Just nu i M3-nätverket
Jump to content

System Alert Popup (hjälp Cecilia!)


Bubler

Recommended Posts

Hej. Jag fick problem igår kväll av nån anledning. Läste då i en tråd om Antivermins. Där gav Cicilia mycket goda råd men så när jag trodde att allt var klart började helvetet om igen. Jag hittade nämligen ett litet program som jag skulle avinstallera. Fick då ett meddelande som sa att jag måste starta om datorn för att kunna ta bort "System Alert Popup".

Så jag gjorde det dumt nog. Tror att den installerade tillbaka en hel del skit då och nu har jag tröttnat och rört till det i skallen alldeles.

Kan jag få lite hjälp? Nån?

 

 

/Bubler

 

 

 

Link to comment
Share on other sites

Vi kan ju se om HijackThis visar något till att börja med:

http://www.thespykiller.co.uk/files/HJTsetup.exe

Installera, kör, skanna och spara loggen (inget annat).

 

I ditt svar bifogar du HijackThis-loggen på detta sätt:

Tryck på LOG-knappen i Besvara-fönstret

Klistra in loggen

Tryck igen på LOG-knappen

 

Ladda ner programmet SmitfraudFix (by S!Ri) till Skrivbordet:

http://siri.urz.free.fr/Fix/SmitfraudFix.zip

Högerklicka och extrahera allt innehåll till Skrivbordet. En mapp SmitfraudFix kommer att skapas.

 

Öppna SmitfraudFix-mappen och dubbelklicka på smitfraudfix.cmd.

Välj alternativ #1 - Search genom att trycka på 1 och Enter.

Programmet kommer att skanna igenom datorn.

När den är klart visas resultatet och programmet har skapat loggfilen C:\rapport.txt.

 

Klistra in innehållet i loggfilen i ditt svar här och använd LOG-knappen.

 

Gör inget annat med SmitfraudFix-mappen eller smitfraudfix.cmd.

 

Link to comment
Share on other sites

[log]Logfile of HijackThis v1.99.1

Scan saved at 17:55:08, on 2007-01-02

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program\Delade filer\Symantec Shared\ccSetMgr.exe

C:\Program\Delade filer\Symantec Shared\SNDSrvc.exe

C:\Program\Delade filer\Symantec Shared\SPBBC\SPBBCSvc.exe

C:\Program\Delade filer\Symantec Shared\ccEvtMgr.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program\Symantec\LiveUpdate\ALUSchedulerSvc.exe

C:\WINDOWS\System32\CTsvcCDA.exe

E:\Program\Norton AntiVirus\navapsvc.exe

E:\Program\Norton AntiVirus\IWP\NPFMntor.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\System32\svchost.exe

C:\Program\Delade filer\Symantec Shared\CCPD-LC\symlcsvc.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\System32\MsPMSPSv.exe

C:\WINDOWS\system32\CTHELPER.EXE

C:\WINDOWS\System32\rmctrl.exe

C:\WINDOWS\system32\WgaTray.exe

C:\Program\Delade filer\Symantec Shared\ccApp.exe

C:\Program\Delade filer\Logitech\QCDriver2\LVCOMS.EXE

C:\Program\Logitech\ImageStudio\LogiTray.exe

C:\Program\D-Tools\daemon.exe

E:\program\premiere\quicktime\qttask.exe

C:\Program\Delade filer\Real\Update_OB\realsched.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program\Messenger\msmsgs.exe

E:\Program\Spybot - Search & Destroy\TeaTimer.exe

C:\Program\MSN Messenger\MsnMsgr.Exe

C:\Program\Logitech\ImageStudio\LowLight.exe

C:\Program\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe

C:\WINDOWS\System32\svchost.exe

C:\Program\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe

C:\Program\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe

C:\Program\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe

C:\Program\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe

C:\Program\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe

E:\Program\Qualcomm\Eudora\Eudora.exe

C:\Program\Internet Explorer\iexplore.exe

E:\Program\Norton AntiVirus\OPScan.exe

E:\program\Hijackthis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.viainternet.foreningssparbanken.se/bvi/inloggning_noframe_fspa

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - E:\program\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program\Java\jre1.5.0_04\bin\ssv.dll (file missing)

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program\google\googletoolbar3.dll

O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - E:\Program\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - E:\Program\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program\google\googletoolbar3.dll

O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE

O4 - HKLM\..\Run: [updReg] C:\WINDOWS\UpdReg.EXE

O4 - HKLM\..\Run: [CTStartup] C:\Program\Creative\Splash Screen\CTEaxSpl.EXE /run

O4 - HKLM\..\Run: [RemoteControl] C:\WINDOWS\System32\rmctrl.exe

O4 - HKLM\..\Run: [symantec NetDriver Monitor] C:\Program\SYMNET~1\SNDMon.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [ccApp] "C:\Program\Delade filer\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [Jet Detection] C:\Program\Creative\SBAudigy\PROGRAM\ADGJDet.exe

O4 - HKLM\..\Run: [LVCOMS] "C:\Program\Delade filer\Logitech\QCDriver2\LVCOMS.EXE"

O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program\Logitech\ImageStudio\ISStart.exe

O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program\Logitech\ImageStudio\LogiTray.exe

O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program\D-Tools\daemon.exe" -lang 1033

O4 - HKLM\..\Run: [AceGain LiveUpdate] e:\Program\AceGain\LiveUpdate\LiveUpdate.exe

O4 - HKLM\..\Run: [QuickTime Task] "E:\program\premiere\quicktime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [TkBellExe] "C:\Program\Delade filer\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent

O4 - HKLM\..\Run: [Microsoft WinUpdate] mntcgf032.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program\Java\jre1.5.0_04\bin\jusched.exe

O4 - HKLM\..\RunServices: [Microsoft WinUpdate] mntcgf032.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Program\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [Microsoft WinUpdate] mntcgf032.exe

O4 - HKCU\..\Run: [spybotSD TeaTimer] "e:\Program\Spybot - Search & Destroy\TeaTimer.exe"

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [swg] C:\Program\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program\Delade filer\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Bluetooth Manager.lnk = ?

O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe

O4 - Global Startup: Microsoft Office.lnk = E:\program\Microsoft Office\Office10\OSA.EXE

O8 - Extra context menu item: E&xportera till Microsoft Excel - res://E:\Program\MICROS~1\Office10\EXCEL.EXE/3000

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O12 - Plugin for .spop: C:\Program\Internet Explorer\Plugins\NPDocBox.dll

O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windupdates.com/get_file.php?bt=ie&p=3669f00b266159f91d5a5e5f7d6c7fe45a212eca0eb53d155f7f2d75349fd95cf44b264f2c38b3fa227dc8071b2b0dfdd561eaa0398dd574e24fccdf5dd61755:e71668d3bfa7fc19043f7497194f6505

O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.2.2.89.cab

O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamespyarcade.com/software/launch/alaunch.cab

O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://83.166.0.220/activex/AxisCamControl.cab

O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab32846.cab

O16 - DPF: {CAFEEFAC-0014-0002-0009-ABCDEFFEDCBA} (Java Plug-in 1.4.2_09) -

O16 - DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} -

O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} -

O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{16DC28B4-23F6-4035-BC68-42D864A513A3}: NameServer = 213.79.168.2,212.217.248.3

O17 - HKLM\System\CCS\Services\Tcpip\..\{1875BB86-9636-4CE5-BB03-698B99929309}: NameServer = 213.79.168.2,212.217.248.3

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\Program\MSNMES~1\msgrapp.dll" (file missing)

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program\Symantec\LiveUpdate\ALUSchedulerSvc.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccPwdSvc.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccSetMgr.exe

O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program\Delade filer\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\Program\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - E:\Program\Norton AntiVirus\navapsvc.exe

O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - E:\Program\Norton AntiVirus\IWP\NPFMntor.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: SAVScan - Symantec Corporation - E:\Program\Norton AntiVirus\SAVScan.exe

O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\Program\DELADE~1\SYMANT~1\SCRIPT~1\SBServ.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\SNDSrvc.exe

O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\SPBBC\SPBBCSvc.exe

O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\CCPD-LC\symlcsvc.exe

O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\Security Center\SymWSC.exe

 

[/log]

 

[log]SmitFraudFix v2.132

 

Scan done at 17:56:16,25, 2007-01-02

Run from C:\Documents and Settings\Daniel\Skrivbord\virus grejer\SmitfraudFix\SmitfraudFix

OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT

The filesystem type is NTFS

Fix run in normal mode

 

»»»»»»»»»»»»»»»»»»»»»»»» C:

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Daniel

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Daniel\Application Data

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Start Menu

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Daniel\FAVORI~1

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Desktop

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\Program

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

 

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler

!!!Attention, following keys are not inevitably infected!!!

 

SrchSTS.exe by S!Ri

Search SharedTaskScheduler's .dll

 

 

»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs

!!!Attention, following keys are not inevitably infected!!!

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"AppInit_DLLs"=""

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System

!!!Attention, following keys are not inevitably infected!!!

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]

"System"=""

 

 

»»»»»»»»»»»»»»»»»»»»»»»» pe386-msguard-lzx32

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection

 

 

»»»»»»»»»»»»»»»»»»»»»»»» End

 

[/log]

 

Link to comment
Share on other sites

Vi kan börja såhär.

 

Ladda ner HijackThis

 

http://www.thespykiller.co.uk/files/HJTsetup.exe

 

Installera, kör, skanna och spara loggen (inget annat).

Klistra in loggen (använd logknappen) så får någon av våra "experter" titta på den, exempelvis Cecilia som är erkänt duktig på att tyda dessa.

 

 

Om inte den länken fungerar, "har varit nere tidigare", så ladda ner HijackThis härifrån istället.

 

http://www.spywareinfo.com/~merijn/programs.php#hijackthis

 

 

:) ser att Cecilia redan är igång:)

 

 

 

 

// Gästen

 

Sopa alltid rent framför egen dörr

 

[inlägget ändrat 2007-01-02 18:00:10 av //gästen]

[inlägget ändrat 2007-01-02 18:01:26 av //gästen]

Link to comment
Share on other sites

Du har en mask som känner av knappnedtryckningar och stjäl information, så det är bäst att hålla internetanslutningen urdragen så mycket som möjligt och när datorn är ren (eller om du har en annan dator) byt lösenord som används på internet och i datorn.

 

Starta om datorn i felsäkert läge (tryck F8 upprepade gånger under uppstarten och välj felsäkert läge i menyn).

 

Skanna med HijackThis och bocka för:

 

O4 - HKLM\..\Run: [Microsoft WinUpdate] mntcgf032.exe

O4 - HKLM\..\RunServices: [Microsoft WinUpdate] mntcgf032.exe

O4 - HKCU\..\Run: [Microsoft WinUpdate] mntcgf032.exe

O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windupdates.com/get_file.php?bt=ie&p=3669f00b26

6159f91d5a5e5f7d6c7fe45a212eca0eb53d155f7f2d75349fd95cf44b264f2c3...

 

Avsluta alla andra program.

Tryck Fix checked.

 

Ställ in Utforskaren så att du kan se alla filer:

Verktyg - (Mapp)alternativ eller liknande - Visning

Välj Visa dolda filer och mappar

Avbocka Dölj filnamnstillägg för kända filtyper

Avbocka Dölj skyddade operativsystemfiler

 

Ta bort filerna (om de finns kvar):

C:\WINDOWS\System32\mntcgf032.exe

C:\WINDOWS\mntcgf032.exe

 

Starta om i normalt läge och så en ny HijackThis-logg.

 

Link to comment
Share on other sites

Här kommer loggen. Är jag ren nu?

 

[log]Logfile of HijackThis v1.99.1

Scan saved at 18:43:20, on 2007-01-02

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program\Delade filer\Symantec Shared\ccSetMgr.exe

C:\Program\Delade filer\Symantec Shared\SNDSrvc.exe

C:\Program\Delade filer\Symantec Shared\SPBBC\SPBBCSvc.exe

C:\Program\Delade filer\Symantec Shared\ccEvtMgr.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program\Symantec\LiveUpdate\ALUSchedulerSvc.exe

C:\WINDOWS\System32\CTsvcCDA.exe

E:\Program\Norton AntiVirus\navapsvc.exe

E:\Program\Norton AntiVirus\IWP\NPFMntor.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\System32\svchost.exe

C:\Program\Delade filer\Symantec Shared\CCPD-LC\symlcsvc.exe

C:\WINDOWS\System32\MsPMSPSv.exe

C:\WINDOWS\system32\WgaTray.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\CTHELPER.EXE

C:\WINDOWS\System32\rmctrl.exe

C:\Program\Delade filer\Symantec Shared\ccApp.exe

C:\Program\Delade filer\Logitech\QCDriver2\LVCOMS.EXE

C:\Program\Logitech\ImageStudio\LogiTray.exe

C:\Program\D-Tools\daemon.exe

E:\program\premiere\quicktime\qttask.exe

C:\Program\Delade filer\Real\Update_OB\realsched.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program\Messenger\msmsgs.exe

E:\Program\Spybot - Search & Destroy\TeaTimer.exe

C:\Program\MSN Messenger\MsnMsgr.Exe

C:\Program\Logitech\ImageStudio\LowLight.exe

C:\Program\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe

C:\Program\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe

C:\Program\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe

C:\WINDOWS\system32\msiexec.exe

C:\Program\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe

C:\Program\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe

C:\WINDOWS\system32\wuauclt.exe

E:\program\Hijackthis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.viainternet.foreningssparbanken.se/bvi/inloggning_noframe_fspa

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - E:\program\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program\Java\jre1.5.0_04\bin\ssv.dll (file missing)

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program\google\googletoolbar3.dll

O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - E:\Program\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - E:\Program\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program\google\googletoolbar3.dll

O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE

O4 - HKLM\..\Run: [updReg] C:\WINDOWS\UpdReg.EXE

O4 - HKLM\..\Run: [CTStartup] C:\Program\Creative\Splash Screen\CTEaxSpl.EXE /run

O4 - HKLM\..\Run: [RemoteControl] C:\WINDOWS\System32\rmctrl.exe

O4 - HKLM\..\Run: [symantec NetDriver Monitor] C:\Program\SYMNET~1\SNDMon.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [ccApp] "C:\Program\Delade filer\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [Jet Detection] C:\Program\Creative\SBAudigy\PROGRAM\ADGJDet.exe

O4 - HKLM\..\Run: [LVCOMS] "C:\Program\Delade filer\Logitech\QCDriver2\LVCOMS.EXE"

O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program\Logitech\ImageStudio\ISStart.exe

O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program\Logitech\ImageStudio\LogiTray.exe

O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program\D-Tools\daemon.exe" -lang 1033

O4 - HKLM\..\Run: [AceGain LiveUpdate] e:\Program\AceGain\LiveUpdate\LiveUpdate.exe

O4 - HKLM\..\Run: [QuickTime Task] "E:\program\premiere\quicktime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [TkBellExe] "C:\Program\Delade filer\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program\Java\jre1.5.0_04\bin\jusched.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Program\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [spybotSD TeaTimer] "e:\Program\Spybot - Search & Destroy\TeaTimer.exe"

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [swg] C:\Program\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program\Delade filer\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Bluetooth Manager.lnk = ?

O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe

O4 - Global Startup: Microsoft Office.lnk = E:\program\Microsoft Office\Office10\OSA.EXE

O8 - Extra context menu item: E&xportera till Microsoft Excel - res://E:\Program\MICROS~1\Office10\EXCEL.EXE/3000

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O12 - Plugin for .spop: C:\Program\Internet Explorer\Plugins\NPDocBox.dll

O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} -

O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.2.2.89.cab

O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamespyarcade.com/software/launch/alaunch.cab

O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://83.166.0.220/activex/AxisCamControl.cab

O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab32846.cab

O16 - DPF: {CAFEEFAC-0014-0002-0009-ABCDEFFEDCBA} (Java Plug-in 1.4.2_09) -

O16 - DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} -

O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} -

O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{16DC28B4-23F6-4035-BC68-42D864A513A3}: NameServer = 213.79.168.2,212.217.248.3

O17 - HKLM\System\CCS\Services\Tcpip\..\{1875BB86-9636-4CE5-BB03-698B99929309}: NameServer = 213.79.168.2,212.217.248.3

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\Program\MSNMES~1\msgrapp.dll" (file missing)

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program\Symantec\LiveUpdate\ALUSchedulerSvc.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccPwdSvc.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccSetMgr.exe

O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program\Delade filer\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\Program\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - E:\Program\Norton AntiVirus\navapsvc.exe

O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - E:\Program\Norton AntiVirus\IWP\NPFMntor.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: SAVScan - Symantec Corporation - E:\Program\Norton AntiVirus\SAVScan.exe

O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\Program\DELADE~1\SYMANT~1\SCRIPT~1\SBServ.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\SNDSrvc.exe

O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\SPBBC\SPBBCSvc.exe

O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\CCPD-LC\symlcsvc.exe

O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\Security Center\SymWSC.exe

 

[/log]

 

Link to comment
Share on other sites

Det syns i alla fall inget otrevligt i loggen.

 

Det är en gammal Java-version med säkerhetshål i datorn. Avinstallera alla Java i Kontrollpanelen - Lägg till eller ta bort program och installera därefter en ny: http://www.java.com/sv/

 

Ladda hem och installera gratisversionen av SUPERAntiSpyware Free Edition:

http://www.superantispyware.com/download.html

Starta programmet, klicka på Check for updates.

Avsluta programmet när uppdateringen är klar.

 

Starta om datorn i felsäkert läge (tryck F8 upprepade gånger under uppstarten och välj felsäkert läge i menyn).

 

Starta SUPERAntiSpyware och klicka på Scan your Computer.

Bocka för alla hårddiskar (fixed drive/disk).

Välj Perform complete scan

Nästa/Next

 

När skanningen är klar som kommer det upp en sammanfattning, tryck på OK

Nästa/Next

Utför eller liknande

Ett fönster med Quarantine and removal Complete kommer upp

OK

Utför eller liknande

Avsluta programmet.

 

Starta om i normalt läge.

 

Starta programmet, tryck på Preferences, välj filken Statistics/Logs

Dubbelklicka på den nyaste SUPERAntiSpyware Scan Log så att loggen kommer upp i Anteckningar.

Klistra in loggen i ditt svar

 

Link to comment
Share on other sites

Här kommer ytterligare en logg

 

[log]SUPERAntiSpyware Scan Log

Generated 01/03/2007 at 01:41 PM

 

Application Version : 3.4.1000

 

Core Rules Database Version : 3158

Trace Rules Database Version: 1171

 

Scan type : Complete Scan

Total Scan Time : 00:25:06

 

Memory items scanned : 162

Memory threats detected : 0

Registry items scanned : 6111

Registry threats detected : 0

File items scanned : 18222

File threats detected : 2

 

Adware.Tracking Cookie

C:\Documents and Settings\Daniel\Cookies\system@adtech[2].txt

C:\Documents and Settings\Daniel\Cookies\system@2o7[1].txt

[/log]

 

Link to comment
Share on other sites

Rent där också, så nu är det nog bra.

Uppför sig datorn bra?

 

Här kommer mina vanliga råd för en säkrare dator, men det är så klart viktigt att man använder sitt förnuft också.

 

Uppdatera från Windows Update och kör antispionprogrammen AVG Anti-Spyware (Ewido), SUPERAntiSpyware, Spybot S&D och/eller Ad-aware regelbundet.

http://www.ewido.net/en/

http://www.superantispyware.com/

http://www.safer-networking.org/en/download/index.html

http://www.lavasoft.com

 

Komplettera antivirusprogrammet med några online-skanningar då och då:

http://housecall.trendmicro.com/

http://www.bitdefender.com/scan8/ie.html

http://www.pandasoftware.com/products/activescan/

 

Använd en brandvägg (bättre än den inbyggda i XP), finns gratis från t ex ZoneLabs.

http://www.zonelabs.com/store/content/home.jsp

 

Om man använder Internet Explorer så kan det vara lämpligt att ha programmen SpywareBlaster och SpywareGuard, vilka hindrar en hel del otrevliga program från att laddas ner resp. köras:

http://www.javacoolsoftware.com

 

Se över säkerhetsinställningarna i Internet Explorer, det finns en hel del tips här:

http://www.spywarewarrior.com/uiuc/btw/ie/ie-opts.htm

 

Samt kör IE-SpyAd som lägger en hel massa otrevliga webbplatser i zonen Ej tillförlitliga i Internet Explorer så att de inte kan göra något med datorn:

http://www.spywarewarrior.com/uiuc/resource.htm

 

Om man byter webbläsare så är det bara SpywareGuard som behövs. Andra webbläsare är t ex Mozilla Firefox och Opera:

http://www.mozilla.org

http://www.opera.com

 

Allt gratis för hemanvändare/personligt bruk.

 

Link to comment
Share on other sites

Jo datorn uppför sig ordentligt nu. Har inte tänkt så mycket på säkerheten tidigare men med dina råd är det ju inte så besvärligt att skydda sig lite bättre, tack.

Jag har däremot upptäckt att jag har en hel del blåmarkerade kataloger i windowskatalogen.

Kan se ut så här c:\windows\$NtUninstallKB926255$

 

Jag förstår att det är nån slags säkerhetskopia som skapats av nåt prg för att kunna återställa om det blivit nåt fel efter nån åtgärd. Datorn funkar ju bra nu så jag borde väl kunna ta bort alla dessa?

 

Hur kan jag lära mig att tolka alla dessa loggar, det verkar ju uppenbarligen ganska intressant?

 

Stort tack.

 

 

Link to comment
Share on other sites

Tack för alla poäng! :) :)

 

Jag förstår att det är nån slags säkerhetskopia som skapats av nåt prg för att kunna återställa om det blivit nåt fel efter nån åtgärd.

De skapas av Windows Update för att det ska gå att avinstallera en uppdatering. Det bör gå att ta bort mapparna om utrymmet är viktigt att använda till annat.

 

Hur kan jag lära mig att tolka alla dessa loggar, det verkar ju uppenbarligen ganska intressant?

//eforum.idg.se/viewmsg.asp?EntriesId=892467#892628

:thumbsup:

 

Link to comment
Share on other sites

De skapas av Windows Update för att det ska gå att avinstallera en uppdatering. Det bör gå att ta bort mapparna om utrymmet är viktigt att använda till annat.

 

Hur vanligt är det att man behöver dessa?

 

Själv råkade jag nyligen ut för att en 1 1/2 år gammal patch förhindrade att datorn ens gick att starta i felsäkert läge (en skedulerad filborttagning låste sig). Genom att starta i nåt recovery-mode (?) frpn XP-skivan gick det att avinstallera patchen. Datorn startade och nu är patchen ditlagd igen och allt verkar vara frid och fröjd. Jag är faktiskt lite förvånad att det gick att göra så.

 

Om det här nu verkligen var den riktiga lösningen på problemet, d v s att en gammal patch är buggig och kan orsaka problem långt långt senare, ja då vill man ju aldrig ta bort dessa mappar...

 

Link to comment
Share on other sites

Själv råkade jag nyligen ut för att en 1 1/2 år gammal patch förhindrade att datorn ens gick att starta i felsäkert läge (en skedulerad filborttagning låste sig).

Hur kom du på att det var den patchen?

 

Link to comment
Share on other sites

Googlade på felutskriften :-)

 

"The Session manager initialization system process

terminated unexpectedly with a status of

0xc000026c"

 

//eforum.idg.se/viewmsg.asp?EntriesId=901039#901387

 

 

Link to comment
Share on other sites

  • 4 weeks later...

Hej,

 

Jag har samma problem, hoppas att ni kan hjälpa mig.

 

Micke

 

 

[log]

 

SmitFraudFix v2.137

 

Scan done at 15:54:57,57, 2007-01-29

Run from D:\virusprogram\fixa_datorn\SmitfraudFix\SmitfraudFix

OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT

The filesystem type is NTFS

Fix run in normal mode

 

»»»»»»»»»»»»»»»»»»»»»»»» C:

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

 

C:\WINDOWS\system32\atmclk.exe FOUND !

C:\WINDOWS\system32\cthkpcv.dll FOUND !

C:\WINDOWS\system32\dcomcfg.exe FOUND !

C:\WINDOWS\system32\ld???.tmp FOUND !

C:\WINDOWS\system32\ld????.tmp FOUND !

C:\WINDOWS\system32\ot.ico FOUND !

C:\WINDOWS\system32\ts.ico FOUND !

C:\WINDOWS\system32\1024\ FOUND !

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\micke

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\micke\Application Data

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Start Menu

 

C:\DOCUME~1\ALLUSE~1\START-~1\Online Security Guide.url FOUND !

C:\DOCUME~1\ALLUSE~1\START-~1\Security Troubleshooting.url FOUND !

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\micke\FAVORI~1

 

C:\DOCUME~1\micke\FAVORI~1\Antivirus Test Online.url FOUND !

C:\DOCUME~1\micke\FAVORI~1\Online Security Test.url FOUND !

 

»»»»»»»»»»»»»»»»»»»»»»»» Desktop

 

C:\DOCUME~1\ALLUSE~1\SKRIVB~1\Online Security Guide.url FOUND !

C:\DOCUME~1\ALLUSE~1\SKRIVB~1\Security Troubleshooting.url FOUND !

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\Program

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]

"Source"="About:Home"

"SubscribedURL"="About:Home"

"FriendlyName"="Min aktuella startsida"

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler

!!!Attention, following keys are not inevitably infected!!!

 

SrchSTS.exe by S!Ri

Search SharedTaskScheduler's .dll

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]

"{8dc1f789-e073-4363-b40d-07376bc5ecc5}"="articulation"

 

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]

"bestreak"="{874443fe-aa33-4ebf-a6ac-73208787e62d}"

 

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]

"{3c767c6b-602d-4b9b-829d-a3dc5b2d89dd}"="haematobia"

 

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]

"{b59f3ba4-98da-4b5f-8a2d-7b56fb11140b}"="buprestidae"

 

[HKEY_CLASSES_ROOT\CLSID\{b59f3ba4-98da-4b5f-8a2d-7b56fb11140b}\InProcServer32]

@="C:\WINDOWS\system32\cthkpcv.dll"

 

[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{b59f3ba4-98da-4b5f-8a2d-7b56fb11140b}\InProcServer32]

@="C:\WINDOWS\system32\cthkpcv.dll"

 

 

 

»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs

!!!Attention, following keys are not inevitably infected!!!

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"AppInit_DLLs"=""

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System

!!!Attention, following keys are not inevitably infected!!!

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]

"System"=""

 

 

»»»»»»»»»»»»»»»»»»»»»»»» pe386-msguard-lzx32-huy32

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection

 

 

»»»»»»»»»»»»»»»»»»»»»»»» End

 

[/log]

 

[log]

 

Logfile of HijackThis v1.99.1

Scan saved at 15:47:20, on 2007-01-29

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\cisvc.exe

C:\WINDOWS\system32\inetsrv\inetinfo.exe

C:\WINDOWS\system32\wdfmgr.exe

D:\Program\VMware\VMware Workstation\vmware-authd.exe

C:\Program\Delade filer\VMware\VMware Virtual Image Editing\vmount2.exe

C:\WINDOWS\system32\vmnat.exe

C:\WINDOWS\system32\vmnetdhcp.exe

C:\WINDOWS\Explorer.EXE

C:\Program\DAEMON Tools\daemon.exe

C:\Program\Delade filer\Real\Update_OB\realsched.exe

C:\WINDOWS\system32\RunDll32.exe

C:\Program\Java\jre1.5.0_10\bin\jusched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program\MSN Messenger\MsnMsgr.Exe

C:\Program\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

C:\Program\TightVNC\WinVNC.exe

C:\WINDOWS\System32\alg.exe

D:\norman\Bin\Zanda.exe

D:\norman\Bin\Zlh.exe

D:\norman\bin\NJEEVES.EXE

D:\norman\Nvc\bin\nvcoas.exe

D:\norman\Nvc\BIN\NIP.EXE

D:\norman\Nvc\BIN\NVCSCHED.EXE

D:\norman\Nvc\BIN\nipsvc.exe

D:\norman\Nvc\bin\cclaw.exe

C:\WINDOWS\system32\cidaemon.exe

C:\Program\Internet Explorer\iexplore.exe

C:\Program\Hijackthis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.aftonbladet.se/

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar

R3 - Default URLSearchHook is missing

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {1da7dbe8-c51b-4ae4-bc6e-21863349b0b4} - (no file)

O2 - BHO: (no name) - {259F616C-A300-44F5-B04A-ED001A26C85C} - (no file)

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program\Java\jre1.5.0_10\bin\ssv.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program\Delade filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program\google\googletoolbar3.dll

O3 - Toolbar: Protection Bar - {5d4831e0-5a7c-4a46-afd5-a79ab8ce36c2} - C:\Documents and Settings\micke\Lokala inställningar\Temp\temp.fr6630\iesplugin.dll (file missing)

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program\google\googletoolbar3.dll

O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program\DAEMON Tools\daemon.exe" -lang 1033

O4 - HKLM\..\Run: [TkBellExe] "C:\Program\Delade filer\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program\Java\jre1.5.0_10\bin\jusched.exe"

O4 - HKLM\..\Run: [Norman ZANDA] D:\norman\bin\ZLH.EXE /LOAD /SPLASH

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program\Delade filer\Ahead\Lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [PestTrap] C:\Program Files\PestTrap\PestTrap.exe

O4 - HKCU\..\Run: [Free Download Manager] C:\Program\Free Download Manager\fdm.exe -autorun

O4 - HKCU\..\Run: [bitTorrent] "C:\Program\BitTorrent\bittorrent.exe" --force_start_minimized

O4 - HKCU\..\Run: [swg] C:\Program\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [updateMgr] "C:\Program\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Microsoft Office.lnk = D:\Program\Microsoft Office\Office10\OSA.EXE

O4 - Global Startup: WinVNC.exe.lnk = C:\Program\TightVNC\WinVNC.exe

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZFxdm255YYSE

O8 - Extra context menu item: E&xportera till Microsoft Excel - res://D:\Program\MICROS~1\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_10\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_10\bin\ssv.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab

O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab

O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/ei/MyMailNotifierFWBInitialSetup1.0.0.15.cab

O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) - http://picasaweb.google.se/s/v/14.22/uploader2.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by110fd.bay110.hotmail.msn.com/resources/MsnPUpld.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1125844523923

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab

O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - http://support.f-secure.com/ols/fscax.cab

O16 - DPF: {A25BE7A9-3102-46B4-BAAE-462471B60ACB} (STConnectivityAgent Control) - https://remoteoffice.gehealthcare.com/sametime/javaconnect/InstallSTConnAgent.cab,DanaInfo=.acptsqjk0qwq.BpNvuQu76,CT=java+

O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program\MSNMES~1\MSGRAP~1.DLL

O21 - SSODL: bestreak - {874443fe-aa33-4ebf-a6ac-73208787e62d} - (no file)

O21 - SSODL: buprestidae - {b59f3ba4-98da-4b5f-8a2d-7b56fb11140b} - C:\WINDOWS\system32\cthkpcv.dll

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Norman API-hooking helper (NipSvc) - Unknown owner - D:\norman\Nvc\BIN\nipsvc.exe

O23 - Service: Norman NJeeves - Unknown owner - D:\norman\bin\NJEEVES.EXE

O23 - Service: Norman ZANDA - Unknown owner - D:\norman\Bin\Zanda.exe

O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - D:\norman\Nvc\bin\nvcoas.exe

O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman Data Defense Systems - D:\norman\Nvc\BIN\NVCSCHED.EXE

O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - D:\Program\VMware\VMware Workstation\vmware-authd.exe

O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINDOWS\system32\vmnetdhcp.exe

O23 - Service: VMware Virtual Mount Manager Extended (vmount2) - VMware, Inc. - C:\Program\Delade filer\VMware\VMware Virtual Image Editing\vmount2.exe

O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINDOWS\system32\vmnat.exe

[/log]

 

Link to comment
Share on other sites

Wow...tack för ett snabbt svar Cecilia! :thumbsup:

 

Här kommer en ny uppsättning logfiler. Jag har antivirusprogrammet Norman (Nordeas erbjudande)

 

[log]

 

Logfile of HijackThis v1.99.1

Scan saved at 18:54:18, on 2007-01-30

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\explorer.exe

C:\Program\Hijackthis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar

R3 - Default URLSearchHook is missing

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {259F616C-A300-44F5-B04A-ED001A26C85C} - (no file)

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program\Java\jre1.5.0_10\bin\ssv.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program\Delade filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program\google\googletoolbar3.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program\google\googletoolbar3.dll

O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program\DAEMON Tools\daemon.exe" -lang 1033

O4 - HKLM\..\Run: [TkBellExe] "C:\Program\Delade filer\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program\Java\jre1.5.0_10\bin\jusched.exe"

O4 - HKLM\..\Run: [Norman ZANDA] D:\norman\bin\ZLH.EXE /LOAD /SPLASH

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program\Delade filer\Ahead\Lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [Free Download Manager] C:\Program\Free Download Manager\fdm.exe -autorun

O4 - HKCU\..\Run: [bitTorrent] "C:\Program\BitTorrent\bittorrent.exe" --force_start_minimized

O4 - HKCU\..\Run: [swg] C:\Program\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [updateMgr] "C:\Program\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Microsoft Office.lnk = D:\Program\Microsoft Office\Office10\OSA.EXE

O4 - Global Startup: WinVNC.exe.lnk = C:\Program\TightVNC\WinVNC.exe

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZFxdm255YYSE

O8 - Extra context menu item: E&xportera till Microsoft Excel - res://D:\Program\MICROS~1\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_10\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_10\bin\ssv.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab

O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab

O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/ei/MyMailNotifierFWBInitialSetup1.0.0.15.cab

O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) - http://picasaweb.google.se/s/v/14.22/uploader2.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by110fd.bay110.hotmail.msn.com/resources/MsnPUpld.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1125844523923

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab

O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - http://support.f-secure.com/ols/fscax.cab

O16 - DPF: {A25BE7A9-3102-46B4-BAAE-462471B60ACB} (STConnectivityAgent Control) - https://remoteoffice.gehealthcare.com/sametime/javaconnect/InstallSTConnAgent.cab,DanaInfo=.acptsqjk0qwq.BpNvuQu76,CT=java+

O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program\MSNMES~1\MSGRAP~1.DLL

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Norman API-hooking helper (NipSvc) - Unknown owner - D:\norman\Nvc\BIN\nipsvc.exe

O23 - Service: Norman NJeeves - Unknown owner - D:\norman\bin\NJEEVES.EXE

O23 - Service: Norman ZANDA - Unknown owner - D:\norman\Bin\Zanda.exe

O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - D:\norman\Nvc\bin\nvcoas.exe

O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman Data Defense Systems - D:\norman\Nvc\BIN\NVCSCHED.EXE

O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - D:\Program\VMware\VMware Workstation\vmware-authd.exe

O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINDOWS\system32\vmnetdhcp.exe

O23 - Service: VMware Virtual Mount Manager Extended (vmount2) - VMware, Inc. - C:\Program\Delade filer\VMware\VMware Virtual Image Editing\vmount2.exe

O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINDOWS\system32\vmnat.exe

 

[/log]

 

[log]

 

SmitFraudFix v2.137

 

Scan done at 18:51:34,87, 2007-01-30

Run from D:\virusprogram\fixa_datorn\SmitfraudFix\SmitfraudFix

OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT

The filesystem type is NTFS

Fix run in safe mode

 

»»»»»»»»»»»»»»»»»»»»»»»» Before SmitFraudFix

!!!Attention, following keys are not inevitably infected!!!

 

SrchSTS.exe by S!Ri

Search SharedTaskScheduler's .dll

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]

"{8dc1f789-e073-4363-b40d-07376bc5ecc5}"="articulation"

 

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]

"bestreak"="{874443fe-aa33-4ebf-a6ac-73208787e62d}"

 

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]

"{3c767c6b-602d-4b9b-829d-a3dc5b2d89dd}"="haematobia"

 

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]

"{b59f3ba4-98da-4b5f-8a2d-7b56fb11140b}"="buprestidae"

 

[HKEY_CLASSES_ROOT\CLSID\{b59f3ba4-98da-4b5f-8a2d-7b56fb11140b}\InProcServer32]

@="C:\WINDOWS\system32\cthkpcv.dll"

 

[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{b59f3ba4-98da-4b5f-8a2d-7b56fb11140b}\InProcServer32]

@="C:\WINDOWS\system32\cthkpcv.dll"

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Killing process

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

 

GenericRenosFix by S!Ri

 

C:\WINDOWS\system32\cthkpcv.dll -> Hoax.Win32.Renos.gen.i

C:\WINDOWS\system32\cthkpcv.dll -> Deleted

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

 

C:\WINDOWS\system32\atmclk.exe Deleted

C:\WINDOWS\system32\dcomcfg.exe Deleted

C:\WINDOWS\system32\ld???.tmp Deleted

C:\WINDOWS\system32\ot.ico Deleted

C:\WINDOWS\system32\ts.ico Deleted

C:\WINDOWS\system32\1024\ Deleted

C:\DOCUME~1\ALLUSE~1\START-~1\Online Security Guide.url Deleted

C:\DOCUME~1\ALLUSE~1\START-~1\Security Troubleshooting.url Deleted

C:\DOCUME~1\ALLUSE~1\SKRIVB~1\Online Security Guide.url Deleted

C:\DOCUME~1\ALLUSE~1\SKRIVB~1\Security Troubleshooting.url Deleted

C:\DOCUME~1\micke\FAVORI~1\Antivirus Test Online.url Deleted

C:\DOCUME~1\micke\FAVORI~1\Online Security Test.url Deleted

 

»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System

!!!Attention, following keys are not inevitably infected!!!

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]

"System"=""

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

 

Registry Cleaning done.

 

»»»»»»»»»»»»»»»»»»»»»»»» After SmitFraudFix

!!!Attention, following keys are not inevitably infected!!!

 

SrchSTS.exe by S!Ri

Search SharedTaskScheduler's .dll

 

 

»»»»»»»»»»»»»»»»»»»»»»»» End

 

[/log]

 

[inlägget ändrat 2007-01-30 19:02:56 av jstankov]

Link to comment
Share on other sites

det ser mycket bättre ut men jag tror att du har mer skräpfiler kvar i datorn så du bör scanna en gång med superantispyware.

 

installera >uppdatera superantispyware.

http://www.superantispyware.com/downloads/SUPERAntiSpyware.exe

 

scan computer >välj complete scan >klicka på next >starta om.

öppna superantispyware >preferences >statistics/logs >markera senaste loggen >view >kopiera in det i loggen här.

 

posta även en ny HJT logg, den ska inte vara scannad i felsäkert läge

 

 

Link to comment
Share on other sites

Hej,

 

Har haft väldigt mycket att göra på jobbet men nu har jag gjort som du har sagt, här kommer loggarna.

 

[log]

SUPERAntiSpyware Scan Log

Generated 02/02/2007 at 11:55 PM

 

Application Version : 3.5.1016

 

Core Rules Database Version : 3177

Trace Rules Database Version: 1187

 

Scan type : Complete Scan

Total Scan Time : 00:49:44

 

Memory items scanned : 488

Memory threats detected : 0

Registry items scanned : 4950

Registry threats detected : 8

File items scanned : 28214

File threats detected : 155

 

Adware.Tracking Cookie

C:\Documents and Settings\micke\Cookies\micke@cgi-bin[2].txt

C:\Documents and Settings\micke\Cookies\micke@fastclick[2].txt

C:\Documents and Settings\micke\Cookies\micke@www.winfixer[1].txt

C:\Documents and Settings\micke\Cookies\micke@ar[2].txt

C:\Documents and Settings\micke\Cookies\micke@1065017992[1].txt

C:\Documents and Settings\micke\Cookies\micke@mediaplex[1].txt

C:\Documents and Settings\micke\Cookies\micke@pagead[1].txt

C:\Documents and Settings\micke\Cookies\micke@m1.webstats4u[2].txt

C:\Documents and Settings\micke\Cookies\micke@cgi-bin[1].txt

C:\Documents and Settings\micke\Cookies\micke@ads.tarrobads[1].txt

C:\Documents and Settings\micke\Cookies\micke@stats1.reliablestats[2].txt

C:\Documents and Settings\micke\Cookies\micke@allamedia[1].txt

C:\Documents and Settings\micke\Cookies\micke@ad.zanox[1].txt

C:\Documents and Settings\micke\Cookies\micke@tripod.lycos[1].txt

C:\Documents and Settings\micke\Cookies\micke@amaena[2].txt

C:\Documents and Settings\micke\Cookies\micke@msnportal.112.2o7[1].txt

C:\Documents and Settings\micke\Cookies\micke@atwola[1].txt

C:\Documents and Settings\micke\Cookies\micke@ad.yieldmanager[2].txt

C:\Documents and Settings\micke\Cookies\micke@revsci[1].txt

C:\Documents and Settings\micke\Cookies\micke@image.masterstats[1].txt

C:\Documents and Settings\micke\Cookies\micke@1070964830[2].txt

C:\Documents and Settings\micke\Cookies\micke@614779[2].txt

C:\Documents and Settings\micke\Cookies\micke@ads.monster[1].txt

C:\Documents and Settings\micke\Cookies\micke@www.xxxvogue[2].txt

C:\Documents and Settings\micke\Cookies\micke@atdmt[2].txt

C:\Documents and Settings\micke\Cookies\micke@ebse[1].txt

C:\Documents and Settings\micke\Cookies\micke@se[1].txt

C:\Documents and Settings\micke\Cookies\micke@www.lesbiancollegesex[2].txt

C:\Documents and Settings\micke\Cookies\micke@doubleclick[1].txt

C:\Documents and Settings\micke\Cookies\micke@swe[1].txt

C:\Documents and Settings\micke\Cookies\micke@interclick[1].txt

C:\Documents and Settings\micke\Cookies\micke@ad1.emediate[2].txt

C:\Documents and Settings\micke\Cookies\micke@adinterax[2].txt

C:\Documents and Settings\micke\Cookies\micke@www.spywarequake[1].txt

C:\Documents and Settings\micke\Cookies\micke@upspiral[1].txt

C:\Documents and Settings\micke\Cookies\micke@ad1.emediate[1].txt

C:\Documents and Settings\micke\Cookies\micke@track.adform[2].txt

C:\Documents and Settings\micke\Cookies\micke@ad.adtoma[1].txt

C:\Documents and Settings\micke\Cookies\micke@kanoodle[1].txt

C:\Documents and Settings\micke\Cookies\micke@1071626477[1].txt

C:\Documents and Settings\micke\Cookies\micke@www.videosdesexe[1].txt

C:\Documents and Settings\micke\Cookies\micke@go.drivecleaner[2].txt

C:\Documents and Settings\micke\Cookies\micke@1072544090[2].txt

C:\Documents and Settings\micke\Cookies\micke@www.belstat[2].txt

C:\Documents and Settings\micke\Cookies\micke@sexkanaler[3].txt

C:\Documents and Settings\micke\Cookies\micke@tradedoubler[1].txt

C:\Documents and Settings\micke\Cookies\micke@adbrite[2].txt

C:\Documents and Settings\micke\Cookies\micke@adopt.euroclick[2].txt

C:\Documents and Settings\micke\Cookies\micke@adecn[1].txt

C:\Documents and Settings\micke\Cookies\micke@audit.median[1].txt

C:\Documents and Settings\micke\Cookies\micke@media.fastclick[1].txt

C:\Documents and Settings\micke\Cookies\micke@c2[2].txt

C:\Documents and Settings\micke\Cookies\micke@partypoker[2].txt

C:\Documents and Settings\micke\Cookies\micke@adrevolver[2].txt

C:\Documents and Settings\micke\Cookies\micke@hostedctr[1].txt

C:\Documents and Settings\micke\Cookies\micke@go.winantivirus[2].txt

C:\Documents and Settings\micke\Cookies\micke@casalemedia[2].txt

C:\Documents and Settings\micke\Cookies\micke@www.allamedia[1].txt

C:\Documents and Settings\micke\Cookies\micke@se.winantivirus[1].txt

C:\Documents and Settings\micke\Cookies\micke@ads.cnn[1].txt

C:\Documents and Settings\micke\Cookies\micke@admarketplace[1].txt

C:\Documents and Settings\micke\Cookies\micke@securityworm5[1].txt

C:\Documents and Settings\micke\Cookies\micke@sexiganoveller[2].txt

C:\Documents and Settings\micke\Cookies\micke@tribalfusion[1].txt

C:\Documents and Settings\micke\Cookies\micke@legsex[1].txt

C:\Documents and Settings\micke\Cookies\micke@statcounter[2].txt

C:\Documents and Settings\micke\Cookies\micke@azjmp[1].txt

C:\Documents and Settings\micke\Cookies\micke@mb[1].txt

C:\Documents and Settings\micke\Cookies\micke@advertpro.ya[1].txt

C:\Documents and Settings\micke\Cookies\micke@adtech[2].txt

C:\Documents and Settings\micke\Cookies\micke@adrevolver[3].txt

C:\Documents and Settings\micke\Cookies\micke@ehg-comhem.hitbox[1].txt

C:\Documents and Settings\micke\Cookies\micke@advertising[1].txt

C:\Documents and Settings\micke\Cookies\micke@2o7[2].txt

C:\Documents and Settings\micke\Cookies\micke@www.eliteladies[1].txt

C:\Documents and Settings\micke\Cookies\micke@www.winantivirus[2].txt

C:\Documents and Settings\micke\Cookies\micke@torget[3].txt

C:\Documents and Settings\micke\Cookies\micke@www.burstnet[1].txt

C:\Documents and Settings\micke\Cookies\micke@www.sex-sex-sex[2].txt

C:\Documents and Settings\micke\Cookies\micke@stats.drivecleaner[2].txt

C:\Documents and Settings\micke\Cookies\micke@se.drivecleaner[1].txt

C:\Documents and Settings\micke\Cookies\micke@1068421597[2].txt

C:\Documents and Settings\micke\Cookies\micke@roiservice[1].txt

C:\Documents and Settings\micke\Cookies\micke@adopt.hbmediapro[2].txt

C:\Documents and Settings\micke\Cookies\micke@adserver[1].txt

C:\Documents and Settings\micke\Cookies\micke@www.amaena[1].txt

C:\Documents and Settings\micke\Cookies\micke@ge-healthcare[1].txt

C:\Documents and Settings\micke\Cookies\micke@1069646584[1].txt

C:\Documents and Settings\micke\Cookies\micke@clicktorrent[1].txt

C:\Documents and Settings\micke\Cookies\micke@sexkanaler[2].txt

C:\Documents and Settings\micke\Cookies\micke@www.drivecleaner[1].txt

C:\Documents and Settings\micke\Cookies\micke@1068272483[1].txt

C:\Documents and Settings\micke\Cookies\micke@adultcheck[1].txt

C:\Documents and Settings\micke\Cookies\micke@sexnoveller[1].txt

C:\Documents and Settings\micke\Cookies\micke@ads.miarroba[1].txt

C:\Documents and Settings\micke\Cookies\micke@sexyads[2].txt

C:\Documents and Settings\micke\Cookies\micke@torget[2].txt

C:\Documents and Settings\micke\Cookies\micke@a-stat[1].txt

C:\Documents and Settings\micke\Cookies\micke@1070818065[1].txt

C:\Documents and Settings\micke\Cookies\micke@ads.media-baleares[2].txt

C:\Documents and Settings\micke\Cookies\micke@hitbox[2].txt

C:\Documents and Settings\micke\Cookies\micke@hit.stat[2].txt

C:\Documents and Settings\micke\Cookies\micke@ehg-warnerbrothers.hitbox[1].txt

C:\Documents and Settings\micke\Cookies\micke@screensavers[2].txt

C:\Documents and Settings\micke\Cookies\micke@postclicktracking[2].txt

C:\Documents and Settings\micke\Cookies\micke@23844616[1].txt

C:\Documents and Settings\micke\Cookies\micke@xiti[1].txt

C:\Documents and Settings\micke\Cookies\micke@www.realcounters[2].txt

C:\Documents and Settings\micke\Cookies\micke@www.antivermins[2].txt

C:\Documents and Settings\micke\Cookies\micke@drivecleaner[2].txt

C:\Documents and Settings\micke\Cookies\micke@malwarewiped[2].txt

C:\Documents and Settings\micke\Cookies\micke@fl01.ct2.comclick[1].txt

C:\Documents and Settings\micke\Cookies\micke@winantivirus[1].txt

C:\Documents and Settings\micke\Cookies\micke@ehg-citrixonline.hitbox[1].txt

C:\Documents and Settings\micke\Cookies\micke@1063605892[2].txt

C:\Documents and Settings\micke\Cookies\micke@http.edge.vru4[1].txt

C:\Documents and Settings\micke\Cookies\micke@winfixer[2].txt

C:\Documents and Settings\micke\Cookies\micke@tacoda[1].txt

C:\Documents and Settings\micke\Cookies\micke@mb[2].txt

C:\Documents and Settings\micke\Cookies\micke@20070108_e501[1].txt

C:\Documents and Settings\micke\Cookies\micke@ebookers[1].txt

C:\Documents and Settings\micke\Cookies\micke@www.comprabanner[1].txt

C:\Documents and Settings\micke\Cookies\micke@ads.us.e-planning[1].txt

C:\Documents and Settings\micke\Cookies\micke@mb[3].txt

C:\Documents and Settings\micke\Cookies\micke@www.pestcapture[1].txt

C:\Documents and Settings\micke\Cookies\micke@247realmedia[1].txt

C:\Documents and Settings\micke\Cookies\micke@as1.falkag[1].txt

C:\Documents and Settings\micke\Cookies\micke@iesafetywarning[1].txt

C:\Documents and Settings\micke\Cookies\micke@media.hotels[1].txt

C:\Documents and Settings\micke\Cookies\micke@ehg.hitbox[2].txt

C:\Documents and Settings\micke\Cookies\micke@revenue[2].txt

C:\Documents and Settings\micke\Cookies\micke@yadro[1].txt

C:\Documents and Settings\micke\Cookies\micke@cgi-bin[4].txt

C:\Documents and Settings\micke\Cookies\micke@overture[1].txt

C:\Documents and Settings\micke\Cookies\micke@adultfriendfinder[2].txt

C:\Documents and Settings\micke\Cookies\micke@ads.realtechnetwork[1].txt

C:\Documents and Settings\micke\Cookies\micke@1066680560[1].txt

C:\Documents and Settings\micke\Cookies\micke@tracking.notabenestats[1].txt

C:\Documents and Settings\micke\Cookies\micke@a[1].txt

C:\Documents and Settings\micke\Cookies\micke@c1[2].txt

C:\Documents and Settings\micke\Cookies\micke@1070426402[1].txt

C:\Documents and Settings\micke\Cookies\micke@1070173924[1].txt

C:\Documents and Settings\micke\Cookies\micke@hotelspecials[2].txt

C:\Documents and Settings\micke\Cookies\micke@indextools[1].txt

C:\Documents and Settings\micke\Cookies\micke@1070463794[1].txt

C:\Documents and Settings\micke\Cookies\micke@bluestreak[2].txt

C:\Documents and Settings\micke\Cookies\micke@apmebf[1].txt

C:\Documents and Settings\micke\Cookies\micke@1072246549[1].txt

C:\Documents and Settings\micke\Cookies\micke@statse.webtrendslive[1].txt

C:\Documents and Settings\micke\Cookies\micke@1069771471[1].txt

C:\Documents and Settings\micke\Cookies\micke@partygaming.122.2o7[1].txt

C:\Documents and Settings\micke\Cookies\micke@1071003793[1].txt

C:\Documents and Settings\micke\Cookies\micke@clicks.laterooms[2].txt

 

Adware.180solutions/ZangoSearch

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/SAIX.dll

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/SAIX.dll#.Owner

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/SAIX.dll#{DECEAAA2-370A-49BB-9362-68C3A58DDC62}

 

Trojan.Media-Codec

HKCR\VideoAXObject.Chl

HKCR\VideoAXObject.Chl\CLSID

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\System Alert Popup

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\System Alert Popup#DisplayName

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\System Alert Popup#UninstallString

 

Browser Hijacker.Favorites

C:\DOCUMENTS AND SETTINGS\MICKE\SKRIVBORD\GAMLA GENVäGAR\SECURITY TROUBLESHOOTING.URL

D:\GOOGLE DESKTOP DATA\78D7C8D2D4CD\LINKS\SECURITY HELP.URL

[/log]

 

[log]

Logfile of HijackThis v1.99.1

Scan saved at 00:12:12, on 2007-02-03

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\cisvc.exe

C:\WINDOWS\system32\inetsrv\inetinfo.exe

D:\norman\Bin\Zanda.exe

C:\WINDOWS\system32\wdfmgr.exe

D:\Program\VMware\VMware Workstation\vmware-authd.exe

C:\Program\Delade filer\VMware\VMware Virtual Image Editing\vmount2.exe

C:\WINDOWS\system32\vmnat.exe

C:\WINDOWS\system32\vmnetdhcp.exe

D:\norman\bin\NJEEVES.EXE

D:\norman\Nvc\BIN\nipsvc.exe

D:\norman\Nvc\BIN\NVCSCHED.EXE

D:\norman\Nvc\bin\nvcoas.exe

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\Explorer.EXE

C:\Program\DAEMON Tools\daemon.exe

C:\Program\Delade filer\Real\Update_OB\realsched.exe

C:\Program\Java\jre1.5.0_10\bin\jusched.exe

D:\norman\bin\ZLH.EXE

C:\WINDOWS\system32\ctfmon.exe

C:\Program\MSN Messenger\MsnMsgr.Exe

C:\Program\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

D:\Program\SUPERAntiSpyware\SUPERAntiSpyware.exe

C:\Program\TightVNC\WinVNC.exe

D:\norman\Nvc\BIN\NIP.EXE

D:\norman\Nvc\bin\cclaw.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\cidaemon.exe

C:\Program\Internet Explorer\iexplore.exe

C:\WINDOWS\system32\notepad.exe

C:\Program\Hijackthis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar

R3 - Default URLSearchHook is missing

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {259F616C-A300-44F5-B04A-ED001A26C85C} - (no file)

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program\Java\jre1.5.0_10\bin\ssv.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program\Delade filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program\google\googletoolbar3.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program\google\googletoolbar3.dll

O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program\DAEMON Tools\daemon.exe" -lang 1033

O4 - HKLM\..\Run: [TkBellExe] "C:\Program\Delade filer\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program\Java\jre1.5.0_10\bin\jusched.exe"

O4 - HKLM\..\Run: [Norman ZANDA] D:\norman\bin\ZLH.EXE /LOAD /SPLASH

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program\Delade filer\Ahead\Lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [Free Download Manager] C:\Program\Free Download Manager\fdm.exe -autorun

O4 - HKCU\..\Run: [bitTorrent] "C:\Program\BitTorrent\bittorrent.exe" --force_start_minimized

O4 - HKCU\..\Run: [swg] C:\Program\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [updateMgr] "C:\Program\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1

O4 - HKCU\..\Run: [sUPERAntiSpyware] D:\Program\SUPERAntiSpyware\SUPERAntiSpyware.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Microsoft Office.lnk = D:\Program\Microsoft Office\Office10\OSA.EXE

O4 - Global Startup: WinVNC.exe.lnk = C:\Program\TightVNC\WinVNC.exe

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZFxdm255YYSE

O8 - Extra context menu item: E&xportera till Microsoft Excel - res://D:\Program\MICROS~1\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_10\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_10\bin\ssv.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab

O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab

O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/ei/MyMailNotifierFWBInitialSetup1.0.0.15.cab

O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) - http://picasaweb.google.se/s/v/14.22/uploader2.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by110fd.bay110.hotmail.msn.com/resources/MsnPUpld.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1125844523923

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab

O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - http://support.f-secure.com/ols/fscax.cab

O16 - DPF: {A25BE7A9-3102-46B4-BAAE-462471B60ACB} (STConnectivityAgent Control) - https://remoteoffice.gehealthcare.com/sametime/javaconnect/InstallSTConnAgent.cab,DanaInfo=.acptsqjk0qwq.BpNvuQu76,CT=java+

O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program\MSNMES~1\MSGRAP~1.DLL

O20 - Winlogon Notify: !SASWinLogon - D:\Program\SUPERAntiSpyware\SASWINLO.dll

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Norman API-hooking helper (NipSvc) - Unknown owner - D:\norman\Nvc\BIN\nipsvc.exe

O23 - Service: Norman NJeeves - Unknown owner - D:\norman\bin\NJEEVES.EXE

O23 - Service: Norman ZANDA - Unknown owner - D:\norman\Bin\Zanda.exe

O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - D:\norman\Nvc\bin\nvcoas.exe

O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman Data Defense Systems - D:\norman\Nvc\BIN\NVCSCHED.EXE

O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - D:\Program\VMware\VMware Workstation\vmware-authd.exe

O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINDOWS\system32\vmnetdhcp.exe

O23 - Service: VMware Virtual Mount Manager Extended (vmount2) - VMware, Inc. - C:\Program\Delade filer\VMware\VMware Virtual Image Editing\vmount2.exe

O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINDOWS\system32\vmnat.exe

 

[/log]

 

Link to comment
Share on other sites

Eftersom 927 inte har dykt upp så kan jag försöka fortsätta hjälpa dig.

 

SUPERAntiSpyware fick bort en del i alla fall.

 

Vi putsar väl bort det som är kvar i HijackThis-loggen.

Skanna med HijackThis och bocka för:

 

R3 - Default URLSearchHook is missing

O2 - BHO: (no name) - {259F616C-A300-44F5-B04A-ED001A26C85C} - (no file)

O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZFxdm255YYSE

O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/ei/MyMailNoti

fierFWBInitialSetup1.0.0.15.cab

 

Om du inte själv har valt att skydda Internet-alternativ från förändringar så även denna rad:

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

 

Avsluta alla andra program.

Tryck Fix checked.

 

Starta om datorn och så en ny HijackThis-logg.

 

Link to comment
Share on other sites

  • 2 weeks later...

Hej, jag har precis råkat ut för samma problem som ovanstående personer.

Jag har dock problem med att föstå smithfraudfix-programmet.

 

men här är hijackthis-loggen

 

[log]Logfile of HijackThis v1.99.1

Scan saved at 02:35:58, on 2007-02-14

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Program\Video ActiveX Object\isamntr.exe

C:\Program\CyberLink\PowerDVD\PDVDServ.exe

C:\WINDOWS\tsnp2std.exe

C:\WINDOWS\vsnp2std.exe

C:\Program\Java\jre1.5.0_10\bin\jusched.exe

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIABE.EXE

C:\Program\Video ActiveX Object\pmmnt.exe

C:\Program\iTunes\iTunesHelper.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program\Video ActiveX Object\isamini.exe

C:\WINDOWS\system32\svchost.exe

C:\Program\iPod\bin\iPodService.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Program\Mozilla Firefox\firefox.exe

C:\Program\Hijackthis\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: (no name) - {67982BB7-0F95-44C5-92DC-E3AF3DC19D6D} - C:\Program\Video ActiveX Object\isadd.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program\Java\jre1.5.0_10\bin\ssv.dll

O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll

O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll

O4 - HKLM\..\Run: [sANSUNMouse ] C:\Program\Mouse Driver\mouse_2k.exe

O4 - HKLM\..\Run: [RemoteControl] C:\Program\CyberLink\PowerDVD\PDVDServ.exe

O4 - HKLM\..\Run: [tsnp2std] C:\WINDOWS\tsnp2std.exe

O4 - HKLM\..\Run: [snp2std] C:\WINDOWS\vsnp2std.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program\Java\jre1.5.0_10\bin\jusched.exe"

O4 - HKLM\..\Run: [EPSON Stylus D88 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIABE.EXE /P23 "EPSON Stylus D88 Series" /O6 "USB001" /M "Stylus D88"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime Alternative\qttask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program\iTunes\iTunesHelper.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Program\MSN Messenger\msnmsgr.exe" /background

O4 - Global Startup: Microsoft Office.lnk = C:\Program\Microsoft Office\Office10\OSA.EXE

O4 - Global Startup: Personal.lnk = C:\Program\Personal\bin\Personal.exe

O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_10\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_10\bin\ssv.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase9602.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1164581876077

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program\MSNMES~1\MSGRAP~1.DLL

O21 - SSODL: eitheror - {2016a466-91a2-43c6-97d8-2fd380f065ef} - C:\WINDOWS\system32\higehsg.dll

O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program\iPod\bin\iPodService.exe

[/log]

 

Link to comment
Share on other sites

Det är bäst med en infekterad dator per tråd för det blir lätt rörigt annars, men men...

 

Ladda ner programmet SmitfraudFix (by S!Ri) till Skrivbordet:

http://siri.urz.free.fr/Fix/SmitfraudFix.zip

Högerklicka och extrahera allt innehåll till Skrivbordet. En mapp SmitfraudFix kommer att skapas.

 

Öppna SmitfraudFix-mappen och dubbelklicka på smitfraudfix.cmd.

Välj alternativ #1 - Search genom att trycka på 1 och Enter.

Programmet kommer att skanna igenom datorn.

När den är klart visas resultatet och programmet har skapat loggfilen C:\rapport.txt.

 

Klistra in innehållet i loggfilen i ditt svar här. När du har klistrat in loggen är det viktigt att du markerar (målar) loggen och sedan trycker på LOG-knappen som finns på samma rad som :thumbsdown::thumbsup: i Besvara-fönstret.

 

Gör inget annat med SmitfraudFix-mappen eller smitfraudfix.cmd.

 

Installera ett gratis antivirusprogram: http://www.free-av.com/

Uppdatera programmet och sök igenom datorn och låt programmet åtgärda det den hittar.

 

Link to comment
Share on other sites

Hej, tack för det snabba svaret. ber om ursäkt för att jag postade frågan på fel tråd. Här är smithfraudfix iaf...men jag har lite problem med antivirusporgrammet, ska försöka igen, men ta gärna en titt på loggen

 

 

[log]SmitFraudFix v2.142

 

Scan done at 12:50:54,98, 2007-02-14

Run from C:\Documents and Settings\Thomas\Skrivbord\SmitfraudFix

OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT

The filesystem type is NTFS

Fix run in normal mode

 

»»»»»»»»»»»»»»»»»»»»»»»» hosts

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Thomas

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Thomas\Application Data

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Start Menu

 

C:\DOCUME~1\ALLUSE~1\START-~1\Online Security Guide.url FOUND !

C:\DOCUME~1\ALLUSE~1\START-~1\Security Troubleshooting.url FOUND !

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Thomas\FAVORI~1

 

C:\DOCUME~1\Thomas\FAVORI~1\Online Security Test.url FOUND !

 

»»»»»»»»»»»»»»»»»»»»»»»» Desktop

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\Program

 

C:\Program\SpyDawn\ FOUND !

 

»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]

"Source"="About:Home"

"SubscribedURL"="About:Home"

"FriendlyName"="Min aktuella startsida"

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler

!!!Attention, following keys are not inevitably infected!!!

 

SrchSTS.exe by S!Ri

Search SharedTaskScheduler's .dll

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]

"{2016a466-91a2-43c6-97d8-2fd380f065ef}"="eitheror"

 

[HKEY_CLASSES_ROOT\CLSID\{2016a466-91a2-43c6-97d8-2fd380f065ef}\InProcServer32]

@="C:\WINDOWS\system32\higehsg.dll"

 

[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{2016a466-91a2-43c6-97d8-2fd380f065ef}\InProcServer32]

@="C:\WINDOWS\system32\higehsg.dll"

 

 

 

»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs

!!!Attention, following keys are not inevitably infected!!!

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"AppInit_DLLs"=""

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System

!!!Attention, following keys are not inevitably infected!!!

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]

"System"=""

 

 

»»»»»»»»»»»»»»»»»»»»»»»» pe386-msguard-lzx32-huy32

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection

 

 

»»»»»»»»»»»»»»»»»»»»»»»» End[/log]

 

 

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.



×
×
  • Create New...