Just nu i M3-nätverket
Jump to content

Vägrar starta


Bagarn-10

Recommended Posts

Hej alla glada:)

Nu är det så att min brandvägg är korrupt:thumbsdown:

 

Försöker starta min brandvägg då händer följande: Det går inte att visa inställningarna för windowsbrandväggen eftersom tjänsten inte körs.

Vill du starta tjänsten bla bla bla brandväg windows bla bla

JA!!

 

-Tjänsten windows firewall startas-

 

-Det gick inte att visa windows-brandväggens inställningar på grund av ett oidentifierat problem.-

 

Jag har via Start / kör skrivit services.msc och kontrollerat att tjänsten "windows firewall/internet connectation sharing(ICS)" har startalternativ "Automatisk"

det hade den inte ändrade till det och tryckte värkställ, but quess what, ingen skillnad, och när jag går in för att kolla om den fortfarande är på automatisk, då har den ändrats till inaktiverad.

 

gjorde som det stod i denna tråd också, //eforum.idg.se/viewmsg.asp?EntriesId=865181#865531

 

ingen skillnad nu heller! Ber er om hjälp!

 

Tack på förhand /Bagarn 4 sure

 

Link to comment
Share on other sites

Du kanske har otrevligheter i datorn.

Vi kan ju se vad HijackThis visar till att börja med:

http://www.thespykiller.co.uk/files/HJTsetup.exe

Installera, kör, skanna och spara loggen (inget annat).

 

I ditt svar bifogar du HijackThis-loggen på detta sätt:

Tryck på LOG-knappen i Besvara-fönstret

Klistra in loggen

Tryck igen på LOG-knappen

 

Link to comment
Share on other sites

[log]Logfile of HijackThis v1.99.1

Scan saved at 14:15:04, on 2003-11-21

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.exe

C:\WINDOWS\services.exe

C:\WINDOWS\system32\svchost.exe

C:\Program\D-Link\AirPlus G\AirGCFG.exe

C:\Program\ANI\ANIWZCS2 Service\WZCSLDR2.exe

C:\Program\Delade filer\Real\Update_OB\realsched.exe

C:\Program\HP\HP Software Update\HPWuSchd2.exe

C:\Program\HP\hpcoretech\hpcmpmgr.exe

C:\Program\PowerISO\PWRISOVM.EXE

C:\Program\CyberLink\PowerDVD\PDVDServ.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program\HP\Digital Imaging\bin\hpqtra08.exe

C:\Program\HP\Digital Imaging\bin\hpqgalry.exe

C:\WINDOWS\system32\devldr32.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\WINDOWS\System32\svchost.exe

C:\Program\Internet Explorer\iexplore.exe

C:\-=[stuff]=-\Program\Winrar\WinRAR.exe

C:\Program\Internet Explorer\IEXPLORE.EXE

C:\Program\Internet Explorer\IEXPLORE.EXE

C:\Program\MSN Messenger\msnmsgr.exe

C:\Program\Hijackthis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar

F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\system32\fservice.exe

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program\Delade filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)

O4 - HKLM\..\Run: [D-Link AirPlus G] C:\Program\D-Link\AirPlus G\AirGCFG.exe

O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program\ANI\ANIWZCS2 Service\WZCSLDR2.exe

O4 - HKLM\..\Run: [H2O] C:\Program\SyncroSoft\Pos\H2O\cledx.exe

O4 - HKLM\..\Run: [TkBellExe] "C:\Program\Delade filer\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [HP Software Update] "C:\Program\HP\HP Software Update\HPWuSchd2.exe"

O4 - HKLM\..\Run: [HP Component Manager] "C:\Program\HP\hpcoretech\hpcmpmgr.exe"

O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program\PowerISO\PWRISOVM.EXE

O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg

O4 - HKLM\..\Run: [RemoteControl] C:\Program\CyberLink\PowerDVD\PDVDServ.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Program\Messenger\msmsgs.exe" /background

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: HP Image Zone Snabbstarta.lnk = C:\Program\HP\Digital Imaging\bin\hpqthb08.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program\Delade filer\Microsoft Shared\Help\hxds.dll

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program\MSNMES~1\MSGRAP~1.DLL

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: SQL Server (SQLEXPRESS) (MSSQL$SQLEXPRESS) - Unknown owner - C:\Program\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sSQLEXPRESS (file missing)

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

[/log]

 

 

Link to comment
Share on other sites

[log]Logfile of HijackThis v1.99.1

Scan saved at 14:15:04, on 2003-11-21

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.exe

C:\WINDOWS\services.exe

C:\WINDOWS\system32\svchost.exe

C:\Program\D-Link\AirPlus G\AirGCFG.exe

C:\Program\ANI\ANIWZCS2 Service\WZCSLDR2.exe

C:\Program\Delade filer\Real\Update_OB\realsched.exe

C:\Program\HP\HP Software Update\HPWuSchd2.exe

C:\Program\HP\hpcoretech\hpcmpmgr.exe

C:\Program\PowerISO\PWRISOVM.EXE

C:\Program\CyberLink\PowerDVD\PDVDServ.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program\HP\Digital Imaging\bin\hpqtra08.exe

C:\Program\HP\Digital Imaging\bin\hpqgalry.exe

C:\WINDOWS\system32\devldr32.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\WINDOWS\System32\svchost.exe

C:\Program\Internet Explorer\iexplore.exe

C:\-=[stuff]=-\Program\Winrar\WinRAR.exe

C:\Program\Internet Explorer\IEXPLORE.EXE

C:\Program\Internet Explorer\IEXPLORE.EXE

C:\Program\MSN Messenger\msnmsgr.exe

C:\Program\Hijackthis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar

F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\system32\fservice.exe

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program\Delade filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)

O4 - HKLM\..\Run: [D-Link AirPlus G] C:\Program\D-Link\AirPlus G\AirGCFG.exe

O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program\ANI\ANIWZCS2 Service\WZCSLDR2.exe

O4 - HKLM\..\Run: [H2O] C:\Program\SyncroSoft\Pos\H2O\cledx.exe

O4 - HKLM\..\Run: [TkBellExe] "C:\Program\Delade filer\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [HP Software Update] "C:\Program\HP\HP Software Update\HPWuSchd2.exe"

O4 - HKLM\..\Run: [HP Component Manager] "C:\Program\HP\hpcoretech\hpcmpmgr.exe"

O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program\PowerISO\PWRISOVM.EXE

O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg

O4 - HKLM\..\Run: [RemoteControl] C:\Program\CyberLink\PowerDVD\PDVDServ.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Program\Messenger\msmsgs.exe" /background

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: HP Image Zone Snabbstarta.lnk = C:\Program\HP\Digital Imaging\bin\hpqthb08.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program\Delade filer\Microsoft Shared\Help\hxds.dll

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program\MSNMES~1\MSGRAP~1.DLL

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: SQL Server (SQLEXPRESS) (MSSQL$SQLEXPRESS) - Unknown owner - C:\Program\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sSQLEXPRESS (file missing)

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

 

[/log]

 

Link to comment
Share on other sites

Är det så att du inte längre använder Yahoo Toolbar?

 

Hur vore det att ha ett antivirusprogram?

 

Jo, det finns i alla fall en trojan i datorn. Den öppnar en bakdörr till datorn så att andra kan komma åt den från internet, den kan också skicka spam-mejl. Så håll därför internetanslutningen urdragen så mycket som möjligt tills datorn är ren. Ibland så innehåller den också en keylogger dvs ett program som lagrar alla dina tangentnedtryckningar, kan t ex användas för att stjäla lösenord, så använd inte internetbank eller liknande och när datorn är ren så byt alla lösenord som du använder på internet.

 

Ladda ner Avenger på Skrivbordet och packa upp filen där:

http://swandog46.geekstogo.com/avenger.zip

 

Kopiera in följande i Anteckningar, inklusive rubriken Files to delete:

 

Files to delete:

C:\WINDOWS\system32\fservice.exe

C:\windows\services.exe

C:\windows\system\sservice.exe

%Windows System%\wininv.dll

%Windows System%\winkey.dll

 

Starta Avenger

Bocka i "Input Script Manually"

Klicka på förstoringsglaset och i "View/edit script" så klistrar du in texten som finns i Anteckningar.

Klicka på Done

Klicka på det gröna ljuset och svara Ja på frågorna.

Datorn startar nu om.

Ett DOS-fönster ska komma fram och sedan ska loggen komma upp.

Klistra in den här liksom en ny HijackThis-logg.

 

Skanna också datorn här: http://www.kaspersky.com/virusscanner

Klistra in resultatet därifrån också.

 

Link to comment
Share on other sites

[log]Logfile of The Avenger version 1, by Swandog46

Running from registry key:

\Registry\Machine\System\CurrentControlSet\Services\qnxrunon

 

*******************

 

Script file located at: \??\C:\WINDOWS\tyividek.txt

Script file opened successfully.

 

Script file read successfully

 

Backups directory opened successfully at C:\Avenger

 

*******************

 

Beginning to process script file:

 

File C:\WINDOWS\system32\fservice.exe deleted successfully.

File C:\windows\services.exe deleted successfully.

File C:\windows\system\sservice.exe deleted successfully.

 

 

Could not open file %Windows System%\wininv.dll for deletion

Deletion of file %Windows System%\wininv.dll failed!

 

Could not process line:

%Windows System%\wininv.dll

Status: 0xc000003a

 

 

 

Could not open file %Windows System%\winkey.dll for deletion

Deletion of file %Windows System%\winkey.dll failed!

 

Could not process line:

%Windows System%\winkey.dll

Status: 0xc000003a

 

 

Completed script processing.

 

*******************

 

Finished! Terminate.[/log]

 

[log]Logfile of HijackThis v1.99.1

Scan saved at 15:55:47, on 2003-11-21

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.exe

C:\WINDOWS\system32\svchost.exe

C:\Program\D-Link\AirPlus G\AirGCFG.exe

C:\Program\ANI\ANIWZCS2 Service\WZCSLDR2.exe

C:\Program\SyncroSoft\Pos\H2O\cledx.exe

C:\Program\Delade filer\Real\Update_OB\realsched.exe

C:\Program\HP\HP Software Update\HPWuSchd2.exe

C:\Program\HP\hpcoretech\hpcmpmgr.exe

C:\Program\PowerISO\PWRISOVM.EXE

C:\Program\CyberLink\PowerDVD\PDVDServ.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program\Messenger\msmsgs.exe

C:\Program\HP\Digital Imaging\bin\hpqtra08.exe

C:\Program\HP\Digital Imaging\bin\hpqgalry.exe

C:\WINDOWS\system32\devldr32.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program\Internet Explorer\IEXPLORE.EXE

C:\Program\MSN Messenger\msnmsgr.exe

C:\Program\Hijackthis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar

F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\system32\fservice.exe

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program\Delade filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)

O4 - HKLM\..\Run: [D-Link AirPlus G] C:\Program\D-Link\AirPlus G\AirGCFG.exe

O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program\ANI\ANIWZCS2 Service\WZCSLDR2.exe

O4 - HKLM\..\Run: [H2O] C:\Program\SyncroSoft\Pos\H2O\cledx.exe

O4 - HKLM\..\Run: [TkBellExe] "C:\Program\Delade filer\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [HP Software Update] "C:\Program\HP\HP Software Update\HPWuSchd2.exe"

O4 - HKLM\..\Run: [HP Component Manager] "C:\Program\HP\hpcoretech\hpcmpmgr.exe"

O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program\PowerISO\PWRISOVM.EXE

O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg

O4 - HKLM\..\Run: [RemoteControl] C:\Program\CyberLink\PowerDVD\PDVDServ.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Program\Messenger\msmsgs.exe" /background

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: HP Image Zone Snabbstarta.lnk = C:\Program\HP\Digital Imaging\bin\hpqthb08.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program\Delade filer\Microsoft Shared\Help\hxds.dll

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program\MSNMES~1\MSGRAP~1.DLL

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: SQL Server (SQLEXPRESS) (MSSQL$SQLEXPRESS) - Unknown owner - C:\Program\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sSQLEXPRESS (file missing)

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

 

[/log]

 

Link to comment
Share on other sites

Så tag för all hjälp Cecilia! brandväggen funkar nu!

ska tanka hem virusprogramet du rekomenderade!

[log]Infected Object Name Virus Name Last Action

C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped

 

C:\WINDOWS\SchedLgU.Txt Object is locked skipped

 

C:\WINDOWS\SoftwareDistribution\EventCache\{4311C797-61D0-4C6A-B4DF-9757C9E434C2}.bin Object is locked skipped

 

C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped

 

C:\WINDOWS\Sti_Trace.log Object is locked skipped

 

C:\WINDOWS\svchost.exe Infected: Backdoor.Win32.Poison.a skipped

 

C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped

 

C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped

 

C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped

 

C:\WINDOWS\system32\config\default Object is locked skipped

 

C:\WINDOWS\system32\config\default.LOG Object is locked skipped

 

C:\WINDOWS\system32\config\SAM Object is locked skipped

 

C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped

 

C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped

 

C:\WINDOWS\system32\config\SECURITY Object is locked skipped

 

C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped

 

C:\WINDOWS\system32\config\software Object is locked skipped

 

C:\WINDOWS\system32\config\software.LOG Object is locked skipped

 

C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped

 

C:\WINDOWS\system32\config\system Object is locked skipped

 

C:\WINDOWS\system32\config\system.LOG Object is locked skipped

 

C:\WINDOWS\system32\drivers\dtscsi.sys Object is locked skipped

 

C:\WINDOWS\system32\drivers\sptd.sys Object is locked skipped

 

C:\WINDOWS\system32\drivers\sptd5837.sys Object is locked skipped

 

C:\WINDOWS\system32\h323log.txt Object is locked skipped

 

C:\WINDOWS\system32\reginv.dll Infected: Backdoor.Win32.Prorat.19.i skipped

 

C:\WINDOWS\system32\svchosts.exe Infected: Trojan.Win32.Small.js skipped

 

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped

 

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped

 

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped

 

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped

 

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped

 

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped

 

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped

 

C:\WINDOWS\system32\winkey.dll Infected: Backdoor.Win32.Prorat.19.ah skipped

 

C:\WINDOWS\wiadebug.log Object is locked skipped

 

C:\WINDOWS\wiaservc.log Object is locked skipped

 

C:\WINDOWS\WindowsUpdate.log Object is locked skipped

 

C:\DOCUME~1\PONTUS~1\LOKALA~1\Temp\hpodvd09.log Object is locked skipped

 

C:\DOCUME~1\PONTUS~1\LOKALA~1\Temp\~DF6E54.tmp Object is locked skipped

 

Scan process completed.

[/log]

 

Link to comment
Share on other sites

Det ser inte bra ut än.

 

Kopiera in följande i Anteckningar, inklusive rubriken Files to delete:

 

Files to delete:

C:\WINDOWS\system32\fservice.exe

C:\windows\services.exe

C:\windows\system\sservice.exe

%Windows System%\wininv.dll

C:\WINDOWS\svchost.exe

C:\WINDOWS\system32\reginv.dll

C:\WINDOWS\system32\svchosts.exe

C:\WINDOWS\system32\winkey.dll

 

Starta Avenger

Bocka i "Input Script Manually"

Klicka på förstoringsglaset och i "View/edit script" så klistrar du in texten som finns i Anteckningar.

Klicka på Done

Klicka på det gröna ljuset och svara Ja på frågorna.

Datorn startar nu om.

Ett DOS-fönster ska komma fram och sedan ska loggen komma upp.

Klistra in den här liksom en ny HijackThis-logg.

 

Jag tittar på loggarna imorgon.

 

Link to comment
Share on other sites

Okej men ja vill tacka endå :) spec för att du tar dig tid:)

 

 

[log]---------------------------------------------------------

ewido anti-spyware - Scan Report

---------------------------------------------------------

 

+ Created at: 19:32:10 2003-11-21

 

+ Scan result:

 

 

 

C:\WINDOWS\system32\scvhost.exe -> Backdoor.Bifrose.ad : Cleaned.

C:\WINDOWS\system32\winkey.dll -> Backdoor.Prorat.19.ah : Cleaned.

C:\WINDOWS\system32\reginv.dll -> Backdoor.Prorat.19.i : Cleaned.

C:\Documents and Settings\Pontus johansson\Cookies\pontus johansson@2o7[1].txt -> TrackingCookie.2o7 : Cleaned.

C:\Documents and Settings\Pontus johansson\Cookies\pontus johansson@metacafe.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.

C:\Documents and Settings\Pontus johansson\Cookies\pontus johansson@msnaccountservices.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.

C:\Documents and Settings\Pontus johansson\Cookies\pontus johansson@partygaming.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.

C:\Documents and Settings\Pontus johansson\Cookies\pontus johansson@adbrite[1].txt -> TrackingCookie.Adbrite : Cleaned.

C:\Documents and Settings\Pontus johansson\Cookies\pontus johansson@rotator.adjuggler[2].txt -> TrackingCookie.Adjuggler : Cleaned.

C:\Documents and Settings\Pontus johansson\Cookies\pontus johansson@adrevolver[2].txt -> TrackingCookie.Adrevolver : Cleaned.

C:\Documents and Settings\Pontus johansson\Cookies\pontus johansson@adtech[2].txt -> TrackingCookie.Adtech : Cleaned.

C:\Documents and Settings\Pontus johansson\Cookies\pontus johansson@advertising[1].txt -> TrackingCookie.Advertising : Cleaned.

C:\Documents and Settings\Pontus johansson\Cookies\pontus johansson@atdmt[1].txt -> TrackingCookie.Atdmt : Cleaned.

C:\Documents and Settings\Pontus johansson\Cookies\pontus johansson@bluestreak[1].txt -> TrackingCookie.Bluestreak : Cleaned.

C:\Documents and Settings\Pontus johansson\Cookies\pontus johansson@www.burstbeacon[1].txt -> TrackingCookie.Burstbeacon : Cleaned.

C:\Documents and Settings\Pontus johansson\Cookies\pontus johansson@burstnet[1].txt -> TrackingCookie.Burstnet : Cleaned.

C:\Documents and Settings\Pontus johansson\Cookies\pontus johansson@www.burstnet[1].txt -> TrackingCookie.Burstnet : Cleaned.

C:\Documents and Settings\Pontus johansson\Cookies\pontus johansson@casalemedia[1].txt -> TrackingCookie.Casalemedia : Cleaned.

C:\Documents and Settings\Pontus johansson\Cookies\pontus johansson@clickbank[1].txt -> TrackingCookie.Clickbank : Cleaned.

C:\Documents and Settings\Pontus johansson\Cookies\pontus johansson@ad1.clickhype[1].txt -> TrackingCookie.Clickhype : Cleaned.

C:\Documents and Settings\Pontus johansson\Cookies\pontus johansson@data.coremetrics[1].txt -> TrackingCookie.Coremetrics : Cleaned.

C:\Documents and Settings\Pontus johansson\Cookies\pontus johansson@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned.

C:\Documents and Settings\Pontus johansson\Cookies\pontus johansson@as-us.falkag[2].txt -> TrackingCookie.Falkag : Cleaned.

C:\Documents and Settings\Pontus johansson\Cookies\pontus johansson@fastclick[1].txt -> TrackingCookie.Fastclick : Cleaned.

C:\Documents and Settings\Pontus johansson\Cookies\pontus johansson@media.fastclick[2].txt -> TrackingCookie.Fastclick : Cleaned.

C:\Documents and Settings\Pontus johansson\Cookies\pontus johansson@ehg-sigames.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.

C:\Documents and Settings\Pontus johansson\Cookies\pontus johansson@hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.

C:\Documents and Settings\Pontus johansson\Cookies\pontus johansson@hotlog[1].txt -> TrackingCookie.Hotlog : Cleaned.

C:\Documents and Settings\Pontus johansson\Cookies\pontus johansson@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned.

C:\Documents and Settings\Pontus johansson\Cookies\pontus johansson@ads.pointroll[2].txt -> TrackingCookie.Pointroll : Cleaned.

C:\Documents and Settings\Pontus johansson\Cookies\pontus johansson@questionmarket[2].txt -> TrackingCookie.Questionmarket : Cleaned.

C:\Documents and Settings\Pontus johansson\Cookies\pontus johansson@stats1.reliablestats[1].txt -> TrackingCookie.Reliablestats : Cleaned.

C:\Documents and Settings\Pontus johansson\Cookies\pontus johansson@revenue[1].txt -> TrackingCookie.Revenue : Cleaned.

C:\Documents and Settings\Pontus johansson\Cookies\pontus johansson@serving-sys[2].txt -> TrackingCookie.Serving-sys : Cleaned.

C:\Documents and Settings\Pontus johansson\Cookies\pontus johansson@counter3.sextracker[1].txt -> TrackingCookie.Sextracker : Cleaned.

C:\Documents and Settings\Pontus johansson\Cookies\pontus johansson@sextracker[1].txt -> TrackingCookie.Sextracker : Cleaned.

C:\Documents and Settings\Pontus johansson\Cookies\pontus johansson@spylog[1].txt -> TrackingCookie.Spylog : Cleaned.

C:\Documents and Settings\Pontus johansson\Cookies\pontus johansson@statcounter[1].txt -> TrackingCookie.Statcounter : Cleaned.

C:\Documents and Settings\Pontus johansson\Cookies\pontus johansson@tradedoubler[2].txt -> TrackingCookie.Tradedoubler : Cleaned.

C:\Documents and Settings\Pontus johansson\Cookies\pontus johansson@trafficmp[2].txt -> TrackingCookie.Trafficmp : Cleaned.

C:\Documents and Settings\Pontus johansson\Cookies\pontus johansson@tribalfusion[1].txt -> TrackingCookie.Tribalfusion : Cleaned.

C:\Documents and Settings\Pontus johansson\Cookies\pontus johansson@reduxads.valuead[2].txt -> TrackingCookie.Valuead : Cleaned.

C:\Documents and Settings\Pontus johansson\Cookies\pontus johansson@yadro[1].txt -> TrackingCookie.Yadro : Cleaned.

C:\Documents and Settings\Pontus johansson\Cookies\pontus johansson@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned.

 

 

::Report end[/log]

 

 

[log]Logfile of The Avenger version 1, by Swandog46

Running from registry key:

\Registry\Machine\System\CurrentControlSet\Services\qnxrunon

 

*******************

 

Script file located at: \??\C:\WINDOWS\tyividek.txt

Script file opened successfully.

 

Script file read successfully

 

Backups directory opened successfully at C:\Avenger

 

*******************

 

Beginning to process script file:

 

File C:\WINDOWS\system32\fservice.exe deleted successfully.

File C:\windows\services.exe deleted successfully.

File C:\windows\system\sservice.exe deleted successfully.

 

 

Could not open file %Windows System%\wininv.dll for deletion

Deletion of file %Windows System%\wininv.dll failed!

 

Could not process line:

%Windows System%\wininv.dll

Status: 0xc000003a

 

 

 

Could not open file %Windows System%\winkey.dll for deletion

Deletion of file %Windows System%\winkey.dll failed!

 

Could not process line:

%Windows System%\winkey.dll

Status: 0xc000003a

 

 

Completed script processing.

 

*******************

 

Finished! Terminate. [/log]

 

Link to comment
Share on other sites

Tack för poängen! :)

 

Det blev nog inte riktigt rätt med Avenger, det var fler filer den här gången som skulle bort än första. Vi tar det igen.

 

Kopiera in följande i Anteckningar, inklusive rubriken Files to delete:

 

Files to delete:

C:\WINDOWS\system32\fservice.exe

C:\windows\services.exe

C:\windows\system\sservice.exe

%Windows System%\wininv.dll

C:\WINDOWS\svchost.exe

C:\WINDOWS\system32\reginv.dll

C:\WINDOWS\system32\svchosts.exe

C:\WINDOWS\system32\winkey.dll

 

Starta Avenger

Bocka i "Input Script Manually"

Klicka på förstoringsglaset och i "View/edit script" så klistrar du in texten som finns i Anteckningar.

Klicka på Done

Klicka på det gröna ljuset och svara Ja på frågorna.

Datorn startar nu om.

Ett DOS-fönster ska komma fram och sedan ska loggen komma upp.

Klistra in den här liksom en ny HijackThis-logg.

 

Link to comment
Share on other sites

Lungt, uppskattar det du gör:)

Mjo det blev kanske lite fel där.:P men nu ska det vara rätt!!

[log]Logfile of The Avenger version 1, by Swandog46

Running from registry key:

\Registry\Machine\System\CurrentControlSet\Services\fsvec^tj

 

*******************

 

Script file located at: flvikdrs

 

Could not open script file! Error

 

Could not open script file! Status: 0xc000003b Abort!

[/log]

 

 

Men som jag ser det så värkar det va ganska tomt, eller så funka det inte!:thumbsdown:

 

Link to comment
Share on other sites

Ja och jag kollade särskilt efter den nu!

[log]Logfile of The Avenger version 1, by Swandog46

Running from registry key:

\Registry\Machine\System\CurrentControlSet\Services\oqhmsdij

 

*******************

 

Script file located at: \??\C:\cwqyknyj.txt

Script file opened successfully.

 

Script file read successfully

 

Backups directory opened successfully at C:\Avenger

 

*******************

 

Beginning to process script file:

 

 

 

File C:\WINDOWS\system32\fservice.exe not found!

Deletion of file C:\WINDOWS\system32\fservice.exe failed!

 

Could not process line:

C:\WINDOWS\system32\fservice.exe

Status: 0xc0000034

 

 

 

File C:\windows\services.exe not found!

Deletion of file C:\windows\services.exe failed!

 

Could not process line:

C:\windows\services.exe

Status: 0xc0000034

 

 

 

File C:\windows\system\sservice.exe not found!

Deletion of file C:\windows\system\sservice.exe failed!

 

Could not process line:

C:\windows\system\sservice.exe

Status: 0xc0000034

 

 

 

Could not open file %Windows System%\wininv.dll for deletion

Deletion of file %Windows System%\wininv.dll failed!

 

Could not process line:

%Windows System%\wininv.dll

Status: 0xc000003a

 

File C:\WINDOWS\svchost.exe deleted successfully.

 

 

File C:\WINDOWS\system32\reginv.dll not found!

Deletion of file C:\WINDOWS\system32\reginv.dll failed!

 

Could not process line:

C:\WINDOWS\system32\reginv.dll

Status: 0xc0000034

 

File C:\WINDOWS\system32\svchosts.exe deleted successfully.

 

 

File C:\WINDOWS\system32\winkey.dll not found!

Deletion of file C:\WINDOWS\system32\winkey.dll failed!

 

Could not process line:

C:\WINDOWS\system32\winkey.dll

Status: 0xc0000034

 

 

Completed script processing.

 

*******************

 

Finished! Terminate.[/log]

 

Link to comment
Share on other sites

[log]

Logfile of HijackThis v1.99.1

Scan saved at 13:10:50, on 2006-10-01

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program\TGTSoft\StyleXP\StyleXPService.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program\D-Link\AirPlus G\AirGCFG.exe

C:\Program\ANI\ANIWZCS2 Service\WZCSLDR2.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program\TGTSoft\StyleXP\StyleXP.exe

C:\Program\ATI Technologies\ATI.ACE\CLI.EXE

C:\Program\ewido anti-spyware 4.0\guard.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\devldr32.exe

C:\WINDOWS\explorer.exe

C:\Program\Windows Media Player\wmplayer.exe

C:\Program\MSN Messenger\msnmsgr.exe

C:\WINDOWS\system32\svchost.exe

C:\Program\Internet Explorer\iexplore.exe

C:\Program\Hijackthis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar

F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\system32\fservice.exe

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program\Delade filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)

O4 - HKLM\..\Run: [D-Link AirPlus G] C:\Program\D-Link\AirPlus G\AirGCFG.exe

O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program\ANI\ANIWZCS2 Service\WZCSLDR2.exe

O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe

O4 - HKLM\..\Run: [ATICCC] "C:\Program\ATI Technologies\ATI.ACE\CLIStart.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [sTYLEXP] C:\Program\TGTSoft\StyleXP\StyleXP.exe -Hide

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program\Delade filer\Microsoft Shared\Help\hxds.dll

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program\MSNMES~1\MSGRAP~1.DLL

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program\ewido anti-spyware 4.0\guard.exe

O23 - Service: SQL Server (SQLEXPRESS) (MSSQL$SQLEXPRESS) - Unknown owner - C:\Program\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sSQLEXPRESS (file missing)

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: StyleXPService - Unknown owner - C:\Program\TGTSoft\StyleXP\StyleXPService.exe

[/log]

 

Link to comment
Share on other sites

Nää, det var en liten envis rackare det där.

http://home.comcast.net/~rand1038/vbscript/ServiceFilter.zip

Spara filen i länken på Skrivbordet.

Packa upp filen genom att högerklicka och välja packa upp eller något liknande, packa upp till en ny mapp t ex C:\ServiceFilter.

 

Använd Utforskaren eller Den här datorn för att flytta dig till den nya mappen.

Dubbelklicka på filen som heter ServiceFilter.vbs.

Om ditt antivirusprogram frågar om du verkligen vill köra det, så säg Ja.

 

När det är klart så kommer det upp en logg som heter POST_THIS.TXT, klistra in den i ditt svar.

 

Link to comment
Share on other sites

Okej, fattar inte att folk pallar göra virus! dom får ju inte se resuktatet av det heller, helt meningslöst!

 

[log]The script did not recognize the services listed below.

This does not mean that they are a problem.

 

To copy the entire contents of this document for posting:

At the top of this window click "Edit" then "Select All"

Next click "Edit" again then "Copy"

Now right click in the forum post box then click "Paste"

 

########################################

 

ServiceFilter 1.1

by rand1038

 

Microsoft Windows XP Professional

Version: 5.1.2600 Service Pack 2

okt 1, 2006 13:38:49

 

 

===> Begin Service Listing <===

 

Unknown Service #1

Service Name: aspnet_state

Display Name: ASP.NET State Service

Start Mode: Manual

Start Name: NT AUTHORITY\NetworkService

Description: Provides support for out-of-process session states for ASP.NET. If this service is stopped, ...

Service Type: Own Process

Path: c:\windows\microsoft.net\framework\v2.0.50727\aspnet_state.exe

State: Stopped

Process ID: 0

Started: Falskt

Exit Code: 1077

Accept Pause: Falskt

Accept Stop: Falskt

 

Unknown Service # 2

Service Name: clr_optimization_v2.0.50727_32

Display Name: .NET Runtime Optimization Service v2.0.50727_X86

Start Mode: Manual

Start Name: LocalSystem

Description: Microsoft .NET Framework ...

Service Type: Own Process

Path: c:\windows\microsoft.net\framework\v2.0.50727\mscorsvw.exe

State: Stopped

Process ID: 0

Started: Falskt

Exit Code: 1077

Accept Pause: Falskt

Accept Stop: Falskt

 

Unknown Service # 3

Service Name: ewido anti-spyware 4.0 guard

Display Name: ewido anti-spyware 4.0 guard

Start Mode: Auto

Start Name: LocalSystem

Description: ...

Service Type: Own Process

Path: c:\program\ewido anti-spyware 4.0\guard.exe

State: Running

Process ID: 636

Started: Sant

Exit Code: 0

Accept Pause: Falskt

Accept Stop: Sant

 

Unknown Service # 4

Service Name: MSSQL$SQLEXPRESS

Display Name: SQL Server (SQLEXPRESS)

Start Mode: Auto

Start Name: NT AUTHORITY\NetworkService

Description: Provides storage, processing and controlled access of data and rapid transaction ...

Service Type: Own Process

Path: "c:\program\microsoft sql server\mssql.1\mssql\binn\sqlservr.exe" -ssqlexpress

State: Running

Process ID: 660

Started: Sant

Exit Code: 0

Accept Pause: Sant

Accept Stop: Sant

 

Unknown Service # 5

Service Name: MSSQLServerADHelper

Display Name: SQL Server Active Directory Helper

Start Mode: Disabled

Start Name: NT AUTHORITY\NetworkService

Description: Enables integration with Active ...

Service Type: Own Process

Path: "c:\program\microsoft sql server\90\shared\sqladhlp90.exe"

State: Stopped

Process ID: 0

Started: Falskt

Exit Code: 1077

Accept Pause: Falskt

Accept Stop: Falskt

 

Unknown Service # 6

Service Name: SQLBrowser

Display Name: SQL Server Browser

Start Mode: Disabled

Start Name: NT AUTHORITY\NetworkService

Description: Provides SQL Server connection information to client ...

Service Type: Own Process

Path: "c:\program\microsoft sql server\90\shared\sqlbrowser.exe"

State: Stopped

Process ID: 0

Started: Falskt

Exit Code: 1077

Accept Pause: Falskt

Accept Stop: Falskt

 

Unknown Service # 7

Service Name: SQLWriter

Display Name: SQL Server VSS Writer

Start Mode: Manual

Start Name: LocalSystem

Description: Provides the interface to backup/restore Microsoft SQL server through the Windows VSS ...

Service Type: Own Process

Path: "c:\program\microsoft sql server\90\shared\sqlwriter.exe"

State: Stopped

Process ID: 0

Started: Falskt

Exit Code: 1077

Accept Pause: Falskt

Accept Stop: Falskt

 

Unknown Service #8

Service Name: StyleXPService

Display Name: StyleXPService

Start Mode: Auto

Start Name: LocalSystem

Description: ...

Service Type: Own Process

Path: "c:\program\tgtsoft\stylexp\stylexpservice.exe"

State: Running

Process ID: 1084

Started: Sant

Exit Code: 0

Accept Pause: Falskt

Accept Stop: Sant

 

Unknown Service #9

Service Name: SwPrv

Display Name: MS Software Shadow Copy Provider

Start Mode: Manual

Start Name: LocalSystem

Description: Hanterar programvarubaserade ögonblicksbilder av volymer som tas av tjänsten Volume Shadow Copy. ...

Service Type: Own Process

Path: c:\windows\system32\dllhost.exe /processid:{836ce589-9ae2-4c9d-8e0a-26516e98a229}

State: Stopped

Process ID: 0

Started: Falskt

Exit Code: 1077

Accept Pause: Falskt

Accept Stop: Falskt

 

Unknown Service # 10

Service Name: usnsvc

Display Name: Läsartjänsten USN Journal för delning i Messenger

Start Mode: Manual

Start Name: LocalSystem

Description: Tjänsten har installerats av Messenger för att möjliggöra ...

Service Type: Own Process

Path: c:\windows\system32\svchost.exe -k usnsvc

State: Running

Process ID: 2912

Started: Sant

Exit Code: 0

Accept Pause: Falskt

Accept Stop: Sant

 

---> End Service Listing <---

 

There are 93 Win32 services on this machine.

10 were unrecognized.

 

Script Execution Time: 2,6875 seconds.

[/log]

 

Link to comment
Share on other sites

 

> Could not open file %Windows System%\wininv.dll for deletion

Deletion of file %Windows System%\wininv.dll failed! <

 

Vet inte om filen är på datorn men jag tror att det är fel i skriptet

 

%Windows System%\wininv.dll

 

det ska vara

 

C:\WINDOWS\system32\wininv.dll

 

 

 

 

 

Link to comment
Share on other sites

Ja, det är kanske så, jag kopierade det någonstans ifrån men det kan ju vara något som inte stämmer i alla fall.

 

Då försöker vi så här i stället.

 

Kopiera in följande i Anteckningar, inklusive rubriken Files to delete:

 

Files to delete:

C:\WINDOWS\system32\fservice.exe

C:\windows\services.exe

C:\windows\system\sservice.exe

C:\windows\system32\sservice.exe

C:\WINDOWS\system32\wininv.dll

C:\WINDOWS\svchost.exe

C:\WINDOWS\system32\reginv.dll

C:\WINDOWS\system32\svchosts.exe

C:\WINDOWS\system32\winkey.dll

 

Starta Avenger

Bocka i "Input Script Manually"

Klicka på förstoringsglaset och i "View/edit script" så klistrar du in texten som finns i Anteckningar.

Klicka på Done

Klicka på det gröna ljuset och svara Ja på frågorna.

Datorn startar nu om.

Ett DOS-fönster ska komma fram och sedan ska loggen komma upp.

Klistra in den här liksom en ny HijackThis-logg.

 

Link to comment
Share on other sites

[log]Logfile of The Avenger version 1, by Swandog46

Running from registry key:

\Registry\Machine\System\CurrentControlSet\Services\smyyvmwt

 

*******************

 

Script file located at: \??\C:\Documents and Settings\uchbwipw.txt

Script file opened successfully.

 

Script file read successfully

 

Backups directory opened successfully at C:\Avenger

 

*******************

 

Beginning to process script file:

 

 

 

File C:\WINDOWS\system32\fservice.exe not found!

Deletion of file C:\WINDOWS\system32\fservice.exe failed!

 

Could not process line:

C:\WINDOWS\system32\fservice.exe

Status: 0xc0000034

 

 

 

File C:\windows\services.exe not found!

Deletion of file C:\windows\services.exe failed!

 

Could not process line:

C:\windows\services.exe

Status: 0xc0000034

 

 

 

File C:\windows\system\sservice.exe not found!

Deletion of file C:\windows\system\sservice.exe failed!

 

Could not process line:

C:\windows\system\sservice.exe

Status: 0xc0000034

 

 

 

File C:\windows\system32\sservice.exe not found!

Deletion of file C:\windows\system32\sservice.exe failed!

 

Could not process line:

C:\windows\system32\sservice.exe

Status: 0xc0000034

 

 

 

File C:\WINDOWS\system32\wininv.dll not found!

Deletion of file C:\WINDOWS\system32\wininv.dll failed!

 

Could not process line:

C:\WINDOWS\system32\wininv.dll

Status: 0xc0000034

 

 

 

File C:\WINDOWS\svchost.exe not found!

Deletion of file C:\WINDOWS\svchost.exe failed!

 

Could not process line:

C:\WINDOWS\svchost.exe

Status: 0xc0000034

 

 

 

File C:\WINDOWS\system32\reginv.dll not found!

Deletion of file C:\WINDOWS\system32\reginv.dll failed!

 

Could not process line:

C:\WINDOWS\system32\reginv.dll

Status: 0xc0000034

 

 

 

File C:\WINDOWS\system32\svchosts.exe not found!

Deletion of file C:\WINDOWS\system32\svchosts.exe failed!

 

Could not process line:

C:\WINDOWS\system32\svchosts.exe

Status: 0xc0000034

 

 

 

File C:\WINDOWS\system32\winkey.dll not found!

Deletion of file C:\WINDOWS\system32\winkey.dll failed!

 

Could not process line:

C:\WINDOWS\system32\winkey.dll

Status: 0xc0000034

 

 

Completed script processing.

 

*******************

 

Finished! Terminate.[/log]

 

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.



×
×
  • Create New...