Just nu i M3-nätverket
Jump to content

Hoax virus


MASSA

Recommended Posts

Hej

 

Jag har ett virusangrepp som jag inte lyckas få bort med mitt virusprogram. hoax.win32.renos kallas det.

Finns det någon som kan hjälpa mig?

 

[log]Logfile of HijackThis v1.99.1

Scan saved at 21:08:07, on 2007-02-12

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.5730.0011)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\SYSTEM32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program\Ahead\InCD\InCDsrv.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\Promon.exe

C:\Program\Compaq\Easy Access Button Support\StartEAK.exe

C:\Program\Java\jre1.5.0_06\bin\jusched.exe

C:\Program\F-SECU~1\backweb\1245240\Program\SERVIC~1.EXE

C:\Program\F-Secure Internet Security\Common\FSM32.EXE

C:\Program\Ahead\InCD\InCD.exe

C:\Compaq\EAKDRV\EAUSBKBD.EXE

C:\Program\F-Secure Internet Security\Anti-Virus\fsgk32st.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program\F-Secure Internet Security\Anti-Virus\FSGK32.EXE

C:\Program\F-Secure Internet Security\backweb\1245240\program\fsbwsys.exe

C:\Program\F-Secure Internet Security\Common\FSMA32.EXE

C:\Program\F-Secure Internet Security\Anti-Virus\fssm32.exe

C:\Program\F-Secure Internet Security\Common\FSMB32.EXE

C:\Program\Delade filer\LightScribe\LSSrvc.exe

C:\Program\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

C:\Program\F-Secure Internet Security\Common\FCH32.EXE

C:\WINDOWS\System32\NMSSvc.exe

C:\Program\F-Secure Internet Security\backweb\1245240\Program\fspex.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\Program\Spyware Doctor\sdhelp.exe

C:\WINDOWS\system32\devldr32.exe

C:\Program\F-Secure Internet Security\Common\FAMEH32.EXE

C:\Program\F-Secure Internet Security\Anti-Virus\fsqh.exe

C:\WINDOWS\System32\svchost.exe

C:\Program\F-Secure Internet Security\Anti-Virus\fsrw.exe

C:\Program\F-Secure Internet Security\FSPC\fspc.exe

C:\Program\Delade filer\Ulead Systems\DVD\ULCDRSvr.exe

C:\WINDOWS\system32\wdfmgr.exe

C:\Program\F-Secure Internet Security\Anti-Virus\fsav32.exe

C:\Program\F-Secure Internet Security\FSPC\fshttps\fshttps.exe

C:\Program\F-Secure Internet Security\FWES\Program\fsdfwd.exe

C:\Program\F-SECU~1\ANTI-S~1\fsaw.exe

C:\WINDOWS\System32\alg.exe

C:\Program\F-Secure Internet Security\FSGUI\fsguidll.exe

C:\Program\Compaq\Easy Access Button Support\CPQEAKSYSTEMTRAY.EXE

C:\Program\Compaq\Easy Access Button Support\CPQEADM.EXE

C:\Program\Compaq\EASYAC~1\BttnServ.exe

C:\Program\Opera\Opera.exe

C:\Documents and Settings\Dan\Skrivbord\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\Program\SPYWAR~1\tools\iesdsg.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program\Java\jre1.5.0_06\bin\ssv.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program\Delade filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program\google\googletoolbar3.dll

O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\Program\SPYWAR~1\tools\iesdpb.dll

O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program\Windows Live Toolbar\msntb.dll

O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program\Windows Live Toolbar\msntb.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program\google\googletoolbar3.dll

O4 - HKLM\..\Run: [Promon.exe] Promon.exe

O4 - HKLM\..\Run: [WCOLOREAL] C:\Program\COMPAQ\Coloreal\coloreal.exe

O4 - HKLM\..\Run: [CPQEASYACC] C:\Program\Compaq\Easy Access Button Support\StartEAK.exe

O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program\Java\jre1.5.0_06\bin\jusched.exe

O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program\D-Tools\daemon.exe" -lang 1033

O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program\F-Secure Internet Security\Common\FSM32.EXE" /splash

O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program\F-Secure Internet Security\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW

O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program\F-Secure Internet Security\FSGUI\FSSW.EXE" /reboot

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [inCD] C:\Program\Ahead\InCD\InCD.exe

O4 - HKLM\..\Run: [ulead AutoDetector v2] C:\Program\Delade filer\Ulead Systems\AutoDetector\monitor.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [RealTray] C:\Program\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER

O4 - HKLM\..\Run: [dmmfi.exe] C:\WINDOWS\system32\dmmfi.exe

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Program\MSN Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [swg] C:\Program\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [spyware Doctor] "C:\Program\Spyware Doctor\swdoctor.exe" /Q

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: C-Pen 10.lnk = ?

O4 - Global Startup: F-Secure 2006 OEM.lnk = C:\Program\F-Secure Internet Security\backweb\1245240\Program\fspex.exe

O4 - Global Startup: Reality Fusion GameCam SE.lnk = ?

O8 - Extra context menu item: &Blockera detta popup-fönster - C:\Program\F-Secure Internet Security\Anti-Spyware\blockpopups.htm

O8 - Extra context menu item: &Windows Live Search - res://C:\Program\Windows Live Toolbar\msntb.dll/search.htm

O8 - Extra context menu item: Öppna på ny flik i bakgrunden - res://C:\Program\Windows Live Toolbar\Components\sv-se\msntabres.dll.mui/229?e6f75af276d045b09d65f2b0bd818b9a

O8 - Extra context menu item: Öppna på ny flik i förgrunden - res://C:\Program\Windows Live Toolbar\Components\sv-se\msntabres.dll.mui/230?e6f75af276d045b09d65f2b0bd818b9a

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra button: Webbfilter - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program\F-Secure Internet Security\FSPC\fspcmsie.dll

O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program\F-Secure Internet Security\FSPC\fspcmsie.dll

O9 - Extra 'Tools' menuitem: Webbfilter - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program\F-Secure Internet Security\FSPC\fspcmsie.dll

O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\Program\SPYWAR~1\tools\iesdpb.dll

O9 - Extra button: IE-sköld - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program\F-Secure Internet Security\Anti-Spyware\ieshield.dll

O9 - Extra 'Tools' menuitem: IE-sköld... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program\F-Secure Internet Security\Anti-Spyware\ieshield.dll

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O10 - Broken Internet access because of LSP provider 'winsflt.dll' missing

O11 - Options group: [iNTERNATIONAL] International*

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1144999471983

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1144999460467

O16 - DPF: {8EB3FF4E-86A1-4717-884D-7BA2D38272CB} (F-Secure Online Scanner) - file://E:\ols\connect\fscax.cab

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.116.67 85.255.112.71

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program\MSNMES~1\MSGRAP~1.DLL

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O23 - Service: F-Secure 2006 OEM (BackWeb Plug-in - 1245240) - F-Secure Internet Security 2005 - C:\Program\F-SECU~1\backweb\1245240\Program\SERVIC~1.EXE

O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program\F-Secure Internet Security\Anti-Virus\fsgk32st.exe

O23 - Service: fsbwsys - F-Secure Corp. - C:\Program\F-Secure Internet Security\backweb\1245240\program\fsbwsys.exe

O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program\F-Secure Internet Security\FWES\Program\fsdfwd.exe

O23 - Service: F-Secure HTTP Server (fshttps) - F-Secure Corporation - C:\Program\F-Secure Internet Security\FSPC\fshttps\fshttps.exe

O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program\F-Secure Internet Security\Common\FSMA32.EXE

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program\Delade filer\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program\Ahead\InCD\InCDsrv.exe

O23 - Service: InCD Helper (read only) (InCDsrvR) - Nero AG - C:\Program\Ahead\InCD\InCDsrv.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program\Delade filer\LightScribe\LSSrvc.exe

O23 - Service: Intel® NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program\Spyware Doctor\sdhelp.exe

O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program\Delade filer\Ulead Systems\DVD\ULCDRSvr.exe

[/log]

 

 

Link to comment
Share on other sites

Skapa en ny mapp och flytta HijackThis dit. HijackThis ska ligga i sin egen mapp så att dess säkerhetskopior inte kommer bort.

 

I vilken mapp och fil säger F-secure att otrevligheten finns?

 

Det är en gammal Java-version med säkerhetshål i datorn. Avinstallera alla Java i Kontrollpanelen - Lägg till eller ta bort program och installera därefter en ny: http://www.java.com/sv/

 

Ladda ner FixWareout från en av dessa platser och spara t ex på Skrivbordet:

http://downloads.subratam.org/Fixwareout.exe

http://www.bleepingcomputer.com/files/lonny/Fixwareout.exe

 

Stäng alla program eftersom datorn kommer att startas om snart.

 

Dubbelklicka på den just nedladdade filen för att starta programmet FixWareout.

 

Tryck sedan Next, Install, kolla att Run fixit är förbockad och tryck Finish.

Fixen börjar köra, följ alla anvisningar. När du blir ombedd att starta om datorn så gör det. Det är normalt att omstarten tar längre tid än vanligt.

Klistra in loggfilen C:\fixwareout\report.txt som normalt öppnas automatiskt i ditt svar.

 

Ladda ner programmet SmitfraudFix (by S!Ri) till Skrivbordet:

http://siri.urz.free.fr/Fix/SmitfraudFix.zip

Högerklicka och extrahera allt innehåll till Skrivbordet. En mapp SmitfraudFix kommer att skapas.

 

Öppna SmitfraudFix-mappen och dubbelklicka på smitfraudfix.cmd.

Välj alternativ #1 - Search genom att trycka på 1 och Enter.

Programmet kommer att skanna igenom datorn.

När den är klart visas resultatet och programmet har skapat loggfilen C:\rapport.txt.

 

Klistra in innehållet i loggfilen i ditt svar här.

 

Gör inget annat med SmitfraudFix-mappen eller smitfraudfix.cmd.

 

OBS! När du har klistrat in en logg så är det viktigt att du markerar (målar) den och sedan trycker på LOG-knappen som finns på samma rad som :thumbsdown::thumbsup:.

 

Link to comment
Share on other sites

* Hi-jack är flyttad

 

* F-secure säger att målfilen ligger :

 

C:\SYSTEM VOLUME INFORMATION\_RESTORE{DE9373CF-8393-4860-A72C-95C549AE1FD3}\RP157\A0043023.EXE

 

* Fixware rapport:

[log]

Fixwareout Last edited 2/11/2007

Post this report in the forums please

...

»»»»»Prerun check

HKLM\SOFTWARE\~\CurrentVersion\Run\ ="dmmfi"

 

»»»»» System restarted

 

»»»»» Postrun check

HKLM\SOFTWARE\~\version\Run\ "dmmfi"

HKLM\SOFTWARE\~\Winlogon\ "system"=""

....

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "}3BEB151AFF69-F7E8-1DD4-5691-0F605FA6{" Deleted

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "}986AD1EEC7EE-2B1B-EA44-9209-2CB4F399{" Deleted

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "ifmmd" Deleted

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "4" Deleted

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "5" Deleted

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "6" Deleted

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "7" Deleted

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "8" Deleted

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "9" Deleted

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "10" Deleted

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "11" Deleted

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "12" Deleted

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "13" Deleted

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "14" Deleted

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "15" Deleted

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "16" Deleted

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "17" Deleted

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "18" Deleted

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "19" Deleted

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "20" Deleted

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "21" Deleted

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "22" Deleted

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "23" Deleted

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "24" Deleted

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "25" Deleted

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "26" Deleted

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "27" Deleted

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "28" Deleted

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "29" Deleted

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "30" Deleted

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "31" Deleted

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "32" Deleted

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "33" Deleted

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "34" Deleted

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "35" Deleted

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "36" Deleted

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "37" Deleted

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "38" Deleted

HKLM\~\currentversion\run "dmmfi.exe" Deleted

....

»»»»» Misc files.

C:\Casino Deleted

....

»»»»» Checking for older varients.

....

 

Search five digit cs, dm, kd, jb, other, files.

The following files NEED TO BE SUBMITTED to one of the following URL'S for further inspection.

 

C:\WINDOWS\system32\csneo.exe 51774 2006-09-16

C:\WINDOWS\system32\csopo.exe 51774 2006-09-16

C:\WINDOWS\system32\cspbw.exe 51774 2006-09-16

C:\WINDOWS\system32\csucb.exe 51774 2006-09-16

 

 

Click browse, find the file then click submit.

http://www.virustotal.com/flash/index_en.html

Or http://virusscan.jotti.org/

 

»»»»» Other

 

 

 

»»»»» Current runs

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Promon.exe"="Promon.exe"

"WCOLOREAL"="C:\\Program\\COMPAQ\\Coloreal\\coloreal.exe"

"CPQEASYACC"="C:\\Program\\Compaq\\Easy Access Button Support\\StartEAK.exe"

"srmclean"="C:\\Cpqs\\Scom\\srmclean.exe"

"AutoLogon"=""

"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\System32\\NvCpl.dll,NvStartup"

"nwiz"="nwiz.exe /install"

"DAEMON Tools-1033"="\"C:\\Program\\D-Tools\\daemon.exe\" -lang 1033"

"F-Secure Manager"="\"C:\\Program\\F-Secure Internet Security\\Common\\FSM32.EXE\" /splash"

"F-Secure TNB"="\"C:\\Program\\F-Secure Internet Security\\TNB\\TNBUtil.exe\" /CHECKALL /WAITFORSW"

"F-Secure Startup Wizard"="\"C:\\Program\\F-Secure Internet Security\\FSGUI\\FSSW.EXE\" /reboot"

"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"

"InCD"="C:\\Program\\Ahead\\InCD\\InCD.exe"

"Ulead AutoDetector v2"="C:\\Program\\Delade filer\\Ulead Systems\\AutoDetector\\monitor.exe"

"QuickTime Task"="\"C:\\Program\\QuickTime\\qttask.exe\" -atboottime"

"RealTray"="C:\\Program\\Real\\RealPlayer\\RealPlay.exe SYSTEMBOOTHIDEPLAYER"

"HPDJ Taskbar Utility"="C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\hpztsb09.exe"

"SunJavaUpdateSched"="\"C:\\Program\\Java\\jre1.5.0_11\\bin\\jusched.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Compaq]

"SetRefresh"="C:\\Program\\Compaq\\SETREF~1\\SetRefresh.exe"

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

 

"CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.exe"

 

"msnmsgr"="\"C:\\Program\\MSN Messenger\\msnmsgr.exe\" /background"

 

"swg"="C:\\Program\\Google\\GoogleToolbarNotifier\\1.2.1128.5462\\GoogleToolbarNotifier.exe"

 

"Spyware Doctor"="\"C:\\Program\\Spyware Doctor\\swdoctor.exe\" /Q"

....

Hosts file was reset, If you use a custom hosts file please replace it

»»»»» End report »»»»»

 

[/log]

* Smitfraud rapport:

[log]

SmitFraudFix v2.141

 

Scan done at 0:13:32,85, 2007-02-13

Run from C:\Documents and Settings\Dan\Skrivbord\SmitfraudFix

OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT

The filesystem type is NTFS

Fix run in normal mode

 

»»»»»»»»»»»»»»»»»»»»»»»» hosts

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Dan

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Dan\Application Data

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Start Menu

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Dan\FAVORI~1

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Desktop

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\Program

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

 

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler

!!!Attention, following keys are not inevitably infected!!!

 

SrchSTS.exe by S!Ri

Search SharedTaskScheduler's .dll

 

 

»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs

!!!Attention, following keys are not inevitably infected!!!

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"AppInit_DLLs"=""

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System

!!!Attention, following keys are not inevitably infected!!!

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]

"system"=""

 

 

»»»»»»»»»»»»»»»»»»»»»»»» pe386-msguard-lzx32-huy32

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection

 

 

»»»»»»»»»»»»»»»»»»»»»»»» End

[/log]

 

Med Vänliga hälsningar

Danne

 

Sorry men jag är nog lite trög , fann ej logmärket , inlägget blev lite långt

[inlägget ändrat 2007-02-13 00:29:16 av MASSA]

[inlägget ändrat 2007-02-13 00:44:21 av MASSA]

[inlägget ändrat 2007-02-13 13:25:37 av MASSA]

Link to comment
Share on other sites

Opera-användare ser jag, då blir det lite krångligare.

Tryck på Redigera under ditt senaste inlägg, innan:

* Fixware rapport:

så skriver du in

[ LOG]

fast utan mellanrum

sedan efter slutet av SmitfraudFix-loggen så skriver du också in

[ LOG]

fast utan mellanrummet.

 

Link to comment
Share on other sites

Gå till http://www.virustotal.com/ klistra in ett av följande filnamn i rutan, tryck på Send och vänta tills resultatet är klart (Status blir Finished). Klistra in resultatet (inkl. filstorlek) här (kom ihåg LOG-markeringarna). Upprepa med nästa filnamn.

C:\WINDOWS\system32\csneo.exe

C:\WINDOWS\system32\csopo.exe

C:\WINDOWS\system32\cspbw.exe

C:\WINDOWS\system32\csucb.exe

 

Klistra in en ny HijackThis-logg också.

 

Link to comment
Share on other sites

[log]

Logfile of HijackThis v1.99.1

Scan saved at 01:21:53, on 2007-02-13

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.5730.0011)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\SYSTEM32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program\Ahead\InCD\InCDsrv.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Program\F-SECU~1\backweb\1245240\Program\SERVIC~1.EXE

C:\Program\F-Secure Internet Security\Anti-Virus\fsgk32st.exe

C:\Program\F-Secure Internet Security\Anti-Virus\FSGK32.EXE

C:\Program\F-Secure Internet Security\backweb\1245240\program\fsbwsys.exe

C:\Program\F-Secure Internet Security\backweb\1245240\Program\fspex.exe

C:\Program\F-Secure Internet Security\Common\FSMA32.EXE

C:\Program\F-Secure Internet Security\Anti-Virus\fssm32.exe

C:\Program\F-Secure Internet Security\Common\FSMB32.EXE

C:\Program\Delade filer\LightScribe\LSSrvc.exe

C:\Program\F-Secure Internet Security\Common\FCH32.EXE

C:\WINDOWS\System32\NMSSvc.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\Program\Spyware Doctor\sdhelp.exe

C:\Program\F-Secure Internet Security\Common\FAMEH32.EXE

C:\Program\F-Secure Internet Security\Anti-Virus\fsqh.exe

C:\Program\F-Secure Internet Security\Anti-Virus\fsrw.exe

C:\Program\F-Secure Internet Security\FSPC\fspc.exe

C:\WINDOWS\System32\svchost.exe

C:\Program\Delade filer\Ulead Systems\DVD\ULCDRSvr.exe

C:\WINDOWS\system32\wdfmgr.exe

C:\Program\F-Secure Internet Security\FSPC\fshttps\fshttps.exe

C:\Program\F-Secure Internet Security\FWES\Program\fsdfwd.exe

C:\Program\F-Secure Internet Security\Anti-Virus\fsav32.exe

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\system32\Promon.exe

C:\Program\Compaq\Easy Access Button Support\StartEAK.exe

C:\Program\F-Secure Internet Security\Common\FSM32.EXE

C:\Program\Compaq\Easy Access Button Support\CPQEAKSYSTEMTRAY.EXE

C:\Program\Compaq\Easy Access Button Support\CPQEADM.EXE

C:\Compaq\EAKDRV\EAUSBKBD.EXE

C:\Program\Compaq\EASYAC~1\BttnServ.exe

C:\Program\Ahead\InCD\InCD.exe

C:\Program\F-SECU~1\ANTI-S~1\fsaw.exe

C:\Program\Delade filer\Ulead Systems\AutoDetector\monitor.exe

C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe

C:\Program\Java\jre1.5.0_11\bin\jusched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

C:\Program\F-Secure Internet Security\FSGUI\fsguidll.exe

C:\WINDOWS\system32\devldr32.exe

C:\Program\C Technologies\C-Pen 10\CPen10.exe

C:\Program\Reality Fusion\Reality Fusion GameCam SE\Program\RFTRay.exe

C:\Program\Opera\Opera.exe

C:\Program\F-Secure Internet Security\FSGUI\fsavgui.exe

C:\codec\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\Program\SPYWAR~1\tools\iesdsg.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program\Java\jre1.5.0_11\bin\ssv.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program\Delade filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program\google\googletoolbar3.dll

O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\Program\SPYWAR~1\tools\iesdpb.dll

O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program\Windows Live Toolbar\msntb.dll

O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program\Windows Live Toolbar\msntb.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program\google\googletoolbar3.dll

O4 - HKLM\..\Run: [Promon.exe] Promon.exe

O4 - HKLM\..\Run: [WCOLOREAL] C:\Program\COMPAQ\Coloreal\coloreal.exe

O4 - HKLM\..\Run: [CPQEASYACC] C:\Program\Compaq\Easy Access Button Support\StartEAK.exe

O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program\D-Tools\daemon.exe" -lang 1033

O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program\F-Secure Internet Security\Common\FSM32.EXE" /splash

O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program\F-Secure Internet Security\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW

O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program\F-Secure Internet Security\FSGUI\FSSW.EXE" /reboot

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [inCD] C:\Program\Ahead\InCD\InCD.exe

O4 - HKLM\..\Run: [ulead AutoDetector v2] C:\Program\Delade filer\Ulead Systems\AutoDetector\monitor.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [RealTray] C:\Program\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program\Java\jre1.5.0_11\bin\jusched.exe"

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Program\MSN Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [swg] C:\Program\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [spyware Doctor] "C:\Program\Spyware Doctor\swdoctor.exe" /Q

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: C-Pen 10.lnk = ?

O4 - Global Startup: F-Secure 2006 OEM.lnk = C:\Program\F-Secure Internet Security\backweb\1245240\Program\fspex.exe

O4 - Global Startup: Reality Fusion GameCam SE.lnk = ?

O8 - Extra context menu item: &Blockera detta popup-fönster - C:\Program\F-Secure Internet Security\Anti-Spyware\blockpopups.htm

O8 - Extra context menu item: &Windows Live Search - res://C:\Program\Windows Live Toolbar\msntb.dll/search.htm

O8 - Extra context menu item: Öppna på ny flik i bakgrunden - res://C:\Program\Windows Live Toolbar\Components\sv-se\msntabres.dll.mui/229?e6f75af276d045b09d65f2b0bd818b9a

O8 - Extra context menu item: Öppna på ny flik i förgrunden - res://C:\Program\Windows Live Toolbar\Components\sv-se\msntabres.dll.mui/230?e6f75af276d045b09d65f2b0bd818b9a

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_11\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_11\bin\ssv.dll

O9 - Extra button: Webbfilter - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program\F-Secure Internet Security\FSPC\fspcmsie.dll

O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program\F-Secure Internet Security\FSPC\fspcmsie.dll

O9 - Extra 'Tools' menuitem: Webbfilter - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program\F-Secure Internet Security\FSPC\fspcmsie.dll

O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\Program\SPYWAR~1\tools\iesdpb.dll

O9 - Extra button: IE-sköld - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program\F-Secure Internet Security\Anti-Spyware\ieshield.dll

O9 - Extra 'Tools' menuitem: IE-sköld... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program\F-Secure Internet Security\Anti-Spyware\ieshield.dll

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O10 - Broken Internet access because of LSP provider 'winsflt.dll' missing

O11 - Options group: [iNTERNATIONAL] International*

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1144999471983

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1144999460467

O16 - DPF: {8EB3FF4E-86A1-4717-884D-7BA2D38272CB} (F-Secure Online Scanner) - file://E:\ols\connect\fscax.cab

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.116.67 85.255.112.71

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program\MSNMES~1\MSGRAP~1.DLL

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O23 - Service: F-Secure 2006 OEM (BackWeb Plug-in - 1245240) - F-Secure Internet Security 2005 - C:\Program\F-SECU~1\backweb\1245240\Program\SERVIC~1.EXE

O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program\F-Secure Internet Security\Anti-Virus\fsgk32st.exe

O23 - Service: fsbwsys - F-Secure Corp. - C:\Program\F-Secure Internet Security\backweb\1245240\program\fsbwsys.exe

O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program\F-Secure Internet Security\FWES\Program\fsdfwd.exe

O23 - Service: F-Secure HTTP Server (fshttps) - F-Secure Corporation - C:\Program\F-Secure Internet Security\FSPC\fshttps\fshttps.exe

O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program\F-Secure Internet Security\Common\FSMA32.EXE

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program\Delade filer\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program\Ahead\InCD\InCDsrv.exe

O23 - Service: InCD Helper (read only) (InCDsrvR) - Nero AG - C:\Program\Ahead\InCD\InCDsrv.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program\Delade filer\LightScribe\LSSrvc.exe

O23 - Service: Intel® NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program\Spyware Doctor\sdhelp.exe

O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program\Delade filer\Ulead Systems\DVD\ULCDRSvr.exe

 

[/log]

[log]

Complete scanning result of "csneo.exe", received in VirusTotal at 02.13.2007, 01:13:51 (CET).

Antivirus Version Update Result

AntiVir 7.3.1.36 02.12.2007 no virus found

Authentium 4.93.8 02.12.2007 no virus found

Avast 4.7.936.0 02.12.2007 no virus found

AVG 386 02.12.2007 no virus found

BitDefender 7.2 02.13.2007 no virus found

CAT-QuickHeal 9.00 02.12.2007 no virus found

ClamAV devel-20060426 02.12.2007 no virus found

DrWeb 4.33 02.12.2007 no virus found

eSafe 7.0.14.0 02.12.2007 no virus found

eTrust-Vet 30.4.3391 02.12.2007 no virus found

Ewido 4.0 02.12.2007 no virus found

Fortinet 2.85.0.0 02.12.2007 no virus found

F-Prot 4.2.1.29 02.12.2007 no virus found

F-Secure 6.70.13030.0 02.12.2007 no virus found

Ikarus T3.1.0.31 02.12.2007 no virus found

Kaspersky 4.0.2.24 02.13.2007 no virus found

McAfee 4961 02.12.2007 no virus found

Microsoft 1.2204 02.12.2007 no virus found

NOD32v2 2056 02.12.2007 no virus found

Norman 5.80.02 02.12.2007 no virus found

Panda 9.0.0.4 02.12.2007 no virus found

Prevx1 V2 02.13.2007 no virus found

Sophos 4.13.0 02.12.2007 no virus found

Sunbelt 2.2.907.0 02.09.2007 no virus found

Symantec 10 02.13.2007 no virus found

TheHacker 6.1.6.056 02.11.2007 no virus found

UNA 1.83 02.09.2007 no virus found

VBA32 3.11.2 02.12.2007 no virus found

VirusBuster 4.3.19:9 02.12.2007 no virus found

 

Aditional Information

File size: 51774 bytes

[/log]

resten kommer ...

[inlägget ändrat 2007-02-13 01:28:11 av MASSA]

Link to comment
Share on other sites

[log]

omplete scanning result of "csopo.exe", received in VirusTotal at 02.13.2007, 01:26:55 (CET).

Antivirus Version Update Result

AntiVir 7.3.1.36 02.12.2007 no virus found

Authentium 4.93.8 02.12.2007 no virus found

Avast 4.7.936.0 02.12.2007 no virus found

AVG 386 02.12.2007 no virus found

BitDefender 7.2 02.13.2007 no virus found

CAT-QuickHeal 9.00 02.12.2007 no virus found

ClamAV devel-20060426 02.12.2007 no virus found

DrWeb 4.33 02.12.2007 no virus found

eSafe 7.0.14.0 02.12.2007 no virus found

eTrust-Vet 30.4.3391 02.12.2007 no virus found

Ewido 4.0 02.12.2007 no virus found

Fortinet 2.85.0.0 02.12.2007 no virus found

F-Prot 4.2.1.29 02.12.2007 no virus found

F-Secure 6.70.13030.0 02.12.2007 no virus found

Ikarus T3.1.0.31 02.12.2007 no virus found

Kaspersky 4.0.2.24 02.13.2007 no virus found

McAfee 4961 02.12.2007 no virus found

Microsoft 1.2204 02.12.2007 no virus found

NOD32v2 2056 02.12.2007 no virus found

Norman 5.80.02 02.12.2007 no virus found

Panda 9.0.0.4 02.12.2007 no virus found

Prevx1 V2 02.13.2007 no virus found

Sophos 4.13.0 02.12.2007 no virus found

Sunbelt 2.2.907.0 02.09.2007 no virus found

Symantec 10 02.13.2007 no virus found

TheHacker 6.1.6.056 02.11.2007 no virus found

UNA 1.83 02.09.2007 no virus found

VBA32 3.11.2 02.12.2007 no virus found

VirusBuster 4.3.19:9 02.12.2007 no virus found

 

Aditional Information

File size: 51774 bytes

MD5: 7b002fd495b7966ad034b0e8876d6718

SHA1: 0c4d236317c13f55a2af8ea0172b48d6d37b13af

[/log]

 

[log]

Complete scanning result of "cspbw.exe", received in VirusTotal at 02.13.2007, 01:30:13 (CET).

Antivirus Version Update Result

AntiVir 7.3.1.36 02.12.2007 no virus found

Authentium 4.93.8 02.12.2007 no virus found

Avast 4.7.936.0 02.12.2007 no virus found

AVG 386 02.12.2007 no virus found

BitDefender 7.2 02.13.2007 no virus found

CAT-QuickHeal 9.00 02.12.2007 no virus found

ClamAV devel-20060426 02.12.2007 no virus found

DrWeb 4.33 02.12.2007 no virus found

eSafe 7.0.14.0 02.12.2007 no virus found

eTrust-Vet 30.4.3391 02.12.2007 no virus found

Ewido 4.0 02.12.2007 no virus found

Fortinet 2.85.0.0 02.12.2007 no virus found

F-Prot 4.2.1.29 02.12.2007 no virus found

F-Secure 6.70.13030.0 02.12.2007 no virus found

Ikarus T3.1.0.31 02.12.2007 no virus found

Kaspersky 4.0.2.24 02.13.2007 no virus found

McAfee 4961 02.12.2007 no virus found

Microsoft 1.2204 02.12.2007 no virus found

NOD32v2 2056 02.12.2007 no virus found

Norman 5.80.02 02.12.2007 no virus found

Panda 9.0.0.4 02.12.2007 no virus found

Prevx1 V2 02.13.2007 no virus found

Sophos 4.13.0 02.12.2007 no virus found

Sunbelt 2.2.907.0 02.09.2007 no virus found

Symantec 10 02.13.2007 no virus found

TheHacker 6.1.6.056 02.11.2007 no virus found

UNA 1.83 02.09.2007 no virus found

VBA32 3.11.2 02.12.2007 no virus found

VirusBuster 4.3.19:9 02.12.2007 no virus found

 

Aditional Information

File size: 51774 bytes

MD5: 7b002fd495b7966ad034b0e8876d6718

SHA1: 0c4d236317c13f55a2af8ea0172b48d6d37b13af

[/log]

 

[log]

Complete scanning result of "csucb.exe", received in VirusTotal at 02.13.2007, 01:30:36 (CET).

Antivirus Version Update Result

AntiVir 7.3.1.36 02.12.2007 no virus found

Authentium 4.93.8 02.12.2007 no virus found

Avast 4.7.936.0 02.12.2007 no virus found

AVG 386 02.12.2007 no virus found

BitDefender 7.2 02.13.2007 no virus found

CAT-QuickHeal 9.00 02.12.2007 no virus found

ClamAV devel-20060426 02.12.2007 no virus found

DrWeb 4.33 02.12.2007 no virus found

eSafe 7.0.14.0 02.12.2007 no virus found

eTrust-Vet 30.4.3391 02.12.2007 no virus found

Ewido 4.0 02.12.2007 no virus found

Fortinet 2.85.0.0 02.12.2007 no virus found

F-Prot 4.2.1.29 02.12.2007 no virus found

F-Secure 6.70.13030.0 02.12.2007 no virus found

Ikarus T3.1.0.31 02.12.2007 no virus found

Kaspersky 4.0.2.24 02.13.2007 no virus found

McAfee 4961 02.12.2007 no virus found

Microsoft 1.2204 02.12.2007 no virus found

NOD32v2 2056 02.12.2007 no virus found

Norman 5.80.02 02.12.2007 no virus found

Panda 9.0.0.4 02.12.2007 no virus found

Prevx1 V2 02.13.2007 no virus found

Sophos 4.13.0 02.12.2007 no virus found

Sunbelt 2.2.907.0 02.09.2007 no virus found

Symantec 10 02.13.2007 no virus found

TheHacker 6.1.6.056 02.11.2007 no virus found

UNA 1.83 02.09.2007 no virus found

VBA32 3.11.2 02.12.2007 no virus found

VirusBuster 4.3.19:9 02.12.2007 no virus found

 

Aditional Information

File size: 51774 bytes

MD5: 7b002fd495b7966ad034b0e8876d6718

SHA1: 0c4d236317c13f55a2af8ea0172b48d6d37b13af

[/log]

 

Det var alla.. tack för att du hjälper mig.

 

[inlägget ändrat 2007-02-13 01:36:14 av MASSA]

Link to comment
Share on other sites

Kan du vara snäll och redigera inlägget med loggfilen från Fixwareout och skriva dit LOG inom hakklamrar där också. Det är så många som irriterar sig när inläggen blir långa.

 

Skanna med HijackThis och bocka för:

 

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.116.67 85.255.112.71

 

Avsluta alla andra program.

Tryck Fix checked.

 

Starta om datorn och så kontrollera själv att ovanstående rad är borta i en ny HijackThis-logg.

 

C:\System Volume Information\_restore är stället där systemåterställningsfunktionen lagrar olika systemåterställningspunkter. Det betyder att medan din dator var infekterad så skapade Windows en systemåterställningspunkt. Så länge som otrevligheterna ligger i den mappen så är de ofarliga. Däremot så om du återställer till en tidpunkt då datorn var infekterad så blir även otrevligheterna återställda.

 

Du kan ta bort samtliga systemåterställningspunkter genom att stänga av systemåterställningsfunktionen, starta om datorn och så slå på funktionen igen. Systemåterställningsfunktionen slår man av och på här:

Högerklick på Den här datorn - Egenskaper - Systemåterställning.

 

Hur uppför sig datorn nu?

 

Link to comment
Share on other sites

jag får tyvärr upp hoax.win32.renos.gs fortfarande.

 

den ligger nu i

C:\WINDOWS\SYSTEM32\SPMRGAAT.EXE

[inlägget ändrat 2007-02-13 14:06:33 av MASSA]

Link to comment
Share on other sites

[log]

SmitFraudFix v2.141

 

Scan done at 17:47:15,31, 2007-02-13

Run from C:\Documents and Settings\Dan\Skrivbord\SmitfraudFix

OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT

The filesystem type is NTFS

Fix run in normal mode

 

»»»»»»»»»»»»»»»»»»»»»»»» hosts

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Dan

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Dan\Application Data

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Start Menu

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Dan\FAVORI~1

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Desktop

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\Program

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

 

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler

!!!Attention, following keys are not inevitably infected!!!

 

SrchSTS.exe by S!Ri

Search SharedTaskScheduler's .dll

 

 

»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs

!!!Attention, following keys are not inevitably infected!!!

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"AppInit_DLLs"=""

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System

!!!Attention, following keys are not inevitably infected!!!

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]

"system"=""

 

 

»»»»»»»»»»»»»»»»»»»»»»»» pe386-msguard-lzx32-huy32

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection

 

 

»»»»»»»»»»»»»»»»»»»»»»»» End

 

[/log]

 

[log]

Logfile of HijackThis v1.99.1

Scan saved at 17:49:38, on 2007-02-13

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.5730.0011)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\SYSTEM32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program\Ahead\InCD\InCDsrv.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\Promon.exe

C:\Program\Compaq\Easy Access Button Support\StartEAK.exe

C:\Program\F-Secure Internet Security\Common\FSM32.EXE

C:\Program\F-SECU~1\backweb\1245240\Program\SERVIC~1.EXE

C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Compaq\EAKDRV\EAUSBKBD.EXE

C:\Program\F-Secure Internet Security\Anti-Virus\fsgk32st.exe

C:\Program\F-Secure Internet Security\Anti-Virus\FSGK32.EXE

C:\Program\F-Secure Internet Security\backweb\1245240\program\fsbwsys.exe

C:\Program\F-Secure Internet Security\backweb\1245240\Program\fspex.exe

C:\Program\F-Secure Internet Security\Common\FSMA32.EXE

C:\Program\F-Secure Internet Security\Anti-Virus\fssm32.exe

C:\Program\F-Secure Internet Security\Common\FSMB32.EXE

C:\Program\Delade filer\LightScribe\LSSrvc.exe

C:\Program\F-Secure Internet Security\Common\FCH32.EXE

C:\WINDOWS\System32\NMSSvc.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\Program\Spyware Doctor\sdhelp.exe

C:\Program\F-Secure Internet Security\Common\FAMEH32.EXE

C:\Program\F-Secure Internet Security\Anti-Virus\fsqh.exe

C:\WINDOWS\System32\svchost.exe

C:\Program\Delade filer\Ulead Systems\DVD\ULCDRSvr.exe

C:\Program\F-Secure Internet Security\Anti-Virus\fsrw.exe

C:\Program\F-Secure Internet Security\FSPC\fspc.exe

C:\WINDOWS\system32\wdfmgr.exe

C:\Program\F-Secure Internet Security\Anti-Virus\fsav32.exe

C:\Program\F-Secure Internet Security\FSPC\fshttps\fshttps.exe

C:\Program\F-Secure Internet Security\FWES\Program\fsdfwd.exe

C:\WINDOWS\system32\devldr32.exe

C:\WINDOWS\System32\alg.exe

C:\Program\F-SECU~1\ANTI-S~1\fsaw.exe

C:\Program\F-Secure Internet Security\FSGUI\fsguidll.exe

C:\Program\Opera\Opera.exe

C:\Program\F-Secure Internet Security\FSGUI\fsavgui.exe

C:\Program\Compaq\Easy Access Button Support\CPQEAKSYSTEMTRAY.EXE

C:\Program\Compaq\Easy Access Button Support\CPQEADM.EXE

C:\Program\Compaq\EASYAC~1\BttnServ.exe

C:\WINDOWS\system32\cmd.exe

C:\WINDOWS\notepad.exe

C:\codec\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\Program\SPYWAR~1\tools\iesdsg.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program\Java\jre1.5.0_11\bin\ssv.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program\Delade filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program\google\googletoolbar3.dll

O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\Program\SPYWAR~1\tools\iesdpb.dll

O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program\Windows Live Toolbar\msntb.dll

O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program\Windows Live Toolbar\msntb.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program\google\googletoolbar3.dll

O4 - HKLM\..\Run: [Promon.exe] Promon.exe

O4 - HKLM\..\Run: [CPQEASYACC] C:\Program\Compaq\Easy Access Button Support\StartEAK.exe

O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program\F-Secure Internet Security\Common\FSM32.EXE" /splash

O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program\F-Secure Internet Security\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW

O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program\F-Secure Internet Security\FSGUI\FSSW.EXE" /reboot

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - Global Startup: F-Secure 2006 OEM.lnk = C:\Program\F-Secure Internet Security\backweb\1245240\Program\fspex.exe

O8 - Extra context menu item: &Blockera detta popup-fönster - C:\Program\F-Secure Internet Security\Anti-Spyware\blockpopups.htm

O8 - Extra context menu item: &Windows Live Search - res://C:\Program\Windows Live Toolbar\msntb.dll/search.htm

O8 - Extra context menu item: Öppna på ny flik i bakgrunden - res://C:\Program\Windows Live Toolbar\Components\sv-se\msntabres.dll.mui/229?e6f75af276d045b09d65f2b0bd818b9a

O8 - Extra context menu item: Öppna på ny flik i förgrunden - res://C:\Program\Windows Live Toolbar\Components\sv-se\msntabres.dll.mui/230?e6f75af276d045b09d65f2b0bd818b9a

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_11\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_11\bin\ssv.dll

O9 - Extra button: Webbfilter - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program\F-Secure Internet Security\FSPC\fspcmsie.dll

O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program\F-Secure Internet Security\FSPC\fspcmsie.dll

O9 - Extra 'Tools' menuitem: Webbfilter - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program\F-Secure Internet Security\FSPC\fspcmsie.dll

O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\Program\SPYWAR~1\tools\iesdpb.dll

O9 - Extra button: IE-sköld - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program\F-Secure Internet Security\Anti-Spyware\ieshield.dll

O9 - Extra 'Tools' menuitem: IE-sköld... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program\F-Secure Internet Security\Anti-Spyware\ieshield.dll

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O10 - Broken Internet access because of LSP provider 'winsflt.dll' missing

O11 - Options group: [iNTERNATIONAL] International*

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1144999471983

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1144999460467

O16 - DPF: {8EB3FF4E-86A1-4717-884D-7BA2D38272CB} (F-Secure Online Scanner) - file://E:\ols\connect\fscax.cab

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program\MSNMES~1\MSGRAP~1.DLL

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O23 - Service: F-Secure 2006 OEM (BackWeb Plug-in - 1245240) - F-Secure Internet Security 2005 - C:\Program\F-SECU~1\backweb\1245240\Program\SERVIC~1.EXE

O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program\F-Secure Internet Security\Anti-Virus\fsgk32st.exe

O23 - Service: fsbwsys - F-Secure Corp. - C:\Program\F-Secure Internet Security\backweb\1245240\program\fsbwsys.exe

O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program\F-Secure Internet Security\FWES\Program\fsdfwd.exe

O23 - Service: F-Secure HTTP Server (fshttps) - F-Secure Corporation - C:\Program\F-Secure Internet Security\FSPC\fshttps\fshttps.exe

O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program\F-Secure Internet Security\Common\FSMA32.EXE

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program\Delade filer\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program\Ahead\InCD\InCDsrv.exe

O23 - Service: InCD Helper (read only) (InCDsrvR) - Nero AG - C:\Program\Ahead\InCD\InCDsrv.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program\Delade filer\LightScribe\LSSrvc.exe

O23 - Service: Intel® NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program\Spyware Doctor\sdhelp.exe

O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program\Delade filer\Ulead Systems\DVD\ULCDRSvr.exe

 

[/log]

 

Link to comment
Share on other sites

Hej igen

Jo filen ska vara kvar för f-secure kunde inte ta bort den

 

[log]

---------------------------------------------------------

AVG Anti-Spyware - Scan Report

---------------------------------------------------------

 

+ Created at: 21:39:27 2007-02-13

 

+ Scan result:

 

 

 

C:\Program\Everest Poker\Everest Poker.exe -> Adware.Casino : No action taken.

C:\Program\Everest Poker\cstart.exe -> Adware.Casino : No action taken.

F:\Program\DAEMON Tools\SetupDTSB.exe -> Adware.SaveNow : No action taken.

C:\WINDOWS\system32\spmrgaat.exe -> Adware.SpySheriff : No action taken.

F:\System Volume Information\_restore{91D626EC-F77B-4CC3-9EFD-1A1B2ECC9347}\RP123\A0021737.0xe -> Downloader.Zlob.zp : No action taken.

C:\Documents and Settings\Jan\Cookies\jan@adbrite[2].txt -> TrackingCookie.Adbrite : No action taken.

C:\Documents and Settings\Dan\Cookies\dan@burstnet[2].txt -> TrackingCookie.Burstnet : No action taken.

C:\Documents and Settings\Dan\Cookies\dan@www.burstnet[1].txt -> TrackingCookie.Burstnet : No action taken.

C:\Documents and Settings\Jan\Cookies\jan@www.burstnet[1].txt -> TrackingCookie.Burstnet : No action taken.

C:\Documents and Settings\Dan\Cookies\dan@ad1.clickhype[1].txt -> TrackingCookie.Clickhype : No action taken.

C:\Documents and Settings\Jan\Cookies\jan@cz11.clickzs[2].txt -> TrackingCookie.Clickzs : No action taken.

C:\Documents and Settings\Jan\Cookies\jan@vip2.clickzs[2].txt -> TrackingCookie.Clickzs : No action taken.

C:\Documents and Settings\Dan\Cookies\dan@com[1].txt -> TrackingCookie.Com : No action taken.

C:\Documents and Settings\Jan\Cookies\jan@ivwbox[2].txt -> TrackingCookie.Ivwbox : No action taken.

C:\Documents and Settings\Dan\Cookies\dan@komtrack[2].txt -> TrackingCookie.Komtrack : No action taken.

C:\Documents and Settings\Dan\Cookies\dan@image.masterstats[1].txt -> TrackingCookie.Masterstats : No action taken.

C:\Documents and Settings\Jan\Cookies\jan@image.masterstats[1].txt -> TrackingCookie.Masterstats : No action taken.

C:\Documents and Settings\Dan\Cookies\dan@stats1.reliablestats[2].txt -> TrackingCookie.Reliablestats : No action taken.

C:\Documents and Settings\Jan\Cookies\jan@webstat[1].txt -> TrackingCookie.Web-stat : No action taken.

F:\System Volume Information\_restore{91D626EC-F77B-4CC3-9EFD-1A1B2ECC9347}\RP121\A0021244.0xe -> Trojan.Starter.p : No action taken.

F:\System Volume Information\_restore{91D626EC-F77B-4CC3-9EFD-1A1B2ECC9347}\RP121\A0021245.0xe -> Trojan.Starter.p : No action taken.

F:\System Volume Information\_restore{91D626EC-F77B-4CC3-9EFD-1A1B2ECC9347}\RP122\A0021458.0xe -> Trojan.Starter.p : No action taken.

F:\System Volume Information\_restore{91D626EC-F77B-4CC3-9EFD-1A1B2ECC9347}\RP122\A0021459.0xe -> Trojan.Starter.p : No action taken.

F:\System Volume Information\_restore{91D626EC-F77B-4CC3-9EFD-1A1B2ECC9347}\RP122\A0021489.0xe -> Trojan.Starter.p : No action taken.

F:\System Volume Information\_restore{91D626EC-F77B-4CC3-9EFD-1A1B2ECC9347}\RP122\A0021490.0xe -> Trojan.Starter.p : No action taken.

F:\System Volume Information\_restore{91D626EC-F77B-4CC3-9EFD-1A1B2ECC9347}\RP122\A0021520.0xe -> Trojan.Starter.p : No action taken.

F:\System Volume Information\_restore{91D626EC-F77B-4CC3-9EFD-1A1B2ECC9347}\RP122\A0021521.0xe -> Trojan.Starter.p : No action taken.

F:\System Volume Information\_restore{91D626EC-F77B-4CC3-9EFD-1A1B2ECC9347}\RP122\A0021554.0xe -> Trojan.Starter.p : No action taken.

F:\System Volume Information\_restore{91D626EC-F77B-4CC3-9EFD-1A1B2ECC9347}\RP122\A0021555.0xe -> Trojan.Starter.p : No action taken.

F:\System Volume Information\_restore{91D626EC-F77B-4CC3-9EFD-1A1B2ECC9347}\RP122\A0021637.0xe -> Trojan.Starter.p : No action taken.

F:\System Volume Information\_restore{91D626EC-F77B-4CC3-9EFD-1A1B2ECC9347}\RP122\A0021638.0xe -> Trojan.Starter.p : No action taken.

F:\System Volume Information\_restore{91D626EC-F77B-4CC3-9EFD-1A1B2ECC9347}\RP123\A0021731.0xe -> Trojan.Starter.p : No action taken.

F:\System Volume Information\_restore{91D626EC-F77B-4CC3-9EFD-1A1B2ECC9347}\RP123\A0021733.0xe -> Trojan.Starter.p : No action taken.

F:\System Volume Information\_restore{91D626EC-F77B-4CC3-9EFD-1A1B2ECC9347}\RP123\A0021745.0xe -> Trojan.Starter.p : No action taken.

 

 

::Report end

 

[/log]

 

Det tog sin lilla tid det här.... :-)

 

Link to comment
Share on other sites

Nu står det No action taken på allt som AVG Anti-Spyware hittade, så antingen har du skapat rapporten innan programmet åtgärdade allt den hittade eller så har du inte konfigurerat programmet enligt anvisningarna att sätta allt som hittas i karantän. Om det är det sistnämnda så konfigurera rätt och skanna igen i felsäkert läge. Programmet kommer då att ta bort den fil som F-secure hittar.

 

Eftersom det finns ett till användarkonto på datorn så är det nog bäst om jag får se en HijackThis-logg som är skapad när man är inloggad på det kontot också.

 

Link to comment
Share on other sites

Hej

 

Jag tog rapporten innan och så var karantän vald.

 

Här kommer Hijack 1 och 2

 

[log]

Logfile of HijackThis v1.99.1

Scan saved at 23:31:15, on 2007-02-13

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.5730.0011)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\SYSTEM32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program\Ahead\InCD\InCDsrv.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Program\Grisoft\AVG Anti-Spyware 7.5\guard.exe

C:\Program\F-SECU~1\backweb\1245240\Program\SERVIC~1.EXE

C:\Program\F-Secure Internet Security\Anti-Virus\fsgk32st.exe

C:\Program\F-Secure Internet Security\Anti-Virus\FSGK32.EXE

C:\Program\F-Secure Internet Security\backweb\1245240\program\fsbwsys.exe

C:\Program\F-Secure Internet Security\backweb\1245240\Program\fspex.exe

C:\Program\F-Secure Internet Security\Common\FSMA32.EXE

C:\Program\F-Secure Internet Security\Anti-Virus\fssm32.exe

C:\Program\F-Secure Internet Security\Common\FSMB32.EXE

C:\Program\Delade filer\LightScribe\LSSrvc.exe

C:\Program\F-Secure Internet Security\Common\FCH32.EXE

C:\WINDOWS\System32\nvsvc32.exe

C:\Program\Spyware Doctor\sdhelp.exe

C:\Program\F-Secure Internet Security\Common\FAMEH32.EXE

C:\Program\F-Secure Internet Security\Anti-Virus\fsqh.exe

C:\WINDOWS\system32\Promon.exe

C:\WINDOWS\System32\svchost.exe

C:\Program\Delade filer\Ulead Systems\DVD\ULCDRSvr.exe

C:\Program\Compaq\Easy Access Button Support\StartEAK.exe

C:\Program\F-Secure Internet Security\Anti-Virus\fsrw.exe

C:\Program\F-Secure Internet Security\FSPC\fspc.exe

C:\WINDOWS\system32\wdfmgr.exe

C:\Program\F-Secure Internet Security\Common\FSM32.EXE

C:\Compaq\EAKDRV\EAUSBKBD.EXE

C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe

C:\Program\Grisoft\AVG Anti-Spyware 7.5\avgas.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program\F-Secure Internet Security\Anti-Virus\fsav32.exe

C:\Program\F-Secure Internet Security\FSPC\fshttps\fshttps.exe

C:\Program\F-Secure Internet Security\FWES\Program\fsdfwd.exe

C:\WINDOWS\System32\alg.exe

C:\Program\F-SECU~1\ANTI-S~1\fsaw.exe

C:\Program\F-Secure Internet Security\FSGUI\fsguidll.exe

C:\WINDOWS\system32\devldr32.exe

C:\Program\Opera\Opera.exe

C:\Program\Compaq\Easy Access Button Support\CPQEAKSYSTEMTRAY.EXE

C:\Program\Compaq\Easy Access Button Support\CPQEADM.EXE

C:\Program\Compaq\EASYAC~1\BttnServ.exe

C:\codec\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\Program\SPYWAR~1\tools\iesdsg.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program\Java\jre1.5.0_11\bin\ssv.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program\Delade filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program\google\googletoolbar3.dll

O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\Program\SPYWAR~1\tools\iesdpb.dll

O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program\Windows Live Toolbar\msntb.dll

O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program\Windows Live Toolbar\msntb.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program\google\googletoolbar3.dll

O4 - HKLM\..\Run: [Promon.exe] Promon.exe

O4 - HKLM\..\Run: [CPQEASYACC] C:\Program\Compaq\Easy Access Button Support\StartEAK.exe

O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program\F-Secure Internet Security\Common\FSM32.EXE" /splash

O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program\F-Secure Internet Security\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW

O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program\F-Secure Internet Security\FSGUI\FSSW.EXE" /reboot

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe

O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - Global Startup: F-Secure 2006 OEM.lnk = C:\Program\F-Secure Internet Security\backweb\1245240\Program\fspex.exe

O8 - Extra context menu item: &Blockera detta popup-fönster - C:\Program\F-Secure Internet Security\Anti-Spyware\blockpopups.htm

O8 - Extra context menu item: &Windows Live Search - res://C:\Program\Windows Live Toolbar\msntb.dll/search.htm

O8 - Extra context menu item: Öppna på ny flik i bakgrunden - res://C:\Program\Windows Live Toolbar\Components\sv-se\msntabres.dll.mui/229?e6f75af276d045b09d65f2b0bd818b9a

O8 - Extra context menu item: Öppna på ny flik i förgrunden - res://C:\Program\Windows Live Toolbar\Components\sv-se\msntabres.dll.mui/230?e6f75af276d045b09d65f2b0bd818b9a

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_11\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_11\bin\ssv.dll

O9 - Extra button: Webbfilter - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program\F-Secure Internet Security\FSPC\fspcmsie.dll

O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program\F-Secure Internet Security\FSPC\fspcmsie.dll

O9 - Extra 'Tools' menuitem: Webbfilter - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program\F-Secure Internet Security\FSPC\fspcmsie.dll

O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\Program\SPYWAR~1\tools\iesdpb.dll

O9 - Extra button: IE-sköld - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program\F-Secure Internet Security\Anti-Spyware\ieshield.dll

O9 - Extra 'Tools' menuitem: IE-sköld... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program\F-Secure Internet Security\Anti-Spyware\ieshield.dll

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O10 - Broken Internet access because of LSP provider 'winsflt.dll' missing

O11 - Options group: [iNTERNATIONAL] International*

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1144999471983'>http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1144999471983

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1144999460467'>http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1144999460467

O16 - DPF: {8EB3FF4E-86A1-4717-884D-7BA2D38272CB} (F-Secure Online Scanner) - file://E:\ols\connect\fscax.cab

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program\MSNMES~1\MSGRAP~1.DLL

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program\Grisoft\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: F-Secure 2006 OEM (BackWeb Plug-in - 1245240) - F-Secure Internet Security 2005 - C:\Program\F-SECU~1\backweb\1245240\Program\SERVIC~1.EXE

O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program\F-Secure Internet Security\Anti-Virus\fsgk32st.exe

O23 - Service: fsbwsys - F-Secure Corp. - C:\Program\F-Secure Internet Security\backweb\1245240\program\fsbwsys.exe

O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program\F-Secure Internet Security\FWES\Program\fsdfwd.exe

O23 - Service: F-Secure HTTP Server (fshttps) - F-Secure Corporation - C:\Program\F-Secure Internet Security\FSPC\fshttps\fshttps.exe

O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program\F-Secure Internet Security\Common\FSMA32.EXE

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program\Delade filer\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program\Ahead\InCD\InCDsrv.exe

O23 - Service: InCD Helper (read only) (InCDsrvR) - Nero AG - C:\Program\Ahead\InCD\InCDsrv.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program\Delade filer\LightScribe\LSSrvc.exe

O23 - Service: Intel® NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program\Spyware Doctor\sdhelp.exe

O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program\Delade filer\Ulead Systems\DVD\ULCDRSvr.exe

 

[/log]

 

[log]

 

Logfile of HijackThis v1.99.1

Scan saved at 23:34:50, on 2007-02-13

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.5730.0011)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\SYSTEM32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program\Ahead\InCD\InCDsrv.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Program\Grisoft\AVG Anti-Spyware 7.5\guard.exe

C:\Program\F-SECU~1\backweb\1245240\Program\SERVIC~1.EXE

C:\Program\F-Secure Internet Security\Anti-Virus\fsgk32st.exe

C:\Program\F-Secure Internet Security\Anti-Virus\FSGK32.EXE

C:\Program\F-Secure Internet Security\backweb\1245240\program\fsbwsys.exe

C:\Program\F-Secure Internet Security\Common\FSMA32.EXE

C:\Program\F-Secure Internet Security\Anti-Virus\fssm32.exe

C:\Program\F-Secure Internet Security\Common\FSMB32.EXE

C:\Program\Delade filer\LightScribe\LSSrvc.exe

C:\Program\F-Secure Internet Security\Common\FCH32.EXE

C:\WINDOWS\System32\nvsvc32.exe

C:\Program\Spyware Doctor\sdhelp.exe

C:\Program\F-Secure Internet Security\Common\FAMEH32.EXE

C:\Program\F-Secure Internet Security\Anti-Virus\fsqh.exe

C:\WINDOWS\system32\Promon.exe

C:\WINDOWS\System32\svchost.exe

C:\Program\Delade filer\Ulead Systems\DVD\ULCDRSvr.exe

C:\Program\Compaq\Easy Access Button Support\StartEAK.exe

C:\Program\F-Secure Internet Security\Anti-Virus\fsrw.exe

C:\Program\F-Secure Internet Security\FSPC\fspc.exe

C:\WINDOWS\system32\wdfmgr.exe

C:\Program\F-Secure Internet Security\Common\FSM32.EXE

C:\Compaq\EAKDRV\EAUSBKBD.EXE

C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe

C:\Program\Grisoft\AVG Anti-Spyware 7.5\avgas.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program\F-Secure Internet Security\Anti-Virus\fsav32.exe

C:\Program\F-Secure Internet Security\FSPC\fshttps\fshttps.exe

C:\Program\F-Secure Internet Security\FWES\Program\fsdfwd.exe

C:\WINDOWS\System32\alg.exe

C:\Program\F-SECU~1\ANTI-S~1\fsaw.exe

C:\Program\F-Secure Internet Security\FSGUI\fsguidll.exe

C:\WINDOWS\system32\devldr32.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\SYSTEM32\winlogon.exe

C:\Program\F-Secure Internet Security\backweb\1245240\Program\fspex.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\Promon.exe

C:\Program\Compaq\Easy Access Button Support\StartEAK.exe

C:\WINDOWS\System32\NMSSvc.exe

C:\Program\F-Secure Internet Security\Common\FSM32.EXE

C:\Program\Compaq\Easy Access Button Support\CPQEAKSYSTEMTRAY.EXE

C:\Program\Compaq\Easy Access Button Support\CPQEADM.EXE

C:\Compaq\EAKDRV\EAUSBKBD.EXE

C:\Program\Compaq\EASYAC~1\BttnServ.exe

C:\Program\F-SECU~1\ANTI-S~1\fsaw.exe

C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe

C:\Program\Grisoft\AVG Anti-Spyware 7.5\avgas.exe

C:\Program\F-Secure Internet Security\FSGUI\fsguidll.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program\Ahead\NEROPH~2\data\Xtras\mssysmgr.exe

C:\Program\MSN Messenger\MsnMsgr.Exe

C:\Program\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

C:\Program\F-Secure Internet Security\backweb\1245240\Program\fspex.exe

C:\codec\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\Program\SPYWAR~1\tools\iesdsg.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program\Java\jre1.5.0_11\bin\ssv.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program\Delade filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program\google\googletoolbar3.dll

O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\Program\SPYWAR~1\tools\iesdpb.dll

O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program\Windows Live Toolbar\msntb.dll

O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program\Windows Live Toolbar\msntb.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program\google\googletoolbar3.dll

O4 - HKLM\..\Run: [Promon.exe] Promon.exe

O4 - HKLM\..\Run: [CPQEASYACC] C:\Program\Compaq\Easy Access Button Support\StartEAK.exe

O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program\F-Secure Internet Security\Common\FSM32.EXE" /splash

O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program\F-Secure Internet Security\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW

O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program\F-Secure Internet Security\FSGUI\FSSW.EXE" /reboot

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe

O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\Program\Ahead\NEROPH~2\data\Xtras\mssysmgr.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [swg] C:\Program\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

O4 - Global Startup: F-Secure 2006 OEM.lnk = C:\Program\F-Secure Internet Security\backweb\1245240\Program\fspex.exe

O8 - Extra context menu item: &Blockera detta popup-fönster - C:\Program\F-Secure Internet Security\Anti-Spyware\blockpopups.htm

O8 - Extra context menu item: &Windows Live Search - res://C:\Program\Windows Live Toolbar\msntb.dll/search.htm

O8 - Extra context menu item: Öppna på ny flik i bakgrunden - res://C:\Program\Windows Live Toolbar\Components\sv-se\msntabres.dll.mui/229?58b4402ac719456aa376a00d06178ef5

O8 - Extra context menu item: Öppna på ny flik i förgrunden - res://C:\Program\Windows Live Toolbar\Components\sv-se\msntabres.dll.mui/230?58b4402ac719456aa376a00d06178ef5

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_11\bin\npjpi150_11.dll

O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_11\bin\npjpi150_11.dll

O9 - Extra button: Webbfilter - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program\F-Secure Internet Security\FSPC\fspcmsie.dll

O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program\F-Secure Internet Security\FSPC\fspcmsie.dll

O9 - Extra 'Tools' menuitem: Webbfilter - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program\F-Secure Internet Security\FSPC\fspcmsie.dll

O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\Program\SPYWAR~1\tools\iesdpb.dll

O9 - Extra button: IE-sköld - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program\F-Secure Internet Security\Anti-Spyware\ieshield.dll

O9 - Extra 'Tools' menuitem: IE-sköld... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program\F-Secure Internet Security\Anti-Spyware\ieshield.dll

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O9 - Extra button: Poker.com - {6FDD5236-C9F0-49ef-935D-385F5E21991A} - C:\Program\Poker.com\Poker.exe (HKCU)

O10 - Broken Internet access because of LSP provider 'winsflt.dll' missing

O11 - Options group: [iNTERNATIONAL] International*

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1144999471983

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1144999460467

O16 - DPF: {8EB3FF4E-86A1-4717-884D-7BA2D38272CB} (F-Secure Online Scanner) - file://E:\ols\connect\fscax.cab

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program\MSNMES~1\MSGRAP~1.DLL

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program\Grisoft\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: F-Secure 2006 OEM (BackWeb Plug-in - 1245240) - F-Secure Internet Security 2005 - C:\Program\F-SECU~1\backweb\1245240\Program\SERVIC~1.EXE

O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program\F-Secure Internet Security\Anti-Virus\fsgk32st.exe

O23 - Service: fsbwsys - F-Secure Corp. - C:\Program\F-Secure Internet Security\backweb\1245240\program\fsbwsys.exe

O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program\F-Secure Internet Security\FWES\Program\fsdfwd.exe

O23 - Service: F-Secure HTTP Server (fshttps) - F-Secure Corporation - C:\Program\F-Secure Internet Security\FSPC\fshttps\fshttps.exe

O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program\F-Secure Internet Security\Common\FSMA32.EXE

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program\Delade filer\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program\Ahead\InCD\InCDsrv.exe

O23 - Service: InCD Helper (read only) (InCDsrvR) - Nero AG - C:\Program\Ahead\InCD\InCDsrv.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program\Delade filer\LightScribe\LSSrvc.exe

O23 - Service: Intel® NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program\Spyware Doctor\sdhelp.exe

O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program\Delade filer\Ulead Systems\DVD\ULCDRSvr.exe

 

[/log]

 

 

Link to comment
Share on other sites

Jag får virusvarningar lite då och då.

Jag måste nog ominstallera datorn för att bli av med det här.

Tack så mycket för hjälpen , det är tur att det finns sådana som er.

 

Vänliga hälsningar

Dan

 

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.



×
×
  • Create New...