Just nu i M3-nätverket
Jump to content

Trojan Vundo


The_Atheist

Recommended Posts

Hej!

Jag har tydligen drabbats av trojan Vundo, jag får konstant virusvarningar av Norton som inet går att få bort, det kommer popups varje gång jag startar Mozilla och so on. Jag har lokaliserat filen som det utgår ifrån och mappen ligger på C:/Windows och heter addins och där finns en enda fil som är en .dll fil och heter vaiwn.dll. jag har försökt att ta bort denna med norton i felsäkert läge men det är inte möjligt. jag har försökt att ta bort den genom att bara trycka delete men då säger den att filen används av ett annat programm eller dator, vilket det är konstigt att den säger i felsäkert läge.

Jag skickar nu med en hijack log:

 

[log]Logfile of HijackThis v1.99.1

Scan saved at 18:38:24, on 2006-12-07

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\System32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program\Norton AntiVirus\navapsvc.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\ZoneLabs\vsmon.exe

C:\WINDOWS\system32\WebUpdateSvc.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\Program\Delade filer\Symantec Shared\Security Center\SymWSC.exe

C:\WINDOWS\Explorer.EXE

C:\Program\Zone Labs\ZoneAlarm\zlclient.exe

C:\Program\Viewpoint\Viewpoint Manager\ViewMgr.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\Program\NORTON~1\navapw32.exe

C:\Program\D-Tools\daemon.exe

C:\Program\ATI Technologies\ATI Control Panel\atiptaxx.exe

C:\Program\D-Link\AirPlus G\AirGCFG.exe

C:\Program\QuickTime\qttask.exe

C:\Program\iTunes\iTunesHelper.exe

C:\Program\Winamp\winampa.exe

C:\Program\MSN Messenger\msnmsgr.exe

C:\Program\iPod\bin\iPodService.exe

C:\WINDOWS\system32\svchost.exe

C:\Program\Mozilla Firefox\firefox.exe

C:\WINDOWS\System32\svchost.exe

C:\Documents and Settings\Linnea\Skrivbord\hijackthis\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - Default URLSearchHook is missing

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program\Canon\Easy-WebPrint\Toolband.dll

O3 - Toolbar: (no name) - {74DD705D-6834-439C-A735-A6DBE2677452} - (no file)

O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program\Zone Labs\ZoneAlarm\zlclient.exe"

O4 - HKLM\..\Run: [ViewMgr] "C:\Program\Viewpoint\Viewpoint Manager\ViewMgr.exe"

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [NAV Agent] C:\Program\NORTON~1\navapw32.exe

O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon

O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program\D-Tools\daemon.exe" -lang 1033

O4 - HKLM\..\Run: [ATIPTA] "C:\Program\ATI Technologies\ATI Control Panel\atiptaxx.exe"

O4 - HKLM\..\Run: [D-Link AirPlus G] "C:\Program\D-Link\AirPlus G\AirGCFG.exe"

O4 - HKLM\..\Run: [NVMixerTray] "C:\Program\NVIDIA Corporation\NvMixer\NVMixerTray.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [WinampAgent] C:\Program\Winamp\winampa.exe

O4 - HKLM\..\Run: [explorer] C:\Documents and Settings\Linnea\Skrivbord\winstall.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Program\MSN Messenger\msnmsgr.exe" /background

O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~2\Office10\EXCEL.EXE/3000

O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html

O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html

O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html

O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program\Canon\Easy-WebPrint\Resource.dll/RC_Print.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra button: MultiPoker - {641F4F4E-6C91-4159-869E-9F5CE6F0F64E} - C:\Program\MultiPoker\MultiPoker.exe (file missing)

O9 - Extra 'Tools' menuitem: MultiPoker - {641F4F4E-6C91-4159-869E-9F5CE6F0F64E} - C:\Program\MultiPoker\MultiPoker.exe (file missing)

O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program\PartyGaming\PartyPoker\RunApp.exe

O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program\PartyGaming\PartyPoker\RunApp.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://pnkrckr569.spaces.msn.com//PhotoUpload/MsnPUpld.cab

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program\MSNMES~1\MSGRAP~1.DLL

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program\Delade filer\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program\Delade filer\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program\iPod\bin\iPodService.exe

O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program\Delade filer\Sony Shared\AVLib\MSCSPTISRV.exe

O23 - Service: Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program\Norton AntiVirus\navapsvc.exe

O23 - Service: PACSPTISVR - Sony Corporation - C:\Program\Delade filer\Sony Shared\AVLib\PACSPTISVR.exe

O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\Program\DELADE~1\SYMANT~1\SCRIPT~1\SBServ.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\SNDSrvc.exe

O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program\Delade filer\Sony Shared\AVLib\SPTISRV.exe

O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\Security Center\SymWSC.exe

O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

O23 - Service: Web Update Service by PowerProgrammer (WebUpdate) - Data Perceptions / PowerProgrammer - C:\WINDOWS\system32\WebUpdateSvc.exe[/log]

 

[inlägget ändrat 2006-12-07 18:40:20 av The_Atheist]

Link to comment
Share on other sites

Öppna mappen hijackthis på Skrivbordet och byt namn på programmet HijackThis.exe till något annat, t ex rensning.exe, skapa sedan en ny logg som klistras in här så ska det nog gå att se Vundo-filerna.

 

Är det en otrevlighet som kommit in via en länk i MSN?

 

Link to comment
Share on other sites

ja det tror jag

 

[log]Logfile of HijackThis v1.99.1

Scan saved at 22:17:53, on 2006-12-07

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\System32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program\Norton AntiVirus\navapsvc.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\ZoneLabs\vsmon.exe

C:\WINDOWS\system32\WebUpdateSvc.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\Program\Delade filer\Symantec Shared\Security Center\SymWSC.exe

C:\Program\Zone Labs\ZoneAlarm\zlclient.exe

C:\Program\Viewpoint\Viewpoint Manager\ViewMgr.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\Program\NORTON~1\navapw32.exe

C:\Program\D-Tools\daemon.exe

C:\Program\ATI Technologies\ATI Control Panel\atiptaxx.exe

C:\Program\D-Link\AirPlus G\AirGCFG.exe

C:\Program\QuickTime\qttask.exe

C:\Program\iTunes\iTunesHelper.exe

C:\Program\Winamp\winampa.exe

C:\Program\MSN Messenger\msnmsgr.exe

C:\Program\iPod\bin\iPodService.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program\Mozilla Firefox\firefox.exe

C:\Program\Internet Explorer\iexplore.exe

C:\WINDOWS\explorer.exe

C:\Program\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe

C:\Documents and Settings\Linnea\Skrivbord\hijackthis\rensning.exe

 

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - Default URLSearchHook is missing

O2 - BHO: (no name) - {35F7813A-AF74-4474-B1DC-7EE6FB6C43C6} - C:\WINDOWS\system32\huwchcsp.dll

O2 - BHO: (no name) - {4A6A8561-913D-439E-A9AC-4F0CF3CB8763} - C:\WINDOWS\addins\vaiwn.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program\SPYBOT~1\SDHelper.dll

O2 - BHO: (no name) - {5A4FD1D6-04F1-4DA6-9CB6-F77E4DBF6834} - (no file)

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program\Java\jre1.5.0_06\bin\ssv.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program\Delade filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program\Canon\Easy-WebPrint\Toolband.dll

O3 - Toolbar: (no name) - {74DD705D-6834-439C-A735-A6DBE2677452} - (no file)

O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program\Zone Labs\ZoneAlarm\zlclient.exe"

O4 - HKLM\..\Run: [ViewMgr] "C:\Program\Viewpoint\Viewpoint Manager\ViewMgr.exe"

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [NAV Agent] C:\Program\NORTON~1\navapw32.exe

O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon

O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program\D-Tools\daemon.exe" -lang 1033

O4 - HKLM\..\Run: [ATIPTA] "C:\Program\ATI Technologies\ATI Control Panel\atiptaxx.exe"

O4 - HKLM\..\Run: [D-Link AirPlus G] "C:\Program\D-Link\AirPlus G\AirGCFG.exe"

O4 - HKLM\..\Run: [NVMixerTray] "C:\Program\NVIDIA Corporation\NvMixer\NVMixerTray.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [WinampAgent] C:\Program\Winamp\winampa.exe

O4 - HKLM\..\Run: [explorer] C:\Documents and Settings\Linnea\Skrivbord\winstall.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Program\MSN Messenger\msnmsgr.exe" /background

O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~2\Office10\EXCEL.EXE/3000

O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html

O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html

O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html

O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program\Canon\Easy-WebPrint\Resource.dll/RC_Print.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra button: MultiPoker - {641F4F4E-6C91-4159-869E-9F5CE6F0F64E} - C:\Program\MultiPoker\MultiPoker.exe (file missing)

O9 - Extra 'Tools' menuitem: MultiPoker - {641F4F4E-6C91-4159-869E-9F5CE6F0F64E} - C:\Program\MultiPoker\MultiPoker.exe (file missing)

O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program\PartyGaming\PartyPoker\RunApp.exe

O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program\PartyGaming\PartyPoker\RunApp.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://pnkrckr569.spaces.msn.com//PhotoUpload/MsnPUpld.cab

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program\MSNMES~1\MSGRAP~1.DLL

O20 - Winlogon Notify: vaiwn - C:\WINDOWS\addins\vaiwn.dll

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program\Delade filer\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program\Delade filer\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program\iPod\bin\iPodService.exe

O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program\Delade filer\Sony Shared\AVLib\MSCSPTISRV.exe

O23 - Service: Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program\Norton AntiVirus\navapsvc.exe

O23 - Service: PACSPTISVR - Sony Corporation - C:\Program\Delade filer\Sony Shared\AVLib\PACSPTISVR.exe

O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\Program\DELADE~1\SYMANT~1\SCRIPT~1\SBServ.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\SNDSrvc.exe

O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program\Delade filer\Sony Shared\AVLib\SPTISRV.exe

O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\Security Center\SymWSC.exe

O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

O23 - Service: Web Update Service by PowerProgrammer (WebUpdate) - Data Perceptions / PowerProgrammer - C:\WINDOWS\system32\WebUpdateSvc.exe[/log]

 

Link to comment
Share on other sites

Ladda ner Vundofix:

http://www.atribune.org/ccount/click.php?id=4

 

Starta om datorn i felsäkert läge (tryck F8 upprepade gånger under uppstarten och välj felsäkert läge i menyn).

 

Dubbelklicka på VundoFix.exe för att starta programmet.

När den startar igen så tryck på Scan for Vundo.

När skanningen är klar så tryck på Remove Vundo.

Svara Ja/Yes på frågan om du vill ta bort filerna.

Därefter kommer Skrivbordet att försvinna medan filerna tas bort.

När det är klart så kommer det en fråga om att din dator kommer att stängas av, tryck på OK.

Sätt igång datorn igen i normalt läge.

 

Om det är så att VundoFix inte kunde ta bort någon fil vid första försöket så kommer VundoFix att starta igen när datorn startas, följ i så fall beskrivningen en gång till.

 

Klistra in C:\vundofix.txt och en ny HijackThis-logg i ditt svar.

 

Link to comment
Share on other sites

okey, nu hoppas jag verkligen att detta funkade men jag har kollat igenom datan och filerna har alltså försvunnit så jag tror det.

 

[log]VundoFix V6.2.13

 

Checking Java version...

 

Sun Java not detected

Scan started at 16:29:01 2006-12-12

 

Listing files found while scanning....

 

C:\WINDOWS\addins\vaiwn.dll

C:\WINDOWS\addins\nwiav.ini

C:\WINDOWS\addins\nwiav.bak1

C:\WINDOWS\addins\nwiav.bak2

 

Beginning removal...

 

Attempting to delete C:\WINDOWS\addins\vaiwn.dll

C:\WINDOWS\addins\vaiwn.dll Could not be deleted.

 

Attempting to delete C:\WINDOWS\addins\nwiav.ini

C:\WINDOWS\addins\nwiav.ini Has been deleted!

 

Attempting to delete C:\WINDOWS\addins\nwiav.bak1

C:\WINDOWS\addins\nwiav.bak1 Has been deleted!

 

Attempting to delete C:\WINDOWS\addins\nwiav.bak2

C:\WINDOWS\addins\nwiav.bak2 Has been deleted!

 

Performing Repairs to the registry.

Done!

 

Beginning removal...

 

Attempting to delete C:\WINDOWS\addins\vaiwn.dll

C:\WINDOWS\addins\vaiwn.dll Has been deleted!

 

Attempting to delete C:\WINDOWS\addins\nwiav.ini

C:\WINDOWS\addins\nwiav.ini Has been deleted!

 

Performing Repairs to the registry.

Done![/log]

 

[log]Logfile of HijackThis v1.99.1

Scan saved at 16:38:52, on 2006-12-12

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\System32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Program\Norton AntiVirus\navapsvc.exe

C:\Program\Viewpoint\Viewpoint Manager\ViewMgr.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\Program\NORTON~1\navapw32.exe

C:\Program\D-Tools\daemon.exe

C:\Program\ATI Technologies\ATI Control Panel\atiptaxx.exe

C:\Program\D-Link\AirPlus G\AirGCFG.exe

C:\Program\QuickTime\qttask.exe

C:\Program\iTunes\iTunesHelper.exe

C:\Program\Winamp\winampa.exe

C:\Program\Zone Labs\ZoneAlarm\zlclient.exe

C:\Program\MSN Messenger\msnmsgr.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\ZoneLabs\vsmon.exe

C:\WINDOWS\system32\WebUpdateSvc.exe

C:\Program\Delade filer\Symantec Shared\Security Center\SymWSC.exe

C:\Program\iPod\bin\iPodService.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Documents and Settings\Linnea\Skrivbord\hijackthis\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - Default URLSearchHook is missing

O2 - BHO: (no name) - {35F7813A-AF74-4474-B1DC-7EE6FB6C43C6} - C:\WINDOWS\system32\huwchcsp.dll (file missing)

O2 - BHO: (no name) - {3886156D-5E96-4441-B899-0E24A4B473AC} - C:\WINDOWS\addins\vaiwn.dll (file missing)

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program\SPYBOT~1\SDHelper.dll

O2 - BHO: (no name) - {5A4FD1D6-04F1-4DA6-9CB6-F77E4DBF6834} - (no file)

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program\Java\jre1.5.0_06\bin\ssv.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program\Delade filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program\Canon\Easy-WebPrint\Toolband.dll

O3 - Toolbar: (no name) - {74DD705D-6834-439C-A735-A6DBE2677452} - (no file)

O4 - HKLM\..\Run: [ViewMgr] "C:\Program\Viewpoint\Viewpoint Manager\ViewMgr.exe"

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [NAV Agent] C:\Program\NORTON~1\navapw32.exe

O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon

O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program\D-Tools\daemon.exe" -lang 1033

O4 - HKLM\..\Run: [ATIPTA] "C:\Program\ATI Technologies\ATI Control Panel\atiptaxx.exe"

O4 - HKLM\..\Run: [D-Link AirPlus G] "C:\Program\D-Link\AirPlus G\AirGCFG.exe"

O4 - HKLM\..\Run: [NVMixerTray] "C:\Program\NVIDIA Corporation\NvMixer\NVMixerTray.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [WinampAgent] C:\Program\Winamp\winampa.exe

O4 - HKLM\..\Run: [explorer] C:\Documents and Settings\Linnea\Skrivbord\winstall.exe

O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program\Zone Labs\ZoneAlarm\zlclient.exe"

O4 - HKCU\..\Run: [msnmsgr] "C:\Program\MSN Messenger\msnmsgr.exe" /background

O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~2\Office10\EXCEL.EXE/3000

O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html

O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html

O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html

O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program\Canon\Easy-WebPrint\Resource.dll/RC_Print.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra button: MultiPoker - {641F4F4E-6C91-4159-869E-9F5CE6F0F64E} - C:\Program\MultiPoker\MultiPoker.exe (file missing)

O9 - Extra 'Tools' menuitem: MultiPoker - {641F4F4E-6C91-4159-869E-9F5CE6F0F64E} - C:\Program\MultiPoker\MultiPoker.exe (file missing)

O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program\PartyGaming\PartyPoker\RunApp.exe

O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program\PartyGaming\PartyPoker\RunApp.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://pnkrckr569.spaces.msn.com//PhotoUpload/MsnPUpld.cab

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program\MSNMES~1\MSGRAP~1.DLL

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program\Delade filer\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program\Delade filer\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program\iPod\bin\iPodService.exe

O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program\Delade filer\Sony Shared\AVLib\MSCSPTISRV.exe

O23 - Service: Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program\Norton AntiVirus\navapsvc.exe

O23 - Service: PACSPTISVR - Sony Corporation - C:\Program\Delade filer\Sony Shared\AVLib\PACSPTISVR.exe

O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\Program\DELADE~1\SYMANT~1\SCRIPT~1\SBServ.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\SNDSrvc.exe

O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program\Delade filer\Sony Shared\AVLib\SPTISRV.exe

O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\Security Center\SymWSC.exe

O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

O23 - Service: Web Update Service by PowerProgrammer (WebUpdate) - Data Perceptions / PowerProgrammer - C:\WINDOWS\system32\WebUpdateSvc.exe[/log]

 

Link to comment
Share on other sites

Det är en gammal Java-version med säkerhetshål i datorn. Avinstallera alla Java i Kontrollpanelen - Lägg till eller ta bort program och installera därefter en ny: http://www.java.com/sv/

 

Skanna med HijackThis och bocka för:

 

R3 - Default URLSearchHook is missing

O2 - BHO: (no name) - {35F7813A-AF74-4474-B1DC-7EE6FB6C43C6} - C:\WINDOWS\system32\huwchcsp.dll (file missing)

O2 - BHO: (no name) - {3886156D-5E96-4441-B899-0E24A4B473AC} - C:\WINDOWS\addins\vaiwn.dll (file missing)

O2 - BHO: (no name) - {5A4FD1D6-04F1-4DA6-9CB6-F77E4DBF6834} - (no file)

O3 - Toolbar: (no name) - {74DD705D-6834-439C-A735-A6DBE2677452} - (no file)

O4 - HKLM\..\Run: [explorer] C:\Documents and Settings\Linnea\Skrivbord\winstall.exe

 

Om du inte längre använder MultiPoker så även dessa rader:

O9 - Extra button: MultiPoker - {641F4F4E-6C91-4159-869E-9F5CE6F0F64E} - C:\Program\MultiPoker\MultiPoker.exe (file missing)

O9 - Extra 'Tools' menuitem: MultiPoker - {641F4F4E-6C91-4159-869E-9F5CE6F0F64E} - C:\Program\MultiPoker\MultiPoker.exe (file missing)

 

Avsluta alla andra program.

Tryck Fix checked.

 

Starta om datorn i felsäkert läge (tryck F8 upprepade gånger under uppstarten och välj felsäkert läge i menyn).

 

Ställ in Utforskaren så att du kan se alla filer:

Verktyg - (Mapp)alternativ eller liknande - Visning

Välj Visa dolda filer och mappar

Avbocka Dölj filnamnstillägg för kända filtyper

Avbocka Dölj skyddade operativsystemfiler

 

Ta bort filerna (om de finns kvar):

C:\WINDOWS\system32\huwchcsp.dll

C:\WINDOWS\addins\vaiwn.dll

C:\Documents and Settings\Linnea\Skrivbord\winstall.exe

 

Starta om i normalt läge och så en ny HijackThis-logg.

Hur uppför sig datorn nu?

 

Link to comment
Share on other sites

nu fick jag tillbaka mitt internet som var förlorat i några timmar av okänd anledning, och de andra datorerna i hushållet hade uppkoppling så inget fel på det lokala nätverket. datan uppför sig som normalt nu och jag skickar nu med en hijacklog... jag behövde inte ta bort alla filerna för att de fanns inte när jag kolla med utforskaren. jag använder multipoker så jag tog inte bort de filerna.

 

 

 

[log]Logfile of HijackThis v1.99.1

Scan saved at 19:52:24, on 2006-12-12

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\System32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Program\Viewpoint\Viewpoint Manager\ViewMgr.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\Program\NORTON~1\navapw32.exe

C:\Program\D-Tools\daemon.exe

C:\Program\ATI Technologies\ATI Control Panel\atiptaxx.exe

C:\Program\D-Link\AirPlus G\AirGCFG.exe

C:\Program\QuickTime\qttask.exe

C:\Program\iTunes\iTunesHelper.exe

C:\Program\Winamp\winampa.exe

C:\Program\Zone Labs\ZoneAlarm\zlclient.exe

C:\Program\Java\jre1.5.0_09\bin\jusched.exe

C:\Program\MSN Messenger\msnmsgr.exe

C:\Program\Norton AntiVirus\navapsvc.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\ZoneLabs\vsmon.exe

C:\WINDOWS\system32\WebUpdateSvc.exe

C:\Program\Delade filer\Symantec Shared\Security Center\SymWSC.exe

C:\Program\iPod\bin\iPodService.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Documents and Settings\Linnea\Skrivbord\hijackthis\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - Default URLSearchHook is missing

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program\Java\jre1.5.0_09\bin\ssv.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program\Delade filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program\Canon\Easy-WebPrint\Toolband.dll

O4 - HKLM\..\Run: [ViewMgr] "C:\Program\Viewpoint\Viewpoint Manager\ViewMgr.exe"

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [NAV Agent] C:\Program\NORTON~1\navapw32.exe

O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon

O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program\D-Tools\daemon.exe" -lang 1033

O4 - HKLM\..\Run: [ATIPTA] "C:\Program\ATI Technologies\ATI Control Panel\atiptaxx.exe"

O4 - HKLM\..\Run: [D-Link AirPlus G] "C:\Program\D-Link\AirPlus G\AirGCFG.exe"

O4 - HKLM\..\Run: [NVMixerTray] "C:\Program\NVIDIA Corporation\NvMixer\NVMixerTray.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [WinampAgent] C:\Program\Winamp\winampa.exe

O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program\Zone Labs\ZoneAlarm\zlclient.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program\Java\jre1.5.0_09\bin\jusched.exe"

O4 - HKCU\..\Run: [msnmsgr] "C:\Program\MSN Messenger\msnmsgr.exe" /background

O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~2\Office10\EXCEL.EXE/3000

O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html

O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html

O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html

O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program\Canon\Easy-WebPrint\Resource.dll/RC_Print.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_09\bin\npjpi150_09.dll

O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_09\bin\npjpi150_09.dll

O9 - Extra button: MultiPoker - {641F4F4E-6C91-4159-869E-9F5CE6F0F64E} - C:\Program\MultiPoker\MultiPoker.exe (file missing)

O9 - Extra 'Tools' menuitem: MultiPoker - {641F4F4E-6C91-4159-869E-9F5CE6F0F64E} - C:\Program\MultiPoker\MultiPoker.exe (file missing)

O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program\PartyGaming\PartyPoker\RunApp.exe

O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program\PartyGaming\PartyPoker\RunApp.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://pnkrckr569.spaces.msn.com//PhotoUpload/MsnPUpld.cab

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program\MSNMES~1\MSGRAP~1.DLL

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program\Delade filer\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program\Delade filer\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program\iPod\bin\iPodService.exe

O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program\Delade filer\Sony Shared\AVLib\MSCSPTISRV.exe

O23 - Service: Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program\Norton AntiVirus\navapsvc.exe

O23 - Service: PACSPTISVR - Sony Corporation - C:\Program\Delade filer\Sony Shared\AVLib\PACSPTISVR.exe

O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\Program\DELADE~1\SYMANT~1\SCRIPT~1\SBServ.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\SNDSrvc.exe

O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program\Delade filer\Sony Shared\AVLib\SPTISRV.exe

O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\Security Center\SymWSC.exe

O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

O23 - Service: Web Update Service by PowerProgrammer (WebUpdate) - Data Perceptions / PowerProgrammer - C:\WINDOWS\system32\WebUpdateSvc.exe[/log]

 

Link to comment
Share on other sites

Skanna med HijackThis och bocka för:

 

R3 - Default URLSearchHook is missing

 

Avsluta alla andra program.

Tryck Fix checked.

 

Starta om datorn.

 

Det är nog bäst att köra SUPERAntiSpyware också.

Ladda hem och installera gratisversionen av SUPERAntiSpyware Free Edition:

http://www.superantispyware.com/download.html

Starta programmet, klicka på Check for updates.

Avsluta programmet när uppdateringen är klar.

 

Starta om datorn i felsäkert läge (tryck F8 upprepade gånger under uppstarten och välj felsäkert läge i menyn).

 

Starta SUPERAntiSpyware och klicka på Scan your Computer.

Bocka för alla hårddiskar (fixed drive/disk).

Välj Perform complete scan

Nästa/Next

 

När skanningen är klar som kommer det upp en sammanfattning, tryck på OK

Nästa/Next

Utför eller liknande

Ett fönster med Quarantine and removal Complete kommer upp

OK

Utför eller liknande

Avsluta programmet.

 

Starta om i normalt läge.

 

Starta programmet, tryck på Preferences, välj filken Statistics/Logs

Dubbelklicka på den nyaste SUPERAntiSpyware Scan Log så att loggen kommer upp i Anteckningar.

Klistra in loggen i ditt svar

 

Link to comment
Share on other sites

[log]SUPERAntiSpyware Scan Log

Generated 12/13/2006 at 04:38 PM

 

Application Version : 3.4.1000

 

Core Rules Database Version : 3147

Trace Rules Database Version: 1163

 

Scan type : Complete Scan

Total Scan Time : 00:33:35

 

Memory items scanned : 154

Memory threats detected : 0

Registry items scanned : 5249

Registry threats detected : 8

File items scanned : 56200

File threats detected : 46

 

Trojan.Downloader-WNA

HKLM\Software\Classes\CLSID\{013A653B-49A6-4f76-8B68-E4875EA6BA54}

HKCR\CLSID\{013A653B-49A6-4F76-8B68-E4875EA6BA54}

HKCR\CLSID\{013A653B-49A6-4F76-8B68-E4875EA6BA54}\InprocServer32

HKCR\CLSID\{013A653B-49A6-4F76-8B68-E4875EA6BA54}\InprocServer32#ThreadingModel

C:\WINDOWS\SYSTEM32\PGWYVJTC.DLL

 

Adware.Tracking Cookie

C:\Documents and Settings\Linnea\Cookies\linnea@optimost[1].txt

C:\Documents and Settings\Linnea\Cookies\linnea@drivecleaner[1].txt

C:\Documents and Settings\Linnea\Cookies\linnea@clicktorrent[1].txt

C:\Documents and Settings\Linnea\Cookies\linnea@ads.realtechnetwork[1].txt

C:\Documents and Settings\Linnea\Cookies\linnea@clicksor[1].txt

C:\Documents and Settings\Linnea\Cookies\linnea@ad1.emediate[2].txt

C:\Documents and Settings\Linnea\Cookies\linnea@e-2dj6wjlyspdzgcp.stats.esomniture[2].txt

C:\Documents and Settings\Linnea\Cookies\linnea@e-2dj6wfkyamcpglp.stats.esomniture[2].txt

C:\Documents and Settings\Linnea\Cookies\linnea@clicks.emarketmakers[2].txt

C:\Documents and Settings\Linnea\Cookies\linnea@adbrite[1].txt

C:\Documents and Settings\Linnea\Cookies\linnea@ad.adtoma[2].txt

C:\Documents and Settings\Linnea\Cookies\linnea@stats.drivecleaner[2].txt

C:\Documents and Settings\Linnea\Cookies\linnea@se.drivecleaner[1].txt

C:\Documents and Settings\Linnea\Cookies\linnea@msnportal.112.2o7[1].txt

C:\Documents and Settings\Linnea\Cookies\linnea@ads1.revenue[1].txt

C:\Documents and Settings\Linnea\Cookies\linnea@ad-server.gulasidorna[1].txt

C:\Documents and Settings\Linnea\Cookies\linnea@track.adform[1].txt

C:\Documents and Settings\Linnea\Cookies\linnea@azjmp[2].txt

C:\Documents and Settings\Linnea\Cookies\linnea@partygaming.122.2o7[1].txt

C:\Documents and Settings\Linnea\Cookies\linnea@roiservice[1].txt

C:\Documents and Settings\Linnea\Cookies\linnea@307[1].txt

C:\Documents and Settings\Linnea\Cookies\linnea@emarketmakers[2].txt

C:\Documents and Settings\Linnea\Cookies\linnea@kanal5[1].txt

C:\Documents and Settings\Linnea\Cookies\linnea@www.drivecleaner[2].txt

C:\Documents and Settings\Linnea\Cookies\linnea@[2].txt

C:\Documents and Settings\Linnea\Cookies\linnea@popularscreensavers[1].txt

C:\Documents and Settings\Linnea\Cookies\linnea@creativeby.viewpoint[1].txt

C:\Documents and Settings\Linnea\Cookies\linnea@ads.mixtraffic[1].txt

C:\Documents and Settings\Linnea\Cookies\linnea@tracking.sms[2].txt

C:\Documents and Settings\Linnea\Cookies\linnea@cgi-bin[1].txt

C:\Documents and Settings\Linnea\Cookies\linnea@go.drivecleaner[1].txt

C:\Documents and Settings\Linnea\Cookies\linnea@stats[2].txt

C:\Documents and Settings\Linnea\Cookies\linnea@a[1].txt

C:\Documents and Settings\Linnea\Cookies\linnea@stats1.reliablestats[2].txt

C:\Documents and Settings\Linnea\Cookies\linnea@ex=1_[2].txt

C:\Documents and Settings\Linnea\Cookies\linnea@indexstats[2].txt

C:\Documents and Settings\Linnea\Cookies\linnea@serviceswitching[1].txt

C:\Documents and Settings\Linnea\Cookies\linnea@usenext[2].txt

C:\Documents and Settings\Linnea\Cookies\linnea@ads.monster[1].txt

C:\Documents and Settings\Linnea\Cookies\linnea@cpvfeed[2].txt

C:\Documents and Settings\Linnea\Cookies\linnea@tacoda[1].txt

C:\Documents and Settings\Linnea\Cookies\linnea@banner.monacogoldcasino[1].txt

C:\Documents and Settings\Linnea\Cookies\linnea@partypoker[1].txt

 

Unclassified.Unknown Origin

HKCR\CLSID\{013A653B-49A6-4F76-8B68-E4875EA6BA54}

HKCR\CLSID\{F18F04B0-9CF1-4B93-B004-77A288BEE28B}

HKCR\CLSID\{F18F04B0-9CF1-4B93-B004-77A288BEE28B}\InprocServer32

HKCR\CLSID\{F18F04B0-9CF1-4B93-B004-77A288BEE28B}\InprocServer32#ThreadingModel

 

Adware.ClickSpring/Yazzle

C:\PROGRAM\DELADE FILER\YAZZLE1122OINUNINSTALLER.EXE

 

Trojan.Hacktool

C:\PROGRAM\DELADE FILER\{7C646A99-0721-1053-0816-04040917002E}\SYSTEM.DLL[/log]

 

Link to comment
Share on other sites

Ladda ner http://www.mvps.org/winhelp2002/hosts.zip till Skrivbordet.

Packa upp filen. En ny mapp Hosts skapas på Skrivbordet.

Dubbelklicka på mappen för att öppna den.

Dubbelklicka på filen mvps.bat för att starta programmet.

Detta program kommer att byta ut datorns Hosts-fil så att PurityScan-otrevligheten förhindras komma i kontakt med sin skapare. Det kommer också förhindra att du kan besöka sidor som är ökända för att installera otrevligheter på datorn. Du kan läsa mer om det här:

http://www.mvps.org/winhelp2002/hosts.htm

 

Kontrollpanelen - Lägg till eller ta bort program

Om något av följande finns i listan så ta bort:

Oin

Yazzle by Oin

Purityscan by Oin

Snowballwars by Oin

eller något liknande med Oin eller Outerinfo i sig.

Zolero

Tizzletalk

MediaTickets

Cowabanga

 

Ladda ner och kör avinstallationsprogrammet

http://www.outerinfo.com/OiUninstaller.exe

Om du behöver anvisningar så finns de här: http://www.outerinfo.com/howto.html

 

Starta om datorn

 

Ladda ner ComboFix:

http://download.bleepingcomputer.com/sUBs/combofix.exe

 

Kör den och följ anvisningarna som visas.

 

VIKTIGT! Klicka inte på Combofix-fönstret med musen när den körs annars kan den hänga upp sig.

 

När den är färdig så ska en logg komma upp, klistra in den här, samt en ny HijackThis-logg.

 

Link to comment
Share on other sites

[log]Linnea - 06-12-13 19:50:16,59 Service Pack 2

ComboFix 06.11.27W - Running from: "C:\Documents and Settings\Linnea\Skrivbord"

 

(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

 

 

C:\WINDOWS\system32\components

C:\Program\Delade filer\{3C646A99-0721-1053-0816-04040917002e}

C:\Program\Delade filer\{7C646A99-0721-1053-0816-04040917002e}

 

 

((((((((((((((((((((((((((((((( Files Created from 2006-11-13 to 2006-12-13 ))))))))))))))))))))))))))))))))))

 

 

2006-12-13 16:00 <KAT> d-------- C:\Program\SUPERAntiSpyware

2006-12-13 16:00 <KAT> d-------- C:\Documents and Settings\Linnea\Application Data\SUPERAntiSpyware.com

2006-12-13 15:59 <KAT> d-------- C:\Program\Delade filer\Wise Installation Wizard

2006-12-12 19:38 <KAT> d-------- C:\Program\Java

2006-12-12 19:38 <KAT> d-------- C:\Program\Delade filer\Java

2006-12-12 16:29 <KAT> d-------- C:\VundoFix Backups

2006-11-30 08:01 <KAT> d-------- C:\Program\Alwil Software

2006-11-25 22:03 129,784 --------- C:\WINDOWS\system32\pxafs.dll

2006-11-25 10:54 <KAT> d-------- C:\Program\iTunes

2006-11-25 10:52 <KAT> d-------- C:\Program\QuickTime

2006-11-22 18:05 <KAT> d-------- C:\Program\MSXML 4.0

2006-11-22 17:46 <KAT> d-------- C:\Program\Spybot - Search & Destroy

2006-11-22 17:46 <KAT> d-------- C:\Documents and Settings\Linnea\Application Data\FoxieSpywareSwiftSweeper

2006-11-22 17:46 <KAT> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy

2006-11-22 16:23 <KAT> d-------- C:\Program\Spyware Doctor

2006-11-22 16:23 <KAT> d-------- C:\Documents and Settings\Linnea\Application Data\PC Tools

2006-11-22 16:14 <KAT> d-------- C:\Program\NVIDIA Corporation

2006-11-22 16:14 <KAT> d-------- C:\Program\Delade filer\NVIDIA Shared

2006-11-22 16:14 <KAT> d-------- C:\NV4092228.TMP

2006-11-22 16:14 <KAT> d-------- C:\NV40844088.TMP

2006-11-22 16:14 <KAT> d-------- C:\NV40444048.TMP

2006-11-22 16:14 <KAT> d-------- C:\NV40364040.TMP

2006-11-22 16:14 <KAT> d-------- C:\NV14961328.TMP

2006-11-22 16:14 <KAT> d-------- C:\NV13561324.TMP

2006-11-22 16:12 <KAT> d-------- C:\NVIDIA

 

 

(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

 

 

2006-12-13 19:51 -------- d-------- C:\Program\Delade filer

2006-12-13 19:47 -------- d-------- C:\Documents and Settings\Linnea\Application Data\uTorrent

2006-12-13 19:45 -------- d-------- C:\Program\Mozilla Firefox

2006-12-12 15:59 -------- d-------- C:\Program\DC++

2006-12-01 05:50 -------- d-------- C:\Program\MSN Messenger

2006-11-26 11:19 -------- d-------- C:\Program\EA GAMES

2006-11-26 11:14 -------- d-------- C:\Program\WinRAR

2006-11-25 22:05 -------- d-------- C:\Program\Winamp

2006-11-25 10:54 -------- d-------- C:\Program\iPod

2006-11-25 10:47 -------- d-------- C:\Program\Apple Software Update

2006-11-22 18:04 -------- d-------- C:\Program\Internet Explorer

2006-11-22 16:14 -------- d--h----- C:\Program\InstallShield Installation Information

2006-11-18 18:55 -------- d-------- C:\Program\Sony

2006-11-17 18:11 -------- d-------- C:\Program\GameSpy Arcade

2006-11-04 14:14 1245696 --a------ C:\WINDOWS\system32\msxml4.dll

2006-10-16 18:32 -------- d-------- C:\Program\Serif

2006-10-16 18:26 -------- d-------- C:\Documents and Settings\Linnea\Application Data\Adobe

2006-10-13 13:41 141824 --a------ C:\WINDOWS\system32\nwprovau.dll

2006-10-12 19:20 53248 --a------ C:\WINDOWS\system32\process.exe

2006-10-12 19:20 4096 --a------ C:\WINDOWS\system32\reboot.exe

2006-10-12 19:20 16384 --a------ C:\WINDOWS\system32\restart.exe

2006-10-12 19:20 16026 --a------ C:\delfiles.bat

2006-10-12 18:27 16896 --a------ C:\WINDOWS\system32\sxserv101.dll

2006-10-08 09:14 68138 --a------ C:\WINDOWS\g4269187.dll

2006-09-19 15:43 109360 --a------ C:\WINDOWS\system32\GEARAspi.dll

2006-09-15 21:52 91904 --a------ C:\WINDOWS\system32\S32EVNT1.DLL

2006-09-13 06:07 1084416 --a------ C:\WINDOWS\system32\msxml3.dll

 

 

(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

 

*Note* empty entries are not shown

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]

"msnmsgr"="\"C:\\Program\\MSN Messenger\\msnmsgr.exe\" /background"

"SUPERAntiSpyware"="C:\\Program\\SUPERAntiSpyware\\SUPERAntiSpyware.exe"

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]

"ViewMgr"="\"C:\\Program\\Viewpoint\\Viewpoint Manager\\ViewMgr.exe\""

"SoundMan"="SOUNDMAN.EXE"

"NAV Agent"="C:\\Program\\NORTON~1\\navapw32.exe"

"Easy-PrintToolBox"="C:\\Program\\Canon\\Easy-PrintToolBox\\BJPSMAIN.EXE /logon"

"DAEMON Tools-1033"="\"C:\\Program\\D-Tools\\daemon.exe\" -lang 1033"

"ATIPTA"="\"C:\\Program\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe\""

"D-Link AirPlus G"="\"C:\\Program\\D-Link\\AirPlus G\\AirGCFG.exe\""

"NVMixerTray"="\"C:\\Program\\NVIDIA Corporation\\NvMixer\\NVMixerTray.exe\""

"QuickTime Task"="\"C:\\Program\\QuickTime\\qttask.exe\" -atboottime"

"iTunesHelper"="\"C:\\Program\\iTunes\\iTunesHelper.exe\""

"WinampAgent"="C:\\Program\\Winamp\\winampa.exe"

"Zone Labs Client"="\"C:\\Program\\Zone Labs\\ZoneAlarm\\zlclient.exe\""

"SunJavaUpdateSched"="\"C:\\Program\\Java\\jre1.5.0_09\\bin\\jusched.exe\""

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]

"Installed"="1"

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]

"Installed"="1"

"NoChange"="1"

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]

"Installed"="1"

 

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]

"DeskHtmlVersion"=dword:00000110

"DeskHtmlMinorVersion"=dword:00000005

"Settings"=dword:00000001

"GeneralFlags"=dword:00000002

 

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]

"CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"

 

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]

"CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]

"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"

"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]

"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=""

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"NoDriveTypeAutoRun"=dword:00000091

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"dontdisplaylastusername"=dword:00000000

"legalnoticecaption"=""

"legalnoticetext"=""

"shutdownwithoutlogon"=dword:00000001

"undockwithoutlogon"=dword:00000001

 

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]

"NoDriveTypeAutoRun"=dword:00000091

 

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]

"NoDriveTypeAutoRun"=dword:00000091

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]

"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"

"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"

"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"

"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"

"UPnPMonitor"="{e57ce738-33e8-4c51-8354-bb4de9d215d1}"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start-meny^Program^Autostart^Logitech Desktop Messenger.lnk]

"path"="C:\\Documents and Settings\\All Users\\Start-meny\\Program\\Autostart\\Logitech Desktop Messenger.lnk"

"backup"="C:\\WINDOWS\\pss\\Logitech Desktop Messenger.lnkCommon Startup"

"location"="Common Startup"

"command"="C:\\PROGRA~1\\Logitech\\DESKTO~1\\8876480\\Program\\LDMConf.exe /start"

"item"="Logitech Desktop Messenger"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start-meny^Program^Autostart^Microsoft Office.lnk]

"path"="C:\\Documents and Settings\\All Users\\Start-meny\\Program\\Autostart\\Microsoft Office.lnk"

"backup"="C:\\WINDOWS\\pss\\Microsoft Office.lnkCommon Startup"

"location"="Common Startup"

"command"="C:\\Program\\MICROS~2\\Office10\\OSA.EXE -b -l"

"item"="Microsoft Office"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Linnea^Start-meny^Program^Autostart^Adobe Gamma.lnk]

"path"="C:\\Documents and Settings\\Linnea\\Start-meny\\Program\\Autostart\\Adobe Gamma.lnk"

"backup"="C:\\WINDOWS\\pss\\Adobe Gamma.lnkStartup"

"location"="Startup"

"command"="C:\\Program\\DELADE~1\\Adobe\\CALIBR~1\\ADOBEG~1.EXE "

"item"="Adobe Gamma"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Linnea^Start-meny^Program^Autostart^Webshots.lnk]

"path"="C:\\Documents and Settings\\Linnea\\Start-meny\\Program\\Autostart\\Webshots.lnk"

"backup"="C:\\WINDOWS\\pss\\Webshots.lnkStartup"

"location"="Startup"

"command"="C:\\Program\\Webshots\\Launcher.exe /t"

"item"="Webshots"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ANIWZCS2Service]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="WZCSLDR2"

"hkey"="HKLM"

"command"="\"C:\\Program\\ANI\\ANIWZCS2 Service\\WZCSLDR2.exe\""

"inimapping"="0"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="ctfmon"

"hkey"="HKCU"

"command"="C:\\WINDOWS\\system32\\ctfmon.exe"

"inimapping"="0"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="iTunesHelper"

"hkey"="HKLM"

"command"="\"C:\\Program\\iTunes\\iTunesHelper.exe\""

"inimapping"="0"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LDM]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="BackWeb-8876480"

"hkey"="HKCU"

"command"="C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\BackWeb-8876480.exe"

"inimapping"="0"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechSoftwareUpdate]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="ManifestEngine"

"hkey"="HKCU"

"command"="C:\\Program\\Logitech\\Video\\ManifestEngine.exe boot"

"inimapping"="0"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoRepair]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="ISStart"

"hkey"="HKLM"

"command"="C:\\Program\\Logitech\\Video\\ISStart.exe"

"inimapping"="0"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoTray]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="LogiTray"

"hkey"="HKLM"

"command"="C:\\Program\\Logitech\\Video\\LogiTray.exe"

"inimapping"="0"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMSX]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="LVCOMSX"

"hkey"="HKLM"

"command"="C:\\WINDOWS\\system32\\LVCOMSX.EXE"

"inimapping"="0"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="MsnMsgr"

"hkey"="HKCU"

"command"="\"C:\\Program\\MSN Messenger\\MsnMsgr.Exe\" /background"

"inimapping"="0"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="NeroCheck"

"hkey"="HKLM"

"command"="C:\\WINDOWS\\system32\\NeroCheck.exe"

"inimapping"="0"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="qttask"

"hkey"="HKLM"

"command"="\"C:\\Program\\QuickTime\\qttask.exe\" -atboottime"

"inimapping"="0"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="PDVDServ"

"hkey"="HKLM"

"command"="\"C:\\Program\\CyberLink DVD Solution\\PowerDVD\\PDVDServ.exe\""

"inimapping"="0"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="jusched"

"hkey"="HKLM"

"command"="C:\\Program\\Java\\jre1.5.0_06\\bin\\jusched.exe"

"inimapping"="0"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Symantec NetDriver Monitor]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="SNDMon"

"hkey"="HKLM"

"command"="C:\\Program\\SYMNET~1\\SNDMon.exe /Consumer"

"inimapping"="0"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="realsched"

"hkey"="HKLM"

"command"="\"C:\\Program\\Delade filer\\Real\\Update_OB\\realsched.exe\" -osboot"

"inimapping"="0"

 

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]

"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

 

 

Contents of the 'Scheduled Tasks' folder

C:\WINDOWS\tasks\AppleSoftwareUpdate.job

C:\WINDOWS\tasks\Norton AntiVirus - S”k igenom datorn.job

C:\WINDOWS\tasks\Symantec NetDetect.job

 

Completion time: 06-12-13 19:52:03.46

C:\ComboFix.txt ... 06-12-13 19:52[/log]

 

[log]Logfile of HijackThis v1.99.1

Scan saved at 19:54:33, on 2006-12-13

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\System32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\Program\Viewpoint\Viewpoint Manager\ViewMgr.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\Program\NORTON~1\navapw32.exe

C:\Program\D-Tools\daemon.exe

C:\Program\ATI Technologies\ATI Control Panel\atiptaxx.exe

C:\Program\D-Link\AirPlus G\AirGCFG.exe

C:\Program\QuickTime\qttask.exe

C:\Program\iTunes\iTunesHelper.exe

C:\Program\Winamp\winampa.exe

C:\Program\Zone Labs\ZoneAlarm\zlclient.exe

C:\Program\Java\jre1.5.0_09\bin\jusched.exe

C:\Program\MSN Messenger\msnmsgr.exe

C:\Program\SUPERAntiSpyware\SUPERAntiSpyware.exe

C:\Program\Norton AntiVirus\navapsvc.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\ZoneLabs\vsmon.exe

C:\WINDOWS\system32\WebUpdateSvc.exe

C:\Program\Delade filer\Symantec Shared\Security Center\SymWSC.exe

C:\Program\iPod\bin\iPodService.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Documents and Settings\Linnea\Skrivbord\utorrent.exe

C:\WINDOWS\system32\svchost.exe

C:\Program\Mozilla Firefox\firefox.exe

C:\Documents and Settings\Linnea\Skrivbord\hijackthis\HijackThis.exe

C:\WINDOWS\system32\NOTEPAD.EXE

 

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program\Java\jre1.5.0_09\bin\ssv.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program\Delade filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program\Canon\Easy-WebPrint\Toolband.dll

O4 - HKLM\..\Run: [ViewMgr] "C:\Program\Viewpoint\Viewpoint Manager\ViewMgr.exe"

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [NAV Agent] C:\Program\NORTON~1\navapw32.exe

O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon

O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program\D-Tools\daemon.exe" -lang 1033

O4 - HKLM\..\Run: [ATIPTA] "C:\Program\ATI Technologies\ATI Control Panel\atiptaxx.exe"

O4 - HKLM\..\Run: [D-Link AirPlus G] "C:\Program\D-Link\AirPlus G\AirGCFG.exe"

O4 - HKLM\..\Run: [NVMixerTray] "C:\Program\NVIDIA Corporation\NvMixer\NVMixerTray.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [WinampAgent] C:\Program\Winamp\winampa.exe

O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program\Zone Labs\ZoneAlarm\zlclient.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program\Java\jre1.5.0_09\bin\jusched.exe"

O4 - HKCU\..\Run: [msnmsgr] "C:\Program\MSN Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program\SUPERAntiSpyware\SUPERAntiSpyware.exe

O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~2\Office10\EXCEL.EXE/3000

O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html

O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html

O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html

O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program\Canon\Easy-WebPrint\Resource.dll/RC_Print.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_09\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_09\bin\ssv.dll

O9 - Extra button: MultiPoker - {641F4F4E-6C91-4159-869E-9F5CE6F0F64E} - C:\Program\MultiPoker\MultiPoker.exe (file missing)

O9 - Extra 'Tools' menuitem: MultiPoker - {641F4F4E-6C91-4159-869E-9F5CE6F0F64E} - C:\Program\MultiPoker\MultiPoker.exe (file missing)

O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program\PartyGaming\PartyPoker\RunApp.exe

O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program\PartyGaming\PartyPoker\RunApp.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://pnkrckr569.spaces.msn.com//PhotoUpload/MsnPUpld.cab

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program\MSNMES~1\MSGRAP~1.DLL

O20 - Winlogon Notify: !SASWinLogon - C:\Program\SUPERAntiSpyware\SASWINLO.dll

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program\Delade filer\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program\Delade filer\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program\iPod\bin\iPodService.exe

O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program\Delade filer\Sony Shared\AVLib\MSCSPTISRV.exe

O23 - Service: Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program\Norton AntiVirus\navapsvc.exe

O23 - Service: PACSPTISVR - Sony Corporation - C:\Program\Delade filer\Sony Shared\AVLib\PACSPTISVR.exe

O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\Program\DELADE~1\SYMANT~1\SCRIPT~1\SBServ.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\SNDSrvc.exe

O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program\Delade filer\Sony Shared\AVLib\SPTISRV.exe

O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\Security Center\SymWSC.exe

O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

O23 - Service: Web Update Service by PowerProgrammer (WebUpdate) - Data Perceptions / PowerProgrammer - C:\WINDOWS\system32\WebUpdateSvc.exe[/log]

 

Link to comment
Share on other sites

Gå till http://www.virustotal.com/ klistra in ett av följande filnamn i rutan, tryck på Send och vänta tills resultatet är klart (Status blir Finished). Klistra in resultatet (inkl. filstorlek) här. Upprepa med nästa filnamn.

C:\WINDOWS\system32\process.exe

2006-10-12 18:27 16896 --a------ C:\WINDOWS\system32\sxserv101.dll

2006-10-08 09:14 68138 --a------ C:\WINDOWS\g4269187.dll

 

 

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.



×
×
  • Create New...