Just nu i M3-nätverket
Jump to content

hjälp sökes!


t-man

Recommended Posts

 

Har fått problem med min dator....den slänger hela tiden upp jobbiga pop-ups som varnar för virus...

kan man på ngt sätt bli av med dessa falska fönster utan att formatera om allt???

 

 

vore tacksam för svar

 

Link to comment
Share on other sites

Vi kan se om HijackThis visar något till att börja med:

http://www.trendsecure.com/portal/en-US/_download/HJTInstall.exe

Installera, starta och välj "Do a system scan and save a logfile", kopiera loggen som kommer upp (inget annat).

 

I ditt svar bifogar du HijackThis-loggen på detta sätt:

Tryck på LOG-knappen i Besvara-fönstret

Klistra in loggen

Tryck igen på LOG-knappen

 

Link to comment
Share on other sites

ok, här kommer den:

 

[log]Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 12:03, on 2008-09-13

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16705)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\Program\Windows Defender\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Program\Intel\Wireless\Bin\EvtEng.exe

C:\Program\Intel\Wireless\Bin\S24EvMon.exe

C:\Program\Intel\Wireless\Bin\WLKeeper.exe

C:\Program\Delade filer\Symantec Shared\ccSetMgr.exe

C:\Program\Delade filer\Symantec Shared\ccEvtMgr.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program\Symantec AntiVirus\DefWatch.exe

C:\Program\Canon\IJPLM\IJPLMSVC.EXE

C:\Program\Dell\QuickSet\NICCONFIGSVC.exe

C:\Program\Intel\Wireless\Bin\RegSrvc.exe

C:\WINDOWS\system32\svchost.exe

C:\Program\Symantec AntiVirus\Rtvscan.exe

C:\WINDOWS\Explorer.EXE

C:\Program\Apoint\Apoint.exe

C:\WINDOWS\stsystra.exe

C:\Program\CyberLink\PowerDVD\DVDLauncher.exe

C:\Program\Intel\Wireless\bin\ZCfgSvc.exe

C:\Program\Intel\Wireless\Bin\ifrmewrk.exe

C:\Program\Dell\QuickSet\quickset.exe

C:\WINDOWS\System32\DLA\DLACTRLW.EXE

C:\Program\Delade filer\InstallShield\UpdateService\issch.exe

C:\Program\Google\Google Desktop Search\GoogleDesktop.exe

C:\Program\Delade filer\Symantec Shared\ccApp.exe

C:\Program\SYMANT~1\VPTray.exe

C:\Program\Apoint\Apntex.exe

C:\Program\Apoint\HidFind.exe

C:\Program\Canon\MyPrinter\BJMyPrt.exe

C:\Program\Java\jre1.6.0_05\bin\jusched.exe

C:\Program\Google\Google Desktop Search\GoogleDesktopIndex.exe

C:\Program\Windows Defender\MSASCui.exe

C:\Program\Adobe\Reader 8.0\Reader\Reader_sl.exe

C:\Program\Bredbandsbolaget\Servicecenter\Bredbandsbolaget.exe

C:\Program\Google\Google Desktop Search\GoogleDesktopDisplay.exe

C:\Program\MicroAntivirus\microAV.exe

C:\Windows\system32\YURC.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program\NetWaiting\netwaiting.exe

C:\Program\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program\Intel\Wireless\Bin\Dot1XCfg.exe

C:\Program\Windows Live\Messenger\MsnMsgr.Exe

C:\Program\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe

C:\Program\Toshiba\Bluetooth Toshiba Stack\TosBtMng1.exe

C:\Program\Digital Line Detect\DLG.exe

C:\Program\Personal\bin\Personal.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program\internet explorer\iexplore.exe

C:\Program\Delade filer\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\Program\Trend Micro\HijackThis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bredband.net/

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Delade filer\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: CodecPlugin Class - {16DE12F1-9AD4-421F-A5CF-FB87598F3E67} - C:\WINDOWS\system32\CodecBHO.dll

O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program\Java\jre1.6.0_05\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live inloggningshjälpen - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program\Delade filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program\google\googletoolbar2.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll

O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program\BAE\BAE.dll

O2 - BHO: Bredbandsbolaget Servicecenter Plugin - {DB87CDE1-EF9C-44EB-A42F-6D0B3C72C516} - C:\Program\Bredbandsbolaget\Servicecenter\IEFixItNowPlugin.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program\google\googletoolbar2.dll

O4 - HKLM\..\Run: [Apoint] C:\Program\Apoint\Apoint.exe

O4 - HKLM\..\Run: [sigmatelSysTrayApp] stsystra.exe

O4 - HKLM\..\Run: [DVDLauncher] "C:\Program\CyberLink\PowerDVD\DVDLauncher.exe"

O4 - HKLM\..\Run: [intelZeroConfig] "C:\Program\Intel\Wireless\bin\ZCfgSvc.exe"

O4 - HKLM\..\Run: [intelWireless] "C:\Program\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless

O4 - HKLM\..\Run: [Dell QuickSet] C:\Program\Dell\QuickSet\quickset.exe

O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE

O4 - HKLM\..\Run: [iSUSPM Startup] C:\Program\DELADE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program\Delade filer\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program\Google\Google Desktop Search\GoogleDesktop.exe" /startup

O4 - HKLM\..\Run: [ccApp] "C:\Program\Delade filer\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [vptray] C:\Program\SYMANT~1\VPTray.exe

O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program\Canon\SolutionMenu\CNSLMAIN.exe /logon

O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program\Canon\MyPrinter\BJMyPrt.exe /logon

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program\Java\jre1.6.0_05\bin\jusched.exe"

O4 - HKLM\..\Run: [Windows Defender] "C:\Program\Windows Defender\MSASCui.exe" -hide

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [bredbandsbolaget Servicecenter] "C:\Program\Bredbandsbolaget\Servicecenter\Bredbandsbolaget.exe"

O4 - HKLM\..\Run: [\YUR3E.exe] C:\Windows\system32\YUR3E.exe

O4 - HKLM\..\Run: [\YUR3F.exe] C:\Windows\system32\YUR3F.exe

O4 - HKLM\..\Run: [\YUR41.exe] C:\Windows\system32\YUR41.exe

O4 - HKLM\..\Run: [\YUR42.exe] C:\Windows\system32\YUR42.exe

O4 - HKLM\..\Run: [ANTIVIRUS] C:\Program\MicroAntivirus\microAV.exe

O4 - HKLM\..\Run: [\YUR9.exe] C:\Windows\system32\YUR9.exe

O4 - HKLM\..\Run: [\YURA.exe] C:\Windows\system32\YURA.exe

O4 - HKLM\..\Run: [\YURB.exe] C:\Windows\system32\YURB.exe

O4 - HKLM\..\Run: [\YURC.exe] C:\Windows\system32\YURC.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [ModemOnHold] C:\Program\NetWaiting\netwaiting.exe

O4 - HKCU\..\Run: [swg] C:\Program\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [sony Ericsson PC Suite] "C:\Program\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon

O4 - HKCU\..\Run: [\YUR3E.exe] C:\Windows\system32\YUR3E.exe

O4 - HKCU\..\Run: [\YUR3F.exe] C:\Windows\system32\YUR3F.exe

O4 - HKCU\..\Run: [\YUR41.exe] C:\Windows\system32\YUR41.exe

O4 - HKCU\..\Run: [\YUR42.exe] C:\Windows\system32\YUR42.exe

O4 - HKCU\..\Run: [ANTIVIRUS] C:\Program\MicroAntivirus\microAV.exe

O4 - HKCU\..\Run: [\YUR9.exe] C:\Windows\system32\YUR9.exe

O4 - HKCU\..\Run: [\YURA.exe] C:\Windows\system32\YURA.exe

O4 - HKCU\..\Run: [\YURB.exe] C:\Windows\system32\YURB.exe

O4 - HKCU\..\Run: [\YURC.exe] C:\Windows\system32\YURC.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJÄNST')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Bluetooth Manager.lnk = ?

O4 - Global Startup: Digital Line Detect.lnk = ?

O4 - Global Startup: Personal.lnk = C:\Program\Personal\bin\Personal.exe

O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: Referensinformation - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O16 - DPF: {45A0A292-ECC6-4D8F-9EA9-A4BD411D24C1} (king.com) - http://se.king.com/ctl/kingcomie.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.mail.live.com/mail/w1/resources/MSNPUpld.cab

O16 - DPF: {9478041E-CAEC-44A5-8271-B56799715926} (ColorApplication Control) - http://clients.theshining.se/colorapp/ColorAppOnline.cab

O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game03.zylom.com/activex/zylomgamesplayer.cab

O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://flashpoker.ladbrokes.com/ladbrokes/FlashAX.cab

O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} (DownloadManagerkontroll) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.1.6.cab

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccPwdSvc.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccSetMgr.exe

O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program\Symantec AntiVirus\DefWatch.exe

O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program\Intel\Wireless\Bin\EvtEng.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: PIXMA Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program\Canon\IJPLM\IJPLMSVC.EXE

O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program\Dell\QuickSet\NICCONFIGSVC.exe

O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program\Intel\Wireless\Bin\RegSrvc.exe

O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program\Intel\Wireless\Bin\S24EvMon.exe

O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program\Symantec AntiVirus\SavRoam.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\SNDSrvc.exe

O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program\Symantec AntiVirus\Rtvscan.exe

O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel® Corporation - C:\Program\Intel\Wireless\Bin\WLKeeper.exe

 

--

End of file - 11137 bytes

[/log]

 

Link to comment
Share on other sites

Ladda hem och skanna med HijackThis,skicka sedan hit loggen så kan

någon av experterna här titta på den...

http://www.spychecker.com/program/hijackthis.html

Installera,starta,välj Do a system scan and save a logfile

kopiera loggen som kommer upp (inget annat)

 

För att posta loggen gör så här:

 

Tryck på LOG-knappen i besvara-fönstret

Klistra in loggen

Tryck igen på LOG-knappen

 

Link to comment
Share on other sites

Ladda ner programmet SmitfraudFix (by S!Ri) till Skrivbordet:

http://siri.urz.free.fr/Fix/SmitfraudFix.exe

Dubbelklicka på den nedladdade filen Smitfraudfix.exe.

Först kommer en uppmaning att trycka på någon tangent så gör det.

Välj sedan alternativ 1 - Search genom att trycka på 1 och Enter.

Programmet kommer att skanna igenom datorn.

När den är klart visas resultatet och programmet har skapat loggfilen C:\rapport.txt.

 

Klistra in innehållet i loggfilen i ditt svar här.

 

Gör inget annat med SmitfraudFix.

 

Link to comment
Share on other sites

 

här kommer den:

 

[log]SmitFraudFix v2.349

 

Scan done at 12:19:30.89, 2008-09-13

Run from C:\Documents and Settings\Thomas Enbom\Skrivbord\SmitfraudFix

OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT

The filesystem type is NTFS

Fix run in normal mode

 

»»»»»»»»»»»»»»»»»»»»»»»» Process

 

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\Program\Windows Defender\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Program\Intel\Wireless\Bin\EvtEng.exe

C:\Program\Intel\Wireless\Bin\S24EvMon.exe

C:\Program\Intel\Wireless\Bin\WLKeeper.exe

C:\Program\Delade filer\Symantec Shared\ccSetMgr.exe

C:\Program\Delade filer\Symantec Shared\ccEvtMgr.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program\Symantec AntiVirus\DefWatch.exe

C:\Program\Canon\IJPLM\IJPLMSVC.EXE

C:\Program\Dell\QuickSet\NICCONFIGSVC.exe

C:\Program\Intel\Wireless\Bin\RegSrvc.exe

C:\WINDOWS\system32\svchost.exe

C:\Program\Symantec AntiVirus\Rtvscan.exe

C:\WINDOWS\Explorer.EXE

C:\Program\Apoint\Apoint.exe

C:\WINDOWS\stsystra.exe

C:\Program\CyberLink\PowerDVD\DVDLauncher.exe

C:\Program\Intel\Wireless\bin\ZCfgSvc.exe

C:\Program\Intel\Wireless\Bin\ifrmewrk.exe

C:\Program\Dell\QuickSet\quickset.exe

C:\WINDOWS\System32\DLA\DLACTRLW.EXE

C:\Program\Delade filer\InstallShield\UpdateService\issch.exe

C:\Program\Google\Google Desktop Search\GoogleDesktop.exe

C:\Program\Delade filer\Symantec Shared\ccApp.exe

C:\Program\SYMANT~1\VPTray.exe

C:\Program\Apoint\Apntex.exe

C:\Program\Apoint\HidFind.exe

C:\Program\Canon\MyPrinter\BJMyPrt.exe

C:\Program\Java\jre1.6.0_05\bin\jusched.exe

C:\Program\Google\Google Desktop Search\GoogleDesktopIndex.exe

C:\Program\Windows Defender\MSASCui.exe

C:\Program\Bredbandsbolaget\Servicecenter\Bredbandsbolaget.exe

C:\Program\Google\Google Desktop Search\GoogleDesktopDisplay.exe

C:\Program\MicroAntivirus\microAV.exe

C:\Windows\system32\YURC.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program\NetWaiting\netwaiting.exe

C:\Program\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program\Intel\Wireless\Bin\Dot1XCfg.exe

C:\Program\Windows Live\Messenger\MsnMsgr.Exe

C:\Program\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe

C:\Program\Toshiba\Bluetooth Toshiba Stack\TosBtMng1.exe

C:\Program\Digital Line Detect\DLG.exe

C:\Program\Personal\bin\Personal.exe

C:\Program\Delade filer\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\Program\internet explorer\iexplore.exe

C:\Documents and Settings\Thomas Enbom\Skrivbord\SmitfraudFix\Policies.exe

C:\WINDOWS\system32\cmd.exe

 

»»»»»»»»»»»»»»»»»»»»»»»» hosts

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

 

C:\WINDOWS\system32\1.ico FOUND !

C:\WINDOWS\system32\2.ico FOUND !

C:\WINDOWS\system32\MicroAV.cpl FOUND !

C:\WINDOWS\system32\YUR?.exe FOUND !

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Thomas Enbom

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Thomas Enbom\Application Data

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Start Menu

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\THOMAS~1\FAVORI~1

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Desktop

 

C:\DOCUME~1\THOMAS~1\SKRIVB~1\BEST ZOO PORN.url FOUND !

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\Program

 

C:\Program\MicroAntivirus\ FOUND !

C:\Program\PCHealthCenter\ FOUND !

C:\Program\RichVideoCodec\ FOUND !

 

»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

 

 

 

»»»»»»»»»»»»»»»»»»»»»»»» IEDFix

!!!Attention, following keys are not inevitably infected!!!

 

IEDFix

Credits: Malware Analysis & Diagnostic

Code: S!Ri

 

 

 

»»»»»»»»»»»»»»»»»»»»»»»» VACFix

!!!Attention, following keys are not inevitably infected!!!

 

VACFix

Credits: Malware Analysis & Diagnostic

Code: S!Ri

 

 

»»»»»»»»»»»»»»»»»»»»»»»» 404Fix

!!!Attention, following keys are not inevitably infected!!!

 

404Fix

Credits: Malware Analysis & Diagnostic

Code: S!Ri

 

 

»»»»»»»»»»»»»»»»»»»»»»»» AntiXPVSTFix

!!!Attention, following keys are not inevitably infected!!!

 

AntiXPVSTFix

Credits: Malware Analysis & Diagnostic

Code: S!Ri

 

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler

!!!Attention, following keys are not inevitably infected!!!

 

SrchSTS.exe by S!Ri

Search SharedTaskScheduler's .dll

 

 

»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs

!!!Attention, following keys are not inevitably infected!!!

 

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Winlogon

!!!Attention, following keys are not inevitably infected!!!

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]

"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"

"System"=""

 

 

»»»»»»»»»»»»»»»»»»»»»»»» RK

 

 

 

»»»»»»»»»»»»»»»»»»»»»»»» DNS

 

Description: Intel® PRO/Wireless 3945ABG Network Connection - Miniport för paketschemaläggning

DNS Server Search Order: 195.54.122.198

DNS Server Search Order: 195.54.122.200

DNS Server Search Order: 195.54.122.199

DNS Server Search Order: 81.26.227.3

 

HKLM\SYSTEM\CCS\Services\Tcpip\..\{6578B249-55BE-4F3C-B361-8A992BA8B9B0}: DhcpNameServer=195.54.122.198 195.54.122.200 195.54.122.199 81.26.227.3

HKLM\SYSTEM\CS1\Services\Tcpip\..\{6578B249-55BE-4F3C-B361-8A992BA8B9B0}: DhcpNameServer=195.54.122.198 195.54.122.200 195.54.122.199 81.26.227.3

HKLM\SYSTEM\CS2\Services\Tcpip\..\{6578B249-55BE-4F3C-B361-8A992BA8B9B0}: DhcpNameServer=195.54.122.198 195.54.122.200 195.54.122.199 81.26.227.3

HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=195.54.122.198 195.54.122.200 195.54.122.199 81.26.227.3

HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=195.54.122.198 195.54.122.200 195.54.122.199 81.26.227.3

HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=195.54.122.198 195.54.122.200 195.54.122.199 81.26.227.3

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection

 

 

»»»»»»»»»»»»»»»»»»»»»»»» End

 

[/log]

 

Link to comment
Share on other sites

Starta om datorn i felsäkert läge genom att trycka F8 upprepade gånger under uppstarten och välja Felsäkert i menyn.

 

Dubbelklicka på smitfraudfix.exe för att starta programmet.

Välj alternativ 2 genom att trycka 2 och Enter.

Vänta på att verktyget blir klart och diskrensningen avslutas.

Under tiden så kommer det en fråga om du vill rensa registret (clean the registry) svara ja (Yes) genom att trycka Y och Enter.

 

Om datorn inte startar om av sig själv så gör du det.

Även denna gång ska det vara felsäkert läge.

 

Kontrollpanelen - Internet-alternativ - Allmänt - Ta bort - Ta bort filer - OK

 

Kontrollpanelen - Bildskärm - Skrivbord - Anpassa skrivbordet - Webb

Om det finns något med Security info eller liknande så Ta bort det.

OK - Verkställ - OK

 

Starta om datorn i normalt läge.

 

I ditt svar så klistra in den nyss skapade C:\rapport.txt och en ny HijackThis-logg.

 

Link to comment
Share on other sites

så nu är allt det gjort :

 

[log]Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 13:11:12, on 2008-09-13

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16705)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\Program\Windows Defender\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Program\Intel\Wireless\Bin\EvtEng.exe

C:\Program\Intel\Wireless\Bin\S24EvMon.exe

C:\Program\Intel\Wireless\Bin\WLKeeper.exe

C:\Program\Delade filer\Symantec Shared\ccSetMgr.exe

C:\Program\Delade filer\Symantec Shared\ccEvtMgr.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program\Symantec AntiVirus\DefWatch.exe

C:\Program\Canon\IJPLM\IJPLMSVC.EXE

C:\Program\Dell\QuickSet\NICCONFIGSVC.exe

C:\Program\Intel\Wireless\Bin\RegSrvc.exe

C:\WINDOWS\system32\svchost.exe

C:\Program\Symantec AntiVirus\Rtvscan.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\wuauclt.exe

C:\Program\Apoint\Apoint.exe

C:\WINDOWS\stsystra.exe

C:\Program\CyberLink\PowerDVD\DVDLauncher.exe

C:\Program\Intel\Wireless\bin\ZCfgSvc.exe

C:\Program\Intel\Wireless\Bin\ifrmewrk.exe

C:\Program\Dell\QuickSet\quickset.exe

C:\WINDOWS\System32\DLA\DLACTRLW.EXE

C:\Program\Apoint\Apntex.exe

C:\Program\Apoint\HidFind.exe

C:\Program\Delade filer\InstallShield\UpdateService\issch.exe

C:\Program\Google\Google Desktop Search\GoogleDesktop.exe

C:\Program\Delade filer\Symantec Shared\ccApp.exe

C:\Program\SYMANT~1\VPTray.exe

C:\Program\Google\Google Desktop Search\GoogleDesktopIndex.exe

C:\Program\Google\Google Desktop Search\GoogleDesktopDisplay.exe

C:\Program\Canon\MyPrinter\BJMyPrt.exe

C:\Program\Windows Defender\MSASCui.exe

C:\Program\Adobe\Reader 8.0\Reader\Reader_sl.exe

C:\Program\Bredbandsbolaget\Servicecenter\Bredbandsbolaget.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program\NetWaiting\netwaiting.exe

C:\Program\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program\Windows Live\Messenger\MsnMsgr.Exe

C:\Program\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe

C:\Program\Intel\Wireless\Bin\Dot1XCfg.exe

C:\Program\Toshiba\Bluetooth Toshiba Stack\TosBtMng1.exe

C:\Program\Digital Line Detect\DLG.exe

C:\Program\Personal\bin\Personal.exe

C:\Program\internet explorer\iexplore.exe

C:\Program\Delade filer\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\Program\Trend Micro\HijackThis\HijackThis.exe

 

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Delade filer\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: CodecPlugin Class - {16DE12F1-9AD4-421F-A5CF-FB87598F3E67} - C:\WINDOWS\system32\CodecBHO.dll

O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program\Java\jre1.6.0_07\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live inloggningshjälpen - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program\Delade filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program\google\googletoolbar2.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll

O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program\BAE\BAE.dll

O2 - BHO: Bredbandsbolaget Servicecenter Plugin - {DB87CDE1-EF9C-44EB-A42F-6D0B3C72C516} - C:\Program\Bredbandsbolaget\Servicecenter\IEFixItNowPlugin.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program\google\googletoolbar2.dll

O4 - HKLM\..\Run: [Apoint] C:\Program\Apoint\Apoint.exe

O4 - HKLM\..\Run: [sigmatelSysTrayApp] stsystra.exe

O4 - HKLM\..\Run: [DVDLauncher] "C:\Program\CyberLink\PowerDVD\DVDLauncher.exe"

O4 - HKLM\..\Run: [intelZeroConfig] "C:\Program\Intel\Wireless\bin\ZCfgSvc.exe"

O4 - HKLM\..\Run: [intelWireless] "C:\Program\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless

O4 - HKLM\..\Run: [Dell QuickSet] C:\Program\Dell\QuickSet\quickset.exe

O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE

O4 - HKLM\..\Run: [iSUSPM Startup] C:\Program\DELADE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program\Delade filer\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program\Google\Google Desktop Search\GoogleDesktop.exe" /startup

O4 - HKLM\..\Run: [ccApp] "C:\Program\Delade filer\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [vptray] C:\Program\SYMANT~1\VPTray.exe

O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program\Canon\SolutionMenu\CNSLMAIN.exe /logon

O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program\Canon\MyPrinter\BJMyPrt.exe /logon

O4 - HKLM\..\Run: [Windows Defender] "C:\Program\Windows Defender\MSASCui.exe" -hide

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [bredbandsbolaget Servicecenter] "C:\Program\Bredbandsbolaget\Servicecenter\Bredbandsbolaget.exe"

O4 - HKLM\..\Run: [\YUR3E.exe] C:\Windows\system32\YUR3E.exe

O4 - HKLM\..\Run: [\YUR3F.exe] C:\Windows\system32\YUR3F.exe

O4 - HKLM\..\Run: [\YUR41.exe] C:\Windows\system32\YUR41.exe

O4 - HKLM\..\Run: [\YUR42.exe] C:\Windows\system32\YUR42.exe

O4 - HKLM\..\Run: [\YUR9.exe] C:\Windows\system32\YUR9.exe

O4 - HKLM\..\Run: [\YURB.exe] C:\Windows\system32\YURB.exe

O4 - HKLM\..\Run: [\YURC.exe] C:\Windows\system32\YURC.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [ModemOnHold] C:\Program\NetWaiting\netwaiting.exe

O4 - HKCU\..\Run: [swg] C:\Program\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [sony Ericsson PC Suite] "C:\Program\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon

O4 - HKCU\..\Run: [\YUR3E.exe] C:\Windows\system32\YUR3E.exe

O4 - HKCU\..\Run: [\YUR3F.exe] C:\Windows\system32\YUR3F.exe

O4 - HKCU\..\Run: [\YUR41.exe] C:\Windows\system32\YUR41.exe

O4 - HKCU\..\Run: [\YUR42.exe] C:\Windows\system32\YUR42.exe

O4 - HKCU\..\Run: [\YUR9.exe] C:\Windows\system32\YUR9.exe

O4 - HKCU\..\Run: [\YURB.exe] C:\Windows\system32\YURB.exe

O4 - HKCU\..\Run: [\YURC.exe] C:\Windows\system32\YURC.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJÄNST')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Bluetooth Manager.lnk = ?

O4 - Global Startup: Digital Line Detect.lnk = ?

O4 - Global Startup: Personal.lnk = C:\Program\Personal\bin\Personal.exe

O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra button: Referensinformation - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O16 - DPF: {45A0A292-ECC6-4D8F-9EA9-A4BD411D24C1} (king.com) - http://se.king.com/ctl/kingcomie.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.mail.live.com/mail/w1/resources/MSNPUpld.cab

O16 - DPF: {9478041E-CAEC-44A5-8271-B56799715926} (ColorApplication Control) - http://clients.theshining.se/colorapp/ColorAppOnline.cab

O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game03.zylom.com/activex/zylomgamesplayer.cab

O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://flashpoker.ladbrokes.com/ladbrokes/FlashAX.cab

O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} (DownloadManagerkontroll) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.1.6.cab

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccPwdSvc.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccSetMgr.exe

O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program\Symantec AntiVirus\DefWatch.exe

O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program\Intel\Wireless\Bin\EvtEng.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: PIXMA Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program\Canon\IJPLM\IJPLMSVC.EXE

O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program\Dell\QuickSet\NICCONFIGSVC.exe

O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program\Intel\Wireless\Bin\RegSrvc.exe

O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program\Intel\Wireless\Bin\S24EvMon.exe

O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program\Symantec AntiVirus\SavRoam.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\SNDSrvc.exe

O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program\Symantec AntiVirus\Rtvscan.exe

O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel® Corporation - C:\Program\Intel\Wireless\Bin\WLKeeper.exe

 

--

End of file - 10591 bytes

[/log]

 

Link to comment
Share on other sites

Kan du klistra in C:\rapport.txt också så jag får se att borttagningarna har gått bra för SmitfraudFix?

Hur uppför sig datorn nu?

 

Link to comment
Share on other sites

såhär ser det ut på smitfraud nu:

 

[log]SmitFraudFix v2.349

 

Scan done at 13:28:52.03, 2008-09-13

Run from C:\Documents and Settings\Thomas Enbom\Skrivbord\SmitfraudFix

OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT

The filesystem type is NTFS

Fix run in normal mode

 

»»»»»»»»»»»»»»»»»»»»»»»» Process

 

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\Program\Windows Defender\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Program\Intel\Wireless\Bin\EvtEng.exe

C:\Program\Intel\Wireless\Bin\S24EvMon.exe

C:\Program\Intel\Wireless\Bin\WLKeeper.exe

C:\Program\Delade filer\Symantec Shared\ccSetMgr.exe

C:\Program\Delade filer\Symantec Shared\ccEvtMgr.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program\Symantec AntiVirus\DefWatch.exe

C:\Program\Canon\IJPLM\IJPLMSVC.EXE

C:\Program\Dell\QuickSet\NICCONFIGSVC.exe

C:\Program\Intel\Wireless\Bin\RegSrvc.exe

C:\WINDOWS\system32\svchost.exe

C:\Program\Symantec AntiVirus\Rtvscan.exe

C:\WINDOWS\Explorer.EXE

C:\Program\Apoint\Apoint.exe

C:\WINDOWS\stsystra.exe

C:\Program\CyberLink\PowerDVD\DVDLauncher.exe

C:\Program\Intel\Wireless\bin\ZCfgSvc.exe

C:\Program\Intel\Wireless\Bin\ifrmewrk.exe

C:\Program\Dell\QuickSet\quickset.exe

C:\WINDOWS\System32\DLA\DLACTRLW.EXE

C:\Program\Apoint\Apntex.exe

C:\Program\Apoint\HidFind.exe

C:\Program\Delade filer\InstallShield\UpdateService\issch.exe

C:\Program\Google\Google Desktop Search\GoogleDesktop.exe

C:\Program\Delade filer\Symantec Shared\ccApp.exe

C:\Program\SYMANT~1\VPTray.exe

C:\Program\Google\Google Desktop Search\GoogleDesktopIndex.exe

C:\Program\Google\Google Desktop Search\GoogleDesktopDisplay.exe

C:\Program\Canon\MyPrinter\BJMyPrt.exe

C:\Program\Windows Defender\MSASCui.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program\Windows Live\Messenger\MsnMsgr.Exe

C:\Program\Intel\Wireless\Bin\Dot1XCfg.exe

C:\Program\Toshiba\Bluetooth Toshiba Stack\TosBtMng1.exe

C:\Program\Digital Line Detect\DLG.exe

C:\Program\internet explorer\iexplore.exe

C:\Program\Delade filer\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\Program\Symantec\LIVEUP~1\LUCOMS~1.EXE

C:\Documents and Settings\Thomas Enbom\Skrivbord\SmitfraudFix\Policies.exe

C:\WINDOWS\system32\cmd.exe

 

»»»»»»»»»»»»»»»»»»»»»»»» hosts

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Thomas Enbom

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Thomas Enbom\Application Data

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Start Menu

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\THOMAS~1\FAVORI~1

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Desktop

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\Program

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

 

 

 

»»»»»»»»»»»»»»»»»»»»»»»» IEDFix

!!!Attention, following keys are not inevitably infected!!!

 

IEDFix

Credits: Malware Analysis & Diagnostic

Code: S!Ri

 

 

 

»»»»»»»»»»»»»»»»»»»»»»»» VACFix

!!!Attention, following keys are not inevitably infected!!!

 

VACFix

Credits: Malware Analysis & Diagnostic

Code: S!Ri

 

 

»»»»»»»»»»»»»»»»»»»»»»»» 404Fix

!!!Attention, following keys are not inevitably infected!!!

 

404Fix

Credits: Malware Analysis & Diagnostic

Code: S!Ri

 

 

»»»»»»»»»»»»»»»»»»»»»»»» AntiXPVSTFix

!!!Attention, following keys are not inevitably infected!!!

 

AntiXPVSTFix

Credits: Malware Analysis & Diagnostic

Code: S!Ri

 

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler

!!!Attention, following keys are not inevitably infected!!!

 

SrchSTS.exe by S!Ri

Search SharedTaskScheduler's .dll

 

 

»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs

!!!Attention, following keys are not inevitably infected!!!

 

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Winlogon

!!!Attention, following keys are not inevitably infected!!!

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]

"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"

"System"=""

 

 

»»»»»»»»»»»»»»»»»»»»»»»» RK

 

 

 

»»»»»»»»»»»»»»»»»»»»»»»» DNS

 

Description: Intel® PRO/Wireless 3945ABG Network Connection - Miniport för paketschemaläggning

DNS Server Search Order: 195.54.122.198

DNS Server Search Order: 195.54.122.200

DNS Server Search Order: 195.54.122.199

DNS Server Search Order: 81.26.227.3

 

HKLM\SYSTEM\CCS\Services\Tcpip\..\{6578B249-55BE-4F3C-B361-8A992BA8B9B0}: DhcpNameServer=195.54.122.198 195.54.122.200 195.54.122.199 81.26.227.3

HKLM\SYSTEM\CS1\Services\Tcpip\..\{6578B249-55BE-4F3C-B361-8A992BA8B9B0}: DhcpNameServer=195.54.122.198 195.54.122.200 195.54.122.199 81.26.227.3

HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=195.54.122.198 195.54.122.200 195.54.122.199 81.26.227.3

HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=195.54.122.198 195.54.122.200 195.54.122.199 81.26.227.3

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection

 

 

»»»»»»»»»»»»»»»»»»»»»»»» End

 

[/log]

 

Link to comment
Share on other sites

Det gick bra så också, annars så skapades en C:\rapport.txt när du körde SmitfraudFix i felsäkert läge.

 

Stäng av Defender så att den inte förhindrar de ändringar som behöver göras.

 

Skanna med HijackThis och bocka för:

 

[log]O2 - BHO: CodecPlugin Class - {16DE12F1-9AD4-421F-A5CF-FB87598F3E67} - C:\WINDOWS\system32\CodecBHO.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O4 - HKLM\..\Run: [\YUR3E.exe] C:\Windows\system32\YUR3E.exe

O4 - HKLM\..\Run: [\YUR3F.exe] C:\Windows\system32\YUR3F.exe

O4 - HKLM\..\Run: [\YUR41.exe] C:\Windows\system32\YUR41.exe

O4 - HKLM\..\Run: [\YUR42.exe] C:\Windows\system32\YUR42.exe

O4 - HKLM\..\Run: [\YUR9.exe] C:\Windows\system32\YUR9.exe

O4 - HKLM\..\Run: [\YURB.exe] C:\Windows\system32\YURB.exe

O4 - HKLM\..\Run: [\YURC.exe] C:\Windows\system32\YURC.exe

O4 - HKCU\..\Run: [\YUR3E.exe] C:\Windows\system32\YUR3E.exe

O4 - HKCU\..\Run: [\YUR3F.exe] C:\Windows\system32\YUR3F.exe

O4 - HKCU\..\Run: [\YUR41.exe] C:\Windows\system32\YUR41.exe

O4 - HKCU\..\Run: [\YUR42.exe] C:\Windows\system32\YUR42.exe

O4 - HKCU\..\Run: [\YUR9.exe] C:\Windows\system32\YUR9.exe

O4 - HKCU\..\Run: [\YURB.exe] C:\Windows\system32\YURB.exe

O4 - HKCU\..\Run: [\YURC.exe] C:\Windows\system32\YURC.exe

 

Avsluta alla andra program.

Tryck Fix checked.

 

Starta om datorn i felsäkert läge (tryck F8 upprepade gånger under uppstarten och välj felsäkert läge i menyn).

 

Ställ in Utforskaren så att du kan se alla filer:

Verktyg - (Mapp)alternativ eller liknande - Visning

Välj Visa dolda filer och mappar

Avbocka Dölj filnamnstillägg för kända filtyper

Avbocka Dölj skyddade operativsystemfiler

 

Ta bort filerna (om de finns kvar):

C:\WINDOWS\system32\CodecBHO.dll

C:\Windows\system32\YUR3E.exe

C:\Windows\system32\YUR3F.exe

C:\Windows\system32\YUR41.exe

C:\Windows\system32\YUR42.exe

C:\Windows\system32\YUR9.exe

C:\Windows\system32\YURB.exe

C:\Windows\system32\YURC.exe

 

Starta om i normalt läge och kontrollera själv att ovanstående rader är borta ur en ny HijackThis-logg.

 

Allt bra nu?[/log]

 

Link to comment
Share on other sites

Jag använde aldrig Defender i XP så jag vet inte, men finns det någon ikon för Windows Defender vid klockan? I så fall så finns det kanske något lämpligt val när man högerklickar på den.

 

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.



×
×
  • Create New...