Just nu i M3-nätverket
Jump to content

MSN-virus


HannaD

Recommended Posts

Jag har "lyckats" få min dator smittad med något virus som verkar heta Downloader genom MSN Messenger.

 

Har laddat ner SUPERAntiSpyware Free Edition och sökt virus där och fått fram loggarna i Anteckningar. Hittade en tråd här som jag försökte följa men efter loggarna hänger jag inte med längre...

 

Någon som har lust att försöka förklara för mig?

 

Link to comment
Share on other sites

Klistra in loggen från SUPERAntiSpyware och HijackThis med användningen av LOG-knappen som Brynäsarn skriver om så tittar jag på dem i morgon.

 

Link to comment
Share on other sites

Vad är LOG-knappen?

 

Klicka på Besvara så hittar du LOG-knappen i raden ovanför fönstret.

 

[inlägget ändrat 2006-12-06 22:46:48 av Brynäsarn]

Link to comment
Share on other sites

[log]Logfile of HijackThis v1.99.1

Scan saved at 20:05:17, on 2006-12-08

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program\Delade filer\Microsoft Shared\VS7Debug\mdm.exe

C:\WINDOWS\System32\msasvc.exe

C:\Program\Norton Internet Security\NISUM.EXE

C:\WINDOWS\System32\nvsvc32.exe

C:\WINDOWS\System32\svchost.exe

C:\Program\Norton Internet Security\SymProxySvc.exe

C:\Program\Norton Internet Security\NISSERV.EXE

C:\Program\Canon\CAL\CALMAIN.exe

C:\WINDOWS\Explorer.EXE

C:\Documents and Settings\Bengt Dahlström\Skrivbord\winstall.exe

C:\Program\Logitech\iTouch\iTouch.exe

C:\egnt.exe

C:\Program\Java\jre1.5.0_07\bin\jusched.exe

C:\Program\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe

C:\WINDOWS\System32\pctspk.exe

C:\Program\NORTON~2\navapw32.exe

C:\Program\Norton Internet Security\IAMAPP.EXE

C:\WINDOWS\System32\DSentry.exe

C:\Program\Delade filer\{B40B04D6-07CA-1053-0817-02060502002e}\Update.exe

C:\Program\HEWLET~1\HPSHAR~1\hpgs2wnf.exe

C:\Documents and Settings\Bengt Dahlström\Application Data\A?pPatch\n?lookup.exe

C:\Program\Logitech\MouseWare\system\em_exec.exe

C:\DOCUME~1\BENGTD~1\LOKALA~1\Temp\svchost.exe

C:\Program\SUPERAntiSpyware\SUPERAntiSpyware.exe

C:\WINDOWS\System32\ctfmon.exe

C:\Program\Norton Internet Security\ATRACK.EXE

C:\Program\WinZip\WZQKPICK.EXE

C:\Program\LG PC Suite\LG Internet Kit\LGInternetKit.exe

C:\Program\Internet Explorer\iexplore.exe

C:\Program\Internet Explorer\iexplore.exe

C:\Program\Hijackthis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.kilskogen.com/

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.euro.dell.com/countries/se/sve/gen/default.htm

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar

R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - (no file)

R3 - URLSearchHook: (no name) - {F3C8EF95-260C-24F3-7634-28D74D086595} - C:\WINDOWS\System32\czzi.dll

O2 - BHO: C:\WINDOWS\System32\zkPeCrypt.dll - {8A5849C4-93F3-429D-FF34-660A2068897C} - C:\WINDOWS\System32\zkPeCrypt.dll

O2 - BHO: 888Bar - {C004DEC2-2623-438e-9CA2-C9043AB28508} - C:\Program\DELADE~1\{340B0~1\888Bar.dll (file missing)

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: 888Bar - {C004DEC2-2623-438e-9CA2-C9043AB28508} - C:\Program\DELADE~1\{340B0~1\888Bar.dll (file missing)

O4 - HKLM\..\Run: [explorer] C:\Documents and Settings\Bengt Dahlström\Skrivbord\winstall.exe

O4 - HKLM\..\Run: [WINDOWS] C:\egnt.exe

O4 - HKLM\..\Run: [system] C:\WINDOWS\System32\kernels1118.exe

O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program\Logitech\iTouch\iTouch.exe

O4 - HKLM\..\Run: [symantec NetDriver Monitor] C:\Program\SYMNET~1\SNDMon.exe /Consumer

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program\Java\jre1.5.0_07\bin\jusched.exe

O4 - HKLM\..\Run: [sSC_UserPrompt] C:\Program\Delade filer\Symantec Shared\Security Center\UsrPrmpt.exe

O4 - HKLM\..\Run: [share-to-Web Namespace Daemon] C:\Program\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe

O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe

O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe

O4 - HKLM\..\Run: [NAV Agent] C:\Program\NORTON~2\navapw32.exe

O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe

O4 - HKLM\..\Run: [iamapp] C:\Program\Norton Internet Security\IAMAPP.EXE

O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe

O4 - HKLM\..\Run: [Apoint] C:\Program\Apoint\Apoint.exe

O4 - HKLM\..\RunServices: [systemTools] C:\WINDOWS\System32\kernels1118.exe

O4 - HKCU\..\Run: [Mtt] C:\Documents and Settings\Bengt Dahlström\Application Data\A?pPatch\n?lookup.exe

O4 - HKCU\..\Run: [Recoveru systems] C:\DOCUME~1\BENGTD~1\LOKALA~1\Temp\svchost.exe

O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program\SUPERAntiSpyware\SUPERAntiSpyware.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe

O4 - Startup: MyWebSearch Email Plugin.lnk = C:\Program\MyWebSearch\bar\1.bin\MWSOEMON.EXE

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program\Delade filer\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program\Microsoft Office\Office10\OSA.EXE

O4 - Global Startup: MyWebSearch Email Plugin.lnk = C:\Program\MyWebSearch\bar\1.bin\MWSOEMON.EXE

O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program\WinZip\WZQKPICK.EXE

O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZCxdm407YYSE

O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_07\bin\ssv.dll

O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/ei/CursorManiaFWBInitialSetup1.0.0.15.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1132321505680

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1132323289038

O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab

O16 - DPF: {E055C02E-6258-40FF-80A7-3BDA52FACAD7} - http://activex.matcash.com/speedtest2.dll

O17 - HKLM\System\CCS\Services\Tcpip\..\{DB78898E-324A-4F33-BE98-9AEE792E8EB2}: NameServer = 80.251.192.244 80.251.192.245

O20 - Winlogon Notify: !SASWinLogon - C:\Program\SUPERAntiSpyware\SASWINLO.dll

O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program\Canon\CAL\CALMAIN.exe

O23 - Service: Microsoft authenticate service (MsaSvc) - Unknown owner - C:\WINDOWS\System32\msasvc.exe

O23 - Service: Norton Internet Security Service (NISSERV) - Symantec Corporation - C:\Program\Norton Internet Security\NISSERV.EXE

O23 - Service: Norton Internet Security Accounts Manager (NISUM) - Symantec Corporation - C:\Program\Norton Internet Security\NISUM.EXE

O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\Program\DELADE~1\SYMANT~1\SCRIPT~1\SBServ.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\SNDSrvc.exe

O23 - Service: Norton Internet Security Proxy Service (SymProxySvc) - Symantec Corporation - C:\Program\Norton Internet Security\SymProxySvc.exe

O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\Security Center\SymWSC.exe

 

[/log]

 

Link to comment
Share on other sites

Eftersom själva MSN-programmet kan vara infekterat så bör programmet avinstalleras och sedan när datorn är ren så kan det installeras igen.

 

Starta SUPERAntiSpyware , tryck på Preferences, välj filken Statistics/Logs

Dubbelklicka på den äldsta SUPERAntiSpyware Scan Log så att loggen kommer upp i Anteckningar.

Klistra in loggen i ditt svar

 

Bland annat finns det spionprogrammet PurityScan i loggen. Vi börjar med att åtgärda den.

 

Ladda ner http://www.mvps.org/winhelp2002/hosts.zip till Skrivbordet.

Packa upp filen. En ny mapp Hosts skapas på Skrivbordet.

Dubbelklicka på mappen för att öppna den.

Dubbelklicka på filen mvps.bat för att starta programmet.

Detta program kommer att byta ut datorns Hosts-fil så att PurityScan-otrevligheten förhindras komma i kontakt med sin skapare. Det kommer också förhindra att du kan besöka sidor som är ökända för att installera otrevligheter på datorn. Du kan läsa mer om det här:

http://www.mvps.org/winhelp2002/hosts.htm

 

Kontrollpanelen - Lägg till eller ta bort program

Om något av följande finns i listan så ta bort:

Oin

Yazzle by Oin

Purityscan by Oin

Snowballwars by Oin

eller något liknande med Oin eller Outerinfo i sig.

Zolero

Tizzletalk

MediaTickets

Cowabanga

 

Ladda ner och kör avinstallationsprogrammet

http://www.outerinfo.com/OiUninstaller.exe

Om du behöver anvisningar så finns de här: http://www.outerinfo.com/howto.html

 

Starta om datorn

 

Ladda ner ComboFix:

http://download.bleepingcomputer.com/sUBs/combofix.exe

 

Kör den och följ anvisningarna som visas.

 

VIKTIGT! Klicka inte på Combofix-fönstret med musen när den körs annars kan den hänga upp sig.

 

När den är färdig så ska en logg komma upp, klistra in den här, samt en ny HijackThis-logg.

 

Link to comment
Share on other sites

Jag avinstallerade MSN Messenger direkt jag upptäckte viruset. Jag tror inte att jag klarar av det här, får nog lämna in datorn någonstans...

 

Vet inte hur man använder Winzip eller "packar upp" filerna. Jag har laddat ner Winzip.

 

Link to comment
Share on other sites

[log]Bengt Dahlstr”m - 06-12-09 17:41:10,29 Service Pack 1

ComboFix 06.11.27W - Running from: "C:\Documents and Settings\Bengt Dahlstr”m\Skrivbord"

 

(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

 

 

C:\Program\Inetget2

C:\Program\Delade filer\{340B04D6-07CA-1053-0817-02060502002e}

C:\Program\Delade filer\{B40B04D6-07CA-1053-0817-02060502002e}

 

~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ Purity ~ ~ ~ ~ ~ ~ ~ ~~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~

 

Folders Quarantined:

 

C:\QooBox\Purity\Documents and Settings\Bengt Dahlstr”m\Application Data\APPATC~1

C:\QooBox\Purity\WINDOWS\SEMBLY~1

C:\QooBox\Purity\WINDOWS\SEMBLY~1\??sembly

 

 

((((((((((((((((((((((((((((((( Files Created from 2006-11-09 to 2006-12-09 ))))))))))))))))))))))))))))))))))

 

 

2006-12-06 19:55 <KAT> d--hs---- C:\Config.Msi

2006-12-06 19:28 8,759 --a------ C:\Documents and Settings\Bengt Dahlstr”m\tel.exe

2006-12-06 19:28 122,880 --a------ C:\Documents and Settings\Bengt Dahlstr”m\wi.exe

2006-12-06 19:22 39,144 --a------ C:\WINDOWS\SYSTEM32\ipv6mons.dll

2006-12-06 19:20 38,464 --a------ C:\gcue.exe

2006-12-06 19:19 3,584 --a------ C:\WINDOWS\SYSTEM32\msasvc.exe

2006-12-05 20:34 <KAT> d-------- C:\Program\Hijackthis

2006-12-05 18:10 77,824 --a------ C:\Documents and Settings\Bengt Dahlstr”m\hset.exe

2006-12-04 21:28 0 --a------ C:\WINDOWS\SYSTEM32\z16.exe

2006-12-04 21:27 13,032 --a------ C:\WINDOWS\SYSTEM32\ss.exe.exe

2006-12-04 21:27 0 --a------ C:\WINDOWS\SYSTEM32\z14.exe

2006-12-04 21:27 0 --a------ C:\WINDOWS\SYSTEM32\z13.exe

2006-12-04 21:27 0 --a------ C:\WINDOWS\SYSTEM32\z11.exe

2006-12-04 21:26 8,609 --a------ C:\WINDOWS\SYSTEM32\z294.exe

2006-12-04 21:26 6,199 --a------ C:\WINDOWS\SYSTEM32\z2700.exe

2006-12-04 21:26 54,327 --a------ C:\WINDOWS\SYSTEM32\google.png.exe

2006-12-04 21:24 13,312 --a------ C:\WINDOWS\SYSTEM32\z2310.exe

2006-12-04 21:24 <KAT> d-------- C:\WINDOWS\inet20000

2006-12-04 21:23 9,292 --a------ C:\WINDOWS\SYSTEM32\z1843.exe

2006-12-04 21:23 20,480 --a------ C:\WINDOWS\SYSTEM32\z3555.dll

2006-12-04 21:23 10,000 --a------ C:\WINDOWS\SYSTEM32\zkPeCrypt.dll

2006-12-04 21:23 1,941 --a------ C:\xfeq.exe

2006-12-04 21:23 <KAT> d-------- C:\Program\SUPERAntiSpyware

2006-12-04 21:23 <KAT> d-------- C:\Documents and Settings\Bengt Dahlstr”m\Application Data\SUPERAntiSpyware.com

2006-12-04 21:22 16,185 --a------ C:\lwqojwt.exe

2006-12-04 21:18 85,504 --a------ C:\egnt.exe

2006-12-04 21:17 <KAT> d-------- C:\Program\Delade filer\Wise Installation Wizard

2006-12-04 20:25 8,759 --a------ C:\Documents and Settings\Bengt Dahlstr”m\ost.exe

2006-12-04 19:55 122,880 --a------ C:\Documents and Settings\Bengt Dahlstr”m\winstall.exe

2006-12-04 18:38 <KAT> d-------- C:\WINDOWS\pss

2006-11-29 20:13 <KAT> d-------- C:\Documents and Settings\Bengt Dahlstr”m\Application Data\Lavasoft

 

 

(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

 

Rootkit driver pe386 is present. A rootkit scan is required

 

2006-12-09 17:44 -------- d-------- C:\Program\Norton Internet Security

2006-12-09 17:44 -------- d-------- C:\Program\Delade filer\Symantec Shared

2006-12-09 17:44 -------- d-------- C:\Program\Delade filer

2006-12-06 19:55 -------- d-------- C:\Program\MSN Messenger

2006-12-06 18:24 -------- d--h----- C:\Program\InstallShield Installation Information

2006-12-06 18:24 -------- d-------- C:\Program\Dell

2006-11-27 21:01 -------- d-------- C:\Documents and Settings\Bengt Dahlstr”m\Application Data\AdobeUM

2006-11-27 19:38 -------- d-------- C:\Program\WinRAR

2006-11-27 19:37 -------- d-------- C:\Program\LimeWire

2006-11-21 18:28 -------- d---s---- C:\Documents and Settings\Bengt Dahlstr”m\Application Data\Microsoft

2006-09-15 21:52 91904 --a------ C:\WINDOWS\SYSTEM32\S32EVNT1.DLL

 

 

(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

 

*Note* empty entries are not shown

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]

"Recoveru systems"="C:\\DOCUME~1\\BENGTD~1\\LOKALA~1\\Temp\\svchost.exe"

"SUPERAntiSpyware"="C:\\Program\\SUPERAntiSpyware\\SUPERAntiSpyware.exe"

"CTFMON.EXE"="C:\\WINDOWS\\System32\\ctfmon.exe"

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]

"WINDOWS"="C:\\egnt.exe"

"zBrowser Launcher"="C:\\Program\\Logitech\\iTouch\\iTouch.exe"

"Symantec NetDriver Monitor"="C:\\Program\\SYMNET~1\\SNDMon.exe /Consumer"

"SunJavaUpdateSched"="C:\\Program\\Java\\jre1.5.0_07\\bin\\jusched.exe"

"SSC_UserPrompt"="C:\\Program\\Delade filer\\Symantec Shared\\Security Center\\UsrPrmpt.exe"

"Share-to-Web Namespace Daemon"="C:\\Program\\Hewlett-Packard\\HP Share-to-Web\\hpgs2wnd.exe"

"PCTVOICE"="pctspk.exe"

"NeroCheck"="C:\\WINDOWS\\System32\\NeroCheck.exe"

"NAV Agent"="C:\\Program\\NORTON~2\\navapw32.exe"

"Logitech Utility"="Logi_MwX.Exe"

"iamapp"="C:\\Program\\Norton Internet Security\\IAMAPP.EXE"

"DVDSentry"="C:\\WINDOWS\\System32\\DSentry.exe"

"Apoint"="C:\\Program\\Apoint\\Apoint.exe"

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]

"Installed"="1"

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]

"Installed"="1"

"NoChange"="1"

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]

"Installed"="1"

 

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]

"DeskHtmlVersion"=dword:00000110

"DeskHtmlMinorVersion"=dword:00000005

"Settings"=dword:00000001

"GeneralFlags"=dword:00000005

 

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]

"Source"="About:Home"

"SubscribedURL"="About:Home"

"FriendlyName"="Min aktuella startsida"

"Flags"=dword:00000002

"Position"=hex:2c,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,de,02,00,00,00, 00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00

"CurrentState"=hex:04,00,00,40

"OriginalStateInfo"=hex:18,00,00,00,06,01,00,00,00,00,00,00,06,01,00,00,00,03, 00,00,04,00,00,40

"RestoredStateInfo"=hex:18,00,00,00,06,01,00,00,00,00,00,00,06,01,00,00,00,03, 00,00,01,00,00,00

 

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]

"CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"

"ALUAlert"="C:\\Program\\Symantec\\LiveUpdate\\ALUNotify.exe"

 

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]

"CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"

"ALUAlert"="C:\\Program\\Symantec\\LiveUpdate\\ALUNotify.exe"

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]

"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"

"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

"{8A5849C4-93F3-429D-FF34-660A2068897C}"="OpenGL additional"

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]

"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=""

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"NoDriveTypeAutoRun"=dword:00000091

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"dontdisplaylastusername"=dword:00000000

"legalnoticecaption"=""

"legalnoticetext"=""

"shutdownwithoutlogon"=dword:00000001

"undockwithoutlogon"=dword:00000001

 

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]

"NoDriveTypeAutoRun"=dword:00000091

"CDRAutoRun"=dword:00000000

 

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]

"NoDriveTypeAutoRun"=dword:00000091

"CDRAutoRun"=dword:00000000

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]

"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"

"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"

"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"

"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"

 

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]

"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

 

 

 

~ ~ ~ ~ ~ ~ ~ ~ Hijackthis Backups ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~

 

backup-20061206-190509-976

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell.com/countries/se/sve/gen/default.htm

 

Contents of the 'Scheduled Tasks' folder

C:\WINDOWS\tasks\Norton AntiVirus - S”k igenom datorn.job

C:\WINDOWS\tasks\Symantec NetDetect.job

 

Completion time: 06-12-09 17:44:30.39

C:\ComboFix.txt ... 06-12-09 17:44

[/log]

 

Link to comment
Share on other sites

[log]SUPERAntiSpyware Scan Log

Generated 12/08/2006 at 07:32 PM

 

Application Version : 3.3.1020

 

Core Rules Database Version : 3107

Trace Rules Database Version: 0

 

Scan type : Quick Scan

Total Scan Time : 00:13:07

 

Memory items scanned : 363

Memory threats detected : 1

Registry items scanned : 829

Registry threats detected : 113

File items scanned : 15366

File threats detected : 26

 

Adware.ClickSpring/Resident

C:\DOCUMENTS AND SETTINGS\BENGT DAHLSTRöM\APPLICATION DATA\A?PPATCH\N?LOOKUP.EXE

C:\DOCUMENTS AND SETTINGS\BENGT DAHLSTRöM\APPLICATION DATA\A?PPATCH\N?LOOKUP.EXE

 

Adware.MyWay

HKCR\CLSID\{0494D0D1-F8E0-41AD-92A3-14154ECE70AC}

HKCR\CLSID\{0494D0D1-F8E0-41AD-92A3-14154ECE70AC}\InprocServer32

HKCR\CLSID\{0494D0D1-F8E0-41AD-92A3-14154ECE70AC}\InprocServer32#ThreadingModel

HKCR\CLSID\{0494D0D1-F8E0-41AD-92A3-14154ECE70AC}\Programmable

HKCR\CLSID\{0494D0D1-F8E0-41AD-92A3-14154ECE70AC}\TypeLib

HKCR\CLSID\{0494D0D9-F8E0-41AD-92A3-14154ECE70AC}

HKCR\CLSID\{0494D0D9-F8E0-41AD-92A3-14154ECE70AC}\InprocServer32

HKCR\CLSID\{0494D0D9-F8E0-41AD-92A3-14154ECE70AC}\InprocServer32#ThreadingModel

HKCR\CLSID\{0494D0D9-F8E0-41AD-92A3-14154ECE70AC}\Programmable

HKCR\CLSID\{0494D0D9-F8E0-41AD-92A3-14154ECE70AC}\TypeLib

HKCR\CLSID\{014DA6C9-189F-421A-88CD-07CFE51CFF10}

HKCR\CLSID\{014DA6C9-189F-421A-88CD-07CFE51CFF10}\InProcServer32

HKCR\MyWayToolBar.NetscapeShutdown

HKCR\MyWayToolBar.NetscapeShutdown\CLSID

HKCR\MyWayToolBar.NetscapeShutdown\CurVer

HKCR\MyWayToolBar.NetscapeShutdown.1

HKCR\MyWayToolBar.NetscapeShutdown.1\CLSID

HKCR\MyWayToolBar.NetscapeStartup

HKCR\MyWayToolBar.NetscapeStartup\CLSID

HKCR\MyWayToolBar.NetscapeStartup\CurVer

HKCR\MyWayToolBar.NetscapeStartup.1

HKCR\MyWayToolBar.NetscapeStartup.1\CLSID

HKCR\MyWayToolBar.SettingsPlugin

HKCR\MyWayToolBar.SettingsPlugin\CLSID

HKCR\MyWayToolBar.SettingsPlugin\CurVer

HKCR\MyWayToolBar.SettingsPlugin.1

HKCR\MyWayToolBar.SettingsPlugin.1\CLSID

HKCR\CLSID\{014DA6CD-189F-421a-88CD-07CFE51CFF10}

HKCR\CLSID\{014DA6CD-189F-421a-88CD-07CFE51CFF10}\InProcServer32

HKCR\CLSID\{0494D0D2-F8E0-41ad-92A3-14154ECE70AC}

HKCR\CLSID\{0494D0D2-F8E0-41ad-92A3-14154ECE70AC}\Control

HKCR\CLSID\{0494D0D2-F8E0-41ad-92A3-14154ECE70AC}\InprocServer32

HKCR\CLSID\{0494D0D2-F8E0-41ad-92A3-14154ECE70AC}\InprocServer32#ThreadingModel

HKCR\CLSID\{0494D0D2-F8E0-41ad-92A3-14154ECE70AC}\MiscStatus

HKCR\CLSID\{0494D0D2-F8E0-41ad-92A3-14154ECE70AC}\MiscStatus\1

HKCR\CLSID\{0494D0D2-F8E0-41ad-92A3-14154ECE70AC}\Programmable

HKCR\CLSID\{0494D0D2-F8E0-41ad-92A3-14154ECE70AC}\TypeLib

HKCR\CLSID\{0494D0D2-F8E0-41ad-92A3-14154ECE70AC}\Version

HKCR\CLSID\{0494D0D3-F8E0-41ad-92A3-14154ECE70AC}

HKCR\CLSID\{0494D0D3-F8E0-41ad-92A3-14154ECE70AC}\Control

HKCR\CLSID\{0494D0D3-F8E0-41ad-92A3-14154ECE70AC}\InprocServer32

HKCR\CLSID\{0494D0D3-F8E0-41ad-92A3-14154ECE70AC}\InprocServer32#ThreadingModel

HKCR\CLSID\{0494D0D3-F8E0-41ad-92A3-14154ECE70AC}\MiscStatus

HKCR\CLSID\{0494D0D3-F8E0-41ad-92A3-14154ECE70AC}\MiscStatus\1

HKCR\CLSID\{0494D0D3-F8E0-41ad-92A3-14154ECE70AC}\Programmable

HKCR\CLSID\{0494D0D3-F8E0-41ad-92A3-14154ECE70AC}\TypeLib

HKCR\CLSID\{0494D0D3-F8E0-41ad-92A3-14154ECE70AC}\Version

HKCR\CLSID\{0494D0D5-F8E0-41ad-92A3-14154ECE70AC}

HKCR\CLSID\{0494D0D5-F8E0-41ad-92A3-14154ECE70AC}\InprocServer32

HKCR\CLSID\{0494D0D5-F8E0-41ad-92A3-14154ECE70AC}\InprocServer32#ThreadingModel

HKCR\CLSID\{0494D0D5-F8E0-41ad-92A3-14154ECE70AC}\ProgID

HKCR\CLSID\{0494D0D5-F8E0-41ad-92A3-14154ECE70AC}\Programmable

HKCR\CLSID\{0494D0D5-F8E0-41ad-92A3-14154ECE70AC}\TypeLib

HKCR\CLSID\{0494D0D5-F8E0-41ad-92A3-14154ECE70AC}\VersionIndependentProgID

HKCR\CLSID\{0494D0D7-F8E0-41ad-92A3-14154ECE70AC}

HKCR\CLSID\{0494D0D7-F8E0-41ad-92A3-14154ECE70AC}\InprocServer32

HKCR\CLSID\{0494D0D7-F8E0-41ad-92A3-14154ECE70AC}\InprocServer32#ThreadingModel

HKCR\CLSID\{0494D0D7-F8E0-41ad-92A3-14154ECE70AC}\ProgID

HKCR\CLSID\{0494D0D7-F8E0-41ad-92A3-14154ECE70AC}\Programmable

HKCR\CLSID\{0494D0D7-F8E0-41ad-92A3-14154ECE70AC}\TypeLib

HKCR\CLSID\{0494D0D7-F8E0-41ad-92A3-14154ECE70AC}\VersionIndependentProgID

HKCR\CLSID\{0494D0DB-F8E0-41ad-92A3-14154ECE70AC}

HKCR\CLSID\{0494D0DB-F8E0-41ad-92A3-14154ECE70AC}\Control

HKCR\CLSID\{0494D0DB-F8E0-41ad-92A3-14154ECE70AC}\InprocServer32

HKCR\CLSID\{0494D0DB-F8E0-41ad-92A3-14154ECE70AC}\InprocServer32#ThreadingModel

HKCR\CLSID\{0494D0DB-F8E0-41ad-92A3-14154ECE70AC}\MiscStatus

HKCR\CLSID\{0494D0DB-F8E0-41ad-92A3-14154ECE70AC}\MiscStatus\1

HKCR\CLSID\{0494D0DB-F8E0-41ad-92A3-14154ECE70AC}\ProgID

HKCR\CLSID\{0494D0DB-F8E0-41ad-92A3-14154ECE70AC}\Programmable

HKCR\CLSID\{0494D0DB-F8E0-41ad-92A3-14154ECE70AC}\TypeLib

HKCR\CLSID\{0494D0DB-F8E0-41ad-92A3-14154ECE70AC}\Version

HKCR\CLSID\{0494D0DB-F8E0-41ad-92A3-14154ECE70AC}\VersionIndependentProgID

HKCR\TypeLib\{0494D0D0-F8E0-41AD-92A3-14154ECE70AC}

HKCR\TypeLib\{0494D0D0-F8E0-41AD-92A3-14154ECE70AC}\1.0

HKCR\TypeLib\{0494D0D0-F8E0-41AD-92A3-14154ECE70AC}\1.0\0

HKCR\TypeLib\{0494D0D0-F8E0-41AD-92A3-14154ECE70AC}\1.0\0\win32

HKCR\TypeLib\{0494D0D0-F8E0-41AD-92A3-14154ECE70AC}\1.0\FLAGS

HKCR\TypeLib\{0494D0D0-F8E0-41AD-92A3-14154ECE70AC}\1.0\HELPDIR

HKLM\Software\MyWay

HKLM\Software\MyWay\myBar

HKLM\Software\MyWay\myBar#Dir

HKLM\Software\MyWay\myBar#ShzmCurInstall

HKLM\Software\MyWay\myBar#pid

HKLM\Software\MyWay\myBar#strings

HKLM\Software\MyWay\myBar#CurInstall

HKLM\Software\MyWay\myBar#sr

HKLM\Software\MyWay\myBar#pl

HKLM\Software\MyWay\myBar#Id

HKLM\Software\MyWay\myBar#Build

HKLM\Software\MyWay\myBar#CacheDir

HKLM\Software\MyWay\myBar#HistoryDir

HKLM\Software\MyWay\myBar#Visible

HKLM\Software\MyWay\myBar#SettingsDir

HKLM\Software\MyWay\myBar#ConfigRevision

HKLM\Software\MyWay\myBar#ConfigRevisionURL

HKLM\Software\MyWay\myBar#ConfigDateStamp

HKLM\Software\MyWay\myBar#Maximized

HKLM\Software\MyWay\myBar\partner

HKLM\Software\MyWay\myBar\partner#bitmap

HKLM\Software\MyWay\myBar\partner#name

HKLM\Software\MyWay\myBar\partner#test

HKLM\Software\MyWay\myBar\partner#PM-Home

HKLM\Software\MyWay\myBar\partner#PM-Points

HKLM\Software\MyWay\myBar\partner#PM-Redeem

HKLM\Software\MyWay\myBar\partner#PM-Wallet

HKLM\Software\MyWay\myBar\partner#PM-Settings

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\My Way Speedbar Uninstall

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\My Way Speedbar Uninstall#DisplayName

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\My Way Speedbar Uninstall#HelpLink

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\My Way Speedbar Uninstall#Publisher

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\My Way Speedbar Uninstall#UninstallString

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\My Way Speedbar Uninstall#UrlInfoAbout

HKLM\Software\Microsoft\Internet Explorer\Toolbar#{0494D0D9-F8E0-41ad-92A3-14154ECE70AC}

C:\Program\MyWay\myBar\1.bin\MY2NS.EXE

C:\Program\MyWay\myBar\1.bin\MYBAR.DLL

C:\Program\MyWay\myBar\1.bin\MYWAYPLUGINPROXY.CLASS

C:\Program\MyWay\myBar\1.bin\NPMYWAY.DLL

C:\Program\MyWay\myBar\1.bin\PARTNER.BMP

C:\Program\MyWay\myBar\1.bin\PARTNER.DAT

C:\Program\MyWay\myBar\1.bin\PARTNER2.DAT

C:\Program\MyWay\myBar\1.bin\PARTNER3.DAT

C:\Program\MyWay\myBar\1.bin\PARTNER4.DAT

C:\Program\MyWay\myBar\1.bin\PARTNER5.DAT

C:\Program\MyWay\myBar\1.bin\PARTNER6.DAT

C:\Program\MyWay\myBar\1.bin

C:\Program\MyWay\myBar\Cache\003AD60C

C:\Program\MyWay\myBar\Cache\003AE0A6

C:\Program\MyWay\myBar\Cache\003AE40D.bin

C:\Program\MyWay\myBar\Cache\003AE756.bin

C:\Program\MyWay\myBar\Cache\003AEB68.bin

C:\Program\MyWay\myBar\Cache\files.ini

C:\Program\MyWay\myBar\Cache

C:\Program\MyWay\myBar\History\search

C:\Program\MyWay\myBar\History

C:\Program\MyWay\myBar\Settings\prevcfg.htm

C:\Program\MyWay\myBar\Settings

C:\Program\MyWay\myBar

C:\Program\MyWay

[/log]

 

Link to comment
Share on other sites

Sedan ett par dagar kan jag inte se bilder m.m. Det är bara en röd tringel, en grön rund cirkel och en blå triangel där det "normalt" ska vara en bild eller knapp. Har det med viruset att göra?

 

Link to comment
Share on other sites

Jag tror inte jag klarar av det här

 

Ge inte upp,med Cecilias hjälp klarar du av det,det kommer att ordna

sig.....:thumbsup::)

 

Link to comment
Share on other sites

Jag tvivlar inte på hennes kunskaper men på mina egna... Känns så hopplöst att sitta med en värdelös dator, kan inte betala räkningar, sköta uppdateringar med mera.

 

Link to comment
Share on other sites

Inga av dess...

Oin

Yazzle by Oin

Purityscan by Oin

Snowballwars by Oin

eller något liknande med Oin eller Outerinfo i sig.

Zolero

Tizzletalk

MediaTickets

Cowabanga

 

...fanns föresten.

 

Link to comment
Share on other sites

Det gick ju bra det där. :thumbsup: Du har fått bort en massa otrevligheter.

 

Starta SUPERAntiSpyware, klicka på Check for updates.

Skanna datorn med programmet igen när uppdateringen är klar.

 

Skanna sedan med HijackThis och klistra in den loggen.

 

Link to comment
Share on other sites

[log]Logfile of HijackThis v1.99.1

Scan saved at 20:50, on 06-12-09

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program\Delade filer\Microsoft Shared\VS7Debug\mdm.exe

C:\Program\Norton Internet Security\NISUM.EXE

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\System32\nvsvc32.exe

C:\WINDOWS\System32\svchost.exe

C:\Program\Norton Internet Security\SymProxySvc.exe

C:\Program\Norton Internet Security\NISSERV.EXE

C:\Program\Logitech\iTouch\iTouch.exe

C:\Program\Java\jre1.5.0_07\bin\jusched.exe

C:\Program\Delade filer\Symantec Shared\Security Center\UsrPrmpt.exe

C:\Program\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe

C:\WINDOWS\System32\pctspk.exe

C:\Program\NORTON~2\navapw32.exe

C:\Program\Norton Internet Security\IAMAPP.EXE

C:\WINDOWS\System32\DSentry.exe

C:\Program\HEWLET~1\HPSHAR~1\hpgs2wnf.exe

C:\Program\SUPERAntiSpyware\SUPERAntiSpyware.exe

C:\Program\Canon\CAL\CALMAIN.exe

C:\WINDOWS\System32\ctfmon.exe

C:\Program\Logitech\MouseWare\system\em_exec.exe

C:\Program\WinZip\WZQKPICK.EXE

C:\Program\Norton Internet Security\ATRACK.EXE

C:\WINDOWS\System32\wuauclt.exe

C:\Program\LG PC Suite\LG Internet Kit\LGInternetKit.exe

C:\Program\Internet Explorer\iexplore.exe

C:\Program\Hijackthis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.kilskogen.com/

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.euro.dell.com/countries/se/sve/gen/default.htm

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar

O2 - BHO: C:\WINDOWS\System32\zkPeCrypt.dll - {8A5849C4-93F3-429D-FF34-660A2068897C} - C:\WINDOWS\System32\zkPeCrypt.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program\Norton AntiVirus\NavShExt.dll

O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program\Logitech\iTouch\iTouch.exe

O4 - HKLM\..\Run: [symantec NetDriver Monitor] C:\Program\SYMNET~1\SNDMon.exe /Consumer

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program\Java\jre1.5.0_07\bin\jusched.exe

O4 - HKLM\..\Run: [sSC_UserPrompt] C:\Program\Delade filer\Symantec Shared\Security Center\UsrPrmpt.exe

O4 - HKLM\..\Run: [share-to-Web Namespace Daemon] C:\Program\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe

O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe

O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe

O4 - HKLM\..\Run: [NAV Agent] C:\Program\NORTON~2\navapw32.exe

O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe

O4 - HKLM\..\Run: [iamapp] C:\Program\Norton Internet Security\IAMAPP.EXE

O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe

O4 - HKLM\..\Run: [Apoint] C:\Program\Apoint\Apoint.exe

O4 - HKCU\..\Run: [Recoveru systems] C:\DOCUME~1\BENGTD~1\LOKALA~1\Temp\svchost.exe

O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program\SUPERAntiSpyware\SUPERAntiSpyware.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe

O4 - Startup: MyWebSearch Email Plugin.lnk = C:\Program\MyWebSearch\bar\1.bin\MWSOEMON.EXE

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program\Delade filer\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program\Microsoft Office\Office10\OSA.EXE

O4 - Global Startup: MyWebSearch Email Plugin.lnk = C:\Program\MyWebSearch\bar\1.bin\MWSOEMON.EXE

O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program\WinZip\WZQKPICK.EXE

O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZCxdm407YYSE

O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_07\bin\ssv.dll

O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/ei/CursorManiaFWBInitialSetup1.0.0.15.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1132321505680

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1132323289038

O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab

O16 - DPF: {E055C02E-6258-40FF-80A7-3BDA52FACAD7} - http://activex.matcash.com/speedtest2.dll

O17 - HKLM\System\CCS\Services\Tcpip\..\{DB78898E-324A-4F33-BE98-9AEE792E8EB2}: NameServer = 80.251.192.244 80.251.192.245

O20 - Winlogon Notify: !SASWinLogon - C:\Program\SUPERAntiSpyware\SASWINLO.dll

O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program\Canon\CAL\CALMAIN.exe

O23 - Service: Norton Internet Security Service (NISSERV) - Symantec Corporation - C:\Program\Norton Internet Security\NISSERV.EXE

O23 - Service: Norton Internet Security Accounts Manager (NISUM) - Symantec Corporation - C:\Program\Norton Internet Security\NISUM.EXE

O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\Program\DELADE~1\SYMANT~1\SCRIPT~1\SBServ.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\SNDSrvc.exe

O23 - Service: Norton Internet Security Proxy Service (SymProxySvc) - Symantec Corporation - C:\Program\Norton Internet Security\SymProxySvc.exe

O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\Security Center\SymWSC.exe

 

[/log]

 

Link to comment
Share on other sites

Gå till http://www.virustotal.com/ klistra in ett av följande filnamn i rutan, tryck på Send och vänta tills resultatet är klart (Status blir Finished). Klistra in resultatet (inkl. filstorlek) här. Upprepa med nästa filnamn.

C:\DOCUME~1\BENGTD~1\LOKALA~1\Temp\svchost.exe

C:\WINDOWS\System32\zkPeCrypt.dll

 

Kontrollpanelen - Lägg till eller ta bort program

Ta bort MyWebSearch om den finns där

 

Link to comment
Share on other sites

Första klar...

 

STATUS: FINISHEDComplete scanning result of "svchost.exe", received in VirusTotal at 12.10.2006, 08:27:53 (CET).

 

Antivirus Version Update Result

AntiVir 7.2.0.49 12.08.2006 no virus found

Authentium 4.93.8 12.08.2006 no virus found

Avast 4.7.892.0 12.08.2006 no virus found

AVG 386 12.09.2006 no virus found

BitDefender 7.2 12.10.2006 no virus found

CAT-QuickHeal 8.00 12.09.2006 no virus found

ClamAV devel-20060426 12.09.2006 no virus found

DrWeb 4.33 12.09.2006 no virus found

eSafe 7.0.14.0 12.07.2006 no virus found

eTrust-InoculateIT 23.73.81 12.09.2006 no virus found

eTrust-Vet 30.3.3238 12.08.2006 no virus found

Ewido 4.0 12.09.2006 no virus found

Fortinet 2.82.0.0 12.10.2006 no virus found

F-Prot 3.16f 12.08.2006 no virus found

F-Prot4 4.2.1.29 12.08.2006 no virus found

Ikarus T3.1.0.26 12.07.2006 no virus found

Kaspersky 4.0.2.24 12.10.2006 no virus found

McAfee 4914 12.08.2006 no virus found

Microsoft 1.1804 12.10.2006 no virus found

NOD32v2 1913 12.09.2006 no virus found

Norman 5.80.02 12.08.2006 no virus found

Panda 9.0.0.4 12.09.2006 no virus found

Prevx1 V2 12.10.2006 no virus found

Sophos 4.12.0 12.08.2006 no virus found

Sunbelt 2.2.907.0 11.30.2006 no virus found

TheHacker 6.0.3.130 12.06.2006 no virus found

UNA 1.83 12.08.2006 no virus found

VBA32 3.11.1 12.10.2006 no virus found

VirusBuster 4.3.15:9 12.09.2006 no virus found

 

 

Aditional Information

File size: 0 bytes

MD5: d41d8cd98f00b204e9800998ecf8427e

SHA1: da39a3ee5e6b4b0d3255bfef95601890afd80709

 

Link to comment
Share on other sites

I nummer två verkar det finnas en hel del otäcka saker...

 

Antivirus Version Update Result

AntiVir 7.2.0.49 12.08.2006 TR/Agent.10000.9

Authentium 4.93.8 12.08.2006 no virus found

Avast 4.7.892.0 12.08.2006 no virus found

AVG 386 12.09.2006 Generic2.LLN

BitDefender 7.2 12.10.2006 Trojan.Downloader.Bensort.A

CAT-QuickHeal 8.00 12.09.2006 no virus found

ClamAV devel-20060426 12.09.2006 no virus found

DrWeb 4.33 12.09.2006 Trojan.DownLoader.15676

eSafe 7.0.14.0 12.07.2006 no virus found

eTrust-InoculateIT 23.73.81 12.09.2006 no virus found

eTrust-Vet 30.3.3238 12.08.2006 no virus found

Ewido 4.0 12.09.2006 no virus found

Fortinet 2.82.0.0 12.10.2006 W32/Dloadr.ARF!tr.dldr

F-Prot 3.16f 12.08.2006 no virus found

F-Prot4 4.2.1.29 12.08.2006 no virus found

Ikarus T3.1.0.26 12.07.2006 no virus found

Kaspersky 4.0.2.24 12.10.2006 Trojan-Downloader.Win32.Small.ddx

McAfee 4914 12.08.2006 no virus found

Microsoft 1.1804 12.10.2006 no virus found

NOD32v2 1913 12.09.2006 no virus found

Norman 5.80.02 12.08.2006 no virus found

Panda 9.0.0.4 12.09.2006 Suspicious file

Prevx1 V2 12.10.2006 Dropper.Payload

Sophos 4.12.0 12.08.2006 Troj/Dloadr-ARF

Sunbelt 2.2.907.0 11.30.2006 VIPRE.Suspicious

TheHacker 6.0.3.130 12.06.2006 no virus found

UNA 1.83 12.08.2006 TrojanDownloader.Win32.Small.B5BE

VBA32 3.11.1 12.10.2006 Trojan-Downloader.Win32.Small.ddx

VirusBuster 4.3.15:9 12.09.2006 Trojan.DL.Small.FOC

 

 

Aditional Information

File size: 10000 bytes

MD5: bc02cf257305c501c31dc0766d031d99

SHA1: cc81b8ae6208fe654fe91a2982cd3d418679d5fa

packers: PECOMPACT

packers: PecBundle, PECompact

Prevx info: http://fileinfo.prevx.com/fileinfo.asp?PXC=f8ec60232913

Sunbelt info: VIPRE.Suspicious is a generic detection for potential threats that are deemed suspicious through heuristics.

 

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.



×
×
  • Create New...