Just nu i M3-nätverket
Jump to content

Hjälp med Antivirus XP Pro


annaben

Recommended Posts

Hej, har sett att in rekommenderat personer som drabbats att ladda ner Malwarebytes Anti-Malware. När jag försöker med detta fungerar det fram tills dess att dialogrutan för att välja språk kommer fram, då dyker det upp runt 20 pop-uprutor med felmeddelande som gör att jag inte kan klicka mig vidare. Stänger jag ett av dem så stängs alla inkl installationsfönstret. Hur kan jag komma runt detta?

Datorn fungerar knappt längre :(

 

Tacksam för all ev hjälp!

 

 

Link to comment
Share on other sites

 

[log]Vi kan se om HijackThis visar något till att börja med. Ladda ner från en av länkarna:

http://www.trendsecure.com/portal/en-US/_download/HJTInstall.exe

http://www.download.com/Trend-Micro-HijackThis/3000-8022_4-102273

53.html

Installera, starta och välj "Do a system scan and save a logfile", kopiera loggen som kommer upp (inget annat).

 

I ditt svar bifogar du HijackThis-loggen på detta sätt:

Tryck på LOG-knappen i Besvara-fönstret

Klistra in loggen

Tryck igen på LOG-knappen[/log]

 

Link to comment
Share on other sites

Kan tydligen inte ens göra det just nu, när jag klistrat in loggen och klickar på "Skapa inlägget" kommer jag till "webbsidan kan inte visas" och inget inlägg görs... Ena funktionen efter den andra kraschar.

Blir tokig!

 

Link to comment
Share on other sites

när jag klistrat in loggen och klickar på "Skapa inlägget" kommer jag till "webbsidan kan inte visas" och inget inlägg görs...
Om loggen är väldigt lång kan det bli så, pröva med en bit av loggen.

 

Link to comment
Share on other sites

Oki, testar med del 1 :)

 

[log]Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 13:19:51, on 2009-01-30

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16762)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Norman\Npm\bin\ELOGSVC.EXE

C:\Norman\Npm\Bin\Zanda.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\acs.exe

C:\Program\Delade filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program\Bonjour\mDNSResponder.exe

C:\WINDOWS\system32\svchost.exe

C:\Program\matlab\webserver\bin\win32\matlabserver.exe

C:\WINDOWS\System32\svchost.exe

c:\program\matlab\bin\win32\matlab.exe

C:\Norman\Npf\BIN\NPFSVICE.EXE

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Norman\Npm\bin\NJEEVES.EXE

C:\Norman\Nvc\BIN\NVCSCHED.EXE

C:\Norman\Nvc\bin\nvcoas.exe

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\TEMP\xxq5.tmp

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\System32\svchost.exe

C:\Program\HP\Smart Web Printing\hpswp_clipbook.exe

C:\ATI-CPanel\atiptaxx.exe

C:\WINDOWS\System32\rs32net.exe

C:\WINDOWS\system32\rundll32.exe

C:\Norman\Npm\bin\ZLH.EXE

C:\Norman\Nvc\BIN\NIP.EXE

C:\Program\Colormailer\Photo Manager\MediaDetector.exe

C:\Norman\Npf\BIN\npfmsg2.exe

C:\Norman\Nvc\bin\cclaw.exe

C:\Program\Nokia\NOKIAP~1\LAUNCH~1.EXE

C:\WINDOWS\ALCFDRTM.EXE

C:\Program\Delade filer\PCSuite\Services\ServiceLayer.exe

C:\Program\Java\jre1.6.0_05\bin\jusched.exe

C:\Program\HP\HP Software Update\HPWuSchd2.exe

C:\Program\Delade filer\Real\Update_OB\realsched.exe

C:\Program\TP-LINK\TL-WN821N 1.0\TWCU.exe

C:\Program\iTunes\iTunesHelper.exe

C:\WINDOWS\System32\rs32net.exe

C:\WINDOWS\system32\frmwrk32.exe

C:\Program\iPod\bin\iPodService.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program\3Com\3Com Wireless USB Utility\Wlan.exe

C:\WINDOWS\System32\rs32net.exe

C:\WINDOWS\TEMP\4713.tmp

C:\WINDOWS\system32\userinit.exe

C:\Program\Personal\bin\Personal.exe

C:\Program\HP\Digital Imaging\bin\hpqtra08.exe

C:\Program\HP\Digital Imaging\bin\hpqSTE08.exe

C:\WINDOWS\system32\rundll32.exe

C:\Norman\Nvc\BIN\nvcod.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program\Internet Explorer\IEXPLORE.EXE

C:\Program\HP\Smart Web Printing\hpswp_clipbook.exe

C:\WINDOWS\system32\ntdll64.exe

C:\Program\Internet Explorer\IEXPLORE.EXE

C:\Program\HP\Smart Web Printing\hpswp_clipbook.exe

C:\Program\HP\Smart Web Printing\hpswp_clipbook.exe

C:\Program\Internet Explorer\IEXPLORE.EXE

C:\WINDOWS\system32\ntdll64.exe

C:\WINDOWS\system32\ntdll64.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\ntdll64.exe

C:\Program\Microsoft Office\Office10\OUTLOOK.EXE

C:\Program\Microsoft Office\Office10\WINWORD.EXE

C:\WINDOWS\system32\ntdll64.exe

C:\WINDOWS\TEMP\4713.tmp

C:\Program\Trend Micro\HijackThis\HijackThis.exe

C:\Program\Internet Explorer\iexplore.exe[/log]

 

Link to comment
Share on other sites

Verkar funka så kommer resten...

 

[log]R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.se/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157'>http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896'>http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM\..\Run: [ATIPTA] C:\ATI-CPanel\atiptaxx.exe

O4 - HKLM\..\Run: [Norman ZANDA] C:\Norman\Npm\bin\ZLH.EXE /LOAD /SPLASH

O4 - HKLM\..\Run: [RevolteMediaDetector] C:\Program\Colormailer\Photo Manager\MediaDetector.exe

O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup

O4 - HKLM\..\Run: [AlcFDMonitor] C:\WINDOWS\ALCFDRTM.EXE

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program\Java\jre1.6.0_05\bin\jusched.exe"

O4 - HKLM\..\Run: [HP Software Update] C:\Program\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [TkBellExe] "C:\Program\Delade filer\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [TWCU] "C:\Program\TP-LINK\TL-WN821N 1.0\TWCU.exe" -nogui

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program\Delade filer\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [rs32net] C:\WINDOWS\System32\rs32net.exe

O4 - HKLM\..\Run: [Framework Windows] frmwrk32.exe

O4 - HKLM\..\Run: [20ba5bc3] rundll32.exe "C:\WINDOWS\system32\opricsxu.dll",b

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [3COM] "C:\Program\3Com\3Com Wireless USB Utility\Wlan.exe"

O4 - HKCU\..\Run: [rs32net] C:\WINDOWS\System32\rs32net.exe

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - HKUS\.DEFAULT\..\Run: [rs32net] C:\WINDOWS\System32\rs32net.exe (User 'Default user')

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: BankID säkerhetsprogram.lnk = C:\Program\Personal\bin\Personal.exe

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program\Microsoft Office\Office10\OSA.EXE

O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~4\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: HP Klippbok - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program\HP\Smart Web Printing\hpswp_extensions.dll

O9 - Extra button: HP Smart markering - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program\HP\Smart Web Printing\hpswp_extensions.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll

O10 - Unknown file in Winsock LSP: c:\docume~1\anna~1.ann\lokala~1\temp\ntdll64.dll

O10 - Unknown file in Winsock LSP: c:\docume~1\anna~1.ann\lokala~1\temp\ntdll64.dll

O15 - Trusted Zone: http://daccess-ods.un.org

O16 - DPF: {049A470D-F818-4E34-B14D-E4E237DADCF8} (CPlayFirstFashionDasControl Object) - http://download.playfirst.com/play/game/fashiondash/fashiondashweb.1.0.0.21.cab

O16 - DPF: {055B4212-4C81-448E-AFA9-C3CA4AAE8F95} (CPlayFirstDairyDashWControl Object) - http://download.playfirst.com/play/game/dairydash/DairyDashWeb.1.0.0.12.cab

O16 - DPF: {068BFA33-99F4-4BA9-887D-182386FA2931} (CPlayFirstDinerDashControl Object) - http://p.playfirst.com/play/game/spongebobdash/SpongeBobDinerDashWeb.1.0.0.17.cab

O16 - DPF: {195B4BBF-E1E4-4020-9773-0A8C6F65EA35} (CPlayFirstCookingDasControl Object) - http://download.playfirst.com/play/game/cookingdash/CookingDashWeb.1.0.0.9.cab

O16 - DPF: {230C3D02-DA27-11D2-8612-00A0C93EEA3C} (SAXFile FileUpload ActiveX Control) - http://www.fujidirekt.se/SAXFile/saxfile.cab

O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab

O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab

O16 - DPF: {61A54BB0-F380-446F-8727-9AEA23711471} (CPlayFirstWeddingDashControl Object) - http://download.playfirst.com/play/game/weddingdash/WeddingDash.1.0.0.55.cab

O16 - DPF: {6262E38D-C782-4403-A333-8E1AB70E0CAC} (CPlayFirstWeddingDasControl Object) - http://download.playfirst.com/play/game/weddingdash2/WeddingDash2Web.1.0.0.10.cab

O16 - DPF: {6715D12F-213F-4C6E-ACE1-8A363F550B96} (CPlayFirstDoggieDashControl Object) - http://download.playfirst.com/play/game/doggiedash/DoggieDash.1.0.0.9.cab

O16 - DPF: {6C7CAD20-85AA-475A-AC0D-303C4A9A69CE} (CPlayFirstGreatChocoControl Object) - http://download.playfirst.com/play/game/greatchocolatechase/greatchocolatechaseweb.1.0.0.12.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1178218034781

O16 - DPF: {88D758A3-D33B-45FD-91E3-67749B4057FA} (Sinstaller Class) - http://dm.screensavers.com/dm/installers/si/1/sinstaller.cab

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab

O16 - DPF: {9B03C5F1-F5AB-47EE-937D-A8EDA626F876} (Anonymizer Anti-Spyware Scanner) - http://download.zonelabs.com/bin/promotions/spywaredetector/WebAAS.cab

O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.0 Control) - https://ssl.extrafilm.org/upload/activex/ImageUploader3.cab

O16 - DPF: {BAE1D8DF-0B35-47E3-A1E7-EEB3FF2ECD19} (CPlayFirstddfotgControl Object) - http://p.playfirst.com/play/game/dinerdashfloonthego/ddfotg.1.0.0.32.cab

O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game11.zylomgames.com/activex/zylomgamesplayer.cab

O16 - DPF: {C36112BF-2FA3-4694-8603-3B510EA3B465} (Lycos File Upload Component) - http://f008.mail.spray.se/app/uploader/FileUploader.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-489553540000} - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab'>http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-489553540003} - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O16 - DPF: {DC75FEF6-165D-4D25-A518-C8C4BDA7BAA6} (CPlayFirstDinerDashControl Object) - http://gamenextse.oberon-media.com/online/online2/diner_dash/DinerDash.1.0.0.80.cab

O16 - DPF: {F4EBFE42-D82A-48EB-B70E-7499FFEAFF3F} (CPlayFirstDressShopHControl Object) - http://download.playfirst.com/play/game/dressshophop/DressShopHopWeb.1.0.0.7.cab

O23 - Service: TP-LINK Configuration Service (ACS) - Atheros - C:\WINDOWS\system32\acs.exe

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program\Delade filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: Bonjour-tjänst (Bonjour Service) - Apple Inc. - C:\Program\Bonjour\mDNSResponder.exe

O23 - Service: Norman eLogger service 6 (eLoggerSvc6) - Norman ASA - C:\Norman\Npm\bin\ELOGSVC.EXE

O23 - Service: FCI (fci) - Unknown owner - C:\WINDOWS\system32\svchost.exe:ext.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program\Delade filer\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program\iPod\bin\iPodService.exe

O23 - Service: MATLAB Server (matlabserver) - Unknown owner - C:\Program\matlab\webserver\bin\win32\matlabserver.exe

O23 - Service: Norman NJeeves - Unknown owner - C:\Norman\Npm\bin\NJEEVES.EXE

O23 - Service: Norman Type-R - Unknown owner - C:\Norman\Npf\BIN\NPFSVICE.EXE

O23 - Service: Norman ZANDA - Norman ASA - C:\Norman\Npm\Bin\Zanda.exe

O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\Norman\Nvc\bin\nvcoas.exe

O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman ASA - C:\Norman\Nvc\BIN\NVCSCHED.EXE

O23 - Service: ServiceLayer - Nokia. - C:\Program\Delade filer\PCSuite\Services\ServiceLayer.exe

 

--

End of file - 12768 bytes

[/log]

 

Link to comment
Share on other sites

Jag ser i Hijack-loggen att du har en gammal java-version med

säkerhetshål i din dator.Jag rekommenderar att du laddar hem

och installerar uppdaterad Java http://www.java.com/sv/

Avinstallera sedan den gamla i Kontrollpanelen Lägg till /ta bort program

 

 

 

Link to comment
Share on other sites

Skriver från en annan dator eftersom den andra kraschade i samband med körningen av combofix. Nu startar datorn om direkt efter inloggning. Förslag på åtgärd?

 

Link to comment
Share on other sites

Hej, idag verkar helt plötsligt datorn ha återhämtat sig delvis och går att komma in i igen.

Dock kvarstår vissa spår av viruset... När jag loggar in kommer meddelandefönstret med info att dataexekveringsskyddet avslutas för att skydda datorn (generic host process for win32 services) Meddelandefönstret med att datorn återställts efter ett allvarligt fel poppar upp så snart jag kommer in, klickar jag bort det så kommer det ett nytt direkt. Likadant med att Explorer stött på ett fel och måste avslutas.

 

Bakgrundsbilden med "virusvarningen" på skrivbordet är borta men lite här och var kommer det upp text om att jag måste åtgärda datorn efter virusangreppet.

 

Någon som har en tanke om nästa steg? Är just nu mest lättad över attt datorn funkar överhuvudtaget.´

 

/Anna

 

Link to comment
Share on other sites

 

[log]Ladda ner Malwarebytes Anti-Malware (MBAM) från en av dessa länkar:

http://www.download.com/Malwarebytes-Anti-Malware/3000-8022_4-108

04572.html

http://projects.securitywonks.net/projects/details.php?file=158

Dubbelklicka på mbam-setup för att installera programmet.

 

 

Se till i slutet av installationen att det är bockar för:

Uppdatera Malwarebytes' Anti-Malware

Starta Malwarebytes' Anti-Malware

Tryck på Slutför

Om det finns någon uppdatering så kommer den att laddas ner och installeras.

 

När programmet startar så välj "Utför snabb skanning" och tryck på Skanna.

Skanningen tar ett tag.

När den är klar så tryck på OK och sedan "Visa resultat".

Bocka för allt och tryck sedan Ta bort markerade.

När borttagningen är klar så öppnar Anteckningar med en logg.

 

Eventuellt så kommer det upp en begäran om att starta om datorn (Restart). I så fall gör det.

Om det blir ett felmeddelande Error loading... efter omstarten så starta om datorn än en gång.

Om programmet inte kommer igång efter omstarten så starta det.

 

Om loggen inte kommer upp själv i Anteckningar så hittar du loggen på fliken Loggar i MBAM.

Kopiera loggen och klistra in den i ditt svar. [/log]

 

Link to comment
Share on other sites

Nu fungerade Anti-Malware, försökte ett antal gånger igår utan att lyckas (se tidigare inlägg).

Här kommer logg-filen:

[log]Malwarebytes' Anti-Malware 1.33

Databasversion: 1712

Windows 5.1.2600 Service Pack 3

 

2009-01-31 12:34:43

mbam-log-2009-01-31 (12-34-43).txt

 

Skanningstyp: Snabb skanning

Antal skannade objekt: 68057

Förfluten tid: 6 minute(s), 35 second(s)

 

Infekterade minnesprocesser: 0

Infekterade minnesmoduler: 3

Infekterade registernycklar: 22

Infekterade registervärden: 4

Infekterade registerdataposter: 11

Infekterade mappar: 2

Infekterade filer: 21

 

Infekterade minnesprocesser:

(Inga illasinnade poster hittades)

 

Infekterade minnesmoduler:

C:\WINDOWS\system32\obieinak.dll (Trojan.Vundo.H) -> Delete on reboot.

C:\WINDOWS\system32\xxywVnmM.dll (Trojan.Vundo.H) -> Delete on reboot.

C:\WINDOWS\system32\pmnnLDTm.dll (Trojan.Vundo) -> Delete on reboot.

 

Infekterade registernycklar:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6cd554ae-c79f-4edd-853e-3efefd14c1c6} (Trojan.Vundo.H) -> Delete on reboot.

HKEY_CLASSES_ROOT\CLSID\{6cd554ae-c79f-4edd-853e-3efefd14c1c6} (Trojan.Vundo.H) -> Delete on reboot.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo.H) -> Delete on reboot.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\pmnnldtm (Trojan.Vundo.H) -> Delete on reboot.

HKEY_CLASSES_ROOT\CLSID\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo.H) -> Delete on reboot.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6cd554ae-c79f-4edd-853e-3efefd14c1c6} (Trojan.Vundo) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{b69a9db4-d0a1-4722-b56b-f20757a29cdf} (Adware.Agent) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ati1bfxx (Rootkit.Agent) -> Delete on reboot.

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\ati1bfxx (Rootkit.Agent) -> Delete on reboot.

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\ati1bfxx (Rootkit.Agent) -> Delete on reboot.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ati1bfxx (Rootkit.Agent) -> Delete on reboot.

HKEY_LOCAL_MACHINE\SOFTWARE\Live_TV (Adware.Agent) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\fci (Rootkit.Agent) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\fci (Rootkit.ADS) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\fci (Rootkit.ADS) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\fci (Rootkit.ADS) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\icf (Rootkit.ADS) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\instkey (Trojan.Vundo) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.

 

Infekterade registervärden:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\20ba5bc3 (Trojan.Vundo.H) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo) -> Delete on reboot.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\rs32net (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\rs32net (Trojan.Agent) -> Quarantined and deleted successfully.

 

Infekterade registerdataposter:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\xxywvnmm -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\xxywvnmm -> Delete on reboot.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.Agent) -> Data: c:\windows\system32\userinit.exe -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.Agent) -> Data: system32\userinit.exe -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop\NoChangingWallpaper (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\activedesktop\NoChangingWallpaper (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetActiveDesktop (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetActiveDesktop (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

 

Infekterade mappar:

C:\Program\Live_TV (Adware.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\All Users.WINDOWS\Application Data\Starware (Adware.Starware) -> Quarantined and deleted successfully.

 

Infekterade filer:

C:\WINDOWS\system32\xxywVnmM.dll (Trojan.Vundo.H) -> Delete on reboot.

C:\WINDOWS\system32\MmnVwyxx.ini (Trojan.Vundo.H) -> Delete on reboot.

C:\WINDOWS\system32\MmnVwyxx.ini2 (Trojan.Vundo.H) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\pmnnLDTm.dll (Trojan.Vundo.H) -> Delete on reboot.

C:\WINDOWS\system32\obieinak.dll (Trojan.Vundo.H) -> Delete on reboot.

C:\WINDOWS\system32\kanieibo.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\opricsxu.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\uxscirpo.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\ssqNDtqn.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\byXPGWmm.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\qoMfcAsT.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\WinNB55.dll (Spyware.Banker) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\drivers\ati1bfxx.sys (Rootkit.Agent) -> Delete on reboot.

C:\WINDOWS\system32\svchost.exe:ext.exe (Rootkit.ADS) -> Quarantined and deleted successfully.

C:\WINDOWS\Temp\BN2.tmp (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\Temp\BN3.tmp (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\Temp\BN4.tmp (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\Temp\BN5.tmp (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\Gäst\Lokala inställningar\temp\ntdll64.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\Documents and Settings\Anna.ANNA-6622C423B3\Lokala inställningar\Temp\ntdll64.dll (Trojan.FakeAlert) -> Delete on reboot.

C:\Documents and Settings\Gäst\Lokala inställningar\temp\mousehook.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.

[/log]

 

Datorn verkar redan piggare men fortfarande kommer fönstren med info om att datorn återställts efter ett allvarligt fel och info om dataexekveringsskyddet upp vid start och sedan igen så snart jag stänger dem.

 

Link to comment
Share on other sites

Puh, efter att datorn startat om sig själv 20 gånger vid inloggning kom jag äntligen in. Här kommer loggen:

[log]Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 13:06, on 2009-01-31

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16762)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\savedump.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Norman\Npm\bin\ELOGSVC.EXE

C:\Norman\Npm\Bin\Zanda.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\acs.exe

C:\Program\Delade filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program\Bonjour\mDNSResponder.exe

C:\WINDOWS\system32\svchost.exe

C:\Program\Java\jre6\bin\jqs.exe

C:\Program\matlab\webserver\bin\win32\matlabserver.exe

C:\WINDOWS\System32\svchost.exe

c:\program\matlab\bin\win32\matlab.exe

C:\Norman\Npf\BIN\NPFSVICE.EXE

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\wbem\wmiprvse.exe

C:\Norman\Npm\bin\NJEEVES.EXE

C:\Norman\Nvc\bin\nvcoas.exe

C:\Norman\Nvc\BIN\NVCSCHED.EXE

C:\ATI-CPanel\atiptaxx.exe

C:\Norman\Npm\bin\ZLH.EXE

C:\Program\Colormailer\Photo Manager\MediaDetector.exe

C:\Program\Nokia\NOKIAP~1\LAUNCH~1.EXE

C:\WINDOWS\ALCFDRTM.EXE

C:\Program\HP\HP Software Update\HPWuSchd2.exe

C:\Program\Delade filer\Real\Update_OB\realsched.exe

C:\Program\TP-LINK\TL-WN821N 1.0\TWCU.exe

C:\Program\iTunes\iTunesHelper.exe

C:\Program\Java\jre6\bin\jusched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program\3Com\3Com Wireless USB Utility\Wlan.exe

C:\Program\Adobe\Acrobat 7.0\Reader\reader_sl.exe

C:\Program\Personal\bin\Personal.exe

C:\Program\HP\Digital Imaging\bin\hpqtra08.exe

C:\WINDOWS\system32\dumprep.exe

C:\Norman\Nvc\BIN\NIP.EXE

C:\WINDOWS\System32\alg.exe

C:\Norman\Npf\BIN\npfmsg2.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Norman\Nvc\bin\cclaw.exe

C:\Program\Delade filer\PCSuite\Services\ServiceLayer.exe

C:\Program\iPod\bin\iPodService.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\TEMP\cgm9.tmp

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Program\Internet Explorer\IEXPLORE.EXE

C:\Program\HP\Digital Imaging\bin\hpqSTE08.exe

C:\Program\HP\Smart Web Printing\hpswp_clipbook.exe

C:\Program\Trend Micro\HijackThis\HijackThis.exe

C:\WINDOWS\system32\dwwin.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.se/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157'>http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896'>http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program\HP\Smart Web Printing\hpswp_printenhancer.dll

O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program\HP\Smart Web Printing\hpswp_framework.dll

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (file missing)

O2 - BHO: SSVHelper Class - {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program\Java\jre6\bin\ssv.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - C:\Program\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM\..\Run: [ATIPTA] C:\ATI-CPanel\atiptaxx.exe

O4 - HKLM\..\Run: [Norman ZANDA] C:\Norman\Npm\bin\ZLH.EXE /LOAD /SPLASH

O4 - HKLM\..\Run: [RevolteMediaDetector] C:\Program\Colormailer\Photo Manager\MediaDetector.exe

O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup

O4 - HKLM\..\Run: [AlcFDMonitor] C:\WINDOWS\ALCFDRTM.EXE

O4 - HKLM\..\Run: [HP Software Update] C:\Program\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [TkBellExe] "C:\Program\Delade filer\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [TWCU] "C:\Program\TP-LINK\TL-WN821N 1.0\TWCU.exe" -nogui

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [userFaultCheck] %systemroot%\system32\dumprep 0 -u

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [3COM] "C:\Program\3Com\3Com Wireless USB Utility\Wlan.exe"

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - HKUS\.DEFAULT\..\Run: [rs32net] C:\WINDOWS\System32\rs32net.exe (User 'Default user')

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: BankID säkerhetsprogram.lnk = C:\Program\Personal\bin\Personal.exe

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program\Microsoft Office\Office10\OSA.EXE

O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~4\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08b0e5c0-4fcb-11cf-aaa5-00401c608501} - C:\Program\Java\jre6\bin\jp2iexp.dll

O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08b0e5c0-4fcb-11cf-aaa5-00401c608501} - C:\Program\Java\jre6\bin\jp2iexp.dll

O9 - Extra button: HP Klippbok - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program\HP\Smart Web Printing\hpswp_extensions.dll

O9 - Extra button: HP Smart markering - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program\HP\Smart Web Printing\hpswp_extensions.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll

O11 - Options group: [java_sun] Java (Sun)

O15 - Trusted Zone: http://daccess-ods.un.org

O16 - DPF: {049A470D-F818-4E34-B14D-E4E237DADCF8} (CPlayFirstFashionDasControl Object) - http://download.playfirst.com/play/game/fashiondash/fashiondashweb.1.0.0.21.cab

O16 - DPF: {055B4212-4C81-448E-AFA9-C3CA4AAE8F95} (CPlayFirstDairyDashWControl Object) - http://download.playfirst.com/play/game/dairydash/DairyDashWeb.1.0.0.12.cab

O16 - DPF: {068BFA33-99F4-4BA9-887D-182386FA2931} (CPlayFirstDinerDashControl Object) - http://p.playfirst.com/play/game/spongebobdash/SpongeBobDinerDashWeb.1.0.0.17.cab

O16 - DPF: {195B4BBF-E1E4-4020-9773-0A8C6F65EA35} (CPlayFirstCookingDasControl Object) - http://download.playfirst.com/play/game/cookingdash/CookingDashWeb.1.0.0.9.cab

O16 - DPF: {230C3D02-DA27-11D2-8612-00A0C93EEA3C} (SAXFile FileUpload ActiveX Control) - http://www.fujidirekt.se/SAXFile/saxfile.cab

O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab

O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab

O16 - DPF: {61A54BB0-F380-446F-8727-9AEA23711471} (CPlayFirstWeddingDashControl Object) - http://download.playfirst.com/play/game/weddingdash/WeddingDash.1.0.0.55.cab

O16 - DPF: {6262E38D-C782-4403-A333-8E1AB70E0CAC} (CPlayFirstWeddingDasControl Object) - http://download.playfirst.com/play/game/weddingdash2/WeddingDash2Web.1.0.0.10.cab

O16 - DPF: {6715D12F-213F-4C6E-ACE1-8A363F550B96} (CPlayFirstDoggieDashControl Object) - http://download.playfirst.com/play/game/doggiedash/DoggieDash.1.0.0.9.cab

O16 - DPF: {6C7CAD20-85AA-475A-AC0D-303C4A9A69CE} (CPlayFirstGreatChocoControl Object) - http://download.playfirst.com/play/game/greatchocolatechase/greatchocolatechaseweb.1.0.0.12.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1178218034781

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab

O16 - DPF: {9B03C5F1-F5AB-47EE-937D-A8EDA626F876} (Anonymizer Anti-Spyware Scanner) - http://download.zonelabs.com/bin/promotions/spywaredetector/WebAAS.cab

O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.0 Control) - https://ssl.extrafilm.org/upload/activex/ImageUploader3.cab

O16 - DPF: {BAE1D8DF-0B35-47E3-A1E7-EEB3FF2ECD19} (CPlayFirstddfotgControl Object) - http://p.playfirst.com/play/game/dinerdashfloonthego/ddfotg.1.0.0.32.cab

O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game11.zylomgames.com/activex/zylomgamesplayer.cab

O16 - DPF: {C36112BF-2FA3-4694-8603-3B510EA3B465} (Lycos File Upload Component) - http://f008.mail.spray.se/app/uploader/FileUploader.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-489553540000} - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab'>http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-489553540003} - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O16 - DPF: {DC75FEF6-165D-4D25-A518-C8C4BDA7BAA6} (CPlayFirstDinerDashControl Object) - http://gamenextse.oberon-media.com/online/online2/diner_dash/DinerDash.1.0.0.80.cab

O16 - DPF: {F4EBFE42-D82A-48EB-B70E-7499FFEAFF3F} (CPlayFirstDressShopHControl Object) - http://download.playfirst.com/play/game/dressshophop/DressShopHopWeb.1.0.0.7.cab

O20 - Winlogon Notify: wdqhkt - C:\WINDOWS\SYSTEM32\wdqhkt.dll

O23 - Service: TP-LINK Configuration Service (ACS) - Atheros - C:\WINDOWS\system32\acs.exe

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program\Delade filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: Bonjour-tjänst (Bonjour Service) - Apple Inc. - C:\Program\Bonjour\mDNSResponder.exe

O23 - Service: Norman eLogger service 6 (eLoggerSvc6) - Norman ASA - C:\Norman\Npm\bin\ELOGSVC.EXE

O23 - Service: FCI (fci) - Unknown owner - C:\WINDOWS\system32\svchost.exe:ext.exe

O23 - Service: ICF (icf) - Unknown owner - C:\WINDOWS\system32\svchost.exe:ext.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program\Delade filer\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program\iPod\bin\iPodService.exe

O23 - Service: Java Quick Starter (javaquickstarterservice) - Sun Microsystems, Inc. - C:\Program\Java\jre6\bin\jqs.exe

O23 - Service: MATLAB Server (matlabserver) - Unknown owner - C:\Program\matlab\webserver\bin\win32\matlabserver.exe

O23 - Service: Norman NJeeves - Unknown owner - C:\Norman\Npm\bin\NJEEVES.EXE

O23 - Service: Norman Type-R - Unknown owner - C:\Norman\Npf\BIN\NPFSVICE.EXE

O23 - Service: Norman ZANDA - Norman ASA - C:\Norman\Npm\Bin\Zanda.exe

O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\Norman\Nvc\bin\nvcoas.exe

O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman ASA - C:\Norman\Nvc\BIN\NVCSCHED.EXE

O23 - Service: ServiceLayer - Nokia. - C:\Program\Delade filer\PCSuite\Services\ServiceLayer.exe

 

--

End of file - 12703 bytes

[/log]

 

Link to comment
Share on other sites

[log]Kopiera rader nedan en i taget i Kör fältet och klicka Ok efter varje rad

 

sc stop FCI

sc delete FCI

sc stop ICF

sc delete ICF

 

 

Scanna med Hijack bocka i följande rader stäng Web-läsaren och klicka Fix checked

 

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

O4 - HKUS\.DEFAULT\..\Run: [rs32net] C:\WINDOWS\System32\rs32net.exe (User 'Default user')

O20 - Winlogon Notify: wdqhkt - C:\WINDOWS\SYSTEM32\wdqhkt.dll

 

starta sen i felsäkert läge och ta bort om hittas

 

C:\WINDOWS\System32\rs32net.exe

C:\WINDOWS\SYSTEM32\wdqhkt.dll

C:\WINDOWS\system32\svchost.exe:ext.exe

 

Titta noga ta inte bort detta = C:\WINDOWS\system32\svchost.exe

 

och töm denna Temp mapp

 

C:\WINDOWS\TEMP\

 

starta sen normalt och en ny Hijack log.[/log]

 

[inlägget ändrat 2009-01-31 13:41:05 av Zipp.]

Link to comment
Share on other sites

Utfört enligt uppdrag, den enda fil som hittades och togs bort var wdqhkt.dll , de andra hittade jag inte.

 

Får fortfarande eddelandefönster när jag startar om datorn, den ena felrapporten innehåller texten:

EventType : BEX P1 : svchost.exe P2 : 5.1.2600.5512 P3 : 48025bc0

P4 : svchost.exe P5 : 5.1.2600.5512 P6 : 48025bc0 P7 : 00001000

P8 : c0000005 P9 : 00000008

 

Säger det nåt?

 

Här kommer Hijackloggen:

 

[log]Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 18:30, on 2009-01-31

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16762)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Norman\Npm\bin\ELOGSVC.EXE

C:\Norman\Npm\Bin\Zanda.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\acs.exe

C:\WINDOWS\Explorer.EXE

C:\Program\Delade filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program\Bonjour\mDNSResponder.exe

C:\WINDOWS\system32\svchost.exe

C:\Program\Java\jre6\bin\jqs.exe

C:\Program\matlab\webserver\bin\win32\matlabserver.exe

c:\program\matlab\bin\win32\matlab.exe

C:\WINDOWS\System32\svchost.exe

C:\ATI-CPanel\atiptaxx.exe

C:\Norman\Npm\bin\ZLH.EXE

C:\Program\Colormailer\Photo Manager\MediaDetector.exe

C:\Program\Nokia\NOKIAP~1\LAUNCH~1.EXE

C:\WINDOWS\ALCFDRTM.EXE

C:\Program\HP\HP Software Update\HPWuSchd2.exe

C:\Program\Delade filer\Real\Update_OB\realsched.exe

C:\Program\TP-LINK\TL-WN821N 1.0\TWCU.exe

C:\Program\iTunes\iTunesHelper.exe

C:\Program\Java\jre6\bin\jusched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\dumprep.exe

C:\Program\3Com\3Com Wireless USB Utility\Wlan.exe

C:\Program\Adobe\Acrobat 7.0\Reader\reader_sl.exe

C:\Program\Personal\bin\Personal.exe

C:\Program\HP\Digital Imaging\bin\hpqtra08.exe

C:\WINDOWS\system32\dumprep.exe

C:\Norman\Nvc\BIN\NIP.EXE

C:\Norman\Npf\BIN\npfmsg2.exe

C:\Norman\Npf\BIN\NPFSVICE.EXE

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Norman\Npm\bin\NJEEVES.EXE

C:\Norman\Nvc\bin\nvcoas.exe

C:\Norman\Nvc\BIN\NVCSCHED.EXE

C:\Program\Delade filer\PCSuite\Services\ServiceLayer.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Norman\Nvc\bin\cclaw.exe

C:\Program\iPod\bin\iPodService.exe

C:\WINDOWS\TEMP\fwi5.tmp

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\alg.exe

C:\Program\Internet Explorer\IEXPLORE.EXE

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program\HP\Digital Imaging\bin\hpqSTE08.exe

C:\WINDOWS\system32\dwwin.exe

C:\Program\HP\Smart Web Printing\hpswp_clipbook.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\WINDOWS\system32\rundll32.exe

C:\Program\Trend Micro\HijackThis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.se/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157'>http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896'>http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar

O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program\HP\Smart Web Printing\hpswp_printenhancer.dll

O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program\HP\Smart Web Printing\hpswp_framework.dll

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (file missing)

O2 - BHO: SSVHelper Class - {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program\Java\jre6\bin\ssv.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - C:\Program\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O4 - HKLM\..\Run: [ATIPTA] C:\ATI-CPanel\atiptaxx.exe

O4 - HKLM\..\Run: [Norman ZANDA] C:\Norman\Npm\bin\ZLH.EXE /LOAD /SPLASH

O4 - HKLM\..\Run: [RevolteMediaDetector] C:\Program\Colormailer\Photo Manager\MediaDetector.exe

O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup

O4 - HKLM\..\Run: [AlcFDMonitor] C:\WINDOWS\ALCFDRTM.EXE

O4 - HKLM\..\Run: [HP Software Update] C:\Program\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [TkBellExe] "C:\Program\Delade filer\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [TWCU] "C:\Program\TP-LINK\TL-WN821N 1.0\TWCU.exe" -nogui

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [userFaultCheck] %systemroot%\system32\dumprep 0 -u

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [3COM] "C:\Program\3Com\3Com Wireless USB Utility\Wlan.exe"

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: BankID säkerhetsprogram.lnk = C:\Program\Personal\bin\Personal.exe

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program\Microsoft Office\Office10\OSA.EXE

O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~4\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08b0e5c0-4fcb-11cf-aaa5-00401c608501} - C:\Program\Java\jre6\bin\jp2iexp.dll

O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08b0e5c0-4fcb-11cf-aaa5-00401c608501} - C:\Program\Java\jre6\bin\jp2iexp.dll

O9 - Extra button: HP Klippbok - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program\HP\Smart Web Printing\hpswp_extensions.dll

O9 - Extra button: HP Smart markering - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program\HP\Smart Web Printing\hpswp_extensions.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll

O11 - Options group: [java_sun] Java (Sun)

O15 - Trusted Zone: http://daccess-ods.un.org

O16 - DPF: {049A470D-F818-4E34-B14D-E4E237DADCF8} (CPlayFirstFashionDasControl Object) - http://download.playfirst.com/play/game/fashiondash/fashiondashweb.1.0.0.21.cab

O16 - DPF: {055B4212-4C81-448E-AFA9-C3CA4AAE8F95} (CPlayFirstDairyDashWControl Object) - http://download.playfirst.com/play/game/dairydash/DairyDashWeb.1.0.0.12.cab

O16 - DPF: {068BFA33-99F4-4BA9-887D-182386FA2931} (CPlayFirstDinerDashControl Object) - http://p.playfirst.com/play/game/spongebobdash/SpongeBobDinerDashWeb.1.0.0.17.cab

O16 - DPF: {195B4BBF-E1E4-4020-9773-0A8C6F65EA35} (CPlayFirstCookingDasControl Object) - http://download.playfirst.com/play/game/cookingdash/CookingDashWeb.1.0.0.9.cab

O16 - DPF: {230C3D02-DA27-11D2-8612-00A0C93EEA3C} (SAXFile FileUpload ActiveX Control) - http://www.fujidirekt.se/SAXFile/saxfile.cab

O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab

O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab

O16 - DPF: {61A54BB0-F380-446F-8727-9AEA23711471} (CPlayFirstWeddingDashControl Object) - http://download.playfirst.com/play/game/weddingdash/WeddingDash.1.0.0.55.cab

O16 - DPF: {6262E38D-C782-4403-A333-8E1AB70E0CAC} (CPlayFirstWeddingDasControl Object) - http://download.playfirst.com/play/game/weddingdash2/WeddingDash2Web.1.0.0.10.cab

O16 - DPF: {6715D12F-213F-4C6E-ACE1-8A363F550B96} (CPlayFirstDoggieDashControl Object) - http://download.playfirst.com/play/game/doggiedash/DoggieDash.1.0.0.9.cab

O16 - DPF: {6C7CAD20-85AA-475A-AC0D-303C4A9A69CE} (CPlayFirstGreatChocoControl Object) - http://download.playfirst.com/play/game/greatchocolatechase/greatchocolatechaseweb.1.0.0.12.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1178218034781

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab

O16 - DPF: {9B03C5F1-F5AB-47EE-937D-A8EDA626F876} (Anonymizer Anti-Spyware Scanner) - http://download.zonelabs.com/bin/promotions/spywaredetector/WebAAS.cab

O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.0 Control) - https://ssl.extrafilm.org/upload/activex/ImageUploader3.cab

O16 - DPF: {BAE1D8DF-0B35-47E3-A1E7-EEB3FF2ECD19} (CPlayFirstddfotgControl Object) - http://p.playfirst.com/play/game/dinerdashfloonthego/ddfotg.1.0.0.32.cab

O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game11.zylomgames.com/activex/zylomgamesplayer.cab

O16 - DPF: {C36112BF-2FA3-4694-8603-3B510EA3B465} (Lycos File Upload Component) - http://f008.mail.spray.se/app/uploader/FileUploader.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-489553540000} - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab'>http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-489553540003} - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O16 - DPF: {DC75FEF6-165D-4D25-A518-C8C4BDA7BAA6} (CPlayFirstDinerDashControl Object) - http://gamenextse.oberon-media.com/online/online2/diner_dash/DinerDash.1.0.0.80.cab

O16 - DPF: {F4EBFE42-D82A-48EB-B70E-7499FFEAFF3F} (CPlayFirstDressShopHControl Object) - http://download.playfirst.com/play/game/dressshophop/DressShopHopWeb.1.0.0.7.cab

O20 - Winlogon Notify: wdqhkt - C:\WINDOWS\SYSTEM32\wdqhkt.dll

O23 - Service: TP-LINK Configuration Service (ACS) - Atheros - C:\WINDOWS\system32\acs.exe

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program\Delade filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: Bonjour-tjänst (Bonjour Service) - Apple Inc. - C:\Program\Bonjour\mDNSResponder.exe

O23 - Service: Norman eLogger service 6 (eLoggerSvc6) - Norman ASA - C:\Norman\Npm\bin\ELOGSVC.EXE

O23 - Service: ICF (icf) - Unknown owner - C:\WINDOWS\system32\svchost.exe:ext.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program\Delade filer\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program\iPod\bin\iPodService.exe

O23 - Service: Java Quick Starter (javaquickstarterservice) - Sun Microsystems, Inc. - C:\Program\Java\jre6\bin\jqs.exe

O23 - Service: MATLAB Server (matlabserver) - Unknown owner - C:\Program\matlab\webserver\bin\win32\matlabserver.exe

O23 - Service: Norman NJeeves - Unknown owner - C:\Norman\Npm\bin\NJEEVES.EXE

O23 - Service: Norman Type-R - Unknown owner - C:\Norman\Npf\BIN\NPFSVICE.EXE

O23 - Service: Norman ZANDA - Norman ASA - C:\Norman\Npm\Bin\Zanda.exe

O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\Norman\Nvc\bin\nvcoas.exe

O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman ASA - C:\Norman\Nvc\BIN\NVCSCHED.EXE

O23 - Service: ServiceLayer - Nokia. - C:\Program\Delade filer\PCSuite\Services\ServiceLayer.exe

 

--

End of file - 12399 bytes[/log]

 

Link to comment
Share on other sites

 

[log]Ladda ner SDFix till Skrivbordet:

http://downloads.andymanchesta.com/RemovalTools/SDFix.exe

Dubbelklicka på SDFix.exe och en ny mapp skapas, C:\SDFix.

 

Starta om datorn i felsäkert läge (tryck F8 upprepade gånger under uppstarten och välj felsäkert läge i menyn).

 

Öppna den nya mappen C:\SDFix och dubbelklicka på RunThis.bat för att starta programmet.

Tryck OK och senare Y följt av Enter för att fortsätta.

Det arbetar ett tag och när det är klart så kommer det upp en fråga om du vill starta om datorn.

Tryck på godtycklig tangent för att omstarten ska påbörjas.

Datorn kommer att ta lång tid på sig under uppstarten eftersom programmet kommer att gå igång och fixa till en massa.

När det är klart visas Finished.

Tryck på valfri tangent för att avsluta programmet.

 

Om SDFix inte startar automatiskt efter omstarten av datorn så startar du Runthis.bat som förut men trycker F i stället för Y.

 

Om loggen inte kommer upp automatiskt så öppna mappen SDFix och öppna filen Report.txt i Anteckningar.

Klistra in innehållet i loggen i ditt svar här.[/log]

 

Link to comment
Share on other sites

Hmmm, ledsen att det tar sån tid mellan inläggen. Varje gång jag startar om datorn, startar den om sig själv sådär 20 ggr...

 

Här kommer i alla fall loggen från SDFix:

[log]

SDFix: Version 1.240

Run by Anna on 2009-01-31 at 20:22

 

Microsoft Windows XP [Version 5.1.2600]

Running From: C:\SDFix

 

Checking Services :

 

Rootkit Found :

C:\WINDOWS\system32\drivers\ATI1BFXX.sys - Rootkit Pandex/Cutwail - Protect.sys

 

Name :

FCI

ICF

ATI1BFXX

 

Path :

C:\WINDOWS\system32\svchost.exe:ext.exe

C:\WINDOWS\system32\svchost.exe:ext.exe

System32\Drivers\ati1bfxx.sys

 

FCI - Deleted

ICF - Deleted

ATI1BFXX - Deleted

 

 

 

Restoring Default Security Values

Restoring Default Hosts File

 

Rebooting

 

Service ATI1BFXX - Deleted after Reboot

 

Checking Files :

 

Trojan Files Found:

 

C:\549084~1 - Deleted

C:\WINDOWS\system32\drivers\ATI1BFXX.sys - Deleted

 

 

 

 

 

Removing Temp Files

 

ADS Check :

 

 

C:\WINDOWS\system32\svchost.exe

: ADS Found!

svchost.exe: deleted 32256 bytes in 1 streams.

 

Checking for remaining Streams

 

C:\WINDOWS\system32\svchost.exe

No streams found.[/log]

 

Link to comment
Share on other sites

 

[log]

Varje gång jag startar om datorn, startar den om sig själv sådär 20 ggr...

 

Din dator är\var väldigt infekterad bland annat med rootkit så säkrast är att formatera och installera om Windows om du har möjlighet till det[/log]

 

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.



×
×
  • Create New...