Just nu i M3-nätverket
Gå till innehåll

Pazzil

Medlem
  • Antal inlägg

    3
  • Gick med

  • Senaste besök

    Aldrig

Allt postat av Pazzil

  1. Nu är datorn helt som den ska vara. Hittar inget onormalt överhuvudtaget nu! Tog bort raden via hjt, tog bort mappen, starta om datorn och allt är perfekt. Tack för hjälpen 927, det var Malwarebytes Antimalware som gjorde biffen! Det var verkligen värt att rensa bort det som var fel istället för att göra en ominstallation. Nu är datorn som den var innan sketungarna pilla på den. Åter, tack för hjälpen.
  2. Verkar som det faktiskt gar löst sig nu! Nu kan man äntligen göra Windows Update, nu kommer inga popupfönster med, datorn startar igång snabbare. Malwarebytes Antimalware hittade flertalet saker. Har gjort som du sa 927. Har kört Malwarebytes antimalware, startat om datorn, kört igen (då hittade den inget) och lägger upp den nya loggen här: Malwarebytes' Anti-Malware 1.19 Databasversion: 899 Windows 5.1.2600 Service Pack 2 20:29:50 2008-07-01 mbam-log-7-1-2008 (20-29-50).txt Skanningstyp: Fullständig skanning (C:\|D:\|) Antal skannade objekt: 85391 Förfluten tid: 20 minute(s), 53 second(s) Infekterade minnesprocesser: 0 Infekterade minnesmoduler: 0 Infekterade registernycklar: 0 Infekterade registervärden: 0 Infekterade registerdataposter: 0 Infekterade mappar: 0 Infekterade filer: 0 Infekterade minnesprocesser: (Inga illasinnade poster hittades) Infekterade minnesmoduler: (Inga illasinnade poster hittades) Infekterade registernycklar: (Inga illasinnade poster hittades) Infekterade registervärden: (Inga illasinnade poster hittades) Infekterade registerdataposter: (Inga illasinnade poster hittades) Infekterade mappar: (Inga illasinnade poster hittades) Infekterade filer: (Inga illasinnade poster hittades) Och här är den nya hijackthis.log Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 20:30:42, on 2008-07-01 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16674) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\ATKKBService.exe C:\Program\Eset\nod32krn.exe C:\WINDOWS\system32\oodag.exe C:\WINDOWS\system32\svchost.exe C:\Program\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe C:\Program\Synaptics\SynTP\SynTPLpr.exe C:\Program\Synaptics\SynTP\SynTPEnh.exe C:\WINDOWS\ATK0100\HControl.exe C:\Program\Eset\nod32kui.exe C:\WINDOWS\RTHDCPL.EXE C:\Program\D-Tools\daemon.exe C:\Program\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe D:\razer\razerhid.exe C:\WINDOWS\system32\ctfmon.exe C:\Program\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Program\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe C:\WINDOWS\ATK0100\ATKOSD.exe D:\razer\razerofa.exe C:\Program\Internet Explorer\IEXPLORE.EXE C:\Program\Internet Explorer\IEXPLORE.EXE C:\Program\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe C:\Program\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe C:\Program\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe C:\Program\Delade filer\Teleca Shared\Generic.exe C:\Program\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe C:\Program\Sony Ericsson\Mobile2\Mobile Phone Monitor\ToshibaBTServer.exe C:\Program\Trend Micro\HijackThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar O2 - BHO: {a4cb7be7-5d87-97ca-d6f4-a8a8672f76bd} - {db67f276-8a8a-4f6d-ac79-78d57eb7bc4a} - C:\WINDOWS\system32\ejgahi.dll (file missing) O4 - HKLM\..\Run: [synTPLpr] C:\Program\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [synTPEnh] C:\Program\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe O4 - HKLM\..\Run: [nod32kui] "C:\Program\Eset\nod32kui.exe" /WAITSERVICE O4 - HKLM\..\Run: [OODefragTray] C:\WINDOWS\system32\oodtray.exe O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program\D-Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [sony Ericsson PC Suite] "C:\Program\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions O4 - HKLM\..\Run: [Diamondback] D:\razer\razerhid.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKCU\..\Run: [deaf beep] C:\DOCUME~1\David\APPLIC~1\THUNKR~1\two each.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJÄNST') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Bluetooth Manager.lnk = ? O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\WINDOWS\system32\shdocvw.dll O9 - Extra button: Referensinformation - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program\DELADE~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: !SASWinLogon - C:\Program\SUPERAntiSpyware\SASWINLO.dll O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program\Delade filer\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program\Eset\nod32krn.exe O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe -- End of file - 5211 bytes Det jag mest tycker ser fel ut är raden: "O4 - HKCU\..\Run: [deaf beep] C:\DOCUME~1\David\APPLIC~1\THUNKR~1\two each.exe"
  3. Hjälper en vän som har lite väl klåfingriga barn. Rensat bort det mesta med både NOD32 och SUPERAntiSpyware Free Edition. Men kan inte få bort CID-reklam som ploppar upp hela tiden. Söker man även via google så blir det stopp direkt... Hoppas på hjälp för denna gång vägrar jag göra ominstallation, måste gå att lösa... Körde först NoLop och fick denna logg: NoLop! Log by Skate_Punk_21 Fix running from: H:\ [2008-06-30] [22:30:17] ---Infection Files Found/Removed--- C:\WINDOWS\tasks\A80D8704918A3940.job Beginning Removal... Rebooting... Removing Lop's Leftover Files/Folders... Editing Registry... **Fix Complete!** ---Listing AppData sub directories--- C:\Documents and Settings\All Users\Application Data\A32w C:\Documents and Settings\All Users\Application Data\Adobe C:\Documents and Settings\All Users\Application Data\Apple C:\Documents and Settings\All Users\Application Data\Apple Computer C:\Documents and Settings\All Users\Application Data\Google C:\Documents and Settings\All Users\Application Data\Microsoft C:\Documents and Settings\All Users\Application Data\Proxy Long Chin Ping C:\Documents and Settings\All Users\Application Data\Skype C:\Documents and Settings\All Users\Application Data\Sony Ericsson C:\Documents and Settings\All Users\Application Data\Superantispyware.com C:\Documents and Settings\All Users\Application Data\Teleca C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage C:\Documents and Settings\David\Application Data\Adobe C:\Documents and Settings\David\Application Data\Ashampoo C:\Documents and Settings\David\Application Data\Dvdcss C:\Documents and Settings\David\Application Data\Getrighttogo C:\Documents and Settings\David\Application Data\Google C:\Documents and Settings\David\Application Data\Hamachi C:\Documents and Settings\David\Application Data\Help -- EMPTY Directory C:\Documents and Settings\David\Application Data\Identities C:\Documents and Settings\David\Application Data\Installshield C:\Documents and Settings\David\Application Data\Leadertech C:\Documents and Settings\David\Application Data\Macromedia C:\Documents and Settings\David\Application Data\Media Player Classic C:\Documents and Settings\David\Application Data\Microsoft C:\Documents and Settings\David\Application Data\Mirc C:\Documents and Settings\David\Application Data\Mozilla C:\Documents and Settings\David\Application Data\Opera C:\Documents and Settings\David\Application Data\Securom C:\Documents and Settings\David\Application Data\Skype C:\Documents and Settings\David\Application Data\Sony Ericsson C:\Documents and Settings\David\Application Data\Sports Interactive C:\Documents and Settings\David\Application Data\Sun C:\Documents and Settings\David\Application Data\Superantispyware.com C:\Documents and Settings\David\Application Data\Teamspeak2 C:\Documents and Settings\David\Application Data\Teleca C:\Documents and Settings\David\Application Data\Thunkreal C:\Documents and Settings\David\Application Data\Turbine C:\Documents and Settings\David\Application Data\Utorrent C:\Documents and Settings\David\Application Data\Ventrilo C:\Documents and Settings\David\Application Data\Vlc C:\Documents and Settings\Default User\Application Data\Microsoft C:\Documents and Settings\Localservice\Application Data\Microsoft C:\Documents and Settings\Networkservice\Application Data\Microsoft Körde sedan Hijackthis och fick denna logg: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 22:34:43, on 2008-06-30 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16674) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\ATKKBService.exe C:\Program\Eset\nod32krn.exe C:\WINDOWS\system32\oodag.exe C:\WINDOWS\system32\svchost.exe C:\Program\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe C:\Program\Synaptics\SynTP\SynTPLpr.exe C:\Program\Synaptics\SynTP\SynTPEnh.exe C:\WINDOWS\ATK0100\HControl.exe C:\Program\Eset\nod32kui.exe C:\WINDOWS\RTHDCPL.EXE C:\Program\D-Tools\daemon.exe C:\Program\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe D:\razer\razerhid.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\ctfmon.exe C:\Program\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Program\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe C:\Program\Internet Explorer\IEXPLORE.EXE C:\Program\Internet Explorer\IEXPLORE.EXE C:\Program\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe C:\Program\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe C:\WINDOWS\system32\wuauclt.exe C:\Program\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe C:\WINDOWS\ATK0100\ATKOSD.exe D:\razer\razerofa.exe C:\Program\Delade filer\Teleca Shared\Generic.exe C:\Program\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe C:\Program\Sony Ericsson\Mobile2\Mobile Phone Monitor\ToshibaBTServer.exe C:\Program\Trend Micro\HijackThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar O2 - BHO: {a4cb7be7-5d87-97ca-d6f4-a8a8672f76bd} - {db67f276-8a8a-4f6d-ac79-78d57eb7bc4a} - C:\WINDOWS\system32\ejgahi.dll (file missing) O4 - HKLM\..\Run: [synTPLpr] C:\Program\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [synTPEnh] C:\Program\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe O4 - HKLM\..\Run: [nod32kui] "C:\Program\Eset\nod32kui.exe" /WAITSERVICE O4 - HKLM\..\Run: [OODefragTray] C:\WINDOWS\system32\oodtray.exe O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program\D-Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [sony Ericsson PC Suite] "C:\Program\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions O4 - HKLM\..\Run: [Diamondback] D:\razer\razerhid.exe O4 - HKLM\..\Run: [00bd5895] rundll32.exe "C:\WINDOWS\system32\mwiurchc.dll",b O4 - HKLM\..\Run: [bM038e6b09] Rundll32.exe "C:\WINDOWS\system32\qrbxciay.dll",s O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKCU\..\Run: [deaf beep] C:\DOCUME~1\David\APPLIC~1\THUNKR~1\two each.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJÄNST') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Bluetooth Manager.lnk = ? O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\WINDOWS\system32\shdocvw.dll O9 - Extra button: Referensinformation - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program\DELADE~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: !SASWinLogon - C:\Program\SUPERAntiSpyware\SASWINLO.dll O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program\Delade filer\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program\Eset\nod32krn.exe O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe -- End of file - 5474 bytes Hoppas på hjälp. MVH Staffan som sliter sig i håret just nu!!!
×
×
  • Skapa nytt...