Just nu i M3-nätverket
Jump to content

CiD, sjukt jobbiga popuper. Spyware.


Marsupilami

Recommended Posts

Hej

Finns det någon vänlig själ som kan hjälpa mig?

Har problem med spyware, CiD popuper kommer med täta mellanrum.

Läste om nån som fixade det med ComboFix men jag har kört den och problemet kvarstår.

Bifogar HiJackThis rapporten och ComboFix rapporten

[log]Logfile of Trend Micro HijackThis v2.0.0 (BETA)

Scan saved at 13:44:58, on 2008-09-01

Platform: Windows XP SP2 (WinNT 5.01.2600)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program\DAEMON Tools\daemon.exe

C:\Program\QuickTime\qttask.exe

C:\Program\iTunes\iTunesHelper.exe

C:\Program\AVG\AVG8\avgtray.exe

C:\Program\Java\jre1.6.0_07\bin\jusched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

C:\Program\AVG\AVG8\avgwdsvc.exe

C:\WINDOWS\system32\svchost.exe

C:\Program\AVG\AVG8\avgrsx.exe

C:\Program\AVG\AVG8\avgemc.exe

C:\Program\iPod\bin\iPodService.exe

C:\WINDOWS\explorer.exe

C:\Documents and Settings\Fam. Rambäck\Skrivbord\HiJackThis_v2.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.se/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157'>http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896'>http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar

R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program\Macrogaming\SweetIMBarForIE\toolbar.dll

R3 - URLSearchHook: (no name) - {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program\AVG\AVG8\avgssie.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program\Java\jre1.6.0_07\bin\ssv.dll

O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\Program\AVG\AVG8\avgtoolbar.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program\google\googletoolbar1.dll

O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program\Macrogaming\SweetIMBarForIE\toolbar.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program\google\googletoolbar1.dll

O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program\AskSBar\bar\1.bin\ASKSBAR.DLL

O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\Program\AVG\AVG8\avgtoolbar.dll

O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program\DAEMON Tools\daemon.exe" -lang 1033

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Amok Eggs Four Web] C:\Documents and Settings\All Users\Application Data\part dead amok eggs\barb roam.exe

O4 - HKLM\..\Run: [AVG8_TRAY] C:\Program\AVG\AVG8\avgtray.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program\Java\jre1.6.0_07\bin\jusched.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [sweetIM] C:\Program\Macrogaming\SweetIM\SweetIM.exe

O4 - HKCU\..\Run: [TimeInter] C:\DOCUME~1\FAM~1.RAM\APPLIC~1\OPTION~1\HOLDUSERMFCD.exe

O4 - HKCU\..\Run: [swg] C:\Program\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

O4 - Global Startup: Uppdateringsagent.lnk = ?

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.6.0_07\bin\ssv.dll

O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab

O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/OnlineScanner.cab

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program\AVG\AVG8\avgpp.dll

O20 - AppInit_DLLs: avgrsstx.dll

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program\Delade filer\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\Program\AVG\AVG8\avgemc.exe

O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\Program\AVG\AVG8\avgwdsvc.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program\iPod\bin\iPodService.exe

 

--

End of file - 5119 bytes

[/log]

[log]ComboFix 08-08-31.01 - Fam. Rambäck 2008-09-01 13:39:41.2 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1053.18.128 [GMT 2:00]

Running from: C:\Documents and Settings\Fam. Rambäck\Skrivbord\ComboFix.exe

 

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

 

((((((((((((((((((((((((( Files Created from 2008-08-01 to 2008-09-01 )))))))))))))))))))))))))))))))

.

 

2008-09-01 13:19 . 2008-09-01 13:19 <KAT> d-------- C:\WINDOWS\system32\config\systemprofile\Lokala instõllningar

2008-09-01 13:19 . 2008-09-01 13:19 <KAT> d-------- C:\Documents and Settings\Susanne och magnus\Lokala instõllningar

2008-09-01 13:19 . 2008-09-01 13:19 <KAT> d-------- C:\Documents and Settings\NetworkService\Lokala instõllningar

2008-09-01 13:19 . 2008-09-01 13:19 <KAT> d-------- C:\Documents and Settings\LocalService\Lokala instõllningar

2008-09-01 13:19 . 2008-09-01 13:19 <KAT> d-------- C:\Documents and Settings\Gõst

2008-09-01 13:19 . 2008-09-01 13:19 <KAT> d-------- C:\Documents and Settings\Fam. Rambõck

2008-09-01 13:19 . 2008-09-01 13:19 <KAT> d-------- C:\Documents and Settings\angelica\Lokala instõllningar

2008-09-01 13:19 . 2008-09-01 13:19 <KAT> d-------- C:\Documents and Settings\Administrat÷r

2008-09-01 13:14 . 2008-09-01 13:14 <KAT> d-------- C:\WINDOWS\system32\xircom

2008-09-01 13:14 . 2008-09-01 13:14 <KAT> d-------- C:\Program\microsoft frontpage

2008-09-01 12:48 . 2008-06-10 02:32 73,728 --a------ C:\WINDOWS\system32\javacpl.cpl

2008-09-01 12:45 . 2008-09-01 12:48 <KAT> d-------- C:\Program\Java

2008-09-01 12:45 . 2008-09-01 12:45 <KAT> d-------- C:\Program\Delade filer\Java

2008-09-01 12:29 . 2008-09-01 12:29 268 --ah----- C:\sqmdata15.sqm

2008-09-01 12:29 . 2008-09-01 12:29 244 --ah----- C:\sqmnoopt15.sqm

2008-09-01 11:03 . 2008-09-01 11:08 <KAT> d-------- C:\Documents and Settings\angelica\Application Data\AVGTOOLBAR

2008-09-01 09:46 . 2008-09-01 09:47 <KAT> d-------- C:\Program\EsetOnlineScanner

2008-09-01 09:36 . 2008-09-01 09:52 <KAT> d-------- C:\Documents and Settings\Susanne och magnus\Application Data\optionbind

2008-09-01 09:33 . 2008-09-01 09:33 <KAT> d--h----- C:\WINDOWS\system32\GroupPolicy

2008-09-01 09:32 . 2008-09-01 09:43 <KAT> d-------- C:\Documents and Settings\Susanne och magnus\Application Data\AVGTOOLBAR

2008-09-01 07:11 . 2008-09-01 07:24 <KAT> d-------- C:\Documents and Settings\Gäst\Application Data\AVGTOOLBAR

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-09-01 07:35 97,928 ----a-w C:\WINDOWS\system32\drivers\avgldx86.sys

2008-07-31 22:46 --------- d--h--w C:\Program\InstallShield Installation Information

2008-07-31 22:35 --------- d-----w C:\Program\7-Zip

2008-07-31 21:22 --------- d-----w C:\Program\keygen

2008-07-31 21:22 --------- d-----w C:\Documents and Settings\Fam. Rambäck\Application Data\AVGTOOLBAR

2008-07-31 21:12 --------- d-----w C:\Program\Circle Developement

2008-07-31 20:40 76,040 ----a-w C:\WINDOWS\system32\drivers\avgtdix.sys

2008-07-31 20:40 10,520 ----a-w C:\WINDOWS\system32\avgrsstx.dll

2008-07-31 20:39 --------- d-----w C:\Program\AVG

2008-07-31 20:39 --------- d-----w C:\Documents and Settings\All Users\Application Data\avg8

2008-07-31 20:28 --------- d-----w C:\Documents and Settings\Fam. Rambäck\Application Data\optionbind

2008-07-31 20:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\part dead amok eggs

2008-07-31 20:26 --------- d-----w C:\Program\optionbind

2008-07-31 20:18 91,648 ----a-w C:\WINDOWS\system32\iplfyjsv.dll

2008-07-08 13:47 --------- d-----w C:\Documents and Settings\Fam. Rambäck\Application Data\uTorrent

2007-12-06 21:41 6,076,704 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat

2007-12-06 21:41 120,096 --sha-w C:\WINDOWS\system32\drivers\fidbox2.dat

.

 

------- Sigcheck -------

 

2006-09-03 14:44 360576 bd8686216e34e22c4ed45a2320b2bea1 C:\WINDOWS\system32\drivers\tcpip.sys

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2}"= "C:\Program\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL" [2008-06-24 12:07 66912]

 

[HKEY_CLASSES_ROOT\clsid\{0579b4b6-0293-4d73-b02d-5ebb0ba0f0a2}]

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:34 15360]

"SweetIM"="C:\Program\Macrogaming\SweetIM\SweetIM.exe" [2008-01-02 21:15 103712]

"TimeInter"="C:\DOCUME~1\FAM~1.RAM\APPLIC~1\OPTION~1\HOLDUSERMFCD.exe" [2008-07-31 22:26 528384]

"swg"="C:\Program\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2008-06-23 23:50 171448]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"DAEMON Tools"="C:\Program\DAEMON Tools\daemon.exe" [2005-12-10 16:57 133016]

"QuickTime Task"="C:\Program\QuickTime\qttask.exe" [2006-09-01 16:57 282624]

"Adobe Photo Downloader"="C:\Program\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-07 00:46 57344]

"iTunesHelper"="C:\Program\iTunes\iTunesHelper.exe" [2006-09-12 02:58 229952]

"Adobe Reader Speed Launcher"="C:\Program\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]

"Amok Eggs Four Web"="C:\Documents and Settings\All Users\Application Data\part dead amok eggs\barb roam.exe" [2008-09-01 13:32 3507712]

"AVG8_TRAY"="C:\Program\AVG\AVG8\avgtray.exe" [2008-09-01 09:35 1235736]

"SunJavaUpdateSched"="C:\Program\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=avgrsstx.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"VIDC.X264"= x264vfw.dll

 

[HKLM\~\startupfolder\C:^Documents and Settings^Fam. Rambäck^Start-meny^Program^Autostart^desktop.ini]

path=C:\Documents and Settings\Fam. Rambäck\Start-meny\Program\Autostart\desktop.ini

backup=C:\WINDOWS\pss\desktop.iniStartup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]

--a------ 2005-06-07 00:46 57344 C:\Program\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

--a------ 2008-01-11 22:16 39792 C:\Program\Adobe\Reader 8.0\Reader\reader_sl.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]

--a------ 2006-03-08 22:05 344064 C:\Program\ATI Technologies\ATI Control Panel\atiptaxx.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray]

--a------ 2005-05-19 15:47 57344 C:\Program\SlySoft\CloneCD\CloneCDTray.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HControl]

-ra------ 2006-02-23 06:40 106496 C:\WINDOWS\ATK0100\HControl.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

--a------ 2006-09-12 02:58 229952 C:\Program\iTunes\iTunesHelper.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

--a------ 2006-09-01 16:57 282624 C:\Program\QuickTime\qttask.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]

--a------ 2008-06-23 23:50 171448 C:\Program\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]

-r------- 2005-05-03 12:43 69632 C:\WINDOWS\Alcmtr.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]

-r------- 2006-05-04 09:59 16206848 C:\WINDOWS\RTHDCPL.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]

--a------ 2006-05-16 18:04 2879488 C:\WINDOWS\SkyTel.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSERIAL]

-ra------ 2006-01-20 06:34 544768 C:\WINDOWS\sm56hlpr.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"ose"=3 (0x3)

"MDM"=2 (0x2)

"iPod Service"=3 (0x3)

"gusvc"=3 (0x3)

"Ati HotKey Poller"=2 (0x2)

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"UpdatesDisableNotify"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\Program\\Messenger\\msmsgs.exe"=

"C:\\Program\\LimeWire\\LimeWire.exe"=

"C:\\Program\\uTorrent\\uTorrent.exe"=

"C:\\Program\\MSN Messenger\\msnmsgr.exe"=

"C:\\Program\\MSN Messenger\\livecall.exe"=

"C:\\Program\\iTunes\\iTunes.exe"=

"C:\\Program\\FrostWire\\FrostWire.exe"=

"C:\\Program\\AVG\\AVG8\\avgemc.exe"=

"C:\\Program\\AVG\\AVG8\\avgupd.exe"=

 

R1 AvgLdx86;AVG Free AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-09-01 09:35]

R2 avg8emc;AVG Free8 E-mail Scanner;C:\Program\AVG\AVG8\avgemc.exe [2008-09-01 09:35]

R2 avg8wd;AVG Free8 WatchDog;C:\Program\AVG\AVG8\avgwdsvc.exe [2008-09-01 09:35]

R2 AvgTdiX;AVG Free8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-07-31 22:40]

R2 mdvrmng;Mobile IP Route Manager;C:\WINDOWS\system32\drivers\mdvrmng.sys [2007-05-28 18:00]

R3 SynMini;USB2.0 1.3M WebCam;C:\WINDOWS\system32\Drivers\SynMini.sys [2006-07-03 04:33]

R3 SynScan;USB2.0 1.3M WebCam Still Image;C:\WINDOWS\system32\Drivers\SynScan.sys [2006-06-30 04:40]

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]

\Shell\AutoRun\command - F:\AutoRun.exe

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{393123ea-fce8-11dc-a49f-0018f37cba5e}]

\Shell\AutoRun\command - F:\AutoRun.exe

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{52eacbf0-f343-11dc-a47b-0018f37cba5e}]

\Shell\AutoRun\command - F:\AutoRun.exe

 

*Newly Created Service* - CATCHME

.

Contents of the 'Scheduled Tasks' folder

.

.

------- Supplementary Scan -------

.

R0 -: HKCU-Main,Start Page = hxxp://www.google.se/

R0 -: HKCU-Main,SearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

R1 -: HKCU-SearchURL,(Default) = hxxp://www.google.com/search?q=%s

 

O16 -: {193C772A-87BE-4B19-A7BB-445B226FE9A1} - hxxp://downloads.ewido.net/ewidoOnlineScan.cab

C:\WINDOWS\Downloaded Program Files\ewidoOnlineScan.dll

.

 

**************************************************************************

 

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-09-01 13:41:37

Windows 5.1.2600 Service Pack 2 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

.

Completion time: 2008-09-01 13:43:12

ComboFix-quarantined-files.txt 2008-09-01 11:43:07

ComboFix2.txt 2008-09-01 11:19:03

 

Pre-Run: 57,858,236,416 byte ledigt

Post-Run: 57,850,286,080 byte ledigt

 

166 --- E O F --- 2007-12-06 21:28:30

[/log]

Tack på förhand

 

Link to comment
Share on other sites

Körde senaste HiJackThis

[log]Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 13:51:11, on 2008-09-01

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.5730.0013)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program\DAEMON Tools\daemon.exe

C:\Program\QuickTime\qttask.exe

C:\Program\iTunes\iTunesHelper.exe

C:\Program\AVG\AVG8\avgtray.exe

C:\Program\Java\jre1.6.0_07\bin\jusched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

C:\Program\AVG\AVG8\avgwdsvc.exe

C:\WINDOWS\system32\svchost.exe

C:\Program\AVG\AVG8\avgrsx.exe

C:\Program\AVG\AVG8\avgemc.exe

C:\Program\iPod\bin\iPodService.exe

C:\WINDOWS\explorer.exe

C:\Documents and Settings\Fam. Rambäck\Skrivbord\HiJackThis_v2.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\Program\Internet Explorer\IEXPLORE.EXE

C:\WINDOWS\system32\NOTEPAD.EXE

C:\Program\Trend Micro\HijackThis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.se/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157'>http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896'>http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar

R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program\Macrogaming\SweetIMBarForIE\toolbar.dll

R3 - URLSearchHook: (no name) - {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program\AVG\AVG8\avgssie.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program\Java\jre1.6.0_07\bin\ssv.dll

O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\Program\AVG\AVG8\avgtoolbar.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program\google\googletoolbar1.dll

O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program\Macrogaming\SweetIMBarForIE\toolbar.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program\google\googletoolbar1.dll

O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program\AskSBar\bar\1.bin\ASKSBAR.DLL

O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\Program\AVG\AVG8\avgtoolbar.dll

O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program\DAEMON Tools\daemon.exe" -lang 1033

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Amok Eggs Four Web] C:\Documents and Settings\All Users\Application Data\part dead amok eggs\barb roam.exe

O4 - HKLM\..\Run: [AVG8_TRAY] C:\Program\AVG\AVG8\avgtray.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program\Java\jre1.6.0_07\bin\jusched.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [sweetIM] C:\Program\Macrogaming\SweetIM\SweetIM.exe

O4 - HKCU\..\Run: [TimeInter] C:\DOCUME~1\FAM~1.RAM\APPLIC~1\OPTION~1\HOLDUSERMFCD.exe

O4 - HKCU\..\Run: [swg] C:\Program\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

O4 - Global Startup: Uppdateringsagent.lnk = ?

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.6.0_07\bin\ssv.dll

O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab

O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/OnlineScanner.cab

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program\AVG\AVG8\avgpp.dll

O20 - AppInit_DLLs: avgrsstx.dll

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program\Delade filer\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\Program\AVG\AVG8\avgemc.exe

O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\Program\AVG\AVG8\avgwdsvc.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program\iPod\bin\iPodService.exe

 

--

End of file - 5319 bytes

[/log]

 

Link to comment
Share on other sites

[log]Avinstallera via Kontrollpanelen om hittas

 

CiD

AskSBar

SweetIM

 

Sen ta bort med dolda filer synliga om hittas

 

C:\Program\AskSBar\

C:\Program\Macrogaming\SweetIMBarForIE

C:\Program\Macrogaming\SweetIM\

C:\WINDOWS\system32\iplfyjsv.dll

C:\Documents and Settings\All Users\Application Data\part dead amok eggs

C:\Documents and Settings\Fam. Rambäck\Application Data\optionbind

C:\Documents and Settings\Susanne och magnus\Application Data\optionbind

 

starta om datorn och ny Hijack log.

Vad finns i denna mapp

 

C:\Program\optionbind[/log]

 

[inlägget ändrat 2008-09-01 14:15:17 av Zipp.]

Link to comment
Share on other sites

Ny logg..

[log]Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 14:21:04, on 2008-09-01

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.5730.0013)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program\AVG\AVG8\avgwdsvc.exe

C:\WINDOWS\system32\svchost.exe

C:\Program\AVG\AVG8\avgrsx.exe

C:\Program\AVG\AVG8\avgemc.exe

C:\WINDOWS\Explorer.EXE

C:\Program\DAEMON Tools\daemon.exe

C:\Program\QuickTime\qttask.exe

C:\Program\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe

C:\Program\iTunes\iTunesHelper.exe

C:\Program\Adobe\Reader 8.0\Reader\Reader_sl.exe

C:\Program\iPod\bin\iPodService.exe

C:\Program\Internet Explorer\IEXPLORE.EXE

C:\Program\AVG\AVG8\avgtray.exe

C:\Program\Java\jre1.6.0_07\bin\jusched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

C:\Program\internet explorer\iexplore.exe

C:\Program\Trend Micro\HijackThis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.se/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157'>http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896'>http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program\AVG\AVG8\avgssie.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program\Java\jre1.6.0_07\bin\ssv.dll

O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\Program\AVG\AVG8\avgtoolbar.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program\google\googletoolbar1.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program\google\googletoolbar1.dll

O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\Program\AVG\AVG8\avgtoolbar.dll

O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program\DAEMON Tools\daemon.exe" -lang 1033

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Amok Eggs Four Web] C:\Documents and Settings\All Users\Application Data\part dead amok eggs\barb roam.exe

O4 - HKLM\..\Run: [AVG8_TRAY] C:\Program\AVG\AVG8\avgtray.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program\Java\jre1.6.0_07\bin\jusched.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [sweetIM] C:\Program\Macrogaming\SweetIM\SweetIM.exe

O4 - HKCU\..\Run: [TimeInter] C:\DOCUME~1\FAM~1.RAM\APPLIC~1\OPTION~1\HOLDUSERMFCD.exe

O4 - HKCU\..\Run: [swg] C:\Program\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

O4 - Global Startup: Uppdateringsagent.lnk = ?

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.6.0_07\bin\ssv.dll

O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab

O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/OnlineScanner.cab

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program\AVG\AVG8\avgpp.dll

O20 - AppInit_DLLs: avgrsstx.dll

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program\Delade filer\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\Program\AVG\AVG8\avgemc.exe

O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\Program\AVG\AVG8\avgwdsvc.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program\iPod\bin\iPodService.exe

 

--

End of file - 4908 bytes[/log]

 

part dead amok eggs gick inte att ta bort förrän efter omstart.

C:\Program\optionbind är tom.

 

Jag är väldigt tacksam för att du engagerar dig..

 

Link to comment
Share on other sites

 

[log]Scanna med Hijack bocka i följande rader stäng Web-läsaren och klicka Fix checked

 

O4 - HKLM\..\Run: [Amok Eggs Four Web] C:\Documents and Settings\All Users\Application Data\part dead amok eggs\barb roam.exe

O4 - HKCU\..\Run: [sweetIM] C:\Program\Macrogaming\SweetIM\SweetIM.exe

O4 - HKCU\..\Run: [TimeInter] C:\DOCUME~1\FAM~1.RAM\APPLIC~1\OPTION~1\HOLDUSERMFCD.exe

 

sen är loggen ok.

 

C:\Program\optionbind är tom.

 

Då kan du ta bort den[/log]

 

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.



×
×
  • Create New...