Just nu i M3-nätverket
Gå till innehåll
teknik

Brandvägg

Rekommendera Poster

teknik

Jag hade en brand väg förrut,men jag laddade ett program för musik.efteråt har min branväg försvunnit. Jag har försökt att aktivera det på olika sätt,men det fungerar inte?

 

genom kontroll plan och genom att klicka,men det står att det har uppstått fel.

 

vad ska jag göra?dessutom öppnas hela tiden olika internet sidor utan att jag vill öppna de?

 

Dela detta inlägg


Länk till inlägg
Dela på andra webbplatser
Zipp.

 

> dessutom öppnas hela tiden

olika internet sidor utan att jag vill öppna de? <

 

Alltså menar du pop ups...då kanske har du en elakig på datorn.

 

Ladda ner HijackThis.exe och scanna datorn med det.

Skicka hit loggen sen så tar vi en titt hur den ser ut.

 

http://www.thespykiller.co.uk/files/HJTsetup.exe

 

 

 

Dela detta inlägg


Länk till inlägg
Dela på andra webbplatser
teknik

Vad ska jag göra med min brandvägg för att den ska börja fungera?

 

Här logg:

[log]Logfile of HijackThis v1.99.1

Scan saved at 20:55:06, on 2006-09-27

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\SYSTEM32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\Program\Windows Defender\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program\Delade filer\Symantec Shared\ccEvtMgr.exe

C:\WINDOWS\system32\cisvc.exe

C:\WINDOWS\IA\command.exe

C:\Program\ewido anti-malware\ewidoctrl.exe

C:\Program\Network Monitor\netmon.exe

C:\WINDOWS\System32\svchost.exe

C:\Program\Delade filer\Symantec Shared\Security Center\SymWSC.exe

C:\windows\system\hpsysdrv.exe

C:\Program\USB Storage RW\shwicon.exe

C:\WINDOWS\system32\wininet.exe

C:\HP\KBD\KBD.EXE

C:\Program\Delade filer\Microsoft Shared\Works Shared\WkUFind.exe

C:\Program\Delade filer\Real\Update_OB\realsched.exe

C:\WINDOWS\System32\LVCOMSX.EXE

C:\Program\Logitech\Video\LogiTray.exe

C:\Program\iTunes\iTunesHelper.exe

C:\Program\QuickTime\qttask.exe

C:\Program\ExtraFilm Hemma\Agent.exe

C:\Program\Delade filer\AOL\1117210522\ee\AOLHostManager.exe

C:\Program\iPod\bin\iPodService.exe

C:\Program\Java\jre1.5.0_06\bin\jusched.exe

C:\Program\Windows Defender\MSASCui.exe

C:\Program\Delade filer\AOL\1117210522\ee\AOLServiceHost.exe

C:\Program\Delade filer\{EC7114A8-0706-1053-0317-03111302002e}\Update.exe

C:\Program\Browser Sentinel\BrowserSentinel.exe

C:\WINDOWS\system32\deskmenu2.exe

C:\WINDOWS\system32\audiodev.exe

C:\Program\Logitech\Video\FxSvr2.exe

C:\Program\Hewlett-Packard\Digital Imaging\bin\hpomau08.exe

C:\Program\Norton AntiVirus\navapsvc.exe

C:\Program\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Program\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe

C:\WINDOWS\SYSTEM32\cidaemon.exe

C:\Program\Internet Explorer\IEXPLORE.EXE

C:\WINDOWS\explorer.exe

C:\WINDOWS\SYSTEM32\rundll32.exe

C:\WINDOWS\system32\wininet.exe

C:\PROGRAM\INTERNET EXPLORER\IEXPLORE.EXE

C:\Program\Hijackthis\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com'>http://searchbar.findthewebsiteyouneed.com'>http://searchbar.findthewebsiteyouneed.com'>http://searchbar.findthewebsiteyouneed.com'>http://searchbar.findthewebsiteyouneed.com

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchbar.findthewebsiteyouneed.com

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comhem.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=56626&homepage=http://www.yahoo.com

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.findthewebsiteyouneed.com

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar

R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program\AOL\AOL Toolbar 2.0\aoltb.dll

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program\Yahoo!\Companion\Installs\cpn5\yt.dll

R3 - URLSearchHook: DeskbarBHO - {A8B28872-3324-4CD2-8AA3-7D555C872D96} - C:\Program\Deskbar\deskbar.dll

F2 - REG:system.ini: Shell=explorer.exe "C:\Program\Delade filer\Microsoft Shared\Web Folders\ibm00001.exe"

F2 - REG:system.ini: UserInit=userinit.exe

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program\AOL\AOL Toolbar 2.0\aoltb.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program\google\googletoolbar2.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program\Yahoo!\Companion\Installs\cpn5\yt.dll

O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe

O4 - HKLM\..\Run: [KYE_Showicon] "C:\Program\USB Storage RW\shwicon.exe" -t"KYE\USB Storage RW"

O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE

O4 - HKLM\..\Run: [storageGuard] "C:\Program\VERITAS Software\Update Manager\sgtray.exe" /r

O4 - HKLM\..\Run: [WCOLOREAL] C:\Program\Coloreal\coloreal.exe

O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe

O4 - HKLM\..\Run: [ccApp] "C:\Program\Delade filer\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [ccRegVfy] "C:\Program\Delade filer\Symantec Shared\ccRegVfy.exe"

O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program\Delade filer\Microsoft Shared\Works Shared\WkUFind.exe

O4 - HKLM\..\Run: [TkBellExe] "C:\Program\Delade filer\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [symantec NetDriver Monitor] C:\Program\SYMNET~1\SNDMon.exe /Consumer

O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\System32\LVCOMSX.EXE

O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program\Logitech\Video\ISStart.exe

O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program\Logitech\Video\LogiTray.exe

O4 - HKLM\..\Run: [HostManager] C:\Program\Delade filer\AOL\1117210522\ee\AOLHostManager.exe

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [ExtraFilmHemmaAgent] "C:\Program\ExtraFilm Hemma\Agent.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program\Java\jre1.5.0_06\bin\jusched.exe

O4 - HKLM\..\Run: [Windows Defender] "C:\Program\Windows Defender\MSASCui.exe" -hide

O4 - HKLM\..\Run: [stonedrv] c:\windows\system32\stonedrv.exe

O4 - HKLM\..\Run: [xzz00802] RUNDLL32.EXE w118dd7d.dll,n 005007fd0000000a118dd7d

O4 - HKLM\..\RunServices: [stonedrv] c:\windows\system32\stonedrv.exe

O4 - HKCU\..\Run: [LDM] \Program\BackWeb-8876480.exe

O4 - HKCU\..\Run: [LogitechSoftwareUpdate] C:\Program\Logitech\Video\ManifestEngine.exe boot

O4 - HKCU\..\Run: [browser Sentinel] "C:\Program\Browser Sentinel\BrowserSentinel.exe" -autorun

O4 - HKCU\..\Run: [updateMgr] "C:\Program\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7 -reboot 1

O4 - HKCU\..\Run: [mtxoci] C:\WINDOWS\system32\mtxoci.exe

O4 - HKCU\..\Run: [deskmenu2] C:\WINDOWS\system32\deskmenu2.exe

O4 - HKCU\..\Run: [audiodev] C:\WINDOWS\system32\audiodev.exe

O4 - HKCU\..\Run: [shell] "C:\Program\Delade filer\Microsoft Shared\Web Folders\ibm00001.exe"

O4 - HKCU\..\Run: [msr2c] C:\WINDOWS\system32\msr2c.exe

O4 - HKCU\..\Run: [stonedrv] c:\windows\system32\stonedrv.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: hp officejet 4100 series.lnk = ?

O4 - Global Startup: hpoddt01.exe.lnk = ?

O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program\Microsoft Office\Office10\OSA.EXE

O8 - Extra context menu item: &AOL Toolbar Search - res://c:\program\aol\aol toolbar 2.0\aoltbhtml.dll/search.html

O8 - Extra context menu item: &Google-sökning - res://C:\Program\Google\GoogleToolbar2.dll/cmsearch.html

O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program\Yahoo!\Common/ycsrch.htm

O8 - Extra context menu item: &Översätt engelskt ord - res://C:\Program\Google\GoogleToolbar2.dll/cmwordtrans.html

O8 - Extra context menu item: Bakåtlänkar - res://C:\Program\Google\GoogleToolbar2.dll/cmbacklinks.html

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program\MICROS~4\Office10\EXCEL.EXE/3000

O8 - Extra context menu item: Lagrad bild på sida - res://C:\Program\Google\GoogleToolbar2.dll/cmcache.html

O8 - Extra context menu item: Liknande sidor - res://C:\Program\Google\GoogleToolbar2.dll/cmsimilar.html

O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program\Yahoo!\Common/ycdict.htm

O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program\Yahoo!\Common/ycmap.htm

O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program\Yahoo!\Common/ycsms.htm

O16 - DPF: {0EB1CA3E-C9C7-42B6-8016-B0CBA435E291} (ImclCtl Class) - http://www.messenger.spray.se/messenger/client/ActiveXMsgrCore.cab

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1126339348296

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1137091419281

O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - http://support.f-secure.com/ols/fscax.cab

O16 - DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} - http://download.abacast.com/download/files/abasetup161.cab

O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - http://82.193.168.111/commod/wexlite/XUpload.ocx

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\Program\MSNMES~1\msgrapp.dll" (file missing)

O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll

O20 - Winlogon Notify: Telephony - C:\WINDOWS\system32\itengine.dll

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O21 - SSODL: SysRun - {D7FFD784-5276-42D1-887B-00267870A4C7} - C:\WINDOWS\system32\svshost.dll

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccPwdSvc.exe

O23 - Service: ewido security suite control - ewido networks - C:\Program\ewido anti-malware\ewidoctrl.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program\Delade filer\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPodService - Apple Computer, Inc. - C:\Program\iPod\bin\iPodService.exe

O23 - Service: Windows Update Service (muamgrd) - Unknown owner - C:\WINDOWS\System32\muamgrd.exe (file missing)

O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program\Norton AntiVirus\navapsvc.exe

O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe

O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\Program\DELADE~1\SYMANT~1\SCRIPT~1\SBServ.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\SNDSrvc.exe

O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\Security Center\SymWSC.exe

O23 - Service: wiavusd.exe - Unknown owner - C:\WINDOWS\system32\wiavusd.exe

 

[/log]

 

Dela detta inlägg


Länk till inlägg
Dela på andra webbplatser
Zipp.

 

Här var det mycket skräp.

Ladda ner Combofix på skrivbordet

 

http://download.bleepingcomputer.com/sUBs/combofix.exe

 

kör den och följ anvisningar.

När den är färdig så ska en logg komma ut skicka hit den.

VIKTIGT = klicka inte på Combofix fönster med musen när den körs annars kan den hänga upp sig.

 

när du har klistrat in Combo loggen så måla den och sen klicka på LOG knappen och sen skicka.

 

Dela detta inlägg


Länk till inlägg
Dela på andra webbplatser
teknik

Mycket konstigt jag har postat den 2 gånger,men jag ser inte att den är postat varför??

 

Dela detta inlägg


Länk till inlägg
Dela på andra webbplatser
Zipp.

 

Kopiera Combo loggen och klistra in i din inlägg sen måla hela loggen och klicka på LOG och sen skicka.

 

Dela detta inlägg


Länk till inlägg
Dela på andra webbplatser
teknik

[log]- 06-09-27 21:24:24,00 Service Pack 2

ComboFix 06.09.27 - Running from: "C:\Documents and Settings\Žgaren\Skrivbord"

 

((((((((((((((((((((((((((((((((((((((((((((( Look2Me's Log ))))))))))))))))))))))))))))))))))))))))))))))))))

 

REGISTRY ENTRIES REMOVED:

 

[HKEY_CLASSES_ROOT\CLSID\{16D72911-8F45-47AC-A0D2-2E3365BBE4AB}]

@=""

 

[HKEY_CLASSES_ROOT\CLSID\{16D72911-8F45-47AC-A0D2-2E3365BBE4AB}\Implemented Categories]

@=""

 

[HKEY_CLASSES_ROOT\CLSID\{16D72911-8F45-47AC-A0D2-2E3365BBE4AB}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]

@=""

 

[HKEY_CLASSES_ROOT\CLSID\{16D72911-8F45-47AC-A0D2-2E3365BBE4AB}\InprocServer32]

@="C:\\WINDOWS\\system32\\guard.tmp"

"ThreadingModel"="Apartment"

 

* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *

 

 

FILES REMOVED:

 

C:\WINDOWS\system32\amptif.dll

C:\WINDOWS\system32\cjetcfg.dll

C:\WINDOWS\system32\itengine.dll

C:\WINDOWS\system32\n84s0ih7e84.dll

C:\WINDOWS\system32\nirshe.dll

C:\WINDOWS\system32\guard.tmp

 

 

Granting sedebugprivilege to Administratörer ... successful

 

 

(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

 

 

C:\WINDOWS\system32\drsmartload815a.exe

C:\WINDOWS\drsmartload2.dat

C:\WINDOWS\teller2.chk

C:\dfndrff_e16.exe

C:\drsmartload.exe

C:\drsmartload45a45a45k.exe

C:\deskbar.exe

C:\deskbar_e13.exe

C:\deskbar_e15.exe

C:\kybrdff_e16.exe

C:\MTE3NDI6ODoxNg.exe

C:\nwnmff_e16.exe

C:\warebundlenewer.exe

C:\ac3_0010.exe

C:\mte3ndi6odoxng.exe

C:\ucmoreiex.exe

C:\WINDOWS\uninstall_nmon.vbs

C:\WINDOWS\system32\atmtd.dll

C:\WINDOWS\system32\atmtd.dll._

C:\Program\network monitor

C:\Program\Deskbar

C:\Program\Delade filer\{EC7114A8-0706-1053-0317-03111302002e}

 

 

((((((((((((((((((((((((((((((( Files Created from 2006-08-27 to 2006-09-27 ))))))))))))))))))))))))))))))))))

 

 

2006-09-27 18:09 578,560 --a------ C:\Installer4.exe

2006-09-27 18:00 29,696 --------- C:\WINDOWS\system32\w118dd7d.dll

2006-09-27 18:00 1,233 --a------ C:\WINDOWS\system32\xzz00802.sys

2006-09-27 17:59 5,632 --a------ C:\WINDOWS\system32\wininet.exe

2006-09-27 17:59 2,560 --a------ C:\WINDOWS\system32\svshost.dll

2006-09-27 17:59 0 --a------ C:\pyqjdt.exe

2006-09-27 17:58 5,632 --a------ C:\gxea.exe

2006-09-27 17:58 0 --a------ C:\WINDOWS\system32\TheMatrixHasYou.exe

2006-09-27 17:57 76,288 --a------ C:\fhayhktt.exe

2006-09-27 17:57 132,128 --a------ C:\WINDOWS\system32\audiodev.exe

2006-09-27 17:57 1,024 --a------ C:\sbenlb.exe

2006-09-27 17:56 7,680 --a------ C:\WINDOWS\system32\loadadv559.exe

2006-09-27 17:56 152,096 --a------ C:\WINDOWS\system32\Fastmp3_Setup1.exe

2006-09-27 17:56 138,862 --a------ C:\WINDOWS\system32\install.exe

2006-09-04 14:18 53,248 -ra------ C:\WINDOWS\UpdtNv28.exe

 

 

(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

 

Rootkit driver pe386 is present. A rootkit scan is required

 

2006-09-27 21:27 -------- d-------- C:\Program\Delade filer

2006-09-27 20:54 -------- d-------- C:\Program\Hijackthis

2006-09-27 18:53 -------- d-------- C:\Program\Internet Explorer

2006-09-27 18:53 -------- d-------- C:\Program\Delade filer\Symantec Shared

2006-09-27 17:16 1745 --a------ C:\Documents and Settings\Žgaren\Application Data\AdobeDLM.log

2006-09-16 16:31 -------- d-------- C:\Program\Symantec

2006-09-15 22:52 91904 --a------ C:\WINDOWS\system32\S32EVNT1.DLL

2006-09-15 22:52 124016 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS

2006-09-10 10:20 -------- d-------- C:\Program\ewido anti-malware

2006-09-10 09:12 -------- d-------- C:\Program\ESET

2006-09-09 21:09 -------- d-------- C:\Program\RegistryEasy

2006-09-09 21:08 -------- d-------- C:\Program\Delade filer\Adobe

2006-09-09 21:08 -------- d-------- C:\Program\Adobe

2006-09-09 20:39 -------- d-------- C:\Program\CCleaner

2006-09-08 17:43 -------- d-------- C:\Program\Easy PDF to Word Converter

2006-09-08 17:35 -------- d-------- C:\Program\SaebDic1

2006-09-08 17:34 -------- d-------- C:\Program\filesubmit

2006-09-07 15:49 -------- d---s---- C:\Documents and Settings\Žgaren\Application Data\Microsoft

2006-09-04 14:21 -------- d-------- C:\Program\Norton AntiVirus

2006-08-26 15:04 737280 --a------ C:\WINDOWS\iun6002.exe

2006-08-26 14:49 -------- d-------- C:\Program\Visual CD

2006-08-21 14:28 16896 --a------ C:\WINDOWS\system32\fltlib.dll

2006-08-21 11:14 23040 --a------ C:\WINDOWS\system32\fltmc.exe

2006-08-21 11:14 128896 --------- C:\WINDOWS\system32\drivers\fltmgr.sys

2006-07-27 15:26 679424 --a------ C:\WINDOWS\system32\inetcomm.dll

2006-07-21 10:30 72704 --a------ C:\WINDOWS\system32\hlink.dll

 

 

(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

 

*Note* empty entries are not shown

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"LDM"="\\Program\\BackWeb-8876480.exe"

"LogitechSoftwareUpdate"="C:\\Program\\Logitech\\Video\\ManifestEngine.exe boot"

"Browser Sentinel"="\"C:\\Program\\Browser Sentinel\\BrowserSentinel.exe\" -autorun"

"updateMgr"="\"C:\\Program\\Adobe\\Acrobat 7.0\\Reader\\AdobeUpdateManager.exe\" AcRdB7_0_7 -reboot 1"

"mtxoci"="C:\\WINDOWS\\system32\\mtxoci.exe"

"deskmenu2"="C:\\WINDOWS\\system32\\deskmenu2.exe"

"audiodev"="C:\\WINDOWS\\system32\\audiodev.exe"

"msr2c"="C:\\WINDOWS\\system32\\msr2c.exe"

"stonedrv"="c:\\windows\\system32\\stonedrv.exe"

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"hpsysdrv"="c:\\windows\\system\\hpsysdrv.exe"

"HotKeysCmds"="C:\\WINDOWS\\System32\\hkcmd.exe"

"KYE_Showicon"="\"C:\\Program\\USB Storage RW\\shwicon.exe\" -t\"KYE\\USB Storage RW\""

"KBD"="C:\\HP\\KBD\\KBD.EXE"

"StorageGuard"="\"C:\\Program\\VERITAS Software\\Update Manager\\sgtray.exe\" /r"

"WCOLOREAL"="C:\\Program\\Coloreal\\coloreal.exe"

"Recguard"="C:\\WINDOWS\\SMINST\\RECGUARD.EXE"

"nwiz"="nwiz.exe /install"

"PS2"="C:\\WINDOWS\\system32\\ps2.exe"

"ccApp"="\"C:\\Program\\Delade filer\\Symantec Shared\\ccApp.exe\""

"ccRegVfy"="\"C:\\Program\\Delade filer\\Symantec Shared\\ccRegVfy.exe\""

"Microsoft Works Update Detection"="C:\\Program\\Delade filer\\Microsoft Shared\\Works Shared\\WkUFind.exe"

"TkBellExe"="\"C:\\Program\\Delade filer\\Real\\Update_OB\\realsched.exe\" -osboot"

"Symantec NetDriver Monitor"="C:\\Program\\SYMNET~1\\SNDMon.exe /Consumer"

"LVCOMSX"="C:\\WINDOWS\\System32\\LVCOMSX.EXE"

"LogitechVideoRepair"="C:\\Program\\Logitech\\Video\\ISStart.exe "

"LogitechVideoTray"="C:\\Program\\Logitech\\Video\\LogiTray.exe"

"HostManager"="C:\\Program\\Delade filer\\AOL\\1117210522\\ee\\AOLHostManager.exe"

"iTunesHelper"="\"C:\\Program\\iTunes\\iTunesHelper.exe\""

"QuickTime Task"="\"C:\\Program\\QuickTime\\qttask.exe\" -atboottime"

"ExtraFilmHemmaAgent"="\"C:\\Program\\ExtraFilm Hemma\\Agent.exe\""

"SunJavaUpdateSched"="C:\\Program\\Java\\jre1.5.0_06\\bin\\jusched.exe"

"Windows Defender"="\"C:\\Program\\Windows Defender\\MSASCui.exe\" -hide"

"stonedrv"="c:\\windows\\system32\\stonedrv.exe"

"xzz00802"="RUNDLL32.EXE w118dd7d.dll,n 005007fd0000000a118dd7d"

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]

"Installed"="1"

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]

"Installed"="1"

"NoChange"="1"

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]

"Installed"="1"

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Runservices]

"stonedrv"="c:\\windows\\system32\\stonedrv.exe"

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components]

"DeskHtmlVersion"=dword:00000110

"DeskHtmlMinorVersion"=dword:00000005

"Settings"=dword:00000001

"GeneralFlags"=dword:00000005

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components\0]

"Source"="About:Home"

"SubscribedURL"="About:Home"

"FriendlyName"="Min aktuella startsida"

"Flags"=dword:00000002

"Position"=hex:2c,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,e2,02,00,00,00, 00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00

"CurrentState"=hex:04,00,00,40

"OriginalStateInfo"=hex:18,00,00,00,a0,00,00,00,00,00,00,00,80,02,00,00,36,02, 00,00,04,00,00,40

"RestoredStateInfo"=hex:18,00,00,00,a0,00,00,00,00,00,00,00,80,02,00,00,36,02, 00,00,01,00,00,00

 

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"WindowsRegKey update"="Windowsup.exe"

"Microsoft Update"="muamgrd.exe"

 

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"WindowsRegKey update"="Windowsup.exe"

"Microsoft Update"="muamgrd.exe"

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\shellexecutehooks]

"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""

"{54D9498B-CF93-414F-8984-8CE7FDE0D391}"="ewido shell guard"

"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"="Microsoft AntiMalware ShellExecuteHook"

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]

"NoDriveTypeAutoRun"=dword:00000091

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system]

"dontdisplaylastusername"=dword:00000000

"legalnoticecaption"=""

"legalnoticetext"=""

"shutdownwithoutlogon"=dword:00000001

"undockwithoutlogon"=dword:00000001

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]

@=""

"NoDriveTypeAutoRun"=hex:5b,00,00,00

"NoCDBurning"=dword:00000000

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run]

 

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]

"NoDriveTypeAutoRun"=dword:00000091

 

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]

 

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]

"NoDriveTypeAutoRun"=dword:00000091

 

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]

"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"

"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"

"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"

"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"

"SysRun"="{D7FFD784-5276-42D1-887B-00267870A4C7}"

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\New.net Startup]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="NEWDOT~1"

"hkey"="HKLM"

"command"="rundll32 C:\\Program\\NEWDOT~1\\NEWDOT~1.DLL,ClientStartup -s"

"inimapping"="0"

 

 

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders

securityproviders REG_SZ msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll

 

 

 

~ ~ ~ ~ ~ ~ ~ ~ Hijackthis Backups ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~

 

backup-20060910-123228-190

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com

backup-20060910-123228-344

O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZNxdm796YYSE

backup-20060910-123228-949

O4 - HKLM\..\Run: [softwareStation] C:\Program\eAcceleration\Station\station.exe /b Startup

backup-20060910-123228-169

O2 - BHO: (no name) - {4E7BD750-2C8E-469B-C1E2-F063C081BF33} - (no file)

 

Contents of the 'Scheduled Tasks' folder

C:\WINDOWS\tasks\FRU Task #Hewlett-Packard#hp officejet 4100 series#1091137551.job

C:\WINDOWS\tasks\MP Scheduled Scan.job

C:\WINDOWS\tasks\Norton AntiVirus - S”k igenom datorn.job

C:\WINDOWS\tasks\Symantec NetDetect.job

 

Completion time: 2006-09-27 21:27:55.34

ComboFix.txt[/log]

 

Dela detta inlägg


Länk till inlägg
Dela på andra webbplatser
Zipp.

 

Scanna med Hijack bocka i följande rader stäng Web-läsaren och klicka Fix checked

 

[log]R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com'>http://searchbar.findthewebsiteyouneed.com'>http://searchbar.findthewebsiteyouneed.com'>http://searchbar.findthewebsiteyouneed.com'>http://searchbar.findthewebsiteyouneed.com

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchbar.findthewebsiteyouneed.com

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.findthewebsiteyouneed.com

R3 - URLSearchHook: DeskbarBHO - {A8B28872-3324-4CD2-8AA3-7D555C872D96} - C:\Program\Deskbar\deskbar.dll

F2 - REG:system.ini: Shell=explorer.exe "C:\Program\Delade filer\Microsoft Shared\Web Folders\ibm00001.exe"

O4 - HKLM\..\Run: [stonedrv] c:\windows\system32\stonedrv.exe

O4 - HKLM\..\Run: [xzz00802] RUNDLL32.EXE w118dd7d.dll,n 005007fd0000000a118dd7d

O4 - HKLM\..\RunServices: [stonedrv] c:\windows\system32\stonedrv.exe

O4 - HKCU\..\Run: [mtxoci] C:\WINDOWS\system32\mtxoci.exe

O4 - HKCU\..\Run: [deskmenu2] C:\WINDOWS\system32\deskmenu2.exe

O4 - HKCU\..\Run: [audiodev] C:\WINDOWS\system32\audiodev.exe

O4 - HKCU\..\Run: [shell] "C:\Program\Delade filer\Microsoft Shared\Web Folders\ibm00001.exe"

O4 - HKCU\..\Run: [msr2c] C:\WINDOWS\system32\msr2c.exe

O4 - HKCU\..\Run: [stonedrv] c:\windows\system32\stonedrv.exe

O20 - Winlogon Notify: Telephony - C:\WINDOWS\system32\itengine.dll

O21 - SSODL: SysRun - {D7FFD784-5276-42D1-887B-00267870A4C7} - C:\WINDOWS\system32\svshost.dll

 

 

starta sen datorn i felsäkert lage

 

Sen skriv\kopiera rader nedan i Kör fältet och klicka ok efter varje rad

 

sc stop muamgrd

sc delete muamgrd

sc stop wiavusd

sc delete wiavusd

 

sen ta bort med dolda filer synliga om hittas

 

Windowsup.exe

C:\Installer4.exe

C:\pyqjdt.exe

C:\gxea.exe

C:\fhayhktt.exe

C:\sbenlb.exe

c:\windows\system32\stonedrv.exe

C:\WINDOWS\system32\mtxoci.exe

C:\WINDOWS\system32\deskmenu2.exe

C:\WINDOWS\system32\audiodev.exe

C:\WINDOWS\system32\msr2c.exe

C:\WINDOWS\system32\svshost.dll

C:\WINDOWS\System32\muamgrd.exe

C:\WINDOWS\system32\wiavusd.exe

C:\WINDOWS\system32\w118dd7d.dll

C:\WINDOWS\system32\wininet.exe

C:\WINDOWS\system32\TheMatrixHasYou.exe

C:\WINDOWS\system32\loadadv559.exe

C:\WINDOWS\system32\Fastmp3_Setup1.exe

C:\Program\Delade filer\Microsoft Shared\Web Folders\ibm00001.exe

 

 

Starta sen normalt och scanna dessa filer här och kopiera hela resultat av varje fil och skicka dom + en ny Hijack logg

 

C:\WINDOWS\system32\xzz00802.sys

C:\WINDOWS\system32\install.exe

C:\WINDOWS\iun6002.exe

 

http://www.virustotal.com/en/indexf.html[/log]

 

Dela detta inlägg


Länk till inlägg
Dela på andra webbplatser
teknik

C:\WINDOWS\system32\xzz00802.sys

 

vissade sig inte ha några virus eller något konstig men

 

C:\WINDOWS\system32\install.exe visade resultat under:

*****************************************

 

STATUS: FINISHEDComplete scanning result of "install.exe", received in VirusTotal at 09.28.2006, 09:30:29 (CET).

 

Antivirus Version Update Result

AntiVir 7.2.0.18 09.28.2006 DR/Agent.Y.3

Authentium 4.93.8 09.28.2006 no virus found

Avast 4.7.892.0 09.27.2006 no virus found

AVG 386 09.27.2006 no virus found

BitDefender 7.2 09.28.2006 Adware.Agent.BA

CAT-QuickHeal 8.00 09.27.2006 no virus found

ClamAV devel-20060426 09.27.2006 no virus found

DrWeb 4.33 09.27.2006 Trojan.DownLoader.12291

eTrust-InoculateIT 23.73.7 09.28.2006 no virus found

eTrust-Vet 30.3.3104 09.28.2006 no virus found

Ewido 4.0 09.27.2006 no virus found

Fortinet 2.82.0.0 09.28.2006 Adware/Agent

F-Prot 3.16f 09.28.2006 no virus found

F-Prot4 4.2.1.29 09.28.2006 no virus found

Ikarus 0.2.65.0 09.28.2006 no virus found

Kaspersky 4.0.2.24 09.28.2006 not-a-virus:AdWare.Win32.Agent.y

McAfee 4861 09.27.2006 potentially unwanted program Adware-IWantSearch

Microsoft 1.1603 09.28.2006 no virus found

NOD32v2 1.1780 09.27.2006 Win32/Adware.Softomate

Norman 5.90.23 09.27.2006 no virus found

Panda 9.0.0.4 09.27.2006 Adware/Maxifiles

Sophos 4.10.0 09.28.2006 no virus found

Symantec 8.0 09.28.2006 no virus found

TheHacker 6.0.1.085 09.28.2006 Adware/Agent.y

UNA 1.83 09.27.2006 Adware.Agent.BC09

VBA32 3.11.1 09.27.2006 AdWare.Win32.Softomate.q

VirusBuster 4.3.7:9 09.27.2006 no virus found

 

 

Aditional Information

File size: 138862 bytes

MD5: dd05ac2205df2c5b5118de7e36b24099

SHA1: 56cc1126a088aa5e11dffffcd56a80ad2ca1ef57

----------------------------------

 

C:\WINDOWS\iun6002.exe visar sig så

 

 

 

STATUS: FINISHEDComplete scanning result of "iun6002.exe", received in VirusTotal at 09.28.2006, 09:40:00 (CET).

 

Antivirus Version Update Result

AntiVir 7.2.0.18 09.28.2006 no virus found

Authentium 4.93.8 09.28.2006 no virus found

Avast 4.7.892.0 09.27.2006 no virus found

AVG 386 09.27.2006 no virus found

BitDefender 7.2 09.28.2006 no virus found

CAT-QuickHeal 8.00 09.27.2006 no virus found

ClamAV devel-20060426 09.27.2006 no virus found

DrWeb n - no virus found

eTrust-InoculateIT 23.73.7 09.28.2006 no virus found

eTrust-Vet 30.3.3104 09.28.2006 no virus found

Ewido 4.0 09.27.2006 no virus found

Fortinet 2.82.0.0 09.28.2006 no virus found

F-Prot 3.16f 09.28.2006 no virus found

F-Prot4 4.2.1.29 09.28.2006 no virus found

Ikarus 0.2.65.0 09.28.2006 no virus found

Kaspersky 4.0.2.24 09.28.2006 no virus found

McAfee 4861 09.27.2006 no virus found

Microsoft 1.1603 09.28.2006 no virus found

NOD32v2 1.1780 09.27.2006 no virus found

Norman 5.90.23 09.27.2006 no virus found

Panda 9.0.0.4 09.27.2006 no virus found

Sophos 4.10.0 09.28.2006 no virus found

Symantec 8.0 09.28.2006 no virus found

TheHacker 6.0.1.085 09.28.2006 no virus found

UNA 1.83 09.27.2006 no virus found

VBA32 3.11.1 09.27.2006 no virus found

VirusBuster 4.3.7:9 09.27.2006 no virus found

 

 

Aditional Information

File size: 737280 bytes

MD5: 456462905091db042141487fe030e3c9

SHA1: bb57b4850528c3c8d9bf159fb5b9f414ddc7d5d7

 

 

---------------------------------

Visa filer som du hade skrivit att jag ska bocka hittade jag inte i min logg förrut.

 

 

 

 

 

[log]Logfile of HijackThis v1.99.1

Scan saved at 09:48:08, on 2006-09-28

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\SYSTEM32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\Program\Windows Defender\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program\Delade filer\Symantec Shared\ccEvtMgr.exe

C:\WINDOWS\system32\cisvc.exe

C:\Program\ewido anti-malware\ewidoctrl.exe

C:\windows\system\hpsysdrv.exe

C:\Program\USB Storage RW\shwicon.exe

C:\HP\KBD\KBD.EXE

C:\WINDOWS\System32\svchost.exe

C:\Program\Delade filer\Symantec Shared\ccApp.exe

C:\Program\Delade filer\Microsoft Shared\Works Shared\WkUFind.exe

C:\Program\Delade filer\Real\Update_OB\realsched.exe

C:\WINDOWS\System32\LVCOMSX.EXE

C:\Program\Delade filer\Symantec Shared\Security Center\SymWSC.exe

C:\Program\Logitech\Video\LogiTray.exe

C:\Program\iTunes\iTunesHelper.exe

C:\Program\QuickTime\qttask.exe

C:\Program\ExtraFilm Hemma\Agent.exe

C:\Program\Delade filer\AOL\1117210522\ee\AOLHostManager.exe

C:\Program\Delade filer\AOL\1117210522\ee\AOLServiceHost.exe

C:\Program\Java\jre1.5.0_06\bin\jusched.exe

C:\Program\Windows Defender\MSASCui.exe

C:\Program\Browser Sentinel\BrowserSentinel.exe

C:\Program\iPod\bin\iPodService.exe

C:\Program\Hewlett-Packard\Digital Imaging\bin\hpomau08.exe

C:\Program\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe

C:\Program\Logitech\Video\FxSvr2.exe

C:\Program\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\SYSTEM32\cidaemon.exe

C:\Program\Norton AntiVirus\navapsvc.exe

C:\Program\Internet Explorer\IEXPLORE.EXE

C:\WINDOWS\explorer.exe

C:\WINDOWS\SYSTEM32\rundll32.exe

C:\Program\Messenger\msmsgs.exe

C:\Program\Hijackthis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comhem.com/

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=56626&homepage=http://www.yahoo.com

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar

R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program\AOL\AOL Toolbar 2.0\aoltb.dll

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program\Yahoo!\Companion\Installs\cpn5\yt.dll

F2 - REG:system.ini: UserInit=userinit.exe

O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe

O4 - HKLM\..\Run: [KYE_Showicon] "C:\Program\USB Storage RW\shwicon.exe" -t"KYE\USB Storage RW"

O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE

O4 - HKLM\..\Run: [storageGuard] "C:\Program\VERITAS Software\Update Manager\sgtray.exe" /r

O4 - HKLM\..\Run: [WCOLOREAL] C:\Program\Coloreal\coloreal.exe

O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe

O4 - HKLM\..\Run: [ccApp] "C:\Program\Delade filer\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [ccRegVfy] "C:\Program\Delade filer\Symantec Shared\ccRegVfy.exe"

O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program\Delade filer\Microsoft Shared\Works Shared\WkUFind.exe

O4 - HKLM\..\Run: [TkBellExe] "C:\Program\Delade filer\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [symantec NetDriver Monitor] C:\Program\SYMNET~1\SNDMon.exe /Consumer

O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\System32\LVCOMSX.EXE

O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program\Logitech\Video\ISStart.exe

O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program\Logitech\Video\LogiTray.exe

O4 - HKLM\..\Run: [HostManager] C:\Program\Delade filer\AOL\1117210522\ee\AOLHostManager.exe

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [ExtraFilmHemmaAgent] "C:\Program\ExtraFilm Hemma\Agent.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program\Java\jre1.5.0_06\bin\jusched.exe

O4 - HKLM\..\Run: [Windows Defender] "C:\Program\Windows Defender\MSASCui.exe" -hide

O4 - HKCU\..\Run: [LDM] \Program\BackWeb-8876480.exe

O4 - HKCU\..\Run: [LogitechSoftwareUpdate] C:\Program\Logitech\Video\ManifestEngine.exe boot

O4 - HKCU\..\Run: [browser Sentinel] "C:\Program\Browser Sentinel\BrowserSentinel.exe" -autorun

O4 - HKCU\..\Run: [updateMgr] "C:\Program\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7 -reboot 1

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: hp officejet 4100 series.lnk = ?

O4 - Global Startup: hpoddt01.exe.lnk = ?

O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program\Microsoft Office\Office10\OSA.EXE

O8 - Extra context menu item: &AOL Toolbar Search - res://c:\program\aol\aol toolbar 2.0\aoltbhtml.dll/search.html

O8 - Extra context menu item: &Google-sökning - res://C:\Program\Google\GoogleToolbar2.dll/cmsearch.html

O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program\Yahoo!\Common/ycsrch.htm

O8 - Extra context menu item: &Översätt engelskt ord - res://C:\Program\Google\GoogleToolbar2.dll/cmwordtrans.html

O8 - Extra context menu item: Bakåtlänkar - res://C:\Program\Google\GoogleToolbar2.dll/cmbacklinks.html

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program\MICROS~4\Office10\EXCEL.EXE/3000

O8 - Extra context menu item: Lagrad bild på sida - res://C:\Program\Google\GoogleToolbar2.dll/cmcache.html

O8 - Extra context menu item: Liknande sidor - res://C:\Program\Google\GoogleToolbar2.dll/cmsimilar.html

O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program\Yahoo!\Common/ycdict.htm

O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program\Yahoo!\Common/ycmap.htm

O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program\Yahoo!\Common/ycsms.htm

O16 - DPF: {0EB1CA3E-C9C7-42B6-8016-B0CBA435E291} (ImclCtl Class) - http://www.messenger.spray.se/messenger/client/ActiveXMsgrCore.cab

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab

O16 - DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab

O16 - DPF: {44990200-3C9D-426D-81DF-AAB636FA4345} (Symantec SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab

O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1126339348296

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1137091419281

O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - http://support.f-secure.com/ols/fscax.cab

O16 - DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} - http://download.abacast.com/download/files/abasetup161.cab

O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - http://82.193.168.111/commod/wexlite/XUpload.ocx

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\Program\MSNMES~1\msgrapp.dll" (file missing)

O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll

O20 - Winlogon Notify: Shell Extensions - C:\WINDOWS\system32\mvj2l91o1.dll

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccPwdSvc.exe

O23 - Service: ewido security suite control - ewido networks - C:\Program\ewido anti-malware\ewidoctrl.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program\Delade filer\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPodService - Apple Computer, Inc. - C:\Program\iPod\bin\iPodService.exe

O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program\Norton AntiVirus\navapsvc.exe

O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe

O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\Program\DELADE~1\SYMANT~1\SCRIPT~1\SBServ.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\SNDSrvc.exe

O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\Security Center\SymWSC.exe

O23 - Service: wiavusd.exe - Unknown owner - C:\WINDOWS\system32\wiavusd.exe (file missing)

 

[/log]

 

Dela detta inlägg


Länk till inlägg
Dela på andra webbplatser
Zipp.

 

> C:\WINDOWS\system32\xzz00802.sys

vissade sig inte ha några virus eller något konstig men <

 

ser ut att den kan tillhöra detta

 

O4 - HKLM\..\Run: [xzz00802] RUNDLL32.EXE w118dd7d.dll,n 005007fd0000000a118dd7d

 

titta i filens egenskaper = xzz00802.sys om du ser nåt vettig info om den.

 

ta bort denna fil:

 

C:\WINDOWS\system32\install.exe

 

enligt Hijack loggen så är loo2me aktiv fortfarande.

Kör Combofix igen och skicka loggen.

 

 

Dela detta inlägg


Länk till inlägg
Dela på andra webbplatser
teknik

Jag skulle skanna

C:\WINDOWS\system32\xzz00802.sys

 

Men det verkar som den sidan fungerar inte .

 

 

Här:

[log]Žgaren - 06-09-28 11:53:59,51 Service Pack 2

ComboFix 06.09.27 - Running from: "C:\Documents and Settings\Žgaren\Skrivbord"

 

((((((((((((((((((((((((((((((((((((((((((((( Look2Me's Log ))))))))))))))))))))))))))))))))))))))))))))))))))

 

REGISTRY ENTRIES REMOVED:

 

[HKEY_CLASSES_ROOT\CLSID\{8D77F33A-3E60-4663-8A32-A77076E99AA0}]

@=""

"IDEx"="ADDR"

 

[HKEY_CLASSES_ROOT\CLSID\{8D77F33A-3E60-4663-8A32-A77076E99AA0}\Implemented Categories]

@=""

 

[HKEY_CLASSES_ROOT\CLSID\{8D77F33A-3E60-4663-8A32-A77076E99AA0}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]

@=""

 

[HKEY_CLASSES_ROOT\CLSID\{8D77F33A-3E60-4663-8A32-A77076E99AA0}\InprocServer32]

@="C:\\WINDOWS\\system32\\scsinv.dll"

"ThreadingModel"="Apartment"

 

[HKEY_CLASSES_ROOT\CLSID\{5CF5689E-EE6A-46FB-AC7E-659F3523DF25}]

@=""

 

[HKEY_CLASSES_ROOT\CLSID\{5CF5689E-EE6A-46FB-AC7E-659F3523DF25}\Implemented Categories]

@=""

 

[HKEY_CLASSES_ROOT\CLSID\{5CF5689E-EE6A-46FB-AC7E-659F3523DF25}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]

@=""

 

[HKEY_CLASSES_ROOT\CLSID\{5CF5689E-EE6A-46FB-AC7E-659F3523DF25}\InprocServer32]

@="C:\\WINDOWS\\system32\\guard.tmp"

"ThreadingModel"="Apartment"

 

* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *

 

 

FILES REMOVED:

 

C:\WINDOWS\system32\ir0ml5d11.dll

C:\WINDOWS\system32\mvj2l91o1.dll

C:\WINDOWS\system32\guard.tmp

 

 

Granting sedebugprivilege to Administratörer ... successful

 

 

((((((((((((((((((((((((((((((( Files Created from 2006-08-28 to 2006-09-28 ))))))))))))))))))))))))))))))))))

 

 

2006-09-27 21:29 61,952 --------- C:\WINDOWS\system32\xzz00802.dll

2006-09-27 18:00 1,233 --a------ C:\WINDOWS\system32\xzz00802.sys

2006-09-04 14:18 53,248 -ra------ C:\WINDOWS\UpdtNv28.exe

 

 

(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

 

Rootkit driver pe386 is present. A rootkit scan is required

 

2006-09-28 09:47 -------- d-------- C:\Program\Hijackthis

2006-09-28 08:59 -------- d-------- C:\Program\Delade filer\Symantec Shared

2006-09-28 08:58 -------- d-------- C:\Program\Delade filer

2006-09-27 21:29 -------- d-------- C:\Program\Internet Explorer

2006-09-27 17:16 1745 --a------ C:\Documents and Settings\Žgaren\Application Data\AdobeDLM.log

2006-09-16 16:31 -------- d-------- C:\Program\Symantec

2006-09-15 22:52 91904 --a------ C:\WINDOWS\system32\S32EVNT1.DLL

2006-09-15 22:52 124016 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS

2006-09-10 10:20 -------- d-------- C:\Program\ewido anti-malware

2006-09-10 09:12 -------- d-------- C:\Program\ESET

2006-09-09 21:09 -------- d-------- C:\Program\RegistryEasy

2006-09-09 21:08 -------- d-------- C:\Program\Delade filer\Adobe

2006-09-09 21:08 -------- d-------- C:\Program\Adobe

2006-09-09 20:39 -------- d-------- C:\Program\CCleaner

2006-09-08 17:43 -------- d-------- C:\Program\Easy PDF to Word Converter

2006-09-08 17:35 -------- d-------- C:\Program\SaebDic1

2006-09-08 17:34 -------- d-------- C:\Program\filesubmit

2006-09-07 15:49 -------- d---s---- C:\Documents and Settings\Žgaren\Application Data\Microsoft

2006-09-04 14:21 -------- d-------- C:\Program\Norton AntiVirus

2006-08-26 15:04 737280 --a------ C:\WINDOWS\iun6002.exe

2006-08-26 14:49 -------- d-------- C:\Program\Visual CD

2006-08-21 14:28 16896 --a------ C:\WINDOWS\system32\fltlib.dll

2006-08-21 11:14 23040 --a------ C:\WINDOWS\system32\fltmc.exe

2006-08-21 11:14 128896 --------- C:\WINDOWS\system32\drivers\fltmgr.sys

2006-07-27 15:26 679424 --a------ C:\WINDOWS\system32\inetcomm.dll

2006-07-21 10:30 72704 --a------ C:\WINDOWS\system32\hlink.dll

 

 

(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

 

*Note* empty entries are not shown

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"LDM"="\\Program\\BackWeb-8876480.exe"

"LogitechSoftwareUpdate"="C:\\Program\\Logitech\\Video\\ManifestEngine.exe boot"

"Browser Sentinel"="\"C:\\Program\\Browser Sentinel\\BrowserSentinel.exe\" -autorun"

"updateMgr"="\"C:\\Program\\Adobe\\Acrobat 7.0\\Reader\\AdobeUpdateManager.exe\" AcRdB7_0_7 -reboot 1"

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"hpsysdrv"="c:\\windows\\system\\hpsysdrv.exe"

"HotKeysCmds"="C:\\WINDOWS\\System32\\hkcmd.exe"

"KYE_Showicon"="\"C:\\Program\\USB Storage RW\\shwicon.exe\" -t\"KYE\\USB Storage RW\""

"KBD"="C:\\HP\\KBD\\KBD.EXE"

"StorageGuard"="\"C:\\Program\\VERITAS Software\\Update Manager\\sgtray.exe\" /r"

"WCOLOREAL"="C:\\Program\\Coloreal\\coloreal.exe"

"Recguard"="C:\\WINDOWS\\SMINST\\RECGUARD.EXE"

"nwiz"="nwiz.exe /install"

"PS2"="C:\\WINDOWS\\system32\\ps2.exe"

"ccApp"="\"C:\\Program\\Delade filer\\Symantec Shared\\ccApp.exe\""

"ccRegVfy"="\"C:\\Program\\Delade filer\\Symantec Shared\\ccRegVfy.exe\""

"Microsoft Works Update Detection"="C:\\Program\\Delade filer\\Microsoft Shared\\Works Shared\\WkUFind.exe"

"TkBellExe"="\"C:\\Program\\Delade filer\\Real\\Update_OB\\realsched.exe\" -osboot"

"Symantec NetDriver Monitor"="C:\\Program\\SYMNET~1\\SNDMon.exe /Consumer"

"LVCOMSX"="C:\\WINDOWS\\System32\\LVCOMSX.EXE"

"LogitechVideoRepair"="C:\\Program\\Logitech\\Video\\ISStart.exe "

"LogitechVideoTray"="C:\\Program\\Logitech\\Video\\LogiTray.exe"

"HostManager"="C:\\Program\\Delade filer\\AOL\\1117210522\\ee\\AOLHostManager.exe"

"iTunesHelper"="\"C:\\Program\\iTunes\\iTunesHelper.exe\""

"QuickTime Task"="\"C:\\Program\\QuickTime\\qttask.exe\" -atboottime"

"ExtraFilmHemmaAgent"="\"C:\\Program\\ExtraFilm Hemma\\Agent.exe\""

"SunJavaUpdateSched"="C:\\Program\\Java\\jre1.5.0_06\\bin\\jusched.exe"

"Windows Defender"="\"C:\\Program\\Windows Defender\\MSASCui.exe\" -hide"

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]

"Installed"="1"

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]

"Installed"="1"

"NoChange"="1"

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]

"Installed"="1"

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components]

"DeskHtmlVersion"=dword:00000110

"DeskHtmlMinorVersion"=dword:00000005

"Settings"=dword:00000001

"GeneralFlags"=dword:00000005

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components\0]

"Source"="About:Home"

"SubscribedURL"="About:Home"

"FriendlyName"="Min aktuella startsida"

"Flags"=dword:00000002

"Position"=hex:2c,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,e2,02,00,00,00, 00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00

"CurrentState"=hex:04,00,00,40

"OriginalStateInfo"=hex:18,00,00,00,a0,00,00,00,00,00,00,00,80,02,00,00,36,02, 00,00,04,00,00,40

"RestoredStateInfo"=hex:18,00,00,00,a0,00,00,00,00,00,00,00,80,02,00,00,36,02, 00,00,01,00,00,00

 

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"WindowsRegKey update"="Windowsup.exe"

"Microsoft Update"="muamgrd.exe"

 

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"WindowsRegKey update"="Windowsup.exe"

"Microsoft Update"="muamgrd.exe"

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\shellexecutehooks]

"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""

"{54D9498B-CF93-414F-8984-8CE7FDE0D391}"="ewido shell guard"

"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"="Microsoft AntiMalware ShellExecuteHook"

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]

"NoDriveTypeAutoRun"=dword:00000091

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system]

"dontdisplaylastusername"=dword:00000000

"legalnoticecaption"=""

"legalnoticetext"=""

"shutdownwithoutlogon"=dword:00000001

"undockwithoutlogon"=dword:00000001

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]

@=""

"NoDriveTypeAutoRun"=hex:5b,00,00,00

"NoCDBurning"=dword:00000000

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run]

 

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]

"NoDriveTypeAutoRun"=dword:00000091

 

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]

 

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]

"NoDriveTypeAutoRun"=dword:00000091

 

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]

"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"

"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"

"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"

"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\New.net Startup]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="NEWDOT~1"

"hkey"="HKLM"

"command"="rundll32 C:\\Program\\NEWDOT~1\\NEWDOT~1.DLL,ClientStartup -s"

"inimapping"="0"

 

 

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders

securityproviders REG_SZ msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll

 

 

Contents of the 'Scheduled Tasks' folder

C:\WINDOWS\tasks\FRU Task #Hewlett-Packard#hp officejet 4100 series#1091137551.job

C:\WINDOWS\tasks\MP Scheduled Scan.job

C:\WINDOWS\tasks\Norton AntiVirus - S”k igenom datorn.job

C:\WINDOWS\tasks\Symantec NetDetect.job

 

Completion time: 2006-09-28 11:57:56.73

ComboFix.txt

ComboFix2.txt[/log]

 

Dela detta inlägg


Länk till inlägg
Dela på andra webbplatser
Zipp.

 

> Jag skulle skanna

C:\WINDOWS\system32\xzz00802.sys

Men det verkar som den sidan fungerar inte . <

 

Du har ju scannat den filen redan och sa att :

 

> vissade sig inte ha några virus eller något konstig <

 

titta i filens egenskaper = xzz00802.sys

om du ser nåt vettigt info om den.

 

Scanna den här filen och meddela resultat

 

C:\WINDOWS\system32\xzz00802.dll

 

 

 

 

Dela detta inlägg


Länk till inlägg
Dela på andra webbplatser
teknik

Jo,det har du rätt i,men jag tänkte kanske du vill se den.

 

 

Hur kan jag titta på filens egenskaper?

 

Dela detta inlägg


Länk till inlägg
Dela på andra webbplatser
Zipp.

 

Leta efter filen och sen klicka på den och välj egenskaper.

 

Dela detta inlägg


Länk till inlägg
Dela på andra webbplatser
teknik

det var kanske lite dum fråga?

 

det står så här:

Filtyp: systemfil

Öppnas med: Dependency Walker for Win32 (Intel x86)

Plats: C:\WINDOWS\system32

 

Storlek: 1,20 kB (1 233 byte)

storlek på disk: 4,00 kB (4 096 byte)

skapad: den 27 september 2006, 18:00:43

ändrad:den 27 september 2006, 21:29:37

använd: den 28 september 2006, 11:44:44

 

Dela detta inlägg


Länk till inlägg
Dela på andra webbplatser
teknik

[log]STATUS: FINISHEDComplete scanning result of "xzz00802.dll", received in VirusTotal at 09.28.2006, 12:31:11 (CET).

 

Antivirus Version Update Result

AntiVir n - no virus found

Authentium n - no virus found

Avast n - no virus found

AVG n - no virus found

BitDefender n - no virus found

CAT-QuickHeal n - no virus found

ClamAV n - no virus found

DrWeb n - no virus found

eTrust-InoculateIT n - no virus found

eTrust-Vet n - no virus found

Ewido n - no virus found

Fortinet n - no virus found

F-Prot n - no virus found

F-Prot4 n - no virus found

Ikarus n - no virus found

Kaspersky n - no virus found

McAfee n - no virus found

Microsoft n - no virus found

NOD32v2 n - no virus found

Norman n - no virus found

Panda n - no virus found

Sophos n - no virus found

Symantec n - no virus found

TheHacker n - no virus found

UNA n - no virus found

VBA32 n - no virus found

VirusBuster n - no virus found

 

 

Aditional Information

File size: 0 bytes

MD5: d41d8cd98f00b204e9800998ecf8427e

SHA1: da39a3ee5e6b4b0d3255bfef95601890afd80709 [/log]

 

Dela detta inlägg


Länk till inlägg
Dela på andra webbplatser
Cecilia
C:\WINDOWS\system32\xzz00802.sys

 

vissade sig inte ha några virus eller något konstig men

Är det säkert att den blev ordentligt uppladdad så att inte VirusTotal rapporterade 0 i filstorlek?

 

Dela detta inlägg


Länk till inlägg
Dela på andra webbplatser
Zipp.

 

Svårt att veta\säija om filer men dom är kanske elakingar ändå.

Titta om det finns uppdateringar till Ewido.

 

[log]Ladda ner Avenger på skrivbordet och unzippa den där

 

http://swandog46.geekstogo.com/avenger.zip

 

Sen kopiera texten nedan

 

 

Drivers to unload:

pe386

 

 

Sen öppna Avenger

Bocka i "Input Script Manually".

Klicka på förstorningsglas och i "View/edit script" fönster klistra in texten du kopiera.

Klicka på Done.

Sen klicka på gröna ljuset och svara Ja på frågor.

Datorn startar om och du ser en dos fönster och sen ska loggen öppnas fram.

Spara den loggen.

 

Starta sen i felsäkert läge och scanna + rensa med Ewido och spara loggen.

Starta normalt och skicka Avenger logg och Ewido loggen.[/log]

 

Dela detta inlägg


Länk till inlägg
Dela på andra webbplatser
teknik

 

 

[log]STATUS: FINISHEDComplete scanning result of "xzz00802.sys", received in VirusTotal at 09.28.2006, 13:04:49 (CET).

 

Antivirus Version Update Result

AntiVir 7.2.0.18 09.28.2006 no virus found

Authentium 4.93.8 09.28.2006 no virus found

Avast 4.7.892.0 09.27.2006 no virus found

AVG 386 09.27.2006 no virus found

BitDefender 7.2 09.28.2006 no virus found

CAT-QuickHeal 8.00 09.27.2006 no virus found

ClamAV devel-20060426 09.27.2006 no virus found

DrWeb 4.33 09.28.2006 no virus found

eTrust-InoculateIT 23.73.7 09.28.2006 no virus found

eTrust-Vet 30.3.3104 09.28.2006 no virus found

Ewido 4.0 09.28.2006 no virus found

Fortinet 2.82.0.0 09.28.2006 no virus found

F-Prot 3.16f 09.28.2006 no virus found

F-Prot4 4.2.1.29 09.28.2006 no virus found

Ikarus 0.2.65.0 09.28.2006 no virus found

Kaspersky 4.0.2.24 09.28.2006 no virus found

McAfee 4861 09.27.2006 no virus found

Microsoft 1.1603 09.28.2006 no virus found

NOD32v2 1.1781 09.28.2006 no virus found

Norman 5.90.23 09.28.2006 no virus found

Panda 9.0.0.4 09.27.2006 no virus found

Sophos 4.10.0 09.28.2006 no virus found

Symantec 8.0 09.28.2006 no virus found

TheHacker 6.0.1.085 09.28.2006 no virus found

UNA 1.83 09.27.2006 no virus found

VBA32 3.11.1 09.28.2006 no virus found

VirusBuster 4.3.7:9 09.27.2006 no virus found

 

 

Aditional Information

File size: 1233 bytes

MD5: c1c02af80b60a912420afb849cb9741a

SHA1: e05f8fa34f7c7e97f682a42d1b627d4df4d4c93b [/log]

 

Dela detta inlägg


Länk till inlägg
Dela på andra webbplatser
Zipp.

 

Kopiera dessa filer

 

C:\WINDOWS\system32\xzz00802.dll

C:\WINDOWS\system32\xzz00802.sys

 

och klistra in i en ny mapp...zippa mappen och skicka den till mig

 

RKroppi@hotmail.com

 

Dela detta inlägg


Länk till inlägg
Dela på andra webbplatser
teknik

hur ska jag kopiera de?

Men du att jag ska söka och kopier innhållet eller?

[inlägget ändrat 2006-09-28 13:35:10 av teknik]

Dela detta inlägg


Länk till inlägg
Dela på andra webbplatser
teknik

Nu har jag gjort det där!

 

Edwio logg kunnde jag inte kopiera,jag sparade men jag kan inte hitta det.

 

Men det fanns ingen virus där.

 

Men här är det för Avenger:

 

[log]Logfile of The Avenger version 1, by Swandog46

Running from registry key:

\Registry\Machine\System\CurrentControlSet\Services\cdqgpcqa

 

*******************

 

Script file located at: \??\C:\WINDOWS\qxtltmcb.txt

Script file opened successfully.

 

Script file read successfully

 

Backups directory opened successfully at C:\Avenger

 

*******************

 

Beginning to process script file:

 

Driver pe386 unloaded successfully.

 

Completed script processing.

 

*******************

 

Finished! Terminate.[/log]

 

Dela detta inlägg


Länk till inlägg
Dela på andra webbplatser
Zipp.

 

Testa detta skriv kopiera rader nedan i Kör fältet och klicka ok efter varje rad

 

sc stop wiavusd.exe

sc delete wiavusd.exe

 

skicka sen en ny Hijack logg.

 

Dela detta inlägg


Länk till inlägg
Dela på andra webbplatser
teknik

Den där hittades inte:

C:\WINDOWS\system32\xzz00802.dll

Men jag har kopierat den andra och skickar jag den till dig.

 

 

 

Nu får jag ingen konstiga eller popfönster,men min brandvägg fungerar fortfarande inte! Och min antivirus stängs av varje gång data startas!

 

Dela detta inlägg


Länk till inlägg
Dela på andra webbplatser

Skapa ett konto eller logga in för att kommentera

Du måste vara medlem för att kunna kommentera

Skapa ett konto

Skapa ett nytt konto på vårt forum. Det är lätt!

Registrera ett nytt konto

Logga in

Redan medlem? Logga in här.

Logga in nu



×
×
  • Skapa nytt...