Just nu i M3-nätverket
Jump to content

W32.Myzor.FK@yf


helliebaba

Recommended Posts

hej , nu gör jag nytt försök att skriva nytt inlägg jag kände på mig att jag inte gjort riktigt rätt förut...

 

here we go:

[log]Logfile of HijackThis v1.99.1

Scan saved at 18:51:58, on 2006-12-01

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program\Intel\Wireless\Bin\EvtEng.exe

C:\Program\Intel\Wireless\Bin\S24EvMon.exe

C:\Program\Intel\Wireless\Bin\WLKeeper.exe

C:\WINDOWS\system32\LEXBCES.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\LEXPPS.EXE

C:\WINDOWS\Explorer.EXE

C:\Program\Wave Systems Corp\Common\DataServer.exe

C:\WINDOWS\system32\gearsec.exe

C:\Program\Apoint\Apoint.exe

C:\Program\McAfee.com\PERSON~1\MpfService.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program\Java\jre1.5.0_06\bin\jusched.exe

C:\WINDOWS\stsystra.exe

C:\Program\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe

C:\Program\CyberLink\PowerDVD\DVDLauncher.exe

C:\Program\Dell\QuickSet\quickset.exe

C:\Program\McAfee\SPAMKI~1\MSKSrvr.exe

C:\Program\Intel\Wireless\bin\ZCfgSvc.exe

C:\Program\Intel\Wireless\Bin\ifrmewrk.exe

C:\WINDOWS\System32\DLA\DLACTRLW.EXE

C:\Program\Delade filer\InstallShield\UpdateService\issch.exe

C:\program\mcafee.com\agent\mcagent.exe

C:\Program\Apoint\HidFind.exe

C:\Program\Apoint\Apntex.exe

C:\Program\Google\Google Desktop Search\GoogleDesktop.exe

C:\Program\McAfee\SPAMKI~1\MskAgent.exe

C:\Program\McAfee.com\VSO\mcvsshld.exe

C:\Program\Google\Google Desktop Search\GoogleDesktopIndex.exe

C:\Program\McAfee.com\PERSON~1\MpfTray.exe

c:\program\mcafee.com\vso\mcvsescn.exe

C:\Program\Dell AIO Printer A920\dlbkbmgr.exe

C:\Program\QuickTime\qttask.exe

C:\Program\Google\Google Desktop Search\GoogleDesktopDisplay.exe

C:\Program\iTunes\iTunesHelper.exe

C:\Program\Dell AIO Printer A920\dlbkbmon.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program\NetWaiting\netwaiting.exe

C:\Program\MSN Messenger\MsnMsgr.Exe

C:\Program\Dell\QuickSet\NICCONFIGSVC.exe

C:\Program\Digital Line Detect\DLG.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Program\Intel\Wireless\Bin\RegSrvc.exe

C:\Program\Wave Systems Corp\Services Manager\Secure Update\AutoUpdate.exe

C:\Program\WinZip\WZQKPICK.EXE

c:\program\mcafee.com\vso\mcvsftsn.exe

C:\WINDOWS\system32\svchost.exe

C:\Program\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.25\bin\tcsd_win32.exe

C:\Program\Messenger\msmsgs.exe

C:\Program\iPod\bin\iPodService.exe

C:\Program\McAfee.com\PERSON~1\MpfAgent.exe

C:\WINDOWS\system32\svchost.exe

C:\Program\Internet Explorer\iexplore.exe

C:\Program\Internet Explorer\iexplore.exe

C:\Program\Hijackthis\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.se/ig/dell?hl=sv&client=dell-row-rel&chan

nel=se&ibd=2061007

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.se/hws/sb/dell-row-rel/sv/side.html?channel=se'>http://www.google.se/hws/sb/dell-row-rel/sv/side.html?channel=se'>http://www.google.se/hws/sb/dell-row-rel/sv/side.html?channel=se

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.se/hws/sb/dell-row-rel/sv/side.html?channel=se

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://readmail.bust.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www1.euro.dell.com/content/default.aspx?c=se&l=sv&'>http://www1.euro.dell.com/content/default.aspx?c=se&l=sv&

s=gen

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www1.euro.dell.com/content/default.aspx?c=se&l=sv&

s=gen

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.se/hws/sb/dell-row-rel/sv/side.html?channel=se

R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.se/ig/dell?hl=sv&client=dell-row-rel&chan

nel=se&ibd=2061007

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar

O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\program\mcafee.com\vso\mcvsshl.dll

O3 - Toolbar: (no name) - {25D8BACF-3DE2-4B48-AE22-D659B8D835B0} - (no file)

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program\google\googletoolbar1.dll

O3 - Toolbar: (no name) - {C004DEC2-2623-438e-9CA2-C9043AB28508} - (no file)

O3 - Toolbar: Safety Bar - {fbea0445-4c4a-4136-864a-c72a4a182a84} - C:\Program\Safety Bar\SafetyBar.dll

O4 - HKLM\..\Run: [Apoint] C:\Program\Apoint\Apoint.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet

O4 - HKLM\..\Run: [NVHotkey] rundll32.exe nvHotkey.dll,Start

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program\Java\jre1.5.0_06\bin\jusched.exe

O4 - HKLM\..\Run: [sigmatelSysTrayApp] stsystra.exe

O4 - HKLM\..\Run: [Document Manager] C:\Program\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe

O4 - HKLM\..\Run: [DVDLauncher] "C:\Program\CyberLink\PowerDVD\DVDLauncher.exe"

O4 - HKLM\..\Run: [Dell QuickSet] C:\Program\Dell\QuickSet\quickset.exe

O4 - HKLM\..\Run: [intelZeroConfig] "C:\Program\Intel\Wireless\bin\ZCfgSvc.exe"

O4 - HKLM\..\Run: [intelWireless] "C:\Program\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless

O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE

O4 - HKLM\..\Run: [iSUSPM Startup] C:\Program\DELADE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program\Delade filer\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [VSOCheckTask] "C:\Program\McAfee.com\VSO\mcmnhdlr.exe" /checktask

O4 - HKLM\..\Run: [OASClnt] C:\Program\McAfee.com\VSO\oasclnt.exe

O4 - HKLM\..\Run: [MCAgentExe] c:\program\mcafee.com\agent\mcagent.exe

O4 - HKLM\..\Run: [MCUpdateExe] C:\program\mcafee.com\agent\McUpdate.exe

O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program\McAfee\SPAMKI~1\MSKDetct.exe /startup

O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program\Google\Google Desktop Search\GoogleDesktop.exe" /startup

O4 - HKLM\..\Run: [MSKAGENTEXE] C:\Program\McAfee\SPAMKI~1\MskAgent.exe

O4 - HKLM\..\Run: [VirusScan Online] C:\Program\McAfee.com\VSO\mcvsshld.exe

O4 - HKLM\..\Run: [MPFExe] C:\Program\McAfee.com\PERSON~1\MpfTray.exe

O4 - HKLM\..\Run: [Dell AIO Printer A920] "C:\Program\Dell AIO Printer A920\dlbkbmgr.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [CTDrive] rundll32.exe C:\WINDOWS\system32\drvjib.dll,startup

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [ModemOnHold] C:\Program\NetWaiting\netwaiting.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program\MSN Messenger\MsnMsgr.Exe" /background

O4 - Startup: Adobe Gamma.lnk = C:\Program\Delade filer\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Digital Line Detect.lnk = ?

O4 - Global Startup: EMBASSY Trust Suite Secure Update.lnk = C:\Program\Wave Systems Corp\Services Manager\Secure Update\AutoUpdate.exe

O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program\WinZip\WZQKPICK.EXE

O8 - Extra context menu item: &Search - http://kn.bar.need2find.com/KN/menusearch.html?p=KN

O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program\mcafee\SPAMKI~1\mcapfbho.dll

O9 - Extra 'Tools' menuitem: McAfee AntiPhishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program\mcafee\SPAMKI~1\mcapfbho.dll

O9 - Extra button: Referensinformation - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O16 - DPF: {F2D35D99-63B1-46D3-970C-6E22320D5DCB} (kSoloCntrlIE Class) - http://www.ksolo.com/getPlugin.do

O17 - HKLM\System\CCS\Services\Tcpip\..\{2020782D-9D8D-4922-9E84-6

D1938C9E4DF}: NameServer = 192.168.2.1

O17 - HKLM\System\CS1\Services\Tcpip\..\{2020782D-9D8D-4922-9E84-6

D1938C9E4DF}: NameServer = 192.168.2.1

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program\MSNMES~1\MSGRAP~1.DLL

O18 - Filter: text/html - {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - (no file)

O20 - AppInit_DLLs: C:\Program\Google\GOOGLE~1\GOEC62~1.DLL

O21 - SSODL: expatriates - {1a01a98c-4f25-42e1-971a-185cf63569b2} - C:\WINDOWS\system32\tpedvf.dll (file missing)

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program\Delade filer\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: DataSvr2 - Wave Systems Corp. - C:\Program\Wave Systems Corp\Common\DataServer.exe

O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program\Intel\Wireless\Bin\EvtEng.exe

O23 - Service: gearsec - GEAR Software - C:\WINDOWS\system32\gearsec.exe

O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program\iPod\bin\iPodService.exe

O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE

O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\Program\McAfee.com\PERSON~1\MpfService.exe

O23 - Service: Microsoft authenticate service (MsaSvc) - Unknown owner - C:\WINDOWS\system32\msasvc.exe (file missing)

O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\Program\McAfee\SPAMKI~1\MSKSrvr.exe

O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program\Dell\QuickSet\NICCONFIGSVC.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program\Intel\Wireless\Bin\RegSrvc.exe

O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program\Intel\Wireless\Bin\S24EvMon.exe

O23 - Service: NTRU Hybrid TSS v2.0.25 TCS (tcsd_win32.exe) - Unknown owner - C:\Program\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.25\bin\tcsd_win32.exe

O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel® Corporation - C:\Program\Intel\Wireless\Bin\WLKeeper.exe

[/log]

 

Link to comment
Share on other sites

Inte lätt att veta hur det funkar på ett nytt forum.

 

Kontrollpanelen - Lägg till eller ta bort program

Ta bort Safety Bar om den finns där, likaså om det finns något med 888 i namnet.

 

Gäller det MSN-masken som kommer in när man klickar på en länk där det står något i stil med är det du på fotot?

 

Har du kört SmitfraudFix?

 

Link to comment
Share on other sites

hej! tack för snabbt svar!

 

jag tog bort safetybar samt 888bar.

 

jag har inte märkt att problemet är kopplat till msn. däremot har en tidigare anvämdare på detta forumet skrivit om samma problem dvs:

 

"Det dyker upp pop-ups lite då och då med "varningar" om att min dator är i fara och så står det att jag ska ladda hem det ena skyddet efter det andra. Sen ändras min startsida hela tiden till någon "säkerhetsriskssida", hur många gånger jag än försöker ändra tillbaka till min hemsida.

Sen dyker det även upp en liten gul triangel med ett svart utroptecken i högra hörnet då och då med varingar, och om jag klickar på den kommer jag till någon sida med reklam för anti-spywaregrejs."

 

nu kar jag kört smitfraud också..

[log]SmitFraudFix v2.126

 

Scan done at 10:16:30,28, 2006-12-02

Run from C:\Documents and Settings\Helena\Skrivbord\SmitfraudFix

OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT

Fix run in normal mode

 

»»»»»»»»»»»»»»»»»»»»»»»» C:

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

 

C:\WINDOWS\system32\ishost.exe FOUND !

C:\WINDOWS\system32\ismini.exe FOUND !

C:\WINDOWS\system32\isnotify.exe FOUND !

C:\WINDOWS\system32\issearch.exe FOUND !

C:\WINDOWS\system32\ixt?.dll FOUND !

C:\WINDOWS\system32\ixt??.dll FOUND !

C:\WINDOWS\system32\ot.ico FOUND !

C:\WINDOWS\system32\ts.ico FOUND !

C:\WINDOWS\system32\drvjib.dll FOUND !

C:\WINDOWS\system32\components\flx?.dll FOUND !

C:\WINDOWS\system32\components\flx??.dll FOUND !

C:\WINDOWS\system32\components\flx???.dll FOUND !

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Helena

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Helena\Application Data

 

C:\Documents and Settings\Helena\Application Data\Microsoft\Internet Explorer\Quick Launch\Virus-Bursters 6.3.lnk FOUND !

 

»»»»»»»»»»»»»»»»»»»»»»»» Start Menu

 

C:\DOCUME~1\Helena\START-~1\Virus-Bursters 6.3.lnk FOUND !

C:\DOCUME~1\Helena\START-~1\Program\Virus-Bursters FOUND !

C:\DOCUME~1\ALLUSE~1\START-~1\Online Security Guide.url FOUND !

C:\DOCUME~1\ALLUSE~1\START-~1\Security Troubleshooting.url FOUND !

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Helena\FAVORI~1

 

C:\DOCUME~1\Helena\FAVORI~1\Antivirus Test Online.url FOUND !

 

»»»»»»»»»»»»»»»»»»»»»»»» Desktop

 

C:\DOCUME~1\Helena\SKRIVB~1\Virus-Bursters.lnk FOUND !

C:\DOCUME~1\ALLUSE~1\SKRIVB~1\Online Security Guide.url FOUND !

C:\DOCUME~1\ALLUSE~1\SKRIVB~1\Security Troubleshooting.url FOUND !

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\Program

 

C:\Program\Virus-Bursters\ FOUND !

 

»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]

"Source"="About:Home"

"SubscribedURL"="About:Home"

"FriendlyName"="Min aktuella startsida"

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler

!!!Attention, following keys are not inevitably infected!!!

 

SrchSTS.exe by S!Ri

Search SharedTaskScheduler's .dll

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]

"{1a01a98c-4f25-42e1-971a-185cf63569b2}"="expatriates"

 

[HKEY_CLASSES_ROOT\CLSID\{1a01a98c-4f25-42e1-971a-185cf63569b2}\InProcServer32]

@="C:\WINDOWS\system32\tpedvf.dll"

 

[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{1a01a98c-4f25-42e1-971a-185cf63569b2}\InProcServer32]

@="C:\WINDOWS\system32\tpedvf.dll"

 

 

 

»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs

!!!Attention, following keys are not inevitably infected!!!

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"AppInit_DLLs"="C:\\Program\\Google\\GOOGLE~1\\GOEC62~1.DLL"

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System

!!!Attention, following keys are not inevitably infected!!!

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]

"System"=""

"DllName"="C:\\WINDOWS\\system32\\ddccd.dll"

"DllName"="C:\\WINDOWS\\system32\\rpcc.dll"

 

 

»»»»»»»»»»»»»»»»»»»»»»»» pe386-msguard-lzx32

 

pe386 detected, use a Rootkit scanner

 

»»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection

 

 

»»»»»»»»»»»»»»»»»»»»»»»» End

[/log]

 

Link to comment
Share on other sites

Definitivt Smitfraud-problem, men lite annat måste åtgärdas först.

 

Ladda ner Gmer till Skrivbordet från denna sida: http://www.gmer.net/

Packa upp filen till Skrivbordet.

 

Start - Program - Tillbehör - Kommandotolken

Skriv så här:

cd Skrivbord

gmer -del service pe386

exit

 

Sedan Smitfraud en gång till där du än en gång väljer alternativ 1.

 

Gå till mappen C:\Program\Hijackthis med Utforskaren eller Den här datorn och byt namn på programmet HijackThis.exe till något annat, t ex rensning.exe, skapa sedan en ny logg som klistras in här.

 

Link to comment
Share on other sites

hej!

nu tror jag att jag har gjoort det du sa...

 

detta är nya smitfraudloggen:

 

[log]SmitFraudFix v2.126

 

Scan done at 13:48:00,73, 2006-12-02

Run from C:\Documents and Settings\Helena\Skrivbord\SmitfraudFix

OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT

Fix run in normal mode

 

»»»»»»»»»»»»»»»»»»»»»»»» C:

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

 

C:\WINDOWS\system32\ishost.exe FOUND !

C:\WINDOWS\system32\ismini.exe FOUND !

C:\WINDOWS\system32\isnotify.exe FOUND !

C:\WINDOWS\system32\issearch.exe FOUND !

C:\WINDOWS\system32\ixt?.dll FOUND !

C:\WINDOWS\system32\ixt??.dll FOUND !

C:\WINDOWS\system32\ot.ico FOUND !

C:\WINDOWS\system32\ts.ico FOUND !

C:\WINDOWS\system32\drvjib.dll FOUND !

C:\WINDOWS\system32\components\flx?.dll FOUND !

C:\WINDOWS\system32\components\flx??.dll FOUND !

C:\WINDOWS\system32\components\flx???.dll FOUND !

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Helena

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Helena\Application Data

 

C:\Documents and Settings\Helena\Application Data\Microsoft\Internet Explorer\Quick Launch\Virus-Bursters 6.3.lnk FOUND !

 

»»»»»»»»»»»»»»»»»»»»»»»» Start Menu

 

C:\DOCUME~1\Helena\START-~1\Virus-Bursters 6.3.lnk FOUND !

C:\DOCUME~1\Helena\START-~1\Program\Virus-Bursters FOUND !

C:\DOCUME~1\ALLUSE~1\START-~1\Online Security Guide.url FOUND !

C:\DOCUME~1\ALLUSE~1\START-~1\Security Troubleshooting.url FOUND !

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Helena\FAVORI~1

 

C:\DOCUME~1\Helena\FAVORI~1\Antivirus Test Online.url FOUND !

 

»»»»»»»»»»»»»»»»»»»»»»»» Desktop

 

C:\DOCUME~1\Helena\SKRIVB~1\Virus-Bursters.lnk FOUND !

C:\DOCUME~1\ALLUSE~1\SKRIVB~1\Online Security Guide.url FOUND !

C:\DOCUME~1\ALLUSE~1\SKRIVB~1\Security Troubleshooting.url FOUND !

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\Program

 

C:\Program\Virus-Bursters\ FOUND !

 

»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]

"Source"="About:Home"

"SubscribedURL"="About:Home"

"FriendlyName"="Min aktuella startsida"

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler

!!!Attention, following keys are not inevitably infected!!!

 

SrchSTS.exe by S!Ri

Search SharedTaskScheduler's .dll

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]

"{1a01a98c-4f25-42e1-971a-185cf63569b2}"="expatriates"

 

[HKEY_CLASSES_ROOT\CLSID\{1a01a98c-4f25-42e1-971a-185cf63569b2}\InProcServer32]

@="C:\WINDOWS\system32\tpedvf.dll"

 

[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{1a01a98c-4f25-42e1-971a-185cf63569b2}\InProcServer32]

@="C:\WINDOWS\system32\tpedvf.dll"

 

 

 

»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs

!!!Attention, following keys are not inevitably infected!!!

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"AppInit_DLLs"="C:\\Program\\Google\\GOOGLE~1\\GOEC62~1.DLL"

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System

!!!Attention, following keys are not inevitably infected!!!

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]

"System"=""

"DllName"="C:\\WINDOWS\\system32\\ddccd.dll"

"DllName"="C:\\WINDOWS\\system32\\rpcc.dll"

 

 

»»»»»»»»»»»»»»»»»»»»»»»» pe386-msguard-lzx32

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection

 

 

»»»»»»»»»»»»»»»»»»»»»»»» End

 

[/log]

 

samt den nya hijackloggen:

[log]Logfile of HijackThis v1.99.1

Scan saved at 13:52:09, on 2006-12-02

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program\Intel\Wireless\Bin\EvtEng.exe

C:\Program\Intel\Wireless\Bin\S24EvMon.exe

C:\Program\Intel\Wireless\Bin\WLKeeper.exe

C:\WINDOWS\system32\LEXBCES.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\LEXPPS.EXE

C:\Program\Apoint\Apoint.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program\Java\jre1.5.0_06\bin\jusched.exe

C:\Program\Wave Systems Corp\Common\DataServer.exe

C:\WINDOWS\stsystra.exe

C:\Program\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe

C:\WINDOWS\system32\gearsec.exe

C:\Program\CyberLink\PowerDVD\DVDLauncher.exe

C:\Program\Dell\QuickSet\quickset.exe

C:\Program\McAfee.com\PERSON~1\MpfService.exe

C:\Program\Intel\Wireless\bin\ZCfgSvc.exe

C:\Program\Intel\Wireless\Bin\ifrmewrk.exe

C:\WINDOWS\System32\DLA\DLACTRLW.EXE

C:\Program\Delade filer\InstallShield\UpdateService\issch.exe

C:\program\mcafee.com\agent\mcagent.exe

C:\Program\McAfee\SPAMKI~1\MSKSrvr.exe

C:\Program\Google\Google Desktop Search\GoogleDesktop.exe

C:\Program\McAfee\SPAMKI~1\MskAgent.exe

C:\Program\Apoint\HidFind.exe

C:\Program\McAfee.com\VSO\mcvsshld.exe

C:\Program\Apoint\Apntex.exe

C:\Program\Google\Google Desktop Search\GoogleDesktopIndex.exe

C:\Program\McAfee.com\PERSON~1\MpfTray.exe

c:\program\mcafee.com\vso\mcvsescn.exe

C:\Program\Dell AIO Printer A920\dlbkbmgr.exe

C:\Program\Google\Google Desktop Search\GoogleDesktopDisplay.exe

C:\Program\QuickTime\qttask.exe

C:\Program\Dell AIO Printer A920\dlbkbmon.exe

C:\Program\iTunes\iTunesHelper.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program\NetWaiting\netwaiting.exe

C:\Program\MSN Messenger\MsnMsgr.Exe

C:\Program\Digital Line Detect\DLG.exe

C:\Program\Wave Systems Corp\Services Manager\Secure Update\AutoUpdate.exe

C:\Program\WinZip\WZQKPICK.EXE

C:\Program\Dell\QuickSet\NICCONFIGSVC.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Program\Intel\Wireless\Bin\RegSrvc.exe

C:\WINDOWS\system32\svchost.exe

C:\Program\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.25\bin\tcsd_win32.exe

c:\program\mcafee.com\vso\mcvsftsn.exe

C:\Program\Messenger\msmsgs.exe

C:\Program\iPod\bin\iPodService.exe

C:\Program\McAfee.com\PERSON~1\MpfAgent.exe

C:\WINDOWS\system32\svchost.exe

C:\Program\Internet Explorer\iexplore.exe

C:\WINDOWS\NOTEPAD.EXE

C:\WINDOWS\explorer.exe

C:\Program\Hijackthis\rensning.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.se/ig/dell?hl=sv&client=dell-row-rel&channel=se&ibd=2061007

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.se/hws/sb/dell-row-rel/sv/side.html?channel=se'>http://www.google.se/hws/sb/dell-row-rel/sv/side.html?channel=se'>http://www.google.se/hws/sb/dell-row-rel/sv/side.html?channel=se

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.se/hws/sb/dell-row-rel/sv/side.html?channel=se

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://readmail.bust.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www1.euro.dell.com/content/default.aspx?c=se&l=sv&s=gen'>http://www1.euro.dell.com/content/default.aspx?c=se&l=sv&s=gen

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www1.euro.dell.com/content/default.aspx?c=se&l=sv&s=gen

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.se/hws/sb/dell-row-rel/sv/side.html?channel=se

R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.se/ig/dell?hl=sv&client=dell-row-rel&channel=se&ibd=2061007

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {35F7813A-AF74-4474-B1DC-7EE6FB6C43C6} - C:\WINDOWS\system32\lnwbqxcn.dll

O2 - BHO: McAfee AntiPhishing Filter - {41D68ED8-4CFF-4115-88A6-6EBB8AF19000} - c:\program\mcafee\SPAMKI~1\mcapfbho.dll

O2 - BHO: Need2Find Bar BHO - {4D1C4E81-A32A-416b-BCDB-33B3EF3617D3} - C:\Program\Need2Find\bar\1.bin\ND2FNBAR.DLL

O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL

O2 - BHO: (no name) - {67270207-b9ee-4d26-9270-860fdb060ca1} - C:\WINDOWS\system32\ixt0.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program\Java\jre1.5.0_06\bin\ssv.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program\Delade filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program\google\googletoolbar1.dll

O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program\BAE\BAE.dll

O2 - BHO: (no name) - {ED2A0B95-EB81-4F3C-B1C6-BA9EC58F06CC} - C:\WINDOWS\system32\ddccd.dll

O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\program\mcafee.com\vso\mcvsshl.dll

O3 - Toolbar: (no name) - {25D8BACF-3DE2-4B48-AE22-D659B8D835B0} - (no file)

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program\google\googletoolbar1.dll

O3 - Toolbar: (no name) - {C004DEC2-2623-438e-9CA2-C9043AB28508} - (no file)

O4 - HKLM\..\Run: [Apoint] C:\Program\Apoint\Apoint.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet

O4 - HKLM\..\Run: [NVHotkey] rundll32.exe nvHotkey.dll,Start

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program\Java\jre1.5.0_06\bin\jusched.exe

O4 - HKLM\..\Run: [sigmatelSysTrayApp] stsystra.exe

O4 - HKLM\..\Run: [Document Manager] C:\Program\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe

O4 - HKLM\..\Run: [DVDLauncher] "C:\Program\CyberLink\PowerDVD\DVDLauncher.exe"

O4 - HKLM\..\Run: [Dell QuickSet] C:\Program\Dell\QuickSet\quickset.exe

O4 - HKLM\..\Run: [intelZeroConfig] "C:\Program\Intel\Wireless\bin\ZCfgSvc.exe"

O4 - HKLM\..\Run: [intelWireless] "C:\Program\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless

O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE

O4 - HKLM\..\Run: [iSUSPM Startup] C:\Program\DELADE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program\Delade filer\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [VSOCheckTask] "C:\Program\McAfee.com\VSO\mcmnhdlr.exe" /checktask

O4 - HKLM\..\Run: [OASClnt] C:\Program\McAfee.com\VSO\oasclnt.exe

O4 - HKLM\..\Run: [MCAgentExe] c:\program\mcafee.com\agent\mcagent.exe

O4 - HKLM\..\Run: [MCUpdateExe] C:\program\mcafee.com\agent\McUpdate.exe

O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program\McAfee\SPAMKI~1\MSKDetct.exe /startup

O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program\Google\Google Desktop Search\GoogleDesktop.exe" /startup

O4 - HKLM\..\Run: [MSKAGENTEXE] C:\Program\McAfee\SPAMKI~1\MskAgent.exe

O4 - HKLM\..\Run: [VirusScan Online] C:\Program\McAfee.com\VSO\mcvsshld.exe

O4 - HKLM\..\Run: [MPFExe] C:\Program\McAfee.com\PERSON~1\MpfTray.exe

O4 - HKLM\..\Run: [Dell AIO Printer A920] "C:\Program\Dell AIO Printer A920\dlbkbmgr.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [CTDrive] rundll32.exe C:\WINDOWS\system32\drvjib.dll,startup

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [ModemOnHold] C:\Program\NetWaiting\netwaiting.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program\MSN Messenger\MsnMsgr.Exe" /background

O4 - Startup: Adobe Gamma.lnk = C:\Program\Delade filer\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Digital Line Detect.lnk = ?

O4 - Global Startup: EMBASSY Trust Suite Secure Update.lnk = C:\Program\Wave Systems Corp\Services Manager\Secure Update\AutoUpdate.exe

O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program\WinZip\WZQKPICK.EXE

O8 - Extra context menu item: &Search - http://kn.bar.need2find.com/KN/menusearch.html?p=KN

O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program\mcafee\SPAMKI~1\mcapfbho.dll

O9 - Extra 'Tools' menuitem: McAfee AntiPhishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program\mcafee\SPAMKI~1\mcapfbho.dll

O9 - Extra button: Referensinformation - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O16 - DPF: {F2D35D99-63B1-46D3-970C-6E22320D5DCB} (kSoloCntrlIE Class) - http://www.ksolo.com/getPlugin.do

O17 - HKLM\System\CCS\Services\Tcpip\..\{2020782D-9D8D-4922-9E84-6D1938C9E4DF}: NameServer = 192.168.2.1

O17 - HKLM\System\CS1\Services\Tcpip\..\{2020782D-9D8D-4922-9E84-6D1938C9E4DF}: NameServer = 192.168.2.1

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program\MSNMES~1\MSGRAP~1.DLL

O18 - Filter: text/html - {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - (no file)

O20 - AppInit_DLLs: C:\Program\Google\GOOGLE~1\GOEC62~1.DLL

O20 - Winlogon Notify: ddccd - C:\WINDOWS\system32\ddccd.dll

O20 - Winlogon Notify: rpcc - C:\WINDOWS\system32\rpcc.dll

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O20 - Winlogon Notify: winexy32 - winexy32.dll (file missing)

O21 - SSODL: expatriates - {1a01a98c-4f25-42e1-971a-185cf63569b2} - C:\WINDOWS\system32\tpedvf.dll (file missing)

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program\Delade filer\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: DataSvr2 - Wave Systems Corp. - C:\Program\Wave Systems Corp\Common\DataServer.exe

O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program\Intel\Wireless\Bin\EvtEng.exe

O23 - Service: gearsec - GEAR Software - C:\WINDOWS\system32\gearsec.exe

O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program\iPod\bin\iPodService.exe

O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE

O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\Program\McAfee.com\PERSON~1\MpfService.exe

O23 - Service: Microsoft authenticate service (MsaSvc) - Unknown owner - C:\WINDOWS\system32\msasvc.exe (file missing)

O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\Program\McAfee\SPAMKI~1\MSKSrvr.exe

O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program\Dell\QuickSet\NICCONFIGSVC.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program\Intel\Wireless\Bin\RegSrvc.exe

O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program\Intel\Wireless\Bin\S24EvMon.exe

O23 - Service: NTRU Hybrid TSS v2.0.25 TCS (tcsd_win32.exe) - Unknown owner - C:\Program\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.25\bin\tcsd_win32.exe

O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel® Corporation - C:\Program\Intel\Wireless\Bin\WLKeeper.exe

 

[/log]

 

Link to comment
Share on other sites

Bra!

 

Ladda ner Vundofix:

http://www.atribune.org/ccount/click.php?id=4

 

Starta om datorn i felsäkert läge (tryck F8 upprepade gånger under uppstarten och välj felsäkert läge i menyn).

 

Dubbelklicka på VundoFix.exe för att starta programmet.

När den startar igen så tryck på Scan for Vundo.

När skanningen är klar så tryck på Remove Vundo.

Svara Ja/Yes på frågan om du vill ta bort filerna.

Därefter kommer Skrivbordet att försvinna medan filerna tas bort.

När det är klart så kommer det en fråga om att din dator kommer att stängas av, tryck på OK.

Sätt igång datorn igen i normalt läge.

 

Om det är så att VundoFix inte kunde ta bort någon fil vid första försöket så kommer VundoFix att starta igen när datorn startas, följ i så fall beskrivningen en gång till.

 

Klistra in C:\vundofix.txt och en ny HijackThis-logg i ditt svar.

 

Link to comment
Share on other sites

nu så...

 

vundofix.txt:

[log]

VundoFix V6.2.13

 

Checking Java version...

 

Sun Java not detected

Scan started at 15:01:58 2006-12-02

 

Listing files found while scanning....

 

C:\WINDOWS\system32\ddccd.dll

C:\WINDOWS\system32\dccdd.ini

C:\WINDOWS\system32\dccdd.bak1

C:\WINDOWS\system32\dccdd.bak2

 

Beginning removal...

 

Attempting to delete C:\WINDOWS\system32\ddccd.dll

C:\WINDOWS\system32\ddccd.dll Could not be deleted.

 

Attempting to delete C:\WINDOWS\system32\dccdd.ini

C:\WINDOWS\system32\dccdd.ini Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\dccdd.bak1

C:\WINDOWS\system32\dccdd.bak1 Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\dccdd.bak2

C:\WINDOWS\system32\dccdd.bak2 Has been deleted!

 

Performing Repairs to the registry.

Done!

 

Beginning removal...

 

Attempting to delete C:\WINDOWS\system32\ddccd.dll

C:\WINDOWS\system32\ddccd.dll Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\dccdd.ini

C:\WINDOWS\system32\dccdd.ini Has been deleted!

 

Performing Repairs to the registry.

Done!

 

VundoFix V6.2.13

 

Checking Java version...

 

Sun Java not detected

Scan started at 15:11:04 2006-12-02

 

Listing files found while scanning....

 

No infected files were found.

 

[/log]

 

hijack

[log]Logfile of HijackThis v1.99.1

Scan saved at 15:20:23, on 2006-12-02

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program\Intel\Wireless\Bin\EvtEng.exe

C:\Program\Intel\Wireless\Bin\S24EvMon.exe

C:\Program\Intel\Wireless\Bin\WLKeeper.exe

C:\WINDOWS\system32\LEXBCES.EXE

C:\WINDOWS\system32\LEXPPS.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Program\Apoint\Apoint.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program\Java\jre1.5.0_06\bin\jusched.exe

C:\WINDOWS\stsystra.exe

C:\Program\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe

C:\Program\CyberLink\PowerDVD\DVDLauncher.exe

C:\Program\Dell\QuickSet\quickset.exe

C:\Program\Intel\Wireless\bin\ZCfgSvc.exe

C:\Program\Intel\Wireless\Bin\ifrmewrk.exe

C:\WINDOWS\System32\DLA\DLACTRLW.EXE

C:\Program\Delade filer\InstallShield\UpdateService\issch.exe

C:\program\mcafee.com\agent\mcagent.exe

C:\Program\Google\Google Desktop Search\GoogleDesktop.exe

C:\Program\McAfee\SPAMKI~1\MskAgent.exe

C:\Program\McAfee.com\VSO\mcvsshld.exe

C:\Program\McAfee.com\PERSON~1\MpfTray.exe

C:\Program\Dell AIO Printer A920\dlbkbmgr.exe

C:\Program\Apoint\HidFind.exe

c:\program\mcafee.com\vso\mcvsescn.exe

C:\Program\Google\Google Desktop Search\GoogleDesktopIndex.exe

C:\Program\QuickTime\qttask.exe

C:\Program\Apoint\Apntex.exe

C:\Program\iTunes\iTunesHelper.exe

C:\Program\Dell AIO Printer A920\dlbkbmon.exe

C:\Program\Google\Google Desktop Search\GoogleDesktopDisplay.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program\MSN Messenger\MsnMsgr.Exe

C:\Program\Adobe\Acrobat 7.0\Reader\reader_sl.exe

C:\Program\Digital Line Detect\DLG.exe

C:\Program\Wave Systems Corp\Services Manager\Secure Update\AutoUpdate.exe

C:\Program\WinZip\WZQKPICK.EXE

c:\program\mcafee.com\vso\mcvsftsn.exe

C:\Program\Wave Systems Corp\Common\DataServer.exe

C:\WINDOWS\system32\gearsec.exe

C:\Program\McAfee.com\PERSON~1\MpfService.exe

C:\Program\Messenger\msmsgs.exe

C:\Program\McAfee\SPAMKI~1\MSKSrvr.exe

C:\Program\Dell\QuickSet\NICCONFIGSVC.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Program\Intel\Wireless\Bin\RegSrvc.exe

C:\WINDOWS\system32\svchost.exe

C:\Program\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.25\bin\tcsd_win32.exe

C:\Program\iPod\bin\iPodService.exe

C:\Program\McAfee.com\PERSON~1\MpfAgent.exe

C:\Program\Internet Explorer\iexplore.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\drwtsn32.exe

C:\WINDOWS\system32\drwtsn32.exe

C:\WINDOWS\explorer.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\Program\Hijackthis\rensning.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.se/ig/dell?hl=sv&client=dell-row-rel&channel=se&ibd=2061007

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.se/hws/sb/dell-row-rel/sv/side.html?channel=se'>http://www.google.se/hws/sb/dell-row-rel/sv/side.html?channel=se'>http://www.google.se/hws/sb/dell-row-rel/sv/side.html?channel=se

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.se/hws/sb/dell-row-rel/sv/side.html?channel=se

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://readmail.bust.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www1.euro.dell.com/content/default.aspx?c=se&l=sv&s=gen'>http://www1.euro.dell.com/content/default.aspx?c=se&l=sv&s=gen

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www1.euro.dell.com/content/default.aspx?c=se&l=sv&s=gen

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.se/hws/sb/dell-row-rel/sv/side.html?channel=se

R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.se/ig/dell?hl=sv&client=dell-row-rel&channel=se&ibd=2061007

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {1D296AC7-3779-4F83-B7A4-285A5F770426} - C:\WINDOWS\system32\ddccd.dll (file missing)

O2 - BHO: (no name) - {35F7813A-AF74-4474-B1DC-7EE6FB6C43C6} - C:\WINDOWS\system32\lnwbqxcn.dll

O2 - BHO: McAfee AntiPhishing Filter - {41D68ED8-4CFF-4115-88A6-6EBB8AF19000} - c:\program\mcafee\SPAMKI~1\mcapfbho.dll

O2 - BHO: Need2Find Bar BHO - {4D1C4E81-A32A-416b-BCDB-33B3EF3617D3} - C:\Program\Need2Find\bar\1.bin\ND2FNBAR.DLL

O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL

O2 - BHO: (no name) - {67270207-b9ee-4d26-9270-860fdb060ca1} - C:\WINDOWS\system32\ixt0.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program\Java\jre1.5.0_06\bin\ssv.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program\Delade filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program\google\googletoolbar1.dll

O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program\BAE\BAE.dll

O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\program\mcafee.com\vso\mcvsshl.dll

O3 - Toolbar: (no name) - {25D8BACF-3DE2-4B48-AE22-D659B8D835B0} - (no file)

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program\google\googletoolbar1.dll

O3 - Toolbar: (no name) - {C004DEC2-2623-438e-9CA2-C9043AB28508} - (no file)

O4 - HKLM\..\Run: [Apoint] C:\Program\Apoint\Apoint.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet

O4 - HKLM\..\Run: [NVHotkey] rundll32.exe nvHotkey.dll,Start

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program\Java\jre1.5.0_06\bin\jusched.exe

O4 - HKLM\..\Run: [sigmatelSysTrayApp] stsystra.exe

O4 - HKLM\..\Run: [Document Manager] C:\Program\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe

O4 - HKLM\..\Run: [DVDLauncher] "C:\Program\CyberLink\PowerDVD\DVDLauncher.exe"

O4 - HKLM\..\Run: [Dell QuickSet] C:\Program\Dell\QuickSet\quickset.exe

O4 - HKLM\..\Run: [intelZeroConfig] "C:\Program\Intel\Wireless\bin\ZCfgSvc.exe"

O4 - HKLM\..\Run: [intelWireless] "C:\Program\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless

O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE

O4 - HKLM\..\Run: [iSUSPM Startup] C:\Program\DELADE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program\Delade filer\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [VSOCheckTask] "C:\Program\McAfee.com\VSO\mcmnhdlr.exe" /checktask

O4 - HKLM\..\Run: [OASClnt] C:\Program\McAfee.com\VSO\oasclnt.exe

O4 - HKLM\..\Run: [MCAgentExe] c:\program\mcafee.com\agent\mcagent.exe

O4 - HKLM\..\Run: [MCUpdateExe] C:\program\mcafee.com\agent\McUpdate.exe

O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program\McAfee\SPAMKI~1\MSKDetct.exe /startup

O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program\Google\Google Desktop Search\GoogleDesktop.exe" /startup

O4 - HKLM\..\Run: [MSKAGENTEXE] C:\Program\McAfee\SPAMKI~1\MskAgent.exe

O4 - HKLM\..\Run: [VirusScan Online] C:\Program\McAfee.com\VSO\mcvsshld.exe

O4 - HKLM\..\Run: [MPFExe] C:\Program\McAfee.com\PERSON~1\MpfTray.exe

O4 - HKLM\..\Run: [Dell AIO Printer A920] "C:\Program\Dell AIO Printer A920\dlbkbmgr.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [CTDrive] rundll32.exe C:\WINDOWS\system32\drvjib.dll,startup

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [ModemOnHold] C:\Program\NetWaiting\netwaiting.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program\MSN Messenger\MsnMsgr.Exe" /background

O4 - Startup: Adobe Gamma.lnk = C:\Program\Delade filer\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Digital Line Detect.lnk = ?

O4 - Global Startup: EMBASSY Trust Suite Secure Update.lnk = C:\Program\Wave Systems Corp\Services Manager\Secure Update\AutoUpdate.exe

O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program\WinZip\WZQKPICK.EXE

O8 - Extra context menu item: &Search - http://kn.bar.need2find.com/KN/menusearch.html?p=KN

O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program\mcafee\SPAMKI~1\mcapfbho.dll

O9 - Extra 'Tools' menuitem: McAfee AntiPhishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program\mcafee\SPAMKI~1\mcapfbho.dll

O9 - Extra button: Referensinformation - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O16 - DPF: {F2D35D99-63B1-46D3-970C-6E22320D5DCB} (kSoloCntrlIE Class) - http://www.ksolo.com/getPlugin.do

O17 - HKLM\System\CCS\Services\Tcpip\..\{2020782D-9D8D-4922-9E84-6D1938C9E4DF}: NameServer = 192.168.2.1

O17 - HKLM\System\CS1\Services\Tcpip\..\{2020782D-9D8D-4922-9E84-6D1938C9E4DF}: NameServer = 192.168.2.1

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program\MSNMES~1\MSGRAP~1.DLL

O18 - Filter: text/html - {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - (no file)

O20 - AppInit_DLLs: C:\Program\Google\GOOGLE~1\GOEC62~1.DLL

O20 - Winlogon Notify: rpcc - C:\WINDOWS\system32\rpcc.dll

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O20 - Winlogon Notify: winexy32 - winexy32.dll (file missing)

O21 - SSODL: expatriates - {1a01a98c-4f25-42e1-971a-185cf63569b2} - C:\WINDOWS\system32\tpedvf.dll (file missing)

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program\Delade filer\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: DataSvr2 - Wave Systems Corp. - C:\Program\Wave Systems Corp\Common\DataServer.exe

O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program\Intel\Wireless\Bin\EvtEng.exe

O23 - Service: gearsec - GEAR Software - C:\WINDOWS\system32\gearsec.exe

O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program\iPod\bin\iPodService.exe

O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE

O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\Program\McAfee.com\PERSON~1\MpfService.exe

O23 - Service: Microsoft authenticate service (MsaSvc) - Unknown owner - C:\WINDOWS\system32\msasvc.exe (file missing)

O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\Program\McAfee\SPAMKI~1\MSKSrvr.exe

O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program\Dell\QuickSet\NICCONFIGSVC.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program\Intel\Wireless\Bin\RegSrvc.exe

O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program\Intel\Wireless\Bin\S24EvMon.exe

O23 - Service: NTRU Hybrid TSS v2.0.25 TCS (tcsd_win32.exe) - Unknown owner - C:\Program\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.25\bin\tcsd_win32.exe

O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel® Corporation - C:\Program\Intel\Wireless\Bin\WLKeeper.exe

 

[/log]

 

Link to comment
Share on other sites

Det är en otrevlighet som öppnar en bakdörr till datorn så att andra kan komma åt den utifrån internet, håll internetanslutningen urdragen så mycket som möjligt och när datorn är ren så byt alla lösenord i datorn och på internet.

 

Kontrollpanelen - Lägg till eller ta bort program

Ta bort Need2Find om den finns där

 

Kontrollpanelen - Administrationsverktyg - Tjänster

Leta upp Microsoft authenticate service i listan, dubbelklicka och välj Startmetod Inaktiverad.

 

Ladda ner Avenger på Skrivbordet och packa upp filen där:

http://swandog46.geekstogo.com/avenger.zip

Kopiera in följande i Anteckningar, inklusive rubriken Files to delete:

 

Files to delete:

C:\WINDOWS\system32\lnwbqxcn.dll

C:\WINDOWS\system32\rpcc.dll

 

Starta Avenger

Bocka i "Input Script Manually"

Klicka på förstoringsglaset och i "View/edit script" så klistrar du in texten som finns i Anteckningar.

Klicka på Done

Klicka på det gröna ljuset och svara Ja på frågorna.

Datorn startar nu om.

Ett DOS-fönster ska komma fram och sedan ska loggen komma upp.

Klistra in den här liksom en ny HijackThis-logg

 

Link to comment
Share on other sites

hej!

 

detta är senaste loggarna:

avenger

[log]Logfile of The Avenger version 1, by Swandog46

Running from registry key:

\Registry\Machine\System\CurrentControlSet\Services\vnaxibcc

 

*******************

 

Script file located at: \??\C:\WINDOWS\gkfallso.txt

Script file opened successfully.

 

Script file read successfully

 

Backups directory opened successfully at C:\Avenger

 

*******************

 

Beginning to process script file:

 

File C:\WINDOWS\system32\lnwbqxcn.dll deleted successfully.

File C:\WINDOWS\system32\rpcc.dll deleted successfully.

 

Completed script processing.

 

*******************

 

Finished! Terminate.[/log]

samt hijack:

[log]Logfile of HijackThis v1.99.1

Scan saved at 18:30:14, on 2006-12-04

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program\Intel\Wireless\Bin\EvtEng.exe

C:\Program\Intel\Wireless\Bin\S24EvMon.exe

C:\Program\Intel\Wireless\Bin\WLKeeper.exe

C:\WINDOWS\system32\LEXBCES.EXE

C:\WINDOWS\system32\LEXPPS.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Program\Apoint\Apoint.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program\Java\jre1.5.0_06\bin\jusched.exe

C:\WINDOWS\stsystra.exe

C:\Program\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe

C:\Program\CyberLink\PowerDVD\DVDLauncher.exe

C:\Program\Dell\QuickSet\quickset.exe

C:\Program\Intel\Wireless\bin\ZCfgSvc.exe

C:\Program\Intel\Wireless\Bin\ifrmewrk.exe

C:\WINDOWS\System32\DLA\DLACTRLW.EXE

C:\Program\Delade filer\InstallShield\UpdateService\issch.exe

C:\program\mcafee.com\agent\mcagent.exe

C:\Program\Google\Google Desktop Search\GoogleDesktop.exe

C:\Program\Apoint\Apntex.exe

C:\Program\Apoint\HidFind.exe

C:\Program\McAfee\SPAMKI~1\MskAgent.exe

C:\Program\McAfee.com\VSO\mcvsshld.exe

C:\Program\McAfee.com\PERSON~1\MpfTray.exe

C:\Program\Dell AIO Printer A920\dlbkbmgr.exe

C:\Program\Google\Google Desktop Search\GoogleDesktopIndex.exe

c:\program\mcafee.com\vso\mcvsescn.exe

C:\Program\QuickTime\qttask.exe

C:\Program\iTunes\iTunesHelper.exe

C:\Program\Google\Google Desktop Search\GoogleDesktopDisplay.exe

C:\Program\Dell AIO Printer A920\dlbkbmon.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program\MSN Messenger\MsnMsgr.Exe

C:\Program\Digital Line Detect\DLG.exe

C:\Program\Wave Systems Corp\Services Manager\Secure Update\AutoUpdate.exe

C:\Program\WinZip\WZQKPICK.EXE

c:\program\mcafee.com\vso\mcvsftsn.exe

C:\Program\Messenger\msmsgs.exe

C:\WINDOWS\system32\notepad.exe

C:\Program\Wave Systems Corp\Common\DataServer.exe

C:\WINDOWS\system32\gearsec.exe

C:\Program\McAfee.com\PERSON~1\MpfService.exe

C:\Program\McAfee\SPAMKI~1\MSKSrvr.exe

C:\Program\Dell\QuickSet\NICCONFIGSVC.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Program\Intel\Wireless\Bin\RegSrvc.exe

C:\WINDOWS\system32\svchost.exe

C:\Program\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.25\bin\tcsd_win32.exe

C:\Program\iPod\bin\iPodService.exe

C:\Program\McAfee.com\PERSON~1\MpfAgent.exe

C:\Program\Internet Explorer\iexplore.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\drwtsn32.exe

C:\WINDOWS\system32\drwtsn32.exe

C:\WINDOWS\system32\taskmgr.exe

C:\WINDOWS\explorer.exe

C:\Program\Hijackthis\rensning.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.se/ig/dell?hl=sv&client=dell-row-rel&channel=se&ibd=2061007

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.se/hws/sb/dell-row-rel/sv/side.html?channel=se'>http://www.google.se/hws/sb/dell-row-rel/sv/side.html?channel=se'>http://www.google.se/hws/sb/dell-row-rel/sv/side.html?channel=se

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.se/hws/sb/dell-row-rel/sv/side.html?channel=se

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://readmail.bust.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www1.euro.dell.com/content/default.aspx?c=se&l=sv&s=gen'>http://www1.euro.dell.com/content/default.aspx?c=se&l=sv&s=gen

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www1.euro.dell.com/content/default.aspx?c=se&l=sv&s=gen

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.se/hws/sb/dell-row-rel/sv/side.html?channel=se

R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.se/ig/dell?hl=sv&client=dell-row-rel&channel=se&ibd=2061007

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {1D296AC7-3779-4F83-B7A4-285A5F770426} - C:\WINDOWS\system32\ddccd.dll (file missing)

O2 - BHO: (no name) - {35F7813A-AF74-4474-B1DC-7EE6FB6C43C6} - C:\WINDOWS\system32\lnwbqxcn.dll (file missing)

O2 - BHO: McAfee AntiPhishing Filter - {41D68ED8-4CFF-4115-88A6-6EBB8AF19000} - c:\program\mcafee\SPAMKI~1\mcapfbho.dll

O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL

O2 - BHO: (no name) - {67270207-b9ee-4d26-9270-860fdb060ca1} - C:\WINDOWS\system32\ixt0.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program\Java\jre1.5.0_06\bin\ssv.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program\Delade filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program\google\googletoolbar1.dll

O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program\BAE\BAE.dll

O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\program\mcafee.com\vso\mcvsshl.dll

O3 - Toolbar: (no name) - {25D8BACF-3DE2-4B48-AE22-D659B8D835B0} - (no file)

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program\google\googletoolbar1.dll

O3 - Toolbar: (no name) - {C004DEC2-2623-438e-9CA2-C9043AB28508} - (no file)

O4 - HKLM\..\Run: [Apoint] C:\Program\Apoint\Apoint.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet

O4 - HKLM\..\Run: [NVHotkey] rundll32.exe nvHotkey.dll,Start

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program\Java\jre1.5.0_06\bin\jusched.exe

O4 - HKLM\..\Run: [sigmatelSysTrayApp] stsystra.exe

O4 - HKLM\..\Run: [Document Manager] C:\Program\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe

O4 - HKLM\..\Run: [DVDLauncher] "C:\Program\CyberLink\PowerDVD\DVDLauncher.exe"

O4 - HKLM\..\Run: [Dell QuickSet] C:\Program\Dell\QuickSet\quickset.exe

O4 - HKLM\..\Run: [intelZeroConfig] "C:\Program\Intel\Wireless\bin\ZCfgSvc.exe"

O4 - HKLM\..\Run: [intelWireless] "C:\Program\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless

O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE

O4 - HKLM\..\Run: [iSUSPM Startup] C:\Program\DELADE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program\Delade filer\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [VSOCheckTask] "C:\Program\McAfee.com\VSO\mcmnhdlr.exe" /checktask

O4 - HKLM\..\Run: [OASClnt] C:\Program\McAfee.com\VSO\oasclnt.exe

O4 - HKLM\..\Run: [MCAgentExe] c:\program\mcafee.com\agent\mcagent.exe

O4 - HKLM\..\Run: [MCUpdateExe] C:\program\mcafee.com\agent\McUpdate.exe

O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program\McAfee\SPAMKI~1\MSKDetct.exe /startup

O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program\Google\Google Desktop Search\GoogleDesktop.exe" /startup

O4 - HKLM\..\Run: [MSKAGENTEXE] C:\Program\McAfee\SPAMKI~1\MskAgent.exe

O4 - HKLM\..\Run: [VirusScan Online] C:\Program\McAfee.com\VSO\mcvsshld.exe

O4 - HKLM\..\Run: [MPFExe] C:\Program\McAfee.com\PERSON~1\MpfTray.exe

O4 - HKLM\..\Run: [Dell AIO Printer A920] "C:\Program\Dell AIO Printer A920\dlbkbmgr.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [CTDrive] rundll32.exe C:\WINDOWS\system32\drvjib.dll,startup

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [ModemOnHold] C:\Program\NetWaiting\netwaiting.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program\MSN Messenger\MsnMsgr.Exe" /background

O4 - Startup: Adobe Gamma.lnk = C:\Program\Delade filer\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Digital Line Detect.lnk = ?

O4 - Global Startup: EMBASSY Trust Suite Secure Update.lnk = C:\Program\Wave Systems Corp\Services Manager\Secure Update\AutoUpdate.exe

O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program\WinZip\WZQKPICK.EXE

O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program\mcafee\SPAMKI~1\mcapfbho.dll

O9 - Extra 'Tools' menuitem: McAfee AntiPhishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program\mcafee\SPAMKI~1\mcapfbho.dll

O9 - Extra button: Referensinformation - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O16 - DPF: {F2D35D99-63B1-46D3-970C-6E22320D5DCB} (kSoloCntrlIE Class) - http://www.ksolo.com/getPlugin.do

O17 - HKLM\System\CCS\Services\Tcpip\..\{2020782D-9D8D-4922-9E84-6D1938C9E4DF}: NameServer = 192.168.2.1

O17 - HKLM\System\CS1\Services\Tcpip\..\{2020782D-9D8D-4922-9E84-6D1938C9E4DF}: NameServer = 192.168.2.1

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program\MSNMES~1\MSGRAP~1.DLL

O18 - Filter: text/html - {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - (no file)

O20 - AppInit_DLLs: C:\Program\Google\GOOGLE~1\GOEC62~1.DLL

O20 - Winlogon Notify: rpcc - C:\WINDOWS\system32\rpcc.dll (file missing)

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O20 - Winlogon Notify: winexy32 - winexy32.dll (file missing)

O21 - SSODL: expatriates - {1a01a98c-4f25-42e1-971a-185cf63569b2} - C:\WINDOWS\system32\tpedvf.dll (file missing)

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program\Delade filer\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: DataSvr2 - Wave Systems Corp. - C:\Program\Wave Systems Corp\Common\DataServer.exe

O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program\Intel\Wireless\Bin\EvtEng.exe

O23 - Service: gearsec - GEAR Software - C:\WINDOWS\system32\gearsec.exe

O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program\iPod\bin\iPodService.exe

O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE

O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\Program\McAfee.com\PERSON~1\MpfService.exe

O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\Program\McAfee\SPAMKI~1\MSKSrvr.exe

O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program\Dell\QuickSet\NICCONFIGSVC.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program\Intel\Wireless\Bin\RegSrvc.exe

O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program\Intel\Wireless\Bin\S24EvMon.exe

O23 - Service: NTRU Hybrid TSS v2.0.25 TCS (tcsd_win32.exe) - Unknown owner - C:\Program\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.25\bin\tcsd_win32.exe

O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel® Corporation - C:\Program\Intel\Wireless\Bin\WLKeeper.exe

 

[/log]

 

Link to comment
Share on other sites

Det är en gammal Java-version med säkerhetshål i datorn. Avinstallera alla Java i Kontrollpanelen - Lägg till eller ta bort program och installera därefter en ny: http://www.java.com/sv/

 

Starta om datorn i felsäkert läge genom att trycka F8 upprepade gånger under uppstarten och välja Felsäkert i menyn.

 

Öppna SmitfraudFix-mappen och dubbelklicka på smitfraudfix.cmd för att starta programmet.

Välj alternativ #2 genom att trycka 2 och Enter.

Vänta på att verktyget blir klart och diskrensningen avslutas.

Under tiden så kommer det en fråga om du vill rensa registret (clean the registry) svara ja (Yes) genom att trycka Y och Enter.

 

Om datorn inte startar om av sig själv så gör du det.

Även denna gång ska det vara felsäkert läge.

 

Kontrollpanelen - Internet-alternativ - Allmänt - Ta bort filer, kryssa i rutan - OK

Sedan på fliken Program, välj Återställ webbinställningar. Verkställ - OK

 

Kontrollpanelen - Bildskärm - Skrivbord - Anpassa skrivbordet - Webb

Om det finns något med Security info eller liknande så Ta bort det.

OK - Verkställ - OK

 

Starta om datorn i normalt läge.

 

I ditt svar så klistra in den nyss skapade C:\rapport.txt och en ny HijackThis-logg, samt skriv hur datorn uppför sig nu.

 

Link to comment
Share on other sites

hej cecilia!

nu verkar det ha ordnat sig... hurra!!!! meddelandet om system failure är borta o allt annat verkar som vanligt...

jag missade den där C:\rapport.txt. behöver du titta på den? hur kan jag göra om det isåfall?

 

här är hijacken iaf:

[log]Logfile of HijackThis v1.99.1

Scan saved at 18:35:25, on 2006-12-05

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program\Intel\Wireless\Bin\EvtEng.exe

C:\Program\Intel\Wireless\Bin\S24EvMon.exe

C:\Program\Intel\Wireless\Bin\WLKeeper.exe

C:\WINDOWS\system32\LEXBCES.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\LEXPPS.EXE

C:\WINDOWS\Explorer.EXE

C:\Program\Apoint\Apoint.exe

C:\WINDOWS\system32\rundll32.exe

C:\WINDOWS\stsystra.exe

C:\Program\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe

C:\Program\CyberLink\PowerDVD\DVDLauncher.exe

C:\Program\Dell\QuickSet\quickset.exe

C:\Program\Intel\Wireless\bin\ZCfgSvc.exe

C:\Program\Intel\Wireless\Bin\ifrmewrk.exe

C:\WINDOWS\System32\DLA\DLACTRLW.EXE

C:\Program\Delade filer\InstallShield\UpdateService\issch.exe

C:\Program\McAfee.com\VSO\oasclnt.exe

C:\program\mcafee.com\agent\mcagent.exe

C:\Program\Google\Google Desktop Search\GoogleDesktop.exe

C:\Program\McAfee\SPAMKI~1\MskAgent.exe

C:\Program\McAfee.com\VSO\mcvsshld.exe

C:\Program\McAfee.com\PERSON~1\MpfTray.exe

C:\Program\Dell AIO Printer A920\dlbkbmgr.exe

C:\Program\Google\Google Desktop Search\GoogleDesktopIndex.exe

C:\Program\Apoint\Apntex.exe

c:\program\mcafee.com\vso\mcvsescn.exe

C:\Program\QuickTime\qttask.exe

C:\Program\Apoint\HidFind.exe

C:\Program\iTunes\iTunesHelper.exe

C:\Program\Google\Google Desktop Search\GoogleDesktopDisplay.exe

C:\Program\Dell AIO Printer A920\dlbkbmon.exe

C:\Program\Java\jre1.5.0_09\bin\jusched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program\MSN Messenger\MsnMsgr.Exe

C:\Program\Adobe\Acrobat 7.0\Reader\reader_sl.exe

C:\Program\Digital Line Detect\DLG.exe

C:\Program\Wave Systems Corp\Services Manager\Secure Update\AutoUpdate.exe

C:\Program\WinZip\WZQKPICK.EXE

c:\program\mcafee.com\vso\mcvsftsn.exe

C:\Program\Messenger\msmsgs.exe

C:\Program\Wave Systems Corp\Common\DataServer.exe

C:\WINDOWS\system32\gearsec.exe

C:\Program\McAfee.com\PERSON~1\MpfService.exe

C:\Program\McAfee\SPAMKI~1\MSKSrvr.exe

C:\Program\Dell\QuickSet\NICCONFIGSVC.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Program\Intel\Wireless\Bin\RegSrvc.exe

C:\WINDOWS\system32\svchost.exe

C:\Program\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.25\bin\tcsd_win32.exe

C:\Program\iPod\bin\iPodService.exe

C:\Program\McAfee.com\PERSON~1\MpfAgent.exe

C:\WINDOWS\system32\svchost.exe

C:\Program\Internet Explorer\iexplore.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program\Hijackthis\rensning.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.se/ig/dell?hl=sv&client=dell-row-rel&channel=se&ibd=2061007

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {1D296AC7-3779-4F83-B7A4-285A5F770426} - C:\WINDOWS\system32\ddccd.dll (file missing)

O2 - BHO: (no name) - {35F7813A-AF74-4474-B1DC-7EE6FB6C43C6} - C:\WINDOWS\system32\lnwbqxcn.dll (file missing)

O2 - BHO: McAfee AntiPhishing Filter - {41D68ED8-4CFF-4115-88A6-6EBB8AF19000} - c:\program\mcafee\SPAMKI~1\mcapfbho.dll

O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL

O2 - BHO: (no name) - {67270207-b9ee-4d26-9270-860fdb060ca1} - C:\WINDOWS\system32\ixt0.dll (file missing)

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program\Java\jre1.5.0_09\bin\ssv.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program\Delade filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program\google\googletoolbar1.dll

O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program\BAE\BAE.dll

O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\program\mcafee.com\vso\mcvsshl.dll

O3 - Toolbar: (no name) - {25D8BACF-3DE2-4B48-AE22-D659B8D835B0} - (no file)

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program\google\googletoolbar1.dll

O3 - Toolbar: (no name) - {C004DEC2-2623-438e-9CA2-C9043AB28508} - (no file)

O4 - HKLM\..\Run: [Apoint] C:\Program\Apoint\Apoint.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet

O4 - HKLM\..\Run: [NVHotkey] rundll32.exe nvHotkey.dll,Start

O4 - HKLM\..\Run: [sigmatelSysTrayApp] stsystra.exe

O4 - HKLM\..\Run: [Document Manager] C:\Program\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe

O4 - HKLM\..\Run: [DVDLauncher] "C:\Program\CyberLink\PowerDVD\DVDLauncher.exe"

O4 - HKLM\..\Run: [Dell QuickSet] C:\Program\Dell\QuickSet\quickset.exe

O4 - HKLM\..\Run: [intelZeroConfig] "C:\Program\Intel\Wireless\bin\ZCfgSvc.exe"

O4 - HKLM\..\Run: [intelWireless] "C:\Program\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless

O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE

O4 - HKLM\..\Run: [iSUSPM Startup] C:\Program\DELADE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program\Delade filer\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [VSOCheckTask] "C:\Program\McAfee.com\VSO\mcmnhdlr.exe" /checktask

O4 - HKLM\..\Run: [OASClnt] C:\Program\McAfee.com\VSO\oasclnt.exe

O4 - HKLM\..\Run: [MCAgentExe] c:\program\mcafee.com\agent\mcagent.exe

O4 - HKLM\..\Run: [MCUpdateExe] C:\program\mcafee.com\agent\McUpdate.exe

O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program\McAfee\SPAMKI~1\MSKDetct.exe /startup

O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program\Google\Google Desktop Search\GoogleDesktop.exe" /startup

O4 - HKLM\..\Run: [MSKAGENTEXE] C:\Program\McAfee\SPAMKI~1\MskAgent.exe

O4 - HKLM\..\Run: [VirusScan Online] C:\Program\McAfee.com\VSO\mcvsshld.exe

O4 - HKLM\..\Run: [MPFExe] C:\Program\McAfee.com\PERSON~1\MpfTray.exe

O4 - HKLM\..\Run: [Dell AIO Printer A920] "C:\Program\Dell AIO Printer A920\dlbkbmgr.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program\Java\jre1.5.0_09\bin\jusched.exe"

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [ModemOnHold] C:\Program\NetWaiting\netwaiting.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program\MSN Messenger\MsnMsgr.Exe" /background

O4 - Startup: Adobe Gamma.lnk = C:\Program\Delade filer\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Digital Line Detect.lnk = ?

O4 - Global Startup: EMBASSY Trust Suite Secure Update.lnk = C:\Program\Wave Systems Corp\Services Manager\Secure Update\AutoUpdate.exe

O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program\WinZip\WZQKPICK.EXE

O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_09\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_09\bin\ssv.dll

O9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program\mcafee\SPAMKI~1\mcapfbho.dll

O9 - Extra 'Tools' menuitem: McAfee AntiPhishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program\mcafee\SPAMKI~1\mcapfbho.dll

O9 - Extra button: Referensinformation - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O16 - DPF: {F2D35D99-63B1-46D3-970C-6E22320D5DCB} (kSoloCntrlIE Class) - http://www.ksolo.com/getPlugin.do

O17 - HKLM\System\CCS\Services\Tcpip\..\{2020782D-9D8D-4922-9E84-6D1938C9E4DF}: NameServer = 192.168.2.1

O17 - HKLM\System\CS1\Services\Tcpip\..\{2020782D-9D8D-4922-9E84-6D1938C9E4DF}: NameServer = 192.168.2.1

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program\MSNMES~1\MSGRAP~1.DLL

O18 - Filter: text/html - {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - (no file)

O20 - AppInit_DLLs: C:\Program\Google\GOOGLE~1\GOEC62~1.DLL

O20 - Winlogon Notify: rpcc - C:\WINDOWS\system32\rpcc.dll (file missing)

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O20 - Winlogon Notify: winexy32 - winexy32.dll (file missing)

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program\Delade filer\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: DataSvr2 - Wave Systems Corp. - C:\Program\Wave Systems Corp\Common\DataServer.exe

O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program\Intel\Wireless\Bin\EvtEng.exe

O23 - Service: gearsec - GEAR Software - C:\WINDOWS\system32\gearsec.exe

O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program\iPod\bin\iPodService.exe

O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE

O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\Program\McAfee.com\PERSON~1\MpfService.exe

O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\Program\McAfee\SPAMKI~1\MSKSrvr.exe

O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program\Dell\QuickSet\NICCONFIGSVC.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program\Intel\Wireless\Bin\RegSrvc.exe

O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program\Intel\Wireless\Bin\S24EvMon.exe

O23 - Service: NTRU Hybrid TSS v2.0.25 TCS (tcsd_win32.exe) - Unknown owner - C:\Program\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.25\bin\tcsd_win32.exe

O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel® Corporation - C:\Program\Intel\Wireless\Bin\WLKeeper.exe

 

[/log]

 

Link to comment
Share on other sites

jag missade den där C:\rapport.txt. behöver du titta på den? hur kan jag göra om det isåfall?

Det är väl bra att kolla att SmitfraudFix inte hade något problem med att ta bort någon fil. Starta Anteckningar, Arkiv - Öppna, leta upp C:\rapport.txt, kopiera och klistra in här.

 

Skanna med HijackThis och bocka för följande rester:

 

O2 - BHO: (no name) - {1D296AC7-3779-4F83-B7A4-285A5F770426} - C:\WINDOWS\system32\ddccd.dll (file missing)

O2 - BHO: (no name) - {35F7813A-AF74-4474-B1DC-7EE6FB6C43C6} - C:\WINDOWS\system32\lnwbqxcn.dll (file missing)

O2 - BHO: (no name) - {67270207-b9ee-4d26-9270-860fdb060ca1} - C:\WINDOWS\system32\ixt0.dll (file missing)

O3 - Toolbar: (no name) - {25D8BACF-3DE2-4B48-AE22-D659B8D835B0} - (no file)

O3 - Toolbar: (no name) - {C004DEC2-2623-438e-9CA2-C9043AB28508} - (no file)

O18 - Filter: text/html - {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - (no file)

O20 - Winlogon Notify: rpcc - C:\WINDOWS\system32\rpcc.dll (file missing)

O20 - Winlogon Notify: winexy32 - winexy32.dll (file missing)

 

Avsluta alla andra program.

Tryck Fix checked.

 

Starta om datorn.

Ta ut en ny HijackThis-logg och kontrollera själv att ovanstående rader nu är borta.

 

Link to comment
Share on other sites

okej. nu hittade jag den :

[log]SmitFraudFix v2.126

 

Scan done at 18:25:35,25, 2006-12-05

Run from C:\Documents and Settings\Helena\Skrivbord\SmitfraudFix

OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT

Fix run in safe mode

 

»»»»»»»»»»»»»»»»»»»»»»»» Before SmitFraudFix

!!!Attention, following keys are not inevitably infected!!!

 

SrchSTS.exe by S!Ri

Search SharedTaskScheduler's .dll

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]

"{1a01a98c-4f25-42e1-971a-185cf63569b2}"="expatriates"

 

[HKEY_CLASSES_ROOT\CLSID\{1a01a98c-4f25-42e1-971a-185cf63569b2}\InProcServer32]

@="C:\WINDOWS\system32\tpedvf.dll"

 

[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{1a01a98c-4f25-42e1-971a-185cf63569b2}\InProcServer32]

@="C:\WINDOWS\system32\tpedvf.dll"

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Killing process

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

 

GenericRenosFix by S!Ri

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

 

C:\WINDOWS\system32\ishost.exe Deleted

C:\WINDOWS\system32\ismini.exe Deleted

C:\WINDOWS\system32\isnotify.exe Deleted

C:\WINDOWS\system32\issearch.exe Deleted

C:\WINDOWS\system32\ixt?.dll Deleted

C:\WINDOWS\system32\ot.ico Deleted

C:\WINDOWS\system32\ts.ico Deleted

C:\WINDOWS\system32\drvjib.dll Deleted

C:\WINDOWS\system32\components\flx?.dll Deleted

C:\Documents and Settings\Helena\Application Data\Microsoft\Internet Explorer\Quick Launch\Virus-Bursters 6.3.lnk Deleted

C:\DOCUME~1\Helena\SKRIVB~1\Virus-Bursters.lnk Deleted

C:\DOCUME~1\ALLUSE~1\SKRIVB~1\Online Security Guide.url Deleted

C:\DOCUME~1\ALLUSE~1\SKRIVB~1\Security Troubleshooting.url Deleted

C:\DOCUME~1\Helena\FAVORI~1\Antivirus Test Online.url Deleted

C:\DOCUME~1\Helena\START-~1\Virus-Bursters 6.3.lnk Deleted

C:\DOCUME~1\Helena\START-~1\Program\Virus-Bursters Deleted

C:\DOCUME~1\ALLUSE~1\START-~1\Online Security Guide.url Deleted

C:\DOCUME~1\ALLUSE~1\START-~1\Security Troubleshooting.url Deleted

C:\Program\Virus-Bursters\ Deleted

 

»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

 

Registry Cleaning done.

 

»»»»»»»»»»»»»»»»»»»»»»»» After SmitFraudFix

!!!Attention, following keys are not inevitably infected!!!

 

SrchSTS.exe by S!Ri

Search SharedTaskScheduler's .dll

 

 

»»»»»»»»»»»»»»»»»»»»»»»» End

 

[/log]

 

och filerna verkar ha försvunnit också när jag kontrollerar...

är vi i hamn nu?

 

[inlägget ändrat 2006-12-06 20:19:03 av helliebaba]

Link to comment
Share on other sites

Nu ser jag i alla fall inget som är kvar i loggarna. Det kan vara bra att köra något antispionprogram, se nedan, för att få bort eventuella ofarliga rester.

 

Här kommer mina vanliga råd för en säkrare dator, men det är så klart viktigt att man använder sitt förnuft också.

 

Uppdatera från Windows Update och kör antispionprogrammen AVG Anti-Spyware (Ewido), SUPERAntiSpyware, Spybot S&D och/eller Ad-aware regelbundet.

http://www.ewido.net/en/

http://www.superantispyware.com/

http://www.safer-networking.org/en/download/index.html

http://www.lavasoft.com

 

Komplettera antivirusprogrammet med några online-skanningar då och då:

http://housecall.trendmicro.com/

http://www.bitdefender.com/scan8/ie.html

http://www.pandasoftware.com/products/activescan/

 

Använd en brandvägg (bättre än den inbyggda i XP), finns gratis från t ex ZoneLabs.

http://www.zonelabs.com/store/content/home.jsp

 

Om man använder Internet Explorer så kan det vara lämpligt att ha programmen SpywareBlaster och SpywareGuard, vilka hindrar en hel del otrevliga program från att laddas ner resp. köras:

http://www.javacoolsoftware.com

 

Se över säkerhetsinställningarna i Internet Explorer, det finns en hel del tips här:

http://www.spywarewarrior.com/uiuc/btw/ie/ie-opts.htm

 

Samt kör IE-SpyAd som lägger en hel massa otrevliga webbplatser i zonen Ej tillförlitliga i Internet Explorer så att de inte kan göra något med datorn:

http://www.spywarewarrior.com/uiuc/resource.htm

 

Om man byter webbläsare så är det bara SpywareGuard som behövs. Andra webbläsare är t ex Mozilla Firefox och Opera:

http://www.mozilla.org

http://www.opera.com

 

Allt gratis för hemanvändare/personligt bruk.

 

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.



×
×
  • Create New...