Just nu i M3-nätverket
Jump to content

Någon styr min e-post


Tomas. O

Recommended Posts

Jag har fått "något" som skickar ut mail till alla mina kontakter från mina båda konton (hotmail och yahoo)

Jag skickar med en log och hoppas nån kan upptäcka vad som kan styra min epost och om jag har nån svaghet i datorn.

Tack på förhand//Tomas

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 10:58:43, on 2010-03-16

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

 

[log]

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\Program\Panda Software\Panda Internet Security 2007\pavsrv51.exe

C:\Program\Panda Software\Panda Internet Security 2007\AVENGINE.EXE

C:\WINDOWS\system32\svchost.exe

C:\Program\Panda Software\Panda Internet Security 2007\TPSrv.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Program\Panda Software\Panda Internet Security 2007\PsCtrls.exe

C:\Program\Panda Software\Panda Internet Security 2007\PavFnSvr.exe

C:\Program\Delade filer\Panda Software\PavShld\pavprsrv.exe

C:\Program\Panda Software\Panda Internet Security 2007\AntiSpam\pskmssvc.exe

c:\program\panda software\panda internet security 2007\firewall\PSHOST.EXE

C:\Program\Panda Software\Panda Internet Security 2007\PsImSvc.exe

C:\WINDOWS\system32\svchost.exe

C:\Program\Panda Software\Panda Internet Security 2007\ApvxdWin.exe

C:\Program\Panda Software\Panda Internet Security 2007\SRVLOAD.EXE

C:\Program\Panda Software\Panda Internet Security 2007\WebProxy.exe

C:\Program\Panda Software\Panda Internet Security 2007\PavBckPT.exe

C:\WINDOWS\system32\igfxtray.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\WINDOWS\system32\igfxsrvc.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Program\HP\HP Software Update\HPWuSchd2.exe

C:\WINDOWS\System32\drivers\PhiBtn.exe

C:\Program\Internet Explorer\iexplore.exe

C:\WINDOWS\System32\drivers\Tray900.exe

C:\Program\SweetIM\Messenger\SweetIM.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program\LaCie\Backup Software\LaCieBackup.exe

C:\Program\Messenger\msmsgs.exe

C:\Program\HP\Digital Imaging\bin\hpqtra08.exe

C:\Program\Windows Desktop Search\WindowsSearch.exe

C:\Program\Windows Live\Messenger\msnmsgr.exe

C:\WINDOWS\system32\SearchIndexer.exe

C:\Program\Internet Explorer\iexplore.exe

C:\Program\HP\Digital Imaging\bin\hpqSTE08.exe

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\Program\Yahoo!\Messenger\ymsgr_tray.exe

C:\WINDOWS\system32\SearchProtocolHost.exe

C:\Program\Internet Explorer\iexplore.exe

C:\Program\Internet Explorer\iexplore.exe

C:\Program\Internet Explorer\iexplore.exe

C:\Program\Panda Software\Panda Internet Security 2007\psimreal.exe

C:\Program\Trend Micro\HijackThis\HijackThis.exe

C:\Program\Skype\Toolbars\Shared\SkypeNames.exe

C:\Program\Panda Software\Panda Internet Security 2007\avciman.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://se.msn.com/

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar

R3 - URLSearchHook: (no name) - - (no file)

R3 - URLSearchHook: SweetIM ToolbarURLSearchHook Class - {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Program\SweetIM\Toolbars\Internet Explorer\mgHelper.dll

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program\Delade filer\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O2 - BHO: Videoraptor_WebRipPlugin Class - {3C0372C2-04C3-4100-BAB1-1D42C552BC48} - C:\Program\RapidSolution\Videoraptor\plugins\IE\VR_WebRipIePlugin.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program\Java\jre6\bin\ssv.dll

O2 - BHO: Windows Live inloggningshjälpen - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program\Delade filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O2 - BHO: SWEETIE - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll

O3 - Toolbar: SweetIM Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [skyTel] SkyTel.EXE

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM\..\Run: [HP Software Update] C:\Program\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [APVXDWIN] "C:\Program\Panda Software\Panda Internet Security 2007\APVXDWIN.EXE" /s

O4 - HKLM\..\Run: [sCANINICIO] "C:\Program\Panda Software\Panda Internet Security 2007\Inicio.exe"

O4 - HKLM\..\Run: [PhiBtn] %SystemRoot%\System32\drivers\PhiBtn.exe

O4 - HKLM\..\Run: [TrayMin900] %SystemRoot%\System32\drivers\Tray900.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program\Delade filer\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [sweetIM] C:\Program\SweetIM\Messenger\SweetIM.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [msnmsgr] ~"C:\Program\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [Messenger (Yahoo!)] ~"C:\Program\Yahoo!\Messenger\YahooMessenger.exe" -quiet

O4 - HKCU\..\Run: [LaCie Backup] C:\Program\LaCie\Backup Software\\LaCieBackup.exe /background

O4 - HKCU\..\Run: [MSMSGS] "C:\Program\Messenger\msmsgs.exe" /background

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJÄNST')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: Windows Search.lnk = C:\Program\Windows Desktop Search\WindowsSearch.exe

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre6\bin\jp2iexp.dll

O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre6\bin\jp2iexp.dll

O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program\PartyGaming\PartyPoker\RunApp.exe (file missing)

O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program\PartyGaming\PartyPoker\RunApp.exe (file missing)

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1257846304421

O16 - DPF: {745395C8-D0E1-4227-8586-624CA9A10A8D} (AxisMediaControl Class) - http://kusten.axiscam.net/activex/AMC.cab

O16 - DPF: {7DFDB8FD-B498-4958-B930-38021B94351D} (imlUCID Class) - http://imlive.com/chatsource/ImlCID.cab

O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool) - http://gfx2.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program\DELADE~1\Skype\SKYPE4~1.DLL

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program\Java\jre6\bin\jqs.exe

O23 - Service: Panda Software Controller - Panda Software International - C:\Program\Panda Software\Panda Internet Security 2007\PsCtrls.exe

O23 - Service: Panda Function Service (PAVFNSVR) - Panda Software International - C:\Program\Panda Software\Panda Internet Security 2007\PavFnSvr.exe

O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software International - C:\Program\Delade filer\Panda Software\PavShld\pavprsrv.exe

O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:\Program\Panda Software\Panda Internet Security 2007\pavsrv51.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: Panda Antispam Engine (pmshellsrv) - Panda Software International - C:\Program\Panda Software\Panda Internet Security 2007\AntiSpam\pskmssvc.exe

O23 - Service: Panda Host Service (PSHost) - Panda Software International - c:\program\panda software\panda internet security 2007\firewall\PSHOST.EXE

O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software International - C:\Program\Panda Software\Panda Internet Security 2007\PsImSvc.exe

O23 - Service: Panda TPSrv (TPSrv) - Panda Software International - C:\Program\Panda Software\Panda Internet Security 2007\TPSrv.exe

 

--

End of file - 10830 bytes

[/log]

Link to comment
Share on other sites

Om du misstänker att någon har loggat in på din webbmejl så byt lösenord och eventuell hemlig fråga. Den vanligaste orsaken till det är väl att du har skrivit in ditt lösenord på något ställe där du inte borde ha skrivit in det (phising).

 

Avinstallera SweetIM Toolbar.

 

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

Om den raden kan du läsa här: http://www.systemlookup.com/Startup/596-ALCMTR_EXE.html

 

Skanna med HijackThis och bocka för:

 

R3 - URLSearchHook: (no name) - - (no file)

R3 - URLSearchHook: SweetIM ToolbarURLSearchHook Class - {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Program\SweetIM\Toolbars\Internet Explorer\mgHelper.dll

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)

O2 - BHO: SWEETIE - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll

O3 - Toolbar: SweetIM Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll

O16 - DPF: {7DFDB8FD-B498-4958-B930-38021B94351D} (imlUCID Class) - http://imlive.com/ch...urce/ImlCID.cab

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.ad...Plus/1.6/gp.cab

 

Avsluta alla andra program.

Tryck Fix checked.

 

Starta om datorn och kontrollera själv att ovanstående rader är borta ur en ny HijackThis-logg.

Link to comment
Share on other sites

Jag såg att ni även vill ha en DDS-log

Okey jag ska göra det nu...tusen tack!

 

DDS (Ver_09-12-01.01) - NTFSx86

Run by Holodeck at 11:31:22,31 on 2010-03-16

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_17

Microsoft Windows XP Professional 5.1.2600.3.1252.46.1053.18.2038.997 [GMT 1:00]

 

AV: Panda Internet Security 2007 *On-access scanning enabled* (Updated) {4570FB70-5C9E-47E9-B16C-A3A6A06C4BF0}

FW: Platinum 2007 Personal Firewall *enabled* {4570FB70-5C9E-47E9-B16C-A3A6A06C4BF0}

 

[log]

============== Running Processes ===============

 

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\Program\Panda Software\Panda Internet Security 2007\pavsrv51.exe

C:\Program\Panda Software\Panda Internet Security 2007\AVENGINE.EXE

C:\WINDOWS\system32\svchost.exe -k netsvcs

C:\Program\Panda Software\Panda Internet Security 2007\TPSrv.exe

svchost.exe

svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

svchost.exe

C:\Program\Panda Software\Panda Internet Security 2007\PsCtrls.exe

C:\Program\Panda Software\Panda Internet Security 2007\PavFnSvr.exe

C:\Program\Delade filer\Panda Software\PavShld\pavprsrv.exe

C:\Program\Panda Software\Panda Internet Security 2007\AntiSpam\pskmssvc.exe

c:\program\panda software\panda internet security 2007\firewall\PSHOST.EXE

C:\Program\Panda Software\Panda Internet Security 2007\PsImSvc.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\Program\Panda Software\Panda Internet Security 2007\ApvxdWin.exe

C:\Program\Panda Software\Panda Internet Security 2007\SRVLOAD.EXE

C:\Program\Panda Software\Panda Internet Security 2007\WebProxy.exe

C:\Program\Panda Software\Panda Internet Security 2007\PavBckPT.exe

C:\WINDOWS\system32\igfxtray.exe

C:\WINDOWS\system32\igfxpers.exe

C:\WINDOWS\system32\igfxsrvc.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Program\HP\HP Software Update\HPWuSchd2.exe

C:\WINDOWS\System32\drivers\PhiBtn.exe

C:\Program\Internet Explorer\iexplore.exe

C:\WINDOWS\System32\drivers\Tray900.exe

C:\Program\SweetIM\Messenger\SweetIM.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program\LaCie\Backup Software\LaCieBackup.exe

C:\Program\Messenger\msmsgs.exe

C:\Program\HP\Digital Imaging\bin\hpqtra08.exe

C:\Program\Windows Desktop Search\WindowsSearch.exe

C:\Program\Windows Live\Messenger\msnmsgr.exe

C:\WINDOWS\system32\SearchIndexer.exe

C:\Program\Internet Explorer\iexplore.exe

C:\Program\HP\Digital Imaging\bin\hpqSTE08.exe

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\Program\Yahoo!\Messenger\ymsgr_tray.exe

C:\Program\Internet Explorer\iexplore.exe

C:\Program\Internet Explorer\iexplore.exe

C:\Program\Internet Explorer\iexplore.exe

C:\Documents and Settings\Holodeck\Lokala inställningar\Temporary Internet Files\Content.IE5\LKK5H9GD\dds[1].scr

 

============== Pseudo HJT Report ===============

 

uStart Page = about:blank

uURLSearchHooks: H - No File

uURLSearchHooks: SweetIM ToolbarURLSearchHook Class: {eee6c35d-6118-11dc-9c72-001320c79847} - c:\program\sweetim\toolbars\internet explorer\mgHelper.dll

BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program\delade filer\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program\skype\toolbars\internet explorer\SkypeIEPlugin.dll

BHO: Videoraptor_WebRipPlugin Class: {3c0372c2-04c3-4100-bab1-1d42c552bc48} - c:\program\rapidsolution\videoraptor\plugins\ie\VR_WebRipIePlugin.dll

BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program\java\jre6\bin\ssv.dll

BHO: Windows Live inloggningshjälpen: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program\delade filer\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

BHO: SweetIM Toolbar Helper: {eee6c35c-6118-11dc-9c72-001320c79847} - c:\program\sweetim\toolbars\internet explorer\mgToolbarIE.dll

TB: SweetIM Toolbar for Internet Explorer: {eee6c35b-6118-11dc-9c72-001320c79847} - c:\program\sweetim\toolbars\internet explorer\mgToolbarIE.dll

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [msnmsgr] ~"c:\program\windows live\messenger\msnmsgr.exe" /background

uRun: [Messenger (Yahoo!)] ~"c:\program\yahoo!\messenger\YahooMessenger.exe" -quiet

uRun: [LaCie Backup] c:\program\lacie\backup software\\LaCieBackup.exe /background

uRun: [MSMSGS] "c:\program\messenger\msmsgs.exe" /background

mRun: [igfxTray] c:\windows\system32\igfxtray.exe

mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe

mRun: [Persistence] c:\windows\system32\igfxpers.exe

mRun: [RTHDCPL] RTHDCPL.EXE

mRun: [skyTel] SkyTel.EXE

mRun: [Alcmtr] ALCMTR.EXE

mRun: [HP Software Update] c:\program\hp\hp software update\HPWuSchd2.exe

mRun: [APVXDWIN] "c:\program\panda software\panda internet security 2007\APVXDWIN.EXE" /s

mRun: [sCANINICIO] "c:\program\panda software\panda internet security 2007\Inicio.exe"

mRun: [PhiBtn] %SystemRoot%\System32\drivers\PhiBtn.exe

mRun: [TrayMin900] %SystemRoot%\System32\drivers\Tray900.exe

mRun: [Adobe Reader Speed Launcher] "c:\program\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [Adobe ARM] "c:\program\delade filer\adobe\arm\1.0\AdobeARM.exe"

mRun: [<NO NAME>]

mRun: [sweetIM] c:\program\sweetim\messenger\SweetIM.exe

dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE

StartupFolder: c:\docume~1\alluse~1\start-~1\program\autost~1\hpdigi~1.lnk - c:\program\hp\digital imaging\bin\hpqtra08.exe

StartupFolder: c:\docume~1\alluse~1\start-~1\program\autost~1\window~1.lnk - c:\program\windows desktop search\WindowsSearch.exe

IE: {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - c:\program\partygaming\partypoker\RunApp.exe

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program\messenger\msmsgs.exe

IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBC} - c:\program\java\jre6\bin\jp2iexp.dll

IE: {5067A26B-1337-4436-8AFE-EE169C2DA79F} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program\skype\toolbars\internet explorer\SkypeIEPlugin.dll

IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program\skype\toolbars\internet explorer\SkypeIEPlugin.dll

LSP: c:\program\panda software\panda internet security 2007\pavlsp.dll

DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1257846304421

DPF: {745395C8-D0E1-4227-8586-624CA9A10A8D} - hxxp://kusten.axiscam.net/activex/AMC.cab

DPF: {7DFDB8FD-B498-4958-B930-38021B94351D} - hxxp://imlive.com/chatsource/ImlCID.cab

DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} - hxxp://gfx2.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program\delade~1\skype\SKYPE4~1.DLL

Notify: avldr - avldr.dll

Notify: igfxcui - igfxdev.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program\windows desktop search\MSNLNamespaceMgr.dll

mASetup: {B2C3BB6B-E005-4246-B8E5-DF0A4D073CDC} - c:\program\pixiepack codec pack\InstallerHelper.exe

 

================= FIREFOX ===================

 

FF - ProfilePath - c:\docume~1\holodeck\applic~1\mozilla\firefox\profiles\iq98oaks.default\

FF - prefs.js: browser.startup.homepage - hxxp://start.icq.com/

FF - prefs.js: browser.search.selectedEngine - ICQ Search

FF - plugin: c:\program\k-lite codec pack\real\browser\plugins\nppl3260.dll

FF - plugin: c:\program\k-lite codec pack\real\browser\plugins\nprpjplug.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

FF - HiddenExtension: Java Console: No Registry Reference - c:\program\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}

 

---- FIREFOX POLICIES ----

FF - user.js: yahoo.ytff.general.dontshowhpoffer - true);user_pref(network.protocol-handler.warn-external.dnupdate, falsec:\program\mozilla firefox\greprefs\all.js - pref("browser.visited_color", "#551A8B");

c:\program\mozilla firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".se");

c:\program\mozilla firefox\defaults\pref\firefox.js - pref("browser.videoFeeds.handler", "ask");

 

============= SERVICES / DRIVERS ===============

 

R1 APPFLT;App Filter Plugin;c:\windows\system32\drivers\APPFLT.SYS [2009-11-29 58800]

R1 DSAFLT;DSA Filter Plugin;c:\windows\system32\drivers\dsaflt.sys [2009-11-29 49968]

R1 FNETMON;NetMon Filter Plugin;c:\windows\system32\drivers\fnetmon.sys [2009-11-29 15792]

R1 IDSFLT;Ids Filter Plugin;c:\windows\system32\drivers\idsflt.sys [2009-11-29 190640]

R1 NETFLTDI;Panda Net Driver [TDI Layer];c:\windows\system32\drivers\NETFLTDI.SYS [2009-11-29 121392]

R1 ShldDrv;Panda File Shield Driver;c:\windows\system32\drivers\ShlDrv51.sys [2009-11-29 31104]

R1 SMSFLT;SMS Filter Plugin;c:\windows\system32\drivers\smsflt.sys [2009-11-29 36016]

R1 WNMFLT;Wifi Monitor Filter Plugin;c:\windows\system32\drivers\wnmflt.sys [2009-11-29 29360]

R2 cpoint;Panda CPoint Driver;c:\windows\system32\drivers\cpoint.sys [2009-11-29 17792]

R2 Panda Software Controller;Panda Software Controller;c:\program\panda software\panda internet security 2007\PsCtrlS.exe [2009-11-29 165424]

R2 PAVDRV;pavdrv;c:\windows\system32\drivers\pavdrv51.sys [2009-11-29 71680]

R2 PAVFNSVR;Panda Function Service;c:\program\panda software\panda internet security 2007\PAVFNSVR.EXE [2009-11-29 173616]

R2 PavProc;Panda Process Protection Driver;c:\windows\system32\drivers\PavProc.sys [2009-11-29 170800]

R2 PavPrSrv;Panda Process Protection Service;c:\program\delade filer\panda software\pavshld\PavPrSrv.exe [2009-11-29 41520]

R2 PAVSRV;Panda anti-virus service;c:\program\panda software\panda internet security 2007\PAVSRV51.EXE [2009-11-29 136752]

R3 AvFlt;Antivirus Filter Driver;c:\windows\system32\drivers\av5flt.sys --> c:\windows\system32\drivers\av5flt.sys [?]

R3 camvid40;Philips SPC 900NC PC Camera;c:\windows\system32\drivers\camdrv41.sys [2009-11-29 1240576]

R3 ComFiltr;Panda Anti-Dialer;\??\c:\windows\system32\drivers\comfiltr.sys --> c:\windows\system32\drivers\COMFiltr.sys [?]

R3 NETIMFLT;PANDA NDIS IM Filter Miniport;c:\windows\system32\drivers\netimflt.sys [2009-11-29 142128]

R3 PavSRK.sys;PavSRK.sys;\??\c:\windows\system32\pavsrk.sys --> c:\windows\system32\PavSRK.sys [?]

R3 PavTPK.sys;PavTPK.sys;\??\c:\windows\system32\pavtpk.sys --> c:\windows\system32\PavTPK.sys [?]

 

============== File Associations ===============

 

JSEFile=c:\program\pandas~1\pandai~1\PavScrip.exe "%1" %*

VBEFile=c:\program\pandas~1\pandai~1\PavScrip.exe "%1" %*

VBSFile=c:\program\pandas~1\pandai~1\PavScrip.exe "%1" %*

 

=============== Created Last 30 ================

 

2010-03-16 09:58:21 0 d-----w- c:\program\Trend Micro

2010-03-16 08:54:23 0 d-----w- c:\windows\system32\wbem\Repository

2010-03-08 08:19:55 0 d-----w- c:\program\SweetIM

2010-03-08 08:19:55 0 d-----w- c:\docume~1\alluse~1\applic~1\SweetIM

2010-03-07 10:33:44 0 d-----w- c:\program\Axis Communications

 

==================== Find3M ====================

 

2010-03-16 08:57:52 1204 ----a-w- c:\windows\system32\drivers\APPFLTR.CFG.bck

2010-03-16 08:57:52 1204 ----a-w- c:\windows\system32\drivers\APPFLTR.CFG

2010-03-16 08:57:51 270412 ----a-w- c:\windows\system32\drivers\APPFCONT.DAT.bck

2010-03-16 08:57:51 270412 ----a-w- c:\windows\system32\drivers\APPFCONT.DAT

2010-02-04 10:00:52 96864 ----a-w- c:\windows\~GLC0000.TMP

2009-12-21 19:09:46 916480 ----a-w- c:\windows\system32\wininet.dll

2009-12-17 07:42:44 343552 ----a-w- c:\windows\system32\mspaint.exe

 

============= FINISH: 11:32:34,37 ===============

[/log]

Attach.txt

Link to comment
Share on other sites

Så där då är det bara att vänta och se, om det fortsättningsvis skickas mail från nån annan än från mig.

Ska byta lösenord nu.

Jo jag har bara 20 dagar kvar på min panda-licens så jag ska förnya den.

Men nu såg jag på din sida att det finns andra bra program som kanske skyddar minst lika bra som Panda?

Kan du ge mig tips vilka av alla de program och brandväggar som du listar är lätt att förstå och hantera men endå ger ett fullgott skydd för en svensson användare?

Har även läst att explorer inte är den bästa webläsaren utan är en riskfaktor, är opera eller firefox ett bättre alternativ ur säkerhetsaspekten?

Än en gång tuse tack för hjälpen!

 

C:\Program\Trend Micro\HijackThis\HijackThis.exe

 

[log]

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://se.msn.com/

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program\Delade filer\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O2 - BHO: Videoraptor_WebRipPlugin Class - {3C0372C2-04C3-4100-BAB1-1D42C552BC48} - C:\Program\RapidSolution\Videoraptor\plugins\IE\VR_WebRipIePlugin.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program\Java\jre6\bin\ssv.dll

O2 - BHO: Windows Live inloggningshjälpen - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program\Delade filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [skyTel] SkyTel.EXE

O4 - HKLM\..\Run: [HP Software Update] C:\Program\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [APVXDWIN] "C:\Program\Panda Software\Panda Internet Security 2007\APVXDWIN.EXE" /s

O4 - HKLM\..\Run: [sCANINICIO] "C:\Program\Panda Software\Panda Internet Security 2007\Inicio.exe"

O4 - HKLM\..\Run: [PhiBtn] %SystemRoot%\System32\drivers\PhiBtn.exe

O4 - HKLM\..\Run: [TrayMin900] %SystemRoot%\System32\drivers\Tray900.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program\Delade filer\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Program\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program\Yahoo!\Messenger\YahooMessenger.exe" -quiet

O4 - HKCU\..\Run: [LaCie Backup] C:\Program\LaCie\Backup Software\\LaCieBackup.exe /background

O4 - HKCU\..\Run: [MSMSGS] "C:\Program\Messenger\msmsgs.exe" /background

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJÄNST')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: Windows Search.lnk = C:\Program\Windows Desktop Search\WindowsSearch.exe

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre6\bin\jp2iexp.dll

O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre6\bin\jp2iexp.dll

O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program\PartyGaming\PartyPoker\RunApp.exe (file missing)

O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program\PartyGaming\PartyPoker\RunApp.exe (file missing)

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1257846304421

O16 - DPF: {745395C8-D0E1-4227-8586-624CA9A10A8D} (AxisMediaControl Class) - http://kusten.axiscam.net/activex/AMC.cab

O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool) - http://gfx2.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program\DELADE~1\Skype\SKYPE4~1.DLL

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program\Java\jre6\bin\jqs.exe

O23 - Service: Panda Software Controller - Panda Software International - C:\Program\Panda Software\Panda Internet Security 2007\PsCtrls.exe

O23 - Service: Panda Function Service (PAVFNSVR) - Panda Software International - C:\Program\Panda Software\Panda Internet Security 2007\PavFnSvr.exe

O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software International - C:\Program\Delade filer\Panda Software\PavShld\pavprsrv.exe

O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:\Program\Panda Software\Panda Internet Security 2007\pavsrv51.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: Panda Antispam Engine (pmshellsrv) - Panda Software International - C:\Program\Panda Software\Panda Internet Security 2007\AntiSpam\pskmssvc.exe

O23 - Service: Panda Host Service (PSHost) - Panda Software International - c:\program\panda software\panda internet security 2007\firewall\PSHOST.EXE

O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software International - C:\Program\Panda Software\Panda Internet Security 2007\PsImSvc.exe

O23 - Service: Panda TPSrv (TPSrv) - Panda Software International - C:\Program\Panda Software\Panda Internet Security 2007\TPSrv.exe

 

--

End of file - 9542 bytes

 

[/log]

Link to comment
Share on other sites

http://sites.google.com/site/ceblstockholm/home listar jag inga antivirusprogram utan bara program som kompletterar ett antivirusprogram. Om du tycker att Panda har varit lätt att förstå sig på så fortsätt gärna med det, se bara till att uppgradera det varje höst när den nya årsmodellen kommer ut.

 

Jag använder MBAM, a-squared och PC Tools Firewall och tycker inte att de är krångligare att hantera än ett antivirusprogram. SpywareBlaster är definitivt enkel. WOT är också enkel, det är bara ett tillägg till webbläsaren som är lätt att installera. Hosts-filen kan vara lite knepig att installera men har man väl gjort det en gång så vet man till nästa gång. Samma sak med Zoned-Out + IE-SpyAd.

 

När det gäller webbläsare så är Internet Explorer version 8 betydligt bättre än de tidigare versionerna. Säkerhetshål dyker ju upp då och då i alla webbläsare, men det är ju betydligt fler webbsidor som försöker utnyttja ett säkerhetshål i Internet Explorer än när det finns något i Opera pga skillnaden i marknadsandel. Du kan ju se om du trivs med Opera. Såg den här humoristiska jämförelsen http://www.favbrowser.com/the-difference-between-internet-explorer-firefox-google-chrome-opera-and-safari/ förut idag och det ligger ju något i det.

 

De allra flesta spam skickas med falska avsändaradresser så bara för att ingen längre kan logga in på dina mejl-konton så betyder det inte att ditt namn kommer att slutas användas som avsändaradress. Likaså har någon kommit över alla adresser till dina kontakter så har den personen nu dem och kan använda dem i fortsättningen också.

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.



×
×
  • Create New...