Gå till innehåll

Siveri

Medlem
 Visa profil  Visa deras aktivitet

  • Innehållsantal

    2

  • Gick med

  • Besökte senast

 Innehållstyp 

Inlägg postade av Siveri

    Fake-antivirus?

    i Borttagning av virus och andra skadliga program

    Postad

    Jag skulle tro att Malwarebytes Anti-Malware (MBAM) kan fixa det mesta.

    http://www.download.com/Malwarebytes-Anti-...4-10804572.html

    Malwarebytes verkar ha löst det. Jag har dock inte gjort en fullständig sökning med varken MBAM eller Windows inbyggda antivirus, men jag allt verkar vara som det ska. Den bakgrundsbilden jag fick innan var från Total Secure, ganska lätt att märka att det var fake iom att grammatiken sög.

    Fake-antivirus?

    i Borttagning av virus och andra skadliga program

    Postad

    Tydligen så har jag fått något fake-antivirusprogram som kallas Total Security. När jag söker igenom datorn med Spyware Doctor så hittade den rogue spyware, eller något liknande. Men varje gång jag startar om datorn så hittar den samma sak igen.

    Än så länge har ingenting jobbigt hänt, förutom att jag får en ny bakgrundsbild varje gång jag startar datorn, där det står att jag har spyware och hur det kan förstöra mitt liv, etc.

    Men jag undrar iallafall hur jag kan få bort det. Bifogar en HJT-logg. Tacksam för svar!

    Logfile of Trend Micro HijackThis v2.0.2

    Scan saved at 18:22:54, on 2009-08-25

    Platform: Windows XP SP3 (WinNT 5.01.2600)

    MSIE: Internet Explorer v8.00 (8.00.6001.18702)

    Boot mode: Normal

    Running processes:

    C:\WINDOWS\System32\smss.exe

    C:\WINDOWS\system32\csrss.exe

    C:\WINDOWS\system32\winlogon.exe

    C:\WINDOWS\system32\services.exe

    C:\WINDOWS\system32\lsass.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\System32\svchost.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\system32\spoolsv.exe

    C:\WINDOWS\SYSTEM32\CTXFISPI.EXE

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\system32\ctfmon.exe

    C:\WINDOWS\system32\svchost.exe

    C:\Program\Spyware Doctor\pctsSvc.exe

    C:\WINDOWS\explorer.exe

    C:\WINDOWS\system32\svchost.exe

    C:\Program\Spyware Doctor\pctsTray.exe

    C:\Program\CyberLink\PowerCinema\Kernel\TV\CLSched.exe

    C:\Program\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe

    C:\Program\iPod\bin\iPodService.exe

    C:\Program\ESET\ESET NOD32 Antivirus\ekrn.exe

    C:\WINDOWS\System32\alg.exe

    C:\Program\Delade filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

    C:\Program\MICROS~2\rapimgr.exe

    C:\Program\Microsoft ActiveSync\wcescomm.exe

    C:\Program\Last.fm\LastFM.exe

    C:\Program\Windows Live\Messenger\msnmsgr.exe

    C:\Program\Windows Live\Contacts\wlcomm.exe

    C:\Program\uTorrent\uTorrent.exe

    C:\Documents and Settings\HP_Ägaren\Lokala inställningar\Application Data\Google\Chrome\Application\chrome.exe

    C:\Documents and Settings\HP_Ägaren\Lokala inställningar\Application Data\Google\Chrome\Application\chrome.exe

    C:\Program\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar

    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program\Microsoft Office\Office12\GrooveShellExtensions.dll

    O2 - BHO: Windows Live inloggningshjälpen - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program\Delade filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program\Google\Google Toolbar\GoogleToolbar.dll

    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll

    O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll

    O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program\Java\jre6\bin\jp2ssv.dll

    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

    O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program\Google\Google Toolbar\GoogleToolbar.dll

    O4 - HKLM\..\Run: [ftutil2] rundll32.exe ftutil2.dll,SetWriteCacheMode

    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

    O4 - HKLM\..\Run: [CTDVDDET] "C:\Program\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE"

    O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"

    O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE

    O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE

    O4 - HKLM\..\Run: [updReg] C:\WINDOWS\UpdReg.EXE

    O4 - HKLM\..\Run: [HPHUPD08] c:\Program\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe

    O4 - HKLM\..\Run: [PCMService] "C:\Program\CyberLink\PowerCinema\PCMService.exe"

    O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE

    O4 - HKLM\..\Run: [HPBootOp] "C:\Program\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run

    O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"

    O4 - HKLM\..\Run: [HP Software Update] C:\Program\HP\HP Software Update\HPwuSchd2.exe

    O4 - HKLM\..\Run: [TkBellExe] "C:\Program\Delade filer\Real\Update_OB\realsched.exe" -osboot

    O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program\Microsoft Office\Office12\GrooveMonitor.exe"

    O4 - HKLM\..\Run: [egui] "C:\Program\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice

    O4 - HKLM\..\Run: [bigDogPath] C:\WINDOWS\VM_STI.EXE VIMICRO USB PC Camera

    O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program\Delade filer\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

    O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program\Delade filer\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin

    O4 - HKLM\..\Run: [intelliPoint] "C:\Program\Microsoft IntelliPoint\ipoint.exe"

    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

    O4 - HKLM\..\Run: [VolPanel] "C:\Program\Creative\Volume Panel\VolPanlu.exe" /r

    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\QTTask.exe" -atboottime

    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program\iTunes\iTunesHelper.exe"

    O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program\Java\jre6\bin\jusched.exe"

    O4 - HKLM\..\Run: [PromoReg] C:\WINDOWS\Temp\_ex-68.exe

    O4 - HKLM\..\Run: [16080624] C:\Documents and Settings\All Users\Application Data\16080624\16080624.exe

    O4 - HKLM\..\Run: [iSTray] "C:\Program\Spyware Doctor\pctsTray.exe"

    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program\Windows Live\Messenger\MsnMsgr.Exe" /background

    O4 - HKCU\..\Run: [swg] C:\Program\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

    O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program\Microsoft ActiveSync\wcescomm.exe"

    O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\HP_Ägaren\Lokala inställningar\Application Data\Google\Update\GoogleUpdate.exe" /c

    O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')

    O4 - Startup: ikowin32.exe

    O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program\Microsoft Office\Office12\ONENOTEM.EXE

    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program\MICROS~3\Office12\EXCEL.EXE/3000

    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program\MICROS~3\Office12\ONBttnIE.dll

    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program\MICROS~3\Office12\ONBttnIE.dll

    O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program\MICROS~2\INetRepl.dll

    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program\MICROS~2\INetRepl.dll

    O9 - Extra 'Tools' menuitem: Skapa mobilfavorit ... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program\MICROS~2\INetRepl.dll

    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program\MICROS~3\Office12\REFIEBAR.DLL

    O9 - Extra button: Hjälp med anslutning - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm

    O9 - Extra 'Tools' menuitem: Hjälp med anslutning - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm

    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

    O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/softwareupdate/su/...031/CTSUEng.cab

    O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} (Creative Software AutoUpdate) - http://ccfiles.creative.com/Web/softwareup...101/CTSUEng.cab

    O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/softwareupdate/su/...15034/CTPID.cab

    O17 - HKLM\System\CCS\Services\Tcpip\..\{8A8D2188-B4C9-4749-A2A8-E27E40CAEBF3}: NameServer = 213.50.29.170,213.50.29.180

    O17 - HKLM\System\CCS\Services\Tcpip\..\{CB6E8F39-AAE7-42E8-97CC-35D88B27FD56}: NameServer = 213.50.29.170,213.50.29.180

    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program\Microsoft Office\Office12\GrooveSystemServices.dll

    O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll

    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program\Delade filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

    O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program\Delade filer\Autodesk Shared\Service\AdskScSrv.exe

    O23 - Service: Bonjour-tjänst (Bonjour Service) - Apple Inc. - C:\Program\Bonjour\mDNSResponder.exe

    O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe

    O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program\CyberLink\PowerCinema\Kernel\TV\CLSched.exe

    O23 - Service: Creative Audio Engine Licensing Service - Creative Labs - C:\Program\Delade filer\Creative Labs Shared\Service\CTAELicensing.exe

    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE

    O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - C:\Program\Creative\Shared Files\CTAudSvc.exe

    O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe

    O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program\ESET\ESET NOD32 Antivirus\EHttpSrv.exe

    O23 - Service: Eset Service (ekrn) - ESET - C:\Program\ESET\ESET NOD32 Antivirus\ekrn.exe

    O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program\Delade filer\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program\Google\Common\Google Updater\GoogleUpdaterService.exe

    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program\Delade filer\InstallShield\Driver\1050\Intel 32\IDriverT.exe

    O23 - Service: iPod Service - Apple Inc. - C:\Program\iPod\bin\iPodService.exe

    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program\Java\jre6\bin\jqs.exe

    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program\Delade filer\LightScribe\LSSrvc.exe

    O23 - Service: mental ray 3.6 Satellite for Autodesk 3ds Max Design 2009 32-bit 32-bit (mi-raysat_3dsMax2009_32) - Unknown owner - C:\Program\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_32server.exe

    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

    O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

    O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe

    O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program\Spyware Doctor\pctsAuxs.exe

    O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program\Spyware Doctor\pctsSvc.exe

    --

    End of file - 12236 bytes

×
×
  • Skapa nytt...