Just nu i M3-nätverket
Jump to content

Msn - virus


jompa85

Recommended Posts

Hej jag har som många andra drabbats av detta eländiga virus över msn som försöker skicka filen "photos" till alla på min kontaktlista.

 

Är ny på detta forum och har inte riktigt greppat hur jag ska bära mig åt för att bli av med detta.

 

Vore tacksam om jag kunde få hjälp med detta.

 

Har installerat Superantispyware och scannat datorn, så här står det i loggen:

 

[log]SUPERAntiSpyware Scan Log

http://www.superantispyware.com

 

Generated 06/15/2007 at 09:16 PM

 

Application Version : 3.8.1002

 

Core Rules Database Version : 3255

Trace Rules Database Version: 1266

 

Scan type : Complete Scan

Total Scan Time : 00:20:25

 

Memory items scanned : 158

Memory threats detected : 0

Registry items scanned : 5019

Registry threats detected : 280

File items scanned : 34547

File threats detected : 196

 

Adware.IST/ISTBar (Slotch Bar)

[iST Service] C:\PROGRAM\ISTSVC\ISTSVC.EXE

C:\PROGRAM\ISTSVC\ISTSVC.EXE

HKU\S-1-5-21-1417001333-2077806209-682003330-1004\Software\IST

HKLM\Software\ISTsvc

HKLM\Software\ISTsvc#version

HKLM\Software\ISTsvc#app_name

HKLM\Software\ISTsvc#popup_url

HKLM\Software\ISTsvc#update_url

HKLM\Software\ISTsvc#config_url

HKLM\Software\ISTsvc#ui

HKLM\Software\ISTsvc#popup_initial_delay

HKLM\Software\ISTsvc#popup_count

HKLM\Software\ISTsvc#popup_day_count

HKLM\Software\ISTsvc#popup_day_limit

HKLM\Software\ISTsvc#update_count

HKLM\Software\ISTsvc#update_version

HKLM\Software\ISTsvc#config_count

HKLM\Software\ISTsvc#account_id

HKLM\Software\ISTsvc#app_date

HKLM\Software\ISTsvc#popup_interval

HKLM\Software\ISTsvc#popup_last

HKLM\Software\ISTsvc#update_interval

HKLM\Software\ISTsvc#update_last

HKLM\Software\ISTsvc#config_interval

HKLM\Software\ISTsvc#config_last

HKLM\Software\ISTsvc#popup_titletext

HKLM\Software\ISTsvc\history

HKLM\Software\ISTsvc\history#128238637228682352

HKLM\Software\ISTsvc\history#128239086963517500

HKLM\Software\ISTsvc\history#128239436498830000

HKLM\Software\ISTsvc\history#128240005580548750

HKLM\Software\ISTsvc\history#128240314930548750

HKLM\Software\ISTsvc\history#128240332936330000

HKLM\Software\ISTsvc\history#128240381834455000

HKLM\Software\ISTsvc\history#128241224384687500

HKLM\Software\ISTsvc\history#128241507016093750

HKLM\Software\ISTsvc\history#128241525887343750

HKLM\Software\ISTsvc\history#128246621141253750

HKLM\Software\ISTsvc\history#128247201010468750

HKLM\Software\ISTsvc\history#128247529550468750

HKLM\Software\ISTsvc\history#128247635770468750

HKLM\Software\ISTsvc\history#128247653775781250

HKLM\Software\ISTsvc\history#128248073880781250

HKLM\Software\ISTsvc\history#128253189039062500

HKLM\Software\ISTsvc\history#128257175758125000

HKLM\Software\ISTsvc\history#128257228567187500

HKLM\Software\ISTsvc\history#128257568877812500

HKLM\Software\ISTsvc\history#128264070111888029

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ISTsvc

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ISTsvc#DisplayName

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ISTsvc#UninstallString

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ISTsvc#NoModify

HKCR\TypeLib\{67907B3C-A6EF-4A01-99AD-3FCD5F526429}

HKCR\TypeLib\{67907B3C-A6EF-4A01-99AD-3FCD5F526429}\1.1

HKCR\TypeLib\{67907B3C-A6EF-4A01-99AD-3FCD5F526429}\1.1\0

HKCR\TypeLib\{67907B3C-A6EF-4A01-99AD-3FCD5F526429}\1.1\0\win32

HKCR\TypeLib\{67907B3C-A6EF-4A01-99AD-3FCD5F526429}\1.1\FLAGS

HKCR\TypeLib\{67907B3C-A6EF-4A01-99AD-3FCD5F526429}\1.1\HELPDIR

HKCR\Interface\{0985C112-2562-46F2-8DA6-92648BA4630F}

HKCR\Interface\{0985C112-2562-46F2-8DA6-92648BA4630F}\ProxyStubClsid

HKCR\Interface\{0985C112-2562-46F2-8DA6-92648BA4630F}\ProxyStubClsid32

HKCR\Interface\{0985C112-2562-46F2-8DA6-92648BA4630F}\TypeLib

HKCR\Interface\{0985C112-2562-46F2-8DA6-92648BA4630F}\TypeLib#Version

C:\Program\ISTsvc

HKU\S-1-5-21-1417001333-2077806209-682003330-1004\Software\Microsoft\Internet Explorer\Main#BandRest [ Never ]

HKLM\SOFTWARE\Microsoft\Internet Explorer\Main#BandRest [ Never ]

 

Unclassified.Unknown Origin

[PKtsmcpJk] C:\WINDOWS\SIBHMPWN.EXE

C:\WINDOWS\SIBHMPWN.EXE

[Á³# é"h'þ9ÓœU3rŲWC:\Program\ISTsvc\istsvc.exe] C:\WINDOWS\SIBHMPWN.EXE

[Á²# é"h'þ9ÓœU3rŲWC:\Program\ISTsvc\istsvc.exe] C:\WINDOWS\SIBHMPWN.EXE

[Á²# è"h'þ9ÓœT3rųWC:\Program\ISTsvc\istsvc.exe] C:\WINDOWS\SIBHMPWN.EXE

 

Adware.Surf Accuracy

[surfAccuracy] C:\PROGRAM\SURFACCURACY\SACC.EXE

C:\PROGRAM\SURFACCURACY\SACC.EXE

C:\Program\SurfAccuracy\License.lnk

C:\Program\SurfAccuracy\SAcc.cfg

C:\Program\SurfAccuracy\SAccU.exe

C:\Program\SurfAccuracy

HKLM\Software\SAcc

HKLM\Software\SAcc#accid

HKLM\Software\SAcc#subaccid

HKLM\Software\SAcc#Version

HKLM\Software\SAcc#InstallDate

HKLM\Software\SAcc#DbgInfo

HKLM\Software\SAcc#srecovery

HKLM\Software\SAcc#SAData

HKLM\Software\SAcc#Counter

HKLM\Software\SAcc#NextInvoke

HKLM\Software\SAcc#CfgReloadAttempts

HKLM\Software\SAcc#CfgReload

HKLM\Software\SAcc#PopupFail

HKLM\Software\SAcc#Pre1140Fixed

HKLM\Software\SAcc#ffCheck

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SAcc

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SAcc#DisplayName

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SAcc#UninstallString

 

Adware.Avenue Media/Internet Optimizer

[internet Optimizer] C:\PROGRAM FILES\INTERNET OPTIMIZER\OPTIMIZE.EXE

C:\PROGRAM FILES\INTERNET OPTIMIZER\OPTIMIZE.EXE

HKLM\Software\Classes\CLSID\{00000010-6F7D-442C-93E3-4A4827C2E4C8}

HKCR\CLSID\{00000010-6F7D-442C-93E3-4A4827C2E4C8}

HKCR\CLSID\{00000010-6F7D-442C-93E3-4A4827C2E4C8}

HKCR\CLSID\{00000010-6F7D-442C-93E3-4A4827C2E4C8}\InprocServer32

HKCR\CLSID\{00000010-6F7D-442C-93E3-4A4827C2E4C8}\InprocServer32#ThreadingModel

HKCR\CLSID\{00000010-6F7D-442C-93E3-4A4827C2E4C8}\ProgID

HKCR\CLSID\{00000010-6F7D-442C-93E3-4A4827C2E4C8}\Programmable

HKCR\CLSID\{00000010-6F7D-442C-93E3-4A4827C2E4C8}\TypeLib

HKCR\CLSID\{00000010-6F7D-442C-93E3-4A4827C2E4C8}\VersionIndependentProgID

C:\WINDOWS\NEM220.DLL

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00000010-6F7D-442C-93E3-4A4827C2E4C8}

HKCR\DyFuCA_BH.BHObj

HKCR\DyFuCA_BH.BHObj\CLSID

HKCR\DyFuCA_BH.BHObj\CurVer

HKCR\DyFuCA_BH.BHObj.1

HKCR\DyFuCA_BH.BHObj.1\CLSID

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DyFuCA

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Optimizer

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Optimizer#DisplayIcon

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Optimizer#DisplayName

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Optimizer#UninstallString

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Kapabout

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Kapabout#Comment

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Kapabout#DComment

HKU\S-1-5-21-1417001333-2077806209-682003330-1004\Software\Avenue Media

HKLM\Software\Avenue Media

HKLM\Software\Avenue Media\Internet Optimizer

HKLM\Software\Avenue Media\Internet Optimizer#TargetDir

HKLM\Software\Avenue Media\Internet Optimizer#TAC

HKLM\Software\Avenue Media\Internet Optimizer#CLS

HKLM\Software\Avenue Media\Internet Optimizer#RID

HKLM\Software\Avenue Media\Internet Optimizer#Version

HKLM\Software\Avenue Media\Internet Optimizer#ServerVisited

HKLM\Software\Avenue Media\Internet Optimizer#UpdateInterval

HKLM\Software\Avenue Media\Internet Optimizer#ID

HKLM\Software\Avenue Media\Internet Optimizer#InstallT

HKLM\Software\Avenue Media\Internet Optimizer#remember[LLT]

HKLM\Software\Avenue Media\Internet Optimizer#Conn

HKLM\Software\Avenue Media\Internet Optimizer#403

HKLM\Software\Avenue Media\Internet Optimizer#404

HKLM\Software\Avenue Media\Internet Optimizer#410

HKLM\Software\Avenue Media\Internet Optimizer#500

HKLM\Software\Avenue Media\Internet Optimizer#PendingRemoval

HKLM\Software\Avenue Media\Internet Optimizer\Browser Helper

HKLM\Software\Avenue Media\Internet Optimizer\Browser Helper#Version

HKLM\Software\Avenue Media\Internet Optimizer\Browser Helper#ModuleFileName

HKLM\Software\Avenue Media\Internet Optimizer\Browser Helper#Options

HKLM\Software\Avenue Media\Internet Optimizer\Browser Helper\cf1

HKLM\Software\Avenue Media\Internet Optimizer\Browser Helper\cf1#RawData

HKLM\Software\Avenue Media\Internet Optimizer\Browser Helper\cf1#Data

HKLM\Software\Avenue Media\Internet Optimizer\Browser Helper\cf1#DiffAll

HKLM\Software\Avenue Media\Internet Optimizer\Browser Helper\cf1#TimeStamp

HKLM\Software\Avenue Media\Internet Optimizer\Browser Helper\cf1#Version

HKLM\Software\Avenue Media\Internet Optimizer\WSE

HKLM\Software\Avenue Media\Internet Optimizer\WSE#Version

HKLM\Software\Avenue Media\Internet Optimizer\WSE#Options

HKLM\Software\Avenue Media\Internet Optimizer\WSE#ModuleFileName

HKLM\Software\Avenue Media\Internet Optimizer\WSE#RI2527

HKLM\Software\Avenue Media\Internet Optimizer\WSE#RI2526

HKLM\Software\Avenue Media\Internet Optimizer\WSE#RI2525

HKLM\Software\Avenue Media\Internet Optimizer\WSE#RI510396

HKLM\Software\Avenue Media\Internet Optimizer\WSE#RI510410

HKLM\Software\Avenue Media\Internet Optimizer\WSE#RI510391

HKLM\Software\Avenue Media\Internet Optimizer\WSE#RI510424

HKLM\Software\Avenue Media\Internet Optimizer\WSE#RI18887

HKLM\Software\Avenue Media\Internet Optimizer\WSE#RI510415

HKLM\Software\Avenue Media\Internet Optimizer\WSE#RI510397

HKLM\Software\Avenue Media\Internet Optimizer\WSE#RI18913

HKLM\Software\Avenue Media\Internet Optimizer\WSE#RI510395

HKLM\Software\Avenue Media\Internet Optimizer\WSE#RI510425

HKLM\Software\Avenue Media\Internet Optimizer\WSE#RI42

HKLM\Software\Avenue Media\Internet Optimizer\WSE#RI18851

HKLM\Software\Avenue Media\Internet Optimizer\WSE#RI18906

HKLM\Software\Avenue Media\Internet Optimizer\WSE#RI18900

HKLM\Software\Avenue Media\Internet Optimizer\WSE#RI510408

HKLM\Software\Avenue Media\Internet Optimizer\WSE#RI510423

HKLM\Software\Avenue Media\Internet Optimizer\WSE#RI18853

HKLM\Software\Avenue Media\Internet Optimizer\WSE#RI510414

HKLM\Software\Avenue Media\Internet Optimizer\WSE#RI18918

HKLM\Software\Avenue Media\Internet Optimizer\WSE#RI18898

HKLM\Software\Avenue Media\Internet Optimizer\WSE#RI18897

HKLM\Software\Avenue Media\Internet Optimizer\WSE#RI510411

HKLM\Software\Avenue Media\Internet Optimizer\WSE#RI18928

HKLM\Software\Avenue Media\Internet Optimizer\WSE#RI510430

HKLM\Software\Avenue Media\Internet Optimizer\WSE#RI18930

HKLM\Software\Avenue Media\Internet Optimizer\WSE#RI510393

HKLM\Software\Avenue Media\Internet Optimizer\WSE#RI18895

HKLM\Software\Avenue Media\Internet Optimizer\WSE#RI510394

HKLM\Software\Avenue Media\Internet Optimizer\WSE#RI510426

HKLM\Software\Avenue Media\Internet Optimizer\WSE\cf2

HKLM\Software\Avenue Media\Internet Optimizer\WSE\cf2#RawData

HKLM\Software\Avenue Media\Internet Optimizer\WSE\cf2#Data

HKLM\Software\Avenue Media\Internet Optimizer\WSE\cf2#DiffAll

HKLM\Software\Avenue Media\Internet Optimizer\WSE\cf2#TimeStamp

HKLM\Software\Avenue Media\Internet Optimizer\WSE\cf2#Version

HKLM\Software\Avenue Media\Internet Optimizer\WSE\cf4

HKLM\Software\Avenue Media\Internet Optimizer\WSE\cf4#RawData

HKLM\Software\Avenue Media\Internet Optimizer\WSE\cf4#Data

HKLM\Software\Avenue Media\Internet Optimizer\WSE\cf4#DiffAll

HKLM\Software\Avenue Media\Internet Optimizer\WSE\cf4#TimeStamp

HKLM\Software\Avenue Media\Internet Optimizer\WSE\cf4#Version

HKU\S-1-5-21-1417001333-2077806209-682003330-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\AMeOpt

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\AMeOpt

HKU\S-1-5-21-1417001333-2077806209-682003330-1004\SOFTWARE\Policies\Avenue Media

HKLM\SOFTWARE\Policies\Avenue Media

HKCR\Interface\{1C01D150-91A4-4DE0-9BF8-A35D1BDF1001}

HKCR\Interface\{1C01D150-91A4-4DE0-9BF8-A35D1BDF1001}\ProxyStubClsid

HKCR\Interface\{1C01D150-91A4-4DE0-9BF8-A35D1BDF1001}\ProxyStubClsid32

HKCR\Interface\{1C01D150-91A4-4DE0-9BF8-A35D1BDF1001}\TypeLib

HKCR\Interface\{1C01D150-91A4-4DE0-9BF8-A35D1BDF1001}\TypeLib#Version

HKCR\TypeLib\{40B1D454-9CA4-43CC-86AA-CB175EAC52FB}

HKCR\TypeLib\{40B1D454-9CA4-43CC-86AA-CB175EAC52FB}\1.0

HKCR\TypeLib\{40B1D454-9CA4-43CC-86AA-CB175EAC52FB}\1.0\0

HKCR\TypeLib\{40B1D454-9CA4-43CC-86AA-CB175EAC52FB}\1.0\0\win32

HKCR\TypeLib\{40B1D454-9CA4-43CC-86AA-CB175EAC52FB}\1.0\FLAGS

HKCR\TypeLib\{40B1D454-9CA4-43CC-86AA-CB175EAC52FB}\1.0\HELPDIR

HKU\S-1-5-21-1417001333-2077806209-682003330-1004\Software\Microsoft\Internet Explorer\URLSearchHooks#_{CFBFAE00-17A6-11D0-99CB-00C04FD64497}

C:\DOCUMENTS AND SETTINGS\JOHN\INTERNET OPTIMIZER\OPTIMIZE.EXE

C:\PROGRAM FILES\INTERNET OPTIMIZER\UPDATE\ROGUE.EXE

 

Adware.Avenue Media

[Myynxx] C:\PROGRAM FILES\IVUQMT\YBOQOZN.EXE

C:\PROGRAM FILES\IVUQMT\YBOQOZN.EXE

 

BHObj Class BHO

HKLM\Software\Classes\CLSID\{8F4E5661-F99E-4B3E-8D85-0EA71C0748E4}

HKCR\CLSID\{8F4E5661-F99E-4B3E-8D85-0EA71C0748E4}

HKCR\CLSID\{8F4E5661-F99E-4B3E-8D85-0EA71C0748E4}

HKCR\CLSID\{8F4E5661-F99E-4B3E-8D85-0EA71C0748E4}\InprocServer32

HKCR\CLSID\{8F4E5661-F99E-4B3E-8D85-0EA71C0748E4}\InprocServer32#ThreadingModel

HKCR\CLSID\{8F4E5661-F99E-4B3E-8D85-0EA71C0748E4}\ProgID

HKCR\CLSID\{8F4E5661-F99E-4B3E-8D85-0EA71C0748E4}\Programmable

HKCR\CLSID\{8F4E5661-F99E-4B3E-8D85-0EA71C0748E4}\TypeLib

HKCR\CLSID\{8F4E5661-F99E-4B3E-8D85-0EA71C0748E4}\VersionIndependentProgID

C:\WINDOWS\WSEM303.DLL

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8F4E5661-F99E-4B3E-8D85-0EA71C0748E4}

 

Adware.Tracking Cookie

C:\Documents and Settings\JOHN\Cookies\john@oas.247realmedia[1].txt

C:\Documents and Settings\JOHN\Cookies\john@mb[3].txt

C:\Documents and Settings\JOHN\Cookies\john@1067418680[1].txt

C:\Documents and Settings\JOHN\Cookies\john@mediaplex[2].txt

C:\Documents and Settings\JOHN\Cookies\john@revsci[1].txt

C:\Documents and Settings\JOHN\Cookies\john@www.drivecleaner[2].txt

C:\Documents and Settings\JOHN\Cookies\john@www.mediatraffic[2].txt

C:\Documents and Settings\JOHN\Cookies\john@stat.swedbank[1].txt

C:\Documents and Settings\JOHN\Cookies\john@specificclick[2].txt

C:\Documents and Settings\JOHN\Cookies\john@ad1.emediate[2].txt

C:\Documents and Settings\JOHN\Cookies\john@ehg-ads.hitbox[1].txt

C:\Documents and Settings\JOHN\Cookies\john@statse.webtrendslive[1].txt

C:\Documents and Settings\JOHN\Cookies\john@pacificpoker[2].txt

C:\Documents and Settings\JOHN\Cookies\john@ehg-ifilm.hitbox[2].txt

C:\Documents and Settings\JOHN\Cookies\john@se.winantivirus[1].txt

C:\Documents and Settings\JOHN\Cookies\john@doubleclick[1].txt

C:\Documents and Settings\JOHN\Cookies\john@184908[1].txt

C:\Documents and Settings\JOHN\Cookies\john@partypoker[2].txt

C:\Documents and Settings\JOHN\Cookies\john@fl01.ct2.comclick[1].txt

C:\Documents and Settings\JOHN\Cookies\john@adrevolver[2].txt

C:\Documents and Settings\JOHN\Cookies\john@creview.adbureau[2].txt

C:\Documents and Settings\JOHN\Cookies\john@server.iad.liveperson[2].txt

C:\Documents and Settings\JOHN\Cookies\john@72438301[1].txt

C:\Documents and Settings\JOHN\Cookies\john@advertising[2].txt

C:\Documents and Settings\JOHN\Cookies\john@as1.falkag[1].txt

C:\Documents and Settings\JOHN\Cookies\john@hitbox[2].txt

C:\Documents and Settings\JOHN\Cookies\john@cgi-bin[1].txt

C:\Documents and Settings\JOHN\Cookies\john@drivecleaner[2].txt

C:\Documents and Settings\JOHN\Cookies\john@revenue[1].txt

C:\Documents and Settings\JOHN\Cookies\john@server.lon.liveperson[2].txt

C:\Documents and Settings\JOHN\Cookies\john@upspiral[1].txt

C:\Documents and Settings\JOHN\Cookies\john@mediatraffic[1].txt

C:\Documents and Settings\JOHN\Cookies\john@tacoda[2].txt

C:\Documents and Settings\JOHN\Cookies\john@tribalfusion[1].txt

C:\Documents and Settings\JOHN\Cookies\john@zedo[2].txt

C:\Documents and Settings\JOHN\Cookies\john@2o7[2].txt

C:\Documents and Settings\JOHN\Cookies\john@adlegend[1].txt

C:\Documents and Settings\JOHN\Cookies\john@kanoodle[2].txt

C:\Documents and Settings\JOHN\Cookies\john@data2.perf.overture[1].txt

C:\Documents and Settings\JOHN\Cookies\john@valueclick[2].txt

C:\Documents and Settings\JOHN\Cookies\john@adv.noblepoker[2].txt

C:\Documents and Settings\JOHN\Cookies\john@ads.pointroll[2].txt

C:\Documents and Settings\JOHN\Cookies\john@burstnet[2].txt

C:\Documents and Settings\JOHN\Cookies\john@fastclick[2].txt

C:\Documents and Settings\JOHN\Cookies\john@indextools[2].txt

C:\Documents and Settings\JOHN\Cookies\john@83227003[1].txt

C:\Documents and Settings\JOHN\Cookies\john@adopt.hbmediapro[2].txt

C:\Documents and Settings\JOHN\Cookies\john@9551721[2].txt

C:\Documents and Settings\JOHN\Cookies\john@adrevolver[1].txt

C:\Documents and Settings\JOHN\Cookies\john@stats1.reliablestats[1].txt

C:\Documents and Settings\JOHN\Cookies\john@data3.perf.overture[1].txt

C:\Documents and Settings\JOHN\Cookies\john@casalemedia[1].txt

C:\Documents and Settings\JOHN\Cookies\john@winantivirus[2].txt

C:\Documents and Settings\JOHN\Cookies\john@cgi-bin[2].txt

C:\Documents and Settings\JOHN\Cookies\john@msnportal.112.2o7[1].txt

C:\Documents and Settings\JOHN\Cookies\john@sales.liveperson[1].txt

C:\Documents and Settings\JOHN\Cookies\john@adtech[2].txt

C:\Documents and Settings\JOHN\Cookies\john@rotator.adjuggler[2].txt

C:\Documents and Settings\JOHN\Cookies\john@cgi-bin[3].txt

C:\Documents and Settings\JOHN\Cookies\john@atdmt[2].txt

C:\Documents and Settings\JOHN\Cookies\john@ad.adtoma[2].txt

C:\Documents and Settings\JOHN\Cookies\john@mb[2].txt

C:\Documents and Settings\JOHN\Cookies\john@45813911[1].txt

C:\Documents and Settings\JOHN\Cookies\john@www.amaena[1].txt

C:\Documents and Settings\JOHN\Cookies\john@partygaming.122.2o7[1].txt

C:\Documents and Settings\JOHN\Cookies\john@tradedoubler[2].txt

C:\Documents and Settings\JOHN\Cookies\john@serving-sys[1].txt

C:\Documents and Settings\JOHN\Cookies\john@ehg-neteller.hitbox[2].txt

C:\Documents and Settings\JOHN\Cookies\john@statcounter[1].txt

C:\Documents and Settings\JOHN\Cookies\john@ad.cs102175[2].txt

C:\Documents and Settings\JOHN\Cookies\john@stat.dealtime[1].txt

C:\Documents and Settings\JOHN\Cookies\john@stats.drivecleaner[2].txt

C:\Documents and Settings\JOHN\Cookies\john@e-2dj6wgkywjd5oao.stats.esomniture[2].txt

C:\Documents and Settings\JOHN\Cookies\john@qnsr[1].txt

C:\Documents and Settings\JOHN\Cookies\john@apmebf[1].txt

C:\Documents and Settings\JOHN\Cookies\john@tracking.notabenestats[1].txt

C:\Documents and Settings\JOHN\Cookies\john@commission-junction[1].txt

C:\Documents and Settings\JOHN\Cookies\john@27814325[2].txt

C:\Documents and Settings\JOHN\Cookies\john@adserver.filefront[2].txt

C:\Documents and Settings\JOHN\Cookies\john@adserver.banneradministration[1].txt

C:\Documents and Settings\JOHN\Cookies\john@ehg-magicalia.hitbox[1].txt

C:\Documents and Settings\JOHN\Cookies\john@surfaccuracy[2].txt

C:\Documents and Settings\JOHN\Cookies\john@as-eu.falkag[1].txt

C:\Documents and Settings\JOHN\Cookies\john@wrigley.122.2o7[1].txt

C:\Documents and Settings\JOHN\Cookies\john@nextag[2].txt

C:\Documents and Settings\JOHN\Cookies\john@perf.overture[1].txt

C:\Documents and Settings\JOHN\Cookies\john@bluestreak[2].txt

C:\Documents and Settings\JOHN\Cookies\john@goclick[2].txt

C:\Documents and Settings\JOHN\Cookies\john@track.adform[1].txt

C:\Documents and Settings\JOHN\Cookies\john@amaena[2].txt

C:\Documents and Settings\JOHN\Cookies\john@ad1.emediate[1].txt

C:\Documents and Settings\JOHN\Cookies\john@ad.yieldmanager[2].txt

C:\Documents and Settings\JOHN\Cookies\john@qksrv[2].txt

C:\Documents and Settings\JOHN\Cookies\john@counter.hitslink[1].txt

C:\Documents and Settings\JOHN\Cookies\john@new-pcp[1].txt

C:\Documents and Settings\JOHN\Cookies\john@ad.zanox[1].txt

C:\Documents and Settings\JOHN\Cookies\john@cgi-bin[4].txt

C:\Documents and Settings\JOHN\Cookies\john@spylog[2].txt

C:\Documents and Settings\JOHN\Cookies\john@banners.guns[1].txt

C:\Documents and Settings\JOHN\Cookies\john@toplist[1].txt

C:\Documents and Settings\JOHN\Cookies\john@ehg-abupsala.hitbox[2].txt

C:\Documents and Settings\JOHN\Cookies\john@1072260117[1].txt

C:\Documents and Settings\JOHN\Cookies\john@ads1.partnerlogic[1].txt

C:\Documents and Settings\JOHN\Cookies\john@ehg-nokiafin.hitbox[1].txt

C:\Documents and Settings\JOHN\Cookies\john@1070165663[1].txt

C:\Documents and Settings\JOHN\Cookies\john@adfarm1.adition[1].txt

C:\Documents and Settings\JOHN\Cookies\john@mb[5].txt

C:\Documents and Settings\JOHN\Cookies\john@ehg-youtube.hitbox[1].txt

C:\Documents and Settings\JOHN\Cookies\john@campaign.indieclick[1].txt

C:\Documents and Settings\JOHN\Cookies\john@swe[1].txt

C:\Documents and Settings\JOHN\Cookies\john@bs.serving-sys[1].txt

C:\Documents and Settings\JOHN\Cookies\john@webstat[2].txt

C:\Documents and Settings\JOHN\Cookies\john@1069463370[1].txt

C:\Documents and Settings\JOHN\Cookies\john@1062049428[1].txt

C:\Documents and Settings\JOHN\Cookies\john@adbrite[2].txt

C:\Documents and Settings\JOHN\Cookies\john@komtrack[2].txt

C:\Documents and Settings\JOHN\Cookies\john@www.clicktorrent[2].txt

C:\Documents and Settings\JOHN\Cookies\john@interclick[1].txt

C:\Documents and Settings\JOHN\Cookies\john@clicksor[1].txt

C:\Documents and Settings\JOHN\Cookies\john@clicktorrent[1].txt

C:\Documents and Settings\JOHN\Cookies\john@m1.webstats4u[1].txt

C:\Documents and Settings\JOHN\Cookies\john@trafficmp[2].txt

C:\Documents and Settings\JOHN\Cookies\john@ebookers[1].txt

C:\Documents and Settings\JOHN\Cookies\john@cgi-bin[5].txt

C:\Documents and Settings\JOHN\Cookies\john@adserver[1].txt

C:\Documents and Settings\JOHN\Cookies\john@ad.zorpia[1].txt

C:\Documents and Settings\JOHN\Cookies\john@www.888[1].txt

C:\Documents and Settings\JOHN\Cookies\john@ehg-dig.hitbox[2].txt

C:\Documents and Settings\JOHN\Cookies\john@overture[1].txt

C:\Documents and Settings\JOHN\Cookies\john@ehg-lionsgate.hitbox[2].txt

C:\Documents and Settings\JOHN\Cookies\john@www.burstnet[2].txt

C:\Documents and Settings\JOHN\Cookies\john@ebse[1].txt

C:\Documents and Settings\JOHN\Cookies\john@se.drivecleaner[1].txt

C:\Documents and Settings\JOHN\Cookies\john@bwincom.122.2o7[1].txt

C:\Documents and Settings\JOHN\Cookies\john@1066429554[1].txt

C:\Documents and Settings\JOHN\Cookies\john@hotlog[1].txt

C:\Documents and Settings\JOHN\Cookies\john@ehg-upcchellomedia.hitbox[2].txt

C:\Documents and Settings\JOHN\Cookies\john@3.adbrite[1].txt

C:\Documents and Settings\JOHN\Cookies\john@1068119877[2].txt

C:\Documents and Settings\JOHN\Cookies\john@tracker[1].txt

C:\Documents and Settings\JOHN\Lokala inställningar\Temp\Cookies\john@ad.yieldmanager[1].txt

C:\Documents and Settings\JOHN\Lokala inställningar\Temp\Cookies\john@ad1.emediate[1].txt

C:\Documents and Settings\JOHN\Lokala inställningar\Temp\Cookies\john@ad1.emediate[3].txt

C:\Documents and Settings\JOHN\Lokala inställningar\Temp\Cookies\john@adserver.banneradministration[1].txt

C:\Documents and Settings\JOHN\Lokala inställningar\Temp\Cookies\john@adtech[2].txt

C:\Documents and Settings\JOHN\Lokala inställningar\Temp\Cookies\john@advertising[2].txt

C:\Documents and Settings\JOHN\Lokala inställningar\Temp\Cookies\john@atdmt[2].txt

C:\Documents and Settings\JOHN\Lokala inställningar\Temp\Cookies\john@burstnet[2].txt

C:\Documents and Settings\JOHN\Lokala inställningar\Temp\Cookies\john@casalemedia[1].txt

C:\Documents and Settings\JOHN\Lokala inställningar\Temp\Cookies\john@dealtime.co[1].txt

C:\Documents and Settings\JOHN\Lokala inställningar\Temp\Cookies\john@doubleclick[1].txt

C:\Documents and Settings\JOHN\Lokala inställningar\Temp\Cookies\john@ehg-ads.hitbox[2].txt

C:\Documents and Settings\JOHN\Lokala inställningar\Temp\Cookies\john@fastclick[2].txt

C:\Documents and Settings\JOHN\Lokala inställningar\Temp\Cookies\john@hitbox[1].txt

C:\Documents and Settings\JOHN\Lokala inställningar\Temp\Cookies\john@indexstats[1].txt

C:\Documents and Settings\JOHN\Lokala inställningar\Temp\Cookies\john@kanoodle[2].txt

C:\Documents and Settings\JOHN\Lokala inställningar\Temp\Cookies\john@media.fastclick[2].txt

C:\Documents and Settings\JOHN\Lokala inställningar\Temp\Cookies\john@mediaplex[1].txt

C:\Documents and Settings\JOHN\Lokala inställningar\Temp\Cookies\john@overture[1].txt

C:\Documents and Settings\JOHN\Lokala inställningar\Temp\Cookies\john@postclicktracking[1].txt

C:\Documents and Settings\JOHN\Lokala inställningar\Temp\Cookies\john@revenue[2].txt

C:\Documents and Settings\JOHN\Lokala inställningar\Temp\Cookies\john@revsci[2].txt

C:\Documents and Settings\JOHN\Lokala inställningar\Temp\Cookies\john@server.iad.liveperson[1].txt

C:\Documents and Settings\JOHN\Lokala inställningar\Temp\Cookies\john@stat.dealtime[2].txt

C:\Documents and Settings\JOHN\Lokala inställningar\Temp\Cookies\john@statcounter[1].txt

C:\Documents and Settings\JOHN\Lokala inställningar\Temp\Cookies\john@stats1.reliablestats[2].txt

C:\Documents and Settings\JOHN\Lokala inställningar\Temp\Cookies\john@stats[1].txt

C:\Documents and Settings\JOHN\Lokala inställningar\Temp\Cookies\john@tacoda[2].txt

C:\Documents and Settings\JOHN\Lokala inställningar\Temp\Cookies\john@toplist[1].txt

C:\Documents and Settings\JOHN\Lokala inställningar\Temp\Cookies\john@track.adform[1].txt

C:\Documents and Settings\JOHN\Lokala inställningar\Temp\Cookies\john@tradedoubler[1].txt

C:\Documents and Settings\JOHN\Lokala inställningar\Temp\Cookies\john@tribalfusion[2].txt

C:\Documents and Settings\JOHN\Lokala inställningar\Temp\Cookies\john@www.burstnet[1].txt

 

Adware.IST/SaferScan

HKU\S-1-5-21-1417001333-2077806209-682003330-1004\Software\SaferScan

HKLM\Software\SaferScan

HKLM\Software\SaferScan#LoadNum

HKLM\Software\SaferScan#Path

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SaferScan

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SaferScan#DisplayName

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SaferScan#UninstallString

C:\Program\SaferScan\saferscan.exe

C:\Program\SaferScan\uninstall.exe

C:\Program\SaferScan

C:\Documents and Settings\JOHN\Start-meny\Program\SaferScan\SaferScan.lnk

C:\Documents and Settings\JOHN\Start-meny\Program\SaferScan

 

Adware.IST/YourSiteBar

HKCR\YSBactivex.Installer

HKCR\YSBactivex.Installer\CLSID

HKCR\CLSID\{42F2C9BA-614F-47c0-B3E3-ECFD34EED658}

HKCR\CLSID\{42F2C9BA-614F-47c0-B3E3-ECFD34EED658}\InprocServer32

HKCR\CLSID\{42F2C9BA-614F-47c0-B3E3-ECFD34EED658}\InprocServer32#ThreadingModel

HKCR\CLSID\{42F2C9BA-614F-47c0-B3E3-ECFD34EED658}\ProgID

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ysbactivex.dll

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ysbactivex.dll#.Owner

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ysbactivex.dll#{42F2C9BA-614F-47C0-B3E3-ECFD34EED658}

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs#C:\WINDOWS\Downloaded Program Files\ysbactivex.dll [ ]

C:\WINDOWS\Downloaded Program Files\ysbactivex.dll

 

Trojan.Unknown Origin

HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{42F2C9BA-614F-47C0-B3E3-ECFD34EED658}

HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{42F2C9BA-614F-47C0-B3E3-ECFD34EED658}#SystemComponent

HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{42F2C9BA-614F-47C0-B3E3-ECFD34EED658}#Installer

HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{42F2C9BA-614F-47C0-B3E3-ECFD34EED658}\Contains

HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{42F2C9BA-614F-47C0-B3E3-ECFD34EED658}\Contains\Files

HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{42F2C9BA-614F-47C0-B3E3-ECFD34EED658}\Contains\Files#C:\WINDOWS\Downloaded Program Files\ysbactivex.dll

HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{42F2C9BA-614F-47C0-B3E3-ECFD34EED658}\DownloadInformation

HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{42F2C9BA-614F-47C0-B3E3-ECFD34EED658}\DownloadInformation#CODEBASE

HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{42F2C9BA-614F-47C0-B3E3-ECFD34EED658}\InstalledVersion

HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{42F2C9BA-614F-47C0-B3E3-ECFD34EED658}\InstalledVersion#LastModified

 

Trojan.ErrorSafe

C:\Program\ErrorSafe\lock.dat

C:\Program\ErrorSafe

HKCR\ESSPCheck.ESSPCheck

HKCR\ESSPCheck.ESSPCheck\CLSID

HKCR\ESSPCheck.ESSPCheck\CurVer

HKCR\ESSPCheck.ESSPCheck.1

HKCR\ESSPCheck.ESSPCheck.1\CLSID

HKU\S-1-5-21-1417001333-2077806209-682003330-1004\Software\ErrorSafe

HKLM\Software\ErrorSafe

HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ERSSDD

HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ERSSDD#NextInstance

HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ERSSDD\0000

HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ERSSDD\0000#Service

HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ERSSDD\0000#Legacy

HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ERSSDD\0000#ConfigFlags

HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ERSSDD\0000#Class

HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ERSSDD\0000#ClassGUID

HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ERSSDD\0000#DeviceDesc

HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ERSSDD\0000#Capabilities

HKCR\clsid\{5284ac2a-ef00-4750-9b82-b5b907d26536}

HKCR\clsid\{5284ac2a-ef00-4750-9b82-b5b907d26536}\Implemented Categories

HKCR\clsid\{5284ac2a-ef00-4750-9b82-b5b907d26536}\Implemented Categories\{7DD95801-9882-11CF-9FA9-00AA006C42C4}

HKCR\clsid\{5284ac2a-ef00-4750-9b82-b5b907d26536}\Implemented Categories\{7DD95802-9882-11CF-9FA9-00AA006C42C4}

HKCR\clsid\{5284ac2a-ef00-4750-9b82-b5b907d26536}\InprocServer32

HKCR\clsid\{5284ac2a-ef00-4750-9b82-b5b907d26536}\InprocServer32#ThreadingModel

HKCR\clsid\{5284ac2a-ef00-4750-9b82-b5b907d26536}\ProgID

HKCR\clsid\{5284ac2a-ef00-4750-9b82-b5b907d26536}\Programmable

HKCR\clsid\{5284ac2a-ef00-4750-9b82-b5b907d26536}\TypeLib

HKCR\clsid\{5284ac2a-ef00-4750-9b82-b5b907d26536}\VersionIndependentProgID

HKCR\typelib\{68bc55e9-4d3e-4c89-89ac-7559763c98b8}

HKCR\typelib\{68bc55e9-4d3e-4c89-89ac-7559763c98b8}\1.0

HKCR\typelib\{68bc55e9-4d3e-4c89-89ac-7559763c98b8}\1.0\0

HKCR\typelib\{68bc55e9-4d3e-4c89-89ac-7559763c98b8}\1.0\0\win32

HKCR\typelib\{68bc55e9-4d3e-4c89-89ac-7559763c98b8}\1.0\FLAGS

HKCR\typelib\{68bc55e9-4d3e-4c89-89ac-7559763c98b8}\1.0\HELPDIR

HKCR\Interface\{A0E2E5AB-C02F-489B-BD7B-58C329F774F3}

HKCR\Interface\{A0E2E5AB-C02F-489B-BD7B-58C329F774F3}\ProxyStubClsid

HKCR\Interface\{A0E2E5AB-C02F-489B-BD7B-58C329F774F3}\ProxyStubClsid32

HKCR\Interface\{A0E2E5AB-C02F-489B-BD7B-58C329F774F3}\TypeLib

HKCR\Interface\{A0E2E5AB-C02F-489B-BD7B-58C329F774F3}\TypeLib#Version

C:\WINDOWS\SYSTEM32\DRIVERS\ERSSDD.SYS[/log]

 

Har även installerat hijackthis och den loggen lyder följande:

 

[log]Logfile of HijackThis v1.99.1

Scan saved at 17:26:20, on 2007-06-17

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\Program\Winamp\Winampa.exe

C:\Program\Java\jre1.6.0_01\bin\jusched.exe

C:\Program\Delade filer\Real\Update_OB\realsched.exe

C:\Program\Corsair\Corsair Flash Voyager Utility\PLBkMon.exe

C:\WINDOWS\system32\HotfixQ0306270.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program\PANICW~1\POP-UP~1\PSFree.exe

D:\Program\superantispyware\SUPERAntiSpyware.exe

C:\Program\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe

C:\Program\Rainlendar\Rainlendar.exe

C:\WINDOWS\system32\IoctlSvc.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program\Internet Explorer\iexplore.exe

C:\Program\MSN Messenger\usnsvc.exe

D:\Program\Hijackthis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.aftonbladet.se/

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar

R3 - Default URLSearchHook is missing

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program\Java\jre1.6.0_01\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O4 - HKLM\..\Run: [WinampAgent] "C:\Program\Winamp\Winampa.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program\Java\jre1.6.0_01\bin\jusched.exe"

O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"

O4 - HKLM\..\Run: [TkBellExe] "C:\Program\Delade filer\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKLM\..\Run: [CORSAIR_PLUtil] C:\Program\Corsair\Corsair Flash Voyager Utility\PLBkMon.exe

O4 - HKLM\..\Run: [PLFFAP] C:\WINDOWS\system32\HotfixQ0306270.exe

O4 - HKLM\..\Run: [AGEIA PhysX SysTray] C:\Program\AGEIA Technologies\TrayIcon.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\Program\PANICW~1\POP-UP~1\PSFree.exe"

O4 - HKCU\..\Run: [updateMgr] C:\Program\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_0

O4 - HKCU\..\Run: [sUPERAntiSpyware] D:\Program\superantispyware\SUPERAntiSpyware.exe

O4 - Startup: Adobe Gamma.lnk = C:\Program\Delade filer\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Startup: Rainlendar.lnk = C:\Program\Rainlendar\Rainlendar.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: hp psc 1000 series.lnk = ?

O4 - Global Startup: hpoddt01.exe.lnk = ?

O4 - Global Startup: Microsoft Office.lnk = C:\Program\Microsoft Office\Office10\OSA.EXE

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra button: PokerTime Poker - {7220F1C9-B7E0-47a6-A0BD-D5B3940BCC79} - C:\Program\PokerTimeMPP\MPPoker.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab

O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by116fd.bay116.hotmail.msn.com/resources/MsnPUpld.cab

O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://195.196.36.242/activex/AxisCamControl.cab

O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://www.fotogalleriet.se/static/test/ImageUploader3.cab

O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/win/ActiveXPlugin.cab

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab

O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/5m/virtools.download.akamai.com/6712/player/install3.5/installer.exe

O16 - DPF: {E13F1132-4CA0-4005-84D3-51406E27D269} (BTDownloadCtrl Control) - http://www.shockwave.com/content/thinktanks/sis/BTDownloadCtrl.cab

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program\MSNMES~1\MSGRAP~1.DLL

O20 - Winlogon Notify: !SASWinLogon - D:\Program\superantispyware\SASWINLO.dll

O21 - SSODL: syshelps - {94BE9832-1843-4C81-8F8F-E95F728BCE67} - syshelps.dll (file missing)

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program\Delade filer\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program\Delade filer\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPodService - Apple Computer, Inc. - C:\Program\iPod\bin\iPodService.exe

O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe[/log]

 

/ John

 

[inlägget ändrat 2007-06-17 17:28:38 av jompa85]

Link to comment
Share on other sites

Inte bara MSN-viruset utan många andra otrevligheter också ser det ut som att SUPERAntiSpyware har hittat.

 

Ladda ner MSN_Fix till Skrivbordet.

http://sosvirus.changelog.fr/MSNFix.zip

Packa upp filen och kör MSNFix.bat och följ anvisningarna som kommer upp.

Klistra in loggen som kommer upp i ditt svar här.

Klistra in en ny HijackThis-logg också.

 

 

Link to comment
Share on other sites

här är loggen från msnfix:

 

[log]MSN_Fix 1.324

 

C:\Documents and Settings\JOHN\Skrivbord\msnfix\MSNFix

Scan done at 2007-06-17 - 19:33:41,23 By JOHN

normal mode

 

************************ Checking Files

 

... C:\WINDOWS\photos.zip

... C:\WINDOWS\system32\syshelps.dll

 

************************ Checking Folder

 

No Folder Found

 

 

 

 

************************ Deleting malware Files

 

.. OK ... C:\WINDOWS\photos.zip

/!\ ... C:\WINDOWS\system32\syshelps.dll

 

 

 

************************ Registry Cleaning

 

 

 

Others Files will be delete after a reboot on normal mode

 

 

No Folder Found

************************ Deleting malware Files

 

.. OK ... C:\WINDOWS\system32\syshelps.dll

 

 

 

************************ Suspect Files

 

/!\ The detected files must be controlled by a helper before any other handling

 

[C:\WINDOWS\system32\logon.scr] 8FC83784F495CCEC39C882973D1B98C1

[C:\WINDOWS\system32\scrnsave.scr] D77682049BC5B5A9F5A0CEB44703565A

[C:\WINDOWS\system32\ss3dfo.scr] 4FAFC51D4E351B276BE4FBDC798B4067

[C:\WINDOWS\system32\ssbezier.scr] 4AEA47F905628435516F9F64FBA5B32C

[C:\WINDOWS\system32\ssflwbox.scr] 3F5F672662DC33399725A87804884FFA

[C:\WINDOWS\system32\ssmarque.scr] B4AC410FCC959F701468BF267CEF60C2

[C:\WINDOWS\system32\ssmypics.scr] 88592032B26EBFED9FC22C330AD15B6C

[C:\WINDOWS\system32\ssmyst.scr] C05599501B42AAFD55C0AF91F2CE0E4C

[C:\WINDOWS\system32\sspipes.scr] 191034D26CA72BC73F33FDD3E2698C7F

[C:\WINDOWS\system32\ssstars.scr] 1133D9F7FC996ACFD096B97355D921F0

[C:\WINDOWS\system32\sstext3d.scr] 32DE0424841989D93B09FB14D75D1F2F

 

 

The Files and Registry deleted have been save in 2007-06-17_19362639.zip

 

 

------------------------------------------------------------------------

Autor : !aur3n7 Contact: http://246694.aceboard.fr

------------------------------------------------------------------------

 

--------------------------------------------- END --------------------------------------------- [/log]

 

Och loggen från hijackthis:

[log]Logfile of HijackThis v1.99.1

Scan saved at 19:41:19, on 2007-06-17

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\IoctlSvc.exe

C:\WINDOWS\system32\svchost.exe

C:\Program\Winamp\Winampa.exe

C:\Program\Java\jre1.6.0_01\bin\jusched.exe

C:\Program\Delade filer\Real\Update_OB\realsched.exe

C:\Program\Corsair\Corsair Flash Voyager Utility\PLBkMon.exe

C:\WINDOWS\system32\HotfixQ0306270.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program\PANICW~1\POP-UP~1\PSFree.exe

D:\Program\superantispyware\SUPERAntiSpyware.exe

C:\Program\Adobe\Acrobat 7.0\Reader\reader_sl.exe

C:\Program\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe

C:\Program\Rainlendar\Rainlendar.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program\Internet Explorer\IEXPLORE.EXE

D:\Program\Hijackthis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.aftonbladet.se/

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar

R3 - Default URLSearchHook is missing

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program\Java\jre1.6.0_01\bin\ssv.dll

O4 - HKLM\..\Run: [WinampAgent] "C:\Program\Winamp\Winampa.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program\Java\jre1.6.0_01\bin\jusched.exe"

O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"

O4 - HKLM\..\Run: [TkBellExe] "C:\Program\Delade filer\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [CORSAIR_PLUtil] C:\Program\Corsair\Corsair Flash Voyager Utility\PLBkMon.exe

O4 - HKLM\..\Run: [PLFFAP] C:\WINDOWS\system32\HotfixQ0306270.exe

O4 - HKLM\..\Run: [AGEIA PhysX SysTray] C:\Program\AGEIA Technologies\TrayIcon.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\Program\PANICW~1\POP-UP~1\PSFree.exe"

O4 - HKCU\..\Run: [updateMgr] C:\Program\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_0

O4 - HKCU\..\Run: [sUPERAntiSpyware] D:\Program\superantispyware\SUPERAntiSpyware.exe

O4 - Startup: Adobe Gamma.lnk = C:\Program\Delade filer\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Startup: Rainlendar.lnk = C:\Program\Rainlendar\Rainlendar.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: hp psc 1000 series.lnk = ?

O4 - Global Startup: hpoddt01.exe.lnk = ?

O4 - Global Startup: Microsoft Office.lnk = C:\Program\Microsoft Office\Office10\OSA.EXE

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra button: PokerTime Poker - {7220F1C9-B7E0-47a6-A0BD-D5B3940BCC79} - C:\Program\PokerTimeMPP\MPPoker.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab

O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by116fd.bay116.hotmail.msn.com/resources/MsnPUpld.cab

O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://195.196.36.242/activex/AxisCamControl.cab

O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://www.fotogalleriet.se/static/test/ImageUploader3.cab

O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/win/ActiveXPlugin.cab

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab

O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/5m/virtools.download.akamai.com/6712/player/install3.5/installer.exe

O16 - DPF: {E13F1132-4CA0-4005-84D3-51406E27D269} (BTDownloadCtrl Control) - http://www.shockwave.com/content/thinktanks/sis/BTDownloadCtrl.cab

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program\MSNMES~1\MSGRAP~1.DLL

O20 - Winlogon Notify: !SASWinLogon - D:\Program\superantispyware\SASWINLO.dll

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program\Delade filer\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program\Delade filer\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPodService - Apple Computer, Inc. - C:\Program\iPod\bin\iPodService.exe

O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

 

[/log]

 

Link to comment
Share on other sites

Skanna med HijackThis och bocka för:

 

R3 - Default URLSearchHook is missing

O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/5m/virtools.download.akamai.c

om/6712/player/install3.5/installer.exe

 

Avsluta alla andra program.

Tryck Fix checked.

 

Starta om datorn och kontrollera själv att ovanstående rader är borta ur en ny HijackThis-logg.

Hur uppför sig datorn nu?

 

Link to comment
Share on other sites

Nya hijackthis loggen:

[log]Logfile of HijackThis v1.99.1

Scan saved at 20:01:19, on 2007-06-17

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Program\Winamp\Winampa.exe

C:\Program\Java\jre1.6.0_01\bin\jusched.exe

C:\Program\Delade filer\Real\Update_OB\realsched.exe

C:\Program\Corsair\Corsair Flash Voyager Utility\PLBkMon.exe

C:\WINDOWS\system32\HotfixQ0306270.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program\PANICW~1\POP-UP~1\PSFree.exe

D:\Program\superantispyware\SUPERAntiSpyware.exe

C:\Program\Adobe\Acrobat 7.0\Reader\reader_sl.exe

C:\Program\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe

C:\Program\Rainlendar\Rainlendar.exe

C:\WINDOWS\system32\IoctlSvc.exe

C:\WINDOWS\system32\svchost.exe

D:\Program\Hijackthis\HijackThis.exe

C:\Program\Internet Explorer\iexplore.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.aftonbladet.se/

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program\Java\jre1.6.0_01\bin\ssv.dll

O4 - HKLM\..\Run: [WinampAgent] "C:\Program\Winamp\Winampa.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program\Java\jre1.6.0_01\bin\jusched.exe"

O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"

O4 - HKLM\..\Run: [TkBellExe] "C:\Program\Delade filer\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [CORSAIR_PLUtil] C:\Program\Corsair\Corsair Flash Voyager Utility\PLBkMon.exe

O4 - HKLM\..\Run: [PLFFAP] C:\WINDOWS\system32\HotfixQ0306270.exe

O4 - HKLM\..\Run: [AGEIA PhysX SysTray] C:\Program\AGEIA Technologies\TrayIcon.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\Program\PANICW~1\POP-UP~1\PSFree.exe"

O4 - HKCU\..\Run: [updateMgr] C:\Program\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_0

O4 - HKCU\..\Run: [sUPERAntiSpyware] D:\Program\superantispyware\SUPERAntiSpyware.exe

O4 - Startup: Adobe Gamma.lnk = C:\Program\Delade filer\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Startup: Rainlendar.lnk = C:\Program\Rainlendar\Rainlendar.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: hp psc 1000 series.lnk = ?

O4 - Global Startup: hpoddt01.exe.lnk = ?

O4 - Global Startup: Microsoft Office.lnk = C:\Program\Microsoft Office\Office10\OSA.EXE

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra button: PokerTime Poker - {7220F1C9-B7E0-47a6-A0BD-D5B3940BCC79} - C:\Program\PokerTimeMPP\MPPoker.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab

O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by116fd.bay116.hotmail.msn.com/resources/MsnPUpld.cab

O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://195.196.36.242/activex/AxisCamControl.cab

O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://www.fotogalleriet.se/static/test/ImageUploader3.cab

O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/win/ActiveXPlugin.cab

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab

O16 - DPF: {E13F1132-4CA0-4005-84D3-51406E27D269} (BTDownloadCtrl Control) - http://www.shockwave.com/content/thinktanks/sis/BTDownloadCtrl.cab

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program\MSNMES~1\MSGRAP~1.DLL

O20 - Winlogon Notify: !SASWinLogon - D:\Program\superantispyware\SASWINLO.dll

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program\Delade filer\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program\Delade filer\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPodService - Apple Computer, Inc. - C:\Program\iPod\bin\iPodService.exe

O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

 

[/log]

 

De raderna är nu borta.

 

Datorn fungerar som den ska vilket den gjorde tidigare också. anledningen till att jag visste att det var ngt fel var att den försökte skicka vidare filen "photos" över msn hela tiden.

 

Jag har inte vågat starta msn sedan dess att jag upptäckte det.

 

Link to comment
Share on other sites

Datorn fungerar som den ska vilket den gjorde tidigare också. anledningen till att jag visste att det var ngt fel var att den försökte skicka vidare filen "photos" över msn hela tiden.

Jag är väldigt förvånad att du inte märkte något av de andra otrevligheterna som annons- och spionprogrammen Istbar, Surfaccuracy, DyFuCA, Avenue Media och ErrorSafe. Eftersom jag inte vet vad de gör i detalj så är det kanske bäst att du byter alla lösenord i datorn och på internet. Fast först så installera det gratis antivirusprogrammet Antivir och skanna genom datorn med det, eftersom det fortfarande kan finnas otrevligheter i datorn. http://www.free-av.com/

 

Se till att du i fortsättningen har uppdaterade säkerhetsprogram så att datorn inte blir så kraftigt infekterad, om du nu inte gillar att formatera och installera allt på nytt.

 

Sedan är det dags att pröva med att starta MSN.

 

[log]Här kommer mina vanliga råd för en säkrare dator, men det är så klart viktigt att man använder sitt förnuft också.

 

Uppdatera från Windows Update och kör antispionprogrammen AVG Anti-Spyware (Ewido), SUPERAntiSpyware Free Edition och/eller Spybot S&D regelbundet.

http://www.ewido.net/en/

http://www.superantispyware.com/

http://www.safer-networking.org/en/download/index.html

 

Använd en brandvägg (bättre än den inbyggda i XP), det finns gratis t ex Comodo och ZoneAlarm.

http://www.personalfirewall.comodo.com/

http://www.zonealarm.com/store/content/company/products/znalm/freeDownload.jsp

Länken "I only want basic ZoneAlarm protection" eller på

http://www.majorgeeks.com/ZoneAlarm_Free_d388.html

 

Komplettera antivirusprogrammet med några online-skanningar då och då:

http://housecall.trendmicro.com/

http://www.bitdefender.com/scan8/ie.html

http://www.pandasoftware.com/products/activescan/

 

Om man använder Internet Explorer så kan det vara lämpligt att ha programmet SpywareBlaster, vilket hindrar en hel del otrevliga program från att laddas ner resp. köras http://www.javacoolsoftware.com , samt kör IE-SpyAd som lägger en hel massa otrevliga webbplatser i zonen Ej tillförlitliga i Internet Explorer så att de inte kan göra något med datorn http://www.spywarewarrior.com/uiuc/resource.htm

 

Se över säkerhetsinställningarna i Internet Explorer, det finns en hel del tips på:

http://surfthenetsafely.com/surfsafely6.htm

http://www.spywarewarrior.com/uiuc/btw/ie/ie-opts.htm

 

Om man använder webbläsaren Firefox så är det lämpligt att ha tillägget NoScript.

http://www.mozilla.com

https://addons.mozilla.org/firefox/722/

 

Se vilka webbplatser som är säkra/osäkra med hjälp av SiteAdvisor http://www.siteadvisor.com

 

Allt gratis för hemanvändare/personligt bruk.[/log]

 

Link to comment
Share on other sites

Tack för alla tips.

 

Har nu scannat igenom datorn och hoppas att allt är borta men hur kan jag kontrollera att det inte finns kvar diverse otrevligheter?

 

 

 

 

 

Link to comment
Share on other sites

Om inget av antispionprogrammen eller online-skanningarna mot virus hittar något och brandväggen inte larmar om okända program, samt datorn uppför sig normalt så är det osannolikt att det finns otrevligheter i datorn. Men helt säker kan man bara vara just efter en formatering och nyinstallation av Windows.

 

Tack för alla poäng också! :)

 

[inlägget ändrat 2007-06-21 20:06:09 av Cecilia]

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...