MSN-Virus

[927]

ok, jag har aldrig sett en fil vars namn har ett eller flera mellanslag och inte heller utan filändelse.

 

det finns ju program som tar bort filer men med tanke på sökvägen och att den inte innehåler något så tror jag inte dessa funkar.

du kan ju alltid försöka med tex detta program

http://killbox.net/downloads/KillBox.exe

 

[Woodie]

The file seems not to exist står det bara....

 

[927]

det finns ju inget innehåll så i filen, det är väl som att jämnföra med en tom mapp. låt "objektet" vara.

 

det viktigaste var ju att msnfix tog bort dessa filer, speciellt dom filerna i system32 mappen

 

... C:\WINDOWS\album??.zip

... C:\WINDOWS\album???.zip

... C:\WINDOWS\image???.zip

... C:\WINDOWS\images??.zip

... C:\WINDOWS\images???.zip

... C:\WINDOWS\photo??.zip

... C:\WINDOWS\photo???.zip

... C:\WINDOWS\photos??.zip

... C:\WINDOWS\photos???.zip

... C:\WINDOWS\picture??.zip

... C:\WINDOWS\picture???.zip

... C:\WINDOWS\pictures???.zip

... C:\WINDOWS\system32\notiffy.dll

... C:\WINDOWS\system32\printers.exe

 

 

[Woodie]

ändå irriterande att filen ligger där och "finns inte" så man inte kan ta bort den

 

[927]

kan inte komma på nått vettigt just nu men kan du byta namn på den, tex till baka.txt

 

[Woodie]

Man kan inte göra nått med en eftersom den inte finns

 

En annan vän som jobbar me datateknik sa att det inte gör nått om den ligger där för den kan inte komminucera med nått för alla de filerna är borttagna.

 

Men åndå irriterande, någon kan ju säga till o dom vet ett sätt att ta bort "icke existerande filer"

 

[Zipp.]

 

Har du prövat att ta bort den i felsäkert läge?

Kan du flytta på filen ?

 

[Woodie]

Jag har prövat att flytta o ta bort, även i felsäkert läge.

 

[927]

gör en scan med f-secures blacklight

 

[PshyCom]

Jag fick denna loggen!

 

[log]MSN_Fix 1.447

 

C:\Documents and Settings\Andreas Kvarnstr”m\Skrivbord\MSNFix

Scan done at 2007-07-29 - 23:59:07,31 By Andreas Kvarnstr”m

normal mode

 

************************ Checking Files

 

... C:\WINDOWS\system32\libcintles3.dll

 

************************ Checking Folder

 

No Folder Found

 

 

 

 

************************ Deleting malware Files

 

/!\ ... C:\WINDOWS\system32\libcintles3.dll

 

 

 

************************ Registry Cleaning

 

 

 

Others Files will be delete after a reboot on normal mode

 

 

No Folder Found

************************ Deleting malware Files

 

.. OK ... C:\WINDOWS\system32\libcintles3.dll

 

 

 

************************ Suspect Files

 

/!\ The detected files must be controlled by a helper before any other handling

 

[C:\WINDOWS\photos2007_94.zip] EC405376BD7F23916E3A470CDF774FF4

[C:\WINDOWS\photos2007_52.zip] 9C58A6496DD5692C03F3A9EDBE57410B

[C:\WINDOWS\beyonce.scr] 3FE60B7095FF95BEC3662E450C7248FD

[C:\WINDOWS\b_marley.scr] E469663F4EF57BF10FEF0AE0E88FE6BE

 

 

The Files and Registry deleted have been save in 2007-07-30_ 0094634.zip[/log]

 

[927]

det var ju kul men det är ingen bra med två problem i samma tråd.

 

starta en ny tråd, posta en hijacktis logg och berätta om dessa filer är dina

C:\WINDOWS\photos2007_94.zip

C:\WINDOWS\photos2007_52.zip

 

[dida1]

Hej har fått ett msn virus som skickar en massa skumma medelanden som "ahahaha sexxxy" till min kontakter. Har gjort exakt som "cecilia" skrivit att man ska göra. har kommer min logg från superantispyware: [log]SUPERAntiSpyware Scan Log

http://www.superantispyware.com

 

Generated 11/25/2007 at 08:59 PM

 

Application Version : 3.9.1008

 

Core Rules Database Version : 3259

Trace Rules Database Version: 1270

 

Scan type : Complete Scan

Total Scan Time : 01:08:58

 

Memory items scanned : 168

Memory threats detected : 0

Registry items scanned : 5384

Registry threats detected : 1

File items scanned : 62723

File threats detected : 95

 

Trojan.Media-Codec

HKU\S-1-5-21-4287499240-129385031-2460320682-1007\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser#{479FD0CF-5BE9-4C63-8CDA-B6D371C67BD5}

 

Adware.Tracking Cookie

C:\Documents and Settings\Dida\Cookies\dida@bs.serving-sys[1].txt

C:\Documents and Settings\Dida\Cookies\dida@statse.webtrendslive[1].txt

C:\Documents and Settings\Dida\Cookies\dida@www.googleadservices[3].txt

C:\Documents and Settings\Dida\Cookies\dida@ehg-playboy.hitbox[2].txt

C:\Documents and Settings\Dida\Cookies\dida@hitbox[2].txt

C:\Documents and Settings\Dida\Cookies\dida@mtgnewmedia[2].txt

C:\Documents and Settings\Dida\Cookies\dida@casalemedia[1].txt

C:\Documents and Settings\Dida\Cookies\dida@www.addfreestats[1].txt

C:\Documents and Settings\Dida\Cookies\dida@atwola[1].txt

C:\Documents and Settings\Dida\Cookies\dida@eas.apm.emediate[1].txt

C:\Documents and Settings\Dida\Cookies\dida@msnportal.112.2o7[1].txt

C:\Documents and Settings\Dida\Cookies\dida@adserver.eniro[1].txt

C:\Documents and Settings\Dida\Cookies\dida@realmedia[1].txt

C:\Documents and Settings\Dida\Cookies\dida@ehg-segaofamerica.hitbox[2].txt

C:\Documents and Settings\Dida\Cookies\dida@mediaplex[1].txt

C:\Documents and Settings\Dida\Cookies\dida@metacafe.122.2o7[1].txt

C:\Documents and Settings\Dida\Cookies\dida@fastclick[1].txt

C:\Documents and Settings\Dida\Cookies\dida@adserver.banneradministration[2].txt

C:\Documents and Settings\Dida\Cookies\dida@adserver.71i[2].txt

C:\Documents and Settings\Dida\Cookies\dida@ads.pointroll[1].txt

C:\Documents and Settings\Dida\Cookies\dida@clicktorrent[2].txt

C:\Documents and Settings\Dida\Cookies\dida@banner.casinoking[2].txt

C:\Documents and Settings\Dida\Cookies\dida@e2.emediate[2].txt

C:\Documents and Settings\Dida\Cookies\dida@server.cpmstar[2].txt

C:\Documents and Settings\Dida\Cookies\dida@www.googleadservices[2].txt

C:\Documents and Settings\Dida\Cookies\dida@questionmarket[2].txt

C:\Documents and Settings\Dida\Cookies\dida@worldlingomedia[1].txt

C:\Documents and Settings\Dida\Cookies\dida@atdmt[1].txt

C:\Documents and Settings\Dida\Cookies\dida@www.worldlingomedia[1].txt

C:\Documents and Settings\Dida\Cookies\dida@advertising[1].txt

C:\Documents and Settings\Dida\Cookies\dida@ad1.emediate[2].txt

C:\Documents and Settings\Dida\Cookies\dida@ads.adbrite[1].txt

C:\Documents and Settings\Dida\Cookies\dida@overture[1].txt

C:\Documents and Settings\Dida\Cookies\dida@tradedoubler[1].txt

C:\Documents and Settings\Dida\Cookies\dida@banners2.battleon[1].txt

C:\Documents and Settings\Dida\Cookies\dida@stepstone.112.2o7[1].txt

C:\Documents and Settings\Dida\Cookies\dida@ad.zanox[1].txt

C:\Documents and Settings\Dida\Cookies\dida@ehg-ifilm.hitbox[1].txt

C:\Documents and Settings\Dida\Cookies\dida@www.burstnet[1].txt

C:\Documents and Settings\Dida\Cookies\dida@youporn[1].txt

C:\Documents and Settings\Dida\Cookies\dida@counter6.sextracker[1].txt

C:\Documents and Settings\Dida\Cookies\dida@doubleclick[1].txt

C:\Documents and Settings\Dida\Cookies\dida@sextracker[1].txt

C:\Documents and Settings\Dida\Cookies\dida@ehg-wssuk.hitbox[1].txt

C:\Documents and Settings\Dida\Cookies\dida@adultadworld[2].txt

C:\Documents and Settings\Dida\Cookies\dida@revsci[2].txt

C:\Documents and Settings\Dida\Cookies\dida@imrworldwide[2].txt

C:\Documents and Settings\Dida\Cookies\dida@serving-sys[1].txt

C:\Documents and Settings\Dida\Cookies\dida@videoegg.adbureau[2].txt

C:\Documents and Settings\Dida\Cookies\dida@zedo[1].txt

C:\Documents and Settings\Dida\Cookies\dida@xiti[1].txt

C:\Documents and Settings\Dida\Cookies\dida@tribalfusion[1].txt

C:\Documents and Settings\Dida\Cookies\dida@ad.adtoma[2].txt

C:\Documents and Settings\Dida\Cookies\dida@burstnet[1].txt

C:\Documents and Settings\Dida\Cookies\dida@track.adform[2].txt

C:\Documents and Settings\Dida\Cookies\dida@statcounter[1].txt

C:\Documents and Settings\Dida\Cookies\dida@2o7[2].txt

C:\Documents and Settings\Dida\Cookies\dida@adtech[1].txt

C:\Documents and Settings\Dida\Cookies\dida@www.googleadservices[1].txt

C:\Documents and Settings\Dida\Cookies\dida@adbrite[1].txt

C:\Documents and Settings\Dida\Cookies\dida@rocku.adbureau[2].txt

C:\Documents and Settings\Dida\Cookies\dida@tacoda[2].txt

C:\Documents and Settings\Anna\Cookies\anna@ad.adtoma[1].txt

C:\Documents and Settings\Anna\Cookies\anna@ad.zanox[1].txt

C:\Documents and Settings\Anna\Cookies\anna@ad1.emediate[1].txt

C:\Documents and Settings\Anna\Cookies\anna@ads1.partnerlogic[1].txt

C:\Documents and Settings\Anna\Cookies\anna@adserver.banneradministration[2].txt

C:\Documents and Settings\Anna\Cookies\anna@adserver.eniro[2].txt

C:\Documents and Settings\Anna\Cookies\anna@banner.casinoking[2].txt

C:\Documents and Settings\Anna\Cookies\anna@dtftravel.112.2o7[1].txt

C:\Documents and Settings\Anna\Cookies\anna@dztadserver.dx-work[2].txt

C:\Documents and Settings\Anna\Cookies\anna@ehg-abupsala.hitbox[2].txt

C:\Documents and Settings\Anna\Cookies\anna@ehg-skistar.hitbox[1].txt

C:\Documents and Settings\Anna\Cookies\anna@hbxtracking.sueddeutsche[1].txt

C:\Documents and Settings\Anna\Cookies\anna@hitbox[2].txt

C:\Documents and Settings\Anna\Cookies\anna@impse.tradedoubler[1].txt

C:\Documents and Settings\Anna\Cookies\anna@interclick[2].txt

C:\Documents and Settings\Anna\Cookies\anna@komtrack[2].txt

C:\Documents and Settings\Anna\Cookies\anna@matklubben.banneradministration[2].txt

C:\Documents and Settings\Anna\Cookies\anna@media.adrevolver[1].txt

C:\Documents and Settings\Anna\Cookies\anna@members.tripod[2].txt

C:\Documents and Settings\Anna\Cookies\anna@msnportal.112.2o7[1].txt

C:\Documents and Settings\Anna\Cookies\anna@postclicktracking[2].txt

C:\Documents and Settings\Anna\Cookies\anna@sales.liveperson[1].txt

C:\Documents and Settings\Anna\Cookies\anna@stat.swedbank[1].txt

C:\Documents and Settings\Anna\Cookies\anna@statse.webtrendslive[1].txt

C:\Documents and Settings\Anna\Cookies\anna@tacoda[1].txt

C:\Documents and Settings\Anna\Cookies\anna@tipset.medianet[1].txt

C:\Documents and Settings\Anna\Cookies\anna@track.adform[2].txt

C:\Documents and Settings\Anna\Cookies\anna@tracking.notabenestats[1].txt

C:\Documents and Settings\Anna\Cookies\anna@tripod[2].txt

C:\Documents and Settings\Anna\Cookies\anna@worldlingomedia[2].txt

C:\Documents and Settings\Anna\Cookies\anna@www.googleadservices[1].txt

C:\Documents and Settings\Anna\Cookies\anna@www.googleadservices[2].txt

C:\Documents and Settings\Anna\Cookies\anna@www.worldlingomedia[2].txt[/log]

 

 

vore underbart om nån kunde kolla så att allt är som det ska.

 

 

[inlägget ändrat 2007-11-25 23:58:02 av Cecilia]

[Cecilia]

Till den MSN-mask som cirkulerar för tillfället så är inte SUPERAntiSpyware till så mycket hjälp.

 

Vi kan ju se om HijackThis visar något till att börja med:

http://www.trendsecure.com/portal/en-US/_download/HJTInstall.exe

Installera, kör, skanna och spara loggen (inget annat).

 

I ditt svar bifogar du HijackThis-loggen på detta sätt:

Tryck på LOG-knappen i Besvara-fönstret

Klistra in loggen

Tryck igen på LOG-knappen

 

Ladda ner MSN_Fix till Skrivbordet.

http://sosvirus.changelog.fr/MSNFix.zip

Packa upp filen och starta MSNFix.bat genom att dubbelklicka på den.

Välj språk genom att trycka på motsvarande bokstav.

Tryck R för att starta skanningen.

Om något hittas så tryck på valfri tangent för att starta borttagningen.

Ibland så kommer det upp ett meddelande om att starta om datorn, gör det i så fall.

Klistra in loggen som kommer upp i ditt svar här på samma sätt med LOG-knappen.

Om den inte kommer upp så hittar du den i den mappen där programmet ligger och namnet på loggen innehåller datum och klockslag för körningen.

 

[dida1]

Hej, här kommer min Hijackthis log, försökte med msnfix men när jag tryckte "R" kom det bara upp en ruta med "windows ingen disk" där man kunde trycka "fortsätt" "avbryt" eller "försök igen " vad jag än tryckte på kom det bara upp en ny likadan ruta. Men här kommer HT loggen iaf:[log]Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 17:14:43, on 2007-11-27

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16544)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\Program\Panda Software\Panda Platinum 2006 Internet Security\pavsrv51.exe

C:\Program\Panda Software\Panda Platinum 2006 Internet Security\AVENGINE.EXE

C:\WINDOWS\system32\svchost.exe

C:\Program\Panda Software\Panda Platinum 2006 Internet Security\TPSrv.exe

c:\program\panda software\panda platinum 2006 internet security\firewall\PNMSRV.EXE

C:\WINDOWS\system32\LEXBCES.EXE

C:\WINDOWS\system32\LEXPPS.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Program\Winamp\winampa.exe

C:\Program\Java\jre1.5.0_10\bin\jusched.exe

C:\Program\QuickTime\qttask.exe

C:\Program\Dell\Media Experience\PCMService.exe

C:\Program\iTunes\iTunesHelper.exe

C:\Program\CyberLink\PowerDVD\DVDLauncher.exe

C:\WINDOWS\system32\dla\tfswctrl.exe

C:\Program\Dell AIO Printer A920\dlbkbmgr.exe

C:\Program\Panda Software\Panda Platinum 2006 Internet Security\APVXDWIN.EXE

C:\Program\Dell AIO Printer A920\dlbkbmon.exe

C:\Program\Windows Live\Messenger\msnmsgr.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

C:\Program\Glocalnet Bredband\Bredbandsklienten\GlocalnetBredbandService.exe

C:\Program\Delade filer\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\System32\nvsvc32.exe

C:\Program\Panda Software\Panda Platinum 2006 Internet Security\PavFnSvr.exe

C:\Program\Delade filer\Panda Software\PavShld\pavprsrv.exe

C:\Program\Panda Software\Panda Platinum 2006 Internet Security\AntiSpam\pskmssvc.exe

C:\Program\Panda Software\Panda Platinum 2006 Internet Security\psimsvc.exe

C:\WINDOWS\System32\svchost.exe

C:\Program\iPod\bin\iPodService.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Program\Panda Software\Panda Platinum 2006 Internet Security\SRVLOAD.EXE

c:\program\panda software\panda platinum 2006 internet security\WebProxy.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program\Internet Explorer\iexplore.exe

C:\Program\Delade filer\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\Program\Panda Software\Panda Platinum 2006 Internet Security\psimreal.exe

C:\Program\Trend Micro\HijackThis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157'>http://go.microsoft.com/fwlink/?LinkId=69157'>http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896'>http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=488

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Delade filer\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program\Java\jre1.5.0_10\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live inloggningshjälpen - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program\Delade filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program\Windows Live Toolbar\msntb.dll

O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program\Windows Live Toolbar\msntb.dll

O4 - HKLM\..\Run: [WinampAgent] C:\Program\Winamp\winampa.exe

O4 - HKLM\..\Run: [updateManager] "C:\Program\Delade filer\Sonic\Update Manager\sgtray.exe" /r

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program\Java\jre1.5.0_10\bin\jusched.exe"

O4 - HKLM\..\Run: [sCANINICIO] "C:\Program\Panda Software\Panda Platinum 2006 Internet Security\Inicio.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [PCMService] "C:\Program\Dell\Media Experience\PCMService.exe"

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [DVDLauncher] "C:\Program\CyberLink\PowerDVD\DVDLauncher.exe"

O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe

O4 - HKLM\..\Run: [Dell AIO Printer A920] "C:\Program\Dell AIO Printer A920\dlbkbmgr.exe"

O4 - HKLM\..\Run: [APVXDWIN] "C:\Program\Panda Software\Panda Platinum 2006 Internet Security\APVXDWIN.EXE" /s

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKCU\..\Run: [msnmsgr] "C:\Program\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Policies\Explorer\Run: [NTSpool] NTSpool.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKAL TJÄNST')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Personal.lnk = C:\Program\Personal\bin\Personal.exe

O8 - Extra context menu item: &Windows Live Search - res://C:\Program\Windows Live Toolbar\msntb.dll/search.htm

O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~3\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_10\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_10\bin\ssv.dll

O9 - Extra button: Referensinformation - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program\MICROS~3\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O17 - HKLM\System\CCS\Services\Tcpip\..\{4773AAE2-D9F4-4EE0-867A-6FA099140668}: NameServer = 195.58.103.130 195.58.103.18

O23 - Service: Glocalnet Bredband (GlocalnetBredbandClientService) - Glocalnet AB - C:\Program\Glocalnet Bredband\Bredbandsklienten\GlocalnetBredbandService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program\Delade filer\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPodService - Apple Computer, Inc. - C:\Program\iPod\bin\iPodService.exe

O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE

O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program\Intel\NCS\Sync\NetSvc.exe

O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

O23 - Service: Panda Function Service (PAVFNSVR) - Panda Software International - C:\Program\Panda Software\Panda Platinum 2006 Internet Security\PavFnSvr.exe

O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program\Delade filer\Panda Software\PavShld\pavprsrv.exe

O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:\Program\Panda Software\Panda Platinum 2006 Internet Security\pavsrv51.exe

O23 - Service: Panda Antispam Engine (pmshellsrv) - Panda Software International - C:\Program\Panda Software\Panda Platinum 2006 Internet Security\AntiSpam\pskmssvc.exe

O23 - Service: Panda Network Manager (PNMSRV) - Panda Software International - c:\program\panda software\panda platinum 2006 internet security\firewall\PNMSRV.EXE

O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software - C:\Program\Panda Software\Panda Platinum 2006 Internet Security\psimsvc.exe

O23 - Service: Panda TPSrv (TPSrv) - Panda Software - C:\Program\Panda Software\Panda Platinum 2006 Internet Security\TPSrv.exe

 

--

End of file - 8856 bytes

[/log]

 

[Cecilia]

Starta om datorn i felsäkert läge (tryck F8 upprepade gånger under uppstarten och välj felsäkert läge i menyn).

 

[log]Skanna med HijackThis och bocka för:

 

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O4 - HKCU\..\Policies\Explorer\Run: [NTSpool] NTSpool.exe

 

Avsluta alla andra program.

Tryck Fix checked.

 

Ställ in Utforskaren så att du kan se alla filer:

Verktyg - Mappalternativ - Visning

Välj Visa dolda filer och mappar

Avbocka Dölj filnamnstillägg för kända filtyper

Avbocka Dölj skyddade operativsystemfiler

 

Ta bort filerna (om de finns kvar):

C:\WINDOWS\System32\NTSpool.exe

 

Om det finns några filer pics10.zip eller med andra siffror och som har skapats nu med infektionen så ta bort dem också.

 

Starta om i normalt läge och kontrollera själv att ovanstående rad är borta ur en ny HijackThis-logg.

 

Det är en gammal Java-version med säkerhetshål i datorn. Jag rekommenderar dig att installera en ny från http://www.java.com/sv/ och därefter avinstallera alla Java/J2SE/JRE utom den senaste i Kontrollpanelen - Lägg till eller ta bort program (inga webbläsare igång).[/log]

 

[dida1]

ok, tack så jättemycket =)

 

[Cecilia]

När du har gjort alltihop och raden är borta så är det dags att provköra MSN.

 

[--GK--]

Hallå, jag är ny här och vill ha hjälp med att få bort virus från Msn. Så jag ska börja me HijackThis? Sen lägga upp loggen?

 

[inlägget ändrat 2007-12-09 20:19:11 av Golzmo]

[Zipp.]

 

[log]Ladda ner ComboFix på Skrivbordet:

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

 

Kör den och följ anvisningarna som visas.

 

VIKTIGT! Klicka inte på Combofix-fönstret med musen när den körs annars kan den hänga upp sig.

 

När den är färdig så ska en logg komma upp, klistra in den här.

 

I ditt svar bifogar du loggen på detta sätt:

Tryck på LOG-knappen i Besvara-fönstret

Klistra in loggen

Tryck igen på LOG-knappen[/log]

 

[em.gbg]

Hej!

 

Jag har problem med msn-virus. Kan du hjälpa mig också?

 

[log]SUPERAntiSpyware Scan Log

http://www.superantispyware.com

 

Generated 12/09/2007 at 10:41 PM

 

Application Version : 3.9.1008

 

Core Rules Database Version : 3259

Trace Rules Database Version: 1270

 

Scan type : Complete Scan

Total Scan Time : 00:58:56

 

Memory items scanned : 168

Memory threats detected : 0

Registry items scanned : 6860

Registry threats detected : 31

File items scanned : 39026

File threats detected : 10

 

Adware.MyWebSearch

[MyWebSearch Email Plugin] C:\PROGRAM\MYWEBS~1\BAR\1.BIN\MWSOEMON.EXE

C:\PROGRAM\MYWEBS~1\BAR\1.BIN\MWSOEMON.EXE

[MyWebSearch Email Plugin] C:\PROGRAM\MYWEBS~1\BAR\1.BIN\MWSOEMON.EXE

HKLM\Software\Classes\CLSID\{00A6FAF1-072E-44cf-8957-5838F569A31D}

HKCR\CLSID\{00A6FAF1-072E-44CF-8957-5838F569A31D}

HKCR\CLSID\{00A6FAF1-072E-44CF-8957-5838F569A31D}

HKCR\CLSID\{00A6FAF1-072E-44CF-8957-5838F569A31D}\InprocServer32

HKCR\CLSID\{00A6FAF1-072E-44CF-8957-5838F569A31D}\InprocServer32#ThreadingModel

HKCR\CLSID\{00A6FAF1-072E-44CF-8957-5838F569A31D}\Programmable

C:\PROGRAM\MYWEBSEARCH\SRCHASTT\1.BIN\MWSSRCAS.DLL

HKLM\Software\Classes\CLSID\{00A6FAF6-072E-44cf-8957-5838F569A31D}

HKCR\CLSID\{00A6FAF6-072E-44CF-8957-5838F569A31D}

HKCR\CLSID\{00A6FAF6-072E-44CF-8957-5838F569A31D}

HKCR\CLSID\{00A6FAF6-072E-44CF-8957-5838F569A31D}\InprocServer32

HKCR\CLSID\{00A6FAF6-072E-44CF-8957-5838F569A31D}\InprocServer32#ThreadingModel

HKCR\CLSID\{00A6FAF6-072E-44CF-8957-5838F569A31D}\Programmable

HKLM\Software\Classes\CLSID\{07B18EA1-A523-4961-B6BB-170DE4475CCA}

HKCR\CLSID\{07B18EA1-A523-4961-B6BB-170DE4475CCA}

HKCR\CLSID\{07B18EA1-A523-4961-B6BB-170DE4475CCA}

HKCR\CLSID\{07B18EA1-A523-4961-B6BB-170DE4475CCA}\InprocServer32

HKCR\CLSID\{07B18EA1-A523-4961-B6BB-170DE4475CCA}\InprocServer32#ThreadingModel

HKCR\CLSID\{07B18EA1-A523-4961-B6BB-170DE4475CCA}\Programmable

HKCR\CLSID\{07B18EA1-A523-4961-B6BB-170DE4475CCA}\TypeLib

C:\PROGRAM\MYWEBSEARCH\BAR\1.BIN\MWSBAR.DLL

HKLM\Software\Classes\CLSID\{07B18EA9-A523-4961-B6BB-170DE4475CCA}

HKCR\CLSID\{07B18EA9-A523-4961-B6BB-170DE4475CCA}

HKCR\CLSID\{07B18EA9-A523-4961-B6BB-170DE4475CCA}

HKCR\CLSID\{07B18EA9-A523-4961-B6BB-170DE4475CCA}\InprocServer32

HKCR\CLSID\{07B18EA9-A523-4961-B6BB-170DE4475CCA}\InprocServer32#ThreadingModel

HKCR\CLSID\{07B18EA9-A523-4961-B6BB-170DE4475CCA}\Programmable

HKCR\CLSID\{07B18EA9-A523-4961-B6BB-170DE4475CCA}\TypeLib

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00A6FAF1-072E-44cf-8957-5838F569A31D}

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{07B18EA1-A523-4961-B6BB-170DE4475CCA}

HKU\S-1-5-21-1151725167-3917115542-1333564759-1007\Software\Microsoft\Internet Explorer\URLSearchHooks#{00A6FAF6-072E-44cf-8957-5838F569A31D}

C:\PROGRAM\MYWEBSEARCH\BAR\1.BIN\MWSOEMON.EXE

C:\DOCUMENTS AND SETTINGS\ALL USERS\START-MENY\PROGRAM\AUTOSTART\MYWEBSEARCH EMAIL PLUGIN.LNK

C:\WINDOWS\Prefetch\MWSOEMON.EXE-019502CF.pf

C:\WINDOWS\Prefetch\MWSOEMON.EXE-2DB69FA6.pf

 

Adware.Tracking Cookie

C:\Documents and Settings\Emma\Cookies\emma@mywebsearch[1].txt

C:\Documents and Settings\Emma\Cookies\emma@msnportal.112.2o7[1].txt

C:\Documents and Settings\Emma\Cookies\emma@imrworldwide[2].txt

[/log]

 

 

[log]Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 23:03:15, on 2007-12-09

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16544)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Program\Delade filer\Symantec Shared\ccSetMgr.exe

C:\Program\Delade filer\Symantec Shared\ccEvtMgr.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program\Delade filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program\Delade filer\Symantec Shared\ccProxy.exe

C:\WINDOWS\system32\CTsvcCDA.EXE

C:\WINDOWS\System32\svchost.exe

C:\Program\Delade filer\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Program\Norton Internet Security\Norton AntiVirus\navapsvc.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Program\Delade filer\Symantec Shared\SNDSrvc.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\Program\Norton Internet Security\Norton AntiVirus\SAVScan.exe

C:\Program\Java\jre1.5.0_10\bin\jusched.exe

C:\Program\HPQ\Quick Launch Buttons\EabServr.exe

C:\Program\Synaptics\SynTP\SynTPLpr.exe

C:\Program\Synaptics\SynTP\SynTPEnh.exe

C:\Program\HP\Digital Imaging\Unload\hpqcmon.exe

C:\Program\HP\HP Share-to-Web\hpgs2wnd.exe

C:\WINDOWS\System32\hphmon05.exe

C:\Program\Delade filer\Nokia\NCLTools\NCLConf.exe

C:\Program\Microsoft IntelliPoint\point32.exe

C:\Program\Hewlett-Packard\HP Software Update\HPWuSchd2.exe

C:\Program\MYWEBS~1\bar\1.bin\mwsoemon.exe

C:\Program\Delade filer\Symantec Shared\ccApp.exe

C:\Program\HP\HP Share-to-Web\hpgs2wnf.exe

C:\Program\iTunes\iTunesHelper.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program\MSN Messenger\msnmsgr.exe

C:\WINDOWS\system32\wnpcgs.exe

C:\Program\Creative\MediaSource\Detector\CTDetect.exe

C:\Program\Creative\Sync Manager Unicode\CTSyncU.exe

C:\Program\Windows Media Player\WMPNSCFG.exe

C:\Program\SUPERAntiSpyware\SUPERAntiSpyware.exe

C:\Program\HP\Digital Imaging\bin\hpqtra08.exe

C:\Program\iPod\bin\iPodService.exe

C:\Program\MSN Toolbar Suite\DS\02.05.0001.1119\sv-se\bin\WindowsSearch.exe

C:\Program\MSN Toolbar Suite\DS\02.05.0001.1119\sv-se\bin\WindowsSearchIndexer.exe

C:\Program\Internet Explorer\iexplore.exe

C:\Program\Delade filer\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\WINDOWS\system32\notepad.exe

C:\Program\MSN Toolbar Suite\DS\02.05.0001.1119\sv-se\bin\WindowsSearchFilter.exe

C:\Program\Messenger\msmsgs.exe

C:\Program\Trend Micro\HijackThis\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.se/0SESVSE/SAOS01

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.se/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157'>http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896'>http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.hp.com/

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar

R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL

O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program\MyWebSearch\bar\1.bin\MWSBAR.DLL

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program\Java\jre1.5.0_10\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program\Delade filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program\Delade filer\Symantec Shared\AdBlocking\NISShExt.dll

O2 - BHO: MSN Search Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program\MSN Toolbar Suite\TB\02.05.0000.1105\sv-se\msntb.dll

O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program\Norton Internet Security\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: MSN Search Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program\MSN Toolbar Suite\TB\02.05.0000.1105\sv-se\msntb.dll

O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program\Delade filer\Symantec Shared\AdBlocking\NISShExt.dll

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program\Norton Internet Security\Norton AntiVirus\NavShExt.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program\Java\jre1.5.0_10\bin\jusched.exe"

O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program\HPQ\Quick Launch Buttons\EabServr.exe /Start

O4 - HKLM\..\Run: [updateManager] "C:\Program\Delade filer\Sonic\Update Manager\sgtray.exe" /r

O4 - HKLM\..\Run: [synTPLpr] C:\Program\Synaptics\SynTP\SynTPLpr.exe

O4 - HKLM\..\Run: [synTPEnh] C:\Program\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [CamMonitor] C:\Program\HP\Digital Imaging\Unload\hpqcmon.exe

O4 - HKLM\..\Run: [share-to-Web Namespace Daemon] C:\Program\HP\HP Share-to-Web\hpgs2wnd.exe

O4 - HKLM\..\Run: [HPHUPD05] c:\Program\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe

O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe

O4 - HKLM\..\Run: [Cpqset] C:\Program\HPQ\Default Settings\cpqset.exe

O4 - HKLM\..\Run: [Nokia Connection Monitor] "C:\Program\Delade filer\Nokia\NCLTools\NCLConf.exe"

O4 - HKLM\..\Run: [intelliPoint] "C:\Program\Microsoft IntelliPoint\point32.exe"

O4 - HKLM\..\Run: [HP Software Update] "C:\Program\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"

O4 - HKLM\..\Run: [iCQ Lite] C:\Program\ICQLite\ICQLite.exe -minimize

O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\Program\MYWEBS~1\bar\1.bin\mwsoemon.exe

O4 - HKLM\..\Run: [OM_Monitor] C:\Program\OLYMPUS\OLYMPUS Master\FirstStart.exe

O4 - HKLM\..\Run: [ccApp] "C:\Program\Delade filer\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [urlLSTCK.exe] C:\Program\Norton Internet Security\UrlLstCk.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [Windows Remote Addressing] wnpcgs.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Program\MSN Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\Program\MYWEBS~1\bar\1.bin\mwsoemon.exe

O4 - HKCU\..\Run: [OM_Monitor] C:\Program\OLYMPUS\OLYMPUS Master\Monitor.exe -NoStart

O4 - HKCU\..\Run: [Creative Detector] C:\Program\Creative\MediaSource\Detector\CTDetect.exe /R

O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Program\Creative\Sync Manager Unicode\CTSyncU.exe"

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program\Windows Media Player\WMPNSCFG.exe

O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program\SUPERAntiSpyware\SUPERAntiSpyware.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKAL TJÄNST')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: MyWebSearch Email Plugin.lnk = C:\Program\MyWebSearch\bar\1.bin\MWSOEMON.EXE

O4 - Global Startup: Ringo Launcher.lnk = C:\Program\Ringo\Hub.exe

O4 - Global Startup: Windows Desktop Search.lnk = C:\Program\MSN Toolbar Suite\DS\02.05.0001.1119\sv-se\bin\WindowsSearch.exe

O8 - Extra context menu item: &MSN Search - res://C:\Program\MSN Toolbar Suite\TB\02.05.0000.1105\sv-se\msntb.dll/search.htm

O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZSzeb029YYSE_ZS

O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~3\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_10\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_10\bin\ssv.dll

O9 - Extra button: Referensinformation - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program\MICROS~3\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll

O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/ei-2/SmileyCentralFWBInitialSetup1.0.0.8-2.cab

O20 - Winlogon Notify: !SASWinLogon - C:\Program\SUPERAntiSpyware\SASWINLO.dll

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program\Delade filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccProxy.exe

O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccPwdSvc.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccSetMgr.exe

O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE

O23 - Service: iPod Service - Apple Inc. - C:\Program\iPod\bin\iPodService.exe

O23 - Service: Norton AntiVirus Auto Protect-tjänst (navapsvc) - Symantec Corporation - C:\Program\Norton Internet Security\Norton AntiVirus\navapsvc.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: SAVScan - Symantec Corporation - C:\Program\Norton Internet Security\Norton AntiVirus\SAVScan.exe

O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\Program\DELADE~1\SYMANT~1\SCRIPT~1\SBServ.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\SNDSrvc.exe

 

--

End of file - 11713 bytes

[/log]

[inlägget ändrat 2007-12-09 23:03:41 av em.gbg]

[Cecilia]

em.gbg: MSN-masken som går runt nu är helt annorlunda än den som förekom för ett år sedan så starta upp en ny tråd genom att trycka på Skriv inlägg till vänster i stället för att göra denna tråd ännu mera rörig.

 

[--GK--]

Ok här kommer ComboFix först

 

[log]ComboFix 07-12-09.1 - Gustav Karlsson 2007-12-09 21:29:34.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1053.18.1298 [GMT 1:00]

Running from: C:\Documents and Settings\Gustav Karlsson\Skrivbord\ComboFix.exe

* Created a new restore point

.

 

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\Documents and Settings\Gustav Karlsson\Application Data\inst.exe

C:\Documents and Settings\Gustav Karlsson\Application Data\macromedia\Flash Player\#SharedObjects\JTG849MB\www.broadcaster.com

C:\Documents and Settings\Gustav Karlsson\Application Data\macromedia\Flash Player\#SharedObjects\JTG849MB\www.broadcaster.com\played_list.sol

C:\Documents and Settings\Gustav Karlsson\Application Data\macromedia\Flash Player\#SharedObjects\JTG849MB\www.broadcaster.com\video_queue.sol

C:\Documents and Settings\Gustav Karlsson\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com

C:\Documents and Settings\Gustav Karlsson\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com\settings.sol

 

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

 

.

-------\LEGACY_NPF

-------\NPF

 

 

((((((((((((((((((((((((( Files Created from 2007-11-09 to 2007-12-09 )))))))))))))))))))))))))))))))

.

 

2007-12-09 19:40 . 2007-12-09 19:40 0 --a------ C:\23990098.$$$

2007-12-09 18:05 . 2007-12-09 18:05 <KAT> d-------- C:\Kaspersky

2007-12-09 12:43 . 2007-12-09 14:21 <KAT> d-------- C:\Program\No1 DVD Ripper

2007-12-09 00:19 . 2007-12-09 00:19 <KAT> d-------- C:\Program\123 AVI to GIF Converter

2007-12-08 18:08 . 2007-12-08 18:08 <KAT> d-------- C:\Documents and Settings\Gustav Karlsson\Application Data\AltrixSoft

2007-12-07 21:55 . 2007-12-07 21:58 <KAT> d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help

2007-12-07 18:18 . 2006-11-22 14:55 73,728 --a------ C:\WINDOWS\system32\DeathAdder.cpl

2007-12-07 17:51 . 2006-01-01 01:04 10,027 --a------ C:\WINDOWS\system32\mspriv32.dll

2007-12-03 18:48 . 1997-08-26 12:06 315,904 --a------ C:\WINDOWS\IsUninst.exe

2007-12-01 17:18 . 2007-12-01 17:18 <KAT> d-------- C:\Program\GetTubeVideo

2007-11-26 17:06 . 2007-12-01 17:21 <KAT> d-------- C:\Program\YouTube Downloader

2007-11-26 16:41 . 2007-11-26 16:41 3 ---h----- C:\WINDOWS\system32\YT11

2007-11-26 16:40 . 1999-08-27 19:53 184,320 --a------ C:\WINDOWS\system32\ARFrmExt.ocx

2007-11-26 16:40 . 2001-06-26 21:35 131,072 --a------ C:\WINDOWS\system32\ARButton.ocx

2007-11-26 16:40 . 2000-07-15 06:00 118,784 --a------ C:\WINDOWS\system32\MSSTDFMT.DLL

2007-11-26 16:40 . 2001-02-24 00:12 102,400 --a------ C:\WINDOWS\system32\MRActLabel.ocx

2007-11-26 16:40 . 2007-02-15 01:29 81,920 --a------ C:\WINDOWS\system32\GkSui20.EXE

2007-11-26 16:40 . 2001-06-26 21:10 69,632 --a------ C:\WINDOWS\system32\ARFlatButton.ocx

2007-11-24 13:59 . 2007-11-24 14:27 <KAT> d-------- C:\Program\WMR11

2007-11-23 18:39 . 2007-11-23 19:17 <KAT> d-------- C:\Documents and Settings\Gustav Karlsson\Application Data\Bioshock

2007-11-23 18:39 . 2007-11-23 18:39 107,888 --a------ C:\WINDOWS\system32\CmdLineExt.dll

2007-11-21 19:52 . 2007-11-21 19:52 <KAT> d-------- C:\WINDOWS\MetaCreations

2007-11-21 19:46 . 1997-04-08 20:08 299,520 --a------ C:\WINDOWS\uninst.exe

2007-11-18 11:37 . 2007-11-18 12:11 <KAT> d-------- C:\Program\123 Screensaver Maker 3.0

2007-11-16 15:07 . 2007-12-09 21:40 21,676,064 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat

2007-11-16 15:07 . 2007-12-09 21:42 465,440 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat

2007-11-16 15:07 . 2007-12-09 21:40 293,468 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx

2007-11-16 15:07 . 2007-12-07 19:04 82,061 --a------ C:\WINDOWS\system32\drivers\klick.dat

2007-11-16 15:07 . 2007-12-07 19:04 81,549 --a------ C:\WINDOWS\system32\drivers\klin.dat

2007-11-16 15:07 . 2007-12-09 21:40 45,704 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx

2007-11-16 15:06 . 2007-11-16 15:06 <KAT> d-------- C:\kav

2007-11-13 10:27 . 2007-11-13 10:46 <KAT> d-------- C:\Program\Resco

2007-11-13 10:27 . 2005-08-24 16:18 70,656 --a------ C:\WINDOWS\RSetupCE.exe

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2007-12-09 20:42 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab

2007-12-09 20:21 --------- d-----w C:\Documents and Settings\Gustav Karlsson\Application Data\uTorrent

2007-12-09 18:40 --------- d-----w C:\Program\Delade filer\Wise Installation Wizard

2007-12-09 11:47 --------- d-----w C:\Documents and Settings\Gustav Karlsson\Application Data\dvdcss

2007-12-07 17:37 --------- d--h--w C:\Program\InstallShield Installation Information

2007-12-07 17:18 --------- d-----w C:\Program\Delade filer\InstallShield

2007-12-07 15:28 --------- d-----w C:\Program\EasyDVDConverter

2007-12-02 14:50 --------- d-----w C:\Program\Windows Live Safety Center

2007-11-30 16:41 --------- d-----w C:\Program\Windows Live Toolbar

2007-11-30 13:09 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP

2007-11-16 14:07 --------- d-----w C:\Program\Kaspersky Lab

2007-11-07 18:43 --------- d-----w C:\Program\Connective Tools

2007-11-06 16:39 --------- d-----w C:\Program\Dealio

2007-10-23 13:11 --------- d-----w C:\Program\Handbrake

2007-10-23 12:03 --------- d-----w C:\Program\Boilsoft MOV Converter

2007-10-22 18:50 --------- d-----w C:\Documents and Settings\Gustav Karlsson\Application Data\OTVREG

2007-10-21 12:45 --------- d-----w C:\Documents and Settings\Gustav Karlsson\Application Data\TVU Networks

2007-10-18 15:50 --------- d-----w C:\Program\Super DVD Creator 8.0

2007-10-16 15:21 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files

2007-10-16 15:10 --------- d-----w C:\Documents and Settings\All Users\Application Data\fssg

2007-07-24 15:34 47,360 ----a-w C:\Documents and Settings\Gustav Karlsson\Application Data\pcouffin.sys

2007-04-07 13:18 1 ----a-w C:\Documents and Settings\Gustav Karlsson\SI.bin

2006-05-03 09:06 163,328 --sh--r C:\WINDOWS\system32\flvDX.dll

2007-07-24 08:09 10,856 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys

2007-02-21 10:47 31,232 --sh--r C:\WINDOWS\system32\msfDX.dll

2007-06-13 13:23 152,576 --sh--w C:\WINDOWS\system32\tskmngr.exe

.

 

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{598F4775-6FB6-477B-9842-E0426824E077}]

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E14DCE67-8FB7-4721-8149-179BAA4D792C}]

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2006-03-02 13:00]

"MsnMsgr"="C:\Program\MSN Messenger\MsnMsgr.exe" [2007-01-19 11:55]

"Steam"="d:\valve\steam\steam.exe" [2007-11-30 13:31]

"H/PC Connection Agent"="D:\Program\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 14:41]

"DAEMON Tools"="D:\Program\DAEMON Tools\daemon.exe" [2006-11-12 11:48]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"JMB36X Configure"="C:\WINDOWS\system32\JMRaidTool.exe" [2006-06-02 09:45]

"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 09:50]

"NvCplDaemon"="RUNDLL32.exe" [2006-03-02 13:00 C:\WINDOWS\system32\rundll32.exe]

"nwiz"="nwiz.exe" [2007-04-20 05:05 C:\WINDOWS\system32\nwiz.exe]

"SoundMAXPnP"="C:\Program\Analog Devices\Core\smax4pnp.exe" [2006-05-01 11:07]

"SoundMAX"="C:\Program\Analog Devices\SoundMAX\Smax4.exe" [2006-04-10 08:19]

"cctray"="D:\Program\CA\CA Internet Security Suite\cctray\cctray.exe" [2007-03-13 13:58]

"NvMediaCenter"="RUNDLL32.exe" [2006-03-02 13:00 C:\WINDOWS\system32\rundll32.exe]

"Adobe Photo Downloader"="C:\Program\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 10:09]

"Adobe Reader Speed Launcher"="C:\Program\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51]

"iTunesHelper"="D:\Program\iTunes\iTunesHelper.exe" [2007-06-28 08:14]

"QuickTime Task"="C:\Program\QuickTime\QTTask.exe" [2007-06-29 05:24]

"TkBellExe"="C:\Program\Delade filer\Real\Update_OB\realsched.exe" [2007-08-15 11:07]

"AVP"="C:\Program\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" [2007-06-28 12:51]

"win32 security updates downloader"="tskmngr.exe" [2007-06-13 14:23 C:\WINDOWS\system32\tskmngr.exe]

"UnlockerAssistant"="C:\Program\Unlocker\UnlockerAssistant.exe" [2006-09-07 18:19]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

"win32 security updates downloader"="tskmngr.exe" [2007-06-13 14:23 C:\WINDOWS\system32\tskmngr.exe]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2006-03-02 13:00]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=C:\Program\KASPER~1\KASPER~1.0\adialhk.dll

 

R0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a);C:\WINDOWS\system32\drivers\sfdrv01a.sys

R1 oreans32;oreans32;\??\C:\WINDOWS\system32\drivers\oreans32.sys

R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys

S3 PPCtlPriv;PPCtlPriv;"D:\Program\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe"

S3 Razerlow;Razer Copperhead Driver;C:\WINDOWS\system32\Drivers\Razerlow.sys

S3 uisp;Freescale USB JW32 driver;C:\WINDOWS\system32\Drivers\usbicp.sys

 

 

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{878E8032-B97A-5919-3505-9BEFF0793AB0}]

C:\WINDOWS:msnmsgrrr.exe

.

Contents of the 'Scheduled Tasks' folder

"2007-09-19 10:12:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"

- C:\Program\Apple Software Update\SoftwareUpdate.exe

"2007-12-09 20:47:02 C:\WINDOWS\Tasks\Kontrollera uppdateringar för Windows Live Toolbar.job"

.

--------------------- DLLs Loaded Under Running Processes ---------------------

 

PROCESS: C:\WINDOWS\Explorer.EXE [6.00.2900.3156]

-> C:\Program\Unlocker\UnlockerHook.dll

.

**************************************************************************

 

catchme 0.3.1331 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2007-12-09 21:42:29

Windows 5.1.2600 Service Pack 2 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

.

Completion time: 2007-12-09 21:47:20 - machine was rebooted

.

--- E O F ---[/log]

 

Och här kommer HijackThis

 

[log]Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 16:50:22, on 2007-12-10

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program\Delade filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\Program\Analog Devices\Core\smax4pnp.exe

C:\Program\Analog Devices\SoundMAX\Smax4.exe

D:\Program\CA\CA Internet Security Suite\cctray\cctray.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Program\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe

D:\Program\iTunes\iTunesHelper.exe

C:\Program\QuickTime\QTTask.exe

C:\Program\Delade filer\Real\Update_OB\realsched.exe

C:\Program\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe

C:\Program\Unlocker\UnlockerAssistant.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program\MSN Messenger\MsnMsgr.Exe

D:\valve\steam\steam.exe

D:\Program\Microsoft ActiveSync\wcescomm.exe

D:\Program\DAEMON Tools\daemon.exe

C:\WINDOWS\system32\wuauclt.exe

D:\Program\MICROS~1\rapimgr.exe

C:\WINDOWS\system32\tskmngr.exe

C:\Program\iPod\bin\iPodService.exe

C:\Program\Trend Micro\HijackThis\HijackThis.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\WINDOWS\system32\wuauclt.exe

C:\Program\Crawler\Toolbar\CToolbar.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.se/

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.se/0SESVSE/SAOS01?FORM=TOOLBR

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Delade filer\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\Program\Crawler\Toolbar\ctbr.dll

O2 - BHO: (no name) - {598F4775-6FB6-477B-9842-E0426824E077} - (no file)

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program\Java\jre1.6.0_01\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program\Delade filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program\Windows Live Toolbar\msntb.dll

O2 - BHO: (no name) - {E14DCE67-8FB7-4721-8149-179BAA4D792C} - (no file)

O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program\Windows Live Toolbar\msntb.dll

O3 - Toolbar: &Crawler Toolbar - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\Program\Crawler\Toolbar\ctbr.dll

O4 - HKLM\..\Run: [JMB36X Configure] C:\WINDOWS\system32\JMRaidTool.exe boot

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [soundMAXPnP] C:\Program\Analog Devices\Core\smax4pnp.exe

O4 - HKLM\..\Run: [soundMAX] "C:\Program\Analog Devices\SoundMAX\Smax4.exe" /tray

O4 - HKLM\..\Run: [cctray] "D:\Program\CA\CA Internet Security Suite\cctray\cctray.exe"

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [iTunesHelper] "D:\Program\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [TkBellExe] "C:\Program\Delade filer\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [AVP] "C:\Program\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"

O4 - HKLM\..\Run: [win32 security updates downloader] tskmngr.exe

O4 - HKLM\..\Run: [unlockerAssistant] "C:\Program\Unlocker\UnlockerAssistant.exe"

O4 - HKLM\..\RunServices: [win32 security updates downloader] tskmngr.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [steam] "d:\valve\steam\steam.exe" -silent

O4 - HKCU\..\Run: [H/PC Connection Agent] "D:\Program\Microsoft ActiveSync\wcescomm.exe"

O4 - HKCU\..\Run: [DAEMON Tools] "D:\Program\DAEMON Tools\daemon.exe" -lang 1033

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJÄNST')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Startup: Adobe Gamma.lnk = C:\Program\Delade filer\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Startup: Registration .LNK = D:\Valve\Steam\SteamApps\NiForInteVeta\Dark Messiah of Might and Magic\RegistrationReminder.exe

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program\Delade filer\Adobe\Calibration\Adobe Gamma Loader.exe

O8 - Extra context menu item: &Windows Live Search - res://C:\Program\Windows Live Toolbar\msntb.dll/search.htm

O8 - Extra context menu item: Add to Anti-Banner - C:\Program\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm

O8 - Extra context menu item: Crawler Search - tbr:iemenu

O8 - Extra context menu item: E&xportera till Microsoft Excel - res://D:\Program\MICROS~2\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Öppna på ny flik i bakgrunden - res://C:\Program\Windows Live Toolbar\Components\sv-se\msntabres.dll.mui/229?39a911e3a526465faff1d5047ede6ec5

O8 - Extra context menu item: Öppna på ny flik i förgrunden - res://C:\Program\Windows Live Toolbar\Components\sv-se\msntabres.dll.mui/230?39a911e3a526465faff1d5047ede6ec5

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll

O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - D:\Program\MICROS~1\INetRepl.dll

O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - D:\Program\MICROS~1\INetRepl.dll

O9 - Extra 'Tools' menuitem: Skapa mobilfavorit ... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - D:\Program\MICROS~1\INetRepl.dll

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe

O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe

O9 - Extra button: Referensinformation - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\Program\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab

O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab

O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase4009.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\Program\Crawler\Toolbar\ctbr.dll

O20 - AppInit_DLLs: C:\Program\KASPER~1\KASPER~1.0\adialhk.dll

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program\Delade filer\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program\Delade filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Program\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe

O23 - Service: CaCCProvSP - CA, Inc. - D:\Program\CA\CA Internet Security Suite\ccprovsp.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program\iPod\bin\iPodService.exe

O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - Unknown owner - C:\Program\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe (file missing)

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: PPCtlPriv - Unknown owner - D:\Program\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe (file missing)

 

--

End of file - 9639 bytes[/log]

 

Vill nån försöka hjälpa mej

 

[inlägget ändrat 2007-12-10 17:06:01 av Golzmo]

[Zipp.]

[log]Avinstallera via Kontrolpanelen om hittas = Crawler Toolbar

 

Scanna med Hijack bocka i följande rader stäng Web-läsaren och klicka Fix checked

 

O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\Program\Crawler\Toolbar\ctbr.dll

O2 - BHO: (no name) - {598F4775-6FB6-477B-9842-E0426824E077} - (no file)

O2 - BHO: (no name) - {E14DCE67-8FB7-4721-8149-179BAA4D792C} - (no file)

O3 - Toolbar: &Crawler Toolbar - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\Program\Crawler\Toolbar\ctbr.dll

O4 - HKLM\..\Run: [win32 security updates downloader] tskmngr.exe

O4 - HKLM\..\RunServices: [win32 security updates downloader] tskmngr.exe

O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\Program\Crawler\Toolbar\ctbr.dll

 

 

starta sen i felsäkert läge och ta bort

 

C:\Program\Crawler

C:\WINDOWS\system32\tskmngr.exe

 

starta sen normalt och ny Hijack log[/log]

 

[inlägget ändrat 2007-12-10 17:20:04 av Zipp.]

[--GK--]

Testade "Msn Fix" och det hittade på 3st virus, tog bort dom. Och nu verkar det funka .. Om INTE så återkommer jag =D

 

[--GK--]

Nepp, det funkade inte så länge efter inlägget. Så nu kommer det en ny logg snart