muzze2012 Postad 30 december, 2006 Share Postad 30 december, 2006 Skulle behöva hjälp med att tyda denna log tack. [log]Logfile of HijackThis v1.99.1 Scan saved at 15:13:13, on 2006-12-30 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program\CA\eTrust EZ Armor\eTrust EZ Antivirus\isafe.exe C:\Program\Delade filer\Symantec Shared\ccProxy.exe C:\Program\Delade filer\Symantec Shared\ccSetMgr.exe C:\Program\Delade filer\EPSON\EBAPI\SAgent2.exe C:\Program\Delade filer\Symantec Shared\SNDSrvc.exe C:\WINDOWS\System32\svchost.exe C:\Program\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe C:\Program\Delade filer\Symantec Shared\ccEvtMgr.exe C:\Program\Delade filer\Symantec Shared\Security Center\SymWSC.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\hkcmd.exe C:\Program\Java\j2re1.4.2_03\bin\jusched.exe C:\Program\Dell\Media Experience\PCMService.exe C:\Program\CyberLink\PowerDVD\DVDLauncher.exe C:\Program\Intel\Modem Event Monitor\IntelMEM.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\Program\Delade filer\Symantec Shared\ccApp.exe C:\Program\Delade filer\ACD Systems\EN\DevDetect.exe C:\Program\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe C:\Program\CA\ETRUST~1\ETRUST~1\VetTray.exe C:\Program\HbTools\Bin\4.8.2.0\HbtOEAddOn.exe C:\Program\Delade filer\Error Safe\erscw.exe C:\WINDOWS\system32\ctfmon.exe C:\Program\Hbtools\HBTV\HBTV.exe C:\Program\MSN Toolbar Suite\DS\02.05.0001.1119\sv-se\bin\WindowsSearch.exe c:\program\GV650\GV650.exe C:\WINDOWS\System32\svchost.exe C:\Program\MSN Toolbar Suite\DS\02.05.0001.1119\sv-se\bin\WindowsSearchIndexer.exe c:\program\GV650\BcastTcp.exe c:\program\GV650\DmHealthSvr.exe c:\program\GV650\DMMailServer.exe C:\Program\Delade filer\Symantec Shared\NMain.exe C:\Program\Norton Internet Security\Norton AntiVirus\navapsvc.exe C:\Program\Norton Internet Security\Norton AntiVirus\SAVScan.exe C:\WINDOWS\system32\rundll32.exe C:\PROGRAM\MOZILL~1\FIREFOX.EXE C:\Jocke\Program\Adobe Acrobat 7.0 Professional\Distillr\acrotray.exe C:\WINDOWS\System32\msiexec.exe C:\Program\Messenger\msmsgs.exe C:\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell.com/countries/se/sve/gen/default.htm'>http://www.euro.dell.com/countries/se/sve/gen/default.htm'>http://www.euro.dell.com/countries/se/sve/gen/default.htm R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.se/0SESVSE/SAOS01?FORM=TOOLBR'>http://g.msn.se/0SESVSE/SAOS01?FORM=TOOLBR'>http://g.msn.se/0SESVSE/SAOS01?FORM=TOOLBR R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.se/0SESVSE/SAOS01?FORM=TOOLBR R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.se/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell.com/countries/se/sve/gen/default.htm R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.euro.dell.com/countries/se/sve/gen/default.htm R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://resultsmaster.com/SmartOffers/Services/resultsmaster/ResultsMasterHomeLeftPane.htm R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.se/0SESVSE/SAOS01?FORM=TOOLBR R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: TVEngine Helper /fleok=1D8A83A5C2E6107C91A475760EA83FA5EF80752B94E2DF795F7E432F3DC6 - {4B18DD50-C996-44fc-AC52-0FECFF82ED58} - c:\program\hbtools\hbtv\hbtvhelper.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll O2 - BHO: HbTools - {74CC49F7-EB32-4A08-B204-948962A6E3DB} - C:\Program\HbTools\Bin\4.8.2.0\HbtHostIE.dll O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program\Delade filer\Symantec Shared\AdBlocking\NISShExt.dll O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Jocke\Program\Adobe Acrobat 7.0 Professional\Acrobat\AcroIEFavClient.dll O2 - BHO: MSN Search Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program\MSN Toolbar Suite\TB\02.05.0000.1105\sv-se\msntb.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program\Norton Internet Security\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program\Delade filer\Symantec Shared\AdBlocking\NISShExt.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program\Norton Internet Security\Norton AntiVirus\NavShExt.dll O3 - Toolbar: MSN Search Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program\MSN Toolbar Suite\TB\02.05.0000.1105\sv-se\msntb.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Jocke\Program\Adobe Acrobat 7.0 Professional\Acrobat\AcroIEFavClient.dll O3 - Toolbar: H&otbar - {74CC49F7-EB32-4A08-B204-948962A6E3DB} - C:\Program\HbTools\Bin\4.8.2.0\HbtHostIE.dll O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program\Java\j2re1.4.2_03\bin\jusched.exe O4 - HKLM\..\Run: [PCMService] "C:\Program\Dell\Media Experience\PCMService.exe" O4 - HKLM\..\Run: [DVDLauncher] "C:\Program\CyberLink\PowerDVD\DVDLauncher.exe" O4 - HKLM\..\Run: [intelMeM] C:\Program\Intel\Modem Event Monitor\IntelMEM.exe O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [updateManager] "C:\Program\Delade filer\Sonic\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [ccApp] "C:\Program\Delade filer\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [urlLSTCK.exe] C:\Program\Norton Internet Security\UrlLstCk.exe O4 - HKLM\..\Run: [symantec NetDriver Monitor] C:\Program\SYMNET~1\SNDMon.exe /Consumer O4 - HKLM\..\Run: [Device Detector] "C:\Program\Delade filer\ACD Systems\EN\DevDetect.exe" -autorun O4 - HKLM\..\Run: [tgcmd] "C:\Program\Telia\Supportassistent\bin\tgcmd.exe" /server /startmonitor /deaf O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Jocke\Program\Adobe Acrobat 7.0 Professional\Distillr\Acrotray.exe" O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [VetTray] C:\Program\CA\ETRUST~1\ETRUST~1\VetTray.exe O4 - HKLM\..\Run: [HbTools] C:\Program\HbTools\Bin\4.8.2.0\HbtOEAddOn.exe O4 - HKLM\..\Run: [kgzzwuyj] C:\WINDOWS\system32\ctcypddc.exe O4 - HKLM\..\Run: [erscw] C:\Program\Delade filer\Error Safe\erscw.exe -c O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - Startup: Adobe Gamma.lnk = C:\Program\Delade filer\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ? O4 - Global Startup: EPSON Status Monitor 3 Environment Check(2).lnk = C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\E_SRCV02.EXE O4 - Global Startup: MultiCam Auto Start.lnk = C:\Program\GV650\DM500Startup.exe O4 - Global Startup: Windows Desktop Search.lnk = C:\Program\MSN Toolbar Suite\DS\02.05.0001.1119\sv-se\bin\WindowsSearch.exe O8 - Extra context menu item: &MSN Search - res://C:\Program\MSN Toolbar Suite\TB\02.05.0000.1105\sv-se\msntb.dll/search.htm O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Jocke\Program\Adobe Acrobat 7.0 Professional\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Jocke\Program\Adobe Acrobat 7.0 Professional\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Jocke\Program\Adobe Acrobat 7.0 Professional\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Jocke\Program\Adobe Acrobat 7.0 Professional\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Jocke\Program\Adobe Acrobat 7.0 Professional\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Jocke\Program\Adobe Acrobat 7.0 Professional\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Jocke\Program\Adobe Acrobat 7.0 Professional\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert to existing PDF - res://C:\Jocke\Program\Adobe Acrobat 7.0 Professional\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Öppna på ny flik i bakgrunden - res://C:\Program\MSN Toolbar Suite\TAB\02.05.0000.1105\sv-se\msntabres.dll/229?f401b56bbf7940daad9031bce74decd7 O8 - Extra context menu item: Öppna på ny flik i förgrunden - res://C:\Program\MSN Toolbar Suite\TAB\02.05.0000.1105\sv-se\msntabres.dll/230?f401b56bbf7940daad9031bce74decd7 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\shdocvw.dll O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\shdocvw.dll O9 - Extra button: Ladbrokes Poker - {C2A80015-C447-4dc4-82DD-AED83D6ED57E} - C:\Program\ladbrokesMPP\MPPoker.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe O12 - Plugin for .spop: C:\Program\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1115548537485 O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\Program\MSNMES~1\msgrapp.dll" (file missing) O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program\Delade filer\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: CA ISafe (CAISafe) - Computer Associates International, Inc. - C:\Program\CA\eTrust EZ Armor\eTrust EZ Antivirus\isafe.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccProxy.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccSetMgr.exe O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program\Delade filer\EPSON\EBAPI\SAgent2.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program\Delade filer\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Norton AntiVirus Auto Protect-tjänst (navapsvc) - Symantec Corporation - C:\Program\Norton Internet Security\Norton AntiVirus\navapsvc.exe O23 - Service: SAVScan - Symantec Corporation - C:\Program\Norton Internet Security\Norton AntiVirus\SAVScan.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\Program\DELADE~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\SNDSrvc.exe O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\Security Center\SymWSC.exe O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe [/log] Länk till kommentar Dela på andra webbplatser More sharing options...
Cecilia Postad 30 december, 2006 Share Postad 30 december, 2006 Det är en gammal Java-version med säkerhetshål i datorn. Avinstallera alla Java i Kontrollpanelen - Lägg till eller ta bort program och installera därefter en ny: http://www.java.com/sv/ Gå till http://www.virustotal.com/ klistra in ett av följande filnamn i rutan, tryck på Send och vänta tills resultatet är klart (Status blir Finished). Klistra in resultatet (inkl. filstorlek) här. Upprepa med nästa filnamn. C:\WINDOWS\system32\ctcypddc.exe C:\Program\Delade filer\Error Safe\erscw.exe Det är inte lämpligt att ha två antivirusprogram som är aktiva i datorn. Du ser ut att ha både Symantec/Norton och CA eTrust, inaktivera eller avinstallera det ena. Kontrollpanelen - Lägg till eller ta bort program Ta bort Error Safe, Hotbar, TVEngine, hbtools eller liknande om de finns där Om det finns något att ta bort så lägg hit en ny HijackThis-logg efter att du har startat om datorn. Länk till kommentar Dela på andra webbplatser More sharing options...
muzze2012 Postad 2 januari, 2007 Trådskapare Share Postad 2 januari, 2007 [log]Complete scanning result of "ctcypddc.exe", received in VirusTotal at 01.02.2007, 13:15:44 (CET). Antivirus Version Update Result AntiVir 7.3.0.21 01.02.2007 no virus found Authentium 4.93.8 12.30.2006 no virus found Avast 4.7.892.0 12.30.2006 no virus found AVG 386 01.01.2007 no virus found BitDefender 7.2 01.02.2007 no virus found CAT-QuickHeal 8.00 01.01.2007 no virus found ClamAV devel-20060426 01.02.2007 no virus found DrWeb 4.33 01.02.2007 no virus found eSafe 7.0.14.0 01.01.2007 no virus found eTrust-InoculateIT 23.73.102 12.30.2006 no virus found eTrust-Vet 30.3.3296 01.02.2007 no virus found Ewido 4.0 01.01.2007 no virus found Fortinet 2.82.0.0 01.02.2007 no virus found F-Prot 3.16f 12.30.2006 no virus found F-Prot4 4.2.1.29 12.30.2006 no virus found Ikarus T3.1.0.27 01.02.2007 no virus found Kaspersky 4.0.2.24 01.02.2007 no virus found McAfee 4929 12.29.2006 no virus found Microsoft 1.1904 01.02.2007 no virus found NOD32v2 1951 01.01.2007 no virus found Norman 5.80.02 12.31.2007 no virus found Panda 9.0.0.4 01.01.2007 no virus found Prevx1 V2 01.02.2007 no virus found Sophos 4.13.0 01.01.2007 no virus found Sunbelt 2.2.907.0 12.18.2006 no virus found TheHacker 6.0.3.141 01.01.2007 no virus found VBA32 3.11.1 01.01.2007 no virus found VirusBuster 4.3.19:9 01.01.2007 no virus found Aditional Information File size: 0 bytes MD5: d41d8cd98f00b204e9800998ecf8427e SHA1: da39a3ee5e6b4b0d3255bfef95601890afd80709[/log] Länk till kommentar Dela på andra webbplatser More sharing options...
muzze2012 Postad 2 januari, 2007 Trådskapare Share Postad 2 januari, 2007 [log]Complete scanning result of "erscw.exe", received in VirusTotal at 01.02.2007, 13:22:01 (CET). Antivirus Version Update Result AntiVir 7.3.0.21 01.02.2007 no virus found Authentium 4.93.8 12.30.2006 no virus found Avast 4.7.892.0 12.30.2006 no virus found AVG 386 01.01.2007 no virus found BitDefender 7.2 01.02.2007 no virus found CAT-QuickHeal 8.00 01.01.2007 no virus found ClamAV devel-20060426 01.02.2007 no virus found DrWeb 4.33 01.02.2007 no virus found eSafe 7.0.14.0 01.02.2007 no virus found eTrust-InoculateIT 23.73.102 12.30.2006 no virus found eTrust-Vet 30.3.3296 01.02.2007 no virus found Ewido 4.0 01.01.2007 Not-A-Virus.Downloader.Win32.WinFixer.t Fortinet 2.82.0.0 01.02.2007 Download/WinFixer F-Prot 3.16f 12.30.2006 no virus found F-Prot4 4.2.1.29 12.30.2006 no virus found Ikarus T3.1.0.27 01.02.2007 not-a-virus:Downloader.Win32.WinFixer.t Kaspersky 4.0.2.24 01.02.2007 not-a-virus:Downloader.Win32.WinFixer.t McAfee 4929 12.29.2006 no virus found Microsoft 1.1904 01.02.2007 no virus found NOD32v2 1951 01.01.2007 no virus found Norman 5.80.02 12.31.2007 W32/WinFixer.JU Panda 9.0.0.4 01.01.2007 Application/Winfixer2005 Prevx1 V2 01.02.2007 Rogue.ErrorSafe Sophos 4.13.0 01.01.2007 no virus found Sunbelt 2.2.907.0 12.18.2006 WinAntiSpyware TheHacker 6.0.3.141 01.01.2007 Aplicacion/WinFixer.t VBA32 3.11.1 01.01.2007 Downloader.Win32.WinFixer.t VirusBuster 4.3.19:9 01.01.2007 no virus found Aditional Information File size: 114688 bytes MD5: d72dc52e537ed8479b08e1af661e0f0e SHA1: ef688959df5b497c9dd634a6142915a54a2754d4 Prevx info: http://fileinfo.prevx.com/fileinfo.asp?PXC=8ea350412259 Sunbelt info: WinAntiSpyware is a rogue antis-pyware product which pesters users with scareware tactics to purchase the product.[/log] Länk till kommentar Dela på andra webbplatser More sharing options...
Cecilia Postad 2 januari, 2007 Share Postad 2 januari, 2007 Installera AVG Anti-Spyware: http://www.ewido.net/en/ Uppdatera programmet och ställ in det enligt första punktlistan på denna sida: http://rstones12.geekstogo.com/ewidosetup.htm Skanna inte igenom datorn än. [log]Skanna med HijackThis och bocka för: O2 - BHO: TVEngine Helper /fleok=1D8A83A5C2E6107C91A475760EA83FA5EF80752B94E2DF795F7E4 32F3DC6 - {4B18DD50-C996-44fc-AC52-0FECFF82ED58} - c:\program\hbtools\hbtv\hbtvhelper.dll O2 - BHO: HbTools - {74CC49F7-EB32-4A08-B204-948962A6E3DB} - C:\Program\HbTools\Bin\4.8.2.0\HbtHostIE.dll O3 - Toolbar: H&otbar - {74CC49F7-EB32-4A08-B204-948962A6E3DB} - C:\Program\HbTools\Bin\4.8.2.0\HbtHostIE.dll O4 - HKLM\..\Run: [HbTools] C:\Program\HbTools\Bin\4.8.2.0\HbtOEAddOn.exe O4 - HKLM\..\Run: [kgzzwuyj] C:\WINDOWS\system32\ctcypddc.exe O4 - HKLM\..\Run: [erscw] C:\Program\Delade filer\Error Safe\erscw.exe -c Om du inte längre kör Ladbrokes Poker så även denna rad: O9 - Extra button: Ladbrokes Poker - {C2A80015-C447-4dc4-82DD-AED83D6ED57E} - C:\Program\ladbrokesMPP\MPPoker.exe (file missing) Avsluta alla andra program. Tryck Fix checked. Starta om datorn i felsäkert läge (tryck F8 upprepade gånger under uppstarten och välj felsäkert läge i menyn). Ställ in Utforskaren så att du kan se alla filer: Verktyg - (Mapp)alternativ eller liknande - Visning Välj Visa dolda filer och mappar Avbocka Dölj filnamnstillägg för kända filtyper Avbocka Dölj skyddade operativsystemfiler Ta bort filerna (om de finns kvar): C:\WINDOWS\system32\ctcypddc.exe Ta bort mapparna (om de finns kvar): C:\Program\HbTools C:\Program\Delade filer\Error Safe Skanna datorn med AVG Anti-Spyware på detta sätt: Tryck på Scanner. Gå till Scan-fliken Tryck på Complete System Scan När skanningen är klar så välj Apply all actions (ska vara att sätta i karantän om du har ställt in programmet rätt). Tryck Reports, sedan välj Save report as och spara rapporten t ex på Skrivbordet. Starta om i normalt läge och så en ny HijackThis-logg samt rapporten från AVG Anti-Spyware. OBS! Viktigt att när du har klistrat in en logg i ditt svar så markera (måla) loggen och så tryck på LOG-knappen, som finns på samma rad som .[/log] Länk till kommentar Dela på andra webbplatser More sharing options...
muzze2012 Postad 3 januari, 2007 Trådskapare Share Postad 3 januari, 2007 Nu är det nån bov i familjen som har använt dator emellan stegen här, vet inte om det har pajat nåt.. här är hijackthisloggen och avg loggen i alla fall. Hjälpen äro mycket uppskattad! [log]Logfile of HijackThis v1.99.1 Scan saved at 14:25:17, on 2007-01-03 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\hkcmd.exe C:\Program\Dell\Media Experience\PCMService.exe C:\Program\CyberLink\PowerDVD\DVDLauncher.exe C:\Program\Intel\Modem Event Monitor\IntelMEM.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\Program\Delade filer\Sonic\Update Manager\sgtray.exe C:\Program\Delade filer\Symantec Shared\ccApp.exe C:\Program\Telia\Supportassistent\bin\tgcmd.exe C:\Jocke\Program\Adobe Acrobat 7.0 Professional\Distillr\Acrotray.exe C:\Program\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe C:\Program\Java\jre1.5.0_10\bin\jusched.exe C:\Program\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\WINDOWS\system32\ctfmon.exe C:\Jocke\Program\Adobe Acrobat 7.0 Professional\Acrobat\acrobat_sl.exe C:\Program\MSN Toolbar Suite\DS\02.05.0001.1119\sv-se\bin\WindowsSearch.exe C:\Program\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\Program\MSN Toolbar Suite\DS\02.05.0001.1119\sv-se\bin\WindowsSearchIndexer.exe C:\Program\Delade filer\Symantec Shared\ccProxy.exe C:\Program\Delade filer\Symantec Shared\ccSetMgr.exe C:\Program\Delade filer\EPSON\EBAPI\SAgent2.exe C:\WINDOWS\system32\slserv.exe c:\program\GV650\GV650.exe C:\Program\Delade filer\Symantec Shared\SNDSrvc.exe C:\WINDOWS\System32\svchost.exe C:\Program\Delade filer\Symantec Shared\ccEvtMgr.exe C:\Program\Delade filer\Symantec Shared\Security Center\SymWSC.exe C:\Program\Messenger\msmsgs.exe c:\program\GV650\BcastTcp.exe c:\program\GV650\DmHealthSvr.exe c:\program\GV650\DMMailServer.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\wuauclt.exe C:\PROGRAM\MOZILL~1\FIREFOX.EXE C:\Program\MSN Toolbar Suite\SL\02.05.0001.1119\sv-se\msn_sl.exe C:\Documents and Settings\Dick\Skrivbord\hijackthis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell.com/countries/se/sve/gen/default.htm'>http://www.euro.dell.com/countries/se/sve/gen/default.htm'>http://www.euro.dell.com/countries/se/sve/gen/default.htm R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.se/0SESVSE/SAOS01?FORM=TOOLBR'>http://g.msn.se/0SESVSE/SAOS01?FORM=TOOLBR'>http://g.msn.se/0SESVSE/SAOS01?FORM=TOOLBR R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.se/0SESVSE/SAOS01?FORM=TOOLBR R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.se/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell.com/countries/se/sve/gen/default.htm R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.euro.dell.com/countries/se/sve/gen/default.htm R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.se/0SESVSE/SAOS01?FORM=TOOLBR R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program\Java\jre1.5.0_10\bin\ssv.dll O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program\Delade filer\Symantec Shared\AdBlocking\NISShExt.dll O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Jocke\Program\Adobe Acrobat 7.0 Professional\Acrobat\AcroIEFavClient.dll O2 - BHO: MSN Search Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program\MSN Toolbar Suite\TB\02.05.0000.1105\sv-se\msntb.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program\Norton Internet Security\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program\Delade filer\Symantec Shared\AdBlocking\NISShExt.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program\Norton Internet Security\Norton AntiVirus\NavShExt.dll O3 - Toolbar: MSN Search Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program\MSN Toolbar Suite\TB\02.05.0000.1105\sv-se\msntb.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Jocke\Program\Adobe Acrobat 7.0 Professional\Acrobat\AcroIEFavClient.dll O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [PCMService] "C:\Program\Dell\Media Experience\PCMService.exe" O4 - HKLM\..\Run: [DVDLauncher] "C:\Program\CyberLink\PowerDVD\DVDLauncher.exe" O4 - HKLM\..\Run: [intelMeM] C:\Program\Intel\Modem Event Monitor\IntelMEM.exe O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [updateManager] "C:\Program\Delade filer\Sonic\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [ccApp] "C:\Program\Delade filer\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [urlLSTCK.exe] C:\Program\Norton Internet Security\UrlLstCk.exe O4 - HKLM\..\Run: [symantec NetDriver Monitor] C:\Program\SYMNET~1\SNDMon.exe /Consumer O4 - HKLM\..\Run: [Device Detector] "C:\Program\Delade filer\ACD Systems\EN\DevDetect.exe" -autorun O4 - HKLM\..\Run: [tgcmd] "C:\Program\Telia\Supportassistent\bin\tgcmd.exe" /server /startmonitor /deaf O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Jocke\Program\Adobe Acrobat 7.0 Professional\Distillr\Acrotray.exe" O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program\Java\jre1.5.0_10\bin\jusched.exe" O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - Startup: Adobe Gamma.lnk = C:\Program\Delade filer\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ? O4 - Global Startup: EPSON Status Monitor 3 Environment Check(2).lnk = C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\E_SRCV02.EXE O4 - Global Startup: MultiCam Auto Start.lnk = C:\Program\GV650\DM500Startup.exe O4 - Global Startup: Windows Desktop Search.lnk = C:\Program\MSN Toolbar Suite\DS\02.05.0001.1119\sv-se\bin\WindowsSearch.exe O8 - Extra context menu item: &MSN Search - res://C:\Program\MSN Toolbar Suite\TB\02.05.0000.1105\sv-se\msntb.dll/search.htm O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Jocke\Program\Adobe Acrobat 7.0 Professional\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Jocke\Program\Adobe Acrobat 7.0 Professional\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Jocke\Program\Adobe Acrobat 7.0 Professional\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Jocke\Program\Adobe Acrobat 7.0 Professional\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Jocke\Program\Adobe Acrobat 7.0 Professional\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Jocke\Program\Adobe Acrobat 7.0 Professional\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Jocke\Program\Adobe Acrobat 7.0 Professional\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert to existing PDF - res://C:\Jocke\Program\Adobe Acrobat 7.0 Professional\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Öppna på ny flik i bakgrunden - res://C:\Program\MSN Toolbar Suite\TAB\02.05.0000.1105\sv-se\msntabres.dll/229?f401b56bbf7940daad9031bce74decd7 O8 - Extra context menu item: Öppna på ny flik i förgrunden - res://C:\Program\MSN Toolbar Suite\TAB\02.05.0000.1105\sv-se\msntabres.dll/230?f401b56bbf7940daad9031bce74decd7 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_10\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_10\bin\ssv.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe O12 - Plugin for .spop: C:\Program\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1115548537485 O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\Program\MSNMES~1\msgrapp.dll" (file missing) O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program\Delade filer\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccProxy.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccSetMgr.exe O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program\Delade filer\EPSON\EBAPI\SAgent2.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program\Delade filer\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Norton AntiVirus Auto Protect-tjänst (navapsvc) - Symantec Corporation - C:\Program\Norton Internet Security\Norton AntiVirus\navapsvc.exe O23 - Service: SAVScan - Symantec Corporation - C:\Program\Norton Internet Security\Norton AntiVirus\SAVScan.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\Program\DELADE~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\SNDSrvc.exe O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\Security Center\SymWSC.exe[/log] [log] --------------------------------------------------------- AVG Anti-Spyware - Scan Report --------------------------------------------------------- + Created at: 11:09:32 2007-01-03 + Scan result: C:\System Volume Information\_restore{B19406CB-15FE-4643-899E-BE44508A1787}\RP810\A0067575.exe -> Adware.180Solutions : Ignored. C:\System Volume Information\_restore{B19406CB-15FE-4643-899E-BE44508A1787}\RP792\A0064276.dll -> Adware.ErrorSafe : Ignored. C:\System Volume Information\_restore{B19406CB-15FE-4643-899E-BE44508A1787}\RP808\A0067202.dll -> Adware.ErrorSafe : Ignored. C:\Program\Hotbar -> Adware.HotBar : Ignored. C:\System Volume Information\_restore{B19406CB-15FE-4643-899E-BE44508A1787}\RP808\A0067390.exe -> Adware.HotBar : Ignored. C:\System Volume Information\_restore{B19406CB-15FE-4643-899E-BE44508A1787}\RP810\A0067560.dll -> Adware.Hotbar : Ignored. C:\System Volume Information\_restore{B19406CB-15FE-4643-899E-BE44508A1787}\RP810\A0067561.exe -> Adware.HotBar : Ignored. C:\System Volume Information\_restore{B19406CB-15FE-4643-899E-BE44508A1787}\RP810\A0067562.dll -> Adware.HotBar : Ignored. C:\System Volume Information\_restore{B19406CB-15FE-4643-899E-BE44508A1787}\RP810\A0067564.exe -> Adware.HotBar : Ignored. C:\System Volume Information\_restore{B19406CB-15FE-4643-899E-BE44508A1787}\RP810\A0067567.dll -> Adware.HotBar : Ignored. C:\System Volume Information\_restore{B19406CB-15FE-4643-899E-BE44508A1787}\RP810\A0067568.exe -> Adware.HotBar : Ignored. C:\System Volume Information\_restore{B19406CB-15FE-4643-899E-BE44508A1787}\RP810\A0067569.dll -> Adware.HotBar : Ignored. C:\System Volume Information\_restore{B19406CB-15FE-4643-899E-BE44508A1787}\RP811\A0067699.dll -> Adware.HotBar : Ignored. C:\System Volume Information\_restore{B19406CB-15FE-4643-899E-BE44508A1787}\RP811\A0067701.exe -> Adware.HotBar : Ignored. C:\System Volume Information\_restore{B19406CB-15FE-4643-899E-BE44508A1787}\RP811\A0067703.dll -> Adware.HotBar : Ignored. HKLM\SOFTWARE\HbTools -> Adware.HotBar : Ignored. HKLM\SOFTWARE\HbTools\HbTools -> Adware.HotBar : Ignored. HKLM\SOFTWARE\HbTools\HbTools\PI -> Adware.HotBar : Ignored. HKLM\SOFTWARE\HbTools\HbTools\PI\3.2 -> Adware.HotBar : Ignored. C:\WINDOWS\SYSTEM32\ssqro.dll -> Adware.Virtumonde : Ignored. C:\System Volume Information\_restore{B19406CB-15FE-4643-899E-BE44508A1787}\RP792\A0064274.exe -> Adware.WinFixer : Ignored. C:\System Volume Information\_restore{B19406CB-15FE-4643-899E-BE44508A1787}\RP808\A0066973.exe -> Downloader.Small.b : Ignored. C:\System Volume Information\_restore{B19406CB-15FE-4643-899E-BE44508A1787}\RP808\A0066889.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Ignored. C:\System Volume Information\_restore{B19406CB-15FE-4643-899E-BE44508A1787}\RP808\A0066891.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Ignored. C:\System Volume Information\_restore{B19406CB-15FE-4643-899E-BE44508A1787}\RP808\A0066892.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Ignored. C:\Program\Delade filer\Error Safe\erscw.exe -> Not-A-Virus.Downloader.Win32.WinFixer.t : Ignored. C:\System Volume Information\_restore{B19406CB-15FE-4643-899E-BE44508A1787}\RP792\A0064281.sys -> Rootkit.Agent.af : Ignored. ::Report end [/log]:thumbsup: Länk till kommentar Dela på andra webbplatser More sharing options...
Cecilia Postad 3 januari, 2007 Share Postad 3 januari, 2007 Ladda ner Vundofix: http://www.atribune.org/ccount/click.php?id=4 Starta om datorn i felsäkert läge (tryck F8 upprepade gånger under uppstarten och välj felsäkert läge i menyn). Dubbelklicka på VundoFix.exe för att starta programmet. När den startar igen så tryck på Scan for Vundo. När skanningen är klar så tryck på Remove Vundo. Svara Ja/Yes på frågan om du vill ta bort filerna. Därefter kommer Skrivbordet att försvinna medan filerna tas bort. När det är klart så kommer det en fråga om att din dator kommer att stängas av, tryck på OK. Sätt igång datorn igen i normalt läge. Om det är så att VundoFix inte kunde ta bort någon fil vid första försöket så kommer VundoFix att starta igen när datorn startas, följ i så fall beskrivningen en gång till. Klistra in C:\vundofix.txt i ditt svar och en ny HijackThis-logg i ditt svar. Gå till felsäkert läge, ställ in AVG Anti-Spyware så att den sätter allt den hittar i karantän, se punkt 5 på http://rstones12.geekstogo.com/ewidosetup.htm Skanna igenom datorn med programmet och låt den sätta allt den hittar i karantän. Klistra in rapporten här. Länk till kommentar Dela på andra webbplatser More sharing options...
muzze2012 Postad 5 januari, 2007 Trådskapare Share Postad 5 januari, 2007 [log]VundoFix V6.2.13 Checking Java version... Sun Java not detected Scan started at 12:24:31 2007-01-05 Listing files found while scanning.... C:\WINDOWS\SYSTEM32\pmkjj.dll Beginning removal... Attempting to delete C:\WINDOWS\SYSTEM32\pmkjj.dll C:\WINDOWS\SYSTEM32\pmkjj.dll Has been deleted! Performing Repairs to the registry. Done![/log] [log] Logfile of HijackThis v1.99.1 Scan saved at 12:39:16, on 2007-01-05 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\hkcmd.exe C:\Program\Dell\Media Experience\PCMService.exe C:\Program\CyberLink\PowerDVD\DVDLauncher.exe C:\Program\Intel\Modem Event Monitor\IntelMEM.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\Program\Delade filer\Symantec Shared\ccApp.exe C:\Program\Telia\Supportassistent\bin\tgcmd.exe C:\Jocke\Program\Adobe Acrobat 7.0 Professional\Distillr\Acrotray.exe C:\Program\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe C:\Program\Java\jre1.5.0_10\bin\jusched.exe C:\Program\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\WINDOWS\system32\ctfmon.exe C:\Program\MSN Toolbar Suite\DS\02.05.0001.1119\sv-se\bin\WindowsSearch.exe C:\Program\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\Program\Delade filer\Symantec Shared\ccProxy.exe C:\Program\Delade filer\Symantec Shared\ccSetMgr.exe C:\Program\MSN Toolbar Suite\DS\02.05.0001.1119\sv-se\bin\WindowsSearchIndexer.exe C:\Program\Delade filer\EPSON\EBAPI\SAgent2.exe C:\WINDOWS\system32\slserv.exe c:\program\GV650\GV650.exe C:\Program\Delade filer\Symantec Shared\SNDSrvc.exe C:\WINDOWS\System32\svchost.exe C:\Program\Delade filer\Symantec Shared\ccEvtMgr.exe C:\Program\Delade filer\Symantec Shared\Security Center\SymWSC.exe c:\program\GV650\BcastTcp.exe c:\program\GV650\DmHealthSvr.exe c:\program\GV650\DMMailServer.exe C:\WINDOWS\System32\svchost.exe C:\Program\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Program\Messenger\msmsgs.exe C:\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell.com/countries/se/sve/gen/default.htm'>http://www.euro.dell.com/countries/se/sve/gen/default.htm'>http://www.euro.dell.com/countries/se/sve/gen/default.htm R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.se/0SESVSE/SAOS01?FORM=TOOLBR'>http://g.msn.se/0SESVSE/SAOS01?FORM=TOOLBR'>http://g.msn.se/0SESVSE/SAOS01?FORM=TOOLBR R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.se/0SESVSE/SAOS01?FORM=TOOLBR R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.se/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell.com/countries/se/sve/gen/default.htm R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.euro.dell.com/countries/se/sve/gen/default.htm R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.se/0SESVSE/SAOS01?FORM=TOOLBR R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program\Java\jre1.5.0_10\bin\ssv.dll O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program\Delade filer\Symantec Shared\AdBlocking\NISShExt.dll O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Jocke\Program\Adobe Acrobat 7.0 Professional\Acrobat\AcroIEFavClient.dll O2 - BHO: MSN Search Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program\MSN Toolbar Suite\TB\02.05.0000.1105\sv-se\msntb.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program\Norton Internet Security\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program\Delade filer\Symantec Shared\AdBlocking\NISShExt.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program\Norton Internet Security\Norton AntiVirus\NavShExt.dll O3 - Toolbar: MSN Search Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program\MSN Toolbar Suite\TB\02.05.0000.1105\sv-se\msntb.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Jocke\Program\Adobe Acrobat 7.0 Professional\Acrobat\AcroIEFavClient.dll O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [PCMService] "C:\Program\Dell\Media Experience\PCMService.exe" O4 - HKLM\..\Run: [DVDLauncher] "C:\Program\CyberLink\PowerDVD\DVDLauncher.exe" O4 - HKLM\..\Run: [intelMeM] C:\Program\Intel\Modem Event Monitor\IntelMEM.exe O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [updateManager] "C:\Program\Delade filer\Sonic\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [ccApp] "C:\Program\Delade filer\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [urlLSTCK.exe] C:\Program\Norton Internet Security\UrlLstCk.exe O4 - HKLM\..\Run: [symantec NetDriver Monitor] C:\Program\SYMNET~1\SNDMon.exe /Consumer O4 - HKLM\..\Run: [Device Detector] "C:\Program\Delade filer\ACD Systems\EN\DevDetect.exe" -autorun O4 - HKLM\..\Run: [tgcmd] "C:\Program\Telia\Supportassistent\bin\tgcmd.exe" /server /startmonitor /deaf O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Jocke\Program\Adobe Acrobat 7.0 Professional\Distillr\Acrotray.exe" O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program\Java\jre1.5.0_10\bin\jusched.exe" O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - Startup: Adobe Gamma.lnk = C:\Program\Delade filer\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ? O4 - Global Startup: EPSON Status Monitor 3 Environment Check(2).lnk = C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\E_SRCV02.EXE O4 - Global Startup: MultiCam Auto Start.lnk = C:\Program\GV650\DM500Startup.exe O4 - Global Startup: Windows Desktop Search.lnk = C:\Program\MSN Toolbar Suite\DS\02.05.0001.1119\sv-se\bin\WindowsSearch.exe O8 - Extra context menu item: &MSN Search - res://C:\Program\MSN Toolbar Suite\TB\02.05.0000.1105\sv-se\msntb.dll/search.htm O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Jocke\Program\Adobe Acrobat 7.0 Professional\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Jocke\Program\Adobe Acrobat 7.0 Professional\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Jocke\Program\Adobe Acrobat 7.0 Professional\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Jocke\Program\Adobe Acrobat 7.0 Professional\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Jocke\Program\Adobe Acrobat 7.0 Professional\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Jocke\Program\Adobe Acrobat 7.0 Professional\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Jocke\Program\Adobe Acrobat 7.0 Professional\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert to existing PDF - res://C:\Jocke\Program\Adobe Acrobat 7.0 Professional\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Öppna på ny flik i bakgrunden - res://C:\Program\MSN Toolbar Suite\TAB\02.05.0000.1105\sv-se\msntabres.dll/229?f401b56bbf7940daad9031bce74decd7 O8 - Extra context menu item: Öppna på ny flik i förgrunden - res://C:\Program\MSN Toolbar Suite\TAB\02.05.0000.1105\sv-se\msntabres.dll/230?f401b56bbf7940daad9031bce74decd7 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_10\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_10\bin\ssv.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe O12 - Plugin for .spop: C:\Program\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1115548537485 O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\Program\MSNMES~1\msgrapp.dll" (file missing) O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program\Delade filer\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccProxy.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccSetMgr.exe O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program\Delade filer\EPSON\EBAPI\SAgent2.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program\Delade filer\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Norton AntiVirus Auto Protect-tjänst (navapsvc) - Symantec Corporation - C:\Program\Norton Internet Security\Norton AntiVirus\navapsvc.exe O23 - Service: SAVScan - Symantec Corporation - C:\Program\Norton Internet Security\Norton AntiVirus\SAVScan.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\Program\DELADE~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\SNDSrvc.exe O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\Security Center\SymWSC.exe [/log] Länk till kommentar Dela på andra webbplatser More sharing options...
Cecilia Postad 5 januari, 2007 Share Postad 5 januari, 2007 Har AVG Anti-Spyware rensat nu? Hur uppför sig datorn nu? Länk till kommentar Dela på andra webbplatser More sharing options...
lizzy_lini Postad 5 januari, 2007 Share Postad 5 januari, 2007 Cecilia var det något i hjt som antydde på vundo eller var det bara avg loggen. /Linda Länk till kommentar Dela på andra webbplatser More sharing options...
Cecilia Postad 5 januari, 2007 Share Postad 5 januari, 2007 Inget i HijackThis-loggen, men Vundo är lite lurig och kan gömma sig när en process som heter hijackthis kör, det är därför man ibland får be att namnet ändras. Länk till kommentar Dela på andra webbplatser More sharing options...
lizzy_lini Postad 5 januari, 2007 Share Postad 5 januari, 2007 Undrade bara varför du rekommenderade det innan du prövat byta namn. Jag höll på att leta ihjäl mig i HJT-loggen. Missade först AVG-loggen. Länk till kommentar Dela på andra webbplatser More sharing options...
muzze2012 Postad 5 januari, 2007 Trådskapare Share Postad 5 januari, 2007 yes nu har jag rensat med AVG. Blev ingen rapport sparad dock, men datorn verkar helt okej nu Tackar så väldigt mycket för hjälpen !:thumbsup::thumbsup: Länk till kommentar Dela på andra webbplatser More sharing options...
lizzy_lini Postad 5 januari, 2007 Share Postad 5 januari, 2007 Blev ingen rapport sparad dock Finns det inget i reports?? Ställ i så fall in det enligt första punktlistan på denna sida: http://rstones12.geekstogo.com/ewidosetup.htm Visade scanningen något? Länk till kommentar Dela på andra webbplatser More sharing options...
Cecilia Postad 5 januari, 2007 Share Postad 5 januari, 2007 Om inget hittas med en förnyad skanning med AVG Anti-Spyware så är det nog bra nu. Här kommer mina vanliga råd för en säkrare dator, men det är så klart viktigt att man använder sitt förnuft också. Uppdatera från Windows Update och kör antispionprogrammen AVG Anti-Spyware (Ewido), SUPERAntiSpyware, Spybot S&D och/eller Ad-aware regelbundet. http://www.ewido.net/en/ http://www.superantispyware.com/ http://www.safer-networking.org/en/download/index.html http://www.lavasoft.com Komplettera antivirusprogrammet med några online-skanningar då och då: http://housecall.trendmicro.com/ http://www.bitdefender.com/scan8/ie.html http://www.pandasoftware.com/products/activescan/ Använd en brandvägg (bättre än den inbyggda i XP), finns gratis från t ex ZoneLabs. http://www.zonelabs.com/store/content/home.jsp Om man använder Internet Explorer så kan det vara lämpligt att ha programmen SpywareBlaster och SpywareGuard, vilka hindrar en hel del otrevliga program från att laddas ner resp. köras: http://www.javacoolsoftware.com Se över säkerhetsinställningarna i Internet Explorer, det finns en hel del tips här: http://www.spywarewarrior.com/uiuc/btw/ie/ie-opts.htm Samt kör IE-SpyAd som lägger en hel massa otrevliga webbplatser i zonen Ej tillförlitliga i Internet Explorer så att de inte kan göra något med datorn: http://www.spywarewarrior.com/uiuc/resource.htm Om man byter webbläsare så är det bara SpywareGuard som behövs. Andra webbläsare är t ex Mozilla Firefox och Opera: http://www.mozilla.org http://www.opera.com Allt gratis för hemanvändare/personligt bruk. Länk till kommentar Dela på andra webbplatser More sharing options...
Rekommendera Poster
Arkiverat
Det här ämnet är nu arkiverat och är stängt för ytterligare svar.