Startsidan ändras, snälla hjälp

[rabbit70warhammer]

hej.

 

Jag har problemet att när jag startar internet så inleder datorn med att starta den angiva internet startsidan. Efter ungefär 2-3sek så laddas göljande sida upp:

 

http://protectionwarning.com/

 

Det är inte så att startsidan ändras vid internet alternativ utan det är något annat som inleder detta. Men vad? hur får jag bort det? Jag fick skiten när jag tryckte på fel knapp i ett pop up fönster, sedan frågade Mcafee om jag ville tillåta programet åtkomst till internet vilket jag råkade göra.

 

Inte nog med det. Efter att man har varit vid datan i ungefär 10min får man ett medelande (nere i vänstra hörnet bredvid klockan) som säger:

 

 

Your computer is infected with a back door Trojan that allows the remote attacker to perform various maicious... och så vidare (alltså är detta inte ett medelande från datorn himself)

 

Kan nån ge mig stef för stef råd eller liknade som gör att jag får bort det.

Skulle vara mer än tacksam.

 

 

 

/rabbit70warhammer

 

[Cecilia]

Ladda ner programmet SmitfraudFix (by S!Ri) till Skrivbordet:

http://siri.urz.free.fr/Fix/SmitfraudFix.zip

Högerklicka och extrahera allt innehåll till Skrivbordet. En mapp SmitfraudFix kommer att skapas.

 

Öppna SmitfraudFix-mappen och dubbelklicka på smitfraudfix.cmd.

Välj alternativ #1 - Search genom att trycka på 1 och Enter.

Programmet kommer att skanna igenom datorn.

När den är klart visas resultatet och programmet har skapat loggfilen C:\rapport.txt.

 

Klistra in innehållet i loggfilen i ditt svar här.

 

Gör inget annat med SmitfraudFix-mappen eller smitfraudfix.cmd.

 

Vi kan ju se om HijackThis visar något till att börja med:

http://www.thespykiller.co.uk/files/HJTsetup.exe

Installera, kör, skanna och spara loggen (inget annat).

Klistra in innehållet i loggfilen i ditt svar här.

 

När du har klistrat in en loggfil i ditt svar så trycker du på LOG-knappen, som finns på samma rad som i Besvara-fönstret.

 

[rabbit70warhammer]

[log]Logfile of HijackThis v1.99.1

Scan saved at 17:47:26, on 2007-02-09

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Program\Video ActiveX Object\isamntr.exe

C:\Program\Video ActiveX Object\pmsnrr.exe

C:\Program\McAfee.com\VSO\mcvsshld.exe

C:\Program\QuickTime\qttask.exe

C:\Program\McAfee.com\VSO\oasclnt.exe

c:\program\mcafee.com\vso\mcvsescn.exe

C:\Program\McAfee\SPAMKI~1\MskAgent.exe

C:\program\mcafee.com\mps\mscifapp.exe

c:\program\mcafee.com\agent\mcagent.exe

C:\Program\McAfee.com\PERSON~1\MpfTray.exe

C:\Program\iTunes\iTunesHelper.exe

C:\WINDOWS\system32\igfxpers.exe

C:\WINDOWS\system32\hkcmd.exe

C:\Program\Dell\Media Experience\DMXLauncher.exe

C:\Program\Dell Photo AIO Printer 924\dlccmon.exe

C:\Program\Corel\Corel Photo Album 6\MediaDetect.exe

C:\Program\MSN Messenger\MsnMsgr.Exe

C:\Program\Video ActiveX Object\pmmnt.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program\Video ActiveX Object\isamini.exe

c:\program\mcafee.com\vso\mcvsftsn.exe

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCCserv.exe

c:\program\mcafee.com\agent\mcdetect.exe

c:\program\mcafee.com\vso\mcshield.exe

C:\Program\Messenger\msmsgs.exe

C:\Program\Mozilla Firefox\firefox.exe

c:\program\mcafee.com\agent\mctskshd.exe

C:\Program\Delade filer\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Program\McAfee.com\PERSON~1\MpfService.exe

C:\Program\McAfee\SPAMKI~1\MSKSrvr.exe

C:\WINDOWS\system32\svchost.exe

C:\Program\iPod\bin\iPodService.exe

C:\WINDOWS\system32\dlcccoms.exe

C:\Program\McAfee.com\PERSON~1\MpfAgent.exe

C:\WINDOWS\system32\svchost.exe

C:\Program\Internet Explorer\iexplore.exe

C:\WINDOWS\system32\cleanmgr.exe

C:\Program\Delade filer\Microsoft Shared\Source Engine\OSE.EXE

C:\Program\Lavasoft\AD-AWA~1\Ad-Aware.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program\Hijackthis\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.se/0SESVSE/SAOS02

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com/

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www1.euro.dell.com/content/default.aspx?c=se&l=sv&s=gen

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar

R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - (no file)

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {202a961f-23ae-42b1-9505-ffe3c818d717} - C:\Program\strCodec\isaddon.dll (file missing)

O2 - BHO: McBrwHelper Class - {227B8AA8-DAF2-4892-BD1D-73F568BCB24E} - c:\program\mcafee.com\mps\mcbrhlpr.dll

O2 - BHO: McAfee Privacy Service Popup Blocker - {3EC8255F-E043-4cae-8B3B-B191550C2A22} - c:\program\mcafee.com\mps\popupkiller.dll

O2 - BHO: McAfee AntiPhishing Filter - {41D68ED8-4CFF-4115-88A6-6EBB8AF19000} - c:\program\mcafee\spamkiller\mcapfbho.dll

O2 - BHO: (no name) - {67982BB7-0F95-44C5-92DC-E3AF3DC19D6D} - C:\Program\Video ActiveX Object\isadd.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program\Delade filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\program\mcafee.com\vso\mcvsshl.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program\Yahoo!\Companion\Installs\cpn\yt.dll

O3 - Toolbar: Protection Bar - {479fd0cf-5be9-4c63-8cda-b6d371c67bd5} - C:\Program\strCodec\iesplugin.dll (file missing)

O3 - Toolbar: Protection Bar - {84938242-5C5B-4A55-B6B9-A1507543B418} - C:\Program\Video ActiveX Object\iesplugin.dll (file missing)

O4 - HKLM\..\Run: [DLCCCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll,_RunDLLEntry@16

O4 - HKLM\..\Run: [VSOCheckTask] "C:\Program\McAfee.com\VSO\mcmnhdlr.exe" /checktask

O4 - HKLM\..\Run: [VirusScan Online] C:\Program\McAfee.com\VSO\mcvsshld.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [OASClnt] C:\Program\McAfee.com\VSO\oasclnt.exe

O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program\McAfee\SPAMKI~1\MSKDetct.exe /startup

O4 - HKLM\..\Run: [MSKAGENTEXE] C:\Program\McAfee\SPAMKI~1\MskAgent.exe

O4 - HKLM\..\Run: [MPSExe] c:\program\mcafee.com\mps\mscifapp.exe /embedding

O4 - HKLM\..\Run: [MPFExe] C:\Program\McAfee.com\PERSON~1\MpfTray.exe

O4 - HKLM\..\Run: [MCUpdateExe] c:\program\mcafee.com\agent\mcupdate.exe

O4 - HKLM\..\Run: [MCAgentExe] c:\program\mcafee.com\agent\mcagent.exe

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program\Delade filer\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [iSUSPM Startup] "C:\Program\Delade filer\InstallShield\UpdateService\isuspm.exe" -startup

O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [DMXLauncher] C:\Program\Dell\Media Experience\DMXLauncher.exe

O4 - HKLM\..\Run: [dlccmon.exe] "C:\Program\Dell Photo AIO Printer 924\dlccmon.exe"

O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program\Corel\Corel Photo Album 6\MediaDetect.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Program\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [Error Safe] "C:\Program\Error Safe Free\ers.exe" /min

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [bitTorrent] "C:\Program\BitTorrent\bittorrent.exe" --force_start_minimized

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program\mcafee\spamkiller\mcapfbho.dll

O9 - Extra 'Tools' menuitem: McAfee AntiPhishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program\mcafee\spamkiller\mcapfbho.dll

O9 - Extra button: Referensinformation - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C5} (GameDesire Snooker) - http://67.15.101.3/g_bin/eng/snooker_2_0_0_28.cab

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program\MSNMES~1\MSGRAP~1.DLL

O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O21 - SSODL: exemplars - {2acf3add-34a1-4f2f-99cf-cc69785d1e90} - C:\WINDOWS\system32\cwgppb.dll (file missing)

O23 - Service: DLCCCustomerConnect - Unknown owner - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\DLCCserv.exe

O23 - Service: dlcc_device - - C:\WINDOWS\system32\dlcccoms.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Unknown owner - C:\Program\Delade filer\InstallShield\Driver\11\Intel 32\IDriverT.exe (file missing)

O23 - Service: iPodService - Apple Computer, Inc. - C:\Program\iPod\bin\iPodService.exe

O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program\mcafee.com\agent\mcdetect.exe

O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\program\mcafee.com\vso\mcshield.exe

O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\program\mcafee.com\agent\mctskshd.exe

O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\Program\McAfee.com\Agent\mcupdmgr.exe

O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\Program\McAfee.com\PERSON~1\MpfService.exe

O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\Program\McAfee\SPAMKI~1\MSKSrvr.exe

O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program\Intel\PROSetWired\NCS\Sync\NetSvc.exe

[/log]

 

 

 

jag hoppas detta går. jag klistrade bara in loggen. Hoppas det är ok.

vad ska man göran nu. tack för hjälpen förresten.

 

 

 

 

 

 

[Cecilia]

Ladda ner programmet SmitfraudFix (by S!Ri) till Skrivbordet:

http://siri.urz.free.fr/Fix/SmitfraudFix.zip

Högerklicka och extrahera allt innehåll till Skrivbordet. En mapp SmitfraudFix kommer att skapas.

 

Öppna SmitfraudFix-mappen och dubbelklicka på smitfraudfix.cmd.

Välj alternativ #1 - Search genom att trycka på 1 och Enter.

Programmet kommer att skanna igenom datorn.

När den är klart visas resultatet och programmet har skapat loggfilen C:\rapport.txt.

 

Klistra in innehållet i loggfilen i ditt svar här.

Markera (måla, dra med musen med vänster musknapp nedtryckt) hela loggen, tryck sedan på LOG-knappen, som finns på samma rad som i svars-fönstret.

 

Gör inget annat med SmitfraudFix-mappen eller smitfraudfix.cmd.

 

 

[rabbit70warhammer]

Loggen är från det andra alternativet du visade. Går den lika bra?

 

[rabbit70warhammer]

Oj jag ska fixa det du sa först vänta bara.

 

[rabbit70warhammer]

[log]SmitFraudFix v2.141

 

Scan done at 18:52:10,04, 2007-02-09

Run from C:\Program\Mozilla Firefox\SmitfraudFix

OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT

The filesystem type is NTFS

Fix run in normal mode

 

»»»»»»»»»»»»»»»»»»»»»»»» hosts

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Erik Nordkvist

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Erik Nordkvist\Application Data

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Start Menu

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\ERIKNO~1\FAVORI~1

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Desktop

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\Program

 

C:\Program\Video ActiveX Object\ FOUND !

 

»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]

"Source"="About:Home"

"SubscribedURL"="About:Home"

"FriendlyName"="Min aktuella startsida"

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler

!!!Attention, following keys are not inevitably infected!!!

 

SrchSTS.exe by S!Ri

Search SharedTaskScheduler's .dll

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]

"{2acf3add-34a1-4f2f-99cf-cc69785d1e90}"="exemplars"

 

[HKEY_CLASSES_ROOT\CLSID\{2acf3add-34a1-4f2f-99cf-cc69785d1e90}\InProcServer32]

@="C:\WINDOWS\system32\cwgppb.dll"

 

[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{2acf3add-34a1-4f2f-99cf-cc69785d1e90}\InProcServer32]

@="C:\WINDOWS\system32\cwgppb.dll"

 

 

 

»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs

!!!Attention, following keys are not inevitably infected!!!

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"AppInit_DLLs"=""

"LoadAppInit_DLLs"=dword:00000001

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System

!!!Attention, following keys are not inevitably infected!!!

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]

"System"=""

 

 

»»»»»»»»»»»»»»»»»»»»»»»» pe386-msguard-lzx32-huy32

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection

 

 

»»»»»»»»»»»»»»»»»»»»»»»» End[/log]

 

 

 

Hoppas verkligen du/ni kan hitta nått av detta. Hoppas detta är rätt också. Tack på förhand. Hoppas verkligenn

 

 

 

[inlägget ändrat 2007-02-09 19:04:46 av rabbit70warhammer]

[Cecilia]

Starta om datorn i felsäkert läge genom att trycka F8 upprepade gånger under uppstarten och välja Felsäkert i menyn.

 

Öppna SmitfraudFix-mappen och dubbelklicka på smitfraudfix.cmd för att starta programmet.

Välj alternativ #2 genom att trycka 2 och Enter.

Vänta på att verktyget blir klart och diskrensningen avslutas.

Under tiden så kommer det en fråga om du vill rensa registret (clean the registry) svara ja (Yes) genom att trycka Y och Enter.

 

Om datorn inte startar om av sig själv så gör du det.

Även denna gång ska det vara felsäkert läge.

 

Kontrollpanelen - Internet-alternativ - Allmänt - Ta bort filer, kryssa i rutan - OK

Sedan på fliken Program, välj Återställ webbinställningar. Verkställ - OK

 

Kontrollpanelen - Bildskärm - Skrivbord - Anpassa skrivbordet - Webb

Om det finns något med Security info eller liknande så Ta bort det.

OK - Verkställ - OK

 

Starta om datorn i normalt läge.

 

I ditt svar så klistra in den nyss skapade C:\rapport.txt och en ny HijackThis-logg, samt skriv hur datorn uppför sig nu.

 

[Stefan Eklinder]

 

 

Tråden flyttad till Virus - Antivirus

 

 

---

C:\Eforum\Stefan Eklinder> moderator Internet - övrigt|

 

"Om allt verkar gå bra, måste du ha missat något."

 

- Steven Wright

 

 

 

[Cecilia]

rabbit70warhammer har svårt att logga in, så jag fick Smitfraud-loggen på mejl.

 

[log]SmitFraudFix v2.141

 

Scan done at 19:35:21,65, 2007-02-10

Run from C:\Documents and Settings\Erik Nordkvist\Skrivbord\SmitfraudFix

OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT

The filesystem type is NTFS

Fix run in normal mode

 

»»»»»»»»»»»»»»»»»»»»»»»» hosts

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Erik Nordkvist

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Erik

Nordkvist\Application Data

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Start Menu

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\ERIKNO~1\FAVORI~1

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Desktop

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\Program

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

 

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler

!!!Attention, following keys are not inevitably infected!!!

 

SrchSTS.exe by S!Ri

Search SharedTaskScheduler's .dll

 

 

»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs

!!!Attention, following keys are not inevitably infected!!!

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"AppInit_DLLs"=""

"LoadAppInit_DLLs"=dword:00000001

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System

!!!Attention, following keys are not inevitably infected!!!

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]

"System"=""

 

 

»»»»»»»»»»»»»»»»»»»»»»»» pe386-msguard-lzx32-huy32

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection

 

 

»»»»»»»»»»»»»»»»»»»»»»»» End[/log]

 

[Cecilia]

Här kommer en logfil över hijack.this också, dock lite sent.

 

[log]Logfile of HijackThis v1.99.1

Scan saved at 19:08:46, on 2007-02-13

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.5730.0011)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCCserv.exe

c:\program\mcafee.com\agent\mcdetect.exe

c:\program\mcafee.com\vso\mcshield.exe

c:\program\mcafee.com\agent\mctskshd.exe

C:\Program\Delade filer\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Program\McAfee.com\PERSON~1\MpfService.exe

C:\Program\McAfee\SPAMKI~1\MSKSrvr.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\dlcccoms.exe

C:\WINDOWS\Explorer.EXE

C:\Program\McAfee.com\VSO\mcvsshld.exe

C:\Program\QuickTime\qttask.exe

C:\Program\McAfee.com\VSO\oasclnt.exe

C:\Program\McAfee\SPAMKI~1\MskAgent.exe

C:\program\mcafee.com\mps\mscifapp.exe

C:\Program\McAfee.com\PERSON~1\MpfTray.exe

C:\program\mcafee.com\agent\mcagent.exe

C:\Program\iTunes\iTunesHelper.exe

C:\WINDOWS\system32\igfxpers.exe

C:\WINDOWS\system32\hkcmd.exe

C:\Program\Dell\Media Experience\DMXLauncher.exe

C:\Program\Dell Photo AIO Printer 924\dlccmon.exe

C:\Program\Corel\Corel Photo Album 6\MediaDetect.exe

C:\Program\MSN Messenger\MsnMsgr.Exe

C:\WINDOWS\system32\ctfmon.exe

c:\program\mcafee.com\vso\mcvsescn.exe

C:\Program\WinZip\WZQKPICK.EXE

C:\Program\iPod\bin\iPodService.exe

C:\Program\Internet Explorer\IEXPLORE.EXE

c:\program\mcafee.com\vso\mcvsftsn.exe

C:\Program\McAfee.com\PERSON~1\MpfAgent.exe

C:\Program\Messenger\msmsgs.exe

C:\WINDOWS\system32\svchost.exe

C:\Program\Hijackthis\HijackThis.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

http://go.microsoft.com/fwlink/?LinkId=69157'>http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

http://go.microsoft.com/fwlink/?LinkId=54896'>http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =

http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

Länkar

R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - (no

file)

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} -

C:\Program\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Adobe PDF Reader Link Helper -

{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat

7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: McBrwHelper Class - {227B8AA8-DAF2-4892-BD1D-73F568BCB24E} -

c:\program\mcafee.com\mps\mcbrhlpr.dll

O2 - BHO: McAfee Privacy Service Popup Blocker -

{3EC8255F-E043-4cae-8B3B-B191550C2A22} -

c:\program\mcafee.com\mps\popupkiller.dll

O2 - BHO: McAfee AntiPhishing Filter -

{41D68ED8-4CFF-4115-88A6-6EBB8AF19000} -

c:\program\mcafee\spamkiller\mcapfbho.dll

O2 - BHO: Windows Live Sign-in Helper -

{9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program\Delade filer\Microsoft

Shared\Windows Live\WindowsLiveLogin.dll

O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} -

c:\program\mcafee.com\vso\mcvsshl.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} -

C:\Program\Yahoo!\Companion\Installs\cpn\yt.dll

O4 - HKLM\..\Run: [DLCCCATS] rundll32

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll,_RunDLLEntry@16

O4 - HKLM\..\Run: [VSOCheckTask] "C:\Program\McAfee.com\VSO\mcmnhdlr.exe"

/checktask

O4 - HKLM\..\Run: [VirusScan Online] C:\Program\McAfee.com\VSO\mcvsshld.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe"

-atboottime

O4 - HKLM\..\Run: [OASClnt] C:\Program\McAfee.com\VSO\oasclnt.exe

O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program\McAfee\SPAMKI~1\MSKDetct.exe

/startup

O4 - HKLM\..\Run: [MSKAGENTEXE] C:\Program\McAfee\SPAMKI~1\MskAgent.exe

O4 - HKLM\..\Run: [MPSExe] c:\program\mcafee.com\mps\mscifapp.exe /embedding

O4 - HKLM\..\Run: [MPFExe] C:\Program\McAfee.com\PERSON~1\MpfTray.exe

O4 - HKLM\..\Run: [MCUpdateExe] C:\program\mcafee.com\agent\mcupdate.exe

O4 - HKLM\..\Run: [MCAgentExe] c:\program\mcafee.com\agent\mcagent.exe

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program\Delade

filer\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [iSUSPM Startup] "C:\Program\Delade

filer\InstallShield\UpdateService\isuspm.exe" -startup

O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [DMXLauncher] C:\Program\Dell\Media

Experience\DMXLauncher.exe

O4 - HKLM\..\Run: [dlccmon.exe] "C:\Program\Dell Photo AIO Printer

924\dlccmon.exe"

O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program\Corel\Corel Photo

Album 6\MediaDetect.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Program\MSN Messenger\MsnMsgr.Exe"

/background

O4 - HKCU\..\Run: [Error Safe] "C:\Program\Error Safe Free\ers.exe" /min

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [bitTorrent] "C:\Program\BitTorrent\bittorrent.exe"

--force_start_minimized

O4 - Global Startup: Adobe Reader Speed Launch.lnk =

C:\Program\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program\WinZip\WZQKPICK.EXE

O8 - Extra context menu item: E&xportera till Microsoft Excel -

res://C:\Program\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} -

c:\program\mcafee\spamkiller\mcapfbho.dll

O9 - Extra 'Tools' menuitem: McAfee AntiPhishing Filter -

{39FD89BF-D3F1-45b6-BB56-3582CCF489E1} -

c:\program\mcafee\spamkiller\mcapfbho.dll

O9 - Extra button: Referensinformation -

{92780B25-18CC-41C8-B9BE-3C9C571A8263} -

C:\Program\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} -

%windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 -

{e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network

Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -

C:\Program\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger -

{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O11 - Options group: [iNTERNATIONAL] International*

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} -

C:\Program\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} -

C:\Program\MSNMES~1\MSGRAP~1.DLL

O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O23 - Service: DLCCCustomerConnect - Unknown owner -

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\DLCCserv.exe

O23 - Service: dlcc_device - - C:\WINDOWS\system32\dlcccoms.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Unknown owner -

C:\Program\Delade filer\InstallShield\Driver\11\Intel 32\IDriverT.exe (file

missing)

O23 - Service: iPodService - Apple Computer, Inc. -

C:\Program\iPod\bin\iPodService.exe

O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc -

c:\program\mcafee.com\agent\mcdetect.exe

O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. -

c:\program\mcafee.com\vso\mcshield.exe

O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc -

c:\program\mcafee.com\agent\mctskshd.exe

O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee,

Inc - C:\Program\McAfee.com\Agent\mcupdmgr.exe

O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee

Corporation - C:\Program\McAfee.com\PERSON~1\MpfService.exe

O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. -

C:\Program\McAfee\SPAMKI~1\MSKSrvr.exe

O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation -

C:\Program\Intel\PROSetWired\NCS\Sync\NetSvc.exe[/log]

 

[Cecilia]

Skanna med HijackThis och bocka för:

 

R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - (no

file)

O4 - HKCU\..\Run: [Error Safe] "C:\Program\Error Safe Free\ers.exe" /min

 

Avsluta alla andra program.

Tryck Fix checked.

 

Starta om datorn i felsäkert läge (tryck F8 upprepade gånger under uppstarten och välj felsäkert läge i menyn).

 

Ställ in Utforskaren så att du kan se alla filer:

Verktyg - (Mapp)alternativ eller liknande - Visning

Välj Visa dolda filer och mappar

Avbocka Dölj filnamnstillägg för kända filtyper

Avbocka Dölj skyddade operativsystemfiler

 

Ta bort mapparna (om de finns kvar):

C:\Program\Error Safe Free

 

Starta om i normalt läge och så en ny HijackThis-logg.

 

[Cecilia]

Här kommer senaste loggen:

 

När jag avbockade "skyddande operativssystemsfiler" kom en textruta upp som

"tyckte" att jag inte skulle göra det. Ska jag bocka för den igen nu? Tack

för hjälpen i alla fall.

[log]

Logfile of HijackThis v1.99.1

Scan saved at 21:43:38, on 2007-02-13

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.5730.0011)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Program\McAfee.com\VSO\mcvsshld.exe

C:\Program\QuickTime\qttask.exe

C:\Program\McAfee.com\VSO\oasclnt.exe

c:\program\mcafee.com\vso\mcvsescn.exe

C:\Program\McAfee\SPAMKI~1\MskAgent.exe

C:\program\mcafee.com\mps\mscifapp.exe

C:\Program\McAfee.com\PERSON~1\MpfTray.exe

C:\program\mcafee.com\agent\mcagent.exe

C:\Program\iTunes\iTunesHelper.exe

C:\WINDOWS\system32\igfxpers.exe

C:\WINDOWS\system32\hkcmd.exe

C:\Program\Dell\Media Experience\DMXLauncher.exe

C:\Program\Dell Photo AIO Printer 924\dlccmon.exe

C:\Program\Corel\Corel Photo Album 6\MediaDetect.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program\WinZip\WZQKPICK.EXE

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCCserv.exe

c:\program\mcafee.com\agent\mcdetect.exe

c:\program\mcafee.com\vso\mcshield.exe

c:\program\mcafee.com\vso\mcvsftsn.exe

C:\Program\Messenger\msmsgs.exe

c:\program\mcafee.com\agent\mctskshd.exe

C:\Program\Delade filer\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Program\McAfee.com\PERSON~1\MpfService.exe

C:\Program\McAfee\SPAMKI~1\MSKSrvr.exe

C:\WINDOWS\system32\svchost.exe

C:\Program\iPod\bin\iPodService.exe

C:\WINDOWS\system32\dlcccoms.exe

C:\Program\McAfee.com\PERSON~1\MpfAgent.exe

C:\Program\Internet Explorer\IEXPLORE.EXE

C:\WINDOWS\system32\wuauclt.exe

C:\Program\Hijackthis\HijackThis.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

http://go.microsoft.com/fwlink/?LinkId=69157'>http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

http://go.microsoft.com/fwlink/?LinkId=54896'>http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =

http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

Länkar

- Dölj citerad text -

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} -

C:\Program\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Adobe PDF Reader Link Helper -

{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat

7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: McBrwHelper Class - {227B8AA8-DAF2-4892-BD1D-73F568BCB24E} -

c:\program\mcafee.com\mps\mcbrhlpr.dll

O2 - BHO: McAfee Privacy Service Popup Blocker -

{3EC8255F-E043-4cae-8B3B-B191550C2A22} -

c:\program\mcafee.com\mps\popupkiller.dll

O2 - BHO: McAfee AntiPhishing Filter -

{41D68ED8-4CFF-4115-88A6-6EBB8AF19000} -

c:\program\mcafee\spamkiller\mcapfbho.dll

O2 - BHO: Windows Live Sign-in Helper -

{9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program\Delade filer\Microsoft

Shared\Windows Live\WindowsLiveLogin.dll

O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} -

c:\program\mcafee.com\vso\mcvsshl.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} -

C:\Program\Yahoo!\Companion\Installs\cpn\yt.dll

O4 - HKLM\..\Run: [DLCCCATS] rundll32

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll,_RunDLLEntry@16

O4 - HKLM\..\Run: [VSOCheckTask] "C:\Program\McAfee.com\VSO\mcmnhdlr.exe"

/checktask

O4 - HKLM\..\Run: [VirusScan Online] C:\Program\McAfee.com\VSO\mcvsshld.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe"

-atboottime

O4 - HKLM\..\Run: [OASClnt] C:\Program\McAfee.com\VSO\oasclnt.exe

O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program\McAfee\SPAMKI~1\MSKDetct.exe

/startup

O4 - HKLM\..\Run: [MSKAGENTEXE] C:\Program\McAfee\SPAMKI~1\MskAgent.exe

O4 - HKLM\..\Run: [MPSExe] c:\program\mcafee.com\mps\mscifapp.exe /embedding

O4 - HKLM\..\Run: [MPFExe] C:\Program\McAfee.com\PERSON~1\MpfTray.exe

O4 - HKLM\..\Run: [MCUpdateExe] C:\program\mcafee.com\agent\mcupdate.exe

O4 - HKLM\..\Run: [MCAgentExe] c:\program\mcafee.com\agent\mcagent.exe

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program\Delade

filer\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [iSUSPM Startup] "C:\Program\Delade

filer\InstallShield\UpdateService\isuspm.exe" -startup

O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [DMXLauncher] C:\Program\Dell\Media

Experience\DMXLauncher.exe

O4 - HKLM\..\Run: [dlccmon.exe] "C:\Program\Dell Photo AIO Printer

924\dlccmon.exe"

O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program\Corel\Corel Photo

Album 6\MediaDetect.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Program\MSN Messenger\MsnMsgr.Exe"

/background

O4 - HKCU\..\Run: [Error Safe] "C:\Program\Error Safe Free\ers.exe" /min

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [bitTorrent] "C:\Program\BitTorrent\bittorrent.exe"

--force_start_minimized

O4 - Global Startup: Adobe Reader Speed Launch.lnk =

C:\Program\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program\WinZip\WZQKPICK.EXE

O8 - Extra context menu item: E&xportera till Microsoft Excel -

res://C:\Program\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} -

c:\program\mcafee\spamkiller\mcapfbho.dll

O9 - Extra 'Tools' menuitem: McAfee AntiPhishing Filter -

{39FD89BF-D3F1-45b6-BB56-3582CCF489E1} -

c:\program\mcafee\spamkiller\mcapfbho.dll

O9 - Extra button: Referensinformation -

{92780B25-18CC-41C8-B9BE-3C9C571A8263} -

C:\Program\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} -

%windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 -

{e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network

Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -

C:\Program\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger -

{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O11 - Options group: [iNTERNATIONAL] International*

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} -

C:\Program\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} -

C:\Program\MSNMES~1\MSGRAP~1.DLL

O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O23 - Service: DLCCCustomerConnect - Unknown owner -

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\DLCCserv.exe

O23 - Service: dlcc_device - - C:\WINDOWS\system32\dlcccoms.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Unknown owner -

C:\Program\Delade filer\InstallShield\Driver\11\Intel 32\IDriverT.exe (file

missing)

O23 - Service: iPodService - Apple Computer, Inc. -

C:\Program\iPod\bin\iPodService.exe

O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc -

c:\program\mcafee.com\agent\mcdetect.exe

O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. -

c:\program\mcafee.com\vso\mcshield.exe

O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc -

c:\program\mcafee.com\agent\mctskshd.exe

O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee,

Inc - C:\Program\McAfee.com\Agent\mcupdmgr.exe

O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee

Corporation - C:\Program\McAfee.com\PERSON~1\MpfService.exe

O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. -

C:\Program\McAfee\SPAMKI~1\MSKSrvr.exe

O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation -

C:\Program\Intel\PROSetWired\NCS\Sync\NetSvc.exe[/log]

 

[Cecilia]

Ladda ner Avenger på Skrivbordet och packa upp filen där:

http://swandog46.geekstogo.com/avenger.zip

Kopiera in följande i Anteckningar, inklusive rubriken Folders to delete:

 

Folders to delete:

C:\Program\Error Safe Free

 

Starta Avenger

Bocka i "Input Script Manually"

Klicka på förstoringsglaset och i "View/edit script" så klistrar du in texten som finns i Anteckningar.

Klicka på Done

Klicka på det gröna ljuset och svara Ja på frågorna.

Datorn startar nu om.

Ett DOS-fönster ska komma fram och sedan ska loggen komma upp.

Klistra in den här liksom en ny HijackThis-logg.

 

[rabbit70warhammer]

Hej cicilia. Jag måste verkligen än en gång tacka för hjälpen.

Här kommer loggarna.

 

[log]Logfile of The Avenger version 1, by Swandog46

Running from registry key:

\Registry\Machine\System\CurrentControlSet\Services\ecanjwme

 

*******************

 

Script file located at: \??\C:\Program Files\yoykrlti.txt

Script file opened successfully.

 

Script file read successfully

 

Backups directory opened successfully at C:\Avenger

 

*******************

 

Beginning to process script file:

 

 

 

Folder C:\Program\Error Safe Free not found!

Deletion of folder C:\Program\Error Safe Free failed!

 

Could not process line:

C:\Program\Error Safe Free

Status: 0xc0000034

 

 

Completed script processing.

 

*******************

 

Finished! Terminate.[/log]

 

 

[log]Logfile of HijackThis v1.99.1

Scan saved at 18:49:39, on 2007-02-15

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.5730.0011)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Program\McAfee.com\VSO\mcvsshld.exe

C:\Program\QuickTime\qttask.exe

C:\Program\McAfee.com\VSO\oasclnt.exe

C:\Program\McAfee\SPAMKI~1\MskAgent.exe

c:\program\mcafee.com\vso\mcvsescn.exe

c:\program\mcafee.com\agent\mcagent.exe

C:\program\mcafee.com\mps\mscifapp.exe

C:\Program\McAfee.com\PERSON~1\MpfTray.exe

C:\Program\iTunes\iTunesHelper.exe

C:\WINDOWS\system32\igfxpers.exe

C:\WINDOWS\system32\hkcmd.exe

C:\Program\Dell\Media Experience\DMXLauncher.exe

C:\Program\Dell Photo AIO Printer 924\dlccmon.exe

C:\Program\Corel\Corel Photo Album 6\MediaDetect.exe

C:\Program\MSN Messenger\MsnMsgr.Exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program\WinZip\WZQKPICK.EXE

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCCserv.exe

c:\program\mcafee.com\agent\mcdetect.exe

c:\program\mcafee.com\vso\mcshield.exe

C:\WINDOWS\system32\notepad.exe

c:\program\mcafee.com\agent\mctskshd.exe

C:\Program\Delade filer\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Program\McAfee.com\PERSON~1\MpfService.exe

C:\Program\McAfee\SPAMKI~1\MSKSrvr.exe

c:\program\mcafee.com\vso\mcvsftsn.exe

C:\Program\Messenger\msmsgs.exe

C:\Program\Internet Explorer\IEXPLORE.EXE

C:\WINDOWS\system32\svchost.exe

C:\Program\iPod\bin\iPodService.exe

C:\WINDOWS\system32\dlcccoms.exe

C:\Program\McAfee.com\PERSON~1\MpfAgent.exe

C:\Program\MSN Messenger\usnsvc.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program\Hijackthis\HijackThis.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157'>http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896'>http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: McBrwHelper Class - {227B8AA8-DAF2-4892-BD1D-73F568BCB24E} - c:\program\mcafee.com\mps\mcbrhlpr.dll

O2 - BHO: McAfee Privacy Service Popup Blocker - {3EC8255F-E043-4cae-8B3B-B191550C2A22} - c:\program\mcafee.com\mps\popupkiller.dll

O2 - BHO: McAfee AntiPhishing Filter - {41D68ED8-4CFF-4115-88A6-6EBB8AF19000} - c:\program\mcafee\spamkiller\mcapfbho.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program\Delade filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\program\mcafee.com\vso\mcvsshl.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program\Yahoo!\Companion\Installs\cpn\yt.dll

O4 - HKLM\..\Run: [DLCCCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll,_RunDLLEntry@16

O4 - HKLM\..\Run: [VSOCheckTask] "C:\Program\McAfee.com\VSO\mcmnhdlr.exe" /checktask

O4 - HKLM\..\Run: [VirusScan Online] C:\Program\McAfee.com\VSO\mcvsshld.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [OASClnt] C:\Program\McAfee.com\VSO\oasclnt.exe

O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program\McAfee\SPAMKI~1\MSKDetct.exe /startup

O4 - HKLM\..\Run: [MSKAGENTEXE] C:\Program\McAfee\SPAMKI~1\MskAgent.exe

O4 - HKLM\..\Run: [MPSExe] c:\program\mcafee.com\mps\mscifapp.exe /embedding

O4 - HKLM\..\Run: [MPFExe] C:\Program\McAfee.com\PERSON~1\MpfTray.exe

O4 - HKLM\..\Run: [MCUpdateExe] C:\program\mcafee.com\agent\mcupdate.exe

O4 - HKLM\..\Run: [MCAgentExe] c:\program\mcafee.com\agent\mcagent.exe

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program\Delade filer\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [iSUSPM Startup] "C:\Program\Delade filer\InstallShield\UpdateService\isuspm.exe" -startup

O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [DMXLauncher] C:\Program\Dell\Media Experience\DMXLauncher.exe

O4 - HKLM\..\Run: [dlccmon.exe] "C:\Program\Dell Photo AIO Printer 924\dlccmon.exe"

O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program\Corel\Corel Photo Album 6\MediaDetect.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Program\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [Error Safe] "C:\Program\Error Safe Free\ers.exe" /min

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [bitTorrent] "C:\Program\BitTorrent\bittorrent.exe" --force_start_minimized

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program\WinZip\WZQKPICK.EXE

O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program\mcafee\spamkiller\mcapfbho.dll

O9 - Extra 'Tools' menuitem: McAfee AntiPhishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program\mcafee\spamkiller\mcapfbho.dll

O9 - Extra button: Referensinformation - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O11 - Options group: [iNTERNATIONAL] International*

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program\MSNMES~1\MSGRAP~1.DLL

O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O23 - Service: DLCCCustomerConnect - Unknown owner - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\DLCCserv.exe

O23 - Service: dlcc_device - - C:\WINDOWS\system32\dlcccoms.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Unknown owner - C:\Program\Delade filer\InstallShield\Driver\11\Intel 32\IDriverT.exe (file missing)

O23 - Service: iPodService - Apple Computer, Inc. - C:\Program\iPod\bin\iPodService.exe

O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program\mcafee.com\agent\mcdetect.exe

O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\program\mcafee.com\vso\mcshield.exe

O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\program\mcafee.com\agent\mctskshd.exe

O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\Program\McAfee.com\Agent\mcupdmgr.exe

O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\Program\McAfee.com\PERSON~1\MpfService.exe

O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\Program\McAfee\SPAMKI~1\MSKSrvr.exe

O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program\Intel\PROSetWired\NCS\Sync\NetSvc.exe[/log]

 

 

Hoppas du fått det som krävs. Kan logga in nu också.

 

mvh//Erik

 

[Cecilia]

Det var roligt att inloggningen fungerar igen!

 

Alla filer är tydligen borta men det finns en registerpost kvar som borde tas bort. Har du använt registereditorn regedit någon gång förut?