Hur ta bort IEDefendeR?

Medion · December 1, 2008

*********************************************

2008-12-09:

Tråden är nu låst eftersom problemet är löst

Tycker du att den är felaktigt låst, var god kontakta

Malou

*********************************************

Hej

Jag har gjort en onlinescan via symantec och det visade sig att jag har kvar spår

efter förra gången jag fick hjälp här.Verkar vara S!Ri.Har provat köra SDfix och

SmithFraudFix men dom verktygen verkar inte funka med Vista 64 Bit som jag kör.

Nåt knep hur jag ska gå tillväga för att få bort elakingarna

bifogar text från scanningen

C:WindowsSysWOW64404Fix.exe is infected with IEDefender

C:WindowsSysWOW64IEDFix.C.exe is infected with IEDefender

C:WindowsSysWOW64IEDFix.exe is infected with IEDefender

C:WindowsSysWOW64o4Patch.exe is infected with IEDefender

C:WindowsSystem32404Fix.exe is infected with IEDefender

C:WindowsSystem32IEDFix.C.exe is infected with IEDefender

C:WindowsSystem32IEDFix.exe is infected with IEDefender

C:WindowsSystem32o4Patch.exe is infected with IEDefende

Mvh

Medion

Wheninrome · December 1, 2008

Går det inte att bara ta bort de aktuella filnamnen som avses i loggen? Filerna verkar ju inte vara nåt som hör hemma i Windows i vart fall.

Medion · December 1, 2008

Har provat ta bort dom,men dom kommer tillbaka när man har startar om datorn

Wheninrome · December 1, 2008

Kolla i registret HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun om du hittar suspsekta saker där, t ex program du inte känner igen. Kolla sen i autostart vad du hittar där. Något torde ju aktivera ett program som kopierar tillbaka filerna. Se till att avinstallera ALLA program du vet med dig du inte känner till/ej vill ha på datorn.

Medion · December 1, 2008

hej

Nej jag kan inte hitta något som jag ser ut att vara nåt konstigt

vare sig i registret eller Msconfig (Autostart)

JoWa · December 1, 2008

Hej,

Följ den här instruktionen, men starta inte en ny tråd, utan fortsätt i denna.

Medion · December 1, 2008

Skickar även en Hijackthis logga

Ser inte nåt som verkar konstigt i den,kanske nån är bättre

än mig att läsa loggen

Det ända jag funderade över är denna:

C:WindowsSysWOW64conime.exe

Vad är det för någonting?

och 013 Gopher Prefix Denna har jag provat att ta bort via Hijackthis Fix Checked både i

normalt och felsäkert läge men den kommer bara tillbaks

Mvh

Medion

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 15:38:52, on 25.10.2008

Platform: Windows Vista SP1 (WinNT 6.00.1905)

MSIE: Internet Explorer v7.00 (7.00.6001.18000)

Boot mode: Normal

Running processes:

C:Program Files (x86)ASUSAASP1.00.64aaCenter.exe

C:Program Files (x86)PersonalbinPersonal.exe

C:Program Files (x86)Analog DevicesCoresmax4pnp.exe

C:Program Files (x86)Analog DevicesSoundMAXSoundTray.exe

C:Program Files (x86)Kaspersky LabKaspersky Internet Security 2009avp.exe

C:Program Files (x86)Internet Explorerieuser.exe

C:Program Files (x86)Internet Exploreriexplore.exe

C:WindowsSysWOW64conime.exe

C:Program Files (x86)Trend MicroHijackThismedion.exe.exe

R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLMSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant =

R0 - HKLMSoftwareMicrosoftInternet ExplorerSearch,CustomizeSearch =

R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Local Page =

R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Local Page =

R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName =

O1 - Hosts: ::1 localhost

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:Program Files (x86)Common FilesAdobeAcrobatActiveXAcroIEHelperShim.dll

O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:Program Files (x86)Kaspersky LabKaspersky Internet Security 2009ievkbd.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:Program Files (x86)Javajre1.6.0_07binssv.dll

O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:Program Files (x86)Common FilesAdobeAcrobatActiveXAcroIEFavClient.dll

O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:Program Files (x86)Common FilesAdobeAcrobatActiveXAcroIEFavClient.dll

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:Program Files (x86)Common FilesAdobeAcrobatActiveXAcroIEFavClient.dll

O4 - HKLM..Run: [soundMAXPnP] C:Program Files (x86)Analog DevicesCoresmax4pnp.exe

O4 - HKLM..Run: [soundTray] "C:Program Files (x86)Analog DevicesSoundMAXSoundTray.exe"

O4 - HKLM..Run: [AVP] "C:Program Files (x86)Kaspersky LabKaspersky Internet Security 2009avp.exe"

O4 - HKCU..Run: [sidebar] C:Program FilesWindows Sidebarsidebar.exe /autoRun

O4 - HKCU..Run: [ehTray.exe] C:WindowsehomeehTray.exe

O4 - HKUSS-1-5-19..Run: [sidebar] %ProgramFiles%Windows SidebarSidebar.exe /detectMem (User 'LOCAL SERVICE')

O4 - HKUSS-1-5-19..Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')

O4 - HKUSS-1-5-20..Run: [sidebar] %ProgramFiles%Windows SidebarSidebar.exe /detectMem (User 'NETWORK SERVICE')

O4 - Global Startup: Personal.lnk = C:Program Files (x86)PersonalbinPersonal.exe

O8 - Extra context menu item: Bifoga länkmål till befintlig PDF - res://C:Program Files (x86)Common FilesAdobeAcrobatActiveXAcroIEFavClient.dll/AcroIEAppendSelLinks.html

O8 - Extra context menu item: Bifoga till befintlig PDF - res://C:Program Files (x86)Common FilesAdobeAcrobatActiveXAcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:PROGRA~2MICROS~1Office12EXCEL.EXE/3000

O8 - Extra context menu item: Konvertera länkmål till Adobe PDF - res://C:Program Files (x86)Common FilesAdobeAcrobatActiveXAcroIEFavClient.dll/AcroIECaptureSelLinks.html

O8 - Extra context menu item: Konvertera till Adobe PDF - res://C:Program Files (x86)Common FilesAdobeAcrobatActiveXAcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Lägg till webbannonsblockering - C:Program Files (x86)Kaspersky LabKaspersky Internet Security 2009ie_banner_deny.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:PROGRA~2JavaJRE16~1.0_0binssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:PROGRA~2JavaJRE16~1.0_0binssv.dll

O9 - Extra button: Statistik för webbtrafiksskydd - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:Program Files (x86)Kaspersky LabKaspersky Internet Security 2009SCIEPlgn.dll

O9 - Extra button: Skicka till OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:PROGRA~2MICROS~1Office12ONBttnIE.dll

O9 - Extra 'Tools' menuitem: Ski&cka till OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:PROGRA~2MICROS~1Office12ONBttnIE.dll

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:Windowsbdoscandel.exe

O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:Windowsbdoscandel.exe

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:PROGRA~2MICROS~1Office12REFIEBAR.DLL

O13 - Gopher Prefix:

O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownlo.../sysreqlab3.cab

O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} (MUCatalogWebControl Class) - http://catalog.update.microsoft.com/v7/sit...b?1223845302723

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab

O16 - DPF: {680285A8-96D3-43DA-9D3D-51DD987D0B77} (NeroVersionCheckerControl Control) - http://www.nero.com/doc/NeroVersionCheckerControl.cab

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.sun.com/s/ESD44/JSCDL/jd...ows-i586-jc.cab

O16 - DPF: {B9F79165-A264-4C4A-A211-133A5E8D647F} (F-Secure Health Check 1.1) - http://support.f-secure.com/enu/home/onlin.../fshc/fscax.cab

O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O23 - Service: Andrea ADI Filters Service (AEADIFilters) - Unknown owner - C:Windowssystem32AEADISRV.EXE (file missing)

O23 - Service: @%SystemRoot%system32Alg.exe,-112 (ALG) - Unknown owner - C:WindowsSystem32alg.exe (file missing)

O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:Program Files (x86)Kaspersky LabKaspersky Internet Security 2009avp.exe

O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:Windowssystem32DFSR.exe (file missing)

O23 - Service: @%systemroot%system32fxsresm.dll,-118 (Fax) - Unknown owner - C:Windowssystem32fxssvc.exe (file missing)

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:Program Files (x86)Common FilesMacrovision SharedFLEXnet PublisherFNPLicensingService.exe

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:Windowssystem32lsass.exe (file missing)

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:WindowsSystem32msdtc.exe (file missing)

O23 - Service: @%SystemRoot%System32netlogon.dll,-102 (Netlogon) - Unknown owner - C:Windowssystem32lsass.exe (file missing)

O23 - Service: NetLimiter (nlsvc) - Locktime Software - C:Program FilesNetLimiter 2 Pronlsvc.exe

O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:Windowssystem32nvvsvc.exe (file missing)

O23 - Service: @%systemroot%system32psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:Windowssystem32lsass.exe (file missing)

O23 - Service: @%systemroot%system32Locator.exe,-2 (RpcLocator) - Unknown owner - C:Windowssystem32locator.exe (file missing)

O23 - Service: @%SystemRoot%system32samsrv.dll,-1 (SamSs) - Unknown owner - C:Windowssystem32lsass.exe (file missing)

O23 - Service: @%SystemRoot%system32SLsvc.exe,-101 (slsvc) - Unknown owner - C:Windowssystem32SLsvc.exe (file missing)

O23 - Service: @%SystemRoot%system32snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:WindowsSystem32snmptrap.exe (file missing)

O23 - Service: @%systemroot%system32spoolsv.exe,-1 (Spooler) - Unknown owner - C:WindowsSystem32spoolsv.exe (file missing)

O23 - Service: @%SystemRoot%system32ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:Windowssystem32UI0Detect.exe (file missing)

O23 - Service: @%SystemRoot%system32vds.exe,-100 (vds) - Unknown owner - C:WindowsSystem32vds.exe (file missing)

O23 - Service: @%systemroot%system32vssvc.exe,-102 (VSS) - Unknown owner - C:Windowssystem32vssvc.exe (file missing)

O23 - Service: @%systemroot%system32wbengine.exe,-104 (wbengine) - Unknown owner - C:Windowssystem32wbengine.exe (file missing)

O23 - Service: @%Systemroot%system32wbemwmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:Windowssystem32wbemWmiApSrv.exe (file missing)

O23 - Service: @%ProgramFiles%Windows Media Playerwmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:Program Files (x86)Windows Media Playerwmpnetwk.exe (file missing)

--

End of file - 9811 bytes

Medion · December 1, 2008

Har redan kört den men den hittade ingenting

Malwarebytes' Anti-Malware 1.30

Databasversion: 1440

Windows 6.0.6001 Service Pack 1

1.12.2008 18:44:29

mbam-log-2008-12-01 (18-44-29).txt

Skanningstyp: Snabb skanning

Antal skannade objekt: 41251

Förfluten tid: 1 minute(s), 39 second(s)

Infekterade minnesprocesser: 0

Infekterade minnesmoduler: 0

Infekterade registernycklar: 0

Infekterade registervärden: 0

Infekterade registerdataposter: 0

Infekterade mappar: 0

Infekterade filer: 0

Infekterade minnesprocesser: