Just nu i M3-nätverket
Jump to content

HJÄLP!!!


sippan

Recommended Posts

Har fått virusvarning Hoax.win32.Renos.dd

Varje gång vi försöker gå in på internet kommer det fran ett security center som varnar för att det finns virus i datorn.

"safetyuptodate.com" finns det någon vänlig människa som kan hjälpa oss?

 

 

 

Link to comment
Share on other sites

Hej kolla in min sida, under rubriken Hjälp Virus. Jag hade samma problem.

Frida Olsson

Har typ en sån där 25 inlägg för jag är okunnig om datorer, men han hjälpte mig.

[inlägget ändrat 2006-05-22 22:26:24 av Frida Olsson]

[inlägget ändrat 2006-05-22 22:27:07 av Frida Olsson]

Link to comment
Share on other sites

[log]Logfile of HijackThis v1.99.1

Scan saved at 19:55:08, on 2006-05-23

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program\Telia\TELIAS~1\backweb\7836882\Program\SERVIC~1.EXE

C:\Program\Telia\Telias Sakerhetstjanster\backweb\7836882\program\fsbwsys.exe

C:\Program\Delade filer\Symantec Shared\SNDSrvc.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\Program\CyberLink DVD Solution\PowerDVD\PDVDServ.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\Program\MYWEBS~1\bar\1.bin\mwsoemon.exe

C:\Program\Logitech\iTouch\iTouch.exe

C:\Program\MessengerPlus! 3\MsgPlus.exe

C:\Program\Java\jre1.5.0_06\bin\jusched.exe

C:\Program\Macrogaming\SweetIM\SweetIM.exe

C:\WINDOWS\system32\W?nSxS\?pool32.exe

C:\Program\Messenger\msmsgs.exe

C:\Program\Telia\Telias Sakerhetstjanster\backweb\7836882\Program\fspex.exe

C:\Program\Logitech\MouseWare\system\em_exec.exe

C:\Program\Telia\Telias Sakerhetstjanster\Common\FSMA32.EXE

C:\Program\Telia\Telias Sakerhetstjanster\Common\FSMB32.EXE

C:\Program\Telia\Telias Sakerhetstjanster\Common\FCH32.EXE

C:\Program\Telia\Telias Sakerhetstjanster\Anti-Virus\fsgk32st.exe

C:\Program\Telia\Telias Sakerhetstjanster\Anti-Virus\FSGK32.EXE

C:\Program\Telia\Telias Sakerhetstjanster\Anti-Virus\fsqh.exe

C:\Program\Telia\Telias Sakerhetstjanster\Common\FAMEH32.EXE

C:\Program\Telia\Telias Sakerhetstjanster\Anti-Virus\fssm32.exe

C:\Program\Telia\Telias Sakerhetstjanster\Anti-Virus\fsrw.exe

C:\Program\Telia\Telias Sakerhetstjanster\FWES\Program\fsdfwd.exe

C:\Program\Telia\Telias Sakerhetstjanster\Anti-Virus\fsav32.exe

C:\Program\Telia\Telias Sakerhetstjanster\Common\FSM32.EXE

C:\Program\Telia\TELIAS~1\ANTI-S~1\fsaw.exe

C:\Program\Telia\Telias Sakerhetstjanster\FSGUI\fsguidll.exe

C:\Program\Internet Explorer\iexplore.exe

C:\Program\Outlook Express\msimn.exe

C:\DOCUME~1\XP1\LOKALA~1\Temp\Temporär katalog 2 för HijackThis.zip\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.altavista.com/

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar

R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program\Macrogaming\SweetIMBarForIE\toolbar.dll (file missing)

O2 - BHO: Nothing - {f79fd28e-36ee-4989-aa61-9dd8e30a82fa} - C:\WINDOWS\system32\hp2DDA.tmp

O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program\Macrogaming\SweetIMBarForIE\toolbar.dll (file missing)

O4 - HKLM\..\Run: [symantec NetDriver Monitor] C:\Program\SYMNET~1\SNDMon.exe

O4 - HKLM\..\Run: [RemoteControl] "C:\Program\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [Ptipbmf] rundll32.exe ptipbmf.dll,SetWriteCacheMode

O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program\Telia\Telias Sakerhetstjanster\Common\FSM32.EXE" /splash

O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program\Telia\Telias Sakerhetstjanster\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW

O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program\Telia\Telias Sakerhetstjanster\FSGUI\FSSW.EXE" /reboot

O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\Program\MYWEBS~1\bar\1.bin\mwsoemon.exe

O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program\Logitech\iTouch\iTouch.exe

O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe

O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe

O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program\MessengerPlus! 3\MsgPlus.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program\Java\jre1.5.0_06\bin\jusched.exe

O4 - HKLM\..\Run: [sweetIM] C:\Program\Macrogaming\SweetIM\SweetIM.exe

O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\Program\MYWEBS~1\bar\1.bin\mwsoemon.exe

O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program\MessengerPlus! 3\MsgPlus.exe" /WinStart

O4 - HKCU\..\Run: [sweetIM] C:\Program\Macrogaming\SweetIM\SweetIM.exe

O4 - HKCU\..\Run: [Pbts] "C:\DOCUME~1\XP1\MINADO~1\SCURIT~1\notepad.exe" -vt ndrv

O4 - HKCU\..\Run: [Qtsenwin] C:\WINDOWS\system32\W?nSxS\?pool32.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Program\Messenger\msmsgs.exe" /background

O4 - Global Startup: Microsoft Office.lnk = C:\Program\Microsoft Office\Office\OSA9.EXE

O4 - Global Startup: Telias säkerhetstjänster.lnk = C:\Program\Telia\Telias Sakerhetstjanster\backweb\7836882\Program\fspex.exe

O8 - Extra context menu item: &Blockera detta popup-fönster - C:\Program\Telia\Telias Sakerhetstjanster\Anti-Spyware\blockpopups.htm

O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZS

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_06\bin\ssv.dll (file missing)

O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_06\bin\ssv.dll (file missing)

O9 - Extra button: IE-sköld - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program\Telia\Telias Sakerhetstjanster\Anti-Spyware\ieshield.dll

O9 - Extra 'Tools' menuitem: IE-sköld... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program\Telia\Telias Sakerhetstjanster\Anti-Spyware\ieshield.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O12 - Plugin for .mov: C:\Program\Internet Explorer\PLUGINS\npqtplugin.dll

O12 - Plugin for .mp3: C:\Program\Internet Explorer\PLUGINS\npqtplugin3.dll

O12 - Plugin for .mpeg: C:\Program\Internet Explorer\PLUGINS\npqtplugin3.dll

O12 - Plugin for .spop: C:\Program\Internet Explorer\Plugins\NPDocBox.dll

O12 - Plugin for .UVR: C:\Program\Internet Explorer\Plugins\NPUPano.dll

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1125220622312

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\Program\MSNMES~1\msgrapp.dll" (file missing)

O23 - Service: Telias säkerhetstjänster (BackWeb Plug-in - 7836882) - BackWeb Technologies Inc. - C:\Program\Telia\TELIAS~1\backweb\7836882\Program\SERVIC~1.EXE

O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corporation - C:\Program\Telia\Telias Sakerhetstjanster\Anti-Virus\fsgk32st.exe

O23 - Service: fsbwsys - F-Secure Corp. - C:\Program\Telia\Telias Sakerhetstjanster\backweb\7836882\program\fsbwsys.exe

O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program\Telia\Telias Sakerhetstjanster\FWES\Program\fsdfwd.exe

O23 - Service: FSMA - F-Secure Corporation - C:\Program\Telia\Telias Sakerhetstjanster\Common\FSMA32.EXE

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\SNDSrvc.exe

[/log]

 

 

Link to comment
Share on other sites

[log]SmitFraudFix v2.46

 

Scan done at 20:27:35,37, 2006-05-23

Run from C:\Documents and Settings\XP1\Skrivbord\SmitfraudFix\SmitfraudFix

OS: Microsoft Windows XP [Version 5.1.2600]

Fix ran in normal mode

 

»»»»»»»»»»»»»»»»»»»»»»»» C:

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

 

C:\WINDOWS\system32\dcomcfg.exe FOUND !

C:\WINDOWS\system32\hp????.tmp FOUND !

C:\WINDOWS\system32\ld????.tmp FOUND !

C:\WINDOWS\system32\ot.ico FOUND !

C:\WINDOWS\system32\simpole.tlb FOUND !

C:\WINDOWS\system32\stdole3.tlb FOUND !

C:\WINDOWS\system32\ts.ico FOUND !

C:\WINDOWS\system32\1024\ FOUND !

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\XP1\Application Data

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Start Menu

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\XP1\FAVORI~1

 

C:\DOCUME~1\XP1\FAVORI~1\Antivirus Test Online.url FOUND !

 

»»»»»»»»»»»»»»»»»»»»»»»» Desktop

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\Program

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]

"Source"="About:Home"

"SubscribedURL"="About:Home"

"FriendlyName"="Min aktuella startsida"

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler

!!!Attention, following keys are not inevitably infected!!!

 

SrchSTS.exe by S!Ri

Search SharedTaskScheduler's .dll

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]

"{A2D9D3F0-8C2A-2A1D-A376-1BECFB10AB72}"="Reload Browse"

 

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]

"{89aef01d-d237-49c7-84dc-4e1904c1fd31}"="AutoDisc Ware"

 

[HKEY_CLASSES_ROOT\CLSID\{89aef01d-d237-49c7-84dc-4e1904c1fd31}\InProcServer32]

@="C:\WINDOWS\system32\sbnudh.dll"

 

[HKEY_CURRENT_USER\Software\Classes\CLSID\{89aef01d-d237-49c7-84dc-4e1904c1fd31}\InProcServer32]

@="C:\WINDOWS\system32\sbnudh.dll"

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection

 

 

»»»»»»»»»»»»»»»»»»»»»»»» End

 

 

[/log]

 

Har lagt in LOG-taggar

Cecilia - Moderator för Virus - Antivirus och Spionprogram

 

[inlägget ändrat 2007-05-28 16:35:45 av Cecilia]

Link to comment
Share on other sites

 

Avinstallera via Kontrollpanelen om hittas

 

MyWebSearch

 

Starta sen datorn i felsäkert läge.

 

Ta bort om hittas

 

C:\Program\MYWEBS~1\ < mappen

 

Efter det öppna SmitfraudFix mappen och dubbelklicka på smitfraudfix.cmd

Välj altenativ Clean = klicka 2 och Enter

Sen vänta tills den jobbar klart.

På frågan "Registry cleaning - Do you want to clean the registry ?"

svara Yes med att klicka Y och Enter

Om wininet.dll är infekterad får du frågan "Replace infected file ?"

svara Yes med att klicka Y och Enter.

Om inte datorn startar om automatiskt så starta den i normalläge.

 

Skicka sen C:\rapport.txt och en ny Hijack logg

 

 

 

 

 

Link to comment
Share on other sites

Det gick hyfsat bra, security center är borta och allting verkar fungera.

Jag har nog gjort en tabbe, när jag först fick virusvarning på en fil som hette

C:\WINDOWS\system32\sbnudh.dll tog jag bort den filen. Är det en viktig fil? Tror du att jag behöver den?

 

 

[log]SmitFraudFix v2.46

 

Scan done at 20:47:27,68, 2006-05-23

Run from C:\Documents and Settings\XP1\Skrivbord\SmitfraudFix\SmitfraudFix

OS: Microsoft Windows XP [Version 5.1.2600]

Fix ran in safe mode

 

»»»»»»»»»»»»»»»»»»»»»»»» Before SmitFraudFix

!!!Attention, following keys are not inevitably infected!!!

 

SrchSTS.exe by S!Ri

Search SharedTaskScheduler's .dll

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]

"{A2D9D3F0-8C2A-2A1D-A376-1BECFB10AB72}"="Reload Browse"

 

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]

"{89aef01d-d237-49c7-84dc-4e1904c1fd31}"="AutoDisc Ware"

 

[HKEY_CLASSES_ROOT\CLSID\{89aef01d-d237-49c7-84dc-4e1904c1fd31}\InProcServer32]

@="C:\WINDOWS\system32\sbnudh.dll"

 

[HKEY_CURRENT_USER\Software\Classes\CLSID\{89aef01d-d237-49c7-84dc-4e1904c1fd31}\InProcServer32]

@="C:\WINDOWS\system32\sbnudh.dll"

 

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Killing process

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

 

C:\WINDOWS\system32\dcomcfg.exe Deleted

C:\WINDOWS\system32\hp????.tmp Deleted

C:\WINDOWS\system32\ld????.tmp Deleted

C:\WINDOWS\system32\ot.ico Deleted

C:\WINDOWS\system32\simpole.tlb Deleted

C:\WINDOWS\system32\stdole3.tlb Deleted

C:\WINDOWS\system32\ts.ico Deleted

C:\WINDOWS\system32\1024\ Deleted

C:\DOCUME~1\XP1\FAVORI~1\Antivirus Test Online.url Deleted

 

»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

 

GenericRenosFix by S!Ri

 

C:\WINDOWS\system32\sbnudh.dll -> Missing File

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

 

Registry Cleaning done.

 

»»»»»»»»»»»»»»»»»»»»»»»» After SmitFraudFix

!!!Attention, following keys are not inevitably infected!!!

 

SrchSTS.exe by S!Ri

Search SharedTaskScheduler's .dll

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]

"{89aef01d-d237-49c7-84dc-4e1904c1fd31}"="AutoDisc Ware"

 

[HKEY_CLASSES_ROOT\CLSID\{89aef01d-d237-49c7-84dc-4e1904c1fd31}\InProcServer32]

@="C:\WINDOWS\system32\sbnudh.dll"

 

[HKEY_CURRENT_USER\Software\Classes\CLSID\{89aef01d-d237-49c7-84dc-4e1904c1fd31}\InProcServer32]

@="C:\WINDOWS\system32\sbnudh.dll"

 

 

 

»»»»»»»»»»»»»»»»»»»»»»»» End

 

 

[/log]

 

Har lagt in LOG-taggar

Cecilia - Moderator för Virus - Antivirus och Spionprogram

 

[inlägget ändrat 2007-05-28 16:36:11 av Cecilia]

Link to comment
Share on other sites

 

> Är det en viktig fil? <

 

Nej den ska bort tillhör Smitfraud infektion.

 

Öppna SmitfraudFix mappen och dubbelklicka på smitfraudfix.cmd

Välj altenativ Search = klicka 1 och Enter

Kopiera loggen som kommer ut och skicka hit.

Skicka också en ny Hijack logg.

 

 

 

 

 

Link to comment
Share on other sites

Sorry! Min skärm slutade att fungera, Typiskt!!!

Har fått en ny idag, hoppas att du vill fortsätta hjälpa mig. Tack på förhand.

 

 

[log]SmitFraudFix v2.46

 

Scan done at 19:27:41,81, 2006-05-31

Run from C:\Documents and Settings\XP1\Skrivbord\SmitfraudFix\SmitfraudFix

OS: Microsoft Windows XP [Version 5.1.2600]

Fix ran in normal mode

 

»»»»»»»»»»»»»»»»»»»»»»»» C:

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\XP1\Application Data

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Start Menu

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\XP1\FAVORI~1

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Desktop

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\Program

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

 

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler

!!!Attention, following keys are not inevitably infected!!!

 

SrchSTS.exe by S!Ri

Search SharedTaskScheduler's .dll

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]

"{89aef01d-d237-49c7-84dc-4e1904c1fd31}"="AutoDisc Ware"

 

[HKEY_CLASSES_ROOT\CLSID\{89aef01d-d237-49c7-84dc-4e1904c1fd31}\InProcServer32]

@="C:\WINDOWS\system32\sbnudh.dll"

 

[HKEY_CURRENT_USER\Software\Classes\CLSID\{89aef01d-d237-49c7-84dc-4e1904c1fd31}\InProcServer32]

@="C:\WINDOWS\system32\sbnudh.dll"

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection

 

 

»»»»»»»»»»»»»»»»»»»»»»»» End

[/log]

 

 

[log]Logfile of HijackThis v1.99.1

Scan saved at 19:30:51, on 2006-05-31

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program\Telia\TELIAS~1\backweb\7836882\Program\SERVIC~1.EXE

C:\Program\Telia\Telias Sakerhetstjanster\Anti-Virus\fsgk32st.exe

C:\Program\Telia\Telias Sakerhetstjanster\Anti-Virus\FSGK32.EXE

C:\Program\Telia\Telias Sakerhetstjanster\backweb\7836882\program\fsbwsys.exe

C:\Program\Telia\Telias Sakerhetstjanster\Anti-Virus\fssm32.exe

C:\Program\Telia\Telias Sakerhetstjanster\Common\FSMA32.EXE

C:\Program\Telia\Telias Sakerhetstjanster\Common\FSMB32.EXE

C:\Program\Delade filer\Symantec Shared\SNDSrvc.exe

C:\WINDOWS\system32\svchost.exe

C:\Program\Telia\Telias Sakerhetstjanster\Common\FCH32.EXE

C:\Program\Telia\Telias Sakerhetstjanster\Common\FAMEH32.EXE

C:\Program\Telia\Telias Sakerhetstjanster\Anti-Virus\fsqh.exe

C:\Program\Telia\Telias Sakerhetstjanster\Anti-Virus\fsrw.exe

C:\Program\Telia\Telias Sakerhetstjanster\FWES\Program\fsdfwd.exe

C:\Program\Telia\Telias Sakerhetstjanster\Anti-Virus\fsav32.exe

C:\WINDOWS\Explorer.EXE

C:\Program\CyberLink DVD Solution\PowerDVD\PDVDServ.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\Program\Telia\Telias Sakerhetstjanster\Common\FSM32.EXE

C:\Program\MYWEBS~1\bar\1.bin\mwsoemon.exe

C:\Program\Logitech\iTouch\iTouch.exe

C:\Program\Telia\TELIAS~1\ANTI-S~1\fsaw.exe

C:\Program\Telia\Telias Sakerhetstjanster\FSGUI\fsguidll.exe

C:\Program\Logitech\MouseWare\system\em_exec.exe

C:\Program\MessengerPlus! 3\MsgPlus.exe

C:\Program\Java\jre1.5.0_06\bin\jusched.exe

C:\Program\Macrogaming\SweetIM\SweetIM.exe

C:\WINDOWS\system32\W?nSxS\?pool32.exe

C:\Program\Telia\Telias Sakerhetstjanster\backweb\7836882\Program\fspex.exe

C:\Program\Messenger\msmsgs.exe

C:\Program\Internet Explorer\iexplore.exe

C:\WINDOWS\NOTEPAD.EXE

C:\DOCUME~1\XP1\LOKALA~1\Temp\Temporär katalog 3 för HijackThis.zip\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar

R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program\Macrogaming\SweetIMBarForIE\toolbar.dll (file missing)

O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program\Macrogaming\SweetIMBarForIE\toolbar.dll (file missing)

O4 - HKLM\..\Run: [symantec NetDriver Monitor] C:\Program\SYMNET~1\SNDMon.exe

O4 - HKLM\..\Run: [RemoteControl] "C:\Program\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [Ptipbmf] rundll32.exe ptipbmf.dll,SetWriteCacheMode

O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program\Telia\Telias Sakerhetstjanster\Common\FSM32.EXE" /splash

O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program\Telia\Telias Sakerhetstjanster\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW

O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program\Telia\Telias Sakerhetstjanster\FSGUI\FSSW.EXE" /reboot

O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\Program\MYWEBS~1\bar\1.bin\mwsoemon.exe

O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program\Logitech\iTouch\iTouch.exe

O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe

O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe

O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program\MessengerPlus! 3\MsgPlus.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program\Java\jre1.5.0_06\bin\jusched.exe

O4 - HKLM\..\Run: [sweetIM] C:\Program\Macrogaming\SweetIM\SweetIM.exe

O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\Program\MYWEBS~1\bar\1.bin\mwsoemon.exe

O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program\MessengerPlus! 3\MsgPlus.exe" /WinStart

O4 - HKCU\..\Run: [sweetIM] C:\Program\Macrogaming\SweetIM\SweetIM.exe

O4 - HKCU\..\Run: [Pbts] "C:\DOCUME~1\XP1\MINADO~1\SCURIT~1\notepad.exe" -vt ndrv

O4 - HKCU\..\Run: [Qtsenwin] C:\WINDOWS\system32\W?nSxS\?pool32.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Program\Messenger\msmsgs.exe" /background

O4 - Global Startup: Microsoft Office.lnk = C:\Program\Microsoft Office\Office\OSA9.EXE

O4 - Global Startup: Telias säkerhetstjänster.lnk = C:\Program\Telia\Telias Sakerhetstjanster\backweb\7836882\Program\fspex.exe

O8 - Extra context menu item: &Blockera detta popup-fönster - C:\Program\Telia\Telias Sakerhetstjanster\Anti-Spyware\blockpopups.htm

O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZS

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_06\bin\ssv.dll (file missing)

O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_06\bin\ssv.dll (file missing)

O9 - Extra button: IE-sköld - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program\Telia\Telias Sakerhetstjanster\Anti-Spyware\ieshield.dll

O9 - Extra 'Tools' menuitem: IE-sköld... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program\Telia\Telias Sakerhetstjanster\Anti-Spyware\ieshield.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O12 - Plugin for .mov: C:\Program\Internet Explorer\PLUGINS\npqtplugin.dll

O12 - Plugin for .mp3: C:\Program\Internet Explorer\PLUGINS\npqtplugin3.dll

O12 - Plugin for .mpeg: C:\Program\Internet Explorer\PLUGINS\npqtplugin3.dll

O12 - Plugin for .spop: C:\Program\Internet Explorer\Plugins\NPDocBox.dll

O12 - Plugin for .UVR: C:\Program\Internet Explorer\Plugins\NPUPano.dll

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1125220622312

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\Program\MSNMES~1\msgrapp.dll" (file missing)

O23 - Service: Telias säkerhetstjänster (BackWeb Plug-in - 7836882) - BackWeb Technologies Inc. - C:\Program\Telia\TELIAS~1\backweb\7836882\Program\SERVIC~1.EXE

O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corporation - C:\Program\Telia\Telias Sakerhetstjanster\Anti-Virus\fsgk32st.exe

O23 - Service: fsbwsys - F-Secure Corp. - C:\Program\Telia\Telias Sakerhetstjanster\backweb\7836882\program\fsbwsys.exe

O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program\Telia\Telias Sakerhetstjanster\FWES\Program\fsdfwd.exe

O23 - Service: FSMA - F-Secure Corporation - C:\Program\Telia\Telias Sakerhetstjanster\Common\FSMA32.EXE

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\SNDSrvc.exe

[/log]

 

 

Har lagt in LOG-taggar

Cecilia - Moderator för Virus - Antivirus och Spionprogram

 

[inlägget ändrat 2007-05-28 16:36:43 av Cecilia]

Link to comment
Share on other sites

 

Släng den SmitfraudFix.zip och SmitfraudFix mappen du har och

 

Ladda ner SmitfraudFix på skrivbordet och unzippa den där.

 

http://siri.urz.free.fr/Fix/SmitfraudFix.zip

 

Sen öppna SmitfraudFix mappen och dubbelklicka på smitfraudfix.cmd

Välj altenativ Search = klicka 1 och Enter

Kopiera loggen som kommer ut och skicka hit.

 

 

Link to comment
Share on other sites

Hoppas att det blev rätt

 

[log]SmitFraudFix v2.53

 

Scan done at 21:30:25,82, 2006-05-31

Run from C:\Documents and Settings\XP1\Skrivbord\SmitfraudFix\SmitfraudFix

OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT

Fix ran in normal mode

 

»»»»»»»»»»»»»»»»»»»»»»»» C:

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\XP1\Application Data

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Start Menu

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\XP1\FAVORI~1

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Desktop

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\Program

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

 

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler

!!!Attention, following keys are not inevitably infected!!!

 

SrchSTS.exe by S!Ri

Search SharedTaskScheduler's .dll

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]

"{89aef01d-d237-49c7-84dc-4e1904c1fd31}"="AutoDisc Ware"

 

[HKEY_CLASSES_ROOT\CLSID\{89aef01d-d237-49c7-84dc-4e1904c1fd31}\InProcServer32]

@="C:\WINDOWS\system32\sbnudh.dll"

 

[HKEY_CURRENT_USER\Software\Classes\CLSID\{89aef01d-d237-49c7-84dc-4e1904c1fd31}\InProcServer32]

@="C:\WINDOWS\system32\sbnudh.dll"

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection

 

 

»»»»»»»»»»»»»»»»»»»»»»»» End

 

 

[/log]

 

Har lagt in LOG-taggar

Cecilia - Moderator för Virus - Antivirus och Spionprogram

 

[inlägget ändrat 2007-05-28 16:37:07 av Cecilia]

Link to comment
Share on other sites

 

Surfa hit och följ info på sidan

 

http://www.purityscan.com/uninstall.html

 

starta om datorn efter du kört uninstallern.

Gå sen direkt i felsäkert läge.

 

Efter det öppna SmitfraudFix mappen och dubbelklicka på smitfraudfix.cmd

Välj altenativ Clean = klicka 2 och Enter

Sen vänta tills den jobbar klart.

På frågan "Registry cleaning - Do you want to clean the registry ?"

svara Yes med att klicka Y och Enter

Om wininet.dll är infekterad får du frågan "Replace infected file ?"

svara Yes med att klicka Y och Enter.

Om inte datorn startar om automatiskt så starta den i normalläge.

 

Skicka sen C:\rapport.txt och en ny Hijack logg

 

 

Link to comment
Share on other sites

Den frågade inte Replace infected files

 

 

 

 

[log]SmitFraudFix v2.53

 

Scan done at 22:07:01,07, 2006-05-31

Run from C:\Documents and Settings\XP1\Skrivbord\SmitfraudFix\SmitfraudFix

OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT

Fix ran in safe mode

 

»»»»»»»»»»»»»»»»»»»»»»»» Before SmitFraudFix

!!!Attention, following keys are not inevitably infected!!!

 

SrchSTS.exe by S!Ri

Search SharedTaskScheduler's .dll

 

»»»»»»»»»»»»»»»»»»»»»»»» Killing process

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

 

GenericRenosFix by S!Ri

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

 

Registry Cleaning done.

 

»»»»»»»»»»»»»»»»»»»»»»»» After SmitFraudFix

!!!Attention, following keys are not inevitably infected!!!

 

SrchSTS.exe by S!Ri

Search SharedTaskScheduler's .dll

 

 

»»»»»»»»»»»»»»»»»»»»»»»» End[/log]

 

 

 

[log]Logfile of HijackThis v1.99.1

Scan saved at 22:12:07, on 2006-05-31

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program\Telia\TELIAS~1\backweb\7836882\Program\SERVIC~1.EXE

C:\Program\Telia\Telias Sakerhetstjanster\Anti-Virus\fsgk32st.exe

C:\Program\Telia\Telias Sakerhetstjanster\Anti-Virus\FSGK32.EXE

C:\Program\Telia\Telias Sakerhetstjanster\backweb\7836882\program\fsbwsys.exe

C:\Program\Telia\Telias Sakerhetstjanster\Anti-Virus\fssm32.exe

C:\Program\Telia\Telias Sakerhetstjanster\Common\FSMA32.EXE

C:\Program\Telia\Telias Sakerhetstjanster\Common\FSMB32.EXE

C:\Program\Delade filer\Symantec Shared\SNDSrvc.exe

C:\WINDOWS\system32\svchost.exe

C:\Program\Telia\Telias Sakerhetstjanster\Common\FCH32.EXE

C:\Program\Telia\Telias Sakerhetstjanster\Anti-Virus\fsqh.exe

C:\Program\Telia\Telias Sakerhetstjanster\Common\FAMEH32.EXE

C:\Program\Telia\Telias Sakerhetstjanster\Anti-Virus\fsrw.exe

C:\Program\Telia\Telias Sakerhetstjanster\FWES\Program\fsdfwd.exe

C:\Program\Telia\Telias Sakerhetstjanster\Anti-Virus\fsav32.exe

C:\WINDOWS\Explorer.EXE

C:\Program\CyberLink DVD Solution\PowerDVD\PDVDServ.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\Program\Telia\Telias Sakerhetstjanster\Common\FSM32.EXE

C:\Program\MYWEBS~1\bar\1.bin\mwsoemon.exe

C:\Program\Logitech\iTouch\iTouch.exe

C:\Program\Telia\TELIAS~1\ANTI-S~1\fsaw.exe

C:\Program\Telia\Telias Sakerhetstjanster\FSGUI\fsguidll.exe

C:\Program\Logitech\MouseWare\system\em_exec.exe

C:\Program\MessengerPlus! 3\MsgPlus.exe

C:\Program\Java\jre1.5.0_06\bin\jusched.exe

C:\Program\Macrogaming\SweetIM\SweetIM.exe

C:\Program\SPAMfighter\SFAgent.exe

C:\Program\Messenger\msmsgs.exe

C:\Program\Telia\Telias Sakerhetstjanster\backweb\7836882\Program\fspex.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program\Internet Explorer\iexplore.exe

C:\DOCUME~1\XP1\LOKALA~1\Temp\Temporär katalog 4 för HijackThis.zip\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar

R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program\Macrogaming\SweetIMBarForIE\toolbar.dll (file missing)

O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program\Macrogaming\SweetIMBarForIE\toolbar.dll (file missing)

O4 - HKLM\..\Run: [symantec NetDriver Monitor] C:\Program\SYMNET~1\SNDMon.exe

O4 - HKLM\..\Run: [RemoteControl] "C:\Program\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [Ptipbmf] rundll32.exe ptipbmf.dll,SetWriteCacheMode

O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program\Telia\Telias Sakerhetstjanster\Common\FSM32.EXE" /splash

O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program\Telia\Telias Sakerhetstjanster\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW

O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program\Telia\Telias Sakerhetstjanster\FSGUI\FSSW.EXE" /reboot

O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\Program\MYWEBS~1\bar\1.bin\mwsoemon.exe

O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program\Logitech\iTouch\iTouch.exe

O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe

O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe

O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program\MessengerPlus! 3\MsgPlus.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program\Java\jre1.5.0_06\bin\jusched.exe

O4 - HKLM\..\Run: [sweetIM] C:\Program\Macrogaming\SweetIM\SweetIM.exe

O4 - HKLM\..\Run: [sPAMfighter Agent] "C:\Program\SPAMfighter\SFAgent.exe" update delay 60

O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\Program\MYWEBS~1\bar\1.bin\mwsoemon.exe

O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program\MessengerPlus! 3\MsgPlus.exe" /WinStart

O4 - HKCU\..\Run: [sweetIM] C:\Program\Macrogaming\SweetIM\SweetIM.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Program\Messenger\msmsgs.exe" /background

O4 - Global Startup: Microsoft Office.lnk = C:\Program\Microsoft Office\Office\OSA9.EXE

O4 - Global Startup: Telias säkerhetstjänster.lnk = C:\Program\Telia\Telias Sakerhetstjanster\backweb\7836882\Program\fspex.exe

O8 - Extra context menu item: &Blockera detta popup-fönster - C:\Program\Telia\Telias Sakerhetstjanster\Anti-Spyware\blockpopups.htm

O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZS

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_06\bin\ssv.dll (file missing)

O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_06\bin\ssv.dll (file missing)

O9 - Extra button: IE-sköld - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program\Telia\Telias Sakerhetstjanster\Anti-Spyware\ieshield.dll

O9 - Extra 'Tools' menuitem: IE-sköld... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program\Telia\Telias Sakerhetstjanster\Anti-Spyware\ieshield.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O12 - Plugin for .mov: C:\Program\Internet Explorer\PLUGINS\npqtplugin.dll

O12 - Plugin for .mp3: C:\Program\Internet Explorer\PLUGINS\npqtplugin3.dll

O12 - Plugin for .mpeg: C:\Program\Internet Explorer\PLUGINS\npqtplugin3.dll

O12 - Plugin for .spop: C:\Program\Internet Explorer\Plugins\NPDocBox.dll

O12 - Plugin for .UVR: C:\Program\Internet Explorer\Plugins\NPUPano.dll

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1125220622312

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\Program\MSNMES~1\msgrapp.dll" (file missing)

O23 - Service: Telias säkerhetstjänster (BackWeb Plug-in - 7836882) - BackWeb Technologies Inc. - C:\Program\Telia\TELIAS~1\backweb\7836882\Program\SERVIC~1.EXE

O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corporation - C:\Program\Telia\Telias Sakerhetstjanster\Anti-Virus\fsgk32st.exe

O23 - Service: fsbwsys - F-Secure Corp. - C:\Program\Telia\Telias Sakerhetstjanster\backweb\7836882\program\fsbwsys.exe

O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program\Telia\Telias Sakerhetstjanster\FWES\Program\fsdfwd.exe

O23 - Service: FSMA - F-Secure Corporation - C:\Program\Telia\Telias Sakerhetstjanster\Common\FSMA32.EXE

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\SNDSrvc.exe

[/log]

 

 

Har lagt in LOG-taggar

Cecilia - Moderator för Virus - Antivirus och Spionprogram

 

[inlägget ändrat 2007-05-28 16:37:29 av Cecilia]

Link to comment
Share on other sites

 

> Den frågade inte Replace infected files <

 

Det gör inget wininet.dll var ren.

 

Avinstallera via Kontrollpanelen om hittas

 

MyWebSearch

 

Skapa en ny mapp på C:\ och placera HijackThis.exe dit så C:\HjT\HijackThis.exe

 

Scanna med Hijack bocka i följande rader stäng Web-läsaren och alla andra öppna fönster och klicka Fix checked

 

O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\Program\MYWEBS~1\bar\1.bin\mwsoemon.exe

O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\Program\MYWEBS~1\bar\1.bin\mwsoemon.exe

O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZS

 

Starta sen i felsäkert läge och ta bort om hittas

 

C:\Program\MYWEBS~1\ < mappen

 

Starta normalt och ny logg.

 

 

 

Link to comment
Share on other sites

Jag hittade ingen fil på C:Program som hette websearch

 

 

[log]Logfile of HijackThis v1.99.1

Scan saved at 22:48:52, on 2006-05-31

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program\Telia\TELIAS~1\backweb\7836882\Program\SERVIC~1.EXE

C:\Program\Telia\Telias Sakerhetstjanster\Anti-Virus\fsgk32st.exe

C:\Program\Telia\Telias Sakerhetstjanster\Anti-Virus\FSGK32.EXE

C:\Program\Telia\Telias Sakerhetstjanster\backweb\7836882\program\fsbwsys.exe

C:\Program\Telia\Telias Sakerhetstjanster\Common\FSMA32.EXE

C:\Program\Telia\Telias Sakerhetstjanster\Anti-Virus\fssm32.exe

C:\Program\Telia\Telias Sakerhetstjanster\Common\FSMB32.EXE

C:\Program\Delade filer\Symantec Shared\SNDSrvc.exe

C:\WINDOWS\system32\svchost.exe

C:\Program\Telia\Telias Sakerhetstjanster\Common\FCH32.EXE

C:\Program\Telia\Telias Sakerhetstjanster\Common\FAMEH32.EXE

C:\Program\Telia\Telias Sakerhetstjanster\Anti-Virus\fsqh.exe

C:\Program\Telia\Telias Sakerhetstjanster\Anti-Virus\fsrw.exe

C:\Program\Telia\Telias Sakerhetstjanster\FWES\Program\fsdfwd.exe

C:\Program\Telia\Telias Sakerhetstjanster\Anti-Virus\fsav32.exe

C:\WINDOWS\Explorer.EXE

C:\Program\CyberLink DVD Solution\PowerDVD\PDVDServ.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\Program\Telia\Telias Sakerhetstjanster\Common\FSM32.EXE

C:\Program\Telia\Telias Sakerhetstjanster\FSGUI\FSSW.EXE

C:\Program\Logitech\iTouch\iTouch.exe

C:\Program\Telia\TELIAS~1\ANTI-S~1\fsaw.exe

C:\Program\Logitech\MouseWare\system\em_exec.exe

C:\Program\Telia\Telias Sakerhetstjanster\FSGUI\fsguidll.exe

C:\Program\MessengerPlus! 3\MsgPlus.exe

C:\Program\Java\jre1.5.0_06\bin\jusched.exe

C:\Program\Macrogaming\SweetIM\SweetIM.exe

C:\Program\SPAMfighter\SFAgent.exe

C:\Program\Messenger\msmsgs.exe

C:\Program\Telia\Telias Sakerhetstjanster\backweb\7836882\Program\fspex.exe

C:\DOCUME~1\XP1\LOKALA~1\Temp\Temporär katalog 6 för HijackThis.zip\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar

R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program\Macrogaming\SweetIMBarForIE\toolbar.dll (file missing)

O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program\Macrogaming\SweetIMBarForIE\toolbar.dll (file missing)

O4 - HKLM\..\Run: [symantec NetDriver Monitor] C:\Program\SYMNET~1\SNDMon.exe

O4 - HKLM\..\Run: [RemoteControl] "C:\Program\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [Ptipbmf] rundll32.exe ptipbmf.dll,SetWriteCacheMode

O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program\Telia\Telias Sakerhetstjanster\Common\FSM32.EXE" /splash

O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program\Telia\Telias Sakerhetstjanster\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW

O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program\Telia\Telias Sakerhetstjanster\FSGUI\FSSW.EXE" /reboot

O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program\Logitech\iTouch\iTouch.exe

O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe

O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe

O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program\MessengerPlus! 3\MsgPlus.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program\Java\jre1.5.0_06\bin\jusched.exe

O4 - HKLM\..\Run: [sweetIM] C:\Program\Macrogaming\SweetIM\SweetIM.exe

O4 - HKLM\..\Run: [sPAMfighter Agent] "C:\Program\SPAMfighter\SFAgent.exe" update delay 60

O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program\MessengerPlus! 3\MsgPlus.exe" /WinStart

O4 - HKCU\..\Run: [sweetIM] C:\Program\Macrogaming\SweetIM\SweetIM.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Program\Messenger\msmsgs.exe" /background

O4 - Global Startup: Microsoft Office.lnk = C:\Program\Microsoft Office\Office\OSA9.EXE

O4 - Global Startup: Telias säkerhetstjänster.lnk = C:\Program\Telia\Telias Sakerhetstjanster\backweb\7836882\Program\fspex.exe

O8 - Extra context menu item: &Blockera detta popup-fönster - C:\Program\Telia\Telias Sakerhetstjanster\Anti-Spyware\blockpopups.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_06\bin\ssv.dll (file missing)

O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_06\bin\ssv.dll (file missing)

O9 - Extra button: IE-sköld - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program\Telia\Telias Sakerhetstjanster\Anti-Spyware\ieshield.dll

O9 - Extra 'Tools' menuitem: IE-sköld... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program\Telia\Telias Sakerhetstjanster\Anti-Spyware\ieshield.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O12 - Plugin for .mov: C:\Program\Internet Explorer\PLUGINS\npqtplugin.dll

O12 - Plugin for .mp3: C:\Program\Internet Explorer\PLUGINS\npqtplugin3.dll

O12 - Plugin for .mpeg: C:\Program\Internet Explorer\PLUGINS\npqtplugin3.dll

O12 - Plugin for .spop: C:\Program\Internet Explorer\Plugins\NPDocBox.dll

O12 - Plugin for .UVR: C:\Program\Internet Explorer\Plugins\NPUPano.dll

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1125220622312

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\Program\MSNMES~1\msgrapp.dll" (file missing)

O23 - Service: Telias säkerhetstjänster (BackWeb Plug-in - 7836882) - BackWeb Technologies Inc. - C:\Program\Telia\TELIAS~1\backweb\7836882\Program\SERVIC~1.EXE

O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corporation - C:\Program\Telia\Telias Sakerhetstjanster\Anti-Virus\fsgk32st.exe

O23 - Service: fsbwsys - F-Secure Corp. - C:\Program\Telia\Telias Sakerhetstjanster\backweb\7836882\program\fsbwsys.exe

O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program\Telia\Telias Sakerhetstjanster\FWES\Program\fsdfwd.exe

O23 - Service: FSMA - F-Secure Corporation - C:\Program\Telia\Telias Sakerhetstjanster\Common\FSMA32.EXE

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\SNDSrvc.exe

[/log]

 

 

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.



×
×
  • Create New...