pakkan

Members
  • Content Count

    5
  • Joined

  • Last visited

Community Reputation

0 Neutral

About pakkan

  • Rank
    Newbie
  1. YES it works! So annoying but so easy. Thank U!!!
  2. Ok, its a warningsmessage from Windows Internet Explorer. Everytime I start my computer and login I got the message, but also when I start some other program or for example start and close explorer. Here is the message In english: Can´t find the file:///C:WINDOWS/privacy_danger/index.htm. Check that you have the right file adress or Internet address
  3. Still got the same problem!!! Here is my Hijack log and report.txt. Maybe it´s same problem because I was forced too log in as adminstrator and not my ordinarie account. SDFix: Version 1.91 Run by Administratâ€r on 2007-07-15 at 23:58 Microsoft Windows XP [Version 5.1.2600] Running From: C:\SDFix Safe Mode: Checking Services: Restoring Windows Registry Values Restoring Windows Default Hosts File Rebooting... Normal Mode: Checking Files: No Trojan Files Found Removing Temp Files... ADS Check: C:\WINDOWS No streams found. C:\WINDOWS\system32 No streams found. C:\WINDOWS\system32\svchost.exe No streams found. C:\WINDOWS\system32\ntoskrnl.exe No streams found. Final Check: Remaining Services: ------------------ Authorized Application Key Export: [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "C:\\Program\\Microsoft ActiveSync\\rapimgr.exe"="C:\\Program\\Microsoft ActiveSync\\rapimgr.exe:*:Enabled:ActiveSync RAPI Manager" "C:\\Program\\Microsoft Office\\Office12\\OUTLOOK.EXE"="C:\\Program\\Microsoft Office\\Office12\\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook" "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" Remaining Files: --------------- Files with Hidden Attributes: C:\Documents and Settings\Patrik.karlsson\N„tverket\ftp2.activeisp.com\Desktop.ini C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp C:\Documents and Settings\Patrik.karlsson\Application Data\Microsoft\Word\~WRL2921.tmp Finished Logfile of HijackThis v1.99.1 Scan saved at 00:12, on 2007-07-16 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16473) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program\Intel\Wireless\Bin\EvtEng.exe C:\Program\Intel\Wireless\Bin\S24EvMon.exe C:\Program\Intel\Wireless\Bin\WLKeeper.exe C:\Program\Delade filer\Symantec Shared\ccSetMgr.exe C:\Program\Delade filer\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\spoolsv.exe C:\Program\Lavasoft\Ad-Aware 2007\aawservice.exe C:\Program\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\Program\Symantec AntiVirus\DefWatch.exe C:\Program\Delade filer\Microsoft Shared\VS7Debug\mdm.exe C:\Program\Dell\QuickSet\NICCONFIGSVC.exe C:\Program\Intel\Wireless\Bin\RegSrvc.exe C:\Program\Symantec AntiVirus\SavRoam.exe C:\WINDOWS\system32\svchost.exe C:\Program\Symantec AntiVirus\Rtvscan.exe C:\WINDOWS\system32\SearchIndexer.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\Explorer.EXE C:\Program\Apoint\Apoint.exe C:\WINDOWS\system32\ctfmon.exe C:\Program\Java\jre1.6.0_01\bin\jusched.exe C:\WINDOWS\stsystra.exe C:\Program\CyberLink\PowerDVD\DVDLauncher.exe C:\Program\Apoint\HidFind.exe C:\Program\Apoint\Apntex.exe C:\Program\Intel\Wireless\bin\ZCfgSvc.exe C:\Program\Intel\Wireless\Bin\ifrmewrk.exe C:\Program\Dell\QuickSet\quickset.exe C:\Program\Delade filer\InstallShield\UpdateService\issch.exe C:\Program\Google\Google Desktop Search\GoogleDesktop.exe C:\Program\Delade filer\Real\Update_OB\realsched.exe C:\Program\Intel\Wireless\Bin\Dot1XCfg.exe C:\Program\Google\Google Desktop Search\GoogleDesktop.exe C:\Program\QuickTime\qttask.exe C:\Program\Delade filer\Symantec Shared\ccApp.exe C:\Program\SYMANT~1\VPTray.exe C:\Program\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\Program\Microsoft ActiveSync\Wcescomm.exe C:\Program\Adobe\Acrobat 7.0\Reader\reader_sl.exe C:\Program\Digital Line Detect\DLG.exe C:\Program\Citrix\ICA Client\pnagent.exe C:\Program\Windows Desktop Search\WindowsSearch.exe C:\Program\MICROS~4\rapimgr.exe C:\WINDOWS\system32\userinit.exe C:\WINDOWS\system32\SearchProtocolHost.exe C:\WINDOWS\system32\mobsync.exe C:\WINDOWS\System32\svchost.exe C:\Program\internet explorer\iexplore.exe C:\Program\Hijackthis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.rf.se/skane/t2.asp R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.se/ig/dell?hl=sv&client=dell-row-rel&channel=se&ibd=0060921 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program\Java\jre1.6.0_01\bin\ssv.dll O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program\BAE\BAE.dll O3 - Toolbar: RSS Feeds Toolbar - {4A5BE5EE-CFAD-11D9-8FAD-0007E9AA247E} - C:\Program\Diodia Software\RSS Feeds Toolbar\RSS.dll O4 - HKLM\..\Run: [Apoint] C:\Program\Apoint\Apoint.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program\Java\jre1.6.0_01\bin\jusched.exe" O4 - HKLM\..\Run: [sigmatelSysTrayApp] stsystra.exe O4 - HKLM\..\Run: [DVDLauncher] "C:\Program\CyberLink\PowerDVD\DVDLauncher.exe" O4 - HKLM\..\Run: [intelZeroConfig] "C:\Program\Intel\Wireless\bin\ZCfgSvc.exe" O4 - HKLM\..\Run: [intelWireless] "C:\Program\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless O4 - HKLM\..\Run: [Dell QuickSet] C:\Program\Dell\QuickSet\quickset.exe O4 - HKLM\..\Run: [iSUSPM Startup] C:\Program\DELADE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program\Delade filer\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - HKLM\..\Run: [synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon O4 - HKLM\..\Run: [TkBellExe] "C:\Program\Delade filer\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [WinVNC] "C:\Program\UltraVNC\WinVNC.exe" -servicehelper O4 - HKLM\..\Run: [uniPrint] C:\Program\UniPrint\Client\SetDfltSettings.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program\Delade filer\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [ccApp] "C:\Program\Delade filer\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [vptray] C:\Program\SYMANT~1\VPTray.exe O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program\Microsoft ActiveSync\Wcescomm.exe" O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Digital Line Detect.lnk = ? O4 - Global Startup: Program Neighborhood Agent.lnk = C:\Program\Citrix\ICA Client\pnagent.exe O4 - Global Startup: Windows Skrivbordssökning.lnk = C:\Program\Windows Desktop Search\WindowsSearch.exe O8 - Extra context menu item: &Google-sökning - res://C:\Program\Google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: &Översätt engelskt ord - res://C:\Program\Google\GoogleToolbar1.dll/cmwordtrans.html O8 - Extra context menu item: BakÃ¥tlänkar - res://C:\Program\Google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~2\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Lagrad bild pÃ¥ sida - res://C:\Program\Google\GoogleToolbar1.dll/cmcache.html O8 - Extra context menu item: Liknande sidor - res://C:\Program\Google\GoogleToolbar1.dll/cmsimilar.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.6.0_01\bin\npjpi160_01.dll O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.6.0_01\bin\npjpi160_01.dll O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program\MICROS~4\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program\MICROS~4\INetRepl.dll O9 - Extra 'Tools' menuitem: Skapa mobilfavorit ... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program\MICROS~4\INetRepl.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe O11 - Options group: [iNTERNATIONAL] International* O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/200612...ex/qtplugin.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1159731920003 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = skaneidrott.local O17 - HKLM\Software\..\Telephony: DomainName = skaneidrott.local O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = skaneidrott.local O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program\Delade filer\Microsoft Shared\Help\hxds.dll O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program\DELADE~1\MICROS~1\OFFICE12\MSOXMLMF.DLL O20 - AppInit_DLLs: C:\Program\Google\GOOGLE~1\GOEC62~1.DLL O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccSetMgr.exe O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program\Symantec AntiVirus\DefWatch.exe O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program\Intel\Wireless\Bin\EvtEng.exe O23 - Service: GoogleDesktopManager - Google - C:\Program\Google\Google Desktop Search\GoogleDesktop.exe O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program\Dell\QuickSet\NICCONFIGSVC.exe O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program\Symantec AntiVirus\SavRoam.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program\Symantec AntiVirus\Rtvscan.exe O23 - Service: VNC Server (winvnc) - Unknown owner - C:\Program\UltraVNC\WinVNC.exe" -service (file missing) O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel® Corporation - C:\Program\Intel\Wireless\Bin\WLKeeper.exe
  4. Hi This is my second try to get help from you... experts! Now I send mu HijackThis logs also... Short history: I got problems with Ultimate Defender so I tired Combofix after that I got the problems with pop ups. So I try SmitfraudFix (by S!Ri) and after that I got this rapport.txt What should I do? Logfile of HijackThis v1.99.1 Scan saved at 23:58, on 2007-07-14 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16473) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program\Intel\Wireless\Bin\EvtEng.exe C:\Program\Intel\Wireless\Bin\S24EvMon.exe C:\Program\Intel\Wireless\Bin\WLKeeper.exe C:\Program\Delade filer\Symantec Shared\ccSetMgr.exe C:\Program\Delade filer\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\spoolsv.exe C:\Program\Lavasoft\Ad-Aware 2007\aawservice.exe C:\Program\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\Program\Symantec AntiVirus\DefWatch.exe C:\Program\Delade filer\Microsoft Shared\VS7Debug\mdm.exe C:\Program\Dell\QuickSet\NICCONFIGSVC.exe C:\Program\Intel\Wireless\Bin\RegSrvc.exe C:\Program\Symantec AntiVirus\SavRoam.exe C:\WINDOWS\system32\svchost.exe C:\Program\Symantec AntiVirus\Rtvscan.exe C:\WINDOWS\system32\SearchIndexer.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\ctfmon.exe C:\Program\Apoint\Apoint.exe C:\Program\Java\jre1.6.0_01\bin\jusched.exe C:\WINDOWS\stsystra.exe C:\Program\Apoint\HidFind.exe C:\Program\Apoint\Apntex.exe C:\Program\CyberLink\PowerDVD\DVDLauncher.exe C:\Program\Intel\Wireless\bin\ZCfgSvc.exe C:\Program\Intel\Wireless\Bin\ifrmewrk.exe C:\Program\Intel\Wireless\Bin\Dot1XCfg.exe C:\Program\Dell\QuickSet\quickset.exe C:\Program\Delade filer\InstallShield\UpdateService\issch.exe C:\Program\Google\Google Desktop Search\GoogleDesktop.exe C:\Program\Delade filer\Real\Update_OB\realsched.exe C:\Program\QuickTime\qttask.exe C:\Program\Delade filer\Symantec Shared\ccApp.exe C:\WINDOWS\System32\svchost.exe C:\Program\Google\Google Desktop Search\GoogleDesktop.exe C:\Program\SYMANT~1\VPTray.exe C:\Program\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\Program\Microsoft ActiveSync\Wcescomm.exe C:\Program\MICROS~4\rapimgr.exe C:\Program\Digital Line Detect\DLG.exe C:\Program\Citrix\ICA Client\pnagent.exe C:\Program\Windows Desktop Search\WindowsSearch.exe C:\Program\internet explorer\iexplore.exe C:\Program\Hijackthis\HijackThis.exe C:\WINDOWS\system32\SearchProtocolHost.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.rf.se/skane/t2.asp R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.se/ig/dell?hl=sv&client=dell-row-rel&channel=se&ibd=0060921 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program\Java\jre1.6.0_01\bin\ssv.dll O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program\BAE\BAE.dll O3 - Toolbar: RSS Feeds Toolbar - {4A5BE5EE-CFAD-11D9-8FAD-0007E9AA247E} - C:\Program\Diodia Software\RSS Feeds Toolbar\RSS.dll O4 - HKLM\..\Run: [Apoint] C:\Program\Apoint\Apoint.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program\Java\jre1.6.0_01\bin\jusched.exe" O4 - HKLM\..\Run: [sigmatelSysTrayApp] stsystra.exe O4 - HKLM\..\Run: [DVDLauncher] "C:\Program\CyberLink\PowerDVD\DVDLauncher.exe" O4 - HKLM\..\Run: [intelZeroConfig] "C:\Program\Intel\Wireless\bin\ZCfgSvc.exe" O4 - HKLM\..\Run: [intelWireless] "C:\Program\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless O4 - HKLM\..\Run: [Dell QuickSet] C:\Program\Dell\QuickSet\quickset.exe O4 - HKLM\..\Run: [iSUSPM Startup] C:\Program\DELADE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program\Delade filer\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - HKLM\..\Run: [synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon O4 - HKLM\..\Run: [TkBellExe] "C:\Program\Delade filer\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [WinVNC] "C:\Program\UltraVNC\WinVNC.exe" -servicehelper O4 - HKLM\..\Run: [uniPrint] C:\Program\UniPrint\Client\SetDfltSettings.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program\Delade filer\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [ccApp] "C:\Program\Delade filer\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [vptray] C:\Program\SYMANT~1\VPTray.exe O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program\Microsoft ActiveSync\Wcescomm.exe" O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Digital Line Detect.lnk = ? O4 - Global Startup: Program Neighborhood Agent.lnk = C:\Program\Citrix\ICA Client\pnagent.exe O4 - Global Startup: Windows Skrivbordssökning.lnk = C:\Program\Windows Desktop Search\WindowsSearch.exe O8 - Extra context menu item: &Google-sökning - res://C:\Program\Google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: &Översätt engelskt ord - res://C:\Program\Google\GoogleToolbar1.dll/cmwordtrans.html O8 - Extra context menu item: BakÃ¥tlänkar - res://C:\Program\Google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~2\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Lagrad bild pÃ¥ sida - res://C:\Program\Google\GoogleToolbar1.dll/cmcache.html O8 - Extra context menu item: Liknande sidor - res://C:\Program\Google\GoogleToolbar1.dll/cmsimilar.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.6.0_01\bin\npjpi160_01.dll O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.6.0_01\bin\npjpi160_01.dll O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program\MICROS~4\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program\MICROS~4\INetRepl.dll O9 - Extra 'Tools' menuitem: Skapa mobilfavorit ... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program\MICROS~4\INetRepl.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe O11 - Options group: [iNTERNATIONAL] International* O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/200612...ex/qtplugin.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1159731920003 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = skaneidrott.local O17 - HKLM\Software\..\Telephony: DomainName = skaneidrott.local O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = skaneidrott.local O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program\Delade filer\Microsoft Shared\Help\hxds.dll O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program\DELADE~1\MICROS~1\OFFICE12\MSOXMLMF.DLL O20 - AppInit_DLLs: C:\Program\Google\GOOGLE~1\GOEC62~1.DLL O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O21 - SSODL: msole - {10080C78-2D68-41C7-8C22-0ECC7709E159} - C:\WINDOWS\msole.dll (file missing) O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccSetMgr.exe O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program\Symantec AntiVirus\DefWatch.exe O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program\Intel\Wireless\Bin\EvtEng.exe O23 - Service: GoogleDesktopManager - Google - C:\Program\Google\Google Desktop Search\GoogleDesktop.exe O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program\Dell\QuickSet\NICCONFIGSVC.exe O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program\Symantec AntiVirus\SavRoam.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program\Symantec AntiVirus\Rtvscan.exe O23 - Service: VNC Server (winvnc) - Unknown owner - C:\Program\UltraVNC\WinVNC.exe" -service (file missing) O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel® Corporation - C:\Program\Intel\Wireless\Bin\WLKeeper.exe
  5. Hi I need help with same problem as http://www.lavasoftsupport.com/index.php?s...=privacy_danger I have problems with pop ups, for example when I start my computer. Short history: I got problems with Ultimate Defender so I tired Combofix after that I got the problems with pop ups. So I try SmitfraudFix (by S!Ri) and after that I got this rapport.txt What should I do? SmitFraudFix v2.204 Scan done at 20:56:36.40, 2007-07-13 Run from C:\Documents and Settings\Patrik.karlsson\Skrivbord\SmitfraudFix\SmitfraudFix OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT The filesystem type is NTFS Fix run in normal mode »»»»»»»»»»»»»»»»»»»»»»»» Process C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program\Intel\Wireless\Bin\EvtEng.exe C:\Program\Intel\Wireless\Bin\S24EvMon.exe C:\Program\Intel\Wireless\Bin\WLKeeper.exe C:\Program\Delade filer\Symantec Shared\ccSetMgr.exe C:\Program\Delade filer\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\spoolsv.exe C:\Program\Lavasoft\Ad-Aware 2007\aawservice.exe C:\Program\Symantec AntiVirus\DefWatch.exe C:\Program\Delade filer\Microsoft Shared\VS7Debug\mdm.exe C:\Program\Dell\QuickSet\NICCONFIGSVC.exe C:\Program\Intel\Wireless\Bin\RegSrvc.exe C:\Program\Symantec AntiVirus\SavRoam.exe C:\WINDOWS\system32\svchost.exe C:\Program\Symantec AntiVirus\Rtvscan.exe C:\Program\UltraVNC\WinVNC.exe C:\WINDOWS\system32\SearchIndexer.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\ctfmon.exe C:\Program\Apoint\Apoint.exe C:\Program\Java\jre1.6.0_01\bin\jusched.exe C:\WINDOWS\stsystra.exe C:\Program\CyberLink\PowerDVD\DVDLauncher.exe C:\Program\Intel\Wireless\bin\ZCfgSvc.exe C:\Program\Apoint\Apntex.exe C:\Program\Intel\Wireless\Bin\ifrmewrk.exe C:\Program\Apoint\HidFind.exe C:\Program\Dell\QuickSet\quickset.exe C:\Program\Delade filer\InstallShield\UpdateService\issch.exe C:\Program\Google\Google Desktop Search\GoogleDesktop.exe C:\Program\Delade filer\Real\Update_OB\realsched.exe C:\Program\QuickTime\qttask.exe C:\Program\Delade filer\Symantec Shared\ccApp.exe C:\Program\SYMANT~1\VPTray.exe C:\Program\Intel\Wireless\Bin\Dot1XCfg.exe C:\Program\Microsoft ActiveSync\Wcescomm.exe C:\Program\Google\Google Desktop Search\GoogleDesktop.exe C:\Program\Digital Line Detect\DLG.exe C:\Program\MICROS~4\rapimgr.exe C:\Program\Citrix\ICA Client\pnagent.exe C:\Program\Windows Desktop Search\WindowsSearch.exe C:\WINDOWS\System32\svchost.exe C:\Program\Internet Explorer\IEXPLORE.EXE C:\Program\internet explorer\iexplore.exe C:\WINDOWS\system32\cmd.exe C:\WINDOWS\system32\SearchProtocolHost.exe »»»»»»»»»»»»»»»»»»»»»»»» hosts »»»»»»»»»»»»»»»»»»»»»»»» H:\ »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32 »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Patrik.karlsson »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Patrik.karlsson\Application Data »»»»»»»»»»»»»»»»»»»»»»»» Start Menu »»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\PATRIK~1.KAR\FAVORI~1 »»»»»»»»»»»»»»»»»»»»»»»» Desktop »»»»»»»»»»»»»»»»»»»»»»»» C:\Program »»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys »»»»»»»»»»»»»»»»»»»»»»»» Desktop Components [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components] "Source"="file:///C:\\WINDOWS\\privacy_danger\\index.htm" "SubscribedURL"="" "FriendlyName"="Privacy Protection" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\1] "Source"="About:Home" "SubscribedURL"="About:Home" "FriendlyName"="Min aktuella startsida" »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler !!!Attention, following keys are not inevitably infected!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs !!!Attention, following keys are not inevitably infected!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"="C:\\Program\\Google\\GOOGLE~1\\GOEC62~1.DLL" "LoadAppInit_DLLs"=dword:00000001 »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System !!!Attention, following keys are not inevitably infected!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] "System"="" »»»»»»»»»»»»»»»»»»»»»»»» Rustock »»»»»»»»»»»»»»»»»»»»»»»» DNS Description: Intel® PRO/Wireless 3945ABG Network Connection - Miniport för paketschemaläggning DNS Server Search Order: 195.67.199.39 DNS Server Search Order: 192.168.0.1 HKLM\SYSTEM\CCS\Services\Tcpip\..\{597078D4-8F89-4858-8278-35304E4903E7}: DhcpNameServer=195.67.199.39 192.168.0.1 HKLM\SYSTEM\CS1\Services\Tcpip\..\{597078D4-8F89-4858-8278-35304E4903E7}: DhcpNameServer=195.67.199.39 192.168.0.1 HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=195.67.199.39 192.168.0.1 HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=195.67.199.39 192.168.0.1 »»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection »»»»»»»»»»»»»»»»»»»»»»»» End