Just nu i M3-nätverket
Gå till innehåll

JMA

Medlem
  • Antal inlägg

    5
  • Gick med

  • Senaste besök

Om JMA

  • Medlemstitel
    Nykomling

Profil

  • Ort
    Skellefteå
  1. Hej, har problem med Windows Live Messenger. Datorn helt ny och när jag installerar Live Messenger så fungerar allt utom själva konversationen. När jag väljer "skicka snabbmeddelande" så hamnar konversationsfönstret längst ner i listen och det går inte att få upp/se vad som skrivs/skriva. Fönstret hänger sig liksom. Har kört windows update och installerat om Messenger ett antal ggr. Har ni nån idé?
  2. Datorn uppför sig bra... :-), men jag har inte haft igång msn idag, startade det nu så får jag se om mina kontakter från nån länk. Så här ser hijackthisloggen ut nu: [log] Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 16:26:43, on 2008-06-08 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16640) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\Program\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe c:\program\delade filer\logishrd\lvmvfm\LVPrcSrv.exe C:\Program\Delade filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\WINDOWS\ATKKBService.exe C:\Program\Bonjour\mDNSResponder.exe C:\Program\Network Associates\Common Framework\FrameworkService.exe C:\Program\Network Associates\VirusScan\Mcshield.exe C:\Program\Network Associates\VirusScan\VsTskMgr.exe C:\WINDOWS\system32\svchost.exe C:\Program\WZCBDL Service\WZCBDLS.exe C:\Program\Canon\CAL\CALMAIN.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program\Network Associates\VirusScan\SHSTAT.EXE C:\Program\Network Associates\Common Framework\UpdaterUI.exe C:\Program\Delade filer\Network Associates\TalkBack\TBMon.exe C:\Program\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program\D-Link\Air Utility\AirCFG.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\Program\Delade filer\LogiShrd\LComMgr\Communications_Helper.exe C:\Program\Logitech\QuickCam10\QuickCam10.exe C:\Program\Hewlett-Packard\OrderReminder\OrderReminder.exe C:\Program\Analog Devices\Core\smax4pnp.exe C:\Program\Java\jre1.6.0_05\bin\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Program\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program\Windows Live\Messenger\MsnMsgr.Exe C:\Program\Delade filer\LogiShrd\LComMgr\LVComSX.exe C:\Program\Skype\Phone\Skype.exe C:\Program\IVT Corporation\BlueSoleil\BlueSoleil.exe C:\Program\Personal\bin\Personal.exe C:\Program\Microsoft Office\OFFICE11\OUTLOOK.EXE C:\Program\Delade filer\Logishrd\LQCVFX\COCIManager.exe C:\Program\Skype\Plugin Manager\skypePM.exe C:\Program\Microsoft Office\OFFICE11\WINWORD.EXE C:\Program\Internet Explorer\IEXPLORE.EXE C:\Program\Delade filer\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\Program\Windows Live\Messenger\usnsvc.exe C:\Documents and Settings\Jörgen\Skrivbord\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.balderskolan.se/vader/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157'>http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896'>http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program\BitComet\tools\BitCometBHO_1.2.2.28.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: Windows Live inloggningshjälpen - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program\Delade filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file) O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file) O4 - HKLM\..\Run: [shStatEXE] "C:\Program\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program\Delade filer\Network Associates\TalkBack\TBMon.exe" O4 - HKLM\..\Run: [ATIPTA] C:\Program\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [D-Link Air Utility] C:\Program\D-Link\Air Utility\AirCFG.exe O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [updateManager] "C:\Program\Delade filer\Sonic\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program\Delade filer\LogiShrd\LComMgr\Communications_Helper.exe" O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program\Logitech\QuickCam10\QuickCam10.exe" /hide O4 - HKLM\..\Run: [OrderReminder] C:\Program\Hewlett-Packard\OrderReminder\OrderReminder.exe O4 - HKLM\..\Run: [soundMAXPnP] C:\Program\Analog Devices\Core\smax4pnp.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program\Java\jre1.6.0_05\bin\jusched.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [ASUS SmartDoctor] C:\Program Files\ASUS\SmartDoctor\\SmartDoctor.exe /start O4 - HKCU\..\Run: [swg] C:\Program\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [skype] "C:\Program\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJÄNST') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: BlueSoleil.lnk = C:\Program\IVT Corporation\BlueSoleil\BlueSoleil.exe O4 - Global Startup: Personal.lnk = C:\Program\Personal\bin\Personal.exe O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program\BitComet\BitComet.exe/AddLink.htm O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program\BitComet\BitComet.exe/AddVideo.htm O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program\BitComet\BitComet.exe/AddAllLink.htm O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: Blogga detta - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Blogga detta i Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: Referensinformation - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program\BitComet\tools\BitCometBHO_1.2.2.28.dll/206 (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe O12 - Plugin for .spop: C:\Program\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1204916927343 O16 - DPF: {A73BAEFA-EE65-494D-BEDB-DD3E5A34FA98} (Image Uploader) - http://www.extrafilm.se/ImageUploader4.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - http://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program\DELADE~1\Skype\SKYPE4~1.DLL O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program\Delade filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe O23 - Service: Bonjour-tjänst (Bonjour Service) - Apple Inc. - C:\Program\Bonjour\mDNSResponder.exe O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program\Canon\CAL\CALMAIN.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program\delade filer\logishrd\lvmvfm\LVPrcSrv.exe O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program\Delade filer\LogiShrd\SrvLnch\SrvLnch.exe O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program\Network Associates\Common Framework\FrameworkService.exe O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program\Network Associates\VirusScan\Mcshield.exe O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program\Network Associates\VirusScan\VsTskMgr.exe O23 - Service: WZCBDL Service (WZCBDLService) - D-Link - C:\Program\WZCBDL Service\WZCBDLS.exe -- End of file - 10649 bytes [/log]
  3. Innan jag körde combofix fick jag ett till meddelande av Mcafee: [log]2008-06-08 13:11:51 Borttagen NT INSTANS\SYSTEM svchost.exe C:\System Volume Information\_restore{09293E46-52BB-4D37-9861-B5491224B7C2}\RP300\A0043648.exe W32/IRCbot.gen.a (Virus)[/log] Av Combofix fick jag detta: [log]ComboFix 08-06-06.6 - Jörgen 2008-06-08 14:28:28.2 - NTFSx86 MINIMAL Running from: C:\Documents and Settings\Jörgen\Skrivbord\ComboFix.exe WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((( Files Created from 2008-05-08 to 2008-06-08 ))))))))))))))))))))))))))))))) . 2008-06-07 15:19 . 2008-06-07 20:18 <KAT> d-------- C:\Downloads 2008-06-07 15:19 . 2008-06-07 15:19 2,560 --a------ C:\WINDOWS\system32\bitcometres.dll 2008-06-07 15:18 . 2008-06-08 12:08 <KAT> d-------- C:\Program\BitComet 2008-05-30 16:46 . 2008-05-30 16:46 <KAT> d-------- C:\Program\Nordic Softsales 2008-05-22 19:12 . 2008-05-22 19:12 <KAT> d-------- C:\Program\Analog Devices 2008-05-13 20:10 . 2008-05-13 20:10 <KAT> d-------- C:\Program\IVT Corporation 2008-05-13 19:50 . 2008-05-13 19:50 <KAT> d-------- C:\Documents and Settings\J÷rgen\Skrivbord 2008-05-13 19:50 . 2008-05-13 19:50 <KAT> d-------- C:\Documents and Settings\J÷rgen 2008-05-13 19:48 . 2008-05-13 19:48 <KAT> d-------- C:\Program\IZArc . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-06-08 12:09 --------- d-----w C:\Documents and Settings\Jörgen\Application Data\Skype 2008-06-08 09:09 --------- d-----w C:\Documents and Settings\Jörgen\Application Data\skypePM 2008-05-30 16:00 --------- d-----w C:\Program\Norton Security Scan 2008-05-30 14:46 --------- d--h--w C:\Program\InstallShield Installation Information 2008-05-29 16:39 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer 2008-05-29 16:37 --------- d-----w C:\Program\Java 2008-05-13 18:34 --------- d-----w C:\Documents and Settings\All Users\Application Data\Bluetooth 2008-05-13 17:37 --------- d-----w C:\Documents and Settings\All Users\Application Data\WinZip 2008-05-06 16:27 --------- d-----w C:\Program\Gigaset QuickSync 2008-04-28 15:04 --------- d-----w C:\Program\Quick AVI MPEG Joiner 2008-04-27 18:56 --------- d-----w C:\Program\Steam 2008-04-27 15:10 --------- d-----w C:\Program\Windows Live 2008-04-27 09:48 --------- d-----w C:\Program\Sony Ericsson 2008-04-27 09:48 --------- d-----w C:\Documents and Settings\All Users\Application Data\Sony Ericsson 2008-04-27 09:43 --------- d-----w C:\Program\Delade filer\Teleca Shared 2008-04-26 17:24 --------- d-----w C:\Documents and Settings\All Users\Application Data\NCH Software 2008-04-26 17:23 --------- d-----w C:\Program\NCH Software 2008-04-17 14:28 --------- d-----w C:\Program\Delade filer\Symantec Shared 2008-04-16 13:39 --------- d-----w C:\Program\YoungIQMenu1 2008-04-14 14:41 --------- d-----w C:\Documents and Settings\Frida\Application Data\Apple Computer 2008-03-25 04:52 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll 2008-03-25 04:52 162,592 ----a-w C:\WINDOWS\system32\msjint40.dll 2008-03-20 08:10 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys 2008-03-12 15:37 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat 2007-08-08 11:08 3,184 ----a-w C:\Program\JMA-1.p12 2005-06-13 18:00 3,164 ----a-w C:\Program\JMA.p12 2005-06-13 18:00 3,164 ----a-w C:\Program\AMA.p12 . ((((((((((((((((((((((((((((( snapshot@2008-06-07_12.41.59,40 ))))))))))))))))))))))))))))))))))))))))) . - 2008-06-07 07:59:13 2,048 --s-a-w C:\WINDOWS\bootstat.dat + 2008-06-08 12:26:55 2,048 --s-a-w C:\WINDOWS\bootstat.dat + 2005-03-01 09:27:04 245,408 ----a-w C:\WINDOWS\system32\unicows.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 14:00 15360] "ASUS SmartDoctor"="C:\Program Files\ASUS\SmartDoctor\\SmartDoctor.exe" [2004-10-07 15:08 974848] "swg"="C:\Program\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-27 10:34 68856] "msnmsgr"="C:\Program\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 12:35 5724184] "Skype"="C:\Program\Skype\Phone\Skype.exe" [2008-02-01 18:22 21898024] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ShStatEXE"="C:\Program\Network Associates\VirusScan\SHSTAT.exe" [2004-09-22 20:00 94208] "McAfeeUpdaterUI"="C:\Program\Network Associates\Common Framework\UpdaterUI.exe" [2004-08-06 03:50 139320] "Network Associates Error Reporting Service"="C:\Program\Delade filer\Network Associates\TalkBack\TBMon.exe" [2003-10-07 09:48 147514] "ATIPTA"="C:\Program\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-09-21 21:10 344064] "QuickTime Task"="C:\Program\QuickTime\QTTask.exe" [2008-03-28 23:37 413696] "D-Link Air Utility"="C:\Program\D-Link\Air Utility\AirCFG.exe" [2003-06-26 18:13 2695168] "dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-08-13 01:05 122939] "UpdateManager"="C:\Program\Delade filer\Sonic\Update Manager\sgtray.exe" [2004-01-07 01:01 110592] "LogitechCommunicationsManager"="C:\Program\Delade filer\LogiShrd\LComMgr\Communications_Helper.exe" [2007-02-08 01:12 488984] "LogitechQuickCamRibbon"="C:\Program\Logitech\QuickCam10\QuickCam10.exe" [2007-02-08 01:13 774168] "OrderReminder"="C:\Program\Hewlett-Packard\OrderReminder\OrderReminder.exe" [2006-01-30 11:00 98304] "SoundMAXPnP"="C:\Program\Analog Devices\Core\smax4pnp.exe" [2004-10-14 14:42 1404928] "SunJavaUpdateSched"="C:\Program\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 14:00 15360] C:\Documents and Settings\All Users\Start-meny\Program\AutostartBlueSoleil.lnk - C:\Program\IVT Corporation\BlueSoleil\BlueSoleil.exe [2007-06-06 15:50:42 657168] Personal.lnk - C:\Program\Personal\bin\Personal.exe [2007-04-12 18:18:16 722728] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "vidc.asv2"= asusasv2.dll [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "F:\\Documents and Settings\\JÖRGEN\\Skrivbord\\fulDC-6.64\\DCPlusPlus.exe"= "C:\\Documents and Settings\\Jörgen\\Skrivbord\\fulDC-6.64\\DCPlusPlus.exe"= "C:\\Program\\Messenger\\msmsgs.exe"= "C:\\Program\\Microsoft Office\\OFFICE11\\FRONTPG.EXE"= "C:\\Program\\Bonjour\\mDNSResponder.exe"= "C:\\Program\\Windows Live\\Messenger\\msnmsgr.exe"= "C:\\Program\\Windows Live\\Messenger\\livecall.exe"= "C:\\Program\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"= "C:\\WINDOWS\\system32\\dpvsetup.exe"= "C:\\Program\\BitComet\\BitComet.exe"= "C:\\Program\\Skype\\Phone\\Skype.exe"= S2 NIOC;NIOC Service;C:\WINDOWS\system32\NIOC.SYS [2002-09-27 18:21] S2 WZCBDLService;WZCBDL Service;"C:\Program\WZCBDL Service\WZCBDLS.exe" [2002-03-19 12:15] S3 NETDLWL;D-Link Air Wireless Adapter(DL) NT Driver;C:\WINDOWS\system32\DRIVERS\NETDLWL.SYS [2003-07-14 12:45] S3 Video3D;ASUS Video3D Service;C:\WINDOWS\system32\Drivers\Video3D.sys [2004-07-06 19:56] . Contents of the 'Scheduled Tasks' folder "2008-06-07 11:10:09 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - C:\Program\Apple Software Update\SoftwareUpdate.exe "2008-06-08 12:30:27 C:\WINDOWS\Tasks\MP Scheduled Scan.job" - C:\Program\Windows Defender\MpCmdRun.exe "2008-06-06 16:00:00 C:\WINDOWS\Tasks\Norton Security Scan.job" - C:\Program\Norton Security Scan\Nss.exe . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-06-08 14:32:08 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2008-06-08 14:33:25 ComboFix-quarantined-files.txt 2008-06-08 12:33:00 ComboFix2.txt 2008-06-07 11:19:24 Pre-Run: 210,763,624,448 byte ledigt Post-Run: 210,811,854,848 byte ledigt 126 --- E O F --- 2008-06-06 10:00:25 [/log]
  4. Msnfix hittade inget, se längre ner. Mcafee var inte nöjd med filen svchosl.exe som låg i c:\windows Meddelandet från Mcafee var: [log]Flyttad (reparationen misslyckades) NT INSTANS\SYSTEM MsMpEng.exe C:\WINDOWS\svchosl.exe W32/IRCbot.gen.a (Virus)[/log] [log]MSNFix 1.720-1 C:\Documents and Settings\J”rgen\Skrivbord\MSNFix\MSNFix Sokningen var klar pa 2008-06-08 - 12:15:08,48 By J”rgen normalt lage ************************ Kollar filer Inga Filer Funna ************************ Kollar mappar Inga Mappar Funna ************************ Misstankta Filer Inga Filer Funna ************************ HKLM\...\Winlogon\Userinit Userinit = C:\WINDOWS\system32\userinit.exe, ------------------------------------------------------------------------ Gjord av : !aur3n7 Contact: http://changelog.fr ------------------------------------------------------------------------ --------------------------------------------- END --------------------------------------------- [/log]
  5. Hej, jag lyckades klicka på rubricerad länk i msn...sen har den länken gått iväg till mina kontakter i msn och mcafee sa sig hitta W32/IRCbot.gen.a så jag har nog dragit på mig nåt... Kör jag hijackthis får jag nedanstående resultat. Vad gör jag sen...?? [log]Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 11:13:14, on 2008-06-08 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16640) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\Program\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe c:\program\delade filer\logishrd\lvmvfm\LVPrcSrv.exe C:\Program\Delade filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\WINDOWS\ATKKBService.exe C:\Program\Bonjour\mDNSResponder.exe C:\Program\Network Associates\Common Framework\FrameworkService.exe C:\Program\Network Associates\VirusScan\Mcshield.exe C:\Program\Network Associates\VirusScan\VsTskMgr.exe C:\WINDOWS\system32\svchost.exe C:\Program\WZCBDL Service\WZCBDLS.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program\Canon\CAL\CALMAIN.exe C:\Program\Network Associates\VirusScan\SHSTAT.EXE C:\Program\Network Associates\Common Framework\UpdaterUI.exe C:\Program\Delade filer\Network Associates\TalkBack\TBMon.exe C:\Program\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program\D-Link\Air Utility\AirCFG.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\Program\Delade filer\Sonic\Update Manager\sgtray.exe C:\Program\Delade filer\LogiShrd\LComMgr\Communications_Helper.exe C:\Program\Logitech\QuickCam10\QuickCam10.exe C:\Program\Hewlett-Packard\OrderReminder\OrderReminder.exe C:\Program\Analog Devices\Core\smax4pnp.exe C:\Program\Internet Explorer\iexplore.exe C:\Program\Java\jre1.6.0_05\bin\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Program\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program\Delade filer\LogiShrd\LComMgr\LVComSX.exe C:\Program\Windows Live\Messenger\MsnMsgr.Exe C:\Program\Skype\Phone\Skype.exe C:\Program\IVT Corporation\BlueSoleil\BlueSoleil.exe C:\Program\Personal\bin\Personal.exe C:\WINDOWS\system32\wuauclt.exe C:\Program\Delade filer\Logishrd\LQCVFX\COCIManager.exe C:\Program\Delade filer\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\Program\Skype\Plugin Manager\skypePM.exe C:\Documents and Settings\Jörgen\Skrivbord\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.balderskolan.se/vader/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157'>http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896'>http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program\BitComet\tools\BitCometBHO_1.2.2.28.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: Windows Live inloggningshjälpen - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program\Delade filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file) O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file) O4 - HKLM\..\Run: [shStatEXE] "C:\Program\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program\Delade filer\Network Associates\TalkBack\TBMon.exe" O4 - HKLM\..\Run: [ATIPTA] C:\Program\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [D-Link Air Utility] C:\Program\D-Link\Air Utility\AirCFG.exe O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [updateManager] "C:\Program\Delade filer\Sonic\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program\Delade filer\LogiShrd\LComMgr\Communications_Helper.exe" O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program\Logitech\QuickCam10\QuickCam10.exe" /hide O4 - HKLM\..\Run: [OrderReminder] C:\Program\Hewlett-Packard\OrderReminder\OrderReminder.exe O4 - HKLM\..\Run: [soundMAXPnP] C:\Program\Analog Devices\Core\smax4pnp.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program\Java\jre1.6.0_05\bin\jusched.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [ASUS SmartDoctor] C:\Program Files\ASUS\SmartDoctor\\SmartDoctor.exe /start O4 - HKCU\..\Run: [swg] C:\Program\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [skype] "C:\Program\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJÄNST') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: BlueSoleil.lnk = C:\Program\IVT Corporation\BlueSoleil\BlueSoleil.exe O4 - Global Startup: Personal.lnk = C:\Program\Personal\bin\Personal.exe O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program\BitComet\BitComet.exe/AddLink.htm O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program\BitComet\BitComet.exe/AddVideo.htm O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program\BitComet\BitComet.exe/AddAllLink.htm O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: Blogga detta - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Blogga detta i Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: Referensinformation - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program\BitComet\tools\BitCometBHO_1.2.2.28.dll/206 (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe O12 - Plugin for .spop: C:\Program\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1204916927343 O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - http://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program\DELADE~1\Skype\SKYPE4~1.DLL O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program\Delade filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe O23 - Service: Bonjour-tjänst (Bonjour Service) - Apple Inc. - C:\Program\Bonjour\mDNSResponder.exe O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program\Canon\CAL\CALMAIN.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program\delade filer\logishrd\lvmvfm\LVPrcSrv.exe O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program\Delade filer\LogiShrd\SrvLnch\SrvLnch.exe O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program\Network Associates\Common Framework\FrameworkService.exe O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program\Network Associates\VirusScan\Mcshield.exe O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program\Network Associates\VirusScan\VsTskMgr.exe O23 - Service: WZCBDL Service (WZCBDLService) - D-Link - C:\Program\WZCBDL Service\WZCBDLS.exe -- End of file - 10480 bytes[/log]
×
×
  • Skapa nytt...