taskmgr vill inte fungera +lite annat

[Nathalan]

Jag har varit gravt puckad och lyckades surfa runt på cracksidor och nu så har helvetet brutit lös.

 

Jag har Norton Internet Security 2008, Ad-aware 2008 (free)

 

Problem:

[log]

*Aktivitetshanteraren har inaktiverats av administratören; jag är administratör och har aldrig hört talas om att den gick att inaktivera.

 

*C:\ syns inte i 'Den här datorn'; jag kan dock fortfarande ta mig in i den och komma åt alla filer, så vitt jag vet.

 

*Klockan nere i högra hörnet på menyraden har tiden och sen ett meddelande efter sig. exempel: '11:10: VIRUS ALERT!' (som det också precis står) Det står också i ALLA tidsstämplar, även de som används av Norton.

 

*Program fliken är borttagen ifrån menyn i WindowsXP start-menyn (inte den klassiska)[/log]

 

Virus, Trojaner etc:

[log]

Det jag hittat och tagit bort med Norton är:

*Downloader.Zlob!gen.3

*Downloader.MisleadApp

*AntiVirus2008

*Trojan.Fakeavalert (har gjort fertalet sökningar men har lyckats hitta en eller flera sådan här varje gång)

 

Det jag hittade och tog bort med Ad-aware är:

*Win32.FakeAlert.PCHealthCenter (jag har loggen om det behövs)[/log]

 

Så nu står jag med fötterna i en vattenpöl med händerna klämda i en bildörr och har ingen aning om vad jag ska göra, skulle vara skönt om man lyckades ta sig runt en formatering.

 

All hjälp uppskattad!

 

[Edit pga, format/stavning etc]

[inlägget ändrat 2008-09-13 11:36:40 av Nathalan]

[Cecilia]

Se om det här hjälper redan på en gång eller om det behövs någon fix innan.

Ladda ner Malwarebytes Anti-Malware från en av dessa länkar:

http://www.malwaresupport.com/mbam/program/mbam-setup.exe

http://www.brothersoft.com/download-malwarebytes.-anti-malware-71406.html

Dubbelklicka på mbam-setup.exe för att installera programmet.

 

[log]Bocka för:

Update Malwarebytes' Anti-Malware

Launch Malwarebytes' Anti-Malware

Tryck på Finish

Om det finns någon uppdatering så kommer den att laddas ner och installeras.

 

När programmet startar så välj Perform Quick Scan och tryck på Scan.

Skanningen tar ett tag.

När den är klar så tryck på OK och sedan Show Results.

Bocka för allt och tryck sedan Remove Selected.

När borttagningen är klar så öppnar Anteckningar med en logg.

 

Eventuellt så kommer det upp en begäran om att starta om datorn (Restart). I så fall gör det.

Om programmet inte kommer igång efter omstarten så starta det.

 

Om loggen inte kommer upp själv i Anteckningar så hittar du loggen på Logs-fliken i MBAM.

Kopiera loggen och klistra in den i ditt svar.[/log]

 

[Nathalan]

Lägger upp loggen nu så ska jag reboota:

 

[log]Malwarebytes' Anti-Malware 1.28

Databasversion: 1144

Windows 5.1.2600 Service Pack 2

 

2008-09-13 15:49:12

mbam-log-2008-09-13 (15-49-12).txt

 

Skanningstyp: Fullständig skanning (C:\|)

Antal skannade objekt: 130822

Förfluten tid: 1 hour(s), 7 minute(s), 6 second(s)

 

Infekterade minnesprocesser: 0

Infekterade minnesmoduler: 4

Infekterade registernycklar: 20

Infekterade registervärden: 40

Infekterade registerdataposter: 11

Infekterade mappar: 1

Infekterade filer: 72

 

Infekterade minnesprocesser:

(Inga illasinnade poster hittades)

 

Infekterade minnesmoduler:

C:\WINDOWS\system32\cbXNGaXQ.dll (Trojan.Vundo.H) -> Delete on reboot.

C:\WINDOWS\system32\ljJBsRLb.dll (Trojan.Vundo) -> Delete on reboot.

C:\WINDOWS\system32\debkfp.dll (Trojan.Vundo) -> Delete on reboot.

C:\WINDOWS\system32\qrpggi.dll (Trojan.Vundo) -> Delete on reboot.

 

Infekterade registernycklar:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11e98e04-7ac0-4735-94a1-8e5e1adc4148} (Trojan.Vundo.H) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{11e98e04-7ac0-4735-94a1-8e5e1adc4148} (Trojan.Vundo.H) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{644d9331-f010-4a1a-99b1-6d2f04622803} (Trojan.Vundo.H) -> Delete on reboot.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ljjbsrlb (Trojan.Vundo.H) -> Delete on reboot.

HKEY_CLASSES_ROOT\CLSID\{644d9331-f010-4a1a-99b1-6d2f04622803} (Trojan.Vundo.H) -> Delete on reboot.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c90c9310-c630-456f-9a67-8f329c9bb9b2} (Trojan.Vundo.H) -> Delete on reboot.

HKEY_CLASSES_ROOT\CLSID\{c90c9310-c630-456f-9a67-8f329c9bb9b2} (Trojan.Vundo.H) -> Delete on reboot.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\tdssdata (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\tdss (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VSPlugin (Trojan.FakeAlert) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\fqbewlna.bngl (Trojan.FakeAlert) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\fqbewlna.toolbar.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Trojan.Vundo) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\MicroAV (Rogue.MicroAntivirus) -> Quarantined and deleted successfully.

 

Infekterade registervärden:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\6c4edf12 (Trojan.Vundo.H) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{644d9331-f010-4a1a-99b1-6d2f04622803} (Trojan.Vundo) -> Delete on reboot.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur2fc.exe (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur2fd.exe (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur2fe.exe (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur31f.exe (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur6c.exe (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur8a1.exe (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur8a8.exe (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur8a9.exe (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur944.exe (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur85c.exe (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur861.exe (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur876.exe (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur879.exe (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur88c.exe (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur929.exe (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur10dc.exe (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur116b.exe (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur116c.exe (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur116d.exe (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur2fc.exe (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur2fd.exe (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur2fe.exe (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur31f.exe (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur6c.exe (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur8a1.exe (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur8a8.exe (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur8a9.exe (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur944.exe (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur85c.exe (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur861.exe (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur876.exe (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur879.exe (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur88c.exe (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur929.exe (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur10dc.exe (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur116b.exe (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur116c.exe (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur116d.exe (Trojan.Agent) -> Quarantined and deleted successfully.

 

Infekterade registerdataposter:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\cbxngaxq -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\cbxngaxq -> Delete on reboot.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProductId (Trojan.FakeAlert) -> Bad: (VIRUS ALERT!) Good: (76463-OEM-0058332-65834) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\Control Panel\International\sTimeFormat (Trojan.FakeAlert) -> Bad: (HH:mm: VIRUS ALERT!) Good: (HH:mm:ss) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoStartMenuMorePrograms (Hijack.StartMenu) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\StartMenuLogOff (Hijack.StartMenu) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDrives (Hijack.Drives) -> Bad: (12) Good: (0) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoToolbarCustomize (Hijack.Explorer) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetFolders (Hijack.Explorer) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispCPL (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

 

Infekterade mappar:

C:\Program\MicroAV (Rogue.MicroAntivirus) -> Quarantined and deleted successfully.

 

Infekterade filer:

C:\WINDOWS\system32\qrpggi.dll (Trojan.Vundo.H) -> Delete on reboot.

C:\WINDOWS\system32\ljJBsRLb.dll (Trojan.Vundo.H) -> Delete on reboot.

C:\WINDOWS\system32\cbXNGaXQ.dll (Trojan.Vundo.H) -> Delete on reboot.

C:\WINDOWS\system32\QXaGNXbc.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\QXaGNXbc.ini2 (Trojan.Vundo.H) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\cwvnqjry.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\yrjqnvwc.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\ruydeuvv.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\vvuedyur.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\debkfp.dll (Trojan.Vundo) -> Delete on reboot.

C:\x (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\Documents and Settings\Richard\Lokala inställningar\Temporary Internet Files\Content.IE5\A18LK4GA\upd105320[1] (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\Documents and Settings\Richard\Lokala inställningar\Temporary Internet Files\Content.IE5\A18LK4GA\cntr[1] (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\Documents and Settings\Richard\Lokala inställningar\Temporary Internet Files\Content.IE5\WPDSFM7W\file[1].exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\Documents and Settings\Richard\Lokala inställningar\Temporary Internet Files\Content.IE5\WPDSFM7W\nd82m0[1] (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\Documents and Settings\Richard\Lokala inställningar\Temporary Internet Files\Content.IE5\WPDSFM7W\cntr[1].gif (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{DE696CFF-74FD-4BA8-850F-9036D16CFB86}\RP782\A0199463.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{DE696CFF-74FD-4BA8-850F-9036D16CFB86}\RP782\A0199461.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{DE696CFF-74FD-4BA8-850F-9036D16CFB86}\RP782\A0199462.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{DE696CFF-74FD-4BA8-850F-9036D16CFB86}\RP782\A0199464.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{DE696CFF-74FD-4BA8-850F-9036D16CFB86}\RP782\A0199465.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{DE696CFF-74FD-4BA8-850F-9036D16CFB86}\RP782\A0199466.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{DE696CFF-74FD-4BA8-850F-9036D16CFB86}\RP782\A0200212.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{DE696CFF-74FD-4BA8-850F-9036D16CFB86}\RP782\A0200213.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{DE696CFF-74FD-4BA8-850F-9036D16CFB86}\RP782\A0200214.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{DE696CFF-74FD-4BA8-850F-9036D16CFB86}\RP782\A0200230.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{DE696CFF-74FD-4BA8-850F-9036D16CFB86}\RP782\A0200329.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{DE696CFF-74FD-4BA8-850F-9036D16CFB86}\RP782\A0200330.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{DE696CFF-74FD-4BA8-850F-9036D16CFB86}\RP782\A0200331.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{DE696CFF-74FD-4BA8-850F-9036D16CFB86}\RP782\A0200332.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{DE696CFF-74FD-4BA8-850F-9036D16CFB86}\RP782\A0200333.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{DE696CFF-74FD-4BA8-850F-9036D16CFB86}\RP782\A0200355.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{DE696CFF-74FD-4BA8-850F-9036D16CFB86}\RP783\A0200397.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{DE696CFF-74FD-4BA8-850F-9036D16CFB86}\RP783\A0200399.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{DE696CFF-74FD-4BA8-850F-9036D16CFB86}\RP783\A0200401.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{DE696CFF-74FD-4BA8-850F-9036D16CFB86}\RP783\A0200402.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{DE696CFF-74FD-4BA8-850F-9036D16CFB86}\RP783\A0200404.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{DE696CFF-74FD-4BA8-850F-9036D16CFB86}\RP785\A0200494.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{DE696CFF-74FD-4BA8-850F-9036D16CFB86}\RP785\A0200495.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{DE696CFF-74FD-4BA8-850F-9036D16CFB86}\RP785\A0200496.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{DE696CFF-74FD-4BA8-850F-9036D16CFB86}\RP785\A0200497.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{DE696CFF-74FD-4BA8-850F-9036D16CFB86}\RP785\A0200498.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{DE696CFF-74FD-4BA8-850F-9036D16CFB86}\RP785\A0200499.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{DE696CFF-74FD-4BA8-850F-9036D16CFB86}\RP785\A0200500.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{DE696CFF-74FD-4BA8-850F-9036D16CFB86}\RP785\A0200501.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{DE696CFF-74FD-4BA8-850F-9036D16CFB86}\RP785\A0200502.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{DE696CFF-74FD-4BA8-850F-9036D16CFB86}\RP785\A0200503.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{DE696CFF-74FD-4BA8-850F-9036D16CFB86}\RP785\A0200504.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{DE696CFF-74FD-4BA8-850F-9036D16CFB86}\RP785\A0200505.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\rqRIcaBu.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\jaloartw.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\crgrmg.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\qygnkmoh.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\xgbwiyku.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\Program\MicroAV\MicroAV.ooo (Rogue.MicroAntivirus) -> Quarantined and deleted successfully.

C:\Program\MicroAV\MicroAV0.dat (Rogue.MicroAntivirus) -> Quarantined and deleted successfully.

C:\Program\MicroAV\MicroAV1.dat (Rogue.MicroAntivirus) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\mcrh.tmp (Malware.Trace) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\tdsspopup.dll (Malware.Trace) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\tdsspopup1.url (Malware.Trace) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\tdsspopup2.url (Malware.Trace) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\tdsspopup3.url (Malware.Trace) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\casino1.ico (Malware.Trace) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\casino2.ico (Malware.Trace) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\casino3.ico (Malware.Trace) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\tdssinit.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\tdssservers.dat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\drivers\tdssserv.sys (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\Richard\Lokala inställningar\Temp\lwpwer.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\Documents and Settings\Richard\Favoriter\Error Cleaner.url (Rogue.Link) -> Quarantined and deleted successfully.

C:\Documents and Settings\Richard\Favoriter\Privacy Protector.url (Rogue.Link) -> Quarantined and deleted successfully.

C:\Documents and Settings\Richard\Favoriter\Spyware&Malware Protection.url (Rogue.Link) -> Quarantined and deleted successfully.

[/log]

 

 

[Cecilia]

Eftersom det var så mycket så kör MBAM en gång till och efter omstarten därefter så klistra in loggen och skriv hur datorn fungerar.

 

[Nathalan]

Efter att jag hade startat om efter första sökningen så har allt fungerat klockrent och alla problem är försvunna, fast jag körde MBAM genom alla diskarna.

 

Jag tänkte dra sökningar med Norton, Ad-aware och MBAM över natten så får jag se så allt är borta. Kastar upp loggarna imorgon så du kan titta så allt står rätt till, ifall du har tid och lust.

Du råkar inte veta något annat program eller så som kanske skulle kunna hitta något som kan ha missats? Vet inte riktigt om man törs börja betala räkningar riktigt än.

 

Och så vill jag ge dig, Cecilia, ett gigantiskt tack för hjälpen, inte minst för den supersoniska responsen!

 

[inlägget ändrat 2008-09-14 01:20:41 av Nathalan]

[Cecilia]

Vi kan se om HijackThis visar något mer:

http://www.trendsecure.com/portal/en-US/_download/HJTInstall.exe

Installera, starta och välj "Do a system scan and save a logfile", kopiera loggen som kommer upp (inget annat) och klistra in här.

 

[Nathalan]

Här kommer allt, i ordningen som jag använde dem:

 

Norton Internet Security 2008

[log]

Totalt antal upptäckta säkerhetsrisker: 5

Totalt antal åtgärdade objekt: 5

Totalt antal objekt som kräver tillsyn: 0

 

Åtgärdade hot:

Tracking Cookie

Virus-ID: 4294909925

Typ: Anomali

Risk: Låg (Låg Smyg, Låg Borttagning, Låg Prestanda, Låg Sekretess)

Kategorier: Cookie-fil

Tillstånd: Helt åtgärdad

-----------

3 Spårnings-cookies

Cookie:richard@advertising.com/ - Togs bort

Cookie:richard@tradedoubler.com/ - Togs bort

 

 

Downloader

Virus-ID: 26637

Typ: Komprimerad

Risk: Hög (Hög Smyg, Hög Borttagning, Hög Prestanda, Hög Sekretess)

Kategorier: Virus

Tillstånd: Helt åtgärdad

-----------

1 fil

[7.exe] inuti [c:\documents and settings\richard\lokala inställningar\temporary internet files\content.ie5\bn3wo7q9\uninstaller[1].exe] - Togs bort

 

 

Trojan.Fakeavalert

Virus-ID: 19446

Typ: Komprimerad

Risk: Hög (Hög Smyg, Hög Borttagning, Hög Prestanda, Hög Sekretess)

Kategorier: Virus

Tillstånd: Helt åtgärdad

-----------

1 fil

[2.exe] inuti [c:\documents and settings\richard\lokala inställningar\temporary internet files\content.ie5\bn3wo7q9\uninstaller[1].exe] - Togs bort

 

 

Trojan Horse

Virus-ID: 25464

Typ: Komprimerad

Risk: Hög (Hög Smyg, Hög Borttagning, Hög Prestanda, Hög Sekretess)

Kategorier: Virus

Tillstånd: Helt åtgärdad

-----------

1 fil

[3.exe] inuti [c:\documents and settings\richard\lokala inställningar\temporary internet files\content.ie5\bn3wo7q9\uninstaller[1].exe] - Togs bort

 

 

Trojan Horse

Virus-ID: 25464

Typ: Komprimerad

Risk: Hög (Hög Smyg, Hög Borttagning, Hög Prestanda, Hög Sekretess)

Kategorier: Virus

Tillstånd: Helt åtgärdad

-----------

1 fil

[4.exe] inuti [c:\documents and settings\richard\lokala inställningar\temporary internet files\content.ie5\bn3wo7q9\uninstaller[1].exe] - Togs bort[/log]

 

MBAM

[log]

Infekterade minnesprocesser: 0

Infekterade minnesmoduler: 0

Infekterade registernycklar: 0

Infekterade registervärden: 0

Infekterade registerdataposter: 0

Infekterade mappar: 0

Infekterade filer: 0

 

Infekterade minnesprocesser:

(Inga illasinnade poster hittades)

 

Infekterade minnesmoduler:

(Inga illasinnade poster hittades)

 

Infekterade registernycklar:

(Inga illasinnade poster hittades)

 

Infekterade registervärden:

(Inga illasinnade poster hittades)

 

Infekterade registerdataposter:

(Inga illasinnade poster hittades)

 

Infekterade mappar:

(Inga illasinnade poster hittades)

 

Infekterade filer:

(Inga illasinnade poster hittades)[/log]

 

HJT

[log]Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 13:33:01, on 2008-09-14

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16705)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\Program\Delade filer\Symantec Shared\ccSvcHst.exe

C:\Program\Lavasoft\Ad-Aware\aawservice.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program\Delade filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program\Symantec\LiveUpdate\AluSchedulerSvc.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\Program\Analog Devices\SoundMAX\SMAgent.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\Program\Java\jre1.6.0_07\bin\jusched.exe

C:\Program\iTunes\iTunesHelper.exe

C:\Program\Delade filer\Symantec Shared\ccSvcHst.exe

C:\Program\MSN Messenger\MsnMsgr.Exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program\Delade filer\Ahead\Lib\NMBgMonitor.exe

C:\Program\DAEMON Tools Lite\daemon.exe

C:\Program\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

C:\Program\Delade filer\Ahead\Lib\NMIndexStoreSvr.exe

C:\Program\Logitech\SetPoint\SetPoint.exe

C:\Program\Styler\Styler.exe

G:\Xfire\Xfire.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program\iPod\bin\iPodService.exe

C:\Program\Delade filer\Ahead\Lib\NMIndexingService.exe

C:\Program\Delade filer\Logitech\KhalShared\KHALMNPR.EXE

C:\Program\MSN Messenger\usnsvc.exe

C:\Program\Malwarebytes' Anti-Malware\mbam.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program\DELADE~1\SYMANT~1\CCPD-LC\symlcsvc.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\Program\Lavasoft\Ad-Aware\Ad-Aware.exe

C:\Program\VentriloMIX\Ventrilo 2.3.0.exe

C:\Program\Mozilla Firefox\firefox.exe

C:\Program\Trend Micro\HijackThis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = About:Blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157'>http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896'>http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Nathalan

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar

O1 - Hosts: 64.34.77.24 l2authd.lineage2.com

O2 - BHO: QXK Olive - {45E01D1A-9407-498C-B508-64C6F006765F} - C:\WINDOWS\vmgspntbrnb.dll (file missing)

O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program\Delade filer\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll

O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program\DELADE~1\SYMANT~1\IDS\IPSBHO.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program\Java\jre1.6.0_07\bin\ssv.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program\Delade filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O3 - Toolbar: fqbewlna - {F016D54B-6B00-47B8-882D-296D2B2D9579} - C:\WINDOWS\fqbewlna.dll (file missing)

O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program\Delade filer\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll

O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Program\Styler\TB\StylerTB.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program\Java\jre1.6.0_07\bin\jusched.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKLM\..\Run: [startCCC] "C:\Program\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program\Delade filer\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [LogonStudio] "C:\Program\WinCustomize\LogonStudio\logonstudio.exe" /RANDOM

O4 - HKLM\..\Run: [ccApp] "C:\Program\Delade filer\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [osCheck] "C:\Program\Norton Internet Security\osCheck.exe"

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [skype] "C:\Program\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [Orb] "C:\Program\Winamp Remote\bin\OrbTray.exe" /background

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program\Delade filer\Ahead\Lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program\DAEMON Tools Lite\daemon.exe" -autorun

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJÄNST')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - S-1-5-18 Startup: Adobe Gamma.lnk = C:\Program\Delade filer\Adobe\Calibration\Adobe Gamma Loader.exe (User 'SYSTEM')

O4 - S-1-5-18 Startup: Styler.lnk = ? (User 'SYSTEM')

O4 - S-1-5-18 Startup: Trillian.lnk = C:\Program\Trillian\trillian.exe (User 'SYSTEM')

O4 - S-1-5-18 Startup: Xfire.lnk = G:\Xfire\Xfire.exe (User 'SYSTEM')

O4 - .DEFAULT Startup: Adobe Gamma.lnk = C:\Program\Delade filer\Adobe\Calibration\Adobe Gamma Loader.exe (User 'Default user')

O4 - .DEFAULT Startup: Styler.lnk = ? (User 'Default user')

O4 - .DEFAULT Startup: Trillian.lnk = C:\Program\Trillian\trillian.exe (User 'Default user')

O4 - .DEFAULT Startup: Xfire.lnk = G:\Xfire\Xfire.exe (User 'Default user')

O4 - Startup: Adobe Gamma.lnk = C:\Program\Delade filer\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Startup: Styler.lnk = ?

O4 - Startup: Trillian.lnk = C:\Program\Trillian\trillian.exe

O4 - Startup: Xfire.lnk = G:\Xfire\Xfire.exe

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program\Delade filer\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

O4 - Global Startup: Logitech SetPoint.lnk = C:\Program\Logitech\SetPoint\SetPoint.exe

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe (file missing)

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe (file missing)

O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll

O15 - Trusted Zone: *.bigbrother.se

O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab

O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab

O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab

O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab

O16 - DPF: {55F2FE00-C6E1-11D4-84BC-009027889212} (Seagate DiscWizard English) - http://www.seagate.com/support/disc/asp/dw/English/bin/npdscwiz.cab

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab

O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program\DELADE~1\Skype\SKYPE4~1.DLL

O20 - AppInit_DLLs: qrpggi.dll,wbsys.dll

O21 - SSODL: mgxfebsq - {814FDBFB-4D2D-4DCC-9A94-491ED5A6EB43} - C:\WINDOWS\mgxfebsq.dll (file missing)

O21 - SSODL: dtseqrxk - {C163EF8D-2C6E-4678-8977-3FCF1015A32F} - C:\WINDOWS\dtseqrxk.dll (file missing)

O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program\Lavasoft\Ad-Aware\aawservice.exe

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program\Delade filer\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program\Delade filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program\Symantec\LiveUpdate\AluSchedulerSvc.exe

O23 - Service: Automatisk LiveUpdate-schemaläggare - Symantec Corporation - C:\Program\Symantec\LiveUpdate\ALUSchedulerSvc.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccSvcHst.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccSvcHst.exe

O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccSvcHst.exe

O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\VAScanner\comHost.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program\Delade filer\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program\iPod\bin\iPodService.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\Program\Symantec\LiveUpdate\LuComServer_3_4.EXE

O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccSvcHst.exe

O23 - Service: NMIndexingService - Nero AG - C:\Program\Delade filer\Ahead\Lib\NMIndexingService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program\WinPcap\rpcapd.exe

O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program\Analog Devices\SoundMAX\SMAgent.exe

O23 - Service: Symantec Core LC - Unknown owner - C:\Program\DELADE~1\SYMANT~1\CCPD-LC\symlcsvc.exe

 

--[/log]

 

[Cecilia]

Angående resultatet från Norton:

Cookies är aldrig farliga för datorn.

Besökt olämplig webbsida ser det ut som. Ta bort alla "temporary internet files" så här:

Kontrollpanelen - Internet-alternativ - Allmänt - Ta bort - Ta bort filer - OK

 

Är det här något du har ställt in själv?

O1 - Hosts: 64.34.77.24 l2authd.lineage2.com

 

[log]Skanna med HijackThis och bocka för:

 

O2 - BHO: QXK Olive - {45E01D1A-9407-498C-B508-64C6F006765F} - C:\WINDOWS\vmgspntbrnb.dll (file missing)

O3 - Toolbar: fqbewlna - {F016D54B-6B00-47B8-882D-296D2B2D9579} - C:\WINDOWS\fqbewlna.dll (file missing)

O15 - Trusted Zone: *.bigbrother.se

O20 - AppInit_DLLs: qrpggi.dll,wbsys.dll

O21 - SSODL: mgxfebsq - {814FDBFB-4D2D-4DCC-9A94-491ED5A6EB43} - C:\WINDOWS\mgxfebsq.dll (file missing)

O21 - SSODL: dtseqrxk - {C163EF8D-2C6E-4678-8977-3FCF1015A32F} - C:\WINDOWS\dtseqrxk.dll (file missing)

 

Om du själv inte har valt att ha restriktioner på hur inställningar i Internet Explorer får göras så bocka för även:

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

 

Avsluta alla andra program.

Tryck Fix checked.

 

Starta om datorn och kontroller sjäv att ovanstående rader är borta ur en ny HijackThis-logg.

Hur fungerar datorn nu?[/log]