Just nu i M3-nätverket
Jump to content

Hjälp att få bort Swizzor!


Olarsbritta

Recommended Posts

Hej!

 

Har haft div skumma saker i min dator. Bl a Virusburst som envist låg som symbol i nedre högra hörnet men som jag lyckats bli av med tack vare tidigare inlägg här mellan fantastiska Cecilia och Bue!

Nu återstår något skräp som jag inte får bort med vare sig Smitfraudfix, Adaware, Spyhunter....

Kan fantastiska CECILIA eller någon annan vänlig själ hjälpa mig sista biten i mål?

 

 

 

 

Link to comment
Share on other sites

Hej!

Tack snälla för att du vill försöka hjälpa mig!!!

 

 

[log]Logfile of HijackThis v1.99.1

Scan saved at 12:59:23, on 2006-09-24

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Program\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE

C:\Program\F-Secure\Anti-Virus\fsgk32st.exe

C:\Program\F-Secure\BackWeb\7681197\program\fsbwsys.exe

C:\Program\F-Secure\Anti-Virus\FSGK32.EXE

C:\Program\F-Secure\Anti-Virus\fssm32.exe

C:\Program\F-Secure\Common\FSMA32.EXE

C:\Program\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe

C:\Program\F-Secure\BackWeb\7681197\Program\BackWeb-7681197.exe

C:\Program\F-Secure\Common\FSMB32.EXE

C:\windows\system\hpsysdrv.exe

C:\Program\USB Storage RW\shwicon.exe

C:\WINDOWS\system32\ps2.exe

C:\Program\F-Secure\Common\FSM32.EXE

C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe

C:\Program\Hewlett-Packard\HP Software Update\HPWuSchd.exe

C:\Program\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe

C:\Program\Delade filer\Logitech\QCDriver3\LVCOMS.EXE

C:\Program\Delade filer\Microsoft Shared\Works Shared\WkUFind.exe

C:\Program\Delade filer\Real\Update_OB\realsched.exe

C:\Program\MessengerPlus! 3\MsgPlus1.exe

C:\Program\Telia\Supportassistent\bin\tgcmd.exe

C:\Program\iTunes\iTunesHelper.exe

C:\Program\QuickTime\qttask.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program\SmartTrust\SmartTrust Personal\Csp\SmartCertmover.exe

C:\Program\Personal\bin\Personal.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Program\F-Secure\Common\FCH32.EXE

C:\WINDOWS\system32\Smartscaps.exe

C:\WINDOWS\System32\svchost.exe

C:\Program\F-Secure\Common\FAMEH32.EXE

C:\Program\iPod\bin\iPodService.exe

C:\Program\F-Secure\Common\FNRB32.EXE

C:\Program\F-Secure\FWES\Program\fsdfwd.exe

C:\Program\F-Secure\Common\FIH32.EXE

C:\Program\F-Secure\Anti-Virus\fsav32.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\msiexec.exe

C:\Program\Hijackthis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.glocalnet.se/'>http://start.glocalnet.se/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.glocalnet.se

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer erhållet av Glocalnet

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {08D37A57-171D-4FB6-F523-8AEE223442CB} - C:\DOCUME~1\Daniel\APPLIC~1\drawidol\atom creative.exe (file missing)

O2 - BHO: REALBAR - {4E7BD74F-2B8D-469E-C0FF-FD60B590A87D} - C:\Program\DELADE~1\Real\Toolbar\realbar.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program\SPYBOT~1\SDHelper.dll

O3 - Toolbar: REALBAR - {4E7BD74F-2B8D-469E-C0FF-FD60B590A87D} - C:\Program\DELADE~1\Real\Toolbar\realbar.dll

O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe

O4 - HKLM\..\Run: [KYE_Showicon] "C:\Program\USB Storage RW\shwicon.exe" -t"KYE\USB Storage RW"

O4 - HKLM\..\Run: [storageGuard] "C:\Program\VERITAS Software\Update Manager\sgtray.exe" /r

O4 - HKLM\..\Run: [WCOLOREAL] C:\Program\Coloreal\coloreal.exe

O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe

O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program\F-Secure\Common\FSM32.EXE" /splash

O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program\F-Secure\TNB\TNBUtil.exe" /CHECKALL

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe

O4 - HKLM\..\Run: [HP Software Update] C:\Program\Hewlett-Packard\HP Software Update\HPWuSchd.exe

O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe

O4 - HKLM\..\Run: [LVCOMS] C:\Program\Delade filer\Logitech\QCDriver3\LVCOMS.EXE

O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program\Delade filer\Microsoft Shared\Works Shared\WkUFind.exe

O4 - HKLM\..\Run: [TkBellExe] "C:\Program\Delade filer\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [bind heart road comp] C:\Documents and Settings\All Users\Application Data\Mail Hope Bind Heart\magswipe.exe

O4 - HKLM\..\Run: [tgcmd] "C:\Program\Telia\Supportassistent\bin\tgcmd.exe" /server /startmonitor /deaf

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [spywarebot] C:\Program\SpywareBot\SpywareBot.exe -boot

O4 - HKLM\..\Run: [spyHunter] C:\Program\Enigma Software Group\SpyHunter\SpyHunter.exe

O4 - HKLM\..\RunOnce: [MessengerPlusUninstall] C:\WINDOWS\system32\cmd.exe /C "C:\DOCUME~1\Daniel\LOKALA~1\Temp\MsgPlusUninst.bat"

O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook

O4 - HKCU\..\Run: [spyware Doctor] "C:\Program\Spyware Doctor\swdoctor.exe" /Q

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Certificate Mover.lnk = ?

O4 - Global Startup: Microsoft Office.lnk = C:\Program\Microsoft Office\Office\OSA9.EXE

O4 - Global Startup: Personal.lnk = C:\Program\Personal\bin\Personal.exe

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll

O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O14 - IERESET.INF: START_PAGE_URL=http://start.glocalnet.se

O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} -

O16 - DPF: {ED28050F-D713-43BA-A376-DCC5C35407D5} - http://entimg.msn.com/client/msnmusax2822.cab

O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll

O23 - Service: F-Secure Automatic Update (BackWeb Client - 7681197) - Unknown owner - C:\Program\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE

O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corp. - C:\Program\F-Secure\Anti-Virus\fsgk32st.exe

O23 - Service: F-Secure Network Request Broker - F-Secure Corporation - C:\Program\F-Secure\Common\FNRB32.EXE

O23 - Service: fsbwsys - F-Secure Corp. - C:\Program\F-Secure\BackWeb\7681197\program\fsbwsys.exe

O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program\F-Secure\FWES\Program\fsdfwd.exe

O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program\F-Secure\Common\FSMA32.EXE

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program\Delade filer\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPodService - Apple Computer, Inc. - C:\Program\iPod\bin\iPodService.exe

O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: SmartTrust Smart Card Server (Smartscaps) - SmartTrust - C:\WINDOWS\system32\Smartscaps.exe

O23 - Service: WMI Performance Adapter (WmiApSrv) - Unknown owner - C:\WINDOWS\System32\wbem\wmiapsrv.exe (file missing)

[/log]

 

 

Link to comment
Share on other sites

 

Titta här om du vill ha kvar dessa program

 

C:\Program\SpywareBot\SpywareBot.exe

 

http://www.bleepingcomputer.com/startups/SpywareBot.exe-15495.html

 

C:\Program\Enigma Software Group\SpyHunter\SpyHunter.exe

 

http://www.bleepingcomputer.com/startups/SpyHunter.exe-5119.html

 

Ladda ner NoLop på skrivbordet

 

http://www.spywareedge.net/nolop/NoLop.exe

 

stäng alla andra öppna progam för att datorn kommer att starta om.

Öppna NoLop.exe

sen kopiera raden nedan

 

08D37A57-171D-4FB6-F523-8AEE223442CB

 

och klistra in i Insert CLSID Here fältet

sen klicka på Search and Destroy

om nåt hittas får du meddelande att starta om datorn = klicka ok

klicka på Reboot

Skicka sen en ny Hijack logg och C:\NoLop.log

 

Link to comment
Share on other sites

Hm.. vet inte om det går så bra detta? Har följt dina instruktioner och NoLop hittade något som togs bort. När jag nu kör en ny NoLop log ska jag fortf klistra in den långa ref-raden i CLSID? Den verkar inte hitta något vare sej med el utan. Bra?

Men varje gång datorn startas om dyker meddelande från F-Secure (mitt säkerhetspgm + brandvägg) och säger att virus har hittats:

Trojan.Downloader.Win32.Swizzor.df (tidigare har även versionerna .de och .di dykt upp) Men det går inte att radera genom F-Sec!

 

Skickar dig här Hijack logg på nytt! TACK!!!

 

[log]Logfile of HijackThis v1.99.1

Scan saved at 14:06:02, on 2006-09-24

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE

C:\Program\F-Secure\Anti-Virus\fsgk32st.exe

C:\Program\F-Secure\BackWeb\7681197\program\fsbwsys.exe

C:\Program\F-Secure\Anti-Virus\FSGK32.EXE

C:\Program\F-Secure\Common\FSMA32.EXE

C:\Program\F-Secure\Anti-Virus\fssm32.exe

C:\Program\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe

C:\Program\F-Secure\Common\FSMB32.EXE

C:\WINDOWS\system32\nvsvc32.exe

C:\Program\F-Secure\Common\FCH32.EXE

C:\WINDOWS\system32\Smartscaps.exe

C:\WINDOWS\System32\svchost.exe

C:\Program\F-Secure\Common\FAMEH32.EXE

C:\Program\F-Secure\Common\FNRB32.EXE

C:\Program\F-Secure\FWES\Program\fsdfwd.exe

C:\Program\F-Secure\Common\FIH32.EXE

C:\Program\F-Secure\Anti-Virus\fsav32.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\Explorer.EXE

C:\windows\system\hpsysdrv.exe

C:\Program\USB Storage RW\shwicon.exe

C:\Program\VERITAS Software\Update Manager\sgtray.exe

C:\WINDOWS\system32\ps2.exe

C:\Program\F-Secure\Common\FSM32.EXE

C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe

C:\Program\Hewlett-Packard\HP Software Update\HPWuSchd.exe

C:\Program\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe

C:\Program\Delade filer\Logitech\QCDriver3\LVCOMS.EXE

C:\Program\Delade filer\Microsoft Shared\Works Shared\WkUFind.exe

C:\Program\Delade filer\Real\Update_OB\realsched.exe

C:\Program\Telia\Supportassistent\bin\tgcmd.exe

C:\Program\iTunes\iTunesHelper.exe

C:\Program\Adobe\Acrobat 7.0\Reader\reader_sl.exe

C:\Program\SmartTrust\SmartTrust Personal\Csp\SmartCertmover.exe

C:\Program\F-Secure\BackWeb\7681197\Program\BackWeb-7681197.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program\Personal\bin\Personal.exe

C:\Program\iPod\bin\iPodService.exe

C:\Program\Hijackthis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.glocalnet.se

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer erhållet av Glocalnet

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {08D37A57-171D-4FB6-F523-8AEE223442CB} - (no file)

O2 - BHO: REALBAR - {4E7BD74F-2B8D-469E-C0FF-FD60B590A87D} - C:\Program\DELADE~1\Real\Toolbar\realbar.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program\SPYBOT~1\SDHelper.dll

O3 - Toolbar: REALBAR - {4E7BD74F-2B8D-469E-C0FF-FD60B590A87D} - C:\Program\DELADE~1\Real\Toolbar\realbar.dll

O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe

O4 - HKLM\..\Run: [KYE_Showicon] "C:\Program\USB Storage RW\shwicon.exe" -t"KYE\USB Storage RW"

O4 - HKLM\..\Run: [storageGuard] "C:\Program\VERITAS Software\Update Manager\sgtray.exe" /r

O4 - HKLM\..\Run: [WCOLOREAL] C:\Program\Coloreal\coloreal.exe

O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe

O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program\F-Secure\Common\FSM32.EXE" /splash

O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program\F-Secure\TNB\TNBUtil.exe" /CHECKALL

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe

O4 - HKLM\..\Run: [HP Software Update] C:\Program\Hewlett-Packard\HP Software Update\HPWuSchd.exe

O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe

O4 - HKLM\..\Run: [LVCOMS] C:\Program\Delade filer\Logitech\QCDriver3\LVCOMS.EXE

O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program\Delade filer\Microsoft Shared\Works Shared\WkUFind.exe

O4 - HKLM\..\Run: [TkBellExe] "C:\Program\Delade filer\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [bind heart road comp] C:\Documents and Settings\All Users\Application Data\Mail Hope Bind Heart\magswipe.exe

O4 - HKLM\..\Run: [tgcmd] "C:\Program\Telia\Supportassistent\bin\tgcmd.exe" /server /startmonitor /deaf

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [spywarebot] C:\Program\SpywareBot\SpywareBot.exe -boot

O4 - HKLM\..\Run: [spyHunter] C:\Program\Enigma Software Group\SpyHunter\SpyHunter.exe

O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook

O4 - HKCU\..\Run: [spyware Doctor] "C:\Program\Spyware Doctor\swdoctor.exe" /Q

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Certificate Mover.lnk = ?

O4 - Global Startup: Microsoft Office.lnk = C:\Program\Microsoft Office\Office\OSA9.EXE

O4 - Global Startup: Personal.lnk = C:\Program\Personal\bin\Personal.exe

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll

O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O14 - IERESET.INF: START_PAGE_URL=http://start.glocalnet.se

O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} -

O16 - DPF: {ED28050F-D713-43BA-A376-DCC5C35407D5} - http://entimg.msn.com/client/msnmusax2822.cab

O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll

O23 - Service: F-Secure Automatic Update (BackWeb Client - 7681197) - Unknown owner - C:\Program\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE

O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corp. - C:\Program\F-Secure\Anti-Virus\fsgk32st.exe

O23 - Service: F-Secure Network Request Broker - F-Secure Corporation - C:\Program\F-Secure\Common\FNRB32.EXE

O23 - Service: fsbwsys - F-Secure Corp. - C:\Program\F-Secure\BackWeb\7681197\program\fsbwsys.exe

O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program\F-Secure\FWES\Program\fsdfwd.exe

O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program\F-Secure\Common\FSMA32.EXE

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program\Delade filer\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPodService - Apple Computer, Inc. - C:\Program\iPod\bin\iPodService.exe

O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: SmartTrust Smart Card Server (Smartscaps) - SmartTrust - C:\WINDOWS\system32\Smartscaps.exe

O23 - Service: WMI Performance Adapter (WmiApSrv) - Unknown owner - C:\WINDOWS\System32\wbem\wmiapsrv.exe (file missing)

[/log]

 

 

Link to comment
Share on other sites

Här kommer den:

NoLop! Log by Skate_Punk_21

 

Please Note: any existing old logs will have now been renamed to NoLop!OLD.log

 

Fix running from: C:\Documents and Settings\Ägaren\Skrivbord

[2006-09-24]

[14:47:15]

 

---Infection Files Found/Removed---

NO INFECTION FILES FOUND - Cleaning Aborted.

 

---Listing AppData sub directories---

 

C:\Documents and Settings\All Users\Application Data\Adobe

C:\Documents and Settings\All Users\Application Data\Apple Computer

C:\Documents and Settings\All Users\Application Data\Creative

C:\Documents and Settings\All Users\Application Data\Mail Hope Bind Heart

C:\Documents and Settings\All Users\Application Data\Microsoft

C:\Documents and Settings\All Users\Application Data\Msn6

C:\Documents and Settings\All Users\Application Data\Quicktime

C:\Documents and Settings\All Users\Application Data\Sbsi

C:\Documents and Settings\All Users\Application Data\Sony

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy

C:\Documents and Settings\All Users\Application Data\Support.com

C:\Documents and Settings\All Users\Application Data\Symantec

C:\Documents and Settings\Daniel\Application Data\.bittorrent

C:\Documents and Settings\Daniel\Application Data\Adobe

C:\Documents and Settings\Daniel\Application Data\Adobeum -- EMPTY Directory

C:\Documents and Settings\Daniel\Application Data\Apple Computer

C:\Documents and Settings\Daniel\Application Data\Creative

C:\Documents and Settings\Daniel\Application Data\Dimage

C:\Documents and Settings\Daniel\Application Data\Drawidol -- EMPTY Directory

C:\Documents and Settings\Daniel\Application Data\Help -- EMPTY Directory

C:\Documents and Settings\Daniel\Application Data\Icaclient

C:\Documents and Settings\Daniel\Application Data\Identities

C:\Documents and Settings\Daniel\Application Data\Intertrust

C:\Documents and Settings\Daniel\Application Data\Intervideo

C:\Documents and Settings\Daniel\Application Data\Lavasoft

C:\Documents and Settings\Daniel\Application Data\Leadertech

C:\Documents and Settings\Daniel\Application Data\Macromedia

C:\Documents and Settings\Daniel\Application Data\Microsoft

C:\Documents and Settings\Daniel\Application Data\Mozilla

C:\Documents and Settings\Daniel\Application Data\Msn6

C:\Documents and Settings\Daniel\Application Data\Netmedia Providers -- EMPTY Directory

C:\Documents and Settings\Daniel\Application Data\Personal

C:\Documents and Settings\Daniel\Application Data\Publish Providers -- EMPTY Directory

C:\Documents and Settings\Daniel\Application Data\Real

C:\Documents and Settings\Daniel\Application Data\Sampleview -- EMPTY Directory

C:\Documents and Settings\Daniel\Application Data\Sony

C:\Documents and Settings\Daniel\Application Data\Spam Ball Bows

C:\Documents and Settings\Daniel\Application Data\Symantec

C:\Documents and Settings\Daniel\Application Data\Veritas

C:\Documents and Settings\Default User\Application Data\Adobe

C:\Documents and Settings\Default User\Application Data\Identities

C:\Documents and Settings\Default User\Application Data\Intertrust

C:\Documents and Settings\Default User\Application Data\Microsoft

C:\Documents and Settings\Default User\Application Data\Sampleview -- EMPTY Directory

C:\Documents and Settings\Default User\Application Data\Symantec

C:\Documents and Settings\Default User\Application Data\Veritas

C:\Documents and Settings\Gäst\Application Data\Adobe

C:\Documents and Settings\Gäst\Application Data\Identities

C:\Documents and Settings\Gäst\Application Data\Intertrust

C:\Documents and Settings\Gäst\Application Data\Macromedia

C:\Documents and Settings\Gäst\Application Data\Microsoft

C:\Documents and Settings\Gäst\Application Data\Real

C:\Documents and Settings\Gäst\Application Data\Sampleview -- EMPTY Directory

C:\Documents and Settings\Gäst\Application Data\Symantec

C:\Documents and Settings\Gäst\Application Data\Veritas

C:\Documents and Settings\Localservice\Application Data\Microsoft

C:\Documents and Settings\Networkservice\Application Data\Microsoft

C:\Documents and Settings\Ägaren\Application Data\Adobe

C:\Documents and Settings\Ägaren\Application Data\Adobeum -- EMPTY Directory

C:\Documents and Settings\Ägaren\Application Data\Apple Computer

C:\Documents and Settings\Ägaren\Application Data\Dimage

C:\Documents and Settings\Ägaren\Application Data\Identities

C:\Documents and Settings\Ägaren\Application Data\Intertrust

C:\Documents and Settings\Ägaren\Application Data\Intervideo

C:\Documents and Settings\Ägaren\Application Data\Lavasoft

C:\Documents and Settings\Ägaren\Application Data\Macromedia

C:\Documents and Settings\Ägaren\Application Data\Microsoft

C:\Documents and Settings\Ägaren\Application Data\Mozilla

C:\Documents and Settings\Ägaren\Application Data\Pc Tools

C:\Documents and Settings\Ägaren\Application Data\Personal

C:\Documents and Settings\Ägaren\Application Data\Real

C:\Documents and Settings\Ägaren\Application Data\Sampleview -- EMPTY Directory

C:\Documents and Settings\Ägaren\Application Data\Symantec

C:\Documents and Settings\Ägaren\Application Data\Veritas

 

 

Link to comment
Share on other sites

 

Scanna med Hijack bocka i följande rader stäng Web-läsaren och klicka Fix checked

 

O2 - BHO: (no name) - {08D37A57-171D-4FB6-F523-8AEE223442CB} - (no file)

O4 - HKLM\..\Run: [bind heart road comp] C:\Documents and Settings\All Users\Application Data\Mail Hope Bind Heart\magswipe.exe

O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} -

 

sen ta bort i felsäkert läge med dolda filer synliga

 

C:\Documents and Settings\All Users\Application Data\Mail Hope Bind Heart\ < mappen.

 

starta normalt och skicka en ny logg.

Om F-secure forfarande hittar nåt så kopiera hit det.

 

 

Link to comment
Share on other sites

Jaha då ska vi se om det funkat..?

F-Secure verkar inte hitta något mera virus just nu i alla fall.

 

 

[log]Logfile of HijackThis v1.99.1

Scan saved at 16:10:28, on 2006-09-24

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\windows\system\hpsysdrv.exe

C:\Program\USB Storage RW\shwicon.exe

C:\Program\VERITAS Software\Update Manager\sgtray.exe

C:\WINDOWS\system32\ps2.exe

C:\Program\F-Secure\Common\FSM32.EXE

C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe

C:\Program\Hewlett-Packard\HP Software Update\HPWuSchd.exe

C:\Program\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe

C:\Program\Delade filer\Logitech\QCDriver3\LVCOMS.EXE

C:\Program\Delade filer\Microsoft Shared\Works Shared\WkUFind.exe

C:\Program\Delade filer\Real\Update_OB\realsched.exe

C:\Program\Telia\Supportassistent\bin\tgcmd.exe

C:\Program\iTunes\iTunesHelper.exe

C:\Program\Adobe\Acrobat 7.0\Reader\reader_sl.exe

C:\Program\SmartTrust\SmartTrust Personal\Csp\SmartCertmover.exe

C:\Program\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE

C:\Program\Personal\bin\Personal.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program\F-Secure\Anti-Virus\fsgk32st.exe

C:\Program\F-Secure\BackWeb\7681197\program\fsbwsys.exe

C:\Program\F-Secure\Anti-Virus\FSGK32.EXE

C:\Program\F-Secure\Common\FSMA32.EXE

C:\Program\F-Secure\Anti-Virus\fssm32.exe

C:\Program\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe

C:\Program\F-Secure\Common\FSMB32.EXE

C:\Program\F-Secure\BackWeb\7681197\Program\BackWeb-7681197.exe

C:\Program\F-Secure\Common\FCH32.EXE

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\Smartscaps.exe

C:\WINDOWS\System32\svchost.exe

C:\Program\F-Secure\Common\FAMEH32.EXE

C:\Program\iPod\bin\iPodService.exe

C:\Program\F-Secure\FWES\Program\fsdfwd.exe

C:\Program\F-Secure\Common\FNRB32.EXE

C:\Program\F-Secure\Common\FIH32.EXE

C:\Program\F-Secure\Anti-Virus\fsav32.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program\Hijackthis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.glocalnet.se

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer erhållet av Glocalnet

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: REALBAR - {4E7BD74F-2B8D-469E-C0FF-FD60B590A87D} - C:\Program\DELADE~1\Real\Toolbar\realbar.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program\SPYBOT~1\SDHelper.dll

O3 - Toolbar: REALBAR - {4E7BD74F-2B8D-469E-C0FF-FD60B590A87D} - C:\Program\DELADE~1\Real\Toolbar\realbar.dll

O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe

O4 - HKLM\..\Run: [KYE_Showicon] "C:\Program\USB Storage RW\shwicon.exe" -t"KYE\USB Storage RW"

O4 - HKLM\..\Run: [storageGuard] "C:\Program\VERITAS Software\Update Manager\sgtray.exe" /r

O4 - HKLM\..\Run: [WCOLOREAL] C:\Program\Coloreal\coloreal.exe

O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe

O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program\F-Secure\Common\FSM32.EXE" /splash

O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program\F-Secure\TNB\TNBUtil.exe" /CHECKALL

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe

O4 - HKLM\..\Run: [HP Software Update] C:\Program\Hewlett-Packard\HP Software Update\HPWuSchd.exe

O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe

O4 - HKLM\..\Run: [LVCOMS] C:\Program\Delade filer\Logitech\QCDriver3\LVCOMS.EXE

O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program\Delade filer\Microsoft Shared\Works Shared\WkUFind.exe

O4 - HKLM\..\Run: [TkBellExe] "C:\Program\Delade filer\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [tgcmd] "C:\Program\Telia\Supportassistent\bin\tgcmd.exe" /server /startmonitor /deaf

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [spywarebot] C:\Program\SpywareBot\SpywareBot.exe -boot

O4 - HKLM\..\Run: [spyHunter] C:\Program\Enigma Software Group\SpyHunter\SpyHunter.exe

O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook

O4 - HKCU\..\Run: [spyware Doctor] "C:\Program\Spyware Doctor\swdoctor.exe" /Q

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Certificate Mover.lnk = ?

O4 - Global Startup: Microsoft Office.lnk = C:\Program\Microsoft Office\Office\OSA9.EXE

O4 - Global Startup: Personal.lnk = C:\Program\Personal\bin\Personal.exe

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll

O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O14 - IERESET.INF: START_PAGE_URL=http://start.glocalnet.se

O16 - DPF: {ED28050F-D713-43BA-A376-DCC5C35407D5} - http://entimg.msn.com/client/msnmusax2822.cab

O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll

O23 - Service: F-Secure Automatic Update (BackWeb Client - 7681197) - Unknown owner - C:\Program\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE

O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corp. - C:\Program\F-Secure\Anti-Virus\fsgk32st.exe

O23 - Service: F-Secure Network Request Broker - F-Secure Corporation - C:\Program\F-Secure\Common\FNRB32.EXE

O23 - Service: fsbwsys - F-Secure Corp. - C:\Program\F-Secure\BackWeb\7681197\program\fsbwsys.exe

O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program\F-Secure\FWES\Program\fsdfwd.exe

O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program\F-Secure\Common\FSMA32.EXE

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program\Delade filer\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPodService - Apple Computer, Inc. - C:\Program\iPod\bin\iPodService.exe

O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: SmartTrust Smart Card Server (Smartscaps) - SmartTrust - C:\WINDOWS\system32\Smartscaps.exe

O23 - Service: WMI Performance Adapter (WmiApSrv) - Unknown owner - C:\WINDOWS\System32\wbem\wmiapsrv.exe (file missing)

[/log]

 

NoLop! Log by Skate_Punk_21

 

Please Note: any existing old logs will have now been renamed to NoLop!OLD.log

 

Fix running from: C:\Documents and Settings\Ägaren\Skrivbord

[2006-09-24]

[16:11:25]

 

---Infection Files Found/Removed---

NO INFECTION FILES FOUND - Cleaning Aborted.

 

---Listing AppData sub directories---

 

C:\Documents and Settings\All Users\Application Data\Adobe

C:\Documents and Settings\All Users\Application Data\Apple Computer

C:\Documents and Settings\All Users\Application Data\Creative

C:\Documents and Settings\All Users\Application Data\Microsoft

C:\Documents and Settings\All Users\Application Data\Sbsi

C:\Documents and Settings\All Users\Application Data\Sony

C:\Documents and Settings\All Users\Application Data\Support.com

C:\Documents and Settings\All Users\Application Data\Symantec

C:\Documents and Settings\Daniel\Application Data\.bittorrent

C:\Documents and Settings\Daniel\Application Data\Adobe

C:\Documents and Settings\Daniel\Application Data\Adobeum -- EMPTY Directory

C:\Documents and Settings\Daniel\Application Data\Apple Computer

C:\Documents and Settings\Daniel\Application Data\Creative

C:\Documents and Settings\Daniel\Application Data\Dimage

C:\Documents and Settings\Daniel\Application Data\Drawidol -- EMPTY Directory

C:\Documents and Settings\Daniel\Application Data\Help -- EMPTY Directory

C:\Documents and Settings\Daniel\Application Data\Icaclient

C:\Documents and Settings\Daniel\Application Data\Identities

C:\Documents and Settings\Daniel\Application Data\Intertrust

C:\Documents and Settings\Daniel\Application Data\Intervideo

C:\Documents and Settings\Daniel\Application Data\Lavasoft

C:\Documents and Settings\Daniel\Application Data\Leadertech

C:\Documents and Settings\Daniel\Application Data\Macromedia

C:\Documents and Settings\Daniel\Application Data\Microsoft

C:\Documents and Settings\Daniel\Application Data\Mozilla

C:\Documents and Settings\Daniel\Application Data\Msn6

C:\Documents and Settings\Daniel\Application Data\Netmedia Providers -- EMPTY Directory

C:\Documents and Settings\Daniel\Application Data\Personal

C:\Documents and Settings\Daniel\Application Data\Publish Providers -- EMPTY Directory

C:\Documents and Settings\Daniel\Application Data\Real

C:\Documents and Settings\Daniel\Application Data\Sampleview -- EMPTY Directory

C:\Documents and Settings\Daniel\Application Data\Sony

C:\Documents and Settings\Daniel\Application Data\Symantec

C:\Documents and Settings\Daniel\Application Data\Veritas

C:\Documents and Settings\Default User\Application Data\Adobe

C:\Documents and Settings\Default User\Application Data\Identities

C:\Documents and Settings\Default User\Application Data\Intertrust

C:\Documents and Settings\Default User\Application Data\Microsoft

C:\Documents and Settings\Default User\Application Data\Sampleview -- EMPTY Directory

C:\Documents and Settings\Default User\Application Data\Symantec

C:\Documents and Settings\Default User\Application Data\Veritas

C:\Documents and Settings\Gäst\Application Data\Adobe

C:\Documents and Settings\Gäst\Application Data\Identities

C:\Documents and Settings\Gäst\Application Data\Intertrust

C:\Documents and Settings\Gäst\Application Data\Macromedia

C:\Documents and Settings\Gäst\Application Data\Microsoft

C:\Documents and Settings\Gäst\Application Data\Real

C:\Documents and Settings\Gäst\Application Data\Sampleview -- EMPTY Directory

C:\Documents and Settings\Gäst\Application Data\Symantec

C:\Documents and Settings\Gäst\Application Data\Veritas

C:\Documents and Settings\Localservice\Application Data\Microsoft

C:\Documents and Settings\Networkservice\Application Data\Microsoft

C:\Documents and Settings\Ägaren\Application Data\Adobe

C:\Documents and Settings\Ägaren\Application Data\Adobeum -- EMPTY Directory

C:\Documents and Settings\Ägaren\Application Data\Apple Computer

C:\Documents and Settings\Ägaren\Application Data\Dimage

C:\Documents and Settings\Ägaren\Application Data\Identities

C:\Documents and Settings\Ägaren\Application Data\Intertrust

C:\Documents and Settings\Ägaren\Application Data\Intervideo

C:\Documents and Settings\Ägaren\Application Data\Lavasoft

C:\Documents and Settings\Ägaren\Application Data\Macromedia

C:\Documents and Settings\Ägaren\Application Data\Microsoft

C:\Documents and Settings\Ägaren\Application Data\Mozilla

C:\Documents and Settings\Ägaren\Application Data\Pc Tools

C:\Documents and Settings\Ägaren\Application Data\Personal

C:\Documents and Settings\Ägaren\Application Data\Real

C:\Documents and Settings\Ägaren\Application Data\Sampleview -- EMPTY Directory

C:\Documents and Settings\Ägaren\Application Data\Symantec

C:\Documents and Settings\Ägaren\Application Data\Veritas

 

 

 

 

Link to comment
Share on other sites

Å tusen TACK! Bara å köra nu då...?? Testar väl?

Skickar dig gärna ett par biobiljetter som bonus om det kan va nåt?

Skriv din adress här eller maila till lena@olarsbrittas.se

 

Du har räddat min dag, min vecka! Nu kan jag kankse få iväg dom där hemska räkningarna i tid t o m?!

 

Tack underbara ZIP!

 

Hls Lena

 

Link to comment
Share on other sites

 

> Bara å köra nu då...?? <

 

Japp, enligt loggen ska det vara rent.

 

> Skickar dig gärna ett par biobiljetter som bonus om det kan va nåt? <

 

Tackar, men du behöver inte skicka nåt

 

 

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.



×
×
  • Create New...