Just nu i M3-nätverket
Jump to content

hjt log msn virus


erixen

Recommended Posts

hej, fyra filer i avg vault , trojan horse generic2.mhe install.exe , trojan horse downloader.generic3.deg a0060432.dll , trojan horse generic2.mhf a0060435.exe , trojan horse generic2.mhe a0060577.exe

 

[log]Logfile of HijackThis v1.99.1

Scan saved at 13:49:21, on 2006-12-25

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Acer\eManager\anbmServ.exe

C:\Program\Grisoft\AVGFRE~1\avgamsvr.exe

C:\Program\Grisoft\AVGFRE~1\avgupsvc.exe

C:\Program\Synaptics\SynTP\SynTPLpr.exe

C:\Program\Synaptics\SynTP\SynTPEnh.exe

C:\Program\CyberLink\PowerDVD\PDVDServ.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\rundll32.exe

C:\WINDOWS\system32\hkcmd.exe

C:\acer\epm\epm-dm.exe

C:\Program\Grisoft\AVGFRE~1\avgcc.exe

C:\Program\HP\hpcoretech\hpcmpmgr.exe

D:\Program\HP Software Update\HPWuSchd2.exe

C:\Program\Java\jre1.5.0_06\bin\jusched.exe

C:\Program\Delade filer\{0C9F3F1E-05DA-1053-0803-04051720002e}\Update.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program\Internet Explorer\iexplore.exe

C:\WINDOWS\system32\nfomon\nfomon.exe

C:\WINDOWS\system32\vidmon\vidmon.exe

C:\Program\hijackthis\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.se/0SESVSE/SAOS01?FORM=TOOLBR'>http://g.msn.se/0SESVSE/SAOS01?FORM=TOOLBR'>http://g.msn.se/0SESVSE/SAOS01?FORM=TOOLBR

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.se/0SESVSE/SAOS01?FORM=TOOLBR

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.aftonbladet.se/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://global.acer.com

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.se/0SESVSE/SAOS01?FORM=TOOLBR

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program\Java\jre1.5.0_06\bin\ssv.dll

O2 - BHO: MSN Search Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program\MSN Toolbar Suite\TB\02.05.0000.1105\sv-se\msntb.dll

O2 - BHO: Bar888 - {C1B4DEC2-2623-438e-9CA2-C9043AB28508} - C:\Program\DELADE~1\{3C9F3~1\Bar888.dll

O3 - Toolbar: MSN Search Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program\MSN Toolbar Suite\TB\02.05.0000.1105\sv-se\msntb.dll

O3 - Toolbar: Bar888 - {C1B4DEC2-2623-438e-9CA2-C9043AB28508} - C:\Program\DELADE~1\{3C9F3~1\Bar888.dll

O4 - HKLM\..\Run: [LaunchApp] Alaunch

O4 - HKLM\..\Run: [synTPLpr] C:\Program\Synaptics\SynTP\SynTPLpr.exe

O4 - HKLM\..\Run: [synTPEnh] C:\Program\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [RemoteControl] C:\Program\CyberLink\PowerDVD\PDVDServ.exe

O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent

O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC

O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC

O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [EPM-DM] c:\acer\epm\epm-dm.exe

O4 - HKLM\..\Run: [ePowerManagement] C:\Acer\ePM\ePM.exe boot

O4 - HKLM\..\Run: [NvCplScan] nvsc32.exe

O4 - HKLM\..\Run: [AVG7_CC] C:\Program\Grisoft\AVGFRE~1\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [HP Component Manager] "C:\Program\HP\hpcoretech\hpcmpmgr.exe"

O4 - HKLM\..\Run: [HP Software Update] D:\Program\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [sony Ericsson PC Suite] "C:\Program\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program\Java\jre1.5.0_06\bin\jusched.exe

O4 - HKLM\..\Run: [{0C9F3F1E-05DA-1053-0803-04051720002e}] "C:\Program\Delade filer\{0C9F3F1E-05DA-1053-0803-04051720002e}\Update.exe" mc-110-12-0001411

O4 - HKLM\..\Run: [ipWins] C:\Program\ipwins\ipwins.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [Nfo] C:\WINDOWS\system32\nfomon\nfomon.exe

O4 - HKLM\..\Run: [vidmon] C:\WINDOWS\system32\vidmon\vidmon.exe

O4 - HKLM\..\RunServices: [NvCplScan] nvsc32.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [NvCplScan] nvsc32.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program\Microsoft Office\Office10\OSA.EXE

O8 - Extra context menu item: &MSN Search - res://C:\Program\MSN Toolbar Suite\TB\02.05.0000.1105\sv-se\msntb.dll/search.htm

O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~2\Office10\EXCEL.EXE/3000

O8 - Extra context menu item: Öppna på ny flik i bakgrunden - res://C:\Program\MSN Toolbar Suite\TAB\02.05.0000.1105\sv-se\msntabres.dll/229?680cc0c5eec43a4b015e78b73fdba83

O8 - Extra context menu item: Öppna på ny flik i förgrunden - res://C:\Program\MSN Toolbar Suite\TAB\02.05.0000.1105\sv-se\msntabres.dll/230?680cc0c5eec43a4b015e78b73fdba83

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra button: MultiPoker - {641F4F4E-6C91-4159-869E-9F5CE6F0F64E} - D:\Program\MultiPoker.exe (file missing)

O9 - Extra 'Tools' menuitem: MultiPoker - {641F4F4E-6C91-4159-869E-9F5CE6F0F64E} - D:\Program\MultiPoker.exe (file missing)

O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program\PartyGaming\PartyPoker\RunApp.exe (file missing)

O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program\PartyGaming\PartyPoker\RunApp.exe (file missing)

O9 - Extra button: Ladbrokes Poker - {C2A80015-C447-4dc4-82DD-AED83D6ED57E} - C:\Program\ladbrokesMPP\MPPoker.exe

O9 - Extra button: Unibet Poker - {C53BFCFC-7A54-4627-AEBA-2CD4871FCA97} - C:\Program\UnibetpokerMPP\MPPoker.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program\MSNMES~1\MSGRAP~1.DLL

O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe

O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\Program\Grisoft\AVGFRE~1\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\Program\Grisoft\AVGFRE~1\avgupsvc.exe

O23 - Service: COM+ Messages - Unknown owner - C:\WINDOWS\system32\svchosts.exe" -e mc-110-12-0001411 (file missing)

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\Security Center\SymWSC.exe

 

[/log]

 

Link to comment
Share on other sites

Stefan Eklinder

 

 

Du har lagt Hijackthis och kört den från Program i Windows. Den ska ligga i en separat mapp under C och köras därifrån.

 

Vet inte vilken Hijackthis du kört, men den här lägger sig säkert rätt automatiskt:

 

http://www.thespykiller.co.uk/files/HJTsetup.exe

 

---

C:\Eforum\Stefan Eklinder>|

 

"Om allt verkar gå bra, måste du ha missat något."

 

- Steven Wright

 

 

 

Link to comment
Share on other sites

rätt nu?

 

[log]Logfile of HijackThis v1.99.1

Scan saved at 14:54:58, on 2006-12-25

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Acer\eManager\anbmServ.exe

C:\Program\Grisoft\AVGFRE~1\avgamsvr.exe

C:\Program\Grisoft\AVGFRE~1\avgupsvc.exe

C:\WINDOWS\system32\svchost.exe

C:\Program\Synaptics\SynTP\SynTPLpr.exe

C:\Program\Synaptics\SynTP\SynTPEnh.exe

C:\Program\CyberLink\PowerDVD\PDVDServ.exe

C:\WINDOWS\system32\rundll32.exe

C:\WINDOWS\system32\hkcmd.exe

C:\acer\epm\epm-dm.exe

C:\Program\Grisoft\AVGFRE~1\avgcc.exe

C:\Program\HP\hpcoretech\hpcmpmgr.exe

D:\Program\HP Software Update\HPWuSchd2.exe

C:\Program\Java\jre1.5.0_06\bin\jusched.exe

C:\Program\Delade filer\{0C9F3F1E-05DA-1053-0803-04051720002e}\Update.exe

C:\WINDOWS\system32\nfomon\nfomon.exe

C:\WINDOWS\system32\vidmon\vidmon.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program\Delade filer\Teleca Shared\CapabilityManager.exe

C:\Program\superantispyware\SUPERAntiSpyware.exe

C:\hjt\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.se/0SESVSE/SAOS01?FORM=TOOLBR'>http://g.msn.se/0SESVSE/SAOS01?FORM=TOOLBR'>http://g.msn.se/0SESVSE/SAOS01?FORM=TOOLBR

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.se/0SESVSE/SAOS01?FORM=TOOLBR

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.aftonbladet.se/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://global.acer.com

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.se/0SESVSE/SAOS01?FORM=TOOLBR

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program\Java\jre1.5.0_06\bin\ssv.dll

O2 - BHO: MSN Search Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program\MSN Toolbar Suite\TB\02.05.0000.1105\sv-se\msntb.dll

O2 - BHO: Bar888 - {C1B4DEC2-2623-438e-9CA2-C9043AB28508} - C:\Program\DELADE~1\{3C9F3~1\Bar888.dll

O3 - Toolbar: MSN Search Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program\MSN Toolbar Suite\TB\02.05.0000.1105\sv-se\msntb.dll

O3 - Toolbar: Bar888 - {C1B4DEC2-2623-438e-9CA2-C9043AB28508} - C:\Program\DELADE~1\{3C9F3~1\Bar888.dll

O4 - HKLM\..\Run: [LaunchApp] Alaunch

O4 - HKLM\..\Run: [synTPLpr] C:\Program\Synaptics\SynTP\SynTPLpr.exe

O4 - HKLM\..\Run: [synTPEnh] C:\Program\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [RemoteControl] C:\Program\CyberLink\PowerDVD\PDVDServ.exe

O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent

O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC

O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC

O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [EPM-DM] c:\acer\epm\epm-dm.exe

O4 - HKLM\..\Run: [ePowerManagement] C:\Acer\ePM\ePM.exe boot

O4 - HKLM\..\Run: [NvCplScan] nvsc32.exe

O4 - HKLM\..\Run: [AVG7_CC] C:\Program\Grisoft\AVGFRE~1\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [HP Component Manager] "C:\Program\HP\hpcoretech\hpcmpmgr.exe"

O4 - HKLM\..\Run: [HP Software Update] D:\Program\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [sony Ericsson PC Suite] "C:\Program\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program\Java\jre1.5.0_06\bin\jusched.exe

O4 - HKLM\..\Run: [{0C9F3F1E-05DA-1053-0803-04051720002e}] "C:\Program\Delade filer\{0C9F3F1E-05DA-1053-0803-04051720002e}\Update.exe" mc-110-12-0001411

O4 - HKLM\..\Run: [ipWins] C:\Program\ipwins\ipwins.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [Nfo] C:\WINDOWS\system32\nfomon\nfomon.exe

O4 - HKLM\..\Run: [vidmon] C:\WINDOWS\system32\vidmon\vidmon.exe

O4 - HKLM\..\RunServices: [NvCplScan] nvsc32.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [NvCplScan] nvsc32.exe

O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program\superantispyware\SUPERAntiSpyware.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program\Microsoft Office\Office10\OSA.EXE

O8 - Extra context menu item: &MSN Search - res://C:\Program\MSN Toolbar Suite\TB\02.05.0000.1105\sv-se\msntb.dll/search.htm

O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~2\Office10\EXCEL.EXE/3000

O8 - Extra context menu item: Öppna på ny flik i bakgrunden - res://C:\Program\MSN Toolbar Suite\TAB\02.05.0000.1105\sv-se\msntabres.dll/229?680cc0c5eec43a4b015e78b73fdba83

O8 - Extra context menu item: Öppna på ny flik i förgrunden - res://C:\Program\MSN Toolbar Suite\TAB\02.05.0000.1105\sv-se\msntabres.dll/230?680cc0c5eec43a4b015e78b73fdba83

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra button: MultiPoker - {641F4F4E-6C91-4159-869E-9F5CE6F0F64E} - D:\Program\MultiPoker.exe (file missing)

O9 - Extra 'Tools' menuitem: MultiPoker - {641F4F4E-6C91-4159-869E-9F5CE6F0F64E} - D:\Program\MultiPoker.exe (file missing)

O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program\PartyGaming\PartyPoker\RunApp.exe (file missing)

O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program\PartyGaming\PartyPoker\RunApp.exe (file missing)

O9 - Extra button: Ladbrokes Poker - {C2A80015-C447-4dc4-82DD-AED83D6ED57E} - C:\Program\ladbrokesMPP\MPPoker.exe

O9 - Extra button: Unibet Poker - {C53BFCFC-7A54-4627-AEBA-2CD4871FCA97} - C:\Program\UnibetpokerMPP\MPPoker.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program\MSNMES~1\MSGRAP~1.DLL

O20 - Winlogon Notify: !SASWinLogon - C:\Program\SUPERAntiSpyware\SASWINLO.dll

O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe

O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\Program\Grisoft\AVGFRE~1\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\Program\Grisoft\AVGFRE~1\avgupsvc.exe

O23 - Service: COM+ Messages - Unknown owner - C:\WINDOWS\system32\svchosts.exe" -e mc-110-12-0001411 (file missing)

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\Security Center\SymWSC.exe

 

[/log]

 

Link to comment
Share on other sites

Stefan Eklinder

Japp, det ser bättre ut. Invänta loggproffsens svar.

 

Hijackloggar hör inte till min starka sida. :-)

 

Vänta tills du får ordentliga svar från dom som kan loggarna, men det här hittade jag som inte ser så bra ut:

 

nfomon.exe

O4 - HKLM\..\Run: [Nfo] C:\WINDOWS\system32\nfomon\nfomon.exe

 

Description:

nfomon.exe is a process belonging to an advertising program by DelFin. This process monitors your browsing habits and distributes the data back to the author's servers for analysis. This also prompts advertising popups. This process is a security risk and should be removed from your system.

 

vidmon.exe

O4 - HKLM\..\Run: [vidmon] C:\WINDOWS\system32\vidmon\vidmon.exe

 

Description:

vidmon.exe is a process belonging to an advertising program by DelFin. This process monitors your browsing habits and distributes the data back to the author's servers for analysis. This also prompts advertising popups. This process is a security risk and should be removed from your system.

 

nvsc32.exe

O4 - HKLM\..\RunServices: [NvCplScan] nvsc32.exe

 

Description:

nvsc32.exe is a process which is registered as Backdoor.IRC.Bot Trojan. This Trojan allows attackers to access your computer from remote locations, stealing passwords, Internet banking and personal data. This process is a security risk and should be removed from your system.

 

 

nvsc32.exe

O4 - HKCU\..\Run: [NvCplScan] nvsc32.exe

 

Description:

nvsc32.exe is a process which is registered as Backdoor.IRC.Bot Trojan. This Trojan allows attackers to access your computer from remote locations, stealing passwords, Internet banking and personal data. This process is a security risk and should be removed from your system.

 

...så är det en dator du inte är beroende av för internetanvändning, så skulle jag rekommendera att du kopplade bort den från internet direkt.

 

---

C:\Eforum\Stefan Eklinder>|

 

"Om allt verkar gå bra, måste du ha missat något."

 

- Steven Wright

[inlägget ändrat 2006-12-25 15:26:08 av Stefan Eklinder]

Link to comment
Share on other sites

ok, har kopplat från den nu, sitter på min egen dator nu, det är brorsans dator, medans jag var och åt lite så hade 2 popup fönster dykt up på den kördes från c: documents and settings

 

[inlägget ändrat 2006-12-25 15:30:36 av erixen]

Link to comment
Share on other sites

Stefan Eklinder
erixen skrev:

ok, har kopplat från den nu, sitter på min egen dator nu, det är brorsans dator, medans jag var och åt lite så hade 2 popup fönster dykt up på den kördes från c: documents and settings

 

Popuprutorna kommer förmodligen från adwares du har fått din dator infekterad med, som jag hittade i din logg.

 

För att undvika obehagliga fakturor från onlineaffärer, om du nu shoppar online, så skulle jag rekommendera att du under tiden bytade lösenord på dom sidorna.

 

Loggar du in på din dator, så rekommenderar jag också lösenordbyte där. Så även Adminlösenordet om du har sådant.

 

---

C:\Eforum\Stefan Eklinder>|

 

"Om allt verkar gå bra, måste du ha missat något."

 

- Steven Wright

 

[inlägget ändrat 2006-12-25 15:38:28 av Stefan Eklinder]

Link to comment
Share on other sites

stäng webbläsaren.

gör en scan med hjt, bocka för den här raden (resten bör SAS hitta)

 

O4 - HKLM\..\Run: [vidmon] C:\WINDOWS\system32\vidmon\vidmon.exe

 

kolla om superantispyware är uppdaterat och att du har den senaste versionen som är 3.4.1000.

starta om och scanna i felsäkert läge, full system scan. flytta allt som hittas till karantän.

 

leta efter och ta bort denna mapp

C:\WINDOWS\system32\vidmon

 

starta om normalt, posta en ny hjt logg och SAS loggen som du hittar under preferences

 

 

 

 

 

Link to comment
Share on other sites

ok, den scannar nu, ska väl komma log snart

 

 

[log]Logfile of HijackThis v1.99.1

Scan saved at 17:39:46, on 2006-12-25

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Acer\eManager\anbmServ.exe

C:\WINDOWS\Explorer.EXE

C:\Program\Grisoft\AVGFRE~1\avgamsvr.exe

C:\Program\Grisoft\AVGFRE~1\avgupsvc.exe

C:\WINDOWS\system32\svchost.exe

C:\Program\Synaptics\SynTP\SynTPLpr.exe

C:\Program\Synaptics\SynTP\SynTPEnh.exe

C:\Program\CyberLink\PowerDVD\PDVDServ.exe

C:\WINDOWS\system32\rundll32.exe

C:\WINDOWS\system32\hkcmd.exe

C:\acer\epm\epm-dm.exe

C:\Program\Grisoft\AVGFRE~1\avgcc.exe

C:\Program\HP\hpcoretech\hpcmpmgr.exe

D:\Program\HP Software Update\HPWuSchd2.exe

C:\Program\Java\jre1.5.0_06\bin\jusched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program\superantispyware\SUPERAntiSpyware.exe

C:\Program\Delade filer\Teleca Shared\CapabilityManager.exe

C:\Program\HP\hpcoretech\comp\hptskmgr.exe

C:\WINDOWS\system32\wuauclt.exe

C:\hjt\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.se/0SESVSE/SAOS01?FORM=TOOLBR'>http://g.msn.se/0SESVSE/SAOS01?FORM=TOOLBR'>http://g.msn.se/0SESVSE/SAOS01?FORM=TOOLBR

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.se/0SESVSE/SAOS01?FORM=TOOLBR

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.aftonbladet.se/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://global.acer.com

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.se/0SESVSE/SAOS01?FORM=TOOLBR

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program\Java\jre1.5.0_06\bin\ssv.dll

O2 - BHO: MSN Search Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program\MSN Toolbar Suite\TB\02.05.0000.1105\sv-se\msntb.dll

O2 - BHO: Bar888 - {C1B4DEC2-2623-438e-9CA2-C9043AB28508} - C:\Program\DELADE~1\{3C9F3~1\Bar888.dll

O3 - Toolbar: MSN Search Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program\MSN Toolbar Suite\TB\02.05.0000.1105\sv-se\msntb.dll

O3 - Toolbar: Bar888 - {C1B4DEC2-2623-438e-9CA2-C9043AB28508} - C:\Program\DELADE~1\{3C9F3~1\Bar888.dll

O4 - HKLM\..\Run: [LaunchApp] Alaunch

O4 - HKLM\..\Run: [synTPLpr] C:\Program\Synaptics\SynTP\SynTPLpr.exe

O4 - HKLM\..\Run: [synTPEnh] C:\Program\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [RemoteControl] C:\Program\CyberLink\PowerDVD\PDVDServ.exe

O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent

O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC

O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC

O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [EPM-DM] c:\acer\epm\epm-dm.exe

O4 - HKLM\..\Run: [ePowerManagement] C:\Acer\ePM\ePM.exe boot

O4 - HKLM\..\Run: [NvCplScan] nvsc32.exe

O4 - HKLM\..\Run: [AVG7_CC] C:\Program\Grisoft\AVGFRE~1\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [HP Component Manager] "C:\Program\HP\hpcoretech\hpcmpmgr.exe"

O4 - HKLM\..\Run: [HP Software Update] D:\Program\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [sony Ericsson PC Suite] "C:\Program\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program\Java\jre1.5.0_06\bin\jusched.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\RunServices: [NvCplScan] nvsc32.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [NvCplScan] nvsc32.exe

O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program\superantispyware\SUPERAntiSpyware.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program\Microsoft Office\Office10\OSA.EXE

O8 - Extra context menu item: &MSN Search - res://C:\Program\MSN Toolbar Suite\TB\02.05.0000.1105\sv-se\msntb.dll/search.htm

O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~2\Office10\EXCEL.EXE/3000

O8 - Extra context menu item: Öppna på ny flik i bakgrunden - res://C:\Program\MSN Toolbar Suite\TAB\02.05.0000.1105\sv-se\msntabres.dll/229?680cc0c5eec43a4b015e78b73fdba83

O8 - Extra context menu item: Öppna på ny flik i förgrunden - res://C:\Program\MSN Toolbar Suite\TAB\02.05.0000.1105\sv-se\msntabres.dll/230?680cc0c5eec43a4b015e78b73fdba83

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra button: MultiPoker - {641F4F4E-6C91-4159-869E-9F5CE6F0F64E} - D:\Program\MultiPoker.exe (file missing)

O9 - Extra 'Tools' menuitem: MultiPoker - {641F4F4E-6C91-4159-869E-9F5CE6F0F64E} - D:\Program\MultiPoker.exe (file missing)

O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program\PartyGaming\PartyPoker\RunApp.exe (file missing)

O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program\PartyGaming\PartyPoker\RunApp.exe (file missing)

O9 - Extra button: Ladbrokes Poker - {C2A80015-C447-4dc4-82DD-AED83D6ED57E} - C:\Program\ladbrokesMPP\MPPoker.exe

O9 - Extra button: Unibet Poker - {C53BFCFC-7A54-4627-AEBA-2CD4871FCA97} - C:\Program\UnibetpokerMPP\MPPoker.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program\MSNMES~1\MSGRAP~1.DLL

O20 - Winlogon Notify: !SASWinLogon - C:\Program\SUPERAntiSpyware\SASWINLO.dll

O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe

O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\Program\Grisoft\AVGFRE~1\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\Program\Grisoft\AVGFRE~1\avgupsvc.exe

O23 - Service: COM+ Messages - Unknown owner - C:\WINDOWS\system32\svchosts.exe" -e mc-110-12-0001411 (file missing)

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\Security Center\SymWSC.exe

 

[/log]

 

[log]SUPERAntiSpyware Scan Log

Generated 12/25/2006 at 05:27 PM

 

Application Version : 3.4.1000

 

Core Rules Database Version : 0

Trace Rules Database Version: 0

 

Scan type : Complete Scan

Total Scan Time : 00:07:15

 

Memory items scanned : 159

Memory threats detected : 0

Registry items scanned : 5027

Registry threats detected : 8

File items scanned : 2636

File threats detected : 5

 

Trojan.Update-Mcboo

[{0C9F3F1E-05DA-1053-0803-04051720002e}] C:\PROGRAM\DELADE FILER\{0C9F3F1E-05DA-1053-0803-04051720002E}\UPDATE.EXE

C:\PROGRAM\DELADE FILER\{0C9F3F1E-05DA-1053-0803-04051720002E}\UPDATE.EXE

C:\WINDOWS\Prefetch\UPDATE.EXE-1201E255.pf

 

Unclassified.Unknown Origin/System

[Nfo] C:\WINDOWS\SYSTEM32\NFOMON\NFOMON.EXE

C:\WINDOWS\SYSTEM32\NFOMON\NFOMON.EXE

C:\WINDOWS\Prefetch\NFOMON.EXE-0138E8E4.pf

 

Adware.ClickSpring/Yazzle

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yazzle1122Oin

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yazzle1122Oin#DisplayName

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yazzle1122Oin#UninstallString

 

Adware.MyWay

C:\Program\MyWay

 

Adware.IPWins

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IpWins

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IpWins#DisplayName

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IpWins#UninstallString

[/log]

[inlägget ändrat 2006-12-25 17:45:41 av erixen]

Link to comment
Share on other sites

senaste loggarna

 

[log]Logfile of HijackThis v1.99.1

Scan saved at 18:26:37, on 2006-12-25

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Acer\eManager\anbmServ.exe

C:\WINDOWS\Explorer.EXE

C:\Program\Grisoft\AVGFRE~1\avgamsvr.exe

C:\Program\Grisoft\AVGFRE~1\avgupsvc.exe

C:\WINDOWS\system32\svchost.exe

C:\Program\Synaptics\SynTP\SynTPLpr.exe

C:\Program\Synaptics\SynTP\SynTPEnh.exe

C:\Program\CyberLink\PowerDVD\PDVDServ.exe

C:\WINDOWS\system32\rundll32.exe

C:\WINDOWS\system32\hkcmd.exe

C:\acer\epm\epm-dm.exe

C:\Program\Grisoft\AVGFRE~1\avgcc.exe

C:\Program\HP\hpcoretech\hpcmpmgr.exe

D:\Program\HP Software Update\HPWuSchd2.exe

C:\Program\Java\jre1.5.0_06\bin\jusched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program\superantispyware\SUPERAntiSpyware.exe

C:\Program\Delade filer\Teleca Shared\CapabilityManager.exe

C:\Program\HP\hpcoretech\comp\hptskmgr.exe

C:\WINDOWS\system32\wuauclt.exe

C:\hjt\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.se/0SESVSE/SAOS01?FORM=TOOLBR'>http://g.msn.se/0SESVSE/SAOS01?FORM=TOOLBR'>http://g.msn.se/0SESVSE/SAOS01?FORM=TOOLBR

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.se/0SESVSE/SAOS01?FORM=TOOLBR

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.aftonbladet.se/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://global.acer.com

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.se/0SESVSE/SAOS01?FORM=TOOLBR

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar

O3 - Toolbar: MSN Search Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program\MSN Toolbar Suite\TB\02.05.0000.1105\sv-se\msntb.dll

O4 - HKLM\..\Run: [LaunchApp] Alaunch

O4 - HKLM\..\Run: [synTPLpr] C:\Program\Synaptics\SynTP\SynTPLpr.exe

O4 - HKLM\..\Run: [synTPEnh] C:\Program\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [RemoteControl] C:\Program\CyberLink\PowerDVD\PDVDServ.exe

O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent

O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC

O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC

O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [EPM-DM] c:\acer\epm\epm-dm.exe

O4 - HKLM\..\Run: [ePowerManagement] C:\Acer\ePM\ePM.exe boot

O4 - HKLM\..\Run: [NvCplScan] nvsc32.exe

O4 - HKLM\..\Run: [AVG7_CC] C:\Program\Grisoft\AVGFRE~1\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [HP Component Manager] "C:\Program\HP\hpcoretech\hpcmpmgr.exe"

O4 - HKLM\..\Run: [HP Software Update] D:\Program\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [sony Ericsson PC Suite] "C:\Program\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program\Java\jre1.5.0_06\bin\jusched.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\RunServices: [NvCplScan] nvsc32.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [NvCplScan] nvsc32.exe

O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program\superantispyware\SUPERAntiSpyware.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program\Microsoft Office\Office10\OSA.EXE

O8 - Extra context menu item: &MSN Search - res://C:\Program\MSN Toolbar Suite\TB\02.05.0000.1105\sv-se\msntb.dll/search.htm

O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~2\Office10\EXCEL.EXE/3000

O8 - Extra context menu item: Öppna på ny flik i bakgrunden - res://C:\Program\MSN Toolbar Suite\TAB\02.05.0000.1105\sv-se\msntabres.dll/229?680cc0c5eec43a4b015e78b73fdba83

O8 - Extra context menu item: Öppna på ny flik i förgrunden - res://C:\Program\MSN Toolbar Suite\TAB\02.05.0000.1105\sv-se\msntabres.dll/230?680cc0c5eec43a4b015e78b73fdba83

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra button: MultiPoker - {641F4F4E-6C91-4159-869E-9F5CE6F0F64E} - D:\Program\MultiPoker.exe (file missing)

O9 - Extra 'Tools' menuitem: MultiPoker - {641F4F4E-6C91-4159-869E-9F5CE6F0F64E} - D:\Program\MultiPoker.exe (file missing)

O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program\PartyGaming\PartyPoker\RunApp.exe (file missing)

O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program\PartyGaming\PartyPoker\RunApp.exe (file missing)

O9 - Extra button: Ladbrokes Poker - {C2A80015-C447-4dc4-82DD-AED83D6ED57E} - C:\Program\ladbrokesMPP\MPPoker.exe

O9 - Extra button: Unibet Poker - {C53BFCFC-7A54-4627-AEBA-2CD4871FCA97} - C:\Program\UnibetpokerMPP\MPPoker.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program\MSNMES~1\MSGRAP~1.DLL

O20 - Winlogon Notify: !SASWinLogon - C:\Program\SUPERAntiSpyware\SASWINLO.dll

O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe

O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\Program\Grisoft\AVGFRE~1\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\Program\Grisoft\AVGFRE~1\avgupsvc.exe

O23 - Service: COM+ Messages - Unknown owner - C:\WINDOWS\system32\svchosts.exe" -e mc-110-12-0001411 (file missing)

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\Security Center\SymWSC.exe

 

[/log]

 

[log]SUPERAntiSpyware Scan Log

Generated 12/25/2006 at 06:16 PM

 

Application Version : 3.4.1000

 

Core Rules Database Version : 3153

Trace Rules Database Version: 1170

 

Scan type : Complete Scan

Total Scan Time : 00:22:21

 

Memory items scanned : 158

Memory threats detected : 0

Registry items scanned : 5219

Registry threats detected : 8

File items scanned : 15798

File threats detected : 117

 

Adware.Tracking Cookie

C:\Documents and Settings\Empo\Cookies\empo@ad.zanox[3].txt

C:\Documents and Settings\Empo\Cookies\empo@track.adform[2].txt

C:\Documents and Settings\Empo\Cookies\empo@adserver.banneradministration[2].txt

C:\Documents and Settings\Empo\Cookies\empo@postclicktracking[1].txt

C:\Documents and Settings\Empo\Cookies\empo@media.fastclick[3].txt

C:\Documents and Settings\Empo\Cookies\empo@mb[1].txt

C:\Documents and Settings\Empo\Cookies\empo@kanoodle[2].txt

C:\Documents and Settings\Empo\Cookies\empo@ehg-yvesrocher.hitbox[2].txt

C:\Documents and Settings\Empo\Cookies\empo@1071761864[1].txt

C:\Documents and Settings\Empo\Cookies\empo@ad1.emediate[7].txt

C:\Documents and Settings\Empo\Cookies\empo@1070847646[2].txt

C:\Documents and Settings\Empo\Cookies\empo@advertising[1].txt

C:\Documents and Settings\Empo\Cookies\empo@S005-01-8-2-233860-94033[2].txt

C:\Documents and Settings\Empo\Cookies\empo@ad.adtoma[4].txt

C:\Documents and Settings\Empo\Cookies\empo@ehg-dig.hitbox[2].txt

C:\Documents and Settings\Empo\Cookies\empo@1071183736[1].txt

C:\Documents and Settings\Empo\Cookies\empo@statcounter[1].txt

C:\Documents and Settings\Empo\Cookies\empo@stat.swedbank[1].txt

C:\Documents and Settings\Empo\Cookies\empo@S005-01-8-1-233860-93722[2].txt

C:\Documents and Settings\Empo\Cookies\empo@mediaplex[1].txt

C:\Documents and Settings\Empo\Cookies\empo@valueclick[4].txt

C:\Documents and Settings\Empo\Cookies\empo@adtech[2].txt

C:\Documents and Settings\Empo\Cookies\empo@yourmedia[2].txt

C:\Documents and Settings\Empo\Cookies\empo@atwola[4].txt

C:\Documents and Settings\Empo\Cookies\empo@ad.yieldmanager[2].txt

C:\Documents and Settings\Empo\Cookies\empo@ehg-twi.hitbox[2].txt

C:\Documents and Settings\Empo\Cookies\empo@adbrite[2].txt

C:\Documents and Settings\Empo\Cookies\empo@msnportal.112.2o7[2].txt

C:\Documents and Settings\Empo\Cookies\empo@rotator.adjuggler[2].txt

C:\Documents and Settings\Empo\Cookies\empo@tripod[2].txt

C:\Documents and Settings\Empo\Cookies\empo@tradedoubler[1].txt

C:\Documents and Settings\Empo\Cookies\empo@1069336987[1].txt

C:\Documents and Settings\Empo\Cookies\empo@mature35104a9[1].txt

C:\Documents and Settings\Empo\Cookies\empo@serving-sys[1].txt

C:\Documents and Settings\Empo\Cookies\empo@counter2.hitslink[1].txt

C:\Documents and Settings\Empo\Cookies\empo@doubleclick[1].txt

C:\Documents and Settings\Empo\Cookies\empo@maxserving[2].txt

C:\Documents and Settings\Empo\Cookies\empo@revsci[2].txt

C:\Documents and Settings\Empo\Cookies\empo@ehg-thegoldmansachsgroup.hitbox[2].txt

C:\Documents and Settings\Empo\Cookies\empo@indextools[2].txt

C:\Documents and Settings\Empo\Cookies\empo@cgi-bin[2].txt

C:\Documents and Settings\Empo\Cookies\empo@bluestreak[2].txt

C:\Documents and Settings\Empo\Cookies\empo@statse.webtrendslive[1].txt

C:\Documents and Settings\Empo\Cookies\empo@m1.webstats4u[4].txt

C:\Documents and Settings\Empo\Cookies\empo@ad1.emediate[6].txt

C:\Documents and Settings\Empo\Cookies\empo@casalemedia[2].txt

C:\Documents and Settings\Empo\Cookies\empo@hitbox[3].txt

C:\Documents and Settings\Empo\Cookies\empo@adultfriendfinder[1].txt

C:\Documents and Settings\Empo\Cookies\empo@cs.sexcounter[2].txt

C:\Documents and Settings\Empo\Cookies\empo@atdmt[2].txt

C:\Documents and Settings\Empo\Cookies\empo@perf.overture[1].txt

C:\Documents and Settings\Empo\Cookies\empo@fastclick[1].txt

C:\Documents and Settings\Empo\Cookies\empo@tribalfusion[1].txt

C:\Documents and Settings\Empo\Cookies\empo@as1.falkag[1].txt

C:\Documents and Settings\Empo\Cookies\empo@questionmarket[3].txt

C:\Documents and Settings\Empo\Cookies\empo@partygaming.122.2o7[1].txt

C:\Documents and Settings\Empo\Cookies\empo@data3.perf.overture[1].txt

C:\Documents and Settings\Empo\Cookies\empo@bs.serving-sys[2].txt

C:\Documents and Settings\Empo\Cookies\empo@1072273079[1].txt

C:\Documents and Settings\Empo\Cookies\empo@clickbank[2].txt

C:\Documents and Settings\Empo\Cookies\empo@112.2o7[2].txt

C:\Documents and Settings\Empo\Cookies\empo@ad-server.gulasidorna[1].txt

C:\Documents and Settings\Empo\Cookies\empo@ad-server.gulasidorna[2].txt

C:\Documents and Settings\Empo\Cookies\empo@ad.adtoma[1].txt

C:\Documents and Settings\Empo\Cookies\empo@ad.adtoma[2].txt

C:\Documents and Settings\Empo\Cookies\empo@ad.adtoma[3].txt

C:\Documents and Settings\Empo\Cookies\empo@ad1.emediate[1].txt

C:\Documents and Settings\Empo\Cookies\empo@ad1.emediate[2].txt

C:\Documents and Settings\Empo\Cookies\empo@ad1.emediate[3].txt

C:\Documents and Settings\Empo\Cookies\empo@ad1.emediate[5].txt

C:\Documents and Settings\Empo\Cookies\empo@adopt.euroclick[2].txt

C:\Documents and Settings\Empo\Cookies\empo@ads.adsag[1].txt

C:\Documents and Settings\Empo\Cookies\empo@ads.as4x.tmcs.ticketmaster[1].txt

C:\Documents and Settings\Empo\Cookies\empo@ads.as4x.tmcs[1].txt

C:\Documents and Settings\Empo\Cookies\empo@ads1.revenue[1].txt

C:\Documents and Settings\Empo\Cookies\empo@ads2.drivelinemedia[2].txt

C:\Documents and Settings\Empo\Cookies\empo@bs.serving-sys[1].txt

C:\Documents and Settings\Empo\Cookies\empo@campaign.indieclick[1].txt

C:\Documents and Settings\Empo\Cookies\empo@counter[1].txt

C:\Documents and Settings\Empo\Cookies\empo@e2.emediate[2].txt

C:\Documents and Settings\Empo\Cookies\empo@ehg-dig.hitbox[1].txt

C:\Documents and Settings\Empo\Cookies\empo@ehg-idgab.hitbox[1].txt

C:\Documents and Settings\Empo\Cookies\empo@ehg-ladbrokes.hitbox[2].txt

C:\Documents and Settings\Empo\Cookies\empo@ehg-machinas.hitbox[1].txt

C:\Documents and Settings\Empo\Cookies\empo@ehg-svt.hitbox[1].txt

C:\Documents and Settings\Empo\Cookies\empo@falkag[1].txt

C:\Documents and Settings\Empo\Cookies\empo@falkag[2].txt

C:\Documents and Settings\Empo\Cookies\empo@fortunecity[2].txt

C:\Documents and Settings\Empo\Cookies\empo@m1.webstats4u[1].txt

C:\Documents and Settings\Empo\Cookies\empo@m1.webstats4u[2].txt

C:\Documents and Settings\Empo\Cookies\empo@media.fastclick[2].txt

C:\Documents and Settings\Empo\Cookies\empo@microsoftwga.112.2o7[1].txt

C:\Documents and Settings\Empo\Cookies\empo@msnportal.112.2o7[1].txt

C:\Documents and Settings\Empo\Cookies\empo@oas.247realmedia[1].txt

C:\Documents and Settings\Empo\Cookies\empo@overture[1].txt

C:\Documents and Settings\Empo\Cookies\empo@redirect.advertising[1].txt

C:\Documents and Settings\Empo\Cookies\empo@roiservice[1].txt

C:\Documents and Settings\Empo\Cookies\empo@sel.as-eu.falkag[1].txt

C:\Documents and Settings\Empo\Cookies\empo@stat.onestat[2].txt

C:\Documents and Settings\Empo\Cookies\empo@stats.liutilities[1].txt

C:\Documents and Settings\Empo\Cookies\empo@statse.webtrendslive[2].txt

C:\Documents and Settings\Empo\Cookies\empo@theclickstore[1].txt

C:\Documents and Settings\Empo\Cookies\empo@track.adform[1].txt

C:\Documents and Settings\Empo\Cookies\empo@tracker.agab[1].txt

C:\Documents and Settings\Empo\Cookies\empo@tripod[1].txt

C:\Documents and Settings\Empo\Cookies\empo@valueclick[2].txt

C:\Documents and Settings\Empo\Cookies\empo@weborama[2].txt

C:\Documents and Settings\Empo\Cookies\empo@windowsmedia[2].txt

C:\Documents and Settings\Empo\Cookies\empo@www.etracker[2].txt

C:\Documents and Settings\Empo\Cookies\empo@yourmedia[1].txt

C:\Documents and Settings\Empo\Cookies\empo@zedo[1].txt

 

Adware.Toolbar888

HKCR\CLSID\{C1B4DEC2-2623-438E-9CA2-C9043AB28508}

HKCR\CLSID\{C1B4DEC2-2623-438E-9CA2-C9043AB28508}\InprocServer32

HKCR\CLSID\{C1B4DEC2-2623-438E-9CA2-C9043AB28508}\InprocServer32#ThreadingModel

HKCR\CLSID\{C1B4DEC2-2623-438E-9CA2-C9043AB28508}\ProgID

HKCR\CLSID\{C1B4DEC2-2623-438E-9CA2-C9043AB28508}\Programmable

HKCR\CLSID\{C1B4DEC2-2623-438E-9CA2-C9043AB28508}\TypeLib

HKCR\CLSID\{C1B4DEC2-2623-438E-9CA2-C9043AB28508}\VersionIndependentProgID

 

Adware.IPWins

HKU\S-1-5-21-928096818-4117451770-1821251513-1005\Software\IpWins

 

Trojan.Downloader-Gen/Installer

C:\DOCUMENTS AND SETTINGS\EMPO\LOKALA INSTäLLNINGAR\TEMP\B130.EXE

C:\DOCUMENTS AND SETTINGS\EMPO\LOKALA INSTäLLNINGAR\TEMP\B131.EXE

 

Adware.DelFin Project

C:\PROGRAM\DELADE FILER\UNINSTALL INFORMATION\REMOVEWEBDP.EXE

 

Adware.ClickSpring/Yazzle

C:\PROGRAM\DELADE FILER\YAZZLE1122OINADMIN.EXE

C:\PROGRAM\DELADE FILER\YAZZLE1122OINUNINSTALLER.EXE

 

Trojan.Hacktool

C:\PROGRAM\DELADE FILER\{0C9F3F1E-05DA-1053-0803-04051720002E}\SYSTEM.DLL

[/log]

 

Link to comment
Share on other sites

 

nu ser det bättre ut.

 

klicka på kör, skriv services.msc och klicka på ok.

dubbelklicka på COM+ Messages, välj stoppa och där det står startmetod väljer du inaktiverad, ok.

 

bocka för dessa rader, klicka på fix checked.

 

O4 - HKLM\..\RunServices: [NvCplScan] nvsc32.exe

 

O4 - HKCU\..\Run: [NvCplScan] nvsc32.exe

 

 

gå hit och klicka på download där det står jre 6.

hämta offline filen och installera den.

http://java.sun.com/javase/downloads/index.jsp

 

starta om och posta en ny hjt logg

 

Link to comment
Share on other sites

[log]Logfile of HijackThis v1.99.1

Scan saved at 19:13:37, on 2006-12-25

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Acer\eManager\anbmServ.exe

C:\WINDOWS\Explorer.EXE

C:\Program\Grisoft\AVGFRE~1\avgamsvr.exe

C:\Program\Grisoft\AVGFRE~1\avgupsvc.exe

C:\WINDOWS\system32\svchost.exe

C:\Program\Synaptics\SynTP\SynTPLpr.exe

C:\Program\Synaptics\SynTP\SynTPEnh.exe

C:\Program\CyberLink\PowerDVD\PDVDServ.exe

C:\WINDOWS\system32\rundll32.exe

C:\WINDOWS\system32\hkcmd.exe

C:\acer\epm\epm-dm.exe

C:\Program\Grisoft\AVGFRE~1\avgcc.exe

C:\Program\HP\hpcoretech\hpcmpmgr.exe

D:\Program\HP Software Update\HPWuSchd2.exe

C:\Program\Java\jre1.6.0\bin\jusched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program\superantispyware\SUPERAntiSpyware.exe

C:\Program\Delade filer\Teleca Shared\CapabilityManager.exe

C:\WINDOWS\system32\wuauclt.exe

C:\hjt\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.se/0SESVSE/SAOS01?FORM=TOOLBR'>http://g.msn.se/0SESVSE/SAOS01?FORM=TOOLBR'>http://g.msn.se/0SESVSE/SAOS01?FORM=TOOLBR

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.se/0SESVSE/SAOS01?FORM=TOOLBR

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.aftonbladet.se/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://global.acer.com

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.se/0SESVSE/SAOS01?FORM=TOOLBR

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program\Java\jre1.6.0\bin\ssv.dll

O3 - Toolbar: MSN Search Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program\MSN Toolbar Suite\TB\02.05.0000.1105\sv-se\msntb.dll

O4 - HKLM\..\Run: [LaunchApp] Alaunch

O4 - HKLM\..\Run: [synTPLpr] C:\Program\Synaptics\SynTP\SynTPLpr.exe

O4 - HKLM\..\Run: [synTPEnh] C:\Program\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [RemoteControl] C:\Program\CyberLink\PowerDVD\PDVDServ.exe

O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent

O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC

O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC

O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [EPM-DM] c:\acer\epm\epm-dm.exe

O4 - HKLM\..\Run: [ePowerManagement] C:\Acer\ePM\ePM.exe boot

O4 - HKLM\..\Run: [NvCplScan] nvsc32.exe

O4 - HKLM\..\Run: [AVG7_CC] C:\Program\Grisoft\AVGFRE~1\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [HP Component Manager] "C:\Program\HP\hpcoretech\hpcmpmgr.exe"

O4 - HKLM\..\Run: [HP Software Update] D:\Program\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [sony Ericsson PC Suite] "C:\Program\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program\Java\jre1.6.0\bin\jusched.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe" -atboottime

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program\superantispyware\SUPERAntiSpyware.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program\Microsoft Office\Office10\OSA.EXE

O8 - Extra context menu item: &MSN Search - res://C:\Program\MSN Toolbar Suite\TB\02.05.0000.1105\sv-se\msntb.dll/search.htm

O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~2\Office10\EXCEL.EXE/3000

O8 - Extra context menu item: Öppna på ny flik i bakgrunden - res://C:\Program\MSN Toolbar Suite\TAB\02.05.0000.1105\sv-se\msntabres.dll/229?680cc0c5eec43a4b015e78b73fdba83

O8 - Extra context menu item: Öppna på ny flik i förgrunden - res://C:\Program\MSN Toolbar Suite\TAB\02.05.0000.1105\sv-se\msntabres.dll/230?680cc0c5eec43a4b015e78b73fdba83

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.6.0\bin\npjpi160.dll

O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.6.0\bin\npjpi160.dll

O9 - Extra button: MultiPoker - {641F4F4E-6C91-4159-869E-9F5CE6F0F64E} - D:\Program\MultiPoker.exe (file missing)

O9 - Extra 'Tools' menuitem: MultiPoker - {641F4F4E-6C91-4159-869E-9F5CE6F0F64E} - D:\Program\MultiPoker.exe (file missing)

O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program\PartyGaming\PartyPoker\RunApp.exe (file missing)

O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program\PartyGaming\PartyPoker\RunApp.exe (file missing)

O9 - Extra button: Ladbrokes Poker - {C2A80015-C447-4dc4-82DD-AED83D6ED57E} - C:\Program\ladbrokesMPP\MPPoker.exe

O9 - Extra button: Unibet Poker - {C53BFCFC-7A54-4627-AEBA-2CD4871FCA97} - C:\Program\UnibetpokerMPP\MPPoker.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program\MSNMES~1\MSGRAP~1.DLL

O20 - Winlogon Notify: !SASWinLogon - C:\Program\SUPERAntiSpyware\SASWINLO.dll

O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe

O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\Program\Grisoft\AVGFRE~1\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\Program\Grisoft\AVGFRE~1\avgupsvc.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\Security Center\SymWSC.exe

 

[/log]

 

Link to comment
Share on other sites

hmmm... töm den här mappen

C:\DOCUMENTS AND SETTINGS\EMPO\LOKALA INSTäLLNINGAR\TEMP

 

bocka för den här raden i hjt, klicka på fix checked

O4 - HKLM\..\Run: [NvCplScan] nvsc32.exe

 

kolla sen efter filen nvsc32.exe (i system32), jag tror inte att den finns men det märker du ju.

starta sen om och gör en ny scan, finns filen fortfarande kvar i logg och dator så testa med detta verktyg

http://securityresponse.symantec.com/avcenter/venc/data/w32.kelvir.d.removal.tool.html

 

Link to comment
Share on other sites

nu ska det väl se ok ut, filerna som avg har i virus vault då, trojan horse generic2 och vad det nu är för nå, vad ska jag göra med dom

 

[log]Logfile of HijackThis v1.99.1

Scan saved at 20:31:26, on 2006-12-25

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Acer\eManager\anbmServ.exe

C:\WINDOWS\Explorer.EXE

C:\Program\Grisoft\AVGFRE~1\avgamsvr.exe

C:\Program\Grisoft\AVGFRE~1\avgupsvc.exe

C:\WINDOWS\system32\svchost.exe

C:\Program\Synaptics\SynTP\SynTPLpr.exe

C:\Program\Synaptics\SynTP\SynTPEnh.exe

C:\Program\CyberLink\PowerDVD\PDVDServ.exe

C:\WINDOWS\system32\rundll32.exe

C:\WINDOWS\system32\hkcmd.exe

C:\acer\epm\epm-dm.exe

C:\Program\Grisoft\AVGFRE~1\avgcc.exe

C:\Program\HP\hpcoretech\hpcmpmgr.exe

D:\Program\HP Software Update\HPWuSchd2.exe

C:\Program\Java\jre1.6.0\bin\jusched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program\superantispyware\SUPERAntiSpyware.exe

C:\Program\Delade filer\Teleca Shared\CapabilityManager.exe

C:\WINDOWS\system32\wuauclt.exe

C:\hjt\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.se/0SESVSE/SAOS01?FORM=TOOLBR'>http://g.msn.se/0SESVSE/SAOS01?FORM=TOOLBR'>http://g.msn.se/0SESVSE/SAOS01?FORM=TOOLBR

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.se/0SESVSE/SAOS01?FORM=TOOLBR

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.aftonbladet.se/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://global.acer.com

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.se/0SESVSE/SAOS01?FORM=TOOLBR

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program\Java\jre1.6.0\bin\ssv.dll

O3 - Toolbar: MSN Search Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program\MSN Toolbar Suite\TB\02.05.0000.1105\sv-se\msntb.dll

O4 - HKLM\..\Run: [LaunchApp] Alaunch

O4 - HKLM\..\Run: [synTPLpr] C:\Program\Synaptics\SynTP\SynTPLpr.exe

O4 - HKLM\..\Run: [synTPEnh] C:\Program\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [RemoteControl] C:\Program\CyberLink\PowerDVD\PDVDServ.exe

O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent

O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC

O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC

O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [EPM-DM] c:\acer\epm\epm-dm.exe

O4 - HKLM\..\Run: [ePowerManagement] C:\Acer\ePM\ePM.exe boot

O4 - HKLM\..\Run: [AVG7_CC] C:\Program\Grisoft\AVGFRE~1\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [HP Component Manager] "C:\Program\HP\hpcoretech\hpcmpmgr.exe"

O4 - HKLM\..\Run: [HP Software Update] D:\Program\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [sony Ericsson PC Suite] "C:\Program\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program\Java\jre1.6.0\bin\jusched.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe" -atboottime

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program\superantispyware\SUPERAntiSpyware.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program\Microsoft Office\Office10\OSA.EXE

O8 - Extra context menu item: &MSN Search - res://C:\Program\MSN Toolbar Suite\TB\02.05.0000.1105\sv-se\msntb.dll/search.htm

O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~2\Office10\EXCEL.EXE/3000

O8 - Extra context menu item: Öppna på ny flik i bakgrunden - res://C:\Program\MSN Toolbar Suite\TAB\02.05.0000.1105\sv-se\msntabres.dll/229?680cc0c5eec43a4b015e78b73fdba83

O8 - Extra context menu item: Öppna på ny flik i förgrunden - res://C:\Program\MSN Toolbar Suite\TAB\02.05.0000.1105\sv-se\msntabres.dll/230?680cc0c5eec43a4b015e78b73fdba83

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.6.0\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.6.0\bin\ssv.dll

O9 - Extra button: MultiPoker - {641F4F4E-6C91-4159-869E-9F5CE6F0F64E} - D:\Program\MultiPoker.exe (file missing)

O9 - Extra 'Tools' menuitem: MultiPoker - {641F4F4E-6C91-4159-869E-9F5CE6F0F64E} - D:\Program\MultiPoker.exe (file missing)

O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program\PartyGaming\PartyPoker\RunApp.exe (file missing)

O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program\PartyGaming\PartyPoker\RunApp.exe (file missing)

O9 - Extra button: Ladbrokes Poker - {C2A80015-C447-4dc4-82DD-AED83D6ED57E} - C:\Program\ladbrokesMPP\MPPoker.exe

O9 - Extra button: Unibet Poker - {C53BFCFC-7A54-4627-AEBA-2CD4871FCA97} - C:\Program\UnibetpokerMPP\MPPoker.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program\MSNMES~1\MSGRAP~1.DLL

O20 - Winlogon Notify: !SASWinLogon - C:\Program\SUPERAntiSpyware\SASWINLO.dll

O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe

O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\Program\Grisoft\AVGFRE~1\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\Program\Grisoft\AVGFRE~1\avgupsvc.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\Security Center\SymWSC.exe

 

[/log]

 

Link to comment
Share on other sites

du bör kunna tömma eller ta bort filerna ur virus valt.

 

den gamla jre 1.5 kan avinstallera.

 

vad gäller avg så är det stor skillnad på antivir och avg. varken i avg eller antivir free finns funktionen att upptäcka adware men just avg har aldrig fått några bra resultat i några tester. oftast är det medel eller dåligt. antivir ligger i topp med tex kaspersky.

 

SAS startar med windows, gratisversionen skyddar inte så det kan du inaktivera i autostarten.

vad som ger lite skydd är om du installerar windows defender, det skyddar mot adware men långt ifrån allt men är gratis

 

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.



×
×
  • Create New...