IE7 startar inte här heller

5 mars, 2009

På min bärbara med XP vill inte IE7 starta från skrivbordet, får upp meddelande om att filen iexplorer.exe inte hittas.

Har installerat om, inget resultat.

Försöker starta genom att klicka en .html fil, går inte.

Programfilen finns där den ska, allt ser bra ut men inget fungerar.

5 mars, 2009

Det har varit 4 trådar i Eforum i år där det beror på skadliga program i datorn. Vi kan se vad HijackThis visar till att börja med. Ladda ner från en av länkarna:

http://www.trendsecure.com/portal/en-US/_download/HJTInstall.exe

http://www.download.com/Trend-Micro-HijackThis/3000-8022_4-10227353.html

Installera, starta och välj "Do a system scan and save a logfile", kopiera loggen som kommer upp (inget annat).

I ditt svar bifogar du HijackThis-loggen på detta sätt:

Tryck på LOG-knappen i Besvara-fönstret

Klistra in loggen

Tryck igen på LOG-knappen nappen i Besvara-fönstret

5 mars, 2009

Och här kommer den

[log]Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 17:06:46, on 2009-03-05

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.5730.0013)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\SYSTEM32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\Program\Panda Security\Panda Antivirus Pro 2009\TPSrv.exe

C:\PROGRAM\PANDA SECURITY\PANDA ANTIVIRUS PRO 2009\WebProxy.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program\Delade filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program\Bonjour\mDNSResponder.exe

C:\WINDOWS\system32\svchost.exe

C:\Program\Panda Security\Panda Antivirus Pro 2009\PsCtrls.exe

C:\Program\Panda Security\Panda Antivirus Pro 2009\PavFnSvr.exe

C:\Program\Delade filer\Panda Security\PavShld\pavprsrv.exe

C:\Program\Panda Security\Panda Antivirus Pro 2009\PsImSvc.exe

C:\Program\Panda Security\Panda Antivirus Pro 2009\PskSvc.exe

C:\WINDOWS\SYSTEM32\Ati2evxx.exe

C:\WINDOWS\System32\snmp.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\Program\Panda Security\Panda Antivirus Pro 2009\pavsrv51.exe

C:\Program\Panda Security\Panda Antivirus Pro 2009\AVENGINE.EXE

C:\Program\Synaptics\SynTP\SynTPLpr.exe

C:\Program\Synaptics\SynTP\SynTPEnh.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program\CyberLink\PowerDVD\PDVDServ.exe

C:\Program\ATI Technologies\ATI Control Panel\atiptaxx.exe

C:\acer\epm\epm-dm.exe

C:\Program\Launch Manager\QtZgAcer.EXE

C:\Program\Microsoft IntelliPoint\point32.exe

C:\Program\EPSON\Creativity Suite\Event Manager\EEventManager.exe

C:\Program\Delade filer\ACD Systems\EN\DevDetect.exe

C:\Program\Adobe\Reader 8.0\Reader\Reader_sl.exe

C:\Program\Adobe\Acrobat 7.0\Distillr\Acrotray.exe

C:\Program\QuickTime\QTTask.exe

C:\Program\Panda Security\Panda Antivirus Pro 2009\APVXDWIN.EXE

C:\WINDOWS\system32\ctfmon.exe

C:\Program\SUPERAntiSpyware\SUPERAntiSpyware.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program\Adobe\Acrobat 7.0\Acrobat\Acrobat_sl.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://eniro.se/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157'>http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896'>http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll

O2 - BHO: D - {C6698ED7-4949-3CF8-B3A1-7CF8533B4D97} - C:\WINDOWS\system32\wtx76319.dll

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll

O4 - HKLM\..\Run: [LaunchApp] Alaunch

O4 - HKLM\..\Run: [synTPLpr] C:\Program\Synaptics\SynTP\SynTPLpr.exe

O4 - HKLM\..\Run: [synTPEnh] C:\Program\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent

O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC

O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC

O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [RemoteControl] C:\Program\CyberLink\PowerDVD\PDVDServ.exe

O4 - HKLM\..\Run: [ATIPTA] C:\Program\ATI Technologies\ATI Control Panel\atiptaxx.exe

O4 - HKLM\..\Run: [EPM-DM] c:\acer\epm\epm-dm.exe

O4 - HKLM\..\Run: [ePowerManagement] C:\Acer\ePM\ePM.exe boot

O4 - HKLM\..\Run: [LManager] C:\Program\Launch Manager\QtZgAcer.EXE

O4 - HKLM\..\Run: [intelliPoint] "C:\Program\Microsoft IntelliPoint\point32.exe"

O4 - HKLM\..\Run: [D-Link AirPlus G] C:\Program\D-Link\AirPlus G\AirGCFG.exe

O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program\ANI\ANIWZCS2 Service\WZCSLDR2.exe

O4 - HKLM\..\Run: [EEventManager] C:\Program\EPSON\Creativity Suite\Event Manager\EEventManager.exe

O4 - HKLM\..\Run: [Device Detector] DevDetect.exe -autorun

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [APVXDWIN] "C:\Program\Panda Security\Panda Antivirus Pro 2009\APVXDWIN.EXE" /s

O4 - HKLM\..\Run: [sCANINICIO] "C:\Program\Panda Security\Panda Antivirus Pro 2009\Inicio.exe"

O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program\Delade filer\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program\SUPERAntiSpyware\SUPERAntiSpyware.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJÄNST')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Startup: Adobe Gamma.lnk = C:\Program\Delade filer\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program\Microsoft Office\Office10\OSA.EXE

O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program\Delade filer\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program\Delade filer\Autodesk Shared\acstart16.exe

O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?

O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert to existing PDF - res://C:\Program\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab

O20 - Winlogon Notify: !SASWinLogon - C:\Program\SUPERAntiSpyware\SASWINLO.dll

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program\Delade filer\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program\ANI\ANIWZCS2 Service\ANIWZCSdS.exe

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program\Delade filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program\Delade filer\Autodesk Shared\Service\AdskScSrv.exe

O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program\Bonjour\mDNSResponder.exe

O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program\Delade filer\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Panda Software Controller - Panda Security, S.L. - C:\Program\Panda Security\Panda Antivirus Pro 2009\PsCtrls.exe

O23 - Service: Panda Function Service (PAVFNSVR) - Panda Security, S.L. - C:\Program\Panda Security\Panda Antivirus Pro 2009\PavFnSvr.exe

O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Security, S.L. - C:\Program\Delade filer\Panda Security\PavShld\pavprsrv.exe

O23 - Service: Panda On-Access Anti-Malware Service (PAVSRV) - Panda Security, S.L. - C:\Program\Panda Security\Panda Antivirus Pro 2009\pavsrv51.exe

O23 - Service: Panda IManager Service (PSIMSVC) - Panda Security S.L. - C:\Program\Panda Security\Panda Antivirus Pro 2009\PsImSvc.exe

O23 - Service: Panda PSK service (PskSvcRetail) - Panda Security, S.L. - C:\Program\Panda Security\Panda Antivirus Pro 2009\PskSvc.exe

O23 - Service: Panda TPSrv (TPSrv) - Panda Security, S.L. - C:\Program\Panda Security\Panda Antivirus Pro 2009\TPSrv.exe

--

End of file - 10430 bytes

[/log]

5 mars, 2009

Ladda ner Malwarebytes Anti-Malware (MBAM) från en av dessa länkar:

http://www.download.com/Malwarebytes-Anti-Malware/3000-8022_4-10804572.html

http://projects.securitywonks.net/projects/details.php?file=158

Dubbelklicka på mbam-setup för att installera programmet.

[log]Se till i slutet av installationen att det är bockar för:

Uppdatera Malwarebytes' Anti-Malware

Starta Malwarebytes' Anti-Malware

Tryck på Slutför

Om det finns någon uppdatering så kommer den att laddas ner och installeras.

När programmet startar så välj "Utför snabb skanning" och tryck på Skanna.

Skanningen tar ett tag.

När den är klar så tryck på OK och sedan "Visa resultat".

Bocka för allt och tryck sedan Ta bort markerade.

När borttagningen är klar så öppnar Anteckningar med en logg.

Eventuellt så kommer det upp en begäran om att starta om datorn (Restart). I så fall gör det.

Om det blir ett felmeddelande Error loading... efter omstarten så starta om datorn än en gång.

Om programmet inte kommer igång efter omstarten så starta det.

Om loggen inte kommer upp själv i Anteckningar så hittar du loggen på fliken Loggar i MBAM.

Kopiera loggen och klistra in den i ditt svar tillsammans med en ny HijackThis-logg. [/log]

5 mars, 2009

Då har vi nya resultat, det hittades tydligen en del.

[log]Malwarebytes' Anti-Malware 1.34

Databasversion: 1822

Windows 5.1.2600 Service Pack 3

2009-03-05 22:20:07

mbam-log-2009-03-05 (22-20-07).txt

Skanningstyp: Snabb skanning

Antal skannade objekt: 78831

Förfluten tid: 3 minute(s), 27 second(s)

Infekterade minnesprocesser: 0

Infekterade minnesmoduler: 0

Infekterade registernycklar: 6

Infekterade registervärden: 0

Infekterade registerdataposter: 0

Infekterade mappar: 0

Infekterade filer: 5

Infekterade minnesprocesser:

(Inga illasinnade poster hittades)

Infekterade minnesmoduler:

(Inga illasinnade poster hittades)

Infekterade registernycklar:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c6698ed7-4949-3cf8-b3a1-7cf8533b4d97} (Trojan.Vundo.H) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{c6698ed7-4949-3cf8-b3a1-7cf8533b4d97} (Trojan.Vundo.H) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-0000-0000-0000-100005000004} (Rogue.Installer) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\TypeLib\{76bdc20e-e0fc-3b33-9505-cb37900f473d} (Trojan.Vundo.H) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{5c9ffd2e-1820-3d32-825c-80da252e14ca} (Trojan.Vundo.H) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c6698ed7-4949-3cf8-b3a1-7cf8533b4d97} (Trojan.Vundo.H) -> Quarantined and deleted successfully.

Infekterade registervärden:

(Inga illasinnade poster hittades)

Infekterade registerdataposter:

(Inga illasinnade poster hittades)

Infekterade mappar:

(Inga illasinnade poster hittades)

Infekterade filer:

C:\WINDOWS\system32\wtx76319.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\xa765593.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\xa765859.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\tx76319.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.

C:\Program\KB51537.exe (Trojan.Agent) -> Quarantined and deleted successfully.

[/log]

Och ny Hijack

[log]Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 22:22:24, on 2009-03-05