HiJack This Log. Hoax. win32.renos.fh?

[CÅ]

Hej alla kunniga!

 

När jag scannar min dator med AdAware Se Pro meddelar mitt antivirusprogram F-Secure Internet Security att min dator är smittad med:

 

not virus. Hoax. win32.renos.fh

 

Vad är detta? Och hur får jag bort det? F-secure får inte bort det. (bara byter namn)

 

Mitt operativsystem är Windows XP Pro. Nedan scan log HiJack This plus log Ewido.

 

Tacksam för alla råd jag kan få.

 

Med vänliga hälsningar

 

CÅ

 

 

Logfile of HijackThis v1.99.1

Scan saved at 15:21:20, on 2006-10-12

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\brsvc01a.exe

C:\WINDOWS\system32\brss01a.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program\Delade filer\Acronis\Schedule2\schedul2.exe

C:\Program\COMHEM~1\backweb\8910145\Program\SERVIC~1.EXE

C:\WINDOWS\system32\Brmfrmps.exe

C:\Program\com hem security\Anti-Virus\fsgk32st.exe

C:\Program\com hem security\backweb\8910145\program\fsbwsys.exe

C:\Program\com hem security\Anti-Virus\FSGK32.EXE

C:\Program\com hem security\Common\FSMA32.EXE

C:\Program\com hem security\Common\FSMB32.EXE

C:\Program\Delade filer\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Program\com hem security\Anti-Virus\fssm32.exe

C:\WINDOWS\system32\oodag.exe

C:\Program\com hem security\Common\FCH32.EXE

C:\WINDOWS\system32\svchost.exe

C:\Program\com hem security\Common\FAMEH32.EXE

C:\Program\Webroot\Spy Sweeper\SpySweeper.exe

C:\Program\com hem security\FWES\Program\fsdfwd.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\Program\com hem security\Anti-Virus\fsav32.exe

C:\WINDOWS\system32\WgaTray.exe

C:\WINDOWS\Explorer.EXE

C:\Program\com hem security\Common\FSM32.EXE

C:\WINDOWS\system32\ctfmon.exe

C:\Program\com hem security\backweb\8910145\Program\fspex.exe

C:\Program\D4\D4.exe

C:\Program\Brother\ControlCenter2\brctrcen.exe

C:\Program\Webroot\Spy Sweeper\SpySweeperUI.exe

C:\Program\Adobe\Distillr\Acrotray.exe

C:\Program\com hem security\FSGUI\fsguiexe.exe

C:\Program\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe

C:\Program\Brother\Brmfcmon\BrMfcWnd.exe

C:\Program\Brother\Brmfcmon\BrMfcmon.exe

C:\Program\Webroot\Spy Sweeper\SSU.EXE

C:\Program\Internet Explorer\IEXPLORE.EXE

C:\Documents and Settings\Curt Aberg\Skrivbord\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.se/

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program\Java\jre1.5.0_07\bin\ssv.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program\google\googletoolbar1.dll

O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program\Adobe\Acrobat\AcroIEFavClient.dll

O3 - Toolbar: (no name) - {860c2f6b-ca82-4282-9187-beccbb66f0af} - (no file)

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program\Adobe\Acrobat\AcroIEFavClient.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program\google\googletoolbar1.dll

O4 - HKLM\..\Run: [Ptipbmf] "rundll32.exe" ptipbmf.dll,SetWriteCacheMode

O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program\com hem security\Common\FSM32.EXE" /splash

O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program\com hem security\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW

O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program\com hem security\FSGUI\FSSW.EXE" /reboot

O4 - HKLM\..\Run: [Dimension4] C:\Program\D4\D4.exe

O4 - HKLM\..\Run: [setDefPrt] C:\Program\Brother\Brmfl04a\BrStDvPt.exe

O4 - HKLM\..\Run: [ControlCenter2.0] "C:\Program\Brother\ControlCenter2\brctrcen.exe" /autorun

O4 - HKLM\..\Run: [spySweeper] "C:\Program\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray

O4 - HKLM\..\Run: [sSBkgdUpdate] "C:\Program\Delade filer\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot

O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program\Adobe\Distillr\Acrotray.exe"

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [FreeRAM XP] "C:\Program\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" -win

O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?

O4 - Global Startup: Status Monitor.lnk = C:\Program\Brother\Brmfcmon\BrMfcWnd.exe

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~2\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Konvertera länkmål till Adobe PDF - res://C:\Program\Adobe\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Konvertera länkmål till befintlig PDF - res://C:\Program\Adobe\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Konvertera markering till Adobe PDF - res://C:\Program\Adobe\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Konvertera markering till befintlig PDF - res://C:\Program\Adobe\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Konvertera till Adobe PDF - res://C:\Program\Adobe\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Konvertera till befintlig PDF - res://C:\Program\Adobe\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Konvertera valda länkar till Adobe PDF - res://C:\Program\Adobe\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

O8 - Extra context menu item: Konvertera valda länkar till befintlig PDF - res://C:\Program\Adobe\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_07\bin\ssv.dll

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

O9 - Extra button: Referensinformation - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB

O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab

O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1152309220125

O18 - Protocol: bw+0 - {C24CD0AC-C2BA-40C9-B0FB-9A0F02FD117B} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw+0s - {C24CD0AC-C2BA-40C9-B0FB-9A0F02FD117B} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw-0 - {C24CD0AC-C2BA-40C9-B0FB-9A0F02FD117B} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw-0s - {C24CD0AC-C2BA-40C9-B0FB-9A0F02FD117B} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw00 - {C24CD0AC-C2BA-40C9-B0FB-9A0F02FD117B} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw00s - {C24CD0AC-C2BA-40C9-B0FB-9A0F02FD117B} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw10 - {C24CD0AC-C2BA-40C9-B0FB-9A0F02FD117B} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw10s - {C24CD0AC-C2BA-40C9-B0FB-9A0F02FD117B} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw20 - {C24CD0AC-C2BA-40C9-B0FB-9A0F02FD117B} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw20s - {C24CD0AC-C2BA-40C9-B0FB-9A0F02FD117B} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw30 - {C24CD0AC-C2BA-40C9-B0FB-9A0F02FD117B} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw30s - {C24CD0AC-C2BA-40C9-B0FB-9A0F02FD117B} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw40 - {C24CD0AC-C2BA-40C9-B0FB-9A0F02FD117B} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw40s - {C24CD0AC-C2BA-40C9-B0FB-9A0F02FD117B} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw50 - {C24CD0AC-C2BA-40C9-B0FB-9A0F02FD117B} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw50s - {C24CD0AC-C2BA-40C9-B0FB-9A0F02FD117B} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw60 - {C24CD0AC-C2BA-40C9-B0FB-9A0F02FD117B} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw60s - {C24CD0AC-C2BA-40C9-B0FB-9A0F02FD117B} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw70 - {C24CD0AC-C2BA-40C9-B0FB-9A0F02FD117B} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw70s - {C24CD0AC-C2BA-40C9-B0FB-9A0F02FD117B} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw80 - {C24CD0AC-C2BA-40C9-B0FB-9A0F02FD117B} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw80s - {C24CD0AC-C2BA-40C9-B0FB-9A0F02FD117B} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw90 - {C24CD0AC-C2BA-40C9-B0FB-9A0F02FD117B} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw90s - {C24CD0AC-C2BA-40C9-B0FB-9A0F02FD117B} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwa0 - {C24CD0AC-C2BA-40C9-B0FB-9A0F02FD117B} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwa0s - {C24CD0AC-C2BA-40C9-B0FB-9A0F02FD117B} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwb0 - {C24CD0AC-C2BA-40C9-B0FB-9A0F02FD117B} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwb0s - {C24CD0AC-C2BA-40C9-B0FB-9A0F02FD117B} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwc0 - {C24CD0AC-C2BA-40C9-B0FB-9A0F02FD117B} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwc0s - {C24CD0AC-C2BA-40C9-B0FB-9A0F02FD117B} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwd0 - {C24CD0AC-C2BA-40C9-B0FB-9A0F02FD117B} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwd0s - {C24CD0AC-C2BA-40C9-B0FB-9A0F02FD117B} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwe0 - {C24CD0AC-C2BA-40C9-B0FB-9A0F02FD117B} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwe0s - {C24CD0AC-C2BA-40C9-B0FB-9A0F02FD117B} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwf0 - {C24CD0AC-C2BA-40C9-B0FB-9A0F02FD117B} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwf0s - {C24CD0AC-C2BA-40C9-B0FB-9A0F02FD117B} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll

O18 - Protocol: bwg0 - {C24CD0AC-C2BA-40C9-B0FB-9A0F02FD117B} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwg0s - {C24CD0AC-C2BA-40C9-B0FB-9A0F02FD117B} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwh0 - {C24CD0AC-C2BA-40C9-B0FB-9A0F02FD117B} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwh0s - {C24CD0AC-C2BA-40C9-B0FB-9A0F02FD117B} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwi0 - {C24CD0AC-C2BA-40C9-B0FB-9A0F02FD117B} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwi0s - {C24CD0AC-C2BA-40C9-B0FB-9A0F02FD117B} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwj0 - {C24CD0AC-C2BA-40C9-B0FB-9A0F02FD117B} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwj0s - {C24CD0AC-C2BA-40C9-B0FB-9A0F02FD117B} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwk0 - {C24CD0AC-C2BA-40C9-B0FB-9A0F02FD117B} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwk0s - {C24CD0AC-C2BA-40C9-B0FB-9A0F02FD117B} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwl0 - {C24CD0AC-C2BA-40C9-B0FB-9A0F02FD117B} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwl0s - {C24CD0AC-C2BA-40C9-B0FB-9A0F02FD117B} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwm0 - {C24CD0AC-C2BA-40C9-B0FB-9A0F02FD117B} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwm0s - {C24CD0AC-C2BA-40C9-B0FB-9A0F02FD117B} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwn0 - {C24CD0AC-C2BA-40C9-B0FB-9A0F02FD117B} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwn0s - {C24CD0AC-C2BA-40C9-B0FB-9A0F02FD117B} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwo0 - {C24CD0AC-C2BA-40C9-B0FB-9A0F02FD117B} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwo0s - {C24CD0AC-C2BA-40C9-B0FB-9A0F02FD117B} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwp0 - {C24CD0AC-C2BA-40C9-B0FB-9A0F02FD117B} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwp0s - {C24CD0AC-C2BA-40C9-B0FB-9A0F02FD117B} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwq0 - {C24CD0AC-C2BA-40C9-B0FB-9A0F02FD117B} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwq0s - {C24CD0AC-C2BA-40C9-B0FB-9A0F02FD117B} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwr0 - {C24CD0AC-C2BA-40C9-B0FB-9A0F02FD117B} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwr0s - {C24CD0AC-C2BA-40C9-B0FB-9A0F02FD117B} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bws0 - {C24CD0AC-C2BA-40C9-B0FB-9A0F02FD117B} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bws0s - {C24CD0AC-C2BA-40C9-B0FB-9A0F02FD117B} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwt0 - {C24CD0AC-C2BA-40C9-B0FB-9A0F02FD117B} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwt0s - {C24CD0AC-C2BA-40C9-B0FB-9A0F02FD117B} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwu0 - {C24CD0AC-C2BA-40C9-B0FB-9A0F02FD117B} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwu0s - {C24CD0AC-C2BA-40C9-B0FB-9A0F02FD117B} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwv0 - {C24CD0AC-C2BA-40C9-B0FB-9A0F02FD117B} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwv0s - {C24CD0AC-C2BA-40C9-B0FB-9A0F02FD117B} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bww0 - {C24CD0AC-C2BA-40C9-B0FB-9A0F02FD117B} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bww0s - {C24CD0AC-C2BA-40C9-B0FB-9A0F02FD117B} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwx0 - {C24CD0AC-C2BA-40C9-B0FB-9A0F02FD117B} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwx0s - {C24CD0AC-C2BA-40C9-B0FB-9A0F02FD117B} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwy0 - {C24CD0AC-C2BA-40C9-B0FB-9A0F02FD117B} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwy0s - {C24CD0AC-C2BA-40C9-B0FB-9A0F02FD117B} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwz0 - {C24CD0AC-C2BA-40C9-B0FB-9A0F02FD117B} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwz0s - {C24CD0AC-C2BA-40C9-B0FB-9A0F02FD117B} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: offline-8876480 - {C24CD0AC-C2BA-40C9-B0FB-9A0F02FD117B} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll

O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program\Delade filer\Acronis\Schedule2\schedul2.exe

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program\Delade filer\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: com hem security (BackWeb Plug-in - 8910145) - Unknown owner - C:\Program\COMHEM~1\backweb\8910145\Program\SERVIC~1.EXE

O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Unknown owner - C:\WINDOWS\system32\Brmfrmps.exe" -service (file missing)

O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe

O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corp. - C:\Program\com hem security\Anti-Virus\fsgk32st.exe

O23 - Service: fsbwsys - F-Secure Corp. - C:\Program\com hem security\backweb\8910145\program\fsbwsys.exe

O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program\com hem security\FWES\Program\fsdfwd.exe

O23 - Service: FSMA - F-Secure Corporation - C:\Program\com hem security\Common\FSMA32.EXE

O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program\Delade filer\Macromedia Shared\Service\Macromedia Licensing.exe

O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe

O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program\Webroot\Spy Sweeper\SpySweeper.exe

 

EWIDO:

 

__________________________________________________

ewido anti-spyware online scanner

http://www.ewido.net

__________________________________________________

 

 

Name: TrackingCookie.Clickhype

Path: C:\Documents and Settings\Curt Aberg\Cookies\curt aberg@ad1.clickhype[1].txt

Risk: Medium

 

Name: Adware.Generic

Path: HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{860c2f6b-ca82-4282-9187-beccbb66f0af}

Risk: Medium

 

Name: Adware.Generic

Path: HKU\S-1-5-21-1220945662-926492609-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{860C2F6B-CA82-4282-9187-BECCBB66F0AF}

Risk: Medium

 

Name: Adware.180Solutions

Path: C:\System Volume Information\_restore{AB300F34-C6C5-4D7F-89C2-276DBDC0168E}\RP124\A0022027.exe

Risk: Medium

 

Name: Downloader.Zlob.aeg

Path: C:\System Volume Information\_restore{AB300F34-C6C5-4D7F-89C2-276DBDC0168E}\RP139\A0026211.0LL

Risk: High

 

Name: Dropper.Inflator.a

Path: C:\System Volume Information\_restore{AB300F34-C6C5-4D7F-89C2-276DBDC0168E}\RP142\A0026418.exe/GTB9X.EXE

Risk: High

 

 

 

 

 

 

[inlägget ändrat 2006-10-12 15:23:34 av CÅ]

[inlägget ändrat 2006-10-12 15:24:42 av CÅ]

[inlägget ändrat 2006-10-12 17:36:00 av CÅ]

[inlägget ändrat 2006-10-12 17:38:08 av CÅ]

[Gäst idgadmin]

Ladda ner SmitfraudFix på skrivbordet och unzippa den där.

 

http://siri.urz.free.fr/Fix/SmitfraudFix.zip

 

Sen öppna SmitfraudFix mappen och dubbelklicka på smitfraudfix.cmd

Välj altenativ Search = klicka 1 och Enter

Kopiera loggen som kommer ut och skicka hit.

 

 

 

[CÅ]

Hej Zipp du kunnige!!!!

 

Här är loggen från SmitfraudFix:

 

SmitFraudFix v2.109

 

Scan done at 19:59:43,26, 2006-10-12

Run from C:\Documents and Settings\Curt Aberg\Skrivbord\SmitfraudFix

OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT

Fix run in normal mode

 

»»»»»»»»»»»»»»»»»»»»»»»» C:

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Curt Aberg

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Curt Aberg\Application Data

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Start Menu

 

C:\DOCUME~1\ALLUSE~1\START-~1\Online Security Guide.url FOUND !

C:\DOCUME~1\ALLUSE~1\START-~1\Security Troubleshooting.url FOUND !

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\CURTAB~1\FAVORI~1

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Desktop

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\Program

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]

"Source"="file:///C:/DOCUME~1/CURTAB~1/LOKALA~1/Temp/msohtml1/01/clip_image002.jpg"

"SubscribedURL"="file:///C:/DOCUME~1/CURTAB~1/LOKALA~1/Temp/msohtml1/01/clip_image002.jpg"

"FriendlyName"=""

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\1]

"Source"="About:Home"

"SubscribedURL"="About:Home"

"FriendlyName"="Min aktuella startsida"

 

»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler

!!!Attention, following keys are not inevitably infected!!!

 

SrchSTS.exe by S!Ri

Search SharedTaskScheduler's .dll

 

 

»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs

!!!Attention, following keys are not inevitably infected!!!

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"AppInit_DLLs"=""

 

 

»»»»»»»»»»»»»»»»»»»»»»»» pe386-msguard-lzx32

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection

 

 

»»»»»»»»»»»»»»»»»»»»»»»» End

 

 

 

 

[Gäst idgadmin]

Starta datorn i felsäkert läge.

 

Öppna SmitfraudFix mappen och dubbelklicka på smitfraudfix.cmd

Välj altenativ Clean = klicka 2 och Enter

Sen vänta tills den jobbar klart.

På frågan "Registry cleaning - Do you want to clean the registry ?"

svara Yes med att klicka Y och Enter

Om wininet.dll är infekterad får du frågan "Replace infected file ?"

svara Yes med att klicka Y och Enter.

Om inte datorn startar om automatiskt så starta den i normalläge.

 

Sen stäng av System Restore och starta om datorn.

Aktivera den igen och gör en ny återställnings pungt.

Sen scanna hos Ewido igen och ta bort det som hittas.

 

 

 

[CÅ]

Hej igen Zipp!

 

Följde din anvisningar. Det som fanns i Ewido-loggen försvann precis som du sa.

 

Dock när jag återigen scannar med Ad-Aware SE Pro varnar F-Secure fortfarande för att datorn är infekterad med "not virus. hoax. win32.renos.fh." F-Secure tar inte bort det utan byter bara namn.

 

Vad är nästa steg tycker du?

 

Med vänliga hälsningar

 

CÅ

 

 

[inlägget ändrat 2006-10-13 08:22:07 av CÅ]

[Zipp.]

 

Testa detta:

Scanna först med F-secure och ta bort om nåt hittas.

Sen töm F-secures karantän om nåt finns där.

Sen scanna igen men Aware.

 

[CÅ]

Hej Zipp du kunnige!!!!!!!!!!!

 

Problemet äntligen löst. Utan din hjälp hade jag nog suttit i femtioelva nätter till - utan att få nå lösning.

 

Det är en sann glädje att följa dina inlägg och råd i PcSupport. Har gjort det i åtminstone drygt ett år. Du är i sanning en kunnig person.

 

Tack så väldigt mycket Zipp för din tid och dina råd!!!

 

Med vänliga hälsningar

 

CÅ

 

 

[Gäst idgadmin]

 

Det va bra om problemet är borta nu