Just nu i M3-nätverket
Jump to content

Hijackthis log


muzze2012

Recommended Posts

Skulle behöva hjälp med att tyda denna log tack.

 

[log]Logfile of HijackThis v1.99.1

Scan saved at 15:13:13, on 2006-12-30

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program\CA\eTrust EZ Armor\eTrust EZ Antivirus\isafe.exe

C:\Program\Delade filer\Symantec Shared\ccProxy.exe

C:\Program\Delade filer\Symantec Shared\ccSetMgr.exe

C:\Program\Delade filer\EPSON\EBAPI\SAgent2.exe

C:\Program\Delade filer\Symantec Shared\SNDSrvc.exe

C:\WINDOWS\System32\svchost.exe

C:\Program\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe

C:\Program\Delade filer\Symantec Shared\ccEvtMgr.exe

C:\Program\Delade filer\Symantec Shared\Security Center\SymWSC.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\hkcmd.exe

C:\Program\Java\j2re1.4.2_03\bin\jusched.exe

C:\Program\Dell\Media Experience\PCMService.exe

C:\Program\CyberLink\PowerDVD\DVDLauncher.exe

C:\Program\Intel\Modem Event Monitor\IntelMEM.exe

C:\WINDOWS\system32\dla\tfswctrl.exe

C:\Program\Delade filer\Symantec Shared\ccApp.exe

C:\Program\Delade filer\ACD Systems\EN\DevDetect.exe

C:\Program\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe

C:\Program\CA\ETRUST~1\ETRUST~1\VetTray.exe

C:\Program\HbTools\Bin\4.8.2.0\HbtOEAddOn.exe

C:\Program\Delade filer\Error Safe\erscw.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program\Hbtools\HBTV\HBTV.exe

C:\Program\MSN Toolbar Suite\DS\02.05.0001.1119\sv-se\bin\WindowsSearch.exe

c:\program\GV650\GV650.exe

C:\WINDOWS\System32\svchost.exe

C:\Program\MSN Toolbar Suite\DS\02.05.0001.1119\sv-se\bin\WindowsSearchIndexer.exe

c:\program\GV650\BcastTcp.exe

c:\program\GV650\DmHealthSvr.exe

c:\program\GV650\DMMailServer.exe

C:\Program\Delade filer\Symantec Shared\NMain.exe

C:\Program\Norton Internet Security\Norton AntiVirus\navapsvc.exe

C:\Program\Norton Internet Security\Norton AntiVirus\SAVScan.exe

C:\WINDOWS\system32\rundll32.exe

C:\PROGRAM\MOZILL~1\FIREFOX.EXE

C:\Jocke\Program\Adobe Acrobat 7.0 Professional\Distillr\acrotray.exe

C:\WINDOWS\System32\msiexec.exe

C:\Program\Messenger\msmsgs.exe

C:\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell.com/countries/se/sve/gen/default.htm'>http://www.euro.dell.com/countries/se/sve/gen/default.htm'>http://www.euro.dell.com/countries/se/sve/gen/default.htm

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.se/0SESVSE/SAOS01?FORM=TOOLBR'>http://g.msn.se/0SESVSE/SAOS01?FORM=TOOLBR'>http://g.msn.se/0SESVSE/SAOS01?FORM=TOOLBR

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.se/0SESVSE/SAOS01?FORM=TOOLBR

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.se/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell.com/countries/se/sve/gen/default.htm

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.euro.dell.com/countries/se/sve/gen/default.htm

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://resultsmaster.com/SmartOffers/Services/resultsmaster/ResultsMasterHomeLeftPane.htm

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.se/0SESVSE/SAOS01?FORM=TOOLBR

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: TVEngine Helper /fleok=1D8A83A5C2E6107C91A475760EA83FA5EF80752B94E2DF795F7E432F3DC6 - {4B18DD50-C996-44fc-AC52-0FECFF82ED58} - c:\program\hbtools\hbtv\hbtvhelper.dll

O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll

O2 - BHO: HbTools - {74CC49F7-EB32-4A08-B204-948962A6E3DB} - C:\Program\HbTools\Bin\4.8.2.0\HbtHostIE.dll

O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program\Delade filer\Symantec Shared\AdBlocking\NISShExt.dll

O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Jocke\Program\Adobe Acrobat 7.0 Professional\Acrobat\AcroIEFavClient.dll

O2 - BHO: MSN Search Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program\MSN Toolbar Suite\TB\02.05.0000.1105\sv-se\msntb.dll

O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program\Norton Internet Security\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program\Delade filer\Symantec Shared\AdBlocking\NISShExt.dll

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program\Norton Internet Security\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: MSN Search Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program\MSN Toolbar Suite\TB\02.05.0000.1105\sv-se\msntb.dll

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Jocke\Program\Adobe Acrobat 7.0 Professional\Acrobat\AcroIEFavClient.dll

O3 - Toolbar: H&otbar - {74CC49F7-EB32-4A08-B204-948962A6E3DB} - C:\Program\HbTools\Bin\4.8.2.0\HbtHostIE.dll

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program\Java\j2re1.4.2_03\bin\jusched.exe

O4 - HKLM\..\Run: [PCMService] "C:\Program\Dell\Media Experience\PCMService.exe"

O4 - HKLM\..\Run: [DVDLauncher] "C:\Program\CyberLink\PowerDVD\DVDLauncher.exe"

O4 - HKLM\..\Run: [intelMeM] C:\Program\Intel\Modem Event Monitor\IntelMEM.exe

O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe

O4 - HKLM\..\Run: [updateManager] "C:\Program\Delade filer\Sonic\Update Manager\sgtray.exe" /r

O4 - HKLM\..\Run: [ccApp] "C:\Program\Delade filer\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [urlLSTCK.exe] C:\Program\Norton Internet Security\UrlLstCk.exe

O4 - HKLM\..\Run: [symantec NetDriver Monitor] C:\Program\SYMNET~1\SNDMon.exe /Consumer

O4 - HKLM\..\Run: [Device Detector] "C:\Program\Delade filer\ACD Systems\EN\DevDetect.exe" -autorun

O4 - HKLM\..\Run: [tgcmd] "C:\Program\Telia\Supportassistent\bin\tgcmd.exe" /server /startmonitor /deaf

O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Jocke\Program\Adobe Acrobat 7.0 Professional\Distillr\Acrotray.exe"

O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [VetTray] C:\Program\CA\ETRUST~1\ETRUST~1\VetTray.exe

O4 - HKLM\..\Run: [HbTools] C:\Program\HbTools\Bin\4.8.2.0\HbtOEAddOn.exe

O4 - HKLM\..\Run: [kgzzwuyj] C:\WINDOWS\system32\ctcypddc.exe

O4 - HKLM\..\Run: [erscw] C:\Program\Delade filer\Error Safe\erscw.exe -c

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - Startup: Adobe Gamma.lnk = C:\Program\Delade filer\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?

O4 - Global Startup: EPSON Status Monitor 3 Environment Check(2).lnk = C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\E_SRCV02.EXE

O4 - Global Startup: MultiCam Auto Start.lnk = C:\Program\GV650\DM500Startup.exe

O4 - Global Startup: Windows Desktop Search.lnk = C:\Program\MSN Toolbar Suite\DS\02.05.0001.1119\sv-se\bin\WindowsSearch.exe

O8 - Extra context menu item: &MSN Search - res://C:\Program\MSN Toolbar Suite\TB\02.05.0000.1105\sv-se\msntb.dll/search.htm

O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Jocke\Program\Adobe Acrobat 7.0 Professional\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Jocke\Program\Adobe Acrobat 7.0 Professional\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Jocke\Program\Adobe Acrobat 7.0 Professional\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Jocke\Program\Adobe Acrobat 7.0 Professional\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Jocke\Program\Adobe Acrobat 7.0 Professional\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Jocke\Program\Adobe Acrobat 7.0 Professional\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Jocke\Program\Adobe Acrobat 7.0 Professional\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert to existing PDF - res://C:\Jocke\Program\Adobe Acrobat 7.0 Professional\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Öppna på ny flik i bakgrunden - res://C:\Program\MSN Toolbar Suite\TAB\02.05.0000.1105\sv-se\msntabres.dll/229?f401b56bbf7940daad9031bce74decd7

O8 - Extra context menu item: Öppna på ny flik i förgrunden - res://C:\Program\MSN Toolbar Suite\TAB\02.05.0000.1105\sv-se\msntabres.dll/230?f401b56bbf7940daad9031bce74decd7

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\shdocvw.dll

O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\shdocvw.dll

O9 - Extra button: Ladbrokes Poker - {C2A80015-C447-4dc4-82DD-AED83D6ED57E} - C:\Program\ladbrokesMPP\MPPoker.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O12 - Plugin for .spop: C:\Program\Internet Explorer\Plugins\NPDocBox.dll

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1115548537485

O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\Program\MSNMES~1\msgrapp.dll" (file missing)

O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program\Delade filer\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: CA ISafe (CAISafe) - Computer Associates International, Inc. - C:\Program\CA\eTrust EZ Armor\eTrust EZ Antivirus\isafe.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccProxy.exe

O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccPwdSvc.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccSetMgr.exe

O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program\Delade filer\EPSON\EBAPI\SAgent2.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program\Delade filer\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Norton AntiVirus Auto Protect-tjänst (navapsvc) - Symantec Corporation - C:\Program\Norton Internet Security\Norton AntiVirus\navapsvc.exe

O23 - Service: SAVScan - Symantec Corporation - C:\Program\Norton Internet Security\Norton AntiVirus\SAVScan.exe

O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\Program\DELADE~1\SYMANT~1\SCRIPT~1\SBServ.exe

O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\SNDSrvc.exe

O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\Security Center\SymWSC.exe

O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe

 

[/log]

 

Link to comment
Share on other sites

Det är en gammal Java-version med säkerhetshål i datorn. Avinstallera alla Java i Kontrollpanelen - Lägg till eller ta bort program och installera därefter en ny: http://www.java.com/sv/

 

Gå till http://www.virustotal.com/ klistra in ett av följande filnamn i rutan, tryck på Send och vänta tills resultatet är klart (Status blir Finished). Klistra in resultatet (inkl. filstorlek) här. Upprepa med nästa filnamn.

C:\WINDOWS\system32\ctcypddc.exe

C:\Program\Delade filer\Error Safe\erscw.exe

 

Det är inte lämpligt att ha två antivirusprogram som är aktiva i datorn. Du ser ut att ha både Symantec/Norton och CA eTrust, inaktivera eller avinstallera det ena.

 

Kontrollpanelen - Lägg till eller ta bort program

Ta bort Error Safe, Hotbar, TVEngine, hbtools eller liknande om de finns där

Om det finns något att ta bort så lägg hit en ny HijackThis-logg efter att du har startat om datorn.

 

Link to comment
Share on other sites

[log]Complete scanning result of "ctcypddc.exe", received in VirusTotal at 01.02.2007, 13:15:44 (CET).

 

Antivirus Version Update Result

AntiVir 7.3.0.21 01.02.2007 no virus found

Authentium 4.93.8 12.30.2006 no virus found

Avast 4.7.892.0 12.30.2006 no virus found

AVG 386 01.01.2007 no virus found

BitDefender 7.2 01.02.2007 no virus found

CAT-QuickHeal 8.00 01.01.2007 no virus found

ClamAV devel-20060426 01.02.2007 no virus found

DrWeb 4.33 01.02.2007 no virus found

eSafe 7.0.14.0 01.01.2007 no virus found

eTrust-InoculateIT 23.73.102 12.30.2006 no virus found

eTrust-Vet 30.3.3296 01.02.2007 no virus found

Ewido 4.0 01.01.2007 no virus found

Fortinet 2.82.0.0 01.02.2007 no virus found

F-Prot 3.16f 12.30.2006 no virus found

F-Prot4 4.2.1.29 12.30.2006 no virus found

Ikarus T3.1.0.27 01.02.2007 no virus found

Kaspersky 4.0.2.24 01.02.2007 no virus found

McAfee 4929 12.29.2006 no virus found

Microsoft 1.1904 01.02.2007 no virus found

NOD32v2 1951 01.01.2007 no virus found

Norman 5.80.02 12.31.2007 no virus found

Panda 9.0.0.4 01.01.2007 no virus found

Prevx1 V2 01.02.2007 no virus found

Sophos 4.13.0 01.01.2007 no virus found

Sunbelt 2.2.907.0 12.18.2006 no virus found

TheHacker 6.0.3.141 01.01.2007 no virus found

VBA32 3.11.1 01.01.2007 no virus found

VirusBuster 4.3.19:9 01.01.2007 no virus found

 

Aditional Information

File size: 0 bytes

MD5: d41d8cd98f00b204e9800998ecf8427e

SHA1: da39a3ee5e6b4b0d3255bfef95601890afd80709[/log]

 

Link to comment
Share on other sites

[log]Complete scanning result of "erscw.exe", received in VirusTotal at 01.02.2007, 13:22:01 (CET).

 

Antivirus Version Update Result

AntiVir 7.3.0.21 01.02.2007 no virus found

Authentium 4.93.8 12.30.2006 no virus found

Avast 4.7.892.0 12.30.2006 no virus found

AVG 386 01.01.2007 no virus found

BitDefender 7.2 01.02.2007 no virus found

CAT-QuickHeal 8.00 01.01.2007 no virus found

ClamAV devel-20060426 01.02.2007 no virus found

DrWeb 4.33 01.02.2007 no virus found

eSafe 7.0.14.0 01.02.2007 no virus found

eTrust-InoculateIT 23.73.102 12.30.2006 no virus found

eTrust-Vet 30.3.3296 01.02.2007 no virus found

Ewido 4.0 01.01.2007 Not-A-Virus.Downloader.Win32.WinFixer.t

Fortinet 2.82.0.0 01.02.2007 Download/WinFixer

F-Prot 3.16f 12.30.2006 no virus found

F-Prot4 4.2.1.29 12.30.2006 no virus found

Ikarus T3.1.0.27 01.02.2007 not-a-virus:Downloader.Win32.WinFixer.t

Kaspersky 4.0.2.24 01.02.2007 not-a-virus:Downloader.Win32.WinFixer.t

McAfee 4929 12.29.2006 no virus found

Microsoft 1.1904 01.02.2007 no virus found

NOD32v2 1951 01.01.2007 no virus found

Norman 5.80.02 12.31.2007 W32/WinFixer.JU

Panda 9.0.0.4 01.01.2007 Application/Winfixer2005

Prevx1 V2 01.02.2007 Rogue.ErrorSafe

Sophos 4.13.0 01.01.2007 no virus found

Sunbelt 2.2.907.0 12.18.2006 WinAntiSpyware

TheHacker 6.0.3.141 01.01.2007 Aplicacion/WinFixer.t

VBA32 3.11.1 01.01.2007 Downloader.Win32.WinFixer.t

VirusBuster 4.3.19:9 01.01.2007 no virus found

 

Aditional Information

File size: 114688 bytes

MD5: d72dc52e537ed8479b08e1af661e0f0e

SHA1: ef688959df5b497c9dd634a6142915a54a2754d4

Prevx info: http://fileinfo.prevx.com/fileinfo.asp?PXC=8ea350412259

Sunbelt info: WinAntiSpyware is a rogue antis-pyware product which pesters users with scareware tactics to purchase the product.[/log]

 

Link to comment
Share on other sites

Installera AVG Anti-Spyware:

http://www.ewido.net/en/

Uppdatera programmet och ställ in det enligt första punktlistan på denna sida:

http://rstones12.geekstogo.com/ewidosetup.htm

Skanna inte igenom datorn än.

 

[log]Skanna med HijackThis och bocka för:

 

O2 - BHO: TVEngine Helper /fleok=1D8A83A5C2E6107C91A475760EA83FA5EF80752B94E2DF795F7E4

32F3DC6 - {4B18DD50-C996-44fc-AC52-0FECFF82ED58} - c:\program\hbtools\hbtv\hbtvhelper.dll

O2 - BHO: HbTools - {74CC49F7-EB32-4A08-B204-948962A6E3DB} - C:\Program\HbTools\Bin\4.8.2.0\HbtHostIE.dll

O3 - Toolbar: H&otbar - {74CC49F7-EB32-4A08-B204-948962A6E3DB} - C:\Program\HbTools\Bin\4.8.2.0\HbtHostIE.dll

O4 - HKLM\..\Run: [HbTools] C:\Program\HbTools\Bin\4.8.2.0\HbtOEAddOn.exe

O4 - HKLM\..\Run: [kgzzwuyj] C:\WINDOWS\system32\ctcypddc.exe

O4 - HKLM\..\Run: [erscw] C:\Program\Delade filer\Error Safe\erscw.exe -c

 

Om du inte längre kör Ladbrokes Poker så även denna rad:

O9 - Extra button: Ladbrokes Poker - {C2A80015-C447-4dc4-82DD-AED83D6ED57E} - C:\Program\ladbrokesMPP\MPPoker.exe (file missing)

 

Avsluta alla andra program.

Tryck Fix checked.

 

Starta om datorn i felsäkert läge (tryck F8 upprepade gånger under uppstarten och välj felsäkert läge i menyn).

 

Ställ in Utforskaren så att du kan se alla filer:

Verktyg - (Mapp)alternativ eller liknande - Visning

Välj Visa dolda filer och mappar

Avbocka Dölj filnamnstillägg för kända filtyper

Avbocka Dölj skyddade operativsystemfiler

 

Ta bort filerna (om de finns kvar):

C:\WINDOWS\system32\ctcypddc.exe

 

Ta bort mapparna (om de finns kvar):

C:\Program\HbTools

C:\Program\Delade filer\Error Safe

 

Skanna datorn med AVG Anti-Spyware på detta sätt:

Tryck på Scanner.

Gå till Scan-fliken

Tryck på Complete System Scan

När skanningen är klar så välj Apply all actions (ska vara att sätta i karantän om du har ställt in programmet rätt).

Tryck Reports, sedan välj Save report as och spara rapporten t ex på Skrivbordet.

 

Starta om i normalt läge och så en ny HijackThis-logg samt rapporten från AVG Anti-Spyware.

 

OBS! Viktigt att när du har klistrat in en logg i ditt svar så markera (måla) loggen och så tryck på LOG-knappen, som finns på samma rad som :thumbsdown::thumbsup:.[/log]

 

Link to comment
Share on other sites

Nu är det nån bov i familjen som har använt dator emellan stegen här, vet inte om det har pajat nåt.. här är hijackthisloggen och avg loggen i alla fall. Hjälpen äro mycket uppskattad!

 

[log]Logfile of HijackThis v1.99.1

Scan saved at 14:25:17, on 2007-01-03

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\hkcmd.exe

C:\Program\Dell\Media Experience\PCMService.exe

C:\Program\CyberLink\PowerDVD\DVDLauncher.exe

C:\Program\Intel\Modem Event Monitor\IntelMEM.exe

C:\WINDOWS\system32\dla\tfswctrl.exe

C:\Program\Delade filer\Sonic\Update Manager\sgtray.exe

C:\Program\Delade filer\Symantec Shared\ccApp.exe

C:\Program\Telia\Supportassistent\bin\tgcmd.exe

C:\Jocke\Program\Adobe Acrobat 7.0 Professional\Distillr\Acrotray.exe

C:\Program\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe

C:\Program\Java\jre1.5.0_10\bin\jusched.exe

C:\Program\Grisoft\AVG Anti-Spyware 7.5\avgas.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Jocke\Program\Adobe Acrobat 7.0 Professional\Acrobat\acrobat_sl.exe

C:\Program\MSN Toolbar Suite\DS\02.05.0001.1119\sv-se\bin\WindowsSearch.exe

C:\Program\Grisoft\AVG Anti-Spyware 7.5\guard.exe

C:\Program\MSN Toolbar Suite\DS\02.05.0001.1119\sv-se\bin\WindowsSearchIndexer.exe

C:\Program\Delade filer\Symantec Shared\ccProxy.exe

C:\Program\Delade filer\Symantec Shared\ccSetMgr.exe

C:\Program\Delade filer\EPSON\EBAPI\SAgent2.exe

C:\WINDOWS\system32\slserv.exe

c:\program\GV650\GV650.exe

C:\Program\Delade filer\Symantec Shared\SNDSrvc.exe

C:\WINDOWS\System32\svchost.exe

C:\Program\Delade filer\Symantec Shared\ccEvtMgr.exe

C:\Program\Delade filer\Symantec Shared\Security Center\SymWSC.exe

C:\Program\Messenger\msmsgs.exe

c:\program\GV650\BcastTcp.exe

c:\program\GV650\DmHealthSvr.exe

c:\program\GV650\DMMailServer.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\wuauclt.exe

C:\PROGRAM\MOZILL~1\FIREFOX.EXE

C:\Program\MSN Toolbar Suite\SL\02.05.0001.1119\sv-se\msn_sl.exe

C:\Documents and Settings\Dick\Skrivbord\hijackthis\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell.com/countries/se/sve/gen/default.htm'>http://www.euro.dell.com/countries/se/sve/gen/default.htm'>http://www.euro.dell.com/countries/se/sve/gen/default.htm

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.se/0SESVSE/SAOS01?FORM=TOOLBR'>http://g.msn.se/0SESVSE/SAOS01?FORM=TOOLBR'>http://g.msn.se/0SESVSE/SAOS01?FORM=TOOLBR

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.se/0SESVSE/SAOS01?FORM=TOOLBR

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.se/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell.com/countries/se/sve/gen/default.htm

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.euro.dell.com/countries/se/sve/gen/default.htm

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.se/0SESVSE/SAOS01?FORM=TOOLBR

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program\Java\jre1.5.0_10\bin\ssv.dll

O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program\Delade filer\Symantec Shared\AdBlocking\NISShExt.dll

O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Jocke\Program\Adobe Acrobat 7.0 Professional\Acrobat\AcroIEFavClient.dll

O2 - BHO: MSN Search Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program\MSN Toolbar Suite\TB\02.05.0000.1105\sv-se\msntb.dll

O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program\Norton Internet Security\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program\Delade filer\Symantec Shared\AdBlocking\NISShExt.dll

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program\Norton Internet Security\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: MSN Search Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program\MSN Toolbar Suite\TB\02.05.0000.1105\sv-se\msntb.dll

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Jocke\Program\Adobe Acrobat 7.0 Professional\Acrobat\AcroIEFavClient.dll

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [PCMService] "C:\Program\Dell\Media Experience\PCMService.exe"

O4 - HKLM\..\Run: [DVDLauncher] "C:\Program\CyberLink\PowerDVD\DVDLauncher.exe"

O4 - HKLM\..\Run: [intelMeM] C:\Program\Intel\Modem Event Monitor\IntelMEM.exe

O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe

O4 - HKLM\..\Run: [updateManager] "C:\Program\Delade filer\Sonic\Update Manager\sgtray.exe" /r

O4 - HKLM\..\Run: [ccApp] "C:\Program\Delade filer\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [urlLSTCK.exe] C:\Program\Norton Internet Security\UrlLstCk.exe

O4 - HKLM\..\Run: [symantec NetDriver Monitor] C:\Program\SYMNET~1\SNDMon.exe /Consumer

O4 - HKLM\..\Run: [Device Detector] "C:\Program\Delade filer\ACD Systems\EN\DevDetect.exe" -autorun

O4 - HKLM\..\Run: [tgcmd] "C:\Program\Telia\Supportassistent\bin\tgcmd.exe" /server /startmonitor /deaf

O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Jocke\Program\Adobe Acrobat 7.0 Professional\Distillr\Acrotray.exe"

O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program\Java\jre1.5.0_10\bin\jusched.exe"

O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - Startup: Adobe Gamma.lnk = C:\Program\Delade filer\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?

O4 - Global Startup: EPSON Status Monitor 3 Environment Check(2).lnk = C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\E_SRCV02.EXE

O4 - Global Startup: MultiCam Auto Start.lnk = C:\Program\GV650\DM500Startup.exe

O4 - Global Startup: Windows Desktop Search.lnk = C:\Program\MSN Toolbar Suite\DS\02.05.0001.1119\sv-se\bin\WindowsSearch.exe

O8 - Extra context menu item: &MSN Search - res://C:\Program\MSN Toolbar Suite\TB\02.05.0000.1105\sv-se\msntb.dll/search.htm

O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Jocke\Program\Adobe Acrobat 7.0 Professional\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Jocke\Program\Adobe Acrobat 7.0 Professional\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Jocke\Program\Adobe Acrobat 7.0 Professional\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Jocke\Program\Adobe Acrobat 7.0 Professional\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Jocke\Program\Adobe Acrobat 7.0 Professional\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Jocke\Program\Adobe Acrobat 7.0 Professional\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Jocke\Program\Adobe Acrobat 7.0 Professional\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert to existing PDF - res://C:\Jocke\Program\Adobe Acrobat 7.0 Professional\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Öppna på ny flik i bakgrunden - res://C:\Program\MSN Toolbar Suite\TAB\02.05.0000.1105\sv-se\msntabres.dll/229?f401b56bbf7940daad9031bce74decd7

O8 - Extra context menu item: Öppna på ny flik i förgrunden - res://C:\Program\MSN Toolbar Suite\TAB\02.05.0000.1105\sv-se\msntabres.dll/230?f401b56bbf7940daad9031bce74decd7

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_10\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_10\bin\ssv.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O12 - Plugin for .spop: C:\Program\Internet Explorer\Plugins\NPDocBox.dll

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1115548537485

O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\Program\MSNMES~1\msgrapp.dll" (file missing)

O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program\Delade filer\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program\Grisoft\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccProxy.exe

O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccPwdSvc.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccSetMgr.exe

O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program\Delade filer\EPSON\EBAPI\SAgent2.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program\Delade filer\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Norton AntiVirus Auto Protect-tjänst (navapsvc) - Symantec Corporation - C:\Program\Norton Internet Security\Norton AntiVirus\navapsvc.exe

O23 - Service: SAVScan - Symantec Corporation - C:\Program\Norton Internet Security\Norton AntiVirus\SAVScan.exe

O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\Program\DELADE~1\SYMANT~1\SCRIPT~1\SBServ.exe

O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\SNDSrvc.exe

O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\Security Center\SymWSC.exe[/log]

 

 

 

[log]

---------------------------------------------------------

AVG Anti-Spyware - Scan Report

---------------------------------------------------------

 

+ Created at: 11:09:32 2007-01-03

 

+ Scan result:

 

 

 

C:\System Volume Information\_restore{B19406CB-15FE-4643-899E-BE44508A1787}\RP810\A0067575.exe -> Adware.180Solutions : Ignored.

C:\System Volume Information\_restore{B19406CB-15FE-4643-899E-BE44508A1787}\RP792\A0064276.dll -> Adware.ErrorSafe : Ignored.

C:\System Volume Information\_restore{B19406CB-15FE-4643-899E-BE44508A1787}\RP808\A0067202.dll -> Adware.ErrorSafe : Ignored.

C:\Program\Hotbar -> Adware.HotBar : Ignored.

C:\System Volume Information\_restore{B19406CB-15FE-4643-899E-BE44508A1787}\RP808\A0067390.exe -> Adware.HotBar : Ignored.

C:\System Volume Information\_restore{B19406CB-15FE-4643-899E-BE44508A1787}\RP810\A0067560.dll -> Adware.Hotbar : Ignored.

C:\System Volume Information\_restore{B19406CB-15FE-4643-899E-BE44508A1787}\RP810\A0067561.exe -> Adware.HotBar : Ignored.

C:\System Volume Information\_restore{B19406CB-15FE-4643-899E-BE44508A1787}\RP810\A0067562.dll -> Adware.HotBar : Ignored.

C:\System Volume Information\_restore{B19406CB-15FE-4643-899E-BE44508A1787}\RP810\A0067564.exe -> Adware.HotBar : Ignored.

C:\System Volume Information\_restore{B19406CB-15FE-4643-899E-BE44508A1787}\RP810\A0067567.dll -> Adware.HotBar : Ignored.

C:\System Volume Information\_restore{B19406CB-15FE-4643-899E-BE44508A1787}\RP810\A0067568.exe -> Adware.HotBar : Ignored.

C:\System Volume Information\_restore{B19406CB-15FE-4643-899E-BE44508A1787}\RP810\A0067569.dll -> Adware.HotBar : Ignored.

C:\System Volume Information\_restore{B19406CB-15FE-4643-899E-BE44508A1787}\RP811\A0067699.dll -> Adware.HotBar : Ignored.

C:\System Volume Information\_restore{B19406CB-15FE-4643-899E-BE44508A1787}\RP811\A0067701.exe -> Adware.HotBar : Ignored.

C:\System Volume Information\_restore{B19406CB-15FE-4643-899E-BE44508A1787}\RP811\A0067703.dll -> Adware.HotBar : Ignored.

HKLM\SOFTWARE\HbTools -> Adware.HotBar : Ignored.

HKLM\SOFTWARE\HbTools\HbTools -> Adware.HotBar : Ignored.

HKLM\SOFTWARE\HbTools\HbTools\PI -> Adware.HotBar : Ignored.

HKLM\SOFTWARE\HbTools\HbTools\PI\3.2 -> Adware.HotBar : Ignored.

C:\WINDOWS\SYSTEM32\ssqro.dll -> Adware.Virtumonde : Ignored.

C:\System Volume Information\_restore{B19406CB-15FE-4643-899E-BE44508A1787}\RP792\A0064274.exe -> Adware.WinFixer : Ignored.

C:\System Volume Information\_restore{B19406CB-15FE-4643-899E-BE44508A1787}\RP808\A0066973.exe -> Downloader.Small.b : Ignored.

C:\System Volume Information\_restore{B19406CB-15FE-4643-899E-BE44508A1787}\RP808\A0066889.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Ignored.

C:\System Volume Information\_restore{B19406CB-15FE-4643-899E-BE44508A1787}\RP808\A0066891.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Ignored.

C:\System Volume Information\_restore{B19406CB-15FE-4643-899E-BE44508A1787}\RP808\A0066892.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Ignored.

C:\Program\Delade filer\Error Safe\erscw.exe -> Not-A-Virus.Downloader.Win32.WinFixer.t : Ignored.

C:\System Volume Information\_restore{B19406CB-15FE-4643-899E-BE44508A1787}\RP792\A0064281.sys -> Rootkit.Agent.af : Ignored.

 

 

::Report end

 

[/log]:thumbsup::thumbsup::thumbsup:

 

Link to comment
Share on other sites

Ladda ner Vundofix:

http://www.atribune.org/ccount/click.php?id=4

 

Starta om datorn i felsäkert läge (tryck F8 upprepade gånger under uppstarten och välj felsäkert läge i menyn).

 

Dubbelklicka på VundoFix.exe för att starta programmet.

När den startar igen så tryck på Scan for Vundo.

När skanningen är klar så tryck på Remove Vundo.

Svara Ja/Yes på frågan om du vill ta bort filerna.

Därefter kommer Skrivbordet att försvinna medan filerna tas bort.

När det är klart så kommer det en fråga om att din dator kommer att stängas av, tryck på OK.

Sätt igång datorn igen i normalt läge.

 

Om det är så att VundoFix inte kunde ta bort någon fil vid första försöket så kommer VundoFix att starta igen när datorn startas, följ i så fall beskrivningen en gång till.

 

Klistra in C:\vundofix.txt i ditt svar och en ny HijackThis-logg i ditt svar.

 

Gå till felsäkert läge, ställ in AVG Anti-Spyware så att den sätter allt den hittar i karantän, se punkt 5 på http://rstones12.geekstogo.com/ewidosetup.htm

Skanna igenom datorn med programmet och låt den sätta allt den hittar i karantän. Klistra in rapporten här.

 

Link to comment
Share on other sites

 

[log]VundoFix V6.2.13

 

Checking Java version...

 

Sun Java not detected

Scan started at 12:24:31 2007-01-05

 

Listing files found while scanning....

 

C:\WINDOWS\SYSTEM32\pmkjj.dll

 

Beginning removal...

 

Attempting to delete C:\WINDOWS\SYSTEM32\pmkjj.dll

C:\WINDOWS\SYSTEM32\pmkjj.dll Has been deleted!

 

Performing Repairs to the registry.

Done![/log]

 

 

 

[log]

Logfile of HijackThis v1.99.1

Scan saved at 12:39:16, on 2007-01-05

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\hkcmd.exe

C:\Program\Dell\Media Experience\PCMService.exe

C:\Program\CyberLink\PowerDVD\DVDLauncher.exe

C:\Program\Intel\Modem Event Monitor\IntelMEM.exe

C:\WINDOWS\system32\dla\tfswctrl.exe

C:\Program\Delade filer\Symantec Shared\ccApp.exe

C:\Program\Telia\Supportassistent\bin\tgcmd.exe

C:\Jocke\Program\Adobe Acrobat 7.0 Professional\Distillr\Acrotray.exe

C:\Program\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe

C:\Program\Java\jre1.5.0_10\bin\jusched.exe

C:\Program\Grisoft\AVG Anti-Spyware 7.5\avgas.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program\MSN Toolbar Suite\DS\02.05.0001.1119\sv-se\bin\WindowsSearch.exe

C:\Program\Grisoft\AVG Anti-Spyware 7.5\guard.exe

C:\Program\Delade filer\Symantec Shared\ccProxy.exe

C:\Program\Delade filer\Symantec Shared\ccSetMgr.exe

C:\Program\MSN Toolbar Suite\DS\02.05.0001.1119\sv-se\bin\WindowsSearchIndexer.exe

C:\Program\Delade filer\EPSON\EBAPI\SAgent2.exe

C:\WINDOWS\system32\slserv.exe

c:\program\GV650\GV650.exe

C:\Program\Delade filer\Symantec Shared\SNDSrvc.exe

C:\WINDOWS\System32\svchost.exe

C:\Program\Delade filer\Symantec Shared\ccEvtMgr.exe

C:\Program\Delade filer\Symantec Shared\Security Center\SymWSC.exe

c:\program\GV650\BcastTcp.exe

c:\program\GV650\DmHealthSvr.exe

c:\program\GV650\DMMailServer.exe

C:\WINDOWS\System32\svchost.exe

C:\Program\Mozilla Firefox\firefox.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\Program\Messenger\msmsgs.exe

C:\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell.com/countries/se/sve/gen/default.htm'>http://www.euro.dell.com/countries/se/sve/gen/default.htm'>http://www.euro.dell.com/countries/se/sve/gen/default.htm

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.se/0SESVSE/SAOS01?FORM=TOOLBR'>http://g.msn.se/0SESVSE/SAOS01?FORM=TOOLBR'>http://g.msn.se/0SESVSE/SAOS01?FORM=TOOLBR

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.se/0SESVSE/SAOS01?FORM=TOOLBR

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.se/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell.com/countries/se/sve/gen/default.htm

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.euro.dell.com/countries/se/sve/gen/default.htm

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.se/0SESVSE/SAOS01?FORM=TOOLBR

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program\Java\jre1.5.0_10\bin\ssv.dll

O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program\Delade filer\Symantec Shared\AdBlocking\NISShExt.dll

O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Jocke\Program\Adobe Acrobat 7.0 Professional\Acrobat\AcroIEFavClient.dll

O2 - BHO: MSN Search Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program\MSN Toolbar Suite\TB\02.05.0000.1105\sv-se\msntb.dll

O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program\Norton Internet Security\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program\Delade filer\Symantec Shared\AdBlocking\NISShExt.dll

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program\Norton Internet Security\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: MSN Search Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program\MSN Toolbar Suite\TB\02.05.0000.1105\sv-se\msntb.dll

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Jocke\Program\Adobe Acrobat 7.0 Professional\Acrobat\AcroIEFavClient.dll

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [PCMService] "C:\Program\Dell\Media Experience\PCMService.exe"

O4 - HKLM\..\Run: [DVDLauncher] "C:\Program\CyberLink\PowerDVD\DVDLauncher.exe"

O4 - HKLM\..\Run: [intelMeM] C:\Program\Intel\Modem Event Monitor\IntelMEM.exe

O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe

O4 - HKLM\..\Run: [updateManager] "C:\Program\Delade filer\Sonic\Update Manager\sgtray.exe" /r

O4 - HKLM\..\Run: [ccApp] "C:\Program\Delade filer\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [urlLSTCK.exe] C:\Program\Norton Internet Security\UrlLstCk.exe

O4 - HKLM\..\Run: [symantec NetDriver Monitor] C:\Program\SYMNET~1\SNDMon.exe /Consumer

O4 - HKLM\..\Run: [Device Detector] "C:\Program\Delade filer\ACD Systems\EN\DevDetect.exe" -autorun

O4 - HKLM\..\Run: [tgcmd] "C:\Program\Telia\Supportassistent\bin\tgcmd.exe" /server /startmonitor /deaf

O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Jocke\Program\Adobe Acrobat 7.0 Professional\Distillr\Acrotray.exe"

O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program\Java\jre1.5.0_10\bin\jusched.exe"

O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - Startup: Adobe Gamma.lnk = C:\Program\Delade filer\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?

O4 - Global Startup: EPSON Status Monitor 3 Environment Check(2).lnk = C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\E_SRCV02.EXE

O4 - Global Startup: MultiCam Auto Start.lnk = C:\Program\GV650\DM500Startup.exe

O4 - Global Startup: Windows Desktop Search.lnk = C:\Program\MSN Toolbar Suite\DS\02.05.0001.1119\sv-se\bin\WindowsSearch.exe

O8 - Extra context menu item: &MSN Search - res://C:\Program\MSN Toolbar Suite\TB\02.05.0000.1105\sv-se\msntb.dll/search.htm

O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Jocke\Program\Adobe Acrobat 7.0 Professional\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Jocke\Program\Adobe Acrobat 7.0 Professional\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Jocke\Program\Adobe Acrobat 7.0 Professional\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Jocke\Program\Adobe Acrobat 7.0 Professional\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Jocke\Program\Adobe Acrobat 7.0 Professional\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Jocke\Program\Adobe Acrobat 7.0 Professional\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Jocke\Program\Adobe Acrobat 7.0 Professional\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert to existing PDF - res://C:\Jocke\Program\Adobe Acrobat 7.0 Professional\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Öppna på ny flik i bakgrunden - res://C:\Program\MSN Toolbar Suite\TAB\02.05.0000.1105\sv-se\msntabres.dll/229?f401b56bbf7940daad9031bce74decd7

O8 - Extra context menu item: Öppna på ny flik i förgrunden - res://C:\Program\MSN Toolbar Suite\TAB\02.05.0000.1105\sv-se\msntabres.dll/230?f401b56bbf7940daad9031bce74decd7

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_10\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_10\bin\ssv.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O12 - Plugin for .spop: C:\Program\Internet Explorer\Plugins\NPDocBox.dll

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1115548537485

O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\Program\MSNMES~1\msgrapp.dll" (file missing)

O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program\Delade filer\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program\Grisoft\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccProxy.exe

O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccPwdSvc.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccSetMgr.exe

O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program\Delade filer\EPSON\EBAPI\SAgent2.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program\Delade filer\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Norton AntiVirus Auto Protect-tjänst (navapsvc) - Symantec Corporation - C:\Program\Norton Internet Security\Norton AntiVirus\navapsvc.exe

O23 - Service: SAVScan - Symantec Corporation - C:\Program\Norton Internet Security\Norton AntiVirus\SAVScan.exe

O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\Program\DELADE~1\SYMANT~1\SCRIPT~1\SBServ.exe

O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\SNDSrvc.exe

O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\Security Center\SymWSC.exe

[/log]

 

 

Link to comment
Share on other sites

Inget i HijackThis-loggen, men Vundo är lite lurig och kan gömma sig när en process som heter hijackthis kör, det är därför man ibland får be att namnet ändras.

 

Link to comment
Share on other sites

Undrade bara varför du rekommenderade det innan du prövat byta namn.

Jag höll på att leta ihjäl mig i HJT-loggen. Missade först AVG-loggen.

 

Link to comment
Share on other sites

yes nu har jag rensat med AVG. Blev ingen rapport sparad dock, men datorn verkar helt okej nu

Tackar så väldigt mycket för hjälpen !:thumbsup::thumbsup::thumbsup::thumbsup::thumbsup::)

 

Link to comment
Share on other sites

Om inget hittas med en förnyad skanning med AVG Anti-Spyware så är det nog bra nu.

 

Här kommer mina vanliga råd för en säkrare dator, men det är så klart viktigt att man använder sitt förnuft också.

 

Uppdatera från Windows Update och kör antispionprogrammen AVG Anti-Spyware (Ewido), SUPERAntiSpyware, Spybot S&D och/eller Ad-aware regelbundet.

http://www.ewido.net/en/

http://www.superantispyware.com/

http://www.safer-networking.org/en/download/index.html

http://www.lavasoft.com

 

Komplettera antivirusprogrammet med några online-skanningar då och då:

http://housecall.trendmicro.com/

http://www.bitdefender.com/scan8/ie.html

http://www.pandasoftware.com/products/activescan/

 

Använd en brandvägg (bättre än den inbyggda i XP), finns gratis från t ex ZoneLabs.

http://www.zonelabs.com/store/content/home.jsp

 

Om man använder Internet Explorer så kan det vara lämpligt att ha programmen SpywareBlaster och SpywareGuard, vilka hindrar en hel del otrevliga program från att laddas ner resp. köras:

http://www.javacoolsoftware.com

 

Se över säkerhetsinställningarna i Internet Explorer, det finns en hel del tips här:

http://www.spywarewarrior.com/uiuc/btw/ie/ie-opts.htm

 

Samt kör IE-SpyAd som lägger en hel massa otrevliga webbplatser i zonen Ej tillförlitliga i Internet Explorer så att de inte kan göra något med datorn:

http://www.spywarewarrior.com/uiuc/resource.htm

 

Om man byter webbläsare så är det bara SpywareGuard som behövs. Andra webbläsare är t ex Mozilla Firefox och Opera:

http://www.mozilla.org

http://www.opera.com

 

Allt gratis för hemanvändare/personligt bruk.

 

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.



×
×
  • Create New...