tingbrant
-
Innehållsantal
9 -
Gick med
-
Besökte senast
Inlägg postade av tingbrant
-
-
Hej!
AVG (resident shield alert) säger att det finns mellan 2-10 infektioner i datorn, oftast gäller det Trojan horse Generic 13.SQJ och Trojan horse small.AU. Dock kan AVG inte ta bort det. Gjorde inte någon städning med CCleaner då AVG säger att det ligger i Temporary internet files.
Logga från HJT:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:04:17, on 2009-04-07
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\Program\F-Secure\Common\FSM32.EXE
C:\Program\QuickTime\qttask.exe
C:\Program\Delade filer\Real\Update_OB\realsched.exe
C:\Program\AVG\AVG8\avgtray.exe
C:\Program\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program\Picasa2\PicasaMediaDetector.exe
C:\Program\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program\AVG\AVG8\avgwdsvc.exe
C:\Program\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
C:\Program\F-Secure\Anti-Virus\fsgk32st.exe
C:\Program\F-Secure\Anti-Virus\FSGK32.EXE
C:\Program\F-Secure\Anti-Virus\fssm32.exe
C:\Program\McAfee\SiteAdvisor\McSACore.exe
C:\Program\F-Secure\BackWeb\7681197\Program\BackWeb-7681197.exe
C:\WINDOWS\system32\UAService7.exe
C:\Program\AVG\AVG8\avgrsx.exe
C:\Program\F-Secure\Common\FSMA32.EXE
C:\Program\F-Secure\Common\FSMB32.EXE
C:\Program\F-Secure\Common\FCH32.EXE
C:\Program\F-Secure\Common\FAMEH32.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program\F-Secure\Common\FNRB32.EXE
C:\Program\F-Secure\Common\FIH32.EXE
C:\Program\F-Secure\Anti-Virus\fsav32.exe
C:\Program\Trend Micro\HijackThis\tingbrant.exe.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tsn.ca/nhl/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program\AVG\AVG8\avgssie.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\program\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\program\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program\F-Secure\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program\Delade filer\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AVG8_TRAY] C:\Program\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [Windows System Update] C:\WINDOWS\TEMP\CSRSS.EXE
O4 - HKLM\..\Run: [Language_Shortcut] C:\WINDOWS\TEMP\IEXPLORE.EXE
O4 - HKLM\..\Run: [sYSTRAY_UPDATE] C:\WINDOWS\TEMP\systray.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Picasa Media Detector] C:\Program\Picasa2\PicasaMediaDetector.exe
O4 - HKCU\..\Run: [bitComet] "C:\Program\BitComet\BitComet.exe" /tray
O4 - HKCU\..\Run: [swg] C:\Program\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKAL TJÄNST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Referensinformation - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1160483520046
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program\AVG\AVG8\avgpp.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\program\mcafee\SITEAD~1\mcieplg.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\Program\AVG\AVG8\avgwdsvc.exe
O23 - Service: F-Secure BackWeb (BackWeb Client - 7681197) - Unknown owner - C:\Program\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
O23 - Service: F-Secure BackWeb LAN Access - Unknown owner - C:\Program\F-Secure\BackWeb\7681197\Program\fsbwlan.exe
O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corp. - C:\Program\F-Secure\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Network Request Broker - F-Secure Corporation - C:\Program\F-Secure\Common\FNRB32.EXE
O23 - Service: F-Secure Authentication Agent (FSAA) - F-Secure Corporation. All Rights Reserved. - C:\Program\F-Secure\Common\FSAA.EXE
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program\F-Secure\Common\FSMA32.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program\Delade filer\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\WINDOWS\system32\UAService7.exe
--
End of file - 7052 bytes
-
*********************************************
2009-06-06:
Tråden är låst då problemet är löst.
Tycker du att den är felaktigt låst, var god kontakta
*********************************************
oj oj när jag satte på datorn är det ett meddelande Resident Shield alert och sedan kommer det en lång radda med att vi har fått Trojan horse av olika slag i C:/WINDOWS/ och i C:/Documents and settings samt i C:/nopscsdf.exe. 10 filer sammanlagt. Hjälp
-
HEJ DET SER BRA UT INGA KONSTIGHETER MED DATORN LÄNGRE, TACK FÖR HJÄLPEN
-
Kan tillägga att startsidan ändrades till msn efter smitfraudfix.
-
Malwarebytes' Anti-Malware 1.30
Databasversion: 1356
Windows 5.1.2600 Service Pack 3
2008-11-02 19:34:26
mbam-log-2008-11-02 (19-34-26).txt
Skanningstyp: Snabb skanning
Antal skannade objekt: 49014
Förfluten tid: 5 minute(s), 57 second(s)
Infekterade minnesprocesser: 1
Infekterade minnesmoduler: 0
Infekterade registernycklar: 0
Infekterade registervärden: 1
Infekterade registerdataposter: 0
Infekterade mappar: 1
Infekterade filer: 1
Infekterade minnesprocesser:
C:ProgramAntivirus 2009av2009.exe (Rogue.Antivirus2008) -> Unloaded process successfully.
Infekterade minnesmoduler:
(Inga illasinnade poster hittades)
Infekterade registernycklar:
(Inga illasinnade poster hittades)
Infekterade registervärden:
HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun39367741328490553921378468521550 (Rogue.Antivirus2008) -> Quarantined and deleted successfully.
Infekterade registerdataposter:
(Inga illasinnade poster hittades)
Infekterade mappar:
C:ProgramAntivirus 2009 (Rogue.Antivirus2008) -> Quarantined and deleted successfully.
Infekterade filer:
C:ProgramAntivirus 2009av2009.exe (Rogue.Antivirus2008) -> Quarantined and deleted successfully.
------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:35:52, on 2008-11-02
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal
Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32spoolsv.exe
C:WINDOWSExplorer.EXE
C:WINDOWSsystem32hkcmd.exe
C:ProgramF-SecureCommonFSM32.EXE
C:ProgramQuickTimeqttask.exe
C:ProgramMessengermsmsgs.exe
C:WINDOWSsystem32ctfmon.exe
C:ProgramPicasa2PicasaMediaDetector.exe
C:ProgramF-SecureBackWeb7681197ProgramSERVIC~1.EXE
C:ProgramF-SecureAnti-Virusfsgk32st.exe
C:ProgramF-SecureAnti-VirusFSGK32.EXE
C:ProgramF-SecureAnti-Virusfssm32.exe
C:ProgramF-SecureBackWeb7681197ProgramBackWeb-7681197.exe
C:WINDOWSsystem32UAService7.exe
C:ProgramF-SecureCommonFSMA32.EXE
C:ProgramF-SecureCommonFSMB32.EXE
C:ProgramF-SecureCommonFCH32.EXE
C:ProgramF-SecureCommonFAMEH32.EXE
C:WINDOWSSystem32svchost.exe
C:ProgramF-SecureCommonFNRB32.EXE
C:ProgramF-SecureCommonFIH32.EXE
C:ProgramF-SecureAnti-Virusfsav32.exe
C:ProgramInternet Exploreriexplore.exe
C:ProgramTrend MicroHijackThistingbrant.exe.exe
R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Länkar
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:ProgramAdobeAcrobat 7.0ActiveXAcroIEHelper.dll
O4 - HKLM..Run: [igfxTray] C:WINDOWSsystem32igfxtray.exe
O4 - HKLM..Run: [HotKeysCmds] C:WINDOWSsystem32hkcmd.exe
O4 - HKLM..Run: [F-Secure Manager] "C:ProgramF-SecureCommonFSM32.EXE" /splash
O4 - HKLM..Run: [QuickTime Task] "C:ProgramQuickTimeqttask.exe" -atboottime
O4 - HKLM..RunOnce: [Malwarebytes' Anti-Malware] C:ProgramMalwarebytes' Anti-Malwarembamgui.exe /install /silent
O4 - HKCU..Run: [MSMSGS] "C:ProgramMessengermsmsgs.exe" /background
O4 - HKCU..Run: [ctfmon.exe] C:WINDOWSsystem32ctfmon.exe
O4 - HKCU..Run: [Picasa Media Detector] C:ProgramPicasa2PicasaMediaDetector.exe
O4 - HKUSS-1-5-19..Run: [CTFMON.EXE] C:WINDOWSSystem32CTFMON.EXE (User 'LOKAL TJÄNST')
O4 - HKUSS-1-5-20..Run: [CTFMON.EXE] C:WINDOWSSystem32CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUSS-1-5-18..Run: [CTFMON.EXE] C:WINDOWSSystem32CTFMON.EXE (User 'SYSTEM')
O4 - HKUS.DEFAULT..Run: [CTFMON.EXE] C:WINDOWSSystem32CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:ProgramAdobeAcrobat 7.0Readerreader_sl.exe
O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:ProgramMICROS~2OFFICE11EXCEL.EXE/3000
O9 - Extra button: Referensinformation - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:ProgramMICROS~2OFFICE11REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:WINDOWSNetwork Diagnosticxpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:WINDOWSNetwork Diagnosticxpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:ProgramMessengermsmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:ProgramMessengermsmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1160483520046
O23 - Service: F-Secure BackWeb (BackWeb Client - 7681197) - Unknown owner - C:ProgramF-SecureBackWeb7681197ProgramSERVIC~1.EXE
O23 - Service: F-Secure BackWeb LAN Access - Unknown owner - C:ProgramF-SecureBackWeb7681197Programfsbwlan.exe
O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corp. - C:ProgramF-SecureAnti-Virusfsgk32st.exe
O23 - Service: F-Secure Network Request Broker - F-Secure Corporation - C:ProgramF-SecureCommonFNRB32.EXE
O23 - Service: F-Secure Authentication Agent (FSAA) - F-Secure Corporation. All Rights Reserved. - C:ProgramF-SecureCommonFSAA.EXE
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:ProgramF-SecureCommonFSMA32.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:ProgramGoogleCommonGoogle UpdaterGoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:ProgramDelade filerInstallShieldDriver11Intel 32IDriverT.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:WINDOWSsystem32UAService7.exe
--
End of file - 4751 bytes
-
Hej!
Fortfarande kommer det upp likadana rutor som det gjorde innan, nu vill den även ladda ner uppdateringar. Självklart har jag inte klickat på det. Filen wininet.dll verkar inte vara infekterad eftersom smitfraudfix inte frågade om det. En konstig sak var att programmet aldrig startade om datorn, men det kom en logga. Jag startade om datorn själv.
SmitFraudFix v2.371
Scan done at 18:58:14,35, 2008-11-02
Run from C:Documents and SettingsLinnaSkrivbordSmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» Killing process
»»»»»»»»»»»»»»»»»»»»»»»» hosts
127.0.0.1 localhost
»»»»»»»»»»»»»»»»»»»»»»»» VACFix
VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix
S!Ri's WS2Fix: LSP not Found.
»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix
GenericRenosFix by S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files
C:WINDOWSsystem32ieupdates.exe Deleted
C:WINDOWSsystem32scui.cpl Deleted
C:Documents and SettingsLinnaApplication DataMicrosoftInternet ExplorerQuick LaunchAntivirus 2009.lnk Deleted
C:DOCUME~1LINNA~1START-~1Antivirus 2009 Deleted
C:DOCUME~1LINNA~1SKRIVB~1Antivirus 2009.lnk Deleted
»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» AntiXPVSTFix
AntiXPVSTFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» RK
»»»»»»»»»»»»»»»»»»»»»»»» DNS
»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogon]
"System"=""
»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning
Registry Cleaning done.
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» End
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:08:43, on 2008-11-02
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal
Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32spoolsv.exe
C:WINDOWSExplorer.EXE
C:WINDOWSsystem32hkcmd.exe
C:ProgramF-SecureCommonFSM32.EXE
C:ProgramQuickTimeqttask.exe
C:ProgramMessengermsmsgs.exe
C:WINDOWSsystem32ctfmon.exe
C:ProgramPicasa2PicasaMediaDetector.exe
C:ProgramAntivirus 2009av2009.exe
C:ProgramAdobeAcrobat 7.0Readerreader_sl.exe
C:ProgramF-SecureBackWeb7681197ProgramSERVIC~1.EXE
C:ProgramF-SecureAnti-Virusfsgk32st.exe
C:ProgramF-SecureAnti-VirusFSGK32.EXE
C:ProgramF-SecureAnti-Virusfssm32.exe
C:ProgramF-SecureBackWeb7681197ProgramBackWeb-7681197.exe
C:WINDOWSsystem32UAService7.exe
C:ProgramF-SecureCommonFSMA32.EXE
C:ProgramF-SecureCommonFSMB32.EXE
C:ProgramF-SecureCommonFCH32.EXE
C:ProgramF-SecureCommonFAMEH32.EXE
C:WINDOWSSystem32svchost.exe
C:ProgramF-SecureCommonFNRB32.EXE
C:ProgramF-SecureCommonFIH32.EXE
C:ProgramF-SecureAnti-Virusfsav32.exe
C:WINDOWSsystem32wuauclt.exe
C:WINDOWSsystem32NOTEPAD.EXE
C:ProgramInternet Exploreriexplore.exe
C:ProgramTrend MicroHijackThistingbrant.exe.exe
R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Länkar
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:ProgramAdobeAcrobat 7.0ActiveXAcroIEHelper.dll
O4 - HKLM..Run: [igfxTray] C:WINDOWSsystem32igfxtray.exe
O4 - HKLM..Run: [HotKeysCmds] C:WINDOWSsystem32hkcmd.exe
O4 - HKLM..Run: [F-Secure Manager] "C:ProgramF-SecureCommonFSM32.EXE" /splash
O4 - HKLM..Run: [QuickTime Task] "C:ProgramQuickTimeqttask.exe" -atboottime
O4 - HKCU..Run: [MSMSGS] "C:ProgramMessengermsmsgs.exe" /background
O4 - HKCU..Run: [ctfmon.exe] C:WINDOWSsystem32ctfmon.exe
O4 - HKCU..Run: [Picasa Media Detector] C:ProgramPicasa2PicasaMediaDetector.exe
O4 - HKCU..Run: [39367741328490553921378468521550] C:ProgramAntivirus 2009av2009.exe
O4 - HKUSS-1-5-19..Run: [CTFMON.EXE] C:WINDOWSSystem32CTFMON.EXE (User 'LOKAL TJÄNST')
O4 - HKUSS-1-5-20..Run: [CTFMON.EXE] C:WINDOWSSystem32CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUSS-1-5-18..Run: [CTFMON.EXE] C:WINDOWSSystem32CTFMON.EXE (User 'SYSTEM')
O4 - HKUS.DEFAULT..Run: [CTFMON.EXE] C:WINDOWSSystem32CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:ProgramAdobeAcrobat 7.0Readerreader_sl.exe
O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:ProgramMICROS~2OFFICE11EXCEL.EXE/3000
O9 - Extra button: Referensinformation - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:ProgramMICROS~2OFFICE11REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:WINDOWSNetwork Diagnosticxpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:WINDOWSNetwork Diagnosticxpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:ProgramMessengermsmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:ProgramMessengermsmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1160483520046
O23 - Service: F-Secure BackWeb (BackWeb Client - 7681197) - Unknown owner - C:ProgramF-SecureBackWeb7681197ProgramSERVIC~1.EXE
O23 - Service: F-Secure BackWeb LAN Access - Unknown owner - C:ProgramF-SecureBackWeb7681197Programfsbwlan.exe
O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corp. - C:ProgramF-SecureAnti-Virusfsgk32st.exe
O23 - Service: F-Secure Network Request Broker - F-Secure Corporation - C:ProgramF-SecureCommonFNRB32.EXE
O23 - Service: F-Secure Authentication Agent (FSAA) - F-Secure Corporation. All Rights Reserved. - C:ProgramF-SecureCommonFSAA.EXE
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:ProgramF-SecureCommonFSMA32.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:ProgramGoogleCommonGoogle UpdaterGoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:ProgramDelade filerInstallShieldDriver11Intel 32IDriverT.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:WINDOWSsystem32UAService7.exe
--
End of file - 4878 bytes
-
Hej!
Antivirus 2009 finns inte i lägg till och ta bort program. Kan tillägga att säkerhetscenter finns i en engelsk variant nu, men operativsystemet är svenskt. Fönstret ser exakt ut som det svenska, men med lite annan text på engelska.
SmitFraudFix v2.371
Scan done at 17:51:06,28, 2008-11-02
Run from C:Documents and SettingsLinnaSkrivbordSmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode
»»»»»»»»»»»»»»»»»»»»»»»» Process
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSExplorer.EXE
C:WINDOWSsystem32spoolsv.exe
C:WINDOWSsystem32hkcmd.exe
C:ProgramF-SecureCommonFSM32.EXE
C:ProgramQuickTimeqttask.exe
C:ProgramMessengermsmsgs.exe
C:WINDOWSsystem32ctfmon.exe
C:ProgramPicasa2PicasaMediaDetector.exe
C:ProgramAntivirus 2009av2009.exe
C:ProgramF-SecureBackWeb7681197ProgramSERVIC~1.EXE
C:ProgramF-SecureAnti-Virusfsgk32st.exe
C:ProgramF-SecureAnti-VirusFSGK32.EXE
C:ProgramF-SecureAnti-Virusfssm32.exe
C:WINDOWSsystem32UAService7.exe
C:ProgramF-SecureCommonFSMA32.EXE
C:ProgramF-SecureBackWeb7681197ProgramBackWeb-7681197.exe
C:ProgramF-SecureCommonFSMB32.EXE
C:ProgramF-SecureCommonFCH32.EXE
C:ProgramF-SecureCommonFAMEH32.EXE
C:WINDOWSSystem32svchost.exe
C:ProgramF-SecureCommonFNRB32.EXE
C:ProgramF-SecureCommonFIH32.EXE
C:ProgramF-SecureAnti-Virusfsav32.exe
C:ProgramInternet Exploreriexplore.exe
C:WINDOWSsystem32cmd.exe
»»»»»»»»»»»»»»»»»»»»»»»» hosts
»»»»»»»»»»»»»»»»»»»»»»»» C:
»»»»»»»»»»»»»»»»»»»»»»»» C:WINDOWS
»»»»»»»»»»»»»»»»»»»»»»»» C:WINDOWSsystem
»»»»»»»»»»»»»»»»»»»»»»»» C:WINDOWSWeb
»»»»»»»»»»»»»»»»»»»»»»»» C:WINDOWSsystem32
C:WINDOWSsystem32ieupdates.exe FOUND !
C:WINDOWSsystem32scui.cpl FOUND !
»»»»»»»»»»»»»»»»»»»»»»»» C:WINDOWSsystem32LogFiles
»»»»»»»»»»»»»»»»»»»»»»»» C:Documents and SettingsLinna
»»»»»»»»»»»»»»»»»»»»»»»» C:DOCUME~1LINNA~1LOKALA~1Temp
»»»»»»»»»»»»»»»»»»»»»»»» C:Documents and SettingsLinnaApplication Data
C:Documents and SettingsLinnaApplication DataMicrosoftInternet ExplorerQuick LaunchAntivirus 2009.lnk FOUND !
»»»»»»»»»»»»»»»»»»»»»»»» Start Menu
C:DOCUME~1LINNA~1START-~1Antivirus 2009 FOUND !
»»»»»»»»»»»»»»»»»»»»»»»» C:DOCUME~1LINNA~1FAVORI~1
»»»»»»»»»»»»»»»»»»»»»»»» Desktop
C:DOCUME~1LINNA~1SKRIVB~1Antivirus 2009.lnk FOUND !
»»»»»»»»»»»»»»»»»»»»»»»» C:Program
»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys
»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components
[HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerDesktopComponents0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Min aktuella startsida"
»»»»»»»»»»»»»»»»»»»»»»»» o4Patch
!!!Attention, following keys are not inevitably infected!!!
o4Patch
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, following keys are not inevitably infected!!!
IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, following keys are not inevitably infected!!!
VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
!!!Attention, following keys are not inevitably infected!!!
404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» AntiXPVSTFix
!!!Attention, following keys are not inevitably infected!!!
AntiXPVSTFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWindows]
"AppInit_DLLs"=""
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogon]
"Userinit"="C:WINDOWSsystem32userinit.exe,"
"System"=""
»»»»»»»»»»»»»»»»»»»»»»»» RK
»»»»»»»»»»»»»»»»»»»»»»»» DNS
Description: Intel® PRO/1000 MT Network Connection - Miniport för paketschemaläggning
DNS Server Search Order: 208.67.222.222
DNS Server Search Order: 208.67.220.220
HKLMSYSTEMCCSServicesTcpip..{7D69BE39-7D9B-40E0-98D0-234E3A329D03}: DhcpNameServer=208.67.222.222 208.67.220.220
HKLMSYSTEMCS1ServicesTcpip..{7D69BE39-7D9B-40E0-98D0-234E3A329D03}: DhcpNameServer=208.67.222.222 208.67.220.220
HKLMSYSTEMCS2ServicesTcpip..{7D69BE39-7D9B-40E0-98D0-234E3A329D03}: DhcpNameServer=208.67.222.222 208.67.220.220
HKLMSYSTEMCCSServicesTcpipParameters: DhcpNameServer=208.67.222.222 208.67.220.220
HKLMSYSTEMCS1ServicesTcpipParameters: DhcpNameServer=208.67.222.222 208.67.220.220
HKLMSYSTEMCS2ServicesTcpipParameters: DhcpNameServer=208.67.222.222 208.67.220.220
»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection
»»»»»»»»»»»»»»»»»»»»»»»» End
-
*********************************************
2009-01-08:
Tråden är nu låst.
Tycker du att den är felaktigt låst, var god kontakta
*********************************************
Hej!
Igår kväll kom det rutor hela tiden som såg ut som ett antivirusprogram. Följde programmets instruktioner (där det stod att det fanns virus i datorn), men det fortsatte poppa upp rutor. Nu misstänker jag att det är ett falskt program, och efter vissa efterforskningar på Google så verkar det stämma. Jag har inte installerat programmet. Hoppas någon kan hjälpa till, skickar med en HJT-logga.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:11:07, on 2008-11-02
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal
Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSExplorer.EXE
C:WINDOWSsystem32spoolsv.exe
C:WINDOWSsystem32hkcmd.exe
C:ProgramF-SecureCommonFSM32.EXE
C:ProgramQuickTimeqttask.exe
C:ProgramMessengermsmsgs.exe
C:WINDOWSsystem32ctfmon.exe
C:ProgramPicasa2PicasaMediaDetector.exe
C:ProgramAntivirus 2009av2009.exe
C:ProgramF-SecureBackWeb7681197ProgramSERVIC~1.EXE
C:ProgramF-SecureAnti-Virusfsgk32st.exe
C:ProgramF-SecureAnti-VirusFSGK32.EXE
C:ProgramF-SecureAnti-Virusfssm32.exe
C:WINDOWSsystem32UAService7.exe
C:ProgramF-SecureCommonFSMA32.EXE
C:ProgramF-SecureBackWeb7681197ProgramBackWeb-7681197.exe
C:ProgramF-SecureCommonFSMB32.EXE
C:ProgramF-SecureCommonFCH32.EXE
C:ProgramF-SecureCommonFAMEH32.EXE
C:WINDOWSSystem32svchost.exe
C:ProgramF-SecureCommonFNRB32.EXE
C:ProgramF-SecureCommonFIH32.EXE
C:ProgramF-SecureAnti-Virusfsav32.exe
C:ProgramInternet Exploreriexplore.exe
C:ProgramTrend MicroHijackThistingbrant.exe.exe
R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.lansforsakringar.se/privat/sidor/default.aspx
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://start.tele2.se
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Länkar
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:ProgramAdobeAcrobat 7.0ActiveXAcroIEHelper.dll
O4 - HKLM..Run: [igfxTray] C:WINDOWSsystem32igfxtray.exe
O4 - HKLM..Run: [HotKeysCmds] C:WINDOWSsystem32hkcmd.exe
O4 - HKLM..Run: [F-Secure Manager] "C:ProgramF-SecureCommonFSM32.EXE" /splash
O4 - HKLM..Run: [QuickTime Task] "C:ProgramQuickTimeqttask.exe" -atboottime
O4 - HKCU..Run: [MSMSGS] "C:ProgramMessengermsmsgs.exe" /background
O4 - HKCU..Run: [ctfmon.exe] C:WINDOWSsystem32ctfmon.exe
O4 - HKCU..Run: [Picasa Media Detector] C:ProgramPicasa2PicasaMediaDetector.exe
O4 - HKCU..Run: [39367741328490553921378468521550] C:ProgramAntivirus 2009av2009.exe
O4 - HKUSS-1-5-19..Run: [CTFMON.EXE] C:WINDOWSSystem32CTFMON.EXE (User 'LOKAL TJÄNST')
O4 - HKUSS-1-5-20..Run: [CTFMON.EXE] C:WINDOWSSystem32CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUSS-1-5-18..Run: [CTFMON.EXE] C:WINDOWSSystem32CTFMON.EXE (User 'SYSTEM')
O4 - HKUS.DEFAULT..Run: [CTFMON.EXE] C:WINDOWSSystem32CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:ProgramAdobeAcrobat 7.0Readerreader_sl.exe
O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:ProgramMICROS~2OFFICE11EXCEL.EXE/3000
O9 - Extra button: Referensinformation - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:ProgramMICROS~2OFFICE11REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:WINDOWSNetwork Diagnosticxpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:WINDOWSNetwork Diagnosticxpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:ProgramMessengermsmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:ProgramMessengermsmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1160483520046
O23 - Service: F-Secure BackWeb (BackWeb Client - 7681197) - Unknown owner - C:ProgramF-SecureBackWeb7681197ProgramSERVIC~1.EXE
O23 - Service: F-Secure BackWeb LAN Access - Unknown owner - C:ProgramF-SecureBackWeb7681197Programfsbwlan.exe
O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corp. - C:ProgramF-SecureAnti-Virusfsgk32st.exe
O23 - Service: F-Secure Network Request Broker - F-Secure Corporation - C:ProgramF-SecureCommonFNRB32.EXE
O23 - Service: F-Secure Authentication Agent (FSAA) - F-Secure Corporation. All Rights Reserved. - C:ProgramF-SecureCommonFSAA.EXE
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:ProgramF-SecureCommonFSMA32.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:ProgramGoogleCommonGoogle UpdaterGoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:ProgramDelade filerInstallShieldDriver11Intel 32IDriverT.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:WINDOWSsystem32UAService7.exe
--
End of file - 5320 bytes
Drabbad av => Trojan horse Generic 13.SQJ och Trojan horse small.AU:
i Borttagning av virus och andra skadliga program
Postad
Malwarebytes Anti-Malware:
Malwarebytes' Anti-Malware 1.36
Databasversion: 1952
Windows 5.1.2600 Service Pack 3
2009-04-08 20:32:46
mbam-log-2009-04-08 (20-32-46).txt
Skanningstyp: Snabb skanning
Antal skannade objekt: 78704
Förfluten tid: 8 minute(s), 24 second(s)
Infekterade minnesprocesser: 0
Infekterade minnesmoduler: 0
Infekterade registernycklar: 0
Infekterade registervärden: 0
Infekterade registerdataposter: 1
Infekterade mappar: 0
Infekterade filer: 2
Infekterade minnesprocesser:
(Inga illasinnade poster hittades)
Infekterade minnesmoduler:
(Inga illasinnade poster hittades)
Infekterade registernycklar:
(Inga illasinnade poster hittades)
Infekterade registervärden:
(Inga illasinnade poster hittades)
Infekterade registerdataposter:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SecurityProviders (Trojan.Agent) -> Data: digest32.dll -> Quarantined and deleted successfully.
Infekterade mappar:
(Inga illasinnade poster hittades)
Infekterade filer:
C:\WINDOWS\system32\ieupdates.exe.tmp (Adware.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\digest32.dll (Trojan.Agent) -> Quarantined and deleted successfully.
HJT:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:37:07, on 2009-04-08
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program\AVG\AVG8\avgwdsvc.exe
C:\Program\McAfee\SiteAdvisor\McSACore.exe
C:\WINDOWS\system32\UAService7.exe
C:\Program\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program\QuickTime\qttask.exe
C:\Program\Delade filer\Real\Update_OB\realsched.exe
C:\Program\AVG\AVG8\avgtray.exe
C:\Program\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program\Picasa2\PicasaMediaDetector.exe
C:\Program\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program\Trend Micro\HijackThis\tingbrant.exe.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tsn.ca/nhl/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program\AVG\AVG8\avgssie.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\program\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\program\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program\Delade filer\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AVG8_TRAY] C:\Program\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Picasa Media Detector] C:\Program\Picasa2\PicasaMediaDetector.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKAL TJÄNST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Referensinformation - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1160483520046
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program\AVG\AVG8\avgpp.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\program\mcafee\SITEAD~1\mcieplg.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\Program\AVG\AVG8\avgwdsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program\Delade filer\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\WINDOWS\system32\UAService7.exe
--
End of file - 4639 bytes
Än så länge har det inte dykt upp någon ruta, men det brukar ta ett tag innan listan med virus dyker upp. Om datorn går snabbare vet jag inte. Har tagit bort lite annat, som Google Toolbar och Adobe Reader 5.0. Bitcomet var avinstallerat men jag tog bort resten av filerna i mappen. F-secure är nu avinstallerat och CCleaner-rensning har utförts.