teliasäkersurf hittar virus men åtgärdar inte

[Zipp.]

 

Ta bort den i felsäkert läge

 

C:\WINDOWS\system32\parad.raw.exe

 

 

 

 

[roger_malmö]

Borttagit och nu scan visar inga problem, hoppas jag hinner klicka skapa inlägg innan nya problem.

Ny pinne självklar.

 

[roger_malmö]

tackar, blev genast mycket bättre

 

[roger_malmö]

Så var det dags igen fick följande varning

Resultat: 1 skadliga program hittades

Packed.Win32.Tibs (virus)

C:\SYSTEM VOLUME INFORMATION\_RESTORE{5976BDFA-4DBA-491D-A2CB-787817C06524}\RP2\A0000033.EXE

 

har inte surfat på hela dagen

 

[roger_malmö]

[[log]LOG]

Logfile of HijackThis v1.99.1

Scan saved at 15:40:45, on 2006-05-01

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Program\QuickTime\qttask.exe

C:\Program\Analog Devices\SoundMAX\SMTray.exe

C:\Program\CA\eTrust PestPatrol\PPActiveDetection.exe

C:\Program\Symantec\Norton Ghost\Agent\GhostTray.exe

C:\Program\D-Tools\daemon.exe

C:\Program\The Cleaner\tca.exe

C:\Program\The Cleaner\tcm.exe

C:\Program\Labtec\Mouse\2.1\moffice.exe

C:\Program\Labtec\Media Keyboard\V5.0\KbdAp32A.exe

C:\Program\Telia\Telias Sakerhetstjanster\Common\FSM32.EXE

C:\Program\Winamp\winampa.exe

C:\Program\Java\jre1.5.0_06\bin\jusched.exe

C:\Program\Gadwin Systems\PrintScreen\PrintScreen.exe

C:\Program\D-Link\D-Link AirPlus G+ Wireless Adapter Utility\DWLGTI.EXE

C:\Program\D-Link AirPlus\AirPlus.exe

C:\Program\Plextor\PlexTool.exe

C:\Program\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe

C:\Program\Rainlendar\Rainlendar.exe

C:\Program\OOo-dev 2.0\program\soffice.exe

C:\Program\OOo-dev 2.0\program\soffice.BIN

C:\Program\Labtec\Mouse\2.1\MOUSE32A.EXE

C:\Program\Telia\TELIAS~1\backweb\7836882\Program\SERVIC~1.EXE

C:\Program\Executive Software\Diskeeper\DkService.exe

C:\Program\Telia\Telias Sakerhetstjanster\Anti-Virus\fsgk32st.exe

C:\Program\Telia\Telias Sakerhetstjanster\backweb\7836882\program\fsbwsys.exe

C:\Program\Telia\Telias Sakerhetstjanster\Anti-Virus\FSGK32.EXE

C:\Program\Telia\Telias Sakerhetstjanster\Common\FSMA32.EXE

C:\WINDOWS\System32\GEARSec.exe

C:\Program\Telia\Telias Sakerhetstjanster\Common\FSMB32.EXE

C:\Program\Symantec\Norton Ghost\Agent\PQV2iSvc.exe

C:\Program\Telia\Telias Sakerhetstjanster\Anti-Virus\fssm32.exe

C:\Program\Telia\Telias Sakerhetstjanster\backweb\7836882\Program\fspex.exe

C:\Program\Telia\Telias Sakerhetstjanster\Common\FCH32.EXE

C:\Program\Telia\Telias Sakerhetstjanster\Common\FAMEH32.EXE

C:\Program\Telia\Telias Sakerhetstjanster\Anti-Virus\fsqh.exe

C:\Program\Telia\Telias Sakerhetstjanster\Anti-Virus\fsrw.exe

C:\Program\Photodex\ProShowGold\ScsiAccess.exe

C:\Program\Analog Devices\SoundMAX\SMAgent.exe

C:\WINDOWS\system32\svchost.exe

C:\Program\Telia\Telias Sakerhetstjanster\Anti-Virus\fsav32.exe

C:\Program\Telia\Telias Sakerhetstjanster\FWES\Program\fsdfwd.exe

C:\Program\Telia\TELIAS~1\ANTI-S~1\fsaw.exe

C:\Program\Telia\Telias Sakerhetstjanster\FSGUI\fsguidll.exe

C:\WINDOWS\System32\svchost.exe

C:\Program\Adobe\InDesign CS\InDesign.exe

C:\Program\Adobe\Illustrator CS\Support Files\Contents\Windows\Illustrator.exe

C:\Program\Internet Explorer\iexplore.exe

C:\hijack\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.aftonbladet.se/

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program\Java\jre1.5.0_06\bin\ssv.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program\google\googletoolbar2.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)

O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program\Canon\Easy-WebPrint\Toolband.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program\google\googletoolbar2.dll

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [smapp] C:\Program\Analog Devices\SoundMAX\SMTray.exe

O4 - HKLM\..\Run: [eTrustPPAP] "C:\Program\CA\eTrust PestPatrol\PPActiveDetection.exe"

O4 - HKLM\..\Run: [Norton Ghost 9.0] C:\Program\Symantec\Norton Ghost\Agent\GhostTray.exe

O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program\D-Tools\daemon.exe" -lang 1033

O4 - HKLM\..\Run: [tcactive] C:\Program\The Cleaner\tca.exe

O4 - HKLM\..\Run: [tcmonitor] C:\Program\The Cleaner\tcm.exe

O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] C:\Program\Labtec\Mouse\2.1\moffice.exe

O4 - HKLM\..\Run: [LWBKEYBOARD] C:\Program\Labtec\Media Keyboard\V5.0\KbdAp32A.exe

O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program\Telia\Telias Sakerhetstjanster\Common\FSM32.EXE" /splash

O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program\Telia\Telias Sakerhetstjanster\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW

O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program\Telia\Telias Sakerhetstjanster\FSGUI\FSSW.EXE" /reboot

O4 - HKLM\..\Run: [WinampAgent] C:\Program\Winamp\winampa.exe

O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program\Java\jre1.5.0_06\bin\jusched.exe

O4 - HKCU\..\Run: [Gadwin PrintScreen 3.0] C:\Program\Gadwin Systems\PrintScreen\PrintScreen.exe /nosplash

O4 - HKCU\..\Run: [pconpoint.exe] "C:\Program\PConPoint\pconpoint.exe"

O4 - Startup: Adobe Gamma.lnk = C:\Program\Delade filer\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Startup: Diskeeper 9 Professional Edition Registration.lnk = C:\Program\Executive Software\Diskeeper\ESIRegister.exe

O4 - Startup: OOo-dev 2.0.lnk = C:\Program\OOo-dev 2.0\program\quickstart.exe

O4 - Startup: Rainlendar.lnk = C:\Program\Rainlendar\Rainlendar.exe

O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program\Delade filer\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program\Delade filer\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: D-Link AirPlus G+ Wireless Adapter Utility.lnk = C:\Program\D-Link\D-Link AirPlus G+ Wireless Adapter Utility\DWLGTI.EXE

O4 - Global Startup: D-Link AirPlus.lnk = ?

O4 - Global Startup: Microsoft Office.lnk = C:\Program\Microsoft Office\Office10\OSA.EXE

O4 - Global Startup: PlexTools Professional.lnk = C:\Program\Plextor\PlexTool.exe

O4 - Global Startup: Service Manager.lnk = C:\Program\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe

O4 - Global Startup: Telias säkerhetstjänster.lnk = C:\Program\Telia\Telias Sakerhetstjanster\backweb\7836882\Program\fspex.exe

O8 - Extra context menu item: &Google-sökning - res://c:\program\google\GoogleToolbar2.dll/cmsearch.html

O8 - Extra context menu item: &Översätt engelskt ord - res://c:\program\google\GoogleToolbar2.dll/cmwordtrans.html

O8 - Extra context menu item: Bakåtlänkar - res://c:\program\google\GoogleToolbar2.dll/cmbacklinks.html

O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~2\Office10\EXCEL.EXE/3000

O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html

O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html

O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html

O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program\Canon\Easy-WebPrint\Resource.dll/RC_Print.html

O8 - Extra context menu item: Lagrad bild på sida - res://c:\program\google\GoogleToolbar2.dll/cmcache.html

O8 - Extra context menu item: Liknande sidor - res://c:\program\google\GoogleToolbar2.dll/cmsimilar.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra button: IE-sköld - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program\Telia\Telias Sakerhetstjanster\Anti-Spyware\ieshield.dll

O9 - Extra 'Tools' menuitem: IE-sköld... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program\Telia\Telias Sakerhetstjanster\Anti-Spyware\ieshield.dll

O9 - Extra button: MultiPoker - {641F4F4E-6C91-4159-869E-9F5CE6F0F64E} - C:\WINDOWS\system32\shdocvw.dll

O9 - Extra 'Tools' menuitem: MultiPoker - {641F4F4E-6C91-4159-869E-9F5CE6F0F64E} - C:\WINDOWS\system32\shdocvw.dll

O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\WINDOWS\system32\shdocvw.dll

O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\WINDOWS\system32\shdocvw.dll

O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1130785558390

O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) - http://us-housecall.trendmicro-europe.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab

O16 - DPF: {78D80081-F388-11D3-9161-00105A07EA40} (LEAD MCMP/MJPEG Decoder) - http://www.leadtools.com/cabs/LCODCCMPE.CAB

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program\Delade filer\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Telias säkerhetstjänster (BackWeb Plug-in - 7836882) - BackWeb Technologies Inc. - C:\Program\Telia\TELIAS~1\backweb\7836882\Program\SERVIC~1.EXE

O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program\Executive Software\Diskeeper\DkService.exe

O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corporation - C:\Program\Telia\Telias Sakerhetstjanster\Anti-Virus\fsgk32st.exe

O23 - Service: fsbwsys - F-Secure Corp. - C:\Program\Telia\Telias Sakerhetstjanster\backweb\7836882\program\fsbwsys.exe

O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program\Telia\Telias Sakerhetstjanster\FWES\Program\fsdfwd.exe

O23 - Service: FSMA - F-Secure Corporation - C:\Program\Telia\Telias Sakerhetstjanster\Common\FSMA32.EXE

O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe

O23 - Service: Norton Ghost - Symantec Corporation - C:\Program\Symantec\Norton Ghost\Agent\PQV2iSvc.exe

O23 - Service: ScsiAccess - Unknown owner - C:\Program\Photodex\ProShowGold\ScsiAccess.exe

O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program\Analog Devices\SoundMAX\SMAgent.exe[/log]

 

[Cecilia]

C:\SYSTEM VOLUME INFORMATION\_RESTORE

Det där är stället där systemåterställningsfunktionen i Windows lagrar olika systemåterställningspunkter. Det betyder att medan din dator var infekterad så skapade Windows en systemåterställningspunkt. Så länge som otrevligheterna ligger i den mappen så är de ofarliga. Däremot så om du återställer till en tidpunkt då datorn var infekterad så blir även otrevligheterna återställda.

 

Zipp skrev hur du tar bort alla systemåterställningspunkter 28 april 16:15.

 

 

[Zipp.]

 

Töm\rensa System Restore igen.

 

[/Thomas]

Jag kan inte starta virusprogrammet i felsäkert läge , händer nada när jag försöker

 

Konstigt!

 

Själv använder jag f-secures (som Telia-säkersurf är) företagsversion för klienter, och med den kan jag via startmenyn välja "Avsök alla hårddiskar"

i felsäkert läge!

 

De kan ha ändrat något i den senaste privatversionen, men det är isåfall både mysko och för mej okänt!

 

 

/Thomas

Ladda ner professionella väl genomtänkta installationsanvisningar som ger hög säkerhet mot virus & angrepp, stabil drift samt optimal prestanda på: http://www.winguider.se Finns för Win2000 Pro & för XP Pro (3 olika versioner) Ej för XP home