REG/Zapchast trojan

[tobbe83]

Hej.

Jag kör Nod32 och har fått upp en varning som lyder:

'File:

C:\a.bat

Threat:

REG/Zapchast trojan

Comment:

Event occurred on a new file created by the application: C:\WINDOWS\system32\sysregi.exe. The file was moved to quarantine. You may close this window.'

 

Oavsett om jag går in i karantänen och tar bort filen så kommer det en ny varning om samma fil efter en stund. Jag kan inte hitta filen sysregi.exe i system32-mappen. Skulle verkligen behöva hjälp med det här.

 

Min logg för hijackthis ser ut som följer:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 21:06:27, on 2007-12-15

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16574)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe

C:\WINDOWS\Explorer.EXE

C:\Program\Delade filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program\WIDCOMM\Bluetooth-programvara\bin\btwdins.exe

C:\Program\HP\TVPlay\Kernel\CLML_NTService\CLMLServer.exe

C:\Program\Delade filer\LightScribe\LSSrvc.exe

C:\Program\Eset\nod32krn.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\WINDOWS\system32\svchost.exe

C:\Program\HP\TVPlay\Kernel\TV\TVPCapSvc.exe

C:\Program\Hewlett-Packard\Shared\hpqwmiex.exe

C:\Program\hpq\HP Wireless Assistant\HP Wireless Assistant.exe

C:\Program\Java\jre1.6.0_03\bin\jusched.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Program\Synaptics\SynTP\SynTPEnh.exe

C:\Program\HP\TVPlay\Kernel\TV\TVPSched.exe

C:\Program\HP\QuickPlay\QPService.exe

C:\Program\HP\HP Software Update\HPWuSchd2.exe

C:\Program\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe

C:\Program\Eset\nod32kui.exe

C:\Program\HP\TVPlay\TVPService.exe

C:\Program\Adobe\Photoshop Elements 4.0\apdproxy.exe

C:\Program\iTunes\iTunesHelper.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program\MSN Messenger\MsnMsgr.Exe

C:\Program\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program\HPQ\Shared\HPQTOA~1.EXE

C:\Program\WIDCOMM\Bluetooth-programvara\BTTray.exe

C:\Program\Personal\bin\Personal.exe

C:\Program\Delade filer\Ahead\Lib\NMIndexingService.exe

C:\Program\WIDCOMM\BLUETO~1\BTSTAC~1.EXE

C:\Program\PC Connectivity Solution\ServiceLayer.exe

C:\Program\iPod\bin\iPodService.exe

C:\Program\PC Connectivity Solution\Transports\NclUSBSrv.exe

C:\Program\PC Connectivity Solution\Transports\NclRSSrv.exe

C:\Program\PC Connectivity Solution\Transports\NclBCBTSrv.exe

C:\Program\MSN Messenger\usnsvc.exe

C:\Program\Trend Micro\HijackThis\HijackThis.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\Program\Mozilla Firefox\firefox.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\WINDOWS\system32\sysregi.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&amptp=iehome&amplocale=SV_SE&ampc=Q306&ampbd=pavilion&amppf=laptop

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157'>http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896'>http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar

O1 - Hosts: HP58A0DE HP00187158A0DE

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program\Java\jre1.6.0_03\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program\Delade filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program\google\googletoolbar3.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll

O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\Program\FlashFXP\IEFlash.dll

O3 - Toolbar: &ampGoogle - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program\google\googletoolbar3.dll

O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program\hpq\HP Wireless Assistant\HP Wireless Assistant.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] 'C:\Program\Java\jre1.6.0_03\bin\jusched.exe'

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /nodetect

O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe

O4 - HKLM\..\Run: [synTPEnh] C:\Program\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [QPService] 'C:\Program\HP\QuickPlay\QPService.exe'

O4 - HKLM\..\Run: [HP Software Update] C:\Program\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start

O4 - HKLM\..\Run: [Cpqset] C:\Program\Hewlett-Packard\Default Settings\cpqset.exe

O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe

O4 - HKLM\..\Run: [nod32kui] 'C:\Program\Eset\nod32kui.exe' /WAITSERVICE

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program\Delade filer\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [TVPService] 'C:\Program\HP\TVPlay\TVPService.exe'

O4 - HKLM\..\Run: [Adobe Photo Downloader] 'C:\Program\Adobe\Photoshop Elements 4.0\apdproxy.exe'

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKLM\..\Run: [QuickTime Task] 'C:\Program\QuickTime\QTTask.exe' -atboottime

O4 - HKLM\..\Run: [iTunesHelper] 'C:\Program\iTunes\iTunesHelper.exe'

O4 - HKLM\..\Run: [Nod32 Runtime] sysregi.exe

O4 - HKLM\..\RunServices: [Nod32 Runtime] sysregi.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MsnMsgr] 'C:\Program\MSN Messenger\MsnMsgr.Exe' /background

O4 - HKCU\..\Run: [swg] C:\Program\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] 'C:\Program\Delade filer\Ahead\Lib\NMBgMonitor.exe'

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJÄNST')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: BTTray.lnk = ?

O4 - Global Startup: Personal.lnk = C:\Program\Personal\bin\Personal.exe

O8 - Extra context menu item: E&ampxportera till Microsoft Excel - res://C:\Program\MICROS~2\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Skicka till &ampBluetooth - C:\Program\WIDCOMM\Bluetooth-programvara\btsendto_ie_ctx.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra button: Referensinformation - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&amptp=iehome&amplocale=SV_SE&ampc=Q306&ampbd=pavilion&amppf=laptop

O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{89604C16-26AC-4FF3-9B7B-A374223A74A4}: NameServer = 83.255.249.10,83.255.245.10

O17 - HKLM\System\CCS\Services\Tcpip\..\{D7956C2B-89BD-48F3-BFB2-8E7505F46512}: NameServer = 83.255.249.10,83.255.245.10

O23 - Service: Adobe Active File Monitor V4 (AdobeActiveFileMonitor4.0) - Unknown owner - C:\Program\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program\Delade filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program\WIDCOMM\Bluetooth-programvara\bin\btwdins.exe

O23 - Service: CyberLink Media Library Service(HP TVPlay) - Cyberlink - C:\Program\HP\TVPlay\Kernel\CLML_NTService\CLMLServer.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE

O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE

O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program\Hewlett-Packard\Shared\hpqwmiex.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program\Delade filer\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program\iPod\bin\iPodService.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program\Delade filer\LightScribe\LSSrvc.exe

O23 - Service: NBService - Unknown owner - C:\Program\Nero\Nero 7\Nero BackItUp\NBService.exe (file missing)

O23 - Service: NMIndexingService - Nero AG - C:\Program\Delade filer\Ahead\Lib\NMIndexingService.exe

O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program\Eset\nod32krn.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: ServiceLayer - Nokia. - C:\Program\PC Connectivity Solution\ServiceLayer.exe

O23 - Service: CyberLink Background Capture Service (CBCS HP TVPlay) (TVPCapSvc) - Unknown owner - C:\Program\HP\TVPlay\Kernel\TV\TVPCapSvc.exe

O23 - Service: CyberLink Task Scheduler (CTS HP TVPlay) (TVPSched) - Unknown owner - C:\Program\HP\TVPlay\Kernel\TV\TVPSched.exe

 

--

End of file - 10097 bytes

 

[927]

 

se till att dessa filer är borttagna

C:\a.bat

C:\WINDOWS\system32\sysregi.exe

 

gör en ny scan med HJT, bocka för dessa rader

O4 - HKLM\..\Run: [Nod32 Runtime] sysregi.exe

O4 - HKLM\..\RunServices: [Nod32 Runtime] sysregi.exe

 

klicka på knappen fix checked och tillåt att ändringar görs i datorn.

 

starta om och posta en ny HJT logg

 

[tobbe83]

okej, nod32 sa inget när jag startade om den här gången, nu ser loggen ut såhär:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 22:24:42, on 2007-12-15

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16574)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe

C:\WINDOWS\Explorer.EXE

C:\Program\Delade filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program\WIDCOMM\Bluetooth-programvara\bin\btwdins.exe

C:\Program\HP\TVPlay\Kernel\CLML_NTService\CLMLServer.exe

C:\Program\Delade filer\LightScribe\LSSrvc.exe

C:\Program\Eset\nod32krn.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\WINDOWS\system32\svchost.exe

C:\Program\HP\TVPlay\Kernel\TV\TVPCapSvc.exe

C:\Program\Hewlett-Packard\Shared\hpqwmiex.exe

C:\Program\HP\TVPlay\Kernel\TV\TVPSched.exe

C:\Program\hpq\HP Wireless Assistant\HP Wireless Assistant.exe

C:\Program\Java\jre1.6.0_03\bin\jusched.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Program\Synaptics\SynTP\SynTPEnh.exe

C:\Program\HP\QuickPlay\QPService.exe

C:\Program\HP\HP Software Update\HPWuSchd2.exe

C:\Program\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe

C:\Program\Eset\nod32kui.exe

C:\Program\HP\TVPlay\TVPService.exe

C:\Program\Adobe\Photoshop Elements 4.0\apdproxy.exe

C:\Program\iTunes\iTunesHelper.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program\MSN Messenger\MsnMsgr.Exe

C:\Program\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program\HPQ\Shared\HPQTOA~1.EXE

C:\Program\WIDCOMM\Bluetooth-programvara\BTTray.exe

C:\Program\Personal\bin\Personal.exe

C:\Program\Delade filer\Ahead\Lib\NMIndexingService.exe

C:\Program\Delade filer\Ahead\Lib\NMIndexStoreSvr.exe

C:\Program\WIDCOMM\BLUETO~1\BTSTAC~1.EXE

C:\WINDOWS\system32\wuauclt.exe

C:\Program\Trend Micro\HijackThis\HijackThis.exe

C:\Program\iPod\bin\iPodService.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&amptp=iehome&amplocale=SV_SE&ampc=Q306&ampbd=pavilion&amppf=laptop

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157'>http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896'>http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar

O1 - Hosts: HP58A0DE HP00187158A0DE

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program\Java\jre1.6.0_03\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program\Delade filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program\google\googletoolbar3.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll

O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\Program\FlashFXP\IEFlash.dll

O3 - Toolbar: &ampGoogle - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program\google\googletoolbar3.dll

O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program\hpq\HP Wireless Assistant\HP Wireless Assistant.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] 'C:\Program\Java\jre1.6.0_03\bin\jusched.exe'

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /nodetect

O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe

O4 - HKLM\..\Run: [synTPEnh] C:\Program\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [QPService] 'C:\Program\HP\QuickPlay\QPService.exe'

O4 - HKLM\..\Run: [HP Software Update] C:\Program\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start

O4 - HKLM\..\Run: [Cpqset] C:\Program\Hewlett-Packard\Default Settings\cpqset.exe

O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe

O4 - HKLM\..\Run: [nod32kui] 'C:\Program\Eset\nod32kui.exe' /WAITSERVICE

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program\Delade filer\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [TVPService] 'C:\Program\HP\TVPlay\TVPService.exe'

O4 - HKLM\..\Run: [Adobe Photo Downloader] 'C:\Program\Adobe\Photoshop Elements 4.0\apdproxy.exe'

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKLM\..\Run: [QuickTime Task] 'C:\Program\QuickTime\QTTask.exe' -atboottime

O4 - HKLM\..\Run: [iTunesHelper] 'C:\Program\iTunes\iTunesHelper.exe'

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MsnMsgr] 'C:\Program\MSN Messenger\MsnMsgr.Exe' /background

O4 - HKCU\..\Run: [swg] C:\Program\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] 'C:\Program\Delade filer\Ahead\Lib\NMBgMonitor.exe'

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJÄNST')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: BTTray.lnk = ?

O4 - Global Startup: Personal.lnk = C:\Program\Personal\bin\Personal.exe

O8 - Extra context menu item: E&ampxportera till Microsoft Excel - res://C:\Program\MICROS~2\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Skicka till &ampBluetooth - C:\Program\WIDCOMM\Bluetooth-programvara\btsendto_ie_ctx.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra button: Referensinformation - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&amptp=iehome&amplocale=SV_SE&ampc=Q306&ampbd=pavilion&amppf=laptop

O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{89604C16-26AC-4FF3-9B7B-A374223A74A4}: NameServer = 83.255.249.10,83.255.245.10

O17 - HKLM\System\CCS\Services\Tcpip\..\{D7956C2B-89BD-48F3-BFB2-8E7505F46512}: NameServer = 83.255.249.10,83.255.245.10

O23 - Service: Adobe Active File Monitor V4 (AdobeActiveFileMonitor4.0) - Unknown owner - C:\Program\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program\Delade filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program\WIDCOMM\Bluetooth-programvara\bin\btwdins.exe

O23 - Service: CyberLink Media Library Service(HP TVPlay) - Cyberlink - C:\Program\HP\TVPlay\Kernel\CLML_NTService\CLMLServer.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE

O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE

O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program\Hewlett-Packard\Shared\hpqwmiex.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program\Delade filer\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program\iPod\bin\iPodService.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program\Delade filer\LightScribe\LSSrvc.exe

O23 - Service: NBService - Unknown owner - C:\Program\Nero\Nero 7\Nero BackItUp\NBService.exe (file missing)

O23 - Service: NMIndexingService - Nero AG - C:\Program\Delade filer\Ahead\Lib\NMIndexingService.exe

O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program\Eset\nod32krn.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: ServiceLayer - Nokia. - C:\Program\PC Connectivity Solution\ServiceLayer.exe

O23 - Service: CyberLink Background Capture Service (CBCS HP TVPlay) (TVPCapSvc) - Unknown owner - C:\Program\HP\TVPlay\Kernel\TV\TVPCapSvc.exe

O23 - Service: CyberLink Task Scheduler (CTS HP TVPlay) (TVPSched) - Unknown owner - C:\Program\HP\TVPlay\Kernel\TV\TVPSched.exe

 

--

End of file - 9667 bytes

 

[927]

trojaner startar generellt med windows, alltså får man inaktivera dessa i autostarten

 

vet du vad det här är

O1 - Hosts: HP58A0DE HP00187158A0DE

 

[inlägget ändrat 2007-12-15 23:38:10 av 927]

[tobbe83]

okej, tack så mycket för hjälpen.

nej, jag har ingen aning om vad det kan vara för nåt.

 

[927]

 

jag tänkte om 01 va relaterat till hp på nåt vis men det är inte lätt att veta. vi kollar vad det är för nåt genom att öppna hijackthis >open misc tools >hosts file manager >open in notepad. kopiera allt du ser nu och kopiera in det här

 

[tobbe83]

detta är vad jag får upp då:

 

# Copyright © 1993-1999 Microsoft Corp.

#

# Det här är HOSTS-exempelfilen som används av Microsoft TCP/IP för Windows.

#

# Den här filen innehåller mappningar av IP-adresser till värdnamn. Du bör

# inte ange fler än en post per rad. IP-adressen bör anges

# i den första kolumnen och följas av motsvarande värddatornamn.

# IP-adressen och värdnamnet måste åtskiljas av minst ett blanksteg.

#

# Kommentarer (som dessa) kan infogas på en egen rad eller

# efter ett datornamn. Kommentarer måste föregås av tecknet #.

#

# Till exempel:

#

# 102.54.94.97 rhino.acme.com # källserver

# 38.25.63.10 x.acme.com # klientvärddatorn x

 

127.0.0.1 localhost

HP58A0DE HP00187158A0DE

 

 

[927]

 

normalt ska det endast stå

127.0.0.1 localhost

 

men vi låter den andra 'HP-raden' vara kvar