Just nu i M3-nätverket
Jump to content

Trojan?


Guest idgadmin

Recommended Posts

Guest idgadmin

Hej!

Vill ha tips på något program som kan ta bort

Downloud.Trojan, helst specialprogram om det finns? Jag har kört Norton Antivirus som påstår att Trojanen är borta men så enkelt är det väl inte?

Tack på förhand!

Kjell-Åke

 

Link to comment
Share on other sites

  • Replies 57
  • Created
  • Last Reply
Guest idgadmin

Tyvärr så kan jag inte få kontakt med nätet längre på den nedsmittade datorn.Därför kan jag inte ladda ned några tester. Finns det något proram inte större en en diskett som jag kan ladda ned?

Hälsningar

Kjelle 55

 

 

Link to comment
Share on other sites

Guest idgadmin

 

Hej 927

Skickar en lång logfil får se om någon hittar någonting?

Logfile of HijackThis v1.98.2

Scan saved at 15:02:10, on 2004-10-27

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program\Sygate\SPF\smc.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program\Delade filer\Symantec Shared\ccEvtMgr.exe

C:\Program\Delade filer\Microsoft Shared\VS7Debug\mdm.exe

C:\Program\Norton AntiVirus\navapsvc.exe

C:\Program\Norton SystemWorks\Norton Utilities\NPROTECT.EXE

C:\WINDOWS\System32\tcpsvcs.exe

C:\WINDOWS\system32\slserv.exe

C:\WINDOWS\System32\snmp.exe

C:\Program\NORTON~1\SPEEDD~1\nopdb.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\System32\iexplorer.exe

C:\WINDOWS\System32\lssas.exe

C:\WINDOWS\System32\winguard.exe

C:\WINDOWS\System32\sysrestore.exe

C:\WINDOWS\System32\ctfmon.exe

C:\WINDOWS\System32\rmctrl.exe

C:\Program\HP\HP Software Update\HPWuSchd.exe

C:\Program\HP\hpcoretech\hpcmpmgr.exe

C:\Program\Delade filer\Symantec Shared\ccApp.exe

C:\Program\necmfk\necmfk.exe

C:\WINDOWS\System32\winxp.exe

C:\l0ud.exe

C:\Program\HP\Digital Imaging\bin\hpqtra08.exe

C:\Program\Messenger\msmsgs.exe

C:\Program Files\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://aftonbladet.se/

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Carola och Kjell-Åkes webbläsare

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar

O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O4 - HKLM\..\Run: [ATIPTA] C:\Program\ATI Technologies\ATI Control Panel\atiptaxx.exe

O4 - HKLM\..\Run: [RemoteControl] C:\WINDOWS\System32\rmctrl.exe

O4 - HKLM\..\Run: [synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon

O4 - HKLM\..\Run: [smcService] C:\Program\Sygate\SPF\smc.exe -startgui

O4 - HKLM\..\Run: [HP Software Update] "C:\Program\HP\HP Software Update\HPWuSchd.exe"

O4 - HKLM\..\Run: [HP Component Manager] "C:\Program\HP\hpcoretech\hpcmpmgr.exe"

O4 - HKLM\..\Run: [ccApp] C:\Program\Delade filer\Symantec Shared\ccApp.exe

O4 - HKLM\..\Run: [ccRegVfy] C:\Program\Delade filer\Symantec Shared\ccRegVfy.exe

O4 - HKLM\..\Run: [Advanced Tools Check] C:\Program\NORTON~2\AdvTools\ADVCHK.EXE

O4 - HKLM\..\Run: [symantec NetDriver Monitor] C:\Program\SYMNET~1\SNDMon.exe

O4 - HKLM\..\Run: [NECMFK] C:\Program\necmfk\necmfk.exe

O4 - HKLM\..\Run: [internet Explorer] iexplorer.exe

O4 - HKLM\..\Run: [lssas.exe] lssas.exe

O4 - HKLM\..\Run: [ATI VIDEO REGKEY] ati2vid.exe

O4 - HKLM\..\Run: [sygate Personal Firewall] sys.exe

O4 - HKLM\..\Run: [Winupdate Service] winxp.exe

O4 - HKLM\..\Run: [scuk] C:\l0ud.exe

O4 - HKLM\..\Run: [winusb.dll] winguard.exe

O4 - HKLM\..\Run: [MS SyS Restore] sysrestore.exe

O4 - HKLM\..\RunServices: [internet Explorer] iexplorer.exe

O4 - HKLM\..\RunServices: [lssas.exe] lssas.exe

O4 - HKLM\..\RunServices: [ATI VIDEO REGKEY] ati2vid.exe

O4 - HKLM\..\RunServices: [sygate Personal Firewall] sys.exe

O4 - HKLM\..\RunServices: [Winupdate Service] winxp.exe

O4 - HKLM\..\RunServices: [winusb.dll] winguard.exe

O4 - HKLM\..\RunServices: [MS SyS Restore] sysrestore.exe

O4 - HKLM\..\RunOnce: [internet Explorer] iexplorer.exe

O4 - HKLM\..\RunOnce: [lssas.exe] lssas.exe

O4 - HKLM\..\RunOnce: [winusb.dll] winguard.exe

O4 - HKLM\..\RunOnce: [MS SyS Restore] sysrestore.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe

O4 - HKCU\..\Run: [internet Explorer] iexplorer.exe

O4 - HKCU\..\Run: [lssas.exe] lssas.exe

O4 - HKCU\..\Run: [sygate Personal Firewall] sys.exe

O4 - HKCU\..\Run: [winusb.dll] winguard.exe

O4 - HKCU\..\Run: [MS SyS Restore] sysrestore.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\RunOnce: [internet Explorer] iexplorer.exe

O4 - HKCU\..\RunOnce: [winusb.dll] winguard.exe

O4 - HKCU\..\RunOnce: [MS SyS Restore] sysrestore.exe

O4 - HKCU\..\RunOnce: [lssas.exe] lssas.exe

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program\Microsoft Office\Office10\OSA.EXE

O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\MSMSGS.EXE

O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\MSMSGS.EXE

O16 - DPF: ppctlcab - http://www.pestscan.com/scanner/ppctlcab.cab

O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab

O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://www.pestscan.com/scanner/axscanner.cab

O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab'>http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab

O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.com/scan/Msie/bitdefender.cab

O16 - DPF: {8EB3FF4E-86A1-4717-884D-7BA2D38272CB} (F-Secure Online Scanner) - http://support.f-secure.com/ols/fscax.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab

O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab

O16 - DPF: {CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1) -

O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/activedata/SymAData.cab

O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.symantec.com/techsupp/activedata/ActiveData.cab

O18 - Protocol: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program\HP\hpcoretech\comp\hpuiprot.dll

Hälsningar

Kjelle55

 

 

 

Link to comment
Share on other sites

Är definitivt inte hemma på HiJack, men kollade igenom loggfilen ändå och upptäckte detta...kan detta vara något att jobba vidare på kanske? Det är bäst jag låter eliten besvara detta ;))

 

Mobsync.exe definition, relationships, removal:

 

Startup entry for mobsync.exe: Synchronization Manager

 

mobsync.exe description: "With Internet Explorer, you can make pages available offline. You can use Synchronization Manager to set specific parameters for when your offline pages should be synchronized with the current cached page. To run Synchronization Manager, click Synchronize on the Tools menu. You can synchronize pages three ways: at logon, during idle time, or at a scheduled time. To set your synchronization preference, start Synchronization Manager, click Setup, and then click the appropriate settings on the Logon/Logoff tab."

 

File mobsync.exe removal: Described file mobsync.exe is not related to the security threats.

However the same or similar file name can be used by spyware or adware programs to decept user. We advice you to scan your computer and eliminate possible threats.

download scanner and remover

 

Usually 20-30 invisible processes run silently in the background. Some hog system resources, some may violate your privacy and give hackers access to your computer.

 

 

Link to comment
Share on other sites

Guest idgadmin

 

Hej!

Skickar här en ny log för kontroll

 

Logfile of HijackThis v1.98.2

Scan saved at 12:24:38, on 2004-10-29

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://aftonbladet.se/

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Carola och Kjell-Åkes webbläsare

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar

O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O4 - HKLM\..\Run: [ATIPTA] C:\Program\ATI Technologies\ATI Control Panel\atiptaxx.exe

O4 - HKLM\..\Run: [RemoteControl] C:\WINDOWS\System32\rmctrl.exe

O4 - HKLM\..\Run: [synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon

O4 - HKLM\..\Run: [smcService] C:\Program\Sygate\SPF\smc.exe -startgui

O4 - HKLM\..\Run: [HP Software Update] "C:\Program\HP\HP Software Update\HPWuSchd.exe"

O4 - HKLM\..\Run: [HP Component Manager] "C:\Program\HP\hpcoretech\hpcmpmgr.exe"

O4 - HKLM\..\Run: [ccApp] C:\Program\Delade filer\Symantec Shared\ccApp.exe

O4 - HKLM\..\Run: [ccRegVfy] C:\Program\Delade filer\Symantec Shared\ccRegVfy.exe

O4 - HKLM\..\Run: [Advanced Tools Check] C:\Program\NORTON~2\AdvTools\ADVCHK.EXE

O4 - HKLM\..\Run: [symantec NetDriver Monitor] C:\Program\SYMNET~1\SNDMon.exe

O4 - HKLM\..\Run: [NECMFK] C:\Program\necmfk\necmfk.exe

O4 - HKLM\..\Run: [lssas.exe] lssas.exe

O4 - HKLM\..\Run: [ATI VIDEO REGKEY] ati2vid.exe

O4 - HKLM\..\Run: [sygate Personal Firewall] sys.exe

O4 - HKLM\..\Run: [Winupdate Service] winxp.exe

O4 - HKLM\..\Run: [scuk] C:\l0ud.exe

O4 - HKLM\..\Run: [winusb.dll] winguard.exe

O4 - HKLM\..\Run: [MS SyS Restore] sysrestore.exe

O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto

O4 - HKLM\..\RunServices: [lssas.exe] lssas.exe

O4 - HKLM\..\RunServices: [ATI VIDEO REGKEY] ati2vid.exe

O4 - HKLM\..\RunServices: [sygate Personal Firewall] sys.exe

O4 - HKLM\..\RunServices: [Winupdate Service] winxp.exe

O4 - HKLM\..\RunServices: [winusb.dll] winguard.exe

O4 - HKLM\..\RunServices: [MS SyS Restore] sysrestore.exe

O4 - HKLM\..\RunOnce: [lssas.exe] lssas.exe

O4 - HKLM\..\RunOnce: [winusb.dll] winguard.exe

O4 - HKLM\..\RunOnce: [MS SyS Restore] sysrestore.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe

O4 - HKCU\..\Run: [lssas.exe] lssas.exe

O4 - HKCU\..\Run: [sygate Personal Firewall] sys.exe

O4 - HKCU\..\Run: [winusb.dll] winguard.exe

O4 - HKCU\..\Run: [MS SyS Restore] sysrestore.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\RunOnce: [lssas.exe] lssas.exe

O4 - HKCU\..\RunOnce: [MS SyS Restore] sysrestore.exe

O4 - HKCU\..\RunOnce: [winusb.dll] winguard.exe

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program\Microsoft Office\Office10\OSA.EXE

O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\MSMSGS.EXE

O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\MSMSGS.EXE

O16 - DPF: ppctlcab - http://www.pestscan.com/scanner/ppctlcab.cab

O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab

O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://www.pestscan.com/scanner/axscanner.cab

O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab'>http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab

O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.com/scan/Msie/bitdefender.cab

O16 - DPF: {8EB3FF4E-86A1-4717-884D-7BA2D38272CB} (F-Secure Online Scanner) - http://support.f-secure.com/ols/fscax.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab

O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab

O16 - DPF: {CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1) -

O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/activedata/SymAData.cab

O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.symantec.com/techsupp/activedata/ActiveData.cab

O18 - Protocol: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program\HP\hpcoretech\comp\hpuiprot.dll

 

 

 

Link to comment
Share on other sites

 

har du scannat med hjt i felsäkert läge nu?

är svaret ja så starta om datorn på vanligt sätt och posta en ny logg.

 

för att vinna lite tid så om loggen ser ut nästan på samma sätt som den gjorde i onsdags så öppna norton och se vad det står för datum efter virus def. och om åtmindstånde inkommande emailscan är aktiverat.

sen kollar du i options>manual scan>aktivera comprehensive scan>ok

sen gör du en manuell scan och berättar vad norton tyckte.

 

Link to comment
Share on other sites

Guest idgadmin

 

Tyvärr gav inte det här någonting, Norton hittar ingenting.

Jag tror vi avslutar ärendet så går jag vidare på annat sätt.

 

Hälsningar

Kjelle 55

 

Link to comment
Share on other sites

 

det är inga problem att fixa dina trojaner med hjälp av hijack this men det bästa är att låta ett antivirus program ta bort dom.

 

jag undrar om ditt a-v program funkar för sist jag kolla så hade du en mask som kom i somras och du hade även fått slags kedjebrev via epost med bifogad fil. dessa ska norton om det funkar och är uppdatertat ta bort utan problem men även självklart även hita vid scanning.

 

vad jag ser så hitta stinger endast en av dina maskar men jag skriver upp denna iaf

 

bocka för dessa i hjt

 

O4 - HKLM\..\Run: [internet Explorer] iexplorer.exe

O4 - HKLM\..\Run: [lssas.exe] lssas.exe

O4 - HKLM\..\Run: [Winupdate Service] winxp.exe

O4 - HKLM\..\Run: [scuk] C:\l0ud.exe

O4 - HKLM\..\Run: [winusb.dll] winguard.exe

O4 - HKLM\..\Run: [MS SyS Restore] sysrestore.exe

O4 - HKLM\..\RunServices: [internet Explorer] iexplorer.exe

O4 - HKLM\..\RunServices: [lssas.exe] lssas.exe

O4 - HKLM\..\RunServices: [Winupdate Service] winxp.exe

O4 - HKLM\..\RunServices: [winusb.dll] winguard.exe

O4 - HKLM\..\RunServices: [MS SyS Restore] sysrestore.exe

O4 - HKLM\..\RunOnce: [internet Explorer] iexplorer.exe

O4 - HKLM\..\RunOnce: [lssas.exe] lssas.exe

O4 - HKLM\..\RunOnce: [winusb.dll] winguard.exe

O4 - HKLM\..\RunOnce: [MS SyS Restore] sysrestore.exe

O4 - HKCU\..\Run: [internet Explorer] iexplorer.exe

O4 - HKCU\..\Run: [lssas.exe] lssas.exe

 

sen startar du om i felsäkert läge och tar bort dessa

C:\WINDOWS\System32\iexplorer.exe

C:\WINDOWS\System32\lssas.exe

C:\WINDOWS\System32\winguard.exe

C:\WINDOWS\System32\sysrestore.exe

C:\WINDOWS\System32\winxp.exe

C:\l0ud.exe

 

 

Link to comment
Share on other sites

Guest idgadmin

Hej 927

Jag har försökt följa dina instruktioner men tror inte jag gör rätt på borttagningen i felsäker läge, kanske mera råd ?

I morse kom jag ut på nätet i cirka 10 min men sedan tappade datorn kontakten. Datorn söker själv upp några sidor(samma varje gång) men får ingen kontakt. I dag hittade virusprogrammet flera Trojaner bla. W32 Bobax.c dessa tog programmet bort. Uppdaterade programmet igår(hade tur under en kort stund). Kanske finns mer hjälp att få?

 

 

Link to comment
Share on other sites

 

antingen så söker du upp mappen system 32 och högerklickar på filen och väljer ta bort eller så klickar du på start>sök>skriver in filnamnet och klickar på sök. det är ju en smaksak.

 

är helt säker på att du lyckats ta bort de 04 objekten i hjt som jag skrev upp?

när du bockar för dessa så startar/aktiveras inte dessa trojaner när du startar datorn.

det är ju bara att du gör en ny hjt scan>logg och ser hur den ser ut

 

problemet är att jag vet ju inte vad som händer och vad du gör eller inte gör.

sen är den hjt loggen som jag kan se flera dar gammal och det kan ha tillkommit nya saker.

 

när du får till gång till nätet så hämta ad-aware se 1.05. installera programmet och klicka på uppdatera. scanningen kan du ju göra offline.

välj full system scan innan du börjar scanna. ta bort allt som hittas.

http://www.pcextreme.net/downloads.php

 

Link to comment
Share on other sites

Guest idgadmin

 

Hej 927

Beklagar att jag inte riktigt hänger med men det är bökigt att hoppa mellan två datorer. Jag har lyckats få bort de filer ur system 32 som du föreslog men jag hittar inte iexplorer.exe där. Skickar en ny log från Hijack som du ser där får jag inte bort winguard.exe trots flera försök.

 

Logfile of HijackThis v1.98.2

Scan saved at 18:54:22, on 2004-10-31

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program\Sygate\SPF\smc.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\System32\wuarclt.exe

C:\WINDOWS\System32\rmctrl.exe

C:\Program\HP\HP Software Update\HPWuSchd.exe

C:\Program\HP\hpcoretech\hpcmpmgr.exe

C:\Program\Delade filer\Symantec Shared\ccApp.exe

C:\Program\necmfk\necmfk.exe

C:\l0ad.exe

C:\bar.exe

C:\Program\Delade filer\Symantec Shared\ccEvtMgr.exe

C:\Program\Delade filer\Microsoft Shared\VS7Debug\mdm.exe

C:\Program\Norton AntiVirus\navapsvc.exe

C:\Program\Norton SystemWorks\Norton Utilities\NPROTECT.EXE

C:\WINDOWS\System32\tcpsvcs.exe

C:\WINDOWS\system32\slserv.exe

C:\WINDOWS\System32\snmp.exe

C:\Program\NORTON~1\SPEEDD~1\nopdb.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\iexplore.exe

C:\WINDOWS\system32\cmd.exe

C:\WINDOWS\System32\ctfmon.exe

C:\WINDOWS\System32\iexplore.exe

C:\Program\HP\Digital Imaging\bin\hpqtra08.exe

C:\Program Files\HijackThis.exe

C:\Program\Messenger\msmsgs.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://aftonbladet.se/

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Carola och Kjell-Åkes webbläsare

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar

O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O4 - HKLM\..\Run: [ATIPTA] C:\Program\ATI Technologies\ATI Control Panel\atiptaxx.exe

O4 - HKLM\..\Run: [RemoteControl] C:\WINDOWS\System32\rmctrl.exe

O4 - HKLM\..\Run: [synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon

O4 - HKLM\..\Run: [smcService] C:\Program\Sygate\SPF\smc.exe -startgui

O4 - HKLM\..\Run: [HP Software Update] "C:\Program\HP\HP Software Update\HPWuSchd.exe"

O4 - HKLM\..\Run: [HP Component Manager] "C:\Program\HP\hpcoretech\hpcmpmgr.exe"

O4 - HKLM\..\Run: [ccApp] C:\Program\Delade filer\Symantec Shared\ccApp.exe

O4 - HKLM\..\Run: [ccRegVfy] C:\Program\Delade filer\Symantec Shared\ccRegVfy.exe

O4 - HKLM\..\Run: [Advanced Tools Check] C:\Program\NORTON~2\AdvTools\ADVCHK.EXE

O4 - HKLM\..\Run: [symantec NetDriver Monitor] C:\Program\SYMNET~1\SNDMon.exe

O4 - HKLM\..\Run: [NECMFK] C:\Program\necmfk\necmfk.exe

O4 - HKLM\..\Run: [ATI VIDEO REGKEY] ati2vid.exe

O4 - HKLM\..\Run: [sygate Personal Firewall] sys.exe

O4 - HKLM\..\Run: [DivX Player] DivXPlayer.exe

O4 - HKLM\..\Run: [Windows AdTools] C:\Program Files\Windows AdTools\WinAdTools.exe

O4 - HKLM\..\Run: [Windows Firewall] iexplore.exe

O4 - HKLM\..\Run: [*windows update] wuarclt.exe

O4 - HKLM\..\RunServices: [ATI VIDEO REGKEY] ati2vid.exe

O4 - HKLM\..\RunServices: [sygate Personal Firewall] sys.exe

O4 - HKLM\..\RunServices: [DivX Player] DivXPlayer.exe

O4 - HKLM\..\RunServices: [Windows Firewall] iexplore.exe

O4 - HKLM\..\RunServices: [*windows update] wuarclt.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe

O4 - HKCU\..\Run: [sygate Personal Firewall] sys.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [DivX Player] DivXPlayer.exe

O4 - HKCU\..\Run: [*windows update] wuarclt.exe

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program\Microsoft Office\Office10\OSA.EXE

O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\MSMSGS.EXE

O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\MSMSGS.EXE

O16 - DPF: ppctlcab - http://www.pestscan.com/scanner/ppctlcab.cab

O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab

O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://www.pestscan.com/scanner/axscanner.cab

O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab'>http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab

O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.com/scan/Msie/bitdefender.cab

O16 - DPF: {8EB3FF4E-86A1-4717-884D-7BA2D38272CB} (F-Secure Online Scanner) - http://support.f-secure.com/ols/fscax.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab

O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab

O16 - DPF: {CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1) -

O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/activedata/SymAData.cab

O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.symantec.com/techsupp/activedata/ActiveData.cab

O18 - Protocol: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program\HP\hpcoretech\comp\hpuiprot.dll

 

Tack för all hjälp!

Kjelle 55

 

Link to comment
Share on other sites

 

iexplorer.exe, den fixa stinger om jag minns rätt.

 

----------------------------------------

 

vad gäller programmen som är igång så ska dessa bort

C:\l0ad.exe

C:\bar.exe

 

om jag inte skrivit det förut så är det inte omöjligt att du kan hitta konstiga program ibland lägg till/ta bort program.

 

----------------------------------------

 

jag ser ingen winguard.exe...

 

däremot har du sygate (som är en mycke bra brandvägg) men även windows egna kassa brandvägg aktiverad. det kanske inte är några problem men det räcker ju med en.

 

 

[inlägget ändrat 2004-10-31 21:42:10 av 927]

Link to comment
Share on other sites

Guest idgadmin

Tack!

I dag verkar datorn fri från allt spök?

Jag har kört en virustest och inga varningar har dykt upp (som igår)

Men tyvärr kommer datorn inte ut på nätet!

Skickar med en ny log.

Hälsningar

Kjell 55

 

 

Logfile of HijackThis v1.98.2

Scan saved at 12:13:00, on 2004-11-01

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\savedump.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program\Sygate\SPF\smc.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\System32\wuarclt.exe

C:\WINDOWS\System32\rmctrl.exe

C:\Program\HP\HP Software Update\HPWuSchd.exe

C:\Program\HP\hpcoretech\hpcmpmgr.exe

C:\Program\Delade filer\Symantec Shared\ccApp.exe

C:\Program\necmfk\necmfk.exe

C:\Program\Delade filer\Symantec Shared\ccEvtMgr.exe

C:\Program\Delade filer\Microsoft Shared\VS7Debug\mdm.exe

C:\Program\Norton AntiVirus\navapsvc.exe

C:\Program\Norton SystemWorks\Norton Utilities\NPROTECT.EXE

C:\WINDOWS\System32\tcpsvcs.exe

C:\WINDOWS\system32\slserv.exe

C:\WINDOWS\System32\snmp.exe

C:\Program\NORTON~1\SPEEDD~1\nopdb.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\wuauclt.exe

C:\WINDOWS\System32\ctfmon.exe

C:\Program\HP\Digital Imaging\bin\hpqtra08.exe

C:\Program\Messenger\msmsgs.exe

C:\Program Files\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://aftonbladet.se/

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Carola och Kjell-Åkes webbläsare

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar

O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O4 - HKLM\..\Run: [ATIPTA] C:\Program\ATI Technologies\ATI Control Panel\atiptaxx.exe

O4 - HKLM\..\Run: [RemoteControl] C:\WINDOWS\System32\rmctrl.exe

O4 - HKLM\..\Run: [synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon

O4 - HKLM\..\Run: [smcService] C:\Program\Sygate\SPF\smc.exe -startgui

O4 - HKLM\..\Run: [HP Software Update] "C:\Program\HP\HP Software Update\HPWuSchd.exe"

O4 - HKLM\..\Run: [HP Component Manager] "C:\Program\HP\hpcoretech\hpcmpmgr.exe"

O4 - HKLM\..\Run: [ccApp] C:\Program\Delade filer\Symantec Shared\ccApp.exe

O4 - HKLM\..\Run: [ccRegVfy] C:\Program\Delade filer\Symantec Shared\ccRegVfy.exe

O4 - HKLM\..\Run: [Advanced Tools Check] C:\Program\NORTON~2\AdvTools\ADVCHK.EXE

O4 - HKLM\..\Run: [symantec NetDriver Monitor] C:\Program\SYMNET~1\SNDMon.exe

O4 - HKLM\..\Run: [NECMFK] C:\Program\necmfk\necmfk.exe

O4 - HKLM\..\Run: [ATI VIDEO REGKEY] ati2vid.exe

O4 - HKLM\..\Run: [sygate Personal Firewall] sys.exe

O4 - HKLM\..\Run: [DivX Player] DivXPlayer.exe

O4 - HKLM\..\Run: [Windows AdTools] C:\Program Files\Windows AdTools\WinAdTools.exe

O4 - HKLM\..\Run: [Windows Firewall] iexplore.exe

O4 - HKLM\..\Run: [*windows update] wuarclt.exe

O4 - HKLM\..\RunServices: [ATI VIDEO REGKEY] ati2vid.exe

O4 - HKLM\..\RunServices: [sygate Personal Firewall] sys.exe

O4 - HKLM\..\RunServices: [DivX Player] DivXPlayer.exe

O4 - HKLM\..\RunServices: [Windows Firewall] iexplore.exe

O4 - HKLM\..\RunServices: [*windows update] wuarclt.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe

O4 - HKCU\..\Run: [sygate Personal Firewall] sys.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [DivX Player] DivXPlayer.exe

O4 - HKCU\..\Run: [*windows update] wuarclt.exe

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program\Microsoft Office\Office10\OSA.EXE

O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\MSMSGS.EXE

O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\MSMSGS.EXE

O16 - DPF: ppctlcab - http://www.pestscan.com/scanner/ppctlcab.cab

O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab

O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://www.pestscan.com/scanner/axscanner.cab

O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab'>http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab

O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.com/scan/Msie/bitdefender.cab

O16 - DPF: {8EB3FF4E-86A1-4717-884D-7BA2D38272CB} (F-Secure Online Scanner) - http://support.f-secure.com/ols/fscax.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab

O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab

O16 - DPF: {CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1) -

O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/activedata/SymAData.cab

O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.symantec.com/techsupp/activedata/ActiveData.cab

O18 - Protocol: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program\HP\hpcoretech\comp\hpuiprot.dll

 

 

 

Link to comment
Share on other sites

 

loggen ser ok ut.

 

ditt problem kan va relaterat till nätverkskoret. får du ip-adress varje gång?

känner du inte till dessa saker så kontakta telia men du kan skriva in winipcfg i kör. då får du upp ett litet program. står det en ip-adress som börjar på 169 så är det nåt som är fel

 

Link to comment
Share on other sites

Loggen är inte ren.

 

 

Skapa en ny mapp på C:/ och placera HijackThis.exe dit så C:/HjT/HijackThis.exe

 

 

 

 

Scanna med Hijack bocka i följande rader stäng Web-läsaren och alla andra öppna fönster och klicka FIX checked

 

 

O4 - HKLM\..\Run: [ATI VIDEO REGKEY] ati2vid.exe

O4 - HKLM\..\Run: [sygate Personal Firewall] sys.exe

O4 - HKLM\..\Run: [DivX Player] DivXPlayer.exe

O4 - HKLM\..\Run: [Windows Firewall] iexplore.exe

O4 - HKLM\..\Run: [*windows update] wuarclt.exe

O4 - HKLM\..\RunServices: [ATI VIDEO REGKEY] ati2vid.exe

O4 - HKLM\..\RunServices: [sygate Personal Firewall] sys.exe

O4 - HKLM\..\RunServices: [DivX Player] DivXPlayer.exe

O4 - HKLM\..\RunServices: [Windows Firewall] iexplore.exe

O4 - HKLM\..\RunServices: [*windows update] wuarclt.exe

O4 - HKCU\..\Run: [sygate Personal Firewall] sys.exe

O4 - HKCU\..\Run: [DivX Player] DivXPlayer.exe

O4 - HKCU\..\Run: [*windows update] wuarclt.exe

O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

 

 

Sen starta om datorn och skicka en ny Hijack logg.

 

 

 

 

 

 

 

 

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.




×
×
  • Create New...