Just nu i M3-nätverket
Jump to content
Eforum upphör 20 juni, klicka för att läsa vad som händer och om alternativ

Antivirus 2008 XP

LenaFo

By LenaFo,
in Virus, skadliga program & botemedel

Recommended Posts

LenaFo

LenaFo

Posted
Posted

Hej,

har problem med Antivirus 2008 XP, får följande när jag kör hijack...

[log]

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 10:53:13, on 2008-09-20

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16705)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program\Delade filer\Symantec Shared\ccSvcHst.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Program\Symantec\LiveUpdate\AluSchedulerSvc.exe

C:\WINDOWS\system32\bgsvcgen.exe

C:\Program\WIDCOMM\Bluetooth-programvara\bin\btwdins.exe

C:\Program\Delade filer\LightScribe\LSSrvc.exe

C:\Program\Analog Devices\SoundMAX\SMAgent.exe

C:\Documents and Settings\All Users\Application Data\folsjybo\nqxobyzy.exe

C:\WINDOWS\system32\igfxtray.exe

C:\WINDOWS\system32\hkcmd.exe

C:\Program\Analog Devices\SoundMAX\SMax4PNP.exe

C:\WINDOWS\AGRSMMSG.exe

C:\Program\Apoint2K\Apoint.exe

C:\Program\Java\jre1.5.0_02\bin\jusched.exe

C:\Program\hpq\HP Wireless Assistant\HP Wireless Assistant.exe

C:\Program\Hp\HP Software Update\HPWuSchd2.exe

C:\Program\iTunes\iTunesHelper.exe

C:\Program\QuickTime\qttask.exe

C:\Program\Java\jre1.5.0_02\bin\jucheck.exe

C:\Program\HPQ\Quick Launch Buttons\EabServr.exe

C:\WINDOWS\system32\lphcan1j0ecqs.exe

C:\Program\iPod\bin\iPodService.exe

C:\Program\rhcen1j0ecqs\rhcen1j0ecqs.exe

C:\Program\Delade filer\Symantec Shared\ccSvcHst.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program\Messenger\msmsgs.exe

C:\Program\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program\Apoint2K\Apntex.exe

C:\Program\WIDCOMM\Bluetooth-programvara\BTTray.exe

C:\Program\Microsoft Office\Office\FINDFAST.EXE

C:\Program\Microsoft Office\Office\OSA.EXE

C:\Program\WIDCOMM\BLUETO~1\BTSTAC~1.EXE

C:\Program\HPQ\SHARED\HPQWMI.exe

C:\Program\DELADE~1\SYMANT~1\CCPD-LC\symlcsvc.exe

C:\Program\Internet Explorer\iexplore.exe

C:\Program\Trend Micro\HijackThis\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=SV_SE&c=Q305&bd=pavilion&pf=laptop

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hp.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157'>http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896'>http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.hp.com/

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program\SPYBOT~1\SDHelper.dll

O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program\Delade filer\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll

O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program\DELADE~1\SYMANT~1\IDS\IPSBHO.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program\google\googletoolbar1.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll

O3 - Toolbar: HP-vy - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\Program\HP\Digital Imaging\bin\HPDTLK02.dll

O3 - Toolbar: Visa Norton-verktygsfältet - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program\Delade filer\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program\google\googletoolbar1.dll

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [soundMAXPnP] C:\Program\Analog Devices\SoundMAX\SMax4PNP.exe

O4 - HKLM\..\Run: [soundMAX] C:\Program\Analog Devices\SoundMAX\Smax4.exe /tray

O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe

O4 - HKLM\..\Run: [Apoint] C:\Program\Apoint2K\Apoint.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program\Java\jre1.5.0_02\bin\jusched.exe

O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program\hpq\HP Wireless Assistant\HP Wireless Assistant.exe

O4 - HKLM\..\Run: [HP Software Update] C:\Program\Hp\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [iTunesHelper] C:\Program\iTunes\iTunesHelper.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe

O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program\HPQ\Quick Launch Buttons\EabServr.exe /Start

O4 - HKLM\..\Run: [Cpqset] C:\Program\HPQ\Default Settings\cpqset.exe

O4 - HKLM\..\Run: [ccApp] "C:\Program\Delade filer\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [osCheck] "C:\Program\Norton Internet Security\osCheck.exe"

O4 - HKLM\..\Run: [lphcan1j0ecqs] C:\WINDOWS\system32\lphcan1j0ecqs.exe

O4 - HKLM\..\Run: [sMrhcen1j0ecqs] C:\Program\rhcen1j0ecqs\rhcen1j0ecqs.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Program\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [swg] C:\Program\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [updateMgr] C:\Program\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_1_0

O4 - HKLM\..\Policies\Explorer\Run: [nJuPALMKyz] C:\Documents and Settings\All Users\Application Data\folsjybo\nqxobyzy.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJÄNST')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - .DEFAULT User Startup: AutoTBar.exe (User 'Default user')

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: BTTray.lnk = ?

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program\Hp\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: Microsoft Office Snabbsökning.lnk = C:\Program\Microsoft Office\Office\FINDFAST.EXE

O4 - Global Startup: Office-autostart.lnk = C:\Program\Microsoft Office\Office\OSA.EXE

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_02\bin\npjpi150_02.dll

O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_02\bin\npjpi150_02.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com

O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program\Symantec\LiveUpdate\AluSchedulerSvc.exe

O23 - Service: Automatisk LiveUpdate-schemaläggare - Symantec Corporation - C:\Program\Symantec\LiveUpdate\ALUSchedulerSvc.exe

O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\system32\bgsvcgen.exe

O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program\WIDCOMM\Bluetooth-programvara\bin\btwdins.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccSvcHst.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccSvcHst.exe

O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccSvcHst.exe

O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\VAScanner\comHost.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program\HPQ\SHARED\HPQWMI.exe

O23 - Service: iPod-tjänst (iPodService) - Apple Computer, Inc. - C:\Program\iPod\bin\iPodService.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - C:\Program\Delade filer\LightScribe\LSSrvc.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\Program\Symantec\LiveUpdate\LuComServer_3_4.EXE

O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccSvcHst.exe

O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program\Analog Devices\SoundMAX\SMAgent.exe

O23 - Service: Symantec Core LC - Unknown owner - C:\Program\DELADE~1\SYMANT~1\CCPD-LC\symlcsvc.exe

 

--

End of file - 9541 bytes

[/log]

 

Link to comment
Share on other sites
Cecilia

Cecilia

Posted
Posted

Ladda ner Malwarebytes Anti-Malware från en av dessa länkar:

http://www.download.com/Malwarebytes-Anti-Malware/3000-8022_4-10804572.html

http://projects.securitywonks.net/projects/details.php?file=158

Dubbelklicka på mbam-setup.exe för att installera programmet.

 

[log]Bocka för:

Update Malwarebytes' Anti-Malware

Launch Malwarebytes' Anti-Malware

Tryck på Finish

Om det finns någon uppdatering så kommer den att laddas ner och installeras.

 

När programmet startar så välj Perform Quick Scan och tryck på Scan.

Skanningen tar ett tag.

När den är klar så tryck på OK och sedan Show Results.

Bocka för allt och tryck sedan Remove Selected.

När borttagningen är klar så öppnar Anteckningar med en logg.

 

Eventuellt så kommer det upp en begäran om att starta om datorn (Restart). I så fall gör det.

Om programmet inte kommer igång efter omstarten så starta det.

 

Om loggen inte kommer upp själv i Anteckningar så hittar du loggen på Logs-fliken i MBAM.

Kopiera loggen och klistra in den i ditt svar tillsammans med en ny HijackThis-logg.[/log]

 

Link to comment
Share on other sites
LenaFo

LenaFo

Posted
  • Author
Posted

Hej,

loggfilen ser ut så här:

[log]

Malwarebytes' Anti-Malware 1.28

Databasversion: 1180

Windows 5.1.2600 Service Pack 3

 

2008-09-20 12:35:25

mbam-log-2008-09-20 (12-35-25).txt

 

Skanningstyp: Snabb skanning

Antal skannade objekt: 48373

Förfluten tid: 5 minute(s), 13 second(s)

 

Infekterade minnesprocesser: 3

Infekterade minnesmoduler: 3

Infekterade registernycklar: 16

Infekterade registervärden: 7

Infekterade registerdataposter: 3

Infekterade mappar: 38

Infekterade filer: 95

 

Infekterade minnesprocesser:

C:\Program\rhcen1j0ecqs\rhcen1j0ecqs.exe (Rogue.Multiple) -> Unloaded process successfully.

C:\WINDOWS\system32\lphcan1j0ecqs.exe (Trojan.FakeAlert) -> Unloaded process successfully.

C:\WINDOWS\system32\pphcan1j0ecqs.exe (Trojan.FakeAlert) -> Unloaded process successfully.

 

Infekterade minnesmoduler:

C:\Program\rhcen1j0ecqs\MFC71.dll (Rogue.Multiple) -> Delete on reboot.

C:\Program\rhcen1j0ecqs\msvcp71.dll (Rogue.Multiple) -> Delete on reboot.

C:\Program\rhcen1j0ecqs\msvcr71.dll (Rogue.Multiple) -> Delete on reboot.

 

Infekterade registernycklar:

HKEY_CLASSES_ROOT\xml.xml (Trojan.FakeAlert) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\xml.xml.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{0656a137-b161-cadd-9777-e37a75727e78} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{0b682cc1-fb40-4006-a5dd-99edd3c9095d} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{0e1230f8-ea50-42a9-983c-d22abc2eeb4c} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{9dd4258a-7138-49c4-8d34-587879a5c7a4} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{b8c0220d-763d-49a4-95f4-61dfdec66ee6} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{c3bcc488-1ae7-11d4-ab82-0010a4ec2338} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{000000da-0786-4633-87c6-1aa7a4429ef1} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{54645654-2225-4455-44a1-9f4543d34545} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{5c7f15e1-f31a-44fd-aa1a-2ec63aaffd3a} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Typelib\{9233c3c0-1472-4091-a505-5580a23bb4ac} (Trojan.FakeAlert) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\rhcen1j0ecqs (Rogue.Multiple) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\rhcen1j0ecqs (Rogue.Multiple) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\mwc (Malware.Trace) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Software Notifier (Rogue.Multiple) -> Quarantined and deleted successfully.

 

Infekterade registervärden:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\njupalmkyz (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\smrhcen1j0ecqs (Rogue.Multiple) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\lphcan1j0ecqs (Trojan.FakeAlert) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\Control Panel\Desktop\wallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\Control Panel\Desktop\originalwallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\Control Panel\Desktop\convertedwallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\Control Panel\Desktop\scrnsave.exe (Hijack.Wallpaper) -> Quarantined and deleted successfully.

 

Infekterade registerdataposter:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\StartMenuLogOff (Hijack.StartMenu) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispBackgroundPage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispScrSavPage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

 

Infekterade mappar:

C:\WINDOWS\mslagent (Adware.EGDAccess) -> Quarantined and deleted successfully.

C:\Program\akl (Fake.Dropped.Malware) -> Quarantined and deleted successfully.

C:\Program\Inet Delivery (Fake.Dropped.Malware) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\smp (Fake.Dropped.Malware) -> Quarantined and deleted successfully.

C:\Program\rhcen1j0ecqs (Rogue.Multiple) -> Quarantined and deleted successfully.

C:\Documents and Settings\Lena\Application Data\rhcen1j0ecqs (Rogue.Multiple) -> Quarantined and deleted successfully.

C:\Documents and Settings\Lena\Application Data\rhcen1j0ecqs\Quarantine (Rogue.Multiple) -> Quarantined and deleted successfully.

C:\Documents and Settings\Lena\Application Data\rhcen1j0ecqs\Quarantine\Autorun (Rogue.Multiple) -> Quarantined and deleted successfully.

C:\Documents and Settings\Lena\Application Data\rhcen1j0ecqs\Quarantine\Autorun\HKCU (Rogue.Multiple) -> Quarantined and deleted successfully.

C:\Documents and Settings\Lena\Application Data\rhcen1j0ecqs\Quarantine\Autorun\HKCU\RunOnce (Rogue.Multiple) -> Quarantined and deleted successfully.

C:\Documents and Settings\Lena\Application Data\rhcen1j0ecqs\Quarantine\Autorun\HKLM (Rogue.Multiple) -> Quarantined and deleted successfully.

C:\Documents and Settings\Lena\Application Data\rhcen1j0ecqs\Quarantine\Autorun\HKLM\RunOnce (Rogue.Multiple) -> Quarantined and deleted successfully.

C:\Documents and Settings\Lena\Application Data\rhcen1j0ecqs\Quarantine\Autorun\StartMenuAllUsers (Rogue.Multiple) -> Quarantined and deleted successfully.

C:\Documents and Settings\Lena\Application Data\rhcen1j0ecqs\Quarantine\Autorun\StartMenuCurrentUser (Rogue.Multiple) -> Quarantined and deleted successfully.

C:\Documents and Settings\Lena\Application Data\rhcen1j0ecqs\Quarantine\BrowserObjects (Rogue.Multiple) -> Quarantined and deleted successfully.

C:\Documents and Settings\Lena\Application Data\rhcen1j0ecqs\Quarantine\Packages (Rogue.Multiple) -> Quarantined and deleted successfully.

C:\Documents and Settings\Kajsa\Application Data\rhcen1j0ecqs (Rogue.Multiple) -> Quarantined and deleted successfully.

C:\Documents and Settings\Kajsa\Application Data\rhcen1j0ecqs\Quarantine (Rogue.Multiple) -> Quarantined and deleted successfully.

C:\Documents and Settings\Kajsa\Application Data\rhcen1j0ecqs\Quarantine\Autorun (Rogue.Multiple) -> Quarantined and deleted successfully.

C:\Documents and Settings\Kajsa\Application Data\rhcen1j0ecqs\Quarantine\Autorun\HKCU (Rogue.Multiple) -> Quarantined and deleted successfully.

C:\Documents and Settings\Kajsa\Application Data\rhcen1j0ecqs\Quarantine\Autorun\HKCU\RunOnce (Rogue.Multiple) -> Quarantined and deleted successfully.

C:\Documents and Settings\Kajsa\Application Data\rhcen1j0ecqs\Quarantine\Autorun\HKLM (Rogue.Multiple) -> Quarantined and deleted successfully.

C:\Documents and Settings\Kajsa\Application Data\rhcen1j0ecqs\Quarantine\Autorun\HKLM\RunOnce (Rogue.Multiple) -> Quarantined and deleted successfully.

C:\Documents and Settings\Kajsa\Application Data\rhcen1j0ecqs\Quarantine\Autorun\StartMenuAllUsers (Rogue.Multiple) -> Quarantined and deleted successfully.

C:\Documents and Settings\Kajsa\Application Data\rhcen1j0ecqs\Quarantine\Autorun\StartMenuCurrentUser (Rogue.Multiple) -> Quarantined and deleted successfully.

C:\Documents and Settings\Kajsa\Application Data\rhcen1j0ecqs\Quarantine\BrowserObjects (Rogue.Multiple) -> Quarantined and deleted successfully.

C:\Documents and Settings\Kajsa\Application Data\rhcen1j0ecqs\Quarantine\Packages (Rogue.Multiple) -> Quarantined and deleted successfully.

C:\Documents and Settings\David\Application Data\rhcen1j0ecqs (Rogue.Multiple) -> Quarantined and deleted successfully.

C:\Documents and Settings\David\Application Data\rhcen1j0ecqs\Quarantine (Rogue.Multiple) -> Quarantined and deleted successfully.

C:\Documents and Settings\David\Application Data\rhcen1j0ecqs\Quarantine\Autorun (Rogue.Multiple) -> Quarantined and deleted successfully.

C:\Documents and Settings\David\Application Data\rhcen1j0ecqs\Quarantine\Autorun\HKCU (Rogue.Multiple) -> Quarantined and deleted successfully.

C:\Documents and Settings\David\Application Data\rhcen1j0ecqs\Quarantine\Autorun\HKCU\RunOnce (Rogue.Multiple) -> Quarantined and deleted successfully.

C:\Documents and Settings\David\Application Data\rhcen1j0ecqs\Quarantine\Autorun\HKLM (Rogue.Multiple) -> Quarantined and deleted successfully.

C:\Documents and Settings\David\Application Data\rhcen1j0ecqs\Quarantine\Autorun\HKLM\RunOnce (Rogue.Multiple) -> Quarantined and deleted successfully.

C:\Documents and Settings\David\Application Data\rhcen1j0ecqs\Quarantine\Autorun\StartMenuAllUsers (Rogue.Multiple) -> Quarantined and deleted successfully.

C:\Documents and Settings\David\Application Data\rhcen1j0ecqs\Quarantine\Autorun\StartMenuCurrentUser (Rogue.Multiple) -> Quarantined and deleted successfully.

C:\Documents and Settings\David\Application Data\rhcen1j0ecqs\Quarantine\BrowserObjects (Rogue.Multiple) -> Quarantined and deleted successfully.

C:\Documents and Settings\David\Application Data\rhcen1j0ecqs\Quarantine\Packages (Rogue.Multiple) -> Quarantined and deleted successfully.

 

Infekterade filer:

C:\Documents and Settings\All Users\Application Data\folsjybo\nqxobyzy.exe (Trojan.FakeAlert.H) -> Delete on reboot.

C:\WINDOWS\mslagent\2_mslagent.dll (Adware.EGDAccess) -> Quarantined and deleted successfully.

C:\WINDOWS\mslagent\mslagent.exe (Adware.EGDAccess) -> Quarantined and deleted successfully.

C:\WINDOWS\mslagent\uninstall.exe (Adware.EGDAccess) -> Quarantined and deleted successfully.

C:\Program\akl\akl.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.

C:\Program\akl\akl.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.

C:\Program\akl\uninstall.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.

C:\Program\akl\unsetup.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.

C:\Program\Inet Delivery\inetdl.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.

C:\Program\Inet Delivery\intdel.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\smp\msrc.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.

C:\Program\rhcen1j0ecqs\database.dat (Rogue.Multiple) -> Quarantined and deleted successfully.

C:\Program\rhcen1j0ecqs\license.txt (Rogue.Multiple) -> Quarantined and deleted successfully.

C:\Program\rhcen1j0ecqs\MFC71.dll (Rogue.Multiple) -> Quarantined and deleted successfully.

C:\Program\rhcen1j0ecqs\MFC71ENU.DLL (Rogue.Multiple) -> Quarantined and deleted successfully.

C:\Program\rhcen1j0ecqs\msvcp71.dll (Rogue.Multiple) -> Quarantined and deleted successfully.

C:\Program\rhcen1j0ecqs\msvcr71.dll (Rogue.Multiple) -> Quarantined and deleted successfully.

C:\Program\rhcen1j0ecqs\rhcen1j0ecqs.exe (Rogue.Multiple) -> Quarantined and deleted successfully.

C:\Program\rhcen1j0ecqs\rhcen1j0ecqs.exe.local (Rogue.Multiple) -> Quarantined and deleted successfully.

C:\Program\rhcen1j0ecqs\Uninstall.exe (Rogue.Multiple) -> Quarantined and deleted successfully.

C:\Program\SAV\sav0.dat (Rogue.SystemAntivirus) -> Quarantined and deleted successfully.

C:\Program\SAV\sav1.dat (Rogue.SystemAntivirus) -> Quarantined and deleted successfully.

C:\Program\SAV\sav.ooo (Rogue.SystemAntivirus) -> Quarantined and deleted successfully.

C:\WINDOWS\a.bat (Fake.Dropped.Malware) -> Quarantined and deleted successfully.

C:\WINDOWS\base64.tmp (Fake.Dropped.Malware) -> Quarantined and deleted successfully.

C:\WINDOWS\FVProtect.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.

C:\WINDOWS\userconfig9x.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.

C:\WINDOWS\winsystem.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.

C:\WINDOWS\zip1.tmp (Fake.Dropped.Malware) -> Quarantined and deleted successfully.

C:\WINDOWS\zip2.tmp (Fake.Dropped.Malware) -> Quarantined and deleted successfully.

C:\WINDOWS\zip3.tmp (Fake.Dropped.Malware) -> Quarantined and deleted successfully.

C:\WINDOWS\zipped.tmp (Fake.Dropped.Malware) -> Quarantined and deleted successfully.

C:\Documents and Settings\David\Lokala inställningar\Temp\.tt1.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\Documents and Settings\David\Lokala inställningar\Temp\.tt4.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\Documents and Settings\David\Lokala inställningar\Temp\.tt9.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\Documents and Settings\David\Lokala inställningar\Temp\.ttD.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\WINDOWS\bdn.com (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\iTunesMusic.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\mssecu.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\akttzn.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\anticipator.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\awtoolb.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\bdn.com (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\bsva-egihsg52.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\dpcproxy.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\emesx.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\h@tkeysh@@k.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\hoproxy.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\hxiwlgpm.dat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\hxiwlgpm.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\medup012.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\medup020.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\msgp.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\msnbho.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\mssecu.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\msvchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\mtr2.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\mwin32.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\netode.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\newsd32.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\ps1.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\psof1.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\psoft1.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\regc64.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\regm64.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\Rundl1.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\sncntr.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\ssurf022.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\ssvchost.com (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\ssvchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\sysreq.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\taack.dat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\taack.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\temp#01.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\thun.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\thun32.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\VBIEWER.OCX (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\vcatchpi.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\winlogonpc.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\winsystem.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\WINWGPX.EXE (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\vbsys2.dll (Trojan.Clicker) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\lphcan1j0ecqs.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\pphcan1j0ecqs.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\Documents and Settings\David\Lokala inställningar\Temp\.tt7.tmp.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\Documents and Settings\David\Lokala inställningar\Temp\.tt1.tmp.vbs (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\Documents and Settings\David\Lokala inställningar\Temp\.tt4.tmp.vbs (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\Documents and Settings\David\Lokala inställningar\Temp\video1019.cfg (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\Documents and Settings\David\Lokala inställningar\Temp\video1019.cfg.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\Documents and Settings\Lena\Lokala inställningar\Temp\.tt1.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\Documents and Settings\Lena\Lokala inställningar\Temp\.tt8.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\Documents and Settings\Kajsa\Lokala inställningar\Temp\.tt5.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\Documents and Settings\Kajsa\Lokala inställningar\Temp\.tt9.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\Documents and Settings\Lena\Lokala inställningar\Temp\.tt1.tmp.vbs (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\Documents and Settings\Kajsa\Lokala inställningar\Temp\.tt5.tmp.vbs (Trojan.FakeAlert) -> Quarantined and deleted successfully.

[/log]

...och hijack...så här:

[log]

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 12:46:19, on 2008-09-20

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16705)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program\Delade filer\Symantec Shared\ccSvcHst.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Program\Symantec\LiveUpdate\AluSchedulerSvc.exe

C:\WINDOWS\system32\igfxtray.exe

C:\WINDOWS\system32\hkcmd.exe

C:\Program\Analog Devices\SoundMAX\SMax4PNP.exe

C:\WINDOWS\AGRSMMSG.exe

C:\Program\Apoint2K\Apoint.exe

C:\Program\Java\jre1.5.0_02\bin\jusched.exe

C:\Program\Java\jre1.5.0_02\bin\jucheck.exe

C:\Program\hpq\HP Wireless Assistant\HP Wireless Assistant.exe

C:\Program\Hp\HP Software Update\HPWuSchd2.exe

C:\Program\iTunes\iTunesHelper.exe

C:\Program\QuickTime\qttask.exe

C:\Program\Apoint2K\Apntex.exe

C:\Program\HPQ\Quick Launch Buttons\EabServr.exe

C:\Program\Delade filer\Symantec Shared\ccSvcHst.exe

C:\WINDOWS\system32\bgsvcgen.exe

C:\Program\WIDCOMM\Bluetooth-programvara\bin\btwdins.exe

C:\Program\Delade filer\LightScribe\LSSrvc.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program\Messenger\msmsgs.exe

C:\Program\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program\Analog Devices\SoundMAX\SMAgent.exe

C:\Program\iPod\bin\iPodService.exe

C:\Program\WIDCOMM\Bluetooth-programvara\BTTray.exe

C:\Program\Microsoft Office\Office\FINDFAST.EXE

C:\Program\Microsoft Office\Office\OSA.EXE

C:\Program\WIDCOMM\BLUETO~1\BTSTAC~1.EXE

C:\Program\HPQ\SHARED\HPQWMI.exe

C:\Program\Malwarebytes' Anti-Malware\mbam.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\Program\Internet Explorer\iexplore.exe

C:\Program\Trend Micro\HijackThis\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=SV_SE&c=Q305&bd=pavilion&pf=laptop

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hp.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157'>http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896'>http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.hp.com/

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program\SPYBOT~1\SDHelper.dll

O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program\Delade filer\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll

O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program\DELADE~1\SYMANT~1\IDS\IPSBHO.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program\google\googletoolbar1.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll

O3 - Toolbar: HP-vy - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\Program\HP\Digital Imaging\bin\HPDTLK02.dll

O3 - Toolbar: Visa Norton-verktygsfältet - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program\Delade filer\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program\google\googletoolbar1.dll

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [soundMAXPnP] C:\Program\Analog Devices\SoundMAX\SMax4PNP.exe

O4 - HKLM\..\Run: [soundMAX] C:\Program\Analog Devices\SoundMAX\Smax4.exe /tray

O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe

O4 - HKLM\..\Run: [Apoint] C:\Program\Apoint2K\Apoint.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program\Java\jre1.5.0_02\bin\jusched.exe

O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program\hpq\HP Wireless Assistant\HP Wireless Assistant.exe

O4 - HKLM\..\Run: [HP Software Update] C:\Program\Hp\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [iTunesHelper] C:\Program\iTunes\iTunesHelper.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe

O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program\HPQ\Quick Launch Buttons\EabServr.exe /Start

O4 - HKLM\..\Run: [Cpqset] C:\Program\HPQ\Default Settings\cpqset.exe

O4 - HKLM\..\Run: [ccApp] "C:\Program\Delade filer\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [osCheck] "C:\Program\Norton Internet Security\osCheck.exe"

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Program\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [swg] C:\Program\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [updateMgr] C:\Program\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_1_0

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJÄNST')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - .DEFAULT User Startup: AutoTBar.exe (User 'Default user')

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: BTTray.lnk = ?

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program\Hp\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: Microsoft Office Snabbsökning.lnk = C:\Program\Microsoft Office\Office\FINDFAST.EXE

O4 - Global Startup: Office-autostart.lnk = C:\Program\Microsoft Office\Office\OSA.EXE

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_02\bin\npjpi150_02.dll

O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_02\bin\npjpi150_02.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com

O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program\Symantec\LiveUpdate\AluSchedulerSvc.exe

O23 - Service: Automatisk LiveUpdate-schemaläggare - Symantec Corporation - C:\Program\Symantec\LiveUpdate\ALUSchedulerSvc.exe

O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\system32\bgsvcgen.exe

O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program\WIDCOMM\Bluetooth-programvara\bin\btwdins.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccSvcHst.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccSvcHst.exe

O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccSvcHst.exe

O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\VAScanner\comHost.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program\HPQ\SHARED\HPQWMI.exe

O23 - Service: iPod-tjänst (iPodService) - Apple Computer, Inc. - C:\Program\iPod\bin\iPodService.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - C:\Program\Delade filer\LightScribe\LSSrvc.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\Program\Symantec\LiveUpdate\LuComServer_3_4.EXE

O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccSvcHst.exe

O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program\Analog Devices\SoundMAX\SMAgent.exe

O23 - Service: Symantec Core LC - Unknown owner - C:\Program\DELADE~1\SYMANT~1\CCPD-LC\symlcsvc.exe

 

--

End of file - 9139 bytes

[/log]

 

Link to comment
Share on other sites
Cecilia

Cecilia

Posted
Posted

Är det Symantec/Norton som ska vara antivirusprogram i datorn? Fungerar det som det ska?

 

Det är en gammal Java-version med säkerhetshål i datorn. Jag rekommenderar dig att installera en ny från http://www.java.com/sv/ och därefter avinstallera alla Java/J2SE/JRE utom den senaste i Kontrollpanelen - Lägg till eller ta bort program (inga webbläsare igång).

 

Skanna med HijackThis och bocka för:

 

O4 - .DEFAULT User Startup: AutoTBar.exe (User 'Default user')

 

Avsluta alla andra program.

Tryck Fix checked.

 

Starta om datorn.

 

Hur fungerar datorn nu?

 

Link to comment
Share on other sites
Cecilia

Cecilia

Posted
Posted

I loggen såg det inte ut som att alla filer som hör till Norton var igång så kolla att det verkligen fungerar som det ska.

 

Eftersom Java var så urgammalt så kanske det finns andra gamla program i datorn med säkerhetshål, kolla upp med Secunias Software Inspector. Läs också mina andra råd för en säkrare dator, men det är så klart viktigt att man använder sitt förnuft också.

http://ceblstockholm.googlepages.com/home

 

 

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

Go to topic listing


×
×
  • Create New...