Just nu i M3-nätverket
Jump to content

förvirrad


roger_malmö

Recommended Posts

roger_malmö

Vilket virusprogram skall man lita på ?

Upplevde att min dator var lite segare än vanligt , körde adaware och spyboot utan att hitta ngt , körde onlinescan med panda och trendmicro utan resultat , men datorn sega fortfarande , körde

bitdefender onlinescan som hittade 5 infekterade filer .

Har Norton som är uppdaterat på datorn .

 

Link to comment
Share on other sites

Inga antivirusprogram hittar allt. De flesta hittar det mesta. Sedan vilket antivirusprogram som just råkar hitta det du råkar ut beror på slumpen. Så gillar du Norton för övrigt så behåll det. Nästa gång kan det vara Norton som klarar av det du råkar ut för, men inte Bitdefender.

 

Link to comment
Share on other sites

En test som säger mer än enbart personliga åsikter utan de facto speglar de olika programmens förmåga att verkligen DETEKTERA OLIKA SMITTOR.. finns här:

http://www.virus.gr/english/fullxml/default.asp?id=67&mnu=67

samt

http://www.virus.gr/english/fullxml/default.asp?id=69&mnu=69 (nyare!)

 

Notera att inga "gratis" program har ens hygglig detektionsgrad..

Notera även att Norton (symantec) faktiskt har en betydligt sämre detektionsförmåga än t.ex. F-secure eller Kaspersky.

 

Personligen skulle jag satsa på någon av de 3-4 första...

 

Notera att testen innehöll över 76500 resp. 91202 OLIKA smittor & resultatet speglar i % den andel som resp. program klarade av att detektera...

 

Sedan rekommenderar jag att man konfigurerar Windows Uppdate till att automatiskt ladda ner uppdateringar & installera dessa vid en viss given tidpunkt dagligen för att på så sätt täppa igen de säkerhetshål som allt fler smittor i dag utnyttjar för att sprida sig till nya mål.

 

Samt givetvis att man (så gott som) ALDRIG är inloggad med administrativa behörigheter utan ALLTID som användare.. (Använd "Kör som" till ev. mindre installationer/konfigureringar)

 

 

Se framför allt till att konfigurera virusskyddet korrekt, så att såväl realtidsavsökningen som den manuella avsökningen =

 

1: Avsök ALLA FILER (FilTyper)

2: Primär åtgärd = Ta Bort (radera) smittad fil

3: Sekundär åtgärd = Ta Bort (Radera) smittad fil..

Den sekundära åtgärden tas till när den 1:a inte lyckats, oftast pga. att den smittade filen hålls låst av något program vid tidpunkten för den initiala detektionen.

 

Anledningen till att man ALLTID har alternativet "Ta bort" (Radera) inställt är att man helt enkelt inte vill ha smittade filer inkopierade till hårddisken.

 

Börja gärna med en inledande online avsökning:

http://support.f-secure.com/enu/home/ols.shtml

 

 

/Moderatorn

Ladda ner en professionell & väl genomtänkt installationsanvisning för maximal prestanda, hög säkerhet mot virus & angrepp samt mycket stabil drift på: http://www.tsv14.net

 

Link to comment
Share on other sites

Erik Junesjö

Jag har trunkerat ditt alias då det kan skapa förvirring här på Eforum. Vänligen använd ett annat.

//Erik

 

Link to comment
Share on other sites

Jag tycker AVG Free är bäst.

Det är ju min personliga åsikt, men det fungerar bättre än på Norton och Panda. Testa det.

 

Jag kör det tillsammans med ZoneAlarm som brandvägg.

 

Link to comment
Share on other sites

roger_malmö

det är troligen inget virus jag har utan ngn form av spyware som jag inte får bort

det som händer är att det inte går att stänga ner fönster och att det dyker upp rullistor ( som när man högerklick )

 

Link to comment
Share on other sites

Erik Junesjö
vad menar du Erik ? Jag fattar ingenting av det du skriver
Användaren Moderatorn hade ett alias som kan förväxlas med de riktiga moderatorerna här på Eforum.

//Erik

 

Link to comment
Share on other sites

roger_malmö

så här ser loggen ut

 

Scanned File

Status

 

C:\System Volume Information\_restore{811BE786-9508-4A23-A0E8-4356AD5A68B3}\RP160\A0020560.exe=>(CAB Sfx r)=>WEBREB~1.EXE

Infected with: Trojan.Winad.R

 

C:\System Volume Information\_restore{811BE786-9508-4A23-A0E8-4356AD5A68B3}\RP160\A0020560.exe=>(CAB Sfx r)=>WEBREB~1.EXE

Disinfection failed

 

C:\System Volume Information\_restore{811BE786-9508-4A23-A0E8-4356AD5A68B3}\RP160\A0020560.exe=>(CAB Sfx r)=>WEBREB~1.EXE

Deleted

 

C:\System Volume Information\_restore{811BE786-9508-4A23-A0E8-4356AD5A68B3}\RP160\A0020560.exe=>(CAB Sfx r)

Update failed

 

C:\System Volume Information\_restore{811BE786-9508-4A23-A0E8-4356AD5A68B3}\RP162\A0020577.exe=>(CAB Sfx r)=>WEBREB~1.EXE

Infected with: Trojan.Winad.R

 

C:\System Volume Information\_restore{811BE786-9508-4A23-A0E8-4356AD5A68B3}\RP162\A0020577.exe=>(CAB Sfx r)=>WEBREB~1.EXE

Disinfection failed

 

C:\System Volume Information\_restore{811BE786-9508-4A23-A0E8-4356AD5A68B3}\RP162\A0020577.exe=>(CAB Sfx r)=>WEBREB~1.EXE

Deleted

 

C:\System Volume Information\_restore{811BE786-9508-4A23-A0E8-4356AD5A68B3}\RP162\A0020577.exe=>(CAB Sfx r)

Update failed

 

C:\System Volume Information\_restore{811BE786-9508-4A23-A0E8-4356AD5A68B3}\RP162\A0020612.exe=>(CAB Sfx r)=>rebates.exe

Infected with: Trojan.Winad.R

 

C:\System Volume Information\_restore{811BE786-9508-4A23-A0E8-4356AD5A68B3}\RP162\A0020612.exe=>(CAB Sfx r)=>rebates.exe

Disinfection failed

 

C:\System Volume Information\_restore{811BE786-9508-4A23-A0E8-4356AD5A68B3}\RP162\A0020612.exe=>(CAB Sfx r)=>rebates.exe

Deleted

 

C:\System Volume Information\_restore{811BE786-9508-4A23-A0E8-4356AD5A68B3}\RP162\A0020612.exe=>(CAB Sfx r)

Update failed

 

C:\System Volume Information\_restore{811BE786-9508-4A23-A0E8-4356AD5A68B3}\RP174\A0022884.exe=>(CAB Sfx r)=>rebates.exe

Infected with: Trojan.Winad.R

 

C:\System Volume Information\_restore{811BE786-9508-4A23-A0E8-4356AD5A68B3}\RP174\A0022884.exe=>(CAB Sfx r)=>rebates.exe

Disinfection failed

 

C:\System Volume Information\_restore{811BE786-9508-4A23-A0E8-4356AD5A68B3}\RP174\A0022884.exe=>(CAB Sfx r)=>rebates.exe

Deleted

 

C:\System Volume Information\_restore{811BE786-9508-4A23-A0E8-4356AD5A68B3}\RP174\A0022884.exe=>(CAB Sfx r)

Update failed

 

C:\System Volume Information\_restore{811BE786-9508-4A23-A0E8-4356AD5A68B3}\RP184\A0024046.exe=>(CAB Sfx r)=>WEBREB~1.EXE

Infected with: Trojan.Winad.R

 

C:\System Volume Information\_restore{811BE786-9508-4A23-A0E8-4356AD5A68B3}\RP184\A0024046.exe=>(CAB Sfx r)=>WEBREB~1.EXE

Disinfection failed

 

C:\System Volume Information\_restore{811BE786-9508-4A23-A0E8-4356AD5A68B3}\RP184\A0024046.exe=>(CAB Sfx r)=>WEBREB~1.EXE

Deleted

 

C:\System Volume Information\_restore{811BE786-9508-4A23-A0E8-4356AD5A68B3}\RP184\A0024046.exe=>(CAB Sfx r)

Update failed

 

C:\WINDOWS\SYSTEM32\rebates.exe=>(CAB Sfx r)=>rebates.exe

Infected with: Trojan.Winad.R

 

C:\WINDOWS\SYSTEM32\rebates.exe=>(CAB Sfx r)=>rebates.exe

Disinfection failed

 

C:\WINDOWS\SYSTEM32\rebates.exe=>(CAB Sfx r)=>rebates.exe

Deleted

 

C:\WINDOWS\SYSTEM32\rebates.exe=>(CAB Sfx r)

Update failed

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Link to comment
Share on other sites

Stefan Eklinder

 

 

Trojan.Winad.R ser ut att ha satt sig i återställningspunkterna.

Rensa upp och scanna igen...

 

Här finns lite instruktioner för borttagning av familjen Win32.WinAd:

http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?ID=42649

 

---

C:\Eforum\Stefan Eklinder>|

 

"Det finns två företeelser som är oändliga, universum och den mänskliga dumheten. Jag är dock inte säker på den förstnämnda."

 

- Albert Einstein

 

-->Passerade 10.000 inlägg den 1 maj 2005 kl: 16.48<--

 

Link to comment
Share on other sites

roger_malmö

Om jag bara visste vad jag skulle scanna med , har ju testat adaware , spybot samt ett antal virus scanner online men ingen kan ta bort eländet

 

Link to comment
Share on other sites

roger_malmö

[log]Logfile of HijackThis v1.99.1

Scan saved at 15:30:08, on 2005-06-22

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\System32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\S24EvMon.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\System32\SCardSvr.exe

C:\WINDOWS\system32\ZCfgSvc.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\Program\Apoint\Apoint.exe

C:\Program\Java\jre1.5.0_01\bin\jusched.exe

C:\Program\ATI Technologies\ATI Control Panel\atiptaxx.exe

C:\Program\Dell\QuickSet\quickset.exe

C:\Program\Intel\PROSetWireless\NCS\PROSet\PRONoMgr.exe

C:\WINDOWS\System32\DSentry.exe

C:\Program\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe

C:\Program\Delade filer\Symantec Shared\ccApp.exe

C:\Program\SYMANT~1\VPTray.exe

C:\Program\HP\hpcoretech\hpcmpmgr.exe

C:\Program\Hewlett-Packard\HP Software Update\HPWuSchd2.exe

C:\Program\Apoint\Apntex.exe

C:\WINDOWS\system32\hphmon05.exe

C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe

C:\Program\Telia\Supportassistent\bin\tgcmd.exe

C:\Program\HP\hpcoretech\comp\hptskmgr.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program\mozilla.org\Mozilla\Mozilla.exe

C:\Program\Spyware Doctor\swdoctor.exe

C:\WINDOWS\System32\basfipm.exe

C:\Program\Dell\Bluetooth-programvara\bin\btwdins.exe

C:\Program\Delade filer\Symantec Shared\ccSetMgr.exe

C:\Program\Symantec AntiVirus\DefWatch.exe

C:\WINDOWS\System32\RegSrvc.exe

C:\Program\Symantec AntiVirus\SavRoam.exe

C:\WINDOWS\System32\svchost.exe

C:\Program\Symantec AntiVirus\Rtvscan.exe

C:\Program\Delade filer\Symantec Shared\ccEvtMgr.exe

C:\Program\SuperLogix\Super Utilities\SuperUtil.exe

C:\Program\SuperLogix\Super Utilities\SuperUtil.exe

C:\Program\Dell\Bluetooth-programvara\BTTray.exe

C:\Program\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe

C:\Program\Hewlett-Packard\Digital Imaging\bin\hposol08.exe

C:\Program\SpywareGuard\sgmain.exe

C:\WINDOWS\System32\alg.exe

C:\Program\SpywareGuard\sgbhp.exe

C:\WINDOWS\System32\1XConfig.exe

C:\Program\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe

C:\Program\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\Program\Internet Explorer\iexplore.exe

C:\Documents and Settings\Roger D\Skrivbord\Säkerhet\a2hijackfree.exe

C:\Documents and Settings\Roger D\Skrivbord\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.aftonbladet.se/

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.euro.dell.com/

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\about.htm

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar

R3 - Default URLSearchHook is missing

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program\SpywareGuard\dlprotect.dll

O2 - BHO: iMeshBar BHO - {5345A7A1-805A-4923-B505-86B2FEBA3FE0} - C:\Program\iMeshBar\bar\4.bin\IMESHBAR.DLL

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program\SPYBOT~1\SDHelper.dll

O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\Program\SPYWAR~1\tools\iesdsg.dll

O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\Program\SPYWAR~1\tools\iesdpb.dll

O3 - Toolbar: iMeshBar - {5345A7A9-805A-4923-B505-86B2FEBA3FE0} - C:\Program\iMeshBar\bar\4.bin\IMESHBAR.DLL

O4 - HKLM\..\Run: [Apoint] C:\Program\Apoint\Apoint.exe

O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program\Java\jre1.5.0_01\bin\jusched.exe

O4 - HKLM\..\Run: [ATIPTA] C:\Program\ATI Technologies\ATI Control Panel\atiptaxx.exe

O4 - HKLM\..\Run: [Dell QuickSet] C:\Program\Dell\QuickSet\quickset.exe

O4 - HKLM\..\Run: [bascstray] BascsTray.exe

O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program\Intel\PROSetWireless\NCS\PROSet\PRONoMgr.exe

O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe

O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"

O4 - HKLM\..\Run: [ccApp] "C:\Program\Delade filer\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [vptray] C:\Program\SYMANT~1\VPTray.exe

O4 - HKLM\..\Run: [HPHUPD05] C:\Program\Hewlett-Packard\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\hphupd05.exe

O4 - HKLM\..\Run: [HP Component Manager] "C:\Program\HP\hpcoretech\hpcmpmgr.exe"

O4 - HKLM\..\Run: [HP Software Update] "C:\Program\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"

O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\system32\hphmon05.exe

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe

O4 - HKLM\..\Run: [TeliaTGCMD] "C:\Program\Telia\Supportassistent\bin\tgcmd.exe" /server /startmonitor /deaf

O4 - HKLM\..\Run: [winupdate] C:\Program\winupdate\winupdate.exe /auto

O4 - HKLM\..\Run: [p2pnetworking] p2pnetworking.exe

O4 - HKLM\..\Run: [Klbeiwus] c:\Program Files\Msut\Laffui.exe

O4 - HKLM\..\RunServices: [p2pnetworking] p2pnetworking.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [Mozilla Quick Launch] "C:\Program\mozilla.org\Mozilla\Mozilla.exe" -turbo

O4 - HKCU\..\Run: [spyware Doctor] "C:\Program\Spyware Doctor\swdoctor.exe" /Q

O4 - HKCU\..\Run: [super Utilities] C:\Program\SuperLogix\Super Utilities\SuperUtil.exe /min

O4 - Startup: SpywareGuard.lnk = C:\Program\SpywareGuard\sgmain.exe

O4 - Global Startup: BTTray.lnk = ?

O4 - Global Startup: Microsoft Office.lnk = C:\Program\Microsoft Office\Office\OSA9.EXE

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program\Delade filer\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program\Delade filer\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: hpoddt01.exe.lnk = ?

O4 - Global Startup: officejet 6100.lnk = ?

O8 - Extra context menu item: Skicka till &Bluetooth - C:\Program\Dell\Bluetooth-programvara\btsendto_ie_ctx.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_01\bin\npjpi150_01.dll

O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_01\bin\npjpi150_01.dll

O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\Program\SPYWAR~1\tools\iesdpb.dll

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe (file missing)

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe (file missing)

O16 - DPF: ppctlcab - http://ppupdates.ca.com/downloads/scanner/ppctlcab.cab

O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab

O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://ppupdates.ca.com/downloads/scanner/axscanner.cab

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.com/scan8/oscan8.cab

O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab

O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab

O16 - DPF: {8EB3FF4E-86A1-4717-884D-7BA2D38272CB} (F-Secure Online Scanner) - http://support.f-secure.com/ols/fscax.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab

O16 - DPF: {9B03C5F1-F5AB-47EE-937D-A8EDA626F876} (Anonymizer Anti-Spyware Scanner) - http://download.zonelabs.com/bin/promotions/spywaredetector/WebAAS.cab

O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab

O18 - Protocol: widimg - {EE7C2AFF-5742-44FF-BD0E-E521B0D3C3BA} - C:\WINDOWS\System32\btxppanel.dll

O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll

O20 - Winlogon Notify: Sebring - C:\WINDOWS\System32\LgNotify.dll

O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe

O23 - Service: Broadcom ASF IP monitoring service v6.0.3 (BAsfIpM) - Broadcom Corp. - C:\WINDOWS\System32\basfipm.exe

O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program\Dell\Bluetooth-programvara\bin\btwdins.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccPwdSvc.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccSetMgr.exe

O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program\Symantec AntiVirus\DefWatch.exe

O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program\Delade filer\Macromedia Shared\Service\Macromedia Licensing.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\System32\RegSrvc.exe

O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\System32\S24EvMon.exe

O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program\Symantec AntiVirus\SavRoam.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\SNDSrvc.exe

O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program\Symantec AntiVirus\Rtvscan.exe[/log]

 

Link to comment
Share on other sites

Har du Imesh på datorn?

Tänkte bara att om man tar bort iMeshBar så kansker Imesh funkar inte längre.

Scanna dessa filer här en i taget och meddela resultat

 

C:\WINDOWS\System32\btxppanel.dll

 

c:\Program Files\Msut\Laffui.exe

 

http://virusscan.jotti.org/

 

Link to comment
Share on other sites

roger_malmö

första filen hittades inget den andra fick jag detta meddelande

The file you uploaded is 0 bytes. It is very likely a firewall or a piece of malware is prohibiting you from uploading this file

 

Jag har Imesh installerat men spelar ingen roll om det slutar fungera

 

 

Link to comment
Share on other sites

 

Skapa en ny mapp på C:\ och placera HijackThis.exe dit så C:\HjT\HijackThis.exe

 

Avinstallera via Kontrollpanelen om det finns

 

iMeshBar

 

Scanna med Hijack bocka i följande rader stäng Web-läsaren och alla andra öppna fönster och klicka FIX checked

 

[log]R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\about.htm

R3 - Default URLSearchHook is missing

O2 - BHO: iMeshBar BHO - {5345A7A1-805A-4923-B505-86B2FEBA3FE0} - C:\Program\iMeshBar\bar\4.bin\IMESHBAR.DLL

O3 - Toolbar: iMeshBar - {5345A7A9-805A-4923-B505-86B2FEBA3FE0} - C:\Program\iMeshBar\bar\4.bin\IMESHBAR.DLL

O4 - HKLM\..\Run: [winupdate] C:\Program\winupdate\winupdate.exe /auto

O4 - HKLM\..\Run: [p2pnetworking] p2pnetworking.exe

O4 - HKLM\..\Run: [Klbeiwus] c:\Program Files\Msut\Laffui.exe

O4 - HKLM\..\RunServices: [p2pnetworking] p2pnetworking.exe

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

 

 

Starta sen i felsäkert läge och ta bort om hittas

 

C:\Program\iMeshBar\ < mappen

 

Starta normalt och ny Hijack logg.[/log]

 

Link to comment
Share on other sites

roger_malmö

Problemet är nog löst nu , inget program eller virusscan hittar ngt fel nu är ju frågan hur man håller sig "ren " i fortsättningen

 

STORT tack för all hjälp

 

säg den glädje som varar *suck* samma visa igen utan att jag kan förstå varför

 

[inlägget ändrat 2005-06-22 19:41:30 av rogerdahlqvist]

Link to comment
Share on other sites

roger_malmö

Har gjort en ny highjack är den ok eller ?

 

[log]Logfile of HijackThis v1.99.1

Scan saved at 12:25:56, on 2005-06-23

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\System32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\S24EvMon.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\ZCfgSvc.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\System32\SCardSvr.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\Program\Apoint\Apoint.exe

C:\Program\Java\jre1.5.0_01\bin\jusched.exe

C:\Program\ATI Technologies\ATI Control Panel\atiptaxx.exe

C:\Program\Dell\QuickSet\quickset.exe

C:\Program\Intel\PROSetWireless\NCS\PROSet\PRONoMgr.exe

C:\WINDOWS\System32\DSentry.exe

C:\Program\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe

C:\Program\Delade filer\Symantec Shared\ccApp.exe

C:\Program\SYMANT~1\VPTray.exe

C:\Program\Apoint\Apntex.exe

C:\Program\HP\hpcoretech\hpcmpmgr.exe

C:\Program\Hewlett-Packard\HP Software Update\HPWuSchd2.exe

C:\WINDOWS\system32\hphmon05.exe

C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe

C:\Program\Telia\Supportassistent\bin\tgcmd.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program\mozilla.org\Mozilla\Mozilla.exe

C:\Program\Spyware Doctor\swdoctor.exe

C:\Program\SuperLogix\Super Utilities\SuperUtil.exe

C:\Program\SuperLogix\Super Utilities\SuperUtil.exe

C:\Program\Dell\Bluetooth-programvara\BTTray.exe

C:\Program\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe

C:\Program\Hewlett-Packard\Digital Imaging\bin\hposol08.exe

C:\Program\SpywareGuard\sgmain.exe

C:\Program\HP\hpcoretech\comp\hptskmgr.exe

C:\Program\SpywareGuard\sgbhp.exe

C:\Program\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe

C:\WINDOWS\System32\basfipm.exe

C:\Program\Dell\Bluetooth-programvara\bin\btwdins.exe

C:\Program\Delade filer\Symantec Shared\ccSetMgr.exe

C:\Program\Symantec AntiVirus\DefWatch.exe

C:\WINDOWS\System32\RegSrvc.exe

C:\Program\Symantec AntiVirus\SavRoam.exe

C:\Program\Symantec AntiVirus\Rtvscan.exe

C:\Program\Delade filer\Symantec Shared\ccEvtMgr.exe

C:\Program\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe

C:\WINDOWS\System32\1XConfig.exe

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\WINDOWS\System32\svchost.exe

C:\Program\Internet Explorer\iexplore.exe

C:\Documents and Settings\Roger D\Skrivbord\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.aftonbladet.se/

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.euro.dell.com/

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program\SpywareGuard\dlprotect.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program\SPYBOT~1\SDHelper.dll

O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\Program\SPYWAR~1\tools\iesdsg.dll

O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\Program\SPYWAR~1\tools\iesdpb.dll

O4 - HKLM\..\Run: [Apoint] C:\Program\Apoint\Apoint.exe

O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program\Java\jre1.5.0_01\bin\jusched.exe

O4 - HKLM\..\Run: [ATIPTA] C:\Program\ATI Technologies\ATI Control Panel\atiptaxx.exe

O4 - HKLM\..\Run: [Dell QuickSet] C:\Program\Dell\QuickSet\quickset.exe

O4 - HKLM\..\Run: [bascstray] BascsTray.exe

O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program\Intel\PROSetWireless\NCS\PROSet\PRONoMgr.exe

O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe

O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"

O4 - HKLM\..\Run: [ccApp] "C:\Program\Delade filer\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [vptray] C:\Program\SYMANT~1\VPTray.exe

O4 - HKLM\..\Run: [HPHUPD05] C:\Program\Hewlett-Packard\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\hphupd05.exe

O4 - HKLM\..\Run: [HP Component Manager] "C:\Program\HP\hpcoretech\hpcmpmgr.exe"

O4 - HKLM\..\Run: [HP Software Update] "C:\Program\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"

O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\system32\hphmon05.exe

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe

O4 - HKLM\..\Run: [TeliaTGCMD] "C:\Program\Telia\Supportassistent\bin\tgcmd.exe" /server /startmonitor /deaf

O4 - HKLM\..\RunServices: [p2pnetworking] p2pnetworking.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [Mozilla Quick Launch] "C:\Program\mozilla.org\Mozilla\Mozilla.exe" -turbo

O4 - HKCU\..\Run: [spyware Doctor] "C:\Program\Spyware Doctor\swdoctor.exe" /Q

O4 - HKCU\..\Run: [super Utilities] C:\Program\SuperLogix\Super Utilities\SuperUtil.exe /min

O4 - Startup: SpywareGuard.lnk = C:\Program\SpywareGuard\sgmain.exe

O4 - Global Startup: BTTray.lnk = ?

O4 - Global Startup: Microsoft Office.lnk = C:\Program\Microsoft Office\Office\OSA9.EXE

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program\Delade filer\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program\Delade filer\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: hpoddt01.exe.lnk = ?

O4 - Global Startup: officejet 6100.lnk = ?

O8 - Extra context menu item: Skicka till &Bluetooth - C:\Program\Dell\Bluetooth-programvara\btsendto_ie_ctx.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_01\bin\npjpi150_01.dll

O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_01\bin\npjpi150_01.dll

O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\Program\SPYWAR~1\tools\iesdpb.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe (file missing)

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe (file missing)

O16 - DPF: ppctlcab - http://ppupdates.ca.com/downloads/scanner/ppctlcab.cab

O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab

O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://ppupdates.ca.com/downloads/scanner/axscanner.cab

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.com/scan8/oscan8.cab

O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab

O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab

O16 - DPF: {8EB3FF4E-86A1-4717-884D-7BA2D38272CB} (F-Secure Online Scanner) - http://support.f-secure.com/ols/fscax.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab

O16 - DPF: {9B03C5F1-F5AB-47EE-937D-A8EDA626F876} (Anonymizer Anti-Spyware Scanner) - http://download.zonelabs.com/bin/promotions/spywaredetector/WebAAS.cab

O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab

O18 - Protocol: widimg - {EE7C2AFF-5742-44FF-BD0E-E521B0D3C3BA} - C:\WINDOWS\System32\btxppanel.dll

O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll

O20 - Winlogon Notify: Sebring - C:\WINDOWS\System32\LgNotify.dll

O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe

O23 - Service: Broadcom ASF IP monitoring service v6.0.3 (BAsfIpM) - Broadcom Corp. - C:\WINDOWS\System32\basfipm.exe

O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program\Dell\Bluetooth-programvara\bin\btwdins.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccPwdSvc.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccSetMgr.exe

O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program\Symantec AntiVirus\DefWatch.exe

O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program\Delade filer\Macromedia Shared\Service\Macromedia Licensing.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\System32\RegSrvc.exe

O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\System32\S24EvMon.exe

O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program\Symantec AntiVirus\SavRoam.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\SNDSrvc.exe

O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program\Symantec AntiVirus\Rtvscan.exe[/log]

 

Link to comment
Share on other sites

Skapa en ny mapp på C:\ och placera HijackThis.exe dit så C:\HjT\HijackThis.exe

 

Scanna med Hijack bocka i följande rader stäng Web-läsaren och alla andra öppna fönster och klicka FIX checked

 

O4 - HKLM\..\RunServices: [p2pnetworking] p2pnetworking.exe

 

 

Link to comment
Share on other sites

Om du scannar med Hijackken och denna rad är borta så ok ser inget annat i loggen

 

O4 - HKLM\..\RunServices: [p2pnetworking] p2pnetworking.exe

 

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.



×
×
  • Create New...