Just nu i M3-nätverket
Jump to content

Behöver hjälp med Spyware/Trojaner/annan valfri infektion


Ricke_Hallberg

Recommended Posts

Ricke_Hallberg

Hejsan, har ett jättejobbigt problem på min dator.

 

För ett tag sen tog jag bort Norton internet security, pga CCAPP filen blev konstig och drog 50% av CPU. När jag tog bort den började attackerna från trojaner m.m som antagligen redan var inne när jag installerade Norton, men kunnde installera och köra sig först efter det att norton hadde tagits bort.

 

Nu får jag följande konstiga saker:

 

En msröjmina/gul varningstriangel som blinkar nere i meddelande fönstret.

 

När jag startar IE så kommer jag till en sida med adressen: http://www.updatestate.com/, där står att min dator är infekterad av virus blah blah blah ladda hem våra program så löser sig allt.

 

Popups med tex. Critical System Warning!, Privacy Guard Warning!

 

Samt System Doctor, det problemet när man tex surfar på Eniro så hoppar den över till en sida som säger att en trojan blockerar sidan och att jag ska andvända System Doctor för att ta bort det.

 

 

Som ni märker så har jag en MÄNGD med virus tydligen, men kan inte formatera pga Filer på datorn som jag inte vill ta bort + saknaden av cd läsare för tillfället.

 

Hur gör jag??

 

Link to comment
Share on other sites

Ladda ner programmet SmitfraudFix (by S!Ri) till Skrivbordet:

http://siri.urz.free.fr/Fix/SmitfraudFix.zip

Högerklicka och extrahera allt innehåll till Skrivbordet. En mapp SmitfraudFix kommer att skapas.

 

Öppna SmitfraudFix-mappen och dubbelklicka på smitfraudfix.cmd.

Välj alternativ #1 - Search genom att trycka på 1 och Enter.

Programmet kommer att skanna igenom datorn.

När den är klart visas resultatet och programmet har skapat loggfilen C:\rapport.txt.

 

Klistra in innehållet i loggfilen i ditt svar här.

 

Gör inget annat med SmitfraudFix-mappen eller smitfraudfix.cmd.

 

Vi kan ju se om HijackThis visar något till att börja med:

http://www.thespykiller.co.uk/files/HJTsetup.exe

Installera, kör, skanna och spara loggen (inget annat).

Klistra in innehållet i loggfilen i ditt svar här.

 

När du har klistrat in en logg i ditt svar så ska du markera (måla) hela loggen och sedan trycka på LOG-knappen i Besvara-fönstret.

 

Link to comment
Share on other sites

Hey Cecilia, I have the same problems! CAn you help?

 

My smitfraud log looks like this!

 

Jeg er fra Danmark i øvrigt.

 

[log]SmitFraudFix v2.126

 

Scan done at 15:40:03,71, 02-12-2006

Run from C:\Documents and Settings\Kim\Skrivebord\SmitfraudFix\SmitfraudFix

OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT

Fix run in normal mode

 

»»»»»»»»»»»»»»»»»»»»»»»» C:

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

 

C:\WINDOWS\system32\ishost.exe FOUND !

C:\WINDOWS\system32\ismini.exe FOUND !

C:\WINDOWS\system32\isnotify.exe FOUND !

C:\WINDOWS\system32\issearch.exe FOUND !

C:\WINDOWS\system32\ixt?.dll FOUND !

C:\WINDOWS\system32\ixt??.dll FOUND !

C:\WINDOWS\system32\ot.ico FOUND !

C:\WINDOWS\system32\tpedvf.dll FOUND !

C:\WINDOWS\system32\ts.ico FOUND !

C:\WINDOWS\system32\components\flx?.dll FOUND !

C:\WINDOWS\system32\components\flx??.dll FOUND !

C:\WINDOWS\system32\components\flx???.dll FOUND !

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Kim

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Kim\Application Data

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Start Menu

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Kim\FORETR~1

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Desktop

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\Programmer

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]

"Source"="http://www.mandrildvd.dk/wallpapers/advarsel_wallpaper_1024x768.jpg"'>http://www.mandrildvd.dk/wallpapers/advarsel_wallpaper_1024x768.jpg"

"SubscribedURL"="http://www.mandrildvd.dk/wallpapers/advarsel_wallpaper_1024x768.jpg"

"FriendlyName"=""

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\1]

"Source"="http://www.mandrildvd.dk/wallpapers/c_og_m_1024x768.jpg"'>http://www.mandrildvd.dk/wallpapers/c_og_m_1024x768.jpg"

"SubscribedURL"="http://www.mandrildvd.dk/wallpapers/c_og_m_1024x768.jpg"

"FriendlyName"=""

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\2]

"Source"="About:Home"

"SubscribedURL"="About:Home"

"FriendlyName"="Min aktuelle startside"

 

»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler

!!!Attention, following keys are not inevitably infected!!!

 

SrchSTS.exe by S!Ri

Search SharedTaskScheduler's .dll

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]

"{1a01a98c-4f25-42e1-971a-185cf63569b2}"="expatriates"

 

 

 

»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs

!!!Attention, following keys are not inevitably infected!!!

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"AppInit_DLLs"=""

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System

!!!Attention, following keys are not inevitably infected!!!

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]

"System"=""

"DllName"="C:\\WINDOWS\\system32\\vtstt.dll"

 

 

»»»»»»»»»»»»»»»»»»»»»»»» pe386-msguard-lzx32

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection

 

 

»»»»»»»»»»»»»»»»»»»»»»»» End

[/log]

 

[inlägget ändrat 2006-12-09 11:17:04 av Anders N]

Link to comment
Share on other sites

Hej Kim, jag skulle gärna vilja se din HijackThis-logg också för det kanske finns saker i datorn som ska bort innan Smitfraud-otrevligheten ska bort.

Det finns också det alldeles utmärkta danska forumet http://www.spywarefri.dk/forum/

där de är väldigt bra på att rensa datorer.

 

Link to comment
Share on other sites

[log]Logfile of HijackThis v1.99.1

Scan saved at 16:40:53, on 02-12-2006

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.5730.0011)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe

C:\WINDOWS\Explorer.EXE

C:\Programmer\IVT Corporation\BTNtService.exe

c:\documents and settings\kim\lokale indstillinger\application data\yahoo\widget engine\jiwire_wi-fi_finder.widget\jiwirewifi.widget\contents\resources\jiwire.win\jiwirewifiwin.exe

C:\Programmer\Fælles filer\Microsoft Shared\VS7Debug\mdm.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\ishost.exe

C:\WINDOWS\system32\issearch.exe

C:\WINDOWS\system32\isnotify.exe

C:\WINDOWS\system32\igfxtray.exe

C:\WINDOWS\system32\hkcmd.exe

C:\Programmer\Java\jre1.5.0_09\bin\jusched.exe

C:\WINDOWS\system32\ismini.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe

C:\Programmer\Synaptics\SynTP\SynTPLpr.exe

C:\Programmer\Synaptics\SynTP\SynTPEnh.exe

C:\WINDOWS\system32\rundll32.exe

C:\Programmer\HP\hpcoretech\hpcmpmgr.exe

C:\Programmer\HP\HP Software Update\HPWuSchd2.exe

C:\Programmer\MSN Messenger\MsnMsgr.Exe

C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe

C:\Programmer\Nokia\Nokia PC Suite 6\PcSync2.exe

C:\Programmer\Skype\Phone\Skype.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Programmer\Google\GoogleToolbarNotifier\1.2.908.8472\GoogleToolbarNotifier.exe

C:\Programmer\Logitech\SetPoint\KEM.exe

C:\Programmer\TechSmith\SnagIt 7\SnagIt32.exe

C:\Programmer\Microsoft Office\OFFICE11\OUTLOOK.EXE

C:\Programmer\Logitech\SetPoint\KHALMNPR.EXE

C:\Programmer\TechSmith\SnagIt 7\TSCHelp.exe

C:\Programmer\Yahoo\Yahoo! Widget Engine\YahooWidgetEngine.exe

C:\Programmer\Yahoo\Yahoo! Widget Engine\YahooWidgetEngine.exe

C:\Programmer\Yahoo\Yahoo! Widget Engine\YahooWidgetEngine.exe

C:\Programmer\Yahoo\Yahoo! Widget Engine\YahooWidgetEngine.exe

C:\Programmer\Yahoo\Yahoo! Widget Engine\YahooWidgetEngine.exe

C:\Programmer\Yahoo\Yahoo! Widget Engine\YahooWidgetEngine.exe

C:\Programmer\Fælles filer\PCSuite\Services\ServiceLayer.exe

C:\PROGRA~1\FLLESF~1\Nokia\MPAPI\MPAPI3s.exe

C:\Programmer\IVT Corporation\BlueSoleil.exe

C:\Programmer\Microsoft Office\OFFICE11\WINWORD.EXE

C:\WINDOWS\system32\svchost.exe

C:\Programmer\Internet Explorer\iexplore.exe

C:\Programmer\Hijackthis\HijackThis.exe

 

[/log]

 

[inlägget ändrat 2006-12-09 11:17:19 av Anders N]

Link to comment
Share on other sites

[log]R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157'>http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896'>http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - Default URLSearchHook is missing

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmer\google\googletoolbar1.dll

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programmer\Java\jre1.5.0_09\bin\jusched.exe"

O4 - HKLM\..\Run: [Cpqset] C:\Programmer\HPQ\Default Settings\cpqset.exe

O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe

O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE

O4 - HKLM\..\Run: [synTPLpr] C:\Programmer\Synaptics\SynTP\SynTPLpr.exe

O4 - HKLM\..\Run: [synTPEnh] C:\Programmer\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [DXM6Patch_981116] C:\WINDOWS\p_981116.exe /Q:A

O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent

O4 - HKLM\..\Run: [HP Component Manager] "C:\Programmer\HP\hpcoretech\hpcmpmgr.exe"

O4 - HKLM\..\Run: [HP Software Update] C:\Programmer\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup

O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmer\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [LDM] C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe

O4 - HKCU\..\Run: [PcSync] C:\Programmer\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog

O4 - HKCU\..\Run: [skype] "C:\Programmer\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [swg] C:\Programmer\Google\GoogleToolbarNotifier\1.2.908.8472\GoogleToolbarNotifier.exe

O4 - Startup: Genvej til OnTV.lnk = ?

O4 - Startup: Microsoft Outlook.lnk = C:\Programmer\Microsoft Office\OFFICE11\OUTLOOK.EXE

O4 - Startup: Vis skrivebord.lnk = C:\Documents and Settings\Kim\Application Data\Microsoft\Internet Explorer\Quick Launch\Vis skrivebord.scf

O4 - Startup: Yahoo! Widget Engine.lnk = C:\Programmer\Yahoo\Yahoo! Widget Engine\YahooWidgetEngine.exe

O4 - Global Startup: Logitech SetPoint.lnk = C:\Programmer\Logitech\SetPoint\KEM.exe

O4 - Global Startup: SnagIt 7.lnk = C:\Programmer\TechSmith\SnagIt 7\SnagIt32.exe

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.5.0_09\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.5.0_09\bin\ssv.dll

O9 - Extra button: Opslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe (file missing)

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe (file missing)

O11 - Options group: [iNTERNATIONAL] International*

O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com

O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab

O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab

O16 - DPF: {3D6DDD23-870A-4FC8-B3AF-5F67C935A9B7} (Util Class) - https://udstedelse.certifikat.tdc.dk/csp/authenticode/PrimeInkCSP-1204.exe

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1112794165593

O16 - DPF: {6CB5E471-C305-11D3-99A8-000086395495} - http://toolbar.google.com/data/da/big/1.1.62-big/GoogleNav.cab

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab

O16 - DPF: {D216644A-C6DB-49D9-BBCF-D38FE7991BF2} (Util Class) - https://opdatering.tdc.dk/csp/authenticode/tdccsp-0506.exe

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe

O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Programmer\IVT Corporation\BTNtService.exe

O23 - Service: JiWire WiFi Monitoring (JiWireWireless) - JiWire, Inc. - c:\documents and settings\kim\lokale indstillinger\application data\yahoo\widget engine\jiwire_wi-fi_finder.widget\jiwirewifi.widget\contents\resources\jiwire.win\jiwirewifiwin.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: ServiceLayer - Nokia. - C:\Programmer\Fælles filer\PCSuite\Services\ServiceLayer.exe

[/log]

 

[inlägget ändrat 2006-12-09 11:17:32 av Anders N]

Link to comment
Share on other sites

Ladda ner Vundofix:

http://www.atribune.org/ccount/click.php?id=4

 

Starta om datorn i felsäkert läge (tryck F8 upprepade gånger under uppstarten och välj felsäkert läge i menyn).

 

Dubbelklicka på VundoFix.exe för att starta programmet.

När den startar igen så tryck på Scan for Vundo.

När skanningen är klar så tryck på Remove Vundo.

Svara Ja/Yes på frågan om du vill ta bort filerna.

Därefter kommer Skrivbordet att försvinna medan filerna tas bort.

När det är klart så kommer det en fråga om att din dator kommer att stängas av, tryck på OK.

Sätt igång datorn igen i normalt läge.

 

Om det är så att VundoFix inte kunde ta bort någon fil vid första försöket så kommer VundoFix att starta igen när datorn startas, följ i så fall beskrivningen en gång till.

 

Klistra in C:\vundofix.txt i ditt svar.

 

Gå till mappen C:\Programmer\Hijackthis med Utforskaren eller Den här datorn och byt namn på programmet HijackThis.exe till något annat, t ex rensning.exe, skapa sedan en ny logg som klistras in här.

 

Link to comment
Share on other sites

Im not sure I under stand this:

 

Gå till mappen C:\Programmer\Hijackthis med Utforskaren eller Den här datorn och byt namn på programmet HijackThis.exe till något annat, t ex rensning.exe, skapa sedan en ny logg som klistras in här.

 

Her er min Vundfix log, poster min hijack log i nyt svar!

 

I still get some popups :(

 

 

undoFix V6.2.13

 

Checking Java version...

 

Sun Java not detected

Scan started at 17:28:47 02-12-2006

 

Listing files found while scanning....

 

C:\WINDOWS\system32\winrkp32.dll

C:\WINDOWS\system32\vtstt.dll

C:\WINDOWS\system32\vtstt.dll

C:\WINDOWS\system32\vtstt.dll

C:\WINDOWS\system32\vtstt.dll

C:\WINDOWS\system32\vtstt.dll

C:\WINDOWS\system32\vtstt.dll

C:\WINDOWS\system32\vtstt.dll

C:\WINDOWS\system32\ttstv.ini

C:\WINDOWS\system32\ttstv.bak1

C:\WINDOWS\system32\ttstv.ini

C:\WINDOWS\system32\ttstv.bak1

C:\WINDOWS\system32\ttstv.ini

C:\WINDOWS\system32\ttstv.bak1

C:\WINDOWS\system32\ttstv.ini

C:\WINDOWS\system32\ttstv.bak1

C:\WINDOWS\system32\ttstv.ini

C:\WINDOWS\system32\ttstv.bak1

C:\WINDOWS\system32\ttstv.ini

C:\WINDOWS\system32\ttstv.bak1

C:\WINDOWS\system32\ttstv.ini

C:\WINDOWS\system32\ttstv.bak1

 

Beginning removal...

 

Attempting to delete C:\WINDOWS\system32\winrkp32.dll

C:\WINDOWS\system32\winrkp32.dll Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\vtstt.dll

C:\WINDOWS\system32\vtstt.dll Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\ttstv.ini

C:\WINDOWS\system32\ttstv.ini Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\ttstv.bak1

C:\WINDOWS\system32\ttstv.bak1 Has been deleted!

 

Performing Repairs to the registry.

Done!

 

Link to comment
Share on other sites

[log]Logfile of HijackThis v1.99.1

Scan saved at 17:42:16, on 02-12-2006

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.5730.0011)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe

C:\Programmer\IVT Corporation\BTNtService.exe

c:\documents and settings\kim\lokale indstillinger\application data\yahoo\widget engine\jiwire_wi-fi_finder.widget\jiwirewifi.widget\contents\resources\jiwire.win\jiwirewifiwin.exe

C:\Programmer\Fælles filer\Microsoft Shared\VS7Debug\mdm.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\ishost.exe

C:\WINDOWS\system32\issearch.exe

C:\WINDOWS\system32\isnotify.exe

C:\WINDOWS\system32\igfxtray.exe

C:\WINDOWS\system32\hkcmd.exe

C:\Programmer\Java\jre1.5.0_09\bin\jusched.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe

C:\WINDOWS\system32\ismini.exe

C:\Programmer\Synaptics\SynTP\SynTPLpr.exe

C:\Programmer\Synaptics\SynTP\SynTPEnh.exe

C:\WINDOWS\system32\rundll32.exe

C:\Programmer\HP\hpcoretech\hpcmpmgr.exe

C:\Programmer\HP\HP Software Update\HPWuSchd2.exe

C:\Programmer\MSN Messenger\MsnMsgr.Exe

C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe

C:\Programmer\Nokia\Nokia PC Suite 6\PcSync2.exe

C:\Programmer\Skype\Phone\Skype.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Programmer\Google\GoogleToolbarNotifier\1.2.908.8472\GoogleToolbarNotifier.exe

C:\Programmer\Logitech\SetPoint\KEM.exe

C:\PROGRA~1\FLLESF~1\Nokia\MPAPI\MPAPI3s.exe

C:\Programmer\TechSmith\SnagIt 7\SnagIt32.exe

C:\Programmer\Logitech\SetPoint\KHALMNPR.EXE

C:\Programmer\Microsoft Office\OFFICE11\OUTLOOK.EXE

C:\Programmer\Yahoo\Yahoo! Widget Engine\YahooWidgetEngine.exe

C:\Programmer\TechSmith\SnagIt 7\TSCHelp.exe

C:\Programmer\Yahoo\Yahoo! Widget Engine\YahooWidgetEngine.exe

C:\Programmer\Yahoo\Yahoo! Widget Engine\YahooWidgetEngine.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Programmer\Yahoo\Yahoo! Widget Engine\YahooWidgetEngine.exe

C:\Programmer\Yahoo\Yahoo! Widget Engine\YahooWidgetEngine.exe

C:\Programmer\Yahoo\Yahoo! Widget Engine\YahooWidgetEngine.exe

C:\Programmer\Fælles filer\PCSuite\Services\ServiceLayer.exe

C:\Programmer\Microsoft Office\OFFICE11\WINWORD.EXE

C:\Programmer\IVT Corporation\BlueSoleil.exe

C:\WINDOWS\system32\svchost.exe

C:\Programmer\Internet Explorer\IEXPLORE.EXE

C:\WINDOWS\Explorer.EXE

C:\Programmer\Hijackthis\HijackThis.exe

[/log]

 

[inlägget ändrat 2006-12-09 11:18:07 av Anders N]

Link to comment
Share on other sites

[log]R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157'>http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896'>http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - Default URLSearchHook is missing

O2 - BHO: (no name) - {0F665D73-EE63-43B4-BD39-EAF4B6D8202A} - C:\WINDOWS\system32\vtstt.dll (file missing)

O2 - BHO: (no name) - {35F7813A-AF74-4474-B1DC-7EE6FB6C43C6} - C:\WINDOWS\system32\dtyvekgl.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programmer\Spybot\SDHelper.dll

O2 - BHO: (no name) - {67270207-b9ee-4d26-9270-860fdb060ca1} - C:\WINDOWS\system32\ixt0.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmer\Java\jre1.5.0_09\bin\ssv.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmer\Fælles filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmer\google\googletoolbar1.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmer\google\googletoolbar1.dll

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programmer\Java\jre1.5.0_09\bin\jusched.exe"

O4 - HKLM\..\Run: [Cpqset] C:\Programmer\HPQ\Default Settings\cpqset.exe

O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe

O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE

O4 - HKLM\..\Run: [synTPLpr] C:\Programmer\Synaptics\SynTP\SynTPLpr.exe

O4 - HKLM\..\Run: [synTPEnh] C:\Programmer\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [DXM6Patch_981116] C:\WINDOWS\p_981116.exe /Q:A

O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent

O4 - HKLM\..\Run: [HP Component Manager] "C:\Programmer\HP\hpcoretech\hpcmpmgr.exe"

O4 - HKLM\..\Run: [HP Software Update] C:\Programmer\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup

O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmer\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [LDM] C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe

O4 - HKCU\..\Run: [PcSync] C:\Programmer\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog

O4 - HKCU\..\Run: [skype] "C:\Programmer\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [swg] C:\Programmer\Google\GoogleToolbarNotifier\1.2.908.8472\GoogleToolbarNotifier.exe

O4 - Startup: Genvej til OnTV.lnk = ?

O4 - Startup: Microsoft Outlook.lnk = C:\Programmer\Microsoft Office\OFFICE11\OUTLOOK.EXE

O4 - Startup: Vis skrivebord.lnk = C:\Documents and Settings\Kim\Application Data\Microsoft\Internet Explorer\Quick Launch\Vis skrivebord.scf

O4 - Startup: Yahoo! Widget Engine.lnk = C:\Programmer\Yahoo\Yahoo! Widget Engine\YahooWidgetEngine.exe

O4 - Global Startup: Logitech SetPoint.lnk = C:\Programmer\Logitech\SetPoint\KEM.exe

O4 - Global Startup: SnagIt 7.lnk = C:\Programmer\TechSmith\SnagIt 7\SnagIt32.exe

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.5.0_09\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.5.0_09\bin\ssv.dll

O9 - Extra button: Opslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe (file missing)

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe (file missing)

O11 - Options group: [iNTERNATIONAL] International*

O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com

O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab

O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab

O16 - DPF: {3D6DDD23-870A-4FC8-B3AF-5F67C935A9B7} (Util Class) - https://udstedelse.certifikat.tdc.dk/csp/authenticode/PrimeInkCSP-1204.exe

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1112794165593

O16 - DPF: {6CB5E471-C305-11D3-99A8-000086395495} - http://toolbar.google.com/data/da/big/1.1.62-big/GoogleNav.cab

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab

O16 - DPF: {D216644A-C6DB-49D9-BBCF-D38FE7991BF2} (Util Class) - https://opdatering.tdc.dk/csp/authenticode/tdccsp-0506.exe

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe

O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Programmer\IVT Corporation\BTNtService.exe

O23 - Service: JiWire WiFi Monitoring (JiWireWireless) - JiWire, Inc. - c:\documents and settings\kim\lokale indstillinger\application data\yahoo\widget engine\jiwire_wi-fi_finder.widget\jiwirewifi.widget\contents\resources\jiwire.win\jiwirewifiwin.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: ServiceLayer - Nokia. - C:\Programmer\Fælles filer\PCSuite\Services\ServiceLayer.exe

 

[/log]

 

[inlägget ändrat 2006-12-09 11:18:21 av Anders N]

Link to comment
Share on other sites

Folk blir glada om du när du klistrat in en logg i ditt svar, markerar (selects) loggen och trycker på LOG-knappen som finns i Besvara-fönstret på samma rad som :thumbsdown::thumbsup:.

 

Ladda ner programmet SmitfraudFix (by S!Ri) till Skrivbordet:

http://siri.urz.free.fr/Fix/SmitfraudFix.zip

Högerklicka och extrahera allt innehåll till Skrivbordet. En mapp SmitfraudFix kommer att skapas.

 

Öppna SmitfraudFix-mappen och dubbelklicka på smitfraudfix.cmd.

Välj alternativ #1 - Search genom att trycka på 1 och Enter.

Programmet kommer att skanna igenom datorn.

När den är klart visas resultatet och programmet har skapat loggfilen C:\rapport.txt.

 

Klistra in innehållet i loggfilen i ditt svar här.

 

Gör inget annat med SmitfraudFix-mappen eller smitfraudfix.cmd.

 

Jag tittar på loggen i morgon.

 

Link to comment
Share on other sites

[log]SmitFraudFix v2.126

 

Scan done at 18:23:36,37, 02-12-2006

Run from C:\Documents and Settings\Kim\Skrivebord\SmitfraudFix

OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT

Fix run in normal mode

 

»»»»»»»»»»»»»»»»»»»»»»»» C:

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

 

C:\WINDOWS\system32\ishost.exe FOUND !

C:\WINDOWS\system32\ismini.exe FOUND !

C:\WINDOWS\system32\isnotify.exe FOUND !

C:\WINDOWS\system32\issearch.exe FOUND !

C:\WINDOWS\system32\ixt?.dll FOUND !

C:\WINDOWS\system32\ixt??.dll FOUND !

C:\WINDOWS\system32\ot.ico FOUND !

C:\WINDOWS\system32\tpedvf.dll FOUND !

C:\WINDOWS\system32\ts.ico FOUND !

C:\WINDOWS\system32\components\flx?.dll FOUND !

C:\WINDOWS\system32\components\flx??.dll FOUND !

C:\WINDOWS\system32\components\flx???.dll FOUND !

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Kim

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Kim\Application Data

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Start Menu

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Kim\FORETR~1

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Desktop

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\Programmer

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]

"Source"="http://www.mandrildvd.dk/wallpapers/advarsel_wallpaper_1024x768.jpg"'>http://www.mandrildvd.dk/wallpapers/advarsel_wallpaper_1024x768.jpg"

"SubscribedURL"="http://www.mandrildvd.dk/wallpapers/advarsel_wallpaper_1024x768.jpg"

"FriendlyName"=""

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\1]

"Source"="http://www.mandrildvd.dk/wallpapers/c_og_m_1024x768.jpg"'>http://www.mandrildvd.dk/wallpapers/c_og_m_1024x768.jpg"

"SubscribedURL"="http://www.mandrildvd.dk/wallpapers/c_og_m_1024x768.jpg"

"FriendlyName"=""

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\2]

"Source"="About:Home"

"SubscribedURL"="About:Home"

"FriendlyName"="Min aktuelle startside"

 

»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler

!!!Attention, following keys are not inevitably infected!!!

 

SrchSTS.exe by S!Ri

Search SharedTaskScheduler's .dll

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]

"{1a01a98c-4f25-42e1-971a-185cf63569b2}"="expatriates"

 

 

 

»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs

!!!Attention, following keys are not inevitably infected!!!

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"AppInit_DLLs"=""

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System

!!!Attention, following keys are not inevitably infected!!!

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]

"System"=""

 

 

»»»»»»»»»»»»»»»»»»»»»»»» pe386-msguard-lzx32

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection

 

 

»»»»»»»»»»»»»»»»»»»»»»»» End[/log]

 

Link to comment
Share on other sites

Starta om datorn i felsäkert läge genom att trycka F8 upprepade gånger under uppstarten och välja Felsäkert i menyn.

 

Öppna SmitfraudFix-mappen och dubbelklicka på smitfraudfix.cmd för att starta programmet.

Välj alternativ #2 genom att trycka 2 och Enter.

Vänta på att verktyget blir klart och diskrensningen avslutas.

Under tiden så kommer det en fråga om du vill rensa registret (clean the registry) svara ja (Yes) genom att trycka Y och Enter.

 

Om datorn inte startar om av sig själv så gör du det.

Även denna gång ska det vara felsäkert läge.

 

Kontrollpanelen - Internet-alternativ - Allmänt - Ta bort filer, kryssa i rutan - OK

Sedan på fliken Program, välj Återställ webbinställningar. Verkställ - OK

 

Kontrollpanelen - Bildskärm - Skrivbord - Anpassa skrivbordet - Webb

Om det finns något med Security info eller liknande så Ta bort det.

OK - Verkställ - OK

 

Starta om datorn i normalt läge.

 

I ditt svar så klistra in den nyss skapade C:\rapport.txt och en ny HijackThis-logg, samt skriv hur datorn uppför sig nu.

 

Link to comment
Share on other sites

Det ser ud som om det har virket, ie starter på msn.com nu og ingen popups so far!!!

 

Tack så mycket :)

 

[log]SmitFraudFix v2.126

 

Scan done at 10:14:46,79, 03-12-2006

Run from C:\Documents and Settings\Kim\Skrivebord\SmitfraudFix

OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT

Fix run in safe mode

 

»»»»»»»»»»»»»»»»»»»»»»»» Before SmitFraudFix

!!!Attention, following keys are not inevitably infected!!!

 

SrchSTS.exe by S!Ri

Search SharedTaskScheduler's .dll

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]

"{1a01a98c-4f25-42e1-971a-185cf63569b2}"="expatriates"

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Killing process

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

 

GenericRenosFix by S!Ri

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

 

C:\WINDOWS\system32\ishost.exe Deleted

C:\WINDOWS\system32\ismini.exe Deleted

C:\WINDOWS\system32\isnotify.exe Deleted

C:\WINDOWS\system32\issearch.exe Deleted

C:\WINDOWS\system32\ixt?.dll Deleted

C:\WINDOWS\system32\ot.ico Deleted

C:\WINDOWS\system32\tpedvf.dll Deleted

C:\WINDOWS\system32\ts.ico Deleted

C:\WINDOWS\system32\components\flx?.dll Deleted

 

»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

 

Registry Cleaning done.

 

»»»»»»»»»»»»»»»»»»»»»»»» After SmitFraudFix

!!!Attention, following keys are not inevitably infected!!!

 

SrchSTS.exe by S!Ri

Search SharedTaskScheduler's .dll

 

 

»»»»»»»»»»»»»»»»»»»»»»»» End[/log]

 

 

 

Link to comment
Share on other sites

hijack log

 

[log]Logfile of HijackThis v1.99.1

Scan saved at 10:26:50, on 03-12-2006

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.5730.0011)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe

C:\Programmer\IVT Corporation\BTNtService.exe

c:\documents and settings\kim\lokale indstillinger\application data\yahoo\widget engine\jiwire_wi-fi_finder.widget\jiwirewifi.widget\contents\resources\jiwire.win\jiwirewifiwin.exe

C:\Programmer\Fælles filer\Microsoft Shared\VS7Debug\mdm.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\igfxtray.exe

C:\WINDOWS\system32\hkcmd.exe

C:\Programmer\Java\jre1.5.0_09\bin\jusched.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe

C:\Programmer\Synaptics\SynTP\SynTPLpr.exe

C:\Programmer\Synaptics\SynTP\SynTPEnh.exe

C:\WINDOWS\system32\rundll32.exe

C:\Programmer\HP\hpcoretech\hpcmpmgr.exe

C:\Programmer\HP\HP Software Update\HPWuSchd2.exe

C:\Programmer\MSN Messenger\MsnMsgr.Exe

C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe

C:\Programmer\Nokia\Nokia PC Suite 6\PcSync2.exe

C:\Programmer\Skype\Phone\Skype.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Programmer\Google\GoogleToolbarNotifier\1.2.908.8472\GoogleToolbarNotifier.exe

C:\Programmer\Logitech\SetPoint\KEM.exe

C:\PROGRA~1\FLLESF~1\Nokia\MPAPI\MPAPI3s.exe

C:\Programmer\TechSmith\SnagIt 7\SnagIt32.exe

C:\Programmer\Logitech\SetPoint\KHALMNPR.EXE

C:\Programmer\Microsoft Office\OFFICE11\OUTLOOK.EXE

C:\Programmer\TechSmith\SnagIt 7\TSCHelp.exe

C:\Programmer\Yahoo\Yahoo! Widget Engine\YahooWidgetEngine.exe

C:\Programmer\Yahoo\Yahoo! Widget Engine\YahooWidgetEngine.exe

C:\Programmer\Yahoo\Yahoo! Widget Engine\YahooWidgetEngine.exe

C:\Programmer\Yahoo\Yahoo! Widget Engine\YahooWidgetEngine.exe

C:\Programmer\Yahoo\Yahoo! Widget Engine\YahooWidgetEngine.exe

C:\Programmer\Yahoo\Yahoo! Widget Engine\YahooWidgetEngine.exe

C:\Programmer\Microsoft Office\OFFICE11\WINWORD.EXE

C:\Programmer\Fælles filer\PCSuite\Services\ServiceLayer.exe

C:\Programmer\IVT Corporation\BlueSoleil.exe

C:\Programmer\Internet Explorer\IEXPLORE.EXE

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\NOTEPAD.EXE

C:\Programmer\Hijackthis\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - Default URLSearchHook is missing

O2 - BHO: (no name) - {0F665D73-EE63-43B4-BD39-EAF4B6D8202A} - C:\WINDOWS\system32\vtstt.dll (file missing)

O2 - BHO: (no name) - {35F7813A-AF74-4474-B1DC-7EE6FB6C43C6} - C:\WINDOWS\system32\dtyvekgl.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programmer\Spybot\SDHelper.dll

O2 - BHO: (no name) - {67270207-b9ee-4d26-9270-860fdb060ca1} - C:\WINDOWS\system32\ixt0.dll (file missing)

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmer\Java\jre1.5.0_09\bin\ssv.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmer\Fælles filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmer\google\googletoolbar1.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmer\google\googletoolbar1.dll

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programmer\Java\jre1.5.0_09\bin\jusched.exe"

O4 - HKLM\..\Run: [Cpqset] C:\Programmer\HPQ\Default Settings\cpqset.exe

O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe

O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE

O4 - HKLM\..\Run: [synTPLpr] C:\Programmer\Synaptics\SynTP\SynTPLpr.exe

O4 - HKLM\..\Run: [synTPEnh] C:\Programmer\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [DXM6Patch_981116] C:\WINDOWS\p_981116.exe /Q:A

O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent

O4 - HKLM\..\Run: [HP Component Manager] "C:\Programmer\HP\hpcoretech\hpcmpmgr.exe"

O4 - HKLM\..\Run: [HP Software Update] C:\Programmer\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup

O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmer\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [LDM] C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe

O4 - HKCU\..\Run: [PcSync] C:\Programmer\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog

O4 - HKCU\..\Run: [skype] "C:\Programmer\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [swg] C:\Programmer\Google\GoogleToolbarNotifier\1.2.908.8472\GoogleToolbarNotifier.exe

O4 - Startup: Genvej til OnTV.lnk = ?

O4 - Startup: Microsoft Outlook.lnk = C:\Programmer\Microsoft Office\OFFICE11\OUTLOOK.EXE

O4 - Startup: Vis skrivebord.lnk = C:\Documents and Settings\Kim\Application Data\Microsoft\Internet Explorer\Quick Launch\Vis skrivebord.scf

O4 - Startup: Yahoo! Widget Engine.lnk = C:\Programmer\Yahoo\Yahoo! Widget Engine\YahooWidgetEngine.exe

O4 - Global Startup: Logitech SetPoint.lnk = C:\Programmer\Logitech\SetPoint\KEM.exe

O4 - Global Startup: SnagIt 7.lnk = C:\Programmer\TechSmith\SnagIt 7\SnagIt32.exe

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.5.0_09\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.5.0_09\bin\ssv.dll

O9 - Extra button: Opslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe (file missing)

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe (file missing)

O11 - Options group: [iNTERNATIONAL] International*

O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com

O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab

O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab

O16 - DPF: {3D6DDD23-870A-4FC8-B3AF-5F67C935A9B7} (Util Class) - https://udstedelse.certifikat.tdc.dk/csp/authenticode/PrimeInkCSP-1204.exe

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1112794165593

O16 - DPF: {6CB5E471-C305-11D3-99A8-000086395495} - http://toolbar.google.com/data/da/big/1.1.62-big/GoogleNav.cab

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab

O16 - DPF: {D216644A-C6DB-49D9-BBCF-D38FE7991BF2} (Util Class) - https://opdatering.tdc.dk/csp/authenticode/tdccsp-0506.exe

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe

O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Programmer\IVT Corporation\BTNtService.exe

O23 - Service: JiWire WiFi Monitoring (JiWireWireless) - JiWire, Inc. - c:\documents and settings\kim\lokale indstillinger\application data\yahoo\widget engine\jiwire_wi-fi_finder.widget\jiwirewifi.widget\contents\resources\jiwire.win\jiwirewifiwin.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: ServiceLayer - Nokia. - C:\Programmer\Fælles filer\PCSuite\Services\ServiceLayer.exe[/log]

 

Link to comment
Share on other sites

Lite kvar att ta bort i alla fall.

 

Skanna med HijackThis och bocka för:

 

R3 - Default URLSearchHook is missing

O2 - BHO: (no name) - {0F665D73-EE63-43B4-BD39-EAF4B6D8202A} - C:\WINDOWS\system32\vtstt.dll (file missing)

O2 - BHO: (no name) - {35F7813A-AF74-4474-B1DC-7EE6FB6C43C6} - C:\WINDOWS\system32\dtyvekgl.dll

O2 - BHO: (no name) - {67270207-b9ee-4d26-9270-860fdb060ca1} - C:\WINDOWS\system32\ixt0.dll (file missing)

 

Avsluta alla andra program (Exit all other programs).

Tryck Fix checked.

 

Starta om datorn i felsäkert läge (tryck F8 upprepade gånger under uppstarten och välj felsäkert läge i menyn).

 

Ställ in Utforskaren så att du kan se alla filer:

Verktyg - (Mapp)alternativ eller liknande - Visning

Välj Visa dolda filer och mappar

Avbocka Dölj filnamnstillägg för kända filtyper

Avbocka Dölj skyddade operativsystemfiler

 

Ta bort filerna (om de finns kvar):

C:\WINDOWS\system32\vtstt.dll

C:\WINDOWS\system32\dtyvekgl.dll

C:\WINDOWS\system32\ixt0.dll

 

Starta om i normalt läge och så en ny HijackThis-logg.

 

Link to comment
Share on other sites

De 3 filer fandtes ikke!

 

[log]Logfile of HijackThis v1.99.1

Scan saved at 12:39:10, on 03-12-2006

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.5730.0011)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe

C:\Programmer\IVT Corporation\BTNtService.exe

c:\documents and settings\kim\lokale indstillinger\application data\yahoo\widget engine\jiwire_wi-fi_finder.widget\jiwirewifi.widget\contents\resources\jiwire.win\jiwirewifiwin.exe

C:\Programmer\Fælles filer\Microsoft Shared\VS7Debug\mdm.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\igfxtray.exe

C:\WINDOWS\system32\hkcmd.exe

C:\Programmer\Java\jre1.5.0_09\bin\jusched.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe

C:\Programmer\Synaptics\SynTP\SynTPLpr.exe

C:\Programmer\Synaptics\SynTP\SynTPEnh.exe

C:\WINDOWS\system32\rundll32.exe

C:\Programmer\HP\hpcoretech\hpcmpmgr.exe

C:\Programmer\HP\HP Software Update\HPWuSchd2.exe

C:\Programmer\MSN Messenger\MsnMsgr.Exe

C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe

C:\Programmer\Nokia\Nokia PC Suite 6\PcSync2.exe

C:\Programmer\Skype\Phone\Skype.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Programmer\Google\GoogleToolbarNotifier\1.2.908.8472\GoogleToolbarNotifier.exe

C:\Programmer\Logitech\SetPoint\KEM.exe

C:\Programmer\TechSmith\SnagIt 7\SnagIt32.exe

C:\PROGRA~1\FLLESF~1\Nokia\MPAPI\MPAPI3s.exe

C:\Programmer\Logitech\SetPoint\KHALMNPR.EXE

C:\Programmer\Fælles filer\PCSuite\Services\ServiceLayer.exe

C:\Programmer\Microsoft Office\OFFICE11\OUTLOOK.EXE

C:\Programmer\TechSmith\SnagIt 7\TSCHelp.exe

C:\Programmer\Yahoo\Yahoo! Widget Engine\YahooWidgetEngine.exe

C:\Programmer\Yahoo\Yahoo! Widget Engine\YahooWidgetEngine.exe

C:\Programmer\Yahoo\Yahoo! Widget Engine\YahooWidgetEngine.exe

C:\Programmer\Yahoo\Yahoo! Widget Engine\YahooWidgetEngine.exe

C:\Programmer\Yahoo\Yahoo! Widget Engine\YahooWidgetEngine.exe

C:\Programmer\IVT Corporation\BlueSoleil.exe

C:\Programmer\Yahoo\Yahoo! Widget Engine\YahooWidgetEngine.exe

C:\Programmer\Microsoft Office\OFFICE11\WINWORD.EXE

C:\WINDOWS\system32\svchost.exe

C:\Programmer\Hijackthis\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programmer\Spybot\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmer\Java\jre1.5.0_09\bin\ssv.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmer\Fælles filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmer\google\googletoolbar1.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmer\google\googletoolbar1.dll

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programmer\Java\jre1.5.0_09\bin\jusched.exe"

O4 - HKLM\..\Run: [Cpqset] C:\Programmer\HPQ\Default Settings\cpqset.exe

O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe

O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE

O4 - HKLM\..\Run: [synTPLpr] C:\Programmer\Synaptics\SynTP\SynTPLpr.exe

O4 - HKLM\..\Run: [synTPEnh] C:\Programmer\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [DXM6Patch_981116] C:\WINDOWS\p_981116.exe /Q:A

O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent

O4 - HKLM\..\Run: [HP Component Manager] "C:\Programmer\HP\hpcoretech\hpcmpmgr.exe"

O4 - HKLM\..\Run: [HP Software Update] C:\Programmer\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup

O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmer\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [LDM] C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe

O4 - HKCU\..\Run: [PcSync] C:\Programmer\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog

O4 - HKCU\..\Run: [skype] "C:\Programmer\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [swg] C:\Programmer\Google\GoogleToolbarNotifier\1.2.908.8472\GoogleToolbarNotifier.exe

O4 - Startup: Genvej til OnTV.lnk = ?

O4 - Startup: Microsoft Outlook.lnk = C:\Programmer\Microsoft Office\OFFICE11\OUTLOOK.EXE

O4 - Startup: Vis skrivebord.lnk = C:\Documents and Settings\Kim\Application Data\Microsoft\Internet Explorer\Quick Launch\Vis skrivebord.scf

O4 - Startup: Yahoo! Widget Engine.lnk = C:\Programmer\Yahoo\Yahoo! Widget Engine\YahooWidgetEngine.exe

O4 - Global Startup: Logitech SetPoint.lnk = C:\Programmer\Logitech\SetPoint\KEM.exe

O4 - Global Startup: SnagIt 7.lnk = C:\Programmer\TechSmith\SnagIt 7\SnagIt32.exe

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.5.0_09\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.5.0_09\bin\ssv.dll

O9 - Extra button: Opslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe (file missing)

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe (file missing)

O11 - Options group: [iNTERNATIONAL] International*

O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com

O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab

O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab

O16 - DPF: {3D6DDD23-870A-4FC8-B3AF-5F67C935A9B7} (Util Class) - https://udstedelse.certifikat.tdc.dk/csp/authenticode/PrimeInkCSP-1204.exe

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1112794165593

O16 - DPF: {6CB5E471-C305-11D3-99A8-000086395495} - http://toolbar.google.com/data/da/big/1.1.62-big/GoogleNav.cab

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab

O16 - DPF: {D216644A-C6DB-49D9-BBCF-D38FE7991BF2} (Util Class) - https://opdatering.tdc.dk/csp/authenticode/tdccsp-0506.exe

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe

O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Programmer\IVT Corporation\BTNtService.exe

O23 - Service: JiWire WiFi Monitoring (JiWireWireless) - JiWire, Inc. - c:\documents and settings\kim\lokale indstillinger\application data\yahoo\widget engine\jiwire_wi-fi_finder.widget\jiwirewifi.widget\contents\resources\jiwire.win\jiwirewifiwin.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: ServiceLayer - Nokia. - C:\Programmer\Fælles filer\PCSuite\Services\ServiceLayer.exe[/log]

 

 

 

Link to comment
Share on other sites

Bra att de redan var borta, man kan aldrig vara säker så man måste kolla.

 

Jag ser inget otrevligt i loggen.

 

Här kommer mina vanliga råd för en säkrare dator, men det är så klart viktigt att man använder sitt förnuft också.

 

Uppdatera från Windows Update och kör antispionprogrammen AVG Anti-Spyware (Ewido), SUPERAntiSpyware, Spybot S&D och/eller Ad-aware regelbundet.

http://www.ewido.net/en/

http://www.superantispyware.com/

http://www.safer-networking.org/en/download/index.html

http://www.lavasoft.com

 

Komplettera antivirusprogrammet med några online-skanningar då och då:

http://housecall.trendmicro.com/

http://www.bitdefender.com/scan8/ie.html

http://www.pandasoftware.com/products/activescan/

 

Använd en brandvägg (bättre än den inbyggda i XP), finns gratis från t ex ZoneLabs.

http://www.zonelabs.com/store/content/home.jsp

 

Om man använder Internet Explorer så kan det vara lämpligt att ha programmen SpywareBlaster och SpywareGuard, vilka hindrar en hel del otrevliga program från att laddas ner resp. köras:

http://www.javacoolsoftware.com

 

Se över säkerhetsinställningarna i Internet Explorer, det finns en hel del tips här:

http://www.spywarewarrior.com/uiuc/btw/ie/ie-opts.htm

 

Samt kör IE-SpyAd som lägger en hel massa otrevliga webbplatser i zonen Ej tillförlitliga i Internet Explorer så att de inte kan göra något med datorn:

http://www.spywarewarrior.com/uiuc/resource.htm

 

Om man byter webbläsare så är det bara SpywareGuard som behövs. Andra webbläsare är t ex Mozilla Firefox och Opera:

http://www.mozilla.org

http://www.opera.com

 

Allt gratis för hemanvändare/personligt bruk.

 

Link to comment
Share on other sites

Ricke_Hallberg

Okej testar det nu:

 

Loggan från Smitfraud:

 

[log]SmitFraudFix v2.127

 

Scan done at 21:33:51,74, 2006-12-03

Run from C:\Documents and Settings\Ricke\Skrivbord\SmitfraudFix

OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT

The filesystem type is NTFS

Fix run in normal mode

 

»»»»»»»»»»»»»»»»»»»»»»»» C:

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

 

C:\WINDOWS\system32\isnotify.exe FOUND !

C:\WINDOWS\system32\issearch.exe FOUND !

C:\WINDOWS\system32\ixt?.dll FOUND !

C:\WINDOWS\system32\ixt??.dll FOUND !

C:\WINDOWS\system32\ot.ico FOUND !

C:\WINDOWS\system32\tpedvf.dll FOUND !

C:\WINDOWS\system32\ts.ico FOUND !

C:\WINDOWS\system32\components\flx?.dll FOUND !

C:\WINDOWS\system32\components\flx??.dll FOUND !

C:\WINDOWS\system32\components\flx???.dll FOUND !

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Ricke

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Ricke\Application Data

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Start Menu

 

C:\DOCUME~1\ALLUSE~1\START-~1\Online Security Guide.url FOUND !

C:\DOCUME~1\ALLUSE~1\START-~1\Security Troubleshooting.url FOUND !

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Ricke\FAVORI~1

 

C:\DOCUME~1\Ricke\FAVORI~1\Antivirus Test Online.url FOUND !

 

»»»»»»»»»»»»»»»»»»»»»»»» Desktop

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\Program

 

C:\Program\Virus-Bursters\ FOUND !

 

»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]

"Source"="About:Home"

"SubscribedURL"="About:Home"

"FriendlyName"="Min aktuella startsida"

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler

!!!Attention, following keys are not inevitably infected!!!

 

SrchSTS.exe by S!Ri

Search SharedTaskScheduler's .dll

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]

"{1a01a98c-4f25-42e1-971a-185cf63569b2}"="expatriates"

 

 

 

»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs

!!!Attention, following keys are not inevitably infected!!!

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"AppInit_DLLs"="C:\\Program\\KASPER~1\\KASPER~1.0\\adialhk.dll"

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System

!!!Attention, following keys are not inevitably infected!!!

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]

"System"=""

 

 

»»»»»»»»»»»»»»»»»»»»»»»» pe386-msguard-lzx32

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection

 

 

»»»»»»»»»»»»»»»»»»»»»»»» End[/log]

 

 

______________________________________

 

Här är loggan från Hijackthis:

 

[log]Logfile of HijackThis v1.99.1

Scan saved at 21:35:35, on 2006-12-03

Platform: Windows XP (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 (6.00.2600.0000)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\ATKKBService.exe

C:\Program\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\WINDOWS\System32\issearch.exe

C:\WINDOWS\System32\isnotify.exe

C:\Program\Java\jre1.5.0_06\bin\jusched.exe

C:\Program\Winamp\winampa.exe

C:\WINDOWS\System32\rundll32.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\Program\DAEMON Tools\daemon.exe

C:\WINDOWS\System32\RUNDLL32.EXE

C:\Program\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe

C:\Program\Delade filer\InstallShield\UpdateService\issch.exe

C:\WINDOWS\System32\ctfmon.exe

C:\program\valve\steam\steam.exe

C:\Program\Skype\Phone\Skype.exe

C:\Program\TGTSoft\StyleXP\stylexp.exe

C:\Program\Mozilla Firefox\firefox.exe

C:\WINDOWS\System32\wuauclt.exe

C:\Program\Ventrilo\Ventrilo.exe

C:\Program\MSN Messenger\msnmsgr.exe

C:\WINDOWS\System32\svchost.exe

C:\Program\Internet Explorer\iexplore.exe

C:\Program\WinRAR\WinRAR.exe

C:\WINDOWS\System32\cmd.exe

C:\WINDOWS\NOTEPAD.EXE

C:\Program\Hijackthis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://support.microsoft.com/kb/320159

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program\Delade filer\Symantec Shared\AdBlocking\NISShExt.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program\google\googletoolbar3.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [ccApp] "C:\Program\Delade filer\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [sSC_UserPrompt] C:\Program\Delade filer\Symantec Shared\Security Center\UsrPrmpt.exe

O4 - HKLM\..\Run: [symantec NetDriver Monitor] C:\Program\SYMNET~1\SNDMon.exe /Consumer

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program\Java\jre1.5.0_06\bin\jusched.exe

O4 - HKLM\..\Run: [WinampAgent] C:\Program\Winamp\winampa.exe

O4 - HKLM\..\Run: [EXSOUND Station Pro] C:\VTECH\EXSOUND Station\EXSOUNDStation.exe

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [wcyrugc.dll] C:\WINDOWS\System32\rundll32.exe C:\WINDOWS\System32\wcyrugc.dll,hipeprc

O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program\DAEMON Tools\daemon.exe" -lang 1033

O4 - HKLM\..\Run: [amd_dc_opt] "C:\Program\AMD\amd_dc_opt\amd_dc_opt.exe"

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [kis] "C:\Program\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe"

O4 - HKLM\..\Run: [iSUSPM Startup] C:\Program\DELADE~1\INSTAL~1\UPDATE~1\isuspm.exe -startup

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program\Delade filer\InstallShield\UpdateService\issch.exe" -start

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [steam] "c:\program\valve\steam\steam.exe" -silent

O4 - HKCU\..\Run: [skype] "C:\Program\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKCU\..\Run: [sTYLEXP] C:\Program\TGTSoft\StyleXP\stylexp.exe -Hide

O4 - Global Startup: Microsoft Office.lnk = C:\Program\Microsoft Office\Office10\OSA.EXE

O8 - Extra context menu item: Add to Kaspersky Anti-Banner - C:\Program\Kaspersky Lab\Kaspersky Internet Security 6.0\\ie_banner_deny.htm

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra button: Web Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program\Kaspersky Lab\Kaspersky Internet Security 6.0\scieplugin.dll

O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} (asusTek_sysctrl Class) - http://support.asus.com/common/asusTek_sys_ctrl.cab

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204

O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab

O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.2.2.89.cab

O16 - DPF: {556DDE35-E955-11D0-A707-000000521957} - http://www.xblock.com/download/xclean_micro.exe

O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1157829540405

O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - http://support.f-secure.com/ols/fscax.cab

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program\MSNMES~1\MSGRAP~1.DLL

O20 - AppInit_DLLs: C:\Program\KASPER~1\KASPER~1.0\adialhk.dll

O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe

O23 - Service: Kaspersky Internet Security 6.0 (AVP) - Unknown owner - C:\Program\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe" -r (file missing)

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program\Delade filer\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: ISSvc (ISSVC) - Unknown owner - C:\Program\Norton Internet Security\ISSVC.exe (file missing)

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

O23 - Service: StyleXPService - Unknown owner - C:\Program\tgtsoft\StyleXP\StyleXPService.exe[/log]

 

 

 

Link to comment
Share on other sites

Starta om datorn i felsäkert läge genom att trycka F8 upprepade gånger under uppstarten och välja Felsäkert i menyn.

 

Öppna SmitfraudFix-mappen och dubbelklicka på smitfraudfix.cmd för att starta programmet.

Välj alternativ #2 genom att trycka 2 och Enter.

Vänta på att verktyget blir klart och diskrensningen avslutas.

Under tiden så kommer det en fråga om du vill rensa registret (clean the registry) svara ja (Yes) genom att trycka Y och Enter.

 

Om datorn inte startar om av sig själv så gör du det.

Även denna gång ska det vara felsäkert läge.

 

Kontrollpanelen - Internet-alternativ - Allmänt - Ta bort filer, kryssa i rutan - OK

Sedan på fliken Program, välj Återställ webbinställningar. Verkställ - OK

 

Kontrollpanelen - Bildskärm - Skrivbord - Anpassa skrivbordet - Webb

Om det finns något med Security info eller liknande så Ta bort det.

OK - Verkställ - OK

 

Starta om datorn i normalt läge.

 

I ditt svar så klistra in den nyss skapade C:\rapport.txt och en ny HijackThis-logg, samt skriv hur datorn uppför sig nu.

 

Link to comment
Share on other sites

Ricke_Hallberg

Okej nu har jag gjort allt det där

 

Rapport:

 

[log]SmitFraudFix v2.127

 

Scan done at 15:21:28,75, 2006-12-04

Run from C:\Documents and Settings\Ricke\Skrivbord\SmitfraudFix

OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT

The filesystem type is NTFS

Fix run in safe mode

 

»»»»»»»»»»»»»»»»»»»»»»»» Before SmitFraudFix

!!!Attention, following keys are not inevitably infected!!!

 

SrchSTS.exe by S!Ri

Search SharedTaskScheduler's .dll

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]

"{1a01a98c-4f25-42e1-971a-185cf63569b2}"="expatriates"

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Killing process

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

 

GenericRenosFix by S!Ri

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

 

C:\WINDOWS\system32\isnotify.exe Deleted

C:\WINDOWS\system32\issearch.exe Deleted

C:\WINDOWS\system32\ixt?.dll Deleted

C:\WINDOWS\system32\ot.ico Deleted

C:\WINDOWS\system32\tpedvf.dll Deleted

C:\WINDOWS\system32\ts.ico Deleted

C:\WINDOWS\system32\components\flx?.dll Deleted

C:\WINDOWS\system32\components\flx??.dll Deleted

C:\WINDOWS\system32\components\flx???.dll Deleted

C:\DOCUME~1\Ricke\FAVORI~1\Antivirus Test Online.url Deleted

C:\DOCUME~1\ALLUSE~1\START-~1\Online Security Guide.url Deleted

C:\DOCUME~1\ALLUSE~1\START-~1\Security Troubleshooting.url Deleted

C:\Program\Virus-Bursters\ Deleted

 

»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System

!!!Attention, following keys are not inevitably infected!!!

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]

"System"=""

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

 

Registry Cleaning done.

 

»»»»»»»»»»»»»»»»»»»»»»»» After SmitFraudFix

!!!Attention, following keys are not inevitably infected!!!

 

SrchSTS.exe by S!Ri

Search SharedTaskScheduler's .dll

 

 

»»»»»»»»»»»»»»»»»»»»»»»» End

[/log]

 

Och hijackthis :

[log]

Logfile of HijackThis v1.99.1

Scan saved at 15:39:30, on 2006-12-04

Platform: Windows XP (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 (6.00.2600.0000)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Program\Delade filer\Symantec Shared\Security Center\UsrPrmpt.exe

C:\Program\Java\jre1.5.0_06\bin\jusched.exe

C:\Program\Winamp\winampa.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\WINDOWS\System32\rundll32.exe

C:\WINDOWS\System32\rundll32.exe

C:\Program\DAEMON Tools\daemon.exe

C:\WINDOWS\System32\RUNDLL32.EXE

C:\Program\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe

C:\Program\Delade filer\InstallShield\UpdateService\issch.exe

C:\WINDOWS\System32\ctfmon.exe

C:\Program\MSN Messenger\MsnMsgr.Exe

C:\WINDOWS\ATKKBService.exe

C:\program\valve\steam\steam.exe

C:\Program\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe

C:\Program\TGTSoft\StyleXP\stylexp.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\PROGRAM\MOZILL~1\FIREFOX.EXE

C:\WINDOWS\System32\wuauclt.exe

C:\WINDOWS\System32\wuauclt.exe

C:\WINDOWS\System32\svchost.exe

C:\Program\Internet Explorer\iexplore.exe

C:\Program\Hijackthis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program\Delade filer\Symantec Shared\AdBlocking\NISShExt.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program\google\googletoolbar3.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [ccApp] "C:\Program\Delade filer\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [sSC_UserPrompt] C:\Program\Delade filer\Symantec Shared\Security Center\UsrPrmpt.exe

O4 - HKLM\..\Run: [symantec NetDriver Monitor] C:\Program\SYMNET~1\SNDMon.exe /Consumer

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program\Java\jre1.5.0_06\bin\jusched.exe

O4 - HKLM\..\Run: [WinampAgent] C:\Program\Winamp\winampa.exe

O4 - HKLM\..\Run: [EXSOUND Station Pro] C:\VTECH\EXSOUND Station\EXSOUNDStation.exe

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [wcyrugc.dll] C:\WINDOWS\System32\rundll32.exe C:\WINDOWS\System32\wcyrugc.dll,hipeprc

O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program\DAEMON Tools\daemon.exe" -lang 1033

O4 - HKLM\..\Run: [amd_dc_opt] "C:\Program\AMD\amd_dc_opt\amd_dc_opt.exe"

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [kis] "C:\Program\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe"

O4 - HKLM\..\Run: [iSUSPM Startup] C:\Program\DELADE~1\INSTAL~1\UPDATE~1\isuspm.exe -startup

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program\Delade filer\InstallShield\UpdateService\issch.exe" -start

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [steam] "c:\program\valve\steam\steam.exe" -silent

O4 - HKCU\..\Run: [skype] "C:\Program\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKCU\..\Run: [sTYLEXP] C:\Program\TGTSoft\StyleXP\stylexp.exe -Hide

O4 - Global Startup: Microsoft Office.lnk = C:\Program\Microsoft Office\Office10\OSA.EXE

O8 - Extra context menu item: Add to Kaspersky Anti-Banner - C:\Program\Kaspersky Lab\Kaspersky Internet Security 6.0\\ie_banner_deny.htm

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra button: Web Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program\Kaspersky Lab\Kaspersky Internet Security 6.0\scieplugin.dll

O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} (asusTek_sysctrl Class) - http://support.asus.com/common/asusTek_sys_ctrl.cab

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204

O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab

O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.2.2.89.cab

O16 - DPF: {556DDE35-E955-11D0-A707-000000521957} - http://www.xblock.com/download/xclean_micro.exe

O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1157829540405

O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - http://support.f-secure.com/ols/fscax.cab

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program\MSNMES~1\MSGRAP~1.DLL

O20 - AppInit_DLLs: C:\Program\KASPER~1\KASPER~1.0\adialhk.dll

O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe

O23 - Service: Kaspersky Internet Security 6.0 (AVP) - Unknown owner - C:\Program\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe" -r (file missing)

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program\Delade filer\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: ISSvc (ISSVC) - Unknown owner - C:\Program\Norton Internet Security\ISSVC.exe (file missing)

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

O23 - Service: StyleXPService - Unknown owner - C:\Program\tgtsoft\StyleXP\StyleXPService.exe

 

[/log]

 

Dom där popupsen i meddelandefönstret har försvunnit, IE ändrar inte längre startsida, verkar även som att den har slutat att " hoppa vidare " till en sida som säger att jag har virus.

 

jättemycket tack! Dina råd uppskattas, fortsätt så! :D Gud vad skönt :)

Du ser inge konstigt i loggen då?

 

PS: En liten snabb fråga nu när jag ändå samtalar med nån kunnig, när jag startar datorn så kommer det ett felmeddelande som säger :

 

RUNDLL

 

Det gick inte att läsa in C:\Windows\System32\wcyrugc.dll

 

Det går inte att hitta den angivna modulen.

 

Vet du vad som saknas/borde göras?

 

Tack på förhand! :D

 

[inlägget ändrat 2006-12-04 15:45:10 av Ricke_Hallberg]

Link to comment
Share on other sites

Det är en gammal Java-version med säkerhetshål i datorn. Avinstallera alla Java i Kontrollpanelen - Lägg till eller ta bort program och installera därefter en ny: http://www.java.com/sv/

 

En rest av Norton att bli av med:

Kontrollpanelen - Administrationsverktyg - Tjänster

Leta upp ISSvc i listan, dubbelklicka och välj Startmetod Inaktiverad.

 

Skanna med HijackThis och bocka för:

 

O4 - HKLM\..\Run: [wcyrugc.dll] C:\WINDOWS\System32\rundll32.exe C:\WINDOWS\System32\wcyrugc.dll,hipeprc

 

Avsluta alla andra program.

Tryck Fix checked.

 

Starta om datorn i felsäkert läge (tryck F8 upprepade gånger under uppstarten och välj felsäkert läge i menyn).

 

Ställ in Utforskaren så att du kan se alla filer:

Verktyg - (Mapp)alternativ eller liknande - Visning

Välj Visa dolda filer och mappar

Avbocka Dölj filnamnstillägg för kända filtyper

Avbocka Dölj skyddade operativsystemfiler

 

Ta bort filerna (om de finns kvar):

C:\WINDOWS\System32\wcyrugc.dll

 

Starta om i normalt läge och så en ny HijackThis-logg.

Är felmeddelandet borta nu?

 

Link to comment
Share on other sites

Ricke_Hallberg

hijack this:

 

[log]Logfile of HijackThis v1.99.1

Scan saved at 00:58:31, on 2006-12-05

Platform: Windows XP (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 (6.00.2600.0000)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\System32\rundll32.exe

C:\Program\Winamp\winampa.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\Program\DAEMON Tools\daemon.exe

C:\WINDOWS\ATKKBService.exe

C:\WINDOWS\System32\RUNDLL32.EXE

C:\Program\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe

C:\Program\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe

C:\Program\Delade filer\InstallShield\UpdateService\issch.exe

C:\Program\Java\jre1.5.0_09\bin\jusched.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\WINDOWS\System32\ctfmon.exe

C:\Program\MSN Messenger\MsnMsgr.Exe

C:\Program\TGTSoft\StyleXP\stylexp.exe

C:\WINDOWS\System32\wuauclt.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\explorer.exe

C:\Program\Valve\Steam\Steam.exe

C:\Program\Microsoft Office\Office10\WINWORD.EXE

C:\PROGRAM\MOZILL~1\FIREFOX.EXE

C:\Program\Hijackthis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program\Delade filer\Symantec Shared\AdBlocking\NISShExt.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program\google\googletoolbar3.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [ccApp] "C:\Program\Delade filer\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [sSC_UserPrompt] C:\Program\Delade filer\Symantec Shared\Security Center\UsrPrmpt.exe

O4 - HKLM\..\Run: [symantec NetDriver Monitor] C:\Program\SYMNET~1\SNDMon.exe /Consumer

O4 - HKLM\..\Run: [WinampAgent] C:\Program\Winamp\winampa.exe

O4 - HKLM\..\Run: [EXSOUND Station Pro] C:\VTECH\EXSOUND Station\EXSOUNDStation.exe

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program\DAEMON Tools\daemon.exe" -lang 1033

O4 - HKLM\..\Run: [amd_dc_opt] "C:\Program\AMD\amd_dc_opt\amd_dc_opt.exe"

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [kis] "C:\Program\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe"

O4 - HKLM\..\Run: [iSUSPM Startup] C:\Program\DELADE~1\INSTAL~1\UPDATE~1\isuspm.exe -startup

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program\Delade filer\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program\Java\jre1.5.0_09\bin\jusched.exe"

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [steam] "c:\program\valve\steam\steam.exe" -silent

O4 - HKCU\..\Run: [skype] "C:\Program\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKCU\..\Run: [sTYLEXP] C:\Program\TGTSoft\StyleXP\stylexp.exe -Hide

O4 - Global Startup: Microsoft Office.lnk = C:\Program\Microsoft Office\Office10\OSA.EXE

O8 - Extra context menu item: Add to Kaspersky Anti-Banner - C:\Program\Kaspersky Lab\Kaspersky Internet Security 6.0\\ie_banner_deny.htm

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_09\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_09\bin\ssv.dll

O9 - Extra button: Web Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program\Kaspersky Lab\Kaspersky Internet Security 6.0\scieplugin.dll

O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} (asusTek_sysctrl Class) - http://support.asus.com/common/asusTek_sys_ctrl.cab

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204

O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab

O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.2.2.89.cab

O16 - DPF: {556DDE35-E955-11D0-A707-000000521957} - http://www.xblock.com/download/xclean_micro.exe

O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1157829540405

O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - http://support.f-secure.com/ols/fscax.cab

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program\MSNMES~1\MSGRAP~1.DLL

O20 - AppInit_DLLs: C:\Program\KASPER~1\KASPER~1.0\adialhk.dll

O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe

O23 - Service: Kaspersky Internet Security 6.0 (AVP) - Unknown owner - C:\Program\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe" -r (file missing)

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program\Delade filer\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

O23 - Service: StyleXPService - Unknown owner - C:\Program\tgtsoft\StyleXP\StyleXPService.exe

 

[/log]

 

Jajamen, det kommer inte längre något sådant meddelande :D

Tackar! det är så skönt att slippa trojanerna och så :D

Datorn har väl alltid känts slö, vet du nån speciell anledning det kan vara?

 

 

Link to comment
Share on other sites

Det är inte meningen att du ska ha något Norton/Symantec-program i datorn väl? Hitta då det särskilda rensningsprogrammet som Symantec har på sin supportwebbplats, man brukar hitta det om man söker på uninstall.

 

Jag vet inte om Steam kan ta mycket resurser. Annars så är det ju inte så mycket du har igång. Hur mycket minne är det i datorn? Hur gammal/snabb är datorn?

 

Här kommer mina vanliga råd för en säkrare dator, men det är så klart viktigt att man använder sitt förnuft också.

 

Uppdatera från Windows Update och kör antispionprogrammen AVG Anti-Spyware (Ewido), SUPERAntiSpyware, Spybot S&D och/eller Ad-aware regelbundet.

http://www.ewido.net/en/

http://www.superantispyware.com/

http://www.safer-networking.org/en/download/index.html

http://www.lavasoft.com

 

Komplettera antivirusprogrammet med några online-skanningar då och då:

http://housecall.trendmicro.com/

http://www.bitdefender.com/scan8/ie.html

http://www.pandasoftware.com/products/activescan/

 

Använd en brandvägg (bättre än den inbyggda i XP), finns gratis från t ex ZoneLabs.

http://www.zonelabs.com/store/content/home.jsp

 

Om man använder Internet Explorer så kan det vara lämpligt att ha programmen SpywareBlaster och SpywareGuard, vilka hindrar en hel del otrevliga program från att laddas ner resp. köras:

http://www.javacoolsoftware.com

 

Se över säkerhetsinställningarna i Internet Explorer, det finns en hel del tips här:

http://www.spywarewarrior.com/uiuc/btw/ie/ie-opts.htm

 

Samt kör IE-SpyAd som lägger en hel massa otrevliga webbplatser i zonen Ej tillförlitliga i Internet Explorer så att de inte kan göra något med datorn:

http://www.spywarewarrior.com/uiuc/resource.htm

 

Om man byter webbläsare så är det bara SpywareGuard som behövs. Andra webbläsare är t ex Mozilla Firefox och Opera:

http://www.mozilla.org

http://www.opera.com

 

Allt gratis för hemanvändare/personligt bruk.

 

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.



×
×
  • Create New...