Just nu i M3-nätverket
Jump to content

Virus?


mumsan

Recommended Posts

Hej!

Jag funderar om jag har virus i datorn fortfarande.

Hade virus tidigare men fick bort det,men min dator är fortfarande seg och knepig.

Funderar om det kan vara mer virus som inte mitt virus program kan hitta.

Vore tacksam för hjälp.

Link to comment
Share on other sites

Vad har du för antivirusprogram?

Kan du hitta någon logg eller annan information med vilka skadliga filer programmet och i vilka mappar de fanns och vilken sorts skadliga filer det är?

Link to comment
Share on other sites

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 00:50:37, on 2010-03-13

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\DllHost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\Program\HPQ\IAM\bin\asghost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\System32\SCardSvr.exe

C:\Program\Java\jre1.5.0_04\bin\jusched.exe

C:\Program\ATI Technologies\ATI Control Panel\atiptaxx.exe

C:\Program\HPQ\HP ProtectTools Security Manager\PTHOSTTR.EXE

C:\WINDOWS\system32\dla\tfswctrl.exe

C:\Program\Synaptics\SynTP\SynTPEnh.exe

C:\Program\hpq\HP Wireless Assistant\HP Wireless Assistant.exe

C:\Program\HPQ\Quick Launch Buttons\EabServr.exe

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAAE.EXE

C:\Program\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe

C:\Program\Eset\nod32kui.exe

C:\Program\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe

C:\Program\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe

C:\Program\Delade filer\Nokia\MPlatform\NokiaMServer.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program\TomTom HOME 2\TomTomHOMERunner.exe

C:\Program\DAEMON Tools Lite\daemon.exe

C:\Program\Windows Media Player\WMPNSCFG.exe

C:\Program\Delade filer\Teleca Shared\Generic.exe

C:\Program\Sony Ericsson\Mobile\Mobile Phone Monitor\epmworker.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program\Seagate\SeagateManager\Sync\FreeAgentService.exe

C:\WINDOWS\System32\svchost.exe

C:\Program\Eset\nod32krn.exe

C:\WINDOWS\system32\svchost.exe

C:\Program\TomTom HOME 2\TomTomHOMEService.exe

C:\Program\Windows Media Player\WMPNetwk.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

C:\Program\HPQ\Shared\hpqwmi.exe

C:\WINDOWS\System32\alg.exe

C:\Program\Internet Explorer\iexplore.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program\Internet Explorer\iexplore.exe

C:\Program\Windows Live\Messenger\msnmsgr.exe

C:\Program\Windows Live\Contacts\wlcomm.exe

C:\Program\Adobe\Acrobat 7.0\Reader\AcroRd32.exe

C:\Program\Internet Explorer\iexplore.exe

C:\Documents and Settings\mabys\Lokala inställningar\Temporary Internet Files\Content.IE5\ULZB1DI9\HijackThis[1].exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157'>http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896'>http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll

O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll

O2 - BHO: Windows Live inloggningshjälpen - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program\Delade filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: HP Credential Manager for ProtectTools - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Program\HPQ\IAM\Bin\ItIeAddIN.dll

O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll

O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll

O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program\DAEMON Tools Toolbar\DTToolbar.dll

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program\Java\jre1.5.0_04\bin\jusched.exe

O4 - HKLM\..\Run: [ATIPTA] C:\Program\ATI Technologies\ATI Control Panel\atiptaxx.exe

O4 - HKLM\..\Run: [PTHOSTTR] C:\Program\HPQ\HP ProtectTools Security Manager\PTHOSTTR.EXE /Start

O4 - HKLM\..\Run: [updateManager] "C:\Program\Delade filer\Sonic\Update Manager\sgtray.exe" /r

O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe

O4 - HKLM\..\Run: [synTPEnh] C:\Program\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program\hpq\HP Wireless Assistant\HP Wireless Assistant.exe

O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program\HPQ\Quick Launch Buttons\EabServr.exe /Start

O4 - HKLM\..\Run: [CognizanceTS] rundll32.exe C:\Program\HPQ\IAM\Bin\AsTsVcc.dll,RegisterModule

O4 - HKLM\..\Run: [Cpqset] C:\Program\HPQ\Default Settings\cpqset.exe

O4 - HKLM\..\Run: [WatchDog] C:\Program\InterVideo\DVD Check\DVDCheck.exe

O4 - HKLM\..\Run: [EPSON Stylus D68 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAAE.EXE /P23 "EPSON Stylus D68 Series" /O6 "USB001" /M "Stylus D68"

O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"

O4 - HKLM\..\Run: [nod32kui] "C:\Program\Eset\nod32kui.exe" /WAITSERVICE

O4 - HKLM\..\Run: [sony Ericsson PC Suite] "C:\Program\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions

O4 - HKLM\..\Run: [MaxMenuMgr] "C:\Program\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe"

O4 - HKLM\..\Run: [NokiaMServer] C:\Program\Delade filer\Nokia\MPlatform\NokiaMServer /watchfiles startup

O4 - HKLM\..\Run: [NokiaMusic FastStart] "C:\Program\Nokia\Ovi Player\NokiaOviPlayer.exe" /command:faststart

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [updateMgr] "C:\Program\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1

O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program\TomTom HOME 2\TomTomHOMERunner.exe" -s

O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program\DAEMON Tools Lite\daemon.exe" -autorun

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program\Windows Media Player\WMPNSCFG.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJÄNST')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Startup: winesm32.exe

O4 - Global Startup: DVD Check.lnk = C:\Program\InterVideo\DVD Check\DVDCheck.exe

O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_04\bin\npjpi150_04.dll

O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_04\bin\npjpi150_04.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O20 - AppInit_DLLs: ASAPHook

O20 - Winlogon Notify: OneCard - C:\Program\HPQ\IAM\Bin\AsWlnPkg.dll

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: Seagate Service (FreeAgentGoNext Service) - Seagate Technology LLC - C:\Program\Seagate\SeagateManager\Sync\FreeAgentService.exe

O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program\HPQ\Shared\hpqwmi.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program\Delade filer\InstallShield\Driver\1150\Intel 32\IDriverT.exe

O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program\Eset\nod32krn.exe

O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program\WinPcap\rpcapd.exe

O23 - Service: ServiceLayer - Nokia - C:\Program\Nokia\PC Connectivity Solution\ServiceLayer.exe

O23 - Service: TomTomHOMEService - TomTom - C:\Program\TomTom HOME 2\TomTomHOMEService.exe

 

--

End of file - 9065 bytes

Link to comment
Share on other sites

HookProcess

Jag hittade följande:

O4 - Startup: winesm32.exe

DAEMON Tools Toolbar

 

Först kan vi börja med att avinstallera DAEMON Tools Toolbar. Det gör du via Lägg till/Ta bort program i Kontrollpanelen.

 

Ladda hem Malwarebytes Anti-Malware här:

http://www.malwareby...am-download.php

Installera programmet och se till att följande kryss-rutor är ibockade efter installationen:

Uppdatera Malwarebytes' Anti-Malware

Starta Malwarebytes' Anti-Malware

 

Utför fullständig skanning. Om några hot hittas, markera dem och klicka på fixa. Loggfilen klistrar du in här.

 

Lyckas inte Malwarebytes att hitta filen winesm32.exe får vi göra på ett annat vis.

 

Vidare använder du äldre versioner av Adobe Reader och Java. Båda produkterna har kända och väl spridda säkerhetshål.

Senaste versionen av Adobe Reader finner du här:

http://ardownload.ad...dr930_sv_SE.exe

Senaste versionen av Java:

http://javadl.sun.co...?BundleId=37981

 

Sist men absolut inte minst... besök Windows Update och installera Service Pack 3 och övriga uppdateringar. Notera att det kan ta lite tid ;)

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.



×
×
  • Create New...