l_lefty
-
Innehållsantal
14 -
Gick med
-
Besökte senast
Inlägg postade av l_lefty
-
-
Hej igen,
Tror inte det är Symantec som flaggar för Trojan-Keylogger Win32 Fung. Det ser ut som ett windowsfönster och heter windows security alert.
Nu har jag uppdaterat Malwarebytes Anti-Malware och kört. Hittade två fel som jag tog bort. Sen körde jag en ny TM HJT och klistrar in den loggen nedan. Men först loggen från malwarebytes anti-malware:
Malwarebytes' Anti-Malware 1.30
Databasversion: 1371
Windows 5.1.2600 Service Pack 2
2008-11-07 17:25:20
mbam-log-2008-11-07 (17-25-20).txt
Skanningstyp: Snabb skanning
Antal skannade objekt: 70705
Förfluten tid: 8 minute(s), 51 second(s)
Infekterade minnesprocesser: 0
Infekterade minnesmoduler: 0
Infekterade registernycklar: 0
Infekterade registervärden: 1
Infekterade registerdataposter: 0
Infekterade mappar: 0
Infekterade filer: 1
Infekterade minnesprocesser:
(Inga illasinnade poster hittades)
Infekterade minnesmoduler:
(Inga illasinnade poster hittades)
Infekterade registernycklar:
(Inga illasinnade poster hittades)
Infekterade registervärden:
HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRunasus32 (Rogue.PersonalDefender2009) -> Quarantined and deleted successfully.
Infekterade registerdataposter:
(Inga illasinnade poster hittades)
Infekterade mappar:
(Inga illasinnade poster hittades)
Infekterade filer:
C:Documents and SettingsMattias BergströmApplication DataGooglemupd1_2_12916358.exe (Rogue.PersonalDefender2009) -> Delete on reboot.
___________________________________________________________________________________
Å så HJT:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:02:49, on 2008-11-07
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32Ati2evxx.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32Ati2evxx.exe
C:Program FilesCommon FilesSymantec SharedccSetMgr.exe
C:WINDOWSExplorer.EXE
C:Program FilesCommon FilesSymantec SharedccEvtMgr.exe
C:Program FilesCommon FilesSymantec SharedPIF{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}PIFSvc.exe
C:Program FilesCommon FilesSymantec SharedSNDSrvc.exe
C:Program FilesCommon FilesSymantec SharedSPBBCSPBBCSvc.exe
C:Program FilesCommon FilesSymantec SharedCCPD-LCsymlcsvc.exe
C:WINDOWSsystem32spoolsv.exe
C:AcerEmpowering TechnologyePerformanceMemCheck.exe
C:Program FilesSymantecLiveUpdateALUSchedulerSvc.exe
c:Program FilesWIDCOMMBluetooth Softwarebinbtwdins.exe
C:WINDOWSeHomeehRecvr.exe
C:WINDOWSeHomeehSched.exe
C:Program FilesJavajre6binjqs.exe
C:Program FilesCommon FilesLightScribeLSSrvc.exe
C:Program FilesNorton AntiVirusnavapsvc.exe
C:Program FilesNorton AntiVirusIWPNPFMntor.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSsystem32wscntfy.exe
C:WINDOWSsystem32dllhost.exe
C:WINDOWSsystem32wbemwmiapsrv.exe
C:WINDOWSehomeehtray.exe
C:WINDOWSeHomeehmsas.exe
C:WINDOWSRTHDCPL.EXE
C:AcerEmpowering TechnologyeDataSecurityeDSloader.exe
C:AcerEmpowering TechnologyePowerePower_DMC.exe
C:Program FilesSynapticsSynTPSynTPEnh.exe
C:PROGRA~1LAUNCH~1LManager.exe
C:AcerEmpowering TechnologyeRecoveryeRAgent.exe
C:Program FilesCommon FilesSymantec SharedccApp.exe
C:WINDOWSVM305_STI.EXE
C:Program FilesMicrosoft OfficeOffice12GrooveMonitor.exe
C:WINDOWSsystem32rundll32.exe
C:Program FilesATI TechnologiesATI.ACECLI.EXE
C:Program FilesQuickTimeqttask.exe
C:Program FilesJavajre6binjusched.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32ctfmon.exe
C:WINDOWSsystem32wbemunsecapp.exe
C:Program FilesMSN MessengerMsnMsgr.Exe
C:Program FilesGoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe
C:AcerEmpowering TechnologyAcer.Empowering.Framework.Launcher.exe
C:Program FilesWIDCOMMBluetooth SoftwareBTTray.exe
C:Program FilesNikonPictureProjectNkbMonitor.exe
C:Program FilesATI TechnologiesATI.ACEcli.exe
C:Program FilesATI TechnologiesATI.ACEcli.exe
C:WINDOWSsystem32wuauclt.exe
C:Program FilesCommon FilesSymantec SharedSecurity ConsoleNSCSRVCE.EXE
C:Program FilesMessengermsmsgs.exe
C:Program FilesTrend MicroHijackThislinus.exe
R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.hotmail.com/
R1 - HKCUSoftwareMicrosoftInternet Connection Wizard,ShellNext = http://sv.intl.acer.yahoo.com/
R1 - HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:Program FilesAdobeAcrobat 7.0ActiveXAcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:Program FilesMicrosoft OfficeOffice12GrooveShellExtensions.dll
O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:Program FilesJavajre6binssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:Program FilesCommon FilesMicrosoft SharedWindows LiveWindowsLiveLogin.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:Program FilesNorton AntiVirusNavShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:program filesgooglegoogletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:Program FilesGoogleGoogleToolbarNotifier3.1.807.1746swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:Program FilesWindows Live Toolbarmsntb.dll
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:Program FilesJavajre6binjp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:Program FilesJavajre6libdeployjqsiejqs_plugin.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:WINDOWSsystem32eDStoolbar.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:Program FilesNorton AntiVirusNavShExt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:Program FilesWindows Live Toolbarmsntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:program filesgooglegoogletoolbar3.dll
O4 - HKLM..Run: [ehTray] C:WINDOWSehomeehtray.exe
O4 - HKLM..Run: [AzMixerSel] C:Program FilesRealtekInstallShieldAzMixerSel.exe
O4 - HKLM..Run: [ntiMUI] C:Program FilesNewTech InfosystemsNTI CD & DVD-Maker 7ntiMUI.exe
O4 - HKLM..Run: [Acer ePresentation HPD] C:AcerEmpowering TechnologyePresentationePresentation.exe
O4 - HKLM..Run: [iMJPMIG8.1] "C:WINDOWSIMEimjp8_1IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM..Run: [MSPY2002] C:WINDOWSsystem32IMEPINTLGNTImScInst.exe /SYNC
O4 - HKLM..Run: [PHIME2002ASync] C:WINDOWSsystem32IMETINTLGNTTINTSETP.EXE /SYNC
O4 - HKLM..Run: [PHIME2002A] C:WINDOWSsystem32IMETINTLGNTTINTSETP.EXE /IMEName
O4 - HKLM..Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM..Run: [skyTel] SkyTel.EXE
O4 - HKLM..Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM..Run: [eDataSecurity Loader] C:AcerEmpowering TechnologyeDataSecurityeDSloader.exe 1
O4 - HKLM..Run: [ePower_DMC] C:AcerEmpowering TechnologyePowerePower_DMC.exe
O4 - HKLM..Run: [boot] C:AcerEmpowering TechnologyePowerBoot.exe
O4 - HKLM..Run: [synTPEnh] C:Program FilesSynapticsSynTPSynTPEnh.exe
O4 - HKLM..Run: [LManager] C:PROGRA~1LAUNCH~1LManager.exe
O4 - HKLM..Run: [ATICCC] "C:Program FilesATI TechnologiesATI.ACECLIStart.exe"
O4 - HKLM..Run: [eRecoveryService] C:AcerEmpowering TechnologyeRecoveryeRAgent.exe
O4 - HKLM..Run: [ccApp] "C:Program FilesCommon FilesSymantec SharedccApp.exe"
O4 - HKLM..Run: [bigDog305] C:WINDOWSVM305_STI.EXE VIMICRO USB PC Camera (ZC0305)
O4 - HKLM..Run: [GrooveMonitor] "C:Program FilesMicrosoft OfficeOffice12GrooveMonitor.exe"
O4 - HKLM..Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM..Run: [QuickTime Task] "C:Program FilesQuickTimeqttask.exe" -atboottime
O4 - HKLM..Run: [symantec PIF AlertEng] "C:Program FilesCommon FilesSymantec SharedPIF{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}PIFSvc.exe" /a /m "C:Program FilesCommon FilesSymantec SharedPIF{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}AlertEng.dll"
O4 - HKLM..Run: [sunJavaUpdateSched] "C:Program FilesJavajre6binjusched.exe"
O4 - HKCU..Run: [ctfmon.exe] C:WINDOWSsystem32ctfmon.exe
O4 - HKCU..Run: [MsnMsgr] "C:Program FilesMSN MessengerMsnMsgr.Exe" /background
O4 - HKCU..Run: [swg] C:Program FilesGoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe
O4 - HKUSS-1-5-18..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User 'SYSTEM')
O4 - HKUSS-1-5-18..Run: [Picasa Media Detector] C:Program FilesPicasa2PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS.DEFAULT..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User 'Default user')
O4 - Global Startup: Acer Empowering Technology.lnk = C:AcerEmpowering TechnologyAcer.Empowering.Framework.Launcher.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: NkbMonitor.exe.lnk = C:Program FilesNikonPictureProjectNkbMonitor.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:Program FilesAdobeAcrobat 7.0Readerreader_sl.exe
O8 - Extra context menu item: &Windows Live Search - res://C:Program FilesWindows Live Toolbarmsntb.dll/search.htm
O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:PROGRA~1MICROS~2Office12EXCEL.EXE/3000
O8 - Extra context menu item: Skicka till &Bluetooth-enhet... - c:Program FilesWIDCOMMBluetooth Softwarebtsendto_ie_ctx.htm
O8 - Extra context menu item: Öppna på ny flik i bakgrunden - res://C:Program FilesWindows Live ToolbarComponentssv-semsntabres.dll.mui/229?8543bdd187e14a409a4bce25c896c274
O8 - Extra context menu item: Öppna på ny flik i förgrunden - res://C:Program FilesWindows Live ToolbarComponentssv-semsntabres.dll.mui/230?8543bdd187e14a409a4bce25c896c274
O9 - Extra button: Skicka till OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:PROGRA~1MICROS~2Office12ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Ski&cka till OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:PROGRA~1MICROS~2Office12ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:PROGRA~1MICROS~2Office12REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:Program FilesMicrosoft OfficeOffice12GrooveSystemServices.dll
O23 - Service: Memory Check Service (AcerMemUsageCheckService) - Acer Inc. - C:AcerEmpowering TechnologyePerformanceMemCheck.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:WINDOWSsystem32Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:Program FilesSymantecLiveUpdateALUSchedulerSvc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - c:Program FilesWIDCOMMBluetooth Softwarebinbtwdins.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:Program FilesCommon FilesSymantec SharedccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:Program FilesCommon FilesSymantec SharedccSetMgr.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:Program FilesGoogleCommonGoogle UpdaterGoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:Program FilesCommon FilesInstallShieldDriver11Intel 32IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:Program FilesJavajre6binjqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:Program FilesCommon FilesLightScribeLSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:PROGRA~1SymantecLIVEUP~1LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:Program FilesCommon FilesSymantec SharedPIF{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}PIFSvc.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:Program FilesNorton AntiVirusnavapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:Program FilesNorton AntiVirusIWPNPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:Program FilesCommon FilesSymantec SharedSecurity ConsoleNSCSRVCE.EXE
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:Program FilesNorton AntiVirusSAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:Program FilesCommon FilesSymantec SharedSNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:Program FilesCommon FilesSymantec SharedSPBBCSPBBCSvc.exe
O23 - Service: Symantec Core LC - Unknown owner - C:Program FilesCommon FilesSymantec SharedCCPD-LCsymlcsvc.exe
--
End of file - 12731 bytes
-
Ja, det var ju lite dumt att det blev så, men men det är inga sura miner.
Jag gjorde som du sa och nedan är den nya varianten:
SmitFraudFix v2.373
Scan done at 15:03:44,68, 2008-11-07
Run from C:Documents and SettingsMattias BergstrmDesktopSmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is FAT32
Fix run in normal mode
»»»»»»»»»»»»»»»»»»»»»»»» Process
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32Ati2evxx.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32Ati2evxx.exe
C:Program FilesCommon FilesSymantec SharedccSetMgr.exe
C:WINDOWSExplorer.EXE
C:Program FilesCommon FilesSymantec SharedccEvtMgr.exe
C:Program FilesCommon FilesSymantec SharedPIF{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}PIFSvc.exe
C:Program FilesCommon FilesSymantec SharedSNDSrvc.exe
C:Program FilesCommon FilesSymantec SharedSPBBCSPBBCSvc.exe
C:Program FilesCommon FilesSymantec SharedCCPD-LCsymlcsvc.exe
C:WINDOWSsystem32spoolsv.exe
C:AcerEmpowering TechnologyePerformanceMemCheck.exe
C:Program FilesSymantecLiveUpdateALUSchedulerSvc.exe
c:Program FilesWIDCOMMBluetooth Softwarebinbtwdins.exe
C:WINDOWSeHomeehRecvr.exe
C:WINDOWSeHomeehSched.exe
C:Program FilesJavajre6binjqs.exe
C:Program FilesCommon FilesLightScribeLSSrvc.exe
C:Program FilesNorton AntiVirusnavapsvc.exe
C:Program FilesNorton AntiVirusIWPNPFMntor.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSsystem32wscntfy.exe
C:WINDOWSsystem32dllhost.exe
C:WINDOWSsystem32wbemwmiapsrv.exe
C:WINDOWSehomeehtray.exe
C:WINDOWSRTHDCPL.EXE
C:WINDOWSeHomeehmsas.exe
C:AcerEmpowering TechnologyeDataSecurityeDSloader.exe
C:AcerEmpowering TechnologyePowerePower_DMC.exe
C:Program FilesSynapticsSynTPSynTPEnh.exe
C:PROGRA~1LAUNCH~1LManager.exe
C:AcerEmpowering TechnologyeRecoveryeRAgent.exe
C:Program FilesCommon FilesSymantec SharedccApp.exe
C:WINDOWSVM305_STI.EXE
C:Program FilesMicrosoft OfficeOffice12GrooveMonitor.exe
C:WINDOWSsystem32rundll32.exe
C:Program FilesQuickTimeqttask.exe
C:Program FilesJavajre6binjusched.exe
C:WINDOWSsystem32ctfmon.exe
C:WINDOWSSystem32svchost.exe
C:Program FilesATI TechnologiesATI.ACECLI.EXE
C:Program FilesMSN MessengerMsnMsgr.Exe
C:Program FilesGoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe
C:Documents and SettingsMattias BergströmApplication DataGooglemupd1_2_12916358.exe
C:AcerEmpowering TechnologyAcer.Empowering.Framework.Launcher.exe
C:WINDOWSsystem32wbemunsecapp.exe
C:Program FilesWIDCOMMBluetooth SoftwareBTTray.exe
C:Program FilesNikonPictureProjectNkbMonitor.exe
C:Program FilesATI TechnologiesATI.ACEcli.exe
C:Program FilesATI TechnologiesATI.ACEcli.exe
C:WINDOWSsystem32wuauclt.exe
C:Program FilesCommon FilesSymantec SharedSecurity ConsoleNSCSRVCE.EXE
C:Program FilesMessengermsmsgs.exe
C:Documents and SettingsMattias BergströmDesktopSmitfraudFixPolicies.exe
C:WINDOWSsystem32cmd.exe
»»»»»»»»»»»»»»»»»»»»»»»» hosts
»»»»»»»»»»»»»»»»»»»»»»»» C:
»»»»»»»»»»»»»»»»»»»»»»»» C:WINDOWS
»»»»»»»»»»»»»»»»»»»»»»»» C:WINDOWSsystem
»»»»»»»»»»»»»»»»»»»»»»»» C:WINDOWSWeb
»»»»»»»»»»»»»»»»»»»»»»»» C:WINDOWSsystem32
»»»»»»»»»»»»»»»»»»»»»»»» C:WINDOWSsystem32LogFiles
»»»»»»»»»»»»»»»»»»»»»»»» C:Documents and SettingsMattias Bergstrm
»»»»»»»»»»»»»»»»»»»»»»»» C:DOCUME~1MATTIA~1LOCALS~1Temp
»»»»»»»»»»»»»»»»»»»»»»»» C:Documents and SettingsMattias BergstrmApplication Data
»»»»»»»»»»»»»»»»»»»»»»»» Start Menu
»»»»»»»»»»»»»»»»»»»»»»»» C:DOCUME~1MATTIA~1FAVORI~1
»»»»»»»»»»»»»»»»»»»»»»»» Desktop
»»»»»»»»»»»»»»»»»»»»»»»» C:Program Files
»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys
»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components
»»»»»»»»»»»»»»»»»»»»»»»» o4Patch
!!!Attention, following keys are not inevitably infected!!!
o4Patch
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, following keys are not inevitably infected!!!
IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, following keys are not inevitably infected!!!
VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
!!!Attention, following keys are not inevitably infected!!!
404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWindows]
"AppInit_DLLs"=""
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogon]
"Userinit"="C:WINDOWSsystem32userinit.exe,"
"System"=""
»»»»»»»»»»»»»»»»»»»»»»»» RK
»»»»»»»»»»»»»»»»»»»»»»»» DNS
Description: Atheros AR5005G Wireless Network Adapter - Packet Scheduler Miniport
DNS Server Search Order: 192.168.1.1
HKLMSYSTEMCCSServicesTcpip..{E95BFD27-4B33-4642-97EA-536DEE4604EB}: DhcpNameServer=192.168.1.1
HKLMSYSTEMCS1ServicesTcpip..{E95BFD27-4B33-4642-97EA-536DEE4604EB}: DhcpNameServer=192.168.1.1
HKLMSYSTEMCS2ServicesTcpip..{E95BFD27-4B33-4642-97EA-536DEE4604EB}: DhcpNameServer=192.168.1.1
HKLMSYSTEMCCSServicesTcpipParameters: DhcpNameServer=192.168.1.1
HKLMSYSTEMCS1ServicesTcpipParameters: DhcpNameServer=192.168.1.1
HKLMSYSTEMCS2ServicesTcpipParameters: DhcpNameServer=192.168.1.1
»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection
»»»»»»»»»»»»»»»»»»»»»»»» End
-
Och nu senaste TM HJT-loggen:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:48:15, on 2008-11-07
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32Ati2evxx.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32Ati2evxx.exe
C:Program FilesCommon FilesSymantec SharedccSetMgr.exe
C:WINDOWSExplorer.EXE
C:Program FilesCommon FilesSymantec SharedccEvtMgr.exe
C:Program FilesCommon FilesSymantec SharedPIF{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}PIFSvc.exe
C:Program FilesCommon FilesSymantec SharedSNDSrvc.exe
C:Program FilesCommon FilesSymantec SharedSPBBCSPBBCSvc.exe
C:Program FilesCommon FilesSymantec SharedCCPD-LCsymlcsvc.exe
C:WINDOWSsystem32spoolsv.exe
C:AcerEmpowering TechnologyePerformanceMemCheck.exe
C:Program FilesSymantecLiveUpdateALUSchedulerSvc.exe
c:Program FilesWIDCOMMBluetooth Softwarebinbtwdins.exe
C:WINDOWSeHomeehRecvr.exe
C:WINDOWSeHomeehSched.exe
C:Program FilesJavajre6binjqs.exe
C:Program FilesCommon FilesLightScribeLSSrvc.exe
C:Program FilesNorton AntiVirusnavapsvc.exe
C:Program FilesNorton AntiVirusIWPNPFMntor.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSsystem32wscntfy.exe
C:WINDOWSsystem32dllhost.exe
C:WINDOWSsystem32wbemwmiapsrv.exe
C:WINDOWSehomeehtray.exe
C:WINDOWSRTHDCPL.EXE
C:WINDOWSeHomeehmsas.exe
C:AcerEmpowering TechnologyeDataSecurityeDSloader.exe
C:AcerEmpowering TechnologyePowerePower_DMC.exe
C:Program FilesSynapticsSynTPSynTPEnh.exe
C:PROGRA~1LAUNCH~1LManager.exe
C:AcerEmpowering TechnologyeRecoveryeRAgent.exe
C:Program FilesCommon FilesSymantec SharedccApp.exe
C:WINDOWSVM305_STI.EXE
C:Program FilesMicrosoft OfficeOffice12GrooveMonitor.exe
C:WINDOWSsystem32rundll32.exe
C:Program FilesQuickTimeqttask.exe
C:Program FilesJavajre6binjusched.exe
C:WINDOWSsystem32ctfmon.exe
C:WINDOWSSystem32svchost.exe
C:Program FilesATI TechnologiesATI.ACECLI.EXE
C:Program FilesMSN MessengerMsnMsgr.Exe
C:Program FilesGoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe
C:Documents and SettingsMattias BergströmApplication DataGooglemupd1_2_12916358.exe
C:AcerEmpowering TechnologyAcer.Empowering.Framework.Launcher.exe
C:WINDOWSsystem32wbemunsecapp.exe
C:Program FilesWIDCOMMBluetooth SoftwareBTTray.exe
C:Program FilesNikonPictureProjectNkbMonitor.exe
C:Program FilesATI TechnologiesATI.ACEcli.exe
C:Program FilesATI TechnologiesATI.ACEcli.exe
C:WINDOWSsystem32wuauclt.exe
C:Program FilesCommon FilesSymantec SharedSecurity ConsoleNSCSRVCE.EXE
C:Program FilesMessengermsmsgs.exe
C:Program FilesTrend MicroHijackThislinus.exe
R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.hotmail.com/
R1 - HKCUSoftwareMicrosoftInternet Connection Wizard,ShellNext = http://sv.intl.acer.yahoo.com/
R1 - HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:Program FilesAdobeAcrobat 7.0ActiveXAcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:Program FilesMicrosoft OfficeOffice12GrooveShellExtensions.dll
O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:Program FilesJavajre6binssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:Program FilesCommon FilesMicrosoft SharedWindows LiveWindowsLiveLogin.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:Program FilesNorton AntiVirusNavShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:program filesgooglegoogletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:Program FilesGoogleGoogleToolbarNotifier3.1.807.1746swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:Program FilesWindows Live Toolbarmsntb.dll
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:Program FilesJavajre6binjp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:Program FilesJavajre6libdeployjqsiejqs_plugin.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:WINDOWSsystem32eDStoolbar.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:Program FilesNorton AntiVirusNavShExt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:Program FilesWindows Live Toolbarmsntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:program filesgooglegoogletoolbar3.dll
O4 - HKLM..Run: [ehTray] C:WINDOWSehomeehtray.exe
O4 - HKLM..Run: [AzMixerSel] C:Program FilesRealtekInstallShieldAzMixerSel.exe
O4 - HKLM..Run: [ntiMUI] C:Program FilesNewTech InfosystemsNTI CD & DVD-Maker 7ntiMUI.exe
O4 - HKLM..Run: [Acer ePresentation HPD] C:AcerEmpowering TechnologyePresentationePresentation.exe
O4 - HKLM..Run: [iMJPMIG8.1] "C:WINDOWSIMEimjp8_1IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM..Run: [MSPY2002] C:WINDOWSsystem32IMEPINTLGNTImScInst.exe /SYNC
O4 - HKLM..Run: [PHIME2002ASync] C:WINDOWSsystem32IMETINTLGNTTINTSETP.EXE /SYNC
O4 - HKLM..Run: [PHIME2002A] C:WINDOWSsystem32IMETINTLGNTTINTSETP.EXE /IMEName
O4 - HKLM..Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM..Run: [skyTel] SkyTel.EXE
O4 - HKLM..Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM..Run: [eDataSecurity Loader] C:AcerEmpowering TechnologyeDataSecurityeDSloader.exe 1
O4 - HKLM..Run: [ePower_DMC] C:AcerEmpowering TechnologyePowerePower_DMC.exe
O4 - HKLM..Run: [boot] C:AcerEmpowering TechnologyePowerBoot.exe
O4 - HKLM..Run: [synTPEnh] C:Program FilesSynapticsSynTPSynTPEnh.exe
O4 - HKLM..Run: [LManager] C:PROGRA~1LAUNCH~1LManager.exe
O4 - HKLM..Run: [ATICCC] "C:Program FilesATI TechnologiesATI.ACECLIStart.exe"
O4 - HKLM..Run: [eRecoveryService] C:AcerEmpowering TechnologyeRecoveryeRAgent.exe
O4 - HKLM..Run: [ccApp] "C:Program FilesCommon FilesSymantec SharedccApp.exe"
O4 - HKLM..Run: [bigDog305] C:WINDOWSVM305_STI.EXE VIMICRO USB PC Camera (ZC0305)
O4 - HKLM..Run: [GrooveMonitor] "C:Program FilesMicrosoft OfficeOffice12GrooveMonitor.exe"
O4 - HKLM..Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM..Run: [QuickTime Task] "C:Program FilesQuickTimeqttask.exe" -atboottime
O4 - HKLM..Run: [symantec PIF AlertEng] "C:Program FilesCommon FilesSymantec SharedPIF{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}PIFSvc.exe" /a /m "C:Program FilesCommon FilesSymantec SharedPIF{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}AlertEng.dll"
O4 - HKLM..Run: [sunJavaUpdateSched] "C:Program FilesJavajre6binjusched.exe"
O4 - HKCU..Run: [ctfmon.exe] C:WINDOWSsystem32ctfmon.exe
O4 - HKCU..Run: [MsnMsgr] "C:Program FilesMSN MessengerMsnMsgr.Exe" /background
O4 - HKCU..Run: [swg] C:Program FilesGoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe
O4 - HKCU..Run: [asus32] "C:Documents and SettingsMattias BergströmApplication DataGooglemupd1_2_12916358.exe"
O4 - HKUSS-1-5-18..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User 'SYSTEM')
O4 - HKUSS-1-5-18..Run: [Picasa Media Detector] C:Program FilesPicasa2PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS.DEFAULT..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User 'Default user')
O4 - Global Startup: Acer Empowering Technology.lnk = C:AcerEmpowering TechnologyAcer.Empowering.Framework.Launcher.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: NkbMonitor.exe.lnk = C:Program FilesNikonPictureProjectNkbMonitor.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:Program FilesAdobeAcrobat 7.0Readerreader_sl.exe
O8 - Extra context menu item: &Windows Live Search - res://C:Program FilesWindows Live Toolbarmsntb.dll/search.htm
O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:PROGRA~1MICROS~2Office12EXCEL.EXE/3000
O8 - Extra context menu item: Skicka till &Bluetooth-enhet... - c:Program FilesWIDCOMMBluetooth Softwarebtsendto_ie_ctx.htm
O8 - Extra context menu item: Öppna på ny flik i bakgrunden - res://C:Program FilesWindows Live ToolbarComponentssv-semsntabres.dll.mui/229?8543bdd187e14a409a4bce25c896c274
O8 - Extra context menu item: Öppna på ny flik i förgrunden - res://C:Program FilesWindows Live ToolbarComponentssv-semsntabres.dll.mui/230?8543bdd187e14a409a4bce25c896c274
O9 - Extra button: Skicka till OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:PROGRA~1MICROS~2Office12ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Ski&cka till OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:PROGRA~1MICROS~2Office12ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:PROGRA~1MICROS~2Office12REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:Program FilesMicrosoft OfficeOffice12GrooveSystemServices.dll
O23 - Service: Memory Check Service (AcerMemUsageCheckService) - Acer Inc. - C:AcerEmpowering TechnologyePerformanceMemCheck.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:WINDOWSsystem32Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:Program FilesSymantecLiveUpdateALUSchedulerSvc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - c:Program FilesWIDCOMMBluetooth Softwarebinbtwdins.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:Program FilesCommon FilesSymantec SharedccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:Program FilesCommon FilesSymantec SharedccSetMgr.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:Program FilesGoogleCommonGoogle UpdaterGoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:Program FilesCommon FilesInstallShieldDriver11Intel 32IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:Program FilesJavajre6binjqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:Program FilesCommon FilesLightScribeLSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:PROGRA~1SymantecLIVEUP~1LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:Program FilesCommon FilesSymantec SharedPIF{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}PIFSvc.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:Program FilesNorton AntiVirusnavapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:Program FilesNorton AntiVirusIWPNPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:Program FilesCommon FilesSymantec SharedSecurity ConsoleNSCSRVCE.EXE
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:Program FilesNorton AntiVirusSAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:Program FilesCommon FilesSymantec SharedSNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:Program FilesCommon FilesSymantec SharedSPBBCSPBBCSvc.exe
O23 - Service: Symantec Core LC - Unknown owner - C:Program FilesCommon FilesSymantec SharedCCPD-LCsymlcsvc.exe
--
End of file - 12940 bytes
-
Hej,
Förlåt jag varit frånvarande så länge utan skrivit ngt, eller ens tackat ordentligt. Min vän kom hem och stack med datorn igen ett bra tag. Nu är han dock tillbaka å säger att datorn fortfarande buggar lite.
Så då fick jag tillbaka den för att försöka lösa det, så nu ber jag om hjälp igen. Jag har läst igenom tråden och i det senaste inlägget fick jag lite fler instruktioner jag aldrig kunde slutfölja. Men nu har jag
fixat och gjort en SmittFraudFix-logga som jag klistrar in nedan. Jag har oxå frågat om yahoo och min polare har inget minne av att installerat ngt sådant.
Jag har även gjort en TM HJT-log som jag klistrar in.
Ett problem med datorn säger min polare är att en windows security alert ruta ständigt kommer upp med en varningstext. I den står det: Do you want to block this suspicious software?
Name: Trojan-Keylogger Win32 Fung
Risk level: High
Description: Fung is a spyware program that records Keystrokes and take screen shots of the computer, stealing personal financial information
Är tacksam för all hjälp jag kan få.
Mvh, L
Först SmittfraudFix-log:
SmitFraudFix v2.366
Scan done at 10:58:41,46, 2008-11-07
Run from C:Documents and SettingsMattias BergstrmDesktopDatorFixSmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is FAT32
Fix run in normal mode
»»»»»»»»»»»»»»»»»»»»»»»» Process
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32Ati2evxx.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32Ati2evxx.exe
C:Program FilesCommon FilesSymantec SharedccSetMgr.exe
C:WINDOWSExplorer.EXE
C:Program FilesCommon FilesSymantec SharedccEvtMgr.exe
C:Program FilesCommon FilesSymantec SharedPIF{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}PIFSvc.exe
C:Program FilesCommon FilesSymantec SharedSNDSrvc.exe
C:Program FilesCommon FilesSymantec SharedSPBBCSPBBCSvc.exe
C:Program FilesCommon FilesSymantec SharedCCPD-LCsymlcsvc.exe
C:WINDOWSsystem32spoolsv.exe
C:AcerEmpowering TechnologyePerformanceMemCheck.exe
C:Program FilesSymantecLiveUpdateALUSchedulerSvc.exe
c:Program FilesWIDCOMMBluetooth Softwarebinbtwdins.exe
C:WINDOWSeHomeehRecvr.exe
C:WINDOWSeHomeehSched.exe
C:Program FilesJavajre6binjqs.exe
C:Program FilesCommon FilesLightScribeLSSrvc.exe
C:Program FilesNorton AntiVirusnavapsvc.exe
C:Program FilesNorton AntiVirusIWPNPFMntor.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSsystem32wscntfy.exe
C:WINDOWSsystem32dllhost.exe
C:WINDOWSsystem32wbemwmiapsrv.exe
C:WINDOWSehomeehtray.exe
C:WINDOWSeHomeehmsas.exe
C:WINDOWSRTHDCPL.EXE
C:AcerEmpowering TechnologyeDataSecurityeDSloader.exe
C:AcerEmpowering TechnologyePowerePower_DMC.exe
C:Program FilesSynapticsSynTPSynTPEnh.exe
C:PROGRA~1LAUNCH~1LManager.exe
C:AcerEmpowering TechnologyeRecoveryeRAgent.exe
C:Program FilesCommon FilesSymantec SharedccApp.exe
C:WINDOWSVM305_STI.EXE
C:Program FilesMicrosoft OfficeOffice12GrooveMonitor.exe
C:WINDOWSsystem32rundll32.exe
C:Program FilesATI TechnologiesATI.ACECLI.EXE
C:Program FilesQuickTimeqttask.exe
C:Program FilesJavajre6binjusched.exe
C:WINDOWSsystem32ctfmon.exe
C:WINDOWSSystem32svchost.exe
C:Program FilesMSN MessengerMsnMsgr.Exe
C:Program FilesGoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe
C:WINDOWSsystem32driverssvchost.exe
C:Documents and SettingsMattias BergströmApplication DataGooglemupd1_2_12916358.exe
C:WINDOWSsystem32wbemunsecapp.exe
C:AcerEmpowering TechnologyAcer.Empowering.Framework.Launcher.exe
C:Program FilesWIDCOMMBluetooth SoftwareBTTray.exe
C:Program FilesNikonPictureProjectNkbMonitor.exe
C:WINDOWSsystem32wuauclt.exe
C:Program FilesATI TechnologiesATI.ACEcli.exe
C:Program FilesATI TechnologiesATI.ACEcli.exe
C:Program FilesCommon FilesSymantec SharedSecurity ConsoleNSCSRVCE.EXE
C:Program FilesWindows Media Playerwmplayer.exe
C:Program FilesInternet Exploreriexplore.exe
C:Program FilesCommon FilesMicrosoft SharedWindows LiveWLLoginProxy.exe
C:Program FilesMessengermsmsgs.exe
C:Documents and SettingsMattias BergströmDesktopDatorFixSmitfraudFixPolicies.exe
C:WINDOWSsystem32cmd.exe
»»»»»»»»»»»»»»»»»»»»»»»» hosts
»»»»»»»»»»»»»»»»»»»»»»»» C:
»»»»»»»»»»»»»»»»»»»»»»»» C:WINDOWS
»»»»»»»»»»»»»»»»»»»»»»»» C:WINDOWSsystem
»»»»»»»»»»»»»»»»»»»»»»»» C:WINDOWSWeb
»»»»»»»»»»»»»»»»»»»»»»»» C:WINDOWSsystem32
C:WINDOWSsystem32driverssvchost.exe FOUND !
»»»»»»»»»»»»»»»»»»»»»»»» C:WINDOWSsystem32LogFiles
»»»»»»»»»»»»»»»»»»»»»»»» C:Documents and SettingsMattias Bergstrm
»»»»»»»»»»»»»»»»»»»»»»»» C:Documents and SettingsMattias BergstrmApplication Data
»»»»»»»»»»»»»»»»»»»»»»»» Start Menu
»»»»»»»»»»»»»»»»»»»»»»»» C:DOCUME~1MATTIA~1FAVORI~1
»»»»»»»»»»»»»»»»»»»»»»»» Desktop
»»»»»»»»»»»»»»»»»»»»»»»» C:Program Files
»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys
»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components
»»»»»»»»»»»»»»»»»»»»»»»» o4Patch
!!!Attention, following keys are not inevitably infected!!!
o4Patch
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, following keys are not inevitably infected!!!
IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, following keys are not inevitably infected!!!
VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
!!!Attention, following keys are not inevitably infected!!!
404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» AntiXPVSTFix
!!!Attention, following keys are not inevitably infected!!!
AntiXPVSTFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWindows]
"AppInit_DLLs"=""
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogon]
"Userinit"="C:WINDOWSsystem32userinit.exe,"
"System"=""
»»»»»»»»»»»»»»»»»»»»»»»» RK
»»»»»»»»»»»»»»»»»»»»»»»» DNS
Description: Atheros AR5005G Wireless Network Adapter - Packet Scheduler Miniport
DNS Server Search Order: 192.168.1.1
HKLMSYSTEMCCSServicesTcpip..{E95BFD27-4B33-4642-97EA-536DEE4604EB}: DhcpNameServer=192.168.1.1
HKLMSYSTEMCS1ServicesTcpip..{E95BFD27-4B33-4642-97EA-536DEE4604EB}: DhcpNameServer=192.168.1.1
HKLMSYSTEMCS2ServicesTcpip..{E95BFD27-4B33-4642-97EA-536DEE4604EB}: DhcpNameServer=192.168.1.1
HKLMSYSTEMCCSServicesTcpipParameters: DhcpNameServer=192.168.1.1
HKLMSYSTEMCS1ServicesTcpipParameters: DhcpNameServer=192.168.1.1
HKLMSYSTEMCS2ServicesTcpipParameters: DhcpNameServer=192.168.1.1
»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection
»»»»»»»»»»»»»»»»»»»»»»»» End
-
Hej igen,
Nu har jag försökt dela upp SmitFraud-loggen men det skulle bli sjukt mga inlägg. Jag improviserar
lite och tar bara med första och sista delen, för där emellan är det bara en jättemga rader
: 127.0.0.1 www.00hq.com
SmitFraudFix v2.366
Scan done at 16:55:54,95, 2008-10-27
Run from D:SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is FAT32
Fix run in safe mode
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» Killing process
»»»»»»»»»»»»»»»»»»»»»»»» hosts
127.0.0.1 localhost
127.0.0.1 www.007guard.com
..........
..
127.0.0.1 zxlinks.com
127.0.0.1 www.zxlinks.com
127.0.0.1 zyban-zocor-levitra.com
»»»»»»»»»»»»»»»»»»»»»»»» VACFix
VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix
S!Ri's WS2Fix: LSP not Found.
»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix
GenericRenosFix by S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files
»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» AntiXPVSTFix
AntiXPVSTFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» RK
»»»»»»»»»»»»»»»»»»»»»»»» DNS
HKLMSYSTEMCCSServicesTcpip..{9110DABF-D8FC-44B7-9484-A7720D4FA007}: DhcpNameServer=192.168.1.1
HKLMSYSTEMCS1ServicesTcpip..{9110DABF-D8FC-44B7-9484-A7720D4FA007}: DhcpNameServer=192.168.1.1
HKLMSYSTEMCS2ServicesTcpip..{9110DABF-D8FC-44B7-9484-A7720D4FA007}: DhcpNameServer=192.168.1.1
HKLMSYSTEMCCSServicesTcpipParameters: DhcpNameServer=192.168.1.1
HKLMSYSTEMCS1ServicesTcpipParameters: DhcpNameServer=192.168.1.1
HKLMSYSTEMCS2ServicesTcpipParameters: DhcpNameServer=192.168.1.1
»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogon]
"System"=""
»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning
Registry Cleaning done.
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» End
-
HiJackThis-loggen:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:19:46, on 2008-10-27
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32Ati2evxx.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32Ati2evxx.exe
C:Program FilesCommon FilesSymantec SharedccSetMgr.exe
C:WINDOWSExplorer.EXE
C:Program FilesCommon FilesSymantec SharedccEvtMgr.exe
C:Program FilesCommon FilesSymantec SharedPIF{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}PIFSvc.exe
C:Program FilesCommon FilesSymantec SharedSNDSrvc.exe
C:Program FilesCommon FilesSymantec SharedSPBBCSPBBCSvc.exe
C:Program FilesCommon FilesSymantec SharedCCPD-LCsymlcsvc.exe
C:WINDOWSsystem32spoolsv.exe
C:AcerEmpowering TechnologyePerformanceMemCheck.exe
C:Program FilesSymantecLiveUpdateALUSchedulerSvc.exe
c:Program FilesWIDCOMMBluetooth Softwarebinbtwdins.exe
C:WINDOWSeHomeehRecvr.exe
C:WINDOWSeHomeehSched.exe
C:Program FilesJavajre6binjqs.exe
C:Program FilesCommon FilesLightScribeLSSrvc.exe
C:Program FilesNorton AntiVirusnavapsvc.exe
C:Program FilesNorton AntiVirusIWPNPFMntor.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSsystem32wbemwmiapsrv.exe
C:WINDOWSsystem32wscntfy.exe
C:WINDOWSsystem32dllhost.exe
C:WINDOWSsystem32ctfmon.exe
C:WINDOWSehomeehtray.exe
C:WINDOWSeHomeehmsas.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSRTHDCPL.EXE
C:WINDOWSsystem32wuauclt.exe
C:AcerEmpowering TechnologyeDataSecurityeDSloader.exe
C:AcerEmpowering TechnologyePowerePower_DMC.exe
C:Program FilesSynapticsSynTPSynTPEnh.exe
C:PROGRA~1LAUNCH~1LManager.exe
C:AcerEmpowering TechnologyeRecoveryeRAgent.exe
C:Program FilesCommon FilesSymantec SharedccApp.exe
C:WINDOWSVM305_STI.EXE
C:Program FilesMicrosoft OfficeOffice12GrooveMonitor.exe
C:WINDOWSsystem32rundll32.exe
C:Program FilesATI TechnologiesATI.ACECLI.EXE
C:Program FilesJavajre6binjusched.exe
C:Program FilesGoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe
C:WINDOWSsystem32wbemunsecapp.exe
C:AcerEmpowering TechnologyAcer.Empowering.Framework.Launcher.exe
C:Program FilesWIDCOMMBluetooth SoftwareBTTray.exe
C:Program FilesNikonPictureProjectNkbMonitor.exe
C:Program FilesATI TechnologiesATI.ACEcli.exe
C:Program FilesATI TechnologiesATI.ACEcli.exe
C:Program FilesCommon FilesSymantec SharedSecurity ConsoleNSCSRVCE.EXE
C:Program FilesMessengermsmsgs.exe
C:Program FilesTrend MicroHijackThislinus.exe
R1 - HKCUSoftwareMicrosoftInternet Connection Wizard,ShellNext = http://sv.intl.acer.yahoo.com/
R1 - HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:Program FilesAdobeAcrobat 7.0ActiveXAcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:Program FilesMicrosoft OfficeOffice12GrooveShellExtensions.dll
O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:Program FilesJavajre6binssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:Program FilesCommon FilesMicrosoft SharedWindows LiveWindowsLiveLogin.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:Program FilesNorton AntiVirusNavShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:program filesgooglegoogletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:Program FilesGoogleGoogleToolbarNotifier3.1.807.1746swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:Program FilesWindows Live Toolbarmsntb.dll
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:Program FilesJavajre6binjp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:Program FilesJavajre6libdeployjqsiejqs_plugin.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:WINDOWSsystem32eDStoolbar.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:Program FilesNorton AntiVirusNavShExt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:Program FilesWindows Live Toolbarmsntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:program filesgooglegoogletoolbar3.dll
O4 - HKLM..Run: [ehTray] C:WINDOWSehomeehtray.exe
O4 - HKLM..Run: [AzMixerSel] C:Program FilesRealtekInstallShieldAzMixerSel.exe
O4 - HKLM..Run: [ntiMUI] C:Program FilesNewTech InfosystemsNTI CD & DVD-Maker 7ntiMUI.exe
O4 - HKLM..Run: [Acer ePresentation HPD] C:AcerEmpowering TechnologyePresentationePresentation.exe
O4 - HKLM..Run: [iMJPMIG8.1] "C:WINDOWSIMEimjp8_1IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM..Run: [MSPY2002] C:WINDOWSsystem32IMEPINTLGNTImScInst.exe /SYNC
O4 - HKLM..Run: [PHIME2002ASync] C:WINDOWSsystem32IMETINTLGNTTINTSETP.EXE /SYNC
O4 - HKLM..Run: [PHIME2002A] C:WINDOWSsystem32IMETINTLGNTTINTSETP.EXE /IMEName
O4 - HKLM..Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM..Run: [skyTel] SkyTel.EXE
O4 - HKLM..Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM..Run: [eDataSecurity Loader] C:AcerEmpowering TechnologyeDataSecurityeDSloader.exe 1
O4 - HKLM..Run: [ePower_DMC] C:AcerEmpowering TechnologyePowerePower_DMC.exe
O4 - HKLM..Run: [boot] C:AcerEmpowering TechnologyePowerBoot.exe
O4 - HKLM..Run: [synTPEnh] C:Program FilesSynapticsSynTPSynTPEnh.exe
O4 - HKLM..Run: [LManager] C:PROGRA~1LAUNCH~1LManager.exe
O4 - HKLM..Run: [ATICCC] "C:Program FilesATI TechnologiesATI.ACECLIStart.exe"
O4 - HKLM..Run: [eRecoveryService] C:AcerEmpowering TechnologyeRecoveryeRAgent.exe
O4 - HKLM..Run: [ccApp] "C:Program FilesCommon FilesSymantec SharedccApp.exe"
O4 - HKLM..Run: [bigDog305] C:WINDOWSVM305_STI.EXE VIMICRO USB PC Camera (ZC0305)
O4 - HKLM..Run: [GrooveMonitor] "C:Program FilesMicrosoft OfficeOffice12GrooveMonitor.exe"
O4 - HKLM..Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM..Run: [QuickTime Task] "C:Program FilesQuickTimeqttask.exe" -atboottime
O4 - HKLM..Run: [symantec PIF AlertEng] "C:Program FilesCommon FilesSymantec SharedPIF{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}PIFSvc.exe" /a /m "C:Program FilesCommon FilesSymantec SharedPIF{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}AlertEng.dll"
O4 - HKLM..Run: [sunJavaUpdateSched] "C:Program FilesJavajre6binjusched.exe"
O4 - HKCU..Run: [ctfmon.exe] C:WINDOWSsystem32ctfmon.exe
O4 - HKCU..Run: [MsnMsgr] "C:Program FilesMSN MessengerMsnMsgr.Exe" /background
O4 - HKCU..Run: [swg] C:Program FilesGoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe
O4 - HKUSS-1-5-18..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User 'SYSTEM')
O4 - HKUSS-1-5-18..Run: [Picasa Media Detector] C:Program FilesPicasa2PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS.DEFAULT..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User 'Default user')
O4 - Global Startup: Acer Empowering Technology.lnk = C:AcerEmpowering TechnologyAcer.Empowering.Framework.Launcher.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: NkbMonitor.exe.lnk = C:Program FilesNikonPictureProjectNkbMonitor.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:Program FilesAdobeAcrobat 7.0Readerreader_sl.exe
O8 - Extra context menu item: &Windows Live Search - res://C:Program FilesWindows Live Toolbarmsntb.dll/search.htm
O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:PROGRA~1MICROS~2Office12EXCEL.EXE/3000
O8 - Extra context menu item: Skicka till &Bluetooth-enhet... - c:Program FilesWIDCOMMBluetooth Softwarebtsendto_ie_ctx.htm
O8 - Extra context menu item: Öppna på ny flik i bakgrunden - res://C:Program FilesWindows Live ToolbarComponentssv-semsntabres.dll.mui/229?8543bdd187e14a409a4bce25c896c274
O8 - Extra context menu item: Öppna på ny flik i förgrunden - res://C:Program FilesWindows Live ToolbarComponentssv-semsntabres.dll.mui/230?8543bdd187e14a409a4bce25c896c274
O9 - Extra button: Skicka till OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:PROGRA~1MICROS~2Office12ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Ski&cka till OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:PROGRA~1MICROS~2Office12ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:PROGRA~1MICROS~2Office12REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:Program FilesMicrosoft OfficeOffice12GrooveSystemServices.dll
O23 - Service: Memory Check Service (AcerMemUsageCheckService) - Acer Inc. - C:AcerEmpowering TechnologyePerformanceMemCheck.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:WINDOWSsystem32Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:Program FilesSymantecLiveUpdateALUSchedulerSvc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - c:Program FilesWIDCOMMBluetooth Softwarebinbtwdins.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:Program FilesCommon FilesSymantec SharedccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:Program FilesCommon FilesSymantec SharedccSetMgr.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:Program FilesGoogleCommonGoogle UpdaterGoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:Program FilesCommon FilesInstallShieldDriver11Intel 32IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:Program FilesJavajre6binjqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:Program FilesCommon FilesLightScribeLSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:PROGRA~1SymantecLIVEUP~1LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:Program FilesCommon FilesSymantec SharedPIF{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}PIFSvc.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:Program FilesNorton AntiVirusnavapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:Program FilesNorton AntiVirusIWPNPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:Program FilesCommon FilesSymantec SharedSecurity ConsoleNSCSRVCE.EXE
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:Program FilesNorton AntiVirusSAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:Program FilesCommon FilesSymantec SharedSNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:Program FilesCommon FilesSymantec SharedSPBBCSPBBCSvc.exe
O23 - Service: Symantec Core LC - Unknown owner - C:Program FilesCommon FilesSymantec SharedCCPD-LCsymlcsvc.exe
--
End of file - 12558 bytes
-
SD-fix log:
SDFix: Version 1.238
Run by Mattias on 2008-10-27 at 18:57
Microsoft Windows XP [Version 5.1.2600]
Running From: C:SDFix
Checking Services :
Restoring Default Security Values
Restoring Default Hosts File
Rebooting
Checking Files :
Trojan Files Found:
C:Documents and SettingsAll UsersApplication DataMicrosoftNetworkDownloaderqmgr0.dat - Contains Links to Malware Sites! - Deleted
C:Documents and SettingsAll UsersApplication DataMicrosoftNetworkDownloaderqmgr1.dat - Contains Links to Malware Sites! - Deleted
C:Documents and SettingsMattias BergstrmApplication DataAdobecrc.dat - Deleted
C:Documents and SettingsMattias BergstrmApplication DataAdobePlayer.exe.bak - Deleted
C:WINDOWSantiv.exe - Deleted
Removing Temp Files
ADS Check :
Final Check :
catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-27 19:04:53
Windows 5.1.2600 Service Pack 2 FAT NTAPI
scanning hidden processes ...
scanning hidden services ...
scanning hidden autostart entries ...
HKLMSoftwareMicrosoftWindowsCurrentVersionRun
BigDog305 = C:WINDOWSVM305_STI.EXE VIMICRO USB PC Camera (ZC0305)???????????????????0?????????@??????????????
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
Remaining Services :
Authorized Application Key Export:
[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicystandardprofileauthorizedapplicationslist]
"%windir%system32sessmgr.exe"="%windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:Program FilesMessengerMSMSGS.EXE"="C:Program FilesMessengerMSMSGS.EXE:*:Enabled:Windows Messenger"
"C:Program FilesMSN Messengermsncall.exe"="C:Program FilesMSN Messengermsncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"C:Program FilesMicrosoft OfficeOffice12OUTLOOK.EXE"="C:Program FilesMicrosoft OfficeOffice12OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:Program FilesMicrosoft OfficeOffice12GROOVE.EXE"="C:Program FilesMicrosoft OfficeOffice12GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:Program FilesMicrosoft OfficeOffice12ONENOTE.EXE"="C:Program FilesMicrosoft OfficeOffice12ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:Program FilesMSN Messengermsnmsgr.exe"="C:Program FilesMSN Messengermsnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:Program FilesMSN Messengerlivecall.exe"="C:Program FilesMSN Messengerlivecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:Program FilesBonjourmDNSResponder.exe"="C:Program FilesBonjourmDNSResponder.exe:*:Enabled:Bonjour"
[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicydomainprofileauthorizedapplicationslist]
"%windir%system32sessmgr.exe"="%windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:Program FilesMSN Messengermsncall.exe"="C:Program FilesMSN Messengermsncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"C:Program FilesMSN Messengermsnmsgr.exe"="C:Program FilesMSN Messengermsnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:Program FilesMSN Messengerlivecall.exe"="C:Program FilesMSN Messengerlivecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
Remaining Files :
File Backups: - C:SDFixbackupsbackups.zip
Files with Hidden Attributes :
Mon 26 Jun 2006 1,024 ...HR --- "C:WINDOWSsystem32NTICDMK7.dll"
Mon 26 Jun 2006 1,024 ...HR --- "C:WINDOWSsystem32NTIMP3.dll"
Mon 26 Jun 2006 1,024 ...HR --- "C:WINDOWSsystem32NTIMPEG2.dll"
Mon 26 Jun 2006 1,024 ...HR --- "C:WINDOWSsystem32NTIFCD3.dll"
Mon 26 Jun 2006 1,024 ...HR --- "C:WINDOWSsystem32NTIBUN4.dll"
Tue 22 Jan 2008 6,219,320 A..H. --- "C:Program FilesPicasa2setup.exe"
Wed 23 May 2007 23,040 ...H. --- "C:Documents and SettingsMattias BergstrmDesktop~WRL0005.tmp"
Tue 9 Jan 2007 0 A.SH. --- "C:Documents and SettingsAll UsersDRMCacheIndiv01.tmp"
Thu 7 Dec 2006 3,096,576 A..H. --- "C:Documents and SettingsMattias BergstrmApplication DataU3tempLaunchpad Removal.exe"
Finished!
-
Go kväll!
Nu har jag gjort det du sa. Installerat nya Java, enligt instruktionerna,
och kört SDfix och sparat en log.
Jag tror att Issuen som Norton varnar om bara handlar om att det inte är en ny update
som är installerad. Och eftersom det inte är min dator så låter jag det vara tills han kommer hem.
Jag har oxå gjort en ny HJT-log som jag klistrar in nedan. Under den klistrar jag oxå in SDfix-loggen.
Sen försöker jag göra några till inlägg med SmitFraudFix-loggen uppdelad.
Shit, den här datorn kommer ju vara friskare än någonsin efter det här!
Jätte tacksamma hälsningar, L
-
Provar att bifoga Smitfraud Fix-rapporten, men den var för stor så jag delade upp den.
Mvh, Linus
-
Hej igen!
... och tack igen! Nu verkar datorn vara frisk! Du är ju hur grym som helst.
Ikoner mm är tillbaka och det ser bra ut.
...Det kommer iofs fortfarande upp en ruta av Norton nere till höger ibland där det står ngt om 1 issue som need to be fixed. Vet inte om den kom upp tidigare oxå eller om den är ny. Det är en gammal version av Norton, men jag ska snacka med min polare när han kommer hem.
Men jag har gjort ytterligare en HiJack analys, och en SmittfraudFix som jag skulle. Klistra in HJTs filen först:
SMFF-rapporten verkar dock vara för lång. Provar att klistra in den i ett seperat svar.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:11:51, on 2008-10-27
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32Ati2evxx.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32Ati2evxx.exe
C:Program FilesCommon FilesSymantec SharedccSetMgr.exe
C:WINDOWSExplorer.EXE
C:Program FilesCommon FilesSymantec SharedccEvtMgr.exe
C:Program FilesCommon FilesSymantec SharedPIF{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}PIFSvc.exe
C:Program FilesCommon FilesSymantec SharedSNDSrvc.exe
C:Program FilesCommon FilesSymantec SharedSPBBCSPBBCSvc.exe
C:Program FilesCommon FilesSymantec SharedCCPD-LCsymlcsvc.exe
C:WINDOWSsystem32spoolsv.exe
C:AcerEmpowering TechnologyePerformanceMemCheck.exe
C:Program FilesSymantecLiveUpdateALUSchedulerSvc.exe
c:Program FilesWIDCOMMBluetooth Softwarebinbtwdins.exe
C:WINDOWSeHomeehRecvr.exe
C:WINDOWSeHomeehSched.exe
C:Program FilesCommon FilesLightScribeLSSrvc.exe
C:Program FilesNorton AntiVirusnavapsvc.exe
C:Program FilesNorton AntiVirusIWPNPFMntor.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSsystem32wbemwmiapsrv.exe
C:WINDOWSsystem32dllhost.exe
C:WINDOWSsystem32ctfmon.exe
C:WINDOWSehomeehtray.exe
C:WINDOWSeHomeehmsas.exe
C:WINDOWSRTHDCPL.EXE
C:AcerEmpowering TechnologyeDataSecurityeDSloader.exe
C:AcerEmpowering TechnologyePowerePower_DMC.exe
C:Program FilesSynapticsSynTPSynTPEnh.exe
C:PROGRA~1LAUNCH~1LManager.exe
C:AcerEmpowering TechnologyeRecoveryeRAgent.exe
C:Program FilesCommon FilesSymantec SharedccApp.exe
C:WINDOWSVM305_STI.EXE
C:Program FilesJavajre1.6.0_03binjusched.exe
C:Program FilesMicrosoft OfficeOffice12GrooveMonitor.exe
C:WINDOWSsystem32rundll32.exe
C:Program FilesATI TechnologiesATI.ACECLI.EXE
C:Program FilesGoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe
C:Documents and SettingsMattias BergströmApplication DataAdobePlayer.exe
C:WINDOWSsystem32wbemunsecapp.exe
C:AcerEmpowering TechnologyAcer.Empowering.Framework.Launcher.exe
C:Program FilesWIDCOMMBluetooth SoftwareBTTray.exe
C:Program FilesNikonPictureProjectNkbMonitor.exe
C:WINDOWSsystem32wuauclt.exe
C:WINDOWSsystem32wuauclt.exe
C:Program FilesATI TechnologiesATI.ACEcli.exe
C:Program FilesATI TechnologiesATI.ACEcli.exe
C:Program FilesCommon FilesSymantec SharedSecurity ConsoleNSCSRVCE.EXE
C:Program FilesMessengermsmsgs.exe
C:Program FilesTrend MicroHijackThislinus.exe
R1 - HKCUSoftwareMicrosoftInternet Connection Wizard,ShellNext = http://sv.intl.acer.yahoo.com/
R1 - HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:Program FilesAdobeAcrobat 7.0ActiveXAcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:Program FilesMicrosoft OfficeOffice12GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:Program FilesJavajre1.6.0_03binssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:Program FilesCommon FilesMicrosoft SharedWindows LiveWindowsLiveLogin.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:Program FilesNorton AntiVirusNavShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:program filesgooglegoogletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:Program FilesGoogleGoogleToolbarNotifier3.1.807.1746swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:Program FilesWindows Live Toolbarmsntb.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:WINDOWSsystem32eDStoolbar.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:Program FilesNorton AntiVirusNavShExt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:Program FilesWindows Live Toolbarmsntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:program filesgooglegoogletoolbar3.dll
O4 - HKLM..Run: [ehTray] C:WINDOWSehomeehtray.exe
O4 - HKLM..Run: [AzMixerSel] C:Program FilesRealtekInstallShieldAzMixerSel.exe
O4 - HKLM..Run: [ntiMUI] C:Program FilesNewTech InfosystemsNTI CD & DVD-Maker 7ntiMUI.exe
O4 - HKLM..Run: [Acer ePresentation HPD] C:AcerEmpowering TechnologyePresentationePresentation.exe
O4 - HKLM..Run: [iMJPMIG8.1] "C:WINDOWSIMEimjp8_1IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM..Run: [MSPY2002] C:WINDOWSsystem32IMEPINTLGNTImScInst.exe /SYNC
O4 - HKLM..Run: [PHIME2002ASync] C:WINDOWSsystem32IMETINTLGNTTINTSETP.EXE /SYNC
O4 - HKLM..Run: [PHIME2002A] C:WINDOWSsystem32IMETINTLGNTTINTSETP.EXE /IMEName
O4 - HKLM..Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM..Run: [skyTel] SkyTel.EXE
O4 - HKLM..Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM..Run: [eDataSecurity Loader] C:AcerEmpowering TechnologyeDataSecurityeDSloader.exe 1
O4 - HKLM..Run: [ePower_DMC] C:AcerEmpowering TechnologyePowerePower_DMC.exe
O4 - HKLM..Run: [boot] C:AcerEmpowering TechnologyePowerBoot.exe
O4 - HKLM..Run: [synTPEnh] C:Program FilesSynapticsSynTPSynTPEnh.exe
O4 - HKLM..Run: [LManager] C:PROGRA~1LAUNCH~1LManager.exe
O4 - HKLM..Run: [ATICCC] "C:Program FilesATI TechnologiesATI.ACECLIStart.exe"
O4 - HKLM..Run: [eRecoveryService] C:AcerEmpowering TechnologyeRecoveryeRAgent.exe
O4 - HKLM..Run: [ccApp] "C:Program FilesCommon FilesSymantec SharedccApp.exe"
O4 - HKLM..Run: [bigDog305] C:WINDOWSVM305_STI.EXE VIMICRO USB PC Camera (ZC0305)
O4 - HKLM..Run: [sunJavaUpdateSched] "C:Program FilesJavajre1.6.0_03binjusched.exe"
O4 - HKLM..Run: [GrooveMonitor] "C:Program FilesMicrosoft OfficeOffice12GrooveMonitor.exe"
O4 - HKLM..Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM..Run: [QuickTime Task] "C:Program FilesQuickTimeqttask.exe" -atboottime
O4 - HKLM..Run: [symantec PIF AlertEng] "C:Program FilesCommon FilesSymantec SharedPIF{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}PIFSvc.exe" /a /m "C:Program FilesCommon FilesSymantec SharedPIF{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}AlertEng.dll"
O4 - HKCU..Run: [ctfmon.exe] C:WINDOWSsystem32ctfmon.exe
O4 - HKCU..Run: [MsnMsgr] "C:Program FilesMSN MessengerMsnMsgr.Exe" /background
O4 - HKCU..Run: [swg] C:Program FilesGoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe
O4 - HKCU..Run: [Player] C:Documents and SettingsMattias BergströmApplication DataAdobePlayer.exe
O4 - HKUSS-1-5-18..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User 'SYSTEM')
O4 - HKUSS-1-5-18..Run: [Picasa Media Detector] C:Program FilesPicasa2PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS.DEFAULT..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User 'Default user')
O4 - Global Startup: Acer Empowering Technology.lnk = C:AcerEmpowering TechnologyAcer.Empowering.Framework.Launcher.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: NkbMonitor.exe.lnk = C:Program FilesNikonPictureProjectNkbMonitor.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:Program FilesAdobeAcrobat 7.0Readerreader_sl.exe
O8 - Extra context menu item: &Windows Live Search - res://C:Program FilesWindows Live Toolbarmsntb.dll/search.htm
O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:PROGRA~1MICROS~2Office12EXCEL.EXE/3000
O8 - Extra context menu item: Skicka till &Bluetooth-enhet... - c:Program FilesWIDCOMMBluetooth Softwarebtsendto_ie_ctx.htm
O8 - Extra context menu item: Öppna på ny flik i bakgrunden - res://C:Program FilesWindows Live ToolbarComponentssv-semsntabres.dll.mui/229?8543bdd187e14a409a4bce25c896c274
O8 - Extra context menu item: Öppna på ny flik i förgrunden - res://C:Program FilesWindows Live ToolbarComponentssv-semsntabres.dll.mui/230?8543bdd187e14a409a4bce25c896c274
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavajre1.6.0_03binssv.dll
O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavajre1.6.0_03binssv.dll
O9 - Extra button: Skicka till OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:PROGRA~1MICROS~2Office12ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Ski&cka till OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:PROGRA~1MICROS~2Office12ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:PROGRA~1MICROS~2Office12REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:Program FilesMicrosoft OfficeOffice12GrooveSystemServices.dll
O23 - Service: Memory Check Service (AcerMemUsageCheckService) - Acer Inc. - C:AcerEmpowering TechnologyePerformanceMemCheck.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:WINDOWSsystem32Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:Program FilesSymantecLiveUpdateALUSchedulerSvc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - c:Program FilesWIDCOMMBluetooth Softwarebinbtwdins.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:Program FilesCommon FilesSymantec SharedccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:Program FilesCommon FilesSymantec SharedccSetMgr.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:Program FilesGoogleCommonGoogle UpdaterGoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:Program FilesCommon FilesInstallShieldDriver11Intel 32IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:Program FilesCommon FilesLightScribeLSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:PROGRA~1SymantecLIVEUP~1LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:Program FilesCommon FilesSymantec SharedPIF{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}PIFSvc.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:Program FilesNorton AntiVirusnavapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:Program FilesNorton AntiVirusIWPNPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:Program FilesCommon FilesSymantec SharedSecurity ConsoleNSCSRVCE.EXE
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:Program FilesNorton AntiVirusSAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:Program FilesCommon FilesSymantec SharedSNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:Program FilesCommon FilesSymantec SharedSPBBCSPBBCSvc.exe
O23 - Service: Symantec Core LC - Unknown owner - C:Program FilesCommon FilesSymantec SharedCCPD-LCsymlcsvc.exe
--
End of file - 12543 bytes
__________________________________
-
Okej, tänkte nästan det var nått sånt.
Så nu har jag kört smittfraudFix. Och loggen är längst ner.
Men jag tror oxå jag gjort ngt dumt. Eller inte.
Men jag tänkte inte på "OBS: VIKTIGT: Kör INTE några andra allternativ förrän du blir tillbedd att görMena så!" ... utan installerade anti-malware-proget som jag innan såg du rekommenderat till ngn annan, och körde det. Och det hittade en massa krafs som jag sen tog bort. Var det dumt? Jag fick tillbaka min startmeny iaf och aktivitetshanterare!
Kanske är jag botat`?
Loggen iaf:
SmitFraudFix v2.366
Scan done at 12:45:08,73, 2008-10-26
Run from D:SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is FAT32
Fix run in normal mode
»»»»»»»»»»»»»»»»»»»»»»»» Process
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32Ati2evxx.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32Ati2evxx.exe
C:Program FilesCommon FilesSymantec SharedccSetMgr.exe
C:WINDOWSExplorer.EXE
C:Program FilesCommon FilesSymantec SharedccEvtMgr.exe
C:Program FilesCommon FilesSymantec SharedPIF{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}PIFSvc.exe
C:Program FilesCommon FilesSymantec SharedSNDSrvc.exe
C:Program FilesCommon FilesSymantec SharedSPBBCSPBBCSvc.exe
C:Program FilesCommon FilesSymantec SharedCCPD-LCsymlcsvc.exe
C:WINDOWSsystem32spoolsv.exe
C:AcerEmpowering TechnologyePerformanceMemCheck.exe
C:Program FilesSymantecLiveUpdateALUSchedulerSvc.exe
c:Program FilesWIDCOMMBluetooth Softwarebinbtwdins.exe
C:WINDOWSeHomeehRecvr.exe
C:WINDOWSeHomeehSched.exe
C:Program FilesCommon FilesLightScribeLSSrvc.exe
C:Program FilesNorton AntiVirusnavapsvc.exe
C:Program FilesNorton AntiVirusIWPNPFMntor.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSsystem32wbemwmiapsrv.exe
C:WINDOWSehomeehtray.exe
C:WINDOWSsystem32ctfmon.exe
C:WINDOWSRTHDCPL.EXE
C:WINDOWSeHomeehmsas.exe
C:AcerEmpowering TechnologyeDataSecurityeDSloader.exe
C:AcerEmpowering TechnologyePowerePower_DMC.exe
C:Program FilesSynapticsSynTPSynTPEnh.exe
C:PROGRA~1LAUNCH~1LManager.exe
C:AcerEmpowering TechnologyeRecoveryeRAgent.exe
C:Program FilesCommon FilesSymantec SharedccApp.exe
C:WINDOWSVM305_STI.EXE
C:Program FilesATI TechnologiesATI.ACECLI.EXE
C:Program FilesJavajre1.6.0_03binjusched.exe
C:Program FilesMicrosoft OfficeOffice12GrooveMonitor.exe
C:WINDOWSsystem32rundll32.exe
C:WINDOWSsystem32dllhost.exe
C:Program FilesGoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe
C:WINDOWSsystem32wbemunsecapp.exe
C:AcerEmpowering TechnologyAcer.Empowering.Framework.Launcher.exe
C:Program FilesWIDCOMMBluetooth SoftwareBTTray.exe
C:Program FilesNikonPictureProjectNkbMonitor.exe
C:WINDOWSsystem32wuauclt.exe
C:Program FilesCommon FilesSymantec SharedSecurity ConsoleNSCSRVCE.EXE
C:Program FilesATI TechnologiesATI.ACEcli.exe
C:Program FilesATI TechnologiesATI.ACEcli.exe
C:Program FilesJavajre1.6.0_03binjucheck.exe
C:WINDOWSsystem32wuauclt.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSSoftwareDistributionDownloadfd0264849c01086f3c6b505dc02dbd44updateupdate.exe
C:Program FilesSymantecLiveUpdateAUpdate.exe
C:PROGRA~1SymantecLIVEUP~1LUCOMS~1.EXE
C:Program FilesSymantecLiveUpdateLuCallbackProxy.exe
C:Program FilesSymantecLiveUpdateLuCallbackProxy.exe
C:Program FilesSymantecLiveUpdateLuCallbackProxy.exe
C:WINDOWSsystem32cmd.exe
C:Program FilesMessengermsmsgs.exe
»»»»»»»»»»»»»»»»»»»»»»»» hosts
hosts file corrupted !
127.0.0.1 www.legal-at-spybot.info
127.0.0.1 legal-at-spybot.info
»»»»»»»»»»»»»»»»»»»»»»»» C:
»»»»»»»»»»»»»»»»»»»»»»»» C:WINDOWS
C:WINDOWSvwnskbot.dll FOUND !
»»»»»»»»»»»»»»»»»»»»»»»» C:WINDOWSsystem
»»»»»»»»»»»»»»»»»»»»»»»» C:WINDOWSWeb
»»»»»»»»»»»»»»»»»»»»»»»» C:WINDOWSsystem32
»»»»»»»»»»»»»»»»»»»»»»»» C:WINDOWSsystem32LogFiles
»»»»»»»»»»»»»»»»»»»»»»»» C:Documents and SettingsMattias Bergstrm
»»»»»»»»»»»»»»»»»»»»»»»» C:Documents and SettingsMattias BergstrmApplication Data
»»»»»»»»»»»»»»»»»»»»»»»» Start Menu
»»»»»»»»»»»»»»»»»»»»»»»» C:DOCUME~1MATTIA~1FAVORI~1
»»»»»»»»»»»»»»»»»»»»»»»» Desktop
»»»»»»»»»»»»»»»»»»»»»»»» C:Program Files
»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys
»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components
[HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerDesktopComponents0]
"SubscribedURL"=""
"FriendlyName"="Privacy Protection"
[HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerDesktopComponents1]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
»»»»»»»»»»»»»»»»»»»»»»»» o4Patch
!!!Attention, following keys are not inevitably infected!!!
o4Patch
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, following keys are not inevitably infected!!!
IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, following keys are not inevitably infected!!!
VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
!!!Attention, following keys are not inevitably infected!!!
404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» AntiXPVSTFix
!!!Attention, following keys are not inevitably infected!!!
AntiXPVSTFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWindows]
"AppInit_DLLs"=""
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogon]
"Userinit"="C:WINDOWSsystem32userinit.exe,"
"System"=""
»»»»»»»»»»»»»»»»»»»»»»»» RK
»»»»»»»»»»»»»»»»»»»»»»»» DNS
Description: Realtek RTL8169/8110 Family Gigabit Ethernet NIC - Packet Scheduler Miniport
DNS Server Search Order: 192.168.1.1
HKLMSYSTEMCCSServicesTcpip..{9110DABF-D8FC-44B7-9484-A7720D4FA007}: DhcpNameServer=192.168.1.1
HKLMSYSTEMCS1ServicesTcpip..{9110DABF-D8FC-44B7-9484-A7720D4FA007}: DhcpNameServer=192.168.1.1
HKLMSYSTEMCCSServicesTcpipParameters: DhcpNameServer=192.168.1.1
HKLMSYSTEMCS1ServicesTcpipParameters: DhcpNameServer=192.168.1.1
»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection
»»»»»»»»»»»»»»»»»»»»»»»» End
-
Hej Malou!
Å tack för din hjälp!
Mitt virusprogram - Avira Antivir, hittar virus i de smittfraud-Fix-filer jag försökt
ladda ner.
Är det mitt virusprogram som är lite knasigt kanske?
-
*********************************************
2009-01-08:
Tråden är nu låst.
Tycker du att den är felaktigt låst, var god kontakta
*********************************************
Hej,
Jag skulle behöva hjälp med att få bort ngt form av virus, worm eller liknande. Fick det när jag installerade en dum fil jag trodde var ngt ofarligt på en kompis dator, och nu står det "virus alert" hela tiden och aktivitetshanteraren är avaktiverad. Jobbigt, för jag hade inte frågat om jag fick låna datorn.
Efter googlat en del har jag förstått att vissa kan analysera dessa hijack-loggfiler, och att man på så sätt kan se vilka filer man sen måste ta bort i felsäkert läge. Har jag förstått rätt att man sedan bara går in i felsäkert läge och radera dessa filer från systemmappen eller liknande?
Jag har oxå läst att alla automatiska analyserare som finns inte är så tillförlitliga, och att det alltid är bäst med lite expertis-hjälp.
Så då tänkte jag att jag prova be er om den hjälpen.
Jag har följt instruktionerna för hur man installerar/använder hijack.
Tack på förhand!
Här kommer loggen:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:39: VIRUS ALERT!, on 2008-10-26
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32Ati2evxx.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32Ati2evxx.exe
C:Program FilesCommon FilesSymantec SharedccSetMgr.exe
C:WINDOWSExplorer.EXE
C:Program FilesCommon FilesSymantec SharedccEvtMgr.exe
C:Program FilesCommon FilesSymantec SharedPIF{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}PIFSvc.exe
C:Program FilesCommon FilesSymantec SharedSNDSrvc.exe
C:Program FilesCommon FilesSymantec SharedSPBBCSPBBCSvc.exe
C:Program FilesCommon FilesSymantec SharedCCPD-LCsymlcsvc.exe
C:WINDOWSsystem32spoolsv.exe
C:AcerEmpowering TechnologyePerformanceMemCheck.exe
C:Program FilesSymantecLiveUpdateALUSchedulerSvc.exe
c:Program FilesWIDCOMMBluetooth Softwarebinbtwdins.exe
C:WINDOWSeHomeehRecvr.exe
C:WINDOWSeHomeehSched.exe
C:Program FilesCommon FilesLightScribeLSSrvc.exe
C:Program FilesNorton AntiVirusnavapsvc.exe
C:Program FilesNorton AntiVirusIWPNPFMntor.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSsystem32wbemwmiapsrv.exe
C:WINDOWSehomeehtray.exe
C:WINDOWSsystem32ctfmon.exe
C:WINDOWSRTHDCPL.EXE
C:WINDOWSeHomeehmsas.exe
C:AcerEmpowering TechnologyeDataSecurityeDSloader.exe
C:AcerEmpowering TechnologyePowerePower_DMC.exe
C:Program FilesSynapticsSynTPSynTPEnh.exe
C:PROGRA~1LAUNCH~1LManager.exe
C:AcerEmpowering TechnologyeRecoveryeRAgent.exe
C:Program FilesCommon FilesSymantec SharedccApp.exe
C:WINDOWSVM305_STI.EXE
C:Program FilesATI TechnologiesATI.ACECLI.EXE
C:Program FilesJavajre1.6.0_03binjusched.exe
C:Program FilesMicrosoft OfficeOffice12GrooveMonitor.exe
C:WINDOWSsystem32rundll32.exe
C:WINDOWSsystem32dllhost.exe
C:Program FilesGoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe
C:Documents and SettingsMattias BergströmApplication DataAdobePlayer.exe
C:WINDOWSsystem32wbemunsecapp.exe
C:AcerEmpowering TechnologyAcer.Empowering.Framework.Launcher.exe
C:Program FilesWIDCOMMBluetooth SoftwareBTTray.exe
C:Program FilesNikonPictureProjectNkbMonitor.exe
C:WINDOWSsystem32wuauclt.exe
C:Program FilesCommon FilesSymantec SharedSecurity ConsoleNSCSRVCE.EXE
C:Program FilesATI TechnologiesATI.ACEcli.exe
C:Program FilesATI TechnologiesATI.ACEcli.exe
C:Program FilesJavajre1.6.0_03binjucheck.exe
C:WINDOWSsystem32msiexec.exe
C:Program FilesMessengermsmsgs.exe
C:Program FilesTrend MicroHijackThislinus.exe
R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.hotmail.com/
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://sv.intl.acer.yahoo.com
R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://sv.intl.acer.yahoo.com
R1 - HKCUSoftwareMicrosoftInternet Connection Wizard,ShellNext = http://sv.intl.acer.yahoo.com/
R1 - HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:Program FilesAdobeAcrobat 7.0ActiveXAcroIEHelper.dll
O2 - BHO: QXK Olive - {156A3BCD-1A0B-4C53-9610-CB487AFF4A8E} - C:WINDOWSaetlsrknavf.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:SPYBOT~1SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:Program FilesMicrosoft OfficeOffice12GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:Program FilesJavajre1.6.0_03binssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:Program FilesCommon FilesMicrosoft SharedWindows LiveWindowsLiveLogin.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:Program FilesNorton AntiVirusNavShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:program filesgooglegoogletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:Program FilesGoogleGoogleToolbarNotifier3.1.807.1746swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:Program FilesWindows Live Toolbarmsntb.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:WINDOWSsystem32eDStoolbar.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:Program FilesNorton AntiVirusNavShExt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:Program FilesWindows Live Toolbarmsntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:program filesgooglegoogletoolbar3.dll
O3 - Toolbar: bkqxdons - {EC21D037-F4B2-477B-8D46-BA927BDD5EA9} - C:WINDOWSbkqxdons.dll
O4 - HKLM..Run: [ehTray] C:WINDOWSehomeehtray.exe
O4 - HKLM..Run: [AzMixerSel] C:Program FilesRealtekInstallShieldAzMixerSel.exe
O4 - HKLM..Run: [ntiMUI] C:Program FilesNewTech InfosystemsNTI CD & DVD-Maker 7ntiMUI.exe
O4 - HKLM..Run: [Acer ePresentation HPD] C:AcerEmpowering TechnologyePresentationePresentation.exe
O4 - HKLM..Run: [iMJPMIG8.1] "C:WINDOWSIMEimjp8_1IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM..Run: [MSPY2002] C:WINDOWSsystem32IMEPINTLGNTImScInst.exe /SYNC
O4 - HKLM..Run: [PHIME2002ASync] C:WINDOWSsystem32IMETINTLGNTTINTSETP.EXE /SYNC
O4 - HKLM..Run: [PHIME2002A] C:WINDOWSsystem32IMETINTLGNTTINTSETP.EXE /IMEName
O4 - HKLM..Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM..Run: [skyTel] SkyTel.EXE
O4 - HKLM..Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM..Run: [eDataSecurity Loader] C:AcerEmpowering TechnologyeDataSecurityeDSloader.exe 1
O4 - HKLM..Run: [ePower_DMC] C:AcerEmpowering TechnologyePowerePower_DMC.exe
O4 - HKLM..Run: [boot] C:AcerEmpowering TechnologyePowerBoot.exe
O4 - HKLM..Run: [synTPEnh] C:Program FilesSynapticsSynTPSynTPEnh.exe
O4 - HKLM..Run: [LManager] C:PROGRA~1LAUNCH~1LManager.exe
O4 - HKLM..Run: [ATICCC] "C:Program FilesATI TechnologiesATI.ACECLIStart.exe"
O4 - HKLM..Run: [eRecoveryService] C:AcerEmpowering TechnologyeRecoveryeRAgent.exe
O4 - HKLM..Run: [ccApp] "C:Program FilesCommon FilesSymantec SharedccApp.exe"
O4 - HKLM..Run: [bigDog305] C:WINDOWSVM305_STI.EXE VIMICRO USB PC Camera (ZC0305)
O4 - HKLM..Run: [sunJavaUpdateSched] "C:Program FilesJavajre1.6.0_03binjusched.exe"
O4 - HKLM..Run: [GrooveMonitor] "C:Program FilesMicrosoft OfficeOffice12GrooveMonitor.exe"
O4 - HKLM..Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM..Run: [QuickTime Task] "C:Program FilesQuickTimeqttask.exe" -atboottime
O4 - HKLM..Run: [YUR8.exe] C:Windowssystem32YUR8.exe
O4 - HKLM..Run: [YUR9.exe] C:Windowssystem32YUR9.exe
O4 - HKLM..Run: [YURB.exe] C:Windowssystem32YURB.exe
O4 - HKLM..Run: [YURC.exe] C:Windowssystem32YURC.exe
O4 - HKLM..Run: [YUR2.exe] C:Windowssystem32YUR2.exe
O4 - HKLM..Run: [YUR1.exe] C:Windowssystem32YUR1.exe
O4 - HKLM..Run: [YUR3.exe] C:Windowssystem32YUR3.exe
O4 - HKLM..Run: [YUR4.exe] C:Windowssystem32YUR4.exe
O4 - HKLM..Run: [symantec PIF AlertEng] "C:Program FilesCommon FilesSymantec SharedPIF{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}PIFSvc.exe" /a /m "C:Program FilesCommon FilesSymantec SharedPIF{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}AlertEng.dll"
O4 - HKCU..Run: [ctfmon.exe] C:WINDOWSsystem32ctfmon.exe
O4 - HKCU..Run: [MsnMsgr] "C:Program FilesMSN MessengerMsnMsgr.Exe" /background
O4 - HKCU..Run: [swg] C:Program FilesGoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe
O4 - HKCU..Run: [Player] C:Documents and SettingsMattias BergströmApplication DataAdobePlayer.exe
O4 - HKCU..Run: [YUR8.exe] C:Windowssystem32YUR8.exe
O4 - HKCU..Run: [YUR9.exe] C:Windowssystem32YUR9.exe
O4 - HKCU..Run: [YURB.exe] C:Windowssystem32YURB.exe
O4 - HKCU..Run: [YURC.exe] C:Windowssystem32YURC.exe
O4 - HKCU..Run: [YUR2.exe] C:Windowssystem32YUR2.exe
O4 - HKCU..Run: [YUR1.exe] C:Windowssystem32YUR1.exe
O4 - HKCU..Run: [YUR3.exe] C:Windowssystem32YUR3.exe
O4 - HKCU..Run: [YUR4.exe] C:Windowssystem32YUR4.exe
O4 - HKUSS-1-5-18..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User 'SYSTEM')
O4 - HKUSS-1-5-18..Run: [Picasa Media Detector] C:Program FilesPicasa2PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS.DEFAULT..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User 'Default user')
O4 - Global Startup: Acer Empowering Technology.lnk = C:AcerEmpowering TechnologyAcer.Empowering.Framework.Launcher.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: NkbMonitor.exe.lnk = C:Program FilesNikonPictureProjectNkbMonitor.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:Program FilesAdobeAcrobat 7.0Readerreader_sl.exe
O6 - HKCUSoftwarePoliciesMicrosoftInternet ExplorerRestrictions present
O7 - HKCUSoftwareMicrosoftWindowsCurrentVersionPoliciesSystem, DisableRegedit=1
O8 - Extra context menu item: &Windows Live Search - res://C:Program FilesWindows Live Toolbarmsntb.dll/search.htm
O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:PROGRA~1MICROS~2Office12EXCEL.EXE/3000
O8 - Extra context menu item: Skicka till &Bluetooth-enhet... - c:Program FilesWIDCOMMBluetooth Softwarebtsendto_ie_ctx.htm
O8 - Extra context menu item: Öppna på ny flik i bakgrunden - res://C:Program FilesWindows Live ToolbarComponentssv-semsntabres.dll.mui/229?8543bdd187e14a409a4bce25c896c274
O8 - Extra context menu item: Öppna på ny flik i förgrunden - res://C:Program FilesWindows Live ToolbarComponentssv-semsntabres.dll.mui/230?8543bdd187e14a409a4bce25c896c274
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavajre1.6.0_03binssv.dll
O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavajre1.6.0_03binssv.dll
O9 - Extra button: Skicka till OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:PROGRA~1MICROS~2Office12ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Ski&cka till OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:PROGRA~1MICROS~2Office12ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:PROGRA~1MICROS~2Office12REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:SPYBOT~1SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:SPYBOT~1SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:Program FilesMicrosoft OfficeOffice12GrooveSystemServices.dll
O21 - SSODL: vwnskbot - {7A7504D3-036F-4CF8-A68A-E03AB0D2FFF5} - C:WINDOWSvwnskbot.dll
O21 - SSODL: qnflkotm - {51B889A7-82FD-420D-BBC9-7B02C84B8293} - C:WINDOWSqnflkotm.dll
O23 - Service: Memory Check Service (AcerMemUsageCheckService) - Acer Inc. - C:AcerEmpowering TechnologyePerformanceMemCheck.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:WINDOWSsystem32Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:Program FilesSymantecLiveUpdateALUSchedulerSvc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - c:Program FilesWIDCOMMBluetooth Softwarebinbtwdins.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:Program FilesCommon FilesSymantec SharedccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:Program FilesCommon FilesSymantec SharedccSetMgr.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:Program FilesGoogleCommonGoogle UpdaterGoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:Program FilesCommon FilesInstallShieldDriver11Intel 32IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:Program FilesCommon FilesLightScribeLSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:PROGRA~1SymantecLIVEUP~1LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:Program FilesCommon FilesSymantec SharedPIF{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}PIFSvc.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:Program FilesNorton AntiVirusnavapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:Program FilesNorton AntiVirusIWPNPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:Program FilesCommon FilesSymantec SharedSecurity ConsoleNSCSRVCE.EXE
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:Program FilesNorton AntiVirusSAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:Program FilesCommon FilesSymantec SharedSNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:Program FilesCommon FilesSymantec SharedSPBBCSPBBCSvc.exe
O23 - Service: Symantec Core LC - Unknown owner - C:Program FilesCommon FilesSymantec SharedCCPD-LCsymlcsvc.exe
O24 - Desktop Component 0: Privacy Protection - file:///C:WINDOWSprivacy_dangerindex.htm
--
End of file - 14813 bytes
Hjälp med en hijack-log, Smitfraud-infektion
i Borttagning av virus och andra skadliga program
Postad
Hej
Min vän var tvungen att sticka med datorn igen så nu har jag den inte längre här. Men innan det gjorde jag som du sa, och med en uppdaterad anti-malwere scan och fix så försvann den där rutan.
Kalas!
Men jag ska kanske hälsa på honom snart och kommer då ta en titt på datorn då. Kanske jag kan lägga upp en HJT-log här då.
Men tusen tack Malou för din hjälp. Vet inte hur jag ska kunna tacka dig tillräckligt.
Ska fundera lite på det, så återkommer jag när jag kommit på ngt.
Ha det fint så länge!
Mvh, L