Just nu i M3-nätverket
Gå till innehåll

MSN-Virus


Gringo*

Rekommendera Poster

Tjena!

Jag har fått ett jobbigt virus via msn, den skickar länkar till min kontaktlista o flummar runt med de program o så jag har öppet.

 

Har fått helt suverän hjälp av er förut, så jag tänkte kolla med er om det går o rädda datorn eller om jag ska formattera?

 

MVH Robban.

 

Länk till kommentar
Dela på andra webbplatser

  • Svars 157
  • Skapad
  • Senaste svar

Det brukar gå att få bort även om det kräver en hel del jobb.

 

Ladda hem och installera gratisversionen av SUPERAntiSpyware Free Edition:

http://www.superantispyware.com/download.html

Starta programmet, klicka på Check for updates.

Avsluta programmet när uppdateringen är klar.

 

Starta om datorn i felsäkert läge (tryck F8 upprepade gånger under uppstarten och välj felsäkert läge i menyn).

 

Starta SUPERAntiSpyware och klicka på Scan your Computer.

Bocka för alla hårddiskar (fixed drive/disk).

Välj Perform complete scan

Nästa/Next

 

När skanningen är klar som kommer det upp en sammanfattning, tryck på OK

Nästa/Next

Utför eller liknande

Ett fönster med Quarantine and removal Complete kommer upp

OK

Utför eller liknande

Avsluta programmet.

 

Starta om i normalt läge.

 

Starta programmet, tryck på Preferences, välj filken Statistics/Logs

Dubbelklicka på den nyaste SUPERAntiSpyware Scan Log så att loggen kommer upp i Anteckningar.

Klistra in loggen i ditt svar

 

Sedan HijackThis:

http://www.thespykiller.co.uk/files/HJTsetup.exe

Installera, kör, skanna och spara loggen (inget annat).

 

Du kommer väl ihåg att man ska använda LOG-knappen när man klistrar in loggar?

 

Länk till kommentar
Dela på andra webbplatser

ok, här kommer första loggen

 

[log]SUPERAntiSpyware Scan Log

Generated 12/01/2006 at 04:24 PM

 

Application Version : 3.3.1020

 

Core Rules Database Version : 3140

Trace Rules Database Version: 1157

 

Scan type : Complete Scan

Total Scan Time : 00:02:35

 

Memory items scanned : 153

Memory threats detected : 0

Registry items scanned : 4792

Registry threats detected : 47

File items scanned : 216

File threats detected : 174

 

Adware.IPWins

[ipWins] C:\PROGRAM\IPWINS\IPWINS.EXE

C:\PROGRAM\IPWINS\IPWINS.EXE

HKU\S-1-5-21-789336058-854245398-682003330-1001\Software\IpWins

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IpWins

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IpWins#DisplayName

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IpWins#UninstallString

C:\Program\ipwins\pop38.tmp

C:\Program\ipwins\Services.dll

C:\Program\ipwins\Uninst.exe

C:\Program\ipwins

C:\WINDOWS\Prefetch\IPWINS.EXE-2B63173B.pf

 

Worm.Sober Variant

[Osse] C:\WINDOWS\SYSTEM32\RACLE~1\IEXPLORE.EXE

C:\WINDOWS\SYSTEM32\RACLE~1\IEXPLORE.EXE

C:\WINDOWS\Prefetch\IEXPLORE.EXE-2BB8611A.pf

 

Trojan.Update-Mcboo

[{98D435A7-07D4-1053-0122-03041803002e}] C:\PROGRAM\DELADE FILER\{98D435A7-07D4-1053-0122-03041803002E}\UPDATE.EXE

C:\PROGRAM\DELADE FILER\{98D435A7-07D4-1053-0122-03041803002E}\UPDATE.EXE

C:\WINDOWS\Prefetch\UPDATE.EXE-3698FA24.pf

 

Adware.ToolBar888

HKLM\Software\Classes\CLSID\{C004DEC2-2623-438e-9CA2-C9043AB28508}

HKCR\CLSID\{C004DEC2-2623-438E-9CA2-C9043AB28508}

HKCR\CLSID\{C004DEC2-2623-438E-9CA2-C9043AB28508}

HKCR\CLSID\{C004DEC2-2623-438E-9CA2-C9043AB28508}\InprocServer32

HKCR\CLSID\{C004DEC2-2623-438E-9CA2-C9043AB28508}\InprocServer32#ThreadingModel

HKCR\CLSID\{C004DEC2-2623-438E-9CA2-C9043AB28508}\ProgID

HKCR\CLSID\{C004DEC2-2623-438E-9CA2-C9043AB28508}\Programmable

HKCR\CLSID\{C004DEC2-2623-438E-9CA2-C9043AB28508}\TypeLib

HKCR\CLSID\{C004DEC2-2623-438E-9CA2-C9043AB28508}\VersionIndependentProgID

C:\PROGRAM\DELADE~1\{38D43~1\888BAR.DLL

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C004DEC2-2623-438e-9CA2-C9043AB28508}

HKLM\Software\Microsoft\Internet Explorer\Toolbar#{C004DEC2-2623-438e-9CA2-C9043AB28508}

HKCR\LuckyToolBar.LuckyToolBarObj.1

HKCR\LuckyToolBar.LuckyToolBarObj.1\CLSID

HKCR\LuckyToolBar.LuckyToolBarObj

HKCR\LuckyToolBar.LuckyToolBarObj\CLSID

HKCR\LuckyToolBar.LuckyToolBarObj\CurVer

HKCR\TypeLib\{ED0FB633-C311-4bcd-824A-4D345386BE64}

HKU\S-1-5-21-789336058-854245398-682003330-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser#{C004DEC2-2623-438E-9CA2-C9043AB28508}

HKCR\TypeLib\{569304BA-83ED-4CFF-AC26-BE3E482F7208}

HKCR\TypeLib\{569304BA-83ED-4CFF-AC26-BE3E482F7208}\1.0

HKCR\TypeLib\{569304BA-83ED-4CFF-AC26-BE3E482F7208}\1.0\0

HKCR\TypeLib\{569304BA-83ED-4CFF-AC26-BE3E482F7208}\1.0\0\win32

HKCR\TypeLib\{569304BA-83ED-4CFF-AC26-BE3E482F7208}\1.0\FLAGS

HKCR\TypeLib\{569304BA-83ED-4CFF-AC26-BE3E482F7208}\1.0\HELPDIR

HKCR\Interface\{C6F2214E-0B54-45A9-B90D-7DD4BA45ED0B}

HKCR\Interface\{C6F2214E-0B54-45A9-B90D-7DD4BA45ED0B}\ProxyStubClsid

HKCR\Interface\{C6F2214E-0B54-45A9-B90D-7DD4BA45ED0B}\ProxyStubClsid32

HKCR\Interface\{C6F2214E-0B54-45A9-B90D-7DD4BA45ED0B}\TypeLib

HKCR\Interface\{C6F2214E-0B54-45A9-B90D-7DD4BA45ED0B}\TypeLib#Version

 

Adware.Tracking Cookie

C:\Documents and Settings\Robert\Cookies\robert@2o7[1].txt

C:\Documents and Settings\Robert\Cookies\robert@vip.clickzs[2].txt

C:\Documents and Settings\Robert\Cookies\robert@ad.bannerbank[1].txt

C:\Documents and Settings\Robert\Cookies\robert@1225.luftgropmedia[2].txt

C:\Documents and Settings\Robert\Cookies\robert@www.voyeurxxxvideos[2].txt

C:\Documents and Settings\Robert\Cookies\robert@st[25].txt

C:\Documents and Settings\Robert\Cookies\robert@ad.adtoma[2].txt

C:\Documents and Settings\Robert\Cookies\robert@realmedia[1].txt

C:\Documents and Settings\Robert\Cookies\robert@image.masterstats[1].txt

C:\Documents and Settings\Robert\Cookies\robert@xxxboobpost[2].txt

C:\Documents and Settings\Robert\Cookies\robert@counter2.sextracker[1].txt

C:\Documents and Settings\Robert\Cookies\robert@counter5.sextracker[2].txt

C:\Documents and Settings\Robert\Cookies\robert@adbrite[2].txt

C:\Documents and Settings\Robert\Cookies\robert@cs.sexcounter[2].txt

C:\Documents and Settings\Robert\Cookies\robert@doubleclick[2].txt

C:\Documents and Settings\Robert\Cookies\robert@tgp[2].txt

C:\Documents and Settings\Robert\Cookies\robert@3.luftgropmedia[2].txt

C:\Documents and Settings\Robert\Cookies\robert@valueclick[2].txt

C:\Documents and Settings\Robert\Cookies\robert@xxxcreatures[1].txt

C:\Documents and Settings\Robert\Cookies\robert@revsci[2].txt

C:\Documents and Settings\Robert\Cookies\robert@list[1].txt

C:\Documents and Settings\Robert\Cookies\robert@tradedoubler[3].txt

C:\Documents and Settings\Robert\Cookies\robert@counter8.sextracker[1].txt

C:\Documents and Settings\Robert\Cookies\robert@sextracker[2].txt

C:\Documents and Settings\Robert\Cookies\robert@cgi-bin[1].txt

C:\Documents and Settings\Robert\Cookies\robert@tripod[1].txt

C:\Documents and Settings\Robert\Cookies\robert@counter12.sextracker[1].txt

C:\Documents and Settings\Robert\Cookies\robert@statcounter[1].txt

C:\Documents and Settings\Robert\Cookies\robert@rotator.adjuggler[2].txt

C:\Documents and Settings\Robert\Cookies\robert@counter14.sextracker[2].txt

C:\Documents and Settings\Robert\Cookies\robert@mb[5].txt

C:\Documents and Settings\Robert\Cookies\robert@server.iad.liveperson[2].txt

C:\Documents and Settings\Robert\Cookies\robert@serving-sys[1].txt

C:\Documents and Settings\Robert\Cookies\robert@yadro[1].txt

C:\Documents and Settings\Robert\Cookies\robert@sexlist[2].txt

C:\Documents and Settings\Robert\Cookies\robert@counter9.sextracker[1].txt

C:\Documents and Settings\Robert\Cookies\robert@8448.luftgropmedia[2].txt

C:\Documents and Settings\Robert\Cookies\robert@mediaplex[3].txt

C:\Documents and Settings\Robert\Cookies\robert@www.xxxmaturepost[2].txt

C:\Documents and Settings\Robert\Cookies\robert@atdmt[3].txt

C:\Documents and Settings\Robert\Cookies\robert@www.sexymaturethumbs[2].txt

C:\Documents and Settings\Robert\Cookies\robert@sexvnature[2].txt

C:\Documents and Settings\Robert\Cookies\robert@stat.swedbank[1].txt

C:\Documents and Settings\Robert\Cookies\robert@track.adform[2].txt

C:\Documents and Settings\Robert\Cookies\robert@paycounter[1].txt

C:\Documents and Settings\Robert\Cookies\robert@msnportal.112.2o7[1].txt

C:\Documents and Settings\Robert\Cookies\robert@advertising[1].txt

C:\Documents and Settings\Robert\Cookies\robert@indextools[2].txt

C:\Documents and Settings\Robert\Cookies\robert@tns-counter[2].txt

C:\Documents and Settings\Robert\Cookies\robert@1072667108[1].txt

C:\Documents and Settings\Robert\Cookies\robert@rambler[1].txt

C:\Documents and Settings\Robert\Cookies\robert@counter6.sextracker[2].txt

C:\Documents and Settings\Robert\Cookies\robert@ad.yieldmanager[1].txt

C:\Documents and Settings\Robert\Cookies\robert@revenue[1].txt

C:\Documents and Settings\Robert\Cookies\robert@sexmaturity[2].txt

C:\Documents and Settings\Robert\Cookies\robert@realsexcash[2].txt

C:\Documents and Settings\Robert\Cookies\robert@counter16.sextracker[2].txt

C:\Documents and Settings\Robert\Cookies\robert@ads.nordichardware[2].txt

C:\Documents and Settings\Robert\Cookies\robert@counter1.sextracker[1].txt

C:\Documents and Settings\Robert\Cookies\robert@www.xxx69[1].txt

C:\Documents and Settings\Robert\Cookies\robert@fortunecity[1].txt

C:\Documents and Settings\Robert\Cookies\robert@st[12].txt

C:\Documents and Settings\Robert\Cookies\robert@ads.tripod.spray[1].txt

C:\Documents and Settings\Robert\Cookies\robert@freesexnet[2].txt

C:\Documents and Settings\Robert\Cookies\robert@statse.webtrendslive[2].txt

C:\Documents and Settings\Robert\Cookies\robert@counter10.sextracker[1].txt

C:\Documents and Settings\Robert\Cookies\robert@counter13.sextracker[1].txt

C:\Documents and Settings\Robert\Cookies\robert@ad1.emediate[2].txt

C:\Documents and Settings\Robert\Cookies\robert@7563302[1].txt

C:\Documents and Settings\Robert\Cookies\robert@casalemedia[2].txt

C:\Documents and Settings\Robert\Cookies\robert@www.4xxxtremepleasures[1].txt

C:\Documents and Settings\Robert\Cookies\robert@adultreviews[1].txt

C:\Documents and Settings\Robert\Cookies\robert@www.adult-mpg[2].txt

C:\Documents and Settings\Robert\Cookies\robert@partygaming.122.2o7[1].txt

C:\Documents and Settings\Robert\Cookies\robert@www.maturexxxclips[2].txt

C:\Documents and Settings\Robert\Cookies\robert@adtech[2].txt

C:\Documents and Settings\Robert\Cookies\robert@www.gimmesex[2].txt

C:\Documents and Settings\Robert\Cookies\robert@cgi-bin[3].txt

C:\Documents and Settings\Robert\Cookies\robert@a.websponsors[2].txt

C:\Documents and Settings\Robert\Cookies\robert@cz11.clickzs[2].txt

C:\Documents and Settings\Robert\Cookies\robert@www.sexhungrymoms[1].txt

C:\Documents and Settings\Robert\Cookies\robert@ads.advancedpcmedia[2].txt

C:\Documents and Settings\Robert\Cookies\robert@fastclick[1].txt

C:\Documents and Settings\Robert\Cookies\robert@torget[3].txt

C:\Documents and Settings\Robert\Cookies\robert@hitbox[2].txt

C:\Documents and Settings\Robert\Cookies\robert@zedo[2].txt

C:\Documents and Settings\Robert\Cookies\robert@c5.zedo[1].txt

C:\Documents and Settings\Robert\Cookies\robert@devart.adbureau[1].txt

C:\Documents and Settings\Robert\Cookies\robert@sexhistorier[1].txt

C:\Documents and Settings\Robert\Cookies\robert@as1.falkag[1].txt

C:\Documents and Settings\Robert\Cookies\robert@stats1.reliablestats[1].txt

C:\Documents and Settings\Robert\Cookies\robert@ehg-nokiafin.hitbox[1].txt

C:\Documents and Settings\Robert\Cookies\robert@5667.luftgropmedia[2].txt

C:\Documents and Settings\Robert\Cookies\robert@ehg-digg.hitbox[1].txt

C:\Documents and Settings\Robert\Cookies\robert@ad1.emediate[1].txt

C:\Documents and Settings\Robert\Cookies\robert@8710.luftgropmedia[1].txt

C:\Documents and Settings\Robert\Cookies\robert@1071893385[1].txt

C:\Documents and Settings\Robert\Cookies\robert@galleries.amateursexhunters[1].txt

C:\Documents and Settings\Robert\Cookies\robert@tribalfusion[3].txt

C:\Documents and Settings\Robert\Cookies\robert@counter7.sextracker[1].txt

C:\Documents and Settings\Robert\Cookies\robert@questionmarket[2].txt

C:\Documents and Settings\Robert\Cookies\robert@www.realoldsex[1].txt

C:\Documents and Settings\Robert\Cookies\robert@hostedctr[1].txt

C:\Documents and Settings\Robert\Cookies\robert@www.belstat[2].txt

C:\Documents and Settings\Robert\Cookies\robert@partypoker[1].txt

C:\Documents and Settings\Robert\Cookies\robert@www.naturalxxx[2].txt

C:\Documents and Settings\Robert\Cookies\robert@ads.op[2].txt

C:\Documents and Settings\Robert\Cookies\robert@8364.luftgropmedia[1].txt

C:\Documents and Settings\Robert\Cookies\robert@freesexparty[1].txt

C:\Documents and Settings\Robert\Cookies\robert@st[24].txt

C:\Documents and Settings\Robert\Cookies\robert@ad.zanox[1].txt

C:\Documents and Settings\Robert\Cookies\robert@adopt.euroclick[2].txt

C:\Documents and Settings\Robert\Cookies\robert@counter15.sextracker[1].txt

C:\Documents and Settings\Robert\Cookies\robert@drivecleaner[1].txt

C:\Documents and Settings\Robert\Cookies\robert@admarketplace[1].txt

C:\Documents and Settings\Robert\Cookies\robert@9591.luftgropmedia[2].txt

C:\Documents and Settings\Robert\Cookies\robert@3200.luftgropmedia[1].txt

C:\Documents and Settings\Robert\Cookies\robert@5250.luftgropmedia[2].txt

C:\Documents and Settings\Robert\Cookies\robert@counter3.sextracker[2].txt

C:\Documents and Settings\Robert\Cookies\robert@9792.luftgropmedia[1].txt

C:\Documents and Settings\Robert\Cookies\robert@231213211232321[1].txt

C:\Documents and Settings\Robert\Cookies\robert@1070132944[1].txt

C:\Documents and Settings\Robert\Cookies\robert@www.drivecleaner[1].txt

C:\Documents and Settings\Robert\Cookies\robert@bluestreak[1].txt

C:\Documents and Settings\Robert\Cookies\robert@new-pcp[1].txt

C:\Documents and Settings\Robert\Cookies\robert@1070173924[1].txt

C:\Documents and Settings\Robert\Cookies\robert@metacafe.122.2o7[1].txt

C:\Documents and Settings\Robert\Cookies\robert@8450.luftgropmedia[2].txt

C:\Documents and Settings\Robert\Cookies\robert@6595.luftgropmedia[2].txt

C:\Documents and Settings\Robert\Cookies\robert@mb[2].txt

C:\Documents and Settings\Robert\Cookies\robert@e2.emediate[1].txt

C:\Documents and Settings\Robert\Cookies\robert@stats.drivecleaner[2].txt

C:\Documents and Settings\Robert\Cookies\robert@4958.luftgropmedia[1].txt

C:\Documents and Settings\Robert\Cookies\robert@mb[1].txt

C:\Documents and Settings\Robert\Cookies\robert@overture[1].txt

C:\Documents and Settings\Robert\Cookies\robert@8079.luftgropmedia[2].txt

C:\Documents and Settings\Robert\Cookies\robert@adserver.banneradministration[1].txt

C:\Documents and Settings\Robert\Cookies\robert@1068827783[1].txt

C:\Documents and Settings\Robert\Cookies\robert@se.drivecleaner[2].txt

C:\Documents and Settings\Robert\Cookies\robert@www.homesweethomesex[2].txt

C:\Documents and Settings\Robert\Cookies\robert@aff.primaryads[2].txt

C:\Documents and Settings\Robert\Cookies\robert@8429.luftgropmedia[2].txt

C:\Documents and Settings\Robert\Cookies\robert@clicktorrent[2].txt

C:\Documents and Settings\Robert\Cookies\robert@8672.luftgropmedia[1].txt

C:\Documents and Settings\Robert\Cookies\robert@6112.luftgropmedia[2].txt

C:\Documents and Settings\Robert\Cookies\robert@mb[4].txt

C:\Documents and Settings\Robert\Cookies\robert@perf.overture[1].txt

C:\Documents and Settings\Robert\Cookies\robert@2741.luftgropmedia[2].txt

C:\Documents and Settings\Robert\Cookies\robert@4432.luftgropmedia[2].txt

C:\Documents and Settings\Robert\Cookies\robert@st[31].txt

C:\Documents and Settings\Robert\Cookies\robert@www.freesexparty[2].txt

C:\Documents and Settings\Robert\Cookies\robert@ehg-ptj.hitbox[1].txt

C:\Documents and Settings\Robert\Cookies\robert@tacoda[1].txt

C:\Documents and Settings\Robert\Cookies\robert@1953.luftgropmedia[2].txt

C:\Documents and Settings\Robert\Cookies\robert@torget[2].txt

C:\Documents and Settings\Robert\Cookies\robert@atwola[1].txt

C:\Documents and Settings\Robert\Cookies\robert@apmebf[1].txt

C:\Documents and Settings\Robert\Cookies\robert@www.click4porn[1].txt

C:\Documents and Settings\Robert\Cookies\robert@adultbouncer[1].txt

C:\Documents and Settings\Robert\Cookies\robert@amsterdamlivexxx[2].txt

C:\Documents and Settings\Robert\Cookies\robert@counter4.sextracker[2].txt

C:\Documents and Settings\Robert\Cookies\robert@xtendmedia[1].txt

C:\Documents and Settings\Robert\Cookies\robert@pacificpoker[2].txt

 

Adware.Avenue Media/Internet Optimizer

HKU\S-1-5-21-789336058-854245398-682003330-1001\Software\Microsoft\Internet Explorer\URLSearchHooks#_{CFBFAE00-17A6-11D0-99CB-00C04FD64497}

 

Adware.GAIN/Gator

HKLM\Software\Gator.com

HKLM\Software\Gator.com\Gator

HKLM\Software\Gator.com\Gator\dyn

HKLM\Software\Gator.com\Gator\dyn#PdpFirstStart

HKLM\Software\Gator.com\Gator\stat

HKLM\Software\Gator.com\Gator\stat#Guid

HKLM\Software\Gator.com\Gator\stat#MID

 

Adware.ClickSpring/Yazzle

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yazzle1122Oin

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yazzle1122Oin#DisplayName

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yazzle1122Oin#UninstallString

[/log]

 

o här är hijack:

[log]Logfile of HijackThis v1.99.1

Scan saved at 16:33:29, on 2006-12-01

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

c:\program\delade filer\logitech\lvmvfm\LVPrcSrv.exe

C:\Program\No-IP\DUC20.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\WgaTray.exe

C:\WINDOWS\Explorer.EXE

C:\Program\D-Tools\daemon.exe

C:\WINDOWS\system32\LVCOMSX.EXE

C:\Program\Logitech\Video\CameraAssistant.exe

C:\WINDOWS\system32\ElkCtrl.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\WINDOWS\system32\rundll32.exe

C:\Program\Java\jre1.5.0_06\bin\jusched.exe

C:\Program\Microsoft IntelliType Pro\type32.exe

C:\Documents and Settings\Robert\winstall.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\s?curity\n?tdde.exe

C:\Program\SUPERAntiSpyware\SUPERAntiSpyware.exe

C:\Program\Personal\bin\Personal.exe

C:\Program\TechSmith\SnagIt 7\SnagIt32.exe

C:\Program\TechSmith\SnagIt 7\TSCHelp.exe

C:\Program\Delade filer\{98D435A7-07D4-1053-0122-03041803002e}\Update.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program\Internet Explorer\IEXPLORE.EXE

C:\WINDOWS\system32\RACLE~1\iexplore.exe

E:\Robban\Program\Småprog\HijackThis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tv.nu/

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar

R3 - URLSearchHook: (no name) - {C75CC807-09EC-0240-CDAA-5150A4F328C4} - C:\WINDOWS\system32\wormr.dll

O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program\TechSmith\SnagIt 7\SnagItBHO.dll

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program\Java\jre1.5.0_06\bin\ssv.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program\Delade filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: 888Bar - {C004DEC2-2623-438e-9CA2-C9043AB28508} - C:\Program\DELADE~1\{38D43~1\888Bar.dll

O2 - BHO: (no name) - {C75CC807-09EC-0240-CDAA-5150A4F328C4} - C:\WINDOWS\system32\wormr.dll

O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program\TechSmith\SnagIt 7\SnagItIEAddin.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)

O3 - Toolbar: 888Bar - {C004DEC2-2623-438e-9CA2-C9043AB28508} - C:\Program\DELADE~1\{38D43~1\888Bar.dll

O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program\D-Tools\daemon.exe" -lang 1033

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE

O4 - HKLM\..\Run: [LogitechCameraAssistant] C:\Program\Logitech\Video\CameraAssistant.exe

O4 - HKLM\..\Run: [LogitechVideo[inspector]] C:\Program\Logitech\Video\InstallHelper.exe /inspect

O4 - HKLM\..\Run: [LogitechCameraService(E)] C:\WINDOWS\system32\ElkCtrl.exe /automation

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program\Java\jre1.5.0_06\bin\jusched.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [type32] "C:\Program\Microsoft IntelliType Pro\type32.exe"

O4 - HKLM\..\Run: [explorer] C:\Documents and Settings\Robert\winstall.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [µTorrent] "C:\Program\uTorrent\utorrent.exe"

O4 - HKCU\..\Run: [Fjgwtj] C:\WINDOWS\s?curity\n?tdde.exe

O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program\SUPERAntiSpyware\SUPERAntiSpyware.exe

O4 - HKCU\..\Run: [Osse] "C:\WINDOWS\system32\RACLE~1\iexplore.exe" -vt ndrv

O4 - Global Startup: Personal.lnk = C:\Program\Personal\bin\Personal.exe

O4 - Global Startup: SnagIt 7.lnk = C:\Program\TechSmith\SnagIt 7\SnagIt32.exe

O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_06\bin\ssv.dll

O16 - DPF: {E055C02E-6258-40FF-80A7-3BDA52FACAD7} (Installer Class) - http://activex.matcash.com/speedtest2.dll

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program\MSNMES~1\MSGRAP~1.DLL

O20 - Winlogon Notify: !SASWinLogon - C:\Program\SUPERAntiSpyware\SASWINLO.dll

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program\delade filer\logitech\lvmvfm\LVPrcSrv.exe

O23 - Service: NoIPDUCService - Vitalwerks LLC - C:\Program\No-IP\DUC20.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

 

[/log]

 

Länk till kommentar
Dela på andra webbplatser

Kontrollpanelen - Lägg till eller ta bort program

Ta bort 888Bar om den finns där

 

Bland annat finns det spionprogrammet PurityScan i loggen. Vi börjar med att åtgärda den.

 

Ladda ner http://www.mvps.org/winhelp2002/hosts.zip till Skrivbordet.

Packa upp filen. En ny mapp Hosts skapas på Skrivbordet.

Dubbelklicka på mappen för att öppna den.

Dubbelklicka på filen mvps.bat för att starta programmet.

Detta program kommer att byta ut datorns Hosts-fil så att PurityScan-otrevligheten förhindras komma i kontakt med sin skapare. Det kommer också förhindra att du kan besöka sidor som är ökända för att installera otrevligheter på datorn. Du kan läsa mer om det här:

http://www.mvps.org/winhelp2002/hosts.htm

 

Kontrollpanelen - Lägg till eller ta bort program

Om något av följande finns i listan så ta bort:

Oin

Yazzle by Oin

Purityscan by Oin

Snowballwars by Oin

eller något liknande med Oin eller Outerinfo i sig.

Zolero

Tizzletalk

MediaTickets

Cowabanga

 

Ladda ner och kör avinstallationsprogrammet

http://www.outerinfo.com/OiUninstaller.exe

Om du behöver anvisningar så finns de här: http://www.outerinfo.com/howto.html

 

Starta om datorn

 

Ladda ner ComboFix:

http://download.bleepingcomputer.com/sUBs/combofix.exe

 

Kör den och följ anvisningarna som visas.

 

VIKTIGT! Klicka inte på Combofix-fönstret med musen när den körs annars kan den hänga upp sig.

 

När den är färdig så ska en logg komma upp, klistra in den här, samt en ny HijackThis-logg.

 

Länk till kommentar
Dela på andra webbplatser

[log]Robert - 06-12-01 16:51:28,26 Service Pack 2

ComboFix 06.11.27W - Running from: "C:\Documents and Settings\Robert\Skrivbord"

 

(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

 

 

C:\Program\Delade filer\Yazzle1122OinAdmin.exe

C:\Program\Delade filer\Yazzle1122OinUninstaller.exe

C:\Program\Inetget2

C:\Program\Delade filer\{38D435A7-07D4-1053-0122-03041803002e}

C:\Program\Delade filer\{98D435A7-07D4-1053-0122-03041803002e}

 

~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ Purity ~ ~ ~ ~ ~ ~ ~ ~~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~

 

Folders Quarantined:

 

C:\QooBox\Purity\WINDOWS\SCURIT~1

C:\QooBox\Purity\WINDOWS\system32\RACLE~1

C:\QooBox\Purity\WINDOWS\system32\RACLE~1\RACLE~1

 

 

((((((((((((((((((((((((((((((( Files Created from 2006-11-01 to 2006-12-01 ))))))))))))))))))))))))))))))))))

 

 

2006-12-01 16:48 <KAT> dr-h----- C:\Documents and Settings\Robert\Recent

2006-12-01 16:18 <KAT> d-------- C:\Program\SUPERAntiSpyware

2006-12-01 16:18 <KAT> d-------- C:\Documents and Settings\Robert\Application Data\SUPERAntiSpyware.com

2006-12-01 15:15 52,161 --a------ C:\Documents and Settings\Robert\mt-uninstaller.exe

2006-12-01 15:15 138,565 --a------ C:\Documents and Settings\Robert\mcnew.exe

2006-12-01 15:15 122,880 --a------ C:\Documents and Settings\Robert\winstall.exe

2006-12-01 14:35 77,824 --a------ C:\Documents and Settings\Robert\gsetup.exe

2006-11-30 18:40 <KAT> d---s---- C:\Documents and Settings\Robert\UserData

2006-11-28 00:35 <KAT> d-------- C:\Program\Microsoft IntelliType Pro

2006-11-24 15:22 <KAT> d-------- C:\Program\Google

2006-11-23 19:21 <KAT> d-a------ C:\Program\Furnish Lite

2006-11-04 19:21 <KAT> d-------- C:\Program\QuickTime

2006-11-04 14:14 1,245,696 --a------ C:\WINDOWS\system32\msxml4.dll

 

 

(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

 

 

2006-12-01 16:52 -------- d-------- C:\Program\Delade filer

2006-12-01 16:38 -------- d-------- C:\Program\MSN Messenger

2006-12-01 16:38 -------- d-------- C:\Program\Delade filer\Microsoft Shared

2006-12-01 16:18 -------- d-------- C:\Program\Delade filer\Wise Installation Wizard

2006-12-01 12:41 -------- d-------- C:\Program\DC++

2006-12-01 12:22 -------- d-------- C:\Program\Winamp

2006-11-25 14:56 -------- d-------- C:\Program\H„lsovakten-Plus

2006-11-25 14:40 21840 --a----t- C:\WINDOWS\system32\SIntfNT.dll

2006-11-25 14:40 17212 --a----t- C:\WINDOWS\system32\SIntf32.dll

2006-11-25 14:40 12067 --a----t- C:\WINDOWS\system32\SIntf16.dll

2006-11-24 15:22 -------- d--h----- C:\Program\InstallShield Installation Information

2006-11-17 03:00 -------- d-------- C:\Program\Internet Explorer

2006-10-24 14:01 -------- d-------- C:\Documents and Settings\Robert\Application Data\Adobe

2006-10-15 02:00 -------- d-------- C:\Program\MSXML 4.0

2006-10-13 13:41 65536 --a------ C:\WINDOWS\system32\nwwks.dll

2006-10-13 13:41 64000 --a------ C:\WINDOWS\system32\nwapi32.dll

2006-10-13 13:41 141824 --a------ C:\WINDOWS\system32\nwprovau.dll

2006-10-13 11:23 163584 --a------ C:\WINDOWS\system32\drivers\nwrdr.sys

2006-10-10 08:00 -------- d-------- C:\Program\Azureus

2006-10-10 08:00 -------- d-------- C:\Documents and Settings\Robert\Application Data\Azureus

2006-10-10 07:44 -------- d-------- C:\Documents and Settings\Robert\Application Data\uTorrent

2006-10-06 18:19 -------- d-------- C:\Program\WinRAR

2006-10-05 11:54 -------- d-------- C:\Program\D-Tools

2006-10-04 10:44 -------- d-------- C:\Program\PokerStars

2006-10-03 16:06 -------- d---s---- C:\Documents and Settings\Robert\Application Data\Microsoft

2006-09-16 11:57 68949 --a------ C:\WINDOWS\system32\LakeLE50.dll

2006-09-13 06:07 1084416 --a------ C:\WINDOWS\system32\msxml3.dll

 

 

(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

 

*Note* empty entries are not shown

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]

"CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.exe"

"MsnMsgr"="\"C:\\Program\\MSN Messenger\\MsnMsgr.Exe\" /background"

"µTorrent"="\"C:\\Program\\uTorrent\\utorrent.exe\""

"SUPERAntiSpyware"="C:\\Program\\SUPERAntiSpyware\\SUPERAntiSpyware.exe"

"Osse"="\"C:\\WINDOWS\\system32\\RACLE~1\\iexplore.exe\" -vt ndrv"

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]

"DAEMON Tools-1033"="\"C:\\Program\\D-Tools\\daemon.exe\" -lang 1033"

"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"

"LVCOMSX"="C:\\WINDOWS\\system32\\LVCOMSX.EXE"

"LogitechCameraAssistant"="C:\\Program\\Logitech\\Video\\CameraAssistant.exe"

"LogitechVideo[inspector]"="C:\\Program\\Logitech\\Video\\InstallHelper.exe /inspect"

"LogitechCameraService(E)"="C:\\WINDOWS\\system32\\ElkCtrl.exe /automation"

"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"

"nwiz"="nwiz.exe /install"

"NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvMcTray.dll,NvTaskbarInit"

"BluetoothAuthenticationAgent"="rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent"

"SunJavaUpdateSched"="C:\\Program\\Java\\jre1.5.0_06\\bin\\jusched.exe"

"QuickTime Task"="\"C:\\Program\\QuickTime\\qttask.exe\" -atboottime"

"type32"="\"C:\\Program\\Microsoft IntelliType Pro\\type32.exe\""

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]

"Installed"="1"

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]

"Installed"="1"

"NoChange"="1"

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]

"Installed"="1"

 

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]

"DeskHtmlVersion"=dword:00000110

"DeskHtmlMinorVersion"=dword:00000005

"Settings"=dword:00000001

"GeneralFlags"=dword:00000001

 

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]

"Source"="About:Home"

"SubscribedURL"="About:Home"

"FriendlyName"="Min aktuella startsida"

"Flags"=dword:00000002

"Position"=hex:2c,00,00,00,00,01,00,00,00,00,00,00,00,04,00,00,e2,03,00,00,00, 00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00

"CurrentState"=hex:04,00,00,40

"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff, ff,ff,04,00,00,00

"RestoredStateInfo"=hex:18,00,00,00,68,02,00,00,1f,00,00,00,a8,00,00,00,9e,00, 00,00,01,00,00,00

 

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]

"CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"

 

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]

"nlsf"=hex(2):63,6d,64,2e,65,78,65,20,2f,43,20,6d,6f,76,65,20,2f,59,20,22,25, 53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,65,6d,33,32,5c,73,79,73,73, 65,74,75,62,2e,64,6c,6c,22,20,22,25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53, 79,73,74,65,6d,33,32,5c,73,79,73,73,65,74,75,70,2e,64,6c,6c,22,00

"tscuninstall"=hex(2):25,73,79,73,74,65,6d,72,6f,6f,74,25,5c,73,79,73,74,65,6d, 33,32,5c,74,73,63,75,70,67,72,64,2e,65,78,65,00

 

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]

"CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"

 

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\runonce]

"nlsf"=hex(2):63,6d,64,2e,65,78,65,20,2f,43,20,6d,6f,76,65,20,2f,59,20,22,25, 53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,65,6d,33,32,5c,73,79,73,73, 65,74,75,62,2e,64,6c,6c,22,20,22,25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53, 79,73,74,65,6d,33,32,5c,73,79,73,73,65,74,75,70,2e,64,6c,6c,22,00

"tscuninstall"=hex(2):25,73,79,73,74,65,6d,72,6f,6f,74,25,5c,73,79,73,74,65,6d, 33,32,5c,74,73,63,75,70,67,72,64,2e,65,78,65,00

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]

"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"

"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]

"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=""

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"NoDriveTypeAutoRun"=dword:00000091

"NoSMHelp"=dword:00000001

"NoSharedDocuments"=dword:00000001

"ClearRecentDocsOnExit"=dword:00000001

"NoRecentDocsMenu"=dword:00000001

"NoRecentDocsHistory"=dword:00000001

"NoResolveTrack"=dword:00000001

"LinkResolveIgnoreLinkInfo "=dword:00000001

"NoInstrumentation"=dword:00000001

"StartMenuLogoff"=dword:00000001

"ForceStartMenuLogoff"=dword:00000000

"NoSMMyDocs"=dword:00000001

"NoUserNameInStartMenu"=dword:00000001

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"dontdisplaylastusername"=dword:00000000

"legalnoticecaption"=""

"legalnoticetext"=""

"shutdownwithoutlogon"=dword:00000001

"undockwithoutlogon"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

"ForceClassicControlPanel"=dword:00000001

"NoDriveTypeAutoRun"=hex:b5,00,00,00

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]

 

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]

"NoDriveTypeAutoRun"=dword:00000091

"NoSMHelp"=dword:00000001

"NoSharedDocuments"=dword:00000001

"ClearRecentDocsOnExit"=dword:00000001

"NoRecentDocsMenu"=dword:00000001

"NoRecentDocsHistory"=dword:00000001

"NoResolveTrack"=dword:00000001

"LinkResolveIgnoreLinkInfo "=dword:00000001

"NoInstrumentation"=dword:00000001

"StartMenuLogoff"=dword:00000001

"ForceStartMenuLogoff"=dword:00000000

"NoSMMyDocs"=dword:00000001

"NoUserNameInStartMenu"=dword:00000001

 

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]

"NoDriveTypeAutoRun"=dword:00000091

"NoSMHelp"=dword:00000001

"NoSharedDocuments"=dword:00000001

"ClearRecentDocsOnExit"=dword:00000001

"NoRecentDocsMenu"=dword:00000001

"NoRecentDocsHistory"=dword:00000001

"NoResolveTrack"=dword:00000001

"LinkResolveIgnoreLinkInfo "=dword:00000001

"NoInstrumentation"=dword:00000001

"StartMenuLogoff"=dword:00000001

"ForceStartMenuLogoff"=dword:00000000

"NoSMMyDocs"=dword:00000001

"NoUserNameInStartMenu"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]

"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"

"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"

"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"

"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"

 

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]

"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

 

Completion time: 06-12-01 16:52:22.85

C:\ComboFix.txt ... 06-12-01 16:52

[/log]

 

[log]Logfile of HijackThis v1.99.1

Scan saved at 16:54:39, on 2006-12-01

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

c:\program\delade filer\logitech\lvmvfm\LVPrcSrv.exe

C:\Program\No-IP\DUC20.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\Program\D-Tools\daemon.exe

C:\WINDOWS\system32\LVCOMSX.EXE

C:\Program\Logitech\Video\CameraAssistant.exe

C:\WINDOWS\system32\ElkCtrl.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\WINDOWS\system32\rundll32.exe

C:\Program\Java\jre1.5.0_06\bin\jusched.exe

C:\Program\Microsoft IntelliType Pro\type32.exe

C:\Documents and Settings\Robert\winstall.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program\MSN Messenger\MsnMsgr.Exe

C:\Program\SUPERAntiSpyware\SUPERAntiSpyware.exe

C:\Program\Personal\bin\Personal.exe

C:\Program\TechSmith\SnagIt 7\SnagIt32.exe

C:\Program\TechSmith\SnagIt 7\TSCHelp.exe

C:\WINDOWS\system32\WgaTray.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program\Internet Explorer\iexplore.exe

C:\WINDOWS\system32\NOTEPAD.EXE

E:\Robban\Program\Småprog\HijackThis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tv.nu/

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar

O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program\TechSmith\SnagIt 7\SnagItBHO.dll

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program\Java\jre1.5.0_06\bin\ssv.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program\Delade filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program\TechSmith\SnagIt 7\SnagItIEAddin.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)

O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program\D-Tools\daemon.exe" -lang 1033

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE

O4 - HKLM\..\Run: [LogitechCameraAssistant] C:\Program\Logitech\Video\CameraAssistant.exe

O4 - HKLM\..\Run: [LogitechVideo[inspector]] C:\Program\Logitech\Video\InstallHelper.exe /inspect

O4 - HKLM\..\Run: [LogitechCameraService(E)] C:\WINDOWS\system32\ElkCtrl.exe /automation

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program\Java\jre1.5.0_06\bin\jusched.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [type32] "C:\Program\Microsoft IntelliType Pro\type32.exe"

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [µTorrent] "C:\Program\uTorrent\utorrent.exe"

O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program\SUPERAntiSpyware\SUPERAntiSpyware.exe

O4 - HKCU\..\Run: [Osse] "C:\WINDOWS\system32\RACLE~1\iexplore.exe" -vt ndrv

O4 - Global Startup: Personal.lnk = C:\Program\Personal\bin\Personal.exe

O4 - Global Startup: SnagIt 7.lnk = C:\Program\TechSmith\SnagIt 7\SnagIt32.exe

O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_06\bin\ssv.dll

O16 - DPF: {E055C02E-6258-40FF-80A7-3BDA52FACAD7} (Installer Class) - http://activex.matcash.com/speedtest2.dll

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program\MSNMES~1\MSGRAP~1.DLL

O20 - Winlogon Notify: !SASWinLogon - C:\Program\SUPERAntiSpyware\SASWINLO.dll

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program\delade filer\logitech\lvmvfm\LVPrcSrv.exe

O23 - Service: NoIPDUCService - Vitalwerks LLC - C:\Program\No-IP\DUC20.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

 

[/log]

 

Länk till kommentar
Dela på andra webbplatser

Gå till http://www.virustotal.com/ klistra in ett av följande filnamn i rutan, tryck på Send och vänta tills resultatet är klart (Status blir Finished). Klistra in resultatet (inkl. filstorlek) här. Upprepa med nästa filnamn.

C:\WINDOWS\system32\RACLE~1\iexplore.exe

C:\Documents and Settings\Robert\mt-uninstaller.exe

C:\Documents and Settings\Robert\mcnew.exe

C:\Documents and Settings\Robert\winstall.exe

C:\Documents and Settings\Robert\gsetup.exe

 

Sedan så är ibland själva MSN-programmet infekterat så det är bäst att avinstallera det och så installera på nytt när datorn är ren.

 

Länk till kommentar
Dela på andra webbplatser

[log]Aditional Information

File size: 0 bytes

MD5: d41d8cd98f00b204e9800998ecf8427e

SHA1: da39a3ee5e6b4b0d3255bfef95601890afd80709

[/log]

 

[log]Aditional Information

File size: 52161 bytes

MD5: 02cd0535a0c1f4c5bbd5864bdb62991f

SHA1: a9c7617caeaac658adbdc948c5446b8b982cafd8

Prevx info: http://fileinfo.prevx.com/fileinfo.asp?PXC=f70735095

Sunbelt info: PurityScan is an ad supported program that scans the user's Internet Explorer files, including browser cache, cookies and history for pornographic/adult related words and allows the user to delete them.

[/log]

 

[log]Aditional Information

File size: 138565 bytes

MD5: 2d0529050c24b177f44f6e0e45a73f5f

SHA1: a80ebaeb04b112fdf8f7f7b49fdea2b0e8189f8f

Prevx info: http://fileinfo.prevx.com/fileinfo.asp?PXC=911d59301763

[/log]

 

[log]Aditional Information

File size: 122880 bytes

MD5: e3e03c8bdfd1f9c7dc9f2103689c5018

SHA1: d1d19e9a102140aaaaf9fdf11ad1a7ca2374d28c

packers: MoleBox

packers: MOLEBOX

Prevx info: http://fileinfo.prevx.com/fileinfo.asp?PXC=ddda55735788

Sunbelt info: Trojan-Downloader.Gen is a group of Trojan Downloaders which install download and install multiple unwanted applications of adware and malware from remote servers.

[/log]

 

[log]Aditional Information

File size: 77824 bytes

MD5: 6cddd4ab39532004ea6d62134a9f845d

SHA1: b2bc20162bf6a47d3f4ed37e8d0709a2c25da285

packers: MoleBox

packers: MOLEBOX

Prevx info: http://fileinfo.prevx.com/fileinfo.asp?PXC=a91659275278

[/log]

 

Länk till kommentar
Dela på andra webbplatser

Hela resultatet från virustotal-sidan så att jag kan se vad som har hittats.

 

Jag tittar på det imorgon.

 

Länk till kommentar
Dela på andra webbplatser

Hehe, sorry=)

 

[log]STATUS: FINISHEDComplete scanning result of "iexplore.exe", received in VirusTotal at 12.01.2006, 18:42:14 (CET).

 

Antivirus Version Update Result

AntiVir 7.2.0.46 12.01.2006 no virus found

Authentium 4.93.8 11.30.2006 no virus found

Avast 4.7.892.0 12.01.2006 no virus found

AVG 386 12.01.2006 no virus found

BitDefender 7.2 12.01.2006 no virus found

CAT-QuickHeal 8.00 12.01.2006 no virus found

ClamAV devel-20060426 12.01.2006 no virus found

DrWeb 4.33 12.01.2006 no virus found

eSafe 7.0.14.0 11.30.2006 no virus found

eTrust-InoculateIT 23.73.73 12.01.2006 no virus found

eTrust-Vet 30.3.3225 12.01.2006 no virus found

Ewido 4.0 12.01.2006 no virus found

Fortinet 2.82.0.0 12.01.2006 no virus found

F-Prot 3.16f 11.30.2006 no virus found

F-Prot4 4.2.1.29 11.30.2006 no virus found

Ikarus 0.2.65.0 12.01.2006 no virus found

Kaspersky 4.0.2.24 12.01.2006 no virus found

McAfee 4908 11.30.2006 no virus found

Microsoft 1.1804 12.01.2006 no virus found

NOD32v2 1892 11.30.2006 no virus found

Norman 5.80.02 12.01.2006 no virus found

Panda 9.0.0.4 12.01.2006 no virus found

Prevx1 V2 12.01.2006 no virus found

Sophos 4.12.0 12.01.2006 no virus found

Sunbelt 2.2.907.0 11.30.2006 no virus found

TheHacker 6.0.3.127 12.01.2006 no virus found

UNA 1.83 11.30.2006 no virus found

VBA32 3.11.1 11.30.2006 no virus found

VirusBuster 4.3.15:9 12.01.2006 no virus found

 

 

Aditional Information

File size: 0 bytes

MD5: d41d8cd98f00b204e9800998ecf8427e

SHA1: da39a3ee5e6b4b0d3255bfef95601890afd80709

[/log]

 

[log]STATUS: FINISHEDComplete scanning result of "mt-uninstaller.exe", received in VirusTotal at 12.01.2006, 18:45:27 (CET).

 

Antivirus Version Update Result

AntiVir 7.2.0.46 12.01.2006 DR/Dyfuca.DB.1

Authentium 4.93.8 11.30.2006 is a security risk or a "backdoor" program

Avast 4.7.892.0 12.01.2006 Win32:Adware-gen.

AVG 386 12.01.2006 Collected.AF

BitDefender 7.2 12.01.2006 Application.Clickspring.A

CAT-QuickHeal 8.00 12.01.2006 AdWare.PurityScan.u (Not a Virus)

ClamAV devel-20060426 12.01.2006 no virus found

DrWeb 4.33 12.01.2006 Trojan.PurityAd

eSafe 7.0.14.0 11.30.2006 no virus found

eTrust-InoculateIT 23.73.73 12.01.2006 no virus found

eTrust-Vet 30.3.3225 12.01.2006 no virus found

Ewido 4.0 12.01.2006 Adware.PurityScan

Fortinet 2.82.0.0 12.01.2006 Adware/Purity.U

F-Prot 3.16f 11.30.2006 security risk or a "backdoor" program

F-Prot4 4.2.1.29 11.30.2006 generic

Ikarus 0.2.65.0 12.01.2006 no virus found

Kaspersky 4.0.2.24 12.01.2006 not-a-virus:AdWare.Win32.PurityScan.u

McAfee 4908 11.30.2006 potentially unwanted program Adware-MediaTickets

Microsoft 1.1804 12.01.2006 ClickSpring.PuritySCAN.Downloader (threat-c)

NOD32v2 1892 11.30.2006 Win32/Adware.MediaTickets

Norman 5.80.02 12.01.2006 PurityScan.NP

Panda 9.0.0.4 12.01.2006 Adware/MediaTickets

Prevx1 V2 12.01.2006 Installer.Adware.PurityScan

Sophos 4.12.0 12.01.2006 Media Tickets installer

Sunbelt 2.2.907.0 11.30.2006 ClickSpring.PuritySCAN

TheHacker 6.0.3.127 12.01.2006 Trojan/MultiDropper-nsis

UNA 1.83 11.30.2006 Adware.PurityScan.E3CA

VBA32 3.11.1 11.30.2006 Installer.Adware.PurityScan

VirusBuster 4.3.15:9 12.01.2006 Adware.MediaTickets.E

 

 

Aditional Information

File size: 52161 bytes

MD5: 02cd0535a0c1f4c5bbd5864bdb62991f

SHA1: a9c7617caeaac658adbdc948c5446b8b982cafd8

Prevx info: http://fileinfo.prevx.com/fileinfo.asp?PXC=f70735095

Sunbelt info: PurityScan is an ad supported program that scans the user's Internet Explorer files, including browser cache, cookies and history for pornographic/adult related words and allows the user to delete them.

[/log]

 

[log]STATUS: FINISHEDComplete scanning result of "mcnew.exe", received in VirusTotal at 12.01.2006, 18:47:56 (CET).

 

Antivirus Version Update Result

AntiVir 7.2.0.46 12.01.2006 HEUR/Malware

Authentium 4.93.8 11.30.2006 no virus found

Avast 4.7.892.0 12.01.2006 no virus found

AVG 386 12.01.2006 no virus found

BitDefender 7.2 12.01.2006 no virus found

CAT-QuickHeal 8.00 12.01.2006 no virus found

ClamAV devel-20060426 12.01.2006 no virus found

DrWeb 4.33 12.01.2006 no virus found

eSafe 7.0.14.0 11.30.2006 no virus found

eTrust-InoculateIT 23.73.73 12.01.2006 no virus found

eTrust-Vet 30.3.3225 12.01.2006 no virus found

Ewido 4.0 12.01.2006 no virus found

Fortinet 2.82.0.0 12.01.2006 no virus found

F-Prot 3.16f 11.30.2006 no virus found

F-Prot4 4.2.1.29 11.30.2006 no virus found

Ikarus 0.2.65.0 12.01.2006 no virus found

Kaspersky 4.0.2.24 12.01.2006 no virus found

McAfee 4908 11.30.2006 no virus found

Microsoft 1.1804 12.01.2006 no virus found

NOD32v2 1892 11.30.2006 no virus found

Norman 5.80.02 12.01.2006 no virus found

Panda 9.0.0.4 12.01.2006 Suspicious file

Prevx1 V2 12.01.2006 Downloader.Drev.A

Sophos 4.12.0 12.01.2006 no virus found

Sunbelt 2.2.907.0 11.30.2006 no virus found

TheHacker 6.0.3.127 12.01.2006 no virus found

UNA 1.83 12.01.2006 no virus found

VBA32 3.11.1 11.30.2006 no virus found

VirusBuster 4.3.15:9 12.01.2006 no virus found

 

 

Aditional Information

File size: 138565 bytes

MD5: 2d0529050c24b177f44f6e0e45a73f5f

SHA1: a80ebaeb04b112fdf8f7f7b49fdea2b0e8189f8f

Prevx info: http://fileinfo.prevx.com/fileinfo.asp?PXC=911d59301763

[/log]

 

[log]STATUS: FINISHEDComplete scanning result of "winstall.exe", received in VirusTotal at 12.01.2006, 19:10:03 (CET).

 

Antivirus Version Update Result

AntiVir 7.2.0.46 12.01.2006 ADSPY/PurityScan.U.4

Authentium 4.93.8 11.30.2006 no virus found

Avast 4.7.892.0 12.01.2006 Win32:PurityScan-AD

AVG 386 12.01.2006 Adware Generic.SCB

BitDefender 7.2 12.01.2006 Dropped:Application.Clickspring.A

CAT-QuickHeal 8.00 12.01.2006 Win95.SK

ClamAV devel-20060426 12.01.2006 no virus found

DrWeb 4.33 12.01.2006 no virus found

eSafe 7.0.14.0 11.30.2006 SuspiciousR-Mytob3

eTrust-InoculateIT 23.73.73 12.01.2006 Win32/Secdrop.HIO!Trojan

eTrust-Vet 30.3.3225 12.01.2006 Win32/Secdrop.NA

Ewido 4.0 12.01.2006 Adware.PurityScan

Fortinet 2.82.0.0 12.01.2006 Adware/PurityScan

F-Prot 3.16f 11.30.2006 no virus found

F-Prot4 4.2.1.29 11.30.2006 no virus found

Ikarus 0.2.65.0 12.01.2006 no virus found

Kaspersky 4.0.2.24 12.01.2006 not-a-virus:AdWare.Win32.PurityScan.u

McAfee 4909 12.01.2006 Generic LowZones.f

Microsoft 1.1804 12.01.2006 ClickSpring.PuritySCAN.Downloader

NOD32v2 1892 11.30.2006 no virus found

Norman 5.80.02 12.01.2006 Malware.CYU

Panda 9.0.0.4 12.01.2006 Adware/MediaTickets

Prevx1 V2 12.01.2006 Downloader.Drev.A

Sophos 4.12.0 12.01.2006 Troj/Dropper-MG

Sunbelt 2.2.907.0 11.30.2006 Trojan-Downloader.Gen

TheHacker 6.0.3.127 12.01.2006 Adware/PurityScan.u

UNA 1.83 12.01.2006 Adware.PurityScan.881E

VBA32 3.11.1 11.30.2006 suspected of Embedded.Installer.Adware.PurityScan

VirusBuster 4.3.15:9 12.01.2006 no virus found

 

 

Aditional Information

File size: 122880 bytes

MD5: e3e03c8bdfd1f9c7dc9f2103689c5018

SHA1: d1d19e9a102140aaaaf9fdf11ad1a7ca2374d28c

packers: MoleBox

packers: MOLEBOX

Prevx info: http://fileinfo.prevx.com/fileinfo.asp?PXC=ddda55735788

Sunbelt info: Trojan-Downloader.Gen is a group of Trojan Downloaders which install download and install multiple unwanted applications of adware and malware from remote servers.

[/log]

 

[log]STATUS: FINISHEDComplete scanning result of "gsetup.exe", received in VirusTotal at 12.01.2006, 19:13:49 (CET).

 

Antivirus Version Update Result

AntiVir 7.2.0.46 12.01.2006 no virus found

Authentium 4.93.8 11.30.2006 no virus found

Avast 4.7.892.0 12.01.2006 Win32:VB-AXQ

AVG 386 12.01.2006 no virus found

BitDefender 7.2 12.01.2006 no virus found

CAT-QuickHeal 8.00 12.01.2006 (Suspicious) - DNAScan

ClamAV devel-20060426 12.01.2006 no virus found

DrWeb 4.33 12.01.2006 no virus found

eSafe 7.0.14.0 11.30.2006 SuspiciousR-Mytob3

eTrust-InoculateIT 23.73.73 12.01.2006 no virus found

eTrust-Vet 30.3.3225 12.01.2006 no virus found

Ewido 4.0 12.01.2006 Trojan.Small

Fortinet 2.82.0.0 12.01.2006 suspicious

F-Prot 3.16f 11.30.2006 no virus found

F-Prot4 4.2.1.29 11.30.2006 no virus found

Ikarus 0.2.65.0 12.01.2006 no virus found

Kaspersky 4.0.2.24 12.01.2006 no virus found

McAfee 4909 12.01.2006 no virus found

Microsoft 1.1804 12.01.2006 no virus found

NOD32v2 1892 11.30.2006 no virus found

Norman 5.80.02 12.01.2006 no virus found

Panda 9.0.0.4 12.01.2006 Suspicious file

Prevx1 V2 12.01.2006 Polynomial.Code.Exploit

Sophos 4.12.0 12.01.2006 no virus found

Sunbelt 2.2.907.0 11.30.2006 no virus found

TheHacker 6.0.3.127 12.01.2006 no virus found

UNA 1.83 12.01.2006 no virus found

VBA32 3.11.1 11.30.2006 no virus found

VirusBuster 4.3.15:9 12.01.2006 no virus found

 

 

Aditional Information

File size: 77824 bytes

MD5: 6cddd4ab39532004ea6d62134a9f845d

SHA1: b2bc20162bf6a47d3f4ed37e8d0709a2c25da285

packers: MoleBox

packers: MOLEBOX

Prevx info: http://fileinfo.prevx.com/fileinfo.asp?PXC=a91659275278

[/log]

 

Länk till kommentar
Dela på andra webbplatser

Eric McIntosh

Vet inte om detta fungerar men funkar på en del.

 

Du går in på aktivitets hanteraren stängerner programet vad det nu heter..

Sen kan du gå in i läggtill tabort program och av instalerara det, det funkar med dom flesta.

 

MEN du måste få reda på vad det programet heter :/

 

Länk till kommentar
Dela på andra webbplatser

Alla filer antingen tomma eller otrevliga så det är bara att ta bort dem:

C:\Documents and Settings\Robert\mt-uninstaller.exe

C:\Documents and Settings\Robert\mcnew.exe

C:\Documents and Settings\Robert\winstall.exe

C:\Documents and Settings\Robert\gsetup.exe

C:\WINDOWS\system32\RACLE~1\iexplore.exe

där ~1 står för ett antal godtyckliga tecken

 

Du kan behöva ställa in Utforskaren så att du kan se alla filer:

Verktyg - (Mapp)alternativ eller liknande - Visning

Välj Visa dolda filer och mappar

Avbocka Dölj filnamnstillägg för kända filtyper

Avbocka Dölj skyddade operativsystemfiler

 

Hur uppför sig datorn?

 

Länk till kommentar
Dela på andra webbplatser

De på dokument fick jag bort, men den här hittade jag inte!

C:\WINDOWS\system32\RACLE~1\iexplore.exe

 

Datorn verkar ok nu iaf! Har inga konstigheter för sig som jag märkt av.

 

provar o installera om messenger med för säkerhets skull.

 

Länk till kommentar
Dela på andra webbplatser

När du har ställt in Windows som jag skrev, kan du då se någon mapp som börjar med RAC i C:\WINDOWS\system32? Vad heter mappen i så fall?

 

Det är en gammal Java-version med säkerhetshål i datorn. Avinstallera alla Java i Kontrollpanelen - Lägg till eller ta bort program och installera därefter en ny: http://www.java.com/sv/

 

Lägg hit en ny HijackThis-logg så får vi se hur det ser ut nu.

 

Länk till kommentar
Dela på andra webbplatser

[log]Logfile of HijackThis v1.99.1

Scan saved at 10:19:39, on 2006-12-02

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

c:\program\delade filer\logitech\lvmvfm\LVPrcSrv.exe

C:\Program\No-IP\DUC20.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost.exe

C:\Program\D-Tools\daemon.exe

C:\WINDOWS\system32\LVCOMSX.EXE

C:\Program\Logitech\Video\CameraAssistant.exe

C:\WINDOWS\system32\ElkCtrl.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\WINDOWS\system32\rundll32.exe

C:\Program\Microsoft IntelliType Pro\type32.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program\SUPERAntiSpyware\SUPERAntiSpyware.exe

C:\Program\Personal\bin\Personal.exe

C:\Program\TechSmith\SnagIt 7\SnagIt32.exe

C:\Program\TechSmith\SnagIt 7\TSCHelp.exe

C:\WINDOWS\system32\WgaTray.exe

C:\Program\Internet Explorer\IEXPLORE.EXE

C:\WINDOWS\system32\msiexec.exe

C:\Program\MSN Messenger\msnmsgr.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\explorer.exe

E:\Robban\Program\Småprog\HijackThis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tv.nu/

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar

O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program\TechSmith\SnagIt 7\SnagItBHO.dll

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program\Java\jre1.5.0_09\bin\ssv.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program\Delade filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program\TechSmith\SnagIt 7\SnagItIEAddin.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)

O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program\D-Tools\daemon.exe" -lang 1033

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE

O4 - HKLM\..\Run: [LogitechCameraAssistant] C:\Program\Logitech\Video\CameraAssistant.exe

O4 - HKLM\..\Run: [LogitechVideo[inspector]] C:\Program\Logitech\Video\InstallHelper.exe /inspect

O4 - HKLM\..\Run: [LogitechCameraService(E)] C:\WINDOWS\system32\ElkCtrl.exe /automation

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [type32] "C:\Program\Microsoft IntelliType Pro\type32.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program\Java\jre1.5.0_09\bin\jusched.exe"

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [µTorrent] "C:\Program\uTorrent\utorrent.exe"

O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program\SUPERAntiSpyware\SUPERAntiSpyware.exe

O4 - HKCU\..\Run: [Osse] "C:\WINDOWS\system32\RACLE~1\iexplore.exe" -vt ndrv

O4 - Global Startup: Personal.lnk = C:\Program\Personal\bin\Personal.exe

O4 - Global Startup: SnagIt 7.lnk = C:\Program\TechSmith\SnagIt 7\SnagIt32.exe

O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_09\bin\npjpi150_09.dll

O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_09\bin\npjpi150_09.dll

O16 - DPF: {E055C02E-6258-40FF-80A7-3BDA52FACAD7} (Installer Class) - http://activex.matcash.com/speedtest2.dll

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program\MSNMES~1\MSGRAP~1.DLL

O20 - Winlogon Notify: !SASWinLogon - C:\Program\SUPERAntiSpyware\SASWINLO.dll

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program\delade filer\logitech\lvmvfm\LVPrcSrv.exe

O23 - Service: NoIPDUCService - Vitalwerks LLC - C:\Program\No-IP\DUC20.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

 

[/log]

 

avinstallerade o installerade java som du sa, men i system32 finns det inget som börjar på rac.

 

Länk till kommentar
Dela på andra webbplatser

Skanna med HijackThis och bocka för:

 

O4 - HKCU\..\Run: [Osse] "C:\WINDOWS\system32\RACLE~1\iexplore.exe" -vt ndrv

O16 - DPF: {E055C02E-6258-40FF-80A7-3BDA52FACAD7} (Installer Class) - http://activex.matcash.com/speedtest2.dll

 

Avsluta alla andra program.

Tryck Fix checked.

 

Starta om datorn i felsäkert läge (tryck F8 upprepade gånger under uppstarten och välj felsäkert läge i menyn).

 

Ställ in Utforskaren så att du kan se alla filer:

Verktyg - (Mapp)alternativ eller liknande - Visning

Välj Visa dolda filer och mappar

Avbocka Dölj filnamnstillägg för kända filtyper

Avbocka Dölj skyddade operativsystemfiler

 

Ta bort filerna (om de finns kvar):

C:\WINDOWS\system32\RACLE~1\iexplore.exe

 

Starta om i normalt läge och så en ny HijackThis-logg.

 

Länk till kommentar
Dela på andra webbplatser

[log]Logfile of HijackThis v1.99.1

Scan saved at 10:47:20, on 2006-12-02

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

c:\program\delade filer\logitech\lvmvfm\LVPrcSrv.exe

C:\Program\No-IP\DUC20.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\Program\D-Tools\daemon.exe

C:\WINDOWS\system32\LVCOMSX.EXE

C:\Program\Logitech\Video\CameraAssistant.exe

C:\WINDOWS\system32\ElkCtrl.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\WINDOWS\system32\rundll32.exe

C:\Program\Microsoft IntelliType Pro\type32.exe

C:\Program\Java\jre1.5.0_09\bin\jusched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program\MSN Messenger\MsnMsgr.Exe

C:\WINDOWS\system32\WgaTray.exe

C:\Program\SUPERAntiSpyware\SUPERAntiSpyware.exe

C:\Program\Personal\bin\Personal.exe

C:\Program\TechSmith\SnagIt 7\SnagIt32.exe

C:\Program\TechSmith\SnagIt 7\TSCHelp.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program\Internet Explorer\iexplore.exe

E:\Robban\Program\Småprog\HijackThis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tv.nu/

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar

O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program\TechSmith\SnagIt 7\SnagItBHO.dll

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program\Java\jre1.5.0_09\bin\ssv.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program\Delade filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program\TechSmith\SnagIt 7\SnagItIEAddin.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)

O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program\D-Tools\daemon.exe" -lang 1033

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE

O4 - HKLM\..\Run: [LogitechCameraAssistant] C:\Program\Logitech\Video\CameraAssistant.exe

O4 - HKLM\..\Run: [LogitechVideo[inspector]] C:\Program\Logitech\Video\InstallHelper.exe /inspect

O4 - HKLM\..\Run: [LogitechCameraService(E)] C:\WINDOWS\system32\ElkCtrl.exe /automation

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [type32] "C:\Program\Microsoft IntelliType Pro\type32.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program\Java\jre1.5.0_09\bin\jusched.exe"

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [µTorrent] "C:\Program\uTorrent\utorrent.exe"

O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program\SUPERAntiSpyware\SUPERAntiSpyware.exe

O4 - Global Startup: Personal.lnk = C:\Program\Personal\bin\Personal.exe

O4 - Global Startup: SnagIt 7.lnk = C:\Program\TechSmith\SnagIt 7\SnagIt32.exe

O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_09\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_09\bin\ssv.dll

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program\MSNMES~1\MSGRAP~1.DLL

O20 - Winlogon Notify: !SASWinLogon - C:\Program\SUPERAntiSpyware\SASWINLO.dll

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program\delade filer\logitech\lvmvfm\LVPrcSrv.exe

O23 - Service: NoIPDUCService - Vitalwerks LLC - C:\Program\No-IP\DUC20.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

 

[/log]

 

men jag hittade fortfarande ingen rac-mapp.

 

Länk till kommentar
Dela på andra webbplatser

Nu finns i alla fall inte raden kvar så nu är det inget som kan köras (om det nu fanns i alla fall).

 

Här kommer mina vanliga råd för en säkrare dator, men det är så klart viktigt att man använder sitt förnuft också.

 

Uppdatera från Windows Update och kör antispionprogrammen AVG Anti-Spyware (Ewido), SUPERAntiSpyware, Spybot S&D och/eller Ad-aware regelbundet.

http://www.ewido.net/en/

http://www.superantispyware.com/

http://www.safer-networking.org/en/download/index.html

http://www.lavasoft.com

 

Komplettera antivirusprogrammet med några online-skanningar då och då:

http://housecall.trendmicro.com/

http://www.bitdefender.com/scan8/ie.html

http://www.pandasoftware.com/products/activescan/

 

Använd en brandvägg (bättre än den inbyggda i XP), finns gratis från t ex ZoneLabs.

http://www.zonelabs.com/store/content/home.jsp

 

Om man använder Internet Explorer så kan det vara lämpligt att ha programmen SpywareBlaster och SpywareGuard, vilka hindrar en hel del otrevliga program från att laddas ner resp. köras:

http://www.javacoolsoftware.com

 

Se över säkerhetsinställningarna i Internet Explorer, det finns en hel del tips här:

http://www.spywarewarrior.com/uiuc/btw/ie/ie-opts.htm

 

Samt kör IE-SpyAd som lägger en hel massa otrevliga webbplatser i zonen Ej tillförlitliga i Internet Explorer så att de inte kan göra något med datorn:

http://www.spywarewarrior.com/uiuc/resource.htm

 

Om man byter webbläsare så är det bara SpywareGuard som behövs. Andra webbläsare är t ex Mozilla Firefox och Opera:

http://www.mozilla.org

http://www.opera.com

 

Allt gratis för hemanvändare/personligt bruk.

 

Länk till kommentar
Dela på andra webbplatser

  • 7 months later...

Finns en kanon länk här, jag hade samma men dett simpla prg som nu även är 100% godkännt fixade det för mig Tack

AimFix-länk

 

http://jayloden.com/index.htm

 

Om du läser runt lite kommer du hitta en lista med symptomer och jag lovar dig du kommer känna igen det, jag hittade 6 olika som jag sett i mitt msn fönster

 

 

[inlägget ändrat 2007-07-12 23:08:22 av PibesiLL]

Länk till kommentar
Dela på andra webbplatser

  • 2 veckor senare...

Jagh ar ett virus som jag fick över MSN.

Filen ligger i:

C:\Windows\bak sana Paris Hilton ne hale gelmis hapiste.

Filen tar 0 kbt och kan inte tas barot manuellt för att "käll filen hittas inte"...

 

Första loggen för SUPER var:

[log]Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 19:54:11, on 2007-07-22

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\Program\Delade filer\Symantec Shared\ccEvtMgr.exe

C:\WINDOWS\Explorer.EXE

C:\Program\Delade filer\Symantec Shared\ccSetMgr.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program\Symantec AntiVirus\DefWatch.exe

C:\Program\Delade filer\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\PnkBstrA.exe

C:\WINDOWS\system32\svchost.exe

C:\Program\Symantec AntiVirus\Rtvscan.exe

C:\Program\Delade filer\Symantec Shared\ccApp.exe

C:\Program\SYMANT~1\VPTray.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\Program\D-Tools\daemon.exe

C:\Program\Logitech\iTouch\iTouch.exe

C:\Program\ATI Technologies\ATI Control Panel\atiptaxx.exe

C:\Program\Delade filer\Real\Update_OB\realsched.exe

C:\Program\QuickTime\qttask.exe

C:\Program\iTunes\iTunesHelper.exe

C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe

C:\Program\HP\hpcoretech\hpcmpmgr.exe

C:\Program\Hewlett-Packard\HP Software Update\HPWuSchd2.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\hphmon05.exe

C:\Program\CyberLink\PowerDVD\PDVDServ.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program\SUPERAntiSpyware\SUPERAntiSpyware.exe

C:\Program\iPod\bin\iPodService.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\Program\Mozilla Firefox\firefox.exe

C:\Program\Trend Micro\HijackThis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program\Delade filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O4 - HKLM\..\Run: [ccApp] "C:\Program\Delade filer\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [vptray] C:\Program\SYMANT~1\VPTray.exe

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program\D-Tools\daemon.exe" -lang 1033

O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program\Logitech\iTouch\iTouch.exe

O4 - HKLM\..\Run: [ATIPTA] "C:\Program\ATI Technologies\ATI Control Panel\atiptaxx.exe"

O4 - HKLM\..\Run: [TkBellExe] "C:\Program\Delade filer\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe

O4 - HKLM\..\Run: [HPHUPD05] C:\Program\Hewlett-Packard\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\hphupd05.exe

O4 - HKLM\..\Run: [HP Component Manager] "C:\Program\HP\hpcoretech\hpcmpmgr.exe"

O4 - HKLM\..\Run: [HP Software Update] "C:\Program\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"

O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\system32\hphmon05.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [RemoteControl] C:\Program\CyberLink\PowerDVD\PDVDServ.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [updateMgr] C:\Program\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9

O4 - HKCU\..\Run: [DVDXGhost] C:\Program\DVD Ghost\DVDGhost.EXE

O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program\SUPERAntiSpyware\SUPERAntiSpyware.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJÄNST')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Referensinformation - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O20 - Winlogon Notify: !SASWinLogon - C:\Program\SUPERAntiSpyware\SASWINLO.dll

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccPwdSvc.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccSetMgr.exe

O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program\Symantec AntiVirus\DefWatch.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program\Delade filer\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program\iPod\bin\iPodService.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe

O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program\Symantec AntiVirus\SavRoam.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\SNDSrvc.exe

O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program\Symantec AntiVirus\Rtvscan.exe

 

--

End of file - 6495 bytes

 

Andra loggen för HijackThis var:

SUPERAntiSpyware Scan Log

http://www.superantispyware.com

 

Generated 07/22/2007 at 07:35 PM

 

Application Version : 3.9.1008

 

Core Rules Database Version : 3259

Trace Rules Database Version: 1270

 

Scan type : Complete Scan

Total Scan Time : 00:34:00

 

Memory items scanned : 165

Memory threats detected : 0

Registry items scanned : 5319

Registry threats detected : 140

File items scanned : 28350

File threats detected : 8

 

Trojan.Smitfraud Variant

HKLM\Software\Classes\CLSID\{8bbe40fd-0416-4c3f-80ea-0c7ad5fb1aab}

HKCR\CLSID\{8BBE40FD-0416-4C3F-80EA-0C7AD5FB1AAB}

HKCR\CLSID\{8BBE40FD-0416-4C3F-80EA-0C7AD5FB1AAB}\InProcServer32

HKCR\CLSID\{8BBE40FD-0416-4C3F-80EA-0C7AD5FB1AAB}\InProcServer32#ThreadingModel

C:\WINDOWS\SYSTEM32\IGPFCED.DLL

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler#{8bbe40fd-0416-4c3f-80ea-0c7ad5fb1aab}

 

Trojan.Media-Codec/V3

HKLM\Software\Classes\CLSID\{CDE8EAB9-CEF3-4885-B12F-26960A25C800}

HKCR\CLSID\{CDE8EAB9-CEF3-4885-B12F-26960A25C800}

HKCR\CLSID\{CDE8EAB9-CEF3-4885-B12F-26960A25C800}#xxx

HKCR\CLSID\{CDE8EAB9-CEF3-4885-B12F-26960A25C800}\InprocServer32

HKCR\CLSID\{CDE8EAB9-CEF3-4885-B12F-26960A25C800}\InprocServer32#ThreadingModel

C:\PROGRAM\VIDEO ACTIVEX ACCESS\IESPLG.DLL

HKLM\Software\Classes\CLSID\{DF4E7A0C-E233-4906-B4C1-A404356541FF}

HKCR\CLSID\{DF4E7A0C-E233-4906-B4C1-A404356541FF}

HKCR\CLSID\{DF4E7A0C-E233-4906-B4C1-A404356541FF}

HKCR\CLSID\{DF4E7A0C-E233-4906-B4C1-A404356541FF}\Implemented Categories

HKCR\CLSID\{DF4E7A0C-E233-4906-B4C1-A404356541FF}\Implemented Categories\{00021493-0000-0000-C000-000000000046}

HKCR\CLSID\{DF4E7A0C-E233-4906-B4C1-A404356541FF}\InprocServer32

HKCR\CLSID\{DF4E7A0C-E233-4906-B4C1-A404356541FF}\InprocServer32#ThreadingModel

C:\PROGRAM\VIDEO ACTIVEX ACCESS\IESBPL.DLL

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CDE8EAB9-CEF3-4885-B12F-26960A25C800}

HKLM\Software\Microsoft\Internet Explorer\Toolbar#{DF4E7A0C-E233-4906-B4C1-A404356541FF}

HKU\S-1-5-21-1757981266-1637723038-725345543-1004\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser#{DF4E7A0C-E233-4906-B4C1-A404356541FF}

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IExplorer Security Plug-in

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IExplorer Security Plug-in#DisplayName

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IExplorer Security Plug-in#UninstallString

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Explorer Secure Bar

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Explorer Secure Bar#DisplayName

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Explorer Secure Bar#UninstallString

 

Trojan.Media-Codec/V2

HKLM\Software\Classes\CLSID\{D34F5D71-99E4-4D96-91CA-F4104F69B8AE}

HKCR\CLSID\{D34F5D71-99E4-4D96-91CA-F4104F69B8AE}

HKCR\CLSID\{D34F5D71-99E4-4D96-91CA-F4104F69B8AE}

HKCR\CLSID\{D34F5D71-99E4-4D96-91CA-F4104F69B8AE}\InprocServer32

HKCR\CLSID\{D34F5D71-99E4-4D96-91CA-F4104F69B8AE}\InprocServer32#ThreadingModel

C:\PROGRAM\VIDEO AX OBJECT\BPVOL.DLL

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Browser Protection Volume

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Browser Protection Volume#DisplayName

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Browser Protection Volume#UninstallString

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Explorer Secure Plug-in

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Explorer Secure Plug-in#DisplayName

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Explorer Secure Plug-in#UninstallString

 

Adware.Tracking Cookie

C:\Documents and Settings\Admin\Cookies\admin@atdmt[2].txt

C:\Documents and Settings\Admin\Cookies\admin@doubleclick[1].txt

C:\Documents and Settings\Administratör\Cookies\administratör@atdmt[1].txt

 

Trojan.Media-Codec

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run#user32.dll [ C:\Program\Video ActiveX Access\iesmn.exe ]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run#rare [ C:\Program\Video ActiveX Access\imsmain.exe ]

 

Malware.SpyLocked

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Windows Safety Alert

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Windows Safety Alert#DisplayName

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Windows Safety Alert#UninstallString

 

Malware.SpyCrush

HKCR\CLSID\{3820350F-5092-2ADD-8A4C-8DE2C609FAE5}

HKCR\CLSID\{3820350F-5092-2ADD-8A4C-8DE2C609FAE5}\dsdpROy

HKCR\CLSID\{3820350F-5092-2ADD-8A4C-8DE2C609FAE5}\InprocServer32

HKCR\CLSID\{3820350F-5092-2ADD-8A4C-8DE2C609FAE5}\InprocServer32#ThreadingModel

HKCR\CLSID\{3820350F-5092-2ADD-8A4C-8DE2C609FAE5}\juadfwbxkFwpu

HKCR\CLSID\{3820350F-5092-2ADD-8A4C-8DE2C609FAE5}\mcWEjoyd

HKCR\CLSID\{3820350F-5092-2ADD-8A4C-8DE2C609FAE5}\nBgroYkfq

HKCR\CLSID\{3820350F-5092-2ADD-8A4C-8DE2C609FAE5}\RigBN

HKCR\CLSID\{3820350F-5092-2ADD-8A4C-8DE2C609FAE5}\smwfxrAdPfce

HKCR\CLSID\{3820350F-5092-2ADD-8A4C-8DE2C609FAE5}\tdAjHd

HKCR\CLSID\{3820350F-5092-2ADD-8A4C-8DE2C609FAE5}\TypeLib

HKCR\CLSID\{3820350F-5092-2ADD-8A4C-8DE2C609FAE5}\xfJffUs

HKCR\TypeLib\{D72322BB-82BF-4C23-B834-90EA8A099FC1}

HKCR\TypeLib\{D72322BB-82BF-4C23-B834-90EA8A099FC1}\1.0

HKCR\TypeLib\{D72322BB-82BF-4C23-B834-90EA8A099FC1}\1.0\0

HKCR\TypeLib\{D72322BB-82BF-4C23-B834-90EA8A099FC1}\1.0\0\win32

HKCR\TypeLib\{D72322BB-82BF-4C23-B834-90EA8A099FC1}\1.0\FLAGS

HKCR\TypeLib\{D72322BB-82BF-4C23-B834-90EA8A099FC1}\1.0\HELPDIR

HKCR\Interface\{0890C1D6-DEBD-4CBC-97CD-DFAFB8D06654}

HKCR\Interface\{0890C1D6-DEBD-4CBC-97CD-DFAFB8D06654}\ProxyStubClsid

HKCR\Interface\{0890C1D6-DEBD-4CBC-97CD-DFAFB8D06654}\ProxyStubClsid32

HKCR\Interface\{0890C1D6-DEBD-4CBC-97CD-DFAFB8D06654}\TypeLib

HKCR\Interface\{0890C1D6-DEBD-4CBC-97CD-DFAFB8D06654}\TypeLib#Version

HKCR\Interface\{0E863328-916D-4032-A57D-B4D234830AE8}

HKCR\Interface\{0E863328-916D-4032-A57D-B4D234830AE8}\ProxyStubClsid

HKCR\Interface\{0E863328-916D-4032-A57D-B4D234830AE8}\ProxyStubClsid32

HKCR\Interface\{0E863328-916D-4032-A57D-B4D234830AE8}\TypeLib

HKCR\Interface\{0E863328-916D-4032-A57D-B4D234830AE8}\TypeLib#Version

HKCR\Interface\{0EF44C21-275E-4614-8564-8C46097A03D9}

HKCR\Interface\{0EF44C21-275E-4614-8564-8C46097A03D9}\ProxyStubClsid

HKCR\Interface\{0EF44C21-275E-4614-8564-8C46097A03D9}\ProxyStubClsid32

HKCR\Interface\{0EF44C21-275E-4614-8564-8C46097A03D9}\TypeLib

HKCR\Interface\{0EF44C21-275E-4614-8564-8C46097A03D9}\TypeLib#Version

HKCR\Interface\{25FC01E9-92AC-443F-8496-7E44E0DD04AB}

HKCR\Interface\{25FC01E9-92AC-443F-8496-7E44E0DD04AB}\ProxyStubClsid

HKCR\Interface\{25FC01E9-92AC-443F-8496-7E44E0DD04AB}\ProxyStubClsid32

HKCR\Interface\{25FC01E9-92AC-443F-8496-7E44E0DD04AB}\TypeLib

HKCR\Interface\{25FC01E9-92AC-443F-8496-7E44E0DD04AB}\TypeLib#Version

HKCR\Interface\{2B491308-39EE-4A1E-8020-D4EF364149F8}

HKCR\Interface\{2B491308-39EE-4A1E-8020-D4EF364149F8}\ProxyStubClsid

HKCR\Interface\{2B491308-39EE-4A1E-8020-D4EF364149F8}\ProxyStubClsid32

HKCR\Interface\{2B491308-39EE-4A1E-8020-D4EF364149F8}\TypeLib

HKCR\Interface\{2B491308-39EE-4A1E-8020-D4EF364149F8}\TypeLib#Version

HKCR\Interface\{2CF3105F-E9AD-4BC2-860B-09DB079D498E}

HKCR\Interface\{2CF3105F-E9AD-4BC2-860B-09DB079D498E}\ProxyStubClsid

HKCR\Interface\{2CF3105F-E9AD-4BC2-860B-09DB079D498E}\ProxyStubClsid32

HKCR\Interface\{2CF3105F-E9AD-4BC2-860B-09DB079D498E}\TypeLib

HKCR\Interface\{2CF3105F-E9AD-4BC2-860B-09DB079D498E}\TypeLib#Version

HKCR\Interface\{344B79D5-D3DB-469B-A31E-AACA1D75B105}

HKCR\Interface\{344B79D5-D3DB-469B-A31E-AACA1D75B105}\ProxyStubClsid

HKCR\Interface\{344B79D5-D3DB-469B-A31E-AACA1D75B105}\ProxyStubClsid32

HKCR\Interface\{344B79D5-D3DB-469B-A31E-AACA1D75B105}\TypeLib

HKCR\Interface\{344B79D5-D3DB-469B-A31E-AACA1D75B105}\TypeLib#Version

HKCR\Interface\{5DBD9711-CEAF-4C20-9CE2-B17167271C24}

HKCR\Interface\{5DBD9711-CEAF-4C20-9CE2-B17167271C24}\ProxyStubClsid

HKCR\Interface\{5DBD9711-CEAF-4C20-9CE2-B17167271C24}\ProxyStubClsid32

HKCR\Interface\{5DBD9711-CEAF-4C20-9CE2-B17167271C24}\TypeLib

HKCR\Interface\{5DBD9711-CEAF-4C20-9CE2-B17167271C24}\TypeLib#Version

HKCR\Interface\{803BD939-D225-4B05-85F8-CF5EE87D16FE}

HKCR\Interface\{803BD939-D225-4B05-85F8-CF5EE87D16FE}\ProxyStubClsid

HKCR\Interface\{803BD939-D225-4B05-85F8-CF5EE87D16FE}\ProxyStubClsid32

HKCR\Interface\{803BD939-D225-4B05-85F8-CF5EE87D16FE}\TypeLib

HKCR\Interface\{803BD939-D225-4B05-85F8-CF5EE87D16FE}\TypeLib#Version

HKCR\Interface\{87032659-2467-431F-8558-35A2CB66F7C7}

HKCR\Interface\{87032659-2467-431F-8558-35A2CB66F7C7}\ProxyStubClsid

HKCR\Interface\{87032659-2467-431F-8558-35A2CB66F7C7}\ProxyStubClsid32

HKCR\Interface\{87032659-2467-431F-8558-35A2CB66F7C7}\TypeLib

HKCR\Interface\{87032659-2467-431F-8558-35A2CB66F7C7}\TypeLib#Version

HKCR\Interface\{96D36795-387D-4504-A42E-A2DC60684F9D}

HKCR\Interface\{96D36795-387D-4504-A42E-A2DC60684F9D}\ProxyStubClsid

HKCR\Interface\{96D36795-387D-4504-A42E-A2DC60684F9D}\ProxyStubClsid32

HKCR\Interface\{96D36795-387D-4504-A42E-A2DC60684F9D}\TypeLib

HKCR\Interface\{96D36795-387D-4504-A42E-A2DC60684F9D}\TypeLib#Version

HKCR\Interface\{CF06FDA2-9F4E-4C12-B7E2-4368159BC178}

HKCR\Interface\{CF06FDA2-9F4E-4C12-B7E2-4368159BC178}\ProxyStubClsid

HKCR\Interface\{CF06FDA2-9F4E-4C12-B7E2-4368159BC178}\ProxyStubClsid32

HKCR\Interface\{CF06FDA2-9F4E-4C12-B7E2-4368159BC178}\TypeLib

HKCR\Interface\{CF06FDA2-9F4E-4C12-B7E2-4368159BC178}\TypeLib#Version

HKCR\Interface\{CF1B8DD1-0374-4E99-8A63-DE041F80F5B4}

HKCR\Interface\{CF1B8DD1-0374-4E99-8A63-DE041F80F5B4}\ProxyStubClsid

HKCR\Interface\{CF1B8DD1-0374-4E99-8A63-DE041F80F5B4}\ProxyStubClsid32

HKCR\Interface\{CF1B8DD1-0374-4E99-8A63-DE041F80F5B4}\TypeLib

HKCR\Interface\{CF1B8DD1-0374-4E99-8A63-DE041F80F5B4}\TypeLib#Version

HKCR\Interface\{D1EE4F9E-7ED5-4838-AD46-57A393D09E91}

HKCR\Interface\{D1EE4F9E-7ED5-4838-AD46-57A393D09E91}\ProxyStubClsid

HKCR\Interface\{D1EE4F9E-7ED5-4838-AD46-57A393D09E91}\ProxyStubClsid32

HKCR\Interface\{D1EE4F9E-7ED5-4838-AD46-57A393D09E91}\TypeLib

HKCR\Interface\{D1EE4F9E-7ED5-4838-AD46-57A393D09E91}\TypeLib#Version

HKCR\Interface\{D788C427-3125-4EE6-B6DA-8FDB4FEB7692}

HKCR\Interface\{D788C427-3125-4EE6-B6DA-8FDB4FEB7692}\ProxyStubClsid

HKCR\Interface\{D788C427-3125-4EE6-B6DA-8FDB4FEB7692}\ProxyStubClsid32

HKCR\Interface\{D788C427-3125-4EE6-B6DA-8FDB4FEB7692}\TypeLib

HKCR\Interface\{D788C427-3125-4EE6-B6DA-8FDB4FEB7692}\TypeLib#Version

HKCR\Interface\{EC4DB87A-A091-4A6D-B14F-69856A033C99}

HKCR\Interface\{EC4DB87A-A091-4A6D-B14F-69856A033C99}\ProxyStubClsid

HKCR\Interface\{EC4DB87A-A091-4A6D-B14F-69856A033C99}\ProxyStubClsid32

HKCR\Interface\{EC4DB87A-A091-4A6D-B14F-69856A033C99}\TypeLib

HKCR\Interface\{EC4DB87A-A091-4A6D-B14F-69856A033C99}\TypeLib#Version

 

Adware.180solutions/Search Assistant

D:\DOCUMENTS\ERIK\SETUP FILER\ZANGOINSTALLER.EXE[/log]

 

 

Jag råkade iof klicka "fix all this"

Finns det ett sätt att få bort denna filen, jag hitta massa franska o spanksa som snacka om den men fatta inget förutom att dom använt hijack this.

Behöver hjälp för jag kan inte vara på msn....

 

[inlägget ändrat 2007-07-22 20:04:24 av Woodie]

 

Lagt till LOG-taggar

När du har klistrat in en logg så var vänlig och markera loggen och tryck sedan på LOG-knappen som finns på samma rad som :thumbsdown::thumbsup: i inläggsfönstret.

Cecilia - Moderator för Virus - Antivirus

 

[inlägget ändrat 2007-07-29 16:26:44 av Cecilia]

Länk till kommentar
Dela på andra webbplatser

Har kört denna en gång redan.

här är i alla fall nuvarande logg:

[log]MSN_Fix 1.339

 

C:\Documents and Settings\Admin\Skrivbord\Ny mapp\MSNFix\MSNFix

Scan done at 2007-07-23 - 0:29:28,28 By Admin

normal mode

 

************************ Checking Files

 

No files found

 

************************ Checking Folder

 

No Folder Found

 

 

************************ Suspect Files

 

/!\ The detected files must be controlled by a helper before any other handling

 

 

 

 

------------------------------------------------------------------------

Autor : !aur3n7 Contact: http://246694.aceboard.fr'>http://246694.aceboard.fr

------------------------------------------------------------------------

ECHO „r i l„ge OFF.

--------------------------------------------- END ---------------------------------------------

 

 

Här är loggen då jag körde den första gången:

MSN_Fix 1.339

 

C:\Documents and Settings\Admin\Skrivbord\MSNFix\MSNFix

Scan done at 2007-07-22 - 19:44:54,98 By Admin

normal mode

 

************************ Checking Files

 

... C:\WINDOWS\album??.zip

... C:\WINDOWS\album???.zip

... C:\WINDOWS\image???.zip

... C:\WINDOWS\images??.zip

... C:\WINDOWS\images???.zip

... C:\WINDOWS\photo??.zip

... C:\WINDOWS\photo???.zip

... C:\WINDOWS\photos??.zip

... C:\WINDOWS\photos???.zip

... C:\WINDOWS\picture??.zip

... C:\WINDOWS\picture???.zip

... C:\WINDOWS\pictures???.zip

... C:\WINDOWS\system32\notiffy.dll

... C:\WINDOWS\system32\printers.exe

 

************************ Checking Folder

 

... C:\Temp\

 

 

 

 

************************ Deleting malware Files

 

.. OK ... C:\WINDOWS\album??.zip

.. OK ... C:\WINDOWS\album???.zip

.. OK ... C:\WINDOWS\image???.zip

.. OK ... C:\WINDOWS\images??.zip

.. OK ... C:\WINDOWS\images???.zip

.. OK ... C:\WINDOWS\photo??.zip

.. OK ... C:\WINDOWS\photo???.zip

.. OK ... C:\WINDOWS\photos??.zip

.. OK ... C:\WINDOWS\photos???.zip

.. OK ... C:\WINDOWS\picture??.zip

.. OK ... C:\WINDOWS\picture???.zip

.. OK ... C:\WINDOWS\pictures???.zip

/!\ ... C:\WINDOWS\system32\notiffy.dll

.. OK ... C:\WINDOWS\system32\printers.exe

 

 

************************ Deleting malware Folder

 

.. OK ... C:\Temp\

 

 

************************ Registry Cleaning

 

 

 

Others Files will be delete after a reboot on normal mode

 

 

No Folder Found

************************ Deleting malware Files

 

.. OK ... C:\WINDOWS\system32\notiffy.dll

 

 

 

************************ Suspect Files

 

/!\ The detected files must be controlled by a helper before any other handling

 

 

 

The Files and Registry deleted have been save in 2007-07-22_19472151.zip

 

 

------------------------------------------------------------------------

Autor : !aur3n7 Contact: http://246694.aceboard.fr

------------------------------------------------------------------------

ECHO „r i l„ge OFF.

--------------------------------------------- END ---------------------------------------------

 

 

 

 

 

[/log]

Filen ligger fortfarande kvar på:

C:\Widows\bak sana Paris Hilton ne hale gelmis hapiste

Som "icke" existerande fil.

 

Jag har kört massor nu, det verkar som jag "neutraliserat den"

Alltså när jag startar msn o har msn igång så tar den inte över längre och skickar till alla kontakter.

Mitt mål nu är, om det går, att ta bort fieln utan att formatera om datorn för det e massa jobb.

 

Men fatta va mkt jobb för en enda lite skit fil på daotrn......

[inlägget ändrat 2007-07-23 00:32:47 av Woodie]

 

Lagt till LOG-taggar

När du har klistrat in en logg så var vänlig och markera loggen och tryck sedan på LOG-knappen som finns på samma rad som :thumbsdown::thumbsup: i inläggsfönstret.

Cecilia - Moderator för Virus - Antivirus

 

[inlägget ändrat 2007-07-29 16:27:50 av Cecilia]

Länk till kommentar
Dela på andra webbplatser

är detta en mapp

C:\Windows\bak sana Paris Hilton ne hale gelmis hapiste

 

du kan scanna igen med superantispyware för du uppdatera inte programmet innan du scanna

 

[inlägget ändrat 2007-07-23 02:14:33 av 927]

Länk till kommentar
Dela på andra webbplatser

Det är en fil ingen mapp.

Jagh ar detaljerad lista för att hitta den.

PÅ "typ" fliken står det "FIL"

o som jag påpekar om o m igen :P

tar o kbt o allt, "källdisken" hittas inte när jag skall deleta den....

 

[inlägget ändrat 2007-07-23 10:45:36 av Woodie]

Länk till kommentar
Dela på andra webbplatser

Arkiverat

Det här ämnet är nu arkiverat och är stängt för ytterligare svar.

×
×
  • Skapa nytt...