Just nu i M3-nätverket
Jump to content

Kan inte ta bort xx_tempopt.bin


jen almbage

Recommended Posts

jen almbage

Hej, jag har avast och får upp ett medelande om att jag har en trojan, men när jag trycker move to chest, delet eller re name kan inte avast ta bort filen. Medelandet kommer upp igen och igen går bort i 15-20 min om man trycker på no action.

Har även ett annat probelm, kan vara kopplat till det förra, datorn stängs av utan att jag gör något speciellt och en blå skärm kommer upp i nån sekund. Men innan datorn stängs av automatiskt har jag ibland märkt att internet inte funkar som det ska, man kommer in på den sida man vill men texten blir väldigt konstig, bifogar en bild.

 

hijackthis log

 

[log]

ogfile of HijackThis v1.99.1

Scan saved at 15:48:34, on 2007-03-16

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINNT\System32\smss.exe

C:\WINNT\system32\winlogon.exe

C:\WINNT\system32\services.exe

C:\WINNT\system32\lsass.exe

C:\WINNT\system32\svchost.exe

C:\WINNT\System32\svchost.exe

C:\WINNT\Explorer.EXE

C:\WINNT\system32\spoolsv.exe

C:\WINNT\system32\RUNDLL32.EXE

C:\WINNT\system\wcdvtray.exe

C:\Program\ALWILS~1\Avast4\ashDisp.exe

C:\Program\Zone Labs\ZoneAlarm\zlclient.exe

C:\Program\Java\jre1.5.0_10\bin\jusched.exe

C:\Program\iTunes\iTunesHelper.exe

C:\Program\Messenger\msmsgs.exe

C:\Program\Windows Media Player\WMPNSCFG.exe

C:\Program\Adobe\Acrobat 7.0\Reader\reader_sl.exe

C:\Program\Personal\bin\Personal.exe

C:\Program\Internet Explorer\iexplore.exe

C:\Program\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe

C:\Program\Alwil Software\Avast4\aswUpdSv.exe

C:\Program\Delade filer\Autodesk Shared\Service\AdskScSrv.exe

C:\Program\Alwil Software\Avast4\ashServ.exe

C:\WINNT\System32\svchost.exe

C:\Program\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe

C:\WINNT\system32\nvsvc32.exe

C:\Program\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe

C:\WINNT\system32\svchost.exe

C:\WINNT\system32\ZoneLabs\vsmon.exe

C:\Program\iPod\bin\iPodService.exe

C:\Program\Alwil Software\Avast4\ashMaiSv.exe

C:\Program\Alwil Software\Avast4\ashWebSv.exe

C:\WINNT\system32\wuauclt.exe

C:\Program\Internet Explorer\iexplore.exe

C:\Program\Hijackthis\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://10.0.0.6'>http://10.0.0.6

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://10.0.0.6

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O2 - BHO: (no name) - {013A653B-49A6-4f76-8B68-E4875EA6BA54} - C:\WINNT\system32\ejmsqapx.dll (file missing)

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program\BitComet\tools\BitCometBHO_1.1.2.7.dll

O2 - BHO: (no name) - {5214E8CB-3FE8-404D-B8AF-0157D592639d} - C:\WINNT\system32\jilkvtkf.dll (file missing)

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program\Java\jre1.5.0_10\bin\ssv.dll

O2 - BHO: (no name) - {FCE6C8CA-FA11-4FCA-B88F-16BC9CE5A888} - (no file)

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINNT\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINNT\system32\PSDrvCheck.exe -CheckReg

O4 - HKLM\..\Run: [OWCWebCamDV] C:\WINNT\system\wcdvtray.exe

O4 - HKLM\..\Run: [avast!] C:\Program\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program\Zone Labs\ZoneAlarm\zlclient.exe"

O4 - HKLM\..\Run: [TkBellExe] "C:\Program\Delade filer\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program\Java\jre1.5.0_10\bin\jusched.exe"

O4 - HKCU\..\Run: [MSMSGS] "C:\Program\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [Regscan] C:\WINNT\system32\regscan.exe

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program\Windows Media Player\WMPNSCFG.exe

O4 - Startup: Adobe Gamma.lnk = C:\Program\Delade filer\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program\Delade filer\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Personal.lnk = C:\Program\Personal\bin\Personal.exe

O8 - Extra context menu item: Download all links using BitComet - res://C:\Program\BitComet\BitComet.exe/AddAllLink.htm

O8 - Extra context menu item: Download all videos using BitComet - res://C:\Program\BitComet\BitComet.exe/AddVideo.htm

O8 - Extra context menu item: Download link using &BitComet - res://C:\Program\BitComet\BitComet.exe/AddLink.htm

O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_10\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_10\bin\ssv.dll

O9 - Extra button: Referensinformation - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O12 - Plugin for .spop: C:\Program\Internet Explorer\Plugins\NPDocBox.dll

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by132fd.bay132.hotmail.msn.com/resources/MsnPUpld.cab

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - http://download.bitdefender.com/resources/scan8/oscan8.cab

O16 - DPF: {745395C8-D0E1-4227-8586-624CA9A10A8D} (AxisMediaControl Class) - http://campuscentercam.its.wesleyan.edu/activex/AMC.cab

O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://webcam2.vilhelmina.se/activex/AxisCamControl.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O16 - DPF: {A91DEB0D-AD0D-453E-9AC8-60178EC24212} (VPlayer Control) - http://www.sonypictures.com/movies/casinoroyale/vividas/player/vivid_ocx.jpeg

O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} (AxisMediaControlEmb Class) - http://69.51.67.72:90/activex/AMC.cab

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\Program\MSNMES~1\msgrapp.dll" (file missing)

O20 - Winlogon Notify: WgaLogon - C:\WINNT\SYSTEM32\WgaLogon.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINNT\system32\WPDShServiceObj.dll

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program\Delade filer\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Adobe Active File Monitor (AdobeActiveFileMonitor) - Unknown owner - C:\Program\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program\Delade filer\Autodesk Shared\Service\AdskScSrv.exe

O23 - Service: avast! Antivirus - Unknown owner - C:\Program\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Program\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program\Delade filer\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program\iPod\bin\iPodService.exe

O23 - Service: mental ray 3.5 Satellite (32-bit) (mi-raysat_3dsmax9_32) - Unknown owner - C:\Program\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\system32\nvsvc32.exe

O23 - Service: Photoshop Elements Device Connect (PhotoshopElementsDeviceConnect) - Unknown owner - C:\Program\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe

O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)

O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINNT\system32\ZoneLabs\vsmon.exe

[/log]

 

Tacksam om nån kan hjälpa mig.

//Jens

/jen almbage

 

[bild bifogad 2007-03-16 16:01:56 av jen almbage]

928793_thumb.jpg

Link to comment
Share on other sites

Skanna med HijackThis och bocka för:

 

O2 - BHO: (no name) - {013A653B-49A6-4f76-8B68-E4875EA6BA54} - C:\WINNT\system32\ejmsqapx.dll (file missing)

O2 - BHO: (no name) - {5214E8CB-3FE8-404D-B8AF-0157D592639d} - C:\WINNT\system32\jilkvtkf.dll (file missing)

O2 - BHO: (no name) - {FCE6C8CA-FA11-4FCA-B88F-16BC9CE5A888} - (no file)

O4 - HKCU\..\Run: [Regscan] C:\WINNT\system32\regscan.exe

 

Avsluta alla andra program.

Tryck Fix checked.

 

Starta om datorn i felsäkert läge (tryck F8 upprepade gånger under uppstarten och välj felsäkert läge i menyn).

 

Ställ in Utforskaren så att du kan se alla filer:

Verktyg - (Mapp)alternativ eller liknande - Visning

Välj Visa dolda filer och mappar

Avbocka Dölj filnamnstillägg för kända filtyper

Avbocka Dölj skyddade operativsystemfiler

 

Ta bort filerna (om de finns kvar):

C:\WINNT\system32\regscan.exe

 

Starta om i normalt läge och så en ny HijackThis-logg.

 

Link to comment
Share on other sites

jen almbage

[log]Logfile of HijackThis v1.99.1

Scan saved at 15:12:20, on 2007-03-17

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINNT\System32\smss.exe

C:\WINNT\system32\winlogon.exe

C:\WINNT\system32\services.exe

C:\WINNT\system32\lsass.exe

C:\WINNT\system32\svchost.exe

C:\WINNT\System32\svchost.exe

C:\WINNT\Explorer.EXE

C:\WINNT\system32\spoolsv.exe

C:\Program\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe

C:\Program\Alwil Software\Avast4\aswUpdSv.exe

C:\WINNT\system32\RUNDLL32.EXE

C:\Program\Delade filer\Autodesk Shared\Service\AdskScSrv.exe

C:\Program\Alwil Software\Avast4\ashServ.exe

C:\WINNT\system\wcdvtray.exe

C:\Program\ALWILS~1\Avast4\ashDisp.exe

C:\Program\Zone Labs\ZoneAlarm\zlclient.exe

C:\Program\Java\jre1.5.0_10\bin\jusched.exe

C:\Program\iTunes\iTunesHelper.exe

C:\WINNT\System32\svchost.exe

C:\Program\Messenger\msmsgs.exe

C:\Program\Windows Media Player\WMPNSCFG.exe

C:\Program\Adobe\Acrobat 7.0\Reader\reader_sl.exe

C:\Program\Personal\bin\Personal.exe

C:\Program\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe

C:\WINNT\system32\nvsvc32.exe

C:\Program\Internet Explorer\iexplore.exe

C:\Program\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe

C:\WINNT\system32\svchost.exe

C:\WINNT\system32\ZoneLabs\vsmon.exe

C:\Program\Alwil Software\Avast4\ashMaiSv.exe

C:\Program\Alwil Software\Avast4\ashWebSv.exe

C:\Program\iPod\bin\iPodService.exe

C:\WINNT\system32\wuauclt.exe

C:\Program\Hijackthis\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://10.0.0.6'>http://10.0.0.6

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://10.0.0.6

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program\BitComet\tools\BitCometBHO_1.1.2.7.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program\Java\jre1.5.0_10\bin\ssv.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINNT\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINNT\system32\PSDrvCheck.exe -CheckReg

O4 - HKLM\..\Run: [OWCWebCamDV] C:\WINNT\system\wcdvtray.exe

O4 - HKLM\..\Run: [avast!] C:\Program\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program\Zone Labs\ZoneAlarm\zlclient.exe"

O4 - HKLM\..\Run: [TkBellExe] "C:\Program\Delade filer\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program\Java\jre1.5.0_10\bin\jusched.exe"

O4 - HKCU\..\Run: [MSMSGS] "C:\Program\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program\Windows Media Player\WMPNSCFG.exe

O4 - Startup: Adobe Gamma.lnk = C:\Program\Delade filer\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program\Delade filer\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Personal.lnk = C:\Program\Personal\bin\Personal.exe

O8 - Extra context menu item: Download all links using BitComet - res://C:\Program\BitComet\BitComet.exe/AddAllLink.htm

O8 - Extra context menu item: Download all videos using BitComet - res://C:\Program\BitComet\BitComet.exe/AddVideo.htm

O8 - Extra context menu item: Download link using &BitComet - res://C:\Program\BitComet\BitComet.exe/AddLink.htm

O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_10\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_10\bin\ssv.dll

O9 - Extra button: Referensinformation - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O12 - Plugin for .spop: C:\Program\Internet Explorer\Plugins\NPDocBox.dll

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by132fd.bay132.hotmail.msn.com/resources/MsnPUpld.cab

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - http://download.bitdefender.com/resources/scan8/oscan8.cab

O16 - DPF: {745395C8-D0E1-4227-8586-624CA9A10A8D} (AxisMediaControl Class) - http://campuscentercam.its.wesleyan.edu/activex/AMC.cab

O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://webcam2.vilhelmina.se/activex/AxisCamControl.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O16 - DPF: {A91DEB0D-AD0D-453E-9AC8-60178EC24212} (VPlayer Control) - http://www.sonypictures.com/movies/casinoroyale/vividas/player/vivid_ocx.jpeg

O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} (AxisMediaControlEmb Class) - http://69.51.67.72:90/activex/AMC.cab

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\Program\MSNMES~1\msgrapp.dll" (file missing)

O20 - Winlogon Notify: WgaLogon - C:\WINNT\SYSTEM32\WgaLogon.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINNT\system32\WPDShServiceObj.dll

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program\Delade filer\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Adobe Active File Monitor (AdobeActiveFileMonitor) - Unknown owner - C:\Program\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program\Delade filer\Autodesk Shared\Service\AdskScSrv.exe

O23 - Service: avast! Antivirus - Unknown owner - C:\Program\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Program\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program\Delade filer\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program\iPod\bin\iPodService.exe

O23 - Service: mental ray 3.5 Satellite (32-bit) (mi-raysat_3dsmax9_32) - Unknown owner - C:\Program\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\system32\nvsvc32.exe

O23 - Service: Photoshop Elements Device Connect (PhotoshopElementsDeviceConnect) - Unknown owner - C:\Program\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe

O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)

O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINNT\system32\ZoneLabs\vsmon.exe

[/log]

 

Link to comment
Share on other sites

jen almbage

Problemen kvarstår.

Står så här:

Sign of "Win32:Small-EJL [Trj]" has been found in "C:\Documents and Settings\Jens Almbage\xx_tempopt.bin" file. "

[inlägget ändrat 2007-03-17 19:28:36 av jen almbage]

Link to comment
Share on other sites

Inte mycket info på internet än, det är ett trojan som bara är ca 5 dagar gammal. Men jag hittar att det är en trojan som laddar ner fler otrevligheter om det får chansen. Håll internetanslutningen urdragen så mycket som möjligt. Har det kommit upp några frågor från ZoneAlarm på sistone? Kolla igenom listan på godkända program i ZoneAlarm och säg till om det finns okända program i den.

 

Ladda hem och installera gratisversionen av SUPERAntiSpyware Free Edition:

http://www.superantispyware.com/download.html

Starta programmet, klicka på Check for updates.

Avsluta programmet när uppdateringen är klar.

 

Starta om datorn i felsäkert läge (tryck F8 upprepade gånger under uppstarten och välj felsäkert läge i menyn).

 

Starta SUPERAntiSpyware och klicka på Scan your Computer.

Bocka för alla hårddiskar (fixed drive/disk).

Välj Perform complete scan

Nästa/Next

 

När skanningen är klar som kommer det upp en sammanfattning, tryck på OK

Nästa/Next

Utför eller liknande

Ett fönster med Quarantine and removal Complete kommer upp

OK

Utför eller liknande

Avsluta programmet.

 

Starta om i normalt läge.

 

Starta programmet, tryck på Preferences, välj filken Statistics/Logs

Dubbelklicka på den nyaste SUPERAntiSpyware Scan Log så att loggen kommer upp i Anteckningar.

Klistra in loggen i ditt svar

 

Kör Blacklight och klistra in dess logg i ditt svar:

http://www.f-secure.com/blacklight/try_blacklight.html

 

 

Link to comment
Share on other sites

jen almbage

SUPERAntiSpyware

[log]SUPERAntiSpyware Scan Log

Generated 03/18/2007 at 10:33 AM

 

Application Version : 3.6.1000

 

Core Rules Database Version : 3202

Trace Rules Database Version: 1212

 

Scan type : Complete Scan

Total Scan Time : 00:35:44

 

Memory items scanned : 166

Memory threats detected : 0

Registry items scanned : 6883

Registry threats detected : 0

File items scanned : 43398

File threats detected : 48

 

Adware.Tracking Cookie

C:\Documents and Settings\Jens Almbage\Cookies\jens almbage@toplist[1].txt

C:\Documents and Settings\Jens Almbage\Cookies\jens almbage@serving-sys[2].txt

C:\Documents and Settings\Jens Almbage\Cookies\jens almbage@ad.yieldmanager[2].txt

C:\Documents and Settings\Jens Almbage\Cookies\jens almbage@burstnet[2].txt

C:\Documents and Settings\Jens Almbage\Cookies\jens almbage@perf.overture[1].txt

C:\Documents and Settings\Jens Almbage\Cookies\jens almbage@ad.adtoma[2].txt

C:\Documents and Settings\Jens Almbage\Cookies\jens almbage@advertising[2].txt

C:\Documents and Settings\Jens Almbage\Cookies\jens almbage@adbrite[1].txt

C:\Documents and Settings\Jens Almbage\Cookies\jens almbage@clicktorrent[2].txt

C:\Documents and Settings\Jens Almbage\Cookies\jens almbage@cpvfeed[2].txt

C:\Documents and Settings\Jens Almbage\Cookies\jens almbage@as1.falkag[1].txt

C:\Documents and Settings\Jens Almbage\Cookies\jens almbage@doubleclick[1].txt

C:\Documents and Settings\Jens Almbage\Cookies\jens almbage@3684752[2].txt

C:\Documents and Settings\Jens Almbage\Cookies\jens almbage@bs.serving-sys[2].txt

C:\Documents and Settings\Jens Almbage\Cookies\jens almbage@www.smartadserver[1].txt

C:\Documents and Settings\Jens Almbage\Cookies\jens almbage@ads.mininova[1].txt

C:\Documents and Settings\Jens Almbage\Cookies\jens almbage@hc2.humanclick[1].txt

C:\Documents and Settings\Jens Almbage\Cookies\jens almbage@mb[1].txt

C:\Documents and Settings\Jens Almbage\Cookies\jens almbage@www.burstnet[2].txt

C:\Documents and Settings\Jens Almbage\Cookies\jens almbage@virginmedia[2].txt

C:\Documents and Settings\Jens Almbage\Cookies\jens almbage@cgi-bin[2].txt

C:\Documents and Settings\Jens Almbage\Cookies\jens almbage@mb[2].txt

C:\Documents and Settings\Jens Almbage\Cookies\jens almbage@as-us.falkag[2].txt

C:\Documents and Settings\Jens Almbage\Cookies\jens almbage@statcounter[2].txt

C:\Documents and Settings\Jens Almbage\Cookies\jens almbage@mediaplex[1].txt

C:\Documents and Settings\Jens Almbage\Cookies\jens almbage@movies.virginmedia[2].txt

C:\Documents and Settings\Jens Almbage\Cookies\jens almbage@ad.zanox[1].txt

C:\Documents and Settings\Jens Almbage\Cookies\jens almbage@adserver.banneradministration[2].txt

C:\Documents and Settings\Jens Almbage\Cookies\jens almbage@atdmt[2].txt

C:\Documents and Settings\Jens Almbage\Cookies\jens almbage@fastclick[2].txt

C:\Documents and Settings\Jens Almbage\Cookies\jens almbage@www.ezytrack[2].txt

C:\Documents and Settings\Jens Almbage\Cookies\jens almbage@adtech[2].txt

C:\Documents and Settings\Jens Almbage\Cookies\jens almbage@zedo[1].txt

C:\Documents and Settings\Jens Almbage\Cookies\jens almbage@mediametrics.mpsa[1].txt

C:\Documents and Settings\Jens Almbage\Cookies\jens almbage@tradedoubler[2].txt

C:\Documents and Settings\Jens Almbage\Cookies\jens almbage@ad1.emediate[2].txt

C:\Documents and Settings\Jens Almbage\Cookies\jens almbage@msnportal.112.2o7[1].txt

C:\Documents and Settings\Jens Almbage\Cookies\jens almbage@a[1].txt

C:\Documents and Settings\Jens Almbage\Cookies\jens almbage@stats1.reliablestats[1].txt

C:\Documents and Settings\Jens Almbage\Cookies\jens almbage@track.adform[1].txt

 

Trojan.Rustock/LZX32

C:\WINNT\system32:lzx32.sys

 

Trojan.ErrorSafe

C:\DOCUMENTS AND SETTINGS\JENS ALMBAGE\LOKALA INSTäLLNINGAR\TEMP\ICD4.TMP\UERSL_0001_N91M2407NETINSTALLER.EXE

C:\DOCUMENTS AND SETTINGS\JENS ALMBAGE\LOKALA INSTäLLNINGAR\TEMP\ICD6.TMP\UERSL_0001_N91M2407NETINSTALLER.EXE

C:\WINNT\DOWNLOADED PROGRAM FILES\CONFLICT.1\UERSL_0001_N91M2407NETINSTALLER.EXE

C:\WINNT\DOWNLOADED PROGRAM FILES\CONFLICT.2\UERSL_0001_N91M2407NETINSTALLER.EXE

C:\WINNT\DOWNLOADED PROGRAM FILES\CONFLICT.3\UERSL_0001_N91M2407NETINSTALLER.EXE

C:\WINNT\DOWNLOADED PROGRAM FILES\CONFLICT.4\UERSL_0001_N91M2407NETINSTALLER.EXE

C:\WINNT\DOWNLOADED PROGRAM FILES\UERSL_0001_N91M2407NETINSTALLER.EXE[/log]

 

Blacklight

[log]03/18/07 10:53:06 [info]: BlackLight Engine 1.0.55 initialized

03/18/07 10:53:06 [info]: OS: 5.1 build 2600 (Service Pack 2)

03/18/07 10:53:06 [Note]: 7019 4

03/18/07 10:53:06 [Note]: 7005 0

03/18/07 10:53:14 [Error]: 6024 1

03/18/07 10:53:14 [Error]: 6024 1

03/18/07 10:53:14 [Note]: 7006 0

03/18/07 10:53:14 [Note]: 7011 1176

03/18/07 10:53:14 [Note]: 7026 0

03/18/07 10:53:14 [Note]: 7026 0

03/18/07 10:53:14 [Error]: 6024 1

03/18/07 10:53:26 [Note]: FSRAW library version 1.7.1021

03/18/07 11:16:42 [Note]: 2000 1012

03/18/07 11:16:42 [Note]: 2000 1012

03/18/07 11:16:42 [Note]: 2000 1012

03/18/07 11:16:42 [Note]: 2000 1012

03/18/07 11:16:42 [Note]: 2000 1012

03/18/07 11:16:42 [Note]: 2000 1012

03/18/07 11:16:42 [Note]: 2000 1012

03/18/07 11:16:42 [Note]: 2000 1012

03/18/07 11:16:42 [Note]: 2000 1012

03/18/07 11:16:42 [Note]: 2000 1012

03/18/07 11:16:42 [Note]: 2000 1012

03/18/07 11:16:42 [Note]: 2000 1012

03/18/07 11:16:42 [Note]: 2000 1012

03/18/07 11:16:42 [Note]: 2000 1012

03/18/07 11:16:42 [Note]: 2000 1012

03/18/07 11:16:42 [Note]: 2000 1012

03/18/07 11:16:42 [Note]: 2000 1012

03/18/07 11:28:26 [Note]: 7007 0

[/log]

 

Link to comment
Share on other sites

Jaha, där var ett rootkit, inte undra på att det inte syntes något i loggarna och Avast har problem att få bort det. Vi kollar med rustbfix att SUPERAntiSpyware fick bort det ordentligt.

 

Ladda ner rustbfix.exe till Skrivbordet:

http://www.uploads.ejvindh.net/rustbfix.exe

Dubbelklicka på filen för att köra det. Om något hittas så blir du ombedd att starta om datorn. Uppstarten kommer då att ta längre tid än vanligt och eventuellt så blir det ytterligare en omstart. När allt är klart så kommer två loggfiler upp (C:\avenger.txt och C:\rustbfix\pelog.txt) klistra in dem här.

 

Link to comment
Share on other sites

jen almbage

[log]

Logfile of The Avenger version 1, by Swandog46

Running from registry key:

\Registry\Machine\System\CurrentControlSet\Services\nbrgicvs

 

*******************

 

Script file located at: \??\C:\Documents and Settings\cdbwhjoa.txt

Script file opened successfully.

 

Script file read successfully

 

Backups directory opened successfully at C:\Avenger

 

*******************

 

Beginning to process script file:

 

Driver PE386 unloaded successfully.

Program C:\Rustbfix\2run.bat successfully set up to run once on reboot.

 

Completed script processing.

 

*******************

 

Finished! Terminate.[/log]

[log]

************************* Rustock.b-fix -- By ejvindh *************************

2007-03-18 20:16:54,42

 

******************* Pre-run Status of system *******************

 

Rootkit driver PE386 is found. Starting the unload-procedure....

 

Rustock.b-ADS attached to the System32-folder:

No streams found.

 

Looking for Rustock.b-files in the System32-folder:

system32\lzx32.sys FOUND!

attempting to delete lzx32.sys from system32-folder

 

 

******************* Post-run Status of system *******************

 

Rustock.b-driver on the system: NONE!

 

Rustock.b-ADS attached to the System32-folder:

No System32-ADS found.

 

Looking for Rustock.b-files in the System32-folder:

No Rustock.b-files found in system32

 

 

******************************* End of Logfile ********************************

[/log]

 

Visrus varningarna är borta, tack så jätte mycket. Men har lite problem med svchost.exe den har 90 cpu och jätte hög minnes användning. Dock bara för nån minut ofta i början vid uppstarterna. Gör datorn trög.

Har varit så några veckor.

 

[inlägget ändrat 2007-03-19 14:54:45 av jen almbage]

Link to comment
Share on other sites

Det där såg ju bra ut. Men se efter om SUPERAntiSpyware hittar något mer nu. Klistra in både dess logg och en ny HijackThis-logg.

 

Link to comment
Share on other sites

jen almbage

Viruset försvann i några timmer men kom tillbaka. Samma sak händer, får avast varningar hela tiden. Verkar svår att få bort.

 

Hijackthis log

[log]

Logfile of HijackThis v1.99.1

Scan saved at 13:53:53, on 2007-03-22

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINNT\System32\smss.exe

C:\WINNT\system32\winlogon.exe

C:\WINNT\system32\services.exe

C:\WINNT\system32\lsass.exe

C:\WINNT\system32\svchost.exe

C:\WINNT\System32\svchost.exe

C:\WINNT\system32\spoolsv.exe

C:\WINNT\Explorer.EXE

C:\Program\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe

C:\Program\Alwil Software\Avast4\aswUpdSv.exe

C:\Program\Delade filer\Autodesk Shared\Service\AdskScSrv.exe

C:\Program\Alwil Software\Avast4\ashServ.exe

C:\WINNT\System32\svchost.exe

C:\Program\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe

C:\WINNT\system32\nvsvc32.exe

C:\Program\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe

C:\WINNT\system32\svchost.exe

C:\WINNT\system32\ZoneLabs\vsmon.exe

C:\WINNT\system32\RUNDLL32.EXE

C:\Program\ALWILS~1\Avast4\ashDisp.exe

C:\Program\Zone Labs\ZoneAlarm\zlclient.exe

C:\Program\Personal\bin\Personal.exe

C:\Program\Internet Explorer\iexplore.exe

C:\Program\Alwil Software\Avast4\ashMaiSv.exe

C:\Program\Alwil Software\Avast4\ashWebSv.exe

C:\Program\Internet Explorer\iexplore.exe

C:\Program\Hijackthis\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://10.0.0.6'>http://10.0.0.6

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://10.0.0.6

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program\BitComet\tools\BitCometBHO_1.1.2.7.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program\Java\jre1.5.0_10\bin\ssv.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINNT\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [avast!] C:\Program\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program\Zone Labs\ZoneAlarm\zlclient.exe"

O4 - Startup: Adobe Gamma.lnk = C:\Program\Delade filer\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program\Delade filer\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Personal.lnk = C:\Program\Personal\bin\Personal.exe

O8 - Extra context menu item: Download all links using BitComet - res://C:\Program\BitComet\BitComet.exe/AddAllLink.htm

O8 - Extra context menu item: Download all videos using BitComet - res://C:\Program\BitComet\BitComet.exe/AddVideo.htm

O8 - Extra context menu item: Download link using &BitComet - res://C:\Program\BitComet\BitComet.exe/AddLink.htm

O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_10\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_10\bin\ssv.dll

O9 - Extra button: Referensinformation - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O12 - Plugin for .spop: C:\Program\Internet Explorer\Plugins\NPDocBox.dll

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by132fd.bay132.hotmail.msn.com/resources/MsnPUpld.cab

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - http://download.bitdefender.com/resources/scan8/oscan8.cab

O16 - DPF: {745395C8-D0E1-4227-8586-624CA9A10A8D} (AxisMediaControl Class) - http://campuscentercam.its.wesleyan.edu/activex/AMC.cab

O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://webcam2.vilhelmina.se/activex/AxisCamControl.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O16 - DPF: {A91DEB0D-AD0D-453E-9AC8-60178EC24212} (VPlayer Control) - http://www.sonypictures.com/movies/casinoroyale/vividas/player/vivid_ocx.jpeg

O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} (AxisMediaControlEmb Class) - http://69.51.67.72:90/activex/AMC.cab

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\Program\MSNMES~1\msgrapp.dll" (file missing)

O20 - Winlogon Notify: !SASWinLogon - C:\Program\SUPERAntiSpyware\SASWINLO.dll

O20 - Winlogon Notify: WgaLogon - C:\WINNT\SYSTEM32\WgaLogon.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINNT\system32\WPDShServiceObj.dll

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program\Delade filer\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Adobe Active File Monitor (AdobeActiveFileMonitor) - Unknown owner - C:\Program\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program\Delade filer\Autodesk Shared\Service\AdskScSrv.exe

O23 - Service: avast! Antivirus - Unknown owner - C:\Program\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Program\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program\Delade filer\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program\iPod\bin\iPodService.exe

O23 - Service: mental ray 3.5 Satellite (32-bit) (mi-raysat_3dsmax9_32) - Unknown owner - C:\Program\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\system32\nvsvc32.exe

O23 - Service: Photoshop Elements Device Connect (PhotoshopElementsDeviceConnect) - Unknown owner - C:\Program\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe

O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)

O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINNT\system32\ZoneLabs\vsmon.exe

 

[/log]

 

SUPERAntiSpyware

 

[log]

SUPERAntiSpyware Scan Log

Generated 03/21/2007 at 11:15 PM

 

Application Version : 3.6.1000

 

Core Rules Database Version : 3202

Trace Rules Database Version: 1212

 

Scan type : Complete Scan

Total Scan Time : 00:30:59

 

Memory items scanned : 145

Memory threats detected : 0

Registry items scanned : 6873

Registry threats detected : 0

File items scanned : 43394

File threats detected : 51

 

Adware.Tracking Cookie

C:\Documents and Settings\Jens Almbage\Cookies\jens almbage@toplist[1].txt

C:\Documents and Settings\Jens Almbage\Cookies\jens almbage@ad.yieldmanager[3].txt

C:\Documents and Settings\Jens Almbage\Cookies\jens almbage@burstnet[1].txt

C:\Documents and Settings\Jens Almbage\Cookies\jens almbage@perf.overture[2].txt

C:\Documents and Settings\Jens Almbage\Cookies\jens almbage@ad.adtoma[2].txt

C:\Documents and Settings\Jens Almbage\Cookies\jens almbage@www.drivecleaner[2].txt

C:\Documents and Settings\Jens Almbage\Cookies\jens almbage@hitbox[1].txt

C:\Documents and Settings\Jens Almbage\Cookies\jens almbage@netmediagroup[1].txt

C:\Documents and Settings\Jens Almbage\Cookies\jens almbage@advertising[1].txt

C:\Documents and Settings\Jens Almbage\Cookies\jens almbage@adbrite[2].txt

C:\Documents and Settings\Jens Almbage\Cookies\jens almbage@clicktorrent[2].txt

C:\Documents and Settings\Jens Almbage\Cookies\jens almbage@se.drivecleaner[1].txt

C:\Documents and Settings\Jens Almbage\Cookies\jens almbage@ads.adbrite[1].txt

C:\Documents and Settings\Jens Almbage\Cookies\jens almbage@adserver.easyad[2].txt

C:\Documents and Settings\Jens Almbage\Cookies\jens almbage@doubleclick[1].txt

C:\Documents and Settings\Jens Almbage\Cookies\jens almbage@1070173924[1].txt

C:\Documents and Settings\Jens Almbage\Cookies\Jens almbage@mb[1].txt

C:\Documents and Settings\Jens Almbage\Cookies\jens almbage@drivecleaner[2].txt

C:\Documents and Settings\Jens Almbage\Cookies\jens almbage@ehg-abupsala.hitbox[1].txt

C:\Documents and Settings\Jens Almbage\Cookies\jens almbage@www.burstnet[2].txt

C:\Documents and Settings\Jens Almbage\Cookies\jens almbage@cgi-bin[2].txt

C:\Documents and Settings\Jens Almbage\Cookies\jens almbage@statcounter[1].txt

C:\Documents and Settings\Jens Almbage\Cookies\jens almbage@mb[2].txt

C:\Documents and Settings\Jens Almbage\Cookies\jens almbage@mediaplex[1].txt

C:\Documents and Settings\Jens Almbage\Cookies\jens almbage@ad.zanox[1].txt

C:\Documents and Settings\Jens Almbage\Cookies\jens almbage@2o7[2].txt

C:\Documents and Settings\Jens Almbage\Cookies\jens almbage@indextools[2].txt

C:\Documents and Settings\Jens Almbage\Cookies\jens almbage@estat[1].txt

C:\Documents and Settings\Jens Almbage\Cookies\jens almbage@atdmt[2].txt

C:\Documents and Settings\Jens Almbage\Cookies\jens almbage@statse.webtrendslive[1].txt

C:\Documents and Settings\Jens Almbage\Cookies\jens almbage@adserver.eniro[2].txt

C:\Documents and Settings\Jens Almbage\Cookies\jens almbage@tradedoubler[1].txt

C:\Documents and Settings\Jens Almbage\Cookies\jens almbage@stats.sbab[1].txt

C:\Documents and Settings\Jens Almbage\Cookies\jens almbage@msnportal.112.2o7[1].txt

C:\Documents and Settings\Jens Almbage\Cookies\jens almbage@ad1.emediate[2].txt

C:\Documents and Settings\Jens Almbage\Cookies\jens almbage@stats1.reliablestats[1].txt

C:\Documents and Settings\Jens Almbage\Cookies\jens almbage@ad.yieldmanager[2].txt

 

Trojan.ErrorSafe

C:\DOCUMENTS AND SETTINGS\JENS ALMBAGE\LOKALA INSTäLLNINGAR\TEMP\ICD7.TMP\UERSL_0001_N91M2407NETINSTALLER.EXE

 

Trace.Known Threat Sources

C:\Documents and Settings\Jens Almbage\Lokala inställningar\Temporary Internet Files\Content.IE5\EF27ETQZ\ico2[1].gif

C:\Documents and Settings\Jens Almbage\Lokala inställningar\Temporary Internet Files\Content.IE5\8J3VYK1T\ico4[1].gif

C:\Documents and Settings\Jens Almbage\Lokala inställningar\Temporary Internet Files\Content.IE5\SX2VW96Z\styles[1].css

C:\Documents and Settings\Jens Almbage\Lokala inställningar\Temporary Internet Files\Content.IE5\C5MVG5MN\functions.js[1].htm

C:\Documents and Settings\Jens Almbage\Lokala inställningar\Temporary Internet Files\Content.IE5\0HI301U3\top_pic_new[1].gif

C:\Documents and Settings\Jens Almbage\Lokala inställningar\Temporary Internet Files\Content.IE5\1FR5VPZS\top1[1].gif

C:\Documents and Settings\Jens Almbage\Lokala inställningar\Temporary Internet Files\Content.IE5\9Q31DTG9\bar[1].gif

C:\Documents and Settings\Jens Almbage\Lokala inställningar\Temporary Internet Files\Content.IE5\M8IP3X4S\logo[1].gif

C:\Documents and Settings\Jens Almbage\Lokala inställningar\Temporary Internet Files\Content.IE5\UDRC1K3E\ico3[1].gif

C:\Documents and Settings\Jens Almbage\Lokala inställningar\Temporary Internet Files\Content.IE5\FEJLXH37\ErrorSafeFreeInstall_se[1].cab

C:\Documents and Settings\Jens Almbage\Lokala inställningar\Temporary Internet Files\Content.IE5\8LMJG5U3\ico5[1].gif

C:\Documents and Settings\Jens Almbage\Lokala inställningar\Temporary Internet Files\Content.IE5\8LMJG5U3\index[1].htm

C:\Documents and Settings\Jens Almbage\Lokala inställningar\Temporary Internet Files\Content.IE5\I30FVWLG\errorsafe_banner[1].swf

[/log]

 

Link to comment
Share on other sites

SUPERAntiSpyware hittade cachade webbsidor som innehåller otrevligheter, var försiktigare med vilka webbsidor du besöker.

 

Det är väl bäst att du kör rustbfix igen.

 

Töm mappen C:\DOCUMENTS AND SETTINGS\JENS ALMBAGE\LOKALA INSTäLLNINGAR\TEMP

 

Ta bort tillfälliga internet-filer:

Kontrollpanelen - Internet-alternativ - Ta bort filer - Kryssa i rutan - OK - OK

 

 

Link to comment
Share on other sites

jen almbage

Rustbfix hittade ingenting. Finns det något annat som jag kan göra för att få bort viruset.

 

 

Link to comment
Share on other sites

jen almbage

Fortfarande problem med xx_tempopt.bin.

Jag körde blacklight, och den identifierade filen, men det enda alternativet är Rename, ska jag göra det?

 

 

[inlägget ändrat 2007-03-23 19:14:44 av jen almbage]

Link to comment
Share on other sites

Det var skönt att höra och tack för poängen! :)

 

Här kommer mina vanliga råd för en säkrare dator, men det är så klart viktigt att man använder sitt förnuft också.

 

Uppdatera från Windows Update och kör antispionprogrammen AVG Anti-Spyware (Ewido), SUPERAntiSpyware och/eller Spybot S&D regelbundet.

http://www.ewido.net/en/

http://www.superantispyware.com/

http://www.safer-networking.org/en/download/index.html

 

Komplettera antivirusprogrammet med några online-skanningar då och då:

http://housecall.trendmicro.com/

http://www.bitdefender.com/scan8/ie.html

http://www.pandasoftware.com/products/activescan/

 

Använd en brandvägg (bättre än den inbyggda i XP), finns gratis från t ex ZoneLabs.

http://www.zonelabs.com/store/content/home.jsp

 

Om man använder Internet Explorer så kan det vara lämpligt att ha programmet SpywareBlaster, vilket hindrar en hel del otrevliga program från att laddas ner resp. köras http://www.javacoolsoftware.com , samt kör IE-SpyAd som lägger en hel massa otrevliga webbplatser i zonen Ej tillförlitliga i Internet Explorer så att de inte kan göra något med datorn http://www.spywarewarrior.com/uiuc/resource.htm

 

Se över säkerhetsinställningarna i Internet Explorer, det finns en hel del tips här:

http://www.spywarewarrior.com/uiuc/btw/ie/ie-opts.htm

 

Om man använder webbläsaren Firefox så är det lämpligt att ha tillägget NoScript.

http://www.mozilla.com

https://addons.mozilla.org/firefox/722/

 

Allt gratis för hemanvändare/personligt bruk.

 

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...