Just nu i M3-nätverket
Jump to content

Aktivitetshanteraren inaktiverad?


ErikSjo

Recommended Posts

När jag gör Ctrl+Alt+Del i Win XP Pro så får jag felmeddelandet "Aktivitetshanteraren har inaktiverats av administratören". Hur i hela friden fixar jag det?

 

/Erik

 

Link to comment
Share on other sites

"Aktivitetshanteraren har inaktiverats av administratören."

Är det du själv som är administratör, logga in som admin. Annars får du ta ett snack med den som är administratör.

 

 

Link to comment
Share on other sites

Vad händer om du högerklickar på Aktivitetsfältet, får du upp en meny med bl.a. Aktivitetshanteraren? Där finns också egenskaper, verktygsfält, visa skrivbordet mm.

 

Link to comment
Share on other sites

Stefan Eklinder
Vad händer om du högerklickar på Aktivitetsfältet, får du upp en meny med bl.a. Aktivitetshanteraren? Där finns också egenskaper, verktygsfält, visa skrivbordet mm.

 

Inte för att jag också blivit av med Aktivitetshanteraren, men jag var därinne och kollade som hastigast. Jag kunde inte hitta någonstans där man kunde avaktivera denna.

Missat något? ;)

 

Kanske någon Tjänst som spökar?

 

 

---

/Stefan Eklinder

 

"Informationsteknologin tränger in som sand

i byxorna. Man blir inte av med det"

 

Jonas Ridderstråle

 

 

[inlägget ändrat 2003-03-08 21:01:34 av Stefan Eklinder]

Link to comment
Share on other sites

"Jag kunde inte hitta någonstans där man kunde avaktivera denna. Missat något? ;). Kanske någon Tjänst som spökar?"

Ingen tjänst denna gång.

Det finns annat att konfigurera i XP, Group policy editor eller gpedit. Detta kraftfulla verktyg ingår inte i Home edition, men ska man konfigurera där bör man verkligen veta vad man gör.

Microsofts artikel om detta:

 

http://support.microsoft.com/search/preview.aspx?PR=1&scid=kb;en-us;Q307882

 

Link to comment
Share on other sites

  • 4 years later...

Hej, jag har fått samma problem, fick detta problemet när jag hade formaterat om datorn, undra om du har löst problemet, isf maila mig -> salehinho@hotmail.com

 

mvh// zerwo

 

Link to comment
Share on other sites

En vanlig orsak till att aktivitetshanteraren blir avstängd är att datorn är infekterad med någon otrevlighet som stänger av den. Kan det vara så i ditt fall?

 

Link to comment
Share on other sites

  • 3 weeks later...

Så är det nog i mitt fall. har fått något spionprogramm som tar över kontrollen av datorn. Kommer från WWW.pcsecuritylab.com. Vet inte hur jag skall få bort skiten.

Den ligger som bakgrund på skärmen och går ej att få bort (kommer tillbaka efter några sekunder efter jag har ändrat intällningarna på skärmen). Samt ligger nere på aktivitetesfältet och säger att jag har virus.

Samt även när jag öppnar Internet Explorer, ploppar deras sida upp som default och säger att jag skall scanna av datorn.

Har tagit bort programmet men allt händer ändå. samt det här att jag inte kan gå in i aktivitetshanteraren.

 

HJÄLP!!!

 

Link to comment
Share on other sites

Vi kan ju se om HijackThis visar något till att börja med:

http://www.thespykiller.co.uk/files/HJTsetup.exe

Installera, kör, skanna och spara loggen (inget annat).

 

I ditt svar bifogar du HijackThis-loggen på detta sätt:

Tryck på LOG-knappen i Besvara-fönstret

Klistra in loggen

Tryck igen på LOG-knappen

 

Ladda ner programmet SmitfraudFix (by S!Ri) till Skrivbordet:

http://siri.urz.free.fr/Fix/SmitfraudFix.exe

Dubbelklicka på den nedladdade filen Smitfraudfix.exe.

Först kommer en uppmaning att trycka på någon tangent så gör det.

Välj sedan alternativ 1 - Search genom att trycka på 1 och Enter.

Programmet kommer att skanna igenom datorn.

När den är klart visas resultatet och programmet har skapat loggfilen C:\rapport.txt.

 

Klistra in innehållet i loggfilen i ditt svar här på samma sätt med LOG-knappen.

 

Gör inget annat med SmitfraudFix.

 

Link to comment
Share on other sites

Hej Cecilia. Jag kunde inte besvara ditt svar nedanför?? utan fick gå in på min fråga??

Här är loggen[log]Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 18:20:48, on 2007-10-29

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Program\Windows Defender\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe

C:\Program\Norman\Npm\Bin\eLogsvc.exe

C:\Program\Norman\Npm\Bin\Zanda.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\System32\CTsvcCDA.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\drivers\KodakCCS.exe

C:\Program\Delade filer\Microsoft Shared\VS7Debug\mdm.exe

C:\WINDOWS\System32\ScsiAccess.EXE

C:\WINDOWS\system32\slserv.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\MsPMSPSv.exe

C:\Program\Norman\Npm\bin\NJEEVES.EXE

C:\Program\Norman\Nvc\BIN\NVCSCHED.EXE

C:\Program\Norman\Nvc\bin\nvcoas.exe

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\system32\vvgeowbv.exe

C:\WINDOWS\Explorer.EXE

C:\Program\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe

C:\Program\Sony\SONICS~1\SsAAD.exe

C:\WINDOWS\svzip.exe

C:\WINDOWS\sv.exe

C:\Program\Norman\Npm\bin\ZLH.EXE

C:\Program\Norman\Nvc\BIN\NIP.EXE

C:\Program\Windows Defender\MSASCui.exe

C:\Program\Delade filer\Sony Shared\AVLib\SSScsiSV.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program\SUPERAntiSpyware\SUPERAntiSpyware.exe

C:\Program\Norman\Nvc\bin\cclaw.exe

C:\Program\Internet Explorer\iexplore.exe

C:\Program\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe

C:\Program\Delade filer\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program\DELADE~1\PCSuite\Services\SERVIC~1.EXE

C:\Program\Winamp\winamp.exe

C:\Program\Trend Micro\HijackThis\HijackThis.exe

C:\WINDOWS\System32\wbem\wmiprvse.exe

 

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=56626&homepage=http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar

F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\vvgeowbv.exe,C:\WINDOWS\system32\userinit.exe

O2 - BHO: (no name) - {00000000-d9e3-4bc6-a0bd-3d0ca4be5271} - (no file)

O2 - BHO: (no name) - {00000012-890e-4aac-afd9-eff6954a34dd} - (no file)

O2 - BHO: (no name) - {029e02f0-a0e5-4b19-b958-7bf2db29fb13} - (no file)

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {06dfedaa-6196-11d5-bfc8-00508b4a487d} - (no file)

O2 - BHO: (no name) - {12F02779-6D88-4958-8AD3-83C12D86ADC7} - (no file)

O2 - BHO: (no name) - {1adbcce8-cf84-441e-9b38-afc7a19c06a4} - (no file)

O2 - BHO: (no name) - {2d7cb618-cc1c-4126-a7e3-f5b12d3bcf71} - (no file)

O2 - BHO: (no name) - {51641ef3-8a7a-4d84-8659-b0911e947cc8} - (no file)

O2 - BHO: (no name) - {53C330D6-A4AB-419B-B45D-FD4411C1FEF4} - (no file)

O2 - BHO: (no name) - {54645654-2225-4455-44A1-9F4543D34546} - (no file)

O2 - BHO: (no name) - {669695bc-a811-4a9d-8cdf-ba8c795f261e} - (no file)

O2 - BHO: (no name) - {6abc861a-31e7-4d91-b43b-d3c98f22a5c0} - (no file)

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program\Delade filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll

O2 - BHO: (no name) - {944864a5-3916-46e2-96a9-a2e84f3f1208} - (no file)

O2 - BHO: (no name) - {a4a435cf-3583-11d4-91bd-0048546a1450} - (no file)

O2 - BHO: (no name) - {A6E432B4-D4C2-43B3-BF55-C364F8F7362A} - (no file)

O2 - BHO: (no name) - {b8875bfe-b021-11d4-bfa8-00508b8e9bd3} - (no file)

O2 - BHO: (no name) - {bb936323-19fa-4521-ba29-eca6a121bc78} - (no file)

O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program\MSN Apps\MSN Toolbar\01.02.4000.1001\sv\msntb.dll

O2 - BHO: (no name) - {c2680e10-1655-4a0e-87f8-4259325a84b7} - (no file)

O2 - BHO: (no name) - {c4ca6559-2cf1-48b6-96b2-8340a06fd129} - (no file)

O2 - BHO: (no name) - {c5af2622-8c75-4dfb-9693-23ab7686a456} - (no file)

O2 - BHO: (no name) - {ca1d1b05-9c66-11d5-a009-000103c1e50b} - (no file)

O2 - BHO: (no name) - {d8efadf1-9009-11d6-8c73-608c5dc19089} - (no file)

O2 - BHO: (no name) - {e9147a0a-a866-4214-b47c-da821891240f} - (no file)

O2 - BHO: (no name) - {e9306072-417e-43e3-81d5-369490beef7c} - (no file)

O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program\MSN Apps\MSN Toolbar\01.02.4000.1001\sv\msntb.dll

O4 - HKLM\..\Run: [CTStartup] "C:\Program\Creative\Splash Screen\CTEaxSpl.EXE" /run

O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"

O4 - HKLM\..\Run: [ssAAD.exe] C:\Program\Sony\SONICS~1\SsAAD.exe

O4 - HKLM\..\Run: [netzip] C:\WINDOWS\svzip.exe

O4 - HKLM\..\Run: [netsv32] C:\WINDOWS\sv.exe

O4 - HKLM\..\Run: [net64] C:\WINDOWS\svhoster.exe

O4 - HKLM\..\Run: [startdrv] C:\WINDOWS\Temp\startdrv.exe

O4 - HKLM\..\Run: [Norman ZANDA] C:\Program\Norman\Npm\bin\ZLH.EXE /LOAD /SPLASH

O4 - HKLM\..\Run: [Windows Defender] "C:\Program\Windows Defender\MSASCui.exe" -hide

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program\SUPERAntiSpyware\SUPERAntiSpyware.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKAL TJÄNST')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: KODAK Software Updater.lnk = C:\Program\Kodak\KODAK Software Updater\7288971\6.1.4.37-7288971L\Program\runner.exe

O4 - Global Startup: Service Manager.lnk = C:\Program\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe

O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_02\bin\npjpi150_02.dll

O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_02\bin\npjpi150_02.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O12 - Plugin for .spop: C:\Program\Internet Explorer\Plugins\NPDocBox.dll

O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F99} (CR64Loader Object) - http://www.miniclip.com/bestfriends/miniclipGameLoader.dll

O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by20fd.bay20.hotmail.msn.com/resources/MsnPUpld.cab

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab

O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.0 Control) - https://ssl.extrafilm.org/upload/activex/ImageUploader3.cab

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab

O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab

O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab

O20 - Winlogon Notify: !SASWinLogon - C:\Program\SUPERAntiSpyware\SASWINLO.dll

O21 - SSODL: carbinyl - {8d8c2387-7f80-4022-9be6-43630a969558} - (no file)

O22 - SharedTaskScheduler: carbinyl - {8d8c2387-7f80-4022-9be6-43630a969558} - (no file)

O23 - Service: .NET Runtime Optimization Service v2.0.50727_X86 clr_optimization_v2.0.50727_32TrkWks (clr_optimization_v2.0.50727_32TrkWks) - Unknown owner - C:\WINDOWS\system32\~.exe

O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe

O23 - Service: Norman eLogger service 6 (eLoggerSvc6) - Norman ASA - C:\Program\Norman\Npm\Bin\eLogsvc.exe

O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program\iPod\bin\iPodService.exe

O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe

O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program\Delade filer\Sony Shared\AVLib\MSCSPTISRV.exe

O23 - Service: Norman NJeeves - Unknown owner - C:\Program\Norman\Npm\bin\NJEEVES.EXE

O23 - Service: Norman ZANDA - Norman ASA - C:\Program\Norman\Npm\Bin\Zanda.exe

O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\Program\Norman\Nvc\bin\nvcoas.exe

O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman ASA - C:\Program\Norman\Nvc\BIN\NVCSCHED.EXE

O23 - Service: PACSPTISVR - Sony Corporation - C:\Program\Delade filer\Sony Shared\AVLib\PACSPTISVR.exe

O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\System32\ScsiAccess.EXE

O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe

O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program\Delade filer\Sony Shared\AVLib\SPTISRV.exe

O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program\Delade filer\Sony Shared\AVLib\SSScsiSV.exe

 

--

End of file - 10829 bytes

[/log]

 

Link to comment
Share on other sites

Här kommer även loggen till Smitfraud

[log]SmitFraudFix v2.242

 

Scan done at 18:37:54,28, 2007-10-29

Run from C:\Documents and Settings\HemPC\Skrivbord\SmitfraudFix

OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT

The filesystem type is NTFS

Fix run in normal mode

 

»»»»»»»»»»»»»»»»»»»»»»»» Process

 

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Program\Windows Defender\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe

C:\Program\Norman\Npm\Bin\eLogsvc.exe

C:\Program\Norman\Npm\Bin\Zanda.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\System32\CTsvcCDA.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\drivers\KodakCCS.exe

C:\Program\Delade filer\Microsoft Shared\VS7Debug\mdm.exe

C:\WINDOWS\System32\ScsiAccess.EXE

C:\WINDOWS\system32\slserv.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\MsPMSPSv.exe

C:\Program\Norman\Npm\bin\NJEEVES.EXE

C:\Program\Norman\Nvc\BIN\NVCSCHED.EXE

C:\Program\Norman\Nvc\bin\nvcoas.exe

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\system32\vvgeowbv.exe

C:\WINDOWS\Explorer.EXE

C:\Program\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe

C:\Program\Sony\SONICS~1\SsAAD.exe

C:\WINDOWS\svzip.exe

C:\WINDOWS\sv.exe

C:\Program\Norman\Npm\bin\ZLH.EXE

C:\Program\Norman\Nvc\BIN\NIP.EXE

C:\Program\Windows Defender\MSASCui.exe

C:\Program\Delade filer\Sony Shared\AVLib\SSScsiSV.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program\SUPERAntiSpyware\SUPERAntiSpyware.exe

C:\Program\Norman\Nvc\bin\cclaw.exe

C:\Program\Internet Explorer\iexplore.exe

C:\Program\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe

C:\Program\Delade filer\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program\DELADE~1\PCSuite\Services\SERVIC~1.EXE

C:\Program\Trend Micro\HijackThis\HijackThis.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\WINDOWS\system32\cmd.exe

C:\WINDOWS\System32\wbem\wmiprvse.exe

 

»»»»»»»»»»»»»»»»»»»»»»»» hosts

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

 

C:\WINDOWS\system32\ace16win.dll FOUND !

C:\WINDOWS\system32\msole32.exe FOUND !

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\HemPC

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\HemPC\Application Data

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Start Menu

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\HemPC\FAVORI~1

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Desktop

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\Program

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]

"Source"="About:Home"

"SubscribedURL"="About:Home"

"FriendlyName"="Min aktuella startsida"

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler

!!!Attention, following keys are not inevitably infected!!!

 

SrchSTS.exe by S!Ri

Search SharedTaskScheduler's .dll

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]

"{8d8c2387-7f80-4022-9be6-43630a969558}"="carbinyl"

 

 

 

»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs

!!!Attention, following keys are not inevitably infected!!!

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"AppInit_DLLs"=""

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System

!!!Attention, following keys are not inevitably infected!!!

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]

"System"=""

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Rustock

 

 

 

»»»»»»»»»»»»»»»»»»»»»»»» DNS

 

Description: Realtek RTL8139 Family PCI Fast Ethernet NIC - Miniport för paketschemaläggning

DNS Server Search Order: 192.168.1.1

 

HKLM\SYSTEM\CCS\Services\Tcpip\..\{EDD1DC13-E0AF-46EA-BC2D-C4CC69FBF0A4}: DhcpNameServer=192.168.1.1

HKLM\SYSTEM\CS1\Services\Tcpip\..\{EDD1DC13-E0AF-46EA-BC2D-C4CC69FBF0A4}: DhcpNameServer=192.168.1.1

HKLM\SYSTEM\CS2\Services\Tcpip\..\{EDD1DC13-E0AF-46EA-BC2D-C4CC69FBF0A4}: DhcpNameServer=192.168.1.1

HKLM\SYSTEM\CS3\Services\Tcpip\..\{EDD1DC13-E0AF-46EA-BC2D-C4CC69FBF0A4}: DhcpNameServer=192.168.1.1

HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1

HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1

HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1

HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection

 

 

»»»»»»»»»»»»»»»»»»»»»»»» End

[/log]

 

Link to comment
Share on other sites

Har du skannat igenom med SUPERAntiSpyware?

 

Starta om datorn i felsäkert läge genom att trycka F8 upprepade gånger under uppstarten och välja Felsäkert i menyn.

 

Dubbelklicka på smitfraudfix.exe för att starta programmet.

Välj alternativ 2 genom att trycka 2 och Enter.

Vänta på att verktyget blir klart och diskrensningen avslutas.

Under tiden så kommer det en fråga om du vill rensa registret (clean the registry) svara ja (Yes) genom att trycka Y och Enter.

 

Om datorn inte startar om av sig själv så gör du det.

Även denna gång ska det vara felsäkert läge.

 

Om du har Internet Explorer version 7:

Kontrollpanelen - Internet-alternativ - Allmänt - Ta bort - Ta bort filer - OK

Om du har Internet Explorer version 6:

Kontrollpanelen - Internet-alternativ - Allmänt - Ta bort filer, kryssa i rutan - OK

 

Kontrollpanelen - Bildskärm - Skrivbord - Anpassa skrivbordet - Webb

Om det finns något med Security info eller liknande så Ta bort det.

OK - Verkställ - OK

 

Starta om datorn i normalt läge.

 

I ditt svar så klistra in den nyss skapade C:\rapport.txt och en ny HijackThis-logg.

 

Link to comment
Share on other sites

Nu skall vi se.

Här kommer rapporten

[log]SmitFraudFix v2.242

 

Scan done at 19:30:54,64, 2007-10-30

Run from C:\Documents and Settings\HemPC\Skrivbord\SmitfraudFix

OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT

The filesystem type is NTFS

Fix run in safe mode

 

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix

!!!Attention, following keys are not inevitably infected!!!

 

SrchSTS.exe by S!Ri

Search SharedTaskScheduler's .dll

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]

"{8d8c2387-7f80-4022-9be6-43630a969558}"="carbinyl"

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Killing process

 

 

»»»»»»»»»»»»»»»»»»»»»»»» hosts

 

 

127.0.0.1 localhost

 

»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix

 

S!Ri's WS2Fix: LSP not Found.

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

 

GenericRenosFix by S!Ri

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

 

C:\WINDOWS\system32\ace16win.dll Deleted

 

»»»»»»»»»»»»»»»»»»»»»»»» DNS

 

HKLM\SYSTEM\CCS\Services\Tcpip\..\{EDD1DC13-E0AF-46EA-BC2D-C4CC69FBF0A4}: DhcpNameServer=192.168.1.1

HKLM\SYSTEM\CS1\Services\Tcpip\..\{EDD1DC13-E0AF-46EA-BC2D-C4CC69FBF0A4}: DhcpNameServer=192.168.1.1

HKLM\SYSTEM\CS2\Services\Tcpip\..\{EDD1DC13-E0AF-46EA-BC2D-C4CC69FBF0A4}: DhcpNameServer=192.168.1.1

HKLM\SYSTEM\CS3\Services\Tcpip\..\{EDD1DC13-E0AF-46EA-BC2D-C4CC69FBF0A4}: DhcpNameServer=192.168.1.1

HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1

HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1

HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1

HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System

!!!Attention, following keys are not inevitably infected!!!

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]

"System"=""

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

 

Registry Cleaning done.

 

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix

!!!Attention, following keys are not inevitably infected!!!

 

SrchSTS.exe by S!Ri

Search SharedTaskScheduler's .dll

 

 

»»»»»»»»»»»»»»»»»»»»»»»» End

 

[/log]

 

och här kommer hijackfilen

[log]Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 19:53:12, on 2007-10-30

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Program\Windows Defender\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe

C:\Program\Norman\Npm\Bin\eLogsvc.exe

C:\Program\Norman\Npm\Bin\Zanda.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\vvgeowbv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\System32\CTsvcCDA.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\drivers\KodakCCS.exe

C:\Program\Delade filer\Microsoft Shared\VS7Debug\mdm.exe

C:\WINDOWS\System32\ScsiAccess.EXE

C:\Program\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe

C:\Program\Sony\SONICS~1\SsAAD.exe

C:\WINDOWS\svzip.exe

C:\WINDOWS\sv.exe

C:\Program\Norman\Npm\bin\ZLH.EXE

C:\Program\Windows Defender\MSASCui.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program\SUPERAntiSpyware\SUPERAntiSpyware.exe

C:\Program\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe

C:\Program\Norman\Nvc\BIN\NIP.EXE

C:\Program\DELADE~1\PCSuite\Services\SERVIC~1.EXE

C:\WINDOWS\system32\slserv.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\MsPMSPSv.exe

C:\Program\Norman\Nvc\BIN\NVCSCHED.EXE

C:\Program\Norman\Npm\bin\NJEEVES.EXE

C:\Program\Norman\Nvc\bin\nvcoas.exe

C:\Program\Delade filer\Sony Shared\AVLib\SSScsiSV.exe

C:\WINDOWS\System32\alg.exe

C:\Program\Norman\Nvc\bin\cclaw.exe

C:\Program\Internet Explorer\iexplore.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program\Internet Explorer\iexplore.exe

C:\Program\Delade filer\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe

C:\Program\Trend Micro\HijackThis\HijackThis.exe

C:\WINDOWS\System32\wbem\wmiprvse.exe

 

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar

F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\vvgeowbv.exe,C:\WINDOWS\system32\userinit.exe

O2 - BHO: (no name) - {00000000-d9e3-4bc6-a0bd-3d0ca4be5271} - (no file)

O2 - BHO: (no name) - {00000012-890e-4aac-afd9-eff6954a34dd} - (no file)

O2 - BHO: (no name) - {029e02f0-a0e5-4b19-b958-7bf2db29fb13} - (no file)

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {06dfedaa-6196-11d5-bfc8-00508b4a487d} - (no file)

O2 - BHO: (no name) - {12F02779-6D88-4958-8AD3-83C12D86ADC7} - (no file)

O2 - BHO: (no name) - {1adbcce8-cf84-441e-9b38-afc7a19c06a4} - (no file)

O2 - BHO: (no name) - {2d7cb618-cc1c-4126-a7e3-f5b12d3bcf71} - (no file)

O2 - BHO: (no name) - {51641ef3-8a7a-4d84-8659-b0911e947cc8} - (no file)

O2 - BHO: (no name) - {53C330D6-A4AB-419B-B45D-FD4411C1FEF4} - (no file)

O2 - BHO: (no name) - {54645654-2225-4455-44A1-9F4543D34546} - (no file)

O2 - BHO: (no name) - {669695bc-a811-4a9d-8cdf-ba8c795f261e} - (no file)

O2 - BHO: (no name) - {6abc861a-31e7-4d91-b43b-d3c98f22a5c0} - (no file)

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program\Delade filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll

O2 - BHO: (no name) - {944864a5-3916-46e2-96a9-a2e84f3f1208} - (no file)

O2 - BHO: (no name) - {a4a435cf-3583-11d4-91bd-0048546a1450} - (no file)

O2 - BHO: (no name) - {A6E432B4-D4C2-43B3-BF55-C364F8F7362A} - (no file)

O2 - BHO: (no name) - {b8875bfe-b021-11d4-bfa8-00508b8e9bd3} - (no file)

O2 - BHO: (no name) - {bb936323-19fa-4521-ba29-eca6a121bc78} - (no file)

O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program\MSN Apps\MSN Toolbar\01.02.4000.1001\sv\msntb.dll

O2 - BHO: (no name) - {c2680e10-1655-4a0e-87f8-4259325a84b7} - (no file)

O2 - BHO: (no name) - {c4ca6559-2cf1-48b6-96b2-8340a06fd129} - (no file)

O2 - BHO: (no name) - {c5af2622-8c75-4dfb-9693-23ab7686a456} - (no file)

O2 - BHO: (no name) - {ca1d1b05-9c66-11d5-a009-000103c1e50b} - (no file)

O2 - BHO: (no name) - {d8efadf1-9009-11d6-8c73-608c5dc19089} - (no file)

O2 - BHO: (no name) - {e9147a0a-a866-4214-b47c-da821891240f} - (no file)

O2 - BHO: (no name) - {e9306072-417e-43e3-81d5-369490beef7c} - (no file)

O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program\MSN Apps\MSN Toolbar\01.02.4000.1001\sv\msntb.dll

O4 - HKLM\..\Run: [CTStartup] "C:\Program\Creative\Splash Screen\CTEaxSpl.EXE" /run

O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"

O4 - HKLM\..\Run: [ssAAD.exe] C:\Program\Sony\SONICS~1\SsAAD.exe

O4 - HKLM\..\Run: [netzip] C:\WINDOWS\svzip.exe

O4 - HKLM\..\Run: [netsv32] C:\WINDOWS\sv.exe

O4 - HKLM\..\Run: [net64] C:\WINDOWS\svhoster.exe

O4 - HKLM\..\Run: [startdrv] C:\WINDOWS\Temp\startdrv.exe

O4 - HKLM\..\Run: [Norman ZANDA] C:\Program\Norman\Npm\bin\ZLH.EXE /LOAD /SPLASH

O4 - HKLM\..\Run: [Windows Defender] "C:\Program\Windows Defender\MSASCui.exe" -hide

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program\SUPERAntiSpyware\SUPERAntiSpyware.exe

O4 - HKCU\..\RunOnce: [CTStartup] "C:\Program\Creative\Splash Screen\CTEaxSpl.EXE" /play

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKAL TJÄNST')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: KODAK Software Updater.lnk = C:\Program\Kodak\KODAK Software Updater\7288971\6.1.4.37-7288971L\Program\runner.exe

O4 - Global Startup: Service Manager.lnk = C:\Program\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe

O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_02\bin\npjpi150_02.dll

O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_02\bin\npjpi150_02.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O12 - Plugin for .spop: C:\Program\Internet Explorer\Plugins\NPDocBox.dll

O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F99} (CR64Loader Object) - http://www.miniclip.com/bestfriends/miniclipGameLoader.dll

O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by20fd.bay20.hotmail.msn.com/resources/MsnPUpld.cab

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab

O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.0 Control) - https://ssl.extrafilm.org/upload/activex/ImageUploader3.cab

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab

O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab

O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab

O20 - Winlogon Notify: !SASWinLogon - C:\Program\SUPERAntiSpyware\SASWINLO.dll

O23 - Service: .NET Runtime Optimization Service v2.0.50727_X86 clr_optimization_v2.0.50727_32TrkWks (clr_optimization_v2.0.50727_32TrkWks) - Unknown owner - C:\WINDOWS\system32\~.exe

O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe

O23 - Service: Norman eLogger service 6 (eLoggerSvc6) - Norman ASA - C:\Program\Norman\Npm\Bin\eLogsvc.exe

O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program\iPod\bin\iPodService.exe

O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe

O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program\Delade filer\Sony Shared\AVLib\MSCSPTISRV.exe

O23 - Service: Norman NJeeves - Unknown owner - C:\Program\Norman\Npm\bin\NJEEVES.EXE

O23 - Service: Norman ZANDA - Norman ASA - C:\Program\Norman\Npm\Bin\Zanda.exe

O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\Program\Norman\Nvc\bin\nvcoas.exe

O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman ASA - C:\Program\Norman\Nvc\BIN\NVCSCHED.EXE

O23 - Service: PACSPTISVR - Sony Corporation - C:\Program\Delade filer\Sony Shared\AVLib\PACSPTISVR.exe

O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\System32\ScsiAccess.EXE

O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe

O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program\Delade filer\Sony Shared\AVLib\SPTISRV.exe

O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program\Delade filer\Sony Shared\AVLib\SSScsiSV.exe

 

--

End of file - 10639 bytes

[/log]

 

Link to comment
Share on other sites

Har du skannat igenom datorn med SUPERAntiSpyware?

 

Gå till http://www.virustotal.com/ klistra in ett av följande filnamn i rutan, tryck på Skicka Fil och vänta tills resultatet är klart (Närvarande status blir genomförd). Klistra in resultatet från de olika antivirusprogrammen samt File size här. Upprepa med nästa filnamn.

C:\WINDOWS\system32\vvgeowbv.exe

C:\WINDOWS\svzip.exe

C:\WINDOWS\sv.exe

C:\WINDOWS\svhoster.exe

C:\WINDOWS\Temp\startdrv.exe

 

 

Link to comment
Share on other sites

Svar: Jag har använt SUPERantispyware.

 

Här kommer filerna

vvgeowbv.exe

[log]

Antivirus Version Senaste Uppdatering Resultat

AhnLab-V3 2007.11.2.0 2007.11.01 -

AntiVir 7.6.0.30 2007.11.01 TR/Crypt.FKM.Gen

Authentium 4.93.8 2007.10.31 -

Avast 4.7.1074.0 2007.10.31 -

AVG 7.5.0.503 2007.11.01 Generic8.UNB

BitDefender 7.2 2007.11.01 Adware.Renos.XB

CAT-QuickHeal 9.00 2007.11.01 Hoax.Renos.kj (Not a Virus)

ClamAV 0.91.2 2007.11.01 -

DrWeb 4.44.0.09170 2007.11.01 -

eSafe 7.0.15.0 2007.10.28 suspicious Trojan/Worm

eTrust-Vet 31.2.5259 2007.11.01 -

Ewido 4.0 2007.11.01 -

FileAdvisor 1 2007.11.01 -

Fortinet 3.11.0.0 2007.10.19 -

F-Prot 4.3.2.48 2007.10.31 -

F-Secure 6.70.13030.0 2007.11.01 not-virus:Hoax.Win32.Renos.kj

Ikarus T3.1.1.12 2007.11.01 not-a-virus:Hoax.Win32.Renos.kj

Kaspersky 7.0.0.125 2007.11.01 not-virus:Hoax.Win32.Renos.kj

McAfee 5153 2007.10.31 -

Microsoft 1.2908 2007.11.01 -

NOD32v2 2632 2007.11.01 -

Norman 5.80.02 2007.11.01 -

Panda 9.0.0.4 2007.11.01 Adware/SpywareDetect

Rising 20.16.31.00 2007.11.01 -

Sophos 4.23.0 2007.11.01 -

Sunbelt 2.2.907.0 2007.10.31 -

Symantec 10 2007.11.01 -

TheHacker 6.2.9.110 2007.10.27 -

VBA32 3.12.2.4 2007.10.31 -

VirusBuster 4.3.26:9 2007.11.01 -

Webwasher-Gateway 6.0.1 2007.11.01 Trojan.Crypt.FKM.Gen

Övrig information

File size: 123911 bytes

MD5: 505858f386ed2638821f6dc9ab2480a5

SHA1: 7a97bb64b9709589dad0f14fa8b952b4af7ca28e

packers: UPX

packers: UPX

packers: PE_Patch.UPX, UPX

[/log]

 

svzip.exe

[log]

Antivirus Version Senaste Uppdatering Resultat

AhnLab-V3 2007.11.2.0 2007.11.01 -

AntiVir 7.6.0.30 2007.11.01 -

Authentium 4.93.8 2007.10.31 -

Avast 4.7.1074.0 2007.10.31 Win32:Delf-FXZ

AVG 7.5.0.503 2007.11.01 SHeur.NIQ

BitDefender 7.2 2007.11.01 -

CAT-QuickHeal 9.00 2007.11.01 -

ClamAV 0.91.2 2007.11.01 -

DrWeb 4.44.0.09170 2007.11.01 -

eSafe 7.0.15.0 2007.10.28 suspicious Trojan/Worm

eTrust-Vet 31.2.5259 2007.11.01 Win32/Vonkil.B

Ewido 4.0 2007.11.01 -

FileAdvisor 1 2007.11.01 -

Fortinet 3.11.0.0 2007.10.19 -

F-Prot 4.3.2.48 2007.10.31 -

F-Secure 6.70.13030.0 2007.11.01 -

Ikarus T3.1.1.12 2007.11.01 Virus.Win32.Delf.FXZ

Kaspersky 7.0.0.125 2007.11.01 -

McAfee 5154 2007.11.01 -

Microsoft 1.2908 2007.11.01 -

NOD32v2 2632 2007.11.01 -

Norman 5.80.02 2007.11.01 -

Panda 9.0.0.4 2007.11.01 Trj/Clicker.AFU

Rising 20.16.31.00 2007.11.01 -

Sophos 4.23.0 2007.11.01 -

Sunbelt 2.2.907.0 2007.10.31 -

Symantec 10 2007.11.01 -

TheHacker 6.2.9.110 2007.10.27 -

VBA32 3.12.2.4 2007.10.31 -

VirusBuster 4.3.26:9 2007.11.01 -

Webwasher-Gateway 6.0.1 2007.11.01 Win32.ModifiedUPX.gen!90 (suspicious)

Övrig information

File size: 203776 bytes

MD5: fa2cf3de005917f957c78f16ef61f5d8

SHA1: c234d311f57d2c6de7031e6395c81a7a11e2b082

packers: UPX

packers: UPX

packers: UPX

packers: PE_Patch.UPX, UPX

[/log]

 

sv.exe

[log]

Antivirus Version Senaste Uppdatering Resultat

AhnLab-V3 2007.11.2.0 2007.11.01 -

AntiVir 7.6.0.30 2007.11.01 -

Authentium 4.93.8 2007.10.31 -

Avast 4.7.1074.0 2007.10.31 -

AVG 7.5.0.503 2007.11.01 SHeur.NBM

BitDefender 7.2 2007.11.01 -

CAT-QuickHeal 9.00 2007.11.01 -

ClamAV 0.91.2 2007.11.01 -

DrWeb 4.44.0.09170 2007.11.01 Trojan.Click.origin

eSafe 7.0.15.0 2007.10.28 suspicious Trojan/Worm

eTrust-Vet 31.2.5259 2007.11.01 Win32/Vonkil.A

Ewido 4.0 2007.11.01 -

FileAdvisor 1 2007.11.01 -

Fortinet 3.11.0.0 2007.10.19 -

F-Prot 4.3.2.48 2007.10.31 -

F-Secure 6.70.13030.0 2007.11.01 -

Ikarus T3.1.1.12 2007.11.01 -

Kaspersky 7.0.0.125 2007.11.01 -

McAfee 5154 2007.11.01 -

Microsoft 1.2908 2007.11.01 -

NOD32v2 2632 2007.11.01 -

Norman 5.80.02 2007.11.01 -

Panda 9.0.0.4 2007.11.01 Trj/Clicker.AFU

Prevx1 V2 2007.11.01 -

Rising 20.16.31.00 2007.11.01 -

Sophos 4.23.0 2007.11.01 -

Sunbelt 2.2.907.0 2007.10.31 -

Symantec 10 2007.11.01 -

TheHacker 6.2.9.110 2007.10.27 Trojan/CEPx

VBA32 3.12.2.4 2007.10.31 -

VirusBuster 4.3.26:9 2007.11.01 -

Webwasher-Gateway 6.0.1 2007.11.01 Win32.ModifiedUPX.gen!90 (suspicious)

Övrig information

File size: 203776 bytes

MD5: 6e4e0d664dd51ff45e249b2fed8f69b7

SHA1: 21510927fea64a63b0bb68a120b289984381a850

packers: UPX

packers: UPX

packers: PE_Patch.UPX, UPX

[/log]

 

De två sista svhoster.exe samt startdrv.exe ville inte? Se nedan

[log]

0 bytes size received / Se ha recibido un archivo vacio

[/log]

[log]

0 bytes size received / Se ha recibido un archivo vacio

[/log]

 

Tack på förhand

 

//göran (som inte fattar någonting om vad som skriv om filerna)

 

Link to comment
Share on other sites

[log]Skanna med HijackThis och bocka för:

 

F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\vvgeowbv.exe,C:\WINDOWS\system3

2\userinit.exe

O2 - BHO: (no name) - {00000000-d9e3-4bc6-a0bd-3d0ca4be5271} - (no file)

O2 - BHO: (no name) - {00000012-890e-4aac-afd9-eff6954a34dd} - (no file)

O2 - BHO: (no name) - {029e02f0-a0e5-4b19-b958-7bf2db29fb13} - (no file)

O2 - BHO: (no name) - {06dfedaa-6196-11d5-bfc8-00508b4a487d} - (no file)

O2 - BHO: (no name) - {12F02779-6D88-4958-8AD3-83C12D86ADC7} - (no file)

O2 - BHO: (no name) - {1adbcce8-cf84-441e-9b38-afc7a19c06a4} - (no file)

O2 - BHO: (no name) - {2d7cb618-cc1c-4126-a7e3-f5b12d3bcf71} - (no file)

O2 - BHO: (no name) - {51641ef3-8a7a-4d84-8659-b0911e947cc8} - (no file)

O2 - BHO: (no name) - {53C330D6-A4AB-419B-B45D-FD4411C1FEF4} - (no file)

O2 - BHO: (no name) - {54645654-2225-4455-44A1-9F4543D34546} - (no file)

O2 - BHO: (no name) - {669695bc-a811-4a9d-8cdf-ba8c795f261e} - (no file)

O2 - BHO: (no name) - {6abc861a-31e7-4d91-b43b-d3c98f22a5c0} - (no file)

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: (no name) - {944864a5-3916-46e2-96a9-a2e84f3f1208} - (no file)

O2 - BHO: (no name) - {a4a435cf-3583-11d4-91bd-0048546a1450} - (no file)

O2 - BHO: (no name) - {A6E432B4-D4C2-43B3-BF55-C364F8F7362A} - (no file)

O2 - BHO: (no name) - {b8875bfe-b021-11d4-bfa8-00508b8e9bd3} - (no file)

O2 - BHO: (no name) - {bb936323-19fa-4521-ba29-eca6a121bc78} - (no file)

O2 - BHO: (no name) - {c2680e10-1655-4a0e-87f8-4259325a84b7} - (no file)

O2 - BHO: (no name) - {c4ca6559-2cf1-48b6-96b2-8340a06fd129} - (no file)

O2 - BHO: (no name) - {c5af2622-8c75-4dfb-9693-23ab7686a456} - (no file)

O2 - BHO: (no name) - {ca1d1b05-9c66-11d5-a009-000103c1e50b} - (no file)

O2 - BHO: (no name) - {d8efadf1-9009-11d6-8c73-608c5dc19089} - (no file)

O2 - BHO: (no name) - {e9147a0a-a866-4214-b47c-da821891240f} - (no file)

O2 - BHO: (no name) - {e9306072-417e-43e3-81d5-369490beef7c} - (no file)

O4 - HKLM\..\Run: [netzip] C:\WINDOWS\svzip.exe

O4 - HKLM\..\Run: [netsv32] C:\WINDOWS\sv.exe

O4 - HKLM\..\Run: [net64] C:\WINDOWS\svhoster.exe

O4 - HKLM\..\Run: [startdrv] C:\WINDOWS\Temp\startdrv.exe

O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F99} (CR64Loader Object) - http://www.miniclip.com/bestfriends/miniclipGameLoader.dll

 

Avsluta alla andra program.

Tryck Fix checked.

 

Starta om datorn i felsäkert läge (tryck F8 upprepade gånger under uppstarten och välj felsäkert läge i menyn).

 

Ställ in Utforskaren så att du kan se alla filer:

Verktyg - (Mapp)alternativ eller liknande - Visning

Välj Visa dolda filer och mappar

Avbocka Dölj filnamnstillägg för kända filtyper

Avbocka Dölj skyddade operativsystemfiler

 

Ta bort filerna (om de finns kvar):

C:\WINDOWS\system32\vvgeowbv.exe

C:\WINDOWS\svzip.exe

C:\WINDOWS\sv.exe

C:\WINDOWS\svhoster.exe

C:\WINDOWS\Temp\startdrv.exe

 

Starta om i normalt läge och så en ny HijackThis-logg.[/log]

 

Link to comment
Share on other sites

 

Här kommer loggen

[log]

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 20:09:38, on 2007-11-01

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Program\Windows Defender\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe

C:\Program\Norman\Npm\Bin\eLogsvc.exe

C:\Program\Norman\Npm\Bin\Zanda.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Program\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe

C:\Program\Sony\SONICS~1\SsAAD.exe

C:\Program\Norman\Npm\bin\ZLH.EXE

C:\Program\Windows Defender\MSASCui.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program\SUPERAntiSpyware\SUPERAntiSpyware.exe

C:\Program\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe

C:\Program\Norman\Nvc\BIN\NIP.EXE

C:\Program\DELADE~1\PCSuite\Services\SERVIC~1.EXE

C:\WINDOWS\System32\CTsvcCDA.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\drivers\KodakCCS.exe

C:\Program\Delade filer\Microsoft Shared\VS7Debug\mdm.exe

C:\WINDOWS\System32\ScsiAccess.EXE

C:\WINDOWS\system32\slserv.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\MsPMSPSv.exe

C:\Program\Norman\Npm\bin\NJEEVES.EXE

C:\Program\Norman\Nvc\BIN\NVCSCHED.EXE

C:\Program\Norman\Nvc\bin\nvcoas.exe

C:\Program\Delade filer\Sony Shared\AVLib\SSScsiSV.exe

C:\WINDOWS\System32\alg.exe

C:\Program\Norman\Nvc\bin\cclaw.exe

C:\WINDOWS\System32\wbem\wmiprvse.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program\Trend Micro\HijackThis\HijackThis.exe

C:\WINDOWS\system32\wuauclt.exe

 

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program\Delade filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll

O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program\MSN Apps\MSN Toolbar\01.02.4000.1001\sv\msntb.dll

O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program\MSN Apps\MSN Toolbar\01.02.4000.1001\sv\msntb.dll

O4 - HKLM\..\Run: [CTStartup] "C:\Program\Creative\Splash Screen\CTEaxSpl.EXE" /run

O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"

O4 - HKLM\..\Run: [ssAAD.exe] C:\Program\Sony\SONICS~1\SsAAD.exe

O4 - HKLM\..\Run: [startdrv] C:\WINDOWS\Temp\startdrv.exe

O4 - HKLM\..\Run: [Norman ZANDA] C:\Program\Norman\Npm\bin\ZLH.EXE /LOAD /SPLASH

O4 - HKLM\..\Run: [Windows Defender] "C:\Program\Windows Defender\MSASCui.exe" -hide

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program\SUPERAntiSpyware\SUPERAntiSpyware.exe

O4 - HKCU\..\RunOnce: [CTStartup] "C:\Program\Creative\Splash Screen\CTEaxSpl.EXE" /play

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKAL TJÄNST')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: KODAK Software Updater.lnk = C:\Program\Kodak\KODAK Software Updater\7288971\6.1.4.37-7288971L\Program\runner.exe

O4 - Global Startup: Service Manager.lnk = C:\Program\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe

O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_02\bin\npjpi150_02.dll

O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_02\bin\npjpi150_02.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O12 - Plugin for .spop: C:\Program\Internet Explorer\Plugins\NPDocBox.dll

O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by20fd.bay20.hotmail.msn.com/resources/MsnPUpld.cab

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab

O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.0 Control) - https://ssl.extrafilm.org/upload/activex/ImageUploader3.cab

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab

O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab

O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab

O20 - Winlogon Notify: !SASWinLogon - C:\Program\SUPERAntiSpyware\SASWINLO.dll

O23 - Service: .NET Runtime Optimization Service v2.0.50727_X86 clr_optimization_v2.0.50727_32TrkWks (clr_optimization_v2.0.50727_32TrkWks) - Unknown owner - C:\WINDOWS\system32\~.exe

O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe

O23 - Service: Norman eLogger service 6 (eLoggerSvc6) - Norman ASA - C:\Program\Norman\Npm\Bin\eLogsvc.exe

O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program\iPod\bin\iPodService.exe

O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe

O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program\Delade filer\Sony Shared\AVLib\MSCSPTISRV.exe

O23 - Service: Norman NJeeves - Unknown owner - C:\Program\Norman\Npm\bin\NJEEVES.EXE

O23 - Service: Norman ZANDA - Norman ASA - C:\Program\Norman\Npm\Bin\Zanda.exe

O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\Program\Norman\Nvc\bin\nvcoas.exe

O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman ASA - C:\Program\Norman\Nvc\BIN\NVCSCHED.EXE

O23 - Service: PACSPTISVR - Sony Corporation - C:\Program\Delade filer\Sony Shared\AVLib\PACSPTISVR.exe

O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\System32\ScsiAccess.EXE

O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe

O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program\Delade filer\Sony Shared\AVLib\SPTISRV.exe

O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program\Delade filer\Sony Shared\AVLib\SSScsiSV.exe

 

--

End of file - 8123 bytes

[/log]

 

Link to comment
Share on other sites

Det mesta försvann i alla fall.

 

Ladda ner ComboFix:

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

 

Kör den och följ anvisningarna som visas.

 

VIKTIGT! Klicka inte på Combofix-fönstret med musen när den körs annars kan den hänga upp sig.

 

När den är färdig så ska en logg komma upp, klistra in den här, samt en ny HijackThis-logg.

 

Link to comment
Share on other sites

Ja, jösses! Här är combofilen

[log]

ComboFix 07-11-01.1 - HemPC 2007-11-02 18:41:04.1 - NTFSx86

Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1053.18.53 [GMT 1:00]

Running from: C:\Documents and Settings\HemPC\Lokala inställningar\Temporary Internet Files\Content.IE5\2H8BOJ8X\ComboFix[1].exe

* Created a new restore point

.

 

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\Documents and Settings\All Users\Application Data\WinAntiVirus Pro 2006

C:\Documents and Settings\HemPC\err.log

C:\Documents and Settings\HemPC\Skrivbord\internet.lnk

C:\Documents and Settings\Rebecka\Application Data\SeekmoToolbar

C:\Documents and Settings\Rebecka\Application Data\SeekmoToolbar\skbar.log

C:\Documents and Settings\Rebecka\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\dynamic\1383448.sdf

C:\Documents and Settings\Rebecka\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\dynamic\1386485.sdf

C:\Documents and Settings\Rebecka\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\dynamic\2899627.sdf

C:\Documents and Settings\Rebecka\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\dynamic\906268.sdf

C:\Documents and Settings\Rebecka\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\dynamic\ASPL1.dat

C:\Documents and Settings\Rebecka\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\dynamic\domains.txt

C:\Documents and Settings\Rebecka\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\dynamic\hstat\3530.dat

C:\Documents and Settings\Rebecka\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\dynamic\TooltipXML\11213

C:\Documents and Settings\Rebecka\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\dynamic\TooltipXML\1411

C:\Documents and Settings\Rebecka\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\dynamic\TooltipXML\19052

C:\Documents and Settings\Rebecka\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\dynamic\TooltipXML\20517

C:\Documents and Settings\Rebecka\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\dynamic\TooltipXML\25708

C:\Documents and Settings\Rebecka\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\dynamic\TooltipXML\27503

C:\Documents and Settings\Rebecka\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\dynamic\TooltipXML\34150

C:\Documents and Settings\Rebecka\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\dynamic\TooltipXML\34174

C:\Documents and Settings\Rebecka\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\dynamic\TooltipXML\4166

C:\Documents and Settings\Rebecka\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\dynamic\TooltipXML\531510

C:\Documents and Settings\Rebecka\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\dynamic\TooltipXML\578081

C:\Documents and Settings\Rebecka\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\dynamic\TooltipXML\578140

C:\Documents and Settings\Rebecka\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\dynamic\TooltipXML\6292

C:\Documents and Settings\Rebecka\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\dynamic\TooltipXML\69626

C:\Documents and Settings\Rebecka\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\dynamic\TooltipXML\79977

C:\Documents and Settings\Rebecka\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\dynamic\TooltipXML\80670

C:\Documents and Settings\Rebecka\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\dynamic\TooltipXML\85062

C:\Documents and Settings\Rebecka\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\dynamic\TooltipXML\90358

C:\Documents and Settings\Rebecka\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\dynamic\ustat\3530.dat

C:\Documents and Settings\Rebecka\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\static\2\btntrans.idx

C:\Documents and Settings\Rebecka\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\static\2\btntrans1.dat

C:\Documents and Settings\Rebecka\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\static\2\buttondir.txt

C:\Documents and Settings\Rebecka\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\static\2\components.cdf

C:\Documents and Settings\Rebecka\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\static\2\d_icons_buttons_1000.res

C:\Documents and Settings\Rebecka\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\static\2\d_icons_buttons_2000.res

C:\Documents and Settings\Rebecka\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\static\2\d_icons_buttons_3000.res

C:\Documents and Settings\Rebecka\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\static\2\d_icons_buttons_bar.res

C:\Documents and Settings\Rebecka\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\static\2\d_icons_buttons_bbar1.res

C:\Documents and Settings\Rebecka\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\static\2\d_icons_buttons_logos.res

C:\Documents and Settings\Rebecka\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\static\2\d_icons_buttons_other.res

C:\Documents and Settings\Rebecka\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\static\2\d_icons_weather.res

C:\Documents and Settings\Rebecka\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\static\2\default.cdf

C:\Documents and Settings\Rebecka\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\static\2\Default_511745-514279.mnu

C:\Documents and Settings\Rebecka\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\static\2\Default_bidzC_ZT_IE-ca.mnu

C:\Documents and Settings\Rebecka\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\static\2\Default_bidzC_ZT_IE-us.mnu

C:\Documents and Settings\Rebecka\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\static\2\Default_categorize.mnu

C:\Documents and Settings\Rebecka\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\static\2\Default_comparison.mnu

C:\Documents and Settings\Rebecka\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\static\2\Default_explorer-Mails.mnu

C:\Documents and Settings\Rebecka\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\static\2\Default_explorer-people.mnu

C:\Documents and Settings\Rebecka\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\static\2\Default_favorites.mnu

C:\Documents and Settings\Rebecka\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\static\2\Default_Games.mnu

C:\Documents and Settings\Rebecka\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\static\2\Default_Hide.mnu

C:\Documents and Settings\Rebecka\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\static\2\Default_hotbarcom.mnu

C:\Documents and Settings\Rebecka\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\static\2\Default_Hotmail.mnu

C:\Documents and Settings\Rebecka\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\static\2\Default_hsskin.mnu

C:\Documents and Settings\Rebecka\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\static\2\Default_jemster.mnu

C:\Documents and Settings\Rebecka\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\static\2\Default_jemsterie.mnu

C:\Documents and Settings\Rebecka\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\static\2\Default_jemsteruk.mnu

C:\Documents and Settings\Rebecka\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\static\2\Default_jobsearch.mnu

C:\Documents and Settings\Rebecka\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\static\2\Default_Mails.mnu

C:\Documents and Settings\Rebecka\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\static\2\Default_MobileSidewalk.mnu

C:\Documents and Settings\Rebecka\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\static\2\Default_MobileSW-US.mnu

C:\Documents and Settings\Rebecka\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\static\2\Default_new.mnu

C:\Documents and Settings\Rebecka\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\static\2\Default_premium.mnu

C:\Documents and Settings\Rebecka\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\static\2\Default_reun.mnu

C:\Documents and Settings\Rebecka\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\static\2\Default_ringtones.mnu

C:\Documents and Settings\Rebecka\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\static\2\Default_SearchBoxTrapper.mnu

C:\Documents and Settings\Rebecka\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\static\2\Default_searchfor.mnu

C:\Documents and Settings\Rebecka\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\static\2\Default_searchgo.mnu

C:\Documents and Settings\Rebecka\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\static\2\Default_weather.mnu

C:\Documents and Settings\Rebecka\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\static\2\Default_yellowpages.mnu

C:\Documents and Settings\Rebecka\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\static\2\email-def-511724-548964.mnu

C:\Documents and Settings\Rebecka\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\static\2\email-def-511724-9595.mnu

C:\Documents and Settings\Rebecka\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\static\2\email-t1-bg.res

C:\Documents and Settings\Rebecka\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\static\2\icons2.res

C:\Documents and Settings\Rebecka\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\static\2\keywords.idx

C:\Documents and Settings\Rebecka\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\static\2\keywords1.dat

C:\Documents and Settings\Rebecka\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\static\2\layout.cdf

C:\Documents and Settings\Rebecka\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\static\2\linkpathlegal.txt

C:\Documents and Settings\Rebecka\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\static\2\progress.res

C:\Documents and Settings\Rebecka\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\static\2\s_icons_buttons.res

C:\Documents and Settings\Rebecka\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\static\2\sales_buttons.res

C:\Documents and Settings\Rebecka\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\static\2\seekmo.res

C:\Documents and Settings\Rebecka\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\static\2\t2_bg.res

C:\Documents and Settings\Rebecka\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\static\2\theweb.mnu

C:\Documents and Settings\Rebecka\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\static\2\top7.cdf

C:\Documents and Settings\Rebecka\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\static\2\Top7_theweb.mnu

C:\Documents and Settings\Rebecka\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\static\2\tsd_bg.res

C:\Documents and Settings\Rebecka\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\static\DownLoad\BtnTrans.xip

C:\Documents and Settings\Rebecka\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\static\DownLoad\BtnTrans1.xip

C:\Documents and Settings\Rebecka\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\static\DownLoad\buttondir.xip

C:\Documents and Settings\Rebecka\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\static\DownLoad\d_icons_buttons_1000.xip

C:\Documents and Settings\Rebecka\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\static\DownLoad\d_icons_buttons_2000.xip

C:\Documents and Settings\Rebecka\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\static\DownLoad\d_icons_buttons_3000.xip

C:\Documents and Settings\Rebecka\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\static\DownLoad\d_icons_buttons_bar.xip

C:\Documents and Settings\Rebecka\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\static\DownLoad\d_icons_buttons_bbar1.xip

C:\Documents and Settings\Rebecka\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\static\DownLoad\d_icons_buttons_logos.xip

C:\Documents and Settings\Rebecka\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\static\DownLoad\d_icons_buttons_other.xip

C:\Documents and Settings\Rebecka\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\static\DownLoad\d_icons_weather.xip

C:\Documents and Settings\Rebecka\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\static\DownLoad\default.xip

C:\Documents and Settings\Rebecka\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\static\DownLoad\email-t1-bg.xip

C:\Documents and Settings\Rebecka\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\static\DownLoad\icons2.xip

C:\Documents and Settings\Rebecka\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\static\DownLoad\keywords.xip

C:\Documents and Settings\Rebecka\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\static\DownLoad\keywords1.xip

C:\Documents and Settings\Rebecka\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\static\DownLoad\layout.xip

C:\Documents and Settings\Rebecka\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\static\DownLoad\linkpathlegal.xip

C:\Documents and Settings\Rebecka\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\static\DownLoad\progress.xip

C:\Documents and Settings\Rebecka\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\static\DownLoad\s_icons_buttons.xip

C:\Documents and Settings\Rebecka\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\static\DownLoad\sales_buttons.xip

C:\Documents and Settings\Rebecka\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\static\DownLoad\samplegroups2.txt

C:\Documents and Settings\Rebecka\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\static\DownLoad\samplegroups2.xip

C:\Documents and Settings\Rebecka\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\static\DownLoad\seekmo.xip

C:\Documents and Settings\Rebecka\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\static\DownLoad\t2_bg.xip

C:\Documents and Settings\Rebecka\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\static\DownLoad\top7.xip

C:\Documents and Settings\Rebecka\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\static\DownLoad\tsd_bg.xip

C:\Documents and Settings\Rebecka\Application Data\WinAntiVirus Pro 2006

C:\Documents and Settings\Rebecka\Application Data\WinAntiVirus Pro 2006\Logs\update.log

C:\Documents and Settings\Rebecka\Application Data\WinAntiVirus Pro 2006\Logs\wa6Support.log

C:\Documents and Settings\Rebecka\Application Data\WinAntiVirus Pro 2006\Logs\winav.log

C:\Documents and Settings\Rebecka\err.log

C:\Documents and Settings\Rebecka\Skrivbord\internet.lnk

C:\Program\3

C:\Program\3\Mobilt modem\Default Connections\Dup.wpb

C:\Program\3\Mobilt modem\Default Connections\Gprs.wpb

C:\Program\3\Mobilt modem\Dup.wpb

C:\Program\3\Mobilt modem\Gprs.wpb

C:\Program\3\Mobilt modem\INSTALL.LOG

C:\Program\3\Mobilt modem\install_log.txt

C:\Program\3\Mobilt modem\logfile.txt

C:\Program\3\Mobilt modem\MobiltModem.chm

C:\Program\3\Mobilt modem\Skins\3\3.swf

C:\Program\3\Mobilt modem\Skins\3\default.htm

C:\Program\3\Mobilt modem\Skins\3\preview.bmp

C:\Program\3\Mobilt modem\Skins\3\region.bmp

C:\Program\3\Mobilt modem\Skins\classic\preview.bmp

C:\Program\3\Mobilt modem\Skins\common\wilog.jse

C:\Program\3\Mobilt modem\Skins\common\wilog.vbe

C:\Program\3\Mobilt modem\Wilog.txt

C:\WA6P

C:\WINDOWS\764.exe

C:\WINDOWS\7search.dll

C:\WINDOWS\aconti.exe

C:\WINDOWS\adbar.dll

C:\WINDOWS\cbinst$.exe

C:\WINDOWS\daxtime.dll

C:\WINDOWS\dp0.dll

C:\WINDOWS\eventlowg.dll

C:\WINDOWS\fhfmm-Uninstaller.exe

C:\WINDOWS\fhfmm.exe

C:\WINDOWS\flt.dll

C:\WINDOWS\hcwprn.exe

C:\WINDOWS\hotporn.exe

C:\WINDOWS\ie_32.exe

C:\WINDOWS\iexplorr23.dll

C:\WINDOWS\jd2002.dll

C:\WINDOWS\kkcomp$.exe

C:\WINDOWS\kkcomp.dll

C:\WINDOWS\kkcomp.exe

C:\WINDOWS\kvnab$.exe

C:\WINDOWS\kvnab.dll

C:\WINDOWS\kvnab.exe

C:\WINDOWS\liqad$.exe

C:\WINDOWS\liqad.dll

C:\WINDOWS\liqad.exe

C:\WINDOWS\liqui-Uninstaller.exe

C:\WINDOWS\liqui.dll

C:\WINDOWS\liqui.exe

C:\WINDOWS\ngd.dll

C:\WINDOWS\pbar.dll

C:\WINDOWS\pbsysie.dll

C:\WINDOWS\settn.dll

C:\WINDOWS\spredirect.dll

C:\WINDOWS\sv.exe

C:\WINDOWS\svzip.exe

C:\WINDOWS\system32\~.exe

C:\WINDOWS\system32\1_exception.nls

C:\WINDOWS\system32\drivers\blank.gif

C:\WINDOWS\system32\drivers\box_1.gif

C:\WINDOWS\system32\drivers\box_2.gif

C:\WINDOWS\system32\drivers\box_3.gif

C:\WINDOWS\system32\drivers\button_buynow.gif

C:\WINDOWS\system32\drivers\button_freescan.gif

C:\WINDOWS\system32\drivers\cell_bg.gif

C:\WINDOWS\system32\drivers\cell_footer.gif

C:\WINDOWS\system32\drivers\cell_header_block.gif

C:\WINDOWS\system32\drivers\cell_header_remove.gif

C:\WINDOWS\system32\drivers\cell_header_scan.gif

C:\WINDOWS\system32\drivers\detect.htm

C:\WINDOWS\system32\drivers\download_box.gif

C:\WINDOWS\system32\drivers\download_btn.jpg

C:\WINDOWS\system32\drivers\download_now_btn.gif

C:\WINDOWS\system32\drivers\footer_back.jpg

C:\WINDOWS\system32\drivers\header_1.gif

C:\WINDOWS\system32\drivers\header_2.gif

C:\WINDOWS\system32\drivers\header_3.gif

C:\WINDOWS\system32\drivers\header_4.gif

C:\WINDOWS\system32\drivers\header_red_bg.gif

C:\WINDOWS\system32\drivers\header_red_free_scan.gif

C:\WINDOWS\system32\drivers\header_red_free_scan_bg.gif

C:\WINDOWS\system32\drivers\header_red_protect_your_pc.gif

C:\WINDOWS\system32\drivers\infected.gif

C:\WINDOWS\system32\drivers\main_back.gif

C:\WINDOWS\system32\drivers\perfect_cleaner_box.jpg

C:\WINDOWS\system32\drivers\product_1_header.gif

C:\WINDOWS\system32\drivers\product_1_name_small.gif

C:\WINDOWS\system32\drivers\product_2_header.gif

C:\WINDOWS\system32\drivers\product_2_name_small.gif

C:\WINDOWS\system32\drivers\product_3_header.gif

C:\WINDOWS\system32\drivers\product_3_name_small.gif

C:\WINDOWS\system32\drivers\product_features.gif

C:\WINDOWS\system32\drivers\pt.htm

C:\WINDOWS\system32\drivers\rating.gif

C:\WINDOWS\system32\drivers\s_detect.htm

C:\WINDOWS\system32\drivers\screenshot.jpg

C:\WINDOWS\system32\drivers\sep_hor.gif

C:\WINDOWS\system32\drivers\sep_vert.gif

C:\WINDOWS\system32\drivers\shadow.jpg

C:\WINDOWS\system32\drivers\shadow_bg.gif

C:\WINDOWS\system32\drivers\spacer.gif

C:\WINDOWS\system32\drivers\spy_away_box.jpg

C:\WINDOWS\system32\drivers\star.gif

C:\WINDOWS\system32\drivers\star_gray.gif

C:\WINDOWS\system32\drivers\star_gray_small.gif

C:\WINDOWS\system32\drivers\star_small.gif

C:\WINDOWS\system32\drivers\style.css

C:\WINDOWS\system32\drivers\v.gif

C:\WINDOWS\system32\drivers\warning_icon.gif

C:\WINDOWS\system32\drivers\win_logo.gif

C:\WINDOWS\system32\drivers\x.gif

C:\WINDOWS\system32\stera.log

C:\WINDOWS\system32\wml.exe

C:\WINDOWS\system32\vxddsk.exe

C:\WINDOWS\Temp\1732928709.exe

C:\WINDOWS\Temp\1932691909.exe

C:\WINDOWS\Temp\1953455877.exe

C:\WINDOWS\Temp\2027496437.exe

C:\WINDOWS\wbeCheck.exe

C:\WINDOWS\wbeInst$.exe

C:\WINDOWS\wml.exe

C:\WINDOWS\vxddsk.exe

C:\WINDOWS\xadbrk.dll

C:\WINDOWS\xadbrk.exe

C:\WINDOWS\xadbrk_.exe

C:\WINDOWS\xxxvideo.exe

 

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

 

.

-------\LEGACY_FOPN

-------\LEGACY_RUNTIME

-------\LEGACY_RUNTIME2

-------\runtime

 

 

((((((((((((((((((((((((( Files Created from 2007-10-02 to 2007-11-02 )))))))))))))))))))))))))))))))

.

 

2007-11-02 18:39 51,200 --a------ C:\WINDOWS\NirCmd.exe

2007-11-01 19:25 18,432 --a------ C:\WINDOWS\fkwggshm.exe

2007-10-30 19:31 23,808 --a------ C:\WINDOWS\system32\ace16win.dll

2007-10-29 18:38 2,162 --a------ C:\WINDOWS\system32\tmp.reg

2007-10-29 18:36 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe

2007-10-29 18:36 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe

2007-10-29 18:36 53,248 --a------ C:\WINDOWS\system32\Process.exe

2007-10-29 18:36 51,200 --a------ C:\WINDOWS\system32\dumphive.exe

2007-10-29 18:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe

2007-10-29 18:20 <KAT> d-------- C:\Program\Trend Micro

2007-10-28 12:42 <KAT> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com

2007-10-28 12:41 <KAT> d-------- C:\Program\SUPERAntiSpyware

2007-10-28 12:41 <KAT> d-------- C:\Program\Delade filer\Wise Installation Wizard

2007-10-28 12:41 <KAT> d-------- C:\Documents and Settings\HemPC\Application Data\SUPERAntiSpyware.com

2007-10-28 10:06 <KAT> d-------- C:\Program\Windows Defender

2007-10-27 19:08 29,056 --a--c--- C:\WINDOWS\system32\dllcache\ip6fw.sys

2007-10-27 18:44 <KAT> d-------- C:\WINDOWS\system32\acespy

2007-10-27 18:37 <KAT> d-------- C:\WINDOWS\system32\color

2007-10-27 18:37 <KAT> d-------- C:\Program\Delade filer\Kodak

2007-10-27 18:37 <KAT> d-------- C:\KPCMS

2007-10-27 11:48 4 --a------ C:\WINDOWS\system32\stfv.bin

2007-10-27 11:17 <KAT> d-------- C:\Documents and Settings\HemPC\Application Data\RegClean

2007-10-27 11:14 12 --a------ C:\WINDOWS\system32\dpqaqlqx.bin

2007-10-27 11:13 123,911 --a------ C:\WINDOWS\system32\vvgeowbv.exe

2007-10-26 18:24 19,000 --a------ C:\WINDOWS\system32\drivers\nvcw32mf.sys

2007-10-26 18:20 <KAT> d-------- C:\Program\Norman

2007-10-22 17:48 <KAT> d--hs---- C:\found.000

2007-10-13 19:18 <KAT> d-------- C:\Documents and Settings\HemPC\Application Data\RegistrySmart

2007-10-10 08:14 584,192 -----c--- C:\WINDOWS\system32\dllcache\rpcrt4.dll

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2007-10-30 22:25 --------- d-----w C:\Program\Windows Media Connect 2

2007-10-30 22:25 --------- d-----w C:\Program\Windows Live Toolbar

2007-10-30 22:25 --------- d-----w C:\Program\Shockwave.com

2007-10-30 22:25 --------- d-----w C:\Program\LimeWire

2007-10-30 22:25 --------- d-----w C:\Program\Audioblast

2007-10-27 17:37 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kodak

2007-10-27 12:33 --------- d-----w C:\Program\Kodak

2007-10-24 17:59 58,760 -c--a-w C:\Documents and Settings\Rebecka\Application Data\GDIPFONTCACHEV1.DAT

2007-10-22 17:14 --------- d--h--w C:\Program\InstallShield Installation Information

2007-10-22 17:11 --------- d-----w C:\Program\EA GAMES

2007-10-19 16:22 --------- d-----w C:\Documents and Settings\Rebecka\Application Data\LimeWire

2007-10-08 18:01 --------- d-----w C:\Program\FirstClass

2007-09-28 08:48 --------- d-----w C:\Program\DC++

2007-09-09 14:34 --------- d-----w C:\Program\Winamp

2007-09-04 16:32 --------- d-----w C:\Documents and Settings\HemPC\Application Data\Publish Providers

2007-09-04 16:31 --------- d-----w C:\Documents and Settings\HemPC\Application Data\Sony

2007-09-04 16:24 --------- d-----w C:\Program\Microsoft SQL Server

2007-09-04 16:23 --------- d-----w C:\Documents and Settings\All Users\Application Data\Sony

2007-09-04 16:21 --------- d-----w C:\Program\Vstplugins

2007-09-04 16:20 --------- d-----w C:\Program\Sony

2007-09-04 16:13 --------- d-----w C:\Documents and Settings\HemPC\Application Data\Sony Setup

2007-09-04 16:11 --------- d-----w C:\Program\Sony Setup

2007-01-18 08:28 46,592 -c--a-w C:\Documents and Settings\Rebecka\fopn.sys

2007-01-15 19:08 58,760 -c--a-w C:\Documents and Settings\HemPC\Application Data\GDIPFONTCACHEV1.DAT

2006-03-31 12:14 470 -c-ha-w C:\Documents and Settings\HemPC\hpothb07.dat

2004-11-28 10:37 1,174 -c--a-w C:\Program\INSTALL.LOG

2002-09-11 12:00:00 94,816 -csh--w C:\WINDOWS\twain.dll

2004-08-04 08:33:58 50,688 --sh--w C:\WINDOWS\twain_32.dll

2005-04-22 15:18:14 56 -csh--r C:\WINDOWS\system32\1CAFC5A3C0.sys

2005-04-22 15:18:14 1,682 -csha-w C:\WINDOWS\system32\KGyGaAvL.sys

2004-08-04 08:33:46 54,784 --sh--w C:\WINDOWS\system32\msvcirt.dll

2004-08-04 08:33:46 413,696 --sh--w C:\WINDOWS\system32\msvcp60.dll

2004-08-04 08:34:39 11,776 --sh--w C:\WINDOWS\system32\regsvr32.exe

.

 

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTStartup"="C:\Program\Creative\Splash Screen\CTEaxSpl.exe" [2002-09-13 01:04]

"Adobe Photo Downloader"="C:\Program\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 23:46]

"SsAAD.exe"="C:\Program\Sony\SONICS~1\SsAAD.exe" [2005-01-24 19:58]

"Norman ZANDA"="C:\Program\Norman\Npm\bin\ZLH.exe" [2007-08-09 13:41]

"Windows Defender"="C:\Program\Windows Defender\MSASCui.exe" [2006-11-03 19:20]

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 09:34]

"SUPERAntiSpyware"="C:\Program\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 14:06]

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runonce]

"CTStartup"="C:\Program\Creative\Splash Screen\CTEaxSpl.EXE" /play

 

C:\Documents and Settings\All Users\Start-meny\Program\AutostartKODAK Software Updater.lnk - C:\Program\Kodak\KODAK Software Updater\7288971\6.1.4.37-7288971L\Program\runner.exe [2003-06-08 16:48:18]

Service Manager.lnk - C:\Program\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [2002-12-17 16:23:32]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

@=

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

 

[HKEY_CURRENT_USER\software\microsoft\windows nt\currentversion\winlogon]

"Userinit"="C:\\WINDOWS\\system32\\vvgeowbv.exe,C:\\WINDOWS\\system32\\userinit.exe"

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

C:\Program\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program\SUPERAntiSpyware\SASWINLO.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start-meny^Program^Autostart^Adobe Reader Speed Launch.lnk]

path=C:\Documents and Settings\All Users\Start-meny\Program\Autostart\Adobe Reader Speed Launch.lnk

backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start-meny^Program^Autostart^Corel Family & Friends Reminders.LNK]

path=C:\Documents and Settings\All Users\Start-meny\Program\Autostart\Corel Family & Friends Reminders.LNK

backup=C:\WINDOWS\pss\Corel Family & Friends Reminders.LNKCommon Startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start-meny^Program^Autostart^HP Digital Imaging Monitor.lnk]

path=C:\Documents and Settings\All Users\Start-meny\Program\Autostart\HP Digital Imaging Monitor.lnk

backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start-meny^Program^Autostart^HP Photosmart Premier Snabbstart.lnk]

path=C:\Documents and Settings\All Users\Start-meny\Program\Autostart\HP Photosmart Premier Snabbstart.lnk

backup=C:\WINDOWS\pss\HP Photosmart Premier Snabbstart.lnkCommon Startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start-meny^Program^Autostart^HPAiODevice(hp officejet 5100 series) - 1.lnk]

path=C:\Documents and Settings\All Users\Start-meny\Program\Autostart\HPAiODevice(hp officejet 5100 series) - 1.lnk

backup=C:\WINDOWS\pss\HPAiODevice(hp officejet 5100 series) - 1.lnkCommon Startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start-meny^Program^Autostart^InterVideo WinCinema Manager.lnk]

path=C:\Documents and Settings\All Users\Start-meny\Program\Autostart\InterVideo WinCinema Manager.lnk

backup=C:\WINDOWS\pss\InterVideo WinCinema Manager.lnkCommon Startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start-meny^Program^Autostart^KODAK Software Updater.lnk]

path=C:\Documents and Settings\All Users\Start-meny\Program\Autostart\KODAK Software Updater.lnk

backup=C:\WINDOWS\pss\KODAK Software Updater.lnkCommon Startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start-meny^Program^Autostart^Microsoft Office.lnk]

path=C:\Documents and Settings\All Users\Start-meny\Program\Autostart\Microsoft Office.lnk

backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start-meny^Program^Autostart^NaturalColorLoad.lnk]

path=C:\Documents and Settings\All Users\Start-meny\Program\Autostart\NaturalColorLoad.lnk

backup=C:\WINDOWS\pss\NaturalColorLoad.lnkCommon Startup

 

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]

"C:\Program\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AsioReg]

REGSVR32.EXE /S CTASIO.DLL

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTDVDDet]

C:\Program\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTHelper]

CTHELPER.EXE

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTSysVol]

"C:\Program\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]

C:\Program\Hewlett-Packard\HP Software Update\HPWuSchd2.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

"C:\Program\iTunes\iTunesHelper.exe"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]

C:\WINDOWS\System32\NeroCheck.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]

C:\Program\Nokia\NOKIAP~1\LAUNCH~1.EXE -onlytray

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PcSync]

C:\Program\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

"C:\Program\QuickTime\qttask.exe" -atboottime

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteCenter]

C:\Program\Creative\MediaSource\RemoteControl\RcMan.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SBDrvDet]

"C:\Program\Creative\SB Drive Det\SBDrvDet.exe" /r

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Share-to-Web Namespace Daemon]

"C:\Program\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]

"C:\Program\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]

SOUNDMAN.EXE

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SsAAD.exe]

C:\Program\Sony\SONICS~1\SsAAD.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

C:\Program\Java\jre1.5.0_02\bin\jusched.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]

"C:\Program\Delade filer\Real\Update_OB\realsched.exe" -osboot

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]

C:\WINDOWS\UpdReg.EXE

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]

C:\Program\Winamp\winampa.exe

 

R2 Ndiskio;Ndiskio;\??\C:\Program\Norman\Nse\bin\NDISKIO.SYS

R3 ctgame;Game Port;C:\WINDOWS\system32\DRIVERS\ctgame.sys

R3 NvcMFlt;NvcMFlt;C:\WINDOWS\system32\DRIVERS\nvcw32mf.sys

R3 nvcoas;Norman Virus Control on-access component;C:\Program\Norman\Nvc\bin\nvcoas.exe

R3 NVCScheduler;Norman Virus Control Scheduler;C:\Program\Norman\Nvc\BIN\NVCSCHED.EXE

S2 clr_optimization_v2.0.50727_32TrkWks;.NET Runtime Optimization Service v2.0.50727_X86 clr_optimization_v2.0.50727_32TrkWks;C:\WINDOWS\system32\~.exe srv

S3 AN983;ADMtek AN983/AN985/ADM951X 10/100Mbps Fast Ethernet Adapter;C:\WINDOWS\system32\DRIVERS\AN983.sys

S3 ulusba;NEC 616 Command Port Driver;C:\WINDOWS\system32\DRIVERS\ulusba.sys

S3 ulusbc;NEC 616 CONTROL Driver;C:\WINDOWS\system32\DRIVERS\ulusbc.sys

S3 ulusbe;NEC 616 ENUMERATION Driver;C:\WINDOWS\system32\DRIVERS\ulusbe.sys

S3 ulusbm;NEC 616 Modem Driver;C:\WINDOWS\system32\DRIVERS\ulusbm.sys

S3 ulusbo;NEC 616 OBEX Port Driver;C:\WINDOWS\system32\DRIVERS\ulusbo.sys

S3 w300bus;Sony Ericsson W300 Driver driver (WDM);C:\WINDOWS\system32\DRIVERS\w300bus.sys

S3 w300mdfl;Sony Ericsson W300 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\w300mdfl.sys

S3 w300mdm;Sony Ericsson W300 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\w300mdm.sys

S3 w300mgmt;Sony Ericsson W300 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\w300mgmt.sys

S3 w300obex;Sony Ericsson W300 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\w300obex.sys

S3 wanusb;GlobespanVirata USB ADSL WAN Modem;C:\WINDOWS\system32\DRIVERS\gwausb.sys

S3 Winacusb;Winacusb;C:\WINDOWS\system32\DRIVERS\winacusb.sys

 

.

Contents of the 'Scheduled Tasks' folder

"2007-11-02 17:39:00 C:\WINDOWS\Tasks\Kontrollera uppdateringar för Windows Live Toolbar.job"

- C:\Program\Windows Live Toolbar\MSNTBUP.EXE

"2007-11-02 17:53:44 C:\WINDOWS\Tasks\MP Scheduled Scan.job"

- C:\Program\Windows Defender\MpCmdRun.exe

"2007-10-27 17:25:54 C:\WINDOWS\Tasks\RegClean Scheduled Scan.job"

- C:\Program\RegClean\RegClean.exe

"2007-10-13 18:18:36 C:\WINDOWS\Tasks\RegistrySmart Scheduled Scan.job"

- C:\Program\RegistrySmart\RegistrySmart.exe

.

**************************************************************************

 

catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2007-11-02 19:00:17

Windows 5.1.2600 Service Pack 2 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

HKLM\Software\Microsoft\Windows\CurrentVersion\Run

CTStartup = "C:\Program\Creative\Splash Screen\CTEaxSpl.EXE" /run???????Z?6~d???*?6~????????n???????h?@?x?????7~D??????sx??s????????y??w????@@@????|D@@?????>??w?????97?H??????|???|???????|L(?s?97??????/?s????????D???????????????????&????????????+?s@@@?D???`|?w??????@

HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce

CTStartup = "C:\Program\Creative\Splash Screen\CTEaxSpl.EXE" /play??????Z?6~d???*?6~????????n???????h?@?x?????7~D??????sx??s????????y??w????@@@????|D@@?????>??w?????97?H??????|???|???????|L(?s?97??????/?s????????D???????????????????&????????????+?s@@@?D???`|?w??????@

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

.

Completion time: 2007-11-02 19:02:49 - machine was rebooted

.

--- E O F ---

[/log]

 

Här är hijackfilen

 

 

[log]

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 19:08:38, on 2007-11-02

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Program\Windows Defender\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe

C:\Program\Norman\Npm\Bin\eLogsvc.exe

C:\Program\Norman\Npm\Bin\Zanda.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\System32\CTsvcCDA.exe

C:\WINDOWS\system32\drivers\KodakCCS.exe

C:\Program\Delade filer\Microsoft Shared\VS7Debug\mdm.exe

C:\WINDOWS\System32\ScsiAccess.EXE

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\MsPMSPSv.exe

C:\Program\Norman\Nvc\BIN\NVCSCHED.EXE

C:\Program\Norman\Npm\bin\NJEEVES.EXE

C:\Program\Norman\Nvc\bin\nvcoas.exe

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\wuauclt.exe

C:\Program\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe

C:\Program\Sony\SONICS~1\SsAAD.exe

C:\Program\Norman\Npm\bin\ZLH.EXE

C:\Program\Windows Defender\MSASCui.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program\SUPERAntiSpyware\SUPERAntiSpyware.exe

C:\Program\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe

C:\Program\Norman\Nvc\BIN\NIP.EXE

C:\Program\Norman\Nvc\bin\cclaw.exe

C:\Program\Delade filer\Sony Shared\AVLib\SSScsiSV.exe

C:\Program\DELADE~1\PCSuite\Services\SERVIC~1.EXE

C:\Program\internet explorer\iexplore.exe

C:\Program\Delade filer\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\Program\Trend Micro\HijackThis\HijackThis.exe

C:\WINDOWS\System32\wbem\wmiprvse.exe

 

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program\Delade filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll

O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program\MSN Apps\MSN Toolbar\01.02.4000.1001\sv\msntb.dll

O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program\MSN Apps\MSN Toolbar\01.02.4000.1001\sv\msntb.dll

O4 - HKLM\..\Run: [CTStartup] "C:\Program\Creative\Splash Screen\CTEaxSpl.EXE" /run

O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"

O4 - HKLM\..\Run: [ssAAD.exe] C:\Program\Sony\SONICS~1\SsAAD.exe

O4 - HKLM\..\Run: [Norman ZANDA] C:\Program\Norman\Npm\bin\ZLH.EXE /LOAD /SPLASH

O4 - HKLM\..\Run: [Windows Defender] "C:\Program\Windows Defender\MSASCui.exe" -hide

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program\SUPERAntiSpyware\SUPERAntiSpyware.exe

O4 - HKCU\..\RunOnce: [CTStartup] "C:\Program\Creative\Splash Screen\CTEaxSpl.EXE" /play

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKAL TJÄNST')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: KODAK Software Updater.lnk = C:\Program\Kodak\KODAK Software Updater\7288971\6.1.4.37-7288971L\Program\runner.exe

O4 - Global Startup: Service Manager.lnk = C:\Program\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe

O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_02\bin\npjpi150_02.dll

O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_02\bin\npjpi150_02.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O12 - Plugin for .spop: C:\Program\Internet Explorer\Plugins\NPDocBox.dll

O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by20fd.bay20.hotmail.msn.com/resources/MsnPUpld.cab

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab

O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.0 Control) - https://ssl.extrafilm.org/upload/activex/ImageUploader3.cab

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab

O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab

O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab

O20 - Winlogon Notify: !SASWinLogon - C:\Program\SUPERAntiSpyware\SASWINLO.dll

O23 - Service: .NET Runtime Optimization Service v2.0.50727_X86 clr_optimization_v2.0.50727_32TrkWks (clr_optimization_v2.0.50727_32TrkWks) - Unknown owner - C:\WINDOWS\system32\~.exe (file missing)

O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe

O23 - Service: Norman eLogger service 6 (eLoggerSvc6) - Norman ASA - C:\Program\Norman\Npm\Bin\eLogsvc.exe

O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program\iPod\bin\iPodService.exe

O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe

O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program\Delade filer\Sony Shared\AVLib\MSCSPTISRV.exe

O23 - Service: Norman NJeeves - Unknown owner - C:\Program\Norman\Npm\bin\NJEEVES.EXE

O23 - Service: Norman ZANDA - Norman ASA - C:\Program\Norman\Npm\Bin\Zanda.exe

O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\Program\Norman\Nvc\bin\nvcoas.exe

O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman ASA - C:\Program\Norman\Nvc\BIN\NVCSCHED.EXE

O23 - Service: PACSPTISVR - Sony Corporation - C:\Program\Delade filer\Sony Shared\AVLib\PACSPTISVR.exe

O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\System32\ScsiAccess.EXE

O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe

O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program\Delade filer\Sony Shared\AVLib\SPTISRV.exe

O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program\Delade filer\Sony Shared\AVLib\SSScsiSV.exe

 

--

End of file - 8096 bytes

[/log]

 

Link to comment
Share on other sites

Är det här bra filer?

C:\Program\3\Mobilt modem

I så fall bör det väl återställas.

 

Med så mycket otrevligheter och det är fortfarande en del kvar så borde datorn ominstalleras i stället för att rensas. Det är omöjligt att veta vad som har gjorts i datorn, säkerhetsinställningar kan ha ändrats så att datorn blir mer lättinfekterad eller lätt att göra intrång i.

 

Link to comment
Share on other sites

Tack Cecilia!

Ja, mycket skräp finns, svårt ibland att veta vad som är nyttigt/onyttigt.

Men nu verkar det iallafall som aktivitetshanteraren fungerar och jag har lyckas ändra bakgrunden på skrivbordet samt det "ploppar" inte upp några varningar pcsurritylab, så nu verkar det fungera bra.:thumbsup:

 

// Göran

 

PS: hmm... konstigt, jag hittar inte C:\Program\3\Mobilt modem

när jag kollar i utforskaren!

 

Link to comment
Share on other sites

ComboFix to bort mappen C:\Program\3\Mobilt modem. Är det något som borde ha varit kvar? Har du installerat något program för att datorn ska kunna vara uppkopplad via 3G-nätet?

 

Om du inte tänker ominstallera datorn så behöver den ju absolut rensas och kollas upp mer för jag ser otrevliga filer i ComboFix-loggen. En HijackThis-logg från Rebeckas konto behövs till att börja med.

 

Ladda ner SDFix till Skrivbordet:

http://downloads.andymanchesta.com/RemovalTools/SDFix.exe

Dubbelklicka på SDFix.exe och en ny mapp skapas, C:\SDFix.

 

Starta om datorn i felsäkert läge (tryck F8 upprepade gånger under uppstarten och välj felsäkert läge i menyn).

 

Öppna den nya mappen C:\SDFix och dubbelklicka på RunThis.bat för att starta programmet.

Tryck Y för att fortsätta.

Det arbetar ett tag och när det är klart så kommer det upp en fråga om du vill starta om datorn.

Tryck på godtycklig tangent för att omstarten ska påbörjas.

Datorn kommer att ta lång tid på sig under uppstarten eftersom programmet kommer att gå igång och fixa till en massa.

När det är klart visas Finished.

Tryck på valfri tangent för att avsluta programmet.

 

Öppna mappen SDFix och öppna filen Report.txt i Anteckningar.

Klistra in innehållet i filen i ditt svar här.

[inlägget ändrat 2007-11-04 16:07:20 av Cecilia]

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.



×
×
  • Create New...