Just nu i M3-nätverket
Gå till innehåll
Eforum är stängt för nya inlägg och svar sedan 20 juni 2022. Klicka för att läsa vad som hände och om alternativ.

fEL I REGISTRET

olleeine

Startad av olleeine,
i Arkiverade Windows-trådar

Rekommendera Poster

olleeine

olleeine

Postad
Postad

 

Hej! Jag får upp en ruta med texten, iblå fältet:Importent error found in the system.

Själva medd.: Durind the scan of files which aare started automatally at computer startup, a critical errors in system registry were found

0x01ff0010 irgl:1fSYSVER oxbfr04014

NT_kernel error 1276 (EXCEPTION NOT HANDLED)

Vad är dettaoch vad kan jag göra ?????

Tack till den som kan hjälpa!

Olle

 

Länk till kommentar
Dela på andra webbplatser
olleeine

olleeine

Postad
  • Trådskapare
Postad

 

Hej Cecilia

Jag har en logfil , men kan inte klistra in den.Anv. Firefox.

Tack för Ditt intresse.

Olle

 

Länk till kommentar
Dela på andra webbplatser
olleeine

olleeine

Postad
  • Trådskapare
Postad

Hej. Har logfilen på skrivbordet.Har provat högerklicka och dra,Högerklickat på filen och

'klipp ut' och sen försökt 'klistra in' . I besvara formuläret är 'klistra in' nedtomat.

Olle

 

 

[inlägget ändrat 2008-02-04 15:06:39 av olleeine]

Länk till kommentar
Dela på andra webbplatser
Cecilia

Cecilia

Postad
Postad

Öppna loggfilen i Anteckningar.

Redigera - Markera allt

Redigera - Kopiera

 

så ska det nog gå bra med Klistra in i Besvara-formuläret.

 

Länk till kommentar
Dela på andra webbplatser
olleeine

olleeine

Postad
  • Trådskapare
Postad

 

Hej!

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 15:41:24, on 2008-02-03

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16574)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\ZoneLabs\vsmon.exe

C:\Program\Delade filer\Symantec Shared\CCPD-LC\symlcsvc.exe

D:\Program\Lavasoft\aawservice.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program\Delade filer\EPSON\EBAPI\SAgent2.exe

C:\Program\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe

C:\Program\iolo\common\lib\ioloServiceManager.exe

C:\Program\Delade filer\LightScribe\LSSrvc.exe

C:\Program\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe

D:\Program\CDBurnerXP\NMSAccessU.exe

C:\Program\Eset\nod32krn.exe

C:\Program\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe

C:\Program\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost.exe

C:\Program\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\Program\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe

C:\Program\ekort\ekort.exe

C:\Program\EPSON\Creativity Suite\Event Manager\EEventManager.exe

D:\Program\LG brännare\PowerDVD\PDVDServ.exe

C:\WINDOWS\system32\OBroker.exe

D:\Program\LG_fwupdate\fwupdate.exe

C:\Program\Eset\nod32kui.exe

C:\Program\Zone Labs\ZoneAlarm\zlclient.exe

C:\Program\iolo\System Mechanic 7\SMSystemAnalyzer.exe

C:\WINDOWS\system32\ctfmon.exe

D:\Program\LG brännare\Multimedia Launcher\PowerBar.exe

D:\Program\Novosoft Office Backup\hbagent.exe

C:\Program\Messenger\msmsgs.exe

D:\Program\Office Backup\obagent.exe

D:\Program\Logitech\SetPoint\SetPoint.exe

D:\programWord\Office\FINDFAST.EXE

C:\Program\Delade filer\Logishrd\KHAL2\KHALMNPR.EXE

C:\WINDOWS\system32\HPZipm12.exe

C:\WINDOWS\System32\svchost.exe

C:\Program\Mozilla Firefox\firefox.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

C:\Program\Trend Micro\HijackThis\HijackThis.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.se/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896'>http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [statusClient] 'C:\Program\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe' /auto

O4 - HKLM\..\Run: [TomcatStartup] C:\Program\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe

O4 - HKLM\..\Run: [ekort] C:\Program\ekort\ekort.exe /dontopenmycards

O4 - HKLM\..\Run: [EEventManager] 'C:\Program\EPSON\Creativity Suite\Event Manager\EEventManager.exe'

O4 - HKLM\..\Run: [RemoteControl] 'D:\Program\LG brännare\PowerDVD\PDVDServ.exe'

O4 - HKLM\..\Run: [LGODDFU] D:\Program\LG_fwupdate\fwupdate.exe

O4 - HKLM\..\Run: [FlashIcon] 'C:\Program\Generic\USB Card Reader Driver v2.3\FlashIcon.exe'

O4 - HKLM\..\Run: [nod32kui] 'C:\Program\Eset\nod32kui.exe' /WAITSERVICE

O4 - HKLM\..\Run: [e-kort] C:\Program\ekort\ekort.exe /dontopenmycards

O4 - HKLM\..\Run: [HPLJ Config] 'C:\Program\Hewlett-Packard\hp LaserJet 1010 Series\SetConfig.exe' -c Direct -p DOT4_001 -pn 'hp LaserJet 1010 Series Driver' -n 0 -l 1053 -sl 120000

O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE

O4 - HKLM\..\Run: [ZoneAlarm Client] 'C:\Program\Zone Labs\ZoneAlarm\zlclient.exe'

O4 - HKLM\..\Run: [sMSystemAnalyzer] 'C:\Program\iolo\System Mechanic 7\SMSystemAnalyzer.exe'

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [PowerBar] 'D:\Program\LG brännare\Multimedia Launcher\PowerBar.exe' /AtBootTime

O4 - HKCU\..\Run: [Novosoft Office Backup] 'D:\Program\Novosoft Office Backup\hbagent.exe' -logon

O4 - HKCU\..\Run: [MSMSGS] 'C:\Program\Messenger\msmsgs.exe' /background

O4 - HKCU\..\Run: [Office Backup 2.2] 'D:\Program\Office Backup\obagent.exe' -logon

O4 - HKCU\..\Run: [Handy Backup] D:\Program\Novosoft Office Backup\hbagent.exe -logon

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJÄNST')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE

O4 - Global Startup: Logitech SetPoint.lnk = D:\Program\Logitech\SetPoint\SetPoint.exe

O4 - Global Startup: Microsoft Office Snabbsökning.lnk = D:\programWord\Office\FINDFAST.EXE

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra button: e-kort - {4C730913-3961-439b-83D5-F4E445520422} - C:\Program\ekort\ekort.exe

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: e-kort - {F74E75A5-96BF-40ef-A1C8-88EAEBB82AB6} - C:\Program\ekort\ekort.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O16 - DPF: {2AF5BD25-90C5-4EEC-88C5-B44DC2905D8B} (DownloadManager Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.0.6.5.cab

O16 - DPF: {5CE72DD0-4695-4D18-A4D3-3367ACD37578} (F-Secure Health Check 1.0) - http://support.f-secure.com/enu/home/onlineservices/fshc/fscax.cab

O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase4009.cab

O16 - DPF: {A796D216-2DE1-4EA8-BABB-FE6E7C959098} (HPSDDX Class) - http://www.hp.com/cpso-support-new/SDD/hpsddObjSigned.cab

O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab

O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - D:\Program\Lavasoft\aawservice.exe

O23 - Service: app_filter - Unknown owner - C:\Program\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe

O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program\Delade filer\EPSON\EBAPI\SAgent2.exe

O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: iolo FileInfoList Service (ioloFileInfoList) - Unknown owner - C:\Program\iolo\common\lib\ioloServiceManager.exe

O23 - Service: iolo System Service (ioloSystemService) - Unknown owner - C:\Program\iolo\common\lib\ioloServiceManager.exe

O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program\Delade filer\Logitech\Bluetooth\LBTServ.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program\Delade filer\LightScribe\LSSrvc.exe

O23 - Service: NMSAccessU - Unknown owner - D:\Program\CDBurnerXP\NMSAccessU.exe

O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program\Eset\nod32krn.exe

O23 - Service: ForceWare IP service (nSvcIp) - Unknown owner - C:\Program\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe

O23 - Service: ForceWare user log service (nSvcLog) - Unknown owner - C:\Program\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\CCPD-LC\symlcsvc.exe

O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

 

--

End of file - 9502 bytes

Det funkade. Tack för tipset. Olle

 

Länk till kommentar
Dela på andra webbplatser
Cecilia

Cecilia

Postad
Postad

Det är en rest av Norton/Symantec i datorn så använd deras städprogram: http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2005033108162039

 

Ladda ner ComboFix till Skrivbordet:

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

 

Dra ur internetanslutningen och stäng av alla program du ser inklusive antivirusprogram, antispionprogram och brandvägg.

Kör ComboFix och följ anvisningarna som visas.

 

VIKTIGT! Klicka inte på ComboFix-fönstret med musen när den körs annars kan den hänga upp sig.

 

När den är färdig så ska en logg komma upp, klistra in den i ditt svar. Kontrollera att antivirusprogram och brandvägg är igång innan du ansluter till internet.

 

Om du får problem med att komma ut på internet:

Kontrollpanelen - Nätverksanslutningar

högerklicka på din internetanslutning och välj Reparera och/eller starta om datorn.

 

Länk till kommentar
Dela på andra webbplatser
olleeine

olleeine

Postad
  • Trådskapare
Postad

Hej. Varningsrutan är kvar.

ComboFix 08-02.05.3 - Olle 2008-02-05 18:55:11.1 - NTFSx86

Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1053.18.629 [GMT 1:00]

Running from: C:\Documents and Settings\Olle\Skrivbord\ComboFix.exe

* Created a new restore point

 

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

 

((((((((((((((((((((((((( Files Created from 2008-01-05 to 2008-02-05 )))))))))))))))))))))))))))))))

.

 

2008-02-03 15:40 . 2008-02-03 15:40 <KAT> d-------- C:\Program\Trend Micro

2008-01-13 16:22 . 2008-01-13 16:22 <KAT> d-------- C:\fsaua.data

2008-01-12 11:32 . 2008-01-12 11:32 681,984 --a------ C:\WINDOWS\is-1RP4C.exe

2008-01-12 11:32 . 2008-01-12 11:32 10,529 --a------ C:\WINDOWS\is-1RP4C.msg

2008-01-12 11:32 . 2008-01-12 11:32 429 --a------ C:\WINDOWS\is-1RP4C.lst

2008-01-08 13:29 . 2008-01-11 09:22 <KAT> d-------- C:\WINDOWS\SxsCaPendDel

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-02-05 17:43 --------- d-----w C:\Program\Delade filer\Symantec Shared

2008-02-04 14:48 5,121,024 ----a-w C:\WINDOWS\Internet Logs\xDB1.tmp

2008-02-02 16:45 --------- d-----w C:\Program\BlogBridge

2008-01-30 20:42 --------- d-----w C:\Documents and Settings\Olle\Application Data\RegistrySmart

2008-01-30 20:30 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft

2008-01-30 20:29 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe

2008-01-28 16:15 --------- d-----w C:\Program\Windows Live Safety Center

2008-01-12 12:27 16,216,486 ----a-w C:\WINDOWS\Internet Logs\tvDebug.zip

2008-01-11 09:31 437,096 ----a-w C:\WINDOWS\system32\Incinerator.dll

2008-01-08 20:33 --------- d-----w C:\Program\ESET

2008-01-02 16:48 --------- d-----w C:\Documents and Settings\Olle\Application Data\Novosoft

2007-12-14 16:13 23,040 ----a-w C:\WINDOWS\system32\smrgdf.exe

2007-12-13 08:33 --------- d-----w C:\Documents and Settings\Olle\Application Data\iolo

2007-12-13 08:30 --------- d-----w C:\Documents and Settings\All Users\Application Data\iolo

2007-12-12 16:58 --------- d-----w C:\Program\iolo

2007-12-12 08:26 --------- d-----w C:\Program\ABBYY FineReader 6.0 Sprint

2007-12-11 13:39 --------- d-----w C:\Documents and Settings\Olle\Application Data\URSoft

2007-12-10 16:01 --------- d-----w C:\Documents and Settings\LocalService\Application Data\iolo

2007-12-10 11:47 --------- d-----w C:\Program\Delade filer\Logitech

2007-12-07 09:42 --------- d-----w C:\Program\Delade filer\Ahead

2007-11-20 21:34 35,840 ----a-w C:\WINDOWS\system32\iolobtdfg.exe

2007-11-15 09:07 76,304 ----a-w C:\WINDOWS\system32\KemXML.dll

2007-11-15 09:07 170,512 ----a-w C:\WINDOWS\system32\kemutb.dll

2007-11-15 09:07 141,840 ----a-w C:\WINDOWS\system32\KemUtil.dll

2007-11-15 09:07 117,264 ----a-w C:\WINDOWS\system32\KemWnd.dll

2007-11-15 09:06 301,656 ----a-w C:\WINDOWS\system32\BtCoreIf.dll

2007-11-14 15:05 1,086,952 ----a-w C:\WINDOWS\system32\zpeng24.dll

2007-11-07 09:29 722,432 ----a-w C:\WINDOWS\system32\lsasrv.dll

2007-05-08 13:34 79,683 ----a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2007_05_08_13_55_36_small.dmp.zip

2004-10-01 14:00 40,960 ----a-w C:\Program\Uninstall_CDS.exe

2007-02-10 16:01 848 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys

2007-09-11 06:44 593,940 --sh--w C:\WINDOWS\system32\Setup\infocr.dll

.

 

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries &amp legit default entries are not shown

REGEDIT4

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3804E2C-C67F-4E37-8B6A-E3400A317A5E}]

2007-09-11 07:44 593940 ---hs---- C:\WINDOWS\system32\Setup\infocr.dll

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

'CTFMON.EXE'='C:\WINDOWS\system32\ctfmon.exe' [2004-08-04 13:00 15360]

'PowerBar'='D:\Program\LG brännare\Multimedia Launcher\PowerBar.exe' [2004-04-21 10:26 86016]

'Novosoft Office Backup'='D:\Program\Novosoft Office Backup\hbagent.exe' [2008-01-22 14:33 3072600]

'MSMSGS'='C:\Program\Messenger\msmsgs.exe' [2004-10-13 17:24 1694208]

'Office Backup 2.2'='D:\Program\Office Backup\obagent.exe' [2006-11-07 14:15 1094144]

'Handy Backup'='D:\Program\Novosoft Office Backup\hbagent.exe' [2008-01-22 14:33 3072600]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

'SoundMan'='SOUNDMAN.EXE' [2005-01-07 11:46 77824 C:\WINDOWS\SOUNDMAN.EXE]

'NvCplDaemon'='C:\WINDOWS\system32\NvCpl.dll' [2006-10-22 12:22 7700480]

'StatusClient'='C:\Program\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe' [2002-12-16 16:51 36864]

'TomcatStartup'='C:\Program\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe' [2003-03-31 19:28 155648]

'ekort'='C:\Program\ekort\ekort.exe' [2007-05-10 09:36 233472]

'EEventManager'='C:\Program\EPSON\Creativity Suite\Event Manager\EEventManager.exe' [2005-04-08 14:09 102400]

'RemoteControl'='D:\Program\LG brännare\PowerDVD\PDVDServ.exe' [2004-11-02 20:24 32768]

'LGODDFU'='D:\Program\LG_fwupdate\fwupdate.exe' [2006-02-20 11:40 245760]

'FlashIcon'='C:\Program\Generic\USB Card Reader Driver v2.3\FlashIcon.exe' [2004-07-21 13:48 40960]

'nod32kui'='C:\Program\Eset\nod32kui.exe' [2007-02-20 12:47 921600]

'e-kort'='C:\Program\ekort\ekort.exe' [2007-05-10 09:36 233472]

'HPLJ Config'='C:\Program\Hewlett-Packard\hp LaserJet 1010 Series\SetConfig.exe' [2003-03-31 17:32 28672]

'Logitech Hardware Abstraction Layer'='KHALMNPR.EXE' [2007-09-21 03:10 55824 C:\WINDOWS\KHALMNPR.Exe]

'ZoneAlarm Client'='C:\Program\Zone Labs\ZoneAlarm\zlclient.exe' [2007-11-14 16:05 919016]

'SMSystemAnalyzer'='C:\Program\iolo\System Mechanic 7\SMSystemAnalyzer.exe' [2008-01-11 10:30 832360]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

'CTFMON.EXE'='C:\WINDOWS\system32\CTFMON.EXE' [2004-08-04 13:00 15360]

'TurboBackup'='D:\PROGRAM\TURBOB~1\tbksche.exe' [ ]

 

C:\Documents and Settings\All Users\Start-meny\Program\AutostartEPSON Status Monitor 3 Environment Check 2.lnk - C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE [2007-03-03 19:12:51 135680]

Logitech SetPoint.lnk - D:\Program\Logitech\SetPoint\SetPoint.exe [2007-11-16 19:08:28 784912]

Microsoft Office Snabbs”kning.lnk - D:\programWord\Office\FINDFAST.EXE [1997-11-07 111376]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\infocr]

C:\WINDOWS\system32\Setup\infocr.dll 2007-09-11 07:44 593940 C:\WINDOWS\system32\Setup\infocr.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]

c:\program\delade filer\logitech\bluetooth\LBTWlgn.dll 2007-11-15 10:10 72208 c:\Program\Delade filer\Logitech\Bluetooth\LBTWLgn.dll

 

R2 app_filterapp_filterC:\Program\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe [2004-11-24 18:10]

R2 ioloFileInfoListiolo FileInfoList ServiceC:\Program\iolo\common\lib\ioloServiceManager.exe [2007-11-22 00:11]

R2 ioloSystemServiceiolo System ServiceC:\Program\iolo\common\lib\ioloServiceManager.exe [2007-11-22 00:11]

R2 NMSAccessUNMSAccessUD:\Program\CDBurnerXP\NMSAccessU.exe [2007-10-12 08:34]

R3 dot4usbMS Dot4USB Filter Dot4USB FilterC:\WINDOWS\system32\DRIVERS\dot4usb.sys [2001-09-06 19:01]

S3 filterfilterC:\WINDOWS\system32\drivers\filter.sys [2004-07-05 07:21]

 

.

**************************************************************************

 

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-02-05 18:56:48

Windows 5.1.2600 Service Pack 2 NTFS

 

detected NTDLL code modification:

ZwQuerySystemInformation

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

.

Tack för att jobbar så snabbt. Olle

 

[inlägget ändrat 2008-02-05 21:24:38 av olleeine]

Länk till kommentar
Dela på andra webbplatser
Cecilia

Cecilia

Postad
Postad

Gå till http://www.virustotal.com/ klistra in ett av följande filnamn i rutan, tryck på Skicka Fil och vänta tills resultatet är klart (Närvarande status blir genomförd). Klistra in resultatet från de olika antivirusprogrammen här. Upprepa med nästa filnamn.

C:\WINDOWS\is-1RP4C.exe

C:\WINDOWS\is-1RP4C.msg

C:\WINDOWS\system32\Setup\infocr.dll

 

 

Länk till kommentar
Dela på andra webbplatser
olleeine

olleeine

Postad
  • Trådskapare
Postad

 

Hej

Fil is-1RP4C.lst mottagen 2008.02.06 12:27:54 (CET)

Närvarande status: Laddar ... köad väntar söker genomförd EJ FUNNEN STOPPAD

Resultat: 0/32 (0%)

Laddar server information...

Din fil är köad i position: ___.

Uppskattat starttid är mellan ___ och ___ .

Stäng inte ner detta fönster förens sökningen är genomförd.

Scannern som arbetade med din fil har stoppat, vi kommer att vänta ett par sekunder för att försöka återställa ditt resultat.

Om du väntar i mer än 5 minuter måste du skicka in din fil igen.

Din fil blir genomsökt av VirusTotal för tillfället,

resultat kommer att visas när de är klara.

Compact Compact

Skriv ut resultat Skriv ut resultat

Din fil har upphört eller existerar inte.

Tjänsten är stoppad för tillfället, din fil väntar på att bli genomsökt (position: ) för en obestämd tid.

 

Du kan vänta på ett svar (automatisk uppdatering) eller ange din email i formuläret nedan och klicka 'begär' så kommer systemet att skicka dig ett email när sökningen är genomförd.

Email:

 

Antivirus Version Senaste Uppdatering Resultat

AhnLab-V3 2008.2.6.10 2008.02.05 -

AntiVir 7.6.0.62 2008.02.06 -

Authentium 4.93.8 2008.02.05 -

Avast 4.7.1098.0 2008.02.05 -

AVG 7.5.0.516 2008.02.06 -

BitDefender 7.2 2008.02.06 -

CAT-QuickHeal 9.00 2008.02.04 -

ClamAV 0.92 2008.02.06 -

DrWeb 4.44.0.09170 2008.02.06 -

eSafe 7.0.15.0 2008.01.28 -

eTrust-Vet 31.3.5512 2008.02.05 -

Ewido 4.0 2008.02.05 -

FileAdvisor 1 2008.02.06 -

Fortinet 3.14.0.0 2008.02.06 -

F-Prot 4.4.2.54 2008.02.05 -

F-Secure 6.70.13260.0 2008.02.06 -

Ikarus T3.1.1.20 2008.02.06 -

Kaspersky 7.0.0.125 2008.02.06 -

McAfee 5223 2008.02.05 -

Microsoft 1.3204 2008.02.05 -

NOD32v2 2852 2008.02.06 -

Norman 5.80.02 2008.02.05 -

Panda 9.0.0.4 2008.02.05 -

Prevx1 V2 2008.02.06 -

Rising 20.29.22.00 2008.01.30 -

Sophos 4.26.0 2008.02.06 -

Sunbelt 2.2.907.0 2008.02.05 -

Symantec 10 2008.02.06 -

TheHacker 6.2.9.210 2008.02.06 -

VBA32 3.12.6.0 2008.02.06 -

VirusBuster 4.3.26:9 2008.02.05 -

Webwasher-Gateway 6.6.2 2008.02.06 -

Övrig information

File size: 429 bytes

MD5: ed2eb177344d716117c7364d856e9c5b

SHA1: 72739d731e07c57cf011f6646fcf7b7307422982

PEiD: -

 

Fil infocr.dll mottagen 2008.02.06 16:31:19 (CET)

Närvarande status: Laddar ... köad väntar söker genomförd EJ FUNNEN STOPPAD

Resultat: 19/32 (59.38%)

Laddar server information...

Din fil är köad i position: 7.

Uppskattat starttid är mellan 57 och 81 sekunder.

Stäng inte ner detta fönster förens sökningen är genomförd.

Scannern som arbetade med din fil har stoppat, vi kommer att vänta ett par sekunder för att försöka återställa ditt resultat.

Om du väntar i mer än 5 minuter måste du skicka in din fil igen.

Din fil blir genomsökt av VirusTotal för tillfället,

resultat kommer att visas när de är klara.

Compact Compact

Skriv ut resultat Skriv ut resultat

Din fil har upphört eller existerar inte.

Tjänsten är stoppad för tillfället, din fil väntar på att bli genomsökt (position: ) för en obestämd tid.

 

Du kan vänta på ett svar (automatisk uppdatering) eller ange din email i formuläret nedan och klicka 'begär' så kommer systemet att skicka dig ett email när sökningen är genomförd.

Email:

 

Antivirus Version Senaste Uppdatering Resultat

AhnLab-V3 2008.2.6.10 2008.02.05 -

AntiVir 7.6.0.62 2008.02.06 TR/BHO.ANA

Authentium 4.93.8 2008.02.05 -

Avast 4.7.1098.0 2008.02.05 -

AVG 7.5.0.516 2008.02.06 Generic9.AWTX

BitDefender 7.2 2008.02.06 Trojan.Vundo.DVH

CAT-QuickHeal 9.00 2008.02.04 Trojan.BHO.aoy

ClamAV 0.92 2008.02.06 Trojan.BHO-1322

DrWeb 4.44.0.09170 2008.02.06 Trojan.Virtumod.221

eSafe 7.0.15.0 2008.01.28 -

eTrust-Vet 31.3.5512 2008.02.05 Win32/Vundo

Ewido 4.0 2008.02.06 -

FileAdvisor 1 2008.02.06 -

Fortinet 3.14.0.0 2008.02.06 -

F-Prot 4.4.2.54 2008.02.05 W32/Heuristic-KPP!Eldorado

F-Secure 6.70.13260.0 2008.02.06 Trojan.Win32.BHO.aoy

Ikarus T3.1.1.20 2008.02.06 Trojan.Win32.BHO.aoy

Kaspersky 7.0.0.125 2008.02.06 Trojan.Win32.BHO.aoy

McAfee 5223 2008.02.05 Vundo

Microsoft 1.3204 2008.02.05 -

NOD32v2 2853 2008.02.06 -

Norman 5.80.02 2008.02.06 W32/Virtumonde.KPF

Panda 9.0.0.4 2008.02.05 -

Prevx1 V2 2008.02.06 Heuristic: Suspicious File With Covert Attributes

Rising 20.29.22.00 2008.01.30 -

Sophos 4.26.0 2008.02.06 Troj/Virtum-Gen

Sunbelt 2.2.907.0 2008.02.05 -

Symantec 10 2008.02.06 Trojan.Vundo

TheHacker 6.2.9.210 2008.02.06 Trojan/BHO.aoy

VBA32 3.12.6.0 2008.02.06 Trojan.Virtumod.221

VirusBuster 4.3.26:9 2008.02.06 -

Webwasher-Gateway 6.6.2 2008.02.06 Trojan.BHO.ANA

Övrig information

File size: 593940 bytes

MD5: e6c55f12c9a07290ba219048e0fac2e8

SHA1: 39b4b9abc3cb1c92f7db6dbb0b647716b46c2d4c

PEiD: -

Prevx info: http://info.prevx.com/aboutprogramtext.asp?PX5=788C487314E2AA2A100C09FE31E677008E90CF14

 

ATENTION

 

il is-1RP4C.exe mottagen 2007.11.28 13:49:28 (CET)

Närvarande status: genomförd

Resultat: 2/32 (6.25%)

Compact Compact

Skriv ut resultat Skriv ut resultat

Antivirus Version Senaste Uppdatering Resultat

AhnLab-V3 - - -

AntiVir - - -

Authentium - - -

Avast - - -

AVG - - -

BitDefender - - -

CAT-QuickHeal - - FraudTool.XPAntivirus.a (Not a Virus)

ClamAV - - -

DrWeb - - -

eSafe - - -

eTrust-Vet - - -

Ewido - - -

FileAdvisor - - -

Fortinet - - -

F-Prot - - -

F-Secure - - -

Ikarus - - -

Kaspersky - - -

McAfee - - -

Microsoft - - -

NOD32v2 - - -

Norman - - -

Panda - - -

Prevx1 - - Heuristic: Suspicious Self Modifying File

Rising - - -

Sophos - - -

Sunbelt - - -

Symantec - - -

TheHacker - - -

VBA32 - - -

VirusBuster - - -

Webwasher-Gateway - - -

Övrig information

MD5: 22f257a7d0af753aee567f2bcbc8d8d2

SHA1: cfcb4f6071a6397b1529bf74229459763757ef81

SHA256: 8a9f0de5df37621f05343b75ffbd22c8d4da3292ee59ab239212042870112cf6

SHA512: b62bf5fd024aefcccf0400cd7ea2b94ea83269a3de124d20a7ec9bcfd6951bb5 93d82a60f09200b46d23c573870f28fe7b04cb59bac490f253be0a370d0e36df

 

ATENTION

 

Länk till kommentar
Dela på andra webbplatser
Cecilia

Cecilia

Postad
Postad

Vet du vad du laddade ner den 12 januari?

2008-01-12 11:32 . 2008-01-12 11:32 681,984 --a------ C:\WINDOWS\is-1RP4C.exe

2008-01-12 11:32 . 2008-01-12 11:32 10,529 --a------ C:\WINDOWS\is-1RP4C.msg

2008-01-12 11:32 . 2008-01-12 11:32 429 --a------ C:\WINDOWS\is-1RP4C.lst

 

Om du inte vet så gå till filerna med Utforskaren/Den här datorn, högerklicka på dem och välj Egenskaper. Går det att knyta dem till någon produkt eller företag?

 

 

 

Länk till kommentar
Dela på andra webbplatser
olleeine

olleeine

Postad
  • Trådskapare
Postad

 

Hej!Vad Du jobbar!

exe-filen har inget namn. Men det står: Copyright 1997-2007 Jordan Russel Portions C. I rutan obj.namn ståt Produktnamn= Inno Setup och filver. 51.48.0.0

På de andra filerna finns inget.

 

Jag har fått en uppdat. på Iolo System Machanic 7 precis vid denna tidpunkt.

Tack för Ditt slit.

Olle

 

Länk till kommentar
Dela på andra webbplatser
Cecilia

Cecilia

Postad
Postad

Inno Setup är ett installationprogram av ordan Russell, används för att installera många program. Men vi antar väl att det är bra då.

 

Kopiera alla rader i rutan

[KOD]

File::

C:\WINDOWS\system32\Setup\infocr.dll

[/KOD]

och klistra in i Anteckningar.

Spara filen på Skrivbordet med namnet CFScript.

 

Dra CFScript med musen och släpp den ovanpå ComboFix-ikonen på Skrivbordet så startar programmet på ett särskilt sätt.

Klistra in loggen som kommer ut.

 

Länk till kommentar
Dela på andra webbplatser
olleeine

olleeine

Postad
  • Trådskapare
Postad

 

Hej.

ComboFix 08-02.05.3 - Olle 2008-02-08 18:48:10.2 - NTFSx86

Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1053.18.529 [GMT 1:00]

Running from: C:\Documents and Settings\Olle\Skrivbord\ComboFix.exe

Command switches used :: C:\Documents and Settings\Olle\Skrivbord\CFScript.txt

* Created a new restore point

 

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

 

((((((((((((((((((((((((( Files Created from 2008-01-08 to 2008-02-08 )))))))))))))))))))))))))))))))

.

 

2008-02-03 15:40 . 2008-02-03 15:40 <KAT> d-------- C:\Program\Trend Micro

2008-01-13 16:22 . 2008-01-13 16:22 <KAT> d-------- C:\fsaua.data

2008-01-12 11:32 . 2008-01-12 11:32 681,984 --a------ C:\WINDOWS\is-1RP4C.exe

2008-01-12 11:32 . 2008-02-07 17:41 10,529 --a------ C:\WINDOWS\is-1RP4C.msg

2008-01-12 11:32 . 2008-02-07 17:42 429 --a------ C:\WINDOWS\is-1RP4C.lst

2008-01-08 13:29 . 2008-01-11 09:22 <KAT> d-------- C:\WINDOWS\SxsCaPendDel

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-02-08 07:03 --------- d-----w C:\Program\ESET

2008-02-05 17:43 --------- d-----w C:\Program\Delade filer\Symantec Shared

2008-02-04 14:48 5,121,024 ----a-w C:\WINDOWS\Internet Logs\xDB1.tmp

2008-02-02 16:45 --------- d-----w C:\Program\BlogBridge

2008-01-30 20:42 --------- d-----w C:\Documents and Settings\Olle\Application Data\RegistrySmart

2008-01-30 20:30 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft

2008-01-30 20:29 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe

2008-01-28 16:15 --------- d-----w C:\Program\Windows Live Safety Center

2008-01-12 12:27 16,216,486 ----a-w C:\WINDOWS\Internet Logs\tvDebug.zip

2008-01-11 09:31 437,096 ----a-w C:\WINDOWS\system32\Incinerator.dll

2008-01-02 16:48 --------- d-----w C:\Documents and Settings\Olle\Application Data\Novosoft

2007-12-14 16:13 23,040 ----a-w C:\WINDOWS\system32\smrgdf.exe

2007-12-13 08:33 --------- d-----w C:\Documents and Settings\Olle\Application Data\iolo

2007-12-13 08:30 --------- d-----w C:\Documents and Settings\All Users\Application Data\iolo

2007-12-12 16:58 --------- d-----w C:\Program\iolo

2007-12-12 08:26 --------- d-----w C:\Program\ABBYY FineReader 6.0 Sprint

2007-12-11 13:39 --------- d-----w C:\Documents and Settings\Olle\Application Data\URSoft

2007-12-10 16:01 --------- d-----w C:\Documents and Settings\LocalService\Application Data\iolo

2007-12-10 11:47 --------- d-----w C:\Program\Delade filer\Logitech

2007-11-20 21:34 35,840 ----a-w C:\WINDOWS\system32\iolobtdfg.exe

2007-11-15 09:07 76,304 ----a-w C:\WINDOWS\system32\KemXML.dll

2007-11-15 09:07 170,512 ----a-w C:\WINDOWS\system32\kemutb.dll

2007-11-15 09:07 141,840 ----a-w C:\WINDOWS\system32\KemUtil.dll

2007-11-15 09:07 117,264 ----a-w C:\WINDOWS\system32\KemWnd.dll

2007-11-15 09:06 301,656 ----a-w C:\WINDOWS\system32\BtCoreIf.dll

2007-11-14 15:05 1,086,952 ----a-w C:\WINDOWS\system32\zpeng24.dll

2007-05-08 13:34 79,683 ----a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2007_05_08_13_55_36_small.dmp.zip

2004-10-01 14:00 40,960 ----a-w C:\Program\Uninstall_CDS.exe

2007-02-10 16:01 848 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys

2007-09-11 06:44 593,940 --sh--w C:\WINDOWS\system32\Setup\infocr.dll

.

 

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries &amp legit default entries are not shown

REGEDIT4

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3804E2C-C67F-4E37-8B6A-E3400A317A5E}]

2007-09-11 07:44 593940 ---hs---- C:\WINDOWS\system32\Setup\infocr.dll

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

'CTFMON.EXE'='C:\WINDOWS\system32\ctfmon.exe' [2004-08-04 13:00 15360]

'PowerBar'='D:\Program\LG brännare\Multimedia Launcher\PowerBar.exe' [2004-04-21 10:26 86016]

'Novosoft Office Backup'='D:\Program\Novosoft Office Backup\hbagent.exe' [2008-01-22 14:33 3072600]

'MSMSGS'='C:\Program\Messenger\msmsgs.exe' [2004-10-13 17:24 1694208]

'Office Backup 2.2'='D:\Program\Office Backup\obagent.exe' [2006-11-07 14:15 1094144]

'Handy Backup'='D:\Program\Novosoft Office Backup\hbagent.exe' [2008-01-22 14:33 3072600]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

'SoundMan'='SOUNDMAN.EXE' [2005-01-07 11:46 77824 C:\WINDOWS\SOUNDMAN.EXE]

'NvCplDaemon'='C:\WINDOWS\system32\NvCpl.dll' [2006-10-22 12:22 7700480]

'StatusClient'='C:\Program\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe' [2002-12-16 16:51 36864]

'TomcatStartup'='C:\Program\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe' [2003-03-31 19:28 155648]

'ekort'='C:\Program\ekort\ekort.exe' [2007-05-10 09:36 233472]

'EEventManager'='C:\Program\EPSON\Creativity Suite\Event Manager\EEventManager.exe' [2005-04-08 14:09 102400]

'RemoteControl'='D:\Program\LG brännare\PowerDVD\PDVDServ.exe' [2004-11-02 20:24 32768]

'LGODDFU'='D:\Program\LG_fwupdate\fwupdate.exe' [2006-02-20 11:40 245760]

'FlashIcon'='C:\Program\Generic\USB Card Reader Driver v2.3\FlashIcon.exe' [2004-07-21 13:48 40960]

'nod32kui'='C:\Program\Eset\nod32kui.exe' [2007-02-20 12:47 921600]

'e-kort'='C:\Program\ekort\ekort.exe' [2007-05-10 09:36 233472]

'HPLJ Config'='C:\Program\Hewlett-Packard\hp LaserJet 1010 Series\SetConfig.exe' [2003-03-31 17:32 28672]

'Logitech Hardware Abstraction Layer'='KHALMNPR.EXE' [2007-09-21 03:10 55824 C:\WINDOWS\KHALMNPR.Exe]

'ZoneAlarm Client'='C:\Program\Zone Labs\ZoneAlarm\zlclient.exe' [2007-11-14 16:05 919016]

'SMSystemAnalyzer'='C:\Program\iolo\System Mechanic 7\SMSystemAnalyzer.exe' [2008-01-11 10:30 832360]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

'CTFMON.EXE'='C:\WINDOWS\system32\CTFMON.EXE' [2004-08-04 13:00 15360]

'TurboBackup'='D:\PROGRAM\TURBOB~1\tbksche.exe' [ ]

 

C:\Documents and Settings\All Users\Start-meny\Program\AutostartEPSON Status Monitor 3 Environment Check 2.lnk - C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE [2007-03-03 19:12:51 135680]

Logitech SetPoint.lnk - D:\Program\Logitech\SetPoint\SetPoint.exe [2007-11-16 19:08:28 784912]

Microsoft Office Snabbs”kning.lnk - D:\programWord\Office\FINDFAST.EXE [1997-11-07 111376]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\infocr]

C:\WINDOWS\system32\Setup\infocr.dll 2007-09-11 07:44 593940 C:\WINDOWS\system32\Setup\infocr.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]

c:\program\delade filer\logitech\bluetooth\LBTWlgn.dll 2007-11-15 10:10 72208 c:\Program\Delade filer\Logitech\Bluetooth\LBTWLgn.dll

 

R2 app_filterapp_filterC:\Program\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe [2004-11-24 18:10]

R2 ioloFileInfoListiolo FileInfoList ServiceC:\Program\iolo\common\lib\ioloServiceManager.exe [2007-11-22 00:11]

R2 ioloSystemServiceiolo System ServiceC:\Program\iolo\common\lib\ioloServiceManager.exe [2007-11-22 00:11]

R2 NMSAccessUNMSAccessUD:\Program\CDBurnerXP\NMSAccessU.exe [2007-10-12 08:34]

R3 dot4usbMS Dot4USB Filter Dot4USB FilterC:\WINDOWS\system32\DRIVERS\dot4usb.sys [2001-09-06 19:01]

S3 filterfilterC:\WINDOWS\system32\drivers\filter.sys [2004-07-05 07:21]

 

.

**************************************************************************

 

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-02-08 18:53:07

Windows 5.1.2600 Service Pack 2 NTFS

 

detected NTDLL code modification:

ZwQuerySystemInformation

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

.

Completion time: 2008-02-08 18:54:46

.

2008-01-09 08:37:12 --- E O F ---

Olle

 

Länk till kommentar
Dela på andra webbplatser
olleeine

olleeine

Postad
  • Trådskapare
Postad

 

Hej.Nu hoppas jag att blev rätt.

ComboFix 08-02.05.3 - Olle 2008-02-11 9:46:37.3 - NTFSx86

Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1053.18.549 [GMT 1:00]

Running from: C:\Documents and Settings\Olle\Skrivbord\ComboFix.exe

Command switches used :: C:\Documents and Settings\Olle\Skrivbord\CFScript.txt

* Created a new restore point

 

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

 

FILE

C:\WINDOWS\system32\Setup\infocr.dll

.

 

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\WINDOWS\system32\Setup\infocr.dll

 

.

((((((((((((((((((((((((( Files Created from 2008-01-11 to 2008-02-11 )))))))))))))))))))))))))))))))

.

 

2008-02-05 18:53 . 2004-08-04 13:00 390,656 --a------ C:\kmd.exe

2008-02-03 15:40 . 2008-02-03 15:40 <KAT> d-------- C:\Program\Trend Micro

2008-01-13 16:22 . 2008-01-13 16:22 <KAT> d-------- C:\fsaua.data

2008-01-12 11:32 . 2008-01-12 11:32 681,984 --a------ C:\WINDOWS\is-1RP4C.exe

2008-01-12 11:32 . 2008-02-07 17:41 10,529 --a------ C:\WINDOWS\is-1RP4C.msg

2008-01-12 11:32 . 2008-02-07 17:42 429 --a------ C:\WINDOWS\is-1RP4C.lst

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-02-08 07:03 --------- d-----w C:\Program\ESET

2008-02-05 17:43 --------- d-----w C:\Program\Delade filer\Symantec Shared

2008-02-04 14:48 5,121,024 ----a-w C:\WINDOWS\Internet Logs\xDB1.tmp

2008-02-02 16:45 --------- d-----w C:\Program\BlogBridge

2008-01-30 20:42 --------- d-----w C:\Documents and Settings\Olle\Application Data\RegistrySmart

2008-01-30 20:30 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft

2008-01-28 16:15 --------- d-----w C:\Program\Windows Live Safety Center

2008-01-12 12:27 16,216,486 ----a-w C:\WINDOWS\Internet Logs\tvDebug.zip

2008-01-02 16:48 --------- d-----w C:\Documents and Settings\Olle\Application Data\Novosoft

2007-12-13 08:33 --------- d-----w C:\Documents and Settings\Olle\Application Data\iolo

2007-12-13 08:30 --------- d-----w C:\Documents and Settings\All Users\Application Data\iolo

2007-12-12 16:58 --------- d-----w C:\Program\iolo

2007-12-12 08:26 --------- d-----w C:\Program\ABBYY FineReader 6.0 Sprint

2007-12-11 13:39 --------- d-----w C:\Documents and Settings\Olle\Application Data\URSoft

2007-05-08 13:34 79,683 ----a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2007_05_08_13_55_36_small.dmp.zip

2004-10-01 14:00 40,960 ----a-w C:\Program\Uninstall_CDS.exe

2007-02-10 16:01 848 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys

.

 

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries &amp legit default entries are not shown

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

'CTFMON.EXE'='C:\WINDOWS\system32\ctfmon.exe' [2004-08-04 13:00 15360]

'PowerBar'='D:\Program\LG brännare\Multimedia Launcher\PowerBar.exe' [ ]

'Novosoft Office Backup'='D:\Program\Novosoft Office Backup\hbagent.exe' [2008-01-22 14:33 3072600]

'MSMSGS'='C:\Program\Messenger\msmsgs.exe' [2004-10-13 17:24 1694208]

'Office Backup 2.2'='D:\Program\Office Backup\obagent.exe' [2006-11-07 14:15 1094144]

'Handy Backup'='D:\Program\Novosoft Office Backup\hbagent.exe' [2008-01-22 14:33 3072600]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

'SoundMan'='SOUNDMAN.EXE' [2005-01-07 11:46 77824 C:\WINDOWS\SOUNDMAN.EXE]

'NvCplDaemon'='C:\WINDOWS\system32\NvCpl.dll' [2006-10-22 12:22 7700480]

'StatusClient'='C:\Program\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe' [2002-12-16 16:51 36864]

'TomcatStartup'='C:\Program\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe' [2003-03-31 19:28 155648]

'ekort'='C:\Program\ekort\ekort.exe' [2007-05-10 09:36 233472]

'EEventManager'='C:\Program\EPSON\Creativity Suite\Event Manager\EEventManager.exe' [2005-04-08 14:09 102400]

'RemoteControl'='D:\Program\LG brännare\PowerDVD\PDVDServ.exe' [ ]

'LGODDFU'='D:\Program\LG_fwupdate\fwupdate.exe' [2006-02-20 11:40 245760]

'FlashIcon'='C:\Program\Generic\USB Card Reader Driver v2.3\FlashIcon.exe' [2004-07-21 13:48 40960]

'nod32kui'='C:\Program\Eset\nod32kui.exe' [2007-02-20 12:47 921600]

'e-kort'='C:\Program\ekort\ekort.exe' [2007-05-10 09:36 233472]

'HPLJ Config'='C:\Program\Hewlett-Packard\hp LaserJet 1010 Series\SetConfig.exe' [2003-03-31 17:32 28672]

'Logitech Hardware Abstraction Layer'='KHALMNPR.EXE' [2007-09-21 03:10 55824 C:\WINDOWS\KHALMNPR.Exe]

'ZoneAlarm Client'='C:\Program\Zone Labs\ZoneAlarm\zlclient.exe' [2007-11-14 16:05 919016]

'SMSystemAnalyzer'='C:\Program\iolo\System Mechanic 7\SMSystemAnalyzer.exe' [2008-01-11 10:30 832360]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

'CTFMON.EXE'='C:\WINDOWS\system32\CTFMON.EXE' [2004-08-04 13:00 15360]

'TurboBackup'='D:\PROGRAM\TURBOB~1\tbksche.exe' [ ]

 

C:\Documents and Settings\All Users\Start-meny\Program\AutostartEPSON Status Monitor 3 Environment Check 2.lnk - C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE [2007-03-03 19:12:51 135680]

Logitech SetPoint.lnk - D:\Program\Logitech\SetPoint\SetPoint.exe [2007-11-16 19:08:28 784912]

Microsoft Office Snabbs”kning.lnk - D:\programWord\Office\FINDFAST.EXE [1997-11-07 111376]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\infocr]

C:\WINDOWS\system32\Setup\infocr.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]

c:\program\delade filer\logitech\bluetooth\LBTWlgn.dll 2007-11-15 10:10 72208 c:\Program\Delade filer\Logitech\Bluetooth\LBTWLgn.dll

 

R2 app_filterapp_filterC:\Program\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe [2004-11-24 18:10]

R2 ioloFileInfoListiolo FileInfoList ServiceC:\Program\iolo\common\lib\ioloServiceManager.exe [2007-11-22 00:11]

R2 ioloSystemServiceiolo System ServiceC:\Program\iolo\common\lib\ioloServiceManager.exe [2007-11-22 00:11]

R2 NMSAccessUNMSAccessUD:\Program\CDBurnerXP\NMSAccessU.exe [2007-10-12 08:34]

R3 dot4usbMS Dot4USB Filter Dot4USB FilterC:\WINDOWS\system32\DRIVERS\dot4usb.sys [2001-09-06 19:01]

S3 filterfilterC:\WINDOWS\system32\drivers\filter.sys [2004-07-05 07:21]

 

.

**************************************************************************

 

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-02-11 09:52:14

Windows 5.1.2600 Service Pack 2 NTFS

 

detected NTDLL code modification:

ZwQuerySystemInformation

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

.

------------------------ Other Running Processes ------------------------

.

D:\Program\Lavasoft\aawservice.exe

C:\Program\Delade filer\EPSON\EBAPI\SAgent2.exe

C:\Program\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe

C:\Program\Delade filer\LightScribe\LSSrvc.exe

C:\Program\Eset\nod32krn.exe

C:\Program\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe

C:\Program\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe

C:\Program\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe

.

**************************************************************************

.

Completion time: 2008-02-11 10:03:05 - machine was rebooted

ComboFix-quarantined-files.txt 2008-02-11 08:53:10

ComboFix2.txt 2008-02-08 17:54:49

.

2008-01-09 08:37:12 --- E O F ---

 

Varningsrutan är borta!Olle

 

Länk till kommentar
Dela på andra webbplatser
olleeine

olleeine

Postad
  • Trådskapare
Postad

 

Hej! Tack för allt arbete Du lagt ner.

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 14:39:11, on 2008-02-11

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16574)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\ZoneLabs\vsmon.exe

D:\Program\Lavasoft\aawservice.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\SOUNDMAN.EXE

C:\Program\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe

C:\Program\ekort\ekort.exe

C:\Program\EPSON\Creativity Suite\Event Manager\EEventManager.exe

D:\Program\LG brännare\PowerDVD\PDVDServ.exe

C:\WINDOWS\system32\OBroker.exe

D:\Program\LG_fwupdate\fwupdate.exe

C:\Program\Eset\nod32kui.exe

C:\Program\Zone Labs\ZoneAlarm\zlclient.exe

C:\Program\iolo\System Mechanic 7\SMSystemAnalyzer.exe

C:\WINDOWS\system32\ctfmon.exe

D:\Program\LG brännare\Multimedia Launcher\PowerBar.exe

C:\Program\Messenger\msmsgs.exe

C:\Program\Delade filer\EPSON\EBAPI\SAgent2.exe

D:\Program\Office Backup\obagent.exe

C:\Program\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe

C:\Program\iolo\common\lib\ioloServiceManager.exe

C:\Program\Delade filer\LightScribe\LSSrvc.exe

C:\Program\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe

D:\programWord\Office\FINDFAST.EXE

D:\Program\CDBurnerXP\NMSAccessU.exe

C:\Program\Eset\nod32krn.exe

C:\Program\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe

C:\Program\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost.exe

C:\Program\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe

C:\WINDOWS\System32\alg.exe

D:\Program\Logitech\SetPoint\SetPoint.exe

C:\Program\Delade filer\Logishrd\KHAL2\KHALMNPR.EXE

C:\WINDOWS\system32\HPZipm12.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

C:\Program\Trend Micro\HijackThis\HijackThis.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.se/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896'>http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: e-kort Browser Helper Object - {1C900459-DEEF-4aa9-B260-1EF0F0C70A8D} - C:\Program\ekort\Bhoekort.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\Program\Spybot - Search &amp Destroy\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program\Java\jre1.6.0_03\bin\ssv.dll

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [statusClient] 'C:\Program\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe' /auto

O4 - HKLM\..\Run: [TomcatStartup] C:\Program\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe

O4 - HKLM\..\Run: [ekort] C:\Program\ekort\ekort.exe /dontopenmycards

O4 - HKLM\..\Run: [EEventManager] 'C:\Program\EPSON\Creativity Suite\Event Manager\EEventManager.exe'

O4 - HKLM\..\Run: [RemoteControl] 'D:\Program\LG brännare\PowerDVD\PDVDServ.exe'

O4 - HKLM\..\Run: [LGODDFU] D:\Program\LG_fwupdate\fwupdate.exe

O4 - HKLM\..\Run: [FlashIcon] 'C:\Program\Generic\USB Card Reader Driver v2.3\FlashIcon.exe'

O4 - HKLM\..\Run: [nod32kui] 'C:\Program\Eset\nod32kui.exe' /WAITSERVICE

O4 - HKLM\..\Run: [e-kort] C:\Program\ekort\ekort.exe /dontopenmycards

O4 - HKLM\..\Run: [HPLJ Config] 'C:\Program\Hewlett-Packard\hp LaserJet 1010 Series\SetConfig.exe' -c Direct -p DOT4_001 -pn 'hp LaserJet 1010 Series Driver' -n 0 -l 1053 -sl 120000

O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE

O4 - HKLM\..\Run: [ZoneAlarm Client] 'C:\Program\Zone Labs\ZoneAlarm\zlclient.exe'

O4 - HKLM\..\Run: [sMSystemAnalyzer] 'C:\Program\iolo\System Mechanic 7\SMSystemAnalyzer.exe'

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [PowerBar] 'D:\Program\LG brännare\Multimedia Launcher\PowerBar.exe' /AtBootTime

O4 - HKCU\..\Run: [Novosoft Office Backup] 'D:\Program\Novosoft Office Backup\hbagent.exe' -logon

O4 - HKCU\..\Run: [MSMSGS] 'C:\Program\Messenger\msmsgs.exe' /background

O4 - HKCU\..\Run: [Office Backup 2.2] 'D:\Program\Office Backup\obagent.exe' -logon

O4 - HKCU\..\Run: [Handy Backup] D:\Program\Novosoft Office Backup\hbagent.exe -logon

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJÄNST')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE

O4 - Global Startup: Logitech SetPoint.lnk = D:\Program\Logitech\SetPoint\SetPoint.exe

O4 - Global Startup: Microsoft Office Snabbsökning.lnk = D:\programWord\Office\FINDFAST.EXE

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra button: e-kort - {4C730913-3961-439b-83D5-F4E445520422} - C:\Program\ekort\ekort.exe

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: e-kort - {F74E75A5-96BF-40ef-A1C8-88EAEBB82AB6} - C:\Program\ekort\ekort.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O16 - DPF: {2AF5BD25-90C5-4EEC-88C5-B44DC2905D8B} (DownloadManager Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.0.6.5.cab

O16 - DPF: {5CE72DD0-4695-4D18-A4D3-3367ACD37578} (F-Secure Health Check 1.0) - http://support.f-secure.com/enu/home/onlineservices/fshc/fscax.cab

O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase4009.cab

O16 - DPF: {A796D216-2DE1-4EA8-BABB-FE6E7C959098} (HPSDDX Class) - http://www.hp.com/cpso-support-new/SDD/hpsddObjSigned.cab

O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab

O20 - Winlogon Notify: infocr - C:\WINDOWS\system32\Setup\infocr.dll (file missing)

O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - D:\Program\Lavasoft\aawservice.exe

O23 - Service: app_filter - Unknown owner - C:\Program\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe

O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program\Delade filer\EPSON\EBAPI\SAgent2.exe

O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: iolo FileInfoList Service (ioloFileInfoList) - Unknown owner - C:\Program\iolo\common\lib\ioloServiceManager.exe

O23 - Service: iolo System Service (ioloSystemService) - Unknown owner - C:\Program\iolo\common\lib\ioloServiceManager.exe

O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program\Delade filer\Logitech\Bluetooth\LBTServ.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program\Delade filer\LightScribe\LSSrvc.exe

O23 - Service: NMSAccessU - Unknown owner - D:\Program\CDBurnerXP\NMSAccessU.exe

O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program\Eset\nod32krn.exe

O23 - Service: ForceWare IP service (nSvcIp) - Unknown owner - C:\Program\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe

O23 - Service: ForceWare user log service (nSvcLog) - Unknown owner - C:\Program\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

 

--

End of file - 9784 bytes

 

 

Länk till kommentar
Dela på andra webbplatser
Cecilia

Cecilia

Postad
Postad

Tack själv för alla poäng! :) :)

 

Skanna med HijackThis och bocka för:

 

O20 - Winlogon Notify: infocr - C:\WINDOWS\system32\Setup\infocr.dll (file missing)

 

Avsluta alla andra program.

Tryck Fix checked.

 

Starta om datorn.

 

Är allt bra med datorn nu?

 

Länk till kommentar
Dela på andra webbplatser
olleeine

olleeine

Postad
  • Trådskapare
Postad

 

Hej Cecilia. Ja, allt verkar OK. Jag undrar vad vad datorn var smittad av? Behöver jag bättre skydd? Har Nod32, Zone Alarm och anv. Adv-ware och Spybot.

Tack än en gång. Olle

 

Länk till kommentar
Dela på andra webbplatser
Cecilia

Cecilia

Postad
Postad

Du skannade ju filen på virustotal-sidan förut, där kan du se vad olika program kallar det för.

 

SUPERAntiSpyware är bättre än Ad-aware och Spybot S&ampD, se länken nedan för var du hittar den.

 

Här kan du läsa mina vanliga råd för en säkrare dator, men det är så klart viktigt att man använder sitt förnuft också.

http://ceblstockholm.googlepages.com/home

 

 

Länk till kommentar
Dela på andra webbplatser

Arkiverat

Det här ämnet är nu arkiverat och är stängt för ytterligare svar.

Gå till ämneslista


×
×
  • Skapa nytt...