Just nu i M3-nätverket
Jump to content

Hjälp - har virus men vet inte vad??


ballahallon

Recommended Posts

Hej.

Jag har fått nåt skit i burken som jag inte blir av med.

Har fått bort ISHOST, tror jag, men något annat är kvar.

Kan någon hjälpa mig?

HiJackThis loggfil:

 

[log]Logfile of HijackThis v1.99.1

Scan saved at 14:15:39, on 2006-12-03

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.5730.0011)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program\Intel\Wireless\Bin\EvtEng.exe

C:\Program\Intel\Wireless\Bin\S24EvMon.exe

C:\Program\Intel\Wireless\Bin\ZcfgSvc.exe

C:\Program\Intel\Wireless\Bin\WLKeeper.exe

C:\WINDOWS\Explorer.EXE

C:\Program\Delade filer\Symantec Shared\ccSetMgr.exe

C:\Program\Delade filer\Symantec Shared\SNDSrvc.exe

C:\Program\Intel\Wireless\Bin\1XConfig.exe

C:\Program\Delade filer\Symantec Shared\SPBBC\SPBBCSvc.exe

C:\Program\Delade filer\Symantec Shared\ccEvtMgr.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program\Symantec\LiveUpdate\ALUSchedulerSvc.exe

C:\Program\Cisco Systems\VPN Client\cvpnd.exe

C:\Program\Network Associates\Common Framework\FrameworkService.exe

C:\Program\Norton AntiVirus\navapsvc.exe

C:\Program\Dell\NICCONFIGSVC\NICCONFIGSVC.exe

C:\Program\Norton AntiVirus\IWP\NPFMntor.exe

C:\Program\Intel\Wireless\Bin\RegSrvc.exe

C:\WINDOWS\system32\svchost.exe

C:\Program\Delade filer\Symantec Shared\CCPD-LC\symlcsvc.exe

C:\Program\Delade filer\Symantec Shared\Security Center\SymWSC.exe

C:\Program\Apoint\Apoint.exe

C:\WINDOWS\system32\hkcmd.exe

C:\Program\Apoint\Apntex.exe

C:\WINDOWS\system32\igfxpers.exe

C:\WINDOWS\system32\igfxsrvc.exe

C:\Program\Java\jre1.5.0_09\bin\jusched.exe

C:\Program\Intel\Wireless\Bin\ifrmewrk.exe

C:\WINDOWS\system32\dla\tfswctrl.exe

C:\Program\Adobe\Acrobat 7.0\Distillr\Acrotray.exe

C:\Program\Delade filer\Symantec Shared\ccApp.exe

C:\Program\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe

C:\Program\Delade filer\PCSuite\DataLayer\DataLayer.exe

C:\Program\Nokia\Nokia PC Suite 6\LaunchApplication.exe

C:\Program\iTunes\iTunesHelper.exe

C:\Program\DELADE~1\PCSuite\Services\SERVIC~1.EXE

C:\Program\Zone Labs\ZoneAlarm\zlclient.exe

C:\Program\iPod\bin\iPodService.exe

C:\Program\Network Associates\Common Framework\UpdaterUI.exe

C:\Program\MSN Messenger\MsnMsgr.Exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\?ystem\w?auboot.exe

C:\WINDOWS\system32\ZoneLabs\vsmon.exe

C:\Program\Digital Line Detect\DLG.exe

C:\Program\Personal\bin\Personal.exe

C:\WINDOWS\twain_32\ca561a\SnapDetect.exe

C:\Program\Messenger\msmsgs.exe

C:\Documents and Settings\Hans Ericson\Skrivbord\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - URLSearchHook: (no name) - {B255942F-29E0-0545-CBD9-5450A3FF29C2} - C:\WINDOWS\system32\pvckxwx.dll

R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: &VSAdd-in - {74DD705D-6834-439C-A735-A6DBE2677452} - C:\Program\VSAdd-in\VSAdd-in.dll

O4 - HKLM\..\Run: [Apoint] C:\Program\Apoint\Apoint.exe

O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program\Java\jre1.5.0_09\bin\jusched.exe"

O4 - HKLM\..\Run: [intelWireless] C:\Program\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless

O4 - HKLM\..\Run: [iSUSPM Startup] C:\Program\DELADE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe

O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"

O4 - HKLM\..\Run: [ccApp] "C:\Program\Delade filer\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [symantec NetDriver Monitor] C:\Program\SYMNET~1\SNDMon.exe /Consumer

O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"

O4 - HKLM\..\Run: [DataLayer] C:\Program\Delade filer\PCSuite\DataLayer\DataLayer.exe

O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program\Nokia\Nokia PC Suite 6\LaunchApplication.exe -onlytray

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg

O4 - HKLM\..\Run: [sony Ericsson PC Suite] "C:\Program\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program\Zone Labs\ZoneAlarm\zlclient.exe"

O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [orwk] C:\Program\DELADE~1\orwk\orwkm.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [Rsmgr] C:\WINDOWS\?ystem\w?auboot.exe

O4 - Global Startup: Cisco Systems VPN Client.lnk = C:\Program\Cisco Systems\VPN Client\vpngui.exe

O4 - Global Startup: Digital Line Detect.lnk = ?

O4 - Global Startup: Microsoft Office.lnk = C:\Program\Microsoft Office\Office10\OSA.EXE

O4 - Global Startup: Personal.lnk = C:\Program\Personal\bin\Personal.exe

O4 - Global Startup: SnapDetect.lnk = C:\WINDOWS\twain_32\ca561a\SnapDetect.exe

O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert to existing PDF - res://C:\Program\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~3\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_09\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_09\bin\ssv.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O11 - Options group: [iNTERNATIONAL] International*

O15 - Trusted Zone: http://www.tv4-anytime.se

O15 - Trusted Zone: http://www.tv4.se

O15 - Trusted Zone: *.www.sr.se

O16 - DPF: {1538D4E0-B2C4-402D-B71A-BA6A04BC7A5D} (PictureChooser.picChooser) - http://direct.fotomenyn.com/direct/PictureChooser.cab

O16 - DPF: {274967E8-7BE3-4195-B719-CFE8878B2E39} (FotolaboUploader Control) - http://web1.ifi.fi/WebUpload/ActiveX/FotolaboUploader.cab

O16 - DPF: {2EF3FB47-7B1E-4536-BA4D-51427BD45DFA} (PIXACO Drag and Drop upload plugin) - http://www.pixaco.se/static/download/pixacodndupload.cab

O16 - DPF: {402EE96E-2CE8-482D-ADA5-CECEEA07E16D} (TurnTool Scene) - http://www.turntool.com/ViewerInstall.exe

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1132998710140

O16 - DPF: {9478041E-CAEC-44A5-8271-B56799715926} (ColorApplication Control) - http://clients.theshining.se/colorapp/ColorAppOnline.cab

O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.0 Control) - http://korthuset.seavus.com/ImageUploader3.cab

O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{577DE96D-4547-4A48-867A-6D0FED054908}: NameServer = 81.216.65.11,81.216.65.12

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program\MSNMES~1\MSGRAP~1.DLL

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: Adobe LM Service - Unknown owner - C:\Program\Delade filer\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program\Symantec\LiveUpdate\ALUSchedulerSvc.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccPwdSvc.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccSetMgr.exe

O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program\Cisco Systems\VPN Client\cvpnd.exe

O23 - Service: EvtEng - Intel Corporation - C:\Program\Intel\Wireless\Bin\EvtEng.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program\Delade filer\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPodService - Apple Computer, Inc. - C:\Program\iPod\bin\iPodService.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\Program\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program\Delade filer\Macromedia Shared\Service\Macromedia Licensing.exe

O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program\Network Associates\Common Framework\FrameworkService.exe

O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program\Norton AntiVirus\navapsvc.exe

O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program\Dell\NICCONFIGSVC\NICCONFIGSVC.exe

O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program\Norton AntiVirus\IWP\NPFMntor.exe

O23 - Service: RegSrvc - Intel Corporation - C:\Program\Intel\Wireless\Bin\RegSrvc.exe

O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program\Intel\Wireless\Bin\S24EvMon.exe

O23 - Service: SAVScan - Symantec Corporation - C:\Program\Norton AntiVirus\SAVScan.exe

O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\Program\DELADE~1\SYMANT~1\SCRIPT~1\SBServ.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\SNDSrvc.exe

O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\SPBBC\SPBBCSvc.exe

O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\CCPD-LC\symlcsvc.exe

O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\Security Center\SymWSC.exe

O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program\Intel\Wireless\Bin\WLKeeper.exe

 

[/log]

 

[inlägget ändrat 2006-12-03 16:31:59 av ballahallon]

Link to comment
Share on other sites

Kontrollpanelen - Lägg till eller ta bort program

Ta bort VSAdd-in eller liknande om den finns där

 

HijackThis ska ligga i sin egen mapp så att dess säkerhetskopior inte kommer bort. Installera denna variant av HijackThis:

http://www.thespykiller.co.uk/files/HJTsetup.exe

och ta bort den gamla filen.

 

Bland annat finns det spionprogrammet PurityScan i loggen. Vi börjar med att åtgärda den.

 

Ladda ner http://www.mvps.org/winhelp2002/hosts.zip till Skrivbordet.

Packa upp filen. En ny mapp Hosts skapas på Skrivbordet.

Dubbelklicka på mappen för att öppna den.

Dubbelklicka på filen mvps.bat för att starta programmet.

Detta program kommer att byta ut datorns Hosts-fil så att PurityScan-otrevligheten förhindras komma i kontakt med sin skapare. Det kommer också förhindra att du kan besöka sidor som är ökända för att installera otrevligheter på datorn. Du kan läsa mer om det här:

http://www.mvps.org/winhelp2002/hosts.htm

 

Kontrollpanelen - Lägg till eller ta bort program

Om något av följande finns i listan så ta bort:

Oin

Yazzle by Oin

Purityscan by Oin

Snowballwars by Oin

eller något liknande med Oin eller Outerinfo i sig.

Zolero

Tizzletalk

MediaTickets

Cowabanga

 

Ladda ner och kör avinstallationsprogrammet

http://www.outerinfo.com/OiUninstaller.exe

Om du behöver anvisningar så finns de här: http://www.outerinfo.com/howto.html

 

Starta om datorn.

 

Ladda ner ComboFix:

http://download.bleepingcomputer.com/sUBs/combofix.exe

 

Kör den och följ anvisningarna som visas.

 

VIKTIGT! Klicka inte på Combofix-fönstret med musen när den körs annars kan den hänga upp sig.

 

När den är färdig så ska en logg komma upp, klistra in den här, samt en ny HijackThis-logg.

 

Link to comment
Share on other sites

Tack för tipsen.

Här är loggarna, hur ser det ut?

[log]Hans Ericson - 06-12-03 20:13:19,26 Service Pack 2

ComboFix 06.11.27W - Running from: "C:\Documents and Settings\Hans Ericson\Skrivbord"

 

((((((((((((((((((((((((((((((((((((((((((((( Look2Me's Log ))))))))))))))))))))))))))))))))))))))))))))))))))

 

REGISTRY ENTRIES REMOVED:

 

[HKEY_CLASSES_ROOT\clsid\{A8939F87-DDEC-401B-8DAE-048615C762B3}]

@=""

"IDEx"="ADDR"

 

[HKEY_CLASSES_ROOT\clsid\{A8939F87-DDEC-401B-8DAE-048615C762B3}\Implemented Categories]

@=""

 

[HKEY_CLASSES_ROOT\clsid\{A8939F87-DDEC-401B-8DAE-048615C762B3}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]

@=""

 

[HKEY_CLASSES_ROOT\clsid\{A8939F87-DDEC-401B-8DAE-048615C762B3}\InprocServer32]

@="C:\\WINDOWS\\system32\\dcsrslvr.dll"

"ThreadingModel"="Apartment"

 

[HKEY_CLASSES_ROOT\clsid\{3E71BD34-9D58-4CDD-AF4F-889F1099B9E0}]

@=""

 

[HKEY_CLASSES_ROOT\clsid\{3E71BD34-9D58-4CDD-AF4F-889F1099B9E0}\Implemented Categories]

@=""

 

[HKEY_CLASSES_ROOT\clsid\{3E71BD34-9D58-4CDD-AF4F-889F1099B9E0}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]

@=""

 

[HKEY_CLASSES_ROOT\clsid\{3E71BD34-9D58-4CDD-AF4F-889F1099B9E0}\InprocServer32]

@="C:\\WINDOWS\\system32\\guard.tmp"

"ThreadingModel"="Apartment"

 

* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *

 

 

Granting sedebugprivilege to Administratörer ... successful

 

 

(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

 

 

C:\Program\Inetget2

C:\WINDOWS\system32\components

 

~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ Purity ~ ~ ~ ~ ~ ~ ~ ~~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~

 

Folders Quarantined:

 

C:\QooBox\Purity\WINDOWS\PPATCH~1

C:\QooBox\Purity\WINDOWS\YSTEM~1

C:\QooBox\Purity\WINDOWS\system32\APPATC~1

C:\QooBox\Purity\WINDOWS\system32\APPATC~1\A?pPatch

C:\QooBox\Purity\WINDOWS\system32\APPATC~1\svchost.exe

 

 

((((((((((((((((((((((((((((((( Files Created from 2006-11-03 to 2006-12-03 ))))))))))))))))))))))))))))))))))

 

 

2006-12-03 19:54 <KAT> d-------- C:\Program\Hijackthis

2006-12-01 20:45 4,456 --a------ C:\WINDOWS\system32\tmp.reg

2006-11-29 15:18 <KAT> d-------- C:\Program\XoftSpySE

2006-11-28 18:31 <KAT> d-------- C:\Documents and Settings\Hans Ericson\Application Data\SearchToolbarCorp

2006-11-28 18:28 88,340 --a------ C:\WINDOWS\system32\yrijqchc.exe

2006-11-28 18:28 631,947 ---hs---- C:\WINDOWS\system32\ayadd.bak2

2006-11-28 18:28 42,516 --a------ C:\WINDOWS\system32\twvxrnrp.dll

2006-11-27 21:21 <KAT> d--hs---- C:\Config.Msi

2006-11-27 14:19 585,360 ---hs---- C:\WINDOWS\system32\ayadd.bak1

2006-11-27 14:10 708,660 ---hs---- C:\WINDOWS\system32\ddaya.dll

2006-11-27 14:03 40,973 ---hs---- C:\WINDOWS\system32\xxywvsp.dll

2006-11-26 14:57 <KAT> d-------- C:\quarantine

2006-11-26 14:23 <KAT> d-------- C:\Program\Delade filer\Cisco Systems

2006-11-26 14:20 <KAT> d-------- C:\Documents and Settings\All Users\Application Data\Network Associates

2006-11-26 14:18 <KAT> d-------- C:\Program\Network Associates

2006-11-26 11:48 53,248 --a------ C:\WINDOWS\system32\Process.exe

2006-11-26 11:48 40,960 --a------ C:\WINDOWS\system32\swsc.exe

2006-11-26 11:48 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe

2006-11-26 11:48 135,168 --a------ C:\WINDOWS\system32\swreg.exe

2006-11-26 10:18 40,973 ---hs---- C:\WINDOWS\system32\urqpmno.dll

2006-11-25 18:49 71,168 --a------ C:\WINDOWS\system32\drvsot.dll

2006-11-25 18:38 78,488 --a------ C:\WINDOWS\system32\XMD5.dll

2006-11-25 18:38 101,888 --a------ C:\WINDOWS\system32\vb6stkit.dll

2006-11-25 18:38 <KAT> d-------- C:\Program\SpywareBot

2006-11-25 18:26 586,741 ---hs---- C:\WINDOWS\system32\ppqss.bak2

2006-11-24 20:43 586,304 ---hs---- C:\WINDOWS\system32\ppqss.ini2

2006-11-24 17:36 585,400 ---hs---- C:\WINDOWS\system32\ppqss.bak1

2006-11-23 20:49 <KAT> d-------- C:\WINDOWS\Prefetch

2006-11-23 19:19 <KAT> d-------- C:\WINDOWS\system32\ZoneLabs

2006-11-23 19:19 <KAT> d-------- C:\Program\Zone Labs

2006-11-23 18:14 585,974 ---hs---- C:\WINDOWS\system32\stvwa.bak1

2006-11-23 18:14 38,420 --a------ C:\WINDOWS\system32\kmiwfymc.dll

2006-11-22 22:09 17,408 --------- C:\WINDOWS\system32\winkve32.dll

2006-11-22 21:09 <KAT> d-------- C:\Program\QuickTime

2006-11-22 21:08 <KAT> d-------- C:\Program\Apple Software Update

2006-11-14 22:22 <KAT> d-------- C:\Program\TPTEST5

2006-11-12 11:56 <KAT> d-------- C:\Documents and Settings\Hans Ericson\Local Settings

2006-11-12 11:56 <KAT> d-------- C:\Documents and Settings\Hans Ericson\Application Data\Google

2006-11-04 14:14 1,245,696 --a------ C:\WINDOWS\system32\msxml4.dll

 

 

(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

 

 

2006-12-03 20:04 -------- d-------- C:\Program\Delade filer

2006-12-03 19:58 -------- d-------- C:\Program\PeerGuardian2

2006-12-03 15:59 -------- d-------- C:\Program\FlashFXP

2006-11-30 22:15 -------- d-------- C:\Documents and Settings\Hans Ericson\Application Data\Adobe

2006-11-28 21:07 -------- d-------- C:\Program\Outlook Express

2006-11-24 19:08 -------- d-------- C:\Program\PestPatrol

2006-11-22 21:51 -------- d-------- C:\Program\Xilisoft

2006-11-22 12:29 -------- d-------- C:\Program\Winamp

2006-11-15 22:51 -------- d-------- C:\Program\Delade filer\Symantec Shared

2006-11-14 21:27 -------- d-------- C:\Program\Java

2006-11-12 11:55 -------- d--h----- C:\Program\InstallShield Installation Information

2006-11-12 11:55 -------- d-------- C:\Program\Google

2006-11-01 09:36 -------- d-------- C:\Program\Delade filer\Real

2006-11-01 09:36 -------- d-------- C:\Documents and Settings\Hans Ericson\Application Data\Real

2006-10-28 18:16 -------- d-------- C:\Program\Windows Journal Viewer

2006-10-25 21:30 8704 --a------ C:\WINDOWS\system32\drivers\ggsemc.sys

2006-10-25 21:27 -------- d--h----- C:\Program\Zero G Registry

2006-10-25 21:27 -------- d-------- C:\Program\Sony Ericsson

2006-10-25 20:49 -------- d-------- C:\Program\Disc2Phone

2006-10-25 17:30 -------- d-------- C:\Documents and Settings\Hans Ericson\Application Data\Teleca

2006-10-25 17:15 -------- d-------- C:\Program\Delade filer\Teleca Shared

2006-10-25 17:04 6176 --a------ C:\WINDOWS\system32\drivers\w810cm.sys

2006-10-25 17:04 5808 --a------ C:\WINDOWS\system32\drivers\w810wh.sys

2006-10-22 10:18 -------- d-------- C:\Program\Internet Explorer

2006-10-17 12:33 6049280 --------- C:\WINDOWS\system32\ieframe.dll

2006-10-17 12:33 50688 --------- C:\WINDOWS\system32\msfeedsbs.dll

2006-10-17 12:33 458752 --------- C:\WINDOWS\system32\msfeeds.dll

2006-10-17 12:33 413696 --a------ C:\WINDOWS\system32\vbscript.dll

2006-10-17 12:33 231424 --a------ C:\WINDOWS\system32\webcheck.dll

2006-10-17 12:33 180736 --------- C:\WINDOWS\system32\ieui.dll

2006-10-17 12:33 156160 --a------ C:\WINDOWS\system32\msls31.dll

2006-10-17 12:06 78336 --a------ C:\WINDOWS\system32\ieencode.dll

2006-10-17 12:05 40960 --a------ C:\WINDOWS\system32\licmgr10.dll

2006-10-17 12:05 206336 --------- C:\WINDOWS\system32\WinFXDocObj.exe

2006-10-17 12:05 105984 --a------ C:\WINDOWS\system32\url.dll

2006-10-17 12:04 101376 --a------ C:\WINDOWS\system32\occache.dll

2006-10-17 12:03 17408 --a------ C:\WINDOWS\system32\corpol.dll

2006-10-17 12:01 71680 --a------ C:\WINDOWS\system32\admparse.dll

2006-10-17 12:01 55296 --a------ C:\WINDOWS\system32\iesetup.dll

2006-10-17 12:01 382976 --a------ C:\WINDOWS\system32\iedkcs32.dll

2006-10-17 12:01 229376 --a------ C:\WINDOWS\system32\ieaksie.dll

2006-10-17 12:01 152064 --a------ C:\WINDOWS\system32\ieakeng.dll

2006-10-17 12:01 13312 --a------ C:\WINDOWS\system32\ieudinit.exe

2006-10-17 12:00 54784 --a------ C:\WINDOWS\system32\ie4uinit.exe

2006-10-17 12:00 43008 --a------ C:\WINDOWS\system32\iernonce.dll

2006-10-17 12:00 123904 --a------ C:\WINDOWS\system32\advpack.dll

2006-10-17 11:58 61952 --------- C:\WINDOWS\system32\icardie.dll

2006-10-17 11:58 12288 --------- C:\WINDOWS\system32\msfeedssync.exe

2006-10-17 11:57 36352 --a------ C:\WINDOWS\system32\imgutil.dll

2006-10-17 11:57 266752 --------- C:\WINDOWS\system32\iertutil.dll

2006-10-17 11:56 45568 --a------ C:\WINDOWS\system32\mshta.exe

2006-10-17 11:28 48128 --a------ C:\WINDOWS\system32\mshtmler.dll

2006-10-17 11:27 380928 --------- C:\WINDOWS\system32\ieapfltr.dll

2006-10-17 11:23 161792 --a------ C:\WINDOWS\system32\ieakui.dll

2006-10-14 16:52 -------- d-------- C:\Program\MSXML 4.0

2006-10-13 13:41 141824 --a------ C:\WINDOWS\system32\nwprovau.dll

2006-10-10 19:18 -------- d-------- C:\Documents and Settings\Hans Ericson\Application Data\uTorrent

2006-10-08 21:16 -------- d-------- C:\Documents and Settings\Hans Ericson\Application Data\Skype

2006-10-05 17:38 -------- d-------- C:\Program\Messenger

2006-10-05 06:16 -------- d-------- C:\Program\Symantec

2006-09-15 21:52 91904 --a------ C:\WINDOWS\system32\S32EVNT1.DLL

2006-09-13 06:07 1084416 --a------ C:\WINDOWS\system32\msxml3.dll

2006-09-06 16:43 22752 --a------ C:\WINDOWS\system32\spupdsvc.exe

 

 

(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

 

*Note* empty entries are not shown

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]

"MsnMsgr"="\"C:\\Program\\MSN Messenger\\MsnMsgr.Exe\" /background"

"orwk"="C:\\Program\\DELADE~1\\orwk\\orwkm.exe"

"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]

"Apoint"="C:\\Program\\Apoint\\Apoint.exe"

"igfxtray"="C:\\WINDOWS\\system32\\igfxtray.exe"

"igfxhkcmd"="C:\\WINDOWS\\system32\\hkcmd.exe"

"igfxpers"="C:\\WINDOWS\\system32\\igfxpers.exe"

"SunJavaUpdateSched"="\"C:\\Program\\Java\\jre1.5.0_09\\bin\\jusched.exe\""

"IntelWireless"="C:\\Program\\Intel\\Wireless\\Bin\\ifrmewrk.exe /tf Intel PROSet/Wireless"

"ISUSPM Startup"="C:\\Program\\DELADE~1\\INSTAL~1\\UPDATE~1\\ISUSPM.exe -startup"

"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"

"dla"="C:\\WINDOWS\\system32\\dla\\tfswctrl.exe"

"Acrobat Assistant 7.0"="\"C:\\Program\\Adobe\\Acrobat 7.0\\Distillr\\Acrotray.exe\""

"ccApp"="\"C:\\Program\\Delade filer\\Symantec Shared\\ccApp.exe\""

"Symantec NetDriver Monitor"="C:\\Program\\SYMNET~1\\SNDMon.exe /Consumer"

"Adobe Photo Downloader"="\"C:\\Program\\Adobe\\Photoshop Album Starter Edition\\3.0\\Apps\\apdproxy.exe\""

"DataLayer"="C:\\Program\\Delade filer\\PCSuite\\DataLayer\\DataLayer.exe"

"PCSuiteTrayApplication"="C:\\Program\\Nokia\\Nokia PC Suite 6\\LaunchApplication.exe -onlytray"

"iTunesHelper"="\"C:\\Program\\iTunes\\iTunesHelper.exe\""

"PinnacleDriverCheck"="C:\\WINDOWS\\system32\\PSDrvCheck.exe -CheckReg"

"Sony Ericsson PC Suite"="\"C:\\Program\\Sony Ericsson\\Mobile2\\Application Launcher\\Application Launcher.exe\" /startoptions"

"QuickTime Task"="\"C:\\Program\\QuickTime\\qttask.exe\" -atboottime"

"Zone Labs Client"="\"C:\\Program\\Zone Labs\\ZoneAlarm\\zlclient.exe\""

"McAfeeUpdaterUI"="\"C:\\Program\\Network Associates\\Common Framework\\UpdaterUI.exe\" /StartedFromRunKey"

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]

"Installed"="1"

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]

"Installed"="1"

"NoChange"="1"

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]

"Installed"="1"

 

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]

"DeskHtmlVersion"=dword:00000110

"DeskHtmlMinorVersion"=dword:00000005

"Settings"=dword:00000001

"GeneralFlags"=dword:00000000

 

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]

"CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"

 

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]

"CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]

"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"

"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]

"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"NoDriveTypeAutoRun"=dword:00000091

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"dontdisplaylastusername"=dword:00000000

"legalnoticecaption"=""

"legalnoticetext"=""

"shutdownwithoutlogon"=dword:00000001

"undockwithoutlogon"=dword:00000001

 

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]

"NoDriveTypeAutoRun"=dword:00000091

 

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]

"NoDriveTypeAutoRun"=dword:00000091

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]

"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"

"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"

"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"

"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"

"WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"

 

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ddaya

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winkve32

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]

"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

 

 

Contents of the 'Scheduled Tasks' folder

C:\WINDOWS\tasks\AppleSoftwareUpdate.job

C:\WINDOWS\tasks\Norton AntiVirus - Scan my computer - Hans Ericson.job

C:\WINDOWS\tasks\Symantec NetDetect.job

C:\WINDOWS\tasks\XoftSpySE.job

 

Completion time: 06-12-03 20:21:45.31

C:\ComboFix.txt ... 06-12-03 20:21

[/log]

 

[log]Logfile of HijackThis v1.99.1

Scan saved at 20:29:27, on 2006-12-03

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.5730.0011)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program\Intel\Wireless\Bin\EvtEng.exe

C:\Program\Intel\Wireless\Bin\S24EvMon.exe

C:\Program\Intel\Wireless\Bin\WLKeeper.exe

C:\Program\Intel\Wireless\Bin\ZcfgSvc.exe

C:\WINDOWS\Explorer.EXE

C:\Program\Intel\Wireless\Bin\1XConfig.exe

C:\Program\Delade filer\Symantec Shared\ccSetMgr.exe

C:\Program\Delade filer\Symantec Shared\SNDSrvc.exe

C:\Program\Delade filer\Symantec Shared\SPBBC\SPBBCSvc.exe

C:\Program\Delade filer\Symantec Shared\ccEvtMgr.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program\Symantec\LiveUpdate\ALUSchedulerSvc.exe

C:\Program\Cisco Systems\VPN Client\cvpnd.exe

C:\Program\Network Associates\Common Framework\FrameworkService.exe

C:\Program\Norton AntiVirus\navapsvc.exe

C:\Program\Dell\NICCONFIGSVC\NICCONFIGSVC.exe

C:\Program\Norton AntiVirus\IWP\NPFMntor.exe

C:\Program\Intel\Wireless\Bin\RegSrvc.exe

C:\WINDOWS\system32\svchost.exe

C:\Program\Delade filer\Symantec Shared\CCPD-LC\symlcsvc.exe

C:\Program\Delade filer\Symantec Shared\Security Center\SymWSC.exe

C:\Program\Apoint\Apoint.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\Program\Apoint\Apntex.exe

C:\Program\Java\jre1.5.0_09\bin\jusched.exe

C:\WINDOWS\system32\igfxsrvc.exe

C:\Program\Intel\Wireless\Bin\ifrmewrk.exe

C:\WINDOWS\system32\dla\tfswctrl.exe

C:\Program\Adobe\Acrobat 7.0\Distillr\Acrotray.exe

C:\Program\Delade filer\Symantec Shared\ccApp.exe

C:\Program\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe

C:\Program\Delade filer\PCSuite\DataLayer\DataLayer.exe

C:\Program\Nokia\Nokia PC Suite 6\LaunchApplication.exe

C:\Program\iTunes\iTunesHelper.exe

C:\Program\iPod\bin\iPodService.exe

C:\Program\DELADE~1\PCSuite\Services\SERVIC~1.EXE

C:\Program\Zone Labs\ZoneAlarm\zlclient.exe

C:\Program\Network Associates\Common Framework\UpdaterUI.exe

C:\Program\Delade filer\Teleca Shared\CapabilityManager.exe

C:\Program\MSN Messenger\MsnMsgr.Exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\ZoneLabs\vsmon.exe

C:\Program\Digital Line Detect\DLG.exe

C:\Program\Personal\bin\Personal.exe

C:\WINDOWS\twain_32\ca561a\SnapDetect.exe

C:\Program\Messenger\msmsgs.exe

C:\Program\Hijackthis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.se/

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program\Norton AntiVirus\NavShExt.dll

O4 - HKLM\..\Run: [Apoint] C:\Program\Apoint\Apoint.exe

O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program\Java\jre1.5.0_09\bin\jusched.exe"

O4 - HKLM\..\Run: [intelWireless] C:\Program\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless

O4 - HKLM\..\Run: [iSUSPM Startup] C:\Program\DELADE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe

O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"

O4 - HKLM\..\Run: [ccApp] "C:\Program\Delade filer\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [symantec NetDriver Monitor] C:\Program\SYMNET~1\SNDMon.exe /Consumer

O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"

O4 - HKLM\..\Run: [DataLayer] C:\Program\Delade filer\PCSuite\DataLayer\DataLayer.exe

O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program\Nokia\Nokia PC Suite 6\LaunchApplication.exe -onlytray

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg

O4 - HKLM\..\Run: [sony Ericsson PC Suite] "C:\Program\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program\Zone Labs\ZoneAlarm\zlclient.exe"

O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [orwk] C:\Program\DELADE~1\orwk\orwkm.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - Global Startup: Cisco Systems VPN Client.lnk = C:\Program\Cisco Systems\VPN Client\vpngui.exe

O4 - Global Startup: Digital Line Detect.lnk = ?

O4 - Global Startup: Microsoft Office.lnk = C:\Program\Microsoft Office\Office10\OSA.EXE

O4 - Global Startup: Personal.lnk = C:\Program\Personal\bin\Personal.exe

O4 - Global Startup: SnapDetect.lnk = C:\WINDOWS\twain_32\ca561a\SnapDetect.exe

O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert to existing PDF - res://C:\Program\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~3\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_09\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_09\bin\ssv.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O11 - Options group: [iNTERNATIONAL] International*

O15 - Trusted Zone: http://www.tv4-anytime.se

O15 - Trusted Zone: http://www.tv4.se

O15 - Trusted Zone: *.www.sr.se

O16 - DPF: {1538D4E0-B2C4-402D-B71A-BA6A04BC7A5D} (PictureChooser.picChooser) - http://direct.fotomenyn.com/direct/PictureChooser.cab

O16 - DPF: {274967E8-7BE3-4195-B719-CFE8878B2E39} (FotolaboUploader Control) - http://web1.ifi.fi/WebUpload/ActiveX/FotolaboUploader.cab

O16 - DPF: {2EF3FB47-7B1E-4536-BA4D-51427BD45DFA} (PIXACO Drag and Drop upload plugin) - http://www.pixaco.se/static/download/pixacodndupload.cab

O16 - DPF: {402EE96E-2CE8-482D-ADA5-CECEEA07E16D} (TurnTool Scene) - http://www.turntool.com/ViewerInstall.exe

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1132998710140

O16 - DPF: {9478041E-CAEC-44A5-8271-B56799715926} (ColorApplication Control) - http://clients.theshining.se/colorapp/ColorAppOnline.cab

O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.0 Control) - http://korthuset.seavus.com/ImageUploader3.cab

O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{577DE96D-4547-4A48-867A-6D0FED054908}: NameServer = 81.216.65.11,81.216.65.12

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program\MSNMES~1\MSGRAP~1.DLL

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: Adobe LM Service - Unknown owner - C:\Program\Delade filer\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program\Symantec\LiveUpdate\ALUSchedulerSvc.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccPwdSvc.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccSetMgr.exe

O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program\Cisco Systems\VPN Client\cvpnd.exe

O23 - Service: EvtEng - Intel Corporation - C:\Program\Intel\Wireless\Bin\EvtEng.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program\Delade filer\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPodService - Apple Computer, Inc. - C:\Program\iPod\bin\iPodService.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\Program\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program\Delade filer\Macromedia Shared\Service\Macromedia Licensing.exe

O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program\Network Associates\Common Framework\FrameworkService.exe

O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program\Norton AntiVirus\navapsvc.exe

O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program\Dell\NICCONFIGSVC\NICCONFIGSVC.exe

O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program\Norton AntiVirus\IWP\NPFMntor.exe

O23 - Service: RegSrvc - Intel Corporation - C:\Program\Intel\Wireless\Bin\RegSrvc.exe

O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program\Intel\Wireless\Bin\S24EvMon.exe

O23 - Service: SAVScan - Symantec Corporation - C:\Program\Norton AntiVirus\SAVScan.exe

O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\Program\DELADE~1\SYMANT~1\SCRIPT~1\SBServ.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\SNDSrvc.exe

O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\SPBBC\SPBBCSvc.exe

O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\CCPD-LC\symlcsvc.exe

O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\Security Center\SymWSC.exe

O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program\Intel\Wireless\Bin\WLKeeper.exe

 

[/log]

 

 

/Hans

hej

 

Link to comment
Share on other sites

Bättre, men allt är inte borta än.

 

Kontrollpanelen - Lägg till eller ta bort program

Ta bort SearchToolbarCorp eller något liknande om det finns där.

 

Har du tidigare kört SmitfraudFix?

 

Ladda ner Vundofix:

http://www.atribune.org/ccount/click.php?id=4

 

Starta om datorn i felsäkert läge (tryck F8 upprepade gånger under uppstarten och välj felsäkert läge i menyn).

 

Dubbelklicka på VundoFix.exe för att starta programmet.

När den startar igen så tryck på Scan for Vundo.

När skanningen är klar så tryck på Remove Vundo.

Svara Ja/Yes på frågan om du vill ta bort filerna.

Därefter kommer Skrivbordet att försvinna medan filerna tas bort.

När det är klart så kommer det en fråga om att din dator kommer att stängas av, tryck på OK.

Sätt igång datorn igen i normalt läge.

 

Om det är så att VundoFix inte kunde ta bort någon fil vid första försöket så kommer VundoFix att starta igen när datorn startas, följ i så fall beskrivningen en gång till.

 

Klistra in C:\vundofix.txt och en ny HijackThis-logg i ditt svar.

 

Link to comment
Share on other sites

OK

Hittade inget SearchToolbarCorp eller något liknande.

 

Här kommer nya loggar:

 

[log]

VundoFix V6.2.13

 

Checking Java version...

 

Sun Java not detected

Scan started at 19:56:10 2006-12-04

 

Listing files found while scanning....

 

C:\WINDOWS\system32\winkve32.dll

C:\WINDOWS\system32\ddaya.dll

C:\WINDOWS\system32\ayadd.ini

C:\WINDOWS\system32\ayadd.bak1

C:\WINDOWS\system32\ayadd.bak2

 

Beginning removal...

 

Attempting to delete C:\WINDOWS\system32\winkve32.dll

C:\WINDOWS\system32\winkve32.dll Could not be deleted.

 

Attempting to delete C:\WINDOWS\system32\ddaya.dll

C:\WINDOWS\system32\ddaya.dll Could not be deleted.

 

Attempting to delete C:\WINDOWS\system32\ayadd.ini

C:\WINDOWS\system32\ayadd.ini Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\ayadd.bak1

C:\WINDOWS\system32\ayadd.bak1 Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\ayadd.bak2

C:\WINDOWS\system32\ayadd.bak2 Has been deleted!

 

Performing Repairs to the registry.

Done!

 

Beginning removal...

 

Attempting to delete C:\WINDOWS\system32\winkve32.dll

C:\WINDOWS\system32\winkve32.dll Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\ddaya.dll

C:\WINDOWS\system32\ddaya.dll Has been deleted!

 

Performing Repairs to the registry.

Done!

[/log]

 

[log]Logfile of HijackThis v1.99.1

Scan saved at 20:11:57, on 2006-12-04

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.5730.0011)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program\Intel\Wireless\Bin\EvtEng.exe

C:\Program\Intel\Wireless\Bin\S24EvMon.exe

C:\Program\Intel\Wireless\Bin\ZcfgSvc.exe

C:\Program\Intel\Wireless\Bin\WLKeeper.exe

C:\WINDOWS\Explorer.EXE

C:\Program\Delade filer\Symantec Shared\ccSetMgr.exe

C:\Program\Delade filer\Symantec Shared\SNDSrvc.exe

C:\Program\Delade filer\Symantec Shared\SPBBC\SPBBCSvc.exe

C:\Program\Delade filer\Symantec Shared\ccEvtMgr.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program\Intel\Wireless\Bin\1XConfig.exe

C:\Program\Symantec\LiveUpdate\ALUSchedulerSvc.exe

C:\Program\Cisco Systems\VPN Client\cvpnd.exe

C:\Program\Network Associates\Common Framework\FrameworkService.exe

C:\Program\Norton AntiVirus\navapsvc.exe

C:\Program\Dell\NICCONFIGSVC\NICCONFIGSVC.exe

C:\Program\Norton AntiVirus\IWP\NPFMntor.exe

C:\Program\Intel\Wireless\Bin\RegSrvc.exe

C:\WINDOWS\system32\svchost.exe

C:\Program\Delade filer\Symantec Shared\CCPD-LC\symlcsvc.exe

C:\Program\Delade filer\Symantec Shared\Security Center\SymWSC.exe

C:\Program\Apoint\Apoint.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\WINDOWS\system32\igfxsrvc.exe

C:\Program\Java\jre1.5.0_09\bin\jusched.exe

C:\Program\Intel\Wireless\Bin\ifrmewrk.exe

C:\WINDOWS\system32\dla\tfswctrl.exe

C:\Program\Adobe\Acrobat 7.0\Distillr\Acrotray.exe

C:\Program\Delade filer\Symantec Shared\ccApp.exe

C:\Program\Apoint\Apntex.exe

C:\Program\Delade filer\PCSuite\DataLayer\DataLayer.exe

C:\Program\Nokia\Nokia PC Suite 6\LaunchApplication.exe

C:\Program\iTunes\iTunesHelper.exe

C:\Program\iPod\bin\iPodService.exe

C:\Program\DELADE~1\PCSuite\Services\SERVIC~1.EXE

C:\Program\Zone Labs\ZoneAlarm\zlclient.exe

C:\Program\Network Associates\Common Framework\UpdaterUI.exe

C:\Program\Delade filer\Teleca Shared\CapabilityManager.exe

C:\Program\MSN Messenger\MsnMsgr.Exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\ZoneLabs\vsmon.exe

C:\Program\Digital Line Detect\DLG.exe

C:\Program\Personal\bin\Personal.exe

C:\WINDOWS\twain_32\ca561a\SnapDetect.exe

C:\Program\Hijackthis\HijackThis.exe

C:\Program\Messenger\msmsgs.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.se/

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O2 - BHO: (no name) - {35F7813A-AF74-4474-B1DC-7EE6FB6C43C6} - C:\WINDOWS\system32\twvxrnrp.dll

O2 - BHO: (no name) - {755bbd1a-aa59-456c-afeb-b4c42c4dcb6f} - C:\WINDOWS\system32\ixt0.dll (file missing)

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program\Java\jre1.5.0_09\bin\ssv.dll

O2 - BHO: (no name) - {A809B956-4348-4F95-B8A6-03974EC27015} - C:\WINDOWS\system32\ssqpp.dll (file missing)

O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll

O2 - BHO: (no name) - {E4AE5506-4ABE-44CF-8030-FC6EBD4E460F} - C:\WINDOWS\system32\ddaya.dll (file missing)

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program\Norton AntiVirus\NavShExt.dll

O4 - HKLM\..\Run: [Apoint] C:\Program\Apoint\Apoint.exe

O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program\Java\jre1.5.0_09\bin\jusched.exe"

O4 - HKLM\..\Run: [intelWireless] C:\Program\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless

O4 - HKLM\..\Run: [iSUSPM Startup] C:\Program\DELADE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe

O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"

O4 - HKLM\..\Run: [ccApp] "C:\Program\Delade filer\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [symantec NetDriver Monitor] C:\Program\SYMNET~1\SNDMon.exe /Consumer

O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"

O4 - HKLM\..\Run: [DataLayer] C:\Program\Delade filer\PCSuite\DataLayer\DataLayer.exe

O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program\Nokia\Nokia PC Suite 6\LaunchApplication.exe -onlytray

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg

O4 - HKLM\..\Run: [sony Ericsson PC Suite] "C:\Program\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program\Zone Labs\ZoneAlarm\zlclient.exe"

O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [orwk] C:\Program\DELADE~1\orwk\orwkm.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - Global Startup: Cisco Systems VPN Client.lnk = C:\Program\Cisco Systems\VPN Client\vpngui.exe

O4 - Global Startup: Digital Line Detect.lnk = ?

O4 - Global Startup: Microsoft Office.lnk = C:\Program\Microsoft Office\Office10\OSA.EXE

O4 - Global Startup: Personal.lnk = C:\Program\Personal\bin\Personal.exe

O4 - Global Startup: SnapDetect.lnk = C:\WINDOWS\twain_32\ca561a\SnapDetect.exe

O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert to existing PDF - res://C:\Program\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~3\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_09\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_09\bin\ssv.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O11 - Options group: [iNTERNATIONAL] International*

O15 - Trusted Zone: http://www.tv4-anytime.se

O15 - Trusted Zone: http://www.tv4.se

O15 - Trusted Zone: *.www.sr.se

O16 - DPF: {1538D4E0-B2C4-402D-B71A-BA6A04BC7A5D} (PictureChooser.picChooser) - http://direct.fotomenyn.com/direct/PictureChooser.cab

O16 - DPF: {274967E8-7BE3-4195-B719-CFE8878B2E39} (FotolaboUploader Control) - http://web1.ifi.fi/WebUpload/ActiveX/FotolaboUploader.cab

O16 - DPF: {2EF3FB47-7B1E-4536-BA4D-51427BD45DFA} (PIXACO Drag and Drop upload plugin) - http://www.pixaco.se/static/download/pixacodndupload.cab

O16 - DPF: {402EE96E-2CE8-482D-ADA5-CECEEA07E16D} (TurnTool Scene) - http://www.turntool.com/ViewerInstall.exe

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1132998710140

O16 - DPF: {9478041E-CAEC-44A5-8271-B56799715926} (ColorApplication Control) - http://clients.theshining.se/colorapp/ColorAppOnline.cab

O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.0 Control) - http://korthuset.seavus.com/ImageUploader3.cab

O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{577DE96D-4547-4A48-867A-6D0FED054908}: NameServer = 81.216.65.11,81.216.65.12

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program\MSNMES~1\MSGRAP~1.DLL

O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll

O20 - Winlogon Notify: IntelWireless - C:\Program\Intel\Wireless\Bin\LgNotify.dll

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: Adobe LM Service - Unknown owner - C:\Program\Delade filer\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program\Symantec\LiveUpdate\ALUSchedulerSvc.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccPwdSvc.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccSetMgr.exe

O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program\Cisco Systems\VPN Client\cvpnd.exe

O23 - Service: EvtEng - Intel Corporation - C:\Program\Intel\Wireless\Bin\EvtEng.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program\Delade filer\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPodService - Apple Computer, Inc. - C:\Program\iPod\bin\iPodService.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\Program\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program\Delade filer\Macromedia Shared\Service\Macromedia Licensing.exe

O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program\Network Associates\Common Framework\FrameworkService.exe

O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program\Norton AntiVirus\navapsvc.exe

O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program\Dell\NICCONFIGSVC\NICCONFIGSVC.exe

O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program\Norton AntiVirus\IWP\NPFMntor.exe

O23 - Service: RegSrvc - Intel Corporation - C:\Program\Intel\Wireless\Bin\RegSrvc.exe

O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program\Intel\Wireless\Bin\S24EvMon.exe

O23 - Service: SAVScan - Symantec Corporation - C:\Program\Norton AntiVirus\SAVScan.exe

O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\Program\DELADE~1\SYMANT~1\SCRIPT~1\SBServ.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\SNDSrvc.exe

O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\SPBBC\SPBBCSvc.exe

O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\CCPD-LC\symlcsvc.exe

O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\Security Center\SymWSC.exe

O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program\Intel\Wireless\Bin\WLKeeper.exe

 

[/log]

 

/ Hans

 

[inlägget ändrat 2006-12-04 20:16:44 av ballahallon]

Link to comment
Share on other sites

Körde du SmitfraudFix för att få bort ISHOST?

 

Gå till http://www.virustotal.com/ klistra in ett av följande filnamn i rutan, tryck på Send och vänta tills resultatet är klart (Status blir Finished). Klistra in resultatet (inkl. filstorlek) här. Upprepa med nästa filnamn.

C:\Program\DELADE~1\orwk\orwkm.exe

 

 

Link to comment
Share on other sites

Nej.

Jag har kört SmitfraudFix men jag tog bort ISHOST genom Felsäkert läge | RegEdit.

 

Ska testa virustotal.com i eftermiddag.

/ Hans

 

Link to comment
Share on other sites

Hej igen

Vilka filnamn menar du?

[log]

Complete scanning result of "orwkm.exe", received in VirusTotal at 12.05.2006, 19:39:58 (CET).

 

Antivirus Version Update Result

AntiVir 7.2.0.49 12.05.2006 no virus found

Authentium 4.93.8 12.04.2006 no virus found

Avast 4.7.892.0 12.05.2006 no virus found

AVG 386 12.05.2006 no virus found

BitDefender 7.2 12.05.2006 no virus found

CAT-QuickHeal 8.00 12.05.2006 no virus found

ClamAV devel-20060426 12.05.2006 no virus found

DrWeb 4.33 12.05.2006 no virus found

eSafe 7.0.14.0 12.03.2006 no virus found

eTrust-InoculateIT 23.73.76 12.05.2006 no virus found

eTrust-Vet 30.3.3232 12.05.2006 no virus found

Ewido 4.0 12.05.2006 no virus found

Fortinet 2.82.0.0 12.05.2006 no virus found

F-Prot 3.16f 12.04.2006 no virus found

F-Prot4 4.2.1.29 12.04.2006 no virus found

Ikarus T3.1.0.26 12.05.2006 no virus found

Kaspersky 4.0.2.24 12.05.2006 no virus found

McAfee 4911 12.05.2006 no virus found

Microsoft 1.1804 12.05.2006 no virus found

NOD32v2 1902 12.05.2006 no virus found

Norman 5.80.02 12.05.2006 no virus found

Panda 9.0.0.4 12.05.2006 no virus found

Prevx1 V2 12.05.2006 no virus found

Sophos 4.12.0 12.04.2006 no virus found

Sunbelt 2.2.907.0 11.30.2006 no virus found

TheHacker 6.0.3.129 12.05.2006 no virus found

UNA 1.83 12.05.2006 no virus found

VBA32 3.11.1 12.05.2006 no virus found

VirusBuster 4.3.15:9 12.05.2006 no virus found

 

 

Aditional Information

File size: 0 bytes

MD5: d41d8cd98f00b204e9800998ecf8427e

SHA1: da39a3ee5e6b4b0d3255bfef95601890afd80709

[/log]

/ Hans

 

Link to comment
Share on other sites

Kopierade över lite för mycket bara, jag har en standardtext för kontroll av flera filer.

 

File size: 0 bytes
Ska bort alltså.

 

Skanna med HijackThis och bocka för:

 

O2 - BHO: (no name) - {35F7813A-AF74-4474-B1DC-7EE6FB6C43C6} - C:\WINDOWS\system32\twvxrnrp.dll

O2 - BHO: (no name) - {755bbd1a-aa59-456c-afeb-b4c42c4dcb6f} - C:\WINDOWS\system32\ixt0.dll (file missing)

O2 - BHO: (no name) - {A809B956-4348-4F95-B8A6-03974EC27015} - C:\WINDOWS\system32\ssqpp.dll (file missing)

O2 - BHO: (no name) - {E4AE5506-4ABE-44CF-8030-FC6EBD4E460F} - C:\WINDOWS\system32\ddaya.dll (file missing)

O4 - HKCU\..\Run: [orwk] C:\Program\DELADE~1\orwk\orwkm.exe

 

Avsluta alla andra program.

Tryck Fix checked.

 

Starta om datorn i felsäkert läge (tryck F8 upprepade gånger under uppstarten och välj felsäkert läge i menyn).

 

Ställ in Utforskaren så att du kan se alla filer:

Verktyg - (Mapp)alternativ eller liknande - Visning

Välj Visa dolda filer och mappar

Avbocka Dölj filnamnstillägg för kända filtyper

Avbocka Dölj skyddade operativsystemfiler

 

Ta bort filerna (om de finns kvar):

C:\WINDOWS\system32\twvxrnrp.dll

C:\WINDOWS\system32\ssqpp.dll

C:\WINDOWS\system32\ddaya.dll

 

Ta bort mapparna (om de finns kvar):

C:\Program\DELADE~1\orwk

där ~1 står för ett antal godtyckliga tecken

 

Starta om i normalt läge och så en ny HijackThis-logg.

 

Link to comment
Share on other sites

Japp då testar vi igen.

Ny logg:

[log]Logfile of HijackThis v1.99.1

Scan saved at 21:52:28, on 2006-12-07

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.5730.0011)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program\Intel\Wireless\Bin\EvtEng.exe

C:\Program\Intel\Wireless\Bin\S24EvMon.exe

C:\Program\Intel\Wireless\Bin\ZcfgSvc.exe

C:\Program\Intel\Wireless\Bin\WLKeeper.exe

C:\WINDOWS\Explorer.EXE

C:\Program\Delade filer\Symantec Shared\ccSetMgr.exe

C:\Program\Delade filer\Symantec Shared\SNDSrvc.exe

C:\Program\Delade filer\Symantec Shared\SPBBC\SPBBCSvc.exe

C:\Program\Delade filer\Symantec Shared\ccEvtMgr.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program\Symantec\LiveUpdate\ALUSchedulerSvc.exe

C:\Program\Cisco Systems\VPN Client\cvpnd.exe

C:\Program\Network Associates\Common Framework\FrameworkService.exe

C:\Program\Norton AntiVirus\navapsvc.exe

C:\Program\Dell\NICCONFIGSVC\NICCONFIGSVC.exe

C:\Program\Norton AntiVirus\IWP\NPFMntor.exe

C:\Program\Intel\Wireless\Bin\RegSrvc.exe

C:\WINDOWS\system32\svchost.exe

C:\Program\Delade filer\Symantec Shared\CCPD-LC\symlcsvc.exe

C:\Program\Intel\Wireless\Bin\1XConfig.exe

C:\Program\Delade filer\Symantec Shared\Security Center\SymWSC.exe

C:\Program\Apoint\Apoint.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\Program\Java\jre1.5.0_09\bin\jusched.exe

C:\Program\Intel\Wireless\Bin\ifrmewrk.exe

C:\WINDOWS\system32\igfxsrvc.exe

C:\WINDOWS\system32\dla\tfswctrl.exe

C:\Program\Adobe\Acrobat 7.0\Distillr\Acrotray.exe

C:\Program\Delade filer\Symantec Shared\ccApp.exe

C:\Program\Delade filer\PCSuite\DataLayer\DataLayer.exe

C:\Program\Nokia\Nokia PC Suite 6\LaunchApplication.exe

C:\Program\Apoint\Apntex.exe

C:\Program\iTunes\iTunesHelper.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program\DELADE~1\PCSuite\Services\SERVIC~1.EXE

C:\Program\Zone Labs\ZoneAlarm\zlclient.exe

C:\Program\Network Associates\Common Framework\UpdaterUI.exe

C:\Program\MSN Messenger\MsnMsgr.Exe

C:\Program\Delade filer\Teleca Shared\CapabilityManager.exe

C:\Program\iPod\bin\iPodService.exe

C:\WINDOWS\system32\ZoneLabs\vsmon.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program\Digital Line Detect\DLG.exe

C:\Program\Personal\bin\Personal.exe

C:\WINDOWS\twain_32\ca561a\SnapDetect.exe

C:\Program\Internet Explorer\iexplore.exe

C:\WINDOWS\system32\svchost.exe

C:\Program\Hijackthis\HijackThis.exe

C:\Program\Messenger\msmsgs.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.se/

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program\Java\jre1.5.0_09\bin\ssv.dll

O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program\Norton AntiVirus\NavShExt.dll

O4 - HKLM\..\Run: [Apoint] C:\Program\Apoint\Apoint.exe

O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program\Java\jre1.5.0_09\bin\jusched.exe"

O4 - HKLM\..\Run: [intelWireless] C:\Program\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless

O4 - HKLM\..\Run: [iSUSPM Startup] C:\Program\DELADE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe

O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"

O4 - HKLM\..\Run: [ccApp] "C:\Program\Delade filer\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [symantec NetDriver Monitor] C:\Program\SYMNET~1\SNDMon.exe /Consumer

O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"

O4 - HKLM\..\Run: [DataLayer] C:\Program\Delade filer\PCSuite\DataLayer\DataLayer.exe

O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program\Nokia\Nokia PC Suite 6\LaunchApplication.exe -onlytray

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg

O4 - HKLM\..\Run: [sony Ericsson PC Suite] "C:\Program\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program\Zone Labs\ZoneAlarm\zlclient.exe"

O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - Global Startup: Cisco Systems VPN Client.lnk = C:\Program\Cisco Systems\VPN Client\vpngui.exe

O4 - Global Startup: Digital Line Detect.lnk = ?

O4 - Global Startup: Microsoft Office.lnk = C:\Program\Microsoft Office\Office10\OSA.EXE

O4 - Global Startup: Personal.lnk = C:\Program\Personal\bin\Personal.exe

O4 - Global Startup: SnapDetect.lnk = C:\WINDOWS\twain_32\ca561a\SnapDetect.exe

O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert to existing PDF - res://C:\Program\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~3\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_09\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_09\bin\ssv.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O11 - Options group: [iNTERNATIONAL] International*

O15 - Trusted Zone: http://www.tv4-anytime.se

O15 - Trusted Zone: http://www.tv4.se

O15 - Trusted Zone: *.www.sr.se

O16 - DPF: {1538D4E0-B2C4-402D-B71A-BA6A04BC7A5D} (PictureChooser.picChooser) - http://direct.fotomenyn.com/direct/PictureChooser.cab

O16 - DPF: {274967E8-7BE3-4195-B719-CFE8878B2E39} (FotolaboUploader Control) - http://web1.ifi.fi/WebUpload/ActiveX/FotolaboUploader.cab

O16 - DPF: {2EF3FB47-7B1E-4536-BA4D-51427BD45DFA} (PIXACO Drag and Drop upload plugin) - http://www.pixaco.se/static/download/pixacodndupload.cab

O16 - DPF: {402EE96E-2CE8-482D-ADA5-CECEEA07E16D} (TurnTool Scene) - http://www.turntool.com/ViewerInstall.exe

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1132998710140

O16 - DPF: {9478041E-CAEC-44A5-8271-B56799715926} (ColorApplication Control) - http://clients.theshining.se/colorapp/ColorAppOnline.cab

O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.0 Control) - http://korthuset.seavus.com/ImageUploader3.cab

O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{577DE96D-4547-4A48-867A-6D0FED054908}: NameServer = 81.216.65.11,81.216.65.12

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program\MSNMES~1\MSGRAP~1.DLL

O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll

O20 - Winlogon Notify: IntelWireless - C:\Program\Intel\Wireless\Bin\LgNotify.dll

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: Adobe LM Service - Unknown owner - C:\Program\Delade filer\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program\Symantec\LiveUpdate\ALUSchedulerSvc.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccPwdSvc.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccSetMgr.exe

O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program\Cisco Systems\VPN Client\cvpnd.exe

O23 - Service: EvtEng - Intel Corporation - C:\Program\Intel\Wireless\Bin\EvtEng.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program\Delade filer\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPodService - Apple Computer, Inc. - C:\Program\iPod\bin\iPodService.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\Program\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program\Delade filer\Macromedia Shared\Service\Macromedia Licensing.exe

O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program\Network Associates\Common Framework\FrameworkService.exe

O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program\Norton AntiVirus\navapsvc.exe

O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program\Dell\NICCONFIGSVC\NICCONFIGSVC.exe

O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program\Norton AntiVirus\IWP\NPFMntor.exe

O23 - Service: RegSrvc - Intel Corporation - C:\Program\Intel\Wireless\Bin\RegSrvc.exe

O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program\Intel\Wireless\Bin\S24EvMon.exe

O23 - Service: SAVScan - Symantec Corporation - C:\Program\Norton AntiVirus\SAVScan.exe

O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\Program\DELADE~1\SYMANT~1\SCRIPT~1\SBServ.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\SNDSrvc.exe

O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\SPBBC\SPBBCSvc.exe

O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\CCPD-LC\symlcsvc.exe

O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\Security Center\SymWSC.exe

O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program\Intel\Wireless\Bin\WLKeeper.exe

 

[/log]

 

Tack för hjälpen förresten.

Datorn funkar fint nu...

/ Hans

 

Link to comment
Share on other sites

Jag ser inte heller något otrevligt i loggen. :thumbsup:

 

Här kommer mina vanliga råd för en säkrare dator, men det är så klart viktigt att man använder sitt förnuft också.

 

Uppdatera från Windows Update och kör antispionprogrammen AVG Anti-Spyware (Ewido), SUPERAntiSpyware, Spybot S&D och/eller Ad-aware regelbundet.

http://www.ewido.net/en/

http://www.superantispyware.com/

http://www.safer-networking.org/en/download/index.html

http://www.lavasoft.com

 

Komplettera antivirusprogrammet med några online-skanningar då och då:

http://housecall.trendmicro.com/

http://www.bitdefender.com/scan8/ie.html

http://www.pandasoftware.com/products/activescan/

 

Använd en brandvägg (bättre än den inbyggda i XP), finns gratis från t ex ZoneLabs.

http://www.zonelabs.com/store/content/home.jsp

 

Om man använder Internet Explorer så kan det vara lämpligt att ha programmen SpywareBlaster och SpywareGuard, vilka hindrar en hel del otrevliga program från att laddas ner resp. köras:

http://www.javacoolsoftware.com

 

Se över säkerhetsinställningarna i Internet Explorer, det finns en hel del tips här:

http://www.spywarewarrior.com/uiuc/btw/ie/ie-opts.htm

 

Samt kör IE-SpyAd som lägger en hel massa otrevliga webbplatser i zonen Ej tillförlitliga i Internet Explorer så att de inte kan göra något med datorn:

http://www.spywarewarrior.com/uiuc/resource.htm

 

Om man byter webbläsare så är det bara SpywareGuard som behövs. Andra webbläsare är t ex Mozilla Firefox och Opera:

http://www.mozilla.org

http://www.opera.com

 

Allt gratis för hemanvändare/personligt bruk.

 

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.



×
×
  • Create New...