Virus som ej går att ta bort, vad göra?

du kan posta en hijackthis logg så ser man om det finns något problem.
spara HJTInstall.exe på skrivbordet,klicka på filen >välj install och klicka på: "do a system scan and save logfile". posta den loggen från txt filen som visas då.
http://www.trendsecure.com/portal/en-US/threat_analytics/HJTInstall.exe

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\System32\atievxx.exe
C:\Program\Grisoft\AVGFRE~1\avgamsvr.exe
C:\Program\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program\AVPersonal\AVWUPSRV.EXE
C:\WINDOWS\System32\CTsvcCDA.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SM1BG.EXE
C:\Program\AVPersonal\AVGNT.EXE
C:\WINDOWS\System32\pathname.exe
C:\WINDOWS\System32\taskmngr.exe
C:\Program\Macrogaming\SweetIM\SweetIM.exe
C:\Program\MSN Messenger\msnmsgr.exe
C:\Program\Spyware Doctor\swdoctor.exe
C:\WINDOWS\system32\cleanmgr.exe
C:\WINDOWS\explorer.exe
C:\Program\Trend Micro\HijackThis\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar
R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program\Macrogaming\SweetIMBarForIE\toolbar.dll
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\System32\printer.exe

O1 - Hosts: 64.191.95.139 alltheweb.com
O1 - Hosts: 64.191.95.139 web.ask.com
O1 - Hosts: 64.191.95.139 ask.com
O1 - Hosts: 64.191.95.139 www.ask.com
O1 - Hosts: 64.191.95.139 www.teoma.com
O1 - Hosts: 64.191.95.139 search.aol.com
O1 - Hosts: 64.191.95.139 www.looksmart.com
O1 - Hosts: 64.191.95.139 search.xtramsn.co.nz
O1 - Hosts: 64.191.95.139 www.hotbot.com
O1 - Hosts: 64.191.95.139 hotbot.com
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\Program\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\Program\SPYWAR~1\tools\iesdpb.dll
O3 - Toolbar: (no name) - {81270159-E8F9-4713-9646-03531E0EEF58} - C:\WINDOWS\System32\li16a4a6.dll
O3 - Toolbar: (no name) - {6E4BC43F-4B79-4619-881D-99B78C3DBD43} - (no file)
O3 - Toolbar: (no name) - {3BFF50AB-FE74-4fbe-B2E6-C56A77A9AE00} - (no file)
O3 - Toolbar: (no name) - {55D402B6-D815-4267-AE23-F62241A9FCD4} - (no file)
O3 - Toolbar: (no name) - {17466811-DF4D-4da9-943B-F30D662B338B} - (no file)
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\sv\msntb.dll
O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program\Macrogaming\SweetIMBarForIE\toolbar.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [SM1BG] C:\WINDOWS\SM1BG.EXE
O4 - HKLM\..\Run: [AVGCtrl] "C:\Program\AVPersonal\AVGNT.EXE" /min
O4 - HKLM\..\Run: [pathname] C:\WINDOWS\System32\pathname.exe
O4 - HKLM\..\Run: [Task manager] taskmngr.exe
O4 - HKLM\..\Run: [SweetIM] C:\Program\Macrogaming\SweetIM\SweetIM.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [msavsc.exe] C:\Program\Microsoft Security Adviser\msavsc.exe
O4 - HKLM\..\Run: [msscan.exe] C:\Program\Microsoft Security Adviser\msscan.exe
O4 - HKLM\..\Run: [msiemon.exe] C:\Program\Microsoft Security Adviser\msiemon.exe
O4 - HKLM\..\Run: [msfw.exe] C:\Program\Microsoft Security Adviser\msfw.exe
O4 - HKLM\..\Run: [WinAVX] C:\WINDOWS\System32\WinAvXX.exe
O4 - HKLM\..\RunServices: [Task manager] taskmngr.exe
O4 - HKCU\..\Run: [Task manager] taskmngr.exe
O4 - HKCU\..\Run: [SweetIM] C:\Program\Macrogaming\SweetIM\SweetIM.exe
O4 - HKCU\..\Run: [msnmsgr] ~"C:\Program\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program\Spyware Doctor\swdoctor.exe" /Q
O4 - HKCU\..\Run: [Microsoft security adviser] C:\Program\Microsoft Security Adviser\mssadv.exe
O4 - HKCU\..\Run: [msctrl.exe] C:\Program\Microsoft Security Adviser\msctrl.exe
O4 - HKCU\..\Run: [msavsc.exe] C:\Program\Microsoft Security Adviser\msavsc.exe
O4 - HKCU\..\Run: [msscan.exe] C:\Program\Microsoft Security Adviser\msscan.exe
O4 - HKCU\..\Run: [msiemon.exe] C:\Program\Microsoft Security Adviser\msiemon.exe
O4 - HKCU\..\Run: [msfw.exe] C:\Program\Microsoft Security Adviser\msfw.exe
O4 - HKCU\..\Run: [WinAVX] C:\WINDOWS\System32\WinAvXX.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKAL TJÄNST')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\Program\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOKAL TJÄNST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Pol icies\System, DisableRegedit=1
O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Pol icies\System, DisableRegedit=1
O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\Program\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Unibet Poker - {C53BFCFC-7A54-4627-AEBA-2CD4871FCA97} - C:\Program\UnibetpokerMPP\MPPoker.exe (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\MSMSGS.EXE (file missing)
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\MSMSGS.EXE (file missing)
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O12 - Plugin for .spop: C:\Program\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab30149.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/ei-2/SmileyCentralFWBInitialSetup1.0.0.8-2.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by110fd.bay110.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {53B8B406-42E4-4DD3-96E7-9DEC8CEB3DD8} (ICQVideoControl Class) - http://xtraz.icq.com/xtraz/activex/ICQVideoControl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1129107192801
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab30149.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab30149.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab30149.cab
O16 - DPF: {C36112BF-2FA3-4694-8603-3B510EA3B465} (Lycos File Upload Component) - http://f008.mail.spray.se/app/uploader/FileUploader.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab30149.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab30149.cab
O20 - AppInit_DLLs: C:\WINDOWS\System32\hadjajr.ini
O21 - SSODL: System - {5C3B9269-2C95-4CC3-BB02-2D048052FA39} - (no file)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\Program\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\Program\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Program\AVPersonal\AVWUPSRV.EXE
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE

först av allt ;

c:\Program\Grisoft\AVGFRE~1\avgamsvr.exe <--- AVG-antivirus (delar av iaf)
C:\Program\AVPersonal\AVWUPSRV.EXE <--- Avir antivirus (delar av iaf)

aldrig rätt och riktigt att ha två antivirusprogram samtidigt! :P

sedan saker som är fel ;

F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\System32\printer.exe
dessa kan du markera i HJT och ta bort. läsvärt ; Blocking Unwanted Parasites with a Hosts File
O1 - Hosts: 64.191.95.139 alltheweb.com
O1 - Hosts: 64.191.95.139 web.ask.com
01 - Hosts: 64.191.95.139 alltheweb.com
01 - Hosts: 64.191.95.139 web.ask.com
01 - Hosts: 64.191.95.139 ask.com
01 - Hosts: 64.191.95.139 www.ask.com
01 - Hosts: 64.191.95.139 www.teoma.com
01 - Hosts: 64.191.95.139 search.aol.com
01 - Hosts: 64.191.95.139 www.looksmart.com
01 - Hosts: 64.191.95.139 search.xtramsn.co.nz
01 - Hosts: 64.191.95.139 www.hotbot.com
01 - Hosts: 64.191.95.139 hotbot.com
//////////////////////////
dessa kan du markera i HJT och ta bort, filer som har blivit borttagna(antagligen av antivirus/adaware etc)
O3 - Toolbar: (no name) - {81270159-E8F9-4713-9646-03531E0EEF58} --C:\WINDOWS\System32\li16a4a6.dll
O3 - Toolbar: (no name) - {6E4BC43F-4B79-4619-881D-99B78C3DBD43} - (no file)
O3 - Toolbar: (no name) - {3BFF50AB-FE74-4fbe-B2E6-C56A77A9AE00} - (no file)
O3 - Toolbar: (no name) - {55D402B6-D815-4267-AE23-F62241A9FCD4} - (no file)
O3 - Toolbar: (no name) - {17466811-DF4D-4da9-943B-F30D662B338B} - (no file)
//////////////////////////
dessa två går inte att fixa utan speciella program, mer senare.
O4 - HKLM\..\Run: [pathname] C:\WINDOWS\System32\pathname.exe
O4 - HKLM\..\Run: [Task manager] taskmngr.exe
//////////////////////////
dessa ser skumma ut, dock osäkert om du kan ta bort dem ;
O4 - HKLM\..\Run: [msavsc.exe] C:\Program\Microsoft Security Adviser\msavsc.exe
O4 - HKLM\..\Run: [msscan.exe] C:\Program\Microsoft Security Adviser\msscan.exe
O4 - HKLM\..\Run: [msiemon.exe] C:\Program\Microsoft Security Adviser\msiemon.exe
O4 - HKLM\..\Run: [WinAVX] C:\WINDOWS\System32\WinAvXX.exe
*O4 - HKLM\..\RunServices: [Task manager] taskmngr.exe
*O4 - HKCU\..\Run: [Task manager] taskmngr.exe
(*hör ihop med O4 - HKLM\..\Run: [Task manager] taskmngr.exe)
O4 - HKCU\..\Run: [Microsoft security adviser] C:\Program\Microsoft Security Adviser\mssadv.exe
O4 - HKCU\..\Run: [msctrl.exe] C:\Program\Microsoft Security Adviser\msctrl.exe
O4 - HKCU\..\Run: [msavsc.exe] C:\Program\Microsoft Security Adviser\msavsc.exe
O4 - HKCU\..\Run: [msscan.exe] C:\Program\Microsoft Security Adviser\msscan.exe
O4 - HKCU\..\Run: [msiemon.exe] C:\Program\Microsoft Security Adviser\msiemon.exe
O4 - HKCU\..\Run: [msfw.exe] C:\Program\Microsoft Security Adviser\msfw.exe
O4 - HKCU\..\Run: [WinAVX] C:\WINDOWS\System32\WinAvXX.exe
///////////////////////////
dessa *bör* gå att åtgärda direkt i HJT
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Pol icies\System, DisableRegedit=1
O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Pol icies\System, DisableRegedit=1
//////////////////////////
saker som HJT tycker är onödigt. (fil saknas)
O9 - Extra button: Unibet Poker - {C53BFCFC-7A54-4627-AEBA-2CD4871FCA97} - C:\Program\UnibetpokerMPP\MPPoker.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\MSMSGS.EXE (file missing)
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\MSMSGS.EXE (file missing)
//////////////////////////
unknown. HJT vet inte vad det är.
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/ei-2/SmileyCentralFWBInitial Setup1.0.0.8-2.cab
/////////////////////////
samma sak här, dock bör nr 2 vara ofarlig att ta bort.
Unknown O20 - AppInit_DLLs: C:\WINDOWS\System32\hadjajr.ini
O21 - SSODL: System - {5C3B9269-2C95-4CC3-BB02-2D048052FA39} - (no file)


det ENDA jag har gjort nu är att lista vad som är fel(enl. http://www.hijackthis.de analyser) och sagt åt dig att ta bort det som verkligen går att ta bort.

om du är äventyrlig kan du ju markera rubbet här och hoppas, men det löser knappast trojanerna

mer kommer så snart jag har analyserat trojanerna lite, när du har tagit bort allt "onödigt" kan du ju posta en ny HJT-logg

hej igen,
gå till startmenyn, klicka på "kör"
skriv CMD
kopiera sedan dessa kommandon en åt gången, ta inte med ""
"reg delete HKLM\Software\Microsoft\Windows\CurrentVersion\Run \Win SVC Host /f"
"reg delete HKLM\HKEY_CLASSES_ROOT\CLSID\{248DD896-BB45-11CF-9ABC-0080C7E7B78D} /f"

ladda ner, installera och uppdatera http://www.superantispyware.com
http://www.superantispyware.com/downloads/SUPERAntiSpyware.exe

klicka scan computer, och complete scan, nästa, starta om och posta loggen här.
(loggen hittas igenom att starta superantispyware välja preferences > statistics\logs)



edit ; såg inte vad klockan var!! måste tyvärr lämna dig i sticket om du gör detta inatt, ska ju jobba imorgon

tillbaka imorgon ca 21.45
om jag inte råkar hamna i lund med Ardbeg whisky

den här datorn är en stor säkerhetsrisk

http://downloads.andymanchesta.com/RemovalTools/SDFix.exe
spara SDFix.exe på skrivbordet >klicka på SDFix.exe >sdfixen packas upp här: C:\SDFix.
starta om i felsäkert läge (F8) >gå hit: C:\SDFix >klicka på runthis.bat >välj y.
när scanningen är klar så tryck på valfri tangent för att starta om.
när det står finished så tryck på valfri tangent. en logg kommer automatiskt att visas (C:\SDFix\report.txt), kopiera in loggen här.
(notera att sdfix återställer hostfilen till orignal inställningen)

posta även en ny HJT logg när du kört SDfix

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:46:08, on 2007-09-06
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\System32\atievxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program\Grisoft\AVGFRE~1\avgamsvr.exe
C:\Program\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SM1BG.EXE
C:\Program\Macrogaming\SweetIM\SweetIM.exe
C:\Program\MSN Messenger\msnmsgr.exe
C:\Program\Spyware Doctor\swdoctor.exe
C:\Program\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program\Internet Explorer\iexplore.exe
C:\Program\Trend Micro\HijackThis\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar
R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program\Macrogaming\SweetIMBarForIE\toolbar.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\Program\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\Program\SPYWAR~1\tools\iesdpb.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\sv\msntb.dll
O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program\Macrogaming\SweetIMBarForIE\toolbar.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [SM1BG] C:\WINDOWS\SM1BG.EXE
O4 - HKLM\..\Run: [SweetIM] C:\Program\Macrogaming\SweetIM\SweetIM.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [msavsc.exe] C:\Program\Microsoft Security Adviser\msavsc.exe
O4 - HKLM\..\Run: [msscan.exe] C:\Program\Microsoft Security Adviser\msscan.exe
O4 - HKLM\..\Run: [msiemon.exe] C:\Program\Microsoft Security Adviser\msiemon.exe
O4 - HKLM\..\Run: [msfw.exe] C:\Program\Microsoft Security Adviser\msfw.exe
O4 - HKLM\..\Run: [SDFix] C:\SDFix\RunThis.bat /second
O4 - HKCU\..\Run: [SweetIM] C:\Program\Macrogaming\SweetIM\SweetIM.exe
O4 - HKCU\..\Run: [msnmsgr] ~"C:\Program\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program\Spyware Doctor\swdoctor.exe" /Q
O4 - HKCU\..\Run: [Microsoft security adviser] C:\Program\Microsoft Security Adviser\mssadv.exe
O4 - HKCU\..\Run: [msctrl.exe] C:\Program\Microsoft Security Adviser\msctrl.exe
O4 - HKCU\..\Run: [msavsc.exe] C:\Program\Microsoft Security Adviser\msavsc.exe
O4 - HKCU\..\Run: [msscan.exe] C:\Program\Microsoft Security Adviser\msscan.exe
O4 - HKCU\..\Run: [msiemon.exe] C:\Program\Microsoft Security Adviser\msiemon.exe
O4 - HKCU\..\Run: [msfw.exe] C:\Program\Microsoft Security Adviser\msfw.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKAL TJÄNST')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\Program\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOKAL TJÄNST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\Program\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O12 - Plugin for .spop: C:\Program\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab30149.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/ei-2/SmileyCentralFWBInitialSetup1.0.0.8-2.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by110fd.bay110.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {53B8B406-42E4-4DD3-96E7-9DEC8CEB3DD8} (ICQVideoControl Class) - http://xtraz.icq.com/xtraz/activex/ICQVideoControl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1129107192801
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab30149.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab30149.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab30149.cab
O16 - DPF: {C36112BF-2FA3-4694-8603-3B510EA3B465} (Lycos File Upload Component) - http://f008.mail.spray.se/app/uploader/FileUploader.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab30149.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab30149.cab
O20 - AppInit_DLLs: C:\WINDOWS\System32\hadjajr.ini
O20 - Winlogon Notify: !SASWinLogon - C:\Program\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\Program\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\Program\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE

--
End of file - 7226 bytes
Så ser loggen ut nu när jag körde SDfix samt Registry Mechanic från windows.. kommer in i aktivitetshanteraren nu men msn funkar inte, kanske för att jag tog bort messenger? hursom hellst tusen tack alla som hjälpt mig

tjänsten messenger är inte samma sak som MSN messenger. du behöver inte avinstallera MSN messenger :P

Nä så tänkte jag också när jag tog bort messenger men hur som hellst har msn slutat funka, har väl tagit bort nått skulle jag tro men det är väl kanske bara att ominstallera msn?

posta loggen som finns här
C:\SDFix\report.txt

hämta denna fil >spara den på skrivbordet.
http://siri.urz.free.fr/Fix/SmitfraudFix.exe
dubbelklicka på SmitfraudFix.exe >välj tillåt om brandväggen frågar >klicka på valfri tangent >skriv 1 >enter.
posta loggen som visas automatiskt

SDFix: Version 1.102

Run by Bosse on 2007-09-06 at 11:11

Microsoft Windows XP [Version 5.1.2600]

Running From: C:\SDFix

Safe Mode:
Checking Services:


Restoring Windows Registry Values
Restoring Windows Default Hosts File

Så ser rapporten ut

SmitFraudFix v2.221

Scan done at 14:11:50,55, 2007-09-06
Run from C:\Documents and Settings\Bosse\Skrivbord\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\System32\atievxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program\Grisoft\AVGFRE~1\avgamsvr.exe
C:\Program\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SM1BG.EXE
C:\Program\Macrogaming\SweetIM\SweetIM.exe
C:\Program\MSN Messenger\msnmsgr.exe
C:\Program\Spyware Doctor\swdoctor.exe
C:\Program\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\cmd.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts


»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Bosse


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Bosse\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Start Menu


»»»»»»»»»»»»»»»»»»»»»»»»


»»»»»»»»»»»»»»»»»»»»»»»» Desktop


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program


»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="about:Home"
"SubscribedURL"="about:Home"
"FriendlyName"="Min aktuella startsida"


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="C:\\WINDOWS\\System32\\hadjajr.ini "


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Rustock



»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: Intel 21143-Based PCI Fast Ethernet Adapter (Generic) - Miniport för paketschemaläggning
DNS Server Search Order: 83.255.245.10
DNS Server Search Order: 83.255.249.10

HKLM\SYSTEM\CCS\Services\Tcpip\..\{B1C6FF6A-9465-431A-A42F-E9C537D04491}: DhcpNameServer=83.255.245.10 83.255.249.10
HKLM\SYSTEM\CS2\Services\Tcpip\..\{B1C6FF6A-9465-431A-A42F-E9C537D04491}: DhcpNameServer=83.255.245.10 83.255.249.10


»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection


»»»»»»»»»»»»»»»»»»»»»»»» End

o där kommer den andra

mäkligt, är du helt säker på att det är hela loggen för den borde vara mycket längre