hjt logg

[andreadans]

hej!

jag har nog drabbats av winantivirus pro.

kan ni hjälpa mig?

/Andrea

 

[log]Logfile of HijackThis v1.99.1

Scan saved at 10:17:47, on 2007-02-14

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\Program\Delade filer\Symantec Shared\ccSetMgr.exe

C:\Program\Delade filer\Symantec Shared\SNDSrvc.exe

C:\Program\Delade filer\Symantec Shared\ccEvtMgr.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Acer\eManager\anbmServ.exe

C:\Program\Delade filer\Symantec Shared\ccProxy.exe

C:\Program\ewido anti-spyware 4.0\guard.exe

C:\Program\Norton Internet Security\Norton AntiVirus\navapsvc.exe

C:\Program\Norton Internet Security\Norton AntiVirus\SAVScan.exe

C:\WINDOWS\system32\svchost.exe

C:\Program\Delade filer\Symantec Shared\Security Center\SymWSC.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\system32\Rundll32.exe

C:\Program\Delade filer\Symantec Shared\ccApp.exe

C:\Program\Java\jre1.5.0_09\bin\jusched.exe

C:\Program\QuickTime\qttask.exe

C:\Program\CyberLink\PowerDVD\PDVDServ.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program\MSN Messenger\msnmsgr.exe

C:\Program\acer\eRecovery\Monitor.exe

C:\Program\Java\jre1.5.0_09\bin\jucheck.exe

C:\Program\Internet Explorer\iexplore.exe

C:\Program\Delade filer\Real\Update_OB\realsched.exe

C:\WINDOWS\System32\svchost.exe

C:\Program\Adobe\Photoshop CS\Photoshop.exe

C:\Program\Microsoft Office\Office10\WINWORD.EXE

C:\WINDOWS\msagent\AgentSvr.exe

C:\Program\Internet Explorer\iexplore.exe

C:\Program\Messenger\msmsgs.exe

C:\hjt\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.se/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://global.acer.com

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar

R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program\Macrogaming\SweetIMBarForIE\toolbar.dll (file missing)

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\Program\MACROG~1\SWEETI~1\toolbar.dll (file missing)

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program\Java\jre1.5.0_09\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program\Delade filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program\Delade filer\Symantec Shared\AdBlocking\NISShExt.dll

O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program\Norton Internet Security\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program\Delade filer\Symantec Shared\AdBlocking\NISShExt.dll

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program\Norton Internet Security\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program\Macrogaming\SweetIMBarForIE\toolbar.dll (file missing)

O4 - HKLM\..\Run: [LaunchApp] Alaunch

O4 - HKLM\..\Run: [siSPower] Rundll32.exe SiSPower.dll,ModeAgent

O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC

O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName

O4 - HKLM\..\Run: [eRecoveryService] C:\Windows\System32\Check.exe

O4 - HKLM\..\Run: [ccApp] "C:\Program\Delade filer\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [urlLSTCK.exe] C:\Program\Norton Internet Security\UrlLstCk.exe

O4 - HKLM\..\Run: [symantec NetDriver Monitor] C:\Program\SYMNET~1\SNDMon.exe /Consumer

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program\Java\jre1.5.0_09\bin\jusched.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [TkBellExe] "C:\Program\Delade filer\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [RemoteControl] C:\Program\CyberLink\PowerDVD\PDVDServ.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Program\MSN Messenger\msnmsgr.exe" /background

O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZN

O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~3\Office10\EXCEL.EXE/3000

O9 - Extra button: FirstClass® - {02011FE3-C22B-451d-9A25-BF4DBB38B8E7} - C:\WINDOWS\Downloaded Program Files\fcplugin.dll

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_09\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_09\bin\ssv.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {230C3D02-DA27-11D2-8612-00A0C93EEA3C} (SAXFile FileUpload ActiveX Control) - http://82.99.38.123/SAXFile/saxfile.cab

O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by22fd.bay22.hotmail.msn.com/resources/MsnPUpld.cab

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab

O16 - DPF: {9C196458-4145-46AF-8A77-1506878DFECA} (FirstClass® Control) - http://fc.brobygrafiska.sunne.se/ClientDownloads/fcplugin.cab

O18 - Protocol: fcp - {B3133379-8789-4D3C-9593-C205D7297501} - C:\WINDOWS\Downloaded Program Files\fcplugin.dll

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program\MSNMES~3\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program\MSNMES~3\MSGRAP~1.DLL

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccProxy.exe

O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccPwdSvc.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccSetMgr.exe

O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program\ewido anti-spyware 4.0\guard.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program\Delade filer\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program\iPod\bin\iPodService.exe

O23 - Service: Norton AntiVirus Auto Protect-tjänst (navapsvc) - Symantec Corporation - C:\Program\Norton Internet Security\Norton AntiVirus\navapsvc.exe

O23 - Service: SAVScan - Symantec Corporation - C:\Program\Norton Internet Security\Norton AntiVirus\SAVScan.exe

O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\Program\DELADE~1\SYMANT~1\SCRIPT~1\SBServ.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\SNDSrvc.exe

O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\Security Center\SymWSC.exe

[/log]

 

 

[Zipp.]

 

Scanna med Hijack bocka i följande rader stäng Web-läsaren och klicka Fix checked

 

[log]R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program\Macrogaming\SweetIMBarForIE\toolbar.dll (file missing)

O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\Program\MACROG~1\SWEETI~1\toolbar.dll (file missing)

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program\Macrogaming\SweetIMBarForIE\toolbar.dll (file missing)

O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZN

 

 

Ladda ner Combofix på skrivbordet

 

http://download.bleepingcomputer.com/sUBs/combofix.exe

 

kör den och följ anvisningar.

När den är färdig så ska en logg komma ut skicka hit den.

VIKTIGT = klicka inte på Combofix fönster med musen när den körs annars kan den hänga upp sig. [/log]

 

[andreadans]

Hej Zipp!

Tack för att du tar dig tid.

Här kommer loggen.

 

"Andreadans" - 07-02-14 10:55:08 Service Pack 2

[log]ComboFix 07-02-11 - Running from: "C:\Documents and Settings\Andreadans\Skrivbord"

 

(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

 

 

C:\WINDOWS\system32\cemetrix.dll

 

 

((((((((((((((((((((((((((((((( Files Created from 2007-01-14 to 2007-02-14 ))))))))))))))))))))))))))))))))))

 

 

2007-02-01 11:24 <KAT> d-------- C:\Program\V1 Home 2.0

2007-01-19 12:53 51,056 --a------ C:\WINDOWS\system32\sirenacm.dll

2007-01-15 09:26 <KAT> d--hs---- C:\FOUND.002

 

 

(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

 

 

2007-02-06 12:46 3226 --a------ C:\WINDOWS\mozver.dat

2007-02-02 11:46 63900 --a------ C:\WINDOWS\system32\perfc01d.dat

2007-02-02 11:46 385328 --a------ C:\WINDOWS\system32\perfh01d.dat

2007-02-02 10:44 69904 --a------ C:\DOCUME~1\ANDREA~1\Application Data\gdipfontcachev1.dat

2007-01-09 23:09 14994392 --a------ C:\GoogleEarthWin.exe

 

 

(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

 

*Note* empty entries & legit default entries are not shown

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]

"CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.exe"

"msnmsgr"="\"C:\\Program\\MSN Messenger\\msnmsgr.exe\" /background"

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]

"LaunchApp"="Alaunch"

"SiSPower"="Rundll32.exe SiSPower.dll,ModeAgent"

"PHIME2002ASync"="C:\\WINDOWS\\system32\\IME\\TINTLGNT\\TINTSETP.EXE /SYNC"

"PHIME2002A"="C:\\WINDOWS\\system32\\IME\\TINTLGNT\\TINTSETP.EXE /IMEName"

"eRecoveryService"="C:\\Windows\\System32\\Check.exe"

"ccApp"="\"C:\\Program\\Delade filer\\Symantec Shared\\ccApp.exe\""

"URLLSTCK.exe"="C:\\Program\\Norton Internet Security\\UrlLstCk.exe"

"Symantec NetDriver Monitor"="C:\\Program\\SYMNET~1\\SNDMon.exe /Consumer"

"SunJavaUpdateSched"="\"C:\\Program\\Java\\jre1.5.0_09\\bin\\jusched.exe\""

"QuickTime Task"="\"C:\\Program\\QuickTime\\qttask.exe\" -atboottime"

"TkBellExe"="\"C:\\Program\\Delade filer\\Real\\Update_OB\\realsched.exe\" -osboot"

"RemoteControl"="C:\\Program\\CyberLink\\PowerDVD\\PDVDServ.exe"

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]

"Installed"="1"

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]

"Installed"="1"

"NoChange"="1"

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]

"Installed"="1"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start-meny^Program^Autostart^Adobe Gamma Loader.lnk]

"path"="C:\\Documents and Settings\\All Users\\Start-meny\\Program\\Autostart\\Adobe Gamma Loader.lnk"

"backup"="C:\\WINDOWS\\pss\\Adobe Gamma Loader.lnkCommon Startup"

"location"="Common Startup"

"command"="C:\\Program\\DELADE~1\\Adobe\\CALIBR~1\\ADOBEG~1.EXE "

"item"="Adobe Gamma Loader"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start-meny^Program^Autostart^Microsoft Office.lnk]

"path"="C:\\Documents and Settings\\All Users\\Start-meny\\Program\\Autostart\\Microsoft Office.lnk"

"backup"="C:\\WINDOWS\\pss\\Microsoft Office.lnkCommon Startup"

"location"="Common Startup"

"command"="C:\\Program\\MICROS~3\\Office10\\OSA.EXE -b -l"

"item"="Microsoft Office"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start-meny^Program^Autostart^Ulead Photo Express 3.0 SE Calendar Checker.lnk]

"path"="C:\\Documents and Settings\\All Users\\Start-meny\\Program\\Autostart\\Ulead Photo Express 3.0 SE Calendar Checker.lnk"

"backup"="C:\\WINDOWS\\pss\\Ulead Photo Express 3.0 SE Calendar Checker.lnkCommon Startup"

"location"="Common Startup"

"command"="C:\\Program\\ULEADS~1\\ULEADP~1.0SE\\CalCheck.exe "

"item"="Ulead Photo Express 3.0 SE Calendar Checker"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start-meny^Program^Autostart^Utility Tray.lnk]

"path"="C:\\Documents and Settings\\All Users\\Start-meny\\Program\\Autostart\\Utility Tray.lnk"

"backup"="C:\\WINDOWS\\pss\\Utility Tray.lnkCommon Startup"

"location"="Common Startup"

"command"="C:\\WINDOWS\\system32\\sistray.exe "

"item"="Utility Tray"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\!ewido]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="ewido"

"hkey"="HKLM"

"command"="\"C:\\Program\\ewido anti-spyware 4.0\\ewido.exe\" /minimized"

"inimapping"="0"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="AGRSMMSG"

"hkey"="HKLM"

"command"="AGRSMMSG.exe"

"inimapping"="0"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DeviceDiscovery]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="hpotdd01"

"hkey"="HKLM"

"command"="C:\\Program\\Hewlett-Packard\\Digital Imaging\\bin\\hpotdd01.exe"

"inimapping"="0"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus C46 Series]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="E_S4I0T1"

"hkey"="HKLM"

"command"="C:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\E_S4I0T1.EXE /P23 \"EPSON Stylus C46 Series\" /O5 \"LPT1:\" /M \"Stylus C46\""

"inimapping"="0"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus C46 Series (kopia 1)]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="E_S4I0T1"

"hkey"="HKLM"

"command"="C:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\E_S4I0T1.EXE /P33 \"EPSON Stylus C46 Series (kopia 1)\" /O6 \"USB001\" /M \"Stylus C46\""

"inimapping"="0"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="HPWuSchd"

"hkey"="HKLM"

"command"="C:\\Program\\Hewlett-Packard\\HP Software Update\\HPWuSchd.exe"

"inimapping"="0"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="hpztsb08"

"hkey"="HKLM"

"command"="C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\hpztsb08.exe"

"inimapping"="0"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="IMJPMIG"

"hkey"="HKLM"

"command"="\"C:\\WINDOWS\\IME\\imjp8_1\\IMJPMIG.EXE\" /Spoil /RemAdvDef /Migration32"

"inimapping"="0"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="iTunesHelper"

"hkey"="HKLM"

"command"="\"C:\\Program\\iTunes\\iTunesHelper.exe\""

"inimapping"="0"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LManager]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="QtZgAcer"

"hkey"="HKLM"

"command"="C:\\Program\\Launch Manager\\QtZgAcer.EXE"

"inimapping"="0"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechSoftwareUpdate]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="ManifestEngine"

"hkey"="HKCU"

"command"="C:\\Program\\Logitech\\Video\\ManifestEngine.exe boot"

"inimapping"="0"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoRepair]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="ISStart"

"hkey"="HKLM"

"command"="C:\\Program\\Logitech\\Video\\ISStart.exe "

"inimapping"="0"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoTray]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="LogiTray"

"hkey"="HKLM"

"command"="C:\\Program\\Logitech\\Video\\LogiTray.exe"

"inimapping"="0"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMSX]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="LVCOMSX"

"hkey"="HKLM"

"command"="C:\\WINDOWS\\system32\\LVCOMSX.EXE"

"inimapping"="0"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="msmsgs"

"hkey"="HKCU"

"command"="\"C:\\Program\\Messenger\\msmsgs.exe\" /background"

"inimapping"="0"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="msnmsgr"

"hkey"="HKCU"

"command"="\"C:\\Program\\MSN Messenger\\msnmsgr.exe\" /background"

"inimapping"="0"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSPY2002]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="ImScInst"

"hkey"="HKLM"

"command"="C:\\WINDOWS\\system32\\IME\\PINTLGNT\\ImScInst.exe /SYNC"

"inimapping"="0"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="NeroCheck"

"hkey"="HKLM"

"command"="C:\\WINDOWS\\system32\\\\NeroCheck.exe"

"inimapping"="0"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="PCMService"

"hkey"="HKLM"

"command"="\"C:\\Program\\Arcade\\PCMService.exe\""

"inimapping"="0"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="qttask"

"hkey"="HKLM"

"command"="\"C:\\Program\\QuickTime\\qttask.exe\" -atboottime"

"inimapping"="0"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SiS Windows KeyHook]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="keyhook"

"hkey"="HKLM"

"command"="C:\\WINDOWS\\system32\\keyhook.exe"

"inimapping"="0"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="SOUNDMAN"

"hkey"="HKLM"

"command"="SOUNDMAN.EXE"

"inimapping"="0"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="GoogleToolbarNotifier"

"hkey"="HKCU"

"command"="C:\\Program\\Google\\GoogleToolbarNotifier\\1.0.720.3640\\GoogleToolbarNotifier.exe"

"inimapping"="0"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="SynTPEnh"

"hkey"="HKLM"

"command"="C:\\Program\\Synaptics\\SynTP\\SynTPEnh.exe"

"inimapping"="0"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPLpr]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="SynTPLpr"

"hkey"="HKLM"

"command"="C:\\Program\\Synaptics\\SynTP\\SynTPLpr.exe"

"inimapping"="0"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="realsched"

"hkey"="HKLM"

"command"="\"C:\\Program\\Delade filer\\Real\\Update_OB\\realsched.exe\" -osboot"

"inimapping"="0"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Window Washer]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="wwDisp"

"hkey"="HKCU"

"command"="C:\\Program Files\\Webroot\\Washer\\wwDisp.exe"

"inimapping"="0"

 

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]

"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="ewido anti-spyware 4.0"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]

"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

 

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]

HTTPFilter REG_MULTI_SZ HTTPFilter\0\0

LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0

NetworkService REG_MULTI_SZ DnsCache\0\0

DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0

rpcss REG_MULTI_SZ RpcSs\0\0

imgsvc REG_MULTI_SZ StiSvc\0\0

termsvcs REG_MULTI_SZ TermService\0\0

 

 

 

 

~ ~ ~ ~ ~ ~ ~ ~ Hijackthis Backups ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~

 

backup-20070214-105337-267

O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZN

backup-20070214-105138-182

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

backup-20070214-105138-577

O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program\Macrogaming\SweetIMBarForIE\toolbar.dll (file missing)

backup-20070214-105138-402

O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\Program\MACROG~1\SWEETI~1\toolbar.dll (file missing)

backup-20070214-105138-609

R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program\Macrogaming\SweetIMBarForIE\toolbar.dll (file missing)

 

Contents of the 'Scheduled Tasks' folder

C:\WINDOWS\tasks\Symantec NetDetect.job

C:\WINDOWS\tasks\Norton AntiVirus - S”k igenom datorn.job

C:\WINDOWS\tasks\AppleSoftwareUpdate.job

 

 

********************************************************************

 

catchme 0.1 W2K/XP - userland rootkit detector by Gmer, 17 October 2006

http://www.gmer.net

 

scanning hidden processes ...

 

scanning hidden services ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden processes: 0

hidden services: 0

hidden files: 0

 

********************************************************************

 

Completion time: 07-02-14 10:57:50

[/log]

 

 

[inlägget ändrat 2007-02-23 18:50:54 av Anders N]

[Zipp.]

 

Ser inget i denna log.

 

> jag har nog drabbats av winantivirus pro. <

 

Är den installerat eller pop-ups

 

Avinstallera den Java du har och hämta nyaste här

 

http://www.java.com/sv/

 

Avinstallera Ewido också och hämta AVG Anti-Spyware 7.5

 

http://www.ewido.net/en/

 

installera + uppdatera.

Scanna och rensa i felsäkert läge och om nåt hittas så skicka loggen.

 

 

[andreadans]

här kommer loggen från avg.

 

 

---------------------------------------------------------

AVG Anti-Spyware - Scan Report

---------------------------------------------------------

 

+ Created at: 12:41:52 2007-02-14

 

+ Scan result:

 

 

 

HKU\.DEFAULT\Software\New.net -> Adware.NewDotNet : Ignored.

HKU\S-1-5-18\Software\New.net -> Adware.NewDotNet : Ignored.

C:\Program\Mozilla Firefox\plugins\npclntax.dll -> Adware.Zango : Ignored.

C:\Documents and Settings\Andreadans\Cookies\andreadans@aavalue[2].txt -> TrackingCookie.Aavalue : Ignored.

C:\Documents and Settings\Andreadans\Cookies\andreadans@eztracks.aavalue[2].txt -> TrackingCookie.Aavalue : Ignored.

:mozilla.17:C:\Documents and Settings\Andreadans\Application Data\Mozilla\Firefox\Profiles\louddccy.default\cookies.txt -> TrackingCookie.Adbrite : Ignored.

:mozilla.18:C:\Documents and Settings\Andreadans\Application Data\Mozilla\Firefox\Profiles\louddccy.default\cookies.txt -> TrackingCookie.Adbrite : Ignored.

C:\Documents and Settings\Andreadans\Cookies\andreadans@adbrite[1].txt -> TrackingCookie.Adbrite : Ignored.

C:\Documents and Settings\Andreadans\Cookies\andreadans@adbrite[2].txt -> TrackingCookie.Adbrite : Ignored.

C:\Documents and Settings\Andreadans\Cookies\andreadans@admarketplace[2].txt -> TrackingCookie.Admarketplace : Ignored.

C:\Documents and Settings\Andreadans\Cookies\andreadans@www.burstnet[1].txt -> TrackingCookie.Burstnet : Ignored.

C:\Documents and Settings\Andreadans\Cookies\andreadans@www.burstnet[2].txt -> TrackingCookie.Burstnet : Ignored.

C:\Documents and Settings\Andreadans\Cookies\andreadans@clickbank[1].txt -> TrackingCookie.Clickbank : Ignored.

C:\Documents and Settings\Andreadans\Cookies\andreadans@com[1].txt -> TrackingCookie.Com : Ignored.

:mozilla.107:C:\Documents and Settings\Andreadans\Application Data\Mozilla\Firefox\Profiles\louddccy.default\cookies.txt -> TrackingCookie.Esomniture : Ignored.

:mozilla.112:C:\Documents and Settings\Andreadans\Application Data\Mozilla\Firefox\Profiles\louddccy.default\cookies.txt -> TrackingCookie.Esomniture : Ignored.

:mozilla.116:C:\Documents and Settings\Andreadans\Application Data\Mozilla\Firefox\Profiles\louddccy.default\cookies.txt -> TrackingCookie.Esomniture : Ignored.

:mozilla.72:C:\Documents and Settings\Andreadans\Application Data\Mozilla\Firefox\Profiles\louddccy.default\cookies.txt -> TrackingCookie.Esomniture : Ignored.

:mozilla.76:C:\Documents and Settings\Andreadans\Application Data\Mozilla\Firefox\Profiles\louddccy.default\cookies.txt -> TrackingCookie.Esomniture : Ignored.

:mozilla.79:C:\Documents and Settings\Andreadans\Application Data\Mozilla\Firefox\Profiles\louddccy.default\cookies.txt -> TrackingCookie.Esomniture : Ignored.

:mozilla.82:C:\Documents and Settings\Andreadans\Application Data\Mozilla\Firefox\Profiles\louddccy.default\cookies.txt -> TrackingCookie.Esomniture : Ignored.

:mozilla.84:C:\Documents and Settings\Andreadans\Application Data\Mozilla\Firefox\Profiles\louddccy.default\cookies.txt -> TrackingCookie.Esomniture : Ignored.

:mozilla.86:C:\Documents and Settings\Andreadans\Application Data\Mozilla\Firefox\Profiles\louddccy.default\cookies.txt -> TrackingCookie.Esomniture : Ignored.

:mozilla.91:C:\Documents and Settings\Andreadans\Application Data\Mozilla\Firefox\Profiles\louddccy.default\cookies.txt -> TrackingCookie.Esomniture : Ignored.

:mozilla.92:C:\Documents and Settings\Andreadans\Application Data\Mozilla\Firefox\Profiles\louddccy.default\cookies.txt -> TrackingCookie.Esomniture : Ignored.

:mozilla.93:C:\Documents and Settings\Andreadans\Application Data\Mozilla\Firefox\Profiles\louddccy.default\cookies.txt -> TrackingCookie.Esomniture : Ignored.

C:\Documents and Settings\Andreadans\Cookies\andreadans@e-2dj6wfkygldzegq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Ignored.

C:\Documents and Settings\Andreadans\Cookies\andreadans@e-2dj6wfmicgdpshp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Ignored.

C:\Documents and Settings\Andreadans\Cookies\andreadans@e-2dj6wjkokncjieo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Ignored.

C:\Documents and Settings\Andreadans\Cookies\andreadans@e-2dj6wjl4spd5kao.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Ignored.

C:\Documents and Settings\Andreadans\Cookies\andreadans@estat[1].txt -> TrackingCookie.Estat : Ignored.

C:\Documents and Settings\Andreadans\Cookies\andreadans@adopt.euroclick[1].txt -> TrackingCookie.Euroclick : Ignored.

C:\Documents and Settings\Andreadans\Cookies\andreadans@adopt.euroclick[2].txt -> TrackingCookie.Euroclick : Ignored.

C:\Documents and Settings\Andreadans\Cookies\andreadans@ivwbox[2].txt -> TrackingCookie.Ivwbox : Ignored.

C:\Documents and Settings\Andreadans\Cookies\andreadans@server.iad.liveperson[1].txt -> TrackingCookie.Liveperson : Ignored.

C:\Documents and Settings\Andreadans\Cookies\andreadans@server.iad.liveperson[3].txt -> TrackingCookie.Liveperson : Ignored.

C:\Documents and Settings\Andreadans\Cookies\andreadans@image.masterstats[1].txt -> TrackingCookie.Masterstats : Ignored.

C:\Documents and Settings\Andreadans\Cookies\andreadans@stat.onestat[2].txt -> TrackingCookie.Onestat : Ignored.

:mozilla.19:C:\Documents and Settings\Andreadans\Application Data\Mozilla\Firefox\Profiles\louddccy.default\cookies.txt -> TrackingCookie.Reliablestats : Ignored.

:mozilla.20:C:\Documents and Settings\Andreadans\Application Data\Mozilla\Firefox\Profiles\louddccy.default\cookies.txt -> TrackingCookie.Reliablestats : Ignored.

:mozilla.23:C:\Documents and Settings\Andreadans\Application Data\Mozilla\Firefox\Profiles\louddccy.default\cookies.txt -> TrackingCookie.Reliablestats : Ignored.

:mozilla.25:C:\Documents and Settings\Andreadans\Application Data\Mozilla\Firefox\Profiles\louddccy.default\cookies.txt -> TrackingCookie.Reliablestats : Ignored.

C:\Documents and Settings\Andreadans\Cookies\andreadans@stats1.reliablestats[2].txt -> TrackingCookie.Reliablestats : Ignored.

C:\Documents and Settings\Andreadans\Cookies\andreadans@stats1.reliablestats[3].txt -> TrackingCookie.Reliablestats : Ignored.

:mozilla.106:C:\Documents and Settings\Andreadans\Application Data\Mozilla\Firefox\Profiles\louddccy.default\cookies.txt -> TrackingCookie.Revenue : Ignored.

:mozilla.131:C:\Documents and Settings\Andreadans\Application Data\Mozilla\Firefox\Profiles\louddccy.default\cookies.txt -> TrackingCookie.Statcounter : Ignored.

C:\Documents and Settings\Andreadans\Cookies\andreadans@statcounter[1].txt -> TrackingCookie.Statcounter : Ignored.

C:\Documents and Settings\Andreadans\Cookies\andreadans@statcounter[2].txt -> TrackingCookie.Statcounter : Ignored.

C:\Documents and Settings\Andreadans\Cookies\andreadans@tacoda[1].txt -> TrackingCookie.Tacoda : Ignored.

C:\Documents and Settings\Andreadans\Cookies\andreadans@tacoda[2].txt -> TrackingCookie.Tacoda : Ignored.

C:\Documents and Settings\Andreadans\Cookies\andreadans@weborama[2].txt -> TrackingCookie.Weborama : Ignored.

:mozilla.101:C:\Documents and Settings\Andreadans\Application Data\Mozilla\Firefox\Profiles\louddccy.default\cookies.txt -> TrackingCookie.Yadro : Ignored.

C:\Documents and Settings\Andreadans\Cookies\andreadans@yadro[2].txt -> TrackingCookie.Yadro : Ignored.

:mozilla.55:C:\Documents and Settings\Andreadans\Application Data\Mozilla\Firefox\Profiles\louddccy.default\cookies.txt -> TrackingCookie.Yieldmanager : Ignored.

:mozilla.56:C:\Documents and Settings\Andreadans\Application Data\Mozilla\Firefox\Profiles\louddccy.default\cookies.txt -> TrackingCookie.Yieldmanager : Ignored.

C:\Documents and Settings\Andreadans\Cookies\andreadans@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Ignored.

C:\Documents and Settings\Andreadans\Cookies\andreadans@ad.yieldmanager[3].txt -> TrackingCookie.Yieldmanager : Ignored.

 

 

::Report end

 

 

 

[Cecilia]

andreadans, det är många på Eforum som skulle bli glada om du trycker på Redigera under ditt senaste inlägg och så markerar (målar) loggen och därefter trycker på LOG-knappen som finns på samma rad som i Redigera-fönstret, de kommer då att slippa skrolla så mycket för att komma förbi ett långt inlägg. Tack!

 

[Zipp.]

 

Ignored. på alla fynd.

Du har inte tgit bort dom.

Scanna en gång till i normalläge och ta bort det som hittas.

Är winantivirus pro kvar eller?