Hijackthis log

30 december, 2006

Skulle behöva hjälp med att tyda denna log tack.

[log]Logfile of HijackThis v1.99.1

Scan saved at 15:13:13, on 2006-12-30

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program\CA\eTrust EZ Armor\eTrust EZ Antivirus\isafe.exe

C:\Program\Delade filer\Symantec Shared\ccProxy.exe

C:\Program\Delade filer\Symantec Shared\ccSetMgr.exe

C:\Program\Delade filer\EPSON\EBAPI\SAgent2.exe

C:\Program\Delade filer\Symantec Shared\SNDSrvc.exe

C:\WINDOWS\System32\svchost.exe

C:\Program\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe

C:\Program\Delade filer\Symantec Shared\ccEvtMgr.exe

C:\Program\Delade filer\Symantec Shared\Security Center\SymWSC.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\hkcmd.exe

C:\Program\Java\j2re1.4.2_03\bin\jusched.exe

C:\Program\Dell\Media Experience\PCMService.exe

C:\Program\CyberLink\PowerDVD\DVDLauncher.exe

C:\Program\Intel\Modem Event Monitor\IntelMEM.exe

C:\WINDOWS\system32\dla\tfswctrl.exe

C:\Program\Delade filer\Symantec Shared\ccApp.exe

C:\Program\Delade filer\ACD Systems\EN\DevDetect.exe

C:\Program\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe

C:\Program\CA\ETRUST~1\ETRUST~1\VetTray.exe

C:\Program\HbTools\Bin\4.8.2.0\HbtOEAddOn.exe

C:\Program\Delade filer\Error Safe\erscw.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program\Hbtools\HBTV\HBTV.exe

C:\Program\MSN Toolbar Suite\DS\02.05.0001.1119\sv-se\bin\WindowsSearch.exe

c:\program\GV650\GV650.exe

C:\WINDOWS\System32\svchost.exe

C:\Program\MSN Toolbar Suite\DS\02.05.0001.1119\sv-se\bin\WindowsSearchIndexer.exe

c:\program\GV650\BcastTcp.exe

c:\program\GV650\DmHealthSvr.exe

c:\program\GV650\DMMailServer.exe

C:\Program\Delade filer\Symantec Shared\NMain.exe

C:\Program\Norton Internet Security\Norton AntiVirus\navapsvc.exe

C:\Program\Norton Internet Security\Norton AntiVirus\SAVScan.exe

C:\WINDOWS\system32\rundll32.exe

C:\PROGRAM\MOZILL~1\FIREFOX.EXE

C:\Jocke\Program\Adobe Acrobat 7.0 Professional\Distillr\acrotray.exe

C:\WINDOWS\System32\msiexec.exe

C:\Program\Messenger\msmsgs.exe

C:\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell.com/countries/se/sve/gen/default.htm'>http://www.euro.dell.com/countries/se/sve/gen/default.htm'>http://www.euro.dell.com/countries/se/sve/gen/default.htm

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.se/0SESVSE/SAOS01?FORM=TOOLBR'>http://g.msn.se/0SESVSE/SAOS01?FORM=TOOLBR'>http://g.msn.se/0SESVSE/SAOS01?FORM=TOOLBR

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.se/0SESVSE/SAOS01?FORM=TOOLBR

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.se/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell.com/countries/se/sve/gen/default.htm

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.euro.dell.com/countries/se/sve/gen/default.htm

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://resultsmaster.com/SmartOffers/Services/resultsmaster/ResultsMasterHomeLeftPane.htm

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.se/0SESVSE/SAOS01?FORM=TOOLBR

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: TVEngine Helper /fleok=1D8A83A5C2E6107C91A475760EA83FA5EF80752B94E2DF795F7E432F3DC6 - {4B18DD50-C996-44fc-AC52-0FECFF82ED58} - c:\program\hbtools\hbtv\hbtvhelper.dll

O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll

O2 - BHO: HbTools - {74CC49F7-EB32-4A08-B204-948962A6E3DB} - C:\Program\HbTools\Bin\4.8.2.0\HbtHostIE.dll

O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program\Delade filer\Symantec Shared\AdBlocking\NISShExt.dll

O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Jocke\Program\Adobe Acrobat 7.0 Professional\Acrobat\AcroIEFavClient.dll

O2 - BHO: MSN Search Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program\MSN Toolbar Suite\TB\02.05.0000.1105\sv-se\msntb.dll

O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program\Norton Internet Security\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program\Delade filer\Symantec Shared\AdBlocking\NISShExt.dll

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program\Norton Internet Security\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: MSN Search Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program\MSN Toolbar Suite\TB\02.05.0000.1105\sv-se\msntb.dll

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Jocke\Program\Adobe Acrobat 7.0 Professional\Acrobat\AcroIEFavClient.dll

O3 - Toolbar: H&otbar - {74CC49F7-EB32-4A08-B204-948962A6E3DB} - C:\Program\HbTools\Bin\4.8.2.0\HbtHostIE.dll

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program\Java\j2re1.4.2_03\bin\jusched.exe

O4 - HKLM\..\Run: [PCMService] "C:\Program\Dell\Media Experience\PCMService.exe"

O4 - HKLM\..\Run: [DVDLauncher] "C:\Program\CyberLink\PowerDVD\DVDLauncher.exe"

O4 - HKLM\..\Run: [intelMeM] C:\Program\Intel\Modem Event Monitor\IntelMEM.exe

O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe

O4 - HKLM\..\Run: [updateManager] "C:\Program\Delade filer\Sonic\Update Manager\sgtray.exe" /r

O4 - HKLM\..\Run: [ccApp] "C:\Program\Delade filer\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [urlLSTCK.exe] C:\Program\Norton Internet Security\UrlLstCk.exe

O4 - HKLM\..\Run: [symantec NetDriver Monitor] C:\Program\SYMNET~1\SNDMon.exe /Consumer

O4 - HKLM\..\Run: [Device Detector] "C:\Program\Delade filer\ACD Systems\EN\DevDetect.exe" -autorun

O4 - HKLM\..\Run: [tgcmd] "C:\Program\Telia\Supportassistent\bin\tgcmd.exe" /server /startmonitor /deaf

O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Jocke\Program\Adobe Acrobat 7.0 Professional\Distillr\Acrotray.exe"

O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [VetTray] C:\Program\CA\ETRUST~1\ETRUST~1\VetTray.exe

O4 - HKLM\..\Run: [HbTools] C:\Program\HbTools\Bin\4.8.2.0\HbtOEAddOn.exe

O4 - HKLM\..\Run: [kgzzwuyj] C:\WINDOWS\system32\ctcypddc.exe

O4 - HKLM\..\Run: [erscw] C:\Program\Delade filer\Error Safe\erscw.exe -c

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - Startup: Adobe Gamma.lnk = C:\Program\Delade filer\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?

O4 - Global Startup: EPSON Status Monitor 3 Environment Check(2).lnk = C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\E_SRCV02.EXE

O4 - Global Startup: MultiCam Auto Start.lnk = C:\Program\GV650\DM500Startup.exe

O4 - Global Startup: Windows Desktop Search.lnk = C:\Program\MSN Toolbar Suite\DS\02.05.0001.1119\sv-se\bin\WindowsSearch.exe

O8 - Extra context menu item: &MSN Search - res://C:\Program\MSN Toolbar Suite\TB\02.05.0000.1105\sv-se\msntb.dll/search.htm

O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Jocke\Program\Adobe Acrobat 7.0 Professional\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Jocke\Program\Adobe Acrobat 7.0 Professional\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Jocke\Program\Adobe Acrobat 7.0 Professional\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Jocke\Program\Adobe Acrobat 7.0 Professional\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Jocke\Program\Adobe Acrobat 7.0 Professional\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Jocke\Program\Adobe Acrobat 7.0 Professional\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Jocke\Program\Adobe Acrobat 7.0 Professional\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert to existing PDF - res://C:\Jocke\Program\Adobe Acrobat 7.0 Professional\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Öppna på ny flik i bakgrunden - res://C:\Program\MSN Toolbar Suite\TAB\02.05.0000.1105\sv-se\msntabres.dll/229?f401b56bbf7940daad9031bce74decd7

O8 - Extra context menu item: Öppna på ny flik i förgrunden - res://C:\Program\MSN Toolbar Suite\TAB\02.05.0000.1105\sv-se\msntabres.dll/230?f401b56bbf7940daad9031bce74decd7

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\shdocvw.dll

O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\shdocvw.dll

O9 - Extra button: Ladbrokes Poker - {C2A80015-C447-4dc4-82DD-AED83D6ED57E} - C:\Program\ladbrokesMPP\MPPoker.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O12 - Plugin for .spop: C:\Program\Internet Explorer\Plugins\NPDocBox.dll

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1115548537485

O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\Program\MSNMES~1\msgrapp.dll" (file missing)

O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program\Delade filer\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: CA ISafe (CAISafe) - Computer Associates International, Inc. - C:\Program\CA\eTrust EZ Armor\eTrust EZ Antivirus\isafe.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccProxy.exe

O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccPwdSvc.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccSetMgr.exe

O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program\Delade filer\EPSON\EBAPI\SAgent2.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program\Delade filer\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Norton AntiVirus Auto Protect-tjänst (navapsvc) - Symantec Corporation - C:\Program\Norton Internet Security\Norton AntiVirus\navapsvc.exe

O23 - Service: SAVScan - Symantec Corporation - C:\Program\Norton Internet Security\Norton AntiVirus\SAVScan.exe

O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\Program\DELADE~1\SYMANT~1\SCRIPT~1\SBServ.exe

O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\SNDSrvc.exe

O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\Security Center\SymWSC.exe

O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe

[/log]

30 december, 2006

Det är en gammal Java-version med säkerhetshål i datorn. Avinstallera alla Java i Kontrollpanelen - Lägg till eller ta bort program och installera därefter en ny: http://www.java.com/sv/

Gå till http://www.virustotal.com/ klistra in ett av följande filnamn i rutan, tryck på Send och vänta tills resultatet är klart (Status blir Finished). Klistra in resultatet (inkl. filstorlek) här. Upprepa med nästa filnamn.

C:\WINDOWS\system32\ctcypddc.exe

C:\Program\Delade filer\Error Safe\erscw.exe

Det är inte lämpligt att ha två antivirusprogram som är aktiva i datorn. Du ser ut att ha både Symantec/Norton och CA eTrust, inaktivera eller avinstallera det ena.

Kontrollpanelen - Lägg till eller ta bort program

Ta bort Error Safe, Hotbar, TVEngine, hbtools eller liknande om de finns där

Om det finns något att ta bort så lägg hit en ny HijackThis-logg efter att du har startat om datorn.

2 januari, 2007

[log]Complete scanning result of "ctcypddc.exe", received in VirusTotal at 01.02.2007, 13:15:44 (CET).

Antivirus Version Update Result

AntiVir 7.3.0.21 01.02.2007 no virus found

Authentium 4.93.8 12.30.2006 no virus found

Avast 4.7.892.0 12.30.2006 no virus found

AVG 386 01.01.2007 no virus found

BitDefender 7.2 01.02.2007 no virus found

CAT-QuickHeal 8.00 01.01.2007 no virus found

ClamAV devel-20060426 01.02.2007 no virus found

DrWeb 4.33 01.02.2007 no virus found

eSafe 7.0.14.0 01.01.2007 no virus found

eTrust-InoculateIT 23.73.102 12.30.2006 no virus found

eTrust-Vet 30.3.3296 01.02.2007 no virus found

Ewido 4.0 01.01.2007 no virus found

Fortinet 2.82.0.0 01.02.2007 no virus found

F-Prot 3.16f 12.30.2006 no virus found

F-Prot4 4.2.1.29 12.30.2006 no virus found

Ikarus T3.1.0.27 01.02.2007 no virus found

Kaspersky 4.0.2.24 01.02.2007 no virus found

McAfee 4929 12.29.2006 no virus found

Microsoft 1.1904 01.02.2007 no virus found

NOD32v2 1951 01.01.2007 no virus found

Norman 5.80.02 12.31.2007 no virus found

Panda 9.0.0.4 01.01.2007 no virus found

Prevx1 V2 01.02.2007 no virus found

Sophos 4.13.0 01.01.2007 no virus found

Sunbelt 2.2.907.0 12.18.2006 no virus found

TheHacker 6.0.3.141 01.01.2007 no virus found

VBA32 3.11.1 01.01.2007 no virus found

VirusBuster 4.3.19:9 01.01.2007 no virus found

Aditional Information

File size: 0 bytes

MD5: d41d8cd98f00b204e9800998ecf8427e

SHA1: da39a3ee5e6b4b0d3255bfef95601890afd80709[/log]

2 januari, 2007

[log]Complete scanning result of "erscw.exe", received in VirusTotal at 01.02.2007, 13:22:01 (CET).

Antivirus Version Update Result

AntiVir 7.3.0.21 01.02.2007 no virus found

Authentium 4.93.8 12.30.2006 no virus found

Avast 4.7.892.0 12.30.2006 no virus found

AVG 386 01.01.2007 no virus found

BitDefender 7.2 01.02.2007 no virus found

CAT-QuickHeal 8.00 01.01.2007 no virus found

ClamAV devel-20060426 01.02.2007 no virus found

DrWeb 4.33 01.02.2007 no virus found

eSafe 7.0.14.0 01.02.2007 no virus found

eTrust-InoculateIT 23.73.102 12.30.2006 no virus found

eTrust-Vet 30.3.3296 01.02.2007 no virus found

Ewido 4.0 01.01.2007 Not-A-Virus.Downloader.Win32.WinFixer.t

Fortinet 2.82.0.0 01.02.2007 Download/WinFixer

F-Prot 3.16f 12.30.2006 no virus found

F-Prot4 4.2.1.29 12.30.2006 no virus found

Ikarus T3.1.0.27 01.02.2007 not-a-virus:Downloader.Win32.WinFixer.t

Kaspersky 4.0.2.24 01.02.2007 not-a-virus:Downloader.Win32.WinFixer.t

McAfee 4929 12.29.2006 no virus found

Microsoft 1.1904 01.02.2007 no virus found

NOD32v2 1951 01.01.2007 no virus found

Norman 5.80.02 12.31.2007 W32/WinFixer.JU

Panda 9.0.0.4 01.01.2007 Application/Winfixer2005

Prevx1 V2 01.02.2007 Rogue.ErrorSafe

Sophos 4.13.0 01.01.2007 no virus found

Sunbelt 2.2.907.0 12.18.2006 WinAntiSpyware

TheHacker 6.0.3.141 01.01.2007 Aplicacion/WinFixer.t

VBA32 3.11.1 01.01.2007 Downloader.Win32.WinFixer.t

VirusBuster 4.3.19:9 01.01.2007 no virus found

Aditional Information

File size: 114688 bytes

MD5: d72dc52e537ed8479b08e1af661e0f0e

SHA1: ef688959df5b497c9dd634a6142915a54a2754d4

Prevx info: http://fileinfo.prevx.com/fileinfo.asp?PXC=8ea350412259

Sunbelt info: WinAntiSpyware is a rogue antis-pyware product which pesters users with scareware tactics to purchase the product.[/log]

2 januari, 2007

Installera AVG Anti-Spyware:

http://www.ewido.net/en/

Uppdatera programmet och ställ in det enligt första punktlistan på denna sida:

http://rstones12.geekstogo.com/ewidosetup.htm

Skanna inte igenom datorn än.

[log]Skanna med HijackThis och bocka för:

O2 - BHO: TVEngine Helper /fleok=1D8A83A5C2E6107C91A475760EA83FA5EF80752B94E2DF795F7E4

32F3DC6 - {4B18DD50-C996-44fc-AC52-0FECFF82ED58} - c:\program\hbtools\hbtv\hbtvhelper.dll

O2 - BHO: HbTools - {74CC49F7-EB32-4A08-B204-948962A6E3DB} - C:\Program\HbTools\Bin\4.8.2.0\HbtHostIE.dll

O3 - Toolbar: H&otbar - {74CC49F7-EB32-4A08-B204-948962A6E3DB} - C:\Program\HbTools\Bin\4.8.2.0\HbtHostIE.dll

O4 - HKLM\..\Run: [HbTools] C:\Program\HbTools\Bin\4.8.2.0\HbtOEAddOn.exe

O4 - HKLM\..\Run: [kgzzwuyj] C:\WINDOWS\system32\ctcypddc.exe

O4 - HKLM\..\Run: [erscw] C:\Program\Delade filer\Error Safe\erscw.exe -c

Om du inte längre kör Ladbrokes Poker så även denna rad:

O9 - Extra button: Ladbrokes Poker - {C2A80015-C447-4dc4-82DD-AED83D6ED57E} - C:\Program\ladbrokesMPP\MPPoker.exe (file missing)

Avsluta alla andra program.

Tryck Fix checked.

Starta om datorn i felsäkert läge (tryck F8 upprepade gånger under uppstarten och välj felsäkert läge i menyn).

Ställ in Utforskaren så att du kan se alla filer:

Verktyg - (Mapp)alternativ eller liknande - Visning

Välj Visa dolda filer och mappar

Avbocka Dölj filnamnstillägg för kända filtyper

Avbocka Dölj skyddade operativsystemfiler

Ta bort filerna (om de finns kvar):

C:\WINDOWS\system32\ctcypddc.exe

Ta bort mapparna (om de finns kvar):

C:\Program\HbTools

C:\Program\Delade filer\Error Safe

Skanna datorn med AVG Anti-Spyware på detta sätt:

Tryck på Scanner.

Gå till Scan-fliken

Tryck på Complete System Scan

När skanningen är klar så välj Apply all actions (ska vara att sätta i karantän om du har ställt in programmet rätt).

Tryck Reports, sedan välj Save report as och spara rapporten t ex på Skrivbordet.

Starta om i normalt läge och så en ny HijackThis-logg samt rapporten från AVG Anti-Spyware.

OBS! Viktigt att när du har klistrat in en logg i ditt svar så markera (måla) loggen och så tryck på LOG-knappen, som finns på samma rad som :thumbsdown: :thumbsup: .[/log]

3 januari, 2007

Nu är det nån bov i familjen som har använt dator emellan stegen här, vet inte om det har pajat nåt.. här är hijackthisloggen och avg loggen i alla fall. Hjälpen äro mycket uppskattad!

[log]Logfile of HijackThis v1.99.1

Scan saved at 14:25:17, on 2007-01-03

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\hkcmd.exe

C:\Program\Dell\Media Experience\PCMService.exe

C:\Program\CyberLink\PowerDVD\DVDLauncher.exe

C:\Program\Intel\Modem Event Monitor\IntelMEM.exe

C:\WINDOWS\system32\dla\tfswctrl.exe

C:\Program\Delade filer\Sonic\Update Manager\sgtray.exe

C:\Program\Delade filer\Symantec Shared\ccApp.exe

C:\Program\Telia\Supportassistent\bin\tgcmd.exe

C:\Jocke\Program\Adobe Acrobat 7.0 Professional\Distillr\Acrotray.exe

C:\Program\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe

C:\Program\Java\jre1.5.0_10\bin\jusched.exe

C:\Program\Grisoft\AVG Anti-Spyware 7.5\avgas.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Jocke\Program\Adobe Acrobat 7.0 Professional\Acrobat\acrobat_sl.exe

C:\Program\MSN Toolbar Suite\DS\02.05.0001.1119\sv-se\bin\WindowsSearch.exe

C:\Program\Grisoft\AVG Anti-Spyware 7.5\guard.exe

C:\Program\MSN Toolbar Suite\DS\02.05.0001.1119\sv-se\bin\WindowsSearchIndexer.exe

C:\Program\Delade filer\Symantec Shared\ccProxy.exe

C:\Program\Delade filer\Symantec Shared\ccSetMgr.exe

C:\Program\Delade filer\EPSON\EBAPI\SAgent2.exe

C:\WINDOWS\system32\slserv.exe

c:\program\GV650\GV650.exe

C:\Program\Delade filer\Symantec Shared\SNDSrvc.exe

C:\WINDOWS\System32\svchost.exe

C:\Program\Delade filer\Symantec Shared\ccEvtMgr.exe

C:\Program\Delade filer\Symantec Shared\Security Center\SymWSC.exe

C:\Program\Messenger\msmsgs.exe

c:\program\GV650\BcastTcp.exe

c:\program\GV650\DmHealthSvr.exe

c:\program\GV650\DMMailServer.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\wuauclt.exe

C:\PROGRAM\MOZILL~1\FIREFOX.EXE

C:\Program\MSN Toolbar Suite\SL\02.05.0001.1119\sv-se\msn_sl.exe

C:\Documents and Settings\Dick\Skrivbord\hijackthis\HijackThis.exe