Trojan?

October 26, 2004

Hej!

Vill ha tips på något program som kan ta bort

Downloud.Trojan, helst specialprogram om det finns? Jag har kört Norton Antivirus som påstår att Trojanen är borta men så enkelt är det väl inte?

Tack på förhand!

Kjell-Åke

October 26, 2004

Prova F-Secure Online Virus Scanner

http://support.f-secure.se/swe/home/ols.shtml

October 26, 2004

Finns även Trend Micro

http://housecall.trendmicro.com/housecall/start_corp.asp

och Panda

http://www.pandasoftware.com/activescan/com/activescan_principal.htm

October 26, 2004

visst kan det va så enkelt men är du inte säker så posta en hijack this 1.98.2 logg här

October 27, 2004

Tyvärr så kan jag inte få kontakt med nätet längre på den nedsmittade datorn.Därför kan jag inte ladda ned några tester. Finns det något proram inte större en en diskett som jag kan ladda ned?

Hälsningar

Kjelle 55

October 27, 2004

Hej 927

Skickar en lång logfil får se om någon hittar någonting?

Logfile of HijackThis v1.98.2

Scan saved at 15:02:10, on 2004-10-27

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program\Sygate\SPF\smc.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program\Delade filer\Symantec Shared\ccEvtMgr.exe

C:\Program\Delade filer\Microsoft Shared\VS7Debug\mdm.exe

C:\Program\Norton AntiVirus\navapsvc.exe

C:\Program\Norton SystemWorks\Norton Utilities\NPROTECT.EXE

C:\WINDOWS\System32\tcpsvcs.exe

C:\WINDOWS\system32\slserv.exe

C:\WINDOWS\System32\snmp.exe

C:\Program\NORTON~1\SPEEDD~1\nopdb.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\System32\iexplorer.exe

C:\WINDOWS\System32\lssas.exe

C:\WINDOWS\System32\winguard.exe

C:\WINDOWS\System32\sysrestore.exe

C:\WINDOWS\System32\ctfmon.exe

C:\WINDOWS\System32\rmctrl.exe

C:\Program\HP\HP Software Update\HPWuSchd.exe

C:\Program\HP\hpcoretech\hpcmpmgr.exe

C:\Program\Delade filer\Symantec Shared\ccApp.exe

C:\Program\necmfk\necmfk.exe

C:\WINDOWS\System32\winxp.exe

C:\l0ud.exe

C:\Program\HP\Digital Imaging\bin\hpqtra08.exe

C:\Program\Messenger\msmsgs.exe

C:\Program Files\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://aftonbladet.se/

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Carola och Kjell-Åkes webbläsare

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar

O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O4 - HKLM\..\Run: [ATIPTA] C:\Program\ATI Technologies\ATI Control Panel\atiptaxx.exe

O4 - HKLM\..\Run: [RemoteControl] C:\WINDOWS\System32\rmctrl.exe

O4 - HKLM\..\Run: [synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon

O4 - HKLM\..\Run: [smcService] C:\Program\Sygate\SPF\smc.exe -startgui

O4 - HKLM\..\Run: [HP Software Update] "C:\Program\HP\HP Software Update\HPWuSchd.exe"

O4 - HKLM\..\Run: [HP Component Manager] "C:\Program\HP\hpcoretech\hpcmpmgr.exe"

O4 - HKLM\..\Run: [ccApp] C:\Program\Delade filer\Symantec Shared\ccApp.exe

O4 - HKLM\..\Run: [ccRegVfy] C:\Program\Delade filer\Symantec Shared\ccRegVfy.exe

O4 - HKLM\..\Run: [Advanced Tools Check] C:\Program\NORTON~2\AdvTools\ADVCHK.EXE

O4 - HKLM\..\Run: [symantec NetDriver Monitor] C:\Program\SYMNET~1\SNDMon.exe

O4 - HKLM\..\Run: [NECMFK] C:\Program\necmfk\necmfk.exe

O4 - HKLM\..\Run: [internet Explorer] iexplorer.exe

O4 - HKLM\..\Run: [lssas.exe] lssas.exe

O4 - HKLM\..\Run: [ATI VIDEO REGKEY] ati2vid.exe

O4 - HKLM\..\Run: [sygate Personal Firewall] sys.exe

O4 - HKLM\..\Run: [Winupdate Service] winxp.exe

O4 - HKLM\..\Run: [scuk] C:\l0ud.exe

O4 - HKLM\..\Run: [winusb.dll] winguard.exe

O4 - HKLM\..\Run: [MS SyS Restore] sysrestore.exe

O4 - HKLM\..\RunServices: [internet Explorer] iexplorer.exe

O4 - HKLM\..\RunServices: [lssas.exe] lssas.exe

O4 - HKLM\..\RunServices: [ATI VIDEO REGKEY] ati2vid.exe

O4 - HKLM\..\RunServices: [sygate Personal Firewall] sys.exe

O4 - HKLM\..\RunServices: [Winupdate Service] winxp.exe

O4 - HKLM\..\RunServices: [winusb.dll] winguard.exe

O4 - HKLM\..\RunServices: [MS SyS Restore] sysrestore.exe

O4 - HKLM\..\RunOnce: [internet Explorer] iexplorer.exe

O4 - HKLM\..\RunOnce: [lssas.exe] lssas.exe

O4 - HKLM\..\RunOnce: [winusb.dll] winguard.exe

O4 - HKLM\..\RunOnce: [MS SyS Restore] sysrestore.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe

O4 - HKCU\..\Run: [internet Explorer] iexplorer.exe

O4 - HKCU\..\Run: [lssas.exe] lssas.exe

O4 - HKCU\..\Run: [sygate Personal Firewall] sys.exe

O4 - HKCU\..\Run: [winusb.dll] winguard.exe

O4 - HKCU\..\Run: [MS SyS Restore] sysrestore.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\RunOnce: [internet Explorer] iexplorer.exe

O4 - HKCU\..\RunOnce: [winusb.dll] winguard.exe

O4 - HKCU\..\RunOnce: [MS SyS Restore] sysrestore.exe

O4 - HKCU\..\RunOnce: [lssas.exe] lssas.exe

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program\Microsoft Office\Office10\OSA.EXE

O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\MSMSGS.EXE

O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\MSMSGS.EXE

O16 - DPF: ppctlcab - http://www.pestscan.com/scanner/ppctlcab.cab

O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab

O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://www.pestscan.com/scanner/axscanner.cab

O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab'>http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab

O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.com/scan/Msie/bitdefender.cab

O16 - DPF: {8EB3FF4E-86A1-4717-884D-7BA2D38272CB} (F-Secure Online Scanner) - http://support.f-secure.com/ols/fscax.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab

O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab

O16 - DPF: {CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1) -

O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/activedata/SymAData.cab

O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.symantec.com/techsupp/activedata/ActiveData.cab

O18 - Protocol: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program\HP\hpcoretech\comp\hpuiprot.dll

Hälsningar

Kjelle55

October 27, 2004

scanna datorn i felsäkert läge med detta lilla program

http://vil.nai.com/vil/stinger/.

starta sen om och posta en ny hjt logg

October 27, 2004

jag måste ju fråga hur uppdaterat ditt norton är... är det inte uppdaterat när du scannar så är det ju nästan värdelöst.

October 28, 2004

Är definitivt inte hemma på HiJack, men kollade igenom loggfilen ändå och upptäckte detta...kan detta vara något att jobba vidare på kanske? Det är bäst jag låter eliten besvara detta )

Mobsync.exe definition, relationships, removal:

Startup entry for mobsync.exe: Synchronization Manager

mobsync.exe description: "With Internet Explorer, you can make pages available offline. You can use Synchronization Manager to set specific parameters for when your offline pages should be synchronized with the current cached page. To run Synchronization Manager, click Synchronize on the Tools menu. You can synchronize pages three ways: at logon, during idle time, or at a scheduled time. To set your synchronization preference, start Synchronization Manager, click Setup, and then click the appropriate settings on the Logon/Logoff tab."

File mobsync.exe removal: Described file mobsync.exe is not related to the security threats.

However the same or similar file name can be used by spyware or adware programs to decept user. We advice you to scan your computer and eliminate possible threats.

download scanner and remover

Usually 20-30 invisible processes run silently in the background. Some hog system resources, some may violate your privacy and give hackers access to your computer.

October 28, 2004

vi kan ju börja med att rensa de maskar som finns i datorn

October 28, 2004

Hej 927!

Har laddat ner Stinger och återkommer så snart jag kan med en ny logfil.

Tack för tipset!

October 29, 2004

Hej!

Skickar här en ny log för kontroll

Logfile of HijackThis v1.98.2

Scan saved at 12:24:38, on 2004-10-29