simmesimme Posted October 4, 2009 Share Posted October 4, 2009 Hej, för en månad sen så fick jag virus på datorn och tror att jag lyckades få bort det med hjälp av manuell borttagning. Är verkligen ingen hacker så jag har inte koll på hur man gör för att ta bort virus manuellt egentligen. Hittar inte den hemsidan längre och kommer dessvärre inte ihåg vad det viruset hette. Nu har jag fått Trojan Horse Generic 14 BPXC och blir inte av med det. Har AVG som jag nyligen uppdaterat och nu får jag hela tiden meddelande från resident shield alert. process name C:\documents and settings\ägaren\application data\svcst.exe När jag tar heal så händer inget och felmeddelandet kommer upp igen. Håller på att göra en avg anitvirusscan nu. Jättetacksam om jag kan få hjälp med detta. Såg att en annan snubbe fått väldigt bra och ingående hjälp. /Simme p.s. har provat systemåterställning men det funkade inte. Quote Link to comment Share on other sites More sharing options...
MrO Posted October 4, 2009 Share Posted October 4, 2009 Hej! Låt bli systemåterställningen för det löser inte ditt problem! Följ dessa instruktioner och posta loggarna så får vi se hur det ser ut: http://www.saswsupport.se/?page_id=241 Mvh MrO Quote Link to comment Share on other sites More sharing options...
simmesimme Posted October 4, 2009 Author Share Posted October 4, 2009 Ok, här kommer lograpporten från hijackthis: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 4:55:43 PM, on 10/04/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program\Delade filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program\AVG\AVG8\avgwdsvc.exe C:\Program\Bonjour\mDNSResponder.exe C:\Program\Java\jre6\bin\jqs.exe C:\Program\Delade filer\Nero\Nero BackItUp 4\NBService.exe C:\Program\AVG\AVG8\avgrsx.exe C:\Program\AVG\AVG8\avgnsx.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\StkASv2K.exe C:\Program\Delade filer\Ulead Systems\DVD\ULCDRSvr.exe C:\Program\AVG\AVG8\avgemc.exe C:\Program\AVG\AVG8\avgcsrvx.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\System32\svchost.exe C:\windows\system\hpsysdrv.exe C:\WINDOWS\System32\hphmon05.exe C:\HP\KBD\KBD.EXE C:\Program\Multimedia Card Reader\shwicon2k.exe C:\Program\Internet Explorer\iexplore.exe C:\WINDOWS\ALCXMNTR.EXE C:\Program\HP\HP Software Update\HPWuSchd2.exe C:\Program\HP\hpcoretech\hpcmpmgr.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\LVCOMSX.EXE C:\Program\Multimedia Keyboard &Mouse Driver\PS2USBKbdDrv.exe C:\Program\Multimedia Keyboard &Mouse Driver\MouseDrv.exe C:\Program\Internet Explorer\iexplore.exe C:\Program\AVG\AVG8\avgtray.exe C:\Program\iTunes\iTunesHelper.exe C:\Program\Java\jre6\bin\jusched.exe C:\Program\Enigma Software Group\SpyHunter\SpyHunter3.exe C:\Program\HPPAVI~1\Pavilion\XPHWWBP4\plugin\bin\PCHButton.exe C:\Program\MSN Messenger\MsnMsgr.Exe C:\Program\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program\Registry Mechanic\RegMech.exe C:\Documents and Settings\Ägaren\Application Data\svcst.exe C:\Program\iPod\bin\iPodService.exe C:\Program\HP\Digital Imaging\bin\hpqtra08.exe C:\Documents and Settings\Ägaren\Application Data\seres.exe C:\Program\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe C:\Program\Logitech\SetPoint\SetPoint.exe C:\Program\Mio Technology\MioSync\mioSync.exe C:\Program\Nikon\PictureProject\NkbMonitor.exe C:\Program\Delade filer\Logitech\khalshared\KHALMNPR.EXE C:\Program\HP\hpcoretech\comp\hptskmgr.exe C:\Program\Internet Explorer\iexplore.exe C:\WINDOWS\system32\notepad.exe C:\Program\Trend Micro\HijackThis\HijackThis.exe C:\Program\Trend Micro\HijackThis\simmesimme.exe.exe C:\WINDOWS\system32\wbem\wmiprvse.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.se/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/...com/ext/search/ search.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer - Tele2 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;*.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program\AVG\AVG8\Toolbar\IEToolbar.dll O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL (file missing) O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program\MyWebSearch\bar\1.bin\MWSBAR.DLL (file missing) O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program\AVG\AVG8\avgssie.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program\Delade filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program\AVG\AVG8\Toolbar\IEToolbar.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program\Google\Google Toolbar\GoogleToolbar.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: HP-vy - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program\HP\Digital Imaging\bin\hpdtlk02.dll O3 - Toolbar: My &Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program\MyWebSearch\bar\1.bin\MWSBAR.DLL (file missing) O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program\Google\Google Toolbar\GoogleToolbar.dll O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program\AVG\AVG8\Toolbar\IEToolbar.dll O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe O4 - HKLM\..\Run: [HPHUPD05] c:\Program\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE O4 - HKLM\..\Run: [updateManager] "C:\Program\Delade filer\Sonic\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE O4 - HKLM\..\Run: [VTTimer] VTTimer.exe O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect O4 - HKLM\..\Run: [sunkist2k] C:\Program\Multimedia Card Reader\shwicon2k.exe O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE O4 - HKLM\..\Run: [Trickler] "c:\documents and settings\ägaren\lokala inställningar\temp\fsg_tmp\ginst_001_1234_4201.exe" O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program\Delade filer\Microsoft Shared\Works Shared\WkUFind.exe O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\Program\MYWEBS~1\bar\1.bin\mwsoemon.exe O4 - HKLM\..\Run: [HP Software Update] C:\Program\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [HP Component Manager] "C:\Program\HP\hpcoretech\hpcmpmgr.exe" O4 - HKLM\..\Run: [WireLessKeyboard] C:\Program\Multimedia Keyboard &Mouse Driver\StartAutorun.exe PS2USBKbdDrv.exe O4 - HKLM\..\Run: [WireLessMouse] C:\Program\Multimedia Keyboard &Mouse Driver\StartAutorun.exe MouseDrv.exe O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program\Delade filer\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [uVS10 Preload] C:\Program\Ulead Systems\Ulead VideoStudio SE DVD\uvPL.exe O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE O4 - HKLM\..\Run: [AVG8_TRAY] C:\Program\AVG\AVG8\avgtray.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [12439844] C:\Documents and Settings\All Users\Application Data\12439844\12439844.exe O4 - HKLM\..\Run: [spyHunter Security Suite] C:\Program\Enigma Software Group\SpyHunter\SpyHunter3.exe O4 - HKCU\..\Run: [Acme.PCHButton] C:\Program\HPPAVI~1\Pavilion\XPHWWBP4\plugin\bin\PCHButton.exe O4 - HKCU\..\Run: [backupNotify] c:\Program\HP\Digital Imaging\bin\backupnotify.exe O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\Program\MYWEBS~1\bar\1.bin\mwsoemon.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [swg] C:\Program\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [updateMgr] "C:\Program\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1 O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [RegistryMechanic] C:\Program\Registry Mechanic\RegMech.exe /H O4 - HKCU\..\Run: [mserv] C:\Documents and Settings\Ägaren\Application Data\svcst.exe O4 - HKCU\..\Run: [svchost] C:\Documents and Settings\Ägaren\Application Data\svcst.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKAL TJÄNST') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-21-3921386975-2091070572-569705731-501\..\Run: [RecordNow!] (User 'Gäst') O4 - HKUS\S-1-5-21-3921386975-2091070572-569705731-501\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe" -atboottime (User 'Gäst') O4 - HKUS\S-1-5-21-3921386975-2091070572-569705731-501\..\Run: [swg] C:\Program\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'Gäst') O4 - HKUS\S-1-5-21-3921386975-2091070572-569705731-501\..\Run: [backupNotify] c:\Program\HP\Digital Imaging\bin\backupnotify.exe (User 'Gäst') O4 - Startup: MyWebSearch Email Plugin.lnk = C:\Program\MyWebSearch\bar\1.bin\MWSOEMON.EXE O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe O4 - Global Startup: Logitech SetPoint.lnk = ? O4 - Global Startup: Microsoft Office.lnk = C:\Program\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: MioSync.lnk = C:\Program\Mio Technology\MioSync\mioSync.exe O4 - Global Startup: MyWebSearch Email Plugin.lnk = C:\Program\MyWebSearch\bar\1.bin\MWSOEMON.EXE O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program\Nikon\PictureProject\NkbMonitor.exe O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZNxdm978 O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program\PokerStars\PokerStarsUpdate.exe O9 - Extra button: PacificPoker4 - {94EDF7B4-4272-4af3-8F8B-4E2F68E225B7} - C:\Program\PACIFI~1\pacificpoker.exe O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program\PartyGaming\PartyPoker\RunApp.exe O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program\PartyGaming\PartyPoker\RunApp.exe O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://start.tele2.se O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.1...toUploader5.cab O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwe...etup1.0.0.8.cab O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.mypix.com/importer/ImageUploader4.cab O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game04.zylom.com/activex/zylomgamesplayer.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program\AVG\AVG8\avgpp.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program\DELADE~1\Skype\SKYPE4~1.DLL O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program\Delade filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\Program\AVG\AVG8\avgemc.exe O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\Program\AVG\AVG8\avgwdsvc.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program\Bonjour\mDNSResponder.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program\Delade filer\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program\Java\jre6\bin\jqs.exe O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program\Delade filer\Nero\Nero BackItUp 4\NBService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: Syntek STK1160 Service (StkASSrv) - Syntek America Inc. - C:\WINDOWS\System32\StkASv2K.exe O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program\Delade filer\Ulead Systems\DVD\ULCDRSvr.exe -- End of file - 14734 bytes Hej! Låt bli systemåterställningen för det löser inte ditt problem! Följ dessa instruktioner och posta loggarna så får vi se hur det ser ut: http://www.saswsupport.se/?page_id=241 Mvh MrO Quote Link to comment Share on other sites More sharing options...
MrO Posted October 4, 2009 Share Posted October 4, 2009 Hej! Datorn är rätt full i skräp så kör Malwarebytes som det stod om på sidan jag länkade till och avinstallera denna:C:\Program\MyWebSearch Mvh MrO Quote Link to comment Share on other sites More sharing options...
Manneman Posted October 4, 2009 Share Posted October 4, 2009 Dubbelpostningen tillrättad och titeln redigerad Mange Quote Link to comment Share on other sites More sharing options...
simmesimme Posted October 4, 2009 Author Share Posted October 4, 2009 Hej! Låt bli systemåterställningen för det löser inte ditt problem! Följ dessa instruktioner och posta loggarna så får vi se hur det ser ut: http://www.saswsupport.se/?page_id=241 Mvh MrO här kommer malware Malwarebytes' Anti-Malware 1.41 Databasversion: 2904 Windows 5.1.2600 Service Pack 3 10/04/2009 5:21:28 PM mbam-log-2009-10-04 (17-21-28).txt Skanningstyp: Snabb skanning Antal skannade objekt: 123417 Förfluten tid: 14 minute(s), 49 second(s) Infekterade minnesprocesser: 2 Infekterade minnesmoduler: 0 Infekterade registernycklar: 61 Infekterade registervärden: 9 Infekterade registerdataposter: 0 Infekterade mappar: 17 Infekterade filer: 45 Infekterade minnesprocesser: C:\Documents and Settings\Ägaren\Application Data\seres.exe (Trojan.Agent) -> Unloaded process successfully. C:\Documents and Settings\Ägaren\Application Data\svcst.exe (Trojan.Agent) -> Unloaded process successfully. Infekterade minnesmoduler: (Inga illasinnade poster hittades) Infekterade registernycklar: HKEY_CLASSES_ROOT\funwebproducts.htmlmenu (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\funwebproducts.htmlmenu.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\funwebproducts.htmlmenu.2 (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\funwebproducts.popswatterbarbutton (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\funwebproducts.popswatterbarbutton.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\funwebproducts.popswattersettingscontrol (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\funwebproducts.popswattersettingscontrol.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\mywebsearch.outlookaddin (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\mywebsearch.outlookaddin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\mywebsearchtoolbar.settingsplugin (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\mywebsearchtoolbar.settingsplugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\screensavercontrol.screensaverinstaller (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\screensavercontrol.screensaverinstaller.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{07b18eaa-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{07b18eac-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{2e3537fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{2e9937fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{3e1656ed-f60e-4597-b6aa-b6a58e171495} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{63d0ed2b-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{63d0ed2d-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{6e74766c-4d93-4cc0-96d1-47b8e07ff9ca} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{741de825-a6f0-4497-9aa6-8023cf9b0fff} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{7473d291-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{de38c398-b328-4f4c-a3ad-1b5e4ed93477} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{07b18ea1-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{1e0de227-5ce4-4ea3-ab0c-8b03e1aa76bc} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{63d0ed2c-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{7473d292-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{8e6f1832-9607-4440-8530-13be7c4b1d14} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{938aa51a-996c-4884-98ce-80dd16a5c9da} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{98d9753d-d73b-42d5-8c85-4469cda897ab} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{a4730ebe-43a6-443e-9776-36915d323ad3} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{a9571378-68a1-443d-b082-284f960c6d17} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{adb01e81-3c79-4272-a0f1-7b2be7a782dc} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Typelib\{07b18ea0-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Typelib\{29d67d3c-509a-4544-903f-c8c1b8236554} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Typelib\{7473d290-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Typelib\{8e6f1830-9607-4440-8530-13be7c4b1d14} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Typelib\{e47caee0-deea-464a-9326-3f2801535a4d} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Typelib\{f42228fb-e84e-479e-b922-fbbd096e792c} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea1-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{07b18ea1-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Outlook\Addins\MyWebSearch.OutlookAddin (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Word\Addins\MyWebSearch.OutlookAddin (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyWebSearch bar Uninstall (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully. Infekterade registervärden: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ShellBrowser\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mserv (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\svchost (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Media\WMSDK\Sources\f3PopularScreensavers (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\12439844 (Rogue.Multiple) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MyWebSearch Email Plugin (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RList (Malware.Trace) -> Quarantined and deleted successfully. Infekterade registerdataposter: (Inga illasinnade poster hittades) Infekterade mappar: C:\Documents and Settings\All Users\Application Data\12439844 (Rogue.Multiple) -> Quarantined and deleted successfully. C:\Program\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program\FunWebProducts\ScreenSaver (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program\FunWebProducts\ScreenSaver\Images (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program\FunWebProducts\Shared (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program\FunWebProducts\Shared\Cache (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program\MyWebSearch\bar (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program\MyWebSearch\bar\1.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program\MyWebSearch\bar\Cache (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program\MyWebSearch\bar\Game (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program\MyWebSearch\bar\History (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program\MyWebSearch\bar\Settings (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program\MyWebSearch\SrchAstt (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program\MyWebSearch\SrchAstt\1.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program\MyWebSearch\SrchAstt\Cache (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program\MyWebSearch\SrchAstt\Settings (Adware.MyWebSearch) -> Quarantined and deleted successfully. Infekterade filer: C:\Documents and Settings\Ägaren\Lokala inställningar\Temp\TMPDB.tmp (Trojan.Dropper) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Application Data\12439844\12439844 (Rogue.Multiple) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Application Data\12439844\pc12439844ins (Rogue.Multiple) -> Quarantined and deleted successfully. C:\Program\FunWebProducts\ScreenSaver\Images\00C4F3AD.urr (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program\FunWebProducts\Shared\Cache\CursorManiaBtn.html (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program\FunWebProducts\Shared\Cache\MailStampBtn.html (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program\FunWebProducts\Shared\Cache\MyStationeryBtn.html (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program\FunWebProducts\Shared\Cache\SmileyCentralBtn.html (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program\MyWebSearch\bar\1.bin\F3BKGERR.JPG (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program\MyWebSearch\bar\1.bin\F3PSSAVR.SCR (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program\MyWebSearch\bar\1.bin\F3RESTUB.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program\MyWebSearch\bar\1.bin\F3SPACER.WMV (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program\MyWebSearch\bar\1.bin\F3WALLPP.DAT (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program\MyWebSearch\bar\1.bin\F3WPHOOK.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program\MyWebSearch\bar\Cache\0011CF24 (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program\MyWebSearch\bar\Cache\00BE1F14.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program\MyWebSearch\bar\Cache\00BE8272.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program\MyWebSearch\bar\Cache\00BEB375.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program\MyWebSearch\bar\Cache\00BECA77.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program\MyWebSearch\bar\Cache\00BEDF48.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program\MyWebSearch\bar\Cache\00BEFD8E.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program\MyWebSearch\bar\Cache\00BF21B0.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program\MyWebSearch\bar\Cache\00BF58BD.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program\MyWebSearch\bar\Cache\00BF858A.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program\MyWebSearch\bar\Cache\00BFA910.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program\MyWebSearch\bar\Cache\00EE4AEE.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program\MyWebSearch\bar\Cache\01019921.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program\MyWebSearch\bar\Cache\0101A815.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program\MyWebSearch\bar\Cache\files.ini (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program\MyWebSearch\bar\Game\CHECKERS.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program\MyWebSearch\bar\Game\CHESS.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program\MyWebSearch\bar\Game\REVERSI.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program\MyWebSearch\bar\History\search (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program\MyWebSearch\bar\Settings\prevcfg.htm (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program\MyWebSearch\bar\Settings\settings.dat (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program\MyWebSearch\bar\Settings\settings.htm (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program\MyWebSearch\bar\Settings\s_pid.dat (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program\MyWebSearch\SrchAstt\Cache\00B5C543 (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program\MyWebSearch\SrchAstt\Cache\00B5D2B1 (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program\MyWebSearch\SrchAstt\Cache\files.ini (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program\MyWebSearch\SrchAstt\Settings\prevcfg.htm (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Documents and Settings\Ägaren\Application Data\seres.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Ägaren\Application Data\svcst.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Ägaren\Application Data\wiaserva.log (Malware.Trace) -> Quarantined and deleted successfully. C:\WINDOWS\system32\f3pssavr.scr (Trojan.Agent) -> Quarantined and deleted successfully. Quote Link to comment Share on other sites More sharing options...
simmesimme Posted October 4, 2009 Author Share Posted October 4, 2009 Hej! Datorn är rätt full i skräp så kör Malwarebytes som det stod om på sidan jag länkade till och avinstallera denna:C:\Program\MyWebSearchMvh MrO Kanon, har kört malware nu. hur avinstellarar jag mywebsearch? hittar den inte på datorn Quote Link to comment Share on other sites More sharing options...
MrO Posted October 4, 2009 Share Posted October 4, 2009 Oj det var inte lite skräp i den datorn du! Starta om datorn och skanna med Malwarebytes igen och kör en ny Hijackthis som du postar båda loggarna ifrån så får jag se hur det ser ut nu! Mvh MrO Quote Link to comment Share on other sites More sharing options...
simmesimme Posted October 4, 2009 Author Share Posted October 4, 2009 Oj det var inte lite skräp i den datorn du! Starta om datorn och skanna med Malwarebytes igen och kör en ny Hijackthis som du postar båda loggarna ifrån så får jag se hur det ser ut nu!Mvh MrO Nä, här har det inte rensats inte... på tiden. ny hijacklog: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 5:37:57 PM, on 10/04/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe Quote Link to comment Share on other sites More sharing options...
MrO Posted October 4, 2009 Share Posted October 4, 2009 Hela HJT loggan tack + en ny från Malwarebytes om den hittade nåt andra svängen! Quote Link to comment Share on other sites More sharing options...
simmesimme Posted October 4, 2009 Author Share Posted October 4, 2009 Oj det var inte lite skräp i den datorn du! Starta om datorn och skanna med Malwarebytes igen och kör en ny Hijackthis som du postar båda loggarna ifrån så får jag se hur det ser ut nu!Mvh MrO malwarelog: Malwarebytes' Anti-Malware 1.41 Databasversion: 2904 Windows 5.1.2600 Service Pack 3 10/04/2009 5:57:04 PM mbam-log-2009-10-04 (17-57-04).txt Skanningstyp: Snabb skanning Antal skannade objekt: 123085 Förfluten tid: 14 minute(s), 17 second(s) Infekterade minnesprocesser: 0 Infekterade minnesmoduler: 0 Infekterade registernycklar: 0 Infekterade registervärden: 0 Infekterade registerdataposter: 0 Infekterade mappar: 0 Infekterade filer: 0 Infekterade minnesprocesser: (Inga illasinnade poster hittades) Infekterade minnesmoduler: (Inga illasinnade poster hittades) Infekterade registernycklar: (Inga illasinnade poster hittades) Infekterade registervärden: (Inga illasinnade poster hittades) Infekterade registerdataposter: (Inga illasinnade poster hittades) Infekterade mappar: (Inga illasinnade poster hittades) Infekterade filer: (Inga illasinnade poster hittades) Quote Link to comment Share on other sites More sharing options...
simmesimme Posted October 4, 2009 Author Share Posted October 4, 2009 Hela HJT loggan tack + en ny från Malwarebytes om den hittade nåt andra svängen! oj... missa lite ja. Här kommer den: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 5:37:57 PM, on 10/04/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program\Delade filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program\AVG\AVG8\avgwdsvc.exe C:\Program\Bonjour\mDNSResponder.exe C:\Program\Java\jre6\bin\jqs.exe C:\Program\Delade filer\Nero\Nero BackItUp 4\NBService.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\StkASv2K.exe C:\Program\Delade filer\Ulead Systems\DVD\ULCDRSvr.exe C:\windows\system\hpsysdrv.exe C:\WINDOWS\System32\hphmon05.exe C:\HP\KBD\KBD.EXE C:\Program\Delade filer\Sonic\Update Manager\sgtray.exe C:\Program\Multimedia Card Reader\shwicon2k.exe C:\WINDOWS\ALCXMNTR.EXE C:\WINDOWS\system32\rundll32.exe C:\Program\HP\HP Software Update\HPWuSchd2.exe C:\Program\AVG\AVG8\avgemc.exe C:\Program\HP\hpcoretech\hpcmpmgr.exe C:\Program\AVG\AVG8\avgrsx.exe C:\Program\AVG\AVG8\avgnsx.exe C:\Program\AVG\AVG8\avgcsrvx.exe C:\WINDOWS\system32\LVCOMSX.EXE C:\Program\Multimedia Keyboard &Mouse Driver\MouseDrv.exe C:\Program\Multimedia Keyboard &Mouse Driver\PS2USBKbdDrv.exe C:\Program\AVG\AVG8\avgtray.exe C:\Program\iTunes\iTunesHelper.exe C:\Program\Java\jre6\bin\jusched.exe C:\Program\Enigma Software Group\SpyHunter\SpyHunter3.exe C:\Program\HPPAVI~1\Pavilion\XPHWWBP4\plugin\bin\PCHButton.exe C:\WINDOWS\System32\alg.exe C:\Program\MSN Messenger\MsnMsgr.Exe C:\Program\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\ctfmon.exe C:\Program\HP\hpcoretech\comp\hptskmgr.exe C:\Program\Registry Mechanic\RegMech.exe C:\Program\Adobe\Acrobat 7.0\Reader\reader_sl.exe C:\Program\HP\Digital Imaging\bin\hpqtra08.exe C:\Program\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe C:\WINDOWS\system32\wuauclt.exe C:\Program\Logitech\SetPoint\SetPoint.exe C:\Program\iPod\bin\iPodService.exe C:\Program\Mio Technology\MioSync\mioSync.exe C:\Program\Nikon\PictureProject\NkbMonitor.exe C:\Program\Delade filer\Logitech\khalshared\KHALMNPR.EXE C:\Program\Internet Explorer\iexplore.exe C:\Program\Internet Explorer\iexplore.exe C:\Program\Trend Micro\HijackThis\simmesimme.exe.exe C:\WINDOWS\system32\wbem\wmiprvse.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.se/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/...rch/search.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer - Tele2 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;*.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program\AVG\AVG8\Toolbar\IEToolbar.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program\AVG\AVG8\avgssie.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program\Delade filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program\AVG\AVG8\Toolbar\IEToolbar.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program\Google\Google Toolbar\GoogleToolbar.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: HP-vy - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program\HP\Digital Imaging\bin\hpdtlk02.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program\Google\Google Toolbar\GoogleToolbar.dll O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program\AVG\AVG8\Toolbar\IEToolbar.dll O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe O4 - HKLM\..\Run: [HPHUPD05] c:\Program\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE O4 - HKLM\..\Run: [updateManager] "C:\Program\Delade filer\Sonic\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE O4 - HKLM\..\Run: [VTTimer] VTTimer.exe O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect O4 - HKLM\..\Run: [sunkist2k] C:\Program\Multimedia Card Reader\shwicon2k.exe O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE O4 - HKLM\..\Run: [Trickler] "c:\documents and settings\ägaren\lokala inställningar\temp\fsg_tmp\ginst_001_1234_4201.exe" O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program\Delade filer\Microsoft Shared\Works Shared\WkUFind.exe O4 - HKLM\..\Run: [HP Software Update] C:\Program\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [HP Component Manager] "C:\Program\HP\hpcoretech\hpcmpmgr.exe" O4 - HKLM\..\Run: [WireLessKeyboard] C:\Program\Multimedia Keyboard &Mouse Driver\StartAutorun.exe PS2USBKbdDrv.exe O4 - HKLM\..\Run: [WireLessMouse] C:\Program\Multimedia Keyboard &Mouse Driver\StartAutorun.exe MouseDrv.exe O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program\Delade filer\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [uVS10 Preload] C:\Program\Ulead Systems\Ulead VideoStudio SE DVD\uvPL.exe O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE O4 - HKLM\..\Run: [AVG8_TRAY] C:\Program\AVG\AVG8\avgtray.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [spyHunter Security Suite] C:\Program\Enigma Software Group\SpyHunter\SpyHunter3.exe O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript O4 - HKCU\..\Run: [Acme.PCHButton] C:\Program\HPPAVI~1\Pavilion\XPHWWBP4\plugin\bin\PCHButton.exe O4 - HKCU\..\Run: [backupNotify] c:\Program\HP\Digital Imaging\bin\backupnotify.exe O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\Program\MYWEBS~1\bar\1.bin\mwsoemon.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [swg] C:\Program\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [updateMgr] "C:\Program\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1 O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [RegistryMechanic] C:\Program\Registry Mechanic\RegMech.exe /H O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKAL TJÄNST') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-21-3921386975-2091070572-569705731-501\..\Run: [RecordNow!] (User 'Gäst') O4 - HKUS\S-1-5-21-3921386975-2091070572-569705731-501\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe" -atboottime (User 'Gäst') O4 - HKUS\S-1-5-21-3921386975-2091070572-569705731-501\..\Run: [swg] C:\Program\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'Gäst') O4 - HKUS\S-1-5-21-3921386975-2091070572-569705731-501\..\Run: [backupNotify] c:\Program\HP\Digital Imaging\bin\backupnotify.exe (User 'Gäst') O4 - Startup: MyWebSearch Email Plugin.lnk = C:\Program\MyWebSearch\bar\1.bin\MWSOEMON.EXE O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe O4 - Global Startup: Logitech SetPoint.lnk = ? O4 - Global Startup: Microsoft Office.lnk = C:\Program\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: MioSync.lnk = C:\Program\Mio Technology\MioSync\mioSync.exe O4 - Global Startup: MyWebSearch Email Plugin.lnk = C:\Program\MyWebSearch\bar\1.bin\MWSOEMON.EXE O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program\Nikon\PictureProject\NkbMonitor.exe O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZNxdm978 O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program\PokerStars\PokerStarsUpdate.exe O9 - Extra button: PacificPoker4 - {94EDF7B4-4272-4af3-8F8B-4E2F68E225B7} - C:\Program\PACIFI~1\pacificpoker.exe O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program\PartyGaming\PartyPoker\RunApp.exe O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program\PartyGaming\PartyPoker\RunApp.exe O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://start.tele2.se O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.1...toUploader5.cab O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.mypix.com/importer/ImageUploader4.cab O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game04.zylom.com/activex/zylomgamesplayer.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program\AVG\AVG8\avgpp.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program\DELADE~1\Skype\SKYPE4~1.DLL O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program\Delade filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\Program\AVG\AVG8\avgemc.exe O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\Program\AVG\AVG8\avgwdsvc.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program\Bonjour\mDNSResponder.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program\Delade filer\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program\Java\jre6\bin\jqs.exe O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program\Delade filer\Nero\Nero BackItUp 4\NBService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: Syntek STK1160 Service (StkASSrv) - Syntek America Inc. - C:\WINDOWS\System32\StkASv2K.exe O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program\Delade filer\Ulead Systems\DVD\ULCDRSvr.exe -- End of file - 13826 bytes Quote Link to comment Share on other sites More sharing options...
MrO Posted October 4, 2009 Share Posted October 4, 2009 Det finns en del skräp kvar ser jag så vi får ta till ett skarpare verktyg som ComboFix! ComboFix för Windows XP och Windows Vista: Skriv ut nedanstående eller kopiera det till ett textdokument och spara det till skrivbordet: Läs/Följ Instruktionerna mycket noga ComboFix förhindrar automatisk körning av CD, disketter och USB-enheter för att göra det lättare att rensa datorn och skydda datorn mot infektioner i framtiden. Det kan bli problem t ex om du har internet via ett USB-modem eller USB-nätverkskort. Säg då till i stället för att köra ComboFix. Hämta hem ComboFix från nedanstående länk => ComboFix.exe 1: Spara ComboFix till skrivbordet "Mycket viktigt" Stäng av alla program du ser inklusive antivirusprogram, antispionprogram. Men låt brandväggen vara på. 2: Dubbelklicka på ComboFix för att starta den (För Vista-användare: Högerklicka och välj Kör som Administratör:) 3: Följ anvisningarna som visas på skärmen. 4: Om du får förfrågan om du vill installera återställningskonsolen så svara ja. Denna gör det möjligt att starta datorn i ett särskild återställningsläge vilket kan vara bra om något händer med datorn under de kommande procedurerna. 5: När den är färdig så skall en text-logg komma upp, kopiera och klistra in den hit till din tråd Kan även hittas här => (C:\ComboFix.txt) 6: Gör en ny TM HJT-logg, kopiera även in den. VIKTIGT! Klicka INTE på Combofix-fönstret med musen när ComboFix körs annars kan scanningen hänga upp sig. VIKTIGT: Kontrollera att antivirusprogram/antispionprogram mm är återaktiverade innan du ansluter till Internet. OBSERVERA: Verktyget/Programmet kan ge problem med uppkopplingen (tex trådlös). Om problem uppstår prova då nedanstående. Gå till => Kontrollpanelen => Nätverksanslutningar => högerklicka på din Internetanslutning => välj Reparera Och/Eller Starta om datorn. OBS: Kopiera INTE in loggan (textfilen) som bifogad fil ej heller inom code-taggar eller annat. Kopiera/klistra in loggan DIREKT i ditt inlägg. Lycka till Mvh MrO Quote Link to comment Share on other sites More sharing options...
Mickilina Posted October 4, 2009 Share Posted October 4, 2009 När man ber om loggar från trådskaparen, kanske kunde man hänvisa till rätt forumskategori samtidigt. Flyttar tråden. //Mickilina Quote Link to comment Share on other sites More sharing options...
MrO Posted October 4, 2009 Share Posted October 4, 2009 Oj jag trodde faktiskt att den modd som tog bort dubbelpostningen flyttade tråden,ber så hemskt mycket om ursäkt då!! Mvh MrO Quote Link to comment Share on other sites More sharing options...
Mickilina Posted October 4, 2009 Share Posted October 4, 2009 Oj jag trodde faktiskt att den modd som tog bort dubbelpostningen flyttade tråden,ber så hemskt mycket om ursäkt då!!Mvh MrO Ingen anledning att be om ursäkta, men för nästa gång, den lär komma också //Mickilina Quote Link to comment Share on other sites More sharing options...
simmesimme Posted October 4, 2009 Author Share Posted October 4, 2009 (edited) Ingen anledning att be om ursäkta, men för nästa gång, den lär komma också //Mickilina Inga problem, jag hittade den. Logiskt att jag skulle postat här från början egentligen. Har laddat ner combofix-programmet men lyckas inte stänga/inaktviera ner avg virusprogrammet och törs inte köra programmet innan jag lyckats med detta. Har ni koll på var jag gör det? Sorry om man är lite noob här men verkligen mycket tacksam för hjälpen! /S Edited October 4, 2009 by simmesimme Quote Link to comment Share on other sites More sharing options...
MrO Posted October 4, 2009 Share Posted October 4, 2009 Kolla på denna sida så hittar du instruktioner: http://www.bleepingcomputer.com/forums/topic114351.html Quote Link to comment Share on other sites More sharing options...
simmesimme Posted October 4, 2009 Author Share Posted October 4, 2009 Kolla på denna sida så hittar du instruktioner: http://www.bleepingcomputer.com/forums/topic114351.html Stämmer länken...? verkar inte vilja öppas. eller måste jag registera mig på hemsidan deras? Quote Link to comment Share on other sites More sharing options...
MrO Posted October 4, 2009 Share Posted October 4, 2009 Nej jag har inga problem att öppna den men jag postar väl instruktionerna om det är så att du blockas av nån anledning! AVG 8 Please open the AVG 8 Control Center, by right clicking on the AVG 8 icon on task bar. * Click on Tools. * Select Advanced. * In the left hand pane, scroll down to "Resident Shield". * In the main pane, deselect the option to "Enable Resident Shield." * To re-enable AVG 8, please select "Enable Resident Shield" again. AVG 8.5 Please open the AVG 8.5 Control Center, by right clicking on the AVG icon on task bar. * Click on Open AVG Interface. * Double click on Resident Shield * Deselect the option to "Enable Resident Shield." * Save changes, and exit the application. * To re-enable AVG 8.5, please select "Enable Resident Shield" again. Quote Link to comment Share on other sites More sharing options...
simmesimme Posted October 4, 2009 Author Share Posted October 4, 2009 Håller på att scanna, det har hållt på i över en timme nu. Händer dock inget i rutan.... men det står att autoscan håller på. /S Nej jag har inga problem att öppna den men jag postar väl instruktionerna om det är så att du blockas av nån anledning!AVG 8 Please open the AVG 8 Control Center, by right clicking on the AVG 8 icon on task bar. * Click on Tools. * Select Advanced. * In the left hand pane, scroll down to "Resident Shield". * In the main pane, deselect the option to "Enable Resident Shield." * To re-enable AVG 8, please select "Enable Resident Shield" again. AVG 8.5 Please open the AVG 8.5 Control Center, by right clicking on the AVG icon on task bar. * Click on Open AVG Interface. * Double click on Resident Shield * Deselect the option to "Enable Resident Shield." * Save changes, and exit the application. * To re-enable AVG 8.5, please select "Enable Resident Shield" again. Quote Link to comment Share on other sites More sharing options...
MrO Posted October 4, 2009 Share Posted October 4, 2009 Stoppa ComboFix då för den ska inte ta över 20 minuter att köra,har du följt instruktionerna?? Quote Link to comment Share on other sites More sharing options...
simmesimme Posted October 4, 2009 Author Share Posted October 4, 2009 Ja, jag har följt instruktionerna och har stängt ner alla program inklusive anitvirusprogrammen. En blå ruta (autoscan) kommer upp och det står att den söker efter infekterade filer. Sen står det stilla. Men jag provar en gång till så får vi se. Återkommer om 20 min om inget har hänt. /S Stoppa ComboFix då för den ska inte ta över 20 minuter att köra,har du följt instruktionerna?? Quote Link to comment Share on other sites More sharing options...
MrO Posted October 4, 2009 Share Posted October 4, 2009 (edited) Ok gör så,installerade du återställningskonsollen?? O inte rört musen över combo så att den hänger sig som det stod i instruktionerna?? Edited October 4, 2009 by MrO Quote Link to comment Share on other sites More sharing options...
simmesimme Posted October 4, 2009 Author Share Posted October 4, 2009 Inte rört musen över combo nej. Fick ingen fråga om återställningskonsollen (du skrev att om den den frågar om återställningskonsoll så skulle jag kryssa i ja va?)... ska det komma upp när man installerar combo? Bör jag göra om installation för att vara säker med återställningskonsollen? Sorry... (skriver från annan dator... medans combo jobbar på "virusdatorn") /S Ok gör så,installerade du återställningskonsollen??O inte rört musen över combo så att den hänger sig som det stod i instruktionerna?? Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.