Just nu i M3-nätverket
Gå till innehåll
Ryuujin

MSN Messenger virus

Rekommendera Poster

Tjena, har ett virus som har MSN Messenger som mål, den börjar spamma linkar åt folk på min kontaktlista. Scannade datorn me Antivir och deletade alla filer de hittade, och sedan med AdAware, men det kan inte ta bort 2 filer som de hittar, ktdhela3.dll i Windows/system32 mappen. Scannade me Hijackthis, här e loggen.

 

[log]

Logfile of HijackThis v1.99.1

Scan saved at 18:41:27, on 18.9.2006

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Acer\eManager\anbmServ.exe

C:\Program\AntiVir PersonalEdition Classic\sched.exe

C:\Program\Synaptics\SynTP\SynTPLpr.exe

C:\Program\Synaptics\SynTP\SynTPEnh.exe

C:\Program\AntiVir PersonalEdition Classic\avguard.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\WINDOWS\system32\keyhook.exe

C:\Program\Arcade\PCMService.exe

C:\Program\Launch Manager\QtZgAcer.EXE

C:\WINDOWS\system32\LVCOMSX.EXE

C:\Program\Logitech\Video\LogiTray.exe

C:\Program\Java\jre1.5.0_03\bin\jusched.exe

C:\Program\MYWEBS~1\bar\1.bin\mwsoemon.exe

C:\Program\AntiVir PersonalEdition Classic\avgnt.exe

C:\WINDOWS\system32\svchost.exe

C:\Program\Delade filer\{320D180E-05DC-1053-0419-050315050166}\Update.exe

C:\WINDOWS\system32\wdfmgr.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program\Logitech\Video\FxSvr2.exe

C:\WINDOWS\System32\alg.exe

C:\Program\acer\eRecovery\Monitor.exe

C:\Program\Skype\Phone\Skype.exe

C:\WINDOWS\system32\sistray.exe

C:\Program\OpenOffice.org 2.0\program\soffice.exe

C:\Program\OpenOffice.org 2.0\program\soffice.BIN

C:\WINDOWS\system32\rundll32.exe

C:\WINDOWS\explorer.exe

C:\Program\Mozilla Firefox\firefox.exe

C:\Program\Hijackthis\HijackThis.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://global.acer.com

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://global.acer.com/

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar

R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL

O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL

O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program\Canon\Easy-WebPrint\Toolband.dll

O4 - HKLM\..\Run: [LaunchApp] Alaunch

O4 - HKLM\..\Run: [synTPLpr] C:\Program\Synaptics\SynTP\SynTPLpr.exe

O4 - HKLM\..\Run: [synTPEnh] C:\Program\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [siSPower] Rundll32.exe SiSPower.dll,ModeAgent

O4 - HKLM\..\Run: [siS Windows KeyHook] C:\WINDOWS\system32\keyhook.exe

O4 - HKLM\..\Run: [PCMService] "C:\Program\Arcade\PCMService.exe"

O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC

O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC

O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName

O4 - HKLM\..\Run: [LManager] C:\Program\Launch Manager\QtZgAcer.EXE

O4 - HKLM\..\Run: [eRecoveryService] C:\Windows\System32\Check.exe

O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE

O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program\Logitech\Video\ISStart.exe

O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program\Logitech\Video\LogiTray.exe

O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program\Java\jre1.5.0_03\bin\jusched.exe

O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\Program\MYWEBS~1\bar\1.bin\mwsoemon.exe

O4 - HKLM\..\Run: [avgnt] "C:\Program\AntiVir PersonalEdition Classic\avgnt.exe" /min

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [PVModule] C:\PROGRA~1\PRINTV~1\pvmodule.exe

O4 - HKLM\..\Run: [defender] c:\\dfndrff_e7.exe

O4 - HKLM\..\Run: [keyboard] c:\\kybrdff_e7.exe

O4 - HKLM\..\Run: [newname] c:\\nwnmff_e7.exe

O4 - HKLM\..\RunOnce: [MessengerPlusUninstall] C:\WINDOWS\system32\cmd.exe /C "C:\DOCUME~1\VIRTAN~1\LOKALA~1\Temp\MsgPlusUninst.bat"

O4 - HKLM\..\RunOnce: [AAW] "C:\Program\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe" "+b1"

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe

O4 - HKCU\..\Run: [LogitechSoftwareUpdate] C:\Program\Logitech\Video\ManifestEngine.exe boot

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\Program\MYWEBS~1\bar\1.bin\mwsoemon.exe

O4 - HKCU\..\Run: [skype] "C:\Program\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program\OpenOffice.org 2.0\program\quickstart.exe

O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe

O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe

O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZNxmk741YYFI

O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html

O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html

O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html

O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program\Canon\Easy-WebPrint\Resource.dll/RC_Print.html

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/ei/SmileyCentralFWBInitialSetup1.0.0.15.cab

O16 - DPF: {E055C02E-6258-40FF-80A7-3BDA52FACAD7} (Installer Class) - http://activex.matcash.com/speedtest2.dll

O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe

O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Program\AntiVir PersonalEdition Classic\avguard.exe

[/log]

 

Dela detta inlägg


Länk till inlägg
Dela på andra webbplatser

Problemet är att många otrevligheter laddar ner nya så man bör försöka rensa utan att använda datorn så mycket emellan. Men jag ser nu att detta är en annan dator.

 

Kontrollpanelen - Lägg till eller ta bort program

Om det finns något som MyWebSearch där så ta bort.

 

Ladda ner Ewido:

http://www.ewido.net/en/download/

Installera och uppdatera enligt anvisningarna på den här sidan:

http://rstones12.geekstogo.com/ewidosetup.htm Bara den första punktlistan, du ska inte skanna än.

 

Skapa en ny mapp på C:, C:\BFU.

Ladda ner Brute Force Uninstaller:

http://www.merijn.org/files/bfu.zip

Packa upp filen till mappen du nyss skapade, C:\BFU.

 

Spara denna fil Alcra Remover:

http://metallica.geekstogo.com/alcanshorty.bfu

i samma mapp.

 

Starta om datorn i felsäkert läge (tryck F8 upprepade gånger under uppstarten och välj felsäkert läge i menyn).

 

[log]Skanna datorn med Ewido på detta sätt:

Tryck på Scanner.

Gå till Scan-fliken

Tryck på Complete System Scan

När skanningen är klar så välj Apply all actions

Tryck Reports, sedan välj Save report as och spara rapporten t ex på Skrivbordet.

 

Men Utforskaren eller Den här datorn gå till mappen du skapade förut, C:\BFU, starta programmet genom att dubbelklicka på BFU.exe.

Efter "scriptline to execute" tryck på mapp-ikonen och välj alcanshorty.bfu

Tryck "execute" och låt programmet jobba på.

Vänta tills en ruta med "complete script execution" dyker upp och då trycker du OK och sedan Exit för att avsluta programmet.

 

Skanna med HijackThis och bocka för dessa rader:

 

R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL

O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL

O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\Program\MYWEBS~1\bar\1.bin\mwsoemon.exe

O4 - HKLM\..\Run: [PVModule] C:\PROGRA~1\PRINTV~1\pvmodule.exe

O4 - HKLM\..\Run: [defender] c:\\dfndrff_e7.exe

O4 - HKLM\..\Run: [keyboard] c:\\kybrdff_e7.exe

O4 - HKLM\..\Run: [newname] c:\\nwnmff_e7.exe

O4 - HKLM\..\RunOnce: [MessengerPlusUninstall] C:\WINDOWS\system32\cmd.exe /C "C:\DOCUME~1\VIRTAN~1\LOKALA~1\Temp\MsgPlusUninst.bat"

O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\Program\MYWEBS~1\bar\1.bin\mwsoemon.exe

O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZNxm

k741YYFI

O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/ei/SmileyCent

ralFWBInitialSetup1.0.0.15.cab

O16 - DPF: {E055C02E-6258-40FF-80A7-3BDA52FACAD7} (Installer Class) - http://activex.matcash.com/speedtest2.dll

 

Avsluta alla andra program.

Tryck på Fix checked.

 

Starta om i normalt läge.

 

I ditt svar så klistra in rapporten från Ewido och en ny HijackThis-logg.[/log]

 

Dela detta inlägg


Länk till inlägg
Dela på andra webbplatser

Här e loggarna.

 

[log]

Logfile of HijackThis v1.99.1

Scan saved at 21:09:38, on 18.9.2006

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Acer\eManager\anbmServ.exe

C:\Program\AntiVir PersonalEdition Classic\sched.exe

C:\Program\AntiVir PersonalEdition Classic\avguard.exe

C:\Program\ewido anti-spyware 4.0\guard.exe

C:\WINDOWS\system32\svchost.exe

C:\Program\Synaptics\SynTP\SynTPLpr.exe

C:\Program\Synaptics\SynTP\SynTPEnh.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\WINDOWS\system32\keyhook.exe

C:\Program\Arcade\PCMService.exe

C:\Program\Launch Manager\QtZgAcer.EXE

C:\WINDOWS\system32\LVCOMSX.EXE

C:\Program\Logitech\Video\LogiTray.exe

C:\Program\Java\jre1.5.0_03\bin\jusched.exe

C:\Program\AntiVir PersonalEdition Classic\avgnt.exe

C:\Program\ewido anti-spyware 4.0\ewido.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program\Logitech\Video\FxSvr2.exe

C:\Program\acer\eRecovery\Monitor.exe

C:\Program\MSN Messenger\MsnMsgr.Exe

C:\Program\Skype\Phone\Skype.exe

C:\WINDOWS\system32\sistray.exe

C:\Program\OpenOffice.org 2.0\program\soffice.exe

C:\Program\OpenOffice.org 2.0\program\soffice.BIN

C:\Program\Mozilla Firefox\firefox.exe

C:\Program\Hijackthis\HijackThis.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://global.acer.com

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://global.acer.com/

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program\Delade filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program\Canon\Easy-WebPrint\Toolband.dll

O4 - HKLM\..\Run: [LaunchApp] Alaunch

O4 - HKLM\..\Run: [synTPLpr] C:\Program\Synaptics\SynTP\SynTPLpr.exe

O4 - HKLM\..\Run: [synTPEnh] C:\Program\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [siSPower] Rundll32.exe SiSPower.dll,ModeAgent

O4 - HKLM\..\Run: [siS Windows KeyHook] C:\WINDOWS\system32\keyhook.exe

O4 - HKLM\..\Run: [PCMService] "C:\Program\Arcade\PCMService.exe"

O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC

O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC

O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName

O4 - HKLM\..\Run: [LManager] C:\Program\Launch Manager\QtZgAcer.EXE

O4 - HKLM\..\Run: [eRecoveryService] C:\Windows\System32\Check.exe

O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE

O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program\Logitech\Video\ISStart.exe

O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program\Logitech\Video\LogiTray.exe

O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program\Java\jre1.5.0_03\bin\jusched.exe

O4 - HKLM\..\Run: [avgnt] "C:\Program\AntiVir PersonalEdition Classic\avgnt.exe" /min

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [!ewido] "C:\Program\ewido anti-spyware 4.0\ewido.exe" /minimized

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe

O4 - HKCU\..\Run: [LogitechSoftwareUpdate] C:\Program\Logitech\Video\ManifestEngine.exe boot

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [skype] "C:\Program\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program\OpenOffice.org 2.0\program\quickstart.exe

O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe

O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe

O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZNxmk741YYFI

O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html

O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html

O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html

O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program\Canon\Easy-WebPrint\Resource.dll/RC_Print.html

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program\MSNMES~1\MSGRAP~1.DLL

O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe

O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Program\AntiVir PersonalEdition Classic\avguard.exe

O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program\ewido anti-spyware 4.0\guard.exe

 

 

---------------------------------------------------------

ewido anti-spyware - Scan Report

---------------------------------------------------------

 

+ Created at: 20:47:34 18.9.2006

 

+ Scan result:

 

 

 

C:\Program\Delade filer\{320D180E-05DC-1053-0419-050315050166}\Update.exe -> Adware.Agent : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{FA59FCEB-29AA-4812-A10E-5ECFDD7A74E2}\RP143\A0012224.dll -> Adware.Look2Me : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{FA59FCEB-29AA-4812-A10E-5ECFDD7A74E2}\RP143\snapshot\MFEX-1.DAT -> Adware.Look2Me : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{FA59FCEB-29AA-4812-A10E-5ECFDD7A74E2}\RP143\snapshot\MFEX-14.DAT -> Adware.Look2Me : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{FA59FCEB-29AA-4812-A10E-5ECFDD7A74E2}\RP143\snapshot\MFEX-15.DAT -> Adware.Look2Me : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{FA59FCEB-29AA-4812-A10E-5ECFDD7A74E2}\RP143\snapshot\MFEX-20.DAT -> Adware.Look2Me : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{FA59FCEB-29AA-4812-A10E-5ECFDD7A74E2}\RP143\snapshot\MFEX-21.DAT -> Adware.Look2Me : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{FA59FCEB-29AA-4812-A10E-5ECFDD7A74E2}\RP143\snapshot\MFEX-22.DAT -> Adware.Look2Me : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{FA59FCEB-29AA-4812-A10E-5ECFDD7A74E2}\RP143\snapshot\MFEX-23.DAT -> Adware.Look2Me : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{FA59FCEB-29AA-4812-A10E-5ECFDD7A74E2}\RP143\snapshot\MFEX-24.DAT -> Adware.Look2Me : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{FA59FCEB-29AA-4812-A10E-5ECFDD7A74E2}\RP143\snapshot\MFEX-25.DAT -> Adware.Look2Me : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{FA59FCEB-29AA-4812-A10E-5ECFDD7A74E2}\RP143\snapshot\MFEX-4.DAT -> Adware.Look2Me : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{FA59FCEB-29AA-4812-A10E-5ECFDD7A74E2}\RP143\A0012222.dll -> Adware.Softomate : Cleaned with backup (quarantined).

C:\Documents and Settings\All Users\Application Data\Starware -> Adware.Starware : Cleaned with backup (quarantined).

C:\Documents and Settings\All Users\Application Data\Starware\SimpleUpdate -> Adware.Starware : Cleaned with backup (quarantined).

C:\Documents and Settings\All Users\Application Data\Starware\SimpleUpdate\ProductMessagingConfig.xml -> Adware.Starware : Cleaned with backup (quarantined).

C:\Documents and Settings\All Users\Application Data\Starware\SimpleUpdate\ProductMessagingConfig.xml.backup -> Adware.Starware : Cleaned with backup (quarantined).

C:\Documents and Settings\All Users\Application Data\Starware\SimpleUpdate\SimpleUpdateConfig.xml -> Adware.Starware : Cleaned with backup (quarantined).

C:\Documents and Settings\All Users\Application Data\Starware\SimpleUpdate\SimpleUpdateConfig.xml.backup -> Adware.Starware : Cleaned with backup (quarantined).

C:\Documents and Settings\All Users\Application Data\Starware\SimpleUpdate\TimerManagerConfig.xml -> Adware.Starware : Cleaned with backup (quarantined).

C:\Documents and Settings\All Users\Application Data\Starware\SimpleUpdate\TimerManagerConfig.xml.backup -> Adware.Starware : Cleaned with backup (quarantined).

C:\Documents and Settings\All Users\Application Data\Starware\buttons -> Adware.Starware : Cleaned with backup (quarantined).

C:\Documents and Settings\All Users\Application Data\Starware\buttons\FindIt.bmp -> Adware.Starware : Cleaned with backup (quarantined).

C:\Documents and Settings\All Users\Application Data\Starware\buttons\FindItHot.bmp -> Adware.Starware : Cleaned with backup (quarantined).

C:\Documents and Settings\All Users\Application Data\Starware\buttons\Highlight.bmp -> Adware.Starware : Cleaned with backup (quarantined).

C:\Documents and Settings\All Users\Application Data\Starware\buttons\HighlightHot.bmp -> Adware.Starware : Cleaned with backup (quarantined).

C:\Documents and Settings\All Users\Application Data\Starware\buttons\Reference.bmp -> Adware.Starware : Cleaned with backup (quarantined).

C:\Documents and Settings\All Users\Application Data\Starware\buttons\ReferenceHot.bmp -> Adware.Starware : Cleaned with backup (quarantined).

C:\Documents and Settings\All Users\Application Data\Starware\buttons\Weather.bmp -> Adware.Starware : Cleaned with backup (quarantined).

C:\Documents and Settings\All Users\Application Data\Starware\buttons\cursorcafe.bmp -> Adware.Starware : Cleaned with backup (quarantined).

C:\Documents and Settings\All Users\Application Data\Starware\buttons\cursorcafeA.bmp -> Adware.Starware : Cleaned with backup (quarantined).

C:\Documents and Settings\All Users\Application Data\Starware\buttons\findithotxp.png -> Adware.Starware : Cleaned with backup (quarantined).

C:\Documents and Settings\All Users\Application Data\Starware\buttons\finditxp.png -> Adware.Starware : Cleaned with backup (quarantined).

C:\Documents and Settings\All Users\Application Data\Starware\buttons\games.bmp -> Adware.Starware : Cleaned with backup (quarantined).

C:\Documents and Settings\All Users\Application Data\Starware\buttons\gamesA.bmp -> Adware.Starware : Cleaned with backup (quarantined).

C:\Documents and Settings\All Users\Application Data\Starware\buttons\highlighthotxp.png -> Adware.Starware : Cleaned with backup (quarantined).

C:\Documents and Settings\All Users\Application Data\Starware\buttons\highlightxp.png -> Adware.Starware : Cleaned with backup (quarantined).

C:\Documents and Settings\All Users\Application Data\Starware\buttons\logo.bmp -> Adware.Starware : Cleaned with backup (quarantined).

C:\Documents and Settings\All Users\Application Data\Starware\buttons\logoxp.bmp -> Adware.Starware : Cleaned with backup (quarantined).

C:\Documents and Settings\All Users\Application Data\Starware\buttons\moviesA.bmp -> Adware.Starware : Cleaned with backup (quarantined).

C:\Documents and Settings\All Users\Application Data\Starware\buttons\referencehotxp.png -> Adware.Starware : Cleaned with backup (quarantined).

C:\Documents and Settings\All Users\Application Data\Starware\buttons\referencexp.png -> Adware.Starware : Cleaned with backup (quarantined).

C:\Documents and Settings\All Users\Application Data\Starware\buttons\screensaver.bmp -> Adware.Starware : Cleaned with backup (quarantined).

C:\Documents and Settings\All Users\Application Data\Starware\buttons\screensaverA.bmp -> Adware.Starware : Cleaned with backup (quarantined).

C:\Documents and Settings\All Users\Application Data\Starware\buttons\weatherhotxp.png -> Adware.Starware : Cleaned with backup (quarantined).

C:\Documents and Settings\All Users\Application Data\Starware\buttons\weatherxp.png -> Adware.Starware : Cleaned with backup (quarantined).

C:\Documents and Settings\All Users\Application Data\Starware\contexts -> Adware.Starware : Cleaned with backup (quarantined).

C:\Documents and Settings\All Users\Application Data\Starware\contexts\error.xml -> Adware.Starware : Cleaned with backup (quarantined).

C:\Documents and Settings\All Users\Application Data\Starware\contexts\related.xml -> Adware.Starware : Cleaned with backup (quarantined).

C:\Documents and Settings\All Users\Application Data\Starware\contexts\travel.xml -> Adware.Starware : Cleaned with backup (quarantined).

C:\Documents and Settings\All Users\Application Data\Starware\images -> Adware.Starware : Cleaned with backup (quarantined).

C:\Documents and Settings\All Users\Application Data\Starware\images\walertXP.bmp -> Adware.Starware : Cleaned with backup (quarantined).

C:\Documents and Settings\Virtanen II\Lokala inställningar\Temporary Internet Files\Content.IE5\L1C35X5H\speedtest2[1].dll -> Not-A-Virus.Downloader.Win32.InsTool.a : Cleaned with backup (quarantined).

C:\WINDOWS\Downloaded Program Files\speedtest2.dll -> Not-A-Virus.Downloader.Win32.InsTool.a : Cleaned with backup (quarantined).

:mozilla.97:C:\Documents and Settings\Virtanen II\Application Data\Mozilla\Firefox\Profiles\xb0p0jgy.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).

C:\Documents and Settings\Virtanen II\Cookies\virtanen ii@microsoftwga.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).

C:\Documents and Settings\Virtanen II\Cookies\virtanen ii@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).

C:\Documents and Settings\Virtanen II\Cookies\virtanen ii@rotator.adjuggler[2].txt -> TrackingCookie.Adjuggler : Cleaned with backup (quarantined).

:mozilla.12:C:\Documents and Settings\Virtanen II\Application Data\Mozilla\Firefox\Profiles\xb0p0jgy.default\cookies.txt -> TrackingCookie.Adtech : Cleaned with backup (quarantined).

:mozilla.13:C:\Documents and Settings\Virtanen II\Application Data\Mozilla\Firefox\Profiles\xb0p0jgy.default\cookies.txt -> TrackingCookie.Adtech : Cleaned with backup (quarantined).

:mozilla.54:C:\Documents and Settings\Virtanen II\Application Data\Mozilla\Firefox\Profiles\xb0p0jgy.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).

:mozilla.57:C:\Documents and Settings\Virtanen II\Application Data\Mozilla\Firefox\Profiles\xb0p0jgy.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).

:mozilla.58:C:\Documents and Settings\Virtanen II\Application Data\Mozilla\Firefox\Profiles\xb0p0jgy.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).

:mozilla.59:C:\Documents and Settings\Virtanen II\Application Data\Mozilla\Firefox\Profiles\xb0p0jgy.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).

:mozilla.60:C:\Documents and Settings\Virtanen II\Application Data\Mozilla\Firefox\Profiles\xb0p0jgy.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).

:mozilla.53:C:\Documents and Settings\Virtanen II\Application Data\Mozilla\Firefox\Profiles\xb0p0jgy.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup (quarantined).

C:\Documents and Settings\Virtanen II\Cookies\virtanen ii@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned with backup (quarantined).

C:\Documents and Settings\Virtanen II\Cookies\virtanen ii@burstnet[1].txt -> TrackingCookie.Burstnet : Cleaned with backup (quarantined).

C:\Documents and Settings\Virtanen II\Cookies\virtanen ii@burstnet[2].txt -> TrackingCookie.Burstnet : Cleaned with backup (quarantined).

:mozilla.100:C:\Documents and Settings\Virtanen II\Application Data\Mozilla\Firefox\Profiles\xb0p0jgy.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).

:mozilla.101:C:\Documents and Settings\Virtanen II\Application Data\Mozilla\Firefox\Profiles\xb0p0jgy.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).

:mozilla.102:C:\Documents and Settings\Virtanen II\Application Data\Mozilla\Firefox\Profiles\xb0p0jgy.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).

C:\Documents and Settings\Virtanen II\Cookies\virtanen ii@ad1.clickhype[2].txt -> TrackingCookie.Clickhype : Cleaned with backup (quarantined).

:mozilla.15:C:\Documents and Settings\Virtanen II\Application Data\Mozilla\Firefox\Profiles\xb0p0jgy.default\cookies.txt -> TrackingCookie.Cpvfeed : Cleaned with backup (quarantined).

:mozilla.16:C:\Documents and Settings\Virtanen II\Application Data\Mozilla\Firefox\Profiles\xb0p0jgy.default\cookies.txt -> TrackingCookie.Cpvfeed : Cleaned with backup (quarantined).

:mozilla.17:C:\Documents and Settings\Virtanen II\Application Data\Mozilla\Firefox\Profiles\xb0p0jgy.default\cookies.txt -> TrackingCookie.Cpvfeed : Cleaned with backup (quarantined).

:mozilla.18:C:\Documents and Settings\Virtanen II\Application Data\Mozilla\Firefox\Profiles\xb0p0jgy.default\cookies.txt -> TrackingCookie.Cpvfeed : Cleaned with backup (quarantined).

C:\Documents and Settings\Virtanen II\Cookies\virtanen ii@cpvfeed[2].txt -> TrackingCookie.Cpvfeed : Cleaned with backup (quarantined).

C:\Documents and Settings\Virtanen II\Cookies\virtanen ii@cqcounter[2].txt -> TrackingCookie.Cqcounter : Cleaned with backup (quarantined).

C:\Documents and Settings\Virtanen II\Cookies\virtanen ii@www.cqcounter[1].txt -> TrackingCookie.Cqcounter : Cleaned with backup (quarantined).

:mozilla.62:C:\Documents and Settings\Virtanen II\Application Data\Mozilla\Firefox\Profiles\xb0p0jgy.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned with backup (quarantined).

C:\Documents and Settings\Virtanen II\Cookies\virtanen ii@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned with backup (quarantined).

C:\Documents and Settings\Virtanen II\Cookies\virtanen ii@adopt.euroclick[2].txt -> TrackingCookie.Euroclick : Cleaned with backup (quarantined).

:mozilla.114:C:\Documents and Settings\Virtanen II\Application Data\Mozilla\Firefox\Profiles\xb0p0jgy.default\cookies.txt -> TrackingCookie.Goclick : Cleaned with backup (quarantined).

:mozilla.115:C:\Documents and Settings\Virtanen II\Application Data\Mozilla\Firefox\Profiles\xb0p0jgy.default\cookies.txt -> TrackingCookie.Goclick : Cleaned with backup (quarantined).

:mozilla.134:C:\Documents and Settings\Virtanen II\Application Data\Mozilla\Firefox\Profiles\xb0p0jgy.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).

:mozilla.135:C:\Documents and Settings\Virtanen II\Application Data\Mozilla\Firefox\Profiles\xb0p0jgy.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).

:mozilla.137:C:\Documents and Settings\Virtanen II\Application Data\Mozilla\Firefox\Profiles\xb0p0jgy.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).

:mozilla.138:C:\Documents and Settings\Virtanen II\Application Data\Mozilla\Firefox\Profiles\xb0p0jgy.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).

:mozilla.29:C:\Documents and Settings\Virtanen II\Application Data\Mozilla\Firefox\Profiles\xb0p0jgy.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned with backup (quarantined).

:mozilla.31:C:\Documents and Settings\Virtanen II\Application Data\Mozilla\Firefox\Profiles\xb0p0jgy.default\cookies.txt -> TrackingCookie.Onestat : Cleaned with backup (quarantined).

:mozilla.32:C:\Documents and Settings\Virtanen II\Application Data\Mozilla\Firefox\Profiles\xb0p0jgy.default\cookies.txt -> TrackingCookie.Onestat : Cleaned with backup (quarantined).

C:\Documents and Settings\Virtanen II\Cookies\virtanen ii@data2.perf.overture[1].txt -> TrackingCookie.Overture : Cleaned with backup (quarantined).

C:\Documents and Settings\Virtanen II\Cookies\virtanen ii@stats1.reliablestats[2].txt -> TrackingCookie.Reliablestats : Cleaned with backup (quarantined).

:mozilla.103:C:\Documents and Settings\Virtanen II\Application Data\Mozilla\Firefox\Profiles\xb0p0jgy.default\cookies.txt -> TrackingCookie.Revenue : Cleaned with backup (quarantined).

C:\Documents and Settings\Virtanen II\Cookies\virtanen ii@ads1.revenue[1].txt -> TrackingCookie.Revenue : Cleaned with backup (quarantined).

C:\Documents and Settings\Virtanen II\Cookies\virtanen ii@ads1.revenue[2].txt -> TrackingCookie.Revenue : Cleaned with backup (quarantined).

:mozilla.69:C:\Documents and Settings\Virtanen II\Application Data\Mozilla\Firefox\Profiles\xb0p0jgy.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).

:mozilla.70:C:\Documents and Settings\Virtanen II\Application Data\Mozilla\Firefox\Profiles\xb0p0jgy.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).

:mozilla.71:C:\Documents and Settings\Virtanen II\Application Data\Mozilla\Firefox\Profiles\xb0p0jgy.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).

:mozilla.72:C:\Documents and Settings\Virtanen II\Application Data\Mozilla\Firefox\Profiles\xb0p0jgy.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).

:mozilla.73:C:\Documents and Settings\Virtanen II\Application Data\Mozilla\Firefox\Profiles\xb0p0jgy.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).

:mozilla.167:C:\Documents and Settings\Virtanen II\Application Data\Mozilla\Firefox\Profiles\xb0p0jgy.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).

C:\Documents and Settings\Virtanen II\Cookies\virtanen ii@tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned with backup (quarantined).

C:\Documents and Settings\Virtanen II\Cookies\virtanen ii@tacoda[2].txt -> TrackingCookie.Tacoda : Cleaned with backup (quarantined).

:mozilla.33:C:\Documents and Settings\Virtanen II\Application Data\Mozilla\Firefox\Profiles\xb0p0jgy.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned with backup (quarantined).

:mozilla.34:C:\Documents and Settings\Virtanen II\Application Data\Mozilla\Firefox\Profiles\xb0p0jgy.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned with backup (quarantined).

:mozilla.35:C:\Documents and Settings\Virtanen II\Application Data\Mozilla\Firefox\Profiles\xb0p0jgy.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned with backup (quarantined).

C:\Documents and Settings\Virtanen II\Cookies\virtanen ii@tradedoubler[2].txt -> TrackingCookie.Tradedoubler : Cleaned with backup (quarantined).

:mozilla.21:C:\Documents and Settings\Virtanen II\Application Data\Mozilla\Firefox\Profiles\xb0p0jgy.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).

:mozilla.22:C:\Documents and Settings\Virtanen II\Application Data\Mozilla\Firefox\Profiles\xb0p0jgy.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).

:mozilla.23:C:\Documents and Settings\Virtanen II\Application Data\Mozilla\Firefox\Profiles\xb0p0jgy.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).

:mozilla.24:C:\Documents and Settings\Virtanen II\Application Data\Mozilla\Firefox\Profiles\xb0p0jgy.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).

:mozilla.25:C:\Documents and Settings\Virtanen II\Application Data\Mozilla\Firefox\Profiles\xb0p0jgy.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).

C:\Documents and Settings\Virtanen II\Cookies\virtanen ii@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).

C:\Documents and Settings\Virtanen II\Cookies\virtanen ii@ad.yieldmanager[3].txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).

C:\Documents and Settings\Virtanen II\Lokala inställningar\Temporary Internet Files\Content.IE5\RMGV31K5\photo223[1].PIF -> Worm.Licat.c : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{FA59FCEB-29AA-4812-A10E-5ECFDD7A74E2}\RP142\A0012168.rbf -> Worm.Licat.c : Cleaned with backup (quarantined).

 

 

::Report end

 

[/log]

 

Dela detta inlägg


Länk till inlägg
Dela på andra webbplatser

Skanna med HijackThis och bocka för:

O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZNxm

k741YYFI

 

Avsluta alla andra program.

Tryck Fix checked.

 

Ta bort mappen C:\Documents and Settings\All Users\Application Data\Starware

 

Ta bort alla tillfälliga internet-filer så här:

Kontrollpanelen - Internet-alternativ - Ta bort filer - Kryssa i rutan - OK - OK

 

Starta om datorn.

Kontrollera själv att raden du bockade för har försvunnit från HijackThis-loggen.

 

Hur mår datorn nu? Hittar Ad-aware fortfarande filer som inte går att ta bort?

 

Dela detta inlägg


Länk till inlägg
Dela på andra webbplatser

Allt är som de ska vara nu, Hijackthis hittar inget skumt mera, men Ad-aware hittar ändå ett antal objekt i registret för de mesta, och Antivir hittar en massa olika virus i System Volume Information mappen.

 

 

 

Dela detta inlägg


Länk till inlägg
Dela på andra webbplatser
Ad-aware hittar ändå ett antal objekt i registret för de mesta

Man kan få ut en logg från Ad-aware med vad den hittar, jag vill absolut inte se hela loggen, men du kan klistra in just den/de biten/arna där något hittas.

 

Antivir hittar en massa olika virus i System Volume Information mappen.

C:\System Volume Information\_restore är stället där systemåterställningsfunktionen lagrar olika systemåterställningspunkter. Det betyder att medan din dator var infekterad så skapade Windows en systemåterställningspunkt. Så länge som otrevligheterna ligger i den mappen så är de ofarliga. Däremot så om du återställer till en tidpunkt då datorn var infekterad så blir även otrevligheterna återställda.

 

Du kan ta bort samtliga systemåterställningspunkter genom att stänga av systemåterställningsfunktionen, starta om datorn och så slå på funktionen igen. Systemåterställningsfunktionen slår man av och på här:

Högerklick på Den här datorn - Egenskaper - Systemåterställning.

 

Den Java-version som finns i datorn har säkerhetshål så uppdatera, avinstallera alla befintliga Java från Kontrollpanelen - Lägg till eller ta bort program och så installera den nya:

http://www.java.com/sv/

 

Tipsen för en säkrare dator fick du i tråden med den andra datorn.

 

Dela detta inlägg


Länk till inlägg
Dela på andra webbplatser

Skapa ett konto eller logga in för att kommentera

Du måste vara medlem för att kunna kommentera

Skapa ett konto

Skapa ett nytt konto på vårt forum. Det är lätt!

Registrera ett nytt konto

Logga in

Redan medlem? Logga in här.

Logga in nu



×
×
  • Skapa nytt...