Jump to content

  • Log in with Facebook Log in with Twitter Logga in via Google      Logga in   
  • Registrera konto


* * * - - 2 röster

virus eller?

Startat av andcar, jan 20 2009 15:36

Den här tråden har arkiverats. Det innebär att du inte längre kan svara på inlägg i tråden. Vänligen starta en ny tråd vid behov.
97 svar i den här tråden

#1 andcar

andcar
  • Medlem
  • PipPip
  • 41 inlägg

Skrivet 20 januari 2009 - 15:36

*********************************************
2009-02-21:
Tråden är låst då problemet är löst.
Tycker du att den är felaktigt låst, var god kontakta
Malou
*********************************************
Största problemet är att google beter sig konstigt. texten har blivit större och jag hamnar på andra sidor ibland typ. poker siter m.m
Dessutom funkar inte systemåterställning
Jag har även problem med att en del sidor är väldigt sega. Jag kan öppna min hotmail. men inte läsa min mess :-/
Hoppas någon kan hjälpa mig

detta vet jag inte om att jag laddat ner...  Service: Google Updater Service (gusvc) - Google - C:\Program\Google\Common\Google Updater\GoogleUpdaterService.exe

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:31:05, on 2009-01-20
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program\Grisoft\AVGFRE~1\avgamsvr.exe
C:\Program\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program\Delade filer\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program\Sygate\SPF\smc.exe
C:\WINDOWS\Explorer.EXE
C:\Program\Grisoft\AVGFRE~1\avgcc.exe
C:\Program\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\Program\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program\Delade filer\Ahead\Lib\NMBgMonitor.exe
C:\Program\MSN Messenger\msnmsgr.exe
C:\Program\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program\Personal\bin\Personal.exe
C:\Program\Delade filer\Ahead\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\System32\svchost.exe
C:\Program\Delade filer\Teleca Shared\Generic.exe
C:\Program\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\Program\Avira\AntiVir Server\avguard.exe
C:\Program\Java\jre6\bin\jusched.exe
C:\Program\Java\jre6\bin\jqs.exe
C:\Program\Lavasoft\Ad-Aware\aawservice.exe
C:\Program\Windows Defender\MsMpEng.exe
C:\Program\Internet Explorer\IEXPLORE.EXE
C:\Program\Internet Explorer\IEXPLORE.EXE
C:\Program\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.aftonbladet.se/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
R3 - URLSearchHook: (no name) - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - (no file)
O2 - BHO: Länkhjälp till Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Delade filer\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program\Delade filer\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - (no file)
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program\google\googletoolbar1.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: (no name) - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program\google\googletoolbar1.dll
O4 - HKLM\..\Run: [AVG7_CC] C:\Program\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SmcService] C:\Program\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Internet Explorer Run-Time] C:\WINDOWS\ie.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Windows Defender] "C:\Program\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program\Delade filer\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Sony Ericsson PC Suite] "C:\Program\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKAL TJÄNST')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\Program\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOKAL TJÄNST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Personal.lnk = C:\Program\Personal\bin\Personal.exe
O9 - Extra button: Referensinformation - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O13 - WWW Prefix:
O15 - Trusted Zone: http://www.adobe.com
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-sec...m/ols/fscax.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.r...ip/RdxIE601.cab
O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} (Image Uploader Control) - http://www.extrafilm...geUploader5.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onec...lscbase6662.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1230987003140
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.co.../sysreqlab2.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx...owserPlugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1230986939281
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.co...iaSmartScan.cab
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.0 Control) - https://ssl.extrafil...geUploader3.cab
O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} (SABScanProcesses Class) - http://www.superadbl...ivex/sabspx.cab
O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - http://drmlicense.on...e/en/crlocx.ocx
O17 - HKLM\System\CCS\Services\Tcpip\..\{F725B5B2-C8C6-4299-9A49-AC36782EA4BD}: NameServer = 208.67.220.220 208.67.222.222
O20 - AppInit_DLLs:  
O20 - Winlogon Notify: !SASWinLogon - C:\Program\SUPERAntiSpyware\SASWINLO.dll
O21 - SSODL: syshelps - {DBE12772-6FAD-4F3E-882C-00DA4DB4D2DD} - (no file)
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Avira AntiVir Server (AntiVirService) - Avira GmbH - C:\Program\Avira\AntiVir Server\avguard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\Program\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\Program\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program\Delade filer\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program\Delade filer\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Sygate Personal Firewall Pro (SmcService) - Sygate Technologies, Inc. - C:\Program\Sygate\SPF\smc.exe

--
End of file - 10043 bytes

Det här inlägget har redigerats av Malou: 21 februari 2009 - 00:18
Tråden är låst då problemet är löst:


ANNONS:
  • Inte din sorts mobil? Jämför priser på fler hos

#2 Malou

Malou
  • Gäster

Skrivet 20 januari 2009 - 15:54

Hej andcar!

Självklart så skall vi hjälpa dig med allt vi kan  ;)

Ser att du har två antivirusprogram installerade (AVG och Antivir). Det är inte bra att ha två antivirusprogram installerade på detta sätt. Avinstallera det du inte använder via kontrollpanelen lägg till/ta bort.

Citat

detta vet jag inte om att jag laddat ner... Service: Google Updater Service (gusvc) - Google - C:\Program\Google\Common\Google Updater\GoogleUpdaterService.exe
Troligen så har du installerat Google verktygsfält vad jag kan förstå. Du kan avinstallera detta via kontrollpanelen lägg till/ta bort.
Google sökmotor/verktyg finns intrigerat med IE7 så detta extra verktyg behöver inte vara installerat.

Är det du som har installerat => Yahoo! Toolbar/SWEETIE Toolbar och sedan försökt att avinstallera det?

Ser att du inte döpt om filen HiJack This.exe som det rekommenderas i instruktionerna.
C:\Program\Trend Micro\HijackThis\HijackThis.exe
Vänligen Läs/Följ information/instruktioner m.m som finns att hitta på nedanstående sida:
=> Trend Micro HiJack This (Nerladdning/Instruktioner):

Då du döpt om filen så gör ingen  ny scanning med verktyget förrän du blir ombedd att göra så.

Gå vidare med nedanstående.

Skriv ut nedanstående eller kopiera det till ett textdokument och spara det till skrivbordet:
Läs/Följ instruktionerna noga:

Hämta hem Malwarebytes Anti-Malware:
http://www.malwarebytes.org/index.php

1: Spara installationsfilen till skrivbordet
2: För att påbörja installationen dubbelklicka på mbam-setup.exe
3: Bocka för nedanstående
Uppdatera Malwarebytes' Anti-Malware
Starta Malwarebytes' Anti-Malware
4: Klicka på Slutför
Om där finns uppdateringar kommer dessa att installeras.

Då ovanstående är gjort gå vidare med nedanstående procedur:

1: När programmet startar så välj Utför snabb scanning
2: Klicka på knappen Scanna
3: Scanningen kommer nu att ta en stund
3: När programmet scannat klart klicka Ok och sedan Visa resultat
4: Bocka för allt och klicka på Remove Selected
5: Då borttagningen är klar kommer en textfil i Anteckningar att öppnas upp med en logg. Kopiera/klistra in den loggan hit till din tråd.
6: Gör en ny TM HJT-logga kopiera in den hit så får vi se hur den ser ut.
7: Berätta/Tala om hur datorn mår och om där kvarstår problem


OBS: Starta ingen ny tråd i ämnet utan fortsätt posta här i din tråd

MVH/Malou

#3 andcar

andcar
  • Medlem
  • PipPip
  • 41 inlägg

Skrivet 20 januari 2009 - 16:34

Hej.
jag har tagit bort det onödiga. laddat ner Malwarebytes Anti-Malware:
men det startar inte.
när jag klickar kommer det upp kör. klickar ja! timglaset kommer igång, men sedan händer inget :-/

#4 Malou

Malou
  • Gäster

Skrivet 20 januari 2009 - 16:40

Hej andcar!

Härligt att du har avinstallerat allt onödigt  ;)

Såg nu i din TM HJT-logga att du har detta program installerat Malwarebytes Anti-Malware som jag postade om
C:\Program\Malwarebytes' Anti-Malware\

Har detta program fungerat tidigare?
Är det betal eller gratisversion du använder?

MVH/Malou

#5 Malou

Malou
  • Gäster

Skrivet 20 januari 2009 - 16:45

Hej igen andcar!

Ett litet tillägg till mitt ovanstående inlägg.

Ser att du har => Windows Defender <= installerad. Gör nedanstående och låt den vara avstängd/avaktiverad under pågående procedurer.
Är också undrande över om det är nödvändigt att ha denna installerad?

Stäng av/Avaktivera Windows Defender (Svensk) under pågående rensningsprocedurer (Mycket viktigt): Då dessa är aktiverade förhindrar de eventuella borttagningar/förändringar som sker i systemet:

Windows Defender (Svensk):

1: Öppna Windows Defender
2: Klicka på "Verktyg"
3: Klicka på "Alternativ" (Kugghjulet) under Inställningar
4: Scrolla ner till "Alternativ för Realtidsskydd"
5: Bocka av (Ta bort bocken) "Avaktivera Realtidsskydd (recommended)"
6: Klicka "Spara"
7: Stäng ner Windows Defender
8: Starta om datorn.

MVH/Malou

#6 andcar

andcar
  • Medlem
  • PipPip
  • 41 inlägg

Skrivet 20 januari 2009 - 16:49

Jag har tagit bort det. Det fungerade inte. så jag laddade ner det på nytt.
men det går inte att få igång det. inget händer :unsure:

#7 Malou

Malou
  • Gäster

Skrivet 20 januari 2009 - 16:53

Hej igen Andcar!

Här kommer lite information ang => C:\WINDOWS\ie.exe "Troj/Proxy-ER" <=som jag ser finns i din TM HJT-logga.
Det här är en trojan som installerar sig själv i registret.
http://www.bleepingc....exe-16091.html

Troligen kan vi behöva använda helt andra verktyg för att komma åt elakingen. För det verkar som att det är denna som ställer till det med bla programmet Malwarebytes Anti-Malware.
Men vi gör ett försök med att få igång Malwarebytes Anti-Malware och håller tummarna.


MVH/Malou

#8 Malou

Malou
  • Gäster

Skrivet 20 januari 2009 - 16:56

View Postandcar, den January 20, 2009, 16:49, skrev:

Jag har tagit bort det. Det fungerade inte. så jag laddade ner det på nytt.
men det går inte att få igång det. inget händer :unsure:
Ok.
Då tar vi till andra metoder  ;)


RSIT (random's system information tool)

Nedanstående verktyg åtgärdar inget gör enbart en genomsökning. Om där hittas något i loggan så får vi åtgärda manuellt.

Hämta hem RSIT från nedanstående länk
http://images.malwar...random/RSIT.exe

1: Spara den till skrivbordet
2: Dubbelklicka på verktyget för att starta RSIT
(För Vista => Högerklicka på verktyget och välj => Kör som Admin)
3: Då den scannat klart produceras en textfil (log.txt) i Anteckningar automatiskt. Om där mot förmodan inte dyker upp en textfil finns den att hitta här => I mappen C:\rsit => log.txt <=
4: Kopiera in den loggan hit till din tråd

MVH/Malou

#9 andcar

andcar
  • Medlem
  • PipPip
  • 41 inlägg

Skrivet 20 januari 2009 - 17:28

Tack för all hjälp jag får! :)

Logfile of random's system information tool 1.05 (written by random/random)
Run by Nubben at 2009-01-20 17:24:16
Microsoft Windows XP Professional Service Pack 3
System drive C: has 4 GB (21%) free of 18 GB
Total RAM: 511 MB (16% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:24:45, on 2009-01-20
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program\Grisoft\AVGFRE~1\avgamsvr.exe
C:\Program\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program\Java\jre6\bin\jqs.exe
C:\Program\Delade filer\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program\Sygate\SPF\smc.exe
C:\WINDOWS\Explorer.EXE
C:\Program\Grisoft\AVGFRE~1\avgcc.exe
C:\Program\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\Program\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program\Delade filer\Ahead\Lib\NMBgMonitor.exe
C:\Program\MSN Messenger\msnmsgr.exe
C:\Program\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe
C:\Program\Personal\bin\Personal.exe
C:\Program\Delade filer\Ahead\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\System32\svchost.exe
C:\Program\Delade filer\Teleca Shared\Generic.exe
C:\Program\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\Program\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Nubben\Skrivbord\RSIT.exe
C:\Program\Trend Micro\HijackThis\Nubben.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.aftonbladet.se/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
R3 - URLSearchHook: (no name) - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - (no file)
O2 - BHO: Länkhjälp till Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Delade filer\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program\Delade filer\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - (no file)
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: (no name) - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - (no file)
O4 - HKLM\..\Run: [AVG7_CC] C:\Program\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SmcService] C:\Program\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Internet Explorer Run-Time] C:\WINDOWS\ie.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Windows Defender] "C:\Program\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program\Delade filer\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Sony Ericsson PC Suite] "C:\Program\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKAL TJÄNST')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\Program\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOKAL TJÄNST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Personal.lnk = C:\Program\Personal\bin\Personal.exe
O9 - Extra button: Referensinformation - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O13 - WWW Prefix:
O15 - Trusted Zone: http://www.adobe.com
O15 - Trusted Zone: http://www.lunarstorm.se
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-sec...m/ols/fscax.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.r...ip/RdxIE601.cab
O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} (Image Uploader Control) - http://www.extrafilm...geUploader5.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onec...lscbase6662.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1230987003140
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.co.../sysreqlab2.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx...owserPlugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1230986939281
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.co...iaSmartScan.cab
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.0 Control) - https://ssl.extrafil...geUploader3.cab
O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} (SABScanProcesses Class) - http://www.superadbl...ivex/sabspx.cab
O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - http://drmlicense.on...e/en/crlocx.ocx
O17 - HKLM\System\CCS\Services\Tcpip\..\{F725B5B2-C8C6-4299-9A49-AC36782EA4BD}: NameServer = 208.67.220.220 208.67.222.222
O20 - AppInit_DLLs:  
O20 - Winlogon Notify: !SASWinLogon - C:\Program\SUPERAntiSpyware\SASWINLO.dll
O21 - SSODL: syshelps - {DBE12772-6FAD-4F3E-882C-00DA4DB4D2DD} - (no file)
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\Program\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\Program\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program\Delade filer\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program\Delade filer\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Sygate Personal Firewall Pro (SmcService) - Sygate Technologies, Inc. - C:\Program\Sygate\SPF\smc.exe

--
End of file - 9433 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\At1.job
C:\WINDOWS\tasks\At10.job
C:\WINDOWS\tasks\At11.job
C:\WINDOWS\tasks\At12.job
C:\WINDOWS\tasks\At13.job
C:\WINDOWS\tasks\At14.job
C:\WINDOWS\tasks\At15.job
C:\WINDOWS\tasks\At16.job
C:\WINDOWS\tasks\At17.job
C:\WINDOWS\tasks\At18.job
C:\WINDOWS\tasks\At19.job
C:\WINDOWS\tasks\At2.job
C:\WINDOWS\tasks\At20.job
C:\WINDOWS\tasks\At21.job
C:\WINDOWS\tasks\At22.job
C:\WINDOWS\tasks\At23.job
C:\WINDOWS\tasks\At24.job
C:\WINDOWS\tasks\At25.job
C:\WINDOWS\tasks\At26.job
C:\WINDOWS\tasks\At27.job
C:\WINDOWS\tasks\At28.job
C:\WINDOWS\tasks\At29.job
C:\WINDOWS\tasks\At3.job
C:\WINDOWS\tasks\At30.job
C:\WINDOWS\tasks\At31.job
C:\WINDOWS\tasks\At32.job
C:\WINDOWS\tasks\At33.job
C:\WINDOWS\tasks\At34.job
C:\WINDOWS\tasks\At35.job
C:\WINDOWS\tasks\At36.job
C:\WINDOWS\tasks\At37.job
C:\WINDOWS\tasks\At38.job
C:\WINDOWS\tasks\At39.job
C:\WINDOWS\tasks\At4.job
C:\WINDOWS\tasks\At40.job
C:\WINDOWS\tasks\At41.job
C:\WINDOWS\tasks\At42.job
C:\WINDOWS\tasks\At43.job
C:\WINDOWS\tasks\At44.job
C:\WINDOWS\tasks\At45.job
C:\WINDOWS\tasks\At46.job
C:\WINDOWS\tasks\At47.job
C:\WINDOWS\tasks\At48.job
C:\WINDOWS\tasks\At49.job
C:\WINDOWS\tasks\At5.job
C:\WINDOWS\tasks\At50.job
C:\WINDOWS\tasks\At51.job
C:\WINDOWS\tasks\At52.job
C:\WINDOWS\tasks\At53.job
C:\WINDOWS\tasks\At54.job
C:\WINDOWS\tasks\At55.job
C:\WINDOWS\tasks\At56.job
C:\WINDOWS\tasks\At57.job
C:\WINDOWS\tasks\At58.job
C:\WINDOWS\tasks\At59.job
C:\WINDOWS\tasks\At6.job
C:\WINDOWS\tasks\At60.job
C:\WINDOWS\tasks\At61.job
C:\WINDOWS\tasks\At62.job
C:\WINDOWS\tasks\At63.job
C:\WINDOWS\tasks\At64.job
C:\WINDOWS\tasks\At65.job
C:\WINDOWS\tasks\At66.job
C:\WINDOWS\tasks\At67.job
C:\WINDOWS\tasks\At68.job
C:\WINDOWS\tasks\At69.job
C:\WINDOWS\tasks\At7.job
C:\WINDOWS\tasks\At70.job
C:\WINDOWS\tasks\At71.job
C:\WINDOWS\tasks\At72.job
C:\WINDOWS\tasks\At8.job
C:\WINDOWS\tasks\At9.job
C:\WINDOWS\tasks\MP Scheduled Scan.job
C:\WINDOWS\tasks\Norton Security Scan for Nubben.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Länkhjälp till Adobe PDF Reader - C:\Program\Delade filer\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2008-06-11 61816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program\Delade filer\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java™ Plug-In SSV Helper - C:\Program\Java\jre6\bin\ssv.dll [2009-01-19 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program\Java\jre6\bin\jp2ssv.dll [2009-01-19 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-01-19 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{327C2873-E90D-4c37-AA9D-10AC9BABA46C} - Easy-WebPrint - C:\Program\Canon\Easy-WebPrint\Toolband.dll [2002-12-04 110592]
{BC4FFE41-DE9F-46fa-B455-AAD49B9F9938}

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_CC"=C:\Program\Grisoft\AVGFRE~1\avgcc.exe [2008-11-04 590848]
"SmcService"=C:\Program\Sygate\SPF\smc.exe [2005-09-27 2635472]
"QuickTime Task"=C:\Program\QuickTime\qttask.exe [2006-09-01 282624]
"Internet Explorer Run-Time"=C:\WINDOWS\ie.exe []
"nwiz"=nwiz.exe /install []
"Windows Defender"=C:\Program\Windows Defender\MSASCui.exe [2006-11-03 866584]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2005-08-02 7110656]
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2005-08-02 86016]
"Sony Ericsson PC Suite"=C:\Program\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe [2007-03-28 593920]
"Adobe Photo Downloader"=C:\Program\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe [2005-06-06 57344]
"Adobe Reader Speed Launcher"=C:\Program\Adobe\Reader 9.0\Reader\Reader_sl.exe [2008-06-12 34672]
"SunJavaUpdateSched"=C:\Program\Java\jre6\bin\jusched.exe [2009-01-19 136600]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program\Delade filer\Ahead\Lib\NMBgMonitor.exe [2006-11-16 139264]
"msnmsgr"=C:\Program\MSN Messenger\msnmsgr.exe [2007-01-19 5674352]
"Sony Ericsson PC Suite"=C:\Program\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe [2008-02-20 356352]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
C:\Program\MSN Messenger\msnmsgr.exe [2007-01-19 5674352]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start-meny^Program^Autostart^Microsoft Office.lnk]
C:\Program\MICROS~2\Office10\OSA.EXE [2001-02-13 83360]

C:\Documents and Settings\All Users.WINDOWS\Start-meny\Program\Autostart
Personal.lnk - C:\Program\Personal\bin\Personal.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"=" "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Program\SUPERAntiSpyware\SASWINLO.dll [2008-07-23 352256]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-04-10 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
syshelps - {DBE12772-6FAD-4F3E-882C-00DA4DB4D2DD}
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"=C:\Program\WIFD1F~1\MpShHook.dll [2006-11-03 83224]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"authentication packages"=msv1_0
nwprovau

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WinDefend]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program\DC++\DCPlusPlus.exe"="C:\Program\DC++\DCPlusPlus.exe:*:Enabled:DC++"
"C:\Program\Call of Duty Game of the Year Edition\CoDMP.exe"="C:\Program\Call of Duty Game of the Year Edition\CoDMP.exe:*:Enabled:CoDMP"
"C:\Program\Fildelningsprogram\paranoia.exe"="C:\Program\Fildelningsprogram\paranoia.exe:*:Enabled:paranoia"
"C:\Program\Microsoft Games\Age of Empires II\EMPIRES2.ICD"="C:\Program\Microsoft Games\Age of Empires II\EMPIRES2.ICD:*:Enabled:Age of Empires II"
"C:\Program\Grisoft\AVG Free\avginet.exe"="C:\Program\Grisoft\AVG Free\avginet.exe:*:Enabled:avginet.exe"
"C:\Program\Grisoft\AVG Free\avgamsvr.exe"="C:\Program\Grisoft\AVG Free\avgamsvr.exe:*:Enabled:avgamsvr.exe"
"C:\Program\Grisoft\AVG Free\avgcc.exe"="C:\Program\Grisoft\AVG Free\avgcc.exe:*:Enabled:avgcc.exe"
"C:\Program\uTorrent\utorrent.exe"="C:\Program\uTorrent\utorrent.exe:*:Enabled:µTorrent"
"C:\Program\Activision\Empires Dawn of the Modern World\Empires_DMW.exe"="C:\Program\Activision\Empires Dawn of the Modern World\Empires_DMW.exe:*:Enabled:Empires_DMW"
"D:\battlefield\BF1942.exe"="D:\battlefield\BF1942.exe:*:Enabled:BF1942"
"D:\Db\Db\Skins\Anders\DC++\DCPlusPlus.exe"="D:\Db\Db\Skins\Anders\DC++\DCPlusPlus.exe:*:Enabled:DC++"
"D:\Battlefield 1942 Secret Weapons of WWII Demo\BF1942.exe"="D:\Battlefield 1942 Secret Weapons of WWII Demo\BF1942.exe:*:Enabled:BF1942"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Documents and Settings\Nubben\Skrivbord\Panzer General 2-rip\panzer2\PANZER2.EXE"="C:\Documents and Settings\Nubben\Skrivbord\Panzer General 2-rip\panzer2\PANZER2.EXE:*:Enabled:PANZER2"
"D:\Db\Db\Skins\Anders\Fildelningsprogram\paranoia.exe"="D:\Db\Db\Skins\Anders\Fildelningsprogram\paranoia.exe:*:Disabled:paranoia"
"C:\Program\Azureus\Azureus.exe"="C:\Program\Azureus\Azureus.exe:*:Enabled:Azureus"
"D:\andcar\BF1942.exe"="D:\andcar\BF1942.exe:*:Enabled:BF1942"
"D:\andcar\call of\MOHAA.exe"="D:\andcar\call of\MOHAA.exe:*:Enabled:Medal of Honor Allied Assault™"
"C:\Program\mswt kart 2004\MSWorldTour.exe"="C:\Program\mswt kart 2004\MSWorldTour.exe:*:Disabled:MSWorldTour"
"D:\Program\Activision\Empires Dawn of the Modern World\Empires_DMW.exe"="D:\Program\Activision\Empires Dawn of the Modern World\Empires_DMW.exe:*:Enabled:Empires_DMW"
"C:\Program\Warcraft III\Warcraft III.exe"="C:\Program\Warcraft III\Warcraft III.exe:*:Enabled:Warcraft III"
"C:\Program\MSN Messenger\msnmsgr.exe"="C:\Program\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program\MSN Messenger\livecall.exe"="C:\Program\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\Program\Java\jre6\bin\java.exe"="C:\Program\Java\jre6\bin\java.exe:*:Enabled:Java™ Platform SE binary"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program\MSN Messenger\msnmsgr.exe"="C:\Program\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program\MSN Messenger\livecall.exe"="C:\Program\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

======List of files/folders created in the last 1 months======

2009-01-20 17:24:16 ----D---- C:\rsit
2009-01-20 16:46:42 ----D---- C:\Program\CCleaner
2009-01-19 23:26:05 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Lavasoft
2009-01-19 23:05:47 ----D---- C:\Program\SUPERAntiSpyware
2009-01-19 23:05:12 ----SHD---- C:\Config.Msi
2009-01-19 22:35:33 ----A---- C:\WINDOWS\system32\javaws.exe
2009-01-19 22:35:33 ----A---- C:\WINDOWS\system32\javaw.exe
2009-01-19 22:35:33 ----A---- C:\WINDOWS\system32\java.exe
2009-01-19 22:35:33 ----A---- C:\WINDOWS\system32\deploytk.dll
2009-01-19 20:19:46 ----D---- C:\Program\Norton Security Scan
2009-01-19 18:28:23 ----D---- C:\Avenger
2009-01-19 18:28:22 ----A---- C:\avenger.txt
2009-01-13 09:58:40 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\NOS
2009-01-03 17:19:17 ----D---- C:\WINDOWS\Prefetch
2009-01-03 17:03:25 ----D---- C:\WINDOWS\l2schemas
2009-01-03 17:03:24 ----D---- C:\WINDOWS\system32\sv
2009-01-03 13:52:08 ----A---- C:\WINDOWS\system32\wuapi.dll.mui

======List of files/folders modified in the last 1 months======

2009-01-20 17:10:23 ----D---- C:\WINDOWS\Temp
2009-01-20 17:02:23 ----SD---- C:\WINDOWS\Tasks
2009-01-20 16:59:50 ----D---- C:\WINDOWS\system32
2009-01-20 16:59:42 ----D---- C:\WINDOWS
2009-01-20 16:58:34 ----RAD---- C:\Program
2009-01-20 16:58:33 ----D---- C:\Program\Google
2009-01-20 16:58:00 ----D---- C:\WINDOWS\system32\drivers
2009-01-20 16:57:09 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-01-20 16:52:16 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy
2009-01-20 16:52:11 ----D---- C:\WINDOWS\Debug
2009-01-20 16:26:44 ----SHD---- C:\WINDOWS\Installer
2009-01-20 09:59:35 ----D---- C:\Documents and Settings\Nubben\Application Data\AVG7
2009-01-19 23:26:07 ----D---- C:\Program\Lavasoft
2009-01-19 23:25:25 ----D---- C:\Program\Delade filer\Wise Installation Wizard
2009-01-19 22:35:06 ----D---- C:\Program\Java
2009-01-19 21:47:50 ----D---- C:\TEMP
2009-01-19 21:25:49 ----D---- C:\Program\Delade filer\Symantec Shared
2009-01-19 20:13:04 ----HD---- C:\Program\InstallShield Installation Information
2009-01-19 19:38:33 ----D---- C:\WINDOWS\system32\CatRoot2
2009-01-19 11:42:05 ----HD---- C:\WINDOWS\inf
2009-01-19 11:42:05 ----D---- C:\Program\Windows Live Safety Center
2009-01-19 11:29:48 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-01-13 10:16:23 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Adobe
2009-01-13 10:15:14 ----D---- C:\Program\Delade filer\Adobe
2009-01-13 10:15:00 ----D---- C:\WINDOWS\WinSxS
2009-01-13 10:13:48 ----D---- C:\Program\Adobe
2009-01-13 09:55:37 ----RHD---- C:\$VAULT$.AVG
2009-01-11 10:04:23 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-01-09 19:12:36 ----D---- C:\Program\EA GAMES
2009-01-09 19:07:00 ----A---- C:\WINDOWS\NeroDigital.ini
2009-01-09 08:41:41 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-01-03 17:21:52 ----D---- C:\Program\MSN Messenger
2009-01-03 17:18:27 ----D---- C:\WINDOWS\system32\Setup
2009-01-03 17:18:27 ----D---- C:\WINDOWS\AppPatch
2009-01-03 17:18:26 ----D---- C:\WINDOWS\system32\wbem
2009-01-03 17:18:25 ----RSD---- C:\WINDOWS\Fonts
2009-01-03 17:14:12 ----D---- C:\WINDOWS\security
2009-01-03 17:13:07 ----D---- C:\WINDOWS\system32\CatRoot
2009-01-03 17:04:10 ----D---- C:\Program\Messenger
2009-01-03 17:04:07 ----D---- C:\WINDOWS\ServicePackFiles
2009-01-03 17:04:04 ----D---- C:\WINDOWS\EHome
2009-01-03 17:04:01 ----D---- C:\WINDOWS\system32\inetsrv
2009-01-03 17:04:01 ----D---- C:\WINDOWS\network diagnostic
2009-01-03 17:04:00 ----D---- C:\WINDOWS\ime
2009-01-03 17:04:00 ----D---- C:\WINDOWS\Help
2009-01-03 17:03:29 ----D---- C:\WINDOWS\system32\sv-se
2009-01-03 17:03:28 ----D---- C:\WINDOWS\system32\usmt
2009-01-03 17:03:27 ----D---- C:\Program\Movie Maker
2009-01-03 17:03:24 ----D---- C:\WINDOWS\system32\bits
2009-01-03 17:03:23 ----D---- C:\WINDOWS\peernet
2009-01-03 16:57:04 ----D---- C:\WINDOWS\system32\Restore
2009-01-03 16:57:04 ----D---- C:\WINDOWS\system32\npp
2009-01-03 16:57:02 ----D---- C:\WINDOWS\msagent
2009-01-03 16:56:59 ----D---- C:\WINDOWS\srchasst
2009-01-03 16:56:57 ----D---- C:\Program\NetMeeting
2009-01-03 16:56:55 ----D---- C:\WINDOWS\system32\Com
2009-01-03 16:56:50 ----D---- C:\Program\Windows Media Player
2009-01-03 16:56:49 ----D---- C:\Program\Windows NT
2009-01-03 16:56:49 ----D---- C:\Program\Outlook Express
2009-01-03 16:56:43 ----D---- C:\Program\Delade filer\System
2009-01-03 16:56:11 ----D---- C:\WINDOWS\system32\oobe
2009-01-03 16:56:05 ----D---- C:\WINDOWS\system
2009-01-03 16:49:12 ----D---- C:\WINDOWS\system32\ReinstallBackups
2009-01-03 16:48:37 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$
2009-01-03 13:52:38 ----D---- C:\WINDOWS\SoftwareDistribution
2008-12-30 11:33:57 ----A---- C:\WINDOWS\Edofma.INI

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Avg7Core;AVG7 Kernel; C:\WINDOWS\System32\Drivers\avg7core.sys [2007-10-23 821856]
R1 Avg7RsW;AVG7 Wrap Driver; C:\WINDOWS\System32\Drivers\avg7rsw.sys [2007-01-03 4224]
R1 Avg7RsXP;AVG7 Resident Driver XP; C:\WINDOWS\System32\Drivers\avg7rsxp.sys [2007-06-21 27776]
R1 AvgClean;AVG7 Clean Driver; C:\WINDOWS\System32\Drivers\avgclean.sys [2007-12-21 10760]
R1 BANTExt;Belarc SMBios Access; C:\WINDOWS\System32\Drivers\BANTExt.sys [2005-04-07 3840]
R1 P3;Intel PentiumIII-processordrivrutin; C:\WINDOWS\System32\DRIVERS\p3.sys [2008-04-14 46720]
R1 wpsdrvnt;wpsdrvnt; \??\C:\WINDOWS\System32\drivers\wpsdrvnt.sys []
R2 ASCTRM;ASCTRM; C:\WINDOWS\system32\drivers\ASCTRM.sys [2007-07-28 8552]
R2 NwlnkIpx;NWLink IPX/SPX/NetBIOS Compatible Transport Protocol; C:\WINDOWS\System32\DRIVERS\nwlnkipx.sys [2008-04-13 88320]
R2 NwlnkNb;NWLink NetBIOS; C:\WINDOWS\System32\DRIVERS\nwlnknb.sys [2001-09-28 63232]
R2 NwlnkSpx;NWLink SPX/SPXII Protocol; C:\WINDOWS\System32\DRIVERS\nwlnkspx.sys [2001-09-28 55936]
R2 wg3n;SyGate for NT, wg3n; C:\WINDOWS\SYSTEM32\Drivers\wg3n.sys [2005-09-27 14944]
R2 wg4n;SyGate for NT, wg4n; C:\WINDOWS\SYSTEM32\Drivers\wg4n.sys [2005-09-27 14944]
R2 wg5n;SyGate for NT, wg5n; C:\WINDOWS\SYSTEM32\Drivers\wg5n.sys [2005-09-27 14944]
R2 wg6n;SyGate for NT, wg6n; C:\WINDOWS\SYSTEM32\Drivers\wg6n.sys [2005-09-27 14944]
R3 ac97intc;Installationstjänst för Intel® 82801-ljuddrivrutin (WDM); C:\WINDOWS\system32\drivers\ac97intc.sys [2001-08-17 96256]
R3 E100B;Intel® PRO Adapter Driver; C:\WINDOWS\System32\DRIVERS\e100b325.sys [2004-02-10 154112]
R3 nv;nv; C:\WINDOWS\System32\DRIVERS\nv4_mini.sys [2005-08-02 3198560]
R3 NWRDR;NetWare Rdr; C:\WINDOWS\System32\DRIVERS\nwrdr.sys [2008-04-13 163584]
R3 usbhub;USB2-aktiverat nav; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S3 a016bus;Sony Ericsson Device A016 driver (WDM); C:\WINDOWS\system32\DRIVERS\a016bus.sys [2008-01-18 83880]
S3 a016mdfl;Sony Ericsson Device A016 USB WMC Modeme Filter; C:\WINDOWS\system32\DRIVERS\a016mdfl.sys [2008-01-18 15016]
S3 a016mdm;Sony Ericsson Device A016 USB WMC Modem Driver; C:\WINDOWS\system32\DRIVERS\a016mdm.sys [2008-01-18 110504]
S3 a016mgmt;Sony Ericsson Device A016 USB WMC Device Management Drivers (WDM); C:\WINDOWS\system32\DRIVERS\a016mgmt.sys [2008-01-18 104488]
S3 a016obex;Sony Ericsson Device A016 USB WMC OBEX Interface; C:\WINDOWS\system32\DRIVERS\a016obex.sys [2008-01-18 100648]
S3 a5cd05l5;a5cd05l5; C:\WINDOWS\system32\drivers\a5cd05l5.sys []
S3 FreshIO;FreshIO; \??\C:\Program\FreshDevices\FreshDiagnose\FreshIO.sys []
S3 nv4;nv4; C:\WINDOWS\System32\DRIVERS\nv4.sys [2001-08-17 731648]
S3 s616bus;Sony Ericsson Device 616 driver (WDM); C:\WINDOWS\system32\DRIVERS\s616bus.sys [2007-04-03 83208]
S3 s616mdfl;Sony Ericsson Device 616 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\s616mdfl.sys [2007-04-03 15112]
S3 s616mdm;Sony Ericsson Device 616 USB WMC Modem Driver; C:\WINDOWS\system32\DRIVERS\s616mdm.sys [2007-04-03 108680]
S3 s616mgmt;Sony Ericsson Device 616 USB WMC Device Management Drivers (WDM); C:\WINDOWS\system32\DRIVERS\s616mgmt.sys [2007-04-03 100360]
S3 s616nd5;Sony Ericsson Device 616 USB Ethernet Emulation SEMC616 (NDIS); C:\WINDOWS\system32\DRIVERS\s616nd5.sys [2007-04-03 23176]
S3 s616obex;Sony Ericsson Device 616 USB WMC OBEX Interface; C:\WINDOWS\system32\DRIVERS\s616obex.sys [2007-04-03 98568]
S3 s616unic;Sony Ericsson Device 616 USB Ethernet Emulation SEMC616 (WDM); C:\WINDOWS\system32\DRIVERS\s616unic.sys [2007-04-03 99080]
S3 SABProcEnum;SABProcEnum; \??\C:\Program\Internet Explorer\SABProcEnum.sys []
S3 se59bus;Sony Ericsson Device 089 driver (WDM); C:\WINDOWS\system32\DRIVERS\se59bus.sys [2006-09-05 61536]
S3 se59mdfl;Sony Ericsson Device 089 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\se59mdfl.sys [2006-09-05 9360]
S3 se59mdm;Sony Ericsson Device 089 USB WMC Modem Driver; C:\WINDOWS\system32\DRIVERS\se59mdm.sys [2006-09-05 97088]
S3 se59mgmt;Sony Ericsson Device 089 USB WMC Device Management Drivers (WDM); C:\WINDOWS\system32\DRIVERS\se59mgmt.sys [2006-09-05 88624]
S3 se59nd5;Sony Ericsson Device 089 USB Ethernet Emulation SEMC59 (NDIS); C:\WINDOWS\system32\DRIVERS\se59nd5.sys [2006-09-05 18704]
S3 se59obex;Sony Ericsson Device 089 USB WMC OBEX Interface; C:\WINDOWS\system32\DRIVERS\se59obex.sys [2006-09-05 86432]
S3 se59unic;Sony Ericsson Device 089 USB Ethernet Emulation SEMC59 (WDM); C:\WINDOWS\system32\DRIVERS\se59unic.sys [2006-09-05 90800]
S3 usbprint;Microsoft USB-skrivarklass; C:\WINDOWS\System32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 USBSTOR;Drivrutin för USB-masslagringsenheter; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 vsdatant;vsdatant; C:\WINDOWS\system32\drivers\vsdatant.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aawservice;Lavasoft Ad-Aware Service; C:\Program\Lavasoft\Ad-Aware\aawservice.exe [2008-09-10 611664]
R2 Avg7Alrt;AVG7 Alert Manager Server; C:\Program\Grisoft\AVGFRE~1\avgamsvr.exe [2007-10-23 418816]
R2 Avg7UpdSvc;AVG7 Update Service; C:\Program\Grisoft\AVGFRE~1\avgupsvc.exe [2007-06-21 49664]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program\Java\jre6\bin\jqs.exe [2009-01-19 152984]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program\Delade filer\LightScribe\LSSrvc.exe [2006-10-19 61440]
R2 NWCWorkstation;Client Service for NetWare; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2005-08-02 127043]
R2 SmcService;Sygate Personal Firewall Pro; C:\Program\Sygate\SPF\smc.exe [2005-09-27 2635472]
R2 WinDefend;Windows Defender; C:\Program\Windows Defender\MsMpEng.exe [2006-11-03 13592]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2004-07-15 32768]
S3 IDriverT;InstallDriver Table Manager; C:\Program\Delade filer\InstallShield\Driver\1150\Intel 32\IDriverT.exe [2005-11-14 69632]
S3 NBService;NBService; C:\Program\Nero\Nero 7\Nero BackItUp\NBService.exe [2006-11-10 774144]
S3 ose;Office Source Engine; C:\Program\Delade filer\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 usnjsvc;Läsartjänsten USN Journal för mappdelning i Messenger; C:\Program\MSN Messenger\usnsvc.exe [2007-01-19 97136]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program\Windows Media Player\WMPNetwk.exe [2006-11-15 912384]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]

-----------------EOF-----------------

#10 Malou

Malou
  • Gäster

Skrivet 20 januari 2009 - 17:58

Hej Andcar!

Varsegod!

Ser redan nu vid en snabb titt i loggan att där är en del otyg. Återkommer med en procedur så snart jag gått igenom loggan mer grundligt. Tar dock en stund innan jag är klar så håll ut så länge  ;)


MVH/Malou

#11 Malou

Malou
  • Gäster

Skrivet 20 januari 2009 - 18:10

Hej Andcar!


Vi börjar lite försiktigt med nedanstående procedur.

Skriv ut nedanstående eller kopiera det till ett textdokument och spara det till skrivbordet:
Läs/Följ instruktionerna mycket noga:

Hämta hem Avenger från någon av nedanstående länkar:
http://swandog46.gee...com/avenger.exe

1: Spara ner den till skrivbordet
2: Öppna Anteckningar (Använd INGEN ANNAN texteditor)
3: Kopiera in nedanstående "Fetmarkerade Text" i Anteckningar inklusive rubriken Files to delete:

Files to delete:
C:\WINDOWS\ie.exe
C:\WINDOWS\tasks\At1.job
C:\WINDOWS\tasks\At10.job
C:\WINDOWS\tasks\At11.job
C:\WINDOWS\tasks\At12.job
C:\WINDOWS\tasks\At13.job
C:\WINDOWS\tasks\At14.job
C:\WINDOWS\tasks\At15.job
C:\WINDOWS\tasks\At16.job
C:\WINDOWS\tasks\At17.job
C:\WINDOWS\tasks\At18.job
C:\WINDOWS\tasks\At19.job
C:\WINDOWS\tasks\At2.job
C:\WINDOWS\tasks\At20.job
C:\WINDOWS\tasks\At21.job
C:\WINDOWS\tasks\At22.job
C:\WINDOWS\tasks\At23.job
C:\WINDOWS\tasks\At24.job
C:\WINDOWS\tasks\At25.job
C:\WINDOWS\tasks\At26.job
C:\WINDOWS\tasks\At27.job
C:\WINDOWS\tasks\At28.job
C:\WINDOWS\tasks\At29.job
C:\WINDOWS\tasks\At3.job
C:\WINDOWS\tasks\At30.job
C:\WINDOWS\tasks\At31.job
C:\WINDOWS\tasks\At32.job
C:\WINDOWS\tasks\At33.job
C:\WINDOWS\tasks\At34.job
C:\WINDOWS\tasks\At35.job
C:\WINDOWS\tasks\At36.job
C:\WINDOWS\tasks\At37.job
C:\WINDOWS\tasks\At38.job
C:\WINDOWS\tasks\At39.job
C:\WINDOWS\tasks\At4.job
C:\WINDOWS\tasks\At40.job
C:\WINDOWS\tasks\At41.job
C:\WINDOWS\tasks\At42.job
C:\WINDOWS\tasks\At43.job
C:\WINDOWS\tasks\At44.job
C:\WINDOWS\tasks\At45.job
C:\WINDOWS\tasks\At46.job
C:\WINDOWS\tasks\At47.job
C:\WINDOWS\tasks\At48.job
C:\WINDOWS\tasks\At49.job
C:\WINDOWS\tasks\At5.job
C:\WINDOWS\tasks\At50.job
C:\WINDOWS\tasks\At51.job
C:\WINDOWS\tasks\At52.job
C:\WINDOWS\tasks\At53.job
C:\WINDOWS\tasks\At54.job
C:\WINDOWS\tasks\At55.job
C:\WINDOWS\tasks\At56.job
C:\WINDOWS\tasks\At57.job
C:\WINDOWS\tasks\At58.job
C:\WINDOWS\tasks\At59.job
C:\WINDOWS\tasks\At6.job
C:\WINDOWS\tasks\At60.job
C:\WINDOWS\tasks\At61.job
C:\WINDOWS\tasks\At62.job
C:\WINDOWS\tasks\At63.job
C:\WINDOWS\tasks\At64.job
C:\WINDOWS\tasks\At65.job
C:\WINDOWS\tasks\At66.job
C:\WINDOWS\tasks\At67.job
C:\WINDOWS\tasks\At68.job
C:\WINDOWS\tasks\At69.job
C:\WINDOWS\tasks\At7.job
C:\WINDOWS\tasks\At70.job
C:\WINDOWS\tasks\At71.job
C:\WINDOWS\tasks\At72.job
C:\WINDOWS\tasks\At8.job
C:\WINDOWS\tasks\At9.job

4: Kontrollera noga att varje filnamn står på endast en rad och inte har delats upp på två rader.
5: Starta Avenger
6: I den stora textboxen klistrar du nu in texten som finns i Anteckningar.
7: Bocka i rutan Scan for rootkits om den inte redan är ibockad.
6: Tryck på Execute för att starta Avenger.
8: Datorn kommer nu att starta om (Kan eventuellt starta om två gånger).
9: Efter en liten stund så kommer loggan (C:\avenger.txt) upp, klistra in den loggan hit till din tråd.
10: Gör en ny TM HJT-logga, kopiera in även den



MVH/Malou

#12 andcar

andcar
  • Medlem
  • PipPip
  • 41 inlägg

Skrivet 20 januari 2009 - 18:58

Hej Malou. så här ser det ut nu.

rsit funkar inte helt plötsligt. har laddat ner det men samma reultat. Errps subscript used with mom arrov variabel :unsure:

Mvh Anders

Logfile of The Avenger Version 2.0, © by Swandog46
http://swandog46.geekstogo.com

Platform:  Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.

Hidden driver "UACd.sys" found!
ImagePath:  \systemroot\system32\drivers\UACuwjqbouq.sys
Start Type:  1 (System)

Rootkit scan completed.


Error:  file "C:\WINDOWS\ie.exe" not found!
Deletion of file "C:\WINDOWS\ie.exe" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
  --> the object does not exist

File "C:\WINDOWS\tasks\At1.job" deleted successfully.
File "C:\WINDOWS\tasks\At10.job" deleted successfully.
File "C:\WINDOWS\tasks\At11.job" deleted successfully.
File "C:\WINDOWS\tasks\At12.job" deleted successfully.
File "C:\WINDOWS\tasks\At13.job" deleted successfully.
File "C:\WINDOWS\tasks\At14.job" deleted successfully.
File "C:\WINDOWS\tasks\At15.job" deleted successfully.
File "C:\WINDOWS\tasks\At16.job" deleted successfully.
File "C:\WINDOWS\tasks\At17.job" deleted successfully.
File "C:\WINDOWS\tasks\At18.job" deleted successfully.
File "C:\WINDOWS\tasks\At19.job" deleted successfully.
File "C:\WINDOWS\tasks\At2.job" deleted successfully.
File "C:\WINDOWS\tasks\At20.job" deleted successfully.
File "C:\WINDOWS\tasks\At21.job" deleted successfully.
File "C:\WINDOWS\tasks\At22.job" deleted successfully.
File "C:\WINDOWS\tasks\At23.job" deleted successfully.
File "C:\WINDOWS\tasks\At24.job" deleted successfully.
File "C:\WINDOWS\tasks\At25.job" deleted successfully.
File "C:\WINDOWS\tasks\At26.job" deleted successfully.
File "C:\WINDOWS\tasks\At27.job" deleted successfully.
File "C:\WINDOWS\tasks\At28.job" deleted successfully.
File "C:\WINDOWS\tasks\At29.job" deleted successfully.
File "C:\WINDOWS\tasks\At3.job" deleted successfully.
File "C:\WINDOWS\tasks\At30.job" deleted successfully.
File "C:\WINDOWS\tasks\At31.job" deleted successfully.
File "C:\WINDOWS\tasks\At32.job" deleted successfully.
File "C:\WINDOWS\tasks\At33.job" deleted successfully.
File "C:\WINDOWS\tasks\At34.job" deleted successfully.
File "C:\WINDOWS\tasks\At35.job" deleted successfully.
File "C:\WINDOWS\tasks\At36.job" deleted successfully.
File "C:\WINDOWS\tasks\At37.job" deleted successfully.
File "C:\WINDOWS\tasks\At38.job" deleted successfully.
File "C:\WINDOWS\tasks\At39.job" deleted successfully.
File "C:\WINDOWS\tasks\At4.job" deleted successfully.
File "C:\WINDOWS\tasks\At40.job" deleted successfully.
File "C:\WINDOWS\tasks\At41.job" deleted successfully.
File "C:\WINDOWS\tasks\At42.job" deleted successfully.
File "C:\WINDOWS\tasks\At43.job" deleted successfully.
File "C:\WINDOWS\tasks\At44.job" deleted successfully.
File "C:\WINDOWS\tasks\At45.job" deleted successfully.
File "C:\WINDOWS\tasks\At46.job" deleted successfully.
File "C:\WINDOWS\tasks\At47.job" deleted successfully.
File "C:\WINDOWS\tasks\At48.job" deleted successfully.
File "C:\WINDOWS\tasks\At49.job" deleted successfully.
File "C:\WINDOWS\tasks\At5.job" deleted successfully.
File "C:\WINDOWS\tasks\At50.job" deleted successfully.
File "C:\WINDOWS\tasks\At51.job" deleted successfully.
File "C:\WINDOWS\tasks\At52.job" deleted successfully.
File "C:\WINDOWS\tasks\At53.job" deleted successfully.
File "C:\WINDOWS\tasks\At54.job" deleted successfully.
File "C:\WINDOWS\tasks\At55.job" deleted successfully.
File "C:\WINDOWS\tasks\At56.job" deleted successfully.
File "C:\WINDOWS\tasks\At57.job" deleted successfully.
File "C:\WINDOWS\tasks\At58.job" deleted successfully.
File "C:\WINDOWS\tasks\At59.job" deleted successfully.
File "C:\WINDOWS\tasks\At6.job" deleted successfully.
File "C:\WINDOWS\tasks\At60.job" deleted successfully.
File "C:\WINDOWS\tasks\At61.job" deleted successfully.
File "C:\WINDOWS\tasks\At62.job" deleted successfully.
File "C:\WINDOWS\tasks\At63.job" deleted successfully.
File "C:\WINDOWS\tasks\At64.job" deleted successfully.
File "C:\WINDOWS\tasks\At65.job" deleted successfully.
File "C:\WINDOWS\tasks\At66.job" deleted successfully.
File "C:\WINDOWS\tasks\At67.job" deleted successfully.
File "C:\WINDOWS\tasks\At68.job" deleted successfully.
File "C:\WINDOWS\tasks\At69.job" deleted successfully.
File "C:\WINDOWS\tasks\At7.job" deleted successfully.
File "C:\WINDOWS\tasks\At70.job" deleted successfully.
File "C:\WINDOWS\tasks\At71.job" deleted successfully.
File "C:\WINDOWS\tasks\At72.job" deleted successfully.
File "C:\WINDOWS\tasks\At8.job" deleted successfully.
File "C:\WINDOWS\tasks\At9.job" deleted successfully.

Completed script processing.

*******************

Finished!  Terminate.

#13 Malou

Malou
  • Gäster

Skrivet 20 januari 2009 - 19:16

Hej andcar!

Citat

rsit funkar inte helt plötsligt.
Ok utgår ifrån att det är den här du menar => RSIT (random's system information tool) <=
Men den behöver inte i nuläget så vi lämnar den för ett tag.

Ser att Avenger har åtgärdat det vi bad om. Men inte C:\WINDOWS\ie.ex.

Gör en ny TM HJT-logga kopiera in den hit så får vi se hur den ser ut (omdöpt). Samt se till att Windows Defender är avstängd/avaktiverad.

MVH/Malou

#14 andcar

andcar
  • Medlem
  • PipPip
  • 41 inlägg

Skrivet 20 januari 2009 - 19:30

Hej Malou

får en amatör fråga vad det va för filer som togs bort.
Tack för all hjälp jag får av dig!! windofs def har jag inaktiverat
Mvh Anders

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:27:02, on 2009-01-20
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program\Grisoft\AVGFRE~1\avgamsvr.exe
C:\WINDOWS\Explorer.EXE
C:\Program\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program\Delade filer\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program\Sygate\SPF\smc.exe
C:\Program\Grisoft\AVGFRE~1\avgcc.exe
C:\Program\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\Program\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program\Delade filer\Ahead\Lib\NMBgMonitor.exe
C:\Program\MSN Messenger\msnmsgr.exe
C:\Program\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe
C:\Program\Personal\bin\Personal.exe
C:\Program\Delade filer\Ahead\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program\Internet Explorer\IEXPLORE.EXE
C:\Program\Delade filer\Teleca Shared\Generic.exe
C:\Program\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\Program\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.aftonbladet.se/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
R3 - URLSearchHook: (no name) - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - (no file)
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\twex.exe,
O2 - BHO: Länkhjälp till Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Delade filer\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program\Delade filer\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - (no file)
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: (no name) - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - (no file)
O4 - HKLM\..\Run: [AVG7_CC] C:\Program\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SmcService] C:\Program\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Internet Explorer Run-Time] C:\WINDOWS\ie.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Windows Defender] "C:\Program\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program\Delade filer\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Sony Ericsson PC Suite] "C:\Program\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKAL TJÄNST')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\Program\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOKAL TJÄNST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Personal.lnk = C:\Program\Personal\bin\Personal.exe
O9 - Extra button: Referensinformation - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O13 - WWW Prefix:
O15 - Trusted Zone: http://www.adobe.com
O15 - Trusted Zone: http://www.lunarstorm.se
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-sec...m/ols/fscax.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.r...ip/RdxIE601.cab
O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} (Image Uploader Control) - http://www.extrafilm...geUploader5.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onec...lscbase6662.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1230987003140
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.co.../sysreqlab2.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx...owserPlugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1230986939281
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.co...iaSmartScan.cab
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.0 Control) - https://ssl.extrafil...geUploader3.cab
O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} (SABScanProcesses Class) - http://www.superadbl...ivex/sabspx.cab
O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - http://drmlicense.on...e/en/crlocx.ocx
O17 - HKLM\System\CCS\Services\Tcpip\..\{F725B5B2-C8C6-4299-9A49-AC36782EA4BD}: NameServer = 208.67.220.220 208.67.222.222
O20 - AppInit_DLLs:  
O20 - Winlogon Notify: !SASWinLogon - C:\Program\SUPERAntiSpyware\SASWINLO.dll
O21 - SSODL: syshelps - {DBE12772-6FAD-4F3E-882C-00DA4DB4D2DD} - (no file)
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\Program\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\Program\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program\Delade filer\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program\Delade filer\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Sygate Personal Firewall Pro (SmcService) - Sygate Technologies, Inc. - C:\Program\Sygate\SPF\smc.exe

--
End of file - 9717 bytes

#15 Malou

Malou
  • Gäster

Skrivet 20 januari 2009 - 19:59

Hej andcar!

Citat

får en amatör fråga vad det va för filer som togs bort.
Det vi tog bort med hjälp av Avenger var så kallade Taskjob => exempel=C:\WINDOWS\tasks\At1.job <= Det är schemalagda arbeten. Tyvärr så fanns inte de riktiga filerna synliga i Avenger som brukligt är med andra verktyg där man kan se filernas riktiga namn. Så det är lite svårt att svara på vad exakt det var/är. Men de brukar i regel ställa till med en väldigt massa problem så därför tas dessa alltid bort.

Vore även tacksam om jag kunde få svar på mina tidigare frågor som jag ställde här i tråden och som ännu inte besvarats.
Är det du som har installerat => Yahoo! Toolbar/SWEETIE Toolbar och sedan försökt att avinstallera det?

Är även undrande över nedanstående.
Är det du som lagt dessa som Trusted Zone?
O15 - Trusted Zone: http://www.adobe.com
O15 - Trusted Zone: http://www.lunarstorm.se

******************************************************************************
Ser att du inte har döpt om filen som jag tidigare påtalade. Hur kan det komma sig?
C:\Program\Trend Micro\HijackThis\HijackThis.exe
Vänligen döp om filen enligt tidigare information här i tråden så vi kan gå vidare.

Ser i nuvarnade (ej omdöpta) TM HJT-logga att elakingen finns kvar.
C:\WINDOWS\ie.ex.

Skriv ut nedanstående eller kopiera det till ett textdokument och spara det till skrivbordet:
Läs/Följ Instruktionerna mycket noga

Öppna TM HJT => klicka på Do a system scan only-knappen => Bocka för nedanstående detaljer => Stäng ner Webbläsaren => klicka på Fix Checked-knappen:

O4 - HKLM\..\Run: [Internet Explorer Run-Time] C:\WINDOWS\ie.exe
O13 - WWW Prefix:

Då du gjort ovanstående:
Starta om datorn till felsäkert läge (tryck F8-Tangenten upprepade gånger under uppstarten och välj felsäkert läge):

Visa dolda filer och mappar Windows XP och Windows Vista:

Windows XP-Användare:
1: Högerklicka på Start-knappen
2: Välj Utforska
3: I verktygsfältet klicka på => Verktyg => Mappalternativ
4: Välj fliken => Visning sätt en bock i => Visa dolda filer och mappar
5: Avbocka Dölj filnamnstillägg för kända filtyper
6: Avbocka Dölj skyddade operativsystemfiler

Sök/Leta reda på:
Navigera dig fram enligt nedanstående sökväg och deleta filen

C:\WINDOWS\ie.ex<=Deleta filen.

Vidare:
Fortfarande felsäkert läge:

Gå till Start => Kör => Skriv sen i Kör fältet cleanmgr => Klicka  Ok-knappen
Bocka i de här nedanstående och putsa bort dem. Kontrollera så att där inte finns bockar i övriga rutor om det finns så bocka bort dem.

Recycle Bin = Papperskorgen
Temporary Files = Temporära Filer
Temporary Internet Files = Temporära "Tillfälliga" Internetfiler

Posted Image

Nu:
Starta om datorn till normalläge igen:

1: Gör en ny TM HJT-logga kopiera in den hit så får vi se hur det ser ut.
2: Berätta/Tala om hur datorn mår och om där kvarstår problem.

MVH/Malou

#16 andcar

andcar
  • Medlem
  • PipPip
  • 41 inlägg

Skrivet 20 januari 2009 - 20:46

Hejsan.

ja det är jag som installerat det :-/ trusted zone är oxå jag :-/
google verkar vara dålig som förut.
ibland kommer jag in på windowsclick som ser till att jag kommer till en sida jag inte vill på :-/
Mvh
Anders


Hoppas jag gjort rätt nu....
******************************************************************************
Min dator
Scan saved at 20:43:13, on 2009-01-20
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program\Grisoft\AVGFRE~1\avgamsvr.exe
C:\Program\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program\Java\jre6\bin\jqs.exe
C:\Program\Delade filer\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program\Sygate\SPF\smc.exe
C:\Program\Grisoft\AVGFRE~1\avgcc.exe
C:\Program\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\Program\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\Program\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program\Delade filer\Ahead\Lib\NMBgMonitor.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program\MSN Messenger\msnmsgr.exe
C:\Program\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe
C:\Program\Delade filer\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program\Personal\bin\Personal.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program\Internet Explorer\IEXPLORE.EXE
C:\Program\Delade filer\Teleca Shared\Generic.exe
C:\Program\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\Program\Trend Micro\Anders HijackThis\HijackThis.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.aftonbladet.se/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
R3 - URLSearchHook: (no name) - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - (no file)
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\twex.exe,
O2 - BHO: Länkhjälp till Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Delade filer\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program\Delade filer\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: (no name) - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - (no file)
O4 - HKLM\..\Run: [AVG7_CC] C:\Program\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SmcService] C:\Program\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Windows Defender] "C:\Program\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program\Delade filer\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Sony Ericsson PC Suite] "C:\Program\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKAL TJÄNST')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\Program\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOKAL TJÄNST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Personal.lnk = C:\Program\Personal\bin\Personal.exe
O9 - Extra button: Referensinformation - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O15 - Trusted Zone: http://www.adobe.com
O15 - Trusted Zone: http://www.lunarstorm.se
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-sec...m/ols/fscax.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.r...ip/RdxIE601.cab
O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} (Image Uploader Control) - http://www.extrafilm...geUploader5.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onec...lscbase6662.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1230987003140
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.co.../sysreqlab2.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx...owserPlugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1230986939281
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.co...iaSmartScan.cab
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.0 Control) - https://ssl.extrafil...geUploader3.cab
O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} (SABScanProcesses Class) - http://www.superadbl...ivex/sabspx.cab
O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - http://drmlicense.on...e/en/crlocx.ocx
O17 - HKLM\System\CCS\Services\Tcpip\..\{F725B5B2-C8C6-4299-9A49-AC36782EA4BD}: NameServer = 208.67.220.220 208.67.222.222
O20 - AppInit_DLLs:  
O20 - Winlogon Notify: !SASWinLogon - C:\Program\SUPERAntiSpyware\SASWINLO.dll
O21 - SSODL: syshelps - {DBE12772-6FAD-4F3E-882C-00DA4DB4D2DD} - (no file)
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\Program\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\Program\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program\Delade filer\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program\Delade filer\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Sygate Personal Firewall Pro (SmcService) - Sygate Technologies, Inc. - C:\Program\Sygate\SPF\smc.exe

--
End of file - 9617 bytes

#17 Malou

Malou
  • Gäster

Skrivet 20 januari 2009 - 20:52

Hej Andcar!

Nu vet jag inte riktigt vad du har gjort. Men du har kopierat och klistrat in mitt inlägg i ditt inlägg  ;)

Citat

ja det är jag som installerat det :-/ trusted zone är oxå jag :-/
Ok och du vill ha Yahoo Toolbar samt SWEETIE Toolbar ?
I sådana fall så bör du installera om dessa. I upplysningssyfte så kan jag tala om att dessa är kända för att dra med sig en del skräp in i systemet samt lite annat smått och gott.


MVH/Malou

#18 andcar

andcar
  • Medlem
  • PipPip
  • 41 inlägg

Skrivet 20 januari 2009 - 20:57

hej! jag såg :rolleyes:  det o skrev in min senaste log sedan jag gjort det du sa i felsäkert läge.
näe jag vill inte ha kvar dem

#19 Malou

Malou
  • Gäster

Skrivet 20 januari 2009 - 20:59

Hej igen andcar!

Såja nu blev ditt tidigare inlägg riktigt  :)

Men du har döpt om mappen istället för filen
C:\Program\Trend Micro\Anders HijackThis\HijackThis.exeVänligen döp om filen och ingenting annat.

Titta noga på skärmdumpen som finns medlagd.
=> Trend Micro HiJack This (Nerladdning/Instruktioner):

********************************************************************************
*********
Skriv ut nedanstående eller kopiera det till ett textdokument och spara det till skrivbordet.
Läs/Följ instruktionerna mycket noga:

Hämta hem SDFix:
=> SDFix
1: Spara SDFix.exe till skrivbordet
2: Klicka på SDFix.exe
3: SDFixen packas upp här => C:\SDFix.
4: Starta om datorn till felsäkert läge (tryck F8-Tangenten upprepade gånger under uppstarten och välj felsäkert läge):
5: Navigera dig fram till => C:\SDFix  => Klicka på runthis.bat  => Välj Y.
6: När scanningen är klar så tryck på valfri tangent för att starta om datorn.
7: När det står finished så tryck på valfri tangent. En logg kommer automatiskt att visas, kopiera in loggan hit till din tråd.

Gör även en ny TM HJT-logga, kopiera in den hit.

MVH/Malou

#20 Malou

Malou
  • Gäster

Skrivet 20 januari 2009 - 21:03

View Postandcar, den January 20, 2009, 20:57, skrev:

hej! jag såg :rolleyes:  det o skrev in min senaste log sedan jag gjort det du sa i felsäkert läge.
Jag såg detta efter att jag fått postat mitt sista inlägg  ;)

Följ/gör proceduren i mitt sista ovanstående inlägg gällande SDFix.
Samt döp om filen HiJack This.exe och ingenting annat.

Citat

näe jag vill inte ha kvar dem
Då åtgärdar vi Yahoo Toolbar samt SWEETIE Toolbar skäpet i en senare procedur.


MVH/Malou
Tillbaka till forumet Borttagning av virus och andra skadliga program



  1. alltomwindows.se
  2. Säkerhet
  3. Borttagning av virus och andra skadliga program
  4. Personlig integritet
  5. Forumregler ·