Just nu i M3-nätverket
Jump to content

Virs / Bug (rumpnisse)


rumpnisse

Recommended Posts

Hej!
Rayed och Cecilia
jag har samma problem .......

Jag gjorde som du sa Cecila och fick följande logfil.....
Desperat Snälla hjälpmig ochså....

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:10:35, on 2008-07-26
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program\Delade filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program\Telia\TELIAS~1\backweb\7836882\Program\SERVIC~1.EXE
C:\Program\Telia\Telias Sakerhetstjanster\Anti-Virus\fsgk32st.exe
C:\Program\Telia\Telias Sakerhetstjanster\Anti-Virus\FSGK32.EXE
C:\Program\Telia\Telias Sakerhetstjanster\backweb\7836882\program\fsbwsys.exe
C:\Program\Telia\Telias Sakerhetstjanster\Common\FSMA32.EXE
C:\Program\Telia\Telias Sakerhetstjanster\Anti-Virus\fssm32.exe
C:\Program\Telia\Telias Sakerhetstjanster\Common\FSMB32.EXE
C:\Program\Delade filer\LightScribe\LSSrvc.exe
C:\Program\Delade filer\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program\Telia\Telias Sakerhetstjanster\Common\FCH32.EXE
C:\Program\Telia\Telias Sakerhetstjanster\Common\FAMEH32.EXE
C:\Program\Telia\Telias Sakerhetstjanster\Anti-Virus\fsqh.exe
C:\Program\Telia\Telias Sakerhetstjanster\Anti-Virus\fsrw.exe
C:\Program\Telia\Telias Sakerhetstjanster\FWES\Program\fsdfwd.exe
C:\Program\Telia\Telias Sakerhetstjanster\Anti-Virus\fsav32.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program\Java\jre1.6.0_07\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\Program\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\WINDOWS\ALCMTR.EXE
C:\HP\KBD\KBD.EXE
C:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
C:\Program\HP\HP Software Update\HPwuSchd2.exe
C:\Program\Sony\SONICS~1\SsAAD.exe
C:\Program\Telia\Telias Sakerhetstjanster\Common\FSM32.EXE
C:\Program\Delade filer\Sony Shared\AVLib\SSScsiSV.exe
C:\Program\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program\Telia\TELIAS~1\ANTI-S~1\fsaw.exe
C:\Program\Winamp\winampa.exe
C:\Program\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\Program\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program\WoodiiMeny2\wu.exe
C:\Program\Macrogaming\SweetIM\SweetIM.exe
C:\Program\Telia\Supportassistent\bin\sprtcmd.exe
C:\Program\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program\Windows Live\Messenger\MsnMsgr.Exe
C:\Program\Telia\Telias Sakerhetstjanster\FSGUI\fsguidll.exe
C:\Program\Delade filer\Teleca Shared\CapabilityManager.exe
C:\Program\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program\Telia\Telias Sakerhetstjanster\backweb\7836882\Program\fspex.exe
C:\Program\iPod\bin\iPodService.exe
C:\Program\Windows Live\Messenger\usnsvc.exe
C:\Program\Delade filer\Teleca Shared\Generic.exe
C:\Program\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\Program\Internet Explorer\iexplore.exe
C:\Program\Delade filer\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program\Adobe\Acrobat 7.0\Acrobat\Acrobat.exe
C:\DOCUME~1\HP_GAR~1\LOKALA~1\Temp\Adobelm_Cleanup.0001
C:\Program\Delade filer\Adobe Systems Shared\Service\Adobelmsvc.exe
C:\DOCUME~1\HP_GAR~1\LOKALA~1\Temp\Adobelm_Cleanup.0001
C:\Program\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.leta.se/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar
R3 - URLSearchHook: (no name) - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program\google\googletoolbar3.dll
O3 - Toolbar: (no name) - {53E0B6E8-A51D-448B-B692-40B67B285543} - (no file)
O3 - Toolbar: (no name) - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - (no file)
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program\Windows Live Toolbar\msntb.dll
O3 - Toolbar: My &Search Bar - {014DA6C9-189F-421a-88CD-07CFE51CFF10} - C:\Program\MySearch\bar\1.bin\S4BAR.DLL
O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [Genväg till egenskapssida för High Definition Audio] HDAShCut.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [HPHUPD08] c:\Program\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [MediaPipe P2P Loader] "C:\Program\p2pnetworks\mpp2pl.exe" /H
O4 - HKLM\..\Run: [ssAAD.exe] C:\Program\Sony\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program\Telia\Telias Sakerhetstjanster\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program\Telia\Telias Sakerhetstjanster\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program\Telia\Telias Sakerhetstjanster\FSGUI\FSSW.EXE" /reboot
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [WinampAgent] C:\Program\Winamp\winampa.exe
O4 - HKLM\..\Run: [sony Ericsson PC Suite] "C:\Program\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [uerscw] C:\Program\Error Safe Free\uerscw.exe -c
O4 - HKLM\..\Run: [woodii_updater] C:\Program\WoodiiMeny2\wu.exe
O4 - HKLM\..\Run: [sweetIM] C:\Program\Macrogaming\SweetIM\SweetIM.exe
O4 - HKLM\..\Run: [Telia] "C:\Program\Telia\Supportassistent\bin\sprtcmd.exe" /P Telia
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [License Manager] "C:\Program\License_Manager\license_manager.exe " /silent
O4 - HKCU\..\Run: [sweetIM] C:\Program\Macrogaming\SweetIM\SweetIM.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJÄNST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program\Delade filer\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Telias säkerhetstjänster.lnk = C:\Program\Telia\Telias Sakerhetstjanster\backweb\7836882\Program\fspex.exe
O8 - Extra context menu item: &Blockera detta popup-fönster - C:\Program\Telia\Telias Sakerhetstjanster\Anti-Spyware\blockpopups.htm
O8 - Extra context menu item: &Windows Live Search - res://C:\Program\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Konvertera länkmål till Adobe PDF - res://C:\Program\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Konvertera länkmål till befintlig PDF - res://C:\Program\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Konvertera markering till Adobe PDF - res://C:\Program\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Konvertera markering till befintlig PDF - res://C:\Program\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Konvertera till Adobe PDF - res://C:\Program\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Konvertera till befintlig PDF - res://C:\Program\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Konvertera valda länkar till Adobe PDF - res://C:\Program\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Konvertera valda länkar till befintlig PDF - res://C:\Program\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Öppna på ny flik i bakgrunden - res://C:\Program\Windows Live Toolbar\Components\sv-se\msntabres.dll.mui/229?177b2376112f4aa5960da2a9d0ff592b
O8 - Extra context menu item: Öppna på ny flik i förgrunden - res://C:\Program\Windows Live Toolbar\Components\sv-se\msntabres.dll.mui/230?177b2376112f4aa5960da2a9d0ff592b
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: IE-sköld - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program\Telia\Telias Sakerhetstjanster\Anti-Spyware\ieshield.dll
O9 - Extra 'Tools' menuitem: IE-sköld... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program\Telia\Telias Sakerhetstjanster\Anti-Spyware\ieshield.dll
O9 - Extra button: Referensinformation - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Hjälp med anslutning - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Hjälp med anslutning - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {3DCEC959-378A-4922-AD7E-FD5C925D927F} (Disney Online Games ActiveX Control) - http://disney.go.com/pirates/online/testActiveX/built/signed/DisneyOnlineGames.cab
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v5.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game06.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: {D1EA8D3D-F511-4388-B754-4A0CC14A4778} (Aurigma Image Uploader 3.0 Control) - https://eurofoto.if.se/activex/ImageUploader3.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O21 - SSODL: hydrodictyon - {b166be07-30a4-4d38-b781-44528a630706} - C:\WINDOWS\system32\gqagksr.dll (file missing)
O22 - SharedTaskScheduler: hydrodictyon - {b166be07-30a4-4d38-b781-44528a630706} - C:\WINDOWS\system32\gqagksr.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program\Delade filer\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program\Delade filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Telias säkerhetstjänster (BackWeb Plug-in - 7836882) - BackWeb Technologies Inc.                          - C:\Program\Telia\TELIAS~1\backweb\7836882\Program\SERVIC~1.EXE
O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corporation - C:\Program\Telia\Telias Sakerhetstjanster\Anti-Virus\fsgk32st.exe
O23 - Service: fsbwsys - F-Secure Corp. - C:\Program\Telia\Telias Sakerhetstjanster\backweb\7836882\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program\Telia\Telias Sakerhetstjanster\FWES\Program\fsdfwd.exe
O23 - Service: FSMA - F-Secure Corporation - C:\Program\Telia\Telias Sakerhetstjanster\Common\FSMA32.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program\Delade filer\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program\Delade filer\LightScribe\LSSrvc.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program\Delade filer\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program\Delade filer\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program\Delade filer\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program\Delade filer\Sony Shared\AVLib\SSScsiSV.exe
O24 - Desktop Component 0: (no name) - http://www.orebrotravet.com/images/18.d90453ff774557157fff2059/Meadowbranch+Lucky.jpg

--
End of file - 14412 bytes


Tack på förhand !!!!

Link to comment
Share on other sites

Eftersom det blir alldeles för rörigt med två datorer i samma tråd så har du fått en egen.
Jag återkommer lite senare med åtgärder, men nu måste jag göra lite annat först.
Cecilia - Moderator

Link to comment
Share on other sites

Kontrollpanelen - Lägg till eller ta bort program
Ta bort Movieland om den finns där, samma sak med SweetIM

Ladda ner Malwarebytes Anti-Malware från en av dessa:
http://www.malwaresupport.com/mbam/program/mbam-setup.exe
http://www.brothersoft.com/download-malwarebytes.-anti-malware-71406.html
Dubbelklicka på mbam-setup.exe för att installera programmet.

Bocka för:
Update Malwarebytes' Anti-Malware
Launch Malwarebytes' Anti-Malware
Tryck på Finish
Om det finns någon uppdatering så kommer den att laddas ner och installeras.

När programmet startar så välj Perform Quick Scan och tryck på Scan.
Skanningen tar ett tag.
När den är klar så tryck på OK och sedan Show Results.
Bocka för allt och tryck sedan Remove Selected.
När borttagningen är klar så öppnar Anteckningar med en logg.

Eventuellt så kommer det upp en begäran om att starta om datorn (Restart). I så fall gör det.
Om programmet inte kommer igång efter omstarten så starta det.

Om loggen inte kommer upp själv i Anteckningar så hittar du loggen på Logs-fliken i MBAM.
Kopiera loggen och klistra in den i ditt svar tillsammans med en ny HijackThis-logg.

Link to comment
Share on other sites

HeJ!!
Tack för att du kan hjälpa mig!
Jag hittade 2 SweetIM program i kontrollpanelen men inte något Movieland att ta bort.
Sen har jag gjort som du sa  här är resultatet......



Malwarebytes' Anti-Malware 1.23
Databasversion: 996
Windows 5.1.2600 Service Pack 2

00:20:00 2008-07-27
mbam-log-7-27-2008 (00-20-00).txt

Skanningstyp: Snabb skanning
Antal skannade objekt: 43338
Förfluten tid: 8 minute(s), 45 second(s)

Infekterade minnesprocesser: 0
Infekterade minnesmoduler: 3
Infekterade registernycklar: 12
Infekterade registervärden: 3
Infekterade registerdataposter: 2
Infekterade mappar: 6
Infekterade filer: 18

Infekterade minnesprocesser:
(Inga illasinnade poster hittades)

Infekterade minnesmoduler:
C:\WINDOWS\system32\urqPhggF.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\tuvTjHXR.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\pmnnmKCR.dll (Trojan.Vundo) -> Delete on reboot.

Infekterade registernycklar:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2dbeeef3-70b6-4286-96fc-2e2ac1f6f812} (Trojan.Vundo) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{2dbeeef3-70b6-4286-96fc-2e2ac1f6f812} (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b30ace0a-31f7-46ca-8af8-8c49fd217f3c} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{b30ace0a-31f7-46ca-8af8-8c49fd217f3c} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{99ec9b56-466b-4164-9afd-252b8a384f7f} (Trojan.BHO) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{99ec9b56-466b-4164-9afd-252b8a384f7f} (Trojan.BHO) -> Delete on reboot.
HKEY_CLASSES_ROOT\seekmotoolbar.seekmotoolband.1 (Adware.180Solutions) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\seekmotoolbar.seekmotoolband.1 (Adware.Seekmo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\MySearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\pmnnmkcr (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.

Infekterade registervärden:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{53e0b6e8-a51d-448b-b692-40b67b285543} (Adware.180Solutions) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mediapipe p2p loader (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{99ec9b56-466b-4164-9afd-252b8a384f7f} (Trojan.Vundo) -> Delete on reboot.

Infekterade registerdataposter:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo) -> Data: c:\windows\system32\urqphggf -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\urqphggf  -> Delete on reboot.

Infekterade mappar:
C:\Program\p2pnetworks (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Program\MySearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program\MySearch\bar (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program\MySearch\bar\1.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program\MySearch\bar\History (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program\MySearch\bar\Settings (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Infekterade filer:
C:\WINDOWS\system32\urqPhggF.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\FgghPqru.ini (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\FgghPqru.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\iifGwwxX.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\XxwwGfii.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\XxwwGfii.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\pmnnmKCR.dll (Trojan.BHO) -> Delete on reboot.
C:\Program\p2pnetworks\AlConfig.xml (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Program\p2pnetworks\alp2plib.log (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Program\p2pnetworks\alp2plib.log.bak (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Program\p2pnetworks\install.log (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Program\p2pnetworks\mpp2pl.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Program\p2pnetworks\sp2p.cache (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Program\p2pnetworks\uninst.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Program\MySearch\bar\1.bin\S4BAR.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program\MySearch\bar\History\search (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\tuvTjHXR.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\clkcnt.txt (Trojan.Vundo) -> Quarantined and deleted successfully.



---------------------------------------------------------------------------------------------------------



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:30:11, on 2008-07-27
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program\Delade filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program\Telia\TELIAS~1\backweb\7836882\Program\SERVIC~1.EXE
C:\Program\Telia\Telias Sakerhetstjanster\Anti-Virus\fsgk32st.exe
C:\Program\Telia\Telias Sakerhetstjanster\Anti-Virus\FSGK32.EXE
C:\Program\Telia\Telias Sakerhetstjanster\backweb\7836882\program\fsbwsys.exe
C:\Program\Telia\Telias Sakerhetstjanster\Common\FSMA32.EXE
C:\Program\Telia\Telias Sakerhetstjanster\Anti-Virus\fssm32.exe
C:\Program\Delade filer\LightScribe\LSSrvc.exe
C:\Program\Telia\Telias Sakerhetstjanster\Common\FSMB32.EXE
C:\Program\Delade filer\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program\Telia\Telias Sakerhetstjanster\Common\FCH32.EXE
C:\Program\Telia\Telias Sakerhetstjanster\Anti-Virus\fsqh.exe
C:\Program\Telia\Telias Sakerhetstjanster\Common\FAMEH32.EXE
C:\Program\Telia\Telias Sakerhetstjanster\Anti-Virus\fsrw.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program\Telia\Telias Sakerhetstjanster\FWES\Program\fsdfwd.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program\Telia\Telias Sakerhetstjanster\Anti-Virus\fsav32.exe
C:\Program\Java\jre1.6.0_07\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\Program\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\WINDOWS\ALCMTR.EXE
C:\HP\KBD\KBD.EXE
C:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
C:\Program\HP\HP Software Update\HPwuSchd2.exe
C:\Program\Sony\SONICS~1\SsAAD.exe
C:\Program\Telia\Telias Sakerhetstjanster\Common\FSM32.EXE
C:\Program\Delade filer\Sony Shared\AVLib\SSScsiSV.exe
C:\Program\Telia\TELIAS~1\ANTI-S~1\fsaw.exe
C:\Program\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program\Winamp\winampa.exe
C:\Program\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\Program\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program\WoodiiMeny2\wu.exe
C:\Program\Telia\Telias Sakerhetstjanster\FSGUI\fsguidll.exe
C:\Program\Telia\Supportassistent\bin\sprtcmd.exe
C:\Program\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program\Windows Live\Messenger\MsnMsgr.Exe
C:\Program\Delade filer\Teleca Shared\CapabilityManager.exe
C:\Program\Adobe\Acrobat 7.0\Acrobat\Acrobat_sl.exe
C:\Program\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program\Telia\Telias Sakerhetstjanster\backweb\7836882\Program\fspex.exe
C:\Program\iPod\bin\iPodService.exe
C:\Program\Windows Live\Messenger\usnsvc.exe
C:\Program\Delade filer\Teleca Shared\Generic.exe
C:\Program\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\Program\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.leta.se/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar
R3 - URLSearchHook: (no name) - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - (no file)
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live inloggningshjälpen - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program\Delade filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program\google\googletoolbar3.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program\google\googletoolbar3.dll
O3 - Toolbar: (no name) - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - (no file)
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [Genväg till egenskapssida för High Definition Audio] HDAShCut.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [HPHUPD08] c:\Program\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [ssAAD.exe] C:\Program\Sony\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program\Telia\Telias Sakerhetstjanster\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program\Telia\Telias Sakerhetstjanster\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program\Telia\Telias Sakerhetstjanster\FSGUI\FSSW.EXE" /reboot
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [WinampAgent] C:\Program\Winamp\winampa.exe
O4 - HKLM\..\Run: [sony Ericsson PC Suite] "C:\Program\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [uerscw] C:\Program\Error Safe Free\uerscw.exe -c
O4 - HKLM\..\Run: [woodii_updater] C:\Program\WoodiiMeny2\wu.exe
O4 - HKLM\..\Run: [Telia] "C:\Program\Telia\Supportassistent\bin\sprtcmd.exe" /P Telia
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [License Manager] "C:\Program\License_Manager\license_manager.exe " /silent
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJÄNST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program\Delade filer\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Telias säkerhetstjänster.lnk = C:\Program\Telia\Telias Sakerhetstjanster\backweb\7836882\Program\fspex.exe
O8 - Extra context menu item: &Blockera detta popup-fönster - C:\Program\Telia\Telias Sakerhetstjanster\Anti-Spyware\blockpopups.htm
O8 - Extra context menu item: &Windows Live Search - res://C:\Program\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Konvertera länkmål till Adobe PDF - res://C:\Program\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Konvertera länkmål till befintlig PDF - res://C:\Program\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Konvertera markering till Adobe PDF - res://C:\Program\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Konvertera markering till befintlig PDF - res://C:\Program\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Konvertera till Adobe PDF - res://C:\Program\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Konvertera till befintlig PDF - res://C:\Program\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Konvertera valda länkar till Adobe PDF - res://C:\Program\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Konvertera valda länkar till befintlig PDF - res://C:\Program\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Öppna på ny flik i bakgrunden - res://C:\Program\Windows Live Toolbar\Components\sv-se\msntabres.dll.mui/229?177b2376112f4aa5960da2a9d0ff592b
O8 - Extra context menu item: Öppna på ny flik i förgrunden - res://C:\Program\Windows Live Toolbar\Components\sv-se\msntabres.dll.mui/230?177b2376112f4aa5960da2a9d0ff592b
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: IE-sköld - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program\Telia\Telias Sakerhetstjanster\Anti-Spyware\ieshield.dll
O9 - Extra 'Tools' menuitem: IE-sköld... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program\Telia\Telias Sakerhetstjanster\Anti-Spyware\ieshield.dll
O9 - Extra button: Referensinformation - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Hjälp med anslutning - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Hjälp med anslutning - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {3DCEC959-378A-4922-AD7E-FD5C925D927F} (Disney Online Games ActiveX Control) - http://disney.go.com/pirates/online/testActiveX/built/signed/DisneyOnlineGames.cab
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v5.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game06.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: {D1EA8D3D-F511-4388-B754-4A0CC14A4778} (Aurigma Image Uploader 3.0 Control) - https://eurofoto.if.se/activex/ImageUploader3.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O21 - SSODL: hydrodictyon - {b166be07-30a4-4d38-b781-44528a630706} - C:\WINDOWS\system32\gqagksr.dll (file missing)
O22 - SharedTaskScheduler: hydrodictyon - {b166be07-30a4-4d38-b781-44528a630706} - C:\WINDOWS\system32\gqagksr.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program\Delade filer\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program\Delade filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Telias säkerhetstjänster (BackWeb Plug-in - 7836882) - BackWeb Technologies Inc.                          - C:\Program\Telia\TELIAS~1\backweb\7836882\Program\SERVIC~1.EXE
O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corporation - C:\Program\Telia\Telias Sakerhetstjanster\Anti-Virus\fsgk32st.exe
O23 - Service: fsbwsys - F-Secure Corp. - C:\Program\Telia\Telias Sakerhetstjanster\backweb\7836882\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program\Telia\Telias Sakerhetstjanster\FWES\Program\fsdfwd.exe
O23 - Service: FSMA - F-Secure Corporation - C:\Program\Telia\Telias Sakerhetstjanster\Common\FSMA32.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program\Delade filer\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program\Delade filer\LightScribe\LSSrvc.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program\Delade filer\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program\Delade filer\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program\Delade filer\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program\Delade filer\Sony Shared\AVLib\SSScsiSV.exe
O24 - Desktop Component 0: (no name) - http://www.orebrotravet.com/images/18.d90453ff774557157fff2059/Meadowbranch+Lucky.jpg

--
End of file - 14697 bytes

______________________________________________________________________________________



Vad ska jag göra nu  ????? Finns det mer att rensa.........så är jag glad.... så att datorn fungerar lite lättare......


Många Tacksamma hälsningar Mona

Link to comment
Share on other sites

Surfa till http://www.virustotal.com klistra in ett av följande filnamn i rutan, tryck på Skicka Fil och vänta tills resultatet är klart (Närvarande status blir genomförd). Klistra in resultatet från de olika antivirusprogrammen här. Upprepa med nästa filnamn.
C:\Program\License_Manager\license_manager.exe
C:\Program\WoodiiMeny2\wu.exe

Ladda ner programmet SmitfraudFix (by S!Ri) till Skrivbordet:
http://siri.urz.free.fr/Fix/SmitfraudFix.exe
Dubbelklicka på den nedladdade filen Smitfraudfix.exe.
Först kommer en uppmaning att trycka på någon tangent så gör det.
Välj sedan alternativ 1 - Search genom att trycka på 1 och Enter.
Programmet kommer att skanna igenom datorn.
När den är klart visas resultatet och programmet har skapat loggfilen C:\rapport.txt.

Klistra in innehållet i loggfilen i ditt svar här.

Gör inget annat med SmitfraudFix.

Link to comment
Share on other sites

hej tack igen


Resultatet av
C:\Program\License_Manager\license_manager.exe

0 bytes size received / Se ha recibido un archivo vacio






Resultatet av
C:\Program\WoodiiMeny2\wu.exe


Fil wu.exe mottagen 2008.07.27 09:18:53 (CET)
Närvarande status: Laddar ... köad väntar söker genomförd EJ FUNNEN STOPPAD


Resultat: 0/35 (0%)




SmitFraudFix v2.331

Scan done at  9:31:14,76, 2008-07-27
Run from C:\Documents and Settings\HP_garen\Skrivbord\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program\Delade filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program\Telia\TELIAS~1\backweb\7836882\Program\SERVIC~1.EXE
C:\Program\Telia\Telias Sakerhetstjanster\Anti-Virus\fsgk32st.exe
C:\Program\Telia\Telias Sakerhetstjanster\Anti-Virus\FSGK32.EXE
C:\Program\Telia\Telias Sakerhetstjanster\backweb\7836882\program\fsbwsys.exe
C:\Program\Telia\Telias Sakerhetstjanster\Common\FSMA32.EXE
C:\Program\Telia\Telias Sakerhetstjanster\Anti-Virus\fssm32.exe
C:\Program\Delade filer\LightScribe\LSSrvc.exe
C:\Program\Telia\Telias Sakerhetstjanster\Common\FSMB32.EXE
C:\Program\Delade filer\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program\Telia\Telias Sakerhetstjanster\Common\FCH32.EXE
C:\Program\Telia\Telias Sakerhetstjanster\Anti-Virus\fsqh.exe
C:\Program\Telia\Telias Sakerhetstjanster\Common\FAMEH32.EXE
C:\Program\Telia\Telias Sakerhetstjanster\Anti-Virus\fsrw.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program\Telia\Telias Sakerhetstjanster\FWES\Program\fsdfwd.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program\Telia\Telias Sakerhetstjanster\Anti-Virus\fsav32.exe
C:\Program\Java\jre1.6.0_07\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\Program\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\WINDOWS\ALCMTR.EXE
C:\HP\KBD\KBD.EXE
C:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
C:\Program\HP\HP Software Update\HPwuSchd2.exe
C:\Program\Sony\SONICS~1\SsAAD.exe
C:\Program\Telia\Telias Sakerhetstjanster\Common\FSM32.EXE
C:\Program\Delade filer\Sony Shared\AVLib\SSScsiSV.exe
C:\Program\Telia\TELIAS~1\ANTI-S~1\fsaw.exe
C:\Program\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program\Winamp\winampa.exe
C:\Program\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\Program\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program\WoodiiMeny2\wu.exe
C:\Program\Telia\Telias Sakerhetstjanster\FSGUI\fsguidll.exe
C:\Program\Telia\Supportassistent\bin\sprtcmd.exe
C:\Program\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program\Windows Live\Messenger\MsnMsgr.Exe
C:\Program\Delade filer\Teleca Shared\CapabilityManager.exe
C:\Program\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program\Telia\Telias Sakerhetstjanster\backweb\7836882\Program\fspex.exe
C:\Program\iPod\bin\iPodService.exe
C:\Program\Windows Live\Messenger\usnsvc.exe
C:\Program\Delade filer\Teleca Shared\Generic.exe
C:\Program\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\Program\Trend Micro\HijackThis\HijackThis.exe
C:\Program\Internet Explorer\iexplore.exe
C:\Program\Delade filer\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Documents and Settings\HP_Ägaren\Skrivbord\SmitfraudFix\Policies.exe
C:\WINDOWS\system32\cmd.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts

»»»»»»»»»»»»»»»»»»»»»»»» C:\

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\HP_garen

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\HP_garen\Application Data

»»»»»»»»»»»»»»»»»»»»»»»» Start Menu

»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\HP_GAR~1\FAVORI~1

»»»»»»»»»»»»»»»»»»»»»»»» Desktop

»»»»»»»»»»»»»»»»»»»»»»»» C:\Program
C:\Program\SoftCodec\ FOUND !
»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys

»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components
 
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="http://www.orebrotravet.com/images/18.d90453ff774557157fff2059/Meadowbranch+Lucky.jpg"
"SubscribedURL"="http://www.orebrotravet.com/images/18.d90453ff774557157fff2059/Meadowbranch+Lucky.jpg"
"FriendlyName"=""
 
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\1]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Min aktuella startsida"
»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, following keys are not inevitably infected!!!
 

»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, following keys are not inevitably infected!!!
VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
!!!Attention, following keys are not inevitably infected!!!
404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{b166be07-30a4-4d38-b781-44528a630706}"="hydrodictyon"
[HKEY_CLASSES_ROOT\CLSID\{b166be07-30a4-4d38-b781-44528a630706}\InProcServer32]
@="C:\WINDOWS\system32\gqagksr.dll"
[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{b166be07-30a4-4d38-b781-44528a630706}\InProcServer32]
@="C:\WINDOWS\system32\gqagksr.dll"
 
»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""

»»»»»»»»»»»»»»»»»»»»»»»» Winlogon
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"
"System"=""

»»»»»»»»»»»»»»»»»»»»»»»» Rustock
 
»»»»»»»»»»»»»»»»»»»»»»»» DNS
Description: Intel® PRO/100 VE Network Connection - Miniport för paketschemaläggning
DNS Server Search Order: 16.92.3.242
DNS Server Search Order: 16.92.3.243
DNS Server Search Order: 16.81.3.243
DNS Server Search Order: 16.114.3.243
Description: Intel® PRO/100 VE Network Connection - Miniport för paketschemaläggning
DNS Server Search Order: 195.67.199.6
DNS Server Search Order: 195.67.199.7
HKLM\SYSTEM\CCS\Services\Tcpip\..\{43EDF674-A9BE-4052-A0ED-671BE7D31D20}: DhcpNameServer=195.67.199.6 195.67.199.7
HKLM\SYSTEM\CCS\Services\Tcpip\..\{ADB03F1A-944A-47AE-92B7-37C5EC86F3E2}: DhcpNameServer=16.92.3.242 16.92.3.243 16.81.3.243 16.114.3.243
HKLM\SYSTEM\CS1\Services\Tcpip\..\{43EDF674-A9BE-4052-A0ED-671BE7D31D20}: DhcpNameServer=195.67.199.6 195.67.199.7

»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection

»»»»»»»»»»»»»»»»»»»»»»»» End
tack så länge   Mona
Link to comment
Share on other sites

Starta om datorn i felsäkert läge genom att trycka F8 upprepade gånger under uppstarten och välja Felsäkert i menyn.

Dubbelklicka på smitfraudfix.exe för att starta programmet.
Välj alternativ 2 genom att trycka 2 och Enter.
Vänta på att verktyget blir klart och diskrensningen avslutas.
Under tiden så kommer det en fråga om du vill rensa registret (clean the registry) svara ja (Yes) genom att trycka Y och Enter.

Om datorn inte startar om av sig själv så gör du det.
Även denna gång ska det vara felsäkert läge.

Kontrollpanelen - Internet-alternativ - Allmänt - Ta bort - Ta bort filer - OK

Kontrollpanelen - Bildskärm - Skrivbord - Anpassa skrivbordet - Webb
Om det finns något med Security info eller liknande så Ta bort det.
OK - Verkställ - OK

Starta om datorn i normalt läge.

I ditt svar så klistra in den nyss skapade C:\rapport.txt och en ny HijackThis-logg.

Link to comment
Share on other sites

Hej!
Lite värmeåskväder hindrade från att ha datorn igång idag.....

men här är resultaten

SmitFraudFix v2.331

Scan done at 23:31:04,20, 2008-07-27
Run from C:\Documents and Settings\HP_garen\Skrivbord\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{b166be07-30a4-4d38-b781-44528a630706}"="hydrodictyon"

[HKEY_CLASSES_ROOT\CLSID\{b166be07-30a4-4d38-b781-44528a630706}\InProcServer32]
@="C:\WINDOWS\system32\gqagksr.dll"

[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{b166be07-30a4-4d38-b781-44528a630706}\InProcServer32]
@="C:\WINDOWS\system32\gqagksr.dll"


»»»»»»»»»»»»»»»»»»»»»»»» Killing process


»»»»»»»»»»»»»»»»»»»»»»»» hosts


127.0.0.1       localhost

»»»»»»»»»»»»»»»»»»»»»»»» VACFix

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix

S!Ri's WS2Fix: LSP not Found.


»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

C:\Program\SoftCodec\ Deleted

»»»»»»»»»»»»»»»»»»»»»»»» IEDFix

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» 404Fix

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» DNS

HKLM\SYSTEM\CCS\Services\Tcpip\..\{43EDF674-A9BE-4052-A0ED-671BE7D31D20}: DhcpNameServer=195.67.199.6 195.67.199.7
HKLM\SYSTEM\CCS\Services\Tcpip\..\{ADB03F1A-944A-47AE-92B7-37C5EC86F3E2}: DhcpNameServer=16.92.3.242 16.92.3.243 16.81.3.243 16.114.3.243
HKLM\SYSTEM\CS1\Services\Tcpip\..\{43EDF674-A9BE-4052-A0ED-671BE7D31D20}: DhcpNameServer=195.67.199.6 195.67.199.7
HKLM\SYSTEM\CS1\Services\Tcpip\..\{43EDF674-A9BE-4052-A0ED-671BE7D31D20}: NameServer=¦g
HKLM\SYSTEM\CS1\Services\Tcpip\..\{ADB03F1A-944A-47AE-92B7-37C5EC86F3E2}: DhcpNameServer=16.92.3.242 16.92.3.243 16.81.3.243 16.114.3.243
HKLM\SYSTEM\CS3\Services\Tcpip\..\{43EDF674-A9BE-4052-A0ED-671BE7D31D20}: DhcpNameServer=195.67.199.6 195.67.199.7
HKLM\SYSTEM\CS3\Services\Tcpip\..\{43EDF674-A9BE-4052-A0ED-671BE7D31D20}: NameServer=¦g
HKLM\SYSTEM\CS3\Services\Tcpip\..\{ADB03F1A-944A-47AE-92B7-37C5EC86F3E2}: DhcpNameServer=16.92.3.242 16.92.3.243 16.81.3.243 16.114.3.243
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=195.67.199.6 195.67.199.7
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=195.67.199.6 195.67.199.7
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=195.67.199.6 195.67.199.7


»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning
 
Registry Cleaning done.
 
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» End



_________________________________________________________________________________________

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:53:37, on 2008-07-27
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program\Java\jre1.6.0_07\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\Program\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\WINDOWS\ALCMTR.EXE
C:\HP\KBD\KBD.EXE
C:\Program\HP\HP Software Update\HPwuSchd2.exe
C:\Program\Sony\SONICS~1\SsAAD.exe
C:\Program\Telia\Telias Sakerhetstjanster\Common\FSM32.EXE
C:\Program\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program\Winamp\winampa.exe
C:\Program\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\Program\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program\Telia\Supportassistent\bin\sprtcmd.exe
C:\Program\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program\Windows Live\Messenger\MsnMsgr.Exe
C:\Program\Delade filer\Teleca Shared\CapabilityManager.exe
C:\Program\Adobe\Acrobat 7.0\Acrobat\Acrobat_sl.exe
C:\Program\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program\Delade filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program\Telia\TELIAS~1\backweb\7836882\Program\SERVIC~1.EXE
C:\Program\Telia\Telias Sakerhetstjanster\Anti-Virus\fsgk32st.exe
C:\Program\Telia\Telias Sakerhetstjanster\backweb\7836882\Program\fspex.exe
C:\Program\Telia\Telias Sakerhetstjanster\Anti-Virus\FSGK32.EXE
C:\Program\Telia\Telias Sakerhetstjanster\backweb\7836882\program\fsbwsys.exe
C:\Program\Telia\Telias Sakerhetstjanster\Common\FSMA32.EXE
C:\Program\Telia\Telias Sakerhetstjanster\Common\FSMB32.EXE
C:\Program\Delade filer\LightScribe\LSSrvc.exe
C:\Program\Delade filer\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program\Telia\Telias Sakerhetstjanster\Anti-Virus\fssm32.exe
C:\Program\Telia\Telias Sakerhetstjanster\Common\FCH32.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program\Telia\Telias Sakerhetstjanster\Anti-Virus\fsqh.exe
C:\Program\Telia\Telias Sakerhetstjanster\Common\FAMEH32.EXE
C:\Program\Telia\Telias Sakerhetstjanster\Anti-Virus\fsrw.exe
C:\Program\Delade filer\Sony Shared\AVLib\SSScsiSV.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program\Telia\Telias Sakerhetstjanster\FWES\Program\fsdfwd.exe
C:\Program\Delade filer\Teleca Shared\Generic.exe
C:\Program\Telia\Telias Sakerhetstjanster\Anti-Virus\fsav32.exe
C:\Program\iPod\bin\iPodService.exe
C:\Program\Telia\TELIAS~1\ANTI-S~1\fsaw.exe
C:\Program\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\Program\Telia\Telias Sakerhetstjanster\FSGUI\fsguidll.exe
C:\Program\Windows Live\Messenger\usnsvc.exe
C:\Program\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar
R3 - URLSearchHook: (no name) - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - (no file)
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live inloggningshjälpen - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program\Delade filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program\google\googletoolbar3.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program\google\googletoolbar3.dll
O3 - Toolbar: (no name) - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - (no file)
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [Genväg till egenskapssida för High Definition Audio] HDAShCut.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [HPHUPD08] c:\Program\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [ssAAD.exe] C:\Program\Sony\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program\Telia\Telias Sakerhetstjanster\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program\Telia\Telias Sakerhetstjanster\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program\Telia\Telias Sakerhetstjanster\FSGUI\FSSW.EXE" /reboot
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [WinampAgent] C:\Program\Winamp\winampa.exe
O4 - HKLM\..\Run: [sony Ericsson PC Suite] "C:\Program\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [uerscw] C:\Program\Error Safe Free\uerscw.exe -c
O4 - HKLM\..\Run: [woodii_updater] C:\Program\WoodiiMeny2\wu.exe
O4 - HKLM\..\Run: [Telia] "C:\Program\Telia\Supportassistent\bin\sprtcmd.exe" /P Telia
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [License Manager] "C:\Program\License_Manager\license_manager.exe " /silent
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJÄNST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program\Delade filer\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Telias säkerhetstjänster.lnk = C:\Program\Telia\Telias Sakerhetstjanster\backweb\7836882\Program\fspex.exe
O8 - Extra context menu item: &Blockera detta popup-fönster - C:\Program\Telia\Telias Sakerhetstjanster\Anti-Spyware\blockpopups.htm
O8 - Extra context menu item: &Windows Live Search - res://C:\Program\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Konvertera länkmål till Adobe PDF - res://C:\Program\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Konvertera länkmål till befintlig PDF - res://C:\Program\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Konvertera markering till Adobe PDF - res://C:\Program\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Konvertera markering till befintlig PDF - res://C:\Program\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Konvertera till Adobe PDF - res://C:\Program\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Konvertera till befintlig PDF - res://C:\Program\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Konvertera valda länkar till Adobe PDF - res://C:\Program\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Konvertera valda länkar till befintlig PDF - res://C:\Program\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Öppna på ny flik i bakgrunden - res://C:\Program\Windows Live Toolbar\Components\sv-se\msntabres.dll.mui/229?177b2376112f4aa5960da2a9d0ff592b
O8 - Extra context menu item: Öppna på ny flik i förgrunden - res://C:\Program\Windows Live Toolbar\Components\sv-se\msntabres.dll.mui/230?177b2376112f4aa5960da2a9d0ff592b
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: IE-sköld - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program\Telia\Telias Sakerhetstjanster\Anti-Spyware\ieshield.dll
O9 - Extra 'Tools' menuitem: IE-sköld... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program\Telia\Telias Sakerhetstjanster\Anti-Spyware\ieshield.dll
O9 - Extra button: Referensinformation - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Hjälp med anslutning - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Hjälp med anslutning - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {3DCEC959-378A-4922-AD7E-FD5C925D927F} (Disney Online Games ActiveX Control) - http://disney.go.com/pirates/online/testActiveX/built/signed/DisneyOnlineGames.cab
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v5.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game06.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: {D1EA8D3D-F511-4388-B754-4A0CC14A4778} (Aurigma Image Uploader 3.0 Control) - https://eurofoto.if.se/activex/ImageUploader3.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program\Delade filer\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program\Delade filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Telias säkerhetstjänster (BackWeb Plug-in - 7836882) - BackWeb Technologies Inc.                          - C:\Program\Telia\TELIAS~1\backweb\7836882\Program\SERVIC~1.EXE
O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corporation - C:\Program\Telia\Telias Sakerhetstjanster\Anti-Virus\fsgk32st.exe
O23 - Service: fsbwsys - F-Secure Corp. - C:\Program\Telia\Telias Sakerhetstjanster\backweb\7836882\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program\Telia\Telias Sakerhetstjanster\FWES\Program\fsdfwd.exe
O23 - Service: FSMA - F-Secure Corporation - C:\Program\Telia\Telias Sakerhetstjanster\Common\FSMA32.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program\Delade filer\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program\Delade filer\LightScribe\LSSrvc.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program\Delade filer\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program\Delade filer\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program\Delade filer\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program\Delade filer\Sony Shared\AVLib\SSScsiSV.exe

--
End of file - 14160 bytes



Tack för allt hittills!

Mona

Link to comment
Share on other sites

Skanna med HijackThis och bocka för:

R3 - URLSearchHook: (no name) - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: (no name) - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - (no file)
O4 - HKLM\..\Run: [uerscw] C:\Program\Error Safe Free\uerscw.exe -c
O4 - HKCU\..\Run: [License Manager] "C:\Program\License_Manager\license_manager.exe " /silent

Avsluta alla andra program.
Tryck Fix checked.

Starta om datorn i felsäkert läge (tryck F8 upprepade gånger under uppstarten och välj felsäkert läge i menyn).

Ställ in Utforskaren så att du kan se alla filer:
Verktyg - (Mapp)alternativ eller liknande - Visning
Välj Visa dolda filer och mappar
Avbocka Dölj filnamnstillägg för kända filtyper
Avbocka Dölj skyddade operativsystemfiler

Ta bort filerna (om de finns kvar):
C:\Program\License_Manager\license_manager.exe

Ta bort mapparna (om de finns kvar):
C:\Program\Error Safe Free

Starta om i normalt läge och kontrollera själv att ovanstående rader är borta ur en ny HijackThis-logg.

Du kan läsa om raden
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
http://www.bleepingcomputer.com/startups/alcmtr-240.html

Hur fungerar datorn nu?

Link to comment
Share on other sites

Hej!
tack nu fungerar datorn mkt bättre än tidigare...........

Jag har läst om och vill gärna att den inte skall starta men finnas kvar......
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
http://www.bleepingcomputer.com/startups/alcmtr-240.html
så jag följde deras förslag om program för att rätta till och hämtade hem RegistryBooster 2
men den kunde bara fixa 15 errors och jag hade 513 i datorn. Finns det ett lämpligt gratis program att ta hem för att fixa dessa.

Hur bör datorn vara inställd för att om möjligt slippa detta igen.....

Många hittills tacksamma hälsningar.....
Mona

Link to comment
Share on other sites

Hej igen !

En fråga

Jag har ju teliassäker surf och här finns en programkonroll "flik" vad man tillåter och ej ....
här hittade jag SweetIM som tillåten......dock inte nu längre.... nu till min fråga kan jag lista dessa program på något sätt så att du kan se vad som är fel här om fler felaktiga program finns tillåtna som jag inte känner till....

tack på förhand...
Mona

Link to comment
Share on other sites

"Felen" i registret behöver du inte bry dig om, även en nyinstallerad XP har ett par hundra fel. Men du kan nog få bort en del med programmet CCleaner, det är gratis och bra.

Start - Kör - msconfig - Autostart
där kan du ta bort bocken för Alcmtr.exe så startas den inte längre.

Här kan du läsa mina vanliga råd för en säkrare dator, men det är så klart viktigt att man använder sitt förnuft också.
http://ceblstockholm.googlepages.com/home
Enligt sidor jag hittar med Google så står det i licensvillkoren till Movieland att gratisversionen kommer att visa annonser och att Movieland ger möjlighet till att se porrfilmer. Det är alltid förenat med risker att hålla till på porrsidor. Nu vet jag inte om det gäller i ditt fall, det kan tänkas att andra sorters sidor har börjat använda Movieland också för att få in pengar.

Jag har ingen aning om man kan få ut någon lista från F-secure. Jag antar att det är en del som du själv kan se ska vara tillåtna och så kan du jämföra med HijackThis-loggen och då ser du annat som också är bra (alla filnamn som finns där är okej), troligen är det inte så mycket kvar efter det så då kan du skriva ner dem.

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.



×
×
  • Create New...