"your computer has been infected" - hjälp?

October 14, 2008

Ja så hade man det fina popup fönstret där det står "your computer is infected etc etc"

jag tror jag blir galen, har installerat hur många virus och spyprogram som helst för att bli av med detta och dessutom har jag sökt på internet vad man kan göra för att åtgärda detta. Jag läste en gammal tråd här från 2006, försökte göra som det stod men popupen finns ju ännu kvar! JAG BLIR TOKIG! finns det någon uttråkad här som råkar vara specialist på detta och kan tänka sig att hjälpa mig blir jag överlycklig!

//Martina

October 14, 2008

De här skadliga programmen ändrar sig hela tiden så gamla råd fungerar dåligt.

Vi kan se om HijackThis visar något till att börja med. Ladda ner från en av länkarna:

http://www.trendsecure.com/portal/en-US/_download/HJTInstall.exe

http://www.download.com/Trend-Micro-HijackThis/3000-8022_4-10227353.html

Installera, starta och välj "Do a system scan and save a logfile", kopiera loggen som kommer upp (inget annat).

I ditt svar bifogar du HijackThis-loggen på detta sätt:

Tryck på LOG-knappen i Besvara-fönstret

Klistra in loggen

Tryck igen på LOG-knappen

October 14, 2008

[log]Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 13:07:21, on 2008-10-14

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\VIRUSfighter\Npm\bin\ELOGSVC.EXE

C:\VIRUSfighter\Npm\Bin\Zanda.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\windows\system\hpsysdrv.exe

C:\WINDOWS\System32\hkcmd.exe

C:\HP\KBD\KBD.EXE

C:\Program\Delade filer\InterVideo\SchSvr\SchSvr.exe

C:\WINDOWS\system32\LVCOMSX.EXE

C:\Program\Logitech\Video\LogiTray.exe

C:\Program\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe

C:\Program\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe

C:\Program\Java\jre1.5.0_03\bin\jusched.exe

C:\Program\Ahead\InCD\InCD.exe

C:\Program\Java\jre1.5.0_03\bin\jucheck.exe

C:\Program\QuickTime\qttask.exe

C:\Program\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe

C:\Program\Sky Pro Middleware\CmSkype.exe

C:\Program\Fighters\spywarefighter\SpywarefighterUser.exe

C:\VIRUSfighter\Npm\bin\ZLH.EXE

C:\WINDOWS\brastk.exe

C:\Program\Skype\Phone\Skype.exe

C:\Program\MSN Messenger\msnmsgr.exe

C:\Program\OLYMPUS\OLYMPUS Master\Monitor.exe

C:\Program\Spybot - Search & Destroy\TeaTimer.exe

C:\Program\Logitech\Video\FxSvr2.exe

C:\Program\Ahead\InCD\InCDsrv.exe

C:\Program\Delade filer\LightScribe\LSSrvc.exe

C:\Program\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe

C:\Program\Yahoo!\Messenger\ymsgr_tray.exe

C:\Program\Fighters\configservice.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\wdfmgr.exe

C:\Program\Fighters\licenseservice.exe

C:\Program\Fighters\updateservice.exe

C:\Program\Fighters\ScannerService.exe

C:\WINDOWS\System32\wbem\wmiprvse.exe

c:\program\fighters\spywarefighter\SPYWAREfighterTray.exe

C:\VIRUSfighter\Npm\bin\NJEEVES.EXE

C:\VIRUSfighter\nse\bin\NSESVC.EXE

C:\WINDOWS\System32\alg.exe

C:\Program\Skype\Plugin Manager\skypePM.exe

C:\VIRUSfighter\Nvc\BIN\NVCSCHED.EXE

C:\VIRUSfighter\Nvc\bin\nvcoas.exe

C:\VIRUSfighter\Nvc\BIN\NIP.EXE

C:\VIRUSfighter\Nvc\bin\cclaw.exe

C:\Program\Internet Explorer\IEXPLORE.EXE

C:\Program\MSN Messenger\usnsvc.exe

C:\Program\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

O2 - BHO: AVG Safe Search - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program\AVG\AVG8\avgssie.dll (file missing)

O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\Program\AVG\AVG8\avgtoolbar.dll (file missing)

O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program\Windows Live Toolbar\msntb.dll

O3 - Toolbar: HP-vy - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program\Hewlett-Packard\Digital Imaging\bin\hpdtlk02.dll

O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program\Windows Live Toolbar\msntb.dll

O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\Program\AVG\AVG8\avgtoolbar.dll (file missing)

O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe

O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE

O4 - HKLM\..\Run: [storageGuard] "C:\Program\Delade filer\Sonic\Update Manager\sgtray.exe" /r

O4 - HKLM\..\Run: [Home Theater SchSvr] "C:\Program\Delade filer\InterVideo\SchSvr\SchSvr.exe"

O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect

O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE

O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe

O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE

O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program\Logitech\Video\ISStart.exe

O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program\Logitech\Video\LogiTray.exe

O4 - HKLM\..\Run: [CamMonitor] C:\Program\Hewlett-Packard\Digital Imaging\\Unload\hpqcmon.exe

O4 - HKLM\..\Run: [share-to-Web Namespace Daemon] C:\Program\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe

O4 - HKLM\..\Run: [Á³# é"h'þ9ÓœU3rÅ²WC:\Program\ISTsvc\istsvc.exe] C:\WINDOWS\tkegtpu.exe

O4 - HKLM\..\Run: [D-Link AirPlus G] C:\Program\D-Link\AirPlus G\AirGCFG.exe

O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program\ANI\ANIWZCS2 Service\WZCSLDR2.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program\Java\jre1.5.0_03\bin\jusched.exe

O4 - HKLM\..\Run: [OM_Monitor] C:\Program\OLYMPUS\OLYMPUS Master\FirstStart.exe

O4 - HKLM\..\Run: [inCD] C:\Program\Ahead\InCD\InCD.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [CmSkype] "C:\Program\Sky Pro Middleware\CmSkype.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [spywarefighterguard] C:\Program\Fighters\spywarefighter\SpywarefighterUser.exe

O4 - HKLM\..\Run: [Norman ZANDA] "C:\VIRUSfighter\Npm\bin\ZLH.EXE" /LOAD /SPLASH

O4 - HKLM\..\Run: [HFsFc] C:\WINDOWS\tkegtpu.exe

O4 - HKLM\..\Run: [XP Antispyware 2009] "C:\Program\XP_AntiSpyware\XP_AntiSpyware.exe" /hide

O4 - HKLM\..\Run: [brastk] brastk.exe

O4 - HKLM\..\Run: [surfAccuracy] C:\Program\SurfAccuracy\SAcc.exe

O4 - HKLM\..\Run: [iST Service] C:\Program\ISTsvc\istsvc.exe

O4 - HKCU\..\Run: [backupNotify] c:\Program\Hewlett-Packard\Digital Imaging\bin\backupnotify.exe

O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook

O4 - HKCU\..\Run: [skype] "C:\Program\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKCU\..\Run: [LogitechSoftwareUpdate] C:\Program\Logitech\Video\ManifestEngine.exe boot

O4 - HKCU\..\Run: [msnmsgr] "C:\Program\MSN Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [OM_Monitor] C:\Program\OLYMPUS\OLYMPUS Master\Monitor.exe

O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program\Yahoo!\Messenger\YahooMessenger.exe" -quiet

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program\Delade filer\Ahead\Lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [setAct] C:\WINDOWS\system32\gpsjmjwt.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKAL TJÄNST')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - .DEFAULT User Startup: AutoTBar.exe (User 'Default user')

O4 - .DEFAULT User Startup: mod_sm.lnk = C:\hp\bin\cloaker.exe (User 'Default user')

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program\Delade filer\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program\Microsoft Office\Office\OSA9.EXE

O8 - Extra context menu item: &Windows Live Search - res://C:\Program\Windows Live Toolbar\msntb.dll/search.htm

O8 - Extra context menu item: Öppna på ny flik i bakgrunden - res://C:\Program\Windows Live Toolbar\Components\sv-se\msntabres.dll.mui/229?fb9125e839a845b380a4e192a8b1c846

O8 - Extra context menu item: Öppna på ny flik i förgrunden - res://C:\Program\Windows Live Toolbar\Components\sv-se\msntabres.dll.mui/230?fb9125e839a845b380a4e192a8b1c846

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_01\bin\npjpi150_01.dll

O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_01\bin\npjpi150_01.dll

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program\Spybot - Search & Destroy\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program\Spybot - Search & Destroy\SDHelper.dll

O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program\Yahoo!\Messenger\YahooMessenger.exe

O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program\Yahoo!\Messenger\YahooMessenger.exe

O16 - DPF: {1538D4E0-B2C4-402D-B71A-BA6A04BC7A5D} (PictureChooser.picChooser) - http://direct.fotomenyn.com/direct/PictureChooser.cab

O16 - DPF: {230C3D02-DA27-11D2-8612-00A0C93EEA3C} (SAXFile FileUpload ActiveX Control) - http://www.fujidirekt.se/SAXFile/saxfile.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab

O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1121505263734

O16 - DPF: {65F77758-B822-45FB-8F0C-08E85705EC4A} (Upload.ctlUpload) - http://direct.fotomenyn.com/direct/upload.cab

O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab

O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/PhotoSwap/PhtPkMSN.cab

O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program\AVG\AVG8\avgpp.dll (file missing)

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program\DELADE~1\Skype\SKYPE4~1.DLL

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccSetMgr.exe

O23 - Service: Norman eLogger service 6 (eLoggerSvc6) - Norman ASA - C:\VIRUSfighter\Npm\bin\ELOGSVC.EXE

O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program\MAGIX\Common\Database\bin\fbserver.exe

O23 - Service: getPlus® Helper - Unknown owner - C:\Program\NOS\bin\getPlus_HelperSvc.exe (file missing)

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program\Delade filer\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: InCD File System Service (InCDsrv) - AHEAD Software - C:\Program\Ahead\InCD\InCDsrv.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program\iPod\bin\iPodService.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program\Delade filer\LightScribe\LSSrvc.exe

O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program\Delade filer\Sony Shared\AVLib\MSCSPTISRV.exe

O23 - Service: Norman NJeeves - Norman ASA - C:\VIRUSfighter\Npm\bin\NJEEVES.EXE

O23 - Service: Norman ZANDA - Norman ASA - C:\VIRUSfighter\Npm\Bin\Zanda.exe

O23 - Service: Norman Scanner Engine Service (nsesvc) - Norman ASA - C:\VIRUSfighter\nse\bin\NSESVC.EXE

O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\VIRUSfighter\Nvc\bin\nvcoas.exe

O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman ASA - C:\VIRUSfighter\Nvc\BIN\NVCSCHED.EXE

O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

O23 - Service: PACSPTISVR - Sony Corporation - C:\Program\Delade filer\Sony Shared\AVLib\PACSPTISVR.exe

O23 - Service: PTK License-FIGHTERS-4665699 - SPAMfighter - C:\Program\Fighters\licenseservice.exe

O23 - Service: PTK Live Update-FIGHTERS-4665699 - SPAMfighter - C:\Program\Fighters\updateservice.exe

O23 - Service: PTK Scanner-FIGHTERS-4665699 - SPAMfighter - C:\Program\Fighters\ScannerService.exe

O23 - Service: PTK SharedAccess-FIGHTERS-4665699 - SPAMfighter - C:\Program\Fighters\configservice.exe

O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program\Delade filer\Sony Shared\AVLib\SPTISRV.exe

--

End of file - 13056 bytes

[/log]

October 14, 2008

Ladda hem och scanna med HijackThis,skicka sedan hit loggen

http://www.spychecker.com/program/hijackthis.html

Installera,starta,välj Do a system scan and save a logfile

kopiera loggen som kommer upp

Du postar loggen på detta sätt

Tryck på LOG-knappen i besvara-fönstret

Klistra in loggen

Tryck igen på LOG-knappen

October 14, 2008

Jag ser i Hijack-loggen att du har en mycket gammal java-version med

säkerhetshål i datorn.Jag rekommenderar att du laddar hem och

installerar ny,uppdaterad Java,http://www.java.com/sv/ Avinstallera

sedan den gamla i Kontrollpanelen Lägg till eller ta bort program

(inga webläsare igång)

October 14, 2008

hehe, ja min dator är allt gammal och risig så att fixa detta kan nog bli lite av ett projekt men tack så mycket! ska genast ladda hem nya java

//Martina

October 14, 2008

Stäng av TeaTimer som är en funktion i Spybot S&D, det är en mycket bra funktion så när datorn är ren så ska du slå på den igen men just nu så blir det så mycket frågor från den när datorn ska rensas så det är risk för att du i stället stoppar någon bra förändring.

Starta Spybot S&D.

Menyn Mode - Advanced

Tools - Resident

Avbocka TeaTimer.

Ladda ner Malwarebytes Anti-Malware (MBAM) från en av dessa länkar:

http://www.download.com/Malwarebytes-Anti-Malware/3000-8022_4-10804572.html

http://projects.securitywonks.net/projects/details.php?file=158

Dubbelklicka på mbam-setup.exe för att installera programmet.

[log]Bocka för:

Update Malwarebytes' Anti-Malware

Launch Malwarebytes' Anti-Malware

Tryck på Finish

Om det finns någon uppdatering så kommer den att laddas ner och installeras.

När programmet startar så välj Perform Quick Scan och tryck på Scan.

Skanningen tar ett tag.

När den är klar så tryck på OK och sedan Show Results.

Bocka för allt och tryck sedan Remove Selected.

När borttagningen är klar så öppnar Anteckningar med en logg.

Eventuellt så kommer det upp en begäran om att starta om datorn (Restart). I så fall gör det.

Om programmet inte kommer igång efter omstarten så starta det.

Om loggen inte kommer upp själv i Anteckningar så hittar du loggen på Logs-fliken i MBAM.

Kopiera loggen och klistra in den i ditt svar tillsammans med en ny HijackThis-logg.[/log]

October 14, 2008

ska genast ladda hem nya java

Vänta gärna lite tills datorn mår bättre.

October 14, 2008

Ja nu var jag ju tyvärr lite snabb med att installera nya java hoppas det inte gör ngn större fara

här kommer mbamloggen och sist hijackloggen

[log]Malwarebytes' Anti-Malware 1.28

Databasversion: 1267

Windows 5.1.2600 Service Pack 3

2008-10-14 14:14:27

mbam-log-2008-10-14 (14-14-27).txt

Skanningstyp: Snabb skanning

Antal skannade objekt: 51826

Förfluten tid: 15 minute(s), 4 second(s)

Infekterade minnesprocesser: 1

Infekterade minnesmoduler: 0

Infekterade registernycklar: 2

Infekterade registervärden: 3

Infekterade registerdataposter: 0

Infekterade mappar: 3

Infekterade filer: 14

Infekterade minnesprocesser:

C:\WINDOWS\brastk.exe (Trojan.FakeAlert) -> Unloaded process successfully.

Infekterade minnesmoduler:

(Inga illasinnade poster hittades)

Infekterade registernycklar:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\xp_antispyware (Rogue.XPAntiSpyware) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\XP_Antispyware (Rogue.XPAntiSpyware) -> Quarantined and deleted successfully.

Infekterade registervärden:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\xp antispyware 2009 (Rogue.AntispywareXP) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\SurfAccuracy (Adware.SurfAccuracy) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\brastk (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Infekterade registerdataposter:

(Inga illasinnade poster hittades)

Infekterade mappar:

C:\Program\XP_AntiSpyware (Rogue.XPAntiSpyware) -> Quarantined and deleted successfully.

C:\Program\XP_AntiSpyware\data (Rogue.XPAntiSpyware) -> Quarantined and deleted successfully.

C:\Program\XP_AntiSpyware\Microsoft.VC80.CRT (Rogue.XPAntiSpyware) -> Quarantined and deleted successfully.

Infekterade filer:

C:\Program\XP_AntiSpyware\AVEngn.dll (Rogue.XPAntiSpyware) -> Quarantined and deleted successfully.

C:\Program\XP_AntiSpyware\htmlayout.dll (Rogue.XPAntiSpyware) -> Quarantined and deleted successfully.

C:\Program\XP_AntiSpyware\pthreadVC2.dll (Rogue.XPAntiSpyware) -> Quarantined and deleted successfully.

C:\Program\XP_AntiSpyware\Uninstall.exe (Rogue.XPAntiSpyware) -> Quarantined and deleted successfully.

C:\Program\XP_AntiSpyware\wscui.cpl (Rogue.XPAntiSpyware) -> Quarantined and deleted successfully.

C:\Program\XP_AntiSpyware\data\daily.cvd (Rogue.XPAntiSpyware) -> Quarantined and deleted successfully.

C:\Program\XP_AntiSpyware\Microsoft.VC80.CRT\Microsoft.VC80.CRT.manifest (Rogue.XPAntiSpyware) -> Quarantined and deleted successfully.

C:\Program\XP_AntiSpyware\Microsoft.VC80.CRT\msvcm80.dll (Rogue.XPAntiSpyware) -> Quarantined and deleted successfully.

C:\Program\XP_AntiSpyware\Microsoft.VC80.CRT\msvcp80.dll (Rogue.XPAntiSpyware) -> Quarantined and deleted successfully.

C:\Program\XP_AntiSpyware\Microsoft.VC80.CRT\msvcr80.dll (Rogue.XPAntiSpyware) -> Quarantined and deleted successfully.

C:\WINDOWS\brastk.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\Documents and Settings\Ägaren\Application Data\Microsoft\Internet Explorer\Quick Launch\XP_AntiSpyware.lnk (Rogue.XPAntiSpyware) -> Quarantined and deleted successfully.

C:\Documents and Settings\Ägaren\Cookies\budus.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.

C:\Documents and Settings\Ägaren\delself.bat (Malware.Trace) -> Quarantined and deleted successfully.

[/log]

[log]Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 14:17:56, on 2008-10-14

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\VIRUSfighter\Npm\bin\ELOGSVC.EXE

C:\VIRUSfighter\Npm\Bin\Zanda.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\windows\system\hpsysdrv.exe

C:\WINDOWS\System32\hkcmd.exe

C:\HP\KBD\KBD.EXE

C:\Program\Delade filer\InterVideo\SchSvr\SchSvr.exe

C:\WINDOWS\system32\LVCOMSX.EXE

C:\Program\Logitech\Video\LogiTray.exe

C:\Program\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe

C:\Program\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe

C:\Program\Ahead\InCD\InCD.exe

C:\Program\QuickTime\qttask.exe

C:\Program\iTunes\iTunesHelper.exe

C:\Program\Sky Pro Middleware\CmSkype.exe

C:\Program\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe

C:\Program\Fighters\spywarefighter\SpywarefighterUser.exe

C:\VIRUSfighter\Npm\bin\ZLH.EXE

C:\Program\Java\jre1.6.0_07\bin\jusched.exe

C:\Program\Skype\Phone\Skype.exe

C:\Program\Logitech\Video\FxSvr2.exe

C:\Program\MSN Messenger\msnmsgr.exe

C:\Program\OLYMPUS\OLYMPUS Master\Monitor.exe

C:\Program\Ahead\InCD\InCDsrv.exe

C:\Program\Delade filer\LightScribe\LSSrvc.exe

C:\Program\Yahoo!\Messenger\ymsgr_tray.exe

C:\Program\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe

C:\Program\Fighters\configservice.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\wdfmgr.exe

C:\Program\Fighters\licenseservice.exe

C:\Program\Fighters\updateservice.exe

C:\Program\Fighters\ScannerService.exe

C:\WINDOWS\System32\wbem\wmiprvse.exe

C:\Program\Skype\Plugin Manager\skypePM.exe

c:\program\fighters\spywarefighter\SPYWAREfighterTray.exe

C:\VIRUSfighter\Npm\bin\NJEEVES.EXE

C:\Program\iPod\bin\iPodService.exe

C:\VIRUSfighter\nse\bin\NSESVC.EXE

C:\WINDOWS\System32\alg.exe

C:\Program\internet explorer\iexplore.exe

C:\VIRUSfighter\Nvc\BIN\NVCSCHED.EXE

C:\VIRUSfighter\Nvc\bin\nvcoas.exe

C:\Program\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

C:\VIRUSfighter\Nvc\BIN\NIP.EXE

C:\VIRUSfighter\Nvc\bin\cclaw.exe

C:\Program\Malwarebytes' Anti-Malware\mbam.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\Program\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

O2 - BHO: AVG Safe Search - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program\AVG\AVG8\avgssie.dll (file missing)

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program\Java\jre1.6.0_07\bin\ssv.dll

O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\Program\AVG\AVG8\avgtoolbar.dll (file missing)

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program\google\googletoolbar2.dll

O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program\Windows Live Toolbar\msntb.dll

O3 - Toolbar: HP-vy - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program\Hewlett-Packard\Digital Imaging\bin\hpdtlk02.dll

O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program\Windows Live Toolbar\msntb.dll

O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\Program\AVG\AVG8\avgtoolbar.dll (file missing)

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program\google\googletoolbar2.dll