Just nu i M3-nätverket
Jump to content

Säkerhetsproblem...eller...vad?


maarie

Recommended Posts

Tjohopp! Jag har 4 datorer kopplade i trådlöst nätverk. När jag skriver någonting på en av datorerna, dator 1, (kan vara i mailprogram, i "anteckningar", i adressfältet i webbläsaren eller var som helst) så syns det i MSN-programmet på en annan dator, dator 2. Om jag är inloggad på MSN på dator 2 så syns allt jag skriver på dator 1 i den nedre rutan av MSN-fönstret, alltså där man skriver när man chattar via MSN. Det kommer i realtid, bokstav för bokstav. Problemet gäller bara dessa två datorer och bara i den beskrivna ordningen.

 

Någon som vet vad problemet beror på och vad jag kan göra åt det?

 

Tacksam för svar för just nu begriper jag ingenting.

 

Link to comment
Share on other sites

Här är loggen på det som ovan benämns som dator 2:

 

[log]Logfile of HijackThis v1.99.1

Scan saved at 13:02:36, on 2006-12-24

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Program\Delade filer\Symantec Shared\ccEvtMgr.exe

C:\Program\Norton AntiVirus\navapsvc.exe

C:\Program\Norton Internet Security\NISUM.EXE

C:\WINDOWS\System32\svchost.exe

C:\Program\Delade filer\Symantec Shared\Security Center\SymWSC.exe

C:\Program\Delade filer\Symantec Shared\ccApp.exe

C:\Program\Delade filer\Microsoft Shared\Works Shared\WkUFind.exe

C:\Program\MessengerPlus! 3\MsgPlus.exe

C:\Program\Java\jre1.5.0_03\bin\jusched.exe

C:\Program\Java\jre1.5.0_03\bin\jucheck.exe

C:\Program\Norton Internet Security\ccPxySvc.exe

C:\WINDOWS\system32\devldr32.exe

C:\WINDOWS\system32\ctfmon.exe

c:\program\intern~1\iexplore.exe

C:\Program\Internet Explorer\iexplore.exe

C:\Program\LG PC Suite\LG PC Sync\LGSyncManager.exe

C:\Program\Internet Explorer\iexplore.exe

C:\Program\Spybot - Search & Destroy\SpybotSD.exe

C:\Program\Messenger\msmsgs.exe

C:\Documents and Settings\Sandraa\Skrivbord\hijackthis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.se/'>http://www.google.se/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Http://www.jmedata.se

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://vzcjvdkfziyqtccoo.com/h41VtRJ51gZyIMBfpt4EnDmgjXVZyAFdYTzKbnT6O1E7Sxo/Wpl5qi3nriyVFL1l.html

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.se/

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: VizController Class - {0F9CECE1-0306-4BB0-8BEF-C9EA3841E38A} - C:\Program\Vyooh\DiskView\VizBHO.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: DiskView - {6A882320-BDD0-4ff4-BE3A-D8BAF82668E9} - C:\Program\Vyooh\DiskView\VizBar.dll

O4 - HKLM\..\Run: [schedulingAgent] mstinit.exe /firstlogon

O4 - HKLM\..\Run: [VTTimer] VTTimer.exe

O4 - HKLM\..\Run: [ccApp] "C:\Program\Delade filer\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [ccRegVfy] "C:\Program\Delade filer\Symantec Shared\ccRegVfy.exe"

O4 - HKLM\..\Run: [symantec NetDriver Monitor] C:\Program\SYMNET~1\SNDMon.exe /Consumer

O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program\Delade filer\Microsoft Shared\Works Shared\WkUFind.exe

O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program\MessengerPlus! 3\MsgPlus.exe"

O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\\NeroCheck.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program\Java\jre1.5.0_03\bin\jusched.exe

O4 - HKLM\..\Run: [bows Meet Logo Mpeg] C:\Documents and Settings\All Users\Application Data\Coalmailbowsmeet\Bolt ante.exe

O4 - HKLM\..\Run: [YeppStudioAgent] C:\Program\Samsung\SamsungMediaStudio4.1\SamsungMediaStudioAgent.exe

O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd

O4 - HKLM\..\Run: [ASUS Probe] C:\Program Files\ASUS\Probe\AsusProb.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [Dvd Download] C:\DOCUME~1\Sandraa\APPLIC~1\ENCSEC~1\32 bleh seek.exe

O4 - HKCU\..\Run: [steam] "f:\program\valve\steam\steam.exe" -silent

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program\Delade filer\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: LG Sync Manager.lnk = ?

O4 - Global Startup: Microsoft Office.lnk = C:\Program\Microsoft Office\Office\OSA9.EXE

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O14 - IERESET.INF: START_PAGE_URL=Http://www.jmedata.se

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\Program\MSNMES~1\msgrapp.dll" (file missing)

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccPwdSvc.exe

O23 - Service: Symantec Proxy Service (ccPxySvc) - Symantec Corporation - C:\Program\Norton Internet Security\ccPxySvc.exe

O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program\Norton AntiVirus\navapsvc.exe

O23 - Service: Norton Internet Security Accounts Manager (NISUM) - Symantec Corporation - C:\Program\Norton Internet Security\NISUM.EXE

O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\Program\DELADE~1\SYMANT~1\SCRIPT~1\SBServ.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\SNDSrvc.exe

O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\Security Center\SymWSC.exe[/log]

 

Link to comment
Share on other sites

Här är loggen för det som ovan benämnssom dator 1:

 

[log]Logfile of HijackThis v1.99.1

Scan saved at 13:41:01, on 2006-12-24

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Program\Netropa\Multimedia Keyboard\nhksrv.exe

C:\WINDOWS\system32\msdtc.exe

C:\Program\Grisoft\AVGFRE~1\avgamsvr.exe

C:\Program\Grisoft\AVGFRE~1\avgupsvc.exe

C:\WINDOWS\system32\CTsvcCDA.exe

C:\Norman\bin\ZANDA.EXE

C:\WINDOWS\system32\svchost.exe

C:\Program\Java\jre1.5.0_09\bin\jusched.exe

C:\WINDOWS\system32\wdfmgr.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\WINDOWS\system32\MsPMSPSv.exe

C:\WINDOWS\ALCWZRD.EXE

C:\WINDOWS\system32\PRISMSTA.EXE

C:\ATI-CPanel\atiptaxx.exe

C:\Norman\bin\ZLH.EXE

C:\Program\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe

C:\Program\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE

C:\WINDOWS\system32\CTHELPER.EXE

C:\Program\FSC\Wireless Wheel Mouse\MOUSE32A.EXE

C:\Program\Netropa\Multimedia Keyboard\MMKeybd.exe

C:\Program\ScanSoft\OmniPageSE\opware32.exe

C:\Program\Delade filer\Microsoft Shared\Works Shared\WkUFind.exe

C:\Program\Grisoft\AVGFRE~1\avgcc.exe

C:\Program\Grisoft\AVGFRE~1\avgemc.exe

C:\Program\Lexmark 4300 Series\lxcemon.exe

C:\Program\Lexmark 4300 Series\ezprint.exe

C:\Program\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe

C:\Program\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe

C:\Program\Delade filer\Teleca Shared\CapabilityManager.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Norman\bin\NJEEVES.EXE

C:\Program\Creative\MediaSource\RemoteControl\RcMan.exe

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\system32\lxcecoms.exe

C:\WINDOWS\System32\svchost.exe

C:\Program\Netropa\Multimedia Keyboard\TrayMon.exe

C:\Program\Netropa\Onscreen Display\OSD.exe

C:\Program\Netropa\InetKb\Inetkb.exe

C:\Program\Delade filer\Teleca Shared\Generic.exe

C:\Program\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe

C:\Program\MSN Messenger\msnmsgr.exe

C:\NORMAN\Nvc\BIN\nvcoas.exe

C:\NORMAN\Nvc\BIN\NVCSCHED.EXE

C:\Norman\Nvc\BIN\NIP.EXE

C:\NORMAN\Nvc\BIN\nipsvc.exe

C:\Norman\Nvc\bin\cclaw.exe

C:\Program\Windows Media Player\wmplayer.exe

C:\Program\Internet Explorer\IEXPLORE.EXE

C:\Documents and Settings\Per\Skrivbord\hijackthis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.se/

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://as.starware.com/dp/search?x=wKX1ILEOi+Vh7AfA98Gm4Me69ZMbubcDXggyks41LS9FqlFvRwGEq313Nb/yI3AnH9NVnh0lL8+3NLRX8K+4GS83OukVUTX27tCPm6bR9n28FVGb1WAubpcwwUhMaQrRgh3c0tHRY70G+qc6RBYgx9D0f/XU1O2XwK10iPKNFuj8yIgwbMqLgGruqHtfKd0/

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar

O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: Lexmark Verktygsfält - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program\Lexmark Toolbar\toolband.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program\Java\jre1.5.0_09\bin\ssv.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program\google\googletoolbar2.dll

O3 - Toolbar: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - (no file)

O3 - Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

O3 - Toolbar: Lexmark Verktygsfält - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program\Lexmark Toolbar\toolband.dll

O3 - Toolbar: (no name) - {9FB3908C-6565-4CB0-95F8-E9F85258723C} - (no file)

O4 - HKLM\..\Run: [Genväg till egenskapssida för High Definition Audio] HDAudPropShortcut.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program\Java\jre1.5.0_09\bin\jusched.exe"

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM\..\Run: [PRISMSTA.EXE] PRISMSTA.EXE START

O4 - HKLM\..\Run: [ATIPTA] C:\ATI-CPanel\atiptaxx.exe

O4 - HKLM\..\Run: [Norman ZANDA] C:\Norman\bin\ZLH.EXE /LOAD /SPLASH

O4 - HKLM\..\Run: [CTSysVol] C:\Program\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r

O4 - HKLM\..\Run: [CTDVDDET] C:\Program\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE

O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE

O4 - HKLM\..\Run: [sBDrvDet] C:\Program\Creative\SB Drive Det\SBDrvDet.exe /r

O4 - HKLM\..\Run: [updReg] C:\WINDOWS\UpdReg.EXE

O4 - HKLM\..\Run: [LWBMOUSE] C:\Program\FSC\Wireless Wheel Mouse\MOUSE32A.EXE

O4 - HKLM\..\Run: [MULTIMEDIA KEYBOARD] C:\Program\Netropa\Multimedia Keyboard\MMKeybd.exe

O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [Omnipage] C:\Program\ScanSoft\OmniPageSE\opware32.exe

O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program\Delade filer\Microsoft Shared\Works Shared\WkUFind.exe

O4 - HKLM\..\Run: [AVG7_CC] C:\Program\Grisoft\AVGFRE~1\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [AVG7_EMC] C:\Program\Grisoft\AVGFRE~1\avgemc.exe

O4 - HKLM\..\Run: [LXCECATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCEtime.dll,_RunDLLEntry@16

O4 - HKLM\..\Run: [lxcemon.exe] "C:\Program\Lexmark 4300 Series\lxcemon.exe"

O4 - HKLM\..\Run: [EzPrint] "C:\Program\Lexmark 4300 Series\ezprint.exe"

O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program\Lexmark Fax Solutions\fm3032.exe" /s

O4 - HKLM\..\Run: [PCLEPCI] C:\Program\Pinnacle\PPE\PPE.EXE

O4 - HKLM\..\Run: [sony Ericsson PC Suite] "C:\Program\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions

O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [RemoteCenter] C:\Program\Creative\MediaSource\RemoteControl\RcMan.exe

O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\GetFlash.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program\Microsoft Office\Office\OSA9.EXE

O8 - Extra context menu item: &Google Search - res://c:\program\google\GoogleToolbar2.dll/cmsearch.html

O8 - Extra context menu item: &Translate English Word - res://c:\program\google\GoogleToolbar2.dll/cmwordtrans.html

O8 - Extra context menu item: Backward Links - res://c:\program\google\GoogleToolbar2.dll/cmbacklinks.html

O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program\google\GoogleToolbar2.dll/cmcache.html

O8 - Extra context menu item: Similar Pages - res://c:\program\google\GoogleToolbar2.dll/cmsimilar.html

O8 - Extra context menu item: Translate Page into English - res://c:\program\google\GoogleToolbar2.dll/cmtrans.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_09\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_09\bin\ssv.dll

O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\WINDOWS\system32\shdocvw.dll

O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\WINDOWS\system32\shdocvw.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O12 - Plugin for .pdf: C:\Program\Internet Explorer\PLUGINS\nppdf32.dll

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=48835

O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.safety.live.com/resource/download/scanner/wlscbase8460.cab

O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\Program\MSNMES~1\msgrapp.dll" (file missing)

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\Program\Grisoft\AVGFRE~1\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\Program\Grisoft\AVGFRE~1\avgupsvc.exe

O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe

O23 - Service: lxce_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxcecoms.exe

O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Program\Netropa\Multimedia Keyboard\nhksrv.exe

O23 - Service: Norman API-hooking helper (NipSvc) - Unknown owner - C:\NORMAN\Nvc\BIN\nipsvc.exe

O23 - Service: Norman NJeeves - Unknown owner - C:\Norman\bin\NJEEVES.EXE

O23 - Service: Norman ZANDA - Unknown owner - C:\Norman\bin\ZANDA.EXE

O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\NORMAN\Nvc\BIN\nvcoas.exe

O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman Data Defense Systems - C:\NORMAN\Nvc\BIN\NVCSCHED.EXE[/log]

 

 

 

Link to comment
Share on other sites

  • 4 weeks later...

Dator 2:

Det är en gammal Java-version med säkerhetshål i datorn. Avinstallera alla Java i Kontrollpanelen - Lägg till eller ta bort program och installera därefter en ny: http://www.java.com/sv/

 

Ladda ner NoLop till Skrivbordet:

http://www.spywareedge.net/nolop/NoLop.exe

Stäng alla program för datorn kommer att startas om.

Dubbelklicka på NoLop för att starta det.

Klicka på Search and Destroy

Om något hittas så kommer det ett meddelande om att starta om datorn, klicka då på OK

Klicka på Reboot

Ett meddelande borde komma upp från NoLop, om inte så dubbelklicka på programmet igen och det kommer att göra det sista.

 

Klistra in C:\NoLop.log och en ny HijackThis-logg.

 

Dator 1:

Man ska bara ha ett antivirusprogram i datorn, så avinstallera antingen AVG eller Norman. Sedan en ny HijackThis-logg.

 

Link to comment
Share on other sites

  • 1 month later...

Oj, vad tiden går. Tack för ditt svar...här kommer mitt:

 

Dator 2: Jag har avinstallerat och installerat Java igen precis som du skrev.

Vidare har jag kört NoLop:

[log]NoLop! Log by Skate_Punk_21

 

Please Note: any existing old logs will have now been renamed to NoLop!OLD.log

 

Fix running from: C:\Documents and Settings\Sandraa\Skrivbord

[2007-03-20]

[20:54:09]

 

---Infection Files Found/Removed---

C:\WINDOWS\tasks\A89E6EDF9185E50B.job

 

Beginning Removal...

Rebooting...

Removing Lop's Leftover Files/Folders...

Editing Registry...

**Fix Complete!**

 

---Listing AppData sub directories---

 

C:\Documents and Settings\All Users\Application Data\Avg7

C:\Documents and Settings\All Users\Application Data\Coalmailbowsmeet

C:\Documents and Settings\All Users\Application Data\Google

C:\Documents and Settings\All Users\Application Data\Grisoft

C:\Documents and Settings\All Users\Application Data\Installshield

C:\Documents and Settings\All Users\Application Data\Messenger Plus!

C:\Documents and Settings\All Users\Application Data\Microsoft

C:\Documents and Settings\All Users\Application Data\Msn6

C:\Documents and Settings\All Users\Application Data\Sbt

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy

C:\Documents and Settings\All Users\Application Data\Symantec

C:\Documents and Settings\All Users\Application Data\Waitwinseekweb

C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage

C:\Documents and Settings\Default User\Application Data\Identities

C:\Documents and Settings\Default User\Application Data\Microsoft

C:\Documents and Settings\Localservice\Application Data\Avg7 -- EMPTY Directory

C:\Documents and Settings\Localservice\Application Data\Help -- EMPTY Directory

C:\Documents and Settings\Localservice\Application Data\Microsoft

C:\Documents and Settings\Networkservice\Application Data\Microsoft

C:\Documents and Settings\Networkservice\Application Data\Symantec

C:\Documents and Settings\Sandraa\Application Data\Adobe

C:\Documents and Settings\Sandraa\Application Data\Arcsoft

C:\Documents and Settings\Sandraa\Application Data\Avg7

C:\Documents and Settings\Sandraa\Application Data\Corel

C:\Documents and Settings\Sandraa\Application Data\Creative

C:\Documents and Settings\Sandraa\Application Data\Encsecondskip

C:\Documents and Settings\Sandraa\Application Data\Google

C:\Documents and Settings\Sandraa\Application Data\Help -- EMPTY Directory

C:\Documents and Settings\Sandraa\Application Data\Help Rdr -- EMPTY Directory

C:\Documents and Settings\Sandraa\Application Data\Identities

C:\Documents and Settings\Sandraa\Application Data\Intertrust

C:\Documents and Settings\Sandraa\Application Data\Jasc Software Inc

C:\Documents and Settings\Sandraa\Application Data\Kazaa Lite

C:\Documents and Settings\Sandraa\Application Data\Lavasoft

C:\Documents and Settings\Sandraa\Application Data\Lego Media

C:\Documents and Settings\Sandraa\Application Data\Macromedia

C:\Documents and Settings\Sandraa\Application Data\Microsoft

C:\Documents and Settings\Sandraa\Application Data\Microsoft Web Folders -- EMPTY Directory

C:\Documents and Settings\Sandraa\Application Data\Msn6

C:\Documents and Settings\Sandraa\Application Data\Sun

C:\Documents and Settings\Sandraa\Application Data\Symantec

[/log]

 

och HiJackThis:

[log]Logfile of HijackThis v1.99.1

Scan saved at 21:05:48, on 2007-03-20

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16414)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Program\Grisoft\AVG Anti-Spyware 7.5\guard.exe

C:\Program\Grisoft\AVGFRE~1\avgamsvr.exe

C:\Program\Grisoft\AVGFRE~1\avgupsvc.exe

C:\Program\Grisoft\AVGFRE~1\avgemc.exe

C:\WINDOWS\System32\svchost.exe

C:\Program\Delade filer\Microsoft Shared\Works Shared\WkUFind.exe

C:\WINDOWS\system32\devldr32.exe

C:\Program\Grisoft\AVGFRE~1\avgcc.exe

C:\Program\Java\jre1.5.0_11\bin\jusched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\rundll32.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\Documents and Settings\Sandraa\Skrivbord\hijackthis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157'>http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896'>http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://vzcjvdkfziyqtccoo.com/h41VtRJ51gZyIMBfpt4EnDmgjXVZyAFdYTzKbnT6O1E7Sxo/Wpl5qi3nriyVFL1l.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: VizController Class - {0F9CECE1-0306-4BB0-8BEF-C9EA3841E38A} - C:\Program\Vyooh\DiskView\VizBHO.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program\Java\jre1.5.0_11\bin\ssv.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program\google\googletoolbar3.dll

O3 - Toolbar: DiskView - {6A882320-BDD0-4ff4-BE3A-D8BAF82668E9} - C:\Program\Vyooh\DiskView\VizBar.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program\google\googletoolbar3.dll

O4 - HKLM\..\Run: [schedulingAgent] mstinit.exe /firstlogon

O4 - HKLM\..\Run: [VTTimer] VTTimer.exe

O4 - HKLM\..\Run: [Microsoft Works Update Detection] "C:\Program\Delade filer\Microsoft Shared\Works Shared\WkUFind.exe"

O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\\NeroCheck.exe

O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd

O4 - HKLM\..\Run: [AVG7_CC] C:\Program\Grisoft\AVGFRE~1\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program\Java\jre1.5.0_11\bin\jusched.exe"

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [steam] "f:\program\valve\steam\steam.exe" -silent

O4 - HKCU\..\Run: [swg] C:\Program\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program\Delade filer\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: LG Sync Manager.lnk = ?

O4 - Global Startup: Microsoft Office.lnk = C:\Program\Microsoft Office\Office\OSA9.EXE

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_11\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_11\bin\ssv.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O11 - Options group: [iNTERNATIONAL] International*

O14 - IERESET.INF: START_PAGE_URL=Http://www.jmedata.se

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.5.0) - http://javadl-esd.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586-jc.cab

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\Program\MSNMES~1\msgrapp.dll" (file missing)

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program\Grisoft\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\Program\Grisoft\AVGFRE~1\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\Program\Grisoft\AVGFRE~1\avgupsvc.exe

O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\Program\Grisoft\AVGFRE~1\avgemc.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\Security Center\SymWSC.exe

 

[/log]

 

Dator 1 har jag fullständigt formaterat om eftersom vi inte kom riktigt överens och när och hur den kära datorn skulle fungera. Nu är den igång och det finns bara ett antivirusprogram på den...AVG.

 

-----

 

Dessvärre kvarstår problemet......*tittar just nu på hur bokstäverna som skrivs på dator 1 kommer fram på dator 2*

 

Link to comment
Share on other sites

Oj, trodde du hade gett upp för länge sedan. Det är ju inte så bra att använda datorer med otrevligheter, man vet ju aldrig vad de hittar på, de kan ju tänkas stjäla lösenord till banken eller vad som helst.

 

Ställ in Utforskaren så att du kan se alla filer:

Verktyg - (Mapp)alternativ eller liknande - Visning

Välj Visa dolda filer och mappar

Avbocka Dölj filnamnstillägg för kända filtyper

Avbocka Dölj skyddade operativsystemfiler

 

Ta bort mapparna (om de finns kvar):

C:\Documents and Settings\All Users\Application Data\Coalmailbowsmeet

C:\Documents and Settings\All Users\Application Data\Waitwinseekweb

C:\Documents and Settings\Sandraa\Application Data\Encsecondskip

 

Starta om datorn.

 

I båda datorerna så starta Kommandotolken (Start - Program - Tillbehör) och skriv:

ipconfig /all

Klistra in resultaten (LOG-knappen också).

 

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.



×
×
  • Create New...