Just nu i M3-nätverket
Jump to content

Hjälp! Fått både trojan och spyware.


jabez81

Recommended Posts

hej.

jag har fått både trojan och spyware i min dator. Iaf så varnar datorn mig hela tiden om det och det poppar upp rutor om att köpa antivirus osv hela tiden.

Kan någon hjälpa mig om hur jag får bort det, snälla. Jag blir helt nervös. Vågar ju inte göra något genom datorn längre.

 

Får upp:

[log]Your system is probably infected with latest version of Spyware.CyberLog-X.

 

Type: Spyware

Infection Length: 266,129 bytes

Risk: High

Aystems Affected: Windows 95, 98, 2000, NT, 2003 Server, Windows XP, Windows Vista

Behavior: Spyware.CyberLog-X is a spyware program that monitors user activity, logs keystrokes, and tracks Web sites visited.

Symptomes: Low Internet connection speed, Low system perfomance, Security center alerts, Strange pop up windows

Protection: Click OK to donwloas antispyware software.[/log]

(allt som står är vad det stod, ink alla stavfel.)

[log]ATTENTION! If your computer is struck by the virus, you could suffer data loss, erratis PC behaviour, PC freezes and creahes.

 

Detect and remove viruses before they damage your computer!

Antivirus 2009 will perform a 100% FREE and quick scan of your computer for Viruses, Spyware and Adware.

 

Do you want to install Antivirus 2009 to scan your computer for malware now? (recommended)[/log]

Trycker jag på avbryt kommer jag till Forcedscan.

[log]Security Alert: Spyware found

Your computer is infected with last version of PSW.x-Vir trojan. PSW trojan steal your private information such as: passwords, IP-address, credit card information, registration details, documents, etc.

Click this baloon to remove PSW.x-Vir spyware.[/log]

Det är alltså en pop up förlistan längst ner till höger bredvid klockan.

 

Jag har kört med Adaware, Eset Smart Security, Spyware Doctor och Autoruns.

Har tagit bort allt jag kan, men finns fortfarande kvar.

Kan någon snälla hjälpa mig?

väldigt mycket tacksam för snabba svar.

mvh/Robin.

 

Link to comment
Share on other sites

Skicka hit en Hijack-logg så kan någon av experterna här ta en titt på

den.

http://www.spychecker.com/program/hijackthis.html

Installera,starta,välj Do a system scan and save a logfile

kopiera loggen som kommer upp

 

Du postar loggen på detta sätt:

 

Tryck på LOG-knappen i besvara-fönstret

Klistra in loggen

Tryck på LOG-knappen igen

 

Link to comment
Share on other sites

Det är alltså själva programmet som visar rutorna som är det skadliga programmet, det programmet är ute efter att få dig att betala för ett program som låtsas vara ett antivirusprogram.

 

Ladda ner Malwarebytes Anti-Malware (MBAM) från en av dessa länkar:

http://www.download.com/Malwarebytes-Anti-Malware/3000-8022_4-10804572.html

http://projects.securitywonks.net/projects/details.php?file=158

Dubbelklicka på mbam-setup.exe för att installera programmet.

 

[log]Bocka för:

Update Malwarebytes' Anti-Malware

Launch Malwarebytes' Anti-Malware

Tryck på Finish

Om det finns någon uppdatering så kommer den att laddas ner och installeras.

 

När programmet startar så välj Perform Quick Scan och tryck på Scan.

Skanningen tar ett tag.

När den är klar så tryck på OK och sedan Show Results.

Bocka för allt och tryck sedan Remove Selected.

När borttagningen är klar så öppnar Anteckningar med en logg.

 

Eventuellt så kommer det upp en begäran om att starta om datorn (Restart). I så fall gör det.

Om programmet inte kommer igång efter omstarten så starta det.

 

Om loggen inte kommer upp själv i Anteckningar så hittar du loggen på Logs-fliken i MBAM.

Kopiera loggen och klistra in den i ditt svar, gärna tillsammans med en HijackThis-logg som Brynäsarn skrev om.[/log]

 

Link to comment
Share on other sites

här är logfilen:

 

[log]Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 22:55:34, on 2008-10-19

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Applications\wcs.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\ESET\ESET Smart Security\egui.exe

C:\WINDOWS\ehome\ehtray.exe

C:\Acer\Empowering Technology\eRecovery\eRAgent.exe

C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

C:\Acer\Empowering Technology\ePower\ePower_DMC.exe

C:\PROGRA~1\LAUNCH~1\LManager.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe

C:\Program Files\Applications\wcm.exe

C:\Program Files\Spyware Doctor\pctsTray.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe

C:\Acer\Empowering Technology\ePerformance\MemCheck.exe

C:\WINDOWS\eHome\ehRecvr.exe

C:\WINDOWS\eHome\ehSched.exe

C:\Program Files\ESET\ESET Smart Security\ekrn.exe

C:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe

C:\Program Files\Spyware Doctor\pctsAuxs.exe

C:\Program Files\Spyware Doctor\pctsSvc.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\ehome\mcrdsvc.exe

C:\WINDOWS\system32\dllhost.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

C:\WINDOWS\system32\wbem\unsecapp.exe

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\eHome\ehmsas.exe

C:\Program Files\Spyware Doctor\TFEngine\TFService.exe

C:\Program Files\Spyware Doctor\pctsGui.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Documents and Settings\Robin\Desktop\HiJackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://sv.intl.acer.yahoo.com'>http://sv.intl.acer.yahoo.com

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://sv.intl.acer.yahoo.com

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://sv.intl.acer.yahoo.com/

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe

O2 - BHO: (no name) - AutorunsDisabled - (no file)

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live inloggningshjälpen - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe

O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice

O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe

O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\eRAgent.exe

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [Acer ePresentation HPD] C:\Acer\Empowering Technology\ePresentation\ePresentation.exe

O4 - HKLM\..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe

O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe

O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName

O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"

O4 - HKLM\..\Run: [iSTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"

O4 - HKLM\..\Run: [boot] C:\Acer\Empowering Technology\ePower\Boot.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKLM\..\Policies\Explorer\Run: [smile] C:\Program Files\Applications\wcs.exe

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Acer Empowering Technology.lnk = C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: HP Photosmart Premier Snabbstart.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra button: Blogga detta - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Blogga detta i Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab

O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v5.cab

O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe

O23 - Service: Memory Check Service (AcerMemUsageCheckService) - Acer Inc. - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe

O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe

O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe

O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe

O23 - Service: ThreatFire - PC Tools - C:\Program Files\Spyware Doctor\TFEngine\TFService.exe

O24 - Desktop Component AutorunsDisabled: (no name) - (no file)

 

--

End of file - 8105 bytes

[/log]

 

Tack för all hjälp.

 

Link to comment
Share on other sites

här är logfilen för Malware:

 

[log]Malwarebytes' Anti-Malware 1.29

Databasversion: 1290

Windows 5.1.2600 Service Pack 3

 

2008-10-19 23:07:08

mbam-log-2008-10-19 (23-07-08).txt

 

Skanningstyp: Snabb skanning

Antal skannade objekt: 51402

Förfluten tid: 4 minute(s), 52 second(s)

 

Infekterade minnesprocesser: 2

Infekterade minnesmoduler: 0

Infekterade registernycklar: 5

Infekterade registervärden: 4

Infekterade registerdataposter: 0

Infekterade mappar: 0

Infekterade filer: 27

 

Infekterade minnesprocesser:

C:\Program Files\Applications\wcm.exe (Trojan.Zlob) -> Unloaded process successfully.

C:\Program Files\Applications\wcs.exe (Trojan.Zlob) -> Unloaded process successfully.

 

Infekterade minnesmoduler:

(Inga illasinnade poster hittades)

 

Infekterade registernycklar:

HKEY_CLASSES_ROOT\CLSID\{be1a344f-9ff5-4024-949b-52205e6db2d0} (Trojan.Zlob) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{144a6b24-0ebc-4d89-bf09-a06a718e57b5} (Trojan.Zlob) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IEBrowse Tool (Trojan.Zlob) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IExplorer Bar (Trojan.Zlob) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\multimediaControls.chl (Trojan.Zlob) -> Quarantined and deleted successfully.

 

Infekterade registervärden:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\smile (Trojan.Zlob) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow\*.securewebinfo.com (Trojan.Zlob) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow\*.safetyincludes.com (Trojan.Zlob) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow\*.securemanaging.com (Trojan.Zlob) -> Quarantined and deleted successfully.

 

Infekterade registerdataposter:

(Inga illasinnade poster hittades)

 

Infekterade mappar:

(Inga illasinnade poster hittades)

 

Infekterade filer:

C:\Program Files\Applications\iebt.dll (Trojan.Zlob) -> Quarantined and deleted successfully.

C:\Program Files\Applications\iebr.dll (Trojan.Zlob) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\tdsspopup1.url (Malware.Trace) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\tdsspopup2.url (Malware.Trace) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\tdsspopup3.url (Malware.Trace) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\casino1.ico (Malware.Trace) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\casino2.ico (Malware.Trace) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\casino3.ico (Malware.Trace) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\tdssservers.dat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Program Files\Applications\iebtu.exe (Trojan.Zlob) -> Quarantined and deleted successfully.

C:\Program Files\Applications\iebu.exe (Trojan.Zlob) -> Quarantined and deleted successfully.

C:\Program Files\Applications\myd.ico (Trojan.Zlob) -> Quarantined and deleted successfully.

C:\Program Files\Applications\mym.ico (Trojan.Zlob) -> Quarantined and deleted successfully.

C:\Program Files\Applications\myp.ico (Trojan.Zlob) -> Quarantined and deleted successfully.

C:\Program Files\Applications\myv.ico (Trojan.Zlob) -> Quarantined and deleted successfully.

C:\Program Files\Applications\ot.ico (Trojan.Zlob) -> Quarantined and deleted successfully.

C:\Program Files\Applications\ts.ico (Trojan.Zlob) -> Quarantined and deleted successfully.

C:\Program Files\Applications\wcm.exe (Trojan.Zlob) -> Quarantined and deleted successfully.

C:\Program Files\Applications\wcs.exe (Trojan.Zlob) -> Quarantined and deleted successfully.

C:\Program Files\Applications\wcu.exe (Trojan.Zlob) -> Quarantined and deleted successfully.

C:\Documents and Settings\Robin\My Documents\My Music\My Music.url (Trojan.Zlob) -> Quarantined and deleted successfully.

C:\Documents and Settings\Robin\My Documents\My Pictures\My Pictures.url (Trojan.Zlob) -> Quarantined and deleted successfully.

C:\Documents and Settings\Robin\My Documents\My Videos\My Video.url (Trojan.Zlob) -> Quarantined and deleted successfully.

C:\Documents and Settings\Robin\My Documents\My Documents.url (Trojan.Zlob) -> Quarantined and deleted successfully.

C:\Documents and Settings\All Users\Start Menu\Antivirus Scan.url (Trojan.Zlob) -> Quarantined and deleted successfully.

C:\Documents and Settings\All Users\Start Menu\Online Spyware Test.url (Trojan.Zlob) -> Quarantined and deleted successfully.

C:\Documents and Settings\Robin\Favorites\Antivirus Scan.url (Rogue.Link) -> Quarantined and deleted successfully.

[/log]

 

tack så mycket för all hjälp jag får.

 

Link to comment
Share on other sites

Ah, visst. Tänkte på det men glömde bort. Här kommer den:

 

[log]Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 23:45:50, on 2008-10-19

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\ESET\ESET Smart Security\egui.exe

C:\WINDOWS\ehome\ehtray.exe

C:\Acer\Empowering Technology\eRecovery\eRAgent.exe

C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

C:\Acer\Empowering Technology\ePower\ePower_DMC.exe

C:\PROGRA~1\LAUNCH~1\LManager.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe

C:\Program Files\Spyware Doctor\pctsTray.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe

C:\Acer\Empowering Technology\ePerformance\MemCheck.exe

C:\WINDOWS\eHome\ehRecvr.exe

C:\WINDOWS\eHome\ehSched.exe

C:\Program Files\ESET\ESET Smart Security\ekrn.exe

C:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe

C:\Program Files\Spyware Doctor\pctsAuxs.exe

C:\Program Files\Spyware Doctor\pctsSvc.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\ehome\mcrdsvc.exe

C:\WINDOWS\system32\dllhost.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

C:\WINDOWS\system32\wbem\unsecapp.exe

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\eHome\ehmsas.exe

C:\Program Files\Spyware Doctor\TFEngine\TFService.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Documents and Settings\Robin\Desktop\HiJackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://sv.intl.acer.yahoo.com'>http://sv.intl.acer.yahoo.com

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://sv.intl.acer.yahoo.com

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://sv.intl.acer.yahoo.com/

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe

O2 - BHO: (no name) - AutorunsDisabled - (no file)

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live inloggningshjälpen - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe

O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice

O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe

O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\eRAgent.exe

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [Acer ePresentation HPD] C:\Acer\Empowering Technology\ePresentation\ePresentation.exe

O4 - HKLM\..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe

O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe

O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName

O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"

O4 - HKLM\..\Run: [iSTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"

O4 - HKLM\..\Run: [boot] C:\Acer\Empowering Technology\ePower\Boot.exe

O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Acer Empowering Technology.lnk = C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: HP Photosmart Premier Snabbstart.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra button: Blogga detta - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Blogga detta i Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab

O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v5.cab

O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe

O23 - Service: Memory Check Service (AcerMemUsageCheckService) - Acer Inc. - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe

O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe

O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe

O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe

O23 - Service: ThreatFire - PC Tools - C:\Program Files\Spyware Doctor\TFEngine\TFService.exe

O24 - Desktop Component AutorunsDisabled: (no name) - (no file)

 

--

End of file - 8110 bytes

[/log]

 

/Jabez

 

Link to comment
Share on other sites

Skanna med HijackThis och bocka för:

 

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe

O2 - BHO: (no name) - AutorunsDisabled - (no file)

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O24 - Desktop Component AutorunsDisabled: (no name) - (no file)

 

Avsluta alla andra program.

Tryck Fix checked.

 

Starta om datorn.

 

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

Kan du läsa om på

http://www.bleepingcomputer.com/startups/alcmtr-240.html

 

Hur fungerar datorn nu?

 

Link to comment
Share on other sites

jo. det är mycket lugnt nu. =) inga popup eller några varningar längre. =)

men kollade med hijackthis igen efter omstarten och sista är fortfarande kvar. alltså:

 

O24 - Desktop Component AutorunsDisabled: (no name) - (no file)

 

men de funkar bra nu. =)

tackar så otroligt mycket för hjälpen. då vågar man kolla runt igen då. =)

Vad är det mer än lösenord jag borde tänka på att ändra nu? Tänkte mest på IP adressen. Eller är det något annat som bör fixas så att andra inte får tag i de eller så?

 

åter igen. så otroligt lättad och tacksam för hjälpen. =)

MVH/Robin

 

Link to comment
Share on other sites

O24-raden är inte skadlig men inte normal, jag har kollat på många webbsidor men inte sett till något som tar bort den. Möjligen att det har något med någon inställning på

Kontrollpanelen - Bildskärm - Skrivbord - Anpassa skrivbordet - Webb

att göra. Jag ser att du har ett program som heter Autoruns, det kanske är en inställning i det programmet.

 

Du kan ta bort samtliga systemåterställningspunkter genom att stänga av systemåterställningsfunktionen, starta om datorn och så slå på funktionen igen. Skapa sedan en ny punkt.

Systemåterställningsfunktionen slår man av och på här:

Högerklick på Den här datorn - Egenskaper - Systemåterställning

 

Här kan du läsa mina vanliga råd för en säkrare dator, men det är så klart viktigt att man använder sitt förnuft också.

http://ceblstockholm.googlepages.com/home

 

 

Link to comment
Share on other sites

har även samma problem med denna datorn så jag gör samma som ni bad mig om på förra.

 

[log]Malwarebytes' Anti-Malware 1.29

Databasversion: 1298

Windows 6.0.6001 Service Pack 1

 

2005-01-04 20:53:30

mbam-log-2005-01-04 (20-53-30).txt

 

Skanningstyp: Snabb skanning

Antal skannade objekt: 39394

Förfluten tid: 3 minute(s), 15 second(s)

 

Infekterade minnesprocesser: 0

Infekterade minnesmoduler: 0

Infekterade registernycklar: 0

Infekterade registervärden: 0

Infekterade registerdataposter: 0

Infekterade mappar: 0

Infekterade filer: 2

 

Infekterade minnesprocesser:

(Inga illasinnade poster hittades)

 

Infekterade minnesmoduler:

(Inga illasinnade poster hittades)

 

Infekterade registernycklar:

(Inga illasinnade poster hittades)

 

Infekterade registervärden:

(Inga illasinnade poster hittades)

 

Infekterade registerdataposter:

(Inga illasinnade poster hittades)

 

Infekterade mappar:

(Inga illasinnade poster hittades)

 

Infekterade filer:

C:\ProgramData\Microsoft\Windows\Start Menu\Antivirus Scan.url (Trojan.Zlob) -> Quarantined and deleted successfully.

C:\ProgramData\Microsoft\Windows\Start Menu\Online Spyware Test.url (Trojan.Zlob) -> Quarantined and deleted successfully.

[/log]

 

[log]Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 20:54:51, on 2005-01-04

Platform: Windows Vista SP1 (WinNT 6.00.1905)

MSIE: Internet Explorer v7.00 (7.00.6001.18000)

Boot mode: Safe mode with network support

 

Running processes:

C:\Windows\Explorer.EXE

C:\Windows\helppane.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe

C:\Windows\system32\NOTEPAD.EXE

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157'>http://go.microsoft.com/fwlink/?LinkId=69157'>http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896'>http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O1 - Hosts: ::1 localhost

O1 - Hosts: 127.255.255.255 serial.alcohol-soft.com

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE

O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"

O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" /r

O4 - HKLM\..\Run: [updReg] C:\Windows\UpdReg.EXE

O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice

O4 - HKLM\..\Run: [ASUSGamerOSD] C:\Program Files\ASUS\GamerOSD\GamerOSD.exe

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s

O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [CreativeTaskScheduler] "C:\Program Files\Creative\Shared Files\CTSched.exe" /logon

O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount

O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\Program Files\Mozilla Firefox\plugins\NPSWF32_FlashUtil.exe -p

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKAL TJÄNST')

O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKAL TJÄNST')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NÄTVERKSTJÄNST')

O4 - HKUS\S-1-5-18\..\Run: [DevconDefaultDB] C:\Windows\system32\READREG /SILENT /FAIL=1 (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [DevconDefaultDB] C:\Windows\system32\READREG /SILENT /FAIL=1 (User 'Default user')

O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe

O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O13 - Gopher Prefix:

O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v5.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/softwareupdate/su2/ocx/15103/CTPID.cab

O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll

O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe

O23 - Service: ATK Fast User Switch Service (ATKFUSService) - ASUSTeK COMPUTER INC. - C:\Windows\system32\ATKFUSService.exe

O23 - Service: Creative ALchemy AL1 Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\AL1Licensing.exe

O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe

O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe

O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe

O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe

O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe

O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe

O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

 

--

End of file - 6098 bytes

[/log]

 

tacksam för hjälpen.

mvh/Robin.

 

Link to comment
Share on other sites

Menar du att det är en massa popups på datorn? För det enda som MBAM hittade var ju två länkar i startmenyn och jag ser inget mer i HijackThis-loggen.

 

Går det inte att köra datorn i normalt läge?

 

Link to comment
Share on other sites

tror inte det funkar att köra den i normalläge. har alltid hakat upp sig och stängts av då. om jag kommit in har jag fått massa popup och varningar sen stängs datorn. nu är jag i felsäkertläge.

 

Link to comment
Share on other sites

Ett tips! Använd alltid Malwarebytes så fort du fått virus och vill skanna datorn. Tycker personligen att det är en av de kraftigaste verktygen för virusborttagning om man ser till gratisalternativen.

 

Link to comment
Share on other sites

Enligt HijackThis-loggen så ser det ut som att MBAM kommer att starta automatiskt när datorn startas om i normalt läge. Det är möjligt att MBAM kan hitta mer då.

 

Hur länge har det varit problem med datorn?

 

Link to comment
Share on other sites

Använd alltid Malwarebytes så fort du fått virus
MBAM hjälper inte mot virus eftersom det inte är ett antivirusprogram, utan det hjälper mot vissa vanliga annons- och spionprogram.

 

Link to comment
Share on other sites

ja, jag har ju inte kunnat få igång datorn på 3 dagar nu så. Innan det fick jag massa spyware och trojan bara två dagar innan och sen typ dog datorn.

Folk säger att jag måste köpa nytt nätagg oxå för att det skulle kunna vara därför datorn inte startar (att jag har inte tillräckligt med W). kan det stämma och vet du något sätt jag kan kolla om mitt nätagg inte klarar mer?

 

Link to comment
Share on other sites

Hur långt kommer uppstarten till normalt läge? På vilket sätt dör den?

 

Ladda ner ComboFix till Skrivbordet:

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

 

Dra ur internetanslutningen och stäng av alla program du ser inklusive antivirusprogram, antispionprogram och brandvägg, alternativt starta om datorn i felsäkert läge.

Kör ComboFix och följ anvisningarna som visas.

När ComboFix vill att datorn ska startas om så försök starta den i normalt läge.

 

VIKTIGT! Klicka inte på ComboFix-fönstret med musen när den körs annars kan den hänga upp sig.

 

När den är färdig så ska en logg komma upp, bifoga den till ditt svar. Om den inte kommer upp så finns den som C:\ComboFix.txt.

 

Om du får problem med att komma ut på internet:

Kontrollpanelen - Nätverksanslutningar

högerklicka på din internetanslutning och välj Reparera och/eller starta om datorn.

 

Varning! ComboFix förhindrar automatisk körning av CD, disketter och USB-enheter för att göra det lättare att rensa datorn och skydda datorn mot infektioner i framtiden. Det kan bli problem t ex om datorn har internet via ett USB-modem eller USB-nätverkskort. Säg då till i stället för att köra ComboFix.

 

Link to comment
Share on other sites

trodde inte detta skulle gå.. =)

 

[log]ComboFix 08-10-19.04 - robinov 2008-10-20 20:39:59.1 - NTFSx86 NETWORK

Microsoft® Windows Vista™ Ultimate 6.0.6001.1.1252.1.1053.18.2548 [GMT 2:00]

Running from: C:\Users\robinov\Desktop\ComboFix.exe

.

 

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\Users\robinov\Documents\My Documents.url

 

.

((((((((((((((((((((((((( Files Created from 2008-09-20 to 2008-10-20 )))))))))))))))))))))))))))))))

.

 

No new files created in this timespan

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-10-16 19:25 38,496 ----a-w C:\Windows\system32\drivers\mbamswissarmy.sys

2008-10-16 19:25 15,504 ----a-w C:\Windows\system32\drivers\mbam.sys

2008-10-15 14:41 --------- d-----w C:\ProgramData\Spybot - Search & Destroy

2008-10-15 14:32 --------- d-----w C:\ProgramData\Fighters

2008-10-15 14:23 --------- d-----w C:\Program Files\Applications

2008-10-15 13:41 --------- d-----w C:\ProgramData\Blizzard

2008-10-15 02:58 --------- d-----w C:\Program Files\Lavasoft

2008-10-15 02:57 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard

2008-10-12 18:45 --------- d--h--w C:\Program Files\InstallShield Installation Information

2008-10-08 16:23 --------- d-----w C:\Program Files\Curse

2008-10-05 14:17 --------- d-----w C:\Program Files\Common Files\Blizzard Entertainment

2008-10-04 14:40 --------- d-----w C:\Users\robinov\AppData\Roaming\uTorrent

2008-10-02 15:06 --------- d-----w C:\Program Files\uTorrent

2008-09-28 21:32 --------- d-----w C:\Program Files\SlySoft

2008-09-28 21:12 107,888 ----a-w C:\Windows\System32\CmdLineExt.dll

2008-09-28 19:21 --------- d-----w C:\Program Files\EA GAMES

2008-09-28 14:09 --------- d-----w C:\Program Files\Alcohol Soft

2008-09-28 09:25 --------- d-----w C:\ProgramData\NVIDIA

2008-09-28 09:17 --------- d-----w C:\Program Files\AGEIA Technologies

2008-09-27 20:23 --------- d-----w C:\Program Files\MSN Messenger

2008-09-27 18:09 174 --sha-w C:\Program Files\desktop.ini

2008-09-27 17:57 --------- d-----w C:\Program Files\Windows Sidebar

2008-09-27 17:57 --------- d-----w C:\Program Files\Windows Photo Gallery

2008-09-27 17:57 --------- d-----w C:\Program Files\Windows Mail

2008-09-27 17:57 --------- d-----w C:\Program Files\Windows Defender

2008-09-27 17:57 --------- d-----w C:\Program Files\Windows Calendar

2008-09-27 17:21 82,432 ----a-w C:\Windows\System32\axaltocm.dll

2008-09-27 17:21 101,888 ----a-w C:\Windows\System32\ifxcardm.dll

2008-09-27 10:58 --------- d-----w C:\Program Files\9Dragons

2008-09-16 19:27 453,152 ----a-w C:\Windows\System32\nvuninst.exe

2008-09-04 07:31 288,024 ----a-w C:\Windows\System32\PhysXCplUI.exe

2008-08-29 06:57 70,936 ----a-w C:\Windows\System32\PhysXLoader.dll

2008-08-22 15:25 --------- d-----w C:\Program Files\DAEMON Tools Lite

2008-08-02 03:26 36,864 ----a-w C:\Windows\System32\cdd.dll

2008-07-31 03:32 460,288 ----a-w C:\Windows\AppPatch\AcSpecfc.dll

2008-07-31 03:32 28,160 ----a-w C:\Windows\System32\Apphlpdm.dll

2008-07-31 03:32 2,154,496 ----a-w C:\Windows\AppPatch\AcGenral.dll

2008-07-31 03:32 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll

2008-07-31 01:13 4,240,384 ----a-w C:\Windows\System32\GameUXLegacyGDFs.dll

2005-01-04 19:46 0 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

2005-01-04 19:46 0 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

.

 

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]

"CreativeTaskScheduler"="C:\Program Files\Creative\Shared Files\CTSched.exe" [2006-11-17 53341]

"AlcoholAutomount"="C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" [2008-10-03 4608]

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

"FlashPlayerUpdate"="C:\Program Files\Mozilla Firefox\plugins\NPSWF32_FlashUtil.exe" [2008-03-24 218496]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"LVCOMS"="C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE" [2002-12-10 127022]

"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-10 49152]

"LogitechCommunicationsManager"="C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-10-25 563984]

"VolPanel"="C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" [2006-12-06 180224]

"UpdReg"="C:\Windows\UpdReg.EXE" [2000-05-11 90112]

"egui"="C:\Program Files\ESET\ESET Smart Security\egui.exe" [2008-07-01 1447168]

"ASUSGamerOSD"="C:\Program Files\ASUS\GamerOSD\GamerOSD.exe" [2007-07-23 380928]

"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2008-09-17 13580832]

"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2008-09-17 92704]

"CloneCDTray"="C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" [2005-05-19 57344]

"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 C:\Windows\KHALMNPR.Exe]

"SoundMan"="SOUNDMAN.EXE" [2006-03-02 C:\Windows\SOUNDMAN.EXE]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

"GrpConv"="grpconv -o" [X]

"Malwarebytes' Anti-Malware"="C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" [2008-10-16 398992]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"DevconDefaultDB"="C:\Windows\system32\READREG" [X]

 

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartupLogitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2008-03-09 67128]

Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2008-07-31 805392]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]

"EnableFirewall"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]

"{6511BC7C-159D-4D64-A5BD-231077C161D3}"= C:\Program Files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)

"TCP Query User{D63FAA02-831B-4220-A515-7179E1911BEC}C:\\program files\\utorrent\\utorrent.exe"= UDP:C:\program files\utorrent\utorrent.exe:uTorrent

"UDP Query User{AA33BBD8-3374-4E63-909A-ED9D2CF8CFA5}C:\\program files\\utorrent\\utorrent.exe"= TCP:C:\program files\utorrent\utorrent.exe:uTorrent

"TCP Query User{2EF7CA39-2224-44EA-BC98-F446A0073DFC}C:\\world of warcraft\\wow-2.1.0-engb-downloader.exe"= UDP:C:\world of warcraft\wow-2.1.0-engb-downloader.exe:Blizzard Downloader

"UDP Query User{1F7418DD-B1BD-4258-9F47-2BC2E0F9793C}C:\\world of warcraft\\wow-2.1.0-engb-downloader.exe"= TCP:C:\world of warcraft\wow-2.1.0-engb-downloader.exe:Blizzard Downloader

"TCP Query User{B0C09163-0F12-4F70-B70C-6EB0B599EAEB}C:\\world of warcraft\\repair.exe"= UDP:C:\world of warcraft\repair.exe:Blizzard Repair Utility

"UDP Query User{1867A263-41EA-4D79-89CD-E8F4533575C4}C:\\world of warcraft\\repair.exe"= TCP:C:\world of warcraft\repair.exe:Blizzard Repair Utility

"{BB69F27F-1D08-4AA9-A670-5C7B1BFD693E}"= UDP:C:\World of Warcraft\BackgroundDownloader.exe:Blizzard Downloader

"{C079B934-C26A-4483-979E-CF4046A75B98}"= TCP:C:\World of Warcraft\BackgroundDownloader.exe:Blizzard Downloader

"{597FD8E5-35EF-4E42-A3A1-4836F3CC62D3}"= UDP:3724:Blizzard Downloader: 3724

"{B9895B12-7805-451A-9518-718EB20C3741}"= UDP:C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger

"{03D398A3-658F-42E4-B9C9-CCE53C55B3E9}"= TCP:C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger

"{C520D773-567E-49C5-9131-76D0EE9E6326}"= UDP:C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger

"{FFB2B63B-6985-4FC1-A85F-58FA78385A20}"= TCP:C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger

"{CAFBB5F7-0944-47F3-8211-35D3C348FAAA}"= C:\Program Files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)

"{8CF8803E-0DFA-41CA-94A7-C143F4A9290B}"= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent (TCP-In)

"{447D7968-FAC8-42AD-BCEA-F0FDF8A65F52}"= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent (UDP-In)

"{F5C6AF92-616D-4464-B4D8-0DC5700C5548}"= UDP:B:\utorrent.exe:µTorrent (TCP-In)

"{13370E20-7008-4000-958A-659A7D90CA0A}"= TCP:B:\utorrent.exe:µTorrent (UDP-In)

"{BADDDA10-9614-4241-B9D2-B56F8A2CA94B}"= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent (TCP-In)

"{4924F482-C4A8-4444-B260-A31BD77E4DC7}"= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent (UDP-In)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]

"EnableFirewall"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]

"EnableFirewall"= 0 (0x0)

 

S2 ATKFUSService;ATK Fast User Switch Service;C:\Windows\system32\ATKFUSService.exe [2007-07-23 67072]

S3 Alpham;Ideazon Merc Composite Keyboard Driver;C:\Windows\system32\DRIVERS\Alpham.sys [2006-03-12 37248]

S3 Alpham1;Ideazon Merc USB Human Interface Device;C:\Windows\system32\DRIVERS\Alpham1.sys [2007-07-23 42624]

S3 Alpham2;Ideazon Merc MM USB Human Interface Device;C:\Windows\system32\DRIVERS\Alpham2.sys [2007-03-20 18432]

S3 asusgsb;ASUS Virtual Video Capture Device Driver;C:\Windows\system32\drivers\asusgsb.sys [2007-07-23 13696]

S3 atikmdag;atikmdag;C:\Windows\system32\DRIVERS\atikmdag.sys [2007-06-27 2770432]

S3 atkdisplf;ASUS Kernel Mode Enhanced Driver;C:\Windows\system32\drivers\ATKDispLowFilter.sys [2007-07-23 30848]

S3 Creative ALchemy AL1 Licensing Service;Creative ALchemy AL1 Licensing Service;C:\Program Files\Common Files\Creative Labs Shared\Service\AL1Licensing.exe [2008-05-22 79360]

S3 ha20x2k;Creative 20X HAL Driver;C:\Windows\system32\drivers\ha20x2k.sys [2008-07-15 1173016]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3da3ada1-6769-11dc-ae1c-806e6f6e6963}]

\shell\AutoRun\command - F:\Installer.exe

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a5da55f9-8d62-11dd-b35e-0015f22a6f26}]

\shell\AutoRun\command - J:\Autorun.exe

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a5da5602-8d62-11dd-b35e-0015f22a6f26}]

\shell\AutoRun\command - K:\Autorun.exe

.

- - - - ORPHANS REMOVED - - - -

 

HKLM-Run-NWEReboot - (no file)

HKLM-RunOnce-<NO NAME> - (no file)

 

 

.

------- Supplementary Scan -------

.

FireFox -: Profile - C:\Users\robinov\AppData\Roaming\Mozilla\Firefox\Profiles\esui3muk.defaultFireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.leta.se/#

.

 

**************************************************************************

 

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-10-20 20:45:44

Windows 6.0.6001 Service Pack 1 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

.

Completion time: 2008-10-20 20:50:53

ComboFix-quarantined-files.txt 2008-10-20 18:50:51

 

Pre-Run: Det går inte att hitta meddelandetexten för meddelandenumret 0x2379 i meddelandefilen för Application.

Post-Run: 31,025,352,704 byte ledigt

 

161 --- E O F --- 2008-10-03 12:06:11

[/log]

 

har loggat in i normalt läge.

tänkte skicka en hijackthis fil oxå nu när jag ändå e på g.

 

[log]Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 21:01:50, on 2008-10-20

Platform: Windows Vista SP1 (WinNT 6.00.1905)

MSIE: Internet Explorer v7.00 (7.00.6001.18000)

Boot mode: Normal

 

Running processes:

C:\Program Files\ASUS\GamerOSD\ATKFastUserSwitching.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe

C:\Program Files\Common Files\Logitech\QCDriver3\LVComS.exe

C:\Program Files\HP\HP Software Update\hpwuSchd2.exe

C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe

C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe

C:\Program Files\ESET\ESET Smart Security\egui.exe

C:\Program Files\ASUS\GamerOSD\GamerOSD.exe

C:\Windows\SOUNDMAN.EXE

C:\Windows\System32\rundll32.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\Creative\Shared Files\CTSched.exe

C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

C:\Program Files\Logitech\SetPoint\SetPoint.exe

C:\Windows\System32\CTxfispi.exe

C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Creative\Shared Files\Software Update\AutoUpdate.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\wuauclt.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157'>http://go.microsoft.com/fwlink/?LinkId=69157'>http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896'>http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O1 - Hosts: ::1 localhost

O1 - Hosts: 127.255.255.255 serial.alcohol-soft.com

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE

O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"

O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" /r

O4 - HKLM\..\Run: [updReg] C:\Windows\UpdReg.EXE

O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice

O4 - HKLM\..\Run: [ASUSGamerOSD] C:\Program Files\ASUS\GamerOSD\GamerOSD.exe

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [CreativeTaskScheduler] "C:\Program Files\Creative\Shared Files\CTSched.exe" /logon

O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount

O4 - HKCU\..\Run: [Creative Software Update] "C:\Program Files\Creative\Shared Files\Software Update\AutoUpdate.exe" /Silent

O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\Program Files\Mozilla Firefox\plugins\NPSWF32_FlashUtil.exe -p

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKAL TJÄNST')

O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKAL TJÄNST')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NÄTVERKSTJÄNST')

O4 - HKUS\S-1-5-18\..\Run: [DevconDefaultDB] C:\Windows\system32\READREG /SILENT /FAIL=1 (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [DevconDefaultDB] C:\Windows\system32\READREG /SILENT /FAIL=1 (User 'Default user')

O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe

O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O13 - Gopher Prefix:

O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v5.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/softwareupdate/su2/ocx/15103/CTPID.cab

O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll

O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe

O23 - Service: ATK Fast User Switch Service (ATKFUSService) - ASUSTeK COMPUTER INC. - C:\Windows\system32\ATKFUSService.exe

O23 - Service: Creative ALchemy AL1 Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\AL1Licensing.exe

O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe

O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe

O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe

O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe

O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe

O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe

O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

 

--

End of file - 6891 bytes

[/log]

 

tack

 

Link to comment
Share on other sites

Allt verkar fungera jätte bra i datorn nu. jag är bara otroligt orolig för att datorn ska hänga sig och "dö" igen. om det nu är nätagget det är fel på oxå.

men du ska ha jätte stort tack. :thumbsup:

mvh/Robin

 

Link to comment
Share on other sites

Det låter bra och jag ser inget skadligt i loggarna. :thumbsup:

Tack för poäng! :)

 

Men du behöver se över säkerheten i datorn, det ser inte ens ut som att Windows-brandväggen är igång. Här kan du läsa mina vanliga råd för en säkrare dator, men det är så klart viktigt att man använder sitt förnuft också.

http://ceblstockholm.googlepages.com/home

I Vista så är UAC (User Access Control) ett väldigt bra skydd mot att skadliga program installeras utan ditt medgivande så sätt på den om du har slagit av UAC.

 

På vilket sätt hängde den sig och dog förut och när?

 

Link to comment
Share on other sites

har aldrig hört talar om UAC faktiskt.

 

Datorn hängde sig när jag fått en massa spyware och varningar. Den liksom bara frös. allt stod still och kunde inte flytta markören eller använda tangentbordet. Hela datorn blev tyst förutom fläktarna. Alltså man hörde att den inte jobbade mera. Klockan stod stilla oxå.

Det e nog allt jag kan komma på just nu.

 

Link to comment
Share on other sites

Okej, det låter som att det var något i infektionen som fick Windows att krascha så man kan inte dra slutsatsen att nätaggregatet är dåligt bara för det.

 

Kontrollpanelen - Säkerhetscenter

Kontrollera under Andra säkerhetsinställningar att Kontroll av användarkonto är På.

 

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.



×
×
  • Create New...