Just nu i M3-nätverket
Gå till innehåll

Problem i Windows


GamingHome

Rekommendera Poster

Jag kan endast köra windows XP i felsäkert läge, annars ballar Avira Antivirus ur och frågar vad jag vill göra med t. ex. :

 

winlogon.exe = contains trojan/?

 

mgrs = contains DK?/?

 

mgs = contains TR/?

 

mgr = contains DR/Zlob.32?

 

? = Inget, ett eller flera okända tecken

 

Sedan finns det temporära filer som Avira inte gillar, Avast 4 Pro Trial hittade 1 trojan, Ad-Aware hittade endast 3 MRU Lists.

 

Jag har varken kört spybot search & destroy eller HiJackThis än.

 

Något tips hur jag fixar detta problem ?

 

OBS! Jag har ingen möjlighet till backup...

 

Jag har c:a 270 + 70 GB filer på mina hårddiskar.

 

 

 

Länk till kommentar
Dela på andra webbplatser

Logfile of HijackThis v1.99.1

Scan saved at 09:19:02, on 2007-06-29

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program\Delade filer\Stardock\SDMCP.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\taskmgr.exe

C:\Program\Hijackthis\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://llehs.com/go//?cmp=nm_ff_ron&uid=545BB01A20BE11DC8EB4003048895BFC&nid=ik&guid=70f3eb42+B580076168A3403E8DB683A3D4C4A47E&url=http:%2F%2Fwww.google.se%2Ffirefox%3Fclient=firefox-a%26rls=org.mozilla:sv-SE:official&affid=67602&lid=http>

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar

O3 - Toolbar: Gadgetbar Toolbar - {ad8088d4-219c-40db-b16a-5e53261bed3d} - C:\Program\Gadgetbar\tbGadg.dll

O4 - HKLM\..\Run: [unlockerAssistant] "L:\Program\Unlocker\UnlockerAssistant.exe"

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [mspwr] C:\WINDOWS\system32\PuXpMan.exe

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [iSUSPM Startup] C:\Program\DELADE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program\Delade filer\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program\Java\jre1.6.0_01\bin\jusched.exe"

O4 - HKLM\..\Run: [WinampAgent] L:\Program\Winamp\winampa.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [smgr] mgrs.exe

O4 - HKLM\..\Run: [GPLv3] rundll32.exe "C:\WINDOWS\system32\fqgbdtbr.dll",realset

O4 - HKCU\..\RunOnce: [NeroHomeFirstStart] C:\Program\Delade filer\Ahead\Lib\NMFirstStart.exe

O4 - HKCU\..\RunOnce: [spybotDeletingB7088] command /c del "C:\WINDOWS\system32\winmqx32.dll_tobedeleted_old"

O4 - HKCU\..\RunOnce: [spybotDeletingD8651] cmd /c del "C:\WINDOWS\system32\winmqx32.dll_tobedeleted_old"

O4 - Global Startup: Fantastic Flame Agent.lnk = ?

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.6.0_01\bin\npjpi160_01.dll

O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.6.0_01\bin\npjpi160_01.dll

O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program\Delade filer\SourceTec\SWF Catcher\InternetExplorer.htm

O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program\Delade filer\SourceTec\SWF Catcher\InternetExplorer.htm

O16 - DPF: {6CCE3920-3183-4B3D-808A-B12EB769DE12} (CSS Web Installer Class) - http://www.commandondemand.com/eval/cod/cabs/cssweb.cab

O16 - DPF: {BF985246-09BF-11D2-BE62-006097DF57F6} (SimCityX Control) - http://simcity.ea.com/play/classic/SimCityX.cab

O16 - DPF: {EFAEF0E4-F044-4D57-9900-1C3FF18524C9} (AV Class) - http://www.pcpitstop.com/antivirus/PitPav.cab

O21 - SSODL: IconPackager Repair - {1799460C-0BC8-4865-B9DF-4A36CD703FF0} - C:\WINDOWS\system32\iprepair.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program\Delade filer\Acronis\Schedule2\schedul2.exe

O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program\ANI\ANIWZCS2 Service\ANIWZCSdS.exe

O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - L:\Annat\Antivirus\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - L:\Annat\Antivirus\AntiVir PersonalEdition Classic\avguard.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Program\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: Boonty Games - BOONTY - C:\Program\Delade filer\BOONTY Shared\Service\Boonty.exe

O23 - Service: DomainService - Unknown owner - C:\WINDOWS\system32\grfqcebp.exe (file missing)

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program\Delade filer\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: InCD Helper (InCDsrv) - Nero AG - L:\Program\Nero 7\Nero 7\InCD\InCDsrv.exe

O23 - Service: iPodService - Apple Computer, Inc. - C:\Program\iPod\bin\iPodService.exe

O23 - Service: Lookout Citadel Server (LkCitadelServer) - National Instruments, Inc. - C:\WINDOWS\system32\lkcitdl.exe

O23 - Service: National Instruments PSP Server Locator (lkClassAds) - National Instruments, Inc. - C:\WINDOWS\system32\lkads.exe

O23 - Service: National Instruments Time Synchronization (lkTimeSync) - National Instruments, Inc. - C:\WINDOWS\system32\lktsrv.exe

O23 - Service: Stardock Multiplicity (Multiplicity) - Unknown owner - C:\Program\Stardock\THINKD~1\MULTIP~1\MULTIS~2.EXE

O23 - Service: NBService - Nero AG - L:\Program\Nero 7\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: National Instruments Domain Service (NIDomainService) - National Instruments, Inc. - L:\Program\National Instruments\Shared\Security\nidmsrv.exe

O23 - Service: NI Service Locator (niSvcLoc) - National Instruments Corp. - C:\WINDOWS\system32\nisvcloc.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\SNDSrvc.exe

O23 - Service: SRS Labs License Service - SRS Labs - C:\Program\Delade filer\SRS Labs Shared\Service\srslabslicenseservice.exe

O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - L:\Program\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\Security Center\SymWSC.exe

O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program\Delade filer\Ulead Systems\DVD\ULCDRSvr.exe

 

När jag valt vad som skulle fixas kom denna ruta upp :

 

Unexpected error occurred!

Error #52 (Bad file name or number) in Sub GetLongPath(?.exe).

 

Please send a report to merijn@spywareinfo.com, mentioning what you were doing, and what version of Windows you have.

 

This message has been copied to your clipboard.

 

Jag försökte köra SpyBot, men han hittar helt andra fel

 

 

 

Nu så går det att köra lite normalt med undantag :

 

svchost.exe | NETWORK SERVICE

 

krashar ibland och då måste jag avsluta den processen (OBS ! Endast Tillfällig Lösning) annars startas datorn om p.g.a. ett meddelande som säger ungefär så här :

 

Systemet håller på att avslutas.

Spara viktiga data

00.59

 

Någon hjälp ?

 

Länk till kommentar
Dela på andra webbplatser

 

det finns en del problem ja

 

http://downloads.andymanchesta.com/RemovalTools/SDFix.exe

spara SDFix.exe på skrivbordet >klicka på SDFix.exe >sdfixen packas upp här: C:\SDFix.

 

starta om i felsäkert läge (F8) >gå hit: C:\SDFix >klicka på runthis.bat >välj y.

 

när scanningen är klar så tryck på valfri tangent för att starta om.

när det står finished så tryck på valfri tangent. en logg kommer automatiskt att visas, kopiera in loggen här.

 

Länk till kommentar
Dela på andra webbplatser

 

SDFix: Version 1.88

 

Run by Administrat”r on 2007-06-29 at 19:55

 

Microsoft Windows XP [Version 5.1.2600]

 

Running From: C:\SDFIX\SDFix

 

Safe Mode:

Checking Services:

 

Name:

NtmlSvc

 

ImagePath:

%SystemRoot%\System32\svchost.exe -k netsvcs

 

NtmlSvc - Deleted

 

 

 

Modified Winlogon.exe Found!

 

Winlogon Files Found:

 

C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe

C:\WINDOWS\ServicePackFiles\i386\winlogon.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\dllcache\winlogon.exe

 

Infected Files Listed Below:

 

C:\WINDOWS\system32\winlogon.exe

 

 

Restoring Windows Registry Values

Restoring Windows Default Hosts File

 

Rebooting...

 

Service xpdx - Deleted after Reboot

 

Normal Mode:

Checking Files:

 

Below files will be copied to Backups folder then removed:

 

C:\189503~1 - Deleted

C:\WINDOWS\SYSTEM32\IALMCOIN.DLL - Deleted

C:\WINDOWS\Temp\win1236.tmp.exe - Deleted

C:\WINDOWS\Temp\win1236.tmp.exe - Deleted

C:\Program\Delade filer\Microsoft Shared\Web Folders\ibm00001.dll - Deleted

C:\WINDOWS\b122.exe - Deleted

C:\WINDOWS\mgrs.exe - Deleted

C:\WINDOWS\system32\drivers\asc3550u.sys - Deleted

C:\WINDOWS\system32\drivers\kcp.sys - Deleted

C:\WINDOWS\Temp\$_2341233.TMP - Deleted

C:\WINDOWS\Temp\$_2341234.TMP - Deleted

C:\WINDOWS\Temp\$b17a2e8.tmp - Deleted

C:\WINDOWS\system32\xpdx.sys - Deleted

 

 

 

Removing Temp Files...

 

ADS Check:

 

Checking C:\WINDOWS

C:\WINDOWS

No streams found.

 

Checking C:\WINDOWS\system32

C:\WINDOWS\system32

No streams found.

 

Checking C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

No streams found.

 

Checking C:\WINDOWS\system32\ntoskrnl.exe

C:\WINDOWS\system32\ntoskrnl.exe

No streams found.

 

 

 

Final Check:

 

Remaining Services:

------------------

 

 

 

Authorized Application Key Export:

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"C:\\Program\\TrackMania Sunrise\\TmSunrise.exe"="C:\\Program\\TrackMania Sunrise\\TmSunrise.exe:*:Enabled:TmSunrise"

"C:\\Program\\TrackMania\\TrackMania.exe"="C:\\Program\\TrackMania\\TrackMania.exe:*:Enabled:TrackMania"

"C:\\WINDOWS\\system32\\xpvss.scr"="C:\\WINDOWS\\system32\\xpvss.scr:*:Enabled:xpvss"

"C:\\Program\\Windows Media Player\\wmplayer.exe"="C:\\Program\\Windows Media Player\\wmplayer.exe:*:Enabled:Windows Media Player"

"C:\\Program\\TrackMania Nations ESWC\\TmNationsESWC.exe"="C:\\Program\\TrackMania Nations ESWC\\TmNationsESWC.exe:*:Enabled:TmNationsESWC"

"K:\\DC++\\DCPlusPlus.exe"="K:\\DC++\\DCPlusPlus.exe:*:Enabled:DC++"

"C:\\Program\\Kazaa\\kazaa.exe"="C:\\Program\\Kazaa\\kazaa.exe:*:Enabled:Kazaa"

"D:\\apple\\iTunes.exe"="D:\\apple\\iTunes.exe:*:Enabled:iTunes"

"L:\\Internet Download Manager\\IDMan.exe"="L:\\Internet Download Manager\\IDMan.exe:*:Enabled:Internet Download Manager Application (IDM)"

"L:\\Spel\\kulic\\kulic-win32src\\DONE\\Kulic.exe"="L:\\Spel\\kulic\\kulic-win32src\\DONE\\Kulic.exe:*:Enabled:Kulic - Win32 Allegro game"

"C:\\Program\\BoontyGames\\MachineHell\\MachineHell.exe"="C:\\Program\\BoontyGames\\MachineHell\\MachineHell.exe:*:Enabled: Play"

"C:\\Program\\LimeWire\\LimeWire.exe"="C:\\Program\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"

"L:\\Program\\BitTorrent\\bittorrent.exe"="L:\\Program\\BitTorrent\\bittorrent.exe:*:Enabled:BitTorrent"

"C:\\Program\\Delade filer\\Ahead\\Nero Web\\SetupX.exe"="C:\\Program\\Delade filer\\Ahead\\Nero Web\\SetupX.exe:*:Enabled:Nero ProductSetup"

"C:\\Program\\HbTools\\Bin\\4.8.0.0\\Cml.exe"="C:\\Program\\HbTools\\Bin\\4.8.0.0\\Cml.exe:*:Enabled:Cml.exe"

"C:\\Program\\HbTools\\Bin\\4.7.0.0\\Cml.exe"="C:\\Program\\HbTools\\Bin\\4.7.0.0\\Cml.exe:*:Enabled:Cml.exe"

"C:\\Program\\HbTools\\Bin\\4.8.0.0\\HbtGuard.exe"="C:\\Program\\HbTools\\Bin\\4.8.0.0\\HbtGuard.exe:*:Enabled:HbtGuard.exe"

"C:\\Program\\HbTools\\Bin\\4.7.0.0\\HbtGuard.exe"="C:\\Program\\HbTools\\Bin\\4.7.0.0\\HbtGuard.exe:*:Enabled:HbtGuard.exe"

"C:\\Program\\HbTools\\Bin\\4.8.0.0\\HbtOEAddOn.exe"="C:\\Program\\HbTools\\Bin\\4.8.0.0\\HbtOEAddOn.exe:*:Enabled:HbtOEAddOn.exe"

"C:\\Program\\HbTools\\Bin\\4.7.0.0\\HbtOEAddOn.exe"="C:\\Program\\HbTools\\Bin\\4.7.0.0\\HbtOEAddOn.exe:*:Enabled:HbtOEAddOn.exe"

"C:\\Program\\HbTools\\Bin\\4.8.0.0\\HbtSrv.exe"="C:\\Program\\HbTools\\Bin\\4.8.0.0\\HbtSrv.exe:*:Enabled:HbtSrv.exe"

"C:\\Program\\HbTools\\Bin\\4.7.0.0\\HbtSrv.exe"="C:\\Program\\HbTools\\Bin\\4.7.0.0\\HbtSrv.exe:*:Enabled:HbtSrv.exe"

"C:\\Program\\HbTools\\HBTV\\HBTV.exe"="C:\\Program\\HbTools\\HBTV\\HBTV.exe:*:Enabled:HBTV.exe"

"C:\\Program\\HbTools\\Bin\\4.8.0.0\\HbtWeatherOnTray.exe"="C:\\Program\\HbTools\\Bin\\4.8.0.0\\HbtWeatherOnTray.exe:*:Enabled:HbtWeatherOnTray.exe"

"C:\\Program\\HbTools\\Bin\\4.7.0.0\\HbtWeatherOnTray.exe"="C:\\Program\\HbTools\\Bin\\4.7.0.0\\HbtWeatherOnTray.exe:*:Enabled:HbtWeatherOnTray.exe"

"C:\\WINDOWS\\system32\\P2P Networking\\P2P Networking.exe"="C:\\WINDOWS\\system32\\P2P Networking\\P2P Networking.exe:*:Enabled:P2P Networking"

"C:\\Program\\HbTools\\Bin\\4.7.0.0\\ShprRprtHbt.exe"="C:\\Program\\HbTools\\Bin\\4.7.0.0\\ShprRprtHbt.exe:*:Enabled:ShprRprtHbt.exe"

"D:\\Program\\Atari\\Terminator 3 - War of the Machines\\t3.exe"="D:\\Program\\Atari\\Terminator 3 - War of the Machines\\t3.exe:*:Enabled:T3"

"MULTIPL.EXE"="MULTIPL.EXE:LocalSubNet:Enabled:Multiplicity"

"C:\\WINDOWS\\system32\\grfqcebp.exe"="C:\\WINDOWS\\system32\\grf"

"C:\\DOCUME~1\\GAREN~1\\LOKALA~1\\Temp\\win18F.tmp.exe"="C:\\DOCUME~1\\GAREN~1\\LOKALA~1\\Temp\\win18F.tmp.exe:*:Enabled:win18F.tmp"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

 

Remaining Files:

---------------

 

Backups Folder: - C:\SDFIX\SDFix\backups\backups.zip

 

Listing Files with Hidden Attributes:

 

C:\Program\www.devilived.com\Tube Twist\gamefiles\client\ui\images\Thumbs.db

C:\Program\www.devilived.com\Tube Twist\gamefiles\client\ui\images\buttons\Thumbs.db

C:\Program\www.devilived.com\Tube Twist\gamefiles\client\ui\images\ending\Thumbs.db

C:\Program\www.devilived.com\Tube Twist\gamefiles\client\ui\images\intro\Thumbs.db

C:\Program\www.devilived.com\Tube Twist\gamefiles\client\ui\images\trayIcons\Thumbs.db

C:\Program\www.devilived.com\Tube Twist\gamefiles\data\missions\images\Thumbs.db

C:\Program\www.devilived.com\Tube Twist\gamefiles\data\particles\Thumbs.db

C:\Program\www.devilived.com\Tube Twist\gamefiles\data\rooms\Thumbs.db

C:\Program\www.devilived.com\Tube Twist\gamefiles\data\skies\Thumbs.db

C:\Program\www.devilived.com\Tube Twist\gamefiles\data\tubes\default\Thumbs.db

C:\Program\www.devilived.com\Tube Twist\language\english\images\Thumbs.db

C:\Program\www.devilived.com\Tube Twist\language\english\models\Thumbs.db

C:\Documents and Settings\Žgaren\Application Data\Macromedia\Shockwave Player\xtras\download\AndradeArts\Music\BASSMOD.dll

C:\Documents and Settings\Žgaren\Application Data\Microsoft\Virtual PC\VPCKeyboard.dll

C:\Program\Autodesk\Autodesk DWF Viewer\_Setupx.dll

C:\Program\Autodesk\Autodesk DWF Viewer\Setup.exe

C:\Program\Internet Explorer\iexplore.exe

C:\Program\Messenger\msmsgs.exe

C:\Program\Outlook Express\msimn.exe

C:\WINDOWS\SMINST\HPCD.SYS

C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp

C:\Documents and Settings\Žgaren\Skrivbord\Stuff\Annat\Annat2\~WRL1004.tmp

C:\WINDOWS\system32\ldnryqwr.tmp

C:\WINDOWS\system32\sttss.tmp

 

Listing User Accounts:

 

 

Administrat”r ASPNET G„st

Hj„lpassistent SUPPORT_388945a0 SUPPORT_fddfa904

Žgaren

Kommandot har utf”rts.

 

 

Finished

 

 

 

Länk till kommentar
Dela på andra webbplatser

 

ta bort dessa filer

 

C:\WINDOWS\system32\ldnryqwr.tmp

C:\WINDOWS\system32\sttss.tmp

 

hämta denna fil >spara den på skrivbordet.

http://siri.urz.free.fr/Fix/SmitfraudFix.exe

 

dubbelklicka på exe filen >välj tillåt om brandväggen frågar >klicka på valfri tangent >skriv 1 >enter.

posta loggen som visas automatiskt

 

Länk till kommentar
Dela på andra webbplatser

C:\WINDOWS\system32\ldnryqwr.tmp

C:\WINDOWS\system32\sttss.tmp

 

Ovanstående filer finns inte.

 

 

Länk till kommentar
Dela på andra webbplatser

SmitFraudFix v2.197

 

Scan done at 16:39:27,15, 2007-06-30

Run from L:\Program\Gozilla\Mozilla Firefox\SmitfraudFix

OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT

The filesystem type is NTFS

Fix run in normal mode

 

»»»»»»»»»»»»»»»»»»»»»»»» Process

 

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program\Alwil Software\Avast4\aswUpdSv.exe

C:\Program\Delade filer\Stardock\SDMCP.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Program\Delade filer\Acronis\Schedule2\schedul2.exe

C:\Program\ANI\ANIWZCS2 Service\ANIWZCSdS.exe

C:\WINDOWS\system32\cisvc.exe

C:\WINDOWS\system32\lkcitdl.exe

C:\WINDOWS\system32\lkads.exe

C:\WINDOWS\system32\lktsrv.exe

C:\Program\Stardock\THINKD~1\MULTIP~1\MULTIS~2.EXE

C:\WINDOWS\system32\nisvcloc.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\System32\snmp.exe

C:\WINDOWS\System32\svchost.exe

C:\Program\Delade filer\Ulead Systems\DVD\ULCDRSvr.exe

C:\WINDOWS\system32\MsPMSPSv.exe

C:\Program\Eraser\eraser.exe

C:\Program\DAEMON Tools\daemon.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\cidaemon.exe

L:\Program\Gozilla\Mozilla Firefox\firefox.exe

C:\WINDOWS\system32\rundll32.exe

C:\WINDOWS\system32\cmd.exe

 

»»»»»»»»»»»»»»»»»»»»»»»» hosts

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Žgaren

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Žgaren\Application Data

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Start Menu

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\GAREN~1\FAVORI~1

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Desktop

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\Program

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]

"Source"="About:Home"

"SubscribedURL"="About:Home"

"FriendlyName"="Min aktuella startsida"

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler

!!!Attention, following keys are not inevitably infected!!!

 

SrchSTS.exe by S!Ri

Search SharedTaskScheduler's .dll

 

 

»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs

!!!Attention, following keys are not inevitably infected!!!

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"AppInit_DLLs"="wbsys.dll"

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System

!!!Attention, following keys are not inevitably infected!!!

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]

"System"=""

"Startup"="MCPSystemStartup"

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Rustock

 

 

 

»»»»»»»»»»»»»»»»»»»»»»»» DNS

 

Description: NVIDIA nForce MCP Networking Adapter - Miniport för paketschemaläggning

DNS Server Search Order: 192.168.1.254

DNS Server Search Order: 192.168.0.1

 

HKLM\SYSTEM\CCS\Services\Tcpip\..\{DFEF0C55-549D-442B-9587-E0287C9C5DE4}: DhcpNameServer=192.168.1.254 192.168.0.1

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection

 

 

»»»»»»»»»»»»»»»»»»»»»»»» End

 

 

 

 

Länk till kommentar
Dela på andra webbplatser

************************* Rustock.b-fix v. 1.01 -- By ejvindh *************************

2007-06-30 23:25:07,67

 

No Rustock.b-rootkits found

 

******************************* End of Logfile ********************************

 

 

 

Länk till kommentar
Dela på andra webbplatser

ja, det va ju som väntat.

kan du starta normalt nu utan problem?

varnar antivir för C:\WINDOWS\system32\winlogon.exe?

 

ta bort avast då du redan har antivir och det är bara högerklicka på det det röda paraplyet för att inaktivera skyddet i antivir

 

posta en ny HJT logg

 

 

[inlägget ändrat 2007-06-30 23:50:36 av 927]

Länk till kommentar
Dela på andra webbplatser

GamingHome

kan du starta normalt nu utan problem?

NEJ

 

varnar antivir för C:\WINDOWS\system32\winlogon.exe?

JA

 

 

Jag har kört avast för att se om det kunde hlälpa mig.

 

postar snart en ny HJT logg

 

 

Länk till kommentar
Dela på andra webbplatser

GamingHome

Logfile of HijackThis v1.99.1

Scan saved at 07:51:41, on 2007-07-01

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program\Delade filer\Stardock\SDMCP.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program\Delade filer\Acronis\Schedule2\schedul2.exe

C:\Program\ANI\ANIWZCS2 Service\ANIWZCSdS.exe

L:\Annat\Antivirus\AntiVir PersonalEdition Classic\sched.exe

C:\WINDOWS\system32\cisvc.exe

C:\WINDOWS\Explorer.EXE

L:\Program\Nero 7\Nero 7\InCD\InCDsrv.exe

C:\WINDOWS\system32\lkcitdl.exe

C:\WINDOWS\system32\lkads.exe

C:\WINDOWS\system32\lktsrv.exe

C:\Program\Stardock\THINKD~1\MULTIP~1\MULTIS~2.EXE

L:\Program\National Instruments\Shared\Security\nidmsrv.exe

C:\WINDOWS\system32\nisvcloc.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\System32\snmp.exe

L:\Program\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

C:\WINDOWS\System32\svchost.exe

C:\Program\Delade filer\Ulead Systems\DVD\ULCDRSvr.exe

C:\WINDOWS\system32\MsPMSPSv.exe

L:\Program\Unlocker\UnlockerAssistant.exe

L:\Program\LClock\lclock.exe

L:\Program\Batalisk\RegSentry\RegSentry.exe

L:\Program\Ashampoo\Ashampoo UnInstaller Platinum Suite\UIWatcher.exe

C:\Program\Eraser\eraser.exe

C:\Program\DAEMON Tools\daemon.exe

C:\WINDOWS\system32\wuauclt.exe

L:\Program\SpeedItUpExtreme\SpeedItUpEx.exe

C:\WINDOWS\System32\svchost.exe

C:\Program\Hijackthis\HijackThis.exe

 

R3 - URLSearchHook: Gadgetbar Toolbar - {ad8088d4-219c-40db-b16a-5e53261bed3d} - C:\Program\Gadgetbar\tbGadg.dll

O3 - Toolbar: Gadgetbar Toolbar - {ad8088d4-219c-40db-b16a-5e53261bed3d} - C:\Program\Gadgetbar\tbGadg.dll

O4 - HKLM\..\Run: [unlockerAssistant] "L:\Program\Unlocker\UnlockerAssistant.exe"

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [GPLv3] rundll32.exe "C:\WINDOWS\system32\qyhjdayv.dll",realset

O4 - HKCU\..\Run: [LClock] L:\Program\LClock\lclock.exe

O4 - HKCU\..\Run: [RegSentry] L:\Program\Batalisk\RegSentry\RegSentry.exe -tray

O4 - HKCU\..\Run: [uIWatcher] L:\Program\Ashampoo\Ashampoo UnInstaller Platinum Suite\UIWatcher.exe

O4 - HKCU\..\Run: [Eraser] C:\Program\Eraser\eraser.exe -hide

O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program\DAEMON Tools\daemon.exe" -lang 1033

O4 - HKCU\..\Run: [My Movie Desktop] C:\Program\My Movie Desktop\mmd.exe

O4 - HKCU\..\Run: [uteb] "C:\DOCUME~1\GAREN~1\MINADO~1\MANTEC~1\wucrtupd.exe" -vt yazb

O4 - HKCU\..\Run: [speedItUpEX] "L:\Program\SpeedItUpExtreme\SpeedItUpEx.exe" -MINI

O8 - Extra context menu item: Download all links using BitComet - res://L:\Annat\BC\BitComet.exe/AddAllLink.htm

O8 - Extra context menu item: Download all videos using BitComet - res://L:\Annat\BC\BitComet.exe/AddVideo.htm

O8 - Extra context menu item: Download link using &BitComet - res://L:\Annat\BC\BitComet.exe/AddLink.htm

O8 - Extra context menu item: Sothink SWF Catcher - C:\Program\Delade filer\SourceTec\SWF Catcher\InternetExplorer.htm

O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program\Delade filer\SourceTec\SWF Catcher\InternetExplorer.htm

O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program\Delade filer\SourceTec\SWF Catcher\InternetExplorer.htm

O16 - DPF: {BF985246-09BF-11D2-BE62-006097DF57F6} (SimCityX Control) - http://simcity.ea.com/play/classic/SimCityX.cab

O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program\Delade filer\Acronis\Schedule2\schedul2.exe

O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program\ANI\ANIWZCS2 Service\ANIWZCSdS.exe

O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - L:\Annat\Antivirus\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - L:\Annat\Antivirus\AntiVir PersonalEdition Classic\avguard.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program\Delade filer\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: InCD Helper (InCDsrv) - Nero AG - L:\Program\Nero 7\Nero 7\InCD\InCDsrv.exe

O23 - Service: Lookout Citadel Server (LkCitadelServer) - National Instruments, Inc. - C:\WINDOWS\system32\lkcitdl.exe

O23 - Service: National Instruments PSP Server Locator (lkClassAds) - National Instruments, Inc. - C:\WINDOWS\system32\lkads.exe

O23 - Service: National Instruments Time Synchronization (lkTimeSync) - National Instruments, Inc. - C:\WINDOWS\system32\lktsrv.exe

O23 - Service: Stardock Multiplicity (Multiplicity) - Unknown owner - C:\Program\Stardock\THINKD~1\MULTIP~1\MULTIS~2.EXE

O23 - Service: National Instruments Domain Service (NIDomainService) - National Instruments, Inc. - L:\Program\National Instruments\Shared\Security\nidmsrv.exe

O23 - Service: NI Service Locator (niSvcLoc) - National Instruments Corp. - C:\WINDOWS\system32\nisvcloc.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\SNDSrvc.exe

O23 - Service: SRS Labs License Service - SRS Labs - C:\Program\Delade filer\SRS Labs Shared\Service\srslabslicenseservice.exe

O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - L:\Program\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\Security Center\SymWSC.exe

O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program\Delade filer\Ulead Systems\DVD\ULCDRSvr.exe

 

 

 

 

Länk till kommentar
Dela på andra webbplatser

 

du har en ok winlogon.exe här

C:\WINDOWS\system32\dllcache\winlogon.exe

 

jag har aldrig gjort detta men jag antar att detta är ett alternativ

http://support.microsoft.com/kb/310747

http://www.updatexp.com/scannow-sfc.html

 

det finns lite skräp kvar i loggen.

hämta detta program, spara det på skrivbordet.

http://www.atribune.org/ccount/click.php?id=4

 

starta programmet >klicka på scan for vundo >klicka på remove vundo.

välj ta bort filerna, vid fråga.

starta om.

posta loggen som finns här C:\vundofix.txt

 

Länk till kommentar
Dela på andra webbplatser

GamingHome

 

 

VundoFix V6.5.4

 

Checking Java version...

 

Sun Java not detected

Scan started at 16:46:03 2007-07-01

 

Listing files found while scanning....

 

C:\windows\system32\avaipxbk.ini

C:\windows\system32\avaipxbk.tmp

C:\WINDOWS\system32\ayvyijdp.dll

C:\windows\system32\baeqetnm.dll

C:\windows\system32\bbdunyuf.exe

C:\windows\system32\bbledbpw.dll

C:\windows\system32\bpwkdpmc.exe

C:\windows\system32\ccremtyk.ini

C:\windows\system32\cvkffyak.dll

C:\windows\system32\cvvhocrl.dll

C:\windows\system32\ddavrvcp.ini

C:\windows\system32\ddfynhbj.ini

C:\windows\system32\dkcelnno.exe

C:\windows\system32\drandvxj.ini

C:\windows\system32\efwktpdk.ini

C:\windows\system32\fqgbdtbr.dll

C:\windows\system32\grlbbqtx.exe

C:\windows\system32\hoslwsph.exe

C:\WINDOWS\system32\hujryugn.dll

C:\windows\system32\idqilrlm.exe

C:\windows\system32\igmjopit.exe

C:\windows\system32\iivxtxbq.exe

C:\windows\system32\iqylgywq.ini

C:\windows\system32\jbhnyfdd.dll

C:\windows\system32\jjwtmlik.exe

C:\windows\system32\jxvdnard.dll

C:\windows\system32\kbxpiava.dll

C:\windows\system32\kdptkwfe.dll

C:\windows\system32\kgjmfnux.exe

C:\windows\system32\khfddby.dll

C:\windows\system32\kytmercc.dll

C:\windows\system32\ldnryqwr.tmp

C:\windows\system32\lrcohvvc.ini

C:\windows\system32\lrjemapn.exe

C:\windows\system32\ltllqdku.dll

C:\windows\system32\mdnjyabd.dll

C:\windows\system32\mjofwemn.dll

C:\windows\system32\mlquawoe.exe

C:\windows\system32\mnteqeab.ini

C:\windows\system32\nmewfojm.ini

C:\windows\system32\pcvrvadd.dll

C:\WINDOWS\system32\pdjiyvya.ini

C:\windows\system32\poqlooqs.exe

C:\windows\system32\qomliih.dll

C:\WINDOWS\system32\qomnkjg.dll

C:\windows\system32\qwyglyqi.dll

C:\windows\system32\qyhjdayv.dll

C:\windows\system32\qyrhxkrv.ini

C:\windows\system32\rbtdbgqf.ini

C:\windows\system32\rwqyrndl.dll

C:\windows\system32\scrwiyvl.exe

C:\windows\system32\spdvsqws.exe

C:\WINDOWS\system32\sstts.dll

C:\windows\system32\stkelewj.exe

C:\windows\system32\sttss.bak1

C:\windows\system32\sttss.bak2

C:\windows\system32\sttss.ini

C:\windows\system32\sttss.ini2

C:\windows\system32\sttss.tmp

C:\windows\system32\tntmtkav.ini

C:\windows\system32\ufaohlqt.exe

C:\windows\system32\ujbdbbib.exe

C:\windows\system32\ukdqlltl.ini

C:\windows\system32\vaktmtnt.dll

C:\windows\system32\wpbdelbb.ini

C:\windows\system32\vrkxhryq.dll

C:\windows\system32\wryvckmp.exe

C:\windows\system32\vyadjhyq.ini

C:\windows\system32\xooffhbl.exe

C:\windows\system32\ykedwpdg.exe

C:\windows\system32\ytvcxatc.exe

C:\windows\system32\yutqtlvn.exe

 

Beginning removal...

 

Attempting to delete C:\windows\system32\avaipxbk.ini

C:\windows\system32\avaipxbk.ini Has been deleted!

 

Attempting to delete C:\windows\system32\avaipxbk.tmp

C:\windows\system32\avaipxbk.tmp Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\ayvyijdp.dll

C:\WINDOWS\system32\ayvyijdp.dll Could not be deleted.

 

Attempting to delete C:\windows\system32\baeqetnm.dll

C:\windows\system32\baeqetnm.dll Has been deleted!

 

Attempting to delete C:\windows\system32\bbdunyuf.exe

C:\windows\system32\bbdunyuf.exe Has been deleted!

 

Attempting to delete C:\windows\system32\bbledbpw.dll

C:\windows\system32\bbledbpw.dll Has been deleted!

 

Attempting to delete C:\windows\system32\bpwkdpmc.exe

C:\windows\system32\bpwkdpmc.exe Has been deleted!

 

Attempting to delete C:\windows\system32\ccremtyk.ini

C:\windows\system32\ccremtyk.ini Has been deleted!

 

Attempting to delete C:\windows\system32\cvkffyak.dll

C:\windows\system32\cvkffyak.dll Has been deleted!

 

Attempting to delete C:\windows\system32\cvvhocrl.dll

C:\windows\system32\cvvhocrl.dll Has been deleted!

 

Attempting to delete C:\windows\system32\ddavrvcp.ini

C:\windows\system32\ddavrvcp.ini Has been deleted!

 

Attempting to delete C:\windows\system32\ddfynhbj.ini

C:\windows\system32\ddfynhbj.ini Has been deleted!

 

Attempting to delete C:\windows\system32\dkcelnno.exe

C:\windows\system32\dkcelnno.exe Has been deleted!

 

Attempting to delete C:\windows\system32\drandvxj.ini

C:\windows\system32\drandvxj.ini Has been deleted!

 

Attempting to delete C:\windows\system32\efwktpdk.ini

C:\windows\system32\efwktpdk.ini Has been deleted!

 

Attempting to delete C:\windows\system32\fqgbdtbr.dll

C:\windows\system32\fqgbdtbr.dll Has been deleted!

 

Attempting to delete C:\windows\system32\grlbbqtx.exe

C:\windows\system32\grlbbqtx.exe Has been deleted!

 

Attempting to delete C:\windows\system32\hoslwsph.exe

C:\windows\system32\hoslwsph.exe Has been deleted!

 

Attempting to delete C:\windows\system32\idqilrlm.exe

C:\windows\system32\idqilrlm.exe Has been deleted!

 

Attempting to delete C:\windows\system32\igmjopit.exe

C:\windows\system32\igmjopit.exe Has been deleted!

 

Attempting to delete C:\windows\system32\iivxtxbq.exe

C:\windows\system32\iivxtxbq.exe Has been deleted!

 

Attempting to delete C:\windows\system32\iqylgywq.ini

C:\windows\system32\iqylgywq.ini Has been deleted!

 

Attempting to delete C:\windows\system32\jbhnyfdd.dll

C:\windows\system32\jbhnyfdd.dll Has been deleted!

 

Attempting to delete C:\windows\system32\jjwtmlik.exe

C:\windows\system32\jjwtmlik.exe Has been deleted!

 

Attempting to delete C:\windows\system32\jxvdnard.dll

C:\windows\system32\jxvdnard.dll Has been deleted!

 

Attempting to delete C:\windows\system32\kbxpiava.dll

C:\windows\system32\kbxpiava.dll Has been deleted!

 

Attempting to delete C:\windows\system32\kdptkwfe.dll

C:\windows\system32\kdptkwfe.dll Has been deleted!

 

Attempting to delete C:\windows\system32\kgjmfnux.exe

C:\windows\system32\kgjmfnux.exe Has been deleted!

 

Attempting to delete C:\windows\system32\khfddby.dll

C:\windows\system32\khfddby.dll Has been deleted!

 

Attempting to delete C:\windows\system32\kytmercc.dll

C:\windows\system32\kytmercc.dll Has been deleted!

 

Attempting to delete C:\windows\system32\ldnryqwr.tmp

C:\windows\system32\ldnryqwr.tmp Has been deleted!

 

Attempting to delete C:\windows\system32\lrcohvvc.ini

C:\windows\system32\lrcohvvc.ini Has been deleted!

 

Attempting to delete C:\windows\system32\lrjemapn.exe

C:\windows\system32\lrjemapn.exe Has been deleted!

 

Attempting to delete C:\windows\system32\ltllqdku.dll

C:\windows\system32\ltllqdku.dll Has been deleted!

 

Attempting to delete C:\windows\system32\mdnjyabd.dll

C:\windows\system32\mdnjyabd.dll Has been deleted!

 

Attempting to delete C:\windows\system32\mjofwemn.dll

C:\windows\system32\mjofwemn.dll Has been deleted!

 

Attempting to delete C:\windows\system32\mlquawoe.exe

C:\windows\system32\mlquawoe.exe Has been deleted!

 

Attempting to delete C:\windows\system32\mnteqeab.ini

C:\windows\system32\mnteqeab.ini Has been deleted!

 

Attempting to delete C:\windows\system32\nmewfojm.ini

C:\windows\system32\nmewfojm.ini Has been deleted!

 

Attempting to delete C:\windows\system32\pcvrvadd.dll

C:\windows\system32\pcvrvadd.dll Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\pdjiyvya.ini

C:\WINDOWS\system32\pdjiyvya.ini Has been deleted!

 

Attempting to delete C:\windows\system32\poqlooqs.exe

C:\windows\system32\poqlooqs.exe Has been deleted!

 

Attempting to delete C:\windows\system32\qomliih.dll

C:\windows\system32\qomliih.dll Has been deleted!

 

Attempting to delete C:\windows\system32\qwyglyqi.dll

C:\windows\system32\qwyglyqi.dll Has been deleted!

 

Attempting to delete C:\windows\system32\qyhjdayv.dll

C:\windows\system32\qyhjdayv.dll Has been deleted!

 

Attempting to delete C:\windows\system32\qyrhxkrv.ini

C:\windows\system32\qyrhxkrv.ini Has been deleted!

 

Attempting to delete C:\windows\system32\rbtdbgqf.ini

C:\windows\system32\rbtdbgqf.ini Has been deleted!

 

Attempting to delete C:\windows\system32\rwqyrndl.dll

C:\windows\system32\rwqyrndl.dll Has been deleted!

 

Attempting to delete C:\windows\system32\scrwiyvl.exe

C:\windows\system32\scrwiyvl.exe Has been deleted!

 

Attempting to delete C:\windows\system32\spdvsqws.exe

C:\windows\system32\spdvsqws.exe Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\sstts.dll

C:\WINDOWS\system32\sstts.dll Has been deleted!

 

Attempting to delete C:\windows\system32\stkelewj.exe

C:\windows\system32\stkelewj.exe Has been deleted!

 

Attempting to delete C:\windows\system32\sttss.bak1

C:\windows\system32\sttss.bak1 Has been deleted!

 

Attempting to delete C:\windows\system32\sttss.bak2

C:\windows\system32\sttss.bak2 Has been deleted!

 

Attempting to delete C:\windows\system32\sttss.ini

C:\windows\system32\sttss.ini Has been deleted!

 

Attempting to delete C:\windows\system32\sttss.ini2

C:\windows\system32\sttss.ini2 Has been deleted!

 

Attempting to delete C:\windows\system32\sttss.tmp

C:\windows\system32\sttss.tmp Has been deleted!

 

Attempting to delete C:\windows\system32\tntmtkav.ini

C:\windows\system32\tntmtkav.ini Has been deleted!

 

Attempting to delete C:\windows\system32\ufaohlqt.exe

C:\windows\system32\ufaohlqt.exe Has been deleted!

 

Attempting to delete C:\windows\system32\ujbdbbib.exe

C:\windows\system32\ujbdbbib.exe Has been deleted!

 

Attempting to delete C:\windows\system32\ukdqlltl.ini

C:\windows\system32\ukdqlltl.ini Has been deleted!

 

Attempting to delete C:\windows\system32\vaktmtnt.dll

C:\windows\system32\vaktmtnt.dll Has been deleted!

 

Attempting to delete C:\windows\system32\wpbdelbb.ini

C:\windows\system32\wpbdelbb.ini Has been deleted!

 

Attempting to delete C:\windows\system32\vrkxhryq.dll

C:\windows\system32\vrkxhryq.dll Has been deleted!

 

Attempting to delete C:\windows\system32\wryvckmp.exe

C:\windows\system32\wryvckmp.exe Has been deleted!

 

Attempting to delete C:\windows\system32\vyadjhyq.ini

C:\windows\system32\vyadjhyq.ini Has been deleted!

 

Attempting to delete C:\windows\system32\xooffhbl.exe

C:\windows\system32\xooffhbl.exe Has been deleted!

 

Attempting to delete C:\windows\system32\ykedwpdg.exe

C:\windows\system32\ykedwpdg.exe Has been deleted!

 

Attempting to delete C:\windows\system32\ytvcxatc.exe

C:\windows\system32\ytvcxatc.exe Has been deleted!

 

Attempting to delete C:\windows\system32\yutqtlvn.exe

C:\windows\system32\yutqtlvn.exe Has been deleted!

 

Performing Repairs to the registry.

Done!

 

VundoFix V6.5.4

 

Checking Java version...

 

Sun Java not detected

Scan started at 16:51:35 2007-07-01

 

Listing files found while scanning....

 

C:\windows\system32\ayvyijdp.dll

 

Beginning removal...

 

Attempting to delete C:\windows\system32\ayvyijdp.dll

C:\windows\system32\ayvyijdp.dll Has been deleted!

 

Performing Repairs to the registry.

Done!

 

 

Länk till kommentar
Dela på andra webbplatser

GamingHome

Jag känner inte igen filen.

 

VirusTotal Log

 

Complete scanning result of "wucrtupd.exe", received in VirusTotal at 07.01.2007, 21:09:06 (CET).

 

Antivirus Version Update Result

AhnLab-V3 2007.6.30.0 06.29.2007 Win-Trojan/Purityscan.70144.F

AntiVir 7.4.0.37 06.29.2007 TR/Dldr.PurtiScan.A

Authentium 4.93.8 06.29.2007 W32/Downloader2.FLA

Avast 4.7.997.0 07.01.2007 Win32:Purityscan-Q

AVG 7.5.0.476 07.01.2007 Downloader.Generic3.KML

BitDefender 7.2 07.01.2007 Adware.Clickspring.Purityscan.O

CAT-QuickHeal 9.00 06.30.2007 TrojanDownloader.PurityScan.d

ClamAV devel-20070416 07.01.2007 no virus found

DrWeb 4.33 07.01.2007 no virus found

eSafe 7.0.15.0 06.30.2007 Spyware.Purityscan

eTrust-Vet 30.8.3752 06.29.2007 Win32/Clspring.GL

Ewido 4.0 07.01.2007 Downloader.Age

FileAdvisor 1 07.01.2007 Low threat detected

Fortinet 2.91.0.0 07.01.2007 W32/PurityScan.9C44!tr.dldr

F-Prot 4.3.2.48 06.29.2007 W32/Downloader2.FLA

F-Secure 6.70.13030.0 07.01.2007 Trojan-Downloader.Win32.PurityScan.dx

Ikarus T3.1.1.8 07.01.2007 Trojan-Downloader.Win32.PurityScan.dx

Kaspersky 4.0.2.24 07.01.2007 Trojan-Downloader.Win32.PurityScan.dx

McAfee 5064 06.29.2007 potentially unwanted program Adware-ClickSpring

Microsoft 1.2701 07.01.2007 TrojanDownloader:Win32/PurityScan!42DB

NOD32v2 2368 07.01.2007 a variant of Win32/TrojanDownloader.PurityScan

Norman 5.80.02 06.29.2007 W32/DLoader.CMNB

Panda 9.0.0.4 07.01.2007 Adware/PurityScan

Sophos 4.19.0 06.28.2007 ClickSpring

Sunbelt 2.2.907.0 06.29.2007 ClickSpring.PuritySCAN

Symantec 10 07.01.2007 Adware.Purityscan

TheHacker 6.1.6.140 06.28.2007 no virus found

VBA32 3.12.0.2 06.30.2007 Trojan-Downloader.Win32.PurityScan.dx

VirusBuster 4.3.23:9 07.01.2007 Trojan.DL.PurityScan.GP

Webwasher-Gateway 6.0.1 06.29.2007 Trojan.Dldr.PurtiScan.A

 

Aditional Information

File size: 70144 bytes

MD5: 850b0cc74117fe92e91954aa0d20e82d

SHA1: 53148f1304d3698c7375f85c7c0dbbadcff28245

packers: PECompact

packers: PECOMPACT

Bit9 info: http://fileadvisor.bit9.com/services/extinfo.aspx?md5=850b0cc74117fe92e91954aa0d20e82d

 

 

Länk till kommentar
Dela på andra webbplatser

 

gör en ny scan med hjt och bocka för dessa

O4 - HKLM\..\Run: [GPLv3] rundll32.exe "C:\WINDOWS\system32\qyhjdayv.dll",realset

 

O4 - HKCU\..\Run: [uteb] "C:\DOCUME~1\GAREN~1\MINADO~1\MANTEC~1\wucrtupd.exe" -vt yazb

 

klicka på knappen fix checked.

 

ta bort filen eller nån av mapparna

C:\DOCUME~1\GAREN~1\MINADO~1\MANTEC~1\wucrtupd.exe"

 

starta om och posta en ny hjt logg

 

eftersom det fanns väldigt mycket malware i datorn så rek att du scannar med antivir och avg antispyware

 

Länk till kommentar
Dela på andra webbplatser

GamingHome

Dom finns inte med.

 

Kör Ad-Aware, får se om jag hittar något...

 

 

Länk till kommentar
Dela på andra webbplatser

GamingHome

försöker ta bort :

 

C:\DOCUME~1\GAREN~1\MINADO~1\MANTEC~1\wucrtupd.exe"

 

med hjälp av Eraser

 

 

Länk till kommentar
Dela på andra webbplatser

 

ad-aware är inte i närheten av samma klass som andra två programmen jag nämde

 

felsäkert läge eller unlocker är två andra alternativ.

 

har du visning på dolda filer?

 

Länk till kommentar
Dela på andra webbplatser

GamingHome

Jag har inte avg och antivir hittar inget

 

Jag kan se dolda filer

 

 

[inlägget ändrat 2007-07-02 20:15:20 av GamingHome]

Länk till kommentar
Dela på andra webbplatser

 

C:\WINDOWS\system32\ldnryqwr.tmp

C:\WINDOWS\system32\sttss.tmp

 

Ovanstående filer finns inte.

 

vundofix hitta dessa så dom fanns ju där, använde du sökfunktionen så måste man se till att alla filer genomsöks

 

Länk till kommentar
Dela på andra webbplatser

GamingHome

Dom finns inte, däremot fanns en liknande fil :

 

C:\WINDOWS\system32\sttss.tmp2

 

Ska se om AVG hittar något...

 

[inlägget ändrat 2007-07-03 06:58:57 av GamingHome]

Länk till kommentar
Dela på andra webbplatser

GamingHome

DEL 1

 

Använder definitionsfil:SE1R178 29.06.2007

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

 

Referenser som upptäcktes under genomsökningen:

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Adware.Yazzle(TAC-index:7):1 antal referenser

Softomate Toolbar(TAC-index:9):1 antal referenser

Tracking Cookie(TAC-index:3):1 antal referenser

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

 

Ad-Aware SE Settings

===========================

Ange : Sök efter obetydliga riskposter

Ange : Search for low-risk threats

Ange : Safe mode (begär alltid bekräftelse)

Ange : Genomsök aktiva processer

Ange : Genomsök register

Ange : Djupsök i registret

Ange : Sök IE-Favoriter efter spärrade URL:er

Ange : Genomsök i arkiven

Ange : Genomsök min värdfil

 

Extended Ad-Aware SE Settings

===========================

Ange : Inaktivera igenkända processer och moduler under genomsökning

Ange : Genomsök registret efter alla användare i stället för endast aktuell användare

Ange : Försök alltid att inaktivera modulerna före borttagning

Ange : Inaktivera om nödvändigt Explorer och IE under borttagningen

Ange : Låt Windows ta bort filer som används vid nästa omstart

Ange : Ta bort objekt i karantän efter återställning

Ange : Inkludera grundläggande inställningar för Ad-Aware i loggfil

Ange : Inkludera ytterligare inställningar för Ad-Aware i loggfil

Ange : Inkludera referenssammanfattning i loggfil

Ange : Inkludera information för alternerande dataström (ADS) i loggfil

Ange : Skapa och spara loggfil för WebUpdate

Ange : Spela upp ljud vid slutförd genomsökning om riskobjekt hittas

 

 

2007-07-02 01:10:09 - Genomsökningen har startats. (ADS-genomsökning)

Utför djupsökning och visar alternerande dataströmmar (ADS)...

 

 

 

 

Länk till kommentar
Dela på andra webbplatser

Arkiverat

Det här ämnet är nu arkiverat och är stängt för ytterligare svar.

×
×
  • Skapa nytt...