Just nu i M3-nätverket
Jump to content

Hjälp med Trojan?


fettavskiljarn

Recommended Posts

fettavskiljarn

Hejsan!

Har fått problem med detta viruset http://www.viruslist.com/en/viruses/encyclopedia?virusid=106495

Undrar om någon vänlig person skulle kunna hjälpa mig att ta bort det.

 

[log]Logfile of HijackThis v1.99.1

Scan saved at 09:35:33, on 2005-12-28

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program\Delade filer\Symantec Shared\ccSetMgr.exe

C:\WINDOWS\Explorer.EXE

C:\Program\Delade filer\Symantec Shared\SNDSrvc.exe

C:\Program\Delade filer\Symantec Shared\SPBBC\SPBBCSvc.exe

C:\Program\Delade filer\Symantec Shared\ccEvtMgr.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Acer\eManager\anbmServ.exe

c:\Program\WIDCOMM\Bluetooth-programvara\bin\btwdins.exe

C:\Program\Norton AntiVirus\navapsvc.exe

C:\Program\Norton AntiVirus\IWP\NPFMntor.exe

C:\Program\Synaptics\SynTP\SynTPLpr.exe

C:\Program\Synaptics\SynTP\SynTPEnh.exe

C:\Program\CyberLink\PowerDVD\PDVDServ.exe

C:\Program\Acer\eRecovery\Monitor.exe

C:\WINDOWS\AGRSMMSG.exe

C:\acer\epm\epm-dm.exe

C:\Program\Launch Manager\QtZgAcer.EXE

C:\WINDOWS\system32\rundll32.exe

C:\Program\Delade filer\Symantec Shared\ccApp.exe

C:\WINDOWS\system32\igfxtray.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\Program\Quicktime v 7.0.3.50\qttask.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program\WIDCOMM\Bluetooth-programvara\BTTray.exe

C:\Program\Internet Explorer\iexplore.exe

C:\WINDOWS\regedit.exe

C:\Program\Messenger\msmsgs.exe

C:\Documents and Settings\Fettavskiljarn\Skrivbord\Virus\hijackthis\HijackThis.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://global.acer.com

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://global.acer.com/

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program\Norton AntiVirus\NavShExt.dll

O4 - HKLM\..\Run: [LaunchApp] Alaunch

O4 - HKLM\..\Run: [synTPLpr] C:\Program\Synaptics\SynTP\SynTPLpr.exe

O4 - HKLM\..\Run: [synTPEnh] C:\Program\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [RemoteControl] C:\Program\CyberLink\PowerDVD\PDVDServ.exe

O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC

O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC

O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName

O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe

O4 - HKLM\..\Run: [EPM-DM] c:\acer\epm\epm-dm.exe

O4 - HKLM\..\Run: [ePowerManagement] C:\Acer\ePM\ePM.exe boot

O4 - HKLM\..\Run: [LManager] C:\Program\Launch Manager\QtZgAcer.EXE

O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent

O4 - HKLM\..\Run: [eRecoveryService] C:\Program\Acer\eRecovery\Monitor.exe

O4 - HKLM\..\Run: [ccApp] "C:\Program\Delade filer\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [symantec NetDriver Monitor] C:\Program\SYMNET~1\SNDMon.exe /Consumer

O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\Quicktime v 7.0.3.50\qttask.exe" -atboottime

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - Global Startup: BTTray.lnk = ?

O8 - Extra context menu item: Skicka till &Bluetooth - c:\Program\WIDCOMM\Bluetooth-programvara\btsendto_ie_ctx.htm

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/downloads/kws/kavwebscan_unicode.cab

O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab

O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab

O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab

O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll

O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe

O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - c:\Program\WIDCOMM\Bluetooth-programvara\bin\btwdins.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccPwdSvc.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccSetMgr.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program\Delade filer\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program\Norton AntiVirus\navapsvc.exe

O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program\Norton AntiVirus\IWP\NPFMntor.exe

O23 - Service: SAVScan - Symantec Corporation - C:\Program\Norton AntiVirus\SAVScan.exe

O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\Program\DELADE~1\SYMANT~1\SCRIPT~1\SBServ.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\SNDSrvc.exe

O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\SPBBC\SPBBCSvc.exe

 

[/log]

 

[log]-------------------------------------------------------------------------------

KASPERSKY ON-LINE SCANNER REPORT

Wednesday, December 28, 2005 09:57:21

Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)

Kaspersky On-line Scanner version: 5.0.67.0

Kaspersky Anti-Virus database last update: 28/12/2005

Kaspersky Anti-Virus database records: 157732

-------------------------------------------------------------------------------

 

Scan Settings:

Scan using the following antivirus database: standard

Scan Archives: true

Scan Mail Bases: true

 

Scan Target - My Computer:

C: D:

Scan Statistics:

Total number of scanned objects: 33440

Number of viruses found: 1

Number of infected objects: 4

Number of suspicious objects: 0

Duration of the scan process: 1009 sec

 

Infected Object Name - Virus Name

C:\System Volume Information\_restore{B462B16A-99EC-4242-85DE-750F2A805B33}\RP13\A0001480.exe Infected: Trojan-Clicker.Win32.VB.kq

C:\System Volume Information\_restore{B462B16A-99EC-4242-85DE-750F2A805B33}\RP13\A0001481.exe Infected: Trojan-Clicker.Win32.VB.kq

C:\System Volume Information\_restore{B462B16A-99EC-4242-85DE-750F2A805B33}\RP13\A0001482.exe Infected: Trojan-Clicker.Win32.VB.kq

C:\System Volume Information\_restore{B462B16A-99EC-4242-85DE-750F2A805B33}\RP13\A0001483.exe Infected: Trojan-Clicker.Win32.VB.kq

 

Scan process completed.

[/log]

 

Tack på förhand!

 

Link to comment
Share on other sites

 

Dom ligger alla här:

 

C:\System Volume Information\_restore

 

så stäng av System Restore och sen starta om datorn och aktivera den igen och gör en ny återställningspungt.

 

 

[log]Stäng System Restore

 

1. Välj Den här dator och högerklicka.

2. Välj Egenskaper.

3. Välj fliken Systemåterställning.

4. Välj "Inaktivera Systemåterställning".

5. Klicka på Verkställ.

6. Klicka på OK.

 

 

För att skapa en återställningspunkt gör du så här:

 

1. Högerklicka på Den här datorn.

2. Välj Egenskaper.

3. Under fliken Systemåterställning ser du till att Inaktivera systemåterställning på alla enheter inte är förbockad.

4. Gå in på Startmenyn.

5. Välj Program, Tillbehör, Systemverktyg och Systemåterställning.

6. Bocka för Skapa en återställningspunkt.

7. Klicka på Nästa.

8. Döp återställningspunkten till valfritt namn.

9. Klicka på Skapa.

10. Klicka på Stäng.[/log]

 

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.



×
×
  • Create New...