ricke Posted March 20, 2009 Share Posted March 20, 2009 (edited) ********************************************* 2009-04-13: Tråden är låst då problemet verkar vara löst. Tycker du att den är felaktigt låst, var god kontakta Malou ********************************************* Klickade på en länk jag fick via msn dum som jag är.. Nu är datorn jätteseg och skickar länkar från mig så fort jag loggar in på msn. bifogar logfil Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 18:29:53, on 2009-03-20 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16791) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program\Lavasoft\Ad-Aware\AAWService.exe C:\WINDOWS\system32\spoolsv.exe C:\Program\Delade filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program\Bonjour\mDNSResponder.exe C:\Program\Java\jre6\bin\jqs.exe C:\WINDOWS\runservice.exe C:\Program\Network Associates\Common Framework\FrameworkService.exe C:\Program\Network Associates\VirusScan\Mcshield.exe C:\Program\Network Associates\VirusScan\VsTskMgr.exe C:\Program\NETWOR~1\COMMON~1\naPrdMgr.exe C:\Program\Delade filer\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program\Spyware Doctor\pctsAuxs.exe C:\WINDOWS\Explorer.EXE C:\Program\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe C:\Program\Network Associates\VirusScan\SHSTAT.EXE C:\Program\Network Associates\Common Framework\UpdaterUI.exe C:\Program\Delade filer\Network Associates\TalkBack\TBMon.exe C:\Program\D-Tools\daemon.exe C:\Program\Java\jre6\bin\jusched.exe C:\Program\Windows Defender\MSASCui.exe C:\Program\Microsoft IntelliPoint\ipoint.exe C:\Program\Winamp\winampa.exe C:\Program\iTunes\iTunesHelper.exe C:\Program\Lavasoft\Ad-Aware\AAWTray.exe C:\Program\Spyware Doctor\pctsTray.exe C:\WINDOWS\fxsteller.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\ctfmon.exe C:\Program\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe C:\Program\Windows Live\Messenger\msnmsgr.exe C:\WINDOWS\system32\devldr32.exe C:\Program\Microsoft IntelliPoint\dpupdchk.exe C:\Program\Messenger\msmsgs.exe C:\WINDOWS\system32\svchost.exe C:\Program\Personal\bin\Personal.exe C:\Program\WinZip\WZQKPICK.EXE C:\Program\Canon\CAL\CALMAIN.exe C:\WINDOWS\system32\wbem\unsecapp.exe C:\Program\iPod\bin\iPodService.exe C:\WINDOWS\system32\wbem\wmiprvse.exe C:\WINDOWS\System32\alg.exe C:\Program\Internet Explorer\iexplore.exe C:\Program\Spyware Doctor\pctsSvc.exe C:\Program\Windows Live\Toolbar\wltuser.exe C:\Program\Windows Live\Messenger\msnmsgr.exe C:\Program\Trend Micro\HijackThis\Richard.exe C:\WINDOWS\system32\wbem\wmiprvse.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.lagsidan.se/kikteam97 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar R3 - URLSearchHook: (no name) - {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - (no file) O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (file missing) O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - (no file) O2 - BHO: {94d313fa-7b0d-386b-81f4-af8b1584af93} - {39fa4851-b8fa-4f18-b683-d0b7af313d49} - C:\WINDOWS\system32\amtkkf.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program\Java\jre6\bin\ssv.dll O2 - BHO: Windows Live inloggningshjälpen - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program\Delade filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: (no name) - {a2901e66-f816-42f6-829c-59f77586497d} - C:\WINDOWS\system32\veseyusi.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program\Java\jre6\bin\jp2ssv.dll O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program\Windows Live\Toolbar\wltcore.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: (no name) - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - (no file) O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program\Windows Live\Toolbar\wltcore.dll O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" O4 - HKLM\..\Run: [shStatEXE] "C:\Program\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program\Delade filer\Network Associates\TalkBack\TBMon.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program\D-Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [Windows Defender] "C:\Program\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [ExtraFilmHemmaAgent] "C:\Program\ExtraFilm Hemma 2.01\Agent.exe" O4 - HKLM\..\Run: [sony Ericsson PC Suite] "C:\Program\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions O4 - HKLM\..\Run: [PC Suite for Smartphones] "C:\Program\Sony Ericsson\Mobile4\Application Launcher\Application Launcher.exe" /startoptions O4 - HKLM\..\Run: [intelliPoint] "C:\Program\Microsoft IntelliPoint\ipoint.exe" O4 - HKLM\..\Run: [WinampAgent] C:\Program\Winamp\winampa.exe O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program\Delade filer\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [Windows UDP Control Center] fxsteller.exe O4 - HKLM\..\Run: [Ad-Watch] C:\Program\Lavasoft\Ad-Aware\AAWTray.exe O4 - HKLM\..\Run: [iSTray] "C:\Program\Spyware Doctor\pctsTray.exe" O4 - HKLM\..\Run: [hodumoveso] Rundll32.exe "C:\WINDOWS\system32\kekuzevi.dll",s O4 - HKLM\..\Run: [607a63ae] rundll32.exe "C:\WINDOWS\system32\jisagoyi.dll",b O4 - HKLM\..\Run: [CPM63495032] Rundll32.exe "c:\windows\system32\dititeha.dll",a O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKCU\..\Run: [MsnMsgr] "C:\Program\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [bitTorrent] "C:\Program\BitTorrent\bittorrent.exe" --force_start_minimized O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [ccleaner] "C:\Program\CCleaner\CCleaner.exe" /AUTO O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJÄNST') O4 - HKUS\S-1-5-19\..\Run: [hodumoveso] Rundll32.exe "C:\WINDOWS\system32\kekuzevi.dll",s (User 'LOKAL TJÄNST') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: BankID säkerhetsprogram.lnk = C:\Program\Personal\bin\Personal.exe O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program\WinZip\WZQKPICK.EXE O8 - Extra context menu item: &Winamp Search - C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Referensinformation - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Unibet Poker - {C53BFCFC-7A54-4627-AEBA-2CD4871FCA97} - C:\Microgaming\Poker\UnibetpokerMPP\MPPoker.exe O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net/co...ex/qtplugin.cab O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/Facebo...toUploader5.cab O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/Facebo...toUploader3.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1162038783984 O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O16 - DPF: {A73BAEFA-EE65-494D-BEDB-DD3E5A34FA98} (Image Uploader) - http://www.extrafilm.se/ImageUploader4.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab53083.cab O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game08.zylom.com/activex/zylomgamesplayer.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.com/p...obat/nos/gp.cab O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab31267.cab O20 - AppInit_DLLs: C:\WINDOWS\system32\pahekuve.dll amtkkf.dll c:\windows\system32\dititeha.dll O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\dititeha.dll O22 - SharedTaskScheduler: STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\dititeha.dll O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program\Delade filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Bonjour-tjänst (Bonjour Service) - Apple Inc. - C:\Program\Bonjour\mDNSResponder.exe O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program\Canon\CAL\CALMAIN.exe O23 - Service: getPlus® Helper - NOS Microsystems Ltd. - C:\Program\NOS\bin\getPlus_HelperSvc.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program\Delade filer\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program\Java\jre6\bin\jqs.exe O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program\Lavasoft\Ad-Aware\AAWService.exe O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner - C:\WINDOWS\runservice.exe O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program\Network Associates\Common Framework\FrameworkService.exe O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program\Network Associates\VirusScan\Mcshield.exe O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program\Network Associates\VirusScan\VsTskMgr.exe O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program\Spyware Doctor\pctsAuxs.exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program\Spyware Doctor\pctsSvc.exe -- End of file - 14011 bytes Edited April 13, 2009 by Malou Tråden är låst då problemet verkar vara löst: Link to comment Share on other sites More sharing options...
MrO Posted March 20, 2009 Share Posted March 20, 2009 Hej! Stäng av Msn och BitTorrent tills vi har rensat klart! Skriv ut nedanstående eller kopiera det till ett textdokument och spara det till skrivbordet: Läs/Följ instruktionerna noga: Hämta hem Malwarebytes Anti-Malware: http://www.malwarebytes.org/index.php 1: Spara installationsfilen till skrivbordet 2: För att påbörja installationen dubbelklicka på mbam-setup.exe 3: Bocka för nedanstående Uppdatera Malwarebytes' Anti-Malware Starta Malwarebytes' Anti-Malware 4: Klicka på Slutför Om där finns uppdateringar kommer dessa att installeras. Då ovanstående är gjort gå vidare med nedanstående procedur: 1: När programmet startar så välj Utför snabb scanning 2: Klicka på knappen Scanna 3: Scanningen kommer nu att ta en stund 3: När programmet scannat klart klicka Ok och sedan Visa resultat 4: Bocka för allt och klicka på Remove Selected 5: Då borttagningen är klar kommer en textfil i Anteckningar att öppnas upp med en logg. Kopiera/klistra in den loggan hit till din tråd. 6: Gör även en TM HJT-logga kopiera in den till din tråd så får vi se hur den ser ut. Link to comment Share on other sites More sharing options...
Pudelius Posted April 13, 2009 Share Posted April 13, 2009 Windows defender drar hyggligt mycket kapacitet ,lika så nya Ad-awere om man låter den ligga och övervaka.Den funktionen har jag tagit bort.Annars ett jättebra program! Link to comment Share on other sites More sharing options...
Recommended Posts