46 svar i den här tråden

[simmesimme]

Hej,
för en månad sen så fick jag virus på datorn och tror att jag lyckades få bort det med hjälp av manuell borttagning.
Är verkligen ingen hacker så jag har inte koll på hur man gör för att ta bort virus manuellt egentligen. Hittar inte den hemsidan
längre och kommer dessvärre inte ihåg vad det viruset hette.

Nu har jag fått Trojan Horse Generic 14 BPXC och blir inte av med det. Har AVG som jag nyligen uppdaterat och nu får jag hela tiden meddelande från resident shield alert.  
process name C:\documents and settings\ägaren\application data\svcst.exe
När jag tar heal så händer inget och felmeddelandet kommer upp igen.

Håller på att göra en avg anitvirusscan nu.

Jättetacksam om jag kan få hjälp med detta. Såg att en annan snubbe fått väldigt bra och ingående hjälp.

/Simme
p.s. har provat systemåterställning men det funkade inte.

[MrO]

Hej! Låt bli systemåterställningen för det löser inte ditt problem!
Följ dessa instruktioner och posta loggarna så får vi se hur det ser ut: http://www.saswsupport.se/?page_id=241
Mvh MrO

[simmesimme]

Ok, här kommer lograpporten från hijackthis:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:55:43 PM, on 10/04/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program\Delade filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program\AVG\AVG8\avgwdsvc.exe
C:\Program\Bonjour\mDNSResponder.exe
C:\Program\Java\jre6\bin\jqs.exe
C:\Program\Delade filer\Nero\Nero BackItUp 4\NBService.exe
C:\Program\AVG\AVG8\avgrsx.exe
C:\Program\AVG\AVG8\avgnsx.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\StkASv2K.exe
C:\Program\Delade filer\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program\AVG\AVG8\avgemc.exe
C:\Program\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\hphmon05.exe
C:\HP\KBD\KBD.EXE
C:\Program\Multimedia Card Reader\shwicon2k.exe
C:\Program\Internet Explorer\iexplore.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program\HP\HP Software Update\HPWuSchd2.exe
C:\Program\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program\Multimedia Keyboard &Mouse Driver\PS2USBKbdDrv.exe
C:\Program\Multimedia Keyboard &Mouse Driver\MouseDrv.exe
C:\Program\Internet Explorer\iexplore.exe
C:\Program\AVG\AVG8\avgtray.exe
C:\Program\iTunes\iTunesHelper.exe
C:\Program\Java\jre6\bin\jusched.exe
C:\Program\Enigma Software Group\SpyHunter\SpyHunter3.exe
C:\Program\HPPAVI~1\Pavilion\XPHWWBP4\plugin\bin\PCHButton.exe
C:\Program\MSN Messenger\MsnMsgr.Exe
C:\Program\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program\Registry Mechanic\RegMech.exe
C:\Documents and Settings\Ägaren\Application Data\svcst.exe
C:\Program\iPod\bin\iPodService.exe
C:\Program\HP\Digital Imaging\bin\hpqtra08.exe
C:\Documents and Settings\Ägaren\Application Data\seres.exe
C:\Program\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program\Logitech\SetPoint\SetPoint.exe
C:\Program\Mio Technology\MioSync\mioSync.exe
C:\Program\Nikon\PictureProject\NkbMonitor.exe
C:\Program\Delade filer\Logitech\khalshared\KHALMNPR.EXE
C:\Program\HP\hpcoretech\comp\hptskmgr.exe
C:\Program\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\notepad.exe
C:\Program\Trend Micro\HijackThis\HijackThis.exe
C:\Program\Trend Micro\HijackThis\simmesimme.exe.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.se/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =

http://red.clientapp...com/ext/search/

search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =

http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer - Tele2
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride =

localhost;*.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} -

C:\Program\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} -

C:\Program\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL (file missing)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -

C:\Program\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} -

C:\Program\MyWebSearch\bar\1.bin\MWSBAR.DLL (file missing)
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -

C:\Program\AVG\AVG8\avgssie.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} -

C:\Program\Delade filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} -

C:\Program\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} -

C:\Program\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} -

C:\Program\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} -

C:\Program\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} -

C:\Program\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} -

C:\Program\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: HP-vy - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program\HP\Digital

Imaging\bin\hpdtlk02.dll
O3 - Toolbar: My &Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} -

C:\Program\MyWebSearch\bar\1.bin\MWSBAR.DLL (file missing)
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} -

C:\Program\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} -

C:\Program\AVG\AVG8\Toolbar\IEToolbar.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HPHUPD05]

c:\Program\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [UpdateManager] "C:\Program\Delade filer\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [Sunkist2k] C:\Program\Multimedia Card Reader\shwicon2k.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [Trickler] "c:\documents and settings\ägaren\lokala

inställningar\temp\fsg_tmp\ginst_001_1234_4201.exe"
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program\Delade filer\Microsoft Shared\Works

Shared\WkUFind.exe
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\Program\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [WireLessKeyboard] C:\Program\Multimedia Keyboard &Mouse Driver\StartAutorun.exe

PS2USBKbdDrv.exe
O4 - HKLM\..\Run: [WireLessMouse] C:\Program\Multimedia Keyboard &Mouse Driver\StartAutorun.exe

MouseDrv.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program\Delade filer\Apple\Mobile Device

Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [UVS10 Preload] C:\Program\Ulead Systems\Ulead VideoStudio SE DVD\uvPL.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [AVG8_TRAY] C:\Program\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [12439844] C:\Documents and Settings\All Users\Application

Data\12439844\12439844.exe
O4 - HKLM\..\Run: [SpyHunter Security Suite] C:\Program\Enigma Software

Group\SpyHunter\SpyHunter3.exe
O4 - HKCU\..\Run: [Acme.PCHButton]

C:\Program\HPPAVI~1\Pavilion\XPHWWBP4\plugin\bin\PCHButton.exe
O4 - HKCU\..\Run: [BackupNotify] c:\Program\HP\Digital Imaging\bin\backupnotify.exe
O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\Program\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe"

AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [RegistryMechanic] C:\Program\Registry Mechanic\RegMech.exe /H
O4 - HKCU\..\Run: [mserv] C:\Documents and Settings\Ägaren\Application Data\svcst.exe
O4 - HKCU\..\Run: [svchost] C:\Documents and Settings\Ägaren\Application Data\svcst.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKAL TJÄNST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK

SERVICE')
O4 - HKUS\S-1-5-21-3921386975-2091070572-569705731-501\..\Run: [RecordNow!]  (User 'Gäst')
O4 - HKUS\S-1-5-21-3921386975-2091070572-569705731-501\..\Run: [QuickTime Task]

"C:\Program\QuickTime\qttask.exe" -atboottime (User 'Gäst')
O4 - HKUS\S-1-5-21-3921386975-2091070572-569705731-501\..\Run: [swg]

C:\Program\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'Gäst')
O4 - HKUS\S-1-5-21-3921386975-2091070572-569705731-501\..\Run: [BackupNotify]

c:\Program\HP\Digital Imaging\bin\backupnotify.exe (User 'Gäst')
O4 - Startup: MyWebSearch Email Plugin.lnk = C:\Program\MyWebSearch\bar\1.bin\MWSOEMON.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program\Adobe\Acrobat

7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program\Logitech\Desktop

Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: MioSync.lnk = C:\Program\Mio Technology\MioSync\mioSync.exe
O4 - Global Startup: MyWebSearch Email Plugin.lnk =

C:\Program\MyWebSearch\bar\1.bin\MWSOEMON.EXE
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program\Nikon\PictureProject\NkbMonitor.exe
O8 - Extra context menu item: &Search - http://bar.mywebsear...html?p=ZNxdm978
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} -

C:\Program\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: PacificPoker4 - {94EDF7B4-4272-4af3-8F8B-4E2F68E225B7} -

C:\Program\PACIFI~1\pacificpoker.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} -

C:\Program\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} -

C:\Program\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network

Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} -

C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -

C:\Program\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -

C:\Program\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://start.tele2.se
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) -

http://upload.facebo...toUploader5.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} -

http://ak.imgfarm.co...etup1.0.0.8.cab
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) -

http://www.mypix.com...geUploader4.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) -

http://game04.zylom....gamesplayer.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} -

http://platformdl.ad...Plus/1.6/gp.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} -

C:\Program\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -

C:\Program\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} -

C:\Program\DELADE~1\Skype\SKYPE4~1.DLL
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program\Google\Google

Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program\Delade filer\Apple\Mobile Device

Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. -

C:\Program\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. -

C:\Program\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program\Bonjour\mDNSResponder.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program\Google\Common\Google

Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program\Delade

filer\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. -

C:\Program\Java\jre6\bin\jqs.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program\Delade filer\Nero\Nero BackItUp

4\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation -

C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Syntek STK1160 Service (StkASSrv) - Syntek America Inc. -

C:\WINDOWS\System32\StkASv2K.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program\Delade

filer\Ulead Systems\DVD\ULCDRSvr.exe

--
End of file - 14734 bytes

MrO, den October 04, 2009, 13:05, skrev:

Hej! Låt bli systemåterställningen för det löser inte ditt problem!
Följ dessa instruktioner och posta loggarna så får vi se hur det ser ut: http://www.saswsupport.se/?page_id=241
Mvh MrO

[MrO]

Hej! Datorn är rätt full i skräp så kör Malwarebytes som det stod om på sidan jag länkade till och avinstallera denna:C:\Program\MyWebSearch
Mvh MrO

[Manneman]

Dubbelpostningen tillrättad och titeln redigerad

Mange

[simmesimme]

MrO, den October 04, 2009, 13:05, skrev:

Hej! Låt bli systemåterställningen för det löser inte ditt problem!
Följ dessa instruktioner och posta loggarna så får vi se hur det ser ut: http://www.saswsupport.se/?page_id=241
Mvh MrO

här kommer malware
Malwarebytes' Anti-Malware 1.41
Databasversion: 2904
Windows 5.1.2600 Service Pack 3

10/04/2009 5:21:28 PM
mbam-log-2009-10-04 (17-21-28).txt

Skanningstyp: Snabb skanning
Antal skannade objekt: 123417
Förfluten tid: 14 minute(s), 49 second(s)

Infekterade minnesprocesser: 2
Infekterade minnesmoduler: 0
Infekterade registernycklar: 61
Infekterade registervärden: 9
Infekterade registerdataposter: 0
Infekterade mappar: 17
Infekterade filer: 45

Infekterade minnesprocesser:
C:\Documents and Settings\Ägaren\Application Data\seres.exe (Trojan.Agent) -> Unloaded process successfully.
C:\Documents and Settings\Ägaren\Application Data\svcst.exe (Trojan.Agent) -> Unloaded process successfully.

Infekterade minnesmoduler:
(Inga illasinnade poster hittades)

Infekterade registernycklar:
HKEY_CLASSES_ROOT\funwebproducts.htmlmenu (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.htmlmenu.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.htmlmenu.2 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.popswatterbarbutton (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.popswatterbarbutton.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.popswattersettingscontrol (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.popswattersettingscontrol.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.outlookaddin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.outlookaddin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearchtoolbar.settingsplugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearchtoolbar.settingsplugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\screensavercontrol.screensaverinstaller (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\screensavercontrol.screensaverinstaller.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{07b18eaa-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{07b18eac-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{2e3537fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{2e9937fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{3e1656ed-f60e-4597-b6aa-b6a58e171495} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{63d0ed2b-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{63d0ed2d-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{6e74766c-4d93-4cc0-96d1-47b8e07ff9ca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{741de825-a6f0-4497-9aa6-8023cf9b0fff} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{7473d291-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{de38c398-b328-4f4c-a3ad-1b5e4ed93477} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{07b18ea1-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{1e0de227-5ce4-4ea3-ab0c-8b03e1aa76bc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{63d0ed2c-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{7473d292-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{8e6f1832-9607-4440-8530-13be7c4b1d14} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{938aa51a-996c-4884-98ce-80dd16a5c9da} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{98d9753d-d73b-42d5-8c85-4469cda897ab} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a4730ebe-43a6-443e-9776-36915d323ad3} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a9571378-68a1-443d-b082-284f960c6d17} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{adb01e81-3c79-4272-a0f1-7b2be7a782dc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{07b18ea0-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{29d67d3c-509a-4544-903f-c8c1b8236554} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{7473d290-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{8e6f1830-9607-4440-8530-13be7c4b1d14} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{e47caee0-deea-464a-9326-3f2801535a4d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{f42228fb-e84e-479e-b922-fbbd096e792c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea1-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{07b18ea1-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Outlook\Addins\MyWebSearch.OutlookAddin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Word\Addins\MyWebSearch.OutlookAddin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyWebSearch bar Uninstall (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Infekterade registervärden:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ShellBrowser\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mserv (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\svchost (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Media\WMSDK\Sources\f3PopularScreensavers (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\12439844 (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MyWebSearch Email Plugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RList (Malware.Trace) -> Quarantined and deleted successfully.

Infekterade registerdataposter:
(Inga illasinnade poster hittades)

Infekterade mappar:
C:\Documents and Settings\All Users\Application Data\12439844 (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program\FunWebProducts\ScreenSaver (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program\FunWebProducts\ScreenSaver\Images (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program\FunWebProducts\Shared (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program\FunWebProducts\Shared\Cache (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program\MyWebSearch\bar (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program\MyWebSearch\bar\1.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program\MyWebSearch\bar\Cache (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program\MyWebSearch\bar\Game (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program\MyWebSearch\bar\History (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program\MyWebSearch\bar\Settings (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program\MyWebSearch\SrchAstt (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program\MyWebSearch\SrchAstt\1.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program\MyWebSearch\SrchAstt\Cache (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program\MyWebSearch\SrchAstt\Settings (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Infekterade filer:
C:\Documents and Settings\Ägaren\Lokala inställningar\Temp\TMPDB.tmp (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\12439844\12439844 (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\12439844\pc12439844ins (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program\FunWebProducts\ScreenSaver\Images\00C4F3AD.urr (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program\FunWebProducts\Shared\Cache\CursorManiaBtn.html (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program\FunWebProducts\Shared\Cache\MailStampBtn.html (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program\FunWebProducts\Shared\Cache\MyStationeryBtn.html (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program\FunWebProducts\Shared\Cache\SmileyCentralBtn.html (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program\MyWebSearch\bar\1.bin\F3BKGERR.JPG (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program\MyWebSearch\bar\1.bin\F3PSSAVR.SCR (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program\MyWebSearch\bar\1.bin\F3RESTUB.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program\MyWebSearch\bar\1.bin\F3SPACER.WMV (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program\MyWebSearch\bar\1.bin\F3WALLPP.DAT (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program\MyWebSearch\bar\1.bin\F3WPHOOK.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program\MyWebSearch\bar\Cache\0011CF24 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program\MyWebSearch\bar\Cache\00BE1F14.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program\MyWebSearch\bar\Cache\00BE8272.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program\MyWebSearch\bar\Cache\00BEB375.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program\MyWebSearch\bar\Cache\00BECA77.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program\MyWebSearch\bar\Cache\00BEDF48.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program\MyWebSearch\bar\Cache\00BEFD8E.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program\MyWebSearch\bar\Cache\00BF21B0.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program\MyWebSearch\bar\Cache\00BF58BD.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program\MyWebSearch\bar\Cache\00BF858A.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program\MyWebSearch\bar\Cache\00BFA910.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program\MyWebSearch\bar\Cache\00EE4AEE.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program\MyWebSearch\bar\Cache\01019921.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program\MyWebSearch\bar\Cache\0101A815.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program\MyWebSearch\bar\Cache\files.ini (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program\MyWebSearch\bar\Game\CHECKERS.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program\MyWebSearch\bar\Game\CHESS.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program\MyWebSearch\bar\Game\REVERSI.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program\MyWebSearch\bar\History\search (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program\MyWebSearch\bar\Settings\prevcfg.htm (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program\MyWebSearch\bar\Settings\settings.dat (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program\MyWebSearch\bar\Settings\settings.htm (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program\MyWebSearch\bar\Settings\s_pid.dat (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program\MyWebSearch\SrchAstt\Cache\00B5C543 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program\MyWebSearch\SrchAstt\Cache\00B5D2B1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program\MyWebSearch\SrchAstt\Cache\files.ini (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program\MyWebSearch\SrchAstt\Settings\prevcfg.htm (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ägaren\Application Data\seres.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ägaren\Application Data\svcst.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ägaren\Application Data\wiaserva.log (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\f3pssavr.scr (Trojan.Agent) -> Quarantined and deleted successfully.

[simmesimme]

MrO, den October 04, 2009, 17:12, skrev:

Hej! Datorn är rätt full i skräp så kör Malwarebytes som det stod om på sidan jag länkade till och avinstallera denna:C:\Program\MyWebSearch
Mvh MrO

Kanon, har kört malware nu.

hur avinstellarar jag mywebsearch? hittar den inte på datorn

[MrO]

Oj det var inte lite skräp i den datorn du! Starta om datorn och skanna med Malwarebytes igen och kör en ny Hijackthis som du postar båda loggarna ifrån så får jag se hur det ser ut nu!
Mvh MrO

[simmesimme]

MrO, den October 04, 2009, 17:33, skrev:

Oj det var inte lite skräp i den datorn du! Starta om datorn och skanna med Malwarebytes igen och kör en ny Hijackthis som du postar båda loggarna ifrån så får jag se hur det ser ut nu!
Mvh MrO

Nä, här har det inte rensats inte... på tiden.
ny hijacklog:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:37:57 PM, on 10/04/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe

[MrO]

Hela HJT loggan tack + en ny från Malwarebytes om den hittade nåt andra svängen!

[simmesimme]

MrO, den October 04, 2009, 17:33, skrev:

Oj det var inte lite skräp i den datorn du! Starta om datorn och skanna med Malwarebytes igen och kör en ny Hijackthis som du postar båda loggarna ifrån så får jag se hur det ser ut nu!
Mvh MrO

malwarelog:

Malwarebytes' Anti-Malware 1.41
Databasversion: 2904
Windows 5.1.2600 Service Pack 3

10/04/2009 5:57:04 PM
mbam-log-2009-10-04 (17-57-04).txt

Skanningstyp: Snabb skanning
Antal skannade objekt: 123085
Förfluten tid: 14 minute(s), 17 second(s)

Infekterade minnesprocesser: 0
Infekterade minnesmoduler: 0
Infekterade registernycklar: 0
Infekterade registervärden: 0
Infekterade registerdataposter: 0
Infekterade mappar: 0
Infekterade filer: 0

Infekterade minnesprocesser:
(Inga illasinnade poster hittades)

Infekterade minnesmoduler:
(Inga illasinnade poster hittades)

Infekterade registernycklar:
(Inga illasinnade poster hittades)

Infekterade registervärden:
(Inga illasinnade poster hittades)

Infekterade registerdataposter:
(Inga illasinnade poster hittades)

Infekterade mappar:
(Inga illasinnade poster hittades)

Infekterade filer:
(Inga illasinnade poster hittades)

[simmesimme]

MrO, den October 04, 2009, 17:47, skrev:

Hela HJT loggan tack + en ny från Malwarebytes om den hittade nåt andra svängen!

oj... missa lite ja. Här kommer den:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:37:57 PM, on 10/04/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program\Delade filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program\AVG\AVG8\avgwdsvc.exe
C:\Program\Bonjour\mDNSResponder.exe
C:\Program\Java\jre6\bin\jqs.exe
C:\Program\Delade filer\Nero\Nero BackItUp 4\NBService.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\StkASv2K.exe
C:\Program\Delade filer\Ulead Systems\DVD\ULCDRSvr.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\hphmon05.exe
C:\HP\KBD\KBD.EXE
C:\Program\Delade filer\Sonic\Update Manager\sgtray.exe
C:\Program\Multimedia Card Reader\shwicon2k.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program\HP\HP Software Update\HPWuSchd2.exe
C:\Program\AVG\AVG8\avgemc.exe
C:\Program\HP\hpcoretech\hpcmpmgr.exe
C:\Program\AVG\AVG8\avgrsx.exe
C:\Program\AVG\AVG8\avgnsx.exe
C:\Program\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program\Multimedia Keyboard &Mouse Driver\MouseDrv.exe
C:\Program\Multimedia Keyboard &Mouse Driver\PS2USBKbdDrv.exe
C:\Program\AVG\AVG8\avgtray.exe
C:\Program\iTunes\iTunesHelper.exe
C:\Program\Java\jre6\bin\jusched.exe
C:\Program\Enigma Software Group\SpyHunter\SpyHunter3.exe
C:\Program\HPPAVI~1\Pavilion\XPHWWBP4\plugin\bin\PCHButton.exe
C:\WINDOWS\System32\alg.exe
C:\Program\MSN Messenger\MsnMsgr.Exe
C:\Program\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program\HP\hpcoretech\comp\hptskmgr.exe
C:\Program\Registry Mechanic\RegMech.exe
C:\Program\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program\Logitech\SetPoint\SetPoint.exe
C:\Program\iPod\bin\iPodService.exe
C:\Program\Mio Technology\MioSync\mioSync.exe
C:\Program\Nikon\PictureProject\NkbMonitor.exe
C:\Program\Delade filer\Logitech\khalshared\KHALMNPR.EXE
C:\Program\Internet Explorer\iexplore.exe
C:\Program\Internet Explorer\iexplore.exe
C:\Program\Trend Micro\HijackThis\simmesimme.exe.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.se/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapp...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer - Tele2
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;*.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program\AVG\AVG8\avgssie.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program\Delade filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: HP-vy - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program\HP\Digital Imaging\bin\hpdtlk02.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program\AVG\AVG8\Toolbar\IEToolbar.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Program\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [UpdateManager] "C:\Program\Delade filer\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [Sunkist2k] C:\Program\Multimedia Card Reader\shwicon2k.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [Trickler] "c:\documents and settings\ägaren\lokala inställningar\temp\fsg_tmp\ginst_001_1234_4201.exe"
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program\Delade filer\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [WireLessKeyboard] C:\Program\Multimedia Keyboard &Mouse Driver\StartAutorun.exe PS2USBKbdDrv.exe
O4 - HKLM\..\Run: [WireLessMouse] C:\Program\Multimedia Keyboard &Mouse Driver\StartAutorun.exe MouseDrv.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program\Delade filer\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [UVS10 Preload] C:\Program\Ulead Systems\Ulead VideoStudio SE DVD\uvPL.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [AVG8_TRAY] C:\Program\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [SpyHunter Security Suite] C:\Program\Enigma Software Group\SpyHunter\SpyHunter3.exe
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [Acme.PCHButton] C:\Program\HPPAVI~1\Pavilion\XPHWWBP4\plugin\bin\PCHButton.exe
O4 - HKCU\..\Run: [BackupNotify] c:\Program\HP\Digital Imaging\bin\backupnotify.exe
O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\Program\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [RegistryMechanic] C:\Program\Registry Mechanic\RegMech.exe /H
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKAL TJÄNST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-3921386975-2091070572-569705731-501\..\Run: [RecordNow!]  (User 'Gäst')
O4 - HKUS\S-1-5-21-3921386975-2091070572-569705731-501\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe" -atboottime (User 'Gäst')
O4 - HKUS\S-1-5-21-3921386975-2091070572-569705731-501\..\Run: [swg] C:\Program\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'Gäst')
O4 - HKUS\S-1-5-21-3921386975-2091070572-569705731-501\..\Run: [BackupNotify] c:\Program\HP\Digital Imaging\bin\backupnotify.exe (User 'Gäst')
O4 - Startup: MyWebSearch Email Plugin.lnk = C:\Program\MyWebSearch\bar\1.bin\MWSOEMON.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: MioSync.lnk = C:\Program\Mio Technology\MioSync\mioSync.exe
O4 - Global Startup: MyWebSearch Email Plugin.lnk = C:\Program\MyWebSearch\bar\1.bin\MWSOEMON.EXE
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program\Nikon\PictureProject\NkbMonitor.exe
O8 - Extra context menu item: &Search - http://bar.mywebsear...html?p=ZNxdm978
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: PacificPoker4 - {94EDF7B4-4272-4af3-8F8B-4E2F68E225B7} - C:\Program\PACIFI~1\pacificpoker.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://start.tele2.se
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebo...toUploader5.cab
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.mypix.com...geUploader4.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game04.zylom....gamesplayer.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.ad...Plus/1.6/gp.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program\DELADE~1\Skype\SKYPE4~1.DLL
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program\Delade filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\Program\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\Program\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program\Bonjour\mDNSResponder.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program\Delade filer\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program\Java\jre6\bin\jqs.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program\Delade filer\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Syntek STK1160 Service (StkASSrv) - Syntek America Inc. - C:\WINDOWS\System32\StkASv2K.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program\Delade filer\Ulead Systems\DVD\ULCDRSvr.exe

--
End of file - 13826 bytes

[MrO]

Det finns en del skräp kvar ser jag så vi får ta till ett skarpare verktyg som ComboFix!

ComboFix för Windows XP och Windows Vista:

Skriv ut nedanstående eller kopiera det till ett textdokument och spara det till skrivbordet:
Läs/Följ Instruktionerna mycket noga

ComboFix förhindrar automatisk körning av CD, disketter och USB-enheter för att göra det lättare att rensa datorn och skydda datorn mot infektioner i framtiden. Det kan bli problem t ex om du har internet via ett USB-modem eller USB-nätverkskort.
Säg då till i stället för att köra ComboFix.

Hämta hem ComboFix från nedanstående länk
=> ComboFix.exe

1: Spara ComboFix till skrivbordet "Mycket viktigt"
Stäng av alla program du ser inklusive antivirusprogram, antispionprogram. Men låt brandväggen vara på.
2: Dubbelklicka på ComboFix för att starta den
(För Vista-användare: Högerklicka och välj Kör som Administratör:)
3: Följ anvisningarna som visas på skärmen.


4: Om du får förfrågan om du vill installera återställningskonsolen så svara ja.
Denna gör det möjligt att starta datorn i ett särskild återställningsläge vilket kan vara bra om något händer med datorn under de kommande procedurerna.
5: När den är färdig så skall en text-logg komma upp, kopiera och klistra in den hit till din tråd
Kan även hittas här => (C:\ComboFix.txt)
6: Gör en ny TM HJT-logg, kopiera även in den.

VIKTIGT! Klicka INTE på Combofix-fönstret med musen när ComboFix körs annars kan scanningen hänga upp sig.

VIKTIGT: Kontrollera att antivirusprogram/antispionprogram mm är återaktiverade innan du ansluter till Internet.

OBSERVERA:
Verktyget/Programmet kan ge problem med uppkopplingen (tex trådlös).
Om problem uppstår prova då nedanstående.
Gå till => Kontrollpanelen => Nätverksanslutningar => högerklicka på din Internetanslutning => välj Reparera
Och/Eller
Starta om datorn.

OBS:
Kopiera INTE in loggan (textfilen) som bifogad fil ej heller inom code-taggar eller annat.
Kopiera/klistra in loggan DIREKT i ditt inlägg.

Lycka till
Mvh MrO

[Mickilina]

När man ber om loggar från trådskaparen, kanske kunde man hänvisa till rätt forumskategori samtidigt.
Flyttar tråden.

//Mickilina

[MrO]

Oj  jag  trodde faktiskt att den modd som tog bort dubbelpostningen flyttade tråden,ber så hemskt mycket om ursäkt då!!
Mvh MrO

[Mickilina]

MrO, den October 04, 2009, 18:50, skrev:

Oj  jag  trodde faktiskt att den modd som tog bort dubbelpostningen flyttade tråden,ber så hemskt mycket om ursäkt då!!
Mvh MrO

Ingen anledning att be om ursäkta, men för nästa gång, den lär komma också  

//Mickilina

[simmesimme]

Mickilina, den October 04, 2009, 19:01, skrev:

Ingen anledning att be om ursäkta, men för nästa gång, den lär komma också  

//Mickilina

Inga problem, jag hittade den. Logiskt att jag skulle postat här från början egentligen. Har laddat ner combofix-programmet men lyckas inte stänga/inaktviera ner avg virusprogrammet och törs inte köra programmet innan jag lyckats med detta.
Har ni koll på var jag gör det? Sorry om man är lite noob här men verkligen mycket tacksam för hjälpen!

/S

Det här inlägget har redigerats av simmesimme: 04 oktober 2009 - 18:15

[MrO]

Kolla på denna sida så hittar du instruktioner: http://www.bleepingc...opic114351.html

[simmesimme]

MrO, den October 04, 2009, 19:20, skrev:

Kolla på denna sida så hittar du instruktioner: http://www.bleepingc...opic114351.html

Stämmer länken...? verkar inte vilja öppas. eller måste jag registera mig på hemsidan deras?

[MrO]

Nej jag har inga problem att öppna den men jag postar väl instruktionerna om det är så att du blockas av nån anledning!

AVG 8
Please open the AVG 8 Control Center, by right clicking on the AVG 8 icon on task bar.

    * Click on Tools.
    * Select Advanced.
    * In the left hand pane, scroll down to "Resident Shield".
    * In the main pane, deselect the option to "Enable Resident Shield."
    * To re-enable AVG 8, please select "Enable Resident Shield" again.

AVG 8.5
Please open the AVG 8.5 Control Center, by right clicking on the AVG icon on task bar.

    * Click on Open AVG Interface.
    * Double click on Resident Shield
    * Deselect the option to "Enable Resident Shield."
    * Save changes, and exit the application.
    * To re-enable AVG 8.5, please select "Enable Resident Shield" again.