Just nu i M3-nätverket
Jump to content

jag har virus


Göteborgs energi

Recommended Posts

Göteborgs energi

Något har hänt, med min dator. Det poppar upp en massa reklam. Jag misstänker trojaner. Gjorde en onlinescanninng med panda och det gav en massa FARLIGA träffar! I start-menyn har vi hittat saker jag inte känner igen. Kan någon hjälpa mig att lösa detta problem???

 

Link to comment
Share on other sites

Göteborgs energi

[log]Logfile of HijackThis v1.99.1

Scan saved at 17:15:47, on 2006-12-05

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Program\Java\j2re1.4.2_01\bin\jusched.exe

C:\Program\iTunes\iTunesHelper.exe

C:\Program\QuickTime\qttask.exe

C:\WINDOWS\System32\rundll32.exe

C:\Documents and Settings\Daniel\Skrivbord\winstall.exe

C:\Program\ipwins\ipwins.exe

C:\Program\Delade filer\{A8647AAB-0A80-1053-0414-04082920002e}\Update.exe

C:\DOCUME~1\Daniel\MINADO~1\SCURIT~1\chkdsk.exe

C:\Program\?racle\r?gedit.exe

C:\Program\Spybot - Search & Destroy\TeaTimer.exe

C:\WINDOWS\System32\CTSvcCDA.EXE

C:\Program\Delade filer\EPSON\EBAPI\SAgent2.exe

C:\WINDOWS\System32\MsPMSPSv.exe

C:\Program\iPod\bin\iPodService.exe

C:\WINDOWS\System32\WgaTray.exe

C:\WINDOWS\System32\wuauclt.exe

C:\Program\Internet Explorer\IEXPLORE.EXE

C:\Program\Internet Explorer\IEXPLORE.EXE

C:\Program\Internet Explorer\IEXPLORE.EXE

C:\Program\Hijackthis\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://format.packardbell.com/cgi-bin/redirect/?country=SW&range=AD&phase=6&key=SEARCH

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mail.yahoo.com/?.intl=us

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = file://C:\APPS\IE\offline\sw.htm

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Packard Bell

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://130.243.27.162:8080/proxy.pac

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar

R3 - URLSearchHook: (no name) - {141A84D5-3838-63EC-3C75-4F31C6C1F9B4} - C:\WINDOWS\System32\dgjtu.dll

R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)

O1 - Hosts: 64.91.255.87 www.dcsresearch.com

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {141A84D5-3838-63EC-3C75-4F31C6C1F9B4} - C:\WINDOWS\System32\dgjtu.dll

O2 - BHO: URLLink - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:\Program\NewDotNet\newdotnet7_22.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program\Delade filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll

O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\sv\msntb.dll

O2 - BHO: 888Bar - {C004DEC2-2623-438e-9CA2-C9043AB28508} - C:\Program\DELADE~1\{38647~1\888Bar.dll

O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\sv\msntb.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: 888Bar - {C004DEC2-2623-438e-9CA2-C9043AB28508} - C:\Program\DELADE~1\{38647~1\888Bar.dll

O4 - HKLM\..\Run: [siS KHooker] C:\WINDOWS\System32\khooker.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program\Java\j2re1.4.2_01\bin\jusched.exe

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\Program\NEWDOT~1\NEWDOT~2.DLL,ClientStartup -s

O4 - HKLM\..\Run: [explorer] C:\Documents and Settings\Daniel\Skrivbord\winstall.exe

O4 - HKLM\..\Run: [ipWins] C:\Program\ipwins\ipwins.exe

O4 - HKCU\..\Run: [WeatherCast] C:\Program\WEATHE~1\Weather.exe /q

O4 - HKCU\..\Run: [WhenUSave] "C:\Program\Save\Save.exe"

O4 - HKCU\..\Run: [Aapt] "C:\DOCUME~1\Daniel\MINADO~1\SCURIT~1\chkdsk.exe" -vt yazb

O4 - HKCU\..\Run: [Kwhq] C:\Program\?racle\r?gedit.exe

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program\Spybot - Search & Destroy\TeaTimer.exe

O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~3\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\j2re1.4.2_01\bin\npjpi142_01.dll

O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\j2re1.4.2_01\bin\npjpi142_01.dll

O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

O9 - Extra button: @C:\Program\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: @C:\Program\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O10 - Hijacked Internet access by New.Net

O10 - Hijacked Internet access by New.Net

O10 - Hijacked Internet access by New.Net

O10 - Hijacked Internet access by New.Net

O10 - Hijacked Internet access by New.Net

O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\sw.htm

O16 - DPF: {230C3D02-DA27-11D2-8612-00A0C93EEA3C} (SAXFile FileUpload ActiveX Control) - http://www.fujidirekt.se/SAXFile/saxfile.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://nagonannanstans.spaces.msn.com/PhotoUpload/MsnPUpld.cab?10,0,912,0

O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.safety.live.com/resource/download/scanner/wlscbase8460.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1164986636953

O16 - DPF: {7C405D1B-4007-11D3-8B8E-00104B3E656F} (SBCRecorderPlayer Control) - https://wms.pro.euromail.se/VoiceRecorder/SBCRP.cab

O16 - DPF: {88D758A3-D33B-45FD-91E3-67749B4057FA} (Sinstaller Class) - http://dm.screensavers.com/dm/installers/si/1/sinstaller.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O16 - DPF: {B64F4A7C-97C9-11DA-8BDE-F66BAD1E3F3A} - http://locator1.cdn.imagesrvr.com/sites/errorsafe.com/www/download/2006/cabs/ErrorSafeFreeInstall_se.cab'>http://locator1.cdn.imagesrvr.com/sites/errorsafe.com/www/download/2006/cabs/ErrorSafeFreeInstall_se.cab

O16 - DPF: {F919FBD3-A96B-4679-AF26-F551439BB5FD} - http://locator1.cdn.imagesrvr.com/sites/errorsafe.com/www/download/2006/cabs/ErrorSafeFreeInstall_se.cab

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program\MSNMES~1\MSGRAP~1.DLL

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTSvcCDA.EXE

O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program\Delade filer\EPSON\EBAPI\SAgent2.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program\Delade filer\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPodService - Apple Computer, Inc. - C:\Program\iPod\bin\iPodService.exe[/log]

 

Link to comment
Share on other sites

Hmm, ser ut som MSN-otrevligheten som sprids när man klickar på en länk i MSN. I så fall bör man avinstallera MSN eftersom själva programmet kan vara infekterat.

 

Kontrollpanelen - Lägg till eller ta bort program

Ta bort 888Bar om den finns där

 

Ladda hem och installera gratisversionen av SUPERAntiSpyware Free Edition:

http://www.superantispyware.com/download.html

Starta programmet, klicka på Check for updates.

Avsluta programmet när uppdateringen är klar.

 

Starta om datorn i felsäkert läge (tryck F8 upprepade gånger under uppstarten och välj felsäkert läge i menyn).

 

Starta SUPERAntiSpyware och klicka på Scan your Computer.

Bocka för alla hårddiskar (fixed drive/disk).

Välj Perform complete scan

Nästa/Next

 

När skanningen är klar som kommer det upp en sammanfattning, tryck på OK

Nästa/Next

Utför eller liknande

Ett fönster med Quarantine and removal Complete kommer upp

OK

Utför eller liknande

Avsluta programmet.

 

Starta om i normalt läge.

 

Starta programmet, tryck på Preferences, välj filken Statistics/Logs

Dubbelklicka på den nyaste SUPERAntiSpyware Scan Log så att loggen kommer upp i Anteckningar.

Klistra in loggen i ditt svar samt en ny HijackThis-logg.

 

Link to comment
Share on other sites

Göteborgs energi

[log]SUPERAntiSpyware Scan Log

Generated 12/09/2006 at 04:31 PM

 

Application Version : 3.3.1020

 

Core Rules Database Version : 3144

Trace Rules Database Version: 1160

 

Scan type : Complete Scan

Total Scan Time : 00:10:30

 

Memory items scanned : 156

Memory threats detected : 1

Registry items scanned : 4565

Registry threats detected : 218

File items scanned : 984

File threats detected : 43

 

Trojan.NewDotNet-Installer

C:\PROGRAM\NEWDOTNET\NEWDOTNET7_22.DLL

C:\PROGRAM\NEWDOTNET\NEWDOTNET7_22.DLL

 

Trojan.NewDotNet

[New.net Startup] C:\PROGRAM\NEWDOT~1\NEWDOT~2.DLL

C:\PROGRAM\NEWDOT~1\NEWDOT~2.DLL

HKLM\Software\Classes\CLSID\{4A2AACF3-ADF6-11D5-98A9-00E018981B9E}

HKCR\CLSID\{4A2AACF3-ADF6-11D5-98A9-00E018981B9E}

HKCR\CLSID\{4A2AACF3-ADF6-11D5-98A9-00E018981B9E}

HKCR\CLSID\{4A2AACF3-ADF6-11D5-98A9-00E018981B9E}\InprocServer32

HKCR\CLSID\{4A2AACF3-ADF6-11D5-98A9-00E018981B9E}\InprocServer32#ThreadingModel

HKCR\CLSID\{4A2AACF3-ADF6-11D5-98A9-00E018981B9E}\ProgID

HKCR\CLSID\{4A2AACF3-ADF6-11D5-98A9-00E018981B9E}\Programmable

HKCR\CLSID\{4A2AACF3-ADF6-11D5-98A9-00E018981B9E}\TypeLib

HKCR\CLSID\{4A2AACF3-ADF6-11D5-98A9-00E018981B9E}\VersionIndependentProgID

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4A2AACF3-ADF6-11D5-98A9-00E018981B9E}

SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000001

SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000002

SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000018

SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000019

HKCR\Tldctl2.URLLink

HKCR\Tldctl2.URLLink\CLSID

HKCR\Tldctl2.URLLink\CurVer

HKCR\Tldctl2.URLLink.1

HKCR\Tldctl2.URLLink.1\CLSID

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\New.net

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\New.net#DisplayName

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\New.net#UninstallString

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\New.net#DisplayIcon

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\New.net#DisplayVersion

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\New.net#Publisher

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\New.net#URLInfoAbout

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\New.net#HelpLink

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\New.net#URLUpdateInfo

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\New.net#VersionMajor

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\New.net#VersionMinor

HKU\.DEFAULT\Software\New.net

HKU\S-1-5-21-3697636269-109942723-4172078318-1005\Software\New.net

HKU\S-1-5-18\Software\New.net

HKLM\Software\New.net

HKLM\Software\New.net#Activity

HKLM\Software\New.net#InstalledVersion

HKLM\Software\New.net#InstalledPath

HKLM\Software\New.net#Tag

HKLM\Software\New.net#DiscardTag

HKLM\Software\New.net#FirstTime

HKLM\Software\New.net#Source

HKLM\Software\New.net#Prt

HKLM\Software\New.net#LSPStatus

HKLM\Software\New.net#NextUpgradeHi

HKLM\Software\New.net#NextUpgradeLo

HKLM\Software\New.net#UpgradeCounter

HKLM\Software\New.net#Search

C:\Program\NewDotNet\readme.html

C:\Program\NewDotNet\uninstall6_38.exe

C:\Program\NewDotNet\uninstall7_22.exe

C:\Program\NewDotNet

 

Adware.IPWins

[ipWins] C:\PROGRAM\IPWINS\IPWINS.EXE

C:\PROGRAM\IPWINS\IPWINS.EXE

HKU\S-1-5-21-3697636269-109942723-4172078318-1005\Software\IpWins

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IpWins

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IpWins#DisplayName

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IpWins#UninstallString

C:\Program\ipwins\pop42.tmp

C:\Program\ipwins\pop57.tmp

C:\Program\ipwins\Services.dll

C:\Program\ipwins\Uninst.exe

C:\Program\ipwins

 

Worm.Sober Variant

[Aapt] C:\DOCUME~1\DANIEL\MINADO~1\SCURIT~1\CHKDSK.EXE

C:\DOCUME~1\DANIEL\MINADO~1\SCURIT~1\CHKDSK.EXE

 

Trojan.Update-Mcboo

[{A8647AAB-0A80-1053-0414-04082920002e}] C:\PROGRAM\DELADE FILER\{A8647AAB-0A80-1053-0414-04082920002E}\UPDATE.EXE

C:\PROGRAM\DELADE FILER\{A8647AAB-0A80-1053-0414-04082920002E}\UPDATE.EXE

C:\WINDOWS\Prefetch\UPDATE.EXE-316B49C6.pf

 

Adware.DelFin Project/PromulGate

HKLM\Software\Classes\CLSID\{E1412445-4FF8-410e-8D24-F2CF86B171A4}

HKCR\CLSID\{E1412445-4FF8-410E-8D24-F2CF86B171A4}

HKCR\CLSID\{E1412445-4FF8-410E-8D24-F2CF86B171A4}

HKCR\CLSID\{E1412445-4FF8-410E-8D24-F2CF86B171A4}#AppID

HKCR\CLSID\{E1412445-4FF8-410E-8D24-F2CF86B171A4}\InprocServer32

HKCR\CLSID\{E1412445-4FF8-410E-8D24-F2CF86B171A4}\InprocServer32#ThreadingModel

HKCR\CLSID\{E1412445-4FF8-410E-8D24-F2CF86B171A4}\ProgID

HKCR\CLSID\{E1412445-4FF8-410E-8D24-F2CF86B171A4}\Programmable

HKCR\CLSID\{E1412445-4FF8-410E-8D24-F2CF86B171A4}\TypeLib

HKCR\CLSID\{E1412445-4FF8-410E-8D24-F2CF86B171A4}\VersionIndependentProgID

C:\PROGRAM\PEDEVICE\PEDEV.DLL

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E1412445-4FF8-410e-8D24-F2CF86B171A4}

 

Adware.Tracking Cookie

C:\Documents and Settings\Daniel\Cookies\daniel@ad-server.gulasidorna[2].txt

C:\Documents and Settings\Daniel\Cookies\daniel@advertising[2].txt

C:\Documents and Settings\Daniel\Cookies\daniel@ad.adtoma[1].txt

C:\Documents and Settings\Daniel\Cookies\daniel@bluestreak[1].txt

C:\Documents and Settings\Daniel\Cookies\daniel@tradedoubler[2].txt

C:\Documents and Settings\Daniel\Cookies\daniel@ad1.emediate[3].txt

C:\Documents and Settings\Daniel\Cookies\daniel@adtech[2].txt

C:\Documents and Settings\Daniel\Cookies\daniel@kanoodle[1].txt

C:\Documents and Settings\Daniel\Cookies\daniel@ad1.emediate[2].txt

C:\Documents and Settings\Daniel\Cookies\daniel@mediaplex[1].txt

C:\Documents and Settings\Daniel\Cookies\daniel@redirect.advertising[1].txt

 

Adware.WhenU

HKCR\WUSN.1

HKCR\WUSN.1#WUSN_Id

HKCR\ACM.ACMFactory

HKCR\ACM.ACMFactory\CLSID

HKCR\ACM.ACMFactory\CurVer

HKCR\ACM.ACMFactory.1

HKCR\ACM.ACMFactory.1\CLSID

HKCR\Interface\{572FB162-C0BA-4EDF-8CFF-E3846153B9B0}

HKCR\Interface\{572FB162-C0BA-4EDF-8CFF-E3846153B9B0}\ProxyStubClsid

HKCR\Interface\{572FB162-C0BA-4EDF-8CFF-E3846153B9B0}\ProxyStubClsid32

HKCR\Interface\{572FB162-C0BA-4EDF-8CFF-E3846153B9B0}\TypeLib

HKCR\Interface\{572FB162-C0BA-4EDF-8CFF-E3846153B9B0}\TypeLib#Version

HKCR\AppId\{127DF9B4-D75D-44A6-AF78-8C3A8CEB03DB}

HKCR\CLSID\{A9AAE1AB-9688-42C5-86F5-C12F6B9015AD}

HKCR\CLSID\{A9AAE1AB-9688-42C5-86F5-C12F6B9015AD}#AppID

HKCR\CLSID\{A9AAE1AB-9688-42C5-86F5-C12F6B9015AD}\InprocServer32

HKCR\CLSID\{A9AAE1AB-9688-42C5-86F5-C12F6B9015AD}\InprocServer32#ThreadingModel

HKCR\CLSID\{A9AAE1AB-9688-42C5-86F5-C12F6B9015AD}\ProgID

HKCR\CLSID\{A9AAE1AB-9688-42C5-86F5-C12F6B9015AD}\Programmable

HKCR\CLSID\{A9AAE1AB-9688-42C5-86F5-C12F6B9015AD}\TypeLib

HKCR\CLSID\{A9AAE1AB-9688-42C5-86F5-C12F6B9015AD}\VersionIndependentProgID

HKCR\AppId\ACM.DLL

HKCR\AppId\ACM.DLL#AppID

HKCR\TypeLib\{DF901432-1B9F-4F5B-9E56-301C553F9095}

HKCR\TypeLib\{DF901432-1B9F-4F5B-9E56-301C553F9095}\1.0

HKCR\TypeLib\{DF901432-1B9F-4F5B-9E56-301C553F9095}\1.0\0

HKCR\TypeLib\{DF901432-1B9F-4F5B-9E56-301C553F9095}\1.0\0\win32

HKCR\TypeLib\{DF901432-1B9F-4F5B-9E56-301C553F9095}\1.0\FLAGS

HKCR\TypeLib\{DF901432-1B9F-4F5B-9E56-301C553F9095}\1.0\HELPDIR

HKCR\Interface\{72A836D1-BC00-43C0-A941-17960E4FB842}

HKCR\Interface\{72A836D1-BC00-43C0-A941-17960E4FB842}\ProxyStubClsid

HKCR\Interface\{72A836D1-BC00-43C0-A941-17960E4FB842}\ProxyStubClsid32

HKCR\Interface\{72A836D1-BC00-43C0-A941-17960E4FB842}\TypeLib

HKCR\Interface\{72A836D1-BC00-43C0-A941-17960E4FB842}\TypeLib#Version

HKCR\Interface\{43382522-A846-46F4-AC57-1F71AE6E1086}

HKCR\Interface\{43382522-A846-46F4-AC57-1F71AE6E1086}\ProxyStubClsid

HKCR\Interface\{43382522-A846-46F4-AC57-1F71AE6E1086}\ProxyStubClsid32

HKCR\Interface\{43382522-A846-46F4-AC57-1F71AE6E1086}\TypeLib

HKCR\Interface\{43382522-A846-46F4-AC57-1F71AE6E1086}\TypeLib#Version

HKLM\Software\WhenUSave

HKLM\Software\WhenUSave#db_local_update

HKLM\Software\WhenUSave#db_script_update

HKLM\Software\WhenUSave#InstallDir

HKLM\Software\WhenUSave#pats_url

HKLM\Software\WhenUSave#pat_chunks_url

HKLM\Software\WhenUSave#script_url

HKLM\Software\WhenUSave#update_url

HKLM\Software\WhenUSave#ver_url

HKLM\Software\WhenUSave#InstallTime

HKLM\Software\WhenUSave#Partner

HKLM\Software\WhenUSave#ccode

HKLM\Software\WhenUSave#PartnerDesc

HKLM\Software\WhenUSave#city

HKLM\Software\WhenUSave#country

HKLM\Software\WhenUSave#FullDBTime

HKLM\Software\WhenUSave#HeartbeatTime

HKLM\Software\WhenUSave#Version

HKLM\Software\WhenUSave#extra_url

HKLM\Software\WhenUSave#extraver_url

HKLM\Software\WhenUSave#ziptomsa_url

HKLM\Software\WhenUSave#UpdateTime

HKLM\Software\WhenUSave#TotalPartner

HKLM\Software\WhenUSave#PartnerB

HKLM\Software\WhenUSave#brandskin_url

HKLM\Software\WhenUSave#brandstrip_rs

HKLM\Software\WhenUSave#brandstrip_url

HKLM\Software\WhenUSave#himp_url

HKLM\Software\WhenUSave#iptomsa_url

HKLM\Software\WhenUSave#maxPopups_rs

HKLM\Software\WhenUSave#timedDBUpdate_rs

HKLM\Software\WhenUSave#uninstalltag_rs

HKLM\Software\WhenUSave#db_stamp_rs

HKLM\Software\WhenUSave#db_server_update

HKLM\Software\WhenUSave#MSA

HKLM\Software\WhenUSave#TotalPopup

HKLM\Software\WhenUSave#bstat_rs

HKLM\Software\WhenUSave#SystemParam_rs

HKLM\Software\WhenUSave#LastPartner

HKLM\Software\WhenUSave#zip

HKLM\Software\WhenUSave#acm_rs

HKLM\Software\WhenUSave#HeartbeatCount

HKLM\Software\WhenUSave#redir3p_url

HKLM\Software\WhenUSave#uninstall_cmd_rs

HKLM\Software\WhenUSave#fword_rs

HKLM\Software\WhenUSave#extraupdate_rs

HKLM\Software\WhenUSave#uninst_rs

HKLM\Software\WhenUSave#dbc_chunks_rs

HKLM\Software\WhenUSave#src_url

HKLM\Software\WhenUSave#db_ver_update

HKLM\Software\WhenUSave#IPToMsaTime_rs

HKLM\Software\WhenUSave#country_old_rs

HKLM\Software\WhenUSave#city_old_rs

HKLM\Software\WhenUSave#UrlChangeCount

HKLM\Software\WhenUSave\Partners

HKLM\Software\WhenUSave\Partners\NDIV

HKLM\Software\WhenUSave\Partners\NDIV#Partner

HKLM\Software\WhenUSave\Partners\NDIV#InstallTime

HKLM\Software\WhenUSave\Partners\NDIV#PartnerDesc

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WhenUSaveMsg

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WhenUSaveMsg#DisplayName

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WhenUSaveMsg#DisplayIcon

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WhenUSaveMsg#DisplayVersion

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WhenUSaveMsg#HelpLink

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WhenUSaveMsg#UrlInfoAbout

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WhenUSaveMsg#Publisher

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WhenUSaveMsg#UninstallString

HKCR\WhenU.EmbedSE

HKCR\WhenU.EmbedSE\CLSID

HKCR\WhenU.EmbedSE\CurVer

HKCR\WhenU.EmbedSE.1

HKCR\WhenU.EmbedSE.1\CLSID

HKCR\WUSE.1

HKCR\WUSE.1#WUSE_Id

HKU\S-1-5-21-3697636269-109942723-4172078318-1005\Software\WhenU

HKCR\CLSID\{389A5A59-1306-4389-A779-2EB9D0BC1FFB}

HKCR\CLSID\{389A5A59-1306-4389-A779-2EB9D0BC1FFB}\Control

HKCR\CLSID\{389A5A59-1306-4389-A779-2EB9D0BC1FFB}\InprocServer32

HKCR\CLSID\{389A5A59-1306-4389-A779-2EB9D0BC1FFB}\InprocServer32#ThreadingModel

HKCR\CLSID\{389A5A59-1306-4389-A779-2EB9D0BC1FFB}\Insertable

HKCR\CLSID\{389A5A59-1306-4389-A779-2EB9D0BC1FFB}\MiscStatus

HKCR\CLSID\{389A5A59-1306-4389-A779-2EB9D0BC1FFB}\MiscStatus\1

HKCR\CLSID\{389A5A59-1306-4389-A779-2EB9D0BC1FFB}\ProgID

HKCR\CLSID\{389A5A59-1306-4389-A779-2EB9D0BC1FFB}\Programmable

HKCR\CLSID\{389A5A59-1306-4389-A779-2EB9D0BC1FFB}\ToolboxBitmap32

HKCR\CLSID\{389A5A59-1306-4389-A779-2EB9D0BC1FFB}\TypeLib

HKCR\CLSID\{389A5A59-1306-4389-A779-2EB9D0BC1FFB}\Version

HKCR\CLSID\{389A5A59-1306-4389-A779-2EB9D0BC1FFB}\VersionIndependentProgID

HKCR\TypeLib\{20752C25-2D97-4E6F-9EE2-94B74D202875}

HKCR\TypeLib\{20752C25-2D97-4E6F-9EE2-94B74D202875}\1.0

HKCR\TypeLib\{20752C25-2D97-4E6F-9EE2-94B74D202875}\1.0\0

HKCR\TypeLib\{20752C25-2D97-4E6F-9EE2-94B74D202875}\1.0\0\win32

HKCR\TypeLib\{20752C25-2D97-4E6F-9EE2-94B74D202875}\1.0\FLAGS

HKCR\TypeLib\{20752C25-2D97-4E6F-9EE2-94B74D202875}\1.0\HELPDIR

C:\Program\Save\ACM.dll

C:\Program\Save\extra.exe

C:\Program\Save\ffext.mod

C:\Program\Save\save.db

C:\Program\Save\save.htm

C:\Program\Save\SaveUninst.exe

C:\Program\Save\store.db

C:\Program\Save

C:\Documents and Settings\Daniel\Start-meny\Program\WhenU\Customer Support.lnk

C:\Documents and Settings\Daniel\Start-meny\Program\WhenU\Learn More About WhenU Save.url

C:\Documents and Settings\Daniel\Start-meny\Program\WhenU\Learn More About WhenU SaveNow.url

C:\Documents and Settings\Daniel\Start-meny\Program\WhenU\Uninstall Instructions.lnk

C:\Documents and Settings\Daniel\Start-meny\Program\WhenU\Uninstall.lnk

C:\Documents and Settings\Daniel\Start-meny\Program\WhenU\WhenU Help Desk.lnk

C:\Documents and Settings\Daniel\Start-meny\Program\WhenU\WhenU.com Website.url

C:\Documents and Settings\Daniel\Start-meny\Program\WhenU

 

Adware.Avenue Media/Internet Optimizer

HKU\S-1-5-21-3697636269-109942723-4172078318-1005\Software\Microsoft\Internet Explorer\URLSearchHooks#_{CFBFAE00-17A6-11D0-99CB-00C04FD64497}

 

Adware.Toolbar888

HKCR\TypeLib\{569304BA-83ED-4CFF-AC26-BE3E482F7208}

HKCR\TypeLib\{569304BA-83ED-4CFF-AC26-BE3E482F7208}\1.0

HKCR\TypeLib\{569304BA-83ED-4CFF-AC26-BE3E482F7208}\1.0\0

HKCR\TypeLib\{569304BA-83ED-4CFF-AC26-BE3E482F7208}\1.0\0\win32

HKCR\TypeLib\{569304BA-83ED-4CFF-AC26-BE3E482F7208}\1.0\FLAGS

HKCR\TypeLib\{569304BA-83ED-4CFF-AC26-BE3E482F7208}\1.0\HELPDIR

HKCR\Interface\{C6F2214E-0B54-45A9-B90D-7DD4BA45ED0B}

HKCR\Interface\{C6F2214E-0B54-45A9-B90D-7DD4BA45ED0B}\ProxyStubClsid

HKCR\Interface\{C6F2214E-0B54-45A9-B90D-7DD4BA45ED0B}\ProxyStubClsid32

HKCR\Interface\{C6F2214E-0B54-45A9-B90D-7DD4BA45ED0B}\TypeLib

HKCR\Interface\{C6F2214E-0B54-45A9-B90D-7DD4BA45ED0B}\TypeLib#Version

 

Adware.ClickSpring/Yazzle

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yazzle1122Oin

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yazzle1122Oin#DisplayName

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yazzle1122Oin#UninstallString

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yazzle1122Oin#HelpLink

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yazzle1122Oin#Publisher

 

Adware.WhenU/WeatherCast

HKU\S-1-5-21-3697636269-109942723-4172078318-1005\Software\Microsoft\Windows\CurrentVersion\Run#WeatherCast [ C:\Program\WEATHE~1\Weather.exe /q ]

 

Adware.PTech

HKU\S-1-5-21-3697636269-109942723-4172078318-1005\Software\PTech[/log]

 

 

 

[log]Logfile of HijackThis v1.99.1

Scan saved at 16:41:40, on 2006-12-09

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\System32\CTSvcCDA.EXE

C:\Program\Delade filer\EPSON\EBAPI\SAgent2.exe

C:\WINDOWS\System32\MsPMSPSv.exe

C:\Program\Java\j2re1.4.2_01\bin\jusched.exe

C:\Program\iTunes\iTunesHelper.exe

C:\Program\QuickTime\qttask.exe

C:\Documents and Settings\Daniel\Skrivbord\winstall.exe

C:\Program\?racle\r?gedit.exe

C:\Program\SUPERAntiSpyware\SUPERAntiSpyware.exe

C:\Program\iPod\bin\iPodService.exe

C:\WINDOWS\System32\WgaTray.exe

C:\WINDOWS\System32\wuauclt.exe

C:\DOCUME~1\Daniel\MINADO~1\SCURIT~1\chkdsk.exe

C:\Program\Internet Explorer\IEXPLORE.EXE

C:\Program\Internet Explorer\IEXPLORE.EXE

C:\Program\Hijackthis\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://format.packardbell.com/cgi-bin/redirect/?country=SW&range=AD&phase=6&key=SEARCH

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mail.yahoo.com/?.intl=us

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = file://C:\APPS\IE\offline\sw.htm

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Packard Bell

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://130.243.27.162:8080/proxy.pac

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar

R3 - URLSearchHook: (no name) - {A451559A-E57F-B8F8-2F31-9BECDBE015ED} - C:\WINDOWS\System32\epahpsa.dll

O1 - Hosts: 64.91.255.87 www.dcsresearch.com

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll

O2 - BHO: (no name) - {A451559A-E57F-B8F8-2F31-9BECDBE015ED} - C:\WINDOWS\System32\epahpsa.dll

O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\sv\msntb.dll

O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\sv\msntb.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O4 - HKLM\..\Run: [siS KHooker] C:\WINDOWS\System32\khooker.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program\Java\j2re1.4.2_01\bin\jusched.exe

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [explorer] C:\Documents and Settings\Daniel\Skrivbord\winstall.exe

O4 - HKCU\..\Run: [WhenUSave] "C:\Program\Save\Save.exe"

O4 - HKCU\..\Run: [Kwhq] C:\Program\?racle\r?gedit.exe

O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program\SUPERAntiSpyware\SUPERAntiSpyware.exe

O4 - HKCU\..\Run: [Aapt] "C:\DOCUME~1\Daniel\MINADO~1\SCURIT~1\chkdsk.exe" -vt ndrv

O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~3\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\j2re1.4.2_01\bin\npjpi142_01.dll

O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\j2re1.4.2_01\bin\npjpi142_01.dll

O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

O9 - Extra button: @C:\Program\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: @C:\Program\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O10 - Broken Internet access because of LSP provider 'c:\program\newdotnet\newdotnet7_22.dll' missing

O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\sw.htm

O16 - DPF: {230C3D02-DA27-11D2-8612-00A0C93EEA3C} (SAXFile FileUpload ActiveX Control) - http://www.fujidirekt.se/SAXFile/saxfile.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://nagonannanstans.spaces.msn.com/PhotoUpload/MsnPUpld.cab?10,0,912,0

O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.safety.live.com/resource/download/scanner/wlscbase8460.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1164986636953

O16 - DPF: {7C405D1B-4007-11D3-8B8E-00104B3E656F} (SBCRecorderPlayer Control) - https://wms.pro.euromail.se/VoiceRecorder/SBCRP.cab

O16 - DPF: {88D758A3-D33B-45FD-91E3-67749B4057FA} (Sinstaller Class) - http://dm.screensavers.com/dm/installers/si/1/sinstaller.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O16 - DPF: {B64F4A7C-97C9-11DA-8BDE-F66BAD1E3F3A} - http://locator1.cdn.imagesrvr.com/sites/errorsafe.com/www/download/2006/cabs/ErrorSafeFreeInstall_se.cab'>http://locator1.cdn.imagesrvr.com/sites/errorsafe.com/www/download/2006/cabs/ErrorSafeFreeInstall_se.cab

O16 - DPF: {F919FBD3-A96B-4679-AF26-F551439BB5FD} - http://locator1.cdn.imagesrvr.com/sites/errorsafe.com/www/download/2006/cabs/ErrorSafeFreeInstall_se.cab

O20 - Winlogon Notify: !SASWinLogon - C:\Program\SUPERAntiSpyware\SASWINLO.dll

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTSvcCDA.EXE

O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program\Delade filer\EPSON\EBAPI\SAgent2.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program\Delade filer\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPodService - Apple Computer, Inc. - C:\Program\iPod\bin\iPodService.exe

[/log]

 

Link to comment
Share on other sites

Gå till Kontrollpanelen - Lägg till eller ta bort program och se efter om New.Net eller NewDotNet finns där, ta bort i så fall.

 

Om det inte finns där så följ anvisningarna på den här sidan:

http://www.newdotnet.com/removal.html

 

Använd sedan detta rensningsprogram:

http://securityresponse.symantec.com/avcenter/FxNdotN.exe

Ladda ner till Skrivbordet, kör det.

Starta om datorn.

 

Ladda ner http://www.mvps.org/winhelp2002/hosts.zip till Skrivbordet.

Packa upp filen. En ny mapp Hosts skapas på Skrivbordet.

Dubbelklicka på mappen för att öppna den.

Dubbelklicka på filen mvps.bat för att starta programmet.

Detta program kommer att byta ut datorns Hosts-fil så att PurityScan-otrevligheten förhindras komma i kontakt med sin skapare. Det kommer också förhindra att du kan besöka sidor som är ökända för att installera otrevligheter på datorn. Du kan läsa mer om det här:

http://www.mvps.org/winhelp2002/hosts.htm

 

Kontrollpanelen - Lägg till eller ta bort program

Om något av följande finns i listan så ta bort:

Oin

Yazzle by Oin

Purityscan by Oin

Snowballwars by Oin

eller något liknande med Oin eller Outerinfo i sig.

Zolero

Tizzletalk

MediaTickets

Cowabanga

 

Ladda ner och kör avinstallationsprogrammet

http://www.outerinfo.com/OiUninstaller.exe

Om du behöver anvisningar så finns de här: http://www.outerinfo.com/howto.html

 

Starta om datorn

 

Ladda ner ComboFix:

http://download.bleepingcomputer.com/sUBs/combofix.exe

 

Kör den och följ anvisningarna som visas.

 

VIKTIGT! Klicka inte på Combofix-fönstret med musen när den körs annars kan den hänga upp sig.

 

När den är färdig så ska en logg komma upp, klistra in den här, samt en ny HijackThis-logg.

 

Link to comment
Share on other sites

Göteborgs energi

[log]Daniel - 06-12-09 22:54:34,71 Service Pack 1

ComboFix 06.11.27W - Running from: "C:\Documents and Settings\Daniel\Skrivbord"

 

(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

 

 

C:\Program\Delade filer\Yazzle1122OinAdmin.exe

C:\Program\Delade filer\Yazzle1122OinUninstaller.exe

C:\Program\Inetget2

C:\Program\Delade filer\{38647AAB-0A80-1053-0414-04082920002e}

C:\Program\Delade filer\{A8647AAB-0A80-1053-0414-04082920002e}

 

~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ Purity ~ ~ ~ ~ ~ ~ ~ ~~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~

 

Folders Quarantined:

 

C:\QooBox\Purity\Documents and Settings\Daniel\Mina dokument\SCURIT~1

C:\QooBox\Purity\Documents and Settings\Daniel\Mina dokument\SCURIT~1\SCURIT~1

C:\QooBox\Purity\Program\RACLE~1

C:\QooBox\Purity\WINDOWS\system32\ASKS~1

 

 

((((((((((((((((((((((((((((((( Files Created from 2006-11-09 to 2006-12-09 ))))))))))))))))))))))))))))))))))

 

 

2006-12-09 16:01 <KAT> d-------- C:\Program\SUPERAntiSpyware

2006-12-09 16:01 <KAT> d-------- C:\Documents and Settings\Daniel\Application Data\SUPERAntiSpyware.com

2006-12-09 13:25 <KAT> d-------- C:\Program\PeDevice

2006-12-05 17:14 <KAT> d-------- C:\Program\Hijackthis

2006-12-05 15:55 <KAT> d-------- C:\Program\Spybot - Search & Destroy

2006-12-05 15:55 <KAT> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy

2006-12-05 15:13 <KAT> d-------- C:\WINDOWS\system32\ActiveScan

2006-12-05 15:00 <KAT> d-------- C:\Program\SpywareBlaster

2006-12-04 11:07 <KAT> d-------- C:\Program\Windows Live Safety Center

2006-12-04 10:50 138,565 --a------ C:\Documents and Settings\Daniel\mcc.exe

2006-12-04 10:50 122,880 --a------ C:\Documents and Settings\Daniel\winstall.exe

2006-12-04 10:44 77,824 --a------ C:\WINDOWS\system32\gotgo.exe

2006-12-04 10:44 138,565 --a------ C:\WINDOWS\system32\mcc.exe

2006-12-04 10:44 122,880 --a------ C:\WINDOWS\system32\winstall.exe

2006-12-02 11:21 127,720 --a------ C:\WINDOWS\system32\mucltui.dll

2006-11-10 23:30 <KAT> d-------- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage

 

 

(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

 

 

2006-12-09 22:56 -------- d-------- C:\Program\Delade filer

2006-12-09 16:00 -------- d-------- C:\Program\Delade filer\Wise Installation Wizard

2006-12-08 20:07 -------- d-------- C:\Program\DC++

2006-12-05 17:49 -------- d-------- C:\Program\MSN Messenger

2006-12-05 16:26 -------- d-------- C:\Program\iTunes

2006-12-05 16:25 -------- d-------- C:\Program\Internet Explorer

2006-12-05 15:51 -------- d-------- C:\Program\QuickTime

2006-11-10 23:27 -------- d-------- C:\Program\Windows Media Player

2006-11-10 23:24 -------- d-------- C:\Program\Outlook Express

2006-11-10 23:24 -------- d-------- C:\Program\Delade filer\System

2006-09-13 06:10 1110528 --a------ C:\WINDOWS\system32\msxml3.dll

 

 

(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

 

*Note* empty entries are not shown

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]

"Sonic RecordNow!"=""

"WhenUSave"="\"C:\\Program\\Save\\Save.exe\""

"SUPERAntiSpyware"="C:\\Program\\SUPERAntiSpyware\\SUPERAntiSpyware.exe"

"Aapt"="\"C:\\DOCUME~1\\Daniel\\MINADO~1\\SCURIT~1\\chkdsk.exe\" -vt ndrv"

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]

"SiS KHooker"="C:\\WINDOWS\\System32\\khooker.exe"

"SunJavaUpdateSched"="C:\\Program\\Java\\j2re1.4.2_01\\bin\\jusched.exe"

"iTunesHelper"="\"C:\\Program\\iTunes\\iTunesHelper.exe\""

"QuickTime Task"="\"C:\\Program\\QuickTime\\qttask.exe\" -atboottime"

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]

"Installed"="1"

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]

"NoChange"="1"

"Installed"="1"

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]

"Installed"="1"

 

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]

"DeskHtmlVersion"=dword:00000110

"DeskHtmlMinorVersion"=dword:00000005

"Settings"=dword:00000001

"GeneralFlags"=dword:00000001

 

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]

"Source"="About:Home"

"SubscribedURL"="About:Home"

"FriendlyName"="Min aktuella startsida"

"Flags"=dword:00000002

"Position"=hex:2c,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,c0,02,00,00,00, 00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00

"CurrentState"=hex:04,00,00,40

"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff, ff,ff,04,00,00,00

"RestoredStateInfo"=hex:18,00,00,00,6a,02,00,00,23,00,00,00,a4,00,00,00,9a,00, 00,00,01,00,00,00

 

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]

"CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"

 

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]

"CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]

"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"

"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]

"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=""

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"NoDriveTypeAutoRun"=dword:00000091

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"dontdisplaylastusername"=dword:00000000

"legalnoticecaption"=""

"legalnoticetext"=""

"shutdownwithoutlogon"=dword:00000001

"undockwithoutlogon"=dword:00000001

 

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]

"NoDriveTypeAutoRun"=dword:00000091

 

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]

"NoDriveTypeAutoRun"=dword:00000091

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]

"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"

"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"

"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"

"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"

 

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]

"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

 

 

Contents of the 'Scheduled Tasks' folder

C:\WINDOWS\tasks\Symantec NetDetect.job

 

Completion time: 06-12-09 22:56:32.54

C:\ComboFix.txt ... 06-12-09 22:56[/log]

 

 

[log]Logfile of HijackThis v1.99.1

Scan saved at 23:29:32, on 2006-12-09

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\System32\CTSvcCDA.EXE

C:\Program\Delade filer\EPSON\EBAPI\SAgent2.exe

C:\Program\Java\j2re1.4.2_01\bin\jusched.exe

C:\Program\iTunes\iTunesHelper.exe

C:\Program\QuickTime\qttask.exe

C:\Documents and Settings\Daniel\Skrivbord\winstall.exe

C:\Program\SUPERAntiSpyware\SUPERAntiSpyware.exe

C:\WINDOWS\System32\MsPMSPSv.exe

C:\Program\iPod\bin\iPodService.exe

C:\WINDOWS\System32\WgaTray.exe

C:\WINDOWS\System32\wuauclt.exe

C:\Program\Internet Explorer\IEXPLORE.EXE

C:\WINDOWS\system32\NOTEPAD.EXE

C:\Program\Hijackthis\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://format.packardbell.com/cgi-bin/redirect/?country=SW&range=AD&phase=6&key=SEARCH

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mail.yahoo.com/?.intl=us

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = file://C:\APPS\IE\offline\sw.htm

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Packard Bell

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://130.243.27.162:8080/proxy.pac

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll

O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\sv\msntb.dll

O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\sv\msntb.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O4 - HKLM\..\Run: [siS KHooker] C:\WINDOWS\System32\khooker.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program\Java\j2re1.4.2_01\bin\jusched.exe

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe" -atboottime

O4 - HKCU\..\Run: [WhenUSave] "C:\Program\Save\Save.exe"

O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program\SUPERAntiSpyware\SUPERAntiSpyware.exe

O4 - HKCU\..\Run: [Aapt] "C:\DOCUME~1\Daniel\MINADO~1\SCURIT~1\chkdsk.exe" -vt ndrv

O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~3\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\j2re1.4.2_01\bin\npjpi142_01.dll

O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\j2re1.4.2_01\bin\npjpi142_01.dll

O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

O9 - Extra button: @C:\Program\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: @C:\Program\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\sw.htm

O16 - DPF: {230C3D02-DA27-11D2-8612-00A0C93EEA3C} (SAXFile FileUpload ActiveX Control) - http://www.fujidirekt.se/SAXFile/saxfile.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://nagonannanstans.spaces.msn.com/PhotoUpload/MsnPUpld.cab?10,0,912,0

O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.safety.live.com/resource/download/scanner/wlscbase8460.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1164986636953

O16 - DPF: {7C405D1B-4007-11D3-8B8E-00104B3E656F} (SBCRecorderPlayer Control) - https://wms.pro.euromail.se/VoiceRecorder/SBCRP.cab

O16 - DPF: {88D758A3-D33B-45FD-91E3-67749B4057FA} (Sinstaller Class) - http://dm.screensavers.com/dm/installers/si/1/sinstaller.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O16 - DPF: {B64F4A7C-97C9-11DA-8BDE-F66BAD1E3F3A} - http://locator1.cdn.imagesrvr.com/sites/errorsafe.com/www/download/2006/cabs/ErrorSafeFreeInstall_se.cab'>http://locator1.cdn.imagesrvr.com/sites/errorsafe.com/www/download/2006/cabs/ErrorSafeFreeInstall_se.cab

O16 - DPF: {F919FBD3-A96B-4679-AF26-F551439BB5FD} - http://locator1.cdn.imagesrvr.com/sites/errorsafe.com/www/download/2006/cabs/ErrorSafeFreeInstall_se.cab

O20 - Winlogon Notify: !SASWinLogon - C:\Program\SUPERAntiSpyware\SASWINLO.dll

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTSvcCDA.EXE

O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program\Delade filer\EPSON\EBAPI\SAgent2.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program\Delade filer\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPodService - Apple Computer, Inc. - C:\Program\iPod\bin\iPodService.exe[/log]

 

Link to comment
Share on other sites

Starta om datorn i felsäkert läge (tryck F8 upprepade gånger under uppstarten och välj felsäkert läge i menyn).

 

Ställ in Utforskaren så att du kan se alla filer:

Verktyg - (Mapp)alternativ eller liknande - Visning

Välj Visa dolda filer och mappar

Avbocka Dölj filnamnstillägg för kända filtyper

Avbocka Dölj skyddade operativsystemfiler

 

Ta bort filerna (om de finns kvar):

2006-12-04 10:50 138,565 --a------ C:\Documents and Settings\Daniel\mcc.exe

2006-12-04 10:50 122,880 --a------ C:\Documents and Settings\Daniel\winstall.exe

2006-12-04 10:44 77,824 --a------ C:\WINDOWS\system32\gotgo.exe

2006-12-04 10:44 138,565 --a------ C:\WINDOWS\system32\mcc.exe

2006-12-04 10:44 122,880 --a------ C:\WINDOWS\system32\winstall.exe

 

Det är en gammal Java-version med säkerhetshål i datorn. Avinstallera alla Java i Kontrollpanelen - Lägg till eller ta bort program och installera därefter en ny: http://www.java.com/sv/

 

Är det här något du har ställt in själv?R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://130.243.27.162:8080/proxy.pac

Den IP-adressen pekar på biblos.dc.kau.se.

 

Kontrollpanelen - Lägg till eller ta bort program

Ta bort WhenUSave om den finns där

 

Ladda ner detta borttagningsprogram till t ex Skrivbordet:

http://securityresponse.symantec.com/avcenter/FixSbr.exe

Stäng av alla program.

Dra ut internetanslutningen.

Dubbelklicka på den nedladdade filen för att köra programmet.

Skriv ner eller spara resultatet och klistra sedan in det här.

Om några filer hittades så klistra även in en ny HijackThis-logg.

 

Link to comment
Share on other sites

Göteborgs energi

Kan inte få datorn i felsäkert läge. Jag trycker på F8 och får välja mellan själva datorn, cdn och nätverk (tror jag). Men sen så startar windows som vanligt, utan att jag får möjlighet till att välja felsäkert läge.

 

Link to comment
Share on other sites

Då får du trycka lite senare på F8, när BIOS är klar. Det blir lite struligt när BIOS-tillverkaren väljer samma tangent som Windows använder.

 

Link to comment
Share on other sites

Göteborgs energi

[log]Symantec W32.Sober Removal Tool 1.7.1

 

W32.Sober[b-G, I, L, N, O, Q, V, W, X] has not been found on your computer.[/log]

 

[log]Logfile of HijackThis v1.99.1

Scan saved at 20:42:17, on 2006-12-11

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\System32\CTSvcCDA.EXE

C:\Program\Delade filer\EPSON\EBAPI\SAgent2.exe

C:\WINDOWS\System32\MsPMSPSv.exe

C:\Program\iTunes\iTunesHelper.exe

C:\Program\QuickTime\qttask.exe

C:\Program\SUPERAntiSpyware\SUPERAntiSpyware.exe

C:\Program\iPod\bin\iPodService.exe

C:\WINDOWS\System32\WgaTray.exe

C:\WINDOWS\System32\wuauclt.exe

C:\Program\Internet Explorer\IEXPLORE.EXE

C:\WINDOWS\system32\NOTEPAD.EXE

C:\Program\Hijackthis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mail.yahoo.com/?.intl=us

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = file://C:\APPS\IE\offline\sw.htm

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Packard Bell

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://130.243.27.162:8080/proxy.pac'>http://130.243.27.162:8080/proxy.pac

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program\Java\jre1.5.0_09\bin\ssv.dll

O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program\google\googletoolbar2.dll

O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\sv\msntb.dll

O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\sv\msntb.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program\google\googletoolbar2.dll

O4 - HKLM\..\Run: [siS KHooker] C:\WINDOWS\System32\khooker.exe

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program\Java\jre1.5.0_09\bin\jusched.exe"

O4 - HKCU\..\Run: [WhenUSave] "C:\Program\Save\Save.exe"

O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program\SUPERAntiSpyware\SUPERAntiSpyware.exe

O4 - HKCU\..\Run: [Aapt] "C:\DOCUME~1\Daniel\MINADO~1\SCURIT~1\chkdsk.exe" -vt ndrv

O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~3\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_09\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_09\bin\ssv.dll

O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

O9 - Extra button: @C:\Program\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: @C:\Program\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\sw.htm

O16 - DPF: {230C3D02-DA27-11D2-8612-00A0C93EEA3C} (SAXFile FileUpload ActiveX Control) - http://www.fujidirekt.se/SAXFile/saxfile.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://nagonannanstans.spaces.msn.com/PhotoUpload/MsnPUpld.cab?10,0,912,0

O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.safety.live.com/resource/download/scanner/wlscbase8460.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1164986636953

O16 - DPF: {7C405D1B-4007-11D3-8B8E-00104B3E656F} (SBCRecorderPlayer Control) - https://wms.pro.euromail.se/VoiceRecorder/SBCRP.cab

O16 - DPF: {88D758A3-D33B-45FD-91E3-67749B4057FA} (Sinstaller Class) - http://dm.screensavers.com/dm/installers/si/1/sinstaller.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O16 - DPF: {B64F4A7C-97C9-11DA-8BDE-F66BAD1E3F3A} - http://locator1.cdn.imagesrvr.com/sites/errorsafe.com/www/download/2006/cabs/ErrorSafeFreeInstall_se.cab'>http://locator1.cdn.imagesrvr.com/sites/errorsafe.com/www/download/2006/cabs/ErrorSafeFreeInstall_se.cab

O16 - DPF: {F919FBD3-A96B-4679-AF26-F551439BB5FD} - http://locator1.cdn.imagesrvr.com/sites/errorsafe.com/www/download/2006/cabs/ErrorSafeFreeInstall_se.cab

O20 - Winlogon Notify: !SASWinLogon - C:\Program\SUPERAntiSpyware\SASWINLO.dll

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTSvcCDA.EXE

O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program\Delade filer\EPSON\EBAPI\SAgent2.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program\Delade filer\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPodService - Apple Computer, Inc. - C:\Program\iPod\bin\iPodService.exe[/log]

 

Är det här något du har ställt in själv?R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://130.243.27.162:8080/proxy.pac

Den IP-adressen pekar på biblos.dc.kau.se.

 

Inget jag gjort medvetet iaf. Vad är det för något?

 

Link to comment
Share on other sites

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://130.243.27.162:8080/proxy.pac

Den IP-adressen pekar på biblos.dc.kau.se.

Inget jag gjort medvetet iaf. Vad är det för något?

Något med Karlstads universitet.

 

Skanna med HijackThis och bocka för:

 

O4 - HKCU\..\Run: [WhenUSave] "C:\Program\Save\Save.exe"

O4 - HKCU\..\Run: [Aapt] "C:\DOCUME~1\Daniel\MINADO~1\SCURIT~1\chkdsk.exe" -vt ndrv

O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

O16 - DPF: {88D758A3-D33B-45FD-91E3-67749B4057FA} (Sinstaller Class) - http://dm.screensavers.com/dm/installers/si/1/sinstaller.cab

O16 - DPF: {B64F4A7C-97C9-11DA-8BDE-F66BAD1E3F3A} - http://locator1.cdn.imagesrvr.com/sites/errorsafe.com/www/downloa'>http://locator1.cdn.imagesrvr.com/sites/errorsafe.com/www/downloa

d/2006/cabs/ErrorSafeFreeInstall_se.cab

O16 - DPF: {F919FBD3-A96B-4679-AF26-F551439BB5FD} - http://locator1.cdn.imagesrvr.com/sites/errorsafe.com/www/downloa

d/2006/cabs/ErrorSafeFreeInstall_se.cab

 

Avsluta alla andra program.

Tryck Fix checked.

 

Starta om datorn i felsäkert läge (tryck F8 upprepade gånger under uppstarten och välj felsäkert läge i menyn).

 

Ställ in Utforskaren så att du kan se alla filer:

Verktyg - (Mapp)alternativ eller liknande - Visning

Välj Visa dolda filer och mappar

Avbocka Dölj filnamnstillägg för kända filtyper

Avbocka Dölj skyddade operativsystemfiler

 

Ta bort mapparna (om de finns kvar):

C:\Program\Save

C:\Documents and Settings\Daniel\Mina dokument\SCURIT~1

där ~1 står för ett antal godtyckliga tecken.

 

Starta om i normalt läge och så en ny HijackThis-logg.

 

Link to comment
Share on other sites

Göteborgs energi

[log]Logfile of HijackThis v1.99.1

Scan saved at 15:59:44, on 2006-12-12

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\System32\CTSvcCDA.EXE

C:\Program\Delade filer\EPSON\EBAPI\SAgent2.exe

C:\Program\iTunes\iTunesHelper.exe

C:\Program\QuickTime\qttask.exe

C:\Program\Java\jre1.5.0_09\bin\jusched.exe

C:\Program\SUPERAntiSpyware\SUPERAntiSpyware.exe

C:\WINDOWS\System32\MsPMSPSv.exe

C:\Program\iPod\bin\iPodService.exe

C:\WINDOWS\System32\WgaTray.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\Program\Internet Explorer\IEXPLORE.EXE

C:\WINDOWS\System32\wuauclt.exe

C:\Program\Windows Media Player\wmplayer.exe

C:\WINDOWS\System32\wuauclt.exe

C:\Program\Hijackthis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mail.yahoo.com/?.intl=us

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = file://C:\APPS\IE\offline\sw.htm

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Packard Bell

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://130.243.27.162:8080/proxy.pac

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program\Java\jre1.5.0_09\bin\ssv.dll

O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program\google\googletoolbar2.dll

O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\sv\msntb.dll

O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\sv\msntb.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program\google\googletoolbar2.dll

O4 - HKLM\..\Run: [siS KHooker] C:\WINDOWS\System32\khooker.exe

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program\Java\jre1.5.0_09\bin\jusched.exe"

O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program\SUPERAntiSpyware\SUPERAntiSpyware.exe

O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~3\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_09\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_09\bin\ssv.dll

O9 - Extra button: @C:\Program\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: @C:\Program\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\sw.htm

O16 - DPF: {230C3D02-DA27-11D2-8612-00A0C93EEA3C} (SAXFile FileUpload ActiveX Control) - http://www.fujidirekt.se/SAXFile/saxfile.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://nagonannanstans.spaces.msn.com/PhotoUpload/MsnPUpld.cab?10,0,912,0

O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.safety.live.com/resource/download/scanner/wlscbase8460.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1164986636953

O16 - DPF: {7C405D1B-4007-11D3-8B8E-00104B3E656F} (SBCRecorderPlayer Control) - https://wms.pro.euromail.se/VoiceRecorder/SBCRP.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O20 - Winlogon Notify: !SASWinLogon - C:\Program\SUPERAntiSpyware\SASWINLO.dll

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTSvcCDA.EXE

O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program\Delade filer\EPSON\EBAPI\SAgent2.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program\Delade filer\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPodService - Apple Computer, Inc. - C:\Program\iPod\bin\iPodService.exe[/log]

 

Link to comment
Share on other sites

Göteborgs energi

Den uppför sig prima får jag säga!

 

Tackar ödmjukast!

 

Har du några tips på något gratis antivirusprogram man kan ladda hem?

 

Tack!

 

Link to comment
Share on other sites

Gratis antivirusprogram:

http://www.idg.se/2.1085/1.66006

 

Det här är den allra största säkerhetsrisken i din dator:

Platform: Windows XP SP1
Det betyder att du inte längre får några säkerhetsuppdateringar och därför alltid lever farligt när du surfar runt, det är lätt att hamna på någon sida som försöker utnyttja ett av säkerhetshålen för att ta sig in i din dator.

 

Här kommer mina vanliga råd för en säkrare dator, men det är så klart viktigt att man använder sitt förnuft också.

 

Uppdatera från Windows Update och kör antispionprogrammen AVG Anti-Spyware (Ewido), SUPERAntiSpyware, Spybot S&D och/eller Ad-aware regelbundet.

http://www.ewido.net/en/

http://www.superantispyware.com/

http://www.safer-networking.org/en/download/index.html

http://www.lavasoft.com

 

Komplettera antivirusprogrammet med några online-skanningar då och då:

http://housecall.trendmicro.com/

http://www.bitdefender.com/scan8/ie.html

http://www.pandasoftware.com/products/activescan/

 

Använd en brandvägg (bättre än den inbyggda i XP), finns gratis från t ex ZoneLabs.

http://www.zonelabs.com/store/content/home.jsp

 

Om man använder Internet Explorer så kan det vara lämpligt att ha programmen SpywareBlaster och SpywareGuard, vilka hindrar en hel del otrevliga program från att laddas ner resp. köras:

http://www.javacoolsoftware.com

 

Se över säkerhetsinställningarna i Internet Explorer, det finns en hel del tips här:

http://www.spywarewarrior.com/uiuc/btw/ie/ie-opts.htm

 

Samt kör IE-SpyAd som lägger en hel massa otrevliga webbplatser i zonen Ej tillförlitliga i Internet Explorer så att de inte kan göra något med datorn:

http://www.spywarewarrior.com/uiuc/resource.htm

 

Om man byter webbläsare så är det bara SpywareGuard som behövs. Andra webbläsare är t ex Mozilla Firefox och Opera:

http://www.mozilla.org

http://www.opera.com

 

Allt gratis för hemanvändare/personligt bruk.

 

Link to comment
Share on other sites

Göteborgs energi

Så om jag nu laddar hem mozilla firefox och använder det istället för internet explorer blir det mycket säkrare. Och jag behövde bara ladda hem det från javacoolsoftware (Spywareguard) för att vara glad. Strunta i allt annat antivirus du skrev? Firefox funkar lika bra som internet explorer fast säkrare... Har jag förstått dig rätt?

 

Link to comment
Share on other sites

Firefox funkar lika bra som internet explorer fast säkrare...
Ja

 

Och jag behövde bara ladda hem det från javacoolsoftware (Spywareguard) för att vara glad.
Du behöver brandvägg och antispionprogrammen också (inte alla men två är väl bra).

 

Tillägg: Och så tackar jag förstås så mycket för alla poäng! :)

[inlägget ändrat 2006-12-12 20:15:16 av Cecilia]

Link to comment
Share on other sites

Göteborgs energi

Okej, tack så mycket.

 

Tänkte bara på den där brandväggen du pratade om. Den från zonelabs, kostar ju pengar som jag förstod det efter 15 dagar. Du har inget förslag på något helt gratis.

 

Nu fick jag ett säkerhetsmeddelande från säkerhetscentret som säger att jag inte har någon brandvägg eller virusskydd.

 

Annars är det bara att börja ladda hem msn och så igen va?

 

Tack så mkt!

 

 

Link to comment
Share on other sites

ZoneLabs har både en helt gratis brandvägg och en betalvariant. På sidan jag länkade till så finns det långt ner en länk Free ZoneAlarm and Trials, tryck på den och sedan i kolumnen längst till höger

ZoneAlarm®

Free Download

For non-business

use only

Download

 

Tillägg: När du har fått ordning på alla säkerhetsprogram så kan du installera MSN igen.

[inlägget ändrat 2006-12-13 19:51:28 av Cecilia]

Link to comment
Share on other sites

Göteborgs energi

okej. jag tackar så jättemycket. Känns knappt som om denna dator var så här ren från virus o problem ens när jag köpte den helt ny. Jag tackar!

 

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.



×
×
  • Create New...