Just nu i M3-nätverket
Jump to content

hjt logg


andreadans

Recommended Posts

hej!

jag har nog drabbats av winantivirus pro.

kan ni hjälpa mig?

/Andrea

 

[log]Logfile of HijackThis v1.99.1

Scan saved at 10:17:47, on 2007-02-14

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\Program\Delade filer\Symantec Shared\ccSetMgr.exe

C:\Program\Delade filer\Symantec Shared\SNDSrvc.exe

C:\Program\Delade filer\Symantec Shared\ccEvtMgr.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Acer\eManager\anbmServ.exe

C:\Program\Delade filer\Symantec Shared\ccProxy.exe

C:\Program\ewido anti-spyware 4.0\guard.exe

C:\Program\Norton Internet Security\Norton AntiVirus\navapsvc.exe

C:\Program\Norton Internet Security\Norton AntiVirus\SAVScan.exe

C:\WINDOWS\system32\svchost.exe

C:\Program\Delade filer\Symantec Shared\Security Center\SymWSC.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\system32\Rundll32.exe

C:\Program\Delade filer\Symantec Shared\ccApp.exe

C:\Program\Java\jre1.5.0_09\bin\jusched.exe

C:\Program\QuickTime\qttask.exe

C:\Program\CyberLink\PowerDVD\PDVDServ.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program\MSN Messenger\msnmsgr.exe

C:\Program\acer\eRecovery\Monitor.exe

C:\Program\Java\jre1.5.0_09\bin\jucheck.exe

C:\Program\Internet Explorer\iexplore.exe

C:\Program\Delade filer\Real\Update_OB\realsched.exe

C:\WINDOWS\System32\svchost.exe

C:\Program\Adobe\Photoshop CS\Photoshop.exe

C:\Program\Microsoft Office\Office10\WINWORD.EXE

C:\WINDOWS\msagent\AgentSvr.exe

C:\Program\Internet Explorer\iexplore.exe

C:\Program\Messenger\msmsgs.exe

C:\hjt\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.se/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://global.acer.com

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar

R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program\Macrogaming\SweetIMBarForIE\toolbar.dll (file missing)

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\Program\MACROG~1\SWEETI~1\toolbar.dll (file missing)

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program\Java\jre1.5.0_09\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program\Delade filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program\Delade filer\Symantec Shared\AdBlocking\NISShExt.dll

O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program\Norton Internet Security\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program\Delade filer\Symantec Shared\AdBlocking\NISShExt.dll

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program\Norton Internet Security\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program\Macrogaming\SweetIMBarForIE\toolbar.dll (file missing)

O4 - HKLM\..\Run: [LaunchApp] Alaunch

O4 - HKLM\..\Run: [siSPower] Rundll32.exe SiSPower.dll,ModeAgent

O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC

O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName

O4 - HKLM\..\Run: [eRecoveryService] C:\Windows\System32\Check.exe

O4 - HKLM\..\Run: [ccApp] "C:\Program\Delade filer\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [urlLSTCK.exe] C:\Program\Norton Internet Security\UrlLstCk.exe

O4 - HKLM\..\Run: [symantec NetDriver Monitor] C:\Program\SYMNET~1\SNDMon.exe /Consumer

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program\Java\jre1.5.0_09\bin\jusched.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [TkBellExe] "C:\Program\Delade filer\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [RemoteControl] C:\Program\CyberLink\PowerDVD\PDVDServ.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Program\MSN Messenger\msnmsgr.exe" /background

O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZN

O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~3\Office10\EXCEL.EXE/3000

O9 - Extra button: FirstClass® - {02011FE3-C22B-451d-9A25-BF4DBB38B8E7} - C:\WINDOWS\Downloaded Program Files\fcplugin.dll

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_09\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_09\bin\ssv.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {230C3D02-DA27-11D2-8612-00A0C93EEA3C} (SAXFile FileUpload ActiveX Control) - http://82.99.38.123/SAXFile/saxfile.cab

O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by22fd.bay22.hotmail.msn.com/resources/MsnPUpld.cab

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab

O16 - DPF: {9C196458-4145-46AF-8A77-1506878DFECA} (FirstClass® Control) - http://fc.brobygrafiska.sunne.se/ClientDownloads/fcplugin.cab

O18 - Protocol: fcp - {B3133379-8789-4D3C-9593-C205D7297501} - C:\WINDOWS\Downloaded Program Files\fcplugin.dll

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program\MSNMES~3\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program\MSNMES~3\MSGRAP~1.DLL

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccProxy.exe

O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccPwdSvc.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccSetMgr.exe

O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program\ewido anti-spyware 4.0\guard.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program\Delade filer\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program\iPod\bin\iPodService.exe

O23 - Service: Norton AntiVirus Auto Protect-tjänst (navapsvc) - Symantec Corporation - C:\Program\Norton Internet Security\Norton AntiVirus\navapsvc.exe

O23 - Service: SAVScan - Symantec Corporation - C:\Program\Norton Internet Security\Norton AntiVirus\SAVScan.exe

O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\Program\DELADE~1\SYMANT~1\SCRIPT~1\SBServ.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\SNDSrvc.exe

O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\Security Center\SymWSC.exe

[/log]

 

 

Link to comment
Share on other sites

 

Scanna med Hijack bocka i följande rader stäng Web-läsaren och klicka Fix checked

 

[log]R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program\Macrogaming\SweetIMBarForIE\toolbar.dll (file missing)

O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\Program\MACROG~1\SWEETI~1\toolbar.dll (file missing)

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program\Macrogaming\SweetIMBarForIE\toolbar.dll (file missing)

O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZN

 

 

Ladda ner Combofix på skrivbordet

 

http://download.bleepingcomputer.com/sUBs/combofix.exe

 

kör den och följ anvisningar.

När den är färdig så ska en logg komma ut skicka hit den.

VIKTIGT = klicka inte på Combofix fönster med musen när den körs annars kan den hänga upp sig. [/log]

 

Link to comment
Share on other sites

Hej Zipp!

Tack för att du tar dig tid.

Här kommer loggen.

 

"Andreadans" - 07-02-14 10:55:08 Service Pack 2

[log]ComboFix 07-02-11 - Running from: "C:\Documents and Settings\Andreadans\Skrivbord"

 

(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

 

 

C:\WINDOWS\system32\cemetrix.dll

 

 

((((((((((((((((((((((((((((((( Files Created from 2007-01-14 to 2007-02-14 ))))))))))))))))))))))))))))))))))

 

 

2007-02-01 11:24 <KAT> d-------- C:\Program\V1 Home 2.0

2007-01-19 12:53 51,056 --a------ C:\WINDOWS\system32\sirenacm.dll

2007-01-15 09:26 <KAT> d--hs---- C:\FOUND.002

 

 

(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

 

 

2007-02-06 12:46 3226 --a------ C:\WINDOWS\mozver.dat

2007-02-02 11:46 63900 --a------ C:\WINDOWS\system32\perfc01d.dat

2007-02-02 11:46 385328 --a------ C:\WINDOWS\system32\perfh01d.dat

2007-02-02 10:44 69904 --a------ C:\DOCUME~1\ANDREA~1\Application Data\gdipfontcachev1.dat

2007-01-09 23:09 14994392 --a------ C:\GoogleEarthWin.exe

 

 

(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

 

*Note* empty entries & legit default entries are not shown

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]

"CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.exe"

"msnmsgr"="\"C:\\Program\\MSN Messenger\\msnmsgr.exe\" /background"

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]

"LaunchApp"="Alaunch"

"SiSPower"="Rundll32.exe SiSPower.dll,ModeAgent"

"PHIME2002ASync"="C:\\WINDOWS\\system32\\IME\\TINTLGNT\\TINTSETP.EXE /SYNC"

"PHIME2002A"="C:\\WINDOWS\\system32\\IME\\TINTLGNT\\TINTSETP.EXE /IMEName"

"eRecoveryService"="C:\\Windows\\System32\\Check.exe"

"ccApp"="\"C:\\Program\\Delade filer\\Symantec Shared\\ccApp.exe\""

"URLLSTCK.exe"="C:\\Program\\Norton Internet Security\\UrlLstCk.exe"

"Symantec NetDriver Monitor"="C:\\Program\\SYMNET~1\\SNDMon.exe /Consumer"

"SunJavaUpdateSched"="\"C:\\Program\\Java\\jre1.5.0_09\\bin\\jusched.exe\""

"QuickTime Task"="\"C:\\Program\\QuickTime\\qttask.exe\" -atboottime"

"TkBellExe"="\"C:\\Program\\Delade filer\\Real\\Update_OB\\realsched.exe\" -osboot"

"RemoteControl"="C:\\Program\\CyberLink\\PowerDVD\\PDVDServ.exe"

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]

"Installed"="1"

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]

"Installed"="1"

"NoChange"="1"

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]

"Installed"="1"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start-meny^Program^Autostart^Adobe Gamma Loader.lnk]

"path"="C:\\Documents and Settings\\All Users\\Start-meny\\Program\\Autostart\\Adobe Gamma Loader.lnk"

"backup"="C:\\WINDOWS\\pss\\Adobe Gamma Loader.lnkCommon Startup"

"location"="Common Startup"

"command"="C:\\Program\\DELADE~1\\Adobe\\CALIBR~1\\ADOBEG~1.EXE "

"item"="Adobe Gamma Loader"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start-meny^Program^Autostart^Microsoft Office.lnk]

"path"="C:\\Documents and Settings\\All Users\\Start-meny\\Program\\Autostart\\Microsoft Office.lnk"

"backup"="C:\\WINDOWS\\pss\\Microsoft Office.lnkCommon Startup"

"location"="Common Startup"

"command"="C:\\Program\\MICROS~3\\Office10\\OSA.EXE -b -l"

"item"="Microsoft Office"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start-meny^Program^Autostart^Ulead Photo Express 3.0 SE Calendar Checker.lnk]

"path"="C:\\Documents and Settings\\All Users\\Start-meny\\Program\\Autostart\\Ulead Photo Express 3.0 SE Calendar Checker.lnk"

"backup"="C:\\WINDOWS\\pss\\Ulead Photo Express 3.0 SE Calendar Checker.lnkCommon Startup"

"location"="Common Startup"

"command"="C:\\Program\\ULEADS~1\\ULEADP~1.0SE\\CalCheck.exe "

"item"="Ulead Photo Express 3.0 SE Calendar Checker"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start-meny^Program^Autostart^Utility Tray.lnk]

"path"="C:\\Documents and Settings\\All Users\\Start-meny\\Program\\Autostart\\Utility Tray.lnk"

"backup"="C:\\WINDOWS\\pss\\Utility Tray.lnkCommon Startup"

"location"="Common Startup"

"command"="C:\\WINDOWS\\system32\\sistray.exe "

"item"="Utility Tray"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\!ewido]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="ewido"

"hkey"="HKLM"

"command"="\"C:\\Program\\ewido anti-spyware 4.0\\ewido.exe\" /minimized"

"inimapping"="0"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="AGRSMMSG"

"hkey"="HKLM"

"command"="AGRSMMSG.exe"

"inimapping"="0"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DeviceDiscovery]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="hpotdd01"

"hkey"="HKLM"

"command"="C:\\Program\\Hewlett-Packard\\Digital Imaging\\bin\\hpotdd01.exe"

"inimapping"="0"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus C46 Series]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="E_S4I0T1"

"hkey"="HKLM"

"command"="C:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\E_S4I0T1.EXE /P23 \"EPSON Stylus C46 Series\" /O5 \"LPT1:\" /M \"Stylus C46\""

"inimapping"="0"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus C46 Series (kopia 1)]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="E_S4I0T1"

"hkey"="HKLM"

"command"="C:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\E_S4I0T1.EXE /P33 \"EPSON Stylus C46 Series (kopia 1)\" /O6 \"USB001\" /M \"Stylus C46\""

"inimapping"="0"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="HPWuSchd"

"hkey"="HKLM"

"command"="C:\\Program\\Hewlett-Packard\\HP Software Update\\HPWuSchd.exe"

"inimapping"="0"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="hpztsb08"

"hkey"="HKLM"

"command"="C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\hpztsb08.exe"

"inimapping"="0"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="IMJPMIG"

"hkey"="HKLM"

"command"="\"C:\\WINDOWS\\IME\\imjp8_1\\IMJPMIG.EXE\" /Spoil /RemAdvDef /Migration32"

"inimapping"="0"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="iTunesHelper"

"hkey"="HKLM"

"command"="\"C:\\Program\\iTunes\\iTunesHelper.exe\""

"inimapping"="0"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LManager]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="QtZgAcer"

"hkey"="HKLM"

"command"="C:\\Program\\Launch Manager\\QtZgAcer.EXE"

"inimapping"="0"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechSoftwareUpdate]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="ManifestEngine"

"hkey"="HKCU"

"command"="C:\\Program\\Logitech\\Video\\ManifestEngine.exe boot"

"inimapping"="0"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoRepair]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="ISStart"

"hkey"="HKLM"

"command"="C:\\Program\\Logitech\\Video\\ISStart.exe "

"inimapping"="0"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoTray]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="LogiTray"

"hkey"="HKLM"

"command"="C:\\Program\\Logitech\\Video\\LogiTray.exe"

"inimapping"="0"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMSX]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="LVCOMSX"

"hkey"="HKLM"

"command"="C:\\WINDOWS\\system32\\LVCOMSX.EXE"

"inimapping"="0"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="msmsgs"

"hkey"="HKCU"

"command"="\"C:\\Program\\Messenger\\msmsgs.exe\" /background"

"inimapping"="0"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="msnmsgr"

"hkey"="HKCU"

"command"="\"C:\\Program\\MSN Messenger\\msnmsgr.exe\" /background"

"inimapping"="0"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSPY2002]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="ImScInst"

"hkey"="HKLM"

"command"="C:\\WINDOWS\\system32\\IME\\PINTLGNT\\ImScInst.exe /SYNC"

"inimapping"="0"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="NeroCheck"

"hkey"="HKLM"

"command"="C:\\WINDOWS\\system32\\\\NeroCheck.exe"

"inimapping"="0"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="PCMService"

"hkey"="HKLM"

"command"="\"C:\\Program\\Arcade\\PCMService.exe\""

"inimapping"="0"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="qttask"

"hkey"="HKLM"

"command"="\"C:\\Program\\QuickTime\\qttask.exe\" -atboottime"

"inimapping"="0"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SiS Windows KeyHook]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="keyhook"

"hkey"="HKLM"

"command"="C:\\WINDOWS\\system32\\keyhook.exe"

"inimapping"="0"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="SOUNDMAN"

"hkey"="HKLM"

"command"="SOUNDMAN.EXE"

"inimapping"="0"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="GoogleToolbarNotifier"

"hkey"="HKCU"

"command"="C:\\Program\\Google\\GoogleToolbarNotifier\\1.0.720.3640\\GoogleToolbarNotifier.exe"

"inimapping"="0"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="SynTPEnh"

"hkey"="HKLM"

"command"="C:\\Program\\Synaptics\\SynTP\\SynTPEnh.exe"

"inimapping"="0"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPLpr]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="SynTPLpr"

"hkey"="HKLM"

"command"="C:\\Program\\Synaptics\\SynTP\\SynTPLpr.exe"

"inimapping"="0"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="realsched"

"hkey"="HKLM"

"command"="\"C:\\Program\\Delade filer\\Real\\Update_OB\\realsched.exe\" -osboot"

"inimapping"="0"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Window Washer]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="wwDisp"

"hkey"="HKCU"

"command"="C:\\Program Files\\Webroot\\Washer\\wwDisp.exe"

"inimapping"="0"

 

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]

"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="ewido anti-spyware 4.0"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]

"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

 

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]

HTTPFilter REG_MULTI_SZ HTTPFilter\0\0

LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0

NetworkService REG_MULTI_SZ DnsCache\0\0

DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0

rpcss REG_MULTI_SZ RpcSs\0\0

imgsvc REG_MULTI_SZ StiSvc\0\0

termsvcs REG_MULTI_SZ TermService\0\0

 

 

 

 

~ ~ ~ ~ ~ ~ ~ ~ Hijackthis Backups ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~

 

backup-20070214-105337-267

O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZN

backup-20070214-105138-182

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

backup-20070214-105138-577

O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program\Macrogaming\SweetIMBarForIE\toolbar.dll (file missing)

backup-20070214-105138-402

O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\Program\MACROG~1\SWEETI~1\toolbar.dll (file missing)

backup-20070214-105138-609

R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program\Macrogaming\SweetIMBarForIE\toolbar.dll (file missing)

 

Contents of the 'Scheduled Tasks' folder

C:\WINDOWS\tasks\Symantec NetDetect.job

C:\WINDOWS\tasks\Norton AntiVirus - S”k igenom datorn.job

C:\WINDOWS\tasks\AppleSoftwareUpdate.job

 

 

********************************************************************

 

catchme 0.1 W2K/XP - userland rootkit detector by Gmer, 17 October 2006

http://www.gmer.net

 

scanning hidden processes ...

 

scanning hidden services ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden processes: 0

hidden services: 0

hidden files: 0

 

********************************************************************

 

Completion time: 07-02-14 10:57:50

[/log]

 

 

[inlägget ändrat 2007-02-23 18:50:54 av Anders N]

Link to comment
Share on other sites

 

Ser inget i denna log.

 

> jag har nog drabbats av winantivirus pro. <

 

Är den installerat eller pop-ups

 

Avinstallera den Java du har och hämta nyaste här

 

http://www.java.com/sv/

 

Avinstallera Ewido också och hämta AVG Anti-Spyware 7.5

 

http://www.ewido.net/en/

 

installera + uppdatera.

Scanna och rensa i felsäkert läge och om nåt hittas så skicka loggen.

 

 

Link to comment
Share on other sites

här kommer loggen från avg.

 

 

---------------------------------------------------------

AVG Anti-Spyware - Scan Report

---------------------------------------------------------

 

+ Created at: 12:41:52 2007-02-14

 

+ Scan result:

 

 

 

HKU\.DEFAULT\Software\New.net -> Adware.NewDotNet : Ignored.

HKU\S-1-5-18\Software\New.net -> Adware.NewDotNet : Ignored.

C:\Program\Mozilla Firefox\plugins\npclntax.dll -> Adware.Zango : Ignored.

C:\Documents and Settings\Andreadans\Cookies\andreadans@aavalue[2].txt -> TrackingCookie.Aavalue : Ignored.

C:\Documents and Settings\Andreadans\Cookies\andreadans@eztracks.aavalue[2].txt -> TrackingCookie.Aavalue : Ignored.

:mozilla.17:C:\Documents and Settings\Andreadans\Application Data\Mozilla\Firefox\Profiles\louddccy.default\cookies.txt -> TrackingCookie.Adbrite : Ignored.

:mozilla.18:C:\Documents and Settings\Andreadans\Application Data\Mozilla\Firefox\Profiles\louddccy.default\cookies.txt -> TrackingCookie.Adbrite : Ignored.

C:\Documents and Settings\Andreadans\Cookies\andreadans@adbrite[1].txt -> TrackingCookie.Adbrite : Ignored.

C:\Documents and Settings\Andreadans\Cookies\andreadans@adbrite[2].txt -> TrackingCookie.Adbrite : Ignored.

C:\Documents and Settings\Andreadans\Cookies\andreadans@admarketplace[2].txt -> TrackingCookie.Admarketplace : Ignored.

C:\Documents and Settings\Andreadans\Cookies\andreadans@www.burstnet[1].txt -> TrackingCookie.Burstnet : Ignored.

C:\Documents and Settings\Andreadans\Cookies\andreadans@www.burstnet[2].txt -> TrackingCookie.Burstnet : Ignored.

C:\Documents and Settings\Andreadans\Cookies\andreadans@clickbank[1].txt -> TrackingCookie.Clickbank : Ignored.

C:\Documents and Settings\Andreadans\Cookies\andreadans@com[1].txt -> TrackingCookie.Com : Ignored.

:mozilla.107:C:\Documents and Settings\Andreadans\Application Data\Mozilla\Firefox\Profiles\louddccy.default\cookies.txt -> TrackingCookie.Esomniture : Ignored.

:mozilla.112:C:\Documents and Settings\Andreadans\Application Data\Mozilla\Firefox\Profiles\louddccy.default\cookies.txt -> TrackingCookie.Esomniture : Ignored.

:mozilla.116:C:\Documents and Settings\Andreadans\Application Data\Mozilla\Firefox\Profiles\louddccy.default\cookies.txt -> TrackingCookie.Esomniture : Ignored.

:mozilla.72:C:\Documents and Settings\Andreadans\Application Data\Mozilla\Firefox\Profiles\louddccy.default\cookies.txt -> TrackingCookie.Esomniture : Ignored.

:mozilla.76:C:\Documents and Settings\Andreadans\Application Data\Mozilla\Firefox\Profiles\louddccy.default\cookies.txt -> TrackingCookie.Esomniture : Ignored.

:mozilla.79:C:\Documents and Settings\Andreadans\Application Data\Mozilla\Firefox\Profiles\louddccy.default\cookies.txt -> TrackingCookie.Esomniture : Ignored.

:mozilla.82:C:\Documents and Settings\Andreadans\Application Data\Mozilla\Firefox\Profiles\louddccy.default\cookies.txt -> TrackingCookie.Esomniture : Ignored.

:mozilla.84:C:\Documents and Settings\Andreadans\Application Data\Mozilla\Firefox\Profiles\louddccy.default\cookies.txt -> TrackingCookie.Esomniture : Ignored.

:mozilla.86:C:\Documents and Settings\Andreadans\Application Data\Mozilla\Firefox\Profiles\louddccy.default\cookies.txt -> TrackingCookie.Esomniture : Ignored.

:mozilla.91:C:\Documents and Settings\Andreadans\Application Data\Mozilla\Firefox\Profiles\louddccy.default\cookies.txt -> TrackingCookie.Esomniture : Ignored.

:mozilla.92:C:\Documents and Settings\Andreadans\Application Data\Mozilla\Firefox\Profiles\louddccy.default\cookies.txt -> TrackingCookie.Esomniture : Ignored.

:mozilla.93:C:\Documents and Settings\Andreadans\Application Data\Mozilla\Firefox\Profiles\louddccy.default\cookies.txt -> TrackingCookie.Esomniture : Ignored.

C:\Documents and Settings\Andreadans\Cookies\andreadans@e-2dj6wfkygldzegq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Ignored.

C:\Documents and Settings\Andreadans\Cookies\andreadans@e-2dj6wfmicgdpshp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Ignored.

C:\Documents and Settings\Andreadans\Cookies\andreadans@e-2dj6wjkokncjieo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Ignored.

C:\Documents and Settings\Andreadans\Cookies\andreadans@e-2dj6wjl4spd5kao.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Ignored.

C:\Documents and Settings\Andreadans\Cookies\andreadans@estat[1].txt -> TrackingCookie.Estat : Ignored.

C:\Documents and Settings\Andreadans\Cookies\andreadans@adopt.euroclick[1].txt -> TrackingCookie.Euroclick : Ignored.

C:\Documents and Settings\Andreadans\Cookies\andreadans@adopt.euroclick[2].txt -> TrackingCookie.Euroclick : Ignored.

C:\Documents and Settings\Andreadans\Cookies\andreadans@ivwbox[2].txt -> TrackingCookie.Ivwbox : Ignored.

C:\Documents and Settings\Andreadans\Cookies\andreadans@server.iad.liveperson[1].txt -> TrackingCookie.Liveperson : Ignored.

C:\Documents and Settings\Andreadans\Cookies\andreadans@server.iad.liveperson[3].txt -> TrackingCookie.Liveperson : Ignored.

C:\Documents and Settings\Andreadans\Cookies\andreadans@image.masterstats[1].txt -> TrackingCookie.Masterstats : Ignored.

C:\Documents and Settings\Andreadans\Cookies\andreadans@stat.onestat[2].txt -> TrackingCookie.Onestat : Ignored.

:mozilla.19:C:\Documents and Settings\Andreadans\Application Data\Mozilla\Firefox\Profiles\louddccy.default\cookies.txt -> TrackingCookie.Reliablestats : Ignored.

:mozilla.20:C:\Documents and Settings\Andreadans\Application Data\Mozilla\Firefox\Profiles\louddccy.default\cookies.txt -> TrackingCookie.Reliablestats : Ignored.

:mozilla.23:C:\Documents and Settings\Andreadans\Application Data\Mozilla\Firefox\Profiles\louddccy.default\cookies.txt -> TrackingCookie.Reliablestats : Ignored.

:mozilla.25:C:\Documents and Settings\Andreadans\Application Data\Mozilla\Firefox\Profiles\louddccy.default\cookies.txt -> TrackingCookie.Reliablestats : Ignored.

C:\Documents and Settings\Andreadans\Cookies\andreadans@stats1.reliablestats[2].txt -> TrackingCookie.Reliablestats : Ignored.

C:\Documents and Settings\Andreadans\Cookies\andreadans@stats1.reliablestats[3].txt -> TrackingCookie.Reliablestats : Ignored.

:mozilla.106:C:\Documents and Settings\Andreadans\Application Data\Mozilla\Firefox\Profiles\louddccy.default\cookies.txt -> TrackingCookie.Revenue : Ignored.

:mozilla.131:C:\Documents and Settings\Andreadans\Application Data\Mozilla\Firefox\Profiles\louddccy.default\cookies.txt -> TrackingCookie.Statcounter : Ignored.

C:\Documents and Settings\Andreadans\Cookies\andreadans@statcounter[1].txt -> TrackingCookie.Statcounter : Ignored.

C:\Documents and Settings\Andreadans\Cookies\andreadans@statcounter[2].txt -> TrackingCookie.Statcounter : Ignored.

C:\Documents and Settings\Andreadans\Cookies\andreadans@tacoda[1].txt -> TrackingCookie.Tacoda : Ignored.

C:\Documents and Settings\Andreadans\Cookies\andreadans@tacoda[2].txt -> TrackingCookie.Tacoda : Ignored.

C:\Documents and Settings\Andreadans\Cookies\andreadans@weborama[2].txt -> TrackingCookie.Weborama : Ignored.

:mozilla.101:C:\Documents and Settings\Andreadans\Application Data\Mozilla\Firefox\Profiles\louddccy.default\cookies.txt -> TrackingCookie.Yadro : Ignored.

C:\Documents and Settings\Andreadans\Cookies\andreadans@yadro[2].txt -> TrackingCookie.Yadro : Ignored.

:mozilla.55:C:\Documents and Settings\Andreadans\Application Data\Mozilla\Firefox\Profiles\louddccy.default\cookies.txt -> TrackingCookie.Yieldmanager : Ignored.

:mozilla.56:C:\Documents and Settings\Andreadans\Application Data\Mozilla\Firefox\Profiles\louddccy.default\cookies.txt -> TrackingCookie.Yieldmanager : Ignored.

C:\Documents and Settings\Andreadans\Cookies\andreadans@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Ignored.

C:\Documents and Settings\Andreadans\Cookies\andreadans@ad.yieldmanager[3].txt -> TrackingCookie.Yieldmanager : Ignored.

 

 

::Report end

 

 

 

Link to comment
Share on other sites

andreadans, det är många på Eforum som skulle bli glada om du trycker på Redigera under ditt senaste inlägg och så markerar (målar) loggen och därefter trycker på LOG-knappen som finns på samma rad som :thumbsdown::thumbsup: i Redigera-fönstret, de kommer då att slippa skrolla så mycket för att komma förbi ett långt inlägg. Tack!

 

Link to comment
Share on other sites

 

Ignored. på alla fynd.

Du har inte tgit bort dom.

Scanna en gång till i normalläge och ta bort det som hittas.

Är winantivirus pro kvar eller?

 

 

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.



×
×
  • Create New...