Just nu i M3-nätverket
Gå till innehåll
perjak

Strulande dator

Rekommendera Poster

Datorn beter sig konstigt.

 

Jag misstänker att det är rätt mycket konstigeheter i den. Hjälp!

 

Här kommer loggar från Hijack och malewarebytes

 

Hijack

 

 

 

 

 

Malewarebytes

[log]Malwarebytes' Anti-Malware 1.41

Databasversion: 2936

Windows 5.1.2600 Service Pack 3

 

2009-10-10 15:39:48

mbam-log-2009-10-10 (15-39-42).txt

 

Skanningstyp: Snabb skanning

Antal skannade objekt: 115196

Förfluten tid: 11 minute(s), 36 second(s)

 

Infekterade minnesprocesser: 0

Infekterade minnesmoduler: 0

Infekterade registernycklar: 33

Infekterade registervärden: 2

Infekterade registerdataposter: 2

Infekterade mappar: 30

Infekterade filer: 219

 

Infekterade minnesprocesser:

(Inga illasinnade poster hittades)

 

Infekterade minnesmoduler:

(Inga illasinnade poster hittades)

 

Infekterade registernycklar:

HKEY_CLASSES_ROOT\shoppingreport.hbax (Adware.ShopperReports) -> No action taken.

HKEY_CLASSES_ROOT\shoppingreport.hbax.1 (Adware.ShopperReports) -> No action taken.

HKEY_CLASSES_ROOT\shoppingreport.hbinfoband (Adware.ShopperReports) -> No action taken.

HKEY_CLASSES_ROOT\shoppingreport.hbinfoband.1 (Adware.ShopperReports) -> No action taken.

HKEY_CLASSES_ROOT\shoppingreport.iebutton (Adware.ShopperReports) -> No action taken.

HKEY_CLASSES_ROOT\shoppingreport.iebutton.1 (Adware.ShopperReports) -> No action taken.

HKEY_CLASSES_ROOT\shoppingreport.iebuttona (Adware.ShopperReports) -> No action taken.

HKEY_CLASSES_ROOT\shoppingreport.iebuttona.1 (Adware.ShopperReports) -> No action taken.

HKEY_CLASSES_ROOT\shoppingreport.rprtctrl (Adware.ShopperReports) -> No action taken.

HKEY_CLASSES_ROOT\shoppingreport.rprtctrl.1 (Adware.ShopperReports) -> No action taken.

HKEY_CLASSES_ROOT\Interface\{8ad9ad05-36be-4e40-ba62-5422eb0d02fb} (Adware.ShopperReports) -> No action taken.

HKEY_CLASSES_ROOT\Interface\{aebf09e2-0c15-43c8-99bf-928c645d98a0} (Adware.ShopperReports) -> No action taken.

HKEY_CLASSES_ROOT\Interface\{d8560ac2-21b5-4c1a-bdd4-bd12bc83b082} (Adware.ShopperReports) -> No action taken.

HKEY_CLASSES_ROOT\CLSID\{100eb1fd-d03e-47fd-81f3-ee91287f9465} (Adware.ShopperReports) -> No action taken.

HKEY_CLASSES_ROOT\CLSID\{20ea9658-6bc3-4599-a87d-6371fe9295fc} (Adware.ShopperReports) -> No action taken.

HKEY_CLASSES_ROOT\CLSID\{a16ad1e9-f69a-45af-9462-b1c286708842} (Adware.ShopperReports) -> No action taken.

HKEY_CLASSES_ROOT\CLSID\{a7cddcdc-beeb-4685-a062-978f5e07ceee} (Adware.ShopperReports) -> No action taken.

HKEY_CLASSES_ROOT\CLSID\{c9ccbb35-d123-4a31-affc-9b2933132116} (Adware.ShopperReports) -> No action taken.

HKEY_CLASSES_ROOT\Typelib\{cdca70d8-c6a6-49ee-9bed-7429d6c477a2} (Adware.ShopperReports) -> No action taken.

HKEY_CLASSES_ROOT\Typelib\{d136987f-e1c4-4ccc-a220-893df03ec5df} (Adware.ShopperReports) -> No action taken.

HKEY_CLASSES_ROOT\Typelib\{e343edfc-1e6c-4cb5-aa29-e9c922641c80} (Adware.ShopperReports) -> No action taken.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{100eb1fd-d03e-47fd-81f3-ee91287f9465} (Adware.ShopperReports) -> No action taken.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c5428486-50a0-4a02-9d20-520b59a9f9b2} (Adware.ShopperReports) -> No action taken.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c5428486-50a0-4a02-9d20-520b59a9f9b3} (Adware.ShopperReports) -> No action taken.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{90b8b761-df2b-48ac-bbe0-bcc03a819b3b} (Adware.Zango) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{c5428486-50a0-4a02-9d20-520b59a9f9b2} (Adware.ShopperReports) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{c5428486-50a0-4a02-9d20-520b59a9f9b3} (Adware.ShopperReports) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{100eb1fd-d03e-47fd-81f3-ee91287f9465} (Adware.ShopperReports) -> No action taken.

HKEY_CURRENT_USER\SOFTWARE\ShoppingReport (Adware.ShopperReports) -> No action taken.

HKEY_CURRENT_USER\SOFTWARE\Zango (Adware.Zango) -> No action taken.

HKEY_CURRENT_USER\SOFTWARE\zangosa (Adware.Zango) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ShoppingReport (Adware.ShopperReports) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\ShoppingReport (Adware.ShopperReports) -> No action taken.

 

Infekterade registervärden:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{90b8b761-df2b-48ac-bbe0-bcc03a819b3b} (Adware.Zango) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx\Windows Service (Backdoor.Bot) -> No action taken.

 

Infekterade registerdataposter:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools (Hijack.Regedit) -> Bad: (1) Good: (0) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> No action taken.

 

Infekterade mappar:

C:\Documents and Settings\Linnea\Application Data\ShoppingReport (Adware.ShopperReports) -> No action taken.

C:\Documents and Settings\Linnea\Application Data\ShoppingReport\cs (Adware.ShopperReports) -> No action taken.

C:\Documents and Settings\Linnea\Application Data\ShoppingReport\cs\db (Adware.ShopperReports) -> No action taken.

C:\Documents and Settings\Linnea\Application Data\ShoppingReport\cs\dwld (Adware.ShopperReports) -> No action taken.

C:\Documents and Settings\Linnea\Application Data\ShoppingReport\cs\report (Adware.ShopperReports) -> No action taken.

C:\Documents and Settings\Linnea\Application Data\ShoppingReport\cs\res1 (Adware.ShopperReports) -> No action taken.

C:\Documents and Settings\Stefan\Application Data\ShoppingReport (Adware.ShopperReports) -> No action taken.

C:\Documents and Settings\Stefan\Application Data\ShoppingReport\cs (Adware.ShopperReports) -> No action taken.

C:\Documents and Settings\Stefan\Application Data\ShoppingReport\cs\db (Adware.ShopperReports) -> No action taken.

C:\Documents and Settings\Stefan\Application Data\ShoppingReport\cs\dwld (Adware.ShopperReports) -> No action taken.

C:\Documents and Settings\Stefan\Application Data\ShoppingReport\cs\report (Adware.ShopperReports) -> No action taken.

C:\Documents and Settings\Stefan\Application Data\ShoppingReport\cs\res1 (Adware.ShopperReports) -> No action taken.

C:\Documents and Settings\Stefan\Application Data\Zango (Adware.Zango) -> No action taken.

C:\Documents and Settings\Stefan\Application Data\Zango\IESkins (Adware.Zango) -> No action taken.

C:\Documents and Settings\Stefan\Application Data\Zango\v3.0 (Adware.Zango) -> No action taken.

C:\Documents and Settings\Stefan\Application Data\Zango\v3.0\HostOI (Adware.Zango) -> No action taken.

C:\Documents and Settings\Stefan\Application Data\Zango\v3.0\HostOI\dynamic (Adware.Zango) -> No action taken.

C:\Documents and Settings\Stefan\Application Data\Zango\v3.0\HostOL (Adware.Zango) -> No action taken.

C:\Documents and Settings\Stefan\Application Data\Zango\v3.0\HostOL\dynamic (Adware.Zango) -> No action taken.

C:\Documents and Settings\Stefan\Application Data\Zango\v3.0\Zango (Adware.Zango) -> No action taken.

C:\Documents and Settings\Stefan\Application Data\Zango\v3.0\Zango\dynamic (Adware.Zango) -> No action taken.

C:\Documents and Settings\Stefan\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML (Adware.Zango) -> No action taken.

C:\Documents and Settings\Stefan\Application Data\Zango\v3.0\Zango\dynamic\ustat (Adware.Zango) -> No action taken.

C:\Documents and Settings\Stefan\Application Data\Zango\v3.0\Zango\static (Adware.Zango) -> No action taken.

C:\Documents and Settings\Stefan\Application Data\Zango\v3.0\Zango\static\1 (Adware.Zango) -> No action taken.

C:\Documents and Settings\Stefan\Application Data\Zango\v3.0\Zango\static\2 (Adware.Zango) -> No action taken.

C:\Documents and Settings\Stefan\Application Data\Zango\v3.0\Zango\static\DownLoad (Adware.Zango) -> No action taken.

C:\Program\ShoppingReport (Adware.ShopperReports) -> No action taken.

C:\Program\ShoppingReport\Bin (Adware.ShopperReports) -> No action taken.

C:\Program\ShoppingReport\Bin\2.5.0 (Adware.ShopperReports) -> No action taken.

 

Infekterade filer:

C:\Documents and Settings\Linnea\Application Data\ShoppingReport\cs\Config.xml (Adware.ShopperReports) -> No action taken.

C:\Documents and Settings\Linnea\Application Data\ShoppingReport\cs\db\Aliases.dbs (Adware.ShopperReports) -> No action taken.

C:\Documents and Settings\Linnea\Application Data\ShoppingReport\cs\db\Sites.dbs (Adware.ShopperReports) -> No action taken.

C:\Documents and Settings\Linnea\Application Data\ShoppingReport\cs\dwld\WhiteList.xip (Adware.ShopperReports) -> No action taken.

C:\Documents and Settings\Linnea\Application Data\ShoppingReport\cs\report\aggr_storage.xml (Adware.ShopperReports) -> No action taken.

C:\Documents and Settings\Linnea\Application Data\ShoppingReport\cs\report\send_storage.xml (Adware.ShopperReports) -> No action taken.

C:\Documents and Settings\Linnea\Application Data\ShoppingReport\cs\res1\WhiteList.dbs (Adware.ShopperReports) -> No action taken.

C:\Documents and Settings\Stefan\Application Data\ShoppingReport\cs\Config.xml (Adware.ShopperReports) -> No action taken.

C:\Documents and Settings\Stefan\Application Data\ShoppingReport\cs\db\Aliases.dbs (Adware.ShopperReports) -> No action taken.

C:\Documents and Settings\Stefan\Application Data\ShoppingReport\cs\db\Sites.dbs (Adware.ShopperReports) -> No action taken.

C:\Documents and Settings\Stefan\Application Data\ShoppingReport\cs\dwld\WhiteList.xip (Adware.ShopperReports) -> No action taken.

C:\Documents and Settings\Stefan\Application Data\ShoppingReport\cs\report\aggr_storage.xml (Adware.ShopperReports) -> No action taken.

C:\Documents and Settings\Stefan\Application Data\ShoppingReport\cs\report\send_storage.xml (Adware.ShopperReports) -> No action taken.

C:\Documents and Settings\Stefan\Application Data\ShoppingReport\cs\res1\WhiteList.dbs (Adware.ShopperReports) -> No action taken.

C:\Documents and Settings\Stefan\Application Data\Zango\v3.0\Zango\dynamic\1.sdf (Adware.Zango) -> No action taken.

C:\Documents and Settings\Stefan\Application Data\Zango\v3.0\Zango\dynamic\1386824.sdf (Adware.Zango) -> No action taken.

C:\Documents and Settings\Stefan\Application Data\Zango\v3.0\Zango\dynamic\3251993.sdf (Adware.Zango) -> No action taken.

C:\Documents and Settings\Stefan\Application Data\Zango\v3.0\Zango\dynamic\3893245.sdf (Adware.Zango) -> No action taken.

C:\Documents and Settings\Stefan\Application Data\Zango\v3.0\Zango\dynamic\819382.sdf (Adware.Zango) -> No action taken.

C:\Documents and Settings\Stefan\Application Data\Zango\v3.0\Zango\dynamic\domains.txt (Adware.Zango) -> No action taken.

C:\Documents and Settings\Stefan\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\17040 (Adware.Zango) -> No action taken.

C:\Documents and Settings\Stefan\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\198406 (Adware.Zango) -> No action taken.

C:\Documents and Settings\Stefan\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\211683 (Adware.Zango) -> No action taken.

C:\Documents and Settings\Stefan\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\223385 (Adware.Zango) -> No action taken.

C:\Documents and Settings\Stefan\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\231028 (Adware.Zango) -> No action taken.

C:\Documents and Settings\Stefan\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\233027 (Adware.Zango) -> No action taken.

C:\Documents and Settings\Stefan\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\23923 (Adware.Zango) -> No action taken.

C:\Documents and Settings\Stefan\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\27503 (Adware.Zango) -> No action taken.

C:\Documents and Settings\Stefan\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\288733 (Adware.Zango) -> No action taken.

C:\Documents and Settings\Stefan\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\297076 (Adware.Zango) -> No action taken.

C:\Documents and Settings\Stefan\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\33201 (Adware.Zango) -> No action taken.

C:\Documents and Settings\Stefan\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\34123 (Adware.Zango) -> No action taken.

C:\Documents and Settings\Stefan\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\390259 (Adware.Zango) -> No action taken.

C:\Documents and Settings\Stefan\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\427075 (Adware.Zango) -> No action taken.

C:\Documents and Settings\Stefan\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\427148 (Adware.Zango) -> No action taken.

C:\Documents and Settings\Stefan\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\455563 (Adware.Zango) -> No action taken.

C:\Documents and Settings\Stefan\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\455743 (Adware.Zango) -> No action taken.

C:\Documents and Settings\Stefan\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\516030 (Adware.Zango) -> No action taken.

C:\Documents and Settings\Stefan\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\52335 (Adware.Zango) -> No action taken.

C:\Documents and Settings\Stefan\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\53813 (Adware.Zango) -> No action taken.

C:\Documents and Settings\Stefan\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\54979 (Adware.Zango) -> No action taken.

C:\Documents and Settings\Stefan\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\575586 (Adware.Zango) -> No action taken.

C:\Documents and Settings\Stefan\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\591955 (Adware.Zango) -> No action taken.

C:\Documents and Settings\Stefan\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\67220 (Adware.Zango) -> No action taken.

C:\Documents and Settings\Stefan\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\738022 (Adware.Zango) -> No action taken.

C:\Documents and Settings\Stefan\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\747635 (Adware.Zango) -> No action taken.

C:\Documents and Settings\Stefan\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\753300 (Adware.Zango) -> No action taken.

C:\Documents and Settings\Stefan\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\753335 (Adware.Zango) -> No action taken.

C:\Documents and Settings\Stefan\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\753344 (Adware.Zango) -> No action taken.

C:\Documents and Settings\Stefan\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\7690 (Adware.Zango) -> No action taken.

C:\Documents and Settings\Stefan\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\81480 (Adware.Zango) -> No action taken.

C:\Documents and Settings\Stefan\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\81830 (Adware.Zango) -> No action taken.

C:\Documents and Settings\Stefan\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\93110 (Adware.Zango) -> No action taken.

C:\Documents and Settings\Stefan\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\95917 (Adware.Zango) -> No action taken.

C:\Documents and Settings\Stefan\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\96961 (Adware.Zango) -> No action taken.

C:\Documents and Settings\Stefan\Application Data\Zango\v3.0\Zango\dynamic\ustat\3715.dat (Adware.Zango) -> No action taken.

C:\Documents and Settings\Stefan\Application Data\Zango\v3.0\Zango\static\1\avatar.res (Adware.Zango) -> No action taken.

C:\Documents and Settings\Stefan\Application Data\Zango\v3.0\Zango\static\1\btntrans.idx (Adware.Zango) -> No action taken.

C:\Documents and Settings\Stefan\Application Data\Zango\v3.0\Zango\static\1\btntrans1.dat (Adware.Zango) -> No action taken.

C:\Documents and Settings\Stefan\Application Data\Zango\v3.0\Zango\static\1\buttondir.txt (Adware.Zango) -> No action taken.

C:\Documents and Settings\Stefan\Application Data\Zango\v3.0\Zango\static\1\components.cdf (Adware.Zango) -> No action taken.

C:\Documents and Settings\Stefan\Application Data\Zango\v3.0\Zango\static\1\cursors.res (Adware.Zango) -> No action taken.

C:\Documents and Settings\Stefan\Application Data\Zango\v3.0\Zango\static\1\default.cdf (Adware.Zango) -> No action taken.

C:\Documents and Settings\Stefan\Application Data\Zango\v3.0\Zango\static\1\Default_511745-514279.mnu (Adware.Zango) -> No action taken.

C:\Documents and Settings\Stefan\Application Data\Zango\v3.0\Zango\static\1\Default_bidzC_ZT_IE-ca.mnu (Adware.Zango) -> No action taken.

C:\Documents and Settings\Stefan\Application Data\Zango\v3.0\Zango\static\1\Default_bidzC_ZT_IE-us.mnu (Adware.Zango) -> No action taken.

C:\Documents and Settings\Stefan\Application Data\Zango\v3.0\Zango\static\1\Default_categorize.mnu (Adware.Zango) -> No action taken.

C:\Documents and Settings\Stefan\Application Data\Zango\v3.0\Zango\static\1\Default_comparison.mnu (Adware.Zango) -> No action taken.

C:\Documents and Settings\Stefan\Application Data\Zango\v3.0\Zango\static\1\Default_explorer-Mails.mnu (Adware.Zango) -> No action taken.

C:\Documents and Settings\Stefan\Application Data\Zango\v3.0\Zango\static\1\Default_explorer-people.mnu (Adware.Zango) -> No action taken.

C:\Documents and Settings\Stefan\Application Data\Zango\v3.0\Zango\static\1\Default_favorites.mnu (Adware.Zango) -> No action taken.

C:\Documents and Settings\Stefan\Application Data\Zango\v3.0\Zango\static\1\Default_Games.mnu (Adware.Zango) -> No action taken.

C:\Documents and Settings\Stefan\Application Data\Zango\v3.0\Zango\static\1\Default_Hide.mnu (Adware.Zango) -> No action taken.

C:\Documents and Settings\Stefan\Application Data\Zango\v3.0\Zango\static\1\Default_hotbarcom.mnu (Adware.Zango) -> No action taken.

C:\Documents and Settings\Stefan\Application Data\Zango\v3.0\Zango\static\1\Default_Hotmail.mnu (Adware.Zango) -> No action taken.

C:\Documents and Settings\Stefan\Application Data\Zango\v3.0\Zango\static\1\Default_hsskin.mnu (Adware.Zango) -> No action taken.

C:\Documents and Settings\Stefan\Application Data\Zango\v3.0\Zango\static\1\Default_jemster.mnu (Adware.Zango) -> No action taken.

C:\Documents and Settings\Stefan\Application Data\Zango\v3.0\Zango\static\1\Default_jemsterie.mnu (Adware.Zango) -> No action taken.

C:\Documents and Settings\Stefan\Application Data\Zango\v3.0\Zango\static\1\Default_jemsteruk.mnu (Adware.Zango) -> No action taken.

C:\Documents and Settings\Stefan\Application Data\Zango\v3.0\Zango\static\1\Default_jobsearch.mnu (Adware.Zango) -> No action taken.

C:\Documents and Settings\Stefan\Application Data\Zango\v3.0\Zango\static\1\Default_Mails.mnu (Adware.Zango) -> No action taken.

C:\Documents and Settings\Stefan\Application Data\Zango\v3.0\Zango\static\1\Default_MobileSidewalk.mnu (Adware.Zango) -> No action taken.

C:\Documents and Settings\Stefan\Application Data\Zango\v3.0\Zango\static\1\Default_new.mnu (Adware.Zango) -> No action taken.

C:\Documents and Settings\Stefan\Application Data\Zango\v3.0\Zango\static\1\Default_premium.mnu (Adware.Zango) -> No action taken.

C:\Documents and Settings\Stefan\Application Data\Zango\v3.0\Zango\static\1\Default_reun.mnu (Adware.Zango) -> No action taken.

C:\Documents and Settings\Stefan\Application Data\Zango\v3.0\Zango\static\1\Default_ringtones.mnu (Adware.Zango) -> No action taken.

C:\Documents and Settings\Stefan\Application Data\Zango\v3.0\Zango\static\1\Default_SearchBoxTrapper.mnu (Adware.Zango) -> No action taken.

C:\Documents and Settings\Stefan\Application Data\Zango\v3.0\Zango\static\1\Default_searchfor.mnu (Adware.Zango) -> No action taken.

C:\Documents and Settings\Stefan\Application Data\Zango\v3.0\Zango\static\1\Default_searchgo.mnu (Adware.Zango) -> No action taken.

C:\Documents and Settings\Stefan\Application Data\Zango\v3.0\Zango\static\1\Default_weather.mnu (Adware.Zango) -> No action taken.

C:\Documents and Settings\Stefan\Application Data\Zango\v3.0\Zango\static\1\Default_yellowpages.mnu (Adware.Zango) -> No action taken.

C:\Documents and Settings\Stefan\Application Data\Zango\v3.0\Zango\static\1\d_icons_buttons_1000.res (Adware.Zango) -> No action taken.

C:\Documents and Settings\Stefan\Application Data\Zango\v3.0\Zango\static\1\d_icons_buttons_2000.res (Adware.Zango) -> No action taken.

C:\Documents and Settings\Stefan\Application Data\Zango\v3.0\Zango\static\1\d_icons_buttons_3000.res (Adware.Zango) -> No action taken.

C:\Documents and Settings\Stefan\Application Data\Zango\v3.0\Zango\static\1\d_icons_buttons_bar.res (Adware.Zango) -> No action taken.

C:\Documents and Settings\Stefan\Application Data\Zango\v3.0\Zango\static\1\d_icons_buttons_bbar1.res (Adware.Zango) -> No action taken.

C:\Documents and Settings\Stefan\Application Data\Zango\v3.0\Zango\static\1\d_icons_buttons_logos.res (Adware.Zango) -> No action taken.

C:\Documents and Settings\Stefan\Application Data\Zango\v3.0\Zango\static\1\d_icons_buttons_other.res (Adware.Zango) -> No action taken.

C:\Documents and Settings\Stefan\Application Data\Zango\v3.0\Zango\static\1\d_icons_weather.res (Adware.Zango) -> No action taken.

C:\Documents and Settings\Stefan\Application Data\Zango\v3.0\Zango\static\1\editblbuttons.res (Adware.Zango) -> No action taken.

C:\Documents and Settings\Stefan\Application Data\Zango\v3.0\Zango\static\1\email-def-511724-548964.mnu (Adware.Zango) -> No action taken.

C:\Documents and Settings\Stefan\Application Data\Zango\v3.0\Zango\static\1\email-def-511724-9595.mnu (Adware.Zango) -> No action taken.

C:\Documents and Settings\Stefan\Application Data\Zango\v3.0\Zango\static\1\email-t1-bg.res (Adware.Zango) -> No action taken.

C:\Documents and Settings\Stefan\Application Data\Zango\v3.0\Zango\static\1\icons2.res (Adware.Zango) -> No action taken.

C:\Documents and Settings\Stefan\Application Data\Zango\v3.0\Zango\static\1\ie_games_icon.res (Adware.Zango) -> No action taken.

C:\Documents and Settings\Stefan\Application Data\Zango\v3.0\Zango\static\1\ie_video.res (Adware.Zango) -> No action taken.

C:\Documents and Settings\Stefan\Application Data\Zango\v3.0\Zango\static\1\keywords.idx (Adware.Zango) -> No action taken.

C:\Documents and Settings\Stefan\Application Data\Zango\v3.0\Zango\static\1\keywords1.dat (Adware.Zango) -> No action taken.

C:\Documents and Settings\Stefan\Application Data\Zango\v3.0\Zango\static\1\layout.cdf (Adware.Zango) -> No action taken.

C:\Documents and Settings\Stefan\Application Data\Zango\v3.0\Zango\static\1\linkpathlegal.txt (Adware.Zango) -> No action taken.

C:\Documents and Settings\Stefan\Application Data\Zango\v3.0\Zango\static\1\progress.res (Adware.Zango) -> No action taken.

C:\Documents and Settings\Stefan\Application Data\Zango\v3.0\Zango\static\1\sales_buttons.res (Adware.Zango) -> No action taken.

C:\Documents and Settings\Stefan\Application Data\Zango\v3.0\Zango\static\1\sdfmodifier.xml (Adware.Zango) -> No action taken.

C:\Documents and Settings\Stefan\Application Data\Zango\v3.0\Zango\static\1\s_icons_buttons.res (Adware.Zango) -> No action taken.

C:\Documents and Settings\Stefan\Application Data\Zango\v3.0\Zango\static\1\t2_bg.res (Adware.Zango) -> No action taken.

C:\Documents and Settings\Stefan\Application Data\Zango\v3.0\Zango\static\1\theweb.mnu (Adware.Zango) -> No action taken.

C:\Documents and Settings\Stefan\Application Data\Zango\v3.0\Zango\static\1\top7.cdf (Adware.Zango) -> No action taken.

C:\Documents and Settings\Stefan\Application Data\Zango\v3.0\Zango\static\1\Top7_theweb.mnu (Adware.Zango) -> No action taken.

C:\Documents and Settings\Stefan\Application Data\Zango\v3.0\Zango\static\1\tsd_bg.res (Adware.Zango) -> No action taken.

C:\Documents and Settings\Stefan\Application Data\Zango\v3.0\Zango\static\1\zango_btn.res (Adware.Zango) -> No action taken.

C:\Documents and Settings\Stefan\Application Data\Zango\v3.0\Zango\static\1\zango_ie_menu.res (Adware.Zango) -> No action taken.

C:\Documents and Settings\Stefan\Application Data\Zango\v3.0\Zango\static\2\avatar.res (Adware.Zango) -> No action taken.

C:\Documents and Settings\Stefan\Application Data\Zango\v3.0\Zango\static\2\btntrans.idx (Adware.Zango) -> No action taken.

C:\Documents and Settings\Stefan\Application Data\Zango\v3.0\Zango\static\2\btntrans1.dat (Adware.Zango) -> No action taken.

C:\Documents and Settings\Stefan\Application Data\Zango\v3.0\Zango\static\2\buttondir.txt (Adware.Zango) -> No action taken.

C:\Documents and Settings\Stefan\Application Data\Zango\v3.0\Zango\static\2\components.cdf (Adware.Zango) -> No action taken.

C:\Documents and Settings\Stefan\Application Data\Zango\v3.0\Zango\static\2\cursors.res (Adware.Zango) -> No action taken.

C:\Documents and Settings\Stefan\Application Data\Zango\v3.0\Zango\static\2\default.cdf (Adware.Zango) -> No action taken.

C:\Documents and Settings\Stefan\Application Data\Zango\v3.0\Zango\static\2\Default_511745-514279.mnu (Adware.Zango) -> No action taken.

C:\Documents and Settings\Stefan\Application Data\Zango\v3.0\Zango\static\2\Default_bidzC_ZT_IE-ca.mnu (Adware.Zango) -> No action taken.

C:\Documents and Settings\Stefan\Application Data\Zango\v3.0\Zango\static\2\Default_bidzC_ZT_IE-us.mnu (Adware.Zango) -> No action taken.

C:\Documents and Settings\Stefan\Application Data\Zango\v3.0\Zango\static\2\Default_categorize.mnu (Adware.Zango) -> No action taken.

C:\Documents and Settings\Stefan\Application Data\Zango\v3.0\Zango\static\2\Default_comparison.mnu (Adware.Zango) -> No action taken.

C:\Documents and Settings\Stefan\Application Data\Zango\v3.0\Zango\static\2\Default_explorer-Mails.mnu (Adware.Zango) -> No action taken.

C:\Documents and Settings\Stefan\Application Data\Zango\v3.0\Zango\static\2\Default_explorer-people.mnu (Adware.Zango) -> No action taken.

C:\Documents and Settings\Stefan\Application Data\Zango\v3.0\Zango\static\2\Default_favorites.mnu (Adware.Zango) -> No action taken.

C:\Documents and Settings\Stefan\Application Data\Zango\v3.0\Zango\static\2\Default_Games.mnu (Adware.Zango) -> No action taken.

C:\Documents and Settings\Stefan\Application Data\Zango\v3.0\Zango\static\2\Default_Hide.mnu (Adware.Zango) -> No action taken.

C:\Documents and Settings\Stefan\Application Data\Zango\v3.0\Zango\static\2\Default_hotbarcom.mnu (Adware.Zango) -> No action taken.

C:\Documents and Settings\Stefan\Application Data\Zango\v3.0\Zango\static\2\Default_Hotmail.mnu (Adware.Zango) -> No action taken.

C:\Documents and Settings\Stefan\Application Data\Zango\v3.0\Zango\static\2\Default_hsskin.mnu (Adware.Zango) -> No action taken.

C:\Documents and Settings\Stefan\Application Data\Zango\v3.0\Zango\static\2\Default_jemster.mnu (Adware.Zango) -> No action taken.

C:\Documents and Settings\Stefan\Application Data\Zango\v3.0\Zango\static\2\Default_jemsterie.mnu (Adware.Zango) -> No action taken.

C:\Documents and Settings\Stefan\Application Data\Zango\v3.0\Zango\static\2\Default_jemsteruk.mnu (Adware.Zango) -> No action taken.

C:\Documents and Settings\Stefan\Application Data\Zango\v3.0\Zango\static\2\Default_jobsearch.mnu (Adware.Zango) -> No action taken.

C:\Documents and Settings\Stefan\Application Data\Zango\v3.0\Zango\static\2\Default_Mails.mnu (Adware.Zango) -> No action taken.

C:\Documents and Settings\Stefan\Application Data\Zango\v3.0\Zango\static\2\Default_MobileSidewalk.mnu (Adware.Zango) -> No action taken.

C:\Documents and Settings\Stefan\Application Data\Zango\v3.0\Zango\static\2\Default_new.mnu (Adware.Zango) -> No action taken.

C:\Documents and Settings\Stefan\Application Data\Zango\v3.0\Zango\static\2\Default_premium.mnu (Adware.Zango) -> No action taken.

C:\Documents and Settings\Stefan\Application Data\Zango\v3.0\Zango\static\2\Default_reun.mnu (Adware.Zango) -> No action taken.

C:\Documents and Settings\Stefan\Application Data\Zango\v3.0\Zango\static\2\Default_ringtones.mnu (Adware.Zango) -> No action taken.

C:\Documents and Settings\Stefan\Application Data\Zango\v3.0\Zango\static\2\Default_SearchBoxTrapper.mnu (Adware.Zango) -> No action taken.

C:\Documents and Settings\Stefan\Application Data\Zango\v3.0\Zango\static\2\Default_searchfor.mnu (Adware.Zango) -> No action taken.

C:\Documents and Settings\Stefan\Application Data\Zango\v3.0\Zango\static\2\Default_searchgo.mnu (Adware.Zango) -> No action taken.

C:\Documents and Settings\Stefan\Application Data\Zango\v3.0\Zango\static\2\Default_weather.mnu (Adware.Zango) -> No action taken.

C:\Documents and Settings\Stefan\Application Data\Zango\v3.0\Zango\static\2\Default_yellowpages.mnu (Adware.Zango) -> No action taken.

C:\Documents and Settings\Stefan\Application Data\Zango\v3.0\Zango\static\2\d_icons_buttons_1000.res (Adware.Zango) -> No action taken.

C:\Documents and Settings\Stefan\Application Data\Zango\v3.0\Zango\static\2\d_icons_buttons_2000.res (Adware.Zango) -> No action taken.

C:\Documents and Settings\Stefan\Application Data\Zango\v3.0\Zango\static\2\d_icons_buttons_3000.res (Adware.Zango) -> No action taken.

C:\Documents and Settings\Stefan\Application Data\Zango\v3.0\Zango\static\2\d_icons_buttons_bar.res (Adware.Zango) -> No action taken.

C:\Documents and Settings\Stefan\Application Data\Zango\v3.0\Zango\static\2\d_icons_buttons_bbar1.res (Adware.Zango) -> No action taken.

C:\Documents and Settings\Stefan\Application Data\Zango\v3.0\Zango\static\2\d_icons_buttons_logos.res (Adware.Zango) -> No action taken.

C:\Documents and Settings\Stefan\Application Data\Zango\v3.0\Zango\static\2\d_icons_buttons_other.res (Adware.Zango) -> No action taken.

C:\Documents and Settings\Stefan\Application Data\Zango\v3.0\Zango\static\2\d_icons_weather.res (Adware.Zango) -> No action taken.

C:\Documents and Settings\Stefan\Application Data\Zango\v3.0\Zango\static\2\editblbuttons.res (Adware.Zango) -> No action taken.

C:\Documents and Settings\Stefan\Application Data\Zango\v3.0\Zango\static\2\email-def-511724-548964.mnu (Adware.Zango) -> No action taken.

C:\Documents and Settings\Stefan\Application Data\Zango\v3.0\Zango\static\2\email-def-511724-9595.mnu (Adware.Zango) -> No action taken.

C:\Documents and Settings\Stefan\Application Data\Zango\v3.0\Zango\static\2\email-t1-bg.res (Adware.Zango) -> No action taken.

C:\Documents and Settings\Stefan\Application Data\Zango\v3.0\Zango\static\2\icons2.res (Adware.Zango) -> No action taken.

C:\Documents and Settings\Stefan\Application Data\Zango\v3.0\Zango\static\2\ie_games_icon.res (Adware.Zango) -> No action taken.

C:\Documents and Settings\Stefan\Application Data\Zango\v3.0\Zango\static\2\ie_video.res (Adware.Zango) -> No action taken.

C:\Documents and Settings\Stefan\Application Data\Zango\v3.0\Zango\static\2\keywords.idx (Adware.Zango) -> No action taken.

C:\Documents and Settings\Stefan\Application Data\Zango\v3.0\Zango\static\2\keywords1.dat (Adware.Zango) -> No action taken.

C:\Documents and Settings\Stefan\Application Data\Zango\v3.0\Zango\static\2\layout.cdf (Adware.Zango) -> No action taken.

C:\Documents and Settings\Stefan\Application Data\Zango\v3.0\Zango\static\2\linkpathlegal.txt (Adware.Zango) -> No action taken.

C:\Documents and Settings\Stefan\Application Data\Zango\v3.0\Zango\static\2\progress.res (Adware.Zango) -> No action taken.

C:\Documents and Settings\Stefan\Application Data\Zango\v3.0\Zango\static\2\sales_buttons.res (Adware.Zango) -> No action taken.

C:\Documents and Settings\Stefan\Application Data\Zango\v3.0\Zango\static\2\sdfmodifier.xml (Adware.Zango) -> No action taken.

C:\Documents and Settings\Stefan\Application Data\Zango\v3.0\Zango\static\2\s_icons_buttons.res (Adware.Zango) -> No action taken.

C:\Documents and Settings\Stefan\Application Data\Zango\v3.0\Zango\static\2\t2_bg.res (Adware.Zango) -> No action taken.

C:\Documents and Settings\Stefan\Application Data\Zango\v3.0\Zango\static\2\theweb.mnu (Adware.Zango) -> No action taken.

C:\Documents and Settings\Stefan\Application Data\Zango\v3.0\Zango\static\2\top7.cdf (Adware.Zango) -> No action taken.

C:\Documents and Settings\Stefan\Application Data\Zango\v3.0\Zango\static\2\Top7_theweb.mnu (Adware.Zango) -> No action taken.

C:\Documents and Settings\Stefan\Application Data\Zango\v3.0\Zango\static\2\tsd_bg.res (Adware.Zango) -> No action taken.

C:\Documents and Settings\Stefan\Application Data\Zango\v3.0\Zango\static\2\zango_btn.res (Adware.Zango) -> No action taken.

C:\Documents and Settings\Stefan\Application Data\Zango\v3.0\Zango\static\2\zango_ie_menu.res (Adware.Zango) -> No action taken.

C:\Documents and Settings\Stefan\Application Data\Zango\v3.0\Zango\static\DownLoad\avatar.xip (Adware.Zango) -> No action taken.

C:\Documents and Settings\Stefan\Application Data\Zango\v3.0\Zango\static\DownLoad\BtnTrans.xip (Adware.Zango) -> No action taken.

C:\Documents and Settings\Stefan\Application Data\Zango\v3.0\Zango\static\DownLoad\BtnTrans1.xip (Adware.Zango) -> No action taken.

C:\Documents and Settings\Stefan\Application Data\Zango\v3.0\Zango\static\DownLoad\buttondir.xip (Adware.Zango) -> No action taken.

C:\Documents and Settings\Stefan\Application Data\Zango\v3.0\Zango\static\DownLoad\cursors.xip (Adware.Zango) -> No action taken.

C:\Documents and Settings\Stefan\Application Data\Zango\v3.0\Zango\static\DownLoad\default.xip (Adware.Zango) -> No action taken.

C:\Documents and Settings\Stefan\Application Data\Zango\v3.0\Zango\static\DownLoad\d_icons_buttons_1000.xip (Adware.Zango) -> No action taken.

C:\Documents and Settings\Stefan\Application Data\Zango\v3.0\Zango\static\DownLoad\d_icons_buttons_2000.xip (Adware.Zango) -> No action taken.

C:\Documents and Settings\Stefan\Application Data\Zango\v3.0\Zango\static\DownLoad\d_icons_buttons_3000.xip (Adware.Zango) -> No action taken.

C:\Documents and Settings\Stefan\Application Data\Zango\v3.0\Zango\static\DownLoad\d_icons_buttons_bar.xip (Adware.Zango) -> No action taken.

C:\Documents and Settings\Stefan\Application Data\Zango\v3.0\Zango\static\DownLoad\d_icons_buttons_bbar1.xip (Adware.Zango) -> No action taken.

C:\Documents and Settings\Stefan\Application Data\Zango\v3.0\Zango\static\DownLoad\d_icons_buttons_logos.xip (Adware.Zango) -> No action taken.

C:\Documents and Settings\Stefan\Application Data\Zango\v3.0\Zango\static\DownLoad\d_icons_buttons_other.xip (Adware.Zango) -> No action taken.

C:\Documents and Settings\Stefan\Application Data\Zango\v3.0\Zango\static\DownLoad\d_icons_weather.xip (Adware.Zango) -> No action taken.

C:\Documents and Settings\Stefan\Application Data\Zango\v3.0\Zango\static\DownLoad\editblbuttons.xip (Adware.Zango) -> No action taken.

C:\Documents and Settings\Stefan\Application Data\Zango\v3.0\Zango\static\DownLoad\email-t1-bg.xip (Adware.Zango) -> No action taken.

C:\Documents and Settings\Stefan\Application Data\Zango\v3.0\Zango\static\DownLoad\icons2.xip (Adware.Zango) -> No action taken.

C:\Documents and Settings\Stefan\Application Data\Zango\v3.0\Zango\static\DownLoad\ie_games_icon.xip (Adware.Zango) -> No action taken.

C:\Documents and Settings\Stefan\Application Data\Zango\v3.0\Zango\static\DownLoad\ie_video.xip (Adware.Zango) -> No action taken.

C:\Documents and Settings\Stefan\Application Data\Zango\v3.0\Zango\static\DownLoad\keywords.xip (Adware.Zango) -> No action taken.

C:\Documents and Settings\Stefan\Application Data\Zango\v3.0\Zango\static\DownLoad\keywords1.xip (Adware.Zango) -> No action taken.

C:\Documents and Settings\Stefan\Application Data\Zango\v3.0\Zango\static\DownLoad\layout.xip (Adware.Zango) -> No action taken.

C:\Documents and Settings\Stefan\Application Data\Zango\v3.0\Zango\static\DownLoad\linkpathlegal.xip (Adware.Zango) -> No action taken.

C:\Documents and Settings\Stefan\Application Data\Zango\v3.0\Zango\static\DownLoad\progress.xip (Adware.Zango) -> No action taken.

C:\Documents and Settings\Stefan\Application Data\Zango\v3.0\Zango\static\DownLoad\sales_buttons.xip (Adware.Zango) -> No action taken.

C:\Documents and Settings\Stefan\Application Data\Zango\v3.0\Zango\static\DownLoad\sdfmodifier.xip (Adware.Zango) -> No action taken.

C:\Documents and Settings\Stefan\Application Data\Zango\v3.0\Zango\static\DownLoad\s_icons_buttons.xip (Adware.Zango) -> No action taken.

C:\Documents and Settings\Stefan\Application Data\Zango\v3.0\Zango\static\DownLoad\t2_bg.xip (Adware.Zango) -> No action taken.

C:\Documents and Settings\Stefan\Application Data\Zango\v3.0\Zango\static\DownLoad\top7.xip (Adware.Zango) -> No action taken.

C:\Documents and Settings\Stefan\Application Data\Zango\v3.0\Zango\static\DownLoad\tsd_bg.xip (Adware.Zango) -> No action taken.

C:\Documents and Settings\Stefan\Application Data\Zango\v3.0\Zango\static\DownLoad\zango_btn.xip (Adware.Zango) -> No action taken.

C:\Documents and Settings\Stefan\Application Data\Zango\v3.0\Zango\static\DownLoad\zango_ie_menu.xip (Adware.Zango) -> No action taken.

C:\WINDOWS\system32\TDSSwkod.log (Rootkit.TDSS) -> No action taken.

[/log]

 

[log]Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 15:49:02, on 2009-10-10

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\Program\Norman\Npm\bin\ELOGSVC.EXE

C:\Program\Norman\Ngs\Bin\Nprosec.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Program\Norman\Npm\Bin\Zanda.exe

C:\Program\Norman\npm\bin\nvoy.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Program\Norman\npf\bin\npfsvc32.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Program\Analog Devices\Core\smax4pnp.exe

C:\Program\Norman\Npm\Bin\ZLH.EXE

C:\Program\iTunes\iTunesHelper.exe

C:\Program\Dell Photo AIO Printer 942\dlbubmgr.exe

C:\Program\Dell Photo AIO Printer 942\memcard.exe

C:\Program\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe

C:\Program\Dell Photo AIO Printer 942\dlbubmon.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program\Java\jre6\bin\jusched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program\Windows Live\Messenger\MsnMsgr.Exe

C:\Program\Messenger\msmsgs.exe

C:\Program\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program\Delade filer\Teleca Shared\CapabilityManager.exe

C:\Program\Nokia\Nokia PC Suite 7\PCSuite.exe

C:\Program\Personal\bin\Personal.exe

C:\WINDOWS\system32\svchost.exe

C:\Program\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe

C:\Program\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe

C:\Program\Delade filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe

C:\Program\Bonjour\mDNSResponder.exe

C:\WINDOWS\system32\svchost.exe

C:\Program\Java\jre6\bin\jqs.exe

C:\WINDOWS\system32\svchost.exe

C:\Program\Delade filer\Teleca Shared\Generic.exe

C:\Program\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe

C:\Program\Norman\Npm\Bin\scheduler.exe

C:\Program\Norman\Npm\Bin\Njeeves.exe

C:\Program\iPod\bin\iPodService.exe

C:\Program\PC Connectivity Solution\ServiceLayer.exe

C:\Program\Norman\nse\bin\NSESVC.EXE

C:\WINDOWS\System32\alg.exe

C:\Program\PC Connectivity Solution\Transports\NclUSBSrv.exe

C:\Program\PC Connectivity Solution\Transports\NclToBTSrv.exe

C:\WINDOWS\System32\svchost.exe

C:\Program\Norman\Nvc\bin\nvcoas.exe

C:\Program\Norman\Nvc\Bin\Nip.exe

C:\Program\Norman\Nvc\Bin\cclaw.exe

C:\Program\Internet Explorer\iexplore.exe

C:\Program\Internet Explorer\iexplore.exe

C:\Program\Internet Explorer\iexplore.exe

C:\Program\Norman\npf\bin\npfuser.exe

C:\Program\Malwarebytes' Anti-Malware\mbam.exe

C:\Program\Trend Micro\HijackThis\HijackThis.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.blocket.se/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157'>http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896'>http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar

O2 - BHO: ShoppingReport - {100EB1FD-D03E-47FD-81F3-EE91287F9465} - C:\Program\ShoppingReport\Bin\2.5.0\ShoppingReport.dll (file missing)

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program\Delade filer\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program\AskBarDis\bar\bin\askBar.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live inloggningshjälpen - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program\Delade filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program\Google\Google Toolbar\GoogleToolbar_32.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll

O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program\AskBarDis\bar\bin\askBar.dll

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program\Google\Google Toolbar\GoogleToolbar_32.dll

O4 - HKLM\..\Run: [ATIPTA] C:\Program\ATI Technologies\ATI Control Panel\atiptaxx.exe

O4 - HKLM\..\Run: [soundMAXPnP] C:\Program\Analog Devices\Core\smax4pnp.exe

O4 - HKLM\..\Run: [Norman ZANDA] "C:\Program\Norman\Npm\Bin\ZLH.EXE" /LOAD /SPLASH

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [Dell Photo AIO Printer 942] "C:\Program\Dell Photo AIO Printer 942\dlbubmgr.exe"

O4 - HKLM\..\Run: [DellMCM] "C:\Program\Dell Photo AIO Printer 942\memcard.exe"

O4 - HKLM\..\Run: [sony Ericsson PC Suite] "C:\Program\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions

O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [steam] "C:\Program\Valve\Steam\Steam.exe" -silent

O4 - HKCU\..\Run: [MSMSGS] "C:\Program\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [swg] "C:\Program\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

O4 - HKCU\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe" -atboottime

O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJÄNST')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: BankID säkerhetsprogram.lnk = C:\Program\Personal\bin\Personal.exe

O4 - Global Startup: Bluetooth Manager.lnk = ?

O4 - Global Startup: Microsoft Office.lnk = C:\Program\Microsoft Office\Office10\OSA.EXE

O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1

O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~4\Office10\EXCEL.EXE/3000

O9 - Extra button: ShopperReports - Compare product prices - {C5428486-50A0-4a02-9D20-520B59A9F9B2} - C:\Program\ShoppingReport\Bin\2.5.0\ShoppingReport.dll (file missing)

O9 - Extra button: ShopperReports - Compare travel rates - {C5428486-50A0-4a02-9D20-520B59A9F9B3} - C:\Program\ShoppingReport\Bin\2.5.0\ShoppingReport.dll (file missing)

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1215378632093

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1215378624468

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program\Delade filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: Bonjour-tjänst (Bonjour Service) - Apple Inc. - C:\Program\Bonjour\mDNSResponder.exe

O23 - Service: dlbu_device - Dell - C:\WINDOWS\system32\dlbucoms.exe

O23 - Service: Norman eLogger service 6 (eLoggerSvc6) - Norman ASA - C:\Program\Norman\Npm\bin\ELOGSVC.EXE

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program\Delade filer\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Tjänsten Google Update (gupdate1c9c1398c573c56) (gupdate1c9c1398c573c56) - Google Inc. - C:\Program\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program\iPod\bin\iPodService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program\Java\jre6\bin\jqs.exe

O23 - Service: Norman NJeeves - Norman ASA - C:\Program\Norman\Npm\Bin\Njeeves.exe

O23 - Service: Norman ZANDA - Norman ASA - C:\Program\Norman\Npm\Bin\Zanda.exe

O23 - Service: Norman Personal Firewall Service (NPFSvc32) - Norman ASA - C:\Program\Norman\npf\bin\npfsvc32.exe

O23 - Service: Norman Security service (NPROSECSVC) - Norman ASA - C:\Program\Norman\Ngs\Bin\Nprosec.exe

O23 - Service: Norman Scanner Engine Service (nsesvc) - Norman ASA - C:\Program\Norman\nse\bin\NSESVC.EXE

O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\Program\Norman\Nvc\bin\nvcoas.exe

O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Unknown owner - C:\Program\Norman\Nvc\BIN\NVCSCHED.EXE (file missing)

O23 - Service: Norman Resource Provider (NVOY) - Norman ASA - C:\Program\Norman\npm\bin\nvoy.exe

O23 - Service: Norman Scheduler Service (Scheduler) - Norman ASA - C:\Program\Norman\Npm\Bin\scheduler.exe

O23 - Service: ServiceLayer - Nokia. - C:\Program\PC Connectivity Solution\ServiceLayer.exe

 

--

End of file - 11574 bytes

[/log]

 

Dela detta inlägg


Länk till inlägg
Dela på andra webbplatser

Nu igen, det är ju bara en månad sedan du var här. Du får se till att vara rädd om datorn.

 

"C:\WINDOWS\system32\TDSSwkod.log (Rootkit.TDSS) -> No action taken."

Låt MBAM åtgärda allt den hittar och starta sedan om datorn och skanna med MBAM en gång till. Om något hittas så klistra in den loggen. Klistra också in en HijackThis-logg efter det.

 

 

Dela detta inlägg


Länk till inlägg
Dela på andra webbplatser

Hehe.

 

Jo jag vet att det bara var en månad sen. Men nu är det så att jag hjälper en kompis att rensa upp i hans dataträsk.

 

Min egen maskin mår prima och går som tåget.

 

Maleware gav inga napp.

 

Nya Hijack ser ut så här.

 

[log]Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 17:36:01, on 2009-10-10

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\Program\Norman\Npm\bin\ELOGSVC.EXE

C:\Program\Norman\Ngs\Bin\Nprosec.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Program\Norman\Npm\Bin\Zanda.exe

C:\Program\Norman\npm\bin\nvoy.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Program\Norman\npf\bin\npfsvc32.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\svchost.exe

C:\Program\Delade filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program\Bonjour\mDNSResponder.exe

C:\WINDOWS\system32\svchost.exe

C:\Program\Java\jre6\bin\jqs.exe

C:\WINDOWS\system32\svchost.exe

C:\Program\Norman\Npm\Bin\scheduler.exe

C:\Program\Norman\Npm\Bin\Njeeves.exe

C:\WINDOWS\System32\alg.exe

C:\Program\Norman\nse\bin\NSESVC.EXE

C:\Program\Norman\Nvc\bin\nvcoas.exe

C:\WINDOWS\Explorer.EXE

C:\Program\Analog Devices\Core\smax4pnp.exe

C:\Program\Norman\Npm\Bin\ZLH.EXE

C:\Program\Norman\Nvc\Bin\Nip.exe

C:\Program\iTunes\iTunesHelper.exe

C:\Program\Dell Photo AIO Printer 942\dlbubmgr.exe

C:\Program\Norman\Nvc\Bin\cclaw.exe

C:\Program\Dell Photo AIO Printer 942\memcard.exe

C:\Program\Dell Photo AIO Printer 942\dlbubmon.exe

C:\WINDOWS\System32\svchost.exe

C:\Program\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program\Java\jre6\bin\jusched.exe

C:\Program\iPod\bin\iPodService.exe

C:\Program\Delade filer\Teleca Shared\CapabilityManager.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program\Windows Live\Messenger\MsnMsgr.Exe

C:\Program\Messenger\msmsgs.exe

C:\Program\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program\Nokia\Nokia PC Suite 7\PCSuite.exe

C:\Program\Personal\bin\Personal.exe

C:\Program\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe

C:\Program\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe

C:\Program\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe

C:\Program\PC Connectivity Solution\ServiceLayer.exe

C:\Program\Delade filer\Teleca Shared\Generic.exe

C:\Program\PC Connectivity Solution\Transports\NclUSBSrv.exe

C:\Program\PC Connectivity Solution\Transports\NclToBTSrv.exe

C:\Program\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe

C:\Program\Trend Micro\HijackThis\HijackThis.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.blocket.se/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157'>http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896'>http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program\Delade filer\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program\AskBarDis\bar\bin\askBar.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live inloggningshjälpen - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program\Delade filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program\Google\Google Toolbar\GoogleToolbar_32.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll

O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program\AskBarDis\bar\bin\askBar.dll

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program\Google\Google Toolbar\GoogleToolbar_32.dll

O4 - HKLM\..\Run: [ATIPTA] C:\Program\ATI Technologies\ATI Control Panel\atiptaxx.exe

O4 - HKLM\..\Run: [soundMAXPnP] C:\Program\Analog Devices\Core\smax4pnp.exe

O4 - HKLM\..\Run: [Norman ZANDA] "C:\Program\Norman\Npm\Bin\ZLH.EXE" /LOAD /SPLASH

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [Dell Photo AIO Printer 942] "C:\Program\Dell Photo AIO Printer 942\dlbubmgr.exe"

O4 - HKLM\..\Run: [DellMCM] "C:\Program\Dell Photo AIO Printer 942\memcard.exe"

O4 - HKLM\..\Run: [sony Ericsson PC Suite] "C:\Program\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions

O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [steam] "C:\Program\Valve\Steam\Steam.exe" -silent

O4 - HKCU\..\Run: [MSMSGS] "C:\Program\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [swg] "C:\Program\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

O4 - HKCU\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe" -atboottime

O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJÄNST')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: BankID säkerhetsprogram.lnk = C:\Program\Personal\bin\Personal.exe

O4 - Global Startup: Bluetooth Manager.lnk = ?

O4 - Global Startup: Microsoft Office.lnk = C:\Program\Microsoft Office\Office10\OSA.EXE

O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~4\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1215378632093

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1215378624468

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program\Delade filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: Bonjour-tjänst (Bonjour Service) - Apple Inc. - C:\Program\Bonjour\mDNSResponder.exe

O23 - Service: dlbu_device - Dell - C:\WINDOWS\system32\dlbucoms.exe

O23 - Service: Norman eLogger service 6 (eLoggerSvc6) - Norman ASA - C:\Program\Norman\Npm\bin\ELOGSVC.EXE

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program\Delade filer\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Tjänsten Google Update (gupdate1c9c1398c573c56) (gupdate1c9c1398c573c56) - Google Inc. - C:\Program\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program\iPod\bin\iPodService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program\Java\jre6\bin\jqs.exe

O23 - Service: Norman NJeeves - Norman ASA - C:\Program\Norman\Npm\Bin\Njeeves.exe

O23 - Service: Norman ZANDA - Norman ASA - C:\Program\Norman\Npm\Bin\Zanda.exe

O23 - Service: Norman Personal Firewall Service (NPFSvc32) - Norman ASA - C:\Program\Norman\npf\bin\npfsvc32.exe

O23 - Service: Norman Security service (NPROSECSVC) - Norman ASA - C:\Program\Norman\Ngs\Bin\Nprosec.exe

O23 - Service: Norman Scanner Engine Service (nsesvc) - Norman ASA - C:\Program\Norman\nse\bin\NSESVC.EXE

O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\Program\Norman\Nvc\bin\nvcoas.exe

O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Unknown owner - C:\Program\Norman\Nvc\BIN\NVCSCHED.EXE (file missing)

O23 - Service: Norman Resource Provider (NVOY) - Norman ASA - C:\Program\Norman\npm\bin\nvoy.exe

O23 - Service: Norman Scheduler Service (Scheduler) - Norman ASA - C:\Program\Norman\Npm\Bin\scheduler.exe

O23 - Service: ServiceLayer - Nokia. - C:\Program\PC Connectivity Solution\ServiceLayer.exe

 

--

End of file - 10792 bytes

[/log]

 

Dela detta inlägg


Länk till inlägg
Dela på andra webbplatser

Jättebra att det inte var din dator den här gången! :thumbsup:

 

Avinstallera Ask Toolbar. Starta om datorn och ta bort mappen C:\Program\AskBarDis.

 

Det är inget mer än så som syns i loggen. Hur fungerar datorn nu?

 

Dela detta inlägg


Länk till inlägg
Dela på andra webbplatser

Jag kom på att jag kanske borde köra maleware på samtliga konton på maskinen. Det fanns lite till attrensa där, men det verkade vara rester av samma skit som fanns på det första kontot.

 

 

Här kommer en rykande färsk hijack

 

[log]Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 19:13:13, on 2009-10-10

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\Program\Norman\Npm\bin\ELOGSVC.EXE

C:\Program\Norman\Ngs\Bin\Nprosec.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Program\Norman\Npm\Bin\Zanda.exe

C:\Program\Norman\npm\bin\nvoy.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Program\Norman\npf\bin\npfsvc32.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\svchost.exe

C:\Program\Delade filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program\Bonjour\mDNSResponder.exe

C:\WINDOWS\system32\svchost.exe

C:\Program\Java\jre6\bin\jqs.exe

C:\WINDOWS\system32\svchost.exe

C:\Program\Norman\Npm\Bin\scheduler.exe

C:\Program\Norman\Npm\Bin\Njeeves.exe

C:\Program\iPod\bin\iPodService.exe

C:\Program\Norman\nse\bin\NSESVC.EXE

C:\WINDOWS\System32\alg.exe

C:\Program\Norman\Nvc\bin\nvcoas.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\Program\Analog Devices\Core\smax4pnp.exe

C:\Program\Norman\Npm\Bin\ZLH.EXE

C:\Program\Norman\Nvc\Bin\Nip.exe

C:\Program\iTunes\iTunesHelper.exe

C:\Program\Dell Photo AIO Printer 942\dlbubmgr.exe

C:\Program\Norman\Nvc\Bin\cclaw.exe

C:\Program\Dell Photo AIO Printer 942\memcard.exe

C:\Program\Dell Photo AIO Printer 942\dlbubmon.exe

C:\Program\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program\Java\jre6\bin\jusched.exe

C:\Program\Adobe\Reader 9.0\Reader\Reader_sl.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program\Trend Micro\HijackThis\HijackThis.exe

C:\Program\Windows Live\Messenger\MsnMsgr.Exe

C:\Program\Delade filer\Teleca Shared\CapabilityManager.exe

C:\Program\Messenger\msmsgs.exe

C:\Program\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program\Nokia\Nokia PC Suite 7\PCSuite.exe

C:\Program\Personal\bin\Personal.exe

C:\Program\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe

C:\Program\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

C:\Program\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe

C:\Program\PC Connectivity Solution\ServiceLayer.exe

C:\Program\PC Connectivity Solution\Transports\NclUSBSrv.exe

C:\Program\PC Connectivity Solution\Transports\NclToBTSrv.exe

C:\Program\Delade filer\Teleca Shared\Generic.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.blocket.se/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157'>http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896'>http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program\Delade filer\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live inloggningshjälpen - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program\Delade filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program\Google\Google Toolbar\GoogleToolbar_32.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll

O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program\Google\Google Toolbar\GoogleToolbar_32.dll

O4 - HKLM\..\Run: [ATIPTA] C:\Program\ATI Technologies\ATI Control Panel\atiptaxx.exe

O4 - HKLM\..\Run: [soundMAXPnP] C:\Program\Analog Devices\Core\smax4pnp.exe

O4 - HKLM\..\Run: [Norman ZANDA] "C:\Program\Norman\Npm\Bin\ZLH.EXE" /LOAD /SPLASH

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [Dell Photo AIO Printer 942] "C:\Program\Dell Photo AIO Printer 942\dlbubmgr.exe"

O4 - HKLM\..\Run: [DellMCM] "C:\Program\Dell Photo AIO Printer 942\memcard.exe"

O4 - HKLM\..\Run: [sony Ericsson PC Suite] "C:\Program\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions

O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [steam] "C:\Program\Valve\Steam\Steam.exe" -silent

O4 - HKCU\..\Run: [MSMSGS] "C:\Program\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [swg] "C:\Program\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

O4 - HKCU\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe" -atboottime

O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJÄNST')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: BankID säkerhetsprogram.lnk = C:\Program\Personal\bin\Personal.exe

O4 - Global Startup: Bluetooth Manager.lnk = ?

O4 - Global Startup: Microsoft Office.lnk = C:\Program\Microsoft Office\Office10\OSA.EXE

O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~4\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1215378632093

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1215378624468

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program\Delade filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: Bonjour-tjänst (Bonjour Service) - Apple Inc. - C:\Program\Bonjour\mDNSResponder.exe

O23 - Service: dlbu_device - Dell - C:\WINDOWS\system32\dlbucoms.exe

O23 - Service: Norman eLogger service 6 (eLoggerSvc6) - Norman ASA - C:\Program\Norman\Npm\bin\ELOGSVC.EXE

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program\Delade filer\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Tjänsten Google Update (gupdate1c9c1398c573c56) (gupdate1c9c1398c573c56) - Google Inc. - C:\Program\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program\iPod\bin\iPodService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program\Java\jre6\bin\jqs.exe

O23 - Service: Norman NJeeves - Norman ASA - C:\Program\Norman\Npm\Bin\Njeeves.exe

O23 - Service: Norman ZANDA - Norman ASA - C:\Program\Norman\Npm\Bin\Zanda.exe

O23 - Service: Norman Personal Firewall Service (NPFSvc32) - Norman ASA - C:\Program\Norman\npf\bin\npfsvc32.exe

O23 - Service: Norman Security service (NPROSECSVC) - Norman ASA - C:\Program\Norman\Ngs\Bin\Nprosec.exe

O23 - Service: Norman Scanner Engine Service (nsesvc) - Norman ASA - C:\Program\Norman\nse\bin\NSESVC.EXE

O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\Program\Norman\Nvc\bin\nvcoas.exe

O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Unknown owner - C:\Program\Norman\Nvc\BIN\NVCSCHED.EXE (file missing)

O23 - Service: Norman Resource Provider (NVOY) - Norman ASA - C:\Program\Norman\npm\bin\nvoy.exe

O23 - Service: Norman Scheduler Service (Scheduler) - Norman ASA - C:\Program\Norman\Npm\Bin\scheduler.exe

O23 - Service: ServiceLayer - Nokia. - C:\Program\PC Connectivity Solution\ServiceLayer.exe

 

--

End of file - 10558 bytes

[/log]

 

Dela detta inlägg


Länk till inlägg
Dela på andra webbplatser

Nu återstår bara en sista städomgång.

[log]1. Ta bort samtliga systemåterställningspunkter eftersom dessa kan vara infekterade. Du gör det genom att stänga av systemåterställningsfunktionen, starta om datorn och så slå på funktionen igen. Skapa sedan en ny punkt.

 

Systemåterställningsfunktionen slår man av och på här:

XP: Högerklick på Den här datorn - Egenskaper - Systemåterställning

Vista: Högerklick på Datorn - Egenskaper - Avanderade systeminställningar - Systemskydd

Avbocka resp. sätt tillbaks bockar för alla hårddiskar (kom ihåg hur det såg ut innan)

 

2. Ta bort alla tillfälliga filer genom att ladda ner ATF-Cleaner på Skrivbordet:

http://www.atribune.org/ccount/click.php?id=1

 

Stäng av alla andra program, särskilt webbläsare.

Dubbelklicka på ATF-Cleaner.exe för att starta programmet.

Bocka i Select All. Tryck på Empty Selected.

 

Om du använder Firefox: Tryck på Firefox och välj Select All. Tryck på Empty Selected. Om du vill ha kvar dina lösenord så tryck No vid frågan.

 

Om du använder Opera: Tryck på Opera och välj Select All. Tryck på Empty Selected. Om du vill ha kvar dina lösenord så tryck No vid frågan.

 

Tryck på Exit i Main-menyn för att stänga programmet.

 

Obs! Detta kommer att ta bort alla cookies, om du har cookies som du vill ha kvar så får du antingen spara undan dem innan eller låta bli att välja Select All och i stället markera allt annat.

 

3. Byt alla lösenord som du använder i datorn och på internet eftersom dessa kan ha kommit i orätta händer.

http://mnin.blogspot.com/2009/02/why-i-enjoyed-tiggersyzor.html beskriver ett skadligt program som spionerar genom att ta skärmbilder, logga tangentbordsnedtryckningar och läsa lösenord som är lagrade i webbläsare, epostprogram etc.[/log]

4. Förbättra skyddet i datorn, se mina Råd för en säkrare dator. http://ceblstockholm.googlepages.com/home

 

Dela detta inlägg


Länk till inlägg
Dela på andra webbplatser

Skapa ett konto eller logga in för att kommentera

Du måste vara medlem för att kunna kommentera

Skapa ett konto

Skapa ett nytt konto på vårt forum. Det är lätt!

Registrera ett nytt konto

Logga in

Redan medlem? Logga in här.

Logga in nu



×
×
  • Skapa nytt...