Gå till innehåll

tingbrant

Medlem
 Visa profil  Visa deras aktivitet

  • Innehållsantal

    9

  • Gick med

  • Besökte senast

tingbrant's Achievements

(1/8)

  1. tingbrant
    Malwarebytes Anti-Malware: Malwarebytes' Anti-Malware 1.36 Databasversion: 1952 Windows 5.1.2600 Service Pack 3 2009-04-08 20:32:46 mbam-log-2009-04-08 (20-32-46).txt Skanningstyp: Snabb skanning Antal skannade objekt: 78704 Förfluten tid: 8 minute(s), 24 second(s) Infekterade minnesprocesser: 0 Infekterade minnesmoduler: 0 Infekterade registernycklar: 0 Infekterade registervärden: 0 Infekterade registerdataposter: 1 Infekterade mappar: 0 Infekterade filer: 2 Infekterade minnesprocesser: (Inga illasinnade poster hittades) Infekterade minnesmoduler: (Inga illasinnade poster hittades) Infekterade registernycklar: (Inga illasinnade poster hittades) Infekterade registervärden: (Inga illasinnade poster hittades) Infekterade registerdataposter: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SecurityProviders (Trojan.Agent) -> Data: digest32.dll -> Quarantined and deleted successfully. Infekterade mappar: (Inga illasinnade poster hittades) Infekterade filer: C:\WINDOWS\system32\ieupdates.exe.tmp (Adware.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\digest32.dll (Trojan.Agent) -> Quarantined and deleted successfully. HJT: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 20:37:07, on 2009-04-08 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16791) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program\AVG\AVG8\avgwdsvc.exe C:\Program\McAfee\SiteAdvisor\McSACore.exe C:\WINDOWS\system32\UAService7.exe C:\Program\AVG\AVG8\avgrsx.exe C:\WINDOWS\system32\hkcmd.exe C:\Program\QuickTime\qttask.exe C:\Program\Delade filer\Real\Update_OB\realsched.exe C:\Program\AVG\AVG8\avgtray.exe C:\Program\Messenger\msmsgs.exe C:\WINDOWS\system32\ctfmon.exe C:\Program\Picasa2\PicasaMediaDetector.exe C:\Program\Adobe\Acrobat 7.0\Reader\reader_sl.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\wuauclt.exe C:\Program\Trend Micro\HijackThis\tingbrant.exe.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tsn.ca/nhl/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program\AVG\AVG8\avgssie.dll O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\program\mcafee\SITEAD~1\mcieplg.dll O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\program\mcafee\SITEAD~1\mcieplg.dll O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [TkBellExe] "C:\Program\Delade filer\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [AVG8_TRAY] C:\Program\AVG\AVG8\avgtray.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Picasa Media Detector] C:\Program\Picasa2\PicasaMediaDetector.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKAL TJÄNST') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program\Adobe\Acrobat 7.0\Reader\reader_sl.exe O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Referensinformation - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1160483520046 O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program\AVG\AVG8\avgpp.dll O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\program\mcafee\SITEAD~1\mcieplg.dll O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\Program\AVG\AVG8\avgwdsvc.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program\Delade filer\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program\McAfee\SiteAdvisor\McSACore.exe O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\WINDOWS\system32\UAService7.exe -- End of file - 4639 bytes Än så länge har det inte dykt upp någon ruta, men det brukar ta ett tag innan listan med virus dyker upp. Om datorn går snabbare vet jag inte. Har tagit bort lite annat, som Google Toolbar och Adobe Reader 5.0. Bitcomet var avinstallerat men jag tog bort resten av filerna i mappen. F-secure är nu avinstallerat och CCleaner-rensning har utförts.
  2. tingbrant
    Hej! AVG (resident shield alert) säger att det finns mellan 2-10 infektioner i datorn, oftast gäller det Trojan horse Generic 13.SQJ och Trojan horse small.AU. Dock kan AVG inte ta bort det. Gjorde inte någon städning med CCleaner då AVG säger att det ligger i Temporary internet files. Logga från HJT: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 17:04:17, on 2009-04-07 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16791) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\hkcmd.exe C:\Program\F-Secure\Common\FSM32.EXE C:\Program\QuickTime\qttask.exe C:\Program\Delade filer\Real\Update_OB\realsched.exe C:\Program\AVG\AVG8\avgtray.exe C:\Program\Messenger\msmsgs.exe C:\WINDOWS\system32\ctfmon.exe C:\Program\Picasa2\PicasaMediaDetector.exe C:\Program\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program\AVG\AVG8\avgwdsvc.exe C:\Program\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE C:\Program\F-Secure\Anti-Virus\fsgk32st.exe C:\Program\F-Secure\Anti-Virus\FSGK32.EXE C:\Program\F-Secure\Anti-Virus\fssm32.exe C:\Program\McAfee\SiteAdvisor\McSACore.exe C:\Program\F-Secure\BackWeb\7681197\Program\BackWeb-7681197.exe C:\WINDOWS\system32\UAService7.exe C:\Program\AVG\AVG8\avgrsx.exe C:\Program\F-Secure\Common\FSMA32.EXE C:\Program\F-Secure\Common\FSMB32.EXE C:\Program\F-Secure\Common\FCH32.EXE C:\Program\F-Secure\Common\FAMEH32.EXE C:\WINDOWS\System32\svchost.exe C:\Program\F-Secure\Common\FNRB32.EXE C:\Program\F-Secure\Common\FIH32.EXE C:\Program\F-Secure\Anti-Virus\fsav32.exe C:\Program\Trend Micro\HijackThis\tingbrant.exe.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tsn.ca/nhl/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program\AVG\AVG8\avgssie.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program\Google\Google Toolbar\GoogleToolbar.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\program\mcafee\SITEAD~1\mcieplg.dll O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\program\mcafee\SITEAD~1\mcieplg.dll O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program\Google\Google Toolbar\GoogleToolbar.dll O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program\F-Secure\Common\FSM32.EXE" /splash O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [TkBellExe] "C:\Program\Delade filer\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [AVG8_TRAY] C:\Program\AVG\AVG8\avgtray.exe O4 - HKLM\..\Run: [Windows System Update] C:\WINDOWS\TEMP\CSRSS.EXE O4 - HKLM\..\Run: [Language_Shortcut] C:\WINDOWS\TEMP\IEXPLORE.EXE O4 - HKLM\..\Run: [sYSTRAY_UPDATE] C:\WINDOWS\TEMP\systray.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Picasa Media Detector] C:\Program\Picasa2\PicasaMediaDetector.exe O4 - HKCU\..\Run: [bitComet] "C:\Program\BitComet\BitComet.exe" /tray O4 - HKCU\..\Run: [swg] C:\Program\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKAL TJÄNST') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program\Adobe\Acrobat 7.0\Reader\reader_sl.exe O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Referensinformation - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1160483520046 O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program\AVG\AVG8\avgpp.dll O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\program\mcafee\SITEAD~1\mcieplg.dll O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\Program\AVG\AVG8\avgwdsvc.exe O23 - Service: F-Secure BackWeb (BackWeb Client - 7681197) - Unknown owner - C:\Program\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE O23 - Service: F-Secure BackWeb LAN Access - Unknown owner - C:\Program\F-Secure\BackWeb\7681197\Program\fsbwlan.exe O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corp. - C:\Program\F-Secure\Anti-Virus\fsgk32st.exe O23 - Service: F-Secure Network Request Broker - F-Secure Corporation - C:\Program\F-Secure\Common\FNRB32.EXE O23 - Service: F-Secure Authentication Agent (FSAA) - F-Secure Corporation. All Rights Reserved. - C:\Program\F-Secure\Common\FSAA.EXE O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program\F-Secure\Common\FSMA32.EXE O23 - Service: Google Updater Service (gusvc) - Google - C:\Program\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program\Delade filer\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program\McAfee\SiteAdvisor\McSACore.exe O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\WINDOWS\system32\UAService7.exe -- End of file - 7052 bytes
  3. tingbrant
    ********************************************* 2009-06-06: Tråden är låst då problemet är löst. Tycker du att den är felaktigt låst, var god kontakta Malou ********************************************* oj oj när jag satte på datorn är det ett meddelande Resident Shield alert och sedan kommer det en lång radda med att vi har fått Trojan horse av olika slag i C:/WINDOWS/ och i C:/Documents and settings samt i C:/nopscsdf.exe. 10 filer sammanlagt. Hjälp
  4. tingbrant
    HEJ DET SER BRA UT INGA KONSTIGHETER MED DATORN LÄNGRE, TACK FÖR HJÄLPEN
  5. tingbrant
    Kan tillägga att startsidan ändrades till msn efter smitfraudfix.
  6. tingbrant
    Malwarebytes' Anti-Malware 1.30 Databasversion: 1356 Windows 5.1.2600 Service Pack 3 2008-11-02 19:34:26 mbam-log-2008-11-02 (19-34-26).txt Skanningstyp: Snabb skanning Antal skannade objekt: 49014 Förfluten tid: 5 minute(s), 57 second(s) Infekterade minnesprocesser: 1 Infekterade minnesmoduler: 0 Infekterade registernycklar: 0 Infekterade registervärden: 1 Infekterade registerdataposter: 0 Infekterade mappar: 1 Infekterade filer: 1 Infekterade minnesprocesser: C:ProgramAntivirus 2009av2009.exe (Rogue.Antivirus2008) -> Unloaded process successfully. Infekterade minnesmoduler: (Inga illasinnade poster hittades) Infekterade registernycklar: (Inga illasinnade poster hittades) Infekterade registervärden: HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun39367741328490553921378468521550 (Rogue.Antivirus2008) -> Quarantined and deleted successfully. Infekterade registerdataposter: (Inga illasinnade poster hittades) Infekterade mappar: C:ProgramAntivirus 2009 (Rogue.Antivirus2008) -> Quarantined and deleted successfully. Infekterade filer: C:ProgramAntivirus 2009av2009.exe (Rogue.Antivirus2008) -> Quarantined and deleted successfully. ------------------------------ Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 19:35:52, on 2008-11-02 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16735) Boot mode: Normal Running processes: C:WINDOWSSystem32smss.exe C:WINDOWSsystem32winlogon.exe C:WINDOWSsystem32services.exe C:WINDOWSsystem32lsass.exe C:WINDOWSsystem32svchost.exe C:WINDOWSSystem32svchost.exe C:WINDOWSsystem32spoolsv.exe C:WINDOWSExplorer.EXE C:WINDOWSsystem32hkcmd.exe C:ProgramF-SecureCommonFSM32.EXE C:ProgramQuickTimeqttask.exe C:ProgramMessengermsmsgs.exe C:WINDOWSsystem32ctfmon.exe C:ProgramPicasa2PicasaMediaDetector.exe C:ProgramF-SecureBackWeb7681197ProgramSERVIC~1.EXE C:ProgramF-SecureAnti-Virusfsgk32st.exe C:ProgramF-SecureAnti-VirusFSGK32.EXE C:ProgramF-SecureAnti-Virusfssm32.exe C:ProgramF-SecureBackWeb7681197ProgramBackWeb-7681197.exe C:WINDOWSsystem32UAService7.exe C:ProgramF-SecureCommonFSMA32.EXE C:ProgramF-SecureCommonFSMB32.EXE C:ProgramF-SecureCommonFCH32.EXE C:ProgramF-SecureCommonFAMEH32.EXE C:WINDOWSSystem32svchost.exe C:ProgramF-SecureCommonFNRB32.EXE C:ProgramF-SecureCommonFIH32.EXE C:ProgramF-SecureAnti-Virusfsav32.exe C:ProgramInternet Exploreriexplore.exe C:ProgramTrend MicroHijackThistingbrant.exe.exe R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Länkar O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:ProgramAdobeAcrobat 7.0ActiveXAcroIEHelper.dll O4 - HKLM..Run: [igfxTray] C:WINDOWSsystem32igfxtray.exe O4 - HKLM..Run: [HotKeysCmds] C:WINDOWSsystem32hkcmd.exe O4 - HKLM..Run: [F-Secure Manager] "C:ProgramF-SecureCommonFSM32.EXE" /splash O4 - HKLM..Run: [QuickTime Task] "C:ProgramQuickTimeqttask.exe" -atboottime O4 - HKLM..RunOnce: [Malwarebytes' Anti-Malware] C:ProgramMalwarebytes' Anti-Malwarembamgui.exe /install /silent O4 - HKCU..Run: [MSMSGS] "C:ProgramMessengermsmsgs.exe" /background O4 - HKCU..Run: [ctfmon.exe] C:WINDOWSsystem32ctfmon.exe O4 - HKCU..Run: [Picasa Media Detector] C:ProgramPicasa2PicasaMediaDetector.exe O4 - HKUSS-1-5-19..Run: [CTFMON.EXE] C:WINDOWSSystem32CTFMON.EXE (User 'LOKAL TJÄNST') O4 - HKUSS-1-5-20..Run: [CTFMON.EXE] C:WINDOWSSystem32CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUSS-1-5-18..Run: [CTFMON.EXE] C:WINDOWSSystem32CTFMON.EXE (User 'SYSTEM') O4 - HKUS.DEFAULT..Run: [CTFMON.EXE] C:WINDOWSSystem32CTFMON.EXE (User 'Default user') O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:ProgramAdobeAcrobat 7.0Readerreader_sl.exe O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:ProgramMICROS~2OFFICE11EXCEL.EXE/3000 O9 - Extra button: Referensinformation - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:ProgramMICROS~2OFFICE11REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:WINDOWSNetwork Diagnosticxpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:WINDOWSNetwork Diagnosticxpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:ProgramMessengermsmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:ProgramMessengermsmsgs.exe O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1160483520046 O23 - Service: F-Secure BackWeb (BackWeb Client - 7681197) - Unknown owner - C:ProgramF-SecureBackWeb7681197ProgramSERVIC~1.EXE O23 - Service: F-Secure BackWeb LAN Access - Unknown owner - C:ProgramF-SecureBackWeb7681197Programfsbwlan.exe O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corp. - C:ProgramF-SecureAnti-Virusfsgk32st.exe O23 - Service: F-Secure Network Request Broker - F-Secure Corporation - C:ProgramF-SecureCommonFNRB32.EXE O23 - Service: F-Secure Authentication Agent (FSAA) - F-Secure Corporation. All Rights Reserved. - C:ProgramF-SecureCommonFSAA.EXE O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:ProgramF-SecureCommonFSMA32.EXE O23 - Service: Google Updater Service (gusvc) - Google - C:ProgramGoogleCommonGoogle UpdaterGoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:ProgramDelade filerInstallShieldDriver11Intel 32IDriverT.exe O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:WINDOWSsystem32UAService7.exe -- End of file - 4751 bytes
  7. tingbrant
    Hej! Fortfarande kommer det upp likadana rutor som det gjorde innan, nu vill den även ladda ner uppdateringar. Självklart har jag inte klickat på det. Filen wininet.dll verkar inte vara infekterad eftersom smitfraudfix inte frågade om det. En konstig sak var att programmet aldrig startade om datorn, men det kom en logga. Jag startade om datorn själv. SmitFraudFix v2.371 Scan done at 18:58:14,35, 2008-11-02 Run from C:Documents and SettingsLinnaSkrivbordSmitfraudFix OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT The filesystem type is NTFS Fix run in safe mode »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix !!!Attention, following keys are not inevitably infected!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» Killing process »»»»»»»»»»»»»»»»»»»»»»»» hosts 127.0.0.1 localhost »»»»»»»»»»»»»»»»»»»»»»»» VACFix VACFix Credits: Malware Analysis & Diagnostic Code: S!Ri »»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix S!Ri's WS2Fix: LSP not Found. »»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix GenericRenosFix by S!Ri »»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files C:WINDOWSsystem32ieupdates.exe Deleted C:WINDOWSsystem32scui.cpl Deleted C:Documents and SettingsLinnaApplication DataMicrosoftInternet ExplorerQuick LaunchAntivirus 2009.lnk Deleted C:DOCUME~1LINNA~1START-~1Antivirus 2009 Deleted C:DOCUME~1LINNA~1SKRIVB~1Antivirus 2009.lnk Deleted »»»»»»»»»»»»»»»»»»»»»»»» IEDFix IEDFix Credits: Malware Analysis & Diagnostic Code: S!Ri »»»»»»»»»»»»»»»»»»»»»»»» 404Fix 404Fix Credits: Malware Analysis & Diagnostic Code: S!Ri »»»»»»»»»»»»»»»»»»»»»»»» AntiXPVSTFix AntiXPVSTFix Credits: Malware Analysis & Diagnostic Code: S!Ri »»»»»»»»»»»»»»»»»»»»»»»» RK »»»»»»»»»»»»»»»»»»»»»»»» DNS »»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System !!!Attention, following keys are not inevitably infected!!! [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogon] "System"="" »»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning Registry Cleaning done. »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix !!!Attention, following keys are not inevitably infected!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» End Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 19:08:43, on 2008-11-02 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16735) Boot mode: Normal Running processes: C:WINDOWSSystem32smss.exe C:WINDOWSsystem32winlogon.exe C:WINDOWSsystem32services.exe C:WINDOWSsystem32lsass.exe C:WINDOWSsystem32svchost.exe C:WINDOWSSystem32svchost.exe C:WINDOWSsystem32spoolsv.exe C:WINDOWSExplorer.EXE C:WINDOWSsystem32hkcmd.exe C:ProgramF-SecureCommonFSM32.EXE C:ProgramQuickTimeqttask.exe C:ProgramMessengermsmsgs.exe C:WINDOWSsystem32ctfmon.exe C:ProgramPicasa2PicasaMediaDetector.exe C:ProgramAntivirus 2009av2009.exe C:ProgramAdobeAcrobat 7.0Readerreader_sl.exe C:ProgramF-SecureBackWeb7681197ProgramSERVIC~1.EXE C:ProgramF-SecureAnti-Virusfsgk32st.exe C:ProgramF-SecureAnti-VirusFSGK32.EXE C:ProgramF-SecureAnti-Virusfssm32.exe C:ProgramF-SecureBackWeb7681197ProgramBackWeb-7681197.exe C:WINDOWSsystem32UAService7.exe C:ProgramF-SecureCommonFSMA32.EXE C:ProgramF-SecureCommonFSMB32.EXE C:ProgramF-SecureCommonFCH32.EXE C:ProgramF-SecureCommonFAMEH32.EXE C:WINDOWSSystem32svchost.exe C:ProgramF-SecureCommonFNRB32.EXE C:ProgramF-SecureCommonFIH32.EXE C:ProgramF-SecureAnti-Virusfsav32.exe C:WINDOWSsystem32wuauclt.exe C:WINDOWSsystem32NOTEPAD.EXE C:ProgramInternet Exploreriexplore.exe C:ProgramTrend MicroHijackThistingbrant.exe.exe R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Länkar O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:ProgramAdobeAcrobat 7.0ActiveXAcroIEHelper.dll O4 - HKLM..Run: [igfxTray] C:WINDOWSsystem32igfxtray.exe O4 - HKLM..Run: [HotKeysCmds] C:WINDOWSsystem32hkcmd.exe O4 - HKLM..Run: [F-Secure Manager] "C:ProgramF-SecureCommonFSM32.EXE" /splash O4 - HKLM..Run: [QuickTime Task] "C:ProgramQuickTimeqttask.exe" -atboottime O4 - HKCU..Run: [MSMSGS] "C:ProgramMessengermsmsgs.exe" /background O4 - HKCU..Run: [ctfmon.exe] C:WINDOWSsystem32ctfmon.exe O4 - HKCU..Run: [Picasa Media Detector] C:ProgramPicasa2PicasaMediaDetector.exe O4 - HKCU..Run: [39367741328490553921378468521550] C:ProgramAntivirus 2009av2009.exe O4 - HKUSS-1-5-19..Run: [CTFMON.EXE] C:WINDOWSSystem32CTFMON.EXE (User 'LOKAL TJÄNST') O4 - HKUSS-1-5-20..Run: [CTFMON.EXE] C:WINDOWSSystem32CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUSS-1-5-18..Run: [CTFMON.EXE] C:WINDOWSSystem32CTFMON.EXE (User 'SYSTEM') O4 - HKUS.DEFAULT..Run: [CTFMON.EXE] C:WINDOWSSystem32CTFMON.EXE (User 'Default user') O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:ProgramAdobeAcrobat 7.0Readerreader_sl.exe O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:ProgramMICROS~2OFFICE11EXCEL.EXE/3000 O9 - Extra button: Referensinformation - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:ProgramMICROS~2OFFICE11REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:WINDOWSNetwork Diagnosticxpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:WINDOWSNetwork Diagnosticxpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:ProgramMessengermsmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:ProgramMessengermsmsgs.exe O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1160483520046 O23 - Service: F-Secure BackWeb (BackWeb Client - 7681197) - Unknown owner - C:ProgramF-SecureBackWeb7681197ProgramSERVIC~1.EXE O23 - Service: F-Secure BackWeb LAN Access - Unknown owner - C:ProgramF-SecureBackWeb7681197Programfsbwlan.exe O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corp. - C:ProgramF-SecureAnti-Virusfsgk32st.exe O23 - Service: F-Secure Network Request Broker - F-Secure Corporation - C:ProgramF-SecureCommonFNRB32.EXE O23 - Service: F-Secure Authentication Agent (FSAA) - F-Secure Corporation. All Rights Reserved. - C:ProgramF-SecureCommonFSAA.EXE O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:ProgramF-SecureCommonFSMA32.EXE O23 - Service: Google Updater Service (gusvc) - Google - C:ProgramGoogleCommonGoogle UpdaterGoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:ProgramDelade filerInstallShieldDriver11Intel 32IDriverT.exe O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:WINDOWSsystem32UAService7.exe -- End of file - 4878 bytes
  8. tingbrant
    Hej! Antivirus 2009 finns inte i lägg till och ta bort program. Kan tillägga att säkerhetscenter finns i en engelsk variant nu, men operativsystemet är svenskt. Fönstret ser exakt ut som det svenska, men med lite annan text på engelska. SmitFraudFix v2.371 Scan done at 17:51:06,28, 2008-11-02 Run from C:Documents and SettingsLinnaSkrivbordSmitfraudFix OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT The filesystem type is NTFS Fix run in normal mode »»»»»»»»»»»»»»»»»»»»»»»» Process C:WINDOWSSystem32smss.exe C:WINDOWSsystem32winlogon.exe C:WINDOWSsystem32services.exe C:WINDOWSsystem32lsass.exe C:WINDOWSsystem32svchost.exe C:WINDOWSSystem32svchost.exe C:WINDOWSExplorer.EXE C:WINDOWSsystem32spoolsv.exe C:WINDOWSsystem32hkcmd.exe C:ProgramF-SecureCommonFSM32.EXE C:ProgramQuickTimeqttask.exe C:ProgramMessengermsmsgs.exe C:WINDOWSsystem32ctfmon.exe C:ProgramPicasa2PicasaMediaDetector.exe C:ProgramAntivirus 2009av2009.exe C:ProgramF-SecureBackWeb7681197ProgramSERVIC~1.EXE C:ProgramF-SecureAnti-Virusfsgk32st.exe C:ProgramF-SecureAnti-VirusFSGK32.EXE C:ProgramF-SecureAnti-Virusfssm32.exe C:WINDOWSsystem32UAService7.exe C:ProgramF-SecureCommonFSMA32.EXE C:ProgramF-SecureBackWeb7681197ProgramBackWeb-7681197.exe C:ProgramF-SecureCommonFSMB32.EXE C:ProgramF-SecureCommonFCH32.EXE C:ProgramF-SecureCommonFAMEH32.EXE C:WINDOWSSystem32svchost.exe C:ProgramF-SecureCommonFNRB32.EXE C:ProgramF-SecureCommonFIH32.EXE C:ProgramF-SecureAnti-Virusfsav32.exe C:ProgramInternet Exploreriexplore.exe C:WINDOWSsystem32cmd.exe »»»»»»»»»»»»»»»»»»»»»»»» hosts »»»»»»»»»»»»»»»»»»»»»»»» C: »»»»»»»»»»»»»»»»»»»»»»»» C:WINDOWS »»»»»»»»»»»»»»»»»»»»»»»» C:WINDOWSsystem »»»»»»»»»»»»»»»»»»»»»»»» C:WINDOWSWeb »»»»»»»»»»»»»»»»»»»»»»»» C:WINDOWSsystem32 C:WINDOWSsystem32ieupdates.exe FOUND ! C:WINDOWSsystem32scui.cpl FOUND ! »»»»»»»»»»»»»»»»»»»»»»»» C:WINDOWSsystem32LogFiles »»»»»»»»»»»»»»»»»»»»»»»» C:Documents and SettingsLinna »»»»»»»»»»»»»»»»»»»»»»»» C:DOCUME~1LINNA~1LOKALA~1Temp »»»»»»»»»»»»»»»»»»»»»»»» C:Documents and SettingsLinnaApplication Data C:Documents and SettingsLinnaApplication DataMicrosoftInternet ExplorerQuick LaunchAntivirus 2009.lnk FOUND ! »»»»»»»»»»»»»»»»»»»»»»»» Start Menu C:DOCUME~1LINNA~1START-~1Antivirus 2009 FOUND ! »»»»»»»»»»»»»»»»»»»»»»»» C:DOCUME~1LINNA~1FAVORI~1 »»»»»»»»»»»»»»»»»»»»»»»» Desktop C:DOCUME~1LINNA~1SKRIVB~1Antivirus 2009.lnk FOUND ! »»»»»»»»»»»»»»»»»»»»»»»» C:Program »»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys »»»»»»»»»»»»»»»»»»»»»»»» Desktop Components [HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerDesktopComponents0] "Source"="About:Home" "SubscribedURL"="About:Home" "FriendlyName"="Min aktuella startsida" »»»»»»»»»»»»»»»»»»»»»»»» o4Patch !!!Attention, following keys are not inevitably infected!!! o4Patch Credits: Malware Analysis & Diagnostic Code: S!Ri »»»»»»»»»»»»»»»»»»»»»»»» IEDFix !!!Attention, following keys are not inevitably infected!!! IEDFix Credits: Malware Analysis & Diagnostic Code: S!Ri »»»»»»»»»»»»»»»»»»»»»»»» VACFix !!!Attention, following keys are not inevitably infected!!! VACFix Credits: Malware Analysis & Diagnostic Code: S!Ri »»»»»»»»»»»»»»»»»»»»»»»» 404Fix !!!Attention, following keys are not inevitably infected!!! 404Fix Credits: Malware Analysis & Diagnostic Code: S!Ri »»»»»»»»»»»»»»»»»»»»»»»» AntiXPVSTFix !!!Attention, following keys are not inevitably infected!!! AntiXPVSTFix Credits: Malware Analysis & Diagnostic Code: S!Ri »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler !!!Attention, following keys are not inevitably infected!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs !!!Attention, following keys are not inevitably infected!!! [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWindows] "AppInit_DLLs"="" »»»»»»»»»»»»»»»»»»»»»»»» Winlogon !!!Attention, following keys are not inevitably infected!!! [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogon] "Userinit"="C:WINDOWSsystem32userinit.exe," "System"="" »»»»»»»»»»»»»»»»»»»»»»»» RK »»»»»»»»»»»»»»»»»»»»»»»» DNS Description: Intel® PRO/1000 MT Network Connection - Miniport för paketschemaläggning DNS Server Search Order: 208.67.222.222 DNS Server Search Order: 208.67.220.220 HKLMSYSTEMCCSServicesTcpip..{7D69BE39-7D9B-40E0-98D0-234E3A329D03}: DhcpNameServer=208.67.222.222 208.67.220.220 HKLMSYSTEMCS1ServicesTcpip..{7D69BE39-7D9B-40E0-98D0-234E3A329D03}: DhcpNameServer=208.67.222.222 208.67.220.220 HKLMSYSTEMCS2ServicesTcpip..{7D69BE39-7D9B-40E0-98D0-234E3A329D03}: DhcpNameServer=208.67.222.222 208.67.220.220 HKLMSYSTEMCCSServicesTcpipParameters: DhcpNameServer=208.67.222.222 208.67.220.220 HKLMSYSTEMCS1ServicesTcpipParameters: DhcpNameServer=208.67.222.222 208.67.220.220 HKLMSYSTEMCS2ServicesTcpipParameters: DhcpNameServer=208.67.222.222 208.67.220.220 »»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection »»»»»»»»»»»»»»»»»»»»»»»» End
  9. tingbrant
    ********************************************* 2009-01-08: Tråden är nu låst. Tycker du att den är felaktigt låst, var god kontakta Malou ********************************************* Hej! Igår kväll kom det rutor hela tiden som såg ut som ett antivirusprogram. Följde programmets instruktioner (där det stod att det fanns virus i datorn), men det fortsatte poppa upp rutor. Nu misstänker jag att det är ett falskt program, och efter vissa efterforskningar på Google så verkar det stämma. Jag har inte installerat programmet. Hoppas någon kan hjälpa till, skickar med en HJT-logga. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 17:11:07, on 2008-11-02 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16735) Boot mode: Normal Running processes: C:WINDOWSSystem32smss.exe C:WINDOWSsystem32winlogon.exe C:WINDOWSsystem32services.exe C:WINDOWSsystem32lsass.exe C:WINDOWSsystem32svchost.exe C:WINDOWSSystem32svchost.exe C:WINDOWSExplorer.EXE C:WINDOWSsystem32spoolsv.exe C:WINDOWSsystem32hkcmd.exe C:ProgramF-SecureCommonFSM32.EXE C:ProgramQuickTimeqttask.exe C:ProgramMessengermsmsgs.exe C:WINDOWSsystem32ctfmon.exe C:ProgramPicasa2PicasaMediaDetector.exe C:ProgramAntivirus 2009av2009.exe C:ProgramF-SecureBackWeb7681197ProgramSERVIC~1.EXE C:ProgramF-SecureAnti-Virusfsgk32st.exe C:ProgramF-SecureAnti-VirusFSGK32.EXE C:ProgramF-SecureAnti-Virusfssm32.exe C:WINDOWSsystem32UAService7.exe C:ProgramF-SecureCommonFSMA32.EXE C:ProgramF-SecureBackWeb7681197ProgramBackWeb-7681197.exe C:ProgramF-SecureCommonFSMB32.EXE C:ProgramF-SecureCommonFCH32.EXE C:ProgramF-SecureCommonFAMEH32.EXE C:WINDOWSSystem32svchost.exe C:ProgramF-SecureCommonFNRB32.EXE C:ProgramF-SecureCommonFIH32.EXE C:ProgramF-SecureAnti-Virusfsav32.exe C:ProgramInternet Exploreriexplore.exe C:ProgramTrend MicroHijackThistingbrant.exe.exe R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.lansforsakringar.se/privat/sidor/default.aspx R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://start.tele2.se R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Länkar O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:ProgramAdobeAcrobat 7.0ActiveXAcroIEHelper.dll O4 - HKLM..Run: [igfxTray] C:WINDOWSsystem32igfxtray.exe O4 - HKLM..Run: [HotKeysCmds] C:WINDOWSsystem32hkcmd.exe O4 - HKLM..Run: [F-Secure Manager] "C:ProgramF-SecureCommonFSM32.EXE" /splash O4 - HKLM..Run: [QuickTime Task] "C:ProgramQuickTimeqttask.exe" -atboottime O4 - HKCU..Run: [MSMSGS] "C:ProgramMessengermsmsgs.exe" /background O4 - HKCU..Run: [ctfmon.exe] C:WINDOWSsystem32ctfmon.exe O4 - HKCU..Run: [Picasa Media Detector] C:ProgramPicasa2PicasaMediaDetector.exe O4 - HKCU..Run: [39367741328490553921378468521550] C:ProgramAntivirus 2009av2009.exe O4 - HKUSS-1-5-19..Run: [CTFMON.EXE] C:WINDOWSSystem32CTFMON.EXE (User 'LOKAL TJÄNST') O4 - HKUSS-1-5-20..Run: [CTFMON.EXE] C:WINDOWSSystem32CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUSS-1-5-18..Run: [CTFMON.EXE] C:WINDOWSSystem32CTFMON.EXE (User 'SYSTEM') O4 - HKUS.DEFAULT..Run: [CTFMON.EXE] C:WINDOWSSystem32CTFMON.EXE (User 'Default user') O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:ProgramAdobeAcrobat 7.0Readerreader_sl.exe O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:ProgramMICROS~2OFFICE11EXCEL.EXE/3000 O9 - Extra button: Referensinformation - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:ProgramMICROS~2OFFICE11REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:WINDOWSNetwork Diagnosticxpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:WINDOWSNetwork Diagnosticxpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:ProgramMessengermsmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:ProgramMessengermsmsgs.exe O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1160483520046 O23 - Service: F-Secure BackWeb (BackWeb Client - 7681197) - Unknown owner - C:ProgramF-SecureBackWeb7681197ProgramSERVIC~1.EXE O23 - Service: F-Secure BackWeb LAN Access - Unknown owner - C:ProgramF-SecureBackWeb7681197Programfsbwlan.exe O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corp. - C:ProgramF-SecureAnti-Virusfsgk32st.exe O23 - Service: F-Secure Network Request Broker - F-Secure Corporation - C:ProgramF-SecureCommonFNRB32.EXE O23 - Service: F-Secure Authentication Agent (FSAA) - F-Secure Corporation. All Rights Reserved. - C:ProgramF-SecureCommonFSAA.EXE O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:ProgramF-SecureCommonFSMA32.EXE O23 - Service: Google Updater Service (gusvc) - Google - C:ProgramGoogleCommonGoogle UpdaterGoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:ProgramDelade filerInstallShieldDriver11Intel 32IDriverT.exe O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:WINDOWSsystem32UAService7.exe -- End of file - 5320 bytes
×
×
  • Skapa nytt...