Hjälp mej med min Hijackthis Logg!

[Mouna]

Hej, jag har oxå det för jävligt pga Errorsafe! Här är min logg från Hijackthis:

 

 

[log]Logfile of HijackThis v1.99.1

Scan saved at 16:05:46, on 2007-01-14

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

D:\WINDOWS\System32\smss.exe

D:\WINDOWS\system32\winlogon.exe

D:\WINDOWS\system32\services.exe

D:\WINDOWS\system32\lsass.exe

D:\WINDOWS\system32\svchost.exe

D:\WINDOWS\System32\svchost.exe

D:\Program\Delade filer\Symantec Shared\ccSetMgr.exe

D:\Program\Delade filer\Symantec Shared\SNDSrvc.exe

D:\Program\Delade filer\Symantec Shared\SPBBC\SPBBCSvc.exe

D:\Program\Delade filer\Symantec Shared\ccEvtMgr.exe

D:\WINDOWS\system32\spoolsv.exe

D:\WINDOWS\Explorer.EXE

D:\Program\Symantec\LiveUpdate\ALUSchedulerSvc.exe

D:\Program\Delade filer\Microsoft Shared\VS7DEBUG\MDM.EXE

D:\Program\Norton AntiVirus\navapsvc.exe

D:\Program\Norton AntiVirus\IWP\NPFMntor.exe

D:\Program\Delade filer\Symantec Shared\ccApp.exe

D:\WINDOWS\htpatch.exe

D:\WINDOWS\system32\ctfmon.exe

D:\WINDOWS\system32\sistray.exe

D:\WINDOWS\system32\svchost.exe

D:\Program\Delade filer\Symantec Shared\CCPD-LC\symlcsvc.exe

D:\WINDOWS\system32\WgaTray.exe

D:\WINDOWS\System32\svchost.exe

D:\Program\Adobe\Acrobat 7.0\Reader\AcroRd32.exe

D:\WINDOWS\system32\svchost.exe

D:\Program\Hijackthis\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.se/0SESVSE/SAOS01?FORM=TOOLBR'>http://g.msn.se/0SESVSE/SAOS01?FORM=TOOLBR

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.se/0SESVSE/SAOS01?FORM=TOOLBR

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - D:\Program\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - D:\Program\Windows Live Toolbar\msntb.dll

O4 - HKLM\..\Run: [ccApp] "D:\Program\Delade filer\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [symantec NetDriver Monitor] D:\Program\SYMNET~1\SNDMon.exe /Consumer

O4 - HKLM\..\Run: [NeroFilterCheck] D:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [HTpatch] D:\WINDOWS\htpatch.exe

O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe

O4 - Global Startup: Utility Tray.lnk = D:\WINDOWS\system32\sistray.exe

O8 - Extra context menu item: &Windows Live Search - res://D:\Program\Windows Live Toolbar\msntb.dll/search.htm

O8 - Extra context menu item: E&xportera till Microsoft Excel - res://D:\Program\MICROS~2\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Öppna på ny flik i bakgrunden - res://D:\Program\Windows Live Toolbar\Components\sv-se\msntabres.dll.mui/229?34d64988da154586b7083c284eb16148

O8 - Extra context menu item: Öppna på ny flik i förgrunden - res://D:\Program\Windows Live Toolbar\Components\sv-se\msntabres.dll.mui/230?34d64988da154586b7083c284eb16148

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program\Java\jre1.5.0_10\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program\Java\jre1.5.0_10\bin\ssv.dll

O9 - Extra button: Referensinformation - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\Program\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program\Messenger\msmsgs.exe

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by121fd.bay121.hotmail.msn.com/resources/MsnPUpld.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1149194107489

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1149196649093

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - D:\Program\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - D:\Program\MSNMES~1\MSGRAP~1.DLL

O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - D:\Program\Symantec\LiveUpdate\ALUSchedulerSvc.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - D:\Program\Delade filer\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - D:\Program\Delade filer\Symantec Shared\ccPwdSvc.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - D:\Program\Delade filer\Symantec Shared\ccSetMgr.exe

O23 - Service: COM+ Messages - Unknown owner - -e,mc-110-12-0000272, (file missing)

O23 - Service: LiveUpdate - Symantec Corporation - D:\Program\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - D:\Program\Norton AntiVirus\navapsvc.exe

O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - D:\Program\Norton AntiVirus\IWP\NPFMntor.exe

O23 - Service: SAVScan - Symantec Corporation - D:\Program\Norton AntiVirus\SAVScan.exe

O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - D:\Program\DELADE~1\SYMANT~1\SCRIPT~1\SBServ.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - D:\Program\Delade filer\Symantec Shared\SNDSrvc.exe

O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - D:\Program\Delade filer\Symantec Shared\SPBBC\SPBBCSvc.exe

O23 - Service: Symantec Core LC - Symantec Corporation - D:\Program\Delade filer\Symantec Shared\CCPD-LC\symlcsvc.exe

[/log]

 

 

[Cecilia]

Kontrollpanelen - Administrationsverktyg - Tjänster

Leta upp COM+ Messages i listan, dubbelklicka och välj Startmetod Inaktiverad

 

Gå till mappen C:\Program\Hijackthis med Utforskaren eller Den här datorn och byt namn på programmet HijackThis.exe till något annat, t ex rensning.exe, skapa sedan en ny logg som klistras in här, så ska vi se om inte lite fler filer dyker upp.

 

 

[Mouna]

hejj!

 

Här är den nya loggen:

 

 

[log]Logfile of HijackThis v1.99.1

Scan saved at 12:49:57, on 2007-01-15

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

D:\WINDOWS\System32\smss.exe

D:\WINDOWS\system32\winlogon.exe

D:\WINDOWS\system32\services.exe

D:\WINDOWS\system32\lsass.exe

D:\WINDOWS\system32\svchost.exe

D:\WINDOWS\System32\svchost.exe

D:\Program\Delade filer\Symantec Shared\ccSetMgr.exe

D:\Program\Delade filer\Symantec Shared\SNDSrvc.exe

D:\Program\Delade filer\Symantec Shared\SPBBC\SPBBCSvc.exe

D:\Program\Delade filer\Symantec Shared\ccEvtMgr.exe

D:\WINDOWS\system32\spoolsv.exe

D:\Program\Symantec\LiveUpdate\ALUSchedulerSvc.exe

D:\Program\Delade filer\Microsoft Shared\VS7DEBUG\MDM.EXE

D:\Program\Norton AntiVirus\navapsvc.exe

D:\Program\Norton AntiVirus\IWP\NPFMntor.exe

D:\WINDOWS\system32\svchost.exe

D:\Program\Delade filer\Symantec Shared\CCPD-LC\symlcsvc.exe

D:\WINDOWS\system32\WgaTray.exe

D:\WINDOWS\Explorer.EXE

D:\Program\Delade filer\Symantec Shared\ccApp.exe

D:\WINDOWS\htpatch.exe

D:\WINDOWS\system32\ctfmon.exe

D:\WINDOWS\system32\sistray.exe

D:\WINDOWS\System32\svchost.exe

D:\Program\Mozilla Firefox\firefox.exe

D:\WINDOWS\system32\wuauclt.exe

D:\Program\Messenger\msmsgs.exe

D:\Program\Hijackthis\rensning.exe.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.se/0SESVSE/SAOS01?FORM=TOOLBR'>http://g.msn.se/0SESVSE/SAOS01?FORM=TOOLBR

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.se/0SESVSE/SAOS01?FORM=TOOLBR

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar

O2 - BHO: (no name) - {02A6A25F-B3D7-4A9C-98C0-CD551967E7DF} - D:\WINDOWS\system32\awtqo.dll

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {2771D8F7-933D-4D4E-B79F-DEF857511A82} - D:\WINDOWS\system32\iifcday.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program\Java\jre1.5.0_10\bin\ssv.dll

O2 - BHO: (no name) - {7DA39570-5FD2-4f18-94B4-20730CB3F727} - D:\WINDOWS\system32\sgqlgyes.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - D:\Program\Delade filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - D:\Program\Windows Live Toolbar\msntb.dll

O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - D:\Program\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - D:\Program\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - D:\Program\Windows Live Toolbar\msntb.dll

O4 - HKLM\..\Run: [ccApp] "D:\Program\Delade filer\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [symantec NetDriver Monitor] D:\Program\SYMNET~1\SNDMon.exe /Consumer

O4 - HKLM\..\Run: [NeroFilterCheck] D:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [HTpatch] D:\WINDOWS\htpatch.exe

O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe

O4 - Global Startup: Utility Tray.lnk = D:\WINDOWS\system32\sistray.exe

O8 - Extra context menu item: &Windows Live Search - res://D:\Program\Windows Live Toolbar\msntb.dll/search.htm

O8 - Extra context menu item: E&xportera till Microsoft Excel - res://D:\Program\MICROS~2\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Öppna på ny flik i bakgrunden - res://D:\Program\Windows Live Toolbar\Components\sv-se\msntabres.dll.mui/229?34d64988da154586b7083c284eb16148

O8 - Extra context menu item: Öppna på ny flik i förgrunden - res://D:\Program\Windows Live Toolbar\Components\sv-se\msntabres.dll.mui/230?34d64988da154586b7083c284eb16148

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program\Java\jre1.5.0_10\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program\Java\jre1.5.0_10\bin\ssv.dll

O9 - Extra button: Referensinformation - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\Program\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program\Messenger\msmsgs.exe

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by121fd.bay121.hotmail.msn.com/resources/MsnPUpld.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1149194107489

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1149196649093

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - D:\Program\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - D:\Program\MSNMES~1\MSGRAP~1.DLL

O20 - Winlogon Notify: awtqo - D:\WINDOWS\system32\awtqo.dll

O20 - Winlogon Notify: iifcday - D:\WINDOWS\SYSTEM32\iifcday.dll

O20 - Winlogon Notify: WgaLogon - D:\WINDOWS\SYSTEM32\WgaLogon.dll

O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - D:\Program\Symantec\LiveUpdate\ALUSchedulerSvc.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - D:\Program\Delade filer\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - D:\Program\Delade filer\Symantec Shared\ccPwdSvc.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - D:\Program\Delade filer\Symantec Shared\ccSetMgr.exe

O23 - Service: LiveUpdate - Symantec Corporation - D:\Program\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - D:\Program\Norton AntiVirus\navapsvc.exe

O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - D:\Program\Norton AntiVirus\IWP\NPFMntor.exe

O23 - Service: SAVScan - Symantec Corporation - D:\Program\Norton AntiVirus\SAVScan.exe

O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - D:\Program\DELADE~1\SYMANT~1\SCRIPT~1\SBServ.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - D:\Program\Delade filer\Symantec Shared\SNDSrvc.exe

O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - D:\Program\Delade filer\Symantec Shared\SPBBC\SPBBCSvc.exe

O23 - Service: Symantec Core LC - Symantec Corporation - D:\Program\Delade filer\Symantec Shared\CCPD-LC\symlcsvc.exe

[/log]

 

 

[Cecilia]

Ladda ner Vundofix:

http://www.atribune.org/ccount/click.php?id=4

 

Starta om datorn i felsäkert läge (tryck F8 upprepade gånger under uppstarten och välj felsäkert läge i menyn).

 

Dubbelklicka på VundoFix.exe för att starta programmet.

När den startar igen så tryck på Scan for Vundo.

När skanningen är klar så tryck på Remove Vundo.

Svara Ja/Yes på frågan om du vill ta bort filerna.

Därefter kommer Skrivbordet att försvinna medan filerna tas bort.

När det är klart så kommer det en fråga om att din dator kommer att stängas av, tryck på OK.

Sätt igång datorn igen i normalt läge.

 

Om det är så att VundoFix inte kunde ta bort någon fil vid första försöket så kommer VundoFix att starta igen när datorn startas, följ i så fall beskrivningen en gång till.

 

Klistra in C:\vundofix.txt och en ny HijackThis-logg i ditt svar.

 

[Mouna]

Vundo fix log:

 

 

 

VundoFix V6.3.2

 

Checking Java version...

 

Sun Java not detected

Scan started at 13:41:27 2007-01-15

 

Listing files found while scanning....

 

D:\WINDOWS\system32\awtqo.dll

D:\WINDOWS\system32\cbxwvtr.dll

D:\WINDOWS\system32\ddcayvv.dll

D:\WINDOWS\system32\efcabca.dll

D:\WINDOWS\system32\iifcday.dll

D:\WINDOWS\system32\ilhsucnx.dll

D:\WINDOWS\system32\oqtwa.bak1

D:\WINDOWS\system32\oqtwa.bak2

D:\WINDOWS\system32\oqtwa.ini

D:\WINDOWS\system32\oqtwa.ini2

D:\WINDOWS\system32\oqtwa.tmp

D:\WINDOWS\system32\qommnlk.dll

D:\WINDOWS\system32\sgqlgyes.dll

D:\WINDOWS\system32\siltlskh.dll

D:\WINDOWS\system32\winzwr32.dll

D:\WINDOWS\system32\wivybxqp.dll

D:\WINDOWS\system32\wvusqom.dll

D:\WINDOWS\system32\xncushli.ini

 

Beginning removal...

 

Attempting to delete D:\WINDOWS\system32\awtqo.dll

D:\WINDOWS\system32\awtqo.dll Could not be deleted.

 

Attempting to delete D:\WINDOWS\system32\cbxwvtr.dll

D:\WINDOWS\system32\cbxwvtr.dll Has been deleted!

 

Attempting to delete D:\WINDOWS\system32\ddcayvv.dll

D:\WINDOWS\system32\ddcayvv.dll Has been deleted!

 

Attempting to delete D:\WINDOWS\system32\efcabca.dll

D:\WINDOWS\system32\efcabca.dll Has been deleted!

 

Attempting to delete D:\WINDOWS\system32\iifcday.dll

D:\WINDOWS\system32\iifcday.dll Could not be deleted.

 

Attempting to delete D:\WINDOWS\system32\ilhsucnx.dll

D:\WINDOWS\system32\ilhsucnx.dll Has been deleted!

 

Attempting to delete D:\WINDOWS\system32\oqtwa.bak1

D:\WINDOWS\system32\oqtwa.bak1 Has been deleted!

 

Attempting to delete D:\WINDOWS\system32\oqtwa.bak2

D:\WINDOWS\system32\oqtwa.bak2 Has been deleted!

 

Attempting to delete D:\WINDOWS\system32\oqtwa.ini

D:\WINDOWS\system32\oqtwa.ini Has been deleted!

 

Attempting to delete D:\WINDOWS\system32\oqtwa.ini2

D:\WINDOWS\system32\oqtwa.ini2 Has been deleted!

 

Attempting to delete D:\WINDOWS\system32\oqtwa.tmp

D:\WINDOWS\system32\oqtwa.tmp Has been deleted!

 

Attempting to delete D:\WINDOWS\system32\qommnlk.dll

D:\WINDOWS\system32\qommnlk.dll Has been deleted!

 

Attempting to delete D:\WINDOWS\system32\sgqlgyes.dll

D:\WINDOWS\system32\sgqlgyes.dll Has been deleted!

 

Attempting to delete D:\WINDOWS\system32\siltlskh.dll

D:\WINDOWS\system32\siltlskh.dll Has been deleted!

 

Attempting to delete D:\WINDOWS\system32\winzwr32.dll

D:\WINDOWS\system32\winzwr32.dll Has been deleted!

 

Attempting to delete D:\WINDOWS\system32\wivybxqp.dll

D:\WINDOWS\system32\wivybxqp.dll Has been deleted!

 

Attempting to delete D:\WINDOWS\system32\wvusqom.dll

D:\WINDOWS\system32\wvusqom.dll Has been deleted!

 

Attempting to delete D:\WINDOWS\system32\xncushli.ini

D:\WINDOWS\system32\xncushli.ini Has been deleted!

 

Performing Repairs to the registry.

Done!

 

Beginning removal...

 

Attempting to delete D:\WINDOWS\system32\awtqo.dll

D:\WINDOWS\system32\awtqo.dll Could not be deleted.

 

Attempting to delete D:\WINDOWS\system32\iifcday.dll

D:\WINDOWS\system32\iifcday.dll Could not be deleted.

 

Attempting to delete D:\WINDOWS\system32\oqtwa.ini

D:\WINDOWS\system32\oqtwa.ini Has been deleted!

 

Performing Repairs to the registry.

Done!

 

Beginning removal...

 

 

Hijackthis log

 

[log]Logfile of HijackThis v1.99.1

Scan saved at 14:05:54, on 2007-01-15

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

D:\WINDOWS\System32\smss.exe

D:\WINDOWS\system32\csrss.exe

D:\WINDOWS\system32\winlogon.exe

D:\WINDOWS\system32\services.exe

D:\WINDOWS\system32\lsass.exe

D:\WINDOWS\system32\svchost.exe

D:\WINDOWS\system32\svchost.exe

D:\WINDOWS\System32\svchost.exe

D:\WINDOWS\system32\svchost.exe

D:\WINDOWS\system32\svchost.exe

D:\Program\Delade filer\Symantec Shared\ccSetMgr.exe

D:\Program\Delade filer\Symantec Shared\SNDSrvc.exe

D:\Program\Delade filer\Symantec Shared\SPBBC\SPBBCSvc.exe

D:\Program\Delade filer\Symantec Shared\ccEvtMgr.exe

D:\WINDOWS\system32\spoolsv.exe

D:\WINDOWS\Explorer.EXE

D:\Program\Symantec\LiveUpdate\ALUSchedulerSvc.exe

D:\Program\Delade filer\Microsoft Shared\VS7DEBUG\MDM.EXE

D:\Program\Norton AntiVirus\navapsvc.exe

D:\Program\Norton AntiVirus\IWP\NPFMntor.exe

D:\WINDOWS\system32\svchost.exe

D:\Program\Delade filer\Symantec Shared\CCPD-LC\symlcsvc.exe

D:\WINDOWS\system32\wdfmgr.exe

D:\WINDOWS\System32\alg.exe

D:\WINDOWS\system32\WgaTray.exe

D:\WINDOWS\system32\wuauclt.exe

D:\Program\Delade filer\Symantec Shared\ccApp.exe

D:\WINDOWS\htpatch.exe

D:\WINDOWS\system32\ctfmon.exe

D:\WINDOWS\system32\sistray.exe

D:\WINDOWS\System32\svchost.exe

D:\WINDOWS\system32\NOTEPAD.EXE

D:\Program\MSN Messenger\msnmsgr.exe

D:\WINDOWS\system32\svchost.exe

D:\Program\Internet Explorer\iexplore.exe

D:\Program\Messenger\msmsgs.exe

D:\Program\Hijackthis\rensning.exe.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.se/0SESVSE/SAOS01?FORM=TOOLBR'>http://g.msn.se/0SESVSE/SAOS01?FORM=TOOLBR

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.se/0SESVSE/SAOS01?FORM=TOOLBR

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {2771D8F7-933D-4D4E-B79F-DEF857511A82} - D:\WINDOWS\system32\iifcday.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program\Java\jre1.5.0_10\bin\ssv.dll

O2 - BHO: (no name) - {7DA39570-5FD2-4f18-94B4-20730CB3F727} - D:\WINDOWS\system32\sgqlgyes.dll (file missing)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - D:\Program\Delade filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - D:\Program\Windows Live Toolbar\msntb.dll

O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - D:\Program\Norton AntiVirus\NavShExt.dll

O2 - BHO: (no name) - {ED0CA5B2-5537-42FE-9307-0151E509CC7F} - D:\WINDOWS\system32\awtqo.dll

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - D:\Program\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - D:\Program\Windows Live Toolbar\msntb.dll

O4 - HKLM\..\Run: [ccApp] "D:\Program\Delade filer\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [symantec NetDriver Monitor] D:\Program\SYMNET~1\SNDMon.exe /Consumer

O4 - HKLM\..\Run: [NeroFilterCheck] D:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [HTpatch] D:\WINDOWS\htpatch.exe

O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe

O4 - Global Startup: Utility Tray.lnk = D:\WINDOWS\system32\sistray.exe

O8 - Extra context menu item: &Windows Live Search - res://D:\Program\Windows Live Toolbar\msntb.dll/search.htm

O8 - Extra context menu item: E&xportera till Microsoft Excel - res://D:\Program\MICROS~2\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Öppna på ny flik i bakgrunden - res://D:\Program\Windows Live Toolbar\Components\sv-se\msntabres.dll.mui/229?34d64988da154586b7083c284eb16148

O8 - Extra context menu item: Öppna på ny flik i förgrunden - res://D:\Program\Windows Live Toolbar\Components\sv-se\msntabres.dll.mui/230?34d64988da154586b7083c284eb16148

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program\Java\jre1.5.0_10\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program\Java\jre1.5.0_10\bin\ssv.dll

O9 - Extra button: Referensinformation - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\Program\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program\Messenger\msmsgs.exe

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by121fd.bay121.hotmail.msn.com/resources/MsnPUpld.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1149194107489

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1149196649093

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - D:\Program\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - D:\Program\MSNMES~1\MSGRAP~1.DLL

O20 - Winlogon Notify: awtqo - D:\WINDOWS\system32\awtqo.dll

O20 - Winlogon Notify: WgaLogon - D:\WINDOWS\SYSTEM32\WgaLogon.dll

O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - D:\Program\Symantec\LiveUpdate\ALUSchedulerSvc.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - D:\Program\Delade filer\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - D:\Program\Delade filer\Symantec Shared\ccPwdSvc.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - D:\Program\Delade filer\Symantec Shared\ccSetMgr.exe

O23 - Service: LiveUpdate - Symantec Corporation - D:\Program\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - D:\Program\Norton AntiVirus\navapsvc.exe

O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - D:\Program\Norton AntiVirus\IWP\NPFMntor.exe

O23 - Service: SAVScan - Symantec Corporation - D:\Program\Norton AntiVirus\SAVScan.exe

O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - D:\Program\DELADE~1\SYMANT~1\SCRIPT~1\SBServ.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - D:\Program\Delade filer\Symantec Shared\SNDSrvc.exe

O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - D:\Program\Delade filer\Symantec Shared\SPBBC\SPBBCSvc.exe

O23 - Service: Symantec Core LC - Symantec Corporation - D:\Program\Delade filer\Symantec Shared\CCPD-LC\symlcsvc.exe

[/log]

 

 

 

 

[Cecilia]

I fortsättningen när du har klistrat in en logg så markera (måla) den och tryck sedan på LOG-knappen som finns på samma rad som , så krymps den på samma sätt som HijackThis-loggar och folks slipper skrolla så mycket.

 

Ladda ner Avenger på Skrivbordet och packa upp filen där:

http://swandog46.geekstogo.com/avenger.zip

Kopiera in följande i Anteckningar, inklusive rubriken Files to delete:

 

Files to delete:

D:\WINDOWS\system32\awtqo.dll

D:\WINDOWS\system32\cbxwvtr.dll

D:\WINDOWS\system32\ddcayvv.dll

D:\WINDOWS\system32\efcabca.dll

D:\WINDOWS\system32\iifcday.dll

D:\WINDOWS\system32\ilhsucnx.dll

D:\WINDOWS\system32\oqtwa.bak1

D:\WINDOWS\system32\oqtwa.bak2

D:\WINDOWS\system32\oqtwa.ini

D:\WINDOWS\system32\oqtwa.ini2

D:\WINDOWS\system32\oqtwa.tmp

D:\WINDOWS\system32\qommnlk.dll

D:\WINDOWS\system32\sgqlgyes.dll

D:\WINDOWS\system32\siltlskh.dll

D:\WINDOWS\system32\winzwr32.dll

D:\WINDOWS\system32\wivybxqp.dll

D:\WINDOWS\system32\wvusqom.dll

D:\WINDOWS\system32\xncushli.ini

 

Starta Avenger

Bocka i "Input Script Manually"

Klicka på förstoringsglaset och i "View/edit script" så klistrar du in texten som finns i Anteckningar.

Klicka på Done

Klicka på det gröna ljuset och svara Ja på frågorna.

Datorn startar nu om.

Ett DOS-fönster ska komma fram och sedan ska loggen komma upp.

Klistra in den här liksom en ny HijackThis-logg.

 

[Mouna]

[log]Logfile of HijackThis v1.99.1

Scan saved at 15:57:35, on 2007-01-15

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

D:\WINDOWS\System32\smss.exe

D:\WINDOWS\system32\winlogon.exe

D:\WINDOWS\system32\services.exe

D:\WINDOWS\system32\lsass.exe

D:\WINDOWS\system32\svchost.exe

D:\WINDOWS\System32\svchost.exe

D:\Program\Delade filer\Symantec Shared\ccSetMgr.exe

D:\Program\Delade filer\Symantec Shared\SNDSrvc.exe

D:\Program\Delade filer\Symantec Shared\SPBBC\SPBBCSvc.exe

D:\Program\Delade filer\Symantec Shared\ccEvtMgr.exe

D:\WINDOWS\system32\spoolsv.exe

D:\Program\Symantec\LiveUpdate\ALUSchedulerSvc.exe

D:\Program\Delade filer\Microsoft Shared\VS7DEBUG\MDM.EXE

D:\Program\Norton AntiVirus\navapsvc.exe

D:\Program\Norton AntiVirus\IWP\NPFMntor.exe

D:\WINDOWS\Explorer.EXE

D:\WINDOWS\system32\svchost.exe

D:\Program\Delade filer\Symantec Shared\CCPD-LC\symlcsvc.exe

D:\Program\Delade filer\Symantec Shared\ccApp.exe

D:\WINDOWS\htpatch.exe

D:\WINDOWS\system32\ctfmon.exe

D:\WINDOWS\system32\WgaTray.exe

D:\WINDOWS\system32\notepad.exe

D:\WINDOWS\system32\sistray.exe

D:\WINDOWS\System32\svchost.exe

D:\Program\MSN Messenger\msnmsgr.exe

D:\WINDOWS\system32\wuauclt.exe

D:\Program\Mozilla Firefox\firefox.exe

D:\Program\Messenger\msmsgs.exe

D:\Program\Hijackthis\rensning.exe.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.se/0SESVSE/SAOS01?FORM=TOOLBR'>http://g.msn.se/0SESVSE/SAOS01?FORM=TOOLBR

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.se/0SESVSE/SAOS01?FORM=TOOLBR

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {2771D8F7-933D-4D4E-B79F-DEF857511A82} - D:\WINDOWS\system32\iifcday.dll (file missing)

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program\Java\jre1.5.0_10\bin\ssv.dll

O2 - BHO: (no name) - {7DA39570-5FD2-4f18-94B4-20730CB3F727} - D:\WINDOWS\system32\sgqlgyes.dll (file missing)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - D:\Program\Delade filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - D:\Program\Windows Live Toolbar\msntb.dll

O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - D:\Program\Norton AntiVirus\NavShExt.dll

O2 - BHO: (no name) - {ED0CA5B2-5537-42FE-9307-0151E509CC7F} - D:\WINDOWS\system32\awtqo.dll (file missing)

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - D:\Program\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - D:\Program\Windows Live Toolbar\msntb.dll

O4 - HKLM\..\Run: [ccApp] "D:\Program\Delade filer\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [symantec NetDriver Monitor] D:\Program\SYMNET~1\SNDMon.exe /Consumer

O4 - HKLM\..\Run: [NeroFilterCheck] D:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [HTpatch] D:\WINDOWS\htpatch.exe

O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe

O4 - Global Startup: Utility Tray.lnk = D:\WINDOWS\system32\sistray.exe

O8 - Extra context menu item: &Windows Live Search - res://D:\Program\Windows Live Toolbar\msntb.dll/search.htm

O8 - Extra context menu item: E&xportera till Microsoft Excel - res://D:\Program\MICROS~2\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Öppna på ny flik i bakgrunden - res://D:\Program\Windows Live Toolbar\Components\sv-se\msntabres.dll.mui/229?34d64988da154586b7083c284eb16148

O8 - Extra context menu item: Öppna på ny flik i förgrunden - res://D:\Program\Windows Live Toolbar\Components\sv-se\msntabres.dll.mui/230?34d64988da154586b7083c284eb16148

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program\Java\jre1.5.0_10\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program\Java\jre1.5.0_10\bin\ssv.dll

O9 - Extra button: Referensinformation - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\Program\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program\Messenger\msmsgs.exe

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by121fd.bay121.hotmail.msn.com/resources/MsnPUpld.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1149194107489

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1149196649093

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - D:\Program\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - D:\Program\MSNMES~1\MSGRAP~1.DLL

O20 - Winlogon Notify: awtqo - D:\WINDOWS\system32\awtqo.dll (file missing)

O20 - Winlogon Notify: WgaLogon - D:\WINDOWS\SYSTEM32\WgaLogon.dll

O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - D:\Program\Symantec\LiveUpdate\ALUSchedulerSvc.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - D:\Program\Delade filer\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - D:\Program\Delade filer\Symantec Shared\ccPwdSvc.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - D:\Program\Delade filer\Symantec Shared\ccSetMgr.exe

O23 - Service: LiveUpdate - Symantec Corporation - D:\Program\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - D:\Program\Norton AntiVirus\navapsvc.exe

O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - D:\Program\Norton AntiVirus\IWP\NPFMntor.exe

O23 - Service: SAVScan - Symantec Corporation - D:\Program\Norton AntiVirus\SAVScan.exe

O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - D:\Program\DELADE~1\SYMANT~1\SCRIPT~1\SBServ.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - D:\Program\Delade filer\Symantec Shared\SNDSrvc.exe

O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - D:\Program\Delade filer\Symantec Shared\SPBBC\SPBBCSvc.exe

O23 - Service: Symantec Core LC - Symantec Corporation - D:\Program\Delade filer\Symantec Shared\CCPD-LC\symlcsvc.exe

 

 

Logfile of The Avenger version 1, by Swandog46

Running from registry key:

\Registry\Machine\System\CurrentControlSet\Services\igpwfgrg

 

*******************

 

Script file located at: \??\D:\qxyqrelq.txt

Script file opened successfully.

 

Script file read successfully

 

Backups directory opened successfully at D:\Avenger

 

*******************

 

Beginning to process script file:

 

File D:\WINDOWS\system32\awtqo.dll deleted successfully.

 

 

File D:\WINDOWS\system32\cbxwvtr.dll not found!

Deletion of file D:\WINDOWS\system32\cbxwvtr.dll failed!

 

Could not process line:

D:\WINDOWS\system32\cbxwvtr.dll

Status: 0xc0000034

 

 

 

File D:\WINDOWS\system32\ddcayvv.dll not found!

Deletion of file D:\WINDOWS\system32\ddcayvv.dll failed!

 

Could not process line:

D:\WINDOWS\system32\ddcayvv.dll

Status: 0xc0000034

 

 

 

File D:\WINDOWS\system32\efcabca.dll not found!

Deletion of file D:\WINDOWS\system32\efcabca.dll failed!

 

Could not process line:

D:\WINDOWS\system32\efcabca.dll

Status: 0xc0000034

 

File D:\WINDOWS\system32\iifcday.dll deleted successfully.

 

 

File D:\WINDOWS\system32\ilhsucnx.dll not found!

Deletion of file D:\WINDOWS\system32\ilhsucnx.dll failed!

 

Could not process line:

D:\WINDOWS\system32\ilhsucnx.dll

Status: 0xc0000034

 

File D:\WINDOWS\system32\oqtwa.bak1 deleted successfully.

 

 

File D:\WINDOWS\system32\oqtwa.bak2 not found!

Deletion of file D:\WINDOWS\system32\oqtwa.bak2 failed!

 

Could not process line:

D:\WINDOWS\system32\oqtwa.bak2

Status: 0xc0000034

 

File D:\WINDOWS\system32\oqtwa.ini deleted successfully.

 

 

File D:\WINDOWS\system32\oqtwa.ini2 not found!

Deletion of file D:\WINDOWS\system32\oqtwa.ini2 failed!

 

Could not process line:

D:\WINDOWS\system32\oqtwa.ini2

Status: 0xc0000034

 

 

 

File D:\WINDOWS\system32\oqtwa.tmp not found!

Deletion of file D:\WINDOWS\system32\oqtwa.tmp failed!

 

Could not process line:

D:\WINDOWS\system32\oqtwa.tmp

Status: 0xc0000034

 

 

 

File D:\WINDOWS\system32\qommnlk.dll not found!

Deletion of file D:\WINDOWS\system32\qommnlk.dll failed!

 

Could not process line:

D:\WINDOWS\system32\qommnlk.dll

Status: 0xc0000034

 

 

 

File D:\WINDOWS\system32\sgqlgyes.dll not found!

Deletion of file D:\WINDOWS\system32\sgqlgyes.dll failed!

 

Could not process line:

D:\WINDOWS\system32\sgqlgyes.dll

Status: 0xc0000034

 

 

 

File D:\WINDOWS\system32\siltlskh.dll not found!

Deletion of file D:\WINDOWS\system32\siltlskh.dll failed!

 

Could not process line:

D:\WINDOWS\system32\siltlskh.dll

Status: 0xc0000034

 

 

 

File D:\WINDOWS\system32\winzwr32.dll not found!

Deletion of file D:\WINDOWS\system32\winzwr32.dll failed!

 

Could not process line:

D:\WINDOWS\system32\winzwr32.dll

Status: 0xc0000034

 

 

 

File D:\WINDOWS\system32\wivybxqp.dll not found!

Deletion of file D:\WINDOWS\system32\wivybxqp.dll failed!

 

Could not process line:

D:\WINDOWS\system32\wivybxqp.dll

Status: 0xc0000034

 

 

 

File D:\WINDOWS\system32\wvusqom.dll not found!

Deletion of file D:\WINDOWS\system32\wvusqom.dll failed!

 

Could not process line:

D:\WINDOWS\system32\wvusqom.dll

Status: 0xc0000034

 

 

 

File D:\WINDOWS\system32\xncushli.ini not found!

Deletion of file D:\WINDOWS\system32\xncushli.ini failed!

 

Could not process line:

D:\WINDOWS\system32\xncushli.ini

Status: 0xc0000034

 

 

Completed script processing.

 

*******************

 

Finished! Terminate[/log]

 

[Cecilia]

Då tar vi bort lite rester med HijackThis.

Skanna med HijackThis och bocka för:

 

O2 - BHO: (no name) - {2771D8F7-933D-4D4E-B79F-DEF857511A82} - D:\WINDOWS\system32\iifcday.dll (file missing)

O2 - BHO: (no name) - {7DA39570-5FD2-4f18-94B4-20730CB3F727} - D:\WINDOWS\system32\sgqlgyes.dll (file missing)

O2 - BHO: (no name) - {ED0CA5B2-5537-42FE-9307-0151E509CC7F} - D:\WINDOWS\system32\awtqo.dll (file missing)

O20 - Winlogon Notify: awtqo - D:\WINDOWS\system32\awtqo.dll (file missing)

 

Avsluta alla andra program.

Tryck Fix checked.

 

Starta om datorn och så kontrollera själv i en ny HijackThis-logg att ovanstående rader är borta.

 

Hur uppför sig datorn nu?

 

[Mouna]

ja, alla rader har försvunnit.. Vad var problemet från början? Varför var vi tvungna att gå igenom alla de stegen?

 

Ska jag aktivera startmetoden som följer instruktionerna nedan?

Kontrollpanelen - Administrationsverktyg - Tjänster

Leta upp COM+ Messages i listan, dubbelklicka och välj Startmetod Inaktiverad

 

[Cecilia]

Ska jag aktivera startmetoden som följer instruktionerna nedan?

Nej, absolut inte det är en otrevlighet.

 

Jag vet inte hur du har fått in Vundo i datorn, någon webbsida du har besökt som installerat något eller något program du har installerat eller från ett mejl, för att nämna vanliga smittvägar.

 

Vundo har förmågan att dölja sig när den ser att ett program som heter HijackThis körs, så därför behövde du byta namn på HijackThis.

 

Sedan fungerade inte VundoFix fullt ut och fick bort alla filer, kan ha berott på Norton, utan då behövdes Avenger för att få bort de sista filerna som hade med Vundo att göra. Sedan det sista med HijackThis var för att få bort en del ofarliga rester i registret efter Vundo.

 

Här kommer mina vanliga råd för en säkrare dator, men det är så klart viktigt att man använder sitt förnuft också.

 

Uppdatera från Windows Update och kör antispionprogrammen AVG Anti-Spyware (Ewido), SUPERAntiSpyware, Spybot S&D och/eller Ad-aware regelbundet.

http://www.ewido.net/en/

http://www.superantispyware.com/

http://www.safer-networking.org/en/download/index.html

http://www.lavasoft.com

 

Komplettera antivirusprogrammet med några online-skanningar då och då:

http://housecall.trendmicro.com/

http://www.bitdefender.com/scan8/ie.html

http://www.pandasoftware.com/products/activescan/

 

Använd en brandvägg (bättre än den inbyggda i XP), finns gratis från t ex ZoneLabs.

http://www.zonelabs.com/store/content/home.jsp

 

Om man använder Internet Explorer så kan det vara lämpligt att ha programmen SpywareBlaster och SpywareGuard, vilka hindrar en hel del otrevliga program från att laddas ner resp. köras:

http://www.javacoolsoftware.com

 

Se över säkerhetsinställningarna i Internet Explorer, det finns en hel del tips här:

http://www.spywarewarrior.com/uiuc/btw/ie/ie-opts.htm

 

Samt kör IE-SpyAd som lägger en hel massa otrevliga webbplatser i zonen Ej tillförlitliga i Internet Explorer så att de inte kan göra något med datorn:

http://www.spywarewarrior.com/uiuc/resource.htm

 

Om man byter webbläsare så är det bara SpywareGuard som behövs. Andra webbläsare är t ex Mozilla Firefox och Opera:

http://www.mozilla.org

http://www.opera.com

 

Allt gratis för hemanvändare/personligt bruk.