Just nu i M3-nätverket
Gå till innehåll
Ryuujin

Spionprogram

Rekommendera Poster

Körde Hijack, hitta några skumma grejjer men är inte riktigt säker...kan nån hjälpa?

 

[log]

C:\Program\Winamp\winamp.exe

C:\Program\Mozilla Firefox\firefox.exe

C:\WINDOWS\System32\rsvp.exe

C:\Program\mIRC\mirc.exe

C:\zMUD\Zmud.exe

C:\PROGRAM\MOZILL~1\THUNDE~1.EXE

C:\PROGRAM\WINZIP\winzip32.exe

C:\Documents and Settings\Frej Eriksson\Lokala inställningar\Temp\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar

O4 - HKLM\..\Run: [AtiPTA] C:\WINDOWS\SYSTEM32\ATIPTAXX.EXE

O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe

O4 - HKLM\..\Run: [updReg] C:\WINDOWS\UpdReg.EXE

O4 - HKLM\..\Run: [Jet Detection] C:\Program\Creative\SBLive\PROGRAM\ADGJDet.exe

O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program\Java\jre1.5.0_06\bin\jusched.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [avgnt] "C:\Program\AntiVir PersonalEdition Classic\avgnt.exe" /min

O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program\MessengerPlus! 3\MsgPlus.exe"

O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program\D-Tools\daemon.exe" -lang 1033

O4 - HKLM\..\Run: [type32] "C:\Program\Microsoft IntelliType Pro\type32.exe"

O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup

O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program\MessengerPlus! 3\MsgPlus.exe" /WinStart

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Program\MSN Messenger\msnmsgr.exe" /background

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program\Delade filer\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O15 - Trusted Zone: http://locator.cdn.imageservr.com

O15 - Trusted Zone: http://locator1.cdn.imageservr.com

O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://creative.com/su/ocx/15015/CTSUEng.cab

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1130541720785

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O16 - DPF: {B64F4A7C-97C9-11DA-8BDE-F66BAD1E3F3A} - http://download.cdn.winsoftware.com/files/installers/cab/WinAntiVirusPro2006FreeInstall_se.cab

O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://creative.com/su/ocx/15016/CTPID.cab

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\Program\MSNMES~1\msgrapp.dll" (file missing)

O23 - Service: Adobe LM Service - Unknown owner - C:\Program\Delade filer\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: AntiVir Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: AntiVir PersonalEdition Classic Service (AntiVirService) - AVIRA GmbH - C:\Program\AntiVir PersonalEdition Classic\avguard.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program\ewido anti-spyware 4.0\guard.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program\Delade filer\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: ServiceLayer - Nokia. - C:\Program\Delade filer\PCSuite\Services\ServiceLayer.exe

 

[/log]

 

Dela detta inlägg


Länk till inlägg
Dela på andra webbplatser

HijackThis får absolut inte köras innifrån WinZip för då kan den inte skapa några säkerhetskopior utan skapa en ny mapp till HijackThis och flytta den körbara filen HijackThis.exe dit. Eller ladda ner och installera denna variant av HijackThis som sköter om det själv:

http://www.thespykiller.co.uk/files/HJTsetup.exe

 

Därefter skanna med HijackThis och bocka för:

O16 - DPF: {B64F4A7C-97C9-11DA-8BDE-F66BAD1E3F3A} - http://download.cdn.winsoftware.com/files/installers/cab/WinAntiV

irusPro2006FreeInstall_se.cab

Avsluta alla andra program.

Tryck Fix checked.

Starta om datorn.

 

Något annat du tyckte så misstänkt ut?

 

Är detta sidor som du är helt säkra på att de inte kan innehålla något otrevligt?

O15 - Trusted Zone: http://locator.cdn.imageservr.com

O15 - Trusted Zone: http://locator1.cdn.imageservr.com

För alla säkerhetsspärrar är normalt avstängda i Trusted zone.

 

Dela detta inlägg


Länk till inlägg
Dela på andra webbplatser

 

Tog bort min inlägg Cecilia har redan svarat.

 

> Är detta sidor som du är helt säkra på att de inte kan innehålla något otrevligt? <

 

Dessa 015 rader är ofta med Vundo så värt att byta namn på Hijack.

 

 

[inlägget ändrat 2006-09-10 18:41:20 av Zipp.]

[inlägget ändrat 2006-09-10 18:46:51 av Zipp.]

Dela detta inlägg


Länk till inlägg
Dela på andra webbplatser

Tack för tipset, Zipp!

 

Så Ryuujin, byt namn på HijackThis.exe till något annat t ex rensning.exe så får vi se om fler otrevliga rader dyker upp.

 

Dela detta inlägg


Länk till inlägg
Dela på andra webbplatser

Här är loggen efter ja böt namn på exe filen. Kom upp massor me nya grejjer. :|

 

[log]Logfile of HijackThis v1.99.1

Scan saved at 14:08:05, on 11.9.2006

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\System32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program\AntiVir PersonalEdition Classic\sched.exe

C:\Program\AntiVir PersonalEdition Classic\avguard.exe

C:\Program\ewido anti-spyware 4.0\guard.exe

C:\WINDOWS\System32\tcpsvcs.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\SYSTEM32\ATIPTAXX.EXE

C:\Program\Java\jre1.5.0_06\bin\jusched.exe

C:\Program\AntiVir PersonalEdition Classic\avgnt.exe

C:\Program\MessengerPlus! 3\MsgPlus.exe

C:\Program\Microsoft IntelliType Pro\type32.exe

C:\Program\Logitech\MouseWare\system\em_exec.exe

C:\Program\MSN Messenger\msnmsgr.exe

C:\Program\Mozilla Firefox\firefox.exe

C:\Program\Winamp\winamp.exe

C:\Program\Hijackthis\rens.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar

O2 - BHO: (no name) - {01C048D3-D786-4C45-88AD-84A0F484622F} - (no file)

O2 - BHO: (no name) - {023B878C-996E-4B98-A490-8097C973FA02} - C:\WINDOWS\system32\vtuts.dll

O2 - BHO: (no name) - {028C13FE-D709-49EB-B2D4-695BCC6168CF} - (no file)

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {092EE75F-5D94-44E4-946C-A1627F54FFA9} - (no file)

O2 - BHO: (no name) - {0B892443-80E2-423A-831B-E4CF4B61CF5F} - (no file)

O2 - BHO: (no name) - {0BA4E89B-26B4-4253-B1BC-7BC22F3A743C} - (no file)

O2 - BHO: (no name) - {0C69286F-6F7A-4D6D-B168-83A5843DF52A} - (no file)

O2 - BHO: (no name) - {12C8525B-C5EE-4E70-A3F2-6F3688BC1BFD} - (no file)

O2 - BHO: (no name) - {13EAACBB-D359-4FB0-A877-53F621A51239} - (no file)

O2 - BHO: (no name) - {14B2D663-957E-44C3-A7ED-4454320EB46F} - (no file)

O2 - BHO: (no name) - {17981208-29A9-4CFB-9563-7C4C820AD606} - (no file)

O2 - BHO: (no name) - {17998F81-B314-49ED-B519-E6BDCB60316C} - (no file)

O2 - BHO: (no name) - {18007501-EBA5-46AF-8C82-5F4D33D29525} - (no file)

O2 - BHO: (no name) - {1E781928-0B68-45A4-B170-D3E7695E4603} - (no file)

O2 - BHO: (no name) - {23D6D4D5-094B-4AE6-B8DB-F90700AC45C8} - (no file)

O2 - BHO: (no name) - {26765F18-2291-480E-862F-A61B71035639} - (no file)

O2 - BHO: (no name) - {34BC5116-70FF-4333-9D0D-BBFD47F87C45} - (no file)

O2 - BHO: (no name) - {36DC55E6-CA42-4216-991A-5A3F7B70C313} - (no file)

O2 - BHO: (no name) - {3A1B1116-DD01-433E-A712-6BB2F920822A} - (no file)

O2 - BHO: (no name) - {3A639DF3-FF61-43C6-9A8B-386642E9BE65} - (no file)

O2 - BHO: (no name) - {3E4A99FD-F251-41F7-A170-875E842A14B0} - (no file)

O2 - BHO: (no name) - {462FB66F-1CC8-4BDC-998C-2A696AA4BA5A} - (no file)

O2 - BHO: (no name) - {4B6948C8-54F4-41AD-8455-525056E7175C} - (no file)

O2 - BHO: (no name) - {4EC87D13-F891-4229-B5DF-4808DBC5880C} - (no file)

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: (no name) - {55819FC9-C4EE-4B55-82AC-86C6190C9DE9} - (no file)

O2 - BHO: (no name) - {57026C9B-428B-4376-AADF-B68A85C2C3E2} - (no file)

O2 - BHO: (no name) - {57DB274B-4411-40EC-89EC-65D2E60CF2F6} - (no file)

O2 - BHO: (no name) - {58C48461-DE56-47E5-A80D-13BCCD400485} - (no file)

O2 - BHO: (no name) - {59502477-F4D7-41F8-98D1-68581415EBA7} - (no file)

O2 - BHO: (no name) - {65AD32C6-3D8F-4048-8D83-06D9A61554D1} - (no file)

O2 - BHO: (no name) - {68C20EFE-8E73-46AB-9E61-757619660FED} - (no file)

O2 - BHO: (no name) - {6BBD766F-8587-4041-ADE8-75649BEDBBC9} - (no file)

O2 - BHO: (no name) - {718048A4-2F31-44FA-8F2C-D680B3CDDAF8} - (no file)

O2 - BHO: (no name) - {749D6F03-B9B4-42FF-A7B3-A58C221DD724} - (no file)

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program\Java\jre1.5.0_06\bin\ssv.dll

O2 - BHO: (no name) - {77719AF2-FBF7-4DA2-B802-4319C8E814E2} - (no file)

O2 - BHO: (no name) - {78DDA3F0-EE31-4EC4-BB9F-BFAD85BE6944} - (no file)

O2 - BHO: (no name) - {7A11B1CE-02CF-4F92-9EFE-A50F04E3EF06} - (no file)

O2 - BHO: (no name) - {7BC5A1C2-015C-46DE-BB55-B0177A857D58} - (no file)

O2 - BHO: (no name) - {7E6F38AB-FE20-480A-A0AF-C1FBA77E1FD0} - (no file)

O2 - BHO: (no name) - {807FD5DF-9EDD-4495-B7D0-884693D112F2} - (no file)

O2 - BHO: (no name) - {8394B45E-3113-46C6-904A-5A5529618389} - (no file)

O2 - BHO: (no name) - {83B61609-74E6-4B17-B029-1973D62E5F34} - (no file)

O2 - BHO: (no name) - {83EDE814-8D24-4223-98B3-2D94F7BB4650} - (no file)

O2 - BHO: (no name) - {8C6F75C8-14AA-4CC8-9B23-D47C1F880FEB} - (no file)

O2 - BHO: (no name) - {91DD8E00-9705-4678-8BBF-32827CA23839} - (no file)

O2 - BHO: (no name) - {94A3BDE8-8663-46BA-80E5-A8414CE13CB4} - (no file)

O2 - BHO: (no name) - {9830149D-753E-4825-B605-6592ED85F541} - (no file)

O2 - BHO: (no name) - {9AB50D67-9E30-43FF-A287-4BCBFE2295F2} - (no file)

O2 - BHO: (no name) - {9B050BA9-3DFF-4254-BEA7-7F86A22CA681} - (no file)

O2 - BHO: (no name) - {A0C86559-45A7-46BE-94B7-AE1408A4CDA0} - (no file)

O2 - BHO: (no name) - {A1B44FD8-2204-48B5-AA55-36F9388BAEBC} - (no file)

O2 - BHO: (no name) - {A70F39F8-77C0-4FBA-89F8-2BAD094617C1} - (no file)

O2 - BHO: (no name) - {AF11A7E5-3887-4985-8A7D-2F3F6094D924} - (no file)

O2 - BHO: (no name) - {B2EB7F9E-0362-48F1-883C-C93F021E4A15} - (no file)

O2 - BHO: (no name) - {B847365E-AD7F-4437-A7B2-B53FE89F2A89} - (no file)

O2 - BHO: (no name) - {BAF7DEFC-2D9F-4FF1-A327-E5EBBFEB5B31} - (no file)

O2 - BHO: (no name) - {BFB7325C-0841-4182-BBAB-A1D4D14A1323} - (no file)

O2 - BHO: (no name) - {C1E94AA6-4B3E-40C9-8ECD-87F8AB596DE4} - (no file)

O2 - BHO: (no name) - {C323AF49-E6C5-4DBF-A1C9-2F61D0F19B83} - (no file)

O2 - BHO: (no name) - {C57C1682-84B8-4E6C-AA4B-D6ACD5C0EEDE} - (no file)

O2 - BHO: (no name) - {C595ED35-2C2C-47E5-82FD-EC656041176A} - (no file)

O2 - BHO: (no name) - {C974E5AA-3252-4E8E-B6B0-AA9A5A20AFAB} - (no file)

O2 - BHO: (no name) - {CAE8553F-D5C8-430B-94A1-9E432E4EA9EA} - (no file)

O2 - BHO: (no name) - {CE85F8BD-C652-4CE3-B96A-1865EECB9594} - (no file)

O2 - BHO: (no name) - {D4C26AD3-9144-4664-9BED-99456835DE7F} - (no file)

O2 - BHO: (no name) - {D57C0E54-1AC8-4EA6-89DD-0D471615731B} - (no file)

O2 - BHO: (no name) - {D96DB202-04AF-407F-8ABB-85DD5F374043} - (no file)

O2 - BHO: (no name) - {D9B69CA9-2E3D-401C-928C-927A9F422B30} - (no file)

O2 - BHO: (no name) - {DA195514-176B-4A6A-AFBA-3A86C5F88C19} - (no file)

O2 - BHO: (no name) - {DA2231D4-ECA6-455F-8C1E-803DA24DCA78} - (no file)

O2 - BHO: (no name) - {DA6D1C1F-21DB-40E7-B7AE-6983C39B5C63} - (no file)

O2 - BHO: (no name) - {DDF1338A-AC8D-4B27-B1BE-5171266AFDAA} - (no file)

O2 - BHO: (no name) - {DE75F105-4543-4B43-B781-4B0A1B9FD82F} - (no file)

O2 - BHO: (no name) - {E09AC8E1-272E-41B0-9453-3AC7A085D597} - (no file)

O2 - BHO: (no name) - {E828E375-561F-41F4-9EA7-43B6E335AC61} - (no file)

O2 - BHO: (no name) - {EAB22268-A904-4610-8E3A-FBB98C1C1ACC} - (no file)

O2 - BHO: (no name) - {EC8518BA-FEF2-4F19-BAE6-23884B0DE9AE} - (no file)

O2 - BHO: (no name) - {EE8E6C0F-BBA3-47E4-8F9D-C91657CEE73B} - (no file)

O2 - BHO: (no name) - {F0032AA3-62FA-4691-9225-F71F7CD16D3D} - (no file)

O2 - BHO: (no name) - {F4BDF1A3-C722-45CB-8C6E-CBD842DA458F} - (no file)

O2 - BHO: (no name) - {F57C0A88-9EA8-499E-8DCB-127762044EC7} - (no file)

O2 - BHO: (no name) - {F6242723-17D1-474E-B76F-F3111C0360DF} - (no file)

O2 - BHO: (no name) - {FABEED76-B6BB-4827-84B8-23252CE96B6A} - (no file)

O2 - BHO: (no name) - {FC293AB1-5ACB-4B92-BC35-CFEC3E87A700} - (no file)

O2 - BHO: (no name) - {FE763449-2DB7-4CF2-8983-E61A867322BB} - (no file)

O4 - HKLM\..\Run: [AtiPTA] C:\WINDOWS\SYSTEM32\ATIPTAXX.EXE

O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe

O4 - HKLM\..\Run: [updReg] C:\WINDOWS\UpdReg.EXE

O4 - HKLM\..\Run: [Jet Detection] C:\Program\Creative\SBLive\PROGRAM\ADGJDet.exe

O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program\Java\jre1.5.0_06\bin\jusched.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [avgnt] "C:\Program\AntiVir PersonalEdition Classic\avgnt.exe" /min

O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program\MessengerPlus! 3\MsgPlus.exe"

O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program\D-Tools\daemon.exe" -lang 1033

O4 - HKLM\..\Run: [type32] "C:\Program\Microsoft IntelliType Pro\type32.exe"

O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup

O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program\MessengerPlus! 3\MsgPlus.exe" /WinStart

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Program\MSN Messenger\msnmsgr.exe" /background

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program\Delade filer\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://creative.com/su/ocx/15015/CTSUEng.cab

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1130541720785

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://creative.com/su/ocx/15016/CTPID.cab

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\Program\MSNMES~1\msgrapp.dll" (file missing)

O20 - Winlogon Notify: vtuts - C:\WINDOWS\system32\vtuts.dll

O20 - Winlogon Notify: winmqx32 - winmqx32.dll (file missing)

O23 - Service: Adobe LM Service - Unknown owner - C:\Program\Delade filer\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: AntiVir Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: AntiVir PersonalEdition Classic Service (AntiVirService) - AVIRA GmbH - C:\Program\AntiVir PersonalEdition Classic\avguard.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program\ewido anti-spyware 4.0\guard.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program\Delade filer\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: ServiceLayer - Nokia. - C:\Program\Delade filer\PCSuite\Services\ServiceLayer.exe

[/log]

 

Dela detta inlägg


Länk till inlägg
Dela på andra webbplatser

Vilken tur att vi har Zipp!

 

Ladda ner Vundofix:

http://www.atribune.org/ccount/click.php?id=4

 

Starta om datorn i felsäkert läge (tryck F8 upprepade gånger under uppstarten och välj felsäkert läge i menyn).

 

Dubbelklicka på VundoFix.exe för att starta programmet.

När den startar igen så tryck på Scan for Vundo.

När skanningen är klar så tryck på Remove Vundo.

Svara Ja/Yes på frågan om du vill ta bort filerna.

Därefter vill Skrivbordet försvinna medan filerna tas bort.

När det är klart så kommer det en fråga om att din dator kommer att stängas av, tryck på OK.

Sätt igång datorn igen.

 

Om det är så att VundoFix inte kunde ta bort någon fil vid första försöket så kommer VundoFix att starta igen när datorn startas, följ i så fall beskrivningen en gång till.

 

Klistra in C:\vundofix.txt och en ny HijackThis-logg i ditt svar.

 

Dela detta inlägg


Länk till inlägg
Dela på andra webbplatser

Här e Vundo och Hijack loggen efter jag körde Vundo.

 

[log]

VundoFix V6.1.4

 

Checking Java version...

 

Sun Java not detected

Scan started at 18:33:10 11.9.2006

 

Listing files found while scanning....

 

C:\WINDOWS\system32\vtuts.dll

C:\WINDOWS\system32\stutv.ini

C:\WINDOWS\system32\stutv.bak1

C:\WINDOWS\system32\stutv.bak2

C:\WINDOWS\system32\stutv.ini2

C:\WINDOWS\system32\stutv.tmp

C:\WINDOWS\system32\xdfmxyhb.exe

 

Beginning removal...

 

Attempting to delete C:\WINDOWS\system32\vtuts.dll

C:\WINDOWS\system32\vtuts.dll Could not be deleted.

 

Attempting to delete C:\WINDOWS\system32\stutv.ini

C:\WINDOWS\system32\stutv.ini Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\stutv.bak1

C:\WINDOWS\system32\stutv.bak1 Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\stutv.bak2

C:\WINDOWS\system32\stutv.bak2 Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\stutv.ini2

C:\WINDOWS\system32\stutv.ini2 Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\stutv.tmp

C:\WINDOWS\system32\stutv.tmp Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\xdfmxyhb.exe

C:\WINDOWS\system32\xdfmxyhb.exe Has been deleted!

 

Performing Repairs to the registry.

Done!

 

VundoFix V6.1.4

 

Checking Java version...

 

Sun Java not detected

Scan started at 18:37:25 11.9.2006

 

Listing files found while scanning....

 

No infected files were found.

 

 

Beginning removal...

 

-----------------------------------------------------------

Logfile of HijackThis v1.99.1

Scan saved at 18:47:29, on 11.9.2006

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\System32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\Program\AntiVir PersonalEdition Classic\sched.exe

C:\Program\AntiVir PersonalEdition Classic\avguard.exe

C:\Program\ewido anti-spyware 4.0\guard.exe

C:\WINDOWS\System32\tcpsvcs.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\SYSTEM32\ATIPTAXX.EXE

C:\Program\Java\jre1.5.0_06\bin\jusched.exe

C:\Program\Logitech\MouseWare\system\em_exec.exe

C:\Program\AntiVir PersonalEdition Classic\avgnt.exe

C:\Program\MessengerPlus! 3\MsgPlus.exe

C:\Program\Microsoft IntelliType Pro\type32.exe

C:\Program\MSN Messenger\msnmsgr.exe

C:\PROGRAM\MOZILL~2\FIREFOX.EXE

C:\Program\mIRC\mirc.exe

C:\Program\Hijackthis\rens.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar

O2 - BHO: (no name) - {01C048D3-D786-4C45-88AD-84A0F484622F} - (no file)

O2 - BHO: (no name) - {023B878C-996E-4B98-A490-8097C973FA02} - (no file)

O2 - BHO: (no name) - {028C13FE-D709-49EB-B2D4-695BCC6168CF} - (no file)

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {092EE75F-5D94-44E4-946C-A1627F54FFA9} - (no file)

O2 - BHO: (no name) - {0B892443-80E2-423A-831B-E4CF4B61CF5F} - (no file)

O2 - BHO: (no name) - {0BA4E89B-26B4-4253-B1BC-7BC22F3A743C} - (no file)

O2 - BHO: (no name) - {0C69286F-6F7A-4D6D-B168-83A5843DF52A} - (no file)

O2 - BHO: (no name) - {0E6E261E-683A-4E54-B3F6-91F9151B8192} - C:\WINDOWS\system32\vtuts.dll

O2 - BHO: (no name) - {12C8525B-C5EE-4E70-A3F2-6F3688BC1BFD} - (no file)

O2 - BHO: (no name) - {13EAACBB-D359-4FB0-A877-53F621A51239} - (no file)

O2 - BHO: (no name) - {14B2D663-957E-44C3-A7ED-4454320EB46F} - (no file)

O2 - BHO: (no name) - {17981208-29A9-4CFB-9563-7C4C820AD606} - (no file)

O2 - BHO: (no name) - {17998F81-B314-49ED-B519-E6BDCB60316C} - (no file)

O2 - BHO: (no name) - {18007501-EBA5-46AF-8C82-5F4D33D29525} - (no file)

O2 - BHO: (no name) - {1E781928-0B68-45A4-B170-D3E7695E4603} - (no file)

O2 - BHO: (no name) - {23D6D4D5-094B-4AE6-B8DB-F90700AC45C8} - (no file)

O2 - BHO: (no name) - {26765F18-2291-480E-862F-A61B71035639} - (no file)

O2 - BHO: (no name) - {34BC5116-70FF-4333-9D0D-BBFD47F87C45} - (no file)

O2 - BHO: (no name) - {36DC55E6-CA42-4216-991A-5A3F7B70C313} - (no file)

O2 - BHO: (no name) - {3A1B1116-DD01-433E-A712-6BB2F920822A} - (no file)

O2 - BHO: (no name) - {3A639DF3-FF61-43C6-9A8B-386642E9BE65} - (no file)

O2 - BHO: (no name) - {3E4A99FD-F251-41F7-A170-875E842A14B0} - (no file)

O2 - BHO: (no name) - {462FB66F-1CC8-4BDC-998C-2A696AA4BA5A} - (no file)

O2 - BHO: (no name) - {4B6948C8-54F4-41AD-8455-525056E7175C} - (no file)

O2 - BHO: (no name) - {4EC87D13-F891-4229-B5DF-4808DBC5880C} - (no file)

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: (no name) - {55819FC9-C4EE-4B55-82AC-86C6190C9DE9} - (no file)

O2 - BHO: (no name) - {57026C9B-428B-4376-AADF-B68A85C2C3E2} - (no file)

O2 - BHO: (no name) - {57DB274B-4411-40EC-89EC-65D2E60CF2F6} - (no file)

O2 - BHO: (no name) - {58C48461-DE56-47E5-A80D-13BCCD400485} - (no file)

O2 - BHO: (no name) - {59502477-F4D7-41F8-98D1-68581415EBA7} - (no file)

O2 - BHO: (no name) - {65AD32C6-3D8F-4048-8D83-06D9A61554D1} - (no file)

O2 - BHO: (no name) - {68C20EFE-8E73-46AB-9E61-757619660FED} - (no file)

O2 - BHO: (no name) - {6BBD766F-8587-4041-ADE8-75649BEDBBC9} - (no file)

O2 - BHO: (no name) - {718048A4-2F31-44FA-8F2C-D680B3CDDAF8} - (no file)

O2 - BHO: (no name) - {749D6F03-B9B4-42FF-A7B3-A58C221DD724} - (no file)

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program\Java\jre1.5.0_06\bin\ssv.dll

O2 - BHO: (no name) - {77719AF2-FBF7-4DA2-B802-4319C8E814E2} - (no file)

O2 - BHO: (no name) - {78DDA3F0-EE31-4EC4-BB9F-BFAD85BE6944} - (no file)

O2 - BHO: (no name) - {7A11B1CE-02CF-4F92-9EFE-A50F04E3EF06} - (no file)

O2 - BHO: (no name) - {7BC5A1C2-015C-46DE-BB55-B0177A857D58} - (no file)

O2 - BHO: (no name) - {7E6F38AB-FE20-480A-A0AF-C1FBA77E1FD0} - (no file)

O2 - BHO: (no name) - {807FD5DF-9EDD-4495-B7D0-884693D112F2} - (no file)

O2 - BHO: (no name) - {8394B45E-3113-46C6-904A-5A5529618389} - (no file)

O2 - BHO: (no name) - {83B61609-74E6-4B17-B029-1973D62E5F34} - (no file)

O2 - BHO: (no name) - {83EDE814-8D24-4223-98B3-2D94F7BB4650} - (no file)

O2 - BHO: (no name) - {8C6F75C8-14AA-4CC8-9B23-D47C1F880FEB} - (no file)

O2 - BHO: (no name) - {91DD8E00-9705-4678-8BBF-32827CA23839} - (no file)

O2 - BHO: (no name) - {94A3BDE8-8663-46BA-80E5-A8414CE13CB4} - (no file)

O2 - BHO: (no name) - {9830149D-753E-4825-B605-6592ED85F541} - (no file)

O2 - BHO: (no name) - {9AB50D67-9E30-43FF-A287-4BCBFE2295F2} - (no file)

O2 - BHO: (no name) - {9B050BA9-3DFF-4254-BEA7-7F86A22CA681} - (no file)

O2 - BHO: (no name) - {A0C86559-45A7-46BE-94B7-AE1408A4CDA0} - (no file)

O2 - BHO: (no name) - {A1B44FD8-2204-48B5-AA55-36F9388BAEBC} - (no file)

O2 - BHO: (no name) - {A70F39F8-77C0-4FBA-89F8-2BAD094617C1} - (no file)

O2 - BHO: (no name) - {AF11A7E5-3887-4985-8A7D-2F3F6094D924} - (no file)

O2 - BHO: (no name) - {B2EB7F9E-0362-48F1-883C-C93F021E4A15} - (no file)

O2 - BHO: (no name) - {B847365E-AD7F-4437-A7B2-B53FE89F2A89} - (no file)

O2 - BHO: (no name) - {BAF7DEFC-2D9F-4FF1-A327-E5EBBFEB5B31} - (no file)

O2 - BHO: (no name) - {BFB7325C-0841-4182-BBAB-A1D4D14A1323} - (no file)

O2 - BHO: (no name) - {C1E94AA6-4B3E-40C9-8ECD-87F8AB596DE4} - (no file)

O2 - BHO: (no name) - {C323AF49-E6C5-4DBF-A1C9-2F61D0F19B83} - (no file)

O2 - BHO: (no name) - {C57C1682-84B8-4E6C-AA4B-D6ACD5C0EEDE} - (no file)

O2 - BHO: (no name) - {C595ED35-2C2C-47E5-82FD-EC656041176A} - (no file)

O2 - BHO: (no name) - {C974E5AA-3252-4E8E-B6B0-AA9A5A20AFAB} - (no file)

O2 - BHO: (no name) - {CAE8553F-D5C8-430B-94A1-9E432E4EA9EA} - (no file)

O2 - BHO: (no name) - {CE85F8BD-C652-4CE3-B96A-1865EECB9594} - (no file)

O2 - BHO: (no name) - {D4C26AD3-9144-4664-9BED-99456835DE7F} - (no file)

O2 - BHO: (no name) - {D57C0E54-1AC8-4EA6-89DD-0D471615731B} - (no file)

O2 - BHO: (no name) - {D96DB202-04AF-407F-8ABB-85DD5F374043} - (no file)

O2 - BHO: (no name) - {D9B69CA9-2E3D-401C-928C-927A9F422B30} - (no file)

O2 - BHO: (no name) - {DA195514-176B-4A6A-AFBA-3A86C5F88C19} - (no file)

O2 - BHO: (no name) - {DA2231D4-ECA6-455F-8C1E-803DA24DCA78} - (no file)

O2 - BHO: (no name) - {DA6D1C1F-21DB-40E7-B7AE-6983C39B5C63} - (no file)

O2 - BHO: (no name) - {DDF1338A-AC8D-4B27-B1BE-5171266AFDAA} - (no file)

O2 - BHO: (no name) - {DE75F105-4543-4B43-B781-4B0A1B9FD82F} - (no file)

O2 - BHO: (no name) - {E09AC8E1-272E-41B0-9453-3AC7A085D597} - (no file)

O2 - BHO: (no name) - {E828E375-561F-41F4-9EA7-43B6E335AC61} - (no file)

O2 - BHO: (no name) - {EAB22268-A904-4610-8E3A-FBB98C1C1ACC} - (no file)

O2 - BHO: (no name) - {EC8518BA-FEF2-4F19-BAE6-23884B0DE9AE} - (no file)

O2 - BHO: (no name) - {EE8E6C0F-BBA3-47E4-8F9D-C91657CEE73B} - (no file)

O2 - BHO: (no name) - {F0032AA3-62FA-4691-9225-F71F7CD16D3D} - (no file)

O2 - BHO: (no name) - {F4BDF1A3-C722-45CB-8C6E-CBD842DA458F} - (no file)

O2 - BHO: (no name) - {F57C0A88-9EA8-499E-8DCB-127762044EC7} - (no file)

O2 - BHO: (no name) - {F6242723-17D1-474E-B76F-F3111C0360DF} - (no file)

O2 - BHO: (no name) - {FABEED76-B6BB-4827-84B8-23252CE96B6A} - (no file)

O2 - BHO: (no name) - {FC293AB1-5ACB-4B92-BC35-CFEC3E87A700} - (no file)

O2 - BHO: (no name) - {FE763449-2DB7-4CF2-8983-E61A867322BB} - (no file)

O4 - HKLM\..\Run: [AtiPTA] C:\WINDOWS\SYSTEM32\ATIPTAXX.EXE

O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe

O4 - HKLM\..\Run: [updReg] C:\WINDOWS\UpdReg.EXE

O4 - HKLM\..\Run: [Jet Detection] C:\Program\Creative\SBLive\PROGRAM\ADGJDet.exe

O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program\Java\jre1.5.0_06\bin\jusched.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [avgnt] "C:\Program\AntiVir PersonalEdition Classic\avgnt.exe" /min

O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program\MessengerPlus! 3\MsgPlus.exe"

O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program\D-Tools\daemon.exe" -lang 1033

O4 - HKLM\..\Run: [type32] "C:\Program\Microsoft IntelliType Pro\type32.exe"

O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup

O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program\MessengerPlus! 3\MsgPlus.exe" /WinStart

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Program\MSN Messenger\msnmsgr.exe" /background

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program\Delade filer\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://creative.com/su/ocx/15015/CTSUEng.cab

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1130541720785

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://creative.com/su/ocx/15016/CTPID.cab

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\Program\MSNMES~1\msgrapp.dll" (file missing)

O20 - Winlogon Notify: vtuts - C:\WINDOWS\system32\vtuts.dll

O20 - Winlogon Notify: winmqx32 - winmqx32.dll (file missing)

O23 - Service: Adobe LM Service - Unknown owner - C:\Program\Delade filer\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: AntiVir Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: AntiVir PersonalEdition Classic Service (AntiVirService) - AVIRA GmbH - C:\Program\AntiVir PersonalEdition Classic\avguard.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program\ewido anti-spyware 4.0\guard.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program\Delade filer\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: ServiceLayer - Nokia. - C:\Program\Delade filer\PCSuite\Services\ServiceLayer.exe

[/log]

 

Dela detta inlägg


Länk till inlägg
Dela på andra webbplatser

Högerklicka på TeaTimer-ikonen (fyrkant med hänglås) nere vid klockan, välj Settings.

När du klickar på antingen Allowed registry changes eller Blocked registry changes, så bör du få upp en lista med rader som motsvarar alla O2-raderna du har i HijackThis-loggen. De bör börja med HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer. Efter varje sådan rad tryck på det svarta krysset, för att rensa TeaTimers minne så att de verkligen blir tillåtna att ta bort.

 

Starta om datorn i felsäkert läge genom att trycka F8 upprepade gånger under uppstarten och välja Felsäkert i menyn.

 

Skanna med HijackThis och bocka för:

 

Alla rader som börjar med O2 och slutar med (no file)

 

O2 - BHO: (no name) - {0E6E261E-683A-4E54-B3F6-91F9151B8192} - C:\WINDOWS\system32\vtuts.dll

O20 - Winlogon Notify: vtuts - C:\WINDOWS\system32\vtuts.dll

O20 - Winlogon Notify: winmqx32 - winmqx32.dll (file missing)

 

Avsluta alla andra program.

Tryck Fix checked.

 

Ställ in Utforskaren så att du kan se alla filer:

Verktyg - (Mapp)alternativ eller liknande - Visning

Välj Visa dolda filer och mappar

Avbocka Dölj filnamnstillägg för kända filtyper

Avbocka Dölj skyddade operativsystemfiler

 

Ta bort filerna (om de finns kvar):

C:\WINDOWS\system32\vtuts.dll

C:\WINDOWS\system32\winmqx32.dll

 

Starta om datorn i normalt läge.

 

Och så en ny HijackThis-logg.

 

Dela detta inlägg


Länk till inlägg
Dela på andra webbplatser

Hejsan, ursäkta avbrottet. Här kommer Hijackthis loggen efter att ja scannat och fixat med Hijack och försökt ta bort vtuts.dll manuellt, den vägrar gå bort.

 

[log]

Logfile of HijackThis v1.99.1

Scan saved at 18:39:19, on 19.9.2006

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\System32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\Program\AntiVir PersonalEdition Classic\sched.exe

C:\Program\AntiVir PersonalEdition Classic\avguard.exe

C:\Program\ewido anti-spyware 4.0\guard.exe

C:\WINDOWS\System32\tcpsvcs.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\SYSTEM32\ATIPTAXX.EXE

C:\Program\Java\jre1.5.0_06\bin\jusched.exe

C:\Program\Logitech\MouseWare\system\em_exec.exe

C:\Program\AntiVir PersonalEdition Classic\avgnt.exe

C:\Program\MessengerPlus! 3\MsgPlus.exe

C:\Program\Microsoft IntelliType Pro\type32.exe

C:\Program\Spybot - Search & Destroy\TeaTimer.exe

C:\Program\MSN Messenger\msnmsgr.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Program\Internet Explorer\iexplore.exe

C:\Program\Hijackthis\rens.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {3A2D6FAE-25E8-4BD9-BE84-940A4D8DFADE} - C:\WINDOWS\system32\vtuts.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program\Java\jre1.5.0_06\bin\ssv.dll

O4 - HKLM\..\Run: [AtiPTA] C:\WINDOWS\SYSTEM32\ATIPTAXX.EXE

O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe

O4 - HKLM\..\Run: [updReg] C:\WINDOWS\UpdReg.EXE

O4 - HKLM\..\Run: [Jet Detection] C:\Program\Creative\SBLive\PROGRAM\ADGJDet.exe

O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program\Java\jre1.5.0_06\bin\jusched.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [avgnt] "C:\Program\AntiVir PersonalEdition Classic\avgnt.exe" /min

O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program\MessengerPlus! 3\MsgPlus.exe"

O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program\D-Tools\daemon.exe" -lang 1033

O4 - HKLM\..\Run: [type32] "C:\Program\Microsoft IntelliType Pro\type32.exe"

O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup

O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program\MessengerPlus! 3\MsgPlus.exe" /WinStart

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Program\MSN Messenger\msnmsgr.exe" /background

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program\Delade filer\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://creative.com/su/ocx/15015/CTSUEng.cab

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1130541720785

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://creative.com/su/ocx/15016/CTPID.cab

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\Program\MSNMES~1\msgrapp.dll" (file missing)

O20 - Winlogon Notify: vtuts - C:\WINDOWS\system32\vtuts.dll

O23 - Service: Adobe LM Service - Unknown owner - C:\Program\Delade filer\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: AntiVir Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: AntiVir PersonalEdition Classic Service (AntiVirService) - AVIRA GmbH - C:\Program\AntiVir PersonalEdition Classic\avguard.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program\ewido anti-spyware 4.0\guard.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program\Delade filer\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: ServiceLayer - Nokia. - C:\Program\Delade filer\PCSuite\Services\ServiceLayer.exe

 

[/log]

 

Dela detta inlägg


Länk till inlägg
Dela på andra webbplatser

Utifall Vundofix har uppdaterats så släng den versionen du har och ladda ner:

http://www.atribune.org/ccount/click.php?id=4

 

Starta om datorn i felsäkert läge (tryck F8 upprepade gånger under uppstarten och välj felsäkert läge i menyn).

 

Dubbelklicka på VundoFix.exe för att starta programmet.

När den startar igen så tryck på Scan for Vundo.

När skanningen är klar så tryck på Remove Vundo.

Svara Ja/Yes på frågan om du vill ta bort filerna.

Därefter vill Skrivbordet försvinna medan filerna tas bort.

När det är klart så kommer det en fråga om att din dator kommer att stängas av, tryck på OK.

Sätt igång datorn igen i Felsäkert läge.

 

Om det är så att VundoFix inte kunde ta bort någon fil vid första försöket så kommer VundoFix att starta igen när datorn startas, följ i så fall beskrivningen en gång till.

 

Skanna med HijackThis och bocka för:

O2 - BHO: (no name) - {3A2D6FAE-25E8-4BD9-BE84-940A4D8DFADE} - C:\WINDOWS\system32\vtuts.dll

O20 - Winlogon Notify: vtuts - C:\WINDOWS\system32\vtuts.dll

Stäng alla andra program.

Tryck Fix checked.

 

Ställ in Utforskaren så att du kan se alla filer:

Verktyg - (Mapp)alternativ eller liknande - Visning

Välj Visa dolda filer och mappar

Avbocka Dölj filnamnstillägg för kända filtyper

Avbocka Dölj skyddade operativsystemfiler

 

Ta bort filerna (om de finns kvar):

C:\WINDOWS\system32\vtuts.dll

C:\WINDOWS\system32\stutv.* (alla filer som börjar med stutv)

C:\WINDOWS\system32\xdfmxyhb.exe

C:\WINDOWS\system32\winmqx32.dll

 

Starta om i normalt läge.

Klistra in C:\vundofix.txt och en ny HijackThis-logg i ditt svar.

 

Dela detta inlägg


Länk till inlägg
Dela på andra webbplatser

Här kommer loggarna!

 

[log]

Logfile of HijackThis v1.99.1

Scan saved at 19:44:39, on 19.9.2006

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\System32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\SYSTEM32\ATIPTAXX.EXE

C:\Program\Java\jre1.5.0_06\bin\jusched.exe

C:\Program\AntiVir PersonalEdition Classic\avgnt.exe

C:\Program\MessengerPlus! 3\MsgPlus.exe

C:\Program\Microsoft IntelliType Pro\type32.exe

C:\Program\Spybot - Search & Destroy\TeaTimer.exe

C:\Program\Logitech\MouseWare\system\em_exec.exe

C:\Program\Adobe\Acrobat 7.0\Reader\reader_sl.exe

C:\Program\AntiVir PersonalEdition Classic\sched.exe

C:\Program\AntiVir PersonalEdition Classic\avguard.exe

C:\Program\ewido anti-spyware 4.0\guard.exe

C:\Program\MSN Messenger\msnmsgr.exe

C:\WINDOWS\System32\tcpsvcs.exe

C:\WINDOWS\System32\svchost.exe

C:\Program\Hijackthis\rens.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar

O2 - BHO: (no name) - {01C048D3-D786-4C45-88AD-84A0F484622F} - (no file)

O2 - BHO: (no name) - {023B878C-996E-4B98-A490-8097C973FA02} - (no file)

O2 - BHO: (no name) - {028C13FE-D709-49EB-B2D4-695BCC6168CF} - (no file)

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {092EE75F-5D94-44E4-946C-A1627F54FFA9} - (no file)

O2 - BHO: (no name) - {0B892443-80E2-423A-831B-E4CF4B61CF5F} - (no file)

O2 - BHO: (no name) - {0BA4E89B-26B4-4253-B1BC-7BC22F3A743C} - (no file)

O2 - BHO: (no name) - {0C69286F-6F7A-4D6D-B168-83A5843DF52A} - (no file)

O2 - BHO: (no name) - {0E6E261E-683A-4E54-B3F6-91F9151B8192} - (no file)

O2 - BHO: (no name) - {12C8525B-C5EE-4E70-A3F2-6F3688BC1BFD} - (no file)

O2 - BHO: (no name) - {13EAACBB-D359-4FB0-A877-53F621A51239} - (no file)

O2 - BHO: (no name) - {14B2D663-957E-44C3-A7ED-4454320EB46F} - (no file)

O2 - BHO: (no name) - {17981208-29A9-4CFB-9563-7C4C820AD606} - (no file)

O2 - BHO: (no name) - {17998F81-B314-49ED-B519-E6BDCB60316C} - (no file)

O2 - BHO: (no name) - {18007501-EBA5-46AF-8C82-5F4D33D29525} - (no file)

O2 - BHO: (no name) - {1E781928-0B68-45A4-B170-D3E7695E4603} - (no file)

O2 - BHO: (no name) - {23D6D4D5-094B-4AE6-B8DB-F90700AC45C8} - (no file)

O2 - BHO: (no name) - {26765F18-2291-480E-862F-A61B71035639} - (no file)

O2 - BHO: (no name) - {34BC5116-70FF-4333-9D0D-BBFD47F87C45} - (no file)

O2 - BHO: (no name) - {36DC55E6-CA42-4216-991A-5A3F7B70C313} - (no file)

O2 - BHO: (no name) - {3A1B1116-DD01-433E-A712-6BB2F920822A} - (no file)

O2 - BHO: (no name) - {3A639DF3-FF61-43C6-9A8B-386642E9BE65} - (no file)

O2 - BHO: (no name) - {3E4A99FD-F251-41F7-A170-875E842A14B0} - (no file)

O2 - BHO: (no name) - {462FB66F-1CC8-4BDC-998C-2A696AA4BA5A} - (no file)

O2 - BHO: (no name) - {4B6948C8-54F4-41AD-8455-525056E7175C} - (no file)

O2 - BHO: (no name) - {4EC87D13-F891-4229-B5DF-4808DBC5880C} - (no file)

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: (no name) - {55819FC9-C4EE-4B55-82AC-86C6190C9DE9} - (no file)

O2 - BHO: (no name) - {57026C9B-428B-4376-AADF-B68A85C2C3E2} - (no file)

O2 - BHO: (no name) - {57DB274B-4411-40EC-89EC-65D2E60CF2F6} - (no file)

O2 - BHO: (no name) - {58C48461-DE56-47E5-A80D-13BCCD400485} - (no file)

O2 - BHO: (no name) - {59502477-F4D7-41F8-98D1-68581415EBA7} - (no file)

O2 - BHO: (no name) - {65AD32C6-3D8F-4048-8D83-06D9A61554D1} - (no file)

O2 - BHO: (no name) - {68C20EFE-8E73-46AB-9E61-757619660FED} - (no file)

O2 - BHO: (no name) - {6B263FE1-C68E-4CD7-B59C-E86742EEF31E} - (no file)

O2 - BHO: (no name) - {6BBD766F-8587-4041-ADE8-75649BEDBBC9} - (no file)

O2 - BHO: (no name) - {718048A4-2F31-44FA-8F2C-D680B3CDDAF8} - (no file)

O2 - BHO: (no name) - {749D6F03-B9B4-42FF-A7B3-A58C221DD724} - (no file)

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program\Java\jre1.5.0_06\bin\ssv.dll

O2 - BHO: (no name) - {77719AF2-FBF7-4DA2-B802-4319C8E814E2} - (no file)

O2 - BHO: (no name) - {78DDA3F0-EE31-4EC4-BB9F-BFAD85BE6944} - (no file)

O2 - BHO: (no name) - {7A11B1CE-02CF-4F92-9EFE-A50F04E3EF06} - (no file)

O2 - BHO: (no name) - {7BC5A1C2-015C-46DE-BB55-B0177A857D58} - (no file)

O2 - BHO: (no name) - {7E6F38AB-FE20-480A-A0AF-C1FBA77E1FD0} - (no file)

O2 - BHO: (no name) - {807FD5DF-9EDD-4495-B7D0-884693D112F2} - (no file)

O2 - BHO: (no name) - {8394B45E-3113-46C6-904A-5A5529618389} - (no file)

O2 - BHO: (no name) - {83B61609-74E6-4B17-B029-1973D62E5F34} - (no file)

O2 - BHO: (no name) - {83EDE814-8D24-4223-98B3-2D94F7BB4650} - (no file)

O2 - BHO: (no name) - {8C6F75C8-14AA-4CC8-9B23-D47C1F880FEB} - (no file)

O2 - BHO: (no name) - {91DD8E00-9705-4678-8BBF-32827CA23839} - (no file)

O2 - BHO: (no name) - {94A3BDE8-8663-46BA-80E5-A8414CE13CB4} - (no file)

O2 - BHO: (no name) - {9830149D-753E-4825-B605-6592ED85F541} - (no file)

O2 - BHO: (no name) - {9AB50D67-9E30-43FF-A287-4BCBFE2295F2} - (no file)

O2 - BHO: (no name) - {9B050BA9-3DFF-4254-BEA7-7F86A22CA681} - (no file)

O2 - BHO: (no name) - {A0C86559-45A7-46BE-94B7-AE1408A4CDA0} - (no file)

O2 - BHO: (no name) - {A1B44FD8-2204-48B5-AA55-36F9388BAEBC} - (no file)

O2 - BHO: (no name) - {A70F39F8-77C0-4FBA-89F8-2BAD094617C1} - (no file)

O2 - BHO: (no name) - {AF11A7E5-3887-4985-8A7D-2F3F6094D924} - (no file)

O2 - BHO: (no name) - {B2EB7F9E-0362-48F1-883C-C93F021E4A15} - (no file)

O2 - BHO: (no name) - {B847365E-AD7F-4437-A7B2-B53FE89F2A89} - (no file)

O2 - BHO: (no name) - {BAF7DEFC-2D9F-4FF1-A327-E5EBBFEB5B31} - (no file)

O2 - BHO: (no name) - {BFB7325C-0841-4182-BBAB-A1D4D14A1323} - (no file)

O2 - BHO: (no name) - {C1E94AA6-4B3E-40C9-8ECD-87F8AB596DE4} - (no file)

O2 - BHO: (no name) - {C323AF49-E6C5-4DBF-A1C9-2F61D0F19B83} - (no file)

O2 - BHO: (no name) - {C57C1682-84B8-4E6C-AA4B-D6ACD5C0EEDE} - (no file)

O2 - BHO: (no name) - {C595ED35-2C2C-47E5-82FD-EC656041176A} - (no file)

O2 - BHO: (no name) - {C974E5AA-3252-4E8E-B6B0-AA9A5A20AFAB} - (no file)

O2 - BHO: (no name) - {CAE8553F-D5C8-430B-94A1-9E432E4EA9EA} - (no file)

O2 - BHO: (no name) - {CE85F8BD-C652-4CE3-B96A-1865EECB9594} - (no file)

O2 - BHO: (no name) - {D4C26AD3-9144-4664-9BED-99456835DE7F} - (no file)

O2 - BHO: (no name) - {D57C0E54-1AC8-4EA6-89DD-0D471615731B} - (no file)

O2 - BHO: (no name) - {D96DB202-04AF-407F-8ABB-85DD5F374043} - (no file)

O2 - BHO: (no name) - {D9B69CA9-2E3D-401C-928C-927A9F422B30} - (no file)

O2 - BHO: (no name) - {DA195514-176B-4A6A-AFBA-3A86C5F88C19} - (no file)

O2 - BHO: (no name) - {DA2231D4-ECA6-455F-8C1E-803DA24DCA78} - (no file)

O2 - BHO: (no name) - {DA6D1C1F-21DB-40E7-B7AE-6983C39B5C63} - (no file)

O2 - BHO: (no name) - {DDF1338A-AC8D-4B27-B1BE-5171266AFDAA} - (no file)

O2 - BHO: (no name) - {DE75F105-4543-4B43-B781-4B0A1B9FD82F} - (no file)

O2 - BHO: (no name) - {E09AC8E1-272E-41B0-9453-3AC7A085D597} - (no file)

O2 - BHO: (no name) - {E828E375-561F-41F4-9EA7-43B6E335AC61} - (no file)

O2 - BHO: (no name) - {EAB22268-A904-4610-8E3A-FBB98C1C1ACC} - (no file)

O2 - BHO: (no name) - {EC8518BA-FEF2-4F19-BAE6-23884B0DE9AE} - (no file)

O2 - BHO: (no name) - {EE8E6C0F-BBA3-47E4-8F9D-C91657CEE73B} - (no file)

O2 - BHO: (no name) - {F0032AA3-62FA-4691-9225-F71F7CD16D3D} - (no file)

O2 - BHO: (no name) - {F4BDF1A3-C722-45CB-8C6E-CBD842DA458F} - (no file)

O2 - BHO: (no name) - {F57C0A88-9EA8-499E-8DCB-127762044EC7} - (no file)

O2 - BHO: (no name) - {F6242723-17D1-474E-B76F-F3111C0360DF} - (no file)

O2 - BHO: (no name) - {FABEED76-B6BB-4827-84B8-23252CE96B6A} - (no file)

O2 - BHO: (no name) - {FC293AB1-5ACB-4B92-BC35-CFEC3E87A700} - (no file)

O2 - BHO: (no name) - {FE763449-2DB7-4CF2-8983-E61A867322BB} - (no file)

O4 - HKLM\..\Run: [AtiPTA] C:\WINDOWS\SYSTEM32\ATIPTAXX.EXE

O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe

O4 - HKLM\..\Run: [updReg] C:\WINDOWS\UpdReg.EXE

O4 - HKLM\..\Run: [Jet Detection] C:\Program\Creative\SBLive\PROGRAM\ADGJDet.exe

O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program\Java\jre1.5.0_06\bin\jusched.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [avgnt] "C:\Program\AntiVir PersonalEdition Classic\avgnt.exe" /min

O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program\MessengerPlus! 3\MsgPlus.exe"

O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program\D-Tools\daemon.exe" -lang 1033

O4 - HKLM\..\Run: [type32] "C:\Program\Microsoft IntelliType Pro\type32.exe"

O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup

O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program\MessengerPlus! 3\MsgPlus.exe" /WinStart

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Program\MSN Messenger\msnmsgr.exe" /background

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program\Delade filer\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://creative.com/su/ocx/15015/CTSUEng.cab

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1130541720785

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://creative.com/su/ocx/15016/CTPID.cab

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\Program\MSNMES~1\msgrapp.dll" (file missing)

O20 - Winlogon Notify: vtuts - C:\WINDOWSO20 - Winlogon Notify: winmqx32 - C:\WINDOWSO23 - Service: Adobe LM Service - Unknown owner - C:\Program\Delade filer\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: AntiVir Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: AntiVir PersonalEdition Classic Service (AntiVirService) - AVIRA GmbH - C:\Program\AntiVir PersonalEdition Classic\avguard.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program\ewido anti-spyware 4.0\guard.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program\Delade filer\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: ServiceLayer - Nokia. - C:\Program\Delade filer\PCSuite\Services\ServiceLayer.exe

 

VundoFix V6.1.5

 

Checking Java version...

 

Sun Java not detected

Scan started at 19:22:31 19.9.2006

 

Listing files found while scanning....

 

C:\WINDOWS\system32\vtuts.dll

C:\WINDOWS\system32\stutv.ini

 

Beginning removal...

 

Attempting to delete C:\WINDOWS\system32\vtuts.dll

C:\WINDOWS\system32\vtuts.dll Could not be deleted.

 

Attempting to delete C:\WINDOWS\system32\stutv.ini

C:\WINDOWS\system32\stutv.ini Has been deleted!

 

Performing Repairs to the registry.

Done!

 

VundoFix V6.1.5

 

Checking Java version...

 

Sun Java not detected

Scan started at 19:27:58 19.9.2006

 

Listing files found while scanning....

 

C:\WINDOWS\system32\vtuts.dll

 

Beginning removal...

 

Attempting to delete C:\WINDOWS\system32\vtuts.dll

C:\WINDOWS\system32\vtuts.dll Has been deleted!

 

Performing Repairs to the registry.

Done!

[/log]

 

Dela detta inlägg


Länk till inlägg
Dela på andra webbplatser

Oj, nu dök visst alla O2-raderna upp igen. Se om du kan rensa bort dem i TeaTimer igen.

 

O20 - Winlogon Notify: vtuts - C:\WINDOWSO20 - Winlogon Notify: winmqx32 - C:\WINDOWSO23 - Service: Adobe LM Service - Unknown owner - C:\Program\Delade filer\Adobe Systems Shared\Service\Adobelmsvc.exe

Det här blev väldigt konstig formatering, jag kan inte se hur det ser ut igen. Ta ut en ny logg och klistra in just de raderna igen, eller se hur det ser ut i HijackThis-fönstret.

 

Kollar imorgon för nu ska jag äta middag.

 

Dela detta inlägg


Länk till inlägg
Dela på andra webbplatser

Hrm, jag fixade bort 02 raderna från Tea timern, så nu e dom borta, och jag hittar int de raderna du hänvisar till i den nyaste Hijack loggen, konstigt nog, men här e den.

 

[log]

Logfile of HijackThis v1.99.1

Scan saved at 19:53:54, on 19.9.2006

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\System32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\SYSTEM32\ATIPTAXX.EXE

C:\Program\Java\jre1.5.0_06\bin\jusched.exe

C:\Program\AntiVir PersonalEdition Classic\avgnt.exe

C:\Program\MessengerPlus! 3\MsgPlus.exe

C:\Program\Microsoft IntelliType Pro\type32.exe

C:\Program\Spybot - Search & Destroy\TeaTimer.exe

C:\Program\Logitech\MouseWare\system\em_exec.exe

C:\Program\AntiVir PersonalEdition Classic\sched.exe

C:\Program\AntiVir PersonalEdition Classic\avguard.exe

C:\Program\ewido anti-spyware 4.0\guard.exe

C:\Program\MSN Messenger\msnmsgr.exe

C:\WINDOWS\System32\tcpsvcs.exe

C:\WINDOWS\System32\svchost.exe

C:\PROGRAM\MOZILL~2\FIREFOX.EXE

C:\Program\Hijackthis\rens.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program\Java\jre1.5.0_06\bin\ssv.dll

O4 - HKLM\..\Run: [AtiPTA] C:\WINDOWS\SYSTEM32\ATIPTAXX.EXE

O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe

O4 - HKLM\..\Run: [updReg] C:\WINDOWS\UpdReg.EXE

O4 - HKLM\..\Run: [Jet Detection] C:\Program\Creative\SBLive\PROGRAM\ADGJDet.exe

O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program\Java\jre1.5.0_06\bin\jusched.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [avgnt] "C:\Program\AntiVir PersonalEdition Classic\avgnt.exe" /min

O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program\MessengerPlus! 3\MsgPlus.exe"

O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program\D-Tools\daemon.exe" -lang 1033

O4 - HKLM\..\Run: [type32] "C:\Program\Microsoft IntelliType Pro\type32.exe"

O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup

O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program\MessengerPlus! 3\MsgPlus.exe" /WinStart

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Program\MSN Messenger\msnmsgr.exe" /background

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program\Delade filer\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://creative.com/su/ocx/15015/CTSUEng.cab

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1130541720785

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://creative.com/su/ocx/15016/CTPID.cab

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\Program\MSNMES~1\msgrapp.dll" (file missing)

O23 - Service: Adobe LM Service - Unknown owner - C:\Program\Delade filer\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: AntiVir Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: AntiVir PersonalEdition Classic Service (AntiVirService) - AVIRA GmbH - C:\Program\AntiVir PersonalEdition Classic\avguard.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program\ewido anti-spyware 4.0\guard.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program\Delade filer\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: ServiceLayer - Nokia. - C:\Program\Delade filer\PCSuite\Services\ServiceLayer.exe

 

[/log]

 

Dela detta inlägg


Länk till inlägg
Dela på andra webbplatser

Nu ser loggen bra ut i alla fall.

 

Här kommer mina vanliga råd för en säkrare dator, men det är såklart viktigt att man använder sitt förnuft också.

 

Uppdatera från Windows Update och kör antispionprogrammen Ewido, Spybot S&D och/eller Ad-aware regelbundet.

http://www.ewido.net/en/

http://www.safer-networking.org/en/download/index.html

http://www.lavasoft.com

 

Komplettera antivirusprogrammet med några online-skanningar då och då:

http://housecall.trendmicro.com/

http://www.bitdefender.com/scan8/ie.html

http://www.pandasoftware.com/products/activescan/

 

Använd en brandvägg (bättre än den inbyggda i XP), finns gratis från t ex ZoneLabs.

http://www.zonelabs.com/store/content/home.jsp

 

Om man använder Internet Explorer så kan det vara lämpligt att ha programmen SpywareBlaster och SpywareGuard, vilka hindrar en hel del otrevliga program från att laddas ner resp. köras:

http://www.javacoolsoftware.com

 

Se över säkerhetsinställningarna i Internet Explorer, det finns en hel del tips här:

http://www.spywarewarrior.com/uiuc/btw/ie/ie-opts.htm

 

Samt kör IE-SpyAd som lägger en hel massa otrevliga webbplatser i zonen Ej tillförlitliga i Internet Explorer så att de inte kan göra något med datorn:

http://www.spywarewarrior.com/uiuc/resource.htm

 

Om man byter webbläsare så är det bara SpywareGuard som behövs. Andra webbläsare är t ex Mozilla Firefox och Opera:

http://www.mozilla.org

http://www.opera.com

 

Allt gratis för hemanvändare/personligt bruk.

 

Dela detta inlägg


Länk till inlägg
Dela på andra webbplatser

Skapa ett konto eller logga in för att kommentera

Du måste vara medlem för att kunna kommentera

Skapa ett konto

Skapa ett nytt konto på vårt forum. Det är lätt!

Registrera ett nytt konto

Logga in

Redan medlem? Logga in här.

Logga in nu



×
×
  • Skapa nytt...