Just nu i M3-nätverket
Jump to content

Drivecleaner problem! HJÄLP !!!


calle-a

Recommended Posts

Hej, jag har fått drivecleaner skiten på min dator och jag vill naturligtvis få bort det... jag har läst i andra trådar att man ska ladda ner hijack å sedan scanna och sedan skicka loggen, så här e min logg.. [log]Logfile of HijackThis v1.99.1

Scan saved at 08:13:49, on 2007-03-21

Platform: Unknown Windows (WinNT 6.00.1904)

MSIE: Internet Explorer v7.00 (7.00.6000.16386)

 

Running processes:

C:\Windows\System32\smss.exe

C:\Windows\system32\csrss.exe

C:\WINDOWS\system32\wininit.exe

C:\Windows\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\Windows\system32\services.exe

C:\Windows\system32\lsass.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe

C:\Windows\System32\svchost.exe

C:\Windows\System32\svchost.exe

C:\Windows\System32\svchost.exe

C:\Windows\system32\svchost.exe

C:\Windows\system32\SLsvc.exe

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe

C:\Windows\Explorer.EXE

C:\WINDOWS\system32\taskeng.exe

C:\Program Files\Windows Defender\MSASCui.exe

C:\Windows\System32\LVCOMSX.EXE

C:\Program Files\QuickTime\qttask.exe

C:\Windows\System32\CTHELPER.EXE

C:\Program Files\Winamp\winampa.exe

C:\Program Files\Alwil Software\Avast4\ashDisp.exe

C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\MSN Messenger\msnmsgr.exe

C:\Program Files\Logitech\Desktop Messenger\8876480\Program\backWeb-8876480.exe

C:\Windows\ehome\ehtray.exe

C:\Program Files\DAEMON Tools\daemon.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Program Files\Logitech\SetPoint\SetPoint.exe

C:\Windows\System32\mobsync.exe

C:\Windows\System32\rundll32.exe

C:\Windows\ehome\ehmsas.exe

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe

C:\Windows\System32\svchost.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\system32\taskeng.exe

C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\system32\winsystem16.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Program Files\MSN Messenger\usnsvc.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\BitLord\BitLord.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Program Files\Hijackthis\HijackThis.exe

C:\WINDOWS\system32\taskeng.exe

C:\Windows\system32\RacAgent.exe

C:\Windows\system32\lpremove.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.aftonbladet.se/

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O1 - Hosts: ::1 localhost

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\PROGRA~1\google\googletoolbar2.dll (file missing)

O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe

O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE

O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE

O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE

O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [Winsystem] C:\Windows\system32\winsystem16.exe

O4 - HKLM\..\Run: [2chkdsk] rundll32.exe "C:\Windows\system32\xvrkvudp.dll",setvm

O4 - HKLM\..\Run: [MSConfig] "C:\Windows\system32\msconfig.exe" /auto

O4 - HKLM\..\RunServices: [Winsystem] C:\Windows\system32\winsystem16.exe

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [LogitechSoftwareUpdate] C:\PROGRA~1\Logitech\Video\ManifestEngine.exe boot

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe

O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe

O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe

O4 - Global Startup: Logitech SetPoint.lnk = ?

O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE15~2.0_0\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE15~2.0_0\bin\ssv.dll

O9 - Extra button: Skicka till OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: Ski&cka till OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL

O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll

O11 - Options group: [iNTERNATIONAL] International*

O13 - Gopher Prefix:

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: @%SystemRoot%\ehome\ehstart.dll,-101 (ehstart) - Unknown owner - %windir%\system32\svchost.exe (file missing)

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)

O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)

O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %ProgramFiles%\Windows Media Player\wmpnetwk.exe (file missing)

 

[/log]

 

Link to comment
Share on other sites

Eftersom det är en Vista-dator så använd den här nya versionen:

http://www.trendsecure.com/portal/en-US/threat_analytics/hijackthis.php

 

Sedan en varning, det är flera program som man brukar använda för att rensa datorer som inte fungerar på Vista.

 

Ladda ner programmet SmitfraudFix (by S!Ri) till Skrivbordet:

http://siri.urz.free.fr/Fix/SmitfraudFix.zip

Högerklicka och extrahera allt innehåll till Skrivbordet. En mapp SmitfraudFix kommer att skapas.

 

Öppna SmitfraudFix-mappen och dubbelklicka på smitfraudfix.cmd.

Välj alternativ #1 - Search genom att trycka på 1 och Enter.

Programmet kommer att skanna igenom datorn.

När den är klart visas resultatet och programmet har skapat loggfilen C:\rapport.txt.

 

Klistra in innehållet i loggfilen i ditt svar här.

 

Gör inget annat med SmitfraudFix-mappen eller smitfraudfix.cmd.

 

Kom ihåg att när du har klistrat in en logg så ska du markera (måla) den och sedan trycka på LOG-knappen som finns på samma rad som :thumbsdown::thumbsup: i Besvara-fönstret.

 

Link to comment
Share on other sites

okej, men körde nu med Hijackthis V.2

Då fick jag denna log..

 

[log]

Logfile of Trend Micro HijackThis v2.0.0 (BETA)

Scan saved at 14:00:26, on 2007-03-21

Platform: Windows Vista (WinNT 6.00.1904)

Boot mode: Normal

 

Running processes:

C:\Windows\System32\smss.exe

C:\Windows\system32\csrss.exe

C:\WINDOWS\system32\wininit.exe

C:\Windows\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\Windows\system32\services.exe

C:\Windows\system32\lsass.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe

C:\Windows\System32\svchost.exe

C:\Windows\System32\svchost.exe

C:\Windows\System32\svchost.exe

C:\Windows\system32\svchost.exe

C:\Windows\system32\SLsvc.exe

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe

C:\Windows\Explorer.EXE

C:\WINDOWS\system32\taskeng.exe

C:\Program Files\Windows Defender\MSASCui.exe

C:\Windows\System32\LVCOMSX.EXE

C:\Program Files\QuickTime\qttask.exe

C:\Windows\System32\CTHELPER.EXE

C:\Program Files\Winamp\winampa.exe

C:\Program Files\Alwil Software\Avast4\ashDisp.exe

C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\MSN Messenger\msnmsgr.exe

C:\Program Files\Logitech\Desktop Messenger\8876480\Program\backWeb-8876480.exe

C:\Windows\ehome\ehtray.exe

C:\Program Files\DAEMON Tools\daemon.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Program Files\Logitech\SetPoint\SetPoint.exe

C:\Windows\System32\mobsync.exe

C:\Windows\System32\rundll32.exe

C:\Windows\ehome\ehmsas.exe

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe

C:\Windows\System32\svchost.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\system32\taskeng.exe

C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\system32\winsystem16.exe

C:\Program Files\MSN Messenger\usnsvc.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\BitLord\BitLord.exe

C:\Windows\system32\DfrgNtfs.exe

C:\WINDOWS\system32\taskeng.exe

C:\Windows\ehome\mcupdate.EXE

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Windows Mail\WinMail.exe

C:\Users\Åke\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XMM09SWT\HiJackThis_v2[1].exe

C:\Windows\system32\wbem\wmiprvse.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.aftonbladet.se/

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O1 - Hosts: ::1 localhost

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {49F12F38-84E6-403E-B74D-16C502F3A25C} - C:\Windows\system32\iifgf.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\PROGRA~1\Java\JRE15~2.0_0\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\PROGRA~1\google\googletoolbar2.dll (file missing)

O2 - BHO: (no name) - {B32FFAB9-E9C4-4B18-8864-B31A15FB2FC8} - C:\Windows\system32\ejudmgjp.dll (file missing)

O2 - BHO: (no name) - {D38439EC-4A7F-42b4-90C2-D810D7778FDD} - C:\Windows\system32\yhpwsmdw.dll

O2 - BHO: (no name) - {D416208E-AEB7-44CB-AB4F-9A42104EAD2E} - C:\Windows\system32\nnnlk.dll

O2 - BHO: (no name) - {D7A76D80-1086-458A-8C2C-026BF9F4B823} - C:\Windows\system32\gebxyyv.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\PROGRA~1\google\googletoolbar2.dll (file missing)

O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe

O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE

O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE

O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE

O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [Winsystem] C:\Windows\system32\winsystem16.exe

O4 - HKLM\..\Run: [2chkdsk] rundll32.exe "C:\Windows\system32\xvrkvudp.dll",setvm

O4 - HKLM\..\Run: [MSConfig] "C:\Windows\system32\msconfig.exe" /auto

O4 - HKLM\..\RunServices: [Winsystem] C:\Windows\system32\winsystem16.exe

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [LogitechSoftwareUpdate] C:\PROGRA~1\Logitech\Video\ManifestEngine.exe boot

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe

O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe

O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKAL TJÄNST')

O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKAL TJÄNST')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NÄTVERKSTJÄNST')

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe

O4 - Global Startup: Logitech SetPoint.lnk = ?

O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE15~2.0_0\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE15~2.0_0\bin\ssv.dll

O9 - Extra button: Skicka till OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: Ski&cka till OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL

O13 - Gopher Prefix:

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O20 - Winlogon Notify: awvtt - C:\Windows\system32\awvtt.dll

O20 - Winlogon Notify: byxyxvv - C:\Windows\SYSTEM32\byxyxvv.dll

O20 - Winlogon Notify: gebaxxu - C:\Windows\SYSTEM32\gebaxxu.dll

O20 - Winlogon Notify: gebxyyv - C:\Windows\SYSTEM32\gebxyyv.dll

O20 - Winlogon Notify: iifgf - C:\Windows\system32\iifgf.dll

O20 - Winlogon Notify: nnnlk - C:\Windows\system32\nnnlk.dll

O20 - Winlogon Notify: opnmnkk - C:\Windows\SYSTEM32\opnmnkk.dll

O20 - Winlogon Notify: pmnmmji - C:\Windows\SYSTEM32\pmnmmji.dll

O20 - Winlogon Notify: rqrpnmj - C:\Windows\SYSTEM32\rqrpnmj.dll

O20 - Winlogon Notify: urqomnl - C:\Windows\SYSTEM32\urqomnl.dll

O20 - Winlogon Notify: xxyvvww - C:\Windows\SYSTEM32\xxyvvww.dll

O20 - Winlogon Notify: yabbc - C:\Windows\system32\yabbc.dll

O20 - Winlogon Notify: yayvsrr - C:\Windows\SYSTEM32\yayvsrr.dll

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

 

--

End of file - 9881 bytes

[/log]

 

Link to comment
Share on other sites

Du måste ladda ner och spara HijackThis i en mapp i din dator, du kan inte köra den från en webbsida för då kan den inte spara några säkerhetskopior på vad den gör.

 

Vi får väl se vad VundoFix klarar av i Vista. Ladda ner Vundofix:

http://www.atribune.org/ccount/click.php?id=4

 

Starta om datorn i felsäkert läge (tryck F8 upprepade gånger under uppstarten och välj felsäkert läge i menyn).

 

Dubbelklicka på VundoFix.exe för att starta programmet.

När den startar igen så tryck på Scan for Vundo.

När skanningen är klar så tryck på Remove Vundo.

Svara Ja/Yes på frågan om du vill ta bort filerna.

Därefter kommer Skrivbordet att försvinna medan filerna tas bort.

När det är klart så kommer det en fråga om att din dator kommer att stängas av, tryck på OK.

Sätt igång datorn igen i normalt läge.

 

Om det är så att VundoFix inte kunde ta bort någon fil vid första försöket så kommer VundoFix att starta igen när datorn startas, följ i så fall beskrivningen en gång till.

 

Klistra in C:\vundofix.txt och en ny HijackThis-logg i ditt svar.

 

Link to comment
Share on other sites

okej, nu har jag kört vundofix i felsäkert läge och här e hijack loggen

 

[log]

Logfile of Trend Micro HijackThis v2.0.0 (BETA)

Scan saved at 17:20:26, on 2007-03-21

Platform: Windows Vista (WinNT 6.00.1904)

Boot mode: Normal

 

Running processes:

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Windows Defender\MSASCui.exe

C:\Windows\System32\LVCOMSX.EXE

C:\Program Files\QuickTime\qttask.exe

C:\Windows\System32\CTHELPER.EXE

C:\Program Files\Winamp\winampa.exe

C:\Program Files\Alwil Software\Avast4\ashDisp.exe

C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\MSN Messenger\msnmsgr.exe

C:\Program Files\Logitech\Desktop Messenger\8876480\Program\backWeb-8876480.exe

C:\Windows\ehome\ehtray.exe

C:\Program Files\DAEMON Tools\daemon.exe

C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

C:\WINDOWS\system32\taskeng.exe

C:\Program Files\Logitech\SetPoint\SetPoint.exe

C:\Windows\System32\mobsync.exe

C:\Windows\System32\rundll32.exe

C:\Windows\ehome\ehmsas.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE

C:\Windows\system32\winsystem16.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Users\Åke\Desktop\HiJackThis_v2.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.aftonbladet.se/

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O1 - Hosts: ::1 localhost

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\PROGRA~1\Java\JRE15~2.0_0\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\PROGRA~1\google\googletoolbar2.dll (file missing)

O2 - BHO: (no name) - {B32FFAB9-E9C4-4B18-8864-B31A15FB2FC8} - C:\Windows\system32\ejudmgjp.dll (file missing)

O2 - BHO: (no name) - {D416208E-AEB7-44CB-AB4F-9A42104EAD2E} - C:\Windows\system32\nnnlk.dll (file missing)

O2 - BHO: (no name) - {D7A76D80-1086-458A-8C2C-026BF9F4B823} - C:\Windows\system32\gebxyyv.dll (file missing)

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\PROGRA~1\google\googletoolbar2.dll (file missing)

O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe

O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE

O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE

O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE

O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [Winsystem] C:\Windows\system32\winsystem16.exe

O4 - HKLM\..\Run: [2chkdsk] rundll32.exe "C:\Windows\system32\xvrkvudp.dll",setvm

O4 - HKLM\..\Run: [MSConfig] "C:\Windows\system32\msconfig.exe" /auto

O4 - HKLM\..\RunServices: [Winsystem] C:\Windows\system32\winsystem16.exe

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [LogitechSoftwareUpdate] C:\PROGRA~1\Logitech\Video\ManifestEngine.exe boot

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe

O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe

O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKAL TJÄNST')

O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKAL TJÄNST')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NÄTVERKSTJÄNST')

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe

O4 - Global Startup: Logitech SetPoint.lnk = ?

O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE15~2.0_0\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE15~2.0_0\bin\ssv.dll

O9 - Extra button: Skicka till OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: Ski&cka till OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL

O13 - Gopher Prefix:

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

 

--

End of file - 7463 bytes

 

[/log]

 

och här är vundofix loggen

[log]

 

VundoFix V6.3.17

 

Checking Java version...

 

Java version is 1.5.0.2

Old versions of java are exploitable and should be removed.

 

Java version is 1.5.0.4

Old versions of java are exploitable and should be removed.

 

Java version is 1.5.0.6

Old versions of java are exploitable and should be removed.

 

Java version is 1.5.0.9

Old versions of java are exploitable and should be removed.

 

Scan started at 17:09:25 2007-03-21

 

Listing files found while scanning....

 

C:\Windows\System32\awvtt.dll

C:\Windows\System32\byxyxvv.dll

C:\Windows\System32\cbaxu.dll

C:\Windows\System32\ddaxuvu.dll

C:\Windows\System32\gebaxxu.dll

C:\Windows\System32\gebxyyv.dll

C:\Windows\system32\klnnn.bak1

C:\Windows\system32\klnnn.bak2

C:\Windows\system32\klnnn.ini

C:\Windows\system32\nnnlk.dll

C:\Windows\System32\opnmnkk.dll

C:\Windows\System32\pmnmmji.dll

C:\Windows\System32\rqrpnmj.dll

C:\Windows\System32\ttvwa.bak1

C:\Windows\system32\ttvwa.ini

C:\Windows\System32\urqomnl.dll

C:\Windows\System32\uxabc.bak1

C:\Windows\System32\uxabc.ini

C:\Windows\System32\xxyvvww.dll

C:\Windows\system32\yabbc.dll

C:\Windows\System32\yayvsrr.dll

C:\Windows\System32\yhpwsmdw.dll

 

Beginning removal...

 

VundoFix V6.3.17

 

Checking Java version...

 

Java version is 1.5.0.2

Old versions of java are exploitable and should be removed.

 

Java version is 1.5.0.4

Old versions of java are exploitable and should be removed.

 

Java version is 1.5.0.6

Old versions of java are exploitable and should be removed.

 

Java version is 1.5.0.9

Old versions of java are exploitable and should be removed.

 

Scan started at 17:13:51 2007-03-21

 

Listing files found while scanning....

 

C:\Windows\System32\awvtt.dll

C:\Windows\System32\byxyxvv.dll

C:\Windows\System32\cbaxu.dll

C:\Windows\System32\ddaxuvu.dll

C:\Windows\System32\gebaxxu.dll

C:\Windows\System32\gebxyyv.dll

C:\Windows\system32\klnnn.bak1

C:\Windows\system32\klnnn.bak2

C:\Windows\system32\klnnn.ini

C:\Windows\system32\nnnlk.dll

C:\Windows\System32\opnmnkk.dll

C:\Windows\System32\pmnmmji.dll

C:\Windows\System32\rqrpnmj.dll

C:\Windows\System32\ttvwa.bak1

C:\Windows\system32\ttvwa.ini

C:\Windows\System32\urqomnl.dll

C:\Windows\System32\uxabc.bak1

C:\Windows\System32\uxabc.ini

C:\Windows\System32\xxyvvww.dll

C:\Windows\system32\yabbc.dll

C:\Windows\System32\yayvsrr.dll

C:\Windows\System32\yhpwsmdw.dll

 

Beginning removal...

 

Attempting to delete C:\Windows\System32\awvtt.dll

C:\Windows\System32\awvtt.dll Has been deleted!

 

Attempting to delete C:\Windows\System32\byxyxvv.dll

C:\Windows\System32\byxyxvv.dll Has been deleted!

 

Attempting to delete C:\Windows\System32\cbaxu.dll

C:\Windows\System32\cbaxu.dll Has been deleted!

 

Attempting to delete C:\Windows\System32\ddaxuvu.dll

C:\Windows\System32\ddaxuvu.dll Has been deleted!

 

Attempting to delete C:\Windows\System32\gebaxxu.dll

C:\Windows\System32\gebaxxu.dll Has been deleted!

 

Attempting to delete C:\Windows\System32\gebxyyv.dll

C:\Windows\System32\gebxyyv.dll Has been deleted!

 

Attempting to delete C:\Windows\system32\klnnn.bak1

C:\Windows\system32\klnnn.bak1 Has been deleted!

 

Attempting to delete C:\Windows\system32\klnnn.bak2

C:\Windows\system32\klnnn.bak2 Has been deleted!

 

Attempting to delete C:\Windows\system32\klnnn.ini

C:\Windows\system32\klnnn.ini Has been deleted!

 

Attempting to delete C:\Windows\system32\nnnlk.dll

C:\Windows\system32\nnnlk.dll Has been deleted!

 

Attempting to delete C:\Windows\System32\opnmnkk.dll

C:\Windows\System32\opnmnkk.dll Has been deleted!

 

Attempting to delete C:\Windows\System32\pmnmmji.dll

C:\Windows\System32\pmnmmji.dll Has been deleted!

 

Attempting to delete C:\Windows\System32\rqrpnmj.dll

C:\Windows\System32\rqrpnmj.dll Has been deleted!

 

Attempting to delete C:\Windows\System32\ttvwa.bak1

C:\Windows\System32\ttvwa.bak1 Has been deleted!

 

Attempting to delete C:\Windows\system32\ttvwa.ini

C:\Windows\system32\ttvwa.ini Has been deleted!

 

Attempting to delete C:\Windows\System32\urqomnl.dll

C:\Windows\System32\urqomnl.dll Has been deleted!

 

Attempting to delete C:\Windows\System32\uxabc.bak1

C:\Windows\System32\uxabc.bak1 Has been deleted!

 

Attempting to delete C:\Windows\System32\uxabc.ini

C:\Windows\System32\uxabc.ini Has been deleted!

 

Attempting to delete C:\Windows\System32\xxyvvww.dll

C:\Windows\System32\xxyvvww.dll Has been deleted!

 

Attempting to delete C:\Windows\system32\yabbc.dll

C:\Windows\system32\yabbc.dll Has been deleted!

 

Attempting to delete C:\Windows\System32\yayvsrr.dll

C:\Windows\System32\yayvsrr.dll Has been deleted!

 

Attempting to delete C:\Windows\System32\yhpwsmdw.dll

C:\Windows\System32\yhpwsmdw.dll Has been deleted!

 

Performing Repairs to the registry.

Done!

[/log]

 

 

 

Link to comment
Share on other sites

Skapa en mapp till HijackThis och flytta HijackThis så att säkerhetskopiorna inte hamnar på Skrivbordet.

 

Det är flera gamla Java-versioner med säkerhetshål i datorn. Avinstallera alla Java i Kontrollpanelen - Lägg till eller ta bort program och installera därefter en ny: http://www.java.com/sv/

 

Vi får ta reda på lite om filerna som är kvar. Gå till http://www.virustotal.com/ klistra in ett av följande filnamn i rutan, tryck på Send och vänta tills resultatet är klart (Status blir Finished). Klistra in resultatet (inkl. filstorlek) här. Upprepa med nästa filnamn.

C:\Windows\system32\winsystem16.exe

C:\Windows\system32\xvrkvudp.dll

C:\Windows\system32\msconfig.exe

 

 

Link to comment
Share on other sites

okej, då ska jag göra det :)

 

Här kommer då Hijackthis utan säkerhetskopia ;b

 

[log]

Logfile of Trend Micro HijackThis v2.0.0 (BETA)

Scan saved at 19:04:43, on 2007-03-21

Platform: Windows Vista (WinNT 6.00.1904)

Boot mode: Normal

 

Running processes:

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Windows Defender\MSASCui.exe

C:\Windows\System32\LVCOMSX.EXE

C:\Program Files\QuickTime\qttask.exe

C:\Windows\System32\CTHELPER.EXE

C:\Program Files\Winamp\winampa.exe

C:\Program Files\Alwil Software\Avast4\ashDisp.exe

C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\MSN Messenger\msnmsgr.exe

C:\Program Files\Logitech\Desktop Messenger\8876480\Program\backWeb-8876480.exe

C:\Windows\ehome\ehtray.exe

C:\Program Files\DAEMON Tools\daemon.exe

C:\WINDOWS\system32\taskeng.exe

C:\Program Files\Logitech\SetPoint\SetPoint.exe

C:\Windows\System32\mobsync.exe

C:\Windows\System32\rundll32.exe

C:\Windows\ehome\ehmsas.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE

C:\Windows\system32\winsystem16.exe

C:\Program Files\Windows Media Player\wmplayer.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\PROGRA~1\Logitech\Video\FxSvr2.exe

C:\Hijackthis\HiJackThis_v2.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.aftonbladet.se/

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O1 - Hosts: ::1 localhost

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\PROGRA~1\google\googletoolbar2.dll (file missing)

O2 - BHO: (no name) - {B32FFAB9-E9C4-4B18-8864-B31A15FB2FC8} - C:\Windows\system32\ejudmgjp.dll (file missing)

O2 - BHO: (no name) - {D416208E-AEB7-44CB-AB4F-9A42104EAD2E} - C:\Windows\system32\nnnlk.dll (file missing)

O2 - BHO: (no name) - {D7A76D80-1086-458A-8C2C-026BF9F4B823} - C:\Windows\system32\gebxyyv.dll (file missing)

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\PROGRA~1\google\googletoolbar2.dll (file missing)

O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe

O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE

O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE

O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE

O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [Winsystem] C:\Windows\system32\winsystem16.exe

O4 - HKLM\..\Run: [2chkdsk] rundll32.exe "C:\Windows\system32\xvrkvudp.dll",setvm

O4 - HKLM\..\Run: [MSConfig] "C:\Windows\system32\msconfig.exe" /auto

O4 - HKLM\..\RunServices: [Winsystem] C:\Windows\system32\winsystem16.exe

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [LogitechSoftwareUpdate] C:\PROGRA~1\Logitech\Video\ManifestEngine.exe boot

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe

O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe

O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKAL TJÄNST')

O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKAL TJÄNST')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NÄTVERKSTJÄNST')

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe

O4 - Global Startup: Logitech SetPoint.lnk = ?

O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000

O9 - Extra button: Skicka till OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: Ski&cka till OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL

O13 - Gopher Prefix:

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

 

--

End of file - 7142 bytes

[/log]

 

sedan här kommer skanningen från virustotal av C:\Windows\system32\winsystem16.exe

 

[log]

 

Complete scanning result of "winsystem16.exe", received in VirusTotal at 03.21.2007, 19:00:56 (CET).

 

Antivirus Version Update Result

AhnLab-V3 2007.3.22.0 03.21.2007 Win32/IRCBot.worm.variant

AntiVir 7.3.1.44 03.21.2007 Worm/Sdbot.1330176

Authentium 4.93.8 03.20.2007 W32/Backdoor.AGDV

Avast 4.7.936.0 03.21.2007 no virus found

AVG 7.5.0.447 03.21.2007 IRC/BackDoor.SdBot2.SHI

BitDefender 7.2 03.21.2007 Backdoor.SdBot.BDY

CAT-QuickHeal 9.00 03.21.2007 Backdoor.SdBot.bdy

ClamAV devel-20070312 03.21.2007 Trojan.SdBot-4871

DrWeb 4.33 03.21.2007 no virus found

eSafe 7.0.14.0 03.21.2007 no virus found

eTrust-Vet 30.6.3497 03.21.2007 no virus found

Ewido 4.0 03.21.2007 Backdoor.SdBot.bdy

FileAdvisor 1 03.21.2007 no virus found

Fortinet 2.85.0.0 03.21.2007 W32/SDBot.BDY!tr.bdr

F-Prot 4.3.1.45 03.20.2007 W32/Backdoor.AGDV

F-Secure 6.70.13030.0 03.21.2007 Backdoor.Win32.SdBot.bdy

Ikarus T3.1.1.3 03.21.2007 Backdoor.VB.EV

Kaspersky 4.0.2.24 03.21.2007 Backdoor.Win32.SdBot.bdy

McAfee 4989 03.21.2007 no virus found

Microsoft 1.2306 03.21.2007 no virus found

NOD32v2 2132 03.21.2007 IRC/SdBot

Norman 5.80.02 03.21.2007 W32/SDBot.APOV

Panda 9.0.0.4 03.21.2007 W32/IRCbot.AOG.worm

Prevx1 V2 03.21.2007 Win32.Malware.gen

Sophos 4.15.0 03.13.2007 no virus found

Sunbelt 2.2.907.0 03.16.2007 Trojan.G!SI!!FLWX!!YBdg.A7D51BA6

Symantec 10 03.21.2007 no virus found

TheHacker 6.1.6.078 03.20.2007 Backdoor/SdBot.bdy

UNA 1.83 03.16.2007 Backdoor.SdBot.610F

VBA32 3.11.2 03.21.2007 Trojan.IRC.SdBot

VirusBuster 4.3.7:9 03.21.2007 Worm.SdBot.FDS

Webwasher-Gateway 6.0.1 03.21.2007 Worm.Sdbot.1330176

 

 

Aditional Information

File size: 1330176 bytes

MD5: 7370617ac09e89d3ece688b93b73e855

SHA1: a36780fc06579813cc731384bd0737aadaf3956e

Prevx info: http://fileinfo.prevx.com/fileinfo.asp?PXC=986077559314

 

[/log]

 

Och här kmr C:\Windows\system32\xvrkvudp.dll

 

[log]

 

Complete scanning result of "xvrkvudp.dll", received in VirusTotal at 03.21.2007, 19:07:42 (CET).

 

Antivirus Version Update Result

AhnLab-V3 2007.3.22.0 03.21.2007 Win-Trojan/Virtumod.123412

AntiVir 7.3.1.44 03.21.2007 ADSPY/Virtumonde.HB.1

Authentium 4.93.8 03.20.2007 no virus found

Avast 4.7.936.0 03.21.2007 no virus found

AVG 7.5.0.447 03.21.2007 Adware Generic.VSL

BitDefender 7.2 03.21.2007 MemScan:Trojan.Spy.Agent.NU

CAT-QuickHeal 9.00 03.21.2007 AdWare.Virtumonde.hb (Not a Virus)

ClamAV devel-20070312 03.21.2007 Trojan.Agent-2243

DrWeb 4.33 03.21.2007 Trojan.Virtumod

eSafe 7.0.14.0 03.21.2007 no virus found

eTrust-Vet 30.6.3497 03.21.2007 Win32/Vundo!generic

Ewido 4.0 03.21.2007 no virus found

FileAdvisor 1 03.21.2007 no virus found

Fortinet 2.85.0.0 03.21.2007 suspicious

F-Prot 4.3.1.45 03.20.2007 no virus found

F-Secure 6.70.13030.0 03.21.2007 W32/Vundo.gen7

Ikarus T3.1.1.3 03.21.2007 not-a-virus:AdWare.Win32.Virtumonde.hb

Kaspersky 4.0.2.24 03.21.2007 not-a-virus:AdWare.Win32.Virtumonde.hb

McAfee 4989 03.21.2007 Vundo

Microsoft 1.2306 03.21.2007 no virus found

NOD32v2 2132 03.21.2007 Win32/Adware.Virtumonde.HB

Norman 5.80.02 03.21.2007 W32/Virtumonde.FGA

Panda 9.0.0.4 03.21.2007 Spyware/Virtumonde

Prevx1 V2 03.21.2007 no virus found

Sophos 4.15.0 03.13.2007 Virtumundo

Sunbelt 2.2.907.0 03.16.2007 no virus found

Symantec 10 03.21.2007 Trojan.Vundo

TheHacker 6.1.6.078 03.20.2007 Adware/Virtumonde.hb

UNA 1.83 03.16.2007 Adware.Virtumonde.BD1A

VBA32 3.11.2 03.21.2007 no virus found

VirusBuster 4.3.7:9 03.21.2007 Adware.Virtumonde.BM

Webwasher-Gateway 6.0.1 03.21.2007 Ad-Spyware.Virtumonde.HB.1

 

 

Aditional Information

File size: 123412 bytes

MD5: 07cd8bc2abfc1b9bdd77672bf9593b20

SHA1: 0bb86ed27140072cf4b6199ca6b9c33eec9560dc

 

[/log]

 

och här kommer C:\Windows\system32\msconfig.exe

 

[log]

 

Complete scanning result of "msconfig.exe", received in VirusTotal at 03.21.2007, 19:14:21 (CET).

 

Antivirus Version Update Result

AhnLab-V3 2007.3.22.0 03.21.2007 no virus found

AntiVir 7.3.1.44 03.21.2007 no virus found

Authentium 4.93.8 03.20.2007 no virus found

Avast 4.7.936.0 03.21.2007 no virus found

AVG 7.5.0.447 03.21.2007 no virus found

BitDefender 7.2 03.21.2007 no virus found

CAT-QuickHeal 9.00 03.21.2007 no virus found

ClamAV devel-20070312 03.21.2007 no virus found

DrWeb 4.33 03.21.2007 no virus found

eSafe 7.0.14.0 03.21.2007 no virus found

eTrust-Vet 30.6.3497 03.21.2007 no virus found

Ewido 4.0 03.21.2007 no virus found

FileAdvisor 1 03.21.2007 No threat detected

Fortinet 2.85.0.0 03.21.2007 no virus found

F-Prot 4.3.1.45 03.20.2007 no virus found

F-Secure 6.70.13030.0 03.21.2007 no virus found

Ikarus T3.1.1.3 03.21.2007 no virus found

Kaspersky 4.0.2.24 03.21.2007 no virus found

McAfee 4989 03.21.2007 no virus found

Microsoft 1.2306 03.21.2007 no virus found

NOD32v2 2132 03.21.2007 no virus found

Norman 5.80.02 03.21.2007 no virus found

Panda 9.0.0.4 03.21.2007 no virus found

Prevx1 V2 03.21.2007 no virus found

Sophos 4.15.0 03.13.2007 no virus found

Sunbelt 2.2.907.0 03.16.2007 no virus found

Symantec 10 03.21.2007 no virus found

TheHacker 6.1.6.078 03.20.2007 no virus found

UNA 1.83 03.16.2007 no virus found

VBA32 3.11.2 03.21.2007 no virus found

VirusBuster 4.3.7:9 03.21.2007 no virus found

Webwasher-Gateway 6.0.1 03.21.2007 no virus found

 

 

Aditional Information

File size: 222208 bytes

MD5: 1bb128a09911a936e8efc30c3f6c597c

SHA1: ab3db30c395cee3661513ac1da412044e907e037

Bit9 info: http://fileadvisor.bit9.com/services/extinfo.aspx?md5=1bb128a09911a936e8efc30c3f6c597c

 

[/log]

 

Det känns ju som om Msconfig var alldeles ren från virus medan dem andra 2 var fulla .. ;/

 

Link to comment
Share on other sites

Olika antivirustillverkare har olika namn på samma otrevlighet, så det betyder bara att många antivirusprogram märker att det finns otrevligheter i t ex winsystem16.exe.

 

[log]Skanna med HijackThis och bocka för:

 

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: (no name) - {B32FFAB9-E9C4-4B18-8864-B31A15FB2FC8} - C:\Windows\system32\ejudmgjp.dll (file missing)

O2 - BHO: (no name) - {D416208E-AEB7-44CB-AB4F-9A42104EAD2E} - C:\Windows\system32\nnnlk.dll (file missing)

O2 - BHO: (no name) - {D7A76D80-1086-458A-8C2C-026BF9F4B823} - C:\Windows\system32\gebxyyv.dll (file missing)

O4 - HKLM\..\Run: [Winsystem] C:\Windows\system32\winsystem16.exe

O4 - HKLM\..\Run: [2chkdsk] rundll32.exe "C:\Windows\system32\xvrkvudp.dll",setvm

O4 - HKLM\..\RunServices: [Winsystem] C:\Windows\system32\winsystem16.exe

 

Avsluta alla andra program.

Tryck Fix checked.

 

Starta om datorn i felsäkert läge (tryck F8 upprepade gånger under uppstarten och välj felsäkert läge i menyn).

 

Ställ in Utforskaren så att du kan se alla filer:

Verktyg - (Mapp)alternativ eller liknande - Visning

Välj Visa dolda filer och mappar

Avbocka Dölj filnamnstillägg för kända filtyper

Avbocka Dölj skyddade operativsystemfiler

 

Ta bort filerna (om de finns kvar):

C:\Windows\system32\winsystem16.exe

C:\Windows\system32\xvrkvudp.dll

 

Starta om i normalt läge och så en ny HijackThis-logg.

Hur uppför sig datorn nu?[/log]

 

Link to comment
Share on other sites

hej, datorn uppförde sig inte något annorlunda, eller i felsäkra läget och efter omstarten fungerade inte tangentbordet , så då stängde jag av och på datorn , och då fungerade tangentbordet igen,så det är inga problem nu. I felsäkra läget var jag tvungen att ta bort xvrkvudp.dll i system32 de anddra hade försvunnit.. Här är loggen för den nya hijackthisloggen.

 

[log]

Logfile of Trend Micro HijackThis v2.0.0 (BETA)

Scan saved at 20:53:44, on 2007-03-21

Platform: Windows Vista (WinNT 6.00.1904)

Boot mode: Normal

 

Running processes:

C:\Windows\system32\Dwm.exe

C:\WINDOWS\system32\taskeng.exe

C:\Windows\Explorer.EXE

C:\Program Files\Windows Defender\MSASCui.exe

C:\Windows\System32\LVCOMSX.EXE

C:\Program Files\QuickTime\qttask.exe

C:\Windows\System32\CTHELPER.EXE

C:\Program Files\Winamp\winampa.exe

C:\Program Files\Alwil Software\Avast4\ashDisp.exe

C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\MSN Messenger\msnmsgr.exe

C:\Program Files\Logitech\Desktop Messenger\8876480\Program\backWeb-8876480.exe

C:\Windows\ehome\ehtray.exe

C:\Program Files\DAEMON Tools\daemon.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

C:\Program Files\Logitech\SetPoint\SetPoint.exe

C:\Windows\System32\mobsync.exe

C:\Windows\ehome\ehmsas.exe

C:\Windows\System32\rundll32.exe

C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE

C:\PROGRA~1\Logitech\Video\FxSvr2.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Hijackthis\HiJackThis_v2.exe

C:\Windows\system32\SearchProtocolHost.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.aftonbladet.se/

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O1 - Hosts: ::1 localhost

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\PROGRA~1\google\googletoolbar2.dll (file missing)

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\PROGRA~1\google\googletoolbar2.dll (file missing)

O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe

O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE

O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE

O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE

O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [MSConfig] "C:\Windows\system32\msconfig.exe" /auto

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [LogitechSoftwareUpdate] C:\PROGRA~1\Logitech\Video\ManifestEngine.exe boot

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe

O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe

O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKAL TJÄNST')

O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKAL TJÄNST')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NÄTVERKSTJÄNST')

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe

O4 - Global Startup: Logitech SetPoint.lnk = ?

O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000

O9 - Extra button: Skicka till OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: Ski&cka till OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL

O13 - Gopher Prefix:

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

 

--

End of file - 6516 bytes

[/log]

 

Link to comment
Share on other sites

Menar du att du fortfarande har problem med Drivecleaner? Jag ser inget otrevigt i loggen längre men allt syns inte i den.

 

Link to comment
Share on other sites

Här kommer mina vanliga råd för en säkrare dator, men det är så klart viktigt att man använder sitt förnuft också.

 

Jag är inte säker på att alla dessa program fungerar med Vista men det är några tips i alla fall.

 

Uppdatera från Windows Update och kör antispionprogrammen AVG Anti-Spyware (Ewido), SUPERAntiSpyware, Spybot S&D och/eller Ad-aware regelbundet.

http://www.ewido.net/en/

http://www.superantispyware.com/

http://www.safer-networking.org/en/download/index.html

http://www.lavasoft.com

 

Komplettera antivirusprogrammet med några online-skanningar då och då:

http://housecall.trendmicro.com/

http://www.bitdefender.com/scan8/ie.html

http://www.pandasoftware.com/products/activescan/

 

Använd en brandvägg (bättre än den inbyggda i XP), finns gratis från t ex ZoneLabs.

http://www.zonelabs.com/store/content/home.jsp

 

Om man använder Internet Explorer så kan det vara lämpligt att ha programmet SpywareBlaster, vilket hindrar en hel del otrevliga program från att laddas ner resp. köras http://www.javacoolsoftware.com , samt kör IE-SpyAd som lägger en hel massa otrevliga webbplatser i zonen Ej tillförlitliga i Internet Explorer så att de inte kan göra något med datorn http://www.spywarewarrior.com/uiuc/resource.htm

 

Se över säkerhetsinställningarna i Internet Explorer, det finns en hel del tips här:

http://www.spywarewarrior.com/uiuc/btw/ie/ie-opts.htm

 

Om man använder webbläsaren Firefox så är det lämpligt att ha tillägget NoScript.

http://www.mozilla.com

https://addons.mozilla.org/firefox/722/

 

Allt gratis för hemanvändare/personligt bruk.

 

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...