SPYWARE

[Pivo]

hEJ ÄR DET NÅGON SOM KAN HJÄLPA MIG ATT FÅ BORT ETT SPYWARE

DET STÅR PÅ MIN BILDSKÄRM

WARNING

YOU''RE COMPUTER ARE INFECTED WITH SPYWARE

hAR KÖRT VIRUSSCAN INGA PROPLEM SÄGER DEN +SPYWAREFIGTHER MEN DET HJÄLPER INTE [log]Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 23:05:31, on 2007-10-08

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

c:\program\delade filer\logitech\lvmvfm\LVPrcSrv.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\Program\Network Associates\VirusScan\SHSTAT.EXE

C:\Program\Network Associates\Common Framework\UpdaterUI.exe

C:\Program\Delade filer\Network Associates\TalkBack\tbmon.exe

C:\Program\Delade filer\Real\Update_OB\realsched.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\Program\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe

C:\Program\iTunes\iTunesHelper.exe

C:\Program\QuickTime\qttask.exe

C:\Program\Delade filer\Logitech\LComMgr\Communications_Helper.exe

C:\Program\Logitech\QuickCam10\QuickCam10.exe

C:\Program\Java\jre1.6.0_03\bin\jusched.exe

C:\Program\WinMsg\SWARE.EXE

C:\Program\SPYWAREfighter\spftray.exe

C:\Program\Network Associates\Common Framework\FrameworkService.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program\Messenger\msmsgs.exe

C:\Program\MSN Messenger\MsnMsgr.Exe

C:\Program\Delade filer\Logitech\LComMgr\LVComSX.exe

C:\Program\Secretmaker\secretmaker.exe

C:\Program\OpenOffice.org 2.0\program\soffice.exe

C:\Program\OpenOffice.org 2.0\program\soffice.BIN

C:\Program\Network Associates\VirusScan\mcshield.exe

C:\Program\Network Associates\VirusScan\vstskmgr.exe

C:\WINDOWS\system32\svchost.exe

C:\Program\iPod\bin\iPodService.exe

C:\Program\SPYWAREfighter\spfprc.exe

C:\PROGRAM\Mozilla Firefox\firefox.exe

C:\Program\Logitech\QuickCam10\COCIManager.exe

C:\WINDOWS\System32\svchost.exe

C:\Documents and Settings\Jag\Mina dokument\PrcView.exe

C:\Program\Trend Micro\HijackThis\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://safe-strip-download.com/soft/in.cgi?3&group=sta'>http://safe-strip-download.com/soft/in.cgi?3&group=sta

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://safe-strip-download.com/soft/in.cgi?3&group=sta

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/'>http://www.yahoo.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar

O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program\Yahoo!\Common\yiesrvc.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program\Java\jre1.6.0_03\bin\ssv.dll

O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll

O2 - BHO: IeHelper Class - {A491D208-B353-490F-B81A-A8A3DC97042D} - C:\WINDOWS\system32\smiehlp.dll

O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program\MSN Apps\MSN Toolbar\01.02.5000.1021\sv\msntb.dll

O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program\MSN Apps\MSN Toolbar\01.02.5000.1021\sv\msntb.dll

O4 - HKLM\..\Run: [shStatEXE] "C:\Program\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE

O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey

O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program\Delade filer\Network Associates\TalkBack\tbmon.exe"

O4 - HKLM\..\Run: [TkBellExe] "C:\Program\Delade filer\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [semanticInsight] C:\Program\RXToolBar\Semantic Insight\SemanticInsight.exe

O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program\Delade filer\Logitech\LComMgr\Communications_Helper.exe"

O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program\Logitech\QuickCam10\QuickCam10.exe" /hide

O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program\Google\Google Desktop Search\GoogleDesktop.exe" /startup

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program\Java\jre1.6.0_03\bin\jusched.exe"

O4 - HKLM\..\Run: [sware] C:\Program\WinMsg\SWARE.EXE

O4 - HKLM\..\Run: [spywarefighterguard] C:\Program\SPYWAREfighter\spftray.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Program\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [bitTorrent] "C:\Program\BitTorrent\bittorrent.exe" --force_start_minimized

O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ''LOKAL TJÄNST'')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ''NETWORK SERVICE'')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ''SYSTEM'')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ''Default user'')

O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program\OpenOffice.org 2.0\program\quickstart.exe

O4 - Startup: PowerReg Scheduler.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: SECRETMAKER.lnk = C:\Program\Secretmaker\secretmaker.exe

O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program\Yahoo!\Common/ycsrch.htm

O8 - Extra context menu item: Ladda ner med Download &Express - C:\Program\Download Express\Add_Url.htm

O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program\Yahoo!\Common/ycdict.htm

O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program\Yahoo!\Common/ycmap.htm

O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program\Yahoo!\Common/ycsms.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra ''Tools'' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program\Yahoo!\Common\yiesrvc.dll

O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program\PartyGaming.Net\PartyPokerNet\RunPF.exe (file missing)

O9 - Extra ''Tools'' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program\PartyGaming.Net\PartyPokerNet\RunPF.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O9 - Extra ''Tools'' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O12 - Plugin for .spop: C:\Program\Internet Explorer\Plugins\NPDocBox.dll

O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab

O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} -

O16 - DPF: {B64F4A7C-97C9-11DA-8BDE-F66BAD1E3F3A} - http://locator1.cdn.imagesrvr.com/sites/errorsafe.com/www/download/2006/cabs/ErrorSafeFreeInstall_se.cab

O18 - Filter hijack: text/html - {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - (no file)

O20 - AppInit_DLLs: C:\Program\Google\GOOGLE~1\GOEC62~1.DLL

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: GoogleDesktopManager - Google - C:\Program\Google\Google Desktop Search\GoogleDesktop.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program\Delade filer\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPodService - Apple Computer, Inc. - C:\Program\iPod\bin\iPodService.exe

O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program\delade filer\logitech\lvmvfm\LVPrcSrv.exe

O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program\Delade filer\Logitech\SrvLnch\SrvLnch.exe

O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program\Network Associates\Common Framework\FrameworkService.exe

O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program\Network Associates\VirusScan\mcshield.exe

O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program\Network Associates\VirusScan\vstskmgr.exe

O23 - Service: SPYWAREfighterRP - SpamFighter APS - C:\Program\SPYWAREfighter\spfprc.exe

 

--

End of file - 9593 bytes[/log]

 

[inlägget ändrat 2007-10-08 23:06:10 av Pivo]

[inlägget ändrat 2007-10-08 23:09:39 av Pivo]

 

Lagt till LOG-taggar

När du har klistrat in en logg så var vänlig och markera loggen och tryck sedan på LOG-knappen som finns på samma rad som i inläggsfönstret.

Cecilia - Moderator för Virus - Antivirus

 

[inlägget ändrat 2007-10-08 23:32:20 av Cecilia]

[Cecilia]

Ladda ner ComboFix:

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

 

Kör den och följ anvisningarna som visas.

 

VIKTIGT! Klicka inte på Combofix-fönstret med musen när den körs annars kan den hänga upp sig.

 

När den är färdig så ska en logg komma upp, klistra in den här, samt en ny HijackThis-logg.

 

[Brynäsarn]

Hej är det någon som kan hjälp mej...

 

Det vore bra om du inte använder stora bokstäver när du skriver

inlägg,eftersom det kan uppfattas som om du skriker...