Just nu i M3-nätverket
Jump to content

Buddy


peran

Recommended Posts

Kan nån tala om för mej vad BUDDY är för ett program,det försöker hela tiden skapa förbindelse till internet.

C:\WINDOWS\JLAHHT~1.EXE

 

Link to comment
Share on other sites

 

Logfile of HijackThis v1.99.1

Scan saved at 19:27:43, on 2005-05-04

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.exe

C:\Program\GLOCAL~1\backweb\1334833\Program\SERVIC~1.EXE

C:\Program\Executive Software\Diskeeper\DkService.exe

C:\Program\Glocalnet Säkerhetspaket\Anti-Virus\fsgk32st.exe

C:\Program\Glocalnet Säkerhetspaket\Anti-Virus\FSGK32.EXE

C:\Program\Glocalnet Säkerhetspaket\Anti-Virus\fssm32.exe

C:\Program\Glocalnet Säkerhetspaket\backweb\1334833\program\fsbwsys.exe

C:\Program\Glocalnet Säkerhetspaket\backweb\1334833\Program\BackWeb-1334833.exe

C:\Program\Glocalnet Säkerhetspaket\fswsclds.exe

C:\Program\Delade filer\Microsoft Shared\VS7Debug\mdm.exe

C:\WINDOWS\System32\svchost.exe

C:\Program\Glocalnet Säkerhetspaket\Common\FSMA32.EXE

C:\Program\Glocalnet Säkerhetspaket\Common\FSMB32.EXE

C:\Program\Glocalnet Säkerhetspaket\Common\FCH32.EXE

C:\Program\Glocalnet Säkerhetspaket\Common\FAMEH32.EXE

C:\Program\Glocalnet Säkerhetspaket\Anti-Virus\fsav32.exe

C:\Program\Glocalnet Säkerhetspaket\DFW\Program\fsdfwd.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\ezSP_Px.exe

C:\Program\Delade filer\Sonic\Update Manager\sgtray.exe

C:\Program\Delade filer\Microsoft Shared\Works Shared\WkUFind.exe

C:\Program\Messenger Plus! 3\MsgPlus.exe

C:\HP\KBD\KBD.EXE

C:\windows\system\hpsysdrv.exe

C:\Program\Glocalnet Säkerhetspaket\Common\FSM32.EXE

C:\Program\D-Tools\daemon.exe

C:\Program\ATI Technologies\ATI Control Panel\atiptaxx.exe

C:\WINDOWS\ALCXMNTR.EXE

C:\Program\MSN Messenger\msnmsgr.exe

C:\Program\Messenger\msmsgs.exe

C:\Program\Adobe\Acrobat 7.0\Reader\reader_sl.exe

C:\Program\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe

C:\Program\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe

C:\Program\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe

C:\Program\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Documents and Settings\Ägare.DITT-P6D5KSNZKW\Skrivbord\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.se/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://sv8.hpwis.com/'>http://sv8.hpwis.com/'>http://sv8.hpwis.com/

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://sv8.hpwis.com/

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://sv8.hpwis.com/

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar

F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe

O2 - BHO: (no name) - {00000000-DD60-0064-6EC2-6E0100000000} - (no file)

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: BolgerObj Class - {302A3240-4805-4a34-97D7-1645A0B08410} - C:\WINDOWS\Bolger.dll

O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\system32\ezSP_Px.exe

O4 - HKLM\..\Run: [WSSAConfiguration] wmmon32.exe

O4 - HKLM\..\Run: [storageGuard] "C:\Program\Delade filer\Sonic\Update Manager\sgtray.exe" /r

O4 - HKLM\..\Run: [showShifter TVTV EPG Daemon] "C:\Program\Home Media Networks Limited\ShowShifter\TVTVD.exe"

O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE

O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [Microsoft Works Update Detection] "C:\Program\Delade filer\Microsoft Shared\Works Shared\WkUFind.exe"

O4 - HKLM\..\Run: [Microsoft Updates Resources] WinFixIDs.exe

O4 - HKLM\..\Run: [Microsoft Update] wuamgrd.exe

O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program\Messenger Plus! 3\MsgPlus.exe"

O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE

O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe

O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program\Glocalnet Säkerhetspaket\TNB\TNBUtil.exe" /CHECKALL

O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program\Glocalnet Säkerhetspaket\Common\FSM32.EXE" /splash

O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program\D-Tools\daemon.exe" -lang 1033

O4 - HKLM\..\Run: [ATIPTA] "C:\Program\ATI Technologies\ATI Control Panel\atiptaxx.exe"

O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE

O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program\Executive Software\Diskeeper\DkIcon.exe"

O4 - HKLM\..\RunServices: [WSSAConfiguration] wmmon32.exe

O4 - HKLM\..\RunServices: [Microsoft Update] wuamgrd.exe

O4 - HKLM\..\RunServices: [Microsoft Updates Resources] WinFixIDs.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Program\MSN Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [MSMSGS] "C:\Program\Messenger\msmsgs.exe" /background

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe

O4 - Global Startup: hpoddt01.exe.lnk = ?

O4 - Global Startup: Microsoft Office.lnk = C:\Program\Microsoft Office\Office10\OSA.EXE

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O12 - Plugin for .mpeg: C:\Program\Internet Explorer\PLUGINS\npqtplugin4.dll

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409

O16 - DPF: {3AF4DACE-36ED-42EF-9DFC-ADC34DA30CFF} (PatchInstaller.Installer) - file://E:\content\include\XPPatchInstaller.CAB

O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.0 Control) - http://korthuset.seavus.com/ImageUploader3.cab

O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab

O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll

O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: Glocalnet Säkerhetspaket (BackWeb Client - 1334833) - Unknown owner - C:\Program\GLOCAL~1\backweb\1334833\Program\SERVIC~1.EXE

O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program\Executive Software\Diskeeper\DkService.exe

O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corp. - C:\Program\Glocalnet Säkerhetspaket\Anti-Virus\fsgk32st.exe

O23 - Service: F-Secure Authentication Agent (FSAA) - Unknown owner - C:\Program\Glocalnet Säkerhetspaket\Common\FSAA.EXE (file missing)

O23 - Service: fsbwsys - F-Secure Corp. - C:\Program\Glocalnet Säkerhetspaket\backweb\1334833\program\fsbwsys.exe

O23 - Service: F-Secure Distributed Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program\Glocalnet Säkerhetspaket\DFW\Program\fsdfwd.exe

O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program\Glocalnet Säkerhetspaket\Common\FSMA32.EXE

O23 - Service: F-Secure Windows Security Center Legacy Detection Service (Fswsclds) - F-Secure Corporation - C:\Program\Glocalnet Säkerhetspaket\fswsclds.exe

O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe

 

 

 

[inlägget ändrat 2005-05-04 19:33:06 av peran]

Link to comment
Share on other sites

Ladda ner Ewido

 

http://www.ewido.net/en/download/

 

Sen installera den.

Sen uppdatera programmet.(viktigt att du updaterar den)

 

Starta sen datorn i felsäkert läge och scanna med programmet och ta bort allt som hittas.

 

Starta sen normalt och ladda ner Findit.zip

 

http://forums.net-integration.net/index.php?act=Attach&type=post&id=142443

 

Unzippa i en ny mapp på C:

Sen öppna den nya mappen och klicka på find.bat

Låt den jobba klart och skicka hit loggen som kommer ut.

 

Skicka också en ny Hijack logg och scan loggen från Ewido alltså 3 loggar i nästa post.

 

 

 

 

[inlägget ändrat 2005-05-04 19:49:24 av Zipp]

Link to comment
Share on other sites

 

---------------------------------------------------------

ewido security suite - Scan report

---------------------------------------------------------

 

+ Created on: 20:58:05, 2005-05-04

+ Report-Checksum: A3664041

 

+ Date of database: 2005-05-04

+ Version of scan engine: v3.0

 

+ Duration: 50 min

+ Scanned Files: 87244

+ Speed: 28.69 Files/Second

+ Infected files: 13

+ Removed files: 13

+ Files put in quarantine: 13

+ Files that could not be opened: 0

+ Files that could not be cleaned: 0

 

+ Binder: Yes

+ Crypter: Yes

+ Archives: Yes

 

+ Scanned items:

C: D:

+ Scan result:

C:\Documents and Settings\Ägare.DITT-P6D5KSNZKW\Cookies\ägare@cgi-bin[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup

C:\Documents and Settings\Ägare.DITT-P6D5KSNZKW\Cookies\ägare@com[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup

C:\Documents and Settings\Ägare.DITT-P6D5KSNZKW\Cookies\ägare@geocities[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup

C:\Documents and Settings\Ägare.DITT-P6D5KSNZKW\Cookies\ägare@tradedoubler[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup

C:\Documents and Settings\Ägare.DITT-P6D5KSNZKW\Lokala inställningar\Temp\DrTemp\thin-139-1-x-x.exe -> Spyware.BetterInternet -> Cleaned with backup

C:\Documents and Settings\Ägare.DITT-P6D5KSNZKW\Mina dokument\Mina mottagna filer\(app) windows xp KeyGens & Cracks & Appz\WinXP Corp. Key Changer 2.exe -> TrojanSpy.DakrOmen.13 -> Cleaned with backup

C:\Program\Nero_6.3.0.3\Key_Gen\Keygen.exe -> TrojanDropper.Delf.gi -> Cleaned with backup

C:\WINDOWS\jlahhtzutg.exe -> Spyware.BetterInternet -> Cleaned with backup

C:\WINDOWS\kuz.exe/x.bat -> Trojan.Zapchast -> Cleaned with backup

C:\WINDOWS\kuz.exe/trofkz.REG -> Trojan.LowZones.a -> Cleaned with backup

C:\WINDOWS\Nail.exe -> Trojan.Nail -> Cleaned with backup

C:\WINDOWS\te.exe/trofkz.REG -> Trojan.LowZones.a -> Cleaned with backup

C:\WINDOWS\te.exe/x.bat -> Trojan.Zapchast -> Cleaned with backup

 

 

::Report End

 

Link to comment
Share on other sites

 

Logfile of HijackThis v1.99.1

Scan saved at 21:13:57, on 2005-05-04

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\ezSP_Px.exe

C:\Program\Delade filer\Microsoft Shared\Works Shared\WkUFind.exe

C:\Program\Messenger Plus! 3\MsgPlus.exe

C:\HP\KBD\KBD.EXE

C:\windows\system\hpsysdrv.exe

C:\Program\Glocalnet Säkerhetspaket\Common\FSM32.EXE

C:\Program\D-Tools\daemon.exe

C:\Program\ATI Technologies\ATI Control Panel\atiptaxx.exe

C:\WINDOWS\ALCXMNTR.EXE

C:\WINDOWS\system32\ctfmon.exe

C:\Program\MSN Messenger\msnmsgr.exe

C:\Program\Messenger\msmsgs.exe

C:\Program\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe

C:\Program\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe

C:\Program\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe

C:\Program\GLOCAL~1\backweb\1334833\Program\SERVIC~1.EXE

C:\Program\Executive Software\Diskeeper\DkService.exe

C:\Program\ewido\security suite\ewidoctrl.exe

C:\Program\ewido\security suite\ewidoguard.exe

C:\Program\Glocalnet Säkerhetspaket\Anti-Virus\fsgk32st.exe

C:\Program\Glocalnet Säkerhetspaket\Anti-Virus\FSGK32.EXE

C:\Program\Glocalnet Säkerhetspaket\Anti-Virus\fssm32.exe

C:\Program\Glocalnet Säkerhetspaket\backweb\1334833\program\fsbwsys.exe

C:\Program\Glocalnet Säkerhetspaket\fswsclds.exe

C:\Program\Delade filer\Microsoft Shared\VS7Debug\mdm.exe

C:\WINDOWS\System32\svchost.exe

C:\Program\Glocalnet Säkerhetspaket\Common\FSMA32.EXE

C:\Program\Glocalnet Säkerhetspaket\Common\FSMB32.EXE

C:\Program\Glocalnet Säkerhetspaket\Common\FCH32.EXE

C:\Program\Glocalnet Säkerhetspaket\Anti-Virus\fsav32.exe

C:\Program\Glocalnet Säkerhetspaket\Common\FAMEH32.EXE

C:\Program\Glocalnet Säkerhetspaket\backweb\1334833\Program\BackWeb-1334833.exe

C:\Program\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe

C:\Program\Glocalnet Säkerhetspaket\DFW\Program\fsdfwd.exe

C:\Documents and Settings\Ägare.DITT-P6D5KSNZKW\Skrivbord\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.se/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://sv8.hpwis.com/'>http://sv8.hpwis.com/'>http://sv8.hpwis.com/

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://sv8.hpwis.com/

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://sv8.hpwis.com/

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar

F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe

O2 - BHO: (no name) - {00000000-DD60-0064-6EC2-6E0100000000} - (no file)

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: BolgerObj Class - {302A3240-4805-4a34-97D7-1645A0B08410} - C:\WINDOWS\Bolger.dll (file missing)

O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\system32\ezSP_Px.exe

O4 - HKLM\..\Run: [WSSAConfiguration] wmmon32.exe

O4 - HKLM\..\Run: [storageGuard] "C:\Program\Delade filer\Sonic\Update Manager\sgtray.exe" /r

O4 - HKLM\..\Run: [showShifter TVTV EPG Daemon] "C:\Program\Home Media Networks Limited\ShowShifter\TVTVD.exe"

O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE

O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [Microsoft Works Update Detection] "C:\Program\Delade filer\Microsoft Shared\Works Shared\WkUFind.exe"

O4 - HKLM\..\Run: [Microsoft Updates Resources] WinFixIDs.exe

O4 - HKLM\..\Run: [Microsoft Update] wuamgrd.exe

O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program\Messenger Plus! 3\MsgPlus.exe"

O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE

O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe

O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program\Glocalnet Säkerhetspaket\TNB\TNBUtil.exe" /CHECKALL

O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program\Glocalnet Säkerhetspaket\Common\FSM32.EXE" /splash

O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program\D-Tools\daemon.exe" -lang 1033

O4 - HKLM\..\Run: [ATIPTA] "C:\Program\ATI Technologies\ATI Control Panel\atiptaxx.exe"

O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE

O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program\Executive Software\Diskeeper\DkIcon.exe"

O4 - HKLM\..\RunServices: [WSSAConfiguration] wmmon32.exe

O4 - HKLM\..\RunServices: [Microsoft Update] wuamgrd.exe

O4 - HKLM\..\RunServices: [Microsoft Updates Resources] WinFixIDs.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Program\MSN Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [MSMSGS] "C:\Program\Messenger\msmsgs.exe" /background

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe

O4 - Global Startup: hpoddt01.exe.lnk = ?

O4 - Global Startup: Microsoft Office.lnk = C:\Program\Microsoft Office\Office10\OSA.EXE

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O12 - Plugin for .mpeg: C:\Program\Internet Explorer\PLUGINS\npqtplugin4.dll

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409

O16 - DPF: {3AF4DACE-36ED-42EF-9DFC-ADC34DA30CFF} (PatchInstaller.Installer) - file://E:\content\include\XPPatchInstaller.CAB

O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.0 Control) - http://korthuset.seavus.com/ImageUploader3.cab

O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab

O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll

O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: Glocalnet Säkerhetspaket (BackWeb Client - 1334833) - Unknown owner - C:\Program\GLOCAL~1\backweb\1334833\Program\SERVIC~1.EXE

O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program\Executive Software\Diskeeper\DkService.exe

O23 - Service: ewido security suite control - ewido networks - C:\Program\ewido\security suite\ewidoctrl.exe

O23 - Service: ewido security suite guard - ewido networks - C:\Program\ewido\security suite\ewidoguard.exe

O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corp. - C:\Program\Glocalnet Säkerhetspaket\Anti-Virus\fsgk32st.exe

O23 - Service: F-Secure Authentication Agent (FSAA) - Unknown owner - C:\Program\Glocalnet Säkerhetspaket\Common\FSAA.EXE (file missing)

O23 - Service: fsbwsys - F-Secure Corp. - C:\Program\Glocalnet Säkerhetspaket\backweb\1334833\program\fsbwsys.exe

O23 - Service: F-Secure Distributed Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program\Glocalnet Säkerhetspaket\DFW\Program\fsdfwd.exe

O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program\Glocalnet Säkerhetspaket\Common\FSMA32.EXE

O23 - Service: F-Secure Windows Security Center Legacy Detection Service (Fswsclds) - F-Secure Corporation - C:\Program\Glocalnet Säkerhetspaket\fswsclds.exe

O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe

 

 

 

Link to comment
Share on other sites

 

Unzippa du den först i en ny mapp?

 

> Fick meddelande att programet ej var lämpligt att köra <

 

Fick du bara ett sånt meddelande eller stod det nåt annat också.

 

 

 

 

 

[inlägget ändrat 2005-05-04 21:34:24 av Zipp]

[inlägget ändrat 2005-05-04 21:43:06 av Zipp]

Link to comment
Share on other sites

 

"Ej lämplig att köra i dos eller windows program". Ja jag unzippa den i c/ny mapp

 

Link to comment
Share on other sites

Ok..vi prövar utan findit logg.

 

Skapa en ny mapp på C:\ och placera HijackThis.exe dit så C:\HjT\HijackThis.exe

 

(skippa inte greijen ovan)

 

Kopiera texten nedan i notepad

 

 

REGEDIT4

 

[-HKEY_CURRENT_USER\Software\_rtneg3]

[-HKEY_CURRENT_USER\Software\aurora]

[-HKEY_CLASSES_ROOT\CLSID\{0962DA67-DB64-465C-8CD7-CBB357CAF825}]

[-HKEY_CLASSES_ROOT\CLSID\{356B2BD0-D206-4E21-8C85-C6F49409C6A9}]

[-HKEY_CLASSES_ROOT\CLSID\{52ADD86D-9561-4C40-B561-4204DBC139D1}]

[-HKEY_CLASSES_ROOT\CLSID\{999A06FF-10EF-4A29-8640-69E99882C26B}]

[-HKEY_CLASSES_ROOT\Interface\{018C5406-AEE6-4A68-980F-2CEB1E9416FB}]

[-HKEY_CLASSES_ROOT\Interface\{0A7FC040-F84A-4AD7-9439-798B6C0F861E}]

[-HKEY_CLASSES_ROOT\Interface\{32A9D21F-F510-44DC-9EA6-0456EDA04668}]

[-HKEY_CLASSES_ROOT\Interface\{4562B6F3-DAF8-464E-87B7-5464575F0D6A}]

[-HKEY_CLASSES_ROOT\Interface\{C93CC79D-02D5-45B0-BE39-7F5B0E5DDA31}]

[-HKEY_CLASSES_ROOT\Interface\{DA4B919F-B757-4E32-8D79-DEC5C2704C4B}]

[-HKEY_CLASSES_ROOT\trfdsk.amo]

[-HKEY_CLASSES_ROOT\trfdsk.iiittt]

[-HKEY_CLASSES_ROOT\trfdsk.momo]

[-HKEY_CLASSES_ROOT\trfdsk.ohb]

[-HKEY_CLASSES_ROOT\TypeLib\{DA15C9A2-C30A-4761-922A-5DFE7C9A1F67}]

[-HKEY_CURRENT_USER\Software\Bolger]

[-HKEY_CLASSES_ROOT\BolgerDll.BolgerDllObj]

[-HKEY_CLASSES_ROOT\CLSID\{302A3240-4805-4a34-97D7-1645A0B08410}]

[-HKEY_CLASSES_ROOT\Interface\{BB0D5ADC-028D-4185-9288-722DDCE2C757}]

[-HKEY_CLASSES_ROOT\TypeLib\{92DAF5C1-2135-4E0C-B7A0-259ABFCD3904}]

[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Print\Monitors\ZepMon]

 

 

 

Spara den på skrivbordet med namn cleanup.reg och i Filformat sätter du alla filer.

 

Ladda ner KillBox

 

http://www.atribune.org/downloads/KillBox.exe

 

Öppna och bocka i Delete on Reboot

Sen kopiera bägge filer nedan på en gång

 

C:\WINDOWS\Nail.exe

C:\WINDOWS\Bolger.dll

 

Sen i KillBoxen klicka File > Paste from Clipboard

Då ska du se att filer är i KillBoxen

Sen klicka på Delete (röd med vit X på)

Svara Ja på bägge frågor och om inte datorn startar om automatiskt så starta om den.

 

Gå sen direkt i felsäkert läge.

 

Scanna med Hijack bocka i följande rader om dom är kvar och klicka FIX checked

 

F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe

O2 - BHO: (no name) - {00000000-DD60-0064-6EC2-6E0100000000} - (no file)

O2 - BHO: BolgerObj Class - {302A3240-4805-4a34-97D7-1645A0B08410} - C:\WINDOWS\Bolger.dll (file missing)

O4 - HKLM\..\Run: [WSSAConfiguration] wmmon32.exe

O4 - HKLM\..\Run: [Microsoft Updates Resources] WinFixIDs.exe

O4 - HKLM\..\Run: [Microsoft Update] wuamgrd.exe

O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE

O4 - HKLM\..\RunServices: [WSSAConfiguration] wmmon32.exe

O4 - HKLM\..\RunServices: [Microsoft Update] wuamgrd.exe

O4 - HKLM\..\RunServices: [Microsoft Updates Resources] WinFixIDs.exe

 

 

Öppna KillBoxen igen.

Sen Tools > Delete Temp files > Ok

Sen dubbelklicka cleanup.reg på skrivbordet och svara Ja.

 

Starta sen normalt och ny Hijack logg.

 

 

 

 

Link to comment
Share on other sites

 

Logfile of HijackThis v1.99.1

Scan saved at 09:14:23, on 2005-05-05

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\ezSP_Px.exe

C:\Program\Delade filer\Sonic\Update Manager\sgtray.exe

C:\Program\Delade filer\Microsoft Shared\Works Shared\WkUFind.exe

C:\Program\Messenger Plus! 3\MsgPlus.exe

C:\HP\KBD\KBD.EXE

C:\windows\system\hpsysdrv.exe

C:\Program\Glocalnet Säkerhetspaket\Common\FSM32.EXE

C:\Program\D-Tools\daemon.exe

C:\Program\ATI Technologies\ATI Control Panel\atiptaxx.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program\MSN Messenger\msnmsgr.exe

C:\Program\Messenger\msmsgs.exe

C:\Program\Adobe\Acrobat 7.0\Reader\reader_sl.exe

C:\Program\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe

C:\Program\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe

C:\Program\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe

C:\Program\GLOCAL~1\backweb\1334833\Program\SERVIC~1.EXE

C:\Program\Executive Software\Diskeeper\DkService.exe

C:\Program\ewido\security suite\ewidoctrl.exe

C:\Program\ewido\security suite\ewidoguard.exe

C:\Program\Glocalnet Säkerhetspaket\backweb\1334833\Program\BackWeb-1334833.exe

C:\Program\Glocalnet Säkerhetspaket\Anti-Virus\fsgk32st.exe

C:\Program\Glocalnet Säkerhetspaket\Anti-Virus\FSGK32.EXE

C:\Program\Glocalnet Säkerhetspaket\backweb\1334833\program\fsbwsys.exe

C:\Program\Glocalnet Säkerhetspaket\Anti-Virus\fssm32.exe

C:\Program\Glocalnet Säkerhetspaket\fswsclds.exe

C:\Program\Delade filer\Microsoft Shared\VS7Debug\mdm.exe

C:\WINDOWS\System32\svchost.exe

C:\Program\Glocalnet Säkerhetspaket\Common\FSMA32.EXE

C:\Program\Glocalnet Säkerhetspaket\Common\FSMB32.EXE

C:\Program\Glocalnet Säkerhetspaket\Common\FCH32.EXE

C:\Program\Glocalnet Säkerhetspaket\Common\FAMEH32.EXE

C:\Program\Glocalnet Säkerhetspaket\Anti-Virus\fsav32.exe

C:\Program\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe

C:\Program\Glocalnet Säkerhetspaket\DFW\Program\fsdfwd.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program\MSN\MSNCoreFiles\MSN6.EXE

C:\Program\Internet Explorer\iexplore.exe

C:\HJT\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.se/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://sv8.hpwis.com/'>http://sv8.hpwis.com/'>http://sv8.hpwis.com/

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://sv8.hpwis.com/

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://sv8.hpwis.com/

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\system32\ezSP_Px.exe

O4 - HKLM\..\Run: [storageGuard] "C:\Program\Delade filer\Sonic\Update Manager\sgtray.exe" /r

O4 - HKLM\..\Run: [showShifter TVTV EPG Daemon] "C:\Program\Home Media Networks Limited\ShowShifter\TVTVD.exe"

O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE

O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [Microsoft Works Update Detection] "C:\Program\Delade filer\Microsoft Shared\Works Shared\WkUFind.exe"

O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program\Messenger Plus! 3\MsgPlus.exe"

O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE

O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe

O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program\Glocalnet Säkerhetspaket\TNB\TNBUtil.exe" /CHECKALL

O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program\Glocalnet Säkerhetspaket\Common\FSM32.EXE" /splash

O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program\D-Tools\daemon.exe" -lang 1033

O4 - HKLM\..\Run: [ATIPTA] "C:\Program\ATI Technologies\ATI Control Panel\atiptaxx.exe"

O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program\Executive Software\Diskeeper\DkIcon.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Program\MSN Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [MSMSGS] "C:\Program\Messenger\msmsgs.exe" /background

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe

O4 - Global Startup: hpoddt01.exe.lnk = ?

O4 - Global Startup: Microsoft Office.lnk = C:\Program\Microsoft Office\Office10\OSA.EXE

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O12 - Plugin for .mpeg: C:\Program\Internet Explorer\PLUGINS\npqtplugin4.dll

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409

O16 - DPF: {3AF4DACE-36ED-42EF-9DFC-ADC34DA30CFF} (PatchInstaller.Installer) - file://E:\content\include\XPPatchInstaller.CAB

O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.0 Control) - http://korthuset.seavus.com/ImageUploader3.cab

O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab

O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll

O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: Glocalnet Säkerhetspaket (BackWeb Client - 1334833) - Unknown owner - C:\Program\GLOCAL~1\backweb\1334833\Program\SERVIC~1.EXE

O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program\Executive Software\Diskeeper\DkService.exe

O23 - Service: ewido security suite control - ewido networks - C:\Program\ewido\security suite\ewidoctrl.exe

O23 - Service: ewido security suite guard - ewido networks - C:\Program\ewido\security suite\ewidoguard.exe

O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corp. - C:\Program\Glocalnet Säkerhetspaket\Anti-Virus\fsgk32st.exe

O23 - Service: F-Secure Authentication Agent (FSAA) - Unknown owner - C:\Program\Glocalnet Säkerhetspaket\Common\FSAA.EXE (file missing)

O23 - Service: fsbwsys - F-Secure Corp. - C:\Program\Glocalnet Säkerhetspaket\backweb\1334833\program\fsbwsys.exe

O23 - Service: F-Secure Distributed Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program\Glocalnet Säkerhetspaket\DFW\Program\fsdfwd.exe

O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program\Glocalnet Säkerhetspaket\Common\FSMA32.EXE

O23 - Service: F-Secure Windows Security Center Legacy Detection Service (Fswsclds) - F-Secure Corporation - C:\Program\Glocalnet Säkerhetspaket\fswsclds.exe

O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe

 

 

 

Link to comment
Share on other sites

Loggen är ok....om det är ok där också så kan du avinstallera Ewido om du vill och slänga cleanup.reg

 

 

Link to comment
Share on other sites

 

Jag bugar o tackar för hjälpen, poäng till dig och trevlig helg

Mvh perlisan

 

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.



×
×
  • Create New...