iPod\bin\iPodService.exe

C:\Program\Softwin\BitDefender9\bdoesrv.exe

C:\program\softwin\bitdef~1\bdnagent.exe

C:\program\softwin\bitdef~1\bdswitch.exe

C:\Program\Delade filer\{907E6AFB-0A21-1053-0919-03082203002e}\Update.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe

C:\Program\Adobe\Acrobat 7.0\Reader\reader_sl.exe

C:\Program\Hijackthis\rensning.exe

C:\Program\Mozilla Firefox\firefox.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar

R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program\Macrogaming\SweetIMBarForIE\toolbar.dll (file missing)

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {13E028EE-6D3F-4530-9915-68516CC99A72} - C:\WINDOWS\system32\pmnli.dll (file missing)

O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\Program\MACROG~1\SWEETI~1\toolbar.dll (file missing)

O2 - BHO: (no name) - {35F7813A-AF74-4474-B1DC-7EE6FB6C43C6} - C:\WINDOWS\system32\vknwgkot.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program\Java\jre1.5.0_09\bin\ssv.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program\Delade filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O3 - Toolbar: MSN Verktygslåda - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program\MSN Toolbar\01.01.2607.0\sv\msntb.dll

O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program\Macrogaming\SweetIMBarForIE\toolbar.dll (file missing)

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [TaskMon] C:\WINDOWS\System32\taskmon.exe

O4 - HKLM\..\Run: [AceGain LiveUpdate] C:\Program\AceGain\LiveUpdate\LiveUpdate.exe

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program\Java\jre1.5.0_09\bin\jusched.exe"

O4 - HKLM\..\Run: [H2O] C:\Program\SyncroSoft\Pos\H2O\cledx.exe

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [WinampAgent] C:\Program\Winamp\winampa.exe

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [bDMCon] c:\program\softwin\bitdef~1\bdmcon.exe

O4 - HKLM\..\Run: [bDOESRV] "C:\Program\Softwin\BitDefender9\bdoesrv.exe"

O4 - HKLM\..\Run: [bDNewsAgent] "C:\program\softwin\bitdef~1\bdnagent.exe"

O4 - HKLM\..\Run: [bDSwitchAgent] "C:\program\softwin\bitdef~1\bdswitch.exe"

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [FreeRAM XP] "C:\Program\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" -win

O4 - HKCU\..\Run: [tunebite.exe] C:\Program\tunebite\tunebite.exe -hidden

O4 - HKCU\..\Run: [OM_Monitor] C:\Program\OLYMPUS\OLYMPUS Master\Monitor.exe -NoStart

O4 - HKCU\..\Run: [skype] "C:\Program\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKCU\..\Run: [updateMgr] "C:\Program\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7 -reboot 1

O4 - Startup: Adobe Gamma.lnk = C:\Program\Delade filer\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~3\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_09\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_09\bin\ssv.dll

O9 - Extra button: Referensinformation - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program\MICROS~3\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe (file missing)

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe (file missing)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = Salo

O17 - HKLM\Software\..\Telephony: DomainName = Salo

O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = Salo

O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = Salo

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program\MSNMES~1\MSGRAP~1.DLL

O20 - Winlogon Notify: MCPClient - C:\Program\Delade filer\Stardock\mcpstub.dll

O20 - Winlogon Notify: pmnli - C:\WINDOWS\system32\pmnli.dll (file missing)

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O20 - Winlogon Notify: winubg32 - winubg32.dll (file missing)

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program\Delade filer\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program\Delade filer\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program\Delade filer\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPodService - Apple Computer, Inc. - C:\Program\iPod\bin\iPodService.exe

O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Program\Delade filer\Softwin\BitDefender Update Service\livesrv.exe" /service (file missing)

O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program\Intel\NCS\Sync\NetSvc.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Program\Softwin\BitDefender9\vsserv.exe" /service (file missing)

O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program\Delade filer\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)

[/log]

 

...och rapport.txt

[log]SmitFraudFix v2.126

 

Scan done at 18:50:05,50, 2006-12-01

Run from C:\Documents and Settings\P„r Salomonsson\Skrivbord\SmitfraudFix

OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT

Fix run in safe mode

 

»»»»»»»»»»»»»»»»»»»»»»»» Before SmitFraudFix

!!!Attention, following keys are not inevitably infected!!!

 

SrchSTS.exe by S!Ri

Search SharedTaskScheduler's .dll

 

»»»»»»»»»»»»»»»»»»»»»»»» Killing process

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

 

GenericRenosFix by S!Ri

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

 

C:\WINDOWS\system32\ot.ico Deleted

C:\WINDOWS\system32\ts.ico Deleted

C:\WINDOWS\system32\drvwex.dll Deleted

C:\WINDOWS\system32\components\flx?.dll Deleted

 

»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

 

Registry Cleaning done.

 

»»»»»»»»»»»»»»»»»»»»»»»» After SmitFraudFix

!!!Attention, following keys are not inevitably infected!!!

 

SrchSTS.exe by S!Ri

Search SharedTaskScheduler's .dll

 

 

»»»»»»»»»»»»»»»»»»»»»»»» End

[/log]

 

Kan jag inte ha activ desktop längre?

 

[Cecilia]

Kan jag inte ha activ desktop längre?

Det skulle jag väl tro, bara det inte är en illasinnad webbsida som kommer ut där. Något problem?

 

Ladda ner ComboFix:

http://download.bleepingcomputer.com/sUBs/combofix.exe

 

Kör den och följ anvisningarna som visas.

 

VIKTIGT! Klicka inte på Combofix-fönstret med musen när den körs annars kan den hänga upp sig.

 

När den är färdig så ska en logg komma upp, klistra in den här, samt en ny HijackThis-logg.

 

[salomonsson]

combofix:

[log]P„r Salomonsson - 06-12-02 15:53:42,29 Service Pack 2

ComboFix 06.11.27W - Running from: "C:\Documents and Settings\P„r Salomonsson\Skrivbord"

 

(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

 

 

C:\Program\Delade filer\Yazzle1122OinUninstaller.exe

C:\Program\Inetget2

C:\WINDOWS\system32\components

C:\Program\Delade filer\{907E6AFB-0A21-1053-0919-03082203002e}

 

 

((((((((((((((((((((((((((((((( Files Created from 2006-11-02 to 2006-12-02 ))))))))))))))))))))))))))))))))))

 

 

2006-12-01 16:40 <KAT> d-------- C:\avenger

2006-12-01 14:12 641,411 ---hs---- C:\WINDOWS\SYSTEM32\ilnmp.ini2

2006-11-30 18:48 635,606 ---hs---- C:\WINDOWS\SYSTEM32\ilnmp.bak1

2006-11-30 18:00 <KAT> d-------- C:\VundoFix Backups

2006-11-30 11:42 <KAT> d-------- C:\Program\Hijackthis

2006-11-29 12:33 <KAT> d-------- C:\Program\VSAdd-in

2006-11-27 18:26 <KAT> d-------- C:\Program\Opera

2006-11-27 13:49 110,612 --a------ C:\WINDOWS\SYSTEM32\ddoyrnjx.exe

2006-11-26 22:50 <KAT> dr------- C:\Documents and Settings\P„r Salomonsson\Mina dokument

2006-11-26 17:28 110,612 --a------ C:\WINDOWS\SYSTEM32\lnlggvbs.exe

2006-11-25 17:19 110,612 --a------ C:\WINDOWS\SYSTEM32\frhwwwsh.exe

2006-11-24 17:19 110,612 --a------ C:\WINDOWS\SYSTEM32\odyehggf.exe

2006-11-23 17:19 110,612 --a------ C:\WINDOWS\SYSTEM32\wecesiia.exe

2006-11-22 17:19 110,612 --a------ C:\WINDOWS\SYSTEM32\ownklyob.exe

2006-11-21 17:19 110,612 --a------ C:\WINDOWS\SYSTEM32\ptubcqbl.exe

2006-11-21 17:18 110,612 --a------ C:\WINDOWS\SYSTEM32\stwwhupb.exe

2006-11-20 15:59 110,612 --a------ C:\WINDOWS\SYSTEM32\fkbofnmb.exe

2006-11-19 15:59 110,612 --a------ C:\WINDOWS\SYSTEM32\fovdefbh.exe

2006-11-18 17:59 <KAT> d-------- C:\Documents and Settings\P„r Salomonsson\Application Data\Opera

2006-11-18 16:38 <KAT> d-------- C:\Documents and Settings\All Users\Application Data\Adobe Systems

2006-11-18 16:28 <KAT> d-------- C:\Program\Delade filer\Adobe Systems Shared

2006-11-18 15:59 110,612 --a------ C:\WINDOWS\SYSTEM32\fhddrdbf.exe

2006-11-17 15:59 110,612 --a------ C:\WINDOWS\SYSTEM32\puyvnxss.exe

2006-11-17 12:58 <KAT> d-------- C:\Documents and Settings\All Users\Application Data\Avg7

2006-11-17 12:26 <KAT> d--hs---- C:\Config.Msi

2006-11-17 12:26 <KAT> d-------- C:\Program\Softwin

2006-11-17 12:25 <KAT> d-------- C:\Program\Delade filer\Softwin

2006-11-16 15:51 <KAT> d-------- C:\Documents and Settings\All Users\Application Data\McAfee

2006-11-12 14:12 25,856 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\usbprint.sys

 

 

(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

 

 

2006-12-02 16:04 -------- d-------- C:\Program\Delade filer

2006-12-02 15:50 -------- d-------- C:\Program\Mozilla Firefox

2006-12-01 22:13 -------- d-------- C:\Program\DC++

2006-11-25 17:34 -------- d--h----- C:\Program\InstallShield Installation Information

2006-11-19 13:01 -------- d-------- C:\Program\Electronic Arts

2006-11-18 18:59 -------- d-------- C:\Documents and Settings\P„r Salomonsson\Application Data\Adobe

2006-11-18 17:15 -------- d-------- C:\Program\Internet Explorer

2006-11-18 17:06 -------- d-------- C:\Program\Adobe

2006-11-18 16:55 -------- d-------- C:\Program\Delade filer\Adobe

2006-11-17 13:02 73728 --a------ C:\WINDOWS\SYSTEM32\sockspy.dll

2006-11-17 13:01 77824 --a------ C:\WINDOWS\SYSTEM32\xcomm.dll

2006-11-17 10:36 -------- d-------- C:\Program\GameSpy Arcade

2006-11-17 10:36 -------- d-------- C:\Program\DAEMON Tools

2006-11-02 01:14 -------- d-------- C:\Program\FlashFXP

2006-11-01 14:59 -------- d-------- C:\Documents and Settings\P„r Salomonsson\Application Data\Macromedia

2006-11-01 14:39 -------- d-------- C:\Program\Macromedia

2006-11-01 14:39 -------- d-------- C:\Program\Delade filer\Macromedia

2006-10-26 10:38 -------- d-------- C:\Program\Java

2006-10-22 16:20 -------- d-------- C:\Documents and Settings\P„r Salomonsson\Application Data\dvdcss

2006-10-18 09:55 -------- d---s---- C:\Documents and Settings\P„r Salomonsson\Application Data\Microsoft

2006-10-17 16:03 -------- d-------- C:\Program\Microsoft.NET

2006-10-17 16:02 -------- d-------- C:\Program\Delade filer\Microsoft Shared

2006-10-16 16:12 -------- d-------- C:\Program\EA GAMES

2006-10-13 13:41 141824 --a------ C:\WINDOWS\SYSTEM32\nwprovau.dll

2006-10-11 22:23 -------- d-------- C:\Documents and Settings\P„r Salomonsson\Application Data\InstallShield

2006-10-03 17:47 825 --a------ C:\WINDOWS\QSFVExit.bat

2006-09-28 15:05 2414360 --a------ C:\WINDOWS\SYSTEM32\d3dx9_31.dll

2006-09-28 15:05 237848 --a------ C:\WINDOWS\SYSTEM32\xactengine2_4.dll

2006-09-28 15:04 68888 --a------ C:\WINDOWS\SYSTEM32\xinput1_3.dll

2006-09-28 15:03 15128 --a------ C:\WINDOWS\SYSTEM32\x3daudio1_1.dll

2006-09-13 06:07 1084416 --a------ C:\WINDOWS\SYSTEM32\msxml3.dll

 

 

(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

 

*Note* empty entries are not shown

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]

"CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.exe"

"FreeRAM XP"="\"C:\\Program\\YourWare Solutions\\FreeRAM XP Pro\\FreeRAM XP Pro.exe\" -win"

"tunebite.exe"="C:\\Program\\tunebite\\tunebite.exe -hidden"

"OM_Monitor"="C:\\Program\\OLYMPUS\\OLYMPUS Master\\Monitor.exe -NoStart"

"Skype"="\"C:\\Program\\Skype\\Phone\\Skype.exe\" /nosplash /minimized"

"updateMgr"="\"C:\\Program\\Adobe\\Acrobat 7.0\\Reader\\AdobeUpdateManager.exe\" AcRdB7_0_7 -reboot 1"

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]

"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"

"TaskMon"="C:\\WINDOWS\\System32\\taskmon.exe"

"AceGain LiveUpdate"="C:\\Program\\AceGain\\LiveUpdate\\LiveUpdate.exe"

"nwiz"="nwiz.exe /install"

"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"

"SunJavaUpdateSched"="\"C:\\Program\\Java\\jre1.5.0_09\\bin\\jusched.exe\""

"H2O"="C:\\Program\\SyncroSoft\\Pos\\H2O\\cledx.exe"

"iTunesHelper"="\"C:\\Program\\iTunes\\iTunesHelper.exe\""

"QuickTime Task"="\"C:\\Program\\QuickTime\\qttask.exe\" -atboottime"

"WinampAgent"="C:\\Program\\Winamp\\winampa.exe"

"NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvMcTray.dll,NvTaskbarInit"

"BDMCon"="c:\\program\\softwin\\bitdef~1\\bdmcon.exe"

"BDOESRV"="\"C:\\Program\\Softwin\\BitDefender9\\bdoesrv.exe\""

"BDNewsAgent"="\"c:\\program\\softwin\\bitdef~1\\bdnagent.exe\""

"BDSwitchAgent"="\"c:\\program\\softwin\\bitdef~1\\bdswitch.exe\""

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]

"Installed"="1"

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]

"Installed"="1"

"NoChange"="1"

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]

"Installed"="1"

 

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]

"DeskHtmlVersion"=dword:00000110

"DeskHtmlMinorVersion"=dword:00000005

"Settings"=dword:00000001

"GeneralFlags"=dword:00000000

 

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]

"CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"

 

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]

"CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]

"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"

"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]

"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"NoDriveTypeAutoRun"=dword:00000091

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"dontdisplaylastusername"=dword:00000000

"legalnoticecaption"=""

"legalnoticetext"=""

"shutdownwithoutlogon"=dword:00000001

"undockwithoutlogon"=dword:00000001

 

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]

"NoDriveTypeAutoRun"=dword:00000091

"CDRAutoRun"=dword:00000000

 

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]

"NoDriveTypeAutoRun"=dword:00000091

"CDRAutoRun"=dword:00000000

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]

"0aMCPClient"="{F5DF91F9-15E9-416B-A7C3-7519B11ECBFC}"

"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"

"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"

"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"

"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"

 

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\MCPClient

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\pmnli

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winubg32

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]

"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

 

Completion time: 06-12-02 16:05:11.32

C:\ComboFix.txt ... 06-12-02 16:05

[/log]

 

hijackthis:

[log]Logfile of HijackThis v1.99.1

Scan saved at 16:13:29, on 2006-12-02

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Program\Delade filer\Softwin\BitDefender Communicator\xcommsvr.exe

C:\Program\Delade filer\Softwin\BitDefender Update Service\livesrv.exe

C:\Program\Delade filer\Softwin\BitDefender Scan Server\bdss.exe

C:\Program\Softwin\BitDefender9\vsserv.exe

C:\Program\Delade filer\Stardock\SDMCP.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\rundll32.exe

C:\Program\Java\jre1.5.0_09\bin\jusched.exe

C:\Program\SyncroSoft\Pos\H2O\cledx.exe

C:\Program\iTunes\iTunesHelper.exe

C:\Program\Winamp\winampa.exe

C:\program\softwin\bitdef~1\bdmcon.exe

C:\Program\iPod\bin\iPodService.exe

C:\Program\Softwin\BitDefender9\bdoesrv.exe

C:\program\softwin\bitdef~1\bdnagent.exe

C:\program\softwin\bitdef~1\bdswitch.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe

C:\Program\Mozilla Firefox\firefox.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\Program\Hijackthis\rensning.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar

R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program\Macrogaming\SweetIMBarForIE\toolbar.dll (file missing)

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {13E028EE-6D3F-4530-9915-68516CC99A72} - C:\WINDOWS\system32\pmnli.dll (file missing)

O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\Program\MACROG~1\SWEETI~1\toolbar.dll (file missing)

O2 - BHO: (no name) - {35F7813A-AF74-4474-B1DC-7EE6FB6C43C6} - C:\WINDOWS\system32\vknwgkot.dll (file missing)

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program\Java\jre1.5.0_09\bin\ssv.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program\Delade filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O3 - Toolbar: MSN Verktygslåda - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program\MSN Toolbar\01.01.2607.0\sv\msntb.dll

O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program\Macrogaming\SweetIMBarForIE\toolbar.dll (file missing)

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [TaskMon] C:\WINDOWS\System32\taskmon.exe

O4 - HKLM\..\Run: [AceGain LiveUpdate] C:\Program\AceGain\LiveUpdate\LiveUpdate.exe

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program\Java\jre1.5.0_09\bin\jusched.exe"

O4 - HKLM\..\Run: [H2O] C:\Program\SyncroSoft\Pos\H2O\cledx.exe

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [WinampAgent] C:\Program\Winamp\winampa.exe

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [bDMCon] c:\program\softwin\bitdef~1\bdmcon.exe

O4 - HKLM\..\Run: [bDOESRV] "C:\Program\Softwin\BitDefender9\bdoesrv.exe"

O4 - HKLM\..\Run: [bDNewsAgent] "C:\program\softwin\bitdef~1\bdnagent.exe"

O4 - HKLM\..\Run: [bDSwitchAgent] "C:\program\softwin\bitdef~1\bdswitch.exe"

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [FreeRAM XP] "C:\Program\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" -win

O4 - HKCU\..\Run: [tunebite.exe] C:\Program\tunebite\tunebite.exe -hidden

O4 - HKCU\..\Run: [OM_Monitor] C:\Program\OLYMPUS\OLYMPUS Master\Monitor.exe -NoStart

O4 - HKCU\..\Run: [skype] "C:\Program\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKCU\..\Run: [updateMgr] "C:\Program\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7 -reboot 1

O4 - Startup: Adobe Gamma.lnk = C:\Program\Delade filer\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~3\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_09\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_09\bin\ssv.dll

O9 - Extra button: Referensinformation - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program\MICROS~3\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe (file missing)

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe (file missing)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = Salo

O17 - HKLM\Software\..\Telephony: DomainName = Salo

O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = Salo

O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = Salo

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program\MSNMES~1\MSGRAP~1.DLL

O20 - Winlogon Notify: MCPClient - C:\Program\Delade filer\Stardock\mcpstub.dll

O20 - Winlogon Notify: pmnli - C:\WINDOWS\system32\pmnli.dll (file missing)

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O20 - Winlogon Notify: winubg32 - winubg32.dll (file missing)

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program\Delade filer\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program\Delade filer\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program\Delade filer\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPodService - Apple Computer, Inc. - C:\Program\iPod\bin\iPodService.exe

O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Program\Delade filer\Softwin\BitDefender Update Service\livesrv.exe" /service (file missing)

O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program\Intel\NCS\Sync\NetSvc.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Program\Softwin\BitDefender9\vsserv.exe" /service (file missing)

O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program\Delade filer\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)

[/log]

 

ang. activ desktop så hade jag bara lite problem med att bakgrunden försvann och det kom upp en fråga på själva skrivbordet om jag ville återställa activ desktop!

 

 

 

[Cecilia]

Vill du ha active desktop, det är ganska ovanligt?

 

Skanna med HijackThis och bocka för:

 

R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program\Macrogaming\SweetIMBarForIE\toolbar.dll (file missing)

O2 - BHO: (no name) - {13E028EE-6D3F-4530-9915-68516CC99A72} - C:\WINDOWS\system32\pmnli.dll (file missing)

O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\Program\MACROG~1\SWEETI~1\toolbar.dll (file missing)

O2 - BHO: (no name) - {35F7813A-AF74-4474-B1DC-7EE6FB6C43C6} - C:\WINDOWS\system32\vknwgkot.dll (file missing)

O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program\Macrogaming\SweetIMBarForIE\toolbar.dll (file missing)

O4 - HKLM\..\Run: [TaskMon] C:\WINDOWS\System32\taskmon.exe

O20 - Winlogon Notify: pmnli - C:\WINDOWS\system32\pmnli.dll (file missing)

O20 - Winlogon Notify: winubg32 - winubg32.dll (file missing)

 

Avsluta alla andra program.

Tryck Fix checked.

 

Starta om datorn i felsäkert läge (tryck F8 upprepade gånger under uppstarten och välj felsäkert läge i menyn).

 

Ställ in Utforskaren så att du kan se alla filer:

Verktyg - (Mapp)alternativ eller liknande - Visning

Välj Visa dolda filer och mappar

Avbocka Dölj filnamnstillägg för kända filtyper

Avbocka Dölj skyddade operativsystemfiler

 

Ta bort filerna (om de finns kvar):

C:\WINDOWS\SYSTEM32\ilnmp.ini2

C:\WINDOWS\SYSTEM32\ilnmp.bak1

C:\WINDOWS\system32\vknwgkot.dll

C:\WINDOWS\System32\taskmon.exe

 

Ta bort mapparna (om de finns kvar):

C:\Program\Macrogaming\SweetIMBarForIE

 

Starta om i normalt läge och så en ny HijackThis-logg.

 

Gå till http://www.virustotal.com/ klistra in ett av följande filnamn i rutan, tryck på Send och vänta tills resultatet är klart (Status blir Finished). Om de har storleken 0 eller om något otrevligt hittas i dem så ta bort filen. Upprepa med nästa filnamn.

2006-11-27 13:49 110,612 --a------ C:\WINDOWS\SYSTEM32\ddoyrnjx.exe

2006-11-26 17:28 110,612 --a------ C:\WINDOWS\SYSTEM32\lnlggvbs.exe

2006-11-25 17:19 110,612 --a------ C:\WINDOWS\SYSTEM32\frhwwwsh.exe

2006-11-24 17:19 110,612 --a------ C:\WINDOWS\SYSTEM32\odyehggf.exe

2006-11-23 17:19 110,612 --a------ C:\WINDOWS\SYSTEM32\wecesiia.exe

2006-11-22 17:19 110,612 --a------ C:\WINDOWS\SYSTEM32\ownklyob.exe

2006-11-21 17:19 110,612 --a------ C:\WINDOWS\SYSTEM32\ptubcqbl.exe

2006-11-21 17:18 110,612 --a------ C:\WINDOWS\SYSTEM32\stwwhupb.exe

2006-11-20 15:59 110,612 --a------ C:\WINDOWS\SYSTEM32\fkbofnmb.exe

2006-11-19 15:59 110,612 --a------ C:\WINDOWS\SYSTEM32\fovdefbh.exe

2006-11-18 15:59 110,612 --a------ C:\WINDOWS\SYSTEM32\fhddrdbf.exe

2006-11-17 15:59 110,612 --a------ C:\WINDOWS\SYSTEM32\puyvnxss.exe

 

 

[salomonsson]

hijack:

[log]Logfile of HijackThis v1.99.1

Scan saved at 18:28:58, on 2006-12-02

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Program\Delade filer\Softwin\BitDefender Communicator\xcommsvr.exe

C:\Program\Delade filer\Softwin\BitDefender Scan Server\bdss.exe

C:\Program\Delade filer\Softwin\BitDefender Update Service\livesrv.exe

C:\Program\Softwin\BitDefender9\vsserv.exe

C:\Program\Delade filer\Stardock\SDMCP.exe

C:\WINDOWS\Explorer.EXE

C:\Program\Java\jre1.5.0_09\bin\jusched.exe

C:\Program\SyncroSoft\Pos\H2O\cledx.exe

C:\Program\iTunes\iTunesHelper.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program\Winamp\winampa.exe

C:\Program\iPod\bin\iPodService.exe

C:\program\softwin\bitdef~1\bdmcon.exe

C:\Program\Softwin\BitDefender9\bdoesrv.exe

C:\program\softwin\bitdef~1\bdnagent.exe

C:\program\softwin\bitdef~1\bdswitch.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe

C:\Program\Mozilla Firefox\firefox.exe

C:\Program\Hijackthis\rensning.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program\Java\jre1.5.0_09\bin\ssv.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program\Delade filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O3 - Toolbar: MSN Verktygslåda - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program\MSN Toolbar\01.01.2607.0\sv\msntb.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [AceGain LiveUpdate] C:\Program\AceGain\LiveUpdate\LiveUpdate.exe

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program\Java\jre1.5.0_09\bin\jusched.exe"

O4 - HKLM\..\Run: [H2O] C:\Program\SyncroSoft\Pos\H2O\cledx.exe

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [WinampAgent] C:\Program\Winamp\winampa.exe

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [bDMCon] c:\program\softwin\bitdef~1\bdmcon.exe

O4 - HKLM\..\Run: [bDOESRV] "C:\Program\Softwin\BitDefender9\bdoesrv.exe"

O4 - HKLM\..\Run: [bDNewsAgent] "C:\program\softwin\bitdef~1\bdnagent.exe"

O4 - HKLM\..\Run: [bDSwitchAgent] "C:\program\softwin\bitdef~1\bdswitch.exe"

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [FreeRAM XP] "C:\Program\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" -win

O4 - HKCU\..\Run: [tunebite.exe] C:\Program\tunebite\tunebite.exe -hidden

O4 - HKCU\..\Run: [OM_Monitor] C:\Program\OLYMPUS\OLYMPUS Master\Monitor.exe -NoStart

O4 - HKCU\..\Run: [skype] "C:\Program\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKCU\..\Run: [updateMgr] "C:\Program\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7 -reboot 1

O4 - Startup: Adobe Gamma.lnk = C:\Program\Delade filer\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~3\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_09\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_09\bin\ssv.dll

O9 - Extra button: Referensinformation - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program\MICROS~3\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe (file missing)

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe (file missing)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = Salo

O17 - HKLM\Software\..\Telephony: DomainName = Salo

O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = Salo

O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = Salo

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program\MSNMES~1\MSGRAP~1.DLL

O20 - Winlogon Notify: MCPClient - C:\Program\Delade filer\Stardock\mcpstub.dll

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program\Delade filer\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program\Delade filer\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program\Delade filer\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPodService - Apple Computer, Inc. - C:\Program\iPod\bin\iPodService.exe

O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Program\Delade filer\Softwin\BitDefender Update Service\livesrv.exe" /service (file missing)

O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program\Intel\NCS\Sync\NetSvc.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Program\Softwin\BitDefender9\vsserv.exe" /service (file missing)

O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program\Delade filer\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)[/log]

 

...och det var inget otrevligt i "virustotal" scannen.

Vad ska jag göra nu?Kan jag ändra tillbaka "dölj filer" m,m och kan jag ta bort alla program senare när det e klart!?

[inlägget ändrat 2006-12-02 19:30:11 av salomonsson]

[Cecilia]

Storleken på filerna var inte 0 heller på virustotal-sidan? För i så fall ska de bort också. Högerklicka på en fil och välj Egenskaper, se om du kan se vad det kan höra till för produkt eller från vilket företag de kommer från på Versions-fliken.

 

HijackThis-loggen ser bra ut.

 

Du kan ställa tillbaks

Välj Visa dolda filer och mappar

Avbocka Dölj skyddade operativsystemfiler

men låt

Avbocka Dölj filnamnstillägg för kända filtyper

vara kvar

 

Du kan ta bort VundoFix, HijackThis, Avenger, SmitfrauFix och ComboFix.

 

Uppför sig datorn bra nu?

 

[salomonsson]

. . .de filer som vägde 0 i "virustotal" scannen, det vill säga alla de som du listade i föregående inlägg!?

 

jag väntar tills du svarar igen!

 

Just nu känns det som om "errorsafe" och hästen är borta...kan man på något sätt få bort internet explorer från datorn?...även om jag använder det till msn?

 

ja ja...bugar och bockar för folk som verkligen har en begåvning till att hjälpa oss andra idioter.

 

[Cecilia]

Tack själv för alla poäng!

 

Om filerna har storleken 0 på virustotal-sidan så tar du bort dem.

 

Internet Explorer kan man inte ta bort, det är nödvändigt för att t ex köra Windows Update, men man kan använda det så lite som möjligt.

 

Här kommer mina vanliga råd för en säkrare dator, men det är så klart viktigt att man använder sitt förnuft också.

 

Uppdatera från Windows Update och kör antispionprogrammen AVG Anti-Spyware (Ewido), SUPERAntiSpyware, Spybot S&D och/eller Ad-aware regelbundet.

http://www.ewido.net/en/

http://www.superantispyware.com/

http://www.safer-networking.org/en/download/index.html

http://www.lavasoft.com

 

Komplettera antivirusprogrammet med några online-skanningar då och då:

http://housecall.trendmicro.com/

http://www.bitdefender.com/scan8/ie.html

http://www.pandasoftware.com/products/activescan/

 

Använd en brandvägg (bättre än den inbyggda i XP), finns gratis från t ex ZoneLabs.

http://www.zonelabs.com/store/content/home.jsp

 

Om man använder Internet Explorer så kan det vara lämpligt att ha programmen SpywareBlaster och SpywareGuard, vilka hindrar en hel del otrevliga program från att laddas ner resp. köras:

http://www.javacoolsoftware.com

 

Se över säkerhetsinställningarna i Internet Explorer, det finns en hel del tips här:

http://www.spywarewarrior.com/uiuc/btw/ie/ie-opts.htm

 

Samt kör IE-SpyAd som lägger en hel massa otrevliga webbplatser i zonen Ej tillförlitliga i Internet Explorer så att de inte kan göra något med datorn:

http://www.spywarewarrior.com/uiuc/resource.htm

 

Om man byter webbläsare så är det bara SpywareGuard som behövs. Andra webbläsare är t ex Mozilla Firefox och Opera:

http://www.mozilla.org

http://www.opera.com

 

Allt gratis för hemanvändare/personligt bruk.

 

[salomonsson]

Hej Cecilia!

Tackar för all hjälp och för alla tips som jag fått genom tråden här på idg!
Ha det bra och vem vet kanske "ses" vi igen...