Just nu i M3-nätverket
Gå till innehåll

spywere/virus??


filipt

Rekommendera Poster

det hela började med att jag råkade klicka på fel länk, så det började komma massa popups och liknade, men nu har det gått överstyr allt är segt och min dator lever sitt eget liv..

 

har provat norton, adawere och bullguard ingen av dem biter på mitt problem

 

Något kraftigt antivirus program man kan köra som biter på det mesta?

 

någon som har något tips förutom att formatera om?

mvh filip

 

Länk till kommentar
Dela på andra webbplatser

[log]Logfile of HijackThis v1.99.1

Scan saved at 22:14:02, on 2006-09-27

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Program\COMPAQ\Easy Access Button Support\StartEAK.exe

C:\WINDOWS\system32\CTHELPER.EXE

C:\Program\Norton Internet Security\IAMAPP.EXE

C:\Program\NORTON~1\navapw32.exe

C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe

C:\Program\Winamp\winampa.exe

C:\dfndrff_e13.exe

C:\PROGRA~1\PRINTV~1\pvmodule.exe

C:\kybrdff_e13.exe

C:\Program\Softwin\BitDefender9\bdoesrv.exe

C:\Program\Softwin\BitDefender9\bdnagent.exe

C:\Program\Softwin\BitDefender9\bdswitch.exe

C:\Program\MSN Messenger\MsnMsgr.Exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program\BullGuard Software\BullGuard\BullGuardUpdate.exe

C:\WINDOWS\System32\svchost.exe

C:\Program\Compaq\Easy Access Button Support\CPQEAKSYSTEMTRAY.EXE

C:\Program\Compaq\Easy Access Button Support\CPQEADM.EXE

C:\Compaq\EAKDRV\EAUSBKBD.EXE

C:\WINDOWS\System32\CTsvcCDA.exe

C:\Program\Delade filer\Microsoft Shared\VS7Debug\mdm.exe

C:\Program\Personal\bin\Personal.exe

C:\Documents and Settings\Compaq\Start-meny\Program\Autostart\GameMinimizer.exe

C:\Program\Norton AntiVirus\navapsvc.exe

C:\Program\Compaq\EASYAC~1\BttnServ.exe

C:\Program\Norton Internet Security\NISUM.EXE

C:\WINDOWS\System32\NMSSvc.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\WINDOWS\System32\svchost.exe

C:\Program\Norton Internet Security\SymProxySvc.exe

C:\WINDOWS\System32\MsPMSPSv.exe

C:\Program\Delade filer\Softwin\BitDefender Communicator\xcommsvr.exe

C:\Program\Norton Internet Security\NISSERV.EXE

C:\Program\Delade filer\Symantec Shared\Security Center\SymWSC.exe

C:\Program\Delade filer\Softwin\BitDefender Update Service\livesrv.exe

C:\Program\Delade filer\Softwin\BitDefender Scan Server\bdss.exe

C:\Program\Softwin\BitDefender9\vsserv.exe

c:\program\softwin\bitdefender9\bdmcon.exe

C:\Program\Internet Explorer\iexplore.exe

C:\Program\Hijackthis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.aftonbladet.se/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://desktop.presario.net/scripts/redirectors/presario/deskredir2.dll?s=consumer&ap=b201&c=1c02&lc=041d&ac'>http://desktop.presario.net/scripts/redirectors/presario/deskredir2.dll?s=consumer&ap=b201&c=1c02&lc=041d&ac

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.presario.net/scripts/redirectors/presario/srchredir2.dll?c=1c02&lc=041d&s=search&ap=b204

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://desktop.presario.net/scripts/redirectors/presario/deskredir2.dll?s=consumer&ap=b201&c=1c02&lc=041d&ac

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.se/0SESVSE/SAOS01?FORM=TOOLBR

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar

R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)

R3 - URLSearchHook: (no name) - {A8BD6820-6ED7-423E-9558-2D1486B0FEEA} - C:\Program\DeluxeCommunications\DxcBho.dll

O2 - BHO: (no name) - {3231A96B-1F89-4E27-A4DA-1243B312F5CF} - C:\WINDOWS\system32\prcbu.dll

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program\Yahoo!\Companion\Installs\cpn0\yt.dll

O4 - HKLM\..\Run: [CPQEASYACC] C:\Program\COMPAQ\Easy Access Button Support\StartEAK.exe

O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE

O4 - HKLM\..\Run: [updReg] C:\WINDOWS\UpdReg.EXE

O4 - HKLM\..\Run: [Jet Detection] C:\Program\Creative\SBAudigy\PROGRAM\ADGJDet.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [iamapp] C:\Program\Norton Internet Security\IAMAPP.EXE

O4 - HKLM\..\Run: [NAV Agent] C:\Program\NORTON~1\navapw32.exe

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [symantec NetDriver Monitor] C:\Program\SYMNET~1\SNDMon.exe /Consumer

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe

O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program\DAEMON Tools\daemon.exe" -lang 1033

O4 - HKLM\..\Run: [WinampAgent] C:\Program\Winamp\winampa.exe

O4 - HKLM\..\Run: [DeluxeCommunications] C:\Program\DeluxeCommunications\Dxc.exe

O4 - HKLM\..\Run: [defender] C:\\dfndrff_e13.exe

O4 - HKLM\..\Run: [PVModule] C:\PROGRA~1\PRINTV~1\pvmodule.exe

O4 - HKLM\..\Run: [keyboard] C:\\kybrdff_e13.exe

O4 - HKLM\..\Run: [bDMCon] "C:\Program\Softwin\BitDefender9\bdmcon.exe"

O4 - HKLM\..\Run: [bDOESRV] "C:\Program\Softwin\BitDefender9\bdoesrv.exe"

O4 - HKLM\..\Run: [bDNewsAgent] "c:\program\softwin\bitdefender9\bdnagent.exe"

O4 - HKLM\..\Run: [bDSwitchAgent] "c:\program\softwin\bitdefender9\bdswitch.exe"

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [steam] "C:\Program\Valve\Steam\Steam.exe" -silent

O4 - HKCU\..\Run: [DeluxeCommunications] C:\Program\DeluxeCommunications\Dxc.exe

O4 - HKCU\..\Run: [bullGuard] "C:\Program\BullGuard Software\BullGuard\bullguard.exe"

O4 - HKCU\..\Run: [Oibr] "C:\Program\STEM32~1\winlogon.exe" -vt yazb

O4 - HKCU\..\Run: [Emwjrw] C:\Documents and Settings\Compaq\Mina dokument\??sks\r?ndll.exe

O4 - Startup: GameMinimizer.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program\Microsoft Office\Office10\OSA.EXE

O4 - Global Startup: Personal.lnk = C:\Program\Personal\bin\Personal.exe

O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program\PartyGaming\PartyPoker\RunApp.exe (file missing)

O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program\PartyGaming\PartyPoker\RunApp.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204

O16 - DPF: {42F2C9BA-614F-47C0-B3E3-ECFD34EED658} - http://promo.dollarrevenue.com/activex/promocache/313133352D2D2D.exe

O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab

O16 - DPF: {A1426AC5-8CE5-4A00-B71E-011D35709AC6} - http://advnt01.com/dialer/int_ver34.CAB

O16 - DPF: {E055C02E-6258-40FF-80A7-3BDA52FACAD7} (Installer Class) - http://activex.matcash.com/speedtest2.dll

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\Program\MSNMES~1\msgrapp.dll" (file missing)

O20 - AppInit_DLLs: dxclib303562752.dll,sockspy.dll

O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program\Delade filer\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)

O23 - Service: BullGuard LiveUpdate (BGLiveSvc) - BullGuard Software - C:\Program\BullGuard Software\BullGuard\BullGuardUpdate.exe

O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe

O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Program\Delade filer\Softwin\BitDefender Update Service\livesrv.exe" /service (file missing)

O23 - Service: Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program\Norton AntiVirus\navapsvc.exe

O23 - Service: Norton Internet Security Service (NISSERV) - Symantec Corporation - C:\Program\Norton Internet Security\NISSERV.EXE

O23 - Service: Norton Internet Security Accounts Manager (NISUM) - Symantec Corporation - C:\Program\Norton Internet Security\NISUM.EXE

O23 - Service: Intel® NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\Program\DELADE~1\SYMANT~1\SCRIPT~1\SBServ.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\SNDSrvc.exe

O23 - Service: Norton Internet Security Proxy Service (SymProxySvc) - Symantec Corporation - C:\Program\Norton Internet Security\SymProxySvc.exe

O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\Security Center\SymWSC.exe

O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Program\Softwin\BitDefender9\vsserv.exe" /service (file missing)

O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program\Delade filer\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)

[/log]

 

 

Så ser resultatet ut, är det någonting som ser fel ut? isf vad kan jag göra

 

väldigt tacksam för hjälpen :)

 

Länk till kommentar
Dela på andra webbplatser

 

Har du 2 antivirus igång Norton och BitDefender....isåfall stäng av en av dom.

 

Ladda ner Combofix på skrivbordet

 

http://download.bleepingcomputer.com/sUBs/combofix.exe

 

kör den och följ anvisningar.

När den är färdig så ska en logg komma ut skicka hit den.

VIKTIGT = klicka inte på Combofix fönster med musen när den körs annars kan den hänga upp sig.

 

när du har klistrat in Combo loggen så måla den och sen klicka på LOG knappen och sen skicka.

 

 

Länk till kommentar
Dela på andra webbplatser

[log]

Compaq - 06-09-27 23:32:11,78 Service Pack 2

ComboFix 06.09.27 - Running from: "D:\"

 

((((((((((((((((((((((((((((((((((((((((((( E-Give / Ssk's Log )))))))))))))))))))))))))))))))))))))))))))))))))

 

 

C:\WINDOWS\system32\dxclib303562752.dll

C:\Documents and Settings\Compaq\Application Data\Dxcknwrd.dll

C:\Documents and Settings\Compaq\Application Data\Dxcuknwrd.dll

C:\Documents and Settings\Familjen\Application Data\Dxcknwrd.dll

C:\WINDOWS\system32\bkd.exe

C:\Program\DeluxeCommunications\Dxc.exe

C:\Program\DeluxeCommunications\DxcBho.dll

C:\Program\DeluxeCommunications\DxcCore.dll

 

 

* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *

 

 

C:\Documents and Settings\Compaq\Application Data\Dxcuknwrd.dll

(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

 

 

C:\WINDOWS\drsmartload2.dat

C:\WINDOWS\teller2.chk

C:\dfndrff_e11.exe

C:\dfndrff_e12.exe

C:\dfndrff_e13.exe

C:\deskbar.exe

C:\deskbar_e11.exe

C:\deskbar_e12.exe

C:\deskbar_e13.exe

C:\kybrdff_e11.exe

C:\kybrdff_e12.exe

C:\kybrdff_e13.exe

C:\WINDOWS\system32\winsys.exe

C:\WINDOWS\uninstall_nmon.vbs

C:\Documents and Settings\LocalService\Application Data\NetMon

C:\Program\Deskbar

C:\Program\Inetget2

C:\Program\Delade filer\{983C9D58-09DC-1053-0815-02040402002e}

C:\Program\Delade filer\{983C9D58-09DD-1053-0815-02040402002e}

 

~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ Purity ~ ~ ~ ~ ~ ~ ~ ~~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~

 

Folders Quarantined:

 

C:\QooBox\Purity\Documents and Settings\Compaq\Mina dokument\MBOLS~1

C:\QooBox\Purity\Documents and Settings\Compaq\Mina dokument\SKS~1

C:\QooBox\Purity\Documents and Settings\Compaq\Mina dokument\SKS~1\r?ndll.exe

C:\QooBox\Purity\Program\STEM32~1

C:\QooBox\Purity\Program\STEM~1

C:\QooBox\Purity\Program\STEM32~1\??stem32

 

 

((((((((((((((((((((((((((((((( Files Created from 2006-08-27 to 2006-09-27 ))))))))))))))))))))))))))))))))))

 

 

2006-09-24 17:34 131,072 --a------ C:\WINDOWS\system32\prcbu.dll

2006-09-22 16:24 2 --a------ C:\WINDOWS\system32\wnscpsv.exe

2006-09-21 22:41 32,768 --a------ C:\DXC1205b.exe

2006-09-11 00:25 368,912 --a------ C:\WINDOWS\system32\Vbar332.dll

2006-09-11 00:25 252,176 --a------ C:\WINDOWS\system32\Msrd2x35.dll

2006-09-11 00:25 24,848 --a------ C:\WINDOWS\system32\Msjter35.dll

2006-09-11 00:25 142,608 --a------ C:\WINDOWS\system32\Msjint35.dll

2006-09-11 00:25 1,056,768 --a------ C:\WINDOWS\system32\Msjet35.dll

2006-09-11 00:24 796,672 --a------ C:\WINDOWS\GPInstall.exe

2006-08-28 01:10 11,547 --a------ C:\WINDOWS\Bokstav.scr

 

 

(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

 

 

2006-09-27 23:35 -------- d-------- C:\Program\Norton Internet Security

2006-09-27 23:35 -------- d-------- C:\Program\Delade filer\Symantec Shared

2006-09-27 23:33 -------- d-------- C:\Program\Delade filer

2006-09-27 23:28 0 --a------ C:\Documents and Settings\Compaq\Application Data\t9.tmp

2006-09-27 23:16 0 --a------ C:\Documents and Settings\Compaq\Application Data\tF.tmp

2006-09-27 22:14 -------- d-------- C:\Program\Hijackthis

2006-09-27 22:06 -------- d-------- C:\Program\RegistryFix

2006-09-26 16:33 0 --a------ C:\Documents and Settings\Compaq\Application Data\tD.tmp

2006-09-25 23:30 -------- d-------- C:\Program\DC++

2006-09-25 21:38 0 --a------ C:\Documents and Settings\Compaq\Application Data\t5A.tmp

2006-09-25 21:30 0 --a------ C:\Documents and Settings\Compaq\Application Data\t57.tmp

2006-09-25 17:30 0 --a------ C:\Documents and Settings\Compaq\Application Data\tC.tmp

2006-09-25 01:16 0 --a------ C:\Documents and Settings\Compaq\Application Data\t37.tmp

2006-09-25 01:12 0 --a------ C:\Documents and Settings\Compaq\Application Data\t2D.tmp

2006-09-25 01:12 -------- d-------- C:\Program\PartyGaming

2006-09-25 01:03 0 --a------ C:\Documents and Settings\Compaq\Application Data\t17.tmp

2006-09-25 01:02 -------- d-------- C:\Program\Call of Duty

2006-09-24 23:44 -------- d-------- C:\Program\DAEMON Tools

2006-09-24 22:19 455 --a------ C:\Program\INSTALL.LOG

2006-09-24 22:06 -------- d-------- C:\Program\Softwin

2006-09-24 22:06 -------- d-------- C:\Program\Delade filer\Softwin

2006-09-24 21:56 33 --a------ C:\Documents and Settings\Compaq\Application Data\Dxcuknwrd.dll

2006-09-24 02:08 -------- d-------- C:\Program\MSN Messenger

2006-09-22 12:05 -------- d-------- C:\Documents and Settings\Compaq\Application Data\BullGuard

2006-09-22 11:10 -------- d-------- C:\Program\Personal

2006-09-21 23:28 -------- d-------- C:\Program\Delade filer\Microsoft Shared

2006-09-21 23:28 -------- d-------- C:\Program\BullGuard Software

2006-09-21 22:38 -------- d-------- C:\Documents and Settings\Compaq\Application Data\MSN6

2006-09-11 00:25 -------- d-------- C:\Program\Pro Music

2006-09-10 12:01 -------- d-------- C:\Program\TPTEST5

2006-08-30 19:32 -------- d-------- C:\Program\Sony Ericsson

2006-08-30 19:30 -------- d-------- C:\Program\Delade filer\InstallShield

2006-08-21 23:11 -------- d-------- C:\Documents and Settings\Compaq\Application Data\vlc

2006-08-21 14:28 16896 --a------ C:\WINDOWS\system32\fltlib.dll

2006-08-21 11:14 23040 --a------ C:\WINDOWS\system32\fltmc.exe

2006-08-21 11:14 128896 --------- C:\WINDOWS\system32\drivers\fltmgr.sys

2006-08-11 03:02 -------- d-------- C:\Program\Internet Explorer

2006-07-27 15:26 679424 --a------ C:\WINDOWS\system32\inetcomm.dll

2006-07-21 10:30 72704 --a------ C:\WINDOWS\system32\hlink.dll

 

 

(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

 

*Note* empty entries are not shown

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"MsnMsgr"="\"C:\\Program\\MSN Messenger\\MsnMsgr.Exe\" /background"

"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"

"Steam"="\"C:\\Program\\Valve\\Steam\\Steam.exe\" -silent"

"BullGuard"="\"C:\\Program\\BullGuard Software\\BullGuard\\bullguard.exe\""

"Oibr"="\"C:\\Program\\STEM32~1\\winlogon.exe\" -vt yazb"

"Emwjrw"="C:\\Documents and Settings\\Compaq\\Mina dokument\\??sks\\r?ndll.exe"

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CPQEASYACC"="C:\\Program\\COMPAQ\\Easy Access Button Support\\StartEAK.exe"

"WINDVDPatch"="CTHELPER.EXE"

"UpdReg"="C:\\WINDOWS\\UpdReg.EXE"

"Jet Detection"="C:\\Program\\Creative\\SBAudigy\\PROGRAM\\ADGJDet.exe"

"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\System32\\NvCpl.dll,NvStartup"

"nwiz"="nwiz.exe /install"

"iamapp"="C:\\Program\\Norton Internet Security\\IAMAPP.EXE"

"NAV Agent"="C:\\Program\\NORTON~1\\navapw32.exe"

"NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\System32\\NvMcTray.dll,NvTaskbarInit"

"Symantec NetDriver Monitor"="C:\\Program\\SYMNET~1\\SNDMon.exe /Consumer"

"HPDJ Taskbar Utility"="C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\hpztsb05.exe"

"DAEMON Tools"="\"C:\\Program\\DAEMON Tools\\daemon.exe\" -lang 1033"

"WinampAgent"="C:\\Program\\Winamp\\winampa.exe"

"BDMCon"="\"C:\\Program\\Softwin\\BitDefender9\\bdmcon.exe\""

"BDOESRV"="\"C:\\Program\\Softwin\\BitDefender9\\bdoesrv.exe\""

"BDNewsAgent"="\"C:\\Program\\Softwin\\BitDefender9\\bdnagent.exe\""

"BDSwitchAgent"="\"C:\\Program\\Softwin\\BitDefender9\\bdswitch.exe\""

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Compaq]

"SetRefresh"="C:\\Program\\Compaq\\SetRefresh\\SetRefresh.exe"

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]

"Installed"="1"

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]

"Installed"="1"

"NoChange"="1"

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]

"Installed"="1"

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components]

"DeskHtmlVersion"=dword:00000110

"DeskHtmlMinorVersion"=dword:00000005

"Settings"=dword:00000001

"GeneralFlags"=dword:00000005

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components\0]

"Source"="About:Home"

"SubscribedURL"="About:Home"

"FriendlyName"="Min aktuella startsida"

"Flags"=dword:00000002

"Position"=hex:2c,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,c4,02,00,00,00, 00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00

"CurrentState"=hex:04,00,00,40

"OriginalStateInfo"=hex:18,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,e2,02, 00,00,04,00,00,40

"RestoredStateInfo"=hex:18,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,e2,02, 00,00,01,00,00,00

 

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"

 

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\shellexecutehooks]

"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]

"NoDriveTypeAutoRun"=dword:00000091

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system]

"dontdisplaylastusername"=dword:00000000

"legalnoticecaption"=""

"legalnoticetext"=""

"shutdownwithoutlogon"=dword:00000001

"undockwithoutlogon"=dword:00000001

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]

@=""

"NoDriveTypeAutoRun"=hex:5f,00,00,00

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run]

 

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]

"NoDriveTypeAutoRun"=dword:00000091

"CDRAutoRun"=dword:00000000

 

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]

 

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]

"NoDriveTypeAutoRun"=dword:00000091

"CDRAutoRun"=dword:00000000

 

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]

"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"

"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"

"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"

"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"

"UPnPMonitor"="{e57ce738-33e8-4c51-8354-bb4de9d215d1}"

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\AdaptecDirectCD]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="DirectCD"

"hkey"="HKLM"

"command"="\"C:\\Program\\Roxio\\Easy CD Creator 5\\DirectCD\\DirectCD.exe\""

"inimapping"="0"

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\MSMSGS]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="msmsgs"

"hkey"="HKCU"

"command"="\"C:\\Program\\Messenger\\msmsgs.exe\" /background"

"inimapping"="0"

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\PROMon.exe]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="PROMon"

"hkey"="HKLM"

"command"="PROMon.exe"

"inimapping"="0"

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\srmclean]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="srmclean"

"hkey"="HKLM"

"command"="C:\\Cpqs\\Scom\\srmclean.exe"

"inimapping"="0"

 

 

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders

securityproviders REG_SZ msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll

 

 

Contents of the 'Scheduled Tasks' folder

C:\WINDOWS\tasks\Norton AntiVirus - S”k igenom datorn.job

C:\WINDOWS\tasks\Symantec NetDetect.job

 

Completion time: 2006-09-27 23:36:41.15

ComboFix.txt

 

[/log]

 

[inlägget ändrat 2006-10-05 11:40:59 av Anders N]

Länk till kommentar
Dela på andra webbplatser

Hoppas jag gjorde rätt nu.. gick inte att måla eller trycka på log då ville den itne posta de : S

 

UPPSKATTAR VERKLIGEN HJÄLPEN :)

 

Länk till kommentar
Dela på andra webbplatser

 

Ta bort denna fil i felsäkert läge.

 

C:\DXC1205b.exe

 

starta normalt och scanna dessa filer här och kopiera hela resultat av varje fil och skicka hit.

 

C:\WINDOWS\GPInstall.exe

C:\WINDOWS\system32\prcbu.dll

C:\WINDOWS\system32\wnscpsv.exe

C:\Documents and Settings\Compaq\Application Data\Dxcuknwrd.dll

 

Vet inte vad alla dessa .tmp filer är men scanna ex.dom här

 

C:\Documents and Settings\Compaq\Application Data\t5A.tmp

C:\Documents and Settings\Compaq\Application Data\t2D.tmp

 

http://www.virustotal.com/en/indexf.html

 

 

Länk till kommentar
Dela på andra webbplatser

STATUS: FINISHED

Complete scanning result of "Dxcuknwrd.dll", received in VirusTotal at 09.28.2006, 16:05:10 (CET).

Antivirus Version Update Result

AntiVir n - no virus found

Authentium n - no virus found

Avast n - no virus found

AVG n - no virus found

BitDefender n - no virus found

CAT-QuickHeal n - no virus found

ClamAV n - no virus found

DrWeb n - no virus found

eTrust-InoculateIT n - no virus found

eTrust-Vet n - no virus found

Ewido n - no virus found

Fortinet n - no virus found

F-Prot n - no virus found

F-Prot4 n - no virus found

Ikarus n - no virus found

Kaspersky n - no virus found

McAfee n - no virus found

Microsoft n - no virus found

NOD32v2 n - no virus found

Norman n - no virus found

Panda n - no virus found

Sophos n - no virus found

Symantec n - no virus found

TheHacker n - no virus found

UNA n - no virus found

VBA32 n - no virus found

VirusBuster n - no virus found

Aditional Information

File size: 0 bytes

MD5: d41d8cd98f00b204e9800998ecf8427e

SHA1: da39a3ee5e6b4b0d3255bfef95601890afd80709

 

 

STATUS: FINISHED

Complete scanning result of "wnscpsv.exe", received in VirusTotal at 09.28.2006, 17:00:21 (CET).

Antivirus Version Update Result

AntiVir 7.2.0.18 09.28.2006 no virus found

Authentium 4.93.8 09.28.2006 no virus found

Avast 4.7.892.0 09.27.2006 no virus found

AVG 386 09.27.2006 no virus found

BitDefender 7.2 09.28.2006 no virus found

CAT-QuickHeal 8.00 09.28.2006 no virus found

ClamAV devel-20060426 09.28.2006 no virus found

DrWeb 4.33 09.28.2006 no virus found

eTrust-InoculateIT 23.73.7 09.28.2006 no virus found

eTrust-Vet 30.3.3104 09.28.2006 no virus found

Ewido 4.0 09.28.2006 no virus found

Fortinet 2.82.0.0 09.28.2006 no virus found

F-Prot 3.16f 09.28.2006 no virus found

F-Prot4 4.2.1.29 09.28.2006 no virus found

Ikarus 0.2.65.0 09.28.2006 no virus found

Kaspersky 4.0.2.24 09.28.2006 no virus found

McAfee 4862 09.28.2006 no virus found

Microsoft 1.1603 09.28.2006 no virus found

NOD32v2 1.1781 09.28.2006 no virus found

Norman 5.90.23 09.28.2006 no virus found

Panda 9.0.0.4 09.27.2006 no virus found

Sophos 4.10.0 09.28.2006 no virus found

Symantec 8.0 09.28.2006 no virus found

TheHacker 6.0.1.085 09.28.2006 no virus found

UNA 1.83 09.27.2006 no virus found

VBA32 3.11.1 09.28.2006 no virus found

VirusBuster 4.3.7:9 09.28.2006 no virus found

Aditional Information

File size: 2 bytes

MD5: 4f3dd0ffb3e41c5f74b5b0d8c1f10bb5

SHA1: e688cf7414fb701c4495010d43a4eaaaeac71768

VirusTotal is a free service offered by Hispasec Sistemas. There are no guarantees about the availability and continuity

 

 

 

STATUS: FINISHED

Complete scanning result of "prcbu.dll", received in VirusTotal at 09.28.2006, 22:09:44 (CET).

Antivirus Version Update Result

AntiVir 7.2.0.18 09.28.2006 ADSPY/PurityScan.AK.108

Authentium 4.93.8 09.28.2006 no virus found

Avast 4.7.892.0 09.27.2006 Win32:Agent-RY

AVG 386 09.27.2006 Adware Generic.QOU

BitDefender 7.2 09.28.2006 no virus found

CAT-QuickHeal 8.00 09.28.2006 no virus found

ClamAV devel-20060426 09.28.2006 Trojan.PurityScan.AK

eTrust-InoculateIT 23.73.7 09.28.2006 no virus found

eTrust-Vet 30.3.3104 09.28.2006 Win32/Clspring!generic

DrWeb 4.33 09.28.2006 no virus found

Ewido 4.0 09.28.2006 Adware.PurityScan

Fortinet 2.82.0.0 09.28.2006 Adware/ClickSpring

F-Prot 3.16f 09.28.2006 no virus found

F-Prot4 4.2.1.29 09.28.2006 no virus found

Ikarus 0.2.65.0 09.28.2006 no virus found

Kaspersky 4.0.2.24 09.28.2006 not-a-virus:AdWare.Win32.PurityScan.ak

McAfee 4862 09.28.2006 potentially unwanted program Adware-ClickSpring

Microsoft 1.1603 09.28.2006 no virus found

NOD32v2 1.1781 09.28.2006 a variant of Win32/Adware.PurityScan

Norman 5.80.02 09.28.2006 W32/PurityScan.ADW

Panda 9.0.0.4 09.28.2006 Suspicious file

Sophos 4.10.0 09.28.2006 no virus found

Symantec 8.0 09.28.2006 no virus found

TheHacker 6.0.1.085 09.28.2006 no virus found

UNA 1.83 09.28.2006 no virus found

VBA32 3.11.1 09.28.2006 AdWare.Win32.PurityScan.ak

VirusBuster 4.3.7:9 09.28.2006 Adware.ClickSpring.Gen

Aditional Information

File size: 131072 bytes

MD5: 79dc27fb954ef8830a386378a1f3675b

SHA1: 018e3d077bff49f92a8c3a34917d93597f7bb26e

 

 

 

STATUS: FINISHED

Complete scanning result of "GPInstall.exe", received in VirusTotal at 09.28.2006, 23:46:09 (CET).

Antivirus Version Update Result

AntiVir 7.2.0.18 09.28.2006 no virus found

Authentium 4.93.8 09.28.2006 no virus found

Avast 4.7.892.0 09.27.2006 no virus found

AVG 386 09.27.2006 no virus found

BitDefender 7.2 09.28.2006 no virus found

CAT-QuickHeal 8.00 09.28.2006 no virus found

ClamAV devel-20060426 09.28.2006 no virus found

DrWeb 4.33 09.28.2006 no virus found

eTrust-InoculateIT 23.73.7 09.28.2006 no virus found

eTrust-Vet 30.3.3104 09.28.2006 no virus found

Ewido 4.0 09.28.2006 no virus found

Fortinet 2.82.0.0 09.28.2006 no virus found

F-Prot 3.16f 09.28.2006 no virus found

F-Prot4 4.2.1.29 09.28.2006 no virus found

Ikarus 0.2.65.0 09.28.2006 no virus found

Kaspersky 4.0.2.24 09.28.2006 no virus found

McAfee 4862 09.28.2006 no virus found

Microsoft 1.1603 09.28.2006 no virus found

NOD32v2 1.1781 09.28.2006 no virus found

Norman 5.90.23 09.28.2006 no virus found

Panda 9.0.0.4 09.28.2006 no virus found

Sophos 4.10.0 09.28.2006 no virus found

Symantec 8.0 09.28.2006 no virus found

TheHacker 6.0.1.085 09.28.2006 no virus found

UNA 1.83 09.28.2006 no virus found

VBA32 3.11.1 09.28.2006 no virus found

VirusBuster 4.3.7:9 09.28.2006 no virus found

Aditional Information

File size: 796672 bytes

MD5: a75a03e2fe261297c3cbb128c32be3d8

 

 

STATUS: FINISHED

Complete scanning result of "t5A.tmp", received in VirusTotal at 09.29.2006, 00:18:09 (CET).

Antivirus Version Update Result

AntiVir n - no virus found

Authentium n - no virus found

Avast n - no virus found

AVG n - no virus found

BitDefender n - no virus found

CAT-QuickHeal n - no virus found

ClamAV n - no virus found

DrWeb n - no virus found

eTrust-InoculateIT n - no virus found

eTrust-Vet n - no virus found

Ewido n - no virus found

Fortinet n - no virus found

F-Prot n - no virus found

F-Prot4 n - no virus found

Ikarus n - no virus found

Kaspersky n - no virus found

McAfee n - no virus found

Microsoft n - no virus found

NOD32v2 n - no virus found

Norman n - no virus found

Panda n - no virus found

Sophos n - no virus found

Symantec n - no virus found

TheHacker n - no virus found

UNA n - no virus found

VBA32 n - no virus found

VirusBuster n - no virus found

Aditional Information

File size: 0 bytes

MD5: d41d8cd98f00b204e9800998ecf8427e

SHA1: da39a3ee5e6b4b0d3255bfef95601890afd80709

 

 

STATUS: FINISHED

Complete scanning result of "t2D.tmp", received in VirusTotal at 09.29.2006, 00:34:53 (CET).

Antivirus Version Update Result

AntiVir n - no virus found

Authentium n - no virus found

Avast n - no virus found

AVG n - no virus found

BitDefender n - no virus found

CAT-QuickHeal n - no virus found

ClamAV n - no virus found

DrWeb n - no virus found

eTrust-InoculateIT n - no virus found

eTrust-Vet n - no virus found

Ewido n - no virus found

Fortinet n - no virus found

F-Prot n - no virus found

F-Prot4 n - no virus found

Ikarus n - no virus found

Kaspersky n - no virus found

McAfee n - no virus found

Microsoft n - no virus found

NOD32v2 n - no virus found

Norman n - no virus found

Panda n - no virus found

Sophos n - no virus found

Symantec n - no virus found

TheHacker n - no virus found

UNA n - no virus found

VBA32 n - no virus found

VirusBuster n - no virus found

Aditional Information

File size: 0 bytes

MD5: d41d8cd98f00b204e9800998ecf8427e

SHA1: da39a3ee5e6b4b0d3255bfef95601890afd80709

 

 

 

Så ser det ut det är ju iaf en som inte är som den ska, hur ska jag åtgärda detta?

 

Länk till kommentar
Dela på andra webbplatser

Oj såg just att dem inte blivit ordentligt scanade?? det står 0 i file size på några utav dem, ska jag scana om dem? lr har det ingen betydelse?

 

Länk till kommentar
Dela på andra webbplatser

 

Ta bort dessa filer

 

C:\Documents and Settings\Compaq\Application Data\Dxcuknwrd.dll

C:\WINDOWS\system32\prcbu.dll

 

titta i egenskaper på wnscpsv.exe om du ser nåt vettig info om den ex. företag osv..

Skicka en ny Hijack logg.

 

Länk till kommentar
Dela på andra webbplatser

Okej, det är gjort nu

 

i egenskaper för wnscpsv.exe hittade jag inget vettigt

 

här kommer nya hijack loggen:

 

[log]Logfile of HijackThis v1.99.1

Scan saved at 15:20:53, on 2006-09-30

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\CTHELPER.EXE

C:\Program\Winamp\winampa.exe

C:\WINDOWS\system32\PROMon.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Program\NORTON~1\navapw32.exe

C:\Program\Norton Internet Security\IAMAPP.EXE

C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe

C:\Program\COMPAQ\Easy Access Button Support\StartEAK.exe

C:\Program\Softwin\BitDefender9\bdswitch.exe

C:\Program\Softwin\BitDefender9\bdoesrv.exe

C:\Program\Softwin\BitDefender9\bdnagent.exe

C:\Program\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe

C:\Program\BullGuard Software\BullGuard\BullGuardUpdate.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\CTsvcCDA.exe

C:\Program\Delade filer\Microsoft Shared\VS7Debug\mdm.exe

C:\Program\Norton AntiVirus\navapsvc.exe

C:\Program\Norton Internet Security\NISUM.EXE

C:\WINDOWS\System32\NMSSvc.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\Program\Compaq\Easy Access Button Support\CPQEADM.EXE

C:\Compaq\EAKDRV\EAUSBKBD.EXE

C:\Program\Compaq\EASYAC~1\BttnServ.exe

C:\WINDOWS\System32\svchost.exe

C:\Program\Norton Internet Security\SymProxySvc.exe

C:\WINDOWS\System32\MsPMSPSv.exe

C:\Program\Delade filer\Softwin\BitDefender Communicator\xcommsvr.exe

C:\Program\Norton Internet Security\NISSERV.EXE

C:\Program\Delade filer\Symantec Shared\Security Center\SymWSC.exe

C:\Program\Delade filer\Softwin\BitDefender Update Service\livesrv.exe

C:\Program\Delade filer\Softwin\BitDefender Scan Server\bdss.exe

C:\Program\Softwin\BitDefender9\vsserv.exe

C:\Program\Hijackthis\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.se/0SESVSE/SAOS01?FORM=TOOLBR'>http://g.msn.se/0SESVSE/SAOS01?FORM=TOOLBR'>http://g.msn.se/0SESVSE/SAOS01?FORM=TOOLBR

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.se/0SESVSE/SAOS01?FORM=TOOLBR

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://desktop.presario.net/scripts/redirectors/presario/deskredir2.dll?s=consumer&ap=b201&c=1c02&lc=041d&ac'>http://desktop.presario.net/scripts/redirectors/presario/deskredir2.dll?s=consumer&ap=b201&c=1c02&lc=041d&ac

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.presario.net/scripts/redirectors/presario/srchredir2.dll?c=1c02&lc=041d&s=search&ap=b204

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://desktop.presario.net/scripts/redirectors/presario/deskredir2.dll?s=consumer&ap=b201&c=1c02&lc=041d&ac

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.se/0SESVSE/SAOS01?FORM=TOOLBR

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar

R3 - URLSearchHook: (no name) - {A8BD6820-6ED7-423E-9558-2D1486B0FEEA} - (no file)

O2 - BHO: (no name) - {3231A96B-1F89-4E27-A4DA-1243B312F5CF} - C:\WINDOWS\system32\prcbu.dll (file missing)

O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE

O4 - HKLM\..\Run: [WinampAgent] C:\Program\Winamp\winampa.exe

O4 - HKLM\..\Run: [updReg] C:\WINDOWS\UpdReg.EXE

O4 - HKLM\..\Run: [symantec NetDriver Monitor] C:\Program\SYMNET~1\SNDMon.exe /Consumer

O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe

O4 - HKLM\..\Run: [PROMon.exe] PROMon.exe

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NAV Agent] C:\Program\NORTON~1\navapw32.exe

O4 - HKLM\..\Run: [Jet Detection] C:\Program\Creative\SBAudigy\PROGRAM\ADGJDet.exe

O4 - HKLM\..\Run: [iamapp] C:\Program\Norton Internet Security\IAMAPP.EXE

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe

O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program\DAEMON Tools\daemon.exe" -lang 1033

O4 - HKLM\..\Run: [CPQEASYACC] C:\Program\COMPAQ\Easy Access Button Support\StartEAK.exe

O4 - HKLM\..\Run: [bDSwitchAgent] "c:\program\softwin\bitdefender9\bdswitch.exe"

O4 - HKLM\..\Run: [bDOESRV] "C:\Program\Softwin\BitDefender9\bdoesrv.exe"

O4 - HKLM\..\Run: [bDNewsAgent] "c:\program\softwin\bitdefender9\bdnagent.exe"

O4 - HKLM\..\Run: [bDMCon] "C:\Program\Softwin\BitDefender9\bdmcon.exe"

O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - Global Startup: Microsoft Office.lnk = C:\Program\Microsoft Office\Office10\OSA.EXE

O4 - Global Startup: Personal.lnk = C:\Program\Personal\bin\Personal.exe

O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program\PartyGaming\PartyPoker\RunApp.exe (file missing)

O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program\PartyGaming\PartyPoker\RunApp.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204

O16 - DPF: {42F2C9BA-614F-47C0-B3E3-ECFD34EED658} - http://promo.dollarrevenue.com/activex/promocache/313133352D2D2D.exe

O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab

O16 - DPF: {A1426AC5-8CE5-4A00-B71E-011D35709AC6} - http://advnt01.com/dialer/int_ver34.CAB

O16 - DPF: {E055C02E-6258-40FF-80A7-3BDA52FACAD7} (Installer Class) - http://activex.matcash.com/speedtest2.dll

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\Program\MSNMES~1\msgrapp.dll" (file missing)

O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program\Delade filer\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)

O23 - Service: BullGuard LiveUpdate (BGLiveSvc) - BullGuard Software - C:\Program\BullGuard Software\BullGuard\BullGuardUpdate.exe

O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe

O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Program\Delade filer\Softwin\BitDefender Update Service\livesrv.exe" /service (file missing)

O23 - Service: Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program\Norton AntiVirus\navapsvc.exe

O23 - Service: Norton Internet Security Service (NISSERV) - Symantec Corporation - C:\Program\Norton Internet Security\NISSERV.EXE

O23 - Service: Norton Internet Security Accounts Manager (NISUM) - Symantec Corporation - C:\Program\Norton Internet Security\NISUM.EXE

O23 - Service: Intel® NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\Program\DELADE~1\SYMANT~1\SCRIPT~1\SBServ.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\SNDSrvc.exe

O23 - Service: Norton Internet Security Proxy Service (SymProxySvc) - Symantec Corporation - C:\Program\Norton Internet Security\SymProxySvc.exe

O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\Security Center\SymWSC.exe

O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Program\Softwin\BitDefender9\vsserv.exe" /service (file missing)

O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program\Delade filer\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)

[/log]

 

Väldigt tacksam för hjälpen :) poäng till dig!

 

Länk till kommentar
Dela på andra webbplatser

 

> i egenskaper för wnscpsv.exe hittade jag inget vettigt <

 

Ok ta bort den.

 

Du fortfarande 2 antivirus igång Norton och BitDefender stäng av en av dom.

Scanna med Hijack bocka i följande rader stäng Web-läsaren och klicka Fix checked

 

R3 - URLSearchHook: (no name) - {A8BD6820-6ED7-423E-9558-2D1486B0FEEA} - (no file)

O2 - BHO: (no name) - {3231A96B-1F89-4E27-A4DA-1243B312F5CF} - C:\WINDOWS\system32\prcbu.dll (file missing)

O16 - DPF: {42F2C9BA-614F-47C0-B3E3-ECFD34EED658} - http://promo.dollarrevenue.com/activex/promocache/313133352D2D2D.

exe

O16 - DPF: {A1426AC5-8CE5-4A00-B71E-011D35709AC6} - http://advnt01.com/dialer/int_ver34.CAB

O16 - DPF: {E055C02E-6258-40FF-80A7-3BDA52FACAD7} (Installer Class) - http://activex.matcash.com/speedtest2.dll

 

 

sen ska det vara ok enligt loggen.

 

 

 

 

 

Länk till kommentar
Dela på andra webbplatser

Okej nu har jag gjort det, men jag hittar inte "C:\WINDOWS\system32\prcbu.dll (file missing)" i loggen så den kunde jag inte bocka av, spelar det någon roll?

 

Men datorn beter sig inte som den ska, alla popups är borta och datorn är mkt snabbare nu. MEN jag har två windows andvändare när jag går in på den jag är inne på nu så beter sig datorn normalt, men om jag loggar in på den andra användaren så blir den helt seg och stänger av sig själv varje gång så fort man kommit in. Vad kan det bero på? (båda andvändarna fungerar som anministratörer)

 

 

Måste säga att du beskriver på ett mkt proffsigt sätt och är väldigt hjälpsam och det tackar jag för :)

 

Länk till kommentar
Dela på andra webbplatser

 

> så den kunde jag inte bocka av, spelar det någon roll?

 

Det gör inget ser man inte den i loggen så är den borta

 

> Vad kan det bero på? <

 

Vet inte med om du hinner scanna en Hijack log från den konton så skicka hit

 

 

Länk till kommentar
Dela på andra webbplatser

Hej igen! :)

 

Det verkar ha löst sig, datorn beter sig normalt igen och du ska ha ett väldigt STORT tack för all hjälp du gett mig + att jag lärt mig väldigt mkt.

 

Jag skickar iaf med en hijack log som jag tog nyss.

 

[log]

Logfile of HijackThis v1.99.1

Scan saved at 23:07:55, on 2006-10-01

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\System32\CTsvcCDA.exe

C:\Program\Delade filer\Microsoft Shared\VS7Debug\mdm.exe

C:\Program\Norton AntiVirus\navapsvc.exe

C:\Program\Norton Internet Security\NISUM.EXE

C:\WINDOWS\System32\nvsvc32.exe

C:\WINDOWS\System32\svchost.exe

C:\Program\Norton Internet Security\SymProxySvc.exe

C:\WINDOWS\System32\MsPMSPSv.exe

C:\Program\Norton Internet Security\NISSERV.EXE

C:\Program\Delade filer\Symantec Shared\Security Center\SymWSC.exe

C:\WINDOWS\System32\NMSSvc.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\CTHELPER.EXE

C:\Program\Winamp\winampa.exe

C:\WINDOWS\system32\PROMon.exe

C:\Program\NORTON~1\navapw32.exe

C:\Program\Norton Internet Security\IAMAPP.EXE

C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe

C:\Program\DAEMON Tools\daemon.exe

C:\Program\COMPAQ\Easy Access Button Support\StartEAK.exe

C:\Program\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe

C:\Program\Hijackthis\HijackThis.exe

C:\Program\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe

C:\Program\MSN Messenger\msnmsgr.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program\Compaq\Easy Access Button Support\CPQEAKSYSTEMTRAY.EXE

C:\Program\Delade filer\Teleca Shared\CapabilityManager.exe

C:\Program\Compaq\Easy Access Button Support\CPQEADM.EXE

C:\Program\Valve\Steam\Steam.exe

C:\Program\Compaq\EASYAC~1\BttnServ.exe

C:\Compaq\EAKDRV\EAUSBKBD.EXE

C:\Program\Personal\bin\Personal.exe

C:\Documents and Settings\Compaq\Start-meny\Program\Autostart\GameMinimizer.exe

C:\Program\Messenger\msmsgs.exe

C:\Program\Delade filer\Teleca Shared\Generic.exe

C:\Program\Sony Ericsson\Mobile2\Connection Wizard\ConnectionWizard.exe

C:\Program\Sony Ericsson\Mobile\Mobile Phone Monitor\epmworker.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.aftonbladet.se/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://desktop.presario.net/scripts/redirectors/presario/deskredir2.dll?s=consumer&ap=b201&c=1c02&lc=041d&ac'>http://desktop.presario.net/scripts/redirectors/presario/deskredir2.dll?s=consumer&ap=b201&c=1c02&lc=041d&ac

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.presario.net/scripts/redirectors/presario/srchredir2.dll?c=1c02&lc=041d&s=search&ap=b204

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://desktop.presario.net/scripts/redirectors/presario/deskredir2.dll?s=consumer&ap=b201&c=1c02&lc=041d&ac

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.se/0SESVSE/SAOS01?FORM=TOOLBR

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar

R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)

O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE

O4 - HKLM\..\Run: [WinampAgent] C:\Program\Winamp\winampa.exe

O4 - HKLM\..\Run: [updReg] C:\WINDOWS\UpdReg.EXE

O4 - HKLM\..\Run: [symantec NetDriver Monitor] C:\Program\SYMNET~1\SNDMon.exe /Consumer

O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe

O4 - HKLM\..\Run: [PROMon.exe] PROMon.exe

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NAV Agent] C:\Program\NORTON~1\navapw32.exe

O4 - HKLM\..\Run: [Jet Detection] C:\Program\Creative\SBAudigy\PROGRAM\ADGJDet.exe

O4 - HKLM\..\Run: [iamapp] C:\Program\Norton Internet Security\IAMAPP.EXE

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe

O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program\DAEMON Tools\daemon.exe" -lang 1033

O4 - HKLM\..\Run: [CPQEASYACC] C:\Program\COMPAQ\Easy Access Button Support\StartEAK.exe

O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"

O4 - HKLM\..\Run: [sony Ericsson PC Suite] "C:\Program\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program\MSN Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [steam] "C:\Program\Valve\Steam\Steam.exe" -silent

O4 - HKCU\..\Run: [bullGuard] "C:\Program\BullGuard Software\BullGuard\bullguard.exe"

O4 - HKCU\..\Run: [Oibr] "C:\Program\STEM32~1\winlogon.exe" -vt yazb

O4 - HKCU\..\Run: [Emwjrw] C:\Documents and Settings\Compaq\Mina dokument\??sks\r?ndll.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Program\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [DeluxeCommunications] C:\Program\DeluxeCommunications\Dxc.exe

O4 - Startup: GameMinimizer.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program\Microsoft Office\Office10\OSA.EXE

O4 - Global Startup: Personal.lnk = C:\Program\Personal\bin\Personal.exe

O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program\PartyGaming\PartyPoker\RunApp.exe (file missing)

O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program\PartyGaming\PartyPoker\RunApp.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204

O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\Program\MSNMES~1\msgrapp.dll" (file missing)

O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe

O23 - Service: Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program\Norton AntiVirus\navapsvc.exe

O23 - Service: Norton Internet Security Service (NISSERV) - Symantec Corporation - C:\Program\Norton Internet Security\NISSERV.EXE

O23 - Service: Norton Internet Security Accounts Manager (NISUM) - Symantec Corporation - C:\Program\Norton Internet Security\NISUM.EXE

O23 - Service: Intel® NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\Program\DELADE~1\SYMANT~1\SCRIPT~1\SBServ.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\SNDSrvc.exe

O23 - Service: Norton Internet Security Proxy Service (SymProxySvc) - Symantec Corporation - C:\Program\Norton Internet Security\SymProxySvc.exe

O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\Security Center\SymWSC.exe

 

[/log]

 

MVH FILIP

 

Länk till kommentar
Dela på andra webbplatser

 

Är detta logg från andra konton eller .

Kör en ny Combofix logg och skicka den.

 

när du har klistrat in Combo loggen så måla\markera den och sen klicka på LOG knappen och sen skicka.

 

 

Länk till kommentar
Dela på andra webbplatser

Ja hijack logen är från det kontot som krånglade (verkar bete sig normalt nu), har kört en ny combofix och här är logen:

 

[log]Compaq - 06-10-02 23:05:01,21 Service Pack 2

ComboFix 06.09.27 - Running from: "D:\virus"

 

(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

 

 

 

~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ Purity ~ ~ ~ ~ ~ ~ ~ ~~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~

 

Folders Quarantined:

 

C:\QooBox\Purity\Documents and Settings\Compaq\Mina dokument\MBOLS~1

C:\QooBox\Purity\Documents and Settings\Compaq\Mina dokument\SKS~1

C:\QooBox\Purity\Documents and Settings\Compaq\Mina dokument\SKS~1\r?ndll.exe

C:\QooBox\Purity\Program\STEM32~1

C:\QooBox\Purity\Program\STEM~1

C:\QooBox\Purity\Program\STEM32~1\??stem32

 

 

((((((((((((((((((((((((((((((( Files Created from 2006-09-02 to 2006-10-02 ))))))))))))))))))))))))))))))))))

 

 

2006-09-11 00:25 368,912 --a------ C:\WINDOWS\system32\Vbar332.dll

2006-09-11 00:25 252,176 --a------ C:\WINDOWS\system32\Msrd2x35.dll

2006-09-11 00:25 24,848 --a------ C:\WINDOWS\system32\Msjter35.dll

2006-09-11 00:25 142,608 --a------ C:\WINDOWS\system32\Msjint35.dll

2006-09-11 00:25 1,056,768 --a------ C:\WINDOWS\system32\Msjet35.dll

2006-09-11 00:24 796,672 --a------ C:\WINDOWS\GPInstall.exe

 

 

(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

 

 

2006-10-02 22:52 -------- d-------- C:\Program\Delade filer\Symantec Shared

2006-10-02 22:52 -------- d-------- C:\Program\Delade filer

2006-10-02 22:46 -------- d-------- C:\Program\Norton Internet Security

2006-10-02 10:40 -------- d-------- C:\Program\DC++

2006-10-01 23:25 -------- d-------- C:\Program\TPTEST5

2006-10-01 23:24 -------- d-------- C:\Program\Hijackthis

2006-10-01 23:24 -------- d-------- C:\Program\Call of Duty

2006-10-01 23:13 -------- d-------- C:\Program\Symantec

2006-10-01 23:07 -------- d-------- C:\Documents and Settings\Compaq\Application Data\Teleca

2006-10-01 18:27 -------- d-------- C:\Program\Sony Ericsson

2006-10-01 18:27 -------- d-------- C:\Program\Delade filer\Teleca Shared

2006-10-01 18:03 -------- d-------- C:\Program\Delade filer\Softwin

2006-09-27 23:47 -------- d-------- C:\Program\Compaqnet SE

2006-09-27 23:28 0 --a------ C:\Documents and Settings\Compaq\Application Data\t9.tmp

2006-09-27 23:16 0 --a------ C:\Documents and Settings\Compaq\Application Data\tF.tmp

2006-09-27 22:06 -------- d-------- C:\Program\RegistryFix

2006-09-26 16:33 0 --a------ C:\Documents and Settings\Compaq\Application Data\tD.tmp

2006-09-25 21:38 0 --a------ C:\Documents and Settings\Compaq\Application Data\t5A.tmp

2006-09-25 21:30 0 --a------ C:\Documents and Settings\Compaq\Application Data\t57.tmp

2006-09-25 17:30 0 --a------ C:\Documents and Settings\Compaq\Application Data\tC.tmp

2006-09-25 01:16 0 --a------ C:\Documents and Settings\Compaq\Application Data\t37.tmp

2006-09-25 01:12 0 --a------ C:\Documents and Settings\Compaq\Application Data\t2D.tmp

2006-09-25 01:12 -------- d-------- C:\Program\PartyGaming

2006-09-25 01:03 0 --a------ C:\Documents and Settings\Compaq\Application Data\t17.tmp

2006-09-24 23:44 -------- d-------- C:\Program\DAEMON Tools

2006-09-24 22:19 455 --a------ C:\Program\INSTALL.LOG

2006-09-24 02:08 -------- d-------- C:\Program\MSN Messenger

2006-09-22 12:05 -------- d-------- C:\Documents and Settings\Compaq\Application Data\BullGuard

2006-09-22 11:10 -------- d-------- C:\Program\Personal

2006-09-21 23:28 -------- d-------- C:\Program\Delade filer\Microsoft Shared

2006-09-21 22:38 -------- d-------- C:\Documents and Settings\Compaq\Application Data\MSN6

2006-09-15 22:52 91904 --a------ C:\WINDOWS\system32\S32EVNT1.DLL

2006-09-15 22:52 124016 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS

2006-09-11 00:25 -------- d-------- C:\Program\Pro Music

2006-08-30 19:30 -------- d-------- C:\Program\Delade filer\InstallShield

2006-08-21 23:11 -------- d-------- C:\Documents and Settings\Compaq\Application Data\vlc

2006-08-21 14:28 16896 --a------ C:\WINDOWS\system32\fltlib.dll

2006-08-21 11:14 23040 --a------ C:\WINDOWS\system32\fltmc.exe

2006-08-21 11:14 128896 --------- C:\WINDOWS\system32\drivers\fltmgr.sys

2006-08-11 03:02 -------- d-------- C:\Program\Internet Explorer

2006-07-27 15:26 679424 --a------ C:\WINDOWS\system32\inetcomm.dll

2006-07-21 10:30 72704 --a------ C:\WINDOWS\system32\hlink.dll

 

 

(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

 

*Note* empty entries are not shown

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"MsnMsgr"="\"C:\\Program\\MSN Messenger\\msnmsgr.exe\" /background"

"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"

"Steam"="\"C:\\Program\\Valve\\Steam\\Steam.exe\" -silent"

"BullGuard"="\"C:\\Program\\BullGuard Software\\BullGuard\\bullguard.exe\""

"Oibr"="\"C:\\Program\\STEM32~1\\winlogon.exe\" -vt yazb"

"Emwjrw"="C:\\Documents and Settings\\Compaq\\Mina dokument\\??sks\\r?ndll.exe"

"MSMSGS"="\"C:\\Program\\Messenger\\msmsgs.exe\" /background"

"DeluxeCommunications"="C:\\Program\\DeluxeCommunications\\Dxc.exe"

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"WINDVDPatch"="CTHELPER.EXE"

"WinampAgent"="C:\\Program\\Winamp\\winampa.exe"

"UpdReg"="C:\\WINDOWS\\UpdReg.EXE"

"Symantec NetDriver Monitor"="C:\\Program\\SYMNET~1\\SNDMon.exe /Consumer"

"srmclean"="C:\\Cpqs\\Scom\\srmclean.exe"

"PROMon.exe"="PROMon.exe"

"nwiz"="nwiz.exe /install"

"NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\System32\\NvMcTray.dll,NvTaskbarInit"

"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\System32\\NvCpl.dll,NvStartup"

"NAV Agent"="C:\\Program\\NORTON~1\\navapw32.exe"

"Jet Detection"="C:\\Program\\Creative\\SBAudigy\\PROGRAM\\ADGJDet.exe"

"iamapp"="C:\\Program\\Norton Internet Security\\IAMAPP.EXE"

"HPDJ Taskbar Utility"="C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\hpztsb05.exe"

"DAEMON Tools"="\"C:\\Program\\DAEMON Tools\\daemon.exe\" -lang 1033"

"CPQEASYACC"="C:\\Program\\COMPAQ\\Easy Access Button Support\\StartEAK.exe"

"AdaptecDirectCD"="\"C:\\Program\\Roxio\\Easy CD Creator 5\\DirectCD\\DirectCD.exe\""

@=""

"Sony Ericsson PC Suite"="\"C:\\Program\\Sony Ericsson\\Mobile2\\Application Launcher\\Application Launcher.exe\" /startoptions"

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Compaq]

"SetRefresh"="C:\\Program\\Compaq\\SetRefresh\\SetRefresh.exe"

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]

"Installed"="1"

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]

"Installed"="1"

"NoChange"="1"

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]

"Installed"="1"

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components]

"DeskHtmlVersion"=dword:00000110

"DeskHtmlMinorVersion"=dword:00000005

"Settings"=dword:00000001

"GeneralFlags"=dword:00000005

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components\0]

"Source"="About:Home"

"SubscribedURL"="About:Home"

"FriendlyName"="Min aktuella startsida"

"Flags"=dword:00000002

"Position"=hex:2c,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,c4,02,00,00,00, 00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00

"CurrentState"=hex:04,00,00,40

"OriginalStateInfo"=hex:18,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,e2,02, 00,00,04,00,00,40

"RestoredStateInfo"=hex:18,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,e2,02, 00,00,01,00,00,00

 

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"

 

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\shellexecutehooks]

"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]

"NoDriveTypeAutoRun"=dword:00000091

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system]

"dontdisplaylastusername"=dword:00000000

"legalnoticecaption"=""

"legalnoticetext"=""

"shutdownwithoutlogon"=dword:00000001

"undockwithoutlogon"=dword:00000001

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]

@=""

"NoDriveTypeAutoRun"=hex:5f,00,00,00

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run]

 

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]

"NoDriveTypeAutoRun"=dword:00000091

"CDRAutoRun"=dword:00000000

 

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]

 

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]

"NoDriveTypeAutoRun"=dword:00000091

"CDRAutoRun"=dword:00000000

 

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]

"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"

"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"

"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"

"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"

"UPnPMonitor"="{e57ce738-33e8-4c51-8354-bb4de9d215d1}"

 

 

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders

securityproviders REG_SZ msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll

 

 

Contents of the 'Scheduled Tasks' folder

C:\WINDOWS\tasks\Norton AntiVirus - S”k igenom datorn.job

C:\WINDOWS\tasks\Symantec NetDetect.job

 

Completion time: 2006-10-02 23:05:51.93

ComboFix.txt

ComboFix2.txt

[/log]

Förstår mig inte på LOG lr hur man målar ibland fungrar det och ibland inte nu får jag iaf itne till det :S

 

MVH Filip

 

Lagt in LOG-taggar

Cecilia - Moderator för Virus - Antivirus

 

[inlägget ändrat 2007-05-28 15:24:58 av Cecilia]

Länk till kommentar
Dela på andra webbplatser

Okej. här är en ny hijacklog från samma konto som combofix logen:

 

[log]Logfile of HijackThis v1.99.1

Scan saved at 23:52:55, on 2006-10-02

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\CTHELPER.EXE

C:\Program\Winamp\winampa.exe

C:\WINDOWS\system32\PROMon.exe

C:\Program\NORTON~1\navapw32.exe

C:\Program\Norton Internet Security\IAMAPP.EXE

C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe

C:\Program\COMPAQ\Easy Access Button Support\StartEAK.exe

C:\Program\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe

C:\Program\MSN Messenger\msnmsgr.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program\Personal\bin\Personal.exe

C:\WINDOWS\System32\CTsvcCDA.exe

C:\Program\Compaq\Easy Access Button Support\CPQEADM.EXE

C:\Compaq\EAKDRV\EAUSBKBD.EXE

C:\Documents and Settings\Compaq\Start-meny\Program\Autostart\GameMinimizer.exe

C:\Program\Delade filer\Microsoft Shared\VS7Debug\mdm.exe

C:\Program\Norton AntiVirus\navapsvc.exe

C:\Program\Compaq\EASYAC~1\BttnServ.exe

C:\Program\Norton Internet Security\NISUM.EXE

C:\WINDOWS\System32\NMSSvc.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\WINDOWS\System32\svchost.exe

C:\Program\Norton Internet Security\SymProxySvc.exe

C:\WINDOWS\System32\MsPMSPSv.exe

C:\Program\Norton Internet Security\NISSERV.EXE

C:\Program\Delade filer\Symantec Shared\Security Center\SymWSC.exe

C:\Program\Delade filer\Teleca Shared\Generic.exe

C:\Program\Sony Ericsson\Mobile\Mobile Phone Monitor\epmworker.exe

C:\Program\Messenger\msmsgs.exe

C:\Program\Internet Explorer\iexplore.exe

C:\Program\DAEMON Tools\daemon.exe

C:\Program\DC++\DCPlusPlus.exe

D:\virus\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.aftonbladet.se/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://desktop.presario.net/scripts/redirectors/presario/deskredir2.dll?s=consumer&ap=b201&c=1c02&lc=041d&ac'>http://desktop.presario.net/scripts/redirectors/presario/deskredir2.dll?s=consumer&ap=b201&c=1c02&lc=041d&ac

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.presario.net/scripts/redirectors/presario/srchredir2.dll?c=1c02&lc=041d&s=search&ap=b204

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://desktop.presario.net/scripts/redirectors/presario/deskredir2.dll?s=consumer&ap=b201&c=1c02&lc=041d&ac

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.se/0SESVSE/SAOS01?FORM=TOOLBR

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar

R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)

O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE

O4 - HKLM\..\Run: [WinampAgent] C:\Program\Winamp\winampa.exe

O4 - HKLM\..\Run: [updReg] C:\WINDOWS\UpdReg.EXE

O4 - HKLM\..\Run: [symantec NetDriver Monitor] C:\Program\SYMNET~1\SNDMon.exe /Consumer

O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe

O4 - HKLM\..\Run: [PROMon.exe] PROMon.exe

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NAV Agent] C:\Program\NORTON~1\navapw32.exe

O4 - HKLM\..\Run: [Jet Detection] C:\Program\Creative\SBAudigy\PROGRAM\ADGJDet.exe

O4 - HKLM\..\Run: [iamapp] C:\Program\Norton Internet Security\IAMAPP.EXE

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe

O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program\DAEMON Tools\daemon.exe" -lang 1033

O4 - HKLM\..\Run: [CPQEASYACC] C:\Program\COMPAQ\Easy Access Button Support\StartEAK.exe

O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"

O4 - HKLM\..\Run: [sony Ericsson PC Suite] "C:\Program\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program\MSN Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [steam] "C:\Program\Valve\Steam\Steam.exe" -silent

O4 - HKCU\..\Run: [bullGuard] "C:\Program\BullGuard Software\BullGuard\bullguard.exe"

O4 - HKCU\..\Run: [Oibr] "C:\Program\STEM32~1\winlogon.exe" -vt yazb

O4 - HKCU\..\Run: [Emwjrw] C:\Documents and Settings\Compaq\Mina dokument\??sks\r?ndll.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Program\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [DeluxeCommunications] C:\Program\DeluxeCommunications\Dxc.exe

O4 - Startup: GameMinimizer.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program\Microsoft Office\Office10\OSA.EXE

O4 - Global Startup: Personal.lnk = C:\Program\Personal\bin\Personal.exe

O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program\PartyGaming\PartyPoker\RunApp.exe (file missing)

O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program\PartyGaming\PartyPoker\RunApp.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204

O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\Program\MSNMES~1\msgrapp.dll" (file missing)

O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe

O23 - Service: Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program\Norton AntiVirus\navapsvc.exe

O23 - Service: Norton Internet Security Service (NISSERV) - Symantec Corporation - C:\Program\Norton Internet Security\NISSERV.EXE

O23 - Service: Norton Internet Security Accounts Manager (NISUM) - Symantec Corporation - C:\Program\Norton Internet Security\NISUM.EXE

O23 - Service: Intel® NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\Program\DELADE~1\SYMANT~1\SCRIPT~1\SBServ.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\SNDSrvc.exe

O23 - Service: Norton Internet Security Proxy Service (SymProxySvc) - Symantec Corporation - C:\Program\Norton Internet Security\SymProxySvc.exe

O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\Security Center\SymWSC.exe

[/log]

Är väldigt tacksam för hjälpen :)

 

Länk till kommentar
Dela på andra webbplatser

 

Om du har 2 antivirus igång BullGuard och Norton så stäng av en av dom.

Avinstallera via Kontrollpanelen om hittas

 

DeluxeCommunications

 

Scanna med Hijack bocka i följande rader stäng Web-läsaren och klicka Fix checked

 

R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)

O4 - HKCU\..\Run: [Oibr] "C:\Program\STEM32~1\winlogon.exe" -vt yazb

O4 - HKCU\..\Run: [Emwjrw] C:\Documents and Settings\Compaq\Mina dokument\??sks\r?ndll.exe

O4 - HKCU\..\Run: [DeluxeCommunications] C:\Program\DeluxeCommunications\Dxc.exe

 

sen ta bort om hittas

 

C:\Program\DeluxeCommunications\ < mappen

 

starta om datorn och ny Hijack logg.

 

Länk till kommentar
Dela på andra webbplatser

Okej det är gjort nu, "C:\Program\DeluxeCommonucations\" hittade jag inte på C:\ men jag bockade i den i hijack.

 

Här är en ny hijack log efter omstart:

 

[log]Logfile of HijackThis v1.99.1

Scan saved at 16:01:17, on 2006-10-03

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\CTHELPER.EXE

C:\Program\Winamp\winampa.exe

C:\WINDOWS\system32\PROMon.exe

C:\Program\NORTON~1\navapw32.exe

C:\Program\Norton Internet Security\IAMAPP.EXE

C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe

C:\Program\COMPAQ\Easy Access Button Support\StartEAK.exe

C:\Program\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe

C:\Program\MSN Messenger\msnmsgr.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\System32\CTsvcCDA.exe

C:\Program\Delade filer\Teleca Shared\CapabilityManager.exe

C:\Program\Delade filer\Microsoft Shared\VS7Debug\mdm.exe

C:\Documents and Settings\Compaq\Start-meny\Program\Autostart\GameMinimizer.exe

C:\Program\Norton AntiVirus\navapsvc.exe

C:\Program\Compaq\Easy Access Button Support\CPQEADM.EXE

C:\Compaq\EAKDRV\EAUSBKBD.EXE

C:\Program\Compaq\EASYAC~1\BttnServ.exe

C:\Program\Norton Internet Security\NISUM.EXE

C:\WINDOWS\System32\NMSSvc.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\WINDOWS\System32\svchost.exe

C:\Program\Norton Internet Security\SymProxySvc.exe

C:\WINDOWS\System32\MsPMSPSv.exe

C:\Program\Norton Internet Security\NISSERV.EXE

C:\Program\Delade filer\Symantec Shared\Security Center\SymWSC.exe

C:\Program\Delade filer\Teleca Shared\Generic.exe

C:\Program\Sony Ericsson\Mobile\Mobile Phone Monitor\epmworker.exe

C:\Program\Messenger\msmsgs.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program\Internet Explorer\iexplore.exe

D:\virus\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.aftonbladet.se/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://desktop.presario.net/scripts/redirectors/presario/deskredir2.dll?s=consumer&ap=b201&c=1c02&lc=041d&ac'>http://desktop.presario.net/scripts/redirectors/presario/deskredir2.dll?s=consumer&ap=b201&c=1c02&lc=041d&ac

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.presario.net/scripts/redirectors/presario/srchredir2.dll?c=1c02&lc=041d&s=search&ap=b204

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://desktop.presario.net/scripts/redirectors/presario/deskredir2.dll?s=consumer&ap=b201&c=1c02&lc=041d&ac

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.se/0SESVSE/SAOS01?FORM=TOOLBR

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar

O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE

O4 - HKLM\..\Run: [WinampAgent] C:\Program\Winamp\winampa.exe

O4 - HKLM\..\Run: [updReg] C:\WINDOWS\UpdReg.EXE

O4 - HKLM\..\Run: [symantec NetDriver Monitor] C:\Program\SYMNET~1\SNDMon.exe /Consumer

O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe

O4 - HKLM\..\Run: [PROMon.exe] PROMon.exe

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NAV Agent] C:\Program\NORTON~1\navapw32.exe

O4 - HKLM\..\Run: [Jet Detection] C:\Program\Creative\SBAudigy\PROGRAM\ADGJDet.exe

O4 - HKLM\..\Run: [iamapp] C:\Program\Norton Internet Security\IAMAPP.EXE

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe

O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program\DAEMON Tools\daemon.exe" -lang 1033

O4 - HKLM\..\Run: [CPQEASYACC] C:\Program\COMPAQ\Easy Access Button Support\StartEAK.exe

O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"

O4 - HKLM\..\Run: [sony Ericsson PC Suite] "C:\Program\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program\MSN Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [steam] "C:\Program\Valve\Steam\Steam.exe" -silent

O4 - HKCU\..\Run: [MSMSGS] "C:\Program\Messenger\msmsgs.exe" /background

O4 - Startup: GameMinimizer.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program\Microsoft Office\Office10\OSA.EXE

O4 - Global Startup: Personal.lnk = C:\Program\Personal\bin\Personal.exe

O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program\PartyGaming\PartyPoker\RunApp.exe (file missing)

O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program\PartyGaming\PartyPoker\RunApp.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204

O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\Program\MSNMES~1\msgrapp.dll" (file missing)

O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe

O23 - Service: Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program\Norton AntiVirus\navapsvc.exe

O23 - Service: Norton Internet Security Service (NISSERV) - Symantec Corporation - C:\Program\Norton Internet Security\NISSERV.EXE

O23 - Service: Norton Internet Security Accounts Manager (NISUM) - Symantec Corporation - C:\Program\Norton Internet Security\NISUM.EXE

O23 - Service: Intel® NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\Program\DELADE~1\SYMANT~1\SCRIPT~1\SBServ.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\SNDSrvc.exe

O23 - Service: Norton Internet Security Proxy Service (SymProxySvc) - Symantec Corporation - C:\Program\Norton Internet Security\SymProxySvc.exe

O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\Security Center\SymWSC.exe

[/log]

MVH Filip

 

Länk till kommentar
Dela på andra webbplatser

 

Loggen är ok och du kan ta bort dessa om du inte använder dom längre

 

O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program\PartyGaming\PartyPoker\RunApp.exe (file missing)

O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program\PartyGaming\PartyPoker\RunApp.exe (file missing)

 

 

Länk till kommentar
Dela på andra webbplatser

Föresten är det någon ide att ta fram en ny hijack log och spara den, sen spara en log efter varje nytt program man installerar så att man kan se vad som ska vara där sen om det skulle komma oväntat besök så kan man bara köra hijack och ta bort dem? lr är det bara onödigt kan virusen gömma sig ändå? är det enkelt att förstå sig på combofix, förståer inte när jag ser en combofix log lr finns det någon sida man kan läsa om combofix och lära sig läsa av den?

 

Länk till kommentar
Dela på andra webbplatser

Arkiverat

Det här ämnet är nu arkiverat och är stängt för ytterligare svar.

×
×
  • Skapa nytt...