Just nu i M3-nätverket
Jump to content

Hjälp, fler drabbade av spyware


Guest idgadmin

Recommended Posts

Guest idgadmin

Jag har en massa annonser som kommer upp hela tiden,

det händer en del konstika saker i systemet.

 

Nedan finns en logfile

 

kan någon hjälpa mig??

mvh

Tomas

 

Logfile of HijackThis v1.99.1

Scan saved at 18:33:52, on 2005-04-05

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program\Delade filer\Symantec Shared\ccProxy.exe

C:\Program\Delade filer\Symantec Shared\ccSetMgr.exe

C:\Program\Norton Internet Security\ISSVC.exe

C:\Program\Delade filer\Symantec Shared\SNDSrvc.exe

C:\Program\Delade filer\Symantec Shared\SPBBC\SPBBCSvc.exe

C:\Program\Delade filer\Symantec Shared\ccEvtMgr.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\ATI-CPanel\atiptaxx.exe

C:\Program\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe

C:\Program\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE

C:\WINDOWS\system32\CTHELPER.EXE

C:\Program\Logitech\iTouch\iTouch.exe

C:\Program\Delade filer\Microsoft Shared\Works Shared\WkUFind.exe

C:\Program\QuickTime\qttask.exe

C:\Program\Delade filer\Real\Update_OB\realsched.exe

C:\Helena\Winamp\winampa.exe

C:\Program\Logitech\MouseWare\system\em_exec.exe

C:\WINDOWS\uehnu.exe

C:\m1.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program\Creative\MediaSource\RemoteControl\RcMan.exe

C:\Program\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

C:\WINDOWS\System32\CTsvcCDA.exe

C:\Program\Norton Internet Security\Norton AntiVirus\navapsvc.exe

C:\Program\SmartTrust\SmartTrust Personal\Csp\SmartCertmover.exe

C:\Program\InterVideo\Common\Bin\WinCinemaMgr.exe

C:\WINDOWS\system32\Smartscaps.exe

C:\WINDOWS\System32\svchost.exe

C:\Program\Delade filer\Symantec Shared\CCPD-LC\symlcsvc.exe

C:\Program\Delade filer\Microsoft Shared\Works Shared\WkCalRem.exe

C:\Program\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe

C:\Program\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe

C:\WINDOWS\System32\MsPMSPSv.exe

C:\Program\Delade filer\Symantec Shared\ccApp.exe

C:\Program\Mozilla Firefox\firefox.exe

C:\Program\Internet Explorer\iexplore.exe

C:\Documents and Settings\Tomas\Skrivbord\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.aftonbladet.se/'>http://www.aftonbladet.se/

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.aftonbladet.se/

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar

R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program\SPYBOT~1\SDHelper.dll

O2 - BHO: (no name) - {F129EC6C-7BF6-742D-8693-74A2ADA63FB1} - C:\WINDOWS\system32\alp.dll

O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe

O4 - HKLM\..\Run: [ATIPTA] C:\ATI-CPanel\atiptaxx.exe

O4 - HKLM\..\Run: [CTSysVol] C:\Program\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe

O4 - HKLM\..\Run: [CTDVDDet] C:\Program\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE

O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE

O4 - HKLM\..\Run: [AsioReg] REGSVR32.EXE /S CTASIO.DLL

O4 - HKLM\..\Run: [sBDrvDet] C:\Program\Creative\SB Drive Det\SBDrvDet.exe /r

O4 - HKLM\..\Run: [updReg] C:\WINDOWS\UpdReg.EXE

O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program\Logitech\iTouch\iTouch.exe

O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe

O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program\Delade filer\Microsoft Shared\Works Shared\WkUFind.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [TkBellExe] "C:\Program\Delade filer\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [WinampAgent] C:\Helena\Winamp\winampa.exe

O4 - HKLM\..\Run: [rNat9iJ] C:\WINDOWS\uehnu.exe

O4 - HKLM\..\Run: [REGRUN] C:\m1.exe

O4 - HKLM\..\Run: [ccApp] "C:\Program\Delade filer\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [symantec NetDriver Monitor] C:\Program\SYMNET~1\SNDMon.exe

O4 - HKLM\..\Run: [etbrun] C:\windows\system32\eliteklf32.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [RemoteCenter] C:\Program\Creative\MediaSource\RemoteControl\RcMan.exe

O4 - HKCU\..\Run: [LDM] C:\Program\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

O4 - Global Startup: Certificate Mover.lnk = ?

O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program\InterVideo\Common\Bin\WinCinemaMgr.exe

O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program\Microsoft Office\Office10\OSA.EXE

O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?

O4 - Global Startup: Picture Package Menu.lnk = C:\Program\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe

O4 - Global Startup: Picture Package VCD Maker.lnk = C:\Program\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe

O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~4\Office10\EXCEL.EXE/3000

O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program\ICQ\ICQ.exe

O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program\ICQ\ICQ.exe

O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O15 - Trusted Zone: http://ny.contentmatch.net (HKLM)

O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall-beta.trendmicro.com/housecall/xscan60.cab

O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/CDT/ie/bridge-c46.cab

O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab

O16 - DPF: {9E98E84C-79E1-49C3-82EB-798FCD552EFB} - http://advnt01.com/dialer/internazionale_ver4.CAB

O18 - Protocol: bw+0 - {B6F872FC-DF43-4998-9AA2-597623F159EE} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw+0s - {B6F872FC-DF43-4998-9AA2-597623F159EE} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw-0 - {B6F872FC-DF43-4998-9AA2-597623F159EE} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw-0s - {B6F872FC-DF43-4998-9AA2-597623F159EE} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw00 - {B6F872FC-DF43-4998-9AA2-597623F159EE} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw00s - {B6F872FC-DF43-4998-9AA2-597623F159EE} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw10 - {B6F872FC-DF43-4998-9AA2-597623F159EE} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw10s - {B6F872FC-DF43-4998-9AA2-597623F159EE} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw20 - {B6F872FC-DF43-4998-9AA2-597623F159EE} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw20s - {B6F872FC-DF43-4998-9AA2-597623F159EE} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw30 - {B6F872FC-DF43-4998-9AA2-597623F159EE} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw30s - {B6F872FC-DF43-4998-9AA2-597623F159EE} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw40 - {B6F872FC-DF43-4998-9AA2-597623F159EE} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw40s - {B6F872FC-DF43-4998-9AA2-597623F159EE} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw50 - {B6F872FC-DF43-4998-9AA2-597623F159EE} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw50s - {B6F872FC-DF43-4998-9AA2-597623F159EE} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw60 - {B6F872FC-DF43-4998-9AA2-597623F159EE} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw60s - {B6F872FC-DF43-4998-9AA2-597623F159EE} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw70 - {B6F872FC-DF43-4998-9AA2-597623F159EE} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw70s - {B6F872FC-DF43-4998-9AA2-597623F159EE} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw80 - {B6F872FC-DF43-4998-9AA2-597623F159EE} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw80s - {B6F872FC-DF43-4998-9AA2-597623F159EE} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw90 - {B6F872FC-DF43-4998-9AA2-597623F159EE} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw90s - {B6F872FC-DF43-4998-9AA2-597623F159EE} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwa0 - {B6F872FC-DF43-4998-9AA2-597623F159EE} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwa0s - {B6F872FC-DF43-4998-9AA2-597623F159EE} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwb0 - {B6F872FC-DF43-4998-9AA2-597623F159EE} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwb0s - {B6F872FC-DF43-4998-9AA2-597623F159EE} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwc0 - {B6F872FC-DF43-4998-9AA2-597623F159EE} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwc0s - {B6F872FC-DF43-4998-9AA2-597623F159EE} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwd0 - {B6F872FC-DF43-4998-9AA2-597623F159EE} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwd0s - {B6F872FC-DF43-4998-9AA2-597623F159EE} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwe0 - {B6F872FC-DF43-4998-9AA2-597623F159EE} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwe0s - {B6F872FC-DF43-4998-9AA2-597623F159EE} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwf0 - {B6F872FC-DF43-4998-9AA2-597623F159EE} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwf0s - {B6F872FC-DF43-4998-9AA2-597623F159EE} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll

O18 - Protocol: bwg0 - {B6F872FC-DF43-4998-9AA2-597623F159EE} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwg0s - {B6F872FC-DF43-4998-9AA2-597623F159EE} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwh0 - {B6F872FC-DF43-4998-9AA2-597623F159EE} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwh0s - {B6F872FC-DF43-4998-9AA2-597623F159EE} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwi0 - {B6F872FC-DF43-4998-9AA2-597623F159EE} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwi0s - {B6F872FC-DF43-4998-9AA2-597623F159EE} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwj0 - {B6F872FC-DF43-4998-9AA2-597623F159EE} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwj0s - {B6F872FC-DF43-4998-9AA2-597623F159EE} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwk0 - {B6F872FC-DF43-4998-9AA2-597623F159EE} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwk0s - {B6F872FC-DF43-4998-9AA2-597623F159EE} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwl0 - {B6F872FC-DF43-4998-9AA2-597623F159EE} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwl0s - {B6F872FC-DF43-4998-9AA2-597623F159EE} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwm0 - {B6F872FC-DF43-4998-9AA2-597623F159EE} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwm0s - {B6F872FC-DF43-4998-9AA2-597623F159EE} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwn0 - {B6F872FC-DF43-4998-9AA2-597623F159EE} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwn0s - {B6F872FC-DF43-4998-9AA2-597623F159EE} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwo0 - {B6F872FC-DF43-4998-9AA2-597623F159EE} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwo0s - {B6F872FC-DF43-4998-9AA2-597623F159EE} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwp0 - {B6F872FC-DF43-4998-9AA2-597623F159EE} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwp0s - {B6F872FC-DF43-4998-9AA2-597623F159EE} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwq0 - {B6F872FC-DF43-4998-9AA2-597623F159EE} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwq0s - {B6F872FC-DF43-4998-9AA2-597623F159EE} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwr0 - {B6F872FC-DF43-4998-9AA2-597623F159EE} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwr0s - {B6F872FC-DF43-4998-9AA2-597623F159EE} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bws0 - {B6F872FC-DF43-4998-9AA2-597623F159EE} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bws0s - {B6F872FC-DF43-4998-9AA2-597623F159EE} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwt0 - {B6F872FC-DF43-4998-9AA2-597623F159EE} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwt0s - {B6F872FC-DF43-4998-9AA2-597623F159EE} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwu0 - {B6F872FC-DF43-4998-9AA2-597623F159EE} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwu0s - {B6F872FC-DF43-4998-9AA2-597623F159EE} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwv0 - {B6F872FC-DF43-4998-9AA2-597623F159EE} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwv0s - {B6F872FC-DF43-4998-9AA2-597623F159EE} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bww0 - {B6F872FC-DF43-4998-9AA2-597623F159EE} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bww0s - {B6F872FC-DF43-4998-9AA2-597623F159EE} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwx0 - {B6F872FC-DF43-4998-9AA2-597623F159EE} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwx0s - {B6F872FC-DF43-4998-9AA2-597623F159EE} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwy0 - {B6F872FC-DF43-4998-9AA2-597623F159EE} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwy0s - {B6F872FC-DF43-4998-9AA2-597623F159EE} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwz0 - {B6F872FC-DF43-4998-9AA2-597623F159EE} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwz0s - {B6F872FC-DF43-4998-9AA2-597623F159EE} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: offline-8876480 - {B6F872FC-DF43-4998-9AA2-597623F159EE} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Filter: text/html - {C1F597B9-6E85-497A-B2E5-5A380D376F80} - C:\Documents and Settings\Tomas\Lokala inställningar\Application Data\microsoft\internet explorer\V0.26.dat

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccProxy.exe

O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccPwdSvc.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccSetMgr.exe

O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe

O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program\Norton Internet Security\ISSVC.exe

O23 - Service: Norton AntiVirus Auto Protect-tjänst (navapsvc) - Symantec Corporation - C:\Program\Norton Internet Security\Norton AntiVirus\navapsvc.exe

O23 - Service: SAVScan - Symantec Corporation - C:\Program\Norton Internet Security\Norton AntiVirus\SAVScan.exe

O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\Program\DELADE~1\SYMANT~1\SCRIPT~1\SBServ.exe

O23 - Service: SmartTrust Smart Card Server (Smartscaps) - SmartTrust - C:\WINDOWS\system32\Smartscaps.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\SNDSrvc.exe

O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\SPBBC\SPBBCSvc.exe

O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\CCPD-LC\symlcsvc.exe

 

 

 

Link to comment
Share on other sites

C:\windows\system32\eliteklf32.exe

 

Kan finnas många filer till som börjar på elite och dom ser man inte i Hijack loggen.

 

 

Scanna datorn med denna scanner

 

http://www.spywareinfo.dk/download/mwav.exe

 

Dubbelklicka på mwav.exe sen klicka Unzip och den skapar automatiskt en ny mapp C:\Kapersky

Sen öppna Kapersky mappen och dubbelklicka på kavupd.exe och leta uppdateringar.

När den är klar så tryck på nån tangent och det blir automatiskt 2 nya mappar på C:\

 

C:\Bases

C:\Downloads

 

Öppna Downloads mappen och måla alla filer och Klipp ut

Klicka på Kapersky mappen och klistra in och svara ja till alla.

Sen öppna Kapersky mappen och dubbelklicka på mwavscan.com

Bocka i Drive och Scan All Files.

Sen klicka på Scan och låt den scanna klart.(kan ta upp till 2 timmar)

Kopiera det som blir i nedre fönster.

Först måla svart sen Ctrl+C (kopiera)

Sen Ctrl+V (klista in)

 

 

Starta om datorn efter scannen och skicka en ny Hijack logg

 

Skicka också loggen från scannen (nedre fönster)

 

[inlägget ändrat 2005-04-05 18:59:10 av Zipp]

Link to comment
Share on other sites

Kan inte säga att jag hittar något alldeles särskilt i din logg. När kommer annonserna och vad är det för konstigt som händer i systemet?

 

Link to comment
Share on other sites

Zipp vad är det här för nått?

 

O4 - HKLM\..\Run: [rNat9iJ] C:\WINDOWS\uehnu.exe

O4 - HKLM\..\Run: [REGRUN] C:\m1.exe

 

 

 

Link to comment
Share on other sites

Guest idgadmin

Hej å hå

Verkar vara enheldel på maskinen

 

scan loggen är stor får ej plats här

 

Virus log

 

File C:\WINDOWS\system32\alp.dll tagged as not-a-virus:AdWare.PurityScan.ak. No Action Taken.

File C:\windows\system32\eliteklf32.exe infected by "Trojan.Win32.StartPage.nk" Virus. Action Taken: File to be deleted on reboot.

File C:\WINDOWS\system32\alp.dll tagged as not-a-virus:AdWare.PurityScan.ak. No Action Taken.

File C:\WINDOWS\system32\ereb.exe tagged as not-a-virus:AdWare.PurityScan.w. No Action Taken.

File C:\WINDOWS\system32\temperror32.dat infected by "Trojan.Win32.StartPage.nk" Virus. Action Taken: File Deleted.

File C:\Documents and Settings\Helena\Lokala inställningar\Temp\rs.exe tagged as not-a-virus:AdWare.PurityScan.w. No Action Taken.

File C:\Documents and Settings\Helena\Lokala inställningar\Temp\sdexe.exe tagged as not-a-virus:AdWare.PurityScan.w. No Action Taken.

File C:\Documents and Settings\Helena\mt-uninstaller.exe tagged as not-a-virus:AdWare.PurityScan.u. No Action Taken.

File C:\Documents and Settings\Tomas\Lokala inställningar\Application Data\Microsoft\Internet Explorer\V0.26.dat infected by "Trojan.Win32.Dialer.fy" Virus. Action Taken: File Deleted.

File C:\Documents and Settings\Tomas\Lokala inställningar\Temp\8D5WnU.exe infected by "Trojan-Downloader.Win32.IstBar.gen" Virus. Action Taken: File Deleted.

File C:\Documents and Settings\Tomas\mt-uninstaller.exe tagged as not-a-virus:AdWare.PurityScan.u. No Action Taken.

File C:\Fredrik\vncviewer.exe tagged as not-a-virus:RiskWare.RemoteAdmin.WinVNC.333. No Action Taken.

File C:\Program\Norton Internet Security\Norton AntiVirus\Quarantine\12233A40.exe infected by "Trojan-Dropper.Win32.Agent.hh" Virus. Action Taken: File Deleted.

File C:\Program\Norton Internet Security\Norton AntiVirus\Quarantine\418E1B93.exe infected by "Trojan-Downloader.Win32.IstBar.gen" Virus. Action Taken: File Deleted.

File C:\Program\Norton Internet Security\Norton AntiVirus\Quarantine\49E1379C.dat infected by "Trojan.Win32.StartPage.nk" Virus. Action Taken: File Deleted.

File C:\Program\Norton Internet Security\Norton AntiVirus\Quarantine\49E1379C.exe tagged as not-a-virus:AdWare.PurityScan.u. No Action Taken.

File C:\Program\Norton Internet Security\Norton AntiVirus\Quarantine\4B790C1D.exe infected by "Trojan-Downloader.Win32.IstBar.io" Virus. Action Taken: File Deleted.

File C:\Program\Norton Internet Security\Norton AntiVirus\Quarantine\5709481B.exe infected by "Trojan-Dropper.Win32.Agent.gd" Virus. Action Taken: File Deleted.

File C:\Program\Norton Internet Security\Norton AntiVirus\Quarantine\6A15462D.exe infected by "Trojan-Downloader.Win32.IstBar.io" Virus. Action Taken: File Deleted.

File C:\Program\Norton Internet Security\Norton AntiVirus\Quarantine\6A19702A.exe infected by "Trojan-Downloader.Win32.IstBar.io" Virus. Action Taken: File Deleted.

File C:\Program\Norton Internet Security\Norton AntiVirus\Quarantine\6A1C1A26.exe tagged as not-a-virus:AdWare.PurityScan.u. No Action Taken.

File C:\Program\Norton Internet Security\Norton AntiVirus\Quarantine\6A1F4423.exe infected by "Trojan.Win32.StartPage.nk" Virus. Action Taken: File Deleted.

File C:\Program\Norton Internet Security\Norton AntiVirus\Quarantine\6A1F4423.htm infected by "Trojan-Downloader.JS.IstBar.j" Virus. Action Taken: File Deleted.

File C:\Program\Norton Internet Security\Norton AntiVirus\Quarantine\6A226E1F.dat infected by "Trojan.Win32.StartPage.nk" Virus. Action Taken: File Deleted.

File C:\Program\Norton Internet Security\Norton AntiVirus\Quarantine\6A226E1F.dll tagged as not-a-virus:AdWare.ToolBar.EliteBar.s. No Action Taken.

File C:\Program\Norton Internet Security\Norton AntiVirus\Quarantine\6A226E1F.exe tagged as not-a-virus:AdWare.ToolBar.EliteBar.z. No Action Taken.

File C:\System Volume Information\_restore{D38A8E98-80BD-4DEA-AE9A-9D4384D27C71}\RP462\A0044475.pif infected by "IM-Worm.Win32.Bropia.n" Virus. Action Taken: File Deleted.

File C:\System Volume Information\_restore{D38A8E98-80BD-4DEA-AE9A-9D4384D27C71}\RP474\A0045478.exe tagged as not-a-virus:AdWare.WinAD.ab. No Action Taken.

File C:\System Volume Information\_restore{D38A8E98-80BD-4DEA-AE9A-9D4384D27C71}\RP474\A0045485.exe infected by "Trojan-Downloader.Win32.IstBar.gen" Virus. Action Taken: File Deleted.

File C:\System Volume Information\_restore{D38A8E98-80BD-4DEA-AE9A-9D4384D27C71}\RP474\A0045529.exe infected by "IM-Worm.Win32.Bropia.n" Virus. Action Taken: File Deleted.

File C:\System Volume Information\_restore{D38A8E98-80BD-4DEA-AE9A-9D4384D27C71}\RP476\A0045551.exe tagged as not-a-virus:AdWare.WinAD.ab. No Action Taken.

File C:\System Volume Information\_restore{D38A8E98-80BD-4DEA-AE9A-9D4384D27C71}\RP476\A0046517.exe tagged as not-a-virus:AdWare.WinAD.ab. No Action Taken.

File C:\System Volume Information\_restore{D38A8E98-80BD-4DEA-AE9A-9D4384D27C71}\RP476\A0046567.exe infected by "Trojan-Downloader.Win32.Dyfuca.dx" Virus. Action Taken: File Deleted.

File C:\System Volume Information\_restore{D38A8E98-80BD-4DEA-AE9A-9D4384D27C71}\RP476\A0046586.exe infected by "Trojan-Downloader.Win32.IstBar.gen" Virus. Action Taken: File Deleted.

File C:\System Volume Information\_restore{D38A8E98-80BD-4DEA-AE9A-9D4384D27C71}\RP476\A0046604.exe infected by "Trojan-Downloader.Win32.IstBar.gen" Virus. Action Taken: File Deleted.

File C:\System Volume Information\_restore{D38A8E98-80BD-4DEA-AE9A-9D4384D27C71}\RP476\A0046669.exe infected by "Backdoor.Win32.Wootbot.ax" Virus. Action Taken: File Renamed.

File C:\System Volume Information\_restore{D38A8E98-80BD-4DEA-AE9A-9D4384D27C71}\RP477\A0047687.exe infected by "Trojan-Downloader.Win32.IstBar.gen" Virus. Action Taken: File Deleted.

File C:\System Volume Information\_restore{D38A8E98-80BD-4DEA-AE9A-9D4384D27C71}\RP477\A0047739.dll infected by "Trojan-Downloader.Win32.Small.amg" Virus. Action Taken: File Deleted.

File C:\System Volume Information\_restore{D38A8E98-80BD-4DEA-AE9A-9D4384D27C71}\RP477\A0047835.exe infected by "Trojan-Downloader.Win32.IstBar.ip" Virus. Action Taken: File Deleted.

File C:\System Volume Information\_restore{D38A8E98-80BD-4DEA-AE9A-9D4384D27C71}\RP477\A0047838.exe tagged as not-a-virus:AdWare.WinAD.ab. No Action Taken.

File C:\System Volume Information\_restore{D38A8E98-80BD-4DEA-AE9A-9D4384D27C71}\RP477\A0047840.exe infected by "Trojan-Downloader.Win32.Dyfuca.dx" Virus. Action Taken: File Deleted.

File C:\System Volume Information\_restore{D38A8E98-80BD-4DEA-AE9A-9D4384D27C71}\RP477\A0047993.exe infected by "Trojan-Downloader.Win32.Dyfuca.dx" Virus. Action Taken: File Deleted.

File C:\System Volume Information\_restore{D38A8E98-80BD-4DEA-AE9A-9D4384D27C71}\RP477\A0048010.exe infected by "Trojan-Downloader.Win32.Dyfuca.dx" Virus. Action Taken: File Deleted.

File C:\System Volume Information\_restore{D38A8E98-80BD-4DEA-AE9A-9D4384D27C71}\RP477\A0048029.exe infected by "Trojan-Downloader.Win32.Dyfuca.dx" Virus. Action Taken: File Deleted.

File C:\System Volume Information\_restore{D38A8E98-80BD-4DEA-AE9A-9D4384D27C71}\RP477\A0048051.exe infected by "Trojan-Downloader.Win32.Dyfuca.dx" Virus. Action Taken: File Deleted.

File C:\System Volume Information\_restore{D38A8E98-80BD-4DEA-AE9A-9D4384D27C71}\RP477\A0048060.exe infected by "Trojan-Downloader.Win32.Dyfuca.dx" Virus. Action Taken: File Deleted.

File C:\System Volume Information\_restore{D38A8E98-80BD-4DEA-AE9A-9D4384D27C71}\RP477\snapshot\MFEX-5.DAT infected by "Trojan-Downloader.Win32.IstBar.gen" Virus. Action Taken: File Deleted.

File C:\System Volume Information\_restore{D38A8E98-80BD-4DEA-AE9A-9D4384D27C71}\RP477\snapshot\MFEX-7.DAT infected by "Trojan-Downloader.Win32.IstBar.gen" Virus. Action Taken: File Deleted.

File C:\System Volume Information\_restore{D38A8E98-80BD-4DEA-AE9A-9D4384D27C71}\RP479\A0048105.exe infected by "Trojan-Downloader.Win32.Dyfuca.dx" Virus. Action Taken: File Deleted.

File C:\System Volume Information\_restore{D38A8E98-80BD-4DEA-AE9A-9D4384D27C71}\RP479\A0048138.exe infected by "Trojan-Downloader.Win32.Dyfuca.dx" Virus. Action Taken: File Deleted.

File C:\System Volume Information\_restore{D38A8E98-80BD-4DEA-AE9A-9D4384D27C71}\RP479\A0048172.exe infected by "Trojan-Downloader.Win32.Dyfuca.dx" Virus. Action Taken: File Deleted.

File C:\System Volume Information\_restore{D38A8E98-80BD-4DEA-AE9A-9D4384D27C71}\RP479\A0048232.exe infected by "Trojan-Downloader.Win32.Dyfuca.dx" Virus. Action Taken: File Deleted.

File C:\System Volume Information\_restore{D38A8E98-80BD-4DEA-AE9A-9D4384D27C71}\RP480\A0048245.exe infected by "Trojan-Downloader.Win32.Dyfuca.dx" Virus. Action Taken: File Deleted.

File C:\System Volume Information\_restore{D38A8E98-80BD-4DEA-AE9A-9D4384D27C71}\RP480\A0048269.exe infected by "Trojan-Downloader.Win32.Dyfuca.dx" Virus. Action Taken: File Deleted.

File C:\System Volume Information\_restore{D38A8E98-80BD-4DEA-AE9A-9D4384D27C71}\RP480\A0049282.exe infected by "Trojan-Downloader.Win32.Dyfuca.dx" Virus. Action Taken: File Deleted.

File C:\System Volume Information\_restore{D38A8E98-80BD-4DEA-AE9A-9D4384D27C71}\RP480\A0049310.exe infected by "Trojan-Downloader.Win32.Dyfuca.dx" Virus. Action Taken: File Deleted.

File C:\System Volume Information\_restore{D38A8E98-80BD-4DEA-AE9A-9D4384D27C71}\RP480\A0049326.exe infected by "Trojan-Downloader.Win32.Dyfuca.dx" Virus. Action Taken: File Deleted.

File C:\System Volume Information\_restore{D38A8E98-80BD-4DEA-AE9A-9D4384D27C71}\RP480\A0049335.exe infected by "Trojan-Downloader.Win32.IstBar.gen" Virus. Action Taken: File Deleted.

File C:\System Volume Information\_restore{D38A8E98-80BD-4DEA-AE9A-9D4384D27C71}\RP480\A0049336.dll tagged as not-a-virus:AdWare.ToolBar.EliteBar.af. No Action Taken.

File C:\System Volume Information\_restore{D38A8E98-80BD-4DEA-AE9A-9D4384D27C71}\RP486\A0051453.exe infected by "Trojan-Downloader.Win32.IstBar.ij" Virus. Action Taken: File Deleted.

File C:\System Volume Information\_restore{D38A8E98-80BD-4DEA-AE9A-9D4384D27C71}\RP486\A0051454.exe infected by "Trojan-Downloader.Win32.Dyfuca.dx" Virus. Action Taken: File Deleted.

File C:\System Volume Information\_restore{D38A8E98-80BD-4DEA-AE9A-9D4384D27C71}\RP487\A0056495.dll tagged as not-a-virus:AdWare.ToolBar.EliteBar.z. No Action Taken.

File C:\System Volume Information\_restore{D38A8E98-80BD-4DEA-AE9A-9D4384D27C71}\RP488\A0056502.dll infected by "Trojan-Downloader.Win32.Small.amg" Virus. Action Taken: File Deleted.

File C:\System Volume Information\_restore{D38A8E98-80BD-4DEA-AE9A-9D4384D27C71}\RP488\A0058547.exe infected by "Trojan-Downloader.Win32.IstBar.gen" Virus. Action Taken: File Deleted.

File C:\System Volume Information\_restore{D38A8E98-80BD-4DEA-AE9A-9D4384D27C71}\RP488\A0058548.exe infected by "Trojan-Downloader.Win32.IstBar.gen" Virus. Action Taken: File Deleted.

File C:\System Volume Information\_restore{D38A8E98-80BD-4DEA-AE9A-9D4384D27C71}\RP488\A0058549.exe tagged as not-a-virus:AdWare.PurityScan.u. No Action Taken.

File C:\System Volume Information\_restore{D38A8E98-80BD-4DEA-AE9A-9D4384D27C71}\RP488\A0058550.exe infected by "Trojan-Downloader.Win32.IstBar.ij" Virus. Action Taken: File Deleted.

File C:\System Volume Information\_restore{D38A8E98-80BD-4DEA-AE9A-9D4384D27C71}\RP488\A0058551.dll tagged as not-a-virus:AdWare.WinAD.af. No Action Taken.

File C:\System Volume Information\_restore{D38A8E98-80BD-4DEA-AE9A-9D4384D27C71}\RP488\A0058552.exe infected by "Trojan-Downloader.Win32.Dyfuca.dx" Virus. Action Taken: File Deleted.

File C:\System Volume Information\_restore{D38A8E98-80BD-4DEA-AE9A-9D4384D27C71}\RP488\A0058553.exe infected by "Trojan-Downloader.Win32.Dyfuca.dx" Virus. Action Taken: File Deleted.

File C:\System Volume Information\_restore{D38A8E98-80BD-4DEA-AE9A-9D4384D27C71}\RP488\A0058554.dll tagged as not-a-virus:AdWare.ToolBar.EliteBar.s. No Action Taken.

File C:\System Volume Information\_restore{D38A8E98-80BD-4DEA-AE9A-9D4384D27C71}\RP488\A0058557.dll tagged as not-a-virus:AdWare.ToolBar.EliteBar.af. No Action Taken.

File C:\System Volume Information\_restore{D38A8E98-80BD-4DEA-AE9A-9D4384D27C71}\RP490\A0058648.dll tagged as not-a-virus:AdWare.ToolBar.EliteBar.z. No Action Taken.

File C:\System Volume Information\_restore{D38A8E98-80BD-4DEA-AE9A-9D4384D27C71}\RP490\A0059629.dll infected by "Trojan-Downloader.Win32.Small.amg" Virus. Action Taken: File Deleted.

File C:\System Volume Information\_restore{D38A8E98-80BD-4DEA-AE9A-9D4384D27C71}\RP490\A0059630.exe infected by "Trojan-Dropper.Win32.Agent.hh" Virus. Action Taken: File Deleted.

File C:\System Volume Information\_restore{D38A8E98-80BD-4DEA-AE9A-9D4384D27C71}\RP490\A0059677.exe infected by "Trojan-Downloader.Win32.IstBar.gen" Virus. Action Taken: File Deleted.

File C:\System Volume Information\_restore{D38A8E98-80BD-4DEA-AE9A-9D4384D27C71}\RP490\A0059678.dll tagged as not-a-virus:AdWare.ToolBar.EliteBar.af. No Action Taken.

File C:\System Volume Information\_restore{D38A8E98-80BD-4DEA-AE9A-9D4384D27C71}\RP490\A0059685.exe tagged as not-a-virus:AdWare.PurityScan.u. No Action Taken.

File C:\System Volume Information\_restore{D38A8E98-80BD-4DEA-AE9A-9D4384D27C71}\RP490\A0061695.exe tagged as not-a-virus:AdWare.PurityScan.u. No Action Taken.

File C:\System Volume Information\_restore{D38A8E98-80BD-4DEA-AE9A-9D4384D27C71}\RP491\A0062695.exe tagged as not-a-virus:AdWare.PurityScan.u. No Action Taken.

File C:\System Volume Information\_restore{D38A8E98-80BD-4DEA-AE9A-9D4384D27C71}\RP491\A0062701.exe infected by "Trojan-Dropper.Win32.Agent.hh" Virus. Action Taken: File Deleted.

File C:\System Volume Information\_restore{D38A8E98-80BD-4DEA-AE9A-9D4384D27C71}\RP491\A0062702.exe infected by "Trojan-Downloader.Win32.IstBar.gen" Virus. Action Taken: File Deleted.

File C:\System Volume Information\_restore{D38A8E98-80BD-4DEA-AE9A-9D4384D27C71}\RP491\A0062703.exe infected by "Trojan-Downloader.Win32.IstBar.io" Virus. Action Taken: File Deleted.

File C:\System Volume Information\_restore{D38A8E98-80BD-4DEA-AE9A-9D4384D27C71}\RP491\A0062704.exe infected by "Trojan-Dropper.Win32.Agent.gd" Virus. Action Taken: File Deleted.

File C:\System Volume Information\_restore{D38A8E98-80BD-4DEA-AE9A-9D4384D27C71}\RP491\A0062705.exe infected by "Trojan-Downloader.Win32.IstBar.io" Virus. Action Taken: File Deleted.

File C:\System Volume Information\_restore{D38A8E98-80BD-4DEA-AE9A-9D4384D27C71}\RP491\A0062706.exe infected by "Trojan-Downloader.Win32.IstBar.io" Virus. Action Taken: File Deleted.

File C:\System Volume Information\_restore{D38A8E98-80BD-4DEA-AE9A-9D4384D27C71}\RP491\A0062707.exe infected by "Trojan.Win32.StartPage.nk" Virus. Action Taken: File Deleted.

File C:\WINDOWS\Downloaded Program Files\MediaAccX.dll tagged as not-a-virus:AdWare.WinAD.ah. No Action Taken.

File C:\WINDOWS\system32\alp.dll tagged as not-a-virus:AdWare.PurityScan.ak. No Action Taken.

File C:\WINDOWS\system32\ereb.exe tagged as not-a-virus:AdWare.PurityScan.w. No Action Taken.

 

Hijack log

 

Logfile of HijackThis v1.99.1

Scan saved at 20:52:49, on 2005-04-05

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program\Delade filer\Symantec Shared\ccProxy.exe

C:\Program\Delade filer\Symantec Shared\ccSetMgr.exe

C:\Program\Norton Internet Security\ISSVC.exe

C:\Program\Delade filer\Symantec Shared\SNDSrvc.exe

C:\Program\Delade filer\Symantec Shared\SPBBC\SPBBCSvc.exe

C:\Program\Delade filer\Symantec Shared\ccEvtMgr.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\ATI-CPanel\atiptaxx.exe

C:\Program\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe

C:\Program\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE

C:\WINDOWS\system32\CTHELPER.EXE

C:\Program\Logitech\iTouch\iTouch.exe

C:\Program\Delade filer\Microsoft Shared\Works Shared\WkUFind.exe

C:\Program\QuickTime\qttask.exe

C:\Program\Delade filer\Real\Update_OB\realsched.exe

C:\Helena\Winamp\winampa.exe

C:\WINDOWS\uehnu.exe

C:\Program\Logitech\MouseWare\system\em_exec.exe

C:\m1.exe

C:\Program\Delade filer\Symantec Shared\ccApp.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program\Creative\MediaSource\RemoteControl\RcMan.exe

C:\Program\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

C:\Program\SmartTrust\SmartTrust Personal\Csp\SmartCertmover.exe

C:\Program\InterVideo\Common\Bin\WinCinemaMgr.exe

C:\Program\Delade filer\Microsoft Shared\Works Shared\WkCalRem.exe

C:\WINDOWS\System32\CTsvcCDA.exe

C:\Program\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe

C:\Program\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe

C:\Program\Norton Internet Security\Norton AntiVirus\navapsvc.exe

C:\WINDOWS\system32\Smartscaps.exe

C:\WINDOWS\System32\svchost.exe

C:\Program\Delade filer\Symantec Shared\CCPD-LC\symlcsvc.exe

C:\WINDOWS\System32\MsPMSPSv.exe

C:\Program\Messenger\msmsgs.exe

C:\Documents and Settings\Tomas\Skrivbord\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.aftonbladet.se/'>http://www.aftonbladet.se/

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.aftonbladet.se/

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar

R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program\SPYBOT~1\SDHelper.dll

O2 - BHO: (no name) - {F129EC6C-7BF6-742D-8693-74A2ADA63FB1} - C:\WINDOWS\system32\alp.dll

O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe

O4 - HKLM\..\Run: [ATIPTA] C:\ATI-CPanel\atiptaxx.exe

O4 - HKLM\..\Run: [CTSysVol] C:\Program\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe

O4 - HKLM\..\Run: [CTDVDDet] C:\Program\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE

O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE

O4 - HKLM\..\Run: [AsioReg] REGSVR32.EXE /S CTASIO.DLL

O4 - HKLM\..\Run: [sBDrvDet] C:\Program\Creative\SB Drive Det\SBDrvDet.exe /r

O4 - HKLM\..\Run: [updReg] C:\WINDOWS\UpdReg.EXE

O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program\Logitech\iTouch\iTouch.exe

O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe

O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program\Delade filer\Microsoft Shared\Works Shared\WkUFind.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [TkBellExe] "C:\Program\Delade filer\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [WinampAgent] C:\Helena\Winamp\winampa.exe

O4 - HKLM\..\Run: [rNat9iJ] C:\WINDOWS\uehnu.exe

O4 - HKLM\..\Run: [REGRUN] C:\m1.exe

O4 - HKLM\..\Run: [ccApp] "C:\Program\Delade filer\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [symantec NetDriver Monitor] C:\Program\SYMNET~1\SNDMon.exe

O4 - HKLM\..\Run: [etbrun] C:\windows\system32\eliteklf32.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [RemoteCenter] C:\Program\Creative\MediaSource\RemoteControl\RcMan.exe

O4 - HKCU\..\Run: [LDM] C:\Program\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

O4 - Global Startup: Certificate Mover.lnk = ?

O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program\InterVideo\Common\Bin\WinCinemaMgr.exe

O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program\Microsoft Office\Office10\OSA.EXE

O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?

O4 - Global Startup: Picture Package Menu.lnk = C:\Program\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe

O4 - Global Startup: Picture Package VCD Maker.lnk = C:\Program\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe

O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~4\Office10\EXCEL.EXE/3000

O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program\ICQ\ICQ.exe

O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program\ICQ\ICQ.exe

O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O15 - Trusted Zone: http://ny.contentmatch.net (HKLM)

O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall-beta.trendmicro.com/housecall/xscan60.cab

O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/CDT/ie/bridge-c46.cab

O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab

O16 - DPF: {9E98E84C-79E1-49C3-82EB-798FCD552EFB} - http://advnt01.com/dialer/internazionale_ver4.CAB

O18 - Protocol: bw+0 - {B6F872FC-DF43-4998-9AA2-597623F159EE} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw+0s - {B6F872FC-DF43-4998-9AA2-597623F159EE} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw-0 - {B6F872FC-DF43-4998-9AA2-597623F159EE} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw-0s - {B6F872FC-DF43-4998-9AA2-597623F159EE} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw00 - {B6F872FC-DF43-4998-9AA2-597623F159EE} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw00s - {B6F872FC-DF43-4998-9AA2-597623F159EE} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw10 - {B6F872FC-DF43-4998-9AA2-597623F159EE} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw10s - {B6F872FC-DF43-4998-9AA2-597623F159EE} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw20 - {B6F872FC-DF43-4998-9AA2-597623F159EE} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw20s - {B6F872FC-DF43-4998-9AA2-597623F159EE} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw30 - {B6F872FC-DF43-4998-9AA2-597623F159EE} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw30s - {B6F872FC-DF43-4998-9AA2-597623F159EE} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw40 - {B6F872FC-DF43-4998-9AA2-597623F159EE} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw40s - {B6F872FC-DF43-4998-9AA2-597623F159EE} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw50 - {B6F872FC-DF43-4998-9AA2-597623F159EE} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw50s - {B6F872FC-DF43-4998-9AA2-597623F159EE} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw60 - {B6F872FC-DF43-4998-9AA2-597623F159EE} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw60s - {B6F872FC-DF43-4998-9AA2-597623F159EE} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw70 - {B6F872FC-DF43-4998-9AA2-597623F159EE} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw70s - {B6F872FC-DF43-4998-9AA2-597623F159EE} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw80 - {B6F872FC-DF43-4998-9AA2-597623F159EE} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw80s - {B6F872FC-DF43-4998-9AA2-597623F159EE} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw90 - {B6F872FC-DF43-4998-9AA2-597623F159EE} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw90s - {B6F872FC-DF43-4998-9AA2-597623F159EE} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwa0 - {B6F872FC-DF43-4998-9AA2-597623F159EE} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwa0s - {B6F872FC-DF43-4998-9AA2-597623F159EE} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwb0 - {B6F872FC-DF43-4998-9AA2-597623F159EE} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwb0s - {B6F872FC-DF43-4998-9AA2-597623F159EE} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwc0 - {B6F872FC-DF43-4998-9AA2-597623F159EE} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwc0s - {B6F872FC-DF43-4998-9AA2-597623F159EE} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwd0 - {B6F872FC-DF43-4998-9AA2-597623F159EE} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwd0s - {B6F872FC-DF43-4998-9AA2-597623F159EE} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwe0 - {B6F872FC-DF43-4998-9AA2-597623F159EE} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwe0s - {B6F872FC-DF43-4998-9AA2-597623F159EE} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwf0 - {B6F872FC-DF43-4998-9AA2-597623F159EE} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwf0s - {B6F872FC-DF43-4998-9AA2-597623F159EE} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll

O18 - Protocol: bwg0 - {B6F872FC-DF43-4998-9AA2-597623F159EE} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwg0s - {B6F872FC-DF43-4998-9AA2-597623F159EE} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwh0 - {B6F872FC-DF43-4998-9AA2-597623F159EE} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwh0s - {B6F872FC-DF43-4998-9AA2-597623F159EE} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwi0 - {B6F872FC-DF43-4998-9AA2-597623F159EE} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwi0s - {B6F872FC-DF43-4998-9AA2-597623F159EE} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwj0 - {B6F872FC-DF43-4998-9AA2-597623F159EE} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwj0s - {B6F872FC-DF43-4998-9AA2-597623F159EE} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwk0 - {B6F872FC-DF43-4998-9AA2-597623F159EE} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwk0s - {B6F872FC-DF43-4998-9AA2-597623F159EE} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwl0 - {B6F872FC-DF43-4998-9AA2-597623F159EE} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwl0s - {B6F872FC-DF43-4998-9AA2-597623F159EE} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwm0 - {B6F872FC-DF43-4998-9AA2-597623F159EE} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwm0s - {B6F872FC-DF43-4998-9AA2-597623F159EE} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwn0 - {B6F872FC-DF43-4998-9AA2-597623F159EE} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwn0s - {B6F872FC-DF43-4998-9AA2-597623F159EE} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwo0 - {B6F872FC-DF43-4998-9AA2-597623F159EE} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwo0s - {B6F872FC-DF43-4998-9AA2-597623F159EE} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwp0 - {B6F872FC-DF43-4998-9AA2-597623F159EE} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwp0s - {B6F872FC-DF43-4998-9AA2-597623F159EE} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwq0 - {B6F872FC-DF43-4998-9AA2-597623F159EE} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwq0s - {B6F872FC-DF43-4998-9AA2-597623F159EE} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwr0 - {B6F872FC-DF43-4998-9AA2-597623F159EE} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwr0s - {B6F872FC-DF43-4998-9AA2-597623F159EE} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bws0 - {B6F872FC-DF43-4998-9AA2-597623F159EE} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bws0s - {B6F872FC-DF43-4998-9AA2-597623F159EE} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwt0 - {B6F872FC-DF43-4998-9AA2-597623F159EE} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwt0s - {B6F872FC-DF43-4998-9AA2-597623F159EE} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwu0 - {B6F872FC-DF43-4998-9AA2-597623F159EE} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwu0s - {B6F872FC-DF43-4998-9AA2-597623F159EE} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwv0 - {B6F872FC-DF43-4998-9AA2-597623F159EE} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwv0s - {B6F872FC-DF43-4998-9AA2-597623F159EE} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bww0 - {B6F872FC-DF43-4998-9AA2-597623F159EE} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bww0s - {B6F872FC-DF43-4998-9AA2-597623F159EE} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwx0 - {B6F872FC-DF43-4998-9AA2-597623F159EE} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwx0s - {B6F872FC-DF43-4998-9AA2-597623F159EE} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwy0 - {B6F872FC-DF43-4998-9AA2-597623F159EE} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwy0s - {B6F872FC-DF43-4998-9AA2-597623F159EE} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwz0 - {B6F872FC-DF43-4998-9AA2-597623F159EE} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwz0s - {B6F872FC-DF43-4998-9AA2-597623F159EE} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: offline-8876480 - {B6F872FC-DF43-4998-9AA2-597623F159EE} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Filter: text/html - {C1F597B9-6E85-497A-B2E5-5A380D376F80} - C:\Documents and Settings\Tomas\Lokala inställningar\Application Data\microsoft\internet explorer\V0.26.dat

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccProxy.exe

O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccPwdSvc.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccSetMgr.exe

O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe

O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program\Norton Internet Security\ISSVC.exe

O23 - Service: Norton AntiVirus Auto Protect-tjänst (navapsvc) - Symantec Corporation - C:\Program\Norton Internet Security\Norton AntiVirus\navapsvc.exe

O23 - Service: SAVScan - Symantec Corporation - C:\Program\Norton Internet Security\Norton AntiVirus\SAVScan.exe

O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\Program\DELADE~1\SYMANT~1\SCRIPT~1\SBServ.exe

O23 - Service: SmartTrust Smart Card Server (Smartscaps) - SmartTrust - C:\WINDOWS\system32\Smartscaps.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\SNDSrvc.exe

O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\SPBBC\SPBBCSvc.exe

O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\CCPD-LC\symlcsvc.exe

 

 

 

 

Link to comment
Share on other sites

Guest idgadmin

dels kommer det annonser automatiskt i popup html. Ads1.searchmiracle...., samt revenue......

dels så är det svårt att stänga av normalt,

det kommer fram en ruta med ett program som avslutas på skärmen, oftast ej response

 

 

Link to comment
Share on other sites

Guest idgadmin

resultatet

 

Service load:

0% 100%

File: m1.exe

Status:

INFECTED/MALWARE

Packers detected:

UPX

Scanner results

AntiVir

Found nothing

Avast

Found nothing

AVG Antivirus

Found nothing

BitDefender

Found Dropped:Trojan.Agent.DN

ClamAV

Found Trojan.Dropper.Purityscan.F

Dr.Web

Found nothing

F-Prot Antivirus

Found nothing

Fortinet

Found W32/QLowZones.2.gen-tr

Kaspersky Anti-Virus

Found nothing

mks_vir

Found nothing

NOD32

Found Win32/TrojanDropper.PurityScan.G.gen

Norman Virus Control

Found Sandbox: W32/Malware; [ General information ]

 

* File length: 71168 bytes.

 

[ Changes to filesystem ]

* Creates file C:\WINDOWS\TEMP\installer.exe.

* Deletes file C:\WINDOWS\TEMP\installer.exe.

 

[ Changes to registry ]

* Creates value "REGRUN"="c:\sample.exe" in key "HKLM\Software\Microsoft\Windows\CurrentVersion\Run".

* Modifies value "CurrentLevel"="" in key "HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3".

* Sets value "Flags"="" in key "HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3".

* Sets value "1001"="" in key "HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3".

* Sets value "1004"="" in key "HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3".

* Sets value "1200"="" in key "HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3".

* Sets value "1201"="" in key "HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3".

* Sets value "1206"="" in key "HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3".

* Sets value "1400"="" in key "HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3".

* Sets value "1402"="" in key "HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3".

* Sets value "1405"="" in key "HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3".

* Sets value "1406"="" in key "HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3".

* Sets value "1407"="" in key "HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3".

* Sets value "1601"="" in key "HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3".

* Sets value "1604"="" in key "HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3".

VBA32

Found Embedded.Installer.Adware.PurityScan (probable variant)

 

Link to comment
Share on other sites

Skapa en ny mapp på C:\ och placera HijackThis.exe dit så C:\HjT\HijackThis.exe

 

(skippa inte greijen ovan)

 

Dolda filer synliga titta här hur man gör

 

http://www.xtra.co.nz/help/0,,4155-1916458,00.html

 

Scanna med Hijack bocka i följande rader stäng Web-läsaren och alla andra öppna fönster och klicka FIX checked

 

R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)

O2 - BHO: (no name) - {F129EC6C-7BF6-742D-8693-74A2ADA63FB1} - C:\WINDOWS\system32\alp.dll

O4 - HKLM\..\Run: [rNat9iJ] C:\WINDOWS\uehnu.exe

O4 - HKLM\..\Run: [REGRUN] C:\m1.exe

O4 - HKLM\..\Run: [etbrun] C:\windows\system32\eliteklf32.exe

O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)

O15 - Trusted Zone: http://ny.contentmatch.net (HKLM)

O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/CDT/ie/bridge-c46.cab

O16 - DPF: {9E98E84C-79E1-49C3-82EB-798FCD552EFB} - http://advnt01.com/dialer/internazionale_ver4.CAB

 

Bocka i också alla 018 rader

 

Starta sen i felsäkert läge och ta bort om hittas

 

C:\WINDOWS\system32\alp.dll

C:\WINDOWS\uehnu.exe

C:\m1.exe

C:\windows\system32\eliteklf32.exe

C:\WINDOWS\system32\ereb.exe

C:\Documents and Settings\Helena\mt-uninstaller.exe

C:\Documents and Settings\Tomas\mt-uninstaller.exe

C:\WINDOWS\Downloaded Program Files\MediaAccX.dll

 

Töm denna Temp mapp

 

C:\Documents and Settings\Helena\Lokala inställningar\Temp

 

Starta sen normalt och ny Hijack logg

 

Link to comment
Share on other sites

Guest idgadmin

Det ser bättre ut nu

detta gjordes

 

C:\WINDOWS\system32\alp.dll hittade ej

C:\WINDOWS\uehnu.exe borttagen

C:\m1.exe borttagen

C:\windows\system32\eliteklf32.exe hittade ej

C:\WINDOWS\system32\ereb.exe borttagen

C:\Documents and Settings\Helena\mt-uninstaller.exe borttagen

C:\Documents and Settings\Tomas\mt-uninstaller.exe borttagen

C:\WINDOWS\Downloaded Program Files\MediaAccX.dll hittade ej

 

Töm denna Temp mapp

 

C:\Documents and Settings\Helena\Lokala inställningar\Temp borttagen

 

ny logfil

 

Logfile of HijackThis v1.99.1

Scan saved at 23:17:20, on 2005-04-05

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program\Delade filer\Symantec Shared\ccSetMgr.exe

C:\Program\Norton Internet Security\ISSVC.exe

C:\Program\Delade filer\Symantec Shared\SNDSrvc.exe

C:\Program\Delade filer\Symantec Shared\ccEvtMgr.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\ATI-CPanel\atiptaxx.exe

C:\Program\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe

C:\Program\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE

C:\WINDOWS\system32\CTHELPER.EXE

C:\Program\Logitech\iTouch\iTouch.exe

C:\Program\Delade filer\Microsoft Shared\Works Shared\WkUFind.exe

C:\Program\QuickTime\qttask.exe

C:\Program\Delade filer\Real\Update_OB\realsched.exe

C:\Helena\Winamp\winampa.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program\Logitech\MouseWare\system\em_exec.exe

C:\WINDOWS\System32\CTsvcCDA.exe

C:\Program\Creative\MediaSource\RemoteControl\RcMan.exe

C:\Program\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

C:\Program\Norton Internet Security\Norton AntiVirus\navapsvc.exe

C:\Program\SmartTrust\SmartTrust Personal\Csp\SmartCertmover.exe

C:\Program\InterVideo\Common\Bin\WinCinemaMgr.exe

C:\WINDOWS\system32\Smartscaps.exe

C:\Program\Delade filer\Microsoft Shared\Works Shared\WkCalRem.exe

C:\Program\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe

C:\Program\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe

C:\WINDOWS\System32\svchost.exe

C:\Program\Delade filer\Symantec Shared\CCPD-LC\symlcsvc.exe

C:\WINDOWS\System32\MsPMSPSv.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Hij\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.aftonbladet.se/'>http://www.aftonbladet.se/

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.aftonbladet.se/

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program\SPYBOT~1\SDHelper.dll

O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe

O4 - HKLM\..\Run: [ATIPTA] C:\ATI-CPanel\atiptaxx.exe

O4 - HKLM\..\Run: [CTSysVol] C:\Program\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe

O4 - HKLM\..\Run: [CTDVDDet] C:\Program\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE

O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE

O4 - HKLM\..\Run: [AsioReg] REGSVR32.EXE /S CTASIO.DLL

O4 - HKLM\..\Run: [sBDrvDet] C:\Program\Creative\SB Drive Det\SBDrvDet.exe /r

O4 - HKLM\..\Run: [updReg] C:\WINDOWS\UpdReg.EXE

O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program\Logitech\iTouch\iTouch.exe

O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe

O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program\Delade filer\Microsoft Shared\Works Shared\WkUFind.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [TkBellExe] "C:\Program\Delade filer\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [WinampAgent] C:\Helena\Winamp\winampa.exe

O4 - HKLM\..\Run: [ccApp] "C:\Program\Delade filer\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [symantec NetDriver Monitor] C:\Program\SYMNET~1\SNDMon.exe

O4 - HKLM\..\Run: [rNat9iJ] C:\WINDOWS\uehnu.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [RemoteCenter] C:\Program\Creative\MediaSource\RemoteControl\RcMan.exe

O4 - HKCU\..\Run: [LDM] C:\Program\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

O4 - Global Startup: Certificate Mover.lnk = ?

O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program\InterVideo\Common\Bin\WinCinemaMgr.exe

O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program\Microsoft Office\Office10\OSA.EXE

O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?

O4 - Global Startup: Picture Package Menu.lnk = C:\Program\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe

O4 - Global Startup: Picture Package VCD Maker.lnk = C:\Program\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe

O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~4\Office10\EXCEL.EXE/3000

O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program\ICQ\ICQ.exe

O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program\ICQ\ICQ.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall-beta.trendmicro.com/housecall/xscan60.cab

O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccProxy.exe

O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccPwdSvc.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccSetMgr.exe

O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe

O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program\Norton Internet Security\ISSVC.exe

O23 - Service: Norton AntiVirus Auto Protect-tjänst (navapsvc) - Symantec Corporation - C:\Program\Norton Internet Security\Norton AntiVirus\navapsvc.exe

O23 - Service: SAVScan - Symantec Corporation - C:\Program\Norton Internet Security\Norton AntiVirus\SAVScan.exe

O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\Program\DELADE~1\SYMANT~1\SCRIPT~1\SBServ.exe

O23 - Service: SmartTrust Smart Card Server (Smartscaps) - SmartTrust - C:\WINDOWS\system32\Smartscaps.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\SNDSrvc.exe

O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\SPBBC\SPBBCSvc.exe

O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\CCPD-LC\symlcsvc.exe

 

 

Link to comment
Share on other sites

 

Bocka i och Fix:sa

 

O4 - HKLM\..\Run: [rNat9iJ] C:\WINDOWS\uehnu.exe

 

 

Sen i Hijackken

Config... > Misc Tools > Delete a file on reboot

Sen kopiera och klistra in detta rad dit

 

C:\WINDOWS\Downloaded Program Files\MediaAccX.dll

 

Öppna den dit och starta om datorn.

 

> C:\Documents and Settings\Helena\Lokala inställningar\Temp borttagen <

 

Du skulle bara tömma Temp mappen inte ta bort den.

 

 

Link to comment
Share on other sites

Guest idgadmin

 

Har gjort vad du skrev idag

ny logfile

 

Logfile of HijackThis v1.99.1

Scan saved at 18:51:05, on 2005-04-06

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program\Delade filer\Symantec Shared\ccProxy.exe

C:\Program\Delade filer\Symantec Shared\ccSetMgr.exe

C:\Program\Norton Internet Security\ISSVC.exe

C:\Program\Delade filer\Symantec Shared\SNDSrvc.exe

C:\Program\Delade filer\Symantec Shared\SPBBC\SPBBCSvc.exe

C:\Program\Delade filer\Symantec Shared\ccEvtMgr.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\ATI-CPanel\atiptaxx.exe

C:\Program\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe

C:\Program\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE

C:\WINDOWS\system32\CTHELPER.EXE

C:\Program\Logitech\iTouch\iTouch.exe

C:\Program\Delade filer\Microsoft Shared\Works Shared\WkUFind.exe

C:\Program\QuickTime\qttask.exe

C:\Program\Delade filer\Real\Update_OB\realsched.exe

C:\Helena\Winamp\winampa.exe

C:\Program\Delade filer\Symantec Shared\ccApp.exe

C:\Program\Microsoft AntiSpyware\gcasServ.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program\Creative\MediaSource\RemoteControl\RcMan.exe

C:\Program\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

C:\Program\SmartTrust\SmartTrust Personal\Csp\SmartCertmover.exe

C:\Program\InterVideo\Common\Bin\WinCinemaMgr.exe

C:\Program\Delade filer\Microsoft Shared\Works Shared\WkCalRem.exe

C:\Program\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe

C:\Program\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe

C:\Program\Messenger\msmsgs.exe

C:\WINDOWS\System32\CTsvcCDA.exe

C:\Program\Norton Internet Security\Norton AntiVirus\navapsvc.exe

C:\WINDOWS\system32\Smartscaps.exe

C:\Program\Microsoft AntiSpyware\gcasDtServ.exe

C:\WINDOWS\System32\svchost.exe

C:\Program\Delade filer\Symantec Shared\CCPD-LC\symlcsvc.exe

C:\WINDOWS\System32\MsPMSPSv.exe

C:\Program\Logitech\MouseWare\system\em_exec.exe

C:\Hij\HijackThis.exe

C:\WINDOWS\system32\wuauclt.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.aftonbladet.se/'>http://www.aftonbladet.se/

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.aftonbladet.se/

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program\SPYBOT~1\SDHelper.dll

O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program\Delade filer\Symantec Shared\AdBlocking\NISShExt.dll

O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program\Norton Internet Security\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program\Delade filer\Symantec Shared\AdBlocking\NISShExt.dll

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program\Norton Internet Security\Norton AntiVirus\NavShExt.dll

O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe

O4 - HKLM\..\Run: [ATIPTA] C:\ATI-CPanel\atiptaxx.exe

O4 - HKLM\..\Run: [CTSysVol] C:\Program\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe

O4 - HKLM\..\Run: [CTDVDDet] C:\Program\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE

O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE

O4 - HKLM\..\Run: [AsioReg] REGSVR32.EXE /S CTASIO.DLL

O4 - HKLM\..\Run: [sBDrvDet] C:\Program\Creative\SB Drive Det\SBDrvDet.exe /r

O4 - HKLM\..\Run: [updReg] C:\WINDOWS\UpdReg.EXE

O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program\Logitech\iTouch\iTouch.exe

O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe

O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program\Delade filer\Microsoft Shared\Works Shared\WkUFind.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [TkBellExe] "C:\Program\Delade filer\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [WinampAgent] C:\Helena\Winamp\winampa.exe

O4 - HKLM\..\Run: [symantec NetDriver Monitor] C:\Program\SYMNET~1\SNDMon.exe

O4 - HKLM\..\Run: [ccApp] "C:\Program\Delade filer\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [gcasServ] "C:\Program\Microsoft AntiSpyware\gcasServ.exe"

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [RemoteCenter] C:\Program\Creative\MediaSource\RemoteControl\RcMan.exe

O4 - HKCU\..\Run: [LDM] C:\Program\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

O4 - Global Startup: Certificate Mover.lnk = ?

O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program\InterVideo\Common\Bin\WinCinemaMgr.exe

O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program\Microsoft Office\Office10\OSA.EXE

O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?

O4 - Global Startup: Picture Package Menu.lnk = C:\Program\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe

O4 - Global Startup: Picture Package VCD Maker.lnk = C:\Program\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe

O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~4\Office10\EXCEL.EXE/3000

O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program\ICQ\ICQ.exe

O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program\ICQ\ICQ.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall-beta.trendmicro.com/housecall/xscan60.cab

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409

O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccProxy.exe

O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccPwdSvc.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccSetMgr.exe

O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe

O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program\Norton Internet Security\ISSVC.exe

O23 - Service: Norton AntiVirus Auto Protect-tjänst (navapsvc) - Symantec Corporation - C:\Program\Norton Internet Security\Norton AntiVirus\navapsvc.exe

O23 - Service: SAVScan - Symantec Corporation - C:\Program\Norton Internet Security\Norton AntiVirus\SAVScan.exe

O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\Program\DELADE~1\SYMANT~1\SCRIPT~1\SBServ.exe

O23 - Service: SmartTrust Smart Card Server (Smartscaps) - SmartTrust - C:\WINDOWS\system32\Smartscaps.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\SNDSrvc.exe

O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\SPBBC\SPBBCSvc.exe

O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\CCPD-LC\symlcsvc.exe

 

 

 

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.



×
×
  • Create New...