Just nu i M3-nätverket
Jump to content

En till med "msn-viruset".....


dr Tukt

Recommended Posts

Som topic.

 

Har kört hitman pro2 och installerat AVG, men det som är kvar att fixa är att det hela tiden försöker öppna sig nya internetfönster samt det fönster jag är i aktivt blir "avaktiverat" när detta händer.

 

 

Ska pröva att bifoga loggen jag fick när jag körde hijack this:

 

[log]Logfile of HijackThis v1.99.1

Scan saved at 20:21:55, on 2006-12-07

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program\Delade filer\Symantec Shared\ccProxy.exe

C:\Program\Delade filer\Symantec Shared\ccSetMgr.exe

C:\Anders\Program\Norton\NISAnt\ISSVC.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\Program\Delade filer\Symantec Shared\ccEvtMgr.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program\Grisoft\AVGFRE~1\avgamsvr.exe

C:\Program\Grisoft\AVGFRE~1\avgupsvc.exe

C:\Program\Grisoft\AVGFRE~1\avgemc.exe

C:\WINDOWS\system32\svchost.exe

C:\Anders\Program\HitmanPro\Webroot\Spy Sweeper\WRSSSDK.exe

C:\Program\Delade filer\Symantec Shared\CCPD-LC\symlcsvc.exe

C:\Program\Java\jre1.5.0_06\bin\jusched.exe

C:\Program\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe

C:\Program\Telia\Supportassistent\bin\tgcmd.exe

C:\Program\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe

C:\Program\Grisoft\AVGFRE~1\avgcc.exe

C:\Anders\Program\Winamp 5.31\Winamp\winampa.exe

C:\Anders\Program\Deamon Tools\DAEMON Tools\daemon.exe

C:\Program\Delade filer\Symantec Shared\ccApp.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program\Messenger\msmsgs.exe

C:\DOCUME~1\ANDERS~1\LOKALA~1\Temp\svchost.exe

C:\Program\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe

C:\Program\Delade filer\Symantec Shared\SNDSrvc.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Anders\Program\Hijack This\hijackthis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startsidan.telia.se/

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\about.htm

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar

O2 - BHO: C:\WINDOWS\system32\zkPeCrypt.dll - {8A5849C4-93F3-429D-FF34-660A2068897C} - C:\WINDOWS\system32\zkPeCrypt.dll (file missing)

O3 - Toolbar: MSN Verktygslåda - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program\MSN Toolbar\01.01.2607.0\sv\msntb.dll

O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program\Delade filer\Symantec Shared\AdBlocking\NISShExt.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program\google\googletoolbar1.dll

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program\Java\jre1.5.0_06\bin\jusched.exe

O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program\Delade filer\Roxio Shared\System\EngUtil.exe"

O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"

O4 - HKLM\..\Run: [tgcmd] "C:\Program\Telia\Supportassistent\bin\tgcmd.exe" /server /startmonitor /deaf

O4 - HKLM\..\Run: [RoxioAudioCentral] "C:\Program\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [AVG7_CC] C:\Program\Grisoft\AVGFRE~1\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [WinampAgent] C:\Anders\Program\Winamp 5.31\Winamp\winampa.exe

O4 - HKLM\..\Run: [explorer] C:\Anders\Blandat\winstall.exe

O4 - HKLM\..\Run: [DAEMON Tools] "C:\Anders\Program\Deamon Tools\DAEMON Tools\daemon.exe" -lang 1033

O4 - HKLM\..\Run: [ccApp] "C:\Program\Delade filer\Symantec Shared\ccApp.exe"

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\Program\Ahead\Ahead\data\Xtras\mssysmgr.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Program\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [Recoveru systems] C:\DOCUME~1\ANDERS~1\LOKALA~1\Temp\svchost.exe

O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program\Delade filer\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\Anders\Program\HITMAN~1\SPYWAR~1\SPYWAR~1\tools\iesdpb.dll

O9 - Extra button: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Anders\icq2001b\ICQ\ICQ.exe

O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Anders\icq2001b\ICQ\ICQ.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - http://support.f-secure.com/ols/fscax.cab

O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\Program\MSNMES~1\msgrapp.dll" (file missing)

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\Program\Grisoft\AVGFRE~1\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\Program\Grisoft\AVGFRE~1\avgupsvc.exe

O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\Program\Grisoft\AVGFRE~1\avgemc.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccProxy.exe

O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccPwdSvc.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccSetMgr.exe

O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Anders\Program\Norton\NISAnt\ISSVC.exe

O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Anders\Program\HitmanPro\Spyware Doctor\Spyware Doctor\sdhelp.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\SNDSrvc.exe

O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\SPBBC\SPBBCSvc.exe

O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Anders\Program\HitmanPro\Webroot\Spy Sweeper\WRSSSDK.exe

O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\CCPD-LC\symlcsvc.exe

O23 - Service: winlogin - Unknown owner - C:\WINDOWS\lsass.exe (file missing)[/log]

 

 

Hoppas få bukt med detta då jag suttit och slitit (biókstavligt talat) mitt hår över detta.

 

 

Mvh

Anders L

 

Link to comment
Share on other sites

Ibland kan själva MSN-programmet vara infekterat så det bör avinstalleras, och installeras när datorn är ren.

 

Man ska inte ha två antivirusprogram igång i datorn, du har en massa Symantec-processer igång.

 

Ladda hem och installera gratisversionen av SUPERAntiSpyware Free Edition:

http://www.superantispyware.com/download.html

Starta programmet, klicka på Check for updates.

Avsluta programmet när uppdateringen är klar.

 

Starta om datorn i felsäkert läge (tryck F8 upprepade gånger under uppstarten och välj felsäkert läge i menyn).

 

Starta SUPERAntiSpyware och klicka på Scan your Computer.

Bocka för alla hårddiskar (fixed drive/disk).

Välj Perform complete scan

Nästa/Next

 

När skanningen är klar som kommer det upp en sammanfattning, tryck på OK

Nästa/Next

Utför eller liknande

Ett fönster med Quarantine and removal Complete kommer upp

OK

Utför eller liknande

Avsluta programmet.

 

Starta om i normalt läge.

 

Starta programmet, tryck på Preferences, välj filken Statistics/Logs

Dubbelklicka på den nyaste SUPERAntiSpyware Scan Log så att loggen kommer upp i Anteckningar.

Klistra in loggen i ditt svar samt en ny HijackThis-logg.

 

Link to comment
Share on other sites

Sådär, då ska vi se om det kan funka. Kan dock inte hitta något sätt att stänga ner ena virusprogrammet?

 

 

Här kommer först loggen på highjack this:

 

[log]Logfile of HijackThis v1.99.1

Scan saved at 21:10:58, on 2006-12-08

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program\Delade filer\Symantec Shared\ccProxy.exe

C:\Program\Delade filer\Symantec Shared\ccSetMgr.exe

C:\Anders\Program\Norton\NISAnt\ISSVC.exe

C:\Program\Delade filer\Symantec Shared\ccEvtMgr.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Program\Java\jre1.5.0_06\bin\jusched.exe

C:\Program\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe

C:\Program\Telia\Supportassistent\bin\tgcmd.exe

C:\Program\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe

C:\Program\QuickTime\qttask.exe

C:\Program\Grisoft\AVGFRE~1\avgcc.exe

C:\Anders\Program\Winamp 5.31\Winamp\winampa.exe

C:\Anders\Program\Deamon Tools\DAEMON Tools\daemon.exe

C:\Program\Delade filer\Symantec Shared\ccApp.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program\Messenger\msmsgs.exe

C:\Anders\Program\SuperAntiSpyware\SUPERAntiSpyware.exe

C:\Program\Adobe\Acrobat 7.0\Reader\reader_sl.exe

C:\Program\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe

C:\Program\Grisoft\AVGFRE~1\avgamsvr.exe

C:\Program\Grisoft\AVGFRE~1\avgupsvc.exe

C:\Program\Grisoft\AVGFRE~1\avgemc.exe

C:\WINDOWS\system32\svchost.exe

C:\Anders\Program\HitmanPro\Webroot\Spy Sweeper\WRSSSDK.exe

C:\Program\Delade filer\Symantec Shared\CCPD-LC\symlcsvc.exe

C:\Program\Delade filer\Symantec Shared\SNDSrvc.exe

C:\Program\Internet Explorer\iexplore.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\system32\notepad.exe

C:\Anders\Program\Hijack This\hijackthis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startsidan.telia.se/

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\about.htm

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar

O2 - BHO: C:\WINDOWS\system32\zkPeCrypt.dll - {8A5849C4-93F3-429D-FF34-660A2068897C} - C:\WINDOWS\system32\zkPeCrypt.dll (file missing)

O3 - Toolbar: MSN Verktygslåda - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program\MSN Toolbar\01.01.2607.0\sv\msntb.dll

O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program\Delade filer\Symantec Shared\AdBlocking\NISShExt.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program\google\googletoolbar1.dll

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program\Java\jre1.5.0_06\bin\jusched.exe

O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program\Delade filer\Roxio Shared\System\EngUtil.exe"

O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"

O4 - HKLM\..\Run: [tgcmd] "C:\Program\Telia\Supportassistent\bin\tgcmd.exe" /server /startmonitor /deaf

O4 - HKLM\..\Run: [RoxioAudioCentral] "C:\Program\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [AVG7_CC] C:\Program\Grisoft\AVGFRE~1\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [WinampAgent] C:\Anders\Program\Winamp 5.31\Winamp\winampa.exe

O4 - HKLM\..\Run: [explorer] C:\Anders\Blandat\winstall.exe

O4 - HKLM\..\Run: [DAEMON Tools] "C:\Anders\Program\Deamon Tools\DAEMON Tools\daemon.exe" -lang 1033

O4 - HKLM\..\Run: [ccApp] "C:\Program\Delade filer\Symantec Shared\ccApp.exe"

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\Program\Ahead\Ahead\data\Xtras\mssysmgr.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Program\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [Recoveru systems] C:\DOCUME~1\ANDERS~1\LOKALA~1\Temp\svchost.exe

O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Anders\Program\SuperAntiSpyware\SUPERAntiSpyware.exe

O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program\Delade filer\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\Anders\Program\HITMAN~1\SPYWAR~1\SPYWAR~1\tools\iesdpb.dll

O9 - Extra button: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Anders\icq2001b\ICQ\ICQ.exe

O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Anders\icq2001b\ICQ\ICQ.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - http://support.f-secure.com/ols/fscax.cab

O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\Program\MSNMES~1\msgrapp.dll" (file missing)

O20 - Winlogon Notify: !SASWinLogon - C:\Anders\Program\SuperAntiSpyware\SASWINLO.dll

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\Program\Grisoft\AVGFRE~1\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\Program\Grisoft\AVGFRE~1\avgupsvc.exe

O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\Program\Grisoft\AVGFRE~1\avgemc.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccProxy.exe

O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccPwdSvc.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccSetMgr.exe

O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Anders\Program\Norton\NISAnt\ISSVC.exe

O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Anders\Program\HitmanPro\Spyware Doctor\Spyware Doctor\sdhelp.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\SNDSrvc.exe

O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\SPBBC\SPBBCSvc.exe

O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Anders\Program\HitmanPro\Webroot\Spy Sweeper\WRSSSDK.exe

O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\CCPD-LC\symlcsvc.exe

O23 - Service: winlogin - Unknown owner - C:\WINDOWS\lsass.exe (file missing)[/log]

 

och här är den från superanitspyware:

 

[log]SUPERAntiSpyware Scan Log

Generated 12/08/2006 at 09:04 PM

 

Application Version : 3.4.1000

 

Core Rules Database Version : 3144

Trace Rules Database Version: 1160

 

Scan type : Complete Scan

Total Scan Time : 00:06:36

 

Memory items scanned : 164

Memory threats detected : 0

Registry items scanned : 5506

Registry threats detected : 3

File items scanned : 552

File threats detected : 1

 

Adware.Tracking Cookie

C:\Documents and Settings\Anders Lindholm\Cookies\anders lindholm@ad.adtoma[2].txt

 

Adware.ClickSpring/Yazzle

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yazzle1122Oin

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yazzle1122Oin#DisplayName

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yazzle1122Oin#UninstallString[/log]

 

 

Mvh

Anders

 

Link to comment
Share on other sites

Ladda ner http://www.mvps.org/winhelp2002/hosts.zip till Skrivbordet.

Packa upp filen. En ny mapp Hosts skapas på Skrivbordet.

Dubbelklicka på mappen för att öppna den.

Dubbelklicka på filen mvps.bat för att starta programmet.

Detta program kommer att byta ut datorns Hosts-fil så att PurityScan-otrevligheten förhindras komma i kontakt med sin skapare. Det kommer också förhindra att du kan besöka sidor som är ökända för att installera otrevligheter på datorn. Du kan läsa mer om det här:

http://www.mvps.org/winhelp2002/hosts.htm

 

Kontrollpanelen - Lägg till eller ta bort program

Om något av följande finns i listan så ta bort:

Oin

Yazzle by Oin

Purityscan by Oin

Snowballwars by Oin

eller något liknande med Oin eller Outerinfo i sig.

Zolero

Tizzletalk

MediaTickets

Cowabanga

 

Ladda ner och kör avinstallationsprogrammet

http://www.outerinfo.com/OiUninstaller.exe

Om du behöver anvisningar så finns de här: http://www.outerinfo.com/howto.html

 

Starta om datorn

 

Ladda ner ComboFix:

http://download.bleepingcomputer.com/sUBs/combofix.exe

 

Kör den och följ anvisningarna som visas.

 

VIKTIGT! Klicka inte på Combofix-fönstret med musen när den körs annars kan den hänga upp sig.

 

När den är färdig så ska en logg komma upp, klistra in den här, samt en ny HijackThis-logg.

 

Link to comment
Share on other sites

Här kommer båda loggarna, tackar så mycket för hjälpen:

 

[log]Anders Lindholm - 06-12-10 11:26:28,17 Service Pack 2

ComboFix 06.11.27W - Running from: "C:\Anders\Program\Combofix"

 

(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

 

 

C:\Program\Delade filer\Yazzle1122OinUninstaller.exe

C:\Program\Delade filer\{08987B5A-07D2-1053-1009-04041124002e}

C:\Program\Delade filer\{38987B5A-07D2-1053-1009-04041124002e}

 

 

((((((((((((((((((((((((((((((( Files Created from 2006-11-10 to 2006-12-10 ))))))))))))))))))))))))))))))))))

 

 

2006-12-09 10:43 <KAT> d--hs---- C:\Config.Msi

2006-12-08 20:44 <KAT> d-------- C:\Program\Delade filer\Wise Installation Wizard

2006-12-08 20:44 <KAT> d-------- C:\Documents and Settings\Anders Lindholm\Application Data\SUPERAntiSpyware.com

2006-12-07 18:59 <KAT> d-------- C:\WINDOWS\system32\ActiveScan

2006-12-06 22:27 <KAT> d-------- C:\Program\Grisoft

2006-12-05 21:42 <KAT> d-------- C:\Documents and Settings\Anders Lindholm\Application Data\Lavasoft

2006-12-05 21:41 51,072 --a------ C:\WINDOWS\system32\drivers\ikhlayer.sys

2006-12-05 21:41 30,592 --a------ C:\WINDOWS\system32\drivers\ikhfile.sys

2006-12-05 21:41 <KAT> d-------- C:\Documents and Settings\Anders Lindholm\Application Data\PC Tools

2006-12-05 21:41 <KAT> d-------- C:\Documents and Settings\All Users\Application Data\Google

2006-12-05 21:39 78,336 --a------ C:\WINDOWS\system32\drivers\ssi.sys

2006-12-05 21:39 102,912 --a------ C:\WINDOWS\system32\islzma.dll

2006-12-05 21:39 <KAT> d-------- C:\Documents and Settings\Anders Lindholm\Application Data\Webroot

2006-12-05 21:38 <KAT> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy

2006-12-05 21:34 <KAT> d-------- C:\WINDOWS\system32\GroupPolicy

2006-12-05 19:52 <KAT> dr-h----- C:\$VAULT$.AVG

2006-12-05 18:55 <KAT> d-------- C:\Documents and Settings\Anders Lindholm\Application Data\Symantec

2006-12-05 18:54 <KAT> d-------- C:\Program\Delade filer\Symantec Shared

2006-12-05 18:54 <KAT> d-------- C:\Documents and Settings\All Users\Application Data\Symantec

2006-12-04 22:20 639,224 --a------ C:\WINDOWS\system32\drivers\sptd.sys

2006-12-04 20:43 8,382 --a------ C:\WINDOWS\inserv.exe

2006-12-04 19:57 73,728 --a------ C:\womqnd.exe

2006-12-04 19:38 <KAT> d-------- C:\Documents and Settings\Anders Lindholm\Application Data\uTorrent

2006-11-18 17:37 129,784 --------- C:\WINDOWS\system32\pxafs.dll

2006-11-17 23:48 <KAT> d-------- C:\Program\Winamp

2006-11-16 23:58 <KAT> d-------- C:\Program\MSXML 4.0

 

 

(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

 

 

2006-12-10 11:27 -------- d-------- C:\Program\Delade filer

2006-12-10 11:12 -------- d-------- C:\Documents and Settings\Anders Lindholm\Application Data\AVG7

2006-12-09 10:41 -------- d-------- C:\Program\MSN Messenger

2006-12-07 20:01 -------- d-------- C:\Program\Windows Media Player

2006-12-07 20:00 -------- d-------- C:\Program\Messenger

2006-12-07 19:59 -------- d-------- C:\Program\Internet Explorer

2006-12-06 22:28 816672 --a------ C:\WINDOWS\system32\drivers\avg7core.sys

2006-12-06 22:26 -------- d---s---- C:\Documents and Settings\Anders Lindholm\Application Data\Microsoft

2006-12-05 21:41 -------- d-------- C:\Program\Google

2006-11-14 23:28 -------- d-------- C:\Documents and Settings\Anders Lindholm\Application Data\Roxio

2006-11-04 15:00 4960 --a------ C:\WINDOWS\system32\drivers\avgtdi.sys

2006-11-04 15:00 4224 --a------ C:\WINDOWS\system32\drivers\avg7rsw.sys

2006-11-04 15:00 3968 --a------ C:\WINDOWS\system32\drivers\avgclean.sys

2006-11-04 15:00 28416 --a------ C:\WINDOWS\system32\drivers\avg7rsxp.sys

2006-11-04 14:14 1245696 --a------ C:\WINDOWS\system32\msxml4.dll

2006-10-30 21:28 -------- d-------- C:\Program\Telia

2006-10-13 13:41 141824 --a------ C:\WINDOWS\system32\nwprovau.dll

2006-09-13 06:07 1084416 --a------ C:\WINDOWS\system32\msxml3.dll

 

 

(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

 

*Note* empty entries are not shown

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]

"CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.exe"

"PhotoShow Deluxe Media Manager"="C:\\Program\\Ahead\\Ahead\\data\\Xtras\\mssysmgr.exe"

"MSMSGS"="\"C:\\Program\\Messenger\\msmsgs.exe\" /background"

"Recoveru systems"="C:\\DOCUME~1\\ANDERS~1\\LOKALA~1\\Temp\\svchost.exe"

"SUPERAntiSpyware"="C:\\Anders\\Program\\SuperAntiSpyware\\SUPERAntiSpyware.exe"

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]

"NWEReboot"=""

"SunJavaUpdateSched"="C:\\Program\\Java\\jre1.5.0_06\\bin\\jusched.exe"

"RoxioEngineUtility"="\"C:\\Program\\Delade filer\\Roxio Shared\\System\\EngUtil.exe\""

"RoxioDragToDisc"="\"C:\\Program\\Roxio\\Easy CD Creator 6\\DragToDisc\\DrgToDsc.exe\""

"tgcmd"="\"C:\\Program\\Telia\\Supportassistent\\bin\\tgcmd.exe\" /server /startmonitor /deaf"

"RoxioAudioCentral"="\"C:\\Program\\Roxio\\Easy CD Creator 6\\AudioCentral\\RxMon.exe\""

"QuickTime Task"="\"C:\\Program\\QuickTime\\qttask.exe\" -atboottime"

"AVG7_CC"="C:\\Program\\Grisoft\\AVGFRE~1\\avgcc.exe /STARTUP"

"WinampAgent"="C:\\Anders\\Program\\Winamp 5.31\\Winamp\\winampa.exe"

"DAEMON Tools"="\"C:\\Anders\\Program\\Deamon Tools\\DAEMON Tools\\daemon.exe\" -lang 1033"

 

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]

"DeskHtmlVersion"=dword:00000110

"DeskHtmlMinorVersion"=dword:00000005

"Settings"=dword:00000001

"GeneralFlags"=dword:00000001

 

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]

"Source"="About:Home"

"SubscribedURL"="About:Home"

"FriendlyName"="Min aktuella startsida"

"Flags"=dword:00000002

"Position"=hex:2c,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,e2,02,00,00,00, 00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00

"CurrentState"=hex:04,00,00,40

"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff, ff,ff,04,00,00,00

"RestoredStateInfo"=hex:18,00,00,00,f2,01,00,00,b9,00,00,00,7c,00,00,00,72,00, 00,00,01,00,00,00

 

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]

"CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"

"AVG7_Run"="C:\\Program\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"

"Spyware Doctor"="\"C:\\Anders\\Program\\HitmanPro\\Spyware Doctor\\Spyware Doctor\\swdoctor.exe\" /Q"

 

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]

"CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"

"AVG7_Run"="C:\\Program\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"

"Spyware Doctor"="\"C:\\Anders\\Program\\HitmanPro\\Spyware Doctor\\Spyware Doctor\\swdoctor.exe\" /Q"

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]

"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"

"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

"{8A5849C4-93F3-429D-FF34-660A2068897C}"="OpenGL additional"

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]

"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=""

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"NoDriveTypeAutoRun"=dword:00000091

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"dontdisplaylastusername"=dword:00000000

"legalnoticecaption"=""

"legalnoticetext"=""

"shutdownwithoutlogon"=dword:00000001

"undockwithoutlogon"=dword:00000001

 

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]

"NoDriveTypeAutoRun"=dword:00000091

"CDRAutoRun"=dword:00000000

 

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]

"NoDriveTypeAutoRun"=dword:00000091

"CDRAutoRun"=dword:00000000

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]

"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"

"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"

"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"

"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"

 

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]

"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

 

Completion time: 06-12-10 11:27:42.89

C:\ComboFix.txt ... 06-12-10 11:27

[/log]

 

[log]Logfile of HijackThis v1.99.1

Scan saved at 11:30:33, on 2006-12-10

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\Program\Java\jre1.5.0_06\bin\jusched.exe

C:\Program\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe

C:\Program\Telia\Supportassistent\bin\tgcmd.exe

C:\Program\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe

C:\Program\QuickTime\qttask.exe

C:\Program\Grisoft\AVGFRE~1\avgcc.exe

C:\Anders\Program\Winamp 5.31\Winamp\winampa.exe

C:\Anders\Program\Deamon Tools\DAEMON Tools\daemon.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Anders\Program\SuperAntiSpyware\SUPERAntiSpyware.exe

C:\Program\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe

C:\Program\Grisoft\AVGFRE~1\avgamsvr.exe

C:\Program\Grisoft\AVGFRE~1\avgupsvc.exe

C:\Program\Grisoft\AVGFRE~1\avgemc.exe

C:\WINDOWS\system32\svchost.exe

C:\Anders\Program\HitmanPro\Webroot\Spy Sweeper\WRSSSDK.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\Program\Internet Explorer\iexplore.exe

C:\Anders\Program\Hijack This\hijackthis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startsidan.telia.se/

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\about.htm

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar

O2 - BHO: C:\WINDOWS\system32\zkPeCrypt.dll - {8A5849C4-93F3-429D-FF34-660A2068897C} - C:\WINDOWS\system32\zkPeCrypt.dll (file missing)

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program\google\googletoolbar1.dll

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program\Java\jre1.5.0_06\bin\jusched.exe

O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program\Delade filer\Roxio Shared\System\EngUtil.exe"

O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"

O4 - HKLM\..\Run: [tgcmd] "C:\Program\Telia\Supportassistent\bin\tgcmd.exe" /server /startmonitor /deaf

O4 - HKLM\..\Run: [RoxioAudioCentral] "C:\Program\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [AVG7_CC] C:\Program\Grisoft\AVGFRE~1\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [WinampAgent] C:\Anders\Program\Winamp 5.31\Winamp\winampa.exe

O4 - HKLM\..\Run: [DAEMON Tools] "C:\Anders\Program\Deamon Tools\DAEMON Tools\daemon.exe" -lang 1033

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\Program\Ahead\Ahead\data\Xtras\mssysmgr.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Program\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [Recoveru systems] C:\DOCUME~1\ANDERS~1\LOKALA~1\Temp\svchost.exe

O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Anders\Program\SuperAntiSpyware\SUPERAntiSpyware.exe

O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program\Delade filer\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\Anders\Program\HITMAN~1\SPYWAR~1\SPYWAR~1\tools\iesdpb.dll

O9 - Extra button: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Anders\icq2001b\ICQ\ICQ.exe

O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Anders\icq2001b\ICQ\ICQ.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - http://support.f-secure.com/ols/fscax.cab

O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab

O20 - Winlogon Notify: !SASWinLogon - C:\Anders\Program\SuperAntiSpyware\SASWINLO.dll

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\Program\Grisoft\AVGFRE~1\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\Program\Grisoft\AVGFRE~1\avgupsvc.exe

O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\Program\Grisoft\AVGFRE~1\avgemc.exe

O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Anders\Program\HitmanPro\Spyware Doctor\Spyware Doctor\sdhelp.exe

O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Anders\Program\HitmanPro\Webroot\Spy Sweeper\WRSSSDK.exe

O23 - Service: winlogin - Unknown owner - C:\WINDOWS\lsass.exe (file missing)[/log]

 

Link to comment
Share on other sites

Gå till http://www.virustotal.com/ klistra in ett av följande filnamn i rutan, tryck på Send och vänta tills resultatet är klart (Status blir Finished). Om något otrevligt hittas eller om filstorleken är 0 så ta bort filen. Upprepa med nästa filnamn.

C:\WINDOWS\system32\drivers\sptd.sys

C:\WINDOWS\inserv.exe

C:\womqnd.exe

 

Det är en gammal Java-version med säkerhetshål i datorn. Avinstallera alla Java i Kontrollpanelen - Lägg till eller ta bort program och installera därefter en ny: http://www.java.com/sv/

 

Kontrollpanelen - Administrationsverktyg - Tjänster

Leta upp winlogin i listan, dubbelklicka och välj Startmetod Inaktiverad.

 

[log]Skanna med HijackThis och bocka för:

 

O2 - BHO: C:\WINDOWS\system32\zkPeCrypt.dll - {8A5849C4-93F3-429D-FF34-660A2068897C} - C:\WINDOWS\system32\zkPeCrypt.dll (file missing)

O4 - HKCU\..\Run: [Recoveru systems] C:\DOCUME~1\ANDERS~1\LOKALA~1\Temp\svchost.exe

 

Avsluta alla andra program.

Tryck Fix checked.

 

Starta om datorn i felsäkert läge (tryck F8 upprepade gånger under uppstarten och välj felsäkert läge i menyn).

 

Ställ in Utforskaren så att du kan se alla filer:

Verktyg - (Mapp)alternativ eller liknande - Visning

Välj Visa dolda filer och mappar

Avbocka Dölj filnamnstillägg för kända filtyper

Avbocka Dölj skyddade operativsystemfiler

 

Ta bort filerna (om de finns kvar):

C:\WINDOWS\system32\zkPeCrypt.dll

 

Töm mappen:

C:\DOCUME~1\ANDERS~1\LOKALA~1\Tempdär ~1 står för ett antal godtyckliga tecken.

 

Starta om i normalt läge och så en ny HijackThis-logg.[/log]

 

Link to comment
Share on other sites

Då hoppas vi att det är färdigt nu =)

 

 

[log]Logfile of HijackThis v1.99.1

Scan saved at 14:15:06, on 2006-12-10

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\Program\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe

C:\Program\Telia\Supportassistent\bin\tgcmd.exe

C:\Program\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe

C:\Program\QuickTime\qttask.exe

C:\Program\Grisoft\AVGFRE~1\avgcc.exe

C:\Anders\Program\Winamp 5.31\Winamp\winampa.exe

C:\Program\Java\jre1.5.0_09\bin\jusched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program\Messenger\msmsgs.exe

C:\Anders\Program\SuperAntiSpyware\SUPERAntiSpyware.exe

C:\Program\Adobe\Acrobat 7.0\Reader\reader_sl.exe

C:\Program\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe

C:\Program\Grisoft\AVGFRE~1\avgamsvr.exe

C:\Program\Grisoft\AVGFRE~1\avgupsvc.exe

C:\Program\Grisoft\AVGFRE~1\avgemc.exe

C:\WINDOWS\system32\svchost.exe

C:\Anders\Program\HitmanPro\Webroot\Spy Sweeper\WRSSSDK.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Anders\Program\Hijack This\hijackthis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startsidan.telia.se/

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\about.htm

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program\Java\jre1.5.0_09\bin\ssv.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program\google\googletoolbar1.dll

O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program\Delade filer\Roxio Shared\System\EngUtil.exe"

O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"

O4 - HKLM\..\Run: [tgcmd] "C:\Program\Telia\Supportassistent\bin\tgcmd.exe" /server /startmonitor /deaf

O4 - HKLM\..\Run: [RoxioAudioCentral] "C:\Program\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [AVG7_CC] C:\Program\Grisoft\AVGFRE~1\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [WinampAgent] C:\Anders\Program\Winamp 5.31\Winamp\winampa.exe

O4 - HKLM\..\Run: [DAEMON Tools] "C:\Anders\Program\Deamon Tools\DAEMON Tools\daemon.exe" -lang 1033

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program\Java\jre1.5.0_09\bin\jusched.exe"

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\Program\Ahead\Ahead\data\Xtras\mssysmgr.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Program\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Anders\Program\SuperAntiSpyware\SUPERAntiSpyware.exe

O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program\Delade filer\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_09\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_09\bin\ssv.dll

O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\Anders\Program\HITMAN~1\SPYWAR~1\SPYWAR~1\tools\iesdpb.dll

O9 - Extra button: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Anders\icq2001b\ICQ\ICQ.exe

O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Anders\icq2001b\ICQ\ICQ.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - http://support.f-secure.com/ols/fscax.cab

O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab

O20 - Winlogon Notify: !SASWinLogon - C:\Anders\Program\SuperAntiSpyware\SASWINLO.dll

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\Program\Grisoft\AVGFRE~1\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\Program\Grisoft\AVGFRE~1\avgupsvc.exe

O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\Program\Grisoft\AVGFRE~1\avgemc.exe

O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Anders\Program\HitmanPro\Spyware Doctor\Spyware Doctor\sdhelp.exe

O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Anders\Program\HitmanPro\Webroot\Spy Sweeper\WRSSSDK.exe

 

[/log]

 

 

 

Mvh

Anders

 

Link to comment
Share on other sites

Nu ser jag i alla fall inget otrevligt i loggen. Är dina andra säkerhetsprogram nöjda nu och uppför sig datorn som den ska?

 

Link to comment
Share on other sites

Så skönt! Japp, verkar inte vara några problem förutom att bilder på internet tar lång tid/inte alls att få fram.

 

 

Ska precis köra AVG och se vad det säger, återkommer om det skulle finnas några frågor kring det.

 

 

Ett oerhört stort tack för hjälpen!

 

 

 

Mvh

Anders

 

Link to comment
Share on other sites

Kolla lite med de andra programmen jag rekommenderar nedan.

 

Här kommer mina vanliga råd för en säkrare dator, men det är så klart viktigt att man använder sitt förnuft också.

 

Uppdatera från Windows Update och kör antispionprogrammen AVG Anti-Spyware (Ewido), SUPERAntiSpyware, Spybot S&D och/eller Ad-aware regelbundet.

http://www.ewido.net/en/

http://www.superantispyware.com/

http://www.safer-networking.org/en/download/index.html

http://www.lavasoft.com

 

Komplettera antivirusprogrammet med några online-skanningar då och då:

http://housecall.trendmicro.com/

http://www.bitdefender.com/scan8/ie.html

http://www.pandasoftware.com/products/activescan/

 

Använd en brandvägg (bättre än den inbyggda i XP), finns gratis från t ex ZoneLabs.

http://www.zonelabs.com/store/content/home.jsp

 

Om man använder Internet Explorer så kan det vara lämpligt att ha programmen SpywareBlaster och SpywareGuard, vilka hindrar en hel del otrevliga program från att laddas ner resp. köras:

http://www.javacoolsoftware.com

 

Se över säkerhetsinställningarna i Internet Explorer, det finns en hel del tips här:

http://www.spywarewarrior.com/uiuc/btw/ie/ie-opts.htm

 

Samt kör IE-SpyAd som lägger en hel massa otrevliga webbplatser i zonen Ej tillförlitliga i Internet Explorer så att de inte kan göra något med datorn:

http://www.spywarewarrior.com/uiuc/resource.htm

 

Om man byter webbläsare så är det bara SpywareGuard som behövs. Andra webbläsare är t ex Mozilla Firefox och Opera:

http://www.mozilla.org

http://www.opera.com

 

Allt gratis för hemanvändare/personligt bruk.

 

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.



×
×
  • Create New...